Vadim Bendebury | 5679752 | 2015-05-20 10:32:25 -0700 | [diff] [blame] | 1 | Trusted Platform Module Library |
| 2 | Part 4: Supporting Routines |
| 3 | |
| 4 | Family "2.0" |
| 5 | |
| 6 | Level 00 Revision 01.16 |
| 7 | |
| 8 | October 30, 2014 |
| 9 | |
| 10 | Published |
| 11 | |
| 12 | |
| 13 | |
| 14 | |
| 15 | Contact: admin@trustedcomputinggroup.org |
| 16 | |
| 17 | |
| 18 | |
| 19 | |
| 20 | TCG Published |
| 21 | Copyright © TCG 2006-2014 |
| 22 | |
| 23 | |
| 24 | |
| 25 | |
| 26 | TCG |
| 27 | Trusted Platform Module Library Part 4: Supporting Routines |
| 28 | |
| 29 | |
| 30 | Licenses and Notices |
| 31 | |
| 32 | 1. Copyright Licenses: |
| 33 | Trusted Computing Group (TCG) grants to the user of the source code in this specification (the |
| 34 | “Source Code”) a worldwide, irrevocable, nonexclusive, royalty free, copyright license to |
| 35 | reproduce, create derivative works, distribute, display and perform the Source Code and |
| 36 | derivative works thereof, and to grant others the rights granted herein. |
| 37 | The TCG grants to the user of the other parts of the specification (other than the Source Code) |
| 38 | the rights to reproduce, distribute, display, and perform the specification solely for the purpose |
| 39 | of developing products based on such documents. |
| 40 | 2. Source Code Distribution Conditions: |
| 41 | Redistributions of Source Code must retain the above copyright licenses, this list of conditions |
| 42 | and the following disclaimers. |
| 43 | Redistributions in binary form must reproduce the above copyright licenses, this list of |
| 44 | conditions and the following disclaimers in the documentation and/or other materials provided |
| 45 | with the distribution. |
| 46 | 3. Disclaimers: |
| 47 | THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF LICENSE OR |
| 48 | WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH RESPECT TO PATENT RIGHTS |
| 49 | HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) THAT MAY BE NECESSARY TO IMPLEMENT |
| 50 | THIS SPECIFICATION OR OTHERWISE. Contact TCG Administration |
| 51 | (admin@trustedcomputinggroup.org) for information on specification licensing rights available |
| 52 | through TCG membership agreements. |
| 53 | THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES |
| 54 | WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A |
| 55 | PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR NONINFRINGEMENT OF INTELLECTUAL |
| 56 | PROPERTY RIGHTS, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, |
| 57 | SPECIFICATION OR SAMPLE. |
| 58 | Without limitation, TCG and its members and licensors disclaim all liability, including liability for |
| 59 | infringement of any proprietary rights, relating to use of information in this specification and to |
| 60 | the implementation of this specification, and TCG disclaims all liability for cost of procurement |
| 61 | of substitute goods or services, lost profits, loss of use, loss of data or any incidental, |
| 62 | consequential, direct, indirect, or special damages, whether under contract, tort, warranty or |
| 63 | otherwise, arising in any way out of use or reliance upon this specification or any information |
| 64 | herein. |
| 65 | Any marks and brands contained herein are the property of their respective owner. |
| 66 | |
| 67 | |
| 68 | |
| 69 | |
| 70 | Page ii TCG Published Family "2.0" |
| 71 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 72 | Part 4: Supporting Routines Trusted Platform Module Library |
| 73 | |
| 74 | |
| 75 | CONTENTS |
| 76 | 1 Scope ................................................................................................................................... 1 |
| 77 | 2 Terms and definitions ........................................................................................................... 1 |
| 78 | 3 Symbols and abbreviated terms ............................................................................................ 1 |
| 79 | 4 Automation ........................................................................................................................... 1 |
| 80 | 4.1 Configuration Parser ................................................................................................... 1 |
| 81 | 4.2 Structure Parser .......................................................................................................... 2 |
| 82 | 4.2.1 Introduction .......................................................................................................... 2 |
| 83 | 4.2.2 Unmarshaling Code Prototype .............................................................................. 2 |
| 84 | 4.2.2.1 Simple Types and Structures .......................................................................... 2 |
| 85 | 4.2.2.2 Union Types ................................................................................................... 3 |
| 86 | 4.2.2.3 Null Types ...................................................................................................... 3 |
| 87 | 4.2.2.4 Arrays ............................................................................................................. 3 |
| 88 | 4.2.3 Marshaling Code Function Prototypes .................................................................. 4 |
| 89 | 4.2.3.1 Simple Types and Structures .......................................................................... 4 |
| 90 | 4.2.3.2 Union Types ................................................................................................... 4 |
| 91 | 4.2.3.3 Arrays ............................................................................................................. 4 |
| 92 | 4.3 Command Parser ........................................................................................................ 5 |
| 93 | 4.4 Portability .................................................................................................................... 5 |
| 94 | 5 Header Files ......................................................................................................................... 6 |
| 95 | 5.1 Introduction ................................................................................................................. 6 |
| 96 | 5.2 BaseTypes.h ............................................................................................................... 6 |
| 97 | 5.3 bits.h ........................................................................................................................... 7 |
| 98 | 5.4 bool.h .......................................................................................................................... 8 |
| 99 | 5.5 Capabilities.h .............................................................................................................. 8 |
| 100 | 5.6 TPMB.h ....................................................................................................................... 8 |
| 101 | 5.7 TpmError.h .................................................................................................................. 9 |
| 102 | 5.8 Global.h ...................................................................................................................... 9 |
| 103 | 5.8.1 Description ........................................................................................................... 9 |
| 104 | 5.8.2 Includes ............................................................................................................... 9 |
| 105 | 5.8.3 Defines and Types ............................................................................................. 10 |
| 106 | 5.8.3.1 Unreferenced Parameter .............................................................................. 10 |
| 107 | 5.8.3.2 Crypto Self-Test Values ................................................................................ 10 |
| 108 | 5.8.3.3 Hash and HMAC State Structures ................................................................. 10 |
| 109 | 5.8.3.4 Other Types .................................................................................................. 11 |
| 110 | 5.8.4 Loaded Object Structures ................................................................................... 11 |
| 111 | 5.8.4.1 Description ................................................................................................... 11 |
| 112 | 5.8.4.2 OBJECT_ATTRIBUTES ................................................................................ 11 |
| 113 | 5.8.4.3 OBJECT Structure ........................................................................................ 12 |
| 114 | 5.8.4.4 HASH_OBJECT Structure ............................................................................. 12 |
| 115 | 5.8.4.5 ANY_OBJECT .............................................................................................. 13 |
| 116 | 5.8.5 AUTH_DUP Types .............................................................................................. 13 |
| 117 | 5.8.6 Active Session Context ....................................................................................... 13 |
| 118 | 5.8.6.1 Description ................................................................................................... 13 |
| 119 | 5.8.6.2 SESSION_ATTRIBUTES .............................................................................. 13 |
| 120 | 5.8.6.3 SESSION Structure ...................................................................................... 14 |
| 121 | 5.8.7 PCR ................................................................................................................... 15 |
| 122 | 5.8.7.1 PCR_SAVE Structure ................................................................................... 15 |
| 123 | |
| 124 | Family "2.0" TCG Published Page iii |
| 125 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 126 | Trusted Platform Module Library Part 4: Supporting Routines |
| 127 | |
| 128 | 5.8.7.2 PCR_POLICY ............................................................................................... 16 |
| 129 | 5.8.7.3 PCR_AUTHVALUE ....................................................................................... 16 |
| 130 | 5.8.8 Startup ............................................................................................................... 16 |
| 131 | 5.8.8.1 SHUTDOWN_NONE ..................................................................................... 16 |
| 132 | 5.8.8.2 STARTUP_TYPE .......................................................................................... 16 |
| 133 | 5.8.9 NV ...................................................................................................................... 16 |
| 134 | 5.8.9.1 NV_RESERVE .............................................................................................. 16 |
| 135 | 5.8.9.2 NV_INDEX .................................................................................................... 18 |
| 136 | 5.8.10 COMMIT_INDEX_MASK ..................................................................................... 18 |
| 137 | 5.8.11 RAM Global Values ............................................................................................ 18 |
| 138 | 5.8.11.1 Description ................................................................................................... 18 |
| 139 | 5.8.11.2 g_rcIndex ..................................................................................................... 18 |
| 140 | 5.8.11.3 g_exclusiveAuditSession .............................................................................. 18 |
| 141 | 5.8.11.4 g_time .......................................................................................................... 18 |
| 142 | 5.8.11.5 g_phEnable .................................................................................................. 18 |
| 143 | 5.8.11.6 g_pceReConfig ............................................................................................. 19 |
| 144 | 5.8.11.7 g_DRTMHandle ............................................................................................ 19 |
| 145 | 5.8.11.8 g_DrtmPreStartup ......................................................................................... 19 |
| 146 | 5.8.11.9 g_StartupLocality3 ........................................................................................ 19 |
| 147 | 5.8.11.10 g_updateNV ................................................................................................. 19 |
| 148 | 5.8.11.11 g_clearOrderly .............................................................................................. 19 |
| 149 | 5.8.11.12 g_prevOrderlyState ...................................................................................... 20 |
| 150 | 5.8.11.13 g_nvOk ......................................................................................................... 20 |
| 151 | 5.8.11.14 g_platformUnique ......................................................................................... 20 |
| 152 | 5.8.12 Persistent Global Values .................................................................................... 20 |
| 153 | 5.8.12.1 Description ................................................................................................... 20 |
| 154 | 5.8.12.2 PERSISTENT_DATA .................................................................................... 20 |
| 155 | 5.8.12.3 ORDERLY_DATA ......................................................................................... 22 |
| 156 | 5.8.12.4 STATE_CLEAR_DATA ................................................................................. 23 |
| 157 | 5.8.12.5 State Reset Data .......................................................................................... 24 |
| 158 | 5.8.13 Global Macro Definitions .................................................................................... 25 |
| 159 | 5.8.14 Private data ........................................................................................................ 25 |
| 160 | 5.9 Tpm.h ........................................................................................................................ 29 |
| 161 | 5.10 swap.h ...................................................................................................................... 30 |
| 162 | 5.11 InternalRoutines.h ..................................................................................................... 31 |
| 163 | 5.12 TpmBuildSwitches.h .................................................................................................. 32 |
| 164 | 5.13 VendorString.h .......................................................................................................... 33 |
| 165 | 6 Main ................................................................................................................................... 35 |
| 166 | 6.1 CommandDispatcher() ............................................................................................... 35 |
| 167 | 6.2 ExecCommand.c ....................................................................................................... 35 |
| 168 | 6.2.1 Introduction ........................................................................................................ 35 |
| 169 | 6.2.2 Includes ............................................................................................................. 35 |
| 170 | 6.2.3 ExecuteCommand() ............................................................................................ 35 |
| 171 | 6.3 ParseHandleBuffer() .................................................................................................. 41 |
| 172 | 6.4 SessionProcess.c ...................................................................................................... 42 |
| 173 | 6.4.1 Introduction ........................................................................................................ 42 |
| 174 | 6.4.2 Includes and Data Definitions ............................................................................. 42 |
| 175 | 6.4.3 Authorization Support Functions ......................................................................... 42 |
| 176 | 6.4.3.1 IsDAExempted() ........................................................................................... 42 |
| 177 | 6.4.3.2 IncrementLockout() ....................................................................................... 43 |
| 178 | |
| 179 | Page iv TCG Published Family "2.0" |
| 180 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 181 | Part 4: Supporting Routines Trusted Platform Module Library |
| 182 | |
| 183 | 6.4.3.3 IsSessionBindEntity() ................................................................................... 44 |
| 184 | 6.4.3.4 IsPolicySessionRequired() ............................................................................ 45 |
| 185 | 6.4.3.5 IsAuthValueAvailable() ................................................................................. 46 |
| 186 | 6.4.3.6 IsAuthPolicyAvailable() ................................................................................. 48 |
| 187 | 6.4.4 Session Parsing Functions ................................................................................. 49 |
| 188 | 6.4.4.1 ComputeCpHash() ........................................................................................ 49 |
| 189 | 6.4.4.2 CheckPWAuthSession() ................................................................................ 50 |
| 190 | 6.4.4.3 ComputeCommandHMAC() ........................................................................... 51 |
| 191 | 6.4.4.4 CheckSessionHMAC() .................................................................................. 53 |
| 192 | 6.4.4.5 CheckPolicyAuthSession() ............................................................................ 53 |
| 193 | 6.4.4.6 RetrieveSessionData() .................................................................................. 56 |
| 194 | 6.4.4.7 CheckLockedOut() ........................................................................................ 59 |
| 195 | 6.4.4.8 CheckAuthSession() ..................................................................................... 60 |
| 196 | 6.4.4.9 CheckCommandAudit() ................................................................................. 62 |
| 197 | 6.4.4.10 ParseSessionBuffer() .................................................................................... 63 |
| 198 | 6.4.4.11 CheckAuthNoSession() ................................................................................. 65 |
| 199 | 6.4.5 Response Session Processing ........................................................................... 66 |
| 200 | 6.4.5.1 Introduction .................................................................................................. 66 |
| 201 | 6.4.5.2 ComputeRpHash() ........................................................................................ 66 |
| 202 | 6.4.5.3 InitAuditSession() ......................................................................................... 67 |
| 203 | 6.4.5.4 Audit() .......................................................................................................... 67 |
| 204 | 6.4.5.5 CommandAudit() ........................................................................................... 68 |
| 205 | 6.4.5.6 UpdateAuditSessionStatus() ......................................................................... 69 |
| 206 | 6.4.5.7 ComputeResponseHMAC() ........................................................................... 70 |
| 207 | 6.4.5.8 BuildSingleResponseAuth() .......................................................................... 71 |
| 208 | 6.4.5.9 UpdateTPMNonce() ...................................................................................... 72 |
| 209 | 6.4.5.10 UpdateInternalSession() ............................................................................... 72 |
| 210 | 6.4.5.11 BuildResponseSession() ............................................................................... 73 |
| 211 | 7 Command Support Functions .............................................................................................. 76 |
| 212 | 7.1 Introduction ............................................................................................................... 76 |
| 213 | 7.2 Attestation Command Support (Attest_spt.c) ............................................................. 76 |
| 214 | 7.2.1 Includes ............................................................................................................. 76 |
| 215 | 7.2.2 Functions ........................................................................................................... 76 |
| 216 | 7.2.2.1 FillInAttestInfo() ............................................................................................ 76 |
| 217 | 7.2.2.2 SignAttestInfo() ............................................................................................ 77 |
| 218 | 7.3 Context Management Command Support (Context_spt.c) .......................................... 79 |
| 219 | 7.3.1 Includes ............................................................................................................. 79 |
| 220 | 7.3.2 Functions ........................................................................................................... 79 |
| 221 | 7.3.2.1 ComputeContextProtectionKey() ................................................................... 79 |
| 222 | 7.3.2.2 ComputeContextIntegrity() ............................................................................ 80 |
| 223 | 7.3.2.3 SequenceDataImportExport() ........................................................................ 81 |
| 224 | 7.4 Policy Command Support (Policy_spt.c) .................................................................... 81 |
| 225 | 7.4.1 PolicyParameterChecks() ................................................................................... 81 |
| 226 | 7.4.2 PolicyContextUpdate() ........................................................................................ 82 |
| 227 | 7.5 NV Command Support (NV_spt.c) ............................................................................. 83 |
| 228 | 7.5.1 Includes ............................................................................................................. 83 |
| 229 | 7.5.2 Fuctions ............................................................................................................. 83 |
| 230 | 7.5.2.1 NvReadAccessChecks() ............................................................................... 83 |
| 231 | 7.5.2.2 NvWriteAccessChecks() ............................................................................... 84 |
| 232 | 7.6 Object Command Support (Object_spt.c) ................................................................... 85 |
| 233 | |
| 234 | Family "2.0" TCG Published Page v |
| 235 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 236 | Trusted Platform Module Library Part 4: Supporting Routines |
| 237 | |
| 238 | 7.6.1 Includes ............................................................................................................. 85 |
| 239 | 7.6.2 Local Functions .................................................................................................. 86 |
| 240 | 7.6.2.1 EqualCryptSet() ............................................................................................ 86 |
| 241 | 7.6.2.2 GetIV2BSize() .............................................................................................. 86 |
| 242 | 7.6.2.3 ComputeProtectionKeyParms() ..................................................................... 87 |
| 243 | 7.6.2.4 ComputeOuterIntegrity() ............................................................................... 88 |
| 244 | 7.6.2.5 ComputeInnerIntegrity() ................................................................................ 89 |
| 245 | 7.6.2.6 ProduceInnerIntegrity() ................................................................................. 89 |
| 246 | 7.6.2.7 CheckInnerIntegrity() .................................................................................... 90 |
| 247 | 7.6.3 Public Functions ................................................................................................. 90 |
| 248 | 7.6.3.1 AreAttributesForParent() ............................................................................... 90 |
| 249 | 7.6.3.2 SchemeChecks() .......................................................................................... 91 |
| 250 | 7.6.3.3 PublicAttributesValidation()........................................................................... 94 |
| 251 | 7.6.3.4 FillInCreationData() ...................................................................................... 95 |
| 252 | 7.6.3.5 GetSeedForKDF() ......................................................................................... 97 |
| 253 | 7.6.3.6 ProduceOuterWrap() ..................................................................................... 97 |
| 254 | 7.6.3.7 UnwrapOuter() .............................................................................................. 99 |
| 255 | 7.6.3.8 SensitiveToPrivate() ................................................................................... 100 |
| 256 | 7.6.3.9 PrivateToSensitive() ................................................................................... 101 |
| 257 | 7.6.3.10 SensitiveToDuplicate()................................................................................ 103 |
| 258 | 7.6.3.11 DuplicateToSensitive()................................................................................ 105 |
| 259 | 7.6.3.12 SecretToCredential() .................................................................................. 107 |
| 260 | 7.6.3.13 CredentialToSecret() .................................................................................. 108 |
| 261 | 8 Subsystem........................................................................................................................ 109 |
| 262 | 8.1 CommandAudit.c ..................................................................................................... 109 |
| 263 | 8.1.1 Introduction ...................................................................................................... 109 |
| 264 | 8.1.2 Includes ........................................................................................................... 109 |
| 265 | 8.1.3 Functions ......................................................................................................... 109 |
| 266 | 8.1.3.1 CommandAuditPreInstall_Init() ................................................................... 109 |
| 267 | 8.1.3.2 CommandAuditStartup() ............................................................................. 109 |
| 268 | 8.1.3.3 CommandAuditSet() ................................................................................... 110 |
| 269 | 8.1.3.4 CommandAuditClear() ................................................................................ 110 |
| 270 | 8.1.3.5 CommandAuditIsRequired() ........................................................................ 111 |
| 271 | 8.1.3.6 CommandAuditCapGetCCList() .................................................................. 111 |
| 272 | 8.1.3.7 CommandAuditGetDigest ............................................................................ 112 |
| 273 | 8.2 DA.c ........................................................................................................................ 113 |
| 274 | 8.2.1 Introduction ...................................................................................................... 113 |
| 275 | 8.2.2 Includes and Data Definitions ........................................................................... 113 |
| 276 | 8.2.3 Functions ......................................................................................................... 113 |
| 277 | 8.2.3.1 DAPreInstall_Init() ...................................................................................... 113 |
| 278 | 8.2.3.2 DAStartup() ................................................................................................ 114 |
| 279 | 8.2.3.3 DARegisterFailure() .................................................................................... 114 |
| 280 | 8.2.3.4 DASelfHeal() .............................................................................................. 115 |
| 281 | 8.3 Hierarchy.c .............................................................................................................. 116 |
| 282 | 8.3.1 Introduction ...................................................................................................... 116 |
| 283 | 8.3.2 Includes ........................................................................................................... 116 |
| 284 | 8.3.3 Functions ......................................................................................................... 116 |
| 285 | 8.3.3.1 HierarchyPreInstall() ................................................................................... 116 |
| 286 | 8.3.3.2 HierarchyStartup() ...................................................................................... 117 |
| 287 | 8.3.3.3 HierarchyGetProof() ................................................................................... 118 |
| 288 | 8.3.3.4 HierarchyGetPrimarySeed() ........................................................................ 118 |
| 289 | 8.3.3.5 HierarchyIsEnabled() .................................................................................. 119 |
| 290 | |
| 291 | Page vi TCG Published Family "2.0" |
| 292 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 293 | Part 4: Supporting Routines Trusted Platform Module Library |
| 294 | |
| 295 | 8.4 NV.c ........................................................................................................................ 119 |
| 296 | 8.4.1 Introduction ...................................................................................................... 119 |
| 297 | 8.4.2 Includes, Defines and Data Definitions ............................................................. 119 |
| 298 | 8.4.3 NV Utility Functions .......................................................................................... 120 |
| 299 | 8.4.3.1 NvCheckState() .......................................................................................... 120 |
| 300 | 8.4.3.2 NvIsAvailable() ........................................................................................... 120 |
| 301 | 8.4.3.3 NvCommit ................................................................................................... 120 |
| 302 | 8.4.3.4 NvReadMaxCount() .................................................................................... 121 |
| 303 | 8.4.3.5 NvWriteMaxCount() .................................................................................... 121 |
| 304 | 8.4.4 NV Index and Persistent Object Access Functions ............................................ 121 |
| 305 | 8.4.4.1 Introduction ................................................................................................ 121 |
| 306 | 8.4.4.2 NvNext() ..................................................................................................... 121 |
| 307 | 8.4.4.3 NvGetEnd() ................................................................................................ 122 |
| 308 | 8.4.4.4 NvGetFreeByte ........................................................................................... 122 |
| 309 | 8.4.4.5 NvGetEvictObjectSize................................................................................. 123 |
| 310 | 8.4.4.6 NvGetCounterSize ...................................................................................... 123 |
| 311 | 8.4.4.7 NvTestSpace() ............................................................................................ 123 |
| 312 | 8.4.4.8 NvAdd() ...................................................................................................... 124 |
| 313 | 8.4.4.9 NvDelete() .................................................................................................. 124 |
| 314 | 8.4.5 RAM-based NV Index Data Access Functions ................................................... 125 |
| 315 | 8.4.5.1 Introduction ................................................................................................ 125 |
| 316 | 8.4.5.2 NvTestRAMSpace() .................................................................................... 125 |
| 317 | 8.4.5.3 NvGetRamIndexOffset ................................................................................ 126 |
| 318 | 8.4.5.4 NvAddRAM() .............................................................................................. 126 |
| 319 | 8.4.5.5 NvDeleteRAM() .......................................................................................... 127 |
| 320 | 8.4.6 Utility Functions ................................................................................................ 128 |
| 321 | 8.4.6.1 NvInitStatic() .............................................................................................. 128 |
| 322 | 8.4.6.2 NvInit() ....................................................................................................... 129 |
| 323 | 8.4.6.3 NvReadReserved() ..................................................................................... 129 |
| 324 | 8.4.6.4 NvWriteReserved() ..................................................................................... 130 |
| 325 | 8.4.6.5 NvReadPersistent() .................................................................................... 130 |
| 326 | 8.4.6.6 NvIsPlatformPersistentHandle() .................................................................. 131 |
| 327 | 8.4.6.7 NvIsOwnerPersistentHandle() ..................................................................... 131 |
| 328 | 8.4.6.8 NvNextIndex() ............................................................................................ 131 |
| 329 | 8.4.6.9 NvNextEvict() ............................................................................................. 132 |
| 330 | 8.4.6.10 NvFindHandle() .......................................................................................... 132 |
| 331 | 8.4.6.11 NvPowerOn() .............................................................................................. 133 |
| 332 | 8.4.6.12 NvStateSave() ............................................................................................ 133 |
| 333 | 8.4.6.13 NvEntityStartup() ........................................................................................ 134 |
| 334 | 8.4.7 NV Access Functions ....................................................................................... 135 |
| 335 | 8.4.7.1 Introduction ................................................................................................ 135 |
| 336 | 8.4.7.2 NvIsUndefinedIndex() ................................................................................. 135 |
| 337 | 8.4.7.3 NvIndexIsAccessible() ................................................................................ 136 |
| 338 | 8.4.7.4 NvIsUndefinedEvictHandle() ....................................................................... 137 |
| 339 | 8.4.7.5 NvGetEvictObject() ..................................................................................... 138 |
| 340 | 8.4.7.6 NvGetIndexInfo() ........................................................................................ 138 |
| 341 | 8.4.7.7 NvInitialCounter() ....................................................................................... 139 |
| 342 | 8.4.7.8 NvGetIndexData() ....................................................................................... 139 |
| 343 | 8.4.7.9 NvGetIntIndexData() ................................................................................... 140 |
| 344 | 8.4.7.10 NvWriteIndexInfo() ...................................................................................... 141 |
| 345 | 8.4.7.11 NvWriteIndexData() .................................................................................... 142 |
| 346 | 8.4.7.12 NvGetName() ............................................................................................. 143 |
| 347 | 8.4.7.13 NvDefineIndex().......................................................................................... 143 |
| 348 | |
| 349 | Family "2.0" TCG Published Page vii |
| 350 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 351 | Trusted Platform Module Library Part 4: Supporting Routines |
| 352 | |
| 353 | 8.4.7.14 NvAddEvictObject() .................................................................................... 144 |
| 354 | 8.4.7.15 NvDeleteEntity() ......................................................................................... 145 |
| 355 | 8.4.7.16 NvFlushHierarchy() ..................................................................................... 146 |
| 356 | 8.4.7.17 NvSetGlobalLock()...................................................................................... 147 |
| 357 | 8.4.7.18 InsertSort() ................................................................................................. 148 |
| 358 | 8.4.7.19 NvCapGetPersistent() ................................................................................. 149 |
| 359 | 8.4.7.20 NvCapGetIndex() ........................................................................................ 150 |
| 360 | 8.4.7.21 NvCapGetIndexNumber() ............................................................................ 151 |
| 361 | 8.4.7.22 NvCapGetPersistentNumber() .................................................................... 151 |
| 362 | 8.4.7.23 NvCapGetPersistentAvail() ......................................................................... 151 |
| 363 | 8.4.7.24 NvCapGetCounterNumber() ........................................................................ 151 |
| 364 | 8.4.7.25 NvCapGetCounterAvail() ............................................................................ 152 |
| 365 | 8.5 Object.c................................................................................................................... 153 |
| 366 | 8.5.1 Introduction ...................................................................................................... 153 |
| 367 | 8.5.2 Includes and Data Definitions ........................................................................... 153 |
| 368 | 8.5.3 Functions ......................................................................................................... 153 |
| 369 | 8.5.3.1 ObjectStartup() ........................................................................................... 153 |
| 370 | 8.5.3.2 ObjectCleanupEvict() .................................................................................. 153 |
| 371 | 8.5.3.3 ObjectIsPresent() ....................................................................................... 154 |
| 372 | 8.5.3.4 ObjectIsSequence() .................................................................................... 154 |
| 373 | 8.5.3.5 ObjectGet() ................................................................................................. 155 |
| 374 | 8.5.3.6 ObjectGetName() ........................................................................................ 155 |
| 375 | 8.5.3.7 ObjectGetNameAlg() ................................................................................... 155 |
| 376 | 8.5.3.8 ObjectGetQualifiedName() .......................................................................... 156 |
| 377 | 8.5.3.9 ObjectDataGetHierarchy() .......................................................................... 156 |
| 378 | 8.5.3.10 ObjectGetHierarchy() .................................................................................. 156 |
| 379 | 8.5.3.11 ObjectAllocateSlot() .................................................................................... 157 |
| 380 | 8.5.3.12 ObjectLoad()............................................................................................... 157 |
| 381 | 8.5.3.13 AllocateSequenceSlot() .............................................................................. 160 |
| 382 | 8.5.3.14 ObjectCreateHMACSequence() .................................................................. 160 |
| 383 | 8.5.3.15 ObjectCreateHashSequence() .................................................................... 161 |
| 384 | 8.5.3.16 ObjectCreateEventSequence() ................................................................... 161 |
| 385 | 8.5.3.17 ObjectTerminateEvent() .............................................................................. 162 |
| 386 | 8.5.3.18 ObjectContextLoad() ................................................................................... 163 |
| 387 | 8.5.3.19 ObjectFlush() .............................................................................................. 163 |
| 388 | 8.5.3.20 ObjectFlushHierarchy() ............................................................................... 163 |
| 389 | 8.5.3.21 ObjectLoadEvict() ....................................................................................... 164 |
| 390 | 8.5.3.22 ObjectComputeName() ............................................................................... 165 |
| 391 | 8.5.3.23 ObjectComputeQualifiedName() ................................................................. 166 |
| 392 | 8.5.3.24 ObjectDataIsStorage() ................................................................................ 166 |
| 393 | 8.5.3.25 ObjectIsStorage() ....................................................................................... 167 |
| 394 | 8.5.3.26 ObjectCapGetLoaded() ............................................................................... 167 |
| 395 | 8.5.3.27 ObjectCapGetTransientAvail() .................................................................... 168 |
| 396 | 8.6 PCR.c ..................................................................................................................... 168 |
| 397 | 8.6.1 Introduction ...................................................................................................... 168 |
| 398 | 8.6.2 Includes, Defines, and Data Definitions ............................................................ 168 |
| 399 | 8.6.3 Functions ......................................................................................................... 169 |
| 400 | 8.6.3.1 PCRBelongsAuthGroup() ............................................................................ 169 |
| 401 | 8.6.3.2 PCRBelongsPolicyGroup() .......................................................................... 169 |
| 402 | 8.6.3.3 PCRBelongsTCBGroup() ............................................................................ 170 |
| 403 | 8.6.3.4 PCRPolicyIsAvailable() ............................................................................... 170 |
| 404 | 8.6.3.5 PCRGetAuthValue() .................................................................................... 171 |
| 405 | 8.6.3.6 PCRGetAuthPolicy() ................................................................................... 171 |
| 406 | 8.6.3.7 PCRSimStart() ............................................................................................ 172 |
| 407 | 8.6.3.8 GetSavedPcrPointer() ................................................................................. 172 |
| 408 | |
| 409 | Page viii TCG Published Family "2.0" |
| 410 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 411 | Part 4: Supporting Routines Trusted Platform Module Library |
| 412 | |
| 413 | 8.6.3.9 PcrIsAllocated() .......................................................................................... 173 |
| 414 | 8.6.3.10 GetPcrPointer() .......................................................................................... 174 |
| 415 | 8.6.3.11 IsPcrSelected() ........................................................................................... 175 |
| 416 | 8.6.3.12 FilterPcr() ................................................................................................... 175 |
| 417 | 8.6.3.13 PcrDrtm() .................................................................................................... 176 |
| 418 | 8.6.3.14 PCRStartup() .............................................................................................. 176 |
| 419 | 8.6.3.15 PCRStateSave() ......................................................................................... 177 |
| 420 | 8.6.3.16 PCRIsStateSaved() .................................................................................... 178 |
| 421 | 8.6.3.17 PCRIsResetAllowed() ................................................................................. 179 |
| 422 | 8.6.3.18 PCRChanged() ........................................................................................... 179 |
| 423 | 8.6.3.19 PCRIsExtendAllowed() ............................................................................... 179 |
| 424 | 8.6.3.20 PCRExtend() .............................................................................................. 180 |
| 425 | 8.6.3.21 PCRComputeCurrentDigest() ...................................................................... 181 |
| 426 | 8.6.3.22 PCRRead() ................................................................................................. 181 |
| 427 | 8.6.3.23 PcrWrite() ................................................................................................... 183 |
| 428 | 8.6.3.24 PCRAllocate() ............................................................................................. 183 |
| 429 | 8.6.3.25 PCRSetValue() ........................................................................................... 185 |
| 430 | 8.6.3.26 PCRResetDynamics ................................................................................... 185 |
| 431 | 8.6.3.27 PCRCapGetAllocation() .............................................................................. 186 |
| 432 | 8.6.3.28 PCRSetSelectBit() ...................................................................................... 186 |
| 433 | 8.6.3.29 PCRGetProperty() ...................................................................................... 187 |
| 434 | 8.6.3.30 PCRCapGetProperties() ............................................................................. 188 |
| 435 | 8.6.3.31 PCRCapGetHandles() ................................................................................. 189 |
| 436 | 8.7 PP.c ........................................................................................................................ 190 |
| 437 | 8.7.1 Introduction ...................................................................................................... 190 |
| 438 | 8.7.2 Includes ........................................................................................................... 190 |
| 439 | 8.7.3 Functions ......................................................................................................... 190 |
| 440 | 8.7.3.1 PhysicalPresencePreInstall_Init() ............................................................... 190 |
| 441 | 8.7.3.2 PhysicalPresenceCommandSet() ................................................................ 191 |
| 442 | 8.7.3.3 PhysicalPresenceCommandClear() ............................................................. 191 |
| 443 | 8.7.3.4 PhysicalPresenceIsRequired() .................................................................... 192 |
| 444 | 8.7.3.5 PhysicalPresenceCapGetCCList() .............................................................. 192 |
| 445 | 8.8 Session.c ................................................................................................................ 193 |
| 446 | 8.8.1 Introduction ...................................................................................................... 193 |
| 447 | 8.8.2 Includes, Defines, and Local Variables ............................................................. 194 |
| 448 | 8.8.3 File Scope Function -- ContextIdSetOldest() ..................................................... 194 |
| 449 | 8.8.4 Startup Function -- SessionStartup() ................................................................ 195 |
| 450 | 8.8.5 Access Functions ............................................................................................. 196 |
| 451 | 8.8.5.1 SessionIsLoaded() ...................................................................................... 196 |
| 452 | 8.8.5.2 SessionIsSaved() ....................................................................................... 196 |
| 453 | 8.8.5.3 SessionPCRValueIsCurrent() ...................................................................... 197 |
| 454 | 8.8.5.4 SessionGet() .............................................................................................. 197 |
| 455 | 8.8.6 Utility Functions ................................................................................................ 198 |
| 456 | 8.8.6.1 ContextIdSessionCreate() ........................................................................... 198 |
| 457 | 8.8.6.2 SessionCreate().......................................................................................... 199 |
| 458 | 8.8.6.3 SessionContextSave() ................................................................................ 201 |
| 459 | 8.8.6.4 SessionContextLoad() ................................................................................ 202 |
| 460 | 8.8.6.5 SessionFlush() ........................................................................................... 204 |
| 461 | 8.8.6.6 SessionComputeBoundEntity() ................................................................... 204 |
| 462 | 8.8.6.7 SessionInitPolicyData()............................................................................... 205 |
| 463 | 8.8.6.8 SessionResetPolicyData() .......................................................................... 206 |
| 464 | 8.8.6.9 SessionCapGetLoaded() ............................................................................. 206 |
| 465 | 8.8.6.10 SessionCapGetSaved() .............................................................................. 207 |
| 466 | 8.8.6.11 SessionCapGetLoadedNumber() ................................................................ 208 |
| 467 | |
| 468 | Family "2.0" TCG Published Page ix |
| 469 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 470 | Trusted Platform Module Library Part 4: Supporting Routines |
| 471 | |
| 472 | 8.8.6.12 SessionCapGetLoadedAvail() ..................................................................... 208 |
| 473 | 8.8.6.13 SessionCapGetActiveNumber() .................................................................. 209 |
| 474 | 8.8.6.14 SessionCapGetActiveAvail() ....................................................................... 209 |
| 475 | 8.9 Time.c ..................................................................................................................... 209 |
| 476 | 8.9.1 Introduction ...................................................................................................... 209 |
| 477 | 8.9.2 Includes ........................................................................................................... 209 |
| 478 | 8.9.3 Functions ......................................................................................................... 210 |
| 479 | 8.9.3.1 TimePowerOn() .......................................................................................... 210 |
| 480 | 8.9.3.2 TimeStartup() ............................................................................................. 210 |
| 481 | 8.9.3.3 TimeUpdateToCurrent() .............................................................................. 211 |
| 482 | 8.9.3.4 TimeSetAdjustRate() .................................................................................. 212 |
| 483 | 8.9.3.5 TimeGetRange() ......................................................................................... 212 |
| 484 | 8.9.3.6 TimeFillInfo ................................................................................................ 213 |
| 485 | 9 Support ............................................................................................................................ 214 |
| 486 | 9.1 AlgorithmCap.c ........................................................................................................ 214 |
| 487 | 9.1.1 Description ....................................................................................................... 214 |
| 488 | 9.1.2 Includes and Defines ........................................................................................ 214 |
| 489 | 9.1.3 AlgorithmCapGetImplemented() ........................................................................ 215 |
| 490 | 9.2 Bits.c ....................................................................................................................... 217 |
| 491 | 9.2.1 Introduction ...................................................................................................... 217 |
| 492 | 9.2.2 Includes ........................................................................................................... 217 |
| 493 | 9.2.3 Functions ......................................................................................................... 217 |
| 494 | 9.2.3.1 BitIsSet() .................................................................................................... 217 |
| 495 | 9.2.3.2 BitSet() ....................................................................................................... 217 |
| 496 | 9.2.3.3 BitClear() .................................................................................................... 218 |
| 497 | 9.3 CommandAttributeData.c ........................................................................................ 218 |
| 498 | 9.4 CommandCodeAttributes.c ...................................................................................... 224 |
| 499 | 9.4.1 Introduction ...................................................................................................... 224 |
| 500 | 9.4.2 Includes and Defines ........................................................................................ 224 |
| 501 | 9.4.3 Command Attribute Functions .......................................................................... 224 |
| 502 | 9.4.3.1 CommandAuthRole() .................................................................................. 224 |
| 503 | 9.4.3.2 CommandIsImplemented() .......................................................................... 224 |
| 504 | 9.4.3.3 CommandGetAttribute() .............................................................................. 225 |
| 505 | 9.4.3.4 EncryptSize() .............................................................................................. 225 |
| 506 | 9.4.3.5 DecryptSize().............................................................................................. 226 |
| 507 | 9.4.3.6 IsSessionAllowed() ..................................................................................... 226 |
| 508 | 9.4.3.7 IsHandleInResponse() ................................................................................ 226 |
| 509 | 9.4.3.8 IsWriteOperation() ...................................................................................... 227 |
| 510 | 9.4.3.9 IsReadOperation() ...................................................................................... 227 |
| 511 | 9.4.3.10 CommandCapGetCCList() .......................................................................... 227 |
| 512 | 9.5 DRTM.c ................................................................................................................... 228 |
| 513 | 9.5.1 Description ....................................................................................................... 228 |
| 514 | 9.5.2 Includes ........................................................................................................... 228 |
| 515 | 9.5.3 Functions ......................................................................................................... 229 |
| 516 | 9.5.3.1 Signal_Hash_Start() ................................................................................... 229 |
| 517 | 9.5.3.2 Signal_Hash_Data() ................................................................................... 229 |
| 518 | 9.5.3.3 Signal_Hash_End() ..................................................................................... 229 |
| 519 | 9.6 Entity.c .................................................................................................................... 229 |
| 520 | 9.6.1 Description ....................................................................................................... 229 |
| 521 | 9.6.2 Includes ........................................................................................................... 229 |
| 522 | |
| 523 | Page x TCG Published Family "2.0" |
| 524 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 525 | Part 4: Supporting Routines Trusted Platform Module Library |
| 526 | |
| 527 | 9.6.3 Functions ......................................................................................................... 230 |
| 528 | 9.6.3.1 EntityGetLoadStatus() ................................................................................ 230 |
| 529 | 9.6.3.2 EntityGetAuthValue() .................................................................................. 232 |
| 530 | 9.6.3.3 EntityGetAuthPolicy() ................................................................................. 233 |
| 531 | 9.6.3.4 EntityGetName() ......................................................................................... 234 |
| 532 | 9.6.3.5 EntityGetHierarchy() ................................................................................... 235 |
| 533 | 9.7 Global.c................................................................................................................... 236 |
| 534 | 9.7.1 Description ....................................................................................................... 236 |
| 535 | 9.7.2 Includes and Defines ........................................................................................ 236 |
| 536 | 9.7.3 Global Data Values .......................................................................................... 236 |
| 537 | 9.7.4 Private Values .................................................................................................. 237 |
| 538 | 9.7.4.1 SessionProcess.c ....................................................................................... 237 |
| 539 | 9.7.4.2 DA.c ........................................................................................................... 237 |
| 540 | 9.7.4.3 NV.c ........................................................................................................... 237 |
| 541 | 9.7.4.4 Object.c ...................................................................................................... 238 |
| 542 | 9.7.4.5 PCR.c ......................................................................................................... 238 |
| 543 | 9.7.4.6 Session.c .................................................................................................... 238 |
| 544 | 9.7.4.7 Manufacture.c ............................................................................................. 238 |
| 545 | 9.7.4.8 Power.c ...................................................................................................... 238 |
| 546 | 9.7.4.9 MemoryLib.c ............................................................................................... 238 |
| 547 | 9.7.4.10 SelfTest.c ................................................................................................... 238 |
| 548 | 9.7.4.11 TpmFail.c ................................................................................................... 238 |
| 549 | 9.8 Handle.c .................................................................................................................. 239 |
| 550 | 9.8.1 Description ....................................................................................................... 239 |
| 551 | 9.8.2 Includes ........................................................................................................... 239 |
| 552 | 9.8.3 Functions ......................................................................................................... 239 |
| 553 | 9.8.3.1 HandleGetType() ........................................................................................ 239 |
| 554 | 9.8.3.2 NextPermanentHandle() ............................................................................. 239 |
| 555 | 9.8.3.3 PermanentCapGetHandles() ....................................................................... 240 |
| 556 | 9.9 Locality.c ................................................................................................................. 241 |
| 557 | 9.9.1 Includes ........................................................................................................... 241 |
| 558 | 9.9.2 LocalityGetAttributes() ...................................................................................... 241 |
| 559 | 9.10 Manufacture.c ......................................................................................................... 241 |
| 560 | 9.10.1 Description ....................................................................................................... 241 |
| 561 | 9.10.2 Includes and Data Definitions ........................................................................... 241 |
| 562 | 9.10.3 Functions ......................................................................................................... 242 |
| 563 | 9.10.3.1 TPM_Manufacture() .................................................................................... 242 |
| 564 | 9.10.3.2 TPM_TearDown() ....................................................................................... 243 |
| 565 | 9.11 Marshal.c ................................................................................................................ 244 |
| 566 | 9.11.1 Introduction ...................................................................................................... 244 |
| 567 | 9.11.2 Unmarshal and Marshal a Value ....................................................................... 244 |
| 568 | 9.11.3 Unmarshal and Marshal a Union ....................................................................... 245 |
| 569 | 9.11.4 Unmarshal and Marshal a Structure .................................................................. 247 |
| 570 | 9.11.5 Unmarshal and Marshal an Array ..................................................................... 249 |
| 571 | 9.11.6 TPM2B Handling .............................................................................................. 251 |
| 572 | 9.12 MemoryLib.c............................................................................................................ 252 |
| 573 | 9.12.1 Description ....................................................................................................... 252 |
| 574 | 9.12.2 Includes and Data Definitions ........................................................................... 252 |
| 575 | 9.12.3 Functions on BYTE Arrays................................................................................ 252 |
| 576 | |
| 577 | |
| 578 | Family "2.0" TCG Published Page xi |
| 579 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 580 | Trusted Platform Module Library Part 4: Supporting Routines |
| 581 | |
| 582 | 9.12.3.1 MemoryMove()............................................................................................ 252 |
| 583 | 9.12.3.2 MemoryCopy() ............................................................................................ 253 |
| 584 | 9.12.3.3 MemoryEqual() ........................................................................................... 253 |
| 585 | 9.12.3.4 MemoryCopy2B() ........................................................................................ 253 |
| 586 | 9.12.3.5 MemoryConcat2B() ..................................................................................... 254 |
| 587 | 9.12.3.6 Memory2BEqual() ....................................................................................... 254 |
| 588 | 9.12.3.7 MemorySet() ............................................................................................... 255 |
| 589 | 9.12.3.8 MemoryGetActionInputBuffer().................................................................... 255 |
| 590 | 9.12.3.9 MemoryGetActionOutputBuffer() ................................................................. 255 |
| 591 | 9.12.3.10 MemoryGetResponseBuffer() ...................................................................... 256 |
| 592 | 9.12.3.11 MemoryRemoveTrailingZeros() ................................................................... 256 |
| 593 | 9.13 Power.c ................................................................................................................... 256 |
| 594 | 9.13.1 Description ....................................................................................................... 256 |
| 595 | 9.13.2 Includes and Data Definitions ........................................................................... 256 |
| 596 | 9.13.3 Functions ......................................................................................................... 257 |
| 597 | 9.13.3.1 TPMInit() .................................................................................................... 257 |
| 598 | 9.13.3.2 TPMRegisterStartup() ................................................................................. 257 |
| 599 | 9.13.3.3 TPMIsStarted() ........................................................................................... 257 |
| 600 | 9.14 PropertyCap.c ......................................................................................................... 257 |
| 601 | 9.14.1 Description ....................................................................................................... 257 |
| 602 | 9.14.2 Includes ........................................................................................................... 258 |
| 603 | 9.14.3 Functions ......................................................................................................... 258 |
| 604 | 9.14.3.1 PCRGetProperty() ...................................................................................... 258 |
| 605 | 9.14.3.2 TPMCapGetProperties() ............................................................................. 264 |
| 606 | 9.15 TpmFail.c ................................................................................................................ 265 |
| 607 | 9.15.1 Includes, Defines, and Types ........................................................................... 265 |
| 608 | 9.15.2 Typedefs .......................................................................................................... 265 |
| 609 | 9.15.3 Local Functions ................................................................................................ 266 |
| 610 | 9.15.3.1 MarshalUint16() .......................................................................................... 266 |
| 611 | 9.15.3.2 MarshalUint32() .......................................................................................... 266 |
| 612 | 9.15.3.3 UnmarshalHeader() .................................................................................... 267 |
| 613 | 9.15.4 Public Functions ............................................................................................... 267 |
| 614 | 9.15.4.1 SetForceFailureMode() ............................................................................... 267 |
| 615 | 9.15.4.2 TpmFail() .................................................................................................... 267 |
| 616 | 9.15.5 TpmFailureMode .............................................................................................. 268 |
| 617 | 10 Cryptographic Functions ................................................................................................... 272 |
| 618 | 10.1 Introduction ............................................................................................................. 272 |
| 619 | 10.2 CryptUtil.c ............................................................................................................... 272 |
| 620 | 10.2.1 Includes ........................................................................................................... 272 |
| 621 | 10.2.2 TranslateCryptErrors() ...................................................................................... 272 |
| 622 | 10.2.3 Random Number Generation Functions ............................................................ 273 |
| 623 | 10.2.3.1 CryptDrbgGetPutState() .............................................................................. 273 |
| 624 | 10.2.3.2 CryptStirRandom() ...................................................................................... 273 |
| 625 | 10.2.3.3 CryptGenerateRandom() ............................................................................. 273 |
| 626 | 10.2.4 Hash/HMAC Functions ..................................................................................... 274 |
| 627 | 10.2.4.1 CryptGetContextAlg() ................................................................................. 274 |
| 628 | 10.2.4.2 CryptStartHash()......................................................................................... 274 |
| 629 | 10.2.4.3 CryptStartHashSequence() ......................................................................... 275 |
| 630 | 10.2.4.4 CryptStartHMAC() ....................................................................................... 275 |
| 631 | |
| 632 | Page xii TCG Published Family "2.0" |
| 633 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 634 | Part 4: Supporting Routines Trusted Platform Module Library |
| 635 | |
| 636 | 10.2.4.5 CryptStartHMACSequence() ....................................................................... 276 |
| 637 | 10.2.4.6 CryptStartHMAC2B() .................................................................................. 276 |
| 638 | 10.2.4.7 CryptStartHMACSequence2B() ................................................................... 277 |
| 639 | 10.2.4.8 CryptUpdateDigest() ................................................................................... 277 |
| 640 | 10.2.4.9 CryptUpdateDigest2B() ............................................................................... 278 |
| 641 | 10.2.4.10 CryptUpdateDigestInt() ............................................................................... 278 |
| 642 | 10.2.4.11 CryptCompleteHash() ................................................................................. 279 |
| 643 | 10.2.4.12 CryptCompleteHash2B() ............................................................................. 279 |
| 644 | 10.2.4.13 CryptHashBlock() ....................................................................................... 280 |
| 645 | 10.2.4.14 CryptCompleteHMAC() ............................................................................... 280 |
| 646 | 10.2.4.15 CryptCompleteHMAC2B() ........................................................................... 281 |
| 647 | 10.2.4.16 CryptHashStateImportExport() .................................................................... 281 |
| 648 | 10.2.4.17 CryptGetHashDigestSize() .......................................................................... 281 |
| 649 | 10.2.4.18 CryptGetHashBlockSize() ........................................................................... 282 |
| 650 | 10.2.4.19 CryptGetHashAlgByIndex() ......................................................................... 282 |
| 651 | 10.2.4.20 CryptSignHMAC() ....................................................................................... 282 |
| 652 | 10.2.4.21 CryptHMACVerifySignature() ...................................................................... 283 |
| 653 | 10.2.4.22 CryptGenerateKeyedHash() ........................................................................ 283 |
| 654 | 10.2.4.23 CryptKDFa() ............................................................................................... 285 |
| 655 | 10.2.4.24 CryptKDFaOnce() ....................................................................................... 285 |
| 656 | 10.2.4.25 KDFa() ....................................................................................................... 285 |
| 657 | 10.2.4.26 CryptKDFe() ............................................................................................... 286 |
| 658 | 10.2.5 RSA Functions ................................................................................................. 286 |
| 659 | 10.2.5.1 BuildRSA() ................................................................................................. 286 |
| 660 | 10.2.5.2 CryptTestKeyRSA() .................................................................................... 286 |
| 661 | 10.2.5.3 CryptGenerateKeyRSA() ............................................................................. 287 |
| 662 | 10.2.5.4 CryptLoadPrivateRSA() .............................................................................. 288 |
| 663 | 10.2.5.5 CryptSelectRSAScheme() ........................................................................... 288 |
| 664 | 10.2.5.6 CryptDecryptRSA() ..................................................................................... 289 |
| 665 | 10.2.5.7 CryptEncryptRSA() ..................................................................................... 291 |
| 666 | 10.2.5.8 CryptSignRSA() .......................................................................................... 292 |
| 667 | 10.2.5.9 CryptRSAVerifySignature() ......................................................................... 293 |
| 668 | 10.2.6 ECC Functions ................................................................................................. 294 |
| 669 | 10.2.6.1 CryptEccGetCurveDataPointer() ................................................................. 294 |
| 670 | 10.2.6.2 CryptEccGetKeySizeInBits() ....................................................................... 294 |
| 671 | 10.2.6.3 CryptEccGetKeySizeBytes() ....................................................................... 294 |
| 672 | 10.2.6.4 CryptEccGetParameter()............................................................................. 294 |
| 673 | 10.2.6.5 CryptGetCurveSignScheme() ...................................................................... 295 |
| 674 | 10.2.6.6 CryptEccIsPointOnCurve() .......................................................................... 295 |
| 675 | 10.2.6.7 CryptNewEccKey() ..................................................................................... 296 |
| 676 | 10.2.6.8 CryptEccPointMultiply() .............................................................................. 296 |
| 677 | 10.2.6.9 CryptGenerateKeyECC() ............................................................................ 297 |
| 678 | 10.2.6.10 CryptSignECC() .......................................................................................... 297 |
| 679 | 10.2.6.11 CryptECCVerifySignature() ......................................................................... 298 |
| 680 | 10.2.6.12 CryptGenerateR() ....................................................................................... 299 |
| 681 | 10.2.6.13 CryptCommit() ............................................................................................ 301 |
| 682 | 10.2.6.14 CryptEndCommit() ...................................................................................... 301 |
| 683 | 10.2.6.15 CryptCommitCompute() .............................................................................. 301 |
| 684 | 10.2.6.16 CryptEccGetParameters() ........................................................................... 302 |
| 685 | 10.2.6.17 CryptIsSchemeAnonymous() ....................................................................... 303 |
| 686 | 10.2.7 Symmetric Functions ........................................................................................ 303 |
| 687 | 10.2.7.1 ParmDecryptSym() ..................................................................................... 303 |
| 688 | 10.2.7.2 ParmEncryptSym() ..................................................................................... 304 |
| 689 | 10.2.7.3 CryptGenerateNewSymmetric() .................................................................. 305 |
| 690 | 10.2.7.4 CryptGenerateKeySymmetric() ................................................................... 306 |
| 691 | |
| 692 | Family "2.0" TCG Published Page xiii |
| 693 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 694 | Trusted Platform Module Library Part 4: Supporting Routines |
| 695 | |
| 696 | 10.2.7.5 CryptXORObfuscation() .............................................................................. 307 |
| 697 | 10.2.8 Initialization and shut down .............................................................................. 307 |
| 698 | 10.2.8.1 CryptInitUnits() ........................................................................................... 307 |
| 699 | 10.2.8.2 CryptStopUnits() ......................................................................................... 308 |
| 700 | 10.2.8.3 CryptUtilStartup()........................................................................................ 308 |
| 701 | 10.2.9 Algorithm-Independent Functions ..................................................................... 309 |
| 702 | 10.2.9.1 Introduction ................................................................................................ 309 |
| 703 | 10.2.9.2 CryptIsAsymAlgorithm() .............................................................................. 309 |
| 704 | 10.2.9.3 CryptGetSymmetricBlockSize() ................................................................... 309 |
| 705 | 10.2.9.4 CryptSymmetricEncrypt() ............................................................................ 310 |
| 706 | 10.2.9.5 CryptSymmetricDecrypt() ............................................................................ 311 |
| 707 | 10.2.9.6 CryptSecretEncrypt() .................................................................................. 313 |
| 708 | 10.2.9.7 CryptSecretDecrypt() .................................................................................. 315 |
| 709 | 10.2.9.8 CryptParameterEncryption() ....................................................................... 318 |
| 710 | 10.2.9.9 CryptParameterDecryption() ....................................................................... 319 |
| 711 | 10.2.9.10 CryptComputeSymmetricUnique() ............................................................... 320 |
| 712 | 10.2.9.11 CryptComputeSymValue() .......................................................................... 321 |
| 713 | 10.2.9.12 CryptCreateObject() ................................................................................... 321 |
| 714 | 10.2.9.13 CryptObjectIsPublicConsistent() ................................................................. 324 |
| 715 | 10.2.9.14 CryptObjectPublicPrivateMatch() ................................................................ 325 |
| 716 | 10.2.9.15 CryptGetSignHashAlg() .............................................................................. 326 |
| 717 | 10.2.9.16 CryptIsSplitSign() ....................................................................................... 327 |
| 718 | 10.2.9.17 CryptIsSignScheme() .................................................................................. 327 |
| 719 | 10.2.9.18 CryptIsDecryptScheme() ............................................................................. 328 |
| 720 | 10.2.9.19 CryptSelectSignScheme() ........................................................................... 328 |
| 721 | 10.2.9.20 CryptSign() ................................................................................................. 330 |
| 722 | 10.2.9.21 CryptVerifySignature() ................................................................................ 331 |
| 723 | 10.2.10 Math functions .................................................................................................. 332 |
| 724 | 10.2.10.1 CryptDivide() .............................................................................................. 332 |
| 725 | 10.2.10.2 CryptCompare() .......................................................................................... 333 |
| 726 | 10.2.10.3 CryptCompareSigned() ............................................................................... 333 |
| 727 | 10.2.10.4 CryptGetTestResult .................................................................................... 333 |
| 728 | 10.2.11 Capability Support ............................................................................................ 334 |
| 729 | 10.2.11.1 CryptCapGetECCCurve() ............................................................................ 334 |
| 730 | 10.2.11.2 CryptCapGetEccCurveNumber() ................................................................. 335 |
| 731 | 10.2.11.3 CryptAreKeySizesConsistent() .................................................................... 335 |
| 732 | 10.2.11.4 CryptAlgSetImplemented() .......................................................................... 336 |
| 733 | 10.3 Ticket.c ................................................................................................................... 336 |
| 734 | 10.3.1 Introduction ...................................................................................................... 336 |
| 735 | 10.3.2 Includes ........................................................................................................... 336 |
| 736 | 10.3.3 Functions ......................................................................................................... 336 |
| 737 | 10.3.3.1 TicketIsSafe() ............................................................................................. 336 |
| 738 | 10.3.3.2 TicketComputeVerified() ............................................................................. 337 |
| 739 | 10.3.3.3 TicketComputeAuth() .................................................................................. 337 |
| 740 | 10.3.3.4 TicketComputeHashCheck() ....................................................................... 338 |
| 741 | 10.3.3.5 TicketComputeCreation() ............................................................................ 339 |
| 742 | 10.4 CryptSelfTest.c ....................................................................................................... 339 |
| 743 | 10.4.1 Introduction ...................................................................................................... 339 |
| 744 | 10.4.2 Functions ......................................................................................................... 340 |
| 745 | 10.4.2.1 RunSelfTest() ............................................................................................. 340 |
| 746 | 10.4.2.2 CryptSelfTest() ........................................................................................... 340 |
| 747 | |
| 748 | Page xiv TCG Published Family "2.0" |
| 749 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 750 | Part 4: Supporting Routines Trusted Platform Module Library |
| 751 | |
| 752 | 10.4.2.3 CryptIncrementalSelfTest() ......................................................................... 341 |
| 753 | 10.4.2.4 CryptInitializeToTest() ................................................................................ 342 |
| 754 | 10.4.2.5 CryptTestAlgorithm() .................................................................................. 342 |
| 755 | Annex A (informative) Implementation Dependent .................................................................. 344 |
| 756 | A.1 Introduction ............................................................................................................. 344 |
| 757 | A.2 Implementation.h ..................................................................................................... 344 |
| 758 | Annex B (informative) Cryptographic Library Interface ............................................................ 359 |
| 759 | B.1 Introduction ............................................................................................................. 359 |
| 760 | B.2 Integer Format ........................................................................................................ 359 |
| 761 | B.3 CryptoEngine.h ....................................................................................................... 359 |
| 762 | B.3.1. Introduction ...................................................................................................... 359 |
| 763 | B.3.2. General Purpose Macros .................................................................................. 360 |
| 764 | B.3.3. Self-test ........................................................................................................... 360 |
| 765 | B.3.4. Hash-related Structures .................................................................................... 360 |
| 766 | B.3.5. Asymmetric Structures and Values ................................................................... 362 |
| 767 | B.3.5.1. ECC-related Structures ............................................................................... 362 |
| 768 | B.3.5.2. RSA-related Structures ............................................................................... 362 |
| 769 | B.3.6. Miscelaneous ................................................................................................... 362 |
| 770 | B.4 OsslCryptoEngine.h ................................................................................................ 364 |
| 771 | B.4.1. Introduction ...................................................................................................... 364 |
| 772 | B.4.2. Defines ............................................................................................................. 364 |
| 773 | B.5 MathFunctions.c ...................................................................................................... 365 |
| 774 | B.5.1. Introduction ...................................................................................................... 365 |
| 775 | B.5.2. Externally Accessible Functions ....................................................................... 365 |
| 776 | B.5.2.1. _math__Normalize2B() ............................................................................... 365 |
| 777 | B.5.2.2. _math__Denormalize2B() ........................................................................... 366 |
| 778 | B.5.2.3. _math__sub() ............................................................................................. 366 |
| 779 | B.5.2.4. _math__Inc() .............................................................................................. 367 |
| 780 | B.5.2.5. _math__Dec() ............................................................................................. 368 |
| 781 | B.5.2.6. _math__Mul() ............................................................................................. 368 |
| 782 | B.5.2.7. _math__Div() .............................................................................................. 369 |
| 783 | B.5.2.8. _math__uComp() ........................................................................................ 370 |
| 784 | B.5.2.9. _math__Comp() .......................................................................................... 371 |
| 785 | B.5.2.10. _math__ModExp ......................................................................................... 372 |
| 786 | B.5.2.11. _math__IsPrime() ....................................................................................... 373 |
| 787 | B.6 CpriCryptPri.c .......................................................................................................... 375 |
| 788 | B.6.1. Introduction ...................................................................................................... 375 |
| 789 | B.6.2. Includes and Locals .......................................................................................... 375 |
| 790 | B.6.3. Functions ......................................................................................................... 375 |
| 791 | B.6.3.1. TpmFail() .................................................................................................... 375 |
| 792 | B.6.3.2. FAILURE_TRAP() ....................................................................................... 375 |
| 793 | B.6.3.3. _cpri__InitCryptoUnits() .............................................................................. 375 |
| 794 | B.6.3.4. _cpri__StopCryptoUnits()............................................................................ 376 |
| 795 | B.6.3.5. _cpri__Startup() .......................................................................................... 376 |
| 796 | B.7 CpriRNG.c ............................................................................................................... 377 |
| 797 | B.7.1. Introduction ...................................................................................................... 377 |
| 798 | B.7.2. Includes ........................................................................................................... 377 |
| 799 | B.7.3. Functions ......................................................................................................... 377 |
| 800 | B.7.3.1. _cpri__RngStartup() ................................................................................... 377 |
| 801 | |
| 802 | Family "2.0" TCG Published Page xv |
| 803 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 804 | Trusted Platform Module Library Part 4: Supporting Routines |
| 805 | |
| 806 | B.7.3.2. _cpri__DrbgGetPutState() .......................................................................... 377 |
| 807 | B.7.3.3. _cpri__StirRandom() ................................................................................... 378 |
| 808 | B.7.3.4. _cpri__GenerateRandom().......................................................................... 378 |
| 809 | B.7.3.4.1. _cpri__GenerateSeededRandom() .............................................................. 379 |
| 810 | B.8 CpriHash.c .............................................................................................................. 380 |
| 811 | B.8.1. Description ....................................................................................................... 380 |
| 812 | B.8.2. Includes, Defines, and Types ........................................................................... 380 |
| 813 | B.8.3. Static Functions................................................................................................ 380 |
| 814 | B.8.3.1. GetHashServer() ........................................................................................ 380 |
| 815 | B.8.3.2. MarshalHashState() .................................................................................... 381 |
| 816 | B.8.3.3. GetHashState()........................................................................................... 381 |
| 817 | B.8.3.4. GetHashInfoPointer() .................................................................................. 382 |
| 818 | B.8.4. Hash Functions ................................................................................................ 382 |
| 819 | B.8.4.1. _cpri__HashStartup() .................................................................................. 382 |
| 820 | B.8.4.2. _cpri__GetHashAlgByIndex() ...................................................................... 382 |
| 821 | B.8.4.3. _cpri__GetHashBlockSize() ........................................................................ 383 |
| 822 | B.8.4.4. _cpri__GetHashDER .................................................................................. 383 |
| 823 | B.8.4.5. _cpri__GetDigestSize() ............................................................................... 383 |
| 824 | B.8.4.6. _cpri__GetContextAlg() .............................................................................. 384 |
| 825 | B.8.4.7. _cpri__CopyHashState ............................................................................... 384 |
| 826 | B.8.4.8. _cpri__StartHash() ..................................................................................... 384 |
| 827 | B.8.4.9. _cpri__UpdateHash() .................................................................................. 385 |
| 828 | B.8.4.10. _cpri__CompleteHash() .............................................................................. 386 |
| 829 | B.8.4.11. _cpri__ImportExportHashState() ................................................................. 387 |
| 830 | B.8.4.12. _cpri__HashBlock() .................................................................................... 388 |
| 831 | B.8.5. HMAC Functions .............................................................................................. 389 |
| 832 | B.8.5.1. _cpri__StartHMAC ...................................................................................... 389 |
| 833 | B.8.5.2. _cpri_CompleteHMAC() .............................................................................. 390 |
| 834 | B.8.6. Mask and Key Generation Functions ................................................................ 390 |
| 835 | B.8.6.1. _crypi_MGF1() ............................................................................................ 390 |
| 836 | B.8.6.2. _cpri_KDFa() .............................................................................................. 392 |
| 837 | B.8.6.3. _cpri__KDFe() ............................................................................................ 394 |
| 838 | B.9 CpriHashData.c ....................................................................................................... 396 |
| 839 | B.10 CpriMisc.c ............................................................................................................... 397 |
| 840 | B.10.1. Includes ........................................................................................................... 397 |
| 841 | B.10.2. Functions ......................................................................................................... 397 |
| 842 | B.10.2.1. BnTo2B() .................................................................................................... 397 |
| 843 | B.10.2.2. Copy2B() .................................................................................................... 397 |
| 844 | B.10.2.3. BnFrom2B() ................................................................................................ 398 |
| 845 | B.11 CpriSym.c ............................................................................................................... 399 |
| 846 | B.11.1. Introduction ...................................................................................................... 399 |
| 847 | B.11.2. Includes, Defines, and Typedefs ....................................................................... 399 |
| 848 | B.11.3. Utility Functions ................................................................................................ 399 |
| 849 | B.11.3.1. _cpri_SymStartup() ..................................................................................... 399 |
| 850 | B.11.3.2. _cpri__GetSymmetricBlockSize() ................................................................ 399 |
| 851 | B.11.4. AES Encryption ................................................................................................ 400 |
| 852 | B.11.4.1. _cpri__AESEncryptCBC() ........................................................................... 400 |
| 853 | B.11.4.2. _cpri__AESDecryptCBC() ........................................................................... 401 |
| 854 | B.11.4.3. _cpri__AESEncryptCFB() ........................................................................... 402 |
| 855 | |
| 856 | Page xvi TCG Published Family "2.0" |
| 857 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 858 | Part 4: Supporting Routines Trusted Platform Module Library |
| 859 | |
| 860 | B.11.4.4. _cpri__AESDecryptCFB() ........................................................................... 403 |
| 861 | B.11.4.5. _cpri__AESEncryptCTR() ........................................................................... 404 |
| 862 | B.11.4.6. _cpri__AESDecryptCTR() ........................................................................... 405 |
| 863 | B.11.4.7. _cpri__AESEncryptECB() ........................................................................... 405 |
| 864 | B.11.4.8. _cpri__AESDecryptECB() ........................................................................... 406 |
| 865 | B.11.4.9. _cpri__AESEncryptOFB() ........................................................................... 406 |
| 866 | B.11.4.10. _cpri__AESDecryptOFB() ........................................................................... 407 |
| 867 | B.11.5. SM4 Encryption ................................................................................................ 408 |
| 868 | B.11.5.1. _cpri__SM4EncryptCBC() ........................................................................... 408 |
| 869 | B.11.5.2. _cpri__SM4DecryptCBC() ........................................................................... 409 |
| 870 | B.11.5.3. _cpri__SM4EncryptCFB() ........................................................................... 410 |
| 871 | B.11.5.4. _cpri__SM4DecryptCFB() ........................................................................... 410 |
| 872 | B.11.5.5. _cpri__SM4EncryptCTR() ........................................................................... 411 |
| 873 | B.11.5.6. _cpri__SM4DecryptCTR() ........................................................................... 412 |
| 874 | B.11.5.7. _cpri__SM4EncryptECB() ........................................................................... 413 |
| 875 | B.11.5.8. _cpri__SM4DecryptECB() ........................................................................... 413 |
| 876 | B.11.5.9. _cpri__SM4EncryptOFB() ........................................................................... 414 |
| 877 | B.11.5.10. _cpri__SM4DecryptOFB() ........................................................................... 415 |
| 878 | B.12 RSA Files ................................................................................................................ 416 |
| 879 | B.12.1. CpriRSA.c ........................................................................................................ 416 |
| 880 | B.12.1.1. Introduction ................................................................................................ 416 |
| 881 | B.12.1.2. Includes ...................................................................................................... 416 |
| 882 | B.12.1.3. Local Functions .......................................................................................... 416 |
| 883 | B.12.1.3.1. RsaPrivateExponent() ............................................................................ 416 |
| 884 | B.12.1.3.2. _cpri__TestKeyRSA() ............................................................................. 418 |
| 885 | B.12.1.3.3. RSAEP() ................................................................................................ 420 |
| 886 | B.12.1.3.4. RSADP() ................................................................................................ 420 |
| 887 | B.12.1.3.5. OaepEncode() ........................................................................................ 421 |
| 888 | B.12.1.3.6. OaepDecode() ........................................................................................ 423 |
| 889 | B.12.1.3.7. PKSC1v1_5Encode() .............................................................................. 425 |
| 890 | B.12.1.3.8. RSAES_Decode() ................................................................................... 425 |
| 891 | B.12.1.3.9. PssEncode() ........................................................................................... 426 |
| 892 | B.12.1.3.10. PssDecode() ........................................................................................ 427 |
| 893 | B.12.1.3.11. PKSC1v1_5SignEncode() ..................................................................... 429 |
| 894 | B.12.1.3.12. RSASSA_Decode()............................................................................... 430 |
| 895 | B.12.1.4. Externally Accessible Functions .................................................................. 431 |
| 896 | B.12.1.4.1. _cpri__RsaStartup() ............................................................................... 431 |
| 897 | B.12.1.4.2. _cpri__EncryptRSA() .............................................................................. 431 |
| 898 | B.12.1.4.3. _cpri__DecryptRSA() .............................................................................. 433 |
| 899 | B.12.1.4.4. _cpri__SignRSA() ................................................................................... 434 |
| 900 | B.12.1.4.5. _cpri__ValidateSignatureRSA() .............................................................. 435 |
| 901 | B.12.1.4.6. _cpri__GenerateKeyRSA() ..................................................................... 435 |
| 902 | B.12.2. Alternative RSA Key Generation ....................................................................... 440 |
| 903 | B.12.2.1. Introduction ................................................................................................ 440 |
| 904 | B.12.2.2. RSAKeySieve.h .......................................................................................... 440 |
| 905 | B.12.2.3. RSAKeySieve.c .......................................................................................... 443 |
| 906 | B.12.2.3.1. Includes and defines .............................................................................. 443 |
| 907 | B.12.2.3.2. Bit Manipulation Functions ..................................................................... 443 |
| 908 | B.12.2.3.3. Miscellaneous Functions ........................................................................ 445 |
| 909 | B.12.2.3.4. Public Function ...................................................................................... 455 |
| 910 | B.12.2.4. RSAData.c .................................................................................................. 459 |
| 911 | B.13 Elliptic Curve Files .................................................................................................. 471 |
| 912 | Family "2.0" TCG Published Page xvii |
| 913 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 914 | Trusted Platform Module Library Part 4: Supporting Routines |
| 915 | |
| 916 | B.13.1. CpriDataEcc.h .................................................................................................. 471 |
| 917 | B.13.2. CpriDataEcc.c .................................................................................................. 472 |
| 918 | B.13.3. CpriECC.c ........................................................................................................ 479 |
| 919 | B.13.3.1. Includes and Defines .................................................................................. 479 |
| 920 | B.13.3.2. Functions .................................................................................................... 479 |
| 921 | B.13.3.2.1. _cpri__EccStartup() ................................................................................ 479 |
| 922 | B.13.3.2.2. _cpri__GetCurveIdByIndex() .................................................................. 479 |
| 923 | B.13.3.2.3. _cpri__EccGetParametersByCurveId() ................................................... 479 |
| 924 | B.13.3.2.4. Point2B() ................................................................................................ 480 |
| 925 | B.13.3.2.5. EccCurveInit() ........................................................................................ 481 |
| 926 | B.13.3.2.6. PointFrom2B() ........................................................................................ 482 |
| 927 | B.13.3.2.7. EccInitPoint2B() ..................................................................................... 482 |
| 928 | B.13.3.2.8. PointMul() .............................................................................................. 483 |
| 929 | B.13.3.2.9. GetRandomPrivate() ............................................................................... 483 |
| 930 | B.13.3.2.10. Mod2B() ............................................................................................... 484 |
| 931 | B.13.3.2.11. _cpri__EccPointMultiply ....................................................................... 484 |
| 932 | B.13.3.2.12. ClearPoint2B() ...................................................................................... 486 |
| 933 | B.13.3.2.13. _cpri__EccCommitCompute() ............................................................... 486 |
| 934 | B.13.3.2.14. _cpri__EccIsPointOnCurve() ................................................................ 489 |
| 935 | B.13.3.2.15. _cpri__GenerateKeyEcc() ..................................................................... 490 |
| 936 | B.13.3.2.16. _cpri__GetEphemeralEcc() ................................................................... 492 |
| 937 | B.13.3.2.17. SignEcdsa().......................................................................................... 492 |
| 938 | B.13.3.2.18. EcDaa() ................................................................................................ 495 |
| 939 | B.13.3.2.19. SchnorrEcc() ........................................................................................ 496 |
| 940 | B.13.3.2.20. SignSM2() ............................................................................................ 499 |
| 941 | B.13.3.2.21. _cpri__SignEcc() .................................................................................. 502 |
| 942 | B.13.3.2.22. ValidateSignatureEcdsa() ..................................................................... 502 |
| 943 | B.13.3.2.23. ValidateSignatureEcSchnorr() .............................................................. 505 |
| 944 | B.13.3.2.24. ValidateSignatueSM2Dsa() ................................................................... 506 |
| 945 | B.13.3.2.25. _cpri__ValidateSignatureEcc() ............................................................. 508 |
| 946 | B.13.3.2.26. avf1() ................................................................................................... 509 |
| 947 | B.13.3.2.27. C_2_2_MQV() ...................................................................................... 509 |
| 948 | B.13.3.2.28. avfSm2() .............................................................................................. 512 |
| 949 | B.13.3.2.29. C_2_2_ECDH() .................................................................................... 514 |
| 950 | B.13.3.2.30. _cpri__C_2_2_KeyExchange() ............................................................. 515 |
| 951 | Annex C (informative) Simulation Environment ....................................................................... 517 |
| 952 | C.1 Introduction ............................................................................................................. 517 |
| 953 | C.2 Cancel.c .................................................................................................................. 517 |
| 954 | C.2.1. Introduction ...................................................................................................... 517 |
| 955 | C.2.2. Includes, Typedefs, Structures, and Defines ..................................................... 517 |
| 956 | C.2.3. Functions ......................................................................................................... 517 |
| 957 | C.2.3.1. _plat__IsCanceled() ................................................................................... 517 |
| 958 | C.2.3.2. _plat__SetCancel() ..................................................................................... 517 |
| 959 | C.2.3.3. _plat__ClearCancel() .................................................................................. 518 |
| 960 | C.3 Clock.c .................................................................................................................... 519 |
| 961 | C.3.1. Introduction ...................................................................................................... 519 |
| 962 | C.3.2. Includes and Data Definitions ........................................................................... 519 |
| 963 | C.3.3. Functions ......................................................................................................... 519 |
| 964 | C.3.3.1. _plat__ClockReset() ................................................................................... 519 |
| 965 | C.3.3.2. _plat__ClockTimeFromStart() ..................................................................... 519 |
| 966 | C.3.3.3. _plat__ClockTimeElapsed() ........................................................................ 519 |
| 967 | C.3.3.4. _plat__ClockAdjustRate() ........................................................................... 520 |
| 968 | C.4 Entropy.c ................................................................................................................. 521 |
| 969 | |
| 970 | Page xviii TCG Published Family "2.0" |
| 971 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 972 | Part 4: Supporting Routines Trusted Platform Module Library |
| 973 | |
| 974 | C.4.1. Includes ........................................................................................................... 521 |
| 975 | C.4.2. Local values ..................................................................................................... 521 |
| 976 | C.4.3. _plat__GetEntropy() ......................................................................................... 521 |
| 977 | C.5 LocalityPlat.c ........................................................................................................... 523 |
| 978 | C.5.1. Includes ........................................................................................................... 523 |
| 979 | C.5.2. Functions ......................................................................................................... 523 |
| 980 | C.5.2.1. _plat__LocalityGet() ................................................................................... 523 |
| 981 | C.5.2.2. _plat__LocalitySet() .................................................................................... 523 |
| 982 | C.5.2.3. _plat__IsRsaKeyCacheEnabled() ............................................................... 523 |
| 983 | C.6 NVMem.c ................................................................................................................ 524 |
| 984 | C.6.1. Introduction ...................................................................................................... 524 |
| 985 | C.6.2. Includes ........................................................................................................... 524 |
| 986 | C.6.3. Functions ......................................................................................................... 524 |
| 987 | C.6.3.1. _plat__NvErrors() ....................................................................................... 524 |
| 988 | C.6.3.2. _plat__NVEnable() ..................................................................................... 524 |
| 989 | C.6.3.3. _plat__NVDisable() .................................................................................... 525 |
| 990 | C.6.3.4. _plat__IsNvAvailable() ................................................................................ 526 |
| 991 | C.6.3.5. _plat__NvMemoryRead() ............................................................................ 526 |
| 992 | C.6.3.6. _plat__NvIsDifferent() ................................................................................. 526 |
| 993 | C.6.3.7. _plat__NvMemoryWrite() ............................................................................ 527 |
| 994 | C.6.3.8. _plat__NvMemoryMove() ............................................................................ 527 |
| 995 | C.6.3.9. _plat__NvCommit() ..................................................................................... 527 |
| 996 | C.6.3.10. _plat__SetNvAvail() .................................................................................... 528 |
| 997 | C.6.3.11. _plat__ClearNvAvail() ................................................................................. 528 |
| 998 | C.7 PowerPlat.c ............................................................................................................. 529 |
| 999 | C.7.1. Includes and Function Prototypes ..................................................................... 529 |
| 1000 | C.7.2. Functions ......................................................................................................... 529 |
| 1001 | C.7.2.1. _plat__Signal_PowerOn() ........................................................................... 529 |
| 1002 | C.7.2.2. _plat__WasPowerLost() .............................................................................. 529 |
| 1003 | C.7.2.3. _plat_Signal_Reset() .................................................................................. 529 |
| 1004 | C.7.2.4. _plat__Signal_PowerOff() ........................................................................... 530 |
| 1005 | C.8 Platform.h ............................................................................................................... 531 |
| 1006 | C.8.1. Includes and Defines ........................................................................................ 531 |
| 1007 | C.8.2. Power Functions ............................................................................................... 531 |
| 1008 | C.8.2.1. _plat__Signal_PowerOn ............................................................................. 531 |
| 1009 | C.8.2.2. _plat__Signal_Reset ................................................................................... 531 |
| 1010 | C.8.2.3. _plat__WasPowerLost() .............................................................................. 531 |
| 1011 | C.8.2.4. _plat__Signal_PowerOff() ........................................................................... 531 |
| 1012 | C.8.3. Physical Presence Functions ............................................................................ 531 |
| 1013 | C.8.3.1. _plat__PhysicalPresenceAsserted() ............................................................ 531 |
| 1014 | C.8.3.2. _plat__Signal_PhysicalPresenceOn............................................................ 532 |
| 1015 | C.8.3.3. _plat__Signal_PhysicalPresenceOff() ......................................................... 532 |
| 1016 | C.8.4. Command Canceling Functions ........................................................................ 532 |
| 1017 | C.8.4.1. _plat__IsCanceled() ................................................................................... 532 |
| 1018 | C.8.4.2. _plat__SetCancel() ..................................................................................... 532 |
| 1019 | C.8.4.3. _plat__ClearCancel() .................................................................................. 532 |
| 1020 | C.8.5. NV memory functions ....................................................................................... 533 |
| 1021 | C.8.5.1. _plat__NvErrors() ....................................................................................... 533 |
| 1022 | C.8.5.2. _plat__NVEnable() ..................................................................................... 533 |
| 1023 | |
| 1024 | Family "2.0" TCG Published Page xix |
| 1025 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 1026 | Trusted Platform Module Library Part 4: Supporting Routines |
| 1027 | |
| 1028 | C.8.5.3. _plat__NVDisable() .................................................................................... 533 |
| 1029 | C.8.5.4. _plat__IsNvAvailable() ................................................................................ 533 |
| 1030 | C.8.5.5. _plat__NvCommit() ..................................................................................... 533 |
| 1031 | C.8.5.6. _plat__NvMemoryRead() ............................................................................ 534 |
| 1032 | C.8.5.7. _plat__NvIsDifferent() ................................................................................. 534 |
| 1033 | C.8.5.8. _plat__NvMemoryWrite() ............................................................................ 534 |
| 1034 | C.8.5.9. _plat__NvMemoryMove() ............................................................................ 534 |
| 1035 | C.8.5.10. _plat__SetNvAvail() .................................................................................... 535 |
| 1036 | C.8.5.11. _plat__ClearNvAvail() ................................................................................. 535 |
| 1037 | C.8.6. Locality Functions ............................................................................................ 535 |
| 1038 | C.8.6.1. _plat__LocalityGet() ................................................................................... 535 |
| 1039 | C.8.6.2. _plat__LocalitySet() .................................................................................... 535 |
| 1040 | C.8.6.3. _plat__IsRsaKeyCacheEnabled() ............................................................... 535 |
| 1041 | C.8.7. Clock Constants and Functions ........................................................................ 535 |
| 1042 | C.8.7.1. _plat__ClockReset() ................................................................................... 536 |
| 1043 | C.8.7.2. _plat__ClockTimeFromStart() ..................................................................... 536 |
| 1044 | C.8.7.3. _plat__ClockTimeElapsed() ........................................................................ 536 |
| 1045 | C.8.7.4. _plat__ClockAdjustRate() ........................................................................... 536 |
| 1046 | C.8.8. Single Function Files ........................................................................................ 537 |
| 1047 | C.8.8.1. _plat__GetEntropy() ................................................................................... 537 |
| 1048 | C.9 PlatformData.h ........................................................................................................ 538 |
| 1049 | C.10 PlatformData.c ........................................................................................................ 539 |
| 1050 | C.10.1. Description ....................................................................................................... 539 |
| 1051 | C.10.2. Includes ........................................................................................................... 539 |
| 1052 | C.11 PPPlat.c .................................................................................................................. 540 |
| 1053 | C.11.1. Description ....................................................................................................... 540 |
| 1054 | C.11.2. Includes ........................................................................................................... 540 |
| 1055 | C.11.3. Functions ......................................................................................................... 540 |
| 1056 | C.11.3.1. _plat__PhysicalPresenceAsserted() ............................................................ 540 |
| 1057 | C.11.3.2. _plat__Signal_PhysicalPresenceOn() ......................................................... 540 |
| 1058 | C.11.3.3. _plat__Signal_PhysicalPresenceOff() ......................................................... 540 |
| 1059 | C.12 Unique.c .................................................................................................................. 541 |
| 1060 | C.12.1. Introduction ...................................................................................................... 541 |
| 1061 | C.12.2. Includes ........................................................................................................... 541 |
| 1062 | C.12.3. _plat__GetUnique() .......................................................................................... 541 |
| 1063 | Annex D (informative) Remote Procedure Interface ................................................................ 542 |
| 1064 | D.1 Introduction ............................................................................................................. 542 |
| 1065 | D.2 TpmTcpProtocol.h ................................................................................................... 543 |
| 1066 | D.2.1. Introduction ...................................................................................................... 543 |
| 1067 | D.2.2. Typedefs and Defines ....................................................................................... 543 |
| 1068 | D.3 TcpServer.c ............................................................................................................. 545 |
| 1069 | D.3.1. Description ....................................................................................................... 545 |
| 1070 | D.3.2. Includes, Locals, Defines and Function Prototypes ........................................... 545 |
| 1071 | D.3.3. Functions ......................................................................................................... 545 |
| 1072 | D.3.3.1. CreateSocket() ........................................................................................... 545 |
| 1073 | D.3.3.2. PlatformServer() ......................................................................................... 546 |
| 1074 | D.3.3.3. PlatformSvcRoutine() .................................................................................. 547 |
| 1075 | D.3.3.4. PlatformSignalService() .............................................................................. 548 |
| 1076 | D.3.3.5. RegularCommandService() ......................................................................... 549 |
| 1077 | |
| 1078 | Page xx TCG Published Family "2.0" |
| 1079 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 1080 | Part 4: Supporting Routines Trusted Platform Module Library |
| 1081 | |
| 1082 | D.3.3.6. StartTcpServer() ......................................................................................... 549 |
| 1083 | D.3.3.7. ReadBytes() ............................................................................................... 550 |
| 1084 | D.3.3.8. WriteBytes() ............................................................................................... 550 |
| 1085 | D.3.3.9. WriteUINT32() ............................................................................................ 551 |
| 1086 | D.3.3.10. ReadVarBytes() .......................................................................................... 551 |
| 1087 | D.3.3.11. WriteVarBytes() .......................................................................................... 552 |
| 1088 | D.3.3.12. TpmServer() ............................................................................................... 552 |
| 1089 | D.4 TPMCmdp.c ............................................................................................................ 555 |
| 1090 | D.4.1. Description ....................................................................................................... 555 |
| 1091 | D.4.2. Includes and Data Definitions ........................................................................... 555 |
| 1092 | D.4.3. Functions ......................................................................................................... 555 |
| 1093 | D.4.3.1. Signal_PowerOn() ...................................................................................... 555 |
| 1094 | D.4.3.2. Signal_PowerOff() ...................................................................................... 556 |
| 1095 | D.4.3.3. _rpc__ForceFailureMode() .......................................................................... 556 |
| 1096 | D.4.3.4. _rpc__Signal_PhysicalPresenceOn() .......................................................... 556 |
| 1097 | D.4.3.5. _rpc__Signal_PhysicalPresenceOff() .......................................................... 556 |
| 1098 | D.4.3.6. _rpc__Signal_Hash_Start() ......................................................................... 557 |
| 1099 | D.4.3.7. _rpc__Signal_Hash_Data() ......................................................................... 557 |
| 1100 | D.4.3.8. _rpc__Signal_HashEnd() ............................................................................ 557 |
| 1101 | D.4.3.9. _rpc__Signal_CancelOn() ........................................................................... 558 |
| 1102 | D.4.3.10. _rpc__Signal_CancelOff() ........................................................................... 558 |
| 1103 | D.4.3.11. _rpc__Signal_NvOn() ................................................................................. 559 |
| 1104 | D.4.3.12. _rpc__Signal_NvOff() ................................................................................. 559 |
| 1105 | D.4.3.13. _rpc__Shutdown() ...................................................................................... 559 |
| 1106 | D.5 TPMCmds.c............................................................................................................. 560 |
| 1107 | D.5.1. Description ....................................................................................................... 560 |
| 1108 | D.5.2. Includes, Defines, Data Definitions, and Function Prototypes ........................... 560 |
| 1109 | D.5.3. Functions ......................................................................................................... 560 |
| 1110 | D.5.3.1. Usage() ...................................................................................................... 560 |
| 1111 | D.5.3.2. main() ......................................................................................................... 560 |
| 1112 | |
| 1113 | |
| 1114 | |
| 1115 | |
| 1116 | Family "2.0" TCG Published Page xxi |
| 1117 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 1118 | Part 4: Supporting Routines Trusted Platform Module Library |
| 1119 | |
| 1120 | |
| 1121 | Trusted Platform Module Library |
| 1122 | Part 4: Supporting Routines |
| 1123 | |
| 1124 | 1 Scope |
| 1125 | |
| 1126 | This part contains C code that describes the algorithms and methods used by the command code in TPM |
| 1127 | 2.0 Part 3. The code in this document augments TPM 2.0 Part 2 and TPM 2.0 Part 3 to provide a |
| 1128 | complete description of a TPM, including the supporting framework for the code that performs the |
| 1129 | command actions. |
| 1130 | Any TPM 2.0 Part 4 code may be replaced by code that provides similar results when interfacing to the |
| 1131 | action code in TPM 2.0 Part 3. The behavior of code in this document that is not included in an annex is |
| 1132 | normative, as observed at the interfaces with TPM 2.0 Part 3 code. Code in an annex is provided for |
| 1133 | completeness, that is, to allow a full implementation of the specification from the provided code. |
| 1134 | The code in parts 3 and 4 is written to define the behavior of a compliant TPM. In some cases (e.g., |
| 1135 | firmware update), it is not possible to provide a compliant implementation. In those cases, any |
| 1136 | implementation provided by the vendor that meets the general description of the function provided in TPM |
| 1137 | 2.0 Part 3 would be compliant. |
| 1138 | The code in parts 3 and 4 is not written to meet any particular level of conformance nor does this |
| 1139 | specification require that a TPM meet any particular level of conformance. |
| 1140 | |
| 1141 | |
| 1142 | 2 Terms and definitions |
| 1143 | |
| 1144 | For the purposes of this document, the terms and definitions given in TPM 2.0 Part 1 apply. |
| 1145 | |
| 1146 | |
| 1147 | 3 Symbols and abbreviated terms |
| 1148 | |
| 1149 | For the purposes of this document, the symbols and abbreviated terms given in TPM 2.0 Part 1 apply. |
| 1150 | |
| 1151 | |
| 1152 | 4 Automation |
| 1153 | |
| 1154 | TPM 2.0 Part 2 and 3 are constructed so that they can be processed by an automated parser. For |
| 1155 | example, TPM 2.0 Part 2 can be processed to generate header file contents such as structures, typedefs, |
| 1156 | and enums. TPM 2.0 Part 3 can be processed to generate command and response marshaling and |
| 1157 | unmarshaling code. |
| 1158 | The automated processor is not provided to the TCG. It was used to generate the Microsoft Visual Studio |
| 1159 | TPM simulator files. These files are not specification reference code, but rather design examples. |
| 1160 | |
| 1161 | 4.1 Configuration Parser |
| 1162 | |
| 1163 | The tables in the TPM 2.0 Part 2 Annexes are constructed so that they can be processed by a program. |
| 1164 | The program that processes these tables in the TPM 2.0 Part 2 Annexes is called "The TPM 2.0 Part 2 |
| 1165 | Configuration Parser." |
| 1166 | The tables in the TPM 2.0 Part 2 Annexes determine the configuration of a TPM implementation. These |
| 1167 | tables may be modified by an implementer to describe the algorithms and commands to be executed in |
| 1168 | by a specific implementation as well as to set implementation limits such as the number of PCR, sizes of |
| 1169 | buffers, etc. |
| 1170 | The TPM 2.0 Part 2 Configuration Parser produces a set of structures and definitions that are used by the |
| 1171 | TPM 2.0 Part 2 Structure Parser. |
| 1172 | |
| 1173 | |
| 1174 | |
| 1175 | Family "2.0" TCG Published Page 1 |
| 1176 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 1177 | Trusted Platform Module Library Part 4: Supporting Routines |
| 1178 | |
| 1179 | 4.2 Structure Parser |
| 1180 | |
| 1181 | 4.2.1 Introduction |
| 1182 | |
| 1183 | The program that processes the tables in TPM 2.0 Part 2 (other than the table in the annexes) is called |
| 1184 | "The TPM 2.0 Part 2 Structure Parser." |
| 1185 | |
| 1186 | NOTE A Perl script was used to parse the tables in TPM 2.0 Part 2 to produce the header files and unmarshaling code |
| 1187 | in for the reference implementation. |
| 1188 | |
| 1189 | The TPM 2.0 Part 2 Structure Parser takes as input the files produced by the TPM 2.0 Part 2 |
| 1190 | Configuration Parser and the same TPM 2.0 Part 2 specification that was used as input to the TPM 2.0 |
| 1191 | Part 2 Configuration Parser. The TPM 2.0 Part 2 Structure Parser will generate all of the C structure |
| 1192 | constant definitions that are required by the TPM interface. Additionally, the parser will generate |
| 1193 | unmarshaling code for all structures passed to the TPM, and marshaling code for structures passed from |
| 1194 | the TPM. |
| 1195 | The unmarshaling code produced by the parser uses the prototypes defined below. The unmarshaling |
| 1196 | code will perform validations of the data to ensure that it is compliant with the limitations on the data |
| 1197 | imposed by the structure definition and use the response code provided in the table if not. |
| 1198 | |
| 1199 | EXAMPLE: The definition for a TPMI_RH_PROVISION indicates that the primitive data type is a TPM_HANDLE and the |
| 1200 | only allowed values are TPM_RH_OWNER and TPM_RH_PLATFORM. The definition also indicates that the |
| 1201 | TPM shall indicate TPM_RC_HANDLE if the input value is not none of these values. The unmarshaling code |
| 1202 | will validate that the input value has one of those allowed values and return TPM_RC_HANDLE if not. |
| 1203 | |
| 1204 | The sections below describe the function prototypes for the marshaling and unmarshaling code that is |
| 1205 | automatically generated by the TPM 2.0 Part 2 Structure Parser. These prototypes are described here as |
| 1206 | the unmarshaling and marshaling of various types occurs in places other than when the command is |
| 1207 | being parsed or the response is being built. The prototypes and the description of the interface are |
| 1208 | intended to aid in the comprehension of the code that uses these auto-generated routines. |
| 1209 | |
| 1210 | 4.2.2 Unmarshaling Code Prototype |
| 1211 | |
| 1212 | 4.2.2.1 Simple Types and Structures |
| 1213 | |
| 1214 | The general form for the unmarshaling code for a simple type or a structure is: |
| 1215 | |
| 1216 | TPM_RC TYPE_Unmarshal(TYPE *target, BYTE **buffer, INT32 *size); |
| 1217 | |
| 1218 | Where: |
| 1219 | TYPE name of the data type or structure |
| 1220 | *target location in the TPM memory into which the data from **buffer is placed |
| 1221 | **buffer location in input buffer containing the most significant octet (MSO) of |
| 1222 | *target |
| 1223 | *size number of octets remaining in **buffer |
| 1224 | When the data is successfully unmarshaled, the called routine will return TPM_RC_SUCCESS. |
| 1225 | Otherwise, it will return a Format-One response code (see TPM 2.0 Part 2). |
| 1226 | If the data is successfully unmarshaled, *buffer is advanced point to the first octet of the next parameter |
| 1227 | in the input buffer and size is reduced by the number of octets removed from the buffer. |
| 1228 | When the data type is a simple type, the parser will generate code that will unmarshal the underlying type |
| 1229 | and then perform checks on the type as indicated by the type definition. |
| 1230 | |
| 1231 | |
| 1232 | Page 2 TCG Published Family "2.0" |
| 1233 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 1234 | Part 4: Supporting Routines Trusted Platform Module Library |
| 1235 | |
| 1236 | |
| 1237 | When the data type is a structure, the parser will generate code that unmarshals each of the structure |
| 1238 | elements in turn and performs any additional parameter checks as indicated by the data type. |
| 1239 | |
| 1240 | 4.2.2.2 Union Types |
| 1241 | |
| 1242 | When a union is defined, an extra parameter is defined for the unmarshaling code. This parameter is the |
| 1243 | selector for the type. The unmarshaling code for the union will unmarshal the type indicated by the |
| 1244 | selector. |
| 1245 | The function prototype for a union has the form: |
| 1246 | |
| 1247 | TPM_RC TYPE_Unmarshal(TYPE *target, BYTE **buffer, INT32 *size, UINT32 selector); |
| 1248 | |
| 1249 | where: |
| 1250 | TYPE name of the union type or structure |
| 1251 | *target location in the TPM memory into which the data from **buffer is placed |
| 1252 | **buffer location in input buffer containing the most significant octet (MSO) of |
| 1253 | *target |
| 1254 | *size number of octets remaining in **buffer |
| 1255 | selector union selector that determines what will be unmarshaled into *target |
| 1256 | |
| 1257 | |
| 1258 | 4.2.2.3 Null Types |
| 1259 | |
| 1260 | In some cases, the structure definition allows an optional “null” value. The “null” value allows the use of |
| 1261 | the same C type for the entity even though it does not always have the same members. |
| 1262 | For example, the TPMI_ALG_HASH data type is used in many places. In some cases, TPM_ALG_NULL |
| 1263 | is permitted and in some cases it is not. If two different data types had to be defined, the interfaces and |
| 1264 | code would become more complex because of the number of cast operations that would be necessary. |
| 1265 | Rather than encumber the code, the “null” value is defined and the unmarshaling code is given a flag to |
| 1266 | indicate if this instance of the type accepts the “null” parameter or not. When the data type has a “null” |
| 1267 | value, the function prototype is |
| 1268 | |
| 1269 | TPM_RC TYPE_Unmarshal(TYPE *target, BYTE **buffer, INT32 *size, bool flag); |
| 1270 | |
| 1271 | The parser detects when the type allows a “null” value and will always include flag in any call to |
| 1272 | unmarshal that type. |
| 1273 | |
| 1274 | 4.2.2.4 Arrays |
| 1275 | |
| 1276 | Any data type may be included in an array. The function prototype use to unmarshal an array for a TYPE is |
| 1277 | |
| 1278 | TPM_RC TYPE_Array_Unmarshal(TYPE *target, BYTE **buffer, INT32 *size,INT32 count); |
| 1279 | |
| 1280 | The generated code for an array uses a count-limited loop within which it calls the unmarshaling code for |
| 1281 | TYPE. |
| 1282 | |
| 1283 | |
| 1284 | |
| 1285 | |
| 1286 | Family "2.0" TCG Published Page 3 |
| 1287 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 1288 | Trusted Platform Module Library Part 4: Supporting Routines |
| 1289 | |
| 1290 | 4.2.3 Marshaling Code Function Prototypes |
| 1291 | |
| 1292 | 4.2.3.1 Simple Types and Structures |
| 1293 | |
| 1294 | The general form for the unmarshaling code for a simple type or a structure is: |
| 1295 | |
| 1296 | UINT16 TYPE_Marshal(TYPE *source, BYTE **buffer, INT32 *size); |
| 1297 | |
| 1298 | Where: |
| 1299 | TYPE name of the data type or structure |
| 1300 | *source location in the TPM memory containing the value that is to be marshaled |
| 1301 | in to the designated buffer |
| 1302 | **buffer location in the output buffer where the first octet of the TYPE is to be |
| 1303 | placed |
| 1304 | *size number of octets remaining in **buffer. If size is a NULL pointer, then |
| 1305 | no data is marshaled and the routine will compute the size of the |
| 1306 | memory required to marshal the indicated type |
| 1307 | When the data is successfully marshaled, the called routine will return the number of octets marshaled |
| 1308 | into **buffer. |
| 1309 | If the data is successfully marshaled, *buffer is advanced point to the first octet of the next location in |
| 1310 | the output buffer and *size is reduced by the number of octets placed in the buffer. |
| 1311 | When the data type is a simple type, the parser will generate code that will marshal the underlying type. |
| 1312 | The presumption is that the TPM internal structures are consistent and correct so the marshaling code |
| 1313 | does not validate that the data placed in the buffer has a permissible value. |
| 1314 | When the data type is a structure, the parser will generate code that marshals each of the structure |
| 1315 | elements in turn. |
| 1316 | |
| 1317 | 4.2.3.2 Union Types |
| 1318 | |
| 1319 | An extra parameter is defined for the marshaling function of a union. This parameter is the selector for the |
| 1320 | type. The marshaling code for the union will marshal the type indicated by the selector. |
| 1321 | The function prototype for a union has the form: |
| 1322 | |
| 1323 | UINT16 TYPE_Marshal(TYPE *target, BYTE **buffer, INT32 *size, UINT32 selector); |
| 1324 | |
| 1325 | The parameters have a similar meaning as those in 5.2.2.2 but the data movement is from source to |
| 1326 | buffer. |
| 1327 | |
| 1328 | |
| 1329 | 4.2.3.3 Arrays |
| 1330 | |
| 1331 | Any type may be included in an array. The function prototype use to unmarshal an array is: |
| 1332 | |
| 1333 | UINT16 TYPE_Array_Marshal(TYPE *source, BYTE **buffer, INT32 *size, INT32 count); |
| 1334 | |
| 1335 | The generated code for an array uses a count-limited loop within which it calls the marshaling code for |
| 1336 | TYPE. |
| 1337 | |
| 1338 | |
| 1339 | |
| 1340 | |
| 1341 | Page 4 TCG Published Family "2.0" |
| 1342 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 1343 | Part 4: Supporting Routines Trusted Platform Module Library |
| 1344 | |
| 1345 | 4.3 Command Parser |
| 1346 | |
| 1347 | The program that processes the tables in TPM 2.0 Part 3 is called "The TPM 2.0 Part 3 Command |
| 1348 | Parser." |
| 1349 | The TPM 2.0 Part 3 Command Parser takes as input a TPM 2.0 Part 3 of the TPM specification and some |
| 1350 | configuration files produced by the TPM 2.0 Part 2 Configuration Parser. This parser uses the contents of |
| 1351 | the command and response tables in TPM 2.0 Part 3 to produce unmarshaling code for the command |
| 1352 | and the marshaling code for the response. Additionally, this parser produces support routines that are |
| 1353 | used to check that the proper number of authorization values of the proper type have been provided. |
| 1354 | These support routines are called by the functions in this TPM 2.0 Part 4. |
| 1355 | |
| 1356 | 4.4 Portability |
| 1357 | |
| 1358 | Where reasonable, the code is written to be portable. There are a few known cases where the code is not |
| 1359 | portable. Specifically, the handling of bit fields will not always be portable. The bit fields are marshaled |
| 1360 | and unmarshaled as a simple element of the underlying type. For example, a TPMA_SESSION is defined |
| 1361 | as a bit field in an octet (BYTE). When sent on the interface a TPMA_SESSION will occupy one octet. |
| 1362 | When unmarshaled, it is unmarshaled as a UINT8. The ramifications of this are that a TPMA_SESSION |
| 1363 | th |
| 1364 | will occupy the 0 octet of the structure in which it is placed regardless of the size of the structure. |
| 1365 | Many compilers will pad a bit field to some "natural" size for the processor, often 4 octets, meaning that |
| 1366 | sizeof(TPMA_SESSION) would return 4 rather than 1 (the canonical size of a TPMA_SESSION). |
| 1367 | th |
| 1368 | For a little endian machine, padding of bit fields should have little consequence since the 0 octet always |
| 1369 | th |
| 1370 | contains the 0 bit of the structure no matter how large the structure. However, for a big endian machine, |
| 1371 | th |
| 1372 | the 0 bit will be in the highest numbered octet. When unmarshaling a TPMA_SESSION, the current |
| 1373 | th th |
| 1374 | unmarshaling code will place the input octet at the 0 octet of the TPMA_SESSION. Since the 0 octet is |
| 1375 | most significant octet, this has the effect of shifting all the session attribute bits left by 24 places. |
| 1376 | As a consequence, someone implementing on a big endian machine should do one of two things: |
| 1377 | a) allocate all structures as packed to a byte boundary (this may not be possible if the processor does |
| 1378 | not handle unaligned accesses); or |
| 1379 | b) modify the code that manipulates bit fields that are not defined as being the alignment size of the |
| 1380 | system. |
| 1381 | For many RISC processors, option #2 would be the only choice. This is may not be a terribly daunting |
| 1382 | task since only two attribute structures are not 32-bits (TPMA_SESSION and TPMA_LOCALITY). |
| 1383 | |
| 1384 | |
| 1385 | |
| 1386 | |
| 1387 | Family "2.0" TCG Published Page 5 |
| 1388 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 1389 | Trusted Platform Module Library Part 4: Supporting Routines |
| 1390 | |
| 1391 | |
| 1392 | |
| 1393 | 5 Header Files |
| 1394 | |
| 1395 | 5.1 Introduction |
| 1396 | |
| 1397 | The files in this section are used to define values that are used in multiple parts of the specification and |
| 1398 | are not confined to a single module. |
| 1399 | |
| 1400 | 5.2 BaseTypes.h |
| 1401 | |
| 1402 | 1 #ifndef _BASETYPES_H |
| 1403 | 2 #define _BASETYPES_H |
| 1404 | 3 #include "stdint.h" |
| 1405 | |
| 1406 | NULL definition |
| 1407 | |
| 1408 | 4 #ifndef NULL |
| 1409 | 5 #define NULL (0) |
| 1410 | 6 #endif |
| 1411 | 7 typedef uint8_t UINT8; |
| 1412 | 8 typedef uint8_t BYTE; |
| 1413 | 9 typedef int8_t INT8; |
| 1414 | 10 typedef int BOOL; |
| 1415 | 11 typedef uint16_t UINT16; |
| 1416 | 12 typedef int16_t INT16; |
| 1417 | 13 typedef uint32_t UINT32; |
| 1418 | 14 typedef int32_t INT32; |
| 1419 | 15 typedef uint64_t UINT64; |
| 1420 | 16 typedef int64_t INT64; |
| 1421 | 17 typedef struct { |
| 1422 | 18 UINT16 size; |
| 1423 | 19 BYTE buffer[1]; |
| 1424 | 20 } TPM2B; |
| 1425 | 21 #endif |
| 1426 | |
| 1427 | |
| 1428 | |
| 1429 | |
| 1430 | Page 6 TCG Published Family "2.0" |
| 1431 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 1432 | Part 4: Supporting Routines Trusted Platform Module Library |
| 1433 | |
| 1434 | 5.3 bits.h |
| 1435 | |
| 1436 | 1 #ifndef _BITS_H |
| 1437 | 2 #define _BITS_H |
| 1438 | 3 #define CLEAR_BIT(bit, vector) BitClear((bit), (BYTE *)&(vector), sizeof(vector)) |
| 1439 | 4 #define SET_BIT(bit, vector) BitSet((bit), (BYTE *)&(vector), sizeof(vector)) |
| 1440 | 5 #define TEST_BIT(bit, vector) BitIsSet((bit), (BYTE *)&(vector), sizeof(vector)) |
| 1441 | 6 #endif |
| 1442 | |
| 1443 | |
| 1444 | |
| 1445 | |
| 1446 | Family "2.0" TCG Published Page 7 |
| 1447 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 1448 | Trusted Platform Module Library Part 4: Supporting Routines |
| 1449 | |
| 1450 | 5.4 bool.h |
| 1451 | |
| 1452 | 1 #ifndef _BOOL_H |
| 1453 | 2 #define _BOOL_H |
| 1454 | 3 #if defined(TRUE) |
| 1455 | 4 #undef TRUE |
| 1456 | 5 #endif |
| 1457 | 6 #if defined FALSE |
| 1458 | 7 #undef FALSE |
| 1459 | 8 #endif |
| 1460 | 9 typedef int BOOL; |
| 1461 | 10 #define FALSE ((BOOL)0) |
| 1462 | 11 #define TRUE ((BOOL)1) |
| 1463 | 12 #endif |
| 1464 | |
| 1465 | |
| 1466 | 5.5 Capabilities.h |
| 1467 | |
| 1468 | This file contains defines for the number of capability values that will fit into the largest data buffer. |
| 1469 | These defines are used in various function in the "support" and the "subsystem" code groups. A module |
| 1470 | that supports a type that is returned by a capability will have a function that returns the capabilities of the |
| 1471 | type. |
| 1472 | |
| 1473 | EXAMPLE PCR.c contains PCRCapGetHandles() and PCRCapGetProperties(). |
| 1474 | |
| 1475 | 1 #ifndef _CAPABILITIES_H |
| 1476 | 2 #define _CAPABILITIES_H |
| 1477 | 3 #define MAX_CAP_DATA (MAX_CAP_BUFFER-sizeof(TPM_CAP)-sizeof(UINT32)) |
| 1478 | 4 #define MAX_CAP_ALGS (ALG_LAST_VALUE - ALG_FIRST_VALUE + 1) |
| 1479 | 5 #define MAX_CAP_HANDLES (MAX_CAP_DATA/sizeof(TPM_HANDLE)) |
| 1480 | 6 #define MAX_CAP_CC ((TPM_CC_LAST - TPM_CC_FIRST) + 1) |
| 1481 | 7 #define MAX_TPM_PROPERTIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PROPERTY)) |
| 1482 | 8 #define MAX_PCR_PROPERTIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PCR_SELECT)) |
| 1483 | 9 #define MAX_ECC_CURVES (MAX_CAP_DATA/sizeof(TPM_ECC_CURVE)) |
| 1484 | 10 #endif |
| 1485 | |
| 1486 | |
| 1487 | 5.6 TPMB.h |
| 1488 | |
| 1489 | This file contains extra TPM2B structures |
| 1490 | |
| 1491 | 1 #ifndef _TPMB_H |
| 1492 | 2 #define _TPMB_H |
| 1493 | |
| 1494 | This macro helps avoid having to type in the structure in order to create a new TPM2B type that is used in |
| 1495 | a function. |
| 1496 | |
| 1497 | 3 #define TPM2B_TYPE(name, bytes) \ |
| 1498 | 4 typedef union { \ |
| 1499 | 5 struct { \ |
| 1500 | 6 UINT16 size; \ |
| 1501 | 7 BYTE buffer[(bytes)]; \ |
| 1502 | 8 } t; \ |
| 1503 | 9 TPM2B b; \ |
| 1504 | 10 } TPM2B_##name |
| 1505 | |
| 1506 | Macro to instance and initialize a TPM2B value |
| 1507 | |
| 1508 | 11 #define TPM2B_INIT(TYPE, name) \ |
| 1509 | 12 TPM2B_##TYPE name = {sizeof(name.t.buffer), {0}} |
| 1510 | 13 #define TPM2B_BYTE_VALUE(bytes) TPM2B_TYPE(bytes##_BYTE_VALUE, bytes) |
| 1511 | 14 #endif |
| 1512 | |
| 1513 | |
| 1514 | Page 8 TCG Published Family "2.0" |
| 1515 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 1516 | Part 4: Supporting Routines Trusted Platform Module Library |
| 1517 | |
| 1518 | 5.7 TpmError.h |
| 1519 | |
| 1520 | 1 #ifndef _TPM_ERROR_H |
| 1521 | 2 #define _TPM_ERROR_H |
| 1522 | 3 #include "TpmBuildSwitches.h" |
| 1523 | 4 #define FATAL_ERROR_ALLOCATION (1) |
| 1524 | 5 #define FATAL_ERROR_DIVIDE_ZERO (2) |
| 1525 | 6 #define FATAL_ERROR_INTERNAL (3) |
| 1526 | 7 #define FATAL_ERROR_PARAMETER (4) |
| 1527 | 8 #define FATAL_ERROR_ENTROPY (5) |
| 1528 | 9 #define FATAL_ERROR_SELF_TEST (6) |
| 1529 | 10 #define FATAL_ERROR_CRYPTO (7) |
| 1530 | 11 #define FATAL_ERROR_NV_UNRECOVERABLE (8) |
| 1531 | 12 #define FATAL_ERROR_REMANUFACTURED (9) // indicates that the TPM has |
| 1532 | 13 // been re-manufactured after an |
| 1533 | 14 // unrecoverable NV error |
| 1534 | 15 #define FATAL_ERROR_DRBG (10) |
| 1535 | 16 #define FATAL_ERROR_FORCED (666) |
| 1536 | |
| 1537 | These are the crypto assertion routines. When a function returns an unexpected and unrecoverable |
| 1538 | result, the assertion fails and the TpmFail() is called |
| 1539 | |
| 1540 | 17 void |
| 1541 | 18 TpmFail(const char *function, int line, int code); |
| 1542 | 19 typedef void (*FAIL_FUNCTION)(const char *, int, int); |
| 1543 | 20 #define FAIL(a) (TpmFail(__FUNCTION__, __LINE__, a)) |
| 1544 | 21 #if defined(EMPTY_ASSERT) |
| 1545 | 22 # define pAssert(a) ((void)0) |
| 1546 | 23 #else |
| 1547 | 24 # define pAssert(a) (!!(a) ? 1 : (FAIL(FATAL_ERROR_PARAMETER), 0)) |
| 1548 | 25 #endif |
| 1549 | 26 #endif // _TPM_ERROR_H |
| 1550 | |
| 1551 | |
| 1552 | 5.8 Global.h |
| 1553 | |
| 1554 | 5.8.1 Description |
| 1555 | |
| 1556 | This file contains internal global type definitions and data declarations that are need between |
| 1557 | subsystems. The instantiation of global data is in Global.c. The initialization of global data is in the |
| 1558 | subsystem that is the primary owner of the data. |
| 1559 | The first part of this file has the typedefs for structures and other defines used in many portions of the |
| 1560 | code. After the typedef section, is a section that defines global values that are only present in RAM. The |
| 1561 | next three sections define the structures for the NV data areas: persistent, orderly, and state save. |
| 1562 | Additional sections define the data that is used in specific modules. That data is private to the module but |
| 1563 | is collected here to simplify the management of the instance data. All the data is instanced in Global.c. |
| 1564 | |
| 1565 | 5.8.2 Includes |
| 1566 | |
| 1567 | 1 #ifndef GLOBAL_H |
| 1568 | 2 #define GLOBAL_H |
| 1569 | 3 //#define SELF_TEST |
| 1570 | 4 #include "TpmBuildSwitches.h" |
| 1571 | 5 #include "Tpm.h" |
| 1572 | 6 #include "TPMB.h" |
| 1573 | 7 #include "CryptoEngine.h" |
| 1574 | 8 #include <setjmp.h> |
| 1575 | |
| 1576 | |
| 1577 | |
| 1578 | |
| 1579 | Family "2.0" TCG Published Page 9 |
| 1580 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 1581 | Trusted Platform Module Library Part 4: Supporting Routines |
| 1582 | |
| 1583 | 5.8.3 Defines and Types |
| 1584 | |
| 1585 | 5.8.3.1 Unreferenced Parameter |
| 1586 | |
| 1587 | This define is used to eliminate the compiler warning about an unreferenced parameter. Basically, it tells |
| 1588 | the compiler that it is not an accident that the parameter is unreferenced. |
| 1589 | |
| 1590 | 9 #ifndef UNREFERENCED_PARAMETER |
| 1591 | 10 # define UNREFERENCED_PARAMETER(a) (a) |
| 1592 | 11 #endif |
| 1593 | 12 #include "bits.h" |
| 1594 | |
| 1595 | |
| 1596 | 5.8.3.2 Crypto Self-Test Values |
| 1597 | |
| 1598 | Define these values here if the AlgorithmTests() project is not used |
| 1599 | |
| 1600 | 13 #ifndef SELF_TEST |
| 1601 | 14 extern ALGORITHM_VECTOR g_implementedAlgorithms; |
| 1602 | 15 extern ALGORITHM_VECTOR g_toTest; |
| 1603 | 16 #else |
| 1604 | 17 LIB_IMPORT extern ALGORITHM_VECTOR g_implementedAlgorithms; |
| 1605 | 18 LIB_IMPORT extern ALGORITHM_VECTOR g_toTest; |
| 1606 | 19 #endif |
| 1607 | |
| 1608 | These macros are used in CryptUtil() to invoke the incremental self test. |
| 1609 | |
| 1610 | 20 #define TEST(alg) if(TEST_BIT(alg, g_toTest)) CryptTestAlgorithm(alg, NULL) |
| 1611 | |
| 1612 | Use of TPM_ALG_NULL is reserved for RSAEP/RSADP testing. If someone is wanting to test a hash with |
| 1613 | that value, don't do it. |
| 1614 | |
| 1615 | 21 #define TEST_HASH(alg) \ |
| 1616 | 22 if( TEST_BIT(alg, g_toTest) \ |
| 1617 | 23 && (alg != ALG_NULL_VALUE)) \ |
| 1618 | 24 CryptTestAlgorithm(alg, NULL) |
| 1619 | |
| 1620 | |
| 1621 | 5.8.3.3 Hash and HMAC State Structures |
| 1622 | |
| 1623 | These definitions are for the types that can be in a hash state structure. These types are used in the |
| 1624 | crypto utilities |
| 1625 | |
| 1626 | 25 typedef BYTE HASH_STATE_TYPE; |
| 1627 | 26 #define HASH_STATE_EMPTY ((HASH_STATE_TYPE) 0) |
| 1628 | 27 #define HASH_STATE_HASH ((HASH_STATE_TYPE) 1) |
| 1629 | 28 #define HASH_STATE_HMAC ((HASH_STATE_TYPE) 2) |
| 1630 | |
| 1631 | A HASH_STATE structure contains an opaque hash stack state. A caller would use this structure when |
| 1632 | performing incremental hash operations. The state is updated on each call. If type is an HMAC_STATE, |
| 1633 | or HMAC_STATE_SEQUENCE then state is followed by the HMAC key in oPad format. |
| 1634 | |
| 1635 | 29 typedef struct |
| 1636 | 30 { |
| 1637 | 31 CPRI_HASH_STATE state; // hash state |
| 1638 | 32 HASH_STATE_TYPE type; // type of the context |
| 1639 | 33 } HASH_STATE; |
| 1640 | |
| 1641 | |
| 1642 | |
| 1643 | |
| 1644 | Page 10 TCG Published Family "2.0" |
| 1645 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 1646 | Part 4: Supporting Routines Trusted Platform Module Library |
| 1647 | |
| 1648 | |
| 1649 | An HMAC_STATE structure contains an opaque HMAC stack state. A caller would use this structure |
| 1650 | when performing incremental HMAC operations. This structure contains a hash state and an HMAC key |
| 1651 | and allows slightly better stack optimization than adding an HMAC key to each hash state. |
| 1652 | |
| 1653 | 34 typedef struct |
| 1654 | 35 { |
| 1655 | 36 HASH_STATE hashState; // the hash state |
| 1656 | 37 TPM2B_HASH_BLOCK hmacKey; // the HMAC key |
| 1657 | 38 } HMAC_STATE; |
| 1658 | |
| 1659 | |
| 1660 | 5.8.3.4 Other Types |
| 1661 | |
| 1662 | An AUTH_VALUE is a BYTE array containing a digest (TPMU_HA) |
| 1663 | |
| 1664 | 39 typedef BYTE AUTH_VALUE[sizeof(TPMU_HA)]; |
| 1665 | |
| 1666 | A TIME_INFO is a BYTE array that can contain a TPMS_TIME_INFO |
| 1667 | |
| 1668 | 40 typedef BYTE TIME_INFO[sizeof(TPMS_TIME_INFO)]; |
| 1669 | |
| 1670 | A NAME is a BYTE array that can contain a TPMU_NAME |
| 1671 | |
| 1672 | 41 typedef BYTE NAME[sizeof(TPMU_NAME)]; |
| 1673 | |
| 1674 | |
| 1675 | 5.8.4 Loaded Object Structures |
| 1676 | |
| 1677 | 5.8.4.1 Description |
| 1678 | |
| 1679 | The structures in this section define the object layout as it exists in TPM memory. |
| 1680 | Two types of objects are defined: an ordinary object such as a key, and a sequence object that may be a |
| 1681 | hash, HMAC, or event. |
| 1682 | |
| 1683 | 5.8.4.2 OBJECT_ATTRIBUTES |
| 1684 | |
| 1685 | An OBJECT_ATTRIBUTES structure contains the variable attributes of an object. These properties are |
| 1686 | not part of the public properties but are used by the TPM in managing the object. An |
| 1687 | OBJECT_ATTRIBUTES is used in the definition of the OBJECT data type. |
| 1688 | |
| 1689 | 42 typedef struct |
| 1690 | 43 { |
| 1691 | 44 unsigned publicOnly : 1; //0) SET if only the public portion of |
| 1692 | 45 // an object is loaded |
| 1693 | 46 unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS |
| 1694 | 47 // Hierarchy |
| 1695 | 48 unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS |
| 1696 | 49 // Hierarchy |
| 1697 | 50 unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS |
| 1698 | 51 // Hierarchy |
| 1699 | 52 unsigned evict : 1; //4) SET if the object is a platform or |
| 1700 | 53 // owner evict object. Platform- |
| 1701 | 54 // evict object belongs to PPS |
| 1702 | 55 // hierarchy, owner-evict object |
| 1703 | 56 // belongs to SPS or EPS hierarchy. |
| 1704 | 57 // This bit is also used to mark a |
| 1705 | 58 // completed sequence object so it |
| 1706 | 59 // will be flush when the |
| 1707 | 60 // SequenceComplete command succeeds. |
| 1708 | 61 unsigned primary : 1; //5) SET for a primary object |
| 1709 | |
| 1710 | Family "2.0" TCG Published Page 11 |
| 1711 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 1712 | Trusted Platform Module Library Part 4: Supporting Routines |
| 1713 | |
| 1714 | 62 unsigned temporary : 1; |
| 1715 | //6) SET for a temporary object |
| 1716 | 63 unsigned stClear : 1; |
| 1717 | //7) SET for an stClear object |
| 1718 | 64 unsigned hmacSeq : 1; |
| 1719 | //8) SET for an HMAC sequence object |
| 1720 | 65 unsigned hashSeq : 1; |
| 1721 | //9) SET for a hash sequence object |
| 1722 | 66 unsigned eventSeq : 1; |
| 1723 | //10) SET for an event sequence object |
| 1724 | 67 unsigned ticketSafe : 1; |
| 1725 | //11) SET if a ticket is safe to create |
| 1726 | 68 // for hash sequence object |
| 1727 | 69 unsigned firstBlock : 1; //12) SET if the first block of hash |
| 1728 | 70 // data has been received. It |
| 1729 | 71 // works with ticketSafe bit |
| 1730 | 72 unsigned isParent : 1; //13) SET if the key has the proper |
| 1731 | 73 // attributes to be a parent key |
| 1732 | 74 unsigned privateExp : 1; //14) SET when the private exponent |
| 1733 | 75 // of an RSA key has been validated. |
| 1734 | 76 unsigned reserved : 1; //15) reserved bits. unused. |
| 1735 | 77 } OBJECT_ATTRIBUTES; |
| 1736 | |
| 1737 | |
| 1738 | 5.8.4.3 OBJECT Structure |
| 1739 | |
| 1740 | An OBJECT structure holds the object public, sensitive, and meta-data associated. This structure is |
| 1741 | implementation dependent. For this implementation, the structure is not optimized for space but rather for |
| 1742 | clarity of the reference implementation. Other implementations may choose to overlap portions of the |
| 1743 | structure that are not used simultaneously. These changes would necessitate changes to the source code |
| 1744 | but those changes would be compatible with the reference implementation. |
| 1745 | |
| 1746 | 78 typedef struct |
| 1747 | 79 { |
| 1748 | 80 // The attributes field is required to be first followed by the publicArea. |
| 1749 | 81 // This allows the overlay of the object structure and a sequence structure |
| 1750 | 82 OBJECT_ATTRIBUTES attributes; // object attributes |
| 1751 | 83 TPMT_PUBLIC publicArea; // public area of an object |
| 1752 | 84 TPMT_SENSITIVE sensitive; // sensitive area of an object |
| 1753 | 85 |
| 1754 | 86 #ifdef TPM_ALG_RSA |
| 1755 | 87 TPM2B_PUBLIC_KEY_RSA privateExponent; // Additional field for the private |
| 1756 | 88 // exponent of an RSA key. |
| 1757 | 89 #endif |
| 1758 | 90 TPM2B_NAME qualifiedName; // object qualified name |
| 1759 | 91 TPMI_DH_OBJECT evictHandle; // if the object is an evict object, |
| 1760 | 92 // the original handle is kept here. |
| 1761 | 93 // The 'working' handle will be the |
| 1762 | 94 // handle of an object slot. |
| 1763 | 95 |
| 1764 | 96 TPM2B_NAME name; // Name of the object name. Kept here |
| 1765 | 97 // to avoid repeatedly computing it. |
| 1766 | 98 } OBJECT; |
| 1767 | |
| 1768 | |
| 1769 | 5.8.4.4 HASH_OBJECT Structure |
| 1770 | |
| 1771 | This structure holds a hash sequence object or an event sequence object. |
| 1772 | The first four components of this structure are manually set to be the same as the first four components of |
| 1773 | the object structure. This prevents the object from being inadvertently misused as sequence objects |
| 1774 | occupy the same memory as a regular object. A debug check is present to make sure that the offsets are |
| 1775 | what they are supposed to be. |
| 1776 | |
| 1777 | 99 typedef struct |
| 1778 | 100 { |
| 1779 | 101 OBJECT_ATTRIBUTES attributes; // The attributes of the HASH object |
| 1780 | 102 TPMI_ALG_PUBLIC type; // algorithm |
| 1781 | 103 TPMI_ALG_HASH nameAlg; // name algorithm |
| 1782 | 104 TPMA_OBJECT objectAttributes; // object attributes |
| 1783 | |
| 1784 | Page 12 TCG Published Family "2.0" |
| 1785 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 1786 | Part 4: Supporting Routines Trusted Platform Module Library |
| 1787 | |
| 1788 | 105 |
| 1789 | 106 // The data below is unique to a sequence object |
| 1790 | 107 TPM2B_AUTH auth; // auth for use of sequence |
| 1791 | 108 union |
| 1792 | 109 { |
| 1793 | 110 HASH_STATE hashState[HASH_COUNT]; |
| 1794 | 111 HMAC_STATE hmacState; |
| 1795 | 112 } state; |
| 1796 | 113 } HASH_OBJECT; |
| 1797 | |
| 1798 | |
| 1799 | 5.8.4.5 ANY_OBJECT |
| 1800 | |
| 1801 | This is the union for holding either a sequence object or a regular object. |
| 1802 | |
| 1803 | 114 typedef union |
| 1804 | 115 { |
| 1805 | 116 OBJECT entity; |
| 1806 | 117 HASH_OBJECT hash; |
| 1807 | 118 } ANY_OBJECT; |
| 1808 | |
| 1809 | |
| 1810 | 5.8.5 AUTH_DUP Types |
| 1811 | |
| 1812 | These values are used in the authorization processing. |
| 1813 | |
| 1814 | 119 typedef UINT32 AUTH_ROLE; |
| 1815 | 120 #define AUTH_NONE ((AUTH_ROLE)(0)) |
| 1816 | 121 #define AUTH_USER ((AUTH_ROLE)(1)) |
| 1817 | 122 #define AUTH_ADMIN ((AUTH_ROLE)(2)) |
| 1818 | 123 #define AUTH_DUP ((AUTH_ROLE)(3)) |
| 1819 | |
| 1820 | |
| 1821 | 5.8.6 Active Session Context |
| 1822 | |
| 1823 | 5.8.6.1 Description |
| 1824 | |
| 1825 | The structures in this section define the internal structure of a session context. |
| 1826 | |
| 1827 | 5.8.6.2 SESSION_ATTRIBUTES |
| 1828 | |
| 1829 | The attributes in the SESSION_ATTRIBUTES structure track the various properties of the session. It |
| 1830 | maintains most of the tracking state information for the policy session. It is used within the SESSION |
| 1831 | structure. |
| 1832 | |
| 1833 | 124 typedef struct |
| 1834 | 125 { |
| 1835 | 126 unsigned isPolicy : 1; //1) SET if the session may only |
| 1836 | 127 // be used for policy |
| 1837 | 128 unsigned isAudit : 1; //2) SET if the session is used |
| 1838 | 129 // for audit |
| 1839 | 130 unsigned isBound : 1; //3) SET if the session is bound to |
| 1840 | 131 // with an entity. |
| 1841 | 132 // This attribute will be CLEAR if |
| 1842 | 133 // either isPolicy or isAudit is SET. |
| 1843 | 134 unsigned iscpHashDefined : 1;//4) SET if the cpHash has been defined |
| 1844 | 135 // This attribute is not SET unless |
| 1845 | 136 // 'isPolicy' is SET. |
| 1846 | 137 unsigned isAuthValueNeeded : 1; |
| 1847 | 138 //5) SET if the authValue is required |
| 1848 | 139 // for computing the session HMAC. |
| 1849 | 140 // This attribute is not SET unless |
| 1850 | |
| 1851 | Family "2.0" TCG Published Page 13 |
| 1852 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 1853 | Trusted Platform Module Library Part 4: Supporting Routines |
| 1854 | |
| 1855 | 141 // isPolicy is SET. |
| 1856 | 142 unsigned isPasswordNeeded : 1; |
| 1857 | 143 //6) SET if a password authValue is |
| 1858 | 144 // required for authorization |
| 1859 | 145 // This attribute is not SET unless |
| 1860 | 146 // isPolicy is SET. |
| 1861 | 147 unsigned isPPRequired : 1; //7) SET if physical presence is |
| 1862 | 148 // required to be asserted when the |
| 1863 | 149 // authorization is checked. |
| 1864 | 150 // This attribute is not SET unless |
| 1865 | 151 // isPolicy is SET. |
| 1866 | 152 unsigned isTrialPolicy : 1; //8) SET if the policy session is |
| 1867 | 153 // created for trial of the policy's |
| 1868 | 154 // policyHash generation. |
| 1869 | 155 // This attribute is not SET unless |
| 1870 | 156 // isPolicy is SET. |
| 1871 | 157 unsigned isDaBound : 1; //9) SET if the bind entity had noDA |
| 1872 | 158 // CLEAR. If this is SET, then an |
| 1873 | 159 // auth failure using this session |
| 1874 | 160 // will count against lockout even |
| 1875 | 161 // if the object being authorized is |
| 1876 | 162 // exempt from DA. |
| 1877 | 163 unsigned isLockoutBound : 1; //10)SET if the session is bound to |
| 1878 | 164 // lockoutAuth. |
| 1879 | 165 unsigned requestWasBound : 1;//11) SET if the session is being used |
| 1880 | 166 // with the bind entity. If SET |
| 1881 | 167 // the authValue will not be use |
| 1882 | 168 // in the response HMAC computation. |
| 1883 | 169 unsigned checkNvWritten : 1; //12) SET if the TPMA_NV_WRITTEN |
| 1884 | 170 // attribute needs to be checked |
| 1885 | 171 // when the policy is used for |
| 1886 | 172 // authorization for NV access. |
| 1887 | 173 // If this is SET for any other |
| 1888 | 174 // type, the policy will fail. |
| 1889 | 175 unsigned nvWrittenState : 1; //13) SET if TPMA_NV_WRITTEN is |
| 1890 | 176 // required to be SET. |
| 1891 | 177 } SESSION_ATTRIBUTES; |
| 1892 | |
| 1893 | |
| 1894 | 5.8.6.3 SESSION Structure |
| 1895 | |
| 1896 | The SESSION structure contains all the context of a session except for the associated contextID. |
| 1897 | |
| 1898 | NOTE: The contextID of a session is only relevant when the session context is stored off the TPM. |
| 1899 | |
| 1900 | 178 typedef struct |
| 1901 | 179 { |
| 1902 | 180 TPM_ALG_ID authHashAlg; // session hash algorithm |
| 1903 | 181 TPM2B_NONCE nonceTPM; // last TPM-generated nonce for |
| 1904 | 182 // this session |
| 1905 | 183 |
| 1906 | 184 TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any) |
| 1907 | 185 TPM2B_AUTH sessionKey; // session secret value used for |
| 1908 | 186 // generating HMAC and encryption keys |
| 1909 | 187 |
| 1910 | 188 SESSION_ATTRIBUTES attributes; // session attributes |
| 1911 | 189 TPM_CC commandCode; // command code (policy session) |
| 1912 | 190 TPMA_LOCALITY commandLocality; // command locality (policy session) |
| 1913 | 191 UINT32 pcrCounter; // PCR counter value when PCR is |
| 1914 | 192 // included (policy session) |
| 1915 | 193 // If no PCR is included, this |
| 1916 | 194 // value is 0. |
| 1917 | 195 |
| 1918 | 196 UINT64 startTime; // value of TPMS_CLOCK_INFO.clock when |
| 1919 | 197 // the session was started (policy |
| 1920 | |
| 1921 | |
| 1922 | Page 14 TCG Published Family "2.0" |
| 1923 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 1924 | Part 4: Supporting Routines Trusted Platform Module Library |
| 1925 | |
| 1926 | 198 // session) |
| 1927 | 199 |
| 1928 | 200 UINT64 timeOut; // timeout relative to |
| 1929 | 201 // TPMS_CLOCK_INFO.clock |
| 1930 | 202 // There is no timeout if this value |
| 1931 | 203 // is 0. |
| 1932 | 204 union |
| 1933 | 205 { |
| 1934 | 206 TPM2B_NAME boundEntity; // value used to track the entity to |
| 1935 | 207 // which the session is bound |
| 1936 | 208 |
| 1937 | 209 TPM2B_DIGEST cpHash; // the required cpHash value for the |
| 1938 | 210 // command being authorized |
| 1939 | 211 |
| 1940 | 212 } u1; // 'boundEntity' and 'cpHash' may |
| 1941 | 213 // share the same space to save memory |
| 1942 | 214 |
| 1943 | 215 union |
| 1944 | 216 { |
| 1945 | 217 TPM2B_DIGEST auditDigest; // audit session digest |
| 1946 | 218 TPM2B_DIGEST policyDigest; // policyHash |
| 1947 | 219 |
| 1948 | 220 } u2; // audit log and policyHash may |
| 1949 | 221 // share space to save memory |
| 1950 | 222 } SESSION; |
| 1951 | |
| 1952 | |
| 1953 | 5.8.7 PCR |
| 1954 | |
| 1955 | 5.8.7.1 PCR_SAVE Structure |
| 1956 | |
| 1957 | The PCR_SAVE structure type contains the PCR data that are saved across power cycles. Only the static |
| 1958 | PCR are required to be saved across power cycles. The DRTM and resettable PCR are not saved. The |
| 1959 | number of static and resettable PCR is determined by the platform-specific specification to which the TPM |
| 1960 | is built. |
| 1961 | |
| 1962 | 223 typedef struct |
| 1963 | 224 { |
| 1964 | 225 #ifdef TPM_ALG_SHA1 |
| 1965 | 226 BYTE sha1[NUM_STATIC_PCR][SHA1_DIGEST_SIZE]; |
| 1966 | 227 #endif |
| 1967 | 228 #ifdef TPM_ALG_SHA256 |
| 1968 | 229 BYTE sha256[NUM_STATIC_PCR][SHA256_DIGEST_SIZE]; |
| 1969 | 230 #endif |
| 1970 | 231 #ifdef TPM_ALG_SHA384 |
| 1971 | 232 BYTE sha384[NUM_STATIC_PCR][SHA384_DIGEST_SIZE]; |
| 1972 | 233 #endif |
| 1973 | 234 #ifdef TPM_ALG_SHA512 |
| 1974 | 235 BYTE sha512[NUM_STATIC_PCR][SHA512_DIGEST_SIZE]; |
| 1975 | 236 #endif |
| 1976 | 237 #ifdef TPM_ALG_SM3_256 |
| 1977 | 238 BYTE sm3_256[NUM_STATIC_PCR][SM3_256_DIGEST_SIZE]; |
| 1978 | 239 #endif |
| 1979 | 240 |
| 1980 | 241 // This counter increments whenever the PCR are updated. |
| 1981 | 242 // NOTE: A platform-specific specification may designate |
| 1982 | 243 // certain PCR changes as not causing this counter |
| 1983 | 244 // to increment. |
| 1984 | 245 UINT32 pcrCounter; |
| 1985 | 246 |
| 1986 | 247 } PCR_SAVE; |
| 1987 | |
| 1988 | |
| 1989 | |
| 1990 | |
| 1991 | Family "2.0" TCG Published Page 15 |
| 1992 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 1993 | Trusted Platform Module Library Part 4: Supporting Routines |
| 1994 | |
| 1995 | 5.8.7.2 PCR_POLICY |
| 1996 | |
| 1997 | This structure holds the PCR policies, one for each group of PCR controlled by policy. |
| 1998 | |
| 1999 | 248 typedef struct |
| 2000 | 249 { |
| 2001 | 250 TPMI_ALG_HASH hashAlg[NUM_POLICY_PCR_GROUP]; |
| 2002 | 251 TPM2B_DIGEST a; |
| 2003 | 252 TPM2B_DIGEST policy[NUM_POLICY_PCR_GROUP]; |
| 2004 | 253 } PCR_POLICY; |
| 2005 | |
| 2006 | |
| 2007 | 5.8.7.3 PCR_AUTHVALUE |
| 2008 | |
| 2009 | This structure holds the PCR policies, one for each group of PCR controlled by policy. |
| 2010 | |
| 2011 | 254 typedef struct |
| 2012 | 255 { |
| 2013 | 256 TPM2B_DIGEST auth[NUM_AUTHVALUE_PCR_GROUP]; |
| 2014 | 257 } PCR_AUTHVALUE; |
| 2015 | |
| 2016 | |
| 2017 | 5.8.8 Startup |
| 2018 | |
| 2019 | 5.8.8.1 SHUTDOWN_NONE |
| 2020 | |
| 2021 | Part 2 defines the two shutdown/startup types that may be used in TPM2_Shutdown() and |
| 2022 | TPM2_Starup(). This additional define is used by the TPM to indicate that no shutdown was received. |
| 2023 | |
| 2024 | NOTE: This is a reserved value. |
| 2025 | |
| 2026 | 258 #define SHUTDOWN_NONE (TPM_SU)(0xFFFF) |
| 2027 | |
| 2028 | |
| 2029 | 5.8.8.2 STARTUP_TYPE |
| 2030 | |
| 2031 | This enumeration is the possible startup types. The type is determined by the combination of |
| 2032 | TPM2_ShutDown() and TPM2_Startup(). |
| 2033 | |
| 2034 | 259 typedef enum |
| 2035 | 260 { |
| 2036 | 261 SU_RESET, |
| 2037 | 262 SU_RESTART, |
| 2038 | 263 SU_RESUME |
| 2039 | 264 } STARTUP_TYPE; |
| 2040 | |
| 2041 | |
| 2042 | 5.8.9 NV |
| 2043 | |
| 2044 | 5.8.9.1 NV_RESERVE |
| 2045 | |
| 2046 | This enumeration defines the master list of the elements of a reserved portion of NV. This list includes all |
| 2047 | the pre-defined data that takes space in NV, either as persistent data or as state save data. The |
| 2048 | enumerations are used as indexes into an array of offset values. The offset values then are used to index |
| 2049 | into NV. This is method provides an imperfect analog to an actual NV implementation. |
| 2050 | |
| 2051 | 265 typedef enum |
| 2052 | 266 { |
| 2053 | 267 // Entries below mirror the PERSISTENT_DATA structure. These values are written |
| 2054 | 268 // to NV as individual items. |
| 2055 | 269 // hierarchy |
| 2056 | |
| 2057 | Page 16 TCG Published Family "2.0" |
| 2058 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 2059 | Part 4: Supporting Routines Trusted Platform Module Library |
| 2060 | |
| 2061 | 270 NV_DISABLE_CLEAR, |
| 2062 | 271 NV_OWNER_ALG, |
| 2063 | 272 NV_ENDORSEMENT_ALG, |
| 2064 | 273 NV_LOCKOUT_ALG, |
| 2065 | 274 NV_OWNER_POLICY, |
| 2066 | 275 NV_ENDORSEMENT_POLICY, |
| 2067 | 276 NV_LOCKOUT_POLICY, |
| 2068 | 277 NV_OWNER_AUTH, |
| 2069 | 278 NV_ENDORSEMENT_AUTH, |
| 2070 | 279 NV_LOCKOUT_AUTH, |
| 2071 | 280 |
| 2072 | 281 NV_EP_SEED, |
| 2073 | 282 NV_SP_SEED, |
| 2074 | 283 NV_PP_SEED, |
| 2075 | 284 |
| 2076 | 285 NV_PH_PROOF, |
| 2077 | 286 NV_SH_PROOF, |
| 2078 | 287 NV_EH_PROOF, |
| 2079 | 288 |
| 2080 | 289 // Time |
| 2081 | 290 NV_TOTAL_RESET_COUNT, |
| 2082 | 291 NV_RESET_COUNT, |
| 2083 | 292 |
| 2084 | 293 // PCR |
| 2085 | 294 NV_PCR_POLICIES, |
| 2086 | 295 NV_PCR_ALLOCATED, |
| 2087 | 296 |
| 2088 | 297 // Physical Presence |
| 2089 | 298 NV_PP_LIST, |
| 2090 | 299 |
| 2091 | 300 // Dictionary Attack |
| 2092 | 301 NV_FAILED_TRIES, |
| 2093 | 302 NV_MAX_TRIES, |
| 2094 | 303 NV_RECOVERY_TIME, |
| 2095 | 304 NV_LOCKOUT_RECOVERY, |
| 2096 | 305 NV_LOCKOUT_AUTH_ENABLED, |
| 2097 | 306 |
| 2098 | 307 // Orderly State flag |
| 2099 | 308 NV_ORDERLY, |
| 2100 | 309 |
| 2101 | 310 // Command Audit |
| 2102 | 311 NV_AUDIT_COMMANDS, |
| 2103 | 312 NV_AUDIT_HASH_ALG, |
| 2104 | 313 NV_AUDIT_COUNTER, |
| 2105 | 314 |
| 2106 | 315 // Algorithm Set |
| 2107 | 316 NV_ALGORITHM_SET, |
| 2108 | 317 |
| 2109 | 318 NV_FIRMWARE_V1, |
| 2110 | 319 NV_FIRMWARE_V2, |
| 2111 | 320 |
| 2112 | 321 // The entries above are in PERSISTENT_DATA. The entries below represent |
| 2113 | 322 // structures that are read and written as a unit. |
| 2114 | 323 |
| 2115 | 324 // ORDERLY_DATA data structure written on each orderly shutdown |
| 2116 | 325 NV_ORDERLY_DATA, |
| 2117 | 326 |
| 2118 | 327 // STATE_CLEAR_DATA structure written on each Shutdown(STATE) |
| 2119 | 328 NV_STATE_CLEAR, |
| 2120 | 329 |
| 2121 | 330 // STATE_RESET_DATA structure written on each Shutdown(STATE) |
| 2122 | 331 NV_STATE_RESET, |
| 2123 | 332 |
| 2124 | 333 NV_RESERVE_LAST // end of NV reserved data list |
| 2125 | 334 } NV_RESERVE; |
| 2126 | |
| 2127 | |
| 2128 | Family "2.0" TCG Published Page 17 |
| 2129 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 2130 | Trusted Platform Module Library Part 4: Supporting Routines |
| 2131 | |
| 2132 | 5.8.9.2 NV_INDEX |
| 2133 | |
| 2134 | The NV_INDEX structure defines the internal format for an NV index. The indexData size varies |
| 2135 | according to the type of the index. In this implementation, all of the index is manipulated as a unit. |
| 2136 | |
| 2137 | 335 typedef struct |
| 2138 | 336 { |
| 2139 | 337 TPMS_NV_PUBLIC publicArea; |
| 2140 | 338 TPM2B_AUTH authValue; |
| 2141 | 339 } NV_INDEX; |
| 2142 | |
| 2143 | |
| 2144 | 5.8.10 COMMIT_INDEX_MASK |
| 2145 | |
| 2146 | This is the define for the mask value that is used when manipulating the bits in the commit bit array. The |
| 2147 | commit counter is a 64-bit value and the low order bits are used to index the commitArray. This mask |
| 2148 | value is applied to the commit counter to extract the bit number in the array. |
| 2149 | |
| 2150 | 340 #ifdef TPM_ALG_ECC |
| 2151 | 341 #define COMMIT_INDEX_MASK ((UINT16)((sizeof(gr.commitArray)*8)-1)) |
| 2152 | 342 #endif |
| 2153 | |
| 2154 | |
| 2155 | 5.8.11 RAM Global Values |
| 2156 | |
| 2157 | 5.8.11.1 Description |
| 2158 | |
| 2159 | The values in this section are only extant in RAM. They are defined here and instanced in Global.c. |
| 2160 | |
| 2161 | 5.8.11.2 g_rcIndex |
| 2162 | |
| 2163 | This array is used to contain the array of values that are added to a return code when it is a parameter-, |
| 2164 | handle-, or session-related error. This is an implementation choice and the same result can be achieved |
| 2165 | by using a macro. |
| 2166 | |
| 2167 | 343 extern const UINT16 g_rcIndex[15]; |
| 2168 | |
| 2169 | |
| 2170 | 5.8.11.3 g_exclusiveAuditSession |
| 2171 | |
| 2172 | This location holds the session handle for the current exclusive audit session. If there is no exclusive |
| 2173 | audit session, the location is set to TPM_RH_UNASSIGNED. |
| 2174 | |
| 2175 | 344 extern TPM_HANDLE g_exclusiveAuditSession; |
| 2176 | |
| 2177 | |
| 2178 | 5.8.11.4 g_time |
| 2179 | |
| 2180 | This value is the count of milliseconds since the TPM was powered up. This value is initialized at |
| 2181 | _TPM_Init(). |
| 2182 | |
| 2183 | 345 extern UINT64 g_time; |
| 2184 | |
| 2185 | |
| 2186 | 5.8.11.5 g_phEnable |
| 2187 | |
| 2188 | This is the platform hierarchy control and determines if the platform hierarchy is available. This value is |
| 2189 | SET on each TPM2_Startup(). The default value is SET. |
| 2190 | |
| 2191 | 346 extern BOOL g_phEnable; |
| 2192 | |
| 2193 | Page 18 TCG Published Family "2.0" |
| 2194 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 2195 | Part 4: Supporting Routines Trusted Platform Module Library |
| 2196 | |
| 2197 | 5.8.11.6 g_pceReConfig |
| 2198 | |
| 2199 | This value is SET if a TPM2_PCR_Allocate() command successfully executed since the last |
| 2200 | TPM2_Startup(). If so, then the next shutdown is required to be Shutdown(CLEAR). |
| 2201 | |
| 2202 | 347 extern BOOL g_pcrReConfig; |
| 2203 | |
| 2204 | |
| 2205 | 5.8.11.7 g_DRTMHandle |
| 2206 | |
| 2207 | This location indicates the sequence object handle that holds the DRTM sequence data. When not used, |
| 2208 | it is set to TPM_RH_UNASSIGNED. A sequence DRTM sequence is started on either _TPM_Init() or |
| 2209 | _TPM_Hash_Start(). |
| 2210 | |
| 2211 | 348 extern TPMI_DH_OBJECT g_DRTMHandle; |
| 2212 | |
| 2213 | |
| 2214 | 5.8.11.8 g_DrtmPreStartup |
| 2215 | |
| 2216 | This value indicates that an H-CRTM occurred after _TPM_Init() but before TPM2_Startup(). The define |
| 2217 | for PRE_STARTUP_FLAG is used to add the g_DrtmPreStartup value to gp_orderlyState at shutdown. |
| 2218 | This hack is to avoid adding another NV variable. |
| 2219 | |
| 2220 | 349 extern BOOL g_DrtmPreStartup; |
| 2221 | 350 #define PRE_STARTUP_FLAG 0x8000 |
| 2222 | |
| 2223 | |
| 2224 | 5.8.11.9 g_StartupLocality3 |
| 2225 | |
| 2226 | This value indicates that a TPM2_Startup() occured at locality 3. Otherwise, it at locality 0. The define for |
| 2227 | STARTUP_LOCALITY_3 is to indicate that the startup was not at locality 0. This hack is to avoid adding |
| 2228 | another NV variable. |
| 2229 | |
| 2230 | 351 extern BOOL g_StartupLocality3; |
| 2231 | 352 #define STARTUP_LOCALITY_3 0x4000 |
| 2232 | |
| 2233 | |
| 2234 | 5.8.11.10 g_updateNV |
| 2235 | |
| 2236 | This flag indicates if NV should be updated at the end of a command. This flag is set to FALSE at the |
| 2237 | beginning of each command in ExecuteCommand(). This flag is checked in ExecuteCommand() after the |
| 2238 | detailed actions of a command complete. If the command execution was successful and this flag is SET, |
| 2239 | any pending NV writes will be committed to NV. |
| 2240 | |
| 2241 | 353 extern BOOL g_updateNV; |
| 2242 | |
| 2243 | |
| 2244 | 5.8.11.11 g_clearOrderly |
| 2245 | |
| 2246 | This flag indicates if the execution of a command should cause the orderly state to be cleared. This flag |
| 2247 | is set to FALSE at the beginning of each command in ExecuteCommand() and is checked in |
| 2248 | ExecuteCommand() after the detailed actions of a command complete but before the check of |
| 2249 | g_updateNV. If this flag is TRUE, and the orderly state is not SHUTDOWN_NONE, then the orderly state |
| 2250 | in NV memory will be changed to SHUTDOWN_NONE. |
| 2251 | |
| 2252 | 354 extern BOOL g_clearOrderly; |
| 2253 | |
| 2254 | |
| 2255 | |
| 2256 | |
| 2257 | Family "2.0" TCG Published Page 19 |
| 2258 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 2259 | Trusted Platform Module Library Part 4: Supporting Routines |
| 2260 | |
| 2261 | 5.8.11.12 g_prevOrderlyState |
| 2262 | |
| 2263 | This location indicates how the TPM was shut down before the most recent TPM2_Startup(). This value, |
| 2264 | along with the startup type, determines if the TPM should do a TPM Reset, TPM Restart, or TPM |
| 2265 | Resume. |
| 2266 | |
| 2267 | 355 extern TPM_SU g_prevOrderlyState; |
| 2268 | |
| 2269 | |
| 2270 | 5.8.11.13 g_nvOk |
| 2271 | |
| 2272 | This value indicates if the NV integrity check was successful or not. If not and the failure was severe, then |
| 2273 | the TPM would have been put into failure mode after it had been re-manufactured. If the NV failure was in |
| 2274 | the area where the state-save data is kept, then this variable will have a value of FALSE indicating that a |
| 2275 | TPM2_Startup(CLEAR) is required. |
| 2276 | |
| 2277 | 356 extern BOOL g_nvOk; |
| 2278 | |
| 2279 | |
| 2280 | 5.8.11.14 g_platformUnique |
| 2281 | |
| 2282 | This location contains the unique value(s) used to identify the TPM. It is loaded on every |
| 2283 | _TPM2_Startup() The first value is used to seed the RNG. The second value is used as a vendor |
| 2284 | authValue. The value used by the RNG would be the value derived from the chip unique value (such as |
| 2285 | fused) with a dependency on the authorities of the code in the TPM boot path. The second would be |
| 2286 | derived from the chip unique value with a dependency on the details of the code in the boot path. That is, |
| 2287 | the first value depends on the various signers of the code and the second depends on what was signed. |
| 2288 | The TPM vendor should not be able to know the first value but they are expected to know the second. |
| 2289 | |
| 2290 | 357 extern TPM2B_AUTH g_platformUniqueAuthorities; // Reserved for RNG |
| 2291 | 358 extern TPM2B_AUTH g_platformUniqueDetails; // referenced by VENDOR_PERMANENT |
| 2292 | |
| 2293 | |
| 2294 | 5.8.12 Persistent Global Values |
| 2295 | |
| 2296 | 5.8.12.1 Description |
| 2297 | |
| 2298 | The values in this section are global values that are persistent across power events. The lifetime of the |
| 2299 | values determines the structure in which the value is placed. |
| 2300 | |
| 2301 | 5.8.12.2 PERSISTENT_DATA |
| 2302 | |
| 2303 | This structure holds the persistent values that only change as a consequence of a specific Protected |
| 2304 | Capability and are not affected by TPM power events (TPM2_Startup() or TPM2_Shutdown(). |
| 2305 | |
| 2306 | 359 typedef struct |
| 2307 | 360 { |
| 2308 | 361 //********************************************************************************* |
| 2309 | 362 // Hierarchy |
| 2310 | 363 //********************************************************************************* |
| 2311 | 364 // The values in this section are related to the hierarchies. |
| 2312 | 365 |
| 2313 | 366 BOOL disableClear; // TRUE if TPM2_Clear() using |
| 2314 | 367 // lockoutAuth is disabled |
| 2315 | 368 |
| 2316 | 369 // Hierarchy authPolicies |
| 2317 | 370 TPMI_ALG_HASH ownerAlg; |
| 2318 | 371 TPMI_ALG_HASH endorsementAlg; |
| 2319 | 372 TPMI_ALG_HASH lockoutAlg; |
| 2320 | 373 TPM2B_DIGEST ownerPolicy; |
| 2321 | |
| 2322 | Page 20 TCG Published Family "2.0" |
| 2323 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 2324 | Part 4: Supporting Routines Trusted Platform Module Library |
| 2325 | |
| 2326 | 374 TPM2B_DIGEST endorsementPolicy; |
| 2327 | 375 TPM2B_DIGEST lockoutPolicy; |
| 2328 | 376 |
| 2329 | 377 // Hierarchy authValues |
| 2330 | 378 TPM2B_AUTH ownerAuth; |
| 2331 | 379 TPM2B_AUTH endorsementAuth; |
| 2332 | 380 TPM2B_AUTH lockoutAuth; |
| 2333 | 381 |
| 2334 | 382 // Primary Seeds |
| 2335 | 383 TPM2B_SEED EPSeed; |
| 2336 | 384 TPM2B_SEED SPSeed; |
| 2337 | 385 TPM2B_SEED PPSeed; |
| 2338 | 386 // Note there is a nullSeed in the state_reset memory. |
| 2339 | 387 |
| 2340 | 388 // Hierarchy proofs |
| 2341 | 389 TPM2B_AUTH phProof; |
| 2342 | 390 TPM2B_AUTH shProof; |
| 2343 | 391 TPM2B_AUTH ehProof; |
| 2344 | 392 // Note there is a nullProof in the state_reset memory. |
| 2345 | 393 |
| 2346 | 394 //********************************************************************************* |
| 2347 | 395 // Reset Events |
| 2348 | 396 //********************************************************************************* |
| 2349 | 397 // A count that increments at each TPM reset and never get reset during the life |
| 2350 | 398 // time of TPM. The value of this counter is initialized to 1 during TPM |
| 2351 | 399 // manufacture process. |
| 2352 | 400 UINT64 totalResetCount; |
| 2353 | 401 |
| 2354 | 402 // This counter increments on each TPM Reset. The counter is reset by |
| 2355 | 403 // TPM2_Clear(). |
| 2356 | 404 UINT32 resetCount; |
| 2357 | 405 |
| 2358 | 406 //********************************************************************************* |
| 2359 | 407 // PCR |
| 2360 | 408 //********************************************************************************* |
| 2361 | 409 // This structure hold the policies for those PCR that have an update policy. |
| 2362 | 410 // This implementation only supports a single group of PCR controlled by |
| 2363 | 411 // policy. If more are required, then this structure would be changed to |
| 2364 | 412 // an array. |
| 2365 | 413 PCR_POLICY pcrPolicies; |
| 2366 | 414 |
| 2367 | 415 // This structure indicates the allocation of PCR. The structure contains a |
| 2368 | 416 // list of PCR allocations for each implemented algorithm. If no PCR are |
| 2369 | 417 // allocated for an algorithm, a list entry still exists but the bit map |
| 2370 | 418 // will contain no SET bits. |
| 2371 | 419 TPML_PCR_SELECTION pcrAllocated; |
| 2372 | 420 |
| 2373 | 421 //********************************************************************************* |
| 2374 | 422 // Physical Presence |
| 2375 | 423 //********************************************************************************* |
| 2376 | 424 // The PP_LIST type contains a bit map of the commands that require physical |
| 2377 | 425 // to be asserted when the authorization is evaluated. Physical presence will be |
| 2378 | 426 // checked if the corresponding bit in the array is SET and if the authorization |
| 2379 | 427 // handle is TPM_RH_PLATFORM. |
| 2380 | 428 // |
| 2381 | 429 // These bits may be changed with TPM2_PP_Commands(). |
| 2382 | 430 BYTE ppList[((TPM_CC_PP_LAST - TPM_CC_PP_FIRST + 1) + 7)/8]; |
| 2383 | 431 |
| 2384 | 432 //********************************************************************************* |
| 2385 | 433 // Dictionary attack values |
| 2386 | 434 //********************************************************************************* |
| 2387 | 435 // These values are used for dictionary attack tracking and control. |
| 2388 | 436 UINT32 failedTries; // the current count of unexpired |
| 2389 | 437 // authorization failures |
| 2390 | 438 |
| 2391 | 439 UINT32 maxTries; // number of unexpired authorization |
| 2392 | |
| 2393 | Family "2.0" TCG Published Page 21 |
| 2394 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 2395 | Trusted Platform Module Library Part 4: Supporting Routines |
| 2396 | |
| 2397 | 440 // failures before the TPM is in |
| 2398 | 441 // lockout |
| 2399 | 442 |
| 2400 | 443 UINT32 recoveryTime; // time between authorization failures |
| 2401 | 444 // before failedTries is decremented |
| 2402 | 445 |
| 2403 | 446 UINT32 lockoutRecovery; // time that must expire between |
| 2404 | 447 // authorization failures associated |
| 2405 | 448 // with lockoutAuth |
| 2406 | 449 |
| 2407 | 450 BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is |
| 2408 | 451 // allowed |
| 2409 | 452 |
| 2410 | 453 //***************************************************************************** |
| 2411 | 454 // Orderly State |
| 2412 | 455 //***************************************************************************** |
| 2413 | 456 // The orderly state for current cycle |
| 2414 | 457 TPM_SU orderlyState; |
| 2415 | 458 |
| 2416 | 459 //***************************************************************************** |
| 2417 | 460 // Command audit values. |
| 2418 | 461 //***************************************************************************** |
| 2419 | 462 BYTE auditComands[((TPM_CC_LAST - TPM_CC_FIRST + 1) + 7) / 8]; |
| 2420 | 463 TPMI_ALG_HASH auditHashAlg; |
| 2421 | 464 UINT64 auditCounter; |
| 2422 | 465 |
| 2423 | 466 //***************************************************************************** |
| 2424 | 467 // Algorithm selection |
| 2425 | 468 //***************************************************************************** |
| 2426 | 469 // |
| 2427 | 470 // The 'algorithmSet' value indicates the collection of algorithms that are |
| 2428 | 471 // currently in used on the TPM. The interpretation of value is vendor dependent. |
| 2429 | 472 UINT32 algorithmSet; |
| 2430 | 473 |
| 2431 | 474 //***************************************************************************** |
| 2432 | 475 // Firmware version |
| 2433 | 476 //***************************************************************************** |
| 2434 | 477 // The firmwareV1 and firmwareV2 values are instanced in TimeStamp.c. This is |
| 2435 | 478 // a scheme used in development to allow determination of the linker build time |
| 2436 | 479 // of the TPM. An actual implementation would implement these values in a way that |
| 2437 | 480 // is consistent with vendor needs. The values are maintained in RAM for simplified |
| 2438 | 481 // access with a master version in NV. These values are modified in a |
| 2439 | 482 // vendor-specific way. |
| 2440 | 483 |
| 2441 | 484 // g_firmwareV1 contains the more significant 32-bits of the vendor version number. |
| 2442 | 485 // In the reference implementation, if this value is printed as a hex |
| 2443 | 486 // value, it will have the format of yyyymmdd |
| 2444 | 487 UINT32 firmwareV1; |
| 2445 | 488 |
| 2446 | 489 // g_firmwareV1 contains the less significant 32-bits of the vendor version number. |
| 2447 | 490 // In the reference implementation, if this value is printed as a hex |
| 2448 | 491 // value, it will have the format of 00 hh mm ss |
| 2449 | 492 UINT32 firmwareV2; |
| 2450 | 493 |
| 2451 | 494 } PERSISTENT_DATA; |
| 2452 | 495 extern PERSISTENT_DATA gp; |
| 2453 | |
| 2454 | |
| 2455 | 5.8.12.3 ORDERLY_DATA |
| 2456 | |
| 2457 | The data in this structure is saved to NV on each TPM2_Shutdown(). |
| 2458 | |
| 2459 | 496 typedef struct orderly_data |
| 2460 | 497 { |
| 2461 | 498 |
| 2462 | |
| 2463 | |
| 2464 | Page 22 TCG Published Family "2.0" |
| 2465 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 2466 | Part 4: Supporting Routines Trusted Platform Module Library |
| 2467 | |
| 2468 | 499 //***************************************************************************** |
| 2469 | 500 // TIME |
| 2470 | 501 //***************************************************************************** |
| 2471 | 502 |
| 2472 | 503 // Clock has two parts. One is the state save part and one is the NV part. The |
| 2473 | 504 // state save version is updated on each command. When the clock rolls over, the |
| 2474 | 505 // NV version is updated. When the TPM starts up, if the TPM was shutdown in and |
| 2475 | 506 // orderly way, then the sClock value is used to initialize the clock. If the |
| 2476 | 507 // TPM shutdown was not orderly, then the persistent value is used and the safe |
| 2477 | 508 // attribute is clear. |
| 2478 | 509 |
| 2479 | 510 UINT64 clock; // The orderly version of clock |
| 2480 | 511 TPMI_YES_NO clockSafe; // Indicates if the clock value is |
| 2481 | 512 // safe. |
| 2482 | 513 //********************************************************************************* |
| 2483 | 514 // DRBG |
| 2484 | 515 //********************************************************************************* |
| 2485 | 516 #ifdef _DRBG_STATE_SAVE |
| 2486 | 517 // This is DRBG state data. This is saved each time the value of clock is |
| 2487 | 518 // updated. |
| 2488 | 519 DRBG_STATE drbgState; |
| 2489 | 520 #endif |
| 2490 | 521 |
| 2491 | 522 } ORDERLY_DATA; |
| 2492 | 523 extern ORDERLY_DATA go; |
| 2493 | |
| 2494 | |
| 2495 | 5.8.12.4 STATE_CLEAR_DATA |
| 2496 | |
| 2497 | This structure contains the data that is saved on Shutdown(STATE). and restored on Startup(STATE). |
| 2498 | The values are set to their default settings on any Startup(Clear). In other words the data is only |
| 2499 | persistent across TPM Resume. |
| 2500 | If the comments associated with a parameter indicate a default reset value, the value is applied on each |
| 2501 | Startup(CLEAR). |
| 2502 | |
| 2503 | 524 typedef struct state_clear_data |
| 2504 | 525 { |
| 2505 | 526 //***************************************************************************** |
| 2506 | 527 // Hierarchy Control |
| 2507 | 528 //***************************************************************************** |
| 2508 | 529 BOOL shEnable; // default reset is SET |
| 2509 | 530 BOOL ehEnable; // default reset is SET |
| 2510 | 531 BOOL phEnableNV; // default reset is SET |
| 2511 | 532 TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL |
| 2512 | 533 TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer |
| 2513 | 534 TPM2B_AUTH platformAuth; // default reset is an Empty Buffer |
| 2514 | 535 |
| 2515 | 536 //***************************************************************************** |
| 2516 | 537 // PCR |
| 2517 | 538 //***************************************************************************** |
| 2518 | 539 // The set of PCR to be saved on Shutdown(STATE) |
| 2519 | 540 PCR_SAVE pcrSave; // default reset is 0...0 |
| 2520 | 541 |
| 2521 | 542 // This structure hold the authorization values for those PCR that have an |
| 2522 | 543 // update authorization. |
| 2523 | 544 // This implementation only supports a single group of PCR controlled by |
| 2524 | 545 // authorization. If more are required, then this structure would be changed to |
| 2525 | 546 // an array. |
| 2526 | 547 PCR_AUTHVALUE pcrAuthValues; |
| 2527 | 548 |
| 2528 | 549 } STATE_CLEAR_DATA; |
| 2529 | 550 extern STATE_CLEAR_DATA gc; |
| 2530 | |
| 2531 | |
| 2532 | |
| 2533 | |
| 2534 | Family "2.0" TCG Published Page 23 |
| 2535 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 2536 | Trusted Platform Module Library Part 4: Supporting Routines |
| 2537 | |
| 2538 | 5.8.12.5 State Reset Data |
| 2539 | |
| 2540 | This structure contains data is that is saved on Shutdown(STATE) and restored on the subsequent |
| 2541 | Startup(ANY). That is, the data is preserved across TPM Resume and TPM Restart. |
| 2542 | If a default value is specified in the comments this value is applied on TPM Reset. |
| 2543 | |
| 2544 | 551 typedef struct state_reset_data |
| 2545 | 552 { |
| 2546 | 553 //***************************************************************************** |
| 2547 | 554 // Hierarchy Control |
| 2548 | 555 //***************************************************************************** |
| 2549 | 556 TPM2B_AUTH nullProof; // The proof value associated with |
| 2550 | 557 // the TPM_RH_NULL hierarchy. The |
| 2551 | 558 // default reset value is from the RNG. |
| 2552 | 559 |
| 2553 | 560 TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL |
| 2554 | 561 // hierarchy. The default reset value |
| 2555 | 562 // is from the RNG. |
| 2556 | 563 |
| 2557 | 564 //***************************************************************************** |
| 2558 | 565 // Context |
| 2559 | 566 //***************************************************************************** |
| 2560 | 567 // The 'clearCount' counter is incremented each time the TPM successfully executes |
| 2561 | 568 // a TPM Resume. The counter is included in each saved context that has 'stClear' |
| 2562 | 569 // SET (including descendants of keys that have 'stClear' SET). This prevents these |
| 2563 | 570 // objects from being loaded after a TPM Resume. |
| 2564 | 571 // If 'clearCount' at its maximum value when the TPM receives a Shutdown(STATE), |
| 2565 | 572 // the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR). |
| 2566 | 573 UINT32 clearCount; // The default reset value is 0. |
| 2567 | 574 |
| 2568 | 575 UINT64 objectContextID; // This is the context ID for a saved |
| 2569 | 576 // object context. The default reset |
| 2570 | 577 // value is 0. |
| 2571 | 578 |
| 2572 | 579 CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS]; |
| 2573 | 580 // This is the value from which the |
| 2574 | 581 // 'contextID' is derived. The |
| 2575 | 582 // default reset value is {0}. |
| 2576 | 583 |
| 2577 | 584 CONTEXT_COUNTER contextCounter; // This array contains contains the |
| 2578 | 585 // values used to track the version |
| 2579 | 586 // numbers of saved contexts (see |
| 2580 | 587 // Session.c in for details). The |
| 2581 | 588 // default reset value is 0. |
| 2582 | 589 |
| 2583 | 590 //***************************************************************************** |
| 2584 | 591 // Command Audit |
| 2585 | 592 //***************************************************************************** |
| 2586 | 593 // When an audited command completes, ExecuteCommand() checks the return |
| 2587 | 594 // value. If it is TPM_RC_SUCCESS, and the command is an audited command, the |
| 2588 | 595 // TPM will extend the cpHash and rpHash for the command to this value. If this |
| 2589 | 596 // digest was the Zero Digest before the cpHash was extended, the audit counter |
| 2590 | 597 // is incremented. |
| 2591 | 598 |
| 2592 | 599 TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest |
| 2593 | 600 // by TPM2_GetCommandAuditDigest() or a |
| 2594 | 601 // TPM Reset. |
| 2595 | 602 |
| 2596 | 603 //***************************************************************************** |
| 2597 | 604 // Boot counter |
| 2598 | 605 //***************************************************************************** |
| 2599 | 606 |
| 2600 | 607 UINT32 restartCount; // This counter counts TPM Restarts. |
| 2601 | 608 // The default reset value is 0. |
| 2602 | |
| 2603 | |
| 2604 | Page 24 TCG Published Family "2.0" |
| 2605 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 2606 | Part 4: Supporting Routines Trusted Platform Module Library |
| 2607 | |
| 2608 | 609 |
| 2609 | 610 //********************************************************************************* |
| 2610 | 611 // PCR |
| 2611 | 612 //********************************************************************************* |
| 2612 | 613 // This counter increments whenever the PCR are updated. This counter is preserved |
| 2613 | 614 // across TPM Resume even though the PCR are not preserved. This is because |
| 2614 | 615 // sessions remain active across TPM Restart and the count value in the session |
| 2615 | 616 // is compared to this counter so this counter must have values that are unique |
| 2616 | 617 // as long as the sessions are active. |
| 2617 | 618 // NOTE: A platform-specific specification may designate that certain PCR changes |
| 2618 | 619 // do not increment this counter to increment. |
| 2619 | 620 UINT32 pcrCounter; // The default reset value is 0. |
| 2620 | 621 |
| 2621 | 622 #ifdef TPM_ALG_ECC |
| 2622 | 623 |
| 2623 | 624 //***************************************************************************** |
| 2624 | 625 // ECDAA |
| 2625 | 626 //***************************************************************************** |
| 2626 | 627 UINT64 commitCounter; // This counter increments each time |
| 2627 | 628 // TPM2_Commit() returns |
| 2628 | 629 // TPM_RC_SUCCESS. The default reset |
| 2629 | 630 // value is 0. |
| 2630 | 631 |
| 2631 | 632 TPM2B_NONCE commitNonce; // This random value is used to compute |
| 2632 | 633 // the commit values. The default reset |
| 2633 | 634 // value is from the RNG. |
| 2634 | 635 |
| 2635 | 636 // This implementation relies on the number of bits in g_commitArray being a |
| 2636 | 637 // power of 2 (8, 16, 32, 64, etc.) and no greater than 64K. |
| 2637 | 638 BYTE commitArray[16]; // The default reset value is {0}. |
| 2638 | 639 |
| 2639 | 640 #endif //TPM_ALG_ECC |
| 2640 | 641 |
| 2641 | 642 } STATE_RESET_DATA; |
| 2642 | 643 extern STATE_RESET_DATA gr; |
| 2643 | |
| 2644 | |
| 2645 | 5.8.13 Global Macro Definitions |
| 2646 | |
| 2647 | This macro is used to ensure that a handle, session, or parameter number is only added if the response |
| 2648 | code is FMT1. |
| 2649 | |
| 2650 | 644 #define RcSafeAddToResult(r, v) \ |
| 2651 | 645 ((r) + (((r) & RC_FMT1) ? (v) : 0)) |
| 2652 | |
| 2653 | This macro is used when a parameter is not otherwise referenced in a function. This macro is normally |
| 2654 | not used by itself but is paired with a pAssert() within a #ifdef pAssert. If pAssert is not defined, then a |
| 2655 | parameter might not otherwise be referenced. This macro uses the parameter from the perspective of the |
| 2656 | compiler so it doesn't complain. |
| 2657 | |
| 2658 | 646 #define UNREFERENCED(a) ((void)(a)) |
| 2659 | |
| 2660 | |
| 2661 | 5.8.14 Private data |
| 2662 | |
| 2663 | 647 #if defined SESSION_PROCESS_C || defined GLOBAL_C || defined MANUFACTURE_C |
| 2664 | |
| 2665 | From SessionProcess.c |
| 2666 | The following arrays are used to save command sessions information so that the command |
| 2667 | handle/session buffer does not have to be preserved for the duration of the command. These arrays are |
| 2668 | indexed by the session index in accordance with the order of sessions in the session area of the |
| 2669 | command. |
| 2670 | |
| 2671 | Family "2.0" TCG Published Page 25 |
| 2672 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 2673 | Trusted Platform Module Library Part 4: Supporting Routines |
| 2674 | |
| 2675 | |
| 2676 | Array of the authorization session handles |
| 2677 | |
| 2678 | 648 extern TPM_HANDLE s_sessionHandles[MAX_SESSION_NUM]; |
| 2679 | |
| 2680 | Array of authorization session attributes |
| 2681 | |
| 2682 | 649 extern TPMA_SESSION s_attributes[MAX_SESSION_NUM]; |
| 2683 | |
| 2684 | Array of handles authorized by the corresponding authorization sessions; and if none, then |
| 2685 | TPM_RH_UNASSIGNED value is used |
| 2686 | |
| 2687 | 650 extern TPM_HANDLE s_associatedHandles[MAX_SESSION_NUM]; |
| 2688 | |
| 2689 | Array of nonces provided by the caller for the corresponding sessions |
| 2690 | |
| 2691 | 651 extern TPM2B_NONCE s_nonceCaller[MAX_SESSION_NUM]; |
| 2692 | |
| 2693 | Array of authorization values (HMAC's or passwords) for the corresponding sessions |
| 2694 | |
| 2695 | 652 extern TPM2B_AUTH s_inputAuthValues[MAX_SESSION_NUM]; |
| 2696 | |
| 2697 | Special value to indicate an undefined session index |
| 2698 | |
| 2699 | 653 #define UNDEFINED_INDEX (0xFFFF) |
| 2700 | |
| 2701 | Index of the session used for encryption of a response parameter |
| 2702 | |
| 2703 | 654 extern UINT32 s_encryptSessionIndex; |
| 2704 | |
| 2705 | Index of the session used for decryption of a command parameter |
| 2706 | |
| 2707 | 655 extern UINT32 s_decryptSessionIndex; |
| 2708 | |
| 2709 | Index of a session used for audit |
| 2710 | |
| 2711 | 656 extern UINT32 s_auditSessionIndex; |
| 2712 | |
| 2713 | The cpHash for an audit session |
| 2714 | |
| 2715 | 657 extern TPM2B_DIGEST s_cpHashForAudit; |
| 2716 | |
| 2717 | The cpHash for command audit |
| 2718 | |
| 2719 | 658 #ifdef TPM_CC_GetCommandAuditDigest |
| 2720 | 659 extern TPM2B_DIGEST s_cpHashForCommandAudit; |
| 2721 | 660 #endif |
| 2722 | |
| 2723 | Number of authorization sessions present in the command |
| 2724 | |
| 2725 | 661 extern UINT32 s_sessionNum; |
| 2726 | |
| 2727 | Flag indicating if NV update is pending for the lockOutAuthEnabled or failedTries DA parameter |
| 2728 | |
| 2729 | 662 extern BOOL s_DAPendingOnNV; |
| 2730 | 663 #endif // SESSION_PROCESS_C |
| 2731 | 664 #if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C |
| 2732 | |
| 2733 | From DA.c |
| 2734 | |
| 2735 | Page 26 TCG Published Family "2.0" |
| 2736 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 2737 | Part 4: Supporting Routines Trusted Platform Module Library |
| 2738 | |
| 2739 | |
| 2740 | This variable holds the accumulated time since the last time that failedTries was decremented. This value |
| 2741 | is in millisecond. |
| 2742 | |
| 2743 | 665 extern UINT64 s_selfHealTimer; |
| 2744 | |
| 2745 | This variable holds the accumulated time that the lockoutAuth has been blocked. |
| 2746 | |
| 2747 | 666 extern UINT64 s_lockoutTimer; |
| 2748 | 667 #endif // DA_C |
| 2749 | 668 #if defined NV_C || defined GLOBAL_C |
| 2750 | |
| 2751 | From NV.c |
| 2752 | List of pre-defined address of reserved data |
| 2753 | |
| 2754 | 669 extern UINT32 s_reservedAddr[NV_RESERVE_LAST]; |
| 2755 | |
| 2756 | List of pre-defined reserved data size in byte |
| 2757 | |
| 2758 | 670 extern UINT32 s_reservedSize[NV_RESERVE_LAST]; |
| 2759 | |
| 2760 | Size of data in RAM index buffer |
| 2761 | |
| 2762 | 671 extern UINT32 s_ramIndexSize; |
| 2763 | |
| 2764 | Reserved RAM space for frequently updated NV Index. The data layout in ram buffer is {NV_handle(), |
| 2765 | size of data, data} for each NV index data stored in RAM |
| 2766 | |
| 2767 | 672 extern BYTE s_ramIndex[RAM_INDEX_SPACE]; |
| 2768 | |
| 2769 | Address of size of RAM index space in NV |
| 2770 | |
| 2771 | 673 extern UINT32 s_ramIndexSizeAddr; |
| 2772 | |
| 2773 | Address of NV copy of RAM index space |
| 2774 | |
| 2775 | 674 extern UINT32 s_ramIndexAddr; |
| 2776 | |
| 2777 | Address of maximum counter value; an auxiliary variable to implement NV counters |
| 2778 | |
| 2779 | 675 extern UINT32 s_maxCountAddr; |
| 2780 | |
| 2781 | Beginning of NV dynamic area; starts right after the s_maxCountAddr and s_evictHandleMapAddr |
| 2782 | variables |
| 2783 | |
| 2784 | 676 extern UINT32 s_evictNvStart; |
| 2785 | |
| 2786 | Beginning of NV dynamic area; also the beginning of the predefined reserved data area. |
| 2787 | |
| 2788 | 677 extern UINT32 s_evictNvEnd; |
| 2789 | |
| 2790 | NV availability is sampled as the start of each command and stored here so that its value remains |
| 2791 | consistent during the command execution |
| 2792 | |
| 2793 | 678 extern TPM_RC s_NvStatus; |
| 2794 | 679 #endif |
| 2795 | 680 #if defined OBJECT_C || defined GLOBAL_C |
| 2796 | |
| 2797 | From Object.c |
| 2798 | |
| 2799 | Family "2.0" TCG Published Page 27 |
| 2800 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 2801 | Trusted Platform Module Library Part 4: Supporting Routines |
| 2802 | |
| 2803 | |
| 2804 | This type is the container for an object. |
| 2805 | |
| 2806 | 681 typedef struct |
| 2807 | 682 { |
| 2808 | 683 BOOL occupied; |
| 2809 | 684 ANY_OBJECT object; |
| 2810 | 685 } OBJECT_SLOT; |
| 2811 | |
| 2812 | This is the memory that holds the loaded objects. |
| 2813 | |
| 2814 | 686 extern OBJECT_SLOT s_objects[MAX_LOADED_OBJECTS]; |
| 2815 | 687 #endif // OBJECT_C |
| 2816 | 688 #if defined PCR_C || defined GLOBAL_C |
| 2817 | |
| 2818 | From PCR.c |
| 2819 | |
| 2820 | 689 typedef struct |
| 2821 | 690 { |
| 2822 | 691 #ifdef TPM_ALG_SHA1 |
| 2823 | 692 // SHA1 PCR |
| 2824 | 693 BYTE sha1Pcr[SHA1_DIGEST_SIZE]; |
| 2825 | 694 #endif |
| 2826 | 695 #ifdef TPM_ALG_SHA256 |
| 2827 | 696 // SHA256 PCR |
| 2828 | 697 BYTE sha256Pcr[SHA256_DIGEST_SIZE]; |
| 2829 | 698 #endif |
| 2830 | 699 #ifdef TPM_ALG_SHA384 |
| 2831 | 700 // SHA384 PCR |
| 2832 | 701 BYTE sha384Pcr[SHA384_DIGEST_SIZE]; |
| 2833 | 702 #endif |
| 2834 | 703 #ifdef TPM_ALG_SHA512 |
| 2835 | 704 // SHA512 PCR |
| 2836 | 705 BYTE sha512Pcr[SHA512_DIGEST_SIZE]; |
| 2837 | 706 #endif |
| 2838 | 707 #ifdef TPM_ALG_SM3_256 |
| 2839 | 708 // SHA256 PCR |
| 2840 | 709 BYTE sm3_256Pcr[SM3_256_DIGEST_SIZE]; |
| 2841 | 710 #endif |
| 2842 | 711 } PCR; |
| 2843 | 712 typedef struct |
| 2844 | 713 { |
| 2845 | 714 unsigned int stateSave : 1; // if the PCR value should be |
| 2846 | 715 // saved in state save |
| 2847 | 716 unsigned int resetLocality : 5; // The locality that the PCR |
| 2848 | 717 // can be reset |
| 2849 | 718 unsigned int extendLocality : 5; // The locality that the PCR |
| 2850 | 719 // can be extend |
| 2851 | 720 } PCR_Attributes; |
| 2852 | 721 extern PCR s_pcrs[IMPLEMENTATION_PCR]; |
| 2853 | 722 #endif // PCR_C |
| 2854 | 723 #if defined SESSION_C || defined GLOBAL_C |
| 2855 | |
| 2856 | From Session.c |
| 2857 | Container for HMAC or policy session tracking information |
| 2858 | |
| 2859 | 724 typedef struct |
| 2860 | 725 { |
| 2861 | 726 BOOL occupied; |
| 2862 | 727 SESSION session; // session structure |
| 2863 | 728 } SESSION_SLOT; |
| 2864 | 729 extern SESSION_SLOT s_sessions[MAX_LOADED_SESSIONS]; |
| 2865 | |
| 2866 | |
| 2867 | |
| 2868 | |
| 2869 | Page 28 TCG Published Family "2.0" |
| 2870 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 2871 | Part 4: Supporting Routines Trusted Platform Module Library |
| 2872 | |
| 2873 | |
| 2874 | The index in conextArray that has the value of the oldest saved session context. When no context is |
| 2875 | saved, this will have a value that is greater than or equal to MAX_ACTIVE_SESSIONS. |
| 2876 | |
| 2877 | 730 extern UINT32 s_oldestSavedSession; |
| 2878 | |
| 2879 | The number of available session slot openings. When this is 1, a session can't be created or loaded if the |
| 2880 | GAP is maxed out. The exception is that the oldest saved session context can always be loaded |
| 2881 | (assuming that there is a space in memory to put it) |
| 2882 | |
| 2883 | 731 extern int s_freeSessionSlots; |
| 2884 | 732 #endif // SESSION_C |
| 2885 | |
| 2886 | From Manufacture.c |
| 2887 | |
| 2888 | 733 extern BOOL g_manufactured; |
| 2889 | 734 #if defined POWER_C || defined GLOBAL_C |
| 2890 | |
| 2891 | From Power.c |
| 2892 | This value indicates if a TPM2_Startup() commands has been receive since the power on event. This |
| 2893 | flag is maintained in power simulation module because this is the only place that may reliably set this flag |
| 2894 | to FALSE. |
| 2895 | |
| 2896 | 735 extern BOOL s_initialized; |
| 2897 | 736 #endif // POWER_C |
| 2898 | 737 #if defined MEMORY_LIB_C || defined GLOBAL_C |
| 2899 | |
| 2900 | The s_actionOutputBuffer should not be modifiable by the host system until the TPM has returned a |
| 2901 | response code. The s_actionOutputBuffer should not be accessible until response parameter encryption, |
| 2902 | if any, is complete. |
| 2903 | |
| 2904 | 738 extern UINT32 s_actionInputBuffer[1024]; // action input buffer |
| 2905 | 739 extern UINT32 s_actionOutputBuffer[1024]; // action output buffer |
| 2906 | 740 extern BYTE s_responseBuffer[MAX_RESPONSE_SIZE];// response buffer |
| 2907 | 741 #endif // MEMORY_LIB_C |
| 2908 | |
| 2909 | From TPMFail.c |
| 2910 | This value holds the address of the string containing the name of the function in which the failure |
| 2911 | occurred. This address value isn't useful for anything other than helping the vendor to know in which file |
| 2912 | the failure occurred. |
| 2913 | |
| 2914 | 742 extern jmp_buf g_jumpBuffer; // the jump buffer |
| 2915 | 743 extern BOOL g_inFailureMode; // Indicates that the TPM is in failure mode |
| 2916 | 744 extern BOOL g_forceFailureMode; // flag to force failure mode during test |
| 2917 | 745 #if defined TPM_FAIL_C || defined GLOBAL_C || 1 |
| 2918 | 746 extern UINT32 s_failFunction; |
| 2919 | 747 extern UINT32 s_failLine; // the line in the file at which |
| 2920 | 748 // the error was signaled |
| 2921 | 749 extern UINT32 s_failCode; // the error code used |
| 2922 | 750 #endif // TPM_FAIL_C |
| 2923 | 751 #endif // GLOBAL_H |
| 2924 | |
| 2925 | |
| 2926 | 5.9 Tpm.h |
| 2927 | |
| 2928 | Root header file for building any TPM.lib code |
| 2929 | |
| 2930 | 1 #ifndef _TPM_H_ |
| 2931 | 2 #define _TPM_H_ |
| 2932 | 3 #include "bool.h" |
| 2933 | |
| 2934 | |
| 2935 | Family "2.0" TCG Published Page 29 |
| 2936 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 2937 | Trusted Platform Module Library Part 4: Supporting Routines |
| 2938 | |
| 2939 | 4 #include "Implementation.h" |
| 2940 | 5 #include "TPM_Types.h" |
| 2941 | 6 #include "swap.h" |
| 2942 | 7 #endif // _TPM_H_ |
| 2943 | |
| 2944 | |
| 2945 | 5.10 swap.h |
| 2946 | |
| 2947 | 1 #ifndef _SWAP_H |
| 2948 | 2 #define _SWAP_H |
| 2949 | 3 #include "Implementation.h" |
| 2950 | 4 #if NO_AUTO_ALIGN == YES || LITTLE_ENDIAN_TPM == YES |
| 2951 | |
| 2952 | The aggregation macros for machines that do not allow unaligned access or for little-endian machines. |
| 2953 | Aggregate bytes into an UINT |
| 2954 | |
| 2955 | 5 #define BYTE_ARRAY_TO_UINT8(b) (UINT8)((b)[0]) |
| 2956 | 6 #define BYTE_ARRAY_TO_UINT16(b) (UINT16)( ((b)[0] << 8) \ |
| 2957 | 7 + (b)[1]) |
| 2958 | 8 #define BYTE_ARRAY_TO_UINT32(b) (UINT32)( ((b)[0] << 24) \ |
| 2959 | 9 + ((b)[1] << 16) \ |
| 2960 | 10 + ((b)[2] << 8 ) \ |
| 2961 | 11 + (b)[3]) |
| 2962 | 12 #define BYTE_ARRAY_TO_UINT64(b) (UINT64)( ((UINT64)(b)[0] << 56) \ |
| 2963 | 13 + ((UINT64)(b)[1] << 48) \ |
| 2964 | 14 + ((UINT64)(b)[2] << 40) \ |
| 2965 | 15 + ((UINT64)(b)[3] << 32) \ |
| 2966 | 16 + ((UINT64)(b)[4] << 24) \ |
| 2967 | 17 + ((UINT64)(b)[5] << 16) \ |
| 2968 | 18 + ((UINT64)(b)[6] << 8) \ |
| 2969 | 19 + (UINT64)(b)[7]) |
| 2970 | |
| 2971 | Disaggregate a UINT into a byte array |
| 2972 | |
| 2973 | 20 #define UINT8_TO_BYTE_ARRAY(i, b) ((b)[0] = (BYTE)(i), i) |
| 2974 | 21 #define UINT16_TO_BYTE_ARRAY(i, b) ((b)[0] = (BYTE)((i) >> 8), \ |
| 2975 | 22 (b)[1] = (BYTE) (i), \ |
| 2976 | 23 (i)) |
| 2977 | 24 #define UINT32_TO_BYTE_ARRAY(i, b) ((b)[0] = (BYTE)((i) >> 24), \ |
| 2978 | 25 (b)[1] = (BYTE)((i) >> 16), \ |
| 2979 | 26 (b)[2] = (BYTE)((i) >> 8), \ |
| 2980 | 27 (b)[3] = (BYTE) (i), \ |
| 2981 | 28 (i)) |
| 2982 | 29 #define UINT64_TO_BYTE_ARRAY(i, b) ((b)[0] = (BYTE)((i) >> 56), \ |
| 2983 | 30 (b)[1] = (BYTE)((i) >> 48), \ |
| 2984 | 31 (b)[2] = (BYTE)((i) >> 40), \ |
| 2985 | 32 (b)[3] = (BYTE)((i) >> 32), \ |
| 2986 | 33 (b)[4] = (BYTE)((i) >> 24), \ |
| 2987 | 34 (b)[5] = (BYTE)((i) >> 16), \ |
| 2988 | 35 (b)[6] = (BYTE)((i) >> 8), \ |
| 2989 | 36 (b)[7] = (BYTE) (i), \ |
| 2990 | 37 (i)) |
| 2991 | 38 #else |
| 2992 | |
| 2993 | the big-endian macros for machines that allow unaligned memory access Aggregate a byte array into a |
| 2994 | UINT |
| 2995 | |
| 2996 | 39 #define BYTE_ARRAY_TO_UINT8(b) *((UINT8 *)(b)) |
| 2997 | 40 #define BYTE_ARRAY_TO_UINT16(b) *((UINT16 *)(b)) |
| 2998 | 41 #define BYTE_ARRAY_TO_UINT32(b) *((UINT32 *)(b)) |
| 2999 | 42 #define BYTE_ARRAY_TO_UINT64(b) *((UINT64 *)(b)) |
| 3000 | |
| 3001 | Disaggregate a UINT into a byte array |
| 3002 | |
| 3003 | Page 30 TCG Published Family "2.0" |
| 3004 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 3005 | Part 4: Supporting Routines Trusted Platform Module Library |
| 3006 | |
| 3007 | 43 #define UINT8_TO_BYTE_ARRAY(i, b) (*((UINT8 *)(b)) = (i)) |
| 3008 | 44 #define UINT16_TO_BYTE_ARRAY(i, b) (*((UINT16 *)(b)) = (i)) |
| 3009 | 45 #define UINT32_TO_BYTE_ARRAY(i, b) (*((UINT32 *)(b)) = (i)) |
| 3010 | 46 #define UINT64_TO_BYTE_ARRAY(i, b) (*((UINT64 *)(b)) = (i)) |
| 3011 | 47 #endif // NO_AUTO_ALIGN == YES |
| 3012 | 48 #endif // _SWAP_H |
| 3013 | |
| 3014 | |
| 3015 | 5.11 InternalRoutines.h |
| 3016 | |
| 3017 | 1 #ifndef INTERNAL_ROUTINES_H |
| 3018 | 2 #define INTERNAL_ROUTINES_H |
| 3019 | |
| 3020 | NULL definition |
| 3021 | |
| 3022 | 3 #ifndef NULL |
| 3023 | 4 #define NULL (0) |
| 3024 | 5 #endif |
| 3025 | |
| 3026 | UNUSED_PARAMETER |
| 3027 | |
| 3028 | 6 #ifndef UNUSED_PARAMETER |
| 3029 | 7 #define UNUSED_PARAMETER(param) (void)(param); |
| 3030 | 8 #endif |
| 3031 | |
| 3032 | Internal data definition |
| 3033 | |
| 3034 | 9 #include "Global.h" |
| 3035 | 10 #include "VendorString.h" |
| 3036 | |
| 3037 | Error Reporting |
| 3038 | |
| 3039 | 11 #include "TpmError.h" |
| 3040 | |
| 3041 | DRTM functions |
| 3042 | |
| 3043 | 12 #include "_TPM_Hash_Start_fp.h" |
| 3044 | 13 #include "_TPM_Hash_Data_fp.h" |
| 3045 | 14 #include "_TPM_Hash_End_fp.h" |
| 3046 | |
| 3047 | Internal subsystem functions |
| 3048 | |
| 3049 | 15 #include "Object_fp.h" |
| 3050 | 16 #include "Entity_fp.h" |
| 3051 | 17 #include "Session_fp.h" |
| 3052 | 18 #include "Hierarchy_fp.h" |
| 3053 | 19 #include "NV_fp.h" |
| 3054 | 20 #include "PCR_fp.h" |
| 3055 | 21 #include "DA_fp.h" |
| 3056 | 22 #include "TpmFail_fp.h" |
| 3057 | |
| 3058 | Internal support functions |
| 3059 | |
| 3060 | 23 #include "CommandCodeAttributes_fp.h" |
| 3061 | 24 #include "MemoryLib_fp.h" |
| 3062 | 25 #include "marshal_fp.h" |
| 3063 | 26 #include "Time_fp.h" |
| 3064 | 27 #include "Locality_fp.h" |
| 3065 | 28 #include "PP_fp.h" |
| 3066 | 29 #include "CommandAudit_fp.h" |
| 3067 | 30 #include "Manufacture_fp.h" |
| 3068 | 31 #include "Power_fp.h" |
| 3069 | |
| 3070 | Family "2.0" TCG Published Page 31 |
| 3071 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 3072 | Trusted Platform Module Library Part 4: Supporting Routines |
| 3073 | |
| 3074 | 32 #include "Handle_fp.h" |
| 3075 | 33 #include "Commands_fp.h" |
| 3076 | 34 #include "AlgorithmCap_fp.h" |
| 3077 | 35 #include "PropertyCap_fp.h" |
| 3078 | 36 #include "Bits_fp.h" |
| 3079 | |
| 3080 | Internal crypto functions |
| 3081 | |
| 3082 | 37 #include "Ticket_fp.h" |
| 3083 | 38 #include "CryptUtil_fp.h" |
| 3084 | 39 #include "CryptSelfTest_fp.h" |
| 3085 | 40 #endif |
| 3086 | |
| 3087 | |
| 3088 | 5.12 TpmBuildSwitches.h |
| 3089 | |
| 3090 | This file contains the build switches. This contains switches for multiple versions of the crypto-library so |
| 3091 | some may not apply to your environment. |
| 3092 | |
| 3093 | 1 #ifndef _TPM_BUILD_SWITCHES_H |
| 3094 | 2 #define _TPM_BUILD_SWITCHES_H |
| 3095 | 3 #define SIMULATION |
| 3096 | 4 #define FIPS_COMPLIANT |
| 3097 | |
| 3098 | Define the alignment macro appropriate for the build environment For MS C compiler |
| 3099 | |
| 3100 | 5 #define ALIGN_TO(boundary) __declspec(align(boundary)) |
| 3101 | |
| 3102 | For ISO 9899:2011 |
| 3103 | |
| 3104 | 6 // #define ALIGN_TO(boundary) _Alignas(boundary) |
| 3105 | |
| 3106 | This switch enables the RNG state save and restore |
| 3107 | |
| 3108 | 7 #undef _DRBG_STATE_SAVE |
| 3109 | 8 #define _DRBG_STATE_SAVE // Comment this out if no state save is wanted |
| 3110 | |
| 3111 | Set the alignment size for the crypto. It would be nice to set this according to macros automatically |
| 3112 | defined by the build environment, but that doesn't seem possible because there isn't any simple set for |
| 3113 | that. So, this is just a plugged value. Your compiler should complain if this alignment isn't possible. |
| 3114 | |
| 3115 | NOTE: this value can be set at the command line or just plugged in here. |
| 3116 | |
| 3117 | 9 #ifdef CRYPTO_ALIGN_16 |
| 3118 | 10 # define CRYPTO_ALIGNMENT 16 |
| 3119 | 11 #elif defined CRYPTO_ALIGN_8 |
| 3120 | 12 # define CRYPTO_ALIGNMENT 8 |
| 3121 | 13 #eliF defined CRYPTO_ALIGN_2 |
| 3122 | 14 # define CRYPTO_ALIGNMENT 2 |
| 3123 | 15 #elif defined CRTYPO_ALIGN_1 |
| 3124 | 16 # define CRYPTO_ALIGNMENT 1 |
| 3125 | 17 #else |
| 3126 | 18 # define CRYPTO_ALIGNMENT 4 // For 32-bit builds |
| 3127 | 19 #endif |
| 3128 | 20 #define CRYPTO_ALIGNED ALIGN_TO(CRYPTO_ALIGNMENT) |
| 3129 | |
| 3130 | This macro is used to handle LIB_EXPORT of function and variable names in lieu of a .def file |
| 3131 | |
| 3132 | 21 #define LIB_EXPORT __declspec(dllexport) |
| 3133 | 22 // #define LIB_EXPORT |
| 3134 | |
| 3135 | |
| 3136 | |
| 3137 | Page 32 TCG Published Family "2.0" |
| 3138 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 3139 | Part 4: Supporting Routines Trusted Platform Module Library |
| 3140 | |
| 3141 | |
| 3142 | For import of a variable |
| 3143 | |
| 3144 | 23 #define LIB_IMPORT __declspec(dllimport) |
| 3145 | 24 //#define LIB_IMPORT |
| 3146 | |
| 3147 | This is defined to indicate a function that does not return. This is used in static code anlaysis. |
| 3148 | |
| 3149 | 25 #define _No_Return_ __declspec(noreturn) |
| 3150 | 26 //#define _No_Return_ |
| 3151 | 27 #ifdef SELF_TEST |
| 3152 | 28 #pragma comment(lib, "algorithmtests.lib") |
| 3153 | 29 #endif |
| 3154 | |
| 3155 | The switches in this group can only be enabled when running a simulation |
| 3156 | |
| 3157 | 30 #ifdef SIMULATION |
| 3158 | 31 # define RSA_KEY_CACHE |
| 3159 | 32 # define TPM_RNG_FOR_DEBUG |
| 3160 | 33 #else |
| 3161 | 34 # undef RSA_KEY_CACHE |
| 3162 | 35 # undef TPM_RNG_FOR_DEBUG |
| 3163 | 36 #endif // SIMULATION |
| 3164 | 37 #define INLINE __inline |
| 3165 | 38 #endif // _TPM_BUILD_SWITCHES_H |
| 3166 | |
| 3167 | |
| 3168 | 5.13 VendorString.h |
| 3169 | |
| 3170 | 1 #ifndef _VENDOR_STRING_H |
| 3171 | 2 #define _VENDOR_STRING_H |
| 3172 | |
| 3173 | Define up to 4-byte values for MANUFACTURER. This value defines the response for |
| 3174 | TPM_PT_MANUFACTURER in TPM2_GetCapability(). The following line should be un-commented and a |
| 3175 | vendor specific string should be provided here. |
| 3176 | |
| 3177 | 3 #define MANUFACTURER "MSFT" |
| 3178 | |
| 3179 | The following #if macro may be deleted after a proper MANUFACTURER is provided. |
| 3180 | |
| 3181 | 4 #ifndef MANUFACTURER |
| 3182 | 5 #error MANUFACTURER is not provided. \ |
| 3183 | 6 Please modify include\VendorString.h to provide a specific \ |
| 3184 | 7 manufacturer name. |
| 3185 | 8 #endif |
| 3186 | |
| 3187 | Define up to 4, 4-byte values. The values must each be 4 bytes long and the last value used may contain |
| 3188 | trailing zeros. These values define the response for TPM_PT_VENDOR_STRING_(1-4) in |
| 3189 | TPM2_GetCapability(). The following line should be un-commented and a vendor specific string should |
| 3190 | be provided here. The vendor strings 2-4 may also be defined as appropriately. |
| 3191 | |
| 3192 | 9 #define VENDOR_STRING_1 "xCG " |
| 3193 | 10 #define VENDOR_STRING_2 "fTPM" |
| 3194 | 11 // #define VENDOR_STRING_3 |
| 3195 | 12 // #define VENDOR_STRING_4 |
| 3196 | |
| 3197 | The following #if macro may be deleted after a proper VENDOR_STRING_1 is provided. |
| 3198 | |
| 3199 | 13 #ifndef VENDOR_STRING_1 |
| 3200 | 14 #error VENDOR_STRING_1 is not provided. \ |
| 3201 | 15 Please modify include\VendorString.h to provide a vednor specific \ |
| 3202 | 16 string. |
| 3203 | |
| 3204 | |
| 3205 | Family "2.0" TCG Published Page 33 |
| 3206 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 3207 | Trusted Platform Module Library Part 4: Supporting Routines |
| 3208 | |
| 3209 | 17 #endif |
| 3210 | |
| 3211 | the more significant 32-bits of a vendor-specific value indicating the version of the firmware The following |
| 3212 | line should be un-commented and a vendor specific firmware V1 should be provided here. The |
| 3213 | FIRMWARE_V2 may also be defined as appropriate. |
| 3214 | |
| 3215 | 18 #define FIRMWARE_V1 (0x20140504) |
| 3216 | |
| 3217 | the less significant 32-bits of a vendor-specific value indicating the version of the firmware |
| 3218 | |
| 3219 | 19 #define FIRMWARE_V2 (0x00200136) |
| 3220 | |
| 3221 | The following #if macro may be deleted after a proper FIRMWARE_V1 is provided. |
| 3222 | |
| 3223 | 20 #ifndef FIRMWARE_V1 |
| 3224 | 21 #error FIRMWARE_V1 is not provided. \ |
| 3225 | 22 Please modify include\VendorString.h to provide a vendor specific firmware \ |
| 3226 | 23 version |
| 3227 | 24 #endif |
| 3228 | 25 #endif |
| 3229 | |
| 3230 | |
| 3231 | |
| 3232 | |
| 3233 | Page 34 TCG Published Family "2.0" |
| 3234 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 3235 | Part 4: Supporting Routines Trusted Platform Module Library |
| 3236 | |
| 3237 | |
| 3238 | 6 Main |
| 3239 | |
Vadim Bendebury | bfc1e79 | 2015-05-31 14:05:34 -0700 | [diff] [blame] | 3240 | 6.1 CommandDispatcher.h |
Vadim Bendebury | 5679752 | 2015-05-20 10:32:25 -0700 | [diff] [blame] | 3241 | |
| 3242 | In the reference implementation, a program that uses TPM 2.0 Part 3 as input automatically generates |
| 3243 | the command dispatch code. The function prototype header file (CommandDispatcher_fp.h) is shown |
| 3244 | here. |
| 3245 | CommandDispatcher() performs the following operations: |
| 3246 | unmarshals command parameters from the input buffer; |
| 3247 | invokes the function that performs the command actions; |
| 3248 | marshals the returned handles, if any; and |
| 3249 | marshals the returned parameters, if any, into the output buffer putting in the parameterSize field if |
| 3250 | authorization sessions are present. |
| 3251 | |
| 3252 | 1 #ifndef _COMMANDDISPATCHER_FP_H_ |
| 3253 | 2 #define _COMMANDDISPATCHER_FP_H_ |
| 3254 | 3 TPM_RC |
| 3255 | 4 CommandDispatcher( |
| 3256 | 5 TPMI_ST_COMMAND_TAG tag, // IN: Input command tag |
| 3257 | 6 TPM_CC commandCode, // IN: Command code |
| 3258 | 7 INT32 *parmBufferSize, // IN: size of parameter buffer |
| 3259 | 8 BYTE *parmBufferStart, // IN: pointer to start of parameter buffer |
| 3260 | 9 TPM_HANDLE handles[], // IN: handle array |
| 3261 | 10 UINT32 *responseHandleSize,// OUT: size of handle buffer in response |
| 3262 | 11 UINT32 *respParmSize // OUT: size of parameter buffer in response |
| 3263 | 12 ); |
| 3264 | 13 #endif // _COMMANDDISPATCHER_FP_H_ |
| 3265 | |
| 3266 | |
| 3267 | 6.2 ExecCommand.c |
| 3268 | |
| 3269 | 6.2.1 Introduction |
| 3270 | |
| 3271 | This file contains the entry function ExecuteCommand() which provides the main control flow for TPM |
| 3272 | command execution. |
| 3273 | |
| 3274 | 6.2.2 Includes |
| 3275 | |
| 3276 | 1 #include "InternalRoutines.h" |
| 3277 | 2 #include "HandleProcess_fp.h" |
| 3278 | 3 #include "SessionProcess_fp.h" |
| 3279 | 4 #include "CommandDispatcher_fp.h" |
| 3280 | |
| 3281 | Uncomment this next #include if doing static command/response buffer sizing |
| 3282 | |
| 3283 | 5 // #include "CommandResponseSizes_fp.h" |
| 3284 | |
| 3285 | |
| 3286 | 6.2.3 ExecuteCommand() |
| 3287 | |
| 3288 | The function performs the following steps. |
| 3289 | a) Parses the command header from input buffer. |
| 3290 | b) Calls ParseHandleBuffer() to parse the handle area of the command. |
| 3291 | c) Validates that each of the handles references a loaded entity. |
| 3292 | |
| 3293 | Family "2.0" TCG Published Page 35 |
| 3294 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 3295 | Trusted Platform Module Library Part 4: Supporting Routines |
| 3296 | |
| 3297 | |
| 3298 | d) Calls ParseSessionBuffer() () to: |
| 3299 | 1) unmarshal and parse the session area; |
| 3300 | 2) check the authorizations; and |
| 3301 | 3) when necessary, decrypt a parameter. |
| 3302 | e) Calls CommandDispatcher() to: |
| 3303 | 1) unmarshal the command parameters from the command buffer; |
| 3304 | 2) call the routine that performs the command actions; and |
| 3305 | 3) marshal the responses into the response buffer. |
| 3306 | f) If any error occurs in any of the steps above create the error response and return. |
| 3307 | g) Calls BuildResponseSession() to: |
| 3308 | 1) when necessary, encrypt a parameter |
| 3309 | 2) build the response authorization sessions |
| 3310 | 3) update the audit sessions and nonces |
| 3311 | h) Assembles handle, parameter and session buffers for response and return. |
| 3312 | |
| 3313 | 6 LIB_EXPORT void |
| 3314 | 7 ExecuteCommand( |
| 3315 | 8 unsigned int requestSize, // IN: command buffer size |
| 3316 | 9 unsigned char *request, // IN: command buffer |
| 3317 | 10 unsigned int *responseSize, // OUT: response buffer size |
| 3318 | 11 unsigned char **response // OUT: response buffer |
| 3319 | 12 ) |
| 3320 | 13 { |
| 3321 | 14 // Command local variables |
| 3322 | 15 TPM_ST tag; // these first three variables are the |
| 3323 | 16 UINT32 commandSize; |
| 3324 | 17 TPM_CC commandCode = 0; |
| 3325 | 18 |
| 3326 | 19 BYTE *parmBufferStart; // pointer to the first byte of an |
| 3327 | 20 // optional parameter buffer |
| 3328 | 21 |
| 3329 | 22 UINT32 parmBufferSize = 0;// number of bytes in parameter area |
| 3330 | 23 |
| 3331 | 24 UINT32 handleNum = 0; // number of handles unmarshaled into |
| 3332 | 25 // the handles array |
| 3333 | 26 |
| 3334 | 27 TPM_HANDLE handles[MAX_HANDLE_NUM];// array to hold handles in the |
| 3335 | 28 // command. Only handles in the handle |
| 3336 | 29 // area are stored here, not handles |
| 3337 | 30 // passed as parameters. |
| 3338 | 31 |
| 3339 | 32 // Response local variables |
| 3340 | 33 TPM_RC result; // return code for the command |
| 3341 | 34 |
| 3342 | 35 TPM_ST resTag; // tag for the response |
| 3343 | 36 |
| 3344 | 37 UINT32 resHandleSize = 0; // size of the handle area in the |
| 3345 | 38 // response. This is needed so that the |
| 3346 | 39 // handle area can be skipped when |
| 3347 | 40 // generating the rpHash. |
| 3348 | 41 |
| 3349 | 42 UINT32 resParmSize = 0; // the size of the response parameters |
| 3350 | 43 // These values go in the rpHash. |
| 3351 | 44 |
| 3352 | 45 UINT32 resAuthSize = 0; // size of authorization area in the |
| 3353 | |
| 3354 | |
| 3355 | Page 36 TCG Published Family "2.0" |
| 3356 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 3357 | Part 4: Supporting Routines Trusted Platform Module Library |
| 3358 | |
| 3359 | 46 // response |
| 3360 | 47 |
| 3361 | 48 INT32 size; // remaining data to be unmarshaled |
| 3362 | 49 // or remaining space in the marshaling |
| 3363 | 50 // buffer |
| 3364 | 51 |
| 3365 | 52 BYTE *buffer; // pointer into the buffer being used |
| 3366 | 53 // for marshaling or unmarshaling |
| 3367 | 54 |
| 3368 | 55 UINT32 i; // local temp |
| 3369 | 56 |
| 3370 | 57 // This next function call is used in development to size the command and response |
| 3371 | 58 // buffers. The values printed are the sizes of the internal structures and |
| 3372 | 59 // not the sizes of the canonical forms of the command response structures. Also, |
| 3373 | 60 // the sizes do not include the tag, commandCode, requestSize, or the authorization |
| 3374 | 61 // fields. |
| 3375 | 62 //CommandResponseSizes(); |
| 3376 | 63 |
| 3377 | 64 // Set flags for NV access state. This should happen before any other |
| 3378 | 65 // operation that may require a NV write. Note, that this needs to be done |
| 3379 | 66 // even when in failure mode. Otherwise, g_updateNV would stay SET while in |
| 3380 | 67 // Failure mode and the NB would be written on each call. |
| 3381 | 68 g_updateNV = FALSE; |
| 3382 | 69 g_clearOrderly = FALSE; |
| 3383 | 70 |
| 3384 | 71 // As of Sept 25, 2013, the failure mode handling has been incorporated in the |
| 3385 | 72 // reference code. This implementation requires that the system support |
| 3386 | 73 // setjmp/longjmp. This code is put here because of the complexity being |
| 3387 | 74 // added to the platform and simulator code to deal with all the variations |
| 3388 | 75 // of errors. |
| 3389 | 76 if(g_inFailureMode) |
| 3390 | 77 { |
| 3391 | 78 // Do failure mode processing |
| 3392 | 79 TpmFailureMode (requestSize, request, responseSize, response); |
| 3393 | 80 return; |
| 3394 | 81 } |
| 3395 | 82 if(setjmp(g_jumpBuffer) != 0) |
| 3396 | 83 { |
| 3397 | 84 // Get here if we got a longjump putting us into failure mode |
| 3398 | 85 g_inFailureMode = TRUE; |
| 3399 | 86 result = TPM_RC_FAILURE; |
| 3400 | 87 goto Fail; |
| 3401 | 88 } |
| 3402 | 89 |
| 3403 | 90 // Assume that everything is going to work. |
| 3404 | 91 result = TPM_RC_SUCCESS; |
| 3405 | 92 |
| 3406 | 93 // Query platform to get the NV state. The result state is saved internally |
| 3407 | 94 // and will be reported by NvIsAvailable(). The reference code requires that |
| 3408 | 95 // accessibility of NV does not change during the execution of a command. |
| 3409 | 96 // Specifically, if NV is available when the command execution starts and then |
| 3410 | 97 // is not available later when it is necessary to write to NV, then the TPM |
| 3411 | 98 // will go into failure mode. |
| 3412 | 99 NvCheckState(); |
| 3413 | 100 |
| 3414 | 101 // Due to the limitations of the simulation, TPM clock must be explicitly |
| 3415 | 102 // synchronized with the system clock whenever a command is received. |
| 3416 | 103 // This function call is not necessary in a hardware TPM. However, taking |
| 3417 | 104 // a snapshot of the hardware timer at the beginning of the command allows |
| 3418 | 105 // the time value to be consistent for the duration of the command execution. |
| 3419 | 106 TimeUpdateToCurrent(); |
| 3420 | 107 |
| 3421 | 108 // Any command through this function will unceremoniously end the |
| 3422 | 109 // _TPM_Hash_Data/_TPM_Hash_End sequence. |
| 3423 | 110 if(g_DRTMHandle != TPM_RH_UNASSIGNED) |
| 3424 | 111 ObjectTerminateEvent(); |
| 3425 | |
| 3426 | Family "2.0" TCG Published Page 37 |
| 3427 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 3428 | Trusted Platform Module Library Part 4: Supporting Routines |
| 3429 | |
| 3430 | 112 |
| 3431 | 113 // Get command buffer size and command buffer. |
| 3432 | 114 size = requestSize; |
| 3433 | 115 buffer = request; |
| 3434 | 116 |
| 3435 | 117 // Parse command header: tag, commandSize and commandCode. |
| 3436 | 118 // First parse the tag. The unmarshaling routine will validate |
| 3437 | 119 // that it is either TPM_ST_SESSIONS or TPM_ST_NO_SESSIONS. |
| 3438 | 120 result = TPMI_ST_COMMAND_TAG_Unmarshal(&tag, &buffer, &size); |
| 3439 | 121 if(result != TPM_RC_SUCCESS) |
| 3440 | 122 goto Cleanup; |
| 3441 | 123 |
| 3442 | 124 // Unmarshal the commandSize indicator. |
| 3443 | 125 result = UINT32_Unmarshal(&commandSize, &buffer, &size); |
| 3444 | 126 if(result != TPM_RC_SUCCESS) |
| 3445 | 127 goto Cleanup; |
| 3446 | 128 |
| 3447 | 129 // On a TPM that receives bytes on a port, the number of bytes that were |
| 3448 | 130 // received on that port is requestSize it must be identical to commandSize. |
| 3449 | 131 // In addition, commandSize must not be larger than MAX_COMMAND_SIZE allowed |
| 3450 | 132 // by the implementation. The check against MAX_COMMAND_SIZE may be redundant |
| 3451 | 133 // as the input processing (the function that receives the command bytes and |
| 3452 | 134 // places them in the input buffer) would likely have the input truncated when |
| 3453 | 135 // it reaches MAX_COMMAND_SIZE, and requestSize would not equal commandSize. |
| 3454 | 136 if(commandSize != requestSize || commandSize > MAX_COMMAND_SIZE) |
| 3455 | 137 { |
| 3456 | 138 result = TPM_RC_COMMAND_SIZE; |
| 3457 | 139 goto Cleanup; |
| 3458 | 140 } |
| 3459 | 141 |
| 3460 | 142 // Unmarshal the command code. |
| 3461 | 143 result = TPM_CC_Unmarshal(&commandCode, &buffer, &size); |
| 3462 | 144 if(result != TPM_RC_SUCCESS) |
| 3463 | 145 goto Cleanup; |
| 3464 | 146 |
| 3465 | 147 // Check to see if the command is implemented. |
| 3466 | 148 if(!CommandIsImplemented(commandCode)) |
| 3467 | 149 { |
| 3468 | 150 result = TPM_RC_COMMAND_CODE; |
| 3469 | 151 goto Cleanup; |
| 3470 | 152 } |
| 3471 | 153 |
| 3472 | 154 #if FIELD_UPGRADE_IMPLEMENTED == YES |
| 3473 | 155 // If the TPM is in FUM, then the only allowed command is |
| 3474 | 156 // TPM_CC_FieldUpgradeData. |
| 3475 | 157 if(IsFieldUgradeMode() && (commandCode != TPM_CC_FieldUpgradeData)) |
| 3476 | 158 { |
| 3477 | 159 result = TPM_RC_UPGRADE; |
| 3478 | 160 goto Cleanup; |
| 3479 | 161 } |
| 3480 | 162 else |
| 3481 | 163 #endif |
| 3482 | 164 // Excepting FUM, the TPM only accepts TPM2_Startup() after |
| 3483 | 165 // _TPM_Init. After getting a TPM2_Startup(), TPM2_Startup() |
| 3484 | 166 // is no longer allowed. |
| 3485 | 167 if(( !TPMIsStarted() && commandCode != TPM_CC_Startup) |
| 3486 | 168 || (TPMIsStarted() && commandCode == TPM_CC_Startup)) |
| 3487 | 169 { |
| 3488 | 170 result = TPM_RC_INITIALIZE; |
| 3489 | 171 goto Cleanup; |
| 3490 | 172 } |
| 3491 | 173 |
| 3492 | 174 // Start regular command process. |
| 3493 | 175 // Parse Handle buffer. |
| 3494 | 176 result = ParseHandleBuffer(commandCode, &buffer, &size, handles, &handleNum); |
| 3495 | 177 if(result != TPM_RC_SUCCESS) |
| 3496 | |
| 3497 | Page 38 TCG Published Family "2.0" |
| 3498 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 3499 | Part 4: Supporting Routines Trusted Platform Module Library |
| 3500 | |
| 3501 | 178 goto Cleanup; |
| 3502 | 179 |
| 3503 | 180 // Number of handles retrieved from handle area should be less than |
| 3504 | 181 // MAX_HANDLE_NUM. |
| 3505 | 182 pAssert(handleNum <= MAX_HANDLE_NUM); |
| 3506 | 183 |
| 3507 | 184 // All handles in the handle area are required to reference TPM-resident |
| 3508 | 185 // entities. |
| 3509 | 186 for(i = 0; i < handleNum; i++) |
| 3510 | 187 { |
| 3511 | 188 result = EntityGetLoadStatus(&handles[i], commandCode); |
| 3512 | 189 if(result != TPM_RC_SUCCESS) |
| 3513 | 190 { |
| 3514 | 191 if(result == TPM_RC_REFERENCE_H0) |
| 3515 | 192 result = result + i; |
| 3516 | 193 else |
| 3517 | 194 result = RcSafeAddToResult(result, TPM_RC_H + g_rcIndex[i]); |
| 3518 | 195 goto Cleanup; |
| 3519 | 196 } |
| 3520 | 197 } |
| 3521 | 198 |
| 3522 | 199 // Authorization session handling for the command. |
| 3523 | 200 if(tag == TPM_ST_SESSIONS) |
| 3524 | 201 { |
| 3525 | 202 BYTE *sessionBufferStart;// address of the session area first byte |
| 3526 | 203 // in the input buffer |
| 3527 | 204 |
| 3528 | 205 UINT32 authorizationSize; // number of bytes in the session area |
| 3529 | 206 |
| 3530 | 207 // Find out session buffer size. |
| 3531 | 208 result = UINT32_Unmarshal(&authorizationSize, &buffer, &size); |
| 3532 | 209 if(result != TPM_RC_SUCCESS) |
| 3533 | 210 goto Cleanup; |
| 3534 | 211 |
| 3535 | 212 // Perform sanity check on the unmarshaled value. If it is smaller than |
| 3536 | 213 // the smallest possible session or larger than the remaining size of |
| 3537 | 214 // the command, then it is an error. NOTE: This check could pass but the |
| 3538 | 215 // session size could still be wrong. That will be determined after the |
| 3539 | 216 // sessions are unmarshaled. |
| 3540 | 217 if( authorizationSize < 9 |
| 3541 | 218 || authorizationSize > (UINT32) size) |
| 3542 | 219 { |
| 3543 | 220 result = TPM_RC_SIZE; |
| 3544 | 221 goto Cleanup; |
| 3545 | 222 } |
| 3546 | 223 |
| 3547 | 224 // The sessions, if any, follows authorizationSize. |
| 3548 | 225 sessionBufferStart = buffer; |
| 3549 | 226 |
| 3550 | 227 // The parameters follow the session area. |
| 3551 | 228 parmBufferStart = sessionBufferStart + authorizationSize; |
| 3552 | 229 |
| 3553 | 230 // Any data left over after removing the authorization sessions is |
| 3554 | 231 // parameter data. If the command does not have parameters, then an |
| 3555 | 232 // error will be returned if the remaining size is not zero. This is |
| 3556 | 233 // checked later. |
| 3557 | 234 parmBufferSize = size - authorizationSize; |
| 3558 | 235 |
| 3559 | 236 // The actions of ParseSessionBuffer() are described in the introduction. |
| 3560 | 237 result = ParseSessionBuffer(commandCode, |
| 3561 | 238 handleNum, |
| 3562 | 239 handles, |
| 3563 | 240 sessionBufferStart, |
| 3564 | 241 authorizationSize, |
| 3565 | 242 parmBufferStart, |
| 3566 | 243 parmBufferSize); |
| 3567 | |
| 3568 | Family "2.0" TCG Published Page 39 |
| 3569 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 3570 | Trusted Platform Module Library Part 4: Supporting Routines |
| 3571 | |
| 3572 | 244 if(result != TPM_RC_SUCCESS) |
| 3573 | 245 goto Cleanup; |
| 3574 | 246 } |
| 3575 | 247 else |
| 3576 | 248 { |
| 3577 | 249 // Whatever remains in the input buffer is used for the parameters of the |
| 3578 | 250 // command. |
| 3579 | 251 parmBufferStart = buffer; |
| 3580 | 252 parmBufferSize = size; |
| 3581 | 253 |
| 3582 | 254 // The command has no authorization sessions. |
| 3583 | 255 // If the command requires authorizations, then CheckAuthNoSession() will |
| 3584 | 256 // return an error. |
| 3585 | 257 result = CheckAuthNoSession(commandCode, handleNum, handles, |
| 3586 | 258 parmBufferStart, parmBufferSize); |
| 3587 | 259 if(result != TPM_RC_SUCCESS) |
| 3588 | 260 goto Cleanup; |
| 3589 | 261 } |
| 3590 | 262 |
| 3591 | 263 // CommandDispatcher returns a response handle buffer and a response parameter |
| 3592 | 264 // buffer if it succeeds. It will also set the parameterSize field in the |
| 3593 | 265 // buffer if the tag is TPM_RC_SESSIONS. |
| 3594 | 266 result = CommandDispatcher(tag, |
| 3595 | 267 commandCode, |
| 3596 | 268 (INT32 *) &parmBufferSize, |
| 3597 | 269 parmBufferStart, |
| 3598 | 270 handles, |
| 3599 | 271 &resHandleSize, |
| 3600 | 272 &resParmSize); |
| 3601 | 273 if(result != TPM_RC_SUCCESS) |
| 3602 | 274 goto Cleanup; |
| 3603 | 275 |
| 3604 | 276 // Build the session area at the end of the parameter area. |
| 3605 | 277 BuildResponseSession(tag, |
| 3606 | 278 commandCode, |
| 3607 | 279 resHandleSize, |
| 3608 | 280 resParmSize, |
| 3609 | 281 &resAuthSize); |
| 3610 | 282 |
| 3611 | 283 Cleanup: |
| 3612 | 284 // This implementation loads an "evict" object to a transient object slot in |
| 3613 | 285 // RAM whenever an "evict" object handle is used in a command so that the |
| 3614 | 286 // access to any object is the same. These temporary objects need to be |
| 3615 | 287 // cleared from RAM whether the command succeeds or fails. |
| 3616 | 288 ObjectCleanupEvict(); |
| 3617 | 289 |
| 3618 | 290 Fail: |
| 3619 | 291 // The response will contain at least a response header. |
| 3620 | 292 *responseSize = sizeof(TPM_ST) + sizeof(UINT32) + sizeof(TPM_RC); |
| 3621 | 293 |
| 3622 | 294 // If the command completed successfully, then build the rest of the response. |
| 3623 | 295 if(result == TPM_RC_SUCCESS) |
| 3624 | 296 { |
| 3625 | 297 // Outgoing tag will be the same as the incoming tag. |
| 3626 | 298 resTag = tag; |
| 3627 | 299 // The overall response will include the handles, parameters, |
| 3628 | 300 // and authorizations. |
| 3629 | 301 *responseSize += resHandleSize + resParmSize + resAuthSize; |
| 3630 | 302 |
| 3631 | 303 // Adding parameter size field. |
| 3632 | 304 if(tag == TPM_ST_SESSIONS) |
| 3633 | 305 *responseSize += sizeof(UINT32); |
| 3634 | 306 |
| 3635 | 307 if( g_clearOrderly == TRUE |
| 3636 | 308 && gp.orderlyState != SHUTDOWN_NONE) |
| 3637 | 309 { |
| 3638 | |
| 3639 | Page 40 TCG Published Family "2.0" |
| 3640 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 3641 | Part 4: Supporting Routines Trusted Platform Module Library |
| 3642 | |
| 3643 | 310 gp.orderlyState = SHUTDOWN_NONE; |
| 3644 | 311 NvWriteReserved(NV_ORDERLY, &gp.orderlyState); |
| 3645 | 312 g_updateNV = TRUE; |
| 3646 | 313 } |
| 3647 | 314 } |
| 3648 | 315 else |
| 3649 | 316 { |
| 3650 | 317 // The command failed. |
| 3651 | 318 // If this was a failure due to a bad command tag, then need to return |
| 3652 | 319 // a TPM 1.2 compatible response |
| 3653 | 320 if(result == TPM_RC_BAD_TAG) |
| 3654 | 321 resTag = TPM_ST_RSP_COMMAND; |
| 3655 | 322 else |
| 3656 | 323 // return 2.0 compatible response |
| 3657 | 324 resTag = TPM_ST_NO_SESSIONS; |
| 3658 | 325 } |
| 3659 | 326 // Try to commit all the writes to NV if any NV write happened during this |
| 3660 | 327 // command execution. This check should be made for both succeeded and failed |
| 3661 | 328 // commands, because a failed one may trigger a NV write in DA logic as well. |
| 3662 | 329 // This is the only place in the command execution path that may call the NV |
| 3663 | 330 // commit. If the NV commit fails, the TPM should be put in failure mode. |
| 3664 | 331 if(g_updateNV && !g_inFailureMode) |
| 3665 | 332 { |
| 3666 | 333 g_updateNV = FALSE; |
| 3667 | 334 if(!NvCommit()) |
| 3668 | 335 FAIL(FATAL_ERROR_INTERNAL); |
| 3669 | 336 } |
| 3670 | 337 |
| 3671 | 338 // Marshal the response header. |
| 3672 | 339 buffer = MemoryGetResponseBuffer(commandCode); |
| 3673 | 340 TPM_ST_Marshal(&resTag, &buffer, NULL); |
| 3674 | 341 UINT32_Marshal((UINT32 *)responseSize, &buffer, NULL); |
| 3675 | 342 pAssert(*responseSize <= MAX_RESPONSE_SIZE); |
| 3676 | 343 TPM_RC_Marshal(&result, &buffer, NULL); |
| 3677 | 344 |
| 3678 | 345 *response = MemoryGetResponseBuffer(commandCode); |
| 3679 | 346 |
| 3680 | 347 // Clear unused bit in response buffer. |
| 3681 | 348 MemorySet(*response + *responseSize, 0, MAX_RESPONSE_SIZE - *responseSize); |
| 3682 | 349 |
| 3683 | 350 return; |
| 3684 | 351 } |
| 3685 | |
| 3686 | |
Vadim Bendebury | bfc1e79 | 2015-05-31 14:05:34 -0700 | [diff] [blame] | 3687 | 6.3 ParseHandleBuffer.h |
Vadim Bendebury | 5679752 | 2015-05-20 10:32:25 -0700 | [diff] [blame] | 3688 | |
| 3689 | In the reference implementation, the routine for unmarshaling the command handles is automatically |
| 3690 | generated from TPM 2.0 Part 3 command tables. The prototype header file (HandleProcess_fp.h) is |
| 3691 | shown here. |
| 3692 | |
| 3693 | 1 #ifndef _HANDLEPROCESS_FP_H_ |
| 3694 | 2 #define _HANDLEPROCESS_FP_H_ |
| 3695 | 3 TPM_RC |
| 3696 | 4 ParseHandleBuffer( |
| 3697 | 5 TPM_CC commandCode, // IN: Command being processed |
| 3698 | 6 BYTE **handleBufferStart, // IN/OUT: command buffer where handles |
| 3699 | 7 // are located. Updated as handles |
| 3700 | 8 // are unmarshaled |
| 3701 | 9 INT32 *bufferRemainingSize, // IN/OUT: indicates the amount of data |
| 3702 | 10 // left in the command buffer. |
| 3703 | 11 // Updated as handles are unmarshaled |
| 3704 | 12 TPM_HANDLE handles[], // OUT: Array that receives the handles |
| 3705 | 13 UINT32 *handleCount // OUT: Receives the count of handles |
| 3706 | 14 ); |
| 3707 | 15 #endif // _HANDLEPROCESS_FP_H_ |
| 3708 | |
| 3709 | Family "2.0" TCG Published Page 41 |
| 3710 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 3711 | Trusted Platform Module Library Part 4: Supporting Routines |
| 3712 | |
| 3713 | 6.4 SessionProcess.c |
| 3714 | |
| 3715 | 6.4.1 Introduction |
| 3716 | |
| 3717 | This file contains the subsystem that process the authorization sessions including implementation of the |
| 3718 | Dictionary Attack logic. ExecCommand() uses ParseSessionBuffer() to process the authorization session |
| 3719 | area of a command and BuildResponseSession() to create the authorization session area of a response. |
| 3720 | |
| 3721 | 6.4.2 Includes and Data Definitions |
| 3722 | |
| 3723 | 1 #define SESSION_PROCESS_C |
| 3724 | 2 #include "InternalRoutines.h" |
| 3725 | 3 #include "SessionProcess_fp.h" |
| 3726 | 4 #include "Platform.h" |
| 3727 | |
| 3728 | |
| 3729 | 6.4.3 Authorization Support Functions |
| 3730 | |
| 3731 | 6.4.3.1 IsDAExempted() |
| 3732 | |
| 3733 | This function indicates if a handle is exempted from DA logic. A handle is exempted if it is |
| 3734 | a) a primary seed handle, |
| 3735 | b) an object with noDA bit SET, |
| 3736 | c) an NV Index with TPMA_NV_NO_DA bit SET, or |
| 3737 | d) a PCR handle. |
| 3738 | |
| 3739 | Return Value Meaning |
| 3740 | |
| 3741 | TRUE handle is exempted from DA logic |
| 3742 | FALSE handle is not exempted from DA logic |
| 3743 | |
| 3744 | 5 BOOL |
| 3745 | 6 IsDAExempted( |
| 3746 | 7 TPM_HANDLE handle // IN: entity handle |
| 3747 | 8 ) |
| 3748 | 9 { |
| 3749 | 10 BOOL result = FALSE; |
| 3750 | 11 |
| 3751 | 12 switch(HandleGetType(handle)) |
| 3752 | 13 { |
| 3753 | 14 case TPM_HT_PERMANENT: |
| 3754 | 15 // All permanent handles, other than TPM_RH_LOCKOUT, are exempt from |
| 3755 | 16 // DA protection. |
| 3756 | 17 result = (handle != TPM_RH_LOCKOUT); |
| 3757 | 18 break; |
| 3758 | 19 |
| 3759 | 20 // When this function is called, a persistent object will have been loaded |
| 3760 | 21 // into an object slot and assigned a transient handle. |
| 3761 | 22 case TPM_HT_TRANSIENT: |
| 3762 | 23 { |
| 3763 | 24 OBJECT *object; |
| 3764 | 25 object = ObjectGet(handle); |
| 3765 | 26 result = (object->publicArea.objectAttributes.noDA == SET); |
| 3766 | 27 break; |
| 3767 | 28 } |
| 3768 | 29 case TPM_HT_NV_INDEX: |
| 3769 | 30 { |
| 3770 | 31 NV_INDEX nvIndex; |
| 3771 | |
| 3772 | Page 42 TCG Published Family "2.0" |
| 3773 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 3774 | Part 4: Supporting Routines Trusted Platform Module Library |
| 3775 | |
| 3776 | 32 NvGetIndexInfo(handle, &nvIndex); |
| 3777 | 33 result = (nvIndex.publicArea.attributes.TPMA_NV_NO_DA == SET); |
| 3778 | 34 break; |
| 3779 | 35 } |
| 3780 | 36 case TPM_HT_PCR: |
| 3781 | 37 // PCRs are always exempted from DA. |
| 3782 | 38 result = TRUE; |
| 3783 | 39 break; |
| 3784 | 40 default: |
| 3785 | 41 break; |
| 3786 | 42 } |
| 3787 | 43 return result; |
| 3788 | 44 } |
| 3789 | |
| 3790 | |
| 3791 | 6.4.3.2 IncrementLockout() |
| 3792 | |
| 3793 | This function is called after an authorization failure that involves use of an authValue. If the entity |
| 3794 | referenced by the handle is not exempt from DA protection, then the failedTries counter will be |
| 3795 | incremented. |
| 3796 | |
| 3797 | Error Returns Meaning |
| 3798 | |
| 3799 | TPM_RC_AUTH_FAIL authorization failure that caused DA lockout to increment |
| 3800 | TPM_RC_BAD_AUTH authorization failure did not cause DA lockout to increment |
| 3801 | |
| 3802 | 45 static TPM_RC |
| 3803 | 46 IncrementLockout( |
| 3804 | 47 UINT32 sessionIndex |
| 3805 | 48 ) |
| 3806 | 49 { |
| 3807 | 50 TPM_HANDLE handle = s_associatedHandles[sessionIndex]; |
| 3808 | 51 TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex]; |
| 3809 | 52 TPM_RC result; |
| 3810 | 53 SESSION *session = NULL; |
| 3811 | 54 |
| 3812 | 55 // Don't increment lockout unless the handle associated with the session |
| 3813 | 56 // is DA protected or the session is bound to a DA protected entity. |
| 3814 | 57 if(sessionHandle == TPM_RS_PW) |
| 3815 | 58 { |
| 3816 | 59 if(IsDAExempted(handle)) |
| 3817 | 60 return TPM_RC_BAD_AUTH; |
| 3818 | 61 |
| 3819 | 62 } |
| 3820 | 63 else |
| 3821 | 64 { |
| 3822 | 65 session = SessionGet(sessionHandle); |
| 3823 | 66 // If the session is bound to lockout, then use that as the relevant |
| 3824 | 67 // handle. This means that an auth failure with a bound session |
| 3825 | 68 // bound to lockoutAuth will take precedence over any other |
| 3826 | 69 // lockout check |
| 3827 | 70 if(session->attributes.isLockoutBound == SET) |
| 3828 | 71 handle = TPM_RH_LOCKOUT; |
| 3829 | 72 |
| 3830 | 73 if( session->attributes.isDaBound == CLEAR |
| 3831 | 74 && IsDAExempted(handle) |
| 3832 | 75 ) |
| 3833 | 76 // If the handle was changed to TPM_RH_LOCKOUT, this will not return |
| 3834 | 77 // TPM_RC_BAD_AUTH |
| 3835 | 78 return TPM_RC_BAD_AUTH; |
| 3836 | 79 |
| 3837 | 80 } |
| 3838 | 81 |
| 3839 | 82 if(handle == TPM_RH_LOCKOUT) |
| 3840 | |
| 3841 | Family "2.0" TCG Published Page 43 |
| 3842 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 3843 | Trusted Platform Module Library Part 4: Supporting Routines |
| 3844 | |
| 3845 | 83 { |
| 3846 | 84 pAssert(gp.lockOutAuthEnabled); |
| 3847 | 85 gp.lockOutAuthEnabled = FALSE; |
| 3848 | 86 // For TPM_RH_LOCKOUT, if lockoutRecovery is 0, no need to update NV since |
| 3849 | 87 // the lockout auth will be reset at startup. |
| 3850 | 88 if(gp.lockoutRecovery != 0) |
| 3851 | 89 { |
| 3852 | 90 result = NvIsAvailable(); |
| 3853 | 91 if(result != TPM_RC_SUCCESS) |
| 3854 | 92 { |
| 3855 | 93 // No NV access for now. Put the TPM in pending mode. |
| 3856 | 94 s_DAPendingOnNV = TRUE; |
| 3857 | 95 } |
| 3858 | 96 else |
| 3859 | 97 { |
| 3860 | 98 // Update NV. |
| 3861 | 99 NvWriteReserved(NV_LOCKOUT_AUTH_ENABLED, &gp.lockOutAuthEnabled); |
| 3862 | 100 g_updateNV = TRUE; |
| 3863 | 101 } |
| 3864 | 102 } |
| 3865 | 103 } |
| 3866 | 104 else |
| 3867 | 105 { |
| 3868 | 106 if(gp.recoveryTime != 0) |
| 3869 | 107 { |
| 3870 | 108 gp.failedTries++; |
| 3871 | 109 result = NvIsAvailable(); |
| 3872 | 110 if(result != TPM_RC_SUCCESS) |
| 3873 | 111 { |
| 3874 | 112 // No NV access for now. Put the TPM in pending mode. |
| 3875 | 113 s_DAPendingOnNV = TRUE; |
| 3876 | 114 } |
| 3877 | 115 else |
| 3878 | 116 { |
| 3879 | 117 // Record changes to NV. |
| 3880 | 118 NvWriteReserved(NV_FAILED_TRIES, &gp.failedTries); |
| 3881 | 119 g_updateNV = TRUE; |
| 3882 | 120 } |
| 3883 | 121 } |
| 3884 | 122 } |
| 3885 | 123 |
| 3886 | 124 // Register a DA failure and reset the timers. |
| 3887 | 125 DARegisterFailure(handle); |
| 3888 | 126 |
| 3889 | 127 return TPM_RC_AUTH_FAIL; |
| 3890 | 128 } |
| 3891 | |
| 3892 | |
| 3893 | 6.4.3.3 IsSessionBindEntity() |
| 3894 | |
| 3895 | This function indicates if the entity associated with the handle is the entity, to which this session is bound. |
| 3896 | The binding would occur by making the bind parameter in TPM2_StartAuthSession() not equal to |
| 3897 | TPM_RH_NULL. The binding only occurs if the session is an HMAC session. The bind value is a |
| 3898 | combination of the Name and the authValue of the entity. |
| 3899 | |
| 3900 | Return Value Meaning |
| 3901 | |
| 3902 | TRUE handle points to the session start entity |
| 3903 | FALSE handle does not point to the session start entity |
| 3904 | |
| 3905 | 129 static BOOL |
| 3906 | 130 IsSessionBindEntity( |
| 3907 | 131 TPM_HANDLE associatedHandle, // IN: handle to be authorized |
| 3908 | 132 SESSION *session // IN: associated session |
| 3909 | |
| 3910 | Page 44 TCG Published Family "2.0" |
| 3911 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 3912 | Part 4: Supporting Routines Trusted Platform Module Library |
| 3913 | |
| 3914 | 133 ) |
| 3915 | 134 { |
| 3916 | 135 TPM2B_NAME entity; // The bind value for the entity |
| 3917 | 136 |
| 3918 | 137 // If the session is not bound, return FALSE. |
| 3919 | 138 if(!session->attributes.isBound) |
| 3920 | 139 return FALSE; |
| 3921 | 140 |
| 3922 | 141 // Compute the bind value for the entity. |
| 3923 | 142 SessionComputeBoundEntity(associatedHandle, &entity); |
| 3924 | 143 |
| 3925 | 144 // Compare to the bind value in the session. |
| 3926 | 145 session->attributes.requestWasBound = |
| 3927 | 146 Memory2BEqual(&entity.b, &session->u1.boundEntity.b); |
| 3928 | 147 return session->attributes.requestWasBound; |
| 3929 | 148 } |
| 3930 | |
| 3931 | |
| 3932 | 6.4.3.4 IsPolicySessionRequired() |
| 3933 | |
| 3934 | Checks if a policy session is required for a command. If a command requires DUP or ADMIN role |
| 3935 | authorization, then the handle that requires that role is the first handle in the command. This simplifies |
| 3936 | this checking. If a new command is created that requires multiple ADMIN role authorizations, then it will |
| 3937 | have to be special-cased in this function. A policy session is required if: |
| 3938 | a) the command requires the DUP role, |
| 3939 | b) the command requires the ADMIN role and the authorized entity is an object and its adminWithPolicy |
| 3940 | bit is SET, or |
| 3941 | c) the command requires the ADMIN role and the authorized entity is a permanent handle or an NV |
| 3942 | Index. |
| 3943 | d) The authorized entity is a PCR belonging to a policy group, and has its policy initialized |
| 3944 | |
| 3945 | Return Value Meaning |
| 3946 | |
| 3947 | TRUE policy session is required |
| 3948 | FALSE policy session is not required |
| 3949 | |
| 3950 | 149 static BOOL |
| 3951 | 150 IsPolicySessionRequired( |
| 3952 | 151 TPM_CC commandCode, // IN: command code |
| 3953 | 152 UINT32 sessionIndex // IN: session index |
| 3954 | 153 ) |
| 3955 | 154 { |
| 3956 | 155 AUTH_ROLE role = CommandAuthRole(commandCode, sessionIndex); |
| 3957 | 156 TPM_HT type = HandleGetType(s_associatedHandles[sessionIndex]); |
| 3958 | 157 |
| 3959 | 158 if(role == AUTH_DUP) |
| 3960 | 159 return TRUE; |
| 3961 | 160 |
| 3962 | 161 if(role == AUTH_ADMIN) |
| 3963 | 162 { |
| 3964 | 163 if(type == TPM_HT_TRANSIENT) |
| 3965 | 164 { |
| 3966 | 165 OBJECT *object = ObjectGet(s_associatedHandles[sessionIndex]); |
| 3967 | 166 |
| 3968 | 167 if(object->publicArea.objectAttributes.adminWithPolicy == CLEAR) |
| 3969 | 168 return FALSE; |
| 3970 | 169 } |
| 3971 | 170 return TRUE; |
| 3972 | 171 } |
| 3973 | 172 |
| 3974 | |
| 3975 | |
| 3976 | Family "2.0" TCG Published Page 45 |
| 3977 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 3978 | Trusted Platform Module Library Part 4: Supporting Routines |
| 3979 | |
| 3980 | 173 if(type == TPM_HT_PCR) |
| 3981 | 174 { |
| 3982 | 175 if(PCRPolicyIsAvailable(s_associatedHandles[sessionIndex])) |
| 3983 | 176 { |
| 3984 | 177 TPM2B_DIGEST policy; |
| 3985 | 178 TPMI_ALG_HASH policyAlg; |
| 3986 | 179 policyAlg = PCRGetAuthPolicy(s_associatedHandles[sessionIndex], |
| 3987 | 180 &policy); |
| 3988 | 181 if(policyAlg != TPM_ALG_NULL) |
| 3989 | 182 return TRUE; |
| 3990 | 183 } |
| 3991 | 184 } |
| 3992 | 185 return FALSE; |
| 3993 | 186 } |
| 3994 | |
| 3995 | |
| 3996 | 6.4.3.5 IsAuthValueAvailable() |
| 3997 | |
| 3998 | This function indicates if authValue is available and allowed for USER role authorization of an entity. |
| 3999 | This function is similar to IsAuthPolicyAvailable() except that it does not check the size of the authValue |
| 4000 | as IsAuthPolicyAvailable() does (a null authValue is a valid auth, but a null policy is not a valid policy). |
| 4001 | This function does not check that the handle reference is valid or if the entity is in an enabled hierarchy. |
| 4002 | Those checks are assumed to have been performed during the handle unmarshaling. |
| 4003 | |
| 4004 | Return Value Meaning |
| 4005 | |
| 4006 | TRUE authValue is available |
| 4007 | FALSE authValue is not available |
| 4008 | |
| 4009 | 187 static BOOL |
| 4010 | 188 IsAuthValueAvailable( |
| 4011 | 189 TPM_HANDLE handle, // IN: handle of entity |
| 4012 | 190 TPM_CC commandCode, // IN: commandCode |
| 4013 | 191 UINT32 sessionIndex // IN: session index |
| 4014 | 192 ) |
| 4015 | 193 { |
| 4016 | 194 BOOL result = FALSE; |
| 4017 | 195 // If a policy session is required, the entity can not be authorized by |
| 4018 | 196 // authValue. However, at this point, the policy session requirement should |
| 4019 | 197 // already have been checked. |
| 4020 | 198 pAssert(!IsPolicySessionRequired(commandCode, sessionIndex)); |
| 4021 | 199 |
| 4022 | 200 switch(HandleGetType(handle)) |
| 4023 | 201 { |
| 4024 | 202 case TPM_HT_PERMANENT: |
| 4025 | 203 switch(handle) |
| 4026 | 204 { |
| 4027 | 205 // At this point hierarchy availability has already been |
| 4028 | 206 // checked so primary seed handles are always available here |
| 4029 | 207 case TPM_RH_OWNER: |
| 4030 | 208 case TPM_RH_ENDORSEMENT: |
| 4031 | 209 case TPM_RH_PLATFORM: |
| 4032 | 210 #ifdef VENDOR_PERMANENT |
| 4033 | 211 // This vendor defined handle associated with the |
| 4034 | 212 // manufacturer's shared secret |
| 4035 | 213 case VENDOR_PERMANENT: |
| 4036 | 214 #endif |
| 4037 | 215 // NullAuth is always available. |
| 4038 | 216 case TPM_RH_NULL: |
| 4039 | 217 // At the point when authValue availability is checked, control |
| 4040 | 218 // path has already passed the DA check so LockOut auth is |
| 4041 | 219 // always available here |
| 4042 | 220 case TPM_RH_LOCKOUT: |
| 4043 | |
| 4044 | Page 46 TCG Published Family "2.0" |
| 4045 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 4046 | Part 4: Supporting Routines Trusted Platform Module Library |
| 4047 | |
| 4048 | 221 |
| 4049 | 222 result = TRUE; |
| 4050 | 223 break; |
| 4051 | 224 default: |
| 4052 | 225 // Otherwise authValue is not available. |
| 4053 | 226 break; |
| 4054 | 227 } |
| 4055 | 228 break; |
| 4056 | 229 case TPM_HT_TRANSIENT: |
| 4057 | 230 // A persistent object has already been loaded and the internal |
| 4058 | 231 // handle changed. |
| 4059 | 232 { |
| 4060 | 233 OBJECT *object; |
| 4061 | 234 object = ObjectGet(handle); |
| 4062 | 235 |
| 4063 | 236 // authValue is always available for a sequence object. |
| 4064 | 237 if(ObjectIsSequence(object)) |
| 4065 | 238 { |
| 4066 | 239 result = TRUE; |
| 4067 | 240 break; |
| 4068 | 241 } |
| 4069 | 242 // authValue is available for an object if it has its sensitive |
| 4070 | 243 // portion loaded and |
| 4071 | 244 // 1. userWithAuth bit is SET, or |
| 4072 | 245 // 2. ADMIN role is required |
| 4073 | 246 if( object->attributes.publicOnly == CLEAR |
| 4074 | 247 && (object->publicArea.objectAttributes.userWithAuth == SET |
| 4075 | 248 || (CommandAuthRole(commandCode, sessionIndex) == AUTH_ADMIN |
| 4076 | 249 && object->publicArea.objectAttributes.adminWithPolicy |
| 4077 | 250 == CLEAR))) |
| 4078 | 251 result = TRUE; |
| 4079 | 252 } |
| 4080 | 253 break; |
| 4081 | 254 case TPM_HT_NV_INDEX: |
| 4082 | 255 // NV Index. |
| 4083 | 256 { |
| 4084 | 257 NV_INDEX nvIndex; |
| 4085 | 258 NvGetIndexInfo(handle, &nvIndex); |
| 4086 | 259 if(IsWriteOperation(commandCode)) |
| 4087 | 260 { |
| 4088 | 261 if (nvIndex.publicArea.attributes.TPMA_NV_AUTHWRITE == SET) |
| 4089 | 262 result = TRUE; |
| 4090 | 263 |
| 4091 | 264 } |
| 4092 | 265 else |
| 4093 | 266 { |
| 4094 | 267 if (nvIndex.publicArea.attributes.TPMA_NV_AUTHREAD == SET) |
| 4095 | 268 result = TRUE; |
| 4096 | 269 } |
| 4097 | 270 } |
| 4098 | 271 break; |
| 4099 | 272 case TPM_HT_PCR: |
| 4100 | 273 // PCR handle. |
| 4101 | 274 // authValue is always allowed for PCR |
| 4102 | 275 result = TRUE; |
| 4103 | 276 break; |
| 4104 | 277 default: |
| 4105 | 278 // Otherwise, authValue is not available |
| 4106 | 279 break; |
| 4107 | 280 } |
| 4108 | 281 return result; |
| 4109 | 282 } |
| 4110 | |
| 4111 | |
| 4112 | |
| 4113 | |
| 4114 | Family "2.0" TCG Published Page 47 |
| 4115 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 4116 | Trusted Platform Module Library Part 4: Supporting Routines |
| 4117 | |
| 4118 | 6.4.3.6 IsAuthPolicyAvailable() |
| 4119 | |
| 4120 | This function indicates if an authPolicy is available and allowed. |
| 4121 | This function does not check that the handle reference is valid or if the entity is in an enabled hierarchy. |
| 4122 | Those checks are assumed to have been performed during the handle unmarshaling. |
| 4123 | |
| 4124 | Return Value Meaning |
| 4125 | |
| 4126 | TRUE authPolicy is available |
| 4127 | FALSE authPolicy is not available |
| 4128 | |
| 4129 | 283 static BOOL |
| 4130 | 284 IsAuthPolicyAvailable( |
| 4131 | 285 TPM_HANDLE handle, // IN: handle of entity |
| 4132 | 286 TPM_CC commandCode, // IN: commandCode |
| 4133 | 287 UINT32 sessionIndex // IN: session index |
| 4134 | 288 ) |
| 4135 | 289 { |
| 4136 | 290 BOOL result = FALSE; |
| 4137 | 291 switch(HandleGetType(handle)) |
| 4138 | 292 { |
| 4139 | 293 case TPM_HT_PERMANENT: |
| 4140 | 294 switch(handle) |
| 4141 | 295 { |
| 4142 | 296 // At this point hierarchy availability has already been checked. |
| 4143 | 297 case TPM_RH_OWNER: |
| 4144 | 298 if (gp.ownerPolicy.t.size != 0) |
| 4145 | 299 result = TRUE; |
| 4146 | 300 break; |
| 4147 | 301 |
| 4148 | 302 case TPM_RH_ENDORSEMENT: |
| 4149 | 303 if (gp.endorsementPolicy.t.size != 0) |
| 4150 | 304 result = TRUE; |
| 4151 | 305 break; |
| 4152 | 306 |
| 4153 | 307 case TPM_RH_PLATFORM: |
| 4154 | 308 if (gc.platformPolicy.t.size != 0) |
| 4155 | 309 result = TRUE; |
| 4156 | 310 break; |
| 4157 | 311 case TPM_RH_LOCKOUT: |
| 4158 | 312 if(gp.lockoutPolicy.t.size != 0) |
| 4159 | 313 result = TRUE; |
| 4160 | 314 break; |
| 4161 | 315 default: |
| 4162 | 316 break; |
| 4163 | 317 } |
| 4164 | 318 break; |
| 4165 | 319 case TPM_HT_TRANSIENT: |
| 4166 | 320 { |
| 4167 | 321 // Object handle. |
| 4168 | 322 // An evict object would already have been loaded and given a |
| 4169 | 323 // transient object handle by this point. |
| 4170 | 324 OBJECT *object = ObjectGet(handle); |
| 4171 | 325 // Policy authorization is not available for an object with only |
| 4172 | 326 // public portion loaded. |
| 4173 | 327 if(object->attributes.publicOnly == CLEAR) |
| 4174 | 328 { |
| 4175 | 329 // Policy authorization is always available for an object but |
| 4176 | 330 // is never available for a sequence. |
| 4177 | 331 if(!ObjectIsSequence(object)) |
| 4178 | 332 result = TRUE; |
| 4179 | 333 } |
| 4180 | 334 break; |
| 4181 | |
| 4182 | Page 48 TCG Published Family "2.0" |
| 4183 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 4184 | Part 4: Supporting Routines Trusted Platform Module Library |
| 4185 | |
| 4186 | 335 } |
| 4187 | 336 case TPM_HT_NV_INDEX: |
| 4188 | 337 // An NV Index. |
| 4189 | 338 { |
| 4190 | 339 NV_INDEX nvIndex; |
| 4191 | 340 NvGetIndexInfo(handle, &nvIndex); |
| 4192 | 341 // If the policy size is not zero, check if policy can be used. |
| 4193 | 342 if(nvIndex.publicArea.authPolicy.t.size != 0) |
| 4194 | 343 { |
| 4195 | 344 // If policy session is required for this handle, always |
| 4196 | 345 // uses policy regardless of the attributes bit setting |
| 4197 | 346 if(IsPolicySessionRequired(commandCode, sessionIndex)) |
| 4198 | 347 result = TRUE; |
| 4199 | 348 // Otherwise, the presence of the policy depends on the NV |
| 4200 | 349 // attributes. |
| 4201 | 350 else if(IsWriteOperation(commandCode)) |
| 4202 | 351 { |
| 4203 | 352 if ( nvIndex.publicArea.attributes.TPMA_NV_POLICYWRITE |
| 4204 | 353 == SET) |
| 4205 | 354 result = TRUE; |
| 4206 | 355 } |
| 4207 | 356 else |
| 4208 | 357 { |
| 4209 | 358 if ( nvIndex.publicArea.attributes.TPMA_NV_POLICYREAD |
| 4210 | 359 == SET) |
| 4211 | 360 result = TRUE; |
| 4212 | 361 } |
| 4213 | 362 } |
| 4214 | 363 } |
| 4215 | 364 break; |
| 4216 | 365 case TPM_HT_PCR: |
| 4217 | 366 // PCR handle. |
| 4218 | 367 if(PCRPolicyIsAvailable(handle)) |
| 4219 | 368 result = TRUE; |
| 4220 | 369 break; |
| 4221 | 370 default: |
| 4222 | 371 break; |
| 4223 | 372 } |
| 4224 | 373 return result; |
| 4225 | 374 } |
| 4226 | |
| 4227 | |
| 4228 | 6.4.4 Session Parsing Functions |
| 4229 | |
| 4230 | 6.4.4.1 ComputeCpHash() |
| 4231 | |
| 4232 | This function computes the cpHash as defined in Part 2 and described in Part 1. |
| 4233 | |
| 4234 | 375 static void |
| 4235 | 376 ComputeCpHash( |
| 4236 | 377 TPMI_ALG_HASH hashAlg, // IN: hash algorithm |
| 4237 | 378 TPM_CC commandCode, // IN: command code |
| 4238 | 379 UINT32 handleNum, // IN: number of handle |
| 4239 | 380 TPM_HANDLE handles[], // IN: array of handle |
| 4240 | 381 UINT32 parmBufferSize, // IN: size of input parameter area |
| 4241 | 382 BYTE *parmBuffer, // IN: input parameter area |
| 4242 | 383 TPM2B_DIGEST *cpHash, // OUT: cpHash |
| 4243 | 384 TPM2B_DIGEST *nameHash // OUT: name hash of command |
| 4244 | 385 ) |
| 4245 | 386 { |
| 4246 | 387 UINT32 i; |
| 4247 | 388 HASH_STATE hashState; |
| 4248 | 389 TPM2B_NAME name; |
| 4249 | 390 |
| 4250 | |
| 4251 | |
| 4252 | Family "2.0" TCG Published Page 49 |
| 4253 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 4254 | Trusted Platform Module Library Part 4: Supporting Routines |
| 4255 | |
| 4256 | 391 // cpHash = hash(commandCode [ || authName1 |
| 4257 | 392 // [ || authName2 |
| 4258 | 393 // [ || authName 3 ]]] |
| 4259 | 394 // [ || parameters]) |
| 4260 | 395 // A cpHash can contain just a commandCode only if the lone session is |
| 4261 | 396 // an audit session. |
| 4262 | 397 |
| 4263 | 398 // Start cpHash. |
| 4264 | 399 cpHash->t.size = CryptStartHash(hashAlg, &hashState); |
| 4265 | 400 |
| 4266 | 401 // Add commandCode. |
| 4267 | 402 CryptUpdateDigestInt(&hashState, sizeof(TPM_CC), &commandCode); |
| 4268 | 403 |
| 4269 | 404 // Add authNames for each of the handles. |
| 4270 | 405 for(i = 0; i < handleNum; i++) |
| 4271 | 406 { |
| 4272 | 407 name.t.size = EntityGetName(handles[i], &name.t.name); |
| 4273 | 408 CryptUpdateDigest2B(&hashState, &name.b); |
| 4274 | 409 } |
| 4275 | 410 |
| 4276 | 411 // Add the parameters. |
| 4277 | 412 CryptUpdateDigest(&hashState, parmBufferSize, parmBuffer); |
| 4278 | 413 |
| 4279 | 414 // Complete the hash. |
| 4280 | 415 CryptCompleteHash2B(&hashState, &cpHash->b); |
| 4281 | 416 |
| 4282 | 417 // If the nameHash is needed, compute it here. |
| 4283 | 418 if(nameHash != NULL) |
| 4284 | 419 { |
| 4285 | 420 // Start name hash. hashState may be reused. |
| 4286 | 421 nameHash->t.size = CryptStartHash(hashAlg, &hashState); |
| 4287 | 422 |
| 4288 | 423 // Adding names. |
| 4289 | 424 for(i = 0; i < handleNum; i++) |
| 4290 | 425 { |
| 4291 | 426 name.t.size = EntityGetName(handles[i], &name.t.name); |
| 4292 | 427 CryptUpdateDigest2B(&hashState, &name.b); |
| 4293 | 428 } |
| 4294 | 429 // Complete hash. |
| 4295 | 430 CryptCompleteHash2B(&hashState, &nameHash->b); |
| 4296 | 431 } |
| 4297 | 432 return; |
| 4298 | 433 } |
| 4299 | |
| 4300 | |
| 4301 | 6.4.4.2 CheckPWAuthSession() |
| 4302 | |
| 4303 | This function validates the authorization provided in a PWAP session. It compares the input value to |
| 4304 | authValue of the authorized entity. Argument sessionIndex is used to get handles handle of the |
| 4305 | referenced entities from s_inputAuthValues[] and s_associatedHandles[]. |
| 4306 | |
| 4307 | Error Returns Meaning |
| 4308 | |
| 4309 | TPM_RC_AUTH_FAIL auth fails and increments DA failure count |
| 4310 | TPM_RC_BAD_AUTH auth fails but DA does not apply |
| 4311 | |
| 4312 | 434 static TPM_RC |
| 4313 | 435 CheckPWAuthSession( |
| 4314 | 436 UINT32 sessionIndex // IN: index of session to be processed |
| 4315 | 437 ) |
| 4316 | 438 { |
| 4317 | 439 TPM2B_AUTH authValue; |
| 4318 | 440 TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex]; |
| 4319 | 441 |
| 4320 | |
| 4321 | Page 50 TCG Published Family "2.0" |
| 4322 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 4323 | Part 4: Supporting Routines Trusted Platform Module Library |
| 4324 | |
| 4325 | 442 // Strip trailing zeros from the password. |
| 4326 | 443 MemoryRemoveTrailingZeros(&s_inputAuthValues[sessionIndex]); |
| 4327 | 444 |
| 4328 | 445 // Get the auth value and size. |
| 4329 | 446 authValue.t.size = EntityGetAuthValue(associatedHandle, &authValue.t.buffer); |
| 4330 | 447 |
| 4331 | 448 // Success if the digests are identical. |
| 4332 | 449 if(Memory2BEqual(&s_inputAuthValues[sessionIndex].b, &authValue.b)) |
| 4333 | 450 { |
| 4334 | 451 return TPM_RC_SUCCESS; |
| 4335 | 452 } |
| 4336 | 453 else // if the digests are not identical |
| 4337 | 454 { |
| 4338 | 455 // Invoke DA protection if applicable. |
| 4339 | 456 return IncrementLockout(sessionIndex); |
| 4340 | 457 } |
| 4341 | 458 } |
| 4342 | |
| 4343 | |
| 4344 | 6.4.4.3 ComputeCommandHMAC() |
| 4345 | |
| 4346 | This function computes the HMAC for an authorization session in a command. |
| 4347 | |
| 4348 | 459 static void |
| 4349 | 460 ComputeCommandHMAC( |
| 4350 | 461 UINT32 sessionIndex, // IN: index of session to be processed |
| 4351 | 462 TPM2B_DIGEST *cpHash, // IN: cpHash |
| 4352 | 463 TPM2B_DIGEST *hmac // OUT: authorization HMAC |
| 4353 | 464 ) |
| 4354 | 465 { |
| 4355 | 466 TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2)); |
| 4356 | 467 TPM2B_KEY key; |
| 4357 | 468 BYTE marshalBuffer[sizeof(TPMA_SESSION)]; |
| 4358 | 469 BYTE *buffer; |
| 4359 | 470 UINT32 marshalSize; |
| 4360 | 471 HMAC_STATE hmacState; |
| 4361 | 472 TPM2B_NONCE *nonceDecrypt; |
| 4362 | 473 TPM2B_NONCE *nonceEncrypt; |
| 4363 | 474 SESSION *session; |
| 4364 | 475 TPM_HT sessionHandleType = |
| 4365 | 476 HandleGetType(s_sessionHandles[sessionIndex]); |
| 4366 | 477 |
| 4367 | 478 nonceDecrypt = NULL; |
| 4368 | 479 nonceEncrypt = NULL; |
| 4369 | 480 |
| 4370 | 481 // Determine if extra nonceTPM values are going to be required. |
| 4371 | 482 // If this is the first session (sessionIndex = 0) and it is an authorization |
| 4372 | 483 // session that uses an HMAC, then check if additional session nonces are to be |
| 4373 | 484 // included. |
| 4374 | 485 if( sessionIndex == 0 |
| 4375 | 486 && s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) |
| 4376 | 487 { |
| 4377 | 488 // If there is a decrypt session and if this is not the decrypt session, |
| 4378 | 489 // then an extra nonce may be needed. |
| 4379 | 490 if( s_decryptSessionIndex != UNDEFINED_INDEX |
| 4380 | 491 && s_decryptSessionIndex != sessionIndex) |
| 4381 | 492 { |
| 4382 | 493 // Will add the nonce for the decrypt session. |
| 4383 | 494 SESSION *decryptSession |
| 4384 | 495 = SessionGet(s_sessionHandles[s_decryptSessionIndex]); |
| 4385 | 496 nonceDecrypt = &decryptSession->nonceTPM; |
| 4386 | 497 } |
| 4387 | 498 // Now repeat for the encrypt session. |
| 4388 | 499 if( s_encryptSessionIndex != UNDEFINED_INDEX |
| 4389 | 500 && s_encryptSessionIndex != sessionIndex |
| 4390 | |
| 4391 | |
| 4392 | Family "2.0" TCG Published Page 51 |
| 4393 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 4394 | Trusted Platform Module Library Part 4: Supporting Routines |
| 4395 | |
| 4396 | 501 && s_encryptSessionIndex != s_decryptSessionIndex) |
| 4397 | 502 { |
| 4398 | 503 // Have to have the nonce for the encrypt session. |
| 4399 | 504 SESSION *encryptSession |
| 4400 | 505 = SessionGet(s_sessionHandles[s_encryptSessionIndex]); |
| 4401 | 506 nonceEncrypt = &encryptSession->nonceTPM; |
| 4402 | 507 } |
| 4403 | 508 } |
| 4404 | 509 |
| 4405 | 510 // Continue with the HMAC processing. |
| 4406 | 511 session = SessionGet(s_sessionHandles[sessionIndex]); |
| 4407 | 512 |
| 4408 | 513 // Generate HMAC key. |
| 4409 | 514 MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); |
| 4410 | 515 |
| 4411 | 516 // Check if the session has an associated handle and if the associated entity |
| 4412 | 517 // is the one to which the session is bound. If not, add the authValue of |
| 4413 | 518 // this entity to the HMAC key. |
| 4414 | 519 // If the session is bound to the object or the session is a policy session |
| 4415 | 520 // with no authValue required, do not include the authValue in the HMAC key. |
| 4416 | 521 // Note: For a policy session, its isBound attribute is CLEARED. |
| 4417 | 522 |
| 4418 | 523 // If the session isn't used for authorization, then there is no auth value |
| 4419 | 524 // to add |
| 4420 | 525 if(s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) |
| 4421 | 526 { |
| 4422 | 527 // used for auth so see if this is a policy session with authValue needed |
| 4423 | 528 // or an hmac session that is not bound |
| 4424 | 529 if( sessionHandleType == TPM_HT_POLICY_SESSION |
| 4425 | 530 && session->attributes.isAuthValueNeeded == SET |
| 4426 | 531 || sessionHandleType == TPM_HT_HMAC_SESSION |
| 4427 | 532 && !IsSessionBindEntity(s_associatedHandles[sessionIndex], session) |
| 4428 | 533 ) |
| 4429 | 534 { |
| 4430 | 535 // add the authValue to the HMAC key |
| 4431 | 536 pAssert((sizeof(AUTH_VALUE) + key.t.size) <= sizeof(key.t.buffer)); |
| 4432 | 537 key.t.size = key.t.size |
| 4433 | 538 + EntityGetAuthValue(s_associatedHandles[sessionIndex], |
| 4434 | 539 (AUTH_VALUE *)&(key.t.buffer[key.t.size])); |
| 4435 | 540 } |
| 4436 | 541 } |
| 4437 | 542 |
| 4438 | 543 // if the HMAC key size is 0, a NULL string HMAC is allowed |
| 4439 | 544 if( key.t.size == 0 |
| 4440 | 545 && s_inputAuthValues[sessionIndex].t.size == 0) |
| 4441 | 546 { |
| 4442 | 547 hmac->t.size = 0; |
| 4443 | 548 return; |
| 4444 | 549 } |
| 4445 | 550 |
| 4446 | 551 // Start HMAC |
| 4447 | 552 hmac->t.size = CryptStartHMAC2B(session->authHashAlg, &key.b, &hmacState); |
| 4448 | 553 |
| 4449 | 554 // Add cpHash |
| 4450 | 555 CryptUpdateDigest2B(&hmacState, &cpHash->b); |
| 4451 | 556 |
| 4452 | 557 // Add nonceCaller |
| 4453 | 558 CryptUpdateDigest2B(&hmacState, &s_nonceCaller[sessionIndex].b); |
| 4454 | 559 |
| 4455 | 560 // Add nonceTPM |
| 4456 | 561 CryptUpdateDigest2B(&hmacState, &session->nonceTPM.b); |
| 4457 | 562 |
| 4458 | 563 // If needed, add nonceTPM for decrypt session |
| 4459 | 564 if(nonceDecrypt != NULL) |
| 4460 | 565 CryptUpdateDigest2B(&hmacState, &nonceDecrypt->b); |
| 4461 | 566 |
| 4462 | |
| 4463 | Page 52 TCG Published Family "2.0" |
| 4464 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 4465 | Part 4: Supporting Routines Trusted Platform Module Library |
| 4466 | |
| 4467 | 567 // If needed, add nonceTPM for encrypt session |
| 4468 | 568 if(nonceEncrypt != NULL) |
| 4469 | 569 CryptUpdateDigest2B(&hmacState, &nonceEncrypt->b); |
| 4470 | 570 |
| 4471 | 571 // Add sessionAttributes |
| 4472 | 572 buffer = marshalBuffer; |
| 4473 | 573 marshalSize = TPMA_SESSION_Marshal(&(s_attributes[sessionIndex]), |
| 4474 | 574 &buffer, NULL); |
| 4475 | 575 CryptUpdateDigest(&hmacState, marshalSize, marshalBuffer); |
| 4476 | 576 |
| 4477 | 577 // Complete the HMAC computation |
| 4478 | 578 CryptCompleteHMAC2B(&hmacState, &hmac->b); |
| 4479 | 579 |
| 4480 | 580 return; |
| 4481 | 581 } |
| 4482 | |
| 4483 | |
| 4484 | 6.4.4.4 CheckSessionHMAC() |
| 4485 | |
| 4486 | This function checks the HMAC of in a session. It uses ComputeCommandHMAC() to compute the |
| 4487 | expected HMAC value and then compares the result with the HMAC in the authorization session. The |
| 4488 | authorization is successful if they are the same. |
| 4489 | If the authorizations are not the same, IncrementLockout() is called. It will return TPM_RC_AUTH_FAIL if |
| 4490 | the failure caused the failureCount to increment. Otherwise, it will return TPM_RC_BAD_AUTH. |
| 4491 | |
| 4492 | Error Returns Meaning |
| 4493 | |
| 4494 | TPM_RC_AUTH_FAIL auth failure caused failureCount increment |
| 4495 | TPM_RC_BAD_AUTH auth failure did not cause failureCount increment |
| 4496 | |
| 4497 | 582 static TPM_RC |
| 4498 | 583 CheckSessionHMAC( |
| 4499 | 584 UINT32 sessionIndex, // IN: index of session to be processed |
| 4500 | 585 TPM2B_DIGEST *cpHash // IN: cpHash of the command |
| 4501 | 586 ) |
| 4502 | 587 { |
| 4503 | 588 TPM2B_DIGEST hmac; // authHMAC for comparing |
| 4504 | 589 |
| 4505 | 590 // Compute authHMAC |
| 4506 | 591 ComputeCommandHMAC(sessionIndex, cpHash, &hmac); |
| 4507 | 592 |
| 4508 | 593 // Compare the input HMAC with the authHMAC computed above. |
| 4509 | 594 if(!Memory2BEqual(&s_inputAuthValues[sessionIndex].b, &hmac.b)) |
| 4510 | 595 { |
| 4511 | 596 // If an HMAC session has a failure, invoke the anti-hammering |
| 4512 | 597 // if it applies to the authorized entity or the session. |
| 4513 | 598 // Otherwise, just indicate that the authorization is bad. |
| 4514 | 599 return IncrementLockout(sessionIndex); |
| 4515 | 600 } |
| 4516 | 601 return TPM_RC_SUCCESS; |
| 4517 | 602 } |
| 4518 | |
| 4519 | |
| 4520 | 6.4.4.5 CheckPolicyAuthSession() |
| 4521 | |
| 4522 | This function is used to validate the authorization in a policy session. This function performs the following |
| 4523 | comparisons to see if a policy authorization is properly provided. The check are: |
| 4524 | a) compare policyDigest in session with authPolicy associated with the entity to be authorized; |
| 4525 | b) compare timeout if applicable; |
| 4526 | c) compare commandCode if applicable; |
| 4527 | |
| 4528 | Family "2.0" TCG Published Page 53 |
| 4529 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 4530 | Trusted Platform Module Library Part 4: Supporting Routines |
| 4531 | |
| 4532 | |
| 4533 | d) compare cpHash if applicable; and |
| 4534 | e) see if PCR values have changed since computed. |
| 4535 | If all the above checks succeed, the handle is authorized. The order of these comparisons is not |
| 4536 | important because any failure will result in the same error code. |
| 4537 | |
| 4538 | Error Returns Meaning |
| 4539 | |
| 4540 | TPM_RC_PCR_CHANGED PCR value is not current |
| 4541 | TPM_RC_POLICY_FAIL policy session fails |
| 4542 | TPM_RC_LOCALITY command locality is not allowed |
| 4543 | TPM_RC_POLICY_CC CC doesn't match |
| 4544 | TPM_RC_EXPIRED policy session has expired |
| 4545 | TPM_RC_PP PP is required but not asserted |
| 4546 | TPM_RC_NV_UNAVAILABLE NV is not available for write |
| 4547 | TPM_RC_NV_RATE NV is rate limiting |
| 4548 | |
| 4549 | 603 static TPM_RC |
| 4550 | 604 CheckPolicyAuthSession( |
| 4551 | 605 UINT32 sessionIndex, // IN: index of session to be processed |
| 4552 | 606 TPM_CC commandCode, // IN: command code |
| 4553 | 607 TPM2B_DIGEST *cpHash, // IN: cpHash using the algorithm of this |
| 4554 | 608 // session |
| 4555 | 609 TPM2B_DIGEST *nameHash // IN: nameHash using the session algorithm |
| 4556 | 610 ) |
| 4557 | 611 { |
| 4558 | 612 TPM_RC result = TPM_RC_SUCCESS; |
| 4559 | 613 SESSION *session; |
| 4560 | 614 TPM2B_DIGEST authPolicy; |
| 4561 | 615 TPMI_ALG_HASH policyAlg; |
| 4562 | 616 UINT8 locality; |
| 4563 | 617 |
| 4564 | 618 // Initialize pointer to the auth session. |
| 4565 | 619 session = SessionGet(s_sessionHandles[sessionIndex]); |
| 4566 | 620 |
| 4567 | 621 // If the command is TPM_RC_PolicySecret(), make sure that |
| 4568 | 622 // either password or authValue is required |
| 4569 | 623 if( commandCode == TPM_CC_PolicySecret |
| 4570 | 624 && session->attributes.isPasswordNeeded == CLEAR |
| 4571 | 625 && session->attributes.isAuthValueNeeded == CLEAR) |
| 4572 | 626 return TPM_RC_MODE; |
| 4573 | 627 |
| 4574 | 628 // See if the PCR counter for the session is still valid. |
| 4575 | 629 if( !SessionPCRValueIsCurrent(s_sessionHandles[sessionIndex]) ) |
| 4576 | 630 return TPM_RC_PCR_CHANGED; |
| 4577 | 631 |
| 4578 | 632 // Get authPolicy. |
| 4579 | 633 policyAlg = EntityGetAuthPolicy(s_associatedHandles[sessionIndex], |
| 4580 | 634 &authPolicy); |
| 4581 | 635 // Compare authPolicy. |
| 4582 | 636 if(!Memory2BEqual(&session->u2.policyDigest.b, &authPolicy.b)) |
| 4583 | 637 return TPM_RC_POLICY_FAIL; |
| 4584 | 638 |
| 4585 | 639 // Policy is OK so check if the other factors are correct |
| 4586 | 640 |
| 4587 | 641 // Compare policy hash algorithm. |
| 4588 | 642 if(policyAlg != session->authHashAlg) |
| 4589 | 643 return TPM_RC_POLICY_FAIL; |
| 4590 | 644 |
| 4591 | 645 // Compare timeout. |
| 4592 | |
| 4593 | Page 54 TCG Published Family "2.0" |
| 4594 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 4595 | Part 4: Supporting Routines Trusted Platform Module Library |
| 4596 | |
| 4597 | 646 if(session->timeOut != 0) |
| 4598 | 647 { |
| 4599 | 648 // Cannot compare time if clock stop advancing. An TPM_RC_NV_UNAVAILABLE |
| 4600 | 649 // or TPM_RC_NV_RATE error may be returned here. |
| 4601 | 650 result = NvIsAvailable(); |
| 4602 | 651 if(result != TPM_RC_SUCCESS) |
| 4603 | 652 return result; |
| 4604 | 653 |
| 4605 | 654 if(session->timeOut < go.clock) |
| 4606 | 655 return TPM_RC_EXPIRED; |
| 4607 | 656 } |
| 4608 | 657 |
| 4609 | 658 // If command code is provided it must match |
| 4610 | 659 if(session->commandCode != 0) |
| 4611 | 660 { |
| 4612 | 661 if(session->commandCode != commandCode) |
| 4613 | 662 return TPM_RC_POLICY_CC; |
| 4614 | 663 } |
| 4615 | 664 else |
| 4616 | 665 { |
| 4617 | 666 // If command requires a DUP or ADMIN authorization, the session must have |
| 4618 | 667 // command code set. |
| 4619 | 668 AUTH_ROLE role = CommandAuthRole(commandCode, sessionIndex); |
| 4620 | 669 if(role == AUTH_ADMIN || role == AUTH_DUP) |
| 4621 | 670 return TPM_RC_POLICY_FAIL; |
| 4622 | 671 } |
| 4623 | 672 // Check command locality. |
| 4624 | 673 { |
| 4625 | 674 BYTE sessionLocality[sizeof(TPMA_LOCALITY)]; |
| 4626 | 675 BYTE *buffer = sessionLocality; |
| 4627 | 676 |
| 4628 | 677 // Get existing locality setting in canonical form |
| 4629 | 678 TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL); |
| 4630 | 679 |
| 4631 | 680 // See if the locality has been set |
| 4632 | 681 if(sessionLocality[0] != 0) |
| 4633 | 682 { |
| 4634 | 683 // If so, get the current locality |
| 4635 | 684 locality = _plat__LocalityGet(); |
| 4636 | 685 if (locality < 5) |
| 4637 | 686 { |
| 4638 | 687 if( ((sessionLocality[0] & (1 << locality)) == 0) |
| 4639 | 688 || sessionLocality[0] > 31) |
| 4640 | 689 return TPM_RC_LOCALITY; |
| 4641 | 690 } |
| 4642 | 691 else if (locality > 31) |
| 4643 | 692 { |
| 4644 | 693 if(sessionLocality[0] != locality) |
| 4645 | 694 return TPM_RC_LOCALITY; |
| 4646 | 695 } |
| 4647 | 696 else |
| 4648 | 697 { |
| 4649 | 698 // Could throw an assert here but a locality error is just |
| 4650 | 699 // as good. It just means that, whatever the locality is, it isn't |
| 4651 | 700 // the locality requested so... |
| 4652 | 701 return TPM_RC_LOCALITY; |
| 4653 | 702 } |
| 4654 | 703 } |
| 4655 | 704 } // end of locality check |
| 4656 | 705 |
| 4657 | 706 // Check physical presence. |
| 4658 | 707 if( session->attributes.isPPRequired == SET |
| 4659 | 708 && !_plat__PhysicalPresenceAsserted()) |
| 4660 | 709 return TPM_RC_PP; |
| 4661 | 710 |
| 4662 | 711 // Compare cpHash/nameHash if defined, or if the command requires an ADMIN or |
| 4663 | |
| 4664 | Family "2.0" TCG Published Page 55 |
| 4665 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 4666 | Trusted Platform Module Library Part 4: Supporting Routines |
| 4667 | |
| 4668 | 712 // DUP role for this handle. |
| 4669 | 713 if(session->u1.cpHash.b.size != 0) |
| 4670 | 714 { |
| 4671 | 715 if(session->attributes.iscpHashDefined) |
| 4672 | 716 { |
| 4673 | 717 // Compare cpHash. |
| 4674 | 718 if(!Memory2BEqual(&session->u1.cpHash.b, &cpHash->b)) |
| 4675 | 719 return TPM_RC_POLICY_FAIL; |
| 4676 | 720 } |
| 4677 | 721 else |
| 4678 | 722 { |
| 4679 | 723 // Compare nameHash. |
| 4680 | 724 // When cpHash is not defined, nameHash is placed in its space. |
| 4681 | 725 if(!Memory2BEqual(&session->u1.cpHash.b, &nameHash->b)) |
| 4682 | 726 return TPM_RC_POLICY_FAIL; |
| 4683 | 727 } |
| 4684 | 728 } |
| 4685 | 729 if(session->attributes.checkNvWritten) |
| 4686 | 730 { |
| 4687 | 731 NV_INDEX nvIndex; |
| 4688 | 732 |
| 4689 | 733 // If this is not an NV index, the policy makes no sense so fail it. |
| 4690 | 734 if(HandleGetType(s_associatedHandles[sessionIndex])!= TPM_HT_NV_INDEX) |
| 4691 | 735 return TPM_RC_POLICY_FAIL; |
| 4692 | 736 |
| 4693 | 737 // Get the index data |
| 4694 | 738 NvGetIndexInfo(s_associatedHandles[sessionIndex], &nvIndex); |
| 4695 | 739 |
| 4696 | 740 // Make sure that the TPMA_WRITTEN_ATTRIBUTE has the desired state |
| 4697 | 741 if( (nvIndex.publicArea.attributes.TPMA_NV_WRITTEN == SET) |
| 4698 | 742 != (session->attributes.nvWrittenState == SET)) |
| 4699 | 743 return TPM_RC_POLICY_FAIL; |
| 4700 | 744 } |
| 4701 | 745 |
| 4702 | 746 return TPM_RC_SUCCESS; |
| 4703 | 747 } |
| 4704 | |
| 4705 | |
| 4706 | 6.4.4.6 RetrieveSessionData() |
| 4707 | |
| 4708 | This function will unmarshal the sessions in the session area of a command. The values are placed in the |
| 4709 | arrays that are defined at the beginning of this file. The normal unmarshaling errors are possible. |
| 4710 | |
| 4711 | Error Returns Meaning |
| 4712 | |
| 4713 | TPM_RC_SUCCSS unmarshaled without error |
| 4714 | TPM_RC_SIZE the number of bytes unmarshaled is not the same as the value for |
| 4715 | authorizationSize in the command |
| 4716 | |
| 4717 | 748 static TPM_RC |
| 4718 | 749 RetrieveSessionData ( |
| 4719 | 750 TPM_CC commandCode, // IN: command code |
| 4720 | 751 UINT32 *sessionCount, // OUT: number of sessions found |
| 4721 | 752 BYTE *sessionBuffer, // IN: pointer to the session buffer |
| 4722 | 753 INT32 bufferSize // IN: size of the session buffer |
| 4723 | 754 ) |
| 4724 | 755 { |
| 4725 | 756 int sessionIndex; |
| 4726 | 757 int i; |
| 4727 | 758 TPM_RC result; |
| 4728 | 759 SESSION *session; |
| 4729 | 760 TPM_HT sessionType; |
| 4730 | 761 |
| 4731 | 762 s_decryptSessionIndex = UNDEFINED_INDEX; |
| 4732 | |
| 4733 | Page 56 TCG Published Family "2.0" |
| 4734 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 4735 | Part 4: Supporting Routines Trusted Platform Module Library |
| 4736 | |
| 4737 | 763 s_encryptSessionIndex = UNDEFINED_INDEX; |
| 4738 | 764 s_auditSessionIndex = UNDEFINED_INDEX; |
| 4739 | 765 |
| 4740 | 766 for(sessionIndex = 0; bufferSize > 0; sessionIndex++) |
| 4741 | 767 { |
| 4742 | 768 // If maximum allowed number of sessions has been parsed, return a size |
| 4743 | 769 // error with a session number that is larger than the number of allowed |
| 4744 | 770 // sessions |
| 4745 | 771 if(sessionIndex == MAX_SESSION_NUM) |
| 4746 | 772 return TPM_RC_SIZE + TPM_RC_S + g_rcIndex[sessionIndex+1]; |
| 4747 | 773 |
| 4748 | 774 // make sure that the associated handle for each session starts out |
| 4749 | 775 // unassigned |
| 4750 | 776 s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; |
| 4751 | 777 |
| 4752 | 778 // First parameter: Session handle. |
| 4753 | 779 result = TPMI_SH_AUTH_SESSION_Unmarshal(&s_sessionHandles[sessionIndex], |
| 4754 | 780 &sessionBuffer, &bufferSize, TRUE); |
| 4755 | 781 if(result != TPM_RC_SUCCESS) |
| 4756 | 782 return result + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4757 | 783 |
| 4758 | 784 // Second parameter: Nonce. |
| 4759 | 785 result = TPM2B_NONCE_Unmarshal(&s_nonceCaller[sessionIndex], |
| 4760 | 786 &sessionBuffer, &bufferSize); |
| 4761 | 787 if(result != TPM_RC_SUCCESS) |
| 4762 | 788 return result + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4763 | 789 |
| 4764 | 790 // Third parameter: sessionAttributes. |
| 4765 | 791 result = TPMA_SESSION_Unmarshal(&s_attributes[sessionIndex], |
| 4766 | 792 &sessionBuffer, &bufferSize); |
| 4767 | 793 if(result != TPM_RC_SUCCESS) |
| 4768 | 794 return result + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4769 | 795 |
| 4770 | 796 // Fourth parameter: authValue (PW or HMAC). |
| 4771 | 797 result = TPM2B_AUTH_Unmarshal(&s_inputAuthValues[sessionIndex], |
| 4772 | 798 &sessionBuffer, &bufferSize); |
| 4773 | 799 if(result != TPM_RC_SUCCESS) |
| 4774 | 800 return result + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4775 | 801 |
| 4776 | 802 if(s_sessionHandles[sessionIndex] == TPM_RS_PW) |
| 4777 | 803 { |
| 4778 | 804 // A PWAP session needs additional processing. |
| 4779 | 805 // Can't have any attributes set other than continueSession bit |
| 4780 | 806 if( s_attributes[sessionIndex].encrypt |
| 4781 | 807 || s_attributes[sessionIndex].decrypt |
| 4782 | 808 || s_attributes[sessionIndex].audit |
| 4783 | 809 || s_attributes[sessionIndex].auditExclusive |
| 4784 | 810 || s_attributes[sessionIndex].auditReset |
| 4785 | 811 ) |
| 4786 | 812 return TPM_RC_ATTRIBUTES + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4787 | 813 |
| 4788 | 814 // The nonce size must be zero. |
| 4789 | 815 if(s_nonceCaller[sessionIndex].t.size != 0) |
| 4790 | 816 return TPM_RC_NONCE + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4791 | 817 |
| 4792 | 818 continue; |
| 4793 | 819 } |
| 4794 | 820 // For not password sessions... |
| 4795 | 821 |
| 4796 | 822 // Find out if the session is loaded. |
| 4797 | 823 if(!SessionIsLoaded(s_sessionHandles[sessionIndex])) |
| 4798 | 824 return TPM_RC_REFERENCE_S0 + sessionIndex; |
| 4799 | 825 |
| 4800 | 826 sessionType = HandleGetType(s_sessionHandles[sessionIndex]); |
| 4801 | 827 session = SessionGet(s_sessionHandles[sessionIndex]); |
| 4802 | 828 // Check if the session is an HMAC/policy session. |
| 4803 | |
| 4804 | Family "2.0" TCG Published Page 57 |
| 4805 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 4806 | Trusted Platform Module Library Part 4: Supporting Routines |
| 4807 | |
| 4808 | 829 if( ( session->attributes.isPolicy == SET |
| 4809 | 830 && sessionType == TPM_HT_HMAC_SESSION |
| 4810 | 831 ) |
| 4811 | 832 || ( session->attributes.isPolicy == CLEAR |
| 4812 | 833 && sessionType == TPM_HT_POLICY_SESSION |
| 4813 | 834 ) |
| 4814 | 835 ) |
| 4815 | 836 return TPM_RC_HANDLE + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4816 | 837 |
| 4817 | 838 // Check that this handle has not previously been used. |
| 4818 | 839 for(i = 0; i < sessionIndex; i++) |
| 4819 | 840 { |
| 4820 | 841 if(s_sessionHandles[i] == s_sessionHandles[sessionIndex]) |
| 4821 | 842 return TPM_RC_HANDLE + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4822 | 843 } |
| 4823 | 844 |
| 4824 | 845 // If the session is used for parameter encryption or audit as well, set |
| 4825 | 846 // the corresponding indices. |
| 4826 | 847 |
| 4827 | 848 // First process decrypt. |
| 4828 | 849 if(s_attributes[sessionIndex].decrypt) |
| 4829 | 850 { |
| 4830 | 851 // Check if the commandCode allows command parameter encryption. |
| 4831 | 852 if(DecryptSize(commandCode) == 0) |
| 4832 | 853 return TPM_RC_ATTRIBUTES + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4833 | 854 |
| 4834 | 855 // Encrypt attribute can only appear in one session |
| 4835 | 856 if(s_decryptSessionIndex != UNDEFINED_INDEX) |
| 4836 | 857 return TPM_RC_ATTRIBUTES + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4837 | 858 |
| 4838 | 859 // Can't decrypt if the session's symmetric algorithm is TPM_ALG_NULL |
| 4839 | 860 if(session->symmetric.algorithm == TPM_ALG_NULL) |
| 4840 | 861 return TPM_RC_SYMMETRIC + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4841 | 862 |
| 4842 | 863 // All checks passed, so set the index for the session used to decrypt |
| 4843 | 864 // a command parameter. |
| 4844 | 865 s_decryptSessionIndex = sessionIndex; |
| 4845 | 866 } |
| 4846 | 867 |
| 4847 | 868 // Now process encrypt. |
| 4848 | 869 if(s_attributes[sessionIndex].encrypt) |
| 4849 | 870 { |
| 4850 | 871 // Check if the commandCode allows response parameter encryption. |
| 4851 | 872 if(EncryptSize(commandCode) == 0) |
| 4852 | 873 return TPM_RC_ATTRIBUTES + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4853 | 874 |
| 4854 | 875 // Encrypt attribute can only appear in one session. |
| 4855 | 876 if(s_encryptSessionIndex != UNDEFINED_INDEX) |
| 4856 | 877 return TPM_RC_ATTRIBUTES + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4857 | 878 |
| 4858 | 879 // Can't encrypt if the session's symmetric algorithm is TPM_ALG_NULL |
| 4859 | 880 if(session->symmetric.algorithm == TPM_ALG_NULL) |
| 4860 | 881 return TPM_RC_SYMMETRIC + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4861 | 882 |
| 4862 | 883 // All checks passed, so set the index for the session used to encrypt |
| 4863 | 884 // a response parameter. |
| 4864 | 885 s_encryptSessionIndex = sessionIndex; |
| 4865 | 886 } |
| 4866 | 887 |
| 4867 | 888 // At last process audit. |
| 4868 | 889 if(s_attributes[sessionIndex].audit) |
| 4869 | 890 { |
| 4870 | 891 // Audit attribute can only appear in one session. |
| 4871 | 892 if(s_auditSessionIndex != UNDEFINED_INDEX) |
| 4872 | 893 return TPM_RC_ATTRIBUTES + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4873 | 894 |
| 4874 | |
| 4875 | Page 58 TCG Published Family "2.0" |
| 4876 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 4877 | Part 4: Supporting Routines Trusted Platform Module Library |
| 4878 | |
| 4879 | 895 // An audit session can not be policy session. |
| 4880 | 896 if( HandleGetType(s_sessionHandles[sessionIndex]) |
| 4881 | 897 == TPM_HT_POLICY_SESSION) |
| 4882 | 898 return TPM_RC_ATTRIBUTES + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 4883 | 899 |
| 4884 | 900 // If this is a reset of the audit session, or the first use |
| 4885 | 901 // of the session as an audit session, it doesn't matter what |
| 4886 | 902 // the exclusive state is. The session will become exclusive. |
| 4887 | 903 if( s_attributes[sessionIndex].auditReset == CLEAR |
| 4888 | 904 && session->attributes.isAudit == SET) |
| 4889 | 905 { |
| 4890 | 906 // Not first use or reset. If auditExlusive is SET, then this |
| 4891 | 907 // session must be the current exclusive session. |
| 4892 | 908 if( s_attributes[sessionIndex].auditExclusive == SET |
| 4893 | 909 && g_exclusiveAuditSession != s_sessionHandles[sessionIndex]) |
| 4894 | 910 return TPM_RC_EXCLUSIVE; |
| 4895 | 911 } |
| 4896 | 912 |
| 4897 | 913 s_auditSessionIndex = sessionIndex; |
| 4898 | 914 } |
| 4899 | 915 |
| 4900 | 916 // Initialize associated handle as undefined. This will be changed when |
| 4901 | 917 // the handles are processed. |
| 4902 | 918 s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; |
| 4903 | 919 |
| 4904 | 920 } |
| 4905 | 921 |
| 4906 | 922 // Set the number of sessions found. |
| 4907 | 923 *sessionCount = sessionIndex; |
| 4908 | 924 return TPM_RC_SUCCESS; |
| 4909 | 925 } |
| 4910 | |
| 4911 | |
| 4912 | 6.4.4.7 CheckLockedOut() |
| 4913 | |
| 4914 | This function checks to see if the TPM is in lockout. This function should only be called if the entity being |
| 4915 | checked is subject to DA protection. The TPM is in lockout if the NV is not available and a DA write is |
| 4916 | pending. Otherwise the TPM is locked out if checking for lockoutAuth (lockoutAuthCheck == TRUE) and |
| 4917 | use of lockoutAuth is disabled, or failedTries >= maxTries |
| 4918 | |
| 4919 | Error Returns Meaning |
| 4920 | |
| 4921 | TPM_RC_NV_RATE NV is rate limiting |
| 4922 | TPM_RC_NV_UNAVAILABLE NV is not available at this time |
| 4923 | TPM_RC_LOCKOUT TPM is in lockout |
| 4924 | |
| 4925 | 926 static TPM_RC |
| 4926 | 927 CheckLockedOut( |
| 4927 | 928 BOOL lockoutAuthCheck // IN: TRUE if checking is for lockoutAuth |
| 4928 | 929 ) |
| 4929 | 930 { |
| 4930 | 931 TPM_RC result; |
| 4931 | 932 |
| 4932 | 933 // If NV is unavailable, and current cycle state recorded in NV is not |
| 4933 | 934 // SHUTDOWN_NONE, refuse to check any authorization because we would |
| 4934 | 935 // not be able to handle a DA failure. |
| 4935 | 936 result = NvIsAvailable(); |
| 4936 | 937 if(result != TPM_RC_SUCCESS && gp.orderlyState != SHUTDOWN_NONE) |
| 4937 | 938 return result; |
| 4938 | 939 |
| 4939 | 940 // Check if DA info needs to be updated in NV. |
| 4940 | 941 if(s_DAPendingOnNV) |
| 4941 | 942 { |
| 4942 | |
| 4943 | Family "2.0" TCG Published Page 59 |
| 4944 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 4945 | Trusted Platform Module Library Part 4: Supporting Routines |
| 4946 | |
| 4947 | 943 // If NV is accessible, ... |
| 4948 | 944 if(result == TPM_RC_SUCCESS) |
| 4949 | 945 { |
| 4950 | 946 // ... write the pending DA data and proceed. |
| 4951 | 947 NvWriteReserved(NV_LOCKOUT_AUTH_ENABLED, |
| 4952 | 948 &gp.lockOutAuthEnabled); |
| 4953 | 949 NvWriteReserved(NV_FAILED_TRIES, &gp.failedTries); |
| 4954 | 950 g_updateNV = TRUE; |
| 4955 | 951 s_DAPendingOnNV = FALSE; |
| 4956 | 952 } |
| 4957 | 953 else |
| 4958 | 954 { |
| 4959 | 955 // Otherwise no authorization can be checked. |
| 4960 | 956 return result; |
| 4961 | 957 } |
| 4962 | 958 } |
| 4963 | 959 |
| 4964 | 960 // Lockout is in effect if checking for lockoutAuth and use of lockoutAuth |
| 4965 | 961 // is disabled... |
| 4966 | 962 if(lockoutAuthCheck) |
| 4967 | 963 { |
| 4968 | 964 if(gp.lockOutAuthEnabled == FALSE) |
| 4969 | 965 return TPM_RC_LOCKOUT; |
| 4970 | 966 } |
| 4971 | 967 else |
| 4972 | 968 { |
| 4973 | 969 // ... or if the number of failed tries has been maxed out. |
| 4974 | 970 if(gp.failedTries >= gp.maxTries) |
| 4975 | 971 return TPM_RC_LOCKOUT; |
| 4976 | 972 } |
| 4977 | 973 return TPM_RC_SUCCESS; |
| 4978 | 974 } |
| 4979 | |
| 4980 | |
| 4981 | 6.4.4.8 CheckAuthSession() |
| 4982 | |
| 4983 | This function checks that the authorization session properly authorizes the use of the associated handle. |
| 4984 | |
| 4985 | Error Returns Meaning |
| 4986 | |
| 4987 | TPM_RC_LOCKOUT entity is protected by DA and TPM is in lockout, or TPM is locked out |
| 4988 | on NV update pending on DA parameters |
| 4989 | TPM_RC_PP Physical Presence is required but not provided |
| 4990 | TPM_RC_AUTH_FAIL HMAC or PW authorization failed with DA side-effects (can be a |
| 4991 | policy session) |
| 4992 | TPM_RC_BAD_AUTH HMAC or PW authorization failed without DA side-effects (can be a |
| 4993 | policy session) |
| 4994 | TPM_RC_POLICY_FAIL if policy session fails |
| 4995 | TPM_RC_POLICY_CC command code of policy was wrong |
| 4996 | TPM_RC_EXPIRED the policy session has expired |
| 4997 | TPM_RC_PCR ??? |
| 4998 | TPM_RC_AUTH_UNAVAILABLE authValue or authPolicy unavailable |
| 4999 | |
| 5000 | 975 static TPM_RC |
| 5001 | 976 CheckAuthSession( |
| 5002 | 977 TPM_CC commandCode, // IN: commandCode |
| 5003 | 978 UINT32 sessionIndex, // IN: index of session to be processed |
| 5004 | 979 TPM2B_DIGEST *cpHash, // IN: cpHash |
| 5005 | 980 TPM2B_DIGEST *nameHash // IN: nameHash |
| 5006 | |
| 5007 | |
| 5008 | Page 60 TCG Published Family "2.0" |
| 5009 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 5010 | Part 4: Supporting Routines Trusted Platform Module Library |
| 5011 | |
| 5012 | 981 ) |
| 5013 | 982 { |
| 5014 | 983 TPM_RC result; |
| 5015 | 984 SESSION *session = NULL; |
| 5016 | 985 TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex]; |
| 5017 | 986 TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex]; |
| 5018 | 987 TPM_HT sessionHandleType = HandleGetType(sessionHandle); |
| 5019 | 988 |
| 5020 | 989 pAssert(sessionHandle != TPM_RH_UNASSIGNED); |
| 5021 | 990 |
| 5022 | 991 if(sessionHandle != TPM_RS_PW) |
| 5023 | 992 session = SessionGet(sessionHandle); |
| 5024 | 993 |
| 5025 | 994 pAssert(sessionHandleType != TPM_HT_POLICY_SESSION || session != NULL); |
| 5026 | 995 |
| 5027 | 996 // If the authorization session is not a policy session, or if the policy |
| 5028 | 997 // session requires authorization, then check lockout. |
| 5029 | 998 if( sessionHandleType != TPM_HT_POLICY_SESSION |
| 5030 | 999 || session->attributes.isAuthValueNeeded |
| 5031 | 1000 || session->attributes.isPasswordNeeded) |
| 5032 | 1001 { |
| 5033 | 1002 // See if entity is subject to lockout. |
| 5034 | 1003 if(!IsDAExempted(associatedHandle)) |
| 5035 | 1004 { |
| 5036 | 1005 // If NV is unavailable, and current cycle state recorded in NV is not |
| 5037 | 1006 // SHUTDOWN_NONE, refuse to check any authorization because we would |
| 5038 | 1007 // not be able to handle a DA failure. |
| 5039 | 1008 result = CheckLockedOut(associatedHandle == TPM_RH_LOCKOUT); |
| 5040 | 1009 if(result != TPM_RC_SUCCESS) |
| 5041 | 1010 return result; |
| 5042 | 1011 } |
| 5043 | 1012 } |
| 5044 | 1013 |
| 5045 | 1014 if(associatedHandle == TPM_RH_PLATFORM) |
| 5046 | 1015 { |
| 5047 | 1016 // If the physical presence is required for this command, check for PP |
| 5048 | 1017 // assertion. If it isn't asserted, no point going any further. |
| 5049 | 1018 if( PhysicalPresenceIsRequired(commandCode) |
| 5050 | 1019 && !_plat__PhysicalPresenceAsserted() |
| 5051 | 1020 ) |
| 5052 | 1021 return TPM_RC_PP; |
| 5053 | 1022 } |
| 5054 | 1023 // If a policy session is required, make sure that it is being used. |
| 5055 | 1024 if( IsPolicySessionRequired(commandCode, sessionIndex) |
| 5056 | 1025 && sessionHandleType != TPM_HT_POLICY_SESSION) |
| 5057 | 1026 return TPM_RC_AUTH_TYPE; |
| 5058 | 1027 |
| 5059 | 1028 // If this is a PW authorization, check it and return. |
| 5060 | 1029 if(sessionHandle == TPM_RS_PW) |
| 5061 | 1030 { |
| 5062 | 1031 if(IsAuthValueAvailable(associatedHandle, commandCode, sessionIndex)) |
| 5063 | 1032 return CheckPWAuthSession(sessionIndex); |
| 5064 | 1033 else |
| 5065 | 1034 return TPM_RC_AUTH_UNAVAILABLE; |
| 5066 | 1035 } |
| 5067 | 1036 // If this is a policy session, ... |
| 5068 | 1037 if(sessionHandleType == TPM_HT_POLICY_SESSION) |
| 5069 | 1038 { |
| 5070 | 1039 // ... see if the entity has a policy, ... |
| 5071 | 1040 if( !IsAuthPolicyAvailable(associatedHandle, commandCode, sessionIndex)) |
| 5072 | 1041 return TPM_RC_AUTH_UNAVAILABLE; |
| 5073 | 1042 // ... and check the policy session. |
| 5074 | 1043 result = CheckPolicyAuthSession(sessionIndex, commandCode, |
| 5075 | 1044 cpHash, nameHash); |
| 5076 | 1045 if (result != TPM_RC_SUCCESS) |
| 5077 | 1046 return result; |
| 5078 | |
| 5079 | Family "2.0" TCG Published Page 61 |
| 5080 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 5081 | Trusted Platform Module Library Part 4: Supporting Routines |
| 5082 | |
| 5083 | 1047 } |
| 5084 | 1048 else |
| 5085 | 1049 { |
| 5086 | 1050 // For non policy, the entity being accessed must allow authorization |
| 5087 | 1051 // with an auth value. This is required even if the auth value is not |
| 5088 | 1052 // going to be used in an HMAC because it is bound. |
| 5089 | 1053 if(!IsAuthValueAvailable(associatedHandle, commandCode, sessionIndex)) |
| 5090 | 1054 return TPM_RC_AUTH_UNAVAILABLE; |
| 5091 | 1055 } |
| 5092 | 1056 // At this point, the session must be either a policy or an HMAC session. |
| 5093 | 1057 session = SessionGet(s_sessionHandles[sessionIndex]); |
| 5094 | 1058 |
| 5095 | 1059 if( sessionHandleType == TPM_HT_POLICY_SESSION |
| 5096 | 1060 && session->attributes.isPasswordNeeded == SET) |
| 5097 | 1061 { |
| 5098 | 1062 // For policy session that requires a password, check it as PWAP session. |
| 5099 | 1063 return CheckPWAuthSession(sessionIndex); |
| 5100 | 1064 } |
| 5101 | 1065 else |
| 5102 | 1066 { |
| 5103 | 1067 // For other policy or HMAC sessions, have its HMAC checked. |
| 5104 | 1068 return CheckSessionHMAC(sessionIndex, cpHash); |
| 5105 | 1069 } |
| 5106 | 1070 } |
| 5107 | 1071 #ifdef TPM_CC_GetCommandAuditDigest |
| 5108 | |
| 5109 | |
| 5110 | 6.4.4.9 CheckCommandAudit() |
| 5111 | |
| 5112 | This function checks if the current command may trigger command audit, and if it is safe to perform the |
| 5113 | action. |
| 5114 | |
| 5115 | Error Returns Meaning |
| 5116 | |
| 5117 | TPM_RC_NV_UNAVAILABLE NV is not available for write |
| 5118 | TPM_RC_NV_RATE NV is rate limiting |
| 5119 | |
| 5120 | 1072 static TPM_RC |
| 5121 | 1073 CheckCommandAudit( |
| 5122 | 1074 TPM_CC commandCode, // IN: Command code |
| 5123 | 1075 UINT32 handleNum, // IN: number of element in handle array |
| 5124 | 1076 TPM_HANDLE handles[], // IN: array of handle |
| 5125 | 1077 BYTE *parmBufferStart, // IN: start of parameter buffer |
| 5126 | 1078 UINT32 parmBufferSize // IN: size of parameter buffer |
| 5127 | 1079 ) |
| 5128 | 1080 { |
| 5129 | 1081 TPM_RC result = TPM_RC_SUCCESS; |
| 5130 | 1082 |
| 5131 | 1083 // If audit is implemented, need to check to see if auditing is being done |
| 5132 | 1084 // for this command. |
| 5133 | 1085 if(CommandAuditIsRequired(commandCode)) |
| 5134 | 1086 { |
| 5135 | 1087 // If the audit digest is clear and command audit is required, NV must be |
| 5136 | 1088 // available so that TPM2_GetCommandAuditDigest() is able to increment |
| 5137 | 1089 // audit counter. If NV is not available, the function bails out to prevent |
| 5138 | 1090 // the TPM from attempting an operation that would fail anyway. |
| 5139 | 1091 if( gr.commandAuditDigest.t.size == 0 |
| 5140 | 1092 || commandCode == TPM_CC_GetCommandAuditDigest) |
| 5141 | 1093 { |
| 5142 | 1094 result = NvIsAvailable(); |
| 5143 | 1095 if(result != TPM_RC_SUCCESS) |
| 5144 | 1096 return result; |
| 5145 | 1097 } |
| 5146 | 1098 ComputeCpHash(gp.auditHashAlg, commandCode, handleNum, |
| 5147 | |
| 5148 | Page 62 TCG Published Family "2.0" |
| 5149 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 5150 | Part 4: Supporting Routines Trusted Platform Module Library |
| 5151 | |
| 5152 | 1099 handles, parmBufferSize, parmBufferStart, |
| 5153 | 1100 &s_cpHashForCommandAudit, NULL); |
| 5154 | 1101 } |
| 5155 | 1102 |
| 5156 | 1103 return TPM_RC_SUCCESS; |
| 5157 | 1104 } |
| 5158 | 1105 #endif |
| 5159 | |
| 5160 | |
| 5161 | 6.4.4.10 ParseSessionBuffer() |
| 5162 | |
| 5163 | This function is the entry function for command session processing. It iterates sessions in session area |
| 5164 | and reports if the required authorization has been properly provided. It also processes audit session and |
| 5165 | passes the information of encryption sessions to parameter encryption module. |
| 5166 | |
| 5167 | Error Returns Meaning |
| 5168 | |
| 5169 | various parsing failure or authorization failure |
| 5170 | |
| 5171 | 1106 TPM_RC |
| 5172 | 1107 ParseSessionBuffer( |
| 5173 | 1108 TPM_CC commandCode, // IN: Command code |
| 5174 | 1109 UINT32 handleNum, // IN: number of element in handle array |
| 5175 | 1110 TPM_HANDLE handles[], // IN: array of handle |
| 5176 | 1111 BYTE *sessionBufferStart, // IN: start of session buffer |
| 5177 | 1112 UINT32 sessionBufferSize, // IN: size of session buffer |
| 5178 | 1113 BYTE *parmBufferStart, // IN: start of parameter buffer |
| 5179 | 1114 UINT32 parmBufferSize // IN: size of parameter buffer |
| 5180 | 1115 ) |
| 5181 | 1116 { |
| 5182 | 1117 TPM_RC result; |
| 5183 | 1118 UINT32 i; |
| 5184 | 1119 INT32 size = 0; |
| 5185 | 1120 TPM2B_AUTH extraKey; |
| 5186 | 1121 UINT32 sessionIndex; |
| 5187 | 1122 SESSION *session; |
| 5188 | 1123 TPM2B_DIGEST cpHash; |
| 5189 | 1124 TPM2B_DIGEST nameHash; |
| 5190 | 1125 TPM_ALG_ID cpHashAlg = TPM_ALG_NULL; // algID for the last computed |
| 5191 | 1126 // cpHash |
| 5192 | 1127 |
| 5193 | 1128 // Check if a command allows any session in its session area. |
| 5194 | 1129 if(!IsSessionAllowed(commandCode)) |
| 5195 | 1130 return TPM_RC_AUTH_CONTEXT; |
| 5196 | 1131 |
| 5197 | 1132 // Default-initialization. |
| 5198 | 1133 s_sessionNum = 0; |
| 5199 | 1134 cpHash.t.size = 0; |
| 5200 | 1135 |
| 5201 | 1136 result = RetrieveSessionData(commandCode, &s_sessionNum, |
| 5202 | 1137 sessionBufferStart, sessionBufferSize); |
| 5203 | 1138 if(result != TPM_RC_SUCCESS) |
| 5204 | 1139 return result; |
| 5205 | 1140 |
| 5206 | 1141 // There is no command in the TPM spec that has more handles than |
| 5207 | 1142 // MAX_SESSION_NUM. |
| 5208 | 1143 pAssert(handleNum <= MAX_SESSION_NUM); |
| 5209 | 1144 |
| 5210 | 1145 // Associate the session with an authorization handle. |
| 5211 | 1146 for(i = 0; i < handleNum; i++) |
| 5212 | 1147 { |
| 5213 | 1148 if(CommandAuthRole(commandCode, i) != AUTH_NONE) |
| 5214 | 1149 { |
| 5215 | 1150 // If the received session number is less than the number of handle |
| 5216 | 1151 // that requires authorization, an error should be returned. |
| 5217 | |
| 5218 | Family "2.0" TCG Published Page 63 |
| 5219 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 5220 | Trusted Platform Module Library Part 4: Supporting Routines |
| 5221 | |
| 5222 | 1152 // Note: for all the TPM 2.0 commands, handles requiring |
| 5223 | 1153 // authorization come first in a command input. |
| 5224 | 1154 if(i > (s_sessionNum - 1)) |
| 5225 | 1155 return TPM_RC_AUTH_MISSING; |
| 5226 | 1156 |
| 5227 | 1157 // Record the handle associated with the authorization session |
| 5228 | 1158 s_associatedHandles[i] = handles[i]; |
| 5229 | 1159 } |
| 5230 | 1160 } |
| 5231 | 1161 |
| 5232 | 1162 // Consistency checks are done first to avoid auth failure when the command |
| 5233 | 1163 // will not be executed anyway. |
| 5234 | 1164 for(sessionIndex = 0; sessionIndex < s_sessionNum; sessionIndex++) |
| 5235 | 1165 { |
| 5236 | 1166 // PW session must be an authorization session |
| 5237 | 1167 if(s_sessionHandles[sessionIndex] == TPM_RS_PW ) |
| 5238 | 1168 { |
| 5239 | 1169 if(s_associatedHandles[sessionIndex] == TPM_RH_UNASSIGNED) |
| 5240 | 1170 return TPM_RC_HANDLE + g_rcIndex[sessionIndex]; |
| 5241 | 1171 } |
| 5242 | 1172 else |
| 5243 | 1173 { |
| 5244 | 1174 session = SessionGet(s_sessionHandles[sessionIndex]); |
| 5245 | 1175 |
| 5246 | 1176 // A trial session can not appear in session area, because it cannot |
| 5247 | 1177 // be used for authorization, audit or encrypt/decrypt. |
| 5248 | 1178 if(session->attributes.isTrialPolicy == SET) |
| 5249 | 1179 return TPM_RC_ATTRIBUTES + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 5250 | 1180 |
| 5251 | 1181 // See if the session is bound to a DA protected entity |
| 5252 | 1182 // NOTE: Since a policy session is never bound, a policy is still |
| 5253 | 1183 // usable even if the object is DA protected and the TPM is in |
| 5254 | 1184 // lockout. |
| 5255 | 1185 if(session->attributes.isDaBound == SET) |
| 5256 | 1186 { |
| 5257 | 1187 result = CheckLockedOut(session->attributes.isLockoutBound == SET); |
| 5258 | 1188 if(result != TPM_RC_SUCCESS) |
| 5259 | 1189 return result; |
| 5260 | 1190 } |
| 5261 | 1191 // If the current cpHash is the right one, don't re-compute. |
| 5262 | 1192 if(cpHashAlg != session->authHashAlg) // different so compute |
| 5263 | 1193 { |
| 5264 | 1194 cpHashAlg = session->authHashAlg; // save this new algID |
| 5265 | 1195 ComputeCpHash(session->authHashAlg, commandCode, handleNum, |
| 5266 | 1196 handles, parmBufferSize, parmBufferStart, |
| 5267 | 1197 &cpHash, &nameHash); |
| 5268 | 1198 } |
| 5269 | 1199 // If this session is for auditing, save the cpHash. |
| 5270 | 1200 if(s_attributes[sessionIndex].audit) |
| 5271 | 1201 s_cpHashForAudit = cpHash; |
| 5272 | 1202 } |
| 5273 | 1203 |
| 5274 | 1204 // if the session has an associated handle, check the auth |
| 5275 | 1205 if(s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) |
| 5276 | 1206 { |
| 5277 | 1207 result = CheckAuthSession(commandCode, sessionIndex, |
| 5278 | 1208 &cpHash, &nameHash); |
| 5279 | 1209 if(result != TPM_RC_SUCCESS) |
| 5280 | 1210 return RcSafeAddToResult(result, |
| 5281 | 1211 TPM_RC_S + g_rcIndex[sessionIndex]); |
| 5282 | 1212 } |
| 5283 | 1213 else |
| 5284 | 1214 { |
| 5285 | 1215 // a session that is not for authorization must either be encrypt, |
| 5286 | 1216 // decrypt, or audit |
| 5287 | 1217 if( s_attributes[sessionIndex].audit == CLEAR |
| 5288 | |
| 5289 | Page 64 TCG Published Family "2.0" |
| 5290 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 5291 | Part 4: Supporting Routines Trusted Platform Module Library |
| 5292 | |
| 5293 | 1218 && s_attributes[sessionIndex].encrypt == CLEAR |
| 5294 | 1219 && s_attributes[sessionIndex].decrypt == CLEAR) |
| 5295 | 1220 return TPM_RC_ATTRIBUTES + TPM_RC_S + g_rcIndex[sessionIndex]; |
| 5296 | 1221 |
| 5297 | 1222 // check HMAC for encrypt/decrypt/audit only sessions |
| 5298 | 1223 result = CheckSessionHMAC(sessionIndex, &cpHash); |
| 5299 | 1224 if(result != TPM_RC_SUCCESS) |
| 5300 | 1225 return RcSafeAddToResult(result, |
| 5301 | 1226 TPM_RC_S + g_rcIndex[sessionIndex]); |
| 5302 | 1227 } |
| 5303 | 1228 } |
| 5304 | 1229 |
| 5305 | 1230 #ifdef TPM_CC_GetCommandAuditDigest |
| 5306 | 1231 // Check if the command should be audited. |
| 5307 | 1232 result = CheckCommandAudit(commandCode, handleNum, handles, |
| 5308 | 1233 parmBufferStart, parmBufferSize); |
| 5309 | 1234 if(result != TPM_RC_SUCCESS) |
| 5310 | 1235 return result; // No session number to reference |
| 5311 | 1236 #endif |
| 5312 | 1237 |
| 5313 | 1238 // Decrypt the first parameter if applicable. This should be the last operation |
| 5314 | 1239 // in session processing. |
| 5315 | 1240 // If the encrypt session is associated with a handle and the handle's |
| 5316 | 1241 // authValue is available, then authValue is concatenated with sessionAuth to |
| 5317 | 1242 // generate encryption key, no matter if the handle is the session bound entity |
| 5318 | 1243 // or not. |
| 5319 | 1244 if(s_decryptSessionIndex != UNDEFINED_INDEX) |
| 5320 | 1245 { |
| 5321 | 1246 // Get size of the leading size field in decrypt parameter |
| 5322 | 1247 if( s_associatedHandles[s_decryptSessionIndex] != TPM_RH_UNASSIGNED |
| 5323 | 1248 && IsAuthValueAvailable(s_associatedHandles[s_decryptSessionIndex], |
| 5324 | 1249 commandCode, |
| 5325 | 1250 s_decryptSessionIndex) |
| 5326 | 1251 ) |
| 5327 | 1252 { |
| 5328 | 1253 extraKey.b.size= |
| 5329 | 1254 EntityGetAuthValue(s_associatedHandles[s_decryptSessionIndex], |
| 5330 | 1255 &extraKey.t.buffer); |
| 5331 | 1256 } |
| 5332 | 1257 else |
| 5333 | 1258 { |
| 5334 | 1259 extraKey.b.size = 0; |
| 5335 | 1260 } |
| 5336 | 1261 size = DecryptSize(commandCode); |
| 5337 | 1262 result = CryptParameterDecryption( |
| 5338 | 1263 s_sessionHandles[s_decryptSessionIndex], |
| 5339 | 1264 &s_nonceCaller[s_decryptSessionIndex].b, |
| 5340 | 1265 parmBufferSize, (UINT16)size, |
| 5341 | 1266 &extraKey, |
| 5342 | 1267 parmBufferStart); |
| 5343 | 1268 if(result != TPM_RC_SUCCESS) |
| 5344 | 1269 return RcSafeAddToResult(result, |
| 5345 | 1270 TPM_RC_S + g_rcIndex[s_decryptSessionIndex]); |
| 5346 | 1271 } |
| 5347 | 1272 |
| 5348 | 1273 return TPM_RC_SUCCESS; |
| 5349 | 1274 } |
| 5350 | |
| 5351 | |
| 5352 | 6.4.4.11 CheckAuthNoSession() |
| 5353 | |
| 5354 | Function to process a command with no session associated. The function makes sure all the handles in |
| 5355 | the command require no authorization. |
| 5356 | |
| 5357 | |
| 5358 | |
| 5359 | Family "2.0" TCG Published Page 65 |
| 5360 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 5361 | Trusted Platform Module Library Part 4: Supporting Routines |
| 5362 | |
| 5363 | |
| 5364 | Error Returns Meaning |
| 5365 | |
| 5366 | TPM_RC_AUTH_MISSING failure - one or more handles require auth |
| 5367 | |
| 5368 | 1275 TPM_RC |
| 5369 | 1276 CheckAuthNoSession( |
| 5370 | 1277 TPM_CC commandCode, // IN: Command Code |
| 5371 | 1278 UINT32 handleNum, // IN: number of handles in command |
| 5372 | 1279 TPM_HANDLE handles[], // IN: array of handle |
| 5373 | 1280 BYTE *parmBufferStart, // IN: start of parameter buffer |
| 5374 | 1281 UINT32 parmBufferSize // IN: size of parameter buffer |
| 5375 | 1282 ) |
| 5376 | 1283 { |
| 5377 | 1284 UINT32 i; |
| 5378 | 1285 TPM_RC result = TPM_RC_SUCCESS; |
| 5379 | 1286 |
| 5380 | 1287 // Check if the commandCode requires authorization |
| 5381 | 1288 for(i = 0; i < handleNum; i++) |
| 5382 | 1289 { |
| 5383 | 1290 if(CommandAuthRole(commandCode, i) != AUTH_NONE) |
| 5384 | 1291 return TPM_RC_AUTH_MISSING; |
| 5385 | 1292 } |
| 5386 | 1293 |
| 5387 | 1294 #ifdef TPM_CC_GetCommandAuditDigest |
| 5388 | 1295 // Check if the command should be audited. |
| 5389 | 1296 result = CheckCommandAudit(commandCode, handleNum, handles, |
| 5390 | 1297 parmBufferStart, parmBufferSize); |
| 5391 | 1298 if(result != TPM_RC_SUCCESS) return result; |
| 5392 | 1299 #endif |
| 5393 | 1300 |
| 5394 | 1301 // Initialize number of sessions to be 0 |
| 5395 | 1302 s_sessionNum = 0; |
| 5396 | 1303 |
| 5397 | 1304 return TPM_RC_SUCCESS; |
| 5398 | 1305 } |
| 5399 | |
| 5400 | |
| 5401 | 6.4.5 Response Session Processing |
| 5402 | |
| 5403 | 6.4.5.1 Introduction |
| 5404 | |
| 5405 | The following functions build the session area in a response, and handle the audit sessions (if present). |
| 5406 | |
| 5407 | 6.4.5.2 ComputeRpHash() |
| 5408 | |
| 5409 | Function to compute rpHash (Response Parameter Hash). The rpHash is only computed if there is an |
| 5410 | HMAC authorization session and the return code is TPM_RC_SUCCESS. |
| 5411 | |
| 5412 | 1306 static void |
| 5413 | 1307 ComputeRpHash( |
| 5414 | 1308 TPM_ALG_ID hashAlg, // IN: hash algorithm to compute rpHash |
| 5415 | 1309 TPM_CC commandCode, // IN: commandCode |
| 5416 | 1310 UINT32 resParmBufferSize, // IN: size of response parameter buffer |
| 5417 | 1311 BYTE *resParmBuffer, // IN: response parameter buffer |
| 5418 | 1312 TPM2B_DIGEST *rpHash // OUT: rpHash |
| 5419 | 1313 ) |
| 5420 | 1314 { |
| 5421 | 1315 // The command result in rpHash is always TPM_RC_SUCCESS. |
| 5422 | 1316 TPM_RC responseCode = TPM_RC_SUCCESS; |
| 5423 | 1317 HASH_STATE hashState; |
| 5424 | 1318 |
| 5425 | 1319 // rpHash := hash(responseCode || commandCode || parameters) |
| 5426 | |
| 5427 | Page 66 TCG Published Family "2.0" |
| 5428 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 5429 | Part 4: Supporting Routines Trusted Platform Module Library |
| 5430 | |
| 5431 | 1320 |
| 5432 | 1321 // Initiate hash creation. |
| 5433 | 1322 rpHash->t.size = CryptStartHash(hashAlg, &hashState); |
| 5434 | 1323 |
| 5435 | 1324 // Add hash constituents. |
| 5436 | 1325 CryptUpdateDigestInt(&hashState, sizeof(TPM_RC), &responseCode); |
| 5437 | 1326 CryptUpdateDigestInt(&hashState, sizeof(TPM_CC), &commandCode); |
| 5438 | 1327 CryptUpdateDigest(&hashState, resParmBufferSize, resParmBuffer); |
| 5439 | 1328 |
| 5440 | 1329 // Complete hash computation. |
| 5441 | 1330 CryptCompleteHash2B(&hashState, &rpHash->b); |
| 5442 | 1331 |
| 5443 | 1332 return; |
| 5444 | 1333 } |
| 5445 | |
| 5446 | |
| 5447 | 6.4.5.3 InitAuditSession() |
| 5448 | |
| 5449 | This function initializes the audit data in an audit session. |
| 5450 | |
| 5451 | 1334 static void |
| 5452 | 1335 InitAuditSession( |
| 5453 | 1336 SESSION *session // session to be initialized |
| 5454 | 1337 ) |
| 5455 | 1338 { |
| 5456 | 1339 // Mark session as an audit session. |
| 5457 | 1340 session->attributes.isAudit = SET; |
| 5458 | 1341 |
| 5459 | 1342 // Audit session can not be bound. |
| 5460 | 1343 session->attributes.isBound = CLEAR; |
| 5461 | 1344 |
| 5462 | 1345 // Size of the audit log is the size of session hash algorithm digest. |
| 5463 | 1346 session->u2.auditDigest.t.size = CryptGetHashDigestSize(session->authHashAlg); |
| 5464 | 1347 |
| 5465 | 1348 // Set the original digest value to be 0. |
| 5466 | 1349 MemorySet(&session->u2.auditDigest.t.buffer, |
| 5467 | 1350 0, |
| 5468 | 1351 session->u2.auditDigest.t.size); |
| 5469 | 1352 |
| 5470 | 1353 return; |
| 5471 | 1354 } |
| 5472 | |
| 5473 | |
| 5474 | 6.4.5.4 Audit() |
| 5475 | |
| 5476 | This function updates the audit digest in an audit session. |
| 5477 | |
| 5478 | 1355 static void |
| 5479 | 1356 Audit( |
| 5480 | 1357 SESSION *auditSession, // IN: loaded audit session |
| 5481 | 1358 TPM_CC commandCode, // IN: commandCode |
| 5482 | 1359 UINT32 resParmBufferSize, // IN: size of response parameter buffer |
| 5483 | 1360 BYTE *resParmBuffer // IN: response parameter buffer |
| 5484 | 1361 ) |
| 5485 | 1362 { |
| 5486 | 1363 TPM2B_DIGEST rpHash; // rpHash for response |
| 5487 | 1364 HASH_STATE hashState; |
| 5488 | 1365 |
| 5489 | 1366 // Compute rpHash |
| 5490 | 1367 ComputeRpHash(auditSession->authHashAlg, |
| 5491 | 1368 commandCode, |
| 5492 | 1369 resParmBufferSize, |
| 5493 | 1370 resParmBuffer, |
| 5494 | 1371 &rpHash); |
| 5495 | 1372 |
| 5496 | |
| 5497 | Family "2.0" TCG Published Page 67 |
| 5498 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 5499 | Trusted Platform Module Library Part 4: Supporting Routines |
| 5500 | |
| 5501 | 1373 // auditDigestnew := hash (auditDigestold || cpHash || rpHash) |
| 5502 | 1374 |
| 5503 | 1375 // Start hash computation. |
| 5504 | 1376 CryptStartHash(auditSession->authHashAlg, &hashState); |
| 5505 | 1377 |
| 5506 | 1378 // Add old digest. |
| 5507 | 1379 CryptUpdateDigest2B(&hashState, &auditSession->u2.auditDigest.b); |
| 5508 | 1380 |
| 5509 | 1381 // Add cpHash and rpHash. |
| 5510 | 1382 CryptUpdateDigest2B(&hashState, &s_cpHashForAudit.b); |
| 5511 | 1383 CryptUpdateDigest2B(&hashState, &rpHash.b); |
| 5512 | 1384 |
| 5513 | 1385 // Finalize the hash. |
| 5514 | 1386 CryptCompleteHash2B(&hashState, &auditSession->u2.auditDigest.b); |
| 5515 | 1387 |
| 5516 | 1388 return; |
| 5517 | 1389 } |
| 5518 | 1390 #ifdef TPM_CC_GetCommandAuditDigest |
| 5519 | |
| 5520 | |
| 5521 | 6.4.5.5 CommandAudit() |
| 5522 | |
| 5523 | This function updates the command audit digest. |
| 5524 | |
| 5525 | 1391 static void |
| 5526 | 1392 CommandAudit( |
| 5527 | 1393 TPM_CC commandCode, // IN: commandCode |
| 5528 | 1394 UINT32 resParmBufferSize, // IN: size of response parameter buffer |
| 5529 | 1395 BYTE *resParmBuffer // IN: response parameter buffer |
| 5530 | 1396 ) |
| 5531 | 1397 { |
| 5532 | 1398 if(CommandAuditIsRequired(commandCode)) |
| 5533 | 1399 { |
| 5534 | 1400 TPM2B_DIGEST rpHash; // rpHash for response |
| 5535 | 1401 HASH_STATE hashState; |
| 5536 | 1402 |
| 5537 | 1403 // Compute rpHash. |
| 5538 | 1404 ComputeRpHash(gp.auditHashAlg, commandCode, resParmBufferSize, |
| 5539 | 1405 resParmBuffer, &rpHash); |
| 5540 | 1406 |
| 5541 | 1407 // If the digest.size is one, it indicates the special case of changing |
| 5542 | 1408 // the audit hash algorithm. For this case, no audit is done on exit. |
| 5543 | 1409 // NOTE: When the hash algorithm is changed, g_updateNV is set in order to |
| 5544 | 1410 // force an update to the NV on exit so that the change in digest will |
| 5545 | 1411 // be recorded. So, it is safe to exit here without setting any flags |
| 5546 | 1412 // because the digest change will be written to NV when this code exits. |
| 5547 | 1413 if(gr.commandAuditDigest.t.size == 1) |
| 5548 | 1414 { |
| 5549 | 1415 gr.commandAuditDigest.t.size = 0; |
| 5550 | 1416 return; |
| 5551 | 1417 } |
| 5552 | 1418 |
| 5553 | 1419 // If the digest size is zero, need to start a new digest and increment |
| 5554 | 1420 // the audit counter. |
| 5555 | 1421 if(gr.commandAuditDigest.t.size == 0) |
| 5556 | 1422 { |
| 5557 | 1423 gr.commandAuditDigest.t.size = CryptGetHashDigestSize(gp.auditHashAlg); |
| 5558 | 1424 MemorySet(gr.commandAuditDigest.t.buffer, |
| 5559 | 1425 0, |
| 5560 | 1426 gr.commandAuditDigest.t.size); |
| 5561 | 1427 |
| 5562 | 1428 // Bump the counter and save its value to NV. |
| 5563 | 1429 gp.auditCounter++; |
| 5564 | 1430 NvWriteReserved(NV_AUDIT_COUNTER, &gp.auditCounter); |
| 5565 | 1431 g_updateNV = TRUE; |
| 5566 | |
| 5567 | |
| 5568 | Page 68 TCG Published Family "2.0" |
| 5569 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 5570 | Part 4: Supporting Routines Trusted Platform Module Library |
| 5571 | |
| 5572 | 1432 } |
| 5573 | 1433 |
| 5574 | 1434 // auditDigestnew := hash (auditDigestold || cpHash || rpHash) |
| 5575 | 1435 |
| 5576 | 1436 // Start hash computation. |
| 5577 | 1437 CryptStartHash(gp.auditHashAlg, &hashState); |
| 5578 | 1438 |
| 5579 | 1439 // Add old digest. |
| 5580 | 1440 CryptUpdateDigest2B(&hashState, &gr.commandAuditDigest.b); |
| 5581 | 1441 |
| 5582 | 1442 // Add cpHash |
| 5583 | 1443 CryptUpdateDigest2B(&hashState, &s_cpHashForCommandAudit.b); |
| 5584 | 1444 |
| 5585 | 1445 // Add rpHash |
| 5586 | 1446 CryptUpdateDigest2B(&hashState, &rpHash.b); |
| 5587 | 1447 |
| 5588 | 1448 // Finalize the hash. |
| 5589 | 1449 CryptCompleteHash2B(&hashState, &gr.commandAuditDigest.b); |
| 5590 | 1450 } |
| 5591 | 1451 return; |
| 5592 | 1452 } |
| 5593 | 1453 #endif |
| 5594 | |
| 5595 | |
| 5596 | 6.4.5.6 UpdateAuditSessionStatus() |
| 5597 | |
| 5598 | Function to update the internal audit related states of a session. It |
| 5599 | a) initializes the session as audit session and sets it to be exclusive if this is the first time it is used for |
| 5600 | audit or audit reset was requested; |
| 5601 | b) reports exclusive audit session; |
| 5602 | c) extends audit log; and |
| 5603 | d) clears exclusive audit session if no audit session found in the command. |
| 5604 | |
| 5605 | 1454 static void |
| 5606 | 1455 UpdateAuditSessionStatus( |
| 5607 | 1456 TPM_CC commandCode, // IN: commandCode |
| 5608 | 1457 UINT32 resParmBufferSize, // IN: size of response parameter buffer |
| 5609 | 1458 BYTE *resParmBuffer // IN: response parameter buffer |
| 5610 | 1459 ) |
| 5611 | 1460 { |
| 5612 | 1461 UINT32 i; |
| 5613 | 1462 TPM_HANDLE auditSession = TPM_RH_UNASSIGNED; |
| 5614 | 1463 |
| 5615 | 1464 // Iterate through sessions |
| 5616 | 1465 for (i = 0; i < s_sessionNum; i++) |
| 5617 | 1466 { |
| 5618 | 1467 SESSION *session; |
| 5619 | 1468 |
| 5620 | 1469 // PW session do not have a loaded session and can not be an audit |
| 5621 | 1470 // session either. Skip it. |
| 5622 | 1471 if(s_sessionHandles[i] == TPM_RS_PW) continue; |
| 5623 | 1472 |
| 5624 | 1473 session = SessionGet(s_sessionHandles[i]); |
| 5625 | 1474 |
| 5626 | 1475 // If a session is used for audit |
| 5627 | 1476 if(s_attributes[i].audit == SET) |
| 5628 | 1477 { |
| 5629 | 1478 // An audit session has been found |
| 5630 | 1479 auditSession = s_sessionHandles[i]; |
| 5631 | 1480 |
| 5632 | 1481 // If the session has not been an audit session yet, or |
| 5633 | 1482 // the auditSetting bits indicate a reset, initialize it and set |
| 5634 | |
| 5635 | Family "2.0" TCG Published Page 69 |
| 5636 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 5637 | Trusted Platform Module Library Part 4: Supporting Routines |
| 5638 | |
| 5639 | 1483 // it to be the exclusive session |
| 5640 | 1484 if( session->attributes.isAudit == CLEAR |
| 5641 | 1485 || s_attributes[i].auditReset == SET |
| 5642 | 1486 ) |
| 5643 | 1487 { |
| 5644 | 1488 InitAuditSession(session); |
| 5645 | 1489 g_exclusiveAuditSession = auditSession; |
| 5646 | 1490 } |
| 5647 | 1491 else |
| 5648 | 1492 { |
| 5649 | 1493 // Check if the audit session is the current exclusive audit |
| 5650 | 1494 // session and, if not, clear previous exclusive audit session. |
| 5651 | 1495 if(g_exclusiveAuditSession != auditSession) |
| 5652 | 1496 g_exclusiveAuditSession = TPM_RH_UNASSIGNED; |
| 5653 | 1497 } |
| 5654 | 1498 |
| 5655 | 1499 // Report audit session exclusivity. |
| 5656 | 1500 if(g_exclusiveAuditSession == auditSession) |
| 5657 | 1501 { |
| 5658 | 1502 s_attributes[i].auditExclusive = SET; |
| 5659 | 1503 } |
| 5660 | 1504 else |
| 5661 | 1505 { |
| 5662 | 1506 s_attributes[i].auditExclusive = CLEAR; |
| 5663 | 1507 } |
| 5664 | 1508 |
| 5665 | 1509 // Extend audit log. |
| 5666 | 1510 Audit(session, commandCode, resParmBufferSize, resParmBuffer); |
| 5667 | 1511 } |
| 5668 | 1512 } |
| 5669 | 1513 |
| 5670 | 1514 // If no audit session is found in the command, and the command allows |
| 5671 | 1515 // a session then, clear the current exclusive |
| 5672 | 1516 // audit session. |
| 5673 | 1517 if(auditSession == TPM_RH_UNASSIGNED && IsSessionAllowed(commandCode)) |
| 5674 | 1518 { |
| 5675 | 1519 g_exclusiveAuditSession = TPM_RH_UNASSIGNED; |
| 5676 | 1520 } |
| 5677 | 1521 |
| 5678 | 1522 return; |
| 5679 | 1523 } |
| 5680 | |
| 5681 | |
| 5682 | 6.4.5.7 ComputeResponseHMAC() |
| 5683 | |
| 5684 | Function to compute HMAC for authorization session in a response. |
| 5685 | |
| 5686 | 1524 static void |
| 5687 | 1525 ComputeResponseHMAC( |
| 5688 | 1526 UINT32 sessionIndex, // IN: session index to be processed |
| 5689 | 1527 SESSION *session, // IN: loaded session |
| 5690 | 1528 TPM_CC commandCode, // IN: commandCode |
| 5691 | 1529 TPM2B_NONCE *nonceTPM, // IN: nonceTPM |
| 5692 | 1530 UINT32 resParmBufferSize, // IN: size of response parameter buffer |
| 5693 | 1531 BYTE *resParmBuffer, // IN: response parameter buffer |
| 5694 | 1532 TPM2B_DIGEST *hmac // OUT: authHMAC |
| 5695 | 1533 ) |
| 5696 | 1534 { |
| 5697 | 1535 TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2)); |
| 5698 | 1536 TPM2B_KEY key; // HMAC key |
| 5699 | 1537 BYTE marshalBuffer[sizeof(TPMA_SESSION)]; |
| 5700 | 1538 BYTE *buffer; |
| 5701 | 1539 UINT32 marshalSize; |
| 5702 | 1540 HMAC_STATE hmacState; |
| 5703 | 1541 TPM2B_DIGEST rp_hash; |
| 5704 | |
| 5705 | |
| 5706 | Page 70 TCG Published Family "2.0" |
| 5707 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 5708 | Part 4: Supporting Routines Trusted Platform Module Library |
| 5709 | |
| 5710 | 1542 |
| 5711 | 1543 // Compute rpHash. |
| 5712 | 1544 ComputeRpHash(session->authHashAlg, commandCode, resParmBufferSize, |
| 5713 | 1545 resParmBuffer, &rp_hash); |
| 5714 | 1546 |
| 5715 | 1547 // Generate HMAC key |
| 5716 | 1548 MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); |
| 5717 | 1549 |
| 5718 | 1550 // Check if the session has an associated handle and the associated entity is |
| 5719 | 1551 // the one that the session is bound to. |
| 5720 | 1552 // If not bound, add the authValue of this entity to the HMAC key. |
| 5721 | 1553 if( s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED |
| 5722 | 1554 && !( HandleGetType(s_sessionHandles[sessionIndex]) |
| 5723 | 1555 == TPM_HT_POLICY_SESSION |
| 5724 | 1556 && session->attributes.isAuthValueNeeded == CLEAR) |
| 5725 | 1557 && !session->attributes.requestWasBound) |
| 5726 | 1558 { |
| 5727 | 1559 pAssert((sizeof(AUTH_VALUE) + key.t.size) <= sizeof(key.t.buffer)); |
| 5728 | 1560 key.t.size = key.t.size + |
| 5729 | 1561 EntityGetAuthValue(s_associatedHandles[sessionIndex], |
| 5730 | 1562 (AUTH_VALUE *)&key.t.buffer[key.t.size]); |
| 5731 | 1563 } |
| 5732 | 1564 |
| 5733 | 1565 // if the HMAC key size for a policy session is 0, the response HMAC is |
| 5734 | 1566 // computed according to the input HMAC |
| 5735 | 1567 if(HandleGetType(s_sessionHandles[sessionIndex]) == TPM_HT_POLICY_SESSION |
| 5736 | 1568 && key.t.size == 0 |
| 5737 | 1569 && s_inputAuthValues[sessionIndex].t.size == 0) |
| 5738 | 1570 { |
| 5739 | 1571 hmac->t.size = 0; |
| 5740 | 1572 return; |
| 5741 | 1573 } |
| 5742 | 1574 |
| 5743 | 1575 // Start HMAC computation. |
| 5744 | 1576 hmac->t.size = CryptStartHMAC2B(session->authHashAlg, &key.b, &hmacState); |
| 5745 | 1577 |
| 5746 | 1578 // Add hash components. |
| 5747 | 1579 CryptUpdateDigest2B(&hmacState, &rp_hash.b); |
| 5748 | 1580 CryptUpdateDigest2B(&hmacState, &nonceTPM->b); |
| 5749 | 1581 CryptUpdateDigest2B(&hmacState, &s_nonceCaller[sessionIndex].b); |
| 5750 | 1582 |
| 5751 | 1583 // Add session attributes. |
| 5752 | 1584 buffer = marshalBuffer; |
| 5753 | 1585 marshalSize = TPMA_SESSION_Marshal(&s_attributes[sessionIndex], &buffer, NULL); |
| 5754 | 1586 CryptUpdateDigest(&hmacState, marshalSize, marshalBuffer); |
| 5755 | 1587 |
| 5756 | 1588 // Finalize HMAC. |
| 5757 | 1589 CryptCompleteHMAC2B(&hmacState, &hmac->b); |
| 5758 | 1590 |
| 5759 | 1591 return; |
| 5760 | 1592 } |
| 5761 | |
| 5762 | |
| 5763 | 6.4.5.8 BuildSingleResponseAuth() |
| 5764 | |
| 5765 | Function to compute response for an authorization session. |
| 5766 | |
| 5767 | 1593 static void |
| 5768 | 1594 BuildSingleResponseAuth( |
| 5769 | 1595 UINT32 sessionIndex, // IN: session index to be processed |
| 5770 | 1596 TPM_CC commandCode, // IN: commandCode |
| 5771 | 1597 UINT32 resParmBufferSize, // IN: size of response parameter buffer |
| 5772 | 1598 BYTE *resParmBuffer, // IN: response parameter buffer |
| 5773 | 1599 TPM2B_AUTH *auth // OUT: authHMAC |
| 5774 | 1600 ) |
| 5775 | |
| 5776 | |
| 5777 | Family "2.0" TCG Published Page 71 |
| 5778 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 5779 | Trusted Platform Module Library Part 4: Supporting Routines |
| 5780 | |
| 5781 | 1601 { |
| 5782 | 1602 // For password authorization, field is empty. |
| 5783 | 1603 if(s_sessionHandles[sessionIndex] == TPM_RS_PW) |
| 5784 | 1604 { |
| 5785 | 1605 auth->t.size = 0; |
| 5786 | 1606 } |
| 5787 | 1607 else |
| 5788 | 1608 { |
| 5789 | 1609 // Fill in policy/HMAC based session response. |
| 5790 | 1610 SESSION *session = SessionGet(s_sessionHandles[sessionIndex]); |
| 5791 | 1611 |
| 5792 | 1612 // If the session is a policy session with isPasswordNeeded SET, the auth |
| 5793 | 1613 // field is empty. |
| 5794 | 1614 if(HandleGetType(s_sessionHandles[sessionIndex]) == TPM_HT_POLICY_SESSION |
| 5795 | 1615 && session->attributes.isPasswordNeeded == SET) |
| 5796 | 1616 auth->t.size = 0; |
| 5797 | 1617 else |
| 5798 | 1618 // Compute response HMAC. |
| 5799 | 1619 ComputeResponseHMAC(sessionIndex, |
| 5800 | 1620 session, |
| 5801 | 1621 commandCode, |
| 5802 | 1622 &session->nonceTPM, |
| 5803 | 1623 resParmBufferSize, |
| 5804 | 1624 resParmBuffer, |
| 5805 | 1625 auth); |
| 5806 | 1626 } |
| 5807 | 1627 |
| 5808 | 1628 return; |
| 5809 | 1629 } |
| 5810 | |
| 5811 | |
| 5812 | 6.4.5.9 UpdateTPMNonce() |
| 5813 | |
| 5814 | Updates TPM nonce in both internal session or response if applicable. |
| 5815 | |
| 5816 | 1630 static void |
| 5817 | 1631 UpdateTPMNonce( |
| 5818 | 1632 UINT16 noncesSize, // IN: number of elements in 'nonces' array |
| 5819 | 1633 TPM2B_NONCE nonces[] // OUT: nonceTPM |
| 5820 | 1634 ) |
| 5821 | 1635 { |
| 5822 | 1636 UINT32 i; |
| 5823 | 1637 pAssert(noncesSize >= s_sessionNum); |
| 5824 | 1638 for(i = 0; i < s_sessionNum; i++) |
| 5825 | 1639 { |
| 5826 | 1640 SESSION *session; |
| 5827 | 1641 // For PW session, nonce is 0. |
| 5828 | 1642 if(s_sessionHandles[i] == TPM_RS_PW) |
| 5829 | 1643 { |
| 5830 | 1644 nonces[i].t.size = 0; |
| 5831 | 1645 continue; |
| 5832 | 1646 } |
| 5833 | 1647 session = SessionGet(s_sessionHandles[i]); |
| 5834 | 1648 // Update nonceTPM in both internal session and response. |
| 5835 | 1649 CryptGenerateRandom(session->nonceTPM.t.size, session->nonceTPM.t.buffer); |
| 5836 | 1650 nonces[i] = session->nonceTPM; |
| 5837 | 1651 } |
| 5838 | 1652 return; |
| 5839 | 1653 } |
| 5840 | |
| 5841 | |
| 5842 | 6.4.5.10 UpdateInternalSession() |
| 5843 | |
| 5844 | Updates internal sessions: |
| 5845 | |
| 5846 | |
| 5847 | Page 72 TCG Published Family "2.0" |
| 5848 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 5849 | Part 4: Supporting Routines Trusted Platform Module Library |
| 5850 | |
| 5851 | |
| 5852 | a) Restarts session time, and |
| 5853 | b) Clears a policy session since nonce is rolling. |
| 5854 | |
| 5855 | 1654 static void |
| 5856 | 1655 UpdateInternalSession( |
| 5857 | 1656 void |
| 5858 | 1657 ) |
| 5859 | 1658 { |
| 5860 | 1659 UINT32 i; |
| 5861 | 1660 for(i = 0; i < s_sessionNum; i++) |
| 5862 | 1661 { |
| 5863 | 1662 // For PW session, no update. |
| 5864 | 1663 if(s_sessionHandles[i] == TPM_RS_PW) continue; |
| 5865 | 1664 |
| 5866 | 1665 if(s_attributes[i].continueSession == CLEAR) |
| 5867 | 1666 { |
| 5868 | 1667 // Close internal session. |
| 5869 | 1668 SessionFlush(s_sessionHandles[i]); |
| 5870 | 1669 } |
| 5871 | 1670 else |
| 5872 | 1671 { |
| 5873 | 1672 // If nonce is rolling in a policy session, the policy related data |
| 5874 | 1673 // will be re-initialized. |
| 5875 | 1674 if(HandleGetType(s_sessionHandles[i]) == TPM_HT_POLICY_SESSION) |
| 5876 | 1675 { |
| 5877 | 1676 SESSION *session = SessionGet(s_sessionHandles[i]); |
| 5878 | 1677 |
| 5879 | 1678 // When the nonce rolls it starts a new timing interval for the |
| 5880 | 1679 // policy session. |
| 5881 | 1680 SessionResetPolicyData(session); |
| 5882 | 1681 session->startTime = go.clock; |
| 5883 | 1682 } |
| 5884 | 1683 } |
| 5885 | 1684 } |
| 5886 | 1685 return; |
| 5887 | 1686 } |
| 5888 | |
| 5889 | |
| 5890 | 6.4.5.11 BuildResponseSession() |
| 5891 | |
| 5892 | Function to build Session buffer in a response. |
| 5893 | |
| 5894 | 1687 void |
| 5895 | 1688 BuildResponseSession( |
| 5896 | 1689 TPM_ST tag, // IN: tag |
| 5897 | 1690 TPM_CC commandCode, // IN: commandCode |
| 5898 | 1691 UINT32 resHandleSize, // IN: size of response handle buffer |
| 5899 | 1692 UINT32 resParmSize, // IN: size of response parameter buffer |
| 5900 | 1693 UINT32 *resSessionSize // OUT: response session area |
| 5901 | 1694 ) |
| 5902 | 1695 { |
| 5903 | 1696 BYTE *resParmBuffer; |
| 5904 | 1697 TPM2B_NONCE responseNonces[MAX_SESSION_NUM]; |
| 5905 | 1698 |
| 5906 | 1699 // Compute response parameter buffer start. |
| 5907 | 1700 resParmBuffer = MemoryGetResponseBuffer(commandCode) + sizeof(TPM_ST) + |
| 5908 | 1701 sizeof(UINT32) + sizeof(TPM_RC) + resHandleSize; |
| 5909 | 1702 |
| 5910 | 1703 // For TPM_ST_SESSIONS, there is parameterSize field. |
| 5911 | 1704 if(tag == TPM_ST_SESSIONS) |
| 5912 | 1705 resParmBuffer += sizeof(UINT32); |
| 5913 | 1706 |
| 5914 | 1707 // Session nonce should be updated before parameter encryption |
| 5915 | 1708 if(tag == TPM_ST_SESSIONS) |
| 5916 | |
| 5917 | Family "2.0" TCG Published Page 73 |
| 5918 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 5919 | Trusted Platform Module Library Part 4: Supporting Routines |
| 5920 | |
| 5921 | 1709 { |
| 5922 | 1710 UpdateTPMNonce(MAX_SESSION_NUM, responseNonces); |
| 5923 | 1711 |
| 5924 | 1712 // Encrypt first parameter if applicable. Parameter encryption should |
| 5925 | 1713 // happen after nonce update and before any rpHash is computed. |
| 5926 | 1714 // If the encrypt session is associated with a handle, the authValue of |
| 5927 | 1715 // this handle will be concatenated with sessionAuth to generate |
| 5928 | 1716 // encryption key, no matter if the handle is the session bound entity |
| 5929 | 1717 // or not. The authValue is added to sessionAuth only when the authValue |
| 5930 | 1718 // is available. |
| 5931 | 1719 if(s_encryptSessionIndex != UNDEFINED_INDEX) |
| 5932 | 1720 { |
| 5933 | 1721 UINT32 size; |
| 5934 | 1722 TPM2B_AUTH extraKey; |
| 5935 | 1723 |
| 5936 | 1724 // Get size of the leading size field |
| 5937 | 1725 if( s_associatedHandles[s_encryptSessionIndex] != TPM_RH_UNASSIGNED |
| 5938 | 1726 && IsAuthValueAvailable(s_associatedHandles[s_encryptSessionIndex], |
| 5939 | 1727 commandCode, s_encryptSessionIndex) |
| 5940 | 1728 ) |
| 5941 | 1729 { |
| 5942 | 1730 extraKey.b.size = |
| 5943 | 1731 EntityGetAuthValue(s_associatedHandles[s_encryptSessionIndex], |
| 5944 | 1732 &extraKey.t.buffer); |
| 5945 | 1733 } |
| 5946 | 1734 else |
| 5947 | 1735 { |
| 5948 | 1736 extraKey.b.size = 0; |
| 5949 | 1737 } |
| 5950 | 1738 size = EncryptSize(commandCode); |
| 5951 | 1739 CryptParameterEncryption(s_sessionHandles[s_encryptSessionIndex], |
| 5952 | 1740 &s_nonceCaller[s_encryptSessionIndex].b, |
| 5953 | 1741 (UINT16)size, |
| 5954 | 1742 &extraKey, |
| 5955 | 1743 resParmBuffer); |
| 5956 | 1744 |
| 5957 | 1745 } |
| 5958 | 1746 |
| 5959 | 1747 } |
| 5960 | 1748 // Audit session should be updated first regardless of the tag. |
| 5961 | 1749 // A command with no session may trigger a change of the exclusivity state. |
| 5962 | 1750 UpdateAuditSessionStatus(commandCode, resParmSize, resParmBuffer); |
| 5963 | 1751 |
| 5964 | 1752 // Audit command. |
| 5965 | 1753 CommandAudit(commandCode, resParmSize, resParmBuffer); |
| 5966 | 1754 |
| 5967 | 1755 // Process command with sessions. |
| 5968 | 1756 if(tag == TPM_ST_SESSIONS) |
| 5969 | 1757 { |
| 5970 | 1758 UINT32 i; |
| 5971 | 1759 BYTE *buffer; |
| 5972 | 1760 TPM2B_DIGEST responseAuths[MAX_SESSION_NUM]; |
| 5973 | 1761 |
| 5974 | 1762 pAssert(s_sessionNum > 0); |
| 5975 | 1763 |
| 5976 | 1764 // Iterate over each session in the command session area, and create |
| 5977 | 1765 // corresponding sessions for response. |
| 5978 | 1766 for(i = 0; i < s_sessionNum; i++) |
| 5979 | 1767 { |
| 5980 | 1768 BuildSingleResponseAuth( |
| 5981 | 1769 i, |
| 5982 | 1770 commandCode, |
| 5983 | 1771 resParmSize, |
| 5984 | 1772 resParmBuffer, |
| 5985 | 1773 &responseAuths[i]); |
| 5986 | 1774 // Make sure that continueSession is SET on any Password session. |
| 5987 | |
| 5988 | Page 74 TCG Published Family "2.0" |
| 5989 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 5990 | Part 4: Supporting Routines Trusted Platform Module Library |
| 5991 | |
| 5992 | 1775 // This makes it marginally easier for the management software |
| 5993 | 1776 // to keep track of the closed sessions. |
| 5994 | 1777 if( s_attributes[i].continueSession == CLEAR |
| 5995 | 1778 && s_sessionHandles[i] == TPM_RS_PW) |
| 5996 | 1779 { |
| 5997 | 1780 s_attributes[i].continueSession = SET; |
| 5998 | 1781 } |
| 5999 | 1782 } |
| 6000 | 1783 |
| 6001 | 1784 // Assemble Response Sessions. |
| 6002 | 1785 *resSessionSize = 0; |
| 6003 | 1786 buffer = resParmBuffer + resParmSize; |
| 6004 | 1787 for(i = 0; i < s_sessionNum; i++) |
| 6005 | 1788 { |
| 6006 | 1789 *resSessionSize += TPM2B_NONCE_Marshal(&responseNonces[i], |
| 6007 | 1790 &buffer, NULL); |
| 6008 | 1791 *resSessionSize += TPMA_SESSION_Marshal(&s_attributes[i], |
| 6009 | 1792 &buffer, NULL); |
| 6010 | 1793 *resSessionSize += TPM2B_DIGEST_Marshal(&responseAuths[i], |
| 6011 | 1794 &buffer, NULL); |
| 6012 | 1795 } |
| 6013 | 1796 |
| 6014 | 1797 // Update internal sessions after completing response buffer computation. |
| 6015 | 1798 UpdateInternalSession(); |
| 6016 | 1799 } |
| 6017 | 1800 else |
| 6018 | 1801 { |
| 6019 | 1802 // Process command with no session. |
| 6020 | 1803 *resSessionSize = 0; |
| 6021 | 1804 } |
| 6022 | 1805 |
| 6023 | 1806 return; |
| 6024 | 1807 } |
| 6025 | |
| 6026 | |
| 6027 | |
| 6028 | |
| 6029 | Family "2.0" TCG Published Page 75 |
| 6030 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 6031 | Trusted Platform Module Library Part 4: Supporting Routines |
| 6032 | |
| 6033 | |
| 6034 | 7 Command Support Functions |
| 6035 | |
| 6036 | 7.1 Introduction |
| 6037 | |
| 6038 | This clause contains support routines that are called by the command action code in TPM 2.0 Part 3. The |
| 6039 | functions are grouped by the command group that is supported by the functions. |
| 6040 | |
| 6041 | 7.2 Attestation Command Support (Attest_spt.c) |
| 6042 | |
| 6043 | 7.2.1 Includes |
| 6044 | |
| 6045 | 1 #include "InternalRoutines.h" |
| 6046 | 2 #include "Attest_spt_fp.h" |
| 6047 | |
| 6048 | |
| 6049 | 7.2.2 Functions |
| 6050 | |
| 6051 | 7.2.2.1 FillInAttestInfo() |
| 6052 | |
| 6053 | Fill in common fields of TPMS_ATTEST structure. |
| 6054 | |
| 6055 | Error Returns Meaning |
| 6056 | |
| 6057 | TPM_RC_KEY key referenced by signHandle is not a signing key |
| 6058 | TPM_RC_SCHEME both scheme and key's default scheme are empty; or scheme is |
| 6059 | empty while key's default scheme requires explicit input scheme (split |
| 6060 | signing); or non-empty default key scheme differs from scheme |
| 6061 | |
| 6062 | 3 TPM_RC |
| 6063 | 4 FillInAttestInfo( |
| 6064 | 5 TPMI_DH_OBJECT signHandle, // IN: handle of signing object |
| 6065 | 6 TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing |
| 6066 | 7 TPM2B_DATA *data, // IN: qualifying data |
| 6067 | 8 TPMS_ATTEST *attest // OUT: attest structure |
| 6068 | 9 ) |
| 6069 | 10 { |
| 6070 | 11 TPM_RC result; |
| 6071 | 12 TPMI_RH_HIERARCHY signHierarhcy; |
| 6072 | 13 |
| 6073 | 14 result = CryptSelectSignScheme(signHandle, scheme); |
| 6074 | 15 if(result != TPM_RC_SUCCESS) |
| 6075 | 16 return result; |
| 6076 | 17 |
| 6077 | 18 // Magic number |
| 6078 | 19 attest->magic = TPM_GENERATED_VALUE; |
| 6079 | 20 |
| 6080 | 21 if(signHandle == TPM_RH_NULL) |
| 6081 | 22 { |
| 6082 | 23 BYTE *buffer; |
| 6083 | 24 // For null sign handle, the QN is TPM_RH_NULL |
| 6084 | 25 buffer = attest->qualifiedSigner.t.name; |
| 6085 | 26 attest->qualifiedSigner.t.size = |
| 6086 | 27 TPM_HANDLE_Marshal(&signHandle, &buffer, NULL); |
| 6087 | 28 } |
| 6088 | 29 else |
| 6089 | 30 { |
| 6090 | 31 // Certifying object qualified name |
| 6091 | 32 // if the scheme is anonymous, this is an empty buffer |
| 6092 | 33 if(CryptIsSchemeAnonymous(scheme->scheme)) |
| 6093 | |
| 6094 | Page 76 TCG Published Family "2.0" |
| 6095 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 6096 | Part 4: Supporting Routines Trusted Platform Module Library |
| 6097 | |
| 6098 | 34 attest->qualifiedSigner.t.size = 0; |
| 6099 | 35 else |
| 6100 | 36 ObjectGetQualifiedName(signHandle, &attest->qualifiedSigner); |
| 6101 | 37 } |
| 6102 | 38 |
| 6103 | 39 // current clock in plain text |
| 6104 | 40 TimeFillInfo(&attest->clockInfo); |
| 6105 | 41 |
| 6106 | 42 // Firmware version in plain text |
| 6107 | 43 attest->firmwareVersion = ((UINT64) gp.firmwareV1 << (sizeof(UINT32) * 8)); |
| 6108 | 44 attest->firmwareVersion += gp.firmwareV2; |
| 6109 | 45 |
| 6110 | 46 // Get the hierarchy of sign object. For NULL sign handle, the hierarchy |
| 6111 | 47 // will be TPM_RH_NULL |
| 6112 | 48 signHierarhcy = EntityGetHierarchy(signHandle); |
| 6113 | 49 if(signHierarhcy != TPM_RH_PLATFORM && signHierarhcy != TPM_RH_ENDORSEMENT) |
| 6114 | 50 { |
| 6115 | 51 // For sign object is not in platform or endorsement hierarchy, |
| 6116 | 52 // obfuscate the clock and firmwereVersion information |
| 6117 | 53 UINT64 obfuscation[2]; |
| 6118 | 54 TPMI_ALG_HASH hashAlg; |
| 6119 | 55 |
| 6120 | 56 // Get hash algorithm |
| 6121 | 57 if(signHandle == TPM_RH_NULL || signHandle == TPM_RH_OWNER) |
| 6122 | 58 { |
| 6123 | 59 hashAlg = CONTEXT_INTEGRITY_HASH_ALG; |
| 6124 | 60 } |
| 6125 | 61 else |
| 6126 | 62 { |
| 6127 | 63 OBJECT *signObject = NULL; |
| 6128 | 64 signObject = ObjectGet(signHandle); |
| 6129 | 65 hashAlg = signObject->publicArea.nameAlg; |
| 6130 | 66 } |
| 6131 | 67 KDFa(hashAlg, &gp.shProof.b, "OBFUSCATE", |
| 6132 | 68 &attest->qualifiedSigner.b, NULL, 128, (BYTE *)&obfuscation[0], NULL); |
| 6133 | 69 |
| 6134 | 70 // Obfuscate data |
| 6135 | 71 attest->firmwareVersion += obfuscation[0]; |
| 6136 | 72 attest->clockInfo.resetCount += (UINT32)(obfuscation[1] >> 32); |
| 6137 | 73 attest->clockInfo.restartCount += (UINT32)obfuscation[1]; |
| 6138 | 74 } |
| 6139 | 75 |
| 6140 | 76 // External data |
| 6141 | 77 if(CryptIsSchemeAnonymous(scheme->scheme)) |
| 6142 | 78 attest->extraData.t.size = 0; |
| 6143 | 79 else |
| 6144 | 80 { |
| 6145 | 81 // If we move the data to the attestation structure, then we will not use |
| 6146 | 82 // it in the signing operation except as part of the signed data |
| 6147 | 83 attest->extraData = *data; |
| 6148 | 84 data->t.size = 0; |
| 6149 | 85 } |
| 6150 | 86 |
| 6151 | 87 return TPM_RC_SUCCESS; |
| 6152 | 88 } |
| 6153 | |
| 6154 | |
| 6155 | 7.2.2.2 SignAttestInfo() |
| 6156 | |
| 6157 | Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature is returned. |
| 6158 | |
| 6159 | |
| 6160 | |
| 6161 | |
| 6162 | Family "2.0" TCG Published Page 77 |
| 6163 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 6164 | Trusted Platform Module Library Part 4: Supporting Routines |
| 6165 | |
| 6166 | |
| 6167 | Error Returns Meaning |
| 6168 | |
| 6169 | TPM_RC_ATTRIBUTES signHandle references not a signing key |
| 6170 | TPM_RC_SCHEME scheme is not compatible with signHandle type |
| 6171 | TPM_RC_VALUE digest generated for the given scheme is greater than the modulus of |
| 6172 | signHandle (for an RSA key); invalid commit status or failed to |
| 6173 | generate r value (for an ECC key) |
| 6174 | |
| 6175 | 89 TPM_RC |
| 6176 | 90 SignAttestInfo( |
| 6177 | 91 TPMI_DH_OBJECT signHandle, // IN: handle of sign object |
| 6178 | 92 TPMT_SIG_SCHEME *scheme, // IN: sign scheme |
| 6179 | 93 TPMS_ATTEST *certifyInfo, // IN: the data to be signed |
| 6180 | 94 TPM2B_DATA *qualifyingData, // IN: extra data for the signing proce |
| 6181 | 95 TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be |
| 6182 | 96 // signed |
| 6183 | 97 TPMT_SIGNATURE *signature // OUT: signature |
| 6184 | 98 ) |
| 6185 | 99 { |
| 6186 | 100 TPM_RC result; |
| 6187 | 101 TPMI_ALG_HASH hashAlg; |
| 6188 | 102 BYTE *buffer; |
| 6189 | 103 HASH_STATE hashState; |
| 6190 | 104 TPM2B_DIGEST digest; |
| 6191 | 105 |
| 6192 | 106 // Marshal TPMS_ATTEST structure for hash |
| 6193 | 107 buffer = attest->t.attestationData; |
| 6194 | 108 attest->t.size = TPMS_ATTEST_Marshal(certifyInfo, &buffer, NULL); |
| 6195 | 109 |
| 6196 | 110 if(signHandle == TPM_RH_NULL) |
| 6197 | 111 { |
| 6198 | 112 signature->sigAlg = TPM_ALG_NULL; |
| 6199 | 113 } |
| 6200 | 114 else |
| 6201 | 115 { |
| 6202 | 116 // Attestation command may cause the orderlyState to be cleared due to |
| 6203 | 117 // the reporting of clock info. If this is the case, check if NV is |
| 6204 | 118 // available first |
| 6205 | 119 if(gp.orderlyState != SHUTDOWN_NONE) |
| 6206 | 120 { |
| 6207 | 121 // The command needs NV update. Check if NV is available. |
| 6208 | 122 // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at |
| 6209 | 123 // this point |
| 6210 | 124 result = NvIsAvailable(); |
| 6211 | 125 if(result != TPM_RC_SUCCESS) |
| 6212 | 126 return result; |
| 6213 | 127 } |
| 6214 | 128 |
| 6215 | 129 // Compute hash |
| 6216 | 130 hashAlg = scheme->details.any.hashAlg; |
| 6217 | 131 digest.t.size = CryptStartHash(hashAlg, &hashState); |
| 6218 | 132 CryptUpdateDigest(&hashState, attest->t.size, attest->t.attestationData); |
| 6219 | 133 CryptCompleteHash2B(&hashState, &digest.b); |
| 6220 | 134 |
| 6221 | 135 // If there is qualifying data, need to rehash the the data |
| 6222 | 136 // hash(qualifyingData || hash(attestationData)) |
| 6223 | 137 if(qualifyingData->t.size != 0) |
| 6224 | 138 { |
| 6225 | 139 CryptStartHash(hashAlg, &hashState); |
| 6226 | 140 CryptUpdateDigest(&hashState, |
| 6227 | 141 qualifyingData->t.size, |
| 6228 | 142 qualifyingData->t.buffer); |
| 6229 | 143 CryptUpdateDigest(&hashState, digest.t.size, digest.t.buffer); |
| 6230 | 144 CryptCompleteHash2B(&hashState, &digest.b); |
| 6231 | |
| 6232 | Page 78 TCG Published Family "2.0" |
| 6233 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 6234 | Part 4: Supporting Routines Trusted Platform Module Library |
| 6235 | |
| 6236 | 145 } |
| 6237 | 146 |
| 6238 | 147 // Sign the hash. A TPM_RC_VALUE, TPM_RC_SCHEME, or |
| 6239 | 148 // TPM_RC_ATTRIBUTES error may be returned at this point |
| 6240 | 149 return CryptSign(signHandle, |
| 6241 | 150 scheme, |
| 6242 | 151 &digest, |
| 6243 | 152 signature); |
| 6244 | 153 } |
| 6245 | 154 |
| 6246 | 155 return TPM_RC_SUCCESS; |
| 6247 | 156 } |
| 6248 | |
| 6249 | |
| 6250 | 7.3 Context Management Command Support (Context_spt.c) |
| 6251 | |
| 6252 | 7.3.1 Includes |
| 6253 | |
| 6254 | 1 #include "InternalRoutines.h" |
| 6255 | 2 #include "Context_spt_fp.h" |
| 6256 | |
| 6257 | |
| 6258 | 7.3.2 Functions |
| 6259 | |
| 6260 | 7.3.2.1 ComputeContextProtectionKey() |
| 6261 | |
| 6262 | This function retrieves the symmetric protection key for context encryption It is used by |
| 6263 | TPM2_ConextSave() and TPM2_ContextLoad() to create the symmetric encryption key and iv |
| 6264 | |
| 6265 | 3 void |
| 6266 | 4 ComputeContextProtectionKey( |
| 6267 | 5 TPMS_CONTEXT *contextBlob, // IN: context blob |
| 6268 | 6 TPM2B_SYM_KEY *symKey, // OUT: the symmetric key |
| 6269 | 7 TPM2B_IV *iv // OUT: the IV. |
| 6270 | 8 ) |
| 6271 | 9 { |
| 6272 | 10 UINT16 symKeyBits; // number of bits in the parent's |
| 6273 | 11 // symmetric key |
| 6274 | 12 TPM2B_AUTH *proof = NULL; // the proof value to use. Is null for |
| 6275 | 13 // everything but a primary object in |
| 6276 | 14 // the Endorsement Hierarchy |
| 6277 | 15 |
| 6278 | 16 BYTE kdfResult[sizeof(TPMU_HA) * 2];// Value produced by the KDF |
| 6279 | 17 |
| 6280 | 18 TPM2B_DATA sequence2B, handle2B; |
| 6281 | 19 |
| 6282 | 20 // Get proof value |
| 6283 | 21 proof = HierarchyGetProof(contextBlob->hierarchy); |
| 6284 | 22 |
| 6285 | 23 // Get sequence value in 2B format |
| 6286 | 24 sequence2B.t.size = sizeof(contextBlob->sequence); |
| 6287 | 25 MemoryCopy(sequence2B.t.buffer, &contextBlob->sequence, |
| 6288 | 26 sizeof(contextBlob->sequence), |
| 6289 | 27 sizeof(sequence2B.t.buffer)); |
| 6290 | 28 |
| 6291 | 29 // Get handle value in 2B format |
| 6292 | 30 handle2B.t.size = sizeof(contextBlob->savedHandle); |
| 6293 | 31 MemoryCopy(handle2B.t.buffer, &contextBlob->savedHandle, |
| 6294 | 32 sizeof(contextBlob->savedHandle), |
| 6295 | 33 sizeof(handle2B.t.buffer)); |
| 6296 | 34 |
| 6297 | 35 // Get the symmetric encryption key size |
| 6298 | 36 symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; |
| 6299 | |
| 6300 | |
| 6301 | Family "2.0" TCG Published Page 79 |
| 6302 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 6303 | Trusted Platform Module Library Part 4: Supporting Routines |
| 6304 | |
| 6305 | 37 symKeyBits = CONTEXT_ENCRYPT_KEY_BITS; |
| 6306 | 38 // Get the size of the IV for the algorithm |
| 6307 | 39 iv->t.size = CryptGetSymmetricBlockSize(CONTEXT_ENCRYPT_ALG, symKeyBits); |
| 6308 | 40 |
| 6309 | 41 // KDFa to generate symmetric key and IV value |
| 6310 | 42 KDFa(CONTEXT_INTEGRITY_HASH_ALG, &proof->b, "CONTEXT", &sequence2B.b, |
| 6311 | 43 &handle2B.b, (symKey->t.size + iv->t.size) * 8, kdfResult, NULL); |
| 6312 | 44 |
| 6313 | 45 // Copy part of the returned value as the key |
| 6314 | 46 MemoryCopy(symKey->t.buffer, kdfResult, symKey->t.size, |
| 6315 | 47 sizeof(symKey->t.buffer)); |
| 6316 | 48 |
| 6317 | 49 // Copy the rest as the IV |
| 6318 | 50 MemoryCopy(iv->t.buffer, &kdfResult[symKey->t.size], iv->t.size, |
| 6319 | 51 sizeof(iv->t.buffer)); |
| 6320 | 52 |
| 6321 | 53 return; |
| 6322 | 54 } |
| 6323 | |
| 6324 | |
| 6325 | 7.3.2.2 ComputeContextIntegrity() |
| 6326 | |
| 6327 | Generate the integrity hash for a context It is used by TPM2_ContextSave() to create an integrity hash |
| 6328 | and by TPM2_ContextLoad() to compare an integrity hash |
| 6329 | |
| 6330 | 55 void |
| 6331 | 56 ComputeContextIntegrity( |
| 6332 | 57 TPMS_CONTEXT *contextBlob, // IN: context blob |
| 6333 | 58 TPM2B_DIGEST *integrity // OUT: integrity |
| 6334 | 59 ) |
| 6335 | 60 { |
| 6336 | 61 HMAC_STATE hmacState; |
| 6337 | 62 TPM2B_AUTH *proof; |
| 6338 | 63 UINT16 integritySize; |
| 6339 | 64 |
| 6340 | 65 // Get proof value |
| 6341 | 66 proof = HierarchyGetProof(contextBlob->hierarchy); |
| 6342 | 67 |
| 6343 | 68 // Start HMAC |
| 6344 | 69 integrity->t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| 6345 | 70 &proof->b, &hmacState); |
| 6346 | 71 |
| 6347 | 72 // Compute integrity size at the beginning of context blob |
| 6348 | 73 integritySize = sizeof(integrity->t.size) + integrity->t.size; |
| 6349 | 74 |
| 6350 | 75 // Adding total reset counter so that the context cannot be |
| 6351 | 76 // used after a TPM Reset |
| 6352 | 77 CryptUpdateDigestInt(&hmacState, sizeof(gp.totalResetCount), |
| 6353 | 78 &gp.totalResetCount); |
| 6354 | 79 |
| 6355 | 80 // If this is a ST_CLEAR object, add the clear count |
| 6356 | 81 // so that this contest cannot be loaded after a TPM Restart |
| 6357 | 82 if(contextBlob->savedHandle == 0x80000002) |
| 6358 | 83 CryptUpdateDigestInt(&hmacState, sizeof(gr.clearCount), &gr.clearCount); |
| 6359 | 84 |
| 6360 | 85 // Adding sequence number to the HMAC to make sure that it doesn't |
| 6361 | 86 // get changed |
| 6362 | 87 CryptUpdateDigestInt(&hmacState, sizeof(contextBlob->sequence), |
| 6363 | 88 &contextBlob->sequence); |
| 6364 | 89 |
| 6365 | 90 // Protect the handle |
| 6366 | 91 CryptUpdateDigestInt(&hmacState, sizeof(contextBlob->savedHandle), |
| 6367 | 92 &contextBlob->savedHandle); |
| 6368 | 93 |
| 6369 | 94 // Adding sensitive contextData, skip the leading integrity area |
| 6370 | |
| 6371 | Page 80 TCG Published Family "2.0" |
| 6372 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 6373 | Part 4: Supporting Routines Trusted Platform Module Library |
| 6374 | |
| 6375 | 95 CryptUpdateDigest(&hmacState, contextBlob->contextBlob.t.size - integritySize, |
| 6376 | 96 contextBlob->contextBlob.t.buffer + integritySize); |
| 6377 | 97 |
| 6378 | 98 // Complete HMAC |
| 6379 | 99 CryptCompleteHMAC2B(&hmacState, &integrity->b); |
| 6380 | 100 |
| 6381 | 101 return; |
| 6382 | 102 } |
| 6383 | |
| 6384 | |
| 6385 | 7.3.2.3 SequenceDataImportExport() |
| 6386 | |
| 6387 | This function is used scan through the sequence object and either modify the hash state data for |
| 6388 | LIB_EXPORT or to import it into the internal format |
| 6389 | |
| 6390 | 103 void |
| 6391 | 104 SequenceDataImportExport( |
| 6392 | 105 OBJECT *object, // IN: the object containing the sequence data |
| 6393 | 106 OBJECT *exportObject, // IN/OUT: the object structure that will get |
| 6394 | 107 // the exported hash state |
| 6395 | 108 IMPORT_EXPORT direction |
| 6396 | 109 ) |
| 6397 | 110 { |
| 6398 | 111 int count = 1; |
| 6399 | 112 HASH_OBJECT *internalFmt = (HASH_OBJECT *)object; |
| 6400 | 113 HASH_OBJECT *externalFmt = (HASH_OBJECT *)exportObject; |
| 6401 | 114 |
| 6402 | 115 if(object->attributes.eventSeq) |
| 6403 | 116 count = HASH_COUNT; |
| 6404 | 117 for(; count; count--) |
| 6405 | 118 CryptHashStateImportExport(&internalFmt->state.hashState[count - 1], |
| 6406 | 119 externalFmt->state.hashState, direction); |
| 6407 | 120 } |
| 6408 | |
| 6409 | |
| 6410 | 7.4 Policy Command Support (Policy_spt.c) |
| 6411 | |
| 6412 | 1 #include "InternalRoutines.h" |
| 6413 | 2 #include "Policy_spt_fp.h" |
| 6414 | 3 #include "PolicySigned_fp.h" |
| 6415 | 4 #include "PolicySecret_fp.h" |
| 6416 | 5 #include "PolicyTicket_fp.h" |
| 6417 | |
| 6418 | |
| 6419 | 7.4.1 PolicyParameterChecks() |
| 6420 | |
| 6421 | This function validates the common parameters of TPM2_PolicySiged() and TPM2_PolicySecret(). The |
| 6422 | common parameters are nonceTPM, expiration, and cpHashA. |
| 6423 | |
| 6424 | 6 TPM_RC |
| 6425 | 7 PolicyParameterChecks( |
| 6426 | 8 SESSION *session, |
| 6427 | 9 UINT64 authTimeout, |
| 6428 | 10 TPM2B_DIGEST *cpHashA, |
| 6429 | 11 TPM2B_NONCE *nonce, |
| 6430 | 12 TPM_RC nonceParameterNumber, |
| 6431 | 13 TPM_RC cpHashParameterNumber, |
| 6432 | 14 TPM_RC expirationParameterNumber |
| 6433 | 15 ) |
| 6434 | 16 { |
| 6435 | 17 TPM_RC result; |
| 6436 | 18 |
| 6437 | 19 // Validate that input nonceTPM is correct if present |
| 6438 | 20 if(nonce != NULL && nonce->t.size != 0) |
| 6439 | |
| 6440 | |
| 6441 | Family "2.0" TCG Published Page 81 |
| 6442 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 6443 | Trusted Platform Module Library Part 4: Supporting Routines |
| 6444 | |
| 6445 | 21 { |
| 6446 | 22 if(!Memory2BEqual(&nonce->b, &session->nonceTPM.b)) |
| 6447 | 23 return TPM_RC_NONCE + RC_PolicySigned_nonceTPM; |
| 6448 | 24 } |
| 6449 | 25 // If authTimeout is set (expiration != 0... |
| 6450 | 26 if(authTimeout != 0) |
| 6451 | 27 { |
| 6452 | 28 // ...then nonce must be present |
| 6453 | 29 // nonce present isn't checked in PolicyTicket |
| 6454 | 30 if(nonce != NULL && nonce->t.size == 0) |
| 6455 | 31 // This error says that the time has expired but it is pointing |
| 6456 | 32 // at the nonceTPM value. |
| 6457 | 33 return TPM_RC_EXPIRED + nonceParameterNumber; |
| 6458 | 34 |
| 6459 | 35 // Validate input expiration. |
| 6460 | 36 // Cannot compare time if clock stop advancing. A TPM_RC_NV_UNAVAILABLE |
| 6461 | 37 // or TPM_RC_NV_RATE error may be returned here. |
| 6462 | 38 result = NvIsAvailable(); |
| 6463 | 39 if(result != TPM_RC_SUCCESS) |
| 6464 | 40 return result; |
| 6465 | 41 |
| 6466 | 42 if(authTimeout < go.clock) |
| 6467 | 43 return TPM_RC_EXPIRED + expirationParameterNumber; |
| 6468 | 44 } |
| 6469 | 45 // If the cpHash is present, then check it |
| 6470 | 46 if(cpHashA != NULL && cpHashA->t.size != 0) |
| 6471 | 47 { |
| 6472 | 48 // The cpHash input has to have the correct size |
| 6473 | 49 if(cpHashA->t.size != session->u2.policyDigest.t.size) |
| 6474 | 50 return TPM_RC_SIZE + cpHashParameterNumber; |
| 6475 | 51 |
| 6476 | 52 // If the cpHash has already been set, then this input value |
| 6477 | 53 // must match the current value. |
| 6478 | 54 if( session->u1.cpHash.b.size != 0 |
| 6479 | 55 && !Memory2BEqual(&cpHashA->b, &session->u1.cpHash.b)) |
| 6480 | 56 return TPM_RC_CPHASH; |
| 6481 | 57 } |
| 6482 | 58 return TPM_RC_SUCCESS; |
| 6483 | 59 } |
| 6484 | |
| 6485 | |
| 6486 | 7.4.2 PolicyContextUpdate() |
| 6487 | |
| 6488 | Update policy hash Update the policyDigest in policy session by extending policyRef and objectName to |
| 6489 | it. This will also update the cpHash if it is present. |
| 6490 | |
| 6491 | 60 void |
| 6492 | 61 PolicyContextUpdate( |
| 6493 | 62 TPM_CC commandCode, // IN: command code |
| 6494 | 63 TPM2B_NAME *name, // IN: name of entity |
| 6495 | 64 TPM2B_NONCE *ref, // IN: the reference data |
| 6496 | 65 TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) |
| 6497 | 66 UINT64 policyTimeout, |
| 6498 | 67 SESSION *session // IN/OUT: policy session to be updated |
| 6499 | 68 ) |
| 6500 | 69 { |
| 6501 | 70 HASH_STATE hashState; |
| 6502 | 71 UINT16 policyDigestSize; |
| 6503 | 72 |
| 6504 | 73 // Start hash |
| 6505 | 74 policyDigestSize = CryptStartHash(session->authHashAlg, &hashState); |
| 6506 | 75 |
| 6507 | 76 // policyDigest size should always be the digest size of session hash algorithm. |
| 6508 | 77 pAssert(session->u2.policyDigest.t.size == policyDigestSize); |
| 6509 | 78 |
| 6510 | |
| 6511 | Page 82 TCG Published Family "2.0" |
| 6512 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 6513 | Part 4: Supporting Routines Trusted Platform Module Library |
| 6514 | |
| 6515 | 79 // add old digest |
| 6516 | 80 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b); |
| 6517 | 81 |
| 6518 | 82 // add commandCode |
| 6519 | 83 CryptUpdateDigestInt(&hashState, sizeof(commandCode), &commandCode); |
| 6520 | 84 |
| 6521 | 85 // add name if applicable |
| 6522 | 86 if(name != NULL) |
| 6523 | 87 CryptUpdateDigest2B(&hashState, &name->b); |
| 6524 | 88 |
| 6525 | 89 // Complete the digest and get the results |
| 6526 | 90 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b); |
| 6527 | 91 |
| 6528 | 92 // Start second hash computation |
| 6529 | 93 CryptStartHash(session->authHashAlg, &hashState); |
| 6530 | 94 |
| 6531 | 95 // add policyDigest |
| 6532 | 96 CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b); |
| 6533 | 97 |
| 6534 | 98 // add policyRef |
| 6535 | 99 if(ref != NULL) |
| 6536 | 100 CryptUpdateDigest2B(&hashState, &ref->b); |
| 6537 | 101 |
| 6538 | 102 // Complete second digest |
| 6539 | 103 CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b); |
| 6540 | 104 |
| 6541 | 105 // Deal with the cpHash. If the cpHash value is present |
| 6542 | 106 // then it would have already been checked to make sure that |
| 6543 | 107 // it is compatible with the current value so all we need |
| 6544 | 108 // to do here is copy it and set the iscoHashDefined attribute |
| 6545 | 109 if(cpHash != NULL && cpHash->t.size != 0) |
| 6546 | 110 { |
| 6547 | 111 session->u1.cpHash = *cpHash; |
| 6548 | 112 session->attributes.iscpHashDefined = SET; |
| 6549 | 113 } |
| 6550 | 114 |
| 6551 | 115 // update the timeout if it is specified |
| 6552 | 116 if(policyTimeout!= 0) |
| 6553 | 117 { |
| 6554 | 118 // If the timeout has not been set, then set it to the new value |
| 6555 | 119 if(session->timeOut == 0) |
| 6556 | 120 session->timeOut = policyTimeout; |
| 6557 | 121 else if(session->timeOut > policyTimeout) |
| 6558 | 122 session->timeOut = policyTimeout; |
| 6559 | 123 } |
| 6560 | 124 return; |
| 6561 | 125 } |
| 6562 | |
| 6563 | |
| 6564 | 7.5 NV Command Support (NV_spt.c) |
| 6565 | |
| 6566 | 7.5.1 Includes |
| 6567 | |
| 6568 | 1 #include "InternalRoutines.h" |
| 6569 | 2 #include "NV_spt_fp.h" |
| 6570 | |
| 6571 | |
| 6572 | 7.5.2 Fuctions |
| 6573 | |
| 6574 | 7.5.2.1 NvReadAccessChecks() |
| 6575 | |
| 6576 | Common routine for validating a read Used by TPM2_NV_Read(), TPM2_NV_ReadLock() and |
| 6577 | TPM2_PolicyNV() |
| 6578 | |
| 6579 | Family "2.0" TCG Published Page 83 |
| 6580 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 6581 | Trusted Platform Module Library Part 4: Supporting Routines |
| 6582 | |
| 6583 | |
| 6584 | Error Returns Meaning |
| 6585 | |
| 6586 | TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read of the index |
| 6587 | TPM_RC_NV_LOCKED Read locked |
| 6588 | TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index |
| 6589 | |
| 6590 | 3 TPM_RC |
| 6591 | 4 NvReadAccessChecks( |
| 6592 | 5 TPM_HANDLE authHandle, // IN: the handle that provided the |
| 6593 | 6 // authorization |
| 6594 | 7 TPM_HANDLE nvHandle // IN: the handle of the NV index to be written |
| 6595 | 8 ) |
| 6596 | 9 { |
| 6597 | 10 NV_INDEX nvIndex; |
| 6598 | 11 |
| 6599 | 12 // Get NV index info |
| 6600 | 13 NvGetIndexInfo(nvHandle, &nvIndex); |
| 6601 | 14 |
| 6602 | 15 // This check may be done before doing authorization checks as is done in this |
| 6603 | 16 // version of the reference code. If not done there, then uncomment the next |
| 6604 | 17 // three lines. |
| 6605 | 18 // // If data is read locked, returns an error |
| 6606 | 19 // if(nvIndex.publicArea.attributes.TPMA_NV_READLOCKED == SET) |
| 6607 | 20 // return TPM_RC_NV_LOCKED; |
| 6608 | 21 |
| 6609 | 22 // If the authorization was provided by the owner or platform, then check |
| 6610 | 23 // that the attributes allow the read. If the authorization handle |
| 6611 | 24 // is the same as the index, then the checks were made when the authorization |
| 6612 | 25 // was checked.. |
| 6613 | 26 if(authHandle == TPM_RH_OWNER) |
| 6614 | 27 { |
| 6615 | 28 // If Owner provided auth then ONWERWRITE must be SET |
| 6616 | 29 if(! nvIndex.publicArea.attributes.TPMA_NV_OWNERREAD) |
| 6617 | 30 return TPM_RC_NV_AUTHORIZATION; |
| 6618 | 31 } |
| 6619 | 32 else if(authHandle == TPM_RH_PLATFORM) |
| 6620 | 33 { |
| 6621 | 34 // If Platform provided auth then PPWRITE must be SET |
| 6622 | 35 if(!nvIndex.publicArea.attributes.TPMA_NV_PPREAD) |
| 6623 | 36 return TPM_RC_NV_AUTHORIZATION; |
| 6624 | 37 } |
| 6625 | 38 // If neither Owner nor Platform provided auth, make sure that it was |
| 6626 | 39 // provided by this index. |
| 6627 | 40 else if(authHandle != nvHandle) |
| 6628 | 41 return TPM_RC_NV_AUTHORIZATION; |
| 6629 | 42 |
| 6630 | 43 // If the index has not been written, then the value cannot be read |
| 6631 | 44 // NOTE: This has to come after other access checks to make sure that |
| 6632 | 45 // the proper authorization is given to TPM2_NV_ReadLock() |
| 6633 | 46 if(nvIndex.publicArea.attributes.TPMA_NV_WRITTEN == CLEAR) |
| 6634 | 47 return TPM_RC_NV_UNINITIALIZED; |
| 6635 | 48 |
| 6636 | 49 return TPM_RC_SUCCESS; |
| 6637 | 50 } |
| 6638 | |
| 6639 | |
| 6640 | 7.5.2.2 NvWriteAccessChecks() |
| 6641 | |
| 6642 | Common routine for validating a write Used by TPM2_NV_Write(), TPM2_NV_Increment(), |
| 6643 | TPM2_SetBits(), and TPM2_NV_WriteLock() |
| 6644 | |
| 6645 | |
| 6646 | |
| 6647 | |
| 6648 | Page 84 TCG Published Family "2.0" |
| 6649 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 6650 | Part 4: Supporting Routines Trusted Platform Module Library |
| 6651 | |
| 6652 | |
| 6653 | Error Returns Meaning |
| 6654 | |
| 6655 | TPM_RC_NV_AUTHORIZATION Authorization fails |
| 6656 | TPM_RC_NV_LOCKED Write locked |
| 6657 | |
| 6658 | 51 TPM_RC |
| 6659 | 52 NvWriteAccessChecks( |
| 6660 | 53 TPM_HANDLE authHandle, // IN: the handle that provided the |
| 6661 | 54 // authorization |
| 6662 | 55 TPM_HANDLE nvHandle // IN: the handle of the NV index to be written |
| 6663 | 56 ) |
| 6664 | 57 { |
| 6665 | 58 NV_INDEX nvIndex; |
| 6666 | 59 |
| 6667 | 60 // Get NV index info |
| 6668 | 61 NvGetIndexInfo(nvHandle, &nvIndex); |
| 6669 | 62 |
| 6670 | 63 // This check may be done before doing authorization checks as is done in this |
| 6671 | 64 // version of the reference code. If not done there, then uncomment the next |
| 6672 | 65 // three lines. |
| 6673 | 66 // // If data is write locked, returns an error |
| 6674 | 67 // if(nvIndex.publicArea.attributes.TPMA_NV_WRITELOCKED == SET) |
| 6675 | 68 // return TPM_RC_NV_LOCKED; |
| 6676 | 69 |
| 6677 | 70 // If the authorization was provided by the owner or platform, then check |
| 6678 | 71 // that the attributes allow the write. If the authorization handle |
| 6679 | 72 // is the same as the index, then the checks were made when the authorization |
| 6680 | 73 // was checked.. |
| 6681 | 74 if(authHandle == TPM_RH_OWNER) |
| 6682 | 75 { |
| 6683 | 76 // If Owner provided auth then ONWERWRITE must be SET |
| 6684 | 77 if(! nvIndex.publicArea.attributes.TPMA_NV_OWNERWRITE) |
| 6685 | 78 return TPM_RC_NV_AUTHORIZATION; |
| 6686 | 79 } |
| 6687 | 80 else if(authHandle == TPM_RH_PLATFORM) |
| 6688 | 81 { |
| 6689 | 82 // If Platform provided auth then PPWRITE must be SET |
| 6690 | 83 if(!nvIndex.publicArea.attributes.TPMA_NV_PPWRITE) |
| 6691 | 84 return TPM_RC_NV_AUTHORIZATION; |
| 6692 | 85 } |
| 6693 | 86 // If neither Owner nor Platform provided auth, make sure that it was |
| 6694 | 87 // provided by this index. |
| 6695 | 88 else if(authHandle != nvHandle) |
| 6696 | 89 return TPM_RC_NV_AUTHORIZATION; |
| 6697 | 90 |
| 6698 | 91 return TPM_RC_SUCCESS; |
| 6699 | 92 } |
| 6700 | |
| 6701 | |
| 6702 | 7.6 Object Command Support (Object_spt.c) |
| 6703 | |
| 6704 | 7.6.1 Includes |
| 6705 | |
| 6706 | 1 #include "InternalRoutines.h" |
| 6707 | 2 #include "Object_spt_fp.h" |
| 6708 | 3 #include <Platform.h> |
| 6709 | |
| 6710 | |
| 6711 | |
| 6712 | |
| 6713 | Family "2.0" TCG Published Page 85 |
| 6714 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 6715 | Trusted Platform Module Library Part 4: Supporting Routines |
| 6716 | |
| 6717 | 7.6.2 Local Functions |
| 6718 | |
| 6719 | 7.6.2.1 EqualCryptSet() |
| 6720 | |
| 6721 | Check if the crypto sets in two public areas are equal |
| 6722 | |
| 6723 | Error Returns Meaning |
| 6724 | |
| 6725 | TPM_RC_ASYMMETRIC mismatched parameters |
| 6726 | TPM_RC_HASH mismatched name algorithm |
| 6727 | TPM_RC_TYPE mismatched type |
| 6728 | |
| 6729 | 4 static TPM_RC |
| 6730 | 5 EqualCryptSet( |
| 6731 | 6 TPMT_PUBLIC *publicArea1, // IN: public area 1 |
| 6732 | 7 TPMT_PUBLIC *publicArea2 // IN: public area 2 |
| 6733 | 8 ) |
| 6734 | 9 { |
| 6735 | 10 UINT16 size1; |
| 6736 | 11 UINT16 size2; |
| 6737 | 12 BYTE params1[sizeof(TPMU_PUBLIC_PARMS)]; |
| 6738 | 13 BYTE params2[sizeof(TPMU_PUBLIC_PARMS)]; |
| 6739 | 14 BYTE *buffer; |
| 6740 | 15 |
| 6741 | 16 // Compare name hash |
| 6742 | 17 if(publicArea1->nameAlg != publicArea2->nameAlg) |
| 6743 | 18 return TPM_RC_HASH; |
| 6744 | 19 |
| 6745 | 20 // Compare algorithm |
| 6746 | 21 if(publicArea1->type != publicArea2->type) |
| 6747 | 22 return TPM_RC_TYPE; |
| 6748 | 23 |
| 6749 | 24 // TPMU_PUBLIC_PARMS field should be identical |
| 6750 | 25 buffer = params1; |
| 6751 | 26 size1 = TPMU_PUBLIC_PARMS_Marshal(&publicArea1->parameters, &buffer, |
| 6752 | 27 NULL, publicArea1->type); |
| 6753 | 28 buffer = params2; |
| 6754 | 29 size2 = TPMU_PUBLIC_PARMS_Marshal(&publicArea2->parameters, &buffer, |
| 6755 | 30 NULL, publicArea2->type); |
| 6756 | 31 |
| 6757 | 32 if(size1 != size2 || !MemoryEqual(params1, params2, size1)) |
| 6758 | 33 return TPM_RC_ASYMMETRIC; |
| 6759 | 34 |
| 6760 | 35 return TPM_RC_SUCCESS; |
| 6761 | 36 } |
| 6762 | |
| 6763 | |
| 6764 | 7.6.2.2 GetIV2BSize() |
| 6765 | |
| 6766 | Get the size of TPM2B_IV in canonical form that will be append to the start of the sensitive data. It |
| 6767 | includes both size of size field and size of iv data |
| 6768 | |
| 6769 | Return Value Meaning |
| 6770 | |
| 6771 | 37 static UINT16 |
| 6772 | 38 GetIV2BSize( |
| 6773 | 39 TPM_HANDLE protectorHandle // IN: the protector handle |
| 6774 | 40 ) |
| 6775 | 41 { |
| 6776 | 42 OBJECT *protector = NULL; // Pointer to the protector object |
| 6777 | 43 TPM_ALG_ID symAlg; |
| 6778 | |
| 6779 | |
| 6780 | Page 86 TCG Published Family "2.0" |
| 6781 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 6782 | Part 4: Supporting Routines Trusted Platform Module Library |
| 6783 | |
| 6784 | 44 UINT16 keyBits; |
| 6785 | 45 |
| 6786 | 46 // Determine the symmetric algorithm and size of key |
| 6787 | 47 if(protectorHandle == TPM_RH_NULL) |
| 6788 | 48 { |
| 6789 | 49 // Use the context encryption algorithm and key size |
| 6790 | 50 symAlg = CONTEXT_ENCRYPT_ALG; |
| 6791 | 51 keyBits = CONTEXT_ENCRYPT_KEY_BITS; |
| 6792 | 52 } |
| 6793 | 53 else |
| 6794 | 54 { |
| 6795 | 55 protector = ObjectGet(protectorHandle); |
| 6796 | 56 symAlg = protector->publicArea.parameters.asymDetail.symmetric.algorithm; |
| 6797 | 57 keyBits= protector->publicArea.parameters.asymDetail.symmetric.keyBits.sym; |
| 6798 | 58 } |
| 6799 | 59 |
| 6800 | 60 // The IV size is a UINT16 size field plus the block size of the symmetric |
| 6801 | 61 // algorithm |
| 6802 | 62 return sizeof(UINT16) + CryptGetSymmetricBlockSize(symAlg, keyBits); |
| 6803 | 63 } |
| 6804 | |
| 6805 | |
| 6806 | 7.6.2.3 ComputeProtectionKeyParms() |
| 6807 | |
| 6808 | This function retrieves the symmetric protection key parameters for the sensitive data The parameters |
| 6809 | retrieved from this function include encryption algorithm, key size in bit, and a TPM2B_SYM_KEY |
| 6810 | containing the key material as well as the key size in bytes This function is used for any action that |
| 6811 | requires encrypting or decrypting of the sensitive area of an object or a credential blob |
| 6812 | |
| 6813 | 64 static void |
| 6814 | 65 ComputeProtectionKeyParms( |
| 6815 | 66 TPM_HANDLE protectorHandle, // IN: the protector handle |
| 6816 | 67 TPM_ALG_ID hashAlg, // IN: hash algorithm for KDFa |
| 6817 | 68 TPM2B_NAME *name, // IN: name of the object |
| 6818 | 69 TPM2B_SEED *seedIn, // IN: optional seed for duplication blob. |
| 6819 | 70 // For non duplication blob, this |
| 6820 | 71 // parameter should be NULL |
| 6821 | 72 TPM_ALG_ID *symAlg, // OUT: the symmetric algorithm |
| 6822 | 73 UINT16 *keyBits, // OUT: the symmetric key size in bits |
| 6823 | 74 TPM2B_SYM_KEY *symKey // OUT: the symmetric key |
| 6824 | 75 ) |
| 6825 | 76 { |
| 6826 | 77 TPM2B_SEED *seed = NULL; |
| 6827 | 78 OBJECT *protector = NULL; // Pointer to the protector |
| 6828 | 79 |
| 6829 | 80 // Determine the algorithms for the KDF and the encryption/decryption |
| 6830 | 81 // For TPM_RH_NULL, using context settings |
| 6831 | 82 if(protectorHandle == TPM_RH_NULL) |
| 6832 | 83 { |
| 6833 | 84 // Use the context encryption algorithm and key size |
| 6834 | 85 *symAlg = CONTEXT_ENCRYPT_ALG; |
| 6835 | 86 symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; |
| 6836 | 87 *keyBits = CONTEXT_ENCRYPT_KEY_BITS; |
| 6837 | 88 } |
| 6838 | 89 else |
| 6839 | 90 { |
| 6840 | 91 TPMT_SYM_DEF_OBJECT *symDef; |
| 6841 | 92 protector = ObjectGet(protectorHandle); |
| 6842 | 93 symDef = &protector->publicArea.parameters.asymDetail.symmetric; |
| 6843 | 94 *symAlg = symDef->algorithm; |
| 6844 | 95 *keyBits= symDef->keyBits.sym; |
| 6845 | 96 symKey->t.size = (*keyBits + 7) / 8; |
| 6846 | 97 } |
| 6847 | 98 |
| 6848 | 99 // Get seed for KDF |
| 6849 | |
| 6850 | Family "2.0" TCG Published Page 87 |
| 6851 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 6852 | Trusted Platform Module Library Part 4: Supporting Routines |
| 6853 | |
| 6854 | 100 seed = GetSeedForKDF(protectorHandle, seedIn); |
| 6855 | 101 |
| 6856 | 102 // KDFa to generate symmetric key and IV value |
| 6857 | 103 KDFa(hashAlg, (TPM2B *)seed, "STORAGE", (TPM2B *)name, NULL, |
| 6858 | 104 symKey->t.size * 8, symKey->t.buffer, NULL); |
| 6859 | 105 |
| 6860 | 106 return; |
| 6861 | 107 } |
| 6862 | |
| 6863 | |
| 6864 | 7.6.2.4 ComputeOuterIntegrity() |
| 6865 | |
| 6866 | The sensitive area parameter is a buffer that holds a space for the integrity value and the marshaled |
| 6867 | sensitive area. The caller should skip over the area set aside for the integrity value and compute the hash |
| 6868 | of the remainder of the object. The size field of sensitive is in unmarshaled form and the sensitive area |
| 6869 | contents is an array of bytes. |
| 6870 | |
| 6871 | 108 static void |
| 6872 | 109 ComputeOuterIntegrity( |
| 6873 | 110 TPM2B_NAME *name, // IN: the name of the object |
| 6874 | 111 TPM_HANDLE protectorHandle, // IN: The handle of the object that |
| 6875 | 112 // provides protection. For object, it |
| 6876 | 113 // is parent handle. For credential, it |
| 6877 | 114 // is the handle of encrypt object. For |
| 6878 | 115 // a Temporary Object, it is TPM_RH_NULL |
| 6879 | 116 TPMI_ALG_HASH hashAlg, // IN: algorithm to use for integrity |
| 6880 | 117 TPM2B_SEED *seedIn, // IN: an external seed may be provided for |
| 6881 | 118 // duplication blob. For non duplication |
| 6882 | 119 // blob, this parameter should be NULL |
| 6883 | 120 UINT32 sensitiveSize, // IN: size of the marshaled sensitive data |
| 6884 | 121 BYTE *sensitiveData, // IN: sensitive area |
| 6885 | 122 TPM2B_DIGEST *integrity // OUT: integrity |
| 6886 | 123 ) |
| 6887 | 124 { |
| 6888 | 125 HMAC_STATE hmacState; |
| 6889 | 126 |
| 6890 | 127 TPM2B_DIGEST hmacKey; |
| 6891 | 128 TPM2B_SEED *seed = NULL; |
| 6892 | 129 |
| 6893 | 130 // Get seed for KDF |
| 6894 | 131 seed = GetSeedForKDF(protectorHandle, seedIn); |
| 6895 | 132 |
| 6896 | 133 // Determine the HMAC key bits |
| 6897 | 134 hmacKey.t.size = CryptGetHashDigestSize(hashAlg); |
| 6898 | 135 |
| 6899 | 136 // KDFa to generate HMAC key |
| 6900 | 137 KDFa(hashAlg, (TPM2B *)seed, "INTEGRITY", NULL, NULL, |
| 6901 | 138 hmacKey.t.size * 8, hmacKey.t.buffer, NULL); |
| 6902 | 139 |
| 6903 | 140 // Start HMAC and get the size of the digest which will become the integrity |
| 6904 | 141 integrity->t.size = CryptStartHMAC2B(hashAlg, &hmacKey.b, &hmacState); |
| 6905 | 142 |
| 6906 | 143 // Adding the marshaled sensitive area to the integrity value |
| 6907 | 144 CryptUpdateDigest(&hmacState, sensitiveSize, sensitiveData); |
| 6908 | 145 |
| 6909 | 146 // Adding name |
| 6910 | 147 CryptUpdateDigest2B(&hmacState, (TPM2B *)name); |
| 6911 | 148 |
| 6912 | 149 // Compute HMAC |
| 6913 | 150 CryptCompleteHMAC2B(&hmacState, &integrity->b); |
| 6914 | 151 |
| 6915 | 152 return; |
| 6916 | 153 } |
| 6917 | |
| 6918 | |
| 6919 | |
| 6920 | Page 88 TCG Published Family "2.0" |
| 6921 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 6922 | Part 4: Supporting Routines Trusted Platform Module Library |
| 6923 | |
| 6924 | 7.6.2.5 ComputeInnerIntegrity() |
| 6925 | |
| 6926 | This function computes the integrity of an inner wrap |
| 6927 | |
| 6928 | 154 static void |
| 6929 | 155 ComputeInnerIntegrity( |
| 6930 | 156 TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap |
| 6931 | 157 TPM2B_NAME *name, // IN: the name of the object |
| 6932 | 158 UINT16 dataSize, // IN: the size of sensitive data |
| 6933 | 159 BYTE *sensitiveData, // IN: sensitive data |
| 6934 | 160 TPM2B_DIGEST *integrity // OUT: inner integrity |
| 6935 | 161 ) |
| 6936 | 162 { |
| 6937 | 163 HASH_STATE hashState; |
| 6938 | 164 |
| 6939 | 165 // Start hash and get the size of the digest which will become the integrity |
| 6940 | 166 integrity->t.size = CryptStartHash(hashAlg, &hashState); |
| 6941 | 167 |
| 6942 | 168 // Adding the marshaled sensitive area to the integrity value |
| 6943 | 169 CryptUpdateDigest(&hashState, dataSize, sensitiveData); |
| 6944 | 170 |
| 6945 | 171 // Adding name |
| 6946 | 172 CryptUpdateDigest2B(&hashState, &name->b); |
| 6947 | 173 |
| 6948 | 174 // Compute hash |
| 6949 | 175 CryptCompleteHash2B(&hashState, &integrity->b); |
| 6950 | 176 |
| 6951 | 177 return; |
| 6952 | 178 |
| 6953 | 179 } |
| 6954 | |
| 6955 | |
| 6956 | 7.6.2.6 ProduceInnerIntegrity() |
| 6957 | |
| 6958 | This function produces an inner integrity for regular private, credential or duplication blob It requires the |
| 6959 | sensitive data being marshaled to the innerBuffer, with the leading bytes reserved for integrity hash. It |
| 6960 | assume the sensitive data starts at address (innerBuffer + integrity size). This function integrity at the |
| 6961 | beginning of the inner buffer It returns the total size of buffer with the inner wrap |
| 6962 | |
| 6963 | 180 static UINT16 |
| 6964 | 181 ProduceInnerIntegrity( |
| 6965 | 182 TPM2B_NAME *name, // IN: the name of the object |
| 6966 | 183 TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap |
| 6967 | 184 UINT16 dataSize, // IN: the size of sensitive data, excluding the |
| 6968 | 185 // leading integrity buffer size |
| 6969 | 186 BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in |
| 6970 | 187 // it. At input, the leading bytes of this |
| 6971 | 188 // buffer is reserved for integrity |
| 6972 | 189 ) |
| 6973 | 190 { |
| 6974 | 191 BYTE *sensitiveData; // pointer to the sensitive data |
| 6975 | 192 |
| 6976 | 193 TPM2B_DIGEST integrity; |
| 6977 | 194 UINT16 integritySize; |
| 6978 | 195 BYTE *buffer; // Auxiliary buffer pointer |
| 6979 | 196 |
| 6980 | 197 // sensitiveData points to the beginning of sensitive data in innerBuffer |
| 6981 | 198 integritySize = sizeof(UINT16) + CryptGetHashDigestSize(hashAlg); |
| 6982 | 199 sensitiveData = innerBuffer + integritySize; |
| 6983 | 200 |
| 6984 | 201 ComputeInnerIntegrity(hashAlg, name, dataSize, sensitiveData, &integrity); |
| 6985 | 202 |
| 6986 | 203 // Add integrity at the beginning of inner buffer |
| 6987 | 204 buffer = innerBuffer; |
| 6988 | |
| 6989 | Family "2.0" TCG Published Page 89 |
| 6990 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 6991 | Trusted Platform Module Library Part 4: Supporting Routines |
| 6992 | |
| 6993 | 205 TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); |
| 6994 | 206 |
| 6995 | 207 return dataSize + integritySize; |
| 6996 | 208 } |
| 6997 | |
| 6998 | |
| 6999 | 7.6.2.7 CheckInnerIntegrity() |
| 7000 | |
| 7001 | This function check integrity of inner blob |
| 7002 | |
| 7003 | Error Returns Meaning |
| 7004 | |
| 7005 | TPM_RC_INTEGRITY if the outer blob integrity is bad |
| 7006 | unmarshal errors unmarshal errors while unmarshaling integrity |
| 7007 | |
| 7008 | 209 static TPM_RC |
| 7009 | 210 CheckInnerIntegrity( |
| 7010 | 211 TPM2B_NAME *name, // IN: the name of the object |
| 7011 | 212 TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap |
| 7012 | 213 UINT16 dataSize, // IN: the size of sensitive data, including the |
| 7013 | 214 // leading integrity buffer size |
| 7014 | 215 BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in |
| 7015 | 216 // it |
| 7016 | 217 ) |
| 7017 | 218 { |
| 7018 | 219 TPM_RC result; |
| 7019 | 220 |
| 7020 | 221 TPM2B_DIGEST integrity; |
| 7021 | 222 TPM2B_DIGEST integrityToCompare; |
| 7022 | 223 BYTE *buffer; // Auxiliary buffer pointer |
| 7023 | 224 INT32 size; |
| 7024 | 225 |
| 7025 | 226 // Unmarshal integrity |
| 7026 | 227 buffer = innerBuffer; |
| 7027 | 228 size = (INT32) dataSize; |
| 7028 | 229 result = TPM2B_DIGEST_Unmarshal(&integrity, &buffer, &size); |
| 7029 | 230 if(result == TPM_RC_SUCCESS) |
| 7030 | 231 { |
| 7031 | 232 // Compute integrity to compare |
| 7032 | 233 ComputeInnerIntegrity(hashAlg, name, (UINT16) size, buffer, |
| 7033 | 234 &integrityToCompare); |
| 7034 | 235 |
| 7035 | 236 // Compare outer blob integrity |
| 7036 | 237 if(!Memory2BEqual(&integrity.b, &integrityToCompare.b)) |
| 7037 | 238 result = TPM_RC_INTEGRITY; |
| 7038 | 239 } |
| 7039 | 240 return result; |
| 7040 | 241 } |
| 7041 | |
| 7042 | |
| 7043 | 7.6.3 Public Functions |
| 7044 | |
| 7045 | 7.6.3.1 AreAttributesForParent() |
| 7046 | |
| 7047 | This function is called by create, load, and import functions. |
| 7048 | |
| 7049 | Return Value Meaning |
| 7050 | |
| 7051 | TRUE properties are those of a parent |
| 7052 | FALSE properties are not those of a parent |
| 7053 | |
| 7054 | 242 BOOL |
| 7055 | |
| 7056 | Page 90 TCG Published Family "2.0" |
| 7057 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 7058 | Part 4: Supporting Routines Trusted Platform Module Library |
| 7059 | |
| 7060 | 243 AreAttributesForParent( |
| 7061 | 244 OBJECT *parentObject // IN: parent handle |
| 7062 | 245 ) |
| 7063 | 246 { |
| 7064 | 247 // This function is only called when a parent is needed. Any |
| 7065 | 248 // time a "parent" is used, it must be authorized. When |
| 7066 | 249 // the authorization is checked, both the public and sensitive |
| 7067 | 250 // areas must be loaded. Just make sure... |
| 7068 | 251 pAssert(parentObject->attributes.publicOnly == CLEAR); |
| 7069 | 252 |
| 7070 | 253 if(ObjectDataIsStorage(&parentObject->publicArea)) |
| 7071 | 254 return TRUE; |
| 7072 | 255 else |
| 7073 | 256 return FALSE; |
| 7074 | 257 } |
| 7075 | |
| 7076 | |
| 7077 | 7.6.3.2 SchemeChecks() |
| 7078 | |
| 7079 | This function validates the schemes in the public area of an object. This function is called by |
| 7080 | TPM2_LoadExternal() and PublicAttributesValidation(). |
| 7081 | |
| 7082 | Error Returns Meaning |
| 7083 | |
| 7084 | TPM_RC_ASYMMETRIC non-duplicable storage key and its parent have different public |
| 7085 | parameters |
| 7086 | TPM_RC_ATTRIBUTES attempt to inject sensitive data for an asymmetric key; or attempt to |
| 7087 | create a symmetric cipher key that is not a decryption key |
| 7088 | TPM_RC_HASH non-duplicable storage key and its parent have different name |
| 7089 | algorithm |
| 7090 | TPM_RC_KDF incorrect KDF specified for decrypting keyed hash object |
| 7091 | TPM_RC_KEY invalid key size values in an asymmetric key public area |
| 7092 | TPM_RC_SCHEME inconsistent attributes decrypt, sign, restricted and key's scheme ID; |
| 7093 | or hash algorithm is inconsistent with the scheme ID for keyed hash |
| 7094 | object |
| 7095 | TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or non-storage |
| 7096 | key with symmetric algorithm different from TPM_ALG_NULL |
| 7097 | TPM_RC_TYPE unexpected object type; or non-duplicable storage key and its parent |
| 7098 | have different types |
| 7099 | |
| 7100 | 258 TPM_RC |
| 7101 | 259 SchemeChecks( |
| 7102 | 260 BOOL load, // IN: TRUE if load checks, FALSE if |
| 7103 | 261 // TPM2_Create() |
| 7104 | 262 TPMI_DH_OBJECT parentHandle, // IN: input parent handle |
| 7105 | 263 TPMT_PUBLIC *publicArea // IN: public area of the object |
| 7106 | 264 ) |
| 7107 | 265 { |
| 7108 | 266 |
| 7109 | 267 // Checks for an asymmetric key |
| 7110 | 268 if(CryptIsAsymAlgorithm(publicArea->type)) |
| 7111 | 269 { |
| 7112 | 270 TPMT_ASYM_SCHEME *keyScheme; |
| 7113 | 271 keyScheme = &publicArea->parameters.asymDetail.scheme; |
| 7114 | 272 |
| 7115 | 273 // An asymmetric key can't be injected |
| 7116 | 274 // This is only checked when creating an object |
| 7117 | 275 if(!load && (publicArea->objectAttributes.sensitiveDataOrigin == CLEAR)) |
| 7118 | 276 return TPM_RC_ATTRIBUTES; |
| 7119 | 277 |
| 7120 | |
| 7121 | Family "2.0" TCG Published Page 91 |
| 7122 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 7123 | Trusted Platform Module Library Part 4: Supporting Routines |
| 7124 | |
| 7125 | 278 if(load && !CryptAreKeySizesConsistent(publicArea)) |
| 7126 | 279 return TPM_RC_KEY; |
| 7127 | 280 |
| 7128 | 281 // Keys that are both signing and decrypting must have TPM_ALG_NULL |
| 7129 | 282 // for scheme |
| 7130 | 283 if( publicArea->objectAttributes.sign == SET |
| 7131 | 284 && publicArea->objectAttributes.decrypt == SET |
| 7132 | 285 && keyScheme->scheme != TPM_ALG_NULL) |
| 7133 | 286 return TPM_RC_SCHEME; |
| 7134 | 287 |
| 7135 | 288 // A restrict sign key must have a non-NULL scheme |
| 7136 | 289 if( publicArea->objectAttributes.restricted == SET |
| 7137 | 290 && publicArea->objectAttributes.sign == SET |
| 7138 | 291 && keyScheme->scheme == TPM_ALG_NULL) |
| 7139 | 292 return TPM_RC_SCHEME; |
| 7140 | 293 |
| 7141 | 294 // Keys must have a valid sign or decrypt scheme, or a TPM_ALG_NULL |
| 7142 | 295 // scheme |
| 7143 | 296 // NOTE: The unmarshaling for a public area will unmarshal based on the |
| 7144 | 297 // object type. If the type is an RSA key, then only RSA schemes will be |
| 7145 | 298 // allowed because a TPMI_ALG_RSA_SCHEME will be unmarshaled and it |
| 7146 | 299 // consists only of those algorithms that are allowed with an RSA key. |
| 7147 | 300 // This means that there is no need to again make sure that the algorithm |
| 7148 | 301 // is compatible with the object type. |
| 7149 | 302 if( keyScheme->scheme != TPM_ALG_NULL |
| 7150 | 303 && ( ( publicArea->objectAttributes.sign == SET |
| 7151 | 304 && !CryptIsSignScheme(keyScheme->scheme) |
| 7152 | 305 ) |
| 7153 | 306 || ( publicArea->objectAttributes.decrypt == SET |
| 7154 | 307 && !CryptIsDecryptScheme(keyScheme->scheme) |
| 7155 | 308 ) |
| 7156 | 309 ) |
| 7157 | 310 ) |
| 7158 | 311 return TPM_RC_SCHEME; |
| 7159 | 312 |
| 7160 | 313 // Special checks for an ECC key |
| 7161 | 314 #ifdef TPM_ALG_ECC |
| 7162 | 315 if(publicArea->type == TPM_ALG_ECC) |
| 7163 | 316 { |
| 7164 | 317 TPM_ECC_CURVE curveID = publicArea->parameters.eccDetail.curveID; |
| 7165 | 318 const TPMT_ECC_SCHEME *curveScheme = CryptGetCurveSignScheme(curveID); |
| 7166 | 319 // The curveId must be valid or the unmarshaling is busted. |
| 7167 | 320 pAssert(curveScheme != NULL); |
| 7168 | 321 |
| 7169 | 322 // If the curveID requires a specific scheme, then the key must select |
| 7170 | 323 // the same scheme |
| 7171 | 324 if(curveScheme->scheme != TPM_ALG_NULL) |
| 7172 | 325 { |
| 7173 | 326 if(keyScheme->scheme != curveScheme->scheme) |
| 7174 | 327 return TPM_RC_SCHEME; |
| 7175 | 328 // The scheme can allow any hash, or not... |
| 7176 | 329 if( curveScheme->details.anySig.hashAlg != TPM_ALG_NULL |
| 7177 | 330 && ( keyScheme->details.anySig.hashAlg |
| 7178 | 331 != curveScheme->details.anySig.hashAlg |
| 7179 | 332 ) |
| 7180 | 333 ) |
| 7181 | 334 return TPM_RC_SCHEME; |
| 7182 | 335 } |
| 7183 | 336 // For now, the KDF must be TPM_ALG_NULL |
| 7184 | 337 if(publicArea->parameters.eccDetail.kdf.scheme != TPM_ALG_NULL) |
| 7185 | 338 return TPM_RC_KDF; |
| 7186 | 339 } |
| 7187 | 340 #endif |
| 7188 | 341 |
| 7189 | 342 // Checks for a storage key (restricted + decryption) |
| 7190 | 343 if( publicArea->objectAttributes.restricted == SET |
| 7191 | |
| 7192 | Page 92 TCG Published Family "2.0" |
| 7193 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 7194 | Part 4: Supporting Routines Trusted Platform Module Library |
| 7195 | |
| 7196 | 344 && publicArea->objectAttributes.decrypt == SET) |
| 7197 | 345 { |
| 7198 | 346 // A storage key must have a valid protection key |
| 7199 | 347 if( publicArea->parameters.asymDetail.symmetric.algorithm |
| 7200 | 348 == TPM_ALG_NULL) |
| 7201 | 349 return TPM_RC_SYMMETRIC; |
| 7202 | 350 |
| 7203 | 351 // A storage key must have a null scheme |
| 7204 | 352 if(publicArea->parameters.asymDetail.scheme.scheme != TPM_ALG_NULL) |
| 7205 | 353 return TPM_RC_SCHEME; |
| 7206 | 354 |
| 7207 | 355 // A storage key must match its parent algorithms unless |
| 7208 | 356 // it is duplicable or a primary (including Temporary Primary Objects) |
| 7209 | 357 if( HandleGetType(parentHandle) != TPM_HT_PERMANENT |
| 7210 | 358 && publicArea->objectAttributes.fixedParent == SET |
| 7211 | 359 ) |
| 7212 | 360 { |
| 7213 | 361 // If the object to be created is a storage key, and is fixedParent, |
| 7214 | 362 // its crypto set has to match its parent's crypto set. TPM_RC_TYPE, |
| 7215 | 363 // TPM_RC_HASH or TPM_RC_ASYMMETRIC may be returned at this point |
| 7216 | 364 return EqualCryptSet(publicArea, |
| 7217 | 365 &(ObjectGet(parentHandle)->publicArea)); |
| 7218 | 366 } |
| 7219 | 367 } |
| 7220 | 368 else |
| 7221 | 369 { |
| 7222 | 370 // Non-storage keys must have TPM_ALG_NULL for the symmetric algorithm |
| 7223 | 371 if( publicArea->parameters.asymDetail.symmetric.algorithm |
| 7224 | 372 != TPM_ALG_NULL) |
| 7225 | 373 return TPM_RC_SYMMETRIC; |
| 7226 | 374 |
| 7227 | 375 }// End of asymmetric decryption key checks |
| 7228 | 376 } // End of asymmetric checks |
| 7229 | 377 |
| 7230 | 378 // Check for bit attributes |
| 7231 | 379 else if(publicArea->type == TPM_ALG_KEYEDHASH) |
| 7232 | 380 { |
| 7233 | 381 TPMT_KEYEDHASH_SCHEME *scheme |
| 7234 | 382 = &publicArea->parameters.keyedHashDetail.scheme; |
| 7235 | 383 // If both sign and decrypt are set the scheme must be TPM_ALG_NULL |
| 7236 | 384 // and the scheme selected when the key is used. |
| 7237 | 385 // If neither sign nor decrypt is set, the scheme must be TPM_ALG_NULL |
| 7238 | 386 // because this is a data object. |
| 7239 | 387 if( publicArea->objectAttributes.sign |
| 7240 | 388 == publicArea->objectAttributes.decrypt) |
| 7241 | 389 { |
| 7242 | 390 if(scheme->scheme != TPM_ALG_NULL) |
| 7243 | 391 return TPM_RC_SCHEME; |
| 7244 | 392 return TPM_RC_SUCCESS; |
| 7245 | 393 } |
| 7246 | 394 // If this is a decryption key, make sure that is is XOR and that there |
| 7247 | 395 // is a KDF |
| 7248 | 396 else if(publicArea->objectAttributes.decrypt) |
| 7249 | 397 { |
| 7250 | 398 if( scheme->scheme != TPM_ALG_XOR |
| 7251 | 399 || scheme->details.xor.hashAlg == TPM_ALG_NULL) |
| 7252 | 400 return TPM_RC_SCHEME; |
| 7253 | 401 if(scheme->details.xor.kdf == TPM_ALG_NULL) |
| 7254 | 402 return TPM_RC_KDF; |
| 7255 | 403 return TPM_RC_SUCCESS; |
| 7256 | 404 |
| 7257 | 405 } |
| 7258 | 406 // only supported signing scheme for keyedHash object is HMAC |
| 7259 | 407 if( scheme->scheme != TPM_ALG_HMAC |
| 7260 | 408 || scheme->details.hmac.hashAlg == TPM_ALG_NULL) |
| 7261 | 409 return TPM_RC_SCHEME; |
| 7262 | |
| 7263 | Family "2.0" TCG Published Page 93 |
| 7264 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 7265 | Trusted Platform Module Library Part 4: Supporting Routines |
| 7266 | |
| 7267 | 410 |
| 7268 | 411 // end of the checks for keyedHash |
| 7269 | 412 return TPM_RC_SUCCESS; |
| 7270 | 413 } |
| 7271 | 414 else if (publicArea->type == TPM_ALG_SYMCIPHER) |
| 7272 | 415 { |
| 7273 | 416 // Must be a decrypting key and may not be a signing key |
| 7274 | 417 if( publicArea->objectAttributes.decrypt == CLEAR |
| 7275 | 418 || publicArea->objectAttributes.sign == SET |
| 7276 | 419 ) |
| 7277 | 420 return TPM_RC_ATTRIBUTES; |
| 7278 | 421 } |
| 7279 | 422 else |
| 7280 | 423 return TPM_RC_TYPE; |
| 7281 | 424 |
| 7282 | 425 return TPM_RC_SUCCESS; |
| 7283 | 426 } |
| 7284 | |
| 7285 | |
| 7286 | 7.6.3.3 PublicAttributesValidation() |
| 7287 | |
| 7288 | This function validates the values in the public area of an object. This function is called by |
| 7289 | TPM2_Create(), TPM2_Load(), and TPM2_CreatePrimary() |
| 7290 | |
| 7291 | Error Returns Meaning |
| 7292 | |
| 7293 | TPM_RC_ASYMMETRIC non-duplicable storage key and its parent have different public |
| 7294 | parameters |
| 7295 | TPM_RC_ATTRIBUTES fixedTPM, fixedParent, or encryptedDuplication attributes are |
| 7296 | inconsistent between themselves or with those of the parent object; |
| 7297 | inconsistent restricted, decrypt and sign attributes; attempt to inject |
| 7298 | sensitive data for an asymmetric key; attempt to create a symmetric |
| 7299 | cipher key that is not a decryption key |
| 7300 | TPM_RC_HASH non-duplicable storage key and its parent have different name |
| 7301 | algorithm |
| 7302 | TPM_RC_KDF incorrect KDF specified for decrypting keyed hash object |
| 7303 | TPM_RC_KEY invalid key size values in an asymmetric key public area |
| 7304 | TPM_RC_SCHEME inconsistent attributes decrypt, sign, restricted and key's scheme ID; |
| 7305 | or hash algorithm is inconsistent with the scheme ID for keyed hash |
| 7306 | object |
| 7307 | TPM_RC_SIZE authPolicy size does not match digest size of the name algorithm in |
| 7308 | publicArea |
| 7309 | TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or non-storage |
| 7310 | key with symmetric algorithm different from TPM_ALG_NULL |
| 7311 | TPM_RC_TYPE unexpected object type; or non-duplicable storage key and its parent |
| 7312 | have different types |
| 7313 | |
| 7314 | 427 TPM_RC |
| 7315 | 428 PublicAttributesValidation( |
| 7316 | 429 BOOL load, // IN: TRUE if load checks, FALSE if |
| 7317 | 430 // TPM2_Create() |
| 7318 | 431 TPMI_DH_OBJECT parentHandle, // IN: input parent handle |
| 7319 | 432 TPMT_PUBLIC *publicArea // IN: public area of the object |
| 7320 | 433 ) |
| 7321 | 434 { |
| 7322 | 435 OBJECT *parentObject = NULL; |
| 7323 | 436 |
| 7324 | 437 if(HandleGetType(parentHandle) != TPM_HT_PERMANENT) |
| 7325 | 438 parentObject = ObjectGet(parentHandle); |
| 7326 | |
| 7327 | Page 94 TCG Published Family "2.0" |
| 7328 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 7329 | Part 4: Supporting Routines Trusted Platform Module Library |
| 7330 | |
| 7331 | 439 |
| 7332 | 440 // Check authPolicy digest consistency |
| 7333 | 441 if( publicArea->authPolicy.t.size != 0 |
| 7334 | 442 && ( publicArea->authPolicy.t.size |
| 7335 | 443 != CryptGetHashDigestSize(publicArea->nameAlg) |
| 7336 | 444 ) |
| 7337 | 445 ) |
| 7338 | 446 return TPM_RC_SIZE; |
| 7339 | 447 |
| 7340 | 448 // If the parent is fixedTPM (including a Primary Object) the object must have |
| 7341 | 449 // the same value for fixedTPM and fixedParent |
| 7342 | 450 if( parentObject == NULL |
| 7343 | 451 || parentObject->publicArea.objectAttributes.fixedTPM == SET) |
| 7344 | 452 { |
| 7345 | 453 if( publicArea->objectAttributes.fixedParent |
| 7346 | 454 != publicArea->objectAttributes.fixedTPM |
| 7347 | 455 ) |
| 7348 | 456 return TPM_RC_ATTRIBUTES; |
| 7349 | 457 } |
| 7350 | 458 else |
| 7351 | 459 // The parent is not fixedTPM so the object can't be fixedTPM |
| 7352 | 460 if(publicArea->objectAttributes.fixedTPM == SET) |
| 7353 | 461 return TPM_RC_ATTRIBUTES; |
| 7354 | 462 |
| 7355 | 463 // A restricted object cannot be both sign and decrypt and it can't be neither |
| 7356 | 464 // sign nor decrypt |
| 7357 | 465 if ( publicArea->objectAttributes.restricted == SET |
| 7358 | 466 && ( publicArea->objectAttributes.decrypt |
| 7359 | 467 == publicArea->objectAttributes.sign) |
| 7360 | 468 ) |
| 7361 | 469 return TPM_RC_ATTRIBUTES; |
| 7362 | 470 |
| 7363 | 471 // A fixedTPM object can not have encryptedDuplication bit SET |
| 7364 | 472 if( publicArea->objectAttributes.fixedTPM == SET |
| 7365 | 473 && publicArea->objectAttributes.encryptedDuplication == SET) |
| 7366 | 474 return TPM_RC_ATTRIBUTES; |
| 7367 | 475 |
| 7368 | 476 // If a parent object has fixedTPM CLEAR, the child must have the |
| 7369 | 477 // same encryptedDuplication value as its parent. |
| 7370 | 478 // Primary objects are considered to have a fixedTPM parent (the seeds). |
| 7371 | 479 if( ( parentObject != NULL |
| 7372 | 480 && parentObject->publicArea.objectAttributes.fixedTPM == CLEAR) |
| 7373 | 481 // Get here if parent is not fixed TPM |
| 7374 | 482 && ( publicArea->objectAttributes.encryptedDuplication |
| 7375 | 483 != parentObject->publicArea.objectAttributes.encryptedDuplication |
| 7376 | 484 ) |
| 7377 | 485 ) |
| 7378 | 486 return TPM_RC_ATTRIBUTES; |
| 7379 | 487 |
| 7380 | 488 return SchemeChecks(load, parentHandle, publicArea); |
| 7381 | 489 } |
| 7382 | |
| 7383 | |
| 7384 | 7.6.3.4 FillInCreationData() |
| 7385 | |
| 7386 | Fill in creation data for an object. |
| 7387 | |
| 7388 | 490 void |
| 7389 | 491 FillInCreationData( |
| 7390 | 492 TPMI_DH_OBJECT parentHandle, // IN: handle of parent |
| 7391 | 493 TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm |
| 7392 | 494 TPML_PCR_SELECTION *creationPCR, // IN: PCR selection |
| 7393 | 495 TPM2B_DATA *outsideData, // IN: outside data |
| 7394 | 496 TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output |
| 7395 | 497 TPM2B_DIGEST *creationDigest // OUT: creation digest |
| 7396 | |
| 7397 | |
| 7398 | Family "2.0" TCG Published Page 95 |
| 7399 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 7400 | Trusted Platform Module Library Part 4: Supporting Routines |
| 7401 | |
| 7402 | 498 ) |
| 7403 | 499 { |
| 7404 | 500 BYTE creationBuffer[sizeof(TPMS_CREATION_DATA)]; |
| 7405 | 501 BYTE *buffer; |
| 7406 | 502 HASH_STATE hashState; |
| 7407 | 503 |
| 7408 | 504 // Fill in TPMS_CREATION_DATA in outCreation |
| 7409 | 505 |
| 7410 | 506 // Compute PCR digest |
| 7411 | 507 PCRComputeCurrentDigest(nameHashAlg, creationPCR, |
| 7412 | 508 &outCreation->t.creationData.pcrDigest); |
| 7413 | 509 |
| 7414 | 510 // Put back PCR selection list |
| 7415 | 511 outCreation->t.creationData.pcrSelect = *creationPCR; |
| 7416 | 512 |
| 7417 | 513 // Get locality |
| 7418 | 514 outCreation->t.creationData.locality |
| 7419 | 515 = LocalityGetAttributes(_plat__LocalityGet()); |
| 7420 | 516 |
| 7421 | 517 outCreation->t.creationData.parentNameAlg = TPM_ALG_NULL; |
| 7422 | 518 |
| 7423 | 519 // If the parent is is either a primary seed or TPM_ALG_NULL, then the Name |
| 7424 | 520 // and QN of the parent are the parent's handle. |
| 7425 | 521 if(HandleGetType(parentHandle) == TPM_HT_PERMANENT) |
| 7426 | 522 { |
| 7427 | 523 BYTE *buffer = &outCreation->t.creationData.parentName.t.name[0]; |
| 7428 | 524 outCreation->t.creationData.parentName.t.size = |
| 7429 | 525 TPM_HANDLE_Marshal(&parentHandle, &buffer, NULL); |
| 7430 | 526 |
| 7431 | 527 // Parent qualified name of a Temporary Object is the same as parent's |
| 7432 | 528 // name |
| 7433 | 529 MemoryCopy2B(&outCreation->t.creationData.parentQualifiedName.b, |
| 7434 | 530 &outCreation->t.creationData.parentName.b, |
| 7435 | 531 sizeof(outCreation->t.creationData.parentQualifiedName.t.name)); |
| 7436 | 532 |
| 7437 | 533 } |
| 7438 | 534 else // Regular object |
| 7439 | 535 { |
| 7440 | 536 OBJECT *parentObject = ObjectGet(parentHandle); |
| 7441 | 537 |
| 7442 | 538 // Set name algorithm |
| 7443 | 539 outCreation->t.creationData.parentNameAlg = |
| 7444 | 540 parentObject->publicArea.nameAlg; |
| 7445 | 541 // Copy parent name |
| 7446 | 542 outCreation->t.creationData.parentName = parentObject->name; |
| 7447 | 543 |
| 7448 | 544 // Copy parent qualified name |
| 7449 | 545 outCreation->t.creationData.parentQualifiedName = |
| 7450 | 546 parentObject->qualifiedName; |
| 7451 | 547 } |
| 7452 | 548 |
| 7453 | 549 // Copy outside information |
| 7454 | 550 outCreation->t.creationData.outsideInfo = *outsideData; |
| 7455 | 551 |
| 7456 | 552 // Marshal creation data to canonical form |
| 7457 | 553 buffer = creationBuffer; |
| 7458 | 554 outCreation->t.size = TPMS_CREATION_DATA_Marshal(&outCreation->t.creationData, |
| 7459 | 555 &buffer, NULL); |
| 7460 | 556 |
| 7461 | 557 // Compute hash for creation field in public template |
| 7462 | 558 creationDigest->t.size = CryptStartHash(nameHashAlg, &hashState); |
| 7463 | 559 CryptUpdateDigest(&hashState, outCreation->t.size, creationBuffer); |
| 7464 | 560 CryptCompleteHash2B(&hashState, &creationDigest->b); |
| 7465 | 561 |
| 7466 | 562 return; |
| 7467 | 563 } |
| 7468 | |
| 7469 | Page 96 TCG Published Family "2.0" |
| 7470 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 7471 | Part 4: Supporting Routines Trusted Platform Module Library |
| 7472 | |
| 7473 | 7.6.3.5 GetSeedForKDF() |
| 7474 | |
| 7475 | Get a seed for KDF. The KDF for encryption and HMAC key use the same seed. It returns a pointer to |
| 7476 | the seed |
| 7477 | |
| 7478 | 564 TPM2B_SEED* |
| 7479 | 565 GetSeedForKDF( |
| 7480 | 566 TPM_HANDLE protectorHandle, // IN: the protector handle |
| 7481 | 567 TPM2B_SEED *seedIn // IN: the optional input seed |
| 7482 | 568 ) |
| 7483 | 569 { |
| 7484 | 570 OBJECT *protector = NULL; // Pointer to the protector |
| 7485 | 571 |
| 7486 | 572 // Get seed for encryption key. Use input seed if provided. |
| 7487 | 573 // Otherwise, using protector object's seedValue. TPM_RH_NULL is the only |
| 7488 | 574 // exception that we may not have a loaded object as protector. In such a |
| 7489 | 575 // case, use nullProof as seed. |
| 7490 | 576 if(seedIn != NULL) |
| 7491 | 577 { |
| 7492 | 578 return seedIn; |
| 7493 | 579 } |
| 7494 | 580 else |
| 7495 | 581 { |
| 7496 | 582 if(protectorHandle == TPM_RH_NULL) |
| 7497 | 583 { |
| 7498 | 584 return (TPM2B_SEED *) &gr.nullProof; |
| 7499 | 585 } |
| 7500 | 586 else |
| 7501 | 587 { |
| 7502 | 588 protector = ObjectGet(protectorHandle); |
| 7503 | 589 return (TPM2B_SEED *) &protector->sensitive.seedValue; |
| 7504 | 590 } |
| 7505 | 591 } |
| 7506 | 592 } |
| 7507 | |
| 7508 | |
| 7509 | 7.6.3.6 ProduceOuterWrap() |
| 7510 | |
| 7511 | This function produce outer wrap for a buffer containing the sensitive data. It requires the sensitive data |
| 7512 | being marshaled to the outerBuffer, with the leading bytes reserved for integrity hash. If iv is used, iv |
| 7513 | space should be reserved at the beginning of the buffer. It assumes the sensitive data starts at address |
| 7514 | (outerBuffer + integrity size {+ iv size}). This function performs: |
| 7515 | a) Add IV before sensitive area if required |
| 7516 | b) encrypt sensitive data, if iv is required, encrypt by iv. otherwise, encrypted by a NULL iv |
| 7517 | c) add HMAC integrity at the beginning of the buffer It returns the total size of blob with outer wrap |
| 7518 | |
| 7519 | 593 UINT16 |
| 7520 | 594 ProduceOuterWrap( |
| 7521 | 595 TPM_HANDLE protector, // IN: The handle of the object that provides |
| 7522 | 596 // protection. For object, it is parent |
| 7523 | 597 // handle. For credential, it is the handle |
| 7524 | 598 // of encrypt object. |
| 7525 | 599 TPM2B_NAME *name, // IN: the name of the object |
| 7526 | 600 TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap |
| 7527 | 601 TPM2B_SEED *seed, // IN: an external seed may be provided for |
| 7528 | 602 // duplication blob. For non duplication |
| 7529 | 603 // blob, this parameter should be NULL |
| 7530 | 604 BOOL useIV, // IN: indicate if an IV is used |
| 7531 | 605 UINT16 dataSize, // IN: the size of sensitive data, excluding the |
| 7532 | 606 // leading integrity buffer size or the |
| 7533 | 607 // optional iv size |
| 7534 | 608 BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in |
| 7535 | |
| 7536 | Family "2.0" TCG Published Page 97 |
| 7537 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 7538 | Trusted Platform Module Library Part 4: Supporting Routines |
| 7539 | |
| 7540 | 609 // it |
| 7541 | 610 ) |
| 7542 | 611 { |
| 7543 | 612 TPM_ALG_ID symAlg; |
| 7544 | 613 UINT16 keyBits; |
| 7545 | 614 TPM2B_SYM_KEY symKey; |
| 7546 | 615 TPM2B_IV ivRNG; // IV from RNG |
| 7547 | 616 TPM2B_IV *iv = NULL; |
| 7548 | 617 UINT16 ivSize = 0; // size of iv area, including the size field |
| 7549 | 618 |
| 7550 | 619 BYTE *sensitiveData; // pointer to the sensitive data |
| 7551 | 620 |
| 7552 | 621 TPM2B_DIGEST integrity; |
| 7553 | 622 UINT16 integritySize; |
| 7554 | 623 BYTE *buffer; // Auxiliary buffer pointer |
| 7555 | 624 |
| 7556 | 625 // Compute the beginning of sensitive data. The outer integrity should |
| 7557 | 626 // always exist if this function function is called to make an outer wrap |
| 7558 | 627 integritySize = sizeof(UINT16) + CryptGetHashDigestSize(hashAlg); |
| 7559 | 628 sensitiveData = outerBuffer + integritySize; |
| 7560 | 629 |
| 7561 | 630 // If iv is used, adjust the pointer of sensitive data and add iv before it |
| 7562 | 631 if(useIV) |
| 7563 | 632 { |
| 7564 | 633 ivSize = GetIV2BSize(protector); |
| 7565 | 634 |
| 7566 | 635 // Generate IV from RNG. The iv data size should be the total IV area |
| 7567 | 636 // size minus the size of size field |
| 7568 | 637 ivRNG.t.size = ivSize - sizeof(UINT16); |
| 7569 | 638 CryptGenerateRandom(ivRNG.t.size, ivRNG.t.buffer); |
| 7570 | 639 |
| 7571 | 640 // Marshal IV to buffer |
| 7572 | 641 buffer = sensitiveData; |
| 7573 | 642 TPM2B_IV_Marshal(&ivRNG, &buffer, NULL); |
| 7574 | 643 |
| 7575 | 644 // adjust sensitive data starting after IV area |
| 7576 | 645 sensitiveData += ivSize; |
| 7577 | 646 |
| 7578 | 647 // Use iv for encryption |
| 7579 | 648 iv = &ivRNG; |
| 7580 | 649 } |
| 7581 | 650 |
| 7582 | 651 // Compute symmetric key parameters for outer buffer encryption |
| 7583 | 652 ComputeProtectionKeyParms(protector, hashAlg, name, seed, |
| 7584 | 653 &symAlg, &keyBits, &symKey); |
| 7585 | 654 // Encrypt inner buffer in place |
| 7586 | 655 CryptSymmetricEncrypt(sensitiveData, symAlg, keyBits, |
| 7587 | 656 TPM_ALG_CFB, symKey.t.buffer, iv, dataSize, |
| 7588 | 657 sensitiveData); |
| 7589 | 658 |
| 7590 | 659 // Compute outer integrity. Integrity computation includes the optional IV |
| 7591 | 660 // area |
| 7592 | 661 ComputeOuterIntegrity(name, protector, hashAlg, seed, dataSize + ivSize, |
| 7593 | 662 outerBuffer + integritySize, &integrity); |
| 7594 | 663 |
| 7595 | 664 // Add integrity at the beginning of outer buffer |
| 7596 | 665 buffer = outerBuffer; |
| 7597 | 666 TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); |
| 7598 | 667 |
| 7599 | 668 // return the total size in outer wrap |
| 7600 | 669 return dataSize + integritySize + ivSize; |
| 7601 | 670 |
| 7602 | 671 } |
| 7603 | |
| 7604 | |
| 7605 | |
| 7606 | |
| 7607 | Page 98 TCG Published Family "2.0" |
| 7608 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 7609 | Part 4: Supporting Routines Trusted Platform Module Library |
| 7610 | |
| 7611 | 7.6.3.7 UnwrapOuter() |
| 7612 | |
| 7613 | This function remove the outer wrap of a blob containing sensitive data This function performs: |
| 7614 | a) check integrity of outer blob |
| 7615 | b) decrypt outer blob |
| 7616 | |
| 7617 | Error Returns Meaning |
| 7618 | |
| 7619 | TPM_RC_INSUFFICIENT error during sensitive data unmarshaling |
| 7620 | TPM_RC_INTEGRITY sensitive data integrity is broken |
| 7621 | TPM_RC_SIZE error during sensitive data unmarshaling |
| 7622 | TPM_RC_VALUE IV size for CFB does not match the encryption algorithm block size |
| 7623 | |
| 7624 | 672 TPM_RC |
| 7625 | 673 UnwrapOuter( |
| 7626 | 674 TPM_HANDLE protector, // IN: The handle of the object that provides |
| 7627 | 675 // protection. For object, it is parent |
| 7628 | 676 // handle. For credential, it is the handle |
| 7629 | 677 // of encrypt object. |
| 7630 | 678 TPM2B_NAME *name, // IN: the name of the object |
| 7631 | 679 TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap |
| 7632 | 680 TPM2B_SEED *seed, // IN: an external seed may be provided for |
| 7633 | 681 // duplication blob. For non duplication |
| 7634 | 682 // blob, this parameter should be NULL. |
| 7635 | 683 BOOL useIV, // IN: indicates if an IV is used |
| 7636 | 684 UINT16 dataSize, // IN: size of sensitive data in outerBuffer, |
| 7637 | 685 // including the leading integrity buffer |
| 7638 | 686 // size, and an optional iv area |
| 7639 | 687 BYTE *outerBuffer // IN/OUT: sensitive data |
| 7640 | 688 ) |
| 7641 | 689 { |
| 7642 | 690 TPM_RC result; |
| 7643 | 691 TPM_ALG_ID symAlg = TPM_ALG_NULL; |
| 7644 | 692 TPM2B_SYM_KEY symKey; |
| 7645 | 693 UINT16 keyBits = 0; |
| 7646 | 694 TPM2B_IV ivIn; // input IV retrieved from input buffer |
| 7647 | 695 TPM2B_IV *iv = NULL; |
| 7648 | 696 |
| 7649 | 697 BYTE *sensitiveData; // pointer to the sensitive data |
| 7650 | 698 |
| 7651 | 699 TPM2B_DIGEST integrityToCompare; |
| 7652 | 700 TPM2B_DIGEST integrity; |
| 7653 | 701 INT32 size; |
| 7654 | 702 |
| 7655 | 703 // Unmarshal integrity |
| 7656 | 704 sensitiveData = outerBuffer; |
| 7657 | 705 size = (INT32) dataSize; |
| 7658 | 706 result = TPM2B_DIGEST_Unmarshal(&integrity, &sensitiveData, &size); |
| 7659 | 707 if(result == TPM_RC_SUCCESS) |
| 7660 | 708 { |
| 7661 | 709 // Compute integrity to compare |
| 7662 | 710 ComputeOuterIntegrity(name, protector, hashAlg, seed, |
| 7663 | 711 (UINT16) size, sensitiveData, |
| 7664 | 712 &integrityToCompare); |
| 7665 | 713 |
| 7666 | 714 // Compare outer blob integrity |
| 7667 | 715 if(!Memory2BEqual(&integrity.b, &integrityToCompare.b)) |
| 7668 | 716 return TPM_RC_INTEGRITY; |
| 7669 | 717 |
| 7670 | 718 // Get the symmetric algorithm parameters used for encryption |
| 7671 | 719 ComputeProtectionKeyParms(protector, hashAlg, name, seed, |
| 7672 | |
| 7673 | Family "2.0" TCG Published Page 99 |
| 7674 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 7675 | Trusted Platform Module Library Part 4: Supporting Routines |
| 7676 | |
| 7677 | 720 &symAlg, &keyBits, &symKey); |
| 7678 | 721 |
| 7679 | 722 // Retrieve IV if it is used |
| 7680 | 723 if(useIV) |
| 7681 | 724 { |
| 7682 | 725 result = TPM2B_IV_Unmarshal(&ivIn, &sensitiveData, &size); |
| 7683 | 726 if(result == TPM_RC_SUCCESS) |
| 7684 | 727 { |
| 7685 | 728 // The input iv size for CFB must match the encryption algorithm |
| 7686 | 729 // block size |
| 7687 | 730 if(ivIn.t.size != CryptGetSymmetricBlockSize(symAlg, keyBits)) |
| 7688 | 731 result = TPM_RC_VALUE; |
| 7689 | 732 else |
| 7690 | 733 iv = &ivIn; |
| 7691 | 734 } |
| 7692 | 735 } |
| 7693 | 736 } |
| 7694 | 737 // If no errors, decrypt private in place |
| 7695 | 738 if(result == TPM_RC_SUCCESS) |
| 7696 | 739 CryptSymmetricDecrypt(sensitiveData, symAlg, keyBits, |
| 7697 | 740 TPM_ALG_CFB, symKey.t.buffer, iv, |
| 7698 | 741 (UINT16) size, sensitiveData); |
| 7699 | 742 |
| 7700 | 743 return result; |
| 7701 | 744 |
| 7702 | 745 } |
| 7703 | |
| 7704 | |
| 7705 | 7.6.3.8 SensitiveToPrivate() |
| 7706 | |
| 7707 | This function prepare the private blob for off the chip storage The operations in this function: |
| 7708 | a) marshal TPM2B_SENSITIVE structure into the buffer of TPM2B_PRIVATE |
| 7709 | b) apply encryption to the sensitive area. |
| 7710 | c) apply outer integrity computation. |
| 7711 | |
| 7712 | 746 void |
| 7713 | 747 SensitiveToPrivate( |
| 7714 | 748 TPMT_SENSITIVE *sensitive, // IN: sensitive structure |
| 7715 | 749 TPM2B_NAME *name, // IN: the name of the object |
| 7716 | 750 TPM_HANDLE parentHandle, // IN: The parent's handle |
| 7717 | 751 TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This |
| 7718 | 752 // parameter is used when parentHandle is |
| 7719 | 753 // NULL, in which case the object is |
| 7720 | 754 // temporary. |
| 7721 | 755 TPM2B_PRIVATE *outPrivate // OUT: output private structure |
| 7722 | 756 ) |
| 7723 | 757 { |
| 7724 | 758 BYTE *buffer; // Auxiliary buffer pointer |
| 7725 | 759 BYTE *sensitiveData; // pointer to the sensitive data |
| 7726 | 760 UINT16 dataSize; // data blob size |
| 7727 | 761 TPMI_ALG_HASH hashAlg; // hash algorithm for integrity |
| 7728 | 762 UINT16 integritySize; |
| 7729 | 763 UINT16 ivSize; |
| 7730 | 764 |
| 7731 | 765 pAssert(name != NULL && name->t.size != 0); |
| 7732 | 766 |
| 7733 | 767 // Find the hash algorithm for integrity computation |
| 7734 | 768 if(parentHandle == TPM_RH_NULL) |
| 7735 | 769 { |
| 7736 | 770 // For Temporary Object, using self name algorithm |
| 7737 | 771 hashAlg = nameAlg; |
| 7738 | 772 } |
| 7739 | 773 else |
| 7740 | |
| 7741 | Page 100 TCG Published Family "2.0" |
| 7742 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 7743 | Part 4: Supporting Routines Trusted Platform Module Library |
| 7744 | |
| 7745 | 774 { |
| 7746 | 775 // Otherwise, using parent's name algorithm |
| 7747 | 776 hashAlg = ObjectGetNameAlg(parentHandle); |
| 7748 | 777 } |
| 7749 | 778 |
| 7750 | 779 // Starting of sensitive data without wrappers |
| 7751 | 780 sensitiveData = outPrivate->t.buffer; |
| 7752 | 781 |
| 7753 | 782 // Compute the integrity size |
| 7754 | 783 integritySize = sizeof(UINT16) + CryptGetHashDigestSize(hashAlg); |
| 7755 | 784 |
| 7756 | 785 // Reserve space for integrity |
| 7757 | 786 sensitiveData += integritySize; |
| 7758 | 787 |
| 7759 | 788 // Get iv size |
| 7760 | 789 ivSize = GetIV2BSize(parentHandle); |
| 7761 | 790 |
| 7762 | 791 // Reserve space for iv |
| 7763 | 792 sensitiveData += ivSize; |
| 7764 | 793 |
| 7765 | 794 // Marshal sensitive area, leaving the leading 2 bytes for size |
| 7766 | 795 buffer = sensitiveData + sizeof(UINT16); |
| 7767 | 796 dataSize = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); |
| 7768 | 797 |
| 7769 | 798 // Adding size before the data area |
| 7770 | 799 buffer = sensitiveData; |
| 7771 | 800 UINT16_Marshal(&dataSize, &buffer, NULL); |
| 7772 | 801 |
| 7773 | 802 // Adjust the dataSize to include the size field |
| 7774 | 803 dataSize += sizeof(UINT16); |
| 7775 | 804 |
| 7776 | 805 // Adjust the pointer to inner buffer including the iv |
| 7777 | 806 sensitiveData = outPrivate->t.buffer + ivSize; |
| 7778 | 807 |
| 7779 | 808 //Produce outer wrap, including encryption and HMAC |
| 7780 | 809 outPrivate->t.size = ProduceOuterWrap(parentHandle, name, hashAlg, NULL, |
| 7781 | 810 TRUE, dataSize, outPrivate->t.buffer); |
| 7782 | 811 |
| 7783 | 812 return; |
| 7784 | 813 } |
| 7785 | |
| 7786 | |
| 7787 | 7.6.3.9 PrivateToSensitive() |
| 7788 | |
| 7789 | Unwrap a input private area. Check the integrity, decrypt and retrieve data to a sensitive structure. The |
| 7790 | operations in this function: |
| 7791 | a) check the integrity HMAC of the input private area |
| 7792 | b) decrypt the private buffer |
| 7793 | c) unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE |
| 7794 | |
| 7795 | Error Returns Meaning |
| 7796 | |
| 7797 | TPM_RC_INTEGRITY if the private area integrity is bad |
| 7798 | TPM_RC_SENSITIVE unmarshal errors while unmarshaling TPMS_ENCRYPT from input |
| 7799 | private |
| 7800 | TPM_RC_VALUE outer wrapper does not have an iV of the correct size |
| 7801 | |
| 7802 | 814 TPM_RC |
| 7803 | 815 PrivateToSensitive( |
| 7804 | 816 TPM2B_PRIVATE *inPrivate, // IN: input private structure |
| 7805 | 817 TPM2B_NAME *name, // IN: the name of the object |
| 7806 | |
| 7807 | Family "2.0" TCG Published Page 101 |
| 7808 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 7809 | Trusted Platform Module Library Part 4: Supporting Routines |
| 7810 | |
| 7811 | 818 TPM_HANDLE parentHandle, // IN: The parent's handle |
| 7812 | 819 TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is |
| 7813 | 820 // passed separately because we only pass |
| 7814 | 821 // name, rather than the whole public area |
| 7815 | 822 // of the object. This parameter is used in |
| 7816 | 823 // the following two cases: 1. primary |
| 7817 | 824 // objects. 2. duplication blob with inner |
| 7818 | 825 // wrap. In other cases, this parameter |
| 7819 | 826 // will be ignored |
| 7820 | 827 TPMT_SENSITIVE *sensitive // OUT: sensitive structure |
| 7821 | 828 ) |
| 7822 | 829 { |
| 7823 | 830 TPM_RC result; |
| 7824 | 831 |
| 7825 | 832 BYTE *buffer; |
| 7826 | 833 INT32 size; |
| 7827 | 834 BYTE *sensitiveData; // pointer to the sensitive data |
| 7828 | 835 UINT16 dataSize; |
| 7829 | 836 UINT16 dataSizeInput; |
| 7830 | 837 TPMI_ALG_HASH hashAlg; // hash algorithm for integrity |
| 7831 | 838 OBJECT *parent = NULL; |
| 7832 | 839 |
| 7833 | 840 UINT16 integritySize; |
| 7834 | 841 UINT16 ivSize; |
| 7835 | 842 |
| 7836 | 843 // Make sure that name is provided |
| 7837 | 844 pAssert(name != NULL && name->t.size != 0); |
| 7838 | 845 |
| 7839 | 846 // Find the hash algorithm for integrity computation |
| 7840 | 847 if(parentHandle == TPM_RH_NULL) |
| 7841 | 848 { |
| 7842 | 849 // For Temporary Object, using self name algorithm |
| 7843 | 850 hashAlg = nameAlg; |
| 7844 | 851 } |
| 7845 | 852 else |
| 7846 | 853 { |
| 7847 | 854 // Otherwise, using parent's name algorithm |
| 7848 | 855 hashAlg = ObjectGetNameAlg(parentHandle); |
| 7849 | 856 } |
| 7850 | 857 |
| 7851 | 858 // unwrap outer |
| 7852 | 859 result = UnwrapOuter(parentHandle, name, hashAlg, NULL, TRUE, |
| 7853 | 860 inPrivate->t.size, inPrivate->t.buffer); |
| 7854 | 861 if(result != TPM_RC_SUCCESS) |
| 7855 | 862 return result; |
| 7856 | 863 |
| 7857 | 864 // Compute the inner integrity size. |
| 7858 | 865 integritySize = sizeof(UINT16) + CryptGetHashDigestSize(hashAlg); |
| 7859 | 866 |
| 7860 | 867 // Get iv size |
| 7861 | 868 ivSize = GetIV2BSize(parentHandle); |
| 7862 | 869 |
| 7863 | 870 // The starting of sensitive data and data size without outer wrapper |
| 7864 | 871 sensitiveData = inPrivate->t.buffer + integritySize + ivSize; |
| 7865 | 872 dataSize = inPrivate->t.size - integritySize - ivSize; |
| 7866 | 873 |
| 7867 | 874 // Unmarshal input data size |
| 7868 | 875 buffer = sensitiveData; |
| 7869 | 876 size = (INT32) dataSize; |
| 7870 | 877 result = UINT16_Unmarshal(&dataSizeInput, &buffer, &size); |
| 7871 | 878 if(result == TPM_RC_SUCCESS) |
| 7872 | 879 { |
| 7873 | 880 if((dataSizeInput + sizeof(UINT16)) != dataSize) |
| 7874 | 881 result = TPM_RC_SENSITIVE; |
| 7875 | 882 else |
| 7876 | 883 { |
| 7877 | |
| 7878 | Page 102 TCG Published Family "2.0" |
| 7879 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 7880 | Part 4: Supporting Routines Trusted Platform Module Library |
| 7881 | |
| 7882 | 884 // Unmarshal sensitive buffer to sensitive structure |
| 7883 | 885 result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); |
| 7884 | 886 if(result != TPM_RC_SUCCESS || size != 0) |
| 7885 | 887 { |
| 7886 | 888 pAssert( (parent == NULL) |
| 7887 | 889 || parent->publicArea.objectAttributes.fixedTPM == CLEAR); |
| 7888 | 890 result = TPM_RC_SENSITIVE; |
| 7889 | 891 } |
| 7890 | 892 else |
| 7891 | 893 { |
| 7892 | 894 // Always remove trailing zeros at load so that it is not necessary |
| 7893 | 895 // to check |
| 7894 | 896 // each time auth is checked. |
| 7895 | 897 MemoryRemoveTrailingZeros(&(sensitive->authValue)); |
| 7896 | 898 } |
| 7897 | 899 } |
| 7898 | 900 } |
| 7899 | 901 return result; |
| 7900 | 902 } |
| 7901 | |
| 7902 | |
| 7903 | 7.6.3.10 SensitiveToDuplicate() |
| 7904 | |
| 7905 | This function prepare the duplication blob from the sensitive area. The operations in this function: |
| 7906 | a) marshal TPMT_SENSITIVE structure into the buffer of TPM2B_PRIVATE |
| 7907 | b) apply inner wrap to the sensitive area if required |
| 7908 | c) apply outer wrap if required |
| 7909 | |
| 7910 | 903 void |
| 7911 | 904 SensitiveToDuplicate( |
| 7912 | 905 TPMT_SENSITIVE *sensitive, // IN: sensitive structure |
| 7913 | 906 TPM2B_NAME *name, // IN: the name of the object |
| 7914 | 907 TPM_HANDLE parentHandle, // IN: The new parent's handle |
| 7915 | 908 TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It |
| 7916 | 909 // is passed separately because we |
| 7917 | 910 // only pass name, rather than the |
| 7918 | 911 // whole public area of the object. |
| 7919 | 912 TPM2B_SEED *seed, // IN: the external seed. If external |
| 7920 | 913 // seed is provided with size of 0, |
| 7921 | 914 // no outer wrap should be applied |
| 7922 | 915 // to duplication blob. |
| 7923 | 916 TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the |
| 7924 | 917 // symmetric key algorithm is NULL, |
| 7925 | 918 // no inner wrap should be applied. |
| 7926 | 919 TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be |
| 7927 | 920 // provided to encrypt the inner |
| 7928 | 921 // wrap of a duplication blob. May |
| 7929 | 922 // be generated here if needed. |
| 7930 | 923 TPM2B_PRIVATE *outPrivate // OUT: output private structure |
| 7931 | 924 ) |
| 7932 | 925 { |
| 7933 | 926 BYTE *buffer; // Auxiliary buffer pointer |
| 7934 | 927 BYTE *sensitiveData; // pointer to the sensitive data |
| 7935 | 928 TPMI_ALG_HASH outerHash = TPM_ALG_NULL;// The hash algorithm for outer wrap |
| 7936 | 929 TPMI_ALG_HASH innerHash = TPM_ALG_NULL;// The hash algorithm for inner wrap |
| 7937 | 930 UINT16 dataSize; // data blob size |
| 7938 | 931 BOOL doInnerWrap = FALSE; |
| 7939 | 932 BOOL doOuterWrap = FALSE; |
| 7940 | 933 |
| 7941 | 934 // Make sure that name is provided |
| 7942 | 935 pAssert(name != NULL && name->t.size != 0); |
| 7943 | 936 |
| 7944 | 937 // Make sure symDef and innerSymKey are not NULL |
| 7945 | |
| 7946 | Family "2.0" TCG Published Page 103 |
| 7947 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 7948 | Trusted Platform Module Library Part 4: Supporting Routines |
| 7949 | |
| 7950 | 938 pAssert(symDef != NULL && innerSymKey != NULL); |
| 7951 | 939 |
| 7952 | 940 // Starting of sensitive data without wrappers |
| 7953 | 941 sensitiveData = outPrivate->t.buffer; |
| 7954 | 942 |
| 7955 | 943 // Find out if inner wrap is required |
| 7956 | 944 if(symDef->algorithm != TPM_ALG_NULL) |
| 7957 | 945 { |
| 7958 | 946 doInnerWrap = TRUE; |
| 7959 | 947 // Use self nameAlg as inner hash algorithm |
| 7960 | 948 innerHash = nameAlg; |
| 7961 | 949 // Adjust sensitive data pointer |
| 7962 | 950 sensitiveData += sizeof(UINT16) + CryptGetHashDigestSize(innerHash); |
| 7963 | 951 } |
| 7964 | 952 |
| 7965 | 953 // Find out if outer wrap is required |
| 7966 | 954 if(seed->t.size != 0) |
| 7967 | 955 { |
| 7968 | 956 doOuterWrap = TRUE; |
| 7969 | 957 // Use parent nameAlg as outer hash algorithm |
| 7970 | 958 outerHash = ObjectGetNameAlg(parentHandle); |
| 7971 | 959 // Adjust sensitive data pointer |
| 7972 | 960 sensitiveData += sizeof(UINT16) + CryptGetHashDigestSize(outerHash); |
| 7973 | 961 } |
| 7974 | 962 |
| 7975 | 963 // Marshal sensitive area, leaving the leading 2 bytes for size |
| 7976 | 964 buffer = sensitiveData + sizeof(UINT16); |
| 7977 | 965 dataSize = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); |
| 7978 | 966 |
| 7979 | 967 // Adding size before the data area |
| 7980 | 968 buffer = sensitiveData; |
| 7981 | 969 UINT16_Marshal(&dataSize, &buffer, NULL); |
| 7982 | 970 |
| 7983 | 971 // Adjust the dataSize to include the size field |
| 7984 | 972 dataSize += sizeof(UINT16); |
| 7985 | 973 |
| 7986 | 974 // Apply inner wrap for duplication blob. It includes both integrity and |
| 7987 | 975 // encryption |
| 7988 | 976 if(doInnerWrap) |
| 7989 | 977 { |
| 7990 | 978 BYTE *innerBuffer = NULL; |
| 7991 | 979 BOOL symKeyInput = TRUE; |
| 7992 | 980 innerBuffer = outPrivate->t.buffer; |
| 7993 | 981 // Skip outer integrity space |
| 7994 | 982 if(doOuterWrap) |
| 7995 | 983 innerBuffer += sizeof(UINT16) + CryptGetHashDigestSize(outerHash); |
| 7996 | 984 dataSize = ProduceInnerIntegrity(name, innerHash, dataSize, |
| 7997 | 985 innerBuffer); |
| 7998 | 986 |
| 7999 | 987 // Generate inner encryption key if needed |
| 8000 | 988 if(innerSymKey->t.size == 0) |
| 8001 | 989 { |
| 8002 | 990 innerSymKey->t.size = (symDef->keyBits.sym + 7) / 8; |
| 8003 | 991 CryptGenerateRandom(innerSymKey->t.size, innerSymKey->t.buffer); |
| 8004 | 992 |
| 8005 | 993 // TPM generates symmetric encryption. Set the flag to FALSE |
| 8006 | 994 symKeyInput = FALSE; |
| 8007 | 995 } |
| 8008 | 996 else |
| 8009 | 997 { |
| 8010 | 998 // assume the input key size should matches the symmetric definition |
| 8011 | 999 pAssert(innerSymKey->t.size == (symDef->keyBits.sym + 7) / 8); |
| 8012 | 1000 |
| 8013 | 1001 } |
| 8014 | 1002 |
| 8015 | 1003 // Encrypt inner buffer in place |
| 8016 | |
| 8017 | Page 104 TCG Published Family "2.0" |
| 8018 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 8019 | Part 4: Supporting Routines Trusted Platform Module Library |
| 8020 | |
| 8021 | 1004 CryptSymmetricEncrypt(innerBuffer, symDef->algorithm, |
| 8022 | 1005 symDef->keyBits.sym, TPM_ALG_CFB, |
| 8023 | 1006 innerSymKey->t.buffer, NULL, dataSize, |
| 8024 | 1007 innerBuffer); |
| 8025 | 1008 |
| 8026 | 1009 // If the symmetric encryption key is imported, clear the buffer for |
| 8027 | 1010 // output |
| 8028 | 1011 if(symKeyInput) |
| 8029 | 1012 innerSymKey->t.size = 0; |
| 8030 | 1013 } |
| 8031 | 1014 |
| 8032 | 1015 // Apply outer wrap for duplication blob. It includes both integrity and |
| 8033 | 1016 // encryption |
| 8034 | 1017 if(doOuterWrap) |
| 8035 | 1018 { |
| 8036 | 1019 dataSize = ProduceOuterWrap(parentHandle, name, outerHash, seed, FALSE, |
| 8037 | 1020 dataSize, outPrivate->t.buffer); |
| 8038 | 1021 } |
| 8039 | 1022 |
| 8040 | 1023 // Data size for output |
| 8041 | 1024 outPrivate->t.size = dataSize; |
| 8042 | 1025 |
| 8043 | 1026 return; |
| 8044 | 1027 } |
| 8045 | |
| 8046 | |
| 8047 | 7.6.3.11 DuplicateToSensitive() |
| 8048 | |
| 8049 | Unwrap a duplication blob. Check the integrity, decrypt and retrieve data to a sensitive structure. The |
| 8050 | operations in this function: |
| 8051 | a) check the integrity HMAC of the input private area |
| 8052 | b) decrypt the private buffer |
| 8053 | c) unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE |
| 8054 | |
| 8055 | Error Returns Meaning |
| 8056 | |
| 8057 | TPM_RC_INSUFFICIENT unmarshaling sensitive data from inPrivate failed |
| 8058 | TPM_RC_INTEGRITY inPrivate data integrity is broken |
| 8059 | TPM_RC_SIZE unmarshaling sensitive data from inPrivate failed |
| 8060 | |
| 8061 | 1028 TPM_RC |
| 8062 | 1029 DuplicateToSensitive( |
| 8063 | 1030 TPM2B_PRIVATE *inPrivate, // IN: input private structure |
| 8064 | 1031 TPM2B_NAME *name, // IN: the name of the object |
| 8065 | 1032 TPM_HANDLE parentHandle, // IN: The parent's handle |
| 8066 | 1033 TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. |
| 8067 | 1034 TPM2B_SEED *seed, // IN: an external seed may be provided. |
| 8068 | 1035 // If external seed is provided with |
| 8069 | 1036 // size of 0, no outer wrap is |
| 8070 | 1037 // applied |
| 8071 | 1038 TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the |
| 8072 | 1039 // symmetric key algorithm is NULL, |
| 8073 | 1040 // no inner wrap is applied |
| 8074 | 1041 TPM2B_DATA *innerSymKey, // IN: a symmetric key may be provided |
| 8075 | 1042 // to decrypt the inner wrap of a |
| 8076 | 1043 // duplication blob. |
| 8077 | 1044 TPMT_SENSITIVE *sensitive // OUT: sensitive structure |
| 8078 | 1045 ) |
| 8079 | 1046 { |
| 8080 | 1047 TPM_RC result; |
| 8081 | 1048 |
| 8082 | |
| 8083 | Family "2.0" TCG Published Page 105 |
| 8084 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 8085 | Trusted Platform Module Library Part 4: Supporting Routines |
| 8086 | |
| 8087 | 1049 BYTE *buffer; |
| 8088 | 1050 INT32 size; |
| 8089 | 1051 BYTE *sensitiveData; // pointer to the sensitive data |
| 8090 | 1052 UINT16 dataSize; |
| 8091 | 1053 UINT16 dataSizeInput; |
| 8092 | 1054 |
| 8093 | 1055 // Make sure that name is provided |
| 8094 | 1056 pAssert(name != NULL && name->t.size != 0); |
| 8095 | 1057 |
| 8096 | 1058 // Make sure symDef and innerSymKey are not NULL |
| 8097 | 1059 pAssert(symDef != NULL && innerSymKey != NULL); |
| 8098 | 1060 |
| 8099 | 1061 // Starting of sensitive data |
| 8100 | 1062 sensitiveData = inPrivate->t.buffer; |
| 8101 | 1063 dataSize = inPrivate->t.size; |
| 8102 | 1064 |
| 8103 | 1065 // Find out if outer wrap is applied |
| 8104 | 1066 if(seed->t.size != 0) |
| 8105 | 1067 { |
| 8106 | 1068 TPMI_ALG_HASH outerHash = TPM_ALG_NULL; |
| 8107 | 1069 |
| 8108 | 1070 // Use parent nameAlg as outer hash algorithm |
| 8109 | 1071 outerHash = ObjectGetNameAlg(parentHandle); |
| 8110 | 1072 result = UnwrapOuter(parentHandle, name, outerHash, seed, FALSE, |
| 8111 | 1073 dataSize, sensitiveData); |
| 8112 | 1074 if(result != TPM_RC_SUCCESS) |
| 8113 | 1075 return result; |
| 8114 | 1076 |
| 8115 | 1077 // Adjust sensitive data pointer and size |
| 8116 | 1078 sensitiveData += sizeof(UINT16) + CryptGetHashDigestSize(outerHash); |
| 8117 | 1079 dataSize -= sizeof(UINT16) + CryptGetHashDigestSize(outerHash); |
| 8118 | 1080 } |
| 8119 | 1081 // Find out if inner wrap is applied |
| 8120 | 1082 if(symDef->algorithm != TPM_ALG_NULL) |
| 8121 | 1083 { |
| 8122 | 1084 TPMI_ALG_HASH innerHash = TPM_ALG_NULL; |
| 8123 | 1085 |
| 8124 | 1086 // assume the input key size should matches the symmetric definition |
| 8125 | 1087 pAssert(innerSymKey->t.size == (symDef->keyBits.sym + 7) / 8); |
| 8126 | 1088 |
| 8127 | 1089 // Decrypt inner buffer in place |
| 8128 | 1090 CryptSymmetricDecrypt(sensitiveData, symDef->algorithm, |
| 8129 | 1091 symDef->keyBits.sym, TPM_ALG_CFB, |
| 8130 | 1092 innerSymKey->t.buffer, NULL, dataSize, |
| 8131 | 1093 sensitiveData); |
| 8132 | 1094 |
| 8133 | 1095 // Use self nameAlg as inner hash algorithm |
| 8134 | 1096 innerHash = nameAlg; |
| 8135 | 1097 |
| 8136 | 1098 // Check inner integrity |
| 8137 | 1099 result = CheckInnerIntegrity(name, innerHash, dataSize, sensitiveData); |
| 8138 | 1100 if(result != TPM_RC_SUCCESS) |
| 8139 | 1101 return result; |
| 8140 | 1102 |
| 8141 | 1103 // Adjust sensitive data pointer and size |
| 8142 | 1104 sensitiveData += sizeof(UINT16) + CryptGetHashDigestSize(innerHash); |
| 8143 | 1105 dataSize -= sizeof(UINT16) + CryptGetHashDigestSize(innerHash); |
| 8144 | 1106 } |
| 8145 | 1107 |
| 8146 | 1108 // Unmarshal input data size |
| 8147 | 1109 buffer = sensitiveData; |
| 8148 | 1110 size = (INT32) dataSize; |
| 8149 | 1111 result = UINT16_Unmarshal(&dataSizeInput, &buffer, &size); |
| 8150 | 1112 if(result == TPM_RC_SUCCESS) |
| 8151 | 1113 { |
| 8152 | 1114 if((dataSizeInput + sizeof(UINT16)) != dataSize) |
| 8153 | |
| 8154 | Page 106 TCG Published Family "2.0" |
| 8155 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 8156 | Part 4: Supporting Routines Trusted Platform Module Library |
| 8157 | |
| 8158 | 1115 result = TPM_RC_SIZE; |
| 8159 | 1116 else |
| 8160 | 1117 { |
| 8161 | 1118 // Unmarshal sensitive buffer to sensitive structure |
| 8162 | 1119 result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); |
| 8163 | 1120 // if the results is OK make sure that all the data was unmarshaled |
| 8164 | 1121 if(result == TPM_RC_SUCCESS && size != 0) |
| 8165 | 1122 result = TPM_RC_SIZE; |
| 8166 | 1123 } |
| 8167 | 1124 } |
| 8168 | 1125 // Always remove trailing zeros at load so that it is not necessary to check |
| 8169 | 1126 // each time auth is checked. |
| 8170 | 1127 if(result == TPM_RC_SUCCESS) |
| 8171 | 1128 MemoryRemoveTrailingZeros(&(sensitive->authValue)); |
| 8172 | 1129 return result; |
| 8173 | 1130 } |
| 8174 | |
| 8175 | |
| 8176 | 7.6.3.12 SecretToCredential() |
| 8177 | |
| 8178 | This function prepare the credential blob from a secret (a TPM2B_DIGEST) The operations in this |
| 8179 | function: |
| 8180 | a) marshal TPM2B_DIGEST structure into the buffer of TPM2B_ID_OBJECT |
| 8181 | b) encrypt the private buffer, excluding the leading integrity HMAC area |
| 8182 | c) compute integrity HMAC and append to the beginning of the buffer. |
| 8183 | d) Set the total size of TPM2B_ID_OBJECT buffer |
| 8184 | |
| 8185 | 1131 void |
| 8186 | 1132 SecretToCredential( |
| 8187 | 1133 TPM2B_DIGEST *secret, // IN: secret information |
| 8188 | 1134 TPM2B_NAME *name, // IN: the name of the object |
| 8189 | 1135 TPM2B_SEED *seed, // IN: an external seed. |
| 8190 | 1136 TPM_HANDLE protector, // IN: The protector's handle |
| 8191 | 1137 TPM2B_ID_OBJECT *outIDObject // OUT: output credential |
| 8192 | 1138 ) |
| 8193 | 1139 { |
| 8194 | 1140 BYTE *buffer; // Auxiliary buffer pointer |
| 8195 | 1141 BYTE *sensitiveData; // pointer to the sensitive data |
| 8196 | 1142 TPMI_ALG_HASH outerHash; // The hash algorithm for outer wrap |
| 8197 | 1143 UINT16 dataSize; // data blob size |
| 8198 | 1144 |
| 8199 | 1145 pAssert(secret != NULL && outIDObject != NULL); |
| 8200 | 1146 |
| 8201 | 1147 // use protector's name algorithm as outer hash |
| 8202 | 1148 outerHash = ObjectGetNameAlg(protector); |
| 8203 | 1149 |
| 8204 | 1150 // Marshal secret area to credential buffer, leave space for integrity |
| 8205 | 1151 sensitiveData = outIDObject->t.credential |
| 8206 | 1152 + sizeof(UINT16) + CryptGetHashDigestSize(outerHash); |
| 8207 | 1153 |
| 8208 | 1154 // Marshal secret area |
| 8209 | 1155 buffer = sensitiveData; |
| 8210 | 1156 dataSize = TPM2B_DIGEST_Marshal(secret, &buffer, NULL); |
| 8211 | 1157 |
| 8212 | 1158 // Apply outer wrap |
| 8213 | 1159 outIDObject->t.size = ProduceOuterWrap(protector, |
| 8214 | 1160 name, |
| 8215 | 1161 outerHash, |
| 8216 | 1162 seed, |
| 8217 | 1163 FALSE, |
| 8218 | 1164 dataSize, |
| 8219 | 1165 outIDObject->t.credential); |
| 8220 | |
| 8221 | Family "2.0" TCG Published Page 107 |
| 8222 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 8223 | Trusted Platform Module Library Part 4: Supporting Routines |
| 8224 | |
| 8225 | 1166 return; |
| 8226 | 1167 } |
| 8227 | |
| 8228 | |
| 8229 | 7.6.3.13 CredentialToSecret() |
| 8230 | |
| 8231 | Unwrap a credential. Check the integrity, decrypt and retrieve data to a TPM2B_DIGEST structure. The |
| 8232 | operations in this function: |
| 8233 | a) check the integrity HMAC of the input credential area |
| 8234 | b) decrypt the credential buffer |
| 8235 | c) unmarshal TPM2B_DIGEST structure into the buffer of TPM2B_DIGEST |
| 8236 | |
| 8237 | Error Returns Meaning |
| 8238 | |
| 8239 | TPM_RC_INSUFFICIENT error during credential unmarshaling |
| 8240 | TPM_RC_INTEGRITY credential integrity is broken |
| 8241 | TPM_RC_SIZE error during credential unmarshaling |
| 8242 | TPM_RC_VALUE IV size does not match the encryption algorithm block size |
| 8243 | |
| 8244 | 1168 TPM_RC |
| 8245 | 1169 CredentialToSecret( |
| 8246 | 1170 TPM2B_ID_OBJECT *inIDObject, // IN: input credential blob |
| 8247 | 1171 TPM2B_NAME *name, // IN: the name of the object |
| 8248 | 1172 TPM2B_SEED *seed, // IN: an external seed. |
| 8249 | 1173 TPM_HANDLE protector, // IN: The protector's handle |
| 8250 | 1174 TPM2B_DIGEST *secret // OUT: secret information |
| 8251 | 1175 ) |
| 8252 | 1176 { |
| 8253 | 1177 TPM_RC result; |
| 8254 | 1178 BYTE *buffer; |
| 8255 | 1179 INT32 size; |
| 8256 | 1180 TPMI_ALG_HASH outerHash; // The hash algorithm for outer wrap |
| 8257 | 1181 BYTE *sensitiveData; // pointer to the sensitive data |
| 8258 | 1182 UINT16 dataSize; |
| 8259 | 1183 |
| 8260 | 1184 // use protector's name algorithm as outer hash |
| 8261 | 1185 outerHash = ObjectGetNameAlg(protector); |
| 8262 | 1186 |
| 8263 | 1187 // Unwrap outer, a TPM_RC_INTEGRITY error may be returned at this point |
| 8264 | 1188 result = UnwrapOuter(protector, name, outerHash, seed, FALSE, |
| 8265 | 1189 inIDObject->t.size, inIDObject->t.credential); |
| 8266 | 1190 if(result == TPM_RC_SUCCESS) |
| 8267 | 1191 { |
| 8268 | 1192 // Compute the beginning of sensitive data |
| 8269 | 1193 sensitiveData = inIDObject->t.credential |
| 8270 | 1194 + sizeof(UINT16) + CryptGetHashDigestSize(outerHash); |
| 8271 | 1195 dataSize = inIDObject->t.size |
| 8272 | 1196 - (sizeof(UINT16) + CryptGetHashDigestSize(outerHash)); |
| 8273 | 1197 |
| 8274 | 1198 // Unmarshal secret buffer to TPM2B_DIGEST structure |
| 8275 | 1199 buffer = sensitiveData; |
| 8276 | 1200 size = (INT32) dataSize; |
| 8277 | 1201 result = TPM2B_DIGEST_Unmarshal(secret, &buffer, &size); |
| 8278 | 1202 // If there were no other unmarshaling errors, make sure that the |
| 8279 | 1203 // expected amount of data was recovered |
| 8280 | 1204 if(result == TPM_RC_SUCCESS && size != 0) |
| 8281 | 1205 return TPM_RC_SIZE; |
| 8282 | 1206 } |
| 8283 | 1207 return result; |
| 8284 | 1208 } |
| 8285 | |
| 8286 | |
| 8287 | Page 108 TCG Published Family "2.0" |
| 8288 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 8289 | Part 4: Supporting Routines Trusted Platform Module Library |
| 8290 | |
| 8291 | |
| 8292 | 8 Subsystem |
| 8293 | |
| 8294 | 8.1 CommandAudit.c |
| 8295 | |
| 8296 | 8.1.1 Introduction |
| 8297 | |
| 8298 | This file contains the functions that support command audit. |
| 8299 | |
| 8300 | 8.1.2 Includes |
| 8301 | |
| 8302 | 1 #include "InternalRoutines.h" |
| 8303 | |
| 8304 | |
| 8305 | 8.1.3 Functions |
| 8306 | |
| 8307 | 8.1.3.1 CommandAuditPreInstall_Init() |
| 8308 | |
| 8309 | This function initializes the command audit list. This function is simulates the behavior of manufacturing. A |
| 8310 | function is used instead of a structure definition because this is easier than figuring out the initialization |
| 8311 | value for a bit array. |
| 8312 | This function would not be implemented outside of a manufacturing or simulation environment. |
| 8313 | |
| 8314 | 2 void |
| 8315 | 3 CommandAuditPreInstall_Init( |
| 8316 | 4 void |
| 8317 | 5 ) |
| 8318 | 6 { |
| 8319 | 7 // Clear all the audit commands |
| 8320 | 8 MemorySet(gp.auditComands, 0x00, |
| 8321 | 9 ((TPM_CC_LAST - TPM_CC_FIRST + 1) + 7) / 8); |
| 8322 | 10 |
| 8323 | 11 // TPM_CC_SetCommandCodeAuditStatus always being audited |
| 8324 | 12 if(CommandIsImplemented(TPM_CC_SetCommandCodeAuditStatus)) |
| 8325 | 13 CommandAuditSet(TPM_CC_SetCommandCodeAuditStatus); |
| 8326 | 14 |
| 8327 | 15 // Set initial command audit hash algorithm to be context integrity hash |
| 8328 | 16 // algorithm |
| 8329 | 17 gp.auditHashAlg = CONTEXT_INTEGRITY_HASH_ALG; |
| 8330 | 18 |
| 8331 | 19 // Set up audit counter to be 0 |
| 8332 | 20 gp.auditCounter = 0; |
| 8333 | 21 |
| 8334 | 22 // Write command audit persistent data to NV |
| 8335 | 23 NvWriteReserved(NV_AUDIT_COMMANDS, &gp.auditComands); |
| 8336 | 24 NvWriteReserved(NV_AUDIT_HASH_ALG, &gp.auditHashAlg); |
| 8337 | 25 NvWriteReserved(NV_AUDIT_COUNTER, &gp.auditCounter); |
| 8338 | 26 |
| 8339 | 27 return; |
| 8340 | 28 } |
| 8341 | |
| 8342 | |
| 8343 | 8.1.3.2 CommandAuditStartup() |
| 8344 | |
| 8345 | This function clears the command audit digest on a TPM Reset. |
| 8346 | |
| 8347 | 29 void |
| 8348 | 30 CommandAuditStartup( |
| 8349 | 31 STARTUP_TYPE type // IN: start up type |
| 8350 | 32 ) |
| 8351 | |
| 8352 | Family "2.0" TCG Published Page 109 |
| 8353 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 8354 | Trusted Platform Module Library Part 4: Supporting Routines |
| 8355 | |
| 8356 | 33 { |
| 8357 | 34 if(type == SU_RESET) |
| 8358 | 35 { |
| 8359 | 36 // Reset the digest size to initialize the digest |
| 8360 | 37 gr.commandAuditDigest.t.size = 0; |
| 8361 | 38 } |
| 8362 | 39 |
| 8363 | 40 } |
| 8364 | |
| 8365 | |
| 8366 | 8.1.3.3 CommandAuditSet() |
| 8367 | |
| 8368 | This function will SET the audit flag for a command. This function will not SET the audit flag for a |
| 8369 | command that is not implemented. This ensures that the audit status is not SET when |
| 8370 | TPM2_GetCapability() is used to read the list of audited commands. |
| 8371 | This function is only used by TPM2_SetCommandCodeAuditStatus(). |
| 8372 | The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the changes to be saved to |
| 8373 | NV after it is setting and clearing bits. |
| 8374 | |
| 8375 | Return Value Meaning |
| 8376 | |
| 8377 | TRUE the command code audit status was changed |
| 8378 | FALSE the command code audit status was not changed |
| 8379 | |
| 8380 | 41 BOOL |
| 8381 | 42 CommandAuditSet( |
| 8382 | 43 TPM_CC commandCode // IN: command code |
| 8383 | 44 ) |
| 8384 | 45 { |
| 8385 | 46 UINT32 bitPos; |
| 8386 | 47 |
| 8387 | 48 // Only SET a bit if the corresponding command is implemented |
| 8388 | 49 if(CommandIsImplemented(commandCode)) |
| 8389 | 50 { |
| 8390 | 51 // Can't audit shutdown |
| 8391 | 52 if(commandCode != TPM_CC_Shutdown) |
| 8392 | 53 { |
| 8393 | 54 bitPos = commandCode - TPM_CC_FIRST; |
| 8394 | 55 if(!BitIsSet(bitPos, &gp.auditComands[0], sizeof(gp.auditComands))) |
| 8395 | 56 { |
| 8396 | 57 // Set bit |
| 8397 | 58 BitSet(bitPos, &gp.auditComands[0], sizeof(gp.auditComands)); |
| 8398 | 59 return TRUE; |
| 8399 | 60 } |
| 8400 | 61 } |
| 8401 | 62 } |
| 8402 | 63 // No change |
| 8403 | 64 return FALSE; |
| 8404 | 65 } |
| 8405 | |
| 8406 | |
| 8407 | 8.1.3.4 CommandAuditClear() |
| 8408 | |
| 8409 | This function will CLEAR the audit flag for a command. It will not CLEAR the audit flag for |
| 8410 | TPM_CC_SetCommandCodeAuditStatus(). |
| 8411 | This function is only used by TPM2_SetCommandCodeAuditStatus(). |
| 8412 | The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the changes to be saved to |
| 8413 | NV after it is setting and clearing bits. |
| 8414 | |
| 8415 | |
| 8416 | |
| 8417 | Page 110 TCG Published Family "2.0" |
| 8418 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 8419 | Part 4: Supporting Routines Trusted Platform Module Library |
| 8420 | |
| 8421 | |
| 8422 | Return Value Meaning |
| 8423 | |
| 8424 | TRUE the command code audit status was changed |
| 8425 | FALSE the command code audit status was not changed |
| 8426 | |
| 8427 | 66 BOOL |
| 8428 | 67 CommandAuditClear( |
| 8429 | 68 TPM_CC commandCode // IN: command code |
| 8430 | 69 ) |
| 8431 | 70 { |
| 8432 | 71 UINT32 bitPos; |
| 8433 | 72 |
| 8434 | 73 // Do nothing if the command is not implemented |
| 8435 | 74 if(CommandIsImplemented(commandCode)) |
| 8436 | 75 { |
| 8437 | 76 // The bit associated with TPM_CC_SetCommandCodeAuditStatus() cannot be |
| 8438 | 77 // cleared |
| 8439 | 78 if(commandCode != TPM_CC_SetCommandCodeAuditStatus) |
| 8440 | 79 { |
| 8441 | 80 bitPos = commandCode - TPM_CC_FIRST; |
| 8442 | 81 if(BitIsSet(bitPos, &gp.auditComands[0], sizeof(gp.auditComands))) |
| 8443 | 82 { |
| 8444 | 83 // Clear bit |
| 8445 | 84 BitClear(bitPos, &gp.auditComands[0], sizeof(gp.auditComands)); |
| 8446 | 85 return TRUE; |
| 8447 | 86 } |
| 8448 | 87 } |
| 8449 | 88 } |
| 8450 | 89 // No change |
| 8451 | 90 return FALSE; |
| 8452 | 91 } |
| 8453 | |
| 8454 | |
| 8455 | 8.1.3.5 CommandAuditIsRequired() |
| 8456 | |
| 8457 | This function indicates if the audit flag is SET for a command. |
| 8458 | |
| 8459 | Return Value Meaning |
| 8460 | |
| 8461 | TRUE if command is audited |
| 8462 | FALSE if command is not audited |
| 8463 | |
| 8464 | 92 BOOL |
| 8465 | 93 CommandAuditIsRequired( |
| 8466 | 94 TPM_CC commandCode // IN: command code |
| 8467 | 95 ) |
| 8468 | 96 { |
| 8469 | 97 UINT32 bitPos; |
| 8470 | 98 |
| 8471 | 99 bitPos = commandCode - TPM_CC_FIRST; |
| 8472 | 100 |
| 8473 | 101 // Check the bit map. If the bit is SET, command audit is required |
| 8474 | 102 if((gp.auditComands[bitPos/8] & (1 << (bitPos % 8))) != 0) |
| 8475 | 103 return TRUE; |
| 8476 | 104 else |
| 8477 | 105 return FALSE; |
| 8478 | 106 |
| 8479 | 107 } |
| 8480 | |
| 8481 | |
| 8482 | 8.1.3.6 CommandAuditCapGetCCList() |
| 8483 | |
| 8484 | This function returns a list of commands that have their audit bit SET. |
| 8485 | Family "2.0" TCG Published Page 111 |
| 8486 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 8487 | Trusted Platform Module Library Part 4: Supporting Routines |
| 8488 | |
| 8489 | |
| 8490 | The list starts at the input commandCode. |
| 8491 | |
| 8492 | Return Value Meaning |
| 8493 | |
| 8494 | YES if there are more command code available |
| 8495 | NO all the available command code has been returned |
| 8496 | |
| 8497 | 108 TPMI_YES_NO |
| 8498 | 109 CommandAuditCapGetCCList( |
| 8499 | 110 TPM_CC commandCode, // IN: start command code |
| 8500 | 111 UINT32 count, // IN: count of returned TPM_CC |
| 8501 | 112 TPML_CC *commandList // OUT: list of TPM_CC |
| 8502 | 113 ) |
| 8503 | 114 { |
| 8504 | 115 TPMI_YES_NO more = NO; |
| 8505 | 116 UINT32 i; |
| 8506 | 117 |
| 8507 | 118 // Initialize output handle list |
| 8508 | 119 commandList->count = 0; |
| 8509 | 120 |
| 8510 | 121 // The maximum count of command we may return is MAX_CAP_CC |
| 8511 | 122 if(count > MAX_CAP_CC) count = MAX_CAP_CC; |
| 8512 | 123 |
| 8513 | 124 // If the command code is smaller than TPM_CC_FIRST, start from TPM_CC_FIRST |
| 8514 | 125 if(commandCode < TPM_CC_FIRST) commandCode = TPM_CC_FIRST; |
| 8515 | 126 |
| 8516 | 127 // Collect audit commands |
| 8517 | 128 for(i = commandCode; i <= TPM_CC_LAST; i++) |
| 8518 | 129 { |
| 8519 | 130 if(CommandAuditIsRequired(i)) |
| 8520 | 131 { |
| 8521 | 132 if(commandList->count < count) |
| 8522 | 133 { |
| 8523 | 134 // If we have not filled up the return list, add this command |
| 8524 | 135 // code to it |
| 8525 | 136 commandList->commandCodes[commandList->count] = i; |
| 8526 | 137 commandList->count++; |
| 8527 | 138 } |
| 8528 | 139 else |
| 8529 | 140 { |
| 8530 | 141 // If the return list is full but we still have command |
| 8531 | 142 // available, report this and stop iterating |
| 8532 | 143 more = YES; |
| 8533 | 144 break; |
| 8534 | 145 } |
| 8535 | 146 } |
| 8536 | 147 } |
| 8537 | 148 |
| 8538 | 149 return more; |
| 8539 | 150 |
| 8540 | 151 } |
| 8541 | |
| 8542 | |
| 8543 | 8.1.3.7 CommandAuditGetDigest |
| 8544 | |
| 8545 | This command is used to create a digest of the commands being audited. The commands are processed |
| 8546 | in ascending numeric order with a list of TPM_CC being added to a hash. This operates as if all the |
| 8547 | audited command codes were concatenated and then hashed. |
| 8548 | |
| 8549 | 152 void |
| 8550 | 153 CommandAuditGetDigest( |
| 8551 | 154 TPM2B_DIGEST *digest // OUT: command digest |
| 8552 | 155 ) |
| 8553 | 156 { |
| 8554 | |
| 8555 | Page 112 TCG Published Family "2.0" |
| 8556 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 8557 | Part 4: Supporting Routines Trusted Platform Module Library |
| 8558 | |
| 8559 | 157 TPM_CC i; |
| 8560 | 158 HASH_STATE hashState; |
| 8561 | 159 |
| 8562 | 160 // Start hash |
| 8563 | 161 digest->t.size = CryptStartHash(gp.auditHashAlg, &hashState); |
| 8564 | 162 |
| 8565 | 163 // Add command code |
| 8566 | 164 for(i = TPM_CC_FIRST; i <= TPM_CC_LAST; i++) |
| 8567 | 165 { |
| 8568 | 166 if(CommandAuditIsRequired(i)) |
| 8569 | 167 { |
| 8570 | 168 CryptUpdateDigestInt(&hashState, sizeof(i), &i); |
| 8571 | 169 } |
| 8572 | 170 } |
| 8573 | 171 |
| 8574 | 172 // Complete hash |
| 8575 | 173 CryptCompleteHash2B(&hashState, &digest->b); |
| 8576 | 174 |
| 8577 | 175 return; |
| 8578 | 176 } |
| 8579 | |
| 8580 | |
| 8581 | 8.2 DA.c |
| 8582 | |
| 8583 | 8.2.1 Introduction |
| 8584 | |
| 8585 | This file contains the functions and data definitions relating to the dictionary attack logic. |
| 8586 | |
| 8587 | 8.2.2 Includes and Data Definitions |
| 8588 | |
| 8589 | 1 #define DA_C |
| 8590 | 2 #include "InternalRoutines.h" |
| 8591 | |
| 8592 | |
| 8593 | 8.2.3 Functions |
| 8594 | |
| 8595 | 8.2.3.1 DAPreInstall_Init() |
| 8596 | |
| 8597 | This function initializes the DA parameters to their manufacturer-default values. The default values are |
| 8598 | determined by a platform-specific specification. |
| 8599 | This function should not be called outside of a manufacturing or simulation environment. |
| 8600 | The DA parameters will be restored to these initial values by TPM2_Clear(). |
| 8601 | |
| 8602 | 3 void |
| 8603 | 4 DAPreInstall_Init( |
| 8604 | 5 void |
| 8605 | 6 ) |
| 8606 | 7 { |
| 8607 | 8 gp.failedTries = 0; |
| 8608 | 9 gp.maxTries = 3; |
| 8609 | 10 gp.recoveryTime = 1000; // in seconds (~16.67 minutes) |
| 8610 | 11 gp.lockoutRecovery = 1000; // in seconds |
| 8611 | 12 gp.lockOutAuthEnabled = TRUE; // Use of lockoutAuth is enabled |
| 8612 | 13 |
| 8613 | 14 // Record persistent DA parameter changes to NV |
| 8614 | 15 NvWriteReserved(NV_FAILED_TRIES, &gp.failedTries); |
| 8615 | 16 NvWriteReserved(NV_MAX_TRIES, &gp.maxTries); |
| 8616 | 17 NvWriteReserved(NV_RECOVERY_TIME, &gp.recoveryTime); |
| 8617 | 18 NvWriteReserved(NV_LOCKOUT_RECOVERY, &gp.lockoutRecovery); |
| 8618 | 19 NvWriteReserved(NV_LOCKOUT_AUTH_ENABLED, &gp.lockOutAuthEnabled); |
| 8619 | 20 |
| 8620 | |
| 8621 | Family "2.0" TCG Published Page 113 |
| 8622 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 8623 | Trusted Platform Module Library Part 4: Supporting Routines |
| 8624 | |
| 8625 | 21 return; |
| 8626 | 22 } |
| 8627 | |
| 8628 | |
| 8629 | 8.2.3.2 DAStartup() |
| 8630 | |
| 8631 | This function is called by TPM2_Startup() to initialize the DA parameters. In the case of Startup(CLEAR), |
| 8632 | use of lockoutAuth will be enabled if the lockout recovery time is 0. Otherwise, lockoutAuth will not be |
| 8633 | enabled until the TPM has been continuously powered for the lockoutRecovery time. |
| 8634 | This function requires that NV be available and not rate limiting. |
| 8635 | |
| 8636 | 23 void |
| 8637 | 24 DAStartup( |
| 8638 | 25 STARTUP_TYPE type // IN: startup type |
| 8639 | 26 ) |
| 8640 | 27 { |
| 8641 | 28 // For TPM Reset, if lockoutRecovery is 0, enable use of lockoutAuth. |
| 8642 | 29 if(type == SU_RESET) |
| 8643 | 30 { |
| 8644 | 31 if(gp.lockoutRecovery == 0) |
| 8645 | 32 { |
| 8646 | 33 gp.lockOutAuthEnabled = TRUE; |
| 8647 | 34 // Record the changes to NV |
| 8648 | 35 NvWriteReserved(NV_LOCKOUT_AUTH_ENABLED, &gp.lockOutAuthEnabled); |
| 8649 | 36 } |
| 8650 | 37 } |
| 8651 | 38 |
| 8652 | 39 // If DA has not been disabled and the previous shutdown is not orderly |
| 8653 | 40 // failedTries is not already at its maximum then increment 'failedTries' |
| 8654 | 41 if( gp.recoveryTime != 0 |
| 8655 | 42 && g_prevOrderlyState == SHUTDOWN_NONE |
| 8656 | 43 && gp.failedTries < gp.maxTries) |
| 8657 | 44 { |
| 8658 | 45 gp.failedTries++; |
| 8659 | 46 // Record the change to NV |
| 8660 | 47 NvWriteReserved(NV_FAILED_TRIES, &gp.failedTries); |
| 8661 | 48 } |
| 8662 | 49 |
| 8663 | 50 // Reset self healing timers |
| 8664 | 51 s_selfHealTimer = g_time; |
| 8665 | 52 s_lockoutTimer = g_time; |
| 8666 | 53 |
| 8667 | 54 return; |
| 8668 | 55 } |
| 8669 | |
| 8670 | |
| 8671 | 8.2.3.3 DARegisterFailure() |
| 8672 | |
| 8673 | This function is called when a authorization failure occurs on an entity that is subject to dictionary-attack |
| 8674 | protection. When a DA failure is triggered, register the failure by resetting the relevant self-healing timer |
| 8675 | to the current time. |
| 8676 | |
| 8677 | 56 void |
| 8678 | 57 DARegisterFailure( |
| 8679 | 58 TPM_HANDLE handle // IN: handle for failure |
| 8680 | 59 ) |
| 8681 | 60 { |
| 8682 | 61 // Reset the timer associated with lockout if the handle is the lockout auth. |
| 8683 | 62 if(handle == TPM_RH_LOCKOUT) |
| 8684 | 63 s_lockoutTimer = g_time; |
| 8685 | 64 else |
| 8686 | 65 s_selfHealTimer = g_time; |
| 8687 | 66 |
| 8688 | |
| 8689 | |
| 8690 | Page 114 TCG Published Family "2.0" |
| 8691 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 8692 | Part 4: Supporting Routines Trusted Platform Module Library |
| 8693 | |
| 8694 | 67 return; |
| 8695 | 68 } |
| 8696 | |
| 8697 | |
| 8698 | 8.2.3.4 DASelfHeal() |
| 8699 | |
| 8700 | This function is called to check if sufficient time has passed to allow decrement of failedTries or to re- |
| 8701 | enable use of lockoutAuth. |
| 8702 | This function should be called when the time interval is updated. |
| 8703 | |
| 8704 | 69 void |
| 8705 | 70 DASelfHeal( |
| 8706 | 71 void |
| 8707 | 72 ) |
| 8708 | 73 { |
| 8709 | 74 // Regular auth self healing logic |
| 8710 | 75 // If no failed authorization tries, do nothing. Otherwise, try to |
| 8711 | 76 // decrease failedTries |
| 8712 | 77 if(gp.failedTries != 0) |
| 8713 | 78 { |
| 8714 | 79 // if recovery time is 0, DA logic has been disabled. Clear failed tries |
| 8715 | 80 // immediately |
| 8716 | 81 if(gp.recoveryTime == 0) |
| 8717 | 82 { |
| 8718 | 83 gp.failedTries = 0; |
| 8719 | 84 // Update NV record |
| 8720 | 85 NvWriteReserved(NV_FAILED_TRIES, &gp.failedTries); |
| 8721 | 86 } |
| 8722 | 87 else |
| 8723 | 88 { |
| 8724 | 89 UINT64 decreaseCount; |
| 8725 | 90 |
| 8726 | 91 // In the unlikely event that failedTries should become larger than |
| 8727 | 92 // maxTries |
| 8728 | 93 if(gp.failedTries > gp.maxTries) |
| 8729 | 94 gp.failedTries = gp.maxTries; |
| 8730 | 95 |
| 8731 | 96 // How much can failedTried be decreased |
| 8732 | 97 decreaseCount = ((g_time - s_selfHealTimer) / 1000) / gp.recoveryTime; |
| 8733 | 98 |
| 8734 | 99 if(gp.failedTries <= (UINT32) decreaseCount) |
| 8735 | 100 // should not set failedTries below zero |
| 8736 | 101 gp.failedTries = 0; |
| 8737 | 102 else |
| 8738 | 103 gp.failedTries -= (UINT32) decreaseCount; |
| 8739 | 104 |
| 8740 | 105 // the cast prevents overflow of the product |
| 8741 | 106 s_selfHealTimer += (decreaseCount * (UINT64)gp.recoveryTime) * 1000; |
| 8742 | 107 if(decreaseCount != 0) |
| 8743 | 108 // If there was a change to the failedTries, record the changes |
| 8744 | 109 // to NV |
| 8745 | 110 NvWriteReserved(NV_FAILED_TRIES, &gp.failedTries); |
| 8746 | 111 } |
| 8747 | 112 } |
| 8748 | 113 |
| 8749 | 114 // LockoutAuth self healing logic |
| 8750 | 115 // If lockoutAuth is enabled, do nothing. Otherwise, try to see if we |
| 8751 | 116 // may enable it |
| 8752 | 117 if(!gp.lockOutAuthEnabled) |
| 8753 | 118 { |
| 8754 | 119 // if lockout authorization recovery time is 0, a reboot is required to |
| 8755 | 120 // re-enable use of lockout authorization. Self-healing would not |
| 8756 | 121 // apply in this case. |
| 8757 | 122 if(gp.lockoutRecovery != 0) |
| 8758 | |
| 8759 | |
| 8760 | Family "2.0" TCG Published Page 115 |
| 8761 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 8762 | Trusted Platform Module Library Part 4: Supporting Routines |
| 8763 | |
| 8764 | 123 { |
| 8765 | 124 if(((g_time - s_lockoutTimer)/1000) >= gp.lockoutRecovery) |
| 8766 | 125 { |
| 8767 | 126 gp.lockOutAuthEnabled = TRUE; |
| 8768 | 127 // Record the changes to NV |
| 8769 | 128 NvWriteReserved(NV_LOCKOUT_AUTH_ENABLED, &gp.lockOutAuthEnabled); |
| 8770 | 129 } |
| 8771 | 130 } |
| 8772 | 131 } |
| 8773 | 132 |
| 8774 | 133 return; |
| 8775 | 134 } |
| 8776 | |
| 8777 | |
| 8778 | 8.3 Hierarchy.c |
| 8779 | |
| 8780 | 8.3.1 Introduction |
| 8781 | |
| 8782 | This file contains the functions used for managing and accessing the hierarchy-related values. |
| 8783 | |
| 8784 | 8.3.2 Includes |
| 8785 | |
| 8786 | 1 #include "InternalRoutines.h" |
| 8787 | |
| 8788 | |
| 8789 | 8.3.3 Functions |
| 8790 | |
| 8791 | 8.3.3.1 HierarchyPreInstall() |
| 8792 | |
| 8793 | This function performs the initialization functions for the hierarchy when the TPM is simulated. This |
| 8794 | function should not be called if the TPM is not in a manufacturing mode at the manufacturer, or in a |
| 8795 | simulated environment. |
| 8796 | |
| 8797 | 2 void |
| 8798 | 3 HierarchyPreInstall_Init( |
| 8799 | 4 void |
| 8800 | 5 ) |
| 8801 | 6 { |
| 8802 | 7 // Allow lockout clear command |
| 8803 | 8 gp.disableClear = FALSE; |
| 8804 | 9 |
| 8805 | 10 // Initialize Primary Seeds |
| 8806 | 11 gp.EPSeed.t.size = PRIMARY_SEED_SIZE; |
| 8807 | 12 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.EPSeed.t.buffer); |
| 8808 | 13 gp.SPSeed.t.size = PRIMARY_SEED_SIZE; |
| 8809 | 14 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer); |
| 8810 | 15 gp.PPSeed.t.size = PRIMARY_SEED_SIZE; |
| 8811 | 16 CryptGenerateRandom(PRIMARY_SEED_SIZE, gp.PPSeed.t.buffer); |
| 8812 | 17 |
| 8813 | 18 // Initialize owner, endorsement and lockout auth |
| 8814 | 19 gp.ownerAuth.t.size = 0; |
| 8815 | 20 gp.endorsementAuth.t.size = 0; |
| 8816 | 21 gp.lockoutAuth.t.size = 0; |
| 8817 | 22 |
| 8818 | 23 // Initialize owner, endorsement, and lockout policy |
| 8819 | 24 gp.ownerAlg = TPM_ALG_NULL; |
| 8820 | 25 gp.ownerPolicy.t.size = 0; |
| 8821 | 26 gp.endorsementAlg = TPM_ALG_NULL; |
| 8822 | 27 gp.endorsementPolicy.t.size = 0; |
| 8823 | 28 gp.lockoutAlg = TPM_ALG_NULL; |
| 8824 | 29 gp.lockoutPolicy.t.size = 0; |
| 8825 | 30 |
| 8826 | |
| 8827 | Page 116 TCG Published Family "2.0" |
| 8828 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 8829 | Part 4: Supporting Routines Trusted Platform Module Library |
| 8830 | |
| 8831 | 31 // Initialize ehProof, shProof and phProof |
| 8832 | 32 gp.phProof.t.size = PROOF_SIZE; |
| 8833 | 33 gp.shProof.t.size = PROOF_SIZE; |
| 8834 | 34 gp.ehProof.t.size = PROOF_SIZE; |
| 8835 | 35 CryptGenerateRandom(gp.phProof.t.size, gp.phProof.t.buffer); |
| 8836 | 36 CryptGenerateRandom(gp.shProof.t.size, gp.shProof.t.buffer); |
| 8837 | 37 CryptGenerateRandom(gp.ehProof.t.size, gp.ehProof.t.buffer); |
| 8838 | 38 |
| 8839 | 39 // Write hierarchy data to NV |
| 8840 | 40 NvWriteReserved(NV_DISABLE_CLEAR, &gp.disableClear); |
| 8841 | 41 NvWriteReserved(NV_EP_SEED, &gp.EPSeed); |
| 8842 | 42 NvWriteReserved(NV_SP_SEED, &gp.SPSeed); |
| 8843 | 43 NvWriteReserved(NV_PP_SEED, &gp.PPSeed); |
| 8844 | 44 NvWriteReserved(NV_OWNER_AUTH, &gp.ownerAuth); |
| 8845 | 45 NvWriteReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth); |
| 8846 | 46 NvWriteReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth); |
| 8847 | 47 NvWriteReserved(NV_OWNER_ALG, &gp.ownerAlg); |
| 8848 | 48 NvWriteReserved(NV_OWNER_POLICY, &gp.ownerPolicy); |
| 8849 | 49 NvWriteReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg); |
| 8850 | 50 NvWriteReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy); |
| 8851 | 51 NvWriteReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg); |
| 8852 | 52 NvWriteReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy); |
| 8853 | 53 NvWriteReserved(NV_PH_PROOF, &gp.phProof); |
| 8854 | 54 NvWriteReserved(NV_SH_PROOF, &gp.shProof); |
| 8855 | 55 NvWriteReserved(NV_EH_PROOF, &gp.ehProof); |
| 8856 | 56 |
| 8857 | 57 return; |
| 8858 | 58 } |
| 8859 | |
| 8860 | |
| 8861 | 8.3.3.2 HierarchyStartup() |
| 8862 | |
| 8863 | This function is called at TPM2_Startup() to initialize the hierarchy related values. |
| 8864 | |
| 8865 | 59 void |
| 8866 | 60 HierarchyStartup( |
| 8867 | 61 STARTUP_TYPE type // IN: start up type |
| 8868 | 62 ) |
| 8869 | 63 { |
| 8870 | 64 // phEnable is SET on any startup |
| 8871 | 65 g_phEnable = TRUE; |
| 8872 | 66 |
| 8873 | 67 // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and |
| 8874 | 68 // TPM_RESTART |
| 8875 | 69 if(type != SU_RESUME) |
| 8876 | 70 { |
| 8877 | 71 gc.platformAuth.t.size = 0; |
| 8878 | 72 gc.platformPolicy.t.size = 0; |
| 8879 | 73 |
| 8880 | 74 // enable the storage and endorsement hierarchies and the platformNV |
| 8881 | 75 gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE; |
| 8882 | 76 } |
| 8883 | 77 |
| 8884 | 78 // nullProof and nullSeed are updated at every TPM_RESET |
| 8885 | 79 if(type == SU_RESET) |
| 8886 | 80 { |
| 8887 | 81 gr.nullProof.t.size = PROOF_SIZE; |
| 8888 | 82 CryptGenerateRandom(gr.nullProof.t.size, |
| 8889 | 83 gr.nullProof.t.buffer); |
| 8890 | 84 gr.nullSeed.t.size = PRIMARY_SEED_SIZE; |
| 8891 | 85 CryptGenerateRandom(PRIMARY_SEED_SIZE, gr.nullSeed.t.buffer); |
| 8892 | 86 } |
| 8893 | 87 |
| 8894 | 88 return; |
| 8895 | 89 } |
| 8896 | |
| 8897 | |
| 8898 | Family "2.0" TCG Published Page 117 |
| 8899 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 8900 | Trusted Platform Module Library Part 4: Supporting Routines |
| 8901 | |
| 8902 | 8.3.3.3 HierarchyGetProof() |
| 8903 | |
| 8904 | This function finds the proof value associated with a hierarchy.It returns a pointer to the proof value. |
| 8905 | |
| 8906 | 90 TPM2B_AUTH * |
| 8907 | 91 HierarchyGetProof( |
| 8908 | 92 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant |
| 8909 | 93 ) |
| 8910 | 94 { |
| 8911 | 95 TPM2B_AUTH *auth = NULL; |
| 8912 | 96 |
| 8913 | 97 switch(hierarchy) |
| 8914 | 98 { |
| 8915 | 99 case TPM_RH_PLATFORM: |
| 8916 | 100 // phProof for TPM_RH_PLATFORM |
| 8917 | 101 auth = &gp.phProof; |
| 8918 | 102 break; |
| 8919 | 103 case TPM_RH_ENDORSEMENT: |
| 8920 | 104 // ehProof for TPM_RH_ENDORSEMENT |
| 8921 | 105 auth = &gp.ehProof; |
| 8922 | 106 break; |
| 8923 | 107 case TPM_RH_OWNER: |
| 8924 | 108 // shProof for TPM_RH_OWNER |
| 8925 | 109 auth = &gp.shProof; |
| 8926 | 110 break; |
| 8927 | 111 case TPM_RH_NULL: |
| 8928 | 112 // nullProof for TPM_RH_NULL |
| 8929 | 113 auth = &gr.nullProof; |
| 8930 | 114 break; |
| 8931 | 115 default: |
| 8932 | 116 pAssert(FALSE); |
| 8933 | 117 break; |
| 8934 | 118 } |
| 8935 | 119 return auth; |
| 8936 | 120 |
| 8937 | 121 } |
| 8938 | |
| 8939 | |
| 8940 | 8.3.3.4 HierarchyGetPrimarySeed() |
| 8941 | |
| 8942 | This function returns the primary seed of a hierarchy. |
| 8943 | |
| 8944 | 122 TPM2B_SEED * |
| 8945 | 123 HierarchyGetPrimarySeed( |
| 8946 | 124 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy |
| 8947 | 125 ) |
| 8948 | 126 { |
| 8949 | 127 TPM2B_SEED *seed = NULL; |
| 8950 | 128 switch(hierarchy) |
| 8951 | 129 { |
| 8952 | 130 case TPM_RH_PLATFORM: |
| 8953 | 131 seed = &gp.PPSeed; |
| 8954 | 132 break; |
| 8955 | 133 case TPM_RH_OWNER: |
| 8956 | 134 seed = &gp.SPSeed; |
| 8957 | 135 break; |
| 8958 | 136 case TPM_RH_ENDORSEMENT: |
| 8959 | 137 seed = &gp.EPSeed; |
| 8960 | 138 break; |
| 8961 | 139 case TPM_RH_NULL: |
| 8962 | 140 return &gr.nullSeed; |
| 8963 | 141 default: |
| 8964 | 142 pAssert(FALSE); |
| 8965 | 143 break; |
| 8966 | 144 } |
| 8967 | |
| 8968 | Page 118 TCG Published Family "2.0" |
| 8969 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 8970 | Part 4: Supporting Routines Trusted Platform Module Library |
| 8971 | |
| 8972 | 145 return seed; |
| 8973 | 146 } |
| 8974 | |
| 8975 | |
| 8976 | 8.3.3.5 HierarchyIsEnabled() |
| 8977 | |
| 8978 | This function checks to see if a hierarchy is enabled. |
| 8979 | |
| 8980 | NOTE: The TPM_RH_NULL hierarchy is always enabled. |
| 8981 | |
| 8982 | |
| 8983 | Return Value Meaning |
| 8984 | |
| 8985 | TRUE hierarchy is enabled |
| 8986 | FALSE hierarchy is disabled |
| 8987 | |
| 8988 | 147 BOOL |
| 8989 | 148 HierarchyIsEnabled( |
| 8990 | 149 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy |
| 8991 | 150 ) |
| 8992 | 151 { |
| 8993 | 152 BOOL enabled = FALSE; |
| 8994 | 153 |
| 8995 | 154 switch(hierarchy) |
| 8996 | 155 { |
| 8997 | 156 case TPM_RH_PLATFORM: |
| 8998 | 157 enabled = g_phEnable; |
| 8999 | 158 break; |
| 9000 | 159 case TPM_RH_OWNER: |
| 9001 | 160 enabled = gc.shEnable; |
| 9002 | 161 break; |
| 9003 | 162 case TPM_RH_ENDORSEMENT: |
| 9004 | 163 enabled = gc.ehEnable; |
| 9005 | 164 break; |
| 9006 | 165 case TPM_RH_NULL: |
| 9007 | 166 enabled = TRUE; |
| 9008 | 167 break; |
| 9009 | 168 default: |
| 9010 | 169 pAssert(FALSE); |
| 9011 | 170 break; |
| 9012 | 171 } |
| 9013 | 172 return enabled; |
| 9014 | 173 } |
| 9015 | |
| 9016 | |
| 9017 | 8.4 NV.c |
| 9018 | |
| 9019 | 8.4.1 Introduction |
| 9020 | |
| 9021 | The NV memory is divided into two area: dynamic space for user defined NV Indices and evict objects, |
| 9022 | and reserved space for TPM persistent and state save data. |
| 9023 | |
| 9024 | 8.4.2 Includes, Defines and Data Definitions |
| 9025 | |
| 9026 | 1 #define NV_C |
| 9027 | 2 #include "InternalRoutines.h" |
| 9028 | 3 #include <Platform.h> |
| 9029 | |
| 9030 | NV Index/evict object iterator value |
| 9031 | |
| 9032 | 4 typedef UINT32 NV_ITER; // type of a NV iterator |
| 9033 | 5 #define NV_ITER_INIT 0xFFFFFFFF // initial value to start an |
| 9034 | |
| 9035 | Family "2.0" TCG Published Page 119 |
| 9036 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 9037 | Trusted Platform Module Library Part 4: Supporting Routines |
| 9038 | |
| 9039 | 6 // iterator |
| 9040 | |
| 9041 | |
| 9042 | 8.4.3 NV Utility Functions |
| 9043 | |
| 9044 | 8.4.3.1 NvCheckState() |
| 9045 | |
| 9046 | Function to check the NV state by accessing the platform-specific function to get the NV state. The result |
| 9047 | state is registered in s_NvIsAvailable that will be reported by NvIsAvailable(). |
| 9048 | This function is called at the beginning of ExecuteCommand() before any potential call to NvIsAvailable(). |
| 9049 | |
| 9050 | 7 void |
| 9051 | 8 NvCheckState(void) |
| 9052 | 9 { |
| 9053 | 10 int func_return; |
| 9054 | 11 |
| 9055 | 12 func_return = _plat__IsNvAvailable(); |
| 9056 | 13 if(func_return == 0) |
| 9057 | 14 { |
| 9058 | 15 s_NvStatus = TPM_RC_SUCCESS; |
| 9059 | 16 } |
| 9060 | 17 else if(func_return == 1) |
| 9061 | 18 { |
| 9062 | 19 s_NvStatus = TPM_RC_NV_UNAVAILABLE; |
| 9063 | 20 } |
| 9064 | 21 else |
| 9065 | 22 { |
| 9066 | 23 s_NvStatus = TPM_RC_NV_RATE; |
| 9067 | 24 } |
| 9068 | 25 |
| 9069 | 26 return; |
| 9070 | 27 } |
| 9071 | |
| 9072 | |
| 9073 | 8.4.3.2 NvIsAvailable() |
| 9074 | |
| 9075 | This function returns the NV availability parameter. |
| 9076 | |
| 9077 | Error Returns Meaning |
| 9078 | |
| 9079 | TPM_RC_SUCCESS NV is available |
| 9080 | TPM_RC_NV_RATE NV is unavailable because of rate limit |
| 9081 | TPM_RC_NV_UNAVAILABLE NV is inaccessible |
| 9082 | |
| 9083 | 28 TPM_RC |
| 9084 | 29 NvIsAvailable( |
| 9085 | 30 void |
| 9086 | 31 ) |
| 9087 | 32 { |
| 9088 | 33 return s_NvStatus; |
| 9089 | 34 } |
| 9090 | |
| 9091 | |
| 9092 | 8.4.3.3 NvCommit |
| 9093 | |
| 9094 | This is a wrapper for the platform function to commit pending NV writes. |
| 9095 | |
| 9096 | 35 BOOL |
| 9097 | 36 NvCommit( |
| 9098 | 37 void |
| 9099 | 38 ) |
| 9100 | |
| 9101 | Page 120 TCG Published Family "2.0" |
| 9102 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 9103 | Part 4: Supporting Routines Trusted Platform Module Library |
| 9104 | |
| 9105 | 39 { |
| 9106 | 40 BOOL success = (_plat__NvCommit() == 0); |
| 9107 | 41 return success; |
| 9108 | 42 } |
| 9109 | |
| 9110 | |
| 9111 | 8.4.3.4 NvReadMaxCount() |
| 9112 | |
| 9113 | This function returns the max NV counter value. |
| 9114 | |
| 9115 | 43 static UINT64 |
| 9116 | 44 NvReadMaxCount( |
| 9117 | 45 void |
| 9118 | 46 ) |
| 9119 | 47 { |
| 9120 | 48 UINT64 countValue; |
| 9121 | 49 _plat__NvMemoryRead(s_maxCountAddr, sizeof(UINT64), &countValue); |
| 9122 | 50 return countValue; |
| 9123 | 51 } |
| 9124 | |
| 9125 | |
| 9126 | 8.4.3.5 NvWriteMaxCount() |
| 9127 | |
| 9128 | This function updates the max counter value to NV memory. |
| 9129 | |
| 9130 | 52 static void |
| 9131 | 53 NvWriteMaxCount( |
| 9132 | 54 UINT64 maxCount |
| 9133 | 55 ) |
| 9134 | 56 { |
| 9135 | 57 _plat__NvMemoryWrite(s_maxCountAddr, sizeof(UINT64), &maxCount); |
| 9136 | 58 return; |
| 9137 | 59 } |
| 9138 | |
| 9139 | |
| 9140 | 8.4.4 NV Index and Persistent Object Access Functions |
| 9141 | |
| 9142 | 8.4.4.1 Introduction |
| 9143 | |
| 9144 | These functions are used to access an NV Index and persistent object memory. In this implementation, |
| 9145 | the memory is simulated with RAM. The data in dynamic area is organized as a linked list, starting from |
| 9146 | address s_evictNvStart. The first 4 bytes of a node in this link list is the offset of next node, followed by |
| 9147 | the data entry. A 0-valued offset value indicates the end of the list. If the data entry area of the last node |
| 9148 | happens to reach the end of the dynamic area without space left for an additional 4 byte end marker, the |
| 9149 | end address, s_evictNvEnd, should serve as the mark of list end |
| 9150 | |
| 9151 | 8.4.4.2 NvNext() |
| 9152 | |
| 9153 | This function provides a method to traverse every data entry in NV dynamic area. |
| 9154 | To begin with, parameter iter should be initialized to NV_ITER_INIT indicating the first element. Every |
| 9155 | time this function is called, the value in iter would be adjusted pointing to the next element in traversal. If |
| 9156 | there is no next element, iter value would be 0. This function returns the address of the 'data entry' |
| 9157 | pointed by the iter. If there is no more element in the set, a 0 value is returned indicating the end of |
| 9158 | traversal. |
| 9159 | |
| 9160 | 60 static UINT32 |
| 9161 | 61 NvNext( |
| 9162 | 62 NV_ITER *iter |
| 9163 | 63 ) |
| 9164 | 64 { |
| 9165 | |
| 9166 | Family "2.0" TCG Published Page 121 |
| 9167 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 9168 | Trusted Platform Module Library Part 4: Supporting Routines |
| 9169 | |
| 9170 | 65 NV_ITER currentIter; |
| 9171 | 66 |
| 9172 | 67 // If iterator is at the beginning of list |
| 9173 | 68 if(*iter == NV_ITER_INIT) |
| 9174 | 69 { |
| 9175 | 70 // Initialize iterator |
| 9176 | 71 *iter = s_evictNvStart; |
| 9177 | 72 } |
| 9178 | 73 |
| 9179 | 74 // If iterator reaches the end of NV space, or iterator indicates list end |
| 9180 | 75 if(*iter + sizeof(UINT32) > s_evictNvEnd || *iter == 0) |
| 9181 | 76 return 0; |
| 9182 | 77 |
| 9183 | 78 // Save the current iter offset |
| 9184 | 79 currentIter = *iter; |
| 9185 | 80 |
| 9186 | 81 // Adjust iter pointer pointing to next entity |
| 9187 | 82 // Read pointer value |
| 9188 | 83 _plat__NvMemoryRead(*iter, sizeof(UINT32), iter); |
| 9189 | 84 |
| 9190 | 85 if(*iter == 0) return 0; |
| 9191 | 86 |
| 9192 | 87 return currentIter + sizeof(UINT32); // entity stores after the pointer |
| 9193 | 88 } |
| 9194 | |
| 9195 | |
| 9196 | 8.4.4.3 NvGetEnd() |
| 9197 | |
| 9198 | Function to find the end of the NV dynamic data list |
| 9199 | |
| 9200 | 89 static UINT32 |
| 9201 | 90 NvGetEnd( |
| 9202 | 91 void |
| 9203 | 92 ) |
| 9204 | 93 { |
| 9205 | 94 NV_ITER iter = NV_ITER_INIT; |
| 9206 | 95 UINT32 endAddr = s_evictNvStart; |
| 9207 | 96 UINT32 currentAddr; |
| 9208 | 97 |
| 9209 | 98 while((currentAddr = NvNext(&iter)) != 0) |
| 9210 | 99 endAddr = currentAddr; |
| 9211 | 100 |
| 9212 | 101 if(endAddr != s_evictNvStart) |
| 9213 | 102 { |
| 9214 | 103 // Read offset |
| 9215 | 104 endAddr -= sizeof(UINT32); |
| 9216 | 105 _plat__NvMemoryRead(endAddr, sizeof(UINT32), &endAddr); |
| 9217 | 106 } |
| 9218 | 107 |
| 9219 | 108 return endAddr; |
| 9220 | 109 } |
| 9221 | |
| 9222 | |
| 9223 | 8.4.4.4 NvGetFreeByte |
| 9224 | |
| 9225 | This function returns the number of free octets in NV space. |
| 9226 | |
| 9227 | 110 static UINT32 |
| 9228 | 111 NvGetFreeByte( |
| 9229 | 112 void |
| 9230 | 113 ) |
| 9231 | 114 { |
| 9232 | 115 return s_evictNvEnd - NvGetEnd(); |
| 9233 | 116 } |
| 9234 | |
| 9235 | |
| 9236 | Page 122 TCG Published Family "2.0" |
| 9237 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 9238 | Part 4: Supporting Routines Trusted Platform Module Library |
| 9239 | |
| 9240 | 8.4.4.5 NvGetEvictObjectSize |
| 9241 | |
| 9242 | This function returns the size of an evict object in NV space |
| 9243 | |
| 9244 | 117 static UINT32 |
| 9245 | 118 NvGetEvictObjectSize( |
| 9246 | 119 void |
| 9247 | 120 ) |
| 9248 | 121 { |
| 9249 | 122 return sizeof(TPM_HANDLE) + sizeof(OBJECT) + sizeof(UINT32); |
| 9250 | 123 } |
| 9251 | |
| 9252 | |
| 9253 | 8.4.4.6 NvGetCounterSize |
| 9254 | |
| 9255 | This function returns the size of a counter index in NV space. |
| 9256 | |
| 9257 | 124 static UINT32 |
| 9258 | 125 NvGetCounterSize( |
| 9259 | 126 void |
| 9260 | 127 ) |
| 9261 | 128 { |
| 9262 | 129 // It takes an offset field, a handle and the sizeof(NV_INDEX) and |
| 9263 | 130 // sizeof(UINT64) for counter data |
| 9264 | 131 return sizeof(TPM_HANDLE) + sizeof(NV_INDEX) + sizeof(UINT64) + sizeof(UINT32); |
| 9265 | 132 } |
| 9266 | |
| 9267 | |
| 9268 | 8.4.4.7 NvTestSpace() |
| 9269 | |
| 9270 | This function will test if there is enough space to add a new entity. |
| 9271 | |
| 9272 | Return Value Meaning |
| 9273 | |
| 9274 | TRUE space available |
| 9275 | FALSE no enough space |
| 9276 | |
| 9277 | 133 static BOOL |
| 9278 | 134 NvTestSpace( |
| 9279 | 135 UINT32 size, // IN: size of the entity to be added |
| 9280 | 136 BOOL isIndex // IN: TRUE if the entity is an index |
| 9281 | 137 ) |
| 9282 | 138 { |
| 9283 | 139 UINT32 remainByte = NvGetFreeByte(); |
| 9284 | 140 |
| 9285 | 141 // For NV Index, need to make sure that we do not allocate and Index if this |
| 9286 | 142 // would mean that the TPM cannot allocate the minimum number of evict |
| 9287 | 143 // objects. |
| 9288 | 144 if(isIndex) |
| 9289 | 145 { |
| 9290 | 146 // Get the number of persistent objects allocated |
| 9291 | 147 UINT32 persistentNum = NvCapGetPersistentNumber(); |
| 9292 | 148 |
| 9293 | 149 // If we have not allocated the requisite number of evict objects, then we |
| 9294 | 150 // need to reserve space for them. |
| 9295 | 151 // NOTE: some of this is not written as simply as it might seem because |
| 9296 | 152 // the values are all unsigned and subtracting needs to be done carefully |
| 9297 | 153 // so that an underflow doesn't cause problems. |
| 9298 | 154 if(persistentNum < MIN_EVICT_OBJECTS) |
| 9299 | 155 { |
| 9300 | 156 UINT32 needed = (MIN_EVICT_OBJECTS - persistentNum) |
| 9301 | 157 * NvGetEvictObjectSize(); |
| 9302 | 158 if(needed > remainByte) |
| 9303 | |
| 9304 | Family "2.0" TCG Published Page 123 |
| 9305 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 9306 | Trusted Platform Module Library Part 4: Supporting Routines |
| 9307 | |
| 9308 | 159 remainByte = 0; |
| 9309 | 160 else |
| 9310 | 161 remainByte -= needed; |
| 9311 | 162 } |
| 9312 | 163 // if the requisite number of evict objects have been allocated then |
| 9313 | 164 // no need to reserve additional space |
| 9314 | 165 } |
| 9315 | 166 // This checks for the size of the value being added plus the index value. |
| 9316 | 167 // NOTE: This does not check to see if the end marker can be placed in |
| 9317 | 168 // memory because the end marker will not be written if it will not fit. |
| 9318 | 169 return (size + sizeof(UINT32) <= remainByte); |
| 9319 | 170 } |
| 9320 | |
| 9321 | |
| 9322 | 8.4.4.8 NvAdd() |
| 9323 | |
| 9324 | This function adds a new entity to NV. |
| 9325 | This function requires that there is enough space to add a new entity (i.e., that NvTestSpace() has been |
| 9326 | called and the available space is at least as large as the required space). |
| 9327 | |
| 9328 | 171 static void |
| 9329 | 172 NvAdd( |
| 9330 | 173 UINT32 totalSize, // IN: total size needed for this entity For |
| 9331 | 174 // evict object, totalSize is the same as |
| 9332 | 175 // bufferSize. For NV Index, totalSize is |
| 9333 | 176 // bufferSize plus index data size |
| 9334 | 177 UINT32 bufferSize, // IN: size of initial buffer |
| 9335 | 178 BYTE *entity // IN: initial buffer |
| 9336 | 179 ) |
| 9337 | 180 { |
| 9338 | 181 UINT32 endAddr; |
| 9339 | 182 UINT32 nextAddr; |
| 9340 | 183 UINT32 listEnd = 0; |
| 9341 | 184 |
| 9342 | 185 // Get the end of data list |
| 9343 | 186 endAddr = NvGetEnd(); |
| 9344 | 187 |
| 9345 | 188 // Calculate the value of next pointer, which is the size of a pointer + |
| 9346 | 189 // the entity data size |
| 9347 | 190 nextAddr = endAddr + sizeof(UINT32) + totalSize; |
| 9348 | 191 |
| 9349 | 192 // Write next pointer |
| 9350 | 193 _plat__NvMemoryWrite(endAddr, sizeof(UINT32), &nextAddr); |
| 9351 | 194 |
| 9352 | 195 // Write entity data |
| 9353 | 196 _plat__NvMemoryWrite(endAddr + sizeof(UINT32), bufferSize, entity); |
| 9354 | 197 |
| 9355 | 198 // Write the end of list if it is not going to exceed the NV space |
| 9356 | 199 if(nextAddr + sizeof(UINT32) <= s_evictNvEnd) |
| 9357 | 200 _plat__NvMemoryWrite(nextAddr, sizeof(UINT32), &listEnd); |
| 9358 | 201 |
| 9359 | 202 // Set the flag so that NV changes are committed before the command completes. |
| 9360 | 203 g_updateNV = TRUE; |
| 9361 | 204 } |
| 9362 | |
| 9363 | |
| 9364 | 8.4.4.9 NvDelete() |
| 9365 | |
| 9366 | This function is used to delete an NV Index or persistent object from NV memory. |
| 9367 | |
| 9368 | 205 static void |
| 9369 | 206 NvDelete( |
| 9370 | 207 UINT32 entityAddr // IN: address of entity to be deleted |
| 9371 | 208 ) |
| 9372 | |
| 9373 | Page 124 TCG Published Family "2.0" |
| 9374 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 9375 | Part 4: Supporting Routines Trusted Platform Module Library |
| 9376 | |
| 9377 | 209 { |
| 9378 | 210 UINT32 next; |
| 9379 | 211 UINT32 entrySize; |
| 9380 | 212 UINT32 entryAddr = entityAddr - sizeof(UINT32); |
| 9381 | 213 UINT32 listEnd = 0; |
| 9382 | 214 |
| 9383 | 215 // Get the offset of the next entry. |
| 9384 | 216 _plat__NvMemoryRead(entryAddr, sizeof(UINT32), &next); |
| 9385 | 217 |
| 9386 | 218 // The size of this entry is the difference between the current entry and the |
| 9387 | 219 // next entry. |
| 9388 | 220 entrySize = next - entryAddr; |
| 9389 | 221 |
| 9390 | 222 // Move each entry after the current one to fill the freed space. |
| 9391 | 223 // Stop when we have reached the end of all the indexes. There are two |
| 9392 | 224 // ways to detect the end of the list. The first is to notice that there |
| 9393 | 225 // is no room for anything else because we are at the end of NV. The other |
| 9394 | 226 // indication is that we find an end marker. |
| 9395 | 227 |
| 9396 | 228 // The loop condition checks for the end of NV. |
| 9397 | 229 while(next + sizeof(UINT32) <= s_evictNvEnd) |
| 9398 | 230 { |
| 9399 | 231 UINT32 size, oldAddr, newAddr; |
| 9400 | 232 |
| 9401 | 233 // Now check for the end marker |
| 9402 | 234 _plat__NvMemoryRead(next, sizeof(UINT32), &oldAddr); |
| 9403 | 235 if(oldAddr == 0) |
| 9404 | 236 break; |
| 9405 | 237 |
| 9406 | 238 size = oldAddr - next; |
| 9407 | 239 |
| 9408 | 240 // Move entry |
| 9409 | 241 _plat__NvMemoryMove(next, next - entrySize, size); |
| 9410 | 242 |
| 9411 | 243 // Update forward link |
| 9412 | 244 newAddr = oldAddr - entrySize; |
| 9413 | 245 _plat__NvMemoryWrite(next - entrySize, sizeof(UINT32), &newAddr); |
| 9414 | 246 next = oldAddr; |
| 9415 | 247 } |
| 9416 | 248 // Mark the end of list |
| 9417 | 249 _plat__NvMemoryWrite(next - entrySize, sizeof(UINT32), &listEnd); |
| 9418 | 250 |
| 9419 | 251 // Set the flag so that NV changes are committed before the command completes. |
| 9420 | 252 g_updateNV = TRUE; |
| 9421 | 253 } |
| 9422 | |
| 9423 | |
| 9424 | 8.4.5 RAM-based NV Index Data Access Functions |
| 9425 | |
| 9426 | 8.4.5.1 Introduction |
| 9427 | |
| 9428 | The data layout in ram buffer is {size of(NV_handle() + data), NV_handle(), data} for each NV Index data |
| 9429 | stored in RAM. |
| 9430 | NV storage is updated when a NV Index is added or deleted. We do NOT updated NV storage when the |
| 9431 | data is updated/ |
| 9432 | |
| 9433 | 8.4.5.2 NvTestRAMSpace() |
| 9434 | |
| 9435 | This function indicates if there is enough RAM space to add a data for a new NV Index. |
| 9436 | |
| 9437 | |
| 9438 | |
| 9439 | |
| 9440 | Family "2.0" TCG Published Page 125 |
| 9441 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 9442 | Trusted Platform Module Library Part 4: Supporting Routines |
| 9443 | |
| 9444 | |
| 9445 | Return Value Meaning |
| 9446 | |
| 9447 | TRUE space available |
| 9448 | FALSE no enough space |
| 9449 | |
| 9450 | 254 static BOOL |
| 9451 | 255 NvTestRAMSpace( |
| 9452 | 256 UINT32 size // IN: size of the data to be added to RAM |
| 9453 | 257 ) |
| 9454 | 258 { |
| 9455 | 259 BOOL success = ( s_ramIndexSize |
| 9456 | 260 + size |
| 9457 | 261 + sizeof(TPM_HANDLE) + sizeof(UINT32) |
| 9458 | 262 <= RAM_INDEX_SPACE); |
| 9459 | 263 return success; |
| 9460 | 264 } |
| 9461 | |
| 9462 | |
| 9463 | 8.4.5.3 NvGetRamIndexOffset |
| 9464 | |
| 9465 | This function returns the offset of NV data in the RAM buffer |
| 9466 | This function requires that NV Index is in RAM. That is, the index must be known to exist. |
| 9467 | |
| 9468 | 265 static UINT32 |
| 9469 | 266 NvGetRAMIndexOffset( |
| 9470 | 267 TPMI_RH_NV_INDEX handle // IN: NV handle |
| 9471 | 268 ) |
| 9472 | 269 { |
| 9473 | 270 UINT32 currAddr = 0; |
| 9474 | 271 |
| 9475 | 272 while(currAddr < s_ramIndexSize) |
| 9476 | 273 { |
| 9477 | 274 TPMI_RH_NV_INDEX currHandle; |
| 9478 | 275 UINT32 currSize; |
| 9479 | 276 currHandle = * (TPM_HANDLE *) &s_ramIndex[currAddr + sizeof(UINT32)]; |
| 9480 | 277 |
| 9481 | 278 // Found a match |
| 9482 | 279 if(currHandle == handle) |
| 9483 | 280 |
| 9484 | 281 // data buffer follows the handle and size field |
| 9485 | 282 break; |
| 9486 | 283 |
| 9487 | 284 currSize = * (UINT32 *) &s_ramIndex[currAddr]; |
| 9488 | 285 currAddr += sizeof(UINT32) + currSize; |
| 9489 | 286 } |
| 9490 | 287 |
| 9491 | 288 // We assume the index data is existing in RAM space |
| 9492 | 289 pAssert(currAddr < s_ramIndexSize); |
| 9493 | 290 return currAddr + sizeof(TPMI_RH_NV_INDEX) + sizeof(UINT32); |
| 9494 | 291 } |
| 9495 | |
| 9496 | |
| 9497 | 8.4.5.4 NvAddRAM() |
| 9498 | |
| 9499 | This function adds a new data area to RAM. |
| 9500 | This function requires that enough free RAM space is available to add the new data. |
| 9501 | |
| 9502 | 292 static void |
| 9503 | 293 NvAddRAM( |
| 9504 | 294 TPMI_RH_NV_INDEX handle, // IN: NV handle |
| 9505 | 295 UINT32 size // IN: size of data |
| 9506 | 296 ) |
| 9507 | |
| 9508 | Page 126 TCG Published Family "2.0" |
| 9509 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 9510 | Part 4: Supporting Routines Trusted Platform Module Library |
| 9511 | |
| 9512 | 297 { |
| 9513 | 298 // Add data space at the end of reserved RAM buffer |
| 9514 | 299 * (UINT32 *) &s_ramIndex[s_ramIndexSize] = size + sizeof(TPMI_RH_NV_INDEX); |
| 9515 | 300 * (TPMI_RH_NV_INDEX *) &s_ramIndex[s_ramIndexSize + sizeof(UINT32)] = handle; |
| 9516 | 301 s_ramIndexSize += sizeof(UINT32) + sizeof(TPMI_RH_NV_INDEX) + size; |
| 9517 | 302 |
| 9518 | 303 pAssert(s_ramIndexSize <= RAM_INDEX_SPACE); |
| 9519 | 304 |
| 9520 | 305 // Update NV version of s_ramIndexSize |
| 9521 | 306 _plat__NvMemoryWrite(s_ramIndexSizeAddr, sizeof(UINT32), &s_ramIndexSize); |
| 9522 | 307 |
| 9523 | 308 // Write reserved RAM space to NV to reflect the newly added NV Index |
| 9524 | 309 _plat__NvMemoryWrite(s_ramIndexAddr, RAM_INDEX_SPACE, s_ramIndex); |
| 9525 | 310 |
| 9526 | 311 return; |
| 9527 | 312 } |
| 9528 | |
| 9529 | |
| 9530 | 8.4.5.5 NvDeleteRAM() |
| 9531 | |
| 9532 | This function is used to delete a RAM-backed NV Index data area. |
| 9533 | This function assumes the data of NV Index exists in RAM |
| 9534 | |
| 9535 | 313 static void |
| 9536 | 314 NvDeleteRAM( |
| 9537 | 315 TPMI_RH_NV_INDEX handle // IN: NV handle |
| 9538 | 316 ) |
| 9539 | 317 { |
| 9540 | 318 UINT32 nodeOffset; |
| 9541 | 319 UINT32 nextNode; |
| 9542 | 320 UINT32 size; |
| 9543 | 321 |
| 9544 | 322 nodeOffset = NvGetRAMIndexOffset(handle); |
| 9545 | 323 |
| 9546 | 324 // Move the pointer back to get the size field of this node |
| 9547 | 325 nodeOffset -= sizeof(UINT32) + sizeof(TPMI_RH_NV_INDEX); |
| 9548 | 326 |
| 9549 | 327 // Get node size |
| 9550 | 328 size = * (UINT32 *) &s_ramIndex[nodeOffset]; |
| 9551 | 329 |
| 9552 | 330 // Get the offset of next node |
| 9553 | 331 nextNode = nodeOffset + sizeof(UINT32) + size; |
| 9554 | 332 |
| 9555 | 333 // Move data |
| 9556 | 334 MemoryMove(s_ramIndex + nodeOffset, s_ramIndex + nextNode, |
| 9557 | 335 s_ramIndexSize - nextNode, s_ramIndexSize - nextNode); |
| 9558 | 336 |
| 9559 | 337 // Update RAM size |
| 9560 | 338 s_ramIndexSize -= size + sizeof(UINT32); |
| 9561 | 339 |
| 9562 | 340 // Update NV version of s_ramIndexSize |
| 9563 | 341 _plat__NvMemoryWrite(s_ramIndexSizeAddr, sizeof(UINT32), &s_ramIndexSize); |
| 9564 | 342 |
| 9565 | 343 // Write reserved RAM space to NV to reflect the newly delete NV Index |
| 9566 | 344 _plat__NvMemoryWrite(s_ramIndexAddr, RAM_INDEX_SPACE, s_ramIndex); |
| 9567 | 345 |
| 9568 | 346 return; |
| 9569 | 347 } |
| 9570 | |
| 9571 | |
| 9572 | |
| 9573 | |
| 9574 | Family "2.0" TCG Published Page 127 |
| 9575 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 9576 | Trusted Platform Module Library Part 4: Supporting Routines |
| 9577 | |
| 9578 | 8.4.6 Utility Functions |
| 9579 | |
| 9580 | 8.4.6.1 NvInitStatic() |
| 9581 | |
| 9582 | This function initializes the static variables used in the NV subsystem. |
| 9583 | |
| 9584 | 348 static void |
| 9585 | 349 NvInitStatic( |
| 9586 | 350 void |
| 9587 | 351 ) |
| 9588 | 352 { |
| 9589 | 353 UINT16 i; |
| 9590 | 354 UINT32 reservedAddr; |
| 9591 | 355 |
| 9592 | 356 s_reservedSize[NV_DISABLE_CLEAR] = sizeof(gp.disableClear); |
| 9593 | 357 s_reservedSize[NV_OWNER_ALG] = sizeof(gp.ownerAlg); |
| 9594 | 358 s_reservedSize[NV_ENDORSEMENT_ALG] = sizeof(gp.endorsementAlg); |
| 9595 | 359 s_reservedSize[NV_LOCKOUT_ALG] = sizeof(gp.lockoutAlg); |
| 9596 | 360 s_reservedSize[NV_OWNER_POLICY] = sizeof(gp.ownerPolicy); |
| 9597 | 361 s_reservedSize[NV_ENDORSEMENT_POLICY] = sizeof(gp.endorsementPolicy); |
| 9598 | 362 s_reservedSize[NV_LOCKOUT_POLICY] = sizeof(gp.lockoutPolicy); |
| 9599 | 363 s_reservedSize[NV_OWNER_AUTH] = sizeof(gp.ownerAuth); |
| 9600 | 364 s_reservedSize[NV_ENDORSEMENT_AUTH] = sizeof(gp.endorsementAuth); |
| 9601 | 365 s_reservedSize[NV_LOCKOUT_AUTH] = sizeof(gp.lockoutAuth); |
| 9602 | 366 s_reservedSize[NV_EP_SEED] = sizeof(gp.EPSeed); |
| 9603 | 367 s_reservedSize[NV_SP_SEED] = sizeof(gp.SPSeed); |
| 9604 | 368 s_reservedSize[NV_PP_SEED] = sizeof(gp.PPSeed); |
| 9605 | 369 s_reservedSize[NV_PH_PROOF] = sizeof(gp.phProof); |
| 9606 | 370 s_reservedSize[NV_SH_PROOF] = sizeof(gp.shProof); |
| 9607 | 371 s_reservedSize[NV_EH_PROOF] = sizeof(gp.ehProof); |
| 9608 | 372 s_reservedSize[NV_TOTAL_RESET_COUNT] = sizeof(gp.totalResetCount); |
| 9609 | 373 s_reservedSize[NV_RESET_COUNT] = sizeof(gp.resetCount); |
| 9610 | 374 s_reservedSize[NV_PCR_POLICIES] = sizeof(gp.pcrPolicies); |
| 9611 | 375 s_reservedSize[NV_PCR_ALLOCATED] = sizeof(gp.pcrAllocated); |
| 9612 | 376 s_reservedSize[NV_PP_LIST] = sizeof(gp.ppList); |
| 9613 | 377 s_reservedSize[NV_FAILED_TRIES] = sizeof(gp.failedTries); |
| 9614 | 378 s_reservedSize[NV_MAX_TRIES] = sizeof(gp.maxTries); |
| 9615 | 379 s_reservedSize[NV_RECOVERY_TIME] = sizeof(gp.recoveryTime); |
| 9616 | 380 s_reservedSize[NV_LOCKOUT_RECOVERY] = sizeof(gp.lockoutRecovery); |
| 9617 | 381 s_reservedSize[NV_LOCKOUT_AUTH_ENABLED] = sizeof(gp.lockOutAuthEnabled); |
| 9618 | 382 s_reservedSize[NV_ORDERLY] = sizeof(gp.orderlyState); |
| 9619 | 383 s_reservedSize[NV_AUDIT_COMMANDS] = sizeof(gp.auditComands); |
| 9620 | 384 s_reservedSize[NV_AUDIT_HASH_ALG] = sizeof(gp.auditHashAlg); |
| 9621 | 385 s_reservedSize[NV_AUDIT_COUNTER] = sizeof(gp.auditCounter); |
| 9622 | 386 s_reservedSize[NV_ALGORITHM_SET] = sizeof(gp.algorithmSet); |
| 9623 | 387 s_reservedSize[NV_FIRMWARE_V1] = sizeof(gp.firmwareV1); |
| 9624 | 388 s_reservedSize[NV_FIRMWARE_V2] = sizeof(gp.firmwareV2); |
| 9625 | 389 s_reservedSize[NV_ORDERLY_DATA] = sizeof(go); |
| 9626 | 390 s_reservedSize[NV_STATE_CLEAR] = sizeof(gc); |
| 9627 | 391 s_reservedSize[NV_STATE_RESET] = sizeof(gr); |
| 9628 | 392 |
| 9629 | 393 // Initialize reserved data address. In this implementation, reserved data |
| 9630 | 394 // is stored at the start of NV memory |
| 9631 | 395 reservedAddr = 0; |
| 9632 | 396 for(i = 0; i < NV_RESERVE_LAST; i++) |
| 9633 | 397 { |
| 9634 | 398 s_reservedAddr[i] = reservedAddr; |
| 9635 | 399 reservedAddr += s_reservedSize[i]; |
| 9636 | 400 } |
| 9637 | 401 |
| 9638 | 402 // Initialize auxiliary variable space for index/evict implementation. |
| 9639 | 403 // Auxiliary variables are stored after reserved data area |
| 9640 | 404 // RAM index copy starts at the beginning |
| 9641 | 405 s_ramIndexSizeAddr = reservedAddr; |
| 9642 | |
| 9643 | Page 128 TCG Published Family "2.0" |
| 9644 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 9645 | Part 4: Supporting Routines Trusted Platform Module Library |
| 9646 | |
| 9647 | 406 s_ramIndexAddr = s_ramIndexSizeAddr + sizeof(UINT32); |
| 9648 | 407 |
| 9649 | 408 // Maximum counter value |
| 9650 | 409 s_maxCountAddr = s_ramIndexAddr + RAM_INDEX_SPACE; |
| 9651 | 410 |
| 9652 | 411 // dynamic memory start |
| 9653 | 412 s_evictNvStart = s_maxCountAddr + sizeof(UINT64); |
| 9654 | 413 |
| 9655 | 414 // dynamic memory ends at the end of NV memory |
| 9656 | 415 s_evictNvEnd = NV_MEMORY_SIZE; |
| 9657 | 416 |
| 9658 | 417 return; |
| 9659 | 418 } |
| 9660 | |
| 9661 | |
| 9662 | 8.4.6.2 NvInit() |
| 9663 | |
| 9664 | This function initializes the NV system at pre-install time. |
| 9665 | This function should only be called in a manufacturing environment or in a simulation. |
| 9666 | The layout of NV memory space is an implementation choice. |
| 9667 | |
| 9668 | 419 void |
| 9669 | 420 NvInit( |
| 9670 | 421 void |
| 9671 | 422 ) |
| 9672 | 423 { |
| 9673 | 424 UINT32 nullPointer = 0; |
| 9674 | 425 UINT64 zeroCounter = 0; |
| 9675 | 426 |
| 9676 | 427 // Initialize static variables |
| 9677 | 428 NvInitStatic(); |
| 9678 | 429 |
| 9679 | 430 // Initialize RAM index space as unused |
| 9680 | 431 _plat__NvMemoryWrite(s_ramIndexSizeAddr, sizeof(UINT32), &nullPointer); |
| 9681 | 432 |
| 9682 | 433 // Initialize max counter value to 0 |
| 9683 | 434 _plat__NvMemoryWrite(s_maxCountAddr, sizeof(UINT64), &zeroCounter); |
| 9684 | 435 |
| 9685 | 436 // Initialize the next offset of the first entry in evict/index list to 0 |
| 9686 | 437 _plat__NvMemoryWrite(s_evictNvStart, sizeof(TPM_HANDLE), &nullPointer); |
| 9687 | 438 |
| 9688 | 439 return; |
| 9689 | 440 |
| 9690 | 441 } |
| 9691 | |
| 9692 | |
| 9693 | 8.4.6.3 NvReadReserved() |
| 9694 | |
| 9695 | This function is used to move reserved data from NV memory to RAM. |
| 9696 | |
| 9697 | 442 void |
| 9698 | 443 NvReadReserved( |
| 9699 | 444 NV_RESERVE type, // IN: type of reserved data |
| 9700 | 445 void *buffer // OUT: buffer receives the data. |
| 9701 | 446 ) |
| 9702 | 447 { |
| 9703 | 448 // Input type should be valid |
| 9704 | 449 pAssert(type >= 0 && type < NV_RESERVE_LAST); |
| 9705 | 450 |
| 9706 | 451 _plat__NvMemoryRead(s_reservedAddr[type], s_reservedSize[type], buffer); |
| 9707 | 452 return; |
| 9708 | 453 } |
| 9709 | |
| 9710 | |
| 9711 | |
| 9712 | Family "2.0" TCG Published Page 129 |
| 9713 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 9714 | Trusted Platform Module Library Part 4: Supporting Routines |
| 9715 | |
| 9716 | 8.4.6.4 NvWriteReserved() |
| 9717 | |
| 9718 | This function is used to post a reserved data for writing to NV memory. Before the TPM completes the |
| 9719 | operation, the value will be written. |
| 9720 | |
| 9721 | 454 void |
| 9722 | 455 NvWriteReserved( |
| 9723 | 456 NV_RESERVE type, // IN: type of reserved data |
| 9724 | 457 void *buffer // IN: data buffer |
| 9725 | 458 ) |
| 9726 | 459 { |
| 9727 | 460 // Input type should be valid |
| 9728 | 461 pAssert(type >= 0 && type < NV_RESERVE_LAST); |
| 9729 | 462 |
| 9730 | 463 _plat__NvMemoryWrite(s_reservedAddr[type], s_reservedSize[type], buffer); |
| 9731 | 464 |
| 9732 | 465 // Set the flag that a NV write happens |
| 9733 | 466 g_updateNV = TRUE; |
| 9734 | 467 return; |
| 9735 | 468 } |
| 9736 | |
| 9737 | |
| 9738 | 8.4.6.5 NvReadPersistent() |
| 9739 | |
| 9740 | This function reads persistent data to the RAM copy of the gp structure. |
| 9741 | |
| 9742 | 469 void |
| 9743 | 470 NvReadPersistent( |
| 9744 | 471 void |
| 9745 | 472 ) |
| 9746 | 473 { |
| 9747 | 474 // Hierarchy persistent data |
| 9748 | 475 NvReadReserved(NV_DISABLE_CLEAR, &gp.disableClear); |
| 9749 | 476 NvReadReserved(NV_OWNER_ALG, &gp.ownerAlg); |
| 9750 | 477 NvReadReserved(NV_ENDORSEMENT_ALG, &gp.endorsementAlg); |
| 9751 | 478 NvReadReserved(NV_LOCKOUT_ALG, &gp.lockoutAlg); |
| 9752 | 479 NvReadReserved(NV_OWNER_POLICY, &gp.ownerPolicy); |
| 9753 | 480 NvReadReserved(NV_ENDORSEMENT_POLICY, &gp.endorsementPolicy); |
| 9754 | 481 NvReadReserved(NV_LOCKOUT_POLICY, &gp.lockoutPolicy); |
| 9755 | 482 NvReadReserved(NV_OWNER_AUTH, &gp.ownerAuth); |
| 9756 | 483 NvReadReserved(NV_ENDORSEMENT_AUTH, &gp.endorsementAuth); |
| 9757 | 484 NvReadReserved(NV_LOCKOUT_AUTH, &gp.lockoutAuth); |
| 9758 | 485 NvReadReserved(NV_EP_SEED, &gp.EPSeed); |
| 9759 | 486 NvReadReserved(NV_SP_SEED, &gp.SPSeed); |
| 9760 | 487 NvReadReserved(NV_PP_SEED, &gp.PPSeed); |
| 9761 | 488 NvReadReserved(NV_PH_PROOF, &gp.phProof); |
| 9762 | 489 NvReadReserved(NV_SH_PROOF, &gp.shProof); |
| 9763 | 490 NvReadReserved(NV_EH_PROOF, &gp.ehProof); |
| 9764 | 491 |
| 9765 | 492 // Time persistent data |
| 9766 | 493 NvReadReserved(NV_TOTAL_RESET_COUNT, &gp.totalResetCount); |
| 9767 | 494 NvReadReserved(NV_RESET_COUNT, &gp.resetCount); |
| 9768 | 495 |
| 9769 | 496 // PCR persistent data |
| 9770 | 497 NvReadReserved(NV_PCR_POLICIES, &gp.pcrPolicies); |
| 9771 | 498 NvReadReserved(NV_PCR_ALLOCATED, &gp.pcrAllocated); |
| 9772 | 499 |
| 9773 | 500 // Physical Presence persistent data |
| 9774 | 501 NvReadReserved(NV_PP_LIST, &gp.ppList); |
| 9775 | 502 |
| 9776 | 503 // Dictionary attack values persistent data |
| 9777 | 504 NvReadReserved(NV_FAILED_TRIES, &gp.failedTries); |
| 9778 | 505 NvReadReserved(NV_MAX_TRIES, &gp.maxTries); |
| 9779 | 506 NvReadReserved(NV_RECOVERY_TIME, &gp.recoveryTime); |
| 9780 | |
| 9781 | |
| 9782 | Page 130 TCG Published Family "2.0" |
| 9783 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 9784 | Part 4: Supporting Routines Trusted Platform Module Library |
| 9785 | |
| 9786 | 507 NvReadReserved(NV_LOCKOUT_RECOVERY, &gp.lockoutRecovery); |
| 9787 | 508 NvReadReserved(NV_LOCKOUT_AUTH_ENABLED, &gp.lockOutAuthEnabled); |
| 9788 | 509 |
| 9789 | 510 // Orderly State persistent data |
| 9790 | 511 NvReadReserved(NV_ORDERLY, &gp.orderlyState); |
| 9791 | 512 |
| 9792 | 513 // Command audit values persistent data |
| 9793 | 514 NvReadReserved(NV_AUDIT_COMMANDS, &gp.auditComands); |
| 9794 | 515 NvReadReserved(NV_AUDIT_HASH_ALG, &gp.auditHashAlg); |
| 9795 | 516 NvReadReserved(NV_AUDIT_COUNTER, &gp.auditCounter); |
| 9796 | 517 |
| 9797 | 518 // Algorithm selection persistent data |
| 9798 | 519 NvReadReserved(NV_ALGORITHM_SET, &gp.algorithmSet); |
| 9799 | 520 |
| 9800 | 521 // Firmware version persistent data |
| 9801 | 522 NvReadReserved(NV_FIRMWARE_V1, &gp.firmwareV1); |
| 9802 | 523 NvReadReserved(NV_FIRMWARE_V2, &gp.firmwareV2); |
| 9803 | 524 |
| 9804 | 525 return; |
| 9805 | 526 } |
| 9806 | |
| 9807 | |
| 9808 | 8.4.6.6 NvIsPlatformPersistentHandle() |
| 9809 | |
| 9810 | This function indicates if a handle references a persistent object in the range belonging to the platform. |
| 9811 | |
| 9812 | Return Value Meaning |
| 9813 | |
| 9814 | TRUE handle references a platform persistent object |
| 9815 | FALSE handle does not reference platform persistent object and may |
| 9816 | reference an owner persistent object either |
| 9817 | |
| 9818 | 527 BOOL |
| 9819 | 528 NvIsPlatformPersistentHandle( |
| 9820 | 529 TPM_HANDLE handle // IN: handle |
| 9821 | 530 ) |
| 9822 | 531 { |
| 9823 | 532 return (handle >= PLATFORM_PERSISTENT && handle <= PERSISTENT_LAST); |
| 9824 | 533 } |
| 9825 | |
| 9826 | |
| 9827 | 8.4.6.7 NvIsOwnerPersistentHandle() |
| 9828 | |
| 9829 | This function indicates if a handle references a persistent object in the range belonging to the owner. |
| 9830 | |
| 9831 | Return Value Meaning |
| 9832 | |
| 9833 | TRUE handle is owner persistent handle |
| 9834 | FALSE handle is not owner persistent handle and may not be a persistent |
| 9835 | handle at all |
| 9836 | |
| 9837 | 534 BOOL |
| 9838 | 535 NvIsOwnerPersistentHandle( |
| 9839 | 536 TPM_HANDLE handle // IN: handle |
| 9840 | 537 ) |
| 9841 | 538 { |
| 9842 | 539 return (handle >= PERSISTENT_FIRST && handle < PLATFORM_PERSISTENT); |
| 9843 | 540 } |
| 9844 | |
| 9845 | |
| 9846 | 8.4.6.8 NvNextIndex() |
| 9847 | |
| 9848 | This function returns the offset in NV of the next NV Index entry. A value of 0 indicates the end of the list. |
| 9849 | Family "2.0" TCG Published Page 131 |
| 9850 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 9851 | Trusted Platform Module Library Part 4: Supporting Routines |
| 9852 | |
| 9853 | 541 static UINT32 |
| 9854 | 542 NvNextIndex( |
| 9855 | 543 NV_ITER *iter |
| 9856 | 544 ) |
| 9857 | 545 { |
| 9858 | 546 UINT32 addr; |
| 9859 | 547 TPM_HANDLE handle; |
| 9860 | 548 |
| 9861 | 549 while((addr = NvNext(iter)) != 0) |
| 9862 | 550 { |
| 9863 | 551 // Read handle |
| 9864 | 552 _plat__NvMemoryRead(addr, sizeof(TPM_HANDLE), &handle); |
| 9865 | 553 if(HandleGetType(handle) == TPM_HT_NV_INDEX) |
| 9866 | 554 return addr; |
| 9867 | 555 } |
| 9868 | 556 |
| 9869 | 557 pAssert(addr == 0); |
| 9870 | 558 return addr; |
| 9871 | 559 } |
| 9872 | |
| 9873 | |
| 9874 | 8.4.6.9 NvNextEvict() |
| 9875 | |
| 9876 | This function returns the offset in NV of the next evict object entry. A value of 0 indicates the end of the |
| 9877 | list. |
| 9878 | |
| 9879 | 560 static UINT32 |
| 9880 | 561 NvNextEvict( |
| 9881 | 562 NV_ITER *iter |
| 9882 | 563 ) |
| 9883 | 564 { |
| 9884 | 565 UINT32 addr; |
| 9885 | 566 TPM_HANDLE handle; |
| 9886 | 567 |
| 9887 | 568 while((addr = NvNext(iter)) != 0) |
| 9888 | 569 { |
| 9889 | 570 // Read handle |
| 9890 | 571 _plat__NvMemoryRead(addr, sizeof(TPM_HANDLE), &handle); |
| 9891 | 572 if(HandleGetType(handle) == TPM_HT_PERSISTENT) |
| 9892 | 573 return addr; |
| 9893 | 574 } |
| 9894 | 575 |
| 9895 | 576 pAssert(addr == 0); |
| 9896 | 577 return addr; |
| 9897 | 578 } |
| 9898 | |
| 9899 | |
| 9900 | 8.4.6.10 NvFindHandle() |
| 9901 | |
| 9902 | this function returns the offset in NV memory of the entity associated with the input handle. A value of |
| 9903 | zero indicates that handle does not exist reference an existing persistent object or defined NV Index. |
| 9904 | |
| 9905 | 579 static UINT32 |
| 9906 | 580 NvFindHandle( |
| 9907 | 581 TPM_HANDLE handle |
| 9908 | 582 ) |
| 9909 | 583 { |
| 9910 | 584 UINT32 addr; |
| 9911 | 585 NV_ITER iter = NV_ITER_INIT; |
| 9912 | 586 |
| 9913 | 587 while((addr = NvNext(&iter)) != 0) |
| 9914 | 588 { |
| 9915 | 589 TPM_HANDLE entityHandle; |
| 9916 | 590 // Read handle |
| 9917 | |
| 9918 | |
| 9919 | Page 132 TCG Published Family "2.0" |
| 9920 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 9921 | Part 4: Supporting Routines Trusted Platform Module Library |
| 9922 | |
| 9923 | 591 _plat__NvMemoryRead(addr, sizeof(TPM_HANDLE), &entityHandle); |
| 9924 | 592 if(entityHandle == handle) |
| 9925 | 593 return addr; |
| 9926 | 594 } |
| 9927 | 595 |
| 9928 | 596 pAssert(addr == 0); |
| 9929 | 597 return addr; |
| 9930 | 598 } |
| 9931 | |
| 9932 | |
| 9933 | 8.4.6.11 NvPowerOn() |
| 9934 | |
| 9935 | This function is called at _TPM_Init() to initialize the NV environment. |
| 9936 | |
| 9937 | Return Value Meaning |
| 9938 | |
| 9939 | TRUE all NV was initialized |
| 9940 | FALSE the NV containing saved state had an error and |
| 9941 | TPM2_Startup(CLEAR) is required |
| 9942 | |
| 9943 | 599 BOOL |
| 9944 | 600 NvPowerOn( |
| 9945 | 601 void |
| 9946 | 602 ) |
| 9947 | 603 { |
| 9948 | 604 int nvError = 0; |
| 9949 | 605 // If power was lost, need to re-establish the RAM data that is loaded from |
| 9950 | 606 // NV and initialize the static variables |
| 9951 | 607 if(_plat__WasPowerLost(TRUE)) |
| 9952 | 608 { |
| 9953 | 609 if((nvError = _plat__NVEnable(0)) < 0) |
| 9954 | 610 FAIL(FATAL_ERROR_NV_UNRECOVERABLE); |
| 9955 | 611 |
| 9956 | 612 NvInitStatic(); |
| 9957 | 613 } |
| 9958 | 614 |
| 9959 | 615 return nvError == 0; |
| 9960 | 616 } |
| 9961 | |
| 9962 | |
| 9963 | 8.4.6.12 NvStateSave() |
| 9964 | |
| 9965 | This function is used to cause the memory containing the RAM backed NV Indices to be written to NV. |
| 9966 | |
| 9967 | 617 void |
| 9968 | 618 NvStateSave( |
| 9969 | 619 void |
| 9970 | 620 ) |
| 9971 | 621 { |
| 9972 | 622 // Write RAM backed NV Index info to NV |
| 9973 | 623 // No need to save s_ramIndexSize because we save it to NV whenever it is |
| 9974 | 624 // updated. |
| 9975 | 625 _plat__NvMemoryWrite(s_ramIndexAddr, RAM_INDEX_SPACE, s_ramIndex); |
| 9976 | 626 |
| 9977 | 627 // Set the flag so that an NV write happens before the command completes. |
| 9978 | 628 g_updateNV = TRUE; |
| 9979 | 629 |
| 9980 | 630 return; |
| 9981 | 631 } |
| 9982 | |
| 9983 | |
| 9984 | |
| 9985 | |
| 9986 | Family "2.0" TCG Published Page 133 |
| 9987 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 9988 | Trusted Platform Module Library Part 4: Supporting Routines |
| 9989 | |
| 9990 | 8.4.6.13 NvEntityStartup() |
| 9991 | |
| 9992 | This function is called at TPM_Startup(). If the startup completes a TPM Resume cycle, no action is |
| 9993 | taken. If the startup is a TPM Reset or a TPM Restart, then this function will: |
| 9994 | a) clear read/write lock; |
| 9995 | b) reset NV Index data that has TPMA_NV_CLEAR_STCLEAR SET; and |
| 9996 | c) set the lower bits in orderly counters to 1 for a non-orderly startup |
| 9997 | It is a prerequisite that NV be available for writing before this function is called. |
| 9998 | |
| 9999 | 632 void |
| 10000 | 633 NvEntityStartup( |
| 10001 | 634 STARTUP_TYPE type // IN: start up type |
| 10002 | 635 ) |
| 10003 | 636 { |
| 10004 | 637 NV_ITER iter = NV_ITER_INIT; |
| 10005 | 638 UINT32 currentAddr; // offset points to the current entity |
| 10006 | 639 |
| 10007 | 640 // Restore RAM index data |
| 10008 | 641 _plat__NvMemoryRead(s_ramIndexSizeAddr, sizeof(UINT32), &s_ramIndexSize); |
| 10009 | 642 _plat__NvMemoryRead(s_ramIndexAddr, RAM_INDEX_SPACE, s_ramIndex); |
| 10010 | 643 |
| 10011 | 644 // If recovering from state save, do nothing |
| 10012 | 645 if(type == SU_RESUME) |
| 10013 | 646 return; |
| 10014 | 647 |
| 10015 | 648 // Iterate all the NV Index to clear the locks |
| 10016 | 649 while((currentAddr = NvNextIndex(&iter)) != 0) |
| 10017 | 650 { |
| 10018 | 651 NV_INDEX nvIndex; |
| 10019 | 652 UINT32 indexAddr; // NV address points to index info |
| 10020 | 653 TPMA_NV attributes; |
| 10021 | 654 |
| 10022 | 655 indexAddr = currentAddr + sizeof(TPM_HANDLE); |
| 10023 | 656 |
| 10024 | 657 // Read NV Index info structure |
| 10025 | 658 _plat__NvMemoryRead(indexAddr, sizeof(NV_INDEX), &nvIndex); |
| 10026 | 659 attributes = nvIndex.publicArea.attributes; |
| 10027 | 660 |
| 10028 | 661 // Clear read/write lock |
| 10029 | 662 if(attributes.TPMA_NV_READLOCKED == SET) |
| 10030 | 663 attributes.TPMA_NV_READLOCKED = CLEAR; |
| 10031 | 664 |
| 10032 | 665 if( attributes.TPMA_NV_WRITELOCKED == SET |
| 10033 | 666 && ( attributes.TPMA_NV_WRITTEN == CLEAR |
| 10034 | 667 || attributes.TPMA_NV_WRITEDEFINE == CLEAR |
| 10035 | 668 ) |
| 10036 | 669 ) |
| 10037 | 670 attributes.TPMA_NV_WRITELOCKED = CLEAR; |
| 10038 | 671 |
| 10039 | 672 // Reset NV data for TPMA_NV_CLEAR_STCLEAR |
| 10040 | 673 if(attributes.TPMA_NV_CLEAR_STCLEAR == SET) |
| 10041 | 674 { |
| 10042 | 675 attributes.TPMA_NV_WRITTEN = CLEAR; |
| 10043 | 676 attributes.TPMA_NV_WRITELOCKED = CLEAR; |
| 10044 | 677 } |
| 10045 | 678 |
| 10046 | 679 // Reset NV data for orderly values that are not counters |
| 10047 | 680 // NOTE: The function has already exited on a TPM Resume, so the only |
| 10048 | 681 // things being processed are TPM Restart and TPM Reset |
| 10049 | 682 if( type == SU_RESET |
| 10050 | 683 && attributes.TPMA_NV_ORDERLY == SET |
| 10051 | 684 && attributes.TPMA_NV_COUNTER == CLEAR |
| 10052 | |
| 10053 | Page 134 TCG Published Family "2.0" |
| 10054 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 10055 | Part 4: Supporting Routines Trusted Platform Module Library |
| 10056 | |
| 10057 | 685 ) |
| 10058 | 686 attributes.TPMA_NV_WRITTEN = CLEAR; |
| 10059 | 687 |
| 10060 | 688 // Write NV Index info back if it has changed |
| 10061 | 689 if(*((UINT32 *)&attributes) != *((UINT32 *)&nvIndex.publicArea.attributes)) |
| 10062 | 690 { |
| 10063 | 691 nvIndex.publicArea.attributes = attributes; |
| 10064 | 692 _plat__NvMemoryWrite(indexAddr, sizeof(NV_INDEX), &nvIndex); |
| 10065 | 693 |
| 10066 | 694 // Set the flag that a NV write happens |
| 10067 | 695 g_updateNV = TRUE; |
| 10068 | 696 } |
| 10069 | 697 // Set the lower bits in an orderly counter to 1 for a non-orderly startup |
| 10070 | 698 if( g_prevOrderlyState == SHUTDOWN_NONE |
| 10071 | 699 && attributes.TPMA_NV_WRITTEN == SET) |
| 10072 | 700 { |
| 10073 | 701 if( attributes.TPMA_NV_ORDERLY == SET |
| 10074 | 702 && attributes.TPMA_NV_COUNTER == SET) |
| 10075 | 703 { |
| 10076 | 704 TPMI_RH_NV_INDEX nvHandle; |
| 10077 | 705 UINT64 counter; |
| 10078 | 706 |
| 10079 | 707 // Read NV handle |
| 10080 | 708 _plat__NvMemoryRead(currentAddr, sizeof(TPM_HANDLE), &nvHandle); |
| 10081 | 709 |
| 10082 | 710 // Read the counter value saved to NV upon the last roll over. |
| 10083 | 711 // Do not use RAM backed storage for this once. |
| 10084 | 712 nvIndex.publicArea.attributes.TPMA_NV_ORDERLY = CLEAR; |
| 10085 | 713 NvGetIntIndexData(nvHandle, &nvIndex, &counter); |
| 10086 | 714 nvIndex.publicArea.attributes.TPMA_NV_ORDERLY = SET; |
| 10087 | 715 |
| 10088 | 716 // Set the lower bits of counter to 1's |
| 10089 | 717 counter |= MAX_ORDERLY_COUNT; |
| 10090 | 718 |
| 10091 | 719 // Write back to RAM |
| 10092 | 720 NvWriteIndexData(nvHandle, &nvIndex, 0, sizeof(counter), &counter); |
| 10093 | 721 |
| 10094 | 722 // No write to NV because an orderly shutdown will update the |
| 10095 | 723 // counters. |
| 10096 | 724 |
| 10097 | 725 } |
| 10098 | 726 } |
| 10099 | 727 } |
| 10100 | 728 |
| 10101 | 729 return; |
| 10102 | 730 |
| 10103 | 731 } |
| 10104 | |
| 10105 | |
| 10106 | 8.4.7 NV Access Functions |
| 10107 | |
| 10108 | 8.4.7.1 Introduction |
| 10109 | |
| 10110 | This set of functions provide accessing NV Index and persistent objects based using a handle for |
| 10111 | reference to the entity. |
| 10112 | |
| 10113 | 8.4.7.2 NvIsUndefinedIndex() |
| 10114 | |
| 10115 | This function is used to verify that an NV Index is not defined. This is only used by |
| 10116 | TPM2_NV_DefineSpace(). |
| 10117 | |
| 10118 | |
| 10119 | |
| 10120 | |
| 10121 | Family "2.0" TCG Published Page 135 |
| 10122 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 10123 | Trusted Platform Module Library Part 4: Supporting Routines |
| 10124 | |
| 10125 | |
| 10126 | Return Value Meaning |
| 10127 | |
| 10128 | TRUE the handle points to an existing NV Index |
| 10129 | FALSE the handle points to a non-existent Index |
| 10130 | |
| 10131 | 732 BOOL |
| 10132 | 733 NvIsUndefinedIndex( |
| 10133 | 734 TPMI_RH_NV_INDEX handle // IN: handle |
| 10134 | 735 ) |
| 10135 | 736 { |
| 10136 | 737 UINT32 entityAddr; // offset points to the entity |
| 10137 | 738 |
| 10138 | 739 pAssert(HandleGetType(handle) == TPM_HT_NV_INDEX); |
| 10139 | 740 |
| 10140 | 741 // Find the address of index |
| 10141 | 742 entityAddr = NvFindHandle(handle); |
| 10142 | 743 |
| 10143 | 744 // If handle is not found, return TPM_RC_SUCCESS |
| 10144 | 745 if(entityAddr == 0) |
| 10145 | 746 return TPM_RC_SUCCESS; |
| 10146 | 747 |
| 10147 | 748 // NV Index is defined |
| 10148 | 749 return TPM_RC_NV_DEFINED; |
| 10149 | 750 } |
| 10150 | |
| 10151 | |
| 10152 | 8.4.7.3 NvIndexIsAccessible() |
| 10153 | |
| 10154 | This function validates that a handle references a defined NV Index and that the Index is currently |
| 10155 | accessible. |
| 10156 | |
| 10157 | Error Returns Meaning |
| 10158 | |
| 10159 | TPM_RC_HANDLE the handle points to an undefined NV Index If shEnable is CLEAR, |
| 10160 | this would include an index created using ownerAuth. If phEnableNV |
| 10161 | is CLEAR, this would include and index created using platform auth |
| 10162 | TPM_RC_NV_READLOCKED Index is present but locked for reading and command does not write |
| 10163 | to the index |
| 10164 | TPM_RC_NV_WRITELOCKED Index is present but locked for writing and command writes to the |
| 10165 | index |
| 10166 | |
| 10167 | 751 TPM_RC |
| 10168 | 752 NvIndexIsAccessible( |
| 10169 | 753 TPMI_RH_NV_INDEX handle, // IN: handle |
| 10170 | 754 TPM_CC commandCode // IN: the command |
| 10171 | 755 ) |
| 10172 | 756 { |
| 10173 | 757 UINT32 entityAddr; // offset points to the entity |
| 10174 | 758 NV_INDEX nvIndex; // |
| 10175 | 759 |
| 10176 | 760 pAssert(HandleGetType(handle) == TPM_HT_NV_INDEX); |
| 10177 | 761 |
| 10178 | 762 // Find the address of index |
| 10179 | 763 entityAddr = NvFindHandle(handle); |
| 10180 | 764 |
| 10181 | 765 // If handle is not found, return TPM_RC_HANDLE |
| 10182 | 766 if(entityAddr == 0) |
| 10183 | 767 return TPM_RC_HANDLE; |
| 10184 | 768 |
| 10185 | 769 // Read NV Index info structure |
| 10186 | 770 _plat__NvMemoryRead(entityAddr + sizeof(TPM_HANDLE), sizeof(NV_INDEX), |
| 10187 | 771 &nvIndex); |
| 10188 | |
| 10189 | Page 136 TCG Published Family "2.0" |
| 10190 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 10191 | Part 4: Supporting Routines Trusted Platform Module Library |
| 10192 | |
| 10193 | 772 |
| 10194 | 773 if(gc.shEnable == FALSE || gc.phEnableNV == FALSE) |
| 10195 | 774 { |
| 10196 | 775 // if shEnable is CLEAR, an ownerCreate NV Index should not be |
| 10197 | 776 // indicated as present |
| 10198 | 777 if(nvIndex.publicArea.attributes.TPMA_NV_PLATFORMCREATE == CLEAR) |
| 10199 | 778 { |
| 10200 | 779 if(gc.shEnable == FALSE) |
| 10201 | 780 return TPM_RC_HANDLE; |
| 10202 | 781 } |
| 10203 | 782 // if phEnableNV is CLEAR, a platform created Index should not |
| 10204 | 783 // be visible |
| 10205 | 784 else if(gc.phEnableNV == FALSE) |
| 10206 | 785 return TPM_RC_HANDLE; |
| 10207 | 786 } |
| 10208 | 787 |
| 10209 | 788 // If the Index is write locked and this is an NV Write operation... |
| 10210 | 789 if( nvIndex.publicArea.attributes.TPMA_NV_WRITELOCKED |
| 10211 | 790 && IsWriteOperation(commandCode)) |
| 10212 | 791 { |
| 10213 | 792 // then return a locked indication unless the command is TPM2_NV_WriteLock |
| 10214 | 793 if(commandCode != TPM_CC_NV_WriteLock) |
| 10215 | 794 return TPM_RC_NV_LOCKED; |
| 10216 | 795 return TPM_RC_SUCCESS; |
| 10217 | 796 } |
| 10218 | 797 // If the Index is read locked and this is an NV Read operation... |
| 10219 | 798 if( nvIndex.publicArea.attributes.TPMA_NV_READLOCKED |
| 10220 | 799 && IsReadOperation(commandCode)) |
| 10221 | 800 { |
| 10222 | 801 // then return a locked indication unless the command is TPM2_NV_ReadLock |
| 10223 | 802 if(commandCode != TPM_CC_NV_ReadLock) |
| 10224 | 803 return TPM_RC_NV_LOCKED; |
| 10225 | 804 return TPM_RC_SUCCESS; |
| 10226 | 805 } |
| 10227 | 806 |
| 10228 | 807 // NV Index is accessible |
| 10229 | 808 return TPM_RC_SUCCESS; |
| 10230 | 809 } |
| 10231 | |
| 10232 | |
| 10233 | 8.4.7.4 NvIsUndefinedEvictHandle() |
| 10234 | |
| 10235 | This function indicates if a handle does not reference an existing persistent object. This function requires |
| 10236 | that the handle be in the proper range for persistent objects. |
| 10237 | |
| 10238 | Return Value Meaning |
| 10239 | |
| 10240 | TRUE handle does not reference an existing persistent object |
| 10241 | FALSE handle does reference an existing persistent object |
| 10242 | |
| 10243 | 810 static BOOL |
| 10244 | 811 NvIsUndefinedEvictHandle( |
| 10245 | 812 TPM_HANDLE handle // IN: handle |
| 10246 | 813 ) |
| 10247 | 814 { |
| 10248 | 815 UINT32 entityAddr; // offset points to the entity |
| 10249 | 816 pAssert(HandleGetType(handle) == TPM_HT_PERSISTENT); |
| 10250 | 817 |
| 10251 | 818 // Find the address of evict object |
| 10252 | 819 entityAddr = NvFindHandle(handle); |
| 10253 | 820 |
| 10254 | 821 // If handle is not found, return TRUE |
| 10255 | 822 if(entityAddr == 0) |
| 10256 | 823 return TRUE; |
| 10257 | |
| 10258 | Family "2.0" TCG Published Page 137 |
| 10259 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 10260 | Trusted Platform Module Library Part 4: Supporting Routines |
| 10261 | |
| 10262 | 824 else |
| 10263 | 825 return FALSE; |
| 10264 | 826 } |
| 10265 | |
| 10266 | |
| 10267 | 8.4.7.5 NvGetEvictObject() |
| 10268 | |
| 10269 | This function is used to dereference an evict object handle and get a pointer to the object. |
| 10270 | |
| 10271 | Error Returns Meaning |
| 10272 | |
| 10273 | TPM_RC_HANDLE the handle does not point to an existing persistent object |
| 10274 | |
| 10275 | 827 TPM_RC |
| 10276 | 828 NvGetEvictObject( |
| 10277 | 829 TPM_HANDLE handle, // IN: handle |
| 10278 | 830 OBJECT *object // OUT: object data |
| 10279 | 831 ) |
| 10280 | 832 { |
| 10281 | 833 UINT32 entityAddr; // offset points to the entity |
| 10282 | 834 TPM_RC result = TPM_RC_SUCCESS; |
| 10283 | 835 |
| 10284 | 836 pAssert(HandleGetType(handle) == TPM_HT_PERSISTENT); |
| 10285 | 837 |
| 10286 | 838 // Find the address of evict object |
| 10287 | 839 entityAddr = NvFindHandle(handle); |
| 10288 | 840 |
| 10289 | 841 // If handle is not found, return an error |
| 10290 | 842 if(entityAddr == 0) |
| 10291 | 843 result = TPM_RC_HANDLE; |
| 10292 | 844 else |
| 10293 | 845 // Read evict object |
| 10294 | 846 _plat__NvMemoryRead(entityAddr + sizeof(TPM_HANDLE), |
| 10295 | 847 sizeof(OBJECT), |
| 10296 | 848 object); |
| 10297 | 849 |
| 10298 | 850 // whether there is an error or not, make sure that the evict |
| 10299 | 851 // status of the object is set so that the slot will get freed on exit |
| 10300 | 852 object->attributes.evict = SET; |
| 10301 | 853 |
| 10302 | 854 return result; |
| 10303 | 855 } |
| 10304 | |
| 10305 | |
| 10306 | 8.4.7.6 NvGetIndexInfo() |
| 10307 | |
| 10308 | This function is used to retrieve the contents of an NV Index. |
| 10309 | An implementation is allowed to save the NV Index in a vendor-defined format. If the format is different |
| 10310 | from the default used by the reference code, then this function would be changed to reformat the data into |
| 10311 | the default format. |
| 10312 | A prerequisite to calling this function is that the handle must be known to reference a defined NV Index. |
| 10313 | |
| 10314 | 856 void |
| 10315 | 857 NvGetIndexInfo( |
| 10316 | 858 TPMI_RH_NV_INDEX handle, // IN: handle |
| 10317 | 859 NV_INDEX *nvIndex // OUT: NV index structure |
| 10318 | 860 ) |
| 10319 | 861 { |
| 10320 | 862 UINT32 entityAddr; // offset points to the entity |
| 10321 | 863 |
| 10322 | 864 pAssert(HandleGetType(handle) == TPM_HT_NV_INDEX); |
| 10323 | 865 |
| 10324 | 866 // Find the address of NV index |
| 10325 | |
| 10326 | Page 138 TCG Published Family "2.0" |
| 10327 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 10328 | Part 4: Supporting Routines Trusted Platform Module Library |
| 10329 | |
| 10330 | 867 entityAddr = NvFindHandle(handle); |
| 10331 | 868 pAssert(entityAddr != 0); |
| 10332 | 869 |
| 10333 | 870 // This implementation uses the default format so just |
| 10334 | 871 // read the data in |
| 10335 | 872 _plat__NvMemoryRead(entityAddr + sizeof(TPM_HANDLE), sizeof(NV_INDEX), |
| 10336 | 873 nvIndex); |
| 10337 | 874 |
| 10338 | 875 return; |
| 10339 | 876 } |
| 10340 | |
| 10341 | |
| 10342 | 8.4.7.7 NvInitialCounter() |
| 10343 | |
| 10344 | This function returns the value to be used when a counter index is initialized. It will scan the NV counters |
| 10345 | and find the highest value in any active counter. It will use that value as the starting point. If there are no |
| 10346 | active counters, it will use the value of the previous largest counter. |
| 10347 | |
| 10348 | 877 UINT64 |
| 10349 | 878 NvInitialCounter( |
| 10350 | 879 void |
| 10351 | 880 ) |
| 10352 | 881 { |
| 10353 | 882 UINT64 maxCount; |
| 10354 | 883 NV_ITER iter = NV_ITER_INIT; |
| 10355 | 884 UINT32 currentAddr; |
| 10356 | 885 |
| 10357 | 886 // Read the maxCount value |
| 10358 | 887 maxCount = NvReadMaxCount(); |
| 10359 | 888 |
| 10360 | 889 // Iterate all existing counters |
| 10361 | 890 while((currentAddr = NvNextIndex(&iter)) != 0) |
| 10362 | 891 { |
| 10363 | 892 TPMI_RH_NV_INDEX nvHandle; |
| 10364 | 893 NV_INDEX nvIndex; |
| 10365 | 894 |
| 10366 | 895 // Read NV handle |
| 10367 | 896 _plat__NvMemoryRead(currentAddr, sizeof(TPM_HANDLE), &nvHandle); |
| 10368 | 897 |
| 10369 | 898 // Get NV Index |
| 10370 | 899 NvGetIndexInfo(nvHandle, &nvIndex); |
| 10371 | 900 if( nvIndex.publicArea.attributes.TPMA_NV_COUNTER == SET |
| 10372 | 901 && nvIndex.publicArea.attributes.TPMA_NV_WRITTEN == SET) |
| 10373 | 902 { |
| 10374 | 903 UINT64 countValue; |
| 10375 | 904 // Read counter value |
| 10376 | 905 NvGetIntIndexData(nvHandle, &nvIndex, &countValue); |
| 10377 | 906 if(countValue > maxCount) |
| 10378 | 907 maxCount = countValue; |
| 10379 | 908 } |
| 10380 | 909 } |
| 10381 | 910 // Initialize the new counter value to be maxCount + 1 |
| 10382 | 911 // A counter is only initialized the first time it is written. The |
| 10383 | 912 // way to write a counter is with TPM2_NV_INCREMENT(). Since the |
| 10384 | 913 // "initial" value of a defined counter is the largest count value that |
| 10385 | 914 // may have existed in this index previously, then the first use would |
| 10386 | 915 // add one to that value. |
| 10387 | 916 return maxCount; |
| 10388 | 917 } |
| 10389 | |
| 10390 | |
| 10391 | 8.4.7.8 NvGetIndexData() |
| 10392 | |
| 10393 | This function is used to access the data in an NV Index. The data is returned as a byte sequence. Since |
| 10394 | counter values are kept in native format, they are converted to canonical form before being returned. |
| 10395 | Family "2.0" TCG Published Page 139 |
| 10396 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 10397 | Trusted Platform Module Library Part 4: Supporting Routines |
| 10398 | |
| 10399 | |
| 10400 | This function requires that the NV Index be defined, and that the required data is within the data range. It |
| 10401 | also requires that TPMA_NV_WRITTEN of the Index is SET. |
| 10402 | |
| 10403 | 918 void |
| 10404 | 919 NvGetIndexData( |
| 10405 | 920 TPMI_RH_NV_INDEX handle, // IN: handle |
| 10406 | 921 NV_INDEX *nvIndex, // IN: RAM image of index header |
| 10407 | 922 UINT32 offset, // IN: offset of NV data |
| 10408 | 923 UINT16 size, // IN: size of NV data |
| 10409 | 924 void *data // OUT: data buffer |
| 10410 | 925 ) |
| 10411 | 926 { |
| 10412 | 927 |
| 10413 | 928 pAssert(nvIndex->publicArea.attributes.TPMA_NV_WRITTEN == SET); |
| 10414 | 929 |
| 10415 | 930 if( nvIndex->publicArea.attributes.TPMA_NV_BITS == SET |
| 10416 | 931 || nvIndex->publicArea.attributes.TPMA_NV_COUNTER == SET) |
| 10417 | 932 { |
| 10418 | 933 // Read bit or counter data in canonical form |
| 10419 | 934 UINT64 dataInInt; |
| 10420 | 935 NvGetIntIndexData(handle, nvIndex, &dataInInt); |
| 10421 | 936 UINT64_TO_BYTE_ARRAY(dataInInt, (BYTE *)data); |
| 10422 | 937 } |
| 10423 | 938 else |
| 10424 | 939 { |
| 10425 | 940 if(nvIndex->publicArea.attributes.TPMA_NV_ORDERLY == SET) |
| 10426 | 941 { |
| 10427 | 942 UINT32 ramAddr; |
| 10428 | 943 |
| 10429 | 944 // Get data from RAM buffer |
| 10430 | 945 ramAddr = NvGetRAMIndexOffset(handle); |
| 10431 | 946 MemoryCopy(data, s_ramIndex + ramAddr + offset, size, size); |
| 10432 | 947 } |
| 10433 | 948 else |
| 10434 | 949 { |
| 10435 | 950 UINT32 entityAddr; |
| 10436 | 951 entityAddr = NvFindHandle(handle); |
| 10437 | 952 // Get data from NV |
| 10438 | 953 // Skip NV Index info, read data buffer |
| 10439 | 954 entityAddr += sizeof(TPM_HANDLE) + sizeof(NV_INDEX) + offset; |
| 10440 | 955 // Read the data |
| 10441 | 956 _plat__NvMemoryRead(entityAddr, size, data); |
| 10442 | 957 } |
| 10443 | 958 } |
| 10444 | 959 return; |
| 10445 | 960 } |
| 10446 | |
| 10447 | |
| 10448 | 8.4.7.9 NvGetIntIndexData() |
| 10449 | |
| 10450 | Get data in integer format of a bit or counter NV Index. |
| 10451 | This function requires that the NV Index is defined and that the NV Index previously has been written. |
| 10452 | |
| 10453 | 961 void |
| 10454 | 962 NvGetIntIndexData( |
| 10455 | 963 TPMI_RH_NV_INDEX handle, // IN: handle |
| 10456 | 964 NV_INDEX *nvIndex, // IN: RAM image of NV Index header |
| 10457 | 965 UINT64 *data // IN: UINT64 pointer for counter or bit |
| 10458 | 966 ) |
| 10459 | 967 { |
| 10460 | 968 // Validate that index has been written and is the right type |
| 10461 | 969 pAssert( nvIndex->publicArea.attributes.TPMA_NV_WRITTEN == SET |
| 10462 | 970 && ( nvIndex->publicArea.attributes.TPMA_NV_BITS == SET |
| 10463 | 971 || nvIndex->publicArea.attributes.TPMA_NV_COUNTER == SET |
| 10464 | |
| 10465 | Page 140 TCG Published Family "2.0" |
| 10466 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 10467 | Part 4: Supporting Routines Trusted Platform Module Library |
| 10468 | |
| 10469 | 972 ) |
| 10470 | 973 ); |
| 10471 | 974 |
| 10472 | 975 // bit and counter value is store in native format for TPM CPU. So we directly |
| 10473 | 976 // copy the contents of NV to output data buffer |
| 10474 | 977 if(nvIndex->publicArea.attributes.TPMA_NV_ORDERLY == SET) |
| 10475 | 978 { |
| 10476 | 979 UINT32 ramAddr; |
| 10477 | 980 |
| 10478 | 981 // Get data from RAM buffer |
| 10479 | 982 ramAddr = NvGetRAMIndexOffset(handle); |
| 10480 | 983 MemoryCopy(data, s_ramIndex + ramAddr, sizeof(*data), sizeof(*data)); |
| 10481 | 984 } |
| 10482 | 985 else |
| 10483 | 986 { |
| 10484 | 987 UINT32 entityAddr; |
| 10485 | 988 entityAddr = NvFindHandle(handle); |
| 10486 | 989 |
| 10487 | 990 // Get data from NV |
| 10488 | 991 // Skip NV Index info, read data buffer |
| 10489 | 992 _plat__NvMemoryRead( |
| 10490 | 993 entityAddr + sizeof(TPM_HANDLE) + sizeof(NV_INDEX), |
| 10491 | 994 sizeof(UINT64), data); |
| 10492 | 995 } |
| 10493 | 996 |
| 10494 | 997 return; |
| 10495 | 998 } |
| 10496 | |
| 10497 | |
| 10498 | 8.4.7.10 NvWriteIndexInfo() |
| 10499 | |
| 10500 | This function is called to queue the write of NV Index data to persistent memory. |
| 10501 | This function requires that NV Index is defined. |
| 10502 | |
| 10503 | Error Returns Meaning |
| 10504 | |
| 10505 | TPM_RC_NV_RATE NV is rate limiting so retry |
| 10506 | TPM_RC_NV_UNAVAILABLE NV is not available |
| 10507 | |
| 10508 | 999 TPM_RC |
| 10509 | 1000 NvWriteIndexInfo( |
| 10510 | 1001 TPMI_RH_NV_INDEX handle, // IN: handle |
| 10511 | 1002 NV_INDEX *nvIndex // IN: NV Index info to be written |
| 10512 | 1003 ) |
| 10513 | 1004 { |
| 10514 | 1005 UINT32 entryAddr; |
| 10515 | 1006 TPM_RC result; |
| 10516 | 1007 |
| 10517 | 1008 // Get the starting offset for the index in the RAM image of NV |
| 10518 | 1009 entryAddr = NvFindHandle(handle); |
| 10519 | 1010 pAssert(entryAddr != 0); |
| 10520 | 1011 |
| 10521 | 1012 // Step over the link value |
| 10522 | 1013 entryAddr = entryAddr + sizeof(TPM_HANDLE); |
| 10523 | 1014 |
| 10524 | 1015 // If the index data is actually changed, then a write to NV is required |
| 10525 | 1016 if(_plat__NvIsDifferent(entryAddr, sizeof(NV_INDEX),nvIndex)) |
| 10526 | 1017 { |
| 10527 | 1018 // Make sure that NV is available |
| 10528 | 1019 result = NvIsAvailable(); |
| 10529 | 1020 if(result != TPM_RC_SUCCESS) |
| 10530 | 1021 return result; |
| 10531 | 1022 _plat__NvMemoryWrite(entryAddr, sizeof(NV_INDEX), nvIndex); |
| 10532 | 1023 g_updateNV = TRUE; |
| 10533 | |
| 10534 | Family "2.0" TCG Published Page 141 |
| 10535 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 10536 | Trusted Platform Module Library Part 4: Supporting Routines |
| 10537 | |
| 10538 | 1024 } |
| 10539 | 1025 return TPM_RC_SUCCESS; |
| 10540 | 1026 } |
| 10541 | |
| 10542 | |
| 10543 | 8.4.7.11 NvWriteIndexData() |
| 10544 | |
| 10545 | This function is used to write NV index data. |
| 10546 | This function requires that the NV Index is defined, and the data is within the defined data range for the |
| 10547 | index. |
| 10548 | |
| 10549 | Error Returns Meaning |
| 10550 | |
| 10551 | TPM_RC_NV_RATE NV is rate limiting so retry |
| 10552 | TPM_RC_NV_UNAVAILABLE NV is not available |
| 10553 | |
| 10554 | 1027 TPM_RC |
| 10555 | 1028 NvWriteIndexData( |
| 10556 | 1029 TPMI_RH_NV_INDEX handle, // IN: handle |
| 10557 | 1030 NV_INDEX *nvIndex, // IN: RAM copy of NV Index |
| 10558 | 1031 UINT32 offset, // IN: offset of NV data |
| 10559 | 1032 UINT32 size, // IN: size of NV data |
| 10560 | 1033 void *data // OUT: data buffer |
| 10561 | 1034 ) |
| 10562 | 1035 { |
| 10563 | 1036 TPM_RC result; |
| 10564 | 1037 // Validate that write falls within range of the index |
| 10565 | 1038 pAssert(nvIndex->publicArea.dataSize >= offset + size); |
| 10566 | 1039 |
| 10567 | 1040 // Update TPMA_NV_WRITTEN bit if necessary |
| 10568 | 1041 if(nvIndex->publicArea.attributes.TPMA_NV_WRITTEN == CLEAR) |
| 10569 | 1042 { |
| 10570 | 1043 nvIndex->publicArea.attributes.TPMA_NV_WRITTEN = SET; |
| 10571 | 1044 result = NvWriteIndexInfo(handle, nvIndex); |
| 10572 | 1045 if(result != TPM_RC_SUCCESS) |
| 10573 | 1046 return result; |
| 10574 | 1047 } |
| 10575 | 1048 |
| 10576 | 1049 // Check to see if process for an orderly index is required. |
| 10577 | 1050 if(nvIndex->publicArea.attributes.TPMA_NV_ORDERLY == SET) |
| 10578 | 1051 { |
| 10579 | 1052 UINT32 ramAddr; |
| 10580 | 1053 |
| 10581 | 1054 // Write data to RAM buffer |
| 10582 | 1055 ramAddr = NvGetRAMIndexOffset(handle); |
| 10583 | 1056 MemoryCopy(s_ramIndex + ramAddr + offset, data, size, |
| 10584 | 1057 sizeof(s_ramIndex) - ramAddr - offset); |
| 10585 | 1058 |
| 10586 | 1059 // NV update does not happen for orderly index. Have |
| 10587 | 1060 // to clear orderlyState to reflect that we have changed the |
| 10588 | 1061 // NV and an orderly shutdown is required. Only going to do this if we |
| 10589 | 1062 // are not processing a counter that has just rolled over |
| 10590 | 1063 if(g_updateNV == FALSE) |
| 10591 | 1064 g_clearOrderly = TRUE; |
| 10592 | 1065 } |
| 10593 | 1066 // Need to process this part if the Index isn't orderly or if it is |
| 10594 | 1067 // an orderly counter that just rolled over. |
| 10595 | 1068 if(g_updateNV || nvIndex->publicArea.attributes.TPMA_NV_ORDERLY == CLEAR) |
| 10596 | 1069 { |
| 10597 | 1070 // Processing for an index with TPMA_NV_ORDERLY CLEAR |
| 10598 | 1071 UINT32 entryAddr = NvFindHandle(handle); |
| 10599 | 1072 |
| 10600 | 1073 pAssert(entryAddr != 0); |
| 10601 | |
| 10602 | |
| 10603 | Page 142 TCG Published Family "2.0" |
| 10604 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 10605 | Part 4: Supporting Routines Trusted Platform Module Library |
| 10606 | |
| 10607 | 1074 |
| 10608 | 1075 // Offset into the index to the first byte of the data to be written |
| 10609 | 1076 entryAddr += sizeof(TPM_HANDLE) + sizeof(NV_INDEX) + offset; |
| 10610 | 1077 |
| 10611 | 1078 // If the data is actually changed, then a write to NV is required |
| 10612 | 1079 if(_plat__NvIsDifferent(entryAddr, size, data)) |
| 10613 | 1080 { |
| 10614 | 1081 // Make sure that NV is available |
| 10615 | 1082 result = NvIsAvailable(); |
| 10616 | 1083 if(result != TPM_RC_SUCCESS) |
| 10617 | 1084 return result; |
| 10618 | 1085 _plat__NvMemoryWrite(entryAddr, size, data); |
| 10619 | 1086 g_updateNV = TRUE; |
| 10620 | 1087 } |
| 10621 | 1088 } |
| 10622 | 1089 return TPM_RC_SUCCESS; |
| 10623 | 1090 } |
| 10624 | |
| 10625 | |
| 10626 | 8.4.7.12 NvGetName() |
| 10627 | |
| 10628 | This function is used to compute the Name of an NV Index. |
| 10629 | The name buffer receives the bytes of the Name and the return value is the number of octets in the |
| 10630 | Name. |
| 10631 | This function requires that the NV Index is defined. |
| 10632 | |
| 10633 | 1091 UINT16 |
| 10634 | 1092 NvGetName( |
| 10635 | 1093 TPMI_RH_NV_INDEX handle, // IN: handle of the index |
| 10636 | 1094 NAME *name // OUT: name of the index |
| 10637 | 1095 ) |
| 10638 | 1096 { |
| 10639 | 1097 UINT16 dataSize, digestSize; |
| 10640 | 1098 NV_INDEX nvIndex; |
| 10641 | 1099 BYTE marshalBuffer[sizeof(TPMS_NV_PUBLIC)]; |
| 10642 | 1100 BYTE *buffer; |
| 10643 | 1101 HASH_STATE hashState; |
| 10644 | 1102 |
| 10645 | 1103 // Get NV public info |
| 10646 | 1104 NvGetIndexInfo(handle, &nvIndex); |
| 10647 | 1105 |
| 10648 | 1106 // Marshal public area |
| 10649 | 1107 buffer = marshalBuffer; |
| 10650 | 1108 dataSize = TPMS_NV_PUBLIC_Marshal(&nvIndex.publicArea, &buffer, NULL); |
| 10651 | 1109 |
| 10652 | 1110 // hash public area |
| 10653 | 1111 digestSize = CryptStartHash(nvIndex.publicArea.nameAlg, &hashState); |
| 10654 | 1112 CryptUpdateDigest(&hashState, dataSize, marshalBuffer); |
| 10655 | 1113 |
| 10656 | 1114 // Complete digest leaving room for the nameAlg |
| 10657 | 1115 CryptCompleteHash(&hashState, digestSize, &((BYTE *)name)[2]); |
| 10658 | 1116 |
| 10659 | 1117 // Include the nameAlg |
| 10660 | 1118 UINT16_TO_BYTE_ARRAY(nvIndex.publicArea.nameAlg, (BYTE *)name); |
| 10661 | 1119 return digestSize + 2; |
| 10662 | 1120 } |
| 10663 | |
| 10664 | |
| 10665 | 8.4.7.13 NvDefineIndex() |
| 10666 | |
| 10667 | This function is used to assign NV memory to an NV Index. |
| 10668 | |
| 10669 | |
| 10670 | |
| 10671 | Family "2.0" TCG Published Page 143 |
| 10672 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 10673 | Trusted Platform Module Library Part 4: Supporting Routines |
| 10674 | |
| 10675 | |
| 10676 | Error Returns Meaning |
| 10677 | |
| 10678 | TPM_RC_NV_SPACE insufficient NV space |
| 10679 | |
| 10680 | 1121 TPM_RC |
| 10681 | 1122 NvDefineIndex( |
| 10682 | 1123 TPMS_NV_PUBLIC *publicArea, // IN: A template for an area to create. |
| 10683 | 1124 TPM2B_AUTH *authValue // IN: The initial authorization value |
| 10684 | 1125 ) |
| 10685 | 1126 { |
| 10686 | 1127 // The buffer to be written to NV memory |
| 10687 | 1128 BYTE nvBuffer[sizeof(TPM_HANDLE) + sizeof(NV_INDEX)]; |
| 10688 | 1129 |
| 10689 | 1130 NV_INDEX *nvIndex; // a pointer to the NV_INDEX data in |
| 10690 | 1131 // nvBuffer |
| 10691 | 1132 UINT16 entrySize; // size of entry |
| 10692 | 1133 |
| 10693 | 1134 entrySize = sizeof(TPM_HANDLE) + sizeof(NV_INDEX) + publicArea->dataSize; |
| 10694 | 1135 |
| 10695 | 1136 // Check if we have enough space to create the NV Index |
| 10696 | 1137 // In this implementation, the only resource limitation is the available NV |
| 10697 | 1138 // space. Other implementation may have other limitation on counter or on |
| 10698 | 1139 // NV slot |
| 10699 | 1140 if(!NvTestSpace(entrySize, TRUE)) return TPM_RC_NV_SPACE; |
| 10700 | 1141 |
| 10701 | 1142 // if the index to be defined is RAM backed, check RAM space availability |
| 10702 | 1143 // as well |
| 10703 | 1144 if(publicArea->attributes.TPMA_NV_ORDERLY == SET |
| 10704 | 1145 && !NvTestRAMSpace(publicArea->dataSize)) |
| 10705 | 1146 return TPM_RC_NV_SPACE; |
| 10706 | 1147 |
| 10707 | 1148 // Copy input value to nvBuffer |
| 10708 | 1149 // Copy handle |
| 10709 | 1150 * (TPM_HANDLE *) nvBuffer = publicArea->nvIndex; |
| 10710 | 1151 |
| 10711 | 1152 // Copy NV_INDEX |
| 10712 | 1153 nvIndex = (NV_INDEX *) (nvBuffer + sizeof(TPM_HANDLE)); |
| 10713 | 1154 nvIndex->publicArea = *publicArea; |
| 10714 | 1155 nvIndex->authValue = *authValue; |
| 10715 | 1156 |
| 10716 | 1157 // Add index to NV memory |
| 10717 | 1158 NvAdd(entrySize, sizeof(TPM_HANDLE) + sizeof(NV_INDEX), nvBuffer); |
| 10718 | 1159 |
| 10719 | 1160 // If the data of NV Index is RAM backed, add the data area in RAM as well |
| 10720 | 1161 if(publicArea->attributes.TPMA_NV_ORDERLY == SET) |
| 10721 | 1162 NvAddRAM(publicArea->nvIndex, publicArea->dataSize); |
| 10722 | 1163 |
| 10723 | 1164 return TPM_RC_SUCCESS; |
| 10724 | 1165 } |
| 10725 | |
| 10726 | |
| 10727 | 8.4.7.14 NvAddEvictObject() |
| 10728 | |
| 10729 | This function is used to assign NV memory to a persistent object. |
| 10730 | |
| 10731 | Error Returns Meaning |
| 10732 | |
| 10733 | TPM_RC_NV_HANDLE the requested handle is already in use |
| 10734 | TPM_RC_NV_SPACE insufficient NV space |
| 10735 | |
| 10736 | 1166 TPM_RC |
| 10737 | 1167 NvAddEvictObject( |
| 10738 | 1168 TPMI_DH_OBJECT evictHandle, // IN: new evict handle |
| 10739 | |
| 10740 | |
| 10741 | Page 144 TCG Published Family "2.0" |
| 10742 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 10743 | Part 4: Supporting Routines Trusted Platform Module Library |
| 10744 | |
| 10745 | 1169 OBJECT *object // IN: object to be added |
| 10746 | 1170 ) |
| 10747 | 1171 { |
| 10748 | 1172 // The buffer to be written to NV memory |
| 10749 | 1173 BYTE nvBuffer[sizeof(TPM_HANDLE) + sizeof(OBJECT)]; |
| 10750 | 1174 |
| 10751 | 1175 OBJECT *nvObject; // a pointer to the OBJECT data in |
| 10752 | 1176 // nvBuffer |
| 10753 | 1177 UINT16 entrySize; // size of entry |
| 10754 | 1178 |
| 10755 | 1179 // evict handle type should match the object hierarchy |
| 10756 | 1180 pAssert( ( NvIsPlatformPersistentHandle(evictHandle) |
| 10757 | 1181 && object->attributes.ppsHierarchy == SET) |
| 10758 | 1182 || ( NvIsOwnerPersistentHandle(evictHandle) |
| 10759 | 1183 && ( object->attributes.spsHierarchy == SET |
| 10760 | 1184 || object->attributes.epsHierarchy == SET))); |
| 10761 | 1185 |
| 10762 | 1186 // An evict needs 4 bytes of handle + sizeof OBJECT |
| 10763 | 1187 entrySize = sizeof(TPM_HANDLE) + sizeof(OBJECT); |
| 10764 | 1188 |
| 10765 | 1189 // Check if we have enough space to add the evict object |
| 10766 | 1190 // An evict object needs 8 bytes in index table + sizeof OBJECT |
| 10767 | 1191 // In this implementation, the only resource limitation is the available NV |
| 10768 | 1192 // space. Other implementation may have other limitation on evict object |
| 10769 | 1193 // handle space |
| 10770 | 1194 if(!NvTestSpace(entrySize, FALSE)) return TPM_RC_NV_SPACE; |
| 10771 | 1195 |
| 10772 | 1196 // Allocate a new evict handle |
| 10773 | 1197 if(!NvIsUndefinedEvictHandle(evictHandle)) |
| 10774 | 1198 return TPM_RC_NV_DEFINED; |
| 10775 | 1199 |
| 10776 | 1200 // Copy evict object to nvBuffer |
| 10777 | 1201 // Copy handle |
| 10778 | 1202 * (TPM_HANDLE *) nvBuffer = evictHandle; |
| 10779 | 1203 |
| 10780 | 1204 // Copy OBJECT |
| 10781 | 1205 nvObject = (OBJECT *) (nvBuffer + sizeof(TPM_HANDLE)); |
| 10782 | 1206 *nvObject = *object; |
| 10783 | 1207 |
| 10784 | 1208 // Set evict attribute and handle |
| 10785 | 1209 nvObject->attributes.evict = SET; |
| 10786 | 1210 nvObject->evictHandle = evictHandle; |
| 10787 | 1211 |
| 10788 | 1212 // Add evict to NV memory |
| 10789 | 1213 NvAdd(entrySize, entrySize, nvBuffer); |
| 10790 | 1214 |
| 10791 | 1215 return TPM_RC_SUCCESS; |
| 10792 | 1216 |
| 10793 | 1217 } |
| 10794 | |
| 10795 | |
| 10796 | 8.4.7.15 NvDeleteEntity() |
| 10797 | |
| 10798 | This function will delete a NV Index or an evict object. |
| 10799 | This function requires that the index/evict object has been defined. |
| 10800 | |
| 10801 | 1218 void |
| 10802 | 1219 NvDeleteEntity( |
| 10803 | 1220 TPM_HANDLE handle // IN: handle of entity to be deleted |
| 10804 | 1221 ) |
| 10805 | 1222 { |
| 10806 | 1223 UINT32 entityAddr; // pointer to entity |
| 10807 | 1224 |
| 10808 | 1225 entityAddr = NvFindHandle(handle); |
| 10809 | 1226 pAssert(entityAddr != 0); |
| 10810 | |
| 10811 | Family "2.0" TCG Published Page 145 |
| 10812 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 10813 | Trusted Platform Module Library Part 4: Supporting Routines |
| 10814 | |
| 10815 | 1227 |
| 10816 | 1228 if(HandleGetType(handle) == TPM_HT_NV_INDEX) |
| 10817 | 1229 { |
| 10818 | 1230 NV_INDEX nvIndex; |
| 10819 | 1231 |
| 10820 | 1232 // Read the NV Index info |
| 10821 | 1233 _plat__NvMemoryRead(entityAddr + sizeof(TPM_HANDLE), sizeof(NV_INDEX), |
| 10822 | 1234 &nvIndex); |
| 10823 | 1235 |
| 10824 | 1236 // If the entity to be deleted is a counter with the maximum counter |
| 10825 | 1237 // value, record it in NV memory |
| 10826 | 1238 if(nvIndex.publicArea.attributes.TPMA_NV_COUNTER == SET |
| 10827 | 1239 && nvIndex.publicArea.attributes.TPMA_NV_WRITTEN == SET) |
| 10828 | 1240 { |
| 10829 | 1241 UINT64 countValue; |
| 10830 | 1242 UINT64 maxCount; |
| 10831 | 1243 NvGetIntIndexData(handle, &nvIndex, &countValue); |
| 10832 | 1244 maxCount = NvReadMaxCount(); |
| 10833 | 1245 if(countValue > maxCount) |
| 10834 | 1246 NvWriteMaxCount(countValue); |
| 10835 | 1247 } |
| 10836 | 1248 // If the NV Index is RAM back, delete the RAM data as well |
| 10837 | 1249 if(nvIndex.publicArea.attributes.TPMA_NV_ORDERLY == SET) |
| 10838 | 1250 NvDeleteRAM(handle); |
| 10839 | 1251 } |
| 10840 | 1252 NvDelete(entityAddr); |
| 10841 | 1253 |
| 10842 | 1254 return; |
| 10843 | 1255 |
| 10844 | 1256 } |
| 10845 | |
| 10846 | |
| 10847 | 8.4.7.16 NvFlushHierarchy() |
| 10848 | |
| 10849 | This function will delete persistent objects belonging to the indicated If the storage hierarchy is selected, |
| 10850 | the function will also delete any NV Index define using ownerAuth. |
| 10851 | |
| 10852 | 1257 void |
| 10853 | 1258 NvFlushHierarchy( |
| 10854 | 1259 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. |
| 10855 | 1260 ) |
| 10856 | 1261 { |
| 10857 | 1262 NV_ITER iter = NV_ITER_INIT; |
| 10858 | 1263 UINT32 currentAddr; |
| 10859 | 1264 |
| 10860 | 1265 while((currentAddr = NvNext(&iter)) != 0) |
| 10861 | 1266 { |
| 10862 | 1267 TPM_HANDLE entityHandle; |
| 10863 | 1268 |
| 10864 | 1269 // Read handle information. |
| 10865 | 1270 _plat__NvMemoryRead(currentAddr, sizeof(TPM_HANDLE), &entityHandle); |
| 10866 | 1271 |
| 10867 | 1272 if(HandleGetType(entityHandle) == TPM_HT_NV_INDEX) |
| 10868 | 1273 { |
| 10869 | 1274 // Handle NV Index |
| 10870 | 1275 NV_INDEX nvIndex; |
| 10871 | 1276 |
| 10872 | 1277 // If flush endorsement or platform hierarchy, no NV Index would be |
| 10873 | 1278 // flushed |
| 10874 | 1279 if(hierarchy == TPM_RH_ENDORSEMENT || hierarchy == TPM_RH_PLATFORM) |
| 10875 | 1280 continue; |
| 10876 | 1281 _plat__NvMemoryRead(currentAddr + sizeof(TPM_HANDLE), |
| 10877 | 1282 sizeof(NV_INDEX), &nvIndex); |
| 10878 | 1283 |
| 10879 | 1284 // For storage hierarchy, flush OwnerCreated index |
| 10880 | |
| 10881 | Page 146 TCG Published Family "2.0" |
| 10882 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 10883 | Part 4: Supporting Routines Trusted Platform Module Library |
| 10884 | |
| 10885 | 1285 if( nvIndex.publicArea.attributes.TPMA_NV_PLATFORMCREATE == CLEAR) |
| 10886 | 1286 { |
| 10887 | 1287 // Delete the NV Index |
| 10888 | 1288 NvDelete(currentAddr); |
| 10889 | 1289 |
| 10890 | 1290 // Re-iterate from beginning after a delete |
| 10891 | 1291 iter = NV_ITER_INIT; |
| 10892 | 1292 |
| 10893 | 1293 // If the NV Index is RAM back, delete the RAM data as well |
| 10894 | 1294 if(nvIndex.publicArea.attributes.TPMA_NV_ORDERLY == SET) |
| 10895 | 1295 NvDeleteRAM(entityHandle); |
| 10896 | 1296 } |
| 10897 | 1297 } |
| 10898 | 1298 else if(HandleGetType(entityHandle) == TPM_HT_PERSISTENT) |
| 10899 | 1299 { |
| 10900 | 1300 OBJECT object; |
| 10901 | 1301 |
| 10902 | 1302 // Get evict object |
| 10903 | 1303 NvGetEvictObject(entityHandle, &object); |
| 10904 | 1304 |
| 10905 | 1305 // If the evict object belongs to the hierarchy to be flushed |
| 10906 | 1306 if( ( hierarchy == TPM_RH_PLATFORM |
| 10907 | 1307 && object.attributes.ppsHierarchy == SET) |
| 10908 | 1308 || ( hierarchy == TPM_RH_OWNER |
| 10909 | 1309 && object.attributes.spsHierarchy == SET) |
| 10910 | 1310 || ( hierarchy == TPM_RH_ENDORSEMENT |
| 10911 | 1311 && object.attributes.epsHierarchy == SET) |
| 10912 | 1312 ) |
| 10913 | 1313 { |
| 10914 | 1314 // Delete the evict object |
| 10915 | 1315 NvDelete(currentAddr); |
| 10916 | 1316 |
| 10917 | 1317 // Re-iterate from beginning after a delete |
| 10918 | 1318 iter = NV_ITER_INIT; |
| 10919 | 1319 } |
| 10920 | 1320 } |
| 10921 | 1321 else |
| 10922 | 1322 { |
| 10923 | 1323 pAssert(FALSE); |
| 10924 | 1324 } |
| 10925 | 1325 } |
| 10926 | 1326 |
| 10927 | 1327 return; |
| 10928 | 1328 } |
| 10929 | |
| 10930 | |
| 10931 | 8.4.7.17 NvSetGlobalLock() |
| 10932 | |
| 10933 | This function is used to SET the TPMA_NV_WRITELOCKED attribute for all NV Indices that have |
| 10934 | TPMA_NV_GLOBALLOCK SET. This function is use by TPM2_NV_GlobalWriteLock(). |
| 10935 | |
| 10936 | 1329 void |
| 10937 | 1330 NvSetGlobalLock( |
| 10938 | 1331 void |
| 10939 | 1332 ) |
| 10940 | 1333 { |
| 10941 | 1334 NV_ITER iter = NV_ITER_INIT; |
| 10942 | 1335 UINT32 currentAddr; |
| 10943 | 1336 |
| 10944 | 1337 // Check all Indices |
| 10945 | 1338 while((currentAddr = NvNextIndex(&iter)) != 0) |
| 10946 | 1339 { |
| 10947 | 1340 NV_INDEX nvIndex; |
| 10948 | 1341 |
| 10949 | 1342 // Read the index data |
| 10950 | |
| 10951 | Family "2.0" TCG Published Page 147 |
| 10952 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 10953 | Trusted Platform Module Library Part 4: Supporting Routines |
| 10954 | |
| 10955 | 1343 _plat__NvMemoryRead(currentAddr + sizeof(TPM_HANDLE), |
| 10956 | 1344 sizeof(NV_INDEX), &nvIndex); |
| 10957 | 1345 |
| 10958 | 1346 // See if it should be locked |
| 10959 | 1347 if(nvIndex.publicArea.attributes.TPMA_NV_GLOBALLOCK == SET) |
| 10960 | 1348 { |
| 10961 | 1349 |
| 10962 | 1350 // if so, lock it |
| 10963 | 1351 nvIndex.publicArea.attributes.TPMA_NV_WRITELOCKED = SET; |
| 10964 | 1352 |
| 10965 | 1353 _plat__NvMemoryWrite(currentAddr + sizeof(TPM_HANDLE), |
| 10966 | 1354 sizeof(NV_INDEX), &nvIndex); |
| 10967 | 1355 // Set the flag that a NV write happens |
| 10968 | 1356 g_updateNV = TRUE; |
| 10969 | 1357 } |
| 10970 | 1358 } |
| 10971 | 1359 |
| 10972 | 1360 return; |
| 10973 | 1361 |
| 10974 | 1362 } |
| 10975 | |
| 10976 | |
| 10977 | 8.4.7.18 InsertSort() |
| 10978 | |
| 10979 | Sort a handle into handle list in ascending order. The total handle number in the list should not exceed |
| 10980 | MAX_CAP_HANDLES |
| 10981 | |
| 10982 | 1363 static void |
| 10983 | 1364 InsertSort( |
| 10984 | 1365 TPML_HANDLE *handleList, // IN/OUT: sorted handle list |
| 10985 | 1366 UINT32 count, // IN: maximum count in the handle list |
| 10986 | 1367 TPM_HANDLE entityHandle // IN: handle to be inserted |
| 10987 | 1368 ) |
| 10988 | 1369 { |
| 10989 | 1370 UINT32 i, j; |
| 10990 | 1371 UINT32 originalCount; |
| 10991 | 1372 |
| 10992 | 1373 // For a corner case that the maximum count is 0, do nothing |
| 10993 | 1374 if(count == 0) return; |
| 10994 | 1375 |
| 10995 | 1376 // For empty list, add the handle at the beginning and return |
| 10996 | 1377 if(handleList->count == 0) |
| 10997 | 1378 { |
| 10998 | 1379 handleList->handle[0] = entityHandle; |
| 10999 | 1380 handleList->count++; |
| 11000 | 1381 return; |
| 11001 | 1382 } |
| 11002 | 1383 |
| 11003 | 1384 // Check if the maximum of the list has been reached |
| 11004 | 1385 originalCount = handleList->count; |
| 11005 | 1386 if(originalCount < count) |
| 11006 | 1387 handleList->count++; |
| 11007 | 1388 |
| 11008 | 1389 // Insert the handle to the list |
| 11009 | 1390 for(i = 0; i < originalCount; i++) |
| 11010 | 1391 { |
| 11011 | 1392 if(handleList->handle[i] > entityHandle) |
| 11012 | 1393 { |
| 11013 | 1394 for(j = handleList->count - 1; j > i; j--) |
| 11014 | 1395 { |
| 11015 | 1396 handleList->handle[j] = handleList->handle[j-1]; |
| 11016 | 1397 } |
| 11017 | 1398 break; |
| 11018 | 1399 } |
| 11019 | 1400 } |
| 11020 | |
| 11021 | Page 148 TCG Published Family "2.0" |
| 11022 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 11023 | Part 4: Supporting Routines Trusted Platform Module Library |
| 11024 | |
| 11025 | 1401 |
| 11026 | 1402 // If a slot was found, insert the handle in this position |
| 11027 | 1403 if(i < originalCount || handleList->count > originalCount) |
| 11028 | 1404 handleList->handle[i] = entityHandle; |
| 11029 | 1405 |
| 11030 | 1406 return; |
| 11031 | 1407 } |
| 11032 | |
| 11033 | |
| 11034 | 8.4.7.19 NvCapGetPersistent() |
| 11035 | |
| 11036 | This function is used to get a list of handles of the persistent objects, starting at handle. |
| 11037 | Handle must be in valid persistent object handle range, but does not have to reference an existing |
| 11038 | persistent object. |
| 11039 | |
| 11040 | Return Value Meaning |
| 11041 | |
| 11042 | YES if there are more handles available |
| 11043 | NO all the available handles has been returned |
| 11044 | |
| 11045 | 1408 TPMI_YES_NO |
| 11046 | 1409 NvCapGetPersistent( |
| 11047 | 1410 TPMI_DH_OBJECT handle, // IN: start handle |
| 11048 | 1411 UINT32 count, // IN: maximum number of returned handle |
| 11049 | 1412 TPML_HANDLE *handleList // OUT: list of handle |
| 11050 | 1413 ) |
| 11051 | 1414 { |
| 11052 | 1415 TPMI_YES_NO more = NO; |
| 11053 | 1416 NV_ITER iter = NV_ITER_INIT; |
| 11054 | 1417 UINT32 currentAddr; |
| 11055 | 1418 |
| 11056 | 1419 pAssert(HandleGetType(handle) == TPM_HT_PERSISTENT); |
| 11057 | 1420 |
| 11058 | 1421 // Initialize output handle list |
| 11059 | 1422 handleList->count = 0; |
| 11060 | 1423 |
| 11061 | 1424 // The maximum count of handles we may return is MAX_CAP_HANDLES |
| 11062 | 1425 if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; |
| 11063 | 1426 |
| 11064 | 1427 while((currentAddr = NvNextEvict(&iter)) != 0) |
| 11065 | 1428 { |
| 11066 | 1429 TPM_HANDLE entityHandle; |
| 11067 | 1430 |
| 11068 | 1431 // Read handle information. |
| 11069 | 1432 _plat__NvMemoryRead(currentAddr, sizeof(TPM_HANDLE), &entityHandle); |
| 11070 | 1433 |
| 11071 | 1434 // Ignore persistent handles that have values less than the input handle |
| 11072 | 1435 if(entityHandle < handle) |
| 11073 | 1436 continue; |
| 11074 | 1437 |
| 11075 | 1438 // if the handles in the list have reached the requested count, and there |
| 11076 | 1439 // are still handles need to be inserted, indicate that there are more. |
| 11077 | 1440 if(handleList->count == count) |
| 11078 | 1441 more = YES; |
| 11079 | 1442 |
| 11080 | 1443 // A handle with a value larger than start handle is a candidate |
| 11081 | 1444 // for return. Insert sort it to the return list. Insert sort algorithm |
| 11082 | 1445 // is chosen here for simplicity based on the assumption that the total |
| 11083 | 1446 // number of NV Indices is small. For an implementation that may allow |
| 11084 | 1447 // large number of NV Indices, a more efficient sorting algorithm may be |
| 11085 | 1448 // used here. |
| 11086 | 1449 InsertSort(handleList, count, entityHandle); |
| 11087 | 1450 |
| 11088 | |
| 11089 | |
| 11090 | Family "2.0" TCG Published Page 149 |
| 11091 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 11092 | Trusted Platform Module Library Part 4: Supporting Routines |
| 11093 | |
| 11094 | 1451 } |
| 11095 | 1452 return more; |
| 11096 | 1453 } |
| 11097 | |
| 11098 | |
| 11099 | 8.4.7.20 NvCapGetIndex() |
| 11100 | |
| 11101 | This function returns a list of handles of NV Indices, starting from handle. Handle must be in the range of |
| 11102 | NV Indices, but does not have to reference an existing NV Index. |
| 11103 | |
| 11104 | Return Value Meaning |
| 11105 | |
| 11106 | YES if there are more handles to report |
| 11107 | NO all the available handles has been reported |
| 11108 | |
| 11109 | 1454 TPMI_YES_NO |
| 11110 | 1455 NvCapGetIndex( |
| 11111 | 1456 TPMI_DH_OBJECT handle, // IN: start handle |
| 11112 | 1457 UINT32 count, // IN: maximum number of returned handle |
| 11113 | 1458 TPML_HANDLE *handleList // OUT: list of handle |
| 11114 | 1459 ) |
| 11115 | 1460 { |
| 11116 | 1461 TPMI_YES_NO more = NO; |
| 11117 | 1462 NV_ITER iter = NV_ITER_INIT; |
| 11118 | 1463 UINT32 currentAddr; |
| 11119 | 1464 |
| 11120 | 1465 pAssert(HandleGetType(handle) == TPM_HT_NV_INDEX); |
| 11121 | 1466 |
| 11122 | 1467 // Initialize output handle list |
| 11123 | 1468 handleList->count = 0; |
| 11124 | 1469 |
| 11125 | 1470 // The maximum count of handles we may return is MAX_CAP_HANDLES |
| 11126 | 1471 if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; |
| 11127 | 1472 |
| 11128 | 1473 while((currentAddr = NvNextIndex(&iter)) != 0) |
| 11129 | 1474 { |
| 11130 | 1475 TPM_HANDLE entityHandle; |
| 11131 | 1476 |
| 11132 | 1477 // Read handle information. |
| 11133 | 1478 _plat__NvMemoryRead(currentAddr, sizeof(TPM_HANDLE), &entityHandle); |
| 11134 | 1479 |
| 11135 | 1480 // Ignore index handles that have values less than the 'handle' |
| 11136 | 1481 if(entityHandle < handle) |
| 11137 | 1482 continue; |
| 11138 | 1483 |
| 11139 | 1484 // if the count of handles in the list has reached the requested count, |
| 11140 | 1485 // and there are still handles to report, set more. |
| 11141 | 1486 if(handleList->count == count) |
| 11142 | 1487 more = YES; |
| 11143 | 1488 |
| 11144 | 1489 // A handle with a value larger than start handle is a candidate |
| 11145 | 1490 // for return. Insert sort it to the return list. Insert sort algorithm |
| 11146 | 1491 // is chosen here for simplicity based on the assumption that the total |
| 11147 | 1492 // number of NV Indices is small. For an implementation that may allow |
| 11148 | 1493 // large number of NV Indices, a more efficient sorting algorithm may be |
| 11149 | 1494 // used here. |
| 11150 | 1495 InsertSort(handleList, count, entityHandle); |
| 11151 | 1496 } |
| 11152 | 1497 return more; |
| 11153 | 1498 } |
| 11154 | |
| 11155 | |
| 11156 | |
| 11157 | |
| 11158 | Page 150 TCG Published Family "2.0" |
| 11159 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 11160 | Part 4: Supporting Routines Trusted Platform Module Library |
| 11161 | |
| 11162 | 8.4.7.21 NvCapGetIndexNumber() |
| 11163 | |
| 11164 | This function returns the count of NV Indexes currently defined. |
| 11165 | |
| 11166 | 1499 UINT32 |
| 11167 | 1500 NvCapGetIndexNumber( |
| 11168 | 1501 void |
| 11169 | 1502 ) |
| 11170 | 1503 { |
| 11171 | 1504 UINT32 num = 0; |
| 11172 | 1505 NV_ITER iter = NV_ITER_INIT; |
| 11173 | 1506 |
| 11174 | 1507 while(NvNextIndex(&iter) != 0) num++; |
| 11175 | 1508 |
| 11176 | 1509 return num; |
| 11177 | 1510 } |
| 11178 | |
| 11179 | |
| 11180 | 8.4.7.22 NvCapGetPersistentNumber() |
| 11181 | |
| 11182 | Function returns the count of persistent objects currently in NV memory. |
| 11183 | |
| 11184 | 1511 UINT32 |
| 11185 | 1512 NvCapGetPersistentNumber( |
| 11186 | 1513 void |
| 11187 | 1514 ) |
| 11188 | 1515 { |
| 11189 | 1516 UINT32 num = 0; |
| 11190 | 1517 NV_ITER iter = NV_ITER_INIT; |
| 11191 | 1518 |
| 11192 | 1519 while(NvNextEvict(&iter) != 0) num++; |
| 11193 | 1520 |
| 11194 | 1521 return num; |
| 11195 | 1522 } |
| 11196 | |
| 11197 | |
| 11198 | 8.4.7.23 NvCapGetPersistentAvail() |
| 11199 | |
| 11200 | This function returns an estimate of the number of additional persistent objects that could be loaded into |
| 11201 | NV memory. |
| 11202 | |
| 11203 | 1523 UINT32 |
| 11204 | 1524 NvCapGetPersistentAvail( |
| 11205 | 1525 void |
| 11206 | 1526 ) |
| 11207 | 1527 { |
| 11208 | 1528 UINT32 availSpace; |
| 11209 | 1529 UINT32 objectSpace; |
| 11210 | 1530 |
| 11211 | 1531 // Compute the available space in NV storage |
| 11212 | 1532 availSpace = NvGetFreeByte(); |
| 11213 | 1533 |
| 11214 | 1534 // Get the space needed to add a persistent object to NV storage |
| 11215 | 1535 objectSpace = NvGetEvictObjectSize(); |
| 11216 | 1536 |
| 11217 | 1537 return availSpace / objectSpace; |
| 11218 | 1538 } |
| 11219 | |
| 11220 | |
| 11221 | 8.4.7.24 NvCapGetCounterNumber() |
| 11222 | |
| 11223 | Get the number of defined NV Indexes that have NV TPMA_NV_COUNTER attribute SET. |
| 11224 | |
| 11225 | |
| 11226 | |
| 11227 | Family "2.0" TCG Published Page 151 |
| 11228 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 11229 | Trusted Platform Module Library Part 4: Supporting Routines |
| 11230 | |
| 11231 | 1539 UINT32 |
| 11232 | 1540 NvCapGetCounterNumber( |
| 11233 | 1541 void |
| 11234 | 1542 ) |
| 11235 | 1543 { |
| 11236 | 1544 NV_ITER iter = NV_ITER_INIT; |
| 11237 | 1545 UINT32 currentAddr; |
| 11238 | 1546 UINT32 num = 0; |
| 11239 | 1547 |
| 11240 | 1548 while((currentAddr = NvNextIndex(&iter)) != 0) |
| 11241 | 1549 { |
| 11242 | 1550 NV_INDEX nvIndex; |
| 11243 | 1551 |
| 11244 | 1552 // Get NV Index info |
| 11245 | 1553 _plat__NvMemoryRead(currentAddr + sizeof(TPM_HANDLE), |
| 11246 | 1554 sizeof(NV_INDEX), &nvIndex); |
| 11247 | 1555 if(nvIndex.publicArea.attributes.TPMA_NV_COUNTER == SET) num++; |
| 11248 | 1556 } |
| 11249 | 1557 |
| 11250 | 1558 return num; |
| 11251 | 1559 } |
| 11252 | |
| 11253 | |
| 11254 | 8.4.7.25 NvCapGetCounterAvail() |
| 11255 | |
| 11256 | This function returns an estimate of the number of additional counter type NV Indices that can be defined. |
| 11257 | |
| 11258 | 1560 UINT32 |
| 11259 | 1561 NvCapGetCounterAvail( |
| 11260 | 1562 void |
| 11261 | 1563 ) |
| 11262 | 1564 { |
| 11263 | 1565 UINT32 availNVSpace; |
| 11264 | 1566 UINT32 availRAMSpace; |
| 11265 | 1567 UINT32 counterNVSpace; |
| 11266 | 1568 UINT32 counterRAMSpace; |
| 11267 | 1569 UINT32 persistentNum = NvCapGetPersistentNumber(); |
| 11268 | 1570 |
| 11269 | 1571 // Get the available space in NV storage |
| 11270 | 1572 availNVSpace = NvGetFreeByte(); |
| 11271 | 1573 |
| 11272 | 1574 if (persistentNum < MIN_EVICT_OBJECTS) |
| 11273 | 1575 { |
| 11274 | 1576 // Some space have to be reserved for evict object. Adjust availNVSpace. |
| 11275 | 1577 UINT32 reserved = (MIN_EVICT_OBJECTS - persistentNum) |
| 11276 | 1578 * NvGetEvictObjectSize(); |
| 11277 | 1579 if (reserved > availNVSpace) |
| 11278 | 1580 availNVSpace = 0; |
| 11279 | 1581 else |
| 11280 | 1582 availNVSpace -= reserved; |
| 11281 | 1583 } |
| 11282 | 1584 |
| 11283 | 1585 // Get the space needed to add a counter index to NV storage |
| 11284 | 1586 counterNVSpace = NvGetCounterSize(); |
| 11285 | 1587 |
| 11286 | 1588 // Compute the available space in RAM |
| 11287 | 1589 availRAMSpace = RAM_INDEX_SPACE - s_ramIndexSize; |
| 11288 | 1590 |
| 11289 | 1591 // Compute the space needed to add a counter index to RAM storage |
| 11290 | 1592 // It takes an size field, a handle and sizeof(UINT64) for counter data |
| 11291 | 1593 counterRAMSpace = sizeof(UINT32) + sizeof(TPM_HANDLE) + sizeof(UINT64); |
| 11292 | 1594 |
| 11293 | 1595 // Return the min of counter number in NV and in RAM |
| 11294 | 1596 if(availNVSpace / counterNVSpace > availRAMSpace / counterRAMSpace) |
| 11295 | 1597 return availRAMSpace / counterRAMSpace; |
| 11296 | |
| 11297 | Page 152 TCG Published Family "2.0" |
| 11298 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 11299 | Part 4: Supporting Routines Trusted Platform Module Library |
| 11300 | |
| 11301 | 1598 else |
| 11302 | 1599 return availNVSpace / counterNVSpace; |
| 11303 | 1600 } |
| 11304 | |
| 11305 | |
| 11306 | 8.5 Object.c |
| 11307 | |
| 11308 | 8.5.1 Introduction |
| 11309 | |
| 11310 | This file contains the functions that manage the object store of the TPM. |
| 11311 | |
| 11312 | 8.5.2 Includes and Data Definitions |
| 11313 | |
| 11314 | 1 #define OBJECT_C |
| 11315 | 2 #include "InternalRoutines.h" |
| 11316 | 3 #include <Platform.h> |
| 11317 | |
| 11318 | |
| 11319 | 8.5.3 Functions |
| 11320 | |
| 11321 | 8.5.3.1 ObjectStartup() |
| 11322 | |
| 11323 | This function is called at TPM2_Startup() to initialize the object subsystem. |
| 11324 | |
| 11325 | 4 void |
| 11326 | 5 ObjectStartup( |
| 11327 | 6 void |
| 11328 | 7 ) |
| 11329 | 8 { |
| 11330 | 9 UINT32 i; |
| 11331 | 10 |
| 11332 | 11 // object slots initialization |
| 11333 | 12 for(i = 0; i < MAX_LOADED_OBJECTS; i++) |
| 11334 | 13 { |
| 11335 | 14 //Set the slot to not occupied |
| 11336 | 15 s_objects[i].occupied = FALSE; |
| 11337 | 16 } |
| 11338 | 17 return; |
| 11339 | 18 } |
| 11340 | |
| 11341 | |
| 11342 | 8.5.3.2 ObjectCleanupEvict() |
| 11343 | |
| 11344 | In this implementation, a persistent object is moved from NV into an object slot for processing. It is |
| 11345 | flushed after command execution. This function is called from ExecuteCommand(). |
| 11346 | |
| 11347 | 19 void |
| 11348 | 20 ObjectCleanupEvict( |
| 11349 | 21 void |
| 11350 | 22 ) |
| 11351 | 23 { |
| 11352 | 24 UINT32 i; |
| 11353 | 25 |
| 11354 | 26 // This has to be iterated because a command may have two handles |
| 11355 | 27 // and they may both be persistent. |
| 11356 | 28 // This could be made to be more efficient so that a search is not needed. |
| 11357 | 29 for(i = 0; i < MAX_LOADED_OBJECTS; i++) |
| 11358 | 30 { |
| 11359 | 31 // If an object is a temporary evict object, flush it from slot |
| 11360 | 32 if(s_objects[i].object.entity.attributes.evict == SET) |
| 11361 | 33 s_objects[i].occupied = FALSE; |
| 11362 | 34 } |
| 11363 | |
| 11364 | Family "2.0" TCG Published Page 153 |
| 11365 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 11366 | Trusted Platform Module Library Part 4: Supporting Routines |
| 11367 | |
| 11368 | 35 |
| 11369 | 36 return; |
| 11370 | 37 } |
| 11371 | |
| 11372 | |
| 11373 | 8.5.3.3 ObjectIsPresent() |
| 11374 | |
| 11375 | This function checks to see if a transient handle references a loaded object. This routine should not be |
| 11376 | called if the handle is not a transient handle. The function validates that the handle is in the |
| 11377 | implementation-dependent allowed in range for loaded transient objects. |
| 11378 | |
| 11379 | Return Value Meaning |
| 11380 | |
| 11381 | TRUE if the handle references a loaded object |
| 11382 | FALSE if the handle is not an object handle, or it does not reference to a |
| 11383 | loaded object |
| 11384 | |
| 11385 | 38 BOOL |
| 11386 | 39 ObjectIsPresent( |
| 11387 | 40 TPMI_DH_OBJECT handle // IN: handle to be checked |
| 11388 | 41 ) |
| 11389 | 42 { |
| 11390 | 43 UINT32 slotIndex; // index of object slot |
| 11391 | 44 |
| 11392 | 45 pAssert(HandleGetType(handle) == TPM_HT_TRANSIENT); |
| 11393 | 46 |
| 11394 | 47 // The index in the loaded object array is found by subtracting the first |
| 11395 | 48 // object handle number from the input handle number. If the indicated |
| 11396 | 49 // slot is occupied, then indicate that there is already is a loaded |
| 11397 | 50 // object associated with the handle. |
| 11398 | 51 slotIndex = handle - TRANSIENT_FIRST; |
| 11399 | 52 if(slotIndex >= MAX_LOADED_OBJECTS) |
| 11400 | 53 return FALSE; |
| 11401 | 54 |
| 11402 | 55 return s_objects[slotIndex].occupied; |
| 11403 | 56 } |
| 11404 | |
| 11405 | |
| 11406 | 8.5.3.4 ObjectIsSequence() |
| 11407 | |
| 11408 | This function is used to check if the object is a sequence object. This function should not be called if the |
| 11409 | handle does not reference a loaded object. |
| 11410 | |
| 11411 | Return Value Meaning |
| 11412 | |
| 11413 | TRUE object is an HMAC, hash, or event sequence object |
| 11414 | FALSE object is not an HMAC, hash, or event sequence object |
| 11415 | |
| 11416 | 57 BOOL |
| 11417 | 58 ObjectIsSequence( |
| 11418 | 59 OBJECT *object // IN: handle to be checked |
| 11419 | 60 ) |
| 11420 | 61 { |
| 11421 | 62 pAssert (object != NULL); |
| 11422 | 63 if( object->attributes.hmacSeq == SET |
| 11423 | 64 || object->attributes.hashSeq == SET |
| 11424 | 65 || object->attributes.eventSeq == SET) |
| 11425 | 66 return TRUE; |
| 11426 | 67 else |
| 11427 | 68 return FALSE; |
| 11428 | 69 } |
| 11429 | |
| 11430 | |
| 11431 | |
| 11432 | Page 154 TCG Published Family "2.0" |
| 11433 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 11434 | Part 4: Supporting Routines Trusted Platform Module Library |
| 11435 | |
| 11436 | 8.5.3.5 ObjectGet() |
| 11437 | |
| 11438 | This function is used to find the object structure associated with a handle. |
| 11439 | This function requires that handle references a loaded object. |
| 11440 | |
| 11441 | 70 OBJECT* |
| 11442 | 71 ObjectGet( |
| 11443 | 72 TPMI_DH_OBJECT handle // IN: handle of the object |
| 11444 | 73 ) |
| 11445 | 74 { |
| 11446 | 75 pAssert( handle >= TRANSIENT_FIRST |
| 11447 | 76 && handle - TRANSIENT_FIRST < MAX_LOADED_OBJECTS); |
| 11448 | 77 pAssert(s_objects[handle - TRANSIENT_FIRST].occupied == TRUE); |
| 11449 | 78 |
| 11450 | 79 // In this implementation, the handle is determined by the slot occupied by the |
| 11451 | 80 // object. |
| 11452 | 81 return &s_objects[handle - TRANSIENT_FIRST].object.entity; |
| 11453 | 82 } |
| 11454 | |
| 11455 | |
| 11456 | 8.5.3.6 ObjectGetName() |
| 11457 | |
| 11458 | This function is used to access the Name of the object. In this implementation, the Name is computed |
| 11459 | when the object is loaded and is saved in the internal representation of the object. This function copies |
| 11460 | the Name data from the object into the buffer at name and returns the number of octets copied. |
| 11461 | This function requires that handle references a loaded object. |
| 11462 | |
| 11463 | 83 UINT16 |
| 11464 | 84 ObjectGetName( |
| 11465 | 85 TPMI_DH_OBJECT handle, // IN: handle of the object |
| 11466 | 86 NAME *name // OUT: name of the object |
| 11467 | 87 ) |
| 11468 | 88 { |
| 11469 | 89 OBJECT *object = ObjectGet(handle); |
| 11470 | 90 if(object->publicArea.nameAlg == TPM_ALG_NULL) |
| 11471 | 91 return 0; |
| 11472 | 92 |
| 11473 | 93 // Copy the Name data to the output |
| 11474 | 94 MemoryCopy(name, object->name.t.name, object->name.t.size, sizeof(NAME)); |
| 11475 | 95 return object->name.t.size; |
| 11476 | 96 } |
| 11477 | |
| 11478 | |
| 11479 | 8.5.3.7 ObjectGetNameAlg() |
| 11480 | |
| 11481 | This function is used to get the Name algorithm of a object. |
| 11482 | This function requires that handle references a loaded object. |
| 11483 | |
| 11484 | 97 TPMI_ALG_HASH |
| 11485 | 98 ObjectGetNameAlg( |
| 11486 | 99 TPMI_DH_OBJECT handle // IN: handle of the object |
| 11487 | 100 ) |
| 11488 | 101 { |
| 11489 | 102 OBJECT *object = ObjectGet(handle); |
| 11490 | 103 |
| 11491 | 104 return object->publicArea.nameAlg; |
| 11492 | 105 } |
| 11493 | |
| 11494 | |
| 11495 | |
| 11496 | |
| 11497 | Family "2.0" TCG Published Page 155 |
| 11498 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 11499 | Trusted Platform Module Library Part 4: Supporting Routines |
| 11500 | |
| 11501 | 8.5.3.8 ObjectGetQualifiedName() |
| 11502 | |
| 11503 | This function returns the Qualified Name of the object. In this implementation, the Qualified Name is |
| 11504 | computed when the object is loaded and is saved in the internal representation of the object. The |
| 11505 | alternative would be to retain the Name of the parent and compute the QN when needed. This would take |
| 11506 | the same amount of space so it is not recommended that the alternate be used. |
| 11507 | This function requires that handle references a loaded object. |
| 11508 | |
| 11509 | 106 void |
| 11510 | 107 ObjectGetQualifiedName( |
| 11511 | 108 TPMI_DH_OBJECT handle, // IN: handle of the object |
| 11512 | 109 TPM2B_NAME *qualifiedName // OUT: qualified name of the object |
| 11513 | 110 ) |
| 11514 | 111 { |
| 11515 | 112 OBJECT *object = ObjectGet(handle); |
| 11516 | 113 if(object->publicArea.nameAlg == TPM_ALG_NULL) |
| 11517 | 114 qualifiedName->t.size = 0; |
| 11518 | 115 else |
| 11519 | 116 // Copy the name |
| 11520 | 117 *qualifiedName = object->qualifiedName; |
| 11521 | 118 |
| 11522 | 119 return; |
| 11523 | 120 } |
| 11524 | |
| 11525 | |
| 11526 | 8.5.3.9 ObjectDataGetHierarchy() |
| 11527 | |
| 11528 | This function returns the handle for the hierarchy of an object. |
| 11529 | |
| 11530 | 121 TPMI_RH_HIERARCHY |
| 11531 | 122 ObjectDataGetHierarchy( |
| 11532 | 123 OBJECT *object // IN :object |
| 11533 | 124 ) |
| 11534 | 125 { |
| 11535 | 126 if(object->attributes.spsHierarchy) |
| 11536 | 127 { |
| 11537 | 128 return TPM_RH_OWNER; |
| 11538 | 129 } |
| 11539 | 130 else if(object->attributes.epsHierarchy) |
| 11540 | 131 { |
| 11541 | 132 return TPM_RH_ENDORSEMENT; |
| 11542 | 133 } |
| 11543 | 134 else if(object->attributes.ppsHierarchy) |
| 11544 | 135 { |
| 11545 | 136 return TPM_RH_PLATFORM; |
| 11546 | 137 } |
| 11547 | 138 else |
| 11548 | 139 { |
| 11549 | 140 return TPM_RH_NULL; |
| 11550 | 141 } |
| 11551 | 142 |
| 11552 | 143 } |
| 11553 | |
| 11554 | |
| 11555 | 8.5.3.10 ObjectGetHierarchy() |
| 11556 | |
| 11557 | This function returns the handle of the hierarchy to which a handle belongs. This function is similar to |
| 11558 | ObjectDataGetHierarchy() but this routine takes a handle but ObjectDataGetHierarchy() takes an pointer |
| 11559 | to an object. |
| 11560 | This function requires that handle references a loaded object. |
| 11561 | |
| 11562 | 144 TPMI_RH_HIERARCHY |
| 11563 | |
| 11564 | Page 156 TCG Published Family "2.0" |
| 11565 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 11566 | Part 4: Supporting Routines Trusted Platform Module Library |
| 11567 | |
| 11568 | 145 ObjectGetHierarchy( |
| 11569 | 146 TPMI_DH_OBJECT handle // IN :object handle |
| 11570 | 147 ) |
| 11571 | 148 { |
| 11572 | 149 OBJECT *object = ObjectGet(handle); |
| 11573 | 150 |
| 11574 | 151 return ObjectDataGetHierarchy(object); |
| 11575 | 152 } |
| 11576 | |
| 11577 | |
| 11578 | 8.5.3.11 ObjectAllocateSlot() |
| 11579 | |
| 11580 | This function is used to allocate a slot in internal object array. |
| 11581 | |
| 11582 | Return Value Meaning |
| 11583 | |
| 11584 | TRUE allocate success |
| 11585 | FALSE do not have free slot |
| 11586 | |
| 11587 | 153 static BOOL |
| 11588 | 154 ObjectAllocateSlot( |
| 11589 | 155 TPMI_DH_OBJECT *handle, // OUT: handle of allocated object |
| 11590 | 156 OBJECT **object // OUT: points to the allocated object |
| 11591 | 157 ) |
| 11592 | 158 { |
| 11593 | 159 UINT32 i; |
| 11594 | 160 |
| 11595 | 161 // find an unoccupied handle slot |
| 11596 | 162 for(i = 0; i < MAX_LOADED_OBJECTS; i++) |
| 11597 | 163 { |
| 11598 | 164 if(!s_objects[i].occupied) // If found a free slot |
| 11599 | 165 { |
| 11600 | 166 // Mark the slot as occupied |
| 11601 | 167 s_objects[i].occupied = TRUE; |
| 11602 | 168 break; |
| 11603 | 169 } |
| 11604 | 170 } |
| 11605 | 171 // If we reach the end of object slot without finding a free one, return |
| 11606 | 172 // error. |
| 11607 | 173 if(i == MAX_LOADED_OBJECTS) return FALSE; |
| 11608 | 174 |
| 11609 | 175 *handle = i + TRANSIENT_FIRST; |
| 11610 | 176 *object = &s_objects[i].object.entity; |
| 11611 | 177 |
| 11612 | 178 // Initialize the object attributes |
| 11613 | 179 MemorySet(&((*object)->attributes), 0, sizeof(OBJECT_ATTRIBUTES)); |
| 11614 | 180 |
| 11615 | 181 return TRUE; |
| 11616 | 182 } |
| 11617 | |
| 11618 | |
| 11619 | 8.5.3.12 ObjectLoad() |
| 11620 | |
| 11621 | This function loads an object into an internal object structure. If an error is returned, the internal state is |
| 11622 | unchanged. |
| 11623 | |
| 11624 | |
| 11625 | |
| 11626 | |
| 11627 | Family "2.0" TCG Published Page 157 |
| 11628 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 11629 | Trusted Platform Module Library Part 4: Supporting Routines |
| 11630 | |
| 11631 | |
| 11632 | Error Returns Meaning |
| 11633 | |
| 11634 | TPM_RC_BINDING if the public and sensitive parts of the object are not matched |
| 11635 | TPM_RC_KEY if the parameters in the public area of the object are not consistent |
| 11636 | TPM_RC_OBJECT_MEMORY if there is no free slot for an object |
| 11637 | TPM_RC_TYPE the public and private parts are not the same type |
| 11638 | |
| 11639 | 183 TPM_RC |
| 11640 | 184 ObjectLoad( |
| 11641 | 185 TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy to which the object belongs |
| 11642 | 186 TPMT_PUBLIC *publicArea, // IN: public area |
| 11643 | 187 TPMT_SENSITIVE *sensitive, // IN: sensitive area (may be null) |
| 11644 | 188 TPM2B_NAME *name, // IN: object's name (may be null) |
| 11645 | 189 TPM_HANDLE parentHandle, // IN: handle of parent |
| 11646 | 190 BOOL skipChecks, // IN: flag to indicate if it is OK to skip |
| 11647 | 191 // consistency checks. |
| 11648 | 192 TPMI_DH_OBJECT *handle // OUT: object handle |
| 11649 | 193 ) |
| 11650 | 194 { |
| 11651 | 195 OBJECT *object = NULL; |
| 11652 | 196 OBJECT *parent = NULL; |
| 11653 | 197 TPM_RC result = TPM_RC_SUCCESS; |
| 11654 | 198 TPM2B_NAME parentQN; // Parent qualified name |
| 11655 | 199 |
| 11656 | 200 // Try to allocate a slot for new object |
| 11657 | 201 if(!ObjectAllocateSlot(handle, &object)) |
| 11658 | 202 return TPM_RC_OBJECT_MEMORY; |
| 11659 | 203 |
| 11660 | 204 // Initialize public |
| 11661 | 205 object->publicArea = *publicArea; |
| 11662 | 206 if(sensitive != NULL) |
| 11663 | 207 object->sensitive = *sensitive; |
| 11664 | 208 |
| 11665 | 209 // Are the consistency checks needed |
| 11666 | 210 if(!skipChecks) |
| 11667 | 211 { |
| 11668 | 212 // Check if key size matches |
| 11669 | 213 if(!CryptObjectIsPublicConsistent(&object->publicArea)) |
| 11670 | 214 { |
| 11671 | 215 result = TPM_RC_KEY; |
| 11672 | 216 goto ErrorExit; |
| 11673 | 217 } |
| 11674 | 218 if(sensitive != NULL) |
| 11675 | 219 { |
| 11676 | 220 // Check if public type matches sensitive type |
| 11677 | 221 result = CryptObjectPublicPrivateMatch(object); |
| 11678 | 222 if(result != TPM_RC_SUCCESS) |
| 11679 | 223 goto ErrorExit; |
| 11680 | 224 } |
| 11681 | 225 } |
| 11682 | 226 object->attributes.publicOnly = (sensitive == NULL); |
| 11683 | 227 |
| 11684 | 228 // If 'name' is NULL, then there is nothing left to do for this |
| 11685 | 229 // object as it has no qualified name and it is not a member of any |
| 11686 | 230 // hierarchy and it is temporary |
| 11687 | 231 if(name == NULL || name->t.size == 0) |
| 11688 | 232 { |
| 11689 | 233 object->qualifiedName.t.size = 0; |
| 11690 | 234 object->name.t.size = 0; |
| 11691 | 235 object->attributes.temporary = SET; |
| 11692 | 236 return TPM_RC_SUCCESS; |
| 11693 | 237 } |
| 11694 | 238 // If parent handle is a permanent handle, it is a primary or temporary |
| 11695 | |
| 11696 | Page 158 TCG Published Family "2.0" |
| 11697 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 11698 | Part 4: Supporting Routines Trusted Platform Module Library |
| 11699 | |
| 11700 | 239 // object |
| 11701 | 240 if(HandleGetType(parentHandle) == TPM_HT_PERMANENT) |
| 11702 | 241 { |
| 11703 | 242 // initialize QN |
| 11704 | 243 parentQN.t.size = 4; |
| 11705 | 244 |
| 11706 | 245 // for a primary key, parent qualified name is the handle of hierarchy |
| 11707 | 246 UINT32_TO_BYTE_ARRAY(parentHandle, parentQN.t.name); |
| 11708 | 247 } |
| 11709 | 248 else |
| 11710 | 249 { |
| 11711 | 250 // Get hierarchy and qualified name of parent |
| 11712 | 251 ObjectGetQualifiedName(parentHandle, &parentQN); |
| 11713 | 252 |
| 11714 | 253 // Check for stClear object |
| 11715 | 254 parent = ObjectGet(parentHandle); |
| 11716 | 255 if( publicArea->objectAttributes.stClear == SET |
| 11717 | 256 || parent->attributes.stClear == SET) |
| 11718 | 257 object->attributes.stClear = SET; |
| 11719 | 258 |
| 11720 | 259 } |
| 11721 | 260 object->name = *name; |
| 11722 | 261 |
| 11723 | 262 // Compute object qualified name |
| 11724 | 263 ObjectComputeQualifiedName(&parentQN, publicArea->nameAlg, |
| 11725 | 264 name, &object->qualifiedName); |
| 11726 | 265 |
| 11727 | 266 // Any object in TPM_RH_NULL hierarchy is temporary |
| 11728 | 267 if(hierarchy == TPM_RH_NULL) |
| 11729 | 268 { |
| 11730 | 269 object->attributes.temporary = SET; |
| 11731 | 270 } |
| 11732 | 271 else if(parentQN.t.size == sizeof(TPM_HANDLE)) |
| 11733 | 272 { |
| 11734 | 273 // Otherwise, if the size of parent's qualified name is the size of a |
| 11735 | 274 // handle, this object is a primary object |
| 11736 | 275 object->attributes.primary = SET; |
| 11737 | 276 } |
| 11738 | 277 switch(hierarchy) |
| 11739 | 278 { |
| 11740 | 279 case TPM_RH_PLATFORM: |
| 11741 | 280 object->attributes.ppsHierarchy = SET; |
| 11742 | 281 break; |
| 11743 | 282 case TPM_RH_OWNER: |
| 11744 | 283 object->attributes.spsHierarchy = SET; |
| 11745 | 284 break; |
| 11746 | 285 case TPM_RH_ENDORSEMENT: |
| 11747 | 286 object->attributes.epsHierarchy = SET; |
| 11748 | 287 break; |
| 11749 | 288 case TPM_RH_NULL: |
| 11750 | 289 break; |
| 11751 | 290 default: |
| 11752 | 291 pAssert(FALSE); |
| 11753 | 292 break; |
| 11754 | 293 } |
| 11755 | 294 return TPM_RC_SUCCESS; |
| 11756 | 295 |
| 11757 | 296 ErrorExit: |
| 11758 | 297 ObjectFlush(*handle); |
| 11759 | 298 return result; |
| 11760 | 299 } |
| 11761 | |
| 11762 | |
| 11763 | |
| 11764 | |
| 11765 | Family "2.0" TCG Published Page 159 |
| 11766 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 11767 | Trusted Platform Module Library Part 4: Supporting Routines |
| 11768 | |
| 11769 | 8.5.3.13 AllocateSequenceSlot() |
| 11770 | |
| 11771 | This function allocates a sequence slot and initializes the parts that are used by the normal objects so |
| 11772 | that a sequence object is not inadvertently used for an operation that is not appropriate for a sequence. |
| 11773 | |
| 11774 | 300 static BOOL |
| 11775 | 301 AllocateSequenceSlot( |
| 11776 | 302 TPM_HANDLE *newHandle, // OUT: receives the allocated handle |
| 11777 | 303 HASH_OBJECT **object, // OUT: receives pointer to allocated object |
| 11778 | 304 TPM2B_AUTH *auth // IN: the authValue for the slot |
| 11779 | 305 ) |
| 11780 | 306 { |
| 11781 | 307 OBJECT *objectHash; // the hash as an object |
| 11782 | 308 |
| 11783 | 309 if(!ObjectAllocateSlot(newHandle, &objectHash)) |
| 11784 | 310 return FALSE; |
| 11785 | 311 |
| 11786 | 312 *object = (HASH_OBJECT *)objectHash; |
| 11787 | 313 |
| 11788 | 314 // Validate that the proper location of the hash state data relative to the |
| 11789 | 315 // object state data. |
| 11790 | 316 pAssert(&((*object)->auth) == &objectHash->publicArea.authPolicy); |
| 11791 | 317 |
| 11792 | 318 // Set the common values that a sequence object shares with an ordinary object |
| 11793 | 319 // The type is TPM_ALG_NULL |
| 11794 | 320 (*object)->type = TPM_ALG_NULL; |
| 11795 | 321 |
| 11796 | 322 // This has no name algorithm and the name is the Empty Buffer |
| 11797 | 323 (*object)->nameAlg = TPM_ALG_NULL; |
| 11798 | 324 |
| 11799 | 325 // Clear the attributes |
| 11800 | 326 MemorySet(&((*object)->objectAttributes), 0, sizeof(TPMA_OBJECT)); |
| 11801 | 327 |
| 11802 | 328 // A sequence object is considered to be in the NULL hierarchy so it should |
| 11803 | 329 // be marked as temporary so that it can't be persisted |
| 11804 | 330 (*object)->attributes.temporary = SET; |
| 11805 | 331 |
| 11806 | 332 // A sequence object is DA exempt. |
| 11807 | 333 (*object)->objectAttributes.noDA = SET; |
| 11808 | 334 |
| 11809 | 335 if(auth != NULL) |
| 11810 | 336 { |
| 11811 | 337 MemoryRemoveTrailingZeros(auth); |
| 11812 | 338 (*object)->auth = *auth; |
| 11813 | 339 } |
| 11814 | 340 else |
| 11815 | 341 (*object)->auth.t.size = 0; |
| 11816 | 342 return TRUE; |
| 11817 | 343 } |
| 11818 | |
| 11819 | |
| 11820 | 8.5.3.14 ObjectCreateHMACSequence() |
| 11821 | |
| 11822 | This function creates an internal HMAC sequence object. |
| 11823 | |
| 11824 | Error Returns Meaning |
| 11825 | |
| 11826 | TPM_RC_OBJECT_MEMORY if there is no free slot for an object |
| 11827 | |
| 11828 | 344 TPM_RC |
| 11829 | 345 ObjectCreateHMACSequence( |
| 11830 | 346 TPMI_ALG_HASH hashAlg, // IN: hash algorithm |
| 11831 | 347 TPM_HANDLE handle, // IN: the handle associated with sequence |
| 11832 | 348 // object |
| 11833 | |
| 11834 | Page 160 TCG Published Family "2.0" |
| 11835 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 11836 | Part 4: Supporting Routines Trusted Platform Module Library |
| 11837 | |
| 11838 | 349 TPM2B_AUTH *auth, // IN: authValue |
| 11839 | 350 TPMI_DH_OBJECT *newHandle // OUT: HMAC sequence object handle |
| 11840 | 351 ) |
| 11841 | 352 { |
| 11842 | 353 HASH_OBJECT *hmacObject; |
| 11843 | 354 OBJECT *keyObject; |
| 11844 | 355 |
| 11845 | 356 // Try to allocate a slot for new object |
| 11846 | 357 if(!AllocateSequenceSlot(newHandle, &hmacObject, auth)) |
| 11847 | 358 return TPM_RC_OBJECT_MEMORY; |
| 11848 | 359 |
| 11849 | 360 // Set HMAC sequence bit |
| 11850 | 361 hmacObject->attributes.hmacSeq = SET; |
| 11851 | 362 |
| 11852 | 363 // Get pointer to the HMAC key object |
| 11853 | 364 keyObject = ObjectGet(handle); |
| 11854 | 365 |
| 11855 | 366 CryptStartHMACSequence2B(hashAlg, &keyObject->sensitive.sensitive.bits.b, |
| 11856 | 367 &hmacObject->state.hmacState); |
| 11857 | 368 |
| 11858 | 369 return TPM_RC_SUCCESS; |
| 11859 | 370 } |
| 11860 | |
| 11861 | |
| 11862 | 8.5.3.15 ObjectCreateHashSequence() |
| 11863 | |
| 11864 | This function creates a hash sequence object. |
| 11865 | |
| 11866 | Error Returns Meaning |
| 11867 | |
| 11868 | TPM_RC_OBJECT_MEMORY if there is no free slot for an object |
| 11869 | |
| 11870 | 371 TPM_RC |
| 11871 | 372 ObjectCreateHashSequence( |
| 11872 | 373 TPMI_ALG_HASH hashAlg, // IN: hash algorithm |
| 11873 | 374 TPM2B_AUTH *auth, // IN: authValue |
| 11874 | 375 TPMI_DH_OBJECT *newHandle // OUT: sequence object handle |
| 11875 | 376 ) |
| 11876 | 377 { |
| 11877 | 378 HASH_OBJECT *hashObject; |
| 11878 | 379 |
| 11879 | 380 // Try to allocate a slot for new object |
| 11880 | 381 if(!AllocateSequenceSlot(newHandle, &hashObject, auth)) |
| 11881 | 382 return TPM_RC_OBJECT_MEMORY; |
| 11882 | 383 |
| 11883 | 384 // Set hash sequence bit |
| 11884 | 385 hashObject->attributes.hashSeq = SET; |
| 11885 | 386 |
| 11886 | 387 // Start hash for hash sequence |
| 11887 | 388 CryptStartHashSequence(hashAlg, &hashObject->state.hashState[0]); |
| 11888 | 389 |
| 11889 | 390 return TPM_RC_SUCCESS; |
| 11890 | 391 } |
| 11891 | |
| 11892 | |
| 11893 | 8.5.3.16 ObjectCreateEventSequence() |
| 11894 | |
| 11895 | This function creates an event sequence object. |
| 11896 | |
| 11897 | Error Returns Meaning |
| 11898 | |
| 11899 | TPM_RC_OBJECT_MEMORY if there is no free slot for an object |
| 11900 | |
| 11901 | 392 TPM_RC |
| 11902 | |
| 11903 | Family "2.0" TCG Published Page 161 |
| 11904 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 11905 | Trusted Platform Module Library Part 4: Supporting Routines |
| 11906 | |
| 11907 | 393 ObjectCreateEventSequence( |
| 11908 | 394 TPM2B_AUTH *auth, // IN: authValue |
| 11909 | 395 TPMI_DH_OBJECT *newHandle // OUT: sequence object handle |
| 11910 | 396 ) |
| 11911 | 397 { |
| 11912 | 398 HASH_OBJECT *hashObject; |
| 11913 | 399 UINT32 count; |
| 11914 | 400 TPM_ALG_ID hash; |
| 11915 | 401 |
| 11916 | 402 // Try to allocate a slot for new object |
| 11917 | 403 if(!AllocateSequenceSlot(newHandle, &hashObject, auth)) |
| 11918 | 404 return TPM_RC_OBJECT_MEMORY; |
| 11919 | 405 |
| 11920 | 406 // Set the event sequence attribute |
| 11921 | 407 hashObject->attributes.eventSeq = SET; |
| 11922 | 408 |
| 11923 | 409 // Initialize hash states for each implemented PCR algorithms |
| 11924 | 410 for(count = 0; (hash = CryptGetHashAlgByIndex(count)) != TPM_ALG_NULL; count++) |
| 11925 | 411 { |
| 11926 | 412 // If this is a _TPM_Init or _TPM_HashStart, the sequence object will |
| 11927 | 413 // not leave the TPM so it doesn't need the sequence handling |
| 11928 | 414 if(auth == NULL) |
| 11929 | 415 CryptStartHash(hash, &hashObject->state.hashState[count]); |
| 11930 | 416 else |
| 11931 | 417 CryptStartHashSequence(hash, &hashObject->state.hashState[count]); |
| 11932 | 418 } |
| 11933 | 419 return TPM_RC_SUCCESS; |
| 11934 | 420 } |
| 11935 | |
| 11936 | |
| 11937 | 8.5.3.17 ObjectTerminateEvent() |
| 11938 | |
| 11939 | This function is called to close out the event sequence and clean up the hash context states. |
| 11940 | |
| 11941 | 421 void |
| 11942 | 422 ObjectTerminateEvent( |
| 11943 | 423 void |
| 11944 | 424 ) |
| 11945 | 425 { |
| 11946 | 426 HASH_OBJECT *hashObject; |
| 11947 | 427 int count; |
| 11948 | 428 BYTE buffer[MAX_DIGEST_SIZE]; |
| 11949 | 429 hashObject = (HASH_OBJECT *)ObjectGet(g_DRTMHandle); |
| 11950 | 430 |
| 11951 | 431 // Don't assume that this is a proper sequence object |
| 11952 | 432 if(hashObject->attributes.eventSeq) |
| 11953 | 433 { |
| 11954 | 434 // If it is, close any open hash contexts. This is done in case |
| 11955 | 435 // the crypto implementation has some context values that need to be |
| 11956 | 436 // cleaned up (hygiene). |
| 11957 | 437 // |
| 11958 | 438 for(count = 0; CryptGetHashAlgByIndex(count) != TPM_ALG_NULL; count++) |
| 11959 | 439 { |
| 11960 | 440 CryptCompleteHash(&hashObject->state.hashState[count], 0, buffer); |
| 11961 | 441 } |
| 11962 | 442 // Flush sequence object |
| 11963 | 443 ObjectFlush(g_DRTMHandle); |
| 11964 | 444 } |
| 11965 | 445 |
| 11966 | 446 g_DRTMHandle = TPM_RH_UNASSIGNED; |
| 11967 | 447 } |
| 11968 | |
| 11969 | |
| 11970 | |
| 11971 | |
| 11972 | Page 162 TCG Published Family "2.0" |
| 11973 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 11974 | Part 4: Supporting Routines Trusted Platform Module Library |
| 11975 | |
| 11976 | 8.5.3.18 ObjectContextLoad() |
| 11977 | |
| 11978 | This function loads an object from a saved object context. |
| 11979 | |
| 11980 | Error Returns Meaning |
| 11981 | |
| 11982 | TPM_RC_OBJECT_MEMORY if there is no free slot for an object |
| 11983 | |
| 11984 | 448 TPM_RC |
| 11985 | 449 ObjectContextLoad( |
| 11986 | 450 OBJECT *object, // IN: object structure from saved context |
| 11987 | 451 TPMI_DH_OBJECT *handle // OUT: object handle |
| 11988 | 452 ) |
| 11989 | 453 { |
| 11990 | 454 OBJECT *newObject; |
| 11991 | 455 |
| 11992 | 456 // Try to allocate a slot for new object |
| 11993 | 457 if(!ObjectAllocateSlot(handle, &newObject)) |
| 11994 | 458 return TPM_RC_OBJECT_MEMORY; |
| 11995 | 459 |
| 11996 | 460 // Copy input object data to internal structure |
| 11997 | 461 *newObject = *object; |
| 11998 | 462 |
| 11999 | 463 return TPM_RC_SUCCESS; |
| 12000 | 464 } |
| 12001 | |
| 12002 | |
| 12003 | 8.5.3.19 ObjectFlush() |
| 12004 | |
| 12005 | This function frees an object slot. |
| 12006 | This function requires that the object is loaded. |
| 12007 | |
| 12008 | 465 void |
| 12009 | 466 ObjectFlush( |
| 12010 | 467 TPMI_DH_OBJECT handle // IN: handle to be freed |
| 12011 | 468 ) |
| 12012 | 469 { |
| 12013 | 470 UINT32 index = handle - TRANSIENT_FIRST; |
| 12014 | 471 pAssert(ObjectIsPresent(handle)); |
| 12015 | 472 |
| 12016 | 473 // Mark the handle slot as unoccupied |
| 12017 | 474 s_objects[index].occupied = FALSE; |
| 12018 | 475 |
| 12019 | 476 // With no attributes |
| 12020 | 477 MemorySet((BYTE*)&(s_objects[index].object.entity.attributes), |
| 12021 | 478 0, sizeof(OBJECT_ATTRIBUTES)); |
| 12022 | 479 return; |
| 12023 | 480 } |
| 12024 | |
| 12025 | |
| 12026 | 8.5.3.20 ObjectFlushHierarchy() |
| 12027 | |
| 12028 | This function is called to flush all the loaded transient objects associated with a hierarchy when the |
| 12029 | hierarchy is disabled. |
| 12030 | |
| 12031 | 481 void |
| 12032 | 482 ObjectFlushHierarchy( |
| 12033 | 483 TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flush |
| 12034 | 484 ) |
| 12035 | 485 { |
| 12036 | 486 UINT16 i; |
| 12037 | 487 |
| 12038 | 488 // iterate object slots |
| 12039 | |
| 12040 | Family "2.0" TCG Published Page 163 |
| 12041 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 12042 | Trusted Platform Module Library Part 4: Supporting Routines |
| 12043 | |
| 12044 | 489 for(i = 0; i < MAX_LOADED_OBJECTS; i++) |
| 12045 | 490 { |
| 12046 | 491 if(s_objects[i].occupied) // If found an occupied slot |
| 12047 | 492 { |
| 12048 | 493 switch(hierarchy) |
| 12049 | 494 { |
| 12050 | 495 case TPM_RH_PLATFORM: |
| 12051 | 496 if(s_objects[i].object.entity.attributes.ppsHierarchy == SET) |
| 12052 | 497 s_objects[i].occupied = FALSE; |
| 12053 | 498 break; |
| 12054 | 499 case TPM_RH_OWNER: |
| 12055 | 500 if(s_objects[i].object.entity.attributes.spsHierarchy == SET) |
| 12056 | 501 s_objects[i].occupied = FALSE; |
| 12057 | 502 break; |
| 12058 | 503 case TPM_RH_ENDORSEMENT: |
| 12059 | 504 if(s_objects[i].object.entity.attributes.epsHierarchy == SET) |
| 12060 | 505 s_objects[i].occupied = FALSE; |
| 12061 | 506 break; |
| 12062 | 507 default: |
| 12063 | 508 pAssert(FALSE); |
| 12064 | 509 break; |
| 12065 | 510 } |
| 12066 | 511 } |
| 12067 | 512 } |
| 12068 | 513 |
| 12069 | 514 return; |
| 12070 | 515 |
| 12071 | 516 } |
| 12072 | |
| 12073 | |
| 12074 | 8.5.3.21 ObjectLoadEvict() |
| 12075 | |
| 12076 | This function loads a persistent object into a transient object slot. |
| 12077 | This function requires that handle is associated with a persistent object. |
| 12078 | |
| 12079 | Error Returns Meaning |
| 12080 | |
| 12081 | TPM_RC_HANDLE the persistent object does not exist or the associated hierarchy is |
| 12082 | disabled. |
| 12083 | TPM_RC_OBJECT_MEMORY no object slot |
| 12084 | |
| 12085 | 517 TPM_RC |
| 12086 | 518 ObjectLoadEvict( |
| 12087 | 519 TPM_HANDLE *handle, // IN:OUT: evict object handle. If success, it |
| 12088 | 520 // will be replace by the loaded object handle |
| 12089 | 521 TPM_CC commandCode // IN: the command being processed |
| 12090 | 522 ) |
| 12091 | 523 { |
| 12092 | 524 TPM_RC result; |
| 12093 | 525 TPM_HANDLE evictHandle = *handle; // Save the evict handle |
| 12094 | 526 OBJECT *object; |
| 12095 | 527 |
| 12096 | 528 // If this is an index that references a persistent object created by |
| 12097 | 529 // the platform, then return TPM_RH_HANDLE if the phEnable is FALSE |
| 12098 | 530 if(*handle >= PLATFORM_PERSISTENT) |
| 12099 | 531 { |
| 12100 | 532 // belongs to platform |
| 12101 | 533 if(g_phEnable == CLEAR) |
| 12102 | 534 return TPM_RC_HANDLE; |
| 12103 | 535 } |
| 12104 | 536 // belongs to owner |
| 12105 | 537 else if(gc.shEnable == CLEAR) |
| 12106 | 538 return TPM_RC_HANDLE; |
| 12107 | 539 |
| 12108 | |
| 12109 | Page 164 TCG Published Family "2.0" |
| 12110 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 12111 | Part 4: Supporting Routines Trusted Platform Module Library |
| 12112 | |
| 12113 | 540 // Try to allocate a slot for an object |
| 12114 | 541 if(!ObjectAllocateSlot(handle, &object)) |
| 12115 | 542 return TPM_RC_OBJECT_MEMORY; |
| 12116 | 543 |
| 12117 | 544 // Copy persistent object to transient object slot. A TPM_RC_HANDLE |
| 12118 | 545 // may be returned at this point. This will mark the slot as containing |
| 12119 | 546 // a transient object so that it will be flushed at the end of the |
| 12120 | 547 // command |
| 12121 | 548 result = NvGetEvictObject(evictHandle, object); |
| 12122 | 549 |
| 12123 | 550 // Bail out if this failed |
| 12124 | 551 if(result != TPM_RC_SUCCESS) |
| 12125 | 552 return result; |
| 12126 | 553 |
| 12127 | 554 // check the object to see if it is in the endorsement hierarchy |
| 12128 | 555 // if it is and this is not a TPM2_EvictControl() command, indicate |
| 12129 | 556 // that the hierarchy is disabled. |
| 12130 | 557 // If the associated hierarchy is disabled, make it look like the |
| 12131 | 558 // handle is not defined |
| 12132 | 559 if( ObjectDataGetHierarchy(object) == TPM_RH_ENDORSEMENT |
| 12133 | 560 && gc.ehEnable == CLEAR |
| 12134 | 561 && commandCode != TPM_CC_EvictControl |
| 12135 | 562 ) |
| 12136 | 563 return TPM_RC_HANDLE; |
| 12137 | 564 |
| 12138 | 565 return result; |
| 12139 | 566 } |
| 12140 | |
| 12141 | |
| 12142 | 8.5.3.22 ObjectComputeName() |
| 12143 | |
| 12144 | This function computes the Name of an object from its public area. |
| 12145 | |
| 12146 | 567 void |
| 12147 | 568 ObjectComputeName( |
| 12148 | 569 TPMT_PUBLIC *publicArea, // IN: public area of an object |
| 12149 | 570 TPM2B_NAME *name // OUT: name of the object |
| 12150 | 571 ) |
| 12151 | 572 { |
| 12152 | 573 TPM2B_PUBLIC marshalBuffer; |
| 12153 | 574 BYTE *buffer; // auxiliary marshal buffer pointer |
| 12154 | 575 HASH_STATE hashState; // hash state |
| 12155 | 576 |
| 12156 | 577 // if the nameAlg is NULL then there is no name. |
| 12157 | 578 if(publicArea->nameAlg == TPM_ALG_NULL) |
| 12158 | 579 { |
| 12159 | 580 name->t.size = 0; |
| 12160 | 581 return; |
| 12161 | 582 } |
| 12162 | 583 // Start hash stack |
| 12163 | 584 name->t.size = CryptStartHash(publicArea->nameAlg, &hashState); |
| 12164 | 585 |
| 12165 | 586 // Marshal the public area into its canonical form |
| 12166 | 587 buffer = marshalBuffer.b.buffer; |
| 12167 | 588 |
| 12168 | 589 marshalBuffer.t.size = TPMT_PUBLIC_Marshal(publicArea, &buffer, NULL); |
| 12169 | 590 |
| 12170 | 591 // Adding public area |
| 12171 | 592 CryptUpdateDigest2B(&hashState, &marshalBuffer.b); |
| 12172 | 593 |
| 12173 | 594 // Complete hash leaving room for the name algorithm |
| 12174 | 595 CryptCompleteHash(&hashState, name->t.size, &name->t.name[2]); |
| 12175 | 596 |
| 12176 | 597 // set the nameAlg |
| 12177 | 598 UINT16_TO_BYTE_ARRAY(publicArea->nameAlg, name->t.name); |
| 12178 | |
| 12179 | |
| 12180 | Family "2.0" TCG Published Page 165 |
| 12181 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 12182 | Trusted Platform Module Library Part 4: Supporting Routines |
| 12183 | |
| 12184 | 599 name->t.size += 2; |
| 12185 | 600 return; |
| 12186 | 601 } |
| 12187 | |
| 12188 | |
| 12189 | 8.5.3.23 ObjectComputeQualifiedName() |
| 12190 | |
| 12191 | This function computes the qualified name of an object. |
| 12192 | |
| 12193 | 602 void |
| 12194 | 603 ObjectComputeQualifiedName( |
| 12195 | 604 TPM2B_NAME *parentQN, // IN: parent's qualified name |
| 12196 | 605 TPM_ALG_ID nameAlg, // IN: name hash |
| 12197 | 606 TPM2B_NAME *name, // IN: name of the object |
| 12198 | 607 TPM2B_NAME *qualifiedName // OUT: qualified name of the object |
| 12199 | 608 ) |
| 12200 | 609 { |
| 12201 | 610 HASH_STATE hashState; // hash state |
| 12202 | 611 |
| 12203 | 612 // QN_A = hash_A (QN of parent || NAME_A) |
| 12204 | 613 |
| 12205 | 614 // Start hash |
| 12206 | 615 qualifiedName->t.size = CryptStartHash(nameAlg, &hashState); |
| 12207 | 616 |
| 12208 | 617 // Add parent's qualified name |
| 12209 | 618 CryptUpdateDigest2B(&hashState, &parentQN->b); |
| 12210 | 619 |
| 12211 | 620 // Add self name |
| 12212 | 621 CryptUpdateDigest2B(&hashState, &name->b); |
| 12213 | 622 |
| 12214 | 623 // Complete hash leaving room for the name algorithm |
| 12215 | 624 CryptCompleteHash(&hashState, qualifiedName->t.size, |
| 12216 | 625 &qualifiedName->t.name[2]); |
| 12217 | 626 UINT16_TO_BYTE_ARRAY(nameAlg, qualifiedName->t.name); |
| 12218 | 627 qualifiedName->t.size += 2; |
| 12219 | 628 return; |
| 12220 | 629 } |
| 12221 | |
| 12222 | |
| 12223 | 8.5.3.24 ObjectDataIsStorage() |
| 12224 | |
| 12225 | This function determines if a public area has the attributes associated with a storage key. A storage key is |
| 12226 | an asymmetric object that has its restricted and decrypt attributes SET, and sign CLEAR. |
| 12227 | |
| 12228 | Return Value Meaning |
| 12229 | |
| 12230 | TRUE if the object is a storage key |
| 12231 | FALSE if the object is not a storage key |
| 12232 | |
| 12233 | 630 BOOL |
| 12234 | 631 ObjectDataIsStorage( |
| 12235 | 632 TPMT_PUBLIC *publicArea // IN: public area of the object |
| 12236 | 633 ) |
| 12237 | 634 { |
| 12238 | 635 if( CryptIsAsymAlgorithm(publicArea->type) // must be asymmetric, |
| 12239 | 636 && publicArea->objectAttributes.restricted == SET // restricted, |
| 12240 | 637 && publicArea->objectAttributes.decrypt == SET // decryption key |
| 12241 | 638 && publicArea->objectAttributes.sign == CLEAR // can not be sign key |
| 12242 | 639 ) |
| 12243 | 640 return TRUE; |
| 12244 | 641 else |
| 12245 | 642 return FALSE; |
| 12246 | 643 } |
| 12247 | |
| 12248 | |
| 12249 | Page 166 TCG Published Family "2.0" |
| 12250 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 12251 | Part 4: Supporting Routines Trusted Platform Module Library |
| 12252 | |
| 12253 | 8.5.3.25 ObjectIsStorage() |
| 12254 | |
| 12255 | This function determines if an object has the attributes associated with a storage key. A storage key is an |
| 12256 | asymmetric object that has its restricted and decrypt attributes SET, and sign CLEAR. |
| 12257 | |
| 12258 | Return Value Meaning |
| 12259 | |
| 12260 | TRUE if the object is a storage key |
| 12261 | FALSE if the object is not a storage key |
| 12262 | |
| 12263 | 644 BOOL |
| 12264 | 645 ObjectIsStorage( |
| 12265 | 646 TPMI_DH_OBJECT handle // IN: object handle |
| 12266 | 647 ) |
| 12267 | 648 { |
| 12268 | 649 OBJECT *object = ObjectGet(handle); |
| 12269 | 650 return ObjectDataIsStorage(&object->publicArea); |
| 12270 | 651 } |
| 12271 | |
| 12272 | |
| 12273 | 8.5.3.26 ObjectCapGetLoaded() |
| 12274 | |
| 12275 | This function returns a a list of handles of loaded object, starting from handle. Handle must be in the |
| 12276 | range of valid transient object handles, but does not have to be the handle of a loaded transient object. |
| 12277 | |
| 12278 | Return Value Meaning |
| 12279 | |
| 12280 | YES if there are more handles available |
| 12281 | NO all the available handles has been returned |
| 12282 | |
| 12283 | 652 TPMI_YES_NO |
| 12284 | 653 ObjectCapGetLoaded( |
| 12285 | 654 TPMI_DH_OBJECT handle, // IN: start handle |
| 12286 | 655 UINT32 count, // IN: count of returned handles |
| 12287 | 656 TPML_HANDLE *handleList // OUT: list of handle |
| 12288 | 657 ) |
| 12289 | 658 { |
| 12290 | 659 TPMI_YES_NO more = NO; |
| 12291 | 660 UINT32 i; |
| 12292 | 661 |
| 12293 | 662 pAssert(HandleGetType(handle) == TPM_HT_TRANSIENT); |
| 12294 | 663 |
| 12295 | 664 // Initialize output handle list |
| 12296 | 665 handleList->count = 0; |
| 12297 | 666 |
| 12298 | 667 // The maximum count of handles we may return is MAX_CAP_HANDLES |
| 12299 | 668 if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; |
| 12300 | 669 |
| 12301 | 670 // Iterate object slots to get loaded object handles |
| 12302 | 671 for(i = handle - TRANSIENT_FIRST; i < MAX_LOADED_OBJECTS; i++) |
| 12303 | 672 { |
| 12304 | 673 if(s_objects[i].occupied == TRUE) |
| 12305 | 674 { |
| 12306 | 675 // A valid transient object can not be the copy of a persistent object |
| 12307 | 676 pAssert(s_objects[i].object.entity.attributes.evict == CLEAR); |
| 12308 | 677 |
| 12309 | 678 if(handleList->count < count) |
| 12310 | 679 { |
| 12311 | 680 // If we have not filled up the return list, add this object |
| 12312 | 681 // handle to it |
| 12313 | 682 handleList->handle[handleList->count] = i + TRANSIENT_FIRST; |
| 12314 | 683 handleList->count++; |
| 12315 | |
| 12316 | |
| 12317 | Family "2.0" TCG Published Page 167 |
| 12318 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 12319 | Trusted Platform Module Library Part 4: Supporting Routines |
| 12320 | |
| 12321 | 684 } |
| 12322 | 685 else |
| 12323 | 686 { |
| 12324 | 687 // If the return list is full but we still have loaded object |
| 12325 | 688 // available, report this and stop iterating |
| 12326 | 689 more = YES; |
| 12327 | 690 break; |
| 12328 | 691 } |
| 12329 | 692 } |
| 12330 | 693 } |
| 12331 | 694 |
| 12332 | 695 return more; |
| 12333 | 696 } |
| 12334 | |
| 12335 | |
| 12336 | 8.5.3.27 ObjectCapGetTransientAvail() |
| 12337 | |
| 12338 | This function returns an estimate of the number of additional transient objects that could be loaded into |
| 12339 | the TPM. |
| 12340 | |
| 12341 | 697 UINT32 |
| 12342 | 698 ObjectCapGetTransientAvail( |
| 12343 | 699 void |
| 12344 | 700 ) |
| 12345 | 701 { |
| 12346 | 702 UINT32 i; |
| 12347 | 703 UINT32 num = 0; |
| 12348 | 704 |
| 12349 | 705 // Iterate object slot to get the number of unoccupied slots |
| 12350 | 706 for(i = 0; i < MAX_LOADED_OBJECTS; i++) |
| 12351 | 707 { |
| 12352 | 708 if(s_objects[i].occupied == FALSE) num++; |
| 12353 | 709 } |
| 12354 | 710 |
| 12355 | 711 return num; |
| 12356 | 712 } |
| 12357 | |
| 12358 | |
| 12359 | 8.6 PCR.c |
| 12360 | |
| 12361 | 8.6.1 Introduction |
| 12362 | |
| 12363 | This function contains the functions needed for PCR access and manipulation. |
| 12364 | This implementation uses a static allocation for the PCR. The amount of memory is allocated based on |
| 12365 | the number of PCR in the implementation and the number of implemented hash algorithms. This is not |
| 12366 | the expected implementation. PCR SPACE DEFINITIONS. |
| 12367 | In the definitions below, the g_hashPcrMap is a bit array that indicates which of the PCR are |
| 12368 | implemented. The g_hashPcr array is an array of digests. In this implementation, the space is allocated |
| 12369 | whether the PCR is implemented or not. |
| 12370 | |
| 12371 | 8.6.2 Includes, Defines, and Data Definitions |
| 12372 | |
| 12373 | 1 #define PCR_C |
| 12374 | 2 #include "InternalRoutines.h" |
| 12375 | 3 #include <Platform.h> |
| 12376 | |
| 12377 | The initial value of PCR attributes. The value of these fields should be consistent with PC Client |
| 12378 | specification In this implementation, we assume the total number of implemented PCR is 24. |
| 12379 | |
| 12380 | 4 static const PCR_Attributes s_initAttributes[] = |
| 12381 | |
| 12382 | Page 168 TCG Published Family "2.0" |
| 12383 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 12384 | Part 4: Supporting Routines Trusted Platform Module Library |
| 12385 | |
| 12386 | 5 { |
| 12387 | 6 // PCR 0 - 15, static RTM |
| 12388 | 7 {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, |
| 12389 | 8 {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, |
| 12390 | 9 {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, |
| 12391 | 10 {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, |
| 12392 | 11 |
| 12393 | 12 {0, 0x0F, 0x1F}, // PCR 16, Debug |
| 12394 | 13 {0, 0x10, 0x1C}, // PCR 17, Locality 4 |
| 12395 | 14 {0, 0x10, 0x1C}, // PCR 18, Locality 3 |
| 12396 | 15 {0, 0x10, 0x0C}, // PCR 19, Locality 2 |
| 12397 | 16 {0, 0x14, 0x0E}, // PCR 20, Locality 1 |
| 12398 | 17 {0, 0x14, 0x04}, // PCR 21, Dynamic OS |
| 12399 | 18 {0, 0x14, 0x04}, // PCR 22, Dynamic OS |
| 12400 | 19 {0, 0x0F, 0x1F}, // PCR 23, App specific |
| 12401 | 20 {0, 0x0F, 0x1F} // PCR 24, testing policy |
| 12402 | 21 }; |
| 12403 | |
| 12404 | |
| 12405 | 8.6.3 Functions |
| 12406 | |
| 12407 | 8.6.3.1 PCRBelongsAuthGroup() |
| 12408 | |
| 12409 | This function indicates if a PCR belongs to a group that requires an authValue in order to modify the |
| 12410 | PCR. If it does, groupIndex is set to value of the group index. This feature of PCR is decided by the |
| 12411 | platform specification. |
| 12412 | |
| 12413 | Return Value Meaning |
| 12414 | |
| 12415 | TRUE: PCR belongs an auth group |
| 12416 | FALSE: PCR does not belong an auth group |
| 12417 | |
| 12418 | 22 BOOL |
| 12419 | 23 PCRBelongsAuthGroup( |
| 12420 | 24 TPMI_DH_PCR handle, // IN: handle of PCR |
| 12421 | 25 UINT32 *groupIndex // OUT: group index if PCR belongs a |
| 12422 | 26 // group that allows authValue. If PCR |
| 12423 | 27 // does not belong to an auth group, |
| 12424 | 28 // the value in this parameter is |
| 12425 | 29 // invalid |
| 12426 | 30 ) |
| 12427 | 31 { |
| 12428 | 32 #if NUM_AUTHVALUE_PCR_GROUP > 0 |
| 12429 | 33 // Platform specification determines to which auth group a PCR belongs (if |
| 12430 | 34 // any). In this implementation, we assume there is only |
| 12431 | 35 // one auth group which contains PCR[20-22]. If the platform specification |
| 12432 | 36 // requires differently, the implementation should be changed accordingly |
| 12433 | 37 if(handle >= 20 && handle <= 22) |
| 12434 | 38 { |
| 12435 | 39 *groupIndex = 0; |
| 12436 | 40 return TRUE; |
| 12437 | 41 } |
| 12438 | 42 |
| 12439 | 43 #endif |
| 12440 | 44 return FALSE; |
| 12441 | 45 } |
| 12442 | |
| 12443 | |
| 12444 | 8.6.3.2 PCRBelongsPolicyGroup() |
| 12445 | |
| 12446 | This function indicates if a PCR belongs to a group that requires a policy authorization in order to modify |
| 12447 | the PCR. If it does, groupIndex is set to value of the group index. This feature of PCR is decided by the |
| 12448 | platform specification. |
| 12449 | Family "2.0" TCG Published Page 169 |
| 12450 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 12451 | Trusted Platform Module Library Part 4: Supporting Routines |
| 12452 | |
| 12453 | |
| 12454 | Return Value Meaning |
| 12455 | |
| 12456 | TRUE: PCR belongs a policy group |
| 12457 | FALSE: PCR does not belong a policy group |
| 12458 | |
| 12459 | 46 BOOL |
| 12460 | 47 PCRBelongsPolicyGroup( |
| 12461 | 48 TPMI_DH_PCR handle, // IN: handle of PCR |
| 12462 | 49 UINT32 *groupIndex // OUT: group index if PCR belongs a group that |
| 12463 | 50 // allows policy. If PCR does not belong to |
| 12464 | 51 // a policy group, the value in this |
| 12465 | 52 // parameter is invalid |
| 12466 | 53 ) |
| 12467 | 54 { |
| 12468 | 55 #if NUM_POLICY_PCR_GROUP > 0 |
| 12469 | 56 // Platform specification decides if a PCR belongs to a policy group and |
| 12470 | 57 // belongs to which group. In this implementation, we assume there is only |
| 12471 | 58 // one policy group which contains PCR20-22. If the platform specification |
| 12472 | 59 // requires differently, the implementation should be changed accordingly |
| 12473 | 60 if(handle >= 20 && handle <= 22) |
| 12474 | 61 { |
| 12475 | 62 *groupIndex = 0; |
| 12476 | 63 return TRUE; |
| 12477 | 64 } |
| 12478 | 65 #endif |
| 12479 | 66 return FALSE; |
| 12480 | 67 } |
| 12481 | |
| 12482 | |
| 12483 | 8.6.3.3 PCRBelongsTCBGroup() |
| 12484 | |
| 12485 | This function indicates if a PCR belongs to the TCB group. |
| 12486 | |
| 12487 | Return Value Meaning |
| 12488 | |
| 12489 | TRUE: PCR belongs to TCB group |
| 12490 | FALSE: PCR does not belong to TCB group |
| 12491 | |
| 12492 | 68 static BOOL |
| 12493 | 69 PCRBelongsTCBGroup( |
| 12494 | 70 TPMI_DH_PCR handle // IN: handle of PCR |
| 12495 | 71 ) |
| 12496 | 72 { |
| 12497 | 73 #if ENABLE_PCR_NO_INCREMENT == YES |
| 12498 | 74 // Platform specification decides if a PCR belongs to a TCB group. In this |
| 12499 | 75 // implementation, we assume PCR[20-22] belong to TCB group. If the platform |
| 12500 | 76 // specification requires differently, the implementation should be |
| 12501 | 77 // changed accordingly |
| 12502 | 78 if(handle >= 20 && handle <= 22) |
| 12503 | 79 return TRUE; |
| 12504 | 80 |
| 12505 | 81 #endif |
| 12506 | 82 return FALSE; |
| 12507 | 83 } |
| 12508 | |
| 12509 | |
| 12510 | 8.6.3.4 PCRPolicyIsAvailable() |
| 12511 | |
| 12512 | This function indicates if a policy is available for a PCR. |
| 12513 | |
| 12514 | |
| 12515 | |
| 12516 | |
| 12517 | Page 170 TCG Published Family "2.0" |
| 12518 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 12519 | Part 4: Supporting Routines Trusted Platform Module Library |
| 12520 | |
| 12521 | |
| 12522 | Return Value Meaning |
| 12523 | |
| 12524 | TRUE the PCR should be authorized by policy |
| 12525 | FALSE the PCR does not allow policy |
| 12526 | |
| 12527 | 84 BOOL |
| 12528 | 85 PCRPolicyIsAvailable( |
| 12529 | 86 TPMI_DH_PCR handle // IN: PCR handle |
| 12530 | 87 ) |
| 12531 | 88 { |
| 12532 | 89 UINT32 groupIndex; |
| 12533 | 90 |
| 12534 | 91 return PCRBelongsPolicyGroup(handle, &groupIndex); |
| 12535 | 92 } |
| 12536 | |
| 12537 | |
| 12538 | 8.6.3.5 PCRGetAuthValue() |
| 12539 | |
| 12540 | This function is used to access the authValue of a PCR. If PCR does not belong to an authValue group, |
| 12541 | an Empty Auth will be returned. |
| 12542 | |
| 12543 | 93 void |
| 12544 | 94 PCRGetAuthValue( |
| 12545 | 95 TPMI_DH_PCR handle, // IN: PCR handle |
| 12546 | 96 TPM2B_AUTH *auth // OUT: authValue of PCR |
| 12547 | 97 ) |
| 12548 | 98 { |
| 12549 | 99 UINT32 groupIndex; |
| 12550 | 100 |
| 12551 | 101 if(PCRBelongsAuthGroup(handle, &groupIndex)) |
| 12552 | 102 { |
| 12553 | 103 *auth = gc.pcrAuthValues.auth[groupIndex]; |
| 12554 | 104 } |
| 12555 | 105 else |
| 12556 | 106 { |
| 12557 | 107 auth->t.size = 0; |
| 12558 | 108 } |
| 12559 | 109 |
| 12560 | 110 return; |
| 12561 | 111 } |
| 12562 | |
| 12563 | |
| 12564 | 8.6.3.6 PCRGetAuthPolicy() |
| 12565 | |
| 12566 | This function is used to access the authorization policy of a PCR. It sets policy to the authorization policy |
| 12567 | and returns the hash algorithm for policy If the PCR does not allow a policy, TPM_ALG_NULL is returned. |
| 12568 | |
| 12569 | 112 TPMI_ALG_HASH |
| 12570 | 113 PCRGetAuthPolicy( |
| 12571 | 114 TPMI_DH_PCR handle, // IN: PCR handle |
| 12572 | 115 TPM2B_DIGEST *policy // OUT: policy of PCR |
| 12573 | 116 ) |
| 12574 | 117 { |
| 12575 | 118 UINT32 groupIndex; |
| 12576 | 119 |
| 12577 | 120 if(PCRBelongsPolicyGroup(handle, &groupIndex)) |
| 12578 | 121 { |
| 12579 | 122 *policy = gp.pcrPolicies.policy[groupIndex]; |
| 12580 | 123 return gp.pcrPolicies.hashAlg[groupIndex]; |
| 12581 | 124 } |
| 12582 | 125 else |
| 12583 | 126 { |
| 12584 | 127 policy->t.size = 0; |
| 12585 | |
| 12586 | Family "2.0" TCG Published Page 171 |
| 12587 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 12588 | Trusted Platform Module Library Part 4: Supporting Routines |
| 12589 | |
| 12590 | 128 return TPM_ALG_NULL; |
| 12591 | 129 } |
| 12592 | 130 } |
| 12593 | |
| 12594 | |
| 12595 | 8.6.3.7 PCRSimStart() |
| 12596 | |
| 12597 | This function is used to initialize the policies when a TPM is manufactured. This function would only be |
| 12598 | called in a manufacturing environment or in a TPM simulator. |
| 12599 | |
| 12600 | 131 void |
| 12601 | 132 PCRSimStart( |
| 12602 | 133 void |
| 12603 | 134 ) |
| 12604 | 135 { |
| 12605 | 136 UINT32 i; |
| 12606 | 137 for(i = 0; i < NUM_POLICY_PCR_GROUP; i++) |
| 12607 | 138 { |
| 12608 | 139 gp.pcrPolicies.hashAlg[i] = TPM_ALG_NULL; |
| 12609 | 140 gp.pcrPolicies.policy[i].t.size = 0; |
| 12610 | 141 } |
| 12611 | 142 |
| 12612 | 143 for(i = 0; i < NUM_AUTHVALUE_PCR_GROUP; i++) |
| 12613 | 144 { |
| 12614 | 145 gc.pcrAuthValues.auth[i].t.size = 0; |
| 12615 | 146 } |
| 12616 | 147 |
| 12617 | 148 // We need to give an initial configuration on allocated PCR before |
| 12618 | 149 // receiving any TPM2_PCR_Allocate command to change this configuration |
| 12619 | 150 // When the simulation environment starts, we allocate all the PCRs |
| 12620 | 151 for(gp.pcrAllocated.count = 0; gp.pcrAllocated.count < HASH_COUNT; |
| 12621 | 152 gp.pcrAllocated.count++) |
| 12622 | 153 { |
| 12623 | 154 gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].hash |
| 12624 | 155 = CryptGetHashAlgByIndex(gp.pcrAllocated.count); |
| 12625 | 156 |
| 12626 | 157 gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].sizeofSelect |
| 12627 | 158 = PCR_SELECT_MAX; |
| 12628 | 159 for(i = 0; i < PCR_SELECT_MAX; i++) |
| 12629 | 160 gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].pcrSelect[i] |
| 12630 | 161 = 0xFF; |
| 12631 | 162 } |
| 12632 | 163 |
| 12633 | 164 // Store the initial configuration to NV |
| 12634 | 165 NvWriteReserved(NV_PCR_POLICIES, &gp.pcrPolicies); |
| 12635 | 166 NvWriteReserved(NV_PCR_ALLOCATED, &gp.pcrAllocated); |
| 12636 | 167 |
| 12637 | 168 return; |
| 12638 | 169 } |
| 12639 | |
| 12640 | |
| 12641 | 8.6.3.8 GetSavedPcrPointer() |
| 12642 | |
| 12643 | This function returns the address of an array of state saved PCR based on the hash algorithm. |
| 12644 | |
| 12645 | Return Value Meaning |
| 12646 | |
| 12647 | NULL no such algorithm |
| 12648 | not NULL pointer to the 0th byte of the 0th PCR |
| 12649 | |
| 12650 | 170 static BYTE * |
| 12651 | 171 GetSavedPcrPointer ( |
| 12652 | 172 TPM_ALG_ID alg, // IN: algorithm for bank |
| 12653 | 173 UINT32 pcrIndex // IN: PCR index in PCR_SAVE |
| 12654 | |
| 12655 | Page 172 TCG Published Family "2.0" |
| 12656 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 12657 | Part 4: Supporting Routines Trusted Platform Module Library |
| 12658 | |
| 12659 | 174 ) |
| 12660 | 175 { |
| 12661 | 176 switch(alg) |
| 12662 | 177 { |
| 12663 | 178 #ifdef TPM_ALG_SHA1 |
| 12664 | 179 case TPM_ALG_SHA1: |
| 12665 | 180 return gc.pcrSave.sha1[pcrIndex]; |
| 12666 | 181 break; |
| 12667 | 182 #endif |
| 12668 | 183 #ifdef TPM_ALG_SHA256 |
| 12669 | 184 case TPM_ALG_SHA256: |
| 12670 | 185 return gc.pcrSave.sha256[pcrIndex]; |
| 12671 | 186 break; |
| 12672 | 187 #endif |
| 12673 | 188 #ifdef TPM_ALG_SHA384 |
| 12674 | 189 case TPM_ALG_SHA384: |
| 12675 | 190 return gc.pcrSave.sha384[pcrIndex]; |
| 12676 | 191 break; |
| 12677 | 192 #endif |
| 12678 | 193 |
| 12679 | 194 #ifdef TPM_ALG_SHA512 |
| 12680 | 195 case TPM_ALG_SHA512: |
| 12681 | 196 return gc.pcrSave.sha512[pcrIndex]; |
| 12682 | 197 break; |
| 12683 | 198 #endif |
| 12684 | 199 #ifdef TPM_ALG_SM3_256 |
| 12685 | 200 case TPM_ALG_SM3_256: |
| 12686 | 201 return gc.pcrSave.sm3_256[pcrIndex]; |
| 12687 | 202 break; |
| 12688 | 203 #endif |
| 12689 | 204 default: |
| 12690 | 205 FAIL(FATAL_ERROR_INTERNAL); |
| 12691 | 206 } |
| 12692 | 207 //return NULL; // Can't be reached |
| 12693 | 208 } |
| 12694 | |
| 12695 | |
| 12696 | 8.6.3.9 PcrIsAllocated() |
| 12697 | |
| 12698 | This function indicates if a PCR number for the particular hash algorithm is allocated. |
| 12699 | |
| 12700 | Return Value Meaning |
| 12701 | |
| 12702 | FALSE PCR is not allocated |
| 12703 | TRUE PCR is allocated |
| 12704 | |
| 12705 | 209 BOOL |
| 12706 | 210 PcrIsAllocated ( |
| 12707 | 211 UINT32 pcr, // IN: The number of the PCR |
| 12708 | 212 TPMI_ALG_HASH hashAlg // IN: The PCR algorithm |
| 12709 | 213 ) |
| 12710 | 214 { |
| 12711 | 215 UINT32 i; |
| 12712 | 216 BOOL allocated = FALSE; |
| 12713 | 217 |
| 12714 | 218 if(pcr < IMPLEMENTATION_PCR) |
| 12715 | 219 { |
| 12716 | 220 |
| 12717 | 221 for(i = 0; i < gp.pcrAllocated.count; i++) |
| 12718 | 222 { |
| 12719 | 223 if(gp.pcrAllocated.pcrSelections[i].hash == hashAlg) |
| 12720 | 224 { |
| 12721 | 225 if(((gp.pcrAllocated.pcrSelections[i].pcrSelect[pcr/8]) |
| 12722 | 226 & (1 << (pcr % 8))) != 0) |
| 12723 | |
| 12724 | |
| 12725 | Family "2.0" TCG Published Page 173 |
| 12726 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 12727 | Trusted Platform Module Library Part 4: Supporting Routines |
| 12728 | |
| 12729 | 227 allocated = TRUE; |
| 12730 | 228 else |
| 12731 | 229 allocated = FALSE; |
| 12732 | 230 break; |
| 12733 | 231 } |
| 12734 | 232 } |
| 12735 | 233 } |
| 12736 | 234 return allocated; |
| 12737 | 235 } |
| 12738 | |
| 12739 | |
| 12740 | 8.6.3.10 GetPcrPointer() |
| 12741 | |
| 12742 | This function returns the address of an array of PCR based on the hash algorithm. |
| 12743 | |
| 12744 | Return Value Meaning |
| 12745 | |
| 12746 | NULL no such algorithm |
| 12747 | not NULL pointer to the 0th byte of the 0th PCR |
| 12748 | |
| 12749 | 236 static BYTE * |
| 12750 | 237 GetPcrPointer ( |
| 12751 | 238 TPM_ALG_ID alg, // IN: algorithm for bank |
| 12752 | 239 UINT32 pcrNumber // IN: PCR number |
| 12753 | 240 ) |
| 12754 | 241 { |
| 12755 | 242 static BYTE *pcr = NULL; |
| 12756 | 243 |
| 12757 | 244 if(!PcrIsAllocated(pcrNumber, alg)) |
| 12758 | 245 return NULL; |
| 12759 | 246 |
| 12760 | 247 switch(alg) |
| 12761 | 248 { |
| 12762 | 249 #ifdef TPM_ALG_SHA1 |
| 12763 | 250 case TPM_ALG_SHA1: |
| 12764 | 251 pcr = s_pcrs[pcrNumber].sha1Pcr; |
| 12765 | 252 break; |
| 12766 | 253 #endif |
| 12767 | 254 #ifdef TPM_ALG_SHA256 |
| 12768 | 255 case TPM_ALG_SHA256: |
| 12769 | 256 pcr = s_pcrs[pcrNumber].sha256Pcr; |
| 12770 | 257 break; |
| 12771 | 258 #endif |
| 12772 | 259 #ifdef TPM_ALG_SHA384 |
| 12773 | 260 case TPM_ALG_SHA384: |
| 12774 | 261 pcr = s_pcrs[pcrNumber].sha384Pcr; |
| 12775 | 262 break; |
| 12776 | 263 #endif |
| 12777 | 264 #ifdef TPM_ALG_SHA512 |
| 12778 | 265 case TPM_ALG_SHA512: |
| 12779 | 266 pcr = s_pcrs[pcrNumber].sha512Pcr; |
| 12780 | 267 break; |
| 12781 | 268 #endif |
| 12782 | 269 #ifdef TPM_ALG_SM3_256 |
| 12783 | 270 case TPM_ALG_SM3_256: |
| 12784 | 271 pcr = s_pcrs[pcrNumber].sm3_256Pcr; |
| 12785 | 272 break; |
| 12786 | 273 #endif |
| 12787 | 274 default: |
| 12788 | 275 pAssert(FALSE); |
| 12789 | 276 break; |
| 12790 | 277 } |
| 12791 | 278 |
| 12792 | 279 return pcr; |
| 12793 | |
| 12794 | |
| 12795 | Page 174 TCG Published Family "2.0" |
| 12796 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 12797 | Part 4: Supporting Routines Trusted Platform Module Library |
| 12798 | |
| 12799 | 280 } |
| 12800 | |
| 12801 | |
| 12802 | 8.6.3.11 IsPcrSelected() |
| 12803 | |
| 12804 | This function indicates if an indicated PCR number is selected by the bit map in selection. |
| 12805 | |
| 12806 | Return Value Meaning |
| 12807 | |
| 12808 | FALSE PCR is not selected |
| 12809 | TRUE PCR is selected |
| 12810 | |
| 12811 | 281 static BOOL |
| 12812 | 282 IsPcrSelected ( |
| 12813 | 283 UINT32 pcr, // IN: The number of the PCR |
| 12814 | 284 TPMS_PCR_SELECTION *selection // IN: The selection structure |
| 12815 | 285 ) |
| 12816 | 286 { |
| 12817 | 287 BOOL selected = FALSE; |
| 12818 | 288 if( pcr < IMPLEMENTATION_PCR |
| 12819 | 289 && ((selection->pcrSelect[pcr/8]) & (1 << (pcr % 8))) != 0) |
| 12820 | 290 selected = TRUE; |
| 12821 | 291 |
| 12822 | 292 return selected; |
| 12823 | 293 } |
| 12824 | |
| 12825 | |
| 12826 | 8.6.3.12 FilterPcr() |
| 12827 | |
| 12828 | This function modifies a PCR selection array based on the implemented PCR. |
| 12829 | |
| 12830 | 294 static void |
| 12831 | 295 FilterPcr( |
| 12832 | 296 TPMS_PCR_SELECTION *selection // IN: input PCR selection |
| 12833 | 297 ) |
| 12834 | 298 { |
| 12835 | 299 UINT32 i; |
| 12836 | 300 TPMS_PCR_SELECTION *allocated = NULL; |
| 12837 | 301 |
| 12838 | 302 // If size of select is less than PCR_SELECT_MAX, zero the unspecified PCR |
| 12839 | 303 for(i = selection->sizeofSelect; i < PCR_SELECT_MAX; i++) |
| 12840 | 304 selection->pcrSelect[i] = 0; |
| 12841 | 305 |
| 12842 | 306 // Find the internal configuration for the bank |
| 12843 | 307 for(i = 0; i < gp.pcrAllocated.count; i++) |
| 12844 | 308 { |
| 12845 | 309 if(gp.pcrAllocated.pcrSelections[i].hash == selection->hash) |
| 12846 | 310 { |
| 12847 | 311 allocated = &gp.pcrAllocated.pcrSelections[i]; |
| 12848 | 312 break; |
| 12849 | 313 } |
| 12850 | 314 } |
| 12851 | 315 |
| 12852 | 316 for (i = 0; i < selection->sizeofSelect; i++) |
| 12853 | 317 { |
| 12854 | 318 if(allocated == NULL) |
| 12855 | 319 { |
| 12856 | 320 // If the required bank does not exist, clear input selection |
| 12857 | 321 selection->pcrSelect[i] = 0; |
| 12858 | 322 } |
| 12859 | 323 else |
| 12860 | 324 selection->pcrSelect[i] &= allocated->pcrSelect[i]; |
| 12861 | 325 } |
| 12862 | 326 |
| 12863 | |
| 12864 | Family "2.0" TCG Published Page 175 |
| 12865 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 12866 | Trusted Platform Module Library Part 4: Supporting Routines |
| 12867 | |
| 12868 | 327 return; |
| 12869 | 328 } |
| 12870 | |
| 12871 | |
| 12872 | 8.6.3.13 PcrDrtm() |
| 12873 | |
| 12874 | This function does the DRTM and H-CRTM processing it is called from _TPM_Hash_End(). |
| 12875 | |
| 12876 | 329 void |
| 12877 | 330 PcrDrtm( |
| 12878 | 331 const TPMI_DH_PCR pcrHandle, // IN: the index of the PCR to be |
| 12879 | 332 // modified |
| 12880 | 333 const TPMI_ALG_HASH hash, // IN: the bank identifier |
| 12881 | 334 const TPM2B_DIGEST *digest // IN: the digest to modify the PCR |
| 12882 | 335 ) |
| 12883 | 336 { |
| 12884 | 337 BYTE *pcrData = GetPcrPointer(hash, pcrHandle); |
| 12885 | 338 |
| 12886 | 339 if(pcrData != NULL) |
| 12887 | 340 { |
| 12888 | 341 // Rest the PCR to zeros |
| 12889 | 342 MemorySet(pcrData, 0, digest->t.size); |
| 12890 | 343 |
| 12891 | 344 // if the TPM has not started, then set the PCR to 0...04 and then extend |
| 12892 | 345 if(!TPMIsStarted()) |
| 12893 | 346 { |
| 12894 | 347 pcrData[digest->t.size - 1] = 4; |
| 12895 | 348 } |
| 12896 | 349 // Now, extend the value |
| 12897 | 350 PCRExtend(pcrHandle, hash, digest->t.size, (BYTE *)digest->t.buffer); |
| 12898 | 351 } |
| 12899 | 352 } |
| 12900 | |
| 12901 | |
| 12902 | 8.6.3.14 PCRStartup() |
| 12903 | |
| 12904 | This function initializes the PCR subsystem at TPM2_Startup(). |
| 12905 | |
| 12906 | 353 void |
| 12907 | 354 PCRStartup( |
| 12908 | 355 STARTUP_TYPE type, // IN: startup type |
| 12909 | 356 BYTE locality // IN: startup locality |
| 12910 | 357 ) |
| 12911 | 358 { |
| 12912 | 359 UINT32 pcr, j; |
| 12913 | 360 UINT32 saveIndex = 0; |
| 12914 | 361 |
| 12915 | 362 g_pcrReConfig = FALSE; |
| 12916 | 363 |
| 12917 | 364 if(type != SU_RESUME) |
| 12918 | 365 { |
| 12919 | 366 // PCR generation counter is cleared at TPM_RESET and TPM_RESTART |
| 12920 | 367 gr.pcrCounter = 0; |
| 12921 | 368 } |
| 12922 | 369 |
| 12923 | 370 // Initialize/Restore PCR values |
| 12924 | 371 for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) |
| 12925 | 372 { |
| 12926 | 373 // On resume, need to know if this PCR had its state saved or not |
| 12927 | 374 UINT32 stateSaved = |
| 12928 | 375 (type == SU_RESUME && s_initAttributes[pcr].stateSave == SET) ? 1 : 0; |
| 12929 | 376 |
| 12930 | 377 // If this is the H-CRTM PCR and we are not doing a resume and we |
| 12931 | 378 // had an H-CRTM event, then we don't change this PCR |
| 12932 | 379 if(pcr == HCRTM_PCR && type != SU_RESUME && g_DrtmPreStartup == TRUE) |
| 12933 | |
| 12934 | Page 176 TCG Published Family "2.0" |
| 12935 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 12936 | Part 4: Supporting Routines Trusted Platform Module Library |
| 12937 | |
| 12938 | 380 continue; |
| 12939 | 381 |
| 12940 | 382 // Iterate each hash algorithm bank |
| 12941 | 383 for(j = 0; j < gp.pcrAllocated.count; j++) |
| 12942 | 384 { |
| 12943 | 385 TPMI_ALG_HASH hash = gp.pcrAllocated.pcrSelections[j].hash; |
| 12944 | 386 BYTE *pcrData = GetPcrPointer(hash, pcr); |
| 12945 | 387 UINT16 pcrSize = CryptGetHashDigestSize(hash); |
| 12946 | 388 |
| 12947 | 389 if(pcrData != NULL) |
| 12948 | 390 { |
| 12949 | 391 // if state was saved |
| 12950 | 392 if(stateSaved == 1) |
| 12951 | 393 { |
| 12952 | 394 // Restore saved PCR value |
| 12953 | 395 BYTE *pcrSavedData; |
| 12954 | 396 pcrSavedData = GetSavedPcrPointer( |
| 12955 | 397 gp.pcrAllocated.pcrSelections[j].hash, |
| 12956 | 398 saveIndex); |
| 12957 | 399 MemoryCopy(pcrData, pcrSavedData, pcrSize, pcrSize); |
| 12958 | 400 } |
| 12959 | 401 else |
| 12960 | 402 // PCR was not restored by state save |
| 12961 | 403 { |
| 12962 | 404 // If the reset locality of the PCR is 4, then |
| 12963 | 405 // the reset value is all one's, otherwise it is |
| 12964 | 406 // all zero. |
| 12965 | 407 if((s_initAttributes[pcr].resetLocality & 0x10) != 0) |
| 12966 | 408 MemorySet(pcrData, 0xFF, pcrSize); |
| 12967 | 409 else |
| 12968 | 410 { |
| 12969 | 411 MemorySet(pcrData, 0, pcrSize); |
| 12970 | 412 if(pcr == HCRTM_PCR) |
| 12971 | 413 pcrData[pcrSize-1] = locality; |
| 12972 | 414 } |
| 12973 | 415 } |
| 12974 | 416 } |
| 12975 | 417 } |
| 12976 | 418 saveIndex += stateSaved; |
| 12977 | 419 } |
| 12978 | 420 |
| 12979 | 421 // Reset authValues |
| 12980 | 422 if(type != SU_RESUME) |
| 12981 | 423 { |
| 12982 | 424 for(j = 0; j < NUM_AUTHVALUE_PCR_GROUP; j++) |
| 12983 | 425 { |
| 12984 | 426 gc.pcrAuthValues.auth[j].t.size = 0; |
| 12985 | 427 } |
| 12986 | 428 } |
| 12987 | 429 |
| 12988 | 430 } |
| 12989 | |
| 12990 | |
| 12991 | 8.6.3.15 PCRStateSave() |
| 12992 | |
| 12993 | This function is used to save the PCR values that will be restored on TPM Resume. |
| 12994 | |
| 12995 | 431 void |
| 12996 | 432 PCRStateSave( |
| 12997 | 433 TPM_SU type // IN: startup type |
| 12998 | 434 ) |
| 12999 | 435 { |
| 13000 | 436 UINT32 pcr, j; |
| 13001 | 437 UINT32 saveIndex = 0; |
| 13002 | 438 |
| 13003 | |
| 13004 | |
| 13005 | Family "2.0" TCG Published Page 177 |
| 13006 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 13007 | Trusted Platform Module Library Part 4: Supporting Routines |
| 13008 | |
| 13009 | 439 // if state save CLEAR, nothing to be done. Return here |
| 13010 | 440 if(type == TPM_SU_CLEAR) return; |
| 13011 | 441 |
| 13012 | 442 // Copy PCR values to the structure that should be saved to NV |
| 13013 | 443 for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) |
| 13014 | 444 { |
| 13015 | 445 UINT32 stateSaved = (s_initAttributes[pcr].stateSave == SET) ? 1 : 0; |
| 13016 | 446 |
| 13017 | 447 // Iterate each hash algorithm bank |
| 13018 | 448 for(j = 0; j < gp.pcrAllocated.count; j++) |
| 13019 | 449 { |
| 13020 | 450 BYTE *pcrData; |
| 13021 | 451 UINT32 pcrSize; |
| 13022 | 452 |
| 13023 | 453 pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[j].hash, pcr); |
| 13024 | 454 |
| 13025 | 455 if(pcrData != NULL) |
| 13026 | 456 { |
| 13027 | 457 pcrSize |
| 13028 | 458 = CryptGetHashDigestSize(gp.pcrAllocated.pcrSelections[j].hash); |
| 13029 | 459 |
| 13030 | 460 if(stateSaved == 1) |
| 13031 | 461 { |
| 13032 | 462 // Restore saved PCR value |
| 13033 | 463 BYTE *pcrSavedData; |
| 13034 | 464 pcrSavedData |
| 13035 | 465 = GetSavedPcrPointer(gp.pcrAllocated.pcrSelections[j].hash, |
| 13036 | 466 saveIndex); |
| 13037 | 467 MemoryCopy(pcrSavedData, pcrData, pcrSize, pcrSize); |
| 13038 | 468 } |
| 13039 | 469 } |
| 13040 | 470 } |
| 13041 | 471 saveIndex += stateSaved; |
| 13042 | 472 } |
| 13043 | 473 |
| 13044 | 474 return; |
| 13045 | 475 } |
| 13046 | |
| 13047 | |
| 13048 | 8.6.3.16 PCRIsStateSaved() |
| 13049 | |
| 13050 | This function indicates if the selected PCR is a PCR that is state saved on TPM2_Shutdown(STATE). The |
| 13051 | return value is based on PCR attributes. |
| 13052 | |
| 13053 | Return Value Meaning |
| 13054 | |
| 13055 | TRUE PCR is state saved |
| 13056 | FALSE PCR is not state saved |
| 13057 | |
| 13058 | 476 BOOL |
| 13059 | 477 PCRIsStateSaved( |
| 13060 | 478 TPMI_DH_PCR handle // IN: PCR handle to be extended |
| 13061 | 479 ) |
| 13062 | 480 { |
| 13063 | 481 UINT32 pcr = handle - PCR_FIRST; |
| 13064 | 482 |
| 13065 | 483 if(s_initAttributes[pcr].stateSave == SET) |
| 13066 | 484 return TRUE; |
| 13067 | 485 else |
| 13068 | 486 return FALSE; |
| 13069 | 487 } |
| 13070 | |
| 13071 | |
| 13072 | |
| 13073 | |
| 13074 | Page 178 TCG Published Family "2.0" |
| 13075 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 13076 | Part 4: Supporting Routines Trusted Platform Module Library |
| 13077 | |
| 13078 | 8.6.3.17 PCRIsResetAllowed() |
| 13079 | |
| 13080 | This function indicates if a PCR may be reset by the current command locality. The return value is based |
| 13081 | on PCR attributes, and not the PCR allocation. |
| 13082 | |
| 13083 | Return Value Meaning |
| 13084 | |
| 13085 | TRUE TPM2_PCR_Reset() is allowed |
| 13086 | FALSE TPM2_PCR_Reset() is not allowed |
| 13087 | |
| 13088 | 488 BOOL |
| 13089 | 489 PCRIsResetAllowed( |
| 13090 | 490 TPMI_DH_PCR handle // IN: PCR handle to be extended |
| 13091 | 491 ) |
| 13092 | 492 { |
| 13093 | 493 UINT8 commandLocality; |
| 13094 | 494 UINT8 localityBits = 1; |
| 13095 | 495 UINT32 pcr = handle - PCR_FIRST; |
| 13096 | 496 |
| 13097 | 497 // Check for the locality |
| 13098 | 498 commandLocality = _plat__LocalityGet(); |
| 13099 | 499 |
| 13100 | 500 #ifdef DRTM_PCR |
| 13101 | 501 // For a TPM that does DRTM, Reset is not allowed at locality 4 |
| 13102 | 502 if(commandLocality == 4) |
| 13103 | 503 return FALSE; |
| 13104 | 504 #endif |
| 13105 | 505 |
| 13106 | 506 localityBits = localityBits << commandLocality; |
| 13107 | 507 if((localityBits & s_initAttributes[pcr].resetLocality) == 0) |
| 13108 | 508 return FALSE; |
| 13109 | 509 else |
| 13110 | 510 return TRUE; |
| 13111 | 511 |
| 13112 | 512 } |
| 13113 | |
| 13114 | |
| 13115 | 8.6.3.18 PCRChanged() |
| 13116 | |
| 13117 | This function checks a PCR handle to see if the attributes for the PCR are set so that any change to the |
| 13118 | PCR causes an increment of the pcrCounter. If it does, then the function increments the counter. |
| 13119 | |
| 13120 | 513 void |
| 13121 | 514 PCRChanged( |
| 13122 | 515 TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. |
| 13123 | 516 ) |
| 13124 | 517 { |
| 13125 | 518 // For the reference implementation, the only change that does not cause |
| 13126 | 519 // increment is a change to a PCR in the TCB group. |
| 13127 | 520 if(!PCRBelongsTCBGroup(pcrHandle)) |
| 13128 | 521 gr.pcrCounter++; |
| 13129 | 522 } |
| 13130 | |
| 13131 | |
| 13132 | 8.6.3.19 PCRIsExtendAllowed() |
| 13133 | |
| 13134 | This function indicates a PCR may be extended at the current command locality. The return value is |
| 13135 | based on PCR attributes, and not the PCR allocation. |
| 13136 | |
| 13137 | |
| 13138 | |
| 13139 | |
| 13140 | Family "2.0" TCG Published Page 179 |
| 13141 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 13142 | Trusted Platform Module Library Part 4: Supporting Routines |
| 13143 | |
| 13144 | |
| 13145 | Return Value Meaning |
| 13146 | |
| 13147 | TRUE extend is allowed |
| 13148 | FALSE extend is not allowed |
| 13149 | |
| 13150 | 523 BOOL |
| 13151 | 524 PCRIsExtendAllowed( |
| 13152 | 525 TPMI_DH_PCR handle // IN: PCR handle to be extended |
| 13153 | 526 ) |
| 13154 | 527 { |
| 13155 | 528 UINT8 commandLocality; |
| 13156 | 529 UINT8 localityBits = 1; |
| 13157 | 530 UINT32 pcr = handle - PCR_FIRST; |
| 13158 | 531 |
| 13159 | 532 // Check for the locality |
| 13160 | 533 commandLocality = _plat__LocalityGet(); |
| 13161 | 534 localityBits = localityBits << commandLocality; |
| 13162 | 535 if((localityBits & s_initAttributes[pcr].extendLocality) == 0) |
| 13163 | 536 return FALSE; |
| 13164 | 537 else |
| 13165 | 538 return TRUE; |
| 13166 | 539 |
| 13167 | 540 } |
| 13168 | |
| 13169 | |
| 13170 | 8.6.3.20 PCRExtend() |
| 13171 | |
| 13172 | This function is used to extend a PCR in a specific bank. |
| 13173 | |
| 13174 | 541 void |
| 13175 | 542 PCRExtend( |
| 13176 | 543 TPMI_DH_PCR handle, // IN: PCR handle to be extended |
| 13177 | 544 TPMI_ALG_HASH hash, // IN: hash algorithm of PCR |
| 13178 | 545 UINT32 size, // IN: size of data to be extended |
| 13179 | 546 BYTE *data // IN: data to be extended |
| 13180 | 547 ) |
| 13181 | 548 { |
| 13182 | 549 UINT32 pcr = handle - PCR_FIRST; |
| 13183 | 550 BYTE *pcrData; |
| 13184 | 551 HASH_STATE hashState; |
| 13185 | 552 UINT16 pcrSize; |
| 13186 | 553 |
| 13187 | 554 pcrData = GetPcrPointer(hash, pcr); |
| 13188 | 555 |
| 13189 | 556 // Extend PCR if it is allocated |
| 13190 | 557 if(pcrData != NULL) |
| 13191 | 558 { |
| 13192 | 559 pcrSize = CryptGetHashDigestSize(hash); |
| 13193 | 560 CryptStartHash(hash, &hashState); |
| 13194 | 561 CryptUpdateDigest(&hashState, pcrSize, pcrData); |
| 13195 | 562 CryptUpdateDigest(&hashState, size, data); |
| 13196 | 563 CryptCompleteHash(&hashState, pcrSize, pcrData); |
| 13197 | 564 |
| 13198 | 565 // If PCR does not belong to TCB group, increment PCR counter |
| 13199 | 566 if(!PCRBelongsTCBGroup(handle)) |
| 13200 | 567 gr.pcrCounter++; |
| 13201 | 568 } |
| 13202 | 569 |
| 13203 | 570 return; |
| 13204 | 571 } |
| 13205 | |
| 13206 | |
| 13207 | |
| 13208 | |
| 13209 | Page 180 TCG Published Family "2.0" |
| 13210 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 13211 | Part 4: Supporting Routines Trusted Platform Module Library |
| 13212 | |
| 13213 | 8.6.3.21 PCRComputeCurrentDigest() |
| 13214 | |
| 13215 | This function computes the digest of the selected PCR. |
| 13216 | As a side-effect, selection is modified so that only the implemented PCR will have their bits still set. |
| 13217 | |
| 13218 | 572 void |
| 13219 | 573 PCRComputeCurrentDigest( |
| 13220 | 574 TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest |
| 13221 | 575 TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on |
| 13222 | 576 // output) |
| 13223 | 577 TPM2B_DIGEST *digest // OUT: digest |
| 13224 | 578 ) |
| 13225 | 579 { |
| 13226 | 580 HASH_STATE hashState; |
| 13227 | 581 TPMS_PCR_SELECTION *select; |
| 13228 | 582 BYTE *pcrData; // will point to a digest |
| 13229 | 583 UINT32 pcrSize; |
| 13230 | 584 UINT32 pcr; |
| 13231 | 585 UINT32 i; |
| 13232 | 586 |
| 13233 | 587 // Initialize the hash |
| 13234 | 588 digest->t.size = CryptStartHash(hashAlg, &hashState); |
| 13235 | 589 pAssert(digest->t.size > 0 && digest->t.size < UINT16_MAX); |
| 13236 | 590 |
| 13237 | 591 // Iterate through the list of PCR selection structures |
| 13238 | 592 for(i = 0; i < selection->count; i++) |
| 13239 | 593 { |
| 13240 | 594 // Point to the current selection |
| 13241 | 595 select = &selection->pcrSelections[i]; // Point to the current selection |
| 13242 | 596 FilterPcr(select); // Clear out the bits for unimplemented PCR |
| 13243 | 597 |
| 13244 | 598 // Need the size of each digest |
| 13245 | 599 pcrSize = CryptGetHashDigestSize(selection->pcrSelections[i].hash); |
| 13246 | 600 |
| 13247 | 601 // Iterate through the selection |
| 13248 | 602 for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) |
| 13249 | 603 { |
| 13250 | 604 if(IsPcrSelected(pcr, select)) // Is this PCR selected |
| 13251 | 605 { |
| 13252 | 606 // Get pointer to the digest data for the bank |
| 13253 | 607 pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); |
| 13254 | 608 pAssert(pcrData != NULL); |
| 13255 | 609 CryptUpdateDigest(&hashState, pcrSize, pcrData); // add to digest |
| 13256 | 610 } |
| 13257 | 611 } |
| 13258 | 612 } |
| 13259 | 613 // Complete hash stack |
| 13260 | 614 CryptCompleteHash2B(&hashState, &digest->b); |
| 13261 | 615 |
| 13262 | 616 return; |
| 13263 | 617 } |
| 13264 | |
| 13265 | |
| 13266 | 8.6.3.22 PCRRead() |
| 13267 | |
| 13268 | This function is used to read a list of selected PCR. If the requested PCR number exceeds the maximum |
| 13269 | number that can be output, the selection is adjusted to reflect the actual output PCR. |
| 13270 | |
| 13271 | 618 void |
| 13272 | 619 PCRRead( |
| 13273 | 620 TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on |
| 13274 | 621 // output) |
| 13275 | 622 TPML_DIGEST *digest, // OUT: digest |
| 13276 | 623 UINT32 *pcrCounter // OUT: the current value of PCR generation |
| 13277 | |
| 13278 | Family "2.0" TCG Published Page 181 |
| 13279 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 13280 | Trusted Platform Module Library Part 4: Supporting Routines |
| 13281 | |
| 13282 | 624 // number |
| 13283 | 625 ) |
| 13284 | 626 { |
| 13285 | 627 TPMS_PCR_SELECTION *select; |
| 13286 | 628 BYTE *pcrData; // will point to a digest |
| 13287 | 629 UINT32 pcr; |
| 13288 | 630 UINT32 i; |
| 13289 | 631 |
| 13290 | 632 digest->count = 0; |
| 13291 | 633 |
| 13292 | 634 // Iterate through the list of PCR selection structures |
| 13293 | 635 for(i = 0; i < selection->count; i++) |
| 13294 | 636 { |
| 13295 | 637 // Point to the current selection |
| 13296 | 638 select = &selection->pcrSelections[i]; // Point to the current selection |
| 13297 | 639 FilterPcr(select); // Clear out the bits for unimplemented PCR |
| 13298 | 640 |
| 13299 | 641 // Iterate through the selection |
| 13300 | 642 for (pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) |
| 13301 | 643 { |
| 13302 | 644 if(IsPcrSelected(pcr, select)) // Is this PCR selected |
| 13303 | 645 { |
| 13304 | 646 // Check if number of digest exceed upper bound |
| 13305 | 647 if(digest->count > 7) |
| 13306 | 648 { |
| 13307 | 649 // Clear rest of the current select bitmap |
| 13308 | 650 while( pcr < IMPLEMENTATION_PCR |
| 13309 | 651 // do not round up! |
| 13310 | 652 && (pcr / 8) < select->sizeofSelect) |
| 13311 | 653 { |
| 13312 | 654 // do not round up! |
| 13313 | 655 select->pcrSelect[pcr/8] &= (BYTE) ~(1 << (pcr % 8)); |
| 13314 | 656 pcr++; |
| 13315 | 657 } |
| 13316 | 658 // Exit inner loop |
| 13317 | 659 break;; |
| 13318 | 660 } |
| 13319 | 661 // Need the size of each digest |
| 13320 | 662 digest->digests[digest->count].t.size = |
| 13321 | 663 CryptGetHashDigestSize(selection->pcrSelections[i].hash); |
| 13322 | 664 |
| 13323 | 665 // Get pointer to the digest data for the bank |
| 13324 | 666 pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); |
| 13325 | 667 pAssert(pcrData != NULL); |
| 13326 | 668 // Add to the data to digest |
| 13327 | 669 MemoryCopy(digest->digests[digest->count].t.buffer, |
| 13328 | 670 pcrData, |
| 13329 | 671 digest->digests[digest->count].t.size, |
| 13330 | 672 digest->digests[digest->count].t.size); |
| 13331 | 673 digest->count++; |
| 13332 | 674 } |
| 13333 | 675 } |
| 13334 | 676 // If we exit inner loop because we have exceed the output upper bound |
| 13335 | 677 if(digest->count > 7 && pcr < IMPLEMENTATION_PCR) |
| 13336 | 678 { |
| 13337 | 679 // Clear rest of the selection |
| 13338 | 680 while(i < selection->count) |
| 13339 | 681 { |
| 13340 | 682 MemorySet(selection->pcrSelections[i].pcrSelect, 0, |
| 13341 | 683 selection->pcrSelections[i].sizeofSelect); |
| 13342 | 684 i++; |
| 13343 | 685 } |
| 13344 | 686 // exit outer loop |
| 13345 | 687 break; |
| 13346 | 688 } |
| 13347 | 689 } |
| 13348 | |
| 13349 | Page 182 TCG Published Family "2.0" |
| 13350 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 13351 | Part 4: Supporting Routines Trusted Platform Module Library |
| 13352 | |
| 13353 | 690 |
| 13354 | 691 *pcrCounter = gr.pcrCounter; |
| 13355 | 692 |
| 13356 | 693 return; |
| 13357 | 694 } |
| 13358 | |
| 13359 | |
| 13360 | 8.6.3.23 PcrWrite() |
| 13361 | |
| 13362 | This function is used by _TPM_Hash_End() to set a PCR to the computed hash of the H-CRTM event. |
| 13363 | |
| 13364 | 695 void |
| 13365 | 696 PcrWrite( |
| 13366 | 697 TPMI_DH_PCR handle, // IN: PCR handle to be extended |
| 13367 | 698 TPMI_ALG_HASH hash, // IN: hash algorithm of PCR |
| 13368 | 699 TPM2B_DIGEST *digest // IN: the new value |
| 13369 | 700 ) |
| 13370 | 701 { |
| 13371 | 702 UINT32 pcr = handle - PCR_FIRST; |
| 13372 | 703 BYTE *pcrData; |
| 13373 | 704 |
| 13374 | 705 // Copy value to the PCR if it is allocated |
| 13375 | 706 pcrData = GetPcrPointer(hash, pcr); |
| 13376 | 707 if(pcrData != NULL) |
| 13377 | 708 { |
| 13378 | 709 MemoryCopy(pcrData, digest->t.buffer, digest->t.size, digest->t.size); ; |
| 13379 | 710 } |
| 13380 | 711 |
| 13381 | 712 return; |
| 13382 | 713 } |
| 13383 | |
| 13384 | |
| 13385 | 8.6.3.24 PCRAllocate() |
| 13386 | |
| 13387 | This function is used to change the PCR allocation. |
| 13388 | |
| 13389 | Error Returns Meaning |
| 13390 | |
| 13391 | TPM_RC_SUCCESS allocate success |
| 13392 | TPM_RC_NO_RESULTS allocate failed |
| 13393 | TPM_RC_PCR improper allocation |
| 13394 | |
| 13395 | 714 TPM_RC |
| 13396 | 715 PCRAllocate( |
| 13397 | 716 TPML_PCR_SELECTION *allocate, // IN: required allocation |
| 13398 | 717 UINT32 *maxPCR, // OUT: Maximum number of PCR |
| 13399 | 718 UINT32 *sizeNeeded, // OUT: required space |
| 13400 | 719 UINT32 *sizeAvailable // OUT: available space |
| 13401 | 720 ) |
| 13402 | 721 { |
| 13403 | 722 UINT32 i, j, k; |
| 13404 | 723 TPML_PCR_SELECTION newAllocate; |
| 13405 | 724 // Initialize the flags to indicate if HCRTM PCR and DRTM PCR are allocated. |
| 13406 | 725 BOOL pcrHcrtm = FALSE; |
| 13407 | 726 BOOL pcrDrtm = FALSE; |
| 13408 | 727 |
| 13409 | 728 // Create the expected new PCR allocation based on the existing allocation |
| 13410 | 729 // and the new input: |
| 13411 | 730 // 1. if a PCR bank does not appear in the new allocation, the existing |
| 13412 | 731 // allocation of this PCR bank will be preserved. |
| 13413 | 732 // 2. if a PCR bank appears multiple times in the new allocation, only the |
| 13414 | 733 // last one will be in effect. |
| 13415 | 734 newAllocate = gp.pcrAllocated; |
| 13416 | |
| 13417 | Family "2.0" TCG Published Page 183 |
| 13418 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 13419 | Trusted Platform Module Library Part 4: Supporting Routines |
| 13420 | |
| 13421 | 735 for(i = 0; i < allocate->count; i++) |
| 13422 | 736 { |
| 13423 | 737 for(j = 0; j < newAllocate.count; j++) |
| 13424 | 738 { |
| 13425 | 739 // If hash matches, the new allocation covers the old allocation |
| 13426 | 740 // for this particular bank. |
| 13427 | 741 // The assumption is the initial PCR allocation (from manufacture) |
| 13428 | 742 // has all the supported hash algorithms with an assigned bank |
| 13429 | 743 // (possibly empty). So there must be a match for any new bank |
| 13430 | 744 // allocation from the input. |
| 13431 | 745 if(newAllocate.pcrSelections[j].hash == |
| 13432 | 746 allocate->pcrSelections[i].hash) |
| 13433 | 747 { |
| 13434 | 748 newAllocate.pcrSelections[j] = allocate->pcrSelections[i]; |
| 13435 | 749 break; |
| 13436 | 750 } |
| 13437 | 751 } |
| 13438 | 752 // The j loop must exit with a match. |
| 13439 | 753 pAssert(j < newAllocate.count); |
| 13440 | 754 } |
| 13441 | 755 |
| 13442 | 756 // Max PCR in a bank is MIN(implemented PCR, PCR with attributes defined) |
| 13443 | 757 *maxPCR = sizeof(s_initAttributes) / sizeof(PCR_Attributes); |
| 13444 | 758 if(*maxPCR > IMPLEMENTATION_PCR) |
| 13445 | 759 *maxPCR = IMPLEMENTATION_PCR; |
| 13446 | 760 |
| 13447 | 761 // Compute required size for allocation |
| 13448 | 762 *sizeNeeded = 0; |
| 13449 | 763 for(i = 0; i < newAllocate.count; i++) |
| 13450 | 764 { |
| 13451 | 765 UINT32 digestSize |
| 13452 | 766 = CryptGetHashDigestSize(newAllocate.pcrSelections[i].hash); |
| 13453 | 767 #if defined(DRTM_PCR) |
| 13454 | 768 // Make sure that we end up with at least one DRTM PCR |
| 13455 | 769 # define PCR_DRTM (PCR_FIRST + DRTM_PCR) // for cosmetics |
| 13456 | 770 pcrDrtm = pcrDrtm || TEST_BIT(PCR_DRTM, newAllocate.pcrSelections[i]); |
| 13457 | 771 #else // if DRTM PCR is not required, indicate that the allocation is OK |
| 13458 | 772 pcrDrtm = TRUE; |
| 13459 | 773 #endif |
| 13460 | 774 |
| 13461 | 775 #if defined(HCRTM_PCR) |
| 13462 | 776 // and one HCRTM PCR (since this is usually PCR 0...) |
| 13463 | 777 # define PCR_HCRTM (PCR_FIRST + HCRTM_PCR) |
| 13464 | 778 pcrHcrtm = pcrDrtm || TEST_BIT(PCR_HCRTM, newAllocate.pcrSelections[i]); |
| 13465 | 779 #else |
| 13466 | 780 pcrHcrtm = TRUE; |
| 13467 | 781 #endif |
| 13468 | 782 for(j = 0; j < newAllocate.pcrSelections[i].sizeofSelect; j++) |
| 13469 | 783 { |
| 13470 | 784 BYTE mask = 1; |
| 13471 | 785 for(k = 0; k < 8; k++) |
| 13472 | 786 { |
| 13473 | 787 if((newAllocate.pcrSelections[i].pcrSelect[j] & mask) != 0) |
| 13474 | 788 *sizeNeeded += digestSize; |
| 13475 | 789 mask = mask << 1; |
| 13476 | 790 } |
| 13477 | 791 } |
| 13478 | 792 } |
| 13479 | 793 |
| 13480 | 794 if(!pcrDrtm || !pcrHcrtm) |
| 13481 | 795 return TPM_RC_PCR; |
| 13482 | 796 |
| 13483 | 797 // In this particular implementation, we always have enough space to |
| 13484 | 798 // allocate PCR. Different implementation may return a sizeAvailable less |
| 13485 | 799 // than the sizeNeed. |
| 13486 | 800 *sizeAvailable = sizeof(s_pcrs); |
| 13487 | |
| 13488 | Page 184 TCG Published Family "2.0" |
| 13489 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 13490 | Part 4: Supporting Routines Trusted Platform Module Library |
| 13491 | |
| 13492 | 801 |
| 13493 | 802 // Save the required allocation to NV. Note that after NV is written, the |
| 13494 | 803 // PCR allocation in NV is no longer consistent with the RAM data |
| 13495 | 804 // gp.pcrAllocated. The NV version reflect the allocate after next |
| 13496 | 805 // TPM_RESET, while the RAM version reflects the current allocation |
| 13497 | 806 NvWriteReserved(NV_PCR_ALLOCATED, &newAllocate); |
| 13498 | 807 |
| 13499 | 808 return TPM_RC_SUCCESS; |
| 13500 | 809 |
| 13501 | 810 } |
| 13502 | |
| 13503 | |
| 13504 | 8.6.3.25 PCRSetValue() |
| 13505 | |
| 13506 | This function is used to set the designated PCR in all banks to an initial value. The initial value is signed |
| 13507 | and will be sign extended into the entire PCR. |
| 13508 | |
| 13509 | 811 void |
| 13510 | 812 PCRSetValue( |
| 13511 | 813 TPM_HANDLE handle, // IN: the handle of the PCR to set |
| 13512 | 814 INT8 initialValue // IN: the value to set |
| 13513 | 815 ) |
| 13514 | 816 { |
| 13515 | 817 int i; |
| 13516 | 818 UINT32 pcr = handle - PCR_FIRST; |
| 13517 | 819 TPMI_ALG_HASH hash; |
| 13518 | 820 UINT16 digestSize; |
| 13519 | 821 BYTE *pcrData; |
| 13520 | 822 |
| 13521 | 823 // Iterate supported PCR bank algorithms to reset |
| 13522 | 824 for(i = 0; i < HASH_COUNT; i++) |
| 13523 | 825 { |
| 13524 | 826 hash = CryptGetHashAlgByIndex(i); |
| 13525 | 827 // Prevent runaway |
| 13526 | 828 if(hash == TPM_ALG_NULL) |
| 13527 | 829 break; |
| 13528 | 830 |
| 13529 | 831 // Get a pointer to the data |
| 13530 | 832 pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); |
| 13531 | 833 |
| 13532 | 834 // If the PCR is allocated |
| 13533 | 835 if(pcrData != NULL) |
| 13534 | 836 { |
| 13535 | 837 // And the size of the digest |
| 13536 | 838 digestSize = CryptGetHashDigestSize(hash); |
| 13537 | 839 |
| 13538 | 840 // Set the LSO to the input value |
| 13539 | 841 pcrData[digestSize - 1] = initialValue; |
| 13540 | 842 |
| 13541 | 843 // Sign extend |
| 13542 | 844 if(initialValue >= 0) |
| 13543 | 845 MemorySet(pcrData, 0, digestSize - 1); |
| 13544 | 846 else |
| 13545 | 847 MemorySet(pcrData, -1, digestSize - 1); |
| 13546 | 848 } |
| 13547 | 849 } |
| 13548 | 850 } |
| 13549 | |
| 13550 | |
| 13551 | 8.6.3.26 PCRResetDynamics |
| 13552 | |
| 13553 | This function is used to reset a dynamic PCR to 0. This function is used in DRTM sequence. |
| 13554 | |
| 13555 | 851 void |
| 13556 | 852 PCRResetDynamics( |
| 13557 | |
| 13558 | Family "2.0" TCG Published Page 185 |
| 13559 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 13560 | Trusted Platform Module Library Part 4: Supporting Routines |
| 13561 | |
| 13562 | 853 void |
| 13563 | 854 ) |
| 13564 | 855 { |
| 13565 | 856 UINT32 pcr, i; |
| 13566 | 857 |
| 13567 | 858 // Initialize PCR values |
| 13568 | 859 for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) |
| 13569 | 860 { |
| 13570 | 861 // Iterate each hash algorithm bank |
| 13571 | 862 for(i = 0; i < gp.pcrAllocated.count; i++) |
| 13572 | 863 { |
| 13573 | 864 BYTE *pcrData; |
| 13574 | 865 UINT32 pcrSize; |
| 13575 | 866 |
| 13576 | 867 pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); |
| 13577 | 868 |
| 13578 | 869 if(pcrData != NULL) |
| 13579 | 870 { |
| 13580 | 871 pcrSize = |
| 13581 | 872 CryptGetHashDigestSize(gp.pcrAllocated.pcrSelections[i].hash); |
| 13582 | 873 |
| 13583 | 874 // Reset PCR |
| 13584 | 875 // Any PCR can be reset by locality 4 should be reset to 0 |
| 13585 | 876 if((s_initAttributes[pcr].resetLocality & 0x10) != 0) |
| 13586 | 877 MemorySet(pcrData, 0, pcrSize); |
| 13587 | 878 } |
| 13588 | 879 } |
| 13589 | 880 } |
| 13590 | 881 return; |
| 13591 | 882 } |
| 13592 | |
| 13593 | |
| 13594 | 8.6.3.27 PCRCapGetAllocation() |
| 13595 | |
| 13596 | This function is used to get the current allocation of PCR banks. |
| 13597 | |
| 13598 | Return Value Meaning |
| 13599 | |
| 13600 | YES: if the return count is 0 |
| 13601 | NO: if the return count is not 0 |
| 13602 | |
| 13603 | 883 TPMI_YES_NO |
| 13604 | 884 PCRCapGetAllocation( |
| 13605 | 885 UINT32 count, // IN: count of return |
| 13606 | 886 TPML_PCR_SELECTION *pcrSelection // OUT: PCR allocation list |
| 13607 | 887 ) |
| 13608 | 888 { |
| 13609 | 889 if(count == 0) |
| 13610 | 890 { |
| 13611 | 891 pcrSelection->count = 0; |
| 13612 | 892 return YES; |
| 13613 | 893 } |
| 13614 | 894 else |
| 13615 | 895 { |
| 13616 | 896 *pcrSelection = gp.pcrAllocated; |
| 13617 | 897 return NO; |
| 13618 | 898 } |
| 13619 | 899 } |
| 13620 | |
| 13621 | |
| 13622 | 8.6.3.28 PCRSetSelectBit() |
| 13623 | |
| 13624 | This function sets a bit in a bitmap array. |
| 13625 | |
| 13626 | |
| 13627 | Page 186 TCG Published Family "2.0" |
| 13628 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 13629 | Part 4: Supporting Routines Trusted Platform Module Library |
| 13630 | |
| 13631 | 900 static void |
| 13632 | 901 PCRSetSelectBit( |
| 13633 | 902 UINT32 pcr, // IN: PCR number |
| 13634 | 903 BYTE *bitmap // OUT: bit map to be set |
| 13635 | 904 ) |
| 13636 | 905 { |
| 13637 | 906 bitmap[pcr / 8] |= (1 << (pcr % 8)); |
| 13638 | 907 return; |
| 13639 | 908 } |
| 13640 | |
| 13641 | |
| 13642 | 8.6.3.29 PCRGetProperty() |
| 13643 | |
| 13644 | This function returns the selected PCR property. |
| 13645 | |
| 13646 | Return Value Meaning |
| 13647 | |
| 13648 | TRUE the property type is implemented |
| 13649 | FALSE the property type is not implemented |
| 13650 | |
| 13651 | 909 static BOOL |
| 13652 | 910 PCRGetProperty( |
| 13653 | 911 TPM_PT_PCR property, |
| 13654 | 912 TPMS_TAGGED_PCR_SELECT *select |
| 13655 | 913 ) |
| 13656 | 914 { |
| 13657 | 915 UINT32 pcr; |
| 13658 | 916 UINT32 groupIndex; |
| 13659 | 917 |
| 13660 | 918 select->tag = property; |
| 13661 | 919 // Always set the bitmap to be the size of all PCR |
| 13662 | 920 select->sizeofSelect = (IMPLEMENTATION_PCR + 7) / 8; |
| 13663 | 921 |
| 13664 | 922 // Initialize bitmap |
| 13665 | 923 MemorySet(select->pcrSelect, 0, select->sizeofSelect); |
| 13666 | 924 |
| 13667 | 925 // Collecting properties |
| 13668 | 926 for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) |
| 13669 | 927 { |
| 13670 | 928 switch(property) |
| 13671 | 929 { |
| 13672 | 930 case TPM_PT_PCR_SAVE: |
| 13673 | 931 if(s_initAttributes[pcr].stateSave == SET) |
| 13674 | 932 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13675 | 933 break; |
| 13676 | 934 case TPM_PT_PCR_EXTEND_L0: |
| 13677 | 935 if((s_initAttributes[pcr].extendLocality & 0x01) != 0) |
| 13678 | 936 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13679 | 937 break; |
| 13680 | 938 case TPM_PT_PCR_RESET_L0: |
| 13681 | 939 if((s_initAttributes[pcr].resetLocality & 0x01) != 0) |
| 13682 | 940 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13683 | 941 break; |
| 13684 | 942 case TPM_PT_PCR_EXTEND_L1: |
| 13685 | 943 if((s_initAttributes[pcr].extendLocality & 0x02) != 0) |
| 13686 | 944 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13687 | 945 break; |
| 13688 | 946 case TPM_PT_PCR_RESET_L1: |
| 13689 | 947 if((s_initAttributes[pcr].resetLocality & 0x02) != 0) |
| 13690 | 948 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13691 | 949 break; |
| 13692 | 950 case TPM_PT_PCR_EXTEND_L2: |
| 13693 | 951 if((s_initAttributes[pcr].extendLocality & 0x04) != 0) |
| 13694 | 952 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13695 | |
| 13696 | |
| 13697 | Family "2.0" TCG Published Page 187 |
| 13698 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 13699 | Trusted Platform Module Library Part 4: Supporting Routines |
| 13700 | |
| 13701 | 953 break; |
| 13702 | 954 case TPM_PT_PCR_RESET_L2: |
| 13703 | 955 if((s_initAttributes[pcr].resetLocality & 0x04) != 0) |
| 13704 | 956 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13705 | 957 break; |
| 13706 | 958 case TPM_PT_PCR_EXTEND_L3: |
| 13707 | 959 if((s_initAttributes[pcr].extendLocality & 0x08) != 0) |
| 13708 | 960 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13709 | 961 break; |
| 13710 | 962 case TPM_PT_PCR_RESET_L3: |
| 13711 | 963 if((s_initAttributes[pcr].resetLocality & 0x08) != 0) |
| 13712 | 964 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13713 | 965 break; |
| 13714 | 966 case TPM_PT_PCR_EXTEND_L4: |
| 13715 | 967 if((s_initAttributes[pcr].extendLocality & 0x10) != 0) |
| 13716 | 968 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13717 | 969 break; |
| 13718 | 970 case TPM_PT_PCR_RESET_L4: |
| 13719 | 971 if((s_initAttributes[pcr].resetLocality & 0x10) != 0) |
| 13720 | 972 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13721 | 973 break; |
| 13722 | 974 case TPM_PT_PCR_DRTM_RESET: |
| 13723 | 975 // DRTM reset PCRs are the PCR reset by locality 4 |
| 13724 | 976 if((s_initAttributes[pcr].resetLocality & 0x10) != 0) |
| 13725 | 977 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13726 | 978 break; |
| 13727 | 979 #if NUM_POLICY_PCR_GROUP > 0 |
| 13728 | 980 case TPM_PT_PCR_POLICY: |
| 13729 | 981 if(PCRBelongsPolicyGroup(pcr + PCR_FIRST, &groupIndex)) |
| 13730 | 982 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13731 | 983 break; |
| 13732 | 984 #endif |
| 13733 | 985 #if NUM_AUTHVALUE_PCR_GROUP > 0 |
| 13734 | 986 case TPM_PT_PCR_AUTH: |
| 13735 | 987 if(PCRBelongsAuthGroup(pcr + PCR_FIRST, &groupIndex)) |
| 13736 | 988 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13737 | 989 break; |
| 13738 | 990 #endif |
| 13739 | 991 #if ENABLE_PCR_NO_INCREMENT == YES |
| 13740 | 992 case TPM_PT_PCR_NO_INCREMENT: |
| 13741 | 993 if(PCRBelongsTCBGroup(pcr + PCR_FIRST)) |
| 13742 | 994 PCRSetSelectBit(pcr, select->pcrSelect); |
| 13743 | 995 break; |
| 13744 | 996 #endif |
| 13745 | 997 default: |
| 13746 | 998 // If property is not supported, stop scanning PCR attributes |
| 13747 | 999 // and return. |
| 13748 | 1000 return FALSE; |
| 13749 | 1001 break; |
| 13750 | 1002 } |
| 13751 | 1003 } |
| 13752 | 1004 return TRUE; |
| 13753 | 1005 } |
| 13754 | |
| 13755 | |
| 13756 | 8.6.3.30 PCRCapGetProperties() |
| 13757 | |
| 13758 | This function returns a list of PCR properties starting at property. |
| 13759 | |
| 13760 | |
| 13761 | |
| 13762 | |
| 13763 | Page 188 TCG Published Family "2.0" |
| 13764 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 13765 | Part 4: Supporting Routines Trusted Platform Module Library |
| 13766 | |
| 13767 | |
| 13768 | Return Value Meaning |
| 13769 | |
| 13770 | YES: if no more property is available |
| 13771 | NO: if there are more properties not reported |
| 13772 | |
| 13773 | 1006 TPMI_YES_NO |
| 13774 | 1007 PCRCapGetProperties( |
| 13775 | 1008 TPM_PT_PCR property, // IN: the starting PCR property |
| 13776 | 1009 UINT32 count, // IN: count of returned propertie |
| 13777 | 1010 TPML_TAGGED_PCR_PROPERTY *select // OUT: PCR select |
| 13778 | 1011 ) |
| 13779 | 1012 { |
| 13780 | 1013 TPMI_YES_NO more = NO; |
| 13781 | 1014 UINT32 i; |
| 13782 | 1015 |
| 13783 | 1016 // Initialize output property list |
| 13784 | 1017 select->count = 0; |
| 13785 | 1018 |
| 13786 | 1019 // The maximum count of properties we may return is MAX_PCR_PROPERTIES |
| 13787 | 1020 if(count > MAX_PCR_PROPERTIES) count = MAX_PCR_PROPERTIES; |
| 13788 | 1021 |
| 13789 | 1022 // TPM_PT_PCR_FIRST is defined as 0 in spec. It ensures that property |
| 13790 | 1023 // value would never be less than TPM_PT_PCR_FIRST |
| 13791 | 1024 pAssert(TPM_PT_PCR_FIRST == 0); |
| 13792 | 1025 |
| 13793 | 1026 // Iterate PCR properties. TPM_PT_PCR_LAST is the index of the last property |
| 13794 | 1027 // implemented on the TPM. |
| 13795 | 1028 for(i = property; i <= TPM_PT_PCR_LAST; i++) |
| 13796 | 1029 { |
| 13797 | 1030 if(select->count < count) |
| 13798 | 1031 { |
| 13799 | 1032 // If we have not filled up the return list, add more properties to it |
| 13800 | 1033 if(PCRGetProperty(i, &select->pcrProperty[select->count])) |
| 13801 | 1034 // only increment if the property is implemented |
| 13802 | 1035 select->count++; |
| 13803 | 1036 } |
| 13804 | 1037 else |
| 13805 | 1038 { |
| 13806 | 1039 // If the return list is full but we still have properties |
| 13807 | 1040 // available, report this and stop iterating. |
| 13808 | 1041 more = YES; |
| 13809 | 1042 break; |
| 13810 | 1043 } |
| 13811 | 1044 } |
| 13812 | 1045 return more; |
| 13813 | 1046 } |
| 13814 | |
| 13815 | |
| 13816 | 8.6.3.31 PCRCapGetHandles() |
| 13817 | |
| 13818 | This function is used to get a list of handles of PCR, started from handle. If handle exceeds the maximum |
| 13819 | PCR handle range, an empty list will be returned and the return value will be NO. |
| 13820 | |
| 13821 | Return Value Meaning |
| 13822 | |
| 13823 | YES if there are more handles available |
| 13824 | NO all the available handles has been returned |
| 13825 | |
| 13826 | 1047 TPMI_YES_NO |
| 13827 | 1048 PCRCapGetHandles( |
| 13828 | 1049 TPMI_DH_PCR handle, // IN: start handle |
| 13829 | 1050 UINT32 count, // IN: count of returned handle |
| 13830 | 1051 TPML_HANDLE *handleList // OUT: list of handle |
| 13831 | |
| 13832 | Family "2.0" TCG Published Page 189 |
| 13833 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 13834 | Trusted Platform Module Library Part 4: Supporting Routines |
| 13835 | |
| 13836 | 1052 ) |
| 13837 | 1053 { |
| 13838 | 1054 TPMI_YES_NO more = NO; |
| 13839 | 1055 UINT32 i; |
| 13840 | 1056 |
| 13841 | 1057 pAssert(HandleGetType(handle) == TPM_HT_PCR); |
| 13842 | 1058 |
| 13843 | 1059 // Initialize output handle list |
| 13844 | 1060 handleList->count = 0; |
| 13845 | 1061 |
| 13846 | 1062 // The maximum count of handles we may return is MAX_CAP_HANDLES |
| 13847 | 1063 if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; |
| 13848 | 1064 |
| 13849 | 1065 // Iterate PCR handle range |
| 13850 | 1066 for(i = handle & HR_HANDLE_MASK; i <= PCR_LAST; i++) |
| 13851 | 1067 { |
| 13852 | 1068 if(handleList->count < count) |
| 13853 | 1069 { |
| 13854 | 1070 // If we have not filled up the return list, add this PCR |
| 13855 | 1071 // handle to it |
| 13856 | 1072 handleList->handle[handleList->count] = i + PCR_FIRST; |
| 13857 | 1073 handleList->count++; |
| 13858 | 1074 } |
| 13859 | 1075 else |
| 13860 | 1076 { |
| 13861 | 1077 // If the return list is full but we still have PCR handle |
| 13862 | 1078 // available, report this and stop iterating |
| 13863 | 1079 more = YES; |
| 13864 | 1080 break; |
| 13865 | 1081 } |
| 13866 | 1082 } |
| 13867 | 1083 return more; |
| 13868 | 1084 } |
| 13869 | |
| 13870 | |
| 13871 | 8.7 PP.c |
| 13872 | |
| 13873 | 8.7.1 Introduction |
| 13874 | |
| 13875 | This file contains the functions that support the physical presence operations of the TPM. |
| 13876 | |
| 13877 | 8.7.2 Includes |
| 13878 | |
| 13879 | 1 #include "InternalRoutines.h" |
| 13880 | |
| 13881 | |
| 13882 | 8.7.3 Functions |
| 13883 | |
| 13884 | 8.7.3.1 PhysicalPresencePreInstall_Init() |
| 13885 | |
| 13886 | This function is used to initialize the array of commands that require confirmation with physical presence. |
| 13887 | The array is an array of bits that has a correspondence with the command code. |
| 13888 | This command should only ever be executable in a manufacturing setting or in a simulation. |
| 13889 | |
| 13890 | 2 void |
| 13891 | 3 PhysicalPresencePreInstall_Init( |
| 13892 | 4 void |
| 13893 | 5 ) |
| 13894 | 6 { |
| 13895 | 7 // Clear all the PP commands |
| 13896 | 8 MemorySet(&gp.ppList, 0, |
| 13897 | |
| 13898 | |
| 13899 | Page 190 TCG Published Family "2.0" |
| 13900 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 13901 | Part 4: Supporting Routines Trusted Platform Module Library |
| 13902 | |
| 13903 | 9 ((TPM_CC_PP_LAST - TPM_CC_PP_FIRST + 1) + 7) / 8); |
| 13904 | 10 |
| 13905 | 11 // TPM_CC_PP_Commands always requires PP |
| 13906 | 12 if(CommandIsImplemented(TPM_CC_PP_Commands)) |
| 13907 | 13 PhysicalPresenceCommandSet(TPM_CC_PP_Commands); |
| 13908 | 14 |
| 13909 | 15 // Write PP list to NV |
| 13910 | 16 NvWriteReserved(NV_PP_LIST, &gp.ppList); |
| 13911 | 17 |
| 13912 | 18 return; |
| 13913 | 19 } |
| 13914 | |
| 13915 | |
| 13916 | 8.7.3.2 PhysicalPresenceCommandSet() |
| 13917 | |
| 13918 | This function is used to indicate a command that requires PP confirmation. |
| 13919 | |
| 13920 | 20 void |
| 13921 | 21 PhysicalPresenceCommandSet( |
| 13922 | 22 TPM_CC commandCode // IN: command code |
| 13923 | 23 ) |
| 13924 | 24 { |
| 13925 | 25 UINT32 bitPos; |
| 13926 | 26 |
| 13927 | 27 // Assume command is implemented. It should be checked before this |
| 13928 | 28 // function is called |
| 13929 | 29 pAssert(CommandIsImplemented(commandCode)); |
| 13930 | 30 |
| 13931 | 31 // If the command is not a PP command, ignore it |
| 13932 | 32 if(commandCode < TPM_CC_PP_FIRST || commandCode > TPM_CC_PP_LAST) |
| 13933 | 33 return; |
| 13934 | 34 |
| 13935 | 35 bitPos = commandCode - TPM_CC_PP_FIRST; |
| 13936 | 36 |
| 13937 | 37 // Set bit |
| 13938 | 38 gp.ppList[bitPos/8] |= 1 << (bitPos % 8); |
| 13939 | 39 |
| 13940 | 40 return; |
| 13941 | 41 } |
| 13942 | |
| 13943 | |
| 13944 | 8.7.3.3 PhysicalPresenceCommandClear() |
| 13945 | |
| 13946 | This function is used to indicate a command that no longer requires PP confirmation. |
| 13947 | |
| 13948 | 42 void |
| 13949 | 43 PhysicalPresenceCommandClear( |
| 13950 | 44 TPM_CC commandCode // IN: command code |
| 13951 | 45 ) |
| 13952 | 46 { |
| 13953 | 47 UINT32 bitPos; |
| 13954 | 48 |
| 13955 | 49 // Assume command is implemented. It should be checked before this |
| 13956 | 50 // function is called |
| 13957 | 51 pAssert(CommandIsImplemented(commandCode)); |
| 13958 | 52 |
| 13959 | 53 // If the command is not a PP command, ignore it |
| 13960 | 54 if(commandCode < TPM_CC_PP_FIRST || commandCode > TPM_CC_PP_LAST) |
| 13961 | 55 return; |
| 13962 | 56 |
| 13963 | 57 // if the input code is TPM_CC_PP_Commands, it can not be cleared |
| 13964 | 58 if(commandCode == TPM_CC_PP_Commands) |
| 13965 | 59 return; |
| 13966 | 60 |
| 13967 | 61 bitPos = commandCode - TPM_CC_PP_FIRST; |
| 13968 | |
| 13969 | Family "2.0" TCG Published Page 191 |
| 13970 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 13971 | Trusted Platform Module Library Part 4: Supporting Routines |
| 13972 | |
| 13973 | 62 |
| 13974 | 63 // Set bit |
| 13975 | 64 gp.ppList[bitPos/8] |= (1 << (bitPos % 8)); |
| 13976 | 65 // Flip it to off |
| 13977 | 66 gp.ppList[bitPos/8] ^= (1 << (bitPos % 8)); |
| 13978 | 67 |
| 13979 | 68 return; |
| 13980 | 69 } |
| 13981 | |
| 13982 | |
| 13983 | 8.7.3.4 PhysicalPresenceIsRequired() |
| 13984 | |
| 13985 | This function indicates if PP confirmation is required for a command. |
| 13986 | |
| 13987 | Return Value Meaning |
| 13988 | |
| 13989 | TRUE if physical presence is required |
| 13990 | FALSE if physical presence is not required |
| 13991 | |
| 13992 | 70 BOOL |
| 13993 | 71 PhysicalPresenceIsRequired( |
| 13994 | 72 TPM_CC commandCode // IN: command code |
| 13995 | 73 ) |
| 13996 | 74 { |
| 13997 | 75 UINT32 bitPos; |
| 13998 | 76 |
| 13999 | 77 // if the input commandCode is not a PP command, return FALSE |
| 14000 | 78 if(commandCode < TPM_CC_PP_FIRST || commandCode > TPM_CC_PP_LAST) |
| 14001 | 79 return FALSE; |
| 14002 | 80 |
| 14003 | 81 bitPos = commandCode - TPM_CC_PP_FIRST; |
| 14004 | 82 |
| 14005 | 83 // Check the bit map. If the bit is SET, PP authorization is required |
| 14006 | 84 return ((gp.ppList[bitPos/8] & (1 << (bitPos % 8))) != 0); |
| 14007 | 85 |
| 14008 | 86 } |
| 14009 | |
| 14010 | |
| 14011 | 8.7.3.5 PhysicalPresenceCapGetCCList() |
| 14012 | |
| 14013 | This function returns a list of commands that require PP confirmation. The list starts from the first |
| 14014 | implemented command that has a command code that the same or greater than commandCode. |
| 14015 | |
| 14016 | Return Value Meaning |
| 14017 | |
| 14018 | YES if there are more command codes available |
| 14019 | NO all the available command codes have been returned |
| 14020 | |
| 14021 | 87 TPMI_YES_NO |
| 14022 | 88 PhysicalPresenceCapGetCCList( |
| 14023 | 89 TPM_CC commandCode, // IN: start command code |
| 14024 | 90 UINT32 count, // IN: count of returned TPM_CC |
| 14025 | 91 TPML_CC *commandList // OUT: list of TPM_CC |
| 14026 | 92 ) |
| 14027 | 93 { |
| 14028 | 94 TPMI_YES_NO more = NO; |
| 14029 | 95 UINT32 i; |
| 14030 | 96 |
| 14031 | 97 // Initialize output handle list |
| 14032 | 98 commandList->count = 0; |
| 14033 | 99 |
| 14034 | 100 // The maximum count of command we may return is MAX_CAP_CC |
| 14035 | 101 if(count > MAX_CAP_CC) count = MAX_CAP_CC; |
| 14036 | |
| 14037 | Page 192 TCG Published Family "2.0" |
| 14038 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 14039 | Part 4: Supporting Routines Trusted Platform Module Library |
| 14040 | |
| 14041 | 102 |
| 14042 | 103 // Collect PP commands |
| 14043 | 104 for(i = commandCode; i <= TPM_CC_PP_LAST; i++) |
| 14044 | 105 { |
| 14045 | 106 if(PhysicalPresenceIsRequired(i)) |
| 14046 | 107 { |
| 14047 | 108 if(commandList->count < count) |
| 14048 | 109 { |
| 14049 | 110 // If we have not filled up the return list, add this command |
| 14050 | 111 // code to it |
| 14051 | 112 commandList->commandCodes[commandList->count] = i; |
| 14052 | 113 commandList->count++; |
| 14053 | 114 } |
| 14054 | 115 else |
| 14055 | 116 { |
| 14056 | 117 // If the return list is full but we still have PP command |
| 14057 | 118 // available, report this and stop iterating |
| 14058 | 119 more = YES; |
| 14059 | 120 break; |
| 14060 | 121 } |
| 14061 | 122 } |
| 14062 | 123 } |
| 14063 | 124 return more; |
| 14064 | 125 } |
| 14065 | |
| 14066 | |
| 14067 | 8.8 Session.c |
| 14068 | |
| 14069 | 8.8.1 Introduction |
| 14070 | |
| 14071 | The code in this file is used to manage the session context counter. The scheme implemented here is a |
| 14072 | "truncated counter". This scheme allows the TPM to not need TPM_SU_CLEAR for a very long period of |
| 14073 | time and still not have the context count for a session repeated. |
| 14074 | The counter (contextCounter)in this implementation is a UINT64 but can be smaller. The "tracking array" |
| 14075 | (contextArray) only has 16-bits per context. The tracking array is the data that needs to be saved and |
| 14076 | restored across TPM_SU_STATE so that sessions are not lost when the system enters the sleep state. |
| 14077 | Also, when the TPM is active, the tracking array is kept in RAM making it important that the number of |
| 14078 | bytes for each entry be kept as small as possible. |
| 14079 | The TPM prevents collisions of these truncated values by not allowing a contextID to be assigned if it |
| 14080 | would be the same as an existing value. Since the array holds 16 bits, after a context has been saved, |
| 14081 | an additional 2^16-1 contexts may be saved before the count would again match. The normal |
| 14082 | expectation is that the context will be flushed before its count value is needed again but it is always |
| 14083 | possible to have long-lived sessions. |
| 14084 | The contextID is assigned when the context is saved (TPM2_ContextSave()). At that time, the TPM will |
| 14085 | compare the low-order 16 bits of contextCounter to the existing values in contextArray and if one |
| 14086 | matches, the TPM will return TPM_RC_CONTEXT_GAP (by construction, the entry that contains the |
| 14087 | matching value is the oldest context). |
| 14088 | The expected remediation by the TRM is to load the oldest saved session context (the one found by the |
| 14089 | TPM), and save it. Since loading the oldest session also eliminates its contextID value from contextArray, |
| 14090 | there TPM will always be able to load and save the oldest existing context. |
| 14091 | In the worst case, software may have to load and save several contexts in order to save an additional |
| 14092 | one. This should happen very infrequently. |
| 14093 | When the TPM searches contextArray and finds that none of the contextIDs match the low-order 16-bits |
| 14094 | of contextCount, the TPM can copy the low bits to the contextArray associated with the session, and |
| 14095 | increment contextCount. |
| 14096 | |
| 14097 | |
| 14098 | |
| 14099 | Family "2.0" TCG Published Page 193 |
| 14100 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 14101 | Trusted Platform Module Library Part 4: Supporting Routines |
| 14102 | |
| 14103 | |
| 14104 | There is one entry in contextArray for each of the active sessions allowed by the TPM implementation. |
| 14105 | This array contains either a context count, an index, or a value indicating the slot is available (0). |
| 14106 | The index into the contextArray is the handle for the session with the region selector byte of the session |
| 14107 | set to zero. If an entry in contextArray contains 0, then the corresponding handle may be assigned to a |
| 14108 | session. If the entry contains a value that is less than or equal to the number of loaded sessions for the |
| 14109 | TPM, then the array entry is the slot in which the context is loaded. |
| 14110 | |
| 14111 | EXAMPLE: If the TPM allows 8 loaded sessions, then the slot numbers would be 1-8 and a contextArrary value in that |
| 14112 | range would represent the loaded session. |
| 14113 | |
| 14114 | NOTE: When the TPM firmware determines that the array entry is for a loaded session, it will subtract 1 to create the |
| 14115 | zero-based slot number. |
| 14116 | |
| 14117 | There is one significant corner case in this scheme. When the contextCount is equal to a value in the |
| 14118 | contextArray, the oldest session needs to be recycled or flushed. In order to recycle the session, it must |
| 14119 | be loaded. To be loaded, there must be an available slot. Rather than require that a spare slot be |
| 14120 | available all the time, the TPM will check to see if the contextCount is equal to some value in the |
| 14121 | contextArray when a session is created. This prevents the last session slot from being used when it is |
| 14122 | likely that a session will need to be recycled. |
| 14123 | If a TPM with both 1.2 and 2.0 functionality uses this scheme for both 1.2 and 2.0 sessions, and the list of |
| 14124 | active contexts is read with TPM_GetCapabiltiy(), the TPM will create 32-bit representations of the list that |
| 14125 | contains 16-bit values (the TPM2_GetCapability() returns a list of handles for active sessions rather than |
| 14126 | a list of contextID). The full contextID has high-order bits that are either the same as the current |
| 14127 | contextCount or one less. It is one less if the 16-bits of the contextArray has a value that is larger than |
| 14128 | the low-order 16 bits of contextCount. |
| 14129 | |
| 14130 | 8.8.2 Includes, Defines, and Local Variables |
| 14131 | |
| 14132 | 1 #define SESSION_C |
| 14133 | 2 #include "InternalRoutines.h" |
| 14134 | 3 #include "Platform.h" |
| 14135 | 4 #include "SessionProcess_fp.h" |
| 14136 | |
| 14137 | |
| 14138 | 8.8.3 File Scope Function -- ContextIdSetOldest() |
| 14139 | |
| 14140 | This function is called when the oldest contextID is being loaded or deleted. Once a saved context |
| 14141 | becomes the oldest, it stays the oldest until it is deleted. |
| 14142 | Finding the oldest is a bit tricky. It is not just the numeric comparison of values but is dependent on the |
| 14143 | value of contextCounter. |
| 14144 | Assume we have a small contextArray with 8, 4-bit values with values 1 and 2 used to indicate the loaded |
| 14145 | context slot number. Also assume that the array contains hex values of (0 0 1 0 3 0 9 F) and that the |
| 14146 | contextCounter is an 8-bit counter with a value of 0x37. Since the low nibble is 7, that means that values |
| 14147 | above 7 are older than values below it and, in this example, 9 is the oldest value. |
| 14148 | Note if we subtract the counter value, from each slot that contains a saved contextID we get (- - - - B - 2 - |
| 14149 | 8) and the oldest entry is now easy to find. |
| 14150 | |
| 14151 | 5 static void |
| 14152 | 6 ContextIdSetOldest( |
| 14153 | 7 void |
| 14154 | 8 ) |
| 14155 | 9 { |
| 14156 | 10 CONTEXT_SLOT lowBits; |
| 14157 | 11 CONTEXT_SLOT entry; |
| 14158 | 12 CONTEXT_SLOT smallest = ((CONTEXT_SLOT) ~0); |
| 14159 | 13 UINT32 i; |
| 14160 | |
| 14161 | |
| 14162 | Page 194 TCG Published Family "2.0" |
| 14163 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 14164 | Part 4: Supporting Routines Trusted Platform Module Library |
| 14165 | |
| 14166 | 14 |
| 14167 | 15 // Set oldestSaveContext to a value indicating none assigned |
| 14168 | 16 s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; |
| 14169 | 17 |
| 14170 | 18 lowBits = (CONTEXT_SLOT)gr.contextCounter; |
| 14171 | 19 for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) |
| 14172 | 20 { |
| 14173 | 21 entry = gr.contextArray[i]; |
| 14174 | 22 |
| 14175 | 23 // only look at entries that are saved contexts |
| 14176 | 24 if(entry > MAX_LOADED_SESSIONS) |
| 14177 | 25 { |
| 14178 | 26 // Use a less than or equal in case the oldest |
| 14179 | 27 // is brand new (= lowBits-1) and equal to our initial |
| 14180 | 28 // value for smallest. |
| 14181 | 29 if(((CONTEXT_SLOT) (entry - lowBits)) <= smallest) |
| 14182 | 30 { |
| 14183 | 31 smallest = (entry - lowBits); |
| 14184 | 32 s_oldestSavedSession = i; |
| 14185 | 33 } |
| 14186 | 34 } |
| 14187 | 35 } |
| 14188 | 36 // When we finish, either the s_oldestSavedSession still has its initial |
| 14189 | 37 // value, or it has the index of the oldest saved context. |
| 14190 | 38 } |
| 14191 | |
| 14192 | |
| 14193 | 8.8.4 Startup Function -- SessionStartup() |
| 14194 | |
| 14195 | This function initializes the session subsystem on TPM2_Startup(). |
| 14196 | |
| 14197 | 39 void |
| 14198 | 40 SessionStartup( |
| 14199 | 41 STARTUP_TYPE type |
| 14200 | 42 ) |
| 14201 | 43 { |
| 14202 | 44 UINT32 i; |
| 14203 | 45 |
| 14204 | 46 // Initialize session slots. At startup, all the in-memory session slots |
| 14205 | 47 // are cleared and marked as not occupied |
| 14206 | 48 for(i = 0; i < MAX_LOADED_SESSIONS; i++) |
| 14207 | 49 s_sessions[i].occupied = FALSE; // session slot is not occupied |
| 14208 | 50 |
| 14209 | 51 // The free session slots the number of maximum allowed loaded sessions |
| 14210 | 52 s_freeSessionSlots = MAX_LOADED_SESSIONS; |
| 14211 | 53 |
| 14212 | 54 // Initialize context ID data. On a ST_SAVE or hibernate sequence, it will |
| 14213 | 55 // scan the saved array of session context counts, and clear any entry that |
| 14214 | 56 // references a session that was in memory during the state save since that |
| 14215 | 57 // memory was not preserved over the ST_SAVE. |
| 14216 | 58 if(type == SU_RESUME || type == SU_RESTART) |
| 14217 | 59 { |
| 14218 | 60 // On ST_SAVE we preserve the contexts that were saved but not the ones |
| 14219 | 61 // in memory |
| 14220 | 62 for (i = 0; i < MAX_ACTIVE_SESSIONS; i++) |
| 14221 | 63 { |
| 14222 | 64 // If the array value is unused or references a loaded session then |
| 14223 | 65 // that loaded session context is lost and the array entry is |
| 14224 | 66 // reclaimed. |
| 14225 | 67 if (gr.contextArray[i] <= MAX_LOADED_SESSIONS) |
| 14226 | 68 gr.contextArray[i] = 0; |
| 14227 | 69 } |
| 14228 | 70 // Find the oldest session in context ID data and set it in |
| 14229 | 71 // s_oldestSavedSession |
| 14230 | 72 ContextIdSetOldest(); |
| 14231 | |
| 14232 | |
| 14233 | Family "2.0" TCG Published Page 195 |
| 14234 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 14235 | Trusted Platform Module Library Part 4: Supporting Routines |
| 14236 | |
| 14237 | 73 } |
| 14238 | 74 else |
| 14239 | 75 { |
| 14240 | 76 // For STARTUP_CLEAR, clear out the contextArray |
| 14241 | 77 for (i = 0; i < MAX_ACTIVE_SESSIONS; i++) |
| 14242 | 78 gr.contextArray[i] = 0; |
| 14243 | 79 |
| 14244 | 80 // reset the context counter |
| 14245 | 81 gr.contextCounter = MAX_LOADED_SESSIONS + 1; |
| 14246 | 82 |
| 14247 | 83 // Initialize oldest saved session |
| 14248 | 84 s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; |
| 14249 | 85 } |
| 14250 | 86 return; |
| 14251 | 87 } |
| 14252 | |
| 14253 | |
| 14254 | 8.8.5 Access Functions |
| 14255 | |
| 14256 | 8.8.5.1 SessionIsLoaded() |
| 14257 | |
| 14258 | This function test a session handle references a loaded session. The handle must have previously been |
| 14259 | checked to make sure that it is a valid handle for an authorization session. |
| 14260 | |
| 14261 | NOTE: A PWAP authorization does not have a session. |
| 14262 | |
| 14263 | |
| 14264 | Return Value Meaning |
| 14265 | |
| 14266 | TRUE if session is loaded |
| 14267 | FALSE if it is not loaded |
| 14268 | |
| 14269 | 88 BOOL |
| 14270 | 89 SessionIsLoaded( |
| 14271 | 90 TPM_HANDLE handle // IN: session handle |
| 14272 | 91 ) |
| 14273 | 92 { |
| 14274 | 93 pAssert( HandleGetType(handle) == TPM_HT_POLICY_SESSION |
| 14275 | 94 || HandleGetType(handle) == TPM_HT_HMAC_SESSION); |
| 14276 | 95 |
| 14277 | 96 handle = handle & HR_HANDLE_MASK; |
| 14278 | 97 |
| 14279 | 98 // if out of range of possible active session, or not assigned to a loaded |
| 14280 | 99 // session return false |
| 14281 | 100 if( handle >= MAX_ACTIVE_SESSIONS |
| 14282 | 101 || gr.contextArray[handle] == 0 |
| 14283 | 102 || gr.contextArray[handle] > MAX_LOADED_SESSIONS |
| 14284 | 103 ) |
| 14285 | 104 return FALSE; |
| 14286 | 105 |
| 14287 | 106 return TRUE; |
| 14288 | 107 } |
| 14289 | |
| 14290 | |
| 14291 | 8.8.5.2 SessionIsSaved() |
| 14292 | |
| 14293 | This function test a session handle references a saved session. The handle must have previously been |
| 14294 | checked to make sure that it is a valid handle for an authorization session. |
| 14295 | |
| 14296 | NOTE: An password authorization does not have a session. |
| 14297 | |
| 14298 | This function requires that the handle be a valid session handle. |
| 14299 | |
| 14300 | |
| 14301 | Page 196 TCG Published Family "2.0" |
| 14302 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 14303 | Part 4: Supporting Routines Trusted Platform Module Library |
| 14304 | |
| 14305 | |
| 14306 | Return Value Meaning |
| 14307 | |
| 14308 | TRUE if session is saved |
| 14309 | FALSE if it is not saved |
| 14310 | |
| 14311 | 108 BOOL |
| 14312 | 109 SessionIsSaved( |
| 14313 | 110 TPM_HANDLE handle // IN: session handle |
| 14314 | 111 ) |
| 14315 | 112 { |
| 14316 | 113 pAssert( HandleGetType(handle) == TPM_HT_POLICY_SESSION |
| 14317 | 114 || HandleGetType(handle) == TPM_HT_HMAC_SESSION); |
| 14318 | 115 |
| 14319 | 116 handle = handle & HR_HANDLE_MASK; |
| 14320 | 117 // if out of range of possible active session, or not assigned, or |
| 14321 | 118 // assigned to a loaded session, return false |
| 14322 | 119 if( handle >= MAX_ACTIVE_SESSIONS |
| 14323 | 120 || gr.contextArray[handle] == 0 |
| 14324 | 121 || gr.contextArray[handle] <= MAX_LOADED_SESSIONS |
| 14325 | 122 ) |
| 14326 | 123 return FALSE; |
| 14327 | 124 |
| 14328 | 125 return TRUE; |
| 14329 | 126 } |
| 14330 | |
| 14331 | |
| 14332 | 8.8.5.3 SessionPCRValueIsCurrent() |
| 14333 | |
| 14334 | This function is used to check if PCR values have been updated since the last time they were checked in |
| 14335 | a policy session. |
| 14336 | This function requires the session is loaded. |
| 14337 | |
| 14338 | Return Value Meaning |
| 14339 | |
| 14340 | TRUE if PCR value is current |
| 14341 | FALSE if PCR value is not current |
| 14342 | |
| 14343 | 127 BOOL |
| 14344 | 128 SessionPCRValueIsCurrent( |
| 14345 | 129 TPMI_SH_POLICY handle // IN: session handle |
| 14346 | 130 ) |
| 14347 | 131 { |
| 14348 | 132 SESSION *session; |
| 14349 | 133 |
| 14350 | 134 pAssert(SessionIsLoaded(handle)); |
| 14351 | 135 |
| 14352 | 136 session = SessionGet(handle); |
| 14353 | 137 if( session->pcrCounter != 0 |
| 14354 | 138 && session->pcrCounter != gr.pcrCounter |
| 14355 | 139 ) |
| 14356 | 140 return FALSE; |
| 14357 | 141 else |
| 14358 | 142 return TRUE; |
| 14359 | 143 } |
| 14360 | |
| 14361 | |
| 14362 | 8.8.5.4 SessionGet() |
| 14363 | |
| 14364 | This function returns a pointer to the session object associated with a session handle. |
| 14365 | The function requires that the session is loaded. |
| 14366 | |
| 14367 | |
| 14368 | Family "2.0" TCG Published Page 197 |
| 14369 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 14370 | Trusted Platform Module Library Part 4: Supporting Routines |
| 14371 | |
| 14372 | 144 SESSION * |
| 14373 | 145 SessionGet( |
| 14374 | 146 TPM_HANDLE handle // IN: session handle |
| 14375 | 147 ) |
| 14376 | 148 { |
| 14377 | 149 CONTEXT_SLOT sessionIndex; |
| 14378 | 150 |
| 14379 | 151 pAssert( HandleGetType(handle) == TPM_HT_POLICY_SESSION |
| 14380 | 152 || HandleGetType(handle) == TPM_HT_HMAC_SESSION |
| 14381 | 153 ); |
| 14382 | 154 |
| 14383 | 155 pAssert((handle & HR_HANDLE_MASK) < MAX_ACTIVE_SESSIONS); |
| 14384 | 156 |
| 14385 | 157 // get the contents of the session array. Because session is loaded, we |
| 14386 | 158 // should always get a valid sessionIndex |
| 14387 | 159 sessionIndex = gr.contextArray[handle & HR_HANDLE_MASK] - 1; |
| 14388 | 160 |
| 14389 | 161 pAssert(sessionIndex < MAX_LOADED_SESSIONS); |
| 14390 | 162 |
| 14391 | 163 return &s_sessions[sessionIndex].session; |
| 14392 | 164 } |
| 14393 | |
| 14394 | |
| 14395 | 8.8.6 Utility Functions |
| 14396 | |
| 14397 | 8.8.6.1 ContextIdSessionCreate() |
| 14398 | |
| 14399 | This function is called when a session is created. It will check to see if the current gap would prevent a |
| 14400 | context from being saved. If so it will return TPM_RC_CONTEXT_GAP. Otherwise, it will try to find an |
| 14401 | open slot in contextArray, set contextArray to the slot. |
| 14402 | This routine requires that the caller has determined the session array index for the session. |
| 14403 | |
| 14404 | return type TPM_RC |
| 14405 | |
| 14406 | TPM_RC_SUCCESS context ID was assigned |
| 14407 | TPM_RC_CONTEXT_GAP can't assign a new contextID until the oldest saved session context is |
| 14408 | recycled |
| 14409 | TPM_RC_SESSION_HANDLE there is no slot available in the context array for tracking of this |
| 14410 | session context |
| 14411 | |
| 14412 | 165 static TPM_RC |
| 14413 | 166 ContextIdSessionCreate ( |
| 14414 | 167 TPM_HANDLE *handle, // OUT: receives the assigned handle. This will |
| 14415 | 168 // be an index that must be adjusted by the |
| 14416 | 169 // caller according to the type of the |
| 14417 | 170 // session created |
| 14418 | 171 UINT32 sessionIndex // IN: The session context array entry that will |
| 14419 | 172 // be occupied by the created session |
| 14420 | 173 ) |
| 14421 | 174 { |
| 14422 | 175 |
| 14423 | 176 pAssert(sessionIndex < MAX_LOADED_SESSIONS); |
| 14424 | 177 |
| 14425 | 178 // check to see if creating the context is safe |
| 14426 | 179 // Is this going to be an assignment for the last session context |
| 14427 | 180 // array entry? If so, then there will be no room to recycle the |
| 14428 | 181 // oldest context if needed. If the gap is not at maximum, then |
| 14429 | 182 // it will be possible to save a context if it becomes necessary. |
| 14430 | 183 if( s_oldestSavedSession < MAX_ACTIVE_SESSIONS |
| 14431 | 184 && s_freeSessionSlots == 1) |
| 14432 | 185 { |
| 14433 | 186 // See if the gap is at maximum |
| 14434 | |
| 14435 | Page 198 TCG Published Family "2.0" |
| 14436 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 14437 | Part 4: Supporting Routines Trusted Platform Module Library |
| 14438 | |
| 14439 | 187 if( (CONTEXT_SLOT)gr.contextCounter |
| 14440 | 188 == gr.contextArray[s_oldestSavedSession]) |
| 14441 | 189 |
| 14442 | 190 // Note: if this is being used on a TPM.combined, this return |
| 14443 | 191 // code should be transformed to an appropriate 1.2 error |
| 14444 | 192 // code for this case. |
| 14445 | 193 return TPM_RC_CONTEXT_GAP; |
| 14446 | 194 } |
| 14447 | 195 |
| 14448 | 196 // Find an unoccupied entry in the contextArray |
| 14449 | 197 for(*handle = 0; *handle < MAX_ACTIVE_SESSIONS; (*handle)++) |
| 14450 | 198 { |
| 14451 | 199 if(gr.contextArray[*handle] == 0) |
| 14452 | 200 { |
| 14453 | 201 // indicate that the session associated with this handle |
| 14454 | 202 // references a loaded session |
| 14455 | 203 gr.contextArray[*handle] = (CONTEXT_SLOT)(sessionIndex+1); |
| 14456 | 204 return TPM_RC_SUCCESS; |
| 14457 | 205 } |
| 14458 | 206 } |
| 14459 | 207 return TPM_RC_SESSION_HANDLES; |
| 14460 | 208 } |
| 14461 | |
| 14462 | |
| 14463 | 8.8.6.2 SessionCreate() |
| 14464 | |
| 14465 | This function does the detailed work for starting an authorization session. This is done in a support |
| 14466 | routine rather than in the action code because the session management may differ in implementations. |
| 14467 | This implementation uses a fixed memory allocation to hold sessions and a fixed allocation to hold the |
| 14468 | contextID for the saved contexts. |
| 14469 | |
| 14470 | Error Returns Meaning |
| 14471 | |
| 14472 | TPM_RC_CONTEXT_GAP need to recycle sessions |
| 14473 | TPM_RC_SESSION_HANDLE active session space is full |
| 14474 | TPM_RC_SESSION_MEMORY loaded session space is full |
| 14475 | |
| 14476 | 209 TPM_RC |
| 14477 | 210 SessionCreate( |
| 14478 | 211 TPM_SE sessionType, // IN: the session type |
| 14479 | 212 TPMI_ALG_HASH authHash, // IN: the hash algorithm |
| 14480 | 213 TPM2B_NONCE *nonceCaller, // IN: initial nonceCaller |
| 14481 | 214 TPMT_SYM_DEF *symmetric, // IN: the symmetric algorithm |
| 14482 | 215 TPMI_DH_ENTITY bind, // IN: the bind object |
| 14483 | 216 TPM2B_DATA *seed, // IN: seed data |
| 14484 | 217 TPM_HANDLE *sessionHandle // OUT: the session handle |
| 14485 | 218 ) |
| 14486 | 219 { |
| 14487 | 220 TPM_RC result = TPM_RC_SUCCESS; |
| 14488 | 221 CONTEXT_SLOT slotIndex; |
| 14489 | 222 SESSION *session = NULL; |
| 14490 | 223 |
| 14491 | 224 pAssert( sessionType == TPM_SE_HMAC |
| 14492 | 225 || sessionType == TPM_SE_POLICY |
| 14493 | 226 || sessionType == TPM_SE_TRIAL); |
| 14494 | 227 |
| 14495 | 228 // If there are no open spots in the session array, then no point in searching |
| 14496 | 229 if(s_freeSessionSlots == 0) |
| 14497 | 230 return TPM_RC_SESSION_MEMORY; |
| 14498 | 231 |
| 14499 | 232 // Find a space for loading a session |
| 14500 | 233 for(slotIndex = 0; slotIndex < MAX_LOADED_SESSIONS; slotIndex++) |
| 14501 | 234 { |
| 14502 | |
| 14503 | Family "2.0" TCG Published Page 199 |
| 14504 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 14505 | Trusted Platform Module Library Part 4: Supporting Routines |
| 14506 | |
| 14507 | 235 // Is this available? |
| 14508 | 236 if(s_sessions[slotIndex].occupied == FALSE) |
| 14509 | 237 { |
| 14510 | 238 session = &s_sessions[slotIndex].session; |
| 14511 | 239 break; |
| 14512 | 240 } |
| 14513 | 241 } |
| 14514 | 242 // if no spot found, then this is an internal error |
| 14515 | 243 pAssert (slotIndex < MAX_LOADED_SESSIONS); |
| 14516 | 244 |
| 14517 | 245 // Call context ID function to get a handle. TPM_RC_SESSION_HANDLE may be |
| 14518 | 246 // returned from ContextIdHandelAssign() |
| 14519 | 247 result = ContextIdSessionCreate(sessionHandle, slotIndex); |
| 14520 | 248 if(result != TPM_RC_SUCCESS) |
| 14521 | 249 return result; |
| 14522 | 250 |
| 14523 | 251 //*** Only return from this point on is TPM_RC_SUCCESS |
| 14524 | 252 |
| 14525 | 253 // Can now indicate that the session array entry is occupied. |
| 14526 | 254 s_freeSessionSlots--; |
| 14527 | 255 s_sessions[slotIndex].occupied = TRUE; |
| 14528 | 256 |
| 14529 | 257 // Initialize the session data |
| 14530 | 258 MemorySet(session, 0, sizeof(SESSION)); |
| 14531 | 259 |
| 14532 | 260 // Initialize internal session data |
| 14533 | 261 session->authHashAlg = authHash; |
| 14534 | 262 // Initialize session type |
| 14535 | 263 if(sessionType == TPM_SE_HMAC) |
| 14536 | 264 { |
| 14537 | 265 *sessionHandle += HMAC_SESSION_FIRST; |
| 14538 | 266 |
| 14539 | 267 } |
| 14540 | 268 else |
| 14541 | 269 { |
| 14542 | 270 *sessionHandle += POLICY_SESSION_FIRST; |
| 14543 | 271 |
| 14544 | 272 // For TPM_SE_POLICY or TPM_SE_TRIAL |
| 14545 | 273 session->attributes.isPolicy = SET; |
| 14546 | 274 if(sessionType == TPM_SE_TRIAL) |
| 14547 | 275 session->attributes.isTrialPolicy = SET; |
| 14548 | 276 |
| 14549 | 277 // Initialize policy session data |
| 14550 | 278 SessionInitPolicyData(session); |
| 14551 | 279 } |
| 14552 | 280 // Create initial session nonce |
| 14553 | 281 session->nonceTPM.t.size = nonceCaller->t.size; |
| 14554 | 282 CryptGenerateRandom(session->nonceTPM.t.size, session->nonceTPM.t.buffer); |
| 14555 | 283 |
| 14556 | 284 // Set up session parameter encryption algorithm |
| 14557 | 285 session->symmetric = *symmetric; |
| 14558 | 286 |
| 14559 | 287 // If there is a bind object or a session secret, then need to compute |
| 14560 | 288 // a sessionKey. |
| 14561 | 289 if(bind != TPM_RH_NULL || seed->t.size != 0) |
| 14562 | 290 { |
| 14563 | 291 // sessionKey = KDFa(hash, (authValue || seed), "ATH", nonceTPM, |
| 14564 | 292 // nonceCaller, bits) |
| 14565 | 293 // The HMAC key for generating the sessionSecret can be the concatenation |
| 14566 | 294 // of an authorization value and a seed value |
| 14567 | 295 TPM2B_TYPE(KEY, (sizeof(TPMT_HA) + sizeof(seed->t.buffer))); |
| 14568 | 296 TPM2B_KEY key; |
| 14569 | 297 |
| 14570 | 298 UINT16 hashSize; // The size of the hash used by the |
| 14571 | 299 // session crated by this command |
| 14572 | 300 TPM2B_AUTH entityAuth; // The authValue of the entity |
| 14573 | |
| 14574 | Page 200 TCG Published Family "2.0" |
| 14575 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 14576 | Part 4: Supporting Routines Trusted Platform Module Library |
| 14577 | |
| 14578 | 301 // associated with HMAC session |
| 14579 | 302 |
| 14580 | 303 // Get hash size, which is also the length of sessionKey |
| 14581 | 304 hashSize = CryptGetHashDigestSize(session->authHashAlg); |
| 14582 | 305 |
| 14583 | 306 // Get authValue of associated entity |
| 14584 | 307 entityAuth.t.size = EntityGetAuthValue(bind, &entityAuth.t.buffer); |
| 14585 | 308 |
| 14586 | 309 // Concatenate authValue and seed |
| 14587 | 310 pAssert(entityAuth.t.size + seed->t.size <= sizeof(key.t.buffer)); |
| 14588 | 311 MemoryCopy2B(&key.b, &entityAuth.b, sizeof(key.t.buffer)); |
| 14589 | 312 MemoryConcat2B(&key.b, &seed->b, sizeof(key.t.buffer)); |
| 14590 | 313 |
| 14591 | 314 session->sessionKey.t.size = hashSize; |
| 14592 | 315 |
| 14593 | 316 // Compute the session key |
| 14594 | 317 KDFa(session->authHashAlg, &key.b, "ATH", &session->nonceTPM.b, |
| 14595 | 318 &nonceCaller->b, hashSize * 8, session->sessionKey.t.buffer, NULL); |
| 14596 | 319 } |
| 14597 | 320 |
| 14598 | 321 // Copy the name of the entity that the HMAC session is bound to |
| 14599 | 322 // Policy session is not bound to an entity |
| 14600 | 323 if(bind != TPM_RH_NULL && sessionType == TPM_SE_HMAC) |
| 14601 | 324 { |
| 14602 | 325 session->attributes.isBound = SET; |
| 14603 | 326 SessionComputeBoundEntity(bind, &session->u1.boundEntity); |
| 14604 | 327 } |
| 14605 | 328 // If there is a bind object and it is subject to DA, then use of this session |
| 14606 | 329 // is subject to DA regardless of how it is used. |
| 14607 | 330 session->attributes.isDaBound = (bind != TPM_RH_NULL) |
| 14608 | 331 && (IsDAExempted(bind) == FALSE); |
| 14609 | 332 |
| 14610 | 333 // If the session is bound, then check to see if it is bound to lockoutAuth |
| 14611 | 334 session->attributes.isLockoutBound = (session->attributes.isDaBound == SET) |
| 14612 | 335 && (bind == TPM_RH_LOCKOUT); |
| 14613 | 336 return TPM_RC_SUCCESS; |
| 14614 | 337 |
| 14615 | 338 } |
| 14616 | |
| 14617 | |
| 14618 | 8.8.6.3 SessionContextSave() |
| 14619 | |
| 14620 | This function is called when a session context is to be saved. The contextID of the saved session is |
| 14621 | returned. If no contextID can be assigned, then the routine returns TPM_RC_CONTEXT_GAP. If the |
| 14622 | function completes normally, the session slot will be freed. |
| 14623 | This function requires that handle references a loaded session. Otherwise, it should not be called at the |
| 14624 | first place. |
| 14625 | |
| 14626 | Error Returns Meaning |
| 14627 | |
| 14628 | TPM_RC_CONTEXT_GAP a contextID could not be assigned. |
| 14629 | TPM_RC_TOO_MANY_CONTEXTS the counter maxed out |
| 14630 | |
| 14631 | 339 TPM_RC |
| 14632 | 340 SessionContextSave ( |
| 14633 | 341 TPM_HANDLE handle, // IN: session handle |
| 14634 | 342 CONTEXT_COUNTER *contextID // OUT: assigned contextID |
| 14635 | 343 ) |
| 14636 | 344 { |
| 14637 | 345 UINT32 contextIndex; |
| 14638 | 346 CONTEXT_SLOT slotIndex; |
| 14639 | 347 |
| 14640 | 348 pAssert(SessionIsLoaded(handle)); |
| 14641 | |
| 14642 | Family "2.0" TCG Published Page 201 |
| 14643 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 14644 | Trusted Platform Module Library Part 4: Supporting Routines |
| 14645 | |
| 14646 | 349 |
| 14647 | 350 // check to see if the gap is already maxed out |
| 14648 | 351 // Need to have a saved session |
| 14649 | 352 if( s_oldestSavedSession < MAX_ACTIVE_SESSIONS |
| 14650 | 353 // if the oldest saved session has the same value as the low bits |
| 14651 | 354 // of the contextCounter, then the GAP is maxed out. |
| 14652 | 355 && gr.contextArray[s_oldestSavedSession] == (CONTEXT_SLOT)gr.contextCounter) |
| 14653 | 356 return TPM_RC_CONTEXT_GAP; |
| 14654 | 357 |
| 14655 | 358 // if the caller wants the context counter, set it |
| 14656 | 359 if(contextID != NULL) |
| 14657 | 360 *contextID = gr.contextCounter; |
| 14658 | 361 |
| 14659 | 362 pAssert((handle & HR_HANDLE_MASK) < MAX_ACTIVE_SESSIONS); |
| 14660 | 363 |
| 14661 | 364 contextIndex = handle & HR_HANDLE_MASK; |
| 14662 | 365 |
| 14663 | 366 // Extract the session slot number referenced by the contextArray |
| 14664 | 367 // because we are going to overwrite this with the low order |
| 14665 | 368 // contextID value. |
| 14666 | 369 slotIndex = gr.contextArray[contextIndex] - 1; |
| 14667 | 370 |
| 14668 | 371 // Set the contextID for the contextArray |
| 14669 | 372 gr.contextArray[contextIndex] = (CONTEXT_SLOT)gr.contextCounter; |
| 14670 | 373 |
| 14671 | 374 // Increment the counter |
| 14672 | 375 gr.contextCounter++; |
| 14673 | 376 |
| 14674 | 377 // In the unlikely event that the 64-bit context counter rolls over... |
| 14675 | 378 if(gr.contextCounter == 0) |
| 14676 | 379 { |
| 14677 | 380 // back it up |
| 14678 | 381 gr.contextCounter--; |
| 14679 | 382 // return an error |
| 14680 | 383 return TPM_RC_TOO_MANY_CONTEXTS; |
| 14681 | 384 } |
| 14682 | 385 // if the low-order bits wrapped, need to advance the value to skip over |
| 14683 | 386 // the values used to indicate that a session is loaded |
| 14684 | 387 if(((CONTEXT_SLOT)gr.contextCounter) == 0) |
| 14685 | 388 gr.contextCounter += MAX_LOADED_SESSIONS + 1; |
| 14686 | 389 |
| 14687 | 390 // If no other sessions are saved, this is now the oldest. |
| 14688 | 391 if(s_oldestSavedSession >= MAX_ACTIVE_SESSIONS) |
| 14689 | 392 s_oldestSavedSession = contextIndex; |
| 14690 | 393 |
| 14691 | 394 // Mark the session slot as unoccupied |
| 14692 | 395 s_sessions[slotIndex].occupied = FALSE; |
| 14693 | 396 |
| 14694 | 397 // and indicate that there is an additional open slot |
| 14695 | 398 s_freeSessionSlots++; |
| 14696 | 399 |
| 14697 | 400 return TPM_RC_SUCCESS; |
| 14698 | 401 } |
| 14699 | |
| 14700 | |
| 14701 | 8.8.6.4 SessionContextLoad() |
| 14702 | |
| 14703 | This function is used to load a session from saved context. The session handle must be for a saved |
| 14704 | context. |
| 14705 | If the gap is at a maximum, then the only session that can be loaded is the oldest session, otherwise |
| 14706 | TPM_RC_CONTEXT_GAP is returned. |
| 14707 | This function requires that handle references a valid saved session. |
| 14708 | |
| 14709 | |
| 14710 | |
| 14711 | Page 202 TCG Published Family "2.0" |
| 14712 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 14713 | Part 4: Supporting Routines Trusted Platform Module Library |
| 14714 | |
| 14715 | |
| 14716 | Error Returns Meaning |
| 14717 | |
| 14718 | TPM_RC_SESSION_MEMORY no free session slots |
| 14719 | TPM_RC_CONTEXT_GAP the gap count is maximum and this is not the oldest saved context |
| 14720 | |
| 14721 | 402 TPM_RC |
| 14722 | 403 SessionContextLoad( |
| 14723 | 404 SESSION *session, // IN: session structure from saved context |
| 14724 | 405 TPM_HANDLE *handle // IN/OUT: session handle |
| 14725 | 406 ) |
| 14726 | 407 { |
| 14727 | 408 UINT32 contextIndex; |
| 14728 | 409 CONTEXT_SLOT slotIndex; |
| 14729 | 410 |
| 14730 | 411 pAssert( HandleGetType(*handle) == TPM_HT_POLICY_SESSION |
| 14731 | 412 || HandleGetType(*handle) == TPM_HT_HMAC_SESSION); |
| 14732 | 413 |
| 14733 | 414 // Don't bother looking if no openings |
| 14734 | 415 if(s_freeSessionSlots == 0) |
| 14735 | 416 return TPM_RC_SESSION_MEMORY; |
| 14736 | 417 |
| 14737 | 418 // Find a free session slot to load the session |
| 14738 | 419 for(slotIndex = 0; slotIndex < MAX_LOADED_SESSIONS; slotIndex++) |
| 14739 | 420 if(s_sessions[slotIndex].occupied == FALSE) break; |
| 14740 | 421 |
| 14741 | 422 // if no spot found, then this is an internal error |
| 14742 | 423 pAssert (slotIndex < MAX_LOADED_SESSIONS); |
| 14743 | 424 |
| 14744 | 425 contextIndex = *handle & HR_HANDLE_MASK; // extract the index |
| 14745 | 426 |
| 14746 | 427 // If there is only one slot left, and the gap is at maximum, the only session |
| 14747 | 428 // context that we can safely load is the oldest one. |
| 14748 | 429 if( s_oldestSavedSession < MAX_ACTIVE_SESSIONS |
| 14749 | 430 && s_freeSessionSlots == 1 |
| 14750 | 431 && (CONTEXT_SLOT)gr.contextCounter == gr.contextArray[s_oldestSavedSession] |
| 14751 | 432 && contextIndex != s_oldestSavedSession |
| 14752 | 433 ) |
| 14753 | 434 return TPM_RC_CONTEXT_GAP; |
| 14754 | 435 |
| 14755 | 436 pAssert(contextIndex < MAX_ACTIVE_SESSIONS); |
| 14756 | 437 |
| 14757 | 438 // set the contextArray value to point to the session slot where |
| 14758 | 439 // the context is loaded |
| 14759 | 440 gr.contextArray[contextIndex] = slotIndex + 1; |
| 14760 | 441 |
| 14761 | 442 // if this was the oldest context, find the new oldest |
| 14762 | 443 if(contextIndex == s_oldestSavedSession) |
| 14763 | 444 ContextIdSetOldest(); |
| 14764 | 445 |
| 14765 | 446 // Copy session data to session slot |
| 14766 | 447 s_sessions[slotIndex].session = *session; |
| 14767 | 448 |
| 14768 | 449 // Set session slot as occupied |
| 14769 | 450 s_sessions[slotIndex].occupied = TRUE; |
| 14770 | 451 |
| 14771 | 452 // Reduce the number of open spots |
| 14772 | 453 s_freeSessionSlots--; |
| 14773 | 454 |
| 14774 | 455 return TPM_RC_SUCCESS; |
| 14775 | 456 } |
| 14776 | |
| 14777 | |
| 14778 | |
| 14779 | |
| 14780 | Family "2.0" TCG Published Page 203 |
| 14781 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 14782 | Trusted Platform Module Library Part 4: Supporting Routines |
| 14783 | |
| 14784 | 8.8.6.5 SessionFlush() |
| 14785 | |
| 14786 | This function is used to flush a session referenced by its handle. If the session associated with handle is |
| 14787 | loaded, the session array entry is marked as available. |
| 14788 | This function requires that handle be a valid active session. |
| 14789 | |
| 14790 | 457 void |
| 14791 | 458 SessionFlush( |
| 14792 | 459 TPM_HANDLE handle // IN: loaded or saved session handle |
| 14793 | 460 ) |
| 14794 | 461 { |
| 14795 | 462 CONTEXT_SLOT slotIndex; |
| 14796 | 463 UINT32 contextIndex; // Index into contextArray |
| 14797 | 464 |
| 14798 | 465 pAssert( ( HandleGetType(handle) == TPM_HT_POLICY_SESSION |
| 14799 | 466 || HandleGetType(handle) == TPM_HT_HMAC_SESSION |
| 14800 | 467 ) |
| 14801 | 468 && (SessionIsLoaded(handle) || SessionIsSaved(handle)) |
| 14802 | 469 ); |
| 14803 | 470 |
| 14804 | 471 // Flush context ID of this session |
| 14805 | 472 // Convert handle to an index into the contextArray |
| 14806 | 473 contextIndex = handle & HR_HANDLE_MASK; |
| 14807 | 474 |
| 14808 | 475 pAssert(contextIndex < sizeof(gr.contextArray)/sizeof(gr.contextArray[0])); |
| 14809 | 476 |
| 14810 | 477 // Get the current contents of the array |
| 14811 | 478 slotIndex = gr.contextArray[contextIndex]; |
| 14812 | 479 |
| 14813 | 480 // Mark context array entry as available |
| 14814 | 481 gr.contextArray[contextIndex] = 0; |
| 14815 | 482 |
| 14816 | 483 // Is this a saved session being flushed |
| 14817 | 484 if(slotIndex > MAX_LOADED_SESSIONS) |
| 14818 | 485 { |
| 14819 | 486 // Flushing the oldest session? |
| 14820 | 487 if(contextIndex == s_oldestSavedSession) |
| 14821 | 488 // If so, find a new value for oldest. |
| 14822 | 489 ContextIdSetOldest(); |
| 14823 | 490 } |
| 14824 | 491 else |
| 14825 | 492 { |
| 14826 | 493 // Adjust slot index to point to session array index |
| 14827 | 494 slotIndex -= 1; |
| 14828 | 495 |
| 14829 | 496 // Free session array index |
| 14830 | 497 s_sessions[slotIndex].occupied = FALSE; |
| 14831 | 498 s_freeSessionSlots++; |
| 14832 | 499 } |
| 14833 | 500 |
| 14834 | 501 return; |
| 14835 | 502 } |
| 14836 | |
| 14837 | |
| 14838 | 8.8.6.6 SessionComputeBoundEntity() |
| 14839 | |
| 14840 | This function computes the binding value for a session. The binding value for a reserved handle is the |
| 14841 | handle itself. For all the other entities, the authValue at the time of binding is included to prevent |
| 14842 | squatting. For those values, the Name and the authValue are concatenated into the bind buffer. If they |
| 14843 | will not both fit, the will be overlapped by XORing() bytes. If XOR is required, the bind value will be full. |
| 14844 | |
| 14845 | 503 void |
| 14846 | 504 SessionComputeBoundEntity( |
| 14847 | |
| 14848 | Page 204 TCG Published Family "2.0" |
| 14849 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 14850 | Part 4: Supporting Routines Trusted Platform Module Library |
| 14851 | |
| 14852 | 505 TPMI_DH_ENTITY entityHandle, // IN: handle of entity |
| 14853 | 506 TPM2B_NAME *bind // OUT: binding value |
| 14854 | 507 ) |
| 14855 | 508 { |
| 14856 | 509 TPM2B_AUTH auth; |
| 14857 | 510 INT16 overlap; |
| 14858 | 511 |
| 14859 | 512 // Get name |
| 14860 | 513 bind->t.size = EntityGetName(entityHandle, &bind->t.name); |
| 14861 | 514 |
| 14862 | 515 // // The bound value of a reserved handle is the handle itself |
| 14863 | 516 // if(bind->t.size == sizeof(TPM_HANDLE)) return; |
| 14864 | 517 |
| 14865 | 518 // For all the other entities, concatenate the auth value to the name. |
| 14866 | 519 // Get a local copy of the auth value because some overlapping |
| 14867 | 520 // may be necessary. |
| 14868 | 521 auth.t.size = EntityGetAuthValue(entityHandle, &auth.t.buffer); |
| 14869 | 522 pAssert(auth.t.size <= sizeof(TPMU_HA)); |
| 14870 | 523 |
| 14871 | 524 // Figure out if there will be any overlap |
| 14872 | 525 overlap = bind->t.size + auth.t.size - sizeof(bind->t.name); |
| 14873 | 526 |
| 14874 | 527 // There is overlap if the combined sizes are greater than will fit |
| 14875 | 528 if(overlap > 0) |
| 14876 | 529 { |
| 14877 | 530 // The overlap area is at the end of the Name |
| 14878 | 531 BYTE *result = &bind->t.name[bind->t.size - overlap]; |
| 14879 | 532 int i; |
| 14880 | 533 |
| 14881 | 534 // XOR the auth value into the Name for the overlap area |
| 14882 | 535 for(i = 0; i < overlap; i++) |
| 14883 | 536 result[i] ^= auth.t.buffer[i]; |
| 14884 | 537 } |
| 14885 | 538 else |
| 14886 | 539 { |
| 14887 | 540 // There is no overlap |
| 14888 | 541 overlap = 0; |
| 14889 | 542 } |
| 14890 | 543 //copy the remainder of the authData to the end of the name |
| 14891 | 544 MemoryCopy(&bind->t.name[bind->t.size], &auth.t.buffer[overlap], |
| 14892 | 545 auth.t.size - overlap, sizeof(bind->t.name) - bind->t.size); |
| 14893 | 546 |
| 14894 | 547 // Increase the size of the bind data by the size of the auth - the overlap |
| 14895 | 548 bind->t.size += auth.t.size-overlap; |
| 14896 | 549 |
| 14897 | 550 return; |
| 14898 | 551 } |
| 14899 | |
| 14900 | |
| 14901 | 8.8.6.7 SessionInitPolicyData() |
| 14902 | |
| 14903 | This function initializes the portions of the session policy data that are not set by the allocation of a |
| 14904 | session. |
| 14905 | |
| 14906 | 552 void |
| 14907 | 553 SessionInitPolicyData( |
| 14908 | 554 SESSION *session // IN: session handle |
| 14909 | 555 ) |
| 14910 | 556 { |
| 14911 | 557 // Initialize start time |
| 14912 | 558 session->startTime = go.clock; |
| 14913 | 559 |
| 14914 | 560 // Initialize policyDigest. policyDigest is initialized with a string of 0 of |
| 14915 | 561 // session algorithm digest size. Since the policy already contains all zeros |
| 14916 | 562 // it is only necessary to set the size |
| 14917 | |
| 14918 | Family "2.0" TCG Published Page 205 |
| 14919 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 14920 | Trusted Platform Module Library Part 4: Supporting Routines |
| 14921 | |
| 14922 | 563 session->u2.policyDigest.t.size = CryptGetHashDigestSize(session->authHashAlg); |
| 14923 | 564 return; |
| 14924 | 565 } |
| 14925 | |
| 14926 | |
| 14927 | 8.8.6.8 SessionResetPolicyData() |
| 14928 | |
| 14929 | This function is used to reset the policy data without changing the nonce or the start time of the session. |
| 14930 | |
| 14931 | 566 void |
| 14932 | 567 SessionResetPolicyData( |
| 14933 | 568 SESSION *session // IN: the session to reset |
| 14934 | 569 ) |
| 14935 | 570 { |
| 14936 | 571 session->commandCode = 0; // No command |
| 14937 | 572 |
| 14938 | 573 // No locality selected |
| 14939 | 574 MemorySet(&session->commandLocality, 0, sizeof(session->commandLocality)); |
| 14940 | 575 |
| 14941 | 576 // The cpHash size to zero |
| 14942 | 577 session->u1.cpHash.b.size = 0; |
| 14943 | 578 |
| 14944 | 579 // No timeout |
| 14945 | 580 session->timeOut = 0; |
| 14946 | 581 |
| 14947 | 582 // Reset the pcrCounter |
| 14948 | 583 session->pcrCounter = 0; |
| 14949 | 584 |
| 14950 | 585 // Reset the policy hash |
| 14951 | 586 MemorySet(&session->u2.policyDigest.t.buffer, 0, |
| 14952 | 587 session->u2.policyDigest.t.size); |
| 14953 | 588 |
| 14954 | 589 // Reset the session attributes |
| 14955 | 590 MemorySet(&session->attributes, 0, sizeof(SESSION_ATTRIBUTES)); |
| 14956 | 591 |
| 14957 | 592 // set the policy attribute |
| 14958 | 593 session->attributes.isPolicy = SET; |
| 14959 | 594 } |
| 14960 | |
| 14961 | |
| 14962 | 8.8.6.9 SessionCapGetLoaded() |
| 14963 | |
| 14964 | This function returns a list of handles of loaded session, started from input handle |
| 14965 | Handle must be in valid loaded session handle range, but does not have to point to a loaded session. |
| 14966 | |
| 14967 | Return Value Meaning |
| 14968 | |
| 14969 | YES if there are more handles available |
| 14970 | NO all the available handles has been returned |
| 14971 | |
| 14972 | 595 TPMI_YES_NO |
| 14973 | 596 SessionCapGetLoaded( |
| 14974 | 597 TPMI_SH_POLICY handle, // IN: start handle |
| 14975 | 598 UINT32 count, // IN: count of returned handle |
| 14976 | 599 TPML_HANDLE *handleList // OUT: list of handle |
| 14977 | 600 ) |
| 14978 | 601 { |
| 14979 | 602 TPMI_YES_NO more = NO; |
| 14980 | 603 UINT32 i; |
| 14981 | 604 |
| 14982 | 605 pAssert(HandleGetType(handle) == TPM_HT_LOADED_SESSION); |
| 14983 | 606 |
| 14984 | 607 // Initialize output handle list |
| 14985 | |
| 14986 | Page 206 TCG Published Family "2.0" |
| 14987 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 14988 | Part 4: Supporting Routines Trusted Platform Module Library |
| 14989 | |
| 14990 | 608 handleList->count = 0; |
| 14991 | 609 |
| 14992 | 610 // The maximum count of handles we may return is MAX_CAP_HANDLES |
| 14993 | 611 if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; |
| 14994 | 612 |
| 14995 | 613 // Iterate session context ID slots to get loaded session handles |
| 14996 | 614 for(i = handle & HR_HANDLE_MASK; i < MAX_ACTIVE_SESSIONS; i++) |
| 14997 | 615 { |
| 14998 | 616 // If session is active |
| 14999 | 617 if(gr.contextArray[i] != 0) |
| 15000 | 618 { |
| 15001 | 619 // If session is loaded |
| 15002 | 620 if (gr.contextArray[i] <= MAX_LOADED_SESSIONS) |
| 15003 | 621 { |
| 15004 | 622 if(handleList->count < count) |
| 15005 | 623 { |
| 15006 | 624 SESSION *session; |
| 15007 | 625 |
| 15008 | 626 // If we have not filled up the return list, add this |
| 15009 | 627 // session handle to it |
| 15010 | 628 // assume that this is going to be an HMAC session |
| 15011 | 629 handle = i + HMAC_SESSION_FIRST; |
| 15012 | 630 session = SessionGet(handle); |
| 15013 | 631 if(session->attributes.isPolicy) |
| 15014 | 632 handle = i + POLICY_SESSION_FIRST; |
| 15015 | 633 handleList->handle[handleList->count] = handle; |
| 15016 | 634 handleList->count++; |
| 15017 | 635 } |
| 15018 | 636 else |
| 15019 | 637 { |
| 15020 | 638 // If the return list is full but we still have loaded object |
| 15021 | 639 // available, report this and stop iterating |
| 15022 | 640 more = YES; |
| 15023 | 641 break; |
| 15024 | 642 } |
| 15025 | 643 } |
| 15026 | 644 } |
| 15027 | 645 } |
| 15028 | 646 |
| 15029 | 647 return more; |
| 15030 | 648 |
| 15031 | 649 } |
| 15032 | |
| 15033 | |
| 15034 | 8.8.6.10 SessionCapGetSaved() |
| 15035 | |
| 15036 | This function returns a list of handles for saved session, starting at handle. |
| 15037 | Handle must be in a valid handle range, but does not have to point to a saved session |
| 15038 | |
| 15039 | Return Value Meaning |
| 15040 | |
| 15041 | YES if there are more handles available |
| 15042 | NO all the available handles has been returned |
| 15043 | |
| 15044 | 650 TPMI_YES_NO |
| 15045 | 651 SessionCapGetSaved( |
| 15046 | 652 TPMI_SH_HMAC handle, // IN: start handle |
| 15047 | 653 UINT32 count, // IN: count of returned handle |
| 15048 | 654 TPML_HANDLE *handleList // OUT: list of handle |
| 15049 | 655 ) |
| 15050 | 656 { |
| 15051 | 657 TPMI_YES_NO more = NO; |
| 15052 | 658 UINT32 i; |
| 15053 | 659 |
| 15054 | |
| 15055 | Family "2.0" TCG Published Page 207 |
| 15056 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 15057 | Trusted Platform Module Library Part 4: Supporting Routines |
| 15058 | |
| 15059 | 660 pAssert(HandleGetType(handle) == TPM_HT_ACTIVE_SESSION); |
| 15060 | 661 |
| 15061 | 662 // Initialize output handle list |
| 15062 | 663 handleList->count = 0; |
| 15063 | 664 |
| 15064 | 665 // The maximum count of handles we may return is MAX_CAP_HANDLES |
| 15065 | 666 if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; |
| 15066 | 667 |
| 15067 | 668 // Iterate session context ID slots to get loaded session handles |
| 15068 | 669 for(i = handle & HR_HANDLE_MASK; i < MAX_ACTIVE_SESSIONS; i++) |
| 15069 | 670 { |
| 15070 | 671 // If session is active |
| 15071 | 672 if(gr.contextArray[i] != 0) |
| 15072 | 673 { |
| 15073 | 674 // If session is saved |
| 15074 | 675 if (gr.contextArray[i] > MAX_LOADED_SESSIONS) |
| 15075 | 676 { |
| 15076 | 677 if(handleList->count < count) |
| 15077 | 678 { |
| 15078 | 679 // If we have not filled up the return list, add this |
| 15079 | 680 // session handle to it |
| 15080 | 681 handleList->handle[handleList->count] = i + HMAC_SESSION_FIRST; |
| 15081 | 682 handleList->count++; |
| 15082 | 683 } |
| 15083 | 684 else |
| 15084 | 685 { |
| 15085 | 686 // If the return list is full but we still have loaded object |
| 15086 | 687 // available, report this and stop iterating |
| 15087 | 688 more = YES; |
| 15088 | 689 break; |
| 15089 | 690 } |
| 15090 | 691 } |
| 15091 | 692 } |
| 15092 | 693 } |
| 15093 | 694 |
| 15094 | 695 return more; |
| 15095 | 696 |
| 15096 | 697 } |
| 15097 | |
| 15098 | |
| 15099 | 8.8.6.11 SessionCapGetLoadedNumber() |
| 15100 | |
| 15101 | This function return the number of authorization sessions currently loaded into TPM RAM. |
| 15102 | |
| 15103 | 698 UINT32 |
| 15104 | 699 SessionCapGetLoadedNumber( |
| 15105 | 700 void |
| 15106 | 701 ) |
| 15107 | 702 { |
| 15108 | 703 return MAX_LOADED_SESSIONS - s_freeSessionSlots; |
| 15109 | 704 } |
| 15110 | |
| 15111 | |
| 15112 | 8.8.6.12 SessionCapGetLoadedAvail() |
| 15113 | |
| 15114 | This function returns the number of additional authorization sessions, of any type, that could be loaded |
| 15115 | into TPM RAM. |
| 15116 | |
| 15117 | NOTE: In other implementations, this number may just be an estimate. The only requirement for the estimate is, if it is |
| 15118 | one or more, then at least one session must be loadable. |
| 15119 | |
| 15120 | 705 UINT32 |
| 15121 | 706 SessionCapGetLoadedAvail( |
| 15122 | 707 void |
| 15123 | 708 ) |
| 15124 | |
| 15125 | Page 208 TCG Published Family "2.0" |
| 15126 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 15127 | Part 4: Supporting Routines Trusted Platform Module Library |
| 15128 | |
| 15129 | 709 { |
| 15130 | 710 return s_freeSessionSlots; |
| 15131 | 711 } |
| 15132 | |
| 15133 | |
| 15134 | 8.8.6.13 SessionCapGetActiveNumber() |
| 15135 | |
| 15136 | This function returns the number of active authorization sessions currently being tracked by the TPM. |
| 15137 | |
| 15138 | 712 UINT32 |
| 15139 | 713 SessionCapGetActiveNumber( |
| 15140 | 714 void |
| 15141 | 715 ) |
| 15142 | 716 { |
| 15143 | 717 UINT32 i; |
| 15144 | 718 UINT32 num = 0; |
| 15145 | 719 |
| 15146 | 720 // Iterate the context array to find the number of non-zero slots |
| 15147 | 721 for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) |
| 15148 | 722 { |
| 15149 | 723 if(gr.contextArray[i] != 0) num++; |
| 15150 | 724 } |
| 15151 | 725 |
| 15152 | 726 return num; |
| 15153 | 727 } |
| 15154 | |
| 15155 | |
| 15156 | 8.8.6.14 SessionCapGetActiveAvail() |
| 15157 | |
| 15158 | This function returns the number of additional authorization sessions, of any type, that could be created. |
| 15159 | This not the number of slots for sessions, but the number of additional sessions that the TPM is capable |
| 15160 | of tracking. |
| 15161 | |
| 15162 | 728 UINT32 |
| 15163 | 729 SessionCapGetActiveAvail( |
| 15164 | 730 void |
| 15165 | 731 ) |
| 15166 | 732 { |
| 15167 | 733 UINT32 i; |
| 15168 | 734 UINT32 num = 0; |
| 15169 | 735 |
| 15170 | 736 // Iterate the context array to find the number of zero slots |
| 15171 | 737 for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) |
| 15172 | 738 { |
| 15173 | 739 if(gr.contextArray[i] == 0) num++; |
| 15174 | 740 } |
| 15175 | 741 |
| 15176 | 742 return num; |
| 15177 | 743 } |
| 15178 | |
| 15179 | |
| 15180 | 8.9 Time.c |
| 15181 | |
| 15182 | 8.9.1 Introduction |
| 15183 | |
| 15184 | This file contains the functions relating to the TPM's time functions including the interface to the |
| 15185 | implementation-specific time functions. |
| 15186 | |
| 15187 | 8.9.2 Includes |
| 15188 | |
| 15189 | 1 #include "InternalRoutines.h" |
| 15190 | 2 #include "Platform.h" |
| 15191 | |
| 15192 | Family "2.0" TCG Published Page 209 |
| 15193 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 15194 | Trusted Platform Module Library Part 4: Supporting Routines |
| 15195 | |
| 15196 | 8.9.3 Functions |
| 15197 | |
| 15198 | 8.9.3.1 TimePowerOn() |
| 15199 | |
| 15200 | This function initialize time info at _TPM_Init(). |
| 15201 | |
| 15202 | 3 void |
| 15203 | 4 TimePowerOn( |
| 15204 | 5 void |
| 15205 | 6 ) |
| 15206 | 7 { |
| 15207 | 8 TPM_SU orderlyShutDown; |
| 15208 | 9 |
| 15209 | 10 // Read orderly data info from NV memory |
| 15210 | 11 NvReadReserved(NV_ORDERLY_DATA, &go); |
| 15211 | 12 |
| 15212 | 13 // Read orderly shut down state flag |
| 15213 | 14 NvReadReserved(NV_ORDERLY, &orderlyShutDown); |
| 15214 | 15 |
| 15215 | 16 // If the previous cycle is orderly shut down, the value of the safe bit |
| 15216 | 17 // the same as previously saved. Otherwise, it is not safe. |
| 15217 | 18 if(orderlyShutDown == SHUTDOWN_NONE) |
| 15218 | 19 go.clockSafe= NO; |
| 15219 | 20 else |
| 15220 | 21 go.clockSafe = YES; |
| 15221 | 22 |
| 15222 | 23 // Set the initial state of the DRBG |
| 15223 | 24 CryptDrbgGetPutState(PUT_STATE); |
| 15224 | 25 |
| 15225 | 26 // Clear time since TPM power on |
| 15226 | 27 g_time = 0; |
| 15227 | 28 |
| 15228 | 29 return; |
| 15229 | 30 } |
| 15230 | |
| 15231 | |
| 15232 | 8.9.3.2 TimeStartup() |
| 15233 | |
| 15234 | This function updates the resetCount and restartCount components of TPMS_CLOCK_INFO structure at |
| 15235 | TPM2_Startup(). |
| 15236 | |
| 15237 | 31 void |
| 15238 | 32 TimeStartup( |
| 15239 | 33 STARTUP_TYPE type // IN: start up type |
| 15240 | 34 ) |
| 15241 | 35 { |
| 15242 | 36 if(type == SU_RESUME) |
| 15243 | 37 { |
| 15244 | 38 // Resume sequence |
| 15245 | 39 gr.restartCount++; |
| 15246 | 40 } |
| 15247 | 41 else |
| 15248 | 42 { |
| 15249 | 43 if(type == SU_RESTART) |
| 15250 | 44 { |
| 15251 | 45 // Hibernate sequence |
| 15252 | 46 gr.clearCount++; |
| 15253 | 47 gr.restartCount++; |
| 15254 | 48 } |
| 15255 | 49 else |
| 15256 | 50 { |
| 15257 | 51 // Reset sequence |
| 15258 | 52 // Increase resetCount |
| 15259 | 53 gp.resetCount++; |
| 15260 | |
| 15261 | Page 210 TCG Published Family "2.0" |
| 15262 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 15263 | Part 4: Supporting Routines Trusted Platform Module Library |
| 15264 | |
| 15265 | 54 |
| 15266 | 55 // Write resetCount to NV |
| 15267 | 56 NvWriteReserved(NV_RESET_COUNT, &gp.resetCount); |
| 15268 | 57 gp.totalResetCount++; |
| 15269 | 58 |
| 15270 | 59 // We do not expect the total reset counter overflow during the life |
| 15271 | 60 // time of TPM. if it ever happens, TPM will be put to failure mode |
| 15272 | 61 // and there is no way to recover it. |
| 15273 | 62 // The reason that there is no recovery is that we don't increment |
| 15274 | 63 // the NV totalResetCount when incrementing would make it 0. When the |
| 15275 | 64 // TPM starts up again, the old value of totalResetCount will be read |
| 15276 | 65 // and we will get right back to here with the increment failing. |
| 15277 | 66 if(gp.totalResetCount == 0) |
| 15278 | 67 FAIL(FATAL_ERROR_INTERNAL); |
| 15279 | 68 |
| 15280 | 69 // Write total reset counter to NV |
| 15281 | 70 NvWriteReserved(NV_TOTAL_RESET_COUNT, &gp.totalResetCount); |
| 15282 | 71 |
| 15283 | 72 // Reset restartCount |
| 15284 | 73 gr.restartCount = 0; |
| 15285 | 74 } |
| 15286 | 75 } |
| 15287 | 76 |
| 15288 | 77 return; |
| 15289 | 78 } |
| 15290 | |
| 15291 | |
| 15292 | 8.9.3.3 TimeUpdateToCurrent() |
| 15293 | |
| 15294 | This function updates the Time and Clock in the global TPMS_TIME_INFO structure. |
| 15295 | In this implementation, Time and Clock are updated at the beginning of each command and the values |
| 15296 | are unchanged for the duration of the command. |
| 15297 | Because Clock updates may require a write to NV memory, Time and Clock are not allowed to advance if |
| 15298 | NV is not available. When clock is not advancing, any function that uses Clock will fail and return |
| 15299 | TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE. |
| 15300 | This implementations does not do rate limiting. If the implementation does do rate limiting, then the Clock |
| 15301 | update should not be inhibited even when doing rather limiting. |
| 15302 | |
| 15303 | 79 void |
| 15304 | 80 TimeUpdateToCurrent( |
| 15305 | 81 void |
| 15306 | 82 ) |
| 15307 | 83 { |
| 15308 | 84 UINT64 oldClock; |
| 15309 | 85 UINT64 elapsed; |
| 15310 | 86 #define CLOCK_UPDATE_MASK ((1ULL << NV_CLOCK_UPDATE_INTERVAL)- 1) |
| 15311 | 87 |
| 15312 | 88 // Can't update time during the dark interval or when rate limiting. |
| 15313 | 89 if(NvIsAvailable() != TPM_RC_SUCCESS) |
| 15314 | 90 return; |
| 15315 | 91 |
| 15316 | 92 // Save the old clock value |
| 15317 | 93 oldClock = go.clock; |
| 15318 | 94 |
| 15319 | 95 // Update the time info to current |
| 15320 | 96 elapsed = _plat__ClockTimeElapsed(); |
| 15321 | 97 go.clock += elapsed; |
| 15322 | 98 g_time += elapsed; |
| 15323 | 99 |
| 15324 | 100 // Check to see if the update has caused a need for an nvClock update |
| 15325 | 101 // CLOCK_UPDATE_MASK is measured by second, while the value in go.clock is |
| 15326 | 102 // recorded by millisecond. Align the clock value to second before the bit |
| 15327 | |
| 15328 | |
| 15329 | Family "2.0" TCG Published Page 211 |
| 15330 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 15331 | Trusted Platform Module Library Part 4: Supporting Routines |
| 15332 | |
| 15333 | 103 // operations |
| 15334 | 104 if( ((go.clock/1000) | CLOCK_UPDATE_MASK) |
| 15335 | 105 > ((oldClock/1000) | CLOCK_UPDATE_MASK)) |
| 15336 | 106 { |
| 15337 | 107 // Going to update the time state so the safe flag |
| 15338 | 108 // should be set |
| 15339 | 109 go.clockSafe = YES; |
| 15340 | 110 |
| 15341 | 111 // Get the DRBG state before updating orderly data |
| 15342 | 112 CryptDrbgGetPutState(GET_STATE); |
| 15343 | 113 |
| 15344 | 114 NvWriteReserved(NV_ORDERLY_DATA, &go); |
| 15345 | 115 } |
| 15346 | 116 |
| 15347 | 117 // Call self healing logic for dictionary attack parameters |
| 15348 | 118 DASelfHeal(); |
| 15349 | 119 |
| 15350 | 120 return; |
| 15351 | 121 } |
| 15352 | |
| 15353 | |
| 15354 | 8.9.3.4 TimeSetAdjustRate() |
| 15355 | |
| 15356 | This function is used to perform rate adjustment on Time and Clock. |
| 15357 | |
| 15358 | 122 void |
| 15359 | 123 TimeSetAdjustRate( |
| 15360 | 124 TPM_CLOCK_ADJUST adjust // IN: adjust constant |
| 15361 | 125 ) |
| 15362 | 126 { |
| 15363 | 127 switch(adjust) |
| 15364 | 128 { |
| 15365 | 129 case TPM_CLOCK_COARSE_SLOWER: |
| 15366 | 130 _plat__ClockAdjustRate(CLOCK_ADJUST_COARSE); |
| 15367 | 131 break; |
| 15368 | 132 case TPM_CLOCK_COARSE_FASTER: |
| 15369 | 133 _plat__ClockAdjustRate(-CLOCK_ADJUST_COARSE); |
| 15370 | 134 break; |
| 15371 | 135 case TPM_CLOCK_MEDIUM_SLOWER: |
| 15372 | 136 _plat__ClockAdjustRate(CLOCK_ADJUST_MEDIUM); |
| 15373 | 137 break; |
| 15374 | 138 case TPM_CLOCK_MEDIUM_FASTER: |
| 15375 | 139 _plat__ClockAdjustRate(-CLOCK_ADJUST_MEDIUM); |
| 15376 | 140 break; |
| 15377 | 141 case TPM_CLOCK_FINE_SLOWER: |
| 15378 | 142 _plat__ClockAdjustRate(CLOCK_ADJUST_FINE); |
| 15379 | 143 break; |
| 15380 | 144 case TPM_CLOCK_FINE_FASTER: |
| 15381 | 145 _plat__ClockAdjustRate(-CLOCK_ADJUST_FINE); |
| 15382 | 146 break; |
| 15383 | 147 case TPM_CLOCK_NO_CHANGE: |
| 15384 | 148 break; |
| 15385 | 149 default: |
| 15386 | 150 pAssert(FALSE); |
| 15387 | 151 break; |
| 15388 | 152 } |
| 15389 | 153 |
| 15390 | 154 return; |
| 15391 | 155 } |
| 15392 | |
| 15393 | |
| 15394 | 8.9.3.5 TimeGetRange() |
| 15395 | |
| 15396 | This function is used to access TPMS_TIME_INFO. The TPMS_TIME_INFO structure is treaded as an |
| 15397 | array of bytes, and a byte offset and length determine what bytes are returned. |
| 15398 | |
| 15399 | Page 212 TCG Published Family "2.0" |
| 15400 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 15401 | Part 4: Supporting Routines Trusted Platform Module Library |
| 15402 | |
| 15403 | |
| 15404 | Error Returns Meaning |
| 15405 | |
| 15406 | TPM_RC_RANGE invalid data range |
| 15407 | |
| 15408 | 156 TPM_RC |
| 15409 | 157 TimeGetRange( |
| 15410 | 158 UINT16 offset, // IN: offset in TPMS_TIME_INFO |
| 15411 | 159 UINT16 size, // IN: size of data |
| 15412 | 160 TIME_INFO *dataBuffer // OUT: result buffer |
| 15413 | 161 ) |
| 15414 | 162 { |
| 15415 | 163 TPMS_TIME_INFO timeInfo; |
| 15416 | 164 UINT16 infoSize; |
| 15417 | 165 BYTE infoData[sizeof(TPMS_TIME_INFO)]; |
| 15418 | 166 BYTE *buffer; |
| 15419 | 167 |
| 15420 | 168 // Fill TPMS_TIME_INFO structure |
| 15421 | 169 timeInfo.time = g_time; |
| 15422 | 170 TimeFillInfo(&timeInfo.clockInfo); |
| 15423 | 171 |
| 15424 | 172 // Marshal TPMS_TIME_INFO to canonical form |
| 15425 | 173 buffer = infoData; |
| 15426 | 174 infoSize = TPMS_TIME_INFO_Marshal(&timeInfo, &buffer, NULL); |
| 15427 | 175 |
| 15428 | 176 // Check if the input range is valid |
| 15429 | 177 if(offset + size > infoSize) return TPM_RC_RANGE; |
| 15430 | 178 |
| 15431 | 179 // Copy info data to output buffer |
| 15432 | 180 MemoryCopy(dataBuffer, infoData + offset, size, sizeof(TIME_INFO)); |
| 15433 | 181 |
| 15434 | 182 return TPM_RC_SUCCESS; |
| 15435 | 183 } |
| 15436 | |
| 15437 | |
| 15438 | 8.9.3.6 TimeFillInfo |
| 15439 | |
| 15440 | This function gathers information to fill in a TPMS_CLOCK_INFO structure. |
| 15441 | |
| 15442 | 184 void |
| 15443 | 185 TimeFillInfo( |
| 15444 | 186 TPMS_CLOCK_INFO *clockInfo |
| 15445 | 187 ) |
| 15446 | 188 { |
| 15447 | 189 clockInfo->clock = go.clock; |
| 15448 | 190 clockInfo->resetCount = gp.resetCount; |
| 15449 | 191 clockInfo->restartCount = gr.restartCount; |
| 15450 | 192 |
| 15451 | 193 // If NV is not available, clock stopped advancing and the value reported is |
| 15452 | 194 // not "safe". |
| 15453 | 195 if(NvIsAvailable() == TPM_RC_SUCCESS) |
| 15454 | 196 clockInfo->safe = go.clockSafe; |
| 15455 | 197 else |
| 15456 | 198 clockInfo->safe = NO; |
| 15457 | 199 |
| 15458 | 200 return; |
| 15459 | 201 } |
| 15460 | |
| 15461 | |
| 15462 | |
| 15463 | |
| 15464 | Family "2.0" TCG Published Page 213 |
| 15465 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 15466 | Trusted Platform Module Library Part 4: Supporting Routines |
| 15467 | |
| 15468 | |
| 15469 | 9 Support |
| 15470 | |
| 15471 | 9.1 AlgorithmCap.c |
| 15472 | |
| 15473 | 9.1.1 Description |
| 15474 | |
| 15475 | This file contains the algorithm property definitions for the algorithms and the code for the |
| 15476 | TPM2_GetCapability() to return the algorithm properties. |
| 15477 | |
| 15478 | 9.1.2 Includes and Defines |
| 15479 | |
| 15480 | 1 #include "InternalRoutines.h" |
| 15481 | 2 typedef struct |
| 15482 | 3 { |
| 15483 | 4 TPM_ALG_ID algID; |
| 15484 | 5 TPMA_ALGORITHM attributes; |
| 15485 | 6 } ALGORITHM; |
| 15486 | 7 static const ALGORITHM s_algorithms[] = |
| 15487 | 8 { |
| 15488 | 9 #ifdef TPM_ALG_RSA |
| 15489 | 10 {TPM_ALG_RSA, {1, 0, 0, 1, 0, 0, 0, 0, 0}}, |
| 15490 | 11 #endif |
| 15491 | 12 #ifdef TPM_ALG_DES |
| 15492 | 13 {TPM_ALG_DES, {0, 1, 0, 0, 0, 0, 0, 0, 0}}, |
| 15493 | 14 #endif |
| 15494 | 15 #ifdef TPM_ALG_3DES |
| 15495 | 16 {TPM_ALG__3DES, {0, 1, 0, 0, 0, 0, 0, 0, 0}}, |
| 15496 | 17 #endif |
| 15497 | 18 #ifdef TPM_ALG_SHA1 |
| 15498 | 19 {TPM_ALG_SHA1, {0, 0, 1, 0, 0, 0, 0, 0, 0}}, |
| 15499 | 20 #endif |
| 15500 | 21 #ifdef TPM_ALG_HMAC |
| 15501 | 22 {TPM_ALG_HMAC, {0, 0, 1, 0, 0, 1, 0, 0, 0}}, |
| 15502 | 23 #endif |
| 15503 | 24 #ifdef TPM_ALG_AES |
| 15504 | 25 {TPM_ALG_AES, {0, 1, 0, 0, 0, 0, 0, 0, 0}}, |
| 15505 | 26 #endif |
| 15506 | 27 #ifdef TPM_ALG_MGF1 |
| 15507 | 28 {TPM_ALG_MGF1, {0, 0, 1, 0, 0, 0, 0, 1, 0}}, |
| 15508 | 29 #endif |
| 15509 | 30 |
| 15510 | 31 {TPM_ALG_KEYEDHASH, {0, 0, 1, 1, 0, 1, 1, 0, 0}}, |
| 15511 | 32 |
| 15512 | 33 #ifdef TPM_ALG_XOR |
| 15513 | 34 {TPM_ALG_XOR, {0, 1, 1, 0, 0, 0, 0, 0, 0}}, |
| 15514 | 35 #endif |
| 15515 | 36 |
| 15516 | 37 #ifdef TPM_ALG_SHA256 |
| 15517 | 38 {TPM_ALG_SHA256, {0, 0, 1, 0, 0, 0, 0, 0, 0}}, |
| 15518 | 39 #endif |
| 15519 | 40 #ifdef TPM_ALG_SHA384 |
| 15520 | 41 {TPM_ALG_SHA384, {0, 0, 1, 0, 0, 0, 0, 0, 0}}, |
| 15521 | 42 #endif |
| 15522 | 43 #ifdef TPM_ALG_SHA512 |
| 15523 | 44 {TPM_ALG_SHA512, {0, 0, 1, 0, 0, 0, 0, 0, 0}}, |
| 15524 | 45 #endif |
| 15525 | 46 #ifdef TPM_ALG_WHIRLPOOL512 |
| 15526 | 47 {TPM_ALG_WHIRLPOOL512, {0, 0, 1, 0, 0, 0, 0, 0, 0}}, |
| 15527 | 48 #endif |
| 15528 | 49 #ifdef TPM_ALG_SM3_256 |
| 15529 | 50 {TPM_ALG_SM3_256, {0, 0, 1, 0, 0, 0, 0, 0, 0}}, |
| 15530 | 51 #endif |
| 15531 | |
| 15532 | Page 214 TCG Published Family "2.0" |
| 15533 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 15534 | Part 4: Supporting Routines Trusted Platform Module Library |
| 15535 | |
| 15536 | 52 #ifdef TPM_ALG_SM4 |
| 15537 | 53 {TPM_ALG_SM4, {0, 1, 0, 0, 0, 0, 0, 0, 0}}, |
| 15538 | 54 #endif |
| 15539 | 55 #ifdef TPM_ALG_RSASSA |
| 15540 | 56 {TPM_ALG_RSASSA, {1, 0, 0, 0, 0, 1, 0, 0, 0}}, |
| 15541 | 57 #endif |
| 15542 | 58 #ifdef TPM_ALG_RSAES |
| 15543 | 59 {TPM_ALG_RSAES, {1, 0, 0, 0, 0, 0, 1, 0, 0}}, |
| 15544 | 60 #endif |
| 15545 | 61 #ifdef TPM_ALG_RSAPSS |
| 15546 | 62 {TPM_ALG_RSAPSS, {1, 0, 0, 0, 0, 1, 0, 0, 0}}, |
| 15547 | 63 #endif |
| 15548 | 64 #ifdef TPM_ALG_OAEP |
| 15549 | 65 {TPM_ALG_OAEP, {1, 0, 0, 0, 0, 0, 1, 0, 0}}, |
| 15550 | 66 #endif |
| 15551 | 67 #ifdef TPM_ALG_ECDSA |
| 15552 | 68 {TPM_ALG_ECDSA, {1, 0, 0, 0, 0, 1, 0, 1, 0}}, |
| 15553 | 69 #endif |
| 15554 | 70 #ifdef TPM_ALG_ECDH |
| 15555 | 71 {TPM_ALG_ECDH, {1, 0, 0, 0, 0, 0, 0, 1, 0}}, |
| 15556 | 72 #endif |
| 15557 | 73 #ifdef TPM_ALG_ECDAA |
| 15558 | 74 {TPM_ALG_ECDAA, {1, 0, 0, 0, 0, 1, 0, 0, 0}}, |
| 15559 | 75 #endif |
| 15560 | 76 #ifdef TPM_ALG_ECSCHNORR |
| 15561 | 77 {TPM_ALG_ECSCHNORR, {1, 0, 0, 0, 0, 1, 0, 0, 0}}, |
| 15562 | 78 #endif |
| 15563 | 79 #ifdef TPM_ALG_KDF1_SP800_56a |
| 15564 | 80 {TPM_ALG_KDF1_SP800_56a,{0, 0, 1, 0, 0, 0, 0, 1, 0}}, |
| 15565 | 81 #endif |
| 15566 | 82 #ifdef TPM_ALG_KDF2 |
| 15567 | 83 {TPM_ALG_KDF2, {0, 0, 1, 0, 0, 0, 0, 1, 0}}, |
| 15568 | 84 #endif |
| 15569 | 85 #ifdef TPM_ALG_KDF1_SP800_108 |
| 15570 | 86 {TPM_ALG_KDF1_SP800_108,{0, 0, 1, 0, 0, 0, 0, 1, 0}}, |
| 15571 | 87 #endif |
| 15572 | 88 #ifdef TPM_ALG_ECC |
| 15573 | 89 {TPM_ALG_ECC, {1, 0, 0, 1, 0, 0, 0, 0, 0}}, |
| 15574 | 90 #endif |
| 15575 | 91 |
| 15576 | 92 {TPM_ALG_SYMCIPHER, {0, 0, 0, 1, 0, 0, 0, 0, 0}}, |
| 15577 | 93 |
| 15578 | 94 #ifdef TPM_ALG_CTR |
| 15579 | 95 {TPM_ALG_CTR, {0, 1, 0, 0, 0, 0, 1, 0, 0}}, |
| 15580 | 96 #endif |
| 15581 | 97 #ifdef TPM_ALG_OFB |
| 15582 | 98 {TPM_ALG_OFB, {0, 1, 0, 0, 0, 0, 1, 0, 0}}, |
| 15583 | 99 #endif |
| 15584 | 100 #ifdef TPM_ALG_CBC |
| 15585 | 101 {TPM_ALG_CBC, {0, 1, 0, 0, 0, 0, 1, 0, 0}}, |
| 15586 | 102 #endif |
| 15587 | 103 #ifdef TPM_ALG_CFB |
| 15588 | 104 {TPM_ALG_CFB, {0, 1, 0, 0, 0, 0, 1, 0, 0}}, |
| 15589 | 105 #endif |
| 15590 | 106 #ifdef TPM_ALG_ECB |
| 15591 | 107 {TPM_ALG_ECB, {0, 1, 0, 0, 0, 0, 1, 0, 0}}, |
| 15592 | 108 #endif |
| 15593 | 109 }; |
| 15594 | |
| 15595 | |
| 15596 | 9.1.3 AlgorithmCapGetImplemented() |
| 15597 | |
| 15598 | This function is used by TPM2_GetCapability() to return a list of the implemented algorithms. |
| 15599 | |
| 15600 | |
| 15601 | |
| 15602 | |
| 15603 | Family "2.0" TCG Published Page 215 |
| 15604 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 15605 | Trusted Platform Module Library Part 4: Supporting Routines |
| 15606 | |
| 15607 | |
| 15608 | Return Value Meaning |
| 15609 | |
| 15610 | YES more algorithms to report |
| 15611 | NO no more algorithms to report |
| 15612 | |
| 15613 | 110 TPMI_YES_NO |
| 15614 | 111 AlgorithmCapGetImplemented( |
| 15615 | 112 TPM_ALG_ID algID, // IN: the starting algorithm ID |
| 15616 | 113 UINT32 count, // IN: count of returned algorithms |
| 15617 | 114 TPML_ALG_PROPERTY *algList // OUT: algorithm list |
| 15618 | 115 ) |
| 15619 | 116 { |
| 15620 | 117 TPMI_YES_NO more = NO; |
| 15621 | 118 UINT32 i; |
| 15622 | 119 UINT32 algNum; |
| 15623 | 120 |
| 15624 | 121 // initialize output algorithm list |
| 15625 | 122 algList->count = 0; |
| 15626 | 123 |
| 15627 | 124 // The maximum count of algorithms we may return is MAX_CAP_ALGS. |
| 15628 | 125 if(count > MAX_CAP_ALGS) |
| 15629 | 126 count = MAX_CAP_ALGS; |
| 15630 | 127 |
| 15631 | 128 // Compute how many algorithms are defined in s_algorithms array. |
| 15632 | 129 algNum = sizeof(s_algorithms) / sizeof(s_algorithms[0]); |
| 15633 | 130 |
| 15634 | 131 // Scan the implemented algorithm list to see if there is a match to 'algID'. |
| 15635 | 132 for(i = 0; i < algNum; i++) |
| 15636 | 133 { |
| 15637 | 134 // If algID is less than the starting algorithm ID, skip it |
| 15638 | 135 if(s_algorithms[i].algID < algID) |
| 15639 | 136 continue; |
| 15640 | 137 if(algList->count < count) |
| 15641 | 138 { |
| 15642 | 139 // If we have not filled up the return list, add more algorithms |
| 15643 | 140 // to it |
| 15644 | 141 algList->algProperties[algList->count].alg = s_algorithms[i].algID; |
| 15645 | 142 algList->algProperties[algList->count].algProperties = |
| 15646 | 143 s_algorithms[i].attributes; |
| 15647 | 144 algList->count++; |
| 15648 | 145 } |
| 15649 | 146 else |
| 15650 | 147 { |
| 15651 | 148 // If the return list is full but we still have algorithms |
| 15652 | 149 // available, report this and stop scanning. |
| 15653 | 150 more = YES; |
| 15654 | 151 break; |
| 15655 | 152 } |
| 15656 | 153 |
| 15657 | 154 } |
| 15658 | 155 |
| 15659 | 156 return more; |
| 15660 | 157 |
| 15661 | 158 } |
| 15662 | 159 LIB_EXPORT |
| 15663 | 160 void |
| 15664 | 161 AlgorithmGetImplementedVector( |
| 15665 | 162 ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET |
| 15666 | 163 ) |
| 15667 | 164 { |
| 15668 | 165 int index; |
| 15669 | 166 |
| 15670 | 167 // Nothing implemented until we say it is |
| 15671 | 168 MemorySet(implemented, 0, sizeof(ALGORITHM_VECTOR)); |
| 15672 | |
| 15673 | Page 216 TCG Published Family "2.0" |
| 15674 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 15675 | Part 4: Supporting Routines Trusted Platform Module Library |
| 15676 | |
| 15677 | 169 |
| 15678 | 170 for(index = (sizeof(s_algorithms) / sizeof(s_algorithms[0])) - 1; |
| 15679 | 171 index >= 0; |
| 15680 | 172 index--) |
| 15681 | 173 SET_BIT(s_algorithms[index].algID, *implemented); |
| 15682 | 174 return; |
| 15683 | 175 } |
| 15684 | |
| 15685 | |
| 15686 | 9.2 Bits.c |
| 15687 | |
| 15688 | 9.2.1 Introduction |
| 15689 | |
| 15690 | This file contains bit manipulation routines. They operate on bit arrays. |
| 15691 | The 0th bit in the array is the right-most bit in the 0th octet in the array. |
| 15692 | |
| 15693 | NOTE: If pAssert() is defined, the functions will assert if the indicated bit number is outside of the range of bArray. How |
| 15694 | the assert is handled is implementation dependent. |
| 15695 | |
| 15696 | |
| 15697 | 9.2.2 Includes |
| 15698 | |
| 15699 | 1 #include "InternalRoutines.h" |
| 15700 | |
| 15701 | |
| 15702 | 9.2.3 Functions |
| 15703 | |
| 15704 | 9.2.3.1 BitIsSet() |
| 15705 | |
| 15706 | This function is used to check the setting of a bit in an array of bits. |
| 15707 | |
| 15708 | Return Value Meaning |
| 15709 | |
| 15710 | TRUE bit is set |
| 15711 | FALSE bit is not set |
| 15712 | |
| 15713 | 2 BOOL |
| 15714 | 3 BitIsSet( |
| 15715 | 4 unsigned int bitNum, // IN: number of the bit in 'bArray' |
| 15716 | 5 BYTE *bArray, // IN: array containing the bit |
| 15717 | 6 unsigned int arraySize // IN: size in bytes of 'bArray' |
| 15718 | 7 ) |
| 15719 | 8 { |
| 15720 | 9 pAssert(arraySize > (bitNum >> 3)); |
| 15721 | 10 return((bArray[bitNum >> 3] & (1 << (bitNum & 7))) != 0); |
| 15722 | 11 } |
| 15723 | |
| 15724 | |
| 15725 | 9.2.3.2 BitSet() |
| 15726 | |
| 15727 | This function will set the indicated bit in bArray. |
| 15728 | |
| 15729 | 12 void |
| 15730 | 13 BitSet( |
| 15731 | 14 unsigned int bitNum, // IN: number of the bit in 'bArray' |
| 15732 | 15 BYTE *bArray, // IN: array containing the bit |
| 15733 | 16 unsigned int arraySize // IN: size in bytes of 'bArray' |
| 15734 | 17 ) |
| 15735 | 18 { |
| 15736 | 19 pAssert(arraySize > bitNum/8); |
| 15737 | 20 bArray[bitNum >> 3] |= (1 << (bitNum & 7)); |
| 15738 | |
| 15739 | Family "2.0" TCG Published Page 217 |
| 15740 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 15741 | Trusted Platform Module Library Part 4: Supporting Routines |
| 15742 | |
| 15743 | 21 } |
| 15744 | |
| 15745 | |
| 15746 | 9.2.3.3 BitClear() |
| 15747 | |
| 15748 | This function will clear the indicated bit in bArray. |
| 15749 | |
| 15750 | 22 void |
| 15751 | 23 BitClear( |
| 15752 | 24 unsigned int bitNum, // IN: number of the bit in 'bArray'. |
| 15753 | 25 BYTE *bArray, // IN: array containing the bit |
| 15754 | 26 unsigned int arraySize // IN: size in bytes of 'bArray' |
| 15755 | 27 ) |
| 15756 | 28 { |
| 15757 | 29 pAssert(arraySize > bitNum/8); |
| 15758 | 30 bArray[bitNum >> 3] &= ~(1 << (bitNum & 7)); |
| 15759 | 31 } |
| 15760 | |
| 15761 | |
| 15762 | 9.3 CommandAttributeData.c |
| 15763 | |
| 15764 | This is the command code attribute array for GetCapability(). Both this array and s_commandAttributes |
| 15765 | provides command code attributes, but tuned for different purpose |
| 15766 | |
| 15767 | 1 static const TPMA_CC s_ccAttr [] = { |
| 15768 | 2 {0x011f, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_UndefineSpaceSpecial |
| 15769 | 3 {0x0120, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_EvictControl |
| 15770 | 4 {0x0121, 0, 1, 1, 0, 1, 0, 0, 0}, // TPM_CC_HierarchyControl |
| 15771 | 5 {0x0122, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_UndefineSpace |
| 15772 | 6 {0x0123, 0, 0, 0, 0, 0, 0, 0, 0}, // No command |
| 15773 | 7 {0x0124, 0, 1, 1, 0, 1, 0, 0, 0}, // TPM_CC_ChangeEPS |
| 15774 | 8 {0x0125, 0, 1, 1, 0, 1, 0, 0, 0}, // TPM_CC_ChangePPS |
| 15775 | 9 {0x0126, 0, 1, 1, 0, 1, 0, 0, 0}, // TPM_CC_Clear |
| 15776 | 10 {0x0127, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_ClearControl |
| 15777 | 11 {0x0128, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_ClockSet |
| 15778 | 12 {0x0129, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_HierarchyChangeAuth |
| 15779 | 13 {0x012a, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_NV_DefineSpace |
| 15780 | 14 {0x012b, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_PCR_Allocate |
| 15781 | 15 {0x012c, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_PCR_SetAuthPolicy |
| 15782 | 16 {0x012d, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_PP_Commands |
| 15783 | 17 {0x012e, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_SetPrimaryPolicy |
| 15784 | 18 {0x012f, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_FieldUpgradeStart |
| 15785 | 19 {0x0130, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_ClockRateAdjust |
| 15786 | 20 {0x0131, 0, 0, 0, 0, 1, 1, 0, 0}, // TPM_CC_CreatePrimary |
| 15787 | 21 {0x0132, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_NV_GlobalWriteLock |
| 15788 | 22 {0x0133, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_GetCommandAuditDigest |
| 15789 | 23 {0x0134, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_Increment |
| 15790 | 24 {0x0135, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_SetBits |
| 15791 | 25 {0x0136, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_Extend |
| 15792 | 26 {0x0137, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_Write |
| 15793 | 27 {0x0138, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_WriteLock |
| 15794 | 28 {0x0139, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_DictionaryAttackLockReset |
| 15795 | 29 {0x013a, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_DictionaryAttackParameters |
| 15796 | 30 {0x013b, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_NV_ChangeAuth |
| 15797 | 31 {0x013c, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_PCR_Event |
| 15798 | 32 {0x013d, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_PCR_Reset |
| 15799 | 33 {0x013e, 0, 0, 0, 1, 1, 0, 0, 0}, // TPM_CC_SequenceComplete |
| 15800 | 34 {0x013f, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_SetAlgorithmSet |
| 15801 | 35 {0x0140, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_SetCommandCodeAuditStatus |
| 15802 | 36 {0x0141, 0, 1, 0, 0, 0, 0, 0, 0}, // TPM_CC_FieldUpgradeData |
| 15803 | 37 {0x0142, 0, 1, 0, 0, 0, 0, 0, 0}, // TPM_CC_IncrementalSelfTest |
| 15804 | 38 {0x0143, 0, 1, 0, 0, 0, 0, 0, 0}, // TPM_CC_SelfTest |
| 15805 | 39 {0x0144, 0, 1, 0, 0, 0, 0, 0, 0}, // TPM_CC_Startup |
| 15806 | 40 {0x0145, 0, 1, 0, 0, 0, 0, 0, 0}, // TPM_CC_Shutdown |
| 15807 | 41 {0x0146, 0, 1, 0, 0, 0, 0, 0, 0}, // TPM_CC_StirRandom |
| 15808 | |
| 15809 | Page 218 TCG Published Family "2.0" |
| 15810 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 15811 | Part 4: Supporting Routines Trusted Platform Module Library |
| 15812 | |
| 15813 | 42 {0x0147, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_ActivateCredential |
| 15814 | 43 {0x0148, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_Certify |
| 15815 | 44 {0x0149, 0, 0, 0, 0, 3, 0, 0, 0}, // TPM_CC_PolicyNV |
| 15816 | 45 {0x014a, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_CertifyCreation |
| 15817 | 46 {0x014b, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_Duplicate |
| 15818 | 47 {0x014c, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_GetTime |
| 15819 | 48 {0x014d, 0, 0, 0, 0, 3, 0, 0, 0}, // TPM_CC_GetSessionAuditDigest |
| 15820 | 49 {0x014e, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_Read |
| 15821 | 50 {0x014f, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_ReadLock |
| 15822 | 51 {0x0150, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_ObjectChangeAuth |
| 15823 | 52 {0x0151, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_PolicySecret |
| 15824 | 53 {0x0152, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_Rewrap |
| 15825 | 54 {0x0153, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Create |
| 15826 | 55 {0x0154, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_ECDH_ZGen |
| 15827 | 56 {0x0155, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_HMAC |
| 15828 | 57 {0x0156, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Import |
| 15829 | 58 {0x0157, 0, 0, 0, 0, 1, 1, 0, 0}, // TPM_CC_Load |
| 15830 | 59 {0x0158, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Quote |
| 15831 | 60 {0x0159, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_RSA_Decrypt |
| 15832 | 61 {0x015a, 0, 0, 0, 0, 0, 0, 0, 0}, // No command |
| 15833 | 62 {0x015b, 0, 0, 0, 0, 1, 1, 0, 0}, // TPM_CC_HMAC_Start |
| 15834 | 63 {0x015c, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_SequenceUpdate |
| 15835 | 64 {0x015d, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Sign |
| 15836 | 65 {0x015e, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Unseal |
| 15837 | 66 {0x015f, 0, 0, 0, 0, 0, 0, 0, 0}, // No command |
| 15838 | 67 {0x0160, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_PolicySigned |
| 15839 | 68 {0x0161, 0, 0, 0, 0, 0, 1, 0, 0}, // TPM_CC_ContextLoad |
| 15840 | 69 {0x0162, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_ContextSave |
| 15841 | 70 {0x0163, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_ECDH_KeyGen |
| 15842 | 71 {0x0164, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_EncryptDecrypt |
| 15843 | 72 {0x0165, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_FlushContext |
| 15844 | 73 {0x0166, 0, 0, 0, 0, 0, 0, 0, 0}, // No command |
| 15845 | 74 {0x0167, 0, 0, 0, 0, 0, 1, 0, 0}, // TPM_CC_LoadExternal |
| 15846 | 75 {0x0168, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_MakeCredential |
| 15847 | 76 {0x0169, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_NV_ReadPublic |
| 15848 | 77 {0x016a, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyAuthorize |
| 15849 | 78 {0x016b, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyAuthValue |
| 15850 | 79 {0x016c, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyCommandCode |
| 15851 | 80 {0x016d, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyCounterTimer |
| 15852 | 81 {0x016e, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyCpHash |
| 15853 | 82 {0x016f, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyLocality |
| 15854 | 83 {0x0170, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyNameHash |
| 15855 | 84 {0x0171, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyOR |
| 15856 | 85 {0x0172, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyTicket |
| 15857 | 86 {0x0173, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_ReadPublic |
| 15858 | 87 {0x0174, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_RSA_Encrypt |
| 15859 | 88 {0x0175, 0, 0, 0, 0, 0, 0, 0, 0}, // No command |
| 15860 | 89 {0x0176, 0, 0, 0, 0, 2, 1, 0, 0}, // TPM_CC_StartAuthSession |
| 15861 | 90 {0x0177, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_VerifySignature |
| 15862 | 91 {0x0178, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_ECC_Parameters |
| 15863 | 92 {0x0179, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_FirmwareRead |
| 15864 | 93 {0x017a, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_GetCapability |
| 15865 | 94 {0x017b, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_GetRandom |
| 15866 | 95 {0x017c, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_GetTestResult |
| 15867 | 96 {0x017d, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_Hash |
| 15868 | 97 {0x017e, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_PCR_Read |
| 15869 | 98 {0x017f, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyPCR |
| 15870 | 99 {0x0180, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyRestart |
| 15871 | 100 {0x0181, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_ReadClock |
| 15872 | 101 {0x0182, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_PCR_Extend |
| 15873 | 102 {0x0183, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PCR_SetAuthValue |
| 15874 | 103 {0x0184, 0, 0, 0, 0, 3, 0, 0, 0}, // TPM_CC_NV_Certify |
| 15875 | 104 {0x0185, 0, 1, 0, 1, 2, 0, 0, 0}, // TPM_CC_EventSequenceComplete |
| 15876 | 105 {0x0186, 0, 0, 0, 0, 0, 1, 0, 0}, // TPM_CC_HashSequenceStart |
| 15877 | 106 {0x0187, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyPhysicalPresence |
| 15878 | 107 {0x0188, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyDuplicationSelect |
| 15879 | |
| 15880 | Family "2.0" TCG Published Page 219 |
| 15881 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 15882 | Trusted Platform Module Library Part 4: Supporting Routines |
| 15883 | |
| 15884 | 108 {0x0189, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyGetDigest |
| 15885 | 109 {0x018a, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_TestParms |
| 15886 | 110 {0x018b, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Commit |
| 15887 | 111 {0x018c, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyPassword |
| 15888 | 112 {0x018d, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_ZGen_2Phase |
| 15889 | 113 {0x018e, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_EC_Ephemeral |
| 15890 | 114 {0x018f, 0, 0, 0, 0, 1, 0, 0, 0} // TPM_CC_PolicyNvWritten |
| 15891 | 115 }; |
| 15892 | 116 typedef UINT16 _ATTR_; |
| 15893 | 117 #define NOT_IMPLEMENTED (_ATTR_)(0) |
| 15894 | 118 #define ENCRYPT_2 (_ATTR_)(1 << 0) |
| 15895 | 119 #define ENCRYPT_4 (_ATTR_)(1 << 1) |
| 15896 | 120 #define DECRYPT_2 (_ATTR_)(1 << 2) |
| 15897 | 121 #define DECRYPT_4 (_ATTR_)(1 << 3) |
| 15898 | 122 #define HANDLE_1_USER (_ATTR_)(1 << 4) |
| 15899 | 123 #define HANDLE_1_ADMIN (_ATTR_)(1 << 5) |
| 15900 | 124 #define HANDLE_1_DUP (_ATTR_)(1 << 6) |
| 15901 | 125 #define HANDLE_2_USER (_ATTR_)(1 << 7) |
| 15902 | 126 #define PP_COMMAND (_ATTR_)(1 << 8) |
| 15903 | 127 #define IS_IMPLEMENTED (_ATTR_)(1 << 9) |
| 15904 | 128 #define NO_SESSIONS (_ATTR_)(1 << 10) |
| 15905 | 129 #define NV_COMMAND (_ATTR_)(1 << 11) |
| 15906 | 130 #define PP_REQUIRED (_ATTR_)(1 << 12) |
| 15907 | 131 #define R_HANDLE (_ATTR_)(1 << 13) |
| 15908 | |
| 15909 | This is the command code attribute structure. |
| 15910 | |
| 15911 | 132 typedef UINT16 COMMAND_ATTRIBUTES; |
| 15912 | 133 static const COMMAND_ATTRIBUTES s_commandAttributes [] = { |
| 15913 | 134 (_ATTR_)(CC_NV_UndefineSpaceSpecial * |
| 15914 | (IS_IMPLEMENTED+HANDLE_1_ADMIN+HANDLE_2_USER+PP_COMMAND)), // 0x011f |
| 15915 | 135 (_ATTR_)(CC_EvictControl * |
| 15916 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), // 0x0120 |
| 15917 | 136 (_ATTR_)(CC_HierarchyControl * |
| 15918 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), // 0x0121 |
| 15919 | 137 (_ATTR_)(CC_NV_UndefineSpace * |
| 15920 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), // 0x0122 |
| 15921 | 138 (_ATTR_) (NOT_IMPLEMENTED), |
| 15922 | // 0x0123 - Not assigned |
| 15923 | 139 (_ATTR_)(CC_ChangeEPS * |
| 15924 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), // 0x0124 |
| 15925 | 140 (_ATTR_)(CC_ChangePPS * |
| 15926 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), // 0x0125 |
| 15927 | 141 (_ATTR_)(CC_Clear * |
| 15928 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), // 0x0126 |
| 15929 | 142 (_ATTR_)(CC_ClearControl * |
| 15930 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), // 0x0127 |
| 15931 | 143 (_ATTR_)(CC_ClockSet * |
| 15932 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), // 0x0128 |
| 15933 | 144 (_ATTR_)(CC_HierarchyChangeAuth * |
| 15934 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), // 0x0129 |
| 15935 | 145 (_ATTR_)(CC_NV_DefineSpace * |
| 15936 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), // 0x012a |
| 15937 | 146 (_ATTR_)(CC_PCR_Allocate * |
| 15938 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), // 0x012b |
| 15939 | 147 (_ATTR_)(CC_PCR_SetAuthPolicy * |
| 15940 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), // 0x012c |
| 15941 | 148 (_ATTR_)(CC_PP_Commands * |
| 15942 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_REQUIRED)), // 0x012d |
| 15943 | 149 (_ATTR_)(CC_SetPrimaryPolicy * |
| 15944 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), // 0x012e |
| 15945 | 150 (_ATTR_)(CC_FieldUpgradeStart * |
| 15946 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+PP_COMMAND)), // 0x012f |
| 15947 | 151 (_ATTR_)(CC_ClockRateAdjust * |
| 15948 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), // 0x0130 |
| 15949 | |
| 15950 | |
| 15951 | Page 220 TCG Published Family "2.0" |
| 15952 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 15953 | Part 4: Supporting Routines Trusted Platform Module Library |
| 15954 | |
| 15955 | 152 (_ATTR_)(CC_CreatePrimary * |
| 15956 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), // 0x0131 |
| 15957 | 153 (_ATTR_)(CC_NV_GlobalWriteLock * |
| 15958 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), // 0x0132 |
| 15959 | 154 (_ATTR_)(CC_GetCommandAuditDigest * |
| 15960 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), // 0x0133 |
| 15961 | 155 (_ATTR_)(CC_NV_Increment * (IS_IMPLEMENTED+HANDLE_1_USER)), |
| 15962 | // 0x0134 |
| 15963 | 156 (_ATTR_)(CC_NV_SetBits * (IS_IMPLEMENTED+HANDLE_1_USER)), |
| 15964 | // 0x0135 |
| 15965 | 157 (_ATTR_)(CC_NV_Extend * |
| 15966 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), // 0x0136 |
| 15967 | 158 (_ATTR_)(CC_NV_Write * |
| 15968 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), // 0x0137 |
| 15969 | 159 (_ATTR_)(CC_NV_WriteLock * (IS_IMPLEMENTED+HANDLE_1_USER)), |
| 15970 | // 0x0138 |
| 15971 | 160 (_ATTR_)(CC_DictionaryAttackLockReset * (IS_IMPLEMENTED+HANDLE_1_USER)), |
| 15972 | // 0x0139 |
| 15973 | 161 (_ATTR_)(CC_DictionaryAttackParameters * (IS_IMPLEMENTED+HANDLE_1_USER)), |
| 15974 | // 0x013a |
| 15975 | 162 (_ATTR_)(CC_NV_ChangeAuth * |
| 15976 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN)), // 0x013b |
| 15977 | 163 (_ATTR_)(CC_PCR_Event * |
| 15978 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), // 0x013c |
| 15979 | 164 (_ATTR_)(CC_PCR_Reset * (IS_IMPLEMENTED+HANDLE_1_USER)), |
| 15980 | // 0x013d |
| 15981 | 165 (_ATTR_)(CC_SequenceComplete * |
| 15982 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), // 0x013e |
| 15983 | 166 (_ATTR_)(CC_SetAlgorithmSet * (IS_IMPLEMENTED+HANDLE_1_USER)), |
| 15984 | // 0x013f |
| 15985 | 167 (_ATTR_)(CC_SetCommandCodeAuditStatus * |
| 15986 | (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), // 0x0140 |
| 15987 | 168 (_ATTR_)(CC_FieldUpgradeData * (IS_IMPLEMENTED+DECRYPT_2)), |
| 15988 | // 0x0141 |
| 15989 | 169 (_ATTR_)(CC_IncrementalSelfTest * (IS_IMPLEMENTED)), |
| 15990 | // 0x0142 |
| 15991 | 170 (_ATTR_)(CC_SelfTest * (IS_IMPLEMENTED)), |
| 15992 | // 0x0143 |
| 15993 | 171 (_ATTR_)(CC_Startup * (IS_IMPLEMENTED+NO_SESSIONS)), |
| 15994 | // 0x0144 |
| 15995 | 172 (_ATTR_)(CC_Shutdown * (IS_IMPLEMENTED)), |
| 15996 | // 0x0145 |
| 15997 | 173 (_ATTR_)(CC_StirRandom * (IS_IMPLEMENTED+DECRYPT_2)), |
| 15998 | // 0x0146 |
| 15999 | 174 (_ATTR_)(CC_ActivateCredential * |
| 16000 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), // 0x0147 |
| 16001 | 175 (_ATTR_)(CC_Certify * |
| 16002 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), // 0x0148 |
| 16003 | 176 (_ATTR_)(CC_PolicyNV * |
| 16004 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), // 0x0149 |
| 16005 | 177 (_ATTR_)(CC_CertifyCreation * |
| 16006 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), // 0x014a |
| 16007 | 178 (_ATTR_)(CC_Duplicate * |
| 16008 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+ENCRYPT_2)), // 0x014b |
| 16009 | 179 (_ATTR_)(CC_GetTime * |
| 16010 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), // 0x014c |
| 16011 | 180 (_ATTR_)(CC_GetSessionAuditDigest * |
| 16012 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), // 0x014d |
| 16013 | 181 (_ATTR_)(CC_NV_Read * |
| 16014 | (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), // 0x014e |
| 16015 | 182 (_ATTR_)(CC_NV_ReadLock * (IS_IMPLEMENTED+HANDLE_1_USER)), |
| 16016 | // 0x014f |
| 16017 | 183 (_ATTR_)(CC_ObjectChangeAuth * |
| 16018 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+ENCRYPT_2)), // 0x0150 |
| 16019 | 184 (_ATTR_)(CC_PolicySecret * |
| 16020 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), // 0x0151 |
| 16021 | |
| 16022 | Family "2.0" TCG Published Page 221 |
| 16023 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 16024 | Trusted Platform Module Library Part 4: Supporting Routines |
| 16025 | |
| 16026 | 185 (_ATTR_)(CC_Rewrap * |
| 16027 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), // 0x0152 |
| 16028 | 186 (_ATTR_)(CC_Create * |
| 16029 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), // 0x0153 |
| 16030 | 187 (_ATTR_)(CC_ECDH_ZGen * |
| 16031 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), // 0x0154 |
| 16032 | 188 (_ATTR_)(CC_HMAC * |
| 16033 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), // 0x0155 |
| 16034 | 189 (_ATTR_)(CC_Import * |
| 16035 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), // 0x0156 |
| 16036 | 190 (_ATTR_)(CC_Load * |
| 16037 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2+R_HANDLE)), // 0x0157 |
| 16038 | 191 (_ATTR_)(CC_Quote * |
| 16039 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), // 0x0158 |
| 16040 | 192 (_ATTR_)(CC_RSA_Decrypt * |
| 16041 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), // 0x0159 |
| 16042 | 193 (_ATTR_) (NOT_IMPLEMENTED), |
| 16043 | // 0x015a - Not assigned |
| 16044 | 194 (_ATTR_)(CC_HMAC_Start * |
| 16045 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+R_HANDLE)), // 0x015b |
| 16046 | 195 (_ATTR_)(CC_SequenceUpdate * |
| 16047 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), // 0x015c |
| 16048 | 196 (_ATTR_)(CC_Sign * |
| 16049 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), // 0x015d |
| 16050 | 197 (_ATTR_)(CC_Unseal * |
| 16051 | (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), // 0x015e |
| 16052 | 198 (_ATTR_) (NOT_IMPLEMENTED), |
| 16053 | // 0x015f - Not assigned |
| 16054 | 199 (_ATTR_)(CC_PolicySigned * (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), |
| 16055 | // 0x0160 |
| 16056 | 200 (_ATTR_)(CC_ContextLoad * (IS_IMPLEMENTED+NO_SESSIONS+R_HANDLE)), |
| 16057 | // 0x0161 |
| 16058 | 201 (_ATTR_)(CC_ContextSave * (IS_IMPLEMENTED+NO_SESSIONS)), |
| 16059 | // 0x0162 |
| 16060 | 202 (_ATTR_)(CC_ECDH_KeyGen * (IS_IMPLEMENTED+ENCRYPT_2)), |
| 16061 | // 0x0163 |
| 16062 | 203 (_ATTR_)(CC_EncryptDecrypt * |
| 16063 | (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), // 0x0164 |
| 16064 | 204 (_ATTR_)(CC_FlushContext * (IS_IMPLEMENTED+NO_SESSIONS)), |
| 16065 | // 0x0165 |
| 16066 | 205 (_ATTR_) (NOT_IMPLEMENTED), |
| 16067 | // 0x0166 - Not assigned |
| 16068 | 206 (_ATTR_)(CC_LoadExternal * |
| 16069 | (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), // 0x0167 |
| 16070 | 207 (_ATTR_)(CC_MakeCredential * (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), |
| 16071 | // 0x0168 |
| 16072 | 208 (_ATTR_)(CC_NV_ReadPublic * (IS_IMPLEMENTED+ENCRYPT_2)), |
| 16073 | // 0x0169 |
| 16074 | 209 (_ATTR_)(CC_PolicyAuthorize * (IS_IMPLEMENTED+DECRYPT_2)), |
| 16075 | // 0x016a |
| 16076 | 210 (_ATTR_)(CC_PolicyAuthValue * (IS_IMPLEMENTED)), |
| 16077 | // 0x016b |
| 16078 | 211 (_ATTR_)(CC_PolicyCommandCode * (IS_IMPLEMENTED)), |
| 16079 | // 0x016c |
| 16080 | 212 (_ATTR_)(CC_PolicyCounterTimer * (IS_IMPLEMENTED+DECRYPT_2)), |
| 16081 | // 0x016d |
| 16082 | 213 (_ATTR_)(CC_PolicyCpHash * (IS_IMPLEMENTED+DECRYPT_2)), |
| 16083 | // 0x016e |
| 16084 | 214 (_ATTR_)(CC_PolicyLocality * (IS_IMPLEMENTED)), |
| 16085 | // 0x016f |
| 16086 | 215 (_ATTR_)(CC_PolicyNameHash * (IS_IMPLEMENTED+DECRYPT_2)), |
| 16087 | // 0x0170 |
| 16088 | 216 (_ATTR_)(CC_PolicyOR * (IS_IMPLEMENTED)), |
| 16089 | // 0x0171 |
| 16090 | 217 (_ATTR_)(CC_PolicyTicket * (IS_IMPLEMENTED+DECRYPT_2)), |
| 16091 | // 0x0172 |
| 16092 | |
| 16093 | Page 222 TCG Published Family "2.0" |
| 16094 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 16095 | Part 4: Supporting Routines Trusted Platform Module Library |
| 16096 | |
| 16097 | 218 (_ATTR_)(CC_ReadPublic * (IS_IMPLEMENTED+ENCRYPT_2)), |
| 16098 | // 0x0173 |
| 16099 | 219 (_ATTR_)(CC_RSA_Encrypt * (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), |
| 16100 | // 0x0174 |
| 16101 | 220 (_ATTR_) (NOT_IMPLEMENTED), |
| 16102 | // 0x0175 - Not assigned |
| 16103 | 221 (_ATTR_)(CC_StartAuthSession * |
| 16104 | (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), // 0x0176 |
| 16105 | 222 (_ATTR_)(CC_VerifySignature * (IS_IMPLEMENTED+DECRYPT_2)), |
| 16106 | // 0x0177 |
| 16107 | 223 (_ATTR_)(CC_ECC_Parameters * (IS_IMPLEMENTED)), |
| 16108 | // 0x0178 |
| 16109 | 224 (_ATTR_)(CC_FirmwareRead * (IS_IMPLEMENTED+ENCRYPT_2)), |
| 16110 | // 0x0179 |
| 16111 | 225 (_ATTR_)(CC_GetCapability * (IS_IMPLEMENTED)), |
| 16112 | // 0x017a |
| 16113 | 226 (_ATTR_)(CC_GetRandom * (IS_IMPLEMENTED+ENCRYPT_2)), |
| 16114 | // 0x017b |
| 16115 | 227 (_ATTR_)(CC_GetTestResult * (IS_IMPLEMENTED+ENCRYPT_2)), |
| 16116 | // 0x017c |
| 16117 | 228 (_ATTR_)(CC_Hash * (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), |
| 16118 | // 0x017d |
| 16119 | 229 (_ATTR_)(CC_PCR_Read * (IS_IMPLEMENTED)), |
| 16120 | // 0x017e |
| 16121 | 230 (_ATTR_)(CC_PolicyPCR * (IS_IMPLEMENTED+DECRYPT_2)), |
| 16122 | // 0x017f |
| 16123 | 231 (_ATTR_)(CC_PolicyRestart * (IS_IMPLEMENTED)), |
| 16124 | // 0x0180 |
| 16125 | 232 (_ATTR_)(CC_ReadClock * (IS_IMPLEMENTED+NO_SESSIONS)), |
| 16126 | // 0x0181 |
| 16127 | 233 (_ATTR_)(CC_PCR_Extend * (IS_IMPLEMENTED+HANDLE_1_USER)), |
| 16128 | // 0x0182 |
| 16129 | 234 (_ATTR_)(CC_PCR_SetAuthValue * |
| 16130 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), // 0x0183 |
| 16131 | 235 (_ATTR_)(CC_NV_Certify * |
| 16132 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), // 0x0184 |
| 16133 | 236 (_ATTR_)(CC_EventSequenceComplete * |
| 16134 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER)), // 0x0185 |
| 16135 | 237 (_ATTR_)(CC_HashSequenceStart * (IS_IMPLEMENTED+DECRYPT_2+R_HANDLE)), |
| 16136 | // 0x0186 |
| 16137 | 238 (_ATTR_)(CC_PolicyPhysicalPresence * (IS_IMPLEMENTED)), |
| 16138 | // 0x0187 |
| 16139 | 239 (_ATTR_)(CC_PolicyDuplicationSelect * (IS_IMPLEMENTED+DECRYPT_2)), |
| 16140 | // 0x0188 |
| 16141 | 240 (_ATTR_)(CC_PolicyGetDigest * (IS_IMPLEMENTED+ENCRYPT_2)), |
| 16142 | // 0x0189 |
| 16143 | 241 (_ATTR_)(CC_TestParms * (IS_IMPLEMENTED)), |
| 16144 | // 0x018a |
| 16145 | 242 (_ATTR_)(CC_Commit * |
| 16146 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), // 0x018b |
| 16147 | 243 (_ATTR_)(CC_PolicyPassword * (IS_IMPLEMENTED)), |
| 16148 | // 0x018c |
| 16149 | 244 (_ATTR_)(CC_ZGen_2Phase * |
| 16150 | (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), // 0x018d |
| 16151 | 245 (_ATTR_)(CC_EC_Ephemeral * (IS_IMPLEMENTED+ENCRYPT_2)), |
| 16152 | // 0x018e |
| 16153 | 246 (_ATTR_)(CC_PolicyNvWritten * (IS_IMPLEMENTED)) |
| 16154 | // 0x018f |
| 16155 | 247 }; |
| 16156 | |
| 16157 | |
| 16158 | |
| 16159 | |
| 16160 | Family "2.0" TCG Published Page 223 |
| 16161 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 16162 | Trusted Platform Module Library Part 4: Supporting Routines |
| 16163 | |
| 16164 | 9.4 CommandCodeAttributes.c |
| 16165 | |
| 16166 | 9.4.1 Introduction |
| 16167 | |
| 16168 | This file contains the functions for testing various command properties. |
| 16169 | |
| 16170 | 9.4.2 Includes and Defines |
| 16171 | |
| 16172 | 1 #include "Tpm.h" |
| 16173 | 2 #include "InternalRoutines.h" |
| 16174 | 3 typedef UINT16 ATTRIBUTE_TYPE; |
| 16175 | |
| 16176 | The following file is produced from the command tables in part 3 of the specification. It defines the |
| 16177 | attributes for each of the commands. |
| 16178 | |
| 16179 | NOTE: This file is currently produced by an automated process. Files produced from Part 2 or Part 3 tables through |
| 16180 | automated processes are not included in the specification so that their is no ambiguity about the table |
| 16181 | containing the information being the normative definition. |
| 16182 | |
| 16183 | 4 #include "CommandAttributeData.c" |
| 16184 | |
| 16185 | |
| 16186 | 9.4.3 Command Attribute Functions |
| 16187 | |
| 16188 | 9.4.3.1 CommandAuthRole() |
| 16189 | |
| 16190 | This function returns the authorization role required of a handle. |
| 16191 | |
| 16192 | Return Value Meaning |
| 16193 | |
| 16194 | AUTH_NONE no authorization is required |
| 16195 | AUTH_USER user role authorization is required |
| 16196 | AUTH_ADMIN admin role authorization is required |
| 16197 | AUTH_DUP duplication role authorization is required |
| 16198 | |
| 16199 | 5 AUTH_ROLE |
| 16200 | 6 CommandAuthRole( |
| 16201 | 7 TPM_CC commandCode, // IN: command code |
| 16202 | 8 UINT32 handleIndex // IN: handle index (zero based) |
| 16203 | 9 ) |
| 16204 | 10 { |
| 16205 | 11 if(handleIndex > 1) |
| 16206 | 12 return AUTH_NONE; |
| 16207 | 13 if(handleIndex == 0) { |
| 16208 | 14 ATTRIBUTE_TYPE properties = s_commandAttributes[commandCode - TPM_CC_FIRST]; |
| 16209 | 15 if(properties & HANDLE_1_USER) return AUTH_USER; |
| 16210 | 16 if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN; |
| 16211 | 17 if(properties & HANDLE_1_DUP) return AUTH_DUP; |
| 16212 | 18 return AUTH_NONE; |
| 16213 | 19 } |
| 16214 | 20 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & HANDLE_2_USER) return |
| 16215 | AUTH_USER; |
| 16216 | 21 return AUTH_NONE; |
| 16217 | 22 } |
| 16218 | |
| 16219 | |
| 16220 | 9.4.3.2 CommandIsImplemented() |
| 16221 | |
| 16222 | This function indicates if a command is implemented. |
| 16223 | |
| 16224 | Page 224 TCG Published Family "2.0" |
| 16225 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 16226 | Part 4: Supporting Routines Trusted Platform Module Library |
| 16227 | |
| 16228 | |
| 16229 | Return Value Meaning |
| 16230 | |
| 16231 | TRUE if the command is implemented |
| 16232 | FALSE if the command is not implemented |
| 16233 | |
| 16234 | 23 BOOL |
| 16235 | 24 CommandIsImplemented( |
| 16236 | 25 TPM_CC commandCode // IN: command code |
| 16237 | 26 ) |
| 16238 | 27 { |
| 16239 | 28 if(commandCode < TPM_CC_FIRST || commandCode > TPM_CC_LAST) |
| 16240 | 29 return FALSE; |
| 16241 | 30 if((s_commandAttributes[commandCode - TPM_CC_FIRST] & IS_IMPLEMENTED)) |
| 16242 | 31 return TRUE; |
| 16243 | 32 else |
| 16244 | 33 return FALSE; |
| 16245 | 34 } |
| 16246 | |
| 16247 | |
| 16248 | 9.4.3.3 CommandGetAttribute() |
| 16249 | |
| 16250 | return a TPMA_CC structure for the given command code |
| 16251 | |
| 16252 | 35 TPMA_CC |
| 16253 | 36 CommandGetAttribute( |
| 16254 | 37 TPM_CC commandCode // IN: command code |
| 16255 | 38 ) |
| 16256 | 39 { |
| 16257 | 40 UINT32 size = sizeof(s_ccAttr) / sizeof(s_ccAttr[0]); |
| 16258 | 41 UINT32 i; |
| 16259 | 42 for(i = 0; i < size; i++) { |
| 16260 | 43 if(s_ccAttr[i].commandIndex == (UINT16) commandCode) |
| 16261 | 44 return s_ccAttr[i]; |
| 16262 | 45 } |
| 16263 | 46 |
| 16264 | 47 // This function should be called in the way that the command code |
| 16265 | 48 // attribute is available. |
| 16266 | 49 FAIL(FATAL_ERROR_INTERNAL); |
| 16267 | 50 } |
| 16268 | |
| 16269 | |
| 16270 | 9.4.3.4 EncryptSize() |
| 16271 | |
| 16272 | This function returns the size of the decrypt size field. This function returns 0 if encryption is not allowed |
| 16273 | |
| 16274 | Return Value Meaning |
| 16275 | |
| 16276 | 0 encryption not allowed |
| 16277 | 2 size field is two bytes |
| 16278 | 4 size field is four bytes |
| 16279 | |
| 16280 | 51 int |
| 16281 | 52 EncryptSize( |
| 16282 | 53 TPM_CC commandCode // IN: commandCode |
| 16283 | 54 ) |
| 16284 | 55 { |
| 16285 | 56 COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST]; |
| 16286 | 57 if(ca & ENCRYPT_2) |
| 16287 | 58 return 2; |
| 16288 | 59 if(ca & ENCRYPT_4) |
| 16289 | 60 return 4; |
| 16290 | 61 return 0; |
| 16291 | |
| 16292 | Family "2.0" TCG Published Page 225 |
| 16293 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 16294 | Trusted Platform Module Library Part 4: Supporting Routines |
| 16295 | |
| 16296 | 62 } |
| 16297 | |
| 16298 | |
| 16299 | 9.4.3.5 DecryptSize() |
| 16300 | |
| 16301 | This function returns the size of the decrypt size field. This function returns 0 if decryption is not allowed |
| 16302 | |
| 16303 | Return Value Meaning |
| 16304 | |
| 16305 | 0 encryption not allowed |
| 16306 | 2 size field is two bytes |
| 16307 | 4 size field is four bytes |
| 16308 | |
| 16309 | 63 int |
| 16310 | 64 DecryptSize( |
| 16311 | 65 TPM_CC commandCode // IN: commandCode |
| 16312 | 66 ) |
| 16313 | 67 { |
| 16314 | 68 COMMAND_ATTRIBUTES ca = s_commandAttributes[commandCode - TPM_CC_FIRST]; |
| 16315 | 69 |
| 16316 | 70 if(ca & DECRYPT_2) |
| 16317 | 71 return 2; |
| 16318 | 72 if(ca & DECRYPT_4) |
| 16319 | 73 return 4; |
| 16320 | 74 return 0; |
| 16321 | 75 } |
| 16322 | |
| 16323 | |
| 16324 | 9.4.3.6 IsSessionAllowed() |
| 16325 | |
| 16326 | This function indicates if the command is allowed to have sessions. |
| 16327 | This function must not be called if the command is not known to be implemented. |
| 16328 | |
| 16329 | Return Value Meaning |
| 16330 | |
| 16331 | TRUE session is allowed with this command |
| 16332 | FALSE session is not allowed with this command |
| 16333 | |
| 16334 | 76 BOOL |
| 16335 | 77 IsSessionAllowed( |
| 16336 | 78 TPM_CC commandCode // IN: the command to be checked |
| 16337 | 79 ) |
| 16338 | 80 { |
| 16339 | 81 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & NO_SESSIONS) |
| 16340 | 82 return FALSE; |
| 16341 | 83 else |
| 16342 | 84 return TRUE; |
| 16343 | 85 } |
| 16344 | |
| 16345 | |
| 16346 | 9.4.3.7 IsHandleInResponse() |
| 16347 | |
| 16348 | 86 BOOL |
| 16349 | 87 IsHandleInResponse( |
| 16350 | 88 TPM_CC commandCode |
| 16351 | 89 ) |
| 16352 | 90 { |
| 16353 | 91 if(s_commandAttributes[commandCode - TPM_CC_FIRST] & R_HANDLE) |
| 16354 | 92 return TRUE; |
| 16355 | 93 else |
| 16356 | 94 return FALSE; |
| 16357 | |
| 16358 | |
| 16359 | Page 226 TCG Published Family "2.0" |
| 16360 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 16361 | Part 4: Supporting Routines Trusted Platform Module Library |
| 16362 | |
| 16363 | 95 } |
| 16364 | |
| 16365 | |
| 16366 | 9.4.3.8 IsWriteOperation() |
| 16367 | |
| 16368 | Checks to see if an operation will write to NV memory |
| 16369 | |
| 16370 | 96 BOOL |
| 16371 | 97 IsWriteOperation( |
| 16372 | 98 TPM_CC command // IN: Command to check |
| 16373 | 99 ) |
| 16374 | 100 { |
| 16375 | 101 switch (command) |
| 16376 | 102 { |
| 16377 | 103 case TPM_CC_NV_Write: |
| 16378 | 104 case TPM_CC_NV_Increment: |
| 16379 | 105 case TPM_CC_NV_SetBits: |
| 16380 | 106 case TPM_CC_NV_Extend: |
| 16381 | 107 // Nv write lock counts as a write operation for authorization purposes. |
| 16382 | 108 // We check to see if the NV is write locked before we do the authorization |
| 16383 | 109 // If it is locked, we fail the command early. |
| 16384 | 110 case TPM_CC_NV_WriteLock: |
| 16385 | 111 return TRUE; |
| 16386 | 112 default: |
| 16387 | 113 break; |
| 16388 | 114 } |
| 16389 | 115 return FALSE; |
| 16390 | 116 } |
| 16391 | |
| 16392 | |
| 16393 | 9.4.3.9 IsReadOperation() |
| 16394 | |
| 16395 | Checks to see if an operation will write to NV memory |
| 16396 | |
| 16397 | 117 BOOL |
| 16398 | 118 IsReadOperation( |
| 16399 | 119 TPM_CC command // IN: Command to check |
| 16400 | 120 ) |
| 16401 | 121 { |
| 16402 | 122 switch (command) |
| 16403 | 123 { |
| 16404 | 124 case TPM_CC_NV_Read: |
| 16405 | 125 case TPM_CC_PolicyNV: |
| 16406 | 126 case TPM_CC_NV_Certify: |
| 16407 | 127 // Nv read lock counts as a read operation for authorization purposes. |
| 16408 | 128 // We check to see if the NV is read locked before we do the authorization |
| 16409 | 129 // If it is locked, we fail the command early. |
| 16410 | 130 case TPM_CC_NV_ReadLock: |
| 16411 | 131 return TRUE; |
| 16412 | 132 default: |
| 16413 | 133 break; |
| 16414 | 134 } |
| 16415 | 135 return FALSE; |
| 16416 | 136 } |
| 16417 | |
| 16418 | |
| 16419 | 9.4.3.10 CommandCapGetCCList() |
| 16420 | |
| 16421 | This function returns a list of implemented commands and command attributes starting from the |
| 16422 | command in commandCode. |
| 16423 | |
| 16424 | |
| 16425 | |
| 16426 | |
| 16427 | Family "2.0" TCG Published Page 227 |
| 16428 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 16429 | Trusted Platform Module Library Part 4: Supporting Routines |
| 16430 | |
| 16431 | |
| 16432 | Return Value Meaning |
| 16433 | |
| 16434 | YES more command attributes are available |
| 16435 | NO no more command attributes are available |
| 16436 | |
| 16437 | 137 TPMI_YES_NO |
| 16438 | 138 CommandCapGetCCList( |
| 16439 | 139 TPM_CC commandCode, // IN: start command code |
| 16440 | 140 UINT32 count, // IN: maximum count for number of entries in |
| 16441 | 141 // 'commandList' |
| 16442 | 142 TPML_CCA *commandList // OUT: list of TPMA_CC |
| 16443 | 143 ) |
| 16444 | 144 { |
| 16445 | 145 TPMI_YES_NO more = NO; |
| 16446 | 146 UINT32 i; |
| 16447 | 147 |
| 16448 | 148 // initialize output handle list count |
| 16449 | 149 commandList->count = 0; |
| 16450 | 150 |
| 16451 | 151 // The maximum count of commands that may be return is MAX_CAP_CC. |
| 16452 | 152 if(count > MAX_CAP_CC) count = MAX_CAP_CC; |
| 16453 | 153 |
| 16454 | 154 // If the command code is smaller than TPM_CC_FIRST, start from TPM_CC_FIRST |
| 16455 | 155 if(commandCode < TPM_CC_FIRST) commandCode = TPM_CC_FIRST; |
| 16456 | 156 |
| 16457 | 157 // Collect command attributes |
| 16458 | 158 for(i = commandCode; i <= TPM_CC_LAST; i++) |
| 16459 | 159 { |
| 16460 | 160 if(CommandIsImplemented(i)) |
| 16461 | 161 { |
| 16462 | 162 if(commandList->count < count) |
| 16463 | 163 { |
| 16464 | 164 // If the list is not full, add the attributes for this command. |
| 16465 | 165 commandList->commandAttributes[commandList->count] |
| 16466 | 166 = CommandGetAttribute(i); |
| 16467 | 167 commandList->count++; |
| 16468 | 168 } |
| 16469 | 169 else |
| 16470 | 170 { |
| 16471 | 171 // If the list is full but there are more commands to report, |
| 16472 | 172 // indicate this and return. |
| 16473 | 173 more = YES; |
| 16474 | 174 break; |
| 16475 | 175 } |
| 16476 | 176 } |
| 16477 | 177 } |
| 16478 | 178 return more; |
| 16479 | 179 } |
| 16480 | |
| 16481 | |
| 16482 | 9.5 DRTM.c |
| 16483 | |
| 16484 | 9.5.1 Description |
| 16485 | |
| 16486 | This file contains functions that simulate the DRTM events. Its primary purpose is to isolate the name |
| 16487 | space of the simulator from the name space of the TPM. This is only an issue with the parameters to |
| 16488 | _TPM_Hash_Data(). |
| 16489 | |
| 16490 | 9.5.2 Includes |
| 16491 | |
| 16492 | 1 #include "InternalRoutines.h" |
| 16493 | |
| 16494 | |
| 16495 | Page 228 TCG Published Family "2.0" |
| 16496 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 16497 | Part 4: Supporting Routines Trusted Platform Module Library |
| 16498 | |
| 16499 | 9.5.3 Functions |
| 16500 | |
| 16501 | 9.5.3.1 Signal_Hash_Start() |
| 16502 | |
| 16503 | This function interfaces between the platform code and _TPM_Hash_Start(). |
| 16504 | |
| 16505 | 2 LIB_EXPORT void |
| 16506 | 3 Signal_Hash_Start( |
| 16507 | 4 void |
| 16508 | 5 ) |
| 16509 | 6 { |
| 16510 | 7 _TPM_Hash_Start(); |
| 16511 | 8 return; |
| 16512 | 9 } |
| 16513 | |
| 16514 | |
| 16515 | 9.5.3.2 Signal_Hash_Data() |
| 16516 | |
| 16517 | This function interfaces between the platform code and _TPM_Hash_Data(). |
| 16518 | |
| 16519 | 10 LIB_EXPORT void |
| 16520 | 11 Signal_Hash_Data( |
| 16521 | 12 unsigned int size, |
| 16522 | 13 unsigned char *buffer |
| 16523 | 14 ) |
| 16524 | 15 { |
| 16525 | 16 _TPM_Hash_Data(size, buffer); |
| 16526 | 17 return; |
| 16527 | 18 } |
| 16528 | |
| 16529 | |
| 16530 | 9.5.3.3 Signal_Hash_End() |
| 16531 | |
| 16532 | This function interfaces between the platform code and _TPM_Hash_End(). |
| 16533 | |
| 16534 | 19 LIB_EXPORT void |
| 16535 | 20 Signal_Hash_End( |
| 16536 | 21 void |
| 16537 | 22 ) |
| 16538 | 23 { |
| 16539 | 24 _TPM_Hash_End(); |
| 16540 | 25 return; |
| 16541 | 26 } |
| 16542 | |
| 16543 | |
| 16544 | 9.6 Entity.c |
| 16545 | |
| 16546 | 9.6.1 Description |
| 16547 | |
| 16548 | The functions in this file are used for accessing properties for handles of various types. Functions in other |
| 16549 | files require handles of a specific type but the functions in this file allow use of any handle type. |
| 16550 | |
| 16551 | 9.6.2 Includes |
| 16552 | |
| 16553 | 1 #include "InternalRoutines.h" |
| 16554 | |
| 16555 | |
| 16556 | |
| 16557 | |
| 16558 | Family "2.0" TCG Published Page 229 |
| 16559 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 16560 | Trusted Platform Module Library Part 4: Supporting Routines |
| 16561 | |
| 16562 | 9.6.3 Functions |
| 16563 | |
| 16564 | 9.6.3.1 EntityGetLoadStatus() |
| 16565 | |
| 16566 | This function will indicate if the entity associated with a handle is present in TPM memory. If the handle is |
| 16567 | a persistent object handle, and the object exists, the persistent object is moved from NV memory into a |
| 16568 | RAM object slot and the persistent handle is replaced with the transient object handle for the slot. |
| 16569 | |
| 16570 | Error Returns Meaning |
| 16571 | |
| 16572 | TPM_RC_HANDLE handle type does not match |
| 16573 | TPM_RC_REFERENCE_H0 entity is not present |
| 16574 | TPM_RC_HIERARCHY entity belongs to a disabled hierarchy |
| 16575 | TPM_RC_OBJECT_MEMORY handle is an evict object but there is no space to load it to RAM |
| 16576 | |
| 16577 | 2 TPM_RC |
| 16578 | 3 EntityGetLoadStatus( |
| 16579 | 4 TPM_HANDLE *handle, // IN/OUT: handle of the entity |
| 16580 | 5 TPM_CC commandCode // IN: the commmandCode |
| 16581 | 6 ) |
| 16582 | 7 { |
| 16583 | 8 TPM_RC result = TPM_RC_SUCCESS; |
| 16584 | 9 |
| 16585 | 10 switch(HandleGetType(*handle)) |
| 16586 | 11 { |
| 16587 | 12 // For handles associated with hierarchies, the entity is present |
| 16588 | 13 // only if the associated enable is SET. |
| 16589 | 14 case TPM_HT_PERMANENT: |
| 16590 | 15 switch(*handle) |
| 16591 | 16 { |
| 16592 | 17 case TPM_RH_OWNER: |
| 16593 | 18 if(!gc.shEnable) |
| 16594 | 19 result = TPM_RC_HIERARCHY; |
| 16595 | 20 break; |
| 16596 | 21 |
| 16597 | 22 #ifdef VENDOR_PERMANENT |
| 16598 | 23 case VENDOR_PERMANENT: |
| 16599 | 24 #endif |
| 16600 | 25 case TPM_RH_ENDORSEMENT: |
| 16601 | 26 if(!gc.ehEnable) |
| 16602 | 27 result = TPM_RC_HIERARCHY; |
| 16603 | 28 break; |
| 16604 | 29 case TPM_RH_PLATFORM: |
| 16605 | 30 if(!g_phEnable) |
| 16606 | 31 result = TPM_RC_HIERARCHY; |
| 16607 | 32 break; |
| 16608 | 33 // null handle, PW session handle and lockout |
| 16609 | 34 // handle are always available |
| 16610 | 35 case TPM_RH_NULL: |
| 16611 | 36 case TPM_RS_PW: |
| 16612 | 37 case TPM_RH_LOCKOUT: |
| 16613 | 38 break; |
| 16614 | 39 default: |
| 16615 | 40 // handling of the manufacture_specific handles |
| 16616 | 41 if( ((TPM_RH)*handle >= TPM_RH_AUTH_00) |
| 16617 | 42 && ((TPM_RH)*handle <= TPM_RH_AUTH_FF)) |
| 16618 | 43 // use the value that would have been returned from |
| 16619 | 44 // unmarshaling if it did the handle filtering |
| 16620 | 45 result = TPM_RC_VALUE; |
| 16621 | 46 else |
| 16622 | 47 pAssert(FALSE); |
| 16623 | 48 break; |
| 16624 | |
| 16625 | Page 230 TCG Published Family "2.0" |
| 16626 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 16627 | Part 4: Supporting Routines Trusted Platform Module Library |
| 16628 | |
| 16629 | 49 } |
| 16630 | 50 break; |
| 16631 | 51 case TPM_HT_TRANSIENT: |
| 16632 | 52 // For a transient object, check if the handle is associated |
| 16633 | 53 // with a loaded object. |
| 16634 | 54 if(!ObjectIsPresent(*handle)) |
| 16635 | 55 result = TPM_RC_REFERENCE_H0; |
| 16636 | 56 break; |
| 16637 | 57 case TPM_HT_PERSISTENT: |
| 16638 | 58 // Persistent object |
| 16639 | 59 // Copy the persistent object to RAM and replace the handle with the |
| 16640 | 60 // handle of the assigned slot. A TPM_RC_OBJECT_MEMORY, |
| 16641 | 61 // TPM_RC_HIERARCHY or TPM_RC_REFERENCE_H0 error may be returned by |
| 16642 | 62 // ObjectLoadEvict() |
| 16643 | 63 result = ObjectLoadEvict(handle, commandCode); |
| 16644 | 64 break; |
| 16645 | 65 case TPM_HT_HMAC_SESSION: |
| 16646 | 66 // For an HMAC session, see if the session is loaded |
| 16647 | 67 // and if the session in the session slot is actually |
| 16648 | 68 // an HMAC session. |
| 16649 | 69 if(SessionIsLoaded(*handle)) |
| 16650 | 70 { |
| 16651 | 71 SESSION *session; |
| 16652 | 72 session = SessionGet(*handle); |
| 16653 | 73 // Check if the session is a HMAC session |
| 16654 | 74 if(session->attributes.isPolicy == SET) |
| 16655 | 75 result = TPM_RC_HANDLE; |
| 16656 | 76 } |
| 16657 | 77 else |
| 16658 | 78 result = TPM_RC_REFERENCE_H0; |
| 16659 | 79 break; |
| 16660 | 80 case TPM_HT_POLICY_SESSION: |
| 16661 | 81 // For a policy session, see if the session is loaded |
| 16662 | 82 // and if the session in the session slot is actually |
| 16663 | 83 // a policy session. |
| 16664 | 84 if(SessionIsLoaded(*handle)) |
| 16665 | 85 { |
| 16666 | 86 SESSION *session; |
| 16667 | 87 session = SessionGet(*handle); |
| 16668 | 88 // Check if the session is a policy session |
| 16669 | 89 if(session->attributes.isPolicy == CLEAR) |
| 16670 | 90 result = TPM_RC_HANDLE; |
| 16671 | 91 } |
| 16672 | 92 else |
| 16673 | 93 result = TPM_RC_REFERENCE_H0; |
| 16674 | 94 break; |
| 16675 | 95 case TPM_HT_NV_INDEX: |
| 16676 | 96 // For an NV Index, use the platform-specific routine |
| 16677 | 97 // to search the IN Index space. |
| 16678 | 98 result = NvIndexIsAccessible(*handle, commandCode); |
| 16679 | 99 break; |
| 16680 | 100 case TPM_HT_PCR: |
| 16681 | 101 // Any PCR handle that is unmarshaled successfully referenced |
| 16682 | 102 // a PCR that is defined. |
| 16683 | 103 break; |
| 16684 | 104 default: |
| 16685 | 105 // Any other handle type is a defect in the unmarshaling code. |
| 16686 | 106 pAssert(FALSE); |
| 16687 | 107 break; |
| 16688 | 108 } |
| 16689 | 109 return result; |
| 16690 | 110 } |
| 16691 | |
| 16692 | |
| 16693 | |
| 16694 | |
| 16695 | Family "2.0" TCG Published Page 231 |
| 16696 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 16697 | Trusted Platform Module Library Part 4: Supporting Routines |
| 16698 | |
| 16699 | 9.6.3.2 EntityGetAuthValue() |
| 16700 | |
| 16701 | This function is used to access the authValue associated with a handle. This function assumes that the |
| 16702 | handle references an entity that is accessible and the handle is not for a persistent objects. That is |
| 16703 | EntityGetLoadStatus() should have been called. Also, the accessibility of the authValue should have been |
| 16704 | verified by IsAuthValueAvailable(). |
| 16705 | This function copies the authorization value of the entity to auth. |
| 16706 | Return value is the number of octets copied to auth. |
| 16707 | |
| 16708 | 111 UINT16 |
| 16709 | 112 EntityGetAuthValue( |
| 16710 | 113 TPMI_DH_ENTITY handle, // IN: handle of entity |
| 16711 | 114 AUTH_VALUE *auth // OUT: authValue of the entity |
| 16712 | 115 ) |
| 16713 | 116 { |
| 16714 | 117 TPM2B_AUTH authValue = {0}; |
| 16715 | 118 |
| 16716 | 119 switch(HandleGetType(handle)) |
| 16717 | 120 { |
| 16718 | 121 case TPM_HT_PERMANENT: |
| 16719 | 122 switch(handle) |
| 16720 | 123 { |
| 16721 | 124 case TPM_RH_OWNER: |
| 16722 | 125 // ownerAuth for TPM_RH_OWNER |
| 16723 | 126 authValue = gp.ownerAuth; |
| 16724 | 127 break; |
| 16725 | 128 case TPM_RH_ENDORSEMENT: |
| 16726 | 129 // endorsementAuth for TPM_RH_ENDORSEMENT |
| 16727 | 130 authValue = gp.endorsementAuth; |
| 16728 | 131 break; |
| 16729 | 132 case TPM_RH_PLATFORM: |
| 16730 | 133 // platformAuth for TPM_RH_PLATFORM |
| 16731 | 134 authValue = gc.platformAuth; |
| 16732 | 135 break; |
| 16733 | 136 case TPM_RH_LOCKOUT: |
| 16734 | 137 // lockoutAuth for TPM_RH_LOCKOUT |
| 16735 | 138 authValue = gp.lockoutAuth; |
| 16736 | 139 break; |
| 16737 | 140 case TPM_RH_NULL: |
| 16738 | 141 // nullAuth for TPM_RH_NULL. Return 0 directly here |
| 16739 | 142 return 0; |
| 16740 | 143 break; |
| 16741 | 144 #ifdef VENDOR_PERMANENT |
| 16742 | 145 case VENDOR_PERMANENT: |
| 16743 | 146 // vendor auth value |
| 16744 | 147 authValue = g_platformUniqueDetails; |
| 16745 | 148 #endif |
| 16746 | 149 default: |
| 16747 | 150 // If any other permanent handle is present it is |
| 16748 | 151 // a code defect. |
| 16749 | 152 pAssert(FALSE); |
| 16750 | 153 break; |
| 16751 | 154 } |
| 16752 | 155 break; |
| 16753 | 156 case TPM_HT_TRANSIENT: |
| 16754 | 157 // authValue for an object |
| 16755 | 158 // A persistent object would have been copied into RAM |
| 16756 | 159 // and would have an transient object handle here. |
| 16757 | 160 { |
| 16758 | 161 OBJECT *object; |
| 16759 | 162 object = ObjectGet(handle); |
| 16760 | 163 // special handling if this is a sequence object |
| 16761 | 164 if(ObjectIsSequence(object)) |
| 16762 | |
| 16763 | Page 232 TCG Published Family "2.0" |
| 16764 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 16765 | Part 4: Supporting Routines Trusted Platform Module Library |
| 16766 | |
| 16767 | 165 { |
| 16768 | 166 authValue = ((HASH_OBJECT *)object)->auth; |
| 16769 | 167 } |
| 16770 | 168 else |
| 16771 | 169 { |
| 16772 | 170 // Auth value is available only when the private portion of |
| 16773 | 171 // the object is loaded. The check should be made before |
| 16774 | 172 // this function is called |
| 16775 | 173 pAssert(object->attributes.publicOnly == CLEAR); |
| 16776 | 174 authValue = object->sensitive.authValue; |
| 16777 | 175 } |
| 16778 | 176 } |
| 16779 | 177 break; |
| 16780 | 178 case TPM_HT_NV_INDEX: |
| 16781 | 179 // authValue for an NV index |
| 16782 | 180 { |
| 16783 | 181 NV_INDEX nvIndex; |
| 16784 | 182 NvGetIndexInfo(handle, &nvIndex); |
| 16785 | 183 authValue = nvIndex.authValue; |
| 16786 | 184 } |
| 16787 | 185 break; |
| 16788 | 186 case TPM_HT_PCR: |
| 16789 | 187 // authValue for PCR |
| 16790 | 188 PCRGetAuthValue(handle, &authValue); |
| 16791 | 189 break; |
| 16792 | 190 default: |
| 16793 | 191 // If any other handle type is present here, then there is a defect |
| 16794 | 192 // in the unmarshaling code. |
| 16795 | 193 pAssert(FALSE); |
| 16796 | 194 break; |
| 16797 | 195 } |
| 16798 | 196 |
| 16799 | 197 // Copy the authValue |
| 16800 | 198 pAssert(authValue.t.size <= sizeof(authValue.t.buffer)); |
| 16801 | 199 MemoryCopy(auth, authValue.t.buffer, authValue.t.size, sizeof(TPMU_HA)); |
| 16802 | 200 |
| 16803 | 201 return authValue.t.size; |
| 16804 | 202 } |
| 16805 | |
| 16806 | |
| 16807 | 9.6.3.3 EntityGetAuthPolicy() |
| 16808 | |
| 16809 | This function is used to access the authPolicy associated with a handle. This function assumes that the |
| 16810 | handle references an entity that is accessible and the handle is not for a persistent objects. That is |
| 16811 | EntityGetLoadStatus() should have been called. Also, the accessibility of the authPolicy should have |
| 16812 | been verified by IsAuthPolicyAvailable(). |
| 16813 | This function copies the authorization policy of the entity to authPolicy. |
| 16814 | The return value is the hash algorithm for the policy. |
| 16815 | |
| 16816 | 203 TPMI_ALG_HASH |
| 16817 | 204 EntityGetAuthPolicy( |
| 16818 | 205 TPMI_DH_ENTITY handle, // IN: handle of entity |
| 16819 | 206 TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity |
| 16820 | 207 ) |
| 16821 | 208 { |
| 16822 | 209 TPMI_ALG_HASH hashAlg = TPM_ALG_NULL; |
| 16823 | 210 |
| 16824 | 211 switch(HandleGetType(handle)) |
| 16825 | 212 { |
| 16826 | 213 case TPM_HT_PERMANENT: |
| 16827 | 214 switch(handle) |
| 16828 | 215 { |
| 16829 | 216 case TPM_RH_OWNER: |
| 16830 | |
| 16831 | |
| 16832 | Family "2.0" TCG Published Page 233 |
| 16833 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 16834 | Trusted Platform Module Library Part 4: Supporting Routines |
| 16835 | |
| 16836 | 217 // ownerPolicy for TPM_RH_OWNER |
| 16837 | 218 *authPolicy = gp.ownerPolicy; |
| 16838 | 219 hashAlg = gp.ownerAlg; |
| 16839 | 220 break; |
| 16840 | 221 case TPM_RH_ENDORSEMENT: |
| 16841 | 222 // endorsementPolicy for TPM_RH_ENDORSEMENT |
| 16842 | 223 *authPolicy = gp.endorsementPolicy; |
| 16843 | 224 hashAlg = gp.endorsementAlg; |
| 16844 | 225 break; |
| 16845 | 226 case TPM_RH_PLATFORM: |
| 16846 | 227 // platformPolicy for TPM_RH_PLATFORM |
| 16847 | 228 *authPolicy = gc.platformPolicy; |
| 16848 | 229 hashAlg = gc.platformAlg; |
| 16849 | 230 break; |
| 16850 | 231 case TPM_RH_LOCKOUT: |
| 16851 | 232 // lockoutPolicy for TPM_RH_LOCKOUT |
| 16852 | 233 *authPolicy = gp.lockoutPolicy; |
| 16853 | 234 hashAlg = gp.lockoutAlg; |
| 16854 | 235 break; |
| 16855 | 236 default: |
| 16856 | 237 // If any other permanent handle is present it is |
| 16857 | 238 // a code defect. |
| 16858 | 239 pAssert(FALSE); |
| 16859 | 240 break; |
| 16860 | 241 } |
| 16861 | 242 break; |
| 16862 | 243 case TPM_HT_TRANSIENT: |
| 16863 | 244 // authPolicy for an object |
| 16864 | 245 { |
| 16865 | 246 OBJECT *object = ObjectGet(handle); |
| 16866 | 247 *authPolicy = object->publicArea.authPolicy; |
| 16867 | 248 hashAlg = object->publicArea.nameAlg; |
| 16868 | 249 } |
| 16869 | 250 break; |
| 16870 | 251 case TPM_HT_NV_INDEX: |
| 16871 | 252 // authPolicy for a NV index |
| 16872 | 253 { |
| 16873 | 254 NV_INDEX nvIndex; |
| 16874 | 255 NvGetIndexInfo(handle, &nvIndex); |
| 16875 | 256 *authPolicy = nvIndex.publicArea.authPolicy; |
| 16876 | 257 hashAlg = nvIndex.publicArea.nameAlg; |
| 16877 | 258 } |
| 16878 | 259 break; |
| 16879 | 260 case TPM_HT_PCR: |
| 16880 | 261 // authPolicy for a PCR |
| 16881 | 262 hashAlg = PCRGetAuthPolicy(handle, authPolicy); |
| 16882 | 263 break; |
| 16883 | 264 default: |
| 16884 | 265 // If any other handle type is present it is a code defect. |
| 16885 | 266 pAssert(FALSE); |
| 16886 | 267 break; |
| 16887 | 268 } |
| 16888 | 269 return hashAlg; |
| 16889 | 270 } |
| 16890 | |
| 16891 | |
| 16892 | 9.6.3.4 EntityGetName() |
| 16893 | |
| 16894 | This function returns the Name associated with a handle. It will set name to the Name and return the size |
| 16895 | of the Name string. |
| 16896 | |
| 16897 | 271 UINT16 |
| 16898 | 272 EntityGetName( |
| 16899 | 273 TPMI_DH_ENTITY handle, // IN: handle of entity |
| 16900 | 274 NAME *name // OUT: name of entity |
| 16901 | |
| 16902 | Page 234 TCG Published Family "2.0" |
| 16903 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 16904 | Part 4: Supporting Routines Trusted Platform Module Library |
| 16905 | |
| 16906 | 275 ) |
| 16907 | 276 { |
| 16908 | 277 UINT16 nameSize; |
| 16909 | 278 |
| 16910 | 279 switch(HandleGetType(handle)) |
| 16911 | 280 { |
| 16912 | 281 case TPM_HT_TRANSIENT: |
| 16913 | 282 // Name for an object |
| 16914 | 283 nameSize = ObjectGetName(handle, name); |
| 16915 | 284 break; |
| 16916 | 285 case TPM_HT_NV_INDEX: |
| 16917 | 286 // Name for a NV index |
| 16918 | 287 nameSize = NvGetName(handle, name); |
| 16919 | 288 break; |
| 16920 | 289 default: |
| 16921 | 290 // For all other types, the handle is the Name |
| 16922 | 291 nameSize = TPM_HANDLE_Marshal(&handle, (BYTE **)&name, NULL); |
| 16923 | 292 break; |
| 16924 | 293 } |
| 16925 | 294 return nameSize; |
| 16926 | 295 } |
| 16927 | |
| 16928 | |
| 16929 | 9.6.3.5 EntityGetHierarchy() |
| 16930 | |
| 16931 | This function returns the hierarchy handle associated with an entity. |
| 16932 | a) A handle that is a hierarchy handle is associated with itself. |
| 16933 | b) An NV index belongs to TPM_RH_PLATFORM if TPMA_NV_PLATFORMCREATE, is SET, |
| 16934 | otherwise it belongs to TPM_RH_OWNER |
| 16935 | c) An object handle belongs to its hierarchy. All other handles belong to the platform hierarchy. or an NV |
| 16936 | Index. |
| 16937 | |
| 16938 | 296 TPMI_RH_HIERARCHY |
| 16939 | 297 EntityGetHierarchy( |
| 16940 | 298 TPMI_DH_ENTITY handle // IN :handle of entity |
| 16941 | 299 ) |
| 16942 | 300 { |
| 16943 | 301 TPMI_RH_HIERARCHY hierarcy = TPM_RH_NULL; |
| 16944 | 302 |
| 16945 | 303 switch(HandleGetType(handle)) |
| 16946 | 304 { |
| 16947 | 305 case TPM_HT_PERMANENT: |
| 16948 | 306 // hierarchy for a permanent handle |
| 16949 | 307 switch(handle) |
| 16950 | 308 { |
| 16951 | 309 case TPM_RH_PLATFORM: |
| 16952 | 310 case TPM_RH_ENDORSEMENT: |
| 16953 | 311 case TPM_RH_NULL: |
| 16954 | 312 hierarcy = handle; |
| 16955 | 313 break; |
| 16956 | 314 // all other permanent handles are associated with the owner |
| 16957 | 315 // hierarchy. (should only be TPM_RH_OWNER and TPM_RH_LOCKOUT) |
| 16958 | 316 default: |
| 16959 | 317 hierarcy = TPM_RH_OWNER; |
| 16960 | 318 break; |
| 16961 | 319 } |
| 16962 | 320 break; |
| 16963 | 321 case TPM_HT_NV_INDEX: |
| 16964 | 322 // hierarchy for NV index |
| 16965 | 323 { |
| 16966 | 324 NV_INDEX nvIndex; |
| 16967 | 325 NvGetIndexInfo(handle, &nvIndex); |
| 16968 | 326 // If only the platform can delete the index, then it is |
| 16969 | |
| 16970 | Family "2.0" TCG Published Page 235 |
| 16971 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 16972 | Trusted Platform Module Library Part 4: Supporting Routines |
| 16973 | |
| 16974 | 327 // considered to be in the platform hierarchy, otherwise it |
| 16975 | 328 // is in the owner hierarchy. |
| 16976 | 329 if(nvIndex.publicArea.attributes.TPMA_NV_PLATFORMCREATE == SET) |
| 16977 | 330 hierarcy = TPM_RH_PLATFORM; |
| 16978 | 331 else |
| 16979 | 332 hierarcy = TPM_RH_OWNER; |
| 16980 | 333 } |
| 16981 | 334 break; |
| 16982 | 335 case TPM_HT_TRANSIENT: |
| 16983 | 336 // hierarchy for an object |
| 16984 | 337 { |
| 16985 | 338 OBJECT *object; |
| 16986 | 339 object = ObjectGet(handle); |
| 16987 | 340 if(object->attributes.ppsHierarchy) |
| 16988 | 341 { |
| 16989 | 342 hierarcy = TPM_RH_PLATFORM; |
| 16990 | 343 } |
| 16991 | 344 else if(object->attributes.epsHierarchy) |
| 16992 | 345 { |
| 16993 | 346 hierarcy = TPM_RH_ENDORSEMENT; |
| 16994 | 347 } |
| 16995 | 348 else if(object->attributes.spsHierarchy) |
| 16996 | 349 { |
| 16997 | 350 hierarcy = TPM_RH_OWNER; |
| 16998 | 351 } |
| 16999 | 352 |
| 17000 | 353 } |
| 17001 | 354 break; |
| 17002 | 355 case TPM_HT_PCR: |
| 17003 | 356 hierarcy = TPM_RH_OWNER; |
| 17004 | 357 break; |
| 17005 | 358 default: |
| 17006 | 359 pAssert(0); |
| 17007 | 360 break; |
| 17008 | 361 } |
| 17009 | 362 // this is unreachable but it provides a return value for the default |
| 17010 | 363 // case which makes the complier happy |
| 17011 | 364 return hierarcy; |
| 17012 | 365 } |
| 17013 | |
| 17014 | |
| 17015 | 9.7 Global.c |
| 17016 | |
| 17017 | 9.7.1 Description |
| 17018 | |
| 17019 | This file will instance the TPM variables that are not stack allocated. The descriptions for these variables |
| 17020 | is in Global.h. |
| 17021 | |
| 17022 | 9.7.2 Includes and Defines |
| 17023 | |
| 17024 | 1 #define GLOBAL_C |
| 17025 | 2 #include "InternalRoutines.h" |
| 17026 | |
| 17027 | |
| 17028 | 9.7.3 Global Data Values |
| 17029 | |
| 17030 | These values are visible across multiple modules. |
| 17031 | |
| 17032 | 3 BOOL g_phEnable; |
| 17033 | 4 const UINT16 g_rcIndex[15] = {TPM_RC_1, TPM_RC_2, TPM_RC_3, TPM_RC_4, |
| 17034 | 5 TPM_RC_5, TPM_RC_6, TPM_RC_7, TPM_RC_8, |
| 17035 | 6 TPM_RC_9, TPM_RC_A, TPM_RC_B, TPM_RC_C, |
| 17036 | 7 TPM_RC_D, TPM_RC_E, TPM_RC_F |
| 17037 | |
| 17038 | Page 236 TCG Published Family "2.0" |
| 17039 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 17040 | Part 4: Supporting Routines Trusted Platform Module Library |
| 17041 | |
| 17042 | 8 }; |
| 17043 | 9 TPM_HANDLE g_exclusiveAuditSession; |
| 17044 | 10 UINT64 g_time; |
| 17045 | 11 BOOL g_pcrReConfig; |
| 17046 | 12 TPMI_DH_OBJECT g_DRTMHandle; |
| 17047 | 13 BOOL g_DrtmPreStartup; |
| 17048 | 14 BOOL g_StartupLocality3; |
| 17049 | 15 BOOL g_clearOrderly; |
| 17050 | 16 TPM_SU g_prevOrderlyState; |
| 17051 | 17 BOOL g_updateNV; |
| 17052 | 18 BOOL g_nvOk; |
| 17053 | 19 TPM2B_AUTH g_platformUniqueDetails; |
| 17054 | 20 STATE_CLEAR_DATA gc; |
| 17055 | 21 STATE_RESET_DATA gr; |
| 17056 | 22 PERSISTENT_DATA gp; |
| 17057 | 23 ORDERLY_DATA go; |
| 17058 | |
| 17059 | |
| 17060 | 9.7.4 Private Values |
| 17061 | |
| 17062 | 9.7.4.1 SessionProcess.c |
| 17063 | |
| 17064 | 24 #ifndef __IGNORE_STATE__ // DO NOT DEFINE THIS VALUE |
| 17065 | |
| 17066 | These values do not need to be retained between commands. |
| 17067 | |
| 17068 | 25 TPM_HANDLE s_sessionHandles[MAX_SESSION_NUM]; |
| 17069 | 26 TPMA_SESSION s_attributes[MAX_SESSION_NUM]; |
| 17070 | 27 TPM_HANDLE s_associatedHandles[MAX_SESSION_NUM]; |
| 17071 | 28 TPM2B_NONCE s_nonceCaller[MAX_SESSION_NUM]; |
| 17072 | 29 TPM2B_AUTH s_inputAuthValues[MAX_SESSION_NUM]; |
| 17073 | 30 UINT32 s_encryptSessionIndex; |
| 17074 | 31 UINT32 s_decryptSessionIndex; |
| 17075 | 32 UINT32 s_auditSessionIndex; |
| 17076 | 33 TPM2B_DIGEST s_cpHashForAudit; |
| 17077 | 34 UINT32 s_sessionNum; |
| 17078 | 35 #endif // __IGNORE_STATE__ |
| 17079 | 36 BOOL s_DAPendingOnNV; |
| 17080 | 37 #ifdef TPM_CC_GetCommandAuditDigest |
| 17081 | 38 TPM2B_DIGEST s_cpHashForCommandAudit; |
| 17082 | 39 #endif |
| 17083 | |
| 17084 | |
| 17085 | 9.7.4.2 DA.c |
| 17086 | |
| 17087 | 40 UINT64 s_selfHealTimer; |
| 17088 | 41 UINT64 s_lockoutTimer; |
| 17089 | |
| 17090 | |
| 17091 | 9.7.4.3 NV.c |
| 17092 | |
| 17093 | 42 UINT32 s_reservedAddr[NV_RESERVE_LAST]; |
| 17094 | 43 UINT32 s_reservedSize[NV_RESERVE_LAST]; |
| 17095 | 44 UINT32 s_ramIndexSize; |
| 17096 | 45 BYTE s_ramIndex[RAM_INDEX_SPACE]; |
| 17097 | 46 UINT32 s_ramIndexSizeAddr; |
| 17098 | 47 UINT32 s_ramIndexAddr; |
| 17099 | 48 UINT32 s_maxCountAddr; |
| 17100 | 49 UINT32 s_evictNvStart; |
| 17101 | 50 UINT32 s_evictNvEnd; |
| 17102 | 51 TPM_RC s_NvStatus; |
| 17103 | |
| 17104 | |
| 17105 | |
| 17106 | |
| 17107 | Family "2.0" TCG Published Page 237 |
| 17108 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 17109 | Trusted Platform Module Library Part 4: Supporting Routines |
| 17110 | |
| 17111 | 9.7.4.4 Object.c |
| 17112 | |
| 17113 | 52 OBJECT_SLOT s_objects[MAX_LOADED_OBJECTS]; |
| 17114 | |
| 17115 | |
| 17116 | 9.7.4.5 PCR.c |
| 17117 | |
| 17118 | 53 PCR s_pcrs[IMPLEMENTATION_PCR]; |
| 17119 | |
| 17120 | |
| 17121 | 9.7.4.6 Session.c |
| 17122 | |
| 17123 | 54 SESSION_SLOT s_sessions[MAX_LOADED_SESSIONS]; |
| 17124 | 55 UINT32 s_oldestSavedSession; |
| 17125 | 56 int s_freeSessionSlots; |
| 17126 | |
| 17127 | |
| 17128 | 9.7.4.7 Manufacture.c |
| 17129 | |
| 17130 | 57 BOOL g_manufactured = FALSE; |
| 17131 | |
| 17132 | |
| 17133 | 9.7.4.8 Power.c |
| 17134 | |
| 17135 | 58 BOOL s_initialized = FALSE; |
| 17136 | |
| 17137 | |
| 17138 | 9.7.4.9 MemoryLib.c |
| 17139 | |
| 17140 | The s_actionOutputBuffer should not be modifiable by the host system until the TPM has returned a |
| 17141 | response code. The s_actionOutputBuffer should not be accessible until response parameter encryption, |
| 17142 | if any, is complete. This memory is not used between commands |
| 17143 | |
| 17144 | 59 #ifndef __IGNORE_STATE__ // DO NOT DEFINE THIS VALUE |
| 17145 | 60 UINT32 s_actionInputBuffer[1024]; // action input buffer |
| 17146 | 61 UINT32 s_actionOutputBuffer[1024]; // action output buffer |
| 17147 | 62 BYTE s_responseBuffer[MAX_RESPONSE_SIZE];// response buffer |
| 17148 | 63 #endif |
| 17149 | |
| 17150 | |
| 17151 | 9.7.4.10 SelfTest.c |
| 17152 | |
| 17153 | Define these values here if the AlgorithmTests() project is not used |
| 17154 | |
| 17155 | 64 #ifndef SELF_TEST |
| 17156 | 65 ALGORITHM_VECTOR g_implementedAlgorithms; |
| 17157 | 66 ALGORITHM_VECTOR g_toTest; |
| 17158 | 67 #endif |
| 17159 | |
| 17160 | |
| 17161 | 9.7.4.11 TpmFail.c |
| 17162 | |
| 17163 | 68 jmp_buf g_jumpBuffer; |
| 17164 | 69 BOOL g_forceFailureMode; |
| 17165 | 70 BOOL g_inFailureMode; |
| 17166 | 71 UINT32 s_failFunction; |
| 17167 | 72 UINT32 s_failLine; |
| 17168 | 73 UINT32 s_failCode; |
| 17169 | |
| 17170 | |
| 17171 | |
| 17172 | |
| 17173 | Page 238 TCG Published Family "2.0" |
| 17174 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 17175 | Part 4: Supporting Routines Trusted Platform Module Library |
| 17176 | |
| 17177 | 9.8 Handle.c |
| 17178 | |
| 17179 | 9.8.1 Description |
| 17180 | |
| 17181 | This file contains the functions that return the type of a handle. |
| 17182 | |
| 17183 | 9.8.2 Includes |
| 17184 | |
| 17185 | 1 #include "Tpm.h" |
| 17186 | 2 #include "InternalRoutines.h" |
| 17187 | |
| 17188 | |
| 17189 | 9.8.3 Functions |
| 17190 | |
| 17191 | 9.8.3.1 HandleGetType() |
| 17192 | |
| 17193 | This function returns the type of a handle which is the MSO of the handle. |
| 17194 | |
| 17195 | 3 TPM_HT |
| 17196 | 4 HandleGetType( |
| 17197 | 5 TPM_HANDLE handle // IN: a handle to be checked |
| 17198 | 6 ) |
| 17199 | 7 { |
| 17200 | 8 // return the upper bytes of input data |
| 17201 | 9 return (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT); |
| 17202 | 10 } |
| 17203 | |
| 17204 | |
| 17205 | 9.8.3.2 NextPermanentHandle() |
| 17206 | |
| 17207 | This function returns the permanent handle that is equal to the input value or is the next higher value. If |
| 17208 | there is no handle with the input value and there is no next higher value, it returns 0: |
| 17209 | |
| 17210 | Return Value Meaning |
| 17211 | |
| 17212 | 11 TPM_HANDLE |
| 17213 | 12 NextPermanentHandle( |
| 17214 | 13 TPM_HANDLE inHandle // IN: the handle to check |
| 17215 | 14 ) |
| 17216 | 15 { |
| 17217 | 16 // If inHandle is below the start of the range of permanent handles |
| 17218 | 17 // set it to the start and scan from there |
| 17219 | 18 if(inHandle < TPM_RH_FIRST) |
| 17220 | 19 inHandle = TPM_RH_FIRST; |
| 17221 | 20 // scan from input value untill we find an implemented permanent handle |
| 17222 | 21 // or go out of range |
| 17223 | 22 for(; inHandle <= TPM_RH_LAST; inHandle++) |
| 17224 | 23 { |
| 17225 | 24 switch (inHandle) |
| 17226 | 25 { |
| 17227 | 26 case TPM_RH_OWNER: |
| 17228 | 27 case TPM_RH_NULL: |
| 17229 | 28 case TPM_RS_PW: |
| 17230 | 29 case TPM_RH_LOCKOUT: |
| 17231 | 30 case TPM_RH_ENDORSEMENT: |
| 17232 | 31 case TPM_RH_PLATFORM: |
| 17233 | 32 case TPM_RH_PLATFORM_NV: |
| 17234 | 33 #ifdef VENDOR_PERMANENT |
| 17235 | 34 case VENDOR_PERMANENT: |
| 17236 | 35 #endif |
| 17237 | 36 return inHandle; |
| 17238 | |
| 17239 | Family "2.0" TCG Published Page 239 |
| 17240 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 17241 | Trusted Platform Module Library Part 4: Supporting Routines |
| 17242 | |
| 17243 | 37 break; |
| 17244 | 38 default: |
| 17245 | 39 break; |
| 17246 | 40 } |
| 17247 | 41 } |
| 17248 | 42 // Out of range on the top |
| 17249 | 43 return 0; |
| 17250 | 44 } |
| 17251 | |
| 17252 | |
| 17253 | 9.8.3.3 PermanentCapGetHandles() |
| 17254 | |
| 17255 | This function returns a list of the permanent handles of PCR, started from handle. If handle is larger than |
| 17256 | the largest permanent handle, an empty list will be returned with more set to NO. |
| 17257 | |
| 17258 | Return Value Meaning |
| 17259 | |
| 17260 | YES if there are more handles available |
| 17261 | NO all the available handles has been returned |
| 17262 | |
| 17263 | 45 TPMI_YES_NO |
| 17264 | 46 PermanentCapGetHandles( |
| 17265 | 47 TPM_HANDLE handle, // IN: start handle |
| 17266 | 48 UINT32 count, // IN: count of returned handle |
| 17267 | 49 TPML_HANDLE *handleList // OUT: list of handle |
| 17268 | 50 ) |
| 17269 | 51 { |
| 17270 | 52 TPMI_YES_NO more = NO; |
| 17271 | 53 UINT32 i; |
| 17272 | 54 |
| 17273 | 55 pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); |
| 17274 | 56 |
| 17275 | 57 // Initialize output handle list |
| 17276 | 58 handleList->count = 0; |
| 17277 | 59 |
| 17278 | 60 // The maximum count of handles we may return is MAX_CAP_HANDLES |
| 17279 | 61 if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; |
| 17280 | 62 |
| 17281 | 63 // Iterate permanent handle range |
| 17282 | 64 for(i = NextPermanentHandle(handle); |
| 17283 | 65 i != 0; i = NextPermanentHandle(i+1)) |
| 17284 | 66 { |
| 17285 | 67 if(handleList->count < count) |
| 17286 | 68 { |
| 17287 | 69 // If we have not filled up the return list, add this permanent |
| 17288 | 70 // handle to it |
| 17289 | 71 handleList->handle[handleList->count] = i; |
| 17290 | 72 handleList->count++; |
| 17291 | 73 } |
| 17292 | 74 else |
| 17293 | 75 { |
| 17294 | 76 // If the return list is full but we still have permanent handle |
| 17295 | 77 // available, report this and stop iterating |
| 17296 | 78 more = YES; |
| 17297 | 79 break; |
| 17298 | 80 } |
| 17299 | 81 } |
| 17300 | 82 return more; |
| 17301 | 83 } |
| 17302 | |
| 17303 | |
| 17304 | |
| 17305 | |
| 17306 | Page 240 TCG Published Family "2.0" |
| 17307 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 17308 | Part 4: Supporting Routines Trusted Platform Module Library |
| 17309 | |
| 17310 | 9.9 Locality.c |
| 17311 | |
| 17312 | 9.9.1 Includes |
| 17313 | |
| 17314 | 1 #include "InternalRoutines.h" |
| 17315 | |
| 17316 | |
| 17317 | 9.9.2 LocalityGetAttributes() |
| 17318 | |
| 17319 | This function will convert a locality expressed as an integer into TPMA_LOCALITY form. |
| 17320 | The function returns the locality attribute. |
| 17321 | |
| 17322 | 2 TPMA_LOCALITY |
| 17323 | 3 LocalityGetAttributes( |
| 17324 | 4 UINT8 locality // IN: locality value |
| 17325 | 5 ) |
| 17326 | 6 { |
| 17327 | 7 TPMA_LOCALITY locality_attributes; |
| 17328 | 8 BYTE *localityAsByte = (BYTE *)&locality_attributes; |
| 17329 | 9 |
| 17330 | 10 MemorySet(&locality_attributes, 0, sizeof(TPMA_LOCALITY)); |
| 17331 | 11 switch(locality) |
| 17332 | 12 { |
| 17333 | 13 case 0: |
| 17334 | 14 locality_attributes.TPM_LOC_ZERO = SET; |
| 17335 | 15 break; |
| 17336 | 16 case 1: |
| 17337 | 17 locality_attributes.TPM_LOC_ONE = SET; |
| 17338 | 18 break; |
| 17339 | 19 case 2: |
| 17340 | 20 locality_attributes.TPM_LOC_TWO = SET; |
| 17341 | 21 break; |
| 17342 | 22 case 3: |
| 17343 | 23 locality_attributes.TPM_LOC_THREE = SET; |
| 17344 | 24 break; |
| 17345 | 25 case 4: |
| 17346 | 26 locality_attributes.TPM_LOC_FOUR = SET; |
| 17347 | 27 break; |
| 17348 | 28 default: |
| 17349 | 29 pAssert(locality < 256 && locality > 31); |
| 17350 | 30 *localityAsByte = locality; |
| 17351 | 31 break; |
| 17352 | 32 } |
| 17353 | 33 return locality_attributes; |
| 17354 | 34 } |
| 17355 | |
| 17356 | |
| 17357 | 9.10 Manufacture.c |
| 17358 | |
| 17359 | 9.10.1 Description |
| 17360 | |
| 17361 | This file contains the function that performs the manufacturing of the TPM in a simulated environment. |
| 17362 | These functions should not be used outside of a manufacturing or simulation environment. |
| 17363 | |
| 17364 | 9.10.2 Includes and Data Definitions |
| 17365 | |
| 17366 | 1 #define MANUFACTURE_C |
| 17367 | 2 #include "InternalRoutines.h" |
| 17368 | 3 #include "Global.h" |
| 17369 | |
| 17370 | |
| 17371 | |
| 17372 | Family "2.0" TCG Published Page 241 |
| 17373 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 17374 | Trusted Platform Module Library Part 4: Supporting Routines |
| 17375 | |
| 17376 | 9.10.3 Functions |
| 17377 | |
| 17378 | 9.10.3.1 TPM_Manufacture() |
| 17379 | |
| 17380 | This function initializes the TPM values in preparation for the TPM's first use. This function will fail if |
| 17381 | previously called. The TPM can be re-manufactured by calling TPM_Teardown() first and then calling this |
| 17382 | function again. |
| 17383 | |
| 17384 | Return Value Meaning |
| 17385 | |
| 17386 | 0 success |
| 17387 | 1 manufacturing process previously performed |
| 17388 | |
| 17389 | 4 LIB_EXPORT int |
| 17390 | 5 TPM_Manufacture( |
| 17391 | 6 BOOL firstTime // IN: indicates if this is the first call from |
| 17392 | 7 // main() |
| 17393 | 8 ) |
| 17394 | 9 { |
| 17395 | 10 TPM_SU orderlyShutdown; |
| 17396 | 11 UINT64 totalResetCount = 0; |
| 17397 | 12 |
| 17398 | 13 // If TPM has been manufactured, return indication. |
| 17399 | 14 if(!firstTime && g_manufactured) |
| 17400 | 15 return 1; |
| 17401 | 16 |
| 17402 | 17 // initialize crypto units |
| 17403 | 18 //CryptInitUnits(); |
| 17404 | 19 |
| 17405 | 20 // |
| 17406 | 21 s_selfHealTimer = 0; |
| 17407 | 22 s_lockoutTimer = 0; |
| 17408 | 23 s_DAPendingOnNV = FALSE; |
| 17409 | 24 |
| 17410 | 25 // initialize NV |
| 17411 | 26 NvInit(); |
| 17412 | 27 |
| 17413 | 28 #ifdef _DRBG_STATE_SAVE |
| 17414 | 29 // Initialize the drbg. This needs to come before the install |
| 17415 | 30 // of the hierarchies |
| 17416 | 31 if(!_cpri__Startup()) // Have to start the crypto units first |
| 17417 | 32 FAIL(FATAL_ERROR_INTERNAL); |
| 17418 | 33 _cpri__DrbgGetPutState(PUT_STATE, 0, NULL); |
| 17419 | 34 #endif |
| 17420 | 35 |
| 17421 | 36 // default configuration for PCR |
| 17422 | 37 PCRSimStart(); |
| 17423 | 38 |
| 17424 | 39 // initialize pre-installed hierarchy data |
| 17425 | 40 // This should happen after NV is initialized because hierarchy data is |
| 17426 | 41 // stored in NV. |
| 17427 | 42 HierarchyPreInstall_Init(); |
| 17428 | 43 |
| 17429 | 44 // initialize dictionary attack parameters |
| 17430 | 45 DAPreInstall_Init(); |
| 17431 | 46 |
| 17432 | 47 // initialize PP list |
| 17433 | 48 PhysicalPresencePreInstall_Init(); |
| 17434 | 49 |
| 17435 | 50 // initialize command audit list |
| 17436 | 51 CommandAuditPreInstall_Init(); |
| 17437 | 52 |
| 17438 | 53 // first start up is required to be Startup(CLEAR) |
| 17439 | |
| 17440 | Page 242 TCG Published Family "2.0" |
| 17441 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 17442 | Part 4: Supporting Routines Trusted Platform Module Library |
| 17443 | |
| 17444 | 54 orderlyShutdown = TPM_SU_CLEAR; |
| 17445 | 55 NvWriteReserved(NV_ORDERLY, &orderlyShutdown); |
| 17446 | 56 |
| 17447 | 57 // initialize the firmware version |
| 17448 | 58 gp.firmwareV1 = FIRMWARE_V1; |
| 17449 | 59 #ifdef FIRMWARE_V2 |
| 17450 | 60 gp.firmwareV2 = FIRMWARE_V2; |
| 17451 | 61 #else |
| 17452 | 62 gp.firmwareV2 = 0; |
| 17453 | 63 #endif |
| 17454 | 64 NvWriteReserved(NV_FIRMWARE_V1, &gp.firmwareV1); |
| 17455 | 65 NvWriteReserved(NV_FIRMWARE_V2, &gp.firmwareV2); |
| 17456 | 66 |
| 17457 | 67 // initialize the total reset counter to 0 |
| 17458 | 68 NvWriteReserved(NV_TOTAL_RESET_COUNT, &totalResetCount); |
| 17459 | 69 |
| 17460 | 70 // initialize the clock stuff |
| 17461 | 71 go.clock = 0; |
| 17462 | 72 go.clockSafe = YES; |
| 17463 | 73 |
| 17464 | 74 #ifdef _DRBG_STATE_SAVE |
| 17465 | 75 // initialize the current DRBG state in NV |
| 17466 | 76 |
| 17467 | 77 _cpri__DrbgGetPutState(GET_STATE, sizeof(go.drbgState), (BYTE *)&go.drbgState); |
| 17468 | 78 #endif |
| 17469 | 79 |
| 17470 | 80 NvWriteReserved(NV_ORDERLY_DATA, &go); |
| 17471 | 81 |
| 17472 | 82 // Commit NV writes. Manufacture process is an artificial process existing |
| 17473 | 83 // only in simulator environment and it is not defined in the specification |
| 17474 | 84 // that what should be the expected behavior if the NV write fails at this |
| 17475 | 85 // point. Therefore, it is assumed the NV write here is always success and |
| 17476 | 86 // no return code of this function is checked. |
| 17477 | 87 NvCommit(); |
| 17478 | 88 |
| 17479 | 89 g_manufactured = TRUE; |
| 17480 | 90 |
| 17481 | 91 return 0; |
| 17482 | 92 } |
| 17483 | |
| 17484 | |
| 17485 | 9.10.3.2 TPM_TearDown() |
| 17486 | |
| 17487 | This function prepares the TPM for re-manufacture. It should not be implemented in anything other than a |
| 17488 | simulated TPM. |
| 17489 | In this implementation, all that is needs is to stop the cryptographic units and set a flag to indicate that the |
| 17490 | TPM can be re-manufactured. This should be all that is necessary to start the manufacturing process |
| 17491 | again. |
| 17492 | |
| 17493 | Return Value Meaning |
| 17494 | |
| 17495 | 0 success |
| 17496 | 1 TPM not previously manufactured |
| 17497 | |
| 17498 | 93 LIB_EXPORT int |
| 17499 | 94 TPM_TearDown( |
| 17500 | 95 void |
| 17501 | 96 ) |
| 17502 | 97 { |
| 17503 | 98 // stop crypt units |
| 17504 | 99 CryptStopUnits(); |
| 17505 | 100 |
| 17506 | 101 g_manufactured = FALSE; |
| 17507 | |
| 17508 | Family "2.0" TCG Published Page 243 |
| 17509 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 17510 | Trusted Platform Module Library Part 4: Supporting Routines |
| 17511 | |
| 17512 | 102 return 0; |
| 17513 | 103 } |
| 17514 | |
| 17515 | |
| 17516 | 9.11 Marshal.c |
| 17517 | |
| 17518 | 9.11.1 Introduction |
| 17519 | |
| 17520 | This file contains the marshaling and unmarshaling code. |
| 17521 | The marshaling and unmarshaling code and function prototypes are not listed, as the code is repetitive, |
| 17522 | long, and not very useful to read. Examples of a few unmarshaling routines are provided. Most of the |
| 17523 | others are similar. |
| 17524 | Depending on the table header flags, a type will have an unmarshaling routine and a marshaling routine |
| 17525 | The table header flags that control the generation of the unmarshaling and marshaling code are delimited |
| 17526 | by angle brackets ("<>") in the table header. If no brackets are present, then both unmarshaling and |
| 17527 | marshaling code is generated (i.e., generation of both marshaling and unmarshaling code is the default). |
| 17528 | |
| 17529 | 9.11.2 Unmarshal and Marshal a Value |
| 17530 | |
| 17531 | In TPM 2.0 Part 2, a TPMI_DI_OBJECT is defined by this table: |
| 17532 | |
| 17533 | Table xxx — Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type |
| 17534 | Values Comments |
| 17535 | |
| 17536 | {TRANSIENT_FIRST:TRANSIENT_LAST} allowed range for transient objects |
| 17537 | {PERSISTENT_FIRST:PERSISTENT_LAST} allowed range for persistent objects |
| 17538 | +TPM_RH_NULL the null handle |
| 17539 | #TPM_RC_VALUE |
| 17540 | |
| 17541 | This generates the following unmarshaling code: |
| 17542 | |
| 17543 | 1 TPM_RC |
| 17544 | 2 TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, |
| 17545 | 3 bool flag) |
| 17546 | 4 { |
| 17547 | 5 TPM_RC result; |
| 17548 | 6 result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); |
| 17549 | 7 if(result != TPM_RC_SUCCESS) |
| 17550 | 8 return result; |
| 17551 | 9 if (*target == TPM_RH_NULL) { |
| 17552 | 10 if(flag) |
| 17553 | 11 return TPM_RC_SUCCESS; |
| 17554 | 12 else |
| 17555 | 13 return TPM_RC_VALUE; |
| 17556 | 14 } |
| 17557 | 15 if((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) |
| 17558 | 16 if((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST)) |
| 17559 | 17 return TPM_RC_VALUE; |
| 17560 | 18 return TPM_RC_SUCCESS; |
| 17561 | 19 } |
| 17562 | |
| 17563 | |
| 17564 | |
| 17565 | |
| 17566 | Page 244 TCG Published Family "2.0" |
| 17567 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 17568 | Part 4: Supporting Routines Trusted Platform Module Library |
| 17569 | |
| 17570 | |
| 17571 | and the following marshaling code: |
| 17572 | |
| 17573 | NOTE The marshaling code does not do parameter checking, as the TPM is the source of the marshaling data. |
| 17574 | |
| 17575 | 1 UINT16 |
| 17576 | 2 TPMI_DH_OBJECT_Marshal(TPMI_DH_OBJECT *source, BYTE **buffer, INT32 *size) |
| 17577 | 3 { |
| 17578 | 4 return UINT32_Marshal((UINT32 *)source, buffer, size); |
| 17579 | 5 } |
| 17580 | |
| 17581 | |
| 17582 | 9.11.3 Unmarshal and Marshal a Union |
| 17583 | |
| 17584 | In TPM 2.0 Part 2, a TPMU_PUBLIC_PARMS union is defined by: |
| 17585 | |
| 17586 | Table xxx — Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> |
| 17587 | Parameter Type Selector Description |
| 17588 | |
| 17589 | keyedHash TPMS_KEYEDHASH_PARMS TPM_ALG_KEYEDHASH sign | encrypt | neither |
| 17590 | symDetail TPMT_SYM_DEF_OBJECT TPM_ALG_SYMCIPHER a symmetric block cipher |
| 17591 | rsaDetail TPMS_RSA_PARMS TPM_ALG_RSA decrypt + sign |
| 17592 | eccDetail TPMS_ECC_PARMS TPM_ALG_ECC decrypt + sign |
| 17593 | asymDetail TPMS_ASYM_PARMS common scheme structure |
| 17594 | for RSA and ECC keys |
| 17595 | NOTE The Description column indicates which of TPMA_OBJECT.decrypt or TPMA_OBJECT.sign may be set. |
| 17596 | “+” indicates that both may be set but one shall be set. “|” indicates the optional settings. |
| 17597 | |
| 17598 | From this table, the following unmarshaling code is generated. |
| 17599 | |
| 17600 | 1 TPM_RC |
| 17601 | 2 TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size, |
| 17602 | 3 UINT32 selector) |
| 17603 | 4 { |
| 17604 | 5 switch(selector) { |
| 17605 | 6 #ifdef TPM_ALG_KEYEDHASH |
| 17606 | 7 case TPM_ALG_KEYEDHASH: |
| 17607 | 8 return TPMS_KEYEDHASH_PARMS_Unmarshal( |
| 17608 | 9 (TPMS_KEYEDHASH_PARMS *)&(target->keyedHash), buffer, size); |
| 17609 | 10 #endif |
| 17610 | 11 #ifdef TPM_ALG_SYMCIPHER |
| 17611 | 12 case TPM_ALG_SYMCIPHER: |
| 17612 | 13 return TPMT_SYM_DEF_OBJECT_Unmarshal( |
| 17613 | 14 (TPMT_SYM_DEF_OBJECT *)&(target->symDetail), buffer, size, FALSE); |
| 17614 | 15 #endif |
| 17615 | 16 #ifdef TPM_ALG_RSA |
| 17616 | 17 case TPM_ALG_RSA: |
| 17617 | 18 return TPMS_RSA_PARMS_Unmarshal( |
| 17618 | 19 (TPMS_RSA_PARMS *)&(target->rsaDetail), buffer, size); |
| 17619 | 20 #endif |
| 17620 | 21 #ifdef TPM_ALG_ECC |
| 17621 | 22 case TPM_ALG_ECC: |
| 17622 | 23 return TPMS_ECC_PARMS_Unmarshal( |
| 17623 | 24 (TPMS_ECC_PARMS *)&(target->eccDetail), buffer, size); |
| 17624 | 25 #endif |
| 17625 | 26 } |
| 17626 | 27 return TPM_RC_SELECTOR; |
| 17627 | 28 } |
| 17628 | |
| 17629 | |
| 17630 | |
| 17631 | |
| 17632 | Family "2.0" TCG Published Page 245 |
| 17633 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 17634 | Trusted Platform Module Library Part 4: Supporting Routines |
| 17635 | |
| 17636 | NOTE The #ifdef/#endif directives are added whenever a value is dependent on an algorithm ID so that |
| 17637 | removing the algorithm definition will remove the related code. |
| 17638 | |
| 17639 | The marshaling code for the union is: |
| 17640 | |
| 17641 | 1 UINT16 |
| 17642 | 2 TPMU_PUBLIC_PARMS_Marshal(TPMU_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size, |
| 17643 | 3 UINT32 selector) |
| 17644 | 4 { |
| 17645 | 5 switch(selector) { |
| 17646 | 6 #ifdef TPM_ALG_KEYEDHASH |
| 17647 | 7 case TPM_ALG_KEYEDHASH: |
| 17648 | 8 return TPMS_KEYEDHASH_PARMS_Marshal( |
| 17649 | 9 (TPMS_KEYEDHASH_PARMS *)&(source->keyedHash), buffer, size); |
| 17650 | 10 #endif |
| 17651 | 11 #ifdef TPM_ALG_SYMCIPHER |
| 17652 | 12 case TPM_ALG_SYMCIPHER: |
| 17653 | 13 return TPMT_SYM_DEF_OBJECT_Marshal( |
| 17654 | 14 (TPMT_SYM_DEF_OBJECT *)&(source->symDetail), buffer, size); |
| 17655 | 15 #endif |
| 17656 | 16 #ifdef TPM_ALG_RSA |
| 17657 | 17 case TPM_ALG_RSA: |
| 17658 | 18 return TPMS_RSA_PARMS_Marshal( |
| 17659 | 19 (TPMS_RSA_PARMS *)&(source->rsaDetail), buffer, size); |
| 17660 | 20 #endif |
| 17661 | 21 #ifdef TPM_ALG_ECC |
| 17662 | 22 case TPM_ALG_ECC: |
| 17663 | 23 return TPMS_ECC_PARMS_Marshal( |
| 17664 | 24 (TPMS_ECC_PARMS *)&(source->eccDetail), buffer, size); |
| 17665 | 25 #endif |
| 17666 | 26 } |
| 17667 | 27 assert(1); |
| 17668 | 28 return 0; |
| 17669 | 29 } |
| 17670 | |
| 17671 | For the marshaling and unmarshaling code, a value in the structure containing the union provides the |
| 17672 | value used for selector. The example in the next section illustrates this. |
| 17673 | |
| 17674 | |
| 17675 | |
| 17676 | |
| 17677 | Page 246 TCG Published Family "2.0" |
| 17678 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 17679 | Part 4: Supporting Routines Trusted Platform Module Library |
| 17680 | |
| 17681 | 9.11.4 Unmarshal and Marshal a Structure |
| 17682 | |
| 17683 | In TPM 2.0 Part 2, the TPMT_PUBLiC structure is defined by: |
| 17684 | |
| 17685 | Table xxx — Definition of TPMT_PUBLIC Structure |
| 17686 | Parameter Type Description |
| 17687 | |
| 17688 | type TPMI_ALG_PUBLIC “algorithm” associated with this object |
| 17689 | nameAlg +TPMI_ALG_HASH algorithm used for computing the Name of the object |
| 17690 | NOTE The "+" indicates that the instance of a TPMT_PUBLIC may have |
| 17691 | a "+" to indicate that the nameAlg may be TPM_ALG_NULL. |
| 17692 | |
| 17693 | objectAttributes TPMA_OBJECT attributes that, along with type, determine the manipulations of this |
| 17694 | object |
| 17695 | authPolicy TPM2B_DIGEST optional policy for using this key |
| 17696 | The policy is computed using the nameAlg of the object. |
| 17697 | NOTE shall be the Empty Buffer if no authorization policy is present |
| 17698 | |
| 17699 | [type]parameters TPMU_PUBLIC_PARMS the algorithm or structure details |
| 17700 | [type]unique TPMU_PUBLIC_ID the unique identifier of the structure |
| 17701 | For an asymmetric key, this would be the public key. |
| 17702 | |
| 17703 | This structure is tagged (the first value indicates the structure type), and that tag is used to determine how |
| 17704 | the parameters and unique fields are unmarshaled and marshaled. The use of the type for specifying the |
| 17705 | union selector is emphasized below. |
| 17706 | The unmarshaling code for the structure in the table above is: |
| 17707 | |
| 17708 | 1 TPM_RC |
| 17709 | 2 TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, bool flag) |
| 17710 | 3 { |
| 17711 | 4 TPM_RC result; |
| 17712 | 5 result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->type), |
| 17713 | 6 buffer, size); |
| 17714 | 7 if(result != TPM_RC_SUCCESS) |
| 17715 | 8 return result; |
| 17716 | 9 result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->nameAlg), |
| 17717 | 10 buffer, size, flag); |
| 17718 | 11 if(result != TPM_RC_SUCCESS) |
| 17719 | 12 return result; |
| 17720 | 13 result = TPMA_OBJECT_Unmarshal((TPMA_OBJECT *)&(target->objectAttributes), |
| 17721 | 14 buffer, size); |
| 17722 | 15 if(result != TPM_RC_SUCCESS) |
| 17723 | 16 return result; |
| 17724 | 17 result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->authPolicy), |
| 17725 | 18 buffer, size); |
| 17726 | 19 if(result != TPM_RC_SUCCESS) |
| 17727 | 20 return result; |
| 17728 | 21 |
| 17729 | 22 result = TPMU_PUBLIC_PARMS_Unmarshal((TPMU_PUBLIC_PARMS *)&(target->parameters), |
| 17730 | 23 buffer, size, ); |
| 17731 | 24 if(result != TPM_RC_SUCCESS) |
| 17732 | 25 return result; |
| 17733 | 26 |
| 17734 | 27 result = TPMU_PUBLIC_ID_Unmarshal((TPMU_PUBLIC_ID *)&(target->unique), |
| 17735 | 28 buffer, size, ) |
| 17736 | 29 if(result != TPM_RC_SUCCESS) |
| 17737 | 30 return result; |
| 17738 | 31 |
| 17739 | 32 return TPM_RC_SUCCESS; |
| 17740 | 33 } |
| 17741 | |
| 17742 | Family "2.0" TCG Published Page 247 |
| 17743 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 17744 | Trusted Platform Module Library Part 4: Supporting Routines |
| 17745 | |
| 17746 | |
| 17747 | The marshaling code for the TPMT_PUBLIC structure is: |
| 17748 | |
| 17749 | 1 UINT16 |
| 17750 | 2 TPMT_PUBLIC_Marshal(TPMT_PUBLIC *source, BYTE **buffer, INT32 *size) |
| 17751 | 3 { |
| 17752 | 4 UINT16 result = 0; |
| 17753 | 5 result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal( |
| 17754 | 6 (TPMI_ALG_PUBLIC *)&(source->type), buffer, size)); |
| 17755 | 7 result = (UINT16)(result + TPMI_ALG_HASH_Marshal( |
| 17756 | 8 (TPMI_ALG_HASH *)&(source->nameAlg), buffer, size)) |
| 17757 | 9 ; |
| 17758 | 10 result = (UINT16)(result + TPMA_OBJECT_Marshal( |
| 17759 | 11 (TPMA_OBJECT *)&(source->objectAttributes), buffer, size)); |
| 17760 | 12 |
| 17761 | 13 result = (UINT16)(result + TPM2B_DIGEST_Marshal( |
| 17762 | 14 (TPM2B_DIGEST *)&(source->authPolicy), buffer, size)); |
| 17763 | 15 |
| 17764 | 16 result = (UINT16)(result + TPMU_PUBLIC_PARMS_Marshal( |
| 17765 | 17 (TPMU_PUBLIC_PARMS *)&(source->parameters), buffer, size, |
| 17766 | 18 )); |
| 17767 | 19 |
| 17768 | 20 result = (UINT16)(result + TPMU_PUBLIC_ID_Marshal( |
| 17769 | 21 (TPMU_PUBLIC_ID *)&(source->unique), buffer, size, |
| 17770 | 22 )); |
| 17771 | 23 |
| 17772 | 24 return result; |
| 17773 | 25 } |
| 17774 | |
| 17775 | |
| 17776 | |
| 17777 | |
| 17778 | Page 248 TCG Published Family "2.0" |
| 17779 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 17780 | Part 4: Supporting Routines Trusted Platform Module Library |
| 17781 | |
| 17782 | 9.11.5 Unmarshal and Marshal an Array |
| 17783 | |
| 17784 | In TPM 2.0 Part 2, the TPML_DIGEST is defined by: |
| 17785 | |
| 17786 | Table xxx — Definition of TPML_DIGEST Structure |
| 17787 | Parameter Type Description |
| 17788 | |
| 17789 | count {2:} UINT32 number of digests in the list, minimum is two |
| 17790 | digests[count]{:8} TPM2B_DIGEST a list of digests |
| 17791 | For TPM2_PolicyOR(), all digests will have been |
| 17792 | computed using the digest of the policy session. For |
| 17793 | TPM2_PCR_Read(), each digest will be the size of the |
| 17794 | digest for the bank containing the PCR. |
| 17795 | #TPM_RC_SIZE response code when count is not at least two or is |
| 17796 | greater than 8 |
| 17797 | The digests parameter is an array of up to count structures (TPM2B_DIGESTS). The auto-generated code |
| 17798 | to Unmarshal this structure is: |
| 17799 | |
| 17800 | 1 TPM_RC |
| 17801 | 2 TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size) |
| 17802 | 3 { |
| 17803 | 4 TPM_RC result; |
| 17804 | 5 result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); |
| 17805 | 6 if(result != TPM_RC_SUCCESS) |
| 17806 | 7 return result; |
| 17807 | 8 |
| 17808 | 9 if( (target->count < 2)) // This check is triggered by the {2:} notation |
| 17809 | 10 // on ‘count’ |
| 17810 | 11 return TPM_RC_SIZE; |
| 17811 | 12 |
| 17812 | 13 if((target->count) > 8) // This check is triggered by the {:8} notation |
| 17813 | 14 // on ‘digests’. |
| 17814 | 15 return TPM_RC_SIZE; |
| 17815 | 16 |
| 17816 | 17 result = TPM2B_DIGEST_Array_Unmarshal((TPM2B_DIGEST *)(target->digests), |
| 17817 | 18 buffer, size, ); |
| 17818 | 19 if(result != TPM_RC_SUCCESS) |
| 17819 | 20 return result; |
| 17820 | 21 |
| 17821 | 22 return TPM_RC_SUCCESS; |
| 17822 | 23 } |
| 17823 | |
| 17824 | The routine unmarshals a count value and passes that value to a routine that unmarshals an array of |
| 17825 | TPM2B_DIGEST values. The unmarshaling code for the array is: |
| 17826 | |
| 17827 | 1 TPM_RC |
| 17828 | 2 TPM2B_DIGEST_Array_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size, |
| 17829 | 3 INT32 count) |
| 17830 | 4 { |
| 17831 | 5 TPM_RC result; |
| 17832 | 6 INT32 i; |
| 17833 | 7 for(i = 0; i < count; i++) { |
| 17834 | 8 result = TPM2B_DIGEST_Unmarshal(&target[i], buffer, size); |
| 17835 | 9 if(result != TPM_RC_SUCCESS) |
| 17836 | 10 return result; |
| 17837 | 11 } |
| 17838 | 12 return TPM_RC_SUCCESS; |
| 17839 | 13 } |
| 17840 | 14 |
| 17841 | |
| 17842 | |
| 17843 | Family "2.0" TCG Published Page 249 |
| 17844 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 17845 | Trusted Platform Module Library Part 4: Supporting Routines |
| 17846 | |
| 17847 | |
| 17848 | Marshaling of the TPML_DIGEST uses a similar scheme with a structure specifying the number of |
| 17849 | elements in an array and a subsequent call to a routine to marshal an array of that type. |
| 17850 | |
| 17851 | 1 UINT16 |
| 17852 | 2 TPML_DIGEST_Marshal(TPML_DIGEST *source, BYTE **buffer, INT32 *size) |
| 17853 | 3 { |
| 17854 | 4 UINT16 result = 0; |
| 17855 | 5 result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, |
| 17856 | 6 size)); |
| 17857 | 7 result = (UINT16)(result + TPM2B_DIGEST_Array_Marshal( |
| 17858 | 8 (TPM2B_DIGEST *)(source->digests), buffer, size, |
| 17859 | 9 (INT32)(source->count))); |
| 17860 | 10 |
| 17861 | 11 return result; |
| 17862 | 12 } |
| 17863 | |
| 17864 | The marshaling code for the array is: |
| 17865 | |
| 17866 | 1 TPM_RC |
| 17867 | 2 TPM2B_DIGEST_Array_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size, |
| 17868 | 3 INT32 count) |
| 17869 | 4 { |
| 17870 | 5 TPM_RC result; |
| 17871 | 6 INT32 i; |
| 17872 | 7 for(i = 0; i < count; i++) { |
| 17873 | 8 result = TPM2B_DIGEST_Unmarshal(&target[i], buffer, size); |
| 17874 | 9 if(result != TPM_RC_SUCCESS) |
| 17875 | 10 return result; |
| 17876 | 11 } |
| 17877 | 12 return TPM_RC_SUCCESS; |
| 17878 | 13 } |
| 17879 | |
| 17880 | |
| 17881 | |
| 17882 | |
| 17883 | Page 250 TCG Published Family "2.0" |
| 17884 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 17885 | Part 4: Supporting Routines Trusted Platform Module Library |
| 17886 | |
| 17887 | 9.11.6 TPM2B Handling |
| 17888 | |
| 17889 | A TPM2B structure is handled as a special case. The unmarshaling code is similar to what is shown in |
| 17890 | 10.11.5 but the unmarshaling/marshaling is to a union element. Each TPM2B is a union of two sized |
| 17891 | buffers, one of which is type specific (the ‘t’ element) and the other is a generic value (the ‘b’ element). |
| 17892 | This allows each of the TPM2B structures to have some inheritance property with all other TPM2B. The |
| 17893 | purpose is to allow functions that have parameters that can be any TPM2B structure while allowing other |
| 17894 | functions to be specific about the type of the TPM2B that is used. When the generic structure is allowed, |
| 17895 | the input parameter would use the ‘b’ element and when the type-specific structure is required, the ‘t’ |
| 17896 | element is used. |
| 17897 | |
| 17898 | Table xxx — Definition of TPM2B_EVENT Structure |
| 17899 | Parameter Type Description |
| 17900 | |
| 17901 | size UINT16 Size of the operand |
| 17902 | buffer [size] {:1024} BYTE The operand |
| 17903 | |
| 17904 | 1 TPM_RC |
| 17905 | 2 TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size) |
| 17906 | 3 { |
| 17907 | 4 TPM_RC result; |
| 17908 | 5 result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); |
| 17909 | 6 if(result != TPM_RC_SUCCESS) |
| 17910 | 7 return result; |
| 17911 | 8 |
| 17912 | 9 // if size equal to 0, the rest of the structure is a zero buffer. Stop |
| 17913 | processing |
| 17914 | 10 if(target->t.size == 0) |
| 17915 | 11 return TPM_RC_SUCCESS; |
| 17916 | 12 |
| 17917 | 13 if((target->t.size) > 1024) // This check is triggered by the {:1024} notation |
| 17918 | 14 // on ‘buffer’ |
| 17919 | 15 return TPM_RC_SIZE; |
| 17920 | 16 |
| 17921 | 17 result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, |
| 17922 | 18 (INT32)(target->t.size)); |
| 17923 | 19 if(result != TPM_RC_SUCCESS) |
| 17924 | 20 return result; |
| 17925 | 21 |
| 17926 | 22 return TPM_RC_SUCCESS; |
| 17927 | 23 } |
| 17928 | |
| 17929 | Which use these structure definitions: |
| 17930 | |
| 17931 | 1 typedef struct { |
| 17932 | 2 UINT16 size; |
| 17933 | 3 BYTE buffer[1]; |
| 17934 | 4 } TPM2B; |
| 17935 | 5 |
| 17936 | 6 typedef struct { |
| 17937 | 7 UINT16 size; |
| 17938 | 8 BYTE buffer[1024]; |
| 17939 | 9 } EVENT_2B; |
| 17940 | 10 |
| 17941 | 11 typedef union { |
| 17942 | 12 EVENT_2B t; // The type-specific union member |
| 17943 | 13 TPM2B b; // The generic union member |
| 17944 | 14 } TPM2B_EVENT; |
| 17945 | |
| 17946 | |
| 17947 | |
| 17948 | |
| 17949 | Family "2.0" TCG Published Page 251 |
| 17950 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 17951 | Trusted Platform Module Library Part 4: Supporting Routines |
| 17952 | |
| 17953 | 9.12 MemoryLib.c |
| 17954 | |
| 17955 | 9.12.1 Description |
| 17956 | |
| 17957 | This file contains a set of miscellaneous memory manipulation routines. Many of the functions have the |
| 17958 | same semantics as functions defined in string.h. Those functions are not used in the TPM in order to |
| 17959 | avoid namespace contamination. |
| 17960 | |
| 17961 | 9.12.2 Includes and Data Definitions |
| 17962 | |
| 17963 | 1 #define MEMORY_LIB_C |
| 17964 | 2 #include "InternalRoutines.h" |
| 17965 | |
| 17966 | These buffers are set aside to hold command and response values. In this implementation, it is not |
| 17967 | guaranteed that the code will stop accessing the s_actionInputBuffer before starting to put values in the |
| 17968 | s_actionOutputBuffer so different buffers are required. However, the s_actionInputBuffer and |
| 17969 | s_responseBuffer are not needed at the same time and they could be the same buffer. |
| 17970 | |
| 17971 | 9.12.3 Functions on BYTE Arrays |
| 17972 | |
| 17973 | 9.12.3.1 MemoryMove() |
| 17974 | |
| 17975 | This function moves data from one place in memory to another. No safety checks of any type are |
| 17976 | performed. If source and data buffer overlap, then the move is done as if an intermediate buffer were |
| 17977 | used. |
| 17978 | |
| 17979 | NOTE: This function is used by MemoryCopy(), MemoryCopy2B(), and MemoryConcat2b() and requires that the caller |
| 17980 | know the maximum size of the destination buffer so that there is no possibility of buffer overrun. |
| 17981 | |
| 17982 | 3 LIB_EXPORT void |
| 17983 | 4 MemoryMove( |
| 17984 | 5 void *destination, // OUT: move destination |
| 17985 | 6 const void *source, // IN: move source |
| 17986 | 7 UINT32 size, // IN: number of octets to moved |
| 17987 | 8 UINT32 dSize // IN: size of the receive buffer |
| 17988 | 9 ) |
| 17989 | 10 { |
| 17990 | 11 const BYTE *p = (BYTE *)source; |
| 17991 | 12 BYTE *q = (BYTE *)destination; |
| 17992 | 13 |
| 17993 | 14 if(destination == NULL || source == NULL) |
| 17994 | 15 return; |
| 17995 | 16 |
| 17996 | 17 pAssert(size <= dSize); |
| 17997 | 18 // if the destination buffer has a lower address than the |
| 17998 | 19 // source, then moving bytes in ascending order is safe. |
| 17999 | 20 dSize -= size; |
| 18000 | 21 |
| 18001 | 22 if (p>q || (p+size <= q)) |
| 18002 | 23 { |
| 18003 | 24 while(size--) |
| 18004 | 25 *q++ = *p++; |
| 18005 | 26 } |
| 18006 | 27 // If the destination buffer has a higher address than the |
| 18007 | 28 // source, then move bytes from the end to the beginning. |
| 18008 | 29 else if (p < q) |
| 18009 | 30 { |
| 18010 | 31 p += size; |
| 18011 | 32 q += size; |
| 18012 | |
| 18013 | |
| 18014 | Page 252 TCG Published Family "2.0" |
| 18015 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 18016 | Part 4: Supporting Routines Trusted Platform Module Library |
| 18017 | |
| 18018 | 33 while (size--) |
| 18019 | 34 *--q = *--p; |
| 18020 | 35 } |
| 18021 | 36 |
| 18022 | 37 // If the source and destination address are the same, nothing to move. |
| 18023 | 38 return; |
| 18024 | 39 } |
| 18025 | |
| 18026 | |
| 18027 | 9.12.3.2 MemoryCopy() |
| 18028 | |
| 18029 | This function moves data from one place in memory to another. No safety checks of any type are |
| 18030 | performed. If the destination and source overlap, then the results are unpredictable. void MemoryCopy( |
| 18031 | |
| 18032 | void *destination, // OUT: copy destination |
| 18033 | |
| 18034 | void *source, // IN: copy source |
| 18035 | UINT32 size, // IN: number of octets being copied |
| 18036 | UINT32 dSize // IN: size of the receive buffer |
| 18037 | |
| 18038 | MemoryMove(destination, source, size, dSize); |
| 18039 | |
| 18040 | 40 //%#define MemoryCopy(destination, source, size, destSize) \ |
| 18041 | 41 //% MemoryMove((destination), (source), (size), (destSize)) |
| 18042 | |
| 18043 | |
| 18044 | 9.12.3.3 MemoryEqual() |
| 18045 | |
| 18046 | This function indicates if two buffers have the same values in the indicated number of bytes. |
| 18047 | |
| 18048 | Return Value Meaning |
| 18049 | |
| 18050 | TRUE all octets are the same |
| 18051 | FALSE all octets are not the same |
| 18052 | |
| 18053 | 42 LIB_EXPORT BOOL |
| 18054 | 43 MemoryEqual( |
| 18055 | 44 const void *buffer1, // IN: compare buffer1 |
| 18056 | 45 const void *buffer2, // IN: compare buffer2 |
| 18057 | 46 UINT32 size // IN: size of bytes being compared |
| 18058 | 47 ) |
| 18059 | 48 { |
| 18060 | 49 BOOL equal = TRUE; |
| 18061 | 50 const BYTE *b1, *b2; |
| 18062 | 51 |
| 18063 | 52 b1 = (BYTE *)buffer1; |
| 18064 | 53 b2 = (BYTE *)buffer2; |
| 18065 | 54 |
| 18066 | 55 // Compare all bytes so that there is no leakage of information |
| 18067 | 56 // due to timing differences. |
| 18068 | 57 for(; size > 0; size--) |
| 18069 | 58 equal = (*b1++ == *b2++) && equal; |
| 18070 | 59 |
| 18071 | 60 return equal; |
| 18072 | 61 } |
| 18073 | |
| 18074 | |
| 18075 | 9.12.3.4 MemoryCopy2B() |
| 18076 | |
| 18077 | This function copies a TPM2B. This can be used when the TPM2B types are the same or different. No |
| 18078 | size checking is done on the destination so the caller should make sure that the destination is large |
| 18079 | enough. |
| 18080 | |
| 18081 | Family "2.0" TCG Published Page 253 |
| 18082 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 18083 | Trusted Platform Module Library Part 4: Supporting Routines |
| 18084 | |
| 18085 | |
| 18086 | This function returns the number of octets in the data buffer of the TPM2B. |
| 18087 | |
| 18088 | 62 LIB_EXPORT INT16 |
| 18089 | 63 MemoryCopy2B( |
| 18090 | 64 TPM2B *dest, // OUT: receiving TPM2B |
| 18091 | 65 const TPM2B *source, // IN: source TPM2B |
| 18092 | 66 UINT16 dSize // IN: size of the receiving buffer |
| 18093 | 67 ) |
| 18094 | 68 { |
| 18095 | 69 |
| 18096 | 70 if(dest == NULL) |
| 18097 | 71 return 0; |
| 18098 | 72 if(source == NULL) |
| 18099 | 73 dest->size = 0; |
| 18100 | 74 else |
| 18101 | 75 { |
| 18102 | 76 dest->size = source->size; |
| 18103 | 77 MemoryMove(dest->buffer, source->buffer, dest->size, dSize); |
| 18104 | 78 } |
| 18105 | 79 return dest->size; |
| 18106 | 80 } |
| 18107 | |
| 18108 | |
| 18109 | 9.12.3.5 MemoryConcat2B() |
| 18110 | |
| 18111 | This function will concatenate the buffer contents of a TPM2B to an the buffer contents of another TPM2B |
| 18112 | and adjust the size accordingly (a := (a | b)). |
| 18113 | |
| 18114 | 81 LIB_EXPORT void |
| 18115 | 82 MemoryConcat2B( |
| 18116 | 83 TPM2B *aInOut, // IN/OUT: destination 2B |
| 18117 | 84 TPM2B *bIn, // IN: second 2B |
| 18118 | 85 UINT16 aSize // IN: The size of aInOut.buffer (max values for |
| 18119 | 86 // aInOut.size) |
| 18120 | 87 ) |
| 18121 | 88 { |
| 18122 | 89 MemoryMove(&aInOut->buffer[aInOut->size], |
| 18123 | 90 bIn->buffer, |
| 18124 | 91 bIn->size, |
| 18125 | 92 aSize - aInOut->size); |
| 18126 | 93 aInOut->size = aInOut->size + bIn->size; |
| 18127 | 94 return; |
| 18128 | 95 } |
| 18129 | |
| 18130 | |
| 18131 | 9.12.3.6 Memory2BEqual() |
| 18132 | |
| 18133 | This function will compare two TPM2B structures. To be equal, they need to be the same size and the |
| 18134 | buffer contexts need to be the same in all octets. |
| 18135 | |
| 18136 | Return Value Meaning |
| 18137 | |
| 18138 | TRUE size and buffer contents are the same |
| 18139 | FALSE size or buffer contents are not the same |
| 18140 | |
| 18141 | 96 LIB_EXPORT BOOL |
| 18142 | 97 Memory2BEqual( |
| 18143 | 98 const TPM2B *aIn, // IN: compare value |
| 18144 | 99 const TPM2B *bIn // IN: compare value |
| 18145 | 100 ) |
| 18146 | 101 { |
| 18147 | 102 if(aIn->size != bIn->size) |
| 18148 | 103 return FALSE; |
| 18149 | |
| 18150 | Page 254 TCG Published Family "2.0" |
| 18151 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 18152 | Part 4: Supporting Routines Trusted Platform Module Library |
| 18153 | |
| 18154 | 104 |
| 18155 | 105 return MemoryEqual(aIn->buffer, bIn->buffer, aIn->size); |
| 18156 | 106 } |
| 18157 | |
| 18158 | |
| 18159 | 9.12.3.7 MemorySet() |
| 18160 | |
| 18161 | This function will set all the octets in the specified memory range to the specified octet value. |
| 18162 | |
| 18163 | NOTE: the dSize parameter forces the caller to know how big the receiving buffer is to make sure that there is no |
| 18164 | possibility that the caller will inadvertently run over the end of the buffer. |
| 18165 | |
| 18166 | 107 LIB_EXPORT void |
| 18167 | 108 MemorySet( |
| 18168 | 109 void *destination, // OUT: memory destination |
| 18169 | 110 char value, // IN: fill value |
| 18170 | 111 UINT32 size // IN: number of octets to fill |
| 18171 | 112 ) |
| 18172 | 113 { |
| 18173 | 114 char *p = (char *)destination; |
| 18174 | 115 while (size--) |
| 18175 | 116 *p++ = value; |
| 18176 | 117 return; |
| 18177 | 118 } |
| 18178 | |
| 18179 | |
| 18180 | 9.12.3.8 MemoryGetActionInputBuffer() |
| 18181 | |
| 18182 | This function returns the address of the buffer into which the command parameters will be unmarshaled in |
| 18183 | preparation for calling the command actions. |
| 18184 | |
| 18185 | 119 BYTE * |
| 18186 | 120 MemoryGetActionInputBuffer( |
| 18187 | 121 UINT32 size // Size, in bytes, required for the input |
| 18188 | 122 // unmarshaling |
| 18189 | 123 ) |
| 18190 | 124 { |
| 18191 | 125 BYTE *buf = NULL; |
| 18192 | 126 |
| 18193 | 127 if(size > 0) |
| 18194 | 128 { |
| 18195 | 129 // In this implementation, a static buffer is set aside for action output. |
| 18196 | 130 // Other implementations may apply additional optimization based on command |
| 18197 | 131 // code or other factors. |
| 18198 | 132 UINT32 *p = s_actionInputBuffer; |
| 18199 | 133 buf = (BYTE *)p; |
| 18200 | 134 pAssert(size < sizeof(s_actionInputBuffer)); |
| 18201 | 135 |
| 18202 | 136 // size of an element in the buffer |
| 18203 | 137 #define SZ sizeof(s_actionInputBuffer[0]) |
| 18204 | 138 |
| 18205 | 139 for(size = (size + SZ - 1) / SZ; size > 0; size--) |
| 18206 | 140 *p++ = 0; |
| 18207 | 141 #undef SZ |
| 18208 | 142 } |
| 18209 | 143 return buf; |
| 18210 | 144 } |
| 18211 | |
| 18212 | |
| 18213 | 9.12.3.9 MemoryGetActionOutputBuffer() |
| 18214 | |
| 18215 | This function returns the address of the buffer into which the command action code places its output |
| 18216 | values. |
| 18217 | |
| 18218 | |
| 18219 | Family "2.0" TCG Published Page 255 |
| 18220 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 18221 | Trusted Platform Module Library Part 4: Supporting Routines |
| 18222 | |
| 18223 | 145 void * |
| 18224 | 146 MemoryGetActionOutputBuffer( |
| 18225 | 147 TPM_CC command // Command that requires the buffer |
| 18226 | 148 ) |
| 18227 | 149 { |
| 18228 | 150 // In this implementation, a static buffer is set aside for action output. |
| 18229 | 151 // Other implementations may apply additional optimization based on the command |
| 18230 | 152 // code or other factors. |
| 18231 | 153 command = 0; // Unreferenced parameter |
| 18232 | 154 return s_actionOutputBuffer; |
| 18233 | 155 } |
| 18234 | |
| 18235 | |
| 18236 | 9.12.3.10 MemoryGetResponseBuffer() |
| 18237 | |
| 18238 | This function returns the address into which the command response is marshaled from values in the |
| 18239 | action output buffer. |
| 18240 | |
| 18241 | 156 BYTE * |
| 18242 | 157 MemoryGetResponseBuffer( |
| 18243 | 158 TPM_CC command // Command that requires the buffer |
| 18244 | 159 ) |
| 18245 | 160 { |
| 18246 | 161 // In this implementation, a static buffer is set aside for responses. |
| 18247 | 162 // Other implementation may apply additional optimization based on the command |
| 18248 | 163 // code or other factors. |
| 18249 | 164 command = 0; // Unreferenced parameter |
| 18250 | 165 return s_responseBuffer; |
| 18251 | 166 } |
| 18252 | |
| 18253 | |
| 18254 | 9.12.3.11 MemoryRemoveTrailingZeros() |
| 18255 | |
| 18256 | This function is used to adjust the length of an authorization value. It adjusts the size of the TPM2B so |
| 18257 | that it does not include octets at the end of the buffer that contain zero. The function returns the number |
| 18258 | of non-zero octets in the buffer. |
| 18259 | |
| 18260 | 167 UINT16 |
| 18261 | 168 MemoryRemoveTrailingZeros ( |
| 18262 | 169 TPM2B_AUTH *auth // IN/OUT: value to adjust |
| 18263 | 170 ) |
| 18264 | 171 { |
| 18265 | 172 BYTE *a = &auth->t.buffer[auth->t.size-1]; |
| 18266 | 173 for(; auth->t.size > 0; auth->t.size--) |
| 18267 | 174 { |
| 18268 | 175 if(*a--) |
| 18269 | 176 break; |
| 18270 | 177 } |
| 18271 | 178 return auth->t.size; |
| 18272 | 179 } |
| 18273 | |
| 18274 | |
| 18275 | 9.13 Power.c |
| 18276 | |
| 18277 | 9.13.1 Description |
| 18278 | |
| 18279 | This file contains functions that receive the simulated power state transitions of the TPM. |
| 18280 | |
| 18281 | 9.13.2 Includes and Data Definitions |
| 18282 | |
| 18283 | 1 #define POWER_C |
| 18284 | 2 #include "InternalRoutines.h" |
| 18285 | |
| 18286 | Page 256 TCG Published Family "2.0" |
| 18287 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 18288 | Part 4: Supporting Routines Trusted Platform Module Library |
| 18289 | |
| 18290 | 9.13.3 Functions |
| 18291 | |
| 18292 | 9.13.3.1 TPMInit() |
| 18293 | |
| 18294 | This function is used to process a power on event. |
| 18295 | |
| 18296 | 3 void |
| 18297 | 4 TPMInit( |
| 18298 | 5 void |
| 18299 | 6 ) |
| 18300 | 7 { |
| 18301 | 8 // Set state as not initialized. This means that Startup is required |
| 18302 | 9 s_initialized = FALSE; |
| 18303 | 10 |
| 18304 | 11 return; |
| 18305 | 12 } |
| 18306 | |
| 18307 | |
| 18308 | 9.13.3.2 TPMRegisterStartup() |
| 18309 | |
| 18310 | This function registers the fact that the TPM has been initialized (a TPM2_Startup() has completed |
| 18311 | successfully). |
| 18312 | |
| 18313 | 13 void |
| 18314 | 14 TPMRegisterStartup( |
| 18315 | 15 void |
| 18316 | 16 ) |
| 18317 | 17 { |
| 18318 | 18 s_initialized = TRUE; |
| 18319 | 19 |
| 18320 | 20 return; |
| 18321 | 21 } |
| 18322 | |
| 18323 | |
| 18324 | 9.13.3.3 TPMIsStarted() |
| 18325 | |
| 18326 | Indicates if the TPM has been initialized (a TPM2_Startup() has completed successfully after a |
| 18327 | _TPM_Init()). |
| 18328 | |
| 18329 | Return Value Meaning |
| 18330 | |
| 18331 | TRUE TPM has been initialized |
| 18332 | FALSE TPM has not been initialized |
| 18333 | |
| 18334 | 22 BOOL |
| 18335 | 23 TPMIsStarted( |
| 18336 | 24 void |
| 18337 | 25 ) |
| 18338 | 26 { |
| 18339 | 27 return s_initialized; |
| 18340 | 28 } |
| 18341 | |
| 18342 | |
| 18343 | 9.14 PropertyCap.c |
| 18344 | |
| 18345 | 9.14.1 Description |
| 18346 | |
| 18347 | This file contains the functions that are used for accessing the TPM_CAP_TPM_PROPERTY values. |
| 18348 | |
| 18349 | |
| 18350 | |
| 18351 | |
| 18352 | Family "2.0" TCG Published Page 257 |
| 18353 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 18354 | Trusted Platform Module Library Part 4: Supporting Routines |
| 18355 | |
| 18356 | 9.14.2 Includes |
| 18357 | |
| 18358 | 1 #include "InternalRoutines.h" |
| 18359 | |
| 18360 | |
| 18361 | 9.14.3 Functions |
| 18362 | |
| 18363 | 9.14.3.1 PCRGetProperty() |
| 18364 | |
| 18365 | This function accepts a property selection and, if so, sets value to the value of the property. |
| 18366 | All the fixed values are vendor dependent or determined by a platform-specific specification. The values |
| 18367 | in the table below are examples and should be changed by the vendor. |
| 18368 | |
| 18369 | Return Value Meaning |
| 18370 | |
| 18371 | TRUE referenced property exists and value set |
| 18372 | FALSE referenced property does not exist |
| 18373 | |
| 18374 | 2 static BOOL |
| 18375 | 3 TPMPropertyIsDefined( |
| 18376 | 4 TPM_PT property, // IN: property |
| 18377 | 5 UINT32 *value // OUT: property value |
| 18378 | 6 ) |
| 18379 | 7 { |
| 18380 | 8 switch(property) |
| 18381 | 9 { |
| 18382 | 10 case TPM_PT_FAMILY_INDICATOR: |
| 18383 | 11 // from the title page of the specification |
| 18384 | 12 // For this specification, the value is "2.0". |
| 18385 | 13 *value = TPM_SPEC_FAMILY; |
| 18386 | 14 break; |
| 18387 | 15 case TPM_PT_LEVEL: |
| 18388 | 16 // from the title page of the specification |
| 18389 | 17 *value = TPM_SPEC_LEVEL; |
| 18390 | 18 break; |
| 18391 | 19 case TPM_PT_REVISION: |
| 18392 | 20 // from the title page of the specification |
| 18393 | 21 *value = TPM_SPEC_VERSION; |
| 18394 | 22 break; |
| 18395 | 23 case TPM_PT_DAY_OF_YEAR: |
| 18396 | 24 // computed from the date value on the title page of the specification |
| 18397 | 25 *value = TPM_SPEC_DAY_OF_YEAR; |
| 18398 | 26 break; |
| 18399 | 27 case TPM_PT_YEAR: |
| 18400 | 28 // from the title page of the specification |
| 18401 | 29 *value = TPM_SPEC_YEAR; |
| 18402 | 30 break; |
| 18403 | 31 case TPM_PT_MANUFACTURER: |
| 18404 | 32 // vendor ID unique to each TPM manufacturer |
| 18405 | 33 *value = BYTE_ARRAY_TO_UINT32(MANUFACTURER); |
| 18406 | 34 break; |
| 18407 | 35 case TPM_PT_VENDOR_STRING_1: |
| 18408 | 36 // first four characters of the vendor ID string |
| 18409 | 37 *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_1); |
| 18410 | 38 break; |
| 18411 | 39 case TPM_PT_VENDOR_STRING_2: |
| 18412 | 40 // second four characters of the vendor ID string |
| 18413 | 41 #ifdef VENDOR_STRING_2 |
| 18414 | 42 *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_2); |
| 18415 | 43 #else |
| 18416 | 44 *value = 0; |
| 18417 | 45 #endif |
| 18418 | |
| 18419 | Page 258 TCG Published Family "2.0" |
| 18420 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 18421 | Part 4: Supporting Routines Trusted Platform Module Library |
| 18422 | |
| 18423 | 46 break; |
| 18424 | 47 case TPM_PT_VENDOR_STRING_3: |
| 18425 | 48 // third four characters of the vendor ID string |
| 18426 | 49 #ifdef VENDOR_STRING_3 |
| 18427 | 50 *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_3); |
| 18428 | 51 #else |
| 18429 | 52 *value = 0; |
| 18430 | 53 #endif |
| 18431 | 54 break; |
| 18432 | 55 case TPM_PT_VENDOR_STRING_4: |
| 18433 | 56 // fourth four characters of the vendor ID string |
| 18434 | 57 #ifdef VENDOR_STRING_4 |
| 18435 | 58 *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_4); |
| 18436 | 59 #else |
| 18437 | 60 *value = 0; |
| 18438 | 61 #endif |
| 18439 | 62 break; |
| 18440 | 63 case TPM_PT_VENDOR_TPM_TYPE: |
| 18441 | 64 // vendor-defined value indicating the TPM model |
| 18442 | 65 *value = 1; |
| 18443 | 66 break; |
| 18444 | 67 case TPM_PT_FIRMWARE_VERSION_1: |
| 18445 | 68 // more significant 32-bits of a vendor-specific value |
| 18446 | 69 *value = gp.firmwareV1; |
| 18447 | 70 break; |
| 18448 | 71 case TPM_PT_FIRMWARE_VERSION_2: |
| 18449 | 72 // less significant 32-bits of a vendor-specific value |
| 18450 | 73 *value = gp.firmwareV2; |
| 18451 | 74 break; |
| 18452 | 75 case TPM_PT_INPUT_BUFFER: |
| 18453 | 76 // maximum size of TPM2B_MAX_BUFFER |
| 18454 | 77 *value = MAX_DIGEST_BUFFER; |
| 18455 | 78 break; |
| 18456 | 79 case TPM_PT_HR_TRANSIENT_MIN: |
| 18457 | 80 // minimum number of transient objects that can be held in TPM |
| 18458 | 81 // RAM |
| 18459 | 82 *value = MAX_LOADED_OBJECTS; |
| 18460 | 83 break; |
| 18461 | 84 case TPM_PT_HR_PERSISTENT_MIN: |
| 18462 | 85 // minimum number of persistent objects that can be held in |
| 18463 | 86 // TPM NV memory |
| 18464 | 87 // In this implementation, there is no minimum number of |
| 18465 | 88 // persistent objects. |
| 18466 | 89 *value = MIN_EVICT_OBJECTS; |
| 18467 | 90 break; |
| 18468 | 91 case TPM_PT_HR_LOADED_MIN: |
| 18469 | 92 // minimum number of authorization sessions that can be held in |
| 18470 | 93 // TPM RAM |
| 18471 | 94 *value = MAX_LOADED_SESSIONS; |
| 18472 | 95 break; |
| 18473 | 96 case TPM_PT_ACTIVE_SESSIONS_MAX: |
| 18474 | 97 // number of authorization sessions that may be active at a time |
| 18475 | 98 *value = MAX_ACTIVE_SESSIONS; |
| 18476 | 99 break; |
| 18477 | 100 case TPM_PT_PCR_COUNT: |
| 18478 | 101 // number of PCR implemented |
| 18479 | 102 *value = IMPLEMENTATION_PCR; |
| 18480 | 103 break; |
| 18481 | 104 case TPM_PT_PCR_SELECT_MIN: |
| 18482 | 105 // minimum number of bytes in a TPMS_PCR_SELECT.sizeOfSelect |
| 18483 | 106 *value = PCR_SELECT_MIN; |
| 18484 | 107 break; |
| 18485 | 108 case TPM_PT_CONTEXT_GAP_MAX: |
| 18486 | 109 // maximum allowed difference (unsigned) between the contextID |
| 18487 | 110 // values of two saved session contexts |
| 18488 | 111 *value = (1 << (sizeof(CONTEXT_SLOT) * 8)) - 1; |
| 18489 | |
| 18490 | Family "2.0" TCG Published Page 259 |
| 18491 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 18492 | Trusted Platform Module Library Part 4: Supporting Routines |
| 18493 | |
| 18494 | 112 break; |
| 18495 | 113 case TPM_PT_NV_COUNTERS_MAX: |
| 18496 | 114 // maximum number of NV indexes that are allowed to have the |
| 18497 | 115 // TPMA_NV_COUNTER attribute SET |
| 18498 | 116 // In this implementation, there is no limitation on the number |
| 18499 | 117 // of counters, except for the size of the NV Index memory. |
| 18500 | 118 *value = 0; |
| 18501 | 119 break; |
| 18502 | 120 case TPM_PT_NV_INDEX_MAX: |
| 18503 | 121 // maximum size of an NV index data area |
| 18504 | 122 *value = MAX_NV_INDEX_SIZE; |
| 18505 | 123 break; |
| 18506 | 124 case TPM_PT_MEMORY: |
| 18507 | 125 // a TPMA_MEMORY indicating the memory management method for the TPM |
| 18508 | 126 { |
| 18509 | 127 TPMA_MEMORY attributes = {0}; |
| 18510 | 128 attributes.sharedNV = SET; |
| 18511 | 129 attributes.objectCopiedToRam = SET; |
| 18512 | 130 |
| 18513 | 131 // Note: Different compilers may require a different method to cast |
| 18514 | 132 // a bit field structure to a UINT32. |
| 18515 | 133 *value = * (UINT32 *) &attributes; |
| 18516 | 134 break; |
| 18517 | 135 } |
| 18518 | 136 case TPM_PT_CLOCK_UPDATE: |
| 18519 | 137 // interval, in seconds, between updates to the copy of |
| 18520 | 138 // TPMS_TIME_INFO .clock in NV |
| 18521 | 139 *value = (1 << NV_CLOCK_UPDATE_INTERVAL); |
| 18522 | 140 break; |
| 18523 | 141 case TPM_PT_CONTEXT_HASH: |
| 18524 | 142 // algorithm used for the integrity hash on saved contexts and |
| 18525 | 143 // for digesting the fuData of TPM2_FirmwareRead() |
| 18526 | 144 *value = CONTEXT_INTEGRITY_HASH_ALG; |
| 18527 | 145 break; |
| 18528 | 146 case TPM_PT_CONTEXT_SYM: |
| 18529 | 147 // algorithm used for encryption of saved contexts |
| 18530 | 148 *value = CONTEXT_ENCRYPT_ALG; |
| 18531 | 149 break; |
| 18532 | 150 case TPM_PT_CONTEXT_SYM_SIZE: |
| 18533 | 151 // size of the key used for encryption of saved contexts |
| 18534 | 152 *value = CONTEXT_ENCRYPT_KEY_BITS; |
| 18535 | 153 break; |
| 18536 | 154 case TPM_PT_ORDERLY_COUNT: |
| 18537 | 155 // maximum difference between the volatile and non-volatile |
| 18538 | 156 // versions of TPMA_NV_COUNTER that have TPMA_NV_ORDERLY SET |
| 18539 | 157 *value = MAX_ORDERLY_COUNT; |
| 18540 | 158 break; |
| 18541 | 159 case TPM_PT_MAX_COMMAND_SIZE: |
| 18542 | 160 // maximum value for 'commandSize' |
| 18543 | 161 *value = MAX_COMMAND_SIZE; |
| 18544 | 162 break; |
| 18545 | 163 case TPM_PT_MAX_RESPONSE_SIZE: |
| 18546 | 164 // maximum value for 'responseSize' |
| 18547 | 165 *value = MAX_RESPONSE_SIZE; |
| 18548 | 166 break; |
| 18549 | 167 case TPM_PT_MAX_DIGEST: |
| 18550 | 168 // maximum size of a digest that can be produced by the TPM |
| 18551 | 169 *value = sizeof(TPMU_HA); |
| 18552 | 170 break; |
| 18553 | 171 case TPM_PT_MAX_OBJECT_CONTEXT: |
| 18554 | 172 // maximum size of a TPMS_CONTEXT that will be returned by |
| 18555 | 173 // TPM2_ContextSave for object context |
| 18556 | 174 *value = 0; |
| 18557 | 175 |
| 18558 | 176 // adding sequence, saved handle and hierarchy |
| 18559 | 177 *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + |
| 18560 | |
| 18561 | Page 260 TCG Published Family "2.0" |
| 18562 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 18563 | Part 4: Supporting Routines Trusted Platform Module Library |
| 18564 | |
| 18565 | 178 sizeof(TPMI_RH_HIERARCHY); |
| 18566 | 179 // add size field in TPM2B_CONTEXT |
| 18567 | 180 *value += sizeof(UINT16); |
| 18568 | 181 |
| 18569 | 182 // add integrity hash size |
| 18570 | 183 *value += sizeof(UINT16) + |
| 18571 | 184 CryptGetHashDigestSize(CONTEXT_INTEGRITY_HASH_ALG); |
| 18572 | 185 |
| 18573 | 186 // Add fingerprint size, which is the same as sequence size |
| 18574 | 187 *value += sizeof(UINT64); |
| 18575 | 188 |
| 18576 | 189 // Add OBJECT structure size |
| 18577 | 190 *value += sizeof(OBJECT); |
| 18578 | 191 break; |
| 18579 | 192 case TPM_PT_MAX_SESSION_CONTEXT: |
| 18580 | 193 // the maximum size of a TPMS_CONTEXT that will be returned by |
| 18581 | 194 // TPM2_ContextSave for object context |
| 18582 | 195 *value = 0; |
| 18583 | 196 |
| 18584 | 197 // adding sequence, saved handle and hierarchy |
| 18585 | 198 *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + |
| 18586 | 199 sizeof(TPMI_RH_HIERARCHY); |
| 18587 | 200 // Add size field in TPM2B_CONTEXT |
| 18588 | 201 *value += sizeof(UINT16); |
| 18589 | 202 |
| 18590 | 203 // Add integrity hash size |
| 18591 | 204 *value += sizeof(UINT16) + |
| 18592 | 205 CryptGetHashDigestSize(CONTEXT_INTEGRITY_HASH_ALG); |
| 18593 | 206 // Add fingerprint size, which is the same as sequence size |
| 18594 | 207 *value += sizeof(UINT64); |
| 18595 | 208 |
| 18596 | 209 // Add SESSION structure size |
| 18597 | 210 *value += sizeof(SESSION); |
| 18598 | 211 break; |
| 18599 | 212 case TPM_PT_PS_FAMILY_INDICATOR: |
| 18600 | 213 // platform specific values for the TPM_PT_PS parameters from |
| 18601 | 214 // the relevant platform-specific specification |
| 18602 | 215 // In this reference implementation, all of these values are 0. |
| 18603 | 216 *value = 0; |
| 18604 | 217 break; |
| 18605 | 218 case TPM_PT_PS_LEVEL: |
| 18606 | 219 // level of the platform-specific specification |
| 18607 | 220 *value = 0; |
| 18608 | 221 break; |
| 18609 | 222 case TPM_PT_PS_REVISION: |
| 18610 | 223 // specification Revision times 100 for the platform-specific |
| 18611 | 224 // specification |
| 18612 | 225 *value = 0; |
| 18613 | 226 break; |
| 18614 | 227 case TPM_PT_PS_DAY_OF_YEAR: |
| 18615 | 228 // platform-specific specification day of year using TCG calendar |
| 18616 | 229 *value = 0; |
| 18617 | 230 break; |
| 18618 | 231 case TPM_PT_PS_YEAR: |
| 18619 | 232 // platform-specific specification year using the CE |
| 18620 | 233 *value = 0; |
| 18621 | 234 break; |
| 18622 | 235 case TPM_PT_SPLIT_MAX: |
| 18623 | 236 // number of split signing operations supported by the TPM |
| 18624 | 237 *value = 0; |
| 18625 | 238 #ifdef TPM_ALG_ECC |
| 18626 | 239 *value = sizeof(gr.commitArray) * 8; |
| 18627 | 240 #endif |
| 18628 | 241 break; |
| 18629 | 242 case TPM_PT_TOTAL_COMMANDS: |
| 18630 | 243 // total number of commands implemented in the TPM |
| 18631 | |
| 18632 | Family "2.0" TCG Published Page 261 |
| 18633 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 18634 | Trusted Platform Module Library Part 4: Supporting Routines |
| 18635 | |
| 18636 | 244 // Since the reference implementation does not have any |
| 18637 | 245 // vendor-defined commands, this will be the same as the |
| 18638 | 246 // number of library commands. |
| 18639 | 247 { |
| 18640 | 248 UINT32 i; |
| 18641 | 249 *value = 0; |
| 18642 | 250 |
| 18643 | 251 // calculate implemented command numbers |
| 18644 | 252 for(i = TPM_CC_FIRST; i <= TPM_CC_LAST; i++) |
| 18645 | 253 { |
| 18646 | 254 if(CommandIsImplemented(i)) (*value)++; |
| 18647 | 255 } |
| 18648 | 256 break; |
| 18649 | 257 } |
| 18650 | 258 case TPM_PT_LIBRARY_COMMANDS: |
| 18651 | 259 // number of commands from the TPM library that are implemented |
| 18652 | 260 { |
| 18653 | 261 UINT32 i; |
| 18654 | 262 *value = 0; |
| 18655 | 263 |
| 18656 | 264 // calculate implemented command numbers |
| 18657 | 265 for(i = TPM_CC_FIRST; i <= TPM_CC_LAST; i++) |
| 18658 | 266 { |
| 18659 | 267 if(CommandIsImplemented(i)) (*value)++; |
| 18660 | 268 } |
| 18661 | 269 break; |
| 18662 | 270 } |
| 18663 | 271 case TPM_PT_VENDOR_COMMANDS: |
| 18664 | 272 // number of vendor commands that are implemented |
| 18665 | 273 *value = 0; |
| 18666 | 274 break; |
| 18667 | 275 case TPM_PT_PERMANENT: |
| 18668 | 276 // TPMA_PERMANENT |
| 18669 | 277 { |
| 18670 | 278 TPMA_PERMANENT flags = {0}; |
| 18671 | 279 if(gp.ownerAuth.t.size != 0) |
| 18672 | 280 flags.ownerAuthSet = SET; |
| 18673 | 281 if(gp.endorsementAuth.t.size != 0) |
| 18674 | 282 flags.endorsementAuthSet = SET; |
| 18675 | 283 if(gp.lockoutAuth.t.size != 0) |
| 18676 | 284 flags.lockoutAuthSet = SET; |
| 18677 | 285 if(gp.disableClear) |
| 18678 | 286 flags.disableClear = SET; |
| 18679 | 287 if(gp.failedTries >= gp.maxTries) |
| 18680 | 288 flags.inLockout = SET; |
| 18681 | 289 // In this implementation, EPS is always generated by TPM |
| 18682 | 290 flags.tpmGeneratedEPS = SET; |
| 18683 | 291 |
| 18684 | 292 // Note: Different compilers may require a different method to cast |
| 18685 | 293 // a bit field structure to a UINT32. |
| 18686 | 294 *value = * (UINT32 *) &flags; |
| 18687 | 295 break; |
| 18688 | 296 } |
| 18689 | 297 case TPM_PT_STARTUP_CLEAR: |
| 18690 | 298 // TPMA_STARTUP_CLEAR |
| 18691 | 299 { |
| 18692 | 300 TPMA_STARTUP_CLEAR flags = {0}; |
| 18693 | 301 if(g_phEnable) |
| 18694 | 302 flags.phEnable = SET; |
| 18695 | 303 if(gc.shEnable) |
| 18696 | 304 flags.shEnable = SET; |
| 18697 | 305 if(gc.ehEnable) |
| 18698 | 306 flags.ehEnable = SET; |
| 18699 | 307 if(gc.phEnableNV) |
| 18700 | 308 flags.phEnableNV = SET; |
| 18701 | 309 if(g_prevOrderlyState != SHUTDOWN_NONE) |
| 18702 | |
| 18703 | Page 262 TCG Published Family "2.0" |
| 18704 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 18705 | Part 4: Supporting Routines Trusted Platform Module Library |
| 18706 | |
| 18707 | 310 flags.orderly = SET; |
| 18708 | 311 |
| 18709 | 312 // Note: Different compilers may require a different method to cast |
| 18710 | 313 // a bit field structure to a UINT32. |
| 18711 | 314 *value = * (UINT32 *) &flags; |
| 18712 | 315 break; |
| 18713 | 316 } |
| 18714 | 317 case TPM_PT_HR_NV_INDEX: |
| 18715 | 318 // number of NV indexes currently defined |
| 18716 | 319 *value = NvCapGetIndexNumber(); |
| 18717 | 320 break; |
| 18718 | 321 case TPM_PT_HR_LOADED: |
| 18719 | 322 // number of authorization sessions currently loaded into TPM |
| 18720 | 323 // RAM |
| 18721 | 324 *value = SessionCapGetLoadedNumber(); |
| 18722 | 325 break; |
| 18723 | 326 case TPM_PT_HR_LOADED_AVAIL: |
| 18724 | 327 // number of additional authorization sessions, of any type, |
| 18725 | 328 // that could be loaded into TPM RAM |
| 18726 | 329 *value = SessionCapGetLoadedAvail(); |
| 18727 | 330 break; |
| 18728 | 331 case TPM_PT_HR_ACTIVE: |
| 18729 | 332 // number of active authorization sessions currently being |
| 18730 | 333 // tracked by the TPM |
| 18731 | 334 *value = SessionCapGetActiveNumber(); |
| 18732 | 335 break; |
| 18733 | 336 case TPM_PT_HR_ACTIVE_AVAIL: |
| 18734 | 337 // number of additional authorization sessions, of any type, |
| 18735 | 338 // that could be created |
| 18736 | 339 *value = SessionCapGetActiveAvail(); |
| 18737 | 340 break; |
| 18738 | 341 case TPM_PT_HR_TRANSIENT_AVAIL: |
| 18739 | 342 // estimate of the number of additional transient objects that |
| 18740 | 343 // could be loaded into TPM RAM |
| 18741 | 344 *value = ObjectCapGetTransientAvail(); |
| 18742 | 345 break; |
| 18743 | 346 case TPM_PT_HR_PERSISTENT: |
| 18744 | 347 // number of persistent objects currently loaded into TPM |
| 18745 | 348 // NV memory |
| 18746 | 349 *value = NvCapGetPersistentNumber(); |
| 18747 | 350 break; |
| 18748 | 351 case TPM_PT_HR_PERSISTENT_AVAIL: |
| 18749 | 352 // number of additional persistent objects that could be loaded |
| 18750 | 353 // into NV memory |
| 18751 | 354 *value = NvCapGetPersistentAvail(); |
| 18752 | 355 break; |
| 18753 | 356 case TPM_PT_NV_COUNTERS: |
| 18754 | 357 // number of defined NV indexes that have NV TPMA_NV_COUNTER |
| 18755 | 358 // attribute SET |
| 18756 | 359 *value = NvCapGetCounterNumber(); |
| 18757 | 360 break; |
| 18758 | 361 case TPM_PT_NV_COUNTERS_AVAIL: |
| 18759 | 362 // number of additional NV indexes that can be defined with their |
| 18760 | 363 // TPMA_NV_COUNTER attribute SET |
| 18761 | 364 *value = NvCapGetCounterAvail(); |
| 18762 | 365 break; |
| 18763 | 366 case TPM_PT_ALGORITHM_SET: |
| 18764 | 367 // region code for the TPM |
| 18765 | 368 *value = gp.algorithmSet; |
| 18766 | 369 break; |
| 18767 | 370 |
| 18768 | 371 case TPM_PT_LOADED_CURVES: |
| 18769 | 372 #ifdef TPM_ALG_ECC |
| 18770 | 373 // number of loaded ECC curves |
| 18771 | 374 *value = CryptCapGetEccCurveNumber(); |
| 18772 | 375 #else // TPM_ALG_ECC |
| 18773 | |
| 18774 | Family "2.0" TCG Published Page 263 |
| 18775 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 18776 | Trusted Platform Module Library Part 4: Supporting Routines |
| 18777 | |
| 18778 | 376 *value = 0; |
| 18779 | 377 #endif // TPM_ALG_ECC |
| 18780 | 378 break; |
| 18781 | 379 |
| 18782 | 380 case TPM_PT_LOCKOUT_COUNTER: |
| 18783 | 381 // current value of the lockout counter |
| 18784 | 382 *value = gp.failedTries; |
| 18785 | 383 break; |
| 18786 | 384 case TPM_PT_MAX_AUTH_FAIL: |
| 18787 | 385 // number of authorization failures before DA lockout is invoked |
| 18788 | 386 *value = gp.maxTries; |
| 18789 | 387 break; |
| 18790 | 388 case TPM_PT_LOCKOUT_INTERVAL: |
| 18791 | 389 // number of seconds before the value reported by |
| 18792 | 390 // TPM_PT_LOCKOUT_COUNTER is decremented |
| 18793 | 391 *value = gp.recoveryTime; |
| 18794 | 392 break; |
| 18795 | 393 case TPM_PT_LOCKOUT_RECOVERY: |
| 18796 | 394 // number of seconds after a lockoutAuth failure before use of |
| 18797 | 395 // lockoutAuth may be attempted again |
| 18798 | 396 *value = gp.lockoutRecovery; |
| 18799 | 397 break; |
| 18800 | 398 case TPM_PT_AUDIT_COUNTER_0: |
| 18801 | 399 // high-order 32 bits of the command audit counter |
| 18802 | 400 *value = (UINT32) (gp.auditCounter >> 32); |
| 18803 | 401 break; |
| 18804 | 402 case TPM_PT_AUDIT_COUNTER_1: |
| 18805 | 403 // low-order 32 bits of the command audit counter |
| 18806 | 404 *value = (UINT32) (gp.auditCounter); |
| 18807 | 405 break; |
| 18808 | 406 default: |
| 18809 | 407 // property is not defined |
| 18810 | 408 return FALSE; |
| 18811 | 409 break; |
| 18812 | 410 } |
| 18813 | 411 |
| 18814 | 412 return TRUE; |
| 18815 | 413 } |
| 18816 | |
| 18817 | |
| 18818 | 9.14.3.2 TPMCapGetProperties() |
| 18819 | |
| 18820 | This function is used to get the TPM_PT values. The search of properties will start at property and |
| 18821 | continue until propertyList has as many values as will fit, or the last property has been reported, or the list |
| 18822 | has as many values as requested in count. |
| 18823 | |
| 18824 | Return Value Meaning |
| 18825 | |
| 18826 | YES more properties are available |
| 18827 | NO no more properties to be reported |
| 18828 | |
| 18829 | 414 TPMI_YES_NO |
| 18830 | 415 TPMCapGetProperties( |
| 18831 | 416 TPM_PT property, // IN: the starting TPM property |
| 18832 | 417 UINT32 count, // IN: maximum number of returned |
| 18833 | 418 // propertie |
| 18834 | 419 TPML_TAGGED_TPM_PROPERTY *propertyList // OUT: property list |
| 18835 | 420 ) |
| 18836 | 421 { |
| 18837 | 422 TPMI_YES_NO more = NO; |
| 18838 | 423 UINT32 i; |
| 18839 | 424 |
| 18840 | 425 // initialize output property list |
| 18841 | 426 propertyList->count = 0; |
| 18842 | |
| 18843 | Page 264 TCG Published Family "2.0" |
| 18844 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 18845 | Part 4: Supporting Routines Trusted Platform Module Library |
| 18846 | |
| 18847 | 427 |
| 18848 | 428 // maximum count of properties we may return is MAX_PCR_PROPERTIES |
| 18849 | 429 if(count > MAX_TPM_PROPERTIES) count = MAX_TPM_PROPERTIES; |
| 18850 | 430 |
| 18851 | 431 // If property is less than PT_FIXED, start from PT_FIXED. |
| 18852 | 432 if(property < PT_FIXED) property = PT_FIXED; |
| 18853 | 433 |
| 18854 | 434 // Scan through the TPM properties of the requested group. |
| 18855 | 435 // The size of TPM property group is PT_GROUP * 2 for fix and |
| 18856 | 436 // variable groups. |
| 18857 | 437 for(i = property; i <= PT_FIXED + PT_GROUP * 2; i++) |
| 18858 | 438 { |
| 18859 | 439 UINT32 value; |
| 18860 | 440 if(TPMPropertyIsDefined((TPM_PT) i, &value)) |
| 18861 | 441 { |
| 18862 | 442 if(propertyList->count < count) |
| 18863 | 443 { |
| 18864 | 444 |
| 18865 | 445 // If the list is not full, add this property |
| 18866 | 446 propertyList->tpmProperty[propertyList->count].property = |
| 18867 | 447 (TPM_PT) i; |
| 18868 | 448 propertyList->tpmProperty[propertyList->count].value = value; |
| 18869 | 449 propertyList->count++; |
| 18870 | 450 } |
| 18871 | 451 else |
| 18872 | 452 { |
| 18873 | 453 // If the return list is full but there are more properties |
| 18874 | 454 // available, set the indication and exit the loop. |
| 18875 | 455 more = YES; |
| 18876 | 456 break; |
| 18877 | 457 } |
| 18878 | 458 } |
| 18879 | 459 } |
| 18880 | 460 return more; |
| 18881 | 461 } |
| 18882 | |
| 18883 | |
| 18884 | 9.15 TpmFail.c |
| 18885 | |
| 18886 | 9.15.1 Includes, Defines, and Types |
| 18887 | |
| 18888 | 1 #define TPM_FAIL_C |
| 18889 | 2 #include "InternalRoutines.h" |
| 18890 | 3 #include <assert.h> |
| 18891 | |
| 18892 | On MS C compiler, can save the alignment state and set the alignment to 1 for the duration of the |
| 18893 | TPM_Types.h include. This will avoid a lot of alignment warnings from the compiler for the unaligned |
| 18894 | structures. The alignment of the structures is not important as this function does not use any of the |
| 18895 | structures in TPM_Types.h and only include it for the #defines of the capabilities, properties, and |
| 18896 | command code values. |
| 18897 | |
| 18898 | 4 #pragma pack(push, 1) |
| 18899 | 5 #include "TPM_Types.h" |
| 18900 | 6 #pragma pack (pop) |
| 18901 | 7 #include "swap.h" |
| 18902 | |
| 18903 | |
| 18904 | 9.15.2 Typedefs |
| 18905 | |
| 18906 | These defines are used primarily for sizing of the local response buffer. |
| 18907 | |
| 18908 | 8 #pragma pack(push,1) |
| 18909 | 9 typedef struct { |
| 18910 | |
| 18911 | Family "2.0" TCG Published Page 265 |
| 18912 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 18913 | Trusted Platform Module Library Part 4: Supporting Routines |
| 18914 | |
| 18915 | 10 TPM_ST tag; |
| 18916 | 11 UINT32 size; |
| 18917 | 12 TPM_RC code; |
| 18918 | 13 } HEADER; |
| 18919 | 14 typedef struct { |
| 18920 | 15 UINT16 size; |
| 18921 | 16 struct { |
| 18922 | 17 UINT32 function; |
| 18923 | 18 UINT32 line; |
| 18924 | 19 UINT32 code; |
| 18925 | 20 } values; |
| 18926 | 21 TPM_RC returnCode; |
| 18927 | 22 } GET_TEST_RESULT_PARAMETERS; |
| 18928 | 23 typedef struct { |
| 18929 | 24 TPMI_YES_NO moreData; |
| 18930 | 25 TPM_CAP capability; // Always TPM_CAP_TPM_PROPERTIES |
| 18931 | 26 TPML_TAGGED_TPM_PROPERTY tpmProperty; // a single tagged property |
| 18932 | 27 } GET_CAPABILITY_PARAMETERS; |
| 18933 | 28 typedef struct { |
| 18934 | 29 HEADER header; |
| 18935 | 30 GET_TEST_RESULT_PARAMETERS getTestResult; |
| 18936 | 31 } TEST_RESPONSE; |
| 18937 | 32 typedef struct { |
| 18938 | 33 HEADER header; |
| 18939 | 34 GET_CAPABILITY_PARAMETERS getCap; |
| 18940 | 35 } CAPABILITY_RESPONSE; |
| 18941 | 36 typedef union { |
| 18942 | 37 TEST_RESPONSE test; |
| 18943 | 38 CAPABILITY_RESPONSE cap; |
| 18944 | 39 } RESPONSES; |
| 18945 | 40 #pragma pack(pop) |
| 18946 | |
| 18947 | Buffer to hold the responses. This may be a little larger than required due to padding that a compiler |
| 18948 | might add. |
| 18949 | |
| 18950 | NOTE: This is not in Global.c because of the specialized data definitions above. Since the data contained in this |
| 18951 | structure is not relevant outside of the execution of a single command (when the TPM is in failure mode. There |
| 18952 | is no compelling reason to move all the typedefs to Global.h and this structure to Global.c. |
| 18953 | |
| 18954 | 41 #ifndef __IGNORE_STATE__ // Don't define this value |
| 18955 | 42 static BYTE response[sizeof(RESPONSES)]; |
| 18956 | 43 #endif |
| 18957 | |
| 18958 | |
| 18959 | 9.15.3 Local Functions |
| 18960 | |
| 18961 | 9.15.3.1 MarshalUint16() |
| 18962 | |
| 18963 | Function to marshal a 16 bit value to the output buffer. |
| 18964 | |
| 18965 | 44 static INT32 |
| 18966 | 45 MarshalUint16( |
| 18967 | 46 UINT16 integer, |
| 18968 | 47 BYTE **buffer |
| 18969 | 48 ) |
| 18970 | 49 { |
| 18971 | 50 return UINT16_Marshal(&integer, buffer, NULL); |
| 18972 | 51 } |
| 18973 | |
| 18974 | |
| 18975 | 9.15.3.2 MarshalUint32() |
| 18976 | |
| 18977 | Function to marshal a 32 bit value to the output buffer. |
| 18978 | |
| 18979 | Page 266 TCG Published Family "2.0" |
| 18980 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 18981 | Part 4: Supporting Routines Trusted Platform Module Library |
| 18982 | |
| 18983 | 52 static INT32 |
| 18984 | 53 MarshalUint32( |
| 18985 | 54 UINT32 integer, |
| 18986 | 55 BYTE **buffer |
| 18987 | 56 ) |
| 18988 | 57 { |
| 18989 | 58 return UINT32_Marshal(&integer, buffer, NULL); |
| 18990 | 59 } |
| 18991 | |
| 18992 | |
| 18993 | 9.15.3.3 UnmarshalHeader() |
| 18994 | |
| 18995 | Funtion to unmarshal the 10-byte command header. |
| 18996 | |
| 18997 | 60 static BOOL |
| 18998 | 61 UnmarshalHeader( |
| 18999 | 62 HEADER *header, |
| 19000 | 63 BYTE **buffer, |
| 19001 | 64 INT32 *size |
| 19002 | 65 ) |
| 19003 | 66 { |
| 19004 | 67 UINT32 usize; |
| 19005 | 68 TPM_RC ucode; |
| 19006 | 69 if( UINT16_Unmarshal(&header->tag, buffer, size) != TPM_RC_SUCCESS |
| 19007 | 70 || UINT32_Unmarshal(&usize, buffer, size) != TPM_RC_SUCCESS |
| 19008 | 71 || UINT32_Unmarshal(&ucode, buffer, size) != TPM_RC_SUCCESS |
| 19009 | 72 ) |
| 19010 | 73 return FALSE; |
| 19011 | 74 header->size = usize; |
| 19012 | 75 header->code = ucode; |
| 19013 | 76 return TRUE; |
| 19014 | 77 } |
| 19015 | |
| 19016 | |
| 19017 | 9.15.4 Public Functions |
| 19018 | |
| 19019 | 9.15.4.1 SetForceFailureMode() |
| 19020 | |
| 19021 | This function is called by the simulator to enable failure mode testing. |
| 19022 | |
| 19023 | 78 LIB_EXPORT void |
| 19024 | 79 SetForceFailureMode( |
| 19025 | 80 void |
| 19026 | 81 ) |
| 19027 | 82 { |
| 19028 | 83 g_forceFailureMode = TRUE; |
| 19029 | 84 return; |
| 19030 | 85 } |
| 19031 | |
| 19032 | |
| 19033 | 9.15.4.2 TpmFail() |
| 19034 | |
| 19035 | This function is called by TPM.lib when a failure occurs. It will set up the failure values to be returned on |
| 19036 | TPM2_GetTestResult(). |
| 19037 | |
| 19038 | 86 void |
| 19039 | 87 TpmFail( |
| 19040 | 88 const char *function, |
| 19041 | 89 int line, int code |
| 19042 | 90 ) |
| 19043 | 91 { |
| 19044 | 92 // Save the values that indicate where the error occurred. |
| 19045 | 93 // On a 64-bit machine, this may truncate the address of the string |
| 19046 | |
| 19047 | Family "2.0" TCG Published Page 267 |
| 19048 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 19049 | Trusted Platform Module Library Part 4: Supporting Routines |
| 19050 | |
| 19051 | 94 // of the function name where the error occurred. |
| 19052 | 95 s_failFunction = *(UINT32*)&function; |
| 19053 | 96 s_failLine = line; |
| 19054 | 97 s_failCode = code; |
| 19055 | 98 |
| 19056 | 99 // if asserts are enabled, then do an assert unless the failure mode code |
| 19057 | 100 // is being tested |
| 19058 | 101 assert(g_forceFailureMode); |
| 19059 | 102 |
| 19060 | 103 // Clear this flag |
| 19061 | 104 g_forceFailureMode = FALSE; |
| 19062 | 105 |
| 19063 | 106 // Jump to the failure mode code. |
| 19064 | 107 // Note: only get here if asserts are off or if we are testing failure mode |
| 19065 | 108 longjmp(&g_jumpBuffer[0], 1); |
| 19066 | 109 } |
| 19067 | |
| 19068 | |
| 19069 | 9.15.5 TpmFailureMode |
| 19070 | |
| 19071 | This function is called by the interface code when the platform is in failure mode. |
| 19072 | |
| 19073 | 110 void |
| 19074 | 111 TpmFailureMode ( |
| 19075 | 112 unsigned int inRequestSize, // IN: command buffer size |
| 19076 | 113 unsigned char *inRequest, // IN: command buffer |
| 19077 | 114 unsigned int *outResponseSize, // OUT: response buffer size |
| 19078 | 115 unsigned char **outResponse // OUT: response buffer |
| 19079 | 116 ) |
| 19080 | 117 { |
| 19081 | 118 BYTE *buffer; |
| 19082 | 119 UINT32 marshalSize; |
| 19083 | 120 UINT32 capability; |
| 19084 | 121 HEADER header; // unmarshaled command header |
| 19085 | 122 UINT32 pt; // unmarshaled property type |
| 19086 | 123 UINT32 count; // unmarshaled property count |
| 19087 | 124 |
| 19088 | 125 // If there is no command buffer, then just return TPM_RC_FAILURE |
| 19089 | 126 if(inRequestSize == 0 || inRequest == NULL) |
| 19090 | 127 goto FailureModeReturn; |
| 19091 | 128 |
| 19092 | 129 // If the header is not correct for TPM2_GetCapability() or |
| 19093 | 130 // TPM2_GetTestResult() then just return the in failure mode response; |
| 19094 | 131 buffer = inRequest; |
| 19095 | 132 if(!UnmarshalHeader(&header, &inRequest, (INT32 *)&inRequestSize)) |
| 19096 | 133 goto FailureModeReturn; |
| 19097 | 134 if( header.tag != TPM_ST_NO_SESSIONS |
| 19098 | 135 || header.size < 10) |
| 19099 | 136 goto FailureModeReturn; |
| 19100 | 137 |
| 19101 | 138 switch (header.code) { |
| 19102 | 139 case TPM_CC_GetTestResult: |
| 19103 | 140 |
| 19104 | 141 // make sure that the command size is correct |
| 19105 | 142 if(header.size != 10) |
| 19106 | 143 goto FailureModeReturn; |
| 19107 | 144 buffer = &response[10]; |
| 19108 | 145 marshalSize = MarshalUint16(3 * sizeof(UINT32), &buffer); |
| 19109 | 146 marshalSize += MarshalUint32(s_failFunction, &buffer); |
| 19110 | 147 marshalSize += MarshalUint32(s_failLine, &buffer); |
| 19111 | 148 marshalSize += MarshalUint32(s_failCode, &buffer); |
| 19112 | 149 if(s_failCode == FATAL_ERROR_NV_UNRECOVERABLE) |
| 19113 | 150 marshalSize += MarshalUint32(TPM_RC_NV_UNINITIALIZED, &buffer); |
| 19114 | 151 else |
| 19115 | 152 marshalSize += MarshalUint32(TPM_RC_FAILURE, &buffer); |
| 19116 | |
| 19117 | |
| 19118 | Page 268 TCG Published Family "2.0" |
| 19119 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 19120 | Part 4: Supporting Routines Trusted Platform Module Library |
| 19121 | |
| 19122 | 153 break; |
| 19123 | 154 |
| 19124 | 155 case TPM_CC_GetCapability: |
| 19125 | 156 // make sure that the size of the command is exactly the size |
| 19126 | 157 // returned for the capability, property, and count |
| 19127 | 158 if( header.size!= (10 + (3 * sizeof(UINT32))) |
| 19128 | 159 // also verify that this is requesting TPM properties |
| 19129 | 160 || (UINT32_Unmarshal(&capability, &inRequest, |
| 19130 | 161 (INT32 *)&inRequestSize) |
| 19131 | 162 != TPM_RC_SUCCESS) |
| 19132 | 163 || (capability != TPM_CAP_TPM_PROPERTIES) |
| 19133 | 164 || (UINT32_Unmarshal(&pt, &inRequest, (INT32 *)&inRequestSize) |
| 19134 | 165 != TPM_RC_SUCCESS) |
| 19135 | 166 || (UINT32_Unmarshal(&count, &inRequest, (INT32 *)&inRequestSize) |
| 19136 | 167 != TPM_RC_SUCCESS) |
| 19137 | 168 ) |
| 19138 | 169 |
| 19139 | 170 goto FailureModeReturn; |
| 19140 | 171 |
| 19141 | 172 // If in failure mode because of an unrecoverable read error, and the |
| 19142 | 173 // property is 0 and the count is 0, then this is an indication to |
| 19143 | 174 // re-manufacture the TPM. Do the re-manufacture but stay in failure |
| 19144 | 175 // mode until the TPM is reset. |
| 19145 | 176 // Note: this behavior is not required by the specification and it is |
| 19146 | 177 // OK to leave the TPM permanently bricked due to an unrecoverable NV |
| 19147 | 178 // error. |
| 19148 | 179 if( count == 0 && pt == 0 && s_failCode == FATAL_ERROR_NV_UNRECOVERABLE) |
| 19149 | 180 { |
| 19150 | 181 g_manufactured = FALSE; |
| 19151 | 182 TPM_Manufacture(0); |
| 19152 | 183 } |
| 19153 | 184 |
| 19154 | 185 if(count > 0) |
| 19155 | 186 count = 1; |
| 19156 | 187 else if(pt > TPM_PT_FIRMWARE_VERSION_2) |
| 19157 | 188 count = 0; |
| 19158 | 189 if(pt < TPM_PT_MANUFACTURER) |
| 19159 | 190 pt = TPM_PT_MANUFACTURER; |
| 19160 | 191 |
| 19161 | 192 // set up for return |
| 19162 | 193 buffer = &response[10]; |
| 19163 | 194 // if the request was for a PT less than the last one |
| 19164 | 195 // then we indicate more, otherwise, not. |
| 19165 | 196 if(pt < TPM_PT_FIRMWARE_VERSION_2) |
| 19166 | 197 *buffer++ = YES; |
| 19167 | 198 else |
| 19168 | 199 *buffer++ = NO; |
| 19169 | 200 |
| 19170 | 201 marshalSize = 1; |
| 19171 | 202 |
| 19172 | 203 // indicate the capability type |
| 19173 | 204 marshalSize += MarshalUint32(capability, &buffer); |
| 19174 | 205 // indicate the number of values that are being returned (0 or 1) |
| 19175 | 206 marshalSize += MarshalUint32(count, &buffer); |
| 19176 | 207 // indicate the property |
| 19177 | 208 marshalSize += MarshalUint32(pt, &buffer); |
| 19178 | 209 |
| 19179 | 210 if(count > 0) |
| 19180 | 211 switch (pt) { |
| 19181 | 212 case TPM_PT_MANUFACTURER: |
| 19182 | 213 // the vendor ID unique to each TPM manufacturer |
| 19183 | 214 #ifdef MANUFACTURER |
| 19184 | 215 pt = *(UINT32*)MANUFACTURER; |
| 19185 | 216 #else |
| 19186 | 217 pt = 0; |
| 19187 | 218 #endif |
| 19188 | |
| 19189 | Family "2.0" TCG Published Page 269 |
| 19190 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 19191 | Trusted Platform Module Library Part 4: Supporting Routines |
| 19192 | |
| 19193 | 219 break; |
| 19194 | 220 case TPM_PT_VENDOR_STRING_1: |
| 19195 | 221 // the first four characters of the vendor ID string |
| 19196 | 222 #ifdef VENDOR_STRING_1 |
| 19197 | 223 pt = *(UINT32*)VENDOR_STRING_1; |
| 19198 | 224 #else |
| 19199 | 225 pt = 0; |
| 19200 | 226 #endif |
| 19201 | 227 break; |
| 19202 | 228 case TPM_PT_VENDOR_STRING_2: |
| 19203 | 229 // the second four characters of the vendor ID string |
| 19204 | 230 #ifdef VENDOR_STRING_2 |
| 19205 | 231 pt = *(UINT32*)VENDOR_STRING_2; |
| 19206 | 232 #else |
| 19207 | 233 pt = 0; |
| 19208 | 234 #endif |
| 19209 | 235 break; |
| 19210 | 236 case TPM_PT_VENDOR_STRING_3: |
| 19211 | 237 // the third four characters of the vendor ID string |
| 19212 | 238 #ifdef VENDOR_STRING_3 |
| 19213 | 239 pt = *(UINT32*)VENDOR_STRING_3; |
| 19214 | 240 #else |
| 19215 | 241 pt = 0; |
| 19216 | 242 #endif |
| 19217 | 243 break; |
| 19218 | 244 case TPM_PT_VENDOR_STRING_4: |
| 19219 | 245 // the fourth four characters of the vendor ID string |
| 19220 | 246 #ifdef VENDOR_STRING_4 |
| 19221 | 247 pt = *(UINT32*)VENDOR_STRING_4; |
| 19222 | 248 #else |
| 19223 | 249 pt = 0; |
| 19224 | 250 #endif |
| 19225 | 251 |
| 19226 | 252 break; |
| 19227 | 253 case TPM_PT_VENDOR_TPM_TYPE: |
| 19228 | 254 // vendor-defined value indicating the TPM model |
| 19229 | 255 // We just make up a number here |
| 19230 | 256 pt = 1; |
| 19231 | 257 break; |
| 19232 | 258 case TPM_PT_FIRMWARE_VERSION_1: |
| 19233 | 259 // the more significant 32-bits of a vendor-specific value |
| 19234 | 260 // indicating the version of the firmware |
| 19235 | 261 #ifdef FIRMWARE_V1 |
| 19236 | 262 pt = FIRMWARE_V1; |
| 19237 | 263 #else |
| 19238 | 264 pt = 0; |
| 19239 | 265 #endif |
| 19240 | 266 break; |
| 19241 | 267 default: // TPM_PT_FIRMWARE_VERSION_2: |
| 19242 | 268 // the less significant 32-bits of a vendor-specific value |
| 19243 | 269 // indicating the version of the firmware |
| 19244 | 270 #ifdef FIRMWARE_V2 |
| 19245 | 271 pt = FIRMWARE_V2; |
| 19246 | 272 #else |
| 19247 | 273 pt = 0; |
| 19248 | 274 #endif |
| 19249 | 275 break; |
| 19250 | 276 } |
| 19251 | 277 marshalSize += MarshalUint32(pt, &buffer); |
| 19252 | 278 break; |
| 19253 | 279 default: // default for switch (cc) |
| 19254 | 280 goto FailureModeReturn; |
| 19255 | 281 } |
| 19256 | 282 // Now do the header |
| 19257 | 283 buffer = response; |
| 19258 | 284 marshalSize = marshalSize + 10; // Add the header size to the |
| 19259 | |
| 19260 | Page 270 TCG Published Family "2.0" |
| 19261 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 19262 | Part 4: Supporting Routines Trusted Platform Module Library |
| 19263 | |
| 19264 | 285 // stuff already marshaled |
| 19265 | 286 MarshalUint16(TPM_ST_NO_SESSIONS, &buffer); // structure tag |
| 19266 | 287 MarshalUint32(marshalSize, &buffer); // responseSize |
| 19267 | 288 MarshalUint32(TPM_RC_SUCCESS, &buffer); // response code |
| 19268 | 289 |
| 19269 | 290 *outResponseSize = marshalSize; |
| 19270 | 291 *outResponse = (unsigned char *)&response; |
| 19271 | 292 return; |
| 19272 | 293 |
| 19273 | 294 FailureModeReturn: |
| 19274 | 295 |
| 19275 | 296 buffer = response; |
| 19276 | 297 |
| 19277 | 298 marshalSize = MarshalUint16(TPM_ST_NO_SESSIONS, &buffer); |
| 19278 | 299 marshalSize += MarshalUint32(10, &buffer); |
| 19279 | 300 marshalSize += MarshalUint32(TPM_RC_FAILURE, &buffer); |
| 19280 | 301 |
| 19281 | 302 *outResponseSize = marshalSize; |
| 19282 | 303 *outResponse = (unsigned char *)response; |
| 19283 | 304 return; |
| 19284 | 305 } |
| 19285 | |
| 19286 | |
| 19287 | |
| 19288 | |
| 19289 | Family "2.0" TCG Published Page 271 |
| 19290 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 19291 | Trusted Platform Module Library Part 4: Supporting Routines |
| 19292 | |
| 19293 | |
| 19294 | 10 Cryptographic Functions |
| 19295 | |
| 19296 | 10.1 Introduction |
| 19297 | |
| 19298 | The files in this section provide cryptographic support for the other functions in the TPM and the interface |
| 19299 | to the Crypto Engine. |
| 19300 | |
| 19301 | 10.2 CryptUtil.c |
| 19302 | |
| 19303 | 10.2.1 Includes |
| 19304 | |
| 19305 | 1 #include "TPM_Types.h" |
| 19306 | 2 #include "CryptoEngine.h" // types shared by CryptUtil and CryptoEngine. |
| 19307 | 3 // Includes the function prototypes for the |
| 19308 | 4 // CryptoEngine functions. |
| 19309 | 5 #include "Global.h" |
| 19310 | 6 #include "InternalRoutines.h" |
| 19311 | 7 #include "MemoryLib_fp.h" |
| 19312 | 8 //#include "CryptSelfTest_fp.h" |
| 19313 | |
| 19314 | |
| 19315 | 10.2.2 TranslateCryptErrors() |
| 19316 | |
| 19317 | This function converts errors from the cryptographic library into TPM_RC_VALUES. |
| 19318 | |
| 19319 | Error Returns Meaning |
| 19320 | |
| 19321 | TPM_RC_VALUE CRYPT_FAIL |
| 19322 | TPM_RC_NO_RESULT CRYPT_NO_RESULT |
| 19323 | TPM_RC_SCHEME CRYPT_SCHEME |
| 19324 | TPM_RC_VALUE CRYPT_PARAMETER |
| 19325 | TPM_RC_SIZE CRYPT_UNDERFLOW |
| 19326 | TPM_RC_ECC_POINT CRYPT_POINT |
| 19327 | TPM_RC_CANCELLED CRYPT_CANCEL |
| 19328 | |
| 19329 | 9 static TPM_RC |
| 19330 | 10 TranslateCryptErrors ( |
| 19331 | 11 CRYPT_RESULT retVal // IN: crypt error to evaluate |
| 19332 | 12 ) |
| 19333 | 13 { |
| 19334 | 14 switch (retVal) |
| 19335 | 15 { |
| 19336 | 16 case CRYPT_SUCCESS: |
| 19337 | 17 return TPM_RC_SUCCESS; |
| 19338 | 18 case CRYPT_FAIL: |
| 19339 | 19 return TPM_RC_VALUE; |
| 19340 | 20 case CRYPT_NO_RESULT: |
| 19341 | 21 return TPM_RC_NO_RESULT; |
| 19342 | 22 case CRYPT_SCHEME: |
| 19343 | 23 return TPM_RC_SCHEME; |
| 19344 | 24 case CRYPT_PARAMETER: |
| 19345 | 25 return TPM_RC_VALUE; |
| 19346 | 26 case CRYPT_UNDERFLOW: |
| 19347 | 27 return TPM_RC_SIZE; |
| 19348 | 28 case CRYPT_POINT: |
| 19349 | 29 return TPM_RC_ECC_POINT; |
| 19350 | 30 case CRYPT_CANCEL: |
| 19351 | |
| 19352 | Page 272 TCG Published Family "2.0" |
| 19353 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 19354 | Part 4: Supporting Routines Trusted Platform Module Library |
| 19355 | |
| 19356 | 31 return TPM_RC_CANCELED; |
| 19357 | 32 default: // Other unknown warnings |
| 19358 | 33 return TPM_RC_FAILURE; |
| 19359 | 34 } |
| 19360 | 35 } |
| 19361 | |
| 19362 | |
| 19363 | 10.2.3 Random Number Generation Functions |
| 19364 | |
| 19365 | 36 #ifdef TPM_ALG_NULL //% |
| 19366 | 37 #ifdef _DRBG_STATE_SAVE //% |
| 19367 | |
| 19368 | |
| 19369 | 10.2.3.1 CryptDrbgGetPutState() |
| 19370 | |
| 19371 | Read or write the current state from the DRBG in the cryptoEngine. |
| 19372 | |
| 19373 | 38 void |
| 19374 | 39 CryptDrbgGetPutState( |
| 19375 | 40 GET_PUT direction // IN: Get from or put to DRBG |
| 19376 | 41 ) |
| 19377 | 42 { |
| 19378 | 43 _cpri__DrbgGetPutState(direction, |
| 19379 | 44 sizeof(go.drbgState), |
| 19380 | 45 (BYTE *)&go.drbgState); |
| 19381 | 46 } |
| 19382 | 47 #else //% 00 |
| 19383 | 48 //%#define CryptDrbgGetPutState(ignored) // If not doing state save, turn this |
| 19384 | 49 //% // into a null macro |
| 19385 | 50 #endif //% |
| 19386 | |
| 19387 | |
| 19388 | 10.2.3.2 CryptStirRandom() |
| 19389 | |
| 19390 | Stir random entropy |
| 19391 | |
| 19392 | 51 void |
| 19393 | 52 CryptStirRandom( |
| 19394 | 53 UINT32 entropySize, // IN: size of entropy buffer |
| 19395 | 54 BYTE *buffer // IN: entropy buffer |
| 19396 | 55 ) |
| 19397 | 56 { |
| 19398 | 57 // RNG self testing code may be inserted here |
| 19399 | 58 |
| 19400 | 59 // Call crypto engine random number stirring function |
| 19401 | 60 _cpri__StirRandom(entropySize, buffer); |
| 19402 | 61 |
| 19403 | 62 return; |
| 19404 | 63 } |
| 19405 | |
| 19406 | |
| 19407 | 10.2.3.3 CryptGenerateRandom() |
| 19408 | |
| 19409 | This is the interface to _cpri__GenerateRandom(). |
| 19410 | |
| 19411 | 64 UINT16 |
| 19412 | 65 CryptGenerateRandom( |
| 19413 | 66 UINT16 randomSize, // IN: size of random number |
| 19414 | 67 BYTE *buffer // OUT: buffer of random number |
| 19415 | 68 ) |
| 19416 | 69 { |
| 19417 | 70 UINT16 result; |
| 19418 | 71 pAssert(randomSize <= MAX_RSA_KEY_BYTES || randomSize <= PRIMARY_SEED_SIZE); |
| 19419 | 72 if(randomSize == 0) |
| 19420 | |
| 19421 | Family "2.0" TCG Published Page 273 |
| 19422 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 19423 | Trusted Platform Module Library Part 4: Supporting Routines |
| 19424 | |
| 19425 | 73 return 0; |
| 19426 | 74 |
| 19427 | 75 // Call crypto engine random number generation |
| 19428 | 76 result = _cpri__GenerateRandom(randomSize, buffer); |
| 19429 | 77 if(result != randomSize) |
| 19430 | 78 FAIL(FATAL_ERROR_INTERNAL); |
| 19431 | 79 |
| 19432 | 80 return result; |
| 19433 | 81 } |
| 19434 | 82 #endif //TPM_ALG_NULL //% |
| 19435 | |
| 19436 | |
| 19437 | 10.2.4 Hash/HMAC Functions |
| 19438 | |
| 19439 | 10.2.4.1 CryptGetContextAlg() |
| 19440 | |
| 19441 | This function returns the hash algorithm associated with a hash context. |
| 19442 | |
| 19443 | 83 #ifdef TPM_ALG_KEYEDHASH //% 1 |
| 19444 | 84 TPM_ALG_ID |
| 19445 | 85 CryptGetContextAlg( |
| 19446 | 86 void *state // IN: the context to check |
| 19447 | 87 ) |
| 19448 | 88 { |
| 19449 | 89 HASH_STATE *context = (HASH_STATE *)state; |
| 19450 | 90 return _cpri__GetContextAlg(&context->state); |
| 19451 | 91 } |
| 19452 | |
| 19453 | |
| 19454 | 10.2.4.2 CryptStartHash() |
| 19455 | |
| 19456 | This function starts a hash and return the size, in bytes, of the digest. |
| 19457 | |
| 19458 | Return Value Meaning |
| 19459 | |
| 19460 | >0 the digest size of the algorithm |
| 19461 | =0 the hashAlg was TPM_ALG_NULL |
| 19462 | |
| 19463 | 92 UINT16 |
| 19464 | 93 CryptStartHash( |
| 19465 | 94 TPMI_ALG_HASH hashAlg, // IN: hash algorithm |
| 19466 | 95 HASH_STATE *hashState // OUT: the state of hash stack. It will be used |
| 19467 | 96 // in hash update and completion |
| 19468 | 97 ) |
| 19469 | 98 { |
| 19470 | 99 CRYPT_RESULT retVal = 0; |
| 19471 | 100 |
| 19472 | 101 pAssert(hashState != NULL); |
| 19473 | 102 |
| 19474 | 103 TEST_HASH(hashAlg); |
| 19475 | 104 |
| 19476 | 105 hashState->type = HASH_STATE_EMPTY; |
| 19477 | 106 |
| 19478 | 107 // Call crypto engine start hash function |
| 19479 | 108 if((retVal = _cpri__StartHash(hashAlg, FALSE, &hashState->state)) > 0) |
| 19480 | 109 hashState->type = HASH_STATE_HASH; |
| 19481 | 110 |
| 19482 | 111 return retVal; |
| 19483 | 112 } |
| 19484 | |
| 19485 | |
| 19486 | |
| 19487 | |
| 19488 | Page 274 TCG Published Family "2.0" |
| 19489 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 19490 | Part 4: Supporting Routines Trusted Platform Module Library |
| 19491 | |
| 19492 | 10.2.4.3 CryptStartHashSequence() |
| 19493 | |
| 19494 | Start a hash stack for a sequence object and return the size, in bytes, of the digest. This call uses the |
| 19495 | form of the hash state that requires context save and restored. |
| 19496 | |
| 19497 | Return Value Meaning |
| 19498 | |
| 19499 | >0 the digest size of the algorithm |
| 19500 | =0 the hashAlg was TPM_ALG_NULL |
| 19501 | |
| 19502 | 113 UINT16 |
| 19503 | 114 CryptStartHashSequence( |
| 19504 | 115 TPMI_ALG_HASH hashAlg, // IN: hash algorithm |
| 19505 | 116 HASH_STATE *hashState // OUT: the state of hash stack. It will be used |
| 19506 | 117 // in hash update and completion |
| 19507 | 118 ) |
| 19508 | 119 { |
| 19509 | 120 CRYPT_RESULT retVal = 0; |
| 19510 | 121 |
| 19511 | 122 pAssert(hashState != NULL); |
| 19512 | 123 |
| 19513 | 124 TEST_HASH(hashAlg); |
| 19514 | 125 |
| 19515 | 126 hashState->type = HASH_STATE_EMPTY; |
| 19516 | 127 |
| 19517 | 128 // Call crypto engine start hash function |
| 19518 | 129 if((retVal = _cpri__StartHash(hashAlg, TRUE, &hashState->state)) > 0) |
| 19519 | 130 hashState->type = HASH_STATE_HASH; |
| 19520 | 131 |
| 19521 | 132 return retVal; |
| 19522 | 133 |
| 19523 | 134 } |
| 19524 | |
| 19525 | |
| 19526 | 10.2.4.4 CryptStartHMAC() |
| 19527 | |
| 19528 | This function starts an HMAC sequence and returns the size of the digest that will be produced. |
| 19529 | The caller must provide a block of memory in which the hash sequence state is kept. The caller should |
| 19530 | not alter the contents of this buffer until the hash sequence is completed or abandoned. |
| 19531 | |
| 19532 | Return Value Meaning |
| 19533 | |
| 19534 | >0 the digest size of the algorithm |
| 19535 | =0 the hashAlg was TPM_ALG_NULL |
| 19536 | |
| 19537 | 135 UINT16 |
| 19538 | 136 CryptStartHMAC( |
| 19539 | 137 TPMI_ALG_HASH hashAlg, // IN: hash algorithm |
| 19540 | 138 UINT16 keySize, // IN: the size of HMAC key in byte |
| 19541 | 139 BYTE *key, // IN: HMAC key |
| 19542 | 140 HMAC_STATE *hmacState // OUT: the state of HMAC stack. It will be used |
| 19543 | 141 // in HMAC update and completion |
| 19544 | 142 ) |
| 19545 | 143 { |
| 19546 | 144 HASH_STATE *hashState = (HASH_STATE *)hmacState; |
| 19547 | 145 CRYPT_RESULT retVal; |
| 19548 | 146 |
| 19549 | 147 // This has to come before the pAssert in case we all calling this function |
| 19550 | 148 // during testing. If so, the first instance will have no arguments but the |
| 19551 | 149 // hash algorithm. The call from the test routine will have arguments. When |
| 19552 | 150 // the second call is done, then we return to the test dispatcher. |
| 19553 | 151 TEST_HASH(hashAlg); |
| 19554 | |
| 19555 | Family "2.0" TCG Published Page 275 |
| 19556 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 19557 | Trusted Platform Module Library Part 4: Supporting Routines |
| 19558 | |
| 19559 | 152 |
| 19560 | 153 pAssert(hashState != NULL); |
| 19561 | 154 |
| 19562 | 155 hashState->type = HASH_STATE_EMPTY; |
| 19563 | 156 |
| 19564 | 157 if((retVal = _cpri__StartHMAC(hashAlg, FALSE, &hashState->state, keySize, key, |
| 19565 | 158 &hmacState->hmacKey.b)) > 0) |
| 19566 | 159 hashState->type = HASH_STATE_HMAC; |
| 19567 | 160 |
| 19568 | 161 return retVal; |
| 19569 | 162 } |
| 19570 | |
| 19571 | |
| 19572 | 10.2.4.5 CryptStartHMACSequence() |
| 19573 | |
| 19574 | This function starts an HMAC sequence and returns the size of the digest that will be produced. |
| 19575 | The caller must provide a block of memory in which the hash sequence state is kept. The caller should |
| 19576 | not alter the contents of this buffer until the hash sequence is completed or abandoned. |
| 19577 | This call is used to start a sequence HMAC that spans multiple TPM commands. |
| 19578 | |
| 19579 | Return Value Meaning |
| 19580 | |
| 19581 | >0 the digest size of the algorithm |
| 19582 | =0 the hashAlg was TPM_ALG_NULL |
| 19583 | |
| 19584 | 163 UINT16 |
| 19585 | 164 CryptStartHMACSequence( |
| 19586 | 165 TPMI_ALG_HASH hashAlg, // IN: hash algorithm |
| 19587 | 166 UINT16 keySize, // IN: the size of HMAC key in byte |
| 19588 | 167 BYTE *key, // IN: HMAC key |
| 19589 | 168 HMAC_STATE *hmacState // OUT: the state of HMAC stack. It will be used |
| 19590 | 169 // in HMAC update and completion |
| 19591 | 170 ) |
| 19592 | 171 { |
| 19593 | 172 HASH_STATE *hashState = (HASH_STATE *)hmacState; |
| 19594 | 173 CRYPT_RESULT retVal; |
| 19595 | 174 |
| 19596 | 175 TEST_HASH(hashAlg); |
| 19597 | 176 |
| 19598 | 177 hashState->type = HASH_STATE_EMPTY; |
| 19599 | 178 |
| 19600 | 179 if((retVal = _cpri__StartHMAC(hashAlg, TRUE, &hashState->state, |
| 19601 | 180 keySize, key, &hmacState->hmacKey.b)) > 0) |
| 19602 | 181 hashState->type = HASH_STATE_HMAC; |
| 19603 | 182 |
| 19604 | 183 return retVal; |
| 19605 | 184 } |
| 19606 | |
| 19607 | |
| 19608 | 10.2.4.6 CryptStartHMAC2B() |
| 19609 | |
| 19610 | This function starts an HMAC and returns the size of the digest that will be produced. |
| 19611 | This function is provided to support the most common use of starting an HMAC with a TPM2B key. |
| 19612 | The caller must provide a block of memory in which the hash sequence state is kept. The caller should |
| 19613 | not alter the contents of this buffer until the hash sequence is completed or abandoned. |
| 19614 | |
| 19615 | |
| 19616 | |
| 19617 | |
| 19618 | Page 276 TCG Published Family "2.0" |
| 19619 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 19620 | Part 4: Supporting Routines Trusted Platform Module Library |
| 19621 | |
| 19622 | |
| 19623 | Return Value Meaning |
| 19624 | |
| 19625 | >0 the digest size of the algorithm |
| 19626 | =0 the hashAlg was TPM_ALG_NULL |
| 19627 | |
| 19628 | 185 LIB_EXPORT UINT16 |
| 19629 | 186 CryptStartHMAC2B( |
| 19630 | 187 TPMI_ALG_HASH hashAlg, // IN: hash algorithm |
| 19631 | 188 TPM2B *key, // IN: HMAC key |
| 19632 | 189 HMAC_STATE *hmacState // OUT: the state of HMAC stack. It will be used |
| 19633 | 190 // in HMAC update and completion |
| 19634 | 191 ) |
| 19635 | 192 { |
| 19636 | 193 return CryptStartHMAC(hashAlg, key->size, key->buffer, hmacState); |
| 19637 | 194 } |
| 19638 | |
| 19639 | |
| 19640 | 10.2.4.7 CryptStartHMACSequence2B() |
| 19641 | |
| 19642 | This function starts an HMAC sequence and returns the size of the digest that will be produced. |
| 19643 | This function is provided to support the most common use of starting an HMAC with a TPM2B key. |
| 19644 | The caller must provide a block of memory in which the hash sequence state is kept. The caller should |
| 19645 | not alter the contents of this buffer until the hash sequence is completed or abandoned. |
| 19646 | |
| 19647 | Return Value Meaning |
| 19648 | |
| 19649 | >0 the digest size of the algorithm |
| 19650 | =0 the hashAlg was TPM_ALG_NULL |
| 19651 | |
| 19652 | 195 UINT16 |
| 19653 | 196 CryptStartHMACSequence2B( |
| 19654 | 197 TPMI_ALG_HASH hashAlg, // IN: hash algorithm |
| 19655 | 198 TPM2B *key, // IN: HMAC key |
| 19656 | 199 HMAC_STATE *hmacState // OUT: the state of HMAC stack. It will be used |
| 19657 | 200 // in HMAC update and completion |
| 19658 | 201 ) |
| 19659 | 202 { |
| 19660 | 203 return CryptStartHMACSequence(hashAlg, key->size, key->buffer, hmacState); |
| 19661 | 204 } |
| 19662 | |
| 19663 | |
| 19664 | 10.2.4.8 CryptUpdateDigest() |
| 19665 | |
| 19666 | This function updates a digest (hash or HMAC) with an array of octets. |
| 19667 | This function can be used for both HMAC and hash functions so the digestState is void so that either |
| 19668 | state type can be passed. |
| 19669 | |
| 19670 | 205 LIB_EXPORT void |
| 19671 | 206 CryptUpdateDigest( |
| 19672 | 207 void *digestState, // IN: the state of hash stack |
| 19673 | 208 UINT32 dataSize, // IN: the size of data |
| 19674 | 209 BYTE *data // IN: data to be hashed |
| 19675 | 210 ) |
| 19676 | 211 { |
| 19677 | 212 HASH_STATE *hashState = (HASH_STATE *)digestState; |
| 19678 | 213 |
| 19679 | 214 pAssert(digestState != NULL); |
| 19680 | 215 |
| 19681 | 216 if(hashState->type != HASH_STATE_EMPTY && data != NULL && dataSize != 0) |
| 19682 | 217 { |
| 19683 | |
| 19684 | Family "2.0" TCG Published Page 277 |
| 19685 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 19686 | Trusted Platform Module Library Part 4: Supporting Routines |
| 19687 | |
| 19688 | 218 // Call crypto engine update hash function |
| 19689 | 219 _cpri__UpdateHash(&hashState->state, dataSize, data); |
| 19690 | 220 } |
| 19691 | 221 return; |
| 19692 | 222 } |
| 19693 | |
| 19694 | |
| 19695 | 10.2.4.9 CryptUpdateDigest2B() |
| 19696 | |
| 19697 | This function updates a digest (hash or HMAC) with a TPM2B. |
| 19698 | This function can be used for both HMAC and hash functions so the digestState is void so that either |
| 19699 | state type can be passed. |
| 19700 | |
| 19701 | 223 LIB_EXPORT void |
| 19702 | 224 CryptUpdateDigest2B( |
| 19703 | 225 void *digestState, // IN: the digest state |
| 19704 | 226 TPM2B *bIn // IN: 2B containing the data |
| 19705 | 227 ) |
| 19706 | 228 { |
| 19707 | 229 // Only compute the digest if a pointer to the 2B is provided. |
| 19708 | 230 // In CryptUpdateDigest(), if size is zero or buffer is NULL, then no change |
| 19709 | 231 // to the digest occurs. This function should not provide a buffer if bIn is |
| 19710 | 232 // not provided. |
| 19711 | 233 if(bIn != NULL) |
| 19712 | 234 CryptUpdateDigest(digestState, bIn->size, bIn->buffer); |
| 19713 | 235 return; |
| 19714 | 236 } |
| 19715 | |
| 19716 | |
| 19717 | 10.2.4.10 CryptUpdateDigestInt() |
| 19718 | |
| 19719 | This function is used to include an integer value to a hash stack. The function marshals the integer into its |
| 19720 | canonical form before calling CryptUpdateHash(). |
| 19721 | |
| 19722 | 237 LIB_EXPORT void |
| 19723 | 238 CryptUpdateDigestInt( |
| 19724 | 239 void *state, // IN: the state of hash stack |
| 19725 | 240 UINT32 intSize, // IN: the size of 'intValue' in byte |
| 19726 | 241 void *intValue // IN: integer value to be hashed |
| 19727 | 242 ) |
| 19728 | 243 { |
| 19729 | 244 |
| 19730 | 245 #if BIG_ENDIAN_TPM == YES |
| 19731 | 246 pAssert( intValue != NULL && (intSize == 1 || intSize == 2 |
| 19732 | 247 || intSize == 4 || intSize == 8)); |
| 19733 | 248 CryptUpdateHash(state, inSize, (BYTE *)intValue); |
| 19734 | 249 #else |
| 19735 | 250 |
| 19736 | 251 BYTE marshalBuffer[8]; |
| 19737 | 252 // Point to the big end of an little-endian value |
| 19738 | 253 BYTE *p = &((BYTE *)intValue)[intSize - 1]; |
| 19739 | 254 // Point to the big end of an big-endian value |
| 19740 | 255 BYTE *q = marshalBuffer; |
| 19741 | 256 |
| 19742 | 257 pAssert(intValue != NULL); |
| 19743 | 258 switch (intSize) |
| 19744 | 259 { |
| 19745 | 260 case 8: |
| 19746 | 261 *q++ = *p--; |
| 19747 | 262 *q++ = *p--; |
| 19748 | 263 *q++ = *p--; |
| 19749 | 264 *q++ = *p--; |
| 19750 | 265 case 4: |
| 19751 | 266 *q++ = *p--; |
| 19752 | |
| 19753 | Page 278 TCG Published Family "2.0" |
| 19754 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 19755 | Part 4: Supporting Routines Trusted Platform Module Library |
| 19756 | |
| 19757 | 267 *q++ = *p--; |
| 19758 | 268 case 2: |
| 19759 | 269 *q++ = *p--; |
| 19760 | 270 case 1: |
| 19761 | 271 *q = *p; |
| 19762 | 272 // Call update the hash |
| 19763 | 273 CryptUpdateDigest(state, intSize, marshalBuffer); |
| 19764 | 274 break; |
| 19765 | 275 default: |
| 19766 | 276 FAIL(0); |
| 19767 | 277 } |
| 19768 | 278 |
| 19769 | 279 #endif |
| 19770 | 280 return; |
| 19771 | 281 } |
| 19772 | |
| 19773 | |
| 19774 | 10.2.4.11 CryptCompleteHash() |
| 19775 | |
| 19776 | This function completes a hash sequence and returns the digest. |
| 19777 | This function can be called to complete either an HMAC or hash sequence. The state type determines if |
| 19778 | the context type is a hash or HMAC. If an HMAC, then the call is forwarded to CryptCompleteHash(). |
| 19779 | If digestSize is smaller than the digest size of hash/HMAC algorithm, the most significant bytes of |
| 19780 | required size will be returned |
| 19781 | |
| 19782 | Return Value Meaning |
| 19783 | |
| 19784 | >=0 the number of bytes placed in digest |
| 19785 | |
| 19786 | 282 LIB_EXPORT UINT16 |
| 19787 | 283 CryptCompleteHash( |
| 19788 | 284 void *state, // IN: the state of hash stack |
| 19789 | 285 UINT16 digestSize, // IN: size of digest buffer |
| 19790 | 286 BYTE *digest // OUT: hash digest |
| 19791 | 287 ) |
| 19792 | 288 { |
| 19793 | 289 HASH_STATE *hashState = (HASH_STATE *)state; // local value |
| 19794 | 290 |
| 19795 | 291 // If the session type is HMAC, then could forward this to |
| 19796 | 292 // the HMAC processing and not cause an error. However, if no |
| 19797 | 293 // function calls this routine to forward it, then we can't get |
| 19798 | 294 // test coverage. The decision is to assert if this is called with |
| 19799 | 295 // the type == HMAC and fix anything that makes the wrong call. |
| 19800 | 296 pAssert(hashState->type == HASH_STATE_HASH); |
| 19801 | 297 |
| 19802 | 298 // Set the state to empty so that it doesn't get used again |
| 19803 | 299 hashState->type = HASH_STATE_EMPTY; |
| 19804 | 300 |
| 19805 | 301 // Call crypto engine complete hash function |
| 19806 | 302 return _cpri__CompleteHash(&hashState->state, digestSize, digest); |
| 19807 | 303 } |
| 19808 | |
| 19809 | |
| 19810 | 10.2.4.12 CryptCompleteHash2B() |
| 19811 | |
| 19812 | This function is the same as CypteCompleteHash() but the digest is placed in a TPM2B. This is the most |
| 19813 | common use and this is provided for specification clarity. 'digest.size' should be set to indicate the number |
| 19814 | of bytes to place in the buffer |
| 19815 | |
| 19816 | |
| 19817 | |
| 19818 | |
| 19819 | Family "2.0" TCG Published Page 279 |
| 19820 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 19821 | Trusted Platform Module Library Part 4: Supporting Routines |
| 19822 | |
| 19823 | |
| 19824 | Return Value Meaning |
| 19825 | |
| 19826 | >=0 the number of bytes placed in 'digest.buffer' |
| 19827 | |
| 19828 | 304 LIB_EXPORT UINT16 |
| 19829 | 305 CryptCompleteHash2B( |
| 19830 | 306 void *state, // IN: the state of hash stack |
| 19831 | 307 TPM2B *digest // IN: the size of the buffer Out: requested |
| 19832 | 308 // number of byte |
| 19833 | 309 ) |
| 19834 | 310 { |
| 19835 | 311 UINT16 retVal = 0; |
| 19836 | 312 |
| 19837 | 313 if(digest != NULL) |
| 19838 | 314 retVal = CryptCompleteHash(state, digest->size, digest->buffer); |
| 19839 | 315 |
| 19840 | 316 return retVal; |
| 19841 | 317 } |
| 19842 | |
| 19843 | |
| 19844 | 10.2.4.13 CryptHashBlock() |
| 19845 | |
| 19846 | Hash a block of data and return the results. If the digest is larger than retSize, it is truncated and with the |
| 19847 | least significant octets dropped. |
| 19848 | |
| 19849 | Return Value Meaning |
| 19850 | |
| 19851 | >=0 the number of bytes placed in ret |
| 19852 | |
| 19853 | 318 LIB_EXPORT UINT16 |
| 19854 | 319 CryptHashBlock( |
| 19855 | 320 TPM_ALG_ID algId, // IN: the hash algorithm to use |
| 19856 | 321 UINT16 blockSize, // IN: size of the data block |
| 19857 | 322 BYTE *block, // IN: address of the block to hash |
| 19858 | 323 UINT16 retSize, // IN: size of the return buffer |
| 19859 | 324 BYTE *ret // OUT: address of the buffer |
| 19860 | 325 ) |
| 19861 | 326 { |
| 19862 | 327 TEST_HASH(algId); |
| 19863 | 328 |
| 19864 | 329 return _cpri__HashBlock(algId, blockSize, block, retSize, ret); |
| 19865 | 330 } |
| 19866 | |
| 19867 | |
| 19868 | 10.2.4.14 CryptCompleteHMAC() |
| 19869 | |
| 19870 | This function completes a HMAC sequence and returns the digest. If digestSize is smaller than the digest |
| 19871 | size of the HMAC algorithm, the most significant bytes of required size will be returned. |
| 19872 | |
| 19873 | Return Value Meaning |
| 19874 | |
| 19875 | >=0 the number of bytes placed in digest |
| 19876 | |
| 19877 | 331 LIB_EXPORT UINT16 |
| 19878 | 332 CryptCompleteHMAC( |
| 19879 | 333 HMAC_STATE *hmacState, // IN: the state of HMAC stack |
| 19880 | 334 UINT32 digestSize, // IN: size of digest buffer |
| 19881 | 335 BYTE *digest // OUT: HMAC digest |
| 19882 | 336 ) |
| 19883 | 337 { |
| 19884 | 338 HASH_STATE *hashState; |
| 19885 | 339 |
| 19886 | 340 pAssert(hmacState != NULL); |
| 19887 | |
| 19888 | Page 280 TCG Published Family "2.0" |
| 19889 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 19890 | Part 4: Supporting Routines Trusted Platform Module Library |
| 19891 | |
| 19892 | 341 hashState = &hmacState->hashState; |
| 19893 | 342 |
| 19894 | 343 pAssert(hashState->type == HASH_STATE_HMAC); |
| 19895 | 344 |
| 19896 | 345 hashState->type = HASH_STATE_EMPTY; |
| 19897 | 346 |
| 19898 | 347 return _cpri__CompleteHMAC(&hashState->state, &hmacState->hmacKey.b, |
| 19899 | 348 digestSize, digest); |
| 19900 | 349 |
| 19901 | 350 } |
| 19902 | |
| 19903 | |
| 19904 | 10.2.4.15 CryptCompleteHMAC2B() |
| 19905 | |
| 19906 | This function is the same as CryptCompleteHMAC() but the HMAC result is returned in a TPM2B which is |
| 19907 | the most common use. |
| 19908 | |
| 19909 | Return Value Meaning |
| 19910 | |
| 19911 | >=0 the number of bytes placed in digest |
| 19912 | |
| 19913 | 351 LIB_EXPORT UINT16 |
| 19914 | 352 CryptCompleteHMAC2B( |
| 19915 | 353 HMAC_STATE *hmacState, // IN: the state of HMAC stack |
| 19916 | 354 TPM2B *digest // OUT: HMAC |
| 19917 | 355 ) |
| 19918 | 356 { |
| 19919 | 357 UINT16 retVal = 0; |
| 19920 | 358 if(digest != NULL) |
| 19921 | 359 retVal = CryptCompleteHMAC(hmacState, digest->size, digest->buffer); |
| 19922 | 360 return retVal; |
| 19923 | 361 } |
| 19924 | |
| 19925 | |
| 19926 | 10.2.4.16 CryptHashStateImportExport() |
| 19927 | |
| 19928 | This function is used to prepare a hash state context for LIB_EXPORT or to import it into the internal |
| 19929 | format. It is used by TPM2_ContextSave() and TPM2_ContextLoad() via SequenceDataImportExport(). |
| 19930 | This is just a pass-through function to the crypto library. |
| 19931 | |
| 19932 | 362 void |
| 19933 | 363 CryptHashStateImportExport( |
| 19934 | 364 HASH_STATE *internalFmt, // IN: state to LIB_EXPORT |
| 19935 | 365 HASH_STATE *externalFmt, // OUT: exported state |
| 19936 | 366 IMPORT_EXPORT direction |
| 19937 | 367 ) |
| 19938 | 368 { |
| 19939 | 369 _cpri__ImportExportHashState(&internalFmt->state, |
| 19940 | 370 (EXPORT_HASH_STATE *)&externalFmt->state, |
| 19941 | 371 direction); |
| 19942 | 372 } |
| 19943 | |
| 19944 | |
| 19945 | 10.2.4.17 CryptGetHashDigestSize() |
| 19946 | |
| 19947 | This function returns the digest size in bytes for a hash algorithm. |
| 19948 | |
| 19949 | Return Value Meaning |
| 19950 | |
| 19951 | 0 digest size for TPM_ALG_NULL |
| 19952 | >0 digest size |
| 19953 | |
| 19954 | 373 LIB_EXPORT UINT16 |
| 19955 | |
| 19956 | Family "2.0" TCG Published Page 281 |
| 19957 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 19958 | Trusted Platform Module Library Part 4: Supporting Routines |
| 19959 | |
| 19960 | 374 CryptGetHashDigestSize( |
| 19961 | 375 TPM_ALG_ID hashAlg // IN: hash algorithm |
| 19962 | 376 ) |
| 19963 | 377 { |
| 19964 | 378 return _cpri__GetDigestSize(hashAlg); |
| 19965 | 379 } |
| 19966 | |
| 19967 | |
| 19968 | 10.2.4.18 CryptGetHashBlockSize() |
| 19969 | |
| 19970 | Get the digest size in byte of a hash algorithm. |
| 19971 | |
| 19972 | Return Value Meaning |
| 19973 | |
| 19974 | 0 block size for TPM_ALG_NULL |
| 19975 | >0 block size |
| 19976 | |
| 19977 | 380 LIB_EXPORT UINT16 |
| 19978 | 381 CryptGetHashBlockSize( |
| 19979 | 382 TPM_ALG_ID hash // IN: hash algorithm to look up |
| 19980 | 383 ) |
| 19981 | 384 { |
| 19982 | 385 return _cpri__GetHashBlockSize(hash); |
| 19983 | 386 } |
| 19984 | |
| 19985 | |
| 19986 | 10.2.4.19 CryptGetHashAlgByIndex() |
| 19987 | |
| 19988 | This function is used to iterate through the hashes. TPM_ALG_NULL is returned for all indexes that are |
| 19989 | not valid hashes. If the TPM implements 3 hashes, then an index value of 0 will return the first |
| 19990 | implemented hash and an index value of 2 will return the last implemented hash. All other index values |
| 19991 | will return TPM_ALG_NULL. |
| 19992 | |
| 19993 | Return Value Meaning |
| 19994 | |
| 19995 | TPM_ALG_xxx() a hash algorithm |
| 19996 | TPM_ALG_NULL this can be used as a stop value |
| 19997 | |
| 19998 | 387 LIB_EXPORT TPM_ALG_ID |
| 19999 | 388 CryptGetHashAlgByIndex( |
| 20000 | 389 UINT32 index // IN: the index |
| 20001 | 390 ) |
| 20002 | 391 { |
| 20003 | 392 return _cpri__GetHashAlgByIndex(index); |
| 20004 | 393 } |
| 20005 | |
| 20006 | |
| 20007 | 10.2.4.20 CryptSignHMAC() |
| 20008 | |
| 20009 | Sign a digest using an HMAC key. This an HMAC of a digest, not an HMAC of a message. |
| 20010 | |
| 20011 | Error Returns Meaning |
| 20012 | |
| 20013 | 394 static TPM_RC |
| 20014 | 395 CryptSignHMAC( |
| 20015 | 396 OBJECT *signKey, // IN: HMAC key sign the hash |
| 20016 | 397 TPMT_SIG_SCHEME *scheme, // IN: signing scheme |
| 20017 | 398 TPM2B_DIGEST *hashData, // IN: hash to be signed |
| 20018 | 399 TPMT_SIGNATURE *signature // OUT: signature |
| 20019 | 400 ) |
| 20020 | 401 { |
| 20021 | |
| 20022 | |
| 20023 | Page 282 TCG Published Family "2.0" |
| 20024 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 20025 | Part 4: Supporting Routines Trusted Platform Module Library |
| 20026 | |
| 20027 | 402 HMAC_STATE hmacState; |
| 20028 | 403 UINT32 digestSize; |
| 20029 | 404 |
| 20030 | 405 // HMAC algorithm self testing code may be inserted here |
| 20031 | 406 |
| 20032 | 407 digestSize = CryptStartHMAC2B(scheme->details.hmac.hashAlg, |
| 20033 | 408 &signKey->sensitive.sensitive.bits.b, |
| 20034 | 409 &hmacState); |
| 20035 | 410 |
| 20036 | 411 // The hash algorithm must be a valid one. |
| 20037 | 412 pAssert(digestSize > 0); |
| 20038 | 413 |
| 20039 | 414 CryptUpdateDigest2B(&hmacState, &hashData->b); |
| 20040 | 415 |
| 20041 | 416 CryptCompleteHMAC(&hmacState, digestSize, |
| 20042 | 417 (BYTE *) &signature->signature.hmac.digest); |
| 20043 | 418 |
| 20044 | 419 // Set HMAC algorithm |
| 20045 | 420 signature->signature.hmac.hashAlg = scheme->details.hmac.hashAlg; |
| 20046 | 421 |
| 20047 | 422 return TPM_RC_SUCCESS; |
| 20048 | 423 } |
| 20049 | |
| 20050 | |
| 20051 | 10.2.4.21 CryptHMACVerifySignature() |
| 20052 | |
| 20053 | This function will verify a signature signed by a HMAC key. |
| 20054 | |
| 20055 | Error Returns Meaning |
| 20056 | |
| 20057 | TPM_RC_SIGNATURE if invalid input or signature is not genuine |
| 20058 | |
| 20059 | 424 static TPM_RC |
| 20060 | 425 CryptHMACVerifySignature( |
| 20061 | 426 OBJECT *signKey, // IN: HMAC key signed the hash |
| 20062 | 427 TPM2B_DIGEST *hashData, // IN: digest being verified |
| 20063 | 428 TPMT_SIGNATURE *signature // IN: signature to be verified |
| 20064 | 429 ) |
| 20065 | 430 { |
| 20066 | 431 HMAC_STATE hmacState; |
| 20067 | 432 TPM2B_DIGEST digestToCompare; |
| 20068 | 433 |
| 20069 | 434 digestToCompare.t.size = CryptStartHMAC2B(signature->signature.hmac.hashAlg, |
| 20070 | 435 &signKey->sensitive.sensitive.bits.b, &hmacState); |
| 20071 | 436 |
| 20072 | 437 CryptUpdateDigest2B(&hmacState, &hashData->b); |
| 20073 | 438 |
| 20074 | 439 CryptCompleteHMAC2B(&hmacState, &digestToCompare.b); |
| 20075 | 440 |
| 20076 | 441 // Compare digest |
| 20077 | 442 if(MemoryEqual(digestToCompare.t.buffer, |
| 20078 | 443 (BYTE *) &signature->signature.hmac.digest, |
| 20079 | 444 digestToCompare.t.size)) |
| 20080 | 445 return TPM_RC_SUCCESS; |
| 20081 | 446 else |
| 20082 | 447 return TPM_RC_SIGNATURE; |
| 20083 | 448 |
| 20084 | 449 } |
| 20085 | |
| 20086 | |
| 20087 | 10.2.4.22 CryptGenerateKeyedHash() |
| 20088 | |
| 20089 | This function creates a keyedHash object. |
| 20090 | |
| 20091 | |
| 20092 | |
| 20093 | Family "2.0" TCG Published Page 283 |
| 20094 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 20095 | Trusted Platform Module Library Part 4: Supporting Routines |
| 20096 | |
| 20097 | |
| 20098 | Error Returns Meaning |
| 20099 | |
| 20100 | TPM_RC_SIZE sensitive data size is larger than allowed for the scheme |
| 20101 | |
| 20102 | 450 static TPM_RC |
| 20103 | 451 CryptGenerateKeyedHash( |
| 20104 | 452 TPMT_PUBLIC *publicArea, // IN/OUT: the public area template |
| 20105 | 453 // for the new key. |
| 20106 | 454 TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data |
| 20107 | 455 TPMT_SENSITIVE *sensitive, // OUT: sensitive area |
| 20108 | 456 TPM_ALG_ID kdfHashAlg, // IN: algorithm for the KDF |
| 20109 | 457 TPM2B_SEED *seed, // IN: the seed |
| 20110 | 458 TPM2B_NAME *name // IN: name of the object |
| 20111 | 459 ) |
| 20112 | 460 { |
| 20113 | 461 TPMT_KEYEDHASH_SCHEME *scheme; |
| 20114 | 462 TPM_ALG_ID hashAlg; |
| 20115 | 463 UINT16 hashBlockSize; |
| 20116 | 464 |
| 20117 | 465 scheme = &publicArea->parameters.keyedHashDetail.scheme; |
| 20118 | 466 |
| 20119 | 467 pAssert(publicArea->type == TPM_ALG_KEYEDHASH); |
| 20120 | 468 |
| 20121 | 469 // Pick the limiting hash algorithm |
| 20122 | 470 if(scheme->scheme == TPM_ALG_NULL) |
| 20123 | 471 hashAlg = publicArea->nameAlg; |
| 20124 | 472 else if(scheme->scheme == TPM_ALG_XOR) |
| 20125 | 473 hashAlg = scheme->details.xor.hashAlg; |
| 20126 | 474 else |
| 20127 | 475 hashAlg = scheme->details.hmac.hashAlg; |
| 20128 | 476 hashBlockSize = CryptGetHashBlockSize(hashAlg); |
| 20129 | 477 |
| 20130 | 478 // if this is a signing or a decryption key, then then the limit |
| 20131 | 479 // for the data size is the block size of the hash. This limit |
| 20132 | 480 // is set because larger values have lower entropy because of the |
| 20133 | 481 // HMAC function. |
| 20134 | 482 if(publicArea->objectAttributes.sensitiveDataOrigin == CLEAR) |
| 20135 | 483 { |
| 20136 | 484 if( ( publicArea->objectAttributes.decrypt |
| 20137 | 485 || publicArea->objectAttributes.sign) |
| 20138 | 486 && sensitiveCreate->data.t.size > hashBlockSize) |
| 20139 | 487 |
| 20140 | 488 return TPM_RC_SIZE; |
| 20141 | 489 } |
| 20142 | 490 else |
| 20143 | 491 { |
| 20144 | 492 // If the TPM is going to generate the data, then set the size to be the |
| 20145 | 493 // size of the digest of the algorithm |
| 20146 | 494 sensitive->sensitive.sym.t.size = CryptGetHashDigestSize(hashAlg); |
| 20147 | 495 sensitiveCreate->data.t.size = 0; |
| 20148 | 496 } |
| 20149 | 497 |
| 20150 | 498 // Fill in the sensitive area |
| 20151 | 499 CryptGenerateNewSymmetric(sensitiveCreate, sensitive, kdfHashAlg, |
| 20152 | 500 seed, name); |
| 20153 | 501 |
| 20154 | 502 // Create unique area in public |
| 20155 | 503 CryptComputeSymmetricUnique(publicArea->nameAlg, |
| 20156 | 504 sensitive, &publicArea->unique.sym); |
| 20157 | 505 |
| 20158 | 506 return TPM_RC_SUCCESS; |
| 20159 | 507 } |
| 20160 | |
| 20161 | |
| 20162 | |
| 20163 | |
| 20164 | Page 284 TCG Published Family "2.0" |
| 20165 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 20166 | Part 4: Supporting Routines Trusted Platform Module Library |
| 20167 | |
| 20168 | 10.2.4.23 CryptKDFa() |
| 20169 | |
| 20170 | This function generates a key using the KDFa() formulation in Part 1 of the TPM specification. In this |
| 20171 | implementation, this is a macro invocation of _cpri__KDFa() in the hash module of the CryptoEngine(). |
| 20172 | This macro sets once to FALSE so that KDFa() will iterate as many times as necessary to generate |
| 20173 | sizeInBits number of bits. |
| 20174 | |
| 20175 | 508 //%#define CryptKDFa(hashAlg, key, label, contextU, contextV, \ |
| 20176 | 509 //% sizeInBits, keyStream, counterInOut) \ |
| 20177 | 510 //% TEST_HASH(hashAlg); \ |
| 20178 | 511 //% _cpri__KDFa( \ |
| 20179 | 512 //% ((TPM_ALG_ID)hashAlg), \ |
| 20180 | 513 //% ((TPM2B *)key), \ |
| 20181 | 514 //% ((const char *)label), \ |
| 20182 | 515 //% ((TPM2B *)contextU), \ |
| 20183 | 516 //% ((TPM2B *)contextV), \ |
| 20184 | 517 //% ((UINT32)sizeInBits), \ |
| 20185 | 518 //% ((BYTE *)keyStream), \ |
| 20186 | 519 //% ((UINT32 *)counterInOut), \ |
| 20187 | 520 //% ((BOOL) FALSE) \ |
| 20188 | 521 //% ) |
| 20189 | 522 //% |
| 20190 | |
| 20191 | |
| 20192 | 10.2.4.24 CryptKDFaOnce() |
| 20193 | |
| 20194 | This function generates a key using the KDFa() formulation in Part 1 of the TPM specification. In this |
| 20195 | implementation, this is a macro invocation of _cpri__KDFa() in the hash module of the CryptoEngine(). |
| 20196 | This macro will call _cpri__KDFa() with once TRUE so that only one iteration is performed, regardless of |
| 20197 | sizeInBits. |
| 20198 | |
| 20199 | 523 //%#define CryptKDFaOnce(hashAlg, key, label, contextU, contextV, \ |
| 20200 | 524 //% sizeInBits, keyStream, counterInOut) \ |
| 20201 | 525 //% TEST_HASH(hashAlg); \ |
| 20202 | 526 //% _cpri__KDFa( \ |
| 20203 | 527 //% ((TPM_ALG_ID)hashAlg), \ |
| 20204 | 528 //% ((TPM2B *)key), \ |
| 20205 | 529 //% ((const char *)label), \ |
| 20206 | 530 //% ((TPM2B *)contextU), \ |
| 20207 | 531 //% ((TPM2B *)contextV), \ |
| 20208 | 532 //% ((UINT32)sizeInBits), \ |
| 20209 | 533 //% ((BYTE *)keyStream), \ |
| 20210 | 534 //% ((UINT32 *)counterInOut), \ |
| 20211 | 535 //% ((BOOL) TRUE) \ |
| 20212 | 536 //% ) |
| 20213 | 537 //% |
| 20214 | |
| 20215 | |
| 20216 | 10.2.4.25 KDFa() |
| 20217 | |
| 20218 | This function is used by functions outside of CryptUtil() to access _cpri_KDFa(). |
| 20219 | |
| 20220 | 538 void |
| 20221 | 539 KDFa( |
| 20222 | 540 TPM_ALG_ID hash, // IN: hash algorithm used in HMAC |
| 20223 | 541 TPM2B *key, // IN: HMAC key |
| 20224 | 542 const char *label, // IN: a null-terminated label for KDF |
| 20225 | 543 TPM2B *contextU, // IN: context U |
| 20226 | 544 TPM2B *contextV, // IN: context V |
| 20227 | 545 UINT32 sizeInBits, // IN: size of generated key in bit |
| 20228 | 546 BYTE *keyStream, // OUT: key buffer |
| 20229 | 547 UINT32 *counterInOut // IN/OUT: caller may provide the iteration |
| 20230 | 548 // counter for incremental operations to |
| 20231 | |
| 20232 | Family "2.0" TCG Published Page 285 |
| 20233 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 20234 | Trusted Platform Module Library Part 4: Supporting Routines |
| 20235 | |
| 20236 | 549 // avoid large intermediate buffers. |
| 20237 | 550 ) |
| 20238 | 551 { |
| 20239 | 552 CryptKDFa(hash, key, label, contextU, contextV, sizeInBits, |
| 20240 | 553 keyStream, counterInOut); |
| 20241 | 554 } |
| 20242 | |
| 20243 | |
| 20244 | 10.2.4.26 CryptKDFe() |
| 20245 | |
| 20246 | This function generates a key using the KDFa() formulation in Part 1 of the TPM specification. In this |
| 20247 | implementation, this is a macro invocation of _cpri__KDFe() in the hash module of the CryptoEngine(). |
| 20248 | |
| 20249 | 555 //%#define CryptKDFe(hashAlg, Z, label, partyUInfo, partyVInfo, \ |
| 20250 | 556 //% sizeInBits, keyStream) \ |
| 20251 | 557 //% TEST_HASH(hashAlg); \ |
| 20252 | 558 //% _cpri__KDFe( \ |
| 20253 | 559 //% ((TPM_ALG_ID)hashAlg), \ |
| 20254 | 560 //% ((TPM2B *)Z), \ |
| 20255 | 561 //% ((const char *)label), \ |
| 20256 | 562 //% ((TPM2B *)partyUInfo), \ |
| 20257 | 563 //% ((TPM2B *)partyVInfo), \ |
| 20258 | 564 //% ((UINT32)sizeInBits), \ |
| 20259 | 565 //% ((BYTE *)keyStream) \ |
| 20260 | 566 //% ) |
| 20261 | 567 //% |
| 20262 | 568 #endif //TPM_ALG_KEYEDHASH //% 1 |
| 20263 | |
| 20264 | |
| 20265 | 10.2.5 RSA Functions |
| 20266 | |
| 20267 | 10.2.5.1 BuildRSA() |
| 20268 | |
| 20269 | Function to set the cryptographic elements of an RSA key into a structure to simplify the interface to |
| 20270 | _cpri__ RSA function. This can/should be eliminated by building this structure into the object structure. |
| 20271 | |
| 20272 | 569 #ifdef TPM_ALG_RSA //% 2 |
| 20273 | 570 static void |
| 20274 | 571 BuildRSA( |
| 20275 | 572 OBJECT *rsaKey, |
| 20276 | 573 RSA_KEY *key |
| 20277 | 574 ) |
| 20278 | 575 { |
| 20279 | 576 key->exponent = rsaKey->publicArea.parameters.rsaDetail.exponent; |
| 20280 | 577 if(key->exponent == 0) |
| 20281 | 578 key->exponent = RSA_DEFAULT_PUBLIC_EXPONENT; |
| 20282 | 579 key->publicKey = &rsaKey->publicArea.unique.rsa.b; |
| 20283 | 580 |
| 20284 | 581 if(rsaKey->attributes.publicOnly || rsaKey->privateExponent.t.size == 0) |
| 20285 | 582 key->privateKey = NULL; |
| 20286 | 583 else |
| 20287 | 584 key->privateKey = &(rsaKey->privateExponent.b); |
| 20288 | 585 } |
| 20289 | |
| 20290 | |
| 20291 | 10.2.5.2 CryptTestKeyRSA() |
| 20292 | |
| 20293 | This function provides the interface to _cpri__TestKeyRSA(). If both p and q are provided, n will be set to |
| 20294 | p*q. |
| 20295 | If only p is provided, q is computed by q = n/p. If n mod p != 0, TPM_RC_BINDING is returned. |
| 20296 | The key is validated by checking that a d can be found such that e d mod ((p-1)*(q-1)) = 1. If d is found |
| 20297 | that satisfies this requirement, it will be placed in d. |
| 20298 | Page 286 TCG Published Family "2.0" |
| 20299 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 20300 | Part 4: Supporting Routines Trusted Platform Module Library |
| 20301 | |
| 20302 | |
| 20303 | Error Returns Meaning |
| 20304 | |
| 20305 | TPM_RC_BINDING the public and private portions of the key are not matched |
| 20306 | |
| 20307 | 586 TPM_RC |
| 20308 | 587 CryptTestKeyRSA( |
| 20309 | 588 TPM2B *d, // OUT: receives the private exponent |
| 20310 | 589 UINT32 e, // IN: public exponent |
| 20311 | 590 TPM2B *n, // IN/OUT: public modulu |
| 20312 | 591 TPM2B *p, // IN: a first prime |
| 20313 | 592 TPM2B *q // IN: an optional second prime |
| 20314 | 593 ) |
| 20315 | 594 { |
| 20316 | 595 CRYPT_RESULT retVal; |
| 20317 | 596 |
| 20318 | 597 TEST(ALG_NULL_VALUE); |
| 20319 | 598 |
| 20320 | 599 pAssert(d != NULL && n != NULL && p != NULL); |
| 20321 | 600 // Set the exponent |
| 20322 | 601 if(e == 0) |
| 20323 | 602 e = RSA_DEFAULT_PUBLIC_EXPONENT; |
| 20324 | 603 // CRYPT_PARAMETER |
| 20325 | 604 retVal =_cpri__TestKeyRSA(d, e, n, p, q); |
| 20326 | 605 if(retVal == CRYPT_SUCCESS) |
| 20327 | 606 return TPM_RC_SUCCESS; |
| 20328 | 607 else |
| 20329 | 608 return TPM_RC_BINDING; // convert CRYPT_PARAMETER |
| 20330 | 609 } |
| 20331 | |
| 20332 | |
| 20333 | 10.2.5.3 CryptGenerateKeyRSA() |
| 20334 | |
| 20335 | This function is called to generate an RSA key from a provided seed. It calls _cpri__GenerateKeyRSA() |
| 20336 | to perform the computations. The implementation is vendor specific. |
| 20337 | |
| 20338 | Error Returns Meaning |
| 20339 | |
| 20340 | TPM_RC_RANGE the exponent value is not supported |
| 20341 | TPM_RC_CANCELLED key generation has been canceled |
| 20342 | TPM_RC_VALUE exponent is not prime or is less than 3; or could not find a prime using |
| 20343 | the provided parameters |
| 20344 | |
| 20345 | 610 static TPM_RC |
| 20346 | 611 CryptGenerateKeyRSA( |
| 20347 | 612 TPMT_PUBLIC *publicArea, // IN/OUT: The public area template for |
| 20348 | 613 // the new key. The public key |
| 20349 | 614 // area will be replaced by the |
| 20350 | 615 // product of two primes found by |
| 20351 | 616 // this function |
| 20352 | 617 TPMT_SENSITIVE *sensitive, // OUT: the sensitive area will be |
| 20353 | 618 // updated to contain the first |
| 20354 | 619 // prime and the symmetric |
| 20355 | 620 // encryption key |
| 20356 | 621 TPM_ALG_ID hashAlg, // IN: the hash algorithm for the KDF |
| 20357 | 622 TPM2B_SEED *seed, // IN: Seed for the creation |
| 20358 | 623 TPM2B_NAME *name, // IN: Object name |
| 20359 | 624 UINT32 *counter // OUT: last iteration of the counter |
| 20360 | 625 ) |
| 20361 | 626 { |
| 20362 | 627 CRYPT_RESULT retVal; |
| 20363 | 628 UINT32 exponent = publicArea->parameters.rsaDetail.exponent; |
| 20364 | 629 |
| 20365 | 630 TEST_HASH(hashAlg); |
| 20366 | |
| 20367 | Family "2.0" TCG Published Page 287 |
| 20368 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 20369 | Trusted Platform Module Library Part 4: Supporting Routines |
| 20370 | |
| 20371 | 631 TEST(ALG_NULL_VALUE); |
| 20372 | 632 |
| 20373 | 633 // In this implementation, only the default exponent is allowed |
| 20374 | 634 if(exponent != 0 && exponent != RSA_DEFAULT_PUBLIC_EXPONENT) |
| 20375 | 635 return TPM_RC_RANGE; |
| 20376 | 636 exponent = RSA_DEFAULT_PUBLIC_EXPONENT; |
| 20377 | 637 |
| 20378 | 638 *counter = 0; |
| 20379 | 639 |
| 20380 | 640 // _cpri_GenerateKeyRSA can return CRYPT_CANCEL or CRYPT_FAIL |
| 20381 | 641 retVal = _cpri__GenerateKeyRSA(&publicArea->unique.rsa.b, |
| 20382 | 642 &sensitive->sensitive.rsa.b, |
| 20383 | 643 publicArea->parameters.rsaDetail.keyBits, |
| 20384 | 644 exponent, |
| 20385 | 645 hashAlg, |
| 20386 | 646 &seed->b, |
| 20387 | 647 "RSA key by vendor", |
| 20388 | 648 &name->b, |
| 20389 | 649 counter); |
| 20390 | 650 |
| 20391 | 651 // CRYPT_CANCEL -> TPM_RC_CANCELLED; CRYPT_FAIL -> TPM_RC_VALUE |
| 20392 | 652 return TranslateCryptErrors(retVal); |
| 20393 | 653 |
| 20394 | 654 } |
| 20395 | |
| 20396 | |
| 20397 | 10.2.5.4 CryptLoadPrivateRSA() |
| 20398 | |
| 20399 | This function is called to generate the private exponent of an RSA key. It uses CryptTestKeyRSA(). |
| 20400 | |
| 20401 | Error Returns Meaning |
| 20402 | |
| 20403 | TPM_RC_BINDING public and private parts of rsaKey are not matched |
| 20404 | |
| 20405 | 655 TPM_RC |
| 20406 | 656 CryptLoadPrivateRSA( |
| 20407 | 657 OBJECT *rsaKey // IN: the RSA key object |
| 20408 | 658 ) |
| 20409 | 659 { |
| 20410 | 660 TPM_RC result; |
| 20411 | 661 TPMT_PUBLIC *publicArea = &rsaKey->publicArea; |
| 20412 | 662 TPMT_SENSITIVE *sensitive = &rsaKey->sensitive; |
| 20413 | 663 |
| 20414 | 664 // Load key by computing the private exponent |
| 20415 | 665 // TPM_RC_BINDING |
| 20416 | 666 result = CryptTestKeyRSA(&(rsaKey->privateExponent.b), |
| 20417 | 667 publicArea->parameters.rsaDetail.exponent, |
| 20418 | 668 &(publicArea->unique.rsa.b), |
| 20419 | 669 &(sensitive->sensitive.rsa.b), |
| 20420 | 670 NULL); |
| 20421 | 671 if(result == TPM_RC_SUCCESS) |
| 20422 | 672 rsaKey->attributes.privateExp = SET; |
| 20423 | 673 |
| 20424 | 674 return result; |
| 20425 | 675 } |
| 20426 | |
| 20427 | |
| 20428 | 10.2.5.5 CryptSelectRSAScheme() |
| 20429 | |
| 20430 | This function is used by TPM2_RSA_Decrypt() and TPM2_RSA_Encrypt(). It sets up the rules to select a |
| 20431 | scheme between input and object default. This function assume the RSA object is loaded. If a default |
| 20432 | scheme is defined in object, the default scheme should be chosen, otherwise, the input scheme should |
| 20433 | be chosen. In the case that both the object and scheme are not TPM_ALG_NULL, then if the schemes |
| 20434 | |
| 20435 | |
| 20436 | Page 288 TCG Published Family "2.0" |
| 20437 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 20438 | Part 4: Supporting Routines Trusted Platform Module Library |
| 20439 | |
| 20440 | |
| 20441 | are the same, the input scheme will be chosen. if the scheme are not compatible, a NULL pointer will be |
| 20442 | returned. |
| 20443 | The return pointer may point to a TPM_ALG_NULL scheme. |
| 20444 | |
| 20445 | 676 TPMT_RSA_DECRYPT* |
| 20446 | 677 CryptSelectRSAScheme( |
| 20447 | 678 TPMI_DH_OBJECT rsaHandle, // IN: handle of sign key |
| 20448 | 679 TPMT_RSA_DECRYPT *scheme // IN: a sign or decrypt scheme |
| 20449 | 680 ) |
| 20450 | 681 { |
| 20451 | 682 OBJECT *rsaObject; |
| 20452 | 683 TPMT_ASYM_SCHEME *keyScheme; |
| 20453 | 684 TPMT_RSA_DECRYPT *retVal = NULL; |
| 20454 | 685 |
| 20455 | 686 // Get sign object pointer |
| 20456 | 687 rsaObject = ObjectGet(rsaHandle); |
| 20457 | 688 keyScheme = &rsaObject->publicArea.parameters.asymDetail.scheme; |
| 20458 | 689 |
| 20459 | 690 // if the default scheme of the object is TPM_ALG_NULL, then select the |
| 20460 | 691 // input scheme |
| 20461 | 692 if(keyScheme->scheme == TPM_ALG_NULL) |
| 20462 | 693 { |
| 20463 | 694 retVal = scheme; |
| 20464 | 695 } |
| 20465 | 696 // if the object scheme is not TPM_ALG_NULL and the input scheme is |
| 20466 | 697 // TPM_ALG_NULL, then select the default scheme of the object. |
| 20467 | 698 else if(scheme->scheme == TPM_ALG_NULL) |
| 20468 | 699 { |
| 20469 | 700 // if input scheme is NULL |
| 20470 | 701 retVal = (TPMT_RSA_DECRYPT *)keyScheme; |
| 20471 | 702 } |
| 20472 | 703 // get here if both the object scheme and the input scheme are |
| 20473 | 704 // not TPM_ALG_NULL. Need to insure that they are the same. |
| 20474 | 705 // IMPLEMENTATION NOTE: This could cause problems if future versions have |
| 20475 | 706 // schemes that have more values than just a hash algorithm. A new function |
| 20476 | 707 // (IsSchemeSame()) might be needed then. |
| 20477 | 708 else if( keyScheme->scheme == scheme->scheme |
| 20478 | 709 && keyScheme->details.anySig.hashAlg == scheme->details.anySig.hashAlg) |
| 20479 | 710 { |
| 20480 | 711 retVal = scheme; |
| 20481 | 712 } |
| 20482 | 713 // two different, incompatible schemes specified will return NULL |
| 20483 | 714 return retVal; |
| 20484 | 715 } |
| 20485 | |
| 20486 | |
| 20487 | 10.2.5.6 CryptDecryptRSA() |
| 20488 | |
| 20489 | This function is the interface to _cpri__DecryptRSA(). It handles the return codes from that function and |
| 20490 | converts them from CRYPT_RESULT to TPM_RC values. The rsaKey parameter must reference an RSA |
| 20491 | decryption key |
| 20492 | |
| 20493 | Error Returns Meaning |
| 20494 | |
| 20495 | TPM_RC_BINDING Public and private parts of the key are not cryptographically bound. |
| 20496 | TPM_RC_SIZE Size of data to decrypt is not the same as the key size. |
| 20497 | TPM_RC_VALUE Numeric value of the encrypted data is greater than the public |
| 20498 | exponent, or output buffer is too small for the decrypted message. |
| 20499 | |
| 20500 | 716 TPM_RC |
| 20501 | 717 CryptDecryptRSA( |
| 20502 | 718 UINT16 *dataOutSize, // OUT: size of plain text in byte |
| 20503 | |
| 20504 | Family "2.0" TCG Published Page 289 |
| 20505 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 20506 | Trusted Platform Module Library Part 4: Supporting Routines |
| 20507 | |
| 20508 | 719 BYTE *dataOut, // OUT: plain text |
| 20509 | 720 OBJECT *rsaKey, // IN: internal RSA key |
| 20510 | 721 TPMT_RSA_DECRYPT *scheme, // IN: selects the padding scheme |
| 20511 | 722 UINT16 cipherInSize, // IN: size of cipher text in byte |
| 20512 | 723 BYTE *cipherIn, // IN: cipher text |
| 20513 | 724 const char *label // IN: a label, when needed |
| 20514 | 725 ) |
| 20515 | 726 { |
| 20516 | 727 RSA_KEY key; |
| 20517 | 728 CRYPT_RESULT retVal = CRYPT_SUCCESS; |
| 20518 | 729 UINT32 dSize; // Place to put temporary value for the |
| 20519 | 730 // returned data size |
| 20520 | 731 TPMI_ALG_HASH hashAlg = TPM_ALG_NULL; // hash algorithm in the selected |
| 20521 | 732 // padding scheme |
| 20522 | 733 TPM_RC result = TPM_RC_SUCCESS; |
| 20523 | 734 |
| 20524 | 735 // pointer checks |
| 20525 | 736 pAssert( (dataOutSize != NULL) && (dataOut != NULL) |
| 20526 | 737 && (rsaKey != NULL) && (cipherIn != NULL)); |
| 20527 | 738 |
| 20528 | 739 // The public type is a RSA decrypt key |
| 20529 | 740 pAssert( (rsaKey->publicArea.type == TPM_ALG_RSA |
| 20530 | 741 && rsaKey->publicArea.objectAttributes.decrypt == SET)); |
| 20531 | 742 |
| 20532 | 743 // Must have the private portion loaded. This check is made before this |
| 20533 | 744 // function is called. |
| 20534 | 745 pAssert(rsaKey->attributes.publicOnly == CLEAR); |
| 20535 | 746 |
| 20536 | 747 // decryption requires that the private modulus be present |
| 20537 | 748 if(rsaKey->attributes.privateExp == CLEAR) |
| 20538 | 749 { |
| 20539 | 750 |
| 20540 | 751 // Load key by computing the private exponent |
| 20541 | 752 // CryptLoadPrivateRSA may return TPM_RC_BINDING |
| 20542 | 753 result = CryptLoadPrivateRSA(rsaKey); |
| 20543 | 754 } |
| 20544 | 755 |
| 20545 | 756 // the input buffer must be the size of the key |
| 20546 | 757 if(result == TPM_RC_SUCCESS) |
| 20547 | 758 { |
| 20548 | 759 if(cipherInSize != rsaKey->publicArea.unique.rsa.t.size) |
| 20549 | 760 result = TPM_RC_SIZE; |
| 20550 | 761 else |
| 20551 | 762 { |
| 20552 | 763 BuildRSA(rsaKey, &key); |
| 20553 | 764 |
| 20554 | 765 // Initialize the dOutSize parameter |
| 20555 | 766 dSize = *dataOutSize; |
| 20556 | 767 |
| 20557 | 768 // For OAEP scheme, initialize the hash algorithm for padding |
| 20558 | 769 if(scheme->scheme == TPM_ALG_OAEP) |
| 20559 | 770 { |
| 20560 | 771 hashAlg = scheme->details.oaep.hashAlg; |
| 20561 | 772 TEST_HASH(hashAlg); |
| 20562 | 773 } |
| 20563 | 774 // See if the padding mode needs to be tested |
| 20564 | 775 TEST(scheme->scheme); |
| 20565 | 776 |
| 20566 | 777 // _cpri__DecryptRSA may return CRYPT_PARAMETER CRYPT_FAIL CRYPT_SCHEME |
| 20567 | 778 retVal = _cpri__DecryptRSA(&dSize, dataOut, &key, scheme->scheme, |
| 20568 | 779 cipherInSize, cipherIn, hashAlg, label); |
| 20569 | 780 |
| 20570 | 781 // Scheme must have been validated when the key was loaded/imported |
| 20571 | 782 pAssert(retVal != CRYPT_SCHEME); |
| 20572 | 783 |
| 20573 | 784 // Set the return size |
| 20574 | |
| 20575 | Page 290 TCG Published Family "2.0" |
| 20576 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 20577 | Part 4: Supporting Routines Trusted Platform Module Library |
| 20578 | |
| 20579 | 785 pAssert(dSize <= UINT16_MAX); |
| 20580 | 786 *dataOutSize = (UINT16)dSize; |
| 20581 | 787 |
| 20582 | 788 // CRYPT_PARAMETER -> TPM_RC_VALUE, CRYPT_FAIL -> TPM_RC_VALUE |
| 20583 | 789 result = TranslateCryptErrors(retVal); |
| 20584 | 790 } |
| 20585 | 791 } |
| 20586 | 792 return result; |
| 20587 | 793 } |
| 20588 | |
| 20589 | |
| 20590 | 10.2.5.7 CryptEncryptRSA() |
| 20591 | |
| 20592 | This function provides the interface to _cpri__EncryptRSA(). The object referenced by rsaKey is required |
| 20593 | to be an RSA decryption key. |
| 20594 | |
| 20595 | Error Returns Meaning |
| 20596 | |
| 20597 | TPM_RC_SCHEME scheme is not supported |
| 20598 | TPM_RC_VALUE numeric value of dataIn is greater than the key modulus |
| 20599 | |
| 20600 | 794 TPM_RC |
| 20601 | 795 CryptEncryptRSA( |
| 20602 | 796 UINT16 *cipherOutSize, // OUT: size of cipher text in byte |
| 20603 | 797 BYTE *cipherOut, // OUT: cipher text |
| 20604 | 798 OBJECT *rsaKey, // IN: internal RSA key |
| 20605 | 799 TPMT_RSA_DECRYPT *scheme, // IN: selects the padding scheme |
| 20606 | 800 UINT16 dataInSize, // IN: size of plain text in byte |
| 20607 | 801 BYTE *dataIn, // IN: plain text |
| 20608 | 802 const char *label // IN: an optional label |
| 20609 | 803 ) |
| 20610 | 804 { |
| 20611 | 805 RSA_KEY key; |
| 20612 | 806 CRYPT_RESULT retVal; |
| 20613 | 807 UINT32 cOutSize; // Conversion variable |
| 20614 | 808 TPMI_ALG_HASH hashAlg = TPM_ALG_NULL; // hash algorithm in selected |
| 20615 | 809 // padding scheme |
| 20616 | 810 |
| 20617 | 811 // must have a pointer to a key and some data to encrypt |
| 20618 | 812 pAssert(rsaKey != NULL && dataIn != NULL); |
| 20619 | 813 |
| 20620 | 814 // The public type is a RSA decryption key |
| 20621 | 815 pAssert( rsaKey->publicArea.type == TPM_ALG_RSA |
| 20622 | 816 && rsaKey->publicArea.objectAttributes.decrypt == SET); |
| 20623 | 817 |
| 20624 | 818 // If the cipher buffer must be provided and it must be large enough |
| 20625 | 819 // for the result |
| 20626 | 820 pAssert( cipherOut != NULL |
| 20627 | 821 && cipherOutSize != NULL |
| 20628 | 822 && *cipherOutSize >= rsaKey->publicArea.unique.rsa.t.size); |
| 20629 | 823 |
| 20630 | 824 // Only need the public key and exponent for encryption |
| 20631 | 825 BuildRSA(rsaKey, &key); |
| 20632 | 826 |
| 20633 | 827 // Copy the size to the conversion buffer |
| 20634 | 828 cOutSize = *cipherOutSize; |
| 20635 | 829 |
| 20636 | 830 // For OAEP scheme, initialize the hash algorithm for padding |
| 20637 | 831 if(scheme->scheme == TPM_ALG_OAEP) |
| 20638 | 832 { |
| 20639 | 833 hashAlg = scheme->details.oaep.hashAlg; |
| 20640 | 834 TEST_HASH(hashAlg); |
| 20641 | 835 } |
| 20642 | 836 |
| 20643 | |
| 20644 | Family "2.0" TCG Published Page 291 |
| 20645 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 20646 | Trusted Platform Module Library Part 4: Supporting Routines |
| 20647 | |
| 20648 | 837 // This is a public key operation and does not require that the private key |
| 20649 | 838 // be loaded. To verify this, need to do the full algorithm |
| 20650 | 839 TEST(scheme->scheme); |
| 20651 | 840 |
| 20652 | 841 // Encrypt the data with the public exponent |
| 20653 | 842 // _cpri__EncryptRSA may return CRYPT_PARAMETER or CRYPT_SCHEME |
| 20654 | 843 retVal = _cpri__EncryptRSA(&cOutSize,cipherOut, &key, scheme->scheme, |
| 20655 | 844 dataInSize, dataIn, hashAlg, label); |
| 20656 | 845 |
| 20657 | 846 pAssert (cOutSize <= UINT16_MAX); |
| 20658 | 847 *cipherOutSize = (UINT16)cOutSize; |
| 20659 | 848 // CRYPT_PARAMETER -> TPM_RC_VALUE, CRYPT_SCHEME -> TPM_RC_SCHEME |
| 20660 | 849 return TranslateCryptErrors(retVal); |
| 20661 | 850 } |
| 20662 | |
| 20663 | |
| 20664 | 10.2.5.8 CryptSignRSA() |
| 20665 | |
| 20666 | This function is used to sign a digest with an RSA signing key. |
| 20667 | |
| 20668 | Error Returns Meaning |
| 20669 | |
| 20670 | TPM_RC_BINDING public and private part of signKey are not properly bound |
| 20671 | TPM_RC_SCHEME scheme is not supported |
| 20672 | TPM_RC_VALUE hashData is larger than the modulus of signKey, or the size of |
| 20673 | hashData does not match hash algorithm in scheme |
| 20674 | |
| 20675 | 851 static TPM_RC |
| 20676 | 852 CryptSignRSA( |
| 20677 | 853 OBJECT *signKey, // IN: RSA key signs the hash |
| 20678 | 854 TPMT_SIG_SCHEME *scheme, // IN: sign scheme |
| 20679 | 855 TPM2B_DIGEST *hashData, // IN: hash to be signed |
| 20680 | 856 TPMT_SIGNATURE *sig // OUT: signature |
| 20681 | 857 ) |
| 20682 | 858 { |
| 20683 | 859 UINT32 signSize; |
| 20684 | 860 RSA_KEY key; |
| 20685 | 861 CRYPT_RESULT retVal; |
| 20686 | 862 TPM_RC result = TPM_RC_SUCCESS; |
| 20687 | 863 |
| 20688 | 864 pAssert( (signKey != NULL) && (scheme != NULL) |
| 20689 | 865 && (hashData != NULL) && (sig != NULL)); |
| 20690 | 866 |
| 20691 | 867 // assume that the key has private part loaded and that it is a signing key. |
| 20692 | 868 pAssert( (signKey->attributes.publicOnly == CLEAR) |
| 20693 | 869 && (signKey->publicArea.objectAttributes.sign == SET)); |
| 20694 | 870 |
| 20695 | 871 // check if the private exponent has been computed |
| 20696 | 872 if(signKey->attributes.privateExp == CLEAR) |
| 20697 | 873 // May return TPM_RC_BINDING |
| 20698 | 874 result = CryptLoadPrivateRSA(signKey); |
| 20699 | 875 |
| 20700 | 876 if(result == TPM_RC_SUCCESS) |
| 20701 | 877 { |
| 20702 | 878 BuildRSA(signKey, &key); |
| 20703 | 879 |
| 20704 | 880 // Make sure that the hash is tested |
| 20705 | 881 TEST_HASH(sig->signature.any.hashAlg); |
| 20706 | 882 |
| 20707 | 883 // Run a test of the RSA sign |
| 20708 | 884 TEST(scheme->scheme); |
| 20709 | 885 |
| 20710 | 886 // _crypi__SignRSA can return CRYPT_SCHEME and CRYPT_PARAMETER |
| 20711 | 887 retVal = _cpri__SignRSA(&signSize, |
| 20712 | |
| 20713 | Page 292 TCG Published Family "2.0" |
| 20714 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 20715 | Part 4: Supporting Routines Trusted Platform Module Library |
| 20716 | |
| 20717 | 888 sig->signature.rsassa.sig.t.buffer, |
| 20718 | 889 &key, |
| 20719 | 890 sig->sigAlg, |
| 20720 | 891 sig->signature.any.hashAlg, |
| 20721 | 892 hashData->t.size, hashData->t.buffer); |
| 20722 | 893 pAssert(signSize <= UINT16_MAX); |
| 20723 | 894 sig->signature.rsassa.sig.t.size = (UINT16)signSize; |
| 20724 | 895 |
| 20725 | 896 // CRYPT_SCHEME -> TPM_RC_SCHEME; CRYPT_PARAMTER -> TPM_RC_VALUE |
| 20726 | 897 result = TranslateCryptErrors(retVal); |
| 20727 | 898 } |
| 20728 | 899 return result; |
| 20729 | 900 } |
| 20730 | |
| 20731 | |
| 20732 | 10.2.5.9 CryptRSAVerifySignature() |
| 20733 | |
| 20734 | This function is used to verify signature signed by a RSA key. |
| 20735 | |
| 20736 | Error Returns Meaning |
| 20737 | |
| 20738 | TPM_RC_SIGNATURE if signature is not genuine |
| 20739 | TPM_RC_SCHEME signature scheme not supported |
| 20740 | |
| 20741 | 901 static TPM_RC |
| 20742 | 902 CryptRSAVerifySignature( |
| 20743 | 903 OBJECT *signKey, // IN: RSA key signed the hash |
| 20744 | 904 TPM2B_DIGEST *digestData, // IN: digest being signed |
| 20745 | 905 TPMT_SIGNATURE *sig // IN: signature to be verified |
| 20746 | 906 ) |
| 20747 | 907 { |
| 20748 | 908 RSA_KEY key; |
| 20749 | 909 CRYPT_RESULT retVal; |
| 20750 | 910 TPM_RC result; |
| 20751 | 911 |
| 20752 | 912 // Validate parameter assumptions |
| 20753 | 913 pAssert((signKey != NULL) && (digestData != NULL) && (sig != NULL)); |
| 20754 | 914 |
| 20755 | 915 TEST_HASH(sig->signature.any.hashAlg); |
| 20756 | 916 TEST(sig->sigAlg); |
| 20757 | 917 |
| 20758 | 918 // This is a public-key-only operation |
| 20759 | 919 BuildRSA(signKey, &key); |
| 20760 | 920 |
| 20761 | 921 // Call crypto engine to verify signature |
| 20762 | 922 // _cpri_ValidateSignaturRSA may return CRYPT_FAIL or CRYPT_SCHEME |
| 20763 | 923 retVal = _cpri__ValidateSignatureRSA(&key, |
| 20764 | 924 sig->sigAlg, |
| 20765 | 925 sig->signature.any.hashAlg, |
| 20766 | 926 digestData->t.size, |
| 20767 | 927 digestData->t.buffer, |
| 20768 | 928 sig->signature.rsassa.sig.t.size, |
| 20769 | 929 sig->signature.rsassa.sig.t.buffer, |
| 20770 | 930 0); |
| 20771 | 931 // _cpri__ValidateSignatureRSA can return CRYPT_SUCCESS, CRYPT_FAIL, or |
| 20772 | 932 // CRYPT_SCHEME. Translate CRYPT_FAIL to TPM_RC_SIGNATURE |
| 20773 | 933 if(retVal == CRYPT_FAIL) |
| 20774 | 934 result = TPM_RC_SIGNATURE; |
| 20775 | 935 else |
| 20776 | 936 // CRYPT_SCHEME -> TPM_RC_SCHEME |
| 20777 | 937 result = TranslateCryptErrors(retVal); |
| 20778 | 938 |
| 20779 | 939 return result; |
| 20780 | 940 } |
| 20781 | |
| 20782 | |
| 20783 | Family "2.0" TCG Published Page 293 |
| 20784 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 20785 | Trusted Platform Module Library Part 4: Supporting Routines |
| 20786 | |
| 20787 | 941 #endif //TPM_ALG_RSA //% 2 |
| 20788 | |
| 20789 | |
| 20790 | 10.2.6 ECC Functions |
| 20791 | |
| 20792 | 10.2.6.1 CryptEccGetCurveDataPointer() |
| 20793 | |
| 20794 | This function returns a pointer to an ECC_CURVE_VALUES structure that contains the parameters for |
| 20795 | the key size and schemes for a given curve. |
| 20796 | |
| 20797 | 942 #ifdef TPM_ALG_ECC //% 3 |
| 20798 | 943 static const ECC_CURVE * |
| 20799 | 944 CryptEccGetCurveDataPointer( |
| 20800 | 945 TPM_ECC_CURVE curveID // IN: id of the curve |
| 20801 | 946 ) |
| 20802 | 947 { |
| 20803 | 948 return _cpri__EccGetParametersByCurveId(curveID); |
| 20804 | 949 } |
| 20805 | |
| 20806 | |
| 20807 | 10.2.6.2 CryptEccGetKeySizeInBits() |
| 20808 | |
| 20809 | This function returns the size in bits of the key associated with a curve. |
| 20810 | |
| 20811 | 950 UINT16 |
| 20812 | 951 CryptEccGetKeySizeInBits( |
| 20813 | 952 TPM_ECC_CURVE curveID // IN: id of the curve |
| 20814 | 953 ) |
| 20815 | 954 { |
| 20816 | 955 const ECC_CURVE *curve = CryptEccGetCurveDataPointer(curveID); |
| 20817 | 956 UINT16 keySizeInBits = 0; |
| 20818 | 957 |
| 20819 | 958 if(curve != NULL) |
| 20820 | 959 keySizeInBits = curve->keySizeBits; |
| 20821 | 960 |
| 20822 | 961 return keySizeInBits; |
| 20823 | 962 } |
| 20824 | |
| 20825 | |
| 20826 | 10.2.6.3 CryptEccGetKeySizeBytes() |
| 20827 | |
| 20828 | This macro returns the size of the ECC key in bytes. It uses CryptEccGetKeySizeInBits(). |
| 20829 | |
| 20830 | 963 // The next lines will be placed in CyrptUtil_fp.h with the //% removed |
| 20831 | 964 //% #define CryptEccGetKeySizeInBytes(curve) \ |
| 20832 | 965 //% ((CryptEccGetKeySizeInBits(curve)+7)/8) |
| 20833 | |
| 20834 | |
| 20835 | 10.2.6.4 CryptEccGetParameter() |
| 20836 | |
| 20837 | This function returns a pointer to an ECC curve parameter. The parameter is selected by a single |
| 20838 | character designator from the set of {pnabxyh}. |
| 20839 | |
| 20840 | 966 LIB_EXPORT const TPM2B * |
| 20841 | 967 CryptEccGetParameter( |
| 20842 | 968 char p, // IN: the parameter selector |
| 20843 | 969 TPM_ECC_CURVE curveId // IN: the curve id |
| 20844 | 970 ) |
| 20845 | 971 { |
| 20846 | 972 const ECC_CURVE *curve = _cpri__EccGetParametersByCurveId(curveId); |
| 20847 | 973 const TPM2B *parameter = NULL; |
| 20848 | 974 |
| 20849 | 975 if(curve != NULL) |
| 20850 | |
| 20851 | Page 294 TCG Published Family "2.0" |
| 20852 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 20853 | Part 4: Supporting Routines Trusted Platform Module Library |
| 20854 | |
| 20855 | 976 { |
| 20856 | 977 switch (p) |
| 20857 | 978 { |
| 20858 | 979 case 'p': |
| 20859 | 980 parameter = curve->curveData->p; |
| 20860 | 981 break; |
| 20861 | 982 case 'n': |
| 20862 | 983 parameter = curve->curveData->n; |
| 20863 | 984 break; |
| 20864 | 985 case 'a': |
| 20865 | 986 parameter = curve->curveData->a; |
| 20866 | 987 break; |
| 20867 | 988 case 'b': |
| 20868 | 989 parameter = curve->curveData->b; |
| 20869 | 990 break; |
| 20870 | 991 case 'x': |
| 20871 | 992 parameter = curve->curveData->x; |
| 20872 | 993 break; |
| 20873 | 994 case 'y': |
| 20874 | 995 parameter = curve->curveData->y; |
| 20875 | 996 break; |
| 20876 | 997 case 'h': |
| 20877 | 998 parameter = curve->curveData->h; |
| 20878 | 999 break; |
| 20879 | 1000 default: |
| 20880 | 1001 break; |
| 20881 | 1002 } |
| 20882 | 1003 } |
| 20883 | 1004 return parameter; |
| 20884 | 1005 } |
| 20885 | |
| 20886 | |
| 20887 | 10.2.6.5 CryptGetCurveSignScheme() |
| 20888 | |
| 20889 | This function will return a pointer to the scheme of the curve. |
| 20890 | |
| 20891 | 1006 const TPMT_ECC_SCHEME * |
| 20892 | 1007 CryptGetCurveSignScheme( |
| 20893 | 1008 TPM_ECC_CURVE curveId // IN: The curve selector |
| 20894 | 1009 ) |
| 20895 | 1010 { |
| 20896 | 1011 const ECC_CURVE *curve = _cpri__EccGetParametersByCurveId(curveId); |
| 20897 | 1012 const TPMT_ECC_SCHEME *scheme = NULL; |
| 20898 | 1013 |
| 20899 | 1014 if(curve != NULL) |
| 20900 | 1015 scheme = &(curve->sign); |
| 20901 | 1016 return scheme; |
| 20902 | 1017 } |
| 20903 | |
| 20904 | |
| 20905 | 10.2.6.6 CryptEccIsPointOnCurve() |
| 20906 | |
| 20907 | This function will validate that an ECC point is on the curve of given curveID. |
| 20908 | |
| 20909 | Return Value Meaning |
| 20910 | |
| 20911 | TRUE if the point is on curve |
| 20912 | FALSE if the point is not on curve |
| 20913 | |
| 20914 | 1018 BOOL |
| 20915 | 1019 CryptEccIsPointOnCurve( |
| 20916 | 1020 TPM_ECC_CURVE curveID, // IN: ECC curve ID |
| 20917 | 1021 TPMS_ECC_POINT *Q // IN: ECC point |
| 20918 | 1022 ) |
| 20919 | |
| 20920 | Family "2.0" TCG Published Page 295 |
| 20921 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 20922 | Trusted Platform Module Library Part 4: Supporting Routines |
| 20923 | |
| 20924 | 1023 { |
| 20925 | 1024 // Make sure that point multiply is working |
| 20926 | 1025 TEST(TPM_ALG_ECC); |
| 20927 | 1026 // Check point on curve logic by seeing if the test key is on the curve |
| 20928 | 1027 |
| 20929 | 1028 // Call crypto engine function to check if a ECC public point is on the |
| 20930 | 1029 // given curve |
| 20931 | 1030 if(_cpri__EccIsPointOnCurve(curveID, Q)) |
| 20932 | 1031 return TRUE; |
| 20933 | 1032 else |
| 20934 | 1033 return FALSE; |
| 20935 | 1034 } |
| 20936 | |
| 20937 | |
| 20938 | 10.2.6.7 CryptNewEccKey() |
| 20939 | |
| 20940 | This function creates a random ECC key that is not derived from other parameters as is a Primary Key. |
| 20941 | |
| 20942 | 1035 TPM_RC |
| 20943 | 1036 CryptNewEccKey( |
| 20944 | 1037 TPM_ECC_CURVE curveID, // IN: ECC curve |
| 20945 | 1038 TPMS_ECC_POINT *publicPoint, // OUT: public point |
| 20946 | 1039 TPM2B_ECC_PARAMETER *sensitive // OUT: private area |
| 20947 | 1040 ) |
| 20948 | 1041 { |
| 20949 | 1042 TPM_RC result = TPM_RC_SUCCESS; |
| 20950 | 1043 // _cpri__GetEphemeralECC may return CRYPT_PARAMETER |
| 20951 | 1044 if(_cpri__GetEphemeralEcc(publicPoint, sensitive, curveID) != CRYPT_SUCCESS) |
| 20952 | 1045 // Something is wrong with the key. |
| 20953 | 1046 result = TPM_RC_KEY; |
| 20954 | 1047 |
| 20955 | 1048 return result; |
| 20956 | 1049 } |
| 20957 | |
| 20958 | |
| 20959 | 10.2.6.8 CryptEccPointMultiply() |
| 20960 | |
| 20961 | This function is used to perform a point multiply R = [d]Q. If Q is not provided, the multiplication is |
| 20962 | performed using the generator point of the curve. |
| 20963 | |
| 20964 | Error Returns Meaning |
| 20965 | |
| 20966 | TPM_RC_ECC_POINT invalid optional ECC point pIn |
| 20967 | TPM_RC_NO_RESULT multiplication resulted in a point at infinity |
| 20968 | TPM_RC_CANCELED if a self-test was done, it might have been aborted |
| 20969 | |
| 20970 | 1050 TPM_RC |
| 20971 | 1051 CryptEccPointMultiply( |
| 20972 | 1052 TPMS_ECC_POINT *pOut, // OUT: output point |
| 20973 | 1053 TPM_ECC_CURVE curveId, // IN: curve selector |
| 20974 | 1054 TPM2B_ECC_PARAMETER *dIn, // IN: public scalar |
| 20975 | 1055 TPMS_ECC_POINT *pIn // IN: optional point |
| 20976 | 1056 ) |
| 20977 | 1057 { |
| 20978 | 1058 TPM2B_ECC_PARAMETER *n = NULL; |
| 20979 | 1059 CRYPT_RESULT retVal; |
| 20980 | 1060 |
| 20981 | 1061 pAssert(pOut != NULL && dIn != NULL); |
| 20982 | 1062 |
| 20983 | 1063 if(pIn != NULL) |
| 20984 | 1064 { |
| 20985 | 1065 n = dIn; |
| 20986 | 1066 dIn = NULL; |
| 20987 | |
| 20988 | Page 296 TCG Published Family "2.0" |
| 20989 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 20990 | Part 4: Supporting Routines Trusted Platform Module Library |
| 20991 | |
| 20992 | 1067 } |
| 20993 | 1068 // Do a test of point multiply |
| 20994 | 1069 TEST(TPM_ALG_ECC); |
| 20995 | 1070 |
| 20996 | 1071 // _cpri__EccPointMultiply may return CRYPT_POINT or CRYPT_NO_RESULT |
| 20997 | 1072 retVal = _cpri__EccPointMultiply(pOut, curveId, dIn, pIn, n); |
| 20998 | 1073 |
| 20999 | 1074 // CRYPT_POINT->TPM_RC_ECC_POINT and CRYPT_NO_RESULT->TPM_RC_NO_RESULT |
| 21000 | 1075 return TranslateCryptErrors(retVal); |
| 21001 | 1076 } |
| 21002 | |
| 21003 | |
| 21004 | 10.2.6.9 CryptGenerateKeyECC() |
| 21005 | |
| 21006 | This function generates an ECC key from a seed value. |
| 21007 | The method here may not work for objects that have an order (G) that with a different size than a private |
| 21008 | key. |
| 21009 | |
| 21010 | Error Returns Meaning |
| 21011 | |
| 21012 | TPM_RC_VALUE hash algorithm is not supported |
| 21013 | |
| 21014 | 1077 static TPM_RC |
| 21015 | 1078 CryptGenerateKeyECC( |
| 21016 | 1079 TPMT_PUBLIC *publicArea, // IN/OUT: The public area template for the new |
| 21017 | 1080 // key. |
| 21018 | 1081 TPMT_SENSITIVE *sensitive, // IN/OUT: the sensitive area |
| 21019 | 1082 TPM_ALG_ID hashAlg, // IN: algorithm for the KDF |
| 21020 | 1083 TPM2B_SEED *seed, // IN: the seed value |
| 21021 | 1084 TPM2B_NAME *name, // IN: the name of the object |
| 21022 | 1085 UINT32 *counter // OUT: the iteration counter |
| 21023 | 1086 ) |
| 21024 | 1087 { |
| 21025 | 1088 CRYPT_RESULT retVal; |
| 21026 | 1089 |
| 21027 | 1090 TEST_HASH(hashAlg); |
| 21028 | 1091 TEST(ALG_ECDSA_VALUE); // ECDSA is used to verify each key |
| 21029 | 1092 |
| 21030 | 1093 // The iteration counter has no meaning for ECC key generation. The parameter |
| 21031 | 1094 // will be overloaded for those implementations that have a requirement for |
| 21032 | 1095 // doing pair-wise consistency checks on signing keys. If the counter parameter |
| 21033 | 1096 // is 0 or NULL, then no consistency check is done. If it is other than 0, then |
| 21034 | 1097 // a consistency check is run. This modification allow this code to work with |
| 21035 | 1098 // the existing versions of the CrytpoEngine and with FIPS-compliant versions |
| 21036 | 1099 // as well. |
| 21037 | 1100 *counter = (UINT32)(publicArea->objectAttributes.sign == SET); |
| 21038 | 1101 |
| 21039 | 1102 // _cpri__GenerateKeyEcc only has one error return (CRYPT_PARAMETER) which means |
| 21040 | 1103 // that the hash algorithm is not supported. This should not be possible |
| 21041 | 1104 retVal = _cpri__GenerateKeyEcc(&publicArea->unique.ecc, |
| 21042 | 1105 &sensitive->sensitive.ecc, |
| 21043 | 1106 publicArea->parameters.eccDetail.curveID, |
| 21044 | 1107 hashAlg, &seed->b, "ECC key by vendor", |
| 21045 | 1108 &name->b, counter); |
| 21046 | 1109 // This will only be useful if _cpri__GenerateKeyEcc return CRYPT_CANCEL |
| 21047 | 1110 return TranslateCryptErrors(retVal); |
| 21048 | 1111 } |
| 21049 | |
| 21050 | |
| 21051 | 10.2.6.10 CryptSignECC() |
| 21052 | |
| 21053 | This function is used for ECC signing operations. If the signing scheme is a split scheme, and the signing |
| 21054 | operation is successful, the commit value is retired. |
| 21055 | |
| 21056 | |
| 21057 | Family "2.0" TCG Published Page 297 |
| 21058 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 21059 | Trusted Platform Module Library Part 4: Supporting Routines |
| 21060 | |
| 21061 | |
| 21062 | Error Returns Meaning |
| 21063 | |
| 21064 | TPM_RC_SCHEME unsupported scheme |
| 21065 | TPM_RC_VALUE invalid commit status (in case of a split scheme) or failed to generate |
| 21066 | r value. |
| 21067 | |
| 21068 | 1112 static TPM_RC |
| 21069 | 1113 CryptSignECC( |
| 21070 | 1114 OBJECT *signKey, // IN: ECC key to sign the hash |
| 21071 | 1115 TPMT_SIG_SCHEME *scheme, // IN: sign scheme |
| 21072 | 1116 TPM2B_DIGEST *hashData, // IN: hash to be signed |
| 21073 | 1117 TPMT_SIGNATURE *signature // OUT: signature |
| 21074 | 1118 ) |
| 21075 | 1119 { |
| 21076 | 1120 TPM2B_ECC_PARAMETER r; |
| 21077 | 1121 TPM2B_ECC_PARAMETER *pr = NULL; |
| 21078 | 1122 CRYPT_RESULT retVal; |
| 21079 | 1123 |
| 21080 | 1124 // Run a test of the ECC sign and verify if it has not already been run |
| 21081 | 1125 TEST_HASH(scheme->details.any.hashAlg); |
| 21082 | 1126 TEST(scheme->scheme); |
| 21083 | 1127 |
| 21084 | 1128 if(CryptIsSplitSign(scheme->scheme)) |
| 21085 | 1129 { |
| 21086 | 1130 // When this code was written, the only split scheme was ECDAA |
| 21087 | 1131 // (which can also be used for U-Prove). |
| 21088 | 1132 if(!CryptGenerateR(&r, |
| 21089 | 1133 &scheme->details.ecdaa.count, |
| 21090 | 1134 signKey->publicArea.parameters.eccDetail.curveID, |
| 21091 | 1135 &signKey->name)) |
| 21092 | 1136 return TPM_RC_VALUE; |
| 21093 | 1137 pr = &r; |
| 21094 | 1138 } |
| 21095 | 1139 // Call crypto engine function to sign |
| 21096 | 1140 // _cpri__SignEcc may return CRYPT_SCHEME |
| 21097 | 1141 retVal = _cpri__SignEcc(&signature->signature.ecdsa.signatureR, |
| 21098 | 1142 &signature->signature.ecdsa.signatureS, |
| 21099 | 1143 scheme->scheme, |
| 21100 | 1144 scheme->details.any.hashAlg, |
| 21101 | 1145 signKey->publicArea.parameters.eccDetail.curveID, |
| 21102 | 1146 &signKey->sensitive.sensitive.ecc, |
| 21103 | 1147 &hashData->b, |
| 21104 | 1148 pr |
| 21105 | 1149 ); |
| 21106 | 1150 if(CryptIsSplitSign(scheme->scheme) && retVal == CRYPT_SUCCESS) |
| 21107 | 1151 CryptEndCommit(scheme->details.ecdaa.count); |
| 21108 | 1152 // CRYPT_SCHEME->TPM_RC_SCHEME |
| 21109 | 1153 return TranslateCryptErrors(retVal); |
| 21110 | 1154 } |
| 21111 | |
| 21112 | |
| 21113 | 10.2.6.11 CryptECCVerifySignature() |
| 21114 | |
| 21115 | This function is used to verify a signature created with an ECC key. |
| 21116 | |
| 21117 | Error Returns Meaning |
| 21118 | |
| 21119 | TPM_RC_SIGNATURE if signature is not valid |
| 21120 | TPM_RC_SCHEME the signing scheme or hashAlg is not supported |
| 21121 | |
| 21122 | 1155 static TPM_RC |
| 21123 | 1156 CryptECCVerifySignature( |
| 21124 | 1157 OBJECT *signKey, // IN: ECC key signed the hash |
| 21125 | |
| 21126 | Page 298 TCG Published Family "2.0" |
| 21127 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 21128 | Part 4: Supporting Routines Trusted Platform Module Library |
| 21129 | |
| 21130 | 1158 TPM2B_DIGEST *digestData, // IN: digest being signed |
| 21131 | 1159 TPMT_SIGNATURE *signature // IN: signature to be verified |
| 21132 | 1160 ) |
| 21133 | 1161 { |
| 21134 | 1162 CRYPT_RESULT retVal; |
| 21135 | 1163 |
| 21136 | 1164 TEST_HASH(signature->signature.any.hashAlg); |
| 21137 | 1165 TEST(signature->sigAlg); |
| 21138 | 1166 |
| 21139 | 1167 // This implementation uses the fact that all the defined ECC signing |
| 21140 | 1168 // schemes have the hash as the first parameter. |
| 21141 | 1169 // _cpriValidateSignatureEcc may return CRYPT_FAIL or CRYP_SCHEME |
| 21142 | 1170 retVal = _cpri__ValidateSignatureEcc(&signature->signature.ecdsa.signatureR, |
| 21143 | 1171 &signature->signature.ecdsa.signatureS, |
| 21144 | 1172 signature->sigAlg, |
| 21145 | 1173 signature->signature.any.hashAlg, |
| 21146 | 1174 signKey->publicArea.parameters.eccDetail.curveID, |
| 21147 | 1175 &signKey->publicArea.unique.ecc, |
| 21148 | 1176 &digestData->b); |
| 21149 | 1177 if(retVal == CRYPT_FAIL) |
| 21150 | 1178 return TPM_RC_SIGNATURE; |
| 21151 | 1179 // CRYPT_SCHEME->TPM_RC_SCHEME |
| 21152 | 1180 return TranslateCryptErrors(retVal); |
| 21153 | 1181 } |
| 21154 | |
| 21155 | |
| 21156 | 10.2.6.12 CryptGenerateR() |
| 21157 | |
| 21158 | This function computes the commit random value for a split signing scheme. |
| 21159 | If c is NULL, it indicates that r is being generated for TPM2_Commit(). If c is not NULL, the TPM will |
| 21160 | validate that the gr.commitArray bit associated with the input value of c is SET. If not, the TPM returns |
| 21161 | FALSE and no r value is generated. |
| 21162 | |
| 21163 | Return Value Meaning |
| 21164 | |
| 21165 | TRUE r value computed |
| 21166 | FALSE no r value computed |
| 21167 | |
| 21168 | 1182 BOOL |
| 21169 | 1183 CryptGenerateR( |
| 21170 | 1184 TPM2B_ECC_PARAMETER *r, // OUT: the generated random value |
| 21171 | 1185 UINT16 *c, // IN/OUT: count value. |
| 21172 | 1186 TPMI_ECC_CURVE curveID, // IN: the curve for the value |
| 21173 | 1187 TPM2B_NAME *name // IN: optional name of a key to |
| 21174 | 1188 // associate with 'r' |
| 21175 | 1189 ) |
| 21176 | 1190 { |
| 21177 | 1191 // This holds the marshaled g_commitCounter. |
| 21178 | 1192 TPM2B_TYPE(8B, 8); |
| 21179 | 1193 TPM2B_8B cntr = {8,{0}}; |
| 21180 | 1194 |
| 21181 | 1195 UINT32 iterations; |
| 21182 | 1196 const TPM2B *n; |
| 21183 | 1197 UINT64 currentCount = gr.commitCounter; |
| 21184 | 1198 // This is just to suppress a compiler warning about a conditional expression |
| 21185 | 1199 // being a constant. This is because of the macro expansion of ryptKDFa |
| 21186 | 1200 TPMI_ALG_HASH hashAlg = CONTEXT_INTEGRITY_HASH_ALG; |
| 21187 | 1201 |
| 21188 | 1202 n = CryptEccGetParameter('n', curveID); |
| 21189 | 1203 pAssert(r != NULL && n != NULL); |
| 21190 | 1204 |
| 21191 | 1205 // If this is the commit phase, use the current value of the commit counter |
| 21192 | 1206 if(c != NULL) |
| 21193 | |
| 21194 | |
| 21195 | Family "2.0" TCG Published Page 299 |
| 21196 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 21197 | Trusted Platform Module Library Part 4: Supporting Routines |
| 21198 | |
| 21199 | 1207 { |
| 21200 | 1208 |
| 21201 | 1209 UINT16 t1; |
| 21202 | 1210 // if the array bit is not set, can't use the value. |
| 21203 | 1211 if(!BitIsSet((*c & COMMIT_INDEX_MASK), gr.commitArray, |
| 21204 | 1212 sizeof(gr.commitArray))) |
| 21205 | 1213 return FALSE; |
| 21206 | 1214 |
| 21207 | 1215 // If it is the sign phase, figure out what the counter value was |
| 21208 | 1216 // when the commitment was made. |
| 21209 | 1217 // |
| 21210 | 1218 // When gr.commitArray has less than 64K bits, the extra |
| 21211 | 1219 // bits of 'c' are used as a check to make sure that the |
| 21212 | 1220 // signing operation is not using an out of range count value |
| 21213 | 1221 t1 = (UINT16)currentCount; |
| 21214 | 1222 |
| 21215 | 1223 // If the lower bits of c are greater or equal to the lower bits of t1 |
| 21216 | 1224 // then the upper bits of t1 must be one more than the upper bits |
| 21217 | 1225 // of c |
| 21218 | 1226 if((*c & COMMIT_INDEX_MASK) >= (t1 & COMMIT_INDEX_MASK)) |
| 21219 | 1227 // Since the counter is behind, reduce the current count |
| 21220 | 1228 currentCount = currentCount - (COMMIT_INDEX_MASK + 1); |
| 21221 | 1229 |
| 21222 | 1230 t1 = (UINT16)currentCount; |
| 21223 | 1231 if((t1 & ~COMMIT_INDEX_MASK) != (*c & ~COMMIT_INDEX_MASK)) |
| 21224 | 1232 return FALSE; |
| 21225 | 1233 // set the counter to the value that was |
| 21226 | 1234 // present when the commitment was made |
| 21227 | 1235 currentCount = (currentCount & 0xffffffffffff0000) | *c; |
| 21228 | 1236 |
| 21229 | 1237 } |
| 21230 | 1238 // Marshal the count value to a TPM2B buffer for the KDF |
| 21231 | 1239 cntr.t.size = sizeof(currentCount); |
| 21232 | 1240 UINT64_TO_BYTE_ARRAY(currentCount, cntr.t.buffer); |
| 21233 | 1241 |
| 21234 | 1242 // Now can do the KDF to create the random value for the signing operation |
| 21235 | 1243 // During the creation process, we may generate an r that does not meet the |
| 21236 | 1244 // requirements of the random value. |
| 21237 | 1245 // want to generate a new r. |
| 21238 | 1246 |
| 21239 | 1247 r->t.size = n->size; |
| 21240 | 1248 |
| 21241 | 1249 // Arbitrary upper limit on the number of times that we can look for |
| 21242 | 1250 // a suitable random value. The normally number of tries will be 1. |
| 21243 | 1251 for(iterations = 1; iterations < 1000000;) |
| 21244 | 1252 { |
| 21245 | 1253 BYTE *pr = &r->b.buffer[0]; |
| 21246 | 1254 int i; |
| 21247 | 1255 CryptKDFa(hashAlg, &gr.commitNonce.b, "ECDAA Commit", |
| 21248 | 1256 name, &cntr.b, n->size * 8, r->t.buffer, &iterations); |
| 21249 | 1257 |
| 21250 | 1258 // random value must be less than the prime |
| 21251 | 1259 if(CryptCompare(r->b.size, r->b.buffer, n->size, n->buffer) >= 0) |
| 21252 | 1260 continue; |
| 21253 | 1261 |
| 21254 | 1262 // in this implementation it is required that at least bit |
| 21255 | 1263 // in the upper half of the number be set |
| 21256 | 1264 for(i = n->size/2; i > 0; i--) |
| 21257 | 1265 if(*pr++ != 0) |
| 21258 | 1266 return TRUE; |
| 21259 | 1267 } |
| 21260 | 1268 return FALSE; |
| 21261 | 1269 } |
| 21262 | |
| 21263 | |
| 21264 | |
| 21265 | |
| 21266 | Page 300 TCG Published Family "2.0" |
| 21267 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 21268 | Part 4: Supporting Routines Trusted Platform Module Library |
| 21269 | |
| 21270 | 10.2.6.13 CryptCommit() |
| 21271 | |
| 21272 | This function is called when the count value is committed. The gr.commitArray value associated with the |
| 21273 | current count value is SET and g_commitCounter is incremented. The low-order 16 bits of old value of the |
| 21274 | counter is returned. |
| 21275 | |
| 21276 | 1270 UINT16 |
| 21277 | 1271 CryptCommit( |
| 21278 | 1272 void |
| 21279 | 1273 ) |
| 21280 | 1274 { |
| 21281 | 1275 UINT16 oldCount = (UINT16)gr.commitCounter; |
| 21282 | 1276 gr.commitCounter++; |
| 21283 | 1277 BitSet(oldCount & COMMIT_INDEX_MASK, gr.commitArray, sizeof(gr.commitArray)); |
| 21284 | 1278 return oldCount; |
| 21285 | 1279 } |
| 21286 | |
| 21287 | |
| 21288 | 10.2.6.14 CryptEndCommit() |
| 21289 | |
| 21290 | This function is called when the signing operation using the committed value is completed. It clears the |
| 21291 | gr.commitArray bit associated with the count value so that it can't be used again. |
| 21292 | |
| 21293 | 1280 void |
| 21294 | 1281 CryptEndCommit( |
| 21295 | 1282 UINT16 c // IN: the counter value of the commitment |
| 21296 | 1283 ) |
| 21297 | 1284 { |
| 21298 | 1285 BitClear((c & COMMIT_INDEX_MASK), gr.commitArray, sizeof(gr.commitArray)); |
| 21299 | 1286 } |
| 21300 | |
| 21301 | |
| 21302 | 10.2.6.15 CryptCommitCompute() |
| 21303 | |
| 21304 | This function performs the computations for the TPM2_Commit() command. This could be a macro. |
| 21305 | |
| 21306 | Error Returns Meaning |
| 21307 | |
| 21308 | TPM_RC_NO_RESULT K, L, or E is the point at infinity |
| 21309 | TPM_RC_CANCELLED command was canceled |
| 21310 | |
| 21311 | 1287 TPM_RC |
| 21312 | 1288 CryptCommitCompute( |
| 21313 | 1289 TPMS_ECC_POINT *K, // OUT: [d]B |
| 21314 | 1290 TPMS_ECC_POINT *L, // OUT: [r]B |
| 21315 | 1291 TPMS_ECC_POINT *E, // OUT: [r]M |
| 21316 | 1292 TPM_ECC_CURVE curveID, // IN: The curve for the computation |
| 21317 | 1293 TPMS_ECC_POINT *M, // IN: M (P1) |
| 21318 | 1294 TPMS_ECC_POINT *B, // IN: B (x2, y2) |
| 21319 | 1295 TPM2B_ECC_PARAMETER *d, // IN: the private scalar |
| 21320 | 1296 TPM2B_ECC_PARAMETER *r // IN: the computed r value |
| 21321 | 1297 ) |
| 21322 | 1298 { |
| 21323 | 1299 TEST(ALG_ECDH_VALUE); |
| 21324 | 1300 // CRYPT_NO_RESULT->TPM_RC_NO_RESULT CRYPT_CANCEL->TPM_RC_CANCELLED |
| 21325 | 1301 return TranslateCryptErrors( |
| 21326 | 1302 _cpri__EccCommitCompute(K, L , E, curveID, M, B, d, r)); |
| 21327 | 1303 } |
| 21328 | |
| 21329 | |
| 21330 | |
| 21331 | |
| 21332 | Family "2.0" TCG Published Page 301 |
| 21333 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 21334 | Trusted Platform Module Library Part 4: Supporting Routines |
| 21335 | |
| 21336 | 10.2.6.16 CryptEccGetParameters() |
| 21337 | |
| 21338 | This function returns the ECC parameter details of the given curve |
| 21339 | |
| 21340 | Return Value Meaning |
| 21341 | |
| 21342 | TRUE Get parameters success |
| 21343 | FALSE Unsupported ECC curve ID |
| 21344 | |
| 21345 | 1304 BOOL |
| 21346 | 1305 CryptEccGetParameters( |
| 21347 | 1306 TPM_ECC_CURVE curveId, // IN: ECC curve ID |
| 21348 | 1307 TPMS_ALGORITHM_DETAIL_ECC *parameters // OUT: ECC parameter |
| 21349 | 1308 ) |
| 21350 | 1309 { |
| 21351 | 1310 const ECC_CURVE *curve = _cpri__EccGetParametersByCurveId(curveId); |
| 21352 | 1311 const ECC_CURVE_DATA *data; |
| 21353 | 1312 BOOL found = curve != NULL; |
| 21354 | 1313 |
| 21355 | 1314 if(found) |
| 21356 | 1315 { |
| 21357 | 1316 |
| 21358 | 1317 data = curve->curveData; |
| 21359 | 1318 |
| 21360 | 1319 parameters->curveID = curve->curveId; |
| 21361 | 1320 |
| 21362 | 1321 // Key size in bit |
| 21363 | 1322 parameters->keySize = curve->keySizeBits; |
| 21364 | 1323 |
| 21365 | 1324 // KDF |
| 21366 | 1325 parameters->kdf = curve->kdf; |
| 21367 | 1326 |
| 21368 | 1327 // Sign |
| 21369 | 1328 parameters->sign = curve->sign; |
| 21370 | 1329 |
| 21371 | 1330 // Copy p value |
| 21372 | 1331 MemoryCopy2B(¶meters->p.b, data->p, sizeof(parameters->p.t.buffer)); |
| 21373 | 1332 |
| 21374 | 1333 // Copy a value |
| 21375 | 1334 MemoryCopy2B(¶meters->a.b, data->a, sizeof(parameters->a.t.buffer)); |
| 21376 | 1335 |
| 21377 | 1336 // Copy b value |
| 21378 | 1337 MemoryCopy2B(¶meters->b.b, data->b, sizeof(parameters->b.t.buffer)); |
| 21379 | 1338 |
| 21380 | 1339 // Copy Gx value |
| 21381 | 1340 MemoryCopy2B(¶meters->gX.b, data->x, sizeof(parameters->gX.t.buffer)); |
| 21382 | 1341 |
| 21383 | 1342 // Copy Gy value |
| 21384 | 1343 MemoryCopy2B(¶meters->gY.b, data->y, sizeof(parameters->gY.t.buffer)); |
| 21385 | 1344 |
| 21386 | 1345 // Copy n value |
| 21387 | 1346 MemoryCopy2B(¶meters->n.b, data->n, sizeof(parameters->n.t.buffer)); |
| 21388 | 1347 |
| 21389 | 1348 // Copy h value |
| 21390 | 1349 MemoryCopy2B(¶meters->h.b, data->h, sizeof(parameters->h.t.buffer)); |
| 21391 | 1350 } |
| 21392 | 1351 return found; |
| 21393 | 1352 } |
| 21394 | 1353 #if CC_ZGen_2Phase == YES |
| 21395 | |
| 21396 | CryptEcc2PhaseKeyExchange() This is the interface to the key exchange function. |
| 21397 | |
| 21398 | 1354 TPM_RC |
| 21399 | 1355 CryptEcc2PhaseKeyExchange( |
| 21400 | |
| 21401 | Page 302 TCG Published Family "2.0" |
| 21402 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 21403 | Part 4: Supporting Routines Trusted Platform Module Library |
| 21404 | |
| 21405 | 1356 TPMS_ECC_POINT *outZ1, // OUT: the computed point |
| 21406 | 1357 TPMS_ECC_POINT *outZ2, // OUT: optional second point |
| 21407 | 1358 TPM_ALG_ID scheme, // IN: the key exchange scheme |
| 21408 | 1359 TPM_ECC_CURVE curveId, // IN: the curve for the computation |
| 21409 | 1360 TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key |
| 21410 | 1361 TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key |
| 21411 | 1362 TPMS_ECC_POINT *QsB, // IN: static public party B key |
| 21412 | 1363 TPMS_ECC_POINT *QeB // IN: ephemeral public party B key |
| 21413 | 1364 ) |
| 21414 | 1365 { |
| 21415 | 1366 return (TranslateCryptErrors(_cpri__C_2_2_KeyExchange(outZ1, |
| 21416 | 1367 outZ2, |
| 21417 | 1368 scheme, |
| 21418 | 1369 curveId, |
| 21419 | 1370 dsA, |
| 21420 | 1371 deA, |
| 21421 | 1372 QsB, |
| 21422 | 1373 QeB))); |
| 21423 | 1374 } |
| 21424 | 1375 #endif // CC_ZGen_2Phase |
| 21425 | 1376 #endif //TPM_ALG_ECC //% 3 |
| 21426 | |
| 21427 | |
| 21428 | 10.2.6.17 CryptIsSchemeAnonymous() |
| 21429 | |
| 21430 | This function is used to test a scheme to see if it is an anonymous scheme The only anonymous scheme |
| 21431 | is ECDAA. ECDAA can be used to do things like U-Prove. |
| 21432 | |
| 21433 | 1377 BOOL |
| 21434 | 1378 CryptIsSchemeAnonymous( |
| 21435 | 1379 TPM_ALG_ID scheme // IN: the scheme algorithm to test |
| 21436 | 1380 ) |
| 21437 | 1381 { |
| 21438 | 1382 #ifdef TPM_ALG_ECDAA |
| 21439 | 1383 return (scheme == TPM_ALG_ECDAA); |
| 21440 | 1384 #else |
| 21441 | 1385 UNREFERENCED(scheme); |
| 21442 | 1386 return 0; |
| 21443 | 1387 #endif |
| 21444 | 1388 } |
| 21445 | |
| 21446 | |
| 21447 | 10.2.7 Symmetric Functions |
| 21448 | |
| 21449 | 10.2.7.1 ParmDecryptSym() |
| 21450 | |
| 21451 | This function performs parameter decryption using symmetric block cipher. |
| 21452 | |
| 21453 | 1389 void |
| 21454 | 1390 ParmDecryptSym( |
| 21455 | 1391 TPM_ALG_ID symAlg, // IN: the symmetric algorithm |
| 21456 | 1392 TPM_ALG_ID hash, // IN: hash algorithm for KDFa |
| 21457 | 1393 UINT16 keySizeInBits, // IN: key key size in bit |
| 21458 | 1394 TPM2B *key, // IN: KDF HMAC key |
| 21459 | 1395 TPM2B *nonceCaller, // IN: nonce caller |
| 21460 | 1396 TPM2B *nonceTpm, // IN: nonce TPM |
| 21461 | 1397 UINT32 dataSize, // IN: size of parameter buffer |
| 21462 | 1398 BYTE *data // OUT: buffer to be decrypted |
| 21463 | 1399 ) |
| 21464 | 1400 { |
| 21465 | 1401 // KDF output buffer |
| 21466 | 1402 // It contains parameters for the CFB encryption |
| 21467 | 1403 // From MSB to LSB, they are the key and iv |
| 21468 | 1404 BYTE symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; |
| 21469 | |
| 21470 | Family "2.0" TCG Published Page 303 |
| 21471 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 21472 | Trusted Platform Module Library Part 4: Supporting Routines |
| 21473 | |
| 21474 | 1405 // Symmetric key size in byte |
| 21475 | 1406 UINT16 keySize = (keySizeInBits + 7) / 8; |
| 21476 | 1407 TPM2B_IV iv; |
| 21477 | 1408 |
| 21478 | 1409 iv.t.size = CryptGetSymmetricBlockSize(symAlg, keySizeInBits); |
| 21479 | 1410 // If there is decryption to do... |
| 21480 | 1411 if(iv.t.size > 0) |
| 21481 | 1412 { |
| 21482 | 1413 // Generate key and iv |
| 21483 | 1414 CryptKDFa(hash, key, "CFB", nonceCaller, nonceTpm, |
| 21484 | 1415 keySizeInBits + (iv.t.size * 8), symParmString, NULL); |
| 21485 | 1416 MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size, |
| 21486 | 1417 sizeof(iv.t.buffer)); |
| 21487 | 1418 |
| 21488 | 1419 CryptSymmetricDecrypt(data, symAlg, keySizeInBits, TPM_ALG_CFB, |
| 21489 | 1420 symParmString, &iv, dataSize, data); |
| 21490 | 1421 } |
| 21491 | 1422 return; |
| 21492 | 1423 } |
| 21493 | |
| 21494 | |
| 21495 | 10.2.7.2 ParmEncryptSym() |
| 21496 | |
| 21497 | This function performs parameter encryption using symmetric block cipher. |
| 21498 | |
| 21499 | 1424 void |
| 21500 | 1425 ParmEncryptSym( |
| 21501 | 1426 TPM_ALG_ID symAlg, // IN: symmetric algorithm |
| 21502 | 1427 TPM_ALG_ID hash, // IN: hash algorithm for KDFa |
| 21503 | 1428 UINT16 keySizeInBits, // IN: AES key size in bit |
| 21504 | 1429 TPM2B *key, // IN: KDF HMAC key |
| 21505 | 1430 TPM2B *nonceCaller, // IN: nonce caller |
| 21506 | 1431 TPM2B *nonceTpm, // IN: nonce TPM |
| 21507 | 1432 UINT32 dataSize, // IN: size of parameter buffer |
| 21508 | 1433 BYTE *data // OUT: buffer to be encrypted |
| 21509 | 1434 ) |
| 21510 | 1435 { |
| 21511 | 1436 // KDF output buffer |
| 21512 | 1437 // It contains parameters for the CFB encryption |
| 21513 | 1438 BYTE symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; |
| 21514 | 1439 |
| 21515 | 1440 // Symmetric key size in bytes |
| 21516 | 1441 UINT16 keySize = (keySizeInBits + 7) / 8; |
| 21517 | 1442 |
| 21518 | 1443 TPM2B_IV iv; |
| 21519 | 1444 |
| 21520 | 1445 iv.t.size = CryptGetSymmetricBlockSize(symAlg, keySizeInBits); |
| 21521 | 1446 // See if there is any encryption to do |
| 21522 | 1447 if(iv.t.size > 0) |
| 21523 | 1448 { |
| 21524 | 1449 // Generate key and iv |
| 21525 | 1450 CryptKDFa(hash, key, "CFB", nonceTpm, nonceCaller, |
| 21526 | 1451 keySizeInBits + (iv.t.size * 8), symParmString, NULL); |
| 21527 | 1452 |
| 21528 | 1453 MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size, |
| 21529 | 1454 sizeof(iv.t.buffer)); |
| 21530 | 1455 |
| 21531 | 1456 CryptSymmetricEncrypt(data, symAlg, keySizeInBits, TPM_ALG_CFB, |
| 21532 | 1457 symParmString, &iv, dataSize, data); |
| 21533 | 1458 } |
| 21534 | 1459 return; |
| 21535 | 1460 } |
| 21536 | |
| 21537 | |
| 21538 | |
| 21539 | |
| 21540 | Page 304 TCG Published Family "2.0" |
| 21541 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 21542 | Part 4: Supporting Routines Trusted Platform Module Library |
| 21543 | |
| 21544 | 10.2.7.3 CryptGenerateNewSymmetric() |
| 21545 | |
| 21546 | This function creates the sensitive symmetric values for an HMAC or symmetric key. If the sensitive area |
| 21547 | is zero, then the sensitive creation key data is copied. If it is not zero, then the TPM will generate a |
| 21548 | random value of the selected size. |
| 21549 | |
| 21550 | 1461 void |
| 21551 | 1462 CryptGenerateNewSymmetric( |
| 21552 | 1463 TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data |
| 21553 | 1464 TPMT_SENSITIVE *sensitive, // OUT: sensitive area |
| 21554 | 1465 TPM_ALG_ID hashAlg, // IN: hash algorithm for the KDF |
| 21555 | 1466 TPM2B_SEED *seed, // IN: seed used in creation |
| 21556 | 1467 TPM2B_NAME *name // IN: name of the object |
| 21557 | 1468 ) |
| 21558 | 1469 { |
| 21559 | 1470 // This function is called to create a key and obfuscation value for a |
| 21560 | 1471 // symmetric key that can either be a block cipher or an XOR key. The buffer |
| 21561 | 1472 // in sensitive->sensitive will hold either. When we call the function |
| 21562 | 1473 // to copy the input value or generated value to the sensitive->sensitive |
| 21563 | 1474 // buffer we will need to have a size for the output buffer. This define |
| 21564 | 1475 // computes the maximum that it might need to be and uses that. It will always |
| 21565 | 1476 // be smaller than the largest value that will fit. |
| 21566 | 1477 #define MAX_SENSITIVE_SIZE \ |
| 21567 | 1478 (MAX(sizeof(sensitive->sensitive.bits.t.buffer), \ |
| 21568 | 1479 sizeof(sensitive->sensitive.sym.t.buffer))) |
| 21569 | 1480 |
| 21570 | 1481 // set the size of the obfuscation value |
| 21571 | 1482 sensitive->seedValue.t.size = CryptGetHashDigestSize(hashAlg); |
| 21572 | 1483 |
| 21573 | 1484 // If the input sensitive size is zero, then create both the sensitive data |
| 21574 | 1485 // and the obfuscation value |
| 21575 | 1486 if(sensitiveCreate->data.t.size == 0) |
| 21576 | 1487 { |
| 21577 | 1488 BYTE symValues[MAX(MAX_DIGEST_SIZE, MAX_SYM_KEY_BYTES) |
| 21578 | 1489 + MAX_DIGEST_SIZE]; |
| 21579 | 1490 UINT16 requestSize; |
| 21580 | 1491 |
| 21581 | 1492 // Set the size of the request to be the size of the key and the |
| 21582 | 1493 // obfuscation value |
| 21583 | 1494 requestSize = sensitive->sensitive.sym.t.size |
| 21584 | 1495 + sensitive->seedValue.t.size; |
| 21585 | 1496 pAssert(requestSize <= sizeof(symValues)); |
| 21586 | 1497 |
| 21587 | 1498 requestSize = _cpri__GenerateSeededRandom(requestSize, symValues, hashAlg, |
| 21588 | 1499 &seed->b, |
| 21589 | 1500 "symmetric sensitive", &name->b, |
| 21590 | 1501 NULL); |
| 21591 | 1502 pAssert(requestSize != 0); |
| 21592 | 1503 |
| 21593 | 1504 // Copy the new key |
| 21594 | 1505 MemoryCopy(sensitive->sensitive.sym.t.buffer, |
| 21595 | 1506 symValues, sensitive->sensitive.sym.t.size, |
| 21596 | 1507 MAX_SENSITIVE_SIZE); |
| 21597 | 1508 |
| 21598 | 1509 // copy the obfuscation value |
| 21599 | 1510 MemoryCopy(sensitive->seedValue.t.buffer, |
| 21600 | 1511 &symValues[sensitive->sensitive.sym.t.size], |
| 21601 | 1512 sensitive->seedValue.t.size, |
| 21602 | 1513 sizeof(sensitive->seedValue.t.buffer)); |
| 21603 | 1514 } |
| 21604 | 1515 else |
| 21605 | 1516 { |
| 21606 | 1517 // Copy input symmetric key to sensitive area as long as it will fit |
| 21607 | 1518 MemoryCopy2B(&sensitive->sensitive.sym.b, &sensitiveCreate->data.b, |
| 21608 | 1519 MAX_SENSITIVE_SIZE); |
| 21609 | |
| 21610 | Family "2.0" TCG Published Page 305 |
| 21611 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 21612 | Trusted Platform Module Library Part 4: Supporting Routines |
| 21613 | |
| 21614 | 1520 |
| 21615 | 1521 // Create the obfuscation value |
| 21616 | 1522 _cpri__GenerateSeededRandom(sensitive->seedValue.t.size, |
| 21617 | 1523 sensitive->seedValue.t.buffer, |
| 21618 | 1524 hashAlg, &seed->b, |
| 21619 | 1525 "symmetric obfuscation", &name->b, NULL); |
| 21620 | 1526 } |
| 21621 | 1527 return; |
| 21622 | 1528 } |
| 21623 | |
| 21624 | |
| 21625 | 10.2.7.4 CryptGenerateKeySymmetric() |
| 21626 | |
| 21627 | This function derives a symmetric cipher key from the provided seed. |
| 21628 | |
| 21629 | Error Returns Meaning |
| 21630 | |
| 21631 | TPM_RC_KEY_SIZE key size in the public area does not match the size in the sensitive |
| 21632 | creation area |
| 21633 | |
| 21634 | 1529 static TPM_RC |
| 21635 | 1530 CryptGenerateKeySymmetric( |
| 21636 | 1531 TPMT_PUBLIC *publicArea, // IN/OUT: The public area template |
| 21637 | 1532 // for the new key. |
| 21638 | 1533 TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data |
| 21639 | 1534 TPMT_SENSITIVE *sensitive, // OUT: sensitive area |
| 21640 | 1535 TPM_ALG_ID hashAlg, // IN: hash algorithm for the KDF |
| 21641 | 1536 TPM2B_SEED *seed, // IN: seed used in creation |
| 21642 | 1537 TPM2B_NAME *name // IN: name of the object |
| 21643 | 1538 ) |
| 21644 | 1539 { |
| 21645 | 1540 // If this is not a new key, then the provided key data must be the right size |
| 21646 | 1541 if(publicArea->objectAttributes.sensitiveDataOrigin == CLEAR) |
| 21647 | 1542 { |
| 21648 | 1543 if( (sensitiveCreate->data.t.size * 8) |
| 21649 | 1544 != publicArea->parameters.symDetail.sym.keyBits.sym) |
| 21650 | 1545 return TPM_RC_KEY_SIZE; |
| 21651 | 1546 // Make sure that the key size is OK. |
| 21652 | 1547 // This implementation only supports symmetric key sizes that are |
| 21653 | 1548 // multiples of 8 |
| 21654 | 1549 if(publicArea->parameters.symDetail.sym.keyBits.sym % 8 != 0) |
| 21655 | 1550 return TPM_RC_KEY_SIZE; |
| 21656 | 1551 } |
| 21657 | 1552 else |
| 21658 | 1553 { |
| 21659 | 1554 // TPM is going to generate the key so set the size |
| 21660 | 1555 sensitive->sensitive.sym.t.size |
| 21661 | 1556 = publicArea->parameters.symDetail.sym.keyBits.sym / 8; |
| 21662 | 1557 sensitiveCreate->data.t.size = 0; |
| 21663 | 1558 } |
| 21664 | 1559 // Fill in the sensitive area |
| 21665 | 1560 CryptGenerateNewSymmetric(sensitiveCreate, sensitive, hashAlg, |
| 21666 | 1561 seed, name); |
| 21667 | 1562 |
| 21668 | 1563 // Create unique area in public |
| 21669 | 1564 CryptComputeSymmetricUnique(publicArea->nameAlg, |
| 21670 | 1565 sensitive, &publicArea->unique.sym); |
| 21671 | 1566 |
| 21672 | 1567 return TPM_RC_SUCCESS; |
| 21673 | 1568 } |
| 21674 | |
| 21675 | |
| 21676 | |
| 21677 | |
| 21678 | Page 306 TCG Published Family "2.0" |
| 21679 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 21680 | Part 4: Supporting Routines Trusted Platform Module Library |
| 21681 | |
| 21682 | 10.2.7.5 CryptXORObfuscation() |
| 21683 | |
| 21684 | This function implements XOR obfuscation. It should not be called if the hash algorithm is not |
| 21685 | implemented. The only return value from this function is TPM_RC_SUCCESS. |
| 21686 | |
| 21687 | 1569 #ifdef TPM_ALG_KEYEDHASH //% 5 |
| 21688 | 1570 void |
| 21689 | 1571 CryptXORObfuscation( |
| 21690 | 1572 TPM_ALG_ID hash, // IN: hash algorithm for KDF |
| 21691 | 1573 TPM2B *key, // IN: KDF key |
| 21692 | 1574 TPM2B *contextU, // IN: contextU |
| 21693 | 1575 TPM2B *contextV, // IN: contextV |
| 21694 | 1576 UINT32 dataSize, // IN: size of data buffer |
| 21695 | 1577 BYTE *data // IN/OUT: data to be XORed in place |
| 21696 | 1578 ) |
| 21697 | 1579 { |
| 21698 | 1580 BYTE mask[MAX_DIGEST_SIZE]; // Allocate a digest sized buffer |
| 21699 | 1581 BYTE *pm; |
| 21700 | 1582 UINT32 i; |
| 21701 | 1583 UINT32 counter = 0; |
| 21702 | 1584 UINT16 hLen = CryptGetHashDigestSize(hash); |
| 21703 | 1585 UINT32 requestSize = dataSize * 8; |
| 21704 | 1586 INT32 remainBytes = (INT32) dataSize; |
| 21705 | 1587 |
| 21706 | 1588 pAssert((key != NULL) && (data != NULL) && (hLen != 0)); |
| 21707 | 1589 |
| 21708 | 1590 // Call KDFa to generate XOR mask |
| 21709 | 1591 for(; remainBytes > 0; remainBytes -= hLen) |
| 21710 | 1592 { |
| 21711 | 1593 // Make a call to KDFa to get next iteration |
| 21712 | 1594 CryptKDFaOnce(hash, key, "XOR", contextU, contextV, |
| 21713 | 1595 requestSize, mask, &counter); |
| 21714 | 1596 |
| 21715 | 1597 // XOR next piece of the data |
| 21716 | 1598 pm = mask; |
| 21717 | 1599 for(i = hLen < remainBytes ? hLen : remainBytes; i > 0; i--) |
| 21718 | 1600 *data++ ^= *pm++; |
| 21719 | 1601 } |
| 21720 | 1602 return; |
| 21721 | 1603 } |
| 21722 | 1604 #endif //TPM_ALG_KEYED_HASH //%5 |
| 21723 | |
| 21724 | |
| 21725 | 10.2.8 Initialization and shut down |
| 21726 | |
| 21727 | 10.2.8.1 CryptInitUnits() |
| 21728 | |
| 21729 | This function is called when the TPM receives a _TPM_Init() indication. After function returns, the hash |
| 21730 | algorithms should be available. |
| 21731 | |
| 21732 | NOTE: The hash algorithms do not have to be tested, they just need to be available. They have to be tested before the |
| 21733 | TPM can accept HMAC authorization or return any result that relies on a hash algorithm. |
| 21734 | |
| 21735 | 1605 void |
| 21736 | 1606 CryptInitUnits( |
| 21737 | 1607 void |
| 21738 | 1608 ) |
| 21739 | 1609 { |
| 21740 | 1610 // Initialize the vector of implemented algorithms |
| 21741 | 1611 AlgorithmGetImplementedVector(&g_implementedAlgorithms); |
| 21742 | 1612 |
| 21743 | 1613 // Indicate that all test are necessary |
| 21744 | 1614 CryptInitializeToTest(); |
| 21745 | |
| 21746 | |
| 21747 | Family "2.0" TCG Published Page 307 |
| 21748 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 21749 | Trusted Platform Module Library Part 4: Supporting Routines |
| 21750 | |
| 21751 | 1615 |
| 21752 | 1616 // Call crypto engine unit initialization |
| 21753 | 1617 // It is assumed that crypt engine initialization should always succeed. |
| 21754 | 1618 // Otherwise, TPM should go to failure mode. |
| 21755 | 1619 if(_cpri__InitCryptoUnits(&TpmFail) != CRYPT_SUCCESS) |
| 21756 | 1620 FAIL(FATAL_ERROR_INTERNAL); |
| 21757 | 1621 return; |
| 21758 | 1622 } |
| 21759 | |
| 21760 | |
| 21761 | 10.2.8.2 CryptStopUnits() |
| 21762 | |
| 21763 | This function is only used in a simulated environment. There should be no reason to shut down the |
| 21764 | cryptography on an actual TPM other than loss of power. After receiving TPM2_Startup(), the TPM should |
| 21765 | be able to accept commands until it loses power and, unless the TPM is in Failure Mode, the |
| 21766 | cryptographic algorithms should be available. |
| 21767 | |
| 21768 | 1623 void |
| 21769 | 1624 CryptStopUnits( |
| 21770 | 1625 void |
| 21771 | 1626 ) |
| 21772 | 1627 { |
| 21773 | 1628 // Call crypto engine unit stopping |
| 21774 | 1629 _cpri__StopCryptoUnits(); |
| 21775 | 1630 |
| 21776 | 1631 return; |
| 21777 | 1632 } |
| 21778 | |
| 21779 | |
| 21780 | 10.2.8.3 CryptUtilStartup() |
| 21781 | |
| 21782 | This function is called by TPM2_Startup() to initialize the functions in this crypto library and in the |
| 21783 | provided CryptoEngine(). In this implementation, the only initialization required in this library is |
| 21784 | initialization of the Commit nonce on TPM Reset. |
| 21785 | This function returns false if some problem prevents the functions from starting correctly. The TPM should |
| 21786 | go into failure mode. |
| 21787 | |
| 21788 | 1633 BOOL |
| 21789 | 1634 CryptUtilStartup( |
| 21790 | 1635 STARTUP_TYPE type // IN: the startup type |
| 21791 | 1636 ) |
| 21792 | 1637 { |
| 21793 | 1638 // Make sure that the crypto library functions are ready. |
| 21794 | 1639 // NOTE: need to initialize the crypto before loading |
| 21795 | 1640 // the RND state may trigger a self-test which |
| 21796 | 1641 // uses the |
| 21797 | 1642 if( !_cpri__Startup()) |
| 21798 | 1643 return FALSE; |
| 21799 | 1644 |
| 21800 | 1645 // Initialize the state of the RNG. |
| 21801 | 1646 CryptDrbgGetPutState(PUT_STATE); |
| 21802 | 1647 |
| 21803 | 1648 if(type == SU_RESET) |
| 21804 | 1649 { |
| 21805 | 1650 #ifdef TPM_ALG_ECC |
| 21806 | 1651 // Get a new random commit nonce |
| 21807 | 1652 gr.commitNonce.t.size = sizeof(gr.commitNonce.t.buffer); |
| 21808 | 1653 _cpri__GenerateRandom(gr.commitNonce.t.size, gr.commitNonce.t.buffer); |
| 21809 | 1654 // Reset the counter and commit array |
| 21810 | 1655 gr.commitCounter = 0; |
| 21811 | 1656 MemorySet(gr.commitArray, 0, sizeof(gr.commitArray)); |
| 21812 | 1657 #endif // TPM_ALG_ECC |
| 21813 | 1658 } |
| 21814 | |
| 21815 | Page 308 TCG Published Family "2.0" |
| 21816 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 21817 | Part 4: Supporting Routines Trusted Platform Module Library |
| 21818 | |
| 21819 | 1659 |
| 21820 | 1660 // If the shutdown was orderly, then the values recovered from NV will |
| 21821 | 1661 // be OK to use. If the shutdown was not orderly, then a TPM Reset was required |
| 21822 | 1662 // and we would have initialized in the code above. |
| 21823 | 1663 |
| 21824 | 1664 return TRUE; |
| 21825 | 1665 } |
| 21826 | |
| 21827 | |
| 21828 | 10.2.9 Algorithm-Independent Functions |
| 21829 | |
| 21830 | 10.2.9.1 Introduction |
| 21831 | |
| 21832 | These functions are used generically when a function of a general type (e.g., symmetric encryption) is |
| 21833 | required. The functions will modify the parameters as required to interface to the indicated algorithms. |
| 21834 | |
| 21835 | 10.2.9.2 CryptIsAsymAlgorithm() |
| 21836 | |
| 21837 | This function indicates if an algorithm is an asymmetric algorithm. |
| 21838 | |
| 21839 | Return Value Meaning |
| 21840 | |
| 21841 | TRUE if it is an asymmetric algorithm |
| 21842 | FALSE if it is not an asymmetric algorithm |
| 21843 | |
| 21844 | 1666 BOOL |
| 21845 | 1667 CryptIsAsymAlgorithm( |
| 21846 | 1668 TPM_ALG_ID algID // IN: algorithm ID |
| 21847 | 1669 ) |
| 21848 | 1670 { |
| 21849 | 1671 return ( |
| 21850 | 1672 #ifdef TPM_ALG_RSA |
| 21851 | 1673 algID == TPM_ALG_RSA |
| 21852 | 1674 #endif |
| 21853 | 1675 #if defined TPM_ALG_RSA && defined TPM_ALG_ECC |
| 21854 | 1676 || |
| 21855 | 1677 #endif |
| 21856 | 1678 #ifdef TPM_ALG_ECC |
| 21857 | 1679 algID == TPM_ALG_ECC |
| 21858 | 1680 #endif |
| 21859 | 1681 ); |
| 21860 | 1682 } |
| 21861 | |
| 21862 | |
| 21863 | 10.2.9.3 CryptGetSymmetricBlockSize() |
| 21864 | |
| 21865 | This function returns the size in octets of the symmetric encryption block used by an algorithm and key |
| 21866 | size combination. |
| 21867 | |
| 21868 | 1683 INT16 |
| 21869 | 1684 CryptGetSymmetricBlockSize( |
| 21870 | 1685 TPMI_ALG_SYM algorithm, // IN: symmetric algorithm |
| 21871 | 1686 UINT16 keySize // IN: key size in bit |
| 21872 | 1687 ) |
| 21873 | 1688 { |
| 21874 | 1689 return _cpri__GetSymmetricBlockSize(algorithm, keySize); |
| 21875 | 1690 } |
| 21876 | |
| 21877 | |
| 21878 | |
| 21879 | |
| 21880 | Family "2.0" TCG Published Page 309 |
| 21881 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 21882 | Trusted Platform Module Library Part 4: Supporting Routines |
| 21883 | |
| 21884 | 10.2.9.4 CryptSymmetricEncrypt() |
| 21885 | |
| 21886 | This function does in-place encryption of a buffer using the indicated symmetric algorithm, key, IV, and |
| 21887 | mode. If the symmetric algorithm and mode are not defined, the TPM will fail. |
| 21888 | |
| 21889 | 1691 void |
| 21890 | 1692 CryptSymmetricEncrypt( |
| 21891 | 1693 BYTE *encrypted, // OUT: the encrypted data |
| 21892 | 1694 TPM_ALG_ID algorithm, // IN: algorithm for encryption |
| 21893 | 1695 UINT16 keySizeInBits, // IN: key size in bit |
| 21894 | 1696 TPMI_ALG_SYM_MODE mode, // IN: symmetric encryption mode |
| 21895 | 1697 BYTE *key, // IN: encryption key |
| 21896 | 1698 TPM2B_IV *ivIn, // IN/OUT: Input IV and output chaining |
| 21897 | 1699 // value for the next block |
| 21898 | 1700 UINT32 dataSize, // IN: data size in byte |
| 21899 | 1701 BYTE *data // IN/OUT: data buffer |
| 21900 | 1702 ) |
| 21901 | 1703 { |
| 21902 | 1704 |
| 21903 | 1705 TPM2B_IV defaultIv = {0}; |
| 21904 | 1706 TPM2B_IV *iv = (ivIn != NULL) ? ivIn : &defaultIv; |
| 21905 | 1707 |
| 21906 | 1708 TEST(algorithm); |
| 21907 | 1709 |
| 21908 | 1710 pAssert(encrypted != NULL && key != NULL); |
| 21909 | 1711 |
| 21910 | 1712 // this check can pass but the case below can fail. ALG_xx_VALUE values are |
| 21911 | 1713 // defined for all algorithms but the TPM_ALG_xx might not be. |
| 21912 | 1714 if(algorithm == ALG_AES_VALUE || algorithm == ALG_SM4_VALUE) |
| 21913 | 1715 { |
| 21914 | 1716 if(mode != TPM_ALG_ECB) |
| 21915 | 1717 defaultIv.t.size = 16; |
| 21916 | 1718 // A provided IV has to be the right size |
| 21917 | 1719 pAssert(mode == TPM_ALG_ECB || iv->t.size == 16); |
| 21918 | 1720 } |
| 21919 | 1721 switch(algorithm) |
| 21920 | 1722 { |
| 21921 | 1723 #ifdef TPM_ALG_AES |
| 21922 | 1724 case TPM_ALG_AES: |
| 21923 | 1725 { |
| 21924 | 1726 switch (mode) |
| 21925 | 1727 { |
| 21926 | 1728 case TPM_ALG_CTR: |
| 21927 | 1729 _cpri__AESEncryptCTR(encrypted, keySizeInBits, key, |
| 21928 | 1730 iv->t.buffer, dataSize, data); |
| 21929 | 1731 break; |
| 21930 | 1732 case TPM_ALG_OFB: |
| 21931 | 1733 _cpri__AESEncryptOFB(encrypted, keySizeInBits, key, |
| 21932 | 1734 iv->t.buffer, dataSize, data); |
| 21933 | 1735 break; |
| 21934 | 1736 case TPM_ALG_CBC: |
| 21935 | 1737 _cpri__AESEncryptCBC(encrypted, keySizeInBits, key, |
| 21936 | 1738 iv->t.buffer, dataSize, data); |
| 21937 | 1739 break; |
| 21938 | 1740 case TPM_ALG_CFB: |
| 21939 | 1741 _cpri__AESEncryptCFB(encrypted, keySizeInBits, key, |
| 21940 | 1742 iv->t.buffer, dataSize, data); |
| 21941 | 1743 break; |
| 21942 | 1744 case TPM_ALG_ECB: |
| 21943 | 1745 _cpri__AESEncryptECB(encrypted, keySizeInBits, key, |
| 21944 | 1746 dataSize, data); |
| 21945 | 1747 break; |
| 21946 | 1748 default: |
| 21947 | 1749 pAssert(0); |
| 21948 | 1750 } |
| 21949 | |
| 21950 | Page 310 TCG Published Family "2.0" |
| 21951 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 21952 | Part 4: Supporting Routines Trusted Platform Module Library |
| 21953 | |
| 21954 | 1751 } |
| 21955 | 1752 break; |
| 21956 | 1753 #endif |
| 21957 | 1754 #ifdef TPM_ALG_SM4 |
| 21958 | 1755 case TPM_ALG_SM4: |
| 21959 | 1756 { |
| 21960 | 1757 switch (mode) |
| 21961 | 1758 { |
| 21962 | 1759 case TPM_ALG_CTR: |
| 21963 | 1760 _cpri__SM4EncryptCTR(encrypted, keySizeInBits, key, |
| 21964 | 1761 iv->t.buffer, dataSize, data); |
| 21965 | 1762 break; |
| 21966 | 1763 case TPM_ALG_OFB: |
| 21967 | 1764 _cpri__SM4EncryptOFB(encrypted, keySizeInBits, key, |
| 21968 | 1765 iv->t.buffer, dataSize, data); |
| 21969 | 1766 break; |
| 21970 | 1767 case TPM_ALG_CBC: |
| 21971 | 1768 _cpri__SM4EncryptCBC(encrypted, keySizeInBits, key, |
| 21972 | 1769 iv->t.buffer, dataSize, data); |
| 21973 | 1770 break; |
| 21974 | 1771 |
| 21975 | 1772 case TPM_ALG_CFB: |
| 21976 | 1773 _cpri__SM4EncryptCFB(encrypted, keySizeInBits, key, |
| 21977 | 1774 iv->t.buffer, dataSize, data); |
| 21978 | 1775 break; |
| 21979 | 1776 case TPM_ALG_ECB: |
| 21980 | 1777 _cpri__SM4EncryptECB(encrypted, keySizeInBits, key, |
| 21981 | 1778 dataSize, data); |
| 21982 | 1779 break; |
| 21983 | 1780 default: |
| 21984 | 1781 pAssert(0); |
| 21985 | 1782 } |
| 21986 | 1783 } |
| 21987 | 1784 break; |
| 21988 | 1785 |
| 21989 | 1786 #endif |
| 21990 | 1787 default: |
| 21991 | 1788 pAssert(FALSE); |
| 21992 | 1789 break; |
| 21993 | 1790 } |
| 21994 | 1791 |
| 21995 | 1792 return; |
| 21996 | 1793 |
| 21997 | 1794 } |
| 21998 | |
| 21999 | |
| 22000 | 10.2.9.5 CryptSymmetricDecrypt() |
| 22001 | |
| 22002 | This function does in-place decryption of a buffer using the indicated symmetric algorithm, key, IV, and |
| 22003 | mode. If the symmetric algorithm and mode are not defined, the TPM will fail. |
| 22004 | |
| 22005 | 1795 void |
| 22006 | 1796 CryptSymmetricDecrypt( |
| 22007 | 1797 BYTE *decrypted, |
| 22008 | 1798 TPM_ALG_ID algorithm, // IN: algorithm for encryption |
| 22009 | 1799 UINT16 keySizeInBits, // IN: key size in bit |
| 22010 | 1800 TPMI_ALG_SYM_MODE mode, // IN: symmetric encryption mode |
| 22011 | 1801 BYTE *key, // IN: encryption key |
| 22012 | 1802 TPM2B_IV *ivIn, // IN/OUT: IV for next block |
| 22013 | 1803 UINT32 dataSize, // IN: data size in byte |
| 22014 | 1804 BYTE *data // IN/OUT: data buffer |
| 22015 | 1805 ) |
| 22016 | 1806 { |
| 22017 | 1807 BYTE *iv = NULL; |
| 22018 | 1808 BYTE defaultIV[sizeof(TPMT_HA)]; |
| 22019 | |
| 22020 | Family "2.0" TCG Published Page 311 |
| 22021 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 22022 | Trusted Platform Module Library Part 4: Supporting Routines |
| 22023 | |
| 22024 | 1809 |
| 22025 | 1810 TEST(algorithm); |
| 22026 | 1811 |
| 22027 | 1812 if( |
| 22028 | 1813 #ifdef TPM_ALG_AES |
| 22029 | 1814 algorithm == TPM_ALG_AES |
| 22030 | 1815 #endif |
| 22031 | 1816 #if defined TPM_ALG_AES && defined TPM_ALG_SM4 |
| 22032 | 1817 || |
| 22033 | 1818 #endif |
| 22034 | 1819 #ifdef TPM_ALG_SM4 |
| 22035 | 1820 algorithm == TPM_ALG_SM4 |
| 22036 | 1821 #endif |
| 22037 | 1822 ) |
| 22038 | 1823 { |
| 22039 | 1824 // Both SM4 and AES have block size of 128 bits |
| 22040 | 1825 // If the iv is not provided, create a default of 0 |
| 22041 | 1826 if(ivIn == NULL) |
| 22042 | 1827 { |
| 22043 | 1828 // Initialize the default IV |
| 22044 | 1829 iv = defaultIV; |
| 22045 | 1830 MemorySet(defaultIV, 0, 16); |
| 22046 | 1831 } |
| 22047 | 1832 else |
| 22048 | 1833 { |
| 22049 | 1834 // A provided IV has to be the right size |
| 22050 | 1835 pAssert(mode == TPM_ALG_ECB || ivIn->t.size == 16); |
| 22051 | 1836 iv = &(ivIn->t.buffer[0]); |
| 22052 | 1837 } |
| 22053 | 1838 } |
| 22054 | 1839 |
| 22055 | 1840 switch(algorithm) |
| 22056 | 1841 { |
| 22057 | 1842 #ifdef TPM_ALG_AES |
| 22058 | 1843 case TPM_ALG_AES: |
| 22059 | 1844 { |
| 22060 | 1845 |
| 22061 | 1846 switch (mode) |
| 22062 | 1847 { |
| 22063 | 1848 case TPM_ALG_CTR: |
| 22064 | 1849 _cpri__AESDecryptCTR(decrypted, keySizeInBits, key, iv, |
| 22065 | 1850 dataSize, data); |
| 22066 | 1851 break; |
| 22067 | 1852 case TPM_ALG_OFB: |
| 22068 | 1853 _cpri__AESDecryptOFB(decrypted, keySizeInBits, key, iv, |
| 22069 | 1854 dataSize, data); |
| 22070 | 1855 break; |
| 22071 | 1856 case TPM_ALG_CBC: |
| 22072 | 1857 _cpri__AESDecryptCBC(decrypted, keySizeInBits, key, iv, |
| 22073 | 1858 dataSize, data); |
| 22074 | 1859 break; |
| 22075 | 1860 case TPM_ALG_CFB: |
| 22076 | 1861 _cpri__AESDecryptCFB(decrypted, keySizeInBits, key, iv, |
| 22077 | 1862 dataSize, data); |
| 22078 | 1863 break; |
| 22079 | 1864 case TPM_ALG_ECB: |
| 22080 | 1865 _cpri__AESDecryptECB(decrypted, keySizeInBits, key, |
| 22081 | 1866 dataSize, data); |
| 22082 | 1867 break; |
| 22083 | 1868 default: |
| 22084 | 1869 pAssert(0); |
| 22085 | 1870 } |
| 22086 | 1871 break; |
| 22087 | 1872 } |
| 22088 | 1873 #endif //TPM_ALG_AES |
| 22089 | 1874 #ifdef TPM_ALG_SM4 |
| 22090 | |
| 22091 | Page 312 TCG Published Family "2.0" |
| 22092 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 22093 | Part 4: Supporting Routines Trusted Platform Module Library |
| 22094 | |
| 22095 | 1875 case TPM_ALG_SM4 : |
| 22096 | 1876 switch (mode) |
| 22097 | 1877 { |
| 22098 | 1878 case TPM_ALG_CTR: |
| 22099 | 1879 _cpri__SM4DecryptCTR(decrypted, keySizeInBits, key, iv, |
| 22100 | 1880 dataSize, data); |
| 22101 | 1881 break; |
| 22102 | 1882 case TPM_ALG_OFB: |
| 22103 | 1883 _cpri__SM4DecryptOFB(decrypted, keySizeInBits, key, iv, |
| 22104 | 1884 dataSize, data); |
| 22105 | 1885 break; |
| 22106 | 1886 case TPM_ALG_CBC: |
| 22107 | 1887 _cpri__SM4DecryptCBC(decrypted, keySizeInBits, key, iv, |
| 22108 | 1888 dataSize, data); |
| 22109 | 1889 break; |
| 22110 | 1890 case TPM_ALG_CFB: |
| 22111 | 1891 _cpri__SM4DecryptCFB(decrypted, keySizeInBits, key, iv, |
| 22112 | 1892 dataSize, data); |
| 22113 | 1893 break; |
| 22114 | 1894 case TPM_ALG_ECB: |
| 22115 | 1895 _cpri__SM4DecryptECB(decrypted, keySizeInBits, key, |
| 22116 | 1896 dataSize, data); |
| 22117 | 1897 break; |
| 22118 | 1898 default: |
| 22119 | 1899 pAssert(0); |
| 22120 | 1900 } |
| 22121 | 1901 break; |
| 22122 | 1902 #endif //TPM_ALG_SM4 |
| 22123 | 1903 |
| 22124 | 1904 default: |
| 22125 | 1905 pAssert(FALSE); |
| 22126 | 1906 break; |
| 22127 | 1907 } |
| 22128 | 1908 return; |
| 22129 | 1909 } |
| 22130 | |
| 22131 | |
| 22132 | 10.2.9.6 CryptSecretEncrypt() |
| 22133 | |
| 22134 | This function creates a secret value and its associated secret structure using an asymmetric algorithm. |
| 22135 | This function is used by TPM2_Rewrap() TPM2_MakeCredential(), and TPM2_Duplicate(). |
| 22136 | |
| 22137 | Error Returns Meaning |
| 22138 | |
| 22139 | TPM_RC_ATTRIBUTES keyHandle does not reference a valid decryption key |
| 22140 | TPM_RC_KEY invalid ECC key (public point is not on the curve) |
| 22141 | TPM_RC_SCHEME RSA key with an unsupported padding scheme |
| 22142 | TPM_RC_VALUE numeric value of the data to be decrypted is greater than the RSA |
| 22143 | key modulus |
| 22144 | |
| 22145 | 1910 TPM_RC |
| 22146 | 1911 CryptSecretEncrypt( |
| 22147 | 1912 TPMI_DH_OBJECT keyHandle, // IN: encryption key handle |
| 22148 | 1913 const char *label, // IN: a null-terminated string as L |
| 22149 | 1914 TPM2B_DATA *data, // OUT: secret value |
| 22150 | 1915 TPM2B_ENCRYPTED_SECRET *secret // OUT: secret structure |
| 22151 | 1916 ) |
| 22152 | 1917 { |
| 22153 | 1918 TPM_RC result = TPM_RC_SUCCESS; |
| 22154 | 1919 OBJECT *encryptKey = ObjectGet(keyHandle); // TPM key used for encrypt |
| 22155 | 1920 |
| 22156 | 1921 pAssert(data != NULL && secret != NULL); |
| 22157 | |
| 22158 | Family "2.0" TCG Published Page 313 |
| 22159 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 22160 | Trusted Platform Module Library Part 4: Supporting Routines |
| 22161 | |
| 22162 | 1922 |
| 22163 | 1923 // The output secret value has the size of the digest produced by the nameAlg. |
| 22164 | 1924 data->t.size = CryptGetHashDigestSize(encryptKey->publicArea.nameAlg); |
| 22165 | 1925 |
| 22166 | 1926 pAssert(encryptKey->publicArea.objectAttributes.decrypt == SET); |
| 22167 | 1927 |
| 22168 | 1928 switch(encryptKey->publicArea.type) |
| 22169 | 1929 { |
| 22170 | 1930 #ifdef TPM_ALG_RSA |
| 22171 | 1931 case TPM_ALG_RSA: |
| 22172 | 1932 { |
| 22173 | 1933 TPMT_RSA_DECRYPT scheme; |
| 22174 | 1934 |
| 22175 | 1935 // Use OAEP scheme |
| 22176 | 1936 scheme.scheme = TPM_ALG_OAEP; |
| 22177 | 1937 scheme.details.oaep.hashAlg = encryptKey->publicArea.nameAlg; |
| 22178 | 1938 |
| 22179 | 1939 // Create secret data from RNG |
| 22180 | 1940 CryptGenerateRandom(data->t.size, data->t.buffer); |
| 22181 | 1941 |
| 22182 | 1942 // Encrypt the data by RSA OAEP into encrypted secret |
| 22183 | 1943 result = CryptEncryptRSA(&secret->t.size, secret->t.secret, |
| 22184 | 1944 encryptKey, &scheme, |
| 22185 | 1945 data->t.size, data->t.buffer, label); |
| 22186 | 1946 } |
| 22187 | 1947 break; |
| 22188 | 1948 #endif //TPM_ALG_RSA |
| 22189 | 1949 |
| 22190 | 1950 #ifdef TPM_ALG_ECC |
| 22191 | 1951 case TPM_ALG_ECC: |
| 22192 | 1952 { |
| 22193 | 1953 TPMS_ECC_POINT eccPublic; |
| 22194 | 1954 TPM2B_ECC_PARAMETER eccPrivate; |
| 22195 | 1955 TPMS_ECC_POINT eccSecret; |
| 22196 | 1956 BYTE *buffer = secret->t.secret; |
| 22197 | 1957 |
| 22198 | 1958 // Need to make sure that the public point of the key is on the |
| 22199 | 1959 // curve defined by the key. |
| 22200 | 1960 if(!_cpri__EccIsPointOnCurve( |
| 22201 | 1961 encryptKey->publicArea.parameters.eccDetail.curveID, |
| 22202 | 1962 &encryptKey->publicArea.unique.ecc)) |
| 22203 | 1963 result = TPM_RC_KEY; |
| 22204 | 1964 else |
| 22205 | 1965 { |
| 22206 | 1966 |
| 22207 | 1967 // Call crypto engine to create an auxiliary ECC key |
| 22208 | 1968 // We assume crypt engine initialization should always success. |
| 22209 | 1969 // Otherwise, TPM should go to failure mode. |
| 22210 | 1970 CryptNewEccKey(encryptKey->publicArea.parameters.eccDetail.curveID, |
| 22211 | 1971 &eccPublic, &eccPrivate); |
| 22212 | 1972 |
| 22213 | 1973 // Marshal ECC public to secret structure. This will be used by the |
| 22214 | 1974 // recipient to decrypt the secret with their private key. |
| 22215 | 1975 secret->t.size = TPMS_ECC_POINT_Marshal(&eccPublic, &buffer, NULL); |
| 22216 | 1976 |
| 22217 | 1977 // Compute ECDH shared secret which is R = [d]Q where d is the |
| 22218 | 1978 // private part of the ephemeral key and Q is the public part of a |
| 22219 | 1979 // TPM key. TPM_RC_KEY error return from CryptComputeECDHSecret |
| 22220 | 1980 // because the auxiliary ECC key is just created according to the |
| 22221 | 1981 // parameters of input ECC encrypt key. |
| 22222 | 1982 if( CryptEccPointMultiply(&eccSecret, |
| 22223 | 1983 encryptKey->publicArea.parameters.eccDetail.curveID, |
| 22224 | 1984 &eccPrivate, |
| 22225 | 1985 &encryptKey->publicArea.unique.ecc) |
| 22226 | 1986 != CRYPT_SUCCESS) |
| 22227 | 1987 result = TPM_RC_KEY; |
| 22228 | |
| 22229 | Page 314 TCG Published Family "2.0" |
| 22230 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 22231 | Part 4: Supporting Routines Trusted Platform Module Library |
| 22232 | |
| 22233 | 1988 else |
| 22234 | 1989 |
| 22235 | 1990 // The secret value is computed from Z using KDFe as: |
| 22236 | 1991 // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) |
| 22237 | 1992 // Where: |
| 22238 | 1993 // HashID the nameAlg of the decrypt key |
| 22239 | 1994 // Z the x coordinate (Px) of the product (P) of the point |
| 22240 | 1995 // (Q) of the secret and the private x coordinate (de,V) |
| 22241 | 1996 // of the decryption key |
| 22242 | 1997 // Use a null-terminated string containing "SECRET" |
| 22243 | 1998 // PartyUInfo the x coordinate of the point in the secret |
| 22244 | 1999 // (Qe,U ) |
| 22245 | 2000 // PartyVInfo the x coordinate of the public key (Qs,V ) |
| 22246 | 2001 // bits the number of bits in the digest of HashID |
| 22247 | 2002 // Retrieve seed from KDFe |
| 22248 | 2003 |
| 22249 | 2004 CryptKDFe(encryptKey->publicArea.nameAlg, &eccSecret.x.b, |
| 22250 | 2005 label, &eccPublic.x.b, |
| 22251 | 2006 &encryptKey->publicArea.unique.ecc.x.b, |
| 22252 | 2007 data->t.size * 8, data->t.buffer); |
| 22253 | 2008 } |
| 22254 | 2009 } |
| 22255 | 2010 break; |
| 22256 | 2011 #endif //TPM_ALG_ECC |
| 22257 | 2012 |
| 22258 | 2013 default: |
| 22259 | 2014 FAIL(FATAL_ERROR_INTERNAL); |
| 22260 | 2015 break; |
| 22261 | 2016 } |
| 22262 | 2017 |
| 22263 | 2018 return result; |
| 22264 | 2019 } |
| 22265 | |
| 22266 | |
| 22267 | 10.2.9.7 CryptSecretDecrypt() |
| 22268 | |
| 22269 | Decrypt a secret value by asymmetric (or symmetric) algorithm This function is used for |
| 22270 | ActivateCredential() and Import for asymmetric decryption, and StartAuthSession() for both asymmetric |
| 22271 | and symmetric decryption process |
| 22272 | |
| 22273 | Error Returns Meaning |
| 22274 | |
| 22275 | TPM_RC_ATTRIBUTES RSA key is not a decryption key |
| 22276 | TPM_RC_BINDING Invalid RSA key (public and private parts are not cryptographically |
| 22277 | bound. |
| 22278 | TPM_RC_ECC_POINT ECC point in the secret is not on the curve |
| 22279 | TPM_RC_INSUFFICIENT failed to retrieve ECC point from the secret |
| 22280 | TPM_RC_NO_RESULT multiplication resulted in ECC point at infinity |
| 22281 | TPM_RC_SIZE data to decrypt is not of the same size as RSA key |
| 22282 | TPM_RC_VALUE For RSA key, numeric value of the encrypted data is greater than the |
| 22283 | modulus, or the recovered data is larger than the output buffer. For |
| 22284 | keyedHash or symmetric key, the secret is larger than the size of the |
| 22285 | digest produced by the name algorithm. |
| 22286 | TPM_RC_FAILURE internal error |
| 22287 | |
| 22288 | 2020 TPM_RC |
| 22289 | 2021 CryptSecretDecrypt( |
| 22290 | 2022 TPM_HANDLE tpmKey, // IN: decrypt key |
| 22291 | 2023 TPM2B_NONCE *nonceCaller, // IN: nonceCaller. It is needed for |
| 22292 | 2024 // symmetric decryption. For |
| 22293 | |
| 22294 | Family "2.0" TCG Published Page 315 |
| 22295 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 22296 | Trusted Platform Module Library Part 4: Supporting Routines |
| 22297 | |
| 22298 | 2025 // asymmetric decryption, this |
| 22299 | 2026 // parameter is NULL |
| 22300 | 2027 const char *label, // IN: a null-terminated string as L |
| 22301 | 2028 TPM2B_ENCRYPTED_SECRET *secret, // IN: input secret |
| 22302 | 2029 TPM2B_DATA *data // OUT: decrypted secret value |
| 22303 | 2030 ) |
| 22304 | 2031 { |
| 22305 | 2032 TPM_RC result = TPM_RC_SUCCESS; |
| 22306 | 2033 OBJECT *decryptKey = ObjectGet(tpmKey); //TPM key used for decrypting |
| 22307 | 2034 |
| 22308 | 2035 // Decryption for secret |
| 22309 | 2036 switch(decryptKey->publicArea.type) |
| 22310 | 2037 { |
| 22311 | 2038 |
| 22312 | 2039 #ifdef TPM_ALG_RSA |
| 22313 | 2040 case TPM_ALG_RSA: |
| 22314 | 2041 { |
| 22315 | 2042 TPMT_RSA_DECRYPT scheme; |
| 22316 | 2043 |
| 22317 | 2044 // Use OAEP scheme |
| 22318 | 2045 scheme.scheme = TPM_ALG_OAEP; |
| 22319 | 2046 scheme.details.oaep.hashAlg = decryptKey->publicArea.nameAlg; |
| 22320 | 2047 |
| 22321 | 2048 // Set the output buffer capacity |
| 22322 | 2049 data->t.size = sizeof(data->t.buffer); |
| 22323 | 2050 |
| 22324 | 2051 // Decrypt seed by RSA OAEP |
| 22325 | 2052 result = CryptDecryptRSA(&data->t.size, data->t.buffer, decryptKey, |
| 22326 | 2053 &scheme, |
| 22327 | 2054 secret->t.size, secret->t.secret,label); |
| 22328 | 2055 if( (result == TPM_RC_SUCCESS) |
| 22329 | 2056 && (data->t.size |
| 22330 | 2057 > CryptGetHashDigestSize(decryptKey->publicArea.nameAlg))) |
| 22331 | 2058 result = TPM_RC_VALUE; |
| 22332 | 2059 } |
| 22333 | 2060 break; |
| 22334 | 2061 #endif //TPM_ALG_RSA |
| 22335 | 2062 |
| 22336 | 2063 #ifdef TPM_ALG_ECC |
| 22337 | 2064 case TPM_ALG_ECC: |
| 22338 | 2065 { |
| 22339 | 2066 TPMS_ECC_POINT eccPublic; |
| 22340 | 2067 TPMS_ECC_POINT eccSecret; |
| 22341 | 2068 BYTE *buffer = secret->t.secret; |
| 22342 | 2069 INT32 size = secret->t.size; |
| 22343 | 2070 |
| 22344 | 2071 // Retrieve ECC point from secret buffer |
| 22345 | 2072 result = TPMS_ECC_POINT_Unmarshal(&eccPublic, &buffer, &size); |
| 22346 | 2073 if(result == TPM_RC_SUCCESS) |
| 22347 | 2074 { |
| 22348 | 2075 result = CryptEccPointMultiply(&eccSecret, |
| 22349 | 2076 decryptKey->publicArea.parameters.eccDetail.curveID, |
| 22350 | 2077 &decryptKey->sensitive.sensitive.ecc, |
| 22351 | 2078 &eccPublic); |
| 22352 | 2079 |
| 22353 | 2080 if(result == TPM_RC_SUCCESS) |
| 22354 | 2081 { |
| 22355 | 2082 |
| 22356 | 2083 // Set the size of the "recovered" secret value to be the size |
| 22357 | 2084 // of the digest produced by the nameAlg. |
| 22358 | 2085 data->t.size = |
| 22359 | 2086 CryptGetHashDigestSize(decryptKey->publicArea.nameAlg); |
| 22360 | 2087 |
| 22361 | 2088 // The secret value is computed from Z using KDFe as: |
| 22362 | 2089 // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) |
| 22363 | 2090 // Where: |
| 22364 | |
| 22365 | Page 316 TCG Published Family "2.0" |
| 22366 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 22367 | Part 4: Supporting Routines Trusted Platform Module Library |
| 22368 | |
| 22369 | 2091 // HashID -- the nameAlg of the decrypt key |
| 22370 | 2092 // Z -- the x coordinate (Px) of the product (P) of the point |
| 22371 | 2093 // (Q) of the secret and the private x coordinate (de,V) |
| 22372 | 2094 // of the decryption key |
| 22373 | 2095 // Use -- a null-terminated string containing "SECRET" |
| 22374 | 2096 // PartyUInfo -- the x coordinate of the point in the secret |
| 22375 | 2097 // (Qe,U ) |
| 22376 | 2098 // PartyVInfo -- the x coordinate of the public key (Qs,V ) |
| 22377 | 2099 // bits -- the number of bits in the digest of HashID |
| 22378 | 2100 // Retrieve seed from KDFe |
| 22379 | 2101 CryptKDFe(decryptKey->publicArea.nameAlg, &eccSecret.x.b, label, |
| 22380 | 2102 &eccPublic.x.b, |
| 22381 | 2103 &decryptKey->publicArea.unique.ecc.x.b, |
| 22382 | 2104 data->t.size * 8, data->t.buffer); |
| 22383 | 2105 } |
| 22384 | 2106 } |
| 22385 | 2107 } |
| 22386 | 2108 break; |
| 22387 | 2109 #endif //TPM_ALG_ECC |
| 22388 | 2110 |
| 22389 | 2111 case TPM_ALG_KEYEDHASH: |
| 22390 | 2112 // The seed size can not be bigger than the digest size of nameAlg |
| 22391 | 2113 if(secret->t.size > |
| 22392 | 2114 CryptGetHashDigestSize(decryptKey->publicArea.nameAlg)) |
| 22393 | 2115 result = TPM_RC_VALUE; |
| 22394 | 2116 else |
| 22395 | 2117 { |
| 22396 | 2118 // Retrieve seed by XOR Obfuscation: |
| 22397 | 2119 // seed = XOR(secret, hash, key, nonceCaller, nullNonce) |
| 22398 | 2120 // where: |
| 22399 | 2121 // secret the secret parameter from the TPM2_StartAuthHMAC |
| 22400 | 2122 // command |
| 22401 | 2123 // which contains the seed value |
| 22402 | 2124 // hash nameAlg of tpmKey |
| 22403 | 2125 // key the key or data value in the object referenced by |
| 22404 | 2126 // entityHandle in the TPM2_StartAuthHMAC command |
| 22405 | 2127 // nonceCaller the parameter from the TPM2_StartAuthHMAC command |
| 22406 | 2128 // nullNonce a zero-length nonce |
| 22407 | 2129 // XOR Obfuscation in place |
| 22408 | 2130 CryptXORObfuscation(decryptKey->publicArea.nameAlg, |
| 22409 | 2131 &decryptKey->sensitive.sensitive.bits.b, |
| 22410 | 2132 &nonceCaller->b, NULL, |
| 22411 | 2133 secret->t.size, secret->t.secret); |
| 22412 | 2134 // Copy decrypted seed |
| 22413 | 2135 MemoryCopy2B(&data->b, &secret->b, sizeof(data->t.buffer)); |
| 22414 | 2136 } |
| 22415 | 2137 break; |
| 22416 | 2138 case TPM_ALG_SYMCIPHER: |
| 22417 | 2139 { |
| 22418 | 2140 TPM2B_IV iv = {0}; |
| 22419 | 2141 TPMT_SYM_DEF_OBJECT *symDef; |
| 22420 | 2142 // The seed size can not be bigger than the digest size of nameAlg |
| 22421 | 2143 if(secret->t.size > |
| 22422 | 2144 CryptGetHashDigestSize(decryptKey->publicArea.nameAlg)) |
| 22423 | 2145 result = TPM_RC_VALUE; |
| 22424 | 2146 else |
| 22425 | 2147 { |
| 22426 | 2148 symDef = &decryptKey->publicArea.parameters.symDetail.sym; |
| 22427 | 2149 iv.t.size = CryptGetSymmetricBlockSize(symDef->algorithm, |
| 22428 | 2150 symDef->keyBits.sym); |
| 22429 | 2151 pAssert(iv.t.size != 0); |
| 22430 | 2152 if(nonceCaller->t.size >= iv.t.size) |
| 22431 | 2153 MemoryCopy(iv.t.buffer, nonceCaller->t.buffer, iv.t.size, |
| 22432 | 2154 sizeof(iv.t.buffer)); |
| 22433 | 2155 else |
| 22434 | 2156 MemoryCopy(iv.b.buffer, nonceCaller->t.buffer, |
| 22435 | |
| 22436 | Family "2.0" TCG Published Page 317 |
| 22437 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 22438 | Trusted Platform Module Library Part 4: Supporting Routines |
| 22439 | |
| 22440 | 2157 nonceCaller->t.size, sizeof(iv.t.buffer)); |
| 22441 | 2158 // CFB decrypt in place, using nonceCaller as iv |
| 22442 | 2159 CryptSymmetricDecrypt(secret->t.secret, symDef->algorithm, |
| 22443 | 2160 symDef->keyBits.sym, TPM_ALG_CFB, |
| 22444 | 2161 decryptKey->sensitive.sensitive.sym.t.buffer, |
| 22445 | 2162 &iv, secret->t.size, secret->t.secret); |
| 22446 | 2163 |
| 22447 | 2164 // Copy decrypted seed |
| 22448 | 2165 MemoryCopy2B(&data->b, &secret->b, sizeof(data->t.buffer)); |
| 22449 | 2166 } |
| 22450 | 2167 } |
| 22451 | 2168 break; |
| 22452 | 2169 default: |
| 22453 | 2170 pAssert(0); |
| 22454 | 2171 break; |
| 22455 | 2172 } |
| 22456 | 2173 return result; |
| 22457 | 2174 } |
| 22458 | |
| 22459 | |
| 22460 | 10.2.9.8 CryptParameterEncryption() |
| 22461 | |
| 22462 | This function does in-place encryption of a response parameter. |
| 22463 | |
| 22464 | 2175 void |
| 22465 | 2176 CryptParameterEncryption( |
| 22466 | 2177 TPM_HANDLE handle, // IN: encrypt session handle |
| 22467 | 2178 TPM2B *nonceCaller, // IN: nonce caller |
| 22468 | 2179 UINT16 leadingSizeInByte, // IN: the size of the leading size field in |
| 22469 | 2180 // byte |
| 22470 | 2181 TPM2B_AUTH *extraKey, // IN: additional key material other than |
| 22471 | 2182 // session auth |
| 22472 | 2183 BYTE *buffer // IN/OUT: parameter buffer to be encrypted |
| 22473 | 2184 ) |
| 22474 | 2185 { |
| 22475 | 2186 SESSION *session = SessionGet(handle); // encrypt session |
| 22476 | 2187 TPM2B_TYPE(SYM_KEY, ( sizeof(extraKey->t.buffer) |
| 22477 | 2188 + sizeof(session->sessionKey.t.buffer))); |
| 22478 | 2189 TPM2B_SYM_KEY key; // encryption key |
| 22479 | 2190 UINT32 cipherSize = 0; // size of cipher text |
| 22480 | 2191 |
| 22481 | 2192 pAssert(session->sessionKey.t.size + extraKey->t.size <= sizeof(key.t.buffer)); |
| 22482 | 2193 |
| 22483 | 2194 // Retrieve encrypted data size. |
| 22484 | 2195 if(leadingSizeInByte == 2) |
| 22485 | 2196 { |
| 22486 | 2197 // Extract the first two bytes as the size field as the data size |
| 22487 | 2198 // encrypt |
| 22488 | 2199 cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); |
| 22489 | 2200 // advance the buffer |
| 22490 | 2201 buffer = &buffer[2]; |
| 22491 | 2202 } |
| 22492 | 2203 #ifdef TPM4B |
| 22493 | 2204 else if(leadingSizeInByte == 4) |
| 22494 | 2205 { |
| 22495 | 2206 // use the first four bytes to indicate the number of bytes to encrypt |
| 22496 | 2207 cipherSize = BYTE_ARRAY_TO_UINT32(buffer); |
| 22497 | 2208 //advance pointer |
| 22498 | 2209 buffer = &buffer[4]; |
| 22499 | 2210 } |
| 22500 | 2211 #endif |
| 22501 | 2212 else |
| 22502 | 2213 { |
| 22503 | 2214 pAssert(FALSE); |
| 22504 | 2215 } |
| 22505 | |
| 22506 | |
| 22507 | Page 318 TCG Published Family "2.0" |
| 22508 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 22509 | Part 4: Supporting Routines Trusted Platform Module Library |
| 22510 | |
| 22511 | 2216 |
| 22512 | 2217 // Compute encryption key by concatenating sessionAuth with extra key |
| 22513 | 2218 MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); |
| 22514 | 2219 MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); |
| 22515 | 2220 |
| 22516 | 2221 if (session->symmetric.algorithm == TPM_ALG_XOR) |
| 22517 | 2222 |
| 22518 | 2223 // XOR parameter encryption formulation: |
| 22519 | 2224 // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) |
| 22520 | 2225 CryptXORObfuscation(session->authHashAlg, &(key.b), |
| 22521 | 2226 &(session->nonceTPM.b), |
| 22522 | 2227 nonceCaller, cipherSize, buffer); |
| 22523 | 2228 else |
| 22524 | 2229 ParmEncryptSym(session->symmetric.algorithm, session->authHashAlg, |
| 22525 | 2230 session->symmetric.keyBits.aes, &(key.b), |
| 22526 | 2231 nonceCaller, &(session->nonceTPM.b), |
| 22527 | 2232 cipherSize, buffer); |
| 22528 | 2233 return; |
| 22529 | 2234 } |
| 22530 | |
| 22531 | |
| 22532 | 10.2.9.9 CryptParameterDecryption() |
| 22533 | |
| 22534 | This function does in-place decryption of a command parameter. |
| 22535 | |
| 22536 | Error Returns Meaning |
| 22537 | |
| 22538 | TPM_RC_SIZE The number of bytes in the input buffer is less than the number of |
| 22539 | bytes to be decrypted. |
| 22540 | |
| 22541 | 2235 TPM_RC |
| 22542 | 2236 CryptParameterDecryption( |
| 22543 | 2237 TPM_HANDLE handle, // IN: encrypted session handle |
| 22544 | 2238 TPM2B *nonceCaller, // IN: nonce caller |
| 22545 | 2239 UINT32 bufferSize, // IN: size of parameter buffer |
| 22546 | 2240 UINT16 leadingSizeInByte, // IN: the size of the leading size field in |
| 22547 | 2241 // byte |
| 22548 | 2242 TPM2B_AUTH *extraKey, // IN: the authValue |
| 22549 | 2243 BYTE *buffer // IN/OUT: parameter buffer to be decrypted |
| 22550 | 2244 ) |
| 22551 | 2245 { |
| 22552 | 2246 SESSION *session = SessionGet(handle); // encrypt session |
| 22553 | 2247 // The HMAC key is going to be the concatenation of the session key and any |
| 22554 | 2248 // additional key material (like the authValue). The size of both of these |
| 22555 | 2249 // is the size of the buffer which can contain a TPMT_HA. |
| 22556 | 2250 TPM2B_TYPE(HMAC_KEY, ( sizeof(extraKey->t.buffer) |
| 22557 | 2251 + sizeof(session->sessionKey.t.buffer))); |
| 22558 | 2252 TPM2B_HMAC_KEY key; // decryption key |
| 22559 | 2253 UINT32 cipherSize = 0; // size of cipher text |
| 22560 | 2254 |
| 22561 | 2255 pAssert(session->sessionKey.t.size + extraKey->t.size <= sizeof(key.t.buffer)); |
| 22562 | 2256 |
| 22563 | 2257 // Retrieve encrypted data size. |
| 22564 | 2258 if(leadingSizeInByte == 2) |
| 22565 | 2259 { |
| 22566 | 2260 // The first two bytes of the buffer are the size of the |
| 22567 | 2261 // data to be decrypted |
| 22568 | 2262 cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); |
| 22569 | 2263 buffer = &buffer[2]; // advance the buffer |
| 22570 | 2264 } |
| 22571 | 2265 #ifdef TPM4B |
| 22572 | 2266 else if(leadingSizeInByte == 4) |
| 22573 | 2267 { |
| 22574 | 2268 // the leading size is four bytes so get the four byte size field |
| 22575 | 2269 cipherSize = BYTE_ARRAY_TO_UINT32(buffer); |
| 22576 | |
| 22577 | Family "2.0" TCG Published Page 319 |
| 22578 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 22579 | Trusted Platform Module Library Part 4: Supporting Routines |
| 22580 | |
| 22581 | 2270 buffer = &buffer[4]; //advance pointer |
| 22582 | 2271 } |
| 22583 | 2272 #endif |
| 22584 | 2273 else |
| 22585 | 2274 { |
| 22586 | 2275 pAssert(FALSE); |
| 22587 | 2276 } |
| 22588 | 2277 if(cipherSize > bufferSize) |
| 22589 | 2278 return TPM_RC_SIZE; |
| 22590 | 2279 |
| 22591 | 2280 // Compute decryption key by concatenating sessionAuth with extra input key |
| 22592 | 2281 MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); |
| 22593 | 2282 MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); |
| 22594 | 2283 |
| 22595 | 2284 if(session->symmetric.algorithm == TPM_ALG_XOR) |
| 22596 | 2285 // XOR parameter decryption formulation: |
| 22597 | 2286 // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) |
| 22598 | 2287 // Call XOR obfuscation function |
| 22599 | 2288 CryptXORObfuscation(session->authHashAlg, &key.b, nonceCaller, |
| 22600 | 2289 &(session->nonceTPM.b), cipherSize, buffer); |
| 22601 | 2290 else |
| 22602 | 2291 // Assume that it is one of the symmetric block ciphers. |
| 22603 | 2292 ParmDecryptSym(session->symmetric.algorithm, session->authHashAlg, |
| 22604 | 2293 session->symmetric.keyBits.sym, |
| 22605 | 2294 &key.b, nonceCaller, &session->nonceTPM.b, |
| 22606 | 2295 cipherSize, buffer); |
| 22607 | 2296 |
| 22608 | 2297 return TPM_RC_SUCCESS; |
| 22609 | 2298 |
| 22610 | 2299 } |
| 22611 | |
| 22612 | |
| 22613 | 10.2.9.10 CryptComputeSymmetricUnique() |
| 22614 | |
| 22615 | This function computes the unique field in public area for symmetric objects. |
| 22616 | |
| 22617 | 2300 void |
| 22618 | 2301 CryptComputeSymmetricUnique( |
| 22619 | 2302 TPMI_ALG_HASH nameAlg, // IN: object name algorithm |
| 22620 | 2303 TPMT_SENSITIVE *sensitive, // IN: sensitive area |
| 22621 | 2304 TPM2B_DIGEST *unique // OUT: unique buffer |
| 22622 | 2305 ) |
| 22623 | 2306 { |
| 22624 | 2307 HASH_STATE hashState; |
| 22625 | 2308 |
| 22626 | 2309 pAssert(sensitive != NULL && unique != NULL); |
| 22627 | 2310 |
| 22628 | 2311 // Compute the public value as the hash of sensitive.symkey || unique.buffer |
| 22629 | 2312 unique->t.size = CryptGetHashDigestSize(nameAlg); |
| 22630 | 2313 CryptStartHash(nameAlg, &hashState); |
| 22631 | 2314 |
| 22632 | 2315 // Add obfuscation value |
| 22633 | 2316 CryptUpdateDigest2B(&hashState, &sensitive->seedValue.b); |
| 22634 | 2317 |
| 22635 | 2318 // Add sensitive value |
| 22636 | 2319 CryptUpdateDigest2B(&hashState, &sensitive->sensitive.any.b); |
| 22637 | 2320 |
| 22638 | 2321 CryptCompleteHash2B(&hashState, &unique->b); |
| 22639 | 2322 |
| 22640 | 2323 return; |
| 22641 | 2324 } |
| 22642 | 2325 #if 0 //% |
| 22643 | |
| 22644 | |
| 22645 | |
| 22646 | |
| 22647 | Page 320 TCG Published Family "2.0" |
| 22648 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 22649 | Part 4: Supporting Routines Trusted Platform Module Library |
| 22650 | |
| 22651 | 10.2.9.11 CryptComputeSymValue() |
| 22652 | |
| 22653 | This function computes the seedValue field in asymmetric sensitive areas. |
| 22654 | |
| 22655 | 2326 void |
| 22656 | 2327 CryptComputeSymValue( |
| 22657 | 2328 TPM_HANDLE parentHandle, // IN: parent handle of the object to be created |
| 22658 | 2329 TPMT_PUBLIC *publicArea, // IN/OUT: the public area template |
| 22659 | 2330 TPMT_SENSITIVE *sensitive, // IN: sensitive area |
| 22660 | 2331 TPM2B_SEED *seed, // IN: the seed |
| 22661 | 2332 TPMI_ALG_HASH hashAlg, // IN: hash algorithm for KDFa |
| 22662 | 2333 TPM2B_NAME *name // IN: object name |
| 22663 | 2334 ) |
| 22664 | 2335 { |
| 22665 | 2336 TPM2B_AUTH *proof = NULL; |
| 22666 | 2337 |
| 22667 | 2338 if(CryptIsAsymAlgorithm(publicArea->type)) |
| 22668 | 2339 { |
| 22669 | 2340 // Generate seedValue only when an asymmetric key is a storage key |
| 22670 | 2341 if(publicArea->objectAttributes.decrypt == SET |
| 22671 | 2342 && publicArea->objectAttributes.restricted == SET) |
| 22672 | 2343 { |
| 22673 | 2344 // If this is a primary object in the endorsement hierarchy, use |
| 22674 | 2345 // ehProof in the creation of the symmetric seed so that child |
| 22675 | 2346 // objects in the endorsement hierarchy are voided on TPM2_Clear() |
| 22676 | 2347 // or TPM2_ChangeEPS() |
| 22677 | 2348 if( parentHandle == TPM_RH_ENDORSEMENT |
| 22678 | 2349 && publicArea->objectAttributes.fixedTPM == SET) |
| 22679 | 2350 proof = &gp.ehProof; |
| 22680 | 2351 } |
| 22681 | 2352 else |
| 22682 | 2353 { |
| 22683 | 2354 sensitive->seedValue.t.size = 0; |
| 22684 | 2355 return; |
| 22685 | 2356 } |
| 22686 | 2357 } |
| 22687 | 2358 |
| 22688 | 2359 // For all object types, the size of seedValue is the digest size of nameAlg |
| 22689 | 2360 sensitive->seedValue.t.size = CryptGetHashDigestSize(publicArea->nameAlg); |
| 22690 | 2361 |
| 22691 | 2362 // Compute seedValue using implementation-dependent method |
| 22692 | 2363 _cpri__GenerateSeededRandom(sensitive->seedValue.t.size, |
| 22693 | 2364 sensitive->seedValue.t.buffer, |
| 22694 | 2365 hashAlg, |
| 22695 | 2366 &seed->b, |
| 22696 | 2367 "seedValue", |
| 22697 | 2368 &name->b, |
| 22698 | 2369 (TPM2B *)proof); |
| 22699 | 2370 return; |
| 22700 | 2371 } |
| 22701 | 2372 #endif //% |
| 22702 | |
| 22703 | |
| 22704 | 10.2.9.12 CryptCreateObject() |
| 22705 | |
| 22706 | This function creates an object. It: |
| 22707 | a) fills in the created key in public and sensitive area; |
| 22708 | b) creates a random number in sensitive area for symmetric keys; and |
| 22709 | c) compute the unique id in public area for symmetric keys. |
| 22710 | |
| 22711 | |
| 22712 | |
| 22713 | |
| 22714 | Family "2.0" TCG Published Page 321 |
| 22715 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 22716 | Trusted Platform Module Library Part 4: Supporting Routines |
| 22717 | |
| 22718 | |
| 22719 | Error Returns Meaning |
| 22720 | |
| 22721 | TPM_RC_KEY_SIZE key size in the public area does not match the size in the sensitive |
| 22722 | creation area for a symmetric key |
| 22723 | TPM_RC_RANGE for an RSA key, the exponent is not supported |
| 22724 | TPM_RC_SIZE sensitive data size is larger than allowed for the scheme for a keyed |
| 22725 | hash object |
| 22726 | TPM_RC_VALUE exponent is not prime or could not find a prime using the provided |
| 22727 | parameters for an RSA key; unsupported name algorithm for an ECC |
| 22728 | key |
| 22729 | |
| 22730 | 2373 TPM_RC |
| 22731 | 2374 CryptCreateObject( |
| 22732 | 2375 TPM_HANDLE parentHandle, // IN/OUT: indication of the seed |
| 22733 | 2376 // source |
| 22734 | 2377 TPMT_PUBLIC *publicArea, // IN/OUT: public area |
| 22735 | 2378 TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation |
| 22736 | 2379 TPMT_SENSITIVE *sensitive // OUT: sensitive area |
| 22737 | 2380 ) |
| 22738 | 2381 { |
| 22739 | 2382 // Next value is a placeholder for a random seed that is used in |
| 22740 | 2383 // key creation when the parent is not a primary seed. It has the same |
| 22741 | 2384 // size as the primary seed. |
| 22742 | 2385 |
| 22743 | 2386 TPM2B_SEED localSeed; // data to seed key creation if this |
| 22744 | 2387 // is not a primary seed |
| 22745 | 2388 |
| 22746 | 2389 TPM2B_SEED *seed = NULL; |
| 22747 | 2390 TPM_RC result = TPM_RC_SUCCESS; |
| 22748 | 2391 |
| 22749 | 2392 TPM2B_NAME name; |
| 22750 | 2393 TPM_ALG_ID hashAlg = CONTEXT_INTEGRITY_HASH_ALG; |
| 22751 | 2394 OBJECT *parent; |
| 22752 | 2395 UINT32 counter; |
| 22753 | 2396 |
| 22754 | 2397 // Set the sensitive type for the object |
| 22755 | 2398 sensitive->sensitiveType = publicArea->type; |
| 22756 | 2399 ObjectComputeName(publicArea, &name); |
| 22757 | 2400 |
| 22758 | 2401 // For all objects, copy the initial auth data |
| 22759 | 2402 sensitive->authValue = sensitiveCreate->userAuth; |
| 22760 | 2403 |
| 22761 | 2404 // If this is a permanent handle assume that it is a hierarchy |
| 22762 | 2405 if(HandleGetType(parentHandle) == TPM_HT_PERMANENT) |
| 22763 | 2406 { |
| 22764 | 2407 seed = HierarchyGetPrimarySeed(parentHandle); |
| 22765 | 2408 } |
| 22766 | 2409 else |
| 22767 | 2410 { |
| 22768 | 2411 // If not hierarchy handle, get parent |
| 22769 | 2412 parent = ObjectGet(parentHandle); |
| 22770 | 2413 hashAlg = parent->publicArea.nameAlg; |
| 22771 | 2414 |
| 22772 | 2415 // Use random value as seed for non-primary objects |
| 22773 | 2416 localSeed.t.size = PRIMARY_SEED_SIZE; |
| 22774 | 2417 CryptGenerateRandom(PRIMARY_SEED_SIZE, localSeed.t.buffer); |
| 22775 | 2418 seed = &localSeed; |
| 22776 | 2419 } |
| 22777 | 2420 |
| 22778 | 2421 switch(publicArea->type) |
| 22779 | 2422 { |
| 22780 | 2423 #ifdef TPM_ALG_RSA |
| 22781 | 2424 // Create RSA key |
| 22782 | |
| 22783 | Page 322 TCG Published Family "2.0" |
| 22784 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 22785 | Part 4: Supporting Routines Trusted Platform Module Library |
| 22786 | |
| 22787 | 2425 case TPM_ALG_RSA: |
| 22788 | 2426 result = CryptGenerateKeyRSA(publicArea, sensitive, |
| 22789 | 2427 hashAlg, seed, &name, &counter); |
| 22790 | 2428 break; |
| 22791 | 2429 #endif // TPM_ALG_RSA |
| 22792 | 2430 |
| 22793 | 2431 #ifdef TPM_ALG_ECC |
| 22794 | 2432 // Create ECC key |
| 22795 | 2433 case TPM_ALG_ECC: |
| 22796 | 2434 result = CryptGenerateKeyECC(publicArea, sensitive, |
| 22797 | 2435 hashAlg, seed, &name, &counter); |
| 22798 | 2436 break; |
| 22799 | 2437 #endif // TPM_ALG_ECC |
| 22800 | 2438 |
| 22801 | 2439 // Collect symmetric key information |
| 22802 | 2440 case TPM_ALG_SYMCIPHER: |
| 22803 | 2441 return CryptGenerateKeySymmetric(publicArea, sensitiveCreate, |
| 22804 | 2442 sensitive, hashAlg, seed, &name); |
| 22805 | 2443 break; |
| 22806 | 2444 case TPM_ALG_KEYEDHASH: |
| 22807 | 2445 return CryptGenerateKeyedHash(publicArea, sensitiveCreate, |
| 22808 | 2446 sensitive, hashAlg, seed, &name); |
| 22809 | 2447 break; |
| 22810 | 2448 default: |
| 22811 | 2449 pAssert(0); |
| 22812 | 2450 break; |
| 22813 | 2451 } |
| 22814 | 2452 if(result == TPM_RC_SUCCESS) |
| 22815 | 2453 { |
| 22816 | 2454 TPM2B_AUTH *proof = NULL; |
| 22817 | 2455 |
| 22818 | 2456 if(publicArea->objectAttributes.decrypt == SET |
| 22819 | 2457 && publicArea->objectAttributes.restricted == SET) |
| 22820 | 2458 { |
| 22821 | 2459 // If this is a primary object in the endorsement hierarchy, use |
| 22822 | 2460 // ehProof in the creation of the symmetric seed so that child |
| 22823 | 2461 // objects in the endorsement hierarchy are voided on TPM2_Clear() |
| 22824 | 2462 // or TPM2_ChangeEPS() |
| 22825 | 2463 if( parentHandle == TPM_RH_ENDORSEMENT |
| 22826 | 2464 && publicArea->objectAttributes.fixedTPM == SET) |
| 22827 | 2465 proof = &gp.ehProof; |
| 22828 | 2466 |
| 22829 | 2467 // For all object types, the size of seedValue is the digest size |
| 22830 | 2468 // of its nameAlg |
| 22831 | 2469 sensitive->seedValue.t.size |
| 22832 | 2470 = CryptGetHashDigestSize(publicArea->nameAlg); |
| 22833 | 2471 |
| 22834 | 2472 // Compute seedValue using implementation-dependent method |
| 22835 | 2473 _cpri__GenerateSeededRandom(sensitive->seedValue.t.size, |
| 22836 | 2474 sensitive->seedValue.t.buffer, |
| 22837 | 2475 hashAlg, |
| 22838 | 2476 &seed->b, |
| 22839 | 2477 "seedValuea", |
| 22840 | 2478 &name.b, |
| 22841 | 2479 (TPM2B *)proof); |
| 22842 | 2480 } |
| 22843 | 2481 else |
| 22844 | 2482 { |
| 22845 | 2483 sensitive->seedValue.t.size = 0; |
| 22846 | 2484 } |
| 22847 | 2485 } |
| 22848 | 2486 |
| 22849 | 2487 return result; |
| 22850 | 2488 |
| 22851 | 2489 } |
| 22852 | |
| 22853 | |
| 22854 | Family "2.0" TCG Published Page 323 |
| 22855 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 22856 | Trusted Platform Module Library Part 4: Supporting Routines |
| 22857 | |
| 22858 | 10.2.9.13 CryptObjectIsPublicConsistent() |
| 22859 | |
| 22860 | This function checks that the key sizes in the public area are consistent. For an asymmetric key, the size |
| 22861 | of the public key must match the size indicated by the public->parameters. |
| 22862 | Checks for the algorithm types matching the key type are handled by the unmarshaling operation. |
| 22863 | |
| 22864 | Return Value Meaning |
| 22865 | |
| 22866 | TRUE sizes are consistent |
| 22867 | FALSE sizes are not consistent |
| 22868 | |
| 22869 | 2490 BOOL |
| 22870 | 2491 CryptObjectIsPublicConsistent( |
| 22871 | 2492 TPMT_PUBLIC *publicArea // IN: public area |
| 22872 | 2493 ) |
| 22873 | 2494 { |
| 22874 | 2495 BOOL OK = TRUE; |
| 22875 | 2496 switch (publicArea->type) |
| 22876 | 2497 { |
| 22877 | 2498 #ifdef TPM_ALG_RSA |
| 22878 | 2499 case TPM_ALG_RSA: |
| 22879 | 2500 OK = CryptAreKeySizesConsistent(publicArea); |
| 22880 | 2501 break; |
| 22881 | 2502 #endif //TPM_ALG_RSA |
| 22882 | 2503 |
| 22883 | 2504 #ifdef TPM_ALG_ECC |
| 22884 | 2505 case TPM_ALG_ECC: |
| 22885 | 2506 { |
| 22886 | 2507 const ECC_CURVE *curveValue; |
| 22887 | 2508 |
| 22888 | 2509 // Check that the public point is on the indicated curve. |
| 22889 | 2510 OK = CryptEccIsPointOnCurve( |
| 22890 | 2511 publicArea->parameters.eccDetail.curveID, |
| 22891 | 2512 &publicArea->unique.ecc); |
| 22892 | 2513 if(OK) |
| 22893 | 2514 { |
| 22894 | 2515 curveValue = CryptEccGetCurveDataPointer( |
| 22895 | 2516 publicArea->parameters.eccDetail.curveID); |
| 22896 | 2517 pAssert(curveValue != NULL); |
| 22897 | 2518 |
| 22898 | 2519 // The input ECC curve must be a supported curve |
| 22899 | 2520 // IF a scheme is defined for the curve, then that scheme must |
| 22900 | 2521 // be used. |
| 22901 | 2522 OK = (curveValue->sign.scheme == TPM_ALG_NULL |
| 22902 | 2523 || ( publicArea->parameters.eccDetail.scheme.scheme |
| 22903 | 2524 == curveValue->sign.scheme)); |
| 22904 | 2525 OK = OK && CryptAreKeySizesConsistent(publicArea); |
| 22905 | 2526 } |
| 22906 | 2527 } |
| 22907 | 2528 break; |
| 22908 | 2529 #endif //TPM_ALG_ECC |
| 22909 | 2530 |
| 22910 | 2531 default: |
| 22911 | 2532 // Symmetric object common checks |
| 22912 | 2533 // There is noting to check with a symmetric key that is public only. |
| 22913 | 2534 // Also not sure that there is anything useful to be done with it |
| 22914 | 2535 // either. |
| 22915 | 2536 break; |
| 22916 | 2537 } |
| 22917 | 2538 return OK; |
| 22918 | 2539 } |
| 22919 | |
| 22920 | |
| 22921 | |
| 22922 | |
| 22923 | Page 324 TCG Published Family "2.0" |
| 22924 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 22925 | Part 4: Supporting Routines Trusted Platform Module Library |
| 22926 | |
| 22927 | 10.2.9.14 CryptObjectPublicPrivateMatch() |
| 22928 | |
| 22929 | This function checks the cryptographic binding between the public and sensitive areas. |
| 22930 | |
| 22931 | Error Returns Meaning |
| 22932 | |
| 22933 | TPM_RC_TYPE the type of the public and private areas are not the same |
| 22934 | TPM_RC_FAILURE crypto error |
| 22935 | TPM_RC_BINDING the public and private areas are not cryptographically matched. |
| 22936 | |
| 22937 | 2540 TPM_RC |
| 22938 | 2541 CryptObjectPublicPrivateMatch( |
| 22939 | 2542 OBJECT *object // IN: the object to check |
| 22940 | 2543 ) |
| 22941 | 2544 { |
| 22942 | 2545 TPMT_PUBLIC *publicArea; |
| 22943 | 2546 TPMT_SENSITIVE *sensitive; |
| 22944 | 2547 TPM_RC result = TPM_RC_SUCCESS; |
| 22945 | 2548 BOOL isAsymmetric = FALSE; |
| 22946 | 2549 |
| 22947 | 2550 pAssert(object != NULL); |
| 22948 | 2551 publicArea = &object->publicArea; |
| 22949 | 2552 sensitive = &object->sensitive; |
| 22950 | 2553 if(publicArea->type != sensitive->sensitiveType) |
| 22951 | 2554 return TPM_RC_TYPE; |
| 22952 | 2555 |
| 22953 | 2556 switch(publicArea->type) |
| 22954 | 2557 { |
| 22955 | 2558 #ifdef TPM_ALG_RSA |
| 22956 | 2559 case TPM_ALG_RSA: |
| 22957 | 2560 isAsymmetric = TRUE; |
| 22958 | 2561 // The public and private key sizes need to be consistent |
| 22959 | 2562 if(sensitive->sensitive.rsa.t.size != publicArea->unique.rsa.t.size/2) |
| 22960 | 2563 result = TPM_RC_BINDING; |
| 22961 | 2564 else |
| 22962 | 2565 // Load key by computing the private exponent |
| 22963 | 2566 result = CryptLoadPrivateRSA(object); |
| 22964 | 2567 break; |
| 22965 | 2568 #endif |
| 22966 | 2569 #ifdef TPM_ALG_ECC |
| 22967 | 2570 // This function is called from ObjectLoad() which has already checked to |
| 22968 | 2571 // see that the public point is on the curve so no need to repeat that |
| 22969 | 2572 // check. |
| 22970 | 2573 case TPM_ALG_ECC: |
| 22971 | 2574 isAsymmetric = TRUE; |
| 22972 | 2575 if( publicArea->unique.ecc.x.t.size |
| 22973 | 2576 != sensitive->sensitive.ecc.t.size) |
| 22974 | 2577 result = TPM_RC_BINDING; |
| 22975 | 2578 else if(publicArea->nameAlg != TPM_ALG_NULL) |
| 22976 | 2579 { |
| 22977 | 2580 TPMS_ECC_POINT publicToCompare; |
| 22978 | 2581 // Compute ECC public key |
| 22979 | 2582 CryptEccPointMultiply(&publicToCompare, |
| 22980 | 2583 publicArea->parameters.eccDetail.curveID, |
| 22981 | 2584 &sensitive->sensitive.ecc, NULL); |
| 22982 | 2585 // Compare ECC public key |
| 22983 | 2586 if( (!Memory2BEqual(&publicArea->unique.ecc.x.b, |
| 22984 | 2587 &publicToCompare.x.b)) |
| 22985 | 2588 || (!Memory2BEqual(&publicArea->unique.ecc.y.b, |
| 22986 | 2589 &publicToCompare.y.b))) |
| 22987 | 2590 result = TPM_RC_BINDING; |
| 22988 | 2591 } |
| 22989 | 2592 break; |
| 22990 | |
| 22991 | |
| 22992 | Family "2.0" TCG Published Page 325 |
| 22993 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 22994 | Trusted Platform Module Library Part 4: Supporting Routines |
| 22995 | |
| 22996 | 2593 #endif |
| 22997 | 2594 case TPM_ALG_KEYEDHASH: |
| 22998 | 2595 break; |
| 22999 | 2596 case TPM_ALG_SYMCIPHER: |
| 23000 | 2597 if( (publicArea->parameters.symDetail.sym.keyBits.sym + 7)/8 |
| 23001 | 2598 != sensitive->sensitive.sym.t.size) |
| 23002 | 2599 result = TPM_RC_BINDING; |
| 23003 | 2600 break; |
| 23004 | 2601 default: |
| 23005 | 2602 // The choice here is an assert or a return of a bad type for the object |
| 23006 | 2603 pAssert(0); |
| 23007 | 2604 break; |
| 23008 | 2605 } |
| 23009 | 2606 |
| 23010 | 2607 // For asymmetric keys, the algorithm for validating the linkage between |
| 23011 | 2608 // the public and private areas is algorithm dependent. For symmetric keys |
| 23012 | 2609 // the linkage is based on hashing the symKey and obfuscation values. |
| 23013 | 2610 if( result == TPM_RC_SUCCESS && !isAsymmetric |
| 23014 | 2611 && publicArea->nameAlg != TPM_ALG_NULL) |
| 23015 | 2612 { |
| 23016 | 2613 TPM2B_DIGEST uniqueToCompare; |
| 23017 | 2614 |
| 23018 | 2615 // Compute unique for symmetric key |
| 23019 | 2616 CryptComputeSymmetricUnique(publicArea->nameAlg, sensitive, |
| 23020 | 2617 &uniqueToCompare); |
| 23021 | 2618 // Compare unique |
| 23022 | 2619 if(!Memory2BEqual(&publicArea->unique.sym.b, |
| 23023 | 2620 &uniqueToCompare.b)) |
| 23024 | 2621 result = TPM_RC_BINDING; |
| 23025 | 2622 } |
| 23026 | 2623 return result; |
| 23027 | 2624 |
| 23028 | 2625 } |
| 23029 | |
| 23030 | |
| 23031 | 10.2.9.15 CryptGetSignHashAlg() |
| 23032 | |
| 23033 | Get the hash algorithm of signature from a TPMT_SIGNATURE structure. It assumes the signature is not |
| 23034 | NULL This is a function for easy access |
| 23035 | |
| 23036 | 2626 TPMI_ALG_HASH |
| 23037 | 2627 CryptGetSignHashAlg( |
| 23038 | 2628 TPMT_SIGNATURE *auth // IN: signature |
| 23039 | 2629 ) |
| 23040 | 2630 { |
| 23041 | 2631 pAssert(auth->sigAlg != TPM_ALG_NULL); |
| 23042 | 2632 |
| 23043 | 2633 // Get authHash algorithm based on signing scheme |
| 23044 | 2634 switch(auth->sigAlg) |
| 23045 | 2635 { |
| 23046 | 2636 |
| 23047 | 2637 #ifdef TPM_ALG_RSA |
| 23048 | 2638 case TPM_ALG_RSASSA: |
| 23049 | 2639 return auth->signature.rsassa.hash; |
| 23050 | 2640 |
| 23051 | 2641 case TPM_ALG_RSAPSS: |
| 23052 | 2642 return auth->signature.rsapss.hash; |
| 23053 | 2643 |
| 23054 | 2644 #endif //TPM_ALG_RSA |
| 23055 | 2645 |
| 23056 | 2646 #ifdef TPM_ALG_ECC |
| 23057 | 2647 case TPM_ALG_ECDSA: |
| 23058 | 2648 return auth->signature.ecdsa.hash; |
| 23059 | 2649 |
| 23060 | 2650 #endif //TPM_ALG_ECC |
| 23061 | |
| 23062 | Page 326 TCG Published Family "2.0" |
| 23063 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 23064 | Part 4: Supporting Routines Trusted Platform Module Library |
| 23065 | |
| 23066 | 2651 |
| 23067 | 2652 case TPM_ALG_HMAC: |
| 23068 | 2653 return auth->signature.hmac.hashAlg; |
| 23069 | 2654 |
| 23070 | 2655 default: |
| 23071 | 2656 return TPM_ALG_NULL; |
| 23072 | 2657 } |
| 23073 | 2658 } |
| 23074 | |
| 23075 | |
| 23076 | 10.2.9.16 CryptIsSplitSign() |
| 23077 | |
| 23078 | This function us used to determine if the signing operation is a split signing operation that required a |
| 23079 | TPM2_Commit(). |
| 23080 | |
| 23081 | 2659 BOOL |
| 23082 | 2660 CryptIsSplitSign( |
| 23083 | 2661 TPM_ALG_ID scheme // IN: the algorithm selector |
| 23084 | 2662 ) |
| 23085 | 2663 { |
| 23086 | 2664 if( scheme != scheme |
| 23087 | 2665 # ifdef TPM_ALG_ECDAA |
| 23088 | 2666 || scheme == TPM_ALG_ECDAA |
| 23089 | 2667 # endif // TPM_ALG_ECDAA |
| 23090 | 2668 |
| 23091 | 2669 ) |
| 23092 | 2670 return TRUE; |
| 23093 | 2671 return FALSE; |
| 23094 | 2672 } |
| 23095 | |
| 23096 | |
| 23097 | 10.2.9.17 CryptIsSignScheme() |
| 23098 | |
| 23099 | This function indicates if a scheme algorithm is a sign algorithm. |
| 23100 | |
| 23101 | 2673 BOOL |
| 23102 | 2674 CryptIsSignScheme( |
| 23103 | 2675 TPMI_ALG_ASYM_SCHEME scheme |
| 23104 | 2676 ) |
| 23105 | 2677 { |
| 23106 | 2678 BOOL isSignScheme = FALSE; |
| 23107 | 2679 |
| 23108 | 2680 switch(scheme) |
| 23109 | 2681 { |
| 23110 | 2682 #ifdef TPM_ALG_RSA |
| 23111 | 2683 // If RSA is implemented, then both signing schemes are required |
| 23112 | 2684 case TPM_ALG_RSASSA: |
| 23113 | 2685 case TPM_ALG_RSAPSS: |
| 23114 | 2686 isSignScheme = TRUE; |
| 23115 | 2687 break; |
| 23116 | 2688 #endif //TPM_ALG_RSA |
| 23117 | 2689 |
| 23118 | 2690 #ifdef TPM_ALG_ECC |
| 23119 | 2691 // If ECC is implemented ECDSA is required |
| 23120 | 2692 case TPM_ALG_ECDSA: |
| 23121 | 2693 #ifdef TPM_ALG_ECDAA |
| 23122 | 2694 // ECDAA is optional |
| 23123 | 2695 case TPM_ALG_ECDAA: |
| 23124 | 2696 #endif |
| 23125 | 2697 #ifdef TPM_ALG_ECSCHNORR |
| 23126 | 2698 // Schnorr is also optional |
| 23127 | 2699 case TPM_ALG_ECSCHNORR: |
| 23128 | 2700 #endif |
| 23129 | 2701 #ifdef TPM_ALG_SM2 |
| 23130 | 2702 case TPM_ALG_SM2: |
| 23131 | |
| 23132 | Family "2.0" TCG Published Page 327 |
| 23133 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 23134 | Trusted Platform Module Library Part 4: Supporting Routines |
| 23135 | |
| 23136 | 2703 #endif |
| 23137 | 2704 isSignScheme = TRUE; |
| 23138 | 2705 break; |
| 23139 | 2706 #endif //TPM_ALG_ECC |
| 23140 | 2707 default: |
| 23141 | 2708 break; |
| 23142 | 2709 } |
| 23143 | 2710 return isSignScheme; |
| 23144 | 2711 } |
| 23145 | |
| 23146 | |
| 23147 | 10.2.9.18 CryptIsDecryptScheme() |
| 23148 | |
| 23149 | This function indicate if a scheme algorithm is a decrypt algorithm. |
| 23150 | |
| 23151 | 2712 BOOL |
| 23152 | 2713 CryptIsDecryptScheme( |
| 23153 | 2714 TPMI_ALG_ASYM_SCHEME scheme |
| 23154 | 2715 ) |
| 23155 | 2716 { |
| 23156 | 2717 BOOL isDecryptScheme = FALSE; |
| 23157 | 2718 |
| 23158 | 2719 switch(scheme) |
| 23159 | 2720 { |
| 23160 | 2721 #ifdef TPM_ALG_RSA |
| 23161 | 2722 // If RSA is implemented, then both decrypt schemes are required |
| 23162 | 2723 case TPM_ALG_RSAES: |
| 23163 | 2724 case TPM_ALG_OAEP: |
| 23164 | 2725 isDecryptScheme = TRUE; |
| 23165 | 2726 break; |
| 23166 | 2727 #endif //TPM_ALG_RSA |
| 23167 | 2728 |
| 23168 | 2729 #ifdef TPM_ALG_ECC |
| 23169 | 2730 // If ECC is implemented ECDH is required |
| 23170 | 2731 case TPM_ALG_ECDH: |
| 23171 | 2732 #ifdef TPM_ALG_SM2 |
| 23172 | 2733 case TPM_ALG_SM2: |
| 23173 | 2734 #endif |
| 23174 | 2735 #ifdef TPM_ALG_ECMQV |
| 23175 | 2736 case TPM_ALG_ECMQV: |
| 23176 | 2737 #endif |
| 23177 | 2738 isDecryptScheme = TRUE; |
| 23178 | 2739 break; |
| 23179 | 2740 #endif //TPM_ALG_ECC |
| 23180 | 2741 default: |
| 23181 | 2742 break; |
| 23182 | 2743 } |
| 23183 | 2744 return isDecryptScheme; |
| 23184 | 2745 } |
| 23185 | |
| 23186 | |
| 23187 | 10.2.9.19 CryptSelectSignScheme() |
| 23188 | |
| 23189 | This function is used by the attestation and signing commands. It implements the rules for selecting the |
| 23190 | signature scheme to use in signing. This function requires that the signing key either be TPM_RH_NULL |
| 23191 | or be loaded. |
| 23192 | If a default scheme is defined in object, the default scheme should be chosen, otherwise, the input |
| 23193 | scheme should be chosen. In the case that both object and input scheme has a non-NULL scheme |
| 23194 | algorithm, if the schemes are compatible, the input scheme will be chosen. |
| 23195 | |
| 23196 | |
| 23197 | |
| 23198 | |
| 23199 | Page 328 TCG Published Family "2.0" |
| 23200 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 23201 | Part 4: Supporting Routines Trusted Platform Module Library |
| 23202 | |
| 23203 | |
| 23204 | Error Returns Meaning |
| 23205 | |
| 23206 | TPM_RC_KEY key referenced by signHandle is not a signing key |
| 23207 | TPM_RC_SCHEME both scheme and key's default scheme are empty; or scheme is |
| 23208 | empty while key's default scheme requires explicit input scheme (split |
| 23209 | signing); or non-empty default key scheme differs from scheme |
| 23210 | |
| 23211 | 2746 TPM_RC |
| 23212 | 2747 CryptSelectSignScheme( |
| 23213 | 2748 TPMI_DH_OBJECT signHandle, // IN: handle of signing key |
| 23214 | 2749 TPMT_SIG_SCHEME *scheme // IN/OUT: signing scheme |
| 23215 | 2750 ) |
| 23216 | 2751 { |
| 23217 | 2752 OBJECT *signObject; |
| 23218 | 2753 TPMT_SIG_SCHEME *objectScheme; |
| 23219 | 2754 TPMT_PUBLIC *publicArea; |
| 23220 | 2755 TPM_RC result = TPM_RC_SUCCESS; |
| 23221 | 2756 |
| 23222 | 2757 // If the signHandle is TPM_RH_NULL, then the NULL scheme is used, regardless |
| 23223 | 2758 // of the setting of scheme |
| 23224 | 2759 if(signHandle == TPM_RH_NULL) |
| 23225 | 2760 { |
| 23226 | 2761 scheme->scheme = TPM_ALG_NULL; |
| 23227 | 2762 scheme->details.any.hashAlg = TPM_ALG_NULL; |
| 23228 | 2763 } |
| 23229 | 2764 else |
| 23230 | 2765 { |
| 23231 | 2766 // sign handle is not NULL so... |
| 23232 | 2767 // Get sign object pointer |
| 23233 | 2768 signObject = ObjectGet(signHandle); |
| 23234 | 2769 publicArea = &signObject->publicArea; |
| 23235 | 2770 |
| 23236 | 2771 // is this a signing key? |
| 23237 | 2772 if(!publicArea->objectAttributes.sign) |
| 23238 | 2773 result = TPM_RC_KEY; |
| 23239 | 2774 else |
| 23240 | 2775 { |
| 23241 | 2776 // "parms" defined to avoid long code lines. |
| 23242 | 2777 TPMU_PUBLIC_PARMS *parms = &publicArea->parameters; |
| 23243 | 2778 if(CryptIsAsymAlgorithm(publicArea->type)) |
| 23244 | 2779 objectScheme = (TPMT_SIG_SCHEME *)&parms->asymDetail.scheme; |
| 23245 | 2780 else |
| 23246 | 2781 objectScheme = (TPMT_SIG_SCHEME *)&parms->keyedHashDetail.scheme; |
| 23247 | 2782 |
| 23248 | 2783 // If the object doesn't have a default scheme, then use the |
| 23249 | 2784 // input scheme. |
| 23250 | 2785 if(objectScheme->scheme == TPM_ALG_NULL) |
| 23251 | 2786 { |
| 23252 | 2787 // Input and default can't both be NULL |
| 23253 | 2788 if(scheme->scheme == TPM_ALG_NULL) |
| 23254 | 2789 result = TPM_RC_SCHEME; |
| 23255 | 2790 |
| 23256 | 2791 // Assume that the scheme is compatible with the key. If not, |
| 23257 | 2792 // we will generate an error in the signing operation. |
| 23258 | 2793 |
| 23259 | 2794 } |
| 23260 | 2795 else if(scheme->scheme == TPM_ALG_NULL) |
| 23261 | 2796 { |
| 23262 | 2797 // input scheme is NULL so use default |
| 23263 | 2798 |
| 23264 | 2799 // First, check to see if the default requires that the caller |
| 23265 | 2800 // provided scheme data |
| 23266 | 2801 if(CryptIsSplitSign(objectScheme->scheme)) |
| 23267 | 2802 result = TPM_RC_SCHEME; |
| 23268 | |
| 23269 | Family "2.0" TCG Published Page 329 |
| 23270 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 23271 | Trusted Platform Module Library Part 4: Supporting Routines |
| 23272 | |
| 23273 | 2803 else |
| 23274 | 2804 { |
| 23275 | 2805 scheme->scheme = objectScheme->scheme; |
| 23276 | 2806 scheme->details.any.hashAlg |
| 23277 | 2807 = objectScheme->details.any.hashAlg; |
| 23278 | 2808 } |
| 23279 | 2809 } |
| 23280 | 2810 else |
| 23281 | 2811 { |
| 23282 | 2812 // Both input and object have scheme selectors |
| 23283 | 2813 // If the scheme and the hash are not the same then... |
| 23284 | 2814 if( objectScheme->scheme != scheme->scheme |
| 23285 | 2815 || ( objectScheme->details.any.hashAlg |
| 23286 | 2816 != scheme->details.any.hashAlg)) |
| 23287 | 2817 result = TPM_RC_SCHEME; |
| 23288 | 2818 } |
| 23289 | 2819 } |
| 23290 | 2820 |
| 23291 | 2821 } |
| 23292 | 2822 return result; |
| 23293 | 2823 } |
| 23294 | |
| 23295 | |
| 23296 | 10.2.9.20 CryptSign() |
| 23297 | |
| 23298 | Sign a digest with asymmetric key or HMAC. This function is called by attestation commands and the |
| 23299 | generic TPM2_Sign() command. This function checks the key scheme and digest size. It does not check |
| 23300 | if the sign operation is allowed for restricted key. It should be checked before the function is called. The |
| 23301 | function will assert if the key is not a signing key. |
| 23302 | |
| 23303 | Error Returns Meaning |
| 23304 | |
| 23305 | TPM_RC_SCHEME signScheme is not compatible with the signing key type |
| 23306 | TPM_RC_VALUE digest value is greater than the modulus of signHandle or size of |
| 23307 | hashData does not match hash algorithm insignScheme (for an RSA |
| 23308 | key); invalid commit status or failed to generate r value (for an ECC |
| 23309 | key) |
| 23310 | |
| 23311 | 2824 TPM_RC |
| 23312 | 2825 CryptSign( |
| 23313 | 2826 TPMI_DH_OBJECT signHandle, // IN: The handle of sign key |
| 23314 | 2827 TPMT_SIG_SCHEME *signScheme, // IN: sign scheme. |
| 23315 | 2828 TPM2B_DIGEST *digest, // IN: The digest being signed |
| 23316 | 2829 TPMT_SIGNATURE *signature // OUT: signature |
| 23317 | 2830 ) |
| 23318 | 2831 { |
| 23319 | 2832 OBJECT *signKey = ObjectGet(signHandle); |
| 23320 | 2833 TPM_RC result = TPM_RC_SCHEME; |
| 23321 | 2834 |
| 23322 | 2835 // check if input handle is a sign key |
| 23323 | 2836 pAssert(signKey->publicArea.objectAttributes.sign == SET); |
| 23324 | 2837 |
| 23325 | 2838 // Must have the private portion loaded. This check is made during |
| 23326 | 2839 // authorization. |
| 23327 | 2840 pAssert(signKey->attributes.publicOnly == CLEAR); |
| 23328 | 2841 |
| 23329 | 2842 // Initialize signature scheme |
| 23330 | 2843 signature->sigAlg = signScheme->scheme; |
| 23331 | 2844 |
| 23332 | 2845 // If the signature algorithm is TPM_ALG_NULL, then we are done |
| 23333 | 2846 if(signature->sigAlg == TPM_ALG_NULL) |
| 23334 | 2847 return TPM_RC_SUCCESS; |
| 23335 | 2848 |
| 23336 | 2849 // All the schemes other than TPM_ALG_NULL have a hash algorithm |
| 23337 | |
| 23338 | Page 330 TCG Published Family "2.0" |
| 23339 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 23340 | Part 4: Supporting Routines Trusted Platform Module Library |
| 23341 | |
| 23342 | 2850 TEST_HASH(signScheme->details.any.hashAlg); |
| 23343 | 2851 |
| 23344 | 2852 // Initialize signature hash |
| 23345 | 2853 // Note: need to do the check for alg null first because the null scheme |
| 23346 | 2854 // doesn't have a hashAlg member. |
| 23347 | 2855 signature->signature.any.hashAlg = signScheme->details.any.hashAlg; |
| 23348 | 2856 |
| 23349 | 2857 // perform sign operation based on different key type |
| 23350 | 2858 switch (signKey->publicArea.type) |
| 23351 | 2859 { |
| 23352 | 2860 |
| 23353 | 2861 #ifdef TPM_ALG_RSA |
| 23354 | 2862 case TPM_ALG_RSA: |
| 23355 | 2863 result = CryptSignRSA(signKey, signScheme, digest, signature); |
| 23356 | 2864 break; |
| 23357 | 2865 #endif //TPM_ALG_RSA |
| 23358 | 2866 |
| 23359 | 2867 #ifdef TPM_ALG_ECC |
| 23360 | 2868 case TPM_ALG_ECC: |
| 23361 | 2869 result = CryptSignECC(signKey, signScheme, digest, signature); |
| 23362 | 2870 break; |
| 23363 | 2871 #endif //TPM_ALG_ECC |
| 23364 | 2872 case TPM_ALG_KEYEDHASH: |
| 23365 | 2873 result = CryptSignHMAC(signKey, signScheme, digest, signature); |
| 23366 | 2874 break; |
| 23367 | 2875 default: |
| 23368 | 2876 break; |
| 23369 | 2877 } |
| 23370 | 2878 |
| 23371 | 2879 return result; |
| 23372 | 2880 } |
| 23373 | |
| 23374 | |
| 23375 | 10.2.9.21 CryptVerifySignature() |
| 23376 | |
| 23377 | This function is used to verify a signature. It is called by TPM2_VerifySignature() and |
| 23378 | TPM2_PolicySigned(). |
| 23379 | Since this operation only requires use of a public key, no consistency checks are necessary for the key to |
| 23380 | signature type because a caller can load any public key that they like with any scheme that they like. This |
| 23381 | routine simply makes sure that the signature is correct, whatever the type. |
| 23382 | This function requires that auth is not a NULL pointer. |
| 23383 | |
| 23384 | Error Returns Meaning |
| 23385 | |
| 23386 | TPM_RC_SIGNATURE the signature is not genuine |
| 23387 | TPM_RC_SCHEME the scheme is not supported |
| 23388 | TPM_RC_HANDLE an HMAC key was selected but the private part of the key is not |
| 23389 | loaded |
| 23390 | |
| 23391 | 2881 TPM_RC |
| 23392 | 2882 CryptVerifySignature( |
| 23393 | 2883 TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key |
| 23394 | 2884 TPM2B_DIGEST *digest, // IN: The digest being validated |
| 23395 | 2885 TPMT_SIGNATURE *signature // IN: signature |
| 23396 | 2886 ) |
| 23397 | 2887 { |
| 23398 | 2888 // NOTE: ObjectGet will either return a pointer to a loaded object or |
| 23399 | 2889 // will assert. It will never return a non-valid value. This makes it save |
| 23400 | 2890 // to initialize 'publicArea' with the return value from ObjectGet() without |
| 23401 | 2891 // checking it first. |
| 23402 | 2892 OBJECT *authObject = ObjectGet(keyHandle); |
| 23403 | 2893 TPMT_PUBLIC *publicArea = &authObject->publicArea; |
| 23404 | |
| 23405 | Family "2.0" TCG Published Page 331 |
| 23406 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 23407 | Trusted Platform Module Library Part 4: Supporting Routines |
| 23408 | |
| 23409 | 2894 TPM_RC result = TPM_RC_SCHEME; |
| 23410 | 2895 |
| 23411 | 2896 // The input unmarshaling should prevent any input signature from being |
| 23412 | 2897 // a NULL signature, but just in case |
| 23413 | 2898 if(signature->sigAlg == TPM_ALG_NULL) |
| 23414 | 2899 return TPM_RC_SIGNATURE; |
| 23415 | 2900 |
| 23416 | 2901 switch (publicArea->type) |
| 23417 | 2902 { |
| 23418 | 2903 |
| 23419 | 2904 #ifdef TPM_ALG_RSA |
| 23420 | 2905 case TPM_ALG_RSA: |
| 23421 | 2906 result = CryptRSAVerifySignature(authObject, digest, signature); |
| 23422 | 2907 break; |
| 23423 | 2908 #endif //TPM_ALG_RSA |
| 23424 | 2909 |
| 23425 | 2910 #ifdef TPM_ALG_ECC |
| 23426 | 2911 case TPM_ALG_ECC: |
| 23427 | 2912 result = CryptECCVerifySignature(authObject, digest, signature); |
| 23428 | 2913 break; |
| 23429 | 2914 |
| 23430 | 2915 #endif // TPM_ALG_ECC |
| 23431 | 2916 |
| 23432 | 2917 case TPM_ALG_KEYEDHASH: |
| 23433 | 2918 if(authObject->attributes.publicOnly) |
| 23434 | 2919 result = TPM_RCS_HANDLE; |
| 23435 | 2920 else |
| 23436 | 2921 result = CryptHMACVerifySignature(authObject, digest, signature); |
| 23437 | 2922 break; |
| 23438 | 2923 |
| 23439 | 2924 default: |
| 23440 | 2925 break; |
| 23441 | 2926 } |
| 23442 | 2927 return result; |
| 23443 | 2928 |
| 23444 | 2929 } |
| 23445 | |
| 23446 | |
| 23447 | 10.2.10 Math functions |
| 23448 | |
| 23449 | 10.2.10.1 CryptDivide() |
| 23450 | |
| 23451 | This function interfaces to the math library for large number divide. |
| 23452 | |
| 23453 | Error Returns Meaning |
| 23454 | |
| 23455 | TPM_RC_SIZE quotient or remainder is too small to receive the result |
| 23456 | |
| 23457 | 2930 TPM_RC |
| 23458 | 2931 CryptDivide( |
| 23459 | 2932 TPM2B *numerator, // IN: numerator |
| 23460 | 2933 TPM2B *denominator, // IN: denominator |
| 23461 | 2934 TPM2B *quotient, // OUT: quotient = numerator / denominator. |
| 23462 | 2935 TPM2B *remainder // OUT: numerator mod denominator. |
| 23463 | 2936 ) |
| 23464 | 2937 { |
| 23465 | 2938 pAssert( numerator != NULL && denominator!= NULL |
| 23466 | 2939 && (quotient != NULL || remainder != NULL) |
| 23467 | 2940 ); |
| 23468 | 2941 // assume denominator is not 0 |
| 23469 | 2942 pAssert(denominator->size != 0); |
| 23470 | 2943 |
| 23471 | 2944 return TranslateCryptErrors(_math__Div(numerator, |
| 23472 | 2945 denominator, |
| 23473 | |
| 23474 | Page 332 TCG Published Family "2.0" |
| 23475 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 23476 | Part 4: Supporting Routines Trusted Platform Module Library |
| 23477 | |
| 23478 | 2946 quotient, |
| 23479 | 2947 remainder) |
| 23480 | 2948 ); |
| 23481 | 2949 } |
| 23482 | |
| 23483 | |
| 23484 | 10.2.10.2 CryptCompare() |
| 23485 | |
| 23486 | This function interfaces to the math library for large number, unsigned compare. |
| 23487 | |
| 23488 | Return Value Meaning |
| 23489 | |
| 23490 | 1 if a > b |
| 23491 | 0 if a = b |
| 23492 | -1 if a < b |
| 23493 | |
| 23494 | 2950 LIB_EXPORT int |
| 23495 | 2951 CryptCompare( |
| 23496 | 2952 const UINT32 aSize, // IN: size of a |
| 23497 | 2953 const BYTE *a, // IN: a buffer |
| 23498 | 2954 const UINT32 bSize, // IN: size of b |
| 23499 | 2955 const BYTE *b // IN: b buffer |
| 23500 | 2956 ) |
| 23501 | 2957 { |
| 23502 | 2958 return _math__uComp(aSize, a, bSize, b); |
| 23503 | 2959 } |
| 23504 | |
| 23505 | |
| 23506 | 10.2.10.3 CryptCompareSigned() |
| 23507 | |
| 23508 | This function interfaces to the math library for large number, signed compare. |
| 23509 | |
| 23510 | Return Value Meaning |
| 23511 | |
| 23512 | 1 if a > b |
| 23513 | 0 if a = b |
| 23514 | -1 if a < b |
| 23515 | |
| 23516 | 2960 int |
| 23517 | 2961 CryptCompareSigned( |
| 23518 | 2962 UINT32 aSize, // IN: size of a |
| 23519 | 2963 BYTE *a, // IN: a buffer |
| 23520 | 2964 UINT32 bSize, // IN: size of b |
| 23521 | 2965 BYTE *b // IN: b buffer |
| 23522 | 2966 ) |
| 23523 | 2967 { |
| 23524 | 2968 return _math__Comp(aSize, a, bSize, b); |
| 23525 | 2969 } |
| 23526 | |
| 23527 | |
| 23528 | 10.2.10.4 CryptGetTestResult |
| 23529 | |
| 23530 | This function returns the results of a self-test function. |
| 23531 | |
| 23532 | NOTE: the behavior in this function is NOT the correct behavior for a real TPM implementation. An artificial behavior is |
| 23533 | placed here due to the limitation of a software simulation environment. For the correct behavior, consult the |
| 23534 | part 3 specification for TPM2_GetTestResult(). |
| 23535 | |
| 23536 | 2970 TPM_RC |
| 23537 | 2971 CryptGetTestResult( |
| 23538 | 2972 TPM2B_MAX_BUFFER *outData // OUT: test result data |
| 23539 | |
| 23540 | Family "2.0" TCG Published Page 333 |
| 23541 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 23542 | Trusted Platform Module Library Part 4: Supporting Routines |
| 23543 | |
| 23544 | 2973 ) |
| 23545 | 2974 { |
| 23546 | 2975 outData->t.size = 0; |
| 23547 | 2976 return TPM_RC_SUCCESS; |
| 23548 | 2977 } |
| 23549 | |
| 23550 | |
| 23551 | 10.2.11 Capability Support |
| 23552 | |
| 23553 | 10.2.11.1 CryptCapGetECCCurve() |
| 23554 | |
| 23555 | This function returns the list of implemented ECC curves. |
| 23556 | |
| 23557 | Return Value Meaning |
| 23558 | |
| 23559 | YES if no more ECC curve is available |
| 23560 | NO if there are more ECC curves not reported |
| 23561 | |
| 23562 | 2978 #ifdef TPM_ALG_ECC //% 5 |
| 23563 | 2979 TPMI_YES_NO |
| 23564 | 2980 CryptCapGetECCCurve( |
| 23565 | 2981 TPM_ECC_CURVE curveID, // IN: the starting ECC curve |
| 23566 | 2982 UINT32 maxCount, // IN: count of returned curve |
| 23567 | 2983 TPML_ECC_CURVE *curveList // OUT: ECC curve list |
| 23568 | 2984 ) |
| 23569 | 2985 { |
| 23570 | 2986 TPMI_YES_NO more = NO; |
| 23571 | 2987 UINT16 i; |
| 23572 | 2988 UINT32 count = _cpri__EccGetCurveCount(); |
| 23573 | 2989 TPM_ECC_CURVE curve; |
| 23574 | 2990 |
| 23575 | 2991 // Initialize output property list |
| 23576 | 2992 curveList->count = 0; |
| 23577 | 2993 |
| 23578 | 2994 // The maximum count of curves we may return is MAX_ECC_CURVES |
| 23579 | 2995 if(maxCount > MAX_ECC_CURVES) maxCount = MAX_ECC_CURVES; |
| 23580 | 2996 |
| 23581 | 2997 // Scan the eccCurveValues array |
| 23582 | 2998 for(i = 0; i < count; i++) |
| 23583 | 2999 { |
| 23584 | 3000 curve = _cpri__GetCurveIdByIndex(i); |
| 23585 | 3001 // If curveID is less than the starting curveID, skip it |
| 23586 | 3002 if(curve < curveID) |
| 23587 | 3003 continue; |
| 23588 | 3004 |
| 23589 | 3005 if(curveList->count < maxCount) |
| 23590 | 3006 { |
| 23591 | 3007 // If we have not filled up the return list, add more curves to |
| 23592 | 3008 // it |
| 23593 | 3009 curveList->eccCurves[curveList->count] = curve; |
| 23594 | 3010 curveList->count++; |
| 23595 | 3011 } |
| 23596 | 3012 else |
| 23597 | 3013 { |
| 23598 | 3014 // If the return list is full but we still have curves |
| 23599 | 3015 // available, report this and stop iterating |
| 23600 | 3016 more = YES; |
| 23601 | 3017 break; |
| 23602 | 3018 } |
| 23603 | 3019 |
| 23604 | 3020 } |
| 23605 | 3021 |
| 23606 | 3022 return more; |
| 23607 | 3023 |
| 23608 | |
| 23609 | Page 334 TCG Published Family "2.0" |
| 23610 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 23611 | Part 4: Supporting Routines Trusted Platform Module Library |
| 23612 | |
| 23613 | 3024 } |
| 23614 | |
| 23615 | |
| 23616 | 10.2.11.2 CryptCapGetEccCurveNumber() |
| 23617 | |
| 23618 | This function returns the number of ECC curves supported by the TPM. |
| 23619 | |
| 23620 | 3025 UINT32 |
| 23621 | 3026 CryptCapGetEccCurveNumber( |
| 23622 | 3027 void |
| 23623 | 3028 ) |
| 23624 | 3029 { |
| 23625 | 3030 // There is an array that holds the curve data. Its size divided by the |
| 23626 | 3031 // size of an entry is the number of values in the table. |
| 23627 | 3032 return _cpri__EccGetCurveCount(); |
| 23628 | 3033 } |
| 23629 | 3034 #endif //TPM_ALG_ECC //% 5 |
| 23630 | |
| 23631 | |
| 23632 | 10.2.11.3 CryptAreKeySizesConsistent() |
| 23633 | |
| 23634 | This function validates that the public key size values are consistent for an asymmetric key. |
| 23635 | |
| 23636 | NOTE: This is not a comprehensive test of the public key. |
| 23637 | |
| 23638 | |
| 23639 | Return Value Meaning |
| 23640 | |
| 23641 | TRUE sizes are consistent |
| 23642 | FALSE sizes are not consistent |
| 23643 | |
| 23644 | 3035 BOOL |
| 23645 | 3036 CryptAreKeySizesConsistent( |
| 23646 | 3037 TPMT_PUBLIC *publicArea // IN: the public area to check |
| 23647 | 3038 ) |
| 23648 | 3039 { |
| 23649 | 3040 BOOL consistent = FALSE; |
| 23650 | 3041 |
| 23651 | 3042 switch (publicArea->type) |
| 23652 | 3043 { |
| 23653 | 3044 #ifdef TPM_ALG_RSA |
| 23654 | 3045 case TPM_ALG_RSA: |
| 23655 | 3046 // The key size in bits is filtered by the unmarshaling |
| 23656 | 3047 consistent = ( ((publicArea->parameters.rsaDetail.keyBits+7)/8) |
| 23657 | 3048 == publicArea->unique.rsa.t.size); |
| 23658 | 3049 break; |
| 23659 | 3050 #endif //TPM_ALG_RSA |
| 23660 | 3051 |
| 23661 | 3052 #ifdef TPM_ALG_ECC |
| 23662 | 3053 case TPM_ALG_ECC: |
| 23663 | 3054 { |
| 23664 | 3055 UINT16 keySizeInBytes; |
| 23665 | 3056 TPM_ECC_CURVE curveId = publicArea->parameters.eccDetail.curveID; |
| 23666 | 3057 |
| 23667 | 3058 keySizeInBytes = CryptEccGetKeySizeInBytes(curveId); |
| 23668 | 3059 |
| 23669 | 3060 consistent = keySizeInBytes > 0 |
| 23670 | 3061 && publicArea->unique.ecc.x.t.size <= keySizeInBytes |
| 23671 | 3062 && publicArea->unique.ecc.y.t.size <= keySizeInBytes; |
| 23672 | 3063 } |
| 23673 | 3064 break; |
| 23674 | 3065 #endif //TPM_ALG_ECC |
| 23675 | 3066 default: |
| 23676 | 3067 break; |
| 23677 | |
| 23678 | Family "2.0" TCG Published Page 335 |
| 23679 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 23680 | Trusted Platform Module Library Part 4: Supporting Routines |
| 23681 | |
| 23682 | 3068 } |
| 23683 | 3069 |
| 23684 | 3070 return consistent; |
| 23685 | 3071 } |
| 23686 | |
| 23687 | |
| 23688 | 10.2.11.4 CryptAlgSetImplemented() |
| 23689 | |
| 23690 | This function initializes the bit vector with one bit for each implemented algorithm. This function is called |
| 23691 | from _TPM_Init(). The vector of implemented algorithms should be generated by the part 2 parser so that |
| 23692 | the g_implementedAlgorithms vector can be a const. That's not how it is now |
| 23693 | |
| 23694 | 3072 void |
| 23695 | 3073 CryptAlgsSetImplemented( |
| 23696 | 3074 void |
| 23697 | 3075 ) |
| 23698 | 3076 { |
| 23699 | 3077 AlgorithmGetImplementedVector(&g_implementedAlgorithms); |
| 23700 | 3078 } |
| 23701 | |
| 23702 | |
| 23703 | 10.3 Ticket.c |
| 23704 | |
| 23705 | 10.3.1 Introduction |
| 23706 | |
| 23707 | This clause contains the functions used for ticket computations. |
| 23708 | |
| 23709 | 10.3.2 Includes |
| 23710 | |
| 23711 | 1 #include "InternalRoutines.h" |
| 23712 | |
| 23713 | |
| 23714 | 10.3.3 Functions |
| 23715 | |
| 23716 | 10.3.3.1 TicketIsSafe() |
| 23717 | |
| 23718 | This function indicates if producing a ticket is safe. It checks if the leading bytes of an input buffer is |
| 23719 | TPM_GENERATED_VALUE or its substring of canonical form. If so, it is not safe to produce ticket for an |
| 23720 | input buffer claiming to be TPM generated buffer |
| 23721 | |
| 23722 | Return Value Meaning |
| 23723 | |
| 23724 | TRUE It is safe to produce ticket |
| 23725 | FALSE It is not safe to produce ticket |
| 23726 | |
| 23727 | 2 BOOL |
| 23728 | 3 TicketIsSafe( |
| 23729 | 4 TPM2B *buffer |
| 23730 | 5 ) |
| 23731 | 6 { |
| 23732 | 7 TPM_GENERATED valueToCompare = TPM_GENERATED_VALUE; |
| 23733 | 8 BYTE bufferToCompare[sizeof(valueToCompare)]; |
| 23734 | 9 BYTE *marshalBuffer; |
| 23735 | 10 |
| 23736 | 11 // If the buffer size is less than the size of TPM_GENERATED_VALUE, assume |
| 23737 | 12 // it is not safe to generate a ticket |
| 23738 | 13 if(buffer->size < sizeof(valueToCompare)) |
| 23739 | 14 return FALSE; |
| 23740 | 15 |
| 23741 | 16 marshalBuffer = bufferToCompare; |
| 23742 | |
| 23743 | Page 336 TCG Published Family "2.0" |
| 23744 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 23745 | Part 4: Supporting Routines Trusted Platform Module Library |
| 23746 | |
| 23747 | 17 TPM_GENERATED_Marshal(&valueToCompare, &marshalBuffer, NULL); |
| 23748 | 18 if(MemoryEqual(buffer->buffer, bufferToCompare, sizeof(valueToCompare))) |
| 23749 | 19 return FALSE; |
| 23750 | 20 else |
| 23751 | 21 return TRUE; |
| 23752 | 22 } |
| 23753 | |
| 23754 | |
| 23755 | 10.3.3.2 TicketComputeVerified() |
| 23756 | |
| 23757 | This function creates a TPMT_TK_VERIFIED ticket. |
| 23758 | |
| 23759 | 23 void |
| 23760 | 24 TicketComputeVerified( |
| 23761 | 25 TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket |
| 23762 | 26 TPM2B_DIGEST *digest, // IN: digest |
| 23763 | 27 TPM2B_NAME *keyName, // IN: name of key that signed the value |
| 23764 | 28 TPMT_TK_VERIFIED *ticket // OUT: verified ticket |
| 23765 | 29 ) |
| 23766 | 30 { |
| 23767 | 31 TPM2B_AUTH *proof; |
| 23768 | 32 HMAC_STATE hmacState; |
| 23769 | 33 |
| 23770 | 34 // Fill in ticket fields |
| 23771 | 35 ticket->tag = TPM_ST_VERIFIED; |
| 23772 | 36 ticket->hierarchy = hierarchy; |
| 23773 | 37 |
| 23774 | 38 // Use the proof value of the hierarchy |
| 23775 | 39 proof = HierarchyGetProof(hierarchy); |
| 23776 | 40 |
| 23777 | 41 // Start HMAC |
| 23778 | 42 ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| 23779 | 43 &proof->b, &hmacState); |
| 23780 | 44 |
| 23781 | 45 // add TPM_ST_VERIFIED |
| 23782 | 46 CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag); |
| 23783 | 47 |
| 23784 | 48 // add digest |
| 23785 | 49 CryptUpdateDigest2B(&hmacState, &digest->b); |
| 23786 | 50 |
| 23787 | 51 // add key name |
| 23788 | 52 CryptUpdateDigest2B(&hmacState, &keyName->b); |
| 23789 | 53 |
| 23790 | 54 // complete HMAC |
| 23791 | 55 CryptCompleteHMAC2B(&hmacState, &ticket->digest.b); |
| 23792 | 56 |
| 23793 | 57 return; |
| 23794 | 58 } |
| 23795 | |
| 23796 | |
| 23797 | 10.3.3.3 TicketComputeAuth() |
| 23798 | |
| 23799 | This function creates a TPMT_TK_AUTH ticket. |
| 23800 | |
| 23801 | 59 void |
| 23802 | 60 TicketComputeAuth( |
| 23803 | 61 TPM_ST type, // IN: the type of ticket. |
| 23804 | 62 TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket |
| 23805 | 63 UINT64 timeout, // IN: timeout |
| 23806 | 64 TPM2B_DIGEST *cpHashA, // IN: input cpHashA |
| 23807 | 65 TPM2B_NONCE *policyRef, // IN: input policyRef |
| 23808 | 66 TPM2B_NAME *entityName, // IN: name of entity |
| 23809 | 67 TPMT_TK_AUTH *ticket // OUT: Created ticket |
| 23810 | 68 ) |
| 23811 | 69 { |
| 23812 | |
| 23813 | Family "2.0" TCG Published Page 337 |
| 23814 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 23815 | Trusted Platform Module Library Part 4: Supporting Routines |
| 23816 | |
| 23817 | 70 TPM2B_AUTH *proof; |
| 23818 | 71 HMAC_STATE hmacState; |
| 23819 | 72 |
| 23820 | 73 // Get proper proof |
| 23821 | 74 proof = HierarchyGetProof(hierarchy); |
| 23822 | 75 |
| 23823 | 76 // Fill in ticket fields |
| 23824 | 77 ticket->tag = type; |
| 23825 | 78 ticket->hierarchy = hierarchy; |
| 23826 | 79 |
| 23827 | 80 // Start HMAC |
| 23828 | 81 ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| 23829 | 82 &proof->b, &hmacState); |
| 23830 | 83 |
| 23831 | 84 // Adding TPM_ST_AUTH |
| 23832 | 85 CryptUpdateDigestInt(&hmacState, sizeof(UINT16), &ticket->tag); |
| 23833 | 86 |
| 23834 | 87 // Adding timeout |
| 23835 | 88 CryptUpdateDigestInt(&hmacState, sizeof(UINT64), &timeout); |
| 23836 | 89 |
| 23837 | 90 // Adding cpHash |
| 23838 | 91 CryptUpdateDigest2B(&hmacState, &cpHashA->b); |
| 23839 | 92 |
| 23840 | 93 // Adding policyRef |
| 23841 | 94 CryptUpdateDigest2B(&hmacState, &policyRef->b); |
| 23842 | 95 |
| 23843 | 96 // Adding keyName |
| 23844 | 97 CryptUpdateDigest2B(&hmacState, &entityName->b); |
| 23845 | 98 |
| 23846 | 99 // Compute HMAC |
| 23847 | 100 CryptCompleteHMAC2B(&hmacState, &ticket->digest.b); |
| 23848 | 101 |
| 23849 | 102 return; |
| 23850 | 103 } |
| 23851 | |
| 23852 | |
| 23853 | 10.3.3.4 TicketComputeHashCheck() |
| 23854 | |
| 23855 | This function creates a TPMT_TK_HASHCHECK ticket. |
| 23856 | |
| 23857 | 104 void |
| 23858 | 105 TicketComputeHashCheck( |
| 23859 | 106 TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket |
| 23860 | 107 TPM_ALG_ID hashAlg, // IN: the hash algorithm used to create |
| 23861 | 108 // 'digest' |
| 23862 | 109 TPM2B_DIGEST *digest, // IN: input digest |
| 23863 | 110 TPMT_TK_HASHCHECK *ticket // OUT: Created ticket |
| 23864 | 111 ) |
| 23865 | 112 { |
| 23866 | 113 TPM2B_AUTH *proof; |
| 23867 | 114 HMAC_STATE hmacState; |
| 23868 | 115 |
| 23869 | 116 // Get proper proof |
| 23870 | 117 proof = HierarchyGetProof(hierarchy); |
| 23871 | 118 |
| 23872 | 119 // Fill in ticket fields |
| 23873 | 120 ticket->tag = TPM_ST_HASHCHECK; |
| 23874 | 121 ticket->hierarchy = hierarchy; |
| 23875 | 122 |
| 23876 | 123 ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| 23877 | 124 &proof->b, &hmacState); |
| 23878 | 125 |
| 23879 | 126 // Add TPM_ST_HASHCHECK |
| 23880 | 127 CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag); |
| 23881 | 128 |
| 23882 | |
| 23883 | |
| 23884 | Page 338 TCG Published Family "2.0" |
| 23885 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 23886 | Part 4: Supporting Routines Trusted Platform Module Library |
| 23887 | |
| 23888 | 129 // Add hash algorithm |
| 23889 | 130 CryptUpdateDigestInt(&hmacState, sizeof(hashAlg), &hashAlg); |
| 23890 | 131 |
| 23891 | 132 // Add digest |
| 23892 | 133 CryptUpdateDigest2B(&hmacState, &digest->b); |
| 23893 | 134 |
| 23894 | 135 // Compute HMAC |
| 23895 | 136 CryptCompleteHMAC2B(&hmacState, &ticket->digest.b); |
| 23896 | 137 |
| 23897 | 138 return; |
| 23898 | 139 } |
| 23899 | |
| 23900 | |
| 23901 | 10.3.3.5 TicketComputeCreation() |
| 23902 | |
| 23903 | This function creates a TPMT_TK_CREATION ticket. |
| 23904 | |
| 23905 | 140 void |
| 23906 | 141 TicketComputeCreation( |
| 23907 | 142 TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket |
| 23908 | 143 TPM2B_NAME *name, // IN: object name |
| 23909 | 144 TPM2B_DIGEST *creation, // IN: creation hash |
| 23910 | 145 TPMT_TK_CREATION *ticket // OUT: created ticket |
| 23911 | 146 ) |
| 23912 | 147 { |
| 23913 | 148 TPM2B_AUTH *proof; |
| 23914 | 149 HMAC_STATE hmacState; |
| 23915 | 150 |
| 23916 | 151 // Get proper proof |
| 23917 | 152 proof = HierarchyGetProof(hierarchy); |
| 23918 | 153 |
| 23919 | 154 // Fill in ticket fields |
| 23920 | 155 ticket->tag = TPM_ST_CREATION; |
| 23921 | 156 ticket->hierarchy = hierarchy; |
| 23922 | 157 |
| 23923 | 158 ticket->digest.t.size = CryptStartHMAC2B(CONTEXT_INTEGRITY_HASH_ALG, |
| 23924 | 159 &proof->b, &hmacState); |
| 23925 | 160 |
| 23926 | 161 // Add TPM_ST_CREATION |
| 23927 | 162 CryptUpdateDigestInt(&hmacState, sizeof(TPM_ST), &ticket->tag); |
| 23928 | 163 |
| 23929 | 164 // Add name |
| 23930 | 165 CryptUpdateDigest2B(&hmacState, &name->b); |
| 23931 | 166 |
| 23932 | 167 // Add creation hash |
| 23933 | 168 CryptUpdateDigest2B(&hmacState, &creation->b); |
| 23934 | 169 |
| 23935 | 170 // Compute HMAC |
| 23936 | 171 CryptCompleteHMAC2B(&hmacState, &ticket->digest.b); |
| 23937 | 172 |
| 23938 | 173 return; |
| 23939 | 174 } |
| 23940 | |
| 23941 | |
| 23942 | 10.4 CryptSelfTest.c |
| 23943 | |
| 23944 | 10.4.1 Introduction |
| 23945 | |
| 23946 | The functions in this file are designed to support self-test of cryptographic functions in the TPM. The TPM |
| 23947 | allows the user to decide whether to run self-test on a demand basis or to run all the self-tests before |
| 23948 | proceeding. |
| 23949 | The self-tests are controlled by a set of bit vectors. The g_untestedDecryptionAlgorithms vector has a bit |
| 23950 | for each decryption algorithm that needs to be tested and g_untestedEncryptionAlgorithms has a bit for |
| 23951 | |
| 23952 | Family "2.0" TCG Published Page 339 |
| 23953 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 23954 | Trusted Platform Module Library Part 4: Supporting Routines |
| 23955 | |
| 23956 | |
| 23957 | each encryption algorithm that needs to be tested. Before an algorithm is used, the appropriate vector is |
| 23958 | checked (indexed using the algorithm ID). If the bit is SET, then the test function should be called. |
| 23959 | |
| 23960 | 1 #include "Global.h" |
| 23961 | 2 #include "CryptoEngine.h" |
| 23962 | 3 #include "InternalRoutines.h" |
| 23963 | 4 #include "AlgorithmCap_fp.h" |
| 23964 | |
| 23965 | |
| 23966 | 10.4.2 Functions |
| 23967 | |
| 23968 | 10.4.2.1 RunSelfTest() |
| 23969 | |
| 23970 | Local function to run self-test |
| 23971 | |
| 23972 | 5 static TPM_RC |
| 23973 | 6 CryptRunSelfTests( |
| 23974 | 7 ALGORITHM_VECTOR *toTest // IN: the vector of the algorithms to test |
| 23975 | 8 ) |
| 23976 | 9 { |
| 23977 | 10 TPM_ALG_ID alg; |
| 23978 | 11 |
| 23979 | 12 // For each of the algorithms that are in the toTestVecor, need to run a |
| 23980 | 13 // test |
| 23981 | 14 for(alg = TPM_ALG_FIRST; alg <= TPM_ALG_LAST; alg++) |
| 23982 | 15 { |
| 23983 | 16 if(TEST_BIT(alg, *toTest)) |
| 23984 | 17 { |
| 23985 | 18 TPM_RC result = CryptTestAlgorithm(alg, toTest); |
| 23986 | 19 if(result != TPM_RC_SUCCESS) |
| 23987 | 20 return result; |
| 23988 | 21 } |
| 23989 | 22 } |
| 23990 | 23 return TPM_RC_SUCCESS; |
| 23991 | 24 } |
| 23992 | |
| 23993 | |
| 23994 | 10.4.2.2 CryptSelfTest() |
| 23995 | |
| 23996 | This function is called to start/complete a full self-test. If fullTest is NO, then only the untested algorithms |
| 23997 | will be run. If fullTest is YES, then g_untestedDecryptionAlgorithms is reinitialized and then all tests are |
| 23998 | run. This implementation of the reference design does not support processing outside the framework of a |
| 23999 | TPM command. As a consequence, this command does not complete until all tests are done. Since this |
| 24000 | can take a long time, the TPM will check after each test to see if the command is canceled. If so, then the |
| 24001 | TPM will returned TPM_RC_CANCELLED. To continue with the self-tests, call TPM2_SelfTest(fullTest == |
| 24002 | No) and the TPM will complete the testing. |
| 24003 | |
| 24004 | Error Returns Meaning |
| 24005 | |
| 24006 | TPM_RC_CANCELED if the command is canceled |
| 24007 | |
| 24008 | 25 LIB_EXPORT |
| 24009 | 26 TPM_RC |
| 24010 | 27 CryptSelfTest( |
| 24011 | 28 TPMI_YES_NO fullTest // IN: if full test is required |
| 24012 | 29 ) |
| 24013 | 30 { |
| 24014 | 31 if(g_forceFailureMode) |
| 24015 | 32 FAIL(FATAL_ERROR_FORCED); |
| 24016 | 33 |
| 24017 | 34 // If the caller requested a full test, then reset the to test vector so that |
| 24018 | 35 // all the tests will be run |
| 24019 | |
| 24020 | Page 340 TCG Published Family "2.0" |
| 24021 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 24022 | Part 4: Supporting Routines Trusted Platform Module Library |
| 24023 | |
| 24024 | 36 if(fullTest == YES) |
| 24025 | 37 { |
| 24026 | 38 MemoryCopy(g_toTest, |
| 24027 | 39 g_implementedAlgorithms, |
| 24028 | 40 sizeof(g_toTest), sizeof(g_toTest)); |
| 24029 | 41 } |
| 24030 | 42 return CryptRunSelfTests(&g_toTest); |
| 24031 | 43 } |
| 24032 | |
| 24033 | |
| 24034 | 10.4.2.3 CryptIncrementalSelfTest() |
| 24035 | |
| 24036 | This function is used to perform an incremental self-test. This implementation will perform the toTest |
| 24037 | values before returning. That is, it assumes that the TPM cannot perform background tasks between |
| 24038 | commands. |
| 24039 | This command may be canceled. If it is, then there is no return result. However, this command can be run |
| 24040 | again and the incremental progress will not be lost. |
| 24041 | |
| 24042 | Error Returns Meaning |
| 24043 | |
| 24044 | TPM_RC_CANCELED processing of this command was canceled |
| 24045 | TPM_RC_TESTING if toTest list is not empty |
| 24046 | TPM_RC_VALUE an algorithm in the toTest list is not implemented |
| 24047 | |
| 24048 | 44 TPM_RC |
| 24049 | 45 CryptIncrementalSelfTest( |
| 24050 | 46 TPML_ALG *toTest, // IN: list of algorithms to be tested |
| 24051 | 47 TPML_ALG *toDoList // OUT: list of algorithms needing test |
| 24052 | 48 ) |
| 24053 | 49 { |
| 24054 | 50 ALGORITHM_VECTOR toTestVector = {0}; |
| 24055 | 51 TPM_ALG_ID alg; |
| 24056 | 52 UINT32 i; |
| 24057 | 53 |
| 24058 | 54 pAssert(toTest != NULL && toDoList != NULL); |
| 24059 | 55 if(toTest->count > 0) |
| 24060 | 56 { |
| 24061 | 57 // Transcribe the toTest list into the toTestVector |
| 24062 | 58 for(i = 0; i < toTest->count; i++) |
| 24063 | 59 { |
| 24064 | 60 TPM_ALG_ID alg = toTest->algorithms[i]; |
| 24065 | 61 |
| 24066 | 62 // make sure that the algorithm value is not out of range |
| 24067 | 63 if((alg > TPM_ALG_LAST) || !TEST_BIT(alg, g_implementedAlgorithms)) |
| 24068 | 64 return TPM_RC_VALUE; |
| 24069 | 65 SET_BIT(alg, toTestVector); |
| 24070 | 66 } |
| 24071 | 67 // Run the test |
| 24072 | 68 if(CryptRunSelfTests(&toTestVector) == TPM_RC_CANCELED) |
| 24073 | 69 return TPM_RC_CANCELED; |
| 24074 | 70 } |
| 24075 | 71 // Fill in the toDoList with the algorithms that are still untested |
| 24076 | 72 toDoList->count = 0; |
| 24077 | 73 |
| 24078 | 74 for(alg = TPM_ALG_FIRST; |
| 24079 | 75 toDoList->count < MAX_ALG_LIST_SIZE && alg <= TPM_ALG_LAST; |
| 24080 | 76 alg++) |
| 24081 | 77 { |
| 24082 | 78 if(TEST_BIT(alg, g_toTest)) |
| 24083 | 79 toDoList->algorithms[toDoList->count++] = alg; |
| 24084 | 80 } |
| 24085 | 81 return TPM_RC_SUCCESS; |
| 24086 | |
| 24087 | |
| 24088 | Family "2.0" TCG Published Page 341 |
| 24089 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 24090 | Trusted Platform Module Library Part 4: Supporting Routines |
| 24091 | |
| 24092 | 82 } |
| 24093 | |
| 24094 | |
| 24095 | 10.4.2.4 CryptInitializeToTest() |
| 24096 | |
| 24097 | This function will initialize the data structures for testing all the algorithms. This should not be called |
| 24098 | unless CryptAlgsSetImplemented() has been called |
| 24099 | |
| 24100 | 83 void |
| 24101 | 84 CryptInitializeToTest( |
| 24102 | 85 void |
| 24103 | 86 ) |
| 24104 | 87 { |
| 24105 | 88 MemoryCopy(g_toTest, |
| 24106 | 89 g_implementedAlgorithms, |
| 24107 | 90 sizeof(g_toTest), |
| 24108 | 91 sizeof(g_toTest)); |
| 24109 | 92 // Setting the algorithm to null causes the test function to just clear |
| 24110 | 93 // out any algorithms for which there is no test. |
| 24111 | 94 CryptTestAlgorithm(TPM_ALG_ERROR, &g_toTest); |
| 24112 | 95 |
| 24113 | 96 return; |
| 24114 | 97 } |
| 24115 | |
| 24116 | |
| 24117 | 10.4.2.5 CryptTestAlgorithm() |
| 24118 | |
| 24119 | Only point of contact with the actual self tests. If a self-test fails, there is no return and the TPM goes into |
| 24120 | failure mode. The call to TestAlgorithm() uses an algorithms selector and a bit vector. When the test is |
| 24121 | run, the corresponding bit in toTest and in g_toTest is CLEAR. If toTest is NULL, then only the bit in |
| 24122 | g_toTest is CLEAR. There is a special case for the call to TestAlgorithm(). When alg is |
| 24123 | TPM_ALG_ERROR, TestAlgorithm() will CLEAR any bit in toTest for which it has no test. This allows the |
| 24124 | knowledge about which algorithms have test to be accessed through the interface that provides the test. |
| 24125 | |
| 24126 | Error Returns Meaning |
| 24127 | |
| 24128 | TPM_RC_SUCCESS test complete |
| 24129 | TPM_RC_CANCELED test was canceled |
| 24130 | |
| 24131 | 98 LIB_EXPORT |
| 24132 | 99 TPM_RC |
| 24133 | 100 CryptTestAlgorithm( |
| 24134 | 101 TPM_ALG_ID alg, |
| 24135 | 102 ALGORITHM_VECTOR *toTest |
| 24136 | 103 ) |
| 24137 | 104 { |
| 24138 | 105 TPM_RC result = TPM_RC_SUCCESS; |
| 24139 | 106 #ifdef SELF_TEST |
| 24140 | 107 // This is the function prototype for TestAlgorithms(). It is here and not |
| 24141 | 108 // in a _fp.h file to avoid a compiler error when SELF_TEST is not defined and |
| 24142 | 109 // AlgorithmTexts.c is not part of the build. |
| 24143 | 110 TPM_RC TestAlgorithm(TPM_ALG_ID alg, ALGORITHM_VECTOR *toTest); |
| 24144 | 111 result = TestAlgorithm(alg, toTest); |
| 24145 | 112 #else |
| 24146 | 113 // If this is an attempt to determine the algorithms for which there is a |
| 24147 | 114 // self test, pretend that all of them do. We do that by not clearing any |
| 24148 | 115 // of the algorithm bits. When/if this function is called to run tests, it |
| 24149 | 116 // will over report. This can be changed so that any call to check on which |
| 24150 | 117 // algorithms have tests, 'toTest' can be cleared. |
| 24151 | 118 if(alg != TPM_ALG_ERROR) |
| 24152 | 119 { |
| 24153 | 120 CLEAR_BIT(alg, g_toTest); |
| 24154 | 121 if(toTest != NULL) |
| 24155 | |
| 24156 | Page 342 TCG Published Family "2.0" |
| 24157 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 24158 | Part 4: Supporting Routines Trusted Platform Module Library |
| 24159 | |
| 24160 | 122 CLEAR_BIT(alg, *toTest); |
| 24161 | 123 } |
| 24162 | 124 #endif |
| 24163 | 125 return result; |
| 24164 | 126 } |
| 24165 | |
| 24166 | |
| 24167 | |
| 24168 | |
| 24169 | Family "2.0" TCG Published Page 343 |
| 24170 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 24171 | Trusted Platform Module Library Part 4: Supporting Routines |
| 24172 | |
| 24173 | |
| 24174 | Annex A |
| 24175 | (informative) |
| 24176 | Implementation Dependent |
| 24177 | |
| 24178 | A.1 Introduction |
| 24179 | |
| 24180 | This header file contains definitions that are derived from the values in the annexes of TPM 2.0 Part 2. |
| 24181 | This file would change based on the implementation. |
| 24182 | The values shown in this version of the file reflect the example settings in TPM 2.0 Part 2. |
| 24183 | |
| 24184 | A.2 Implementation.h |
| 24185 | |
| 24186 | 1 #ifndef _IMPLEMENTATION_H_ |
| 24187 | 2 #define _IMPLEMENTATION_H_ |
| 24188 | 3 #include "BaseTypes.h" |
| 24189 | 4 #include "TPMB.h" |
| 24190 | 5 #undef TRUE |
| 24191 | 6 #undef FALSE |
| 24192 | |
| 24193 | This table is built in to TpmStructures() Change these definitions to turn all algorithms or commands on or |
| 24194 | off |
| 24195 | |
| 24196 | 7 #define ALG_YES YES |
| 24197 | 8 #define ALG_NO NO |
| 24198 | 9 #define CC_YES YES |
| 24199 | 10 #define CC_NO NO |
| 24200 | |
| 24201 | From TPM 2.0 Part 2: Table 4 - Defines for Logic Values |
| 24202 | |
| 24203 | 11 #define TRUE 1 |
| 24204 | 12 #define FALSE 0 |
| 24205 | 13 #define YES 1 |
| 24206 | 14 #define NO 0 |
| 24207 | 15 #define SET 1 |
| 24208 | 16 #define CLEAR 0 |
| 24209 | |
| 24210 | From Vendor-Specific: Table 1 - Defines for Processor Values |
| 24211 | |
| 24212 | 17 #define BIG_ENDIAN_TPM NO |
| 24213 | 18 #define LITTLE_ENDIAN_TPM YES |
| 24214 | 19 #define NO_AUTO_ALIGN NO |
| 24215 | |
| 24216 | From Vendor-Specific: Table 2 - Defines for Implemented Algorithms |
| 24217 | |
| 24218 | 20 #define ALG_RSA ALG_YES |
| 24219 | 21 #define ALG_SHA1 ALG_YES |
| 24220 | 22 #define ALG_HMAC ALG_YES |
| 24221 | 23 #define ALG_AES ALG_YES |
| 24222 | 24 #define ALG_MGF1 ALG_YES |
| 24223 | 25 #define ALG_XOR ALG_YES |
| 24224 | 26 #define ALG_KEYEDHASH ALG_YES |
| 24225 | 27 #define ALG_SHA256 ALG_YES |
| 24226 | 28 #define ALG_SHA384 ALG_YES |
| 24227 | 29 #define ALG_SHA512 ALG_NO |
| 24228 | 30 #define ALG_SM3_256 ALG_NO |
| 24229 | 31 #define ALG_SM4 ALG_NO |
| 24230 | 32 #define ALG_RSASSA (ALG_YES*ALG_RSA) |
| 24231 | 33 #define ALG_RSAES (ALG_YES*ALG_RSA) |
| 24232 | 34 #define ALG_RSAPSS (ALG_YES*ALG_RSA) |
| 24233 | |
| 24234 | Page 344 TCG Published Family "2.0" |
| 24235 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 24236 | Part 4: Supporting Routines Trusted Platform Module Library |
| 24237 | |
| 24238 | 35 #define ALG_OAEP (ALG_YES*ALG_RSA) |
| 24239 | 36 #define ALG_ECC ALG_YES |
| 24240 | 37 #define ALG_ECDH (ALG_YES*ALG_ECC) |
| 24241 | 38 #define ALG_ECDSA (ALG_YES*ALG_ECC) |
| 24242 | 39 #define ALG_ECDAA (ALG_YES*ALG_ECC) |
| 24243 | 40 #define ALG_SM2 (ALG_YES*ALG_ECC) |
| 24244 | 41 #define ALG_ECSCHNORR (ALG_YES*ALG_ECC) |
| 24245 | 42 #define ALG_ECMQV (ALG_NO*ALG_ECC) |
| 24246 | 43 #define ALG_SYMCIPHER ALG_YES |
| 24247 | 44 #define ALG_KDF1_SP800_56A (ALG_YES*ALG_ECC) |
| 24248 | 45 #define ALG_KDF2 ALG_NO |
| 24249 | 46 #define ALG_KDF1_SP800_108 ALG_YES |
| 24250 | 47 #define ALG_CTR ALG_YES |
| 24251 | 48 #define ALG_OFB ALG_YES |
| 24252 | 49 #define ALG_CBC ALG_YES |
| 24253 | 50 #define ALG_CFB ALG_YES |
| 24254 | 51 #define ALG_ECB ALG_YES |
| 24255 | |
| 24256 | From Vendor-Specific: Table 4 - Defines for Key Size Constants |
| 24257 | |
| 24258 | 52 #define RSA_KEY_SIZES_BITS {1024,2048} |
| 24259 | 53 #define RSA_KEY_SIZE_BITS_1024 RSA_ALLOWED_KEY_SIZE_1024 |
| 24260 | 54 #define RSA_KEY_SIZE_BITS_2048 RSA_ALLOWED_KEY_SIZE_2048 |
| 24261 | 55 #define MAX_RSA_KEY_BITS 2048 |
| 24262 | 56 #define MAX_RSA_KEY_BYTES 256 |
| 24263 | 57 #define AES_KEY_SIZES_BITS {128,256} |
| 24264 | 58 #define AES_KEY_SIZE_BITS_128 AES_ALLOWED_KEY_SIZE_128 |
| 24265 | 59 #define AES_KEY_SIZE_BITS_256 AES_ALLOWED_KEY_SIZE_256 |
| 24266 | 60 #define MAX_AES_KEY_BITS 256 |
| 24267 | 61 #define MAX_AES_KEY_BYTES 32 |
| 24268 | 62 #define MAX_AES_BLOCK_SIZE_BYTES \ |
| 24269 | 63 MAX(AES_128_BLOCK_SIZE_BYTES, \ |
| 24270 | 64 MAX(AES_256_BLOCK_SIZE_BYTES, 0)) |
| 24271 | 65 #define SM4_KEY_SIZES_BITS {128} |
| 24272 | 66 #define SM4_KEY_SIZE_BITS_128 SM4_ALLOWED_KEY_SIZE_128 |
| 24273 | 67 #define MAX_SM4_KEY_BITS 128 |
| 24274 | 68 #define MAX_SM4_KEY_BYTES 16 |
| 24275 | 69 #define MAX_SM4_BLOCK_SIZE_BYTES \ |
| 24276 | 70 MAX(SM4_128_BLOCK_SIZE_BYTES, 0) |
| 24277 | 71 #define CAMELLIA_KEY_SIZES_BITS {128} |
| 24278 | 72 #define CAMELLIA_KEY_SIZE_BITS_128 CAMELLIA_ALLOWED_KEY_SIZE_128 |
| 24279 | 73 #define MAX_CAMELLIA_KEY_BITS 128 |
| 24280 | 74 #define MAX_CAMELLIA_KEY_BYTES 16 |
| 24281 | 75 #define MAX_CAMELLIA_BLOCK_SIZE_BYTES \ |
| 24282 | 76 MAX(CAMELLIA_128_BLOCK_SIZE_BYTES, 0) |
| 24283 | |
| 24284 | From Vendor-Specific: Table 5 - Defines for Implemented Curves |
| 24285 | |
| 24286 | 77 #define ECC_NIST_P256 YES |
| 24287 | 78 #define ECC_NIST_P384 YES |
| 24288 | 79 #define ECC_BN_P256 YES |
| 24289 | 80 #define ECC_CURVES {\ |
| 24290 | 81 TPM_ECC_BN_P256, TPM_ECC_NIST_P256, TPM_ECC_NIST_P384} |
| 24291 | 82 #define ECC_KEY_SIZES_BITS {256, 384} |
| 24292 | 83 #define ECC_KEY_SIZE_BITS_256 |
| 24293 | 84 #define ECC_KEY_SIZE_BITS_384 |
| 24294 | 85 #define MAX_ECC_KEY_BITS 384 |
| 24295 | 86 #define MAX_ECC_KEY_BYTES 48 |
| 24296 | |
| 24297 | From Vendor-Specific: Table 6 - Defines for Implemented Commands |
| 24298 | |
| 24299 | 87 #define CC_ActivateCredential CC_YES |
| 24300 | 88 #define CC_Certify CC_YES |
| 24301 | 89 #define CC_CertifyCreation CC_YES |
| 24302 | |
| 24303 | |
| 24304 | Family "2.0" TCG Published Page 345 |
| 24305 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 24306 | Trusted Platform Module Library Part 4: Supporting Routines |
| 24307 | |
| 24308 | 90 #define CC_ChangeEPS CC_YES |
| 24309 | 91 #define CC_ChangePPS CC_YES |
| 24310 | 92 #define CC_Clear CC_YES |
| 24311 | 93 #define CC_ClearControl CC_YES |
| 24312 | 94 #define CC_ClockRateAdjust CC_YES |
| 24313 | 95 #define CC_ClockSet CC_YES |
| 24314 | 96 #define CC_Commit (CC_YES*ALG_ECC) |
| 24315 | 97 #define CC_ContextLoad CC_YES |
| 24316 | 98 #define CC_ContextSave CC_YES |
| 24317 | 99 #define CC_Create CC_YES |
| 24318 | 100 #define CC_CreatePrimary CC_YES |
| 24319 | 101 #define CC_DictionaryAttackLockReset CC_YES |
| 24320 | 102 #define CC_DictionaryAttackParameters CC_YES |
| 24321 | 103 #define CC_Duplicate CC_YES |
| 24322 | 104 #define CC_ECC_Parameters (CC_YES*ALG_ECC) |
| 24323 | 105 #define CC_ECDH_KeyGen (CC_YES*ALG_ECC) |
| 24324 | 106 #define CC_ECDH_ZGen (CC_YES*ALG_ECC) |
| 24325 | 107 #define CC_EncryptDecrypt CC_YES |
| 24326 | 108 #define CC_EventSequenceComplete CC_YES |
| 24327 | 109 #define CC_EvictControl CC_YES |
| 24328 | 110 #define CC_FieldUpgradeData CC_NO |
| 24329 | 111 #define CC_FieldUpgradeStart CC_NO |
| 24330 | 112 #define CC_FirmwareRead CC_NO |
| 24331 | 113 #define CC_FlushContext CC_YES |
| 24332 | 114 #define CC_GetCapability CC_YES |
| 24333 | 115 #define CC_GetCommandAuditDigest CC_YES |
| 24334 | 116 #define CC_GetRandom CC_YES |
| 24335 | 117 #define CC_GetSessionAuditDigest CC_YES |
| 24336 | 118 #define CC_GetTestResult CC_YES |
| 24337 | 119 #define CC_GetTime CC_YES |
| 24338 | 120 #define CC_Hash CC_YES |
| 24339 | 121 #define CC_HashSequenceStart CC_YES |
| 24340 | 122 #define CC_HierarchyChangeAuth CC_YES |
| 24341 | 123 #define CC_HierarchyControl CC_YES |
| 24342 | 124 #define CC_HMAC CC_YES |
| 24343 | 125 #define CC_HMAC_Start CC_YES |
| 24344 | 126 #define CC_Import CC_YES |
| 24345 | 127 #define CC_IncrementalSelfTest CC_YES |
| 24346 | 128 #define CC_Load CC_YES |
| 24347 | 129 #define CC_LoadExternal CC_YES |
| 24348 | 130 #define CC_MakeCredential CC_YES |
| 24349 | 131 #define CC_NV_Certify CC_YES |
| 24350 | 132 #define CC_NV_ChangeAuth CC_YES |
| 24351 | 133 #define CC_NV_DefineSpace CC_YES |
| 24352 | 134 #define CC_NV_Extend CC_YES |
| 24353 | 135 #define CC_NV_GlobalWriteLock CC_YES |
| 24354 | 136 #define CC_NV_Increment CC_YES |
| 24355 | 137 #define CC_NV_Read CC_YES |
| 24356 | 138 #define CC_NV_ReadLock CC_YES |
| 24357 | 139 #define CC_NV_ReadPublic CC_YES |
| 24358 | 140 #define CC_NV_SetBits CC_YES |
| 24359 | 141 #define CC_NV_UndefineSpace CC_YES |
| 24360 | 142 #define CC_NV_UndefineSpaceSpecial CC_YES |
| 24361 | 143 #define CC_NV_Write CC_YES |
| 24362 | 144 #define CC_NV_WriteLock CC_YES |
| 24363 | 145 #define CC_ObjectChangeAuth CC_YES |
| 24364 | 146 #define CC_PCR_Allocate CC_YES |
| 24365 | 147 #define CC_PCR_Event CC_YES |
| 24366 | 148 #define CC_PCR_Extend CC_YES |
| 24367 | 149 #define CC_PCR_Read CC_YES |
| 24368 | 150 #define CC_PCR_Reset CC_YES |
| 24369 | 151 #define CC_PCR_SetAuthPolicy CC_YES |
| 24370 | 152 #define CC_PCR_SetAuthValue CC_YES |
| 24371 | 153 #define CC_PolicyAuthorize CC_YES |
| 24372 | 154 #define CC_PolicyAuthValue CC_YES |
| 24373 | 155 #define CC_PolicyCommandCode CC_YES |
| 24374 | |
| 24375 | Page 346 TCG Published Family "2.0" |
| 24376 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 24377 | Part 4: Supporting Routines Trusted Platform Module Library |
| 24378 | |
| 24379 | 156 #define CC_PolicyCounterTimer CC_YES |
| 24380 | 157 #define CC_PolicyCpHash CC_YES |
| 24381 | 158 #define CC_PolicyDuplicationSelect CC_YES |
| 24382 | 159 #define CC_PolicyGetDigest CC_YES |
| 24383 | 160 #define CC_PolicyLocality CC_YES |
| 24384 | 161 #define CC_PolicyNameHash CC_YES |
| 24385 | 162 #define CC_PolicyNV CC_YES |
| 24386 | 163 #define CC_PolicyOR CC_YES |
| 24387 | 164 #define CC_PolicyPassword CC_YES |
| 24388 | 165 #define CC_PolicyPCR CC_YES |
| 24389 | 166 #define CC_PolicyPhysicalPresence CC_YES |
| 24390 | 167 #define CC_PolicyRestart CC_YES |
| 24391 | 168 #define CC_PolicySecret CC_YES |
| 24392 | 169 #define CC_PolicySigned CC_YES |
| 24393 | 170 #define CC_PolicyTicket CC_YES |
| 24394 | 171 #define CC_PP_Commands CC_YES |
| 24395 | 172 #define CC_Quote CC_YES |
| 24396 | 173 #define CC_ReadClock CC_YES |
| 24397 | 174 #define CC_ReadPublic CC_YES |
| 24398 | 175 #define CC_Rewrap CC_YES |
| 24399 | 176 #define CC_RSA_Decrypt (CC_YES*ALG_RSA) |
| 24400 | 177 #define CC_RSA_Encrypt (CC_YES*ALG_RSA) |
| 24401 | 178 #define CC_SelfTest CC_YES |
| 24402 | 179 #define CC_SequenceComplete CC_YES |
| 24403 | 180 #define CC_SequenceUpdate CC_YES |
| 24404 | 181 #define CC_SetAlgorithmSet CC_YES |
| 24405 | 182 #define CC_SetCommandCodeAuditStatus CC_YES |
| 24406 | 183 #define CC_SetPrimaryPolicy CC_YES |
| 24407 | 184 #define CC_Shutdown CC_YES |
| 24408 | 185 #define CC_Sign CC_YES |
| 24409 | 186 #define CC_StartAuthSession CC_YES |
| 24410 | 187 #define CC_Startup CC_YES |
| 24411 | 188 #define CC_StirRandom CC_YES |
| 24412 | 189 #define CC_TestParms CC_YES |
| 24413 | 190 #define CC_Unseal CC_YES |
| 24414 | 191 #define CC_VerifySignature CC_YES |
| 24415 | 192 #define CC_ZGen_2Phase (CC_YES*ALG_ECC) |
| 24416 | 193 #define CC_EC_Ephemeral (CC_YES*ALG_ECC) |
| 24417 | 194 #define CC_PolicyNvWritten CC_YES |
| 24418 | |
| 24419 | From Vendor-Specific: Table 7 - Defines for Implementation Values |
| 24420 | |
| 24421 | 195 #define FIELD_UPGRADE_IMPLEMENTED NO |
| 24422 | 196 #define BSIZE UINT16 |
| 24423 | 197 #define BUFFER_ALIGNMENT 4 |
| 24424 | 198 #define IMPLEMENTATION_PCR 24 |
| 24425 | 199 #define PLATFORM_PCR 24 |
| 24426 | 200 #define DRTM_PCR 17 |
| 24427 | 201 #define HCRTM_PCR 0 |
| 24428 | 202 #define NUM_LOCALITIES 5 |
| 24429 | 203 #define MAX_HANDLE_NUM 3 |
| 24430 | 204 #define MAX_ACTIVE_SESSIONS 64 |
| 24431 | 205 #define CONTEXT_SLOT UINT16 |
| 24432 | 206 #define CONTEXT_COUNTER UINT64 |
| 24433 | 207 #define MAX_LOADED_SESSIONS 3 |
| 24434 | 208 #define MAX_SESSION_NUM 3 |
| 24435 | 209 #define MAX_LOADED_OBJECTS 3 |
| 24436 | 210 #define MIN_EVICT_OBJECTS 2 |
| 24437 | 211 #define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) |
| 24438 | 212 #define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) |
| 24439 | 213 #define NUM_POLICY_PCR_GROUP 1 |
| 24440 | 214 #define NUM_AUTHVALUE_PCR_GROUP 1 |
| 24441 | 215 #define MAX_CONTEXT_SIZE 2048 |
| 24442 | 216 #define MAX_DIGEST_BUFFER 1024 |
| 24443 | 217 #define MAX_NV_INDEX_SIZE 2048 |
| 24444 | |
| 24445 | |
| 24446 | Family "2.0" TCG Published Page 347 |
| 24447 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 24448 | Trusted Platform Module Library Part 4: Supporting Routines |
| 24449 | |
| 24450 | 218 #define MAX_NV_BUFFER_SIZE 1024 |
| 24451 | 219 #define MAX_CAP_BUFFER 1024 |
| 24452 | 220 #define NV_MEMORY_SIZE 16384 |
| 24453 | 221 #define NUM_STATIC_PCR 16 |
| 24454 | 222 #define MAX_ALG_LIST_SIZE 64 |
| 24455 | 223 #define TIMER_PRESCALE 100000 |
| 24456 | 224 #define PRIMARY_SEED_SIZE 32 |
| 24457 | 225 #define CONTEXT_ENCRYPT_ALG TPM_ALG_AES |
| 24458 | 226 #define CONTEXT_ENCRYPT_KEY_BITS MAX_SYM_KEY_BITS |
| 24459 | 227 #define CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7)/8) |
| 24460 | 228 #define CONTEXT_INTEGRITY_HASH_ALG TPM_ALG_SHA256 |
| 24461 | 229 #define CONTEXT_INTEGRITY_HASH_SIZE SHA256_DIGEST_SIZE |
| 24462 | 230 #define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE |
| 24463 | 231 #define NV_CLOCK_UPDATE_INTERVAL 12 |
| 24464 | 232 #define NUM_POLICY_PCR 1 |
| 24465 | 233 #define MAX_COMMAND_SIZE 4096 |
| 24466 | 234 #define MAX_RESPONSE_SIZE 4096 |
| 24467 | 235 #define ORDERLY_BITS 8 |
| 24468 | 236 #define MAX_ORDERLY_COUNT ((1<<ORDERLY_BITS)-1) |
| 24469 | 237 #define ALG_ID_FIRST TPM_ALG_FIRST |
| 24470 | 238 #define ALG_ID_LAST TPM_ALG_LAST |
| 24471 | 239 #define MAX_SYM_DATA 128 |
| 24472 | 240 #define MAX_RNG_ENTROPY_SIZE 64 |
| 24473 | 241 #define RAM_INDEX_SPACE 512 |
| 24474 | 242 #define RSA_DEFAULT_PUBLIC_EXPONENT 0x00010001 |
| 24475 | 243 #define ENABLE_PCR_NO_INCREMENT YES |
| 24476 | 244 #define CRT_FORMAT_RSA YES |
| 24477 | 245 #define PRIVATE_VENDOR_SPECIFIC_BYTES \ |
| 24478 | 246 ((MAX_RSA_KEY_BYTES/2)*(3+CRT_FORMAT_RSA*2)) |
| 24479 | |
| 24480 | From TCG Algorithm Registry: Table 2 - Definition of TPM_ALG_ID Constants |
| 24481 | |
| 24482 | 247 typedef UINT16 TPM_ALG_ID; |
| 24483 | 248 #define TPM_ALG_ERROR (TPM_ALG_ID)(0x0000) |
| 24484 | 249 #define ALG_ERROR_VALUE 0x0000 |
| 24485 | 250 #if defined ALG_RSA && ALG_RSA == YES |
| 24486 | 251 #define TPM_ALG_RSA (TPM_ALG_ID)(0x0001) |
| 24487 | 252 #endif |
| 24488 | 253 #define ALG_RSA_VALUE 0x0001 |
| 24489 | 254 #if defined ALG_SHA && ALG_SHA == YES |
| 24490 | 255 #define TPM_ALG_SHA (TPM_ALG_ID)(0x0004) |
| 24491 | 256 #endif |
| 24492 | 257 #define ALG_SHA_VALUE 0x0004 |
| 24493 | 258 #if defined ALG_SHA1 && ALG_SHA1 == YES |
| 24494 | 259 #define TPM_ALG_SHA1 (TPM_ALG_ID)(0x0004) |
| 24495 | 260 #endif |
| 24496 | 261 #define ALG_SHA1_VALUE 0x0004 |
| 24497 | 262 #if defined ALG_HMAC && ALG_HMAC == YES |
| 24498 | 263 #define TPM_ALG_HMAC (TPM_ALG_ID)(0x0005) |
| 24499 | 264 #endif |
| 24500 | 265 #define ALG_HMAC_VALUE 0x0005 |
| 24501 | 266 #if defined ALG_AES && ALG_AES == YES |
| 24502 | 267 #define TPM_ALG_AES (TPM_ALG_ID)(0x0006) |
| 24503 | 268 #endif |
| 24504 | 269 #define ALG_AES_VALUE 0x0006 |
| 24505 | 270 #if defined ALG_MGF1 && ALG_MGF1 == YES |
| 24506 | 271 #define TPM_ALG_MGF1 (TPM_ALG_ID)(0x0007) |
| 24507 | 272 #endif |
| 24508 | 273 #define ALG_MGF1_VALUE 0x0007 |
| 24509 | 274 #if defined ALG_KEYEDHASH && ALG_KEYEDHASH == YES |
| 24510 | 275 #define TPM_ALG_KEYEDHASH (TPM_ALG_ID)(0x0008) |
| 24511 | 276 #endif |
| 24512 | 277 #define ALG_KEYEDHASH_VALUE 0x0008 |
| 24513 | 278 #if defined ALG_XOR && ALG_XOR == YES |
| 24514 | 279 #define TPM_ALG_XOR (TPM_ALG_ID)(0x000A) |
| 24515 | |
| 24516 | |
| 24517 | Page 348 TCG Published Family "2.0" |
| 24518 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 24519 | Part 4: Supporting Routines Trusted Platform Module Library |
| 24520 | |
| 24521 | 280 #endif |
| 24522 | 281 #define ALG_XOR_VALUE 0x000A |
| 24523 | 282 #if defined ALG_SHA256 && ALG_SHA256 == YES |
| 24524 | 283 #define TPM_ALG_SHA256 (TPM_ALG_ID)(0x000B) |
| 24525 | 284 #endif |
| 24526 | 285 #define ALG_SHA256_VALUE 0x000B |
| 24527 | 286 #if defined ALG_SHA384 && ALG_SHA384 == YES |
| 24528 | 287 #define TPM_ALG_SHA384 (TPM_ALG_ID)(0x000C) |
| 24529 | 288 #endif |
| 24530 | 289 #define ALG_SHA384_VALUE 0x000C |
| 24531 | 290 #if defined ALG_SHA512 && ALG_SHA512 == YES |
| 24532 | 291 #define TPM_ALG_SHA512 (TPM_ALG_ID)(0x000D) |
| 24533 | 292 #endif |
| 24534 | 293 #define ALG_SHA512_VALUE 0x000D |
| 24535 | 294 #define TPM_ALG_NULL (TPM_ALG_ID)(0x0010) |
| 24536 | 295 #define ALG_NULL_VALUE 0x0010 |
| 24537 | 296 #if defined ALG_SM3_256 && ALG_SM3_256 == YES |
| 24538 | 297 #define TPM_ALG_SM3_256 (TPM_ALG_ID)(0x0012) |
| 24539 | 298 #endif |
| 24540 | 299 #define ALG_SM3_256_VALUE 0x0012 |
| 24541 | 300 #if defined ALG_SM4 && ALG_SM4 == YES |
| 24542 | 301 #define TPM_ALG_SM4 (TPM_ALG_ID)(0x0013) |
| 24543 | 302 #endif |
| 24544 | 303 #define ALG_SM4_VALUE 0x0013 |
| 24545 | 304 #if defined ALG_RSASSA && ALG_RSASSA == YES |
| 24546 | 305 #define TPM_ALG_RSASSA (TPM_ALG_ID)(0x0014) |
| 24547 | 306 #endif |
| 24548 | 307 #define ALG_RSASSA_VALUE 0x0014 |
| 24549 | 308 #if defined ALG_RSAES && ALG_RSAES == YES |
| 24550 | 309 #define TPM_ALG_RSAES (TPM_ALG_ID)(0x0015) |
| 24551 | 310 #endif |
| 24552 | 311 #define ALG_RSAES_VALUE 0x0015 |
| 24553 | 312 #if defined ALG_RSAPSS && ALG_RSAPSS == YES |
| 24554 | 313 #define TPM_ALG_RSAPSS (TPM_ALG_ID)(0x0016) |
| 24555 | 314 #endif |
| 24556 | 315 #define ALG_RSAPSS_VALUE 0x0016 |
| 24557 | 316 #if defined ALG_OAEP && ALG_OAEP == YES |
| 24558 | 317 #define TPM_ALG_OAEP (TPM_ALG_ID)(0x0017) |
| 24559 | 318 #endif |
| 24560 | 319 #define ALG_OAEP_VALUE 0x0017 |
| 24561 | 320 #if defined ALG_ECDSA && ALG_ECDSA == YES |
| 24562 | 321 #define TPM_ALG_ECDSA (TPM_ALG_ID)(0x0018) |
| 24563 | 322 #endif |
| 24564 | 323 #define ALG_ECDSA_VALUE 0x0018 |
| 24565 | 324 #if defined ALG_ECDH && ALG_ECDH == YES |
| 24566 | 325 #define TPM_ALG_ECDH (TPM_ALG_ID)(0x0019) |
| 24567 | 326 #endif |
| 24568 | 327 #define ALG_ECDH_VALUE 0x0019 |
| 24569 | 328 #if defined ALG_ECDAA && ALG_ECDAA == YES |
| 24570 | 329 #define TPM_ALG_ECDAA (TPM_ALG_ID)(0x001A) |
| 24571 | 330 #endif |
| 24572 | 331 #define ALG_ECDAA_VALUE 0x001A |
| 24573 | 332 #if defined ALG_SM2 && ALG_SM2 == YES |
| 24574 | 333 #define TPM_ALG_SM2 (TPM_ALG_ID)(0x001B) |
| 24575 | 334 #endif |
| 24576 | 335 #define ALG_SM2_VALUE 0x001B |
| 24577 | 336 #if defined ALG_ECSCHNORR && ALG_ECSCHNORR == YES |
| 24578 | 337 #define TPM_ALG_ECSCHNORR (TPM_ALG_ID)(0x001C) |
| 24579 | 338 #endif |
| 24580 | 339 #define ALG_ECSCHNORR_VALUE 0x001C |
| 24581 | 340 #if defined ALG_ECMQV && ALG_ECMQV == YES |
| 24582 | 341 #define TPM_ALG_ECMQV (TPM_ALG_ID)(0x001D) |
| 24583 | 342 #endif |
| 24584 | 343 #define ALG_ECMQV_VALUE 0x001D |
| 24585 | 344 #if defined ALG_KDF1_SP800_56A && ALG_KDF1_SP800_56A == YES |
| 24586 | 345 #define TPM_ALG_KDF1_SP800_56A (TPM_ALG_ID)(0x0020) |
| 24587 | |
| 24588 | Family "2.0" TCG Published Page 349 |
| 24589 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 24590 | Trusted Platform Module Library Part 4: Supporting Routines |
| 24591 | |
| 24592 | 346 #endif |
| 24593 | 347 #define ALG_KDF1_SP800_56A_VALUE 0x0020 |
| 24594 | 348 #if defined ALG_KDF2 && ALG_KDF2 == YES |
| 24595 | 349 #define TPM_ALG_KDF2 (TPM_ALG_ID)(0x0021) |
| 24596 | 350 #endif |
| 24597 | 351 #define ALG_KDF2_VALUE 0x0021 |
| 24598 | 352 #if defined ALG_KDF1_SP800_108 && ALG_KDF1_SP800_108 == YES |
| 24599 | 353 #define TPM_ALG_KDF1_SP800_108 (TPM_ALG_ID)(0x0022) |
| 24600 | 354 #endif |
| 24601 | 355 #define ALG_KDF1_SP800_108_VALUE 0x0022 |
| 24602 | 356 #if defined ALG_ECC && ALG_ECC == YES |
| 24603 | 357 #define TPM_ALG_ECC (TPM_ALG_ID)(0x0023) |
| 24604 | 358 #endif |
| 24605 | 359 #define ALG_ECC_VALUE 0x0023 |
| 24606 | 360 #if defined ALG_SYMCIPHER && ALG_SYMCIPHER == YES |
| 24607 | 361 #define TPM_ALG_SYMCIPHER (TPM_ALG_ID)(0x0025) |
| 24608 | 362 #endif |
| 24609 | 363 #define ALG_SYMCIPHER_VALUE 0x0025 |
| 24610 | 364 #if defined ALG_CAMELLIA && ALG_CAMELLIA == YES |
| 24611 | 365 #define TPM_ALG_CAMELLIA (TPM_ALG_ID)(0x0026) |
| 24612 | 366 #endif |
| 24613 | 367 #define ALG_CAMELLIA_VALUE 0x0026 |
| 24614 | 368 #if defined ALG_CTR && ALG_CTR == YES |
| 24615 | 369 #define TPM_ALG_CTR (TPM_ALG_ID)(0x0040) |
| 24616 | 370 #endif |
| 24617 | 371 #define ALG_CTR_VALUE 0x0040 |
| 24618 | 372 #if defined ALG_OFB && ALG_OFB == YES |
| 24619 | 373 #define TPM_ALG_OFB (TPM_ALG_ID)(0x0041) |
| 24620 | 374 #endif |
| 24621 | 375 #define ALG_OFB_VALUE 0x0041 |
| 24622 | 376 #if defined ALG_CBC && ALG_CBC == YES |
| 24623 | 377 #define TPM_ALG_CBC (TPM_ALG_ID)(0x0042) |
| 24624 | 378 #endif |
| 24625 | 379 #define ALG_CBC_VALUE 0x0042 |
| 24626 | 380 #if defined ALG_CFB && ALG_CFB == YES |
| 24627 | 381 #define TPM_ALG_CFB (TPM_ALG_ID)(0x0043) |
| 24628 | 382 #endif |
| 24629 | 383 #define ALG_CFB_VALUE 0x0043 |
| 24630 | 384 #if defined ALG_ECB && ALG_ECB == YES |
| 24631 | 385 #define TPM_ALG_ECB (TPM_ALG_ID)(0x0044) |
| 24632 | 386 #endif |
| 24633 | 387 #define ALG_ECB_VALUE 0x0044 |
| 24634 | 388 #define TPM_ALG_FIRST (TPM_ALG_ID)(0x0001) |
| 24635 | 389 #define ALG_FIRST_VALUE 0x0001 |
| 24636 | 390 #define TPM_ALG_LAST (TPM_ALG_ID)(0x0044) |
| 24637 | 391 #define ALG_LAST_VALUE 0x0044 |
| 24638 | |
| 24639 | From TCG Algorithm Registry: Table 3 - Definition of TPM_ECC_CURVE Constants |
| 24640 | |
| 24641 | 392 typedef UINT16 TPM_ECC_CURVE; |
| 24642 | 393 #define TPM_ECC_NONE (TPM_ECC_CURVE)(0x0000) |
| 24643 | 394 #define TPM_ECC_NIST_P192 (TPM_ECC_CURVE)(0x0001) |
| 24644 | 395 #define TPM_ECC_NIST_P224 (TPM_ECC_CURVE)(0x0002) |
| 24645 | 396 #define TPM_ECC_NIST_P256 (TPM_ECC_CURVE)(0x0003) |
| 24646 | 397 #define TPM_ECC_NIST_P384 (TPM_ECC_CURVE)(0x0004) |
| 24647 | 398 #define TPM_ECC_NIST_P521 (TPM_ECC_CURVE)(0x0005) |
| 24648 | 399 #define TPM_ECC_BN_P256 (TPM_ECC_CURVE)(0x0010) |
| 24649 | 400 #define TPM_ECC_BN_P638 (TPM_ECC_CURVE)(0x0011) |
| 24650 | 401 #define TPM_ECC_SM2_P256 (TPM_ECC_CURVE)(0x0020) |
| 24651 | |
| 24652 | From TCG Algorithm Registry: Table 4 - Defines for NIST_P192 ECC Values Data in CrpiEccData.c From |
| 24653 | TCG Algorithm Registry: Table 5 - Defines for NIST_P224 ECC Values Data in CrpiEccData.c From TCG |
| 24654 | Algorithm Registry: Table 6 - Defines for NIST_P256 ECC Values Data in CrpiEccData.c From TCG |
| 24655 | Algorithm Registry: Table 7 - Defines for NIST_P384 ECC Values Data in CrpiEccData.c From TCG |
| 24656 | |
| 24657 | Page 350 TCG Published Family "2.0" |
| 24658 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 24659 | Part 4: Supporting Routines Trusted Platform Module Library |
| 24660 | |
| 24661 | |
| 24662 | Algorithm Registry: Table 8 - Defines for NIST_P521 ECC Values Data in CrpiEccData.c From TCG |
| 24663 | Algorithm Registry: Table 9 - Defines for BN_P256 ECC Values Data in CrpiEccData.c From TCG |
| 24664 | Algorithm Registry: Table 10 - Defines for BN_P638 ECC Values Data in CrpiEccData.c From TCG |
| 24665 | Algorithm Registry: Table 11 - Defines for SM2_P256 ECC Values Data in CrpiEccData.c From TCG |
| 24666 | Algorithm Registry: Table 12 - Defines for SHA1 Hash Values |
| 24667 | |
| 24668 | 402 #define SHA1_DIGEST_SIZE 20 |
| 24669 | 403 #define SHA1_BLOCK_SIZE 64 |
| 24670 | 404 #define SHA1_DER_SIZE 15 |
| 24671 | 405 #define SHA1_DER \ |
| 24672 | 406 0x30,0x21,0x30,0x09,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,0x05,0x00,0x04,0x14 |
| 24673 | |
| 24674 | From TCG Algorithm Registry: Table 13 - Defines for SHA256 Hash Values |
| 24675 | |
| 24676 | 407 #define SHA256_DIGEST_SIZE 32 |
| 24677 | 408 #define SHA256_BLOCK_SIZE 64 |
| 24678 | 409 #define SHA256_DER_SIZE 19 |
| 24679 | 410 #define SHA256_DER \ |
| 24680 | 411 |
| 24681 | 0x30,0x31,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0 |
| 24682 | x04,0x20 |
| 24683 | |
| 24684 | From TCG Algorithm Registry: Table 14 - Defines for SHA384 Hash Values |
| 24685 | |
| 24686 | 412 #define SHA384_DIGEST_SIZE 48 |
| 24687 | 413 #define SHA384_BLOCK_SIZE 128 |
| 24688 | 414 #define SHA384_DER_SIZE 19 |
| 24689 | 415 #define SHA384_DER \ |
| 24690 | 416 |
| 24691 | 0x30,0x41,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0 |
| 24692 | x04,0x30 |
| 24693 | |
| 24694 | From TCG Algorithm Registry: Table 15 - Defines for SHA512 Hash Values |
| 24695 | |
| 24696 | 417 #define SHA512_DIGEST_SIZE 64 |
| 24697 | 418 #define SHA512_BLOCK_SIZE 128 |
| 24698 | 419 #define SHA512_DER_SIZE 19 |
| 24699 | 420 #define SHA512_DER \ |
| 24700 | 421 |
| 24701 | 0x30,0x51,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0 |
| 24702 | x04,0x40 |
| 24703 | |
| 24704 | From TCG Algorithm Registry: Table 16 - Defines for SM3_256 Hash Values |
| 24705 | |
| 24706 | 422 #define SM3_256_DIGEST_SIZE 32 |
| 24707 | 423 #define SM3_256_BLOCK_SIZE 64 |
| 24708 | 424 #define SM3_256_DER_SIZE 18 |
| 24709 | 425 #define SM3_256_DER \ |
| 24710 | 426 |
| 24711 | 0x30,0x30,0x30,0x0C,0x06,0x08,0x2A,0x81,0x1C,0x81,0x45,0x01,0x83,0x11,0x05,0x00,0x04,0 |
| 24712 | x20 |
| 24713 | |
| 24714 | From TCG Algorithm Registry: Table 17 - Defines for AES Symmetric Cipher Algorithm Constants |
| 24715 | |
| 24716 | 427 #define AES_ALLOWED_KEY_SIZE_128 YES |
| 24717 | 428 #define AES_ALLOWED_KEY_SIZE_192 YES |
| 24718 | 429 #define AES_ALLOWED_KEY_SIZE_256 YES |
| 24719 | 430 #define AES_128_BLOCK_SIZE_BYTES 16 |
| 24720 | 431 #define AES_192_BLOCK_SIZE_BYTES 16 |
| 24721 | 432 #define AES_256_BLOCK_SIZE_BYTES 16 |
| 24722 | |
| 24723 | From TCG Algorithm Registry: Table 18 - Defines for SM4 Symmetric Cipher Algorithm Constants |
| 24724 | |
| 24725 | Family "2.0" TCG Published Page 351 |
| 24726 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 24727 | Trusted Platform Module Library Part 4: Supporting Routines |
| 24728 | |
| 24729 | 433 #define SM4_ALLOWED_KEY_SIZE_128 YES |
| 24730 | 434 #define SM4_128_BLOCK_SIZE_BYTES 16 |
| 24731 | |
| 24732 | From TCG Algorithm Registry: Table 19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants |
| 24733 | |
| 24734 | 435 #define CAMELLIA_ALLOWED_KEY_SIZE_128 YES |
| 24735 | 436 #define CAMELLIA_ALLOWED_KEY_SIZE_192 YES |
| 24736 | 437 #define CAMELLIA_ALLOWED_KEY_SIZE_256 YES |
| 24737 | 438 #define CAMELLIA_128_BLOCK_SIZE_BYTES 16 |
| 24738 | 439 #define CAMELLIA_192_BLOCK_SIZE_BYTES 16 |
| 24739 | 440 #define CAMELLIA_256_BLOCK_SIZE_BYTES 16 |
| 24740 | |
| 24741 | From TPM 2.0 Part 2: Table 13 - Definition of TPM_CC Constants |
| 24742 | |
| 24743 | 441 typedef UINT32 TPM_CC; |
| 24744 | 442 #define TPM_CC_FIRST (TPM_CC)(0x0000011F) |
| 24745 | 443 #define TPM_CC_PP_FIRST (TPM_CC)(0x0000011F) |
| 24746 | 444 #if defined CC_NV_UndefineSpaceSpecial && CC_NV_UndefineSpaceSpecial == YES |
| 24747 | 445 #define TPM_CC_NV_UndefineSpaceSpecial (TPM_CC)(0x0000011F) |
| 24748 | 446 #endif |
| 24749 | 447 #if defined CC_EvictControl && CC_EvictControl == YES |
| 24750 | 448 #define TPM_CC_EvictControl (TPM_CC)(0x00000120) |
| 24751 | 449 #endif |
| 24752 | 450 #if defined CC_HierarchyControl && CC_HierarchyControl == YES |
| 24753 | 451 #define TPM_CC_HierarchyControl (TPM_CC)(0x00000121) |
| 24754 | 452 #endif |
| 24755 | 453 #if defined CC_NV_UndefineSpace && CC_NV_UndefineSpace == YES |
| 24756 | 454 #define TPM_CC_NV_UndefineSpace (TPM_CC)(0x00000122) |
| 24757 | 455 #endif |
| 24758 | 456 #if defined CC_ChangeEPS && CC_ChangeEPS == YES |
| 24759 | 457 #define TPM_CC_ChangeEPS (TPM_CC)(0x00000124) |
| 24760 | 458 #endif |
| 24761 | 459 #if defined CC_ChangePPS && CC_ChangePPS == YES |
| 24762 | 460 #define TPM_CC_ChangePPS (TPM_CC)(0x00000125) |
| 24763 | 461 #endif |
| 24764 | 462 #if defined CC_Clear && CC_Clear == YES |
| 24765 | 463 #define TPM_CC_Clear (TPM_CC)(0x00000126) |
| 24766 | 464 #endif |
| 24767 | 465 #if defined CC_ClearControl && CC_ClearControl == YES |
| 24768 | 466 #define TPM_CC_ClearControl (TPM_CC)(0x00000127) |
| 24769 | 467 #endif |
| 24770 | 468 #if defined CC_ClockSet && CC_ClockSet == YES |
| 24771 | 469 #define TPM_CC_ClockSet (TPM_CC)(0x00000128) |
| 24772 | 470 #endif |
| 24773 | 471 #if defined CC_HierarchyChangeAuth && CC_HierarchyChangeAuth == YES |
| 24774 | 472 #define TPM_CC_HierarchyChangeAuth (TPM_CC)(0x00000129) |
| 24775 | 473 #endif |
| 24776 | 474 #if defined CC_NV_DefineSpace && CC_NV_DefineSpace == YES |
| 24777 | 475 #define TPM_CC_NV_DefineSpace (TPM_CC)(0x0000012A) |
| 24778 | 476 #endif |
| 24779 | 477 #if defined CC_PCR_Allocate && CC_PCR_Allocate == YES |
| 24780 | 478 #define TPM_CC_PCR_Allocate (TPM_CC)(0x0000012B) |
| 24781 | 479 #endif |
| 24782 | 480 #if defined CC_PCR_SetAuthPolicy && CC_PCR_SetAuthPolicy == YES |
| 24783 | 481 #define TPM_CC_PCR_SetAuthPolicy (TPM_CC)(0x0000012C) |
| 24784 | 482 #endif |
| 24785 | 483 #if defined CC_PP_Commands && CC_PP_Commands == YES |
| 24786 | 484 #define TPM_CC_PP_Commands (TPM_CC)(0x0000012D) |
| 24787 | 485 #endif |
| 24788 | 486 #if defined CC_SetPrimaryPolicy && CC_SetPrimaryPolicy == YES |
| 24789 | 487 #define TPM_CC_SetPrimaryPolicy (TPM_CC)(0x0000012E) |
| 24790 | 488 #endif |
| 24791 | 489 #if defined CC_FieldUpgradeStart && CC_FieldUpgradeStart == YES |
| 24792 | 490 #define TPM_CC_FieldUpgradeStart (TPM_CC)(0x0000012F) |
| 24793 | 491 #endif |
| 24794 | |
| 24795 | Page 352 TCG Published Family "2.0" |
| 24796 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 24797 | Part 4: Supporting Routines Trusted Platform Module Library |
| 24798 | |
| 24799 | 492 #if defined CC_ClockRateAdjust && CC_ClockRateAdjust == YES |
| 24800 | 493 #define TPM_CC_ClockRateAdjust (TPM_CC)(0x00000130) |
| 24801 | 494 #endif |
| 24802 | 495 #if defined CC_CreatePrimary && CC_CreatePrimary == YES |
| 24803 | 496 #define TPM_CC_CreatePrimary (TPM_CC)(0x00000131) |
| 24804 | 497 #endif |
| 24805 | 498 #if defined CC_NV_GlobalWriteLock && CC_NV_GlobalWriteLock == YES |
| 24806 | 499 #define TPM_CC_NV_GlobalWriteLock (TPM_CC)(0x00000132) |
| 24807 | 500 #endif |
| 24808 | 501 #define TPM_CC_PP_LAST (TPM_CC)(0x00000132) |
| 24809 | 502 #if defined CC_GetCommandAuditDigest && CC_GetCommandAuditDigest == YES |
| 24810 | 503 #define TPM_CC_GetCommandAuditDigest (TPM_CC)(0x00000133) |
| 24811 | 504 #endif |
| 24812 | 505 #if defined CC_NV_Increment && CC_NV_Increment == YES |
| 24813 | 506 #define TPM_CC_NV_Increment (TPM_CC)(0x00000134) |
| 24814 | 507 #endif |
| 24815 | 508 #if defined CC_NV_SetBits && CC_NV_SetBits == YES |
| 24816 | 509 #define TPM_CC_NV_SetBits (TPM_CC)(0x00000135) |
| 24817 | 510 #endif |
| 24818 | 511 #if defined CC_NV_Extend && CC_NV_Extend == YES |
| 24819 | 512 #define TPM_CC_NV_Extend (TPM_CC)(0x00000136) |
| 24820 | 513 #endif |
| 24821 | 514 #if defined CC_NV_Write && CC_NV_Write == YES |
| 24822 | 515 #define TPM_CC_NV_Write (TPM_CC)(0x00000137) |
| 24823 | 516 #endif |
| 24824 | 517 #if defined CC_NV_WriteLock && CC_NV_WriteLock == YES |
| 24825 | 518 #define TPM_CC_NV_WriteLock (TPM_CC)(0x00000138) |
| 24826 | 519 #endif |
| 24827 | 520 #if defined CC_DictionaryAttackLockReset && CC_DictionaryAttackLockReset == YES |
| 24828 | 521 #define TPM_CC_DictionaryAttackLockReset (TPM_CC)(0x00000139) |
| 24829 | 522 #endif |
| 24830 | 523 #if defined CC_DictionaryAttackParameters && CC_DictionaryAttackParameters == YES |
| 24831 | 524 #define TPM_CC_DictionaryAttackParameters (TPM_CC)(0x0000013A) |
| 24832 | 525 #endif |
| 24833 | 526 #if defined CC_NV_ChangeAuth && CC_NV_ChangeAuth == YES |
| 24834 | 527 #define TPM_CC_NV_ChangeAuth (TPM_CC)(0x0000013B) |
| 24835 | 528 #endif |
| 24836 | 529 #if defined CC_PCR_Event && CC_PCR_Event == YES |
| 24837 | 530 #define TPM_CC_PCR_Event (TPM_CC)(0x0000013C) |
| 24838 | 531 #endif |
| 24839 | 532 #if defined CC_PCR_Reset && CC_PCR_Reset == YES |
| 24840 | 533 #define TPM_CC_PCR_Reset (TPM_CC)(0x0000013D) |
| 24841 | 534 #endif |
| 24842 | 535 #if defined CC_SequenceComplete && CC_SequenceComplete == YES |
| 24843 | 536 #define TPM_CC_SequenceComplete (TPM_CC)(0x0000013E) |
| 24844 | 537 #endif |
| 24845 | 538 #if defined CC_SetAlgorithmSet && CC_SetAlgorithmSet == YES |
| 24846 | 539 #define TPM_CC_SetAlgorithmSet (TPM_CC)(0x0000013F) |
| 24847 | 540 #endif |
| 24848 | 541 #if defined CC_SetCommandCodeAuditStatus && CC_SetCommandCodeAuditStatus == YES |
| 24849 | 542 #define TPM_CC_SetCommandCodeAuditStatus (TPM_CC)(0x00000140) |
| 24850 | 543 #endif |
| 24851 | 544 #if defined CC_FieldUpgradeData && CC_FieldUpgradeData == YES |
| 24852 | 545 #define TPM_CC_FieldUpgradeData (TPM_CC)(0x00000141) |
| 24853 | 546 #endif |
| 24854 | 547 #if defined CC_IncrementalSelfTest && CC_IncrementalSelfTest == YES |
| 24855 | 548 #define TPM_CC_IncrementalSelfTest (TPM_CC)(0x00000142) |
| 24856 | 549 #endif |
| 24857 | 550 #if defined CC_SelfTest && CC_SelfTest == YES |
| 24858 | 551 #define TPM_CC_SelfTest (TPM_CC)(0x00000143) |
| 24859 | 552 #endif |
| 24860 | 553 #if defined CC_Startup && CC_Startup == YES |
| 24861 | 554 #define TPM_CC_Startup (TPM_CC)(0x00000144) |
| 24862 | 555 #endif |
| 24863 | 556 #if defined CC_Shutdown && CC_Shutdown == YES |
| 24864 | 557 #define TPM_CC_Shutdown (TPM_CC)(0x00000145) |
| 24865 | |
| 24866 | Family "2.0" TCG Published Page 353 |
| 24867 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 24868 | Trusted Platform Module Library Part 4: Supporting Routines |
| 24869 | |
| 24870 | 558 #endif |
| 24871 | 559 #if defined CC_StirRandom && CC_StirRandom == YES |
| 24872 | 560 #define TPM_CC_StirRandom (TPM_CC)(0x00000146) |
| 24873 | 561 #endif |
| 24874 | 562 #if defined CC_ActivateCredential && CC_ActivateCredential == YES |
| 24875 | 563 #define TPM_CC_ActivateCredential (TPM_CC)(0x00000147) |
| 24876 | 564 #endif |
| 24877 | 565 #if defined CC_Certify && CC_Certify == YES |
| 24878 | 566 #define TPM_CC_Certify (TPM_CC)(0x00000148) |
| 24879 | 567 #endif |
| 24880 | 568 #if defined CC_PolicyNV && CC_PolicyNV == YES |
| 24881 | 569 #define TPM_CC_PolicyNV (TPM_CC)(0x00000149) |
| 24882 | 570 #endif |
| 24883 | 571 #if defined CC_CertifyCreation && CC_CertifyCreation == YES |
| 24884 | 572 #define TPM_CC_CertifyCreation (TPM_CC)(0x0000014A) |
| 24885 | 573 #endif |
| 24886 | 574 #if defined CC_Duplicate && CC_Duplicate == YES |
| 24887 | 575 #define TPM_CC_Duplicate (TPM_CC)(0x0000014B) |
| 24888 | 576 #endif |
| 24889 | 577 #if defined CC_GetTime && CC_GetTime == YES |
| 24890 | 578 #define TPM_CC_GetTime (TPM_CC)(0x0000014C) |
| 24891 | 579 #endif |
| 24892 | 580 #if defined CC_GetSessionAuditDigest && CC_GetSessionAuditDigest == YES |
| 24893 | 581 #define TPM_CC_GetSessionAuditDigest (TPM_CC)(0x0000014D) |
| 24894 | 582 #endif |
| 24895 | 583 #if defined CC_NV_Read && CC_NV_Read == YES |
| 24896 | 584 #define TPM_CC_NV_Read (TPM_CC)(0x0000014E) |
| 24897 | 585 #endif |
| 24898 | 586 #if defined CC_NV_ReadLock && CC_NV_ReadLock == YES |
| 24899 | 587 #define TPM_CC_NV_ReadLock (TPM_CC)(0x0000014F) |
| 24900 | 588 #endif |
| 24901 | 589 #if defined CC_ObjectChangeAuth && CC_ObjectChangeAuth == YES |
| 24902 | 590 #define TPM_CC_ObjectChangeAuth (TPM_CC)(0x00000150) |
| 24903 | 591 #endif |
| 24904 | 592 #if defined CC_PolicySecret && CC_PolicySecret == YES |
| 24905 | 593 #define TPM_CC_PolicySecret (TPM_CC)(0x00000151) |
| 24906 | 594 #endif |
| 24907 | 595 #if defined CC_Rewrap && CC_Rewrap == YES |
| 24908 | 596 #define TPM_CC_Rewrap (TPM_CC)(0x00000152) |
| 24909 | 597 #endif |
| 24910 | 598 #if defined CC_Create && CC_Create == YES |
| 24911 | 599 #define TPM_CC_Create (TPM_CC)(0x00000153) |
| 24912 | 600 #endif |
| 24913 | 601 #if defined CC_ECDH_ZGen && CC_ECDH_ZGen == YES |
| 24914 | 602 #define TPM_CC_ECDH_ZGen (TPM_CC)(0x00000154) |
| 24915 | 603 #endif |
| 24916 | 604 #if defined CC_HMAC && CC_HMAC == YES |
| 24917 | 605 #define TPM_CC_HMAC (TPM_CC)(0x00000155) |
| 24918 | 606 #endif |
| 24919 | 607 #if defined CC_Import && CC_Import == YES |
| 24920 | 608 #define TPM_CC_Import (TPM_CC)(0x00000156) |
| 24921 | 609 #endif |
| 24922 | 610 #if defined CC_Load && CC_Load == YES |
| 24923 | 611 #define TPM_CC_Load (TPM_CC)(0x00000157) |
| 24924 | 612 #endif |
| 24925 | 613 #if defined CC_Quote && CC_Quote == YES |
| 24926 | 614 #define TPM_CC_Quote (TPM_CC)(0x00000158) |
| 24927 | 615 #endif |
| 24928 | 616 #if defined CC_RSA_Decrypt && CC_RSA_Decrypt == YES |
| 24929 | 617 #define TPM_CC_RSA_Decrypt (TPM_CC)(0x00000159) |
| 24930 | 618 #endif |
| 24931 | 619 #if defined CC_HMAC_Start && CC_HMAC_Start == YES |
| 24932 | 620 #define TPM_CC_HMAC_Start (TPM_CC)(0x0000015B) |
| 24933 | 621 #endif |
| 24934 | 622 #if defined CC_SequenceUpdate && CC_SequenceUpdate == YES |
| 24935 | 623 #define TPM_CC_SequenceUpdate (TPM_CC)(0x0000015C) |
| 24936 | |
| 24937 | Page 354 TCG Published Family "2.0" |
| 24938 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 24939 | Part 4: Supporting Routines Trusted Platform Module Library |
| 24940 | |
| 24941 | 624 #endif |
| 24942 | 625 #if defined CC_Sign && CC_Sign == YES |
| 24943 | 626 #define TPM_CC_Sign (TPM_CC)(0x0000015D) |
| 24944 | 627 #endif |
| 24945 | 628 #if defined CC_Unseal && CC_Unseal == YES |
| 24946 | 629 #define TPM_CC_Unseal (TPM_CC)(0x0000015E) |
| 24947 | 630 #endif |
| 24948 | 631 #if defined CC_PolicySigned && CC_PolicySigned == YES |
| 24949 | 632 #define TPM_CC_PolicySigned (TPM_CC)(0x00000160) |
| 24950 | 633 #endif |
| 24951 | 634 #if defined CC_ContextLoad && CC_ContextLoad == YES |
| 24952 | 635 #define TPM_CC_ContextLoad (TPM_CC)(0x00000161) |
| 24953 | 636 #endif |
| 24954 | 637 #if defined CC_ContextSave && CC_ContextSave == YES |
| 24955 | 638 #define TPM_CC_ContextSave (TPM_CC)(0x00000162) |
| 24956 | 639 #endif |
| 24957 | 640 #if defined CC_ECDH_KeyGen && CC_ECDH_KeyGen == YES |
| 24958 | 641 #define TPM_CC_ECDH_KeyGen (TPM_CC)(0x00000163) |
| 24959 | 642 #endif |
| 24960 | 643 #if defined CC_EncryptDecrypt && CC_EncryptDecrypt == YES |
| 24961 | 644 #define TPM_CC_EncryptDecrypt (TPM_CC)(0x00000164) |
| 24962 | 645 #endif |
| 24963 | 646 #if defined CC_FlushContext && CC_FlushContext == YES |
| 24964 | 647 #define TPM_CC_FlushContext (TPM_CC)(0x00000165) |
| 24965 | 648 #endif |
| 24966 | 649 #if defined CC_LoadExternal && CC_LoadExternal == YES |
| 24967 | 650 #define TPM_CC_LoadExternal (TPM_CC)(0x00000167) |
| 24968 | 651 #endif |
| 24969 | 652 #if defined CC_MakeCredential && CC_MakeCredential == YES |
| 24970 | 653 #define TPM_CC_MakeCredential (TPM_CC)(0x00000168) |
| 24971 | 654 #endif |
| 24972 | 655 #if defined CC_NV_ReadPublic && CC_NV_ReadPublic == YES |
| 24973 | 656 #define TPM_CC_NV_ReadPublic (TPM_CC)(0x00000169) |
| 24974 | 657 #endif |
| 24975 | 658 #if defined CC_PolicyAuthorize && CC_PolicyAuthorize == YES |
| 24976 | 659 #define TPM_CC_PolicyAuthorize (TPM_CC)(0x0000016A) |
| 24977 | 660 #endif |
| 24978 | 661 #if defined CC_PolicyAuthValue && CC_PolicyAuthValue == YES |
| 24979 | 662 #define TPM_CC_PolicyAuthValue (TPM_CC)(0x0000016B) |
| 24980 | 663 #endif |
| 24981 | 664 #if defined CC_PolicyCommandCode && CC_PolicyCommandCode == YES |
| 24982 | 665 #define TPM_CC_PolicyCommandCode (TPM_CC)(0x0000016C) |
| 24983 | 666 #endif |
| 24984 | 667 #if defined CC_PolicyCounterTimer && CC_PolicyCounterTimer == YES |
| 24985 | 668 #define TPM_CC_PolicyCounterTimer (TPM_CC)(0x0000016D) |
| 24986 | 669 #endif |
| 24987 | 670 #if defined CC_PolicyCpHash && CC_PolicyCpHash == YES |
| 24988 | 671 #define TPM_CC_PolicyCpHash (TPM_CC)(0x0000016E) |
| 24989 | 672 #endif |
| 24990 | 673 #if defined CC_PolicyLocality && CC_PolicyLocality == YES |
| 24991 | 674 #define TPM_CC_PolicyLocality (TPM_CC)(0x0000016F) |
| 24992 | 675 #endif |
| 24993 | 676 #if defined CC_PolicyNameHash && CC_PolicyNameHash == YES |
| 24994 | 677 #define TPM_CC_PolicyNameHash (TPM_CC)(0x00000170) |
| 24995 | 678 #endif |
| 24996 | 679 #if defined CC_PolicyOR && CC_PolicyOR == YES |
| 24997 | 680 #define TPM_CC_PolicyOR (TPM_CC)(0x00000171) |
| 24998 | 681 #endif |
| 24999 | 682 #if defined CC_PolicyTicket && CC_PolicyTicket == YES |
| 25000 | 683 #define TPM_CC_PolicyTicket (TPM_CC)(0x00000172) |
| 25001 | 684 #endif |
| 25002 | 685 #if defined CC_ReadPublic && CC_ReadPublic == YES |
| 25003 | 686 #define TPM_CC_ReadPublic (TPM_CC)(0x00000173) |
| 25004 | 687 #endif |
| 25005 | 688 #if defined CC_RSA_Encrypt && CC_RSA_Encrypt == YES |
| 25006 | 689 #define TPM_CC_RSA_Encrypt (TPM_CC)(0x00000174) |
| 25007 | |
| 25008 | Family "2.0" TCG Published Page 355 |
| 25009 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 25010 | Trusted Platform Module Library Part 4: Supporting Routines |
| 25011 | |
| 25012 | 690 #endif |
| 25013 | 691 #if defined CC_StartAuthSession && CC_StartAuthSession == YES |
| 25014 | 692 #define TPM_CC_StartAuthSession (TPM_CC)(0x00000176) |
| 25015 | 693 #endif |
| 25016 | 694 #if defined CC_VerifySignature && CC_VerifySignature == YES |
| 25017 | 695 #define TPM_CC_VerifySignature (TPM_CC)(0x00000177) |
| 25018 | 696 #endif |
| 25019 | 697 #if defined CC_ECC_Parameters && CC_ECC_Parameters == YES |
| 25020 | 698 #define TPM_CC_ECC_Parameters (TPM_CC)(0x00000178) |
| 25021 | 699 #endif |
| 25022 | 700 #if defined CC_FirmwareRead && CC_FirmwareRead == YES |
| 25023 | 701 #define TPM_CC_FirmwareRead (TPM_CC)(0x00000179) |
| 25024 | 702 #endif |
| 25025 | 703 #if defined CC_GetCapability && CC_GetCapability == YES |
| 25026 | 704 #define TPM_CC_GetCapability (TPM_CC)(0x0000017A) |
| 25027 | 705 #endif |
| 25028 | 706 #if defined CC_GetRandom && CC_GetRandom == YES |
| 25029 | 707 #define TPM_CC_GetRandom (TPM_CC)(0x0000017B) |
| 25030 | 708 #endif |
| 25031 | 709 #if defined CC_GetTestResult && CC_GetTestResult == YES |
| 25032 | 710 #define TPM_CC_GetTestResult (TPM_CC)(0x0000017C) |
| 25033 | 711 #endif |
| 25034 | 712 #if defined CC_Hash && CC_Hash == YES |
| 25035 | 713 #define TPM_CC_Hash (TPM_CC)(0x0000017D) |
| 25036 | 714 #endif |
| 25037 | 715 #if defined CC_PCR_Read && CC_PCR_Read == YES |
| 25038 | 716 #define TPM_CC_PCR_Read (TPM_CC)(0x0000017E) |
| 25039 | 717 #endif |
| 25040 | 718 #if defined CC_PolicyPCR && CC_PolicyPCR == YES |
| 25041 | 719 #define TPM_CC_PolicyPCR (TPM_CC)(0x0000017F) |
| 25042 | 720 #endif |
| 25043 | 721 #if defined CC_PolicyRestart && CC_PolicyRestart == YES |
| 25044 | 722 #define TPM_CC_PolicyRestart (TPM_CC)(0x00000180) |
| 25045 | 723 #endif |
| 25046 | 724 #if defined CC_ReadClock && CC_ReadClock == YES |
| 25047 | 725 #define TPM_CC_ReadClock (TPM_CC)(0x00000181) |
| 25048 | 726 #endif |
| 25049 | 727 #if defined CC_PCR_Extend && CC_PCR_Extend == YES |
| 25050 | 728 #define TPM_CC_PCR_Extend (TPM_CC)(0x00000182) |
| 25051 | 729 #endif |
| 25052 | 730 #if defined CC_PCR_SetAuthValue && CC_PCR_SetAuthValue == YES |
| 25053 | 731 #define TPM_CC_PCR_SetAuthValue (TPM_CC)(0x00000183) |
| 25054 | 732 #endif |
| 25055 | 733 #if defined CC_NV_Certify && CC_NV_Certify == YES |
| 25056 | 734 #define TPM_CC_NV_Certify (TPM_CC)(0x00000184) |
| 25057 | 735 #endif |
| 25058 | 736 #if defined CC_EventSequenceComplete && CC_EventSequenceComplete == YES |
| 25059 | 737 #define TPM_CC_EventSequenceComplete (TPM_CC)(0x00000185) |
| 25060 | 738 #endif |
| 25061 | 739 #if defined CC_HashSequenceStart && CC_HashSequenceStart == YES |
| 25062 | 740 #define TPM_CC_HashSequenceStart (TPM_CC)(0x00000186) |
| 25063 | 741 #endif |
| 25064 | 742 #if defined CC_PolicyPhysicalPresence && CC_PolicyPhysicalPresence == YES |
| 25065 | 743 #define TPM_CC_PolicyPhysicalPresence (TPM_CC)(0x00000187) |
| 25066 | 744 #endif |
| 25067 | 745 #if defined CC_PolicyDuplicationSelect && CC_PolicyDuplicationSelect == YES |
| 25068 | 746 #define TPM_CC_PolicyDuplicationSelect (TPM_CC)(0x00000188) |
| 25069 | 747 #endif |
| 25070 | 748 #if defined CC_PolicyGetDigest && CC_PolicyGetDigest == YES |
| 25071 | 749 #define TPM_CC_PolicyGetDigest (TPM_CC)(0x00000189) |
| 25072 | 750 #endif |
| 25073 | 751 #if defined CC_TestParms && CC_TestParms == YES |
| 25074 | 752 #define TPM_CC_TestParms (TPM_CC)(0x0000018A) |
| 25075 | 753 #endif |
| 25076 | 754 #if defined CC_Commit && CC_Commit == YES |
| 25077 | 755 #define TPM_CC_Commit (TPM_CC)(0x0000018B) |
| 25078 | |
| 25079 | Page 356 TCG Published Family "2.0" |
| 25080 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 25081 | Part 4: Supporting Routines Trusted Platform Module Library |
| 25082 | |
| 25083 | 756 #endif |
| 25084 | 757 #if defined CC_PolicyPassword && CC_PolicyPassword == YES |
| 25085 | 758 #define TPM_CC_PolicyPassword (TPM_CC)(0x0000018C) |
| 25086 | 759 #endif |
| 25087 | 760 #if defined CC_ZGen_2Phase && CC_ZGen_2Phase == YES |
| 25088 | 761 #define TPM_CC_ZGen_2Phase (TPM_CC)(0x0000018D) |
| 25089 | 762 #endif |
| 25090 | 763 #if defined CC_EC_Ephemeral && CC_EC_Ephemeral == YES |
| 25091 | 764 #define TPM_CC_EC_Ephemeral (TPM_CC)(0x0000018E) |
| 25092 | 765 #endif |
| 25093 | 766 #if defined CC_PolicyNvWritten && CC_PolicyNvWritten == YES |
| 25094 | 767 #define TPM_CC_PolicyNvWritten (TPM_CC)(0x0000018F) |
| 25095 | 768 #endif |
| 25096 | 769 #define TPM_CC_LAST (TPM_CC)(0x0000018F) |
| 25097 | 770 #ifndef MAX |
| 25098 | 771 #define MAX(a, b) ((a) > (b) ? (a) : (b)) |
| 25099 | 772 #endif |
| 25100 | 773 #define MAX_HASH_BLOCK_SIZE ( \ |
| 25101 | 774 MAX(ALG_SHA1 * SHA1_BLOCK_SIZE, \ |
| 25102 | 775 MAX(ALG_SHA256 * SHA256_BLOCK_SIZE, \ |
| 25103 | 776 MAX(ALG_SHA384 * SHA384_BLOCK_SIZE, \ |
| 25104 | 777 MAX(ALG_SM3_256 * SM3_256_BLOCK_SIZE, \ |
| 25105 | 778 MAX(ALG_SHA512 * SHA512_BLOCK_SIZE, \ |
| 25106 | 779 0 )))))) |
| 25107 | 780 #define MAX_DIGEST_SIZE ( \ |
| 25108 | 781 MAX(ALG_SHA1 * SHA1_DIGEST_SIZE, \ |
| 25109 | 782 MAX(ALG_SHA256 * SHA256_DIGEST_SIZE, \ |
| 25110 | 783 MAX(ALG_SHA384 * SHA384_DIGEST_SIZE, \ |
| 25111 | 784 MAX(ALG_SM3_256 * SM3_256_DIGEST_SIZE, \ |
| 25112 | 785 MAX(ALG_SHA512 * SHA512_DIGEST_SIZE, \ |
| 25113 | 786 0 )))))) |
| 25114 | 787 #if MAX_DIGEST_SIZE == 0 || MAX_HASH_BLOCK_SIZE == 0 |
| 25115 | 788 #error "Hash data not valid" |
| 25116 | 789 #endif |
| 25117 | 790 #define HASH_COUNT (ALG_SHA1+ALG_SHA256+ALG_SHA384+ALG_SM3_256+ALG_SHA512) |
| 25118 | |
| 25119 | Define the 2B structure that would hold any hash block |
| 25120 | |
| 25121 | 791 TPM2B_TYPE(MAX_HASH_BLOCK, MAX_HASH_BLOCK_SIZE); |
| 25122 | |
| 25123 | Folloing typedef is for some old code |
| 25124 | |
| 25125 | 792 typedef TPM2B_MAX_HASH_BLOCK TPM2B_HASH_BLOCK; |
| 25126 | 793 #ifndef MAX |
| 25127 | 794 #define MAX(a, b) ((a) > (b) ? (a) : (b)) |
| 25128 | 795 #endif |
| 25129 | 796 #ifndef ALG_CAMELLIA |
| 25130 | 797 # define ALG_CAMELLIA NO |
| 25131 | 798 #endif |
| 25132 | 799 #ifndef MAX_CAMELLIA_KEY_BITS |
| 25133 | 800 # define MAX_CAMELLIA_KEY_BITS 0 |
| 25134 | 801 # define MAX_CAMELLIA_BLOCK_SIZE_BYTES 0 |
| 25135 | 802 #endif |
| 25136 | 803 #ifndef ALG_SM4 |
| 25137 | 804 # define ALG_SM4 NO |
| 25138 | 805 #endif |
| 25139 | 806 #ifndef MAX_SM4_KEY_BITS |
| 25140 | 807 # define MAX_SM4_KEY_BITS 0 |
| 25141 | 808 # define MAX_SM4_BLOCK_SIZE_BYTES 0 |
| 25142 | 809 #endif |
| 25143 | 810 #ifndef ALG_AES |
| 25144 | 811 # define ALG_AES NO |
| 25145 | 812 #endif |
| 25146 | 813 #ifndef MAX_AES_KEY_BITS |
| 25147 | 814 # define MAX_AES_KEY_BITS 0 |
| 25148 | |
| 25149 | Family "2.0" TCG Published Page 357 |
| 25150 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 25151 | Trusted Platform Module Library Part 4: Supporting Routines |
| 25152 | |
| 25153 | 815 # define MAX_AES_BLOCK_SIZE_BYTES 0 |
| 25154 | 816 #endif |
| 25155 | 817 #define MAX_SYM_KEY_BITS ( \ |
| 25156 | 818 MAX(MAX_CAMELLIA_KEY_BITS * ALG_CAMELLIA, \ |
| 25157 | 819 MAX(MAX_SM4_KEY_BITS * ALG_SM4, \ |
| 25158 | 820 MAX(MAX_AES_KEY_BITS * ALG_AES, \ |
| 25159 | 821 0)))) |
| 25160 | 822 #define MAX_SYM_KEY_BYTES ((MAX_SYM_KEY_BITS + 7) / 8) |
| 25161 | 823 #define MAX_SYM_BLOCK_SIZE ( \ |
| 25162 | 824 MAX(MAX_CAMELLIA_BLOCK_SIZE_BYTES * ALG_CAMELLIA, \ |
| 25163 | 825 MAX(MAX_SM4_BLOCK_SIZE_BYTES * ALG_SM4, \ |
| 25164 | 826 MAX(MAX_AES_BLOCK_SIZE_BYTES * ALG_AES, \ |
| 25165 | 827 0)))) |
| 25166 | 828 #if MAX_SYM_KEY_BITS == 0 || MAX_SYM_BLOCK_SIZE == 0 |
| 25167 | 829 # error Bad size for MAX_SYM_KEY_BITS or MAX_SYM_BLOCK_SIZE |
| 25168 | 830 #endif |
| 25169 | |
| 25170 | Define the 2B structure for a seed |
| 25171 | |
| 25172 | 831 TPM2B_TYPE(SEED, PRIMARY_SEED_SIZE); |
| 25173 | 832 #endif // _IMPLEMENTATION_H_ |
| 25174 | |
| 25175 | |
| 25176 | |
| 25177 | |
| 25178 | Page 358 TCG Published Family "2.0" |
| 25179 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 25180 | Part 4: Supporting Routines Trusted Platform Module Library |
| 25181 | |
| 25182 | |
| 25183 | Annex B |
| 25184 | (informative) |
| 25185 | Cryptographic Library Interface |
| 25186 | |
| 25187 | B.1 Introduction |
| 25188 | |
| 25189 | The files in this annex provide cryptographic support functions for the TPM. |
| 25190 | When possible, the functions in these files make calls to functions that are provided by a cryptographic |
| 25191 | library (for this annex, it is OpenSSL). In many cases, there is a mismatch between the function |
| 25192 | performed by the cryptographic library and the function needed by the TPM. In those cases, a function is |
| 25193 | provided in the code in this clause. |
| 25194 | There are cases where the cryptographic library could have been used for a specific function but not all |
| 25195 | functions of the same group. An example is that the OpenSSL version of CFB was not suitable for the |
| 25196 | requirements of the TPM. Rather than have one symmetric mode be provided in this code with the |
| 25197 | remaining modes provided by OpenSSL, all the symmetric modes are provided in this code. |
| 25198 | The provided cryptographic code is believed to be functionally correct but it might not be conformant with |
| 25199 | all applicable standards. For example, the RSA key generation schemes produces serviceable RSA keys |
| 25200 | but the method is not compliant with FIPS 186-3. Still, the implementation meets the major objective of |
| 25201 | the implementation, which is to demonstrate proper TPM behavior. It is not an objective of this |
| 25202 | implementation to be submitted for certification. |
| 25203 | |
| 25204 | B.2 Integer Format |
| 25205 | |
| 25206 | The big integers passed to/from the function interfaces in the crypto engine are in BYTE buffers that have |
| 25207 | the same format used in the TPM 2.0 specification that states: |
| 25208 | "Integer values are considered to be an array of one or more bytes. The byte at offset zero within the |
| 25209 | array is the most significant byte of the integer." |
| 25210 | |
| 25211 | |
| 25212 | |
| 25213 | |
| 25214 | B.3 CryptoEngine.h |
| 25215 | |
| 25216 | B.3.1. Introduction |
| 25217 | |
| 25218 | This file contains constant definition shared by CryptUtil() and the parts of the Crypto Engine. |
| 25219 | |
| 25220 | 1 #ifndef _CRYPT_PRI_H |
| 25221 | 2 #define _CRYPT_PRI_H |
| 25222 | 3 #include <stddef.h> |
| 25223 | 4 #include "TpmBuildSwitches.h" |
| 25224 | 5 #include "BaseTypes.h" |
| 25225 | 6 #include "TpmError.h" |
| 25226 | 7 #include "swap.h" |
| 25227 | 8 #include "Implementation.h" |
| 25228 | 9 #include "TPM_types.h" |
| 25229 | 10 //#include "TPMB.h" |
| 25230 | 11 #include "bool.h" |
| 25231 | 12 #include "Platform.h" |
| 25232 | 13 #ifndef NULL |
| 25233 | 14 #define NULL 0 |
| 25234 | 15 #endif |
| 25235 | 16 typedef UINT16 NUMBYTES; // When a size is a number of bytes |
| 25236 | 17 typedef UINT32 NUMDIGITS; // When a size is a number of "digits" |
| 25237 | |
| 25238 | Family "2.0" TCG Published Page 359 |
| 25239 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 25240 | Trusted Platform Module Library Part 4: Supporting Routines |
| 25241 | |
| 25242 | B.3.2. General Purpose Macros |
| 25243 | |
| 25244 | 18 #ifndef MAX |
| 25245 | 19 # define MAX(a, b) ((a) > (b) ? (a) : b) |
| 25246 | 20 #endif |
| 25247 | |
| 25248 | This is the definition of a bit array with one bit per algorithm |
| 25249 | |
| 25250 | 21 typedef BYTE ALGORITHM_VECTOR[(ALG_LAST_VALUE + 7) / 8]; |
| 25251 | |
| 25252 | |
| 25253 | B.3.3. Self-test |
| 25254 | |
| 25255 | This structure is used to contain self-test tracking information for the crypto engine. Each of the major |
| 25256 | modules is given a 32-bit value in which it may maintain its own self test information. The convention for |
| 25257 | this state is that when all of the bits in this structure are 0, all functions need to be tested. |
| 25258 | |
| 25259 | 22 typedef struct { |
| 25260 | 23 UINT32 rng; |
| 25261 | 24 UINT32 hash; |
| 25262 | 25 UINT32 sym; |
| 25263 | 26 #ifdef TPM_ALG_RSA |
| 25264 | 27 UINT32 rsa; |
| 25265 | 28 #endif |
| 25266 | 29 #ifdef TPM_ALG_ECC |
| 25267 | 30 UINT32 ecc; |
| 25268 | 31 #endif |
| 25269 | 32 } CRYPTO_SELF_TEST_STATE; |
| 25270 | |
| 25271 | |
| 25272 | B.3.4. Hash-related Structures |
| 25273 | |
| 25274 | 33 typedef struct { |
| 25275 | 34 const TPM_ALG_ID alg; |
| 25276 | 35 const NUMBYTES digestSize; |
| 25277 | 36 const NUMBYTES blockSize; |
| 25278 | 37 const NUMBYTES derSize; |
| 25279 | 38 const BYTE der[20]; |
| 25280 | 39 } HASH_INFO; |
| 25281 | |
| 25282 | This value will change with each implementation. The value of 16 is used to account for any slop in the |
| 25283 | context values. The overall size needs to be as large as any of the hash contexts. The structure needs to |
| 25284 | start on an alignment boundary and be an even multiple of the alignment |
| 25285 | |
| 25286 | 40 #define ALIGNED_SIZE(x, b) ((((x) + (b) - 1) / (b)) * (b)) |
| 25287 | 41 #define MAX_HASH_STATE_SIZE ((2 * MAX_HASH_BLOCK_SIZE) + 16) |
| 25288 | 42 #define MAX_HASH_STATE_SIZE_ALIGNED \ |
| 25289 | 43 ALIGNED_SIZE(MAX_HASH_STATE_SIZE, CRYPTO_ALIGNMENT) |
| 25290 | |
| 25291 | This is an byte array that will hold any of the hash contexts. |
| 25292 | |
| 25293 | 44 typedef CRYPTO_ALIGNED BYTE ALIGNED_HASH_STATE[MAX_HASH_STATE_SIZE_ALIGNED]; |
| 25294 | |
| 25295 | Macro to align an address to the next higher size |
| 25296 | |
| 25297 | 45 #define AlignPointer(address, align) \ |
| 25298 | 46 ((((intptr_t)&(address)) + (align - 1)) & ~(align - 1)) |
| 25299 | |
| 25300 | Macro to test alignment |
| 25301 | |
| 25302 | 47 #define IsAddressAligned(address, align) \ |
| 25303 | 48 (((intptr_t)(address) & (align - 1)) == 0) |
| 25304 | |
| 25305 | Page 360 TCG Published Family "2.0" |
| 25306 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 25307 | Part 4: Supporting Routines Trusted Platform Module Library |
| 25308 | |
| 25309 | |
| 25310 | This is the structure that is used for passing a context into the hashing functions. It should be the same |
| 25311 | size as the function context used within the hashing functions. This is checked when the hash function is |
| 25312 | initialized. This version uses a new layout for the contexts and a different definition. The state buffer is an |
| 25313 | array of HASH_UNIT values so that a decent compiler will put the structure on a HASH_UNIT boundary. |
| 25314 | If the structure is not properly aligned, the code that manipulates the structure will copy to a properly |
| 25315 | aligned structure before it is used and copy the result back. This just makes things slower. |
| 25316 | |
| 25317 | 49 typedef struct _HASH_STATE |
| 25318 | 50 { |
| 25319 | 51 ALIGNED_HASH_STATE state; |
| 25320 | 52 TPM_ALG_ID hashAlg; |
| 25321 | 53 } CPRI_HASH_STATE, *PCPRI_HASH_STATE; |
| 25322 | 54 extern const HASH_INFO g_hashData[HASH_COUNT + 1]; |
| 25323 | |
| 25324 | This is for the external hash state. This implementation assumes that the size of the exported hash state |
| 25325 | is no larger than the internal hash state. There is a compile-time check to make sure that this is true. |
| 25326 | |
| 25327 | 55 typedef struct { |
| 25328 | 56 ALIGNED_HASH_STATE buffer; |
| 25329 | 57 TPM_ALG_ID hashAlg; |
| 25330 | 58 } EXPORT_HASH_STATE; |
| 25331 | 59 typedef enum { |
| 25332 | 60 IMPORT_STATE, // Converts externally formatted state to internal |
| 25333 | 61 EXPORT_STATE // Converts internal formatted state to external |
| 25334 | 62 } IMPORT_EXPORT; |
| 25335 | |
| 25336 | Values and structures for the random number generator. These values are defined in this header file so |
| 25337 | that the size of the RNG state can be known to TPM.lib. This allows the allocation of some space in NV |
| 25338 | memory for the state to be stored on an orderly shutdown. The GET_PUT enum is used by |
| 25339 | _cpri__DrbgGetPutState() to indicate the direction of data flow. |
| 25340 | |
| 25341 | 63 typedef enum { |
| 25342 | 64 GET_STATE, // Get the state to save to NV |
| 25343 | 65 PUT_STATE // Restore the state from NV |
| 25344 | 66 } GET_PUT; |
| 25345 | |
| 25346 | The DRBG based on a symmetric block cipher is defined by three values, |
| 25347 | a) the key size |
| 25348 | b) the block size (the IV size) |
| 25349 | c) the symmetric algorithm |
| 25350 | |
| 25351 | 67 #define DRBG_KEY_SIZE_BITS MAX_AES_KEY_BITS |
| 25352 | 68 #define DRBG_IV_SIZE_BITS (MAX_AES_BLOCK_SIZE_BYTES * 8) |
| 25353 | 69 #define DRBG_ALGORITHM TPM_ALG_AES |
| 25354 | 70 #if ((DRBG_KEY_SIZE_BITS % 8) != 0) || ((DRBG_IV_SIZE_BITS % 8) != 0) |
| 25355 | 71 #error "Key size and IV for DRBG must be even multiples of 8" |
| 25356 | 72 #endif |
| 25357 | 73 #if (DRBG_KEY_SIZE_BITS % DRBG_IV_SIZE_BITS) != 0 |
| 25358 | 74 #error "Key size for DRBG must be even multiple of the cypher block size" |
| 25359 | 75 #endif |
| 25360 | 76 typedef UINT32 DRBG_SEED[(DRBG_KEY_SIZE_BITS + DRBG_IV_SIZE_BITS) / 32]; |
| 25361 | 77 typedef struct { |
| 25362 | 78 UINT64 reseedCounter; |
| 25363 | 79 UINT32 magic; |
| 25364 | 80 DRBG_SEED seed; // contains the key and IV for the counter mode DRBG |
| 25365 | 81 UINT32 lastValue[4]; // used when the TPM does continuous self-test |
| 25366 | 82 // for FIPS compliance of DRBG |
| 25367 | 83 } DRBG_STATE, *pDRBG_STATE; |
| 25368 | |
| 25369 | |
| 25370 | |
| 25371 | Family "2.0" TCG Published Page 361 |
| 25372 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 25373 | Trusted Platform Module Library Part 4: Supporting Routines |
| 25374 | |
| 25375 | B.3.5. Asymmetric Structures and Values |
| 25376 | |
| 25377 | 84 #ifdef TPM_ALG_ECC |
| 25378 | |
| 25379 | |
| 25380 | B.3.5.1. ECC-related Structures |
| 25381 | |
| 25382 | This structure replicates the structure definition in TPM_Types.h. It is duplicated to avoid inclusion of all of |
| 25383 | TPM_Types.h This structure is similar to the RSA_KEY structure below. The purpose of these structures |
| 25384 | is to reduce the overhead of a function call and to make the code less dependent on key types as much |
| 25385 | as possible. |
| 25386 | |
| 25387 | 85 typedef struct { |
| 25388 | 86 UINT32 curveID; // The curve identifier |
| 25389 | 87 TPMS_ECC_POINT *publicPoint; // Pointer to the public point |
| 25390 | 88 TPM2B_ECC_PARAMETER *privateKey; // Pointer to the private key |
| 25391 | 89 } ECC_KEY; |
| 25392 | 90 #endif // TPM_ALG_ECC |
| 25393 | 91 #ifdef TPM_ALG_RSA |
| 25394 | |
| 25395 | |
| 25396 | B.3.5.2. RSA-related Structures |
| 25397 | |
| 25398 | This structure is a succinct representation of the cryptographic components of an RSA key. |
| 25399 | |
| 25400 | 92 typedef struct { |
| 25401 | 93 UINT32 exponent; // The public exponent pointer |
| 25402 | 94 TPM2B *publicKey; // Pointer to the public modulus |
| 25403 | 95 TPM2B *privateKey; // The private exponent (not a prime) |
| 25404 | 96 } RSA_KEY; |
| 25405 | 97 #endif // TPM_ALG_RSA |
| 25406 | |
| 25407 | |
| 25408 | B.3.6. Miscelaneous |
| 25409 | |
| 25410 | 98 #ifdef TPM_ALG_RSA |
| 25411 | 99 # ifdef TPM_ALG_ECC |
| 25412 | 100 # if MAX_RSA_KEY_BYTES > MAX_ECC_KEY_BYTES |
| 25413 | 101 # define MAX_NUMBER_SIZE MAX_RSA_KEY_BYTES |
| 25414 | 102 # else |
| 25415 | 103 # define MAX_NUMBER_SIZE MAX_ECC_KEY_BYTES |
| 25416 | 104 # endif |
| 25417 | 105 # else // RSA but no ECC |
| 25418 | 106 # define MAX_NUMBER_SIZE MAX_RSA_KEY_BYTES |
| 25419 | 107 # endif |
| 25420 | 108 #elif defined TPM_ALG_ECC |
| 25421 | 109 # define MAX_NUMBER_SIZE MAX_ECC_KEY_BYTES |
| 25422 | 110 #else |
| 25423 | 111 # error No assymmetric algorithm implemented. |
| 25424 | 112 #endif |
| 25425 | 113 typedef INT16 CRYPT_RESULT; |
| 25426 | 114 #define CRYPT_RESULT_MIN INT16_MIN |
| 25427 | 115 #define CRYPT_RESULT_MAX INT16_MAX |
| 25428 | |
| 25429 | |
| 25430 | <0 recoverable error |
| 25431 | |
| 25432 | 0 success |
| 25433 | >0 command specific return value (generally a digest size) |
| 25434 | |
| 25435 | 116 #define CRYPT_FAIL ((CRYPT_RESULT) 1) |
| 25436 | 117 #define CRYPT_SUCCESS ((CRYPT_RESULT) 0) |
| 25437 | 118 #define CRYPT_NO_RESULT ((CRYPT_RESULT) -1) |
| 25438 | |
| 25439 | |
| 25440 | Page 362 TCG Published Family "2.0" |
| 25441 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 25442 | Part 4: Supporting Routines Trusted Platform Module Library |
| 25443 | |
| 25444 | 119 #define CRYPT_SCHEME ((CRYPT_RESULT) -2) |
| 25445 | 120 #define CRYPT_PARAMETER ((CRYPT_RESULT) -3) |
| 25446 | 121 #define CRYPT_UNDERFLOW ((CRYPT_RESULT) -4) |
| 25447 | 122 #define CRYPT_POINT ((CRYPT_RESULT) -5) |
| 25448 | 123 #define CRYPT_CANCEL ((CRYPT_RESULT) -6) |
| 25449 | 124 typedef UINT64 HASH_CONTEXT[MAX_HASH_STATE_SIZE/sizeof(UINT64)]; |
| 25450 | 125 #include "CpriCryptPri_fp.h" |
| 25451 | 126 #ifdef TPM_ALG_ECC |
| 25452 | 127 # include "CpriDataEcc.h" |
| 25453 | 128 # include "CpriECC_fp.h" |
| 25454 | 129 #endif |
| 25455 | 130 #include "MathFunctions_fp.h" |
| 25456 | 131 #include "CpriRNG_fp.h" |
| 25457 | 132 #include "CpriHash_fp.h" |
| 25458 | 133 #include "CpriSym_fp.h" |
| 25459 | 134 #ifdef TPM_ALG_RSA |
| 25460 | 135 # include "CpriRSA_fp.h" |
| 25461 | 136 #endif |
| 25462 | 137 #endif // !_CRYPT_PRI_H |
| 25463 | |
| 25464 | |
| 25465 | |
| 25466 | |
| 25467 | Family "2.0" TCG Published Page 363 |
| 25468 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 25469 | Trusted Platform Module Library Part 4: Supporting Routines |
| 25470 | |
| 25471 | |
| 25472 | |
| 25473 | B.4 OsslCryptoEngine.h |
| 25474 | |
| 25475 | B.4.1. Introduction |
| 25476 | |
| 25477 | This is the header file used by the components of the CryptoEngine(). This file should not be included in |
| 25478 | any file other than the files in the crypto engine. |
| 25479 | Vendors may replace the implementation in this file by a local crypto engine. The implementation in this |
| 25480 | file is based on OpenSSL() library. Integer format: the big integers passed in/out the function interfaces in |
| 25481 | this library by a byte buffer (BYTE *) adopt the same format used in TPM 2.0 specification: Integer values |
| 25482 | are considered to be an array of one or more bytes. The byte at offset zero within the array is the most |
| 25483 | significant byte of the integer. |
| 25484 | |
| 25485 | B.4.2. Defines |
| 25486 | |
| 25487 | 1 #ifndef _OSSL_CRYPTO_ENGINE_H |
| 25488 | 2 #define _OSSL_CRYPTO_ENGINE_H |
| 25489 | 3 #include <openssl/aes.h> |
| 25490 | 4 #include <openssl/evp.h> |
| 25491 | 5 #include <openssl/sha.h> |
| 25492 | 6 #include <openssl/ec.h> |
| 25493 | 7 #include <openssl/rand.h> |
| 25494 | 8 #include <openssl/bn.h> |
| 25495 | 9 #include <openSSL/ec_lcl.h> |
| 25496 | 10 #define CRYPTO_ENGINE |
| 25497 | 11 #include "CryptoEngine.h" |
| 25498 | 12 #include "CpriMisc_fp.h" |
| 25499 | 13 #define MAX_ECC_PARAMETER_BYTES 32 |
| 25500 | 14 #define MAX_2B_BYTES MAX((MAX_RSA_KEY_BYTES * ALG_RSA), \ |
| 25501 | 15 MAX((MAX_ECC_PARAMETER_BYTES * ALG_ECC), \ |
| 25502 | 16 MAX_DIGEST_SIZE)) |
| 25503 | 17 #define assert2Bsize(a) pAssert((a).size <= sizeof((a).buffer)) |
| 25504 | 18 #ifdef TPM_ALG_RSA |
| 25505 | 19 # ifdef RSA_KEY_SIEVE |
| 25506 | 20 # include "RsaKeySieve.h" |
| 25507 | 21 # include "RsaKeySieve_fp.h" |
| 25508 | 22 # endif |
| 25509 | 23 # include "CpriRSA_fp.h" |
| 25510 | 24 #endif |
| 25511 | |
| 25512 | This is a structure to hold the parameters for the version of KDFa() used by the CryptoEngine(). This |
| 25513 | structure allows the state to be passed between multiple functions that use the same pseudo-random |
| 25514 | sequence. |
| 25515 | |
| 25516 | 25 typedef struct { |
| 25517 | 26 CPRI_HASH_STATE iPadCtx; |
| 25518 | 27 CPRI_HASH_STATE oPadCtx; |
| 25519 | 28 TPM2B *extra; |
| 25520 | 29 UINT32 *outer; |
| 25521 | 30 TPM_ALG_ID hashAlg; |
| 25522 | 31 UINT16 keySizeInBits; |
| 25523 | 32 } KDFa_CONTEXT; |
| 25524 | 33 #endif // _OSSL_CRYPTO_ENGINE_H |
| 25525 | |
| 25526 | |
| 25527 | |
| 25528 | |
| 25529 | Page 364 TCG Published Family "2.0" |
| 25530 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 25531 | Part 4: Supporting Routines Trusted Platform Module Library |
| 25532 | |
| 25533 | |
| 25534 | B.5 MathFunctions.c |
| 25535 | |
| 25536 | B.5.1. Introduction |
| 25537 | |
| 25538 | This file contains implementation of some of the big number primitives. This is used in order to reduce the |
| 25539 | overhead in dealing with data conversions to standard big number format. |
| 25540 | The simulator code uses the canonical form whenever possible in order to make the code in Part 3 more |
| 25541 | accessible. The canonical data formats are simple and not well suited for complex big number |
| 25542 | computations. This library provides functions that are found in typical big number libraries but they are |
| 25543 | written to handle the canonical data format of the reference TPM. |
| 25544 | In some cases, data is converted to a big number format used by a standard library, such as OpenSSL(). |
| 25545 | This is done when the computations are complex enough warrant conversion. Vendors may replace the |
| 25546 | implementation in this file with a library that provides equivalent functions. A vendor may also rewrite the |
| 25547 | TPM code so that it uses a standard big number format instead of the canonical form and use the |
| 25548 | standard libraries instead of the code in this file. |
| 25549 | The implementation in this file makes use of the OpenSSL() library. |
| 25550 | Integer format: integers passed through the function interfaces in this library adopt the same format used |
| 25551 | in TPM 2.0 specification. It defines an integer as "an array of one or more octets with the most significant |
| 25552 | octet at the lowest index of the array." An additional value is needed to indicate the number of significant |
| 25553 | bytes. |
| 25554 | |
| 25555 | 1 #include "OsslCryptoEngine.h" |
| 25556 | |
| 25557 | |
| 25558 | B.5.2. Externally Accessible Functions |
| 25559 | |
| 25560 | B.5.2.1. _math__Normalize2B() |
| 25561 | |
| 25562 | This function will normalize the value in a TPM2B. If there are leading bytes of zero, the first non-zero |
| 25563 | byte is shifted up. |
| 25564 | |
| 25565 | Return Value Meaning |
| 25566 | |
| 25567 | 0 no significant bytes, value is zero |
| 25568 | >0 number of significant bytes |
| 25569 | |
| 25570 | 2 LIB_EXPORT UINT16 |
| 25571 | 3 _math__Normalize2B( |
| 25572 | 4 TPM2B *b // IN/OUT: number to normalize |
| 25573 | 5 ) |
| 25574 | 6 { |
| 25575 | 7 UINT16 from; |
| 25576 | 8 UINT16 to; |
| 25577 | 9 UINT16 size = b->size; |
| 25578 | 10 |
| 25579 | 11 for(from = 0; b->buffer[from] == 0 && from < size; from++); |
| 25580 | 12 b->size -= from; |
| 25581 | 13 for(to = 0; from < size; to++, from++ ) |
| 25582 | 14 b->buffer[to] = b->buffer[from]; |
| 25583 | 15 return b->size; |
| 25584 | 16 } |
| 25585 | |
| 25586 | |
| 25587 | |
| 25588 | |
| 25589 | Family "2.0" TCG Published Page 365 |
| 25590 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 25591 | Trusted Platform Module Library Part 4: Supporting Routines |
| 25592 | |
| 25593 | B.5.2.2. _math__Denormalize2B() |
| 25594 | |
| 25595 | This function is used to adjust a TPM2B so that the number has the desired number of bytes. This is |
| 25596 | accomplished by adding bytes of zero at the start of the number. |
| 25597 | |
| 25598 | Return Value Meaning |
| 25599 | |
| 25600 | TRUE number de-normalized |
| 25601 | FALSE number already larger than the desired size |
| 25602 | |
| 25603 | 17 LIB_EXPORT BOOL |
| 25604 | 18 _math__Denormalize2B( |
| 25605 | 19 TPM2B *in, // IN:OUT TPM2B number to de-normalize |
| 25606 | 20 UINT32 size // IN: the desired size |
| 25607 | 21 ) |
| 25608 | 22 { |
| 25609 | 23 UINT32 to; |
| 25610 | 24 UINT32 from; |
| 25611 | 25 // If the current size is greater than the requested size, see if this can be |
| 25612 | 26 // normalized to a value smaller than the requested size and then de-normalize |
| 25613 | 27 if(in->size > size) |
| 25614 | 28 { |
| 25615 | 29 _math__Normalize2B(in); |
| 25616 | 30 if(in->size > size) |
| 25617 | 31 return FALSE; |
| 25618 | 32 } |
| 25619 | 33 // If the size is already what is requested, leave |
| 25620 | 34 if(in->size == size) |
| 25621 | 35 return TRUE; |
| 25622 | 36 |
| 25623 | 37 // move the bytes to the 'right' |
| 25624 | 38 for(from = in->size, to = size; from > 0;) |
| 25625 | 39 in->buffer[--to] = in->buffer[--from]; |
| 25626 | 40 |
| 25627 | 41 // 'to' will always be greater than 0 because we checked for equal above. |
| 25628 | 42 for(; to > 0;) |
| 25629 | 43 in->buffer[--to] = 0; |
| 25630 | 44 |
| 25631 | 45 in->size = (UINT16)size; |
| 25632 | 46 return TRUE; |
| 25633 | 47 } |
| 25634 | |
| 25635 | |
| 25636 | B.5.2.3. _math__sub() |
| 25637 | |
| 25638 | This function to subtract one unsigned value from another c = a - b. c may be the same as a or b. |
| 25639 | |
| 25640 | Return Value Meaning |
| 25641 | |
| 25642 | 1 if (a > b) so no borrow |
| 25643 | 0 if (a = b) so no borrow and b == a |
| 25644 | -1 if (a < b) so there was a borrow |
| 25645 | |
| 25646 | 48 LIB_EXPORT int |
| 25647 | 49 _math__sub( |
| 25648 | 50 const UINT32 aSize, // IN: size of a |
| 25649 | 51 const BYTE *a, // IN: a |
| 25650 | 52 const UINT32 bSize, // IN: size of b |
| 25651 | 53 const BYTE *b, // IN: b |
| 25652 | 54 UINT16 *cSize, // OUT: set to MAX(aSize, bSize) |
| 25653 | 55 BYTE *c // OUT: the difference |
| 25654 | 56 ) |
| 25655 | |
| 25656 | Page 366 TCG Published Family "2.0" |
| 25657 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 25658 | Part 4: Supporting Routines Trusted Platform Module Library |
| 25659 | |
| 25660 | 57 { |
| 25661 | 58 int borrow = 0; |
| 25662 | 59 int notZero = 0; |
| 25663 | 60 int i; |
| 25664 | 61 int i2; |
| 25665 | 62 |
| 25666 | 63 // set c to the longer of a or b |
| 25667 | 64 *cSize = (UINT16)((aSize > bSize) ? aSize : bSize); |
| 25668 | 65 // pick the shorter of a and b |
| 25669 | 66 i = (aSize > bSize) ? bSize : aSize; |
| 25670 | 67 i2 = *cSize - i; |
| 25671 | 68 a = &a[aSize - 1]; |
| 25672 | 69 b = &b[bSize - 1]; |
| 25673 | 70 c = &c[*cSize - 1]; |
| 25674 | 71 for(; i > 0; i--) |
| 25675 | 72 { |
| 25676 | 73 borrow = *a-- - *b-- + borrow; |
| 25677 | 74 *c-- = (BYTE)borrow; |
| 25678 | 75 notZero = notZero || borrow; |
| 25679 | 76 borrow >>= 8; |
| 25680 | 77 } |
| 25681 | 78 if(aSize > bSize) |
| 25682 | 79 { |
| 25683 | 80 for(;i2 > 0; i2--) |
| 25684 | 81 { |
| 25685 | 82 borrow = *a-- + borrow; |
| 25686 | 83 *c-- = (BYTE)borrow; |
| 25687 | 84 notZero = notZero || borrow; |
| 25688 | 85 borrow >>= 8; |
| 25689 | 86 } |
| 25690 | 87 } |
| 25691 | 88 else if(aSize < bSize) |
| 25692 | 89 { |
| 25693 | 90 for(;i2 > 0; i2--) |
| 25694 | 91 { |
| 25695 | 92 borrow = 0 - *b-- + borrow; |
| 25696 | 93 *c-- = (BYTE)borrow; |
| 25697 | 94 notZero = notZero || borrow; |
| 25698 | 95 borrow >>= 8; |
| 25699 | 96 } |
| 25700 | 97 } |
| 25701 | 98 // if there is a borrow, then b > a |
| 25702 | 99 if(borrow) |
| 25703 | 100 return -1; |
| 25704 | 101 // either a > b or they are the same |
| 25705 | 102 return notZero; |
| 25706 | 103 } |
| 25707 | |
| 25708 | |
| 25709 | B.5.2.4. _math__Inc() |
| 25710 | |
| 25711 | This function increments a large, big-endian number value by one. |
| 25712 | |
| 25713 | Return Value Meaning |
| 25714 | |
| 25715 | 0 result is zero |
| 25716 | !0 result is not zero |
| 25717 | |
| 25718 | 104 LIB_EXPORT int |
| 25719 | 105 _math__Inc( |
| 25720 | 106 UINT32 aSize, // IN: size of a |
| 25721 | 107 BYTE *a // IN: a |
| 25722 | 108 ) |
| 25723 | 109 { |
| 25724 | |
| 25725 | |
| 25726 | Family "2.0" TCG Published Page 367 |
| 25727 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 25728 | Trusted Platform Module Library Part 4: Supporting Routines |
| 25729 | |
| 25730 | 110 |
| 25731 | 111 for(a = &a[aSize-1];aSize > 0; aSize--) |
| 25732 | 112 { |
| 25733 | 113 if((*a-- += 1) != 0) |
| 25734 | 114 return 1; |
| 25735 | 115 } |
| 25736 | 116 return 0; |
| 25737 | 117 } |
| 25738 | |
| 25739 | |
| 25740 | B.5.2.5. _math__Dec() |
| 25741 | |
| 25742 | This function decrements a large, ENDIAN value by one. |
| 25743 | |
| 25744 | 118 LIB_EXPORT void |
| 25745 | 119 _math__Dec( |
| 25746 | 120 UINT32 aSize, // IN: size of a |
| 25747 | 121 BYTE *a // IN: a |
| 25748 | 122 ) |
| 25749 | 123 { |
| 25750 | 124 for(a = &a[aSize-1]; aSize > 0; aSize--) |
| 25751 | 125 { |
| 25752 | 126 if((*a-- -= 1) != 0xff) |
| 25753 | 127 return; |
| 25754 | 128 } |
| 25755 | 129 return; |
| 25756 | 130 } |
| 25757 | |
| 25758 | |
| 25759 | B.5.2.6. _math__Mul() |
| 25760 | |
| 25761 | This function is used to multiply two large integers: p = a* b. If the size of p is not specified (pSize == |
| 25762 | NULL), the size of the results p is assumed to be aSize + bSize and the results are de-normalized so that |
| 25763 | the resulting size is exactly aSize + bSize. If pSize is provided, then the actual size of the result is |
| 25764 | returned. The initial value for pSize must be at least aSize + pSize. |
| 25765 | |
| 25766 | Return Value Meaning |
| 25767 | |
| 25768 | <0 indicates an error |
| 25769 | >= 0 the size of the product |
| 25770 | |
| 25771 | 131 LIB_EXPORT int |
| 25772 | 132 _math__Mul( |
| 25773 | 133 const UINT32 aSize, // IN: size of a |
| 25774 | 134 const BYTE *a, // IN: a |
| 25775 | 135 const UINT32 bSize, // IN: size of b |
| 25776 | 136 const BYTE *b, // IN: b |
| 25777 | 137 UINT32 *pSize, // IN/OUT: size of the product |
| 25778 | 138 BYTE *p // OUT: product. length of product = aSize + |
| 25779 | 139 // bSize |
| 25780 | 140 ) |
| 25781 | 141 { |
| 25782 | 142 BIGNUM *bnA; |
| 25783 | 143 BIGNUM *bnB; |
| 25784 | 144 BIGNUM *bnP; |
| 25785 | 145 BN_CTX *context; |
| 25786 | 146 int retVal = 0; |
| 25787 | 147 |
| 25788 | 148 // First check that pSize is large enough if present |
| 25789 | 149 if((pSize != NULL) && (*pSize < (aSize + bSize))) |
| 25790 | 150 return CRYPT_PARAMETER; |
| 25791 | 151 pAssert(pSize == NULL || *pSize <= MAX_2B_BYTES); |
| 25792 | 152 // |
| 25793 | |
| 25794 | |
| 25795 | Page 368 TCG Published Family "2.0" |
| 25796 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 25797 | Part 4: Supporting Routines Trusted Platform Module Library |
| 25798 | |
| 25799 | 153 // Allocate space for BIGNUM context |
| 25800 | 154 // |
| 25801 | 155 context = BN_CTX_new(); |
| 25802 | 156 if(context == NULL) |
| 25803 | 157 FAIL(FATAL_ERROR_ALLOCATION); |
| 25804 | 158 bnA = BN_CTX_get(context); |
| 25805 | 159 bnB = BN_CTX_get(context); |
| 25806 | 160 bnP = BN_CTX_get(context); |
| 25807 | 161 if (bnP == NULL) |
| 25808 | 162 FAIL(FATAL_ERROR_ALLOCATION); |
| 25809 | 163 |
| 25810 | 164 // Convert the inputs to BIGNUMs |
| 25811 | 165 // |
| 25812 | 166 if (BN_bin2bn(a, aSize, bnA) == NULL || BN_bin2bn(b, bSize, bnB) == NULL) |
| 25813 | 167 FAIL(FATAL_ERROR_INTERNAL); |
| 25814 | 168 |
| 25815 | 169 // Perform the multiplication |
| 25816 | 170 // |
| 25817 | 171 if (BN_mul(bnP, bnA, bnB, context) != 1) |
| 25818 | 172 FAIL(FATAL_ERROR_INTERNAL); |
| 25819 | 173 |
| 25820 | 174 // If the size of the results is allowed to float, then set the return |
| 25821 | 175 // size. Otherwise, it might be necessary to de-normalize the results |
| 25822 | 176 retVal = BN_num_bytes(bnP); |
| 25823 | 177 if(pSize == NULL) |
| 25824 | 178 { |
| 25825 | 179 BN_bn2bin(bnP, &p[aSize + bSize - retVal]); |
| 25826 | 180 memset(p, 0, aSize + bSize - retVal); |
| 25827 | 181 retVal = aSize + bSize; |
| 25828 | 182 } |
| 25829 | 183 else |
| 25830 | 184 { |
| 25831 | 185 BN_bn2bin(bnP, p); |
| 25832 | 186 *pSize = retVal; |
| 25833 | 187 } |
| 25834 | 188 |
| 25835 | 189 BN_CTX_end(context); |
| 25836 | 190 BN_CTX_free(context); |
| 25837 | 191 return retVal; |
| 25838 | 192 } |
| 25839 | |
| 25840 | |
| 25841 | B.5.2.7. _math__Div() |
| 25842 | |
| 25843 | Divide an integer (n) by an integer (d) producing a quotient (q) and a remainder (r). If q or r is not needed, |
| 25844 | then the pointer to them may be set to NULL. |
| 25845 | |
| 25846 | Return Value Meaning |
| 25847 | |
| 25848 | CRYPT_SUCCESS operation complete |
| 25849 | CRYPT_UNDERFLOW q or r is too small to receive the result |
| 25850 | |
| 25851 | 193 LIB_EXPORT CRYPT_RESULT |
| 25852 | 194 _math__Div( |
| 25853 | 195 const TPM2B *n, // IN: numerator |
| 25854 | 196 const TPM2B *d, // IN: denominator |
| 25855 | 197 TPM2B *q, // OUT: quotient |
| 25856 | 198 TPM2B *r // OUT: remainder |
| 25857 | 199 ) |
| 25858 | 200 { |
| 25859 | 201 BIGNUM *bnN; |
| 25860 | 202 BIGNUM *bnD; |
| 25861 | 203 BIGNUM *bnQ; |
| 25862 | 204 BIGNUM *bnR; |
| 25863 | |
| 25864 | Family "2.0" TCG Published Page 369 |
| 25865 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 25866 | Trusted Platform Module Library Part 4: Supporting Routines |
| 25867 | |
| 25868 | 205 BN_CTX *context; |
| 25869 | 206 CRYPT_RESULT retVal = CRYPT_SUCCESS; |
| 25870 | 207 |
| 25871 | 208 // Get structures for the big number representations |
| 25872 | 209 context = BN_CTX_new(); |
| 25873 | 210 if(context == NULL) |
| 25874 | 211 FAIL(FATAL_ERROR_ALLOCATION); |
| 25875 | 212 BN_CTX_start(context); |
| 25876 | 213 bnN = BN_CTX_get(context); |
| 25877 | 214 bnD = BN_CTX_get(context); |
| 25878 | 215 bnQ = BN_CTX_get(context); |
| 25879 | 216 bnR = BN_CTX_get(context); |
| 25880 | 217 |
| 25881 | 218 // Errors in BN_CTX_get() are sticky so only need to check the last allocation |
| 25882 | 219 if ( bnR == NULL |
| 25883 | 220 || BN_bin2bn(n->buffer, n->size, bnN) == NULL |
| 25884 | 221 || BN_bin2bn(d->buffer, d->size, bnD) == NULL) |
| 25885 | 222 FAIL(FATAL_ERROR_INTERNAL); |
| 25886 | 223 |
| 25887 | 224 // Check for divide by zero. |
| 25888 | 225 if(BN_num_bits(bnD) == 0) |
| 25889 | 226 FAIL(FATAL_ERROR_DIVIDE_ZERO); |
| 25890 | 227 |
| 25891 | 228 // Perform the division |
| 25892 | 229 if (BN_div(bnQ, bnR, bnN, bnD, context) != 1) |
| 25893 | 230 FAIL(FATAL_ERROR_INTERNAL); |
| 25894 | 231 |
| 25895 | 232 // Convert the BIGNUM result back to our format |
| 25896 | 233 if(q != NULL) // If the quotient is being returned |
| 25897 | 234 { |
| 25898 | 235 if(!BnTo2B(q, bnQ, q->size)) |
| 25899 | 236 { |
| 25900 | 237 retVal = CRYPT_UNDERFLOW; |
| 25901 | 238 goto Done; |
| 25902 | 239 } |
| 25903 | 240 } |
| 25904 | 241 if(r != NULL) // If the remainder is being returned |
| 25905 | 242 { |
| 25906 | 243 if(!BnTo2B(r, bnR, r->size)) |
| 25907 | 244 retVal = CRYPT_UNDERFLOW; |
| 25908 | 245 } |
| 25909 | 246 |
| 25910 | 247 Done: |
| 25911 | 248 BN_CTX_end(context); |
| 25912 | 249 BN_CTX_free(context); |
| 25913 | 250 |
| 25914 | 251 return retVal; |
| 25915 | 252 } |
| 25916 | |
| 25917 | |
| 25918 | B.5.2.8. _math__uComp() |
| 25919 | |
| 25920 | This function compare two unsigned values. |
| 25921 | |
| 25922 | Return Value Meaning |
| 25923 | |
| 25924 | 1 if (a > b) |
| 25925 | 0 if (a = b) |
| 25926 | -1 if (a < b) |
| 25927 | |
| 25928 | 253 LIB_EXPORT int |
| 25929 | 254 _math__uComp( |
| 25930 | 255 const UINT32 aSize, // IN: size of a |
| 25931 | 256 const BYTE *a, // IN: a |
| 25932 | |
| 25933 | Page 370 TCG Published Family "2.0" |
| 25934 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 25935 | Part 4: Supporting Routines Trusted Platform Module Library |
| 25936 | |
| 25937 | 257 const UINT32 bSize, // IN: size of b |
| 25938 | 258 const BYTE *b // IN: b |
| 25939 | 259 ) |
| 25940 | 260 { |
| 25941 | 261 int borrow = 0; |
| 25942 | 262 int notZero = 0; |
| 25943 | 263 int i; |
| 25944 | 264 // If a has more digits than b, then a is greater than b if |
| 25945 | 265 // any of the more significant bytes is non zero |
| 25946 | 266 if((i = (int)aSize - (int)bSize) > 0) |
| 25947 | 267 for(; i > 0; i--) |
| 25948 | 268 if(*a++) // means a > b |
| 25949 | 269 return 1; |
| 25950 | 270 // If b has more digits than a, then b is greater if any of the |
| 25951 | 271 // more significant bytes is non zero |
| 25952 | 272 if(i < 0) // Means that b is longer than a |
| 25953 | 273 for(; i < 0; i++) |
| 25954 | 274 if(*b++) // means that b > a |
| 25955 | 275 return -1; |
| 25956 | 276 // Either the vales are the same size or the upper bytes of a or b are |
| 25957 | 277 // all zero, so compare the rest |
| 25958 | 278 i = (aSize > bSize) ? bSize : aSize; |
| 25959 | 279 a = &a[i-1]; |
| 25960 | 280 b = &b[i-1]; |
| 25961 | 281 for(; i > 0; i--) |
| 25962 | 282 { |
| 25963 | 283 borrow = *a-- - *b-- + borrow; |
| 25964 | 284 notZero = notZero || borrow; |
| 25965 | 285 borrow >>= 8; |
| 25966 | 286 } |
| 25967 | 287 // if there is a borrow, then b > a |
| 25968 | 288 if(borrow) |
| 25969 | 289 return -1; |
| 25970 | 290 // either a > b or they are the same |
| 25971 | 291 return notZero; |
| 25972 | 292 } |
| 25973 | |
| 25974 | |
| 25975 | B.5.2.9. _math__Comp() |
| 25976 | |
| 25977 | Compare two signed integers: |
| 25978 | |
| 25979 | Return Value Meaning |
| 25980 | |
| 25981 | 1 if a > b |
| 25982 | 0 if a = b |
| 25983 | -1 if a < b |
| 25984 | |
| 25985 | 293 LIB_EXPORT int |
| 25986 | 294 _math__Comp( |
| 25987 | 295 const UINT32 aSize, // IN: size of a |
| 25988 | 296 const BYTE *a, // IN: a buffer |
| 25989 | 297 const UINT32 bSize, // IN: size of b |
| 25990 | 298 const BYTE *b // IN: b buffer |
| 25991 | 299 ) |
| 25992 | 300 { |
| 25993 | 301 int signA, signB; // sign of a and b |
| 25994 | 302 |
| 25995 | 303 // For positive or 0, sign_a is 1 |
| 25996 | 304 // for negative, sign_a is 0 |
| 25997 | 305 signA = ((a[0] & 0x80) == 0) ? 1 : 0; |
| 25998 | 306 |
| 25999 | 307 // For positive or 0, sign_b is 1 |
| 26000 | 308 // for negative, sign_b is 0 |
| 26001 | |
| 26002 | Family "2.0" TCG Published Page 371 |
| 26003 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 26004 | Trusted Platform Module Library Part 4: Supporting Routines |
| 26005 | |
| 26006 | 309 signB = ((b[0] & 0x80) == 0) ? 1 : 0; |
| 26007 | 310 |
| 26008 | 311 if(signA != signB) |
| 26009 | 312 { |
| 26010 | 313 return signA - signB; |
| 26011 | 314 } |
| 26012 | 315 |
| 26013 | 316 if(signA == 1) |
| 26014 | 317 // do unsigned compare function |
| 26015 | 318 return _math__uComp(aSize, a, bSize, b); |
| 26016 | 319 else |
| 26017 | 320 // do unsigned compare the other way |
| 26018 | 321 return 0 - _math__uComp(aSize, a, bSize, b); |
| 26019 | 322 } |
| 26020 | |
| 26021 | |
| 26022 | B.5.2.10. _math__ModExp |
| 26023 | |
| 26024 | This function is used to do modular exponentiation in support of RSA. The most typical uses are: c = m^e |
| 26025 | mod n (RSA encrypt) and m = c^d mod n (RSA decrypt). When doing decryption, the e parameter of the |
| 26026 | function will contain the private exponent d instead of the public exponent e. |
| 26027 | If the results will not fit in the provided buffer, an error is returned (CRYPT_ERROR_UNDERFLOW). If |
| 26028 | the results is smaller than the buffer, the results is de-normalized. |
| 26029 | This version is intended for use with RSA and requires that m be less than n. |
| 26030 | |
| 26031 | Return Value Meaning |
| 26032 | |
| 26033 | CRYPT_SUCCESS exponentiation succeeded |
| 26034 | CRYPT_PARAMETER number to exponentiate is larger than the modulus |
| 26035 | CRYPT_UNDERFLOW result will not fit into the provided buffer |
| 26036 | |
| 26037 | 323 LIB_EXPORT CRYPT_RESULT |
| 26038 | 324 _math__ModExp( |
| 26039 | 325 UINT32 cSize, // IN: size of the result |
| 26040 | 326 BYTE *c, // OUT: results buffer |
| 26041 | 327 const UINT32 mSize, // IN: size of number to be exponentiated |
| 26042 | 328 const BYTE *m, // IN: number to be exponentiated |
| 26043 | 329 const UINT32 eSize, // IN: size of power |
| 26044 | 330 const BYTE *e, // IN: power |
| 26045 | 331 const UINT32 nSize, // IN: modulus size |
| 26046 | 332 const BYTE *n // IN: modulu |
| 26047 | 333 ) |
| 26048 | 334 { |
| 26049 | 335 CRYPT_RESULT retVal = CRYPT_SUCCESS; |
| 26050 | 336 BN_CTX *context; |
| 26051 | 337 BIGNUM *bnC; |
| 26052 | 338 BIGNUM *bnM; |
| 26053 | 339 BIGNUM *bnE; |
| 26054 | 340 BIGNUM *bnN; |
| 26055 | 341 INT32 i; |
| 26056 | 342 |
| 26057 | 343 context = BN_CTX_new(); |
| 26058 | 344 if(context == NULL) |
| 26059 | 345 FAIL(FATAL_ERROR_ALLOCATION); |
| 26060 | 346 BN_CTX_start(context); |
| 26061 | 347 bnC = BN_CTX_get(context); |
| 26062 | 348 bnM = BN_CTX_get(context); |
| 26063 | 349 bnE = BN_CTX_get(context); |
| 26064 | 350 bnN = BN_CTX_get(context); |
| 26065 | 351 |
| 26066 | 352 // Errors for BN_CTX_get are sticky so only need to check last allocation |
| 26067 | 353 if(bnN == NULL) |
| 26068 | |
| 26069 | Page 372 TCG Published Family "2.0" |
| 26070 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 26071 | Part 4: Supporting Routines Trusted Platform Module Library |
| 26072 | |
| 26073 | 354 FAIL(FATAL_ERROR_ALLOCATION); |
| 26074 | 355 |
| 26075 | 356 //convert arguments |
| 26076 | 357 if ( BN_bin2bn(m, mSize, bnM) == NULL |
| 26077 | 358 || BN_bin2bn(e, eSize, bnE) == NULL |
| 26078 | 359 || BN_bin2bn(n, nSize, bnN) == NULL) |
| 26079 | 360 FAIL(FATAL_ERROR_INTERNAL); |
| 26080 | 361 |
| 26081 | 362 // Don't do exponentiation if the number being exponentiated is |
| 26082 | 363 // larger than the modulus. |
| 26083 | 364 if(BN_ucmp(bnM, bnN) >= 0) |
| 26084 | 365 { |
| 26085 | 366 retVal = CRYPT_PARAMETER; |
| 26086 | 367 goto Cleanup; |
| 26087 | 368 } |
| 26088 | 369 // Perform the exponentiation |
| 26089 | 370 if(!(BN_mod_exp(bnC, bnM, bnE, bnN, context))) |
| 26090 | 371 FAIL(FATAL_ERROR_INTERNAL); |
| 26091 | 372 |
| 26092 | 373 // Convert the results |
| 26093 | 374 // Make sure that the results will fit in the provided buffer. |
| 26094 | 375 if((unsigned)BN_num_bytes(bnC) > cSize) |
| 26095 | 376 { |
| 26096 | 377 retVal = CRYPT_UNDERFLOW; |
| 26097 | 378 goto Cleanup; |
| 26098 | 379 } |
| 26099 | 380 i = cSize - BN_num_bytes(bnC); |
| 26100 | 381 BN_bn2bin(bnC, &c[i]); |
| 26101 | 382 memset(c, 0, i); |
| 26102 | 383 |
| 26103 | 384 Cleanup: |
| 26104 | 385 // Free up allocated BN values |
| 26105 | 386 BN_CTX_end(context); |
| 26106 | 387 BN_CTX_free(context); |
| 26107 | 388 return retVal; |
| 26108 | 389 } |
| 26109 | |
| 26110 | |
| 26111 | B.5.2.11. _math__IsPrime() |
| 26112 | |
| 26113 | Check if an 32-bit integer is a prime. |
| 26114 | |
| 26115 | Return Value Meaning |
| 26116 | |
| 26117 | TRUE if the integer is probably a prime |
| 26118 | FALSE if the integer is definitely not a prime |
| 26119 | |
| 26120 | 390 LIB_EXPORT BOOL |
| 26121 | 391 _math__IsPrime( |
| 26122 | 392 const UINT32 prime |
| 26123 | 393 ) |
| 26124 | 394 { |
| 26125 | 395 int isPrime; |
| 26126 | 396 BIGNUM *p; |
| 26127 | 397 |
| 26128 | 398 // Assume the size variables are not overflow, which should not happen in |
| 26129 | 399 // the contexts that this function will be called. |
| 26130 | 400 if((p = BN_new()) == NULL) |
| 26131 | 401 FAIL(FATAL_ERROR_ALLOCATION); |
| 26132 | 402 if(!BN_set_word(p, prime)) |
| 26133 | 403 FAIL(FATAL_ERROR_INTERNAL); |
| 26134 | 404 |
| 26135 | 405 // |
| 26136 | 406 // BN_is_prime returning -1 means that it ran into an error. |
| 26137 | |
| 26138 | |
| 26139 | Family "2.0" TCG Published Page 373 |
| 26140 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 26141 | Trusted Platform Module Library Part 4: Supporting Routines |
| 26142 | |
| 26143 | 407 // It should only return 0 or 1 |
| 26144 | 408 // |
| 26145 | 409 if((isPrime = BN_is_prime_ex(p, BN_prime_checks, NULL, NULL)) < 0) |
| 26146 | 410 FAIL(FATAL_ERROR_INTERNAL); |
| 26147 | 411 |
| 26148 | 412 if(p != NULL) |
| 26149 | 413 BN_clear_free(p); |
| 26150 | 414 return (isPrime == 1); |
| 26151 | 415 } |
| 26152 | |
| 26153 | |
| 26154 | |
| 26155 | |
| 26156 | Page 374 TCG Published Family "2.0" |
| 26157 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 26158 | Part 4: Supporting Routines Trusted Platform Module Library |
| 26159 | |
| 26160 | |
| 26161 | B.6 CpriCryptPri.c |
| 26162 | |
| 26163 | B.6.1. Introduction |
| 26164 | |
| 26165 | This file contains the interface to the initialization, startup and shutdown functions of the crypto library. |
| 26166 | |
| 26167 | B.6.2. Includes and Locals |
| 26168 | |
| 26169 | 1 #include "OsslCryptoEngine.h" |
| 26170 | 2 static void Trap(const char *function, int line, int code); |
| 26171 | 3 FAIL_FUNCTION TpmFailFunction = (FAIL_FUNCTION)&Trap; |
| 26172 | |
| 26173 | |
| 26174 | B.6.3. Functions |
| 26175 | |
| 26176 | B.6.3.1. TpmFail() |
| 26177 | |
| 26178 | This is a shim function that is called when a failure occurs. It simply relays the call to the callback pointed |
| 26179 | to by TpmFailFunction(). It is only defined for the sake of NO_RETURN specifier that cannot be added to |
| 26180 | a function pointer with some compilers. |
| 26181 | |
| 26182 | 4 void |
| 26183 | 5 TpmFail( |
| 26184 | 6 const char *function, |
| 26185 | 7 int line, |
| 26186 | 8 int code) |
| 26187 | 9 { |
| 26188 | 10 TpmFailFunction(function, line, code); |
| 26189 | 11 } |
| 26190 | |
| 26191 | |
| 26192 | B.6.3.2. FAILURE_TRAP() |
| 26193 | |
| 26194 | This function is called if the caller to _cpri__InitCryptoUnits() doesn't provide a call back address. |
| 26195 | |
| 26196 | 12 static void |
| 26197 | 13 Trap( |
| 26198 | 14 const char *function, |
| 26199 | 15 int line, |
| 26200 | 16 int code |
| 26201 | 17 ) |
| 26202 | 18 { |
| 26203 | 19 UNREFERENCED(function); |
| 26204 | 20 UNREFERENCED(line); |
| 26205 | 21 UNREFERENCED(code); |
| 26206 | 22 abort(); |
| 26207 | 23 } |
| 26208 | |
| 26209 | |
| 26210 | B.6.3.3. _cpri__InitCryptoUnits() |
| 26211 | |
| 26212 | This function calls the initialization functions of the other crypto modules that are part of the crypto engine |
| 26213 | for this implementation. This function should be called as a result of _TPM_Init(). The parameter to this |
| 26214 | function is a call back function it TPM.lib that is called when the crypto engine has a failure. |
| 26215 | |
| 26216 | 24 LIB_EXPORT CRYPT_RESULT |
| 26217 | 25 _cpri__InitCryptoUnits( |
| 26218 | 26 FAIL_FUNCTION failFunction |
| 26219 | 27 ) |
| 26220 | 28 { |
| 26221 | |
| 26222 | Family "2.0" TCG Published Page 375 |
| 26223 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 26224 | Trusted Platform Module Library Part 4: Supporting Routines |
| 26225 | |
| 26226 | 29 TpmFailFunction = failFunction; |
| 26227 | 30 |
| 26228 | 31 _cpri__RngStartup(); |
| 26229 | 32 _cpri__HashStartup(); |
| 26230 | 33 _cpri__SymStartup(); |
| 26231 | 34 |
| 26232 | 35 #ifdef TPM_ALG_RSA |
| 26233 | 36 _cpri__RsaStartup(); |
| 26234 | 37 #endif |
| 26235 | 38 |
| 26236 | 39 #ifdef TPM_ALG_ECC |
| 26237 | 40 _cpri__EccStartup(); |
| 26238 | 41 #endif |
| 26239 | 42 |
| 26240 | 43 return CRYPT_SUCCESS; |
| 26241 | 44 } |
| 26242 | |
| 26243 | |
| 26244 | B.6.3.4. _cpri__StopCryptoUnits() |
| 26245 | |
| 26246 | This function calls the shutdown functions of the other crypto modules that are part of the crypto engine |
| 26247 | for this implementation. |
| 26248 | |
| 26249 | 45 LIB_EXPORT void |
| 26250 | 46 _cpri__StopCryptoUnits( |
| 26251 | 47 void |
| 26252 | 48 ) |
| 26253 | 49 { |
| 26254 | 50 return; |
| 26255 | 51 } |
| 26256 | |
| 26257 | |
| 26258 | B.6.3.5. _cpri__Startup() |
| 26259 | |
| 26260 | This function calls the startup functions of the other crypto modules that are part of the crypto engine for |
| 26261 | this implementation. This function should be called during processing of TPM2_Startup(). |
| 26262 | |
| 26263 | 52 LIB_EXPORT BOOL |
| 26264 | 53 _cpri__Startup( |
| 26265 | 54 void |
| 26266 | 55 ) |
| 26267 | 56 { |
| 26268 | 57 |
| 26269 | 58 return( _cpri__HashStartup() |
| 26270 | 59 && _cpri__RngStartup() |
| 26271 | 60 #ifdef TPM_ALG_RSA |
| 26272 | 61 && _cpri__RsaStartup() |
| 26273 | 62 #endif // TPM_ALG_RSA |
| 26274 | 63 #ifdef TPM_ALG_ECC |
| 26275 | 64 && _cpri__EccStartup() |
| 26276 | 65 #endif // TPM_ALG_ECC |
| 26277 | 66 && _cpri__SymStartup()); |
| 26278 | 67 } |
| 26279 | |
| 26280 | |
| 26281 | |
| 26282 | |
| 26283 | Page 376 TCG Published Family "2.0" |
| 26284 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 26285 | Part 4: Supporting Routines Trusted Platform Module Library |
| 26286 | |
| 26287 | |
| 26288 | B.7 CpriRNG.c |
| 26289 | |
| 26290 | 1 //#define __TPM_RNG_FOR_DEBUG__ |
| 26291 | |
| 26292 | |
| 26293 | B.7.1. Introduction |
| 26294 | |
| 26295 | This file contains the interface to the OpenSSL() random number functions. |
| 26296 | |
| 26297 | B.7.2. Includes |
| 26298 | |
| 26299 | 2 #include "OsslCryptoEngine.h" |
| 26300 | 3 int s_entropyFailure; |
| 26301 | |
| 26302 | |
| 26303 | B.7.3. Functions |
| 26304 | |
| 26305 | B.7.3.1. _cpri__RngStartup() |
| 26306 | |
| 26307 | This function is called to initialize the random number generator. It collects entropy from the platform to |
| 26308 | seed the OpenSSL() random number generator. |
| 26309 | |
| 26310 | 4 LIB_EXPORT BOOL |
| 26311 | 5 _cpri__RngStartup(void) |
| 26312 | 6 { |
| 26313 | 7 UINT32 entropySize; |
| 26314 | 8 BYTE entropy[MAX_RNG_ENTROPY_SIZE]; |
| 26315 | 9 INT32 returnedSize = 0; |
| 26316 | 10 |
| 26317 | 11 // Initialize the entropy source |
| 26318 | 12 s_entropyFailure = FALSE; |
| 26319 | 13 _plat__GetEntropy(NULL, 0); |
| 26320 | 14 |
| 26321 | 15 // Collect entropy until we have enough |
| 26322 | 16 for(entropySize = 0; |
| 26323 | 17 entropySize < MAX_RNG_ENTROPY_SIZE && returnedSize >= 0; |
| 26324 | 18 entropySize += returnedSize) |
| 26325 | 19 { |
| 26326 | 20 returnedSize = _plat__GetEntropy(&entropy[entropySize], |
| 26327 | 21 MAX_RNG_ENTROPY_SIZE - entropySize); |
| 26328 | 22 } |
| 26329 | 23 // Got some entropy on the last call and did not get an error |
| 26330 | 24 if(returnedSize > 0) |
| 26331 | 25 { |
| 26332 | 26 // Seed OpenSSL with entropy |
| 26333 | 27 RAND_seed(entropy, entropySize); |
| 26334 | 28 } |
| 26335 | 29 else |
| 26336 | 30 { |
| 26337 | 31 s_entropyFailure = TRUE; |
| 26338 | 32 } |
| 26339 | 33 return s_entropyFailure == FALSE; |
| 26340 | 34 } |
| 26341 | |
| 26342 | |
| 26343 | B.7.3.2. _cpri__DrbgGetPutState() |
| 26344 | |
| 26345 | This function is used to set the state of the RNG (direction == PUT_STATE) or to recover the state of the |
| 26346 | RNG (direction == GET_STATE). |
| 26347 | |
| 26348 | |
| 26349 | |
| 26350 | |
| 26351 | Family "2.0" TCG Published Page 377 |
| 26352 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 26353 | Trusted Platform Module Library Part 4: Supporting Routines |
| 26354 | |
| 26355 | NOTE: This not currently supported on OpenSSL() version. |
| 26356 | |
| 26357 | 35 LIB_EXPORT CRYPT_RESULT |
| 26358 | 36 _cpri__DrbgGetPutState( |
| 26359 | 37 GET_PUT direction, |
| 26360 | 38 int bufferSize, |
| 26361 | 39 BYTE *buffer |
| 26362 | 40 ) |
| 26363 | 41 { |
| 26364 | 42 UNREFERENCED_PARAMETER(direction); |
| 26365 | 43 UNREFERENCED_PARAMETER(bufferSize); |
| 26366 | 44 UNREFERENCED_PARAMETER(buffer); |
| 26367 | 45 |
| 26368 | 46 return CRYPT_SUCCESS; // Function is not implemented |
| 26369 | 47 } |
| 26370 | |
| 26371 | |
| 26372 | B.7.3.3. _cpri__StirRandom() |
| 26373 | |
| 26374 | This function is called to add external entropy to the OpenSSL() random number generator. |
| 26375 | |
| 26376 | 48 LIB_EXPORT CRYPT_RESULT |
| 26377 | 49 _cpri__StirRandom( |
| 26378 | 50 INT32 entropySize, |
| 26379 | 51 BYTE *entropy |
| 26380 | 52 ) |
| 26381 | 53 { |
| 26382 | 54 if (entropySize >= 0) |
| 26383 | 55 { |
| 26384 | 56 RAND_add((const void *)entropy, (int) entropySize, 0.0); |
| 26385 | 57 |
| 26386 | 58 } |
| 26387 | 59 return CRYPT_SUCCESS; |
| 26388 | 60 } |
| 26389 | |
| 26390 | |
| 26391 | B.7.3.4. _cpri__GenerateRandom() |
| 26392 | |
| 26393 | This function is called to get a string of random bytes from the OpenSSL() random number generator. The |
| 26394 | return value is the number of bytes placed in the buffer. If the number of bytes returned is not equal to the |
| 26395 | number of bytes requested (randomSize) it is indicative of a failure of the OpenSSL() random number |
| 26396 | generator and is probably fatal. |
| 26397 | |
| 26398 | 61 LIB_EXPORT UINT16 |
| 26399 | 62 _cpri__GenerateRandom( |
| 26400 | 63 INT32 randomSize, |
| 26401 | 64 BYTE *buffer |
| 26402 | 65 ) |
| 26403 | 66 { |
| 26404 | 67 // |
| 26405 | 68 // We don't do negative sizes or ones that are too large |
| 26406 | 69 if (randomSize < 0 || randomSize > UINT16_MAX) |
| 26407 | 70 return 0; |
| 26408 | 71 // RAND_bytes uses 1 for success and we use 0 |
| 26409 | 72 if(RAND_bytes(buffer, randomSize) == 1) |
| 26410 | 73 return (UINT16)randomSize; |
| 26411 | 74 else |
| 26412 | 75 return 0; |
| 26413 | 76 } |
| 26414 | |
| 26415 | |
| 26416 | |
| 26417 | |
| 26418 | Page 378 TCG Published Family "2.0" |
| 26419 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 26420 | Part 4: Supporting Routines Trusted Platform Module Library |
| 26421 | |
| 26422 | B.7.3.4.1. _cpri__GenerateSeededRandom() |
| 26423 | |
| 26424 | This funciton is used to generate a pseudo-random number from some seed values This funciton returns |
| 26425 | the same result each time it is called with the same parameters |
| 26426 | |
| 26427 | 77 LIB_EXPORT UINT16 |
| 26428 | 78 _cpri__GenerateSeededRandom( |
| 26429 | 79 INT32 randomSize, // IN: the size of the request |
| 26430 | 80 BYTE *random, // OUT: receives the data |
| 26431 | 81 TPM_ALG_ID hashAlg, // IN: used by KDF version but not here |
| 26432 | 82 TPM2B *seed, // IN: the seed value |
| 26433 | 83 const char *label, // IN: a label string (optional) |
| 26434 | 84 TPM2B *partyU, // IN: other data (oprtional) |
| 26435 | 85 TPM2B *partyV // IN: still more (optional) |
| 26436 | 86 ) |
| 26437 | 87 { |
| 26438 | 88 |
| 26439 | 89 return (_cpri__KDFa(hashAlg, seed, label, partyU, partyV, |
| 26440 | 90 randomSize * 8, random, NULL, FALSE)); |
| 26441 | 91 } |
| 26442 | 92 #endif //% |
| 26443 | |
| 26444 | |
| 26445 | |
| 26446 | |
| 26447 | Family "2.0" TCG Published Page 379 |
| 26448 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 26449 | Trusted Platform Module Library Part 4: Supporting Routines |
| 26450 | |
| 26451 | |
| 26452 | B.8 CpriHash.c |
| 26453 | |
| 26454 | B.8.1. Description |
| 26455 | |
| 26456 | This file contains implementation of cryptographic functions for hashing. |
| 26457 | |
| 26458 | B.8.2. Includes, Defines, and Types |
| 26459 | |
| 26460 | 1 #include "OsslCryptoEngine.h" |
| 26461 | 2 #include "CpriHashData.c" |
| 26462 | 3 #define OSSL_HASH_STATE_DATA_SIZE (MAX_HASH_STATE_SIZE - 8) |
| 26463 | 4 typedef struct { |
| 26464 | 5 union { |
| 26465 | 6 EVP_MD_CTX context; |
| 26466 | 7 BYTE data[OSSL_HASH_STATE_DATA_SIZE]; |
| 26467 | 8 } u; |
| 26468 | 9 INT16 copySize; |
| 26469 | 10 } OSSL_HASH_STATE; |
| 26470 | |
| 26471 | Temporary aliasing of SM3 to SHA256 until SM3 is available |
| 26472 | |
| 26473 | 11 #define EVP_sm3_256 EVP_sha256 |
| 26474 | |
| 26475 | |
| 26476 | B.8.3. Static Functions |
| 26477 | |
| 26478 | B.8.3.1. GetHashServer() |
| 26479 | |
| 26480 | This function returns the address of the hash server function |
| 26481 | |
| 26482 | 12 static EVP_MD * |
| 26483 | 13 GetHashServer( |
| 26484 | 14 TPM_ALG_ID hashAlg |
| 26485 | 15 ) |
| 26486 | 16 { |
| 26487 | 17 switch (hashAlg) |
| 26488 | 18 { |
| 26489 | 19 #ifdef TPM_ALG_SHA1 |
| 26490 | 20 case TPM_ALG_SHA1: |
| 26491 | 21 return (EVP_MD *)EVP_sha1(); |
| 26492 | 22 break; |
| 26493 | 23 #endif |
| 26494 | 24 #ifdef TPM_ALG_SHA256 |
| 26495 | 25 case TPM_ALG_SHA256: |
| 26496 | 26 return (EVP_MD *)EVP_sha256(); |
| 26497 | 27 break; |
| 26498 | 28 #endif |
| 26499 | 29 #ifdef TPM_ALG_SHA384 |
| 26500 | 30 case TPM_ALG_SHA384: |
| 26501 | 31 return (EVP_MD *)EVP_sha384(); |
| 26502 | 32 break; |
| 26503 | 33 #endif |
| 26504 | 34 #ifdef TPM_ALG_SHA512 |
| 26505 | 35 case TPM_ALG_SHA512: |
| 26506 | 36 return (EVP_MD *)EVP_sha512(); |
| 26507 | 37 break; |
| 26508 | 38 #endif |
| 26509 | 39 #ifdef TPM_ALG_SM3_256 |
| 26510 | 40 case TPM_ALG_SM3_256: |
| 26511 | 41 return (EVP_MD *)EVP_sm3_256(); |
| 26512 | 42 break; |
| 26513 | |
| 26514 | Page 380 TCG Published Family "2.0" |
| 26515 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 26516 | Part 4: Supporting Routines Trusted Platform Module Library |
| 26517 | |
| 26518 | 43 #endif |
| 26519 | 44 case TPM_ALG_NULL: |
| 26520 | 45 return NULL; |
| 26521 | 46 default: |
| 26522 | 47 FAIL(FATAL_ERROR_INTERNAL); |
| 26523 | 48 } |
| 26524 | 49 } |
| 26525 | |
| 26526 | |
| 26527 | B.8.3.2. MarshalHashState() |
| 26528 | |
| 26529 | This function copies an OpenSSL() hash context into a caller provided buffer. |
| 26530 | |
| 26531 | Return Value Meaning |
| 26532 | |
| 26533 | >0 the number of bytes of buf used. |
| 26534 | |
| 26535 | 50 static UINT16 |
| 26536 | 51 MarshalHashState( |
| 26537 | 52 EVP_MD_CTX *ctxt, // IN: Context to marshal |
| 26538 | 53 BYTE *buf // OUT: The buffer that will receive the |
| 26539 | 54 // context. This buffer is at least |
| 26540 | 55 // MAX_HASH_STATE_SIZE byte |
| 26541 | 56 ) |
| 26542 | 57 { |
| 26543 | 58 // make sure everything will fit |
| 26544 | 59 pAssert(ctxt->digest->ctx_size <= OSSL_HASH_STATE_DATA_SIZE); |
| 26545 | 60 |
| 26546 | 61 // Copy the context data |
| 26547 | 62 memcpy(buf, (void*) ctxt->md_data, ctxt->digest->ctx_size); |
| 26548 | 63 |
| 26549 | 64 return (UINT16)ctxt->digest->ctx_size; |
| 26550 | 65 } |
| 26551 | |
| 26552 | |
| 26553 | B.8.3.3. GetHashState() |
| 26554 | |
| 26555 | This function will unmarshal a caller provided buffer into an OpenSSL() hash context. The function returns |
| 26556 | the number of bytes copied (which may be zero). |
| 26557 | |
| 26558 | 66 static UINT16 |
| 26559 | 67 GetHashState( |
| 26560 | 68 EVP_MD_CTX *ctxt, // OUT: The context structure to receive the |
| 26561 | 69 // result of unmarshaling. |
| 26562 | 70 TPM_ALG_ID algType, // IN: The hash algorithm selector |
| 26563 | 71 BYTE *buf // IN: Buffer containing marshaled hash data |
| 26564 | 72 ) |
| 26565 | 73 { |
| 26566 | 74 EVP_MD *evpmdAlgorithm = NULL; |
| 26567 | 75 |
| 26568 | 76 pAssert(ctxt != NULL); |
| 26569 | 77 |
| 26570 | 78 EVP_MD_CTX_init(ctxt); |
| 26571 | 79 |
| 26572 | 80 evpmdAlgorithm = GetHashServer(algType); |
| 26573 | 81 if(evpmdAlgorithm == NULL) |
| 26574 | 82 return 0; |
| 26575 | 83 |
| 26576 | 84 // This also allocates the ctxt->md_data |
| 26577 | 85 if((EVP_DigestInit_ex(ctxt, evpmdAlgorithm, NULL)) != 1) |
| 26578 | 86 FAIL(FATAL_ERROR_INTERNAL); |
| 26579 | 87 |
| 26580 | 88 pAssert(ctxt->digest->ctx_size < sizeof(ALIGNED_HASH_STATE)); |
| 26581 | 89 memcpy(ctxt->md_data, buf, ctxt->digest->ctx_size); |
| 26582 | |
| 26583 | |
| 26584 | Family "2.0" TCG Published Page 381 |
| 26585 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 26586 | Trusted Platform Module Library Part 4: Supporting Routines |
| 26587 | |
| 26588 | 90 return (UINT16)ctxt->digest->ctx_size; |
| 26589 | 91 } |
| 26590 | |
| 26591 | |
| 26592 | B.8.3.4. GetHashInfoPointer() |
| 26593 | |
| 26594 | This function returns a pointer to the hash info for the algorithm. If the algorithm is not supported, function |
| 26595 | returns a pointer to the data block associated with TPM_ALG_NULL. |
| 26596 | |
| 26597 | 92 static const HASH_INFO * |
| 26598 | 93 GetHashInfoPointer( |
| 26599 | 94 TPM_ALG_ID hashAlg |
| 26600 | 95 ) |
| 26601 | 96 { |
| 26602 | 97 UINT32 i, tableSize; |
| 26603 | 98 |
| 26604 | 99 // Get the table size of g_hashData |
| 26605 | 100 tableSize = sizeof(g_hashData) / sizeof(g_hashData[0]); |
| 26606 | 101 |
| 26607 | 102 for(i = 0; i < tableSize - 1; i++) |
| 26608 | 103 { |
| 26609 | 104 if(g_hashData[i].alg == hashAlg) |
| 26610 | 105 return &g_hashData[i]; |
| 26611 | 106 } |
| 26612 | 107 return &g_hashData[tableSize-1]; |
| 26613 | 108 } |
| 26614 | |
| 26615 | |
| 26616 | B.8.4. Hash Functions |
| 26617 | |
| 26618 | B.8.4.1. _cpri__HashStartup() |
| 26619 | |
| 26620 | Function that is called to initialize the hash service. In this implementation, this function does nothing but |
| 26621 | it is called by the CryptUtilStartup() function and must be present. |
| 26622 | |
| 26623 | 109 LIB_EXPORT BOOL |
| 26624 | 110 _cpri__HashStartup( |
| 26625 | 111 void |
| 26626 | 112 ) |
| 26627 | 113 { |
| 26628 | 114 // On startup, make sure that the structure sizes are compatible. It would |
| 26629 | 115 // be nice if this could be done at compile time but I couldn't figure it out. |
| 26630 | 116 CPRI_HASH_STATE *cpriState = NULL; |
| 26631 | 117 // NUMBYTES evpCtxSize = sizeof(EVP_MD_CTX); |
| 26632 | 118 NUMBYTES cpriStateSize = sizeof(cpriState->state); |
| 26633 | 119 // OSSL_HASH_STATE *osslState; |
| 26634 | 120 NUMBYTES osslStateSize = sizeof(OSSL_HASH_STATE); |
| 26635 | 121 // int dataSize = sizeof(osslState->u.data); |
| 26636 | 122 pAssert(cpriStateSize >= osslStateSize); |
| 26637 | 123 |
| 26638 | 124 return TRUE; |
| 26639 | 125 } |
| 26640 | |
| 26641 | |
| 26642 | B.8.4.2. _cpri__GetHashAlgByIndex() |
| 26643 | |
| 26644 | This function is used to iterate through the hashes. TPM_ALG_NULL is returned for all indexes that are |
| 26645 | not valid hashes. If the TPM implements 3 hashes, then an index value of 0 will return the first |
| 26646 | implemented hash and and index of 2 will return the last. All other index values will return |
| 26647 | TPM_ALG_NULL. |
| 26648 | |
| 26649 | |
| 26650 | |
| 26651 | |
| 26652 | Page 382 TCG Published Family "2.0" |
| 26653 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 26654 | Part 4: Supporting Routines Trusted Platform Module Library |
| 26655 | |
| 26656 | |
| 26657 | Return Value Meaning |
| 26658 | |
| 26659 | TPM_ALG_xxx() a hash algorithm |
| 26660 | TPM_ALG_NULL this can be used as a stop value |
| 26661 | |
| 26662 | 126 LIB_EXPORT TPM_ALG_ID |
| 26663 | 127 _cpri__GetHashAlgByIndex( |
| 26664 | 128 UINT32 index // IN: the index |
| 26665 | 129 ) |
| 26666 | 130 { |
| 26667 | 131 if(index >= HASH_COUNT) |
| 26668 | 132 return TPM_ALG_NULL; |
| 26669 | 133 return g_hashData[index].alg; |
| 26670 | 134 } |
| 26671 | |
| 26672 | |
| 26673 | B.8.4.3. _cpri__GetHashBlockSize() |
| 26674 | |
| 26675 | Returns the size of the block used for the hash |
| 26676 | |
| 26677 | Return Value Meaning |
| 26678 | |
| 26679 | <0 the algorithm is not a supported hash |
| 26680 | >= the digest size (0 for TPM_ALG_NULL) |
| 26681 | |
| 26682 | 135 LIB_EXPORT UINT16 |
| 26683 | 136 _cpri__GetHashBlockSize( |
| 26684 | 137 TPM_ALG_ID hashAlg // IN: hash algorithm to look up |
| 26685 | 138 ) |
| 26686 | 139 { |
| 26687 | 140 return GetHashInfoPointer(hashAlg)->blockSize; |
| 26688 | 141 } |
| 26689 | |
| 26690 | |
| 26691 | B.8.4.4. _cpri__GetHashDER |
| 26692 | |
| 26693 | This function returns a pointer to the DER string for the algorithm and indicates its size. |
| 26694 | |
| 26695 | 142 LIB_EXPORT UINT16 |
| 26696 | 143 _cpri__GetHashDER( |
| 26697 | 144 TPM_ALG_ID hashAlg, // IN: the algorithm to look up |
| 26698 | 145 const BYTE **p |
| 26699 | 146 ) |
| 26700 | 147 { |
| 26701 | 148 const HASH_INFO *q; |
| 26702 | 149 q = GetHashInfoPointer(hashAlg); |
| 26703 | 150 *p = &q->der[0]; |
| 26704 | 151 return q->derSize; |
| 26705 | 152 } |
| 26706 | |
| 26707 | |
| 26708 | B.8.4.5. _cpri__GetDigestSize() |
| 26709 | |
| 26710 | Gets the digest size of the algorithm. The algorithm is required to be supported. |
| 26711 | |
| 26712 | Return Value Meaning |
| 26713 | |
| 26714 | =0 the digest size for TPM_ALG_NULL |
| 26715 | >0 the digest size of a hash algorithm |
| 26716 | |
| 26717 | 153 LIB_EXPORT UINT16 |
| 26718 | |
| 26719 | Family "2.0" TCG Published Page 383 |
| 26720 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 26721 | Trusted Platform Module Library Part 4: Supporting Routines |
| 26722 | |
| 26723 | 154 _cpri__GetDigestSize( |
| 26724 | 155 TPM_ALG_ID hashAlg // IN: hash algorithm to look up |
| 26725 | 156 ) |
| 26726 | 157 { |
| 26727 | 158 return GetHashInfoPointer(hashAlg)->digestSize; |
| 26728 | 159 } |
| 26729 | |
| 26730 | |
| 26731 | B.8.4.6. _cpri__GetContextAlg() |
| 26732 | |
| 26733 | This function returns the algorithm associated with a hash context |
| 26734 | |
| 26735 | 160 LIB_EXPORT TPM_ALG_ID |
| 26736 | 161 _cpri__GetContextAlg( |
| 26737 | 162 CPRI_HASH_STATE *hashState // IN: the hash context |
| 26738 | 163 ) |
| 26739 | 164 { |
| 26740 | 165 return hashState->hashAlg; |
| 26741 | 166 } |
| 26742 | |
| 26743 | |
| 26744 | B.8.4.7. _cpri__CopyHashState |
| 26745 | |
| 26746 | This function is used to clone a CPRI_HASH_STATE. The return value is the size of the state. |
| 26747 | |
| 26748 | 167 LIB_EXPORT UINT16 |
| 26749 | 168 _cpri__CopyHashState ( |
| 26750 | 169 CPRI_HASH_STATE *out, // OUT: destination of the state |
| 26751 | 170 CPRI_HASH_STATE *in // IN: source of the state |
| 26752 | 171 ) |
| 26753 | 172 { |
| 26754 | 173 OSSL_HASH_STATE *i = (OSSL_HASH_STATE *)&in->state; |
| 26755 | 174 OSSL_HASH_STATE *o = (OSSL_HASH_STATE *)&out->state; |
| 26756 | 175 pAssert(sizeof(i) <= sizeof(in->state)); |
| 26757 | 176 |
| 26758 | 177 EVP_MD_CTX_init(&o->u.context); |
| 26759 | 178 EVP_MD_CTX_copy_ex(&o->u.context, &i->u.context); |
| 26760 | 179 o->copySize = i->copySize; |
| 26761 | 180 out->hashAlg = in->hashAlg; |
| 26762 | 181 return sizeof(CPRI_HASH_STATE); |
| 26763 | 182 } |
| 26764 | |
| 26765 | |
| 26766 | B.8.4.8. _cpri__StartHash() |
| 26767 | |
| 26768 | Functions starts a hash stack Start a hash stack and returns the digest size. As a side effect, the value of |
| 26769 | stateSize in hashState is updated to indicate the number of bytes of state that were saved. This function |
| 26770 | calls GetHashServer() and that function will put the TPM into failure mode if the hash algorithm is not |
| 26771 | supported. |
| 26772 | |
| 26773 | Return Value Meaning |
| 26774 | |
| 26775 | 0 hash is TPM_ALG_NULL |
| 26776 | >0 digest size |
| 26777 | |
| 26778 | 183 LIB_EXPORT UINT16 |
| 26779 | 184 _cpri__StartHash( |
| 26780 | 185 TPM_ALG_ID hashAlg, // IN: hash algorithm |
| 26781 | 186 BOOL sequence, // IN: TRUE if the state should be saved |
| 26782 | 187 CPRI_HASH_STATE *hashState // OUT: the state of hash stack. |
| 26783 | 188 ) |
| 26784 | 189 { |
| 26785 | 190 EVP_MD_CTX localState; |
| 26786 | |
| 26787 | Page 384 TCG Published Family "2.0" |
| 26788 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 26789 | Part 4: Supporting Routines Trusted Platform Module Library |
| 26790 | |
| 26791 | 191 OSSL_HASH_STATE *state = (OSSL_HASH_STATE *)&hashState->state; |
| 26792 | 192 BYTE *stateData = state->u.data; |
| 26793 | 193 EVP_MD_CTX *context; |
| 26794 | 194 EVP_MD *evpmdAlgorithm = NULL; |
| 26795 | 195 UINT16 retVal = 0; |
| 26796 | 196 |
| 26797 | 197 if(sequence) |
| 26798 | 198 context = &localState; |
| 26799 | 199 else |
| 26800 | 200 context = &state->u.context; |
| 26801 | 201 |
| 26802 | 202 hashState->hashAlg = hashAlg; |
| 26803 | 203 |
| 26804 | 204 EVP_MD_CTX_init(context); |
| 26805 | 205 evpmdAlgorithm = GetHashServer(hashAlg); |
| 26806 | 206 if(evpmdAlgorithm == NULL) |
| 26807 | 207 goto Cleanup; |
| 26808 | 208 |
| 26809 | 209 if(EVP_DigestInit_ex(context, evpmdAlgorithm, NULL) != 1) |
| 26810 | 210 FAIL(FATAL_ERROR_INTERNAL); |
| 26811 | 211 retVal = (CRYPT_RESULT)EVP_MD_CTX_size(context); |
| 26812 | 212 |
| 26813 | 213 Cleanup: |
| 26814 | 214 if(retVal > 0) |
| 26815 | 215 { |
| 26816 | 216 if (sequence) |
| 26817 | 217 { |
| 26818 | 218 if((state->copySize = MarshalHashState(context, stateData)) == 0) |
| 26819 | 219 { |
| 26820 | 220 // If MarshalHashState returns a negative number, it is an error |
| 26821 | 221 // code and not a hash size so copy the error code to be the return |
| 26822 | 222 // from this function and set the actual stateSize to zero. |
| 26823 | 223 retVal = state->copySize; |
| 26824 | 224 state->copySize = 0; |
| 26825 | 225 } |
| 26826 | 226 // Do the cleanup |
| 26827 | 227 EVP_MD_CTX_cleanup(context); |
| 26828 | 228 } |
| 26829 | 229 else |
| 26830 | 230 state->copySize = -1; |
| 26831 | 231 } |
| 26832 | 232 else |
| 26833 | 233 state->copySize = 0; |
| 26834 | 234 return retVal; |
| 26835 | 235 } |
| 26836 | |
| 26837 | |
| 26838 | B.8.4.9. _cpri__UpdateHash() |
| 26839 | |
| 26840 | Add data to a hash or HMAC stack. |
| 26841 | |
| 26842 | 236 LIB_EXPORT void |
| 26843 | 237 _cpri__UpdateHash( |
| 26844 | 238 CPRI_HASH_STATE *hashState, // IN: the hash context information |
| 26845 | 239 UINT32 dataSize, // IN: the size of data to be added to the |
| 26846 | 240 // digest |
| 26847 | 241 BYTE *data // IN: data to be hashed |
| 26848 | 242 ) |
| 26849 | 243 { |
| 26850 | 244 EVP_MD_CTX localContext; |
| 26851 | 245 OSSL_HASH_STATE *state = (OSSL_HASH_STATE *)&hashState->state; |
| 26852 | 246 BYTE *stateData = state->u.data; |
| 26853 | 247 EVP_MD_CTX *context; |
| 26854 | 248 CRYPT_RESULT retVal = CRYPT_SUCCESS; |
| 26855 | 249 |
| 26856 | |
| 26857 | |
| 26858 | Family "2.0" TCG Published Page 385 |
| 26859 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 26860 | Trusted Platform Module Library Part 4: Supporting Routines |
| 26861 | |
| 26862 | 250 // If there is no context, return |
| 26863 | 251 if(state->copySize == 0) |
| 26864 | 252 return; |
| 26865 | 253 if(state->copySize > 0) |
| 26866 | 254 { |
| 26867 | 255 context = &localContext; |
| 26868 | 256 if((retVal = GetHashState(context, hashState->hashAlg, stateData)) <= 0) |
| 26869 | 257 return; |
| 26870 | 258 } |
| 26871 | 259 else |
| 26872 | 260 context = &state->u.context; |
| 26873 | 261 |
| 26874 | 262 if(EVP_DigestUpdate(context, data, dataSize) != 1) |
| 26875 | 263 FAIL(FATAL_ERROR_INTERNAL); |
| 26876 | 264 else if( state->copySize > 0 |
| 26877 | 265 && (retVal= MarshalHashState(context, stateData)) >= 0) |
| 26878 | 266 { |
| 26879 | 267 // retVal is the size of the marshaled data. Make sure that it is consistent |
| 26880 | 268 // by ensuring that we didn't get more than allowed |
| 26881 | 269 if(retVal < state->copySize) |
| 26882 | 270 FAIL(FATAL_ERROR_INTERNAL); |
| 26883 | 271 else |
| 26884 | 272 EVP_MD_CTX_cleanup(context); |
| 26885 | 273 } |
| 26886 | 274 return; |
| 26887 | 275 } |
| 26888 | |
| 26889 | |
| 26890 | B.8.4.10. _cpri__CompleteHash() |
| 26891 | |
| 26892 | Complete a hash or HMAC computation. This function will place the smaller of digestSize or the size of |
| 26893 | the digest in dOut. The number of bytes in the placed in the buffer is returned. If there is a failure, the |
| 26894 | returned value is <= 0. |
| 26895 | |
| 26896 | Return Value Meaning |
| 26897 | |
| 26898 | 0 no data returned |
| 26899 | >0 the number of bytes in the digest |
| 26900 | |
| 26901 | 276 LIB_EXPORT UINT16 |
| 26902 | 277 _cpri__CompleteHash( |
| 26903 | 278 CPRI_HASH_STATE *hashState, // IN: the state of hash stack |
| 26904 | 279 UINT32 dOutSize, // IN: size of digest buffer |
| 26905 | 280 BYTE *dOut // OUT: hash digest |
| 26906 | 281 ) |
| 26907 | 282 { |
| 26908 | 283 EVP_MD_CTX localState; |
| 26909 | 284 OSSL_HASH_STATE *state = (OSSL_HASH_STATE *)&hashState->state; |
| 26910 | 285 BYTE *stateData = state->u.data; |
| 26911 | 286 EVP_MD_CTX *context; |
| 26912 | 287 UINT16 retVal; |
| 26913 | 288 int hLen; |
| 26914 | 289 BYTE temp[MAX_DIGEST_SIZE]; |
| 26915 | 290 BYTE *rBuffer = dOut; |
| 26916 | 291 |
| 26917 | 292 if(state->copySize == 0) |
| 26918 | 293 return 0; |
| 26919 | 294 if(state->copySize > 0) |
| 26920 | 295 { |
| 26921 | 296 context = &localState; |
| 26922 | 297 if((retVal = GetHashState(context, hashState->hashAlg, stateData)) <= 0) |
| 26923 | 298 goto Cleanup; |
| 26924 | 299 } |
| 26925 | 300 else |
| 26926 | |
| 26927 | Page 386 TCG Published Family "2.0" |
| 26928 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 26929 | Part 4: Supporting Routines Trusted Platform Module Library |
| 26930 | |
| 26931 | 301 context = &state->u.context; |
| 26932 | 302 |
| 26933 | 303 hLen = EVP_MD_CTX_size(context); |
| 26934 | 304 if((unsigned)hLen > dOutSize) |
| 26935 | 305 rBuffer = temp; |
| 26936 | 306 if(EVP_DigestFinal_ex(context, rBuffer, NULL) == 1) |
| 26937 | 307 { |
| 26938 | 308 if(rBuffer != dOut) |
| 26939 | 309 { |
| 26940 | 310 if(dOut != NULL) |
| 26941 | 311 { |
| 26942 | 312 memcpy(dOut, temp, dOutSize); |
| 26943 | 313 } |
| 26944 | 314 retVal = (UINT16)dOutSize; |
| 26945 | 315 } |
| 26946 | 316 else |
| 26947 | 317 { |
| 26948 | 318 retVal = (UINT16)hLen; |
| 26949 | 319 } |
| 26950 | 320 state->copySize = 0; |
| 26951 | 321 } |
| 26952 | 322 else |
| 26953 | 323 { |
| 26954 | 324 retVal = 0; // Indicate that no data is returned |
| 26955 | 325 } |
| 26956 | 326 Cleanup: |
| 26957 | 327 EVP_MD_CTX_cleanup(context); |
| 26958 | 328 return retVal; |
| 26959 | 329 } |
| 26960 | |
| 26961 | |
| 26962 | B.8.4.11. _cpri__ImportExportHashState() |
| 26963 | |
| 26964 | This function is used to import or export the hash state. This function would be called to export state when |
| 26965 | a sequence object was being prepared for export |
| 26966 | |
| 26967 | 330 LIB_EXPORT void |
| 26968 | 331 _cpri__ImportExportHashState( |
| 26969 | 332 CPRI_HASH_STATE *osslFmt, // IN/OUT: the hash state formated for use |
| 26970 | 333 // by openSSL |
| 26971 | 334 EXPORT_HASH_STATE *externalFmt, // IN/OUT: the exported hash state |
| 26972 | 335 IMPORT_EXPORT direction // |
| 26973 | 336 ) |
| 26974 | 337 { |
| 26975 | 338 UNREFERENCED_PARAMETER(direction); |
| 26976 | 339 UNREFERENCED_PARAMETER(externalFmt); |
| 26977 | 340 UNREFERENCED_PARAMETER(osslFmt); |
| 26978 | 341 return; |
| 26979 | 342 |
| 26980 | 343 #if 0 |
| 26981 | 344 if(direction == IMPORT_STATE) |
| 26982 | 345 { |
| 26983 | 346 // don't have the import export functions yet so just copy |
| 26984 | 347 _cpri__CopyHashState(osslFmt, (CPRI_HASH_STATE *)externalFmt); |
| 26985 | 348 } |
| 26986 | 349 else |
| 26987 | 350 { |
| 26988 | 351 _cpri__CopyHashState((CPRI_HASH_STATE *)externalFmt, osslFmt); |
| 26989 | 352 } |
| 26990 | 353 #endif |
| 26991 | 354 } |
| 26992 | |
| 26993 | |
| 26994 | |
| 26995 | |
| 26996 | Family "2.0" TCG Published Page 387 |
| 26997 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 26998 | Trusted Platform Module Library Part 4: Supporting Routines |
| 26999 | |
| 27000 | B.8.4.12. _cpri__HashBlock() |
| 27001 | |
| 27002 | Start a hash, hash a single block, update digest and return the size of the results. |
| 27003 | The digestSize parameter can be smaller than the digest. If so, only the more significant bytes are |
| 27004 | returned. |
| 27005 | |
| 27006 | Return Value Meaning |
| 27007 | |
| 27008 | >= 0 number of bytes in digest (may be zero) |
| 27009 | |
| 27010 | 355 LIB_EXPORT UINT16 |
| 27011 | 356 _cpri__HashBlock( |
| 27012 | 357 TPM_ALG_ID hashAlg, // IN: The hash algorithm |
| 27013 | 358 UINT32 dataSize, // IN: size of buffer to hash |
| 27014 | 359 BYTE *data, // IN: the buffer to hash |
| 27015 | 360 UINT32 digestSize, // IN: size of the digest buffer |
| 27016 | 361 BYTE *digest // OUT: hash digest |
| 27017 | 362 ) |
| 27018 | 363 { |
| 27019 | 364 EVP_MD_CTX hashContext; |
| 27020 | 365 EVP_MD *hashServer = NULL; |
| 27021 | 366 UINT16 retVal = 0; |
| 27022 | 367 BYTE b[MAX_DIGEST_SIZE]; // temp buffer in case digestSize not |
| 27023 | 368 // a full digest |
| 27024 | 369 unsigned int dSize = _cpri__GetDigestSize(hashAlg); |
| 27025 | 370 |
| 27026 | 371 // If there is no digest to compute return |
| 27027 | 372 if(dSize == 0) |
| 27028 | 373 return 0; |
| 27029 | 374 |
| 27030 | 375 // After the call to EVP_MD_CTX_init(), will need to call EVP_MD_CTX_cleanup() |
| 27031 | 376 EVP_MD_CTX_init(&hashContext); // Initialize the local hash context |
| 27032 | 377 hashServer = GetHashServer(hashAlg); // Find the hash server |
| 27033 | 378 |
| 27034 | 379 // It is an error if the digest size is non-zero but there is no server |
| 27035 | 380 if( (hashServer == NULL) |
| 27036 | 381 || (EVP_DigestInit_ex(&hashContext, hashServer, NULL) != 1) |
| 27037 | 382 || (EVP_DigestUpdate(&hashContext, data, dataSize) != 1)) |
| 27038 | 383 FAIL(FATAL_ERROR_INTERNAL); |
| 27039 | 384 else |
| 27040 | 385 { |
| 27041 | 386 // If the size of the digest produced (dSize) is larger than the available |
| 27042 | 387 // buffer (digestSize), then put the digest in a temp buffer and only copy |
| 27043 | 388 // the most significant part into the available buffer. |
| 27044 | 389 if(dSize > digestSize) |
| 27045 | 390 { |
| 27046 | 391 if(EVP_DigestFinal_ex(&hashContext, b, &dSize) != 1) |
| 27047 | 392 FAIL(FATAL_ERROR_INTERNAL); |
| 27048 | 393 memcpy(digest, b, digestSize); |
| 27049 | 394 retVal = (UINT16)digestSize; |
| 27050 | 395 } |
| 27051 | 396 else |
| 27052 | 397 { |
| 27053 | 398 if((EVP_DigestFinal_ex(&hashContext, digest, &dSize)) != 1) |
| 27054 | 399 FAIL(FATAL_ERROR_INTERNAL); |
| 27055 | 400 retVal = (UINT16) dSize; |
| 27056 | 401 } |
| 27057 | 402 } |
| 27058 | 403 EVP_MD_CTX_cleanup(&hashContext); |
| 27059 | 404 return retVal; |
| 27060 | 405 } |
| 27061 | |
| 27062 | |
| 27063 | |
| 27064 | |
| 27065 | Page 388 TCG Published Family "2.0" |
| 27066 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 27067 | Part 4: Supporting Routines Trusted Platform Module Library |
| 27068 | |
| 27069 | B.8.5. HMAC Functions |
| 27070 | |
| 27071 | B.8.5.1. _cpri__StartHMAC |
| 27072 | |
| 27073 | This function is used to start an HMAC using a temp hash context. The function does the initialization of |
| 27074 | the hash with the HMAC key XOR iPad and updates the HMAC key XOR oPad. |
| 27075 | The function returns the number of bytes in a digest produced by hashAlg. |
| 27076 | |
| 27077 | Return Value Meaning |
| 27078 | |
| 27079 | >= 0 number of bytes in digest produced by hashAlg (may be zero) |
| 27080 | |
| 27081 | 406 LIB_EXPORT UINT16 |
| 27082 | 407 _cpri__StartHMAC( |
| 27083 | 408 TPM_ALG_ID hashAlg, // IN: the algorithm to use |
| 27084 | 409 BOOL sequence, // IN: indicates if the state should be |
| 27085 | 410 // saved |
| 27086 | 411 CPRI_HASH_STATE *state, // IN/OUT: the state buffer |
| 27087 | 412 UINT16 keySize, // IN: the size of the HMAC key |
| 27088 | 413 BYTE *key, // IN: the HMAC key |
| 27089 | 414 TPM2B *oPadKey // OUT: the key prepared for the oPad round |
| 27090 | 415 ) |
| 27091 | 416 { |
| 27092 | 417 CPRI_HASH_STATE localState; |
| 27093 | 418 UINT16 blockSize = _cpri__GetHashBlockSize(hashAlg); |
| 27094 | 419 UINT16 digestSize; |
| 27095 | 420 BYTE *pb; // temp pointer |
| 27096 | 421 UINT32 i; |
| 27097 | 422 |
| 27098 | 423 // If the key size is larger than the block size, then the hash of the key |
| 27099 | 424 // is used as the key |
| 27100 | 425 if(keySize > blockSize) |
| 27101 | 426 { |
| 27102 | 427 // large key so digest |
| 27103 | 428 if((digestSize = _cpri__StartHash(hashAlg, FALSE, &localState)) == 0) |
| 27104 | 429 return 0; |
| 27105 | 430 _cpri__UpdateHash(&localState, keySize, key); |
| 27106 | 431 _cpri__CompleteHash(&localState, digestSize, oPadKey->buffer); |
| 27107 | 432 oPadKey->size = digestSize; |
| 27108 | 433 } |
| 27109 | 434 else |
| 27110 | 435 { |
| 27111 | 436 // key size is ok |
| 27112 | 437 memcpy(oPadKey->buffer, key, keySize); |
| 27113 | 438 oPadKey->size = keySize; |
| 27114 | 439 } |
| 27115 | 440 // XOR the key with iPad (0x36) |
| 27116 | 441 pb = oPadKey->buffer; |
| 27117 | 442 for(i = oPadKey->size; i > 0; i--) |
| 27118 | 443 *pb++ ^= 0x36; |
| 27119 | 444 |
| 27120 | 445 // if the keySize is smaller than a block, fill the rest with 0x36 |
| 27121 | 446 for(i = blockSize - oPadKey->size; i > 0; i--) |
| 27122 | 447 *pb++ = 0x36; |
| 27123 | 448 |
| 27124 | 449 // Increase the oPadSize to a full block |
| 27125 | 450 oPadKey->size = blockSize; |
| 27126 | 451 |
| 27127 | 452 // Start a new hash with the HMAC key |
| 27128 | 453 // This will go in the caller's state structure and may be a sequence or not |
| 27129 | 454 |
| 27130 | 455 if((digestSize = _cpri__StartHash(hashAlg, sequence, state)) > 0) |
| 27131 | 456 { |
| 27132 | |
| 27133 | Family "2.0" TCG Published Page 389 |
| 27134 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 27135 | Trusted Platform Module Library Part 4: Supporting Routines |
| 27136 | |
| 27137 | 457 |
| 27138 | 458 _cpri__UpdateHash(state, oPadKey->size, oPadKey->buffer); |
| 27139 | 459 |
| 27140 | 460 // XOR the key block with 0x5c ^ 0x36 |
| 27141 | 461 for(pb = oPadKey->buffer, i = blockSize; i > 0; i--) |
| 27142 | 462 *pb++ ^= (0x5c ^ 0x36); |
| 27143 | 463 } |
| 27144 | 464 |
| 27145 | 465 return digestSize; |
| 27146 | 466 } |
| 27147 | |
| 27148 | |
| 27149 | B.8.5.2. _cpri_CompleteHMAC() |
| 27150 | |
| 27151 | This function is called to complete an HMAC. It will finish the current digest, and start a new digest. It will |
| 27152 | then add the oPadKey and the completed digest and return the results in dOut. It will not return more than |
| 27153 | dOutSize bytes. |
| 27154 | |
| 27155 | Return Value Meaning |
| 27156 | |
| 27157 | >= 0 number of bytes in dOut (may be zero) |
| 27158 | |
| 27159 | 467 LIB_EXPORT UINT16 |
| 27160 | 468 _cpri__CompleteHMAC( |
| 27161 | 469 CPRI_HASH_STATE *hashState, // IN: the state of hash stack |
| 27162 | 470 TPM2B *oPadKey, // IN: the HMAC key in oPad format |
| 27163 | 471 UINT32 dOutSize, // IN: size of digest buffer |
| 27164 | 472 BYTE *dOut // OUT: hash digest |
| 27165 | 473 ) |
| 27166 | 474 { |
| 27167 | 475 BYTE digest[MAX_DIGEST_SIZE]; |
| 27168 | 476 CPRI_HASH_STATE *state = (CPRI_HASH_STATE *)hashState; |
| 27169 | 477 CPRI_HASH_STATE localState; |
| 27170 | 478 UINT16 digestSize = _cpri__GetDigestSize(state->hashAlg); |
| 27171 | 479 |
| 27172 | 480 _cpri__CompleteHash(hashState, digestSize, digest); |
| 27173 | 481 |
| 27174 | 482 // Using the local hash state, do a hash with the oPad |
| 27175 | 483 if(_cpri__StartHash(state->hashAlg, FALSE, &localState) != digestSize) |
| 27176 | 484 return 0; |
| 27177 | 485 |
| 27178 | 486 _cpri__UpdateHash(&localState, oPadKey->size, oPadKey->buffer); |
| 27179 | 487 _cpri__UpdateHash(&localState, digestSize, digest); |
| 27180 | 488 return _cpri__CompleteHash(&localState, dOutSize, dOut); |
| 27181 | 489 } |
| 27182 | |
| 27183 | |
| 27184 | B.8.6. Mask and Key Generation Functions |
| 27185 | |
| 27186 | B.8.6.1. _crypi_MGF1() |
| 27187 | |
| 27188 | This function performs MGF1 using the selected hash. MGF1 is T(n) = T(n-1) || H(seed || counter). This |
| 27189 | function returns the length of the mask produced which could be zero if the digest algorithm is not |
| 27190 | supported |
| 27191 | |
| 27192 | Return Value Meaning |
| 27193 | |
| 27194 | 0 hash algorithm not supported |
| 27195 | >0 should be the same as mSize |
| 27196 | |
| 27197 | 490 LIB_EXPORT CRYPT_RESULT |
| 27198 | 491 _cpri__MGF1( |
| 27199 | |
| 27200 | Page 390 TCG Published Family "2.0" |
| 27201 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 27202 | Part 4: Supporting Routines Trusted Platform Module Library |
| 27203 | |
| 27204 | 492 UINT32 mSize, // IN: length of the mask to be produced |
| 27205 | 493 BYTE *mask, // OUT: buffer to receive the mask |
| 27206 | 494 TPM_ALG_ID hashAlg, // IN: hash to use |
| 27207 | 495 UINT32 sSize, // IN: size of the seed |
| 27208 | 496 BYTE *seed // IN: seed size |
| 27209 | 497 ) |
| 27210 | 498 { |
| 27211 | 499 EVP_MD_CTX hashContext; |
| 27212 | 500 EVP_MD *hashServer = NULL; |
| 27213 | 501 CRYPT_RESULT retVal = 0; |
| 27214 | 502 BYTE b[MAX_DIGEST_SIZE]; // temp buffer in case mask is not an |
| 27215 | 503 // even multiple of a full digest |
| 27216 | 504 CRYPT_RESULT dSize = _cpri__GetDigestSize(hashAlg); |
| 27217 | 505 unsigned int digestSize = (UINT32)dSize; |
| 27218 | 506 UINT32 remaining; |
| 27219 | 507 UINT32 counter; |
| 27220 | 508 BYTE swappedCounter[4]; |
| 27221 | 509 |
| 27222 | 510 // Parameter check |
| 27223 | 511 if(mSize > (1024*16)) // Semi-arbitrary maximum |
| 27224 | 512 FAIL(FATAL_ERROR_INTERNAL); |
| 27225 | 513 |
| 27226 | 514 // If there is no digest to compute return |
| 27227 | 515 if(dSize <= 0) |
| 27228 | 516 return 0; |
| 27229 | 517 |
| 27230 | 518 EVP_MD_CTX_init(&hashContext); // Initialize the local hash context |
| 27231 | 519 hashServer = GetHashServer(hashAlg); // Find the hash server |
| 27232 | 520 if(hashServer == NULL) |
| 27233 | 521 // If there is no server, then there is no digest |
| 27234 | 522 return 0; |
| 27235 | 523 |
| 27236 | 524 for(counter = 0, remaining = mSize; remaining > 0; counter++) |
| 27237 | 525 { |
| 27238 | 526 // Because the system may be either Endian... |
| 27239 | 527 UINT32_TO_BYTE_ARRAY(counter, swappedCounter); |
| 27240 | 528 |
| 27241 | 529 // Start the hash and include the seed and counter |
| 27242 | 530 if( (EVP_DigestInit_ex(&hashContext, hashServer, NULL) != 1) |
| 27243 | 531 || (EVP_DigestUpdate(&hashContext, seed, sSize) != 1) |
| 27244 | 532 || (EVP_DigestUpdate(&hashContext, swappedCounter, 4) != 1) |
| 27245 | 533 ) |
| 27246 | 534 FAIL(FATAL_ERROR_INTERNAL); |
| 27247 | 535 |
| 27248 | 536 // Handling the completion depends on how much space remains in the mask |
| 27249 | 537 // buffer. If it can hold the entire digest, put it there. If not |
| 27250 | 538 // put the digest in a temp buffer and only copy the amount that |
| 27251 | 539 // will fit into the mask buffer. |
| 27252 | 540 if(remaining < (unsigned)dSize) |
| 27253 | 541 { |
| 27254 | 542 if(EVP_DigestFinal_ex(&hashContext, b, &digestSize) != 1) |
| 27255 | 543 FAIL(FATAL_ERROR_INTERNAL); |
| 27256 | 544 memcpy(mask, b, remaining); |
| 27257 | 545 break; |
| 27258 | 546 } |
| 27259 | 547 else |
| 27260 | 548 { |
| 27261 | 549 if(EVP_DigestFinal_ex(&hashContext, mask, &digestSize) != 1) |
| 27262 | 550 FAIL(FATAL_ERROR_INTERNAL); |
| 27263 | 551 remaining -= dSize; |
| 27264 | 552 mask = &mask[dSize]; |
| 27265 | 553 } |
| 27266 | 554 retVal = (CRYPT_RESULT)mSize; |
| 27267 | 555 } |
| 27268 | 556 |
| 27269 | 557 EVP_MD_CTX_cleanup(&hashContext); |
| 27270 | |
| 27271 | Family "2.0" TCG Published Page 391 |
| 27272 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 27273 | Trusted Platform Module Library Part 4: Supporting Routines |
| 27274 | |
| 27275 | 558 return retVal; |
| 27276 | 559 } |
| 27277 | |
| 27278 | |
| 27279 | B.8.6.2. _cpri_KDFa() |
| 27280 | |
| 27281 | This function performs the key generation according to Part 1 of the TPM specification. |
| 27282 | This function returns the number of bytes generated which may be zero. |
| 27283 | The key and keyStream pointers are not allowed to be NULL. The other pointer values may be NULL. |
| 27284 | The value of sizeInBits must be no larger than (2^18)-1 = 256K bits (32385 bytes). |
| 27285 | The once parameter is set to allow incremental generation of a large value. If this flag is TRUE, |
| 27286 | sizeInBits will be used in the HMAC computation but only one iteration of the KDF is performed. This |
| 27287 | would be used for XOR obfuscation so that the mask value can be generated in digest-sized chunks |
| 27288 | rather than having to be generated all at once in an arbitrarily large buffer and then XORed() into the |
| 27289 | result. If once is TRUE, then sizeInBits must be a multiple of 8. |
| 27290 | Any error in the processing of this command is considered fatal. |
| 27291 | |
| 27292 | Return Value Meaning |
| 27293 | |
| 27294 | 0 hash algorithm is not supported or is TPM_ALG_NULL |
| 27295 | >0 the number of bytes in the keyStream buffer |
| 27296 | |
| 27297 | 560 LIB_EXPORT UINT16 |
| 27298 | 561 _cpri__KDFa( |
| 27299 | 562 TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC |
| 27300 | 563 TPM2B *key, // IN: HMAC key |
| 27301 | 564 const char *label, // IN: a 0-byte terminated label used in KDF |
| 27302 | 565 TPM2B *contextU, // IN: context U |
| 27303 | 566 TPM2B *contextV, // IN: context V |
| 27304 | 567 UINT32 sizeInBits, // IN: size of generated key in bit |
| 27305 | 568 BYTE *keyStream, // OUT: key buffer |
| 27306 | 569 UINT32 *counterInOut, // IN/OUT: caller may provide the iteration |
| 27307 | 570 // counter for incremental operations to |
| 27308 | 571 // avoid large intermediate buffers. |
| 27309 | 572 BOOL once // IN: TRUE if only one iteration is performed |
| 27310 | 573 // FALSE if iteration count determined by |
| 27311 | 574 // "sizeInBits" |
| 27312 | 575 ) |
| 27313 | 576 { |
| 27314 | 577 UINT32 counter = 0; // counter value |
| 27315 | 578 INT32 lLen = 0; // length of the label |
| 27316 | 579 INT16 hLen; // length of the hash |
| 27317 | 580 INT16 bytes; // number of bytes to produce |
| 27318 | 581 BYTE *stream = keyStream; |
| 27319 | 582 BYTE marshaledUint32[4]; |
| 27320 | 583 CPRI_HASH_STATE hashState; |
| 27321 | 584 TPM2B_MAX_HASH_BLOCK hmacKey; |
| 27322 | 585 |
| 27323 | 586 pAssert(key != NULL && keyStream != NULL); |
| 27324 | 587 pAssert(once == FALSE || (sizeInBits & 7) == 0); |
| 27325 | 588 |
| 27326 | 589 if(counterInOut != NULL) |
| 27327 | 590 counter = *counterInOut; |
| 27328 | 591 |
| 27329 | 592 // Prepare label buffer. Calculate its size and keep the last 0 byte |
| 27330 | 593 if(label != NULL) |
| 27331 | 594 for(lLen = 0; label[lLen++] != 0; ); |
| 27332 | 595 |
| 27333 | 596 // Get the hash size. If it is less than or 0, either the |
| 27334 | 597 // algorithm is not supported or the hash is TPM_ALG_NULL |
| 27335 | |
| 27336 | |
| 27337 | Page 392 TCG Published Family "2.0" |
| 27338 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 27339 | Part 4: Supporting Routines Trusted Platform Module Library |
| 27340 | |
| 27341 | 598 // In either case the digest size is zero. This is the only return |
| 27342 | 599 // other than the one at the end. All other exits from this function |
| 27343 | 600 // are fatal errors. After we check that the algorithm is supported |
| 27344 | 601 // anything else that goes wrong is an implementation flaw. |
| 27345 | 602 if((hLen = (INT16) _cpri__GetDigestSize(hashAlg)) == 0) |
| 27346 | 603 return 0; |
| 27347 | 604 |
| 27348 | 605 // If the size of the request is larger than the numbers will handle, |
| 27349 | 606 // it is a fatal error. |
| 27350 | 607 pAssert(((sizeInBits + 7)/ 8) <= INT16_MAX); |
| 27351 | 608 |
| 27352 | 609 bytes = once ? hLen : (INT16)((sizeInBits + 7) / 8); |
| 27353 | 610 |
| 27354 | 611 // Generate required bytes |
| 27355 | 612 for (; bytes > 0; stream = &stream[hLen], bytes = bytes - hLen) |
| 27356 | 613 { |
| 27357 | 614 if(bytes < hLen) |
| 27358 | 615 hLen = bytes; |
| 27359 | 616 |
| 27360 | 617 counter++; |
| 27361 | 618 // Start HMAC |
| 27362 | 619 if(_cpri__StartHMAC(hashAlg, |
| 27363 | 620 FALSE, |
| 27364 | 621 &hashState, |
| 27365 | 622 key->size, |
| 27366 | 623 &key->buffer[0], |
| 27367 | 624 &hmacKey.b) <= 0) |
| 27368 | 625 FAIL(FATAL_ERROR_INTERNAL); |
| 27369 | 626 |
| 27370 | 627 // Adding counter |
| 27371 | 628 UINT32_TO_BYTE_ARRAY(counter, marshaledUint32); |
| 27372 | 629 _cpri__UpdateHash(&hashState, sizeof(UINT32), marshaledUint32); |
| 27373 | 630 |
| 27374 | 631 // Adding label |
| 27375 | 632 if(label != NULL) |
| 27376 | 633 _cpri__UpdateHash(&hashState, lLen, (BYTE *)label); |
| 27377 | 634 |
| 27378 | 635 // Adding contextU |
| 27379 | 636 if(contextU != NULL) |
| 27380 | 637 _cpri__UpdateHash(&hashState, contextU->size, contextU->buffer); |
| 27381 | 638 |
| 27382 | 639 // Adding contextV |
| 27383 | 640 if(contextV != NULL) |
| 27384 | 641 _cpri__UpdateHash(&hashState, contextV->size, contextV->buffer); |
| 27385 | 642 |
| 27386 | 643 // Adding size in bits |
| 27387 | 644 UINT32_TO_BYTE_ARRAY(sizeInBits, marshaledUint32); |
| 27388 | 645 _cpri__UpdateHash(&hashState, sizeof(UINT32), marshaledUint32); |
| 27389 | 646 |
| 27390 | 647 // Compute HMAC. At the start of each iteration, hLen is set |
| 27391 | 648 // to the smaller of hLen and bytes. This causes bytes to decrement |
| 27392 | 649 // exactly to zero to complete the loop |
| 27393 | 650 _cpri__CompleteHMAC(&hashState, &hmacKey.b, hLen, stream); |
| 27394 | 651 } |
| 27395 | 652 |
| 27396 | 653 // Mask off bits if the required bits is not a multiple of byte size |
| 27397 | 654 if((sizeInBits % 8) != 0) |
| 27398 | 655 keyStream[0] &= ((1 << (sizeInBits % 8)) - 1); |
| 27399 | 656 if(counterInOut != NULL) |
| 27400 | 657 *counterInOut = counter; |
| 27401 | 658 return (CRYPT_RESULT)((sizeInBits + 7)/8); |
| 27402 | 659 } |
| 27403 | |
| 27404 | |
| 27405 | |
| 27406 | |
| 27407 | Family "2.0" TCG Published Page 393 |
| 27408 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 27409 | Trusted Platform Module Library Part 4: Supporting Routines |
| 27410 | |
| 27411 | B.8.6.3. _cpri__KDFe() |
| 27412 | |
| 27413 | KDFe() as defined in TPM specification part 1. |
| 27414 | This function returns the number of bytes generated which may be zero. |
| 27415 | The Z and keyStream pointers are not allowed to be NULL. The other pointer values may be NULL. The |
| 27416 | value of sizeInBits must be no larger than (2^18)-1 = 256K bits (32385 bytes). Any error in the processing |
| 27417 | of this command is considered fatal. |
| 27418 | |
| 27419 | Return Value Meaning |
| 27420 | |
| 27421 | 0 hash algorithm is not supported or is TPM_ALG_NULL |
| 27422 | >0 the number of bytes in the keyStream buffer |
| 27423 | |
| 27424 | 660 LIB_EXPORT UINT16 |
| 27425 | 661 _cpri__KDFe( |
| 27426 | 662 TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC |
| 27427 | 663 TPM2B *Z, // IN: Z |
| 27428 | 664 const char *label, // IN: a 0 terminated label using in KDF |
| 27429 | 665 TPM2B *partyUInfo, // IN: PartyUInfo |
| 27430 | 666 TPM2B *partyVInfo, // IN: PartyVInfo |
| 27431 | 667 UINT32 sizeInBits, // IN: size of generated key in bit |
| 27432 | 668 BYTE *keyStream // OUT: key buffer |
| 27433 | 669 ) |
| 27434 | 670 { |
| 27435 | 671 UINT32 counter = 0; // counter value |
| 27436 | 672 UINT32 lSize = 0; |
| 27437 | 673 BYTE *stream = keyStream; |
| 27438 | 674 CPRI_HASH_STATE hashState; |
| 27439 | 675 INT16 hLen = (INT16) _cpri__GetDigestSize(hashAlg); |
| 27440 | 676 INT16 bytes; // number of bytes to generate |
| 27441 | 677 BYTE marshaledUint32[4]; |
| 27442 | 678 |
| 27443 | 679 pAssert( keyStream != NULL |
| 27444 | 680 && Z != NULL |
| 27445 | 681 && ((sizeInBits + 7) / 8) < INT16_MAX); |
| 27446 | 682 |
| 27447 | 683 if(hLen == 0) |
| 27448 | 684 return 0; |
| 27449 | 685 |
| 27450 | 686 bytes = (INT16)((sizeInBits + 7) / 8); |
| 27451 | 687 |
| 27452 | 688 // Prepare label buffer. Calculate its size and keep the last 0 byte |
| 27453 | 689 if(label != NULL) |
| 27454 | 690 for(lSize = 0; label[lSize++] != 0;); |
| 27455 | 691 |
| 27456 | 692 // Generate required bytes |
| 27457 | 693 //The inner loop of that KDF uses: |
| 27458 | 694 // Hashi := H(counter | Z | OtherInfo) (5) |
| 27459 | 695 // Where: |
| 27460 | 696 // Hashi the hash generated on the i-th iteration of the loop. |
| 27461 | 697 // H() an approved hash function |
| 27462 | 698 // counter a 32-bit counter that is initialized to 1 and incremented |
| 27463 | 699 // on each iteration |
| 27464 | 700 // Z the X coordinate of the product of a public ECC key and a |
| 27465 | 701 // different private ECC key. |
| 27466 | 702 // OtherInfo a collection of qualifying data for the KDF defined below. |
| 27467 | 703 // In this specification, OtherInfo will be constructed by: |
| 27468 | 704 // OtherInfo := Use | PartyUInfo | PartyVInfo |
| 27469 | 705 for (; bytes > 0; stream = &stream[hLen], bytes = bytes - hLen) |
| 27470 | 706 { |
| 27471 | 707 if(bytes < hLen) |
| 27472 | 708 hLen = bytes; |
| 27473 | |
| 27474 | |
| 27475 | Page 394 TCG Published Family "2.0" |
| 27476 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 27477 | Part 4: Supporting Routines Trusted Platform Module Library |
| 27478 | |
| 27479 | 709 |
| 27480 | 710 counter++; |
| 27481 | 711 // Start hash |
| 27482 | 712 if(_cpri__StartHash(hashAlg, FALSE, &hashState) == 0) |
| 27483 | 713 return 0; |
| 27484 | 714 |
| 27485 | 715 // Add counter |
| 27486 | 716 UINT32_TO_BYTE_ARRAY(counter, marshaledUint32); |
| 27487 | 717 _cpri__UpdateHash(&hashState, sizeof(UINT32), marshaledUint32); |
| 27488 | 718 |
| 27489 | 719 // Add Z |
| 27490 | 720 if(Z != NULL) |
| 27491 | 721 _cpri__UpdateHash(&hashState, Z->size, Z->buffer); |
| 27492 | 722 |
| 27493 | 723 // Add label |
| 27494 | 724 if(label != NULL) |
| 27495 | 725 _cpri__UpdateHash(&hashState, lSize, (BYTE *)label); |
| 27496 | 726 else |
| 27497 | 727 |
| 27498 | 728 // The SP800-108 specification requires a zero between the label |
| 27499 | 729 // and the context. |
| 27500 | 730 _cpri__UpdateHash(&hashState, 1, (BYTE *)""); |
| 27501 | 731 |
| 27502 | 732 // Add PartyUInfo |
| 27503 | 733 if(partyUInfo != NULL) |
| 27504 | 734 _cpri__UpdateHash(&hashState, partyUInfo->size, partyUInfo->buffer); |
| 27505 | 735 |
| 27506 | 736 // Add PartyVInfo |
| 27507 | 737 if(partyVInfo != NULL) |
| 27508 | 738 _cpri__UpdateHash(&hashState, partyVInfo->size, partyVInfo->buffer); |
| 27509 | 739 |
| 27510 | 740 // Compute Hash. hLen was changed to be the smaller of bytes or hLen |
| 27511 | 741 // at the start of each iteration. |
| 27512 | 742 _cpri__CompleteHash(&hashState, hLen, stream); |
| 27513 | 743 } |
| 27514 | 744 |
| 27515 | 745 // Mask off bits if the required bits is not a multiple of byte size |
| 27516 | 746 if((sizeInBits % 8) != 0) |
| 27517 | 747 keyStream[0] &= ((1 << (sizeInBits % 8)) - 1); |
| 27518 | 748 |
| 27519 | 749 return (CRYPT_RESULT)((sizeInBits + 7) / 8); |
| 27520 | 750 |
| 27521 | 751 } |
| 27522 | |
| 27523 | |
| 27524 | |
| 27525 | |
| 27526 | Family "2.0" TCG Published Page 395 |
| 27527 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 27528 | Trusted Platform Module Library Part 4: Supporting Routines |
| 27529 | |
| 27530 | |
| 27531 | B.9 CpriHashData.c |
| 27532 | |
| 27533 | This file should be included by the library hash module. |
| 27534 | |
| 27535 | 1 const HASH_INFO g_hashData[HASH_COUNT + 1] = { |
| 27536 | 2 #ifdef TPM_ALG_SHA1 |
| 27537 | 3 {TPM_ALG_SHA1, SHA1_DIGEST_SIZE, SHA1_BLOCK_SIZE, |
| 27538 | 4 SHA1_DER_SIZE, SHA1_DER}, |
| 27539 | 5 #endif |
| 27540 | 6 #ifdef TPM_ALG_SHA256 |
| 27541 | 7 {TPM_ALG_SHA256, SHA256_DIGEST_SIZE, SHA256_BLOCK_SIZE, |
| 27542 | 8 SHA256_DER_SIZE, SHA256_DER}, |
| 27543 | 9 #endif |
| 27544 | 10 #ifdef TPM_ALG_SHA384 |
| 27545 | 11 {TPM_ALG_SHA384, SHA384_DIGEST_SIZE, SHA384_BLOCK_SIZE, |
| 27546 | 12 SHA384_DER_SIZE, SHA384_DER}, |
| 27547 | 13 #endif |
| 27548 | 14 #ifdef TPM_ALG_SM3_256 |
| 27549 | 15 {TPM_ALG_SM3_256, SM3_256_DIGEST_SIZE, SM3_256_BLOCK_SIZE, |
| 27550 | 16 SM3_256_DER_SIZE, SM3_256_DER}, |
| 27551 | 17 #endif |
| 27552 | 18 #ifdef TPM_ALG_SHA512 |
| 27553 | 19 {TPM_ALG_SHA512, SHA512_DIGEST_SIZE, SHA512_BLOCK_SIZE, |
| 27554 | 20 SHA512_DER_SIZE, SHA512_DER}, |
| 27555 | 21 #endif |
| 27556 | 22 {TPM_ALG_NULL,0,0,0,{0}} |
| 27557 | 23 }; |
| 27558 | |
| 27559 | |
| 27560 | |
| 27561 | |
| 27562 | Page 396 TCG Published Family "2.0" |
| 27563 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 27564 | Part 4: Supporting Routines Trusted Platform Module Library |
| 27565 | |
| 27566 | |
| 27567 | B.10 CpriMisc.c |
| 27568 | |
| 27569 | B.10.1. Includes |
| 27570 | |
| 27571 | 1 #include "OsslCryptoEngine.h" |
| 27572 | |
| 27573 | |
| 27574 | B.10.2. Functions |
| 27575 | |
| 27576 | B.10.2.1. BnTo2B() |
| 27577 | |
| 27578 | This function is used to convert a BigNum() to a byte array of the specified size. If the number is too large |
| 27579 | to fit, then 0 is returned. Otherwise, the number is converted into the low-order bytes of the provided array |
| 27580 | and the upper bytes are set to zero. |
| 27581 | |
| 27582 | Return Value Meaning |
| 27583 | |
| 27584 | 0 failure (probably fatal) |
| 27585 | 1 conversion successful |
| 27586 | |
| 27587 | 2 BOOL |
| 27588 | 3 BnTo2B( |
| 27589 | 4 TPM2B *outVal, // OUT: place for the result |
| 27590 | 5 BIGNUM *inVal, // IN: number to convert |
| 27591 | 6 UINT16 size // IN: size of the output. |
| 27592 | 7 ) |
| 27593 | 8 { |
| 27594 | 9 BYTE *pb = outVal->buffer; |
| 27595 | 10 |
| 27596 | 11 outVal->size = size; |
| 27597 | 12 |
| 27598 | 13 size = size - (((UINT16) BN_num_bits(inVal) + 7) / 8); |
| 27599 | 14 if(size < 0) |
| 27600 | 15 return FALSE; |
| 27601 | 16 for(;size > 0; size--) |
| 27602 | 17 *pb++ = 0; |
| 27603 | 18 BN_bn2bin(inVal, pb); |
| 27604 | 19 return TRUE; |
| 27605 | 20 } |
| 27606 | |
| 27607 | |
| 27608 | B.10.2.2. Copy2B() |
| 27609 | |
| 27610 | This function copies a TPM2B structure. The compiler can't generate a copy of a TPM2B generic |
| 27611 | structure because the actual size is not known. This function performs the copy on any TPM2B pair. The |
| 27612 | size of the destination should have been checked before this call to make sure that it will hold the TPM2B |
| 27613 | being copied. |
| 27614 | This replicates the functionality in the MemoryLib.c. |
| 27615 | |
| 27616 | 21 void |
| 27617 | 22 Copy2B( |
| 27618 | 23 TPM2B *out, // OUT: The TPM2B to receive the copy |
| 27619 | 24 TPM2B *in // IN: the TPM2B to copy |
| 27620 | 25 ) |
| 27621 | 26 { |
| 27622 | 27 BYTE *pIn = in->buffer; |
| 27623 | 28 BYTE *pOut = out->buffer; |
| 27624 | 29 int count; |
| 27625 | 30 out->size = in->size; |
| 27626 | 31 for(count = in->size; count > 0; count--) |
| 27627 | |
| 27628 | Family "2.0" TCG Published Page 397 |
| 27629 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 27630 | Trusted Platform Module Library Part 4: Supporting Routines |
| 27631 | |
| 27632 | 32 *pOut++ = *pIn++; |
| 27633 | 33 return; |
| 27634 | 34 } |
| 27635 | |
| 27636 | |
| 27637 | B.10.2.3. BnFrom2B() |
| 27638 | |
| 27639 | This function creates a BIGNUM from a TPM2B and fails if the conversion fails. |
| 27640 | |
| 27641 | 35 BIGNUM * |
| 27642 | 36 BnFrom2B( |
| 27643 | 37 BIGNUM *out, // OUT: The BIGNUM |
| 27644 | 38 const TPM2B *in // IN: the TPM2B to copy |
| 27645 | 39 ) |
| 27646 | 40 { |
| 27647 | 41 if(BN_bin2bn(in->buffer, in->size, out) == NULL) |
| 27648 | 42 FAIL(FATAL_ERROR_INTERNAL); |
| 27649 | 43 return out; |
| 27650 | 44 } |
| 27651 | |
| 27652 | |
| 27653 | |
| 27654 | |
| 27655 | Page 398 TCG Published Family "2.0" |
| 27656 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 27657 | Part 4: Supporting Routines Trusted Platform Module Library |
| 27658 | |
| 27659 | |
| 27660 | B.11 CpriSym.c |
| 27661 | |
| 27662 | B.11.1. Introduction |
| 27663 | |
| 27664 | This file contains the implementation of the symmetric block cipher modes allowed for a TPM. These |
| 27665 | function only use the single block encryption and decryption functions of OpesnSSL(). |
| 27666 | Currently, this module only supports AES encryption. The SM4 code actually calls an AES routine |
| 27667 | |
| 27668 | B.11.2. Includes, Defines, and Typedefs |
| 27669 | |
| 27670 | 1 #include "OsslCryptoEngine.h" |
| 27671 | |
| 27672 | The following sets of defines are used to allow use of the SM4 algorithm identifier while waiting for the |
| 27673 | SM4 implementation code to appear. |
| 27674 | |
| 27675 | 2 typedef AES_KEY SM4_KEY; |
| 27676 | 3 #define SM4_set_encrypt_key AES_set_encrypt_key |
| 27677 | 4 #define SM4_set_decrypt_key AES_set_decrypt_key |
| 27678 | 5 #define SM4_decrypt AES_decrypt |
| 27679 | 6 #define SM4_encrypt AES_encrypt |
| 27680 | |
| 27681 | |
| 27682 | B.11.3. Utility Functions |
| 27683 | |
| 27684 | B.11.3.1. _cpri_SymStartup() |
| 27685 | |
| 27686 | 7 LIB_EXPORT BOOL |
| 27687 | 8 _cpri__SymStartup( |
| 27688 | 9 void |
| 27689 | 10 ) |
| 27690 | 11 { |
| 27691 | 12 return TRUE; |
| 27692 | 13 } |
| 27693 | |
| 27694 | |
| 27695 | B.11.3.2. _cpri__GetSymmetricBlockSize() |
| 27696 | |
| 27697 | This function returns the block size of the algorithm. |
| 27698 | |
| 27699 | Return Value Meaning |
| 27700 | |
| 27701 | <= 0 cipher not supported |
| 27702 | >0 the cipher block size in bytes |
| 27703 | |
| 27704 | 14 LIB_EXPORT INT16 |
| 27705 | 15 _cpri__GetSymmetricBlockSize( |
| 27706 | 16 TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm |
| 27707 | 17 UINT16 keySizeInBits // IN: the key size |
| 27708 | 18 ) |
| 27709 | 19 { |
| 27710 | 20 switch (symmetricAlg) |
| 27711 | 21 { |
| 27712 | 22 #ifdef TPM_ALG_AES |
| 27713 | 23 case TPM_ALG_AES: |
| 27714 | 24 #endif |
| 27715 | 25 #ifdef TPM_ALG_SM4 // Both AES and SM4 use the same block size |
| 27716 | 26 case TPM_ALG_SM4: |
| 27717 | 27 #endif |
| 27718 | 28 if(keySizeInBits != 0) // This is mostly to have a reference to |
| 27719 | |
| 27720 | Family "2.0" TCG Published Page 399 |
| 27721 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 27722 | Trusted Platform Module Library Part 4: Supporting Routines |
| 27723 | |
| 27724 | 29 // keySizeInBits for the compiler |
| 27725 | 30 return 16; |
| 27726 | 31 else |
| 27727 | 32 return 0; |
| 27728 | 33 break; |
| 27729 | 34 |
| 27730 | 35 default: |
| 27731 | 36 return 0; |
| 27732 | 37 } |
| 27733 | 38 } |
| 27734 | |
| 27735 | |
| 27736 | B.11.4. AES Encryption |
| 27737 | |
| 27738 | B.11.4.1. _cpri__AESEncryptCBC() |
| 27739 | |
| 27740 | This function performs AES encryption in CBC chain mode. The input dIn buffer is encrypted into dOut. |
| 27741 | The input iv buffer is required to have a size equal to the block size (16 bytes). The dInSize is required to |
| 27742 | be a multiple of the block size. |
| 27743 | |
| 27744 | Return Value Meaning |
| 27745 | |
| 27746 | CRYPT_SUCCESS if success |
| 27747 | CRYPT_PARAMETER dInSize is not a multiple of the block size |
| 27748 | |
| 27749 | 39 LIB_EXPORT CRYPT_RESULT |
| 27750 | 40 _cpri__AESEncryptCBC( |
| 27751 | 41 BYTE *dOut, // OUT: |
| 27752 | 42 UINT32 keySizeInBits, // IN: key size in bit |
| 27753 | 43 BYTE *key, // IN: key buffer. The size of this buffer in |
| 27754 | 44 // bytes is (keySizeInBits + 7) / 8 |
| 27755 | 45 BYTE *iv, // IN/OUT: IV for decryption. |
| 27756 | 46 UINT32 dInSize, // IN: data size (is required to be a multiple |
| 27757 | 47 // of 16 bytes) |
| 27758 | 48 BYTE *dIn // IN: data buffer |
| 27759 | 49 ) |
| 27760 | 50 { |
| 27761 | 51 AES_KEY AesKey; |
| 27762 | 52 BYTE *pIv; |
| 27763 | 53 INT32 dSize; // Need a signed version |
| 27764 | 54 int i; |
| 27765 | 55 |
| 27766 | 56 pAssert(dOut != NULL && key != NULL && iv != NULL && dIn != NULL); |
| 27767 | 57 |
| 27768 | 58 if(dInSize == 0) |
| 27769 | 59 return CRYPT_SUCCESS; |
| 27770 | 60 |
| 27771 | 61 pAssert(dInSize <= INT32_MAX); |
| 27772 | 62 dSize = (INT32)dInSize; |
| 27773 | 63 |
| 27774 | 64 // For CBC, the data size must be an even multiple of the |
| 27775 | 65 // cipher block size |
| 27776 | 66 if((dSize % 16) != 0) |
| 27777 | 67 return CRYPT_PARAMETER; |
| 27778 | 68 |
| 27779 | 69 // Create AES encrypt key schedule |
| 27780 | 70 if (AES_set_encrypt_key(key, keySizeInBits, &AesKey) != 0) |
| 27781 | 71 FAIL(FATAL_ERROR_INTERNAL); |
| 27782 | 72 |
| 27783 | 73 // XOR the data block into the IV, encrypt the IV into the IV |
| 27784 | 74 // and then copy the IV to the output |
| 27785 | 75 for(; dSize > 0; dSize -= 16) |
| 27786 | 76 { |
| 27787 | |
| 27788 | Page 400 TCG Published Family "2.0" |
| 27789 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 27790 | Part 4: Supporting Routines Trusted Platform Module Library |
| 27791 | |
| 27792 | 77 pIv = iv; |
| 27793 | 78 for(i = 16; i > 0; i--) |
| 27794 | 79 *pIv++ ^= *dIn++; |
| 27795 | 80 AES_encrypt(iv, iv, &AesKey); |
| 27796 | 81 pIv = iv; |
| 27797 | 82 for(i = 16; i > 0; i--) |
| 27798 | 83 *dOut++ = *pIv++; |
| 27799 | 84 } |
| 27800 | 85 return CRYPT_SUCCESS; |
| 27801 | 86 } |
| 27802 | |
| 27803 | |
| 27804 | B.11.4.2. _cpri__AESDecryptCBC() |
| 27805 | |
| 27806 | This function performs AES decryption in CBC chain mode. The input dIn buffer is decrypted into dOut. |
| 27807 | The input iv buffer is required to have a size equal to the block size (16 bytes). The dInSize is required to |
| 27808 | be a multiple of the block size. |
| 27809 | |
| 27810 | Return Value Meaning |
| 27811 | |
| 27812 | CRYPT_SUCCESS if success |
| 27813 | CRYPT_PARAMETER dInSize is not a multiple of the block size |
| 27814 | |
| 27815 | 87 LIB_EXPORT CRYPT_RESULT |
| 27816 | 88 _cpri__AESDecryptCBC( |
| 27817 | 89 BYTE *dOut, // OUT: the decrypted data |
| 27818 | 90 UINT32 keySizeInBits, // IN: key size in bit |
| 27819 | 91 BYTE *key, // IN: key buffer. The size of this buffer in |
| 27820 | 92 // bytes is (keySizeInBits + 7) / 8 |
| 27821 | 93 BYTE *iv, // IN/OUT: IV for decryption. The size of this |
| 27822 | 94 // buffer is 16 byte |
| 27823 | 95 UINT32 dInSize, // IN: data size |
| 27824 | 96 BYTE *dIn // IN: data buffer |
| 27825 | 97 ) |
| 27826 | 98 { |
| 27827 | 99 AES_KEY AesKey; |
| 27828 | 100 BYTE *pIv; |
| 27829 | 101 int i; |
| 27830 | 102 BYTE tmp[16]; |
| 27831 | 103 BYTE *pT = NULL; |
| 27832 | 104 INT32 dSize; |
| 27833 | 105 |
| 27834 | 106 pAssert(dOut != NULL && key != NULL && iv != NULL && dIn != NULL); |
| 27835 | 107 |
| 27836 | 108 if(dInSize == 0) |
| 27837 | 109 return CRYPT_SUCCESS; |
| 27838 | 110 |
| 27839 | 111 pAssert(dInSize <= INT32_MAX); |
| 27840 | 112 dSize = (INT32)dInSize; |
| 27841 | 113 |
| 27842 | 114 // For CBC, the data size must be an even multiple of the |
| 27843 | 115 // cipher block size |
| 27844 | 116 if((dSize % 16) != 0) |
| 27845 | 117 return CRYPT_PARAMETER; |
| 27846 | 118 |
| 27847 | 119 // Create AES key schedule |
| 27848 | 120 if (AES_set_decrypt_key(key, keySizeInBits, &AesKey) != 0) |
| 27849 | 121 FAIL(FATAL_ERROR_INTERNAL); |
| 27850 | 122 |
| 27851 | 123 // Copy the input data to a temp buffer, decrypt the buffer into the output; |
| 27852 | 124 // XOR in the IV, and copy the temp buffer to the IV and repeat. |
| 27853 | 125 for(; dSize > 0; dSize -= 16) |
| 27854 | 126 { |
| 27855 | |
| 27856 | |
| 27857 | Family "2.0" TCG Published Page 401 |
| 27858 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 27859 | Trusted Platform Module Library Part 4: Supporting Routines |
| 27860 | |
| 27861 | 127 pT = tmp; |
| 27862 | 128 for(i = 16; i> 0; i--) |
| 27863 | 129 *pT++ = *dIn++; |
| 27864 | 130 AES_decrypt(tmp, dOut, &AesKey); |
| 27865 | 131 pIv = iv; |
| 27866 | 132 pT = tmp; |
| 27867 | 133 for(i = 16; i> 0; i--) |
| 27868 | 134 { |
| 27869 | 135 *dOut++ ^= *pIv; |
| 27870 | 136 *pIv++ = *pT++; |
| 27871 | 137 } |
| 27872 | 138 } |
| 27873 | 139 return CRYPT_SUCCESS; |
| 27874 | 140 } |
| 27875 | |
| 27876 | |
| 27877 | B.11.4.3. _cpri__AESEncryptCFB() |
| 27878 | |
| 27879 | This function performs AES encryption in CFB chain mode. The dOut buffer receives the values |
| 27880 | encrypted dIn. The input iv is assumed to be the size of an encryption block (16 bytes). The iv buffer will |
| 27881 | be modified to contain the last encrypted block. |
| 27882 | |
| 27883 | Return Value Meaning |
| 27884 | |
| 27885 | CRYPT_SUCCESS no non-fatal errors |
| 27886 | |
| 27887 | 141 LIB_EXPORT CRYPT_RESULT |
| 27888 | 142 _cpri__AESEncryptCFB( |
| 27889 | 143 BYTE *dOut, // OUT: the encrypted |
| 27890 | 144 UINT32 keySizeInBits, // IN: key size in bit |
| 27891 | 145 BYTE *key, // IN: key buffer. The size of this buffer in |
| 27892 | 146 // bytes is (keySizeInBits + 7) / 8 |
| 27893 | 147 BYTE *iv, // IN/OUT: IV for decryption. |
| 27894 | 148 UINT32 dInSize, // IN: data size |
| 27895 | 149 BYTE *dIn // IN: data buffer |
| 27896 | 150 ) |
| 27897 | 151 { |
| 27898 | 152 BYTE *pIv = NULL; |
| 27899 | 153 AES_KEY AesKey; |
| 27900 | 154 INT32 dSize; // Need a signed version of dInSize |
| 27901 | 155 int i; |
| 27902 | 156 |
| 27903 | 157 pAssert(dOut != NULL && key != NULL && iv != NULL && dIn != NULL); |
| 27904 | 158 |
| 27905 | 159 if(dInSize == 0) |
| 27906 | 160 return CRYPT_SUCCESS; |
| 27907 | 161 |
| 27908 | 162 pAssert(dInSize <= INT32_MAX); |
| 27909 | 163 dSize = (INT32)dInSize; |
| 27910 | 164 |
| 27911 | 165 // Create AES encryption key schedule |
| 27912 | 166 if (AES_set_encrypt_key(key, keySizeInBits, &AesKey) != 0) |
| 27913 | 167 FAIL(FATAL_ERROR_INTERNAL); |
| 27914 | 168 |
| 27915 | 169 // Encrypt the IV into the IV, XOR in the data, and copy to output |
| 27916 | 170 for(; dSize > 0; dSize -= 16) |
| 27917 | 171 { |
| 27918 | 172 // Encrypt the current value of the IV |
| 27919 | 173 AES_encrypt(iv, iv, &AesKey); |
| 27920 | 174 pIv = iv; |
| 27921 | 175 for(i = (int)(dSize < 16) ? dSize : 16; i > 0; i--) |
| 27922 | 176 // XOR the data into the IV to create the cipher text |
| 27923 | 177 // and put into the output |
| 27924 | 178 *dOut++ = *pIv++ ^= *dIn++; |
| 27925 | 179 } |
| 27926 | |
| 27927 | Page 402 TCG Published Family "2.0" |
| 27928 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 27929 | Part 4: Supporting Routines Trusted Platform Module Library |
| 27930 | |
| 27931 | 180 // If the inner loop (i loop) was smaller than 16, then dSize would have been |
| 27932 | 181 // smaller than 16 and it is now negative. If it is negative, then it indicates |
| 27933 | 182 // how many bytes are needed to pad out the IV for the next round. |
| 27934 | 183 for(; dSize < 0; dSize++) |
| 27935 | 184 *pIv++ = 0; |
| 27936 | 185 return CRYPT_SUCCESS; |
| 27937 | 186 } |
| 27938 | |
| 27939 | |
| 27940 | B.11.4.4. _cpri__AESDecryptCFB() |
| 27941 | |
| 27942 | This function performs AES decrypt in CFB chain mode. The dOut buffer receives the values decrypted |
| 27943 | from dIn. |
| 27944 | The input iv is assumed to be the size of an encryption block (16 bytes). The iv buffer will be modified to |
| 27945 | contain the last decoded block, padded with zeros |
| 27946 | |
| 27947 | Return Value Meaning |
| 27948 | |
| 27949 | CRYPT_SUCCESS no non-fatal errors |
| 27950 | |
| 27951 | 187 LIB_EXPORT CRYPT_RESULT |
| 27952 | 188 _cpri__AESDecryptCFB( |
| 27953 | 189 BYTE *dOut, // OUT: the decrypted data |
| 27954 | 190 UINT32 keySizeInBits, // IN: key size in bit |
| 27955 | 191 BYTE *key, // IN: key buffer. The size of this buffer in |
| 27956 | 192 // bytes is (keySizeInBits + 7) / 8 |
| 27957 | 193 BYTE *iv, // IN/OUT: IV for decryption. |
| 27958 | 194 UINT32 dInSize, // IN: data size |
| 27959 | 195 BYTE *dIn // IN: data buffer |
| 27960 | 196 ) |
| 27961 | 197 { |
| 27962 | 198 BYTE *pIv = NULL; |
| 27963 | 199 BYTE tmp[16]; |
| 27964 | 200 int i; |
| 27965 | 201 BYTE *pT; |
| 27966 | 202 AES_KEY AesKey; |
| 27967 | 203 INT32 dSize; |
| 27968 | 204 |
| 27969 | 205 pAssert(dOut != NULL && key != NULL && iv != NULL && dIn != NULL); |
| 27970 | 206 |
| 27971 | 207 if(dInSize == 0) |
| 27972 | 208 return CRYPT_SUCCESS; |
| 27973 | 209 |
| 27974 | 210 pAssert(dInSize <= INT32_MAX); |
| 27975 | 211 dSize = (INT32)dInSize; |
| 27976 | 212 |
| 27977 | 213 // Create AES encryption key schedule |
| 27978 | 214 if (AES_set_encrypt_key(key, keySizeInBits, &AesKey) != 0) |
| 27979 | 215 FAIL(FATAL_ERROR_INTERNAL); |
| 27980 | 216 |
| 27981 | 217 for(; dSize > 0; dSize -= 16) |
| 27982 | 218 { |
| 27983 | 219 // Encrypt the IV into the temp buffer |
| 27984 | 220 AES_encrypt(iv, tmp, &AesKey); |
| 27985 | 221 pT = tmp; |
| 27986 | 222 pIv = iv; |
| 27987 | 223 for(i = (dSize < 16) ? dSize : 16; i > 0; i--) |
| 27988 | 224 // Copy the current cipher text to IV, XOR |
| 27989 | 225 // with the temp buffer and put into the output |
| 27990 | 226 *dOut++ = *pT++ ^ (*pIv++ = *dIn++); |
| 27991 | 227 } |
| 27992 | 228 // If the inner loop (i loop) was smaller than 16, then dSize |
| 27993 | 229 // would have been smaller than 16 and it is now negative |
| 27994 | 230 // If it is negative, then it indicates how may fill bytes |
| 27995 | |
| 27996 | Family "2.0" TCG Published Page 403 |
| 27997 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 27998 | Trusted Platform Module Library Part 4: Supporting Routines |
| 27999 | |
| 28000 | 231 // are needed to pad out the IV for the next round. |
| 28001 | 232 for(; dSize < 0; dSize++) |
| 28002 | 233 *pIv++ = 0; |
| 28003 | 234 |
| 28004 | 235 return CRYPT_SUCCESS; |
| 28005 | 236 } |
| 28006 | |
| 28007 | |
| 28008 | B.11.4.5. _cpri__AESEncryptCTR() |
| 28009 | |
| 28010 | This function performs AES encryption/decryption in CTR chain mode. The dIn buffer is encrypted into |
| 28011 | dOut. The input iv buffer is assumed to have a size equal to the AES block size (16 bytes). The iv will be |
| 28012 | incremented by the number of blocks (full and partial) that were encrypted. |
| 28013 | |
| 28014 | Return Value Meaning |
| 28015 | |
| 28016 | CRYPT_SUCCESS no non-fatal errors |
| 28017 | |
| 28018 | 237 LIB_EXPORT CRYPT_RESULT |
| 28019 | 238 _cpri__AESEncryptCTR( |
| 28020 | 239 BYTE *dOut, // OUT: the encrypted data |
| 28021 | 240 UINT32 keySizeInBits, // IN: key size in bit |
| 28022 | 241 BYTE *key, // IN: key buffer. The size of this buffer in |
| 28023 | 242 // bytes is (keySizeInBits + 7) / 8 |
| 28024 | 243 BYTE *iv, // IN/OUT: IV for decryption. |
| 28025 | 244 UINT32 dInSize, // IN: data size |
| 28026 | 245 BYTE *dIn // IN: data buffer |
| 28027 | 246 ) |
| 28028 | 247 { |
| 28029 | 248 BYTE tmp[16]; |
| 28030 | 249 BYTE *pT; |
| 28031 | 250 AES_KEY AesKey; |
| 28032 | 251 int i; |
| 28033 | 252 INT32 dSize; |
| 28034 | 253 |
| 28035 | 254 pAssert(dOut != NULL && key != NULL && iv != NULL && dIn != NULL); |
| 28036 | 255 |
| 28037 | 256 if(dInSize == 0) |
| 28038 | 257 return CRYPT_SUCCESS; |
| 28039 | 258 |
| 28040 | 259 pAssert(dInSize <= INT32_MAX); |
| 28041 | 260 dSize = (INT32)dInSize; |
| 28042 | 261 |
| 28043 | 262 // Create AES encryption schedule |
| 28044 | 263 if (AES_set_encrypt_key(key, keySizeInBits, &AesKey) != 0) |
| 28045 | 264 FAIL(FATAL_ERROR_INTERNAL); |
| 28046 | 265 |
| 28047 | 266 for(; dSize > 0; dSize -= 16) |
| 28048 | 267 { |
| 28049 | 268 // Encrypt the current value of the IV(counter) |
| 28050 | 269 AES_encrypt(iv, (BYTE *)tmp, &AesKey); |
| 28051 | 270 |
| 28052 | 271 //increment the counter (counter is big-endian so start at end) |
| 28053 | 272 for(i = 15; i >= 0; i--) |
| 28054 | 273 if((iv[i] += 1) != 0) |
| 28055 | 274 break; |
| 28056 | 275 |
| 28057 | 276 // XOR the encrypted counter value with input and put into output |
| 28058 | 277 pT = tmp; |
| 28059 | 278 for(i = (dSize < 16) ? dSize : 16; i > 0; i--) |
| 28060 | 279 *dOut++ = *dIn++ ^ *pT++; |
| 28061 | 280 } |
| 28062 | 281 return CRYPT_SUCCESS; |
| 28063 | 282 } |
| 28064 | |
| 28065 | |
| 28066 | Page 404 TCG Published Family "2.0" |
| 28067 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 28068 | Part 4: Supporting Routines Trusted Platform Module Library |
| 28069 | |
| 28070 | B.11.4.6. _cpri__AESDecryptCTR() |
| 28071 | |
| 28072 | Counter mode decryption uses the same algorithm as encryption. The _cpri__AESDecryptCTR() function |
| 28073 | is implemented as a macro call to _cpri__AESEncryptCTR(). (skip) |
| 28074 | |
| 28075 | 283 //% #define _cpri__AESDecryptCTR(dOut, keySize, key, iv, dInSize, dIn) \ |
| 28076 | 284 //% _cpri__AESEncryptCTR( \ |
| 28077 | 285 //% ((BYTE *)dOut), \ |
| 28078 | 286 //% ((UINT32)keySize), \ |
| 28079 | 287 //% ((BYTE *)key), \ |
| 28080 | 288 //% ((BYTE *)iv), \ |
| 28081 | 289 //% ((UINT32)dInSize), \ |
| 28082 | 290 //% ((BYTE *)dIn) \ |
| 28083 | 291 //% ) |
| 28084 | 292 //% |
| 28085 | 293 // The //% is used by the prototype extraction program to cause it to include the |
| 28086 | 294 // line in the prototype file after removing the //%. Need an extra line with |
| 28087 | |
| 28088 | nothing on it so that a blank line will separate this macro from the next definition. |
| 28089 | |
| 28090 | B.11.4.7. _cpri__AESEncryptECB() |
| 28091 | |
| 28092 | AES encryption in ECB mode. The data buffer is modified to contain the cipher text. |
| 28093 | |
| 28094 | Return Value Meaning |
| 28095 | |
| 28096 | CRYPT_SUCCESS no non-fatal errors |
| 28097 | |
| 28098 | 295 LIB_EXPORT CRYPT_RESULT |
| 28099 | 296 _cpri__AESEncryptECB( |
| 28100 | 297 BYTE *dOut, // OUT: encrypted data |
| 28101 | 298 UINT32 keySizeInBits, // IN: key size in bit |
| 28102 | 299 BYTE *key, // IN: key buffer. The size of this buffer in |
| 28103 | 300 // bytes is (keySizeInBits + 7) / 8 |
| 28104 | 301 UINT32 dInSize, // IN: data size |
| 28105 | 302 BYTE *dIn // IN: clear text buffer |
| 28106 | 303 ) |
| 28107 | 304 { |
| 28108 | 305 AES_KEY AesKey; |
| 28109 | 306 INT32 dSize; |
| 28110 | 307 |
| 28111 | 308 pAssert(dOut != NULL && key != NULL && dIn != NULL); |
| 28112 | 309 |
| 28113 | 310 if(dInSize == 0) |
| 28114 | 311 return CRYPT_SUCCESS; |
| 28115 | 312 |
| 28116 | 313 pAssert(dInSize <= INT32_MAX); |
| 28117 | 314 dSize = (INT32)dInSize; |
| 28118 | 315 |
| 28119 | 316 // For ECB, the data size must be an even multiple of the |
| 28120 | 317 // cipher block size |
| 28121 | 318 if((dSize % 16) != 0) |
| 28122 | 319 return CRYPT_PARAMETER; |
| 28123 | 320 // Create AES encrypting key schedule |
| 28124 | 321 if (AES_set_encrypt_key(key, keySizeInBits, &AesKey) != 0) |
| 28125 | 322 FAIL(FATAL_ERROR_INTERNAL); |
| 28126 | 323 |
| 28127 | 324 for(; dSize > 0; dSize -= 16) |
| 28128 | 325 { |
| 28129 | 326 AES_encrypt(dIn, dOut, &AesKey); |
| 28130 | 327 dIn = &dIn[16]; |
| 28131 | 328 dOut = &dOut[16]; |
| 28132 | 329 } |
| 28133 | |
| 28134 | Family "2.0" TCG Published Page 405 |
| 28135 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 28136 | Trusted Platform Module Library Part 4: Supporting Routines |
| 28137 | |
| 28138 | 330 return CRYPT_SUCCESS; |
| 28139 | 331 } |
| 28140 | |
| 28141 | |
| 28142 | B.11.4.8. _cpri__AESDecryptECB() |
| 28143 | |
| 28144 | This function performs AES decryption using ECB (not recommended). The cipher text dIn is decrypted |
| 28145 | into dOut. |
| 28146 | |
| 28147 | Return Value Meaning |
| 28148 | |
| 28149 | CRYPT_SUCCESS no non-fatal errors |
| 28150 | |
| 28151 | 332 LIB_EXPORT CRYPT_RESULT |
| 28152 | 333 _cpri__AESDecryptECB( |
| 28153 | 334 BYTE *dOut, // OUT: the clear text data |
| 28154 | 335 UINT32 keySizeInBits, // IN: key size in bit |
| 28155 | 336 BYTE *key, // IN: key buffer. The size of this buffer in |
| 28156 | 337 // bytes is (keySizeInBits + 7) / 8 |
| 28157 | 338 UINT32 dInSize, // IN: data size |
| 28158 | 339 BYTE *dIn // IN: cipher text buffer |
| 28159 | 340 ) |
| 28160 | 341 { |
| 28161 | 342 AES_KEY AesKey; |
| 28162 | 343 INT32 dSize; |
| 28163 | 344 |
| 28164 | 345 pAssert(dOut != NULL && key != NULL && dIn != NULL); |
| 28165 | 346 |
| 28166 | 347 if(dInSize == 0) |
| 28167 | 348 return CRYPT_SUCCESS; |
| 28168 | 349 |
| 28169 | 350 pAssert(dInSize <= INT32_MAX); |
| 28170 | 351 dSize = (INT32)dInSize; |
| 28171 | 352 |
| 28172 | 353 // For ECB, the data size must be an even multiple of the |
| 28173 | 354 // cipher block size |
| 28174 | 355 if((dSize % 16) != 0) |
| 28175 | 356 return CRYPT_PARAMETER; |
| 28176 | 357 |
| 28177 | 358 // Create AES decryption key schedule |
| 28178 | 359 if (AES_set_decrypt_key(key, keySizeInBits, &AesKey) != 0) |
| 28179 | 360 FAIL(FATAL_ERROR_INTERNAL); |
| 28180 | 361 |
| 28181 | 362 for(; dSize > 0; dSize -= 16) |
| 28182 | 363 { |
| 28183 | 364 AES_decrypt(dIn, dOut, &AesKey); |
| 28184 | 365 dIn = &dIn[16]; |
| 28185 | 366 dOut = &dOut[16]; |
| 28186 | 367 } |
| 28187 | 368 return CRYPT_SUCCESS; |
| 28188 | 369 } |
| 28189 | |
| 28190 | |
| 28191 | B.11.4.9. _cpri__AESEncryptOFB() |
| 28192 | |
| 28193 | This function performs AES encryption/decryption in OFB chain mode. The dIn buffer is modified to |
| 28194 | contain the encrypted/decrypted text. |
| 28195 | The input iv buffer is assumed to have a size equal to the block size (16 bytes). The returned value of iv |
| 28196 | will be the nth encryption of the IV, where n is the number of blocks (full or partial) in the data stream. |
| 28197 | |
| 28198 | |
| 28199 | |
| 28200 | |
| 28201 | Page 406 TCG Published Family "2.0" |
| 28202 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 28203 | Part 4: Supporting Routines Trusted Platform Module Library |
| 28204 | |
| 28205 | |
| 28206 | Return Value Meaning |
| 28207 | |
| 28208 | CRYPT_SUCCESS no non-fatal errors |
| 28209 | |
| 28210 | 370 LIB_EXPORT CRYPT_RESULT |
| 28211 | 371 _cpri__AESEncryptOFB( |
| 28212 | 372 BYTE *dOut, // OUT: the encrypted/decrypted data |
| 28213 | 373 UINT32 keySizeInBits, // IN: key size in bit |
| 28214 | 374 BYTE *key, // IN: key buffer. The size of this buffer in |
| 28215 | 375 // bytes is (keySizeInBits + 7) / 8 |
| 28216 | 376 BYTE *iv, // IN/OUT: IV for decryption. The size of this |
| 28217 | 377 // buffer is 16 byte |
| 28218 | 378 UINT32 dInSize, // IN: data size |
| 28219 | 379 BYTE *dIn // IN: data buffer |
| 28220 | 380 ) |
| 28221 | 381 { |
| 28222 | 382 BYTE *pIv; |
| 28223 | 383 AES_KEY AesKey; |
| 28224 | 384 INT32 dSize; |
| 28225 | 385 int i; |
| 28226 | 386 |
| 28227 | 387 pAssert(dOut != NULL && key != NULL && iv != NULL && dIn != NULL); |
| 28228 | 388 |
| 28229 | 389 if(dInSize == 0) |
| 28230 | 390 return CRYPT_SUCCESS; |
| 28231 | 391 |
| 28232 | 392 pAssert(dInSize <= INT32_MAX); |
| 28233 | 393 dSize = (INT32)dInSize; |
| 28234 | 394 |
| 28235 | 395 // Create AES key schedule |
| 28236 | 396 if (AES_set_encrypt_key(key, keySizeInBits, &AesKey) != 0) |
| 28237 | 397 FAIL(FATAL_ERROR_INTERNAL); |
| 28238 | 398 |
| 28239 | 399 // This is written so that dIn and dOut may be the same |
| 28240 | 400 |
| 28241 | 401 for(; dSize > 0; dSize -= 16) |
| 28242 | 402 { |
| 28243 | 403 // Encrypt the current value of the "IV" |
| 28244 | 404 AES_encrypt(iv, iv, &AesKey); |
| 28245 | 405 |
| 28246 | 406 // XOR the encrypted IV into dIn to create the cipher text (dOut) |
| 28247 | 407 pIv = iv; |
| 28248 | 408 for(i = (dSize < 16) ? dSize : 16; i > 0; i--) |
| 28249 | 409 *dOut++ = (*pIv++ ^ *dIn++); |
| 28250 | 410 } |
| 28251 | 411 return CRYPT_SUCCESS; |
| 28252 | 412 } |
| 28253 | |
| 28254 | |
| 28255 | B.11.4.10. _cpri__AESDecryptOFB() |
| 28256 | |
| 28257 | OFB encryption and decryption use the same algorithms for both. The _cpri__AESDecryptOFB() function |
| 28258 | is implemented as a macro call to _cpri__AESEncrytOFB(). (skip) |
| 28259 | |
| 28260 | 413 //%#define _cpri__AESDecryptOFB(dOut,keySizeInBits, key, iv, dInSize, dIn) \ |
| 28261 | 414 //% _cpri__AESEncryptOFB ( \ |
| 28262 | 415 //% ((BYTE *)dOut), \ |
| 28263 | 416 //% ((UINT32)keySizeInBits), \ |
| 28264 | 417 //% ((BYTE *)key), \ |
| 28265 | 418 //% ((BYTE *)iv), \ |
| 28266 | 419 //% ((UINT32)dInSize), \ |
| 28267 | 420 //% ((BYTE *)dIn) \ |
| 28268 | 421 //% ) |
| 28269 | 422 //% |
| 28270 | |
| 28271 | |
| 28272 | Family "2.0" TCG Published Page 407 |
| 28273 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 28274 | Trusted Platform Module Library Part 4: Supporting Routines |
| 28275 | |
| 28276 | 423 #ifdef TPM_ALG_SM4 //% |
| 28277 | |
| 28278 | |
| 28279 | B.11.5. SM4 Encryption |
| 28280 | |
| 28281 | B.11.5.1. _cpri__SM4EncryptCBC() |
| 28282 | |
| 28283 | This function performs SM4 encryption in CBC chain mode. The input dIn buffer is encrypted into dOut. |
| 28284 | The input iv buffer is required to have a size equal to the block size (16 bytes). The dInSize is required to |
| 28285 | be a multiple of the block size. |
| 28286 | |
| 28287 | Return Value Meaning |
| 28288 | |
| 28289 | CRYPT_SUCCESS if success |
| 28290 | CRYPT_PARAMETER dInSize is not a multiple of the block size |
| 28291 | |
| 28292 | 424 LIB_EXPORT CRYPT_RESULT |
| 28293 | 425 _cpri__SM4EncryptCBC( |
| 28294 | 426 BYTE *dOut, // OUT: |
| 28295 | 427 UINT32 keySizeInBits, // IN: key size in bit |
| 28296 | 428 BYTE *key, // IN: key buffer. The size of this buffer in |
| 28297 | 429 // bytes is (keySizeInBits + 7) / 8 |
| 28298 | 430 BYTE *iv, // IN/OUT: IV for decryption. |
| 28299 | 431 UINT32 dInSize, // IN: data size (is required to be a multiple |
| 28300 | 432 // of 16 bytes) |
| 28301 | 433 BYTE *dIn // IN: data buffer |
| 28302 | 434 ) |
| 28303 | 435 { |
| 28304 | 436 SM4_KEY Sm4Key; |
| 28305 | 437 BYTE *pIv; |
| 28306 | 438 INT32 dSize; // Need a signed version |
| 28307 | 439 int i; |
| 28308 | 440 |
| 28309 | 441 pAssert(dOut != NULL && key != NULL && iv != NULL && dIn != NULL); |
| 28310 | 442 |
| 28311 | 443 if(dInSize == 0) |
| 28312 | 444 return CRYPT_SUCCESS; |
| 28313 | 445 |
| 28314 | 446 pAssert(dInSize <= INT32_MAX); |
| 28315 | 447 dSize = (INT32)dInSize; |
| 28316 | 448 |
| 28317 | 449 // For CBC, the data size must be an even multiple of the |
| 28318 | 450 // cipher block size |
| 28319 | 451 if((dSize % 16) != 0) |
| 28320 | 452 return CRYPT_PARAMETER; |
| 28321 | 453 |
| 28322 | 454 // Create SM4 encrypt key schedule |
| 28323 | 455 if (SM4_set_encrypt_key(key, keySizeInBits, &Sm4Key) != 0) |
| 28324 | 456 FAIL(FATAL_ERROR_INTERNAL); |
| 28325 | 457 |
| 28326 | 458 // XOR the data block into the IV, encrypt the IV into the IV |
| 28327 | 459 // and then copy the IV to the output |
| 28328 | 460 for(; dSize > 0; dSize -= 16) |
| 28329 | 461 { |
| 28330 | 462 pIv = iv; |
| 28331 | 463 for(i = 16; i > 0; i--) |
| 28332 | 464 *pIv++ ^= *dIn++; |
| 28333 | 465 SM4_encrypt(iv, iv, &Sm4Key); |
| 28334 | 466 pIv = iv; |
| 28335 | 467 for(i = 16; i > 0; i--) |
| 28336 | 468 *dOut++ = *pIv++; |
| 28337 | 469 } |
| 28338 | 470 return CRYPT_SUCCESS; |
| 28339 | |
| 28340 | Page 408 TCG Published Family "2.0" |
| 28341 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 28342 | Part 4: Supporting Routines Trusted Platform Module Library |
| 28343 | |
| 28344 | 471 } |
| 28345 | |
| 28346 | |
| 28347 | B.11.5.2. _cpri__SM4DecryptCBC() |
| 28348 | |
| 28349 | This function performs SM4 decryption in CBC chain mode. The input dIn buffer is decrypted into dOut. |
| 28350 | The input iv buffer is required to have a size equal to the block size (16 bytes). The dInSize is required to |
| 28351 | be a multiple of the block size. |
| 28352 | |
| 28353 | Return Value Meaning |
| 28354 | |
| 28355 | CRYPT_SUCCESS if success |
| 28356 | CRYPT_PARAMETER dInSize is not a multiple of the block size |
| 28357 | |
| 28358 | 472 LIB_EXPORT CRYPT_RESULT |
| 28359 | 473 _cpri__SM4DecryptCBC( |
| 28360 | 474 BYTE *dOut, // OUT: the decrypted data |
| 28361 | 475 UINT32 keySizeInBits, // IN: key size in bit |
| 28362 | 476 BYTE *key, // IN: key buffer. The size of this buffer in |
| 28363 | 477 // bytes is (keySizeInBits + 7) / 8 |
| 28364 | 478 BYTE *iv, // IN/OUT: IV for decryption. The size of this |
| 28365 | 479 // buffer is 16 byte |
| 28366 | 480 UINT32 dInSize, // IN: data size |
| 28367 | 481 BYTE *dIn // IN: data buffer |
| 28368 | 482 ) |
| 28369 | 483 { |
| 28370 | 484 SM4_KEY Sm4Key; |
| 28371 | 485 BYTE *pIv; |
| 28372 | 486 int i; |
| 28373 | 487 BYTE tmp[16]; |
| 28374 | 488 BYTE *pT = NULL; |
| 28375 | 489 INT32 dSize; |
| 28376 | 490 |
| 28377 | 491 pAssert(dOut != NULL && key != NULL && iv != NULL && dIn != NULL); |
| 28378 | 492 |
| 28379 | 493 if(dInSize == 0) |
| 28380 | 494 return CRYPT_SUCCESS; |
| 28381 | 495 |
| 28382 | 496 pAssert(dInSize <= INT32_MAX); |
| 28383 | 497 dSize = (INT32)dInSize; |
| 28384 | 498 |
| 28385 | 499 // For CBC, the data size must be an even multiple of the |
| 28386 | 500 // cipher block size |
| 28387 | 501 if((dSize % 16) != 0) |
| 28388 | 502 return CRYPT_PARAMETER; |
| 28389 | 503 |
| 28390 | 504 // Create SM4 key schedule |
| 28391 | 505 if (SM4_set_decrypt_key(key, keySizeInBits, &Sm4Key) != 0) |
| 28392 | 506 FAIL(FATAL_ERROR_INTERNAL); |
| 28393 | 507 |
| 28394 | 508 // Copy the input data to a temp buffer, decrypt the buffer into the output; |
| 28395 | 509 // XOR in the IV, and copy the temp buffer to the IV and repeat. |
| 28396 | 510 for(; dSize > 0; dSize -= 16) |
| 28397 | 511 { |
| 28398 | 512 pT = tmp; |
| 28399 | 513 for(i = 16; i> 0; i--) |
| 28400 | 514 *pT++ = *dIn++; |
| 28401 | 515 SM4_decrypt(tmp, dOut, &Sm4Key); |
| 28402 | 516 pIv = iv; |
| 28403 | 517 pT = tmp; |
| 28404 | 518 for(i = 16; i> 0; i--) |
| 28405 | 519 { |
| 28406 | 520 *dOut++ ^= *pIv; |
| 28407 | |
| 28408 | |
| 28409 | Family "2.0" TCG Published Page 409 |
| 28410 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 28411 | Trusted Platform Module Library Part 4: Supporting Routines |
| 28412 | |
| 28413 | 521 *pIv++ = *pT++; |
| 28414 | 522 } |
| 28415 | 523 } |
| 28416 | 524 return CRYPT_SUCCESS; |
| 28417 | 525 } |
| 28418 | |
| 28419 | |
| 28420 | B.11.5.3. _cpri__SM4EncryptCFB() |
| 28421 | |
| 28422 | This function performs SM4 encryption in CFB chain mode. The dOut buffer receives the values |
| 28423 | encrypted dIn. The input iv is assumed to be the size of an encryption block (16 bytes). The iv buffer will |
| 28424 | be modified to contain the last encrypted block. |
| 28425 | |
| 28426 | Return Value Meaning |
| 28427 | |
| 28428 | CRYPT_SUCCESS no non-fatal errors |
| 28429 | |
| 28430 | 526 LIB_EXPORT CRYPT_RESULT |
| 28431 | 527 _cpri__SM4EncryptCFB( |
| 28432 | 528 BYTE *dOut, // OUT: the encrypted |
| 28433 | 529 UINT32 keySizeInBits, // IN: key size in bit |
| 28434 | 530 BYTE *key, // IN: key buffer. The size of this buffer in |
| 28435 | 531 // bytes is (keySizeInBits + 7) / 8 |
| 28436 | 532 BYTE *iv, // IN/OUT: IV for decryption. |
| 28437 | 533 UINT32 dInSize, // IN: data size |
| 28438 | 534 BYTE *dIn // IN: data buffer |
| 28439 | 535 ) |
| 28440 | 536 { |
| 28441 | 537 BYTE *pIv; |
| 28442 | 538 SM4_KEY Sm4Key; |
| 28443 | 539 INT32 dSize; // Need a signed version of dInSize |
| 28444 | 540 int i; |
| 28445 | 541 |
| 28446 | 542 pAssert(dOut != NULL && key != NULL && iv != NULL && dIn != NULL); |
| 28447 | 543 |
| 28448 | 544 if(dInSize == 0) |
| 28449 | 545 return CRYPT_SUCCESS; |
| 28450 | 546 |
| 28451 | 547 pAssert(dInSize <= INT32_MAX); |
| 28452 | 548 dSize = (INT32)dInSize; |
| 28453 | 549 |
| 28454 | 550 // Create SM4 encryption key schedule |
| 28455 | 551 if (SM4_set_encrypt_key(key, keySizeInBits, &Sm4Key) != 0) |
| 28456 | 552 FAIL(FATAL_ERROR_INTERNAL); |
| 28457 | 553 |
| 28458 | 554 // Encrypt the IV into the IV, XOR in the data, and copy to output |
| 28459 | 555 for(; dSize > 0; dSize -= 16) |
| 28460 | 556 { |
| 28461 | 557 // Encrypt the current value of the IV |
| 28462 | 558 SM4_encrypt(iv, iv, &Sm4Key); |
| 28463 | 559 pIv = iv; |
| 28464 | 560 for(i = (int)(dSize < 16) ? dSize : 16; i > 0; i--) |
| 28465 | 561 // XOR the data into the IV to create the cipher text |
| 28466 | 562 // and put into the output |
| 28467 | 563 *dOut++ = *pIv++ ^= *dIn++; |
| 28468 | 564 } |
| 28469 | 565 return CRYPT_SUCCESS; |
| 28470 | 566 } |
| 28471 | |
| 28472 | |
| 28473 | B.11.5.4. _cpri__SM4DecryptCFB() |
| 28474 | |
| 28475 | This function performs SM4 decrypt in CFB chain mode. The dOut buffer receives the values decrypted |
| 28476 | from dIn. |
| 28477 | |
| 28478 | Page 410 TCG Published Family "2.0" |
| 28479 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 28480 | Part 4: Supporting Routines Trusted Platform Module Library |
| 28481 | |
| 28482 | |
| 28483 | The input iv is assumed to be the size of an encryption block (16 bytes). The iv buffer will be modified to |
| 28484 | contain the last decoded block, padded with zeros |
| 28485 | |
| 28486 | Return Value Meaning |
| 28487 | |
| 28488 | CRYPT_SUCCESS no non-fatal errors |
| 28489 | |
| 28490 | 567 LIB_EXPORT CRYPT_RESULT |
| 28491 | 568 _cpri__SM4DecryptCFB( |
| 28492 | 569 BYTE *dOut, // OUT: the decrypted data |
| 28493 | 570 UINT32 keySizeInBits, // IN: key size in bit |
| 28494 | 571 BYTE *key, // IN: key buffer. The size of this buffer in |
| 28495 | 572 // bytes is (keySizeInBits + 7) / 8 |
| 28496 | 573 BYTE *iv, // IN/OUT: IV for decryption. |
| 28497 | 574 UINT32 dInSize, // IN: data size |
| 28498 | 575 BYTE *dIn // IN: data buffer |
| 28499 | 576 ) |
| 28500 | 577 { |
| 28501 | 578 BYTE *pIv; |
| 28502 | 579 BYTE tmp[16]; |
| 28503 | 580 int i; |
| 28504 | 581 BYTE *pT; |
| 28505 | 582 SM4_KEY Sm4Key; |
| 28506 | 583 INT32 dSize; |
| 28507 | 584 |
| 28508 | 585 pAssert(dOut != NULL && key != NULL && iv != NULL && dIn != NULL); |
| 28509 | 586 |
| 28510 | 587 if(dInSize == 0) |
| 28511 | 588 return CRYPT_SUCCESS; |
| 28512 | 589 |
| 28513 | 590 pAssert(dInSize <= INT32_MAX); |
| 28514 | 591 dSize = (INT32)dInSize; |
| 28515 | 592 |
| 28516 | 593 // Create SM4 encryption key schedule |
| 28517 | 594 if (SM4_set_encrypt_key(key, keySizeInBits, &Sm4Key) != 0) |
| 28518 | 595 FAIL(FATAL_ERROR_INTERNAL); |
| 28519 | 596 |
| 28520 | 597 for(; dSize > 0; dSize -= 16) |
| 28521 | 598 { |
| 28522 | 599 // Encrypt the IV into the temp buffer |
| 28523 | 600 SM4_encrypt(iv, tmp, &Sm4Key); |
| 28524 | 601 pT = tmp; |
| 28525 | 602 pIv = iv; |
| 28526 | 603 for(i = (dSize < 16) ? dSize : 16; i > 0; i--) |
| 28527 | 604 // Copy the current cipher text to IV, XOR |
| 28528 | 605 // with the temp buffer and put into the output |
| 28529 | 606 *dOut++ = *pT++ ^ (*pIv++ = *dIn++); |
| 28530 | 607 } |
| 28531 | 608 // If the inner loop (i loop) was smaller than 16, then dSize |
| 28532 | 609 // would have been smaller than 16 and it is now negative |
| 28533 | 610 // If it is negative, then it indicates how may fill bytes |
| 28534 | 611 // are needed to pad out the IV for the next round. |
| 28535 | 612 for(; dSize < 0; dSize++) |
| 28536 | 613 *iv++ = 0; |
| 28537 | 614 |
| 28538 | 615 return CRYPT_SUCCESS; |
| 28539 | 616 } |
| 28540 | |
| 28541 | |
| 28542 | B.11.5.5. _cpri__SM4EncryptCTR() |
| 28543 | |
| 28544 | This function performs SM4 encryption/decryption in CTR chain mode. The dIn buffer is encrypted into |
| 28545 | dOut. The input iv buffer is assumed to have a size equal to the SM4 block size (16 bytes). The iv will be |
| 28546 | incremented by the number of blocks (full and partial) that were encrypted. |
| 28547 | |
| 28548 | Family "2.0" TCG Published Page 411 |
| 28549 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 28550 | Trusted Platform Module Library Part 4: Supporting Routines |
| 28551 | |
| 28552 | |
| 28553 | Return Value Meaning |
| 28554 | |
| 28555 | CRYPT_SUCCESS no non-fatal errors |
| 28556 | |
| 28557 | 617 LIB_EXPORT CRYPT_RESULT |
| 28558 | 618 _cpri__SM4EncryptCTR( |
| 28559 | 619 BYTE *dOut, // OUT: the encrypted data |
| 28560 | 620 UINT32 keySizeInBits, // IN: key size in bit |
| 28561 | 621 BYTE *key, // IN: key buffer. The size of this buffer in |
| 28562 | 622 // bytes is (keySizeInBits + 7) / 8 |
| 28563 | 623 BYTE *iv, // IN/OUT: IV for decryption. |
| 28564 | 624 UINT32 dInSize, // IN: data size |
| 28565 | 625 BYTE *dIn // IN: data buffer |
| 28566 | 626 ) |
| 28567 | 627 { |
| 28568 | 628 BYTE tmp[16]; |
| 28569 | 629 BYTE *pT; |
| 28570 | 630 SM4_KEY Sm4Key; |
| 28571 | 631 int i; |
| 28572 | 632 INT32 dSize; |
| 28573 | 633 |
| 28574 | 634 pAssert(dOut != NULL && key != NULL && iv != NULL && dIn != NULL); |
| 28575 | 635 |
| 28576 | 636 if(dInSize == 0) |
| 28577 | 637 return CRYPT_SUCCESS; |
| 28578 | 638 |
| 28579 | 639 pAssert(dInSize <= INT32_MAX); |
| 28580 | 640 dSize = (INT32)dInSize; |
| 28581 | 641 |
| 28582 | 642 // Create SM4 encryption schedule |
| 28583 | 643 if (SM4_set_encrypt_key(key, keySizeInBits, &Sm4Key) != 0) |
| 28584 | 644 FAIL(FATAL_ERROR_INTERNAL); |
| 28585 | 645 |
| 28586 | 646 for(; dSize > 0; dSize--) |
| 28587 | 647 { |
| 28588 | 648 // Encrypt the current value of the IV(counter) |
| 28589 | 649 SM4_encrypt(iv, (BYTE *)tmp, &Sm4Key); |
| 28590 | 650 |
| 28591 | 651 //increment the counter |
| 28592 | 652 for(i = 0; i < 16; i++) |
| 28593 | 653 if((iv[i] += 1) != 0) |
| 28594 | 654 break; |
| 28595 | 655 |
| 28596 | 656 // XOR the encrypted counter value with input and put into output |
| 28597 | 657 pT = tmp; |
| 28598 | 658 for(i = (dSize < 16) ? dSize : 16; i > 0; i--) |
| 28599 | 659 *dOut++ = *dIn++ ^ *pT++; |
| 28600 | 660 } |
| 28601 | 661 return CRYPT_SUCCESS; |
| 28602 | 662 } |
| 28603 | |
| 28604 | |
| 28605 | B.11.5.6. _cpri__SM4DecryptCTR() |
| 28606 | |
| 28607 | Counter mode decryption uses the same algorithm as encryption. The _cpri__SM4DecryptCTR() function |
| 28608 | is implemented as a macro call to _cpri__SM4EncryptCTR(). (skip) |
| 28609 | |
| 28610 | 663 //% #define _cpri__SM4DecryptCTR(dOut, keySize, key, iv, dInSize, dIn) \ |
| 28611 | 664 //% _cpri__SM4EncryptCTR( \ |
| 28612 | 665 //% ((BYTE *)dOut), \ |
| 28613 | 666 //% ((UINT32)keySize), \ |
| 28614 | 667 //% ((BYTE *)key), \ |
| 28615 | 668 //% ((BYTE *)iv), \ |
| 28616 | 669 //% ((UINT32)dInSize), \ |
| 28617 | |
| 28618 | |
| 28619 | Page 412 TCG Published Family "2.0" |
| 28620 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 28621 | Part 4: Supporting Routines Trusted Platform Module Library |
| 28622 | |
| 28623 | 670 //% ((BYTE *)dIn) \ |
| 28624 | 671 //% ) |
| 28625 | 672 //% |
| 28626 | 673 // The //% is used by the prototype extraction program to cause it to include the |
| 28627 | 674 // line in the prototype file after removing the //%. Need an extra line with |
| 28628 | |
| 28629 | nothing on it so that a blank line will separate this macro from the next definition. |
| 28630 | |
| 28631 | B.11.5.7. _cpri__SM4EncryptECB() |
| 28632 | |
| 28633 | SM4 encryption in ECB mode. The data buffer is modified to contain the cipher text. |
| 28634 | |
| 28635 | Return Value Meaning |
| 28636 | |
| 28637 | CRYPT_SUCCESS no non-fatal errors |
| 28638 | |
| 28639 | 675 LIB_EXPORT CRYPT_RESULT |
| 28640 | 676 _cpri__SM4EncryptECB( |
| 28641 | 677 BYTE *dOut, // OUT: encrypted data |
| 28642 | 678 UINT32 keySizeInBits, // IN: key size in bit |
| 28643 | 679 BYTE *key, // IN: key buffer. The size of this buffer in |
| 28644 | 680 // bytes is (keySizeInBits + 7) / 8 |
| 28645 | 681 UINT32 dInSize, // IN: data size |
| 28646 | 682 BYTE *dIn // IN: clear text buffer |
| 28647 | 683 ) |
| 28648 | 684 { |
| 28649 | 685 SM4_KEY Sm4Key; |
| 28650 | 686 INT32 dSize; |
| 28651 | 687 |
| 28652 | 688 pAssert(dOut != NULL && key != NULL && dIn != NULL); |
| 28653 | 689 |
| 28654 | 690 if(dInSize == 0) |
| 28655 | 691 return CRYPT_SUCCESS; |
| 28656 | 692 |
| 28657 | 693 pAssert(dInSize <= INT32_MAX); |
| 28658 | 694 dSize = (INT32)dInSize; |
| 28659 | 695 |
| 28660 | 696 // For ECB, the data size must be an even multiple of the |
| 28661 | 697 // cipher block size |
| 28662 | 698 if((dSize % 16) != 0) |
| 28663 | 699 return CRYPT_PARAMETER; |
| 28664 | 700 // Create SM4 encrypting key schedule |
| 28665 | 701 if (SM4_set_encrypt_key(key, keySizeInBits, &Sm4Key) != 0) |
| 28666 | 702 FAIL(FATAL_ERROR_INTERNAL); |
| 28667 | 703 |
| 28668 | 704 for(; dSize > 0; dSize -= 16) |
| 28669 | 705 { |
| 28670 | 706 SM4_encrypt(dIn, dOut, &Sm4Key); |
| 28671 | 707 dIn = &dIn[16]; |
| 28672 | 708 dOut = &dOut[16]; |
| 28673 | 709 } |
| 28674 | 710 return CRYPT_SUCCESS; |
| 28675 | 711 } |
| 28676 | |
| 28677 | |
| 28678 | B.11.5.8. _cpri__SM4DecryptECB() |
| 28679 | |
| 28680 | This function performs SM4 decryption using ECB (not recommended). The cipher text dIn is decrypted |
| 28681 | into dOut. |
| 28682 | |
| 28683 | |
| 28684 | |
| 28685 | |
| 28686 | Family "2.0" TCG Published Page 413 |
| 28687 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 28688 | Trusted Platform Module Library Part 4: Supporting Routines |
| 28689 | |
| 28690 | |
| 28691 | Return Value Meaning |
| 28692 | |
| 28693 | CRYPT_SUCCESS no non-fatal errors |
| 28694 | |
| 28695 | 712 LIB_EXPORT CRYPT_RESULT |
| 28696 | 713 _cpri__SM4DecryptECB( |
| 28697 | 714 BYTE *dOut, // OUT: the clear text data |
| 28698 | 715 UINT32 keySizeInBits, // IN: key size in bit |
| 28699 | 716 BYTE *key, // IN: key buffer. The size of this buffer in |
| 28700 | 717 // bytes is (keySizeInBits + 7) / 8 |
| 28701 | 718 UINT32 dInSize, // IN: data size |
| 28702 | 719 BYTE *dIn // IN: cipher text buffer |
| 28703 | 720 ) |
| 28704 | 721 { |
| 28705 | 722 SM4_KEY Sm4Key; |
| 28706 | 723 INT32 dSize; |
| 28707 | 724 |
| 28708 | 725 pAssert(dOut != NULL && key != NULL && dIn != NULL); |
| 28709 | 726 |
| 28710 | 727 if(dInSize == 0) |
| 28711 | 728 return CRYPT_SUCCESS; |
| 28712 | 729 |
| 28713 | 730 pAssert(dInSize <= INT32_MAX); |
| 28714 | 731 dSize = (INT32)dInSize; |
| 28715 | 732 |
| 28716 | 733 // For ECB, the data size must be an even multiple of the |
| 28717 | 734 // cipher block size |
| 28718 | 735 if((dSize % 16) != 0) |
| 28719 | 736 return CRYPT_PARAMETER; |
| 28720 | 737 |
| 28721 | 738 // Create SM4 decryption key schedule |
| 28722 | 739 if (SM4_set_decrypt_key(key, keySizeInBits, &Sm4Key) != 0) |
| 28723 | 740 FAIL(FATAL_ERROR_INTERNAL); |
| 28724 | 741 |
| 28725 | 742 for(; dSize > 0; dSize -= 16) |
| 28726 | 743 { |
| 28727 | 744 SM4_decrypt(dIn, dOut, &Sm4Key); |
| 28728 | 745 dIn = &dIn[16]; |
| 28729 | 746 dOut = &dOut[16]; |
| 28730 | 747 } |
| 28731 | 748 return CRYPT_SUCCESS; |
| 28732 | 749 } |
| 28733 | |
| 28734 | |
| 28735 | B.11.5.9. _cpri__SM4EncryptOFB() |
| 28736 | |
| 28737 | This function performs SM4 encryption/decryption in OFB chain mode. The dIn buffer is modified to |
| 28738 | contain the encrypted/decrypted text. |
| 28739 | The input iv buffer is assumed to have a size equal to the block size (16 bytes). The returned value of iv |
| 28740 | will be the nth encryption of the IV, where n is the number of blocks (full or partial) in the data stream. |
| 28741 | |
| 28742 | Return Value Meaning |
| 28743 | |
| 28744 | CRYPT_SUCCESS no non-fatal errors |
| 28745 | |
| 28746 | 750 LIB_EXPORT CRYPT_RESULT |
| 28747 | 751 _cpri__SM4EncryptOFB( |
| 28748 | 752 BYTE *dOut, // OUT: the encrypted/decrypted data |
| 28749 | 753 UINT32 keySizeInBits, // IN: key size in bit |
| 28750 | 754 BYTE *key, // IN: key buffer. The size of this buffer in |
| 28751 | 755 // bytes is (keySizeInBits + 7) / 8 |
| 28752 | 756 BYTE *iv, // IN/OUT: IV for decryption. The size of this |
| 28753 | 757 // buffer is 16 byte |
| 28754 | |
| 28755 | Page 414 TCG Published Family "2.0" |
| 28756 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 28757 | Part 4: Supporting Routines Trusted Platform Module Library |
| 28758 | |
| 28759 | 758 UINT32 dInSize, // IN: data size |
| 28760 | 759 BYTE *dIn // IN: data buffer |
| 28761 | 760 ) |
| 28762 | 761 { |
| 28763 | 762 BYTE *pIv; |
| 28764 | 763 SM4_KEY Sm4Key; |
| 28765 | 764 INT32 dSize; |
| 28766 | 765 int i; |
| 28767 | 766 |
| 28768 | 767 pAssert(dOut != NULL && key != NULL && iv != NULL && dIn != NULL); |
| 28769 | 768 |
| 28770 | 769 if(dInSize == 0) |
| 28771 | 770 return CRYPT_SUCCESS; |
| 28772 | 771 |
| 28773 | 772 pAssert(dInSize <= INT32_MAX); |
| 28774 | 773 dSize = (INT32)dInSize; |
| 28775 | 774 |
| 28776 | 775 // Create SM4 key schedule |
| 28777 | 776 if (SM4_set_encrypt_key(key, keySizeInBits, &Sm4Key) != 0) |
| 28778 | 777 FAIL(FATAL_ERROR_INTERNAL); |
| 28779 | 778 |
| 28780 | 779 // This is written so that dIn and dOut may be the same |
| 28781 | 780 |
| 28782 | 781 for(; dSize > 0; dSize -= 16) |
| 28783 | 782 { |
| 28784 | 783 // Encrypt the current value of the "IV" |
| 28785 | 784 SM4_encrypt(iv, iv, &Sm4Key); |
| 28786 | 785 |
| 28787 | 786 // XOR the encrypted IV into dIn to create the cipher text (dOut) |
| 28788 | 787 pIv = iv; |
| 28789 | 788 for(i = (dSize < 16) ? dSize : 16; i > 0; i--) |
| 28790 | 789 *dOut++ = (*pIv++ ^ *dIn++); |
| 28791 | 790 } |
| 28792 | 791 return CRYPT_SUCCESS; |
| 28793 | 792 } |
| 28794 | |
| 28795 | |
| 28796 | B.11.5.10. _cpri__SM4DecryptOFB() |
| 28797 | |
| 28798 | OFB encryption and decryption use the same algorithms for both. The _cpri__SM4DecryptOFB() function |
| 28799 | is implemented as a macro call to _cpri__SM4EncrytOFB(). (skip) |
| 28800 | |
| 28801 | 793 //%#define _cpri__SM4DecryptOFB(dOut,keySizeInBits, key, iv, dInSize, dIn) \ |
| 28802 | 794 //% _cpri__SM4EncryptOFB ( \ |
| 28803 | 795 //% ((BYTE *)dOut), \ |
| 28804 | 796 //% ((UINT32)keySizeInBits), \ |
| 28805 | 797 //% ((BYTE *)key), \ |
| 28806 | 798 //% ((BYTE *)iv), \ |
| 28807 | 799 //% ((UINT32)dInSize), \ |
| 28808 | 800 //% ((BYTE *)dIn) \ |
| 28809 | 801 //% ) |
| 28810 | 802 //% |
| 28811 | 803 #endif //% TPM_ALG_SM4 |
| 28812 | |
| 28813 | |
| 28814 | |
| 28815 | |
| 28816 | Family "2.0" TCG Published Page 415 |
| 28817 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 28818 | Trusted Platform Module Library Part 4: Supporting Routines |
| 28819 | |
| 28820 | |
| 28821 | B.12 RSA Files |
| 28822 | |
| 28823 | B.12.1. CpriRSA.c |
| 28824 | |
| 28825 | B.12.1.1. Introduction |
| 28826 | |
| 28827 | This file contains implementation of crypto primitives for RSA. This is a simulator of a crypto engine. |
| 28828 | Vendors may replace the implementation in this file with their own library functions. |
| 28829 | Integer format: the big integers passed in/out to the function interfaces in this library adopt the same |
| 28830 | format used in TPM 2.0 specification: Integer values are considered to be an array of one or more bytes. |
| 28831 | The byte at offset zero within the array is the most significant byte of the integer. The interface uses |
| 28832 | TPM2B as a big number format for numeric values passed to/from CryptUtil(). |
| 28833 | |
| 28834 | B.12.1.2. Includes |
| 28835 | |
| 28836 | 1 #include "OsslCryptoEngine.h" |
| 28837 | 2 #ifdef TPM_ALG_RSA |
| 28838 | |
| 28839 | |
| 28840 | B.12.1.3. Local Functions |
| 28841 | |
| 28842 | B.12.1.3.1. RsaPrivateExponent() |
| 28843 | |
| 28844 | This function computes the private exponent de = 1 mod (p-1)*(q-1) The inputs are the public modulus |
| 28845 | and one of the primes. |
| 28846 | The results are returned in the key->private structure. The size of that structure is expanded to hold the |
| 28847 | private exponent. If the computed value is smaller than the public modulus, the private exponent is de- |
| 28848 | normalized. |
| 28849 | |
| 28850 | Return Value Meaning |
| 28851 | |
| 28852 | CRYPT_SUCCESS private exponent computed |
| 28853 | CRYPT_PARAMETER prime is not half the size of the modulus, or the modulus is not evenly |
| 28854 | divisible by the prime, or no private exponent could be computed |
| 28855 | from the input parameters |
| 28856 | |
| 28857 | 3 static CRYPT_RESULT |
| 28858 | 4 RsaPrivateExponent( |
| 28859 | 5 RSA_KEY *key // IN: the key to augment with the private |
| 28860 | 6 // exponent |
| 28861 | 7 ) |
| 28862 | 8 { |
| 28863 | 9 BN_CTX *context; |
| 28864 | 10 BIGNUM *bnD; |
| 28865 | 11 BIGNUM *bnN; |
| 28866 | 12 BIGNUM *bnP; |
| 28867 | 13 BIGNUM *bnE; |
| 28868 | 14 BIGNUM *bnPhi; |
| 28869 | 15 BIGNUM *bnQ; |
| 28870 | 16 BIGNUM *bnQr; |
| 28871 | 17 UINT32 fill; |
| 28872 | 18 |
| 28873 | 19 CRYPT_RESULT retVal = CRYPT_SUCCESS; // Assume success |
| 28874 | 20 |
| 28875 | 21 pAssert(key != NULL && key->privateKey != NULL && key->publicKey != NULL); |
| 28876 | 22 |
| 28877 | 23 context = BN_CTX_new(); |
| 28878 | |
| 28879 | Page 416 TCG Published Family "2.0" |
| 28880 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 28881 | Part 4: Supporting Routines Trusted Platform Module Library |
| 28882 | |
| 28883 | 24 if(context == NULL) |
| 28884 | 25 FAIL(FATAL_ERROR_ALLOCATION); |
| 28885 | 26 BN_CTX_start(context); |
| 28886 | 27 bnE = BN_CTX_get(context); |
| 28887 | 28 bnD = BN_CTX_get(context); |
| 28888 | 29 bnN = BN_CTX_get(context); |
| 28889 | 30 bnP = BN_CTX_get(context); |
| 28890 | 31 bnPhi = BN_CTX_get(context); |
| 28891 | 32 bnQ = BN_CTX_get(context); |
| 28892 | 33 bnQr = BN_CTX_get(context); |
| 28893 | 34 |
| 28894 | 35 if(bnQr == NULL) |
| 28895 | 36 FAIL(FATAL_ERROR_ALLOCATION); |
| 28896 | 37 |
| 28897 | 38 // Assume the size of the public key value is within range |
| 28898 | 39 pAssert(key->publicKey->size <= MAX_RSA_KEY_BYTES); |
| 28899 | 40 |
| 28900 | 41 if( BN_bin2bn(key->publicKey->buffer, key->publicKey->size, bnN) == NULL |
| 28901 | 42 || BN_bin2bn(key->privateKey->buffer, key->privateKey->size, bnP) == NULL) |
| 28902 | 43 |
| 28903 | 44 FAIL(FATAL_ERROR_INTERNAL); |
| 28904 | 45 |
| 28905 | 46 // If P size is not 1/2 of n size, then this is not a valid value for this |
| 28906 | 47 // implementation. This will also catch the case were P is input as zero. |
| 28907 | 48 // This generates a return rather than an assert because the key being loaded |
| 28908 | 49 // might be SW generated and wrong. |
| 28909 | 50 if(BN_num_bits(bnP) < BN_num_bits(bnN)/2) |
| 28910 | 51 { |
| 28911 | 52 retVal = CRYPT_PARAMETER; |
| 28912 | 53 goto Cleanup; |
| 28913 | 54 } |
| 28914 | 55 // Get q = n/p; |
| 28915 | 56 if (BN_div(bnQ, bnQr, bnN, bnP, context) != 1) |
| 28916 | 57 FAIL(FATAL_ERROR_INTERNAL); |
| 28917 | 58 |
| 28918 | 59 // If there is a remainder, then this is not a valid n |
| 28919 | 60 if(BN_num_bytes(bnQr) != 0 || BN_num_bits(bnQ) != BN_num_bits(bnP)) |
| 28920 | 61 { |
| 28921 | 62 retVal = CRYPT_PARAMETER; // problem may be recoverable |
| 28922 | 63 goto Cleanup; |
| 28923 | 64 } |
| 28924 | 65 // Get compute Phi = (p - 1)(q - 1) = pq - p - q + 1 = n - p - q + 1 |
| 28925 | 66 if( BN_copy(bnPhi, bnN) == NULL |
| 28926 | 67 || !BN_sub(bnPhi, bnPhi, bnP) |
| 28927 | 68 || !BN_sub(bnPhi, bnPhi, bnQ) |
| 28928 | 69 || !BN_add_word(bnPhi, 1)) |
| 28929 | 70 FAIL(FATAL_ERROR_INTERNAL); |
| 28930 | 71 |
| 28931 | 72 // Compute the multiplicative inverse |
| 28932 | 73 BN_set_word(bnE, key->exponent); |
| 28933 | 74 if(BN_mod_inverse(bnD, bnE, bnPhi, context) == NULL) |
| 28934 | 75 { |
| 28935 | 76 // Going to assume that the error is caused by a bad |
| 28936 | 77 // set of parameters. Specifically, an exponent that is |
| 28937 | 78 // not compatible with the primes. In an implementation that |
| 28938 | 79 // has better visibility to the error codes, this might be |
| 28939 | 80 // refined so that failures in the library would return |
| 28940 | 81 // a more informative value. Should not assume here that |
| 28941 | 82 // the error codes will remain unchanged. |
| 28942 | 83 |
| 28943 | 84 retVal = CRYPT_PARAMETER; |
| 28944 | 85 goto Cleanup; |
| 28945 | 86 } |
| 28946 | 87 |
| 28947 | 88 fill = key->publicKey->size - BN_num_bytes(bnD); |
| 28948 | 89 BN_bn2bin(bnD, &key->privateKey->buffer[fill]); |
| 28949 | |
| 28950 | Family "2.0" TCG Published Page 417 |
| 28951 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 28952 | Trusted Platform Module Library Part 4: Supporting Routines |
| 28953 | |
| 28954 | 90 memset(key->privateKey->buffer, 0, fill); |
| 28955 | 91 |
| 28956 | 92 // Change the size of the private key so that it is known to contain |
| 28957 | 93 // a private exponent rather than a prime. |
| 28958 | 94 key->privateKey->size = key->publicKey->size; |
| 28959 | 95 |
| 28960 | 96 Cleanup: |
| 28961 | 97 BN_CTX_end(context); |
| 28962 | 98 BN_CTX_free(context); |
| 28963 | 99 return retVal; |
| 28964 | 100 } |
| 28965 | |
| 28966 | |
| 28967 | B.12.1.3.2. _cpri__TestKeyRSA() |
| 28968 | |
| 28969 | This function computes the private exponent de = 1 mod (p-1)*(q-1) The inputs are the public modulus |
| 28970 | and one of the primes or two primes. |
| 28971 | If both primes are provided, the public modulus is computed. If only one prime is provided, the second |
| 28972 | prime is computed. In either case, a private exponent is produced and placed in d. |
| 28973 | If no modular inverse exists, then CRYPT_PARAMETER is returned. |
| 28974 | |
| 28975 | Return Value Meaning |
| 28976 | |
| 28977 | CRYPT_SUCCESS private exponent (d) was generated |
| 28978 | CRYPT_PARAMETER one or more parameters are invalid |
| 28979 | |
| 28980 | 101 LIB_EXPORT CRYPT_RESULT |
| 28981 | 102 _cpri__TestKeyRSA( |
| 28982 | 103 TPM2B *d, // OUT: the address to receive the private |
| 28983 | 104 // exponent |
| 28984 | 105 UINT32 exponent, // IN: the public modulu |
| 28985 | 106 TPM2B *publicKey, // IN/OUT: an input if only one prime is |
| 28986 | 107 // provided. an output if both primes are |
| 28987 | 108 // provided |
| 28988 | 109 TPM2B *prime1, // IN: a first prime |
| 28989 | 110 TPM2B *prime2 // IN: an optional second prime |
| 28990 | 111 ) |
| 28991 | 112 { |
| 28992 | 113 BN_CTX *context; |
| 28993 | 114 BIGNUM *bnD; |
| 28994 | 115 BIGNUM *bnN; |
| 28995 | 116 BIGNUM *bnP; |
| 28996 | 117 BIGNUM *bnE; |
| 28997 | 118 BIGNUM *bnPhi; |
| 28998 | 119 BIGNUM *bnQ; |
| 28999 | 120 BIGNUM *bnQr; |
| 29000 | 121 UINT32 fill; |
| 29001 | 122 |
| 29002 | 123 CRYPT_RESULT retVal = CRYPT_SUCCESS; // Assume success |
| 29003 | 124 |
| 29004 | 125 pAssert(publicKey != NULL && prime1 != NULL); |
| 29005 | 126 // Make sure that the sizes are within range |
| 29006 | 127 pAssert( prime1->size <= MAX_RSA_KEY_BYTES/2 |
| 29007 | 128 && publicKey->size <= MAX_RSA_KEY_BYTES); |
| 29008 | 129 pAssert( prime2 == NULL || prime2->size < MAX_RSA_KEY_BYTES/2); |
| 29009 | 130 |
| 29010 | 131 if(publicKey->size/2 != prime1->size) |
| 29011 | 132 return CRYPT_PARAMETER; |
| 29012 | 133 |
| 29013 | 134 context = BN_CTX_new(); |
| 29014 | 135 if(context == NULL) |
| 29015 | 136 FAIL(FATAL_ERROR_ALLOCATION); |
| 29016 | 137 BN_CTX_start(context); |
| 29017 | |
| 29018 | Page 418 TCG Published Family "2.0" |
| 29019 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 29020 | Part 4: Supporting Routines Trusted Platform Module Library |
| 29021 | |
| 29022 | 138 bnE = BN_CTX_get(context); // public exponent (e) |
| 29023 | 139 bnD = BN_CTX_get(context); // private exponent (d) |
| 29024 | 140 bnN = BN_CTX_get(context); // public modulus (n) |
| 29025 | 141 bnP = BN_CTX_get(context); // prime1 (p) |
| 29026 | 142 bnPhi = BN_CTX_get(context); // (p-1)(q-1) |
| 29027 | 143 bnQ = BN_CTX_get(context); // prime2 (q) |
| 29028 | 144 bnQr = BN_CTX_get(context); // n mod p |
| 29029 | 145 |
| 29030 | 146 if(bnQr == NULL) |
| 29031 | 147 FAIL(FATAL_ERROR_ALLOCATION); |
| 29032 | 148 |
| 29033 | 149 if(BN_bin2bn(prime1->buffer, prime1->size, bnP) == NULL) |
| 29034 | 150 FAIL(FATAL_ERROR_INTERNAL); |
| 29035 | 151 |
| 29036 | 152 // If prime2 is provided, then compute n |
| 29037 | 153 if(prime2 != NULL) |
| 29038 | 154 { |
| 29039 | 155 // Two primes provided so use them to compute n |
| 29040 | 156 if(BN_bin2bn(prime2->buffer, prime2->size, bnQ) == NULL) |
| 29041 | 157 FAIL(FATAL_ERROR_INTERNAL); |
| 29042 | 158 |
| 29043 | 159 // Make sure that the sizes of the primes are compatible |
| 29044 | 160 if(BN_num_bits(bnQ) != BN_num_bits(bnP)) |
| 29045 | 161 { |
| 29046 | 162 retVal = CRYPT_PARAMETER; |
| 29047 | 163 goto Cleanup; |
| 29048 | 164 } |
| 29049 | 165 // Multiply the primes to get the public modulus |
| 29050 | 166 |
| 29051 | 167 if(BN_mul(bnN, bnP, bnQ, context) != 1) |
| 29052 | 168 FAIL(FATAL_ERROR_INTERNAL); |
| 29053 | 169 |
| 29054 | 170 // if the space provided for the public modulus is large enough, |
| 29055 | 171 // save the created value |
| 29056 | 172 if(BN_num_bits(bnN) != (publicKey->size * 8)) |
| 29057 | 173 { |
| 29058 | 174 retVal = CRYPT_PARAMETER; |
| 29059 | 175 goto Cleanup; |
| 29060 | 176 } |
| 29061 | 177 BN_bn2bin(bnN, publicKey->buffer); |
| 29062 | 178 } |
| 29063 | 179 else |
| 29064 | 180 { |
| 29065 | 181 // One prime provided so find the second prime by division |
| 29066 | 182 BN_bin2bn(publicKey->buffer, publicKey->size, bnN); |
| 29067 | 183 |
| 29068 | 184 // Get q = n/p; |
| 29069 | 185 if(BN_div(bnQ, bnQr, bnN, bnP, context) != 1) |
| 29070 | 186 FAIL(FATAL_ERROR_INTERNAL); |
| 29071 | 187 |
| 29072 | 188 // If there is a remainder, then this is not a valid n |
| 29073 | 189 if(BN_num_bytes(bnQr) != 0 || BN_num_bits(bnQ) != BN_num_bits(bnP)) |
| 29074 | 190 { |
| 29075 | 191 retVal = CRYPT_PARAMETER; // problem may be recoverable |
| 29076 | 192 goto Cleanup; |
| 29077 | 193 } |
| 29078 | 194 } |
| 29079 | 195 // Get compute Phi = (p - 1)(q - 1) = pq - p - q + 1 = n - p - q + 1 |
| 29080 | 196 BN_copy(bnPhi, bnN); |
| 29081 | 197 BN_sub(bnPhi, bnPhi, bnP); |
| 29082 | 198 BN_sub(bnPhi, bnPhi, bnQ); |
| 29083 | 199 BN_add_word(bnPhi, 1); |
| 29084 | 200 // Compute the multiplicative inverse |
| 29085 | 201 BN_set_word(bnE, exponent); |
| 29086 | 202 if(BN_mod_inverse(bnD, bnE, bnPhi, context) == NULL) |
| 29087 | 203 { |
| 29088 | |
| 29089 | Family "2.0" TCG Published Page 419 |
| 29090 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 29091 | Trusted Platform Module Library Part 4: Supporting Routines |
| 29092 | |
| 29093 | 204 // Going to assume that the error is caused by a bad set of parameters. |
| 29094 | 205 // Specifically, an exponent that is not compatible with the primes. |
| 29095 | 206 // In an implementation that has better visibility to the error codes, |
| 29096 | 207 // this might be refined so that failures in the library would return |
| 29097 | 208 // a more informative value. |
| 29098 | 209 // Do not assume that the error codes will remain unchanged. |
| 29099 | 210 retVal = CRYPT_PARAMETER; |
| 29100 | 211 goto Cleanup; |
| 29101 | 212 } |
| 29102 | 213 // Return the private exponent. |
| 29103 | 214 // Make sure it is normalized to have the correct size. |
| 29104 | 215 d->size = publicKey->size; |
| 29105 | 216 fill = d->size - BN_num_bytes(bnD); |
| 29106 | 217 BN_bn2bin(bnD, &d->buffer[fill]); |
| 29107 | 218 memset(d->buffer, 0, fill); |
| 29108 | 219 Cleanup: |
| 29109 | 220 BN_CTX_end(context); |
| 29110 | 221 BN_CTX_free(context); |
| 29111 | 222 return retVal; |
| 29112 | 223 } |
| 29113 | |
| 29114 | |
| 29115 | B.12.1.3.3. RSAEP() |
| 29116 | |
| 29117 | This function performs the RSAEP operation defined in PKCS#1v2.1. It is an exponentiation of a value |
| 29118 | (m) with the public exponent (e), modulo the public (n). |
| 29119 | |
| 29120 | Return Value Meaning |
| 29121 | |
| 29122 | CRYPT_SUCCESS encryption complete |
| 29123 | CRYPT_PARAMETER number to exponentiate is larger than the modulus |
| 29124 | |
| 29125 | 224 static CRYPT_RESULT |
| 29126 | 225 RSAEP ( |
| 29127 | 226 UINT32 dInOutSize, // OUT size of the encrypted block |
| 29128 | 227 BYTE *dInOut, // OUT: the encrypted data |
| 29129 | 228 RSA_KEY *key // IN: the key to use |
| 29130 | 229 ) |
| 29131 | 230 { |
| 29132 | 231 UINT32 e; |
| 29133 | 232 BYTE exponent[4]; |
| 29134 | 233 CRYPT_RESULT retVal; |
| 29135 | 234 |
| 29136 | 235 e = key->exponent; |
| 29137 | 236 if(e == 0) |
| 29138 | 237 e = RSA_DEFAULT_PUBLIC_EXPONENT; |
| 29139 | 238 UINT32_TO_BYTE_ARRAY(e, exponent); |
| 29140 | 239 |
| 29141 | 240 //!!! Can put check for test of RSA here |
| 29142 | 241 |
| 29143 | 242 retVal = _math__ModExp(dInOutSize, dInOut, dInOutSize, dInOut, 4, exponent, |
| 29144 | 243 key->publicKey->size, key->publicKey->buffer); |
| 29145 | 244 |
| 29146 | 245 // Exponentiation result is stored in-place, thus no space shortage is possible. |
| 29147 | 246 pAssert(retVal != CRYPT_UNDERFLOW); |
| 29148 | 247 |
| 29149 | 248 return retVal; |
| 29150 | 249 } |
| 29151 | |
| 29152 | |
| 29153 | B.12.1.3.4. RSADP() |
| 29154 | |
| 29155 | This function performs the RSADP operation defined in PKCS#1v2.1. It is an exponentiation of a value (c) |
| 29156 | with the private exponent (d), modulo the public modulus (n). The decryption is in place. |
| 29157 | |
| 29158 | Page 420 TCG Published Family "2.0" |
| 29159 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 29160 | Part 4: Supporting Routines Trusted Platform Module Library |
| 29161 | |
| 29162 | |
| 29163 | This function also checks the size of the private key. If the size indicates that only a prime value is |
| 29164 | present, the key is converted to being a private exponent. |
| 29165 | |
| 29166 | Return Value Meaning |
| 29167 | |
| 29168 | CRYPT_SUCCESS decryption succeeded |
| 29169 | CRYPT_PARAMETER the value to decrypt is larger than the modulus |
| 29170 | |
| 29171 | 250 static CRYPT_RESULT |
| 29172 | 251 RSADP ( |
| 29173 | 252 UINT32 dInOutSize, // IN/OUT: size of decrypted data |
| 29174 | 253 BYTE *dInOut, // IN/OUT: the decrypted data |
| 29175 | 254 RSA_KEY *key // IN: the key |
| 29176 | 255 ) |
| 29177 | 256 { |
| 29178 | 257 CRYPT_RESULT retVal; |
| 29179 | 258 |
| 29180 | 259 //!!! Can put check for RSA tested here |
| 29181 | 260 |
| 29182 | 261 // Make sure that the pointers are provided and that the private key is present |
| 29183 | 262 // If the private key is present it is assumed to have been created by |
| 29184 | 263 // so is presumed good _cpri__PrivateExponent |
| 29185 | 264 pAssert(key != NULL && dInOut != NULL && |
| 29186 | 265 key->publicKey->size == key->publicKey->size); |
| 29187 | 266 |
| 29188 | 267 // make sure that the value to be decrypted is smaller than the modulus |
| 29189 | 268 // note: this check is redundant as is also performed by _math__ModExp() |
| 29190 | 269 // which is optimized for use in RSA operations |
| 29191 | 270 if(_math__uComp(key->publicKey->size, key->publicKey->buffer, |
| 29192 | 271 dInOutSize, dInOut) <= 0) |
| 29193 | 272 return CRYPT_PARAMETER; |
| 29194 | 273 |
| 29195 | 274 // _math__ModExp can return CRYPT_PARAMTER or CRYPT_UNDERFLOW but actual |
| 29196 | 275 // underflow is not possible because everything is in the same buffer. |
| 29197 | 276 retVal = _math__ModExp(dInOutSize, dInOut, dInOutSize, dInOut, |
| 29198 | 277 key->privateKey->size, key->privateKey->buffer, |
| 29199 | 278 key->publicKey->size, key->publicKey->buffer); |
| 29200 | 279 |
| 29201 | 280 // Exponentiation result is stored in-place, thus no space shortage is possible. |
| 29202 | 281 pAssert(retVal != CRYPT_UNDERFLOW); |
| 29203 | 282 |
| 29204 | 283 return retVal; |
| 29205 | 284 } |
| 29206 | |
| 29207 | |
| 29208 | B.12.1.3.5. OaepEncode() |
| 29209 | |
| 29210 | This function performs OAEP padding. The size of the buffer to receive the OAEP padded data must |
| 29211 | equal the size of the modulus |
| 29212 | |
| 29213 | Return Value Meaning |
| 29214 | |
| 29215 | CRYPT_SUCCESS encode successful |
| 29216 | CRYPT_PARAMETER hashAlg is not valid |
| 29217 | CRYPT_FAIL message size is too large |
| 29218 | |
| 29219 | 285 static CRYPT_RESULT |
| 29220 | 286 OaepEncode( |
| 29221 | 287 UINT32 paddedSize, // IN: pad value size |
| 29222 | 288 BYTE *padded, // OUT: the pad data |
| 29223 | 289 TPM_ALG_ID hashAlg, // IN: algorithm to use for padding |
| 29224 | 290 const char *label, // IN: null-terminated string (may be NULL) |
| 29225 | |
| 29226 | Family "2.0" TCG Published Page 421 |
| 29227 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 29228 | Trusted Platform Module Library Part 4: Supporting Routines |
| 29229 | |
| 29230 | 291 UINT32 messageSize, // IN: the message size |
| 29231 | 292 BYTE *message // IN: the message being padded |
| 29232 | 293 #ifdef TEST_RSA // |
| 29233 | 294 , BYTE *testSeed // IN: optional seed used for testing. |
| 29234 | 295 #endif // TEST_RSA // |
| 29235 | 296 ) |
| 29236 | 297 { |
| 29237 | 298 UINT32 padLen; |
| 29238 | 299 UINT32 dbSize; |
| 29239 | 300 UINT32 i; |
| 29240 | 301 BYTE mySeed[MAX_DIGEST_SIZE]; |
| 29241 | 302 BYTE *seed = mySeed; |
| 29242 | 303 INT32 hLen = _cpri__GetDigestSize(hashAlg); |
| 29243 | 304 BYTE mask[MAX_RSA_KEY_BYTES]; |
| 29244 | 305 BYTE *pp; |
| 29245 | 306 BYTE *pm; |
| 29246 | 307 UINT32 lSize = 0; |
| 29247 | 308 CRYPT_RESULT retVal = CRYPT_SUCCESS; |
| 29248 | 309 |
| 29249 | 310 pAssert(padded != NULL && message != NULL); |
| 29250 | 311 |
| 29251 | 312 // A value of zero is not allowed because the KDF can't produce a result |
| 29252 | 313 // if the digest size is zero. |
| 29253 | 314 if(hLen <= 0) |
| 29254 | 315 return CRYPT_PARAMETER; |
| 29255 | 316 |
| 29256 | 317 // If a label is provided, get the length of the string, including the |
| 29257 | 318 // terminator |
| 29258 | 319 if(label != NULL) |
| 29259 | 320 lSize = (UINT32)strlen(label) + 1; |
| 29260 | 321 |
| 29261 | 322 // Basic size check |
| 29262 | 323 // messageSize <= k 2hLen 2 |
| 29263 | 324 if(messageSize > paddedSize - 2 * hLen - 2) |
| 29264 | 325 return CRYPT_FAIL; |
| 29265 | 326 |
| 29266 | 327 // Hash L even if it is null |
| 29267 | 328 // Offset into padded leaving room for masked seed and byte of zero |
| 29268 | 329 pp = &padded[hLen + 1]; |
| 29269 | 330 retVal = _cpri__HashBlock(hashAlg, lSize, (BYTE *)label, hLen, pp); |
| 29270 | 331 |
| 29271 | 332 // concatenate PS of k mLen 2hLen 2 |
| 29272 | 333 padLen = paddedSize - messageSize - (2 * hLen) - 2; |
| 29273 | 334 memset(&pp[hLen], 0, padLen); |
| 29274 | 335 pp[hLen+padLen] = 0x01; |
| 29275 | 336 padLen += 1; |
| 29276 | 337 memcpy(&pp[hLen+padLen], message, messageSize); |
| 29277 | 338 |
| 29278 | 339 // The total size of db = hLen + pad + mSize; |
| 29279 | 340 dbSize = hLen+padLen+messageSize; |
| 29280 | 341 |
| 29281 | 342 // If testing, then use the provided seed. Otherwise, use values |
| 29282 | 343 // from the RNG |
| 29283 | 344 #ifdef TEST_RSA |
| 29284 | 345 if(testSeed != NULL) |
| 29285 | 346 seed = testSeed; |
| 29286 | 347 else |
| 29287 | 348 #endif // TEST_RSA |
| 29288 | 349 _cpri__GenerateRandom(hLen, mySeed); |
| 29289 | 350 |
| 29290 | 351 // mask = MGF1 (seed, nSize hLen 1) |
| 29291 | 352 if((retVal = _cpri__MGF1(dbSize, mask, hashAlg, hLen, seed)) < 0) |
| 29292 | 353 return retVal; // Don't expect an error because hash size is not zero |
| 29293 | 354 // was detected in the call to _cpri__HashBlock() above. |
| 29294 | 355 |
| 29295 | 356 // Create the masked db |
| 29296 | |
| 29297 | Page 422 TCG Published Family "2.0" |
| 29298 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 29299 | Part 4: Supporting Routines Trusted Platform Module Library |
| 29300 | |
| 29301 | 357 pm = mask; |
| 29302 | 358 for(i = dbSize; i > 0; i--) |
| 29303 | 359 *pp++ ^= *pm++; |
| 29304 | 360 pp = &padded[hLen + 1]; |
| 29305 | 361 |
| 29306 | 362 // Run the masked data through MGF1 |
| 29307 | 363 if((retVal = _cpri__MGF1(hLen, &padded[1], hashAlg, dbSize, pp)) < 0) |
| 29308 | 364 return retVal; // Don't expect zero here as the only case for zero |
| 29309 | 365 // was detected in the call to _cpri__HashBlock() above. |
| 29310 | 366 |
| 29311 | 367 // Now XOR the seed to create masked seed |
| 29312 | 368 pp = &padded[1]; |
| 29313 | 369 pm = seed; |
| 29314 | 370 for(i = hLen; i > 0; i--) |
| 29315 | 371 *pp++ ^= *pm++; |
| 29316 | 372 |
| 29317 | 373 // Set the first byte to zero |
| 29318 | 374 *padded = 0x00; |
| 29319 | 375 return CRYPT_SUCCESS; |
| 29320 | 376 } |
| 29321 | |
| 29322 | |
| 29323 | B.12.1.3.6. OaepDecode() |
| 29324 | |
| 29325 | This function performs OAEP padding checking. The size of the buffer to receive the recovered data. If |
| 29326 | the padding is not valid, the dSize size is set to zero and the function returns CRYPT_NO_RESULTS. |
| 29327 | The dSize parameter is used as an input to indicate the size available in the buffer. If insufficient space is |
| 29328 | available, the size is not changed and the return code is CRYPT_FAIL. |
| 29329 | |
| 29330 | Return Value Meaning |
| 29331 | |
| 29332 | CRYPT_SUCCESS decode complete |
| 29333 | CRYPT_PARAMETER the value to decode was larger than the modulus |
| 29334 | CRYPT_FAIL the padding is wrong or the buffer to receive the results is too small |
| 29335 | |
| 29336 | 377 static CRYPT_RESULT |
| 29337 | 378 OaepDecode( |
| 29338 | 379 UINT32 *dataOutSize, // IN/OUT: the recovered data size |
| 29339 | 380 BYTE *dataOut, // OUT: the recovered data |
| 29340 | 381 TPM_ALG_ID hashAlg, // IN: algorithm to use for padding |
| 29341 | 382 const char *label, // IN: null-terminated string (may be NULL) |
| 29342 | 383 UINT32 paddedSize, // IN: the size of the padded data |
| 29343 | 384 BYTE *padded // IN: the padded data |
| 29344 | 385 ) |
| 29345 | 386 { |
| 29346 | 387 UINT32 dSizeSave; |
| 29347 | 388 UINT32 i; |
| 29348 | 389 BYTE seedMask[MAX_DIGEST_SIZE]; |
| 29349 | 390 INT32 hLen = _cpri__GetDigestSize(hashAlg); |
| 29350 | 391 |
| 29351 | 392 BYTE mask[MAX_RSA_KEY_BYTES]; |
| 29352 | 393 BYTE *pp; |
| 29353 | 394 BYTE *pm; |
| 29354 | 395 UINT32 lSize = 0; |
| 29355 | 396 CRYPT_RESULT retVal = CRYPT_SUCCESS; |
| 29356 | 397 |
| 29357 | 398 // Unknown hash |
| 29358 | 399 pAssert(hLen > 0 && dataOutSize != NULL && dataOut != NULL && padded != NULL); |
| 29359 | 400 |
| 29360 | 401 // If there is a label, get its size including the terminating 0x00 |
| 29361 | 402 if(label != NULL) |
| 29362 | 403 lSize = (UINT32)strlen(label) + 1; |
| 29363 | 404 |
| 29364 | |
| 29365 | Family "2.0" TCG Published Page 423 |
| 29366 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 29367 | Trusted Platform Module Library Part 4: Supporting Routines |
| 29368 | |
| 29369 | 405 // Set the return size to zero so that it doesn't have to be done on each |
| 29370 | 406 // failure |
| 29371 | 407 dSizeSave = *dataOutSize; |
| 29372 | 408 *dataOutSize = 0; |
| 29373 | 409 |
| 29374 | 410 // Strange size (anything smaller can't be an OAEP padded block) |
| 29375 | 411 // Also check for no leading 0 |
| 29376 | 412 if(paddedSize < (unsigned)((2 * hLen) + 2) || *padded != 0) |
| 29377 | 413 return CRYPT_FAIL; |
| 29378 | 414 |
| 29379 | 415 // Use the hash size to determine what to put through MGF1 in order |
| 29380 | 416 // to recover the seedMask |
| 29381 | 417 if((retVal = _cpri__MGF1(hLen, seedMask, hashAlg, |
| 29382 | 418 paddedSize-hLen-1, &padded[hLen+1])) < 0) |
| 29383 | 419 return retVal; |
| 29384 | 420 |
| 29385 | 421 // Recover the seed into seedMask |
| 29386 | 422 pp = &padded[1]; |
| 29387 | 423 pm = seedMask; |
| 29388 | 424 for(i = hLen; i > 0; i--) |
| 29389 | 425 *pm++ ^= *pp++; |
| 29390 | 426 |
| 29391 | 427 // Use the seed to generate the data mask |
| 29392 | 428 if((retVal = _cpri__MGF1(paddedSize-hLen-1, mask, hashAlg, |
| 29393 | 429 hLen, seedMask)) < 0) |
| 29394 | 430 return retVal; |
| 29395 | 431 |
| 29396 | 432 // Use the mask generated from seed to recover the padded data |
| 29397 | 433 pp = &padded[hLen+1]; |
| 29398 | 434 pm = mask; |
| 29399 | 435 for(i = paddedSize-hLen-1; i > 0; i--) |
| 29400 | 436 *pm++ ^= *pp++; |
| 29401 | 437 |
| 29402 | 438 // Make sure that the recovered data has the hash of the label |
| 29403 | 439 // Put trial value in the seed mask |
| 29404 | 440 if((retVal=_cpri__HashBlock(hashAlg, lSize,(BYTE *)label, hLen, seedMask)) < 0) |
| 29405 | 441 return retVal; |
| 29406 | 442 |
| 29407 | 443 if(memcmp(seedMask, mask, hLen) != 0) |
| 29408 | 444 return CRYPT_FAIL; |
| 29409 | 445 |
| 29410 | 446 // find the start of the data |
| 29411 | 447 pm = &mask[hLen]; |
| 29412 | 448 for(i = paddedSize-(2*hLen)-1; i > 0; i--) |
| 29413 | 449 { |
| 29414 | 450 if(*pm++ != 0) |
| 29415 | 451 break; |
| 29416 | 452 } |
| 29417 | 453 if(i == 0) |
| 29418 | 454 return CRYPT_PARAMETER; |
| 29419 | 455 |
| 29420 | 456 // pm should be pointing at the first part of the data |
| 29421 | 457 // and i is one greater than the number of bytes to move |
| 29422 | 458 i--; |
| 29423 | 459 if(i > dSizeSave) |
| 29424 | 460 { |
| 29425 | 461 // Restore dSize |
| 29426 | 462 *dataOutSize = dSizeSave; |
| 29427 | 463 return CRYPT_FAIL; |
| 29428 | 464 } |
| 29429 | 465 memcpy(dataOut, pm, i); |
| 29430 | 466 *dataOutSize = i; |
| 29431 | 467 return CRYPT_SUCCESS; |
| 29432 | 468 } |
| 29433 | |
| 29434 | |
| 29435 | |
| 29436 | Page 424 TCG Published Family "2.0" |
| 29437 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 29438 | Part 4: Supporting Routines Trusted Platform Module Library |
| 29439 | |
| 29440 | B.12.1.3.7. PKSC1v1_5Encode() |
| 29441 | |
| 29442 | This function performs the encoding for RSAES-PKCS1-V1_5-ENCRYPT as defined in PKCS#1V2.1 |
| 29443 | |
| 29444 | Return Value Meaning |
| 29445 | |
| 29446 | CRYPT_SUCCESS data encoded |
| 29447 | CRYPT_PARAMETER message size is too large |
| 29448 | |
| 29449 | 469 static CRYPT_RESULT |
| 29450 | 470 RSAES_PKSC1v1_5Encode( |
| 29451 | 471 UINT32 paddedSize, // IN: pad value size |
| 29452 | 472 BYTE *padded, // OUT: the pad data |
| 29453 | 473 UINT32 messageSize, // IN: the message size |
| 29454 | 474 BYTE *message // IN: the message being padded |
| 29455 | 475 ) |
| 29456 | 476 { |
| 29457 | 477 UINT32 ps = paddedSize - messageSize - 3; |
| 29458 | 478 if(messageSize > paddedSize - 11) |
| 29459 | 479 return CRYPT_PARAMETER; |
| 29460 | 480 |
| 29461 | 481 // move the message to the end of the buffer |
| 29462 | 482 memcpy(&padded[paddedSize - messageSize], message, messageSize); |
| 29463 | 483 |
| 29464 | 484 // Set the first byte to 0x00 and the second to 0x02 |
| 29465 | 485 *padded = 0; |
| 29466 | 486 padded[1] = 2; |
| 29467 | 487 |
| 29468 | 488 // Fill with random bytes |
| 29469 | 489 _cpri__GenerateRandom(ps, &padded[2]); |
| 29470 | 490 |
| 29471 | 491 // Set the delimiter for the random field to 0 |
| 29472 | 492 padded[2+ps] = 0; |
| 29473 | 493 |
| 29474 | 494 // Now, the only messy part. Make sure that all the ps bytes are non-zero |
| 29475 | 495 // In this implementation, use the value of the current index |
| 29476 | 496 for(ps++; ps > 1; ps--) |
| 29477 | 497 { |
| 29478 | 498 if(padded[ps] == 0) |
| 29479 | 499 padded[ps] = 0x55; // In the < 0.5% of the cases that the random |
| 29480 | 500 // value is 0, just pick a value to put into |
| 29481 | 501 // the spot. |
| 29482 | 502 } |
| 29483 | 503 return CRYPT_SUCCESS; |
| 29484 | 504 } |
| 29485 | |
| 29486 | |
| 29487 | B.12.1.3.8. RSAES_Decode() |
| 29488 | |
| 29489 | This function performs the decoding for RSAES-PKCS1-V1_5-ENCRYPT as defined in PKCS#1V2.1 |
| 29490 | |
| 29491 | Return Value Meaning |
| 29492 | |
| 29493 | CRYPT_SUCCESS decode successful |
| 29494 | CRYPT_FAIL decoding error or results would no fit into provided buffer |
| 29495 | |
| 29496 | 505 static CRYPT_RESULT |
| 29497 | 506 RSAES_Decode( |
| 29498 | 507 UINT32 *messageSize, // IN/OUT: recovered message size |
| 29499 | 508 BYTE *message, // OUT: the recovered message |
| 29500 | 509 UINT32 codedSize, // IN: the encoded message size |
| 29501 | 510 BYTE *coded // IN: the encoded message |
| 29502 | 511 ) |
| 29503 | |
| 29504 | Family "2.0" TCG Published Page 425 |
| 29505 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 29506 | Trusted Platform Module Library Part 4: Supporting Routines |
| 29507 | |
| 29508 | 512 { |
| 29509 | 513 BOOL fail = FALSE; |
| 29510 | 514 UINT32 ps; |
| 29511 | 515 |
| 29512 | 516 fail = (codedSize < 11); |
| 29513 | 517 fail |= (coded[0] != 0x00) || (coded[1] != 0x02); |
| 29514 | 518 for(ps = 2; ps < codedSize; ps++) |
| 29515 | 519 { |
| 29516 | 520 if(coded[ps] == 0) |
| 29517 | 521 break; |
| 29518 | 522 } |
| 29519 | 523 ps++; |
| 29520 | 524 |
| 29521 | 525 // Make sure that ps has not gone over the end and that there are at least 8 |
| 29522 | 526 // bytes of pad data. |
| 29523 | 527 fail |= ((ps >= codedSize) || ((ps-2) < 8)); |
| 29524 | 528 if((*messageSize < codedSize - ps) || fail) |
| 29525 | 529 return CRYPT_FAIL; |
| 29526 | 530 |
| 29527 | 531 *messageSize = codedSize - ps; |
| 29528 | 532 memcpy(message, &coded[ps], codedSize - ps); |
| 29529 | 533 return CRYPT_SUCCESS; |
| 29530 | 534 } |
| 29531 | |
| 29532 | |
| 29533 | B.12.1.3.9. PssEncode() |
| 29534 | |
| 29535 | This function creates an encoded block of data that is the size of modulus. The function uses the |
| 29536 | maximum salt size that will fit in the encoded block. |
| 29537 | |
| 29538 | Return Value Meaning |
| 29539 | |
| 29540 | CRYPT_SUCCESS encode successful |
| 29541 | CRYPT_PARAMETER hashAlg is not a supported hash algorithm |
| 29542 | |
| 29543 | 535 static CRYPT_RESULT |
| 29544 | 536 PssEncode ( |
| 29545 | 537 UINT32 eOutSize, // IN: size of the encode data buffer |
| 29546 | 538 BYTE *eOut, // OUT: encoded data buffer |
| 29547 | 539 TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding |
| 29548 | 540 UINT32 hashInSize, // IN: size of digest to encode |
| 29549 | 541 BYTE *hashIn // IN: the digest |
| 29550 | 542 #ifdef TEST_RSA // |
| 29551 | 543 , BYTE *saltIn // IN: optional parameter for testing |
| 29552 | 544 #endif // TEST_RSA // |
| 29553 | 545 ) |
| 29554 | 546 { |
| 29555 | 547 INT32 hLen = _cpri__GetDigestSize(hashAlg); |
| 29556 | 548 BYTE salt[MAX_RSA_KEY_BYTES - 1]; |
| 29557 | 549 UINT16 saltSize; |
| 29558 | 550 BYTE *ps = salt; |
| 29559 | 551 CRYPT_RESULT retVal; |
| 29560 | 552 UINT16 mLen; |
| 29561 | 553 CPRI_HASH_STATE hashState; |
| 29562 | 554 |
| 29563 | 555 // These are fatal errors indicating bad TPM firmware |
| 29564 | 556 pAssert(eOut != NULL && hLen > 0 && hashIn != NULL ); |
| 29565 | 557 |
| 29566 | 558 // Get the size of the mask |
| 29567 | 559 mLen = (UINT16)(eOutSize - hLen - 1); |
| 29568 | 560 |
| 29569 | 561 // Maximum possible salt size is mask length - 1 |
| 29570 | 562 saltSize = mLen - 1; |
| 29571 | 563 |
| 29572 | |
| 29573 | Page 426 TCG Published Family "2.0" |
| 29574 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 29575 | Part 4: Supporting Routines Trusted Platform Module Library |
| 29576 | |
| 29577 | 564 // Use the maximum salt size allowed by FIPS 186-4 |
| 29578 | 565 if(saltSize > hLen) |
| 29579 | 566 saltSize = (UINT16)hLen; |
| 29580 | 567 |
| 29581 | 568 //using eOut for scratch space |
| 29582 | 569 // Set the first 8 bytes to zero |
| 29583 | 570 memset(eOut, 0, 8); |
| 29584 | 571 |
| 29585 | 572 // Get set the salt |
| 29586 | 573 #ifdef TEST_RSA |
| 29587 | 574 if(saltIn != NULL) |
| 29588 | 575 { |
| 29589 | 576 saltSize = hLen; |
| 29590 | 577 memcpy(salt, saltIn, hLen); |
| 29591 | 578 } |
| 29592 | 579 else |
| 29593 | 580 #endif // TEST_RSA |
| 29594 | 581 _cpri__GenerateRandom(saltSize, salt); |
| 29595 | 582 |
| 29596 | 583 // Create the hash of the pad || input hash || salt |
| 29597 | 584 _cpri__StartHash(hashAlg, FALSE, &hashState); |
| 29598 | 585 _cpri__UpdateHash(&hashState, 8, eOut); |
| 29599 | 586 _cpri__UpdateHash(&hashState, hashInSize, hashIn); |
| 29600 | 587 _cpri__UpdateHash(&hashState, saltSize, salt); |
| 29601 | 588 _cpri__CompleteHash(&hashState, hLen, &eOut[eOutSize - hLen - 1]); |
| 29602 | 589 |
| 29603 | 590 // Create a mask |
| 29604 | 591 if((retVal = _cpri__MGF1(mLen, eOut, hashAlg, hLen, &eOut[mLen])) < 0) |
| 29605 | 592 { |
| 29606 | 593 // Currently _cpri__MGF1 is not expected to return a CRYPT_RESULT error. |
| 29607 | 594 pAssert(0); |
| 29608 | 595 } |
| 29609 | 596 // Since this implementation uses key sizes that are all even multiples of |
| 29610 | 597 // 8, just need to make sure that the most significant bit is CLEAR |
| 29611 | 598 eOut[0] &= 0x7f; |
| 29612 | 599 |
| 29613 | 600 // Before we mess up the eOut value, set the last byte to 0xbc |
| 29614 | 601 eOut[eOutSize - 1] = 0xbc; |
| 29615 | 602 |
| 29616 | 603 // XOR a byte of 0x01 at the position just before where the salt will be XOR'ed |
| 29617 | 604 eOut = &eOut[mLen - saltSize - 1]; |
| 29618 | 605 *eOut++ ^= 0x01; |
| 29619 | 606 |
| 29620 | 607 // XOR the salt data into the buffer |
| 29621 | 608 for(; saltSize > 0; saltSize--) |
| 29622 | 609 *eOut++ ^= *ps++; |
| 29623 | 610 |
| 29624 | 611 // and we are done |
| 29625 | 612 return CRYPT_SUCCESS; |
| 29626 | 613 } |
| 29627 | |
| 29628 | |
| 29629 | B.12.1.3.10. PssDecode() |
| 29630 | |
| 29631 | This function checks that the PSS encoded block was built from the provided digest. If the check is |
| 29632 | successful, CRYPT_SUCCESS is returned. Any other value indicates an error. |
| 29633 | This implementation of PSS decoding is intended for the reference TPM implementation and is not at all |
| 29634 | generalized. It is used to check signatures over hashes and assumptions are made about the sizes of |
| 29635 | values. Those assumptions are enforce by this implementation. This implementation does allow for a |
| 29636 | variable size salt value to have been used by the creator of the signature. |
| 29637 | |
| 29638 | |
| 29639 | |
| 29640 | |
| 29641 | Family "2.0" TCG Published Page 427 |
| 29642 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 29643 | Trusted Platform Module Library Part 4: Supporting Routines |
| 29644 | |
| 29645 | |
| 29646 | Return Value Meaning |
| 29647 | |
| 29648 | CRYPT_SUCCESS decode successful |
| 29649 | CRYPT_SCHEME hashAlg is not a supported hash algorithm |
| 29650 | CRYPT_FAIL decode operation failed |
| 29651 | |
| 29652 | 614 static CRYPT_RESULT |
| 29653 | 615 PssDecode( |
| 29654 | 616 TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding |
| 29655 | 617 UINT32 dInSize, // IN: size of the digest to compare |
| 29656 | 618 BYTE *dIn, // In: the digest to compare |
| 29657 | 619 UINT32 eInSize, // IN: size of the encoded data |
| 29658 | 620 BYTE *eIn, // IN: the encoded data |
| 29659 | 621 UINT32 saltSize // IN: the expected size of the salt |
| 29660 | 622 ) |
| 29661 | 623 { |
| 29662 | 624 INT32 hLen = _cpri__GetDigestSize(hashAlg); |
| 29663 | 625 BYTE mask[MAX_RSA_KEY_BYTES]; |
| 29664 | 626 BYTE *pm = mask; |
| 29665 | 627 BYTE pad[8] = {0}; |
| 29666 | 628 UINT32 i; |
| 29667 | 629 UINT32 mLen; |
| 29668 | 630 BOOL fail = FALSE; |
| 29669 | 631 CRYPT_RESULT retVal; |
| 29670 | 632 CPRI_HASH_STATE hashState; |
| 29671 | 633 |
| 29672 | 634 // These errors are indicative of failures due to programmer error |
| 29673 | 635 pAssert(dIn != NULL && eIn != NULL); |
| 29674 | 636 |
| 29675 | 637 // check the hash scheme |
| 29676 | 638 if(hLen == 0) |
| 29677 | 639 return CRYPT_SCHEME; |
| 29678 | 640 |
| 29679 | 641 // most significant bit must be zero |
| 29680 | 642 fail = ((eIn[0] & 0x80) != 0); |
| 29681 | 643 |
| 29682 | 644 // last byte must be 0xbc |
| 29683 | 645 fail |= (eIn[eInSize - 1] != 0xbc); |
| 29684 | 646 |
| 29685 | 647 // Use the hLen bytes at the end of the buffer to generate a mask |
| 29686 | 648 // Doesn't start at the end which is a flag byte |
| 29687 | 649 mLen = eInSize - hLen - 1; |
| 29688 | 650 if((retVal = _cpri__MGF1(mLen, mask, hashAlg, hLen, &eIn[mLen])) < 0) |
| 29689 | 651 return retVal; |
| 29690 | 652 if(retVal == 0) |
| 29691 | 653 return CRYPT_FAIL; |
| 29692 | 654 |
| 29693 | 655 // Clear the MSO of the mask to make it consistent with the encoding. |
| 29694 | 656 mask[0] &= 0x7F; |
| 29695 | 657 |
| 29696 | 658 // XOR the data into the mask to recover the salt. This sequence |
| 29697 | 659 // advances eIn so that it will end up pointing to the seed data |
| 29698 | 660 // which is the hash of the signature data |
| 29699 | 661 for(i = mLen; i > 0; i--) |
| 29700 | 662 *pm++ ^= *eIn++; |
| 29701 | 663 |
| 29702 | 664 // Find the first byte of 0x01 after a string of all 0x00 |
| 29703 | 665 for(pm = mask, i = mLen; i > 0; i--) |
| 29704 | 666 { |
| 29705 | 667 if(*pm == 0x01) |
| 29706 | 668 break; |
| 29707 | 669 else |
| 29708 | 670 fail |= (*pm++ != 0); |
| 29709 | 671 } |
| 29710 | |
| 29711 | Page 428 TCG Published Family "2.0" |
| 29712 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 29713 | Part 4: Supporting Routines Trusted Platform Module Library |
| 29714 | |
| 29715 | 672 fail |= (i == 0); |
| 29716 | 673 |
| 29717 | 674 // if we have failed, will continue using the entire mask as the salt value so |
| 29718 | 675 // that the timing attacks will not disclose anything (I don't think that this |
| 29719 | 676 // is a problem for TPM applications but, usually, we don't fail so this |
| 29720 | 677 // doesn't cost anything). |
| 29721 | 678 if(fail) |
| 29722 | 679 { |
| 29723 | 680 i = mLen; |
| 29724 | 681 pm = mask; |
| 29725 | 682 } |
| 29726 | 683 else |
| 29727 | 684 { |
| 29728 | 685 pm++; |
| 29729 | 686 i--; |
| 29730 | 687 } |
| 29731 | 688 // If the salt size was provided, then the recovered size must match |
| 29732 | 689 fail |= (saltSize != 0 && i != saltSize); |
| 29733 | 690 |
| 29734 | 691 // i contains the salt size and pm points to the salt. Going to use the input |
| 29735 | 692 // hash and the seed to recreate the hash in the lower portion of eIn. |
| 29736 | 693 _cpri__StartHash(hashAlg, FALSE, &hashState); |
| 29737 | 694 |
| 29738 | 695 // add the pad of 8 zeros |
| 29739 | 696 _cpri__UpdateHash(&hashState, 8, pad); |
| 29740 | 697 |
| 29741 | 698 // add the provided digest value |
| 29742 | 699 _cpri__UpdateHash(&hashState, dInSize, dIn); |
| 29743 | 700 |
| 29744 | 701 // and the salt |
| 29745 | 702 _cpri__UpdateHash(&hashState, i, pm); |
| 29746 | 703 |
| 29747 | 704 // get the result |
| 29748 | 705 retVal = _cpri__CompleteHash(&hashState, MAX_DIGEST_SIZE, mask); |
| 29749 | 706 |
| 29750 | 707 // retVal will be the size of the digest or zero. If not equal to the indicated |
| 29751 | 708 // digest size, then the signature doesn't match |
| 29752 | 709 fail |= (retVal != hLen); |
| 29753 | 710 fail |= (memcmp(mask, eIn, hLen) != 0); |
| 29754 | 711 if(fail) |
| 29755 | 712 return CRYPT_FAIL; |
| 29756 | 713 else |
| 29757 | 714 return CRYPT_SUCCESS; |
| 29758 | 715 } |
| 29759 | |
| 29760 | |
| 29761 | B.12.1.3.11. PKSC1v1_5SignEncode() |
| 29762 | |
| 29763 | Encode a message using PKCS1v1().5 method. |
| 29764 | |
| 29765 | Return Value Meaning |
| 29766 | |
| 29767 | CRYPT_SUCCESS encode complete |
| 29768 | CRYPT_SCHEME hashAlg is not a supported hash algorithm |
| 29769 | CRYPT_PARAMETER eOutSize is not large enough or hInSize does not match the digest |
| 29770 | size of hashAlg |
| 29771 | |
| 29772 | 716 static CRYPT_RESULT |
| 29773 | 717 RSASSA_Encode( |
| 29774 | 718 UINT32 eOutSize, // IN: the size of the resulting block |
| 29775 | 719 BYTE *eOut, // OUT: the encoded block |
| 29776 | 720 TPM_ALG_ID hashAlg, // IN: hash algorithm for PKSC1v1_5 |
| 29777 | 721 UINT32 hInSize, // IN: size of hash to be signed |
| 29778 | 722 BYTE *hIn // IN: hash buffer |
| 29779 | |
| 29780 | Family "2.0" TCG Published Page 429 |
| 29781 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 29782 | Trusted Platform Module Library Part 4: Supporting Routines |
| 29783 | |
| 29784 | 723 ) |
| 29785 | 724 { |
| 29786 | 725 BYTE *der; |
| 29787 | 726 INT32 derSize = _cpri__GetHashDER(hashAlg, &der); |
| 29788 | 727 INT32 fillSize; |
| 29789 | 728 |
| 29790 | 729 pAssert(eOut != NULL && hIn != NULL); |
| 29791 | 730 |
| 29792 | 731 // Can't use this scheme if the algorithm doesn't have a DER string defined. |
| 29793 | 732 if(derSize == 0 ) |
| 29794 | 733 return CRYPT_SCHEME; |
| 29795 | 734 |
| 29796 | 735 // If the digest size of 'hashAl' doesn't match the input digest size, then |
| 29797 | 736 // the DER will misidentify the digest so return an error |
| 29798 | 737 if((unsigned)_cpri__GetDigestSize(hashAlg) != hInSize) |
| 29799 | 738 return CRYPT_PARAMETER; |
| 29800 | 739 |
| 29801 | 740 fillSize = eOutSize - derSize - hInSize - 3; |
| 29802 | 741 |
| 29803 | 742 // Make sure that this combination will fit in the provided space |
| 29804 | 743 if(fillSize < 8) |
| 29805 | 744 return CRYPT_PARAMETER; |
| 29806 | 745 // Start filling |
| 29807 | 746 *eOut++ = 0; // initial byte of zero |
| 29808 | 747 *eOut++ = 1; // byte of 0x01 |
| 29809 | 748 for(; fillSize > 0; fillSize--) |
| 29810 | 749 *eOut++ = 0xff; // bunch of 0xff |
| 29811 | 750 *eOut++ = 0; // another 0 |
| 29812 | 751 for(; derSize > 0; derSize--) |
| 29813 | 752 *eOut++ = *der++; // copy the DER |
| 29814 | 753 for(; hInSize > 0; hInSize--) |
| 29815 | 754 *eOut++ = *hIn++; // copy the hash |
| 29816 | 755 return CRYPT_SUCCESS; |
| 29817 | 756 } |
| 29818 | |
| 29819 | |
| 29820 | B.12.1.3.12. RSASSA_Decode() |
| 29821 | |
| 29822 | This function performs the RSASSA decoding of a signature. |
| 29823 | |
| 29824 | Return Value Meaning |
| 29825 | |
| 29826 | CRYPT_SUCCESS decode successful |
| 29827 | CRYPT_FAIL decode unsuccessful |
| 29828 | CRYPT_SCHEME haslAlg is not supported |
| 29829 | |
| 29830 | 757 static CRYPT_RESULT |
| 29831 | 758 RSASSA_Decode( |
| 29832 | 759 TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding |
| 29833 | 760 UINT32 hInSize, // IN: size of the digest to compare |
| 29834 | 761 BYTE *hIn, // In: the digest to compare |
| 29835 | 762 UINT32 eInSize, // IN: size of the encoded data |
| 29836 | 763 BYTE *eIn // IN: the encoded data |
| 29837 | 764 ) |
| 29838 | 765 { |
| 29839 | 766 BOOL fail = FALSE; |
| 29840 | 767 BYTE *der; |
| 29841 | 768 INT32 derSize = _cpri__GetHashDER(hashAlg, &der); |
| 29842 | 769 INT32 hashSize = _cpri__GetDigestSize(hashAlg); |
| 29843 | 770 INT32 fillSize; |
| 29844 | 771 |
| 29845 | 772 pAssert(hIn != NULL && eIn != NULL); |
| 29846 | 773 |
| 29847 | 774 // Can't use this scheme if the algorithm doesn't have a DER string |
| 29848 | |
| 29849 | Page 430 TCG Published Family "2.0" |
| 29850 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 29851 | Part 4: Supporting Routines Trusted Platform Module Library |
| 29852 | |
| 29853 | 775 // defined or if the provided hash isn't the right size |
| 29854 | 776 if(derSize == 0 || (unsigned)hashSize != hInSize) |
| 29855 | 777 return CRYPT_SCHEME; |
| 29856 | 778 |
| 29857 | 779 // Make sure that this combination will fit in the provided space |
| 29858 | 780 // Since no data movement takes place, can just walk though this |
| 29859 | 781 // and accept nearly random values. This can only be called from |
| 29860 | 782 // _cpri__ValidateSignature() so eInSize is known to be in range. |
| 29861 | 783 fillSize = eInSize - derSize - hashSize - 3; |
| 29862 | 784 |
| 29863 | 785 // Start checking |
| 29864 | 786 fail |= (*eIn++ != 0); // initial byte of zero |
| 29865 | 787 fail |= (*eIn++ != 1); // byte of 0x01 |
| 29866 | 788 for(; fillSize > 0; fillSize--) |
| 29867 | 789 fail |= (*eIn++ != 0xff); // bunch of 0xff |
| 29868 | 790 fail |= (*eIn++ != 0); // another 0 |
| 29869 | 791 for(; derSize > 0; derSize--) |
| 29870 | 792 fail |= (*eIn++ != *der++); // match the DER |
| 29871 | 793 for(; hInSize > 0; hInSize--) |
| 29872 | 794 fail |= (*eIn++ != *hIn++); // match the hash |
| 29873 | 795 if(fail) |
| 29874 | 796 return CRYPT_FAIL; |
| 29875 | 797 return CRYPT_SUCCESS; |
| 29876 | 798 } |
| 29877 | |
| 29878 | |
| 29879 | B.12.1.4. Externally Accessible Functions |
| 29880 | |
| 29881 | B.12.1.4.1. _cpri__RsaStartup() |
| 29882 | |
| 29883 | Function that is called to initialize the hash service. In this implementation, this function does nothing but |
| 29884 | it is called by the CryptUtilStartup() function and must be present. |
| 29885 | |
| 29886 | 799 LIB_EXPORT BOOL |
| 29887 | 800 _cpri__RsaStartup( |
| 29888 | 801 void |
| 29889 | 802 ) |
| 29890 | 803 { |
| 29891 | 804 return TRUE; |
| 29892 | 805 } |
| 29893 | |
| 29894 | |
| 29895 | B.12.1.4.2. _cpri__EncryptRSA() |
| 29896 | |
| 29897 | This is the entry point for encryption using RSA. Encryption is use of the public exponent. The padding |
| 29898 | parameter determines what padding will be used. |
| 29899 | The cOutSize parameter must be at least as large as the size of the key. |
| 29900 | If the padding is RSA_PAD_NONE, dIn is treaded as a number. It must be lower in value than the key |
| 29901 | modulus. |
| 29902 | |
| 29903 | |
| 29904 | |
| 29905 | |
| 29906 | Family "2.0" TCG Published Page 431 |
| 29907 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 29908 | Trusted Platform Module Library Part 4: Supporting Routines |
| 29909 | |
| 29910 | NOTE: If dIn has fewer bytes than cOut, then we don't add low-order zeros to dIn to make it the size of the RSA key for |
| 29911 | the call to RSAEP. This is because the high order bytes of dIn might have a numeric value that is greater than |
| 29912 | the value of the key modulus. If this had low-order zeros added, it would have a numeric value larger than the |
| 29913 | modulus even though it started out with a lower numeric value. |
| 29914 | |
| 29915 | |
| 29916 | Return Value Meaning |
| 29917 | |
| 29918 | CRYPT_SUCCESS encryption complete |
| 29919 | CRYPT_PARAMETER cOutSize is too small (must be the size of the modulus) |
| 29920 | CRYPT_SCHEME padType is not a supported scheme |
| 29921 | |
| 29922 | 806 LIB_EXPORT CRYPT_RESULT |
| 29923 | 807 _cpri__EncryptRSA( |
| 29924 | 808 UINT32 *cOutSize, // OUT: the size of the encrypted data |
| 29925 | 809 BYTE *cOut, // OUT: the encrypted data |
| 29926 | 810 RSA_KEY *key, // IN: the key to use for encryption |
| 29927 | 811 TPM_ALG_ID padType, // IN: the type of padding |
| 29928 | 812 UINT32 dInSize, // IN: the amount of data to encrypt |
| 29929 | 813 BYTE *dIn, // IN: the data to encrypt |
| 29930 | 814 TPM_ALG_ID hashAlg, // IN: in case this is needed |
| 29931 | 815 const char *label // IN: in case it is needed |
| 29932 | 816 ) |
| 29933 | 817 { |
| 29934 | 818 CRYPT_RESULT retVal = CRYPT_SUCCESS; |
| 29935 | 819 |
| 29936 | 820 pAssert(cOutSize != NULL); |
| 29937 | 821 |
| 29938 | 822 // All encryption schemes return the same size of data |
| 29939 | 823 if(*cOutSize < key->publicKey->size) |
| 29940 | 824 return CRYPT_PARAMETER; |
| 29941 | 825 *cOutSize = key->publicKey->size; |
| 29942 | 826 |
| 29943 | 827 switch (padType) |
| 29944 | 828 { |
| 29945 | 829 case TPM_ALG_NULL: // 'raw' encryption |
| 29946 | 830 { |
| 29947 | 831 // dIn can have more bytes than cOut as long as the extra bytes |
| 29948 | 832 // are zero |
| 29949 | 833 for(; dInSize > *cOutSize; dInSize--) |
| 29950 | 834 { |
| 29951 | 835 if(*dIn++ != 0) |
| 29952 | 836 return CRYPT_PARAMETER; |
| 29953 | 837 |
| 29954 | 838 } |
| 29955 | 839 // If dIn is smaller than cOut, fill cOut with zeros |
| 29956 | 840 if(dInSize < *cOutSize) |
| 29957 | 841 memset(cOut, 0, *cOutSize - dInSize); |
| 29958 | 842 |
| 29959 | 843 // Copy the rest of the value |
| 29960 | 844 memcpy(&cOut[*cOutSize-dInSize], dIn, dInSize); |
| 29961 | 845 // If the size of dIn is the same as cOut dIn could be larger than |
| 29962 | 846 // the modulus. If it is, then RSAEP() will catch it. |
| 29963 | 847 } |
| 29964 | 848 break; |
| 29965 | 849 case TPM_ALG_RSAES: |
| 29966 | 850 retVal = RSAES_PKSC1v1_5Encode(*cOutSize, cOut, dInSize, dIn); |
| 29967 | 851 break; |
| 29968 | 852 case TPM_ALG_OAEP: |
| 29969 | 853 retVal = OaepEncode(*cOutSize, cOut, hashAlg, label, dInSize, dIn |
| 29970 | 854 #ifdef TEST_RSA |
| 29971 | 855 ,NULL |
| 29972 | 856 #endif |
| 29973 | 857 ); |
| 29974 | 858 break; |
| 29975 | |
| 29976 | Page 432 TCG Published Family "2.0" |
| 29977 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 29978 | Part 4: Supporting Routines Trusted Platform Module Library |
| 29979 | |
| 29980 | 859 default: |
| 29981 | 860 return CRYPT_SCHEME; |
| 29982 | 861 } |
| 29983 | 862 // All the schemes that do padding will come here for the encryption step |
| 29984 | 863 // Check that the Encoding worked |
| 29985 | 864 if(retVal != CRYPT_SUCCESS) |
| 29986 | 865 return retVal; |
| 29987 | 866 |
| 29988 | 867 // Padding OK so do the encryption |
| 29989 | 868 return RSAEP(*cOutSize, cOut, key); |
| 29990 | 869 } |
| 29991 | |
| 29992 | |
| 29993 | B.12.1.4.3. _cpri__DecryptRSA() |
| 29994 | |
| 29995 | This is the entry point for decryption using RSA. Decryption is use of the private exponent. The padType |
| 29996 | parameter determines what padding was used. |
| 29997 | |
| 29998 | Return Value Meaning |
| 29999 | |
| 30000 | CRYPT_SUCCESS successful completion |
| 30001 | CRYPT_PARAMETER cInSize is not the same as the size of the public modulus of key; or |
| 30002 | numeric value of the encrypted data is greater than the modulus |
| 30003 | CRYPT_FAIL dOutSize is not large enough for the result |
| 30004 | CRYPT_SCHEME padType is not supported |
| 30005 | |
| 30006 | 870 LIB_EXPORT CRYPT_RESULT |
| 30007 | 871 _cpri__DecryptRSA( |
| 30008 | 872 UINT32 *dOutSize, // OUT: the size of the decrypted data |
| 30009 | 873 BYTE *dOut, // OUT: the decrypted data |
| 30010 | 874 RSA_KEY *key, // IN: the key to use for decryption |
| 30011 | 875 TPM_ALG_ID padType, // IN: the type of padding |
| 30012 | 876 UINT32 cInSize, // IN: the amount of data to decrypt |
| 30013 | 877 BYTE *cIn, // IN: the data to decrypt |
| 30014 | 878 TPM_ALG_ID hashAlg, // IN: in case this is needed for the scheme |
| 30015 | 879 const char *label // IN: in case it is needed for the scheme |
| 30016 | 880 ) |
| 30017 | 881 { |
| 30018 | 882 CRYPT_RESULT retVal; |
| 30019 | 883 |
| 30020 | 884 // Make sure that the necessary parameters are provided |
| 30021 | 885 pAssert(cIn != NULL && dOut != NULL && dOutSize != NULL && key != NULL); |
| 30022 | 886 |
| 30023 | 887 // Size is checked to make sure that the decryption works properly |
| 30024 | 888 if(cInSize != key->publicKey->size) |
| 30025 | 889 return CRYPT_PARAMETER; |
| 30026 | 890 |
| 30027 | 891 // For others that do padding, do the decryption in place and then |
| 30028 | 892 // go handle the decoding. |
| 30029 | 893 if((retVal = RSADP(cInSize, cIn, key)) != CRYPT_SUCCESS) |
| 30030 | 894 return retVal; // Decryption failed |
| 30031 | 895 |
| 30032 | 896 // Remove padding |
| 30033 | 897 switch (padType) |
| 30034 | 898 { |
| 30035 | 899 case TPM_ALG_NULL: |
| 30036 | 900 if(*dOutSize < key->publicKey->size) |
| 30037 | 901 return CRYPT_FAIL; |
| 30038 | 902 *dOutSize = key->publicKey->size; |
| 30039 | 903 memcpy(dOut, cIn, *dOutSize); |
| 30040 | 904 return CRYPT_SUCCESS; |
| 30041 | 905 case TPM_ALG_RSAES: |
| 30042 | 906 return RSAES_Decode(dOutSize, dOut, cInSize, cIn); |
| 30043 | |
| 30044 | Family "2.0" TCG Published Page 433 |
| 30045 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 30046 | Trusted Platform Module Library Part 4: Supporting Routines |
| 30047 | |
| 30048 | 907 break; |
| 30049 | 908 case TPM_ALG_OAEP: |
| 30050 | 909 return OaepDecode(dOutSize, dOut, hashAlg, label, cInSize, cIn); |
| 30051 | 910 break; |
| 30052 | 911 default: |
| 30053 | 912 return CRYPT_SCHEME; |
| 30054 | 913 break; |
| 30055 | 914 } |
| 30056 | 915 } |
| 30057 | |
| 30058 | |
| 30059 | B.12.1.4.4. _cpri__SignRSA() |
| 30060 | |
| 30061 | This function is used to generate an RSA signature of the type indicated in scheme. |
| 30062 | |
| 30063 | Return Value Meaning |
| 30064 | |
| 30065 | CRYPT_SUCCESS sign operation completed normally |
| 30066 | CRYPT_SCHEME scheme or hashAlg are not supported |
| 30067 | CRYPT_PARAMETER hInSize does not match hashAlg (for RSASSA) |
| 30068 | |
| 30069 | 916 LIB_EXPORT CRYPT_RESULT |
| 30070 | 917 _cpri__SignRSA( |
| 30071 | 918 UINT32 *sigOutSize, // OUT: size of signature |
| 30072 | 919 BYTE *sigOut, // OUT: signature |
| 30073 | 920 RSA_KEY *key, // IN: key to use |
| 30074 | 921 TPM_ALG_ID scheme, // IN: the scheme to use |
| 30075 | 922 TPM_ALG_ID hashAlg, // IN: hash algorithm for PKSC1v1_5 |
| 30076 | 923 UINT32 hInSize, // IN: size of digest to be signed |
| 30077 | 924 BYTE *hIn // IN: digest buffer |
| 30078 | 925 ) |
| 30079 | 926 { |
| 30080 | 927 CRYPT_RESULT retVal; |
| 30081 | 928 |
| 30082 | 929 // Parameter checks |
| 30083 | 930 pAssert(sigOutSize != NULL && sigOut != NULL && key != NULL && hIn != NULL); |
| 30084 | 931 |
| 30085 | 932 // For all signatures the size is the size of the key modulus |
| 30086 | 933 *sigOutSize = key->publicKey->size; |
| 30087 | 934 switch (scheme) |
| 30088 | 935 { |
| 30089 | 936 case TPM_ALG_NULL: |
| 30090 | 937 *sigOutSize = 0; |
| 30091 | 938 return CRYPT_SUCCESS; |
| 30092 | 939 case TPM_ALG_RSAPSS: |
| 30093 | 940 // PssEncode can return CRYPT_PARAMETER |
| 30094 | 941 retVal = PssEncode(*sigOutSize, sigOut, hashAlg, hInSize, hIn |
| 30095 | 942 #ifdef TEST_RSA |
| 30096 | 943 , NULL |
| 30097 | 944 #endif |
| 30098 | 945 ); |
| 30099 | 946 break; |
| 30100 | 947 case TPM_ALG_RSASSA: |
| 30101 | 948 // RSASSA_Encode can return CRYPT_PARAMETER or CRYPT_SCHEME |
| 30102 | 949 retVal = RSASSA_Encode(*sigOutSize, sigOut, hashAlg, hInSize, hIn); |
| 30103 | 950 break; |
| 30104 | 951 default: |
| 30105 | 952 return CRYPT_SCHEME; |
| 30106 | 953 } |
| 30107 | 954 if(retVal != CRYPT_SUCCESS) |
| 30108 | 955 return retVal; |
| 30109 | 956 // Do the encryption using the private key |
| 30110 | 957 // RSADP can return CRYPT_PARAMETR |
| 30111 | 958 return RSADP(*sigOutSize,sigOut, key); |
| 30112 | |
| 30113 | Page 434 TCG Published Family "2.0" |
| 30114 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 30115 | Part 4: Supporting Routines Trusted Platform Module Library |
| 30116 | |
| 30117 | 959 } |
| 30118 | |
| 30119 | |
| 30120 | B.12.1.4.5. _cpri__ValidateSignatureRSA() |
| 30121 | |
| 30122 | This function is used to validate an RSA signature. If the signature is valid CRYPT_SUCCESS is |
| 30123 | returned. If the signature is not valid, CRYPT_FAIL is returned. Other return codes indicate either |
| 30124 | parameter problems or fatal errors. |
| 30125 | |
| 30126 | Return Value Meaning |
| 30127 | |
| 30128 | CRYPT_SUCCESS the signature checks |
| 30129 | CRYPT_FAIL the signature does not check |
| 30130 | CRYPT_SCHEME unsupported scheme or hash algorithm |
| 30131 | |
| 30132 | 960 LIB_EXPORT CRYPT_RESULT |
| 30133 | 961 _cpri__ValidateSignatureRSA( |
| 30134 | 962 RSA_KEY *key, // IN: key to use |
| 30135 | 963 TPM_ALG_ID scheme, // IN: the scheme to use |
| 30136 | 964 TPM_ALG_ID hashAlg, // IN: hash algorithm |
| 30137 | 965 UINT32 hInSize, // IN: size of digest to be checked |
| 30138 | 966 BYTE *hIn, // IN: digest buffer |
| 30139 | 967 UINT32 sigInSize, // IN: size of signature |
| 30140 | 968 BYTE *sigIn, // IN: signature |
| 30141 | 969 UINT16 saltSize // IN: salt size for PSS |
| 30142 | 970 ) |
| 30143 | 971 { |
| 30144 | 972 CRYPT_RESULT retVal; |
| 30145 | 973 |
| 30146 | 974 // Fatal programming errors |
| 30147 | 975 pAssert(key != NULL && sigIn != NULL && hIn != NULL); |
| 30148 | 976 |
| 30149 | 977 // Errors that might be caused by calling parameters |
| 30150 | 978 if(sigInSize != key->publicKey->size) |
| 30151 | 979 return CRYPT_FAIL; |
| 30152 | 980 // Decrypt the block |
| 30153 | 981 if((retVal = RSAEP(sigInSize, sigIn, key)) != CRYPT_SUCCESS) |
| 30154 | 982 return CRYPT_FAIL; |
| 30155 | 983 switch (scheme) |
| 30156 | 984 { |
| 30157 | 985 case TPM_ALG_NULL: |
| 30158 | 986 return CRYPT_SCHEME; |
| 30159 | 987 break; |
| 30160 | 988 case TPM_ALG_RSAPSS: |
| 30161 | 989 return PssDecode(hashAlg, hInSize, hIn, sigInSize, sigIn, saltSize); |
| 30162 | 990 break; |
| 30163 | 991 case TPM_ALG_RSASSA: |
| 30164 | 992 return RSASSA_Decode(hashAlg, hInSize, hIn, sigInSize, sigIn); |
| 30165 | 993 break; |
| 30166 | 994 default: |
| 30167 | 995 break; |
| 30168 | 996 } |
| 30169 | 997 return CRYPT_SCHEME; |
| 30170 | 998 } |
| 30171 | 999 #ifndef RSA_KEY_SIEVE |
| 30172 | |
| 30173 | |
| 30174 | B.12.1.4.6. _cpri__GenerateKeyRSA() |
| 30175 | |
| 30176 | Generate an RSA key from a provided seed |
| 30177 | |
| 30178 | |
| 30179 | |
| 30180 | |
| 30181 | Family "2.0" TCG Published Page 435 |
| 30182 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 30183 | Trusted Platform Module Library Part 4: Supporting Routines |
| 30184 | |
| 30185 | |
| 30186 | Return Value Meaning |
| 30187 | |
| 30188 | CRYPT_FAIL exponent is not prime or is less than 3; or could not find a prime using |
| 30189 | the provided parameters |
| 30190 | CRYPT_CANCEL operation was canceled |
| 30191 | |
| 30192 | 1000 LIB_EXPORT CRYPT_RESULT |
| 30193 | 1001 _cpri__GenerateKeyRSA( |
| 30194 | 1002 TPM2B *n, // OUT: The public modulu |
| 30195 | 1003 TPM2B *p, // OUT: One of the prime factors of n |
| 30196 | 1004 UINT16 keySizeInBits, // IN: Size of the public modulus in bit |
| 30197 | 1005 UINT32 e, // IN: The public exponent |
| 30198 | 1006 TPM_ALG_ID hashAlg, // IN: hash algorithm to use in the key |
| 30199 | 1007 // generation proce |
| 30200 | 1008 TPM2B *seed, // IN: the seed to use |
| 30201 | 1009 const char *label, // IN: A label for the generation process. |
| 30202 | 1010 TPM2B *extra, // IN: Party 1 data for the KDF |
| 30203 | 1011 UINT32 *counter // IN/OUT: Counter value to allow KFD iteration |
| 30204 | 1012 // to be propagated across multiple routine |
| 30205 | 1013 ) |
| 30206 | 1014 { |
| 30207 | 1015 UINT32 lLen; // length of the label |
| 30208 | 1016 // (counting the terminating 0); |
| 30209 | 1017 UINT16 digestSize = _cpri__GetDigestSize(hashAlg); |
| 30210 | 1018 |
| 30211 | 1019 TPM2B_HASH_BLOCK oPadKey; |
| 30212 | 1020 |
| 30213 | 1021 UINT32 outer; |
| 30214 | 1022 UINT32 inner; |
| 30215 | 1023 BYTE swapped[4]; |
| 30216 | 1024 |
| 30217 | 1025 CRYPT_RESULT retVal; |
| 30218 | 1026 int i, fill; |
| 30219 | 1027 const static char defaultLabel[] = "RSA key"; |
| 30220 | 1028 BYTE *pb; |
| 30221 | 1029 |
| 30222 | 1030 CPRI_HASH_STATE h1; // contains the hash of the |
| 30223 | 1031 // HMAC key w/ iPad |
| 30224 | 1032 CPRI_HASH_STATE h2; // contains the hash of the |
| 30225 | 1033 // HMAC key w/ oPad |
| 30226 | 1034 CPRI_HASH_STATE h; // the working hash context |
| 30227 | 1035 |
| 30228 | 1036 BIGNUM *bnP; |
| 30229 | 1037 BIGNUM *bnQ; |
| 30230 | 1038 BIGNUM *bnT; |
| 30231 | 1039 BIGNUM *bnE; |
| 30232 | 1040 BIGNUM *bnN; |
| 30233 | 1041 BN_CTX *context; |
| 30234 | 1042 UINT32 rem; |
| 30235 | 1043 |
| 30236 | 1044 // Make sure that hashAlg is valid hash |
| 30237 | 1045 pAssert(digestSize != 0); |
| 30238 | 1046 |
| 30239 | 1047 // if present, use externally provided counter |
| 30240 | 1048 if(counter != NULL) |
| 30241 | 1049 outer = *counter; |
| 30242 | 1050 else |
| 30243 | 1051 outer = 1; |
| 30244 | 1052 |
| 30245 | 1053 // Validate exponent |
| 30246 | 1054 UINT32_TO_BYTE_ARRAY(e, swapped); |
| 30247 | 1055 |
| 30248 | 1056 // Need to check that the exponent is prime and not less than 3 |
| 30249 | 1057 if( e != 0 && (e < 3 || !_math__IsPrime(e))) |
| 30250 | |
| 30251 | Page 436 TCG Published Family "2.0" |
| 30252 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 30253 | Part 4: Supporting Routines Trusted Platform Module Library |
| 30254 | |
| 30255 | 1058 return CRYPT_FAIL; |
| 30256 | 1059 |
| 30257 | 1060 // Get structures for the big number representations |
| 30258 | 1061 context = BN_CTX_new(); |
| 30259 | 1062 if(context == NULL) |
| 30260 | 1063 FAIL(FATAL_ERROR_ALLOCATION); |
| 30261 | 1064 BN_CTX_start(context); |
| 30262 | 1065 bnP = BN_CTX_get(context); |
| 30263 | 1066 bnQ = BN_CTX_get(context); |
| 30264 | 1067 bnT = BN_CTX_get(context); |
| 30265 | 1068 bnE = BN_CTX_get(context); |
| 30266 | 1069 bnN = BN_CTX_get(context); |
| 30267 | 1070 if(bnN == NULL) |
| 30268 | 1071 FAIL(FATAL_ERROR_INTERNAL); |
| 30269 | 1072 |
| 30270 | 1073 // Set Q to zero. This is used as a flag. The prime is computed in P. When a |
| 30271 | 1074 // new prime is found, Q is checked to see if it is zero. If so, P is copied |
| 30272 | 1075 // to Q and a new P is found. When both P and Q are non-zero, the modulus and |
| 30273 | 1076 // private exponent are computed and a trial encryption/decryption is |
| 30274 | 1077 // performed. If the encrypt/decrypt fails, assume that at least one of the |
| 30275 | 1078 // primes is composite. Since we don't know which one, set Q to zero and start |
| 30276 | 1079 // over and find a new pair of primes. |
| 30277 | 1080 BN_zero(bnQ); |
| 30278 | 1081 |
| 30279 | 1082 // Need to have some label |
| 30280 | 1083 if(label == NULL) |
| 30281 | 1084 label = (const char *)&defaultLabel; |
| 30282 | 1085 // Get the label size |
| 30283 | 1086 for(lLen = 0; label[lLen++] != 0;); |
| 30284 | 1087 |
| 30285 | 1088 // Start the hash using the seed and get the intermediate hash value |
| 30286 | 1089 _cpri__StartHMAC(hashAlg, FALSE, &h1, seed->size, seed->buffer, &oPadKey.b); |
| 30287 | 1090 _cpri__StartHash(hashAlg, FALSE, &h2); |
| 30288 | 1091 _cpri__UpdateHash(&h2, oPadKey.b.size, oPadKey.b.buffer); |
| 30289 | 1092 |
| 30290 | 1093 n->size = (keySizeInBits +7)/8; |
| 30291 | 1094 pAssert(n->size <= MAX_RSA_KEY_BYTES); |
| 30292 | 1095 p->size = n->size / 2; |
| 30293 | 1096 if(e == 0) |
| 30294 | 1097 e = RSA_DEFAULT_PUBLIC_EXPONENT; |
| 30295 | 1098 |
| 30296 | 1099 BN_set_word(bnE, e); |
| 30297 | 1100 |
| 30298 | 1101 // The first test will increment the counter from zero. |
| 30299 | 1102 for(outer += 1; outer != 0; outer++) |
| 30300 | 1103 { |
| 30301 | 1104 if(_plat__IsCanceled()) |
| 30302 | 1105 { |
| 30303 | 1106 retVal = CRYPT_CANCEL; |
| 30304 | 1107 goto Cleanup; |
| 30305 | 1108 } |
| 30306 | 1109 |
| 30307 | 1110 // Need to fill in the candidate with the hash |
| 30308 | 1111 fill = digestSize; |
| 30309 | 1112 pb = p->buffer; |
| 30310 | 1113 |
| 30311 | 1114 // Reset the inner counter |
| 30312 | 1115 inner = 0; |
| 30313 | 1116 for(i = p->size; i > 0; i -= digestSize) |
| 30314 | 1117 { |
| 30315 | 1118 inner++; |
| 30316 | 1119 // Initialize the HMAC with saved state |
| 30317 | 1120 _cpri__CopyHashState(&h, &h1); |
| 30318 | 1121 |
| 30319 | 1122 // Hash the inner counter (the one that changes on each HMAC iteration) |
| 30320 | 1123 UINT32_TO_BYTE_ARRAY(inner, swapped); |
| 30321 | |
| 30322 | Family "2.0" TCG Published Page 437 |
| 30323 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 30324 | Trusted Platform Module Library Part 4: Supporting Routines |
| 30325 | |
| 30326 | 1124 _cpri__UpdateHash(&h, 4, swapped); |
| 30327 | 1125 _cpri__UpdateHash(&h, lLen, (BYTE *)label); |
| 30328 | 1126 |
| 30329 | 1127 // Is there any party 1 data |
| 30330 | 1128 if(extra != NULL) |
| 30331 | 1129 _cpri__UpdateHash(&h, extra->size, extra->buffer); |
| 30332 | 1130 |
| 30333 | 1131 // Include the outer counter (the one that changes on each prime |
| 30334 | 1132 // prime candidate generation |
| 30335 | 1133 UINT32_TO_BYTE_ARRAY(outer, swapped); |
| 30336 | 1134 _cpri__UpdateHash(&h, 4, swapped); |
| 30337 | 1135 _cpri__UpdateHash(&h, 2, (BYTE *)&keySizeInBits); |
| 30338 | 1136 if(i < fill) |
| 30339 | 1137 fill = i; |
| 30340 | 1138 _cpri__CompleteHash(&h, fill, pb); |
| 30341 | 1139 |
| 30342 | 1140 // Restart the oPad hash |
| 30343 | 1141 _cpri__CopyHashState(&h, &h2); |
| 30344 | 1142 |
| 30345 | 1143 // Add the last hashed data |
| 30346 | 1144 _cpri__UpdateHash(&h, fill, pb); |
| 30347 | 1145 |
| 30348 | 1146 // gives a completed HMAC |
| 30349 | 1147 _cpri__CompleteHash(&h, fill, pb); |
| 30350 | 1148 pb += fill; |
| 30351 | 1149 } |
| 30352 | 1150 // Set the Most significant 2 bits and the low bit of the candidate |
| 30353 | 1151 p->buffer[0] |= 0xC0; |
| 30354 | 1152 p->buffer[p->size - 1] |= 1; |
| 30355 | 1153 |
| 30356 | 1154 // Convert the candidate to a BN |
| 30357 | 1155 BN_bin2bn(p->buffer, p->size, bnP); |
| 30358 | 1156 |
| 30359 | 1157 // If this is the second prime, make sure that it differs from the |
| 30360 | 1158 // first prime by at least 2^100 |
| 30361 | 1159 if(!BN_is_zero(bnQ)) |
| 30362 | 1160 { |
| 30363 | 1161 // bnQ is non-zero if we already found it |
| 30364 | 1162 if(BN_ucmp(bnP, bnQ) < 0) |
| 30365 | 1163 BN_sub(bnT, bnQ, bnP); |
| 30366 | 1164 else |
| 30367 | 1165 BN_sub(bnT, bnP, bnQ); |
| 30368 | 1166 if(BN_num_bits(bnT) < 100) // Difference has to be at least 100 bits |
| 30369 | 1167 continue; |
| 30370 | 1168 } |
| 30371 | 1169 // Make sure that the prime candidate (p) is not divisible by the exponent |
| 30372 | 1170 // and that (p-1) is not divisible by the exponent |
| 30373 | 1171 // Get the remainder after dividing by the modulus |
| 30374 | 1172 rem = BN_mod_word(bnP, e); |
| 30375 | 1173 if(rem == 0) // evenly divisible so add two keeping the number odd and |
| 30376 | 1174 // making sure that 1 != p mod e |
| 30377 | 1175 BN_add_word(bnP, 2); |
| 30378 | 1176 else if(rem == 1) // leaves a remainder of 1 so subtract two keeping the |
| 30379 | 1177 // number odd and making (e-1) = p mod e |
| 30380 | 1178 BN_sub_word(bnP, 2); |
| 30381 | 1179 |
| 30382 | 1180 // Have a candidate, check for primality |
| 30383 | 1181 if((retVal = (CRYPT_RESULT)BN_is_prime_ex(bnP, |
| 30384 | 1182 BN_prime_checks, NULL, NULL)) < 0) |
| 30385 | 1183 FAIL(FATAL_ERROR_INTERNAL); |
| 30386 | 1184 |
| 30387 | 1185 if(retVal != 1) |
| 30388 | 1186 continue; |
| 30389 | 1187 |
| 30390 | 1188 // Found a prime, is this the first or second. |
| 30391 | 1189 if(BN_is_zero(bnQ)) |
| 30392 | |
| 30393 | Page 438 TCG Published Family "2.0" |
| 30394 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 30395 | Part 4: Supporting Routines Trusted Platform Module Library |
| 30396 | |
| 30397 | 1190 { |
| 30398 | 1191 // copy p to q and compute another prime in p |
| 30399 | 1192 BN_copy(bnQ, bnP); |
| 30400 | 1193 continue; |
| 30401 | 1194 } |
| 30402 | 1195 //Form the public modulus |
| 30403 | 1196 BN_mul(bnN, bnP, bnQ, context); |
| 30404 | 1197 if(BN_num_bits(bnN) != keySizeInBits) |
| 30405 | 1198 FAIL(FATAL_ERROR_INTERNAL); |
| 30406 | 1199 |
| 30407 | 1200 // Save the public modulus |
| 30408 | 1201 BnTo2B(n, bnN, n->size); // Will pad the buffer to the correct size |
| 30409 | 1202 pAssert((n->buffer[0] & 0x80) != 0); |
| 30410 | 1203 |
| 30411 | 1204 // And one prime |
| 30412 | 1205 BnTo2B(p, bnP, p->size); |
| 30413 | 1206 pAssert((p->buffer[0] & 0x80) != 0); |
| 30414 | 1207 |
| 30415 | 1208 // Finish by making sure that we can form the modular inverse of PHI |
| 30416 | 1209 // with respect to the public exponent |
| 30417 | 1210 // Compute PHI = (p - 1)(q - 1) = n - p - q + 1 |
| 30418 | 1211 // Make sure that we can form the modular inverse |
| 30419 | 1212 BN_sub(bnT, bnN, bnP); |
| 30420 | 1213 BN_sub(bnT, bnT, bnQ); |
| 30421 | 1214 BN_add_word(bnT, 1); |
| 30422 | 1215 |
| 30423 | 1216 // find d such that (Phi * d) mod e ==1 |
| 30424 | 1217 // If there isn't then we are broken because we took the step |
| 30425 | 1218 // of making sure that the prime != 1 mod e so the modular inverse |
| 30426 | 1219 // must exist |
| 30427 | 1220 if(BN_mod_inverse(bnT, bnE, bnT, context) == NULL || BN_is_zero(bnT)) |
| 30428 | 1221 FAIL(FATAL_ERROR_INTERNAL); |
| 30429 | 1222 |
| 30430 | 1223 // And, finally, do a trial encryption decryption |
| 30431 | 1224 { |
| 30432 | 1225 TPM2B_TYPE(RSA_KEY, MAX_RSA_KEY_BYTES); |
| 30433 | 1226 TPM2B_RSA_KEY r; |
| 30434 | 1227 r.t.size = sizeof(n->size); |
| 30435 | 1228 |
| 30436 | 1229 // If we are using a seed, then results must be reproducible on each |
| 30437 | 1230 // call. Otherwise, just get a random number |
| 30438 | 1231 if(seed == NULL) |
| 30439 | 1232 _cpri__GenerateRandom(n->size, r.t.buffer); |
| 30440 | 1233 else |
| 30441 | 1234 { |
| 30442 | 1235 // this this version does not have a deterministic RNG, XOR the |
| 30443 | 1236 // public key and private exponent to get a deterministic value |
| 30444 | 1237 // for testing. |
| 30445 | 1238 int i; |
| 30446 | 1239 |
| 30447 | 1240 // Generate a random-ish number starting with the public modulus |
| 30448 | 1241 // XORed with the MSO of the seed |
| 30449 | 1242 for(i = 0; i < n->size; i++) |
| 30450 | 1243 r.t.buffer[i] = n->buffer[i] ^ seed->buffer[0]; |
| 30451 | 1244 } |
| 30452 | 1245 // Make sure that the number is smaller than the public modulus |
| 30453 | 1246 r.t.buffer[0] &= 0x7F; |
| 30454 | 1247 // Convert |
| 30455 | 1248 if( BN_bin2bn(r.t.buffer, r.t.size, bnP) == NULL |
| 30456 | 1249 // Encrypt with the public exponent |
| 30457 | 1250 || BN_mod_exp(bnQ, bnP, bnE, bnN, context) != 1 |
| 30458 | 1251 // Decrypt with the private exponent |
| 30459 | 1252 || BN_mod_exp(bnQ, bnQ, bnT, bnN, context) != 1) |
| 30460 | 1253 FAIL(FATAL_ERROR_INTERNAL); |
| 30461 | 1254 // If the starting and ending values are not the same, start over )-; |
| 30462 | 1255 if(BN_ucmp(bnP, bnQ) != 0) |
| 30463 | |
| 30464 | Family "2.0" TCG Published Page 439 |
| 30465 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 30466 | Trusted Platform Module Library Part 4: Supporting Routines |
| 30467 | |
| 30468 | 1256 { |
| 30469 | 1257 BN_zero(bnQ); |
| 30470 | 1258 continue; |
| 30471 | 1259 } |
| 30472 | 1260 } |
| 30473 | 1261 retVal = CRYPT_SUCCESS; |
| 30474 | 1262 goto Cleanup; |
| 30475 | 1263 } |
| 30476 | 1264 retVal = CRYPT_FAIL; |
| 30477 | 1265 |
| 30478 | 1266 Cleanup: |
| 30479 | 1267 // Close out the hash sessions |
| 30480 | 1268 _cpri__CompleteHash(&h2, 0, NULL); |
| 30481 | 1269 _cpri__CompleteHash(&h1, 0, NULL); |
| 30482 | 1270 |
| 30483 | 1271 // Free up allocated BN values |
| 30484 | 1272 BN_CTX_end(context); |
| 30485 | 1273 BN_CTX_free(context); |
| 30486 | 1274 if(counter != NULL) |
| 30487 | 1275 *counter = outer; |
| 30488 | 1276 return retVal; |
| 30489 | 1277 } |
| 30490 | 1278 #endif // RSA_KEY_SIEVE |
| 30491 | 1279 #endif // TPM_ALG_RSA |
| 30492 | |
| 30493 | |
| 30494 | B.12.2. Alternative RSA Key Generation |
| 30495 | |
| 30496 | B.12.2.1. Introduction |
| 30497 | |
| 30498 | The files in this clause implement an alternative RSA key generation method that is about an order of |
| 30499 | magnitude faster than the regular method in B.14.1 and is provided simply to speed testing of the test |
| 30500 | functions. The method implemented in this clause uses a sieve rather than choosing prime candidates at |
| 30501 | random and testing for primeness. In this alternative, the sieve filed starting address is chosen at random |
| 30502 | and a sieve operation is performed on the field using small prime values. After sieving, the bits |
| 30503 | representing values that are not divisible by the small primes tested, will be checked in a pseudo-random |
| 30504 | order until a prime is found. |
| 30505 | The size of the sieve field is tunable as is the value indicating the number of primes that should be |
| 30506 | checked. As the size of the prime increases, the density of primes is reduced so the size of the sieve field |
| 30507 | should be increased to improve the probability that the field will contain at least one prime. In addition, as |
| 30508 | the sieve field increases the number of small primes that should be checked increases. Eliminating a |
| 30509 | number from consideration by using division is considerably faster than eliminating the number with a |
| 30510 | Miller-Rabin test. |
| 30511 | |
| 30512 | B.12.2.2. RSAKeySieve.h |
| 30513 | |
| 30514 | This header file is used to for parameterization of the Sieve and RNG used by the RSA module |
| 30515 | |
| 30516 | 1 #ifndef RSA_H |
| 30517 | 2 #define RSA_H |
| 30518 | |
| 30519 | This value is used to set the size of the table that is searched by the prime iterator. This is used during |
| 30520 | the generation of different primes. The smaller tables are used when generating smaller primes. |
| 30521 | |
| 30522 | 3 extern const UINT16 primeTableBytes; |
| 30523 | |
| 30524 | The following define determines how large the prime number difference table will be defined. The value of |
| 30525 | 13 will allocate the maximum size table which allows generation of the first 6542 primes which is all the |
| 30526 | primes less than 2^16. |
| 30527 | |
| 30528 | Page 440 TCG Published Family "2.0" |
| 30529 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 30530 | Part 4: Supporting Routines Trusted Platform Module Library |
| 30531 | |
| 30532 | 4 #define PRIME_DIFF_TABLE_512_BYTE_PAGES 13 |
| 30533 | |
| 30534 | This set of macros used the value above to set the table size. |
| 30535 | |
| 30536 | 5 #ifndef PRIME_DIFF_TABLE_512_BYTE_PAGES |
| 30537 | 6 # define PRIME_DIFF_TABLE_512_BYTE_PAGES 4 |
| 30538 | 7 #endif |
| 30539 | 8 #ifdef PRIME_DIFF_TABLE_512_BYTE_PAGES |
| 30540 | 9 # if PRIME_DIFF_TABLE_512_BYTE_PAGES > 12 |
| 30541 | 10 # define PRIME_DIFF_TABLE_BYTES 6542 |
| 30542 | 11 # else |
| 30543 | 12 # if PRIME_DIFF_TABLE_512_BYTE_PAGES <= 0 |
| 30544 | 13 # define PRIME_DIFF_TABLE_BYTES 512 |
| 30545 | 14 # else |
| 30546 | 15 # define PRIME_DIFF_TABLE_BYTES (PRIME_DIFF_TABLE_512_BYTE_PAGES * 512) |
| 30547 | 16 # endif |
| 30548 | 17 # endif |
| 30549 | 18 #endif |
| 30550 | 19 extern const BYTE primeDiffTable [PRIME_DIFF_TABLE_BYTES]; |
| 30551 | |
| 30552 | This determines the number of bits in the sieve field This must be a power of two. |
| 30553 | |
| 30554 | 20 #define FIELD_POWER 14 // This is the only value in this group that should be |
| 30555 | 21 // changed |
| 30556 | 22 #define FIELD_BITS (1 << FIELD_POWER) |
| 30557 | 23 #define MAX_FIELD_SIZE ((FIELD_BITS / 8) + 1) |
| 30558 | |
| 30559 | This is the pre-sieved table. It already has the bits for multiples of 3, 5, and 7 cleared. |
| 30560 | |
| 30561 | 24 #define SEED_VALUES_SIZE 105 |
| 30562 | 25 const extern BYTE seedValues[SEED_VALUES_SIZE]; |
| 30563 | |
| 30564 | This allows determination of the number of bits that are set in a byte without having to count them |
| 30565 | individually. |
| 30566 | |
| 30567 | 26 const extern BYTE bitsInByte[256]; |
| 30568 | |
| 30569 | This is the iterator structure for accessing the compressed prime number table. The expectation is that |
| 30570 | values will need to be accesses sequentially. This tries to save some data access. |
| 30571 | |
| 30572 | 27 typedef struct { |
| 30573 | 28 UINT32 lastPrime; |
| 30574 | 29 UINT32 index; |
| 30575 | 30 UINT32 final; |
| 30576 | 31 } PRIME_ITERATOR; |
| 30577 | 32 #ifdef RSA_INSTRUMENT |
| 30578 | 33 # define INSTRUMENT_SET(a, b) ((a) = (b)) |
| 30579 | 34 # define INSTRUMENT_ADD(a, b) (a) = (a) + (b) |
| 30580 | 35 # define INSTRUMENT_INC(a) (a) = (a) + 1 |
| 30581 | 36 extern UINT32 failedAtIteration[10]; |
| 30582 | 37 extern UINT32 MillerRabinTrials; |
| 30583 | 38 extern UINT32 totalFieldsSieved; |
| 30584 | 39 extern UINT32 emptyFieldsSieved; |
| 30585 | 40 extern UINT32 noPrimeFields; |
| 30586 | 41 extern UINT32 primesChecked; |
| 30587 | 42 extern UINT16 lastSievePrime; |
| 30588 | 43 #else |
| 30589 | 44 # define INSTRUMENT_SET(a, b) |
| 30590 | 45 # define INSTRUMENT_ADD(a, b) |
| 30591 | 46 # define INSTRUMENT_INC(a) |
| 30592 | 47 #endif |
| 30593 | 48 #ifdef RSA_DEBUG |
| 30594 | 49 extern UINT16 defaultFieldSize; |
| 30595 | |
| 30596 | Family "2.0" TCG Published Page 441 |
| 30597 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 30598 | Trusted Platform Module Library Part 4: Supporting Routines |
| 30599 | |
| 30600 | 50 #define NUM_PRIMES 2047 |
| 30601 | 51 extern const __int16 primes[NUM_PRIMES]; |
| 30602 | 52 #else |
| 30603 | 53 #define defaultFieldSize MAX_FIELD_SIZE |
| 30604 | 54 #endif |
| 30605 | 55 #endif |
| 30606 | |
| 30607 | |
| 30608 | |
| 30609 | |
| 30610 | Page 442 TCG Published Family "2.0" |
| 30611 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 30612 | Part 4: Supporting Routines Trusted Platform Module Library |
| 30613 | |
| 30614 | |
| 30615 | B.12.2.3. RSAKeySieve.c |
| 30616 | |
| 30617 | B.12.2.3.1. Includes and defines |
| 30618 | |
| 30619 | 1 #include "OsslCryptoEngine.h" |
| 30620 | 2 #ifdef TPM_ALG_RSA |
| 30621 | |
| 30622 | This file produces no code unless the compile switch is set to cause it to generate code. |
| 30623 | |
| 30624 | 3 #ifdef RSA_KEY_SIEVE //% |
| 30625 | 4 #include "RsaKeySieve.h" |
| 30626 | |
| 30627 | This next line will show up in the header file for this code. It will make the local functions public when |
| 30628 | debugging. |
| 30629 | |
| 30630 | 5 //%#ifdef RSA_DEBUG |
| 30631 | |
| 30632 | |
| 30633 | B.12.2.3.2. Bit Manipulation Functions |
| 30634 | |
| 30635 | B.12.2.3.2.1. Introduction |
| 30636 | |
| 30637 | These functions operate on a bit array. A bit array is an array of bytes with the 0th byte being the byte |
| 30638 | with the lowest memory address. Within the byte, bit 0 is the least significant bit. |
| 30639 | |
| 30640 | B.12.2.3.2.2. ClearBit() |
| 30641 | |
| 30642 | This function will CLEAR a bit in a bit array. |
| 30643 | |
| 30644 | 6 void |
| 30645 | 7 ClearBit( |
| 30646 | 8 unsigned char *a, // IN: A pointer to an array of byte |
| 30647 | 9 int i // IN: the number of the bit to CLEAR |
| 30648 | 10 ) |
| 30649 | 11 { |
| 30650 | 12 a[i >> 3] &= 0xff ^ (1 << (i & 7)); |
| 30651 | 13 } |
| 30652 | |
| 30653 | |
| 30654 | B.12.2.3.2.3. SetBit() |
| 30655 | |
| 30656 | Function to SET a bit in a bit array. |
| 30657 | |
| 30658 | 14 void |
| 30659 | 15 SetBit( |
| 30660 | 16 unsigned char *a, // IN: A pointer to an array of byte |
| 30661 | 17 int i // IN: the number of the bit to SET |
| 30662 | 18 ) |
| 30663 | 19 { |
| 30664 | 20 a[i >> 3] |= (1 << (i & 7)); |
| 30665 | 21 } |
| 30666 | |
| 30667 | |
| 30668 | B.12.2.3.2.4. IsBitSet() |
| 30669 | |
| 30670 | Function to test if a bit in a bit array is SET. |
| 30671 | |
| 30672 | |
| 30673 | |
| 30674 | |
| 30675 | Family "2.0" TCG Published Page 443 |
| 30676 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 30677 | Trusted Platform Module Library Part 4: Supporting Routines |
| 30678 | |
| 30679 | |
| 30680 | Return Value Meaning |
| 30681 | |
| 30682 | 0 bit is CLEAR |
| 30683 | 1 bit is SET |
| 30684 | |
| 30685 | 22 UINT32 |
| 30686 | 23 IsBitSet( |
| 30687 | 24 unsigned char *a, // IN: A pointer to an array of byte |
| 30688 | 25 int i // IN: the number of the bit to test |
| 30689 | 26 ) |
| 30690 | 27 { |
| 30691 | 28 return ((a[i >> 3] & (1 << (i & 7))) != 0); |
| 30692 | 29 } |
| 30693 | |
| 30694 | |
| 30695 | B.12.2.3.2.5. BitsInArry() |
| 30696 | |
| 30697 | This function counts the number of bits set in an array of bytes. |
| 30698 | |
| 30699 | 30 int |
| 30700 | 31 BitsInArray( |
| 30701 | 32 unsigned char *a, // IN: A pointer to an array of byte |
| 30702 | 33 int i // IN: the number of bytes to sum |
| 30703 | 34 ) |
| 30704 | 35 { |
| 30705 | 36 int j = 0; |
| 30706 | 37 for(; i ; i--) |
| 30707 | 38 j += bitsInByte[*a++]; |
| 30708 | 39 return j; |
| 30709 | 40 } |
| 30710 | |
| 30711 | |
| 30712 | B.12.2.3.2.6. FindNthSetBit() |
| 30713 | |
| 30714 | This function finds the nth SET bit in a bit array. The caller should check that the offset of the returned |
| 30715 | value is not out of range. If called when the array does not have n bits set, it will return a fatal error |
| 30716 | |
| 30717 | 41 UINT32 |
| 30718 | 42 FindNthSetBit( |
| 30719 | 43 const UINT16 aSize, // IN: the size of the array to check |
| 30720 | 44 const BYTE *a, // IN: the array to check |
| 30721 | 45 const UINT32 n // IN, the number of the SET bit |
| 30722 | 46 ) |
| 30723 | 47 { |
| 30724 | 48 UINT32 i; |
| 30725 | 49 const BYTE *pA = a; |
| 30726 | 50 UINT32 retValue; |
| 30727 | 51 BYTE sel; |
| 30728 | 52 |
| 30729 | 53 (aSize); |
| 30730 | 54 |
| 30731 | 55 //find the bit |
| 30732 | 56 for(i = 0; i < n; i += bitsInByte[*pA++]); |
| 30733 | 57 |
| 30734 | 58 // The chosen bit is in the byte that was just accessed |
| 30735 | 59 // Compute the offset to the start of that byte |
| 30736 | 60 pA--; |
| 30737 | 61 retValue = (UINT32)(pA - a) * 8; |
| 30738 | 62 |
| 30739 | 63 // Subtract the bits in the last byte added. |
| 30740 | 64 i -= bitsInByte[*pA]; |
| 30741 | 65 |
| 30742 | 66 // Now process the byte, one bit at a time. |
| 30743 | |
| 30744 | Page 444 TCG Published Family "2.0" |
| 30745 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 30746 | Part 4: Supporting Routines Trusted Platform Module Library |
| 30747 | |
| 30748 | 67 for(sel = *pA; sel != 0 ; sel = sel >> 1) |
| 30749 | 68 { |
| 30750 | 69 if(sel & 1) |
| 30751 | 70 { |
| 30752 | 71 i += 1; |
| 30753 | 72 if(i == n) |
| 30754 | 73 return retValue; |
| 30755 | 74 } |
| 30756 | 75 retValue += 1; |
| 30757 | 76 } |
| 30758 | 77 FAIL(FATAL_ERROR_INTERNAL); |
| 30759 | 78 } |
| 30760 | |
| 30761 | |
| 30762 | B.12.2.3.3. Miscellaneous Functions |
| 30763 | |
| 30764 | B.12.2.3.3.1. RandomForRsa() |
| 30765 | |
| 30766 | This function uses a special form of KDFa() to produces a pseudo random sequence. It's input is a |
| 30767 | structure that contains pointers to a pre-computed set of hash contexts that are set up for the HMAC |
| 30768 | computations using the seed. |
| 30769 | This function will test that ktx.outer will not wrap to zero if incremented. If so, the function returns FALSE. |
| 30770 | Otherwise, the ktx.outer is incremented before each number is generated. |
| 30771 | |
| 30772 | 79 void |
| 30773 | 80 RandomForRsa( |
| 30774 | 81 KDFa_CONTEXT *ktx, // IN: a context for the KDF |
| 30775 | 82 const char *label, // IN: a use qualifying label |
| 30776 | 83 TPM2B *p // OUT: the pseudo random result |
| 30777 | 84 ) |
| 30778 | 85 { |
| 30779 | 86 INT16 i; |
| 30780 | 87 UINT32 inner; |
| 30781 | 88 BYTE swapped[4]; |
| 30782 | 89 UINT16 fill; |
| 30783 | 90 BYTE *pb; |
| 30784 | 91 UINT16 lLen = 0; |
| 30785 | 92 UINT16 digestSize = _cpri__GetDigestSize(ktx->hashAlg); |
| 30786 | 93 CPRI_HASH_STATE h; // the working hash context |
| 30787 | 94 |
| 30788 | 95 if(label != NULL) |
| 30789 | 96 for(lLen = 0; label[lLen++];); |
| 30790 | 97 fill = digestSize; |
| 30791 | 98 pb = p->buffer; |
| 30792 | 99 inner = 0; |
| 30793 | 100 *(ktx->outer) += 1; |
| 30794 | 101 for(i = p->size; i > 0; i -= digestSize) |
| 30795 | 102 { |
| 30796 | 103 inner++; |
| 30797 | 104 |
| 30798 | 105 // Initialize the HMAC with saved state |
| 30799 | 106 _cpri__CopyHashState(&h, &(ktx->iPadCtx)); |
| 30800 | 107 |
| 30801 | 108 // Hash the inner counter (the one that changes on each HMAC iteration) |
| 30802 | 109 UINT32_TO_BYTE_ARRAY(inner, swapped); |
| 30803 | 110 _cpri__UpdateHash(&h, 4, swapped); |
| 30804 | 111 if(lLen != 0) |
| 30805 | 112 _cpri__UpdateHash(&h, lLen, (BYTE *)label); |
| 30806 | 113 |
| 30807 | 114 // Is there any party 1 data |
| 30808 | 115 if(ktx->extra != NULL) |
| 30809 | 116 _cpri__UpdateHash(&h, ktx->extra->size, ktx->extra->buffer); |
| 30810 | 117 |
| 30811 | |
| 30812 | Family "2.0" TCG Published Page 445 |
| 30813 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 30814 | Trusted Platform Module Library Part 4: Supporting Routines |
| 30815 | |
| 30816 | 118 // Include the outer counter (the one that changes on each prime |
| 30817 | 119 // prime candidate generation |
| 30818 | 120 UINT32_TO_BYTE_ARRAY(*(ktx->outer), swapped); |
| 30819 | 121 _cpri__UpdateHash(&h, 4, swapped); |
| 30820 | 122 _cpri__UpdateHash(&h, 2, (BYTE *)&ktx->keySizeInBits); |
| 30821 | 123 if(i < fill) |
| 30822 | 124 fill = i; |
| 30823 | 125 _cpri__CompleteHash(&h, fill, pb); |
| 30824 | 126 |
| 30825 | 127 // Restart the oPad hash |
| 30826 | 128 _cpri__CopyHashState(&h, &(ktx->oPadCtx)); |
| 30827 | 129 |
| 30828 | 130 // Add the last hashed data |
| 30829 | 131 _cpri__UpdateHash(&h, fill, pb); |
| 30830 | 132 |
| 30831 | 133 // gives a completed HMAC |
| 30832 | 134 _cpri__CompleteHash(&h, fill, pb); |
| 30833 | 135 pb += fill; |
| 30834 | 136 } |
| 30835 | 137 return; |
| 30836 | 138 } |
| 30837 | |
| 30838 | |
| 30839 | B.12.2.3.3.2. MillerRabinRounds() |
| 30840 | |
| 30841 | Function returns the number of Miller-Rabin rounds necessary to give an error probability equal to the |
| 30842 | security strength of the prime. These values are from FIPS 186-3. |
| 30843 | |
| 30844 | 139 UINT32 |
| 30845 | 140 MillerRabinRounds( |
| 30846 | 141 UINT32 bits // IN: Number of bits in the RSA prime |
| 30847 | 142 ) |
| 30848 | 143 { |
| 30849 | 144 if(bits < 511) return 8; // don't really expect this |
| 30850 | 145 if(bits < 1536) return 5; // for 512 and 1K primes |
| 30851 | 146 return 4; // for 3K public modulus and greater |
| 30852 | 147 } |
| 30853 | |
| 30854 | |
| 30855 | B.12.2.3.3.3. MillerRabin() |
| 30856 | |
| 30857 | This function performs a Miller-Rabin test from FIPS 186-3. It does iterations trials on the number. I all |
| 30858 | likelihood, if the number is not prime, the first test fails. |
| 30859 | If a KDFa(), PRNG context is provide (ktx), then it is used to provide the random values. Otherwise, the |
| 30860 | random numbers are retrieved from the random number generator. |
| 30861 | |
| 30862 | Return Value Meaning |
| 30863 | |
| 30864 | TRUE probably prime |
| 30865 | FALSE composite |
| 30866 | |
| 30867 | 148 BOOL |
| 30868 | 149 MillerRabin( |
| 30869 | 150 BIGNUM *bnW, |
| 30870 | 151 int iterations, |
| 30871 | 152 KDFa_CONTEXT *ktx, |
| 30872 | 153 BN_CTX *context |
| 30873 | 154 ) |
| 30874 | 155 { |
| 30875 | 156 BIGNUM *bnWm1; |
| 30876 | 157 BIGNUM *bnM; |
| 30877 | 158 BIGNUM *bnB; |
| 30878 | 159 BIGNUM *bnZ; |
| 30879 | |
| 30880 | Page 446 TCG Published Family "2.0" |
| 30881 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 30882 | Part 4: Supporting Routines Trusted Platform Module Library |
| 30883 | |
| 30884 | 160 BOOL ret = FALSE; // Assumed composite for easy exit |
| 30885 | 161 TPM2B_TYPE(MAX_PRIME, MAX_RSA_KEY_BYTES/2); |
| 30886 | 162 TPM2B_MAX_PRIME b; |
| 30887 | 163 int a; |
| 30888 | 164 int j; |
| 30889 | 165 int wLen; |
| 30890 | 166 int i; |
| 30891 | 167 |
| 30892 | 168 pAssert(BN_is_bit_set(bnW, 0)); |
| 30893 | 169 INSTRUMENT_INC(MillerRabinTrials); // Instrumentation |
| 30894 | 170 |
| 30895 | 171 BN_CTX_start(context); |
| 30896 | 172 bnWm1 = BN_CTX_get(context); |
| 30897 | 173 bnB = BN_CTX_get(context); |
| 30898 | 174 bnZ = BN_CTX_get(context); |
| 30899 | 175 bnM = BN_CTX_get(context); |
| 30900 | 176 if(bnM == NULL) |
| 30901 | 177 FAIL(FATAL_ERROR_ALLOCATION); |
| 30902 | 178 |
| 30903 | 179 // Let a be the largest integer such that 2^a divides w1. |
| 30904 | 180 BN_copy(bnWm1, bnW); |
| 30905 | 181 BN_sub_word(bnWm1, 1); |
| 30906 | 182 // Since w is odd (w-1) is even so start at bit number 1 rather than 0 |
| 30907 | 183 for(a = 1; !BN_is_bit_set(bnWm1, a); a++); |
| 30908 | 184 |
| 30909 | 185 // 2. m = (w1) / 2^a |
| 30910 | 186 BN_rshift(bnM, bnWm1, a); |
| 30911 | 187 |
| 30912 | 188 // 3. wlen = len (w). |
| 30913 | 189 wLen = BN_num_bits(bnW); |
| 30914 | 190 pAssert((wLen & 7) == 0); |
| 30915 | 191 |
| 30916 | 192 // Set the size for the random number |
| 30917 | 193 b.b.size = (UINT16)(wLen + 7)/8; |
| 30918 | 194 |
| 30919 | 195 // 4. For i = 1 to iterations do |
| 30920 | 196 for(i = 0; i < iterations ; i++) |
| 30921 | 197 { |
| 30922 | 198 |
| 30923 | 199 // 4.1 Obtain a string b of wlen bits from an RBG. |
| 30924 | 200 step4point1: |
| 30925 | 201 // In the reference implementation, wLen is always a multiple of 8 |
| 30926 | 202 if(ktx != NULL) |
| 30927 | 203 RandomForRsa(ktx, "Miller-Rabin witness", &b.b); |
| 30928 | 204 else |
| 30929 | 205 _cpri__GenerateRandom(b.t.size, b.t.buffer); |
| 30930 | 206 |
| 30931 | 207 if(BN_bin2bn(b.t.buffer, b.t.size, bnB) == NULL) |
| 30932 | 208 FAIL(FATAL_ERROR_ALLOCATION); |
| 30933 | 209 |
| 30934 | 210 // 4.2 If ((b 1) or (b w1)), then go to step 4.1. |
| 30935 | 211 if(BN_is_zero(bnB)) |
| 30936 | 212 goto step4point1; |
| 30937 | 213 if(BN_is_one(bnB)) |
| 30938 | 214 goto step4point1; |
| 30939 | 215 if(BN_ucmp(bnB, bnWm1) >= 0) |
| 30940 | 216 goto step4point1; |
| 30941 | 217 |
| 30942 | 218 // 4.3 z = b^m mod w. |
| 30943 | 219 if(BN_mod_exp(bnZ, bnB, bnM, bnW, context) != 1) |
| 30944 | 220 FAIL(FATAL_ERROR_ALLOCATION); |
| 30945 | 221 |
| 30946 | 222 // 4.4 If ((z = 1) or (z = w 1)), then go to step 4.7. |
| 30947 | 223 if(BN_is_one(bnZ) || BN_ucmp(bnZ, bnWm1) == 0) |
| 30948 | 224 goto step4point7; |
| 30949 | 225 |
| 30950 | |
| 30951 | Family "2.0" TCG Published Page 447 |
| 30952 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 30953 | Trusted Platform Module Library Part 4: Supporting Routines |
| 30954 | |
| 30955 | 226 // 4.5 For j = 1 to a 1 do. |
| 30956 | 227 for(j = 1; j < a; j++) |
| 30957 | 228 { |
| 30958 | 229 // 4.5.1 z = z^2 mod w. |
| 30959 | 230 if(BN_mod_mul(bnZ, bnZ, bnZ, bnW, context) != 1) |
| 30960 | 231 FAIL(FATAL_ERROR_ALLOCATION); |
| 30961 | 232 |
| 30962 | 233 // 4.5.2 If (z = w1), then go to step 4.7. |
| 30963 | 234 if(BN_ucmp(bnZ, bnWm1) == 0) |
| 30964 | 235 goto step4point7; |
| 30965 | 236 |
| 30966 | 237 // 4.5.3 If (z = 1), then go to step 4.6. |
| 30967 | 238 if(BN_is_one(bnZ)) |
| 30968 | 239 goto step4point6; |
| 30969 | 240 } |
| 30970 | 241 // 4.6 Return COMPOSITE. |
| 30971 | 242 step4point6: |
| 30972 | 243 if(i > 9) |
| 30973 | 244 INSTRUMENT_INC(failedAtIteration[9]); |
| 30974 | 245 else |
| 30975 | 246 INSTRUMENT_INC(failedAtIteration[i]); |
| 30976 | 247 goto end; |
| 30977 | 248 |
| 30978 | 249 // 4.7 Continue. Comment: Increment i for the do-loop in step 4. |
| 30979 | 250 step4point7: |
| 30980 | 251 continue; |
| 30981 | 252 } |
| 30982 | 253 // 5. Return PROBABLY PRIME |
| 30983 | 254 ret = TRUE; |
| 30984 | 255 |
| 30985 | 256 end: |
| 30986 | 257 BN_CTX_end(context); |
| 30987 | 258 return ret; |
| 30988 | 259 } |
| 30989 | |
| 30990 | |
| 30991 | B.12.2.3.3.4. NextPrime() |
| 30992 | |
| 30993 | This function is used to access the next prime number in the sequence of primes. It requires a pre- |
| 30994 | initialized iterator. |
| 30995 | |
| 30996 | 260 UINT32 |
| 30997 | 261 NextPrime( |
| 30998 | 262 PRIME_ITERATOR *iter |
| 30999 | 263 ) |
| 31000 | 264 { |
| 31001 | 265 if(iter->index >= iter->final) |
| 31002 | 266 return (iter->lastPrime = 0); |
| 31003 | 267 return (iter->lastPrime += primeDiffTable[iter->index++]); |
| 31004 | 268 } |
| 31005 | |
| 31006 | |
| 31007 | B.12.2.3.3.5. AdjustNumberOfPrimes() |
| 31008 | |
| 31009 | Modifies the input parameter to be a valid value for the number of primes. The adjusted value is either the |
| 31010 | input value rounded up to the next 512 bytes boundary or the maximum value of the implementation. If |
| 31011 | the input is 0, the return is set to the maximum. |
| 31012 | |
| 31013 | 269 UINT32 |
| 31014 | 270 AdjustNumberOfPrimes( |
| 31015 | 271 UINT32 p |
| 31016 | 272 ) |
| 31017 | 273 { |
| 31018 | 274 p = ((p + 511) / 512) * 512; |
| 31019 | |
| 31020 | |
| 31021 | Page 448 TCG Published Family "2.0" |
| 31022 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 31023 | Part 4: Supporting Routines Trusted Platform Module Library |
| 31024 | |
| 31025 | 275 if(p == 0 || p > PRIME_DIFF_TABLE_BYTES) |
| 31026 | 276 p = PRIME_DIFF_TABLE_BYTES; |
| 31027 | 277 return p; |
| 31028 | 278 } |
| 31029 | |
| 31030 | |
| 31031 | B.12.2.3.3.6. PrimeInit() |
| 31032 | |
| 31033 | This function is used to initialize the prime sequence generator iterator. The iterator is initialized and |
| 31034 | returns the first prime that is equal to the requested starting value. If the starting value is no a prime, then |
| 31035 | the iterator is initialized to the next higher prime number. |
| 31036 | |
| 31037 | 279 UINT32 |
| 31038 | 280 PrimeInit( |
| 31039 | 281 UINT32 first, // IN: the initial prime |
| 31040 | 282 PRIME_ITERATOR *iter, // IN/OUT: the iterator structure |
| 31041 | 283 UINT32 primes // IN: the table length |
| 31042 | 284 ) |
| 31043 | 285 { |
| 31044 | 286 |
| 31045 | 287 iter->lastPrime = 1; |
| 31046 | 288 iter->index = 0; |
| 31047 | 289 iter->final = AdjustNumberOfPrimes(primes); |
| 31048 | 290 while(iter->lastPrime < first) |
| 31049 | 291 NextPrime(iter); |
| 31050 | 292 return iter->lastPrime; |
| 31051 | 293 } |
| 31052 | |
| 31053 | |
| 31054 | B.12.2.3.3.7. SetDefaultNumberOfPrimes() |
| 31055 | |
| 31056 | This macro sets the default number of primes to the indicated value. |
| 31057 | |
| 31058 | 294 //%#define SetDefaultNumberOfPrimes(p) (primeTableBytes = AdjustNumberOfPrimes(p)) |
| 31059 | |
| 31060 | |
| 31061 | B.12.2.3.3.8. IsPrimeWord() |
| 31062 | |
| 31063 | Checks to see if a UINT32 is prime |
| 31064 | |
| 31065 | Return Value Meaning |
| 31066 | |
| 31067 | TRUE number is prime |
| 31068 | FAIL number is not prime |
| 31069 | |
| 31070 | 295 BOOL |
| 31071 | 296 IsPrimeWord( |
| 31072 | 297 UINT32 p // IN: number to test |
| 31073 | 298 ) |
| 31074 | 299 { |
| 31075 | 300 #if defined RSA_KEY_SIEVE && (PRIME_DIFF_TABLE_BYTES >= 6542) |
| 31076 | 301 |
| 31077 | 302 UINT32 test; |
| 31078 | 303 UINT32 index; |
| 31079 | 304 UINT32 stop; |
| 31080 | 305 |
| 31081 | 306 if((p & 1) == 0) |
| 31082 | 307 return FALSE; |
| 31083 | 308 if(p == 1 || p == 3) |
| 31084 | 309 return TRUE; |
| 31085 | 310 |
| 31086 | 311 // Get a high value for the stopping point |
| 31087 | 312 for(index = p, stop = 0; index; index >>= 2) |
| 31088 | |
| 31089 | Family "2.0" TCG Published Page 449 |
| 31090 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 31091 | Trusted Platform Module Library Part 4: Supporting Routines |
| 31092 | |
| 31093 | 313 stop = (stop << 1) + 1; |
| 31094 | 314 stop++; |
| 31095 | 315 |
| 31096 | 316 // If the full prime difference value table is present, can check here |
| 31097 | 317 |
| 31098 | 318 test = 3; |
| 31099 | 319 for(index = 1; index < PRIME_DIFF_TABLE_BYTES; index += 1) |
| 31100 | 320 { |
| 31101 | 321 if((p % test) == 0) |
| 31102 | 322 return (p == test); |
| 31103 | 323 if(test > stop) |
| 31104 | 324 return TRUE; |
| 31105 | 325 test += primeDiffTable[index]; |
| 31106 | 326 } |
| 31107 | 327 return TRUE; |
| 31108 | 328 |
| 31109 | 329 #else |
| 31110 | 330 |
| 31111 | 331 BYTE b[4]; |
| 31112 | 332 if(p == RSA_DEFAULT_PUBLIC_EXPONENT || p == 1 || p == 3 ) |
| 31113 | 333 return TRUE; |
| 31114 | 334 if((p & 1) == 0) |
| 31115 | 335 return FALSE; |
| 31116 | 336 UINT32_TO_BYTE_ARRAY(p,b); |
| 31117 | 337 return _math__IsPrime(p); |
| 31118 | 338 #endif |
| 31119 | 339 } |
| 31120 | 340 typedef struct { |
| 31121 | 341 UINT16 prime; |
| 31122 | 342 UINT16 count; |
| 31123 | 343 } SIEVE_MARKS; |
| 31124 | 344 const SIEVE_MARKS sieveMarks[5] = { |
| 31125 | 345 {31, 7}, {73, 5}, {241, 4}, {1621, 3}, {UINT16_MAX, 2}}; |
| 31126 | |
| 31127 | |
| 31128 | B.12.2.3.3.9. PrimeSieve() |
| 31129 | |
| 31130 | This function does a prime sieve over the input field which has as its starting address the value in bnN. |
| 31131 | Since this initializes the Sieve using a pre-computed field with the bits associated with 3, 5 and 7 already |
| 31132 | turned off, the value of pnN may need to be adjusted by a few counts to allow the pre-computed field to |
| 31133 | be used without modification. The fieldSize parameter must be 2^N + 1 and is probably not useful if it is |
| 31134 | less than 129 bytes (1024 bits). |
| 31135 | |
| 31136 | 346 UINT32 |
| 31137 | 347 PrimeSieve( |
| 31138 | 348 BIGNUM *bnN, // IN/OUT: number to sieve |
| 31139 | 349 UINT32 fieldSize, // IN: size of the field area in bytes |
| 31140 | 350 BYTE *field, // IN: field |
| 31141 | 351 UINT32 primes // IN: the number of primes to use |
| 31142 | 352 ) |
| 31143 | 353 { |
| 31144 | 354 UINT32 i; |
| 31145 | 355 UINT32 j; |
| 31146 | 356 UINT32 fieldBits = fieldSize * 8; |
| 31147 | 357 UINT32 r; |
| 31148 | 358 const BYTE *p1; |
| 31149 | 359 BYTE *p2; |
| 31150 | 360 PRIME_ITERATOR iter; |
| 31151 | 361 UINT32 adjust; |
| 31152 | 362 UINT32 mark = 0; |
| 31153 | 363 UINT32 count = sieveMarks[0].count; |
| 31154 | 364 UINT32 stop = sieveMarks[0].prime; |
| 31155 | 365 UINT32 composite; |
| 31156 | 366 |
| 31157 | 367 // UINT64 test; //DEBUG |
| 31158 | |
| 31159 | Page 450 TCG Published Family "2.0" |
| 31160 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 31161 | Part 4: Supporting Routines Trusted Platform Module Library |
| 31162 | |
| 31163 | 368 |
| 31164 | 369 pAssert(field != NULL && bnN != NULL); |
| 31165 | 370 // Need to have a field that has a size of 2^n + 1 bytes |
| 31166 | 371 pAssert(BitsInArray((BYTE *)&fieldSize, 2) == 2); |
| 31167 | 372 |
| 31168 | 373 primes = AdjustNumberOfPrimes(primes); |
| 31169 | 374 |
| 31170 | 375 // If the remainder is odd, then subtracting the value |
| 31171 | 376 // will give an even number, but we want an odd number, |
| 31172 | 377 // so subtract the 105+rem. Otherwise, just subtract |
| 31173 | 378 // the even remainder. |
| 31174 | 379 adjust = BN_mod_word(bnN,105); |
| 31175 | 380 if(adjust & 1) |
| 31176 | 381 adjust += 105; |
| 31177 | 382 |
| 31178 | 383 // seed the field |
| 31179 | 384 // This starts the pointer at the nearest byte to the input value |
| 31180 | 385 p1 = &seedValues[adjust/16]; |
| 31181 | 386 |
| 31182 | 387 // Reduce the number of bytes to transfer by the amount skipped |
| 31183 | 388 j = sizeof(seedValues) - adjust/16; |
| 31184 | 389 adjust = adjust % 16; |
| 31185 | 390 BN_sub_word(bnN, adjust); |
| 31186 | 391 adjust >>= 1; |
| 31187 | 392 |
| 31188 | 393 // This offsets the field |
| 31189 | 394 p2 = field; |
| 31190 | 395 for(i = fieldSize; i > 0; i--) |
| 31191 | 396 { |
| 31192 | 397 *p2++ = *p1++; |
| 31193 | 398 if(--j == 0) |
| 31194 | 399 { |
| 31195 | 400 j = sizeof(seedValues); |
| 31196 | 401 p1 = seedValues; |
| 31197 | 402 } |
| 31198 | 403 } |
| 31199 | 404 // Mask the first bits in the field and the last byte in order to eliminate |
| 31200 | 405 // bytes not in the field from consideration. |
| 31201 | 406 field[0] &= 0xff << adjust; |
| 31202 | 407 field[fieldSize-1] &= 0xff >> (8 - adjust); |
| 31203 | 408 |
| 31204 | 409 // Cycle through the primes, clearing bits |
| 31205 | 410 // Have already done 3, 5, and 7 |
| 31206 | 411 PrimeInit(7, &iter, primes); |
| 31207 | 412 |
| 31208 | 413 // Get the next N primes where N is determined by the mark in the sieveMarks |
| 31209 | 414 while((composite = NextPrime(&iter)) != 0) |
| 31210 | 415 { |
| 31211 | 416 UINT32 pList[8]; |
| 31212 | 417 UINT32 next = 0; |
| 31213 | 418 i = count; |
| 31214 | 419 pList[i--] = composite; |
| 31215 | 420 for(; i > 0; i--) |
| 31216 | 421 { |
| 31217 | 422 next = NextPrime(&iter); |
| 31218 | 423 pList[i] = next; |
| 31219 | 424 if(next != 0) |
| 31220 | 425 composite *= next; |
| 31221 | 426 } |
| 31222 | 427 composite = BN_mod_word(bnN, composite); |
| 31223 | 428 for(i = count; i > 0; i--) |
| 31224 | 429 { |
| 31225 | 430 next = pList[i]; |
| 31226 | 431 if(next == 0) |
| 31227 | 432 goto done; |
| 31228 | 433 r = composite % next; |
| 31229 | |
| 31230 | Family "2.0" TCG Published Page 451 |
| 31231 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 31232 | Trusted Platform Module Library Part 4: Supporting Routines |
| 31233 | |
| 31234 | 434 if(r & 1) j = (next - r)/2; |
| 31235 | 435 else if(r == 0) j = 0; |
| 31236 | 436 else j = next - r/2; |
| 31237 | 437 for(; j < fieldBits; j += next) |
| 31238 | 438 ClearBit(field, j); |
| 31239 | 439 } |
| 31240 | 440 if(next >= stop) |
| 31241 | 441 { |
| 31242 | 442 mark++; |
| 31243 | 443 count = sieveMarks[mark].count; |
| 31244 | 444 stop = sieveMarks[mark].prime; |
| 31245 | 445 } |
| 31246 | 446 } |
| 31247 | 447 done: |
| 31248 | 448 INSTRUMENT_INC(totalFieldsSieved); |
| 31249 | 449 i = BitsInArray(field, fieldSize); |
| 31250 | 450 if(i == 0) INSTRUMENT_INC(emptyFieldsSieved); |
| 31251 | 451 return i; |
| 31252 | 452 } |
| 31253 | |
| 31254 | |
| 31255 | B.12.2.3.3.10. PrimeSelectWithSieve() |
| 31256 | |
| 31257 | This function will sieve the field around the input prime candidate. If the sieve field is not empty, one of |
| 31258 | the one bits in the field is chosen for testing with Miller-Rabin. If the value is prime, pnP is updated with |
| 31259 | this value and the function returns success. If this value is not prime, another pseudo-random candidate |
| 31260 | is chosen and tested. This process repeats until all values in the field have been checked. If all bits in the |
| 31261 | field have been checked and none is prime, the function returns FALSE and a new random value needs |
| 31262 | to be chosen. |
| 31263 | |
| 31264 | 453 BOOL |
| 31265 | 454 PrimeSelectWithSieve( |
| 31266 | 455 BIGNUM *bnP, // IN/OUT: The candidate to filter |
| 31267 | 456 KDFa_CONTEXT *ktx, // IN: KDFa iterator structure |
| 31268 | 457 UINT32 e, // IN: the exponent |
| 31269 | 458 BN_CTX *context // IN: the big number context to play in |
| 31270 | 459 #ifdef RSA_DEBUG //% |
| 31271 | 460 ,UINT16 fieldSize, // IN: number of bytes in the field, as |
| 31272 | 461 // determined by the caller |
| 31273 | 462 UINT16 primes // IN: number of primes to use. |
| 31274 | 463 #endif //% |
| 31275 | 464 ) |
| 31276 | 465 { |
| 31277 | 466 BYTE field[MAX_FIELD_SIZE]; |
| 31278 | 467 UINT32 first; |
| 31279 | 468 UINT32 ones; |
| 31280 | 469 INT32 chosen; |
| 31281 | 470 UINT32 rounds = MillerRabinRounds(BN_num_bits(bnP)); |
| 31282 | 471 #ifndef RSA_DEBUG |
| 31283 | 472 UINT32 primes; |
| 31284 | 473 UINT32 fieldSize; |
| 31285 | 474 // Adjust the field size and prime table list to fit the size of the prime |
| 31286 | 475 // being tested. |
| 31287 | 476 primes = BN_num_bits(bnP); |
| 31288 | 477 if(primes <= 512) |
| 31289 | 478 { |
| 31290 | 479 primes = AdjustNumberOfPrimes(2048); |
| 31291 | 480 fieldSize = 65; |
| 31292 | 481 } |
| 31293 | 482 else if(primes <= 1024) |
| 31294 | 483 { |
| 31295 | 484 primes = AdjustNumberOfPrimes(4096); |
| 31296 | 485 fieldSize = 129; |
| 31297 | 486 } |
| 31298 | |
| 31299 | |
| 31300 | Page 452 TCG Published Family "2.0" |
| 31301 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 31302 | Part 4: Supporting Routines Trusted Platform Module Library |
| 31303 | |
| 31304 | 487 else |
| 31305 | 488 { |
| 31306 | 489 primes = AdjustNumberOfPrimes(0); // Set to the maximum |
| 31307 | 490 fieldSize = MAX_FIELD_SIZE; |
| 31308 | 491 } |
| 31309 | 492 if(fieldSize > MAX_FIELD_SIZE) |
| 31310 | 493 fieldSize = MAX_FIELD_SIZE; |
| 31311 | 494 #endif |
| 31312 | 495 |
| 31313 | 496 // Save the low-order word to use as a search generator and make sure that |
| 31314 | 497 // it has some interesting range to it |
| 31315 | 498 first = bnP->d[0] | 0x80000000; |
| 31316 | 499 |
| 31317 | 500 // Align to field boundary |
| 31318 | 501 bnP->d[0] &= ~((UINT32)(fieldSize-3)); |
| 31319 | 502 pAssert(BN_is_bit_set(bnP, 0)); |
| 31320 | 503 bnP->d[0] &= (UINT32_MAX << (FIELD_POWER + 1)) + 1; |
| 31321 | 504 ones = PrimeSieve(bnP, fieldSize, field, primes); |
| 31322 | 505 #ifdef RSA_FILTER_DEBUG |
| 31323 | 506 pAssert(ones == BitsInArray(field, defaultFieldSize)); |
| 31324 | 507 #endif |
| 31325 | 508 for(; ones > 0; ones--) |
| 31326 | 509 { |
| 31327 | 510 #ifdef RSA_FILTER_DEBUG |
| 31328 | 511 if(ones != BitsInArray(field, defaultFieldSize)) |
| 31329 | 512 FAIL(FATAL_ERROR_INTERNAL); |
| 31330 | 513 #endif |
| 31331 | 514 // Decide which bit to look at and find its offset |
| 31332 | 515 if(ones == 1) |
| 31333 | 516 ones = ones; |
| 31334 | 517 chosen = FindNthSetBit(defaultFieldSize, field,((first % ones) + 1)); |
| 31335 | 518 if(chosen >= ((defaultFieldSize) * 8)) |
| 31336 | 519 FAIL(FATAL_ERROR_INTERNAL); |
| 31337 | 520 |
| 31338 | 521 // Set this as the trial prime |
| 31339 | 522 BN_add_word(bnP, chosen * 2); |
| 31340 | 523 |
| 31341 | 524 // Use MR to see if this is prime |
| 31342 | 525 if(MillerRabin(bnP, rounds, ktx, context)) |
| 31343 | 526 { |
| 31344 | 527 // Final check is to make sure that 0 != (p-1) mod e |
| 31345 | 528 // This is the same as -1 != p mod e ; or |
| 31346 | 529 // (e - 1) != p mod e |
| 31347 | 530 if((e <= 3) || (BN_mod_word(bnP, e) != (e-1))) |
| 31348 | 531 return TRUE; |
| 31349 | 532 } |
| 31350 | 533 // Back out the bit number |
| 31351 | 534 BN_sub_word(bnP, chosen * 2); |
| 31352 | 535 |
| 31353 | 536 // Clear the bit just tested |
| 31354 | 537 ClearBit(field, chosen); |
| 31355 | 538 } |
| 31356 | 539 // Ran out of bits and couldn't find a prime in this field |
| 31357 | 540 INSTRUMENT_INC(noPrimeFields); |
| 31358 | 541 return FALSE; |
| 31359 | 542 } |
| 31360 | |
| 31361 | |
| 31362 | B.12.2.3.3.11. AdjustPrimeCandiate() |
| 31363 | |
| 31364 | This function adjusts the candidate prime so that it is odd and > root(2)/2. This allows the product of these |
| 31365 | two numbers to be .5, which, in fixed point notation means that the most significant bit is 1. For this |
| 31366 | routine, the root(2)/2 is approximated with 0xB505 which is, in fixed point is 0.7071075439453125 or an |
| 31367 | error of 0.0001%. Just setting the upper two bits would give a value > 0.75 which is an error of > 6%. |
| 31368 | |
| 31369 | |
| 31370 | Family "2.0" TCG Published Page 453 |
| 31371 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 31372 | Trusted Platform Module Library Part 4: Supporting Routines |
| 31373 | |
| 31374 | |
| 31375 | Given the amount of time all the other computations take, reducing the error is not much of a cost, but it |
| 31376 | isn't totally required either. |
| 31377 | The function also puts the number on a field boundary. |
| 31378 | |
| 31379 | 543 void |
| 31380 | 544 AdjustPrimeCandidate( |
| 31381 | 545 BYTE *a, |
| 31382 | 546 UINT16 len |
| 31383 | 547 ) |
| 31384 | 548 { |
| 31385 | 549 UINT16 highBytes; |
| 31386 | 550 |
| 31387 | 551 highBytes = BYTE_ARRAY_TO_UINT16(a); |
| 31388 | 552 // This is fixed point arithmetic on 16-bit values |
| 31389 | 553 highBytes = ((UINT32)highBytes * (UINT32)0x4AFB) >> 16; |
| 31390 | 554 highBytes += 0xB505; |
| 31391 | 555 UINT16_TO_BYTE_ARRAY(highBytes, a); |
| 31392 | 556 a[len-1] |= 1; |
| 31393 | 557 } |
| 31394 | |
| 31395 | |
| 31396 | B.12.2.3.3.12. GeneratateRamdomPrime() |
| 31397 | |
| 31398 | 558 void |
| 31399 | 559 GenerateRandomPrime( |
| 31400 | 560 TPM2B *p, |
| 31401 | 561 BN_CTX *ctx |
| 31402 | 562 #ifdef RSA_DEBUG //% |
| 31403 | 563 ,UINT16 field, |
| 31404 | 564 UINT16 primes |
| 31405 | 565 #endif //% |
| 31406 | 566 ) |
| 31407 | 567 { |
| 31408 | 568 BIGNUM *bnP; |
| 31409 | 569 BN_CTX *context; |
| 31410 | 570 |
| 31411 | 571 if(ctx == NULL) context = BN_CTX_new(); |
| 31412 | 572 else context = ctx; |
| 31413 | 573 if(context == NULL) |
| 31414 | 574 FAIL(FATAL_ERROR_ALLOCATION); |
| 31415 | 575 BN_CTX_start(context); |
| 31416 | 576 bnP = BN_CTX_get(context); |
| 31417 | 577 |
| 31418 | 578 while(TRUE) |
| 31419 | 579 { |
| 31420 | 580 _cpri__GenerateRandom(p->size, p->buffer); |
| 31421 | 581 p->buffer[p->size-1] |= 1; |
| 31422 | 582 p->buffer[0] |= 0x80; |
| 31423 | 583 BN_bin2bn(p->buffer, p->size, bnP); |
| 31424 | 584 #ifdef RSA_DEBUG |
| 31425 | 585 if(PrimeSelectWithSieve(bnP, NULL, 0, context, field, primes)) |
| 31426 | 586 #else |
| 31427 | 587 if(PrimeSelectWithSieve(bnP, NULL, 0, context)) |
| 31428 | 588 #endif |
| 31429 | 589 break; |
| 31430 | 590 } |
| 31431 | 591 BnTo2B(p, bnP, (UINT16)BN_num_bytes(bnP)); |
| 31432 | 592 BN_CTX_end(context); |
| 31433 | 593 if(ctx == NULL) |
| 31434 | 594 BN_CTX_free(context); |
| 31435 | 595 return; |
| 31436 | 596 } |
| 31437 | 597 KDFa_CONTEXT * |
| 31438 | 598 KDFaContextStart( |
| 31439 | |
| 31440 | Page 454 TCG Published Family "2.0" |
| 31441 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 31442 | Part 4: Supporting Routines Trusted Platform Module Library |
| 31443 | |
| 31444 | 599 KDFa_CONTEXT *ktx, // IN/OUT: the context structure to initialize |
| 31445 | 600 TPM2B *seed, // IN: the seed for the digest proce |
| 31446 | 601 TPM_ALG_ID hashAlg, // IN: the hash algorithm |
| 31447 | 602 TPM2B *extra, // IN: the extra data |
| 31448 | 603 UINT32 *outer, // IN: the outer iteration counter |
| 31449 | 604 UINT16 keySizeInBit |
| 31450 | 605 ) |
| 31451 | 606 { |
| 31452 | 607 UINT16 digestSize = _cpri__GetDigestSize(hashAlg); |
| 31453 | 608 TPM2B_HASH_BLOCK oPadKey; |
| 31454 | 609 |
| 31455 | 610 if(seed == NULL) |
| 31456 | 611 return NULL; |
| 31457 | 612 |
| 31458 | 613 pAssert(ktx != NULL && outer != NULL && digestSize != 0); |
| 31459 | 614 |
| 31460 | 615 // Start the hash using the seed and get the intermediate hash value |
| 31461 | 616 _cpri__StartHMAC(hashAlg, FALSE, &(ktx->iPadCtx), seed->size, seed->buffer, |
| 31462 | 617 &oPadKey.b); |
| 31463 | 618 _cpri__StartHash(hashAlg, FALSE, &(ktx->oPadCtx)); |
| 31464 | 619 _cpri__UpdateHash(&(ktx->oPadCtx), oPadKey.b.size, oPadKey.b.buffer); |
| 31465 | 620 ktx->extra = extra; |
| 31466 | 621 ktx->hashAlg = hashAlg; |
| 31467 | 622 ktx->outer = outer; |
| 31468 | 623 ktx->keySizeInBits = keySizeInBits; |
| 31469 | 624 return ktx; |
| 31470 | 625 } |
| 31471 | 626 void |
| 31472 | 627 KDFaContextEnd( |
| 31473 | 628 KDFa_CONTEXT *ktx // IN/OUT: the context structure to close |
| 31474 | 629 ) |
| 31475 | 630 { |
| 31476 | 631 if(ktx != NULL) |
| 31477 | 632 { |
| 31478 | 633 // Close out the hash sessions |
| 31479 | 634 _cpri__CompleteHash(&(ktx->iPadCtx), 0, NULL); |
| 31480 | 635 _cpri__CompleteHash(&(ktx->oPadCtx), 0, NULL); |
| 31481 | 636 } |
| 31482 | 637 } |
| 31483 | 638 //%#endif |
| 31484 | |
| 31485 | |
| 31486 | B.12.2.3.4. Public Function |
| 31487 | |
| 31488 | B.12.2.3.4.1. Introduction |
| 31489 | |
| 31490 | This is the external entry for this replacement function. All this file provides is the substitute function to |
| 31491 | generate an RSA key. If the compiler settings are set appropriately, this this function will be used instead |
| 31492 | of the similarly named function in CpriRSA.c. |
| 31493 | |
| 31494 | B.12.2.3.4.2. _cpri__GenerateKeyRSA() |
| 31495 | |
| 31496 | Generate an RSA key from a provided seed |
| 31497 | |
| 31498 | Return Value Meaning |
| 31499 | |
| 31500 | CRYPT_FAIL exponent is not prime or is less than 3; or could not find a prime using |
| 31501 | the provided parameters |
| 31502 | CRYPT_CANCEL operation was canceled |
| 31503 | |
| 31504 | 639 LIB_EXPORT CRYPT_RESULT |
| 31505 | 640 _cpri__GenerateKeyRSA( |
| 31506 | |
| 31507 | Family "2.0" TCG Published Page 455 |
| 31508 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 31509 | Trusted Platform Module Library Part 4: Supporting Routines |
| 31510 | |
| 31511 | 641 TPM2B *n, // OUT: The public modulus |
| 31512 | 642 TPM2B *p, // OUT: One of the prime factors of n |
| 31513 | 643 UINT16 keySizeInBits, // IN: Size of the public modulus in bits |
| 31514 | 644 UINT32 e, // IN: The public exponent |
| 31515 | 645 TPM_ALG_ID hashAlg, // IN: hash algorithm to use in the key |
| 31516 | 646 // generation process |
| 31517 | 647 TPM2B *seed, // IN: the seed to use |
| 31518 | 648 const char *label, // IN: A label for the generation process. |
| 31519 | 649 TPM2B *extra, // IN: Party 1 data for the KDF |
| 31520 | 650 UINT32 *counter // IN/OUT: Counter value to allow KDF |
| 31521 | 651 // iteration to be propagated across |
| 31522 | 652 // multiple routines |
| 31523 | 653 #ifdef RSA_DEBUG //% |
| 31524 | 654 ,UINT16 primes, // IN: number of primes to test |
| 31525 | 655 UINT16 fieldSize // IN: the field size to use |
| 31526 | 656 #endif //% |
| 31527 | 657 ) |
| 31528 | 658 { |
| 31529 | 659 CRYPT_RESULT retVal; |
| 31530 | 660 UINT32 myCounter = 0; |
| 31531 | 661 UINT32 *pCtr = (counter == NULL) ? &myCounter : counter; |
| 31532 | 662 |
| 31533 | 663 KDFa_CONTEXT ktx; |
| 31534 | 664 KDFa_CONTEXT *ktxPtr; |
| 31535 | 665 UINT32 i; |
| 31536 | 666 BIGNUM *bnP; |
| 31537 | 667 BIGNUM *bnQ; |
| 31538 | 668 BIGNUM *bnT; |
| 31539 | 669 BIGNUM *bnE; |
| 31540 | 670 BIGNUM *bnN; |
| 31541 | 671 BN_CTX *context; |
| 31542 | 672 |
| 31543 | 673 // Make sure that the required pointers are provided |
| 31544 | 674 pAssert(n != NULL && p != NULL); |
| 31545 | 675 |
| 31546 | 676 // If the seed is provided, then use KDFa for generation of the 'random' |
| 31547 | 677 // values |
| 31548 | 678 ktxPtr = KDFaContextStart(&ktx, seed, hashAlg, extra, pCtr, keySizeInBits); |
| 31549 | 679 |
| 31550 | 680 n->size = keySizeInBits/8; |
| 31551 | 681 p->size = n->size / 2; |
| 31552 | 682 |
| 31553 | 683 // Validate exponent |
| 31554 | 684 if(e == 0 || e == RSA_DEFAULT_PUBLIC_EXPONENT) |
| 31555 | 685 e = RSA_DEFAULT_PUBLIC_EXPONENT; |
| 31556 | 686 else |
| 31557 | 687 if(!IsPrimeWord(e)) |
| 31558 | 688 return CRYPT_FAIL; |
| 31559 | 689 |
| 31560 | 690 // Get structures for the big number representations |
| 31561 | 691 context = BN_CTX_new(); |
| 31562 | 692 BN_CTX_start(context); |
| 31563 | 693 bnP = BN_CTX_get(context); |
| 31564 | 694 bnQ = BN_CTX_get(context); |
| 31565 | 695 bnT = BN_CTX_get(context); |
| 31566 | 696 bnE = BN_CTX_get(context); |
| 31567 | 697 bnN = BN_CTX_get(context); |
| 31568 | 698 if(bnN == NULL) |
| 31569 | 699 FAIL(FATAL_ERROR_INTERNAL); |
| 31570 | 700 |
| 31571 | 701 // Set Q to zero. This is used as a flag. The prime is computed in P. When a |
| 31572 | 702 // new prime is found, Q is checked to see if it is zero. If so, P is copied |
| 31573 | 703 // to Q and a new P is found. When both P and Q are non-zero, the modulus and |
| 31574 | 704 // private exponent are computed and a trial encryption/decryption is |
| 31575 | 705 // performed. If the encrypt/decrypt fails, assume that at least one of the |
| 31576 | 706 // primes is composite. Since we don't know which one, set Q to zero and start |
| 31577 | |
| 31578 | Page 456 TCG Published Family "2.0" |
| 31579 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 31580 | Part 4: Supporting Routines Trusted Platform Module Library |
| 31581 | |
| 31582 | 707 // over and find a new pair of primes. |
| 31583 | 708 BN_zero(bnQ); |
| 31584 | 709 BN_set_word(bnE, e); |
| 31585 | 710 |
| 31586 | 711 // Each call to generate a random value will increment ktx.outer |
| 31587 | 712 // it doesn't matter if ktx.outer wraps. This lets the caller |
| 31588 | 713 // use the initial value of the counter for additional entropy. |
| 31589 | 714 for(i = 0; i < UINT32_MAX; i++) |
| 31590 | 715 { |
| 31591 | 716 if(_plat__IsCanceled()) |
| 31592 | 717 { |
| 31593 | 718 retVal = CRYPT_CANCEL; |
| 31594 | 719 goto end; |
| 31595 | 720 } |
| 31596 | 721 // Get a random prime candidate. |
| 31597 | 722 if(seed == NULL) |
| 31598 | 723 _cpri__GenerateRandom(p->size, p->buffer); |
| 31599 | 724 else |
| 31600 | 725 RandomForRsa(&ktx, label, p); |
| 31601 | 726 AdjustPrimeCandidate(p->buffer, p->size); |
| 31602 | 727 |
| 31603 | 728 // Convert the candidate to a BN |
| 31604 | 729 if(BN_bin2bn(p->buffer, p->size, bnP) == NULL) |
| 31605 | 730 FAIL(FATAL_ERROR_INTERNAL); |
| 31606 | 731 // If this is the second prime, make sure that it differs from the |
| 31607 | 732 // first prime by at least 2^100. Since BIGNUMS use words, the check |
| 31608 | 733 // below will make sure they are different by at least 128 bits |
| 31609 | 734 if(!BN_is_zero(bnQ)) |
| 31610 | 735 { // bnQ is non-zero, we have a first value |
| 31611 | 736 UINT32 *pP = (UINT32 *)(&bnP->d[4]); |
| 31612 | 737 UINT32 *pQ = (UINT32 *)(&bnQ->d[4]); |
| 31613 | 738 INT32 k = ((INT32)bnP->top) - 4; |
| 31614 | 739 for(;k > 0; k--) |
| 31615 | 740 if(*pP++ != *pQ++) |
| 31616 | 741 break; |
| 31617 | 742 // Didn't find any difference so go get a new value |
| 31618 | 743 if(k == 0) |
| 31619 | 744 continue; |
| 31620 | 745 } |
| 31621 | 746 // If PrimeSelectWithSieve returns success, bnP is a prime, |
| 31622 | 747 #ifdef RSA_DEBUG |
| 31623 | 748 if(!PrimeSelectWithSieve(bnP, ktxPtr, e, context, fieldSize, primes)) |
| 31624 | 749 #else |
| 31625 | 750 if(!PrimeSelectWithSieve(bnP, ktxPtr, e, context)) |
| 31626 | 751 #endif |
| 31627 | 752 continue; // If not, get another |
| 31628 | 753 |
| 31629 | 754 // Found a prime, is this the first or second. |
| 31630 | 755 if(BN_is_zero(bnQ)) |
| 31631 | 756 { // copy p to q and compute another prime in p |
| 31632 | 757 BN_copy(bnQ, bnP); |
| 31633 | 758 continue; |
| 31634 | 759 } |
| 31635 | 760 //Form the public modulus |
| 31636 | 761 if( BN_mul(bnN, bnP, bnQ, context) != 1 |
| 31637 | 762 || BN_num_bits(bnN) != keySizeInBits) |
| 31638 | 763 FAIL(FATAL_ERROR_INTERNAL); |
| 31639 | 764 // Save the public modulus |
| 31640 | 765 BnTo2B(n, bnN, n->size); |
| 31641 | 766 // And one prime |
| 31642 | 767 BnTo2B(p, bnP, p->size); |
| 31643 | 768 |
| 31644 | 769 #ifdef EXTENDED_CHECKS |
| 31645 | 770 // Finish by making sure that we can form the modular inverse of PHI |
| 31646 | 771 // with respect to the public exponent |
| 31647 | 772 // Compute PHI = (p - 1)(q - 1) = n - p - q + 1 |
| 31648 | |
| 31649 | Family "2.0" TCG Published Page 457 |
| 31650 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 31651 | Trusted Platform Module Library Part 4: Supporting Routines |
| 31652 | |
| 31653 | 773 // Make sure that we can form the modular inverse |
| 31654 | 774 if( BN_sub(bnT, bnN, bnP) != 1 |
| 31655 | 775 || BN_sub(bnT, bnT, bnQ) != 1 |
| 31656 | 776 || BN_add_word(bnT, 1) != 1) |
| 31657 | 777 FAIL(FATAL_ERROR_INTERNAL); |
| 31658 | 778 |
| 31659 | 779 // find d such that (Phi * d) mod e ==1 |
| 31660 | 780 // If there isn't then we are broken because we took the step |
| 31661 | 781 // of making sure that the prime != 1 mod e so the modular inverse |
| 31662 | 782 // must exist |
| 31663 | 783 if( BN_mod_inverse(bnT, bnE, bnT, context) == NULL |
| 31664 | 784 || BN_is_zero(bnT)) |
| 31665 | 785 FAIL(FATAL_ERROR_INTERNAL); |
| 31666 | 786 |
| 31667 | 787 // And, finally, do a trial encryption decryption |
| 31668 | 788 { |
| 31669 | 789 TPM2B_TYPE(RSA_KEY, MAX_RSA_KEY_BYTES); |
| 31670 | 790 TPM2B_RSA_KEY r; |
| 31671 | 791 r.t.size = sizeof(r.t.buffer); |
| 31672 | 792 // If we are using a seed, then results must be reproducible on each |
| 31673 | 793 // call. Otherwise, just get a random number |
| 31674 | 794 if(seed == NULL) |
| 31675 | 795 _cpri__GenerateRandom(keySizeInBits/8, r.t.buffer); |
| 31676 | 796 else |
| 31677 | 797 RandomForRsa(&ktx, label, &r.b); |
| 31678 | 798 |
| 31679 | 799 // Make sure that the number is smaller than the public modulus |
| 31680 | 800 r.t.buffer[0] &= 0x7F; |
| 31681 | 801 // Convert |
| 31682 | 802 if( BN_bin2bn(r.t.buffer, r.t.size, bnP) == NULL |
| 31683 | 803 // Encrypt with the public exponent |
| 31684 | 804 || BN_mod_exp(bnQ, bnP, bnE, bnN, context) != 1 |
| 31685 | 805 // Decrypt with the private exponent |
| 31686 | 806 || BN_mod_exp(bnQ, bnQ, bnT, bnN, context) != 1) |
| 31687 | 807 FAIL(FATAL_ERROR_INTERNAL); |
| 31688 | 808 // If the starting and ending values are not the same, start over )-; |
| 31689 | 809 if(BN_ucmp(bnP, bnQ) != 0) |
| 31690 | 810 { |
| 31691 | 811 BN_zero(bnQ); |
| 31692 | 812 continue; |
| 31693 | 813 } |
| 31694 | 814 } |
| 31695 | 815 #endif // EXTENDED_CHECKS |
| 31696 | 816 retVal = CRYPT_SUCCESS; |
| 31697 | 817 goto end; |
| 31698 | 818 } |
| 31699 | 819 retVal = CRYPT_FAIL; |
| 31700 | 820 |
| 31701 | 821 end: |
| 31702 | 822 KDFaContextEnd(&ktx); |
| 31703 | 823 |
| 31704 | 824 // Free up allocated BN values |
| 31705 | 825 BN_CTX_end(context); |
| 31706 | 826 BN_CTX_free(context); |
| 31707 | 827 return retVal; |
| 31708 | 828 } |
| 31709 | 829 #else |
| 31710 | 830 static void noFuntion( |
| 31711 | 831 void |
| 31712 | 832 ) |
| 31713 | 833 { |
| 31714 | 834 pAssert(1); |
| 31715 | 835 } |
| 31716 | 836 #endif //% |
| 31717 | 837 #endif // TPM_ALG_RSA |
| 31718 | |
| 31719 | |
| 31720 | Page 458 TCG Published Family "2.0" |
| 31721 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 31722 | Part 4: Supporting Routines Trusted Platform Module Library |
| 31723 | |
| 31724 | |
| 31725 | B.12.2.4. RSAData.c |
| 31726 | |
| 31727 | 1 #include "OsslCryptoEngine.h" |
| 31728 | 2 #ifdef RSA_KEY_SIEVE |
| 31729 | 3 #include "RsaKeySieve.h" |
| 31730 | 4 #ifdef RSA_DEBUG |
| 31731 | 5 UINT16 defaultFieldSize = MAX_FIELD_SIZE; |
| 31732 | 6 #endif |
| 31733 | |
| 31734 | This table contains a pre-sieved table. It has the bits for 3, 5, and 7 removed. Because of the factors, it |
| 31735 | needs to be aligned to 105 and has a repeat of 105. |
| 31736 | |
| 31737 | 7 const BYTE seedValues[SEED_VALUES_SIZE] = { |
| 31738 | 8 0x16, 0x29, 0xcb, 0xa4, 0x65, 0xda, 0x30, 0x6c, |
| 31739 | 9 0x99, 0x96, 0x4c, 0x53, 0xa2, 0x2d, 0x52, 0x96, |
| 31740 | 10 0x49, 0xcb, 0xb4, 0x61, 0xd8, 0x32, 0x2d, 0x99, |
| 31741 | 11 0xa6, 0x44, 0x5b, 0xa4, 0x2c, 0x93, 0x96, 0x69, |
| 31742 | 12 0xc3, 0xb0, 0x65, 0x5a, 0x32, 0x4d, 0x89, 0xb6, |
| 31743 | 13 0x48, 0x59, 0x26, 0x2d, 0xd3, 0x86, 0x61, 0xcb, |
| 31744 | 14 0xb4, 0x64, 0x9a, 0x12, 0x6d, 0x91, 0xb2, 0x4c, |
| 31745 | 15 0x5a, 0xa6, 0x0d, 0xc3, 0x96, 0x69, 0xc9, 0x34, |
| 31746 | 16 0x25, 0xda, 0x22, 0x65, 0x99, 0xb4, 0x4c, 0x1b, |
| 31747 | 17 0x86, 0x2d, 0xd3, 0x92, 0x69, 0x4a, 0xb4, 0x45, |
| 31748 | 18 0xca, 0x32, 0x69, 0x99, 0x36, 0x0c, 0x5b, 0xa6, |
| 31749 | 19 0x25, 0xd3, 0x94, 0x68, 0x8b, 0x94, 0x65, 0xd2, |
| 31750 | 20 0x32, 0x6d, 0x18, 0xb6, 0x4c, 0x4b, 0xa6, 0x29, |
| 31751 | 21 0xd1}; |
| 31752 | 22 const BYTE bitsInByte[256] = { |
| 31753 | 23 0x00, 0x01, 0x01, 0x02, 0x01, 0x02, 0x02, 0x03, |
| 31754 | 24 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, |
| 31755 | 25 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, |
| 31756 | 26 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, |
| 31757 | 27 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, |
| 31758 | 28 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, |
| 31759 | 29 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, |
| 31760 | 30 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, |
| 31761 | 31 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, |
| 31762 | 32 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, |
| 31763 | 33 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, |
| 31764 | 34 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, |
| 31765 | 35 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, |
| 31766 | 36 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, |
| 31767 | 37 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, |
| 31768 | 38 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, |
| 31769 | 39 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, |
| 31770 | 40 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, |
| 31771 | 41 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, |
| 31772 | 42 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, |
| 31773 | 43 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, |
| 31774 | 44 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, |
| 31775 | 45 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, |
| 31776 | 46 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, |
| 31777 | 47 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, |
| 31778 | 48 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, |
| 31779 | 49 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, |
| 31780 | 50 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, |
| 31781 | 51 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, |
| 31782 | 52 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, |
| 31783 | 53 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, |
| 31784 | 54 0x05, 0x06, 0x06, 0x07, 0x06, 0x07, 0x07, 0x08 |
| 31785 | 55 }; |
| 31786 | |
| 31787 | |
| 31788 | |
| 31789 | |
| 31790 | Family "2.0" TCG Published Page 459 |
| 31791 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 31792 | Trusted Platform Module Library Part 4: Supporting Routines |
| 31793 | |
| 31794 | |
| 31795 | Following table contains a byte that is the difference between two successive primes. This reduces the |
| 31796 | table size by a factor of two. It is optimized for sequential access to the prime table which is the most |
| 31797 | common case. |
| 31798 | When the table size is at its max, the table will have all primes less than 2^16. This is 6542 primes in |
| 31799 | 6542 bytes. |
| 31800 | |
| 31801 | 56 const UINT16 primeTableBytes = PRIME_DIFF_TABLE_BYTES; |
| 31802 | 57 #if PRIME_DIFF_TABLE_BYTES > 0 |
| 31803 | 58 const BYTE primeDiffTable [PRIME_DIFF_TABLE_BYTES] = { |
| 31804 | 59 0x02,0x02,0x02,0x04,0x02,0x04,0x02,0x04,0x06,0x02,0x06,0x04,0x02,0x04,0x06,0x06, |
| 31805 | 60 0x02,0x06,0x04,0x02,0x06,0x04,0x06,0x08,0x04,0x02,0x04,0x02,0x04,0x0E,0x04,0x06, |
| 31806 | 61 0x02,0x0A,0x02,0x06,0x06,0x04,0x06,0x06,0x02,0x0A,0x02,0x04,0x02,0x0C,0x0C,0x04, |
| 31807 | 62 0x02,0x04,0x06,0x02,0x0A,0x06,0x06,0x06,0x02,0x06,0x04,0x02,0x0A,0x0E,0x04,0x02, |
| 31808 | 63 0x04,0x0E,0x06,0x0A,0x02,0x04,0x06,0x08,0x06,0x06,0x04,0x06,0x08,0x04,0x08,0x0A, |
| 31809 | 64 0x02,0x0A,0x02,0x06,0x04,0x06,0x08,0x04,0x02,0x04,0x0C,0x08,0x04,0x08,0x04,0x06, |
| 31810 | 65 0x0C,0x02,0x12,0x06,0x0A,0x06,0x06,0x02,0x06,0x0A,0x06,0x06,0x02,0x06,0x06,0x04, |
| 31811 | 66 0x02,0x0C,0x0A,0x02,0x04,0x06,0x06,0x02,0x0C,0x04,0x06,0x08,0x0A,0x08,0x0A,0x08, |
| 31812 | 67 0x06,0x06,0x04,0x08,0x06,0x04,0x08,0x04,0x0E,0x0A,0x0C,0x02,0x0A,0x02,0x04,0x02, |
| 31813 | 68 0x0A,0x0E,0x04,0x02,0x04,0x0E,0x04,0x02,0x04,0x14,0x04,0x08,0x0A,0x08,0x04,0x06, |
| 31814 | 69 0x06,0x0E,0x04,0x06,0x06,0x08,0x06,0x0C,0x04,0x06,0x02,0x0A,0x02,0x06,0x0A,0x02, |
| 31815 | 70 0x0A,0x02,0x06,0x12,0x04,0x02,0x04,0x06,0x06,0x08,0x06,0x06,0x16,0x02,0x0A,0x08, |
| 31816 | 71 0x0A,0x06,0x06,0x08,0x0C,0x04,0x06,0x06,0x02,0x06,0x0C,0x0A,0x12,0x02,0x04,0x06, |
| 31817 | 72 0x02,0x06,0x04,0x02,0x04,0x0C,0x02,0x06,0x22,0x06,0x06,0x08,0x12,0x0A,0x0E,0x04, |
| 31818 | 73 0x02,0x04,0x06,0x08,0x04,0x02,0x06,0x0C,0x0A,0x02,0x04,0x02,0x04,0x06,0x0C,0x0C, |
| 31819 | 74 0x08,0x0C,0x06,0x04,0x06,0x08,0x04,0x08,0x04,0x0E,0x04,0x06,0x02,0x04,0x06,0x02 |
| 31820 | 75 #endif |
| 31821 | 76 // 256 |
| 31822 | 77 #if PRIME_DIFF_TABLE_BYTES > 256 |
| 31823 | 78 ,0x06,0x0A,0x14,0x06,0x04,0x02,0x18,0x04,0x02,0x0A,0x0C,0x02,0x0A,0x08,0x06,0x06, |
| 31824 | 79 0x06,0x12,0x06,0x04,0x02,0x0C,0x0A,0x0C,0x08,0x10,0x0E,0x06,0x04,0x02,0x04,0x02, |
| 31825 | 80 0x0A,0x0C,0x06,0x06,0x12,0x02,0x10,0x02,0x16,0x06,0x08,0x06,0x04,0x02,0x04,0x08, |
| 31826 | 81 0x06,0x0A,0x02,0x0A,0x0E,0x0A,0x06,0x0C,0x02,0x04,0x02,0x0A,0x0C,0x02,0x10,0x02, |
| 31827 | 82 0x06,0x04,0x02,0x0A,0x08,0x12,0x18,0x04,0x06,0x08,0x10,0x02,0x04,0x08,0x10,0x02, |
| 31828 | 83 0x04,0x08,0x06,0x06,0x04,0x0C,0x02,0x16,0x06,0x02,0x06,0x04,0x06,0x0E,0x06,0x04, |
| 31829 | 84 0x02,0x06,0x04,0x06,0x0C,0x06,0x06,0x0E,0x04,0x06,0x0C,0x08,0x06,0x04,0x1A,0x12, |
| 31830 | 85 0x0A,0x08,0x04,0x06,0x02,0x06,0x16,0x0C,0x02,0x10,0x08,0x04,0x0C,0x0E,0x0A,0x02, |
| 31831 | 86 0x04,0x08,0x06,0x06,0x04,0x02,0x04,0x06,0x08,0x04,0x02,0x06,0x0A,0x02,0x0A,0x08, |
| 31832 | 87 0x04,0x0E,0x0A,0x0C,0x02,0x06,0x04,0x02,0x10,0x0E,0x04,0x06,0x08,0x06,0x04,0x12, |
| 31833 | 88 0x08,0x0A,0x06,0x06,0x08,0x0A,0x0C,0x0E,0x04,0x06,0x06,0x02,0x1C,0x02,0x0A,0x08, |
| 31834 | 89 0x04,0x0E,0x04,0x08,0x0C,0x06,0x0C,0x04,0x06,0x14,0x0A,0x02,0x10,0x1A,0x04,0x02, |
| 31835 | 90 0x0C,0x06,0x04,0x0C,0x06,0x08,0x04,0x08,0x16,0x02,0x04,0x02,0x0C,0x1C,0x02,0x06, |
| 31836 | 91 0x06,0x06,0x04,0x06,0x02,0x0C,0x04,0x0C,0x02,0x0A,0x02,0x10,0x02,0x10,0x06,0x14, |
| 31837 | 92 0x10,0x08,0x04,0x02,0x04,0x02,0x16,0x08,0x0C,0x06,0x0A,0x02,0x04,0x06,0x02,0x06, |
| 31838 | 93 0x0A,0x02,0x0C,0x0A,0x02,0x0A,0x0E,0x06,0x04,0x06,0x08,0x06,0x06,0x10,0x0C,0x02 |
| 31839 | 94 #endif |
| 31840 | 95 // 512 |
| 31841 | 96 #if PRIME_DIFF_TABLE_BYTES > 512 |
| 31842 | 97 ,0x04,0x0E,0x06,0x04,0x08,0x0A,0x08,0x06,0x06,0x16,0x06,0x02,0x0A,0x0E,0x04,0x06, |
| 31843 | 98 0x12,0x02,0x0A,0x0E,0x04,0x02,0x0A,0x0E,0x04,0x08,0x12,0x04,0x06,0x02,0x04,0x06, |
| 31844 | 99 0x02,0x0C,0x04,0x14,0x16,0x0C,0x02,0x04,0x06,0x06,0x02,0x06,0x16,0x02,0x06,0x10, |
| 31845 | 100 0x06,0x0C,0x02,0x06,0x0C,0x10,0x02,0x04,0x06,0x0E,0x04,0x02,0x12,0x18,0x0A,0x06, |
| 31846 | 101 0x02,0x0A,0x02,0x0A,0x02,0x0A,0x06,0x02,0x0A,0x02,0x0A,0x06,0x08,0x1E,0x0A,0x02, |
| 31847 | 102 0x0A,0x08,0x06,0x0A,0x12,0x06,0x0C,0x0C,0x02,0x12,0x06,0x04,0x06,0x06,0x12,0x02, |
| 31848 | 103 0x0A,0x0E,0x06,0x04,0x02,0x04,0x18,0x02,0x0C,0x06,0x10,0x08,0x06,0x06,0x12,0x10, |
| 31849 | 104 0x02,0x04,0x06,0x02,0x06,0x06,0x0A,0x06,0x0C,0x0C,0x12,0x02,0x06,0x04,0x12,0x08, |
| 31850 | 105 0x18,0x04,0x02,0x04,0x06,0x02,0x0C,0x04,0x0E,0x1E,0x0A,0x06,0x0C,0x0E,0x06,0x0A, |
| 31851 | 106 0x0C,0x02,0x04,0x06,0x08,0x06,0x0A,0x02,0x04,0x0E,0x06,0x06,0x04,0x06,0x02,0x0A, |
| 31852 | 107 0x02,0x10,0x0C,0x08,0x12,0x04,0x06,0x0C,0x02,0x06,0x06,0x06,0x1C,0x06,0x0E,0x04, |
| 31853 | 108 0x08,0x0A,0x08,0x0C,0x12,0x04,0x02,0x04,0x18,0x0C,0x06,0x02,0x10,0x06,0x06,0x0E, |
| 31854 | 109 0x0A,0x0E,0x04,0x1E,0x06,0x06,0x06,0x08,0x06,0x04,0x02,0x0C,0x06,0x04,0x02,0x06, |
| 31855 | 110 0x16,0x06,0x02,0x04,0x12,0x02,0x04,0x0C,0x02,0x06,0x04,0x1A,0x06,0x06,0x04,0x08, |
| 31856 | 111 0x0A,0x20,0x10,0x02,0x06,0x04,0x02,0x04,0x02,0x0A,0x0E,0x06,0x04,0x08,0x0A,0x06, |
| 31857 | 112 0x14,0x04,0x02,0x06,0x1E,0x04,0x08,0x0A,0x06,0x06,0x08,0x06,0x0C,0x04,0x06,0x02 |
| 31858 | 113 #endif |
| 31859 | |
| 31860 | Page 460 TCG Published Family "2.0" |
| 31861 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 31862 | Part 4: Supporting Routines Trusted Platform Module Library |
| 31863 | |
| 31864 | 114 // 768 |
| 31865 | 115 #if PRIME_DIFF_TABLE_BYTES > 768 |
| 31866 | 116 ,0x06,0x04,0x06,0x02,0x0A,0x02,0x10,0x06,0x14,0x04,0x0C,0x0E,0x1C,0x06,0x14,0x04, |
| 31867 | 117 0x12,0x08,0x06,0x04,0x06,0x0E,0x06,0x06,0x0A,0x02,0x0A,0x0C,0x08,0x0A,0x02,0x0A, |
| 31868 | 118 0x08,0x0C,0x0A,0x18,0x02,0x04,0x08,0x06,0x04,0x08,0x12,0x0A,0x06,0x06,0x02,0x06, |
| 31869 | 119 0x0A,0x0C,0x02,0x0A,0x06,0x06,0x06,0x08,0x06,0x0A,0x06,0x02,0x06,0x06,0x06,0x0A, |
| 31870 | 120 0x08,0x18,0x06,0x16,0x02,0x12,0x04,0x08,0x0A,0x1E,0x08,0x12,0x04,0x02,0x0A,0x06, |
| 31871 | 121 0x02,0x06,0x04,0x12,0x08,0x0C,0x12,0x10,0x06,0x02,0x0C,0x06,0x0A,0x02,0x0A,0x02, |
| 31872 | 122 0x06,0x0A,0x0E,0x04,0x18,0x02,0x10,0x02,0x0A,0x02,0x0A,0x14,0x04,0x02,0x04,0x08, |
| 31873 | 123 0x10,0x06,0x06,0x02,0x0C,0x10,0x08,0x04,0x06,0x1E,0x02,0x0A,0x02,0x06,0x04,0x06, |
| 31874 | 124 0x06,0x08,0x06,0x04,0x0C,0x06,0x08,0x0C,0x04,0x0E,0x0C,0x0A,0x18,0x06,0x0C,0x06, |
| 31875 | 125 0x02,0x16,0x08,0x12,0x0A,0x06,0x0E,0x04,0x02,0x06,0x0A,0x08,0x06,0x04,0x06,0x1E, |
| 31876 | 126 0x0E,0x0A,0x02,0x0C,0x0A,0x02,0x10,0x02,0x12,0x18,0x12,0x06,0x10,0x12,0x06,0x02, |
| 31877 | 127 0x12,0x04,0x06,0x02,0x0A,0x08,0x0A,0x06,0x06,0x08,0x04,0x06,0x02,0x0A,0x02,0x0C, |
| 31878 | 128 0x04,0x06,0x06,0x02,0x0C,0x04,0x0E,0x12,0x04,0x06,0x14,0x04,0x08,0x06,0x04,0x08, |
| 31879 | 129 0x04,0x0E,0x06,0x04,0x0E,0x0C,0x04,0x02,0x1E,0x04,0x18,0x06,0x06,0x0C,0x0C,0x0E, |
| 31880 | 130 0x06,0x04,0x02,0x04,0x12,0x06,0x0C,0x08,0x06,0x04,0x0C,0x02,0x0C,0x1E,0x10,0x02, |
| 31881 | 131 0x06,0x16,0x0E,0x06,0x0A,0x0C,0x06,0x02,0x04,0x08,0x0A,0x06,0x06,0x18,0x0E,0x06 |
| 31882 | 132 #endif |
| 31883 | 133 // 1024 |
| 31884 | 134 #if PRIME_DIFF_TABLE_BYTES > 1024 |
| 31885 | 135 ,0x04,0x08,0x0C,0x12,0x0A,0x02,0x0A,0x02,0x04,0x06,0x14,0x06,0x04,0x0E,0x04,0x02, |
| 31886 | 136 0x04,0x0E,0x06,0x0C,0x18,0x0A,0x06,0x08,0x0A,0x02,0x1E,0x04,0x06,0x02,0x0C,0x04, |
| 31887 | 137 0x0E,0x06,0x22,0x0C,0x08,0x06,0x0A,0x02,0x04,0x14,0x0A,0x08,0x10,0x02,0x0A,0x0E, |
| 31888 | 138 0x04,0x02,0x0C,0x06,0x10,0x06,0x08,0x04,0x08,0x04,0x06,0x08,0x06,0x06,0x0C,0x06, |
| 31889 | 139 0x04,0x06,0x06,0x08,0x12,0x04,0x14,0x04,0x0C,0x02,0x0A,0x06,0x02,0x0A,0x0C,0x02, |
| 31890 | 140 0x04,0x14,0x06,0x1E,0x06,0x04,0x08,0x0A,0x0C,0x06,0x02,0x1C,0x02,0x06,0x04,0x02, |
| 31891 | 141 0x10,0x0C,0x02,0x06,0x0A,0x08,0x18,0x0C,0x06,0x12,0x06,0x04,0x0E,0x06,0x04,0x0C, |
| 31892 | 142 0x08,0x06,0x0C,0x04,0x06,0x0C,0x06,0x0C,0x02,0x10,0x14,0x04,0x02,0x0A,0x12,0x08, |
| 31893 | 143 0x04,0x0E,0x04,0x02,0x06,0x16,0x06,0x0E,0x06,0x06,0x0A,0x06,0x02,0x0A,0x02,0x04, |
| 31894 | 144 0x02,0x16,0x02,0x04,0x06,0x06,0x0C,0x06,0x0E,0x0A,0x0C,0x06,0x08,0x04,0x24,0x0E, |
| 31895 | 145 0x0C,0x06,0x04,0x06,0x02,0x0C,0x06,0x0C,0x10,0x02,0x0A,0x08,0x16,0x02,0x0C,0x06, |
| 31896 | 146 0x04,0x06,0x12,0x02,0x0C,0x06,0x04,0x0C,0x08,0x06,0x0C,0x04,0x06,0x0C,0x06,0x02, |
| 31897 | 147 0x0C,0x0C,0x04,0x0E,0x06,0x10,0x06,0x02,0x0A,0x08,0x12,0x06,0x22,0x02,0x1C,0x02, |
| 31898 | 148 0x16,0x06,0x02,0x0A,0x0C,0x02,0x06,0x04,0x08,0x16,0x06,0x02,0x0A,0x08,0x04,0x06, |
| 31899 | 149 0x08,0x04,0x0C,0x12,0x0C,0x14,0x04,0x06,0x06,0x08,0x04,0x02,0x10,0x0C,0x02,0x0A, |
| 31900 | 150 0x08,0x0A,0x02,0x04,0x06,0x0E,0x0C,0x16,0x08,0x1C,0x02,0x04,0x14,0x04,0x02,0x04 |
| 31901 | 151 #endif |
| 31902 | 152 // 1280 |
| 31903 | 153 #if PRIME_DIFF_TABLE_BYTES > 1280 |
| 31904 | 154 ,0x0E,0x0A,0x0C,0x02,0x0C,0x10,0x02,0x1C,0x08,0x16,0x08,0x04,0x06,0x06,0x0E,0x04, |
| 31905 | 155 0x08,0x0C,0x06,0x06,0x04,0x14,0x04,0x12,0x02,0x0C,0x06,0x04,0x06,0x0E,0x12,0x0A, |
| 31906 | 156 0x08,0x0A,0x20,0x06,0x0A,0x06,0x06,0x02,0x06,0x10,0x06,0x02,0x0C,0x06,0x1C,0x02, |
| 31907 | 157 0x0A,0x08,0x10,0x06,0x08,0x06,0x0A,0x18,0x14,0x0A,0x02,0x0A,0x02,0x0C,0x04,0x06, |
| 31908 | 158 0x14,0x04,0x02,0x0C,0x12,0x0A,0x02,0x0A,0x02,0x04,0x14,0x10,0x1A,0x04,0x08,0x06, |
| 31909 | 159 0x04,0x0C,0x06,0x08,0x0C,0x0C,0x06,0x04,0x08,0x16,0x02,0x10,0x0E,0x0A,0x06,0x0C, |
| 31910 | 160 0x0C,0x0E,0x06,0x04,0x14,0x04,0x0C,0x06,0x02,0x06,0x06,0x10,0x08,0x16,0x02,0x1C, |
| 31911 | 161 0x08,0x06,0x04,0x14,0x04,0x0C,0x18,0x14,0x04,0x08,0x0A,0x02,0x10,0x02,0x0C,0x0C, |
| 31912 | 162 0x22,0x02,0x04,0x06,0x0C,0x06,0x06,0x08,0x06,0x04,0x02,0x06,0x18,0x04,0x14,0x0A, |
| 31913 | 163 0x06,0x06,0x0E,0x04,0x06,0x06,0x02,0x0C,0x06,0x0A,0x02,0x0A,0x06,0x14,0x04,0x1A, |
| 31914 | 164 0x04,0x02,0x06,0x16,0x02,0x18,0x04,0x06,0x02,0x04,0x06,0x18,0x06,0x08,0x04,0x02, |
| 31915 | 165 0x22,0x06,0x08,0x10,0x0C,0x02,0x0A,0x02,0x0A,0x06,0x08,0x04,0x08,0x0C,0x16,0x06, |
| 31916 | 166 0x0E,0x04,0x1A,0x04,0x02,0x0C,0x0A,0x08,0x04,0x08,0x0C,0x04,0x0E,0x06,0x10,0x06, |
| 31917 | 167 0x08,0x04,0x06,0x06,0x08,0x06,0x0A,0x0C,0x02,0x06,0x06,0x10,0x08,0x06,0x06,0x0C, |
| 31918 | 168 0x0A,0x02,0x06,0x12,0x04,0x06,0x06,0x06,0x0C,0x12,0x08,0x06,0x0A,0x08,0x12,0x04, |
| 31919 | 169 0x0E,0x06,0x12,0x0A,0x08,0x0A,0x0C,0x02,0x06,0x0C,0x0C,0x24,0x04,0x06,0x08,0x04 |
| 31920 | 170 #endif |
| 31921 | 171 // 1536 |
| 31922 | 172 #if PRIME_DIFF_TABLE_BYTES > 1536 |
| 31923 | 173 ,0x06,0x02,0x04,0x12,0x0C,0x06,0x08,0x06,0x06,0x04,0x12,0x02,0x04,0x02,0x18,0x04, |
| 31924 | 174 0x06,0x06,0x0E,0x1E,0x06,0x04,0x06,0x0C,0x06,0x14,0x04,0x08,0x04,0x08,0x06,0x06, |
| 31925 | 175 0x04,0x1E,0x02,0x0A,0x0C,0x08,0x0A,0x08,0x18,0x06,0x0C,0x04,0x0E,0x04,0x06,0x02, |
| 31926 | 176 0x1C,0x0E,0x10,0x02,0x0C,0x06,0x04,0x14,0x0A,0x06,0x06,0x06,0x08,0x0A,0x0C,0x0E, |
| 31927 | 177 0x0A,0x0E,0x10,0x0E,0x0A,0x0E,0x06,0x10,0x06,0x08,0x06,0x10,0x14,0x0A,0x02,0x06, |
| 31928 | 178 0x04,0x02,0x04,0x0C,0x02,0x0A,0x02,0x06,0x16,0x06,0x02,0x04,0x12,0x08,0x0A,0x08, |
| 31929 | 179 0x16,0x02,0x0A,0x12,0x0E,0x04,0x02,0x04,0x12,0x02,0x04,0x06,0x08,0x0A,0x02,0x1E, |
| 31930 | |
| 31931 | Family "2.0" TCG Published Page 461 |
| 31932 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 31933 | Trusted Platform Module Library Part 4: Supporting Routines |
| 31934 | |
| 31935 | 180 0x04,0x1E,0x02,0x0A,0x02,0x12,0x04,0x12,0x06,0x0E,0x0A,0x02,0x04,0x14,0x24,0x06, |
| 31936 | 181 0x04,0x06,0x0E,0x04,0x14,0x0A,0x0E,0x16,0x06,0x02,0x1E,0x0C,0x0A,0x12,0x02,0x04, |
| 31937 | 182 0x0E,0x06,0x16,0x12,0x02,0x0C,0x06,0x04,0x08,0x04,0x08,0x06,0x0A,0x02,0x0C,0x12, |
| 31938 | 183 0x0A,0x0E,0x10,0x0E,0x04,0x06,0x06,0x02,0x06,0x04,0x02,0x1C,0x02,0x1C,0x06,0x02, |
| 31939 | 184 0x04,0x06,0x0E,0x04,0x0C,0x0E,0x10,0x0E,0x04,0x06,0x08,0x06,0x04,0x06,0x06,0x06, |
| 31940 | 185 0x08,0x04,0x08,0x04,0x0E,0x10,0x08,0x06,0x04,0x0C,0x08,0x10,0x02,0x0A,0x08,0x04, |
| 31941 | 186 0x06,0x1A,0x06,0x0A,0x08,0x04,0x06,0x0C,0x0E,0x1E,0x04,0x0E,0x16,0x08,0x0C,0x04, |
| 31942 | 187 0x06,0x08,0x0A,0x06,0x0E,0x0A,0x06,0x02,0x0A,0x0C,0x0C,0x0E,0x06,0x06,0x12,0x0A, |
| 31943 | 188 0x06,0x08,0x12,0x04,0x06,0x02,0x06,0x0A,0x02,0x0A,0x08,0x06,0x06,0x0A,0x02,0x12 |
| 31944 | 189 #endif |
| 31945 | 190 // 1792 |
| 31946 | 191 #if PRIME_DIFF_TABLE_BYTES > 1792 |
| 31947 | 192 ,0x0A,0x02,0x0C,0x04,0x06,0x08,0x0A,0x0C,0x0E,0x0C,0x04,0x08,0x0A,0x06,0x06,0x14, |
| 31948 | 193 0x04,0x0E,0x10,0x0E,0x0A,0x08,0x0A,0x0C,0x02,0x12,0x06,0x0C,0x0A,0x0C,0x02,0x04, |
| 31949 | 194 0x02,0x0C,0x06,0x04,0x08,0x04,0x2C,0x04,0x02,0x04,0x02,0x0A,0x0C,0x06,0x06,0x0E, |
| 31950 | 195 0x04,0x06,0x06,0x06,0x08,0x06,0x24,0x12,0x04,0x06,0x02,0x0C,0x06,0x06,0x06,0x04, |
| 31951 | 196 0x0E,0x16,0x0C,0x02,0x12,0x0A,0x06,0x1A,0x18,0x04,0x02,0x04,0x02,0x04,0x0E,0x04, |
| 31952 | 197 0x06,0x06,0x08,0x10,0x0C,0x02,0x2A,0x04,0x02,0x04,0x18,0x06,0x06,0x02,0x12,0x04, |
| 31953 | 198 0x0E,0x06,0x1C,0x12,0x0E,0x06,0x0A,0x0C,0x02,0x06,0x0C,0x1E,0x06,0x04,0x06,0x06, |
| 31954 | 199 0x0E,0x04,0x02,0x18,0x04,0x06,0x06,0x1A,0x0A,0x12,0x06,0x08,0x06,0x06,0x1E,0x04, |
| 31955 | 200 0x0C,0x0C,0x02,0x10,0x02,0x06,0x04,0x0C,0x12,0x02,0x06,0x04,0x1A,0x0C,0x06,0x0C, |
| 31956 | 201 0x04,0x18,0x18,0x0C,0x06,0x02,0x0C,0x1C,0x08,0x04,0x06,0x0C,0x02,0x12,0x06,0x04, |
| 31957 | 202 0x06,0x06,0x14,0x10,0x02,0x06,0x06,0x12,0x0A,0x06,0x02,0x04,0x08,0x06,0x06,0x18, |
| 31958 | 203 0x10,0x06,0x08,0x0A,0x06,0x0E,0x16,0x08,0x10,0x06,0x02,0x0C,0x04,0x02,0x16,0x08, |
| 31959 | 204 0x12,0x22,0x02,0x06,0x12,0x04,0x06,0x06,0x08,0x0A,0x08,0x12,0x06,0x04,0x02,0x04, |
| 31960 | 205 0x08,0x10,0x02,0x0C,0x0C,0x06,0x12,0x04,0x06,0x06,0x06,0x02,0x06,0x0C,0x0A,0x14, |
| 31961 | 206 0x0C,0x12,0x04,0x06,0x02,0x10,0x02,0x0A,0x0E,0x04,0x1E,0x02,0x0A,0x0C,0x02,0x18, |
| 31962 | 207 0x06,0x10,0x08,0x0A,0x02,0x0C,0x16,0x06,0x02,0x10,0x14,0x0A,0x02,0x0C,0x0C,0x00 |
| 31963 | 208 #endif |
| 31964 | 209 // 2048 |
| 31965 | 210 #if PRIME_DIFF_TABLE_BYTES > 2048 |
| 31966 | 211 ,0x12,0x0A,0x0C,0x06,0x02,0x0A,0x02,0x06,0x0A,0x12,0x02,0x0C,0x06,0x04,0x06,0x02, |
| 31967 | 212 0x18,0x1C,0x02,0x04,0x02,0x0A,0x02,0x10,0x0C,0x08,0x16,0x02,0x06,0x04,0x02,0x0A, |
| 31968 | 213 0x06,0x14,0x0C,0x0A,0x08,0x0C,0x06,0x06,0x06,0x04,0x12,0x02,0x04,0x0C,0x12,0x02, |
| 31969 | 214 0x0C,0x06,0x04,0x02,0x10,0x0C,0x0C,0x0E,0x04,0x08,0x12,0x04,0x0C,0x0E,0x06,0x06, |
| 31970 | 215 0x04,0x08,0x06,0x04,0x14,0x0C,0x0A,0x0E,0x04,0x02,0x10,0x02,0x0C,0x1E,0x04,0x06, |
| 31971 | 216 0x18,0x14,0x18,0x0A,0x08,0x0C,0x0A,0x0C,0x06,0x0C,0x0C,0x06,0x08,0x10,0x0E,0x06, |
| 31972 | 217 0x04,0x06,0x24,0x14,0x0A,0x1E,0x0C,0x02,0x04,0x02,0x1C,0x0C,0x0E,0x06,0x16,0x08, |
| 31973 | 218 0x04,0x12,0x06,0x0E,0x12,0x04,0x06,0x02,0x06,0x22,0x12,0x02,0x10,0x06,0x12,0x02, |
| 31974 | 219 0x18,0x04,0x02,0x06,0x0C,0x06,0x0C,0x0A,0x08,0x06,0x10,0x0C,0x08,0x0A,0x0E,0x28, |
| 31975 | 220 0x06,0x02,0x06,0x04,0x0C,0x0E,0x04,0x02,0x04,0x02,0x04,0x08,0x06,0x0A,0x06,0x06, |
| 31976 | 221 0x02,0x06,0x06,0x06,0x0C,0x06,0x18,0x0A,0x02,0x0A,0x06,0x0C,0x06,0x06,0x0E,0x06, |
| 31977 | 222 0x06,0x34,0x14,0x06,0x0A,0x02,0x0A,0x08,0x0A,0x0C,0x0C,0x02,0x06,0x04,0x0E,0x10, |
| 31978 | 223 0x08,0x0C,0x06,0x16,0x02,0x0A,0x08,0x06,0x16,0x02,0x16,0x06,0x08,0x0A,0x0C,0x0C, |
| 31979 | 224 0x02,0x0A,0x06,0x0C,0x02,0x04,0x0E,0x0A,0x02,0x06,0x12,0x04,0x0C,0x08,0x12,0x0C, |
| 31980 | 225 0x06,0x06,0x04,0x06,0x06,0x0E,0x04,0x02,0x0C,0x0C,0x04,0x06,0x12,0x12,0x0C,0x02, |
| 31981 | 226 0x10,0x0C,0x08,0x12,0x0A,0x1A,0x04,0x06,0x08,0x06,0x06,0x04,0x02,0x0A,0x14,0x04 |
| 31982 | 227 #endif |
| 31983 | 228 // 2304 |
| 31984 | 229 #if PRIME_DIFF_TABLE_BYTES > 2304 |
| 31985 | 230 ,0x06,0x08,0x04,0x14,0x0A,0x02,0x22,0x02,0x04,0x18,0x02,0x0C,0x0C,0x0A,0x06,0x02, |
| 31986 | 231 0x0C,0x1E,0x06,0x0C,0x10,0x0C,0x02,0x16,0x12,0x0C,0x0E,0x0A,0x02,0x0C,0x0C,0x04, |
| 31987 | 232 0x02,0x04,0x06,0x0C,0x02,0x10,0x12,0x02,0x28,0x08,0x10,0x06,0x08,0x0A,0x02,0x04, |
| 31988 | 233 0x12,0x08,0x0A,0x08,0x0C,0x04,0x12,0x02,0x12,0x0A,0x02,0x04,0x02,0x04,0x08,0x1C, |
| 31989 | 234 0x02,0x06,0x16,0x0C,0x06,0x0E,0x12,0x04,0x06,0x08,0x06,0x06,0x0A,0x08,0x04,0x02, |
| 31990 | 235 0x12,0x0A,0x06,0x14,0x16,0x08,0x06,0x1E,0x04,0x02,0x04,0x12,0x06,0x1E,0x02,0x04, |
| 31991 | 236 0x08,0x06,0x04,0x06,0x0C,0x0E,0x22,0x0E,0x06,0x04,0x02,0x06,0x04,0x0E,0x04,0x02, |
| 31992 | 237 0x06,0x1C,0x02,0x04,0x06,0x08,0x0A,0x02,0x0A,0x02,0x0A,0x02,0x04,0x1E,0x02,0x0C, |
| 31993 | 238 0x0C,0x0A,0x12,0x0C,0x0E,0x0A,0x02,0x0C,0x06,0x0A,0x06,0x0E,0x0C,0x04,0x0E,0x04, |
| 31994 | 239 0x12,0x02,0x0A,0x08,0x04,0x08,0x0A,0x0C,0x12,0x12,0x08,0x06,0x12,0x10,0x0E,0x06, |
| 31995 | 240 0x06,0x0A,0x0E,0x04,0x06,0x02,0x0C,0x0C,0x04,0x06,0x06,0x0C,0x02,0x10,0x02,0x0C, |
| 31996 | 241 0x06,0x04,0x0E,0x06,0x04,0x02,0x0C,0x12,0x04,0x24,0x12,0x0C,0x0C,0x02,0x04,0x02, |
| 31997 | 242 0x04,0x08,0x0C,0x04,0x24,0x06,0x12,0x02,0x0C,0x0A,0x06,0x0C,0x18,0x08,0x06,0x06, |
| 31998 | 243 0x10,0x0C,0x02,0x12,0x0A,0x14,0x0A,0x02,0x06,0x12,0x04,0x02,0x28,0x06,0x02,0x10, |
| 31999 | 244 0x02,0x04,0x08,0x12,0x0A,0x0C,0x06,0x02,0x0A,0x08,0x04,0x06,0x0C,0x02,0x0A,0x12, |
| 32000 | 245 0x08,0x06,0x04,0x14,0x04,0x06,0x24,0x06,0x02,0x0A,0x06,0x18,0x06,0x0E,0x10,0x06 |
| 32001 | |
| 32002 | Page 462 TCG Published Family "2.0" |
| 32003 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 32004 | Part 4: Supporting Routines Trusted Platform Module Library |
| 32005 | |
| 32006 | 246 #endif |
| 32007 | 247 // 2560 |
| 32008 | 248 #if PRIME_DIFF_TABLE_BYTES > 2560 |
| 32009 | 249 ,0x12,0x02,0x0A,0x14,0x0A,0x08,0x06,0x04,0x06,0x02,0x0A,0x02,0x0C,0x04,0x02,0x04, |
| 32010 | 250 0x08,0x0A,0x06,0x0C,0x12,0x0E,0x0C,0x10,0x08,0x06,0x10,0x08,0x04,0x02,0x06,0x12, |
| 32011 | 251 0x18,0x12,0x0A,0x0C,0x02,0x04,0x0E,0x0A,0x06,0x06,0x06,0x12,0x0C,0x02,0x1C,0x12, |
| 32012 | 252 0x0E,0x10,0x0C,0x0E,0x18,0x0C,0x16,0x06,0x02,0x0A,0x08,0x04,0x02,0x04,0x0E,0x0C, |
| 32013 | 253 0x06,0x04,0x06,0x0E,0x04,0x02,0x04,0x1E,0x06,0x02,0x06,0x0A,0x02,0x1E,0x16,0x02, |
| 32014 | 254 0x04,0x06,0x08,0x06,0x06,0x10,0x0C,0x0C,0x06,0x08,0x04,0x02,0x18,0x0C,0x04,0x06, |
| 32015 | 255 0x08,0x06,0x06,0x0A,0x02,0x06,0x0C,0x1C,0x0E,0x06,0x04,0x0C,0x08,0x06,0x0C,0x04, |
| 32016 | 256 0x06,0x0E,0x06,0x0C,0x0A,0x06,0x06,0x08,0x06,0x06,0x04,0x02,0x04,0x08,0x0C,0x04, |
| 32017 | 257 0x0E,0x12,0x0A,0x02,0x10,0x06,0x14,0x06,0x0A,0x08,0x04,0x1E,0x24,0x0C,0x08,0x16, |
| 32018 | 258 0x0C,0x02,0x06,0x0C,0x10,0x06,0x06,0x02,0x12,0x04,0x1A,0x04,0x08,0x12,0x0A,0x08, |
| 32019 | 259 0x0A,0x06,0x0E,0x04,0x14,0x16,0x12,0x0C,0x08,0x1C,0x0C,0x06,0x06,0x08,0x06,0x0C, |
| 32020 | 260 0x18,0x10,0x0E,0x04,0x0E,0x0C,0x06,0x0A,0x0C,0x14,0x06,0x04,0x08,0x12,0x0C,0x12, |
| 32021 | 261 0x0A,0x02,0x04,0x14,0x0A,0x0E,0x04,0x06,0x02,0x0A,0x18,0x12,0x02,0x04,0x14,0x10, |
| 32022 | 262 0x0E,0x0A,0x0E,0x06,0x04,0x06,0x14,0x06,0x0A,0x06,0x02,0x0C,0x06,0x1E,0x0A,0x08, |
| 32023 | 263 0x06,0x04,0x06,0x08,0x28,0x02,0x04,0x02,0x0C,0x12,0x04,0x06,0x08,0x0A,0x06,0x12, |
| 32024 | 264 0x12,0x02,0x0C,0x10,0x08,0x06,0x04,0x06,0x06,0x02,0x34,0x0E,0x04,0x14,0x10,0x02 |
| 32025 | 265 #endif |
| 32026 | 266 // 2816 |
| 32027 | 267 #if PRIME_DIFF_TABLE_BYTES > 2816 |
| 32028 | 268 ,0x04,0x06,0x0C,0x02,0x06,0x0C,0x0C,0x06,0x04,0x0E,0x0A,0x06,0x06,0x0E,0x0A,0x0E, |
| 32029 | 269 0x10,0x08,0x06,0x0C,0x04,0x08,0x16,0x06,0x02,0x12,0x16,0x06,0x02,0x12,0x06,0x10, |
| 32030 | 270 0x0E,0x0A,0x06,0x0C,0x02,0x06,0x04,0x08,0x12,0x0C,0x10,0x02,0x04,0x0E,0x04,0x08, |
| 32031 | 271 0x0C,0x0C,0x1E,0x10,0x08,0x04,0x02,0x06,0x16,0x0C,0x08,0x0A,0x06,0x06,0x06,0x0E, |
| 32032 | 272 0x06,0x12,0x0A,0x0C,0x02,0x0A,0x02,0x04,0x1A,0x04,0x0C,0x08,0x04,0x12,0x08,0x0A, |
| 32033 | 273 0x0E,0x10,0x06,0x06,0x08,0x0A,0x06,0x08,0x06,0x0C,0x0A,0x14,0x0A,0x08,0x04,0x0C, |
| 32034 | 274 0x1A,0x12,0x04,0x0C,0x12,0x06,0x1E,0x06,0x08,0x06,0x16,0x0C,0x02,0x04,0x06,0x06, |
| 32035 | 275 0x02,0x0A,0x02,0x04,0x06,0x06,0x02,0x06,0x16,0x12,0x06,0x12,0x0C,0x08,0x0C,0x06, |
| 32036 | 276 0x0A,0x0C,0x02,0x10,0x02,0x0A,0x02,0x0A,0x12,0x06,0x14,0x04,0x02,0x06,0x16,0x06, |
| 32037 | 277 0x06,0x12,0x06,0x0E,0x0C,0x10,0x02,0x06,0x06,0x04,0x0E,0x0C,0x04,0x02,0x12,0x10, |
| 32038 | 278 0x24,0x0C,0x06,0x0E,0x1C,0x02,0x0C,0x06,0x0C,0x06,0x04,0x02,0x10,0x1E,0x08,0x18, |
| 32039 | 279 0x06,0x1E,0x0A,0x02,0x12,0x04,0x06,0x0C,0x08,0x16,0x02,0x06,0x16,0x12,0x02,0x0A, |
| 32040 | 280 0x02,0x0A,0x1E,0x02,0x1C,0x06,0x0E,0x10,0x06,0x14,0x10,0x02,0x06,0x04,0x20,0x04, |
| 32041 | 281 0x02,0x04,0x06,0x02,0x0C,0x04,0x06,0x06,0x0C,0x02,0x06,0x04,0x06,0x08,0x06,0x04, |
| 32042 | 282 0x14,0x04,0x20,0x0A,0x08,0x10,0x02,0x16,0x02,0x04,0x06,0x08,0x06,0x10,0x0E,0x04, |
| 32043 | 283 0x12,0x08,0x04,0x14,0x06,0x0C,0x0C,0x06,0x0A,0x02,0x0A,0x02,0x0C,0x1C,0x0C,0x12 |
| 32044 | 284 #endif |
| 32045 | 285 // 3072 |
| 32046 | 286 #if PRIME_DIFF_TABLE_BYTES > 3072 |
| 32047 | 287 ,0x02,0x12,0x0A,0x08,0x0A,0x30,0x02,0x04,0x06,0x08,0x0A,0x02,0x0A,0x1E,0x02,0x24, |
| 32048 | 288 0x06,0x0A,0x06,0x02,0x12,0x04,0x06,0x08,0x10,0x0E,0x10,0x06,0x0E,0x04,0x14,0x04, |
| 32049 | 289 0x06,0x02,0x0A,0x0C,0x02,0x06,0x0C,0x06,0x06,0x04,0x0C,0x02,0x06,0x04,0x0C,0x06, |
| 32050 | 290 0x08,0x04,0x02,0x06,0x12,0x0A,0x06,0x08,0x0C,0x06,0x16,0x02,0x06,0x0C,0x12,0x04, |
| 32051 | 291 0x0E,0x06,0x04,0x14,0x06,0x10,0x08,0x04,0x08,0x16,0x08,0x0C,0x06,0x06,0x10,0x0C, |
| 32052 | 292 0x12,0x1E,0x08,0x04,0x02,0x04,0x06,0x1A,0x04,0x0E,0x18,0x16,0x06,0x02,0x06,0x0A, |
| 32053 | 293 0x06,0x0E,0x06,0x06,0x0C,0x0A,0x06,0x02,0x0C,0x0A,0x0C,0x08,0x12,0x12,0x0A,0x06, |
| 32054 | 294 0x08,0x10,0x06,0x06,0x08,0x10,0x14,0x04,0x02,0x0A,0x02,0x0A,0x0C,0x06,0x08,0x06, |
| 32055 | 295 0x0A,0x14,0x0A,0x12,0x1A,0x04,0x06,0x1E,0x02,0x04,0x08,0x06,0x0C,0x0C,0x12,0x04, |
| 32056 | 296 0x08,0x16,0x06,0x02,0x0C,0x22,0x06,0x12,0x0C,0x06,0x02,0x1C,0x0E,0x10,0x0E,0x04, |
| 32057 | 297 0x0E,0x0C,0x04,0x06,0x06,0x02,0x24,0x04,0x06,0x14,0x0C,0x18,0x06,0x16,0x02,0x10, |
| 32058 | 298 0x12,0x0C,0x0C,0x12,0x02,0x06,0x06,0x06,0x04,0x06,0x0E,0x04,0x02,0x16,0x08,0x0C, |
| 32059 | 299 0x06,0x0A,0x06,0x08,0x0C,0x12,0x0C,0x06,0x0A,0x02,0x16,0x0E,0x06,0x06,0x04,0x12, |
| 32060 | 300 0x06,0x14,0x16,0x02,0x0C,0x18,0x04,0x12,0x12,0x02,0x16,0x02,0x04,0x0C,0x08,0x0C, |
| 32061 | 301 0x0A,0x0E,0x04,0x02,0x12,0x10,0x26,0x06,0x06,0x06,0x0C,0x0A,0x06,0x0C,0x08,0x06, |
| 32062 | 302 0x04,0x06,0x0E,0x1E,0x06,0x0A,0x08,0x16,0x06,0x08,0x0C,0x0A,0x02,0x0A,0x02,0x06 |
| 32063 | 303 #endif |
| 32064 | 304 // 3328 |
| 32065 | 305 #if PRIME_DIFF_TABLE_BYTES > 3328 |
| 32066 | 306 ,0x0A,0x02,0x0A,0x0C,0x12,0x14,0x06,0x04,0x08,0x16,0x06,0x06,0x1E,0x06,0x0E,0x06, |
| 32067 | 307 0x0C,0x0C,0x06,0x0A,0x02,0x0A,0x1E,0x02,0x10,0x08,0x04,0x02,0x06,0x12,0x04,0x02, |
| 32068 | 308 0x06,0x04,0x1A,0x04,0x08,0x06,0x0A,0x02,0x04,0x06,0x08,0x04,0x06,0x1E,0x0C,0x02, |
| 32069 | 309 0x06,0x06,0x04,0x14,0x16,0x08,0x04,0x02,0x04,0x48,0x08,0x04,0x08,0x16,0x02,0x04, |
| 32070 | 310 0x0E,0x0A,0x02,0x04,0x14,0x06,0x0A,0x12,0x06,0x14,0x10,0x06,0x08,0x06,0x04,0x14, |
| 32071 | 311 0x0C,0x16,0x02,0x04,0x02,0x0C,0x0A,0x12,0x02,0x16,0x06,0x12,0x1E,0x02,0x0A,0x0E, |
| 32072 | |
| 32073 | Family "2.0" TCG Published Page 463 |
| 32074 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 32075 | Trusted Platform Module Library Part 4: Supporting Routines |
| 32076 | |
| 32077 | 312 0x0A,0x08,0x10,0x32,0x06,0x0A,0x08,0x0A,0x0C,0x06,0x12,0x02,0x16,0x06,0x02,0x04, |
| 32078 | 313 0x06,0x08,0x06,0x06,0x0A,0x12,0x02,0x16,0x02,0x10,0x0E,0x0A,0x06,0x02,0x0C,0x0A, |
| 32079 | 314 0x14,0x04,0x0E,0x06,0x04,0x24,0x02,0x04,0x06,0x0C,0x02,0x04,0x0E,0x0C,0x06,0x04, |
| 32080 | 315 0x06,0x02,0x06,0x04,0x14,0x0A,0x02,0x0A,0x06,0x0C,0x02,0x18,0x0C,0x0C,0x06,0x06, |
| 32081 | 316 0x04,0x18,0x02,0x04,0x18,0x02,0x06,0x04,0x06,0x08,0x10,0x06,0x02,0x0A,0x0C,0x0E, |
| 32082 | 317 0x06,0x22,0x06,0x0E,0x06,0x04,0x02,0x1E,0x16,0x08,0x04,0x06,0x08,0x04,0x02,0x1C, |
| 32083 | 318 0x02,0x06,0x04,0x1A,0x12,0x16,0x02,0x06,0x10,0x06,0x02,0x10,0x0C,0x02,0x0C,0x04, |
| 32084 | 319 0x06,0x06,0x0E,0x0A,0x06,0x08,0x0C,0x04,0x12,0x02,0x0A,0x08,0x10,0x06,0x06,0x1E, |
| 32085 | 320 0x02,0x0A,0x12,0x02,0x0A,0x08,0x04,0x08,0x0C,0x18,0x28,0x02,0x0C,0x0A,0x06,0x0C, |
| 32086 | 321 0x02,0x0C,0x04,0x02,0x04,0x06,0x12,0x0E,0x0C,0x06,0x04,0x0E,0x1E,0x04,0x08,0x0A |
| 32087 | 322 #endif |
| 32088 | 323 // 3584 |
| 32089 | 324 #if PRIME_DIFF_TABLE_BYTES > 3584 |
| 32090 | 325 ,0x08,0x06,0x0A,0x12,0x08,0x04,0x0E,0x10,0x06,0x08,0x04,0x06,0x02,0x0A,0x02,0x0C, |
| 32091 | 326 0x04,0x02,0x04,0x06,0x08,0x04,0x06,0x20,0x18,0x0A,0x08,0x12,0x0A,0x02,0x06,0x0A, |
| 32092 | 327 0x02,0x04,0x12,0x06,0x0C,0x02,0x10,0x02,0x16,0x06,0x06,0x08,0x12,0x04,0x12,0x0C, |
| 32093 | 328 0x08,0x06,0x04,0x14,0x06,0x1E,0x16,0x0C,0x02,0x06,0x12,0x04,0x3E,0x04,0x02,0x0C, |
| 32094 | 329 0x06,0x0A,0x02,0x0C,0x0C,0x1C,0x02,0x04,0x0E,0x16,0x06,0x02,0x06,0x06,0x0A,0x0E, |
| 32095 | 330 0x04,0x02,0x0A,0x06,0x08,0x0A,0x0E,0x0A,0x06,0x02,0x0C,0x16,0x12,0x08,0x0A,0x12, |
| 32096 | 331 0x0C,0x02,0x0C,0x04,0x0C,0x02,0x0A,0x02,0x06,0x12,0x06,0x06,0x22,0x06,0x02,0x0C, |
| 32097 | 332 0x04,0x06,0x12,0x12,0x02,0x10,0x06,0x06,0x08,0x06,0x0A,0x12,0x08,0x0A,0x08,0x0A, |
| 32098 | 333 0x02,0x04,0x12,0x1A,0x0C,0x16,0x02,0x04,0x02,0x16,0x06,0x06,0x0E,0x10,0x06,0x14, |
| 32099 | 334 0x0A,0x0C,0x02,0x12,0x2A,0x04,0x18,0x02,0x06,0x0A,0x0C,0x02,0x06,0x0A,0x08,0x04, |
| 32100 | 335 0x06,0x0C,0x0C,0x08,0x04,0x06,0x0C,0x1E,0x14,0x06,0x18,0x06,0x0A,0x0C,0x02,0x0A, |
| 32101 | 336 0x14,0x06,0x06,0x04,0x0C,0x0E,0x0A,0x12,0x0C,0x08,0x06,0x0C,0x04,0x0E,0x0A,0x02, |
| 32102 | 337 0x0C,0x1E,0x10,0x02,0x0C,0x06,0x04,0x02,0x04,0x06,0x1A,0x04,0x12,0x02,0x04,0x06, |
| 32103 | 338 0x0E,0x36,0x06,0x34,0x02,0x10,0x06,0x06,0x0C,0x1A,0x04,0x02,0x06,0x16,0x06,0x02, |
| 32104 | 339 0x0C,0x0C,0x06,0x0A,0x12,0x02,0x0C,0x0C,0x0A,0x12,0x0C,0x06,0x08,0x06,0x0A,0x06, |
| 32105 | 340 0x08,0x04,0x02,0x04,0x14,0x18,0x06,0x06,0x0A,0x0E,0x0A,0x02,0x16,0x06,0x0E,0x0A |
| 32106 | 341 #endif |
| 32107 | 342 // 3840 |
| 32108 | 343 #if PRIME_DIFF_TABLE_BYTES > 3840 |
| 32109 | 344 ,0x1A,0x04,0x12,0x08,0x0C,0x0C,0x0A,0x0C,0x06,0x08,0x10,0x06,0x08,0x06,0x06,0x16, |
| 32110 | 345 0x02,0x0A,0x14,0x0A,0x06,0x2C,0x12,0x06,0x0A,0x02,0x04,0x06,0x0E,0x04,0x1A,0x04, |
| 32111 | 346 0x02,0x0C,0x0A,0x08,0x04,0x08,0x0C,0x04,0x0C,0x08,0x16,0x08,0x06,0x0A,0x12,0x06, |
| 32112 | 347 0x06,0x08,0x06,0x0C,0x04,0x08,0x12,0x0A,0x0C,0x06,0x0C,0x02,0x06,0x04,0x02,0x10, |
| 32113 | 348 0x0C,0x0C,0x0E,0x0A,0x0E,0x06,0x0A,0x0C,0x02,0x0C,0x06,0x04,0x06,0x02,0x0C,0x04, |
| 32114 | 349 0x1A,0x06,0x12,0x06,0x0A,0x06,0x02,0x12,0x0A,0x08,0x04,0x1A,0x0A,0x14,0x06,0x10, |
| 32115 | 350 0x14,0x0C,0x0A,0x08,0x0A,0x02,0x10,0x06,0x14,0x0A,0x14,0x04,0x1E,0x02,0x04,0x08, |
| 32116 | 351 0x10,0x02,0x12,0x04,0x02,0x06,0x0A,0x12,0x0C,0x0E,0x12,0x06,0x10,0x14,0x06,0x04, |
| 32117 | 352 0x08,0x06,0x04,0x06,0x0C,0x08,0x0A,0x02,0x0C,0x06,0x04,0x02,0x06,0x0A,0x02,0x10, |
| 32118 | 353 0x0C,0x0E,0x0A,0x06,0x08,0x06,0x1C,0x02,0x06,0x12,0x1E,0x22,0x02,0x10,0x0C,0x02, |
| 32119 | 354 0x12,0x10,0x06,0x08,0x0A,0x08,0x0A,0x08,0x0A,0x2C,0x06,0x06,0x04,0x14,0x04,0x02, |
| 32120 | 355 0x04,0x0E,0x1C,0x08,0x06,0x10,0x0E,0x1E,0x06,0x1E,0x04,0x0E,0x0A,0x06,0x06,0x08, |
| 32121 | 356 0x04,0x12,0x0C,0x06,0x02,0x16,0x0C,0x08,0x06,0x0C,0x04,0x0E,0x04,0x06,0x02,0x04, |
| 32122 | 357 0x12,0x14,0x06,0x10,0x26,0x10,0x02,0x04,0x06,0x02,0x28,0x2A,0x0E,0x04,0x06,0x02, |
| 32123 | 358 0x18,0x0A,0x06,0x02,0x12,0x0A,0x0C,0x02,0x10,0x02,0x06,0x10,0x06,0x08,0x04,0x02, |
| 32124 | 359 0x0A,0x06,0x08,0x0A,0x02,0x12,0x10,0x08,0x0C,0x12,0x0C,0x06,0x0C,0x0A,0x06,0x06 |
| 32125 | 360 #endif |
| 32126 | 361 // 4096 |
| 32127 | 362 #if PRIME_DIFF_TABLE_BYTES > 4096 |
| 32128 | 363 ,0x12,0x0C,0x0E,0x04,0x02,0x0A,0x14,0x06,0x0C,0x06,0x10,0x1A,0x04,0x12,0x02,0x04, |
| 32129 | 364 0x20,0x0A,0x08,0x06,0x04,0x06,0x06,0x0E,0x06,0x12,0x04,0x02,0x12,0x0A,0x08,0x0A, |
| 32130 | 365 0x08,0x0A,0x02,0x04,0x06,0x02,0x0A,0x2A,0x08,0x0C,0x04,0x06,0x12,0x02,0x10,0x08, |
| 32131 | 366 0x04,0x02,0x0A,0x0E,0x0C,0x0A,0x14,0x04,0x08,0x0A,0x26,0x04,0x06,0x02,0x0A,0x14, |
| 32132 | 367 0x0A,0x0C,0x06,0x0C,0x1A,0x0C,0x04,0x08,0x1C,0x08,0x04,0x08,0x18,0x06,0x0A,0x08, |
| 32133 | 368 0x06,0x10,0x0C,0x08,0x0A,0x0C,0x08,0x16,0x06,0x02,0x0A,0x02,0x06,0x0A,0x06,0x06, |
| 32134 | 369 0x08,0x06,0x04,0x0E,0x1C,0x08,0x10,0x12,0x08,0x04,0x06,0x14,0x04,0x12,0x06,0x02, |
| 32135 | 370 0x18,0x18,0x06,0x06,0x0C,0x0C,0x04,0x02,0x16,0x02,0x0A,0x06,0x08,0x0C,0x04,0x14, |
| 32136 | 371 0x12,0x06,0x04,0x0C,0x18,0x06,0x06,0x36,0x08,0x06,0x04,0x1A,0x24,0x04,0x02,0x04, |
| 32137 | 372 0x1A,0x0C,0x0C,0x04,0x06,0x06,0x08,0x0C,0x0A,0x02,0x0C,0x10,0x12,0x06,0x08,0x06, |
| 32138 | 373 0x0C,0x12,0x0A,0x02,0x36,0x04,0x02,0x0A,0x1E,0x0C,0x08,0x04,0x08,0x10,0x0E,0x0C, |
| 32139 | 374 0x06,0x04,0x06,0x0C,0x06,0x02,0x04,0x0E,0x0C,0x04,0x0E,0x06,0x18,0x06,0x06,0x0A, |
| 32140 | 375 0x0C,0x0C,0x14,0x12,0x06,0x06,0x10,0x08,0x04,0x06,0x14,0x04,0x20,0x04,0x0E,0x0A, |
| 32141 | 376 0x02,0x06,0x0C,0x10,0x02,0x04,0x06,0x0C,0x02,0x0A,0x08,0x06,0x04,0x02,0x0A,0x0E, |
| 32142 | 377 0x06,0x06,0x0C,0x12,0x22,0x08,0x0A,0x06,0x18,0x06,0x02,0x0A,0x0C,0x02,0x1E,0x0A, |
| 32143 | |
| 32144 | Page 464 TCG Published Family "2.0" |
| 32145 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 32146 | Part 4: Supporting Routines Trusted Platform Module Library |
| 32147 | |
| 32148 | 378 0x0E,0x0C,0x0C,0x10,0x06,0x06,0x02,0x12,0x04,0x06,0x1E,0x0E,0x04,0x06,0x06,0x02 |
| 32149 | 379 #endif |
| 32150 | 380 // 4352 |
| 32151 | 381 #if PRIME_DIFF_TABLE_BYTES > 4352 |
| 32152 | 382 ,0x06,0x04,0x06,0x0E,0x06,0x04,0x08,0x0A,0x0C,0x06,0x20,0x0A,0x08,0x16,0x02,0x0A, |
| 32153 | 383 0x06,0x18,0x08,0x04,0x1E,0x06,0x02,0x0C,0x10,0x08,0x06,0x04,0x06,0x08,0x10,0x0E, |
| 32154 | 384 0x06,0x06,0x04,0x02,0x0A,0x0C,0x02,0x10,0x0E,0x04,0x02,0x04,0x14,0x12,0x0A,0x02, |
| 32155 | 385 0x0A,0x06,0x0C,0x1E,0x08,0x12,0x0C,0x0A,0x02,0x06,0x06,0x04,0x0C,0x0C,0x02,0x04, |
| 32156 | 386 0x0C,0x12,0x18,0x02,0x0A,0x06,0x08,0x10,0x08,0x06,0x0C,0x0A,0x0E,0x06,0x0C,0x06, |
| 32157 | 387 0x06,0x04,0x02,0x18,0x04,0x06,0x08,0x06,0x04,0x02,0x04,0x06,0x0E,0x04,0x08,0x0A, |
| 32158 | 388 0x18,0x18,0x0C,0x02,0x06,0x0C,0x16,0x1E,0x02,0x06,0x12,0x0A,0x06,0x06,0x08,0x04, |
| 32159 | 389 0x02,0x06,0x0A,0x08,0x0A,0x06,0x08,0x10,0x06,0x0E,0x06,0x04,0x18,0x08,0x0A,0x02, |
| 32160 | 390 0x0C,0x06,0x04,0x24,0x02,0x16,0x06,0x08,0x06,0x0A,0x08,0x06,0x0C,0x0A,0x0E,0x0A, |
| 32161 | 391 0x06,0x12,0x0C,0x02,0x0C,0x04,0x1A,0x0A,0x0E,0x10,0x12,0x08,0x12,0x0C,0x0C,0x06, |
| 32162 | 392 0x10,0x0E,0x18,0x0A,0x0C,0x08,0x16,0x06,0x02,0x0A,0x3C,0x06,0x02,0x04,0x08,0x10, |
| 32163 | 393 0x0E,0x0A,0x06,0x18,0x06,0x0C,0x12,0x18,0x02,0x1E,0x04,0x02,0x0C,0x06,0x0A,0x02, |
| 32164 | 394 0x04,0x0E,0x06,0x10,0x02,0x0A,0x08,0x16,0x14,0x06,0x04,0x20,0x06,0x12,0x04,0x02, |
| 32165 | 395 0x04,0x02,0x04,0x08,0x34,0x0E,0x16,0x02,0x16,0x14,0x0A,0x08,0x0A,0x02,0x06,0x04, |
| 32166 | 396 0x0E,0x04,0x06,0x14,0x04,0x06,0x02,0x0C,0x0C,0x06,0x0C,0x10,0x02,0x0C,0x0A,0x08, |
| 32167 | 397 0x04,0x06,0x02,0x1C,0x0C,0x08,0x0A,0x0C,0x02,0x04,0x0E,0x1C,0x08,0x06,0x04,0x02 |
| 32168 | 398 #endif |
| 32169 | 399 // 4608 |
| 32170 | 400 #if PRIME_DIFF_TABLE_BYTES > 4608 |
| 32171 | 401 ,0x04,0x06,0x02,0x0C,0x3A,0x06,0x0E,0x0A,0x02,0x06,0x1C,0x20,0x04,0x1E,0x08,0x06, |
| 32172 | 402 0x04,0x06,0x0C,0x0C,0x02,0x04,0x06,0x06,0x0E,0x10,0x08,0x1E,0x04,0x02,0x0A,0x08, |
| 32173 | 403 0x06,0x04,0x06,0x1A,0x04,0x0C,0x02,0x0A,0x12,0x0C,0x0C,0x12,0x02,0x04,0x0C,0x08, |
| 32174 | 404 0x0C,0x0A,0x14,0x04,0x08,0x10,0x0C,0x08,0x06,0x10,0x08,0x0A,0x0C,0x0E,0x06,0x04, |
| 32175 | 405 0x08,0x0C,0x04,0x14,0x06,0x28,0x08,0x10,0x06,0x24,0x02,0x06,0x04,0x06,0x02,0x16, |
| 32176 | 406 0x12,0x02,0x0A,0x06,0x24,0x0E,0x0C,0x04,0x12,0x08,0x04,0x0E,0x0A,0x02,0x0A,0x08, |
| 32177 | 407 0x04,0x02,0x12,0x10,0x0C,0x0E,0x0A,0x0E,0x06,0x06,0x2A,0x0A,0x06,0x06,0x14,0x0A, |
| 32178 | 408 0x08,0x0C,0x04,0x0C,0x12,0x02,0x0A,0x0E,0x12,0x0A,0x12,0x08,0x06,0x04,0x0E,0x06, |
| 32179 | 409 0x0A,0x1E,0x0E,0x06,0x06,0x04,0x0C,0x26,0x04,0x02,0x04,0x06,0x08,0x0C,0x0A,0x06, |
| 32180 | 410 0x12,0x06,0x32,0x06,0x04,0x06,0x0C,0x08,0x0A,0x20,0x06,0x16,0x02,0x0A,0x0C,0x12, |
| 32181 | 411 0x02,0x06,0x04,0x1E,0x08,0x06,0x06,0x12,0x0A,0x02,0x04,0x0C,0x14,0x0A,0x08,0x18, |
| 32182 | 412 0x0A,0x02,0x06,0x16,0x06,0x02,0x12,0x0A,0x0C,0x02,0x1E,0x12,0x0C,0x1C,0x02,0x06, |
| 32183 | 413 0x04,0x06,0x0E,0x06,0x0C,0x0A,0x08,0x04,0x0C,0x1A,0x0A,0x08,0x06,0x10,0x02,0x0A, |
| 32184 | 414 0x12,0x0E,0x06,0x04,0x06,0x0E,0x10,0x02,0x06,0x04,0x0C,0x14,0x04,0x14,0x04,0x06, |
| 32185 | 415 0x0C,0x02,0x24,0x04,0x06,0x02,0x0A,0x02,0x16,0x08,0x06,0x0A,0x0C,0x0C,0x12,0x0E, |
| 32186 | 416 0x18,0x24,0x04,0x14,0x18,0x0A,0x06,0x02,0x1C,0x06,0x12,0x08,0x04,0x06,0x08,0x06 |
| 32187 | 417 #endif |
| 32188 | 418 // 4864 |
| 32189 | 419 #if PRIME_DIFF_TABLE_BYTES > 4864 |
| 32190 | 420 ,0x04,0x02,0x0C,0x1C,0x12,0x0E,0x10,0x0E,0x12,0x0A,0x08,0x06,0x04,0x06,0x06,0x08, |
| 32191 | 421 0x16,0x0C,0x02,0x0A,0x12,0x06,0x02,0x12,0x0A,0x02,0x0C,0x0A,0x12,0x20,0x06,0x04, |
| 32192 | 422 0x06,0x06,0x08,0x06,0x06,0x0A,0x14,0x06,0x0C,0x0A,0x08,0x0A,0x0E,0x06,0x0A,0x0E, |
| 32193 | 423 0x04,0x02,0x16,0x12,0x02,0x0A,0x02,0x04,0x14,0x04,0x02,0x22,0x02,0x0C,0x06,0x0A, |
| 32194 | 424 0x02,0x0A,0x12,0x06,0x0E,0x0C,0x0C,0x16,0x08,0x06,0x10,0x06,0x08,0x04,0x0C,0x06, |
| 32195 | 425 0x08,0x04,0x24,0x06,0x06,0x14,0x18,0x06,0x0C,0x12,0x0A,0x02,0x0A,0x1A,0x06,0x10, |
| 32196 | 426 0x08,0x06,0x04,0x18,0x12,0x08,0x0C,0x0C,0x0A,0x12,0x0C,0x02,0x18,0x04,0x0C,0x12, |
| 32197 | 427 0x0C,0x0E,0x0A,0x02,0x04,0x18,0x0C,0x0E,0x0A,0x06,0x02,0x06,0x04,0x06,0x1A,0x04, |
| 32198 | 428 0x06,0x06,0x02,0x16,0x08,0x12,0x04,0x12,0x08,0x04,0x18,0x02,0x0C,0x0C,0x04,0x02, |
| 32199 | 429 0x34,0x02,0x12,0x06,0x04,0x06,0x0C,0x02,0x06,0x0C,0x0A,0x08,0x04,0x02,0x18,0x0A, |
| 32200 | 430 0x02,0x0A,0x02,0x0C,0x06,0x12,0x28,0x06,0x14,0x10,0x02,0x0C,0x06,0x0A,0x0C,0x02, |
| 32201 | 431 0x04,0x06,0x0E,0x0C,0x0C,0x16,0x06,0x08,0x04,0x02,0x10,0x12,0x0C,0x02,0x06,0x10, |
| 32202 | 432 0x06,0x02,0x06,0x04,0x0C,0x1E,0x08,0x10,0x02,0x12,0x0A,0x18,0x02,0x06,0x18,0x04, |
| 32203 | 433 0x02,0x16,0x02,0x10,0x02,0x06,0x0C,0x04,0x12,0x08,0x04,0x0E,0x04,0x12,0x18,0x06, |
| 32204 | 434 0x02,0x06,0x0A,0x02,0x0A,0x26,0x06,0x0A,0x0E,0x06,0x06,0x18,0x04,0x02,0x0C,0x10, |
| 32205 | 435 0x0E,0x10,0x0C,0x02,0x06,0x0A,0x1A,0x04,0x02,0x0C,0x06,0x04,0x0C,0x08,0x0C,0x0A |
| 32206 | 436 #endif |
| 32207 | 437 // 5120 |
| 32208 | 438 #if PRIME_DIFF_TABLE_BYTES > 5120 |
| 32209 | 439 ,0x12,0x06,0x0E,0x1C,0x02,0x06,0x0A,0x02,0x04,0x0E,0x22,0x02,0x06,0x16,0x02,0x0A, |
| 32210 | 440 0x0E,0x04,0x02,0x10,0x08,0x0A,0x06,0x08,0x0A,0x08,0x04,0x06,0x02,0x10,0x06,0x06, |
| 32211 | 441 0x12,0x1E,0x0E,0x06,0x04,0x1E,0x02,0x0A,0x0E,0x04,0x14,0x0A,0x08,0x04,0x08,0x12, |
| 32212 | 442 0x04,0x0E,0x06,0x04,0x18,0x06,0x06,0x12,0x12,0x02,0x24,0x06,0x0A,0x0E,0x0C,0x04, |
| 32213 | 443 0x06,0x02,0x1E,0x06,0x04,0x02,0x06,0x1C,0x14,0x04,0x14,0x0C,0x18,0x10,0x12,0x0C, |
| 32214 | |
| 32215 | Family "2.0" TCG Published Page 465 |
| 32216 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 32217 | Trusted Platform Module Library Part 4: Supporting Routines |
| 32218 | |
| 32219 | 444 0x0E,0x06,0x04,0x0C,0x20,0x0C,0x06,0x0A,0x08,0x0A,0x06,0x12,0x02,0x10,0x0E,0x06, |
| 32220 | 445 0x16,0x06,0x0C,0x02,0x12,0x04,0x08,0x1E,0x0C,0x04,0x0C,0x02,0x0A,0x26,0x16,0x02, |
| 32221 | 446 0x04,0x0E,0x06,0x0C,0x18,0x04,0x02,0x04,0x0E,0x0C,0x0A,0x02,0x10,0x06,0x14,0x04, |
| 32222 | 447 0x14,0x16,0x0C,0x02,0x04,0x02,0x0C,0x16,0x18,0x06,0x06,0x02,0x06,0x04,0x06,0x02, |
| 32223 | 448 0x0A,0x0C,0x0C,0x06,0x02,0x06,0x10,0x08,0x06,0x04,0x12,0x0C,0x0C,0x0E,0x04,0x0C, |
| 32224 | 449 0x06,0x08,0x06,0x12,0x06,0x0A,0x0C,0x0E,0x06,0x04,0x08,0x16,0x06,0x02,0x1C,0x12, |
| 32225 | 450 0x02,0x12,0x0A,0x06,0x0E,0x0A,0x02,0x0A,0x0E,0x06,0x0A,0x02,0x16,0x06,0x08,0x06, |
| 32226 | 451 0x10,0x0C,0x08,0x16,0x02,0x04,0x0E,0x12,0x0C,0x06,0x18,0x06,0x0A,0x02,0x0C,0x16, |
| 32227 | 452 0x12,0x06,0x14,0x06,0x0A,0x0E,0x04,0x02,0x06,0x0C,0x16,0x0E,0x0C,0x04,0x06,0x08, |
| 32228 | 453 0x16,0x02,0x0A,0x0C,0x08,0x28,0x02,0x06,0x0A,0x08,0x04,0x2A,0x14,0x04,0x20,0x0C, |
| 32229 | 454 0x0A,0x06,0x0C,0x0C,0x02,0x0A,0x08,0x06,0x04,0x08,0x04,0x1A,0x12,0x04,0x08,0x1C |
| 32230 | 455 #endif |
| 32231 | 456 // 5376 |
| 32232 | 457 #if PRIME_DIFF_TABLE_BYTES > 5376 |
| 32233 | 458 ,0x06,0x12,0x06,0x0C,0x02,0x0A,0x06,0x06,0x0E,0x0A,0x0C,0x0E,0x18,0x06,0x04,0x14, |
| 32234 | 459 0x16,0x02,0x12,0x04,0x06,0x0C,0x02,0x10,0x12,0x0E,0x06,0x06,0x04,0x06,0x08,0x12, |
| 32235 | 460 0x04,0x0E,0x1E,0x04,0x12,0x08,0x0A,0x02,0x04,0x08,0x0C,0x04,0x0C,0x12,0x02,0x0C, |
| 32236 | 461 0x0A,0x02,0x10,0x08,0x04,0x1E,0x02,0x06,0x1C,0x02,0x0A,0x02,0x12,0x0A,0x0E,0x04, |
| 32237 | 462 0x1A,0x06,0x12,0x04,0x14,0x06,0x04,0x08,0x12,0x04,0x0C,0x1A,0x18,0x04,0x14,0x16, |
| 32238 | 463 0x02,0x12,0x16,0x02,0x04,0x0C,0x02,0x06,0x06,0x06,0x04,0x06,0x0E,0x04,0x18,0x0C, |
| 32239 | 464 0x06,0x12,0x02,0x0C,0x1C,0x0E,0x04,0x06,0x08,0x16,0x06,0x0C,0x12,0x08,0x04,0x14, |
| 32240 | 465 0x06,0x04,0x06,0x02,0x12,0x06,0x04,0x0C,0x0C,0x08,0x1C,0x06,0x08,0x0A,0x02,0x18, |
| 32241 | 466 0x0C,0x0A,0x18,0x08,0x0A,0x14,0x0C,0x06,0x0C,0x0C,0x04,0x0E,0x0C,0x18,0x22,0x12, |
| 32242 | 467 0x08,0x0A,0x06,0x12,0x08,0x04,0x08,0x10,0x0E,0x06,0x04,0x06,0x18,0x02,0x06,0x04, |
| 32243 | 468 0x06,0x02,0x10,0x06,0x06,0x14,0x18,0x04,0x02,0x04,0x0E,0x04,0x12,0x02,0x06,0x0C, |
| 32244 | 469 0x04,0x0E,0x04,0x02,0x12,0x10,0x06,0x06,0x02,0x10,0x14,0x06,0x06,0x1E,0x04,0x08, |
| 32245 | 470 0x06,0x18,0x10,0x06,0x06,0x08,0x0C,0x1E,0x04,0x12,0x12,0x08,0x04,0x1A,0x0A,0x02, |
| 32246 | 471 0x16,0x08,0x0A,0x0E,0x06,0x04,0x12,0x08,0x0C,0x1C,0x02,0x06,0x04,0x0C,0x06,0x18, |
| 32247 | 472 0x06,0x08,0x0A,0x14,0x10,0x08,0x1E,0x06,0x06,0x04,0x02,0x0A,0x0E,0x06,0x0A,0x20, |
| 32248 | 473 0x16,0x12,0x02,0x04,0x02,0x04,0x08,0x16,0x08,0x12,0x0C,0x1C,0x02,0x10,0x0C,0x12 |
| 32249 | 474 #endif |
| 32250 | 475 // 5632 |
| 32251 | 476 #if PRIME_DIFF_TABLE_BYTES > 5632 |
| 32252 | 477 ,0x0E,0x0A,0x12,0x0C,0x06,0x20,0x0A,0x0E,0x06,0x0A,0x02,0x0A,0x02,0x06,0x16,0x02, |
| 32253 | 478 0x04,0x06,0x08,0x0A,0x06,0x0E,0x06,0x04,0x0C,0x1E,0x18,0x06,0x06,0x08,0x06,0x04, |
| 32254 | 479 0x02,0x04,0x06,0x08,0x06,0x06,0x16,0x12,0x08,0x04,0x02,0x12,0x06,0x04,0x02,0x10, |
| 32255 | 480 0x12,0x14,0x0A,0x06,0x06,0x1E,0x02,0x0C,0x1C,0x06,0x06,0x06,0x02,0x0C,0x0A,0x08, |
| 32256 | 481 0x12,0x12,0x04,0x08,0x12,0x0A,0x02,0x1C,0x02,0x0A,0x0E,0x04,0x02,0x1E,0x0C,0x16, |
| 32257 | 482 0x1A,0x0A,0x08,0x06,0x0A,0x08,0x10,0x0E,0x06,0x06,0x0A,0x0E,0x06,0x04,0x02,0x0A, |
| 32258 | 483 0x0C,0x02,0x06,0x0A,0x08,0x04,0x02,0x0A,0x1A,0x16,0x06,0x02,0x0C,0x12,0x04,0x1A, |
| 32259 | 484 0x04,0x08,0x0A,0x06,0x0E,0x0A,0x02,0x12,0x06,0x0A,0x14,0x06,0x06,0x04,0x18,0x02, |
| 32260 | 485 0x04,0x08,0x06,0x10,0x0E,0x10,0x12,0x02,0x04,0x0C,0x02,0x0A,0x02,0x06,0x0C,0x0A, |
| 32261 | 486 0x06,0x06,0x14,0x06,0x04,0x06,0x26,0x04,0x06,0x0C,0x0E,0x04,0x0C,0x08,0x0A,0x0C, |
| 32262 | 487 0x0C,0x08,0x04,0x06,0x0E,0x0A,0x06,0x0C,0x02,0x0A,0x12,0x02,0x12,0x0A,0x08,0x0A, |
| 32263 | 488 0x02,0x0C,0x04,0x0E,0x1C,0x02,0x10,0x02,0x12,0x06,0x0A,0x06,0x08,0x10,0x0E,0x1E, |
| 32264 | 489 0x0A,0x14,0x06,0x0A,0x18,0x02,0x1C,0x02,0x0C,0x10,0x06,0x08,0x24,0x04,0x08,0x04, |
| 32265 | 490 0x0E,0x0C,0x0A,0x08,0x0C,0x04,0x06,0x08,0x04,0x06,0x0E,0x16,0x08,0x06,0x04,0x02, |
| 32266 | 491 0x0A,0x06,0x14,0x0A,0x08,0x06,0x06,0x16,0x12,0x02,0x10,0x06,0x14,0x04,0x1A,0x04, |
| 32267 | 492 0x0E,0x16,0x0E,0x04,0x0C,0x06,0x08,0x04,0x06,0x06,0x1A,0x0A,0x02,0x12,0x12,0x04 |
| 32268 | 493 #endif |
| 32269 | 494 // 5888 |
| 32270 | 495 #if PRIME_DIFF_TABLE_BYTES > 5888 |
| 32271 | 496 ,0x02,0x10,0x02,0x12,0x04,0x06,0x08,0x04,0x06,0x0C,0x02,0x06,0x06,0x1C,0x26,0x04, |
| 32272 | 497 0x08,0x10,0x1A,0x04,0x02,0x0A,0x0C,0x02,0x0A,0x08,0x06,0x0A,0x0C,0x02,0x0A,0x02, |
| 32273 | 498 0x18,0x04,0x1E,0x1A,0x06,0x06,0x12,0x06,0x06,0x16,0x02,0x0A,0x12,0x1A,0x04,0x12, |
| 32274 | 499 0x08,0x06,0x06,0x0C,0x10,0x06,0x08,0x10,0x06,0x08,0x10,0x02,0x2A,0x3A,0x08,0x04, |
| 32275 | 500 0x06,0x02,0x04,0x08,0x10,0x06,0x14,0x04,0x0C,0x0C,0x06,0x0C,0x02,0x0A,0x02,0x06, |
| 32276 | 501 0x16,0x02,0x0A,0x06,0x08,0x06,0x0A,0x0E,0x06,0x06,0x04,0x12,0x08,0x0A,0x08,0x10, |
| 32277 | 502 0x0E,0x0A,0x02,0x0A,0x02,0x0C,0x06,0x04,0x14,0x0A,0x08,0x34,0x08,0x0A,0x06,0x02, |
| 32278 | 503 0x0A,0x08,0x0A,0x06,0x06,0x08,0x0A,0x02,0x16,0x02,0x04,0x06,0x0E,0x04,0x02,0x18, |
| 32279 | 504 0x0C,0x04,0x1A,0x12,0x04,0x06,0x0E,0x1E,0x06,0x04,0x06,0x02,0x16,0x08,0x04,0x06, |
| 32280 | 505 0x02,0x16,0x06,0x08,0x10,0x06,0x0E,0x04,0x06,0x12,0x08,0x0C,0x06,0x0C,0x18,0x1E, |
| 32281 | 506 0x10,0x08,0x22,0x08,0x16,0x06,0x0E,0x0A,0x12,0x0E,0x04,0x0C,0x08,0x04,0x24,0x06, |
| 32282 | 507 0x06,0x02,0x0A,0x02,0x04,0x14,0x06,0x06,0x0A,0x0C,0x06,0x02,0x28,0x08,0x06,0x1C, |
| 32283 | 508 0x06,0x02,0x0C,0x12,0x04,0x18,0x0E,0x06,0x06,0x0A,0x14,0x0A,0x0E,0x10,0x0E,0x10, |
| 32284 | 509 0x06,0x08,0x24,0x04,0x0C,0x0C,0x06,0x0C,0x32,0x0C,0x06,0x04,0x06,0x06,0x08,0x06, |
| 32285 | |
| 32286 | Page 466 TCG Published Family "2.0" |
| 32287 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 32288 | Part 4: Supporting Routines Trusted Platform Module Library |
| 32289 | |
| 32290 | 510 0x0A,0x02,0x0A,0x02,0x12,0x0A,0x0E,0x10,0x08,0x06,0x04,0x14,0x04,0x02,0x0A,0x06, |
| 32291 | 511 0x0E,0x12,0x0A,0x26,0x0A,0x12,0x02,0x0A,0x02,0x0C,0x04,0x02,0x04,0x0E,0x06,0x0A |
| 32292 | 512 #endif |
| 32293 | 513 // 6144 |
| 32294 | 514 #if PRIME_DIFF_TABLE_BYTES > 6144 |
| 32295 | 515 ,0x08,0x28,0x06,0x14,0x04,0x0C,0x08,0x06,0x22,0x08,0x16,0x08,0x0C,0x0A,0x02,0x10, |
| 32296 | 516 0x2A,0x0C,0x08,0x16,0x08,0x16,0x08,0x06,0x22,0x02,0x06,0x04,0x0E,0x06,0x10,0x02, |
| 32297 | 517 0x16,0x06,0x08,0x18,0x16,0x06,0x02,0x0C,0x04,0x06,0x0E,0x04,0x08,0x18,0x04,0x06, |
| 32298 | 518 0x06,0x02,0x16,0x14,0x06,0x04,0x0E,0x04,0x06,0x06,0x08,0x06,0x0A,0x06,0x08,0x06, |
| 32299 | 519 0x10,0x0E,0x06,0x06,0x16,0x06,0x18,0x20,0x06,0x12,0x06,0x12,0x0A,0x08,0x1E,0x12, |
| 32300 | 520 0x06,0x10,0x0C,0x06,0x0C,0x02,0x06,0x04,0x0C,0x08,0x06,0x16,0x08,0x06,0x04,0x0E, |
| 32301 | 521 0x0A,0x12,0x14,0x0A,0x02,0x06,0x04,0x02,0x1C,0x12,0x02,0x0A,0x06,0x06,0x06,0x0E, |
| 32302 | 522 0x28,0x18,0x02,0x04,0x08,0x0C,0x04,0x14,0x04,0x20,0x12,0x10,0x06,0x24,0x08,0x06, |
| 32303 | 523 0x04,0x06,0x0E,0x04,0x06,0x1A,0x06,0x0A,0x0E,0x12,0x0A,0x06,0x06,0x0E,0x0A,0x06, |
| 32304 | 524 0x06,0x0E,0x06,0x18,0x04,0x0E,0x16,0x08,0x0C,0x0A,0x08,0x0C,0x12,0x0A,0x12,0x08, |
| 32305 | 525 0x18,0x0A,0x08,0x04,0x18,0x06,0x12,0x06,0x02,0x0A,0x1E,0x02,0x0A,0x02,0x04,0x02, |
| 32306 | 526 0x28,0x02,0x1C,0x08,0x06,0x06,0x12,0x06,0x0A,0x0E,0x04,0x12,0x1E,0x12,0x02,0x0C, |
| 32307 | 527 0x1E,0x06,0x1E,0x04,0x12,0x0C,0x02,0x04,0x0E,0x06,0x0A,0x06,0x08,0x06,0x0A,0x0C, |
| 32308 | 528 0x02,0x06,0x0C,0x0A,0x02,0x12,0x04,0x14,0x04,0x06,0x0E,0x06,0x06,0x16,0x06,0x06, |
| 32309 | 529 0x08,0x12,0x12,0x0A,0x02,0x0A,0x02,0x06,0x04,0x06,0x0C,0x12,0x02,0x0A,0x08,0x04, |
| 32310 | 530 0x12,0x02,0x06,0x06,0x06,0x0A,0x08,0x0A,0x06,0x12,0x0C,0x08,0x0C,0x06,0x04,0x06 |
| 32311 | 531 #endif |
| 32312 | 532 // 6400 |
| 32313 | 533 #if PRIME_DIFF_TABLE_BYTES > 6400 |
| 32314 | 534 ,0x0E,0x10,0x02,0x0C,0x04,0x06,0x26,0x06,0x06,0x10,0x14,0x1C,0x14,0x0A,0x06,0x06, |
| 32315 | 535 0x0E,0x04,0x1A,0x04,0x0E,0x0A,0x12,0x0E,0x1C,0x02,0x04,0x0E,0x10,0x02,0x1C,0x06, |
| 32316 | 536 0x08,0x06,0x22,0x08,0x04,0x12,0x02,0x10,0x08,0x06,0x28,0x08,0x12,0x04,0x1E,0x06, |
| 32317 | 537 0x0C,0x02,0x1E,0x06,0x0A,0x0E,0x28,0x0E,0x0A,0x02,0x0C,0x0A,0x08,0x04,0x08,0x06, |
| 32318 | 538 0x06,0x1C,0x02,0x04,0x0C,0x0E,0x10,0x08,0x1E,0x10,0x12,0x02,0x0A,0x12,0x06,0x20, |
| 32319 | 539 0x04,0x12,0x06,0x02,0x0C,0x0A,0x12,0x02,0x06,0x0A,0x0E,0x12,0x1C,0x06,0x08,0x10, |
| 32320 | 540 0x02,0x04,0x14,0x0A,0x08,0x12,0x0A,0x02,0x0A,0x08,0x04,0x06,0x0C,0x06,0x14,0x04, |
| 32321 | 541 0x02,0x06,0x04,0x14,0x0A,0x1A,0x12,0x0A,0x02,0x12,0x06,0x10,0x0E,0x04,0x1A,0x04, |
| 32322 | 542 0x0E,0x0A,0x0C,0x0E,0x06,0x06,0x04,0x0E,0x0A,0x02,0x1E,0x12,0x16,0x02 |
| 32323 | 543 #endif |
| 32324 | 544 // 6542 |
| 32325 | 545 #if PRIME_DIFF_TABLE_BYTES > 0 |
| 32326 | 546 }; |
| 32327 | 547 #endif |
| 32328 | 548 #if defined RSA_INSTRUMENT || defined RSA_DEBUG |
| 32329 | 549 UINT32 failedAtIteration[10]; |
| 32330 | 550 UINT32 MillerRabinTrials; |
| 32331 | 551 UINT32 totalFields; |
| 32332 | 552 UINT32 emptyFields; |
| 32333 | 553 UINT32 noPrimeFields; |
| 32334 | 554 UINT16 lastSievePrime; |
| 32335 | 555 UINT32 primesChecked; |
| 32336 | 556 #endif |
| 32337 | |
| 32338 | Only want this table when doing debug of the prime number stuff This is a table of the first 2048 primes |
| 32339 | and takes 4096 bytes |
| 32340 | |
| 32341 | 557 #ifdef RSA_DEBUG |
| 32342 | 558 const __int16 primes[NUM_PRIMES]= |
| 32343 | 559 { |
| 32344 | 560 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, |
| 32345 | 561 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, |
| 32346 | 562 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, |
| 32347 | 563 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, |
| 32348 | 564 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, |
| 32349 | 565 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, |
| 32350 | 566 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, |
| 32351 | 567 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, |
| 32352 | 568 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, |
| 32353 | 569 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, |
| 32354 | 570 947, 953, 967, 971, 977, 983, 991, 997,1009,1013,1019,1021,1031,1033,1039,1049, |
| 32355 | |
| 32356 | Family "2.0" TCG Published Page 467 |
| 32357 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 32358 | Trusted Platform Module Library Part 4: Supporting Routines |
| 32359 | |
| 32360 | 571 1051,1061,1063,1069,1087,1091,1093,1097,1103,1109,1117,1123,1129,1151,1153,1163, |
| 32361 | 572 1171,1181,1187,1193,1201,1213,1217,1223,1229,1231,1237,1249,1259,1277,1279,1283, |
| 32362 | 573 1289,1291,1297,1301,1303,1307,1319,1321,1327,1361,1367,1373,1381,1399,1409,1423, |
| 32363 | 574 1427,1429,1433,1439,1447,1451,1453,1459,1471,1481,1483,1487,1489,1493,1499,1511, |
| 32364 | 575 1523,1531,1543,1549,1553,1559,1567,1571,1579,1583,1597,1601,1607,1609,1613,1619, |
| 32365 | 576 1621,1627,1637,1657,1663,1667,1669,1693,1697,1699,1709,1721,1723,1733,1741,1747, |
| 32366 | 577 1753,1759,1777,1783,1787,1789,1801,1811,1823,1831,1847,1861,1867,1871,1873,1877, |
| 32367 | 578 1879,1889,1901,1907,1913,1931,1933,1949,1951,1973,1979,1987,1993,1997,1999,2003, |
| 32368 | 579 2011,2017,2027,2029,2039,2053,2063,2069,2081,2083,2087,2089,2099,2111,2113,2129, |
| 32369 | 580 2131,2137,2141,2143,2153,2161,2179,2203,2207,2213,2221,2237,2239,2243,2251,2267, |
| 32370 | 581 2269,2273,2281,2287,2293,2297,2309,2311,2333,2339,2341,2347,2351,2357,2371,2377, |
| 32371 | 582 2381,2383,2389,2393,2399,2411,2417,2423,2437,2441,2447,2459,2467,2473,2477,2503, |
| 32372 | 583 2521,2531,2539,2543,2549,2551,2557,2579,2591,2593,2609,2617,2621,2633,2647,2657, |
| 32373 | 584 2659,2663,2671,2677,2683,2687,2689,2693,2699,2707,2711,2713,2719,2729,2731,2741, |
| 32374 | 585 2749,2753,2767,2777,2789,2791,2797,2801,2803,2819,2833,2837,2843,2851,2857,2861, |
| 32375 | 586 2879,2887,2897,2903,2909,2917,2927,2939,2953,2957,2963,2969,2971,2999,3001,3011, |
| 32376 | 587 3019,3023,3037,3041,3049,3061,3067,3079,3083,3089,3109,3119,3121,3137,3163,3167, |
| 32377 | 588 3169,3181,3187,3191,3203,3209,3217,3221,3229,3251,3253,3257,3259,3271,3299,3301, |
| 32378 | 589 3307,3313,3319,3323,3329,3331,3343,3347,3359,3361,3371,3373,3389,3391,3407,3413, |
| 32379 | 590 3433,3449,3457,3461,3463,3467,3469,3491,3499,3511,3517,3527,3529,3533,3539,3541, |
| 32380 | 591 3547,3557,3559,3571,3581,3583,3593,3607,3613,3617,3623,3631,3637,3643,3659,3671, |
| 32381 | 592 3673,3677,3691,3697,3701,3709,3719,3727,3733,3739,3761,3767,3769,3779,3793,3797, |
| 32382 | 593 3803,3821,3823,3833,3847,3851,3853,3863,3877,3881,3889,3907,3911,3917,3919,3923, |
| 32383 | 594 3929,3931,3943,3947,3967,3989,4001,4003,4007,4013,4019,4021,4027,4049,4051,4057, |
| 32384 | 595 4073,4079,4091,4093,4099,4111,4127,4129,4133,4139,4153,4157,4159,4177,4201,4211, |
| 32385 | 596 4217,4219,4229,4231,4241,4243,4253,4259,4261,4271,4273,4283,4289,4297,4327,4337, |
| 32386 | 597 4339,4349,4357,4363,4373,4391,4397,4409,4421,4423,4441,4447,4451,4457,4463,4481, |
| 32387 | 598 4483,4493,4507,4513,4517,4519,4523,4547,4549,4561,4567,4583,4591,4597,4603,4621, |
| 32388 | 599 4637,4639,4643,4649,4651,4657,4663,4673,4679,4691,4703,4721,4723,4729,4733,4751, |
| 32389 | 600 4759,4783,4787,4789,4793,4799,4801,4813,4817,4831,4861,4871,4877,4889,4903,4909, |
| 32390 | 601 4919,4931,4933,4937,4943,4951,4957,4967,4969,4973,4987,4993,4999,5003,5009,5011, |
| 32391 | 602 5021,5023,5039,5051,5059,5077,5081,5087,5099,5101,5107,5113,5119,5147,5153,5167, |
| 32392 | 603 5171,5179,5189,5197,5209,5227,5231,5233,5237,5261,5273,5279,5281,5297,5303,5309, |
| 32393 | 604 5323,5333,5347,5351,5381,5387,5393,5399,5407,5413,5417,5419,5431,5437,5441,5443, |
| 32394 | 605 5449,5471,5477,5479,5483,5501,5503,5507,5519,5521,5527,5531,5557,5563,5569,5573, |
| 32395 | 606 5581,5591,5623,5639,5641,5647,5651,5653,5657,5659,5669,5683,5689,5693,5701,5711, |
| 32396 | 607 5717,5737,5741,5743,5749,5779,5783,5791,5801,5807,5813,5821,5827,5839,5843,5849, |
| 32397 | 608 5851,5857,5861,5867,5869,5879,5881,5897,5903,5923,5927,5939,5953,5981,5987,6007, |
| 32398 | 609 6011,6029,6037,6043,6047,6053,6067,6073,6079,6089,6091,6101,6113,6121,6131,6133, |
| 32399 | 610 6143,6151,6163,6173,6197,6199,6203,6211,6217,6221,6229,6247,6257,6263,6269,6271, |
| 32400 | 611 6277,6287,6299,6301,6311,6317,6323,6329,6337,6343,6353,6359,6361,6367,6373,6379, |
| 32401 | 612 6389,6397,6421,6427,6449,6451,6469,6473,6481,6491,6521,6529,6547,6551,6553,6563, |
| 32402 | 613 6569,6571,6577,6581,6599,6607,6619,6637,6653,6659,6661,6673,6679,6689,6691,6701, |
| 32403 | 614 6703,6709,6719,6733,6737,6761,6763,6779,6781,6791,6793,6803,6823,6827,6829,6833, |
| 32404 | 615 6841,6857,6863,6869,6871,6883,6899,6907,6911,6917,6947,6949,6959,6961,6967,6971, |
| 32405 | 616 6977,6983,6991,6997,7001,7013,7019,7027,7039,7043,7057,7069,7079,7103,7109,7121, |
| 32406 | 617 7127,7129,7151,7159,7177,7187,7193,7207,7211,7213,7219,7229,7237,7243,7247,7253, |
| 32407 | 618 7283,7297,7307,7309,7321,7331,7333,7349,7351,7369,7393,7411,7417,7433,7451,7457, |
| 32408 | 619 7459,7477,7481,7487,7489,7499,7507,7517,7523,7529,7537,7541,7547,7549,7559,7561, |
| 32409 | 620 7573,7577,7583,7589,7591,7603,7607,7621,7639,7643,7649,7669,7673,7681,7687,7691, |
| 32410 | 621 7699,7703,7717,7723,7727,7741,7753,7757,7759,7789,7793,7817,7823,7829,7841,7853, |
| 32411 | 622 7867,7873,7877,7879,7883,7901,7907,7919,7927,7933,7937,7949,7951,7963,7993,8009, |
| 32412 | 623 8011,8017,8039,8053,8059,8069,8081,8087,8089,8093,8101,8111,8117,8123,8147,8161, |
| 32413 | 624 8167,8171,8179,8191,8209,8219,8221,8231,8233,8237,8243,8263,8269,8273,8287,8291, |
| 32414 | 625 8293,8297,8311,8317,8329,8353,8363,8369,8377,8387,8389,8419,8423,8429,8431,8443, |
| 32415 | 626 8447,8461,8467,8501,8513,8521,8527,8537,8539,8543,8563,8573,8581,8597,8599,8609, |
| 32416 | 627 8623,8627,8629,8641,8647,8663,8669,8677,8681,8689,8693,8699,8707,8713,8719,8731, |
| 32417 | 628 8737,8741,8747,8753,8761,8779,8783,8803,8807,8819,8821,8831,8837,8839,8849,8861, |
| 32418 | 629 8863,8867,8887,8893,8923,8929,8933,8941,8951,8963,8969,8971,8999,9001,9007,9011, |
| 32419 | 630 9013,9029,9041,9043,9049,9059,9067,9091,9103,9109,9127,9133,9137,9151,9157,9161, |
| 32420 | 631 9173,9181,9187,9199,9203,9209,9221,9227,9239,9241,9257,9277,9281,9283,9293,9311, |
| 32421 | 632 9319,9323,9337,9341,9343,9349,9371,9377,9391,9397,9403,9413,9419,9421,9431,9433, |
| 32422 | 633 9437,9439,9461,9463,9467,9473,9479,9491,9497,9511,9521,9533,9539,9547,9551,9587, |
| 32423 | 634 9601,9613,9619,9623,9629,9631,9643,9649,9661,9677,9679,9689,9697,9719,9721,9733, |
| 32424 | 635 9739,9743,9749,9767,9769,9781,9787,9791,9803,9811,9817,9829,9833,9839,9851,9857, |
| 32425 | 636 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, |
| 32426 | |
| 32427 | Page 468 TCG Published Family "2.0" |
| 32428 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 32429 | Part 4: Supporting Routines Trusted Platform Module Library |
| 32430 | |
| 32431 | 637 9931, 9941, 9949, 9967, 9973,10007,10009,10037, |
| 32432 | 638 10039,10061,10067,10069,10079,10091,10093,10099, |
| 32433 | 639 10103,10111,10133,10139,10141,10151,10159,10163, |
| 32434 | 640 10169,10177,10181,10193,10211,10223,10243,10247, |
| 32435 | 641 10253,10259,10267,10271,10273,10289,10301,10303, |
| 32436 | 642 10313,10321,10331,10333,10337,10343,10357,10369, |
| 32437 | 643 10391,10399,10427,10429,10433,10453,10457,10459, |
| 32438 | 644 10463,10477,10487,10499,10501,10513,10529,10531, |
| 32439 | 645 10559,10567,10589,10597,10601,10607,10613,10627, |
| 32440 | 646 10631,10639,10651,10657,10663,10667,10687,10691, |
| 32441 | 647 10709,10711,10723,10729,10733,10739,10753,10771, |
| 32442 | 648 10781,10789,10799,10831,10837,10847,10853,10859, |
| 32443 | 649 10861,10867,10883,10889,10891,10903,10909,10937, |
| 32444 | 650 10939,10949,10957,10973,10979,10987,10993,11003, |
| 32445 | 651 11027,11047,11057,11059,11069,11071,11083,11087, |
| 32446 | 652 11093,11113,11117,11119,11131,11149,11159,11161, |
| 32447 | 653 11171,11173,11177,11197,11213,11239,11243,11251, |
| 32448 | 654 11257,11261,11273,11279,11287,11299,11311,11317, |
| 32449 | 655 11321,11329,11351,11353,11369,11383,11393,11399, |
| 32450 | 656 11411,11423,11437,11443,11447,11467,11471,11483, |
| 32451 | 657 11489,11491,11497,11503,11519,11527,11549,11551, |
| 32452 | 658 11579,11587,11593,11597,11617,11621,11633,11657, |
| 32453 | 659 11677,11681,11689,11699,11701,11717,11719,11731, |
| 32454 | 660 11743,11777,11779,11783,11789,11801,11807,11813, |
| 32455 | 661 11821,11827,11831,11833,11839,11863,11867,11887, |
| 32456 | 662 11897,11903,11909,11923,11927,11933,11939,11941, |
| 32457 | 663 11953,11959,11969,11971,11981,11987,12007,12011, |
| 32458 | 664 12037,12041,12043,12049,12071,12073,12097,12101, |
| 32459 | 665 12107,12109,12113,12119,12143,12149,12157,12161, |
| 32460 | 666 12163,12197,12203,12211,12227,12239,12241,12251, |
| 32461 | 667 12253,12263,12269,12277,12281,12289,12301,12323, |
| 32462 | 668 12329,12343,12347,12373,12377,12379,12391,12401, |
| 32463 | 669 12409,12413,12421,12433,12437,12451,12457,12473, |
| 32464 | 670 12479,12487,12491,12497,12503,12511,12517,12527, |
| 32465 | 671 12539,12541,12547,12553,12569,12577,12583,12589, |
| 32466 | 672 12601,12611,12613,12619,12637,12641,12647,12653, |
| 32467 | 673 12659,12671,12689,12697,12703,12713,12721,12739, |
| 32468 | 674 12743,12757,12763,12781,12791,12799,12809,12821, |
| 32469 | 675 12823,12829,12841,12853,12889,12893,12899,12907, |
| 32470 | 676 12911,12917,12919,12923,12941,12953,12959,12967, |
| 32471 | 677 12973,12979,12983,13001,13003,13007,13009,13033, |
| 32472 | 678 13037,13043,13049,13063,13093,13099,13103,13109, |
| 32473 | 679 13121,13127,13147,13151,13159,13163,13171,13177, |
| 32474 | 680 13183,13187,13217,13219,13229,13241,13249,13259, |
| 32475 | 681 13267,13291,13297,13309,13313,13327,13331,13337, |
| 32476 | 682 13339,13367,13381,13397,13399,13411,13417,13421, |
| 32477 | 683 13441,13451,13457,13463,13469,13477,13487,13499, |
| 32478 | 684 13513,13523,13537,13553,13567,13577,13591,13597, |
| 32479 | 685 13613,13619,13627,13633,13649,13669,13679,13681, |
| 32480 | 686 13687,13691,13693,13697,13709,13711,13721,13723, |
| 32481 | 687 13729,13751,13757,13759,13763,13781,13789,13799, |
| 32482 | 688 13807,13829,13831,13841,13859,13873,13877,13879, |
| 32483 | 689 13883,13901,13903,13907,13913,13921,13931,13933, |
| 32484 | 690 13963,13967,13997,13999,14009,14011,14029,14033, |
| 32485 | 691 14051,14057,14071,14081,14083,14087,14107,14143, |
| 32486 | 692 14149,14153,14159,14173,14177,14197,14207,14221, |
| 32487 | 693 14243,14249,14251,14281,14293,14303,14321,14323, |
| 32488 | 694 14327,14341,14347,14369,14387,14389,14401,14407, |
| 32489 | 695 14411,14419,14423,14431,14437,14447,14449,14461, |
| 32490 | 696 14479,14489,14503,14519,14533,14537,14543,14549, |
| 32491 | 697 14551,14557,14561,14563,14591,14593,14621,14627, |
| 32492 | 698 14629,14633,14639,14653,14657,14669,14683,14699, |
| 32493 | 699 14713,14717,14723,14731,14737,14741,14747,14753, |
| 32494 | 700 14759,14767,14771,14779,14783,14797,14813,14821, |
| 32495 | 701 14827,14831,14843,14851,14867,14869,14879,14887, |
| 32496 | 702 14891,14897,14923,14929,14939,14947,14951,14957, |
| 32497 | |
| 32498 | Family "2.0" TCG Published Page 469 |
| 32499 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 32500 | Trusted Platform Module Library Part 4: Supporting Routines |
| 32501 | |
| 32502 | 703 14969,14983,15013,15017,15031,15053,15061,15073, |
| 32503 | 704 15077,15083,15091,15101,15107,15121,15131,15137, |
| 32504 | 705 15139,15149,15161,15173,15187,15193,15199,15217, |
| 32505 | 706 15227,15233,15241,15259,15263,15269,15271,15277, |
| 32506 | 707 15287,15289,15299,15307,15313,15319,15329,15331, |
| 32507 | 708 15349,15359,15361,15373,15377,15383,15391,15401, |
| 32508 | 709 15413,15427,15439,15443,15451,15461,15467,15473, |
| 32509 | 710 15493,15497,15511,15527,15541,15551,15559,15569, |
| 32510 | 711 15581,15583,15601,15607,15619,15629,15641,15643, |
| 32511 | 712 15647,15649,15661,15667,15671,15679,15683,15727, |
| 32512 | 713 15731,15733,15737,15739,15749,15761,15767,15773, |
| 32513 | 714 15787,15791,15797,15803,15809,15817,15823,15859, |
| 32514 | 715 15877,15881,15887,15889,15901,15907,15913,15919, |
| 32515 | 716 15923,15937,15959,15971,15973,15991,16001,16007, |
| 32516 | 717 16033,16057,16061,16063,16067,16069,16073,16087, |
| 32517 | 718 16091,16097,16103,16111,16127,16139,16141,16183, |
| 32518 | 719 16187,16189,16193,16217,16223,16229,16231,16249, |
| 32519 | 720 16253,16267,16273,16301,16319,16333,16339,16349, |
| 32520 | 721 16361,16363,16369,16381,16411,16417,16421,16427, |
| 32521 | 722 16433,16447,16451,16453,16477,16481,16487,16493, |
| 32522 | 723 16519,16529,16547,16553,16561,16567,16573,16603, |
| 32523 | 724 16607,16619,16631,16633,16649,16651,16657,16661, |
| 32524 | 725 16673,16691,16693,16699,16703,16729,16741,16747, |
| 32525 | 726 16759,16763,16787,16811,16823,16829,16831,16843, |
| 32526 | 727 16871,16879,16883,16889,16901,16903,16921,16927, |
| 32527 | 728 16931,16937,16943,16963,16979,16981,16987,16993, |
| 32528 | 729 17011,17021,17027,17029,17033,17041,17047,17053, |
| 32529 | 730 17077,17093,17099,17107,17117,17123,17137,17159, |
| 32530 | 731 17167,17183,17189,17191,17203,17207,17209,17231, |
| 32531 | 732 17239,17257,17291,17293,17299,17317,17321,17327, |
| 32532 | 733 17333,17341,17351,17359,17377,17383,17387,17389, |
| 32533 | 734 17393,17401,17417,17419,17431,17443,17449,17467, |
| 32534 | 735 17471,17477,17483,17489,17491,17497,17509,17519, |
| 32535 | 736 17539,17551,17569,17573,17579,17581,17597,17599, |
| 32536 | 737 17609,17623,17627,17657,17659,17669,17681,17683, |
| 32537 | 738 17707,17713,17729,17737,17747,17749,17761,17783, |
| 32538 | 739 17789,17791,17807,17827,17837,17839,17851,17863 |
| 32539 | 740 }; |
| 32540 | 741 #endif |
| 32541 | 742 #endif |
| 32542 | |
| 32543 | |
| 32544 | |
| 32545 | |
| 32546 | Page 470 TCG Published Family "2.0" |
| 32547 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 32548 | Part 4: Supporting Routines Trusted Platform Module Library |
| 32549 | |
| 32550 | |
| 32551 | B.13 Elliptic Curve Files |
| 32552 | |
| 32553 | B.13.1. CpriDataEcc.h |
| 32554 | |
| 32555 | 1 #ifndef _CRYPTDATAECC_H_ |
| 32556 | 2 #define _CRYPTDATAECC_H_ |
| 32557 | |
| 32558 | Structure for the curve parameters. This is an analog to the TPMS_ALGORITHM_DETAIL_ECC |
| 32559 | |
| 32560 | 3 typedef struct { |
| 32561 | 4 const TPM2B *p; // a prime number |
| 32562 | 5 const TPM2B *a; // linear coefficient |
| 32563 | 6 const TPM2B *b; // constant term |
| 32564 | 7 const TPM2B *x; // generator x coordinate |
| 32565 | 8 const TPM2B *y; // generator y coordinate |
| 32566 | 9 const TPM2B *n; // the order of the curve |
| 32567 | 10 const TPM2B *h; // cofactor |
| 32568 | 11 } ECC_CURVE_DATA; |
| 32569 | 12 typedef struct |
| 32570 | 13 { |
| 32571 | 14 TPM_ECC_CURVE curveId; |
| 32572 | 15 UINT16 keySizeBits; |
| 32573 | 16 TPMT_KDF_SCHEME kdf; |
| 32574 | 17 TPMT_ECC_SCHEME sign; |
| 32575 | 18 const ECC_CURVE_DATA *curveData; // the address of the curve data |
| 32576 | 19 } ECC_CURVE; |
| 32577 | 20 extern const ECC_CURVE_DATA SM2_P256; |
| 32578 | 21 extern const ECC_CURVE_DATA NIST_P256; |
| 32579 | 22 extern const ECC_CURVE_DATA BN_P256; |
| 32580 | 23 extern const ECC_CURVE eccCurves[]; |
| 32581 | 24 extern const UINT16 ECC_CURVE_COUNT; |
| 32582 | 25 #endif |
| 32583 | |
| 32584 | |
| 32585 | |
| 32586 | |
| 32587 | Family "2.0" TCG Published Page 471 |
| 32588 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 32589 | Trusted Platform Module Library Part 4: Supporting Routines |
| 32590 | |
| 32591 | |
| 32592 | B.13.2. CpriDataEcc.c |
| 32593 | |
| 32594 | Defines for the sizes of ECC parameters |
| 32595 | |
| 32596 | 1 #include "TPMB.h" |
| 32597 | 2 TPM2B_BYTE_VALUE(1); |
| 32598 | 3 TPM2B_BYTE_VALUE(16); |
| 32599 | 4 TPM2B_BYTE_VALUE(2); |
| 32600 | 5 TPM2B_BYTE_VALUE(24); |
| 32601 | 6 TPM2B_BYTE_VALUE(28); |
| 32602 | 7 TPM2B_BYTE_VALUE(32); |
| 32603 | 8 TPM2B_BYTE_VALUE(4); |
| 32604 | 9 TPM2B_BYTE_VALUE(48); |
| 32605 | 10 TPM2B_BYTE_VALUE(64); |
| 32606 | 11 TPM2B_BYTE_VALUE(66); |
| 32607 | 12 TPM2B_BYTE_VALUE(8); |
| 32608 | 13 TPM2B_BYTE_VALUE(80); |
| 32609 | 14 #if defined ECC_NIST_P192 && ECC_NIST_P192 == YES |
| 32610 | 15 const TPM2B_24_BYTE_VALUE NIST_P192_p = {24, |
| 32611 | 16 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32612 | 17 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, |
| 32613 | 18 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}; |
| 32614 | 19 const TPM2B_24_BYTE_VALUE NIST_P192_a = {24, |
| 32615 | 20 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32616 | 21 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, |
| 32617 | 22 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC}}; |
| 32618 | 23 const TPM2B_24_BYTE_VALUE NIST_P192_b = {24, |
| 32619 | 24 {0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, |
| 32620 | 25 0x0F, 0xA7, 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49, |
| 32621 | 26 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1}}; |
| 32622 | 27 const TPM2B_24_BYTE_VALUE NIST_P192_gX = {24, |
| 32623 | 28 {0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, |
| 32624 | 29 0x7C, 0xBF, 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00, |
| 32625 | 30 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12}}; |
| 32626 | 31 const TPM2B_24_BYTE_VALUE NIST_P192_gY = {24, |
| 32627 | 32 {0x07, 0x19, 0x2B, 0x95, 0xFFC, 0x8D, 0xA7, 0x86, |
| 32628 | 33 0x31, 0x01, 0x1ED, 0x6B, 0x24, 0xCD, 0xD5, 0x73, |
| 32629 | 34 0xF9, 0x77, 0xA1, 0x1E, 0x79, 0x48, 0x11}}; |
| 32630 | 35 const TPM2B_24_BYTE_VALUE NIST_P192_n = {24, |
| 32631 | 36 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32632 | 37 0xFF, 0xFF, 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36, |
| 32633 | 38 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31}}; |
| 32634 | 39 const TPM2B_1_BYTE_VALUE NIST_P192_h = {1,{1}}; |
| 32635 | 40 const ECC_CURVE_DATA NIST_P192 = {&NIST_P192_p.b, &NIST_P192_a.b, &NIST_P192_b.b, |
| 32636 | 41 &NIST_P192_gX.b, &NIST_P192_gY.b, &NIST_P192_n.b, |
| 32637 | 42 &NIST_P192_h.b}; |
| 32638 | 43 #endif // ECC_NIST_P192 |
| 32639 | 44 #if defined ECC_NIST_P224 && ECC_NIST_P224 == YES |
| 32640 | 45 const TPM2B_28_BYTE_VALUE NIST_P224_p = {28, |
| 32641 | 46 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32642 | 47 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32643 | 48 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 32644 | 49 0x00, 0x00, 0x00, 0x01}}; |
| 32645 | 50 const TPM2B_28_BYTE_VALUE NIST_P224_a = {28, |
| 32646 | 51 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32647 | 52 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, |
| 32648 | 53 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32649 | 54 0xFF, 0xFF, 0xFF, 0xFE}}; |
| 32650 | 55 const TPM2B_28_BYTE_VALUE NIST_P224_b = {28, |
| 32651 | 56 {0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, |
| 32652 | 57 0xF5, 0x41, 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, |
| 32653 | 58 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, |
| 32654 | 59 0x23, 0x55, 0xFF, 0xB4}}; |
| 32655 | 60 const TPM2B_28_BYTE_VALUE NIST_P224_gX = {28, |
| 32656 | 61 {0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, |
| 32657 | |
| 32658 | Page 472 TCG Published Family "2.0" |
| 32659 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 32660 | Part 4: Supporting Routines Trusted Platform Module Library |
| 32661 | |
| 32662 | 62 0x32, 0x13, 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, |
| 32663 | 63 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, |
| 32664 | 64 0x11, 0x5C, 0x1D, 0x21}}; |
| 32665 | 65 const TPM2B_28_BYTE_VALUE NIST_P224_gY = {28, |
| 32666 | 66 {0xBD, 0x37, 0x63, 0x88, 0xB5, 0xF7, 0x23, 0xFB, |
| 32667 | 67 0x4C, 0x22, 0xDF, 0xE6, 0xCD, 0x43, 0x75, 0xA0, |
| 32668 | 68 0x5A, 0x07, 0x47, 0x64, 0x44, 0xD5, 0x81, 0x99, |
| 32669 | 69 0x85, 0x00, 0x7E, 0x34}}; |
| 32670 | 70 const TPM2B_28_BYTE_VALUE NIST_P224_n = {28, |
| 32671 | 71 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32672 | 72 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, |
| 32673 | 73 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, |
| 32674 | 74 0x5C, 0x5C, 0x2A, 0x3D}}; |
| 32675 | 75 const TPM2B_1_BYTE_VALUE NIST_P224_h = {1,{1}}; |
| 32676 | 76 const ECC_CURVE_DATA NIST_P224 = {&NIST_P224_p.b, &NIST_P224_a.b, &NIST_P224_b.b, |
| 32677 | 77 &NIST_P224_gX.b, &NIST_P224_gY.b, &NIST_P224_n.b, |
| 32678 | 78 &NIST_P224_h.b}; |
| 32679 | 79 #endif // ECC_NIST_P224 |
| 32680 | 80 #if defined ECC_NIST_P256 && ECC_NIST_P256 == YES |
| 32681 | 81 const TPM2B_32_BYTE_VALUE NIST_P256_p = {32, |
| 32682 | 82 {0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, |
| 32683 | 83 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 32684 | 84 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32685 | 85 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}; |
| 32686 | 86 const TPM2B_32_BYTE_VALUE NIST_P256_a = {32, |
| 32687 | 87 {0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, |
| 32688 | 88 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 32689 | 89 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32690 | 90 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC}}; |
| 32691 | 91 const TPM2B_32_BYTE_VALUE NIST_P256_b = {32, |
| 32692 | 92 {0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, |
| 32693 | 93 0xB3, 0xEB, 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC, |
| 32694 | 94 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, |
| 32695 | 95 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B}}; |
| 32696 | 96 const TPM2B_32_BYTE_VALUE NIST_P256_gX = {32, |
| 32697 | 97 {0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, |
| 32698 | 98 0xF8, 0xBC, 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2, |
| 32699 | 99 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, |
| 32700 | 100 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96}}; |
| 32701 | 101 const TPM2B_32_BYTE_VALUE NIST_P256_gY = {32, |
| 32702 | 102 {0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B, |
| 32703 | 103 0x8E, 0xE7, 0xEB, 0x4A, 0x7C, 0x0F, 0x9E, 0x16, |
| 32704 | 104 0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE, |
| 32705 | 105 0xCB, 0xB6, 0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5}}; |
| 32706 | 106 const TPM2B_32_BYTE_VALUE NIST_P256_n = {32, |
| 32707 | 107 {0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, |
| 32708 | 108 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32709 | 109 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, |
| 32710 | 110 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51}}; |
| 32711 | 111 const TPM2B_1_BYTE_VALUE NIST_P256_h = {1,{1}}; |
| 32712 | 112 const ECC_CURVE_DATA NIST_P256 = {&NIST_P256_p.b, &NIST_P256_a.b, &NIST_P256_b.b, |
| 32713 | 113 &NIST_P256_gX.b, &NIST_P256_gY.b, &NIST_P256_n.b, |
| 32714 | 114 &NIST_P256_h.b}; |
| 32715 | 115 #endif // ECC_NIST_P256 |
| 32716 | 116 #if defined ECC_NIST_P384 && ECC_NIST_P384 == YES |
| 32717 | 117 const TPM2B_48_BYTE_VALUE NIST_P384_p = {48, |
| 32718 | 118 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32719 | 119 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32720 | 120 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32721 | 121 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, |
| 32722 | 122 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, |
| 32723 | 123 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF}}; |
| 32724 | 124 const TPM2B_48_BYTE_VALUE NIST_P384_a = {48, |
| 32725 | 125 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32726 | 126 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32727 | 127 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32728 | |
| 32729 | Family "2.0" TCG Published Page 473 |
| 32730 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 32731 | Trusted Platform Module Library Part 4: Supporting Routines |
| 32732 | |
| 32733 | 128 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, |
| 32734 | 129 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, |
| 32735 | 130 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC}}; |
| 32736 | 131 const TPM2B_48_BYTE_VALUE NIST_P384_b = {48, |
| 32737 | 132 {0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, |
| 32738 | 133 0x98, 0x8E, 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19, |
| 32739 | 134 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, |
| 32740 | 135 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, |
| 32741 | 136 0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D, |
| 32742 | 137 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF}}; |
| 32743 | 138 const TPM2B_48_BYTE_VALUE NIST_P384_gX = {48, |
| 32744 | 139 {0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, |
| 32745 | 140 0x8E, 0xB1, 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74, |
| 32746 | 141 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, |
| 32747 | 142 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, |
| 32748 | 143 0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C, |
| 32749 | 144 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7}}; |
| 32750 | 145 const TPM2B_48_BYTE_VALUE NIST_P384_gY = {48, |
| 32751 | 146 {0x36, 0x17, 0xDE, 0x4A, 0x96, 0x26, 0x2C, 0x6F, |
| 32752 | 147 0x5D, 0x9E, 0x98, 0xBF, 0x92, 0x92, 0xDC, 0x29, |
| 32753 | 148 0xF8, 0xF4, 0x1D, 0xBD, 0x28, 0x9A, 0x14, 0x7C, |
| 32754 | 149 0xE9, 0xDA, 0x31, 0x13, 0xB5, 0xF0, 0xB8, 0xC0, |
| 32755 | 150 0x0A, 0x60, 0xB1, 0xCE, 0x1D, 0x7E, 0x81, 0x9D, |
| 32756 | 151 0x7A, 0x43, 0x1D, 0x7C, 0x90, 0xEA, 0x0E, 0x5F}}; |
| 32757 | 152 const TPM2B_48_BYTE_VALUE NIST_P384_n = {48, |
| 32758 | 153 {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32759 | 154 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32760 | 155 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32761 | 156 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, |
| 32762 | 157 0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A, |
| 32763 | 158 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73}}; |
| 32764 | 159 const TPM2B_1_BYTE_VALUE NIST_P384_h = {1,{1}}; |
| 32765 | 160 const ECC_CURVE_DATA NIST_P384 = {&NIST_P384_p.b, &NIST_P384_a.b, &NIST_P384_b.b, |
| 32766 | 161 &NIST_P384_gX.b, &NIST_P384_gY.b, &NIST_P384_n.b, |
| 32767 | 162 &NIST_P384_h.b}; |
| 32768 | 163 #endif // ECC_NIST_P384 |
| 32769 | 164 #if defined ECC_NIST_P521 && ECC_NIST_P521 == YES |
| 32770 | 165 const TPM2B_66_BYTE_VALUE NIST_P521_p = {66, |
| 32771 | 166 {0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32772 | 167 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32773 | 168 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32774 | 169 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32775 | 170 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32776 | 171 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32777 | 172 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32778 | 173 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32779 | 174 0xFF, 0xFF}}; |
| 32780 | 175 const TPM2B_66_BYTE_VALUE NIST_P521_a = {66, |
| 32781 | 176 {0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32782 | 177 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32783 | 178 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32784 | 179 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32785 | 180 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32786 | 181 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32787 | 182 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32788 | 183 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32789 | 184 0xFF, 0xFC}}; |
| 32790 | 185 const TPM2B_66_BYTE_VALUE NIST_P521_b = {66, |
| 32791 | 186 {0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, |
| 32792 | 187 0x9A, 0x1F, 0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85, |
| 32793 | 188 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, |
| 32794 | 189 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, |
| 32795 | 190 0x09, 0xE1, 0x56, 0x19, 0x39, 0x51, 0xEC, 0x7E, |
| 32796 | 191 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, |
| 32797 | 192 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, |
| 32798 | 193 0x34, 0xF1, 0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50, |
| 32799 | |
| 32800 | Page 474 TCG Published Family "2.0" |
| 32801 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 32802 | Part 4: Supporting Routines Trusted Platform Module Library |
| 32803 | |
| 32804 | 194 0x3F, 0x00}}; |
| 32805 | 195 const TPM2B_66_BYTE_VALUE NIST_P521_gX = {66, |
| 32806 | 196 {0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, |
| 32807 | 197 0xE9, 0xCD, 0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95, |
| 32808 | 198 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, |
| 32809 | 199 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, |
| 32810 | 200 0x3D, 0xBA, 0xA1, 0x4B, 0x5E, 0x77, 0xEF, 0xE7, |
| 32811 | 201 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, |
| 32812 | 202 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, |
| 32813 | 203 0x42, 0x9B, 0xF9, 0x7E, 0x7E, 0x31, 0xC2, 0xE5, |
| 32814 | 204 0xBD, 0x66}}; |
| 32815 | 205 const TPM2B_66_BYTE_VALUE NIST_P521_gY = {66, |
| 32816 | 206 {0x01, 0x18, 0x39, 0x29, 0x6A, 0x78, 0x9A, 0x3B, |
| 32817 | 207 0xC0, 0x04, 0x5C, 0x8A, 0x5F, 0xB4, 0x2C, 0x7D, |
| 32818 | 208 0x1B, 0xD9, 0x98, 0xF5, 0x44, 0x49, 0x57, 0x9B, |
| 32819 | 209 0x44, 0x68, 0x17, 0xAF, 0xBD, 0x17, 0x27, 0x3E, |
| 32820 | 210 0x66, 0x2C, 0x97, 0xEE, 0x72, 0x99, 0x5E, 0xF4, |
| 32821 | 211 0x26, 0x40, 0xC5, 0x50, 0xB9, 0x01, 0x3F, 0xAD, |
| 32822 | 212 0x07, 0x61, 0x35, 0x3C, 0x70, 0x86, 0xA2, 0x72, |
| 32823 | 213 0xC2, 0x40, 0x88, 0xBE, 0x94, 0x76, 0x9F, 0xD1, |
| 32824 | 214 0x66, 0x50}}; |
| 32825 | 215 const TPM2B_66_BYTE_VALUE NIST_P521_n = {66, |
| 32826 | 216 {0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32827 | 217 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32828 | 218 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32829 | 219 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32830 | 220 0xFF, 0xFA, 0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, |
| 32831 | 221 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, |
| 32832 | 222 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, |
| 32833 | 223 0x47, 0xAE, 0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38, |
| 32834 | 224 0x64, 0x09}}; |
| 32835 | 225 const TPM2B_1_BYTE_VALUE NIST_P521_h = {1,{1}}; |
| 32836 | 226 const ECC_CURVE_DATA NIST_P521 = {&NIST_P521_p.b, &NIST_P521_a.b, &NIST_P521_b.b, |
| 32837 | 227 &NIST_P521_gX.b, &NIST_P521_gY.b, &NIST_P521_n.b, |
| 32838 | 228 &NIST_P521_h.b}; |
| 32839 | 229 #endif // ECC_NIST_P521 |
| 32840 | 230 #if defined ECC_BN_P256 && ECC_BN_P256 == YES |
| 32841 | 231 const TPM2B_32_BYTE_VALUE BN_P256_p = {32, |
| 32842 | 232 {0xFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFC, 0XF0, 0XCD, |
| 32843 | 233 0X46, 0XE5, 0XF2, 0X5E, 0XEE, 0X71, 0XA4, 0X9F, |
| 32844 | 234 0X0C, 0XDC, 0X65, 0XFB, 0X12, 0X98, 0X0A, 0X82, |
| 32845 | 235 0XD3, 0X29, 0X2D, 0XDB, 0XAE, 0XD3, 0X30, 0X13}}; |
| 32846 | 236 const TPM2B_1_BYTE_VALUE BN_P256_a = {1,{0}}; |
| 32847 | 237 const TPM2B_1_BYTE_VALUE BN_P256_b = {1,{3}}; |
| 32848 | 238 const TPM2B_1_BYTE_VALUE BN_P256_gX = {1,{1}}; |
| 32849 | 239 const TPM2B_1_BYTE_VALUE BN_P256_gY = {1,{2}};; |
| 32850 | 240 const TPM2B_32_BYTE_VALUE BN_P256_n = {32, |
| 32851 | 241 {0xFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFC, 0XF0, 0XCD, |
| 32852 | 242 0X46, 0XE5, 0XF2, 0X5E, 0XEE, 0X71, 0XA4, 0X9E, |
| 32853 | 243 0X0C, 0XDC, 0X65, 0XFB, 0X12, 0X99, 0X92, 0X1A, |
| 32854 | 244 0XF6, 0X2D, 0X53, 0X6C, 0XD1, 0X0B, 0X50, 0X0D}}; |
| 32855 | 245 const TPM2B_1_BYTE_VALUE BN_P256_h = {1,{1}}; |
| 32856 | 246 const ECC_CURVE_DATA BN_P256 = {&BN_P256_p.b, &BN_P256_a.b, &BN_P256_b.b, |
| 32857 | 247 &BN_P256_gX.b, &BN_P256_gY.b, &BN_P256_n.b, |
| 32858 | 248 &BN_P256_h.b}; |
| 32859 | 249 #endif // ECC_BN_P256 |
| 32860 | 250 #if defined ECC_BN_P638 && ECC_BN_P638 == YES |
| 32861 | 251 const TPM2B_80_BYTE_VALUE BN_P638_p = {80, |
| 32862 | 252 {0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D, |
| 32863 | 253 0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3, |
| 32864 | 254 0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E, |
| 32865 | 255 0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F, |
| 32866 | 256 0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55, |
| 32867 | 257 0xC0, 0x00, 0x86, 0x52, 0x00, 0x21, 0xE5, 0x5B, |
| 32868 | 258 0xFF, 0xFF, 0xF5, 0x1F, 0xFF, 0xF4, 0xEB, 0x80, |
| 32869 | 259 0x00, 0x00, 0x00, 0x4C, 0x80, 0x01, 0x5A, 0xCD, |
| 32870 | |
| 32871 | Family "2.0" TCG Published Page 475 |
| 32872 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 32873 | Trusted Platform Module Library Part 4: Supporting Routines |
| 32874 | |
| 32875 | 260 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEC, 0xE0, |
| 32876 | 261 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x67}}; |
| 32877 | 262 const TPM2B_1_BYTE_VALUE BN_P638_a = {1,{0}}; |
| 32878 | 263 const TPM2B_2_BYTE_VALUE BN_P638_b = {2,{0x01,0x01}}; |
| 32879 | 264 const TPM2B_80_BYTE_VALUE BN_P638_gX = {80, |
| 32880 | 265 {0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D, |
| 32881 | 266 0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3, |
| 32882 | 267 0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E, |
| 32883 | 268 0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F, |
| 32884 | 269 0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55, |
| 32885 | 270 0xC0, 0x00, 0x86, 0x52, 0x00, 0x21, 0xE5, 0x5B, |
| 32886 | 271 0xFF, 0xFF, 0xF5, 0x1F, 0xFF, 0xF4, 0xEB, 0x80, |
| 32887 | 272 0x00, 0x00, 0x00, 0x4C, 0x80, 0x01, 0x5A, 0xCD, |
| 32888 | 273 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEC, 0xE0, |
| 32889 | 274 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x66}}; |
| 32890 | 275 const TPM2B_1_BYTE_VALUE BN_P638_gY = {1,{0x10}}; |
| 32891 | 276 const TPM2B_80_BYTE_VALUE BN_P638_n = {80, |
| 32892 | 277 {0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D, |
| 32893 | 278 0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3, |
| 32894 | 279 0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E, |
| 32895 | 280 0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F, |
| 32896 | 281 0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55, |
| 32897 | 282 0x60, 0x00, 0x86, 0x55, 0x00, 0x21, 0xE5, 0x55, |
| 32898 | 283 0xFF, 0xFF, 0xF5, 0x4F, 0xFF, 0xF4, 0xEA, 0xC0, |
| 32899 | 284 0x00, 0x00, 0x00, 0x49, 0x80, 0x01, 0x54, 0xD9, |
| 32900 | 285 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xED, 0xA0, |
| 32901 | 286 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x61}}; |
| 32902 | 287 const TPM2B_1_BYTE_VALUE BN_P638_h = {1,{1}}; |
| 32903 | 288 const ECC_CURVE_DATA BN_P638 = {&BN_P638_p.b, &BN_P638_a.b, &BN_P638_b.b, |
| 32904 | 289 &BN_P638_gX.b, &BN_P638_gY.b, &BN_P638_n.b, |
| 32905 | 290 &BN_P638_h.b}; |
| 32906 | 291 #endif // ECC_BN_P638 |
| 32907 | 292 #if defined ECC_SM2_P256 && ECC_SM2_P256 == YES |
| 32908 | 293 const TPM2B_32_BYTE_VALUE SM2_P256_p = {32, |
| 32909 | 294 {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32910 | 295 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32911 | 296 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, |
| 32912 | 297 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}}; |
| 32913 | 298 const TPM2B_32_BYTE_VALUE SM2_P256_a = {32, |
| 32914 | 299 {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32915 | 300 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32916 | 301 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, |
| 32917 | 302 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC}}; |
| 32918 | 303 const TPM2B_32_BYTE_VALUE SM2_P256_b = {32, |
| 32919 | 304 {0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34, |
| 32920 | 305 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7, |
| 32921 | 306 0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92, |
| 32922 | 307 0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93}}; |
| 32923 | 308 const TPM2B_32_BYTE_VALUE SM2_P256_gX = {32, |
| 32924 | 309 {0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19, |
| 32925 | 310 0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94, |
| 32926 | 311 0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1, |
| 32927 | 312 0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7}}; |
| 32928 | 313 const TPM2B_32_BYTE_VALUE SM2_P256_gY = {32, |
| 32929 | 314 {0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C, |
| 32930 | 315 0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53, |
| 32931 | 316 0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40, |
| 32932 | 317 0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0}}; |
| 32933 | 318 const TPM2B_32_BYTE_VALUE SM2_P256_n = {32, |
| 32934 | 319 {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32935 | 320 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 32936 | 321 0x72, 0x03, 0xDF, 0x6B, 0x21, 0xC6, 0x05, 0x2B, |
| 32937 | 322 0x53, 0xBB, 0xF4, 0x09, 0x39, 0xD5, 0x41, 0x23}}; |
| 32938 | 323 const TPM2B_1_BYTE_VALUE SM2_P256_h = {1,{1}}; |
| 32939 | 324 const ECC_CURVE_DATA SM2_P256 = {&SM2_P256_p.b, &SM2_P256_a.b, &SM2_P256_b.b, |
| 32940 | 325 &SM2_P256_gX.b, &SM2_P256_gY.b, &SM2_P256_n.b, |
| 32941 | |
| 32942 | Page 476 TCG Published Family "2.0" |
| 32943 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 32944 | Part 4: Supporting Routines Trusted Platform Module Library |
| 32945 | |
| 32946 | 326 &SM2_P256_h.b}; |
| 32947 | 327 #endif // ECC_SM2_P256 |
| 32948 | 328 #define comma |
| 32949 | 329 const ECC_CURVE eccCurves[] = { |
| 32950 | 330 #if defined ECC_NIST_P192 && ECC_NIST_P192 == YES |
| 32951 | 331 comma |
| 32952 | 332 {TPM_ECC_NIST_P192, |
| 32953 | 333 192, |
| 32954 | 334 {TPM_ALG_KDF1_SP800_56A,TPM_ALG_SHA256}, |
| 32955 | 335 {TPM_ALG_NULL,TPM_ALG_NULL}, |
| 32956 | 336 &NIST_P192} |
| 32957 | 337 # undef comma |
| 32958 | 338 # define comma , |
| 32959 | 339 #endif // ECC_NIST_P192 |
| 32960 | 340 #if defined ECC_NIST_P224 && ECC_NIST_P224 == YES |
| 32961 | 341 comma |
| 32962 | 342 {TPM_ECC_NIST_P224, |
| 32963 | 343 224, |
| 32964 | 344 {TPM_ALG_KDF1_SP800_56A,TPM_ALG_SHA256}, |
| 32965 | 345 {TPM_ALG_NULL,TPM_ALG_NULL}, |
| 32966 | 346 &NIST_P224} |
| 32967 | 347 # undef comma |
| 32968 | 348 # define comma , |
| 32969 | 349 #endif // ECC_NIST_P224 |
| 32970 | 350 #if defined ECC_NIST_P256 && ECC_NIST_P256 == YES |
| 32971 | 351 comma |
| 32972 | 352 {TPM_ECC_NIST_P256, |
| 32973 | 353 256, |
| 32974 | 354 {TPM_ALG_KDF1_SP800_56A,TPM_ALG_SHA256}, |
| 32975 | 355 {TPM_ALG_NULL,TPM_ALG_NULL}, |
| 32976 | 356 &NIST_P256} |
| 32977 | 357 # undef comma |
| 32978 | 358 # define comma , |
| 32979 | 359 #endif // ECC_NIST_P256 |
| 32980 | 360 #if defined ECC_NIST_P384 && ECC_NIST_P384 == YES |
| 32981 | 361 comma |
| 32982 | 362 {TPM_ECC_NIST_P384, |
| 32983 | 363 384, |
| 32984 | 364 {TPM_ALG_KDF1_SP800_56A,TPM_ALG_SHA384}, |
| 32985 | 365 {TPM_ALG_NULL,TPM_ALG_NULL}, |
| 32986 | 366 &NIST_P384} |
| 32987 | 367 # undef comma |
| 32988 | 368 # define comma , |
| 32989 | 369 #endif // ECC_NIST_P384 |
| 32990 | 370 #if defined ECC_NIST_P521 && ECC_NIST_P521 == YES |
| 32991 | 371 comma |
| 32992 | 372 {TPM_ECC_NIST_P521, |
| 32993 | 373 521, |
| 32994 | 374 {TPM_ALG_KDF1_SP800_56A,TPM_ALG_SHA512}, |
| 32995 | 375 {TPM_ALG_NULL,TPM_ALG_NULL}, |
| 32996 | 376 &NIST_P521} |
| 32997 | 377 # undef comma |
| 32998 | 378 # define comma , |
| 32999 | 379 #endif // ECC_NIST_P521 |
| 33000 | 380 #if defined ECC_BN_P256 && ECC_BN_P256 == YES |
| 33001 | 381 comma |
| 33002 | 382 {TPM_ECC_BN_P256, |
| 33003 | 383 256, |
| 33004 | 384 {TPM_ALG_NULL,TPM_ALG_NULL}, |
| 33005 | 385 {TPM_ALG_NULL,TPM_ALG_NULL}, |
| 33006 | 386 &BN_P256} |
| 33007 | 387 # undef comma |
| 33008 | 388 # define comma , |
| 33009 | 389 #endif // ECC_BN_P256 |
| 33010 | 390 #if defined ECC_BN_P638 && ECC_BN_P638 == YES |
| 33011 | 391 comma |
| 33012 | |
| 33013 | Family "2.0" TCG Published Page 477 |
| 33014 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 33015 | Trusted Platform Module Library Part 4: Supporting Routines |
| 33016 | |
| 33017 | 392 {TPM_ECC_BN_P638, |
| 33018 | 393 638, |
| 33019 | 394 {TPM_ALG_NULL,TPM_ALG_NULL}, |
| 33020 | 395 {TPM_ALG_NULL,TPM_ALG_NULL}, |
| 33021 | 396 &BN_P638} |
| 33022 | 397 # undef comma |
| 33023 | 398 # define comma , |
| 33024 | 399 #endif // ECC_BN_P638 |
| 33025 | 400 #if defined ECC_SM2_P256 && ECC_SM2_P256 == YES |
| 33026 | 401 comma |
| 33027 | 402 {TPM_ECC_SM2_P256, |
| 33028 | 403 256, |
| 33029 | 404 {TPM_ALG_KDF1_SP800_56A,TPM_ALG_SM3_256}, |
| 33030 | 405 {TPM_ALG_NULL,TPM_ALG_NULL}, |
| 33031 | 406 &SM2_P256} |
| 33032 | 407 # undef comma |
| 33033 | 408 # define comma , |
| 33034 | 409 #endif // ECC_SM2_P256 |
| 33035 | 410 }; |
| 33036 | 411 const UINT16 ECC_CURVE_COUNT = sizeof(eccCurves) / sizeof(ECC_CURVE); |
| 33037 | |
| 33038 | |
| 33039 | |
| 33040 | |
| 33041 | Page 478 TCG Published Family "2.0" |
| 33042 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 33043 | Part 4: Supporting Routines Trusted Platform Module Library |
| 33044 | |
| 33045 | |
| 33046 | B.13.3. CpriECC.c |
| 33047 | |
| 33048 | B.13.3.1. Includes and Defines |
| 33049 | |
| 33050 | Need to include OsslCryptEngine.h to determine if ECC is defined for this Implementation |
| 33051 | |
| 33052 | 1 #include "OsslCryptoEngine.h" |
| 33053 | 2 #ifdef TPM_ALG_ECC |
| 33054 | 3 #include "CpriDataEcc.h" |
| 33055 | 4 #include "CpriDataEcc.c" |
| 33056 | |
| 33057 | |
| 33058 | B.13.3.2. Functions |
| 33059 | |
| 33060 | B.13.3.2.1. _cpri__EccStartup() |
| 33061 | |
| 33062 | This function is called at TPM Startup to initialize the crypto units. |
| 33063 | In this implementation, no initialization is performed at startup but a future version may initialize the self- |
| 33064 | test functions here. |
| 33065 | |
| 33066 | 5 LIB_EXPORT BOOL |
| 33067 | 6 _cpri__EccStartup( |
| 33068 | 7 void |
| 33069 | 8 ) |
| 33070 | 9 { |
| 33071 | 10 return TRUE; |
| 33072 | 11 } |
| 33073 | |
| 33074 | |
| 33075 | B.13.3.2.2. _cpri__GetCurveIdByIndex() |
| 33076 | |
| 33077 | This function returns the number of the i-th implemented curve. The normal use would be to call this |
| 33078 | function with i starting at 0. When the i is greater than or equal to the number of implemented curves, |
| 33079 | TPM_ECC_NONE is returned. |
| 33080 | |
| 33081 | 12 LIB_EXPORT TPM_ECC_CURVE |
| 33082 | 13 _cpri__GetCurveIdByIndex( |
| 33083 | 14 UINT16 i |
| 33084 | 15 ) |
| 33085 | 16 { |
| 33086 | 17 if(i >= ECC_CURVE_COUNT) |
| 33087 | 18 return TPM_ECC_NONE; |
| 33088 | 19 return eccCurves[i].curveId; |
| 33089 | 20 } |
| 33090 | 21 LIB_EXPORT UINT32 |
| 33091 | 22 _cpri__EccGetCurveCount( |
| 33092 | 23 void |
| 33093 | 24 ) |
| 33094 | 25 { |
| 33095 | 26 return ECC_CURVE_COUNT; |
| 33096 | 27 } |
| 33097 | |
| 33098 | |
| 33099 | B.13.3.2.3. _cpri__EccGetParametersByCurveId() |
| 33100 | |
| 33101 | This function returns a pointer to the curve data that is associated with the indicated curveId. If there is no |
| 33102 | curve with the indicated ID, the function returns NULL. |
| 33103 | |
| 33104 | |
| 33105 | |
| 33106 | |
| 33107 | Family "2.0" TCG Published Page 479 |
| 33108 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 33109 | Trusted Platform Module Library Part 4: Supporting Routines |
| 33110 | |
| 33111 | |
| 33112 | Return Value Meaning |
| 33113 | |
| 33114 | NULL curve with the indicated TPM_ECC_CURVE value is not |
| 33115 | implemented |
| 33116 | non-NULL pointer to the curve data |
| 33117 | |
| 33118 | 28 LIB_EXPORT const ECC_CURVE * |
| 33119 | 29 _cpri__EccGetParametersByCurveId( |
| 33120 | 30 TPM_ECC_CURVE curveId // IN: the curveID |
| 33121 | 31 ) |
| 33122 | 32 { |
| 33123 | 33 int i; |
| 33124 | 34 for(i = 0; i < ECC_CURVE_COUNT; i++) |
| 33125 | 35 { |
| 33126 | 36 if(eccCurves[i].curveId == curveId) |
| 33127 | 37 return &eccCurves[i]; |
| 33128 | 38 } |
| 33129 | 39 FAIL(FATAL_ERROR_INTERNAL); |
| 33130 | 40 } |
| 33131 | 41 static const ECC_CURVE_DATA * |
| 33132 | 42 GetCurveData( |
| 33133 | 43 TPM_ECC_CURVE curveId // IN: the curveID |
| 33134 | 44 ) |
| 33135 | 45 { |
| 33136 | 46 const ECC_CURVE *curve = _cpri__EccGetParametersByCurveId(curveId); |
| 33137 | 47 return curve->curveData; |
| 33138 | 48 } |
| 33139 | |
| 33140 | |
| 33141 | B.13.3.2.4. Point2B() |
| 33142 | |
| 33143 | This function makes a TPMS_ECC_POINT from a BIGNUM EC_POINT. |
| 33144 | |
| 33145 | 49 static BOOL |
| 33146 | 50 Point2B( |
| 33147 | 51 EC_GROUP *group, // IN: group for the point |
| 33148 | 52 TPMS_ECC_POINT *p, // OUT: receives the converted point |
| 33149 | 53 EC_POINT *ecP, // IN: the point to convert |
| 33150 | 54 INT16 size, // IN: size of the coordinates |
| 33151 | 55 BN_CTX *context // IN: working context |
| 33152 | 56 ) |
| 33153 | 57 { |
| 33154 | 58 BIGNUM *bnX; |
| 33155 | 59 BIGNUM *bnY; |
| 33156 | 60 |
| 33157 | 61 BN_CTX_start(context); |
| 33158 | 62 bnX = BN_CTX_get(context); |
| 33159 | 63 bnY = BN_CTX_get(context); |
| 33160 | 64 |
| 33161 | 65 if( bnY == NULL |
| 33162 | 66 |
| 33163 | 67 // Get the coordinate values |
| 33164 | 68 || EC_POINT_get_affine_coordinates_GFp(group, ecP, bnX, bnY, context) != 1 |
| 33165 | 69 |
| 33166 | 70 // Convert x |
| 33167 | 71 || (!BnTo2B(&p->x.b, bnX, size)) |
| 33168 | 72 |
| 33169 | 73 // Convert y |
| 33170 | 74 || (!BnTo2B(&p->y.b, bnY, size)) |
| 33171 | 75 ) |
| 33172 | 76 FAIL(FATAL_ERROR_INTERNAL); |
| 33173 | 77 |
| 33174 | 78 BN_CTX_end(context); |
| 33175 | 79 return TRUE; |
| 33176 | |
| 33177 | Page 480 TCG Published Family "2.0" |
| 33178 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 33179 | Part 4: Supporting Routines Trusted Platform Module Library |
| 33180 | |
| 33181 | 80 } |
| 33182 | |
| 33183 | |
| 33184 | B.13.3.2.5. EccCurveInit() |
| 33185 | |
| 33186 | This function initializes the OpenSSL() group definition structure |
| 33187 | This function is only used within this file. |
| 33188 | It is a fatal error if groupContext is not provided. |
| 33189 | |
| 33190 | Return Value Meaning |
| 33191 | |
| 33192 | NULL the TPM_ECC_CURVE is not valid |
| 33193 | non-NULL points to a structure in groupContext static EC_GROUP * |
| 33194 | |
| 33195 | 81 static EC_GROUP * |
| 33196 | 82 EccCurveInit( |
| 33197 | 83 TPM_ECC_CURVE curveId, // IN: the ID of the curve |
| 33198 | 84 BN_CTX *groupContext // IN: the context in which the group is to be |
| 33199 | 85 // created |
| 33200 | 86 ) |
| 33201 | 87 { |
| 33202 | 88 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 33203 | 89 EC_GROUP *group = NULL; |
| 33204 | 90 EC_POINT *P = NULL; |
| 33205 | 91 BN_CTX *context; |
| 33206 | 92 BIGNUM *bnP; |
| 33207 | 93 BIGNUM *bnA; |
| 33208 | 94 BIGNUM *bnB; |
| 33209 | 95 BIGNUM *bnX; |
| 33210 | 96 BIGNUM *bnY; |
| 33211 | 97 BIGNUM *bnN; |
| 33212 | 98 BIGNUM *bnH; |
| 33213 | 99 int ok = FALSE; |
| 33214 | 100 |
| 33215 | 101 // Context must be provided and curve selector must be valid |
| 33216 | 102 pAssert(groupContext != NULL && curveData != NULL); |
| 33217 | 103 |
| 33218 | 104 context = BN_CTX_new(); |
| 33219 | 105 if(context == NULL) |
| 33220 | 106 FAIL(FATAL_ERROR_ALLOCATION); |
| 33221 | 107 |
| 33222 | 108 BN_CTX_start(context); |
| 33223 | 109 bnP = BN_CTX_get(context); |
| 33224 | 110 bnA = BN_CTX_get(context); |
| 33225 | 111 bnB = BN_CTX_get(context); |
| 33226 | 112 bnX = BN_CTX_get(context); |
| 33227 | 113 bnY = BN_CTX_get(context); |
| 33228 | 114 bnN = BN_CTX_get(context); |
| 33229 | 115 bnH = BN_CTX_get(context); |
| 33230 | 116 |
| 33231 | 117 if (bnH == NULL) |
| 33232 | 118 goto Cleanup; |
| 33233 | 119 |
| 33234 | 120 // Convert the number formats |
| 33235 | 121 |
| 33236 | 122 BnFrom2B(bnP, curveData->p); |
| 33237 | 123 BnFrom2B(bnA, curveData->a); |
| 33238 | 124 BnFrom2B(bnB, curveData->b); |
| 33239 | 125 BnFrom2B(bnX, curveData->x); |
| 33240 | 126 BnFrom2B(bnY, curveData->y); |
| 33241 | 127 BnFrom2B(bnN, curveData->n); |
| 33242 | 128 BnFrom2B(bnH, curveData->h); |
| 33243 | 129 |
| 33244 | |
| 33245 | Family "2.0" TCG Published Page 481 |
| 33246 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 33247 | Trusted Platform Module Library Part 4: Supporting Routines |
| 33248 | |
| 33249 | 130 // initialize EC group, associate a generator point and initialize the point |
| 33250 | 131 // from the parameter data |
| 33251 | 132 ok = ( (group = EC_GROUP_new_curve_GFp(bnP, bnA, bnB, groupContext)) != NULL |
| 33252 | 133 && (P = EC_POINT_new(group)) != NULL |
| 33253 | 134 && EC_POINT_set_affine_coordinates_GFp(group, P, bnX, bnY, groupContext) |
| 33254 | 135 && EC_GROUP_set_generator(group, P, bnN, bnH) |
| 33255 | 136 ); |
| 33256 | 137 Cleanup: |
| 33257 | 138 if (!ok && group != NULL) |
| 33258 | 139 { |
| 33259 | 140 EC_GROUP_free(group); |
| 33260 | 141 group = NULL; |
| 33261 | 142 } |
| 33262 | 143 if(P != NULL) |
| 33263 | 144 EC_POINT_free(P); |
| 33264 | 145 BN_CTX_end(context); |
| 33265 | 146 BN_CTX_free(context); |
| 33266 | 147 return group; |
| 33267 | 148 } |
| 33268 | |
| 33269 | |
| 33270 | B.13.3.2.6. PointFrom2B() |
| 33271 | |
| 33272 | This function sets the coordinates of an existing BN Point from a TPMS_ECC_POINT. |
| 33273 | |
| 33274 | 149 static EC_POINT * |
| 33275 | 150 PointFrom2B( |
| 33276 | 151 EC_GROUP *group, // IN: the group for the point |
| 33277 | 152 EC_POINT *ecP, // IN: an existing BN point in the group |
| 33278 | 153 TPMS_ECC_POINT *p, // IN: the 2B coordinates of the point |
| 33279 | 154 BN_CTX *context // IN: the BIGNUM context |
| 33280 | 155 ) |
| 33281 | 156 { |
| 33282 | 157 BIGNUM *bnX; |
| 33283 | 158 BIGNUM *bnY; |
| 33284 | 159 |
| 33285 | 160 // If the point is not allocated then just return a NULL |
| 33286 | 161 if(ecP == NULL) |
| 33287 | 162 return NULL; |
| 33288 | 163 |
| 33289 | 164 BN_CTX_start(context); |
| 33290 | 165 bnX = BN_CTX_get(context); |
| 33291 | 166 bnY = BN_CTX_get(context); |
| 33292 | 167 if( // Set the coordinates of the point |
| 33293 | 168 bnY == NULL |
| 33294 | 169 || BN_bin2bn(p->x.t.buffer, p->x.t.size, bnX) == NULL |
| 33295 | 170 || BN_bin2bn(p->y.t.buffer, p->y.t.size, bnY) == NULL |
| 33296 | 171 || !EC_POINT_set_affine_coordinates_GFp(group, ecP, bnX, bnY, context) |
| 33297 | 172 ) |
| 33298 | 173 FAIL(FATAL_ERROR_INTERNAL); |
| 33299 | 174 |
| 33300 | 175 BN_CTX_end(context); |
| 33301 | 176 return ecP; |
| 33302 | 177 } |
| 33303 | |
| 33304 | |
| 33305 | B.13.3.2.7. EccInitPoint2B() |
| 33306 | |
| 33307 | This function allocates a point in the provided group and initializes it with the values in a |
| 33308 | TPMS_ECC_POINT. |
| 33309 | |
| 33310 | 178 static EC_POINT * |
| 33311 | 179 EccInitPoint2B( |
| 33312 | 180 EC_GROUP *group, // IN: group for the point |
| 33313 | 181 TPMS_ECC_POINT *p, // IN: the coordinates for the point |
| 33314 | |
| 33315 | Page 482 TCG Published Family "2.0" |
| 33316 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 33317 | Part 4: Supporting Routines Trusted Platform Module Library |
| 33318 | |
| 33319 | 182 BN_CTX *context // IN: the BIGNUM context |
| 33320 | 183 ) |
| 33321 | 184 { |
| 33322 | 185 EC_POINT *ecP; |
| 33323 | 186 |
| 33324 | 187 BN_CTX_start(context); |
| 33325 | 188 ecP = EC_POINT_new(group); |
| 33326 | 189 |
| 33327 | 190 if(PointFrom2B(group, ecP, p, context) == NULL) |
| 33328 | 191 FAIL(FATAL_ERROR_INTERNAL); |
| 33329 | 192 |
| 33330 | 193 BN_CTX_end(context); |
| 33331 | 194 return ecP; |
| 33332 | 195 } |
| 33333 | |
| 33334 | |
| 33335 | B.13.3.2.8. PointMul() |
| 33336 | |
| 33337 | This function does a point multiply and checks for the result being the point at infinity. Q = ([A]G + [B]P) |
| 33338 | |
| 33339 | Return Value Meaning |
| 33340 | |
| 33341 | CRYPT_NO_RESULT point is at infinity |
| 33342 | CRYPT_SUCCESS point not at infinity |
| 33343 | |
| 33344 | 196 static CRYPT_RESULT |
| 33345 | 197 PointMul( |
| 33346 | 198 EC_GROUP *group, // IN: group curve |
| 33347 | 199 EC_POINT *ecpQ, // OUT: result |
| 33348 | 200 BIGNUM *bnA, // IN: scalar for [A]G |
| 33349 | 201 EC_POINT *ecpP, // IN: point for [B]P |
| 33350 | 202 BIGNUM *bnB, // IN: scalar for [B]P |
| 33351 | 203 BN_CTX *context // IN: working context |
| 33352 | 204 ) |
| 33353 | 205 { |
| 33354 | 206 if(EC_POINT_mul(group, ecpQ, bnA, ecpP, bnB, context) != 1) |
| 33355 | 207 FAIL(FATAL_ERROR_INTERNAL); |
| 33356 | 208 if(EC_POINT_is_at_infinity(group, ecpQ)) |
| 33357 | 209 return CRYPT_NO_RESULT; |
| 33358 | 210 return CRYPT_SUCCESS; |
| 33359 | 211 } |
| 33360 | |
| 33361 | |
| 33362 | B.13.3.2.9. GetRandomPrivate() |
| 33363 | |
| 33364 | This function gets a random value (d) to use as a private ECC key and then qualifies the key so that it is |
| 33365 | between 0 < d < n. |
| 33366 | It is a fatal error if dOut or pIn is not provided or if the size of pIn is larger than MAX_ECC_KEY_BYTES |
| 33367 | (the largest buffer size of a TPM2B_ECC_PARAMETER) |
| 33368 | |
| 33369 | 212 static void |
| 33370 | 213 GetRandomPrivate( |
| 33371 | 214 TPM2B_ECC_PARAMETER *dOut, // OUT: the qualified random value |
| 33372 | 215 const TPM2B *pIn // IN: the maximum value for the key |
| 33373 | 216 ) |
| 33374 | 217 { |
| 33375 | 218 int i; |
| 33376 | 219 BYTE *pb; |
| 33377 | 220 |
| 33378 | 221 pAssert(pIn != NULL && dOut != NULL && pIn->size <= MAX_ECC_KEY_BYTES); |
| 33379 | 222 |
| 33380 | 223 // Set the size of the output |
| 33381 | 224 dOut->t.size = pIn->size; |
| 33382 | |
| 33383 | Family "2.0" TCG Published Page 483 |
| 33384 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 33385 | Trusted Platform Module Library Part 4: Supporting Routines |
| 33386 | |
| 33387 | 225 // Get some random bits |
| 33388 | 226 while(TRUE) |
| 33389 | 227 { |
| 33390 | 228 _cpri__GenerateRandom(dOut->t.size, dOut->t.buffer); |
| 33391 | 229 // See if the d < n |
| 33392 | 230 if(memcmp(dOut->t.buffer, pIn->buffer, pIn->size) < 0) |
| 33393 | 231 { |
| 33394 | 232 // dOut < n so make sure that 0 < dOut |
| 33395 | 233 for(pb = dOut->t.buffer, i = dOut->t.size; i > 0; i--) |
| 33396 | 234 { |
| 33397 | 235 if(*pb++ != 0) |
| 33398 | 236 return; |
| 33399 | 237 } |
| 33400 | 238 } |
| 33401 | 239 } |
| 33402 | 240 } |
| 33403 | |
| 33404 | |
| 33405 | B.13.3.2.10. Mod2B() |
| 33406 | |
| 33407 | Function does modular reduction of TPM2B values. |
| 33408 | |
| 33409 | 241 static CRYPT_RESULT |
| 33410 | 242 Mod2B( |
| 33411 | 243 TPM2B *x, // IN/OUT: value to reduce |
| 33412 | 244 const TPM2B *n // IN: mod |
| 33413 | 245 ) |
| 33414 | 246 { |
| 33415 | 247 int compare; |
| 33416 | 248 compare = _math__uComp(x->size, x->buffer, n->size, n->buffer); |
| 33417 | 249 if(compare < 0) |
| 33418 | 250 // if x < n, then mod is x |
| 33419 | 251 return CRYPT_SUCCESS; |
| 33420 | 252 if(compare == 0) |
| 33421 | 253 { |
| 33422 | 254 // if x == n then mod is 0 |
| 33423 | 255 x->size = 0; |
| 33424 | 256 x->buffer[0] = 0; |
| 33425 | 257 return CRYPT_SUCCESS; |
| 33426 | 258 } |
| 33427 | 259 return _math__Div(x, n, NULL, x); |
| 33428 | 260 } |
| 33429 | |
| 33430 | |
| 33431 | B.13.3.2.11. _cpri__EccPointMultiply |
| 33432 | |
| 33433 | This function computes 'R := [dIn]G + [uIn]QIn. Where dIn and uIn are scalars, G and QIn are points on |
| 33434 | the specified curve and G is the default generator of the curve. |
| 33435 | The xOut and yOut parameters are optional and may be set to NULL if not used. |
| 33436 | It is not necessary to provide uIn if QIn is specified but one of uIn and dIn must be provided. If dIn and |
| 33437 | QIn are specified but uIn is not provided, then R = [dIn]QIn. |
| 33438 | If the multiply produces the point at infinity, the CRYPT_NO_RESULT is returned. |
| 33439 | The sizes of xOut and yOut' will be set to be the size of the degree of the curve |
| 33440 | It is a fatal error if dIn and uIn are both unspecified (NULL) or if Qin or Rout is unspecified. |
| 33441 | |
| 33442 | |
| 33443 | |
| 33444 | |
| 33445 | Page 484 TCG Published Family "2.0" |
| 33446 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 33447 | Part 4: Supporting Routines Trusted Platform Module Library |
| 33448 | |
| 33449 | |
| 33450 | Return Value Meaning |
| 33451 | |
| 33452 | CRYPT_SUCCESS point multiplication succeeded |
| 33453 | CRYPT_POINT the point Qin is not on the curve |
| 33454 | CRYPT_NO_RESULT the product point is at infinity |
| 33455 | |
| 33456 | 261 LIB_EXPORT CRYPT_RESULT |
| 33457 | 262 _cpri__EccPointMultiply( |
| 33458 | 263 TPMS_ECC_POINT *Rout, // OUT: the product point R |
| 33459 | 264 TPM_ECC_CURVE curveId, // IN: the curve to use |
| 33460 | 265 TPM2B_ECC_PARAMETER *dIn, // IN: value to multiply against the |
| 33461 | 266 // curve generator |
| 33462 | 267 TPMS_ECC_POINT *Qin, // IN: point Q |
| 33463 | 268 TPM2B_ECC_PARAMETER *uIn // IN: scalar value for the multiplier |
| 33464 | 269 // of Q |
| 33465 | 270 ) |
| 33466 | 271 { |
| 33467 | 272 BN_CTX *context; |
| 33468 | 273 BIGNUM *bnD; |
| 33469 | 274 BIGNUM *bnU; |
| 33470 | 275 EC_GROUP *group; |
| 33471 | 276 EC_POINT *R = NULL; |
| 33472 | 277 EC_POINT *Q = NULL; |
| 33473 | 278 CRYPT_RESULT retVal = CRYPT_SUCCESS; |
| 33474 | 279 |
| 33475 | 280 // Validate that the required parameters are provided. |
| 33476 | 281 pAssert((dIn != NULL || uIn != NULL) && (Qin != NULL || dIn != NULL)); |
| 33477 | 282 |
| 33478 | 283 // If a point is provided for the multiply, make sure that it is on the curve |
| 33479 | 284 if(Qin != NULL && !_cpri__EccIsPointOnCurve(curveId, Qin)) |
| 33480 | 285 return CRYPT_POINT; |
| 33481 | 286 |
| 33482 | 287 context = BN_CTX_new(); |
| 33483 | 288 if(context == NULL) |
| 33484 | 289 FAIL(FATAL_ERROR_ALLOCATION); |
| 33485 | 290 |
| 33486 | 291 BN_CTX_start(context); |
| 33487 | 292 bnU = BN_CTX_get(context); |
| 33488 | 293 bnD = BN_CTX_get(context); |
| 33489 | 294 group = EccCurveInit(curveId, context); |
| 33490 | 295 |
| 33491 | 296 // There should be no path for getting a bad curve ID into this function. |
| 33492 | 297 pAssert(group != NULL); |
| 33493 | 298 |
| 33494 | 299 // check allocations should have worked and allocate R |
| 33495 | 300 if( bnD == NULL |
| 33496 | 301 || (R = EC_POINT_new(group)) == NULL) |
| 33497 | 302 FAIL(FATAL_ERROR_ALLOCATION); |
| 33498 | 303 |
| 33499 | 304 // If Qin is present, create the point |
| 33500 | 305 if(Qin != NULL) |
| 33501 | 306 { |
| 33502 | 307 // Assume the size variables do not overflow. This should not happen in |
| 33503 | 308 // the contexts in which this function will be called. |
| 33504 | 309 assert2Bsize(Qin->x.t); |
| 33505 | 310 assert2Bsize(Qin->x.t); |
| 33506 | 311 Q = EccInitPoint2B(group, Qin, context); |
| 33507 | 312 |
| 33508 | 313 } |
| 33509 | 314 if(dIn != NULL) |
| 33510 | 315 { |
| 33511 | 316 // Assume the size variables do not overflow, which should not happen in |
| 33512 | 317 // the contexts that this function will be called. |
| 33513 | 318 assert2Bsize(dIn->t); |
| 33514 | |
| 33515 | Family "2.0" TCG Published Page 485 |
| 33516 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 33517 | Trusted Platform Module Library Part 4: Supporting Routines |
| 33518 | |
| 33519 | 319 BnFrom2B(bnD, &dIn->b); |
| 33520 | 320 } |
| 33521 | 321 else |
| 33522 | 322 bnD = NULL; |
| 33523 | 323 |
| 33524 | 324 // If uIn is specified, initialize its BIGNUM |
| 33525 | 325 if(uIn != NULL) |
| 33526 | 326 { |
| 33527 | 327 // Assume the size variables do not overflow, which should not happen in |
| 33528 | 328 // the contexts that this function will be called. |
| 33529 | 329 assert2Bsize(uIn->t); |
| 33530 | 330 BnFrom2B(bnU, &uIn->b); |
| 33531 | 331 } |
| 33532 | 332 // If uIn is not specified but Q is, then we are going to |
| 33533 | 333 // do R = [d]Q |
| 33534 | 334 else if(Qin != NULL) |
| 33535 | 335 { |
| 33536 | 336 bnU = bnD; |
| 33537 | 337 bnD = NULL; |
| 33538 | 338 } |
| 33539 | 339 // If neither Q nor u is specified, then null this pointer |
| 33540 | 340 else |
| 33541 | 341 bnU = NULL; |
| 33542 | 342 |
| 33543 | 343 // Use the generator of the curve |
| 33544 | 344 if((retVal = PointMul(group, R, bnD, Q, bnU, context)) == CRYPT_SUCCESS) |
| 33545 | 345 Point2B(group, Rout, R, (INT16) BN_num_bytes(&group->field), context); |
| 33546 | 346 |
| 33547 | 347 if (Q) |
| 33548 | 348 EC_POINT_free(Q); |
| 33549 | 349 if(R) |
| 33550 | 350 EC_POINT_free(R); |
| 33551 | 351 if(group) |
| 33552 | 352 EC_GROUP_free(group); |
| 33553 | 353 BN_CTX_end(context); |
| 33554 | 354 BN_CTX_free(context); |
| 33555 | 355 return retVal; |
| 33556 | 356 } |
| 33557 | |
| 33558 | |
| 33559 | B.13.3.2.12. ClearPoint2B() |
| 33560 | |
| 33561 | Initialize the size values of a point |
| 33562 | |
| 33563 | 357 static void |
| 33564 | 358 ClearPoint2B( |
| 33565 | 359 TPMS_ECC_POINT *p // IN: the point |
| 33566 | 360 ) |
| 33567 | 361 { |
| 33568 | 362 if(p != NULL) { |
| 33569 | 363 p->x.t.size = 0; |
| 33570 | 364 p->y.t.size = 0; |
| 33571 | 365 } |
| 33572 | 366 } |
| 33573 | 367 #if defined TPM_ALG_ECDAA || defined TPM_ALG_SM2 //% |
| 33574 | |
| 33575 | |
| 33576 | B.13.3.2.13. _cpri__EccCommitCompute() |
| 33577 | |
| 33578 | This function performs the point multiply operations required by TPM2_Commit(). |
| 33579 | If B or M is provided, they must be on the curve defined by curveId. This routine does not check that they |
| 33580 | are on the curve and results are unpredictable if they are not. |
| 33581 | |
| 33582 | |
| 33583 | |
| 33584 | Page 486 TCG Published Family "2.0" |
| 33585 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 33586 | Part 4: Supporting Routines Trusted Platform Module Library |
| 33587 | |
| 33588 | |
| 33589 | It is a fatal error if r or d is NULL. If B is not NULL, then it is a fatal error if K and L are both NULL. If M is |
| 33590 | not NULL, then it is a fatal error if E is NULL. |
| 33591 | |
| 33592 | Return Value Meaning |
| 33593 | |
| 33594 | CRYPT_SUCCESS computations completed normally |
| 33595 | CRYPT_NO_RESULT if K, L or E was computed to be the point at infinity |
| 33596 | CRYPT_CANCEL a cancel indication was asserted during this function |
| 33597 | |
| 33598 | 368 LIB_EXPORT CRYPT_RESULT |
| 33599 | 369 _cpri__EccCommitCompute( |
| 33600 | 370 TPMS_ECC_POINT *K, // OUT: [d]B or [r]Q |
| 33601 | 371 TPMS_ECC_POINT *L, // OUT: [r]B |
| 33602 | 372 TPMS_ECC_POINT *E, // OUT: [r]M |
| 33603 | 373 TPM_ECC_CURVE curveId, // IN: the curve for the computations |
| 33604 | 374 TPMS_ECC_POINT *M, // IN: M (optional) |
| 33605 | 375 TPMS_ECC_POINT *B, // IN: B (optional) |
| 33606 | 376 TPM2B_ECC_PARAMETER *d, // IN: d (required) |
| 33607 | 377 TPM2B_ECC_PARAMETER *r // IN: the computed r value (required) |
| 33608 | 378 ) |
| 33609 | 379 { |
| 33610 | 380 BN_CTX *context; |
| 33611 | 381 BIGNUM *bnX, *bnY, *bnR, *bnD; |
| 33612 | 382 EC_GROUP *group; |
| 33613 | 383 EC_POINT *pK = NULL, *pL = NULL, *pE = NULL, *pM = NULL, *pB = NULL; |
| 33614 | 384 UINT16 keySizeInBytes; |
| 33615 | 385 CRYPT_RESULT retVal = CRYPT_SUCCESS; |
| 33616 | 386 |
| 33617 | 387 // Validate that the required parameters are provided. |
| 33618 | 388 // Note: E has to be provided if computing E := [r]Q or E := [r]M. Will do |
| 33619 | 389 // E := [r]Q if both M and B are NULL. |
| 33620 | 390 pAssert( r != NULL && (K != NULL || B == NULL) && (L != NULL || B == NULL) |
| 33621 | 391 || (E != NULL || (M == NULL && B != NULL))); |
| 33622 | 392 |
| 33623 | 393 context = BN_CTX_new(); |
| 33624 | 394 if(context == NULL) |
| 33625 | 395 FAIL(FATAL_ERROR_ALLOCATION); |
| 33626 | 396 BN_CTX_start(context); |
| 33627 | 397 bnR = BN_CTX_get(context); |
| 33628 | 398 bnD = BN_CTX_get(context); |
| 33629 | 399 bnX = BN_CTX_get(context); |
| 33630 | 400 bnY = BN_CTX_get(context); |
| 33631 | 401 if(bnY == NULL) |
| 33632 | 402 FAIL(FATAL_ERROR_ALLOCATION); |
| 33633 | 403 |
| 33634 | 404 // Initialize the output points in case they are not computed |
| 33635 | 405 ClearPoint2B(K); |
| 33636 | 406 ClearPoint2B(L); |
| 33637 | 407 ClearPoint2B(E); |
| 33638 | 408 |
| 33639 | 409 if((group = EccCurveInit(curveId, context)) == NULL) |
| 33640 | 410 { |
| 33641 | 411 retVal = CRYPT_PARAMETER; |
| 33642 | 412 goto Cleanup2; |
| 33643 | 413 } |
| 33644 | 414 keySizeInBytes = (UINT16) BN_num_bytes(&group->field); |
| 33645 | 415 |
| 33646 | 416 // Sizes of the r and d parameters may not be zero |
| 33647 | 417 pAssert(((int) r->t.size > 0) && ((int) d->t.size > 0)); |
| 33648 | 418 |
| 33649 | 419 // Convert scalars to BIGNUM |
| 33650 | 420 BnFrom2B(bnR, &r->b); |
| 33651 | 421 BnFrom2B(bnD, &d->b); |
| 33652 | 422 |
| 33653 | |
| 33654 | Family "2.0" TCG Published Page 487 |
| 33655 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 33656 | Trusted Platform Module Library Part 4: Supporting Routines |
| 33657 | |
| 33658 | 423 // If B is provided, compute K=[d]B and L=[r]B |
| 33659 | 424 if(B != NULL) |
| 33660 | 425 { |
| 33661 | 426 // Allocate the points to receive the value |
| 33662 | 427 if( (pK = EC_POINT_new(group)) == NULL |
| 33663 | 428 || (pL = EC_POINT_new(group)) == NULL) |
| 33664 | 429 FAIL(FATAL_ERROR_ALLOCATION); |
| 33665 | 430 // need to compute K = [d]B |
| 33666 | 431 // Allocate and initialize BIGNUM version of B |
| 33667 | 432 pB = EccInitPoint2B(group, B, context); |
| 33668 | 433 |
| 33669 | 434 // do the math for K = [d]B |
| 33670 | 435 if((retVal = PointMul(group, pK, NULL, pB, bnD, context)) != CRYPT_SUCCESS) |
| 33671 | 436 goto Cleanup; |
| 33672 | 437 |
| 33673 | 438 // Convert BN K to TPM2B K |
| 33674 | 439 Point2B(group, K, pK, (INT16)keySizeInBytes, context); |
| 33675 | 440 |
| 33676 | 441 // compute L= [r]B after checking for cancel |
| 33677 | 442 if(_plat__IsCanceled()) |
| 33678 | 443 { |
| 33679 | 444 retVal = CRYPT_CANCEL; |
| 33680 | 445 goto Cleanup; |
| 33681 | 446 } |
| 33682 | 447 // compute L = [r]B |
| 33683 | 448 if((retVal = PointMul(group, pL, NULL, pB, bnR, context)) != CRYPT_SUCCESS) |
| 33684 | 449 goto Cleanup; |
| 33685 | 450 |
| 33686 | 451 // Convert BN L to TPM2B L |
| 33687 | 452 Point2B(group, L, pL, (INT16)keySizeInBytes, context); |
| 33688 | 453 } |
| 33689 | 454 if(M != NULL || B == NULL) |
| 33690 | 455 { |
| 33691 | 456 // if this is the third point multiply, check for cancel first |
| 33692 | 457 if(B != NULL && _plat__IsCanceled()) |
| 33693 | 458 { |
| 33694 | 459 retVal = CRYPT_CANCEL; |
| 33695 | 460 goto Cleanup; |
| 33696 | 461 } |
| 33697 | 462 |
| 33698 | 463 // Allocate E |
| 33699 | 464 if((pE = EC_POINT_new(group)) == NULL) |
| 33700 | 465 FAIL(FATAL_ERROR_ALLOCATION); |
| 33701 | 466 |
| 33702 | 467 // Create BIGNUM version of M unless M is NULL |
| 33703 | 468 if(M != NULL) |
| 33704 | 469 { |
| 33705 | 470 // M provided so initialize a BIGNUM M and compute E = [r]M |
| 33706 | 471 pM = EccInitPoint2B(group, M, context); |
| 33707 | 472 retVal = PointMul(group, pE, NULL, pM, bnR, context); |
| 33708 | 473 } |
| 33709 | 474 else |
| 33710 | 475 // compute E = [r]G (this is only done if M and B are both NULL |
| 33711 | 476 retVal = PointMul(group, pE, bnR, NULL, NULL, context); |
| 33712 | 477 |
| 33713 | 478 if(retVal == CRYPT_SUCCESS) |
| 33714 | 479 // Convert E to 2B format |
| 33715 | 480 Point2B(group, E, pE, (INT16)keySizeInBytes, context); |
| 33716 | 481 } |
| 33717 | 482 Cleanup: |
| 33718 | 483 EC_GROUP_free(group); |
| 33719 | 484 if(pK != NULL) EC_POINT_free(pK); |
| 33720 | 485 if(pL != NULL) EC_POINT_free(pL); |
| 33721 | 486 if(pE != NULL) EC_POINT_free(pE); |
| 33722 | 487 if(pM != NULL) EC_POINT_free(pM); |
| 33723 | 488 if(pB != NULL) EC_POINT_free(pB); |
| 33724 | |
| 33725 | Page 488 TCG Published Family "2.0" |
| 33726 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 33727 | Part 4: Supporting Routines Trusted Platform Module Library |
| 33728 | |
| 33729 | 489 Cleanup2: |
| 33730 | 490 BN_CTX_end(context); |
| 33731 | 491 BN_CTX_free(context); |
| 33732 | 492 return retVal; |
| 33733 | 493 } |
| 33734 | 494 #endif //% |
| 33735 | |
| 33736 | |
| 33737 | B.13.3.2.14. _cpri__EccIsPointOnCurve() |
| 33738 | |
| 33739 | This function is used to test if a point is on a defined curve. It does this by checking that y^2 mod p = x^3 |
| 33740 | + a*x + b mod p |
| 33741 | It is a fatal error if Q is not specified (is NULL). |
| 33742 | |
| 33743 | Return Value Meaning |
| 33744 | |
| 33745 | TRUE point is on curve |
| 33746 | FALSE point is not on curve or curve is not supported |
| 33747 | |
| 33748 | 495 LIB_EXPORT BOOL |
| 33749 | 496 _cpri__EccIsPointOnCurve( |
| 33750 | 497 TPM_ECC_CURVE curveId, // IN: the curve selector |
| 33751 | 498 TPMS_ECC_POINT *Q // IN: the point. |
| 33752 | 499 ) |
| 33753 | 500 { |
| 33754 | 501 BN_CTX *context; |
| 33755 | 502 BIGNUM *bnX; |
| 33756 | 503 BIGNUM *bnY; |
| 33757 | 504 BIGNUM *bnA; |
| 33758 | 505 BIGNUM *bnB; |
| 33759 | 506 BIGNUM *bnP; |
| 33760 | 507 BIGNUM *bn3; |
| 33761 | 508 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 33762 | 509 BOOL retVal; |
| 33763 | 510 |
| 33764 | 511 pAssert(Q != NULL && curveData != NULL); |
| 33765 | 512 |
| 33766 | 513 if((context = BN_CTX_new()) == NULL) |
| 33767 | 514 FAIL(FATAL_ERROR_ALLOCATION); |
| 33768 | 515 BN_CTX_start(context); |
| 33769 | 516 bnX = BN_CTX_get(context); |
| 33770 | 517 bnY = BN_CTX_get(context); |
| 33771 | 518 bnA = BN_CTX_get(context); |
| 33772 | 519 bnB = BN_CTX_get(context); |
| 33773 | 520 bn3 = BN_CTX_get(context); |
| 33774 | 521 bnP = BN_CTX_get(context); |
| 33775 | 522 if(bnP == NULL) |
| 33776 | 523 FAIL(FATAL_ERROR_ALLOCATION); |
| 33777 | 524 |
| 33778 | 525 // Convert values |
| 33779 | 526 if ( !BN_bin2bn(Q->x.t.buffer, Q->x.t.size, bnX) |
| 33780 | 527 || !BN_bin2bn(Q->y.t.buffer, Q->y.t.size, bnY) |
| 33781 | 528 || !BN_bin2bn(curveData->p->buffer, curveData->p->size, bnP) |
| 33782 | 529 || !BN_bin2bn(curveData->a->buffer, curveData->a->size, bnA) |
| 33783 | 530 || !BN_set_word(bn3, 3) |
| 33784 | 531 || !BN_bin2bn(curveData->b->buffer, curveData->b->size, bnB) |
| 33785 | 532 ) |
| 33786 | 533 FAIL(FATAL_ERROR_INTERNAL); |
| 33787 | 534 |
| 33788 | 535 // The following sequence is probably not optimal but it seems to be correct. |
| 33789 | 536 // compute x^3 + a*x + b mod p |
| 33790 | 537 // first, compute a*x mod p |
| 33791 | 538 if( !BN_mod_mul(bnA, bnA, bnX, bnP, context) |
| 33792 | |
| 33793 | |
| 33794 | Family "2.0" TCG Published Page 489 |
| 33795 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 33796 | Trusted Platform Module Library Part 4: Supporting Routines |
| 33797 | |
| 33798 | 539 // next, compute a*x + b mod p |
| 33799 | 540 || !BN_mod_add(bnA, bnA, bnB, bnP, context) |
| 33800 | 541 // next, compute X^3 mod p |
| 33801 | 542 || !BN_mod_exp(bnX, bnX, bn3, bnP, context) |
| 33802 | 543 // finally, compute x^3 + a*x + b mod p |
| 33803 | 544 || !BN_mod_add(bnX, bnX, bnA, bnP, context) |
| 33804 | 545 // then compute y^2 |
| 33805 | 546 || !BN_mod_mul(bnY, bnY, bnY, bnP, context) |
| 33806 | 547 ) |
| 33807 | 548 FAIL(FATAL_ERROR_INTERNAL); |
| 33808 | 549 |
| 33809 | 550 retVal = BN_cmp(bnX, bnY) == 0; |
| 33810 | 551 BN_CTX_end(context); |
| 33811 | 552 BN_CTX_free(context); |
| 33812 | 553 return retVal; |
| 33813 | 554 } |
| 33814 | |
| 33815 | |
| 33816 | B.13.3.2.15. _cpri__GenerateKeyEcc() |
| 33817 | |
| 33818 | This function generates an ECC key pair based on the input parameters. This routine uses KDFa() to |
| 33819 | produce candidate numbers. The method is according to FIPS 186-3, section B.4.1 "GKey() Pair |
| 33820 | Generation Using Extra Random Bits." According to the method in FIPS 186-3, the resulting private value |
| 33821 | d should be 1 <= d < n where n is the order of the base point. In this implementation, the range of the |
| 33822 | private value is further restricted to be 2^(nLen/2) <= d < n where nLen is the order of n. |
| 33823 | |
| 33824 | EXAMPLE: If the curve is NIST-P256, then nLen is 256 bits and d will need to be between 2^128 <= d < n |
| 33825 | |
| 33826 | It is a fatal error if Qout, dOut, or seed is not provided (is NULL). |
| 33827 | |
| 33828 | Return Value Meaning |
| 33829 | |
| 33830 | CRYPT_PARAMETER the hash algorithm is not supported |
| 33831 | |
| 33832 | 555 LIB_EXPORT CRYPT_RESULT |
| 33833 | 556 _cpri__GenerateKeyEcc( |
| 33834 | 557 TPMS_ECC_POINT *Qout, // OUT: the public point |
| 33835 | 558 TPM2B_ECC_PARAMETER *dOut, // OUT: the private scalar |
| 33836 | 559 TPM_ECC_CURVE curveId, // IN: the curve identifier |
| 33837 | 560 TPM_ALG_ID hashAlg, // IN: hash algorithm to use in the key |
| 33838 | 561 // generation process |
| 33839 | 562 TPM2B *seed, // IN: the seed to use |
| 33840 | 563 const char *label, // IN: A label for the generation |
| 33841 | 564 // process. |
| 33842 | 565 TPM2B *extra, // IN: Party 1 data for the KDF |
| 33843 | 566 UINT32 *counter // IN/OUT: Counter value to allow KDF |
| 33844 | 567 // iteration to be propagated across |
| 33845 | 568 // multiple functions |
| 33846 | 569 ) |
| 33847 | 570 { |
| 33848 | 571 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 33849 | 572 INT16 keySizeInBytes; |
| 33850 | 573 UINT32 count = 0; |
| 33851 | 574 CRYPT_RESULT retVal; |
| 33852 | 575 UINT16 hLen = _cpri__GetDigestSize(hashAlg); |
| 33853 | 576 BIGNUM *bnNm1; // Order of the curve minus one |
| 33854 | 577 BIGNUM *bnD; // the private scalar |
| 33855 | 578 BN_CTX *context; // the context for the BIGNUM values |
| 33856 | 579 BYTE withExtra[MAX_ECC_KEY_BYTES + 8]; // trial key with |
| 33857 | 580 //extra bits |
| 33858 | 581 TPM2B_4_BYTE_VALUE marshaledCounter = {4, {0}}; |
| 33859 | 582 UINT32 totalBits; |
| 33860 | 583 |
| 33861 | 584 // Validate parameters (these are fatal) |
| 33862 | |
| 33863 | Page 490 TCG Published Family "2.0" |
| 33864 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 33865 | Part 4: Supporting Routines Trusted Platform Module Library |
| 33866 | |
| 33867 | 585 pAssert( seed != NULL && dOut != NULL && Qout != NULL && curveData != NULL); |
| 33868 | 586 |
| 33869 | 587 // Non-fatal parameter checks. |
| 33870 | 588 if(hLen <= 0) |
| 33871 | 589 return CRYPT_PARAMETER; |
| 33872 | 590 |
| 33873 | 591 // allocate the local BN values |
| 33874 | 592 context = BN_CTX_new(); |
| 33875 | 593 if(context == NULL) |
| 33876 | 594 FAIL(FATAL_ERROR_ALLOCATION); |
| 33877 | 595 BN_CTX_start(context); |
| 33878 | 596 bnNm1 = BN_CTX_get(context); |
| 33879 | 597 bnD = BN_CTX_get(context); |
| 33880 | 598 |
| 33881 | 599 // The size of the input scalars is limited by the size of the size of a |
| 33882 | 600 // TPM2B_ECC_PARAMETER. Make sure that it is not irrational. |
| 33883 | 601 pAssert((int) curveData->n->size <= MAX_ECC_KEY_BYTES); |
| 33884 | 602 |
| 33885 | 603 if( bnD == NULL |
| 33886 | 604 || BN_bin2bn(curveData->n->buffer, curveData->n->size, bnNm1) == NULL |
| 33887 | 605 || (keySizeInBytes = (INT16) BN_num_bytes(bnNm1)) > MAX_ECC_KEY_BYTES) |
| 33888 | 606 FAIL(FATAL_ERROR_INTERNAL); |
| 33889 | 607 |
| 33890 | 608 // get the total number of bits |
| 33891 | 609 totalBits = BN_num_bits(bnNm1) + 64; |
| 33892 | 610 |
| 33893 | 611 // Reduce bnNm1 from 'n' to 'n' - 1 |
| 33894 | 612 BN_sub_word(bnNm1, 1); |
| 33895 | 613 |
| 33896 | 614 // Initialize the count value |
| 33897 | 615 if(counter != NULL) |
| 33898 | 616 count = *counter; |
| 33899 | 617 if(count == 0) |
| 33900 | 618 count = 1; |
| 33901 | 619 |
| 33902 | 620 // Start search for key (should be quick) |
| 33903 | 621 for(; count != 0; count++) |
| 33904 | 622 { |
| 33905 | 623 |
| 33906 | 624 UINT32_TO_BYTE_ARRAY(count, marshaledCounter.t.buffer); |
| 33907 | 625 _cpri__KDFa(hashAlg, seed, label, extra, &marshaledCounter.b, |
| 33908 | 626 totalBits, withExtra, NULL, FALSE); |
| 33909 | 627 |
| 33910 | 628 // Convert the result and modular reduce |
| 33911 | 629 // Assume the size variables do not overflow, which should not happen in |
| 33912 | 630 // the contexts that this function will be called. |
| 33913 | 631 pAssert(keySizeInBytes <= MAX_ECC_KEY_BYTES); |
| 33914 | 632 if ( BN_bin2bn(withExtra, keySizeInBytes+8, bnD) == NULL |
| 33915 | 633 || BN_mod(bnD, bnD, bnNm1, context) != 1) |
| 33916 | 634 FAIL(FATAL_ERROR_INTERNAL); |
| 33917 | 635 |
| 33918 | 636 // Add one to get 0 < d < n |
| 33919 | 637 BN_add_word(bnD, 1); |
| 33920 | 638 if(BnTo2B(&dOut->b, bnD, keySizeInBytes) != 1) |
| 33921 | 639 FAIL(FATAL_ERROR_INTERNAL); |
| 33922 | 640 |
| 33923 | 641 // Do the point multiply to create the public portion of the key. If |
| 33924 | 642 // the multiply generates the point at infinity (unlikely), do another |
| 33925 | 643 // iteration. |
| 33926 | 644 if( (retVal = _cpri__EccPointMultiply(Qout, curveId, dOut, NULL, NULL)) |
| 33927 | 645 != CRYPT_NO_RESULT) |
| 33928 | 646 break; |
| 33929 | 647 } |
| 33930 | 648 |
| 33931 | 649 if(count == 0) // if counter wrapped, then the TPM should go into failure mode |
| 33932 | 650 FAIL(FATAL_ERROR_INTERNAL); |
| 33933 | |
| 33934 | Family "2.0" TCG Published Page 491 |
| 33935 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 33936 | Trusted Platform Module Library Part 4: Supporting Routines |
| 33937 | |
| 33938 | 651 |
| 33939 | 652 // Free up allocated BN values |
| 33940 | 653 BN_CTX_end(context); |
| 33941 | 654 BN_CTX_free(context); |
| 33942 | 655 if(counter != NULL) |
| 33943 | 656 *counter = count; |
| 33944 | 657 return retVal; |
| 33945 | 658 } |
| 33946 | |
| 33947 | |
| 33948 | B.13.3.2.16. _cpri__GetEphemeralEcc() |
| 33949 | |
| 33950 | This function creates an ephemeral ECC. It is ephemeral in that is expected that the private part of the |
| 33951 | key will be discarded |
| 33952 | |
| 33953 | 659 LIB_EXPORT CRYPT_RESULT |
| 33954 | 660 _cpri__GetEphemeralEcc( |
| 33955 | 661 TPMS_ECC_POINT *Qout, // OUT: the public point |
| 33956 | 662 TPM2B_ECC_PARAMETER *dOut, // OUT: the private scalar |
| 33957 | 663 TPM_ECC_CURVE curveId // IN: the curve for the key |
| 33958 | 664 ) |
| 33959 | 665 { |
| 33960 | 666 CRYPT_RESULT retVal; |
| 33961 | 667 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 33962 | 668 |
| 33963 | 669 pAssert(curveData != NULL); |
| 33964 | 670 |
| 33965 | 671 // Keep getting random values until one is found that doesn't create a point |
| 33966 | 672 // at infinity. This will never, ever, ever, ever, ever, happen but if it does |
| 33967 | 673 // we have to get a next random value. |
| 33968 | 674 while(TRUE) |
| 33969 | 675 { |
| 33970 | 676 GetRandomPrivate(dOut, curveData->p); |
| 33971 | 677 |
| 33972 | 678 // _cpri__EccPointMultiply does not return CRYPT_ECC_POINT if no point is |
| 33973 | 679 // provided. CRYPT_PARAMTER should not be returned because the curve ID |
| 33974 | 680 // has to be supported. Thus the only possible error is CRYPT_NO_RESULT. |
| 33975 | 681 retVal = _cpri__EccPointMultiply(Qout, curveId, dOut, NULL, NULL); |
| 33976 | 682 if(retVal != CRYPT_NO_RESULT) |
| 33977 | 683 return retVal; // Will return CRYPT_SUCCESS |
| 33978 | 684 } |
| 33979 | 685 } |
| 33980 | 686 #ifdef TPM_ALG_ECDSA //% |
| 33981 | |
| 33982 | |
| 33983 | B.13.3.2.17. SignEcdsa() |
| 33984 | |
| 33985 | This function implements the ECDSA signing algorithm. The method is described in the comments below. |
| 33986 | It is a fatal error if rOut, sOut, dIn, or digest are not provided. |
| 33987 | |
| 33988 | 687 LIB_EXPORT CRYPT_RESULT |
| 33989 | 688 SignEcdsa( |
| 33990 | 689 TPM2B_ECC_PARAMETER *rOut, // OUT: r component of the signature |
| 33991 | 690 TPM2B_ECC_PARAMETER *sOut, // OUT: s component of the signature |
| 33992 | 691 TPM_ECC_CURVE curveId, // IN: the curve used in the signature |
| 33993 | 692 // process |
| 33994 | 693 TPM2B_ECC_PARAMETER *dIn, // IN: the private key |
| 33995 | 694 TPM2B *digest // IN: the value to sign |
| 33996 | 695 ) |
| 33997 | 696 { |
| 33998 | 697 BIGNUM *bnK; |
| 33999 | 698 BIGNUM *bnIk; |
| 34000 | 699 BIGNUM *bnN; |
| 34001 | 700 BIGNUM *bnR; |
| 34002 | |
| 34003 | |
| 34004 | Page 492 TCG Published Family "2.0" |
| 34005 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 34006 | Part 4: Supporting Routines Trusted Platform Module Library |
| 34007 | |
| 34008 | 701 BIGNUM *bnD; |
| 34009 | 702 BIGNUM *bnZ; |
| 34010 | 703 TPM2B_ECC_PARAMETER k; |
| 34011 | 704 TPMS_ECC_POINT R; |
| 34012 | 705 BN_CTX *context; |
| 34013 | 706 CRYPT_RESULT retVal = CRYPT_SUCCESS; |
| 34014 | 707 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 34015 | 708 |
| 34016 | 709 pAssert(rOut != NULL && sOut != NULL && dIn != NULL && digest != NULL); |
| 34017 | 710 |
| 34018 | 711 context = BN_CTX_new(); |
| 34019 | 712 if(context == NULL) |
| 34020 | 713 FAIL(FATAL_ERROR_ALLOCATION); |
| 34021 | 714 BN_CTX_start(context); |
| 34022 | 715 bnN = BN_CTX_get(context); |
| 34023 | 716 bnZ = BN_CTX_get(context); |
| 34024 | 717 bnR = BN_CTX_get(context); |
| 34025 | 718 bnD = BN_CTX_get(context); |
| 34026 | 719 bnIk = BN_CTX_get(context); |
| 34027 | 720 bnK = BN_CTX_get(context); |
| 34028 | 721 // Assume the size variables do not overflow, which should not happen in |
| 34029 | 722 // the contexts that this function will be called. |
| 34030 | 723 pAssert(curveData->n->size <= MAX_ECC_PARAMETER_BYTES); |
| 34031 | 724 if( bnK == NULL |
| 34032 | 725 || BN_bin2bn(curveData->n->buffer, curveData->n->size, bnN) == NULL) |
| 34033 | 726 FAIL(FATAL_ERROR_INTERNAL); |
| 34034 | 727 |
| 34035 | 728 // The algorithm as described in "Suite B Implementer's Guide to FIPS 186-3(ECDSA)" |
| 34036 | 729 // 1. Use one of the routines in Appendix A.2 to generate (k, k^-1), a per-message |
| 34037 | 730 // secret number and its inverse modulo n. Since n is prime, the |
| 34038 | 731 // output will be invalid only if there is a failure in the RBG. |
| 34039 | 732 // 2. Compute the elliptic curve point R = [k]G = (xR, yR) using EC scalar |
| 34040 | 733 // multiplication (see [Routines]), where G is the base point included in |
| 34041 | 734 // the set of domain parameters. |
| 34042 | 735 // 3. Compute r = xR mod n. If r = 0, then return to Step 1. 1. |
| 34043 | 736 // 4. Use the selected hash function to compute H = Hash(M). |
| 34044 | 737 // 5. Convert the bit string H to an integer e as described in Appendix B.2. |
| 34045 | 738 // 6. Compute s = (k^-1 * (e + d * r)) mod n. If s = 0, return to Step 1.2. |
| 34046 | 739 // 7. Return (r, s). |
| 34047 | 740 |
| 34048 | 741 // Generate a random value k in the range 1 <= k < n |
| 34049 | 742 // Want a K value that is the same size as the curve order |
| 34050 | 743 k.t.size = curveData->n->size; |
| 34051 | 744 |
| 34052 | 745 while(TRUE) // This implements the loop at step 6. If s is zero, start over. |
| 34053 | 746 { |
| 34054 | 747 while(TRUE) |
| 34055 | 748 { |
| 34056 | 749 // Step 1 and 2 -- generate an ephemeral key and the modular inverse |
| 34057 | 750 // of the private key. |
| 34058 | 751 while(TRUE) |
| 34059 | 752 { |
| 34060 | 753 GetRandomPrivate(&k, curveData->n); |
| 34061 | 754 |
| 34062 | 755 // Do the point multiply to generate a point and check to see if |
| 34063 | 756 // the point it at infinity |
| 34064 | 757 if( _cpri__EccPointMultiply(&R, curveId, &k, NULL, NULL) |
| 34065 | 758 != CRYPT_NO_RESULT) |
| 34066 | 759 break; // can only be CRYPT_SUCCESS |
| 34067 | 760 } |
| 34068 | 761 |
| 34069 | 762 // x coordinate is mod p. Make it mod n |
| 34070 | 763 // Assume the size variables do not overflow, which should not happen |
| 34071 | 764 // in the contexts that this function will be called. |
| 34072 | 765 assert2Bsize(R.x.t); |
| 34073 | 766 BN_bin2bn(R.x.t.buffer, R.x.t.size, bnR); |
| 34074 | |
| 34075 | Family "2.0" TCG Published Page 493 |
| 34076 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 34077 | Trusted Platform Module Library Part 4: Supporting Routines |
| 34078 | |
| 34079 | 767 BN_mod(bnR, bnR, bnN, context); |
| 34080 | 768 |
| 34081 | 769 // Make sure that it is not zero; |
| 34082 | 770 if(BN_is_zero(bnR)) |
| 34083 | 771 continue; |
| 34084 | 772 |
| 34085 | 773 // Make sure that a modular inverse exists |
| 34086 | 774 // Assume the size variables do not overflow, which should not happen |
| 34087 | 775 // in the contexts that this function will be called. |
| 34088 | 776 assert2Bsize(k.t); |
| 34089 | 777 BN_bin2bn(k.t.buffer, k.t.size, bnK); |
| 34090 | 778 if( BN_mod_inverse(bnIk, bnK, bnN, context) != NULL) |
| 34091 | 779 break; |
| 34092 | 780 } |
| 34093 | 781 |
| 34094 | 782 // Set z = leftmost bits of the digest |
| 34095 | 783 // NOTE: This is implemented such that the key size needs to be |
| 34096 | 784 // an even number of bytes in length. |
| 34097 | 785 if(digest->size > curveData->n->size) |
| 34098 | 786 { |
| 34099 | 787 // Assume the size variables do not overflow, which should not happen |
| 34100 | 788 // in the contexts that this function will be called. |
| 34101 | 789 pAssert(curveData->n->size <= MAX_ECC_KEY_BYTES); |
| 34102 | 790 // digest is larger than n so truncate |
| 34103 | 791 BN_bin2bn(digest->buffer, curveData->n->size, bnZ); |
| 34104 | 792 } |
| 34105 | 793 else |
| 34106 | 794 { |
| 34107 | 795 // Assume the size variables do not overflow, which should not happen |
| 34108 | 796 // in the contexts that this function will be called. |
| 34109 | 797 pAssert(digest->size <= MAX_DIGEST_SIZE); |
| 34110 | 798 // digest is same or smaller than n so use it all |
| 34111 | 799 BN_bin2bn(digest->buffer, digest->size, bnZ); |
| 34112 | 800 } |
| 34113 | 801 |
| 34114 | 802 // Assume the size variables do not overflow, which should not happen in |
| 34115 | 803 // the contexts that this function will be called. |
| 34116 | 804 assert2Bsize(dIn->t); |
| 34117 | 805 if( bnZ == NULL |
| 34118 | 806 |
| 34119 | 807 // need the private scalar of the signing key |
| 34120 | 808 || BN_bin2bn(dIn->t.buffer, dIn->t.size, bnD) == NULL) |
| 34121 | 809 FAIL(FATAL_ERROR_INTERNAL); |
| 34122 | 810 |
| 34123 | 811 // NOTE: When the result of an operation is going to be reduced mod x |
| 34124 | 812 // any modular multiplication is done so that the intermediate values |
| 34125 | 813 // don't get too large. |
| 34126 | 814 // |
| 34127 | 815 // now have inverse of K (bnIk), z (bnZ), r (bnR), d (bnD) and n (bnN) |
| 34128 | 816 // Compute s = k^-1 (z + r*d)(mod n) |
| 34129 | 817 // first do d = r*d mod n |
| 34130 | 818 if( !BN_mod_mul(bnD, bnR, bnD, bnN, context) |
| 34131 | 819 |
| 34132 | 820 // d = z + r * d |
| 34133 | 821 || !BN_add(bnD, bnZ, bnD) |
| 34134 | 822 |
| 34135 | 823 // d = k^(-1)(z + r * d)(mod n) |
| 34136 | 824 || !BN_mod_mul(bnD, bnIk, bnD, bnN, context) |
| 34137 | 825 |
| 34138 | 826 // convert to TPM2B format |
| 34139 | 827 || !BnTo2B(&sOut->b, bnD, curveData->n->size) |
| 34140 | 828 |
| 34141 | 829 // and write the modular reduced version of r |
| 34142 | 830 // NOTE: this was deferred to reduce the number of |
| 34143 | 831 // error checks. |
| 34144 | 832 || !BnTo2B(&rOut->b, bnR, curveData->n->size)) |
| 34145 | |
| 34146 | Page 494 TCG Published Family "2.0" |
| 34147 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 34148 | Part 4: Supporting Routines Trusted Platform Module Library |
| 34149 | |
| 34150 | 833 FAIL(FATAL_ERROR_INTERNAL); |
| 34151 | 834 |
| 34152 | 835 if(!BN_is_zero(bnD)) |
| 34153 | 836 break; // signature not zero so done |
| 34154 | 837 |
| 34155 | 838 // if the signature value was zero, start over |
| 34156 | 839 } |
| 34157 | 840 |
| 34158 | 841 // Free up allocated BN values |
| 34159 | 842 BN_CTX_end(context); |
| 34160 | 843 BN_CTX_free(context); |
| 34161 | 844 return retVal; |
| 34162 | 845 } |
| 34163 | 846 #endif //% |
| 34164 | 847 #if defined TPM_ALG_ECDAA || defined TPM_ALG_ECSCHNORR //% |
| 34165 | |
| 34166 | |
| 34167 | B.13.3.2.18. EcDaa() |
| 34168 | |
| 34169 | This function is used to perform a modified Schnorr signature for ECDAA. |
| 34170 | This function performs s = k + T * d mod n where |
| 34171 | a) 'k is a random, or pseudo-random value used in the commit phase |
| 34172 | b) T is the digest to be signed, and |
| 34173 | c) d is a private key. |
| 34174 | If tIn is NULL then use tOut as T |
| 34175 | |
| 34176 | Return Value Meaning |
| 34177 | |
| 34178 | CRYPT_SUCCESS signature created |
| 34179 | |
| 34180 | 848 static CRYPT_RESULT |
| 34181 | 849 EcDaa( |
| 34182 | 850 TPM2B_ECC_PARAMETER *tOut, // OUT: T component of the signature |
| 34183 | 851 TPM2B_ECC_PARAMETER *sOut, // OUT: s component of the signature |
| 34184 | 852 TPM_ECC_CURVE curveId, // IN: the curve used in signing |
| 34185 | 853 TPM2B_ECC_PARAMETER *dIn, // IN: the private key |
| 34186 | 854 TPM2B *tIn, // IN: the value to sign |
| 34187 | 855 TPM2B_ECC_PARAMETER *kIn // IN: a random value from commit |
| 34188 | 856 ) |
| 34189 | 857 { |
| 34190 | 858 BIGNUM *bnN, *bnK, *bnT, *bnD; |
| 34191 | 859 BN_CTX *context; |
| 34192 | 860 const TPM2B *n; |
| 34193 | 861 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 34194 | 862 BOOL OK = TRUE; |
| 34195 | 863 |
| 34196 | 864 // Parameter checks |
| 34197 | 865 pAssert( sOut != NULL && dIn != NULL && tOut != NULL |
| 34198 | 866 && kIn != NULL && curveData != NULL); |
| 34199 | 867 |
| 34200 | 868 // this just saves key strokes |
| 34201 | 869 n = curveData->n; |
| 34202 | 870 |
| 34203 | 871 if(tIn != NULL) |
| 34204 | 872 Copy2B(&tOut->b, tIn); |
| 34205 | 873 |
| 34206 | 874 // The size of dIn and kIn input scalars is limited by the size of the size |
| 34207 | 875 // of a TPM2B_ECC_PARAMETER and tIn can be no larger than a digest. |
| 34208 | 876 // Make sure they are within range. |
| 34209 | 877 pAssert( (int) dIn->t.size <= MAX_ECC_KEY_BYTES |
| 34210 | 878 && (int) kIn->t.size <= MAX_ECC_KEY_BYTES |
| 34211 | |
| 34212 | |
| 34213 | Family "2.0" TCG Published Page 495 |
| 34214 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 34215 | Trusted Platform Module Library Part 4: Supporting Routines |
| 34216 | |
| 34217 | 879 && (int) tOut->t.size <= MAX_DIGEST_SIZE |
| 34218 | 880 ); |
| 34219 | 881 |
| 34220 | 882 context = BN_CTX_new(); |
| 34221 | 883 if(context == NULL) |
| 34222 | 884 FAIL(FATAL_ERROR_ALLOCATION); |
| 34223 | 885 BN_CTX_start(context); |
| 34224 | 886 bnN = BN_CTX_get(context); |
| 34225 | 887 bnK = BN_CTX_get(context); |
| 34226 | 888 bnT = BN_CTX_get(context); |
| 34227 | 889 bnD = BN_CTX_get(context); |
| 34228 | 890 |
| 34229 | 891 // Check for allocation problems |
| 34230 | 892 if(bnD == NULL) |
| 34231 | 893 FAIL(FATAL_ERROR_ALLOCATION); |
| 34232 | 894 |
| 34233 | 895 // Convert values |
| 34234 | 896 if( BN_bin2bn(n->buffer, n->size, bnN) == NULL |
| 34235 | 897 || BN_bin2bn(kIn->t.buffer, kIn->t.size, bnK) == NULL |
| 34236 | 898 || BN_bin2bn(dIn->t.buffer, dIn->t.size, bnD) == NULL |
| 34237 | 899 || BN_bin2bn(tOut->t.buffer, tOut->t.size, bnT) == NULL) |
| 34238 | 900 |
| 34239 | 901 FAIL(FATAL_ERROR_INTERNAL); |
| 34240 | 902 // Compute T = T mod n |
| 34241 | 903 OK = OK && BN_mod(bnT, bnT, bnN, context); |
| 34242 | 904 |
| 34243 | 905 // compute (s = k + T * d mod n) |
| 34244 | 906 // d = T * d mod n |
| 34245 | 907 OK = OK && BN_mod_mul(bnD, bnT, bnD, bnN, context) == 1; |
| 34246 | 908 // d = k + T * d mod n |
| 34247 | 909 OK = OK && BN_mod_add(bnD, bnK, bnD, bnN, context) == 1; |
| 34248 | 910 // s = d |
| 34249 | 911 OK = OK && BnTo2B(&sOut->b, bnD, n->size); |
| 34250 | 912 // r = T |
| 34251 | 913 OK = OK && BnTo2B(&tOut->b, bnT, n->size); |
| 34252 | 914 if(!OK) |
| 34253 | 915 FAIL(FATAL_ERROR_INTERNAL); |
| 34254 | 916 |
| 34255 | 917 // Cleanup |
| 34256 | 918 BN_CTX_end(context); |
| 34257 | 919 BN_CTX_free(context); |
| 34258 | 920 |
| 34259 | 921 return CRYPT_SUCCESS; |
| 34260 | 922 } |
| 34261 | 923 #endif //% |
| 34262 | 924 #ifdef TPM_ALG_ECSCHNORR //% |
| 34263 | |
| 34264 | |
| 34265 | B.13.3.2.19. SchnorrEcc() |
| 34266 | |
| 34267 | This function is used to perform a modified Schnorr signature. |
| 34268 | This function will generate a random value k and compute |
| 34269 | a) (xR, yR) = [k]G |
| 34270 | b) r = hash(P || xR)(mod n) |
| 34271 | c) s= k + r * ds |
| 34272 | d) return the tuple T, s |
| 34273 | |
| 34274 | |
| 34275 | |
| 34276 | |
| 34277 | Page 496 TCG Published Family "2.0" |
| 34278 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 34279 | Part 4: Supporting Routines Trusted Platform Module Library |
| 34280 | |
| 34281 | |
| 34282 | Return Value Meaning |
| 34283 | |
| 34284 | CRYPT_SUCCESS signature created |
| 34285 | CRYPT_SCHEME hashAlg can't produce zero-length digest |
| 34286 | |
| 34287 | 925 static CRYPT_RESULT |
| 34288 | 926 SchnorrEcc( |
| 34289 | 927 TPM2B_ECC_PARAMETER *rOut, // OUT: r component of the signature |
| 34290 | 928 TPM2B_ECC_PARAMETER *sOut, // OUT: s component of the signature |
| 34291 | 929 TPM_ALG_ID hashAlg, // IN: hash algorithm used |
| 34292 | 930 TPM_ECC_CURVE curveId, // IN: the curve used in signing |
| 34293 | 931 TPM2B_ECC_PARAMETER *dIn, // IN: the private key |
| 34294 | 932 TPM2B *digest, // IN: the digest to sign |
| 34295 | 933 TPM2B_ECC_PARAMETER *kIn // IN: for testing |
| 34296 | 934 ) |
| 34297 | 935 { |
| 34298 | 936 TPM2B_ECC_PARAMETER k; |
| 34299 | 937 BIGNUM *bnR, *bnN, *bnK, *bnT, *bnD; |
| 34300 | 938 BN_CTX *context; |
| 34301 | 939 const TPM2B *n; |
| 34302 | 940 EC_POINT *pR = NULL; |
| 34303 | 941 EC_GROUP *group = NULL; |
| 34304 | 942 CPRI_HASH_STATE hashState; |
| 34305 | 943 UINT16 digestSize = _cpri__GetDigestSize(hashAlg); |
| 34306 | 944 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 34307 | 945 TPM2B_TYPE(T, MAX(MAX_DIGEST_SIZE, MAX_ECC_PARAMETER_BYTES)); |
| 34308 | 946 TPM2B_T T2b; |
| 34309 | 947 BOOL OK = TRUE; |
| 34310 | 948 |
| 34311 | 949 // Parameter checks |
| 34312 | 950 |
| 34313 | 951 // Must have a place for the 'r' and 's' parts of the signature, a private |
| 34314 | 952 // key ('d') |
| 34315 | 953 pAssert( rOut != NULL && sOut != NULL && dIn != NULL |
| 34316 | 954 && digest != NULL && curveData != NULL); |
| 34317 | 955 |
| 34318 | 956 // to save key strokes |
| 34319 | 957 n = curveData->n; |
| 34320 | 958 |
| 34321 | 959 // If the digest does not produce a hash, then null the signature and return |
| 34322 | 960 // a failure. |
| 34323 | 961 if(digestSize == 0) |
| 34324 | 962 { |
| 34325 | 963 rOut->t.size = 0; |
| 34326 | 964 sOut->t.size = 0; |
| 34327 | 965 return CRYPT_SCHEME; |
| 34328 | 966 } |
| 34329 | 967 |
| 34330 | 968 // Allocate big number values |
| 34331 | 969 context = BN_CTX_new(); |
| 34332 | 970 if(context == NULL) |
| 34333 | 971 FAIL(FATAL_ERROR_ALLOCATION); |
| 34334 | 972 BN_CTX_start(context); |
| 34335 | 973 bnR = BN_CTX_get(context); |
| 34336 | 974 bnN = BN_CTX_get(context); |
| 34337 | 975 bnK = BN_CTX_get(context); |
| 34338 | 976 bnT = BN_CTX_get(context); |
| 34339 | 977 bnD = BN_CTX_get(context); |
| 34340 | 978 if( bnD == NULL |
| 34341 | 979 // initialize the group parameters |
| 34342 | 980 || (group = EccCurveInit(curveId, context)) == NULL |
| 34343 | 981 // allocate a local point |
| 34344 | 982 || (pR = EC_POINT_new(group)) == NULL |
| 34345 | 983 ) |
| 34346 | |
| 34347 | Family "2.0" TCG Published Page 497 |
| 34348 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 34349 | Trusted Platform Module Library Part 4: Supporting Routines |
| 34350 | |
| 34351 | 984 FAIL(FATAL_ERROR_ALLOCATION); |
| 34352 | 985 |
| 34353 | 986 if(BN_bin2bn(curveData->n->buffer, curveData->n->size, bnN) == NULL) |
| 34354 | 987 FAIL(FATAL_ERROR_INTERNAL); |
| 34355 | 988 |
| 34356 | 989 while(OK) |
| 34357 | 990 { |
| 34358 | 991 // a) set k to a random value such that 1 k n-1 |
| 34359 | 992 if(kIn != NULL) |
| 34360 | 993 { |
| 34361 | 994 Copy2B(&k.b, &kIn->b); // copy input k if testing |
| 34362 | 995 OK = FALSE; // not OK to loop |
| 34363 | 996 } |
| 34364 | 997 else |
| 34365 | 998 // If get a random value in the correct range |
| 34366 | 999 GetRandomPrivate(&k, n); |
| 34367 | 1000 |
| 34368 | 1001 // Convert 'k' and generate pR = ['k']G |
| 34369 | 1002 BnFrom2B(bnK, &k.b); |
| 34370 | 1003 |
| 34371 | 1004 // b) compute E (xE, yE) [k]G |
| 34372 | 1005 if(PointMul(group, pR, bnK, NULL, NULL, context) == CRYPT_NO_RESULT) |
| 34373 | 1006 // c) if E is the point at infinity, go to a) |
| 34374 | 1007 continue; |
| 34375 | 1008 |
| 34376 | 1009 // d) compute e xE (mod n) |
| 34377 | 1010 // Get the x coordinate of the point |
| 34378 | 1011 EC_POINT_get_affine_coordinates_GFp(group, pR, bnR, NULL, context); |
| 34379 | 1012 |
| 34380 | 1013 // make (mod n) |
| 34381 | 1014 BN_mod(bnR, bnR, bnN, context); |
| 34382 | 1015 |
| 34383 | 1016 // e) if e is zero, go to a) |
| 34384 | 1017 if(BN_is_zero(bnR)) |
| 34385 | 1018 continue; |
| 34386 | 1019 |
| 34387 | 1020 // Convert xR to a string (use T as a temp) |
| 34388 | 1021 BnTo2B(&T2b.b, bnR, (UINT16)(BN_num_bits(bnR)+7)/8); |
| 34389 | 1022 |
| 34390 | 1023 // f) compute r HschemeHash(P || e) (mod n) |
| 34391 | 1024 _cpri__StartHash(hashAlg, FALSE, &hashState); |
| 34392 | 1025 _cpri__UpdateHash(&hashState, digest->size, digest->buffer); |
| 34393 | 1026 _cpri__UpdateHash(&hashState, T2b.t.size, T2b.t.buffer); |
| 34394 | 1027 if(_cpri__CompleteHash(&hashState, digestSize, T2b.b.buffer) != digestSize) |
| 34395 | 1028 FAIL(FATAL_ERROR_INTERNAL); |
| 34396 | 1029 T2b.t.size = digestSize; |
| 34397 | 1030 BnFrom2B(bnT, &T2b.b); |
| 34398 | 1031 BN_div(NULL, bnT, bnT, bnN, context); |
| 34399 | 1032 BnTo2B(&rOut->b, bnT, (UINT16)BN_num_bytes(bnT)); |
| 34400 | 1033 |
| 34401 | 1034 // We have a value and we are going to exit the loop successfully |
| 34402 | 1035 OK = TRUE; |
| 34403 | 1036 break; |
| 34404 | 1037 } |
| 34405 | 1038 // Cleanup |
| 34406 | 1039 EC_POINT_free(pR); |
| 34407 | 1040 EC_GROUP_free(group); |
| 34408 | 1041 BN_CTX_end(context); |
| 34409 | 1042 BN_CTX_free(context); |
| 34410 | 1043 |
| 34411 | 1044 // If we have a value, finish the signature |
| 34412 | 1045 if(OK) |
| 34413 | 1046 return EcDaa(rOut, sOut, curveId, dIn, NULL, &k); |
| 34414 | 1047 else |
| 34415 | 1048 return CRYPT_NO_RESULT; |
| 34416 | 1049 } |
| 34417 | |
| 34418 | Page 498 TCG Published Family "2.0" |
| 34419 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 34420 | Part 4: Supporting Routines Trusted Platform Module Library |
| 34421 | |
| 34422 | 1050 #endif //% |
| 34423 | 1051 #ifdef TPM_ALG_SM2 //% |
| 34424 | 1052 #ifdef _SM2_SIGN_DEBUG //% |
| 34425 | 1053 static int |
| 34426 | 1054 cmp_bn2hex( |
| 34427 | 1055 BIGNUM *bn, // IN: big number value |
| 34428 | 1056 const char *c // IN: character string number |
| 34429 | 1057 ) |
| 34430 | 1058 { |
| 34431 | 1059 int result; |
| 34432 | 1060 BIGNUM *bnC = BN_new(); |
| 34433 | 1061 pAssert(bnC != NULL); |
| 34434 | 1062 |
| 34435 | 1063 BN_hex2bn(&bnC, c); |
| 34436 | 1064 result = BN_ucmp(bn, bnC); |
| 34437 | 1065 BN_free(bnC); |
| 34438 | 1066 return result; |
| 34439 | 1067 } |
| 34440 | 1068 static int |
| 34441 | 1069 cmp_2B2hex( |
| 34442 | 1070 TPM2B *a, // IN: TPM2B number to compare |
| 34443 | 1071 const char *c // IN: character string |
| 34444 | 1072 ) |
| 34445 | 1073 { |
| 34446 | 1074 int result; |
| 34447 | 1075 int sl = strlen(c); |
| 34448 | 1076 BIGNUM *bnA; |
| 34449 | 1077 |
| 34450 | 1078 result = (a->size * 2) - sl; |
| 34451 | 1079 if(result != 0) |
| 34452 | 1080 return result; |
| 34453 | 1081 pAssert((bnA = BN_bin2bn(a->buffer, a->size, NULL)) != NULL); |
| 34454 | 1082 result = cmp_bn2hex(bnA, c); |
| 34455 | 1083 BN_free(bnA); |
| 34456 | 1084 return result; |
| 34457 | 1085 } |
| 34458 | 1086 static void |
| 34459 | 1087 cpy_hexTo2B( |
| 34460 | 1088 TPM2B *b, // OUT: receives value |
| 34461 | 1089 const char *c // IN: source string |
| 34462 | 1090 ) |
| 34463 | 1091 { |
| 34464 | 1092 BIGNUM *bnB = BN_new(); |
| 34465 | 1093 pAssert((strlen(c) & 1) == 0); // must have an even number of digits |
| 34466 | 1094 b->size = strlen(c) / 2; |
| 34467 | 1095 BN_hex2bn(&bnB, c); |
| 34468 | 1096 pAssert(bnB != NULL); |
| 34469 | 1097 BnTo2B(b, bnB, b->size); |
| 34470 | 1098 BN_free(bnB); |
| 34471 | 1099 |
| 34472 | 1100 } |
| 34473 | 1101 #endif //% _SM2_SIGN_DEBUG |
| 34474 | |
| 34475 | |
| 34476 | B.13.3.2.20. SignSM2() |
| 34477 | |
| 34478 | This function signs a digest using the method defined in SM2 Part 2. The method in the standard will add |
| 34479 | a header to the message to be signed that is a hash of the values that define the key. This then hashed |
| 34480 | with the message to produce a digest (e) that is signed. This function signs e. |
| 34481 | |
| 34482 | |
| 34483 | |
| 34484 | |
| 34485 | Family "2.0" TCG Published Page 499 |
| 34486 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 34487 | Trusted Platform Module Library Part 4: Supporting Routines |
| 34488 | |
| 34489 | |
| 34490 | Return Value Meaning |
| 34491 | |
| 34492 | CRYPT_SUCCESS sign worked |
| 34493 | |
| 34494 | 1102 static CRYPT_RESULT |
| 34495 | 1103 SignSM2( |
| 34496 | 1104 TPM2B_ECC_PARAMETER *rOut, // OUT: r component of the signature |
| 34497 | 1105 TPM2B_ECC_PARAMETER *sOut, // OUT: s component of the signature |
| 34498 | 1106 TPM_ECC_CURVE curveId, // IN: the curve used in signing |
| 34499 | 1107 TPM2B_ECC_PARAMETER *dIn, // IN: the private key |
| 34500 | 1108 TPM2B *digest // IN: the digest to sign |
| 34501 | 1109 ) |
| 34502 | 1110 { |
| 34503 | 1111 BIGNUM *bnR; |
| 34504 | 1112 BIGNUM *bnS; |
| 34505 | 1113 BIGNUM *bnN; |
| 34506 | 1114 BIGNUM *bnK; |
| 34507 | 1115 BIGNUM *bnX1; |
| 34508 | 1116 BIGNUM *bnD; |
| 34509 | 1117 BIGNUM *bnT; // temp |
| 34510 | 1118 BIGNUM *bnE; |
| 34511 | 1119 |
| 34512 | 1120 BN_CTX *context; |
| 34513 | 1121 TPM2B_TYPE(DIGEST, MAX_DIGEST_SIZE); |
| 34514 | 1122 TPM2B_ECC_PARAMETER k; |
| 34515 | 1123 TPMS_ECC_POINT p2Br; |
| 34516 | 1124 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 34517 | 1125 |
| 34518 | 1126 pAssert(curveData != NULL); |
| 34519 | 1127 context = BN_CTX_new(); |
| 34520 | 1128 BN_CTX_start(context); |
| 34521 | 1129 bnK = BN_CTX_get(context); |
| 34522 | 1130 bnR = BN_CTX_get(context); |
| 34523 | 1131 bnS = BN_CTX_get(context); |
| 34524 | 1132 bnX1 = BN_CTX_get(context); |
| 34525 | 1133 bnN = BN_CTX_get(context); |
| 34526 | 1134 bnD = BN_CTX_get(context); |
| 34527 | 1135 bnT = BN_CTX_get(context); |
| 34528 | 1136 bnE = BN_CTX_get(context); |
| 34529 | 1137 if(bnE == NULL) |
| 34530 | 1138 FAIL(FATAL_ERROR_ALLOCATION); |
| 34531 | 1139 |
| 34532 | 1140 BnFrom2B(bnE, digest); |
| 34533 | 1141 BnFrom2B(bnN, curveData->n); |
| 34534 | 1142 BnFrom2B(bnD, &dIn->b); |
| 34535 | 1143 |
| 34536 | 1144 #ifdef _SM2_SIGN_DEBUG |
| 34537 | 1145 BN_hex2bn(&bnE, "B524F552CD82B8B028476E005C377FB19A87E6FC682D48BB5D42E3D9B9EFFE76"); |
| 34538 | 1146 BN_hex2bn(&bnD, "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263"); |
| 34539 | 1147 #endif |
| 34540 | 1148 // A3: Use random number generator to generate random number 1 <= k <= n-1; |
| 34541 | 1149 // NOTE: Ax: numbers are from the SM2 standard |
| 34542 | 1150 k.t.size = curveData->n->size; |
| 34543 | 1151 loop: |
| 34544 | 1152 { |
| 34545 | 1153 // Get a random number |
| 34546 | 1154 _cpri__GenerateRandom(k.t.size, k.t.buffer); |
| 34547 | 1155 |
| 34548 | 1156 #ifdef _SM2_SIGN_DEBUG |
| 34549 | 1157 BN_hex2bn(&bnK, "6CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F"); |
| 34550 | 1158 BnTo2B(&k.b,bnK, 32); |
| 34551 | 1159 k.t.size = 32; |
| 34552 | 1160 #endif |
| 34553 | 1161 //make sure that the number is 0 < k < n |
| 34554 | 1162 BnFrom2B(bnK, &k.b); |
| 34555 | |
| 34556 | Page 500 TCG Published Family "2.0" |
| 34557 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 34558 | Part 4: Supporting Routines Trusted Platform Module Library |
| 34559 | |
| 34560 | 1163 if( BN_ucmp(bnK, bnN) >= 0 |
| 34561 | 1164 || BN_is_zero(bnK)) |
| 34562 | 1165 goto loop; |
| 34563 | 1166 |
| 34564 | 1167 // A4: Figure out the point of elliptic curve (x1, y1)=[k]G, and according |
| 34565 | 1168 // to details specified in 4.2.7 in Part 1 of this document, transform the |
| 34566 | 1169 // data type of x1 into an integer; |
| 34567 | 1170 if( _cpri__EccPointMultiply(&p2Br, curveId, &k, NULL, NULL) |
| 34568 | 1171 == CRYPT_NO_RESULT) |
| 34569 | 1172 goto loop; |
| 34570 | 1173 |
| 34571 | 1174 BnFrom2B(bnX1, &p2Br.x.b); |
| 34572 | 1175 |
| 34573 | 1176 // A5: Figure out r = (e + x1) mod n, |
| 34574 | 1177 if(!BN_mod_add(bnR, bnE, bnX1, bnN, context)) |
| 34575 | 1178 FAIL(FATAL_ERROR_INTERNAL); |
| 34576 | 1179 #ifdef _SM2_SIGN_DEBUG |
| 34577 | 1180 pAssert(cmp_bn2hex(bnR, |
| 34578 | 1181 "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1") |
| 34579 | 1182 == 0); |
| 34580 | 1183 #endif |
| 34581 | 1184 |
| 34582 | 1185 // if r=0 or r+k=n, return to A3; |
| 34583 | 1186 if(!BN_add(bnT, bnK, bnR)) |
| 34584 | 1187 FAIL(FATAL_ERROR_INTERNAL); |
| 34585 | 1188 |
| 34586 | 1189 if(BN_is_zero(bnR) || BN_ucmp(bnT, bnN) == 0) |
| 34587 | 1190 goto loop; |
| 34588 | 1191 |
| 34589 | 1192 // A6: Figure out s = ((1 + dA)^-1 (k - r dA)) mod n, if s=0, return to A3; |
| 34590 | 1193 // compute t = (1+d)-1 |
| 34591 | 1194 BN_copy(bnT, bnD); |
| 34592 | 1195 if( !BN_add_word(bnT, 1) |
| 34593 | 1196 || !BN_mod_inverse(bnT, bnT, bnN, context) // (1 + dA)^-1 mod n |
| 34594 | 1197 ) |
| 34595 | 1198 FAIL(FATAL_ERROR_INTERNAL); |
| 34596 | 1199 #ifdef _SM2_SIGN_DEBUG |
| 34597 | 1200 pAssert(cmp_bn2hex(bnT, |
| 34598 | 1201 "79BFCF3052C80DA7B939E0C6914A18CBB2D96D8555256E83122743A7D4F5F956") |
| 34599 | 1202 == 0); |
| 34600 | 1203 #endif |
| 34601 | 1204 // compute s = t * (k - r * dA) mod n |
| 34602 | 1205 if( !BN_mod_mul(bnS, bnD, bnR, bnN, context) // (r * dA) mod n |
| 34603 | 1206 || !BN_mod_sub(bnS, bnK, bnS, bnN, context) // (k - (r * dA) mod n |
| 34604 | 1207 || !BN_mod_mul(bnS, bnT, bnS, bnN, context))// t * (k - (r * dA) mod n |
| 34605 | 1208 FAIL(FATAL_ERROR_INTERNAL); |
| 34606 | 1209 #ifdef _SM2_SIGN_DEBUG |
| 34607 | 1210 pAssert(cmp_bn2hex(bnS, |
| 34608 | 1211 "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7") |
| 34609 | 1212 == 0); |
| 34610 | 1213 #endif |
| 34611 | 1214 |
| 34612 | 1215 if(BN_is_zero(bnS)) |
| 34613 | 1216 goto loop; |
| 34614 | 1217 } |
| 34615 | 1218 |
| 34616 | 1219 // A7: According to details specified in 4.2.1 in Part 1 of this document, transform |
| 34617 | 1220 // the data type of r, s into bit strings, signature of message M is (r, s). |
| 34618 | 1221 |
| 34619 | 1222 BnTo2B(&rOut->b, bnR, curveData->n->size); |
| 34620 | 1223 BnTo2B(&sOut->b, bnS, curveData->n->size); |
| 34621 | 1224 #ifdef _SM2_SIGN_DEBUG |
| 34622 | 1225 pAssert(cmp_2B2hex(&rOut->b, |
| 34623 | 1226 "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1") |
| 34624 | 1227 == 0); |
| 34625 | 1228 pAssert(cmp_2B2hex(&sOut->b, |
| 34626 | |
| 34627 | Family "2.0" TCG Published Page 501 |
| 34628 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 34629 | Trusted Platform Module Library Part 4: Supporting Routines |
| 34630 | |
| 34631 | 1229 "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7") |
| 34632 | 1230 == 0); |
| 34633 | 1231 #endif |
| 34634 | 1232 BN_CTX_end(context); |
| 34635 | 1233 BN_CTX_free(context); |
| 34636 | 1234 return CRYPT_SUCCESS; |
| 34637 | 1235 } |
| 34638 | 1236 #endif //% TPM_ALG_SM2 |
| 34639 | |
| 34640 | |
| 34641 | B.13.3.2.21. _cpri__SignEcc() |
| 34642 | |
| 34643 | This function is the dispatch function for the various ECC-based signing schemes. |
| 34644 | |
| 34645 | Return Value Meaning |
| 34646 | |
| 34647 | CRYPT_SCHEME scheme is not supported |
| 34648 | |
| 34649 | 1237 LIB_EXPORT CRYPT_RESULT |
| 34650 | 1238 _cpri__SignEcc( |
| 34651 | 1239 TPM2B_ECC_PARAMETER *rOut, // OUT: r component of the signature |
| 34652 | 1240 TPM2B_ECC_PARAMETER *sOut, // OUT: s component of the signature |
| 34653 | 1241 TPM_ALG_ID scheme, // IN: the scheme selector |
| 34654 | 1242 TPM_ALG_ID hashAlg, // IN: the hash algorithm if need |
| 34655 | 1243 TPM_ECC_CURVE curveId, // IN: the curve used in the signature |
| 34656 | 1244 // process |
| 34657 | 1245 TPM2B_ECC_PARAMETER *dIn, // IN: the private key |
| 34658 | 1246 TPM2B *digest, // IN: the digest to sign |
| 34659 | 1247 TPM2B_ECC_PARAMETER *kIn // IN: k for input |
| 34660 | 1248 ) |
| 34661 | 1249 { |
| 34662 | 1250 switch (scheme) |
| 34663 | 1251 { |
| 34664 | 1252 case TPM_ALG_ECDSA: |
| 34665 | 1253 // SignEcdsa always works |
| 34666 | 1254 return SignEcdsa(rOut, sOut, curveId, dIn, digest); |
| 34667 | 1255 break; |
| 34668 | 1256 #ifdef TPM_ALG_ECDAA |
| 34669 | 1257 case TPM_ALG_ECDAA: |
| 34670 | 1258 if(rOut != NULL) |
| 34671 | 1259 rOut->b.size = 0; |
| 34672 | 1260 return EcDaa(rOut, sOut, curveId, dIn, digest, kIn); |
| 34673 | 1261 break; |
| 34674 | 1262 #endif |
| 34675 | 1263 #ifdef TPM_ALG_ECSCHNORR |
| 34676 | 1264 case TPM_ALG_ECSCHNORR: |
| 34677 | 1265 return SchnorrEcc(rOut, sOut, hashAlg, curveId, dIn, digest, kIn); |
| 34678 | 1266 break; |
| 34679 | 1267 #endif |
| 34680 | 1268 #ifdef TPM_ALG_SM2 |
| 34681 | 1269 case TPM_ALG_SM2: |
| 34682 | 1270 return SignSM2(rOut, sOut, curveId, dIn, digest); |
| 34683 | 1271 break; |
| 34684 | 1272 #endif |
| 34685 | 1273 default: |
| 34686 | 1274 return CRYPT_SCHEME; |
| 34687 | 1275 } |
| 34688 | 1276 } |
| 34689 | 1277 #ifdef TPM_ALG_ECDSA //% |
| 34690 | |
| 34691 | |
| 34692 | B.13.3.2.22. ValidateSignatureEcdsa() |
| 34693 | |
| 34694 | This function validates an ECDSA signature. rIn and sIn shoudl have been checked to make sure that |
| 34695 | they are not zero. |
| 34696 | |
| 34697 | Page 502 TCG Published Family "2.0" |
| 34698 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 34699 | Part 4: Supporting Routines Trusted Platform Module Library |
| 34700 | |
| 34701 | |
| 34702 | Return Value Meaning |
| 34703 | |
| 34704 | CRYPT_SUCCESS signature valid |
| 34705 | CRYPT_FAIL signature not valid |
| 34706 | |
| 34707 | 1278 static CRYPT_RESULT |
| 34708 | 1279 ValidateSignatureEcdsa( |
| 34709 | 1280 TPM2B_ECC_PARAMETER *rIn, // IN: r component of the signature |
| 34710 | 1281 TPM2B_ECC_PARAMETER *sIn, // IN: s component of the signature |
| 34711 | 1282 TPM_ECC_CURVE curveId, // IN: the curve used in the signature |
| 34712 | 1283 // process |
| 34713 | 1284 TPMS_ECC_POINT *Qin, // IN: the public point of the key |
| 34714 | 1285 TPM2B *digest // IN: the digest that was signed |
| 34715 | 1286 ) |
| 34716 | 1287 { |
| 34717 | 1288 TPM2B_ECC_PARAMETER U1; |
| 34718 | 1289 TPM2B_ECC_PARAMETER U2; |
| 34719 | 1290 TPMS_ECC_POINT R; |
| 34720 | 1291 const TPM2B *n; |
| 34721 | 1292 BN_CTX *context; |
| 34722 | 1293 EC_POINT *pQ = NULL; |
| 34723 | 1294 EC_GROUP *group = NULL; |
| 34724 | 1295 BIGNUM *bnU1; |
| 34725 | 1296 BIGNUM *bnU2; |
| 34726 | 1297 BIGNUM *bnR; |
| 34727 | 1298 BIGNUM *bnS; |
| 34728 | 1299 BIGNUM *bnW; |
| 34729 | 1300 BIGNUM *bnV; |
| 34730 | 1301 BIGNUM *bnN; |
| 34731 | 1302 BIGNUM *bnE; |
| 34732 | 1303 BIGNUM *bnGx; |
| 34733 | 1304 BIGNUM *bnGy; |
| 34734 | 1305 BIGNUM *bnQx; |
| 34735 | 1306 BIGNUM *bnQy; |
| 34736 | 1307 CRYPT_RESULT retVal = CRYPT_FAIL; |
| 34737 | 1308 int t; |
| 34738 | 1309 |
| 34739 | 1310 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 34740 | 1311 |
| 34741 | 1312 // The curve selector should have been filtered by the unmarshaling process |
| 34742 | 1313 pAssert (curveData != NULL); |
| 34743 | 1314 n = curveData->n; |
| 34744 | 1315 |
| 34745 | 1316 // 1. If r and s are not both integers in the interval [1, n - 1], output |
| 34746 | 1317 // INVALID. |
| 34747 | 1318 // rIn and sIn are known to be greater than zero (was checked by the caller). |
| 34748 | 1319 if( _math__uComp(rIn->t.size, rIn->t.buffer, n->size, n->buffer) >= 0 |
| 34749 | 1320 || _math__uComp(sIn->t.size, sIn->t.buffer, n->size, n->buffer) >= 0 |
| 34750 | 1321 ) |
| 34751 | 1322 return CRYPT_FAIL; |
| 34752 | 1323 |
| 34753 | 1324 context = BN_CTX_new(); |
| 34754 | 1325 if(context == NULL) |
| 34755 | 1326 FAIL(FATAL_ERROR_ALLOCATION); |
| 34756 | 1327 BN_CTX_start(context); |
| 34757 | 1328 bnR = BN_CTX_get(context); |
| 34758 | 1329 bnS = BN_CTX_get(context); |
| 34759 | 1330 bnN = BN_CTX_get(context); |
| 34760 | 1331 bnE = BN_CTX_get(context); |
| 34761 | 1332 bnV = BN_CTX_get(context); |
| 34762 | 1333 bnW = BN_CTX_get(context); |
| 34763 | 1334 bnGx = BN_CTX_get(context); |
| 34764 | 1335 bnGy = BN_CTX_get(context); |
| 34765 | 1336 bnQx = BN_CTX_get(context); |
| 34766 | |
| 34767 | Family "2.0" TCG Published Page 503 |
| 34768 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 34769 | Trusted Platform Module Library Part 4: Supporting Routines |
| 34770 | |
| 34771 | 1337 bnQy = BN_CTX_get(context); |
| 34772 | 1338 bnU1 = BN_CTX_get(context); |
| 34773 | 1339 bnU2 = BN_CTX_get(context); |
| 34774 | 1340 |
| 34775 | 1341 // Assume the size variables do not overflow, which should not happen in |
| 34776 | 1342 // the contexts that this function will be called. |
| 34777 | 1343 assert2Bsize(Qin->x.t); |
| 34778 | 1344 assert2Bsize(rIn->t); |
| 34779 | 1345 assert2Bsize(sIn->t); |
| 34780 | 1346 |
| 34781 | 1347 // BN_CTX_get() is sticky so only need to check the last value to know that |
| 34782 | 1348 // all worked. |
| 34783 | 1349 if( bnU2 == NULL |
| 34784 | 1350 |
| 34785 | 1351 // initialize the group parameters |
| 34786 | 1352 || (group = EccCurveInit(curveId, context)) == NULL |
| 34787 | 1353 |
| 34788 | 1354 // allocate a local point |
| 34789 | 1355 || (pQ = EC_POINT_new(group)) == NULL |
| 34790 | 1356 |
| 34791 | 1357 // use the public key values (QxIn and QyIn) to initialize Q |
| 34792 | 1358 || BN_bin2bn(Qin->x.t.buffer, Qin->x.t.size, bnQx) == NULL |
| 34793 | 1359 || BN_bin2bn(Qin->x.t.buffer, Qin->x.t.size, bnQy) == NULL |
| 34794 | 1360 || !EC_POINT_set_affine_coordinates_GFp(group, pQ, bnQx, bnQy, context) |
| 34795 | 1361 |
| 34796 | 1362 // convert the signature values |
| 34797 | 1363 || BN_bin2bn(rIn->t.buffer, rIn->t.size, bnR) == NULL |
| 34798 | 1364 || BN_bin2bn(sIn->t.buffer, sIn->t.size, bnS) == NULL |
| 34799 | 1365 |
| 34800 | 1366 // convert the curve order |
| 34801 | 1367 || BN_bin2bn(curveData->n->buffer, curveData->n->size, bnN) == NULL) |
| 34802 | 1368 FAIL(FATAL_ERROR_INTERNAL); |
| 34803 | 1369 |
| 34804 | 1370 // 2. Use the selected hash function to compute H0 = Hash(M0). |
| 34805 | 1371 // This is an input parameter |
| 34806 | 1372 |
| 34807 | 1373 // 3. Convert the bit string H0 to an integer e as described in Appendix B.2. |
| 34808 | 1374 t = (digest->size > rIn->t.size) ? rIn->t.size : digest->size; |
| 34809 | 1375 if(BN_bin2bn(digest->buffer, t, bnE) == NULL) |
| 34810 | 1376 FAIL(FATAL_ERROR_INTERNAL); |
| 34811 | 1377 |
| 34812 | 1378 // 4. Compute w = (s')^-1 mod n, using the routine in Appendix B.1. |
| 34813 | 1379 if (BN_mod_inverse(bnW, bnS, bnN, context) == NULL) |
| 34814 | 1380 FAIL(FATAL_ERROR_INTERNAL); |
| 34815 | 1381 |
| 34816 | 1382 // 5. Compute u1 = (e' * w) mod n, and compute u2 = (r' * w) mod n. |
| 34817 | 1383 if( !BN_mod_mul(bnU1, bnE, bnW, bnN, context) |
| 34818 | 1384 || !BN_mod_mul(bnU2, bnR, bnW, bnN, context)) |
| 34819 | 1385 FAIL(FATAL_ERROR_INTERNAL); |
| 34820 | 1386 |
| 34821 | 1387 BnTo2B(&U1.b, bnU1, (INT16) BN_num_bytes(bnU1)); |
| 34822 | 1388 BnTo2B(&U2.b, bnU2, (INT16) BN_num_bytes(bnU2)); |
| 34823 | 1389 |
| 34824 | 1390 // 6. Compute the elliptic curve point R = (xR, yR) = u1G+u2Q, using EC |
| 34825 | 1391 // scalar multiplication and EC addition (see [Routines]). If R is equal to |
| 34826 | 1392 // the point at infinity O, output INVALID. |
| 34827 | 1393 if(_cpri__EccPointMultiply(&R, curveId, &U1, Qin, &U2) == CRYPT_SUCCESS) |
| 34828 | 1394 { |
| 34829 | 1395 // 7. Compute v = Rx mod n. |
| 34830 | 1396 if( BN_bin2bn(R.x.t.buffer, R.x.t.size, bnV) == NULL |
| 34831 | 1397 || !BN_mod(bnV, bnV, bnN, context)) |
| 34832 | 1398 FAIL(FATAL_ERROR_INTERNAL); |
| 34833 | 1399 |
| 34834 | 1400 // 8. Compare v and r0. If v = r0, output VALID; otherwise, output INVALID |
| 34835 | 1401 if(BN_cmp(bnV, bnR) == 0) |
| 34836 | 1402 retVal = CRYPT_SUCCESS; |
| 34837 | |
| 34838 | Page 504 TCG Published Family "2.0" |
| 34839 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 34840 | Part 4: Supporting Routines Trusted Platform Module Library |
| 34841 | |
| 34842 | 1403 } |
| 34843 | 1404 |
| 34844 | 1405 if(pQ != NULL) EC_POINT_free(pQ); |
| 34845 | 1406 if(group != NULL) EC_GROUP_free(group); |
| 34846 | 1407 BN_CTX_end(context); |
| 34847 | 1408 BN_CTX_free(context); |
| 34848 | 1409 |
| 34849 | 1410 return retVal; |
| 34850 | 1411 } |
| 34851 | 1412 #endif //% TPM_ALG_ECDSA |
| 34852 | 1413 #ifdef TPM_ALG_ECSCHNORR //% |
| 34853 | |
| 34854 | |
| 34855 | B.13.3.2.23. ValidateSignatureEcSchnorr() |
| 34856 | |
| 34857 | This function is used to validate an EC Schnorr signature. rIn and sIn are required to be greater than |
| 34858 | zero. This is checked in _cpri__ValidateSignatureEcc(). |
| 34859 | |
| 34860 | Return Value Meaning |
| 34861 | |
| 34862 | CRYPT_SUCCESS signature valid |
| 34863 | CRYPT_FAIL signature not valid |
| 34864 | CRYPT_SCHEME hashAlg is not supported |
| 34865 | |
| 34866 | 1414 static CRYPT_RESULT |
| 34867 | 1415 ValidateSignatureEcSchnorr( |
| 34868 | 1416 TPM2B_ECC_PARAMETER *rIn, // IN: r component of the signature |
| 34869 | 1417 TPM2B_ECC_PARAMETER *sIn, // IN: s component of the signature |
| 34870 | 1418 TPM_ALG_ID hashAlg, // IN: hash algorithm of the signature |
| 34871 | 1419 TPM_ECC_CURVE curveId, // IN: the curve used in the signature |
| 34872 | 1420 // process |
| 34873 | 1421 TPMS_ECC_POINT *Qin, // IN: the public point of the key |
| 34874 | 1422 TPM2B *digest // IN: the digest that was signed |
| 34875 | 1423 ) |
| 34876 | 1424 { |
| 34877 | 1425 TPMS_ECC_POINT pE; |
| 34878 | 1426 const TPM2B *n; |
| 34879 | 1427 CPRI_HASH_STATE hashState; |
| 34880 | 1428 TPM2B_DIGEST rPrime; |
| 34881 | 1429 TPM2B_ECC_PARAMETER minusR; |
| 34882 | 1430 UINT16 digestSize = _cpri__GetDigestSize(hashAlg); |
| 34883 | 1431 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 34884 | 1432 |
| 34885 | 1433 // The curve parameter should have been filtered by unmarshaling code |
| 34886 | 1434 pAssert(curveData != NULL); |
| 34887 | 1435 |
| 34888 | 1436 if(digestSize == 0) |
| 34889 | 1437 return CRYPT_SCHEME; |
| 34890 | 1438 |
| 34891 | 1439 // Input parameter validation |
| 34892 | 1440 pAssert(rIn != NULL && sIn != NULL && Qin != NULL && digest != NULL); |
| 34893 | 1441 |
| 34894 | 1442 n = curveData->n; |
| 34895 | 1443 |
| 34896 | 1444 // if sIn or rIn are not between 1 and N-1, signature check fails |
| 34897 | 1445 // sIn and rIn were verified to be non-zero by the caller |
| 34898 | 1446 if( _math__uComp(sIn->b.size, sIn->b.buffer, n->size, n->buffer) >= 0 |
| 34899 | 1447 || _math__uComp(rIn->b.size, rIn->b.buffer, n->size, n->buffer) >= 0 |
| 34900 | 1448 ) |
| 34901 | 1449 return CRYPT_FAIL; |
| 34902 | 1450 |
| 34903 | 1451 //E = [s]InG - [r]InQ |
| 34904 | 1452 _math__sub(n->size, n->buffer, |
| 34905 | 1453 rIn->t.size, rIn->t.buffer, |
| 34906 | |
| 34907 | Family "2.0" TCG Published Page 505 |
| 34908 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 34909 | Trusted Platform Module Library Part 4: Supporting Routines |
| 34910 | |
| 34911 | 1454 &minusR.t.size, minusR.t.buffer); |
| 34912 | 1455 if(_cpri__EccPointMultiply(&pE, curveId, sIn, Qin, &minusR) != CRYPT_SUCCESS) |
| 34913 | 1456 return CRYPT_FAIL; |
| 34914 | 1457 |
| 34915 | 1458 // Ex = Ex mod N |
| 34916 | 1459 if(Mod2B(&pE.x.b, n) != CRYPT_SUCCESS) |
| 34917 | 1460 FAIL(FATAL_ERROR_INTERNAL); |
| 34918 | 1461 |
| 34919 | 1462 _math__Normalize2B(&pE.x.b); |
| 34920 | 1463 |
| 34921 | 1464 // rPrime = h(digest || pE.x) mod n; |
| 34922 | 1465 _cpri__StartHash(hashAlg, FALSE, &hashState); |
| 34923 | 1466 _cpri__UpdateHash(&hashState, digest->size, digest->buffer); |
| 34924 | 1467 _cpri__UpdateHash(&hashState, pE.x.t.size, pE.x.t.buffer); |
| 34925 | 1468 if(_cpri__CompleteHash(&hashState, digestSize, rPrime.t.buffer) != digestSize) |
| 34926 | 1469 FAIL(FATAL_ERROR_INTERNAL); |
| 34927 | 1470 |
| 34928 | 1471 rPrime.t.size = digestSize; |
| 34929 | 1472 |
| 34930 | 1473 // rPrime = rPrime (mod n) |
| 34931 | 1474 if(Mod2B(&rPrime.b, n) != CRYPT_SUCCESS) |
| 34932 | 1475 FAIL(FATAL_ERROR_INTERNAL); |
| 34933 | 1476 |
| 34934 | 1477 // if the values don't match, then the signature is bad |
| 34935 | 1478 if(_math__uComp(rIn->t.size, rIn->t.buffer, |
| 34936 | 1479 rPrime.t.size, rPrime.t.buffer) != 0) |
| 34937 | 1480 return CRYPT_FAIL; |
| 34938 | 1481 else |
| 34939 | 1482 return CRYPT_SUCCESS; |
| 34940 | 1483 } |
| 34941 | 1484 #endif //% TPM_ALG_ECSCHNORR |
| 34942 | 1485 #ifdef TPM_ALG_SM2 //% |
| 34943 | |
| 34944 | |
| 34945 | B.13.3.2.24. ValidateSignatueSM2Dsa() |
| 34946 | |
| 34947 | This function is used to validate an SM2 signature. |
| 34948 | |
| 34949 | Return Value Meaning |
| 34950 | |
| 34951 | CRYPT_SUCCESS signature valid |
| 34952 | CRYPT_FAIL signature not valid |
| 34953 | |
| 34954 | 1486 static CRYPT_RESULT |
| 34955 | 1487 ValidateSignatureSM2Dsa( |
| 34956 | 1488 TPM2B_ECC_PARAMETER *rIn, // IN: r component of the signature |
| 34957 | 1489 TPM2B_ECC_PARAMETER *sIn, // IN: s component of the signature |
| 34958 | 1490 TPM_ECC_CURVE curveId, // IN: the curve used in the signature |
| 34959 | 1491 // process |
| 34960 | 1492 TPMS_ECC_POINT *Qin, // IN: the public point of the key |
| 34961 | 1493 TPM2B *digest // IN: the digest that was signed |
| 34962 | 1494 ) |
| 34963 | 1495 { |
| 34964 | 1496 BIGNUM *bnR; |
| 34965 | 1497 BIGNUM *bnRp; |
| 34966 | 1498 BIGNUM *bnT; |
| 34967 | 1499 BIGNUM *bnS; |
| 34968 | 1500 BIGNUM *bnE; |
| 34969 | 1501 EC_POINT *pQ; |
| 34970 | 1502 BN_CTX *context; |
| 34971 | 1503 EC_GROUP *group = NULL; |
| 34972 | 1504 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 34973 | 1505 BOOL fail = FALSE; |
| 34974 | 1506 |
| 34975 | |
| 34976 | |
| 34977 | Page 506 TCG Published Family "2.0" |
| 34978 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 34979 | Part 4: Supporting Routines Trusted Platform Module Library |
| 34980 | |
| 34981 | 1507 if((context = BN_CTX_new()) == NULL || curveData == NULL) |
| 34982 | 1508 FAIL(FATAL_ERROR_INTERNAL); |
| 34983 | 1509 bnR = BN_CTX_get(context); |
| 34984 | 1510 bnRp= BN_CTX_get(context); |
| 34985 | 1511 bnE = BN_CTX_get(context); |
| 34986 | 1512 bnT = BN_CTX_get(context); |
| 34987 | 1513 bnS = BN_CTX_get(context); |
| 34988 | 1514 if( bnS == NULL |
| 34989 | 1515 || (group = EccCurveInit(curveId, context)) == NULL) |
| 34990 | 1516 FAIL(FATAL_ERROR_INTERNAL); |
| 34991 | 1517 |
| 34992 | 1518 #ifdef _SM2_SIGN_DEBUG |
| 34993 | 1519 cpy_hexTo2B(&Qin->x.b, |
| 34994 | 1520 "0AE4C7798AA0F119471BEE11825BE46202BB79E2A5844495E97C04FF4DF2548A"); |
| 34995 | 1521 cpy_hexTo2B(&Qin->y.b, |
| 34996 | 1522 "7C0240F88F1CD4E16352A73C17B7F16F07353E53A176D684A9FE0C6BB798E857"); |
| 34997 | 1523 cpy_hexTo2B(digest, |
| 34998 | 1524 "B524F552CD82B8B028476E005C377FB19A87E6FC682D48BB5D42E3D9B9EFFE76"); |
| 34999 | 1525 #endif |
| 35000 | 1526 pQ = EccInitPoint2B(group, Qin, context); |
| 35001 | 1527 |
| 35002 | 1528 #ifdef _SM2_SIGN_DEBUG |
| 35003 | 1529 pAssert(EC_POINT_get_affine_coordinates_GFp(group, pQ, bnT, bnS, context)); |
| 35004 | 1530 pAssert(cmp_bn2hex(bnT, |
| 35005 | 1531 "0AE4C7798AA0F119471BEE11825BE46202BB79E2A5844495E97C04FF4DF2548A") |
| 35006 | 1532 == 0); |
| 35007 | 1533 pAssert(cmp_bn2hex(bnS, |
| 35008 | 1534 "7C0240F88F1CD4E16352A73C17B7F16F07353E53A176D684A9FE0C6BB798E857") |
| 35009 | 1535 == 0); |
| 35010 | 1536 #endif |
| 35011 | 1537 |
| 35012 | 1538 BnFrom2B(bnR, &rIn->b); |
| 35013 | 1539 BnFrom2B(bnS, &sIn->b); |
| 35014 | 1540 BnFrom2B(bnE, digest); |
| 35015 | 1541 |
| 35016 | 1542 #ifdef _SM2_SIGN_DEBUG |
| 35017 | 1543 // Make sure that the input signature is the test signature |
| 35018 | 1544 pAssert(cmp_2B2hex(&rIn->b, |
| 35019 | 1545 "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1") == 0); |
| 35020 | 1546 pAssert(cmp_2B2hex(&sIn->b, |
| 35021 | 1547 "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7") == 0); |
| 35022 | 1548 #endif |
| 35023 | 1549 |
| 35024 | 1550 // a) verify that r and s are in the inclusive interval 1 to (n 1) |
| 35025 | 1551 fail = (BN_ucmp(bnR, &group->order) >= 0); |
| 35026 | 1552 |
| 35027 | 1553 fail = (BN_ucmp(bnS, &group->order) >= 0) || fail; |
| 35028 | 1554 if(fail) |
| 35029 | 1555 // There is no reason to continue. Since r and s are inputs from the caller, |
| 35030 | 1556 // they can know that the values are not in the proper range. So, exiting here |
| 35031 | 1557 // does not disclose any information. |
| 35032 | 1558 goto Cleanup; |
| 35033 | 1559 |
| 35034 | 1560 // b) compute t := (r + s) mod n |
| 35035 | 1561 if(!BN_mod_add(bnT, bnR, bnS, &group->order, context)) |
| 35036 | 1562 FAIL(FATAL_ERROR_INTERNAL); |
| 35037 | 1563 #ifdef _SM2_SIGN_DEBUG |
| 35038 | 1564 pAssert(cmp_bn2hex(bnT, |
| 35039 | 1565 "2B75F07ED7ECE7CCC1C8986B991F441AD324D6D619FE06DD63ED32E0C997C801") |
| 35040 | 1566 == 0); |
| 35041 | 1567 #endif |
| 35042 | 1568 |
| 35043 | 1569 // c) verify that t > 0 |
| 35044 | 1570 if(BN_is_zero(bnT)) { |
| 35045 | 1571 fail = TRUE; |
| 35046 | 1572 // set to a value that should allow rest of the computations to run without |
| 35047 | |
| 35048 | Family "2.0" TCG Published Page 507 |
| 35049 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 35050 | Trusted Platform Module Library Part 4: Supporting Routines |
| 35051 | |
| 35052 | 1573 // trouble |
| 35053 | 1574 BN_copy(bnT, bnS); |
| 35054 | 1575 } |
| 35055 | 1576 // d) compute (x, y) := [s]G + [t]Q |
| 35056 | 1577 if(!EC_POINT_mul(group, pQ, bnS, pQ, bnT, context)) |
| 35057 | 1578 FAIL(FATAL_ERROR_INTERNAL); |
| 35058 | 1579 // Get the x coordinate of the point |
| 35059 | 1580 if(!EC_POINT_get_affine_coordinates_GFp(group, pQ, bnT, NULL, context)) |
| 35060 | 1581 FAIL(FATAL_ERROR_INTERNAL); |
| 35061 | 1582 |
| 35062 | 1583 #ifdef _SM2_SIGN_DEBUG |
| 35063 | 1584 pAssert(cmp_bn2hex(bnT, |
| 35064 | 1585 "110FCDA57615705D5E7B9324AC4B856D23E6D9188B2AE47759514657CE25D112") |
| 35065 | 1586 == 0); |
| 35066 | 1587 #endif |
| 35067 | 1588 |
| 35068 | 1589 // e) compute r' := (e + x) mod n (the x coordinate is in bnT) |
| 35069 | 1590 if(!BN_mod_add(bnRp, bnE, bnT, &group->order, context)) |
| 35070 | 1591 FAIL(FATAL_ERROR_INTERNAL); |
| 35071 | 1592 |
| 35072 | 1593 // f) verify that r' = r |
| 35073 | 1594 fail = BN_ucmp(bnR, bnRp) != 0 || fail; |
| 35074 | 1595 |
| 35075 | 1596 Cleanup: |
| 35076 | 1597 if(pQ) EC_POINT_free(pQ); |
| 35077 | 1598 if(group) EC_GROUP_free(group); |
| 35078 | 1599 BN_CTX_end(context); |
| 35079 | 1600 BN_CTX_free(context); |
| 35080 | 1601 |
| 35081 | 1602 if(fail) |
| 35082 | 1603 return CRYPT_FAIL; |
| 35083 | 1604 else |
| 35084 | 1605 return CRYPT_SUCCESS; |
| 35085 | 1606 } |
| 35086 | 1607 #endif //% TPM_ALG_SM2 |
| 35087 | |
| 35088 | |
| 35089 | B.13.3.2.25. _cpri__ValidateSignatureEcc() |
| 35090 | |
| 35091 | This function validates |
| 35092 | |
| 35093 | Return Value Meaning |
| 35094 | |
| 35095 | CRYPT_SUCCESS signature is valid |
| 35096 | CRYPT_FAIL not a valid signature |
| 35097 | CRYPT_SCHEME unsupported scheme |
| 35098 | |
| 35099 | 1608 LIB_EXPORT CRYPT_RESULT |
| 35100 | 1609 _cpri__ValidateSignatureEcc( |
| 35101 | 1610 TPM2B_ECC_PARAMETER *rIn, // IN: r component of the signature |
| 35102 | 1611 TPM2B_ECC_PARAMETER *sIn, // IN: s component of the signature |
| 35103 | 1612 TPM_ALG_ID scheme, // IN: the scheme selector |
| 35104 | 1613 TPM_ALG_ID hashAlg, // IN: the hash algorithm used (not used |
| 35105 | 1614 // in all schemes) |
| 35106 | 1615 TPM_ECC_CURVE curveId, // IN: the curve used in the signature |
| 35107 | 1616 // process |
| 35108 | 1617 TPMS_ECC_POINT *Qin, // IN: the public point of the key |
| 35109 | 1618 TPM2B *digest // IN: the digest that was signed |
| 35110 | 1619 ) |
| 35111 | 1620 { |
| 35112 | 1621 CRYPT_RESULT retVal; |
| 35113 | 1622 |
| 35114 | 1623 // return failure if either part of the signature is zero |
| 35115 | 1624 if(_math__Normalize2B(&rIn->b) == 0 || _math__Normalize2B(&sIn->b) == 0) |
| 35116 | |
| 35117 | Page 508 TCG Published Family "2.0" |
| 35118 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 35119 | Part 4: Supporting Routines Trusted Platform Module Library |
| 35120 | |
| 35121 | 1625 return CRYPT_FAIL; |
| 35122 | 1626 |
| 35123 | 1627 switch (scheme) |
| 35124 | 1628 { |
| 35125 | 1629 case TPM_ALG_ECDSA: |
| 35126 | 1630 retVal = ValidateSignatureEcdsa(rIn, sIn, curveId, Qin, digest); |
| 35127 | 1631 break; |
| 35128 | 1632 |
| 35129 | 1633 #ifdef TPM_ALG_ECSCHNORR |
| 35130 | 1634 case TPM_ALG_ECSCHNORR: |
| 35131 | 1635 retVal = ValidateSignatureEcSchnorr(rIn, sIn, hashAlg, curveId, Qin, |
| 35132 | 1636 digest); |
| 35133 | 1637 break; |
| 35134 | 1638 #endif |
| 35135 | 1639 |
| 35136 | 1640 #ifdef TPM_ALG_SM2 |
| 35137 | 1641 case TPM_ALG_SM2: |
| 35138 | 1642 retVal = ValidateSignatureSM2Dsa(rIn, sIn, curveId, Qin, digest); |
| 35139 | 1643 #endif |
| 35140 | 1644 default: |
| 35141 | 1645 retVal = CRYPT_SCHEME; |
| 35142 | 1646 break; |
| 35143 | 1647 } |
| 35144 | 1648 return retVal; |
| 35145 | 1649 } |
| 35146 | 1650 #if CC_ZGen_2Phase == YES //% |
| 35147 | 1651 #ifdef TPM_ALG_ECMQV |
| 35148 | |
| 35149 | |
| 35150 | B.13.3.2.26. avf1() |
| 35151 | |
| 35152 | This function does the associated value computation required by MQV key exchange. Process: |
| 35153 | a) Convert xQ to an integer xqi using the convention specified in Appendix C.3. |
| 35154 | b) Calculate xqm = xqi mod 2^ceil(f/2) (where f = ceil(log2(n)). |
| 35155 | c) Calculate the associate value function avf(Q) = xqm + 2ceil(f / 2) |
| 35156 | |
| 35157 | 1652 static BOOL |
| 35158 | 1653 avf1( |
| 35159 | 1654 BIGNUM *bnX, // IN/OUT: the reduced value |
| 35160 | 1655 BIGNUM *bnN // IN: the order of the curve |
| 35161 | 1656 ) |
| 35162 | 1657 { |
| 35163 | 1658 // compute f = 2^(ceil(ceil(log2(n)) / 2)) |
| 35164 | 1659 int f = (BN_num_bits(bnN) + 1) / 2; |
| 35165 | 1660 // x' = 2^f + (x mod 2^f) |
| 35166 | 1661 BN_mask_bits(bnX, f); // This is mod 2*2^f but it doesn't matter because |
| 35167 | 1662 // the next operation will SET the extra bit anyway |
| 35168 | 1663 BN_set_bit(bnX, f); |
| 35169 | 1664 return TRUE; |
| 35170 | 1665 } |
| 35171 | |
| 35172 | |
| 35173 | B.13.3.2.27. C_2_2_MQV() |
| 35174 | |
| 35175 | This function performs the key exchange defined in SP800-56A 6.1.1.4 Full MQV, C(2, 2, ECC MQV). |
| 35176 | CAUTION: Implementation of this function may require use of essential claims in patents not owned by |
| 35177 | TCG members. |
| 35178 | Points QsB() and QeB() are required to be on the curve of inQsA. The function will fail, possibly |
| 35179 | catastrophically, if this is not the case. |
| 35180 | |
| 35181 | |
| 35182 | |
| 35183 | Family "2.0" TCG Published Page 509 |
| 35184 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 35185 | Trusted Platform Module Library Part 4: Supporting Routines |
| 35186 | |
| 35187 | |
| 35188 | Return Value Meaning |
| 35189 | |
| 35190 | CRYPT_SUCCESS results is valid |
| 35191 | CRYPT_NO_RESULT the value for dsA does not give a valid point on the curve |
| 35192 | |
| 35193 | 1666 static CRYPT_RESULT |
| 35194 | 1667 C_2_2_MQV( |
| 35195 | 1668 TPMS_ECC_POINT *outZ, // OUT: the computed point |
| 35196 | 1669 TPM_ECC_CURVE curveId, // IN: the curve for the computations |
| 35197 | 1670 TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key |
| 35198 | 1671 TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key |
| 35199 | 1672 TPMS_ECC_POINT *QsB, // IN: static public party B key |
| 35200 | 1673 TPMS_ECC_POINT *QeB // IN: ephemeral public party B key |
| 35201 | 1674 ) |
| 35202 | 1675 { |
| 35203 | 1676 BN_CTX *context; |
| 35204 | 1677 EC_POINT *pQeA = NULL; |
| 35205 | 1678 EC_POINT *pQeB = NULL; |
| 35206 | 1679 EC_POINT *pQsB = NULL; |
| 35207 | 1680 EC_GROUP *group = NULL; |
| 35208 | 1681 BIGNUM *bnTa; |
| 35209 | 1682 BIGNUM *bnDeA; |
| 35210 | 1683 BIGNUM *bnDsA; |
| 35211 | 1684 BIGNUM *bnXeA; // x coordinate of ephemeral party A key |
| 35212 | 1685 BIGNUM *bnH; |
| 35213 | 1686 BIGNUM *bnN; |
| 35214 | 1687 BIGNUM *bnXeB; |
| 35215 | 1688 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 35216 | 1689 CRYPT_RESULT retVal; |
| 35217 | 1690 |
| 35218 | 1691 pAssert( curveData != NULL && outZ != NULL && dsA != NULL |
| 35219 | 1692 && deA != NULL && QsB != NULL && QeB != NULL); |
| 35220 | 1693 |
| 35221 | 1694 context = BN_CTX_new(); |
| 35222 | 1695 if(context == NULL || curveData == NULL) |
| 35223 | 1696 FAIL(FATAL_ERROR_ALLOCATION); |
| 35224 | 1697 BN_CTX_start(context); |
| 35225 | 1698 bnTa = BN_CTX_get(context); |
| 35226 | 1699 bnDeA = BN_CTX_get(context); |
| 35227 | 1700 bnDsA = BN_CTX_get(context); |
| 35228 | 1701 bnXeA = BN_CTX_get(context); |
| 35229 | 1702 bnH = BN_CTX_get(context); |
| 35230 | 1703 bnN = BN_CTX_get(context); |
| 35231 | 1704 bnXeB = BN_CTX_get(context); |
| 35232 | 1705 if(bnXeB == NULL) |
| 35233 | 1706 FAIL(FATAL_ERROR_ALLOCATION); |
| 35234 | 1707 |
| 35235 | 1708 // Process: |
| 35236 | 1709 // 1. implicitsigA = (de,A + avf(Qe,A)ds,A ) mod n. |
| 35237 | 1710 // 2. P = h(implicitsigA)(Qe,B + avf(Qe,B)Qs,B). |
| 35238 | 1711 // 3. If P = O, output an error indicator. |
| 35239 | 1712 // 4. Z=xP, where xP is the x-coordinate of P. |
| 35240 | 1713 |
| 35241 | 1714 // Initialize group parameters and local values of input |
| 35242 | 1715 if((group = EccCurveInit(curveId, context)) == NULL) |
| 35243 | 1716 FAIL(FATAL_ERROR_INTERNAL); |
| 35244 | 1717 |
| 35245 | 1718 if((pQeA = EC_POINT_new(group)) == NULL) |
| 35246 | 1719 FAIL(FATAL_ERROR_ALLOCATION); |
| 35247 | 1720 |
| 35248 | 1721 BnFrom2B(bnDeA, &deA->b); |
| 35249 | 1722 BnFrom2B(bnDsA, &dsA->b); |
| 35250 | 1723 BnFrom2B(bnH, curveData->h); |
| 35251 | 1724 BnFrom2B(bnN, curveData->n); |
| 35252 | |
| 35253 | Page 510 TCG Published Family "2.0" |
| 35254 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 35255 | Part 4: Supporting Routines Trusted Platform Module Library |
| 35256 | |
| 35257 | 1725 BnFrom2B(bnXeB, &QeB->x.b); |
| 35258 | 1726 pQeB = EccInitPoint2B(group, QeB, context); |
| 35259 | 1727 pQsB = EccInitPoint2B(group, QsB, context); |
| 35260 | 1728 |
| 35261 | 1729 // Compute the public ephemeral key pQeA = [de,A]G |
| 35262 | 1730 if( (retVal = PointMul(group, pQeA, bnDeA, NULL, NULL, context)) |
| 35263 | 1731 != CRYPT_SUCCESS) |
| 35264 | 1732 goto Cleanup; |
| 35265 | 1733 |
| 35266 | 1734 if(EC_POINT_get_affine_coordinates_GFp(group, pQeA, bnXeA, NULL, context) != 1) |
| 35267 | 1735 FAIL(FATAL_ERROR_INTERNAL); |
| 35268 | 1736 |
| 35269 | 1737 // 1. implicitsigA = (de,A + avf(Qe,A)ds,A ) mod n. |
| 35270 | 1738 // tA := (ds,A + de,A avf(Xe,A)) mod n (3) |
| 35271 | 1739 // Compute 'tA' = ('deA' + 'dsA' avf('XeA')) mod n |
| 35272 | 1740 // Ta = avf(XeA); |
| 35273 | 1741 BN_copy(bnTa, bnXeA); |
| 35274 | 1742 avf1(bnTa, bnN); |
| 35275 | 1743 if(// do Ta = ds,A * Ta mod n = dsA * avf(XeA) mod n |
| 35276 | 1744 !BN_mod_mul(bnTa, bnDsA, bnTa, bnN, context) |
| 35277 | 1745 |
| 35278 | 1746 // now Ta = deA + Ta mod n = deA + dsA * avf(XeA) mod n |
| 35279 | 1747 || !BN_mod_add(bnTa, bnDeA, bnTa, bnN, context) |
| 35280 | 1748 ) |
| 35281 | 1749 FAIL(FATAL_ERROR_INTERNAL); |
| 35282 | 1750 |
| 35283 | 1751 // 2. P = h(implicitsigA)(Qe,B + avf(Qe,B)Qs,B). |
| 35284 | 1752 // Put this in because almost every case of h is == 1 so skip the call when |
| 35285 | 1753 // not necessary. |
| 35286 | 1754 if(!BN_is_one(bnH)) |
| 35287 | 1755 { |
| 35288 | 1756 // Cofactor is not 1 so compute Ta := Ta * h mod n |
| 35289 | 1757 if(!BN_mul(bnTa, bnTa, bnH, context)) |
| 35290 | 1758 FAIL(FATAL_ERROR_INTERNAL); |
| 35291 | 1759 } |
| 35292 | 1760 |
| 35293 | 1761 // Now that 'tA' is (h * 'tA' mod n) |
| 35294 | 1762 // 'outZ' = (tA)(Qe,B + avf(Qe,B)Qs,B). |
| 35295 | 1763 |
| 35296 | 1764 // first, compute XeB = avf(XeB) |
| 35297 | 1765 avf1(bnXeB, bnN); |
| 35298 | 1766 |
| 35299 | 1767 // QsB := [XeB]QsB |
| 35300 | 1768 if( !EC_POINT_mul(group, pQsB, NULL, pQsB, bnXeB, context) |
| 35301 | 1769 |
| 35302 | 1770 // QeB := QsB + QeB |
| 35303 | 1771 || !EC_POINT_add(group, pQeB, pQeB, pQsB, context) |
| 35304 | 1772 ) |
| 35305 | 1773 FAIL(FATAL_ERROR_INTERNAL); |
| 35306 | 1774 |
| 35307 | 1775 // QeB := [tA]QeB = [tA](QsB + [Xe,B]QeB) and check for at infinity |
| 35308 | 1776 if(PointMul(group, pQeB, NULL, pQeB, bnTa, context) == CRYPT_SUCCESS) |
| 35309 | 1777 // Convert BIGNUM E to TPM2B E |
| 35310 | 1778 Point2B(group, outZ, pQeB, (INT16)BN_num_bytes(bnN), context); |
| 35311 | 1779 |
| 35312 | 1780 Cleanup: |
| 35313 | 1781 if(pQeA != NULL) EC_POINT_free(pQeA); |
| 35314 | 1782 if(pQeB != NULL) EC_POINT_free(pQeB); |
| 35315 | 1783 if(pQsB != NULL) EC_POINT_free(pQsB); |
| 35316 | 1784 if(group != NULL) EC_GROUP_free(group); |
| 35317 | 1785 BN_CTX_end(context); |
| 35318 | 1786 BN_CTX_free(context); |
| 35319 | 1787 |
| 35320 | 1788 return retVal; |
| 35321 | 1789 |
| 35322 | 1790 } |
| 35323 | |
| 35324 | Family "2.0" TCG Published Page 511 |
| 35325 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 35326 | Trusted Platform Module Library Part 4: Supporting Routines |
| 35327 | |
| 35328 | 1791 #endif // TPM_ALG_ECMQV |
| 35329 | 1792 #ifdef TPM_ALG_SM2 //% |
| 35330 | |
| 35331 | |
| 35332 | B.13.3.2.28. avfSm2() |
| 35333 | |
| 35334 | This function does the associated value computation required by SM2 key exchange. This is different |
| 35335 | form the avf() in the international standards because it returns a value that is half the size of the value |
| 35336 | returned by the standard avf. For example, if n is 15, Ws (w in the standard) is 2 but the W here is 1. This |
| 35337 | means that an input value of 14 (1110b) would return a value of 110b with the standard but 10b with the |
| 35338 | scheme in SM2. |
| 35339 | |
| 35340 | 1793 static BOOL |
| 35341 | 1794 avfSm2( |
| 35342 | 1795 BIGNUM *bnX, // IN/OUT: the reduced value |
| 35343 | 1796 BIGNUM *bnN // IN: the order of the curve |
| 35344 | 1797 ) |
| 35345 | 1798 { |
| 35346 | 1799 // a) set w := ceil(ceil(log2(n)) / 2) - 1 |
| 35347 | 1800 int w = ((BN_num_bits(bnN) + 1) / 2) - 1; |
| 35348 | 1801 |
| 35349 | 1802 // b) set x' := 2^w + ( x & (2^w - 1)) |
| 35350 | 1803 // This is just like the avf for MQV where x' = 2^w + (x mod 2^w) |
| 35351 | 1804 BN_mask_bits(bnX, w); // as wiht avf1, this is too big by a factor of 2 but |
| 35352 | 1805 // it doesn't matter becasue we SET the extra bit anyway |
| 35353 | 1806 BN_set_bit(bnX, w); |
| 35354 | 1807 return TRUE; |
| 35355 | 1808 } |
| 35356 | |
| 35357 | SM2KeyExchange() This function performs the key exchange defined in SM2. The first step is to compute |
| 35358 | tA = (dsA + deA avf(Xe,A)) mod n Then, compute the Z value from outZ = (h tA mod n) (QsA + |
| 35359 | [avf(QeB().x)](QeB())). The function will compute the ephemeral public key from the ephemeral private |
| 35360 | key. All points are required to be on the curve of inQsA. The function will fail catastrophically if this is not |
| 35361 | the case |
| 35362 | |
| 35363 | Return Value Meaning |
| 35364 | |
| 35365 | CRYPT_SUCCESS results is valid |
| 35366 | CRYPT_NO_RESULT the value for dsA does not give a valid point on the curve |
| 35367 | |
| 35368 | 1809 static CRYPT_RESULT |
| 35369 | 1810 SM2KeyExchange( |
| 35370 | 1811 TPMS_ECC_POINT *outZ, // OUT: the computed point |
| 35371 | 1812 TPM_ECC_CURVE curveId, // IN: the curve for the computations |
| 35372 | 1813 TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key |
| 35373 | 1814 TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key |
| 35374 | 1815 TPMS_ECC_POINT *QsB, // IN: static public party B key |
| 35375 | 1816 TPMS_ECC_POINT *QeB // IN: ephemeral public party B key |
| 35376 | 1817 ) |
| 35377 | 1818 { |
| 35378 | 1819 BN_CTX *context; |
| 35379 | 1820 EC_POINT *pQeA = NULL; |
| 35380 | 1821 EC_POINT *pQeB = NULL; |
| 35381 | 1822 EC_POINT *pQsB = NULL; |
| 35382 | 1823 EC_GROUP *group = NULL; |
| 35383 | 1824 BIGNUM *bnTa; |
| 35384 | 1825 BIGNUM *bnDeA; |
| 35385 | 1826 BIGNUM *bnDsA; |
| 35386 | 1827 BIGNUM *bnXeA; // x coordinate of ephemeral party A key |
| 35387 | 1828 BIGNUM *bnH; |
| 35388 | 1829 BIGNUM *bnN; |
| 35389 | 1830 BIGNUM *bnXeB; |
| 35390 | |
| 35391 | |
| 35392 | Page 512 TCG Published Family "2.0" |
| 35393 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 35394 | Part 4: Supporting Routines Trusted Platform Module Library |
| 35395 | |
| 35396 | 1831 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 35397 | 1832 CRYPT_RESULT retVal; |
| 35398 | 1833 |
| 35399 | 1834 pAssert( curveData != NULL && outZ != NULL && dsA != NULL |
| 35400 | 1835 && deA != NULL && QsB != NULL && QeB != NULL); |
| 35401 | 1836 |
| 35402 | 1837 context = BN_CTX_new(); |
| 35403 | 1838 if(context == NULL || curveData == NULL) |
| 35404 | 1839 FAIL(FATAL_ERROR_ALLOCATION); |
| 35405 | 1840 BN_CTX_start(context); |
| 35406 | 1841 bnTa = BN_CTX_get(context); |
| 35407 | 1842 bnDeA = BN_CTX_get(context); |
| 35408 | 1843 bnDsA = BN_CTX_get(context); |
| 35409 | 1844 bnXeA = BN_CTX_get(context); |
| 35410 | 1845 bnH = BN_CTX_get(context); |
| 35411 | 1846 bnN = BN_CTX_get(context); |
| 35412 | 1847 bnXeB = BN_CTX_get(context); |
| 35413 | 1848 if(bnXeB == NULL) |
| 35414 | 1849 FAIL(FATAL_ERROR_ALLOCATION); |
| 35415 | 1850 |
| 35416 | 1851 // Initialize group parameters and local values of input |
| 35417 | 1852 if((group = EccCurveInit(curveId, context)) == NULL) |
| 35418 | 1853 FAIL(FATAL_ERROR_INTERNAL); |
| 35419 | 1854 |
| 35420 | 1855 if((pQeA = EC_POINT_new(group)) == NULL) |
| 35421 | 1856 FAIL(FATAL_ERROR_ALLOCATION); |
| 35422 | 1857 |
| 35423 | 1858 BnFrom2B(bnDeA, &deA->b); |
| 35424 | 1859 BnFrom2B(bnDsA, &dsA->b); |
| 35425 | 1860 BnFrom2B(bnH, curveData->h); |
| 35426 | 1861 BnFrom2B(bnN, curveData->n); |
| 35427 | 1862 BnFrom2B(bnXeB, &QeB->x.b); |
| 35428 | 1863 pQeB = EccInitPoint2B(group, QeB, context); |
| 35429 | 1864 pQsB = EccInitPoint2B(group, QsB, context); |
| 35430 | 1865 |
| 35431 | 1866 // Compute the public ephemeral key pQeA = [de,A]G |
| 35432 | 1867 if( (retVal = PointMul(group, pQeA, bnDeA, NULL, NULL, context)) |
| 35433 | 1868 != CRYPT_SUCCESS) |
| 35434 | 1869 goto Cleanup; |
| 35435 | 1870 |
| 35436 | 1871 if(EC_POINT_get_affine_coordinates_GFp(group, pQeA, bnXeA, NULL, context) != 1) |
| 35437 | 1872 FAIL(FATAL_ERROR_INTERNAL); |
| 35438 | 1873 |
| 35439 | 1874 // tA := (ds,A + de,A avf(Xe,A)) mod n (3) |
| 35440 | 1875 // Compute 'tA' = ('dsA' + 'deA' avf('XeA')) mod n |
| 35441 | 1876 // Ta = avf(XeA); |
| 35442 | 1877 BN_copy(bnTa, bnXeA); |
| 35443 | 1878 avfSm2(bnTa, bnN); |
| 35444 | 1879 if(// do Ta = de,A * Ta mod n = deA * avf(XeA) mod n |
| 35445 | 1880 !BN_mod_mul(bnTa, bnDeA, bnTa, bnN, context) |
| 35446 | 1881 |
| 35447 | 1882 // now Ta = dsA + Ta mod n = dsA + deA * avf(XeA) mod n |
| 35448 | 1883 || !BN_mod_add(bnTa, bnDsA, bnTa, bnN, context) |
| 35449 | 1884 ) |
| 35450 | 1885 FAIL(FATAL_ERROR_INTERNAL); |
| 35451 | 1886 |
| 35452 | 1887 // outZ ? [h tA mod n] (Qs,B + [avf(Xe,B)](Qe,B)) (4) |
| 35453 | 1888 // Put this in because almost every case of h is == 1 so skip the call when |
| 35454 | 1889 // not necessary. |
| 35455 | 1890 if(!BN_is_one(bnH)) |
| 35456 | 1891 { |
| 35457 | 1892 // Cofactor is not 1 so compute Ta := Ta * h mod n |
| 35458 | 1893 if(!BN_mul(bnTa, bnTa, bnH, context)) |
| 35459 | 1894 FAIL(FATAL_ERROR_INTERNAL); |
| 35460 | 1895 } |
| 35461 | 1896 |
| 35462 | |
| 35463 | Family "2.0" TCG Published Page 513 |
| 35464 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 35465 | Trusted Platform Module Library Part 4: Supporting Routines |
| 35466 | |
| 35467 | 1897 // Now that 'tA' is (h * 'tA' mod n) |
| 35468 | 1898 // 'outZ' = ['tA'](QsB + [avf(QeB.x)](QeB)). |
| 35469 | 1899 |
| 35470 | 1900 // first, compute XeB = avf(XeB) |
| 35471 | 1901 avfSm2(bnXeB, bnN); |
| 35472 | 1902 |
| 35473 | 1903 // QeB := [XeB]QeB |
| 35474 | 1904 if( !EC_POINT_mul(group, pQeB, NULL, pQeB, bnXeB, context) |
| 35475 | 1905 |
| 35476 | 1906 // QeB := QsB + QeB |
| 35477 | 1907 || !EC_POINT_add(group, pQeB, pQeB, pQsB, context) |
| 35478 | 1908 ) |
| 35479 | 1909 FAIL(FATAL_ERROR_INTERNAL); |
| 35480 | 1910 |
| 35481 | 1911 // QeB := [tA]QeB = [tA](QsB + [Xe,B]QeB) and check for at infinity |
| 35482 | 1912 if(PointMul(group, pQeB, NULL, pQeB, bnTa, context) == CRYPT_SUCCESS) |
| 35483 | 1913 // Convert BIGNUM E to TPM2B E |
| 35484 | 1914 Point2B(group, outZ, pQeB, (INT16)BN_num_bytes(bnN), context); |
| 35485 | 1915 |
| 35486 | 1916 Cleanup: |
| 35487 | 1917 if(pQeA != NULL) EC_POINT_free(pQeA); |
| 35488 | 1918 if(pQeB != NULL) EC_POINT_free(pQeB); |
| 35489 | 1919 if(pQsB != NULL) EC_POINT_free(pQsB); |
| 35490 | 1920 if(group != NULL) EC_GROUP_free(group); |
| 35491 | 1921 BN_CTX_end(context); |
| 35492 | 1922 BN_CTX_free(context); |
| 35493 | 1923 |
| 35494 | 1924 return retVal; |
| 35495 | 1925 |
| 35496 | 1926 } |
| 35497 | 1927 #endif //% TPM_ALG_SM2 |
| 35498 | |
| 35499 | |
| 35500 | B.13.3.2.29. C_2_2_ECDH() |
| 35501 | |
| 35502 | This function performs the two phase key exchange defined in SP800-56A, 6.1.1.2 Full Unified Model, |
| 35503 | C(2, 2, ECC CDH). |
| 35504 | |
| 35505 | 1928 static CRYPT_RESULT |
| 35506 | 1929 C_2_2_ECDH( |
| 35507 | 1930 TPMS_ECC_POINT *outZ1, // OUT: Zs |
| 35508 | 1931 TPMS_ECC_POINT *outZ2, // OUT: Ze |
| 35509 | 1932 TPM_ECC_CURVE curveId, // IN: the curve for the computations |
| 35510 | 1933 TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key |
| 35511 | 1934 TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key |
| 35512 | 1935 TPMS_ECC_POINT *QsB, // IN: static public party B key |
| 35513 | 1936 TPMS_ECC_POINT *QeB // IN: ephemeral public party B key |
| 35514 | 1937 ) |
| 35515 | 1938 { |
| 35516 | 1939 BN_CTX *context; |
| 35517 | 1940 EC_POINT *pQ = NULL; |
| 35518 | 1941 EC_GROUP *group = NULL; |
| 35519 | 1942 BIGNUM *bnD; |
| 35520 | 1943 INT16 size; |
| 35521 | 1944 const ECC_CURVE_DATA *curveData = GetCurveData(curveId); |
| 35522 | 1945 |
| 35523 | 1946 context = BN_CTX_new(); |
| 35524 | 1947 if(context == NULL || curveData == NULL) |
| 35525 | 1948 FAIL(FATAL_ERROR_ALLOCATION); |
| 35526 | 1949 BN_CTX_start(context); |
| 35527 | 1950 if((bnD = BN_CTX_get(context)) == NULL) |
| 35528 | 1951 FAIL(FATAL_ERROR_INTERNAL); |
| 35529 | 1952 |
| 35530 | 1953 // Initialize group parameters and local values of input |
| 35531 | 1954 if((group = EccCurveInit(curveId, context)) == NULL) |
| 35532 | |
| 35533 | Page 514 TCG Published Family "2.0" |
| 35534 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 35535 | Part 4: Supporting Routines Trusted Platform Module Library |
| 35536 | |
| 35537 | 1955 FAIL(FATAL_ERROR_INTERNAL); |
| 35538 | 1956 size = (INT16)BN_num_bytes(&group->order); |
| 35539 | 1957 |
| 35540 | 1958 // Get the static private key of A |
| 35541 | 1959 BnFrom2B(bnD, &dsA->b); |
| 35542 | 1960 |
| 35543 | 1961 // Initialize the static public point from B |
| 35544 | 1962 pQ = EccInitPoint2B(group, QsB, context); |
| 35545 | 1963 |
| 35546 | 1964 // Do the point multiply for the Zs value |
| 35547 | 1965 if(PointMul(group, pQ, NULL, pQ, bnD, context) != CRYPT_NO_RESULT) |
| 35548 | 1966 // Convert the Zs value |
| 35549 | 1967 Point2B(group, outZ1, pQ, size, context); |
| 35550 | 1968 |
| 35551 | 1969 // Get the ephemeral private key of A |
| 35552 | 1970 BnFrom2B(bnD, &deA->b); |
| 35553 | 1971 |
| 35554 | 1972 // Initalize the ephemeral public point from B |
| 35555 | 1973 PointFrom2B(group, pQ, QeB, context); |
| 35556 | 1974 |
| 35557 | 1975 // Do the point multiply for the Ze value |
| 35558 | 1976 if(PointMul(group, pQ, NULL, pQ, bnD, context) != CRYPT_NO_RESULT) |
| 35559 | 1977 // Convert the Ze value. |
| 35560 | 1978 Point2B(group, outZ2, pQ, size, context); |
| 35561 | 1979 |
| 35562 | 1980 if(pQ != NULL) EC_POINT_free(pQ); |
| 35563 | 1981 if(group != NULL) EC_GROUP_free(group); |
| 35564 | 1982 BN_CTX_end(context); |
| 35565 | 1983 BN_CTX_free(context); |
| 35566 | 1984 return CRYPT_SUCCESS; |
| 35567 | 1985 } |
| 35568 | |
| 35569 | |
| 35570 | B.13.3.2.30. _cpri__C_2_2_KeyExchange() |
| 35571 | |
| 35572 | This function is the dispatch routine for the EC key exchange function that use two ephemeral and two |
| 35573 | static keys. |
| 35574 | |
| 35575 | Return Value Meaning |
| 35576 | |
| 35577 | CRYPT_SCHEME scheme is not defined |
| 35578 | |
| 35579 | 1986 LIB_EXPORT CRYPT_RESULT |
| 35580 | 1987 _cpri__C_2_2_KeyExchange( |
| 35581 | 1988 TPMS_ECC_POINT *outZ1, // OUT: a computed point |
| 35582 | 1989 TPMS_ECC_POINT *outZ2, // OUT: and optional second point |
| 35583 | 1990 TPM_ECC_CURVE curveId, // IN: the curve for the computations |
| 35584 | 1991 TPM_ALG_ID scheme, // IN: the key exchange scheme |
| 35585 | 1992 TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key |
| 35586 | 1993 TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key |
| 35587 | 1994 TPMS_ECC_POINT *QsB, // IN: static public party B key |
| 35588 | 1995 TPMS_ECC_POINT *QeB // IN: ephemeral public party B key |
| 35589 | 1996 ) |
| 35590 | 1997 { |
| 35591 | 1998 pAssert( outZ1 != NULL |
| 35592 | 1999 && dsA != NULL && deA != NULL |
| 35593 | 2000 && QsB != NULL && QeB != NULL); |
| 35594 | 2001 |
| 35595 | 2002 // Initalize the output points so that they are empty until one of the |
| 35596 | 2003 // functions decides otherwise |
| 35597 | 2004 outZ1->x.b.size = 0; |
| 35598 | 2005 outZ1->y.b.size = 0; |
| 35599 | 2006 if(outZ2 != NULL) |
| 35600 | 2007 { |
| 35601 | 2008 outZ2->x.b.size = 0; |
| 35602 | |
| 35603 | Family "2.0" TCG Published Page 515 |
| 35604 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 35605 | Trusted Platform Module Library Part 4: Supporting Routines |
| 35606 | |
| 35607 | 2009 outZ2->y.b.size = 0; |
| 35608 | 2010 } |
| 35609 | 2011 |
| 35610 | 2012 switch (scheme) |
| 35611 | 2013 { |
| 35612 | 2014 case TPM_ALG_ECDH: |
| 35613 | 2015 return C_2_2_ECDH(outZ1, outZ2, curveId, dsA, deA, QsB, QeB); |
| 35614 | 2016 break; |
| 35615 | 2017 #ifdef TPM_ALG_ECMQV |
| 35616 | 2018 case TPM_ALG_ECMQV: |
| 35617 | 2019 return C_2_2_MQV(outZ1, curveId, dsA, deA, QsB, QeB); |
| 35618 | 2020 break; |
| 35619 | 2021 #endif |
| 35620 | 2022 #ifdef TPM_ALG_SM2 |
| 35621 | 2023 case TPM_ALG_SM2: |
| 35622 | 2024 return SM2KeyExchange(outZ1, curveId, dsA, deA, QsB, QeB); |
| 35623 | 2025 break; |
| 35624 | 2026 #endif |
| 35625 | 2027 default: |
| 35626 | 2028 return CRYPT_SCHEME; |
| 35627 | 2029 } |
| 35628 | 2030 } |
| 35629 | 2031 #else //% |
| 35630 | |
| 35631 | Stub used when the 2-phase key exchange is not defined so that the linker has something to associate |
| 35632 | with the value in the .def file. |
| 35633 | |
| 35634 | 2032 LIB_EXPORT CRYPT_RESULT |
| 35635 | 2033 _cpri__C_2_2_KeyExchange( |
| 35636 | 2034 void |
| 35637 | 2035 ) |
| 35638 | 2036 { |
| 35639 | 2037 return CRYPT_FAIL; |
| 35640 | 2038 } |
| 35641 | 2039 #endif //% CC_ZGen_2Phase |
| 35642 | 2040 #endif // TPM_ALG_ECC |
| 35643 | |
| 35644 | |
| 35645 | |
| 35646 | |
| 35647 | Page 516 TCG Published Family "2.0" |
| 35648 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 35649 | Part 4: Supporting Routines Trusted Platform Module Library |
| 35650 | |
| 35651 | |
| 35652 | Annex C |
| 35653 | (informative) |
| 35654 | Simulation Environment |
| 35655 | |
| 35656 | C.1 Introduction |
| 35657 | |
| 35658 | These files are used to simulate some of the implementation-dependent hardware of a TPM. These files |
| 35659 | are provided to allow creation of a simulation environment for the TPM. These files are not expected to be |
| 35660 | part of a hardware TPM implementation. |
| 35661 | |
| 35662 | C.2 Cancel.c |
| 35663 | |
| 35664 | C.2.1. Introduction |
| 35665 | |
| 35666 | This module simulates the cancel pins on the TPM. |
| 35667 | |
| 35668 | C.2.2. Includes, Typedefs, Structures, and Defines |
| 35669 | |
| 35670 | 1 #include "PlatformData.h" |
| 35671 | |
| 35672 | |
| 35673 | C.2.3. Functions |
| 35674 | |
| 35675 | C.2.3.1. _plat__IsCanceled() |
| 35676 | |
| 35677 | Check if the cancel flag is set |
| 35678 | |
| 35679 | Return Value Meaning |
| 35680 | |
| 35681 | TRUE if cancel flag is set |
| 35682 | FALSE if cancel flag is not set |
| 35683 | |
| 35684 | 2 LIB_EXPORT BOOL |
| 35685 | 3 _plat__IsCanceled( |
| 35686 | 4 void |
| 35687 | 5 ) |
| 35688 | 6 { |
| 35689 | 7 // return cancel flag |
| 35690 | 8 return s_isCanceled; |
| 35691 | 9 } |
| 35692 | |
| 35693 | |
| 35694 | C.2.3.2. _plat__SetCancel() |
| 35695 | |
| 35696 | Set cancel flag. |
| 35697 | |
| 35698 | 10 LIB_EXPORT void |
| 35699 | 11 _plat__SetCancel( |
| 35700 | 12 void |
| 35701 | 13 ) |
| 35702 | 14 { |
| 35703 | 15 s_isCanceled = TRUE; |
| 35704 | 16 return; |
| 35705 | 17 } |
| 35706 | |
| 35707 | |
| 35708 | |
| 35709 | |
| 35710 | Family "2.0" TCG Published Page 517 |
| 35711 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 35712 | Trusted Platform Module Library Part 4: Supporting Routines |
| 35713 | |
| 35714 | C.2.3.3. _plat__ClearCancel() |
| 35715 | |
| 35716 | Clear cancel flag |
| 35717 | |
| 35718 | 18 LIB_EXPORT void |
| 35719 | 19 _plat__ClearCancel( |
| 35720 | 20 void |
| 35721 | 21 ) |
| 35722 | 22 { |
| 35723 | 23 s_isCanceled = FALSE; |
| 35724 | 24 return; |
| 35725 | 25 } |
| 35726 | |
| 35727 | |
| 35728 | |
| 35729 | |
| 35730 | Page 518 TCG Published Family "2.0" |
| 35731 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 35732 | Part 4: Supporting Routines Trusted Platform Module Library |
| 35733 | |
| 35734 | |
| 35735 | C.3 Clock.c |
| 35736 | |
| 35737 | C.3.1. Introduction |
| 35738 | |
| 35739 | This file contains the routines that are used by the simulator to mimic a hardware clock on a TPM. In this |
| 35740 | implementation, all the time values are measured in millisecond. However, the precision of the clock |
| 35741 | functions may be implementation dependent. |
| 35742 | |
| 35743 | C.3.2. Includes and Data Definitions |
| 35744 | |
| 35745 | 1 #include <time.h> |
| 35746 | 2 #include "PlatformData.h" |
| 35747 | 3 #include "Platform.h" |
| 35748 | |
| 35749 | |
| 35750 | C.3.3. Functions |
| 35751 | |
| 35752 | C.3.3.1. _plat__ClockReset() |
| 35753 | |
| 35754 | Set the current clock time as initial time. This function is called at a power on event to reset the clock |
| 35755 | |
| 35756 | 4 LIB_EXPORT void |
| 35757 | 5 _plat__ClockReset( |
| 35758 | 6 void |
| 35759 | 7 ) |
| 35760 | 8 { |
| 35761 | 9 // Implementation specific: Microsoft C set CLOCKS_PER_SEC to be 1/1000, |
| 35762 | 10 // so here the measurement of clock() is in millisecond. |
| 35763 | 11 s_initClock = clock(); |
| 35764 | 12 s_adjustRate = CLOCK_NOMINAL; |
| 35765 | 13 |
| 35766 | 14 return; |
| 35767 | 15 } |
| 35768 | |
| 35769 | |
| 35770 | C.3.3.2. _plat__ClockTimeFromStart() |
| 35771 | |
| 35772 | Function returns the compensated time from the start of the command when |
| 35773 | _plat__ClockTimeFromStart() was called. |
| 35774 | |
| 35775 | 16 unsigned long long |
| 35776 | 17 _plat__ClockTimeFromStart( |
| 35777 | 18 void |
| 35778 | 19 ) |
| 35779 | 20 { |
| 35780 | 21 unsigned long long currentClock = clock(); |
| 35781 | 22 return ((currentClock - s_initClock) * CLOCK_NOMINAL) / s_adjustRate; |
| 35782 | 23 } |
| 35783 | |
| 35784 | |
| 35785 | C.3.3.3. _plat__ClockTimeElapsed() |
| 35786 | |
| 35787 | Get the time elapsed from current to the last time the _plat__ClockTimeElapsed() is called. For the first |
| 35788 | _plat__ClockTimeElapsed() call after a power on event, this call report the elapsed time from power on to |
| 35789 | the current call |
| 35790 | |
| 35791 | 24 LIB_EXPORT unsigned long long |
| 35792 | 25 _plat__ClockTimeElapsed( |
| 35793 | 26 void |
| 35794 | |
| 35795 | |
| 35796 | Family "2.0" TCG Published Page 519 |
| 35797 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 35798 | Trusted Platform Module Library Part 4: Supporting Routines |
| 35799 | |
| 35800 | 27 ) |
| 35801 | 28 { |
| 35802 | 29 unsigned long long elapsed; |
| 35803 | 30 unsigned long long currentClock = clock(); |
| 35804 | 31 elapsed = ((currentClock - s_initClock) * CLOCK_NOMINAL) / s_adjustRate; |
| 35805 | 32 s_initClock += (elapsed * s_adjustRate) / CLOCK_NOMINAL; |
| 35806 | 33 |
| 35807 | 34 #ifdef DEBUGGING_TIME |
| 35808 | 35 // Put this in so that TPM time will pass much faster than real time when |
| 35809 | 36 // doing debug. |
| 35810 | 37 // A value of 1000 for DEBUG_TIME_MULTIPLER will make each ms into a second |
| 35811 | 38 // A good value might be 100 |
| 35812 | 39 elapsed *= DEBUG_TIME_MULTIPLIER |
| 35813 | 40 #endif |
| 35814 | 41 return elapsed; |
| 35815 | 42 } |
| 35816 | |
| 35817 | |
| 35818 | C.3.3.4. _plat__ClockAdjustRate() |
| 35819 | |
| 35820 | Adjust the clock rate |
| 35821 | |
| 35822 | 43 LIB_EXPORT void |
| 35823 | 44 _plat__ClockAdjustRate( |
| 35824 | 45 int adjust // IN: the adjust number. It could be positive |
| 35825 | 46 // or negative |
| 35826 | 47 ) |
| 35827 | 48 { |
| 35828 | 49 // We expect the caller should only use a fixed set of constant values to |
| 35829 | 50 // adjust the rate |
| 35830 | 51 switch(adjust) |
| 35831 | 52 { |
| 35832 | 53 case CLOCK_ADJUST_COARSE: |
| 35833 | 54 s_adjustRate += CLOCK_ADJUST_COARSE; |
| 35834 | 55 break; |
| 35835 | 56 case -CLOCK_ADJUST_COARSE: |
| 35836 | 57 s_adjustRate -= CLOCK_ADJUST_COARSE; |
| 35837 | 58 break; |
| 35838 | 59 case CLOCK_ADJUST_MEDIUM: |
| 35839 | 60 s_adjustRate += CLOCK_ADJUST_MEDIUM; |
| 35840 | 61 break; |
| 35841 | 62 case -CLOCK_ADJUST_MEDIUM: |
| 35842 | 63 s_adjustRate -= CLOCK_ADJUST_MEDIUM; |
| 35843 | 64 break; |
| 35844 | 65 case CLOCK_ADJUST_FINE: |
| 35845 | 66 s_adjustRate += CLOCK_ADJUST_FINE; |
| 35846 | 67 break; |
| 35847 | 68 case -CLOCK_ADJUST_FINE: |
| 35848 | 69 s_adjustRate -= CLOCK_ADJUST_FINE; |
| 35849 | 70 break; |
| 35850 | 71 default: |
| 35851 | 72 // ignore any other values; |
| 35852 | 73 break; |
| 35853 | 74 } |
| 35854 | 75 |
| 35855 | 76 if(s_adjustRate > (CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT)) |
| 35856 | 77 s_adjustRate = CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT; |
| 35857 | 78 if(s_adjustRate < (CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT)) |
| 35858 | 79 s_adjustRate = CLOCK_NOMINAL-CLOCK_ADJUST_LIMIT; |
| 35859 | 80 |
| 35860 | 81 return; |
| 35861 | 82 } |
| 35862 | |
| 35863 | |
| 35864 | |
| 35865 | |
| 35866 | Page 520 TCG Published Family "2.0" |
| 35867 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 35868 | Part 4: Supporting Routines Trusted Platform Module Library |
| 35869 | |
| 35870 | |
| 35871 | C.4 Entropy.c |
| 35872 | |
| 35873 | C.4.1. Includes |
| 35874 | |
| 35875 | 1 #define _CRT_RAND_S |
| 35876 | 2 #include <stdlib.h> |
| 35877 | 3 #include <stdint.h> |
| 35878 | 4 #include <memory.h> |
| 35879 | 5 #include "TpmBuildSwitches.h" |
| 35880 | |
| 35881 | |
| 35882 | C.4.2. Local values |
| 35883 | |
| 35884 | This is the last 32-bits of hardware entropy produced. We have to check to see that two consecutive 32- |
| 35885 | bit values are not the same because (according to FIPS 140-2, annex C |
| 35886 | “If each call to a RNG produces blocks of n bits (where n > 15), the first n-bit block generated after |
| 35887 | power-up, initialization, or reset shall not be used, but shall be saved for comparison with the next n- |
| 35888 | bit block to be generated. Each subsequent generation of an n-bit block shall be compared with the |
| 35889 | previously generated block. The test shall fail if any two compared n-bit blocks are equal.” |
| 35890 | |
| 35891 | 6 extern uint32_t lastEntropy; |
| 35892 | 7 extern int firstValue; |
| 35893 | |
| 35894 | |
| 35895 | C.4.3. _plat__GetEntropy() |
| 35896 | |
| 35897 | This function is used to get available hardware entropy. In a hardware implementation of this function, |
| 35898 | there would be no call to the system to get entropy. If the caller does not ask for any entropy, then this is |
| 35899 | a startup indication and firstValue should be reset. |
| 35900 | |
| 35901 | Return Value Meaning |
| 35902 | |
| 35903 | <0 hardware failure of the entropy generator, this is sticky |
| 35904 | >= 0 the returned amount of entropy (bytes) |
| 35905 | |
| 35906 | 8 LIB_EXPORT int32_t |
| 35907 | 9 _plat__GetEntropy( |
| 35908 | 10 unsigned char *entropy, // output buffer |
| 35909 | 11 uint32_t amount // amount requested |
| 35910 | 12 ) |
| 35911 | 13 { |
| 35912 | 14 uint32_t rndNum; |
| 35913 | 15 int OK = 1; |
| 35914 | 16 |
| 35915 | 17 if(amount == 0) |
| 35916 | 18 { |
| 35917 | 19 firstValue = 1; |
| 35918 | 20 return 0; |
| 35919 | 21 } |
| 35920 | 22 |
| 35921 | 23 // Only provide entropy 32 bits at a time to test the ability |
| 35922 | 24 // of the caller to deal with partial results. |
| 35923 | 25 OK = rand_s(&rndNum) == 0; |
| 35924 | 26 if(OK) |
| 35925 | 27 { |
| 35926 | 28 if(firstValue) |
| 35927 | 29 firstValue = 0; |
| 35928 | 30 else |
| 35929 | 31 OK = (rndNum != lastEntropy); |
| 35930 | 32 } |
| 35931 | |
| 35932 | |
| 35933 | Family "2.0" TCG Published Page 521 |
| 35934 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 35935 | Trusted Platform Module Library Part 4: Supporting Routines |
| 35936 | |
| 35937 | 33 if(OK) |
| 35938 | 34 { |
| 35939 | 35 lastEntropy = rndNum; |
| 35940 | 36 if(amount > sizeof(rndNum)) |
| 35941 | 37 amount = sizeof(rndNum); |
| 35942 | 38 memcpy(entropy, &rndNum, amount); |
| 35943 | 39 } |
| 35944 | 40 return (OK) ? (int32_t)amount : -1; |
| 35945 | 41 } |
| 35946 | |
| 35947 | |
| 35948 | |
| 35949 | |
| 35950 | Page 522 TCG Published Family "2.0" |
| 35951 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 35952 | Part 4: Supporting Routines Trusted Platform Module Library |
| 35953 | |
| 35954 | |
| 35955 | C.5 LocalityPlat.c |
| 35956 | |
| 35957 | C.5.1. Includes |
| 35958 | |
| 35959 | 1 #include "PlatformData.h" |
| 35960 | 2 #include "TpmError.h" |
| 35961 | |
| 35962 | |
| 35963 | C.5.2. Functions |
| 35964 | |
| 35965 | C.5.2.1. _plat__LocalityGet() |
| 35966 | |
| 35967 | Get the most recent command locality in locality value form. This is an integer value for locality and not a |
| 35968 | locality structure The locality can be 0-4 or 32-255. 5-31 is not allowed. |
| 35969 | |
| 35970 | 3 LIB_EXPORT unsigned char |
| 35971 | 4 _plat__LocalityGet( |
| 35972 | 5 void |
| 35973 | 6 ) |
| 35974 | 7 { |
| 35975 | 8 return s_locality; |
| 35976 | 9 } |
| 35977 | |
| 35978 | |
| 35979 | C.5.2.2. _plat__LocalitySet() |
| 35980 | |
| 35981 | Set the most recent command locality in locality value form |
| 35982 | |
| 35983 | 10 LIB_EXPORT void |
| 35984 | 11 _plat__LocalitySet( |
| 35985 | 12 unsigned char locality |
| 35986 | 13 ) |
| 35987 | 14 { |
| 35988 | 15 if(locality > 4 && locality < 32) |
| 35989 | 16 locality = 0; |
| 35990 | 17 s_locality = locality; |
| 35991 | 18 return; |
| 35992 | 19 } |
| 35993 | |
| 35994 | |
| 35995 | C.5.2.3. _plat__IsRsaKeyCacheEnabled() |
| 35996 | |
| 35997 | This function is used to check if the RSA key cache is enabled or not. |
| 35998 | |
| 35999 | 20 LIB_EXPORT int |
| 36000 | 21 _plat__IsRsaKeyCacheEnabled( |
| 36001 | 22 void |
| 36002 | 23 ) |
| 36003 | 24 { |
| 36004 | 25 return s_RsaKeyCacheEnabled; |
| 36005 | 26 } |
| 36006 | |
| 36007 | |
| 36008 | |
| 36009 | |
| 36010 | Family "2.0" TCG Published Page 523 |
| 36011 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 36012 | Trusted Platform Module Library Part 4: Supporting Routines |
| 36013 | |
| 36014 | |
| 36015 | C.6 NVMem.c |
| 36016 | |
| 36017 | C.6.1. Introduction |
| 36018 | |
| 36019 | This file contains the NV read and write access methods. This implementation uses RAM/file and does |
| 36020 | not manage the RAM/file as NV blocks. The implementation may become more sophisticated over time. |
| 36021 | |
| 36022 | C.6.2. Includes |
| 36023 | |
| 36024 | 1 #include <memory.h> |
| 36025 | 2 #include <string.h> |
| 36026 | 3 #include "PlatformData.h" |
| 36027 | 4 #include "TpmError.h" |
| 36028 | 5 #include "assert.h" |
| 36029 | |
| 36030 | |
| 36031 | C.6.3. Functions |
| 36032 | |
| 36033 | C.6.3.1. _plat__NvErrors() |
| 36034 | |
| 36035 | This function is used by the simulator to set the error flags in the NV subsystem to simulate an error in the |
| 36036 | NV loading process |
| 36037 | |
| 36038 | 6 LIB_EXPORT void |
| 36039 | 7 _plat__NvErrors( |
| 36040 | 8 BOOL recoverable, |
| 36041 | 9 BOOL unrecoverable |
| 36042 | 10 ) |
| 36043 | 11 { |
| 36044 | 12 s_NV_unrecoverable = unrecoverable; |
| 36045 | 13 s_NV_recoverable = recoverable; |
| 36046 | 14 } |
| 36047 | |
| 36048 | |
| 36049 | C.6.3.2. _plat__NVEnable() |
| 36050 | |
| 36051 | Enable NV memory. |
| 36052 | This version just pulls in data from a file. In a real TPM, with NV on chip, this function would verify the |
| 36053 | integrity of the saved context. If the NV memory was not on chip but was in something like RPMB, the NV |
| 36054 | state would be read in, decrypted and integrity checked. |
| 36055 | The recovery from an integrity failure depends on where the error occurred. It it was in the state that is |
| 36056 | discarded by TPM Reset, then the error is recoverable if the TPM is reset. Otherwise, the TPM must go |
| 36057 | into failure mode. |
| 36058 | |
| 36059 | Return Value Meaning |
| 36060 | |
| 36061 | 0 if success |
| 36062 | >0 if receive recoverable error |
| 36063 | <0 if unrecoverable error |
| 36064 | |
| 36065 | 15 LIB_EXPORT int |
| 36066 | 16 _plat__NVEnable( |
| 36067 | 17 void *platParameter // IN: platform specific parameter |
| 36068 | 18 ) |
| 36069 | 19 { |
| 36070 | 20 (platParameter); // to keep compiler quiet |
| 36071 | 21 // Start assuming everything is OK |
| 36072 | |
| 36073 | Page 524 TCG Published Family "2.0" |
| 36074 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 36075 | Part 4: Supporting Routines Trusted Platform Module Library |
| 36076 | |
| 36077 | 22 s_NV_unrecoverable = FALSE; |
| 36078 | 23 s_NV_recoverable = FALSE; |
| 36079 | 24 |
| 36080 | 25 #ifdef FILE_BACKED_NV |
| 36081 | 26 |
| 36082 | 27 if(s_NVFile != NULL) return 0; |
| 36083 | 28 |
| 36084 | 29 // Try to open an exist NVChip file for read/write |
| 36085 | 30 if(0 != fopen_s(&s_NVFile, "NVChip", "r+b")) |
| 36086 | 31 s_NVFile = NULL; |
| 36087 | 32 |
| 36088 | 33 if(NULL != s_NVFile) |
| 36089 | 34 { |
| 36090 | 35 // See if the NVChip file is empty |
| 36091 | 36 fseek(s_NVFile, 0, SEEK_END); |
| 36092 | 37 if(0 == ftell(s_NVFile)) |
| 36093 | 38 s_NVFile = NULL; |
| 36094 | 39 } |
| 36095 | 40 |
| 36096 | 41 if(s_NVFile == NULL) |
| 36097 | 42 { |
| 36098 | 43 // Initialize all the byte in the new file to 0 |
| 36099 | 44 memset(s_NV, 0, NV_MEMORY_SIZE); |
| 36100 | 45 |
| 36101 | 46 // If NVChip file does not exist, try to create it for read/write |
| 36102 | 47 fopen_s(&s_NVFile, "NVChip", "w+b"); |
| 36103 | 48 // Start initialize at the end of new file |
| 36104 | 49 fseek(s_NVFile, 0, SEEK_END); |
| 36105 | 50 // Write 0s to NVChip file |
| 36106 | 51 fwrite(s_NV, 1, NV_MEMORY_SIZE, s_NVFile); |
| 36107 | 52 } |
| 36108 | 53 else |
| 36109 | 54 { |
| 36110 | 55 // If NVChip file exist, assume the size is correct |
| 36111 | 56 fseek(s_NVFile, 0, SEEK_END); |
| 36112 | 57 assert(ftell(s_NVFile) == NV_MEMORY_SIZE); |
| 36113 | 58 // read NV file data to memory |
| 36114 | 59 fseek(s_NVFile, 0, SEEK_SET); |
| 36115 | 60 fread(s_NV, NV_MEMORY_SIZE, 1, s_NVFile); |
| 36116 | 61 } |
| 36117 | 62 #endif |
| 36118 | 63 // NV contents have been read and the error checks have been performed. For |
| 36119 | 64 // simulation purposes, use the signaling interface to indicate if an error is |
| 36120 | 65 // to be simulated and the type of the error. |
| 36121 | 66 if(s_NV_unrecoverable) |
| 36122 | 67 return -1; |
| 36123 | 68 return s_NV_recoverable; |
| 36124 | 69 } |
| 36125 | |
| 36126 | |
| 36127 | C.6.3.3. _plat__NVDisable() |
| 36128 | |
| 36129 | Disable NV memory |
| 36130 | |
| 36131 | 70 LIB_EXPORT void |
| 36132 | 71 _plat__NVDisable( |
| 36133 | 72 void |
| 36134 | 73 ) |
| 36135 | 74 { |
| 36136 | 75 #ifdef FILE_BACKED_NV |
| 36137 | 76 |
| 36138 | 77 assert(s_NVFile != NULL); |
| 36139 | 78 // Close NV file |
| 36140 | 79 fclose(s_NVFile); |
| 36141 | 80 // Set file handle to NULL |
| 36142 | |
| 36143 | |
| 36144 | Family "2.0" TCG Published Page 525 |
| 36145 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 36146 | Trusted Platform Module Library Part 4: Supporting Routines |
| 36147 | |
| 36148 | 81 s_NVFile = NULL; |
| 36149 | 82 |
| 36150 | 83 #endif |
| 36151 | 84 |
| 36152 | 85 return; |
| 36153 | 86 } |
| 36154 | |
| 36155 | |
| 36156 | C.6.3.4. _plat__IsNvAvailable() |
| 36157 | |
| 36158 | Check if NV is available |
| 36159 | |
| 36160 | Return Value Meaning |
| 36161 | |
| 36162 | 0 NV is available |
| 36163 | 1 NV is not available due to write failure |
| 36164 | 2 NV is not available due to rate limit |
| 36165 | |
| 36166 | 87 LIB_EXPORT int |
| 36167 | 88 _plat__IsNvAvailable( |
| 36168 | 89 void |
| 36169 | 90 ) |
| 36170 | 91 { |
| 36171 | 92 // NV is not available if the TPM is in failure mode |
| 36172 | 93 if(!s_NvIsAvailable) |
| 36173 | 94 return 1; |
| 36174 | 95 |
| 36175 | 96 #ifdef FILE_BACKED_NV |
| 36176 | 97 if(s_NVFile == NULL) |
| 36177 | 98 return 1; |
| 36178 | 99 #endif |
| 36179 | 100 |
| 36180 | 101 return 0; |
| 36181 | 102 |
| 36182 | 103 } |
| 36183 | |
| 36184 | |
| 36185 | C.6.3.5. _plat__NvMemoryRead() |
| 36186 | |
| 36187 | Function: Read a chunk of NV memory |
| 36188 | |
| 36189 | 104 LIB_EXPORT void |
| 36190 | 105 _plat__NvMemoryRead( |
| 36191 | 106 unsigned int startOffset, // IN: read start |
| 36192 | 107 unsigned int size, // IN: size of bytes to read |
| 36193 | 108 void *data // OUT: data buffer |
| 36194 | 109 ) |
| 36195 | 110 { |
| 36196 | 111 assert(startOffset + size <= NV_MEMORY_SIZE); |
| 36197 | 112 |
| 36198 | 113 // Copy data from RAM |
| 36199 | 114 memcpy(data, &s_NV[startOffset], size); |
| 36200 | 115 return; |
| 36201 | 116 } |
| 36202 | |
| 36203 | |
| 36204 | C.6.3.6. _plat__NvIsDifferent() |
| 36205 | |
| 36206 | This function checks to see if the NV is different from the test value. This is so that NV will not be written if |
| 36207 | it has not changed. |
| 36208 | |
| 36209 | |
| 36210 | |
| 36211 | |
| 36212 | Page 526 TCG Published Family "2.0" |
| 36213 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 36214 | Part 4: Supporting Routines Trusted Platform Module Library |
| 36215 | |
| 36216 | |
| 36217 | Return Value Meaning |
| 36218 | |
| 36219 | TRUE the NV location is different from the test value |
| 36220 | FALSE the NV location is the same as the test value |
| 36221 | |
| 36222 | 117 LIB_EXPORT BOOL |
| 36223 | 118 _plat__NvIsDifferent( |
| 36224 | 119 unsigned int startOffset, // IN: read start |
| 36225 | 120 unsigned int size, // IN: size of bytes to read |
| 36226 | 121 void *data // IN: data buffer |
| 36227 | 122 ) |
| 36228 | 123 { |
| 36229 | 124 return (memcmp(&s_NV[startOffset], data, size) != 0); |
| 36230 | 125 } |
| 36231 | |
| 36232 | |
| 36233 | C.6.3.7. _plat__NvMemoryWrite() |
| 36234 | |
| 36235 | This function is used to update NV memory. The write is to a memory copy of NV. At the end of the |
| 36236 | current command, any changes are written to the actual NV memory. |
| 36237 | |
| 36238 | 126 LIB_EXPORT void |
| 36239 | 127 _plat__NvMemoryWrite( |
| 36240 | 128 unsigned int startOffset, // IN: write start |
| 36241 | 129 unsigned int size, // IN: size of bytes to write |
| 36242 | 130 void *data // OUT: data buffer |
| 36243 | 131 ) |
| 36244 | 132 { |
| 36245 | 133 assert(startOffset + size <= NV_MEMORY_SIZE); |
| 36246 | 134 |
| 36247 | 135 // Copy the data to the NV image |
| 36248 | 136 memcpy(&s_NV[startOffset], data, size); |
| 36249 | 137 } |
| 36250 | |
| 36251 | |
| 36252 | C.6.3.8. _plat__NvMemoryMove() |
| 36253 | |
| 36254 | Function: Move a chunk of NV memory from source to destination This function should ensure that if |
| 36255 | there overlap, the original data is copied before it is written |
| 36256 | |
| 36257 | 138 LIB_EXPORT void |
| 36258 | 139 _plat__NvMemoryMove( |
| 36259 | 140 unsigned int sourceOffset, // IN: source offset |
| 36260 | 141 unsigned int destOffset, // IN: destination offset |
| 36261 | 142 unsigned int size // IN: size of data being moved |
| 36262 | 143 ) |
| 36263 | 144 { |
| 36264 | 145 assert(sourceOffset + size <= NV_MEMORY_SIZE); |
| 36265 | 146 assert(destOffset + size <= NV_MEMORY_SIZE); |
| 36266 | 147 |
| 36267 | 148 // Move data in RAM |
| 36268 | 149 memmove(&s_NV[destOffset], &s_NV[sourceOffset], size); |
| 36269 | 150 |
| 36270 | 151 return; |
| 36271 | 152 } |
| 36272 | |
| 36273 | |
| 36274 | C.6.3.9. _plat__NvCommit() |
| 36275 | |
| 36276 | Update NV chip |
| 36277 | |
| 36278 | |
| 36279 | |
| 36280 | Family "2.0" TCG Published Page 527 |
| 36281 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 36282 | Trusted Platform Module Library Part 4: Supporting Routines |
| 36283 | |
| 36284 | |
| 36285 | Return Value Meaning |
| 36286 | |
| 36287 | 0 NV write success |
| 36288 | non-0 NV write fail |
| 36289 | |
| 36290 | 153 LIB_EXPORT int |
| 36291 | 154 _plat__NvCommit( |
| 36292 | 155 void |
| 36293 | 156 ) |
| 36294 | 157 { |
| 36295 | 158 #ifdef FILE_BACKED_NV |
| 36296 | 159 // If NV file is not available, return failure |
| 36297 | 160 if(s_NVFile == NULL) |
| 36298 | 161 return 1; |
| 36299 | 162 |
| 36300 | 163 // Write RAM data to NV |
| 36301 | 164 fseek(s_NVFile, 0, SEEK_SET); |
| 36302 | 165 fwrite(s_NV, 1, NV_MEMORY_SIZE, s_NVFile); |
| 36303 | 166 return 0; |
| 36304 | 167 #else |
| 36305 | 168 return 0; |
| 36306 | 169 #endif |
| 36307 | 170 |
| 36308 | 171 } |
| 36309 | |
| 36310 | |
| 36311 | C.6.3.10. _plat__SetNvAvail() |
| 36312 | |
| 36313 | Set the current NV state to available. This function is for testing purpose only. It is not part of the |
| 36314 | platform NV logic |
| 36315 | |
| 36316 | 172 LIB_EXPORT void |
| 36317 | 173 _plat__SetNvAvail( |
| 36318 | 174 void |
| 36319 | 175 ) |
| 36320 | 176 { |
| 36321 | 177 s_NvIsAvailable = TRUE; |
| 36322 | 178 return; |
| 36323 | 179 } |
| 36324 | |
| 36325 | |
| 36326 | C.6.3.11. _plat__ClearNvAvail() |
| 36327 | |
| 36328 | Set the current NV state to unavailable. This function is for testing purpose only. It is not part of the |
| 36329 | platform NV logic |
| 36330 | |
| 36331 | 180 LIB_EXPORT void |
| 36332 | 181 _plat__ClearNvAvail( |
| 36333 | 182 void |
| 36334 | 183 ) |
| 36335 | 184 { |
| 36336 | 185 s_NvIsAvailable = FALSE; |
| 36337 | 186 return; |
| 36338 | 187 } |
| 36339 | |
| 36340 | |
| 36341 | |
| 36342 | |
| 36343 | Page 528 TCG Published Family "2.0" |
| 36344 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 36345 | Part 4: Supporting Routines Trusted Platform Module Library |
| 36346 | |
| 36347 | |
| 36348 | C.7 PowerPlat.c |
| 36349 | |
| 36350 | C.7.1. Includes and Function Prototypes |
| 36351 | |
| 36352 | 1 #include "PlatformData.h" |
| 36353 | 2 #include "Platform.h" |
| 36354 | |
| 36355 | |
| 36356 | C.7.2. Functions |
| 36357 | |
| 36358 | C.7.2.1. _plat__Signal_PowerOn() |
| 36359 | |
| 36360 | Signal platform power on |
| 36361 | |
| 36362 | 3 LIB_EXPORT int |
| 36363 | 4 _plat__Signal_PowerOn( |
| 36364 | 5 void |
| 36365 | 6 ) |
| 36366 | 7 { |
| 36367 | 8 // Start clock |
| 36368 | 9 _plat__ClockReset(); |
| 36369 | 10 |
| 36370 | 11 // Initialize locality |
| 36371 | 12 s_locality = 0; |
| 36372 | 13 |
| 36373 | 14 // Command cancel |
| 36374 | 15 s_isCanceled = FALSE; |
| 36375 | 16 |
| 36376 | 17 // Need to indicate that we lost power |
| 36377 | 18 s_powerLost = TRUE; |
| 36378 | 19 |
| 36379 | 20 return 0; |
| 36380 | 21 } |
| 36381 | |
| 36382 | |
| 36383 | C.7.2.2. _plat__WasPowerLost() |
| 36384 | |
| 36385 | Test whether power was lost before a _TPM_Init() |
| 36386 | |
| 36387 | 22 LIB_EXPORT BOOL |
| 36388 | 23 _plat__WasPowerLost( |
| 36389 | 24 BOOL clear |
| 36390 | 25 ) |
| 36391 | 26 { |
| 36392 | 27 BOOL retVal = s_powerLost; |
| 36393 | 28 if(clear) |
| 36394 | 29 s_powerLost = FALSE; |
| 36395 | 30 return retVal; |
| 36396 | 31 } |
| 36397 | |
| 36398 | |
| 36399 | C.7.2.3. _plat_Signal_Reset() |
| 36400 | |
| 36401 | This a TPM reset without a power loss. |
| 36402 | |
| 36403 | 32 LIB_EXPORT int |
| 36404 | 33 _plat__Signal_Reset( |
| 36405 | 34 void |
| 36406 | 35 ) |
| 36407 | 36 { |
| 36408 | 37 // Need to reset the clock |
| 36409 | 38 _plat__ClockReset(); |
| 36410 | |
| 36411 | Family "2.0" TCG Published Page 529 |
| 36412 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 36413 | Trusted Platform Module Library Part 4: Supporting Routines |
| 36414 | |
| 36415 | 39 |
| 36416 | 40 // if we are doing reset but did not have a power failure, then we should |
| 36417 | 41 // not need to reload NV ... |
| 36418 | 42 return 0; |
| 36419 | 43 } |
| 36420 | |
| 36421 | |
| 36422 | C.7.2.4. _plat__Signal_PowerOff() |
| 36423 | |
| 36424 | Signal platform power off |
| 36425 | |
| 36426 | 44 LIB_EXPORT void |
| 36427 | 45 _plat__Signal_PowerOff( |
| 36428 | 46 void |
| 36429 | 47 ) |
| 36430 | 48 { |
| 36431 | 49 // Prepare NV memory for power off |
| 36432 | 50 _plat__NVDisable(); |
| 36433 | 51 |
| 36434 | 52 return; |
| 36435 | 53 } |
| 36436 | |
| 36437 | |
| 36438 | |
| 36439 | |
| 36440 | Page 530 TCG Published Family "2.0" |
| 36441 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 36442 | Part 4: Supporting Routines Trusted Platform Module Library |
| 36443 | |
| 36444 | |
| 36445 | C.8 Platform.h |
| 36446 | |
| 36447 | 1 #ifndef PLATFORM_H |
| 36448 | 2 #define PLATFORM_H |
| 36449 | |
| 36450 | |
| 36451 | C.8.1. Includes and Defines |
| 36452 | |
| 36453 | 3 #include "bool.h" |
| 36454 | 4 #include "stdint.h" |
| 36455 | 5 #include "TpmError.h" |
| 36456 | 6 #include "TpmBuildSwitches.h" |
| 36457 | 7 #define UNREFERENCED(a) ((void)(a)) |
| 36458 | |
| 36459 | |
| 36460 | C.8.2. Power Functions |
| 36461 | |
| 36462 | C.8.2.1. _plat__Signal_PowerOn |
| 36463 | |
| 36464 | Signal power on This signal is simulate by a RPC call |
| 36465 | |
| 36466 | 8 LIB_EXPORT int |
| 36467 | 9 _plat__Signal_PowerOn(void); |
| 36468 | |
| 36469 | |
| 36470 | C.8.2.2. _plat__Signal_Reset |
| 36471 | |
| 36472 | Signal reset This signal is simulate by a RPC call |
| 36473 | |
| 36474 | 10 LIB_EXPORT int |
| 36475 | 11 _plat__Signal_Reset(void); |
| 36476 | |
| 36477 | |
| 36478 | C.8.2.3. _plat__WasPowerLost() |
| 36479 | |
| 36480 | Indicates if the power was lost before a _TPM__Init(). |
| 36481 | |
| 36482 | 12 LIB_EXPORT BOOL |
| 36483 | 13 _plat__WasPowerLost(BOOL clear); |
| 36484 | |
| 36485 | |
| 36486 | C.8.2.4. _plat__Signal_PowerOff() |
| 36487 | |
| 36488 | Signal power off This signal is simulate by a RPC call |
| 36489 | |
| 36490 | 14 LIB_EXPORT void |
| 36491 | 15 _plat__Signal_PowerOff(void); |
| 36492 | |
| 36493 | |
| 36494 | C.8.3. Physical Presence Functions |
| 36495 | |
| 36496 | C.8.3.1. _plat__PhysicalPresenceAsserted() |
| 36497 | |
| 36498 | Check if physical presence is signaled |
| 36499 | |
| 36500 | |
| 36501 | |
| 36502 | |
| 36503 | Family "2.0" TCG Published Page 531 |
| 36504 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 36505 | Trusted Platform Module Library Part 4: Supporting Routines |
| 36506 | |
| 36507 | |
| 36508 | Return Value Meaning |
| 36509 | |
| 36510 | TRUE if physical presence is signaled |
| 36511 | FALSE if physical presence is not signaled |
| 36512 | |
| 36513 | 16 LIB_EXPORT BOOL |
| 36514 | 17 _plat__PhysicalPresenceAsserted(void); |
| 36515 | |
| 36516 | |
| 36517 | C.8.3.2. _plat__Signal_PhysicalPresenceOn |
| 36518 | |
| 36519 | Signal physical presence on This signal is simulate by a RPC call |
| 36520 | |
| 36521 | 18 LIB_EXPORT void |
| 36522 | 19 _plat__Signal_PhysicalPresenceOn(void); |
| 36523 | |
| 36524 | |
| 36525 | C.8.3.3. _plat__Signal_PhysicalPresenceOff() |
| 36526 | |
| 36527 | Signal physical presence off This signal is simulate by a RPC call |
| 36528 | |
| 36529 | 20 LIB_EXPORT void |
| 36530 | 21 _plat__Signal_PhysicalPresenceOff(void); |
| 36531 | |
| 36532 | |
| 36533 | C.8.4. Command Canceling Functions |
| 36534 | |
| 36535 | C.8.4.1. _plat__IsCanceled() |
| 36536 | |
| 36537 | Check if the cancel flag is set |
| 36538 | |
| 36539 | Return Value Meaning |
| 36540 | |
| 36541 | TRUE if cancel flag is set |
| 36542 | FALSE if cancel flag is not set |
| 36543 | |
| 36544 | 22 LIB_EXPORT BOOL |
| 36545 | 23 _plat__IsCanceled(void); |
| 36546 | |
| 36547 | |
| 36548 | C.8.4.2. _plat__SetCancel() |
| 36549 | |
| 36550 | Set cancel flag. |
| 36551 | |
| 36552 | 24 LIB_EXPORT void |
| 36553 | 25 _plat__SetCancel(void); |
| 36554 | |
| 36555 | |
| 36556 | C.8.4.3. _plat__ClearCancel() |
| 36557 | |
| 36558 | Clear cancel flag |
| 36559 | |
| 36560 | 26 LIB_EXPORT void |
| 36561 | 27 _plat__ClearCancel( void); |
| 36562 | |
| 36563 | |
| 36564 | |
| 36565 | |
| 36566 | Page 532 TCG Published Family "2.0" |
| 36567 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 36568 | Part 4: Supporting Routines Trusted Platform Module Library |
| 36569 | |
| 36570 | C.8.5. NV memory functions |
| 36571 | |
| 36572 | C.8.5.1. _plat__NvErrors() |
| 36573 | |
| 36574 | This function is used by the simulator to set the error flags in the NV subsystem to simulate an error in the |
| 36575 | NV loading process |
| 36576 | |
| 36577 | 28 LIB_EXPORT void |
| 36578 | 29 _plat__NvErrors( |
| 36579 | 30 BOOL recoverable, |
| 36580 | 31 BOOL unrecoverable |
| 36581 | 32 ); |
| 36582 | |
| 36583 | |
| 36584 | C.8.5.2. _plat__NVEnable() |
| 36585 | |
| 36586 | Enable platform NV memory NV memory is automatically enabled at power on event. This function is |
| 36587 | mostly for TPM_Manufacture() to access NV memory without a power on event |
| 36588 | |
| 36589 | Return Value Meaning |
| 36590 | |
| 36591 | 0 if success |
| 36592 | non-0 if fail |
| 36593 | |
| 36594 | 33 LIB_EXPORT int |
| 36595 | 34 _plat__NVEnable( |
| 36596 | 35 void *platParameter // IN: platform specific parameters |
| 36597 | 36 ); |
| 36598 | |
| 36599 | |
| 36600 | C.8.5.3. _plat__NVDisable() |
| 36601 | |
| 36602 | Disable platform NV memory NV memory is automatically disabled at power off event. This function is |
| 36603 | mostly for TPM_Manufacture() to disable NV memory without a power off event |
| 36604 | |
| 36605 | 37 LIB_EXPORT void |
| 36606 | 38 _plat__NVDisable(void); |
| 36607 | |
| 36608 | |
| 36609 | C.8.5.4. _plat__IsNvAvailable() |
| 36610 | |
| 36611 | Check if NV is available |
| 36612 | |
| 36613 | Return Value Meaning |
| 36614 | |
| 36615 | 0 NV is available |
| 36616 | 1 NV is not available due to write failure |
| 36617 | 2 NV is not available due to rate limit |
| 36618 | |
| 36619 | 39 LIB_EXPORT int |
| 36620 | 40 _plat__IsNvAvailable(void); |
| 36621 | |
| 36622 | |
| 36623 | C.8.5.5. _plat__NvCommit() |
| 36624 | |
| 36625 | Update NV chip |
| 36626 | |
| 36627 | |
| 36628 | |
| 36629 | |
| 36630 | Family "2.0" TCG Published Page 533 |
| 36631 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 36632 | Trusted Platform Module Library Part 4: Supporting Routines |
| 36633 | |
| 36634 | |
| 36635 | Return Value Meaning |
| 36636 | |
| 36637 | 0 NV write success |
| 36638 | non-0 NV write fail |
| 36639 | |
| 36640 | 41 LIB_EXPORT int |
| 36641 | 42 _plat__NvCommit(void); |
| 36642 | |
| 36643 | |
| 36644 | C.8.5.6. _plat__NvMemoryRead() |
| 36645 | |
| 36646 | Read a chunk of NV memory |
| 36647 | |
| 36648 | 43 LIB_EXPORT void |
| 36649 | 44 _plat__NvMemoryRead( |
| 36650 | 45 unsigned int startOffset, // IN: read start |
| 36651 | 46 unsigned int size, // IN: size of bytes to read |
| 36652 | 47 void *data // OUT: data buffer |
| 36653 | 48 ); |
| 36654 | |
| 36655 | |
| 36656 | C.8.5.7. _plat__NvIsDifferent() |
| 36657 | |
| 36658 | This function checks to see if the NV is different from the test value. This is so that NV will not be written if |
| 36659 | it has not changed. |
| 36660 | |
| 36661 | Return Value Meaning |
| 36662 | |
| 36663 | TRUE the NV location is different from the test value |
| 36664 | FALSE the NV location is the same as the test value |
| 36665 | |
| 36666 | 49 LIB_EXPORT BOOL |
| 36667 | 50 _plat__NvIsDifferent( |
| 36668 | 51 unsigned int startOffset, // IN: read start |
| 36669 | 52 unsigned int size, // IN: size of bytes to compare |
| 36670 | 53 void *data // IN: data buffer |
| 36671 | 54 ); |
| 36672 | |
| 36673 | |
| 36674 | C.8.5.8. _plat__NvMemoryWrite() |
| 36675 | |
| 36676 | Write a chunk of NV memory |
| 36677 | |
| 36678 | 55 LIB_EXPORT void |
| 36679 | 56 _plat__NvMemoryWrite( |
| 36680 | 57 unsigned int startOffset, // IN: read start |
| 36681 | 58 unsigned int size, // IN: size of bytes to read |
| 36682 | 59 void *data // OUT: data buffer |
| 36683 | 60 ); |
| 36684 | |
| 36685 | |
| 36686 | C.8.5.9. _plat__NvMemoryMove() |
| 36687 | |
| 36688 | Move a chunk of NV memory from source to destination This function should ensure that if there overlap, |
| 36689 | the original data is copied before it is written |
| 36690 | |
| 36691 | 61 LIB_EXPORT void |
| 36692 | 62 _plat__NvMemoryMove( |
| 36693 | 63 unsigned int sourceOffset, // IN: source offset |
| 36694 | 64 unsigned int destOffset, // IN: destination offset |
| 36695 | 65 unsigned int size // IN: size of data being moved |
| 36696 | |
| 36697 | Page 534 TCG Published Family "2.0" |
| 36698 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 36699 | Part 4: Supporting Routines Trusted Platform Module Library |
| 36700 | |
| 36701 | 66 ); |
| 36702 | |
| 36703 | |
| 36704 | C.8.5.10. _plat__SetNvAvail() |
| 36705 | |
| 36706 | Set the current NV state to available. This function is for testing purposes only. It is not part of the |
| 36707 | platform NV logic |
| 36708 | |
| 36709 | 67 LIB_EXPORT void |
| 36710 | 68 _plat__SetNvAvail(void); |
| 36711 | |
| 36712 | |
| 36713 | C.8.5.11. _plat__ClearNvAvail() |
| 36714 | |
| 36715 | Set the current NV state to unavailable. This function is for testing purposes only. It is not part of the |
| 36716 | platform NV logic |
| 36717 | |
| 36718 | 69 LIB_EXPORT void |
| 36719 | 70 _plat__ClearNvAvail(void); |
| 36720 | |
| 36721 | |
| 36722 | C.8.6. Locality Functions |
| 36723 | |
| 36724 | C.8.6.1. _plat__LocalityGet() |
| 36725 | |
| 36726 | Get the most recent command locality in locality value form |
| 36727 | |
| 36728 | 71 LIB_EXPORT unsigned char |
| 36729 | 72 _plat__LocalityGet(void); |
| 36730 | |
| 36731 | |
| 36732 | C.8.6.2. _plat__LocalitySet() |
| 36733 | |
| 36734 | Set the most recent command locality in locality value form |
| 36735 | |
| 36736 | 73 LIB_EXPORT void |
| 36737 | 74 _plat__LocalitySet( |
| 36738 | 75 unsigned char locality |
| 36739 | 76 ); |
| 36740 | |
| 36741 | |
| 36742 | C.8.6.3. _plat__IsRsaKeyCacheEnabled() |
| 36743 | |
| 36744 | This function is used to check if the RSA key cache is enabled or not. |
| 36745 | |
| 36746 | 77 LIB_EXPORT int |
| 36747 | 78 _plat__IsRsaKeyCacheEnabled( |
| 36748 | 79 void |
| 36749 | 80 ); |
| 36750 | |
| 36751 | |
| 36752 | C.8.7. Clock Constants and Functions |
| 36753 | |
| 36754 | Assume that the nominal divisor is 30000 |
| 36755 | |
| 36756 | 81 #define CLOCK_NOMINAL 30000 |
| 36757 | |
| 36758 | A 1% change in rate is 300 counts |
| 36759 | |
| 36760 | 82 #define CLOCK_ADJUST_COARSE 300 |
| 36761 | |
| 36762 | |
| 36763 | Family "2.0" TCG Published Page 535 |
| 36764 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 36765 | Trusted Platform Module Library Part 4: Supporting Routines |
| 36766 | |
| 36767 | |
| 36768 | A .1 change in rate is 30 counts |
| 36769 | |
| 36770 | 83 #define CLOCK_ADJUST_MEDIUM 30 |
| 36771 | |
| 36772 | A minimum change in rate is 1 count |
| 36773 | |
| 36774 | 84 #define CLOCK_ADJUST_FINE 1 |
| 36775 | |
| 36776 | The clock tolerance is +/-15% (4500 counts) Allow some guard band (16.7%) |
| 36777 | |
| 36778 | 85 #define CLOCK_ADJUST_LIMIT 5000 |
| 36779 | |
| 36780 | |
| 36781 | C.8.7.1. _plat__ClockReset() |
| 36782 | |
| 36783 | This function sets the current clock time as initial time. This function is called at a power on event to reset |
| 36784 | the clock |
| 36785 | |
| 36786 | 86 LIB_EXPORT void |
| 36787 | 87 _plat__ClockReset(void); |
| 36788 | |
| 36789 | |
| 36790 | C.8.7.2. _plat__ClockTimeFromStart() |
| 36791 | |
| 36792 | Function returns the compensated time from the start of the command when |
| 36793 | _plat__ClockTimeFromStart() was called. |
| 36794 | |
| 36795 | 88 LIB_EXPORT unsigned long long |
| 36796 | 89 _plat__ClockTimeFromStart( |
| 36797 | 90 void |
| 36798 | 91 ); |
| 36799 | |
| 36800 | |
| 36801 | C.8.7.3. _plat__ClockTimeElapsed() |
| 36802 | |
| 36803 | Get the time elapsed from current to the last time the _plat__ClockTimeElapsed() is called. For the first |
| 36804 | _plat__ClockTimeElapsed() call after a power on event, this call report the elapsed time from power on to |
| 36805 | the current call |
| 36806 | |
| 36807 | 92 LIB_EXPORT unsigned long long |
| 36808 | 93 _plat__ClockTimeElapsed(void); |
| 36809 | |
| 36810 | |
| 36811 | C.8.7.4. _plat__ClockAdjustRate() |
| 36812 | |
| 36813 | Adjust the clock rate |
| 36814 | |
| 36815 | 94 LIB_EXPORT void |
| 36816 | 95 _plat__ClockAdjustRate( |
| 36817 | 96 int adjust // IN: the adjust number. It could be |
| 36818 | 97 // positive or negative |
| 36819 | 98 ); |
| 36820 | |
| 36821 | |
| 36822 | |
| 36823 | |
| 36824 | Page 536 TCG Published Family "2.0" |
| 36825 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 36826 | Part 4: Supporting Routines Trusted Platform Module Library |
| 36827 | |
| 36828 | C.8.8. Single Function Files |
| 36829 | |
| 36830 | C.8.8.1. _plat__GetEntropy() |
| 36831 | |
| 36832 | This function is used to get available hardware entropy. In a hardware implementation of this function, |
| 36833 | there would be no call to the system to get entropy. If the caller does not ask for any entropy, then this is |
| 36834 | a startup indication and firstValue should be reset. |
| 36835 | |
| 36836 | Return Value Meaning |
| 36837 | |
| 36838 | <0 hardware failure of the entropy generator, this is sticky |
| 36839 | >= 0 the returned amount of entropy (bytes) |
| 36840 | |
| 36841 | 99 LIB_EXPORT int32_t |
| 36842 | 100 _plat__GetEntropy( |
| 36843 | 101 unsigned char *entropy, // output buffer |
| 36844 | 102 uint32_t amount // amount requested |
| 36845 | 103 ); |
| 36846 | 104 #endif |
| 36847 | |
| 36848 | |
| 36849 | |
| 36850 | |
| 36851 | Family "2.0" TCG Published Page 537 |
| 36852 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 36853 | Trusted Platform Module Library Part 4: Supporting Routines |
| 36854 | |
| 36855 | |
| 36856 | C.9 PlatformData.h |
| 36857 | |
| 36858 | This file contains the instance data for the Platform module. It is collected in this file so that the state of |
| 36859 | the module is easier to manage. |
| 36860 | |
| 36861 | 1 #ifndef _PLATFORM_DATA_H_ |
| 36862 | 2 #define _PLATFORM_DATA_H_ |
| 36863 | 3 #include "TpmBuildSwitches.h" |
| 36864 | 4 #include "Implementation.h" |
| 36865 | 5 #include "bool.h" |
| 36866 | |
| 36867 | From Cancel.c Cancel flag. It is initialized as FALSE, which indicate the command is not being canceled |
| 36868 | |
| 36869 | 6 extern BOOL s_isCanceled; |
| 36870 | |
| 36871 | From Clock.c This variable records the time when _plat__ClockReset() is called. This mechanism allow |
| 36872 | us to subtract the time when TPM is power off from the total time reported by clock() function |
| 36873 | |
| 36874 | 7 extern unsigned long long s_initClock; |
| 36875 | 8 extern unsigned int s_adjustRate; |
| 36876 | |
| 36877 | From LocalityPlat.c Locality of current command |
| 36878 | |
| 36879 | 9 extern unsigned char s_locality; |
| 36880 | |
| 36881 | From NVMem.c Choose if the NV memory should be backed by RAM or by file. If this macro is defined, |
| 36882 | then a file is used as NV. If it is not defined, then RAM is used to back NV memory. Comment out to use |
| 36883 | RAM. |
| 36884 | |
| 36885 | 10 #define FILE_BACKED_NV |
| 36886 | 11 #if defined FILE_BACKED_NV |
| 36887 | 12 #include <stdio.h> |
| 36888 | |
| 36889 | A file to emulate NV storage |
| 36890 | |
| 36891 | 13 extern FILE* s_NVFile; |
| 36892 | 14 #endif |
| 36893 | 15 extern unsigned char s_NV[NV_MEMORY_SIZE]; |
| 36894 | 16 extern BOOL s_NvIsAvailable; |
| 36895 | 17 extern BOOL s_NV_unrecoverable; |
| 36896 | 18 extern BOOL s_NV_recoverable; |
| 36897 | |
| 36898 | From PPPlat.c Physical presence. It is initialized to FALSE |
| 36899 | |
| 36900 | 19 extern BOOL s_physicalPresence; |
| 36901 | |
| 36902 | From Power |
| 36903 | |
| 36904 | 20 extern BOOL s_powerLost; |
| 36905 | |
| 36906 | From Entropy.c |
| 36907 | |
| 36908 | 21 extern uint32_t lastEntropy; |
| 36909 | 22 extern int firstValue; |
| 36910 | 23 #endif // _PLATFORM_DATA_H_ |
| 36911 | |
| 36912 | |
| 36913 | |
| 36914 | |
| 36915 | Page 538 TCG Published Family "2.0" |
| 36916 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 36917 | Part 4: Supporting Routines Trusted Platform Module Library |
| 36918 | |
| 36919 | |
| 36920 | C.10 PlatformData.c |
| 36921 | |
| 36922 | C.10.1. Description |
| 36923 | |
| 36924 | This file will instance the TPM variables that are not stack allocated. The descriptions for these variables |
| 36925 | is in Global.h for this project. |
| 36926 | |
| 36927 | C.10.2. Includes |
| 36928 | |
| 36929 | This include is required to set the NV memory size consistently across all parts of the implementation. |
| 36930 | |
| 36931 | 1 #include "Implementation.h" |
| 36932 | 2 #include "Platform.h" |
| 36933 | 3 #include "PlatformData.h" |
| 36934 | |
| 36935 | From Cancel.c |
| 36936 | |
| 36937 | 4 BOOL s_isCanceled; |
| 36938 | |
| 36939 | From Clock.c |
| 36940 | |
| 36941 | 5 unsigned long long s_initClock; |
| 36942 | 6 unsigned int s_adjustRate; |
| 36943 | |
| 36944 | From LocalityPlat.c |
| 36945 | |
| 36946 | 7 unsigned char s_locality; |
| 36947 | |
| 36948 | From Power.c |
| 36949 | |
| 36950 | 8 BOOL s_powerLost; |
| 36951 | |
| 36952 | From Entropy.c |
| 36953 | |
| 36954 | 9 uint32_t lastEntropy; |
| 36955 | 10 int firstValue; |
| 36956 | |
| 36957 | From NVMem.c |
| 36958 | |
| 36959 | 11 #ifdef VTPM |
| 36960 | 12 # undef FILE_BACKED_NV |
| 36961 | 13 #endif |
| 36962 | 14 #ifdef FILE_BACKED_NV |
| 36963 | 15 FILE *s_NVFile = NULL; |
| 36964 | 16 #endif |
| 36965 | 17 unsigned char s_NV[NV_MEMORY_SIZE]; |
| 36966 | 18 BOOL s_NvIsAvailable; |
| 36967 | 19 BOOL s_NV_unrecoverable; |
| 36968 | 20 BOOL s_NV_recoverable; |
| 36969 | |
| 36970 | From PPPlat.c |
| 36971 | |
| 36972 | 21 BOOL s_physicalPresence; |
| 36973 | |
| 36974 | |
| 36975 | |
| 36976 | |
| 36977 | Family "2.0" TCG Published Page 539 |
| 36978 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 36979 | Trusted Platform Module Library Part 4: Supporting Routines |
| 36980 | |
| 36981 | |
| 36982 | C.11 PPPlat.c |
| 36983 | |
| 36984 | C.11.1. Description |
| 36985 | |
| 36986 | This module simulates the physical present interface pins on the TPM. |
| 36987 | |
| 36988 | C.11.2. Includes |
| 36989 | |
| 36990 | 1 #include "PlatformData.h" |
| 36991 | |
| 36992 | |
| 36993 | C.11.3. Functions |
| 36994 | |
| 36995 | C.11.3.1. _plat__PhysicalPresenceAsserted() |
| 36996 | |
| 36997 | Check if physical presence is signaled |
| 36998 | |
| 36999 | Return Value Meaning |
| 37000 | |
| 37001 | TRUE if physical presence is signaled |
| 37002 | FALSE if physical presence is not signaled |
| 37003 | |
| 37004 | 2 LIB_EXPORT BOOL |
| 37005 | 3 _plat__PhysicalPresenceAsserted( |
| 37006 | 4 void |
| 37007 | 5 ) |
| 37008 | 6 { |
| 37009 | 7 // Do not know how to check physical presence without real hardware. |
| 37010 | 8 // so always return TRUE; |
| 37011 | 9 return s_physicalPresence; |
| 37012 | 10 } |
| 37013 | |
| 37014 | |
| 37015 | C.11.3.2. _plat__Signal_PhysicalPresenceOn() |
| 37016 | |
| 37017 | Signal physical presence on |
| 37018 | |
| 37019 | 11 LIB_EXPORT void |
| 37020 | 12 _plat__Signal_PhysicalPresenceOn( |
| 37021 | 13 void |
| 37022 | 14 ) |
| 37023 | 15 { |
| 37024 | 16 s_physicalPresence = TRUE; |
| 37025 | 17 return; |
| 37026 | 18 } |
| 37027 | |
| 37028 | |
| 37029 | C.11.3.3. _plat__Signal_PhysicalPresenceOff() |
| 37030 | |
| 37031 | Signal physical presence off |
| 37032 | |
| 37033 | 19 LIB_EXPORT void |
| 37034 | 20 _plat__Signal_PhysicalPresenceOff( |
| 37035 | 21 void |
| 37036 | 22 ) |
| 37037 | 23 { |
| 37038 | 24 s_physicalPresence = FALSE; |
| 37039 | 25 return; |
| 37040 | 26 } |
| 37041 | |
| 37042 | |
| 37043 | Page 540 TCG Published Family "2.0" |
| 37044 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 37045 | Part 4: Supporting Routines Trusted Platform Module Library |
| 37046 | |
| 37047 | |
| 37048 | C.12 Unique.c |
| 37049 | |
| 37050 | C.12.1. Introduction |
| 37051 | |
| 37052 | In some implementations of the TPM, the hardware can provide a secret value to the TPM. This secret |
| 37053 | value is statistically unique to the instance of the TPM. Typical uses of this value are to provide |
| 37054 | personalization to the random number generation and as a shared secret between the TPM and the |
| 37055 | manufacturer. |
| 37056 | |
| 37057 | C.12.2. Includes |
| 37058 | |
| 37059 | 1 #include "stdint.h" |
| 37060 | 2 #include "TpmBuildSwitches.h" |
| 37061 | 3 const char notReallyUnique[] = |
| 37062 | 4 "This is not really a unique value. A real unique value should" |
| 37063 | 5 " be generated by the platform."; |
| 37064 | |
| 37065 | |
| 37066 | C.12.3. _plat__GetUnique() |
| 37067 | |
| 37068 | This function is used to access the platform-specific unique value. This function places the unique value |
| 37069 | in the provided buffer (b) and returns the number of bytes transferred. The function will not copy more |
| 37070 | data than bSize. |
| 37071 | |
| 37072 | NOTE: If a platform unique value has unequal distribution of uniqueness and bSize is smaller than the size of the |
| 37073 | unique value, the bSize portion with the most uniqueness should be returned. |
| 37074 | |
| 37075 | 6 LIB_EXPORT uint32_t |
| 37076 | 7 _plat__GetUnique( |
| 37077 | 8 uint32_t which, // authorities (0) or details |
| 37078 | 9 uint32_t bSize, // size of the buffer |
| 37079 | 10 unsigned char *b // output buffer |
| 37080 | 11 ) |
| 37081 | 12 { |
| 37082 | 13 const char *from = notReallyUnique; |
| 37083 | 14 uint32_t retVal = 0; |
| 37084 | 15 |
| 37085 | 16 if(which == 0) // the authorities value |
| 37086 | 17 { |
| 37087 | 18 for(retVal = 0; |
| 37088 | 19 *from != 0 && retVal < bSize; |
| 37089 | 20 retVal++) |
| 37090 | 21 { |
| 37091 | 22 *b++ = *from++; |
| 37092 | 23 } |
| 37093 | 24 } |
| 37094 | 25 else |
| 37095 | 26 { |
| 37096 | 27 #define uSize sizeof(notReallyUnique) |
| 37097 | 28 b = &b[((bSize < uSize) ? bSize : uSize) - 1]; |
| 37098 | 29 for(retVal = 0; |
| 37099 | 30 *from != 0 && retVal < bSize; |
| 37100 | 31 retVal++) |
| 37101 | 32 { |
| 37102 | 33 *b-- = *from++; |
| 37103 | 34 } |
| 37104 | 35 } |
| 37105 | 36 return retVal; |
| 37106 | 37 } |
| 37107 | |
| 37108 | |
| 37109 | |
| 37110 | |
| 37111 | Family "2.0" TCG Published Page 541 |
| 37112 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 37113 | Trusted Platform Module Library Part 4: Supporting Routines |
| 37114 | |
| 37115 | |
| 37116 | Annex D |
| 37117 | (informative) |
| 37118 | Remote Procedure Interface |
| 37119 | |
| 37120 | D.1 Introduction |
| 37121 | |
| 37122 | These files provide an RPC interface for a TPM simulation. |
| 37123 | The simulation uses two ports: a command port and a hardware simulation port. Only TPM commands |
| 37124 | defined in TPM 2.0 Part 3 are sent to the TPM on the command port. The hardware simulation port is |
| 37125 | used to simulate hardware events such as power on/off and locality; and indications such as |
| 37126 | _TPM_HashStart. |
| 37127 | |
| 37128 | |
| 37129 | |
| 37130 | |
| 37131 | Page 542 TCG Published Family "2.0" |
| 37132 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 37133 | Part 4: Supporting Routines Trusted Platform Module Library |
| 37134 | |
| 37135 | |
| 37136 | |
| 37137 | D.2 TpmTcpProtocol.h |
| 37138 | |
| 37139 | D.2.1. Introduction |
| 37140 | |
| 37141 | TPM commands are communicated as BYTE streams on a TCP connection. The TPM command |
| 37142 | protocol is enveloped with the interface protocol described in this file. The command is indicated by a |
| 37143 | UINT32 with one of the values below. Most commands take no parameters return no TPM errors. In |
| 37144 | these cases the TPM interface protocol acknowledges that command processing is complete by returning |
| 37145 | a UINT32=0. The command TPM_SIGNAL_HASH_DATA takes a UINT32-prepended variable length |
| 37146 | BYTE array and the interface protocol acknowledges command completion with a UINT32=0. Most TPM |
| 37147 | commands are enveloped using the TPM_SEND_COMMAND interface command. The parameters are |
| 37148 | as indicated below. The interface layer also appends a UIN32=0 to the TPM response for regularity. |
| 37149 | |
| 37150 | D.2.2. Typedefs and Defines |
| 37151 | |
| 37152 | 1 #ifndef TCP_TPM_PROTOCOL_H |
| 37153 | 2 #define TCP_TPM_PROTOCOL_H |
| 37154 | |
| 37155 | TPM Commands. All commands acknowledge processing by returning a UINT32 == 0 except where |
| 37156 | noted |
| 37157 | |
| 37158 | 3 #define TPM_SIGNAL_POWER_ON 1 |
| 37159 | 4 #define TPM_SIGNAL_POWER_OFF 2 |
| 37160 | 5 #define TPM_SIGNAL_PHYS_PRES_ON 3 |
| 37161 | 6 #define TPM_SIGNAL_PHYS_PRES_OFF 4 |
| 37162 | 7 #define TPM_SIGNAL_HASH_START 5 |
| 37163 | 8 #define TPM_SIGNAL_HASH_DATA 6 |
| 37164 | 9 // {UINT32 BufferSize, BYTE[BufferSize] Buffer} |
| 37165 | 10 #define TPM_SIGNAL_HASH_END 7 |
| 37166 | 11 #define TPM_SEND_COMMAND 8 |
| 37167 | 12 // {BYTE Locality, UINT32 InBufferSize, BYTE[InBufferSize] InBuffer} -> |
| 37168 | 13 // {UINT32 OutBufferSize, BYTE[OutBufferSize] OutBuffer} |
| 37169 | 14 #define TPM_SIGNAL_CANCEL_ON 9 |
| 37170 | 15 #define TPM_SIGNAL_CANCEL_OFF 10 |
| 37171 | 16 #define TPM_SIGNAL_NV_ON 11 |
| 37172 | 17 #define TPM_SIGNAL_NV_OFF 12 |
| 37173 | 18 #define TPM_SIGNAL_KEY_CACHE_ON 13 |
| 37174 | 19 #define TPM_SIGNAL_KEY_CACHE_OFF 14 |
| 37175 | 20 #define TPM_REMOTE_HANDSHAKE 15 |
| 37176 | 21 #define TPM_SET_ALTERNATIVE_RESULT 16 |
| 37177 | 22 #define TPM_SIGNAL_RESET 17 |
| 37178 | 23 #define TPM_SESSION_END 20 |
| 37179 | 24 #define TPM_STOP 21 |
| 37180 | 25 #define TPM_GET_COMMAND_RESPONSE_SIZES 25 |
| 37181 | 26 #define TPM_TEST_FAILURE_MODE 30 |
| 37182 | 27 enum TpmEndPointInfo |
| 37183 | 28 { |
| 37184 | 29 tpmPlatformAvailable = 0x01, |
| 37185 | 30 tpmUsesTbs = 0x02, |
| 37186 | 31 tpmInRawMode = 0x04, |
| 37187 | 32 tpmSupportsPP = 0x08 |
| 37188 | 33 }; |
| 37189 | 34 |
| 37190 | 35 // Existing RPC interface type definitions retained so that the implementation |
| 37191 | 36 // can be re-used |
| 37192 | 37 typedef struct |
| 37193 | 38 { |
| 37194 | 39 unsigned long BufferSize; |
| 37195 | 40 unsigned char *Buffer; |
| 37196 | 41 } _IN_BUFFER; |
| 37197 | |
| 37198 | Family "2.0" TCG Published Page 543 |
| 37199 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 37200 | Trusted Platform Module Library Part 4: Supporting Routines |
| 37201 | |
| 37202 | 42 |
| 37203 | 43 typedef unsigned char *_OUTPUT_BUFFER; |
| 37204 | 44 |
| 37205 | 45 typedef struct |
| 37206 | 46 { |
| 37207 | 47 uint32_t BufferSize; |
| 37208 | 48 _OUTPUT_BUFFER Buffer; |
| 37209 | 49 } _OUT_BUFFER; |
| 37210 | 50 |
| 37211 | 51 //** TPM Command Function Prototypes |
| 37212 | 52 void _rpc__Signal_PowerOn(BOOL isReset); |
| 37213 | 53 void _rpc__Signal_PowerOff(); |
| 37214 | 54 void _rpc__ForceFailureMode(); |
| 37215 | 55 void _rpc__Signal_PhysicalPresenceOn(); |
| 37216 | 56 void _rpc__Signal_PhysicalPresenceOff(); |
| 37217 | 57 void _rpc__Signal_Hash_Start(); |
| 37218 | 58 void _rpc__Signal_Hash_Data( |
| 37219 | 59 _IN_BUFFER input |
| 37220 | 60 ); |
| 37221 | 61 void _rpc__Signal_HashEnd(); |
| 37222 | 62 void _rpc__Send_Command( |
| 37223 | 63 unsigned char locality, |
| 37224 | 64 _IN_BUFFER request, |
| 37225 | 65 _OUT_BUFFER *response |
| 37226 | 66 ); |
| 37227 | 67 void _rpc__Signal_CancelOn(); |
| 37228 | 68 void _rpc__Signal_CancelOff(); |
| 37229 | 69 void _rpc__Signal_NvOn(); |
| 37230 | 70 void _rpc__Signal_NvOff(); |
| 37231 | 71 BOOL _rpc__InjectEPS( |
| 37232 | 72 const char* seed, |
| 37233 | 73 int seedSize |
| 37234 | 74 ); |
| 37235 | |
| 37236 | start the TPM server on the indicated socket. The TPM is single-threaded and will accept connections |
| 37237 | first-come-first-served. Once a connection is dropped another client can connect. |
| 37238 | |
| 37239 | 75 BOOL TpmServer(SOCKET ServerSocket); |
| 37240 | 76 #endif |
| 37241 | |
| 37242 | |
| 37243 | |
| 37244 | |
| 37245 | Page 544 TCG Published Family "2.0" |
| 37246 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 37247 | Part 4: Supporting Routines Trusted Platform Module Library |
| 37248 | |
| 37249 | |
| 37250 | D.3 TcpServer.c |
| 37251 | |
| 37252 | D.3.1. Description |
| 37253 | |
| 37254 | This file contains the socket interface to a TPM simulator. |
| 37255 | |
| 37256 | D.3.2. Includes, Locals, Defines and Function Prototypes |
| 37257 | |
| 37258 | 1 #include <stdio.h> |
| 37259 | 2 #include <windows.h> |
| 37260 | 3 #include <winsock.h> |
| 37261 | 4 #include "string.h" |
| 37262 | 5 #include <stdlib.h> |
| 37263 | 6 #include <stdint.h> |
| 37264 | 7 #include "TpmTcpProtocol.h" |
| 37265 | 8 BOOL ReadBytes(SOCKET s, char* buffer, int NumBytes); |
| 37266 | 9 BOOL ReadVarBytes(SOCKET s, char* buffer, UINT32* BytesReceived, int MaxLen); |
| 37267 | 10 BOOL WriteVarBytes(SOCKET s, char *buffer, int BytesToSend); |
| 37268 | 11 BOOL WriteBytes(SOCKET s, char* buffer, int NumBytes); |
| 37269 | 12 BOOL WriteUINT32(SOCKET s, UINT32 val); |
| 37270 | 13 #ifndef __IGNORE_STATE__ |
| 37271 | 14 static UINT32 ServerVersion = 1; |
| 37272 | 15 #define MAX_BUFFER 1048576 |
| 37273 | 16 char InputBuffer[MAX_BUFFER]; //The input data buffer for the simulator. |
| 37274 | 17 char OutputBuffer[MAX_BUFFER]; //The output data buffer for the simulator. |
| 37275 | 18 struct { |
| 37276 | 19 UINT32 largestCommandSize; |
| 37277 | 20 UINT32 largestCommand; |
| 37278 | 21 UINT32 largestResponseSize; |
| 37279 | 22 UINT32 largestResponse; |
| 37280 | 23 } CommandResponseSizes = {0}; |
| 37281 | 24 #endif // __IGNORE_STATE___ |
| 37282 | |
| 37283 | |
| 37284 | D.3.3. Functions |
| 37285 | |
| 37286 | D.3.3.1. CreateSocket() |
| 37287 | |
| 37288 | This function creates a socket listening on PortNumber. |
| 37289 | |
| 37290 | 25 static int |
| 37291 | 26 CreateSocket( |
| 37292 | 27 int PortNumber, |
| 37293 | 28 SOCKET *listenSocket |
| 37294 | 29 ) |
| 37295 | 30 { |
| 37296 | 31 WSADATA wsaData; |
| 37297 | 32 struct sockaddr_in MyAddress; |
| 37298 | 33 |
| 37299 | 34 int res; |
| 37300 | 35 |
| 37301 | 36 // Initialize Winsock |
| 37302 | 37 res = WSAStartup(MAKEWORD(2,2), &wsaData); |
| 37303 | 38 if (res != 0) |
| 37304 | 39 { |
| 37305 | 40 printf("WSAStartup failed with error: %d\n", res); |
| 37306 | 41 return -1; |
| 37307 | 42 } |
| 37308 | 43 |
| 37309 | 44 // create listening socket |
| 37310 | 45 *listenSocket = socket(PF_INET, SOCK_STREAM, 0); |
| 37311 | |
| 37312 | |
| 37313 | Family "2.0" TCG Published Page 545 |
| 37314 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 37315 | Trusted Platform Module Library Part 4: Supporting Routines |
| 37316 | |
| 37317 | 46 if(INVALID_SOCKET == *listenSocket) |
| 37318 | 47 { |
| 37319 | 48 printf("Cannot create server listen socket. Error is 0x%x\n", |
| 37320 | 49 WSAGetLastError()); |
| 37321 | 50 return -1; |
| 37322 | 51 } |
| 37323 | 52 |
| 37324 | 53 // bind the listening socket to the specified port |
| 37325 | 54 ZeroMemory(&MyAddress, sizeof(MyAddress)); |
| 37326 | 55 MyAddress.sin_port=htons((short) PortNumber); |
| 37327 | 56 MyAddress.sin_family=AF_INET; |
| 37328 | 57 |
| 37329 | 58 res= bind(*listenSocket,(struct sockaddr*) &MyAddress,sizeof(MyAddress)); |
| 37330 | 59 if(res==SOCKET_ERROR) |
| 37331 | 60 { |
| 37332 | 61 printf("Bind error. Error is 0x%x\n", WSAGetLastError()); |
| 37333 | 62 return -1; |
| 37334 | 63 }; |
| 37335 | 64 |
| 37336 | 65 // listen/wait for server connections |
| 37337 | 66 res= listen(*listenSocket,3); |
| 37338 | 67 if(res==SOCKET_ERROR) |
| 37339 | 68 { |
| 37340 | 69 printf("Listen error. Error is 0x%x\n", WSAGetLastError()); |
| 37341 | 70 return -1; |
| 37342 | 71 }; |
| 37343 | 72 |
| 37344 | 73 return 0; |
| 37345 | 74 } |
| 37346 | |
| 37347 | |
| 37348 | D.3.3.2. PlatformServer() |
| 37349 | |
| 37350 | This function processes incoming platform requests. |
| 37351 | |
| 37352 | 75 BOOL |
| 37353 | 76 PlatformServer( |
| 37354 | 77 SOCKET s |
| 37355 | 78 ) |
| 37356 | 79 { |
| 37357 | 80 BOOL ok = TRUE; |
| 37358 | 81 UINT32 length = 0; |
| 37359 | 82 UINT32 Command; |
| 37360 | 83 |
| 37361 | 84 for(;;) |
| 37362 | 85 { |
| 37363 | 86 ok = ReadBytes(s, (char*) &Command, 4); |
| 37364 | 87 // client disconnected (or other error). We stop processing this client |
| 37365 | 88 // and return to our caller who can stop the server or listen for another |
| 37366 | 89 // connection. |
| 37367 | 90 if(!ok) return TRUE; |
| 37368 | 91 Command = ntohl(Command); |
| 37369 | 92 switch(Command) |
| 37370 | 93 { |
| 37371 | 94 case TPM_SIGNAL_POWER_ON: |
| 37372 | 95 _rpc__Signal_PowerOn(FALSE); |
| 37373 | 96 break; |
| 37374 | 97 |
| 37375 | 98 case TPM_SIGNAL_POWER_OFF: |
| 37376 | 99 _rpc__Signal_PowerOff(); |
| 37377 | 100 break; |
| 37378 | 101 |
| 37379 | 102 case TPM_SIGNAL_RESET: |
| 37380 | 103 _rpc__Signal_PowerOn(TRUE); |
| 37381 | 104 break; |
| 37382 | |
| 37383 | |
| 37384 | Page 546 TCG Published Family "2.0" |
| 37385 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 37386 | Part 4: Supporting Routines Trusted Platform Module Library |
| 37387 | |
| 37388 | 105 |
| 37389 | 106 case TPM_SIGNAL_PHYS_PRES_ON: |
| 37390 | 107 _rpc__Signal_PhysicalPresenceOn(); |
| 37391 | 108 break; |
| 37392 | 109 |
| 37393 | 110 case TPM_SIGNAL_PHYS_PRES_OFF: |
| 37394 | 111 _rpc__Signal_PhysicalPresenceOff(); |
| 37395 | 112 break; |
| 37396 | 113 |
| 37397 | 114 case TPM_SIGNAL_CANCEL_ON: |
| 37398 | 115 _rpc__Signal_CancelOn(); |
| 37399 | 116 break; |
| 37400 | 117 |
| 37401 | 118 case TPM_SIGNAL_CANCEL_OFF: |
| 37402 | 119 _rpc__Signal_CancelOff(); |
| 37403 | 120 break; |
| 37404 | 121 |
| 37405 | 122 case TPM_SIGNAL_NV_ON: |
| 37406 | 123 _rpc__Signal_NvOn(); |
| 37407 | 124 break; |
| 37408 | 125 |
| 37409 | 126 case TPM_SIGNAL_NV_OFF: |
| 37410 | 127 _rpc__Signal_NvOff(); |
| 37411 | 128 break; |
| 37412 | 129 |
| 37413 | 130 case TPM_SESSION_END: |
| 37414 | 131 // Client signaled end-of-session |
| 37415 | 132 return TRUE; |
| 37416 | 133 |
| 37417 | 134 case TPM_STOP: |
| 37418 | 135 // Client requested the simulator to exit |
| 37419 | 136 return FALSE; |
| 37420 | 137 |
| 37421 | 138 case TPM_TEST_FAILURE_MODE: |
| 37422 | 139 _rpc__ForceFailureMode(); |
| 37423 | 140 break; |
| 37424 | 141 |
| 37425 | 142 case TPM_GET_COMMAND_RESPONSE_SIZES: |
| 37426 | 143 ok = WriteVarBytes(s, (char *)&CommandResponseSizes, |
| 37427 | 144 sizeof(CommandResponseSizes)); |
| 37428 | 145 memset(&CommandResponseSizes, 0, sizeof(CommandResponseSizes)); |
| 37429 | 146 if(!ok) |
| 37430 | 147 return TRUE; |
| 37431 | 148 break; |
| 37432 | 149 |
| 37433 | 150 default: |
| 37434 | 151 printf("Unrecognized platform interface command %d\n", Command); |
| 37435 | 152 WriteUINT32(s, 1); |
| 37436 | 153 return TRUE; |
| 37437 | 154 } |
| 37438 | 155 WriteUINT32(s,0); |
| 37439 | 156 } |
| 37440 | 157 return FALSE; |
| 37441 | 158 } |
| 37442 | |
| 37443 | |
| 37444 | D.3.3.3. PlatformSvcRoutine() |
| 37445 | |
| 37446 | This function is called to set up the socket interfaces to listen for commands. |
| 37447 | |
| 37448 | 159 DWORD WINAPI |
| 37449 | 160 PlatformSvcRoutine( |
| 37450 | 161 LPVOID port |
| 37451 | 162 ) |
| 37452 | 163 { |
| 37453 | |
| 37454 | |
| 37455 | Family "2.0" TCG Published Page 547 |
| 37456 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 37457 | Trusted Platform Module Library Part 4: Supporting Routines |
| 37458 | |
| 37459 | 164 int PortNumber = (int)(INT_PTR) port; |
| 37460 | 165 SOCKET listenSocket, serverSocket; |
| 37461 | 166 struct sockaddr_in HerAddress; |
| 37462 | 167 int res; |
| 37463 | 168 int length; |
| 37464 | 169 BOOL continueServing; |
| 37465 | 170 |
| 37466 | 171 res = CreateSocket(PortNumber, &listenSocket); |
| 37467 | 172 if(res != 0) |
| 37468 | 173 { |
| 37469 | 174 printf("Create platform service socket fail\n"); |
| 37470 | 175 return res; |
| 37471 | 176 } |
| 37472 | 177 |
| 37473 | 178 // Loop accepting connections one-by-one until we are killed or asked to stop |
| 37474 | 179 // Note the platform service is single-threaded so we don't listen for a new |
| 37475 | 180 // connection until the prior connection drops. |
| 37476 | 181 do |
| 37477 | 182 { |
| 37478 | 183 printf("Platform server listening on port %d\n", PortNumber); |
| 37479 | 184 |
| 37480 | 185 // blocking accept |
| 37481 | 186 length = sizeof(HerAddress); |
| 37482 | 187 serverSocket = accept(listenSocket, |
| 37483 | 188 (struct sockaddr*) &HerAddress, |
| 37484 | 189 &length); |
| 37485 | 190 if(serverSocket == SOCKET_ERROR) |
| 37486 | 191 { |
| 37487 | 192 printf("Accept error. Error is 0x%x\n", WSAGetLastError()); |
| 37488 | 193 return -1; |
| 37489 | 194 }; |
| 37490 | 195 printf("Client accepted\n"); |
| 37491 | 196 |
| 37492 | 197 // normal behavior on client disconnection is to wait for a new client |
| 37493 | 198 // to connect |
| 37494 | 199 continueServing = PlatformServer(serverSocket); |
| 37495 | 200 closesocket(serverSocket); |
| 37496 | 201 } |
| 37497 | 202 while(continueServing); |
| 37498 | 203 |
| 37499 | 204 return 0; |
| 37500 | 205 } |
| 37501 | |
| 37502 | |
| 37503 | D.3.3.4. PlatformSignalService() |
| 37504 | |
| 37505 | This function starts a new thread waiting for platform signals. Platform signals are processed one at a |
| 37506 | time in the order in which they are received. |
| 37507 | |
| 37508 | 206 int |
| 37509 | 207 PlatformSignalService( |
| 37510 | 208 int PortNumber |
| 37511 | 209 ) |
| 37512 | 210 { |
| 37513 | 211 HANDLE hPlatformSvc; |
| 37514 | 212 int ThreadId; |
| 37515 | 213 int port = PortNumber; |
| 37516 | 214 |
| 37517 | 215 // Create service thread for platform signals |
| 37518 | 216 hPlatformSvc = CreateThread(NULL, 0, |
| 37519 | 217 (LPTHREAD_START_ROUTINE)PlatformSvcRoutine, |
| 37520 | 218 (LPVOID) (INT_PTR) port, 0, (LPDWORD)&ThreadId); |
| 37521 | 219 if(hPlatformSvc == NULL) |
| 37522 | 220 { |
| 37523 | 221 printf("Thread Creation failed\n"); |
| 37524 | |
| 37525 | Page 548 TCG Published Family "2.0" |
| 37526 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 37527 | Part 4: Supporting Routines Trusted Platform Module Library |
| 37528 | |
| 37529 | 222 return -1; |
| 37530 | 223 } |
| 37531 | 224 |
| 37532 | 225 return 0; |
| 37533 | 226 } |
| 37534 | |
| 37535 | |
| 37536 | D.3.3.5. RegularCommandService() |
| 37537 | |
| 37538 | This funciton services regular commands. |
| 37539 | |
| 37540 | 227 int |
| 37541 | 228 RegularCommandService( |
| 37542 | 229 int PortNumber |
| 37543 | 230 ) |
| 37544 | 231 { |
| 37545 | 232 SOCKET listenSocket; |
| 37546 | 233 SOCKET serverSocket; |
| 37547 | 234 struct sockaddr_in HerAddress; |
| 37548 | 235 |
| 37549 | 236 int res, length; |
| 37550 | 237 BOOL continueServing; |
| 37551 | 238 |
| 37552 | 239 res = CreateSocket(PortNumber, &listenSocket); |
| 37553 | 240 if(res != 0) |
| 37554 | 241 { |
| 37555 | 242 printf("Create platform service socket fail\n"); |
| 37556 | 243 return res; |
| 37557 | 244 } |
| 37558 | 245 |
| 37559 | 246 // Loop accepting connections one-by-one until we are killed or asked to stop |
| 37560 | 247 // Note the TPM command service is single-threaded so we don't listen for |
| 37561 | 248 // a new connection until the prior connection drops. |
| 37562 | 249 do |
| 37563 | 250 { |
| 37564 | 251 printf("TPM command server listening on port %d\n", PortNumber); |
| 37565 | 252 |
| 37566 | 253 // blocking accept |
| 37567 | 254 length = sizeof(HerAddress); |
| 37568 | 255 serverSocket = accept(listenSocket, |
| 37569 | 256 (struct sockaddr*) &HerAddress, |
| 37570 | 257 &length); |
| 37571 | 258 if(serverSocket ==SOCKET_ERROR) |
| 37572 | 259 { |
| 37573 | 260 printf("Accept error. Error is 0x%x\n", WSAGetLastError()); |
| 37574 | 261 return -1; |
| 37575 | 262 }; |
| 37576 | 263 printf("Client accepted\n"); |
| 37577 | 264 |
| 37578 | 265 // normal behavior on client disconnection is to wait for a new client |
| 37579 | 266 // to connect |
| 37580 | 267 continueServing = TpmServer(serverSocket); |
| 37581 | 268 closesocket(serverSocket); |
| 37582 | 269 } |
| 37583 | 270 while(continueServing); |
| 37584 | 271 |
| 37585 | 272 return 0; |
| 37586 | 273 } |
| 37587 | |
| 37588 | |
| 37589 | D.3.3.6. StartTcpServer() |
| 37590 | |
| 37591 | Main entry-point to the TCP server. The server listens on port specified. Note that there is no way to |
| 37592 | specify the network interface in this implementation. |
| 37593 | |
| 37594 | |
| 37595 | Family "2.0" TCG Published Page 549 |
| 37596 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 37597 | Trusted Platform Module Library Part 4: Supporting Routines |
| 37598 | |
| 37599 | 274 int |
| 37600 | 275 StartTcpServer( |
| 37601 | 276 int PortNumber |
| 37602 | 277 ) |
| 37603 | 278 { |
| 37604 | 279 int res; |
| 37605 | 280 |
| 37606 | 281 // Start Platform Signal Processing Service |
| 37607 | 282 res = PlatformSignalService(PortNumber+1); |
| 37608 | 283 if (res != 0) |
| 37609 | 284 { |
| 37610 | 285 printf("PlatformSignalService failed\n"); |
| 37611 | 286 return res; |
| 37612 | 287 } |
| 37613 | 288 |
| 37614 | 289 // Start Regular/DRTM TPM command service |
| 37615 | 290 res = RegularCommandService(PortNumber); |
| 37616 | 291 if (res != 0) |
| 37617 | 292 { |
| 37618 | 293 printf("RegularCommandService failed\n"); |
| 37619 | 294 return res; |
| 37620 | 295 } |
| 37621 | 296 |
| 37622 | 297 return 0; |
| 37623 | 298 } |
| 37624 | |
| 37625 | |
| 37626 | D.3.3.7. ReadBytes() |
| 37627 | |
| 37628 | This function reads the indicated number of bytes (NumBytes) into buffer from the indicated socket. |
| 37629 | |
| 37630 | 299 BOOL |
| 37631 | 300 ReadBytes( |
| 37632 | 301 SOCKET s, |
| 37633 | 302 char *buffer, |
| 37634 | 303 int NumBytes |
| 37635 | 304 ) |
| 37636 | 305 { |
| 37637 | 306 int res; |
| 37638 | 307 int numGot = 0; |
| 37639 | 308 |
| 37640 | 309 while(numGot<NumBytes) |
| 37641 | 310 { |
| 37642 | 311 res = recv(s, buffer+numGot, NumBytes-numGot, 0); |
| 37643 | 312 if(res == -1) |
| 37644 | 313 { |
| 37645 | 314 printf("Receive error. Error is 0x%x\n", WSAGetLastError()); |
| 37646 | 315 return FALSE; |
| 37647 | 316 } |
| 37648 | 317 if(res==0) |
| 37649 | 318 { |
| 37650 | 319 return FALSE; |
| 37651 | 320 } |
| 37652 | 321 numGot+=res; |
| 37653 | 322 } |
| 37654 | 323 return TRUE; |
| 37655 | 324 } |
| 37656 | |
| 37657 | |
| 37658 | D.3.3.8. WriteBytes() |
| 37659 | |
| 37660 | This function will send the indicated number of bytes (NumBytes) to the indicated socket |
| 37661 | |
| 37662 | 325 BOOL |
| 37663 | 326 WriteBytes( |
| 37664 | |
| 37665 | Page 550 TCG Published Family "2.0" |
| 37666 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 37667 | Part 4: Supporting Routines Trusted Platform Module Library |
| 37668 | |
| 37669 | 327 SOCKET s, |
| 37670 | 328 char *buffer, |
| 37671 | 329 int NumBytes |
| 37672 | 330 ) |
| 37673 | 331 { |
| 37674 | 332 int res; |
| 37675 | 333 int numSent = 0; |
| 37676 | 334 while(numSent<NumBytes) |
| 37677 | 335 { |
| 37678 | 336 res = send(s, buffer+numSent, NumBytes-numSent, 0); |
| 37679 | 337 if(res == -1) |
| 37680 | 338 { |
| 37681 | 339 if(WSAGetLastError() == 0x2745) |
| 37682 | 340 { |
| 37683 | 341 printf("Client disconnected\n"); |
| 37684 | 342 } |
| 37685 | 343 else |
| 37686 | 344 { |
| 37687 | 345 printf("Send error. Error is 0x%x\n", WSAGetLastError()); |
| 37688 | 346 } |
| 37689 | 347 return FALSE; |
| 37690 | 348 } |
| 37691 | 349 numSent+=res; |
| 37692 | 350 } |
| 37693 | 351 return TRUE; |
| 37694 | 352 } |
| 37695 | |
| 37696 | |
| 37697 | D.3.3.9. WriteUINT32() |
| 37698 | |
| 37699 | Send 4 bytes containing hton(1) |
| 37700 | |
| 37701 | 353 BOOL |
| 37702 | 354 WriteUINT32( |
| 37703 | 355 SOCKET s, |
| 37704 | 356 UINT32 val |
| 37705 | 357 ) |
| 37706 | 358 { |
| 37707 | 359 UINT32 netVal = htonl(val); |
| 37708 | 360 return WriteBytes(s, (char*) &netVal, 4); |
| 37709 | 361 } |
| 37710 | |
| 37711 | |
| 37712 | D.3.3.10. ReadVarBytes() |
| 37713 | |
| 37714 | Get a UINT32-length-prepended binary array. Note that the 4-byte length is in network byte order (big- |
| 37715 | endian). |
| 37716 | |
| 37717 | 362 BOOL |
| 37718 | 363 ReadVarBytes( |
| 37719 | 364 SOCKET s, |
| 37720 | 365 char *buffer, |
| 37721 | 366 UINT32 *BytesReceived, |
| 37722 | 367 int MaxLen |
| 37723 | 368 ) |
| 37724 | 369 { |
| 37725 | 370 int length; |
| 37726 | 371 BOOL res; |
| 37727 | 372 |
| 37728 | 373 res = ReadBytes(s, (char*) &length, 4); |
| 37729 | 374 if(!res) return res; |
| 37730 | 375 length = ntohl(length); |
| 37731 | 376 *BytesReceived = length; |
| 37732 | 377 if(length>MaxLen) |
| 37733 | 378 { |
| 37734 | |
| 37735 | Family "2.0" TCG Published Page 551 |
| 37736 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 37737 | Trusted Platform Module Library Part 4: Supporting Routines |
| 37738 | |
| 37739 | 379 printf("Buffer too big. Client says %d\n", length); |
| 37740 | 380 return FALSE; |
| 37741 | 381 } |
| 37742 | 382 if(length==0) return TRUE; |
| 37743 | 383 res = ReadBytes(s, buffer, length); |
| 37744 | 384 if(!res) return res; |
| 37745 | 385 return TRUE; |
| 37746 | 386 } |
| 37747 | |
| 37748 | |
| 37749 | D.3.3.11. WriteVarBytes() |
| 37750 | |
| 37751 | Send a UINT32-length-prepended binary array. Note that the 4-byte length is in network byte order (big- |
| 37752 | endian). |
| 37753 | |
| 37754 | 387 BOOL |
| 37755 | 388 WriteVarBytes( |
| 37756 | 389 SOCKET s, |
| 37757 | 390 char *buffer, |
| 37758 | 391 int BytesToSend |
| 37759 | 392 ) |
| 37760 | 393 { |
| 37761 | 394 UINT32 netLength = htonl(BytesToSend); |
| 37762 | 395 BOOL res; |
| 37763 | 396 |
| 37764 | 397 res = WriteBytes(s, (char*) &netLength, 4); |
| 37765 | 398 if(!res) return res; |
| 37766 | 399 res = WriteBytes(s, buffer, BytesToSend); |
| 37767 | 400 if(!res) return res; |
| 37768 | 401 return TRUE; |
| 37769 | 402 } |
| 37770 | |
| 37771 | |
| 37772 | D.3.3.12. TpmServer() |
| 37773 | |
| 37774 | Processing incoming TPM command requests using the protocol / interface defined above. |
| 37775 | |
| 37776 | 403 BOOL |
| 37777 | 404 TpmServer( |
| 37778 | 405 SOCKET s |
| 37779 | 406 ) |
| 37780 | 407 { |
| 37781 | 408 UINT32 length; |
| 37782 | 409 UINT32 Command; |
| 37783 | 410 BYTE locality; |
| 37784 | 411 BOOL ok; |
| 37785 | 412 int result; |
| 37786 | 413 int clientVersion; |
| 37787 | 414 _IN_BUFFER InBuffer; |
| 37788 | 415 _OUT_BUFFER OutBuffer; |
| 37789 | 416 |
| 37790 | 417 for(;;) |
| 37791 | 418 { |
| 37792 | 419 ok = ReadBytes(s, (char*) &Command, 4); |
| 37793 | 420 // client disconnected (or other error). We stop processing this client |
| 37794 | 421 // and return to our caller who can stop the server or listen for another |
| 37795 | 422 // connection. |
| 37796 | 423 if(!ok) |
| 37797 | 424 return TRUE; |
| 37798 | 425 Command = ntohl(Command); |
| 37799 | 426 switch(Command) |
| 37800 | 427 { |
| 37801 | 428 case TPM_SIGNAL_HASH_START: |
| 37802 | 429 _rpc__Signal_Hash_Start(); |
| 37803 | 430 break; |
| 37804 | |
| 37805 | Page 552 TCG Published Family "2.0" |
| 37806 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 37807 | Part 4: Supporting Routines Trusted Platform Module Library |
| 37808 | |
| 37809 | 431 |
| 37810 | 432 case TPM_SIGNAL_HASH_END: |
| 37811 | 433 _rpc__Signal_HashEnd(); |
| 37812 | 434 break; |
| 37813 | 435 |
| 37814 | 436 case TPM_SIGNAL_HASH_DATA: |
| 37815 | 437 ok = ReadVarBytes(s, InputBuffer, &length, MAX_BUFFER); |
| 37816 | 438 if(!ok) return TRUE; |
| 37817 | 439 InBuffer.Buffer = (BYTE*) InputBuffer; |
| 37818 | 440 InBuffer.BufferSize = length; |
| 37819 | 441 _rpc__Signal_Hash_Data(InBuffer); |
| 37820 | 442 break; |
| 37821 | 443 |
| 37822 | 444 case TPM_SEND_COMMAND: |
| 37823 | 445 ok = ReadBytes(s, (char*) &locality, 1); |
| 37824 | 446 if(!ok) |
| 37825 | 447 return TRUE; |
| 37826 | 448 |
| 37827 | 449 ok = ReadVarBytes(s, InputBuffer, &length, MAX_BUFFER); |
| 37828 | 450 if(!ok) |
| 37829 | 451 return TRUE; |
| 37830 | 452 InBuffer.Buffer = (BYTE*) InputBuffer; |
| 37831 | 453 InBuffer.BufferSize = length; |
| 37832 | 454 OutBuffer.BufferSize = MAX_BUFFER; |
| 37833 | 455 OutBuffer.Buffer = (_OUTPUT_BUFFER) OutputBuffer; |
| 37834 | 456 // record the number of bytes in the command if it is the largest |
| 37835 | 457 // we have seen so far. |
| 37836 | 458 if(InBuffer.BufferSize > CommandResponseSizes.largestCommandSize) |
| 37837 | 459 { |
| 37838 | 460 CommandResponseSizes.largestCommandSize = InBuffer.BufferSize; |
| 37839 | 461 memcpy(&CommandResponseSizes.largestCommand, |
| 37840 | 462 &InputBuffer[6], sizeof(UINT32)); |
| 37841 | 463 } |
| 37842 | 464 |
| 37843 | 465 _rpc__Send_Command(locality, InBuffer, &OutBuffer); |
| 37844 | 466 // record the number of bytes in the response if it is the largest |
| 37845 | 467 // we have seen so far. |
| 37846 | 468 if(OutBuffer.BufferSize > CommandResponseSizes.largestResponseSize) |
| 37847 | 469 { |
| 37848 | 470 CommandResponseSizes.largestResponseSize |
| 37849 | 471 = OutBuffer.BufferSize; |
| 37850 | 472 memcpy(&CommandResponseSizes.largestResponse, |
| 37851 | 473 &OutputBuffer[6], sizeof(UINT32)); |
| 37852 | 474 } |
| 37853 | 475 ok = WriteVarBytes(s, |
| 37854 | 476 (char*) OutBuffer.Buffer, |
| 37855 | 477 OutBuffer.BufferSize); |
| 37856 | 478 if(!ok) |
| 37857 | 479 return TRUE; |
| 37858 | 480 break; |
| 37859 | 481 |
| 37860 | 482 case TPM_REMOTE_HANDSHAKE: |
| 37861 | 483 ok = ReadBytes(s, (char*)&clientVersion, 4); |
| 37862 | 484 if(!ok) |
| 37863 | 485 return TRUE; |
| 37864 | 486 if( clientVersion == 0 ) |
| 37865 | 487 { |
| 37866 | 488 printf("Unsupported client version (0).\n"); |
| 37867 | 489 return TRUE; |
| 37868 | 490 } |
| 37869 | 491 ok &= WriteUINT32(s, ServerVersion); |
| 37870 | 492 ok &= WriteUINT32(s, |
| 37871 | 493 tpmInRawMode | tpmPlatformAvailable | tpmSupportsPP); |
| 37872 | 494 break; |
| 37873 | 495 |
| 37874 | 496 case TPM_SET_ALTERNATIVE_RESULT: |
| 37875 | |
| 37876 | Family "2.0" TCG Published Page 553 |
| 37877 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 37878 | Trusted Platform Module Library Part 4: Supporting Routines |
| 37879 | |
| 37880 | 497 ok = ReadBytes(s, (char*)&result, 4); |
| 37881 | 498 if(!ok) |
| 37882 | 499 return TRUE; |
| 37883 | 500 // Alternative result is not applicable to the simulator. |
| 37884 | 501 break; |
| 37885 | 502 |
| 37886 | 503 case TPM_SESSION_END: |
| 37887 | 504 // Client signaled end-of-session |
| 37888 | 505 return TRUE; |
| 37889 | 506 |
| 37890 | 507 case TPM_STOP: |
| 37891 | 508 // Client requested the simulator to exit |
| 37892 | 509 return FALSE; |
| 37893 | 510 default: |
| 37894 | 511 printf("Unrecognized TPM interface command %d\n", Command); |
| 37895 | 512 return TRUE; |
| 37896 | 513 } |
| 37897 | 514 ok = WriteUINT32(s,0); |
| 37898 | 515 if(!ok) |
| 37899 | 516 return TRUE; |
| 37900 | 517 } |
| 37901 | 518 return FALSE; |
| 37902 | 519 } |
| 37903 | |
| 37904 | |
| 37905 | |
| 37906 | |
| 37907 | Page 554 TCG Published Family "2.0" |
| 37908 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 37909 | Part 4: Supporting Routines Trusted Platform Module Library |
| 37910 | |
| 37911 | |
| 37912 | D.4 TPMCmdp.c |
| 37913 | |
| 37914 | D.4.1. Description |
| 37915 | |
| 37916 | This file contains the functions that process the commands received on the control port or the command |
| 37917 | port of the simulator. The control port is used to allow simulation of hardware events (such as, |
| 37918 | _TPM_Hash_Start()) to test the simulated TPM's reaction to those events. This improves code coverage |
| 37919 | of the testing. |
| 37920 | |
| 37921 | D.4.2. Includes and Data Definitions |
| 37922 | |
| 37923 | 1 #define _SWAP_H // Preclude inclusion of unnecessary simulator header |
| 37924 | 2 #include <stdlib.h> |
| 37925 | 3 #include <stdio.h> |
| 37926 | 4 #include <stdint.h> |
| 37927 | 5 #include <setjmp.h> |
| 37928 | 6 #include "bool.h" |
| 37929 | 7 #include "Platform.h" |
| 37930 | 8 #include "ExecCommand_fp.h" |
| 37931 | 9 #include "Manufacture_fp.h" |
| 37932 | 10 #include "DRTM_fp.h" |
| 37933 | 11 #include "_TPM_Init_fp.h" |
| 37934 | 12 #include "TpmFail_fp.h" |
| 37935 | 13 #include <windows.h> |
| 37936 | 14 #include "TpmTcpProtocol.h" |
| 37937 | 15 static BOOL s_isPowerOn = FALSE; |
| 37938 | |
| 37939 | |
| 37940 | D.4.3. Functions |
| 37941 | |
| 37942 | D.4.3.1. Signal_PowerOn() |
| 37943 | |
| 37944 | This function processes a power-on indicataion. Amoung other things, it calls the _TPM_Init() hangler. |
| 37945 | |
| 37946 | 16 void |
| 37947 | 17 _rpc__Signal_PowerOn( |
| 37948 | 18 BOOL isReset |
| 37949 | 19 ) |
| 37950 | 20 { |
| 37951 | 21 // if power is on and this is not a call to do TPM reset then return |
| 37952 | 22 if(s_isPowerOn && !isReset) |
| 37953 | 23 return; |
| 37954 | 24 |
| 37955 | 25 // If this is a reset but power is not on, then return |
| 37956 | 26 if(isReset && !s_isPowerOn) |
| 37957 | 27 return; |
| 37958 | 28 |
| 37959 | 29 // Pass power on signal to platform |
| 37960 | 30 if(isReset) |
| 37961 | 31 _plat__Signal_Reset(); |
| 37962 | 32 else |
| 37963 | 33 _plat__Signal_PowerOn(); |
| 37964 | 34 |
| 37965 | 35 // Pass power on signal to TPM |
| 37966 | 36 _TPM_Init(); |
| 37967 | 37 |
| 37968 | 38 // Set state as power on |
| 37969 | 39 s_isPowerOn = TRUE; |
| 37970 | 40 } |
| 37971 | |
| 37972 | |
| 37973 | |
| 37974 | Family "2.0" TCG Published Page 555 |
| 37975 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 37976 | Trusted Platform Module Library Part 4: Supporting Routines |
| 37977 | |
| 37978 | D.4.3.2. Signal_PowerOff() |
| 37979 | |
| 37980 | This function processes the power off indication. Its primary funtion is to set a flag indicating that the next |
| 37981 | power on indication should cause _TPM_Init() to be called. |
| 37982 | |
| 37983 | 41 void |
| 37984 | 42 _rpc__Signal_PowerOff( |
| 37985 | 43 void |
| 37986 | 44 ) |
| 37987 | 45 { |
| 37988 | 46 if(!s_isPowerOn) return; |
| 37989 | 47 |
| 37990 | 48 // Pass power off signal to platform |
| 37991 | 49 _plat__Signal_PowerOff(); |
| 37992 | 50 |
| 37993 | 51 s_isPowerOn = FALSE; |
| 37994 | 52 |
| 37995 | 53 return; |
| 37996 | 54 } |
| 37997 | |
| 37998 | |
| 37999 | D.4.3.3. _rpc__ForceFailureMode() |
| 38000 | |
| 38001 | This function is used to debug the Failure Mode logic of the TPM. It will set a flag in the TPM code such |
| 38002 | that the next call to TPM2_SelfTest() will result in a failure, putting the TPM into Failure Mode. |
| 38003 | |
| 38004 | 55 void |
| 38005 | 56 _rpc__ForceFailureMode( |
| 38006 | 57 void |
| 38007 | 58 ) |
| 38008 | 59 { |
| 38009 | 60 SetForceFailureMode(); |
| 38010 | 61 } |
| 38011 | |
| 38012 | |
| 38013 | D.4.3.4. _rpc__Signal_PhysicalPresenceOn() |
| 38014 | |
| 38015 | This function is called to simulate activation of the physical presence pin. |
| 38016 | |
| 38017 | 62 void |
| 38018 | 63 _rpc__Signal_PhysicalPresenceOn( |
| 38019 | 64 void |
| 38020 | 65 ) |
| 38021 | 66 { |
| 38022 | 67 // If TPM is power off, reject this signal |
| 38023 | 68 if(!s_isPowerOn) return; |
| 38024 | 69 |
| 38025 | 70 // Pass physical presence on to platform |
| 38026 | 71 _plat__Signal_PhysicalPresenceOn(); |
| 38027 | 72 |
| 38028 | 73 return; |
| 38029 | 74 } |
| 38030 | |
| 38031 | |
| 38032 | D.4.3.5. _rpc__Signal_PhysicalPresenceOff() |
| 38033 | |
| 38034 | This function is called to simulate deactivation of the physical presence pin. |
| 38035 | |
| 38036 | 75 void |
| 38037 | 76 _rpc__Signal_PhysicalPresenceOff( |
| 38038 | 77 void |
| 38039 | 78 ) |
| 38040 | 79 { |
| 38041 | |
| 38042 | Page 556 TCG Published Family "2.0" |
| 38043 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 38044 | Part 4: Supporting Routines Trusted Platform Module Library |
| 38045 | |
| 38046 | 80 // If TPM is power off, reject this signal |
| 38047 | 81 if(!s_isPowerOn) return; |
| 38048 | 82 |
| 38049 | 83 // Pass physical presence off to platform |
| 38050 | 84 _plat__Signal_PhysicalPresenceOff(); |
| 38051 | 85 |
| 38052 | 86 return; |
| 38053 | 87 } |
| 38054 | |
| 38055 | |
| 38056 | D.4.3.6. _rpc__Signal_Hash_Start() |
| 38057 | |
| 38058 | This function is called to simulate a _TPM_Hash_Start() event. It will call |
| 38059 | |
| 38060 | 88 void |
| 38061 | 89 _rpc__Signal_Hash_Start( |
| 38062 | 90 void |
| 38063 | 91 ) |
| 38064 | 92 { |
| 38065 | 93 // If TPM is power off, reject this signal |
| 38066 | 94 if(!s_isPowerOn) return; |
| 38067 | 95 |
| 38068 | 96 // Pass _TPM_Hash_Start signal to TPM |
| 38069 | 97 Signal_Hash_Start(); |
| 38070 | 98 return; |
| 38071 | 99 } |
| 38072 | |
| 38073 | |
| 38074 | D.4.3.7. _rpc__Signal_Hash_Data() |
| 38075 | |
| 38076 | This function is called to simulate a _TPM_Hash_Data() event. |
| 38077 | |
| 38078 | 100 void |
| 38079 | 101 _rpc__Signal_Hash_Data( |
| 38080 | 102 _IN_BUFFER input |
| 38081 | 103 ) |
| 38082 | 104 { |
| 38083 | 105 // If TPM is power off, reject this signal |
| 38084 | 106 if(!s_isPowerOn) return; |
| 38085 | 107 |
| 38086 | 108 // Pass _TPM_Hash_Data signal to TPM |
| 38087 | 109 Signal_Hash_Data(input.BufferSize, input.Buffer); |
| 38088 | 110 return; |
| 38089 | 111 } |
| 38090 | |
| 38091 | |
| 38092 | D.4.3.8. _rpc__Signal_HashEnd() |
| 38093 | |
| 38094 | This function is called to simulate a _TPM_Hash_End() event. |
| 38095 | |
| 38096 | 112 void |
| 38097 | 113 _rpc__Signal_HashEnd( |
| 38098 | 114 void |
| 38099 | 115 ) |
| 38100 | 116 { |
| 38101 | 117 // If TPM is power off, reject this signal |
| 38102 | 118 if(!s_isPowerOn) return; |
| 38103 | 119 |
| 38104 | 120 // Pass _TPM_HashEnd signal to TPM |
| 38105 | 121 Signal_Hash_End(); |
| 38106 | 122 return; |
| 38107 | 123 } |
| 38108 | |
| 38109 | Command interface Entry of a RPC call |
| 38110 | |
| 38111 | Family "2.0" TCG Published Page 557 |
| 38112 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 38113 | Trusted Platform Module Library Part 4: Supporting Routines |
| 38114 | |
| 38115 | 124 void |
| 38116 | 125 _rpc__Send_Command( |
| 38117 | 126 unsigned char locality, |
| 38118 | 127 _IN_BUFFER request, |
| 38119 | 128 _OUT_BUFFER *response |
| 38120 | 129 ) |
| 38121 | 130 { |
| 38122 | 131 // If TPM is power off, reject any commands. |
| 38123 | 132 if(!s_isPowerOn) { |
| 38124 | 133 response->BufferSize = 0; |
| 38125 | 134 return; |
| 38126 | 135 } |
| 38127 | 136 // Set the locality of the command so that it doesn't change during the command |
| 38128 | 137 _plat__LocalitySet(locality); |
| 38129 | 138 // Do implementation-specific command dispatch |
| 38130 | 139 ExecuteCommand(request.BufferSize, request.Buffer, |
| 38131 | 140 &response->BufferSize, &response->Buffer); |
| 38132 | 141 return; |
| 38133 | 142 |
| 38134 | 143 } |
| 38135 | |
| 38136 | |
| 38137 | D.4.3.9. _rpc__Signal_CancelOn() |
| 38138 | |
| 38139 | This function is used to turn on the indication to cancel a command in process. An executing command is |
| 38140 | not interrupted. The command code may perodically check this indication to see if it should abort the |
| 38141 | current command processing and returned TPM_RC_CANCELLED. |
| 38142 | |
| 38143 | 144 void |
| 38144 | 145 _rpc__Signal_CancelOn( |
| 38145 | 146 void |
| 38146 | 147 ) |
| 38147 | 148 { |
| 38148 | 149 // If TPM is power off, reject this signal |
| 38149 | 150 if(!s_isPowerOn) return; |
| 38150 | 151 |
| 38151 | 152 // Set the platform canceling flag. |
| 38152 | 153 _plat__SetCancel(); |
| 38153 | 154 |
| 38154 | 155 return; |
| 38155 | 156 } |
| 38156 | |
| 38157 | |
| 38158 | D.4.3.10. _rpc__Signal_CancelOff() |
| 38159 | |
| 38160 | This function is used to turn off the indication to cancel a command in process. |
| 38161 | |
| 38162 | 157 void |
| 38163 | 158 _rpc__Signal_CancelOff( |
| 38164 | 159 void |
| 38165 | 160 ) |
| 38166 | 161 { |
| 38167 | 162 // If TPM is power off, reject this signal |
| 38168 | 163 if(!s_isPowerOn) return; |
| 38169 | 164 |
| 38170 | 165 // Set the platform canceling flag. |
| 38171 | 166 _plat__ClearCancel(); |
| 38172 | 167 |
| 38173 | 168 return; |
| 38174 | 169 } |
| 38175 | |
| 38176 | |
| 38177 | |
| 38178 | |
| 38179 | Page 558 TCG Published Family "2.0" |
| 38180 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 38181 | Part 4: Supporting Routines Trusted Platform Module Library |
| 38182 | |
| 38183 | D.4.3.11. _rpc__Signal_NvOn() |
| 38184 | |
| 38185 | In a system where the NV memory used by the TPM is not within the TPM, the NV may not always be |
| 38186 | available. This function turns on the indicator that indicates that NV is available. |
| 38187 | |
| 38188 | 170 void |
| 38189 | 171 _rpc__Signal_NvOn( |
| 38190 | 172 void |
| 38191 | 173 ) |
| 38192 | 174 { |
| 38193 | 175 // If TPM is power off, reject this signal |
| 38194 | 176 if(!s_isPowerOn) return; |
| 38195 | 177 |
| 38196 | 178 _plat__SetNvAvail(); |
| 38197 | 179 return; |
| 38198 | 180 } |
| 38199 | |
| 38200 | |
| 38201 | D.4.3.12. _rpc__Signal_NvOff() |
| 38202 | |
| 38203 | This function is used to set the indication that NV memory is no longer available. |
| 38204 | |
| 38205 | 181 void |
| 38206 | 182 _rpc__Signal_NvOff( |
| 38207 | 183 void |
| 38208 | 184 ) |
| 38209 | 185 { |
| 38210 | 186 // If TPM is power off, reject this signal |
| 38211 | 187 if(!s_isPowerOn) return; |
| 38212 | 188 |
| 38213 | 189 _plat__ClearNvAvail(); |
| 38214 | 190 return; |
| 38215 | 191 } |
| 38216 | |
| 38217 | |
| 38218 | D.4.3.13. _rpc__Shutdown() |
| 38219 | |
| 38220 | This function is used to stop the TPM simulator. |
| 38221 | |
| 38222 | 192 void |
| 38223 | 193 _rpc__Shutdown( |
| 38224 | 194 void |
| 38225 | 195 ) |
| 38226 | 196 { |
| 38227 | 197 RPC_STATUS status; |
| 38228 | 198 |
| 38229 | 199 // Stop TPM |
| 38230 | 200 TPM_TearDown(); |
| 38231 | 201 |
| 38232 | 202 status = RpcMgmtStopServerListening(NULL); |
| 38233 | 203 if (status != RPC_S_OK) |
| 38234 | 204 { |
| 38235 | 205 printf_s("RpcMgmtStopServerListening returned: 0x%x\n", status); |
| 38236 | 206 exit(status); |
| 38237 | 207 } |
| 38238 | 208 |
| 38239 | 209 status = RpcServerUnregisterIf(NULL, NULL, FALSE); |
| 38240 | 210 if (status != RPC_S_OK) |
| 38241 | 211 { |
| 38242 | 212 printf_s("RpcServerUnregisterIf returned 0x%x\n", status); |
| 38243 | 213 exit(status); |
| 38244 | 214 } |
| 38245 | 215 } |
| 38246 | |
| 38247 | |
| 38248 | Family "2.0" TCG Published Page 559 |
| 38249 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 38250 | Trusted Platform Module Library Part 4: Supporting Routines |
| 38251 | |
| 38252 | |
| 38253 | D.5 TPMCmds.c |
| 38254 | |
| 38255 | D.5.1. Description |
| 38256 | |
| 38257 | This file contains the entry point for the simulator. |
| 38258 | |
| 38259 | D.5.2. Includes, Defines, Data Definitions, and Function Prototypes |
| 38260 | |
| 38261 | 1 #include <stdlib.h> |
| 38262 | 2 #include <stdio.h> |
| 38263 | 3 #include <stdint.h> |
| 38264 | 4 #include <ctype.h> |
| 38265 | 5 #include <windows.h> |
| 38266 | 6 #include <strsafe.h> |
| 38267 | 7 #include "string.h" |
| 38268 | 8 #include "TpmTcpProtocol.h" |
| 38269 | 9 #include "..\tpm\include\TpmBuildSwitches.h" |
| 38270 | 10 #include "..\tpm\include\prototypes\Manufacture_fp.h" |
| 38271 | 11 #define PURPOSE \ |
| 38272 | 12 "TPM Reference Simulator.\nCopyright Microsoft 2010, 2011.\n" |
| 38273 | 13 #define DEFAULT_TPM_PORT 2321 |
| 38274 | 14 void* MainPointer; |
| 38275 | 15 int _plat__NVEnable(void* platParameters); |
| 38276 | 16 void _plat__NVDisable(); |
| 38277 | 17 int StartTcpServer(int PortNumber); |
| 38278 | |
| 38279 | |
| 38280 | D.5.3. Functions |
| 38281 | |
| 38282 | D.5.3.1. Usage() |
| 38283 | |
| 38284 | This function prints the proper calling sequence for the simulator. |
| 38285 | |
| 38286 | 18 void |
| 38287 | 19 Usage( |
| 38288 | 20 char *pszProgramName |
| 38289 | 21 ) |
| 38290 | 22 { |
| 38291 | 23 fprintf_s(stderr, "%s", PURPOSE); |
| 38292 | 24 fprintf_s(stderr, "Usage:\n"); |
| 38293 | 25 fprintf_s(stderr, "%s - Starts the TPM server listening on port %d\n", |
| 38294 | 26 pszProgramName, DEFAULT_TPM_PORT); |
| 38295 | 27 fprintf_s(stderr, |
| 38296 | 28 "%s PortNum - Starts the TPM server listening on port PortNum\n", |
| 38297 | 29 pszProgramName); |
| 38298 | 30 fprintf_s(stderr, "%s ? - This message\n", pszProgramName); |
| 38299 | 31 exit(1); |
| 38300 | 32 } |
| 38301 | |
| 38302 | |
| 38303 | D.5.3.2. main() |
| 38304 | |
| 38305 | This is the main entry point for the simulator. |
| 38306 | main: register the interface, start listening for clients |
| 38307 | |
| 38308 | 33 void __cdecl |
| 38309 | 34 main( |
| 38310 | 35 int argc, |
| 38311 | 36 char *argv[] |
| 38312 | 37 ) |
| 38313 | |
| 38314 | Page 560 TCG Published Family "2.0" |
| 38315 | October 30, 2014 Copyright © TCG 2006-2014 Level 00 Revision 01.16 |
| 38316 | Part 4: Supporting Routines Trusted Platform Module Library |
| 38317 | |
| 38318 | 38 { |
| 38319 | 39 int portNum = DEFAULT_TPM_PORT; |
| 38320 | 40 if(argc>2) |
| 38321 | 41 { |
| 38322 | 42 Usage(argv[0]); |
| 38323 | 43 } |
| 38324 | 44 |
| 38325 | 45 if(argc==2) |
| 38326 | 46 { |
| 38327 | 47 if(strcmp(argv[1], "?") ==0) |
| 38328 | 48 { |
| 38329 | 49 Usage(argv[0]); |
| 38330 | 50 } |
| 38331 | 51 portNum = atoi(argv[1]); |
| 38332 | 52 if(portNum <=0 || portNum>65535) |
| 38333 | 53 { |
| 38334 | 54 Usage(argv[0]); |
| 38335 | 55 } |
| 38336 | 56 } |
| 38337 | 57 _plat__NVEnable(NULL); |
| 38338 | 58 if(TPM_Manufacture(1) != 0) |
| 38339 | 59 { |
| 38340 | 60 exit(1); |
| 38341 | 61 } |
| 38342 | 62 // Coverage test - repeated manufacturing attempt |
| 38343 | 63 if(TPM_Manufacture(0) != 1) |
| 38344 | 64 { |
| 38345 | 65 exit(2); |
| 38346 | 66 } |
| 38347 | 67 // Coverage test - re-manufacturing |
| 38348 | 68 TPM_TearDown(); |
| 38349 | 69 if(TPM_Manufacture(1) != 0) |
| 38350 | 70 { |
| 38351 | 71 exit(3); |
| 38352 | 72 } |
| 38353 | 73 // Disable NV memory |
| 38354 | 74 _plat__NVDisable(); |
| 38355 | 75 |
| 38356 | 76 StartTcpServer(portNum); |
| 38357 | 77 return; |
| 38358 | 78 } |
| 38359 | |
| 38360 | |
| 38361 | |
| 38362 | |
| 38363 | Family "2.0" TCG Published Page 561 |
| 38364 | Level 00 Revision 01.16 Copyright © TCG 2006-2014 October 30, 2014 |
| 38365 | |