| /* Microsoft Reference Implementation for TPM 2.0 | |
| * | |
| * The copyright in this software is being made available under the BSD License, | |
| * included below. This software may be subject to other third party and | |
| * contributor rights, including patent rights, and no such rights are granted | |
| * under this license. | |
| * | |
| * Copyright (c) Microsoft Corporation | |
| * | |
| * All rights reserved. | |
| * | |
| * BSD License | |
| * | |
| * Redistribution and use in source and binary forms, with or without modification, | |
| * are permitted provided that the following conditions are met: | |
| * | |
| * Redistributions of source code must retain the above copyright notice, this list | |
| * of conditions and the following disclaimer. | |
| * | |
| * Redistributions in binary form must reproduce the above copyright notice, this | |
| * list of conditions and the following disclaimer in the documentation and/or | |
| * other materials provided with the distribution. | |
| * | |
| * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" | |
| * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR | |
| * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
| * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
| * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON | |
| * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
| * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | |
| * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| */ | |
| //** Includes | |
| #include "Tpm.h" | |
| #include "Policy_spt_fp.h" | |
| #include "PolicySigned_fp.h" | |
| #include "PolicySecret_fp.h" | |
| #include "PolicyTicket_fp.h" | |
| //** Functions | |
| //*** PolicyParameterChecks() | |
| // This function validates the common parameters of TPM2_PolicySiged() | |
| // and TPM2_PolicySecret(). The common parameters are 'nonceTPM', | |
| // 'expiration', and 'cpHashA'. | |
| TPM_RC | |
| PolicyParameterChecks( | |
| SESSION *session, | |
| UINT64 authTimeout, | |
| TPM2B_DIGEST *cpHashA, | |
| TPM2B_NONCE *nonce, | |
| TPM_RC blameNonce, | |
| TPM_RC blameCpHash, | |
| TPM_RC blameExpiration | |
| ) | |
| { | |
| // Validate that input nonceTPM is correct if present | |
| if(nonce != NULL && nonce->t.size != 0) | |
| { | |
| if(!MemoryEqual2B(&nonce->b, &session->nonceTPM.b)) | |
| return TPM_RCS_NONCE + blameNonce; | |
| } | |
| // If authTimeout is set (expiration != 0... | |
| if(authTimeout != 0) | |
| { | |
| // Validate input expiration. | |
| // Cannot compare time if clock stop advancing. A TPM_RC_NV_UNAVAILABLE | |
| // or TPM_RC_NV_RATE error may be returned here. | |
| RETURN_IF_NV_IS_NOT_AVAILABLE; | |
| // if the time has already passed or the time epoch has changed then the | |
| // time value is no longer good. | |
| if((authTimeout < g_time) | |
| || (session->epoch != g_timeEpoch)) | |
| return TPM_RCS_EXPIRED + blameExpiration; | |
| } | |
| // If the cpHash is present, then check it | |
| if(cpHashA != NULL && cpHashA->t.size != 0) | |
| { | |
| // The cpHash input has to have the correct size | |
| if(cpHashA->t.size != session->u2.policyDigest.t.size) | |
| return TPM_RCS_SIZE + blameCpHash; | |
| // If the cpHash has already been set, then this input value | |
| // must match the current value. | |
| if(session->u1.cpHash.b.size != 0 | |
| && !MemoryEqual2B(&cpHashA->b, &session->u1.cpHash.b)) | |
| return TPM_RC_CPHASH; | |
| } | |
| return TPM_RC_SUCCESS; | |
| } | |
| //*** PolicyContextUpdate() | |
| // Update policy hash | |
| // Update the policyDigest in policy session by extending policyRef and | |
| // objectName to it. This will also update the cpHash if it is present. | |
| // | |
| // Return Type: void | |
| void | |
| PolicyContextUpdate( | |
| TPM_CC commandCode, // IN: command code | |
| TPM2B_NAME *name, // IN: name of entity | |
| TPM2B_NONCE *ref, // IN: the reference data | |
| TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) | |
| UINT64 policyTimeout, // IN: the timeout value for the policy | |
| SESSION *session // IN/OUT: policy session to be updated | |
| ) | |
| { | |
| HASH_STATE hashState; | |
| // Start hash | |
| CryptHashStart(&hashState, session->authHashAlg); | |
| // policyDigest size should always be the digest size of session hash algorithm. | |
| pAssert(session->u2.policyDigest.t.size | |
| == CryptHashGetDigestSize(session->authHashAlg)); | |
| // add old digest | |
| CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); | |
| // add commandCode | |
| CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); | |
| // add name if applicable | |
| if(name != NULL) | |
| CryptDigestUpdate2B(&hashState, &name->b); | |
| // Complete the digest and get the results | |
| CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); | |
| // If the policy reference is not null, do a second update to the digest. | |
| if(ref != NULL) | |
| { | |
| // Start second hash computation | |
| CryptHashStart(&hashState, session->authHashAlg); | |
| // add policyDigest | |
| CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); | |
| // add policyRef | |
| CryptDigestUpdate2B(&hashState, &ref->b); | |
| // Complete second digest | |
| CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); | |
| } | |
| // Deal with the cpHash. If the cpHash value is present | |
| // then it would have already been checked to make sure that | |
| // it is compatible with the current value so all we need | |
| // to do here is copy it and set the isCpHashDefined attribute | |
| if(cpHash != NULL && cpHash->t.size != 0) | |
| { | |
| session->u1.cpHash = *cpHash; | |
| session->attributes.isCpHashDefined = SET; | |
| } | |
| // update the timeout if it is specified | |
| if(policyTimeout != 0) | |
| { | |
| // If the timeout has not been set, then set it to the new value | |
| // than the current timeout then set it to the new value | |
| if(session->timeout == 0 || session->timeout > policyTimeout) | |
| session->timeout = policyTimeout; | |
| } | |
| return; | |
| } | |
| //*** ComputeAuthTimeout() | |
| // This function is used to determine what the authorization timeout value for | |
| // the session should be. | |
| UINT64 | |
| ComputeAuthTimeout( | |
| SESSION *session, // IN: the session containing the time | |
| // values | |
| INT32 expiration, // IN: either the number of seconds from | |
| // the start of the session or the | |
| // time in g_timer; | |
| TPM2B_NONCE *nonce // IN: indicator of the time base | |
| ) | |
| { | |
| UINT64 policyTime; | |
| // If no expiration, policy time is 0 | |
| if(expiration == 0) | |
| policyTime = 0; | |
| else | |
| { | |
| if(expiration < 0) | |
| expiration = -expiration; | |
| if(nonce->t.size == 0) | |
| // The input time is absolute Time (not Clock), but it is expressed | |
| // in seconds. To make sure that we don't time out too early, take the | |
| // current value of milliseconds in g_time and add that to the input | |
| // seconds value. | |
| policyTime = (((UINT64)expiration) * 1000) + g_time % 1000; | |
| else | |
| // The policy timeout is the absolute value of the expiration in seconds | |
| // added to the start time of the policy. | |
| policyTime = session->startTime + (((UINT64)expiration) * 1000); | |
| } | |
| return policyTime; | |
| } | |
| //*** PolicyDigestClear() | |
| // Function to reset the policyDigest of a session | |
| void | |
| PolicyDigestClear( | |
| SESSION *session | |
| ) | |
| { | |
| session->u2.policyDigest.t.size = CryptHashGetDigestSize(session->authHashAlg); | |
| MemorySet(session->u2.policyDigest.t.buffer, 0, | |
| session->u2.policyDigest.t.size); | |
| } | |
| //*** PolicySptCheckCondition() | |
| // Checks to see if the condition in the policy is satisfied. | |
| BOOL | |
| PolicySptCheckCondition( | |
| TPM_EO operation, | |
| BYTE *opA, | |
| BYTE *opB, | |
| UINT16 size | |
| ) | |
| { | |
| // Arithmetic Comparison | |
| switch(operation) | |
| { | |
| case TPM_EO_EQ: | |
| // compare A = B | |
| return (UnsignedCompareB(size, opA, size, opB) == 0); | |
| break; | |
| case TPM_EO_NEQ: | |
| // compare A != B | |
| return (UnsignedCompareB(size, opA, size, opB) != 0); | |
| break; | |
| case TPM_EO_SIGNED_GT: | |
| // compare A > B signed | |
| return (SignedCompareB(size, opA, size, opB) > 0); | |
| break; | |
| case TPM_EO_UNSIGNED_GT: | |
| // compare A > B unsigned | |
| return (UnsignedCompareB(size, opA, size, opB) > 0); | |
| break; | |
| case TPM_EO_SIGNED_LT: | |
| // compare A < B signed | |
| return (SignedCompareB(size, opA, size, opB) < 0); | |
| break; | |
| case TPM_EO_UNSIGNED_LT: | |
| // compare A < B unsigned | |
| return (UnsignedCompareB(size, opA, size, opB) < 0); | |
| break; | |
| case TPM_EO_SIGNED_GE: | |
| // compare A >= B signed | |
| return (SignedCompareB(size, opA, size, opB) >= 0); | |
| break; | |
| case TPM_EO_UNSIGNED_GE: | |
| // compare A >= B unsigned | |
| return (UnsignedCompareB(size, opA, size, opB) >= 0); | |
| break; | |
| case TPM_EO_SIGNED_LE: | |
| // compare A <= B signed | |
| return (SignedCompareB(size, opA, size, opB) <= 0); | |
| break; | |
| case TPM_EO_UNSIGNED_LE: | |
| // compare A <= B unsigned | |
| return (UnsignedCompareB(size, opA, size, opB) <= 0); | |
| break; | |
| case TPM_EO_BITSET: | |
| // All bits SET in B are SET in A. ((A&B)=B) | |
| { | |
| UINT32 i; | |
| for(i = 0; i < size; i++) | |
| if((opA[i] & opB[i]) != opB[i]) | |
| return FALSE; | |
| } | |
| break; | |
| case TPM_EO_BITCLEAR: | |
| // All bits SET in B are CLEAR in A. ((A&B)=0) | |
| { | |
| UINT32 i; | |
| for(i = 0; i < size; i++) | |
| if((opA[i] & opB[i]) != 0) | |
| return FALSE; | |
| } | |
| break; | |
| default: | |
| FAIL(FATAL_ERROR_INTERNAL); | |
| break; | |
| } | |
| return TRUE; | |
| } |