summaryrefslogtreecommitdiffstats
path: root/src/tpm2/Policy_spt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/tpm2/Policy_spt.c')
-rw-r--r--src/tpm2/Policy_spt.c300
1 files changed, 300 insertions, 0 deletions
diff --git a/src/tpm2/Policy_spt.c b/src/tpm2/Policy_spt.c
new file mode 100644
index 0000000..4c2de20
--- /dev/null
+++ b/src/tpm2/Policy_spt.c
@@ -0,0 +1,300 @@
+/********************************************************************************/
+/* */
+/* Policy Command Support */
+/* Written by Ken Goldman */
+/* IBM Thomas J. Watson Research Center */
+/* $Id: Policy_spt.c 1594 2020-03-26 22:15:48Z kgoldman $ */
+/* */
+/* Licenses and Notices */
+/* */
+/* 1. Copyright Licenses: */
+/* */
+/* - Trusted Computing Group (TCG) grants to the user of the source code in */
+/* this specification (the "Source Code") a worldwide, irrevocable, */
+/* nonexclusive, royalty free, copyright license to reproduce, create */
+/* derivative works, distribute, display and perform the Source Code and */
+/* derivative works thereof, and to grant others the rights granted herein. */
+/* */
+/* - The TCG grants to the user of the other parts of the specification */
+/* (other than the Source Code) the rights to reproduce, distribute, */
+/* display, and perform the specification solely for the purpose of */
+/* developing products based on such documents. */
+/* */
+/* 2. Source Code Distribution Conditions: */
+/* */
+/* - Redistributions of Source Code must retain the above copyright licenses, */
+/* this list of conditions and the following disclaimers. */
+/* */
+/* - Redistributions in binary form must reproduce the above copyright */
+/* licenses, this list of conditions and the following disclaimers in the */
+/* documentation and/or other materials provided with the distribution. */
+/* */
+/* 3. Disclaimers: */
+/* */
+/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
+/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
+/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
+/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
+/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
+/* information on specification licensing rights available through TCG */
+/* membership agreements. */
+/* */
+/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
+/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
+/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
+/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
+/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
+/* */
+/* - Without limitation, TCG and its members and licensors disclaim all */
+/* liability, including liability for infringement of any proprietary */
+/* rights, relating to use of information in this specification and to the */
+/* implementation of this specification, and TCG disclaims all liability for */
+/* cost of procurement of substitute goods or services, lost profits, loss */
+/* of use, loss of data or any incidental, consequential, direct, indirect, */
+/* or special damages, whether under contract, tort, warranty or otherwise, */
+/* arising in any way out of use or reliance upon this specification or any */
+/* information herein. */
+/* */
+/* (c) Copyright IBM Corp. and others, 2016 - 2020 */
+/* */
+/********************************************************************************/
+
+/* 7.4 Policy Command Support (Policy_spt.c) */
+#include "Tpm.h"
+#include "Policy_spt_fp.h"
+#include "PolicySigned_fp.h"
+#include "PolicySecret_fp.h"
+#include "PolicyTicket_fp.h"
+/* 7.4.1 PolicyParameterChecks() */
+/* This function validates the common parameters of TPM2_PolicySiged() and TPM2_PolicySecret(). The
+ common parameters are nonceTPM, expiration, and cpHashA. */
+TPM_RC
+PolicyParameterChecks(
+ SESSION *session,
+ UINT64 authTimeout,
+ TPM2B_DIGEST *cpHashA,
+ TPM2B_NONCE *nonce,
+ TPM_RC blameNonce,
+ TPM_RC blameCpHash,
+ TPM_RC blameExpiration
+ )
+{
+ // Validate that input nonceTPM is correct if present
+ if(nonce != NULL && nonce->t.size != 0)
+ {
+ if(!MemoryEqual2B(&nonce->b, &session->nonceTPM.b))
+ return TPM_RCS_NONCE + blameNonce;
+ }
+ // If authTimeout is set (expiration != 0...
+ if(authTimeout != 0)
+ {
+ // Validate input expiration.
+ // Cannot compare time if clock stop advancing. A TPM_RC_NV_UNAVAILABLE
+ // or TPM_RC_NV_RATE error may be returned here.
+ RETURN_IF_NV_IS_NOT_AVAILABLE;
+ // if the time has already passed or the time epoch has changed then the
+ // time value is no longer good.
+ if((authTimeout < g_time)
+ || (session->epoch != g_timeEpoch))
+ return TPM_RCS_EXPIRED + blameExpiration;
+ }
+ // If the cpHash is present, then check it
+ if(cpHashA != NULL && cpHashA->t.size != 0)
+ {
+ // The cpHash input has to have the correct size
+ if(cpHashA->t.size != session->u2.policyDigest.t.size)
+ return TPM_RCS_SIZE + blameCpHash;
+ // If the cpHash has already been set, then this input value
+ // must match the current value.
+ if(session->u1.cpHash.b.size != 0
+ && !MemoryEqual2B(&cpHashA->b, &session->u1.cpHash.b))
+ return TPM_RC_CPHASH;
+ }
+ return TPM_RC_SUCCESS;
+}
+/* 7.4.2 PolicyContextUpdate() */
+/* Update policy hash Update the policyDigest in policy session by extending policyRef and
+ objectName to it. This will also update the cpHash if it is present. */
+void
+PolicyContextUpdate(
+ TPM_CC commandCode, // IN: command code
+ TPM2B_NAME *name, // IN: name of entity
+ TPM2B_NONCE *ref, // IN: the reference data
+ TPM2B_DIGEST *cpHash, // IN: the cpHash (optional)
+ UINT64 policyTimeout, // IN: the timeout value for the policy
+ SESSION *session // IN/OUT: policy session to be updated
+ )
+{
+ HASH_STATE hashState;
+ // Start hash
+ CryptHashStart(&hashState, session->authHashAlg);
+ // policyDigest size should always be the digest size of session hash algorithm.
+ pAssert(session->u2.policyDigest.t.size
+ == CryptHashGetDigestSize(session->authHashAlg));
+ // add old digest
+ CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b);
+ // add commandCode
+ CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode);
+ // add name if applicable
+ if(name != NULL)
+ CryptDigestUpdate2B(&hashState, &name->b);
+ // Complete the digest and get the results
+ CryptHashEnd2B(&hashState, &session->u2.policyDigest.b);
+ // If the policy reference is not null, do a second update to the digest.
+ if(ref != NULL)
+ {
+ // Start second hash computation
+ CryptHashStart(&hashState, session->authHashAlg);
+ // add policyDigest
+ CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b);
+ // add policyRef
+ CryptDigestUpdate2B(&hashState, &ref->b);
+ // Complete second digest
+ CryptHashEnd2B(&hashState, &session->u2.policyDigest.b);
+ }
+ // Deal with the cpHash. If the cpHash value is present
+ // then it would have already been checked to make sure that
+ // it is compatible with the current value so all we need
+ // to do here is copy it and set the isCpHashDefined attribute
+ if(cpHash != NULL && cpHash->t.size != 0)
+ {
+ session->u1.cpHash = *cpHash;
+ session->attributes.isCpHashDefined = SET;
+ }
+ // update the timeout if it is specified
+ if(policyTimeout != 0)
+ {
+ // If the timeout has not been set, then set it to the new value
+ // than the current timeout then set it to the new value
+ if(session->timeout == 0 || session->timeout > policyTimeout)
+ session->timeout = policyTimeout;
+ }
+ return;
+}
+/* 7.4.2.1 ComputeAuthTimeout() */
+/* This function is used to determine what the authorization timeout value for the session should
+ be. */
+UINT64
+ComputeAuthTimeout(
+ SESSION *session, // IN: the session containing the time
+ // values
+ INT32 expiration, // IN: either the number of seconds from
+ // the start of the session or the
+ // time in g_timer;
+ TPM2B_NONCE *nonce // IN: indicator of the time base
+ )
+{
+ UINT64 policyTime;
+ // If no expiration, policy time is 0
+ if(expiration == 0)
+ policyTime = 0;
+ else
+ {
+ if(expiration < 0) {
+ if (expiration == (INT32)0x80000000) /* libtpms changed begin; ubsan */
+ expiration++; /* libtpms changed end */
+ expiration = -expiration;
+ }
+ if(nonce->t.size == 0)
+ // The input time is absolute Time (not Clock), but it is expressed
+ // in seconds. To make sure that we don't time out too early, take the
+ // current value of milliseconds in g_time and add that to the input
+ // seconds value.
+ policyTime = (((UINT64)expiration) * 1000) + g_time % 1000;
+ else
+ // The policy timeout is the absolute value of the expiration in seconds
+ // added to the start time of the policy.
+ policyTime = session->startTime + (((UINT64)expiration) * 1000);
+ }
+ return policyTime;
+}
+/* 7.4.2.2 PolicyDigestClear() */
+/* Function to reset the policyDigest of a session */
+void
+PolicyDigestClear(
+ SESSION *session
+ )
+{
+ session->u2.policyDigest.t.size = CryptHashGetDigestSize(session->authHashAlg);
+ MemorySet(session->u2.policyDigest.t.buffer, 0,
+ session->u2.policyDigest.t.size);
+}
+
+/* 7.4.2.5 PolicySptCheckCondition() */
+/* Checks to see if the condition in the policy is satisfied. */
+
+BOOL
+PolicySptCheckCondition(
+ TPM_EO operation,
+ BYTE *opA,
+ BYTE *opB,
+ UINT16 size
+ )
+{
+ // Arithmetic Comparison
+ switch(operation)
+ {
+ case TPM_EO_EQ:
+ // compare A = B
+ return (UnsignedCompareB(size, opA, size, opB) == 0);
+ break;
+ case TPM_EO_NEQ:
+ // compare A != B
+ return (UnsignedCompareB(size, opA, size, opB) != 0);
+ break;
+ case TPM_EO_SIGNED_GT:
+ // compare A > B signed
+ return (SignedCompareB(size, opA, size, opB) > 0);
+ break;
+ case TPM_EO_UNSIGNED_GT:
+ // compare A > B unsigned
+ return (UnsignedCompareB(size, opA, size, opB) > 0);
+ break;
+ case TPM_EO_SIGNED_LT:
+ // compare A < B signed
+ return (SignedCompareB(size, opA, size, opB) < 0);
+ break;
+ case TPM_EO_UNSIGNED_LT:
+ // compare A < B unsigned
+ return (UnsignedCompareB(size, opA, size, opB) < 0);
+ break;
+ case TPM_EO_SIGNED_GE:
+ // compare A >= B signed
+ return (SignedCompareB(size, opA, size, opB) >= 0);
+ break;
+ case TPM_EO_UNSIGNED_GE:
+ // compare A >= B unsigned
+ return (UnsignedCompareB(size, opA, size, opB) >= 0);
+ break;
+ case TPM_EO_SIGNED_LE:
+ // compare A <= B signed
+ return (SignedCompareB(size, opA, size, opB) <= 0);
+ break;
+ case TPM_EO_UNSIGNED_LE:
+ // compare A <= B unsigned
+ return (UnsignedCompareB(size, opA, size, opB) <= 0);
+ break;
+ case TPM_EO_BITSET:
+ // All bits SET in B are SET in A. ((A&B)=B)
+ {
+ UINT32 i;
+ for(i = 0; i < size; i++)
+ if((opA[i] & opB[i]) != opB[i])
+ return FALSE;
+ }
+ break;
+ case TPM_EO_BITCLEAR:
+ // All bits SET in B are CLEAR in A. ((A&B)=0)
+ {
+ UINT32 i;
+ for(i = 0; i < size; i++)
+ if((opA[i] & opB[i]) != 0)
+ return FALSE;
+ }
+ break;
+ default:
+ FAIL(FATAL_ERROR_INTERNAL);
+ break;
+ }
+ return TRUE;
+}