diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2015-05-20 10:32:25 -0700 |
---|---|---|
committer | Vadim Bendebury <vbendeb@chromium.org> | 2015-05-20 22:32:05 -0700 |
commit | 5679752bf24c21135884e987c4077e2f71848971 (patch) | |
tree | 3e680dd91a7af84c45ea1170ee88225bd4ad32c8 /Policy_spt.c | |
download | tpm2-5679752bf24c21135884e987c4077e2f71848971.tar.gz |
Initial commit to seed TPM2.0 source code directory
LICENSE file text copied from TCG library specification. README
describes the procedure used to extract source code from parts 3 and 4
of the specification.
The python scripts and part{34}.txt files will be removed in the
following commits.
Change-Id: Ie281e6e988481831f33483053455e8aff8f3f75f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'Policy_spt.c')
-rw-r--r-- | Policy_spt.c | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/Policy_spt.c b/Policy_spt.c new file mode 100644 index 0000000..9530700 --- /dev/null +++ b/Policy_spt.c @@ -0,0 +1,131 @@ +// This file was extracted from the TCG Published +// Trusted Platform Module Library +// Part 4: Supporting Routines +// Family "2.0" +// Level 00 Revision 01.16 +// October 30, 2014 + +#include "InternalRoutines.h" +#include "Policy_spt_fp.h" +#include "PolicySigned_fp.h" +#include "PolicySecret_fp.h" +#include "PolicyTicket_fp.h" +// +// +// PolicyParameterChecks() +// +// This function validates the common parameters of TPM2_PolicySiged() and TPM2_PolicySecret(). The +// common parameters are nonceTPM, expiration, and cpHashA. +// +TPM_RC +PolicyParameterChecks( + SESSION *session, + UINT64 authTimeout, + TPM2B_DIGEST *cpHashA, + TPM2B_NONCE *nonce, + TPM_RC nonceParameterNumber, + TPM_RC cpHashParameterNumber, + TPM_RC expirationParameterNumber + ) +{ + TPM_RC result; + // Validate that input nonceTPM is correct if present + if(nonce != NULL && nonce->t.size != 0) +// + { + if(!Memory2BEqual(&nonce->b, &session->nonceTPM.b)) + return TPM_RC_NONCE + RC_PolicySigned_nonceTPM; + } + // If authTimeout is set (expiration != 0... + if(authTimeout != 0) + { + // ...then nonce must be present + // nonce present isn't checked in PolicyTicket + if(nonce != NULL && nonce->t.size == 0) + // This error says that the time has expired but it is pointing + // at the nonceTPM value. + return TPM_RC_EXPIRED + nonceParameterNumber; + // Validate input expiration. + // Cannot compare time if clock stop advancing. A TPM_RC_NV_UNAVAILABLE + // or TPM_RC_NV_RATE error may be returned here. + result = NvIsAvailable(); + if(result != TPM_RC_SUCCESS) + return result; + if(authTimeout < go.clock) + return TPM_RC_EXPIRED + expirationParameterNumber; + } + // If the cpHash is present, then check it + if(cpHashA != NULL && cpHashA->t.size != 0) + { + // The cpHash input has to have the correct size + if(cpHashA->t.size != session->u2.policyDigest.t.size) + return TPM_RC_SIZE + cpHashParameterNumber; + // If the cpHash has already been set, then this input value + // must match the current value. + if( session->u1.cpHash.b.size != 0 + && !Memory2BEqual(&cpHashA->b, &session->u1.cpHash.b)) + return TPM_RC_CPHASH; + } + return TPM_RC_SUCCESS; +} +// +// +// PolicyContextUpdate() +// +// Update policy hash Update the policyDigest in policy session by extending policyRef and objectName to +// it. This will also update the cpHash if it is present. +// +void +PolicyContextUpdate( + TPM_CC commandCode, // IN: command code + TPM2B_NAME *name, // IN: name of entity + TPM2B_NONCE *ref, // IN: the reference data + TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) + UINT64 policyTimeout, + SESSION *session // IN/OUT: policy session to be updated + ) +{ + HASH_STATE hashState; + UINT16 policyDigestSize; + // Start hash + policyDigestSize = CryptStartHash(session->authHashAlg, &hashState); + // policyDigest size should always be the digest size of session hash algorithm. + pAssert(session->u2.policyDigest.t.size == policyDigestSize); + // add old digest + CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b); + // add commandCode + CryptUpdateDigestInt(&hashState, sizeof(commandCode), &commandCode); + // add name if applicable + if(name != NULL) + CryptUpdateDigest2B(&hashState, &name->b); + // Complete the digest and get the results + CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b); + // Start second hash computation + CryptStartHash(session->authHashAlg, &hashState); + // add policyDigest + CryptUpdateDigest2B(&hashState, &session->u2.policyDigest.b); + // add policyRef + if(ref != NULL) + CryptUpdateDigest2B(&hashState, &ref->b); + // Complete second digest + CryptCompleteHash2B(&hashState, &session->u2.policyDigest.b); + // Deal with the cpHash. If the cpHash value is present + // then it would have already been checked to make sure that + // it is compatible with the current value so all we need + // to do here is copy it and set the iscoHashDefined attribute + if(cpHash != NULL && cpHash->t.size != 0) + { + session->u1.cpHash = *cpHash; + session->attributes.iscpHashDefined = SET; + } + // update the timeout if it is specified + if(policyTimeout!= 0) + { + // If the timeout has not been set, then set it to the new value + if(session->timeOut == 0) + session->timeOut = policyTimeout; + else if(session->timeOut > policyTimeout) + session->timeOut = policyTimeout; + } + return; +} |