• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Microsoft Reference Implementation for TPM 2.0
2  *
3  *  The copyright in this software is being made available under the BSD License,
4  *  included below. This software may be subject to other third party and
5  *  contributor rights, including patent rights, and no such rights are granted
6  *  under this license.
7  *
8  *  Copyright (c) Microsoft Corporation
9  *
10  *  All rights reserved.
11  *
12  *  BSD License
13  *
14  *  Redistribution and use in source and binary forms, with or without modification,
15  *  are permitted provided that the following conditions are met:
16  *
17  *  Redistributions of source code must retain the above copyright notice, this list
18  *  of conditions and the following disclaimer.
19  *
20  *  Redistributions in binary form must reproduce the above copyright notice, this
21  *  list of conditions and the following disclaimer in the documentation and/or
22  *  other materials provided with the distribution.
23  *
24  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
25  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27  *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
28  *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29  *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30  *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
31  *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 #include "Tpm.h"
36 #include "PolicyNV_fp.h"
37 
38 #if CC_PolicyNV  // Conditional expansion of this file
39 
40 #include "Policy_spt_fp.h"
41 
42 /*(See part 3 specification)
43 // Do comparison to NV location
44 */
45 //  Return Type: TPM_RC
46 //      TPM_RC_AUTH_TYPE            NV index authorization type is not correct
47 //      TPM_RC_NV_LOCKED            NV index read locked
48 //      TPM_RC_NV_UNINITIALIZED     the NV index has not been initialized
49 //      TPM_RC_POLICY               the comparison to the NV contents failed
50 //      TPM_RC_SIZE                 the size of 'nvIndex' data starting at 'offset'
51 //                                  is less than the size of 'operandB'
52 //      TPM_RC_VALUE                'offset' is too large
53 TPM_RC
TPM2_PolicyNV(PolicyNV_In * in)54 TPM2_PolicyNV(
55     PolicyNV_In     *in             // IN: input parameter list
56     )
57 {
58     TPM_RC               result;
59     SESSION             *session;
60     NV_REF               locator;
61     NV_INDEX            *nvIndex;
62     BYTE                 nvBuffer[sizeof(in->operandB.t.buffer)];
63     TPM2B_NAME           nvName;
64     TPM_CC               commandCode = TPM_CC_PolicyNV;
65     HASH_STATE           hashState;
66     TPM2B_DIGEST         argHash;
67 
68 // Input Validation
69 
70     // Get pointer to the session structure
71     session = SessionGet(in->policySession);
72 
73     //If this is a trial policy, skip all validations and the operation
74     if(session->attributes.isTrialPolicy == CLEAR)
75     {
76         // No need to access the actual NV index information for a trial policy.
77         nvIndex = NvGetIndexInfo(in->nvIndex, &locator);
78 
79         // Common read access checks. NvReadAccessChecks() may return
80         // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED
81         result = NvReadAccessChecks(in->authHandle,
82                                     in->nvIndex,
83                                     nvIndex->publicArea.attributes);
84         if(result != TPM_RC_SUCCESS)
85             return result;
86 
87         // Make sure that offset is withing range
88         if(in->offset > nvIndex->publicArea.dataSize)
89             return TPM_RCS_VALUE + RC_PolicyNV_offset;
90 
91         // Valid NV data size should not be smaller than input operandB size
92         if((nvIndex->publicArea.dataSize - in->offset) < in->operandB.t.size)
93             return TPM_RCS_SIZE + RC_PolicyNV_operandB;
94 
95 
96         // Get NV data.  The size of NV data equals the input operand B size
97         NvGetIndexData(nvIndex, locator, in->offset, in->operandB.t.size, nvBuffer);
98 
99         // Check to see if the condition is valid
100         if(!PolicySptCheckCondition(in->operation, nvBuffer,
101                                     in->operandB.t.buffer, in->operandB.t.size))
102             return TPM_RC_POLICY;
103     }
104 // Internal Data Update
105 
106     // Start argument hash
107     argHash.t.size = CryptHashStart(&hashState, session->authHashAlg);
108 
109     //  add operandB
110     CryptDigestUpdate2B(&hashState, &in->operandB.b);
111 
112     //  add offset
113     CryptDigestUpdateInt(&hashState, sizeof(UINT16), in->offset);
114 
115     //  add operation
116     CryptDigestUpdateInt(&hashState, sizeof(TPM_EO), in->operation);
117 
118     //  complete argument digest
119     CryptHashEnd2B(&hashState, &argHash.b);
120 
121     // Update policyDigest
122     //  Start digest
123     CryptHashStart(&hashState, session->authHashAlg);
124 
125     //  add old digest
126     CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b);
127 
128     //  add commandCode
129     CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode);
130 
131     //  add argument digest
132     CryptDigestUpdate2B(&hashState, &argHash.b);
133 
134     // Adding nvName
135     CryptDigestUpdate2B(&hashState, &EntityGetName(in->nvIndex, &nvName)->b);
136 
137     // complete the digest
138     CryptHashEnd2B(&hashState, &session->u2.policyDigest.b);
139 
140     return TPM_RC_SUCCESS;
141 }
142 
143 #endif // CC_PolicyNV