• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Microsoft Reference Implementation for TPM 2.0
2  *
3  *  The copyright in this software is being made available under the BSD License,
4  *  included below. This software may be subject to other third party and
5  *  contributor rights, including patent rights, and no such rights are granted
6  *  under this license.
7  *
8  *  Copyright (c) Microsoft Corporation
9  *
10  *  All rights reserved.
11  *
12  *  BSD License
13  *
14  *  Redistribution and use in source and binary forms, with or without modification,
15  *  are permitted provided that the following conditions are met:
16  *
17  *  Redistributions of source code must retain the above copyright notice, this list
18  *  of conditions and the following disclaimer.
19  *
20  *  Redistributions in binary form must reproduce the above copyright notice, this
21  *  list of conditions and the following disclaimer in the documentation and/or
22  *  other materials provided with the distribution.
23  *
24  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
25  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27  *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
28  *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29  *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30  *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
31  *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 #include "Tpm.h"
36 #include "Commit_fp.h"
37 
38 #if CC_Commit  // Conditional expansion of this file
39 
40 /*(See part 3 specification)
41 // This command performs the point multiply operations for anonymous signing
42 // scheme.
43 */
44 //  Return Type: TPM_RC
45 //      TPM_RC_ATTRIBUTES       'keyHandle' references a restricted key that is not a
46 //                              signing key
47 //      TPM_RC_ECC_POINT        either 'P1' or the point derived from 's2' is not on
48 //                              the curve of 'keyHandle'
49 //      TPM_RC_HASH             invalid name algorithm in 'keyHandle'
50 //      TPM_RC_KEY              'keyHandle' does not reference an ECC key
51 //      TPM_RC_SCHEME           the scheme of 'keyHandle' is not an anonymous scheme
52 //      TPM_RC_NO_RESULT        'K', 'L' or 'E' was a point at infinity; or
53 //                              failed to generate "r" value
54 //      TPM_RC_SIZE             's2' is empty but 'y2' is not or 's2' provided but
55 //                              'y2' is not
56 TPM_RC
TPM2_Commit(Commit_In * in,Commit_Out * out)57 TPM2_Commit(
58     Commit_In       *in,            // IN: input parameter list
59     Commit_Out      *out            // OUT: output parameter list
60     )
61 {
62     OBJECT                  *eccKey;
63     TPMS_ECC_POINT           P2;
64     TPMS_ECC_POINT          *pP2 = NULL;
65     TPMS_ECC_POINT          *pP1 = NULL;
66     TPM2B_ECC_PARAMETER      r;
67     TPM2B_ECC_PARAMETER      p;
68     TPM_RC                   result;
69     TPMS_ECC_PARMS          *parms;
70 
71 // Input Validation
72 
73     eccKey = HandleToObject(in->signHandle);
74     parms = &eccKey->publicArea.parameters.eccDetail;
75 
76     // Input key must be an ECC key
77     if(eccKey->publicArea.type != TPM_ALG_ECC)
78         return TPM_RCS_KEY + RC_Commit_signHandle;
79 
80     // This command may only be used with a sign-only key using an anonymous
81     // scheme.
82     // NOTE: a sign + decrypt key has no scheme so it will not be an anonymous one
83     // and an unrestricted sign key might no have a signing scheme but it can't
84     // be use in Commit()
85     if(!CryptIsSchemeAnonymous(parms->scheme.scheme))
86         return TPM_RCS_SCHEME + RC_Commit_signHandle;
87 
88 // Make sure that both parts of P2 are present if either is present
89     if((in->s2.t.size == 0) != (in->y2.t.size == 0))
90         return TPM_RCS_SIZE + RC_Commit_y2;
91 
92     // Get prime modulus for the curve. This is needed later but getting this now
93     // allows confirmation that the curve exists.
94     if(!CryptEccGetParameter(&p, 'p', parms->curveID))
95         return TPM_RCS_KEY + RC_Commit_signHandle;
96 
97     // Get the random value that will be used in the point multiplications
98     // Note: this does not commit the count.
99     if(!CryptGenerateR(&r, NULL, parms->curveID, &eccKey->name))
100         return TPM_RC_NO_RESULT;
101 
102     // Set up P2 if s2 and Y2 are provided
103     if(in->s2.t.size != 0)
104     {
105         TPM2B_DIGEST             x2;
106 
107         pP2 = &P2;
108 
109         // copy y2 for P2
110         P2.y = in->y2;
111 
112         // Compute x2  HnameAlg(s2) mod p
113         //      do the hash operation on s2 with the size of curve 'p'
114         x2.t.size = CryptHashBlock(eccKey->publicArea.nameAlg,
115                                      in->s2.t.size,
116                                      in->s2.t.buffer,
117                                      sizeof(x2.t.buffer),
118                                      x2.t.buffer);
119 
120         // If there were error returns in the hash routine, indicate a problem
121         // with the hash algorithm selection
122         if(x2.t.size == 0)
123             return TPM_RCS_HASH + RC_Commit_signHandle;
124         // The size of the remainder will be same as the size of p. DivideB() will
125         // pad the results (leading zeros) if necessary to make the size the same
126         P2.x.t.size = p.t.size;
127         //  set p2.x = hash(s2) mod p
128         if(DivideB(&x2.b, &p.b, NULL, &P2.x.b) != TPM_RC_SUCCESS)
129             return TPM_RC_NO_RESULT;
130 
131         if(!CryptEccIsPointOnCurve(parms->curveID, pP2))
132             return TPM_RCS_ECC_POINT + RC_Commit_s2;
133 
134         if(eccKey->attributes.publicOnly == SET)
135             return TPM_RCS_KEY + RC_Commit_signHandle;
136     }
137     // If there is a P1, make sure that it is on the curve
138     // NOTE: an "empty" point has two UINT16 values which are the size values
139     // for each of the coordinates.
140     if(in->P1.size > 4)
141     {
142         pP1 = &in->P1.point;
143         if(!CryptEccIsPointOnCurve(parms->curveID, pP1))
144             return TPM_RCS_ECC_POINT + RC_Commit_P1;
145     }
146 
147     // Pass the parameters to CryptCommit.
148     // The work is not done in-line because it does several point multiplies
149     // with the same curve.  It saves work by not having to reload the curve
150     // parameters multiple times.
151     result = CryptEccCommitCompute(&out->K.point,
152                                    &out->L.point,
153                                    &out->E.point,
154                                    parms->curveID,
155                                    pP1,
156                                    pP2,
157                                    &eccKey->sensitive.sensitive.ecc,
158                                    &r);
159     if(result != TPM_RC_SUCCESS)
160         return result;
161 
162     // The commit computation was successful so complete the commit by setting
163     // the bit
164     out->counter = CryptCommit();
165 
166     return TPM_RC_SUCCESS;
167 }
168 
169 #endif // CC_Commit