• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Microsoft Reference Implementation for TPM 2.0
2  *
3  *  The copyright in this software is being made available under the BSD License,
4  *  included below. This software may be subject to other third party and
5  *  contributor rights, including patent rights, and no such rights are granted
6  *  under this license.
7  *
8  *  Copyright (c) Microsoft Corporation
9  *
10  *  All rights reserved.
11  *
12  *  BSD License
13  *
14  *  Redistribution and use in source and binary forms, with or without modification,
15  *  are permitted provided that the following conditions are met:
16  *
17  *  Redistributions of source code must retain the above copyright notice, this list
18  *  of conditions and the following disclaimer.
19  *
20  *  Redistributions in binary form must reproduce the above copyright notice, this
21  *  list of conditions and the following disclaimer in the documentation and/or
22  *  other materials provided with the distribution.
23  *
24  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
25  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27  *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
28  *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29  *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30  *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
31  *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 #include "Tpm.h"
36 
37 #if CC_PolicyAuthorizeNV  // Conditional expansion of this file
38 #include "PolicyAuthorizeNV_fp.h"
39 #include "Policy_spt_fp.h"
40 
41 /*(See part 3 specification)
42 // Change policy by a signature from authority
43 */
44 //  Return Type: TPM_RC
45 //      TPM_RC_HASH         hash algorithm in 'keyName' is not supported or is not
46 //                          the same as the hash algorithm of the policy session
47 //      TPM_RC_SIZE         'keyName' is not the correct size for its hash algorithm
48 //      TPM_RC_VALUE        the current policyDigest of 'policySession' does not
49 //                          match 'approvedPolicy'; or 'checkTicket' doesn't match
50 //                          the provided values
51 TPM_RC
TPM2_PolicyAuthorizeNV(PolicyAuthorizeNV_In * in)52 TPM2_PolicyAuthorizeNV(
53     PolicyAuthorizeNV_In    *in
54     )
55 {
56     SESSION                 *session;
57     TPM_RC                   result;
58     NV_REF                   locator;
59     NV_INDEX                *nvIndex = NvGetIndexInfo(in->nvIndex, &locator);
60     TPM2B_NAME               name;
61     TPMT_HA                  policyInNv;
62     BYTE                     nvTemp[sizeof(TPMT_HA)];
63     BYTE                    *buffer = nvTemp;
64     INT32                    size;
65 
66 // Input Validation
67     // Get pointer to the session structure
68     session = SessionGet(in->policySession);
69 
70     // Skip checks if this is a trial policy
71     if(!session->attributes.isTrialPolicy)
72     {
73         // Check the authorizations for reading
74         // Common read access checks. NvReadAccessChecks() returns
75         // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED
76         // error may be returned at this point
77         result = NvReadAccessChecks(in->authHandle, in->nvIndex,
78                                     nvIndex->publicArea.attributes);
79         if(result != TPM_RC_SUCCESS)
80             return result;
81 
82         // Read the contents of the index into a temp buffer
83         size = MIN(nvIndex->publicArea.dataSize, sizeof(TPMT_HA));
84         NvGetIndexData(nvIndex, locator, 0, (UINT16)size, nvTemp);
85 
86         // Unmarshal the contents of the buffer into the internal format of a
87         // TPMT_HA so that the hash and digest elements can be accessed from the
88         // structure rather than the byte array that is in the Index (written by
89         // user of the Index).
90         result = TPMT_HA_Unmarshal(&policyInNv, &buffer, &size, FALSE);
91         if(result != TPM_RC_SUCCESS)
92             return result;
93 
94         // Verify that the hash is the same
95         if(policyInNv.hashAlg != session->authHashAlg)
96             return TPM_RC_HASH;
97 
98         // See if the contents of the digest in the Index matches the value
99         // in the policy
100         if(!MemoryEqual(&policyInNv.digest, &session->u2.policyDigest.t.buffer,
101                         session->u2.policyDigest.t.size))
102             return TPM_RC_VALUE;
103     }
104 
105 // Internal Data Update
106 
107     // Set policyDigest to zero digest
108     PolicyDigestClear(session);
109 
110     // Update policyDigest
111     PolicyContextUpdate(TPM_CC_PolicyAuthorizeNV, EntityGetName(in->nvIndex, &name),
112                         NULL, NULL, 0, session);
113 
114     return TPM_RC_SUCCESS;
115 }
116 
117 #endif // CC_PolicyAuthorize