• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Microsoft Reference Implementation for TPM 2.0
2  *
3  *  The copyright in this software is being made available under the BSD License,
4  *  included below. This software may be subject to other third party and
5  *  contributor rights, including patent rights, and no such rights are granted
6  *  under this license.
7  *
8  *  Copyright (c) Microsoft Corporation
9  *
10  *  All rights reserved.
11  *
12  *  BSD License
13  *
14  *  Redistribution and use in source and binary forms, with or without modification,
15  *  are permitted provided that the following conditions are met:
16  *
17  *  Redistributions of source code must retain the above copyright notice, this list
18  *  of conditions and the following disclaimer.
19  *
20  *  Redistributions in binary form must reproduce the above copyright notice, this
21  *  list of conditions and the following disclaimer in the documentation and/or
22  *  other materials provided with the distribution.
23  *
24  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
25  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27  *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
28  *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29  *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30  *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
31  *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 #include "Tpm.h"
36 #include "PolicyCounterTimer_fp.h"
37 
38 #if CC_PolicyCounterTimer  // Conditional expansion of this file
39 
40 #include "Policy_spt_fp.h"
41 
42 /*(See part 3 specification)
43 // Add a conditional gating of a policy based on the contents of the
44 // TPMS_TIME_INFO structure.
45 */
46 //  Return Type: TPM_RC
47 //      TPM_RC_POLICY           the comparison of the selected portion of the
48 //                              TPMS_TIME_INFO with 'operandB' failed
49 //      TPM_RC_RANGE            'offset' + 'size' exceed size of TPMS_TIME_INFO
50 //                              structure
51 TPM_RC
TPM2_PolicyCounterTimer(PolicyCounterTimer_In * in)52 TPM2_PolicyCounterTimer(
53     PolicyCounterTimer_In   *in             // IN: input parameter list
54     )
55 {
56     SESSION             *session;
57     TIME_INFO            infoData;          // data buffer of  TPMS_TIME_INFO
58     BYTE                *pInfoData = (BYTE *)&infoData;
59     UINT16               infoDataSize;
60     TPM_CC               commandCode = TPM_CC_PolicyCounterTimer;
61     HASH_STATE           hashState;
62     TPM2B_DIGEST         argHash;
63 
64 // Input Validation
65     // Get a marshaled time structure
66     infoDataSize = TimeGetMarshaled(&infoData);
67     // Make sure that the referenced stays within the bounds of the structure.
68     // NOTE: the offset checks are made even for a trial policy because the policy
69     // will not make any sense if the references are out of bounds of the timer
70     // structure.
71     if(in->offset > infoDataSize)
72         return TPM_RCS_VALUE + RC_PolicyCounterTimer_offset;
73     if((UINT32)in->offset + (UINT32)in->operandB.t.size > infoDataSize)
74         return TPM_RCS_RANGE;
75     // Get pointer to the session structure
76     session = SessionGet(in->policySession);
77 
78     //If this is a trial policy, skip the check to see if the condition is met.
79     if(session->attributes.isTrialPolicy == CLEAR)
80     {
81         // If the command is going to use any part of the counter or timer, need
82         // to verify that time is advancing.
83         // The time and clock vales are the first two 64-bit values in the clock
84         if(in->offset < sizeof(UINT64) + sizeof(UINT64))
85         {
86             // Using Clock or Time so see if clock is running. Clock doesn't
87             // run while NV is unavailable.
88             // TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned here.
89             RETURN_IF_NV_IS_NOT_AVAILABLE;
90         }
91         // offset to the starting position
92         pInfoData = (BYTE *)infoData;
93         // Check to see if the condition is valid
94         if(!PolicySptCheckCondition(in->operation, pInfoData + in->offset,
95                                     in->operandB.t.buffer, in->operandB.t.size))
96             return TPM_RC_POLICY;
97     }
98 // Internal Data Update
99     // Start argument list hash
100     argHash.t.size = CryptHashStart(&hashState, session->authHashAlg);
101     //  add operandB
102     CryptDigestUpdate2B(&hashState, &in->operandB.b);
103     //  add offset
104     CryptDigestUpdateInt(&hashState, sizeof(UINT16), in->offset);
105     //  add operation
106     CryptDigestUpdateInt(&hashState, sizeof(TPM_EO), in->operation);
107     //  complete argument hash
108     CryptHashEnd2B(&hashState, &argHash.b);
109 
110     // update policyDigest
111     //  start hash
112     CryptHashStart(&hashState, session->authHashAlg);
113 
114     //  add old digest
115     CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b);
116 
117     //  add commandCode
118     CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode);
119 
120     //  add argument digest
121     CryptDigestUpdate2B(&hashState, &argHash.b);
122 
123     // complete the digest
124     CryptHashEnd2B(&hashState, &session->u2.policyDigest.b);
125 
126     return TPM_RC_SUCCESS;
127 }
128 
129 #endif // CC_PolicyCounterTimer