/src/ibmswtpm2/src/SigningCommands.c

Source
/********************************************************************************/
/*                    */
/*    Signing and Signature Verification          */
/*           Written by Ken Goldman       */
/*           IBM Thomas J. Watson Research Center     */
/*            $Id: SigningCommands.c 1259 2018-07-10 19:11:09Z kgoldman $ */
/*                    */
/*  Licenses and Notices              */
/*                    */
/*  1. Copyright Licenses:              */
/*                    */
/*  - Trusted Computing Group (TCG) grants to the user of the source code in  */
/*    this specification (the "Source Code") a worldwide, irrevocable,    */
/*    nonexclusive, royalty free, copyright license to reproduce, create  */
/*    derivative works, distribute, display and perform the Source Code and */
/*    derivative works thereof, and to grant others the rights granted herein.  */
/*                    */
/*  - The TCG grants to the user of the other parts of the specification  */
/*    (other than the Source Code) the rights to reproduce, distribute,   */
/*    display, and perform the specification solely for the purpose of    */
/*    developing products based on such documents.        */
/*                    */
/*  2. Source Code Distribution Conditions:         */
/*                    */
/*  - Redistributions of Source Code must retain the above copyright licenses,  */
/*    this list of conditions and the following disclaimers.      */
/*                    */
/*  - Redistributions in binary form must reproduce the above copyright   */
/*    licenses, this list of conditions and the following disclaimers in the  */
/*    documentation and/or other materials provided with the distribution.  */
/*                    */
/*  3. Disclaimers:               */
/*                    */
/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.   */
/*  Contact TCG Administration (admin@trustedcomputinggroup.org) for    */
/*  information on specification licensing rights available through TCG   */
/*  membership agreements.              */
/*                    */
/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED   */
/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR   */
/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR    */
/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY    */
/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.   */
/*                    */
/*  - Without limitation, TCG and its members and licensors disclaim all  */
/*    liability, including liability for infringement of any proprietary  */
/*    rights, relating to use of information in this specification and to the */
/*    implementation of this specification, and TCG disclaims all liability for */
/*    cost of procurement of substitute goods or services, lost profits, loss   */
/*    of use, loss of data or any incidental, consequential, direct, indirect,  */
/*    or special damages, whether under contract, tort, warranty or otherwise,  */
/*    arising in any way out of use or reliance upon this specification or any  */
/*    information herein.             */
/*                    */
/*  (c) Copyright IBM Corp. and others, 2016 - 2018       */
/*                    */
/********************************************************************************/

#include "Tpm.h"
#include "VerifySignature_fp.h"
#if CC_VerifySignature  // Conditional expansion of this file
TPM_RC
TPM2_VerifySignature(
         VerifySignature_In      *in,            // IN: input parameter list
         VerifySignature_Out     *out            // OUT: output parameter list
         )
{
    TPM_RC                   result;
    OBJECT                  *signObject = HandleToObject(in->keyHandle);
    TPMI_RH_HIERARCHY        hierarchy;
    // Input Validation
    // The object to validate the signature must be a signing key.
    if(!IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, sign))
  return TPM_RCS_ATTRIBUTES + RC_VerifySignature_keyHandle;
    // Validate Signature.  TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE
    // error may be returned by CryptCVerifySignatrue()
    result = CryptValidateSignature(in->keyHandle, &in->digest, &in->signature);
    if(result != TPM_RC_SUCCESS)
  return RcSafeAddToResult(result, RC_VerifySignature_signature);
    // Command Output
    hierarchy = GetHeriarchy(in->keyHandle);
    if(hierarchy == TPM_RH_NULL
       || signObject->publicArea.nameAlg == TPM_ALG_NULL)
  {
      // produce empty ticket if hierarchy is TPM_RH_NULL or nameAlg is
      // TPM_ALG_NULL
      out->validation.tag = TPM_ST_VERIFIED;
      out->validation.hierarchy = TPM_RH_NULL;
      out->validation.digest.t.size = 0;
  }
    else
  {
      // Compute ticket
      TicketComputeVerified(hierarchy, &in->digest, &signObject->name,
          &out->validation);
  }
    return TPM_RC_SUCCESS;
}
#endif // CC_VerifySignature
#include "Tpm.h"
#include "Sign_fp.h"
#if CC_Sign  // Conditional expansion of this file
#include "Attest_spt_fp.h"
TPM_RC
TPM2_Sign(
    Sign_In         *in,            // IN: input parameter list
    Sign_Out        *out            // OUT: output parameter list
    )
{
    TPM_RC                   result;
    TPMT_TK_HASHCHECK        ticket;
    OBJECT                  *signObject = HandleToObject(in->keyHandle);
    //
    // Input Validation
    if(!IsSigningObject(signObject))
  return TPM_RCS_KEY + RC_Sign_keyHandle;
    // pick a scheme for sign.  If the input sign scheme is not compatible with
    // the default scheme, return an error.
    if(!CryptSelectSignScheme(signObject, &in->inScheme))
  return TPM_RCS_SCHEME + RC_Sign_inScheme;
    // If validation is provided, or the key is restricted, check the ticket
    if(in->validation.digest.t.size != 0
       || IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, restricted))
  {
      // Compute and compare ticket
      TicketComputeHashCheck(in->validation.hierarchy,
           in->inScheme.details.any.hashAlg,
           &in->digest, &ticket);
      if(!MemoryEqual2B(&in->validation.digest.b, &ticket.digest.b))
    return TPM_RCS_TICKET + RC_Sign_validation;
  }
    else
  // If we don't have a ticket, at least verify that the provided 'digest'
  // is the size of the scheme hashAlg digest.
  // NOTE: this does not guarantee that the 'digest' is actually produced using
  // the indicated hash algorithm, but at least it might be.
  {
      if(in->digest.t.size
         != CryptHashGetDigestSize(in->inScheme.details.any.hashAlg))
    return TPM_RCS_SIZE + RC_Sign_digest;
  }
    // Command Output
    // Sign the hash. A TPM_RC_VALUE or TPM_RC_SCHEME
    // error may be returned at this point
    result = CryptSign(signObject, &in->inScheme, &in->digest, &out->signature);
    return result;
}
#endif // CC_Sign

Coverage Report

Created: 2026-05-23 06:56

Line	Count	Source
1		/********************************************************************************/
2		/* */
3		/* Signing and Signature Verification */
4		/* Written by Ken Goldman */
5		/* IBM Thomas J. Watson Research Center */
6		/* $Id: SigningCommands.c 1259 2018-07-10 19:11:09Z kgoldman $ */
7		/* */
8		/* Licenses and Notices */
9		/* */
10		/* 1. Copyright Licenses: */
11		/* */
12		/* - Trusted Computing Group (TCG) grants to the user of the source code in */
13		/* this specification (the "Source Code") a worldwide, irrevocable, */
14		/* nonexclusive, royalty free, copyright license to reproduce, create */
15		/* derivative works, distribute, display and perform the Source Code and */
16		/* derivative works thereof, and to grant others the rights granted herein. */
17		/* */
18		/* - The TCG grants to the user of the other parts of the specification */
19		/* (other than the Source Code) the rights to reproduce, distribute, */
20		/* display, and perform the specification solely for the purpose of */
21		/* developing products based on such documents. */
22		/* */
23		/* 2. Source Code Distribution Conditions: */
24		/* */
25		/* - Redistributions of Source Code must retain the above copyright licenses, */
26		/* this list of conditions and the following disclaimers. */
27		/* */
28		/* - Redistributions in binary form must reproduce the above copyright */
29		/* licenses, this list of conditions and the following disclaimers in the */
30		/* documentation and/or other materials provided with the distribution. */
31		/* */
32		/* 3. Disclaimers: */
33		/* */
34		/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
35		/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
36		/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
37		/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
38		/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
39		/* information on specification licensing rights available through TCG */
40		/* membership agreements. */
41		/* */
42		/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
43		/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
44		/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
45		/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
46		/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
47		/* */
48		/* - Without limitation, TCG and its members and licensors disclaim all */
49		/* liability, including liability for infringement of any proprietary */
50		/* rights, relating to use of information in this specification and to the */
51		/* implementation of this specification, and TCG disclaims all liability for */
52		/* cost of procurement of substitute goods or services, lost profits, loss */
53		/* of use, loss of data or any incidental, consequential, direct, indirect, */
54		/* or special damages, whether under contract, tort, warranty or otherwise, */
55		/* arising in any way out of use or reliance upon this specification or any */
56		/* information herein. */
57		/* */
58		/* (c) Copyright IBM Corp. and others, 2016 - 2018 */
59		/* */
60		/********************************************************************************/
61
62		#include "Tpm.h"
63		#include "VerifySignature_fp.h"
64		#if CC_VerifySignature // Conditional expansion of this file
65		TPM_RC
66		TPM2_VerifySignature(
67		VerifySignature_In *in, // IN: input parameter list
68		VerifySignature_Out *out // OUT: output parameter list
69		)
70	0	{
71	0	TPM_RC result;
72	0	OBJECT *signObject = HandleToObject(in->keyHandle);
73	0	TPMI_RH_HIERARCHY hierarchy;
74		// Input Validation
75		// The object to validate the signature must be a signing key.
76	0	if(!IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, sign))
77	0	return TPM_RCS_ATTRIBUTES + RC_VerifySignature_keyHandle;
78		// Validate Signature. TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE
79		// error may be returned by CryptCVerifySignatrue()
80	0	result = CryptValidateSignature(in->keyHandle, &in->digest, &in->signature);
81	0	if(result != TPM_RC_SUCCESS)
82	0	return RcSafeAddToResult(result, RC_VerifySignature_signature);
83		// Command Output
84	0	hierarchy = GetHeriarchy(in->keyHandle);
85	0	if(hierarchy == TPM_RH_NULL
86	0	\|\| signObject->publicArea.nameAlg == TPM_ALG_NULL)
87	0	{
88		// produce empty ticket if hierarchy is TPM_RH_NULL or nameAlg is
89		// TPM_ALG_NULL
90	0	out->validation.tag = TPM_ST_VERIFIED;
91	0	out->validation.hierarchy = TPM_RH_NULL;
92	0	out->validation.digest.t.size = 0;
93	0	}
94	0	else
95	0	{
96		// Compute ticket
97	0	TicketComputeVerified(hierarchy, &in->digest, &signObject->name,
98	0	&out->validation);
99	0	}
100	0	return TPM_RC_SUCCESS;
101	0	}
102		#endif // CC_VerifySignature
103		#include "Tpm.h"
104		#include "Sign_fp.h"
105		#if CC_Sign // Conditional expansion of this file
106		#include "Attest_spt_fp.h"
107		TPM_RC
108		TPM2_Sign(
109		Sign_In *in, // IN: input parameter list
110		Sign_Out *out // OUT: output parameter list
111		)
112	0	{
113	0	TPM_RC result;
114	0	TPMT_TK_HASHCHECK ticket;
115	0	OBJECT *signObject = HandleToObject(in->keyHandle);
116		//
117		// Input Validation
118	0	if(!IsSigningObject(signObject))
119	0	return TPM_RCS_KEY + RC_Sign_keyHandle;
120		// pick a scheme for sign. If the input sign scheme is not compatible with
121		// the default scheme, return an error.
122	0	if(!CryptSelectSignScheme(signObject, &in->inScheme))
123	0	return TPM_RCS_SCHEME + RC_Sign_inScheme;
124		// If validation is provided, or the key is restricted, check the ticket
125	0	if(in->validation.digest.t.size != 0
126	0	\|\| IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, restricted))
127	0	{
128		// Compute and compare ticket
129	0	TicketComputeHashCheck(in->validation.hierarchy,
130	0	in->inScheme.details.any.hashAlg,
131	0	&in->digest, &ticket);
132	0	if(!MemoryEqual2B(&in->validation.digest.b, &ticket.digest.b))
133	0	return TPM_RCS_TICKET + RC_Sign_validation;
134	0	}
135	0	else
136		// If we don't have a ticket, at least verify that the provided 'digest'
137		// is the size of the scheme hashAlg digest.
138		// NOTE: this does not guarantee that the 'digest' is actually produced using
139		// the indicated hash algorithm, but at least it might be.
140	0	{
141	0	if(in->digest.t.size
142	0	!= CryptHashGetDigestSize(in->inScheme.details.any.hashAlg))
143	0	return TPM_RCS_SIZE + RC_Sign_digest;
144	0	}
145		// Command Output
146		// Sign the hash. A TPM_RC_VALUE or TPM_RC_SCHEME
147		// error may be returned at this point
148	0	result = CryptSign(signObject, &in->inScheme, &in->digest, &out->signature);
149	0	return result;
150	0	}
151		#endif // CC_Sign