/src/libtpms/src/tpm2/Attest_spt.c

Source
/********************************************************************************/
/*                    */
/*                  */
/*           Written by Ken Goldman       */
/*           IBM Thomas J. Watson Research Center     */
/*            $Id: Attest_spt.c 1490 2019-07-26 21:13:22Z kgoldman $    */
/*                    */
/*  Licenses and Notices              */
/*                    */
/*  1. Copyright Licenses:              */
/*                    */
/*  - Trusted Computing Group (TCG) grants to the user of the source code in  */
/*    this specification (the "Source Code") a worldwide, irrevocable,    */
/*    nonexclusive, royalty free, copyright license to reproduce, create  */
/*    derivative works, distribute, display and perform the Source Code and */
/*    derivative works thereof, and to grant others the rights granted herein.  */
/*                    */
/*  - The TCG grants to the user of the other parts of the specification  */
/*    (other than the Source Code) the rights to reproduce, distribute,   */
/*    display, and perform the specification solely for the purpose of    */
/*    developing products based on such documents.        */
/*                    */
/*  2. Source Code Distribution Conditions:         */
/*                    */
/*  - Redistributions of Source Code must retain the above copyright licenses,  */
/*    this list of conditions and the following disclaimers.      */
/*                    */
/*  - Redistributions in binary form must reproduce the above copyright   */
/*    licenses, this list of conditions and the following disclaimers in the  */
/*    documentation and/or other materials provided with the distribution.  */
/*                    */
/*  3. Disclaimers:               */
/*                    */
/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.   */
/*  Contact TCG Administration (admin@trustedcomputinggroup.org) for    */
/*  information on specification licensing rights available through TCG   */
/*  membership agreements.              */
/*                    */
/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED   */
/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR   */
/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR    */
/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY    */
/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.   */
/*                    */
/*  - Without limitation, TCG and its members and licensors disclaim all  */
/*    liability, including liability for infringement of any proprietary  */
/*    rights, relating to use of information in this specification and to the */
/*    implementation of this specification, and TCG disclaims all liability for */
/*    cost of procurement of substitute goods or services, lost profits, loss   */
/*    of use, loss of data or any incidental, consequential, direct, indirect,  */
/*    or special damages, whether under contract, tort, warranty or otherwise,  */
/*    arising in any way out of use or reliance upon this specification or any  */
/*    information herein.             */
/*                    */
/*  (c) Copyright IBM Corp. and others, 2016 - 2018       */
/*                    */
/********************************************************************************/

//** Includes
#include "Tpm.h"
#include "Attest_spt_fp.h"
#include "Marshal.h"

//** Functions

//***FillInAttestInfo()
// Fill in common fields of TPMS_ATTEST structure.
void FillInAttestInfo(
    TPMI_DH_OBJECT   signHandle,  // IN: handle of signing object
    TPMT_SIG_SCHEME* scheme,      // IN/OUT: scheme to be used for signing
    TPM2B_DATA*      data,        // IN: qualifying data
    TPMS_ATTEST*     attest       // OUT: attest structure
)
{
    OBJECT* signObject = HandleToObject(signHandle);

    // Magic number
    attest->magic = TPM_GENERATED_VALUE;

    if(signObject == NULL)
    {
        // The name for a null handle is TPM_RH_NULL
        // This is defined because UINT32_TO_BYTE_ARRAY does a cast. If the
        // size of the cast is smaller than a constant, the compiler warns
        // about the truncation of a constant value.
        TPM_HANDLE nullHandle          = TPM_RH_NULL;
        attest->qualifiedSigner.t.size = sizeof(TPM_HANDLE);
        UINT32_TO_BYTE_ARRAY(nullHandle, attest->qualifiedSigner.t.name);
    }
    else
    {
        // Certifying object qualified name
        // if the scheme is anonymous, this is an empty buffer
        if(CryptIsSchemeAnonymous(scheme->scheme))
            attest->qualifiedSigner.t.size = 0;
        else
            attest->qualifiedSigner = signObject->qualifiedName;
    }
    // current clock in plain text
    TimeFillInfo(&attest->clockInfo);

    // Firmware version in plain text
    attest->firmwareVersion = ((UINT64)gp.firmwareV1 << (sizeof(UINT32) * 8));
    attest->firmwareVersion += gp.firmwareV2;

    // Check the hierarchy of sign object.  For NULL sign handle, the hierarchy
    // will be TPM_RH_NULL
    if((signObject == NULL)
       || (!signObject->attributes.epsHierarchy
           && !signObject->attributes.ppsHierarchy))
    {
        // For signing key that is not in platform or endorsement hierarchy,
        // obfuscate the reset, restart and firmware version information
        UINT64 obfuscation[2];
        CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG,
                  &gp.shProof.b,
                  OBFUSCATE_STRING,
                  &attest->qualifiedSigner.b,
                  NULL,
                  128,
                  (BYTE*)&obfuscation[0],
                  NULL,
                  FALSE);
        // Obfuscate data
        attest->firmwareVersion += obfuscation[0];
        attest->clockInfo.resetCount += (UINT32)(obfuscation[1] >> 32);
        attest->clockInfo.restartCount += (UINT32)obfuscation[1];
    }
    // External data
    if(CryptIsSchemeAnonymous(scheme->scheme))
        attest->extraData.t.size = 0;
    else
    {
        // If we move the data to the attestation structure, then it is not
        // used in the signing operation except as part of the signed data
        attest->extraData = *data;
        data->t.size      = 0;
    }
}

//***SignAttestInfo()
// Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature
// is returned.
//
//  Return Type: TPM_RC
//      TPM_RC_ATTRIBUTES   'signHandle' references not a signing key
//      TPM_RC_SCHEME       'scheme' is not compatible with 'signHandle' type
//      TPM_RC_VALUE        digest generated for the given 'scheme' is greater than
//                          the modulus of 'signHandle' (for an RSA key);
//                          invalid commit status or failed to generate "r" value
//                          (for an ECC key)
TPM_RC
SignAttestInfo(OBJECT*          signKey,         // IN: sign object
               TPMT_SIG_SCHEME* scheme,          // IN: sign scheme
               TPMS_ATTEST*     certifyInfo,     // IN: the data to be signed
               TPM2B_DATA*      qualifyingData,  // IN: extra data for the signing
                                                 //     process
               TPM2B_ATTEST* attest,             // OUT: marshaled attest blob to be
                                                 //     signed
               TPMT_SIGNATURE* signature         // OUT: signature
)
{
    BYTE*        buffer;
    HASH_STATE   hashState;
    TPM2B_DIGEST digest;
    TPM_RC       result;

    // Marshal TPMS_ATTEST structure for hash
    buffer         = attest->t.attestationData;
    attest->t.size = TPMS_ATTEST_Marshal(certifyInfo, &buffer, NULL);

    if(signKey == NULL)
    {
        signature->sigAlg = TPM_ALG_NULL;
        result            = TPM_RC_SUCCESS;
    }
    else
    {
        TPMI_ALG_HASH hashAlg;
        // Compute hash
        hashAlg = scheme->details.any.hashAlg;
        // need to set the receive buffer to get something put in it
        digest.t.size = sizeof(digest.t.buffer);
        digest.t.size = CryptHashBlock(hashAlg,
                                       attest->t.size,
                                       attest->t.attestationData,
                                       digest.t.size,
                                       digest.t.buffer);
        // If there is qualifying data, need to rehash the data
        // hash(qualifyingData || hash(attestationData))
        if(qualifyingData->t.size != 0)
        {
            CryptHashStart(&hashState, hashAlg);
            CryptDigestUpdate2B(&hashState, &qualifyingData->b);
            CryptDigestUpdate2B(&hashState, &digest.b);
            CryptHashEnd2B(&hashState, &digest.b);
        }
        // Sign the hash. A TPM_RC_VALUE, TPM_RC_SCHEME, or
        // TPM_RC_ATTRIBUTES error may be returned at this point
        result = CryptSign(signKey, scheme, &digest, signature);

        // Since the clock is used in an attestation, the state in NV is no longer
        // "orderly" with respect to the data in RAM if the signature is valid
        if(result == TPM_RC_SUCCESS)
        {
            // Command uses the clock so need to clear the orderly state if it is
            // set.
            result = NvClearOrderly();
        }
    }
    return result;
}

//*** IsSigningObject()
// Checks to see if the object is OK for signing. This is here rather than in
// Object_spt.c because all the attestation commands use this file but not
// Object_spt.c.
//  Return Type: BOOL
//      TRUE(1)         object may sign
//      FALSE(0)        object may not sign
BOOL IsSigningObject(OBJECT* object  // IN:
)
{
    return ((object == NULL)
            || ((IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign)
                 && object->publicArea.type != TPM_ALG_SYMCIPHER)));
}

Coverage Report

Created: 2026-02-11 06:24

Line	Count	Source
1		/********************************************************************************/
2		/* */
3		/* */
4		/* Written by Ken Goldman */
5		/* IBM Thomas J. Watson Research Center */
6		/* $Id: Attest_spt.c 1490 2019-07-26 21:13:22Z kgoldman $ */
7		/* */
8		/* Licenses and Notices */
9		/* */
10		/* 1. Copyright Licenses: */
11		/* */
12		/* - Trusted Computing Group (TCG) grants to the user of the source code in */
13		/* this specification (the "Source Code") a worldwide, irrevocable, */
14		/* nonexclusive, royalty free, copyright license to reproduce, create */
15		/* derivative works, distribute, display and perform the Source Code and */
16		/* derivative works thereof, and to grant others the rights granted herein. */
17		/* */
18		/* - The TCG grants to the user of the other parts of the specification */
19		/* (other than the Source Code) the rights to reproduce, distribute, */
20		/* display, and perform the specification solely for the purpose of */
21		/* developing products based on such documents. */
22		/* */
23		/* 2. Source Code Distribution Conditions: */
24		/* */
25		/* - Redistributions of Source Code must retain the above copyright licenses, */
26		/* this list of conditions and the following disclaimers. */
27		/* */
28		/* - Redistributions in binary form must reproduce the above copyright */
29		/* licenses, this list of conditions and the following disclaimers in the */
30		/* documentation and/or other materials provided with the distribution. */
31		/* */
32		/* 3. Disclaimers: */
33		/* */
34		/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
35		/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
36		/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
37		/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
38		/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
39		/* information on specification licensing rights available through TCG */
40		/* membership agreements. */
41		/* */
42		/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
43		/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
44		/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
45		/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
46		/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
47		/* */
48		/* - Without limitation, TCG and its members and licensors disclaim all */
49		/* liability, including liability for infringement of any proprietary */
50		/* rights, relating to use of information in this specification and to the */
51		/* implementation of this specification, and TCG disclaims all liability for */
52		/* cost of procurement of substitute goods or services, lost profits, loss */
53		/* of use, loss of data or any incidental, consequential, direct, indirect, */
54		/* or special damages, whether under contract, tort, warranty or otherwise, */
55		/* arising in any way out of use or reliance upon this specification or any */
56		/* information herein. */
57		/* */
58		/* (c) Copyright IBM Corp. and others, 2016 - 2018 */
59		/* */
60		/********************************************************************************/
61
62		//** Includes
63		#include "Tpm.h"
64		#include "Attest_spt_fp.h"
65		#include "Marshal.h"
66
67		//** Functions
68
69		//***FillInAttestInfo()
70		// Fill in common fields of TPMS_ATTEST structure.
71		void FillInAttestInfo(
72		TPMI_DH_OBJECT signHandle, // IN: handle of signing object
73		TPMT_SIG_SCHEME* scheme, // IN/OUT: scheme to be used for signing
74		TPM2B_DATA* data, // IN: qualifying data
75		TPMS_ATTEST* attest // OUT: attest structure
76		)
77	1	{
78	1	OBJECT* signObject = HandleToObject(signHandle);
79
80		// Magic number
81	1	attest->magic = TPM_GENERATED_VALUE;
82
83	1	if(signObject == NULL)
84	1	{
85		// The name for a null handle is TPM_RH_NULL
86		// This is defined because UINT32_TO_BYTE_ARRAY does a cast. If the
87		// size of the cast is smaller than a constant, the compiler warns
88		// about the truncation of a constant value.
89	1	TPM_HANDLE nullHandle = TPM_RH_NULL;
90	1	attest->qualifiedSigner.t.size = sizeof(TPM_HANDLE);
91	1	UINT32_TO_BYTE_ARRAY(nullHandle, attest->qualifiedSigner.t.name);
92	1	}
93	0	else
94	0	{
95		// Certifying object qualified name
96		// if the scheme is anonymous, this is an empty buffer
97	0	if(CryptIsSchemeAnonymous(scheme->scheme))
98	0	attest->qualifiedSigner.t.size = 0;
99	0	else
100	0	attest->qualifiedSigner = signObject->qualifiedName;
101	0	}
102		// current clock in plain text
103	1	TimeFillInfo(&attest->clockInfo);
104
105		// Firmware version in plain text
106	1	attest->firmwareVersion = ((UINT64)gp.firmwareV1 << (sizeof(UINT32) * 8));
107	1	attest->firmwareVersion += gp.firmwareV2;
108
109		// Check the hierarchy of sign object. For NULL sign handle, the hierarchy
110		// will be TPM_RH_NULL
111	1	if((signObject == NULL)
112	0	\|\| (!signObject->attributes.epsHierarchy
113	0	&& !signObject->attributes.ppsHierarchy))
114	1	{
115		// For signing key that is not in platform or endorsement hierarchy,
116		// obfuscate the reset, restart and firmware version information
117	1	UINT64 obfuscation[2];
118	1	CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG,
119	1	&gp.shProof.b,
120	1	OBFUSCATE_STRING,
121	1	&attest->qualifiedSigner.b,
122	1	NULL,
123	1	128,
124	1	(BYTE*)&obfuscation[0],
125	1	NULL,
126	1	FALSE);
127		// Obfuscate data
128	1	attest->firmwareVersion += obfuscation[0];
129	1	attest->clockInfo.resetCount += (UINT32)(obfuscation[1] >> 32);
130	1	attest->clockInfo.restartCount += (UINT32)obfuscation[1];
131	1	}
132		// External data
133	1	if(CryptIsSchemeAnonymous(scheme->scheme))
134	0	attest->extraData.t.size = 0;
135	1	else
136	1	{
137		// If we move the data to the attestation structure, then it is not
138		// used in the signing operation except as part of the signed data
139	1	attest->extraData = *data;
140	1	data->t.size = 0;
141	1	}
142	1	}
143
144		//***SignAttestInfo()
145		// Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature
146		// is returned.
147		//
148		// Return Type: TPM_RC
149		// TPM_RC_ATTRIBUTES 'signHandle' references not a signing key
150		// TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type
151		// TPM_RC_VALUE digest generated for the given 'scheme' is greater than
152		// the modulus of 'signHandle' (for an RSA key);
153		// invalid commit status or failed to generate "r" value
154		// (for an ECC key)
155		TPM_RC
156		SignAttestInfo(OBJECT* signKey, // IN: sign object
157		TPMT_SIG_SCHEME* scheme, // IN: sign scheme
158		TPMS_ATTEST* certifyInfo, // IN: the data to be signed
159		TPM2B_DATA* qualifyingData, // IN: extra data for the signing
160		// process
161		TPM2B_ATTEST* attest, // OUT: marshaled attest blob to be
162		// signed
163		TPMT_SIGNATURE* signature // OUT: signature
164		)
165	0	{
166	0	BYTE* buffer;
167	0	HASH_STATE hashState;
168	0	TPM2B_DIGEST digest;
169	0	TPM_RC result;
170
171		// Marshal TPMS_ATTEST structure for hash
172	0	buffer = attest->t.attestationData;
173	0	attest->t.size = TPMS_ATTEST_Marshal(certifyInfo, &buffer, NULL);
174
175	0	if(signKey == NULL)
176	0	{
177	0	signature->sigAlg = TPM_ALG_NULL;
178	0	result = TPM_RC_SUCCESS;
179	0	}
180	0	else
181	0	{
182	0	TPMI_ALG_HASH hashAlg;
183		// Compute hash
184	0	hashAlg = scheme->details.any.hashAlg;
185		// need to set the receive buffer to get something put in it
186	0	digest.t.size = sizeof(digest.t.buffer);
187	0	digest.t.size = CryptHashBlock(hashAlg,
188	0	attest->t.size,
189	0	attest->t.attestationData,
190	0	digest.t.size,
191	0	digest.t.buffer);
192		// If there is qualifying data, need to rehash the data
193		// hash(qualifyingData \|\| hash(attestationData))
194	0	if(qualifyingData->t.size != 0)
195	0	{
196	0	CryptHashStart(&hashState, hashAlg);
197	0	CryptDigestUpdate2B(&hashState, &qualifyingData->b);
198	0	CryptDigestUpdate2B(&hashState, &digest.b);
199	0	CryptHashEnd2B(&hashState, &digest.b);
200	0	}
201		// Sign the hash. A TPM_RC_VALUE, TPM_RC_SCHEME, or
202		// TPM_RC_ATTRIBUTES error may be returned at this point
203	0	result = CryptSign(signKey, scheme, &digest, signature);
204
205		// Since the clock is used in an attestation, the state in NV is no longer
206		// "orderly" with respect to the data in RAM if the signature is valid
207	0	if(result == TPM_RC_SUCCESS)
208	0	{
209		// Command uses the clock so need to clear the orderly state if it is
210		// set.
211	0	result = NvClearOrderly();
212	0	}
213	0	}
214	0	return result;
215	0	}
216
217		//*** IsSigningObject()
218		// Checks to see if the object is OK for signing. This is here rather than in
219		// Object_spt.c because all the attestation commands use this file but not
220		// Object_spt.c.
221		// Return Type: BOOL
222		// TRUE(1) object may sign
223		// FALSE(0) object may not sign
224		BOOL IsSigningObject(OBJECT* object // IN:
225		)
226	1	{
227	1	return ((object == NULL)
228	0	\|\| ((IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign)
229	0	&& object->publicArea.type != TPM_ALG_SYMCIPHER)));
230	1	}