1 /*############################################################################
2 # Copyright 2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #     http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16 /// Tpm2Commit implementation.
17 /*! \file */
18 
19 #include "epid/member/tpm2/commit.h"
20 #include <tss2/TPM_Types.h>
21 #include <tss2/tss.h>
22 #include "epid/common/math/ecgroup.h"
23 #include "epid/common/src/epid2params.h"
24 #include "epid/common/src/memory.h"
25 #include "epid/member/tpm2/ibm_tss/conversion.h"
26 #include "epid/member/tpm2/ibm_tss/printtss.h"
27 #include "epid/member/tpm2/ibm_tss/state.h"
28 
29 /// Handle Intel(R) EPID Error with Break
30 #define BREAK_ON_EPID_ERROR(ret) \
31   if (kEpidNoErr != (ret)) {     \
32     break;                       \
33   }
34 
35 /// Bit 7 binary mask
36 #define BIT7 0x080
37 /// Binary 00011111
38 #define BITS0500 0x3f
39 
Tpm2Commit(Tpm2Ctx * ctx,EcPoint const * p1,void const * s2,size_t s2_len,FfElement const * y2,EcPoint * k,EcPoint * l,EcPoint * e,uint16_t * counter)40 EpidStatus Tpm2Commit(Tpm2Ctx* ctx, EcPoint const* p1, void const* s2,
41                       size_t s2_len, FfElement const* y2, EcPoint* k,
42                       EcPoint* l, EcPoint* e, uint16_t* counter) {
43   EpidStatus sts = kEpidErr;
44   TPM_RC rc = TPM_RC_SUCCESS;
45 
46   if (!ctx || !ctx->epid2_params || !ctx->key_handle) {
47     return kEpidBadArgErr;
48   }
49 
50   if (s2 && s2_len <= 0) {
51     return kEpidBadArgErr;
52   }
53 
54   if ((!s2 && y2) || (s2 && !y2)) {
55     return kEpidBadArgErr;
56   }
57 
58   if (s2 && (!k || !l)) {
59     return kEpidBadArgErr;
60   }
61 
62   if (!e || !counter) {
63     return kEpidBadArgErr;
64   }
65 
66   if (s2_len > UINT16_MAX) {
67     return kEpidBadArgErr;
68   }
69 
70   do {
71     FiniteField* Fq = ctx->epid2_params->Fq;
72     EcGroup* G1 = ctx->epid2_params->G1;
73     Commit_In in = {0};
74     Commit_Out out;
75     TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW;
76     unsigned int sessionAttributes0 = 0;
77 
78     in.signHandle = ctx->key_handle;
79     if (p1) {
80       G1ElemStr p1_str = {0};
81       sts = WriteEcPoint(G1, p1, &p1_str, sizeof(p1_str));
82       BREAK_ON_EPID_ERROR(sts);
83       sts = ReadTpm2EcPoint(&p1_str, &in.P1);
84       BREAK_ON_EPID_ERROR(sts);
85     }
86     if (s2) {
87       FqElemStr y2_str = {0};
88       sts = WriteFfElement(Fq, y2, &y2_str, sizeof(y2_str));
89       BREAK_ON_EPID_ERROR(sts);
90       sts = ReadTpm2FfElement(&y2_str.data, &in.y2);
91       BREAK_ON_EPID_ERROR(sts);
92       in.s2.t.size = (UINT16)s2_len;
93       if (0 != memcpy_S(&in.s2.t.buffer, sizeof(in.s2.t.buffer), s2, s2_len)) {
94         sts = kEpidBadArgErr;
95         break;
96       }
97     }
98     rc = TSS_Execute(ctx->tss, (RESPONSE_PARAMETERS*)&out,
99                      (COMMAND_PARAMETERS*)&in, NULL, TPM_CC_Commit,
100                      sessionHandle0, NULL, sessionAttributes0, TPM_RH_NULL,
101                      NULL, 0);
102     if (rc != TPM_RC_SUCCESS) {
103       print_tpm2_response_code("TPM2_Commit", rc);
104       // workaround based on Table 2:15 to filter response code format defining
105       // handle, session, or parameter number modifier if bit 7 is 1 error is
106       // RC_FMT1
107       if ((rc & BIT7) != 0) {
108         rc = rc & (BITS0500 | RC_FMT1);
109         if (TPM_RC_ATTRIBUTES == rc || TPM_RC_ECC_POINT == rc ||
110             TPM_RC_HASH == rc || TPM_RC_KEY == rc || TPM_RC_SCHEME == rc ||
111             TPM_RC_SIZE == rc)
112           sts = kEpidBadArgErr;
113         else
114           sts = kEpidErr;
115       } else {
116         if (TPM_RC_NO_RESULT == rc)
117           sts = kEpidBadArgErr;
118         else
119           sts = kEpidErr;
120       }
121       break;
122     }
123     if (out.E.size > 0) {
124       G1ElemStr e_str = {0};
125       sts = WriteTpm2EcPoint(&out.E, &e_str);
126       BREAK_ON_EPID_ERROR(sts);
127       sts = ReadEcPoint(G1, &e_str, sizeof(e_str), e);
128       BREAK_ON_EPID_ERROR(sts);
129     }
130     if (out.K.size > 0 && k) {
131       G1ElemStr k_str = {0};
132       sts = WriteTpm2EcPoint(&out.K, &k_str);
133       BREAK_ON_EPID_ERROR(sts);
134       sts = ReadEcPoint(G1, &k_str, sizeof(k_str), k);
135       BREAK_ON_EPID_ERROR(sts);
136     }
137     if (out.L.size > 0 && l) {
138       G1ElemStr l_str = {0};
139       sts = WriteTpm2EcPoint(&out.L, &l_str);
140       BREAK_ON_EPID_ERROR(sts);
141       sts = ReadEcPoint(G1, &l_str, sizeof(l_str), l);
142       BREAK_ON_EPID_ERROR(sts);
143     }
144     *counter = out.counter;
145   } while (0);
146   return sts;
147 }
148