tpm2: introduce TPM_CCE_PolicyFidoSigned command

This patch implements TPM_CCE_PolicyFidoSigned command support as in
the design document, http://go/h1-for-fido.
Policy Digest is extended by

SHA256(TPM_CCE_PolicyFidoSigned || authenticatorDataDescr ||
  authenticatorData[authenticatorDataDescr] || signing key name),
  where
  TPM_CCE_PolicyFidoSigned is 0x2008001,
  authenticatorDataDescr is an array of (offset, size) tuples,
  authenticatorData is a signature generated by FIDO security key,
  and signing key name is an object name of the signing key.

The auth parameter shall be the signature for authenticatorData and
nonce only, that is,
  auth = sign(AuthenticatorData || hash(session nonce)).

This patch increases the flash usage by 1020 bytes.

BUG=b:140527213
TEST=ran 'trunks_client --regression_test' with trunks, built from
crrev.com/c/1907759, which adds PolicyFidoSigned test case.

Change-Id: I94ba184d206db6c5301bbe930f47a7486ab0ab80
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/tpm2/+/1892419
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
11 files changed
tree: 4b0eaae00da0418755628097981bf4013f92a3a6
  1. .gitignore
  2. ActivateCredential.c
  3. ActivateCredential_fp.h
  4. AlgorithmCap.c
  5. AlgorithmCap_fp.h
  6. Attest_spt.c
  7. Attest_spt_fp.h
  8. BaseTypes.h
  9. Bits.c
  10. Bits_fp.h
  11. COMMIT-QUEUE.ini
  12. Cancel.c
  13. Capabilities.h
  14. Certify.c
  15. CertifyCreation.c
  16. CertifyCreation_fp.h
  17. Certify_fp.h
  18. ChangeEPS.c
  19. ChangeEPS_fp.h
  20. ChangePPS.c
  21. ChangePPS_fp.h
  22. Clear.c
  23. ClearControl.c
  24. ClearControl_fp.h
  25. Clear_fp.h
  26. Clock.c
  27. ClockRateAdjust.c
  28. ClockRateAdjust_fp.h
  29. ClockSet.c
  30. ClockSet_fp.h
  31. CommandAttributeData.c
  32. CommandAudit.c
  33. CommandAudit_fp.h
  34. CommandCodeAttributes.c
  35. CommandCodeAttributes_fp.h
  36. CommandDispatcher.c
  37. CommandDispatcher_fp.h
  38. Commands_fp.h
  39. Commit.c
  40. Commit_fp.h
  41. ContextLoad.c
  42. ContextLoad_fp.h
  43. ContextSave.c
  44. ContextSave_fp.h
  45. Context_spt.c
  46. Context_spt_fp.h
  47. CpriCryptPri.c
  48. CpriCryptPri_fp.h
  49. CpriDataEcc.c
  50. CpriDataEcc.h
  51. CpriECC.c
  52. CpriECC_fp.h
  53. CpriHash.c
  54. CpriHashData.c
  55. CpriHash_fp.h
  56. CpriMisc.c
  57. CpriMisc_fp.h
  58. CpriRNG.c
  59. CpriRNG_fp.h
  60. CpriRSA.c
  61. CpriRSA_fp.h
  62. CpriSym.c
  63. CpriSym_fp.h
  64. Create.c
  65. CreatePrimary.c
  66. CreatePrimary_fp.h
  67. Create_fp.h
  68. CryptSelfTest.c
  69. CryptSelfTest_fp.h
  70. CryptUtil.c
  71. CryptUtil_fp.h
  72. CryptoEngine.h
  73. DA.c
  74. DA_fp.h
  75. DRTM.c
  76. DictionaryAttackLockReset.c
  77. DictionaryAttackLockReset_fp.h
  78. DictionaryAttackParameters.c
  79. DictionaryAttackParameters_fp.h
  80. Duplicate.c
  81. Duplicate_fp.h
  82. ECC_Parameters.c
  83. ECC_Parameters_fp.h
  84. ECDH_KeyGen.c
  85. ECDH_KeyGen_fp.h
  86. ECDH_ZGen.c
  87. ECDH_ZGen_fp.h
  88. EC_Ephemeral.c
  89. EC_Ephemeral_fp.h
  90. EncryptDecrypt.c
  91. EncryptDecrypt_fp.h
  92. Entity.c
  93. Entity_fp.h
  94. Entropy.c
  95. EventSequenceComplete.c
  96. EventSequenceComplete_fp.h
  97. EvictControl.c
  98. EvictControl_fp.h
  99. ExecCommand.c
  100. ExecCommand_fp.h
  101. FieldUpgradeData.c
  102. FieldUpgradeData_fp.h
  103. FieldUpgradeStart.c
  104. FieldUpgradeStart_fp.h
  105. FirmwareRead.c
  106. FirmwareRead_fp.h
  107. FlushContext.c
  108. FlushContext_fp.h
  109. GetCapability.c
  110. GetCapability_fp.h
  111. GetCommandAuditDigest.c
  112. GetCommandAuditDigest_fp.h
  113. GetCommandCodeString.c
  114. GetCommandCodeString_fp.h
  115. GetRandom.c
  116. GetRandom_fp.h
  117. GetSessionAuditDigest.c
  118. GetSessionAuditDigest_fp.h
  119. GetTestResult.c
  120. GetTestResult_fp.h
  121. GetTime.c
  122. GetTime_fp.h
  123. Global.c
  124. Global.h
  125. HMAC.c
  126. HMAC_Start.c
  127. HMAC_Start_fp.h
  128. HMAC_fp.h
  129. Handle.c
  130. HandleProcess.c
  131. HandleProcess_fp.h
  132. Handle_fp.h
  133. Hash.c
  134. HashSequenceStart.c
  135. HashSequenceStart_fp.h
  136. Hash_fp.h
  137. Hierarchy.c
  138. HierarchyChangeAuth.c
  139. HierarchyChangeAuth_fp.h
  140. HierarchyControl.c
  141. HierarchyControl_fp.h
  142. Hierarchy_fp.h
  143. Implementation.h
  144. Import.c
  145. Import_fp.h
  146. IncrementalSelfTest.c
  147. IncrementalSelfTest_fp.h
  148. InternalRoutines.h
  149. LICENSE
  150. Load.c
  151. LoadExternal.c
  152. LoadExternal_fp.h
  153. Load_fp.h
  154. Locality.c
  155. LocalityPlat.c
  156. Locality_fp.h
  157. MakeCredential.c
  158. MakeCredential_fp.h
  159. Makefile
  160. Manufacture.c
  161. Manufacture_fp.h
  162. Marshal_ActivateCredential.c
  163. Marshal_Certify.c
  164. Marshal_CertifyCreation.c
  165. Marshal_ChangeEPS.c
  166. Marshal_ChangePPS.c
  167. Marshal_Clear.c
  168. Marshal_ClearControl.c
  169. Marshal_ClockRateAdjust.c
  170. Marshal_ClockSet.c
  171. Marshal_Commit.c
  172. Marshal_ContextLoad.c
  173. Marshal_ContextSave.c
  174. Marshal_Create.c
  175. Marshal_CreatePrimary.c
  176. Marshal_DictionaryAttackLockReset.c
  177. Marshal_DictionaryAttackParameters.c
  178. Marshal_Duplicate.c
  179. Marshal_ECC_Parameters.c
  180. Marshal_ECDH_KeyGen.c
  181. Marshal_ECDH_ZGen.c
  182. Marshal_EC_Ephemeral.c
  183. Marshal_EncryptDecrypt.c
  184. Marshal_EventSequenceComplete.c
  185. Marshal_EvictControl.c
  186. Marshal_FieldUpgradeData.c
  187. Marshal_FieldUpgradeStart.c
  188. Marshal_FirmwareRead.c
  189. Marshal_FlushContext.c
  190. Marshal_GetCapability.c
  191. Marshal_GetCommandAuditDigest.c
  192. Marshal_GetRandom.c
  193. Marshal_GetSessionAuditDigest.c
  194. Marshal_GetTestResult.c
  195. Marshal_GetTime.c
  196. Marshal_HMAC.c
  197. Marshal_HMAC_Start.c
  198. Marshal_Hash.c
  199. Marshal_HashSequenceStart.c
  200. Marshal_HierarchyChangeAuth.c
  201. Marshal_HierarchyControl.c
  202. Marshal_Import.c
  203. Marshal_IncrementalSelfTest.c
  204. Marshal_Load.c
  205. Marshal_LoadExternal.c
  206. Marshal_MakeCredential.c
  207. Marshal_NV_Certify.c
  208. Marshal_NV_ChangeAuth.c
  209. Marshal_NV_DefineSpace.c
  210. Marshal_NV_Extend.c
  211. Marshal_NV_GlobalWriteLock.c
  212. Marshal_NV_Increment.c
  213. Marshal_NV_Read.c
  214. Marshal_NV_ReadLock.c
  215. Marshal_NV_ReadPublic.c
  216. Marshal_NV_SetBits.c
  217. Marshal_NV_UndefineSpace.c
  218. Marshal_NV_UndefineSpaceSpecial.c
  219. Marshal_NV_Write.c
  220. Marshal_NV_WriteLock.c
  221. Marshal_ObjectChangeAuth.c
  222. Marshal_PCR_Allocate.c
  223. Marshal_PCR_Event.c
  224. Marshal_PCR_Extend.c
  225. Marshal_PCR_Read.c
  226. Marshal_PCR_Reset.c
  227. Marshal_PCR_SetAuthPolicy.c
  228. Marshal_PCR_SetAuthValue.c
  229. Marshal_PP_Commands.c
  230. Marshal_PolicyAuthValue.c
  231. Marshal_PolicyAuthorize.c
  232. Marshal_PolicyCommandCode.c
  233. Marshal_PolicyCounterTimer.c
  234. Marshal_PolicyCpHash.c
  235. Marshal_PolicyDuplicationSelect.c
  236. Marshal_PolicyFidoSigned.c
  237. Marshal_PolicyGetDigest.c
  238. Marshal_PolicyLocality.c
  239. Marshal_PolicyNV.c
  240. Marshal_PolicyNameHash.c
  241. Marshal_PolicyNvWritten.c
  242. Marshal_PolicyOR.c
  243. Marshal_PolicyPCR.c
  244. Marshal_PolicyPassword.c
  245. Marshal_PolicyPhysicalPresence.c
  246. Marshal_PolicyRestart.c
  247. Marshal_PolicySecret.c
  248. Marshal_PolicySigned.c
  249. Marshal_PolicyTicket.c
  250. Marshal_Quote.c
  251. Marshal_RSA_Decrypt.c
  252. Marshal_RSA_Encrypt.c
  253. Marshal_ReadClock.c
  254. Marshal_ReadPublic.c
  255. Marshal_Rewrap.c
  256. Marshal_SelfTest.c
  257. Marshal_SequenceComplete.c
  258. Marshal_SequenceUpdate.c
  259. Marshal_SetAlgorithmSet.c
  260. Marshal_SetCommandCodeAuditStatus.c
  261. Marshal_SetPrimaryPolicy.c
  262. Marshal_Shutdown.c
  263. Marshal_Sign.c
  264. Marshal_StartAuthSession.c
  265. Marshal_Startup.c
  266. Marshal_StirRandom.c
  267. Marshal_TestParms.c
  268. Marshal_Unseal.c
  269. Marshal_VerifySignature.c
  270. Marshal_ZGen_2Phase.c
  271. MathFunctions.c
  272. MathFunctions_fp.h
  273. MemoryLib.c
  274. MemoryLib_fp.h
  275. NV.c
  276. NVMem.c
  277. NV_Certify.c
  278. NV_Certify_fp.h
  279. NV_ChangeAuth.c
  280. NV_ChangeAuth_fp.h
  281. NV_DefineSpace.c
  282. NV_DefineSpace_fp.h
  283. NV_Extend.c
  284. NV_Extend_fp.h
  285. NV_GlobalWriteLock.c
  286. NV_GlobalWriteLock_fp.h
  287. NV_Increment.c
  288. NV_Increment_fp.h
  289. NV_Read.c
  290. NV_ReadLock.c
  291. NV_ReadLock_fp.h
  292. NV_ReadPublic.c
  293. NV_ReadPublic_fp.h
  294. NV_Read_fp.h
  295. NV_SetBits.c
  296. NV_SetBits_fp.h
  297. NV_UndefineSpace.c
  298. NV_UndefineSpaceSpecial.c
  299. NV_UndefineSpaceSpecial_fp.h
  300. NV_UndefineSpace_fp.h
  301. NV_Write.c
  302. NV_WriteLock.c
  303. NV_WriteLock_fp.h
  304. NV_Write_fp.h
  305. NV_fp.h
  306. NV_spt.c
  307. NV_spt_fp.h
  308. OWNERS
  309. Object.c
  310. ObjectChangeAuth.c
  311. ObjectChangeAuth_fp.h
  312. Object_fp.h
  313. Object_spt.c
  314. Object_spt_fp.h
  315. OsslCryptoEngine.h
  316. PCR.c
  317. PCR_Allocate.c
  318. PCR_Allocate_fp.h
  319. PCR_Event.c
  320. PCR_Event_fp.h
  321. PCR_Extend.c
  322. PCR_Extend_fp.h
  323. PCR_Read.c
  324. PCR_Read_fp.h
  325. PCR_Reset.c
  326. PCR_Reset_fp.h
  327. PCR_SetAuthPolicy.c
  328. PCR_SetAuthPolicy_fp.h
  329. PCR_SetAuthValue.c
  330. PCR_SetAuthValue_fp.h
  331. PCR_fp.h
  332. PP.c
  333. PPPlat.c
  334. PP_Commands.c
  335. PP_Commands_fp.h
  336. PP_fp.h
  337. PRESUBMIT.cfg
  338. Platform.h
  339. PlatformData.c
  340. PlatformData.h
  341. PolicyAuthValue.c
  342. PolicyAuthValue_fp.h
  343. PolicyAuthorize.c
  344. PolicyAuthorize_fp.h
  345. PolicyCommandCode.c
  346. PolicyCommandCode_fp.h
  347. PolicyCounterTimer.c
  348. PolicyCounterTimer_fp.h
  349. PolicyCpHash.c
  350. PolicyCpHash_fp.h
  351. PolicyDuplicationSelect.c
  352. PolicyDuplicationSelect_fp.h
  353. PolicyFidoSigned.c
  354. PolicyFidoSigned_fp.h
  355. PolicyGetDigest.c
  356. PolicyGetDigest_fp.h
  357. PolicyLocality.c
  358. PolicyLocality_fp.h
  359. PolicyNV.c
  360. PolicyNV_fp.h
  361. PolicyNameHash.c
  362. PolicyNameHash_fp.h
  363. PolicyNvWritten.c
  364. PolicyNvWritten_fp.h
  365. PolicyOR.c
  366. PolicyOR_fp.h
  367. PolicyPCR.c
  368. PolicyPCR_fp.h
  369. PolicyPassword.c
  370. PolicyPassword_fp.h
  371. PolicyPhysicalPresence.c
  372. PolicyPhysicalPresence_fp.h
  373. PolicyRestart.c
  374. PolicyRestart_fp.h
  375. PolicySecret.c
  376. PolicySecret_fp.h
  377. PolicySigned.c
  378. PolicySigned_fp.h
  379. PolicyTicket.c
  380. PolicyTicket_fp.h
  381. Policy_spt.c
  382. Policy_spt_fp.h
  383. Power.c
  384. PowerPlat.c
  385. Power_fp.h
  386. PropertyCap.c
  387. PropertyCap_fp.h
  388. Quote.c
  389. Quote_fp.h
  390. README
  391. RSAData.c
  392. RSAKeySieve.c
  393. RSAKeySieve.h
  394. RSAKeySieve_fp.h
  395. RSA_Decrypt.c
  396. RSA_Decrypt_fp.h
  397. RSA_Encrypt.c
  398. RSA_Encrypt_fp.h
  399. ReadClock.c
  400. ReadClock_fp.h
  401. ReadPublic.c
  402. ReadPublic_fp.h
  403. Rewrap.c
  404. Rewrap_fp.h
  405. SelfTest.c
  406. SelfTest_fp.h
  407. SequenceComplete.c
  408. SequenceComplete_fp.h
  409. SequenceUpdate.c
  410. SequenceUpdate_fp.h
  411. Session.c
  412. SessionProcess.c
  413. SessionProcess_fp.h
  414. Session_fp.h
  415. SetAlgorithmSet.c
  416. SetAlgorithmSet_fp.h
  417. SetCommandCodeAuditStatus.c
  418. SetCommandCodeAuditStatus_fp.h
  419. SetPrimaryPolicy.c
  420. SetPrimaryPolicy_fp.h
  421. Shutdown.c
  422. Shutdown_fp.h
  423. Sign.c
  424. Sign_fp.h
  425. StartAuthSession.c
  426. StartAuthSession_fp.h
  427. Startup.c
  428. Startup_fp.h
  429. StirRandom.c
  430. StirRandom_fp.h
  431. TPMB.h
  432. TPMCmdp.c
  433. TPMCmds.c
  434. TPM_Types.h
  435. TcpServer.c
  436. TestParms.c
  437. TestParms_fp.h
  438. Ticket.c
  439. Ticket_fp.h
  440. Time.c
  441. Time_fp.h
  442. Tpm.h
  443. TpmBuildSwitches.h
  444. TpmError.h
  445. TpmFail.c
  446. TpmFail_fp.h
  447. TpmTcpProtocol.h
  448. Unique.c
  449. Unique_fp.h
  450. Unseal.c
  451. Unseal_fp.h
  452. VendorString.h
  453. VerifySignature.c
  454. VerifySignature_fp.h
  455. ZGen_2Phase.c
  456. ZGen_2Phase_fp.h
  457. _TPM_Hash_Data.c
  458. _TPM_Hash_Data_fp.h
  459. _TPM_Hash_End.c
  460. _TPM_Hash_End_fp.h
  461. _TPM_Hash_Start.c
  462. _TPM_Hash_Start_fp.h
  463. _TPM_Init.c
  464. _TPM_Init_fp.h
  465. bits.h
  466. bool.h
  467. fuzz/
  468. generator/
  469. libtpm2.pc.in
  470. marshal_fp.h
  471. marshal_test.c
  472. parsep3
  473. parsep4
  474. stubs_ecc.c
  475. stubs_hash.c
  476. stubs_sym.c
  477. swap.h
  478. thirdparty_preinstall.sh
  479. tpm_generated.c
  480. tpm_generated.h
  481. tpm_types.h