tpm2: introduce TPM_CCE_PolicyFidoSigned command
This patch implements TPM_CCE_PolicyFidoSigned command support as in
the design document, http://go/h1-for-fido.
Policy Digest is extended by
SHA256(TPM_CCE_PolicyFidoSigned || authenticatorDataDescr ||
authenticatorData[authenticatorDataDescr] || signing key name),
where
TPM_CCE_PolicyFidoSigned is 0x2008001,
authenticatorDataDescr is an array of (offset, size) tuples,
authenticatorData is a signature generated by FIDO security key,
and signing key name is an object name of the signing key.
The auth parameter shall be the signature for authenticatorData and
nonce only, that is,
auth = sign(AuthenticatorData || hash(session nonce)).
This patch increases the flash usage by 1020 bytes.
BUG=b:140527213
TEST=ran 'trunks_client --regression_test' with trunks, built from
crrev.com/c/1907759, which adds PolicyFidoSigned test case.
Change-Id: I94ba184d206db6c5301bbe930f47a7486ab0ab80
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/tpm2/+/1892419
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Namyoon Woo <namyoon@chromium.org>
11 files changed