| commit | f4428141132ec85eb255a819fc5bdaea2303f6af | [log] [tgz] |
|---|---|---|
| author | Namyoon Woo <namyoon@chromium.org> | Wed Oct 30 19:02:58 2019 -0700 |
| committer | Commit Bot <commit-bot@chromium.org> | Sat Dec 07 06:25:19 2019 +0000 |
| tree | 4b0eaae00da0418755628097981bf4013f92a3a6 | |
| parent | 65994903e1952a74a93485e11edfec97d556d076 [diff] |
tpm2: introduce TPM_CCE_PolicyFidoSigned command This patch implements TPM_CCE_PolicyFidoSigned command support as in the design document, http://go/h1-for-fido. Policy Digest is extended by SHA256(TPM_CCE_PolicyFidoSigned || authenticatorDataDescr || authenticatorData[authenticatorDataDescr] || signing key name), where TPM_CCE_PolicyFidoSigned is 0x2008001, authenticatorDataDescr is an array of (offset, size) tuples, authenticatorData is a signature generated by FIDO security key, and signing key name is an object name of the signing key. The auth parameter shall be the signature for authenticatorData and nonce only, that is, auth = sign(AuthenticatorData || hash(session nonce)). This patch increases the flash usage by 1020 bytes. BUG=b:140527213 TEST=ran 'trunks_client --regression_test' with trunks, built from crrev.com/c/1907759, which adds PolicyFidoSigned test case. Change-Id: I94ba184d206db6c5301bbe930f47a7486ab0ab80 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/tpm2/+/1892419 Tested-by: Namyoon Woo <namyoon@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Namyoon Woo <namyoon@chromium.org>