1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 ******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include "tss2_mu.h"
12 #include "tss2_sys.h"
13 #include "tss2_esys.h"
14
15 #include "esys_types.h"
16 #include "esys_iutil.h"
17 #include "esys_mu.h"
18 #define LOGMODULE esys
19 #include "util/log.h"
20 #include "util/aux_util.h"
21
22 /** One-Call function for TPM2_ActivateCredential
23 *
24 * This function invokes the TPM2_ActivateCredential command in a one-call
25 * variant. This means the function will block until the TPM response is
26 * available. All input parameters are const. The memory for non-simple output
27 * parameters is allocated by the function implementation.
28 *
29 * @param[in,out] esysContext The ESYS_CONTEXT.
30 * @param[in] activateHandle Handle of the object associated with certificate
31 * in credentialBlob.
32 * @param[in] keyHandle Loaded key used to decrypt the TPMS_SENSITIVE in
33 * credentialBlob.
34 * @param[in] shandle1 Session handle for authorization of activateHandle
35 * @param[in] shandle2 Session handle for authorization of keyHandle
36 * @param[in] shandle3 Third session handle.
37 * @param[in] credentialBlob The credential.
38 * @param[in] secret KeyHandle algorithm-dependent encrypted seed that
39 * protects credentialBlob.
40 * @param[out] certInfo The decrypted certificate information.
41 * (callee-allocated)
42 * @retval TSS2_RC_SUCCESS if the function call was a success.
43 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
44 * pointers or required output handle references are NULL.
45 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
46 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
47 * internal operations or return parameters.
48 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
49 * operation already pending.
50 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
51 * at least contain the tag, response length, and response code.
52 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
53 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM
54 did not verify.
55 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
56 * the 'decrypt' attribute bit set.
57 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
58 * the 'encrypt' attribute bit set.
59 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
60 * to the ESYS_CONTEXT or are of the wrong type or if required
61 * ESYS_TR objects are ESYS_TR_NONE.
62 * @retval TSS2_RCs produced by lower layers of the software stack may be
63 * returned to the caller unaltered unless handled internally.
64 */
65 TSS2_RC
Esys_ActivateCredential(ESYS_CONTEXT * esysContext,ESYS_TR activateHandle,ESYS_TR keyHandle,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,const TPM2B_ID_OBJECT * credentialBlob,const TPM2B_ENCRYPTED_SECRET * secret,TPM2B_DIGEST ** certInfo)66 Esys_ActivateCredential(
67 ESYS_CONTEXT *esysContext,
68 ESYS_TR activateHandle,
69 ESYS_TR keyHandle,
70 ESYS_TR shandle1,
71 ESYS_TR shandle2,
72 ESYS_TR shandle3,
73 const TPM2B_ID_OBJECT *credentialBlob,
74 const TPM2B_ENCRYPTED_SECRET *secret,
75 TPM2B_DIGEST **certInfo)
76 {
77 TSS2_RC r;
78
79 r = Esys_ActivateCredential_Async(esysContext, activateHandle, keyHandle,
80 shandle1, shandle2, shandle3,
81 credentialBlob, secret);
82 return_if_error(r, "Error in async function");
83
84 /* Set the timeout to indefinite for now, since we want _Finish to block */
85 int32_t timeouttmp = esysContext->timeout;
86 esysContext->timeout = -1;
87 /*
88 * Now we call the finish function, until return code is not equal to
89 * from TSS2_BASE_RC_TRY_AGAIN.
90 * Note that the finish function may return TSS2_RC_TRY_AGAIN, even if we
91 * have set the timeout to -1. This occurs for example if the TPM requests
92 * a retransmission of the command via TPM2_RC_YIELDED.
93 */
94 do {
95 r = Esys_ActivateCredential_Finish(esysContext, certInfo);
96 /* This is just debug information about the reattempt to finish the
97 command */
98 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN)
99 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32
100 " => resubmitting command", r);
101 } while ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN);
102
103 /* Restore the timeout value to the original value */
104 esysContext->timeout = timeouttmp;
105 return_if_error(r, "Esys Finish");
106
107 return TSS2_RC_SUCCESS;
108 }
109
110 /** Asynchronous function for TPM2_ActivateCredential
111 *
112 * This function invokes the TPM2_ActivateCredential command in a asynchronous
113 * variant. This means the function will return as soon as the command has been
114 * sent downwards the stack to the TPM. All input parameters are const.
115 * In order to retrieve the TPM's response call Esys_ActivateCredential_Finish.
116 *
117 * @param[in,out] esysContext The ESYS_CONTEXT.
118 * @param[in] activateHandle Handle of the object associated with certificate
119 * in credentialBlob.
120 * @param[in] keyHandle Loaded key used to decrypt the TPMS_SENSITIVE in
121 * credentialBlob.
122 * @param[in] shandle1 Session handle for authorization of activateHandle
123 * @param[in] shandle2 Session handle for authorization of keyHandle
124 * @param[in] shandle3 Third session handle.
125 * @param[in] credentialBlob The credential.
126 * @param[in] secret KeyHandle algorithm-dependent encrypted seed that
127 * protects credentialBlob.
128 * @retval ESYS_RC_SUCCESS if the function call was a success.
129 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
130 * pointers or required output handle references are NULL.
131 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
132 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
133 * internal operations or return parameters.
134 * @retval TSS2_RCs produced by lower layers of the software stack may be
135 returned to the caller unaltered unless handled internally.
136 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
137 * the 'decrypt' attribute bit set.
138 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
139 * the 'encrypt' attribute bit set.
140 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
141 * to the ESYS_CONTEXT or are of the wrong type or if required
142 * ESYS_TR objects are ESYS_TR_NONE.
143 */
144 TSS2_RC
Esys_ActivateCredential_Async(ESYS_CONTEXT * esysContext,ESYS_TR activateHandle,ESYS_TR keyHandle,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,const TPM2B_ID_OBJECT * credentialBlob,const TPM2B_ENCRYPTED_SECRET * secret)145 Esys_ActivateCredential_Async(
146 ESYS_CONTEXT *esysContext,
147 ESYS_TR activateHandle,
148 ESYS_TR keyHandle,
149 ESYS_TR shandle1,
150 ESYS_TR shandle2,
151 ESYS_TR shandle3,
152 const TPM2B_ID_OBJECT *credentialBlob,
153 const TPM2B_ENCRYPTED_SECRET *secret)
154 {
155 TSS2_RC r;
156 LOG_TRACE("context=%p, activateHandle=%"PRIx32 ", keyHandle=%"PRIx32 ","
157 "credentialBlob=%p, secret=%p",
158 esysContext, activateHandle, keyHandle, credentialBlob, secret);
159 TSS2L_SYS_AUTH_COMMAND auths;
160 RSRC_NODE_T *activateHandleNode;
161 RSRC_NODE_T *keyHandleNode;
162
163 /* Check context, sequence correctness and set state to error for now */
164 if (esysContext == NULL) {
165 LOG_ERROR("esyscontext is NULL.");
166 return TSS2_ESYS_RC_BAD_REFERENCE;
167 }
168 r = iesys_check_sequence_async(esysContext);
169 if (r != TSS2_RC_SUCCESS)
170 return r;
171 esysContext->state = _ESYS_STATE_INTERNALERROR;
172
173 /* Check input parameters */
174 r = check_session_feasibility(shandle1, shandle2, shandle3, 1);
175 return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage");
176
177 /* Retrieve the metadata objects for provided handles */
178 r = esys_GetResourceObject(esysContext, activateHandle, &activateHandleNode);
179 return_state_if_error(r, _ESYS_STATE_INIT, "activateHandle unknown.");
180 r = esys_GetResourceObject(esysContext, keyHandle, &keyHandleNode);
181 return_state_if_error(r, _ESYS_STATE_INIT, "keyHandle unknown.");
182
183 /* Initial invocation of SAPI to prepare the command buffer with parameters */
184 r = Tss2_Sys_ActivateCredential_Prepare(esysContext->sys,
185 (activateHandleNode == NULL)
186 ? TPM2_RH_NULL
187 : activateHandleNode->rsrc.handle,
188 (keyHandleNode == NULL)
189 ? TPM2_RH_NULL
190 : keyHandleNode->rsrc.handle,
191 credentialBlob, secret);
192 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error.");
193
194 /* Calculate the cpHash Values */
195 r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
196 return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
197 if (activateHandleNode != NULL)
198 iesys_compute_session_value(esysContext->session_tab[0],
199 &activateHandleNode->rsrc.name, &activateHandleNode->auth);
200 else
201 iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
202
203 if (keyHandleNode != NULL)
204 iesys_compute_session_value(esysContext->session_tab[1],
205 &keyHandleNode->rsrc.name, &keyHandleNode->auth);
206 else
207 iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
208 iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
209
210 /* Generate the auth values and set them in the SAPI command buffer */
211 r = iesys_gen_auths(esysContext, activateHandleNode, keyHandleNode, NULL, &auths);
212 return_state_if_error(r, _ESYS_STATE_INIT,
213 "Error in computation of auth values");
214
215 esysContext->authsCount = auths.count;
216 if (auths.count > 0) {
217 r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths);
218 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
219 }
220
221 /* Trigger execution and finish the async invocation */
222 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
223 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
224 "Finish (Execute Async)");
225
226 esysContext->state = _ESYS_STATE_SENT;
227
228 return r;
229 }
230
231 /** Asynchronous finish function for TPM2_ActivateCredential
232 *
233 * This function returns the results of a TPM2_ActivateCredential command
234 * invoked via Esys_ActivateCredential_Finish. All non-simple output parameters
235 * are allocated by the function's implementation. NULL can be passed for every
236 * output parameter if the value is not required.
237 *
238 * @param[in,out] esysContext The ESYS_CONTEXT.
239 * @param[out] certInfo The decrypted certificate information.
240 * (callee-allocated)
241 * @retval TSS2_RC_SUCCESS on success
242 * @retval ESYS_RC_SUCCESS if the function call was a success.
243 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
244 * pointers or required output handle references are NULL.
245 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
246 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
247 * internal operations or return parameters.
248 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
249 * operation already pending.
250 * @retval TSS2_ESYS_RC_TRY_AGAIN: if the timeout counter expires before the
251 * TPM response is received.
252 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
253 * at least contain the tag, response length, and response code.
254 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM did
255 * not verify.
256 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
257 * @retval TSS2_RCs produced by lower layers of the software stack may be
258 * returned to the caller unaltered unless handled internally.
259 */
260 TSS2_RC
Esys_ActivateCredential_Finish(ESYS_CONTEXT * esysContext,TPM2B_DIGEST ** certInfo)261 Esys_ActivateCredential_Finish(
262 ESYS_CONTEXT *esysContext,
263 TPM2B_DIGEST **certInfo)
264 {
265 TSS2_RC r;
266 LOG_TRACE("context=%p, certInfo=%p",
267 esysContext, certInfo);
268
269 if (esysContext == NULL) {
270 LOG_ERROR("esyscontext is NULL.");
271 return TSS2_ESYS_RC_BAD_REFERENCE;
272 }
273
274 /* Check for correct sequence and set sequence to irregular for now */
275 if (esysContext->state != _ESYS_STATE_SENT &&
276 esysContext->state != _ESYS_STATE_RESUBMISSION) {
277 LOG_ERROR("Esys called in bad sequence.");
278 return TSS2_ESYS_RC_BAD_SEQUENCE;
279 }
280 esysContext->state = _ESYS_STATE_INTERNALERROR;
281
282 /* Allocate memory for response parameters */
283 if (certInfo != NULL) {
284 *certInfo = calloc(sizeof(TPM2B_DIGEST), 1);
285 if (*certInfo == NULL) {
286 return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
287 }
288 }
289
290 /*Receive the TPM response and handle resubmissions if necessary. */
291 r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
292 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
293 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
294 esysContext->state = _ESYS_STATE_SENT;
295 goto error_cleanup;
296 }
297 /* This block handle the resubmission of TPM commands given a certain set of
298 * TPM response codes. */
299 if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) {
300 LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a "
301 "resubmission: %" PRIx32, r);
302 if (esysContext->submissionCount++ >= _ESYS_MAX_SUBMISSIONS) {
303 LOG_WARNING("Maximum number of (re)submissions has been reached.");
304 esysContext->state = _ESYS_STATE_INIT;
305 goto error_cleanup;
306 }
307 esysContext->state = _ESYS_STATE_RESUBMISSION;
308 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
309 if (r != TSS2_RC_SUCCESS) {
310 LOG_WARNING("Error attempting to resubmit");
311 /* We do not set esysContext->state here but inherit the most recent
312 * state of the _async function. */
313 goto error_cleanup;
314 }
315 r = TSS2_ESYS_RC_TRY_AGAIN;
316 LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN.");
317 goto error_cleanup;
318 }
319 /* The following is the "regular error" handling. */
320 if (iesys_tpm_error(r)) {
321 LOG_WARNING("Received TPM Error");
322 esysContext->state = _ESYS_STATE_INIT;
323 goto error_cleanup;
324 } else if (r != TSS2_RC_SUCCESS) {
325 LOG_ERROR("Received a non-TPM Error");
326 esysContext->state = _ESYS_STATE_INTERNALERROR;
327 goto error_cleanup;
328 }
329
330 /*
331 * Now the verification of the response (hmac check) and if necessary the
332 * parameter decryption have to be done.
333 */
334 r = iesys_check_response(esysContext);
335 goto_state_if_error(r, _ESYS_STATE_INTERNALERROR, "Error: check response",
336 error_cleanup);
337
338 /*
339 * After the verification of the response we call the complete function
340 * to deliver the result.
341 */
342 r = Tss2_Sys_ActivateCredential_Complete(esysContext->sys,
343 (certInfo != NULL) ? *certInfo
344 : NULL);
345 goto_state_if_error(r, _ESYS_STATE_INTERNALERROR,
346 "Received error from SAPI unmarshaling" ,
347 error_cleanup);
348
349 esysContext->state = _ESYS_STATE_INIT;
350
351 return TSS2_RC_SUCCESS;
352
353 error_cleanup:
354 if (certInfo != NULL)
355 SAFE_FREE(*certInfo);
356
357 return r;
358 }
359