1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 ******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include "tss2_mu.h"
12 #include "tss2_sys.h"
13 #include "tss2_esys.h"
14
15 #include "esys_types.h"
16 #include "esys_iutil.h"
17 #include "esys_mu.h"
18 #define LOGMODULE esys
19 #include "util/log.h"
20 #include "util/aux_util.h"
21
22 /** One-Call function for TPM2_GetSessionAuditDigest
23 *
24 * This function invokes the TPM2_GetSessionAuditDigest command in a one-call
25 * variant. This means the function will block until the TPM response is
26 * available. All input parameters are const. The memory for non-simple output
27 * parameters is allocated by the function implementation.
28 *
29 * @param[in,out] esysContext The ESYS_CONTEXT.
30 * @param[in] privacyAdminHandle TPM2_Handle of the privacy administrator
31 * (TPM2_RH_ENDORSEMENT).
32 * @param[in] signHandle Handle of the signing key.
33 * @param[in] sessionHandle Handle of the audit session.
34 * @param[in] shandle1 Session handle for authorization of privacyAdminHandle
35 * @param[in] shandle2 Session handle for authorization of signHandle
36 * @param[in] shandle3 Third session handle.
37 * @param[in] qualifyingData User-provided qualifying data - may be
38 * zero-length.
39 * @param[in] inScheme TPM2_Signing scheme to use if the scheme for signHandle is
40 * TPM2_ALG_NULL.
41 * @param[out] auditInfo The audit information that was signed.
42 * (callee-allocated)
43 * @param[out] signature The signature over auditInfo.
44 * (callee-allocated)
45 * @retval TSS2_RC_SUCCESS if the function call was a success.
46 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
47 * pointers or required output handle references are NULL.
48 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
49 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
50 * internal operations or return parameters.
51 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
52 * operation already pending.
53 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
54 * at least contain the tag, response length, and response code.
55 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
56 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM
57 did not verify.
58 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
59 * the 'decrypt' attribute bit set.
60 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
61 * the 'encrypt' attribute bit set.
62 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
63 * to the ESYS_CONTEXT or are of the wrong type or if required
64 * ESYS_TR objects are ESYS_TR_NONE.
65 * @retval TSS2_RCs produced by lower layers of the software stack may be
66 * returned to the caller unaltered unless handled internally.
67 */
68 TSS2_RC
Esys_GetSessionAuditDigest(ESYS_CONTEXT * esysContext,ESYS_TR privacyAdminHandle,ESYS_TR signHandle,ESYS_TR sessionHandle,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,const TPM2B_DATA * qualifyingData,const TPMT_SIG_SCHEME * inScheme,TPM2B_ATTEST ** auditInfo,TPMT_SIGNATURE ** signature)69 Esys_GetSessionAuditDigest(
70 ESYS_CONTEXT *esysContext,
71 ESYS_TR privacyAdminHandle,
72 ESYS_TR signHandle,
73 ESYS_TR sessionHandle,
74 ESYS_TR shandle1,
75 ESYS_TR shandle2,
76 ESYS_TR shandle3,
77 const TPM2B_DATA *qualifyingData,
78 const TPMT_SIG_SCHEME *inScheme,
79 TPM2B_ATTEST **auditInfo,
80 TPMT_SIGNATURE **signature)
81 {
82 TSS2_RC r;
83
84 r = Esys_GetSessionAuditDigest_Async(esysContext, privacyAdminHandle,
85 signHandle, sessionHandle, shandle1,
86 shandle2, shandle3, qualifyingData,
87 inScheme);
88 return_if_error(r, "Error in async function");
89
90 /* Set the timeout to indefinite for now, since we want _Finish to block */
91 int32_t timeouttmp = esysContext->timeout;
92 esysContext->timeout = -1;
93 /*
94 * Now we call the finish function, until return code is not equal to
95 * from TSS2_BASE_RC_TRY_AGAIN.
96 * Note that the finish function may return TSS2_RC_TRY_AGAIN, even if we
97 * have set the timeout to -1. This occurs for example if the TPM requests
98 * a retransmission of the command via TPM2_RC_YIELDED.
99 */
100 do {
101 r = Esys_GetSessionAuditDigest_Finish(esysContext, auditInfo,
102 signature);
103 /* This is just debug information about the reattempt to finish the
104 command */
105 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN)
106 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32
107 " => resubmitting command", r);
108 } while ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN);
109
110 /* Restore the timeout value to the original value */
111 esysContext->timeout = timeouttmp;
112 return_if_error(r, "Esys Finish");
113
114 return TSS2_RC_SUCCESS;
115 }
116
117 /** Asynchronous function for TPM2_GetSessionAuditDigest
118 *
119 * This function invokes the TPM2_GetSessionAuditDigest command in a asynchronous
120 * variant. This means the function will return as soon as the command has been
121 * sent downwards the stack to the TPM. All input parameters are const.
122 * In order to retrieve the TPM's response call Esys_GetSessionAuditDigest_Finish.
123 *
124 * @param[in,out] esysContext The ESYS_CONTEXT.
125 * @param[in] privacyAdminHandle TPM2_Handle of the privacy administrator
126 * (TPM2_RH_ENDORSEMENT).
127 * @param[in] signHandle Handle of the signing key.
128 * @param[in] sessionHandle Handle of the audit session.
129 * @param[in] shandle1 Session handle for authorization of privacyAdminHandle
130 * @param[in] shandle2 Session handle for authorization of signHandle
131 * @param[in] shandle3 Third session handle.
132 * @param[in] qualifyingData User-provided qualifying data - may be
133 * zero-length.
134 * @param[in] inScheme TPM2_Signing scheme to use if the scheme for signHandle is
135 * TPM2_ALG_NULL.
136 * @retval ESYS_RC_SUCCESS if the function call was a success.
137 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
138 * pointers or required output handle references are NULL.
139 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
140 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
141 * internal operations or return parameters.
142 * @retval TSS2_RCs produced by lower layers of the software stack may be
143 returned to the caller unaltered unless handled internally.
144 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
145 * the 'decrypt' attribute bit set.
146 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
147 * the 'encrypt' attribute bit set.
148 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
149 * to the ESYS_CONTEXT or are of the wrong type or if required
150 * ESYS_TR objects are ESYS_TR_NONE.
151 */
152 TSS2_RC
Esys_GetSessionAuditDigest_Async(ESYS_CONTEXT * esysContext,ESYS_TR privacyAdminHandle,ESYS_TR signHandle,ESYS_TR sessionHandle,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,const TPM2B_DATA * qualifyingData,const TPMT_SIG_SCHEME * inScheme)153 Esys_GetSessionAuditDigest_Async(
154 ESYS_CONTEXT *esysContext,
155 ESYS_TR privacyAdminHandle,
156 ESYS_TR signHandle,
157 ESYS_TR sessionHandle,
158 ESYS_TR shandle1,
159 ESYS_TR shandle2,
160 ESYS_TR shandle3,
161 const TPM2B_DATA *qualifyingData,
162 const TPMT_SIG_SCHEME *inScheme)
163 {
164 TSS2_RC r;
165 LOG_TRACE("context=%p, privacyAdminHandle=%"PRIx32 ", signHandle=%"PRIx32 ","
166 "sessionHandle=%"PRIx32 ", qualifyingData=%p, inScheme=%p",
167 esysContext, privacyAdminHandle, signHandle, sessionHandle, qualifyingData,
168 inScheme);
169 TSS2L_SYS_AUTH_COMMAND auths;
170 RSRC_NODE_T *privacyAdminHandleNode;
171 RSRC_NODE_T *signHandleNode;
172 RSRC_NODE_T *sessionHandleNode;
173
174 /* Check context, sequence correctness and set state to error for now */
175 if (esysContext == NULL) {
176 LOG_ERROR("esyscontext is NULL.");
177 return TSS2_ESYS_RC_BAD_REFERENCE;
178 }
179 r = iesys_check_sequence_async(esysContext);
180 if (r != TSS2_RC_SUCCESS)
181 return r;
182 esysContext->state = _ESYS_STATE_INTERNALERROR;
183
184 /* Check input parameters */
185 r = check_session_feasibility(shandle1, shandle2, shandle3, 1);
186 return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage");
187
188 /* Retrieve the metadata objects for provided handles */
189 r = esys_GetResourceObject(esysContext, privacyAdminHandle, &privacyAdminHandleNode);
190 return_state_if_error(r, _ESYS_STATE_INIT, "privacyAdminHandle unknown.");
191 r = esys_GetResourceObject(esysContext, signHandle, &signHandleNode);
192 return_state_if_error(r, _ESYS_STATE_INIT, "signHandle unknown.");
193 r = esys_GetResourceObject(esysContext, sessionHandle, &sessionHandleNode);
194 return_state_if_error(r, _ESYS_STATE_INIT, "sessionHandle unknown.");
195
196 /* Initial invocation of SAPI to prepare the command buffer with parameters */
197 r = Tss2_Sys_GetSessionAuditDigest_Prepare(esysContext->sys,
198 (privacyAdminHandleNode == NULL)
199 ? TPM2_RH_NULL
200 : privacyAdminHandleNode->rsrc.handle,
201 (signHandleNode == NULL)
202 ? TPM2_RH_NULL
203 : signHandleNode->rsrc.handle,
204 (sessionHandleNode == NULL)
205 ? TPM2_RH_NULL
206 : sessionHandleNode->rsrc.handle,
207 qualifyingData, inScheme);
208 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error.");
209
210 /* Calculate the cpHash Values */
211 r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
212 return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
213 if (privacyAdminHandleNode != NULL)
214 iesys_compute_session_value(esysContext->session_tab[0],
215 &privacyAdminHandleNode->rsrc.name, &privacyAdminHandleNode->auth);
216 else
217 iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
218
219 iesys_compute_session_value(esysContext->session_tab[1],
220 &signHandleNode->rsrc.name, &signHandleNode->auth);
221 iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
222
223 /* Generate the auth values and set them in the SAPI command buffer */
224 r = iesys_gen_auths(esysContext, privacyAdminHandleNode, signHandleNode, sessionHandleNode, &auths);
225 return_state_if_error(r, _ESYS_STATE_INIT,
226 "Error in computation of auth values");
227
228 esysContext->authsCount = auths.count;
229 if (auths.count > 0) {
230 r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths);
231 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
232 }
233
234 /* Trigger execution and finish the async invocation */
235 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
236 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
237 "Finish (Execute Async)");
238
239 esysContext->state = _ESYS_STATE_SENT;
240
241 return r;
242 }
243
244 /** Asynchronous finish function for TPM2_GetSessionAuditDigest
245 *
246 * This function returns the results of a TPM2_GetSessionAuditDigest command
247 * invoked via Esys_GetSessionAuditDigest_Finish. All non-simple output parameters
248 * are allocated by the function's implementation. NULL can be passed for every
249 * output parameter if the value is not required.
250 *
251 * @param[in,out] esysContext The ESYS_CONTEXT.
252 * @param[out] auditInfo The audit information that was signed.
253 * (callee-allocated)
254 * @param[out] signature The signature over auditInfo.
255 * (callee-allocated)
256 * @retval TSS2_RC_SUCCESS on success
257 * @retval ESYS_RC_SUCCESS if the function call was a success.
258 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
259 * pointers or required output handle references are NULL.
260 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
261 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
262 * internal operations or return parameters.
263 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
264 * operation already pending.
265 * @retval TSS2_ESYS_RC_TRY_AGAIN: if the timeout counter expires before the
266 * TPM response is received.
267 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
268 * at least contain the tag, response length, and response code.
269 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM did
270 * not verify.
271 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
272 * @retval TSS2_RCs produced by lower layers of the software stack may be
273 * returned to the caller unaltered unless handled internally.
274 */
275 TSS2_RC
Esys_GetSessionAuditDigest_Finish(ESYS_CONTEXT * esysContext,TPM2B_ATTEST ** auditInfo,TPMT_SIGNATURE ** signature)276 Esys_GetSessionAuditDigest_Finish(
277 ESYS_CONTEXT *esysContext,
278 TPM2B_ATTEST **auditInfo,
279 TPMT_SIGNATURE **signature)
280 {
281 TSS2_RC r;
282 LOG_TRACE("context=%p, auditInfo=%p, signature=%p",
283 esysContext, auditInfo, signature);
284
285 if (esysContext == NULL) {
286 LOG_ERROR("esyscontext is NULL.");
287 return TSS2_ESYS_RC_BAD_REFERENCE;
288 }
289
290 /* Check for correct sequence and set sequence to irregular for now */
291 if (esysContext->state != _ESYS_STATE_SENT &&
292 esysContext->state != _ESYS_STATE_RESUBMISSION) {
293 LOG_ERROR("Esys called in bad sequence.");
294 return TSS2_ESYS_RC_BAD_SEQUENCE;
295 }
296 esysContext->state = _ESYS_STATE_INTERNALERROR;
297
298 /* Allocate memory for response parameters */
299 if (auditInfo != NULL) {
300 *auditInfo = calloc(sizeof(TPM2B_ATTEST), 1);
301 if (*auditInfo == NULL) {
302 return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
303 }
304 }
305 if (signature != NULL) {
306 *signature = calloc(sizeof(TPMT_SIGNATURE), 1);
307 if (*signature == NULL) {
308 goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
309 }
310 }
311
312 /*Receive the TPM response and handle resubmissions if necessary. */
313 r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
314 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
315 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
316 esysContext->state = _ESYS_STATE_SENT;
317 goto error_cleanup;
318 }
319 /* This block handle the resubmission of TPM commands given a certain set of
320 * TPM response codes. */
321 if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) {
322 LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a "
323 "resubmission: %" PRIx32, r);
324 if (esysContext->submissionCount++ >= _ESYS_MAX_SUBMISSIONS) {
325 LOG_WARNING("Maximum number of (re)submissions has been reached.");
326 esysContext->state = _ESYS_STATE_INIT;
327 goto error_cleanup;
328 }
329 esysContext->state = _ESYS_STATE_RESUBMISSION;
330 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
331 if (r != TSS2_RC_SUCCESS) {
332 LOG_WARNING("Error attempting to resubmit");
333 /* We do not set esysContext->state here but inherit the most recent
334 * state of the _async function. */
335 goto error_cleanup;
336 }
337 r = TSS2_ESYS_RC_TRY_AGAIN;
338 LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN.");
339 goto error_cleanup;
340 }
341 /* The following is the "regular error" handling. */
342 if (iesys_tpm_error(r)) {
343 LOG_WARNING("Received TPM Error");
344 esysContext->state = _ESYS_STATE_INIT;
345 goto error_cleanup;
346 } else if (r != TSS2_RC_SUCCESS) {
347 LOG_ERROR("Received a non-TPM Error");
348 esysContext->state = _ESYS_STATE_INTERNALERROR;
349 goto error_cleanup;
350 }
351
352 /*
353 * Now the verification of the response (hmac check) and if necessary the
354 * parameter decryption have to be done.
355 */
356 r = iesys_check_response(esysContext);
357 goto_state_if_error(r, _ESYS_STATE_INTERNALERROR, "Error: check response",
358 error_cleanup);
359
360 /*
361 * After the verification of the response we call the complete function
362 * to deliver the result.
363 */
364 r = Tss2_Sys_GetSessionAuditDigest_Complete(esysContext->sys,
365 (auditInfo != NULL) ? *auditInfo
366 : NULL,
367 (signature != NULL) ? *signature
368 : NULL);
369 goto_state_if_error(r, _ESYS_STATE_INTERNALERROR,
370 "Received error from SAPI unmarshaling" ,
371 error_cleanup);
372
373 esysContext->state = _ESYS_STATE_INIT;
374
375 return TSS2_RC_SUCCESS;
376
377 error_cleanup:
378 if (auditInfo != NULL)
379 SAFE_FREE(*auditInfo);
380 if (signature != NULL)
381 SAFE_FREE(*signature);
382
383 return r;
384 }
385