1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 ******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include "tss2_mu.h"
12 #include "tss2_sys.h"
13 #include "tss2_esys.h"
14
15 #include "esys_types.h"
16 #include "esys_iutil.h"
17 #include "esys_mu.h"
18 #define LOGMODULE esys
19 #include "util/log.h"
20 #include "util/aux_util.h"
21
22 /** One-Call function for TPM2_GetTime
23 *
24 * This function invokes the TPM2_GetTime command in a one-call
25 * variant. This means the function will block until the TPM response is
26 * available. All input parameters are const. The memory for non-simple output
27 * parameters is allocated by the function implementation.
28 *
29 * @param[in,out] esysContext The ESYS_CONTEXT.
30 * @param[in] privacyAdminHandle TPM2_Handle of the privacy administrator
31 * (TPM2_RH_ENDORSEMENT).
32 * @param[in] signHandle The keyHandle identifier of a loaded key that can
33 * perform digital signatures.
34 * @param[in] shandle1 Session handle for authorization of privacyAdminHandle
35 * @param[in] shandle2 Session handle for authorization of signHandle
36 * @param[in] shandle3 Third session handle.
37 * @param[in] qualifyingData Data to tick stamp.
38 * @param[in] inScheme TPM2_Signing scheme to use if the scheme for signHandle is
39 * TPM2_ALG_NULL.
40 * @param[out] timeInfo Standard TPM-generated attestation block.
41 * (callee-allocated)
42 * @param[out] signature The signature over timeInfo .
43 * (callee-allocated)
44 * @retval TSS2_RC_SUCCESS if the function call was a success.
45 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
46 * pointers or required output handle references are NULL.
47 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
48 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
49 * internal operations or return parameters.
50 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
51 * operation already pending.
52 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
53 * at least contain the tag, response length, and response code.
54 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
55 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM
56 did not verify.
57 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
58 * the 'decrypt' attribute bit set.
59 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
60 * the 'encrypt' attribute bit set.
61 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
62 * to the ESYS_CONTEXT or are of the wrong type or if required
63 * ESYS_TR objects are ESYS_TR_NONE.
64 * @retval TSS2_RCs produced by lower layers of the software stack may be
65 * returned to the caller unaltered unless handled internally.
66 */
67 TSS2_RC
Esys_GetTime(ESYS_CONTEXT * esysContext,ESYS_TR privacyAdminHandle,ESYS_TR signHandle,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,const TPM2B_DATA * qualifyingData,const TPMT_SIG_SCHEME * inScheme,TPM2B_ATTEST ** timeInfo,TPMT_SIGNATURE ** signature)68 Esys_GetTime(
69 ESYS_CONTEXT *esysContext,
70 ESYS_TR privacyAdminHandle,
71 ESYS_TR signHandle,
72 ESYS_TR shandle1,
73 ESYS_TR shandle2,
74 ESYS_TR shandle3,
75 const TPM2B_DATA *qualifyingData,
76 const TPMT_SIG_SCHEME *inScheme,
77 TPM2B_ATTEST **timeInfo,
78 TPMT_SIGNATURE **signature)
79 {
80 TSS2_RC r;
81
82 r = Esys_GetTime_Async(esysContext, privacyAdminHandle, signHandle, shandle1,
83 shandle2, shandle3, qualifyingData, inScheme);
84 return_if_error(r, "Error in async function");
85
86 /* Set the timeout to indefinite for now, since we want _Finish to block */
87 int32_t timeouttmp = esysContext->timeout;
88 esysContext->timeout = -1;
89 /*
90 * Now we call the finish function, until return code is not equal to
91 * from TSS2_BASE_RC_TRY_AGAIN.
92 * Note that the finish function may return TSS2_RC_TRY_AGAIN, even if we
93 * have set the timeout to -1. This occurs for example if the TPM requests
94 * a retransmission of the command via TPM2_RC_YIELDED.
95 */
96 do {
97 r = Esys_GetTime_Finish(esysContext, timeInfo, signature);
98 /* This is just debug information about the reattempt to finish the
99 command */
100 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN)
101 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32
102 " => resubmitting command", r);
103 } while ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN);
104
105 /* Restore the timeout value to the original value */
106 esysContext->timeout = timeouttmp;
107 return_if_error(r, "Esys Finish");
108
109 return TSS2_RC_SUCCESS;
110 }
111
112 /** Asynchronous function for TPM2_GetTime
113 *
114 * This function invokes the TPM2_GetTime command in a asynchronous
115 * variant. This means the function will return as soon as the command has been
116 * sent downwards the stack to the TPM. All input parameters are const.
117 * In order to retrieve the TPM's response call Esys_GetTime_Finish.
118 *
119 * @param[in,out] esysContext The ESYS_CONTEXT.
120 * @param[in] privacyAdminHandle TPM2_Handle of the privacy administrator
121 * (TPM2_RH_ENDORSEMENT).
122 * @param[in] signHandle The keyHandle identifier of a loaded key that can
123 * perform digital signatures.
124 * @param[in] shandle1 Session handle for authorization of privacyAdminHandle
125 * @param[in] shandle2 Session handle for authorization of signHandle
126 * @param[in] shandle3 Third session handle.
127 * @param[in] qualifyingData Data to tick stamp.
128 * @param[in] inScheme TPM2_Signing scheme to use if the scheme for signHandle is
129 * TPM2_ALG_NULL.
130 * @retval ESYS_RC_SUCCESS if the function call was a success.
131 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
132 * pointers or required output handle references are NULL.
133 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
134 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
135 * internal operations or return parameters.
136 * @retval TSS2_RCs produced by lower layers of the software stack may be
137 returned to the caller unaltered unless handled internally.
138 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
139 * the 'decrypt' attribute bit set.
140 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
141 * the 'encrypt' attribute bit set.
142 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
143 * to the ESYS_CONTEXT or are of the wrong type or if required
144 * ESYS_TR objects are ESYS_TR_NONE.
145 */
146 TSS2_RC
Esys_GetTime_Async(ESYS_CONTEXT * esysContext,ESYS_TR privacyAdminHandle,ESYS_TR signHandle,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,const TPM2B_DATA * qualifyingData,const TPMT_SIG_SCHEME * inScheme)147 Esys_GetTime_Async(
148 ESYS_CONTEXT *esysContext,
149 ESYS_TR privacyAdminHandle,
150 ESYS_TR signHandle,
151 ESYS_TR shandle1,
152 ESYS_TR shandle2,
153 ESYS_TR shandle3,
154 const TPM2B_DATA *qualifyingData,
155 const TPMT_SIG_SCHEME *inScheme)
156 {
157 TSS2_RC r;
158 LOG_TRACE("context=%p, privacyAdminHandle=%"PRIx32 ", signHandle=%"PRIx32 ","
159 "qualifyingData=%p, inScheme=%p",
160 esysContext, privacyAdminHandle, signHandle, qualifyingData, inScheme);
161 TSS2L_SYS_AUTH_COMMAND auths;
162 RSRC_NODE_T *privacyAdminHandleNode;
163 RSRC_NODE_T *signHandleNode;
164
165 /* Check context, sequence correctness and set state to error for now */
166 if (esysContext == NULL) {
167 LOG_ERROR("esyscontext is NULL.");
168 return TSS2_ESYS_RC_BAD_REFERENCE;
169 }
170 r = iesys_check_sequence_async(esysContext);
171 if (r != TSS2_RC_SUCCESS)
172 return r;
173 esysContext->state = _ESYS_STATE_INTERNALERROR;
174
175 /* Check input parameters */
176 r = check_session_feasibility(shandle1, shandle2, shandle3, 1);
177 return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage");
178
179 /* Retrieve the metadata objects for provided handles */
180 r = esys_GetResourceObject(esysContext, privacyAdminHandle, &privacyAdminHandleNode);
181 return_state_if_error(r, _ESYS_STATE_INIT, "privacyAdminHandle unknown.");
182 r = esys_GetResourceObject(esysContext, signHandle, &signHandleNode);
183 return_state_if_error(r, _ESYS_STATE_INIT, "signHandle unknown.");
184
185 /* Initial invocation of SAPI to prepare the command buffer with parameters */
186 r = Tss2_Sys_GetTime_Prepare(esysContext->sys,
187 (privacyAdminHandleNode == NULL) ? TPM2_RH_NULL
188 : privacyAdminHandleNode->rsrc.handle,
189 (signHandleNode == NULL) ? TPM2_RH_NULL
190 : signHandleNode->rsrc.handle, qualifyingData,
191 inScheme);
192 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error.");
193
194 /* Calculate the cpHash Values */
195 r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
196 return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
197 if (privacyAdminHandleNode != NULL)
198 iesys_compute_session_value(esysContext->session_tab[0],
199 &privacyAdminHandleNode->rsrc.name, &privacyAdminHandleNode->auth);
200 else
201 iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
202
203 iesys_compute_session_value(esysContext->session_tab[1],
204 &signHandleNode->rsrc.name, &signHandleNode->auth);
205 iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
206
207 /* Generate the auth values and set them in the SAPI command buffer */
208 r = iesys_gen_auths(esysContext, privacyAdminHandleNode, signHandleNode, NULL, &auths);
209 return_state_if_error(r, _ESYS_STATE_INIT,
210 "Error in computation of auth values");
211
212 esysContext->authsCount = auths.count;
213 if (auths.count > 0) {
214 r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths);
215 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
216 }
217
218 /* Trigger execution and finish the async invocation */
219 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
220 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
221 "Finish (Execute Async)");
222
223 esysContext->state = _ESYS_STATE_SENT;
224
225 return r;
226 }
227
228 /** Asynchronous finish function for TPM2_GetTime
229 *
230 * This function returns the results of a TPM2_GetTime command
231 * invoked via Esys_GetTime_Finish. All non-simple output parameters
232 * are allocated by the function's implementation. NULL can be passed for every
233 * output parameter if the value is not required.
234 *
235 * @param[in,out] esysContext The ESYS_CONTEXT.
236 * @param[out] timeInfo Standard TPM-generated attestation block.
237 * (callee-allocated)
238 * @param[out] signature The signature over timeInfo .
239 * (callee-allocated)
240 * @retval TSS2_RC_SUCCESS on success
241 * @retval ESYS_RC_SUCCESS if the function call was a success.
242 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
243 * pointers or required output handle references are NULL.
244 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
245 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
246 * internal operations or return parameters.
247 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
248 * operation already pending.
249 * @retval TSS2_ESYS_RC_TRY_AGAIN: if the timeout counter expires before the
250 * TPM response is received.
251 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
252 * at least contain the tag, response length, and response code.
253 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM did
254 * not verify.
255 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
256 * @retval TSS2_RCs produced by lower layers of the software stack may be
257 * returned to the caller unaltered unless handled internally.
258 */
259 TSS2_RC
Esys_GetTime_Finish(ESYS_CONTEXT * esysContext,TPM2B_ATTEST ** timeInfo,TPMT_SIGNATURE ** signature)260 Esys_GetTime_Finish(
261 ESYS_CONTEXT *esysContext,
262 TPM2B_ATTEST **timeInfo,
263 TPMT_SIGNATURE **signature)
264 {
265 TSS2_RC r;
266 LOG_TRACE("context=%p, timeInfo=%p, signature=%p",
267 esysContext, timeInfo, signature);
268
269 if (esysContext == NULL) {
270 LOG_ERROR("esyscontext is NULL.");
271 return TSS2_ESYS_RC_BAD_REFERENCE;
272 }
273
274 /* Check for correct sequence and set sequence to irregular for now */
275 if (esysContext->state != _ESYS_STATE_SENT &&
276 esysContext->state != _ESYS_STATE_RESUBMISSION) {
277 LOG_ERROR("Esys called in bad sequence.");
278 return TSS2_ESYS_RC_BAD_SEQUENCE;
279 }
280 esysContext->state = _ESYS_STATE_INTERNALERROR;
281
282 /* Allocate memory for response parameters */
283 if (timeInfo != NULL) {
284 *timeInfo = calloc(sizeof(TPM2B_ATTEST), 1);
285 if (*timeInfo == NULL) {
286 return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
287 }
288 }
289 if (signature != NULL) {
290 *signature = calloc(sizeof(TPMT_SIGNATURE), 1);
291 if (*signature == NULL) {
292 goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
293 }
294 }
295
296 /*Receive the TPM response and handle resubmissions if necessary. */
297 r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
298 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
299 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
300 esysContext->state = _ESYS_STATE_SENT;
301 goto error_cleanup;
302 }
303 /* This block handle the resubmission of TPM commands given a certain set of
304 * TPM response codes. */
305 if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) {
306 LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a "
307 "resubmission: %" PRIx32, r);
308 if (esysContext->submissionCount++ >= _ESYS_MAX_SUBMISSIONS) {
309 LOG_WARNING("Maximum number of (re)submissions has been reached.");
310 esysContext->state = _ESYS_STATE_INIT;
311 goto error_cleanup;
312 }
313 esysContext->state = _ESYS_STATE_RESUBMISSION;
314 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
315 if (r != TSS2_RC_SUCCESS) {
316 LOG_WARNING("Error attempting to resubmit");
317 /* We do not set esysContext->state here but inherit the most recent
318 * state of the _async function. */
319 goto error_cleanup;
320 }
321 r = TSS2_ESYS_RC_TRY_AGAIN;
322 LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN.");
323 goto error_cleanup;
324 }
325 /* The following is the "regular error" handling. */
326 if (iesys_tpm_error(r)) {
327 LOG_WARNING("Received TPM Error");
328 esysContext->state = _ESYS_STATE_INIT;
329 goto error_cleanup;
330 } else if (r != TSS2_RC_SUCCESS) {
331 LOG_ERROR("Received a non-TPM Error");
332 esysContext->state = _ESYS_STATE_INTERNALERROR;
333 goto error_cleanup;
334 }
335
336 /*
337 * Now the verification of the response (hmac check) and if necessary the
338 * parameter decryption have to be done.
339 */
340 r = iesys_check_response(esysContext);
341 goto_state_if_error(r, _ESYS_STATE_INTERNALERROR, "Error: check response",
342 error_cleanup);
343
344 /*
345 * After the verification of the response we call the complete function
346 * to deliver the result.
347 */
348 r = Tss2_Sys_GetTime_Complete(esysContext->sys,
349 (timeInfo != NULL) ? *timeInfo : NULL,
350 (signature != NULL) ? *signature : NULL);
351 goto_state_if_error(r, _ESYS_STATE_INTERNALERROR,
352 "Received error from SAPI unmarshaling" ,
353 error_cleanup);
354
355 esysContext->state = _ESYS_STATE_INIT;
356
357 return TSS2_RC_SUCCESS;
358
359 error_cleanup:
360 if (timeInfo != NULL)
361 SAFE_FREE(*timeInfo);
362 if (signature != NULL)
363 SAFE_FREE(*signature);
364
365 return r;
366 }
367