• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3  * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4  * All rights reserved.
5  ******************************************************************************/
6 
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10 
11 #include "tss2_mu.h"
12 #include "tss2_sys.h"
13 #include "tss2_esys.h"
14 
15 #include "esys_types.h"
16 #include "esys_iutil.h"
17 #include "esys_mu.h"
18 #define LOGMODULE esys
19 #include "util/log.h"
20 #include "util/aux_util.h"
21 
22 /** Store command parameters inside the ESYS_CONTEXT for use during _Finish */
store_input_parameters(ESYS_CONTEXT * esysContext,ESYS_TR policySession)23 static void store_input_parameters (
24     ESYS_CONTEXT *esysContext,
25     ESYS_TR policySession)
26 {
27     esysContext->in.Policy.policySession = policySession;
28 }
29 
30 /** One-Call function for TPM2_PolicyAuthValue
31  *
32  * This function invokes the TPM2_PolicyAuthValue command in a one-call
33  * variant. This means the function will block until the TPM response is
34  * available. All input parameters are const. The memory for non-simple output
35  * parameters is allocated by the function implementation.
36  *
37  * @param[in,out] esysContext The ESYS_CONTEXT.
38  * @param[in]  policySession Handle for the policy session being extended.
39  * @param[in]  shandle1 First session handle.
40  * @param[in]  shandle2 Second session handle.
41  * @param[in]  shandle3 Third session handle.
42  * @retval TSS2_RC_SUCCESS if the function call was a success.
43  * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
44  *         pointers or required output handle references are NULL.
45  * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
46  * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
47  *         internal operations or return parameters.
48  * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
49  *         operation already pending.
50  * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
51  *          at least contain the tag, response length, and response code.
52  * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
53  * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM
54            did not verify.
55  * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
56  *         the 'decrypt' attribute bit set.
57  * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
58  *         the 'encrypt' attribute bit set.
59  * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
60  *         to the ESYS_CONTEXT or are of the wrong type or if required
61  *         ESYS_TR objects are ESYS_TR_NONE.
62  * @retval TSS2_ESYS_RC_NO_DECRYPT_PARAM: if one of the sessions has the
63  *         'decrypt' attribute set and the command does not support encryption
64  *         of the first command parameter.
65  * @retval TSS2_ESYS_RC_NO_ENCRYPT_PARAM: if one of the sessions has the
66  *         'encrypt' attribute set and the command does not support encryption
67  *          of the first response parameter.
68  * @retval TSS2_RCs produced by lower layers of the software stack may be
69  *         returned to the caller unaltered unless handled internally.
70  */
71 TSS2_RC
Esys_PolicyAuthValue(ESYS_CONTEXT * esysContext,ESYS_TR policySession,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3)72 Esys_PolicyAuthValue(
73     ESYS_CONTEXT *esysContext,
74     ESYS_TR policySession,
75     ESYS_TR shandle1,
76     ESYS_TR shandle2,
77     ESYS_TR shandle3)
78 {
79     TSS2_RC r;
80 
81     r = Esys_PolicyAuthValue_Async(esysContext, policySession, shandle1,
82                                    shandle2, shandle3);
83     return_if_error(r, "Error in async function");
84 
85     /* Set the timeout to indefinite for now, since we want _Finish to block */
86     int32_t timeouttmp = esysContext->timeout;
87     esysContext->timeout = -1;
88     /*
89      * Now we call the finish function, until return code is not equal to
90      * from TSS2_BASE_RC_TRY_AGAIN.
91      * Note that the finish function may return TSS2_RC_TRY_AGAIN, even if we
92      * have set the timeout to -1. This occurs for example if the TPM requests
93      * a retransmission of the command via TPM2_RC_YIELDED.
94      */
95     do {
96         r = Esys_PolicyAuthValue_Finish(esysContext);
97         /* This is just debug information about the reattempt to finish the
98            command */
99         if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN)
100             LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32
101                       " => resubmitting command", r);
102     } while ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN);
103 
104     /* Restore the timeout value to the original value */
105     esysContext->timeout = timeouttmp;
106     return_if_error(r, "Esys Finish");
107 
108     return TSS2_RC_SUCCESS;
109 }
110 
111 /** Asynchronous function for TPM2_PolicyAuthValue
112  *
113  * This function invokes the TPM2_PolicyAuthValue command in a asynchronous
114  * variant. This means the function will return as soon as the command has been
115  * sent downwards the stack to the TPM. All input parameters are const.
116  * In order to retrieve the TPM's response call Esys_PolicyAuthValue_Finish.
117  *
118  * @param[in,out] esysContext The ESYS_CONTEXT.
119  * @param[in]  policySession Handle for the policy session being extended.
120  * @param[in]  shandle1 First session handle.
121  * @param[in]  shandle2 Second session handle.
122  * @param[in]  shandle3 Third session handle.
123  * @retval ESYS_RC_SUCCESS if the function call was a success.
124  * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
125  *         pointers or required output handle references are NULL.
126  * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
127  * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
128  *         internal operations or return parameters.
129  * @retval TSS2_RCs produced by lower layers of the software stack may be
130            returned to the caller unaltered unless handled internally.
131  * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
132  *         the 'decrypt' attribute bit set.
133  * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
134  *         the 'encrypt' attribute bit set.
135  * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
136  *         to the ESYS_CONTEXT or are of the wrong type or if required
137  *         ESYS_TR objects are ESYS_TR_NONE.
138  * @retval TSS2_ESYS_RC_NO_DECRYPT_PARAM: if one of the sessions has the
139  *         'decrypt' attribute set and the command does not support encryption
140  *         of the first command parameter.
141  * @retval TSS2_ESYS_RC_NO_ENCRYPT_PARAM: if one of the sessions has the
142  *         'encrypt' attribute set and the command does not support encryption
143  *          of the first response parameter.
144  */
145 TSS2_RC
Esys_PolicyAuthValue_Async(ESYS_CONTEXT * esysContext,ESYS_TR policySession,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3)146 Esys_PolicyAuthValue_Async(
147     ESYS_CONTEXT *esysContext,
148     ESYS_TR policySession,
149     ESYS_TR shandle1,
150     ESYS_TR shandle2,
151     ESYS_TR shandle3)
152 {
153     TSS2_RC r;
154     LOG_TRACE("context=%p, policySession=%"PRIx32 "",
155               esysContext, policySession);
156     TSS2L_SYS_AUTH_COMMAND auths;
157     RSRC_NODE_T *policySessionNode;
158 
159     /* Check context, sequence correctness and set state to error for now */
160     if (esysContext == NULL) {
161         LOG_ERROR("esyscontext is NULL.");
162         return TSS2_ESYS_RC_BAD_REFERENCE;
163     }
164     r = iesys_check_sequence_async(esysContext);
165     if (r != TSS2_RC_SUCCESS)
166         return r;
167     esysContext->state = _ESYS_STATE_INTERNALERROR;
168 
169     /* Check input parameters */
170     r = check_session_feasibility(shandle1, shandle2, shandle3, 0);
171     return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage");
172     store_input_parameters(esysContext, policySession);
173 
174     /* Retrieve the metadata objects for provided handles */
175     r = esys_GetResourceObject(esysContext, policySession, &policySessionNode);
176     return_state_if_error(r, _ESYS_STATE_INIT, "policySession unknown.");
177 
178     /* Initial invocation of SAPI to prepare the command buffer with parameters */
179     r = Tss2_Sys_PolicyAuthValue_Prepare(esysContext->sys,
180                                          (policySessionNode == NULL)
181                                           ? TPM2_RH_NULL
182                                           : policySessionNode->rsrc.handle);
183     return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error.");
184 
185     /* Calculate the cpHash Values */
186     r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
187     return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
188     iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
189     iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
190     iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
191 
192     /* Generate the auth values and set them in the SAPI command buffer */
193     r = iesys_gen_auths(esysContext, policySessionNode, NULL, NULL, &auths);
194     return_state_if_error(r, _ESYS_STATE_INIT,
195                           "Error in computation of auth values");
196 
197     esysContext->authsCount = auths.count;
198     if (auths.count > 0) {
199         r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths);
200         return_state_if_error(r, _ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
201     }
202 
203     /* Trigger execution and finish the async invocation */
204     r = Tss2_Sys_ExecuteAsync(esysContext->sys);
205     return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
206                           "Finish (Execute Async)");
207 
208     esysContext->state = _ESYS_STATE_SENT;
209 
210     return r;
211 }
212 
213 /** Asynchronous finish function for TPM2_PolicyAuthValue
214  *
215  * This function returns the results of a TPM2_PolicyAuthValue command
216  * invoked via Esys_PolicyAuthValue_Finish. All non-simple output parameters
217  * are allocated by the function's implementation. NULL can be passed for every
218  * output parameter if the value is not required.
219  *
220  * @param[in,out] esysContext The ESYS_CONTEXT.
221  * @retval TSS2_RC_SUCCESS on success
222  * @retval ESYS_RC_SUCCESS if the function call was a success.
223  * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
224  *         pointers or required output handle references are NULL.
225  * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
226  * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
227  *         internal operations or return parameters.
228  * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
229  *         operation already pending.
230  * @retval TSS2_ESYS_RC_TRY_AGAIN: if the timeout counter expires before the
231  *         TPM response is received.
232  * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
233  *         at least contain the tag, response length, and response code.
234  * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM did
235  *         not verify.
236  * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
237  * @retval TSS2_RCs produced by lower layers of the software stack may be
238  *         returned to the caller unaltered unless handled internally.
239  */
240 TSS2_RC
Esys_PolicyAuthValue_Finish(ESYS_CONTEXT * esysContext)241 Esys_PolicyAuthValue_Finish(
242     ESYS_CONTEXT *esysContext)
243 {
244     TSS2_RC r;
245     LOG_TRACE("context=%p",
246               esysContext);
247 
248     if (esysContext == NULL) {
249         LOG_ERROR("esyscontext is NULL.");
250         return TSS2_ESYS_RC_BAD_REFERENCE;
251     }
252 
253     /* Check for correct sequence and set sequence to irregular for now */
254     if (esysContext->state != _ESYS_STATE_SENT &&
255         esysContext->state != _ESYS_STATE_RESUBMISSION) {
256         LOG_ERROR("Esys called in bad sequence.");
257         return TSS2_ESYS_RC_BAD_SEQUENCE;
258     }
259     esysContext->state = _ESYS_STATE_INTERNALERROR;
260 
261     /*Receive the TPM response and handle resubmissions if necessary. */
262     r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
263     if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
264         LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
265         esysContext->state = _ESYS_STATE_SENT;
266         return r;
267     }
268     /* This block handle the resubmission of TPM commands given a certain set of
269      * TPM response codes. */
270     if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) {
271         LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a "
272             "resubmission: %" PRIx32, r);
273         if (esysContext->submissionCount++ >= _ESYS_MAX_SUBMISSIONS) {
274             LOG_WARNING("Maximum number of (re)submissions has been reached.");
275             esysContext->state = _ESYS_STATE_INIT;
276             return r;
277         }
278         esysContext->state = _ESYS_STATE_RESUBMISSION;
279         r = Tss2_Sys_ExecuteAsync(esysContext->sys);
280         if (r != TSS2_RC_SUCCESS) {
281             LOG_WARNING("Error attempting to resubmit");
282             /* We do not set esysContext->state here but inherit the most recent
283              * state of the _async function. */
284             return r;
285         }
286         r = TSS2_ESYS_RC_TRY_AGAIN;
287         LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN.");
288         return r;
289     }
290     /* The following is the "regular error" handling. */
291     if (iesys_tpm_error(r)) {
292         LOG_WARNING("Received TPM Error");
293         esysContext->state = _ESYS_STATE_INIT;
294         return r;
295     } else if (r != TSS2_RC_SUCCESS) {
296         LOG_ERROR("Received a non-TPM Error");
297         esysContext->state = _ESYS_STATE_INTERNALERROR;
298         return r;
299     }
300 
301     /*
302      * Now the verification of the response (hmac check) and if necessary the
303      * parameter decryption have to be done.
304      */
305     r = iesys_check_response(esysContext);
306     return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
307                           "Error: check response");
308 
309     /*
310      * After the verification of the response we call the complete function
311      * to deliver the result.
312      */
313     r = Tss2_Sys_PolicyAuthValue_Complete(esysContext->sys);
314     return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
315                           "Received error from SAPI unmarshaling" );
316 
317     ESYS_TR policySession = esysContext->in.Policy.policySession;
318     RSRC_NODE_T *policySessionNode;
319     r = esys_GetResourceObject(esysContext, policySession, &policySessionNode);
320     return_if_error(r, "get resource");
321 
322     if (policySessionNode != NULL)
323         /* Indicate that the auth value has to be included in the hmac */
324         policySessionNode->rsrc.misc.rsrc_session.type_policy_session = POLICY_AUTH;
325     esysContext->state = _ESYS_STATE_INIT;
326 
327     return TSS2_RC_SUCCESS;
328 }
329