1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 ******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include "tss2_mu.h"
12 #include "tss2_sys.h"
13 #include "tss2_esys.h"
14
15 #include "esys_types.h"
16 #include "esys_iutil.h"
17 #include "esys_mu.h"
18 #define LOGMODULE esys
19 #include "util/log.h"
20 #include "util/aux_util.h"
21
22 /** One-Call function for TPM2_PolicyAuthorize
23 *
24 * This function invokes the TPM2_PolicyAuthorize command in a one-call
25 * variant. This means the function will block until the TPM response is
26 * available. All input parameters are const. The memory for non-simple output
27 * parameters is allocated by the function implementation.
28 *
29 * @param[in,out] esysContext The ESYS_CONTEXT.
30 * @param[in] policySession Handle for the policy session being extended.
31 * @param[in] shandle1 First session handle.
32 * @param[in] shandle2 Second session handle.
33 * @param[in] shandle3 Third session handle.
34 * @param[in] approvedPolicy Digest of the policy being approved.
35 * @param[in] policyRef A policy qualifier.
36 * @param[in] keySign Name of a key that can sign a policy addition.
37 * @param[in] checkTicket Ticket validating that approvedPolicy and policyRef
38 * were signed by keySign.
39 * @retval TSS2_RC_SUCCESS if the function call was a success.
40 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
41 * pointers or required output handle references are NULL.
42 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
43 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
44 * internal operations or return parameters.
45 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
46 * operation already pending.
47 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
48 * at least contain the tag, response length, and response code.
49 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
50 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM
51 did not verify.
52 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
53 * the 'decrypt' attribute bit set.
54 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
55 * the 'encrypt' attribute bit set.
56 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
57 * to the ESYS_CONTEXT or are of the wrong type or if required
58 * ESYS_TR objects are ESYS_TR_NONE.
59 * @retval TSS2_ESYS_RC_NO_DECRYPT_PARAM: if one of the sessions has the
60 * 'decrypt' attribute set and the command does not support encryption
61 * of the first command parameter.
62 * @retval TSS2_ESYS_RC_NO_ENCRYPT_PARAM: if one of the sessions has the
63 * 'encrypt' attribute set and the command does not support encryption
64 * of the first response parameter.
65 * @retval TSS2_RCs produced by lower layers of the software stack may be
66 * returned to the caller unaltered unless handled internally.
67 */
68 TSS2_RC
Esys_PolicyAuthorize(ESYS_CONTEXT * esysContext,ESYS_TR policySession,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,const TPM2B_DIGEST * approvedPolicy,const TPM2B_NONCE * policyRef,const TPM2B_NAME * keySign,const TPMT_TK_VERIFIED * checkTicket)69 Esys_PolicyAuthorize(
70 ESYS_CONTEXT *esysContext,
71 ESYS_TR policySession,
72 ESYS_TR shandle1,
73 ESYS_TR shandle2,
74 ESYS_TR shandle3,
75 const TPM2B_DIGEST *approvedPolicy,
76 const TPM2B_NONCE *policyRef,
77 const TPM2B_NAME *keySign,
78 const TPMT_TK_VERIFIED *checkTicket)
79 {
80 TSS2_RC r;
81
82 r = Esys_PolicyAuthorize_Async(esysContext, policySession, shandle1,
83 shandle2, shandle3, approvedPolicy, policyRef,
84 keySign, checkTicket);
85 return_if_error(r, "Error in async function");
86
87 /* Set the timeout to indefinite for now, since we want _Finish to block */
88 int32_t timeouttmp = esysContext->timeout;
89 esysContext->timeout = -1;
90 /*
91 * Now we call the finish function, until return code is not equal to
92 * from TSS2_BASE_RC_TRY_AGAIN.
93 * Note that the finish function may return TSS2_RC_TRY_AGAIN, even if we
94 * have set the timeout to -1. This occurs for example if the TPM requests
95 * a retransmission of the command via TPM2_RC_YIELDED.
96 */
97 do {
98 r = Esys_PolicyAuthorize_Finish(esysContext);
99 /* This is just debug information about the reattempt to finish the
100 command */
101 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN)
102 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32
103 " => resubmitting command", r);
104 } while ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN);
105
106 /* Restore the timeout value to the original value */
107 esysContext->timeout = timeouttmp;
108 return_if_error(r, "Esys Finish");
109
110 return TSS2_RC_SUCCESS;
111 }
112
113 /** Asynchronous function for TPM2_PolicyAuthorize
114 *
115 * This function invokes the TPM2_PolicyAuthorize command in a asynchronous
116 * variant. This means the function will return as soon as the command has been
117 * sent downwards the stack to the TPM. All input parameters are const.
118 * In order to retrieve the TPM's response call Esys_PolicyAuthorize_Finish.
119 *
120 * @param[in,out] esysContext The ESYS_CONTEXT.
121 * @param[in] policySession Handle for the policy session being extended.
122 * @param[in] shandle1 First session handle.
123 * @param[in] shandle2 Second session handle.
124 * @param[in] shandle3 Third session handle.
125 * @param[in] approvedPolicy Digest of the policy being approved.
126 * @param[in] policyRef A policy qualifier.
127 * @param[in] keySign Name of a key that can sign a policy addition.
128 * @param[in] checkTicket Ticket validating that approvedPolicy and policyRef
129 * were signed by keySign.
130 * @retval ESYS_RC_SUCCESS if the function call was a success.
131 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
132 * pointers or required output handle references are NULL.
133 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
134 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
135 * internal operations or return parameters.
136 * @retval TSS2_RCs produced by lower layers of the software stack may be
137 returned to the caller unaltered unless handled internally.
138 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
139 * the 'decrypt' attribute bit set.
140 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
141 * the 'encrypt' attribute bit set.
142 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
143 * to the ESYS_CONTEXT or are of the wrong type or if required
144 * ESYS_TR objects are ESYS_TR_NONE.
145 * @retval TSS2_ESYS_RC_NO_DECRYPT_PARAM: if one of the sessions has the
146 * 'decrypt' attribute set and the command does not support encryption
147 * of the first command parameter.
148 * @retval TSS2_ESYS_RC_NO_ENCRYPT_PARAM: if one of the sessions has the
149 * 'encrypt' attribute set and the command does not support encryption
150 * of the first response parameter.
151 */
152 TSS2_RC
Esys_PolicyAuthorize_Async(ESYS_CONTEXT * esysContext,ESYS_TR policySession,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,const TPM2B_DIGEST * approvedPolicy,const TPM2B_NONCE * policyRef,const TPM2B_NAME * keySign,const TPMT_TK_VERIFIED * checkTicket)153 Esys_PolicyAuthorize_Async(
154 ESYS_CONTEXT *esysContext,
155 ESYS_TR policySession,
156 ESYS_TR shandle1,
157 ESYS_TR shandle2,
158 ESYS_TR shandle3,
159 const TPM2B_DIGEST *approvedPolicy,
160 const TPM2B_NONCE *policyRef,
161 const TPM2B_NAME *keySign,
162 const TPMT_TK_VERIFIED *checkTicket)
163 {
164 TSS2_RC r;
165 LOG_TRACE("context=%p, policySession=%"PRIx32 ", approvedPolicy=%p,"
166 "policyRef=%p, keySign=%p, checkTicket=%p",
167 esysContext, policySession, approvedPolicy, policyRef, keySign,
168 checkTicket);
169 TSS2L_SYS_AUTH_COMMAND auths;
170 RSRC_NODE_T *policySessionNode;
171
172 /* Check context, sequence correctness and set state to error for now */
173 if (esysContext == NULL) {
174 LOG_ERROR("esyscontext is NULL.");
175 return TSS2_ESYS_RC_BAD_REFERENCE;
176 }
177 r = iesys_check_sequence_async(esysContext);
178 if (r != TSS2_RC_SUCCESS)
179 return r;
180 esysContext->state = _ESYS_STATE_INTERNALERROR;
181
182 /* Check input parameters */
183 r = check_session_feasibility(shandle1, shandle2, shandle3, 0);
184 return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage");
185
186 /* Retrieve the metadata objects for provided handles */
187 r = esys_GetResourceObject(esysContext, policySession, &policySessionNode);
188 return_state_if_error(r, _ESYS_STATE_INIT, "policySession unknown.");
189
190 /* Initial invocation of SAPI to prepare the command buffer with parameters */
191 r = Tss2_Sys_PolicyAuthorize_Prepare(esysContext->sys,
192 (policySessionNode == NULL)
193 ? TPM2_RH_NULL
194 : policySessionNode->rsrc.handle,
195 approvedPolicy, policyRef, keySign,
196 checkTicket);
197 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error.");
198
199 /* Calculate the cpHash Values */
200 r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
201 return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
202 iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
203 iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
204 iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
205
206 /* Generate the auth values and set them in the SAPI command buffer */
207 r = iesys_gen_auths(esysContext, policySessionNode, NULL, NULL, &auths);
208 return_state_if_error(r, _ESYS_STATE_INIT,
209 "Error in computation of auth values");
210
211 esysContext->authsCount = auths.count;
212 if (auths.count > 0) {
213 r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths);
214 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
215 }
216
217 /* Trigger execution and finish the async invocation */
218 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
219 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
220 "Finish (Execute Async)");
221
222 esysContext->state = _ESYS_STATE_SENT;
223
224 return r;
225 }
226
227 /** Asynchronous finish function for TPM2_PolicyAuthorize
228 *
229 * This function returns the results of a TPM2_PolicyAuthorize command
230 * invoked via Esys_PolicyAuthorize_Finish. All non-simple output parameters
231 * are allocated by the function's implementation. NULL can be passed for every
232 * output parameter if the value is not required.
233 *
234 * @param[in,out] esysContext The ESYS_CONTEXT.
235 * @retval TSS2_RC_SUCCESS on success
236 * @retval ESYS_RC_SUCCESS if the function call was a success.
237 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
238 * pointers or required output handle references are NULL.
239 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
240 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
241 * internal operations or return parameters.
242 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
243 * operation already pending.
244 * @retval TSS2_ESYS_RC_TRY_AGAIN: if the timeout counter expires before the
245 * TPM response is received.
246 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
247 * at least contain the tag, response length, and response code.
248 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM did
249 * not verify.
250 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
251 * @retval TSS2_RCs produced by lower layers of the software stack may be
252 * returned to the caller unaltered unless handled internally.
253 */
254 TSS2_RC
Esys_PolicyAuthorize_Finish(ESYS_CONTEXT * esysContext)255 Esys_PolicyAuthorize_Finish(
256 ESYS_CONTEXT *esysContext)
257 {
258 TSS2_RC r;
259 LOG_TRACE("context=%p",
260 esysContext);
261
262 if (esysContext == NULL) {
263 LOG_ERROR("esyscontext is NULL.");
264 return TSS2_ESYS_RC_BAD_REFERENCE;
265 }
266
267 /* Check for correct sequence and set sequence to irregular for now */
268 if (esysContext->state != _ESYS_STATE_SENT &&
269 esysContext->state != _ESYS_STATE_RESUBMISSION) {
270 LOG_ERROR("Esys called in bad sequence.");
271 return TSS2_ESYS_RC_BAD_SEQUENCE;
272 }
273 esysContext->state = _ESYS_STATE_INTERNALERROR;
274
275 /*Receive the TPM response and handle resubmissions if necessary. */
276 r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
277 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
278 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
279 esysContext->state = _ESYS_STATE_SENT;
280 return r;
281 }
282 /* This block handle the resubmission of TPM commands given a certain set of
283 * TPM response codes. */
284 if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) {
285 LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a "
286 "resubmission: %" PRIx32, r);
287 if (esysContext->submissionCount++ >= _ESYS_MAX_SUBMISSIONS) {
288 LOG_WARNING("Maximum number of (re)submissions has been reached.");
289 esysContext->state = _ESYS_STATE_INIT;
290 return r;
291 }
292 esysContext->state = _ESYS_STATE_RESUBMISSION;
293 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
294 if (r != TSS2_RC_SUCCESS) {
295 LOG_WARNING("Error attempting to resubmit");
296 /* We do not set esysContext->state here but inherit the most recent
297 * state of the _async function. */
298 return r;
299 }
300 r = TSS2_ESYS_RC_TRY_AGAIN;
301 LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN.");
302 return r;
303 }
304 /* The following is the "regular error" handling. */
305 if (iesys_tpm_error(r)) {
306 LOG_WARNING("Received TPM Error");
307 esysContext->state = _ESYS_STATE_INIT;
308 return r;
309 } else if (r != TSS2_RC_SUCCESS) {
310 LOG_ERROR("Received a non-TPM Error");
311 esysContext->state = _ESYS_STATE_INTERNALERROR;
312 return r;
313 }
314
315 /*
316 * Now the verification of the response (hmac check) and if necessary the
317 * parameter decryption have to be done.
318 */
319 r = iesys_check_response(esysContext);
320 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
321 "Error: check response");
322
323 /*
324 * After the verification of the response we call the complete function
325 * to deliver the result.
326 */
327 r = Tss2_Sys_PolicyAuthorize_Complete(esysContext->sys);
328 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
329 "Received error from SAPI unmarshaling" );
330
331 esysContext->state = _ESYS_STATE_INIT;
332
333 return TSS2_RC_SUCCESS;
334 }
335