1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 ******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include "tss2_mu.h"
12 #include "tss2_sys.h"
13 #include "tss2_esys.h"
14
15 #include "esys_types.h"
16 #include "esys_iutil.h"
17 #include "esys_mu.h"
18 #define LOGMODULE esys
19 #include "util/log.h"
20 #include "util/aux_util.h"
21
22 /** One-Call function for TPM2_PolicyCommandCode
23 *
24 * This function invokes the TPM2_PolicyCommandCode command in a one-call
25 * variant. This means the function will block until the TPM response is
26 * available. All input parameters are const. The memory for non-simple output
27 * parameters is allocated by the function implementation.
28 *
29 * @param[in,out] esysContext The ESYS_CONTEXT.
30 * @param[in] policySession Handle for the policy session being extended.
31 * @param[in] shandle1 First session handle.
32 * @param[in] shandle2 Second session handle.
33 * @param[in] shandle3 Third session handle.
34 * @param[in] code The allowed commandCode.
35 * @retval TSS2_RC_SUCCESS if the function call was a success.
36 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
37 * pointers or required output handle references are NULL.
38 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
39 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
40 * internal operations or return parameters.
41 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
42 * operation already pending.
43 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
44 * at least contain the tag, response length, and response code.
45 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
46 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM
47 did not verify.
48 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
49 * the 'decrypt' attribute bit set.
50 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
51 * the 'encrypt' attribute bit set.
52 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
53 * to the ESYS_CONTEXT or are of the wrong type or if required
54 * ESYS_TR objects are ESYS_TR_NONE.
55 * @retval TSS2_ESYS_RC_NO_DECRYPT_PARAM: if one of the sessions has the
56 * 'decrypt' attribute set and the command does not support encryption
57 * of the first command parameter.
58 * @retval TSS2_ESYS_RC_NO_ENCRYPT_PARAM: if one of the sessions has the
59 * 'encrypt' attribute set and the command does not support encryption
60 * of the first response parameter.
61 * @retval TSS2_RCs produced by lower layers of the software stack may be
62 * returned to the caller unaltered unless handled internally.
63 */
64 TSS2_RC
Esys_PolicyCommandCode(ESYS_CONTEXT * esysContext,ESYS_TR policySession,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,TPM2_CC code)65 Esys_PolicyCommandCode(
66 ESYS_CONTEXT *esysContext,
67 ESYS_TR policySession,
68 ESYS_TR shandle1,
69 ESYS_TR shandle2,
70 ESYS_TR shandle3,
71 TPM2_CC code)
72 {
73 TSS2_RC r;
74
75 r = Esys_PolicyCommandCode_Async(esysContext, policySession, shandle1,
76 shandle2, shandle3, code);
77 return_if_error(r, "Error in async function");
78
79 /* Set the timeout to indefinite for now, since we want _Finish to block */
80 int32_t timeouttmp = esysContext->timeout;
81 esysContext->timeout = -1;
82 /*
83 * Now we call the finish function, until return code is not equal to
84 * from TSS2_BASE_RC_TRY_AGAIN.
85 * Note that the finish function may return TSS2_RC_TRY_AGAIN, even if we
86 * have set the timeout to -1. This occurs for example if the TPM requests
87 * a retransmission of the command via TPM2_RC_YIELDED.
88 */
89 do {
90 r = Esys_PolicyCommandCode_Finish(esysContext);
91 /* This is just debug information about the reattempt to finish the
92 command */
93 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN)
94 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32
95 " => resubmitting command", r);
96 } while ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN);
97
98 /* Restore the timeout value to the original value */
99 esysContext->timeout = timeouttmp;
100 return_if_error(r, "Esys Finish");
101
102 return TSS2_RC_SUCCESS;
103 }
104
105 /** Asynchronous function for TPM2_PolicyCommandCode
106 *
107 * This function invokes the TPM2_PolicyCommandCode command in a asynchronous
108 * variant. This means the function will return as soon as the command has been
109 * sent downwards the stack to the TPM. All input parameters are const.
110 * In order to retrieve the TPM's response call Esys_PolicyCommandCode_Finish.
111 *
112 * @param[in,out] esysContext The ESYS_CONTEXT.
113 * @param[in] policySession Handle for the policy session being extended.
114 * @param[in] shandle1 First session handle.
115 * @param[in] shandle2 Second session handle.
116 * @param[in] shandle3 Third session handle.
117 * @param[in] code The allowed commandCode.
118 * @retval ESYS_RC_SUCCESS if the function call was a success.
119 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
120 * pointers or required output handle references are NULL.
121 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
122 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
123 * internal operations or return parameters.
124 * @retval TSS2_RCs produced by lower layers of the software stack may be
125 returned to the caller unaltered unless handled internally.
126 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
127 * the 'decrypt' attribute bit set.
128 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
129 * the 'encrypt' attribute bit set.
130 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
131 * to the ESYS_CONTEXT or are of the wrong type or if required
132 * ESYS_TR objects are ESYS_TR_NONE.
133 * @retval TSS2_ESYS_RC_NO_DECRYPT_PARAM: if one of the sessions has the
134 * 'decrypt' attribute set and the command does not support encryption
135 * of the first command parameter.
136 * @retval TSS2_ESYS_RC_NO_ENCRYPT_PARAM: if one of the sessions has the
137 * 'encrypt' attribute set and the command does not support encryption
138 * of the first response parameter.
139 */
140 TSS2_RC
Esys_PolicyCommandCode_Async(ESYS_CONTEXT * esysContext,ESYS_TR policySession,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,TPM2_CC code)141 Esys_PolicyCommandCode_Async(
142 ESYS_CONTEXT *esysContext,
143 ESYS_TR policySession,
144 ESYS_TR shandle1,
145 ESYS_TR shandle2,
146 ESYS_TR shandle3,
147 TPM2_CC code)
148 {
149 TSS2_RC r;
150 LOG_TRACE("context=%p, policySession=%"PRIx32 ", code=%"PRIx32 "",
151 esysContext, policySession, code);
152 TSS2L_SYS_AUTH_COMMAND auths;
153 RSRC_NODE_T *policySessionNode;
154
155 /* Check context, sequence correctness and set state to error for now */
156 if (esysContext == NULL) {
157 LOG_ERROR("esyscontext is NULL.");
158 return TSS2_ESYS_RC_BAD_REFERENCE;
159 }
160 r = iesys_check_sequence_async(esysContext);
161 if (r != TSS2_RC_SUCCESS)
162 return r;
163 esysContext->state = _ESYS_STATE_INTERNALERROR;
164
165 /* Check input parameters */
166 r = check_session_feasibility(shandle1, shandle2, shandle3, 0);
167 return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage");
168
169 /* Retrieve the metadata objects for provided handles */
170 r = esys_GetResourceObject(esysContext, policySession, &policySessionNode);
171 return_state_if_error(r, _ESYS_STATE_INIT, "policySession unknown.");
172
173 /* Initial invocation of SAPI to prepare the command buffer with parameters */
174 r = Tss2_Sys_PolicyCommandCode_Prepare(esysContext->sys,
175 (policySessionNode == NULL)
176 ? TPM2_RH_NULL
177 : policySessionNode->rsrc.handle,
178 code);
179 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error.");
180
181 /* Calculate the cpHash Values */
182 r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
183 return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
184 iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
185 iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
186 iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
187
188 /* Generate the auth values and set them in the SAPI command buffer */
189 r = iesys_gen_auths(esysContext, policySessionNode, NULL, NULL, &auths);
190 return_state_if_error(r, _ESYS_STATE_INIT,
191 "Error in computation of auth values");
192
193 esysContext->authsCount = auths.count;
194 if (auths.count > 0) {
195 r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths);
196 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
197 }
198
199 /* Trigger execution and finish the async invocation */
200 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
201 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
202 "Finish (Execute Async)");
203
204 esysContext->state = _ESYS_STATE_SENT;
205
206 return r;
207 }
208
209 /** Asynchronous finish function for TPM2_PolicyCommandCode
210 *
211 * This function returns the results of a TPM2_PolicyCommandCode command
212 * invoked via Esys_PolicyCommandCode_Finish. All non-simple output parameters
213 * are allocated by the function's implementation. NULL can be passed for every
214 * output parameter if the value is not required.
215 *
216 * @param[in,out] esysContext The ESYS_CONTEXT.
217 * @retval TSS2_RC_SUCCESS on success
218 * @retval ESYS_RC_SUCCESS if the function call was a success.
219 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
220 * pointers or required output handle references are NULL.
221 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
222 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
223 * internal operations or return parameters.
224 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
225 * operation already pending.
226 * @retval TSS2_ESYS_RC_TRY_AGAIN: if the timeout counter expires before the
227 * TPM response is received.
228 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
229 * at least contain the tag, response length, and response code.
230 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM did
231 * not verify.
232 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
233 * @retval TSS2_RCs produced by lower layers of the software stack may be
234 * returned to the caller unaltered unless handled internally.
235 */
236 TSS2_RC
Esys_PolicyCommandCode_Finish(ESYS_CONTEXT * esysContext)237 Esys_PolicyCommandCode_Finish(
238 ESYS_CONTEXT *esysContext)
239 {
240 TSS2_RC r;
241 LOG_TRACE("context=%p",
242 esysContext);
243
244 if (esysContext == NULL) {
245 LOG_ERROR("esyscontext is NULL.");
246 return TSS2_ESYS_RC_BAD_REFERENCE;
247 }
248
249 /* Check for correct sequence and set sequence to irregular for now */
250 if (esysContext->state != _ESYS_STATE_SENT &&
251 esysContext->state != _ESYS_STATE_RESUBMISSION) {
252 LOG_ERROR("Esys called in bad sequence.");
253 return TSS2_ESYS_RC_BAD_SEQUENCE;
254 }
255 esysContext->state = _ESYS_STATE_INTERNALERROR;
256
257 /*Receive the TPM response and handle resubmissions if necessary. */
258 r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
259 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
260 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
261 esysContext->state = _ESYS_STATE_SENT;
262 return r;
263 }
264 /* This block handle the resubmission of TPM commands given a certain set of
265 * TPM response codes. */
266 if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) {
267 LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a "
268 "resubmission: %" PRIx32, r);
269 if (esysContext->submissionCount++ >= _ESYS_MAX_SUBMISSIONS) {
270 LOG_WARNING("Maximum number of (re)submissions has been reached.");
271 esysContext->state = _ESYS_STATE_INIT;
272 return r;
273 }
274 esysContext->state = _ESYS_STATE_RESUBMISSION;
275 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
276 if (r != TSS2_RC_SUCCESS) {
277 LOG_WARNING("Error attempting to resubmit");
278 /* We do not set esysContext->state here but inherit the most recent
279 * state of the _async function. */
280 return r;
281 }
282 r = TSS2_ESYS_RC_TRY_AGAIN;
283 LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN.");
284 return r;
285 }
286 /* The following is the "regular error" handling. */
287 if (iesys_tpm_error(r)) {
288 LOG_WARNING("Received TPM Error");
289 esysContext->state = _ESYS_STATE_INIT;
290 return r;
291 } else if (r != TSS2_RC_SUCCESS) {
292 LOG_ERROR("Received a non-TPM Error");
293 esysContext->state = _ESYS_STATE_INTERNALERROR;
294 return r;
295 }
296
297 /*
298 * Now the verification of the response (hmac check) and if necessary the
299 * parameter decryption have to be done.
300 */
301 r = iesys_check_response(esysContext);
302 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
303 "Error: check response");
304
305 /*
306 * After the verification of the response we call the complete function
307 * to deliver the result.
308 */
309 r = Tss2_Sys_PolicyCommandCode_Complete(esysContext->sys);
310 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
311 "Received error from SAPI unmarshaling" );
312
313 esysContext->state = _ESYS_STATE_INIT;
314
315 return TSS2_RC_SUCCESS;
316 }
317