1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 ******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include "tss2_mu.h"
12 #include "tss2_sys.h"
13 #include "tss2_esys.h"
14
15 #include "esys_types.h"
16 #include "esys_iutil.h"
17 #include "esys_mu.h"
18 #define LOGMODULE esys
19 #include "util/log.h"
20 #include "util/aux_util.h"
21
22 /** Store command parameters inside the ESYS_CONTEXT for use during _Finish */
store_input_parameters(ESYS_CONTEXT * esysContext,ESYS_TR policySession)23 static void store_input_parameters (
24 ESYS_CONTEXT *esysContext,
25 ESYS_TR policySession)
26 {
27 esysContext->in.Policy.policySession = policySession;
28 }
29
30 /** One-Call function for TPM2_PolicyPassword
31 *
32 * This function invokes the TPM2_PolicyPassword command in a one-call
33 * variant. This means the function will block until the TPM response is
34 * available. All input parameters are const. The memory for non-simple output
35 * parameters is allocated by the function implementation.
36 *
37 * @param[in,out] esysContext The ESYS_CONTEXT.
38 * @param[in] policySession Handle for the policy session being extended.
39 * @param[in] shandle1 First session handle.
40 * @param[in] shandle2 Second session handle.
41 * @param[in] shandle3 Third session handle.
42 * @retval TSS2_RC_SUCCESS if the function call was a success.
43 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
44 * pointers or required output handle references are NULL.
45 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
46 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
47 * internal operations or return parameters.
48 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
49 * operation already pending.
50 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
51 * at least contain the tag, response length, and response code.
52 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
53 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM
54 did not verify.
55 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
56 * the 'decrypt' attribute bit set.
57 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
58 * the 'encrypt' attribute bit set.
59 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
60 * to the ESYS_CONTEXT or are of the wrong type or if required
61 * ESYS_TR objects are ESYS_TR_NONE.
62 * @retval TSS2_ESYS_RC_NO_DECRYPT_PARAM: if one of the sessions has the
63 * 'decrypt' attribute set and the command does not support encryption
64 * of the first command parameter.
65 * @retval TSS2_ESYS_RC_NO_ENCRYPT_PARAM: if one of the sessions has the
66 * 'encrypt' attribute set and the command does not support encryption
67 * of the first response parameter.
68 * @retval TSS2_RCs produced by lower layers of the software stack may be
69 * returned to the caller unaltered unless handled internally.
70 */
71 TSS2_RC
Esys_PolicyPassword(ESYS_CONTEXT * esysContext,ESYS_TR policySession,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3)72 Esys_PolicyPassword(
73 ESYS_CONTEXT *esysContext,
74 ESYS_TR policySession,
75 ESYS_TR shandle1,
76 ESYS_TR shandle2,
77 ESYS_TR shandle3)
78 {
79 TSS2_RC r;
80
81 r = Esys_PolicyPassword_Async(esysContext, policySession, shandle1, shandle2,
82 shandle3);
83 return_if_error(r, "Error in async function");
84
85 /* Set the timeout to indefinite for now, since we want _Finish to block */
86 int32_t timeouttmp = esysContext->timeout;
87 esysContext->timeout = -1;
88 /*
89 * Now we call the finish function, until return code is not equal to
90 * from TSS2_BASE_RC_TRY_AGAIN.
91 * Note that the finish function may return TSS2_RC_TRY_AGAIN, even if we
92 * have set the timeout to -1. This occurs for example if the TPM requests
93 * a retransmission of the command via TPM2_RC_YIELDED.
94 */
95 do {
96 r = Esys_PolicyPassword_Finish(esysContext);
97 /* This is just debug information about the reattempt to finish the
98 command */
99 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN)
100 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32
101 " => resubmitting command", r);
102 } while ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN);
103
104 /* Restore the timeout value to the original value */
105 esysContext->timeout = timeouttmp;
106 return_if_error(r, "Esys Finish");
107
108 return TSS2_RC_SUCCESS;
109 }
110
111 /** Asynchronous function for TPM2_PolicyPassword
112 *
113 * This function invokes the TPM2_PolicyPassword command in a asynchronous
114 * variant. This means the function will return as soon as the command has been
115 * sent downwards the stack to the TPM. All input parameters are const.
116 * In order to retrieve the TPM's response call Esys_PolicyPassword_Finish.
117 *
118 * @param[in,out] esysContext The ESYS_CONTEXT.
119 * @param[in] policySession Handle for the policy session being extended.
120 * @param[in] shandle1 First session handle.
121 * @param[in] shandle2 Second session handle.
122 * @param[in] shandle3 Third session handle.
123 * @retval ESYS_RC_SUCCESS if the function call was a success.
124 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
125 * pointers or required output handle references are NULL.
126 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
127 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
128 * internal operations or return parameters.
129 * @retval TSS2_RCs produced by lower layers of the software stack may be
130 returned to the caller unaltered unless handled internally.
131 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
132 * the 'decrypt' attribute bit set.
133 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
134 * the 'encrypt' attribute bit set.
135 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
136 * to the ESYS_CONTEXT or are of the wrong type or if required
137 * ESYS_TR objects are ESYS_TR_NONE.
138 * @retval TSS2_ESYS_RC_NO_DECRYPT_PARAM: if one of the sessions has the
139 * 'decrypt' attribute set and the command does not support encryption
140 * of the first command parameter.
141 * @retval TSS2_ESYS_RC_NO_ENCRYPT_PARAM: if one of the sessions has the
142 * 'encrypt' attribute set and the command does not support encryption
143 * of the first response parameter.
144 */
145 TSS2_RC
Esys_PolicyPassword_Async(ESYS_CONTEXT * esysContext,ESYS_TR policySession,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3)146 Esys_PolicyPassword_Async(
147 ESYS_CONTEXT *esysContext,
148 ESYS_TR policySession,
149 ESYS_TR shandle1,
150 ESYS_TR shandle2,
151 ESYS_TR shandle3)
152 {
153 TSS2_RC r;
154 LOG_TRACE("context=%p, policySession=%"PRIx32 "",
155 esysContext, policySession);
156 TSS2L_SYS_AUTH_COMMAND auths;
157 RSRC_NODE_T *policySessionNode;
158
159 /* Check context, sequence correctness and set state to error for now */
160 if (esysContext == NULL) {
161 LOG_ERROR("esyscontext is NULL.");
162 return TSS2_ESYS_RC_BAD_REFERENCE;
163 }
164 r = iesys_check_sequence_async(esysContext);
165 if (r != TSS2_RC_SUCCESS)
166 return r;
167 esysContext->state = _ESYS_STATE_INTERNALERROR;
168
169 /* Check input parameters */
170 r = check_session_feasibility(shandle1, shandle2, shandle3, 0);
171 return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage");
172 store_input_parameters(esysContext, policySession);
173
174 /* Retrieve the metadata objects for provided handles */
175 r = esys_GetResourceObject(esysContext, policySession, &policySessionNode);
176 return_state_if_error(r, _ESYS_STATE_INIT, "policySession unknown.");
177
178 /* Initial invocation of SAPI to prepare the command buffer with parameters */
179 r = Tss2_Sys_PolicyPassword_Prepare(esysContext->sys,
180 (policySessionNode == NULL)
181 ? TPM2_RH_NULL
182 : policySessionNode->rsrc.handle);
183 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error.");
184
185 /* Calculate the cpHash Values */
186 r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
187 return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
188 iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
189 iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
190 iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
191
192 /* Generate the auth values and set them in the SAPI command buffer */
193 r = iesys_gen_auths(esysContext, policySessionNode, NULL, NULL, &auths);
194 return_state_if_error(r, _ESYS_STATE_INIT,
195 "Error in computation of auth values");
196
197 esysContext->authsCount = auths.count;
198 if (auths.count > 0) {
199 r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths);
200 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
201 }
202
203 /* Trigger execution and finish the async invocation */
204 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
205 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
206 "Finish (Execute Async)");
207
208 esysContext->state = _ESYS_STATE_SENT;
209
210 return r;
211 }
212
213 /** Asynchronous finish function for TPM2_PolicyPassword
214 *
215 * This function returns the results of a TPM2_PolicyPassword command
216 * invoked via Esys_PolicyPassword_Finish. All non-simple output parameters
217 * are allocated by the function's implementation. NULL can be passed for every
218 * output parameter if the value is not required.
219 *
220 * @param[in,out] esysContext The ESYS_CONTEXT.
221 * @retval TSS2_RC_SUCCESS on success
222 * @retval ESYS_RC_SUCCESS if the function call was a success.
223 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
224 * pointers or required output handle references are NULL.
225 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
226 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
227 * internal operations or return parameters.
228 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
229 * operation already pending.
230 * @retval TSS2_ESYS_RC_TRY_AGAIN: if the timeout counter expires before the
231 * TPM response is received.
232 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
233 * at least contain the tag, response length, and response code.
234 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM did
235 * not verify.
236 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
237 * @retval TSS2_RCs produced by lower layers of the software stack may be
238 * returned to the caller unaltered unless handled internally.
239 */
240 TSS2_RC
Esys_PolicyPassword_Finish(ESYS_CONTEXT * esysContext)241 Esys_PolicyPassword_Finish(
242 ESYS_CONTEXT *esysContext)
243 {
244 TSS2_RC r;
245 LOG_TRACE("context=%p",
246 esysContext);
247
248 if (esysContext == NULL) {
249 LOG_ERROR("esyscontext is NULL.");
250 return TSS2_ESYS_RC_BAD_REFERENCE;
251 }
252
253 /* Check for correct sequence and set sequence to irregular for now */
254 if (esysContext->state != _ESYS_STATE_SENT &&
255 esysContext->state != _ESYS_STATE_RESUBMISSION) {
256 LOG_ERROR("Esys called in bad sequence.");
257 return TSS2_ESYS_RC_BAD_SEQUENCE;
258 }
259 esysContext->state = _ESYS_STATE_INTERNALERROR;
260
261 /*Receive the TPM response and handle resubmissions if necessary. */
262 r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
263 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
264 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
265 esysContext->state = _ESYS_STATE_SENT;
266 return r;
267 }
268 /* This block handle the resubmission of TPM commands given a certain set of
269 * TPM response codes. */
270 if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) {
271 LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a "
272 "resubmission: %" PRIx32, r);
273 if (esysContext->submissionCount++ >= _ESYS_MAX_SUBMISSIONS) {
274 LOG_WARNING("Maximum number of (re)submissions has been reached.");
275 esysContext->state = _ESYS_STATE_INIT;
276 return r;
277 }
278 esysContext->state = _ESYS_STATE_RESUBMISSION;
279 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
280 if (r != TSS2_RC_SUCCESS) {
281 LOG_WARNING("Error attempting to resubmit");
282 /* We do not set esysContext->state here but inherit the most recent
283 * state of the _async function. */
284 return r;
285 }
286 r = TSS2_ESYS_RC_TRY_AGAIN;
287 LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN.");
288 return r;
289 }
290 /* The following is the "regular error" handling. */
291 if (iesys_tpm_error(r)) {
292 LOG_WARNING("Received TPM Error");
293 esysContext->state = _ESYS_STATE_INIT;
294 return r;
295 } else if (r != TSS2_RC_SUCCESS) {
296 LOG_ERROR("Received a non-TPM Error");
297 esysContext->state = _ESYS_STATE_INTERNALERROR;
298 return r;
299 }
300
301 /*
302 * Now the verification of the response (hmac check) and if necessary the
303 * parameter decryption have to be done.
304 */
305 r = iesys_check_response(esysContext);
306 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
307 "Error: check response");
308
309 /*
310 * After the verification of the response we call the complete function
311 * to deliver the result.
312 */
313 r = Tss2_Sys_PolicyPassword_Complete(esysContext->sys);
314 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
315 "Received error from SAPI unmarshaling" );
316
317 ESYS_TR policySession = esysContext->in.Policy.policySession;
318 RSRC_NODE_T *policySessionNode;
319 r = esys_GetResourceObject(esysContext, policySession, &policySessionNode);
320 return_if_error(r, "get resource");
321
322 if (policySessionNode != NULL)
323 /* Indicate that the authValue of authorized object will be checked */
324 policySessionNode->rsrc.misc.rsrc_session.type_policy_session =
325 POLICY_PASSWORD;
326 esysContext->state = _ESYS_STATE_INIT;
327
328 return TSS2_RC_SUCCESS;
329 }
330