• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3  * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4  * All rights reserved.
5  ******************************************************************************/
6 
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10 
11 #include "tss2_mu.h"
12 #include "tss2_sys.h"
13 #include "tss2_esys.h"
14 
15 #include "esys_types.h"
16 #include "esys_iutil.h"
17 #include "esys_mu.h"
18 #define LOGMODULE esys
19 #include "util/log.h"
20 #include "util/aux_util.h"
21 
22 /** One-Call function for TPM2_PolicySigned
23  *
24  * This function invokes the TPM2_PolicySigned command in a one-call
25  * variant. This means the function will block until the TPM response is
26  * available. All input parameters are const. The memory for non-simple output
27  * parameters is allocated by the function implementation.
28  *
29  * @param[in,out] esysContext The ESYS_CONTEXT.
30  * @param[in]  authObject Handle for a key that will validate the signature.
31  * @param[in]  policySession Handle for the policy session being extended.
32  * @param[in]  shandle1 First session handle.
33  * @param[in]  shandle2 Second session handle.
34  * @param[in]  shandle3 Third session handle.
35  * @param[in]  nonceTPM The policy nonce for the session.
36  * @param[in]  cpHashA Digest of the command parameters to which this
37  *             authorization is limited.
38  * @param[in]  policyRef A reference to a policy relating to the authorization
39  *             - may be the Empty Buffer.
40  * @param[in]  expiration Time when authorization will expire, measured in
41  *             seconds from the time that nonceTPM was generated.
42  * @param[in]  auth Signed authorization (not optional).
43  * @param[out] timeout Implementation-specific time value, used to indicate to
44  *             the TPM when the ticket expires.
45  *             (callee-allocated)
46  * @param[out] policyTicket Produced if the command succeeds and expiration in
47  *             the command was non-zero; this ticket will use the
48  *             TPMT_ST_AUTH_SIGNED structure tag. See 23.2.5.
49  *             (callee-allocated)
50  * @retval TSS2_RC_SUCCESS if the function call was a success.
51  * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
52  *         pointers or required output handle references are NULL.
53  * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
54  * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
55  *         internal operations or return parameters.
56  * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
57  *         operation already pending.
58  * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
59  *          at least contain the tag, response length, and response code.
60  * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
61  * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM
62            did not verify.
63  * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
64  *         the 'decrypt' attribute bit set.
65  * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
66  *         the 'encrypt' attribute bit set.
67  * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
68  *         to the ESYS_CONTEXT or are of the wrong type or if required
69  *         ESYS_TR objects are ESYS_TR_NONE.
70  * @retval TSS2_RCs produced by lower layers of the software stack may be
71  *         returned to the caller unaltered unless handled internally.
72  */
73 TSS2_RC
Esys_PolicySigned(ESYS_CONTEXT * esysContext,ESYS_TR authObject,ESYS_TR policySession,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,const TPM2B_NONCE * nonceTPM,const TPM2B_DIGEST * cpHashA,const TPM2B_NONCE * policyRef,INT32 expiration,const TPMT_SIGNATURE * auth,TPM2B_TIMEOUT ** timeout,TPMT_TK_AUTH ** policyTicket)74 Esys_PolicySigned(
75     ESYS_CONTEXT *esysContext,
76     ESYS_TR authObject,
77     ESYS_TR policySession,
78     ESYS_TR shandle1,
79     ESYS_TR shandle2,
80     ESYS_TR shandle3,
81     const TPM2B_NONCE *nonceTPM,
82     const TPM2B_DIGEST *cpHashA,
83     const TPM2B_NONCE *policyRef,
84     INT32 expiration,
85     const TPMT_SIGNATURE *auth,
86     TPM2B_TIMEOUT **timeout,
87     TPMT_TK_AUTH **policyTicket)
88 {
89     TSS2_RC r;
90 
91     r = Esys_PolicySigned_Async(esysContext, authObject, policySession, shandle1,
92                                 shandle2, shandle3, nonceTPM, cpHashA, policyRef,
93                                 expiration, auth);
94     return_if_error(r, "Error in async function");
95 
96     /* Set the timeout to indefinite for now, since we want _Finish to block */
97     int32_t timeouttmp = esysContext->timeout;
98     esysContext->timeout = -1;
99     /*
100      * Now we call the finish function, until return code is not equal to
101      * from TSS2_BASE_RC_TRY_AGAIN.
102      * Note that the finish function may return TSS2_RC_TRY_AGAIN, even if we
103      * have set the timeout to -1. This occurs for example if the TPM requests
104      * a retransmission of the command via TPM2_RC_YIELDED.
105      */
106     do {
107         r = Esys_PolicySigned_Finish(esysContext, timeout, policyTicket);
108         /* This is just debug information about the reattempt to finish the
109            command */
110         if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN)
111             LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32
112                       " => resubmitting command", r);
113     } while ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN);
114 
115     /* Restore the timeout value to the original value */
116     esysContext->timeout = timeouttmp;
117     return_if_error(r, "Esys Finish");
118 
119     return TSS2_RC_SUCCESS;
120 }
121 
122 /** Asynchronous function for TPM2_PolicySigned
123  *
124  * This function invokes the TPM2_PolicySigned command in a asynchronous
125  * variant. This means the function will return as soon as the command has been
126  * sent downwards the stack to the TPM. All input parameters are const.
127  * In order to retrieve the TPM's response call Esys_PolicySigned_Finish.
128  *
129  * @param[in,out] esysContext The ESYS_CONTEXT.
130  * @param[in]  authObject Handle for a key that will validate the signature.
131  * @param[in]  policySession Handle for the policy session being extended.
132  * @param[in]  shandle1 First session handle.
133  * @param[in]  shandle2 Second session handle.
134  * @param[in]  shandle3 Third session handle.
135  * @param[in]  nonceTPM The policy nonce for the session.
136  * @param[in]  cpHashA Digest of the command parameters to which this
137  *             authorization is limited.
138  * @param[in]  policyRef A reference to a policy relating to the authorization
139  *             - may be the Empty Buffer.
140  * @param[in]  expiration Time when authorization will expire, measured in
141  *             seconds from the time that nonceTPM was generated.
142  * @param[in]  auth Signed authorization (not optional).
143  * @retval ESYS_RC_SUCCESS if the function call was a success.
144  * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
145  *         pointers or required output handle references are NULL.
146  * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
147  * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
148  *         internal operations or return parameters.
149  * @retval TSS2_RCs produced by lower layers of the software stack may be
150            returned to the caller unaltered unless handled internally.
151  * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
152  *         the 'decrypt' attribute bit set.
153  * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
154  *         the 'encrypt' attribute bit set.
155  * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
156  *         to the ESYS_CONTEXT or are of the wrong type or if required
157  *         ESYS_TR objects are ESYS_TR_NONE.
158  */
159 TSS2_RC
Esys_PolicySigned_Async(ESYS_CONTEXT * esysContext,ESYS_TR authObject,ESYS_TR policySession,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,const TPM2B_NONCE * nonceTPM,const TPM2B_DIGEST * cpHashA,const TPM2B_NONCE * policyRef,INT32 expiration,const TPMT_SIGNATURE * auth)160 Esys_PolicySigned_Async(
161     ESYS_CONTEXT *esysContext,
162     ESYS_TR authObject,
163     ESYS_TR policySession,
164     ESYS_TR shandle1,
165     ESYS_TR shandle2,
166     ESYS_TR shandle3,
167     const TPM2B_NONCE *nonceTPM,
168     const TPM2B_DIGEST *cpHashA,
169     const TPM2B_NONCE *policyRef,
170     INT32 expiration,
171     const TPMT_SIGNATURE *auth)
172 {
173     TSS2_RC r;
174     LOG_TRACE("context=%p, authObject=%"PRIx32 ", policySession=%"PRIx32 ","
175               "nonceTPM=%p, cpHashA=%p, policyRef=%p,"
176               "expiration=%"PRIi32 ", auth=%p",
177               esysContext, authObject, policySession, nonceTPM, cpHashA,
178               policyRef, expiration, auth);
179     TSS2L_SYS_AUTH_COMMAND auths;
180     RSRC_NODE_T *authObjectNode;
181     RSRC_NODE_T *policySessionNode;
182 
183     /* Check context, sequence correctness and set state to error for now */
184     if (esysContext == NULL) {
185         LOG_ERROR("esyscontext is NULL.");
186         return TSS2_ESYS_RC_BAD_REFERENCE;
187     }
188     r = iesys_check_sequence_async(esysContext);
189     if (r != TSS2_RC_SUCCESS)
190         return r;
191     esysContext->state = _ESYS_STATE_INTERNALERROR;
192 
193     /* Check input parameters */
194     r = check_session_feasibility(shandle1, shandle2, shandle3, 0);
195     return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage");
196 
197     /* Retrieve the metadata objects for provided handles */
198     r = esys_GetResourceObject(esysContext, authObject, &authObjectNode);
199     return_state_if_error(r, _ESYS_STATE_INIT, "authObject unknown.");
200     r = esys_GetResourceObject(esysContext, policySession, &policySessionNode);
201     return_state_if_error(r, _ESYS_STATE_INIT, "policySession unknown.");
202 
203     /* Initial invocation of SAPI to prepare the command buffer with parameters */
204     r = Tss2_Sys_PolicySigned_Prepare(esysContext->sys,
205                                       (authObjectNode == NULL) ? TPM2_RH_NULL
206                                        : authObjectNode->rsrc.handle,
207                                       (policySessionNode == NULL) ? TPM2_RH_NULL
208                                        : policySessionNode->rsrc.handle,
209                                       nonceTPM, cpHashA, policyRef, expiration,
210                                       auth);
211     return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error.");
212 
213     /* Calculate the cpHash Values */
214     r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
215     return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
216     iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
217     iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
218     iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
219 
220     /* Generate the auth values and set them in the SAPI command buffer */
221     r = iesys_gen_auths(esysContext, authObjectNode, policySessionNode, NULL, &auths);
222     return_state_if_error(r, _ESYS_STATE_INIT,
223                           "Error in computation of auth values");
224 
225     esysContext->authsCount = auths.count;
226     if (auths.count > 0) {
227         r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths);
228         return_state_if_error(r, _ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
229     }
230 
231     /* Trigger execution and finish the async invocation */
232     r = Tss2_Sys_ExecuteAsync(esysContext->sys);
233     return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
234                           "Finish (Execute Async)");
235 
236     esysContext->state = _ESYS_STATE_SENT;
237 
238     return r;
239 }
240 
241 /** Asynchronous finish function for TPM2_PolicySigned
242  *
243  * This function returns the results of a TPM2_PolicySigned command
244  * invoked via Esys_PolicySigned_Finish. All non-simple output parameters
245  * are allocated by the function's implementation. NULL can be passed for every
246  * output parameter if the value is not required.
247  *
248  * @param[in,out] esysContext The ESYS_CONTEXT.
249  * @param[out] timeout Implementation-specific time value, used to indicate to
250  *             the TPM when the ticket expires.
251  *             (callee-allocated)
252  * @param[out] policyTicket Produced if the command succeeds and expiration in
253  *             the command was non-zero; this ticket will use the
254  *             TPMT_ST_AUTH_SIGNED structure tag. See 23.2.5.
255  *             (callee-allocated)
256  * @retval TSS2_RC_SUCCESS on success
257  * @retval ESYS_RC_SUCCESS if the function call was a success.
258  * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
259  *         pointers or required output handle references are NULL.
260  * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
261  * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
262  *         internal operations or return parameters.
263  * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
264  *         operation already pending.
265  * @retval TSS2_ESYS_RC_TRY_AGAIN: if the timeout counter expires before the
266  *         TPM response is received.
267  * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
268  *         at least contain the tag, response length, and response code.
269  * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM did
270  *         not verify.
271  * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
272  * @retval TSS2_RCs produced by lower layers of the software stack may be
273  *         returned to the caller unaltered unless handled internally.
274  */
275 TSS2_RC
Esys_PolicySigned_Finish(ESYS_CONTEXT * esysContext,TPM2B_TIMEOUT ** timeout,TPMT_TK_AUTH ** policyTicket)276 Esys_PolicySigned_Finish(
277     ESYS_CONTEXT *esysContext,
278     TPM2B_TIMEOUT **timeout,
279     TPMT_TK_AUTH **policyTicket)
280 {
281     TSS2_RC r;
282     LOG_TRACE("context=%p, timeout=%p, policyTicket=%p",
283               esysContext, timeout, policyTicket);
284 
285     if (esysContext == NULL) {
286         LOG_ERROR("esyscontext is NULL.");
287         return TSS2_ESYS_RC_BAD_REFERENCE;
288     }
289 
290     /* Check for correct sequence and set sequence to irregular for now */
291     if (esysContext->state != _ESYS_STATE_SENT &&
292         esysContext->state != _ESYS_STATE_RESUBMISSION) {
293         LOG_ERROR("Esys called in bad sequence.");
294         return TSS2_ESYS_RC_BAD_SEQUENCE;
295     }
296     esysContext->state = _ESYS_STATE_INTERNALERROR;
297 
298     /* Allocate memory for response parameters */
299     if (timeout != NULL) {
300         *timeout = calloc(sizeof(TPM2B_TIMEOUT), 1);
301         if (*timeout == NULL) {
302             return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
303         }
304     }
305     if (policyTicket != NULL) {
306         *policyTicket = calloc(sizeof(TPMT_TK_AUTH), 1);
307         if (*policyTicket == NULL) {
308             goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
309         }
310     }
311 
312     /*Receive the TPM response and handle resubmissions if necessary. */
313     r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
314     if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
315         LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
316         esysContext->state = _ESYS_STATE_SENT;
317         goto error_cleanup;
318     }
319     /* This block handle the resubmission of TPM commands given a certain set of
320      * TPM response codes. */
321     if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) {
322         LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a "
323             "resubmission: %" PRIx32, r);
324         if (esysContext->submissionCount++ >= _ESYS_MAX_SUBMISSIONS) {
325             LOG_WARNING("Maximum number of (re)submissions has been reached.");
326             esysContext->state = _ESYS_STATE_INIT;
327             goto error_cleanup;
328         }
329         esysContext->state = _ESYS_STATE_RESUBMISSION;
330         r = Tss2_Sys_ExecuteAsync(esysContext->sys);
331         if (r != TSS2_RC_SUCCESS) {
332             LOG_WARNING("Error attempting to resubmit");
333             /* We do not set esysContext->state here but inherit the most recent
334              * state of the _async function. */
335             goto error_cleanup;
336         }
337         r = TSS2_ESYS_RC_TRY_AGAIN;
338         LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN.");
339         goto error_cleanup;
340     }
341     /* The following is the "regular error" handling. */
342     if (iesys_tpm_error(r)) {
343         LOG_WARNING("Received TPM Error");
344         esysContext->state = _ESYS_STATE_INIT;
345         goto error_cleanup;
346     } else if (r != TSS2_RC_SUCCESS) {
347         LOG_ERROR("Received a non-TPM Error");
348         esysContext->state = _ESYS_STATE_INTERNALERROR;
349         goto error_cleanup;
350     }
351 
352     /*
353      * Now the verification of the response (hmac check) and if necessary the
354      * parameter decryption have to be done.
355      */
356     r = iesys_check_response(esysContext);
357     goto_state_if_error(r, _ESYS_STATE_INTERNALERROR, "Error: check response",
358                         error_cleanup);
359 
360     /*
361      * After the verification of the response we call the complete function
362      * to deliver the result.
363      */
364     r = Tss2_Sys_PolicySigned_Complete(esysContext->sys,
365                                        (timeout != NULL) ? *timeout : NULL,
366                                        (policyTicket != NULL) ? *policyTicket
367                                         : NULL);
368     goto_state_if_error(r, _ESYS_STATE_INTERNALERROR,
369                         "Received error from SAPI unmarshaling" ,
370                         error_cleanup);
371 
372     esysContext->state = _ESYS_STATE_INIT;
373 
374     return TSS2_RC_SUCCESS;
375 
376 error_cleanup:
377     if (timeout != NULL)
378         SAFE_FREE(*timeout);
379     if (policyTicket != NULL)
380         SAFE_FREE(*policyTicket);
381 
382     return r;
383 }
384