13 #include "session-util.h"
20 static SESSION *sessions = NULL;
22 SESSION *
25     SESSION *s;  in get_session()
33     SESSION *session,  in start_auth_session()  argument
48     if (session->nonceOlder.size == 0)  in start_auth_session()
49         session->nonceOlder.size = GetDigestSize(session->authHash);  in start_auth_session()
51     memset(session->nonceOlder.buffer, '\0', session->nonceOlder.size);  in start_auth_session()
52     session->nonceNewer.size = session->nonceOlder.size;  in start_auth_session()
53     session->nonceTpmDecrypt.size = 0;  in start_auth_session()
54     session->nonceTpmEncrypt.size = 0;  in start_auth_session()
57             tmp_context, session->tpmKey, session->bind, 0,  in start_auth_session()
58             &session->nonceOlder, &session->encryptedSalt,  in start_auth_session()
59             session->sessionType, &session->symmetric,  in start_auth_session()
60             session->authHash, &session->sessionHandle,  in start_auth_session()
61             &session->nonceNewer, 0);  in start_auth_session()
65     if (session->tpmKey == TPM2_RH_NULL)  in start_auth_session()
66         session->salt.size = 0;  in start_auth_session()
68     if (session->bind == TPM2_RH_NULL)  in start_auth_session()
69         session->authValueBind.size = 0;  in start_auth_session()
71     session->sessionKey.size = 0;  in start_auth_session()
72     if (session->tpmKey == TPM2_RH_NULL && session->bind == TPM2_RH_NULL)  in start_auth_session()
77             (TPM2B *)&session->authValueBind);  in start_auth_session()
79         Tss2_Sys_FlushContext(tmp_context, session->sessionHandle);  in start_auth_session()
84             (TPM2B *)&session->salt);  in start_auth_session()
86         Tss2_Sys_FlushContext(tmp_context, session->sessionHandle);  in start_auth_session()
90     bytes = GetDigestSize(session->authHash) * 8;  in start_auth_session()
92     rval = KDFa(session->authHash, (TPM2B *)&key, label,  in start_auth_session()
93                 (TPM2B *)&session->nonceNewer,  in start_auth_session()
94                 (TPM2B *)&session->nonceOlder,  in start_auth_session()
95                 bytes, (TPM2B_MAX_BUFFER *)&session->sessionKey);  in start_auth_session()
104     SESSION *session,  in compute_session_auth()  argument
123                         session->authHash, command, &pHash);  in compute_session_auth()
137     buffer_list[i++] = (TPM2B_DIGEST *)&session->nonceNewer;  in compute_session_auth()
138     buffer_list[i++] = (TPM2B_DIGEST *)&session->nonceOlder;  in compute_session_auth()
139     buffer_list[i++] = (TPM2B_DIGEST *)&session->nonceTpmDecrypt;  in compute_session_auth()
140     buffer_list[i++] = (TPM2B_DIGEST *)&session->nonceTpmEncrypt;  in compute_session_auth()
150     rval = hmac(session->authHash, hmacKey->buffer,  in compute_session_auth()
173     SESSION *session;  in compute_command_hmac()  local
180         LOG_ERROR("Bad value for session count: %" PRIu16, count);  in compute_command_hmac()
192         session = get_session(pSessionsDataIn->auths[i].sessionHandle);  in compute_command_hmac()
193         if (!session)  in compute_command_hmac()
196         CopySizedByteBuffer((TPM2B *)&hmac_key, (TPM2B *)&session->sessionKey);  in compute_command_hmac()
198         if (handles[i] != session->bind || handles[i] == TPM2_RH_NULL)  in compute_command_hmac()
202                 session,  in compute_command_hmac()
225     SESSION *session;  in check_response_hmac()  local
232         LOG_ERROR("Bad value for session count: %" PRIu16, count);  in check_response_hmac()
244         session = get_session(pSessionsDataIn->auths[i].sessionHandle);  in check_response_hmac()
245         if (!session)  in check_response_hmac()
248         CopySizedByteBuffer((TPM2B *)&hmac_key, (TPM2B *)&session->sessionKey);  in check_response_hmac()
250         if (handles[i] != session->bind)  in check_response_hmac()
254                     session,  in check_response_hmac()
274     SESSION **psession,  in create_auth_session()
287     SESSION *session, *tmp;  in create_auth_session()  local
292     session = calloc(1, sizeof(SESSION));  in create_auth_session()
294     if (!session)  in create_auth_session()
297     session->bind = bind;  in create_auth_session()
298     session->tpmKey = tpmKey;  in create_auth_session()
299     CopySizedByteBuffer((TPM2B *)&session->nonceOlder, (TPM2B *)nonceCaller);  in create_auth_session()
300     CopySizedByteBuffer((TPM2B *)&session->encryptedSalt, (TPM2B *)encryptedSalt);  in create_auth_session()
301     session->sessionType = sessionType;  in create_auth_session()
302     session->symmetric.algorithm = symmetric->algorithm;  in create_auth_session()
303     session->symmetric.keyBits.sym = symmetric->keyBits.sym;  in create_auth_session()
304     session->symmetric.mode.sym = symmetric->mode.sym;  in create_auth_session()
305     session->authHash = algId;  in create_auth_session()
307         CopySizedByteBuffer((TPM2B *)&session->authValueBind, (TPM2B *)bindAuth);  in create_auth_session()
309     if (session->tpmKey != TPM2_RH_NULL)  in create_auth_session()
310         CopySizedByteBuffer((TPM2B *)&session->salt, (TPM2B *)salt);  in create_auth_session()
312     rval = start_auth_session(session, tctiContext);  in create_auth_session()
314         free(session);  in create_auth_session()
317     /* Make sure this session handle is not already in the table */  in create_auth_session()
318     HASH_FIND_INT(sessions, &session->sessionHandle, tmp);  in create_auth_session()
322     HASH_ADD_INT(sessions, sessionHandle, session);  in create_auth_session()
323     *psession = session;  in create_auth_session()
327 void end_auth_session(SESSION *session)  in end_auth_session()  argument
329     HASH_DEL(sessions, session);  in end_auth_session()
330     free(session);  in end_auth_session()
333 void roll_nonces(SESSION *session, TPM2B_NONCE *new_nonce)  in roll_nonces()  argument
335     session->nonceOlder = session->nonceNewer;  in roll_nonces()
336     session->nonceNewer = *new_nonce;  in roll_nonces()
554     SESSION *session,  in gen_session_key()  argument
566     CopySizedByteBuffer((TPM2B *)&sessionValue, (TPM2B *)&session->sessionKey);  in gen_session_key()
569     rval = KDFa (session->authHash,  in gen_session_key()
572                  (TPM2B *)&session->nonceNewer,  in gen_session_key()
573                  (TPM2B *)&session->nonceOlder,  in gen_session_key()
574                  session->symmetric.keyBits.sym + aes_block_size * 8,  in gen_session_key()
579     if (key.size != (session->symmetric.keyBits.sym / 8) + aes_block_size)  in gen_session_key()
583     session_key->size = (session->symmetric.keyBits.sym) / 8;  in gen_session_key()
596     SESSION *session,  in encrypt_param_cfb()  argument
605     rval = gen_session_key(session, &encryptKey, &iv, auth_value);  in encrypt_param_cfb()
614     SESSION *session,  in decrypt_param_cfb()  argument
623     rval = gen_session_key(session, &encryptKey, &iv, auth_value);  in decrypt_param_cfb()
632     SESSION *session,  in encrypt_decrypt_xor()  argument
648     CopySizedByteBuffer((TPM2B *)&key, (TPM2B *)&session->sessionKey);  in encrypt_decrypt_xor()
651     rval = KDFa(session->authHash,  in encrypt_decrypt_xor()
654             (TPM2B *)&session->nonceNewer,  in encrypt_decrypt_xor()
655             (TPM2B *)&session->nonceOlder,  in encrypt_decrypt_xor()
671     SESSION *session,  in encrypt_command_param()  argument
676     return session->symmetric.algorithm == TPM2_ALG_AES ?  in encrypt_command_param()
677         encrypt_param_cfb(session, encrypted_data, clear_data, auth_value) :  in encrypt_command_param()
678         encrypt_decrypt_xor(session, encrypted_data, clear_data, auth_value);  in encrypt_command_param()
683     SESSION *session,  in decrypt_response_param()  argument
688     return session->symmetric.algorithm == TPM2_ALG_AES ?  in decrypt_response_param()
689         decrypt_param_cfb(session, clear_data, encrypted_data, auth_value) :  in decrypt_response_param()
690         encrypt_decrypt_xor(session, clear_data, encrypted_data, auth_value);  in decrypt_response_param()