1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 ******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include "tss2_mu.h"
12 #include "tss2_sys.h"
13 #include "tss2_esys.h"
14
15 #include "esys_types.h"
16 #include "esys_iutil.h"
17 #include "esys_mu.h"
18 #define LOGMODULE esys
19 #include "util/log.h"
20 #include "util/aux_util.h"
21
22 /** One-Call function for TPM2_MakeCredential
23 *
24 * This function invokes the TPM2_MakeCredential command in a one-call
25 * variant. This means the function will block until the TPM response is
26 * available. All input parameters are const. The memory for non-simple output
27 * parameters is allocated by the function implementation.
28 *
29 * @param[in,out] esysContext The ESYS_CONTEXT.
30 * @param[in] handle Loaded public area, used to encrypt the sensitive area
31 * containing the credential key.
32 * @param[in] shandle1 First session handle.
33 * @param[in] shandle2 Second session handle.
34 * @param[in] shandle3 Third session handle.
35 * @param[in] credential The credential information.
36 * @param[in] objectName Name of the object to which the credential applies.
37 * @param[out] credentialBlob The credential.
38 * (callee-allocated)
39 * @param[out] secret Handle algorithm-dependent data that wraps the key that
40 * encrypts credentialBlob.
41 * (callee-allocated)
42 * @retval TSS2_RC_SUCCESS if the function call was a success.
43 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
44 * pointers or required output handle references are NULL.
45 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
46 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
47 * internal operations or return parameters.
48 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
49 * operation already pending.
50 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
51 * at least contain the tag, response length, and response code.
52 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
53 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM
54 did not verify.
55 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
56 * the 'decrypt' attribute bit set.
57 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
58 * the 'encrypt' attribute bit set.
59 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
60 * to the ESYS_CONTEXT or are of the wrong type or if required
61 * ESYS_TR objects are ESYS_TR_NONE.
62 * @retval TSS2_RCs produced by lower layers of the software stack may be
63 * returned to the caller unaltered unless handled internally.
64 */
65 TSS2_RC
Esys_MakeCredential(ESYS_CONTEXT * esysContext,ESYS_TR handle,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,const TPM2B_DIGEST * credential,const TPM2B_NAME * objectName,TPM2B_ID_OBJECT ** credentialBlob,TPM2B_ENCRYPTED_SECRET ** secret)66 Esys_MakeCredential(
67 ESYS_CONTEXT *esysContext,
68 ESYS_TR handle,
69 ESYS_TR shandle1,
70 ESYS_TR shandle2,
71 ESYS_TR shandle3,
72 const TPM2B_DIGEST *credential,
73 const TPM2B_NAME *objectName,
74 TPM2B_ID_OBJECT **credentialBlob,
75 TPM2B_ENCRYPTED_SECRET **secret)
76 {
77 TSS2_RC r;
78
79 r = Esys_MakeCredential_Async(esysContext, handle, shandle1, shandle2,
80 shandle3, credential, objectName);
81 return_if_error(r, "Error in async function");
82
83 /* Set the timeout to indefinite for now, since we want _Finish to block */
84 int32_t timeouttmp = esysContext->timeout;
85 esysContext->timeout = -1;
86 /*
87 * Now we call the finish function, until return code is not equal to
88 * from TSS2_BASE_RC_TRY_AGAIN.
89 * Note that the finish function may return TSS2_RC_TRY_AGAIN, even if we
90 * have set the timeout to -1. This occurs for example if the TPM requests
91 * a retransmission of the command via TPM2_RC_YIELDED.
92 */
93 do {
94 r = Esys_MakeCredential_Finish(esysContext, credentialBlob, secret);
95 /* This is just debug information about the reattempt to finish the
96 command */
97 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN)
98 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32
99 " => resubmitting command", r);
100 } while ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN);
101
102 /* Restore the timeout value to the original value */
103 esysContext->timeout = timeouttmp;
104 return_if_error(r, "Esys Finish");
105
106 return TSS2_RC_SUCCESS;
107 }
108
109 /** Asynchronous function for TPM2_MakeCredential
110 *
111 * This function invokes the TPM2_MakeCredential command in a asynchronous
112 * variant. This means the function will return as soon as the command has been
113 * sent downwards the stack to the TPM. All input parameters are const.
114 * In order to retrieve the TPM's response call Esys_MakeCredential_Finish.
115 *
116 * @param[in,out] esysContext The ESYS_CONTEXT.
117 * @param[in] handle Loaded public area, used to encrypt the sensitive area
118 * containing the credential key.
119 * @param[in] shandle1 First session handle.
120 * @param[in] shandle2 Second session handle.
121 * @param[in] shandle3 Third session handle.
122 * @param[in] credential The credential information.
123 * @param[in] objectName Name of the object to which the credential applies.
124 * @retval ESYS_RC_SUCCESS if the function call was a success.
125 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
126 * pointers or required output handle references are NULL.
127 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
128 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
129 * internal operations or return parameters.
130 * @retval TSS2_RCs produced by lower layers of the software stack may be
131 returned to the caller unaltered unless handled internally.
132 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
133 * the 'decrypt' attribute bit set.
134 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
135 * the 'encrypt' attribute bit set.
136 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
137 * to the ESYS_CONTEXT or are of the wrong type or if required
138 * ESYS_TR objects are ESYS_TR_NONE.
139 */
140 TSS2_RC
Esys_MakeCredential_Async(ESYS_CONTEXT * esysContext,ESYS_TR handle,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,const TPM2B_DIGEST * credential,const TPM2B_NAME * objectName)141 Esys_MakeCredential_Async(
142 ESYS_CONTEXT *esysContext,
143 ESYS_TR handle,
144 ESYS_TR shandle1,
145 ESYS_TR shandle2,
146 ESYS_TR shandle3,
147 const TPM2B_DIGEST *credential,
148 const TPM2B_NAME *objectName)
149 {
150 TSS2_RC r;
151 LOG_TRACE("context=%p, handle=%"PRIx32 ", credential=%p,"
152 "objectName=%p",
153 esysContext, handle, credential, objectName);
154 TSS2L_SYS_AUTH_COMMAND auths;
155 RSRC_NODE_T *handleNode;
156
157 /* Check context, sequence correctness and set state to error for now */
158 if (esysContext == NULL) {
159 LOG_ERROR("esyscontext is NULL.");
160 return TSS2_ESYS_RC_BAD_REFERENCE;
161 }
162 r = iesys_check_sequence_async(esysContext);
163 if (r != TSS2_RC_SUCCESS)
164 return r;
165 esysContext->state = _ESYS_STATE_INTERNALERROR;
166
167 /* Check input parameters */
168 r = check_session_feasibility(shandle1, shandle2, shandle3, 0);
169 return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage");
170
171 /* Retrieve the metadata objects for provided handles */
172 r = esys_GetResourceObject(esysContext, handle, &handleNode);
173 return_state_if_error(r, _ESYS_STATE_INIT, "handle unknown.");
174
175 /* Initial invocation of SAPI to prepare the command buffer with parameters */
176 r = Tss2_Sys_MakeCredential_Prepare(esysContext->sys,
177 (handleNode == NULL) ? TPM2_RH_NULL
178 : handleNode->rsrc.handle, credential,
179 objectName);
180 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error.");
181
182 /* Calculate the cpHash Values */
183 r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
184 return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
185 iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
186 iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
187 iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
188
189 /* Generate the auth values and set them in the SAPI command buffer */
190 r = iesys_gen_auths(esysContext, handleNode, NULL, NULL, &auths);
191 return_state_if_error(r, _ESYS_STATE_INIT,
192 "Error in computation of auth values");
193
194 esysContext->authsCount = auths.count;
195 if (auths.count > 0) {
196 r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths);
197 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
198 }
199
200 /* Trigger execution and finish the async invocation */
201 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
202 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
203 "Finish (Execute Async)");
204
205 esysContext->state = _ESYS_STATE_SENT;
206
207 return r;
208 }
209
210 /** Asynchronous finish function for TPM2_MakeCredential
211 *
212 * This function returns the results of a TPM2_MakeCredential command
213 * invoked via Esys_MakeCredential_Finish. All non-simple output parameters
214 * are allocated by the function's implementation. NULL can be passed for every
215 * output parameter if the value is not required.
216 *
217 * @param[in,out] esysContext The ESYS_CONTEXT.
218 * @param[out] credentialBlob The credential.
219 * (callee-allocated)
220 * @param[out] secret Handle algorithm-dependent data that wraps the key that
221 * encrypts credentialBlob.
222 * (callee-allocated)
223 * @retval TSS2_RC_SUCCESS on success
224 * @retval ESYS_RC_SUCCESS if the function call was a success.
225 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
226 * pointers or required output handle references are NULL.
227 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
228 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
229 * internal operations or return parameters.
230 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
231 * operation already pending.
232 * @retval TSS2_ESYS_RC_TRY_AGAIN: if the timeout counter expires before the
233 * TPM response is received.
234 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
235 * at least contain the tag, response length, and response code.
236 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM did
237 * not verify.
238 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
239 * @retval TSS2_RCs produced by lower layers of the software stack may be
240 * returned to the caller unaltered unless handled internally.
241 */
242 TSS2_RC
Esys_MakeCredential_Finish(ESYS_CONTEXT * esysContext,TPM2B_ID_OBJECT ** credentialBlob,TPM2B_ENCRYPTED_SECRET ** secret)243 Esys_MakeCredential_Finish(
244 ESYS_CONTEXT *esysContext,
245 TPM2B_ID_OBJECT **credentialBlob,
246 TPM2B_ENCRYPTED_SECRET **secret)
247 {
248 TSS2_RC r;
249 LOG_TRACE("context=%p, credentialBlob=%p, secret=%p",
250 esysContext, credentialBlob, secret);
251
252 if (esysContext == NULL) {
253 LOG_ERROR("esyscontext is NULL.");
254 return TSS2_ESYS_RC_BAD_REFERENCE;
255 }
256
257 /* Check for correct sequence and set sequence to irregular for now */
258 if (esysContext->state != _ESYS_STATE_SENT &&
259 esysContext->state != _ESYS_STATE_RESUBMISSION) {
260 LOG_ERROR("Esys called in bad sequence.");
261 return TSS2_ESYS_RC_BAD_SEQUENCE;
262 }
263 esysContext->state = _ESYS_STATE_INTERNALERROR;
264
265 /* Allocate memory for response parameters */
266 if (credentialBlob != NULL) {
267 *credentialBlob = calloc(sizeof(TPM2B_ID_OBJECT), 1);
268 if (*credentialBlob == NULL) {
269 return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
270 }
271 }
272 if (secret != NULL) {
273 *secret = calloc(sizeof(TPM2B_ENCRYPTED_SECRET), 1);
274 if (*secret == NULL) {
275 goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
276 }
277 }
278
279 /*Receive the TPM response and handle resubmissions if necessary. */
280 r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
281 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
282 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
283 esysContext->state = _ESYS_STATE_SENT;
284 goto error_cleanup;
285 }
286 /* This block handle the resubmission of TPM commands given a certain set of
287 * TPM response codes. */
288 if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) {
289 LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a "
290 "resubmission: %" PRIx32, r);
291 if (esysContext->submissionCount++ >= _ESYS_MAX_SUBMISSIONS) {
292 LOG_WARNING("Maximum number of (re)submissions has been reached.");
293 esysContext->state = _ESYS_STATE_INIT;
294 goto error_cleanup;
295 }
296 esysContext->state = _ESYS_STATE_RESUBMISSION;
297 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
298 if (r != TSS2_RC_SUCCESS) {
299 LOG_WARNING("Error attempting to resubmit");
300 /* We do not set esysContext->state here but inherit the most recent
301 * state of the _async function. */
302 goto error_cleanup;
303 }
304 r = TSS2_ESYS_RC_TRY_AGAIN;
305 LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN.");
306 goto error_cleanup;
307 }
308 /* The following is the "regular error" handling. */
309 if (iesys_tpm_error(r)) {
310 LOG_WARNING("Received TPM Error");
311 esysContext->state = _ESYS_STATE_INIT;
312 goto error_cleanup;
313 } else if (r != TSS2_RC_SUCCESS) {
314 LOG_ERROR("Received a non-TPM Error");
315 esysContext->state = _ESYS_STATE_INTERNALERROR;
316 goto error_cleanup;
317 }
318
319 /*
320 * Now the verification of the response (hmac check) and if necessary the
321 * parameter decryption have to be done.
322 */
323 r = iesys_check_response(esysContext);
324 goto_state_if_error(r, _ESYS_STATE_INTERNALERROR, "Error: check response",
325 error_cleanup);
326
327 /*
328 * After the verification of the response we call the complete function
329 * to deliver the result.
330 */
331 r = Tss2_Sys_MakeCredential_Complete(esysContext->sys,
332 (credentialBlob != NULL)
333 ? *credentialBlob : NULL,
334 (secret != NULL) ? *secret : NULL);
335 goto_state_if_error(r, _ESYS_STATE_INTERNALERROR,
336 "Received error from SAPI unmarshaling" ,
337 error_cleanup);
338
339 esysContext->state = _ESYS_STATE_INIT;
340
341 return TSS2_RC_SUCCESS;
342
343 error_cleanup:
344 if (credentialBlob != NULL)
345 SAFE_FREE(*credentialBlob);
346 if (secret != NULL)
347 SAFE_FREE(*secret);
348
349 return r;
350 }
351