Google Git
Sign in
android / platform / external / ms-tpm-20-ref / HEAD / . / TPMCmd / tpm / src / main / SessionProcess.c
blob: 9d5ef04c9a0c1ecd467fd19d9fd72232067ad566 [file] [log] [blame]
/* Microsoft Reference Implementation for TPM 2.0
*
* The copyright in this software is being made available under the BSD License,
* included below. This software may be subject to other third party and
* contributor rights, including patent rights, and no such rights are granted
* under this license.
*
* Copyright (c) Microsoft Corporation
*
* All rights reserved.
*
* BSD License
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this list
* of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice, this
* list of conditions and the following disclaimer in the documentation and/or
* other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
//** Introduction
// This file contains the subsystem that process the authorization sessions
// including implementation of the Dictionary Attack logic. ExecCommand() uses
// ParseSessionBuffer() to process the authorization session area of a command and
// BuildResponseSession() to create the authorization session area of a response.
//** Includes and Data Definitions
#define SESSION_PROCESS_C
#include "Tpm.h"
#include "ACT.h"
//
//** Authorization Support Functions
//
//*** IsDAExempted()
// This function indicates if a handle is exempted from DA logic.
// A handle is exempted if it is:
// a) a primary seed handle;
// b) an object with noDA bit SET;
// c) an NV Index with TPMA_NV_NO_DA bit SET; or
// d) a PCR handle.
//
// Return Type: BOOL
// TRUE(1) handle is exempted from DA logic
// FALSE(0) handle is not exempted from DA logic
BOOL
IsDAExempted(
TPM_HANDLE handle // IN: entity handle
)
{
BOOL result = FALSE;
//
switch(HandleGetType(handle))
{
case TPM_HT_PERMANENT:
// All permanent handles, other than TPM_RH_LOCKOUT, are exempt from
// DA protection.
result = (handle != TPM_RH_LOCKOUT);
break;
// When this function is called, a persistent object will have been loaded
// into an object slot and assigned a transient handle.
case TPM_HT_TRANSIENT:
{
TPMA_OBJECT attributes = ObjectGetPublicAttributes(handle);
result = IS_ATTRIBUTE(attributes, TPMA_OBJECT, noDA);
break;
}
case TPM_HT_NV_INDEX:
{
NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL);
result = IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, NO_DA);
break;
}
case TPM_HT_PCR:
// PCRs are always exempted from DA.
result = TRUE;
break;
default:
break;
}
return result;
}
//*** IncrementLockout()
// This function is called after an authorization failure that involves use of
// an authValue. If the entity referenced by the handle is not exempt from DA
// protection, then the failedTries counter will be incremented.
//
// Return Type: TPM_RC
// TPM_RC_AUTH_FAIL authorization failure that caused DA lockout to increment
// TPM_RC_BAD_AUTH authorization failure did not cause DA lockout to
// increment
static TPM_RC
IncrementLockout(
UINT32 sessionIndex
)
{
TPM_HANDLE handle = s_associatedHandles[sessionIndex];
TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex];
SESSION *session = NULL;
//
// Don't increment lockout unless the handle associated with the session
// is DA protected or the session is bound to a DA protected entity.
if(sessionHandle == TPM_RS_PW)
{
if(IsDAExempted(handle))
return TPM_RC_BAD_AUTH;
}
else
{
session = SessionGet(sessionHandle);
// If the session is bound to lockout, then use that as the relevant
// handle. This means that an authorization failure with a bound session
// bound to lockoutAuth will take precedence over any other
// lockout check
if(session->attributes.isLockoutBound == SET)
handle = TPM_RH_LOCKOUT;
if(session->attributes.isDaBound == CLEAR
&& (IsDAExempted(handle) || session->attributes.includeAuth == CLEAR))
// If the handle was changed to TPM_RH_LOCKOUT, this will not return
// TPM_RC_BAD_AUTH
return TPM_RC_BAD_AUTH;
}
if(handle == TPM_RH_LOCKOUT)
{
pAssert(gp.lockOutAuthEnabled == TRUE);
// lockout is no longer enabled
gp.lockOutAuthEnabled = FALSE;
// For TPM_RH_LOCKOUT, if lockoutRecovery is 0, no need to update NV since
// the lockout authorization will be reset at startup.
if(gp.lockoutRecovery != 0)
{
if(NV_IS_AVAILABLE)
// Update NV.
NV_SYNC_PERSISTENT(lockOutAuthEnabled);
else
// No NV access for now. Put the TPM in pending mode.
s_DAPendingOnNV = TRUE;
}
}
else
{
if(gp.recoveryTime != 0)
{
gp.failedTries++;
if(NV_IS_AVAILABLE)
// Record changes to NV. NvWrite will SET g_updateNV
NV_SYNC_PERSISTENT(failedTries);
else
// No NV access for now. Put the TPM in pending mode.
s_DAPendingOnNV = TRUE;
}
}
// Register a DA failure and reset the timers.
DARegisterFailure(handle);
return TPM_RC_AUTH_FAIL;
}
//*** IsSessionBindEntity()
// This function indicates if the entity associated with the handle is the entity,
// to which this session is bound. The binding would occur by making the "bind"
// parameter in TPM2_StartAuthSession() not equal to TPM_RH_NULL. The binding only
// occurs if the session is an HMAC session. The bind value is a combination of
// the Name and the authValue of the entity.
//
// Return Type: BOOL
// TRUE(1) handle points to the session start entity
// FALSE(0) handle does not point to the session start entity
static BOOL
IsSessionBindEntity(
TPM_HANDLE associatedHandle, // IN: handle to be authorized
SESSION *session // IN: associated session
)
{
TPM2B_NAME entity; // The bind value for the entity
//
// If the session is not bound, return FALSE.
if(session->attributes.isBound)
{
// Compute the bind value for the entity.
SessionComputeBoundEntity(associatedHandle, &entity);
// Compare to the bind value in the session.
return MemoryEqual2B(&entity.b, &session->u1.boundEntity.b);
}
return FALSE;
}
//*** IsPolicySessionRequired()
// Checks if a policy session is required for a command. If a command requires
// DUP or ADMIN role authorization, then the handle that requires that role is the
// first handle in the command. This simplifies this checking. If a new command
// is created that requires multiple ADMIN role authorizations, then it will
// have to be special-cased in this function.
// A policy session is required if:
// a) the command requires the DUP role;
// b) the command requires the ADMIN role and the authorized entity
// is an object and its adminWithPolicy bit is SET;
// c) the command requires the ADMIN role and the authorized entity
// is a permanent handle or an NV Index; or
// d) the authorized entity is a PCR belonging to a policy group, and
// has its policy initialized
// Return Type: BOOL
// TRUE(1) policy session is required
// FALSE(0) policy session is not required
static BOOL
IsPolicySessionRequired(
COMMAND_INDEX commandIndex, // IN: command index
UINT32 sessionIndex // IN: session index
)
{
AUTH_ROLE role = CommandAuthRole(commandIndex, sessionIndex);
TPM_HT type = HandleGetType(s_associatedHandles[sessionIndex]);
//
if(role == AUTH_DUP)
return TRUE;
if(role == AUTH_ADMIN)
{
// We allow an exception for ADMIN role in a transient object. If the object
// allows ADMIN role actions with authorization, then policy is not
// required. For all other cases, there is no way to override the command
// requirement that a policy be used
if(type == TPM_HT_TRANSIENT)
{
OBJECT *object = HandleToObject(s_associatedHandles[sessionIndex]);
if(!IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT,
adminWithPolicy))
return FALSE;
}
return TRUE;
}
if(type == TPM_HT_PCR)
{
if(PCRPolicyIsAvailable(s_associatedHandles[sessionIndex]))
{
TPM2B_DIGEST policy;
TPMI_ALG_HASH policyAlg;
policyAlg = PCRGetAuthPolicy(s_associatedHandles[sessionIndex],
&policy);
if(policyAlg != TPM_ALG_NULL)
return TRUE;
}
}
return FALSE;
}
//*** IsAuthValueAvailable()
// This function indicates if authValue is available and allowed for USER role
// authorization of an entity.
//
// This function is similar to IsAuthPolicyAvailable() except that it does not
// check the size of the authValue as IsAuthPolicyAvailable() does (a null
// authValue is a valid authorization, but a null policy is not a valid policy).
//
// This function does not check that the handle reference is valid or if the entity
// is in an enabled hierarchy. Those checks are assumed to have been performed
// during the handle unmarshaling.
//
// Return Type: BOOL
// TRUE(1) authValue is available
// FALSE(0) authValue is not available
static BOOL
IsAuthValueAvailable(
TPM_HANDLE handle, // IN: handle of entity
COMMAND_INDEX commandIndex, // IN: command index
UINT32 sessionIndex // IN: session index
)
{
BOOL result = FALSE;
//
switch(HandleGetType(handle))
{
case TPM_HT_PERMANENT:
switch(handle)
{
// At this point hierarchy availability has already been
// checked so primary seed handles are always available here
case TPM_RH_OWNER:
case TPM_RH_ENDORSEMENT:
case TPM_RH_PLATFORM:
#ifdef VENDOR_PERMANENT
// This vendor defined handle associated with the
// manufacturer's shared secret
case VENDOR_PERMANENT:
#endif
// The DA checking has been performed on LockoutAuth but we
// bypass the DA logic if we are using lockout policy. The
// policy would allow execution to continue an lockoutAuth
// could be used, even if direct use of lockoutAuth is disabled
case TPM_RH_LOCKOUT:
// NullAuth is always available.
case TPM_RH_NULL:
result = TRUE;
break;
FOR_EACH_ACT(CASE_ACT_HANDLE)
{
// The ACT auth value is not available if the platform is disabled
result = g_phEnable == SET;
break;
}
default:
// Otherwise authValue is not available.
break;
}
break;
case TPM_HT_TRANSIENT:
// A persistent object has already been loaded and the internal
// handle changed.
{
OBJECT *object;
TPMA_OBJECT attributes;
//
object = HandleToObject(handle);
attributes = object->publicArea.objectAttributes;
// authValue is always available for a sequence object.
// An alternative for this is to
// SET_ATTRIBUTE(object->publicArea, TPMA_OBJECT, userWithAuth) when the
// sequence is started.
if(ObjectIsSequence(object))
{
result = TRUE;
break;
}
// authValue is available for an object if it has its sensitive
// portion loaded and
// a) userWithAuth bit is SET, or
// b) ADMIN role is required
if(object->attributes.publicOnly == CLEAR
&& (IS_ATTRIBUTE(attributes, TPMA_OBJECT, userWithAuth)
|| (CommandAuthRole(commandIndex, sessionIndex) == AUTH_ADMIN
&& !IS_ATTRIBUTE(attributes, TPMA_OBJECT, adminWithPolicy))))
result = TRUE;
}
break;
case TPM_HT_NV_INDEX:
// NV Index.
{
NV_REF locator;
NV_INDEX *nvIndex = NvGetIndexInfo(handle, &locator);
TPMA_NV nvAttributes;
//
pAssert(nvIndex != 0);
nvAttributes = nvIndex->publicArea.attributes;
if(IsWriteOperation(commandIndex))
{
// AuthWrite can't be set for a PIN index
if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHWRITE))
result = TRUE;
}
else
{
// A "read" operation
// For a PIN Index, the authValue is available as long as the
// Index has been written and the pinCount is less than pinLimit
if(IsNvPinFailIndex(nvAttributes)
|| IsNvPinPassIndex(nvAttributes))
{
NV_PIN pin;
if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN))
break; // return false
// get the index values
pin.intVal = NvGetUINT64Data(nvIndex, locator);
if(pin.pin.pinCount < pin.pin.pinLimit)
result = TRUE;
}
// For non-PIN Indexes, need to allow use of the authValue
else if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHREAD))
result = TRUE;
}
}
break;
case TPM_HT_PCR:
// PCR handle.
// authValue is always allowed for PCR
result = TRUE;
break;
default:
// Otherwise, authValue is not available
break;
}
return result;
}
//*** IsAuthPolicyAvailable()
// This function indicates if an authPolicy is available and allowed.
//
// This function does not check that the handle reference is valid or if the entity
// is in an enabled hierarchy. Those checks are assumed to have been performed
// during the handle unmarshaling.
//
// Return Type: BOOL
// TRUE(1) authPolicy is available
// FALSE(0) authPolicy is not available
static BOOL
IsAuthPolicyAvailable(
TPM_HANDLE handle, // IN: handle of entity
COMMAND_INDEX commandIndex, // IN: command index
UINT32 sessionIndex // IN: session index
)
{
BOOL result = FALSE;
//
switch(HandleGetType(handle))
{
case TPM_HT_PERMANENT:
switch(handle)
{
// At this point hierarchy availability has already been checked.
case TPM_RH_OWNER:
if(gp.ownerPolicy.t.size != 0)
result = TRUE;
break;
case TPM_RH_ENDORSEMENT:
if(gp.endorsementPolicy.t.size != 0)
result = TRUE;
break;
case TPM_RH_PLATFORM:
if(gc.platformPolicy.t.size != 0)
result = TRUE;
break;
#define ACT_GET_POLICY(N) \
case TPM_RH_ACT_##N: \
if(go.ACT_##N.authPolicy.t.size != 0) \
result = TRUE; \
break;
FOR_EACH_ACT(ACT_GET_POLICY)
case TPM_RH_LOCKOUT:
if(gp.lockoutPolicy.t.size != 0)
result = TRUE;
break;
default:
break;
}
break;
case TPM_HT_TRANSIENT:
{
// Object handle.
// An evict object would already have been loaded and given a
// transient object handle by this point.
OBJECT *object = HandleToObject(handle);
// Policy authorization is not available for an object with only
// public portion loaded.
if(object->attributes.publicOnly == CLEAR)
{
// Policy authorization is always available for an object but
// is never available for a sequence.
if(!ObjectIsSequence(object))
result = TRUE;
}
break;
}
case TPM_HT_NV_INDEX:
// An NV Index.
{
NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL);
TPMA_NV nvAttributes = nvIndex->publicArea.attributes;
//
// If the policy size is not zero, check if policy can be used.
if(nvIndex->publicArea.authPolicy.t.size != 0)
{
// If policy session is required for this handle, always
// uses policy regardless of the attributes bit setting
if(IsPolicySessionRequired(commandIndex, sessionIndex))
result = TRUE;
// Otherwise, the presence of the policy depends on the NV
// attributes.
else if(IsWriteOperation(commandIndex))
{
if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYWRITE))
result = TRUE;
}
else
{
if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYREAD))
result = TRUE;
}
}
}
break;
case TPM_HT_PCR:
// PCR handle.
if(PCRPolicyIsAvailable(handle))
result = TRUE;
break;
default:
break;
}
return result;
}
//** Session Parsing Functions
//*** ClearCpRpHashes()
void
ClearCpRpHashes(
COMMAND *command
)
{
// The macros expand according to the implemented hash algorithms. An IDE may
// complain that COMMAND does not contain SHA1CpHash or SHA1RpHash because of the
// complexity of the macro expansion where the data space is defined; but, if SHA1
// is implemented, it actually does and the compiler is happy.
#define CLEAR_CP_HASH(HASH, Hash) command->Hash##CpHash.b.size = 0;
FOR_EACH_HASH(CLEAR_CP_HASH)
#define CLEAR_RP_HASH(HASH, Hash) command->Hash##RpHash.b.size = 0;
FOR_EACH_HASH(CLEAR_RP_HASH)
}
//*** GetCpHashPointer()
// Function to get a pointer to the cpHash of the command
static TPM2B_DIGEST *
GetCpHashPointer(
COMMAND *command,
TPMI_ALG_HASH hashAlg
)
{
TPM2B_DIGEST *retVal;
//
// Define the macro that will expand for each implemented algorithm in the switch
// statement below.
#define GET_CP_HASH_POINTER(HASH, Hash) \
case ALG_##HASH##_VALUE: \
retVal = (TPM2B_DIGEST *)&command->Hash##CpHash; \
break;
switch(hashAlg)
{
// For each implemented hash, this will expand as defined above
// by GET_CP_HASH_POINTER. Your IDE may complain that
// 'struct "COMMAND" has no field "SHA1CpHash"' but the compiler says
// it does, so...
FOR_EACH_HASH(GET_CP_HASH_POINTER)
default:
retVal = NULL;
break;
}
return retVal;
}
//*** GetRpHashPointer()
// Function to get a pointer to the RpHash of the command
static TPM2B_DIGEST *
GetRpHashPointer(
COMMAND *command,
TPMI_ALG_HASH hashAlg
)
{
TPM2B_DIGEST *retVal;
//
// Define the macro that will expand for each implemented algorithm in the switch
// statement below.
#define GET_RP_HASH_POINTER(HASH, Hash) \
case ALG_##HASH##_VALUE: \
retVal = (TPM2B_DIGEST *)&command->Hash##RpHash; \
break;
switch(hashAlg)
{
// For each implemented hash, this will expand as defined above
// by GET_RP_HASH_POINTER. Your IDE may complain that
// 'struct "COMMAND" has no field 'SHA1RpHash'" but the compiler says
// it does, so...
FOR_EACH_HASH(GET_RP_HASH_POINTER)
default:
retVal = NULL;
break;
}
return retVal;
}
//*** ComputeCpHash()
// This function computes the cpHash as defined in Part 2 and described in Part 1.
static TPM2B_DIGEST *
ComputeCpHash(
COMMAND *command, // IN: command parsing structure
TPMI_ALG_HASH hashAlg // IN: hash algorithm
)
{
UINT32 i;
HASH_STATE hashState;
TPM2B_NAME name;
TPM2B_DIGEST *cpHash;
//
// cpHash = hash(commandCode [ || authName1
// [ || authName2
// [ || authName 3 ]]]
// [ || parameters])
// A cpHash can contain just a commandCode only if the lone session is
// an audit session.
// Get pointer to the hash value
cpHash = GetCpHashPointer(command, hashAlg);
if(cpHash->t.size == 0)
{
cpHash->t.size = CryptHashStart(&hashState, hashAlg);
// Add commandCode.
CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code);
// Add authNames for each of the handles.
for(i = 0; i < command->handleNum; i++)
CryptDigestUpdate2B(&hashState, &EntityGetName(command->handles[i],
&name)->b);
// Add the parameters.
CryptDigestUpdate(&hashState, command->parameterSize,
command->parameterBuffer);
// Complete the hash.
CryptHashEnd2B(&hashState, &cpHash->b);
}
return cpHash;
}
//*** GetCpHash()
// This function is used to access a precomputed cpHash.
static TPM2B_DIGEST *
GetCpHash(
COMMAND *command,
TPMI_ALG_HASH hashAlg
)
{
TPM2B_DIGEST *cpHash = GetCpHashPointer(command, hashAlg);
//
pAssert(cpHash->t.size != 0);
return cpHash;
}
//*** CompareTemplateHash()
// This function computes the template hash and compares it to the session
// templateHash. It is the hash of the second parameter
// assuming that the command is TPM2_Create(), TPM2_CreatePrimary(), or
// TPM2_CreateLoaded()
// Return Type: BOOL
// TRUE(1) template hash equal to session->templateHash
// FALSE(0) template hash not equal to session->templateHash
static BOOL
CompareTemplateHash(
COMMAND *command, // IN: parsing structure
SESSION *session // IN: session data
)
{
BYTE *pBuffer = command->parameterBuffer;
INT32 pSize = command->parameterSize;
TPM2B_DIGEST tHash;
UINT16 size;
//
// Only try this for the three commands for which it is intended
if(command->code != TPM_CC_Create
&& command->code != TPM_CC_CreatePrimary
#if CC_CreateLoaded
&& command->code != TPM_CC_CreateLoaded
#endif
)
return FALSE;
// Assume that the first parameter is a TPM2B and unmarshal the size field
// Note: this will not affect the parameter buffer and size in the calling
// function.
if(UINT16_Unmarshal(&size, &pBuffer, &pSize) != TPM_RC_SUCCESS)
return FALSE;
// reduce the space in the buffer.
// NOTE: this could make pSize go negative if the parameters are not correct but
// the unmarshaling code does not try to unmarshal if the remaining size is
// negative.
pSize -= size;
// Advance the pointer
pBuffer += size;
// Get the size of what should be the template
if(UINT16_Unmarshal(&size, &pBuffer, &pSize) != TPM_RC_SUCCESS)
return FALSE;
// See if this is reasonable
if(size > pSize)
return FALSE;
// Hash the template data
tHash.t.size = CryptHashBlock(session->authHashAlg, size, pBuffer,
sizeof(tHash.t.buffer), tHash.t.buffer);
return(MemoryEqual2B(&session->u1.templateHash.b, &tHash.b));
}
//*** CompareNameHash()
// This function computes the name hash and compares it to the nameHash in the
// session data.
BOOL
CompareNameHash(
COMMAND *command, // IN: main parsing structure
SESSION *session // IN: session structure with nameHash
)
{
HASH_STATE hashState;
TPM2B_DIGEST nameHash;
UINT32 i;
TPM2B_NAME name;
//
nameHash.t.size = CryptHashStart(&hashState, session->authHashAlg);
// Add names.
for(i = 0; i < command->handleNum; i++)
CryptDigestUpdate2B(&hashState, &EntityGetName(command->handles[i],
&name)->b);
// Complete hash.
CryptHashEnd2B(&hashState, &nameHash.b);
// and compare
return MemoryEqual(session->u1.nameHash.t.buffer, nameHash.t.buffer,
nameHash.t.size);
}
//*** CheckPWAuthSession()
// This function validates the authorization provided in a PWAP session. It
// compares the input value to authValue of the authorized entity. Argument
// sessionIndex is used to get handles handle of the referenced entities from
// s_inputAuthValues[] and s_associatedHandles[].
//
// Return Type: TPM_RC
// TPM_RC_AUTH_FAIL authorization fails and increments DA failure
// count
// TPM_RC_BAD_AUTH authorization fails but DA does not apply
//
static TPM_RC
CheckPWAuthSession(
UINT32 sessionIndex // IN: index of session to be processed
)
{
TPM2B_AUTH authValue;
TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex];
//
// Strip trailing zeros from the password.
MemoryRemoveTrailingZeros(&s_inputAuthValues[sessionIndex]);
// Get the authValue with trailing zeros removed
EntityGetAuthValue(associatedHandle, &authValue);
// Success if the values are identical.
if(MemoryEqual2B(&s_inputAuthValues[sessionIndex].b, &authValue.b))
{
return TPM_RC_SUCCESS;
}
else // if the digests are not identical
{
// Invoke DA protection if applicable.
return IncrementLockout(sessionIndex);
}
}
//*** ComputeCommandHMAC()
// This function computes the HMAC for an authorization session in a command.
/*(See part 1 specification -- this tag keeps this comment from showing up in
// merged document which is probably good because this comment doesn't look right.
// The sessionAuth value
// authHMAC := HMACsHash((sessionKey | authValue),
// (pHash | nonceNewer | nonceOlder | nonceTPMencrypt-only
// | nonceTPMaudit | sessionAttributes))
// Where:
// HMACsHash() The HMAC algorithm using the hash algorithm specified
// when the session was started.
//
// sessionKey A value that is computed in a protocol-dependent way,
// using KDFa. When used in an HMAC or KDF, the size field
// for this value is not included.
//
// authValue A value that is found in the sensitive area of an entity.
// When used in an HMAC or KDF, the size field for this
// value is not included.
//
// pHash Hash of the command (cpHash) using the session hash.
// When using a pHash in an HMAC computation, only the
// digest is used.
//
// nonceNewer A value that is generated by the entity using the
// session. A new nonce is generated on each use of the
// session. For a command, this will be nonceCaller.
// When used in an HMAC or KDF, the size field is not used.
//
// nonceOlder A TPM2B_NONCE that was received the previous time the
// session was used. For a command, this is nonceTPM.
// When used in an HMAC or KDF, the size field is not used.
//
// nonceTPMdecrypt The nonceTPM of the decrypt session is included in
// the HMAC, but only in the command.
//
// nonceTPMencrypt The nonceTPM of the encrypt session is included in
// the HMAC but only in the command.
//
// sessionAttributes A byte indicating the attributes associated with the
// particular use of the session.
*/
static TPM2B_DIGEST *
ComputeCommandHMAC(
COMMAND *command, // IN: primary control structure
UINT32 sessionIndex, // IN: index of session to be processed
TPM2B_DIGEST *hmac // OUT: authorization HMAC
)
{
TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2));
TPM2B_KEY key;
BYTE marshalBuffer[sizeof(TPMA_SESSION)];
BYTE *buffer;
UINT32 marshalSize;
HMAC_STATE hmacState;
TPM2B_NONCE *nonceDecrypt;
TPM2B_NONCE *nonceEncrypt;
SESSION *session;
//
nonceDecrypt = NULL;
nonceEncrypt = NULL;
// Determine if extra nonceTPM values are going to be required.
// If this is the first session (sessionIndex = 0) and it is an authorization
// session that uses an HMAC, then check if additional session nonces are to be
// included.
if(sessionIndex == 0
&& s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED)
{
// If there is a decrypt session and if this is not the decrypt session,
// then an extra nonce may be needed.
if(s_decryptSessionIndex != UNDEFINED_INDEX
&& s_decryptSessionIndex != sessionIndex)
{
// Will add the nonce for the decrypt session.
SESSION *decryptSession
= SessionGet(s_sessionHandles[s_decryptSessionIndex]);
nonceDecrypt = &decryptSession->nonceTPM;
}
// Now repeat for the encrypt session.
if(s_encryptSessionIndex != UNDEFINED_INDEX
&& s_encryptSessionIndex != sessionIndex
&& s_encryptSessionIndex != s_decryptSessionIndex)
{
// Have to have the nonce for the encrypt session.
SESSION *encryptSession
= SessionGet(s_sessionHandles[s_encryptSessionIndex]);
nonceEncrypt = &encryptSession->nonceTPM;
}
}
// Continue with the HMAC processing.
session = SessionGet(s_sessionHandles[sessionIndex]);
// Generate HMAC key.
MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer));
// Check if the session has an associated handle and if the associated entity
// is the one to which the session is bound. If not, add the authValue of
// this entity to the HMAC key.
// If the session is bound to the object or the session is a policy session
// with no authValue required, do not include the authValue in the HMAC key.
// Note: For a policy session, its isBound attribute is CLEARED.
//
// Include the entity authValue if it is needed
if(session->attributes.includeAuth == SET)
{
TPM2B_AUTH authValue;
// Get the entity authValue with trailing zeros removed
EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue);
// add the authValue to the HMAC key
MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer));
}
// if the HMAC key size is 0, a NULL string HMAC is allowed
if(key.t.size == 0
&& s_inputAuthValues[sessionIndex].t.size == 0)
{
hmac->t.size = 0;
return hmac;
}
// Start HMAC
hmac->t.size = CryptHmacStart2B(&hmacState, session->authHashAlg, &key.b);
// Add cpHash
CryptDigestUpdate2B(&hmacState.hashState,
&ComputeCpHash(command, session->authHashAlg)->b);
// Add nonces as required
CryptDigestUpdate2B(&hmacState.hashState, &s_nonceCaller[sessionIndex].b);
CryptDigestUpdate2B(&hmacState.hashState, &session->nonceTPM.b);
if(nonceDecrypt != NULL)
CryptDigestUpdate2B(&hmacState.hashState, &nonceDecrypt->b);
if(nonceEncrypt != NULL)
CryptDigestUpdate2B(&hmacState.hashState, &nonceEncrypt->b);
// Add sessionAttributes
buffer = marshalBuffer;
marshalSize = TPMA_SESSION_Marshal(&(s_attributes[sessionIndex]),
&buffer, NULL);
CryptDigestUpdate(&hmacState.hashState, marshalSize, marshalBuffer);
// Complete the HMAC computation
CryptHmacEnd2B(&hmacState, &hmac->b);
return hmac;
}
//*** CheckSessionHMAC()
// This function checks the HMAC of in a session. It uses ComputeCommandHMAC()
// to compute the expected HMAC value and then compares the result with the
// HMAC in the authorization session. The authorization is successful if they
// are the same.
//
// If the authorizations are not the same, IncrementLockout() is called. It will
// return TPM_RC_AUTH_FAIL if the failure caused the failureCount to increment.
// Otherwise, it will return TPM_RC_BAD_AUTH.
//
// Return Type: TPM_RC
// TPM_RC_AUTH_FAIL authorization failure caused failureCount increment
// TPM_RC_BAD_AUTH authorization failure did not cause failureCount
// increment
//
static TPM_RC
CheckSessionHMAC(
COMMAND *command, // IN: primary control structure
UINT32 sessionIndex // IN: index of session to be processed
)
{
TPM2B_DIGEST hmac; // authHMAC for comparing
//
// Compute authHMAC
ComputeCommandHMAC(command, sessionIndex, &hmac);
// Compare the input HMAC with the authHMAC computed above.
if(!MemoryEqual2B(&s_inputAuthValues[sessionIndex].b, &hmac.b))
{
// If an HMAC session has a failure, invoke the anti-hammering
// if it applies to the authorized entity or the session.
// Otherwise, just indicate that the authorization is bad.
return IncrementLockout(sessionIndex);
}
return TPM_RC_SUCCESS;
}
//*** CheckPolicyAuthSession()
// This function is used to validate the authorization in a policy session.
// This function performs the following comparisons to see if a policy
// authorization is properly provided. The check are:
// a) compare policyDigest in session with authPolicy associated with
// the entity to be authorized;
// b) compare timeout if applicable;
// c) compare commandCode if applicable;
// d) compare cpHash if applicable; and
// e) see if PCR values have changed since computed.
//
// If all the above checks succeed, the handle is authorized.
// The order of these comparisons is not important because any failure will
// result in the same error code.
//
// Return Type: TPM_RC
// TPM_RC_PCR_CHANGED PCR value is not current
// TPM_RC_POLICY_FAIL policy session fails
// TPM_RC_LOCALITY command locality is not allowed
// TPM_RC_POLICY_CC CC doesn't match
// TPM_RC_EXPIRED policy session has expired
// TPM_RC_PP PP is required but not asserted
// TPM_RC_NV_UNAVAILABLE NV is not available for write
// TPM_RC_NV_RATE NV is rate limiting
static TPM_RC
CheckPolicyAuthSession(
COMMAND *command, // IN: primary parsing structure
UINT32 sessionIndex // IN: index of session to be processed
)
{
SESSION *session;
TPM2B_DIGEST authPolicy;
TPMI_ALG_HASH policyAlg;
UINT8 locality;
//
// Initialize pointer to the authorization session.
session = SessionGet(s_sessionHandles[sessionIndex]);
// If the command is TPM2_PolicySecret(), make sure that
// either password or authValue is required
if(command->code == TPM_CC_PolicySecret
&& session->attributes.isPasswordNeeded == CLEAR
&& session->attributes.isAuthValueNeeded == CLEAR)
return TPM_RC_MODE;
// See if the PCR counter for the session is still valid.
if(!SessionPCRValueIsCurrent(session))
return TPM_RC_PCR_CHANGED;
// Get authPolicy.
policyAlg = EntityGetAuthPolicy(s_associatedHandles[sessionIndex],
&authPolicy);
// Compare authPolicy.
if(!MemoryEqual2B(&session->u2.policyDigest.b, &authPolicy.b))
return TPM_RC_POLICY_FAIL;
// Policy is OK so check if the other factors are correct
// Compare policy hash algorithm.
if(policyAlg != session->authHashAlg)
return TPM_RC_POLICY_FAIL;
// Compare timeout.
if(session->timeout != 0)
{
// Cannot compare time if clock stop advancing. An TPM_RC_NV_UNAVAILABLE
// or TPM_RC_NV_RATE error may be returned here. This doesn't mean that
// a new nonce will be created just that, because TPM time can't advance
// we can't do time-based operations.
RETURN_IF_NV_IS_NOT_AVAILABLE;
if((session->timeout < g_time)
|| (session->epoch != g_timeEpoch))
return TPM_RC_EXPIRED;
}
// If command code is provided it must match
if(session->commandCode != 0)
{
if(session->commandCode != command->code)
return TPM_RC_POLICY_CC;
}
else
{
// If command requires a DUP or ADMIN authorization, the session must have
// command code set.
AUTH_ROLE role = CommandAuthRole(command->index, sessionIndex);
if(role == AUTH_ADMIN || role == AUTH_DUP)
return TPM_RC_POLICY_FAIL;
}
// Check command locality.
{
BYTE sessionLocality[sizeof(TPMA_LOCALITY)];
BYTE *buffer = sessionLocality;
// Get existing locality setting in canonical form
sessionLocality[0] = 0;
TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL);
// See if the locality has been set
if(sessionLocality[0] != 0)
{
// If so, get the current locality
locality = _plat__LocalityGet();
if(locality < 5)
{
if(((sessionLocality[0] & (1 << locality)) == 0)
|| sessionLocality[0] > 31)
return TPM_RC_LOCALITY;
}
else if(locality > 31)
{
if(sessionLocality[0] != locality)
return TPM_RC_LOCALITY;
}
else
{
// Could throw an assert here but a locality error is just
// as good. It just means that, whatever the locality is, it isn't
// the locality requested so...
return TPM_RC_LOCALITY;
}
}
} // end of locality check
// Check physical presence.
if(session->attributes.isPPRequired == SET
&& !_plat__PhysicalPresenceAsserted())
return TPM_RC_PP;
// Compare cpHash/nameHash if defined, or if the command requires an ADMIN or
// DUP role for this handle.
if(session->u1.cpHash.b.size != 0)
{
BOOL OK;
if(session->attributes.isCpHashDefined)
// Compare cpHash.
OK = MemoryEqual2B(&session->u1.cpHash.b,
&ComputeCpHash(command, session->authHashAlg)->b);
else if(session->attributes.isTemplateSet)
OK = CompareTemplateHash(command, session);
else
OK = CompareNameHash(command, session);
if(!OK)
return TPM_RCS_POLICY_FAIL;
}
if(session->attributes.checkNvWritten)
{
NV_REF locator;
NV_INDEX *nvIndex;
//
// If this is not an NV index, the policy makes no sense so fail it.
if(HandleGetType(s_associatedHandles[sessionIndex]) != TPM_HT_NV_INDEX)
return TPM_RC_POLICY_FAIL;
// Get the index data
nvIndex = NvGetIndexInfo(s_associatedHandles[sessionIndex], &locator);
// Make sure that the TPMA_WRITTEN_ATTRIBUTE has the desired state
if((IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN))
!= (session->attributes.nvWrittenState == SET))
return TPM_RC_POLICY_FAIL;
}
return TPM_RC_SUCCESS;
}
//*** RetrieveSessionData()
// This function will unmarshal the sessions in the session area of a command. The
// values are placed in the arrays that are defined at the beginning of this file.
// The normal unmarshaling errors are possible.
//
// Return Type: TPM_RC
// TPM_RC_SUCCSS unmarshaled without error
// TPM_RC_SIZE the number of bytes unmarshaled is not the same
// as the value for authorizationSize in the command
//
static TPM_RC
RetrieveSessionData(
COMMAND *command // IN: main parsing structure for command
)
{
int i;
TPM_RC result;
SESSION *session;
TPMA_SESSION sessionAttributes;
TPM_HT sessionType;
INT32 sessionIndex;
TPM_RC errorIndex;
//
s_decryptSessionIndex = UNDEFINED_INDEX;
s_encryptSessionIndex = UNDEFINED_INDEX;
s_auditSessionIndex = UNDEFINED_INDEX;
for(sessionIndex = 0; command->authSize > 0; sessionIndex++)
{
errorIndex = TPM_RC_S + g_rcIndex[sessionIndex];
// If maximum allowed number of sessions has been parsed, return a size
// error with a session number that is larger than the number of allowed
// sessions
if(sessionIndex == MAX_SESSION_NUM)
return TPM_RCS_SIZE + errorIndex;
// make sure that the associated handle for each session starts out
// unassigned
s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED;
// First parameter: Session handle.
result = TPMI_SH_AUTH_SESSION_Unmarshal(
&s_sessionHandles[sessionIndex],
&command->parameterBuffer,
&command->authSize, TRUE);
if(result != TPM_RC_SUCCESS)
return result + TPM_RC_S + g_rcIndex[sessionIndex];
// Second parameter: Nonce.
result = TPM2B_NONCE_Unmarshal(&s_nonceCaller[sessionIndex],
&command->parameterBuffer,
&command->authSize);
if(result != TPM_RC_SUCCESS)
return result + TPM_RC_S + g_rcIndex[sessionIndex];
// Third parameter: sessionAttributes.
result = TPMA_SESSION_Unmarshal(&s_attributes[sessionIndex],
&command->parameterBuffer,
&command->authSize);
if(result != TPM_RC_SUCCESS)
return result + TPM_RC_S + g_rcIndex[sessionIndex];
// Fourth parameter: authValue (PW or HMAC).
result = TPM2B_AUTH_Unmarshal(&s_inputAuthValues[sessionIndex],
&command->parameterBuffer,
&command->authSize);
if(result != TPM_RC_SUCCESS)
return result + errorIndex;
sessionAttributes = s_attributes[sessionIndex];
if(s_sessionHandles[sessionIndex] == TPM_RS_PW)
{
// A PWAP session needs additional processing.
// Can't have any attributes set other than continueSession bit
if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt)
|| IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt)
|| IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit)
|| IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive)
|| IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset))
return TPM_RCS_ATTRIBUTES + errorIndex;
// The nonce size must be zero.
if(s_nonceCaller[sessionIndex].t.size != 0)
return TPM_RCS_NONCE + errorIndex;
continue;
}
// For not password sessions...
// Find out if the session is loaded.
if(!SessionIsLoaded(s_sessionHandles[sessionIndex]))
return TPM_RC_REFERENCE_S0 + sessionIndex;
sessionType = HandleGetType(s_sessionHandles[sessionIndex]);
session = SessionGet(s_sessionHandles[sessionIndex]);
// Check if the session is an HMAC/policy session.
if((session->attributes.isPolicy == SET
&& sessionType == TPM_HT_HMAC_SESSION)
|| (session->attributes.isPolicy == CLEAR
&& sessionType == TPM_HT_POLICY_SESSION))
return TPM_RCS_HANDLE + errorIndex;
// Check that this handle has not previously been used.
for(i = 0; i < sessionIndex; i++)
{
if(s_sessionHandles[i] == s_sessionHandles[sessionIndex])
return TPM_RCS_HANDLE + errorIndex;
}
// If the session is used for parameter encryption or audit as well, set
// the corresponding Indexes.
// First process decrypt.
if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt))
{
// Check if the commandCode allows command parameter encryption.
if(DecryptSize(command->index) == 0)
return TPM_RCS_ATTRIBUTES + errorIndex;
// Encrypt attribute can only appear in one session
if(s_decryptSessionIndex != UNDEFINED_INDEX)
return TPM_RCS_ATTRIBUTES + errorIndex;
// Can't decrypt if the session's symmetric algorithm is TPM_ALG_NULL
if(session->symmetric.algorithm == TPM_ALG_NULL)
return TPM_RCS_SYMMETRIC + errorIndex;
// All checks passed, so set the index for the session used to decrypt
// a command parameter.
s_decryptSessionIndex = sessionIndex;
}
// Now process encrypt.
if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt))
{
// Check if the commandCode allows response parameter encryption.
if(EncryptSize(command->index) == 0)
return TPM_RCS_ATTRIBUTES + errorIndex;
// Encrypt attribute can only appear in one session.
if(s_encryptSessionIndex != UNDEFINED_INDEX)
return TPM_RCS_ATTRIBUTES + errorIndex;
// Can't encrypt if the session's symmetric algorithm is TPM_ALG_NULL
if(session->symmetric.algorithm == TPM_ALG_NULL)
return TPM_RCS_SYMMETRIC + errorIndex;
// All checks passed, so set the index for the session used to encrypt
// a response parameter.
s_encryptSessionIndex = sessionIndex;
}
// At last process audit.
if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit))
{
// Audit attribute can only appear in one session.
if(s_auditSessionIndex != UNDEFINED_INDEX)
return TPM_RCS_ATTRIBUTES + errorIndex;
// An audit session can not be policy session.
if(HandleGetType(s_sessionHandles[sessionIndex])
== TPM_HT_POLICY_SESSION)
return TPM_RCS_ATTRIBUTES + errorIndex;
// If this is a reset of the audit session, or the first use
// of the session as an audit session, it doesn't matter what
// the exclusive state is. The session will become exclusive.
if(!IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset)
&& session->attributes.isAudit == SET)
{
// Not first use or reset. If auditExlusive is SET, then this
// session must be the current exclusive session.
if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive)
&& g_exclusiveAuditSession != s_sessionHandles[sessionIndex])
return TPM_RC_EXCLUSIVE;
}
s_auditSessionIndex = sessionIndex;
}
// Initialize associated handle as undefined. This will be changed when
// the handles are processed.
s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED;
}
command->sessionNum = sessionIndex;
return TPM_RC_SUCCESS;
}
//*** CheckLockedOut()
// This function checks to see if the TPM is in lockout. This function should only
// be called if the entity being checked is subject to DA protection. The TPM
// is in lockout if the NV is not available and a DA write is pending. Otherwise
// the TPM is locked out if checking for lockoutAuth ('lockoutAuthCheck' == TRUE)
// and use of lockoutAuth is disabled, or 'failedTries' >= 'maxTries'
// Return Type: TPM_RC
// TPM_RC_NV_RATE NV is rate limiting
// TPM_RC_NV_UNAVAILABLE NV is not available at this time
// TPM_RC_LOCKOUT TPM is in lockout
static TPM_RC
CheckLockedOut(
BOOL lockoutAuthCheck // IN: TRUE if checking is for lockoutAuth
)
{
// If NV is unavailable, and current cycle state recorded in NV is not
// SU_NONE_VALUE, refuse to check any authorization because we would
// not be able to handle a DA failure.
if(!NV_IS_AVAILABLE && NV_IS_ORDERLY)
return g_NvStatus;
// Check if DA info needs to be updated in NV.
if(s_DAPendingOnNV)
{
// If NV is accessible,
RETURN_IF_NV_IS_NOT_AVAILABLE;
// ... write the pending DA data and proceed.
NV_SYNC_PERSISTENT(lockOutAuthEnabled);
NV_SYNC_PERSISTENT(failedTries);
s_DAPendingOnNV = FALSE;
}
// Lockout is in effect if checking for lockoutAuth and use of lockoutAuth
// is disabled...
if(lockoutAuthCheck)
{
if(gp.lockOutAuthEnabled == FALSE)
return TPM_RC_LOCKOUT;
}
else
{
// ... or if the number of failed tries has been maxed out.
if(gp.failedTries >= gp.maxTries)
return TPM_RC_LOCKOUT;
#if USE_DA_USED
// If the daUsed flag is not SET, then no DA validation until the
// daUsed state is written to NV
if(!g_daUsed)
{
RETURN_IF_NV_IS_NOT_AVAILABLE;
g_daUsed = TRUE;
gp.orderlyState = SU_DA_USED_VALUE;
NV_SYNC_PERSISTENT(orderlyState);
return TPM_RC_RETRY;
}
#endif
}
return TPM_RC_SUCCESS;
}
//*** CheckAuthSession()
// This function checks that the authorization session properly authorizes the
// use of the associated handle.
//
// Return Type: TPM_RC
// TPM_RC_LOCKOUT entity is protected by DA and TPM is in
// lockout, or TPM is locked out on NV update
// pending on DA parameters
//
// TPM_RC_PP Physical Presence is required but not provided
// TPM_RC_AUTH_FAIL HMAC or PW authorization failed
// with DA side-effects (can be a policy session)
//
// TPM_RC_BAD_AUTH HMAC or PW authorization failed without DA
// side-effects (can be a policy session)
//
// TPM_RC_POLICY_FAIL if policy session fails
// TPM_RC_POLICY_CC command code of policy was wrong
// TPM_RC_EXPIRED the policy session has expired
// TPM_RC_PCR
// TPM_RC_AUTH_UNAVAILABLE authValue or authPolicy unavailable
static TPM_RC
CheckAuthSession(
COMMAND *command, // IN: primary parsing structure
UINT32 sessionIndex // IN: index of session to be processed
)
{
TPM_RC result = TPM_RC_SUCCESS;
SESSION *session = NULL;
TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex];
TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex];
TPM_HT sessionHandleType = HandleGetType(sessionHandle);
BOOL authUsed;
//
pAssert(sessionHandle != TPM_RH_UNASSIGNED);
// Take care of physical presence
if(associatedHandle == TPM_RH_PLATFORM)
{
// If the physical presence is required for this command, check for PP
// assertion. If it isn't asserted, no point going any further.
if(PhysicalPresenceIsRequired(command->index)
&& !_plat__PhysicalPresenceAsserted())
return TPM_RC_PP;
}
if(sessionHandle != TPM_RS_PW)
{
session = SessionGet(sessionHandle);
// Set includeAuth to indicate if DA checking will be required and if the
// authValue will be included in any HMAC.
if(sessionHandleType == TPM_HT_POLICY_SESSION)
{
// For a policy session, will check the DA status of the entity if either
// isAuthValueNeeded or isPasswordNeeded is SET.
session->attributes.includeAuth =
session->attributes.isAuthValueNeeded
|| session->attributes.isPasswordNeeded;
}
else
{
// For an HMAC session, need to check unless the session
// is bound.
session->attributes.includeAuth =
!IsSessionBindEntity(s_associatedHandles[sessionIndex], session);
}
authUsed = session->attributes.includeAuth;
}
else
// Password session
authUsed = TRUE;
// If the authorization session is going to use an authValue, then make sure
// that access to that authValue isn't locked out.
if(authUsed)
{
// See if entity is subject to lockout.
if(!IsDAExempted(associatedHandle))
{
// See if in lockout
result = CheckLockedOut(associatedHandle == TPM_RH_LOCKOUT);
if(result != TPM_RC_SUCCESS)
return result;
}
}
// Policy or HMAC+PW?
if(sessionHandleType != TPM_HT_POLICY_SESSION)
{
// for non-policy session make sure that a policy session is not required
if(IsPolicySessionRequired(command->index, sessionIndex))
return TPM_RC_AUTH_TYPE;
// The authValue must be available.
// Note: The authValue is going to be "used" even if it is an EmptyAuth.
// and the session is bound.
if(!IsAuthValueAvailable(associatedHandle, command->index, sessionIndex))
return TPM_RC_AUTH_UNAVAILABLE;
}
else
{
// ... see if the entity has a policy, ...
// Note: IsAuthPolicyAvalable will return FALSE if the sensitive area of the
// object is not loaded
if(!IsAuthPolicyAvailable(associatedHandle, command->index, sessionIndex))
return TPM_RC_AUTH_UNAVAILABLE;
// ... and check the policy session.
result = CheckPolicyAuthSession(command, sessionIndex);
if(result != TPM_RC_SUCCESS)
return result;
}
// Check authorization according to the type
if((TPM_RS_PW == sessionHandle) || (session->attributes.isPasswordNeeded == SET))
result = CheckPWAuthSession(sessionIndex);
else
result = CheckSessionHMAC(command, sessionIndex);
// Do processing for PIN Indexes are only three possibilities for 'result' at
// this point: TPM_RC_SUCCESS, TPM_RC_AUTH_FAIL, and TPM_RC_BAD_AUTH.
// For all these cases, we would have to process a PIN index if the
// authValue of the index was used for authorization.
if((TPM_HT_NV_INDEX == HandleGetType(associatedHandle)) && authUsed)
{
NV_REF locator;
NV_INDEX *nvIndex = NvGetIndexInfo(associatedHandle, &locator);
NV_PIN pinData;
TPMA_NV nvAttributes;
//
pAssert(nvIndex != NULL);
nvAttributes = nvIndex->publicArea.attributes;
// If this is a PIN FAIL index and the value has been written
// then we can update the counter (increment or clear)
if(IsNvPinFailIndex(nvAttributes)
&& IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN))
{
pinData.intVal = NvGetUINT64Data(nvIndex, locator);
if(result != TPM_RC_SUCCESS)
pinData.pin.pinCount++;
else
pinData.pin.pinCount = 0;
NvWriteUINT64Data(nvIndex, pinData.intVal);
}
// If this is a PIN PASS Index, increment if we have used the
// authorization value.
// NOTE: If the counter has already hit the limit, then we
// would not get here because the authorization value would not
// be available and the TPM would have returned before it gets here
else if(IsNvPinPassIndex(nvAttributes)
&& IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)
&& result == TPM_RC_SUCCESS)
{
// If the access is valid, then increment the use counter
pinData.intVal = NvGetUINT64Data(nvIndex, locator);
pinData.pin.pinCount++;
NvWriteUINT64Data(nvIndex, pinData.intVal);
}
}
return result;
}
#ifdef TPM_CC_GetCommandAuditDigest
//*** CheckCommandAudit()
// This function is called before the command is processed if audit is enabled
// for the command. It will check to see if the audit can be performed and
// will ensure that the cpHash is available for the audit.
// Return Type: TPM_RC
// TPM_RC_NV_UNAVAILABLE NV is not available for write
// TPM_RC_NV_RATE NV is rate limiting
static TPM_RC
CheckCommandAudit(
COMMAND *command
)
{
// If the audit digest is clear and command audit is required, NV must be
// available so that TPM2_GetCommandAuditDigest() is able to increment
// audit counter. If NV is not available, the function bails out to prevent
// the TPM from attempting an operation that would fail anyway.
if(gr.commandAuditDigest.t.size == 0
|| GetCommandCode(command->index) == TPM_CC_GetCommandAuditDigest)
{
RETURN_IF_NV_IS_NOT_AVAILABLE;
}
// Make sure that the cpHash is computed for the algorithm
ComputeCpHash(command, gp.auditHashAlg);
return TPM_RC_SUCCESS;
}
#endif
//*** ParseSessionBuffer()
// This function is the entry function for command session processing.
// It iterates sessions in session area and reports if the required authorization
// has been properly provided. It also processes audit session and passes the
// information of encryption sessions to parameter encryption module.
//
// Return Type: TPM_RC
// various parsing failure or authorization failure
//
TPM_RC
ParseSessionBuffer(
COMMAND *command // IN: the structure that contains
)
{
TPM_RC result;
UINT32 i;
INT32 size = 0;
TPM2B_AUTH extraKey;
UINT32 sessionIndex;
TPM_RC errorIndex;
SESSION *session = NULL;
//
// Check if a command allows any session in its session area.
if(!IsSessionAllowed(command->index))
return TPM_RC_AUTH_CONTEXT;
// Default-initialization.
command->sessionNum = 0;
result = RetrieveSessionData(command);
if(result != TPM_RC_SUCCESS)
return result;
// There is no command in the TPM spec that has more handles than
// MAX_SESSION_NUM.
pAssert(command->handleNum <= MAX_SESSION_NUM);
// Associate the session with an authorization handle.
for(i = 0; i < command->handleNum; i++)
{
if(CommandAuthRole(command->index, i) != AUTH_NONE)
{
// If the received session number is less than the number of handles
// that requires authorization, an error should be returned.
// Note: for all the TPM 2.0 commands, handles requiring
// authorization come first in a command input and there are only ever
// two values requiring authorization
if(i > (command->sessionNum - 1))
return TPM_RC_AUTH_MISSING;
// Record the handle associated with the authorization session
s_associatedHandles[i] = command->handles[i];
}
}
// Consistency checks are done first to avoid authorization failure when the
// command will not be executed anyway.
for(sessionIndex = 0; sessionIndex < command->sessionNum; sessionIndex++)
{
errorIndex = TPM_RC_S + g_rcIndex[sessionIndex];
// PW session must be an authorization session
if(s_sessionHandles[sessionIndex] == TPM_RS_PW)
{
if(s_associatedHandles[sessionIndex] == TPM_RH_UNASSIGNED)
return TPM_RCS_HANDLE + errorIndex;
// a password session can't be audit, encrypt or decrypt
if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit)
|| IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt)
|| IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt))
return TPM_RCS_ATTRIBUTES + errorIndex;
session = NULL;
}
else
{
session = SessionGet(s_sessionHandles[sessionIndex]);
// A trial session can not appear in session area, because it cannot
// be used for authorization, audit or encrypt/decrypt.
if(session->attributes.isTrialPolicy == SET)
return TPM_RCS_ATTRIBUTES + errorIndex;
// See if the session is bound to a DA protected entity
// NOTE: Since a policy session is never bound, a policy is still
// usable even if the object is DA protected and the TPM is in
// lockout.
if(session->attributes.isDaBound == SET)
{
result = CheckLockedOut(session->attributes.isLockoutBound == SET);
if(result != TPM_RC_SUCCESS)
return result;
}
// If this session is for auditing, make sure the cpHash is computed.
if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit))
ComputeCpHash(command, session->authHashAlg);
}
// if the session has an associated handle, check the authorization
if(s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED)
{
result = CheckAuthSession(command, sessionIndex);
if(result != TPM_RC_SUCCESS)
return RcSafeAddToResult(result, errorIndex);
}
else
{
// a session that is not for authorization must either be encrypt,
// decrypt, or audit
if(!IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit)
&& !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt)
&& !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt))
return TPM_RCS_ATTRIBUTES + errorIndex;
// no authValue included in any of the HMAC computations
pAssert(session != NULL);
session->attributes.includeAuth = CLEAR;
// check HMAC for encrypt/decrypt/audit only sessions
result = CheckSessionHMAC(command, sessionIndex);
if(result != TPM_RC_SUCCESS)
return RcSafeAddToResult(result, errorIndex);
}
}
#ifdef TPM_CC_GetCommandAuditDigest
// Check if the command should be audited. Need to do this before any parameter
// encryption so that the cpHash for the audit is correct
if(CommandAuditIsRequired(command->index))
{
result = CheckCommandAudit(command);
if(result != TPM_RC_SUCCESS)
return result; // No session number to reference
}
#endif
// Decrypt the first parameter if applicable. This should be the last operation
// in session processing.
// If the encrypt session is associated with a handle and the handle's
// authValue is available, then authValue is concatenated with sessionKey to
// generate encryption key, no matter if the handle is the session bound entity
// or not.
if(s_decryptSessionIndex != UNDEFINED_INDEX)
{
// If this is an authorization session, include the authValue in the
// generation of the decryption key
if(s_associatedHandles[s_decryptSessionIndex] != TPM_RH_UNASSIGNED)
{
EntityGetAuthValue(s_associatedHandles[s_decryptSessionIndex],
&extraKey);
}
else
{
extraKey.b.size = 0;
}
size = DecryptSize(command->index);
result = CryptParameterDecryption(s_sessionHandles[s_decryptSessionIndex],
&s_nonceCaller[s_decryptSessionIndex].b,
command->parameterSize, (UINT16)size,
&extraKey,
command->parameterBuffer);
if(result != TPM_RC_SUCCESS)
return RcSafeAddToResult(result,
TPM_RC_S + g_rcIndex[s_decryptSessionIndex]);
}
return TPM_RC_SUCCESS;
}
//*** CheckAuthNoSession()
// Function to process a command with no session associated.
// The function makes sure all the handles in the command require no authorization.
//
// Return Type: TPM_RC
// TPM_RC_AUTH_MISSING failure - one or more handles require
// authorization
TPM_RC
CheckAuthNoSession(
COMMAND *command // IN: command parsing structure
)
{
UINT32 i;
TPM_RC result = TPM_RC_SUCCESS;
//
// Check if the command requires authorization
for(i = 0; i < command->handleNum; i++)
{
if(CommandAuthRole(command->index, i) != AUTH_NONE)
return TPM_RC_AUTH_MISSING;
}
#ifdef TPM_CC_GetCommandAuditDigest
// Check if the command should be audited.
if(CommandAuditIsRequired(command->index))
{
result = CheckCommandAudit(command);
if(result != TPM_RC_SUCCESS)
return result;
}
#endif
// Initialize number of sessions to be 0
command->sessionNum = 0;
return TPM_RC_SUCCESS;
}
//** Response Session Processing
//*** Introduction
//
// The following functions build the session area in a response and handle
// the audit sessions (if present).
//
//*** ComputeRpHash()
// Function to compute rpHash (Response Parameter Hash). The rpHash is only
// computed if there is an HMAC authorization session and the return code is
// TPM_RC_SUCCESS.
static TPM2B_DIGEST *
ComputeRpHash(
COMMAND *command, // IN: command structure
TPM_ALG_ID hashAlg // IN: hash algorithm to compute rpHash
)
{
TPM2B_DIGEST *rpHash = GetRpHashPointer(command, hashAlg);
HASH_STATE hashState;
//
if(rpHash->t.size == 0)
{
// rpHash := hash(responseCode || commandCode || parameters)
// Initiate hash creation.
rpHash->t.size = CryptHashStart(&hashState, hashAlg);
// Add hash constituents.
CryptDigestUpdateInt(&hashState, sizeof(TPM_RC), TPM_RC_SUCCESS);
CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code);
CryptDigestUpdate(&hashState, command->parameterSize,
command->parameterBuffer);
// Complete hash computation.
CryptHashEnd2B(&hashState, &rpHash->b);
}
return rpHash;
}
//*** InitAuditSession()
// This function initializes the audit data in an audit session.
static void
InitAuditSession(
SESSION *session // session to be initialized
)
{
// Mark session as an audit session.
session->attributes.isAudit = SET;
// Audit session can not be bound.
session->attributes.isBound = CLEAR;
// Size of the audit log is the size of session hash algorithm digest.
session->u2.auditDigest.t.size = CryptHashGetDigestSize(session->authHashAlg);
// Set the original digest value to be 0.
MemorySet(&session->u2.auditDigest.t.buffer,
0,
session->u2.auditDigest.t.size);
return;
}
//*** UpdateAuditDigest
// Function to update an audit digest
static void
UpdateAuditDigest(
COMMAND *command,
TPMI_ALG_HASH hashAlg,
TPM2B_DIGEST *digest
)
{
HASH_STATE hashState;
TPM2B_DIGEST *cpHash = GetCpHash(command, hashAlg);
TPM2B_DIGEST *rpHash = ComputeRpHash(command, hashAlg);
//
pAssert(cpHash != NULL);
// digestNew := hash (digestOld || cpHash || rpHash)
// Start hash computation.
digest->t.size = CryptHashStart(&hashState, hashAlg);
// Add old digest.
CryptDigestUpdate2B(&hashState, &digest->b);
// Add cpHash
CryptDigestUpdate2B(&hashState, &cpHash->b);
// Add rpHash
CryptDigestUpdate2B(&hashState, &rpHash->b);
// Finalize the hash.
CryptHashEnd2B(&hashState, &digest->b);
}
//*** Audit()
//This function updates the audit digest in an audit session.
static void
Audit(
COMMAND *command, // IN: primary control structure
SESSION *auditSession // IN: loaded audit session
)
{
UpdateAuditDigest(command, auditSession->authHashAlg,
&auditSession->u2.auditDigest);
return;
}
#ifdef TPM_CC_GetCommandAuditDigest
//*** CommandAudit()
// This function updates the command audit digest.
static void
CommandAudit(
COMMAND *command // IN:
)
{
// If the digest.size is one, it indicates the special case of changing
// the audit hash algorithm. For this case, no audit is done on exit.
// NOTE: When the hash algorithm is changed, g_updateNV is set in order to
// force an update to the NV on exit so that the change in digest will
// be recorded. So, it is safe to exit here without setting any flags
// because the digest change will be written to NV when this code exits.
if(gr.commandAuditDigest.t.size == 1)
{
gr.commandAuditDigest.t.size = 0;
return;
}
// If the digest size is zero, need to start a new digest and increment
// the audit counter.
if(gr.commandAuditDigest.t.size == 0)
{
gr.commandAuditDigest.t.size = CryptHashGetDigestSize(gp.auditHashAlg);
MemorySet(gr.commandAuditDigest.t.buffer,
0,
gr.commandAuditDigest.t.size);
// Bump the counter and save its value to NV.
gp.auditCounter++;
NV_SYNC_PERSISTENT(auditCounter);
}
UpdateAuditDigest(command, gp.auditHashAlg, &gr.commandAuditDigest);
return;
}
#endif
//*** UpdateAuditSessionStatus()
// This function updates the internal audit related states of a session. It will:
// a) initialize the session as audit session and set it to be exclusive if this
// is the first time it is used for audit or audit reset was requested;
// b) report exclusive audit session;
// c) extend audit log; and
// d) clear exclusive audit session if no audit session found in the command.
static void
UpdateAuditSessionStatus(
COMMAND *command // IN: primary control structure
)
{
UINT32 i;
TPM_HANDLE auditSession = TPM_RH_UNASSIGNED;
//
// Iterate through sessions
for(i = 0; i < command->sessionNum; i++)
{
SESSION *session;
//
// PW session do not have a loaded session and can not be an audit
// session either. Skip it.
if(s_sessionHandles[i] == TPM_RS_PW)
continue;
session = SessionGet(s_sessionHandles[i]);
// If a session is used for audit
if(IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, audit))
{
// An audit session has been found
auditSession = s_sessionHandles[i];
// If the session has not been an audit session yet, or
// the auditSetting bits indicate a reset, initialize it and set
// it to be the exclusive session
if(session->attributes.isAudit == CLEAR
|| IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditReset))
{
InitAuditSession(session);
g_exclusiveAuditSession = auditSession;
}
else
{
// Check if the audit session is the current exclusive audit
// session and, if not, clear previous exclusive audit session.
if(g_exclusiveAuditSession != auditSession)
g_exclusiveAuditSession = TPM_RH_UNASSIGNED;
}
// Report audit session exclusivity.
if(g_exclusiveAuditSession == auditSession)
{
SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive);
}
else
{
CLEAR_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive);
}
// Extend audit log.
Audit(command, session);
}
}
// If no audit session is found in the command, and the command allows
// a session then, clear the current exclusive
// audit session.
if(auditSession == TPM_RH_UNASSIGNED && IsSessionAllowed(command->index))
{
g_exclusiveAuditSession = TPM_RH_UNASSIGNED;
}
return;
}
//*** ComputeResponseHMAC()
// Function to compute HMAC for authorization session in a response.
/*(See part 1 specification)
// Function: Compute HMAC for response sessions
// The sessionAuth value
// authHMAC := HMACsHASH((sessionAuth | authValue),
// (pHash | nonceTPM | nonceCaller | sessionAttributes))
// Where:
// HMACsHASH() The HMAC algorithm using the hash algorithm specified when
// the session was started.
//
// sessionAuth A TPMB_MEDIUM computed in a protocol-dependent way, using
// KDFa. In an HMAC or KDF, only sessionAuth.buffer is used.
//
// authValue A TPM2B_AUTH that is found in the sensitive area of an
// object. In an HMAC or KDF, only authValue.buffer is used
// and all trailing zeros are removed.
//
// pHash Response parameters (rpHash) using the session hash. When
// using a pHash in an HMAC computation, both the algorithm ID
// and the digest are included.
//
// nonceTPM A TPM2B_NONCE that is generated by the entity using the
// session. In an HMAC or KDF, only nonceTPM.buffer is used.
//
// nonceCaller a TPM2B_NONCE that was received the previous time the
// session was used. In an HMAC or KDF, only
// nonceCaller.buffer is used.
//
// sessionAttributes A TPMA_SESSION that indicates the attributes associated
// with a particular use of the session.
*/
static void
ComputeResponseHMAC(
COMMAND *command, // IN: command structure
UINT32 sessionIndex, // IN: session index to be processed
SESSION *session, // IN: loaded session
TPM2B_DIGEST *hmac // OUT: authHMAC
)
{
TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2));
TPM2B_KEY key; // HMAC key
BYTE marshalBuffer[sizeof(TPMA_SESSION)];
BYTE *buffer;
UINT32 marshalSize;
HMAC_STATE hmacState;
TPM2B_DIGEST *rpHash = ComputeRpHash(command, session->authHashAlg);
//
// Generate HMAC key
MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer));
// Add the object authValue if required
if(session->attributes.includeAuth == SET)
{
// Note: includeAuth may be SET for a policy that is used in
// UndefineSpaceSpecial(). At this point, the Index has been deleted
// so the includeAuth will have no meaning. However, the
// s_associatedHandles[] value for the session is now set to TPM_RH_NULL so
// this will return the authValue associated with TPM_RH_NULL and that is
// and empty buffer.
TPM2B_AUTH authValue;
//
// Get the authValue with trailing zeros removed
EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue);
// Add it to the key
MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer));
}
// if the HMAC key size is 0, the response HMAC is computed according to the
// input HMAC
if(key.t.size == 0
&& s_inputAuthValues[sessionIndex].t.size == 0)
{
hmac->t.size = 0;
return;
}
// Start HMAC computation.
hmac->t.size = CryptHmacStart2B(&hmacState, session->authHashAlg, &key.b);
// Add hash components.
CryptDigestUpdate2B(&hmacState.hashState, &rpHash->b);
CryptDigestUpdate2B(&hmacState.hashState, &session->nonceTPM.b);
CryptDigestUpdate2B(&hmacState.hashState, &s_nonceCaller[sessionIndex].b);
// Add session attributes.
buffer = marshalBuffer;
marshalSize = TPMA_SESSION_Marshal(&s_attributes[sessionIndex], &buffer, NULL);
CryptDigestUpdate(&hmacState.hashState, marshalSize, marshalBuffer);
// Finalize HMAC.
CryptHmacEnd2B(&hmacState, &hmac->b);
return;
}
//*** UpdateInternalSession()
// This function updates internal sessions by:
// a) restarting session time; and
// b) clearing a policy session since nonce is rolling.
static void
UpdateInternalSession(
SESSION *session, // IN: the session structure
UINT32 i // IN: session number
)
{
// If nonce is rolling in a policy session, the policy related data
// will be re-initialized.
if(HandleGetType(s_sessionHandles[i]) == TPM_HT_POLICY_SESSION
&& IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession))
{
// When the nonce rolls it starts a new timing interval for the
// policy session.
SessionResetPolicyData(session);
SessionSetStartTime(session);
}
return;
}
//*** BuildSingleResponseAuth()
// Function to compute response HMAC value for a policy or HMAC session.
static TPM2B_NONCE *
BuildSingleResponseAuth(
COMMAND *command, // IN: command structure
UINT32 sessionIndex, // IN: session index to be processed
TPM2B_AUTH *auth // OUT: authHMAC
)
{
// Fill in policy/HMAC based session response.
SESSION *session = SessionGet(s_sessionHandles[sessionIndex]);
//
// If the session is a policy session with isPasswordNeeded SET, the
// authorization field is empty.
if(HandleGetType(s_sessionHandles[sessionIndex]) == TPM_HT_POLICY_SESSION
&& session->attributes.isPasswordNeeded == SET)
auth->t.size = 0;
else
// Compute response HMAC.
ComputeResponseHMAC(command, sessionIndex, session, auth);
UpdateInternalSession(session, sessionIndex);
return &session->nonceTPM;
}
//*** UpdateAllNonceTPM()
// Updates TPM nonce for all sessions in command.
static void
UpdateAllNonceTPM(
COMMAND *command // IN: controlling structure
)
{
UINT32 i;
SESSION *session;
//
for(i = 0; i < command->sessionNum; i++)
{
// If not a PW session, compute the new nonceTPM.
if(s_sessionHandles[i] != TPM_RS_PW)
{
session = SessionGet(s_sessionHandles[i]);
// Update nonceTPM in both internal session and response.
CryptRandomGenerate(session->nonceTPM.t.size,
session->nonceTPM.t.buffer);
}
}
return;
}
//*** BuildResponseSession()
// Function to build Session buffer in a response. The authorization data is added
// to the end of command->responseBuffer. The size of the authorization area is
// accumulated in command->authSize.
// When this is called, command->responseBuffer is pointing at the next location
// in the response buffer to be filled. This is where the authorization sessions
// will go, if any. command->parameterSize is the number of bytes that have been
// marshaled as parameters in the output buffer.
void
BuildResponseSession(
COMMAND *command // IN: structure that has relevant command
// information
)
{
pAssert(command->authSize == 0);
// Reset the parameter buffer to point to the start of the parameters so that
// there is a starting point for any rpHash that might be generated and so there
// is a place where parameter encryption would start
command->parameterBuffer = command->responseBuffer - command->parameterSize;
// Session nonces should be updated before parameter encryption
if(command->tag == TPM_ST_SESSIONS)
{
UpdateAllNonceTPM(command);
// Encrypt first parameter if applicable. Parameter encryption should
// happen after nonce update and before any rpHash is computed.
// If the encrypt session is associated with a handle, the authValue of
// this handle will be concatenated with sessionKey to generate
// encryption key, no matter if the handle is the session bound entity
// or not. The authValue is added to sessionKey only when the authValue
// is available.
if(s_encryptSessionIndex != UNDEFINED_INDEX)
{
UINT32 size;
TPM2B_AUTH extraKey;
//
extraKey.b.size = 0;
// If this is an authorization session, include the authValue in the
// generation of the encryption key
if(s_associatedHandles[s_encryptSessionIndex] != TPM_RH_UNASSIGNED)
{
EntityGetAuthValue(s_associatedHandles[s_encryptSessionIndex],
&extraKey);
}
size = EncryptSize(command->index);
CryptParameterEncryption(s_sessionHandles[s_encryptSessionIndex],
&s_nonceCaller[s_encryptSessionIndex].b,
(UINT16)size,
&extraKey,
command->parameterBuffer);
}
}
// Audit sessions should be processed regardless of the tag because
// a command with no session may cause a change of the exclusivity state.
UpdateAuditSessionStatus(command);
#if CC_GetCommandAuditDigest
// Command Audit
if(CommandAuditIsRequired(command->index))
CommandAudit(command);
#endif
// Process command with sessions.
if(command->tag == TPM_ST_SESSIONS)
{
UINT32 i;
//
pAssert(command->sessionNum > 0);
// Iterate over each session in the command session area, and create
// corresponding sessions for response.
for(i = 0; i < command->sessionNum; i++)
{
TPM2B_NONCE *nonceTPM;
TPM2B_DIGEST responseAuth;
// Make sure that continueSession is SET on any Password session.
// This makes it marginally easier for the management software
// to keep track of the closed sessions.
if(s_sessionHandles[i] == TPM_RS_PW)
{
SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession);
responseAuth.t.size = 0;
nonceTPM = (TPM2B_NONCE *)&responseAuth;
}
else
{
// Compute the response HMAC and get a pointer to the nonce used.
// This function will also update the values if needed. Note, the
nonceTPM = BuildSingleResponseAuth(command, i, &responseAuth);
}
command->authSize += TPM2B_NONCE_Marshal(nonceTPM,
&command->responseBuffer,
NULL);
command->authSize += TPMA_SESSION_Marshal(&s_attributes[i],
&command->responseBuffer,
NULL);
command->authSize += TPM2B_DIGEST_Marshal(&responseAuth,
&command->responseBuffer,
NULL);
if(!IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession))
SessionFlush(s_sessionHandles[i]);
}
}
return;
}
//*** SessionRemoveAssociationToHandle()
// This function deals with the case where an entity associated with an authorization
// is deleted during command processing. The primary use of this is to support
// UndefineSpaceSpecial().
void
SessionRemoveAssociationToHandle(
TPM_HANDLE handle
)
{
UINT32 i;
//
for(i = 0; i < MAX_SESSION_NUM; i++)
{
if(s_associatedHandles[i] == handle)
{
s_associatedHandles[i] = TPM_RH_NULL;
}
}
}