1 /*############################################################################
2 # Copyright 2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #     http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16 /// TPM context implementation.
17 /*! \file */
18 
19 #include "epid/member/tpm2/context.h"
20 
21 #include <tss2/TPM_Types.h>
22 #include <tss2/tss.h>
23 
24 #include "epid/common/math/finitefield.h"
25 #include "epid/common/src/epid2params.h"
26 #include "epid/common/src/memory.h"
27 #include "epid/member/tpm2/getrandom.h"
28 #include "epid/member/tpm2/ibm_tss/printtss.h"
29 #include "epid/member/tpm2/ibm_tss/state.h"
30 #include "epid/member/tpm_member.h"
31 
32 /// Handle Intel(R) EPID Error with Break
33 #define BREAK_ON_EPID_ERROR(ret) \
34   if (kEpidNoErr != (ret)) {     \
35     break;                       \
36   }
37 
38 /// Deletes key from TPM
39 /*!
40 \param[in,out] ctx
41 TPM context.
42 
43 \returns ::EpidStatus
44 */
45 void Tpm2FlushKey(Tpm2Ctx* ctx);
46 
47 /// Flag that indicates that context was already created
48 bool is_context_already_created = false;
49 
50 /// Internal Random function as a BitSupplier
tpm2_rnd_func(unsigned int * rand_data,int num_bits,void * user_data)51 static int __STDCALL tpm2_rnd_func(unsigned int* rand_data, int num_bits,
52                                    void* user_data) {
53   return Tpm2GetRandom((Tpm2Ctx*)user_data, num_bits, rand_data);
54 }
55 
Tpm2CreateContext(MemberParams const * params,Epid2Params_ const * epid2_params,BitSupplier * rnd_func,void ** rnd_param,const FpElemStr ** f,Tpm2Ctx ** ctx)56 EpidStatus Tpm2CreateContext(MemberParams const* params,
57                              Epid2Params_ const* epid2_params,
58                              BitSupplier* rnd_func, void** rnd_param,
59                              const FpElemStr** f, Tpm2Ctx** ctx) {
60   EpidStatus sts = kEpidNoErr;
61   TPM_RC rc = TPM_RC_FAILURE;
62   Tpm2Ctx* tpm_ctx = NULL;
63   FfElement* ff_elem = NULL;
64   if (!params || !epid2_params || !rnd_func || !rnd_param || !f || !ctx) {
65     return kEpidBadArgErr;
66   }
67 
68   if (is_context_already_created) {
69     return kEpidBadArgErr;
70   }
71   is_context_already_created = true;
72 
73   tpm_ctx = SAFE_ALLOC(sizeof(Tpm2Ctx));
74   if (!tpm_ctx) {
75     return kEpidMemAllocErr;
76   }
77 
78   do {
79     if (params->f) {
80       FiniteField* Fp = epid2_params->Fp;
81       // Validate f
82       sts = NewFfElement(Fp, &ff_elem);
83       BREAK_ON_EPID_ERROR(sts);
84       sts = ReadFfElement(Fp, params->f, sizeof(*params->f), ff_elem);
85       BREAK_ON_EPID_ERROR(sts);
86     }
87 
88     tpm_ctx->epid2_params = epid2_params;
89     tpm_ctx->key_handle = 0;
90     tpm_ctx->hash_alg = kInvalidHashAlg;
91 
92     rc = TSS_Create(&tpm_ctx->tss);
93     if (rc != TPM_RC_SUCCESS) {
94       sts = kEpidErr;
95       break;
96     }
97 
98     *ctx = tpm_ctx;
99     *rnd_func = tpm2_rnd_func;
100     *rnd_param = *ctx;
101     *f = params->f;
102     sts = kEpidNoErr;
103   } while (0);
104   DeleteFfElement(&ff_elem);
105   if (kEpidNoErr != sts) {
106     Tpm2DeleteContext(&tpm_ctx);
107     *ctx = NULL;
108   }
109   return sts;
110 }
111 
Tpm2DeleteContext(Tpm2Ctx ** ctx)112 void Tpm2DeleteContext(Tpm2Ctx** ctx) {
113   is_context_already_created = false;
114   if (ctx && *ctx) {
115     Tpm2FlushKey(*ctx);
116     TSS_Delete((*ctx)->tss);
117     SAFE_FREE(*ctx);
118   }
119 }
120 
Tpm2SetHashAlg(Tpm2Ctx * ctx,HashAlg hash_alg)121 EpidStatus Tpm2SetHashAlg(Tpm2Ctx* ctx, HashAlg hash_alg) {
122   if (!ctx) return kEpidBadArgErr;
123   if (kSha256 != hash_alg && kSha384 != hash_alg && kSha512 != hash_alg &&
124       kSha512_256 != hash_alg)
125     return kEpidHashAlgorithmNotSupported;
126   // can not change hash alg of existing TPM2 key object
127   if (ctx->key_handle) return kEpidOutOfSequenceError;
128   ctx->hash_alg = hash_alg;
129   return kEpidNoErr;
130 }
131 
Tpm2ResetContext(Tpm2Ctx ** ctx)132 void Tpm2ResetContext(Tpm2Ctx** ctx) {
133   if (ctx && *ctx) {
134     Tpm2FlushKey(*ctx);
135   }
136 }
137 
Tpm2FlushKey(Tpm2Ctx * ctx)138 void Tpm2FlushKey(Tpm2Ctx* ctx) {
139   if (ctx->key_handle) {
140     TPM_RC rc;
141     FlushContext_In in;
142     in.flushHandle = ctx->key_handle;
143     rc = TSS_Execute(ctx->tss, NULL, (COMMAND_PARAMETERS*)&in, NULL,
144                      TPM_CC_FlushContext, TPM_RH_NULL, NULL, 0);
145     if (rc != TPM_RC_SUCCESS) {
146       print_tpm2_response_code("TPM2_FlushContext", rc);
147     }
148     ctx->key_handle = 0;
149   }
150 }
151