1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /***********************************************************************
3  * Copyright (c) 2015 - 2018, Intel Corporation
4  *
5  * All rights reserved.
6  ***********************************************************************/
7 
8 #ifdef HAVE_CONFIG_H
9 #include <config.h>
10 #endif
11 
12 #include "util/tss2_endian.h"
13 #include "tss2_tpm2_types.h"
14 #include "tss2_mu.h"
15 #include "sysapi_util.h"
16 #include <string.h>
17 
Tss2_Sys_GetRspAuths(TSS2_SYS_CONTEXT * sysContext,TSS2L_SYS_AUTH_RESPONSE * rspAuthsArray)18 TSS2_RC Tss2_Sys_GetRspAuths(
19     TSS2_SYS_CONTEXT *sysContext,
20     TSS2L_SYS_AUTH_RESPONSE *rspAuthsArray)
21 {
22     _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
23     TSS2_RC rval = TSS2_RC_SUCCESS;
24     size_t offset = 0, offset_tmp;
25     unsigned i = 0;
26     UINT32 rspParamsSize;
27 
28     if (!ctx || !rspAuthsArray)
29         return TSS2_SYS_RC_BAD_REFERENCE;
30 
31     if (ctx->previousStage != CMD_STAGE_RECEIVE_RESPONSE ||
32         ctx->rsp_header.responseCode != TSS2_RC_SUCCESS ||
33         ctx->authAllowed == 0)
34         return TSS2_SYS_RC_BAD_SEQUENCE;
35 
36     if (TPM2_ST_SESSIONS != ctx->rsp_header.tag)
37         return TSS2_SYS_RC_BAD_SEQUENCE;
38 
39     offset += sizeof(TPM20_Header_Out);
40     offset += ctx->numResponseHandles * sizeof(TPM2_HANDLE);
41     memcpy(&rspParamsSize, ctx->rspParamsSize, sizeof(rspParamsSize));
42     offset += BE_TO_HOST_32(rspParamsSize);
43     offset += sizeof(UINT32);
44     offset_tmp = offset;
45 
46     /* Validate the auth area before copying it */
47     for (i = 0; i < ctx->authsCount; i++) {
48 
49         if (offset_tmp > ctx->rsp_header.responseSize)
50             return TSS2_SYS_RC_MALFORMED_RESPONSE;
51 
52         UINT16 tmp;
53         memcpy(&tmp, ctx->cmdBuffer + offset_tmp, sizeof(UINT16));
54         offset_tmp += sizeof(UINT16);
55         offset_tmp += BE_TO_HOST_16(tmp);
56 
57         if (offset_tmp > ctx->rsp_header.responseSize)
58             return TSS2_SYS_RC_MALFORMED_RESPONSE;
59 
60         offset_tmp += 1;
61 
62         if (offset_tmp > ctx->rsp_header.responseSize)
63             return TSS2_SYS_RC_MALFORMED_RESPONSE;
64 
65         memcpy(&tmp, ctx->cmdBuffer + offset_tmp, sizeof(UINT16));
66         offset_tmp += sizeof(UINT16);
67         offset_tmp += BE_TO_HOST_16(tmp);
68 
69         if (offset_tmp > ctx->rsp_header.responseSize)
70             return TSS2_SYS_RC_MALFORMED_RESPONSE;
71 
72         if (i + 1 > ctx->authsCount)
73             return TSS2_SYS_RC_INVALID_SESSIONS;
74     }
75 
76     /* Unmarshal the auth area */
77     for (i = 0; i < ctx->authsCount; i++) {
78         rval = Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal(ctx->cmdBuffer,
79                                             ctx->maxCmdSize,
80                                             &offset, &rspAuthsArray->auths[i]);
81         if (rval)
82             break;
83     }
84 
85     rspAuthsArray->count = ctx->authsCount;
86 
87     return rval;
88 }
89