1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /***********************************************************************;
3  * Copyright (c) 2015 - 2017, Intel Corporation
4  * All rights reserved.
5  ***********************************************************************/
6 
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10 
11 #include "tss2_tpm2_types.h"
12 #include "tss2_mu.h"
13 #include "sysapi_util.h"
14 
Tss2_Sys_StartAuthSession_Prepare(TSS2_SYS_CONTEXT * sysContext,TPMI_DH_OBJECT tpmKey,TPMI_DH_ENTITY bind,const TPM2B_NONCE * nonceCaller,const TPM2B_ENCRYPTED_SECRET * encryptedSalt,TPM2_SE sessionType,const TPMT_SYM_DEF * symmetric,TPMI_ALG_HASH authHash)15 TSS2_RC Tss2_Sys_StartAuthSession_Prepare(
16     TSS2_SYS_CONTEXT *sysContext,
17     TPMI_DH_OBJECT tpmKey,
18     TPMI_DH_ENTITY bind,
19     const TPM2B_NONCE *nonceCaller,
20     const TPM2B_ENCRYPTED_SECRET *encryptedSalt,
21     TPM2_SE sessionType,
22     const TPMT_SYM_DEF *symmetric,
23     TPMI_ALG_HASH authHash)
24 {
25     _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
26     TSS2_RC rval;
27 
28     if (!ctx || !symmetric)
29         return TSS2_SYS_RC_BAD_REFERENCE;
30 
31     if (IsAlgorithmWeak(authHash, 0))
32         return TSS2_SYS_RC_BAD_VALUE;
33 
34     rval = CommonPreparePrologue(ctx, TPM2_CC_StartAuthSession);
35     if (rval)
36         return rval;
37 
38     rval = Tss2_MU_UINT32_Marshal(tpmKey, ctx->cmdBuffer,
39                                   ctx->maxCmdSize,
40                                   &ctx->nextData);
41     if (rval)
42         return rval;
43 
44     rval = Tss2_MU_UINT32_Marshal(bind, ctx->cmdBuffer,
45                                   ctx->maxCmdSize,
46                                   &ctx->nextData);
47     if (rval)
48         return rval;
49 
50     if (!nonceCaller) {
51         ctx->decryptNull = 1;
52 
53         rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer,
54                                       ctx->maxCmdSize,
55                                       &ctx->nextData);
56     } else {
57 
58         rval = Tss2_MU_TPM2B_NONCE_Marshal(nonceCaller, ctx->cmdBuffer,
59                                            ctx->maxCmdSize,
60                                            &ctx->nextData);
61     }
62 
63     if (rval)
64         return rval;
65 
66     if (!encryptedSalt) {
67         rval = Tss2_MU_UINT16_Marshal(0, ctx->cmdBuffer,
68                                       ctx->maxCmdSize,
69                                       &ctx->nextData);
70 
71     } else {
72 
73         rval = Tss2_MU_TPM2B_ENCRYPTED_SECRET_Marshal(encryptedSalt,
74                                                       ctx->cmdBuffer,
75                                                       ctx->maxCmdSize,
76                                                       &ctx->nextData);
77     }
78 
79     if (rval)
80         return rval;
81 
82     rval = Tss2_MU_UINT8_Marshal(sessionType, ctx->cmdBuffer,
83                                  ctx->maxCmdSize,
84                                  &ctx->nextData);
85     if (rval)
86         return rval;
87 
88     rval = Tss2_MU_TPMT_SYM_DEF_Marshal(symmetric, ctx->cmdBuffer,
89                                         ctx->maxCmdSize,
90                                         &ctx->nextData);
91     if (rval)
92         return rval;
93 
94     rval = Tss2_MU_UINT16_Marshal(authHash, ctx->cmdBuffer,
95                                   ctx->maxCmdSize,
96                                   &ctx->nextData);
97     if (rval)
98         return rval;
99 
100     ctx->decryptAllowed = 1;
101     ctx->encryptAllowed = 1;
102     ctx->authAllowed = 1;
103 
104     return CommonPrepareEpilogue(ctx);
105 }
106 
Tss2_Sys_StartAuthSession_Complete(TSS2_SYS_CONTEXT * sysContext,TPMI_SH_AUTH_SESSION * sessionHandle,TPM2B_NONCE * nonceTPM)107 TSS2_RC Tss2_Sys_StartAuthSession_Complete(
108     TSS2_SYS_CONTEXT *sysContext,
109     TPMI_SH_AUTH_SESSION *sessionHandle,
110     TPM2B_NONCE *nonceTPM)
111 {
112     _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
113     TSS2_RC rval;
114 
115     if (!ctx)
116         return TSS2_SYS_RC_BAD_REFERENCE;
117 
118     rval = Tss2_MU_UINT32_Unmarshal(ctx->cmdBuffer,
119                                     ctx->maxCmdSize,
120                                     &ctx->nextData,
121                                     sessionHandle);
122     if (rval)
123         return rval;
124 
125     rval = CommonComplete(ctx);
126     if (rval)
127         return rval;
128 
129     return Tss2_MU_TPM2B_NONCE_Unmarshal(ctx->cmdBuffer,
130                                          ctx->maxCmdSize,
131                                          &ctx->nextData, nonceTPM);
132 }
133 
Tss2_Sys_StartAuthSession(TSS2_SYS_CONTEXT * sysContext,TPMI_DH_OBJECT tpmKey,TPMI_DH_ENTITY bind,TSS2L_SYS_AUTH_COMMAND const * cmdAuthsArray,const TPM2B_NONCE * nonceCaller,const TPM2B_ENCRYPTED_SECRET * encryptedSalt,TPM2_SE sessionType,const TPMT_SYM_DEF * symmetric,TPMI_ALG_HASH authHash,TPMI_SH_AUTH_SESSION * sessionHandle,TPM2B_NONCE * nonceTPM,TSS2L_SYS_AUTH_RESPONSE * rspAuthsArray)134 TSS2_RC Tss2_Sys_StartAuthSession(
135     TSS2_SYS_CONTEXT *sysContext,
136     TPMI_DH_OBJECT tpmKey,
137     TPMI_DH_ENTITY bind,
138     TSS2L_SYS_AUTH_COMMAND const *cmdAuthsArray,
139     const TPM2B_NONCE *nonceCaller,
140     const TPM2B_ENCRYPTED_SECRET *encryptedSalt,
141     TPM2_SE sessionType,
142     const TPMT_SYM_DEF *symmetric,
143     TPMI_ALG_HASH authHash,
144     TPMI_SH_AUTH_SESSION *sessionHandle,
145     TPM2B_NONCE *nonceTPM,
146     TSS2L_SYS_AUTH_RESPONSE *rspAuthsArray)
147 {
148     _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
149     TSS2_RC rval;
150 
151     if (!symmetric)
152         return TSS2_SYS_RC_BAD_REFERENCE;
153 
154     rval = Tss2_Sys_StartAuthSession_Prepare(sysContext, tpmKey, bind, nonceCaller, encryptedSalt, sessionType, symmetric, authHash);
155     if (rval)
156         return rval;
157 
158     rval = CommonOneCall(ctx, cmdAuthsArray, rspAuthsArray);
159     if (rval)
160         return rval;
161 
162     return Tss2_Sys_StartAuthSession_Complete(sysContext, sessionHandle, nonceTPM);
163 }
164