1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 ******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include "tss2_mu.h"
12 #include "tss2_sys.h"
13 #include "tss2_esys.h"
14
15 #include "esys_types.h"
16 #include "esys_iutil.h"
17 #include "esys_mu.h"
18 #define LOGMODULE esys
19 #include "util/log.h"
20 #include "util/aux_util.h"
21
22 /** One-Call function for TPM2_SetCommandCodeAuditStatus
23 *
24 * This function invokes the TPM2_SetCommandCodeAuditStatus command in a one-call
25 * variant. This means the function will block until the TPM response is
26 * available. All input parameters are const. The memory for non-simple output
27 * parameters is allocated by the function implementation.
28 *
29 * @param[in,out] esysContext The ESYS_CONTEXT.
30 * @param[in] auth TPM2_RH_OWNER or TPM2_RH_PLATFORM+{PP}.
31 * @param[in] shandle1 Session handle for authorization of auth
32 * @param[in] shandle2 Second session handle.
33 * @param[in] shandle3 Third session handle.
34 * @param[in] auditAlg TPM2_Hash algorithm for the audit digest; if TPM2_ALG_NULL,
35 * then the hash is not changed.
36 * @param[in] setList List of commands that will be added to those that will
37 * be audited.
38 * @param[in] clearList List of commands that will no longer be audited.
39 * @retval TSS2_RC_SUCCESS if the function call was a success.
40 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
41 * pointers or required output handle references are NULL.
42 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
43 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
44 * internal operations or return parameters.
45 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
46 * operation already pending.
47 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
48 * at least contain the tag, response length, and response code.
49 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
50 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM
51 did not verify.
52 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
53 * the 'decrypt' attribute bit set.
54 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
55 * the 'encrypt' attribute bit set.
56 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
57 * to the ESYS_CONTEXT or are of the wrong type or if required
58 * ESYS_TR objects are ESYS_TR_NONE.
59 * @retval TSS2_ESYS_RC_NO_DECRYPT_PARAM: if one of the sessions has the
60 * 'decrypt' attribute set and the command does not support encryption
61 * of the first command parameter.
62 * @retval TSS2_ESYS_RC_NO_ENCRYPT_PARAM: if one of the sessions has the
63 * 'encrypt' attribute set and the command does not support encryption
64 * of the first response parameter.
65 * @retval TSS2_RCs produced by lower layers of the software stack may be
66 * returned to the caller unaltered unless handled internally.
67 */
68 TSS2_RC
Esys_SetCommandCodeAuditStatus(ESYS_CONTEXT * esysContext,ESYS_TR auth,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,TPMI_ALG_HASH auditAlg,const TPML_CC * setList,const TPML_CC * clearList)69 Esys_SetCommandCodeAuditStatus(
70 ESYS_CONTEXT *esysContext,
71 ESYS_TR auth,
72 ESYS_TR shandle1,
73 ESYS_TR shandle2,
74 ESYS_TR shandle3,
75 TPMI_ALG_HASH auditAlg,
76 const TPML_CC *setList,
77 const TPML_CC *clearList)
78 {
79 TSS2_RC r;
80
81 r = Esys_SetCommandCodeAuditStatus_Async(esysContext, auth, shandle1,
82 shandle2, shandle3, auditAlg,
83 setList, clearList);
84 return_if_error(r, "Error in async function");
85
86 /* Set the timeout to indefinite for now, since we want _Finish to block */
87 int32_t timeouttmp = esysContext->timeout;
88 esysContext->timeout = -1;
89 /*
90 * Now we call the finish function, until return code is not equal to
91 * from TSS2_BASE_RC_TRY_AGAIN.
92 * Note that the finish function may return TSS2_RC_TRY_AGAIN, even if we
93 * have set the timeout to -1. This occurs for example if the TPM requests
94 * a retransmission of the command via TPM2_RC_YIELDED.
95 */
96 do {
97 r = Esys_SetCommandCodeAuditStatus_Finish(esysContext);
98 /* This is just debug information about the reattempt to finish the
99 command */
100 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN)
101 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32
102 " => resubmitting command", r);
103 } while ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN);
104
105 /* Restore the timeout value to the original value */
106 esysContext->timeout = timeouttmp;
107 return_if_error(r, "Esys Finish");
108
109 return TSS2_RC_SUCCESS;
110 }
111
112 /** Asynchronous function for TPM2_SetCommandCodeAuditStatus
113 *
114 * This function invokes the TPM2_SetCommandCodeAuditStatus command in a asynchronous
115 * variant. This means the function will return as soon as the command has been
116 * sent downwards the stack to the TPM. All input parameters are const.
117 * In order to retrieve the TPM's response call Esys_SetCommandCodeAuditStatus_Finish.
118 *
119 * @param[in,out] esysContext The ESYS_CONTEXT.
120 * @param[in] auth TPM2_RH_OWNER or TPM2_RH_PLATFORM+{PP}.
121 * @param[in] shandle1 Session handle for authorization of auth
122 * @param[in] shandle2 Second session handle.
123 * @param[in] shandle3 Third session handle.
124 * @param[in] auditAlg TPM2_Hash algorithm for the audit digest; if TPM2_ALG_NULL,
125 * then the hash is not changed.
126 * @param[in] setList List of commands that will be added to those that will
127 * be audited.
128 * @param[in] clearList List of commands that will no longer be audited.
129 * @retval ESYS_RC_SUCCESS if the function call was a success.
130 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
131 * pointers or required output handle references are NULL.
132 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
133 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
134 * internal operations or return parameters.
135 * @retval TSS2_RCs produced by lower layers of the software stack may be
136 returned to the caller unaltered unless handled internally.
137 * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has
138 * the 'decrypt' attribute bit set.
139 * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has
140 * the 'encrypt' attribute bit set.
141 * @retval TSS2_ESYS_RC_BAD_TR: if any of the ESYS_TR objects are unknown
142 * to the ESYS_CONTEXT or are of the wrong type or if required
143 * ESYS_TR objects are ESYS_TR_NONE.
144 * @retval TSS2_ESYS_RC_NO_DECRYPT_PARAM: if one of the sessions has the
145 * 'decrypt' attribute set and the command does not support encryption
146 * of the first command parameter.
147 * @retval TSS2_ESYS_RC_NO_ENCRYPT_PARAM: if one of the sessions has the
148 * 'encrypt' attribute set and the command does not support encryption
149 * of the first response parameter.
150 */
151 TSS2_RC
Esys_SetCommandCodeAuditStatus_Async(ESYS_CONTEXT * esysContext,ESYS_TR auth,ESYS_TR shandle1,ESYS_TR shandle2,ESYS_TR shandle3,TPMI_ALG_HASH auditAlg,const TPML_CC * setList,const TPML_CC * clearList)152 Esys_SetCommandCodeAuditStatus_Async(
153 ESYS_CONTEXT *esysContext,
154 ESYS_TR auth,
155 ESYS_TR shandle1,
156 ESYS_TR shandle2,
157 ESYS_TR shandle3,
158 TPMI_ALG_HASH auditAlg,
159 const TPML_CC *setList,
160 const TPML_CC *clearList)
161 {
162 TSS2_RC r;
163 LOG_TRACE("context=%p, auth=%"PRIx32 ", auditAlg=%04"PRIx16","
164 "setList=%p, clearList=%p",
165 esysContext, auth, auditAlg, setList, clearList);
166 TSS2L_SYS_AUTH_COMMAND auths;
167 RSRC_NODE_T *authNode;
168
169 /* Check context, sequence correctness and set state to error for now */
170 if (esysContext == NULL) {
171 LOG_ERROR("esyscontext is NULL.");
172 return TSS2_ESYS_RC_BAD_REFERENCE;
173 }
174 r = iesys_check_sequence_async(esysContext);
175 if (r != TSS2_RC_SUCCESS)
176 return r;
177 esysContext->state = _ESYS_STATE_INTERNALERROR;
178
179 /* Check input parameters */
180 r = check_session_feasibility(shandle1, shandle2, shandle3, 1);
181 return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage");
182
183 /* Retrieve the metadata objects for provided handles */
184 r = esys_GetResourceObject(esysContext, auth, &authNode);
185 return_state_if_error(r, _ESYS_STATE_INIT, "auth unknown.");
186
187 /* Initial invocation of SAPI to prepare the command buffer with parameters */
188 r = Tss2_Sys_SetCommandCodeAuditStatus_Prepare(esysContext->sys,
189 (authNode == NULL)
190 ? TPM2_RH_NULL
191 : authNode->rsrc.handle,
192 auditAlg, setList,
193 clearList);
194 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error.");
195
196 /* Calculate the cpHash Values */
197 r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
198 return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources");
199 if (authNode != NULL)
200 iesys_compute_session_value(esysContext->session_tab[0],
201 &authNode->rsrc.name, &authNode->auth);
202 else
203 iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL);
204
205 iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL);
206 iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL);
207
208 /* Generate the auth values and set them in the SAPI command buffer */
209 r = iesys_gen_auths(esysContext, authNode, NULL, NULL, &auths);
210 return_state_if_error(r, _ESYS_STATE_INIT,
211 "Error in computation of auth values");
212
213 esysContext->authsCount = auths.count;
214 if (auths.count > 0) {
215 r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths);
216 return_state_if_error(r, _ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
217 }
218
219 /* Trigger execution and finish the async invocation */
220 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
221 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
222 "Finish (Execute Async)");
223
224 esysContext->state = _ESYS_STATE_SENT;
225
226 return r;
227 }
228
229 /** Asynchronous finish function for TPM2_SetCommandCodeAuditStatus
230 *
231 * This function returns the results of a TPM2_SetCommandCodeAuditStatus command
232 * invoked via Esys_SetCommandCodeAuditStatus_Finish. All non-simple output parameters
233 * are allocated by the function's implementation. NULL can be passed for every
234 * output parameter if the value is not required.
235 *
236 * @param[in,out] esysContext The ESYS_CONTEXT.
237 * @retval TSS2_RC_SUCCESS on success
238 * @retval ESYS_RC_SUCCESS if the function call was a success.
239 * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
240 * pointers or required output handle references are NULL.
241 * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
242 * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
243 * internal operations or return parameters.
244 * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
245 * operation already pending.
246 * @retval TSS2_ESYS_RC_TRY_AGAIN: if the timeout counter expires before the
247 * TPM response is received.
248 * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
249 * at least contain the tag, response length, and response code.
250 * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM did
251 * not verify.
252 * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
253 * @retval TSS2_RCs produced by lower layers of the software stack may be
254 * returned to the caller unaltered unless handled internally.
255 */
256 TSS2_RC
Esys_SetCommandCodeAuditStatus_Finish(ESYS_CONTEXT * esysContext)257 Esys_SetCommandCodeAuditStatus_Finish(
258 ESYS_CONTEXT *esysContext)
259 {
260 TSS2_RC r;
261 LOG_TRACE("context=%p",
262 esysContext);
263
264 if (esysContext == NULL) {
265 LOG_ERROR("esyscontext is NULL.");
266 return TSS2_ESYS_RC_BAD_REFERENCE;
267 }
268
269 /* Check for correct sequence and set sequence to irregular for now */
270 if (esysContext->state != _ESYS_STATE_SENT &&
271 esysContext->state != _ESYS_STATE_RESUBMISSION) {
272 LOG_ERROR("Esys called in bad sequence.");
273 return TSS2_ESYS_RC_BAD_SEQUENCE;
274 }
275 esysContext->state = _ESYS_STATE_INTERNALERROR;
276
277 /*Receive the TPM response and handle resubmissions if necessary. */
278 r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
279 if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
280 LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
281 esysContext->state = _ESYS_STATE_SENT;
282 return r;
283 }
284 /* This block handle the resubmission of TPM commands given a certain set of
285 * TPM response codes. */
286 if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) {
287 LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a "
288 "resubmission: %" PRIx32, r);
289 if (esysContext->submissionCount++ >= _ESYS_MAX_SUBMISSIONS) {
290 LOG_WARNING("Maximum number of (re)submissions has been reached.");
291 esysContext->state = _ESYS_STATE_INIT;
292 return r;
293 }
294 esysContext->state = _ESYS_STATE_RESUBMISSION;
295 r = Tss2_Sys_ExecuteAsync(esysContext->sys);
296 if (r != TSS2_RC_SUCCESS) {
297 LOG_WARNING("Error attempting to resubmit");
298 /* We do not set esysContext->state here but inherit the most recent
299 * state of the _async function. */
300 return r;
301 }
302 r = TSS2_ESYS_RC_TRY_AGAIN;
303 LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN.");
304 return r;
305 }
306 /* The following is the "regular error" handling. */
307 if (iesys_tpm_error(r)) {
308 LOG_WARNING("Received TPM Error");
309 esysContext->state = _ESYS_STATE_INIT;
310 return r;
311 } else if (r != TSS2_RC_SUCCESS) {
312 LOG_ERROR("Received a non-TPM Error");
313 esysContext->state = _ESYS_STATE_INTERNALERROR;
314 return r;
315 }
316
317 /*
318 * Now the verification of the response (hmac check) and if necessary the
319 * parameter decryption have to be done.
320 */
321 r = iesys_check_response(esysContext);
322 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
323 "Error: check response");
324
325 /*
326 * After the verification of the response we call the complete function
327 * to deliver the result.
328 */
329 r = Tss2_Sys_SetCommandCodeAuditStatus_Complete(esysContext->sys);
330 return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
331 "Received error from SAPI unmarshaling" );
332
333 esysContext->state = _ESYS_STATE_INIT;
334
335 return TSS2_RC_SUCCESS;
336 }
337