/src/libtpms/src/tpm2/SessionCommands.c

Source (jump to first uncovered line)
/********************************************************************************/
/*                    */
/*            Session Commands        */
/*           Written by Ken Goldman       */
/*           IBM Thomas J. Watson Research Center     */
/*            $Id: SessionCommands.c 1519 2019-11-15 20:43:51Z kgoldman $ */
/*                    */
/*  Licenses and Notices              */
/*                    */
/*  1. Copyright Licenses:              */
/*                    */
/*  - Trusted Computing Group (TCG) grants to the user of the source code in  */
/*    this specification (the "Source Code") a worldwide, irrevocable,    */
/*    nonexclusive, royalty free, copyright license to reproduce, create  */
/*    derivative works, distribute, display and perform the Source Code and */
/*    derivative works thereof, and to grant others the rights granted herein.  */
/*                    */
/*  - The TCG grants to the user of the other parts of the specification  */
/*    (other than the Source Code) the rights to reproduce, distribute,   */
/*    display, and perform the specification solely for the purpose of    */
/*    developing products based on such documents.        */
/*                    */
/*  2. Source Code Distribution Conditions:         */
/*                    */
/*  - Redistributions of Source Code must retain the above copyright licenses,  */
/*    this list of conditions and the following disclaimers.      */
/*                    */
/*  - Redistributions in binary form must reproduce the above copyright   */
/*    licenses, this list of conditions and the following disclaimers in the  */
/*    documentation and/or other materials provided with the distribution.  */
/*                    */
/*  3. Disclaimers:               */
/*                    */
/*  - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/*  LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/*  RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/*  THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE.   */
/*  Contact TCG Administration (admin@trustedcomputinggroup.org) for    */
/*  information on specification licensing rights available through TCG   */
/*  membership agreements.              */
/*                    */
/*  - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED   */
/*    WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR   */
/*    FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR    */
/*    NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY    */
/*    OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE.   */
/*                    */
/*  - Without limitation, TCG and its members and licensors disclaim all  */
/*    liability, including liability for infringement of any proprietary  */
/*    rights, relating to use of information in this specification and to the */
/*    implementation of this specification, and TCG disclaims all liability for */
/*    cost of procurement of substitute goods or services, lost profits, loss   */
/*    of use, loss of data or any incidental, consequential, direct, indirect,  */
/*    or special damages, whether under contract, tort, warranty or otherwise,  */
/*    arising in any way out of use or reliance upon this specification or any  */
/*    information herein.             */
/*                    */
/*  (c) Copyright IBM Corp. and others, 2016 - 2019       */
/*                    */
/********************************************************************************/

#include "Tpm.h"
#include "StartAuthSession_fp.h"
#if CC_StartAuthSession  // Conditional expansion of this file
TPM_RC
TPM2_StartAuthSession(
          StartAuthSession_In     *in,            // IN: input parameter buffer
          StartAuthSession_Out    *out            // OUT: output parameter buffer
          )
{
    TPM_RC                   result = TPM_RC_SUCCESS;
    OBJECT                  *tpmKey;                // TPM key for decrypt salt
    TPM2B_DATA               salt;
    // Input Validation
    // Check input nonce size.  IT should be at least 16 bytes but not larger
    // than the digest size of session hash.
    if(in->nonceCaller.t.size < 16
       || in->nonceCaller.t.size > CryptHashGetDigestSize(in->authHash))
  return TPM_RCS_SIZE + RC_StartAuthSession_nonceCaller;
    // If an decrypt key is passed in, check its validation
    if(in->tpmKey != TPM_RH_NULL)
  {
      // Get pointer to loaded decrypt key
      tpmKey = HandleToObject(in->tpmKey);
      // key must be asymmetric with its sensitive area loaded. Since this
      // command does not require authorization, the presence of the sensitive
      // area was not already checked as it is with most other commands that
      // use the sensitive are so check it here
      if(!CryptIsAsymAlgorithm(tpmKey->publicArea.type))
    return TPM_RCS_KEY + RC_StartAuthSession_tpmKey;
      // secret size cannot be 0
      if(in->encryptedSalt.t.size == 0)
    return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt;
      // Decrypting salt requires accessing the private portion of a key.
      // Therefore, tmpKey can not be a key with only public portion loaded
      if(tpmKey->attributes.publicOnly)
    return TPM_RCS_HANDLE + RC_StartAuthSession_tpmKey;
      // HMAC session input handle check.
      // tpmKey should be a decryption key
      if(!IS_ATTRIBUTE(tpmKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt))
    return TPM_RCS_ATTRIBUTES + RC_StartAuthSession_tpmKey;
      // Secret Decryption.  A TPM_RC_VALUE, TPM_RC_KEY or Unmarshal errors
      // may be returned at this point
      result = CryptSecretDecrypt(tpmKey, &in->nonceCaller, SECRET_KEY,
          &in->encryptedSalt, &salt);
      if(result != TPM_RC_SUCCESS)
    return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt;
  }
    else
  {
      // secret size must be 0
      if(in->encryptedSalt.t.size != 0)
    return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt;
      salt.t.size = 0;
  }
    switch(HandleGetType(in->bind))
  {
    case TPM_HT_TRANSIENT:
        {
      OBJECT      *object = HandleToObject(in->bind);
      // If the bind handle references a transient object, make sure that we
      // can get to the authorization value. Also, make sure that the object
      // has a proper Name (nameAlg != TPM_ALG_NULL). If it doesn't, then
      // it might be possible to bind to an object where the authValue is
      // known. This does not create a real issue in that, if you know the
      // authorization value, you can actually bind to the object. However,
      // there is a potential
      if(object->attributes.publicOnly == SET)
          return TPM_RCS_HANDLE + RC_StartAuthSession_bind;
      break;
        }
    case TPM_HT_NV_INDEX:
      // a PIN index can't be a bind object
        {
      NV_INDEX       *nvIndex = NvGetIndexInfo(in->bind, NULL);
      if(IsNvPinPassIndex(nvIndex->publicArea.attributes)
         || IsNvPinFailIndex(nvIndex->publicArea.attributes))
          return TPM_RCS_HANDLE + RC_StartAuthSession_bind;
      break;
        }
    default:
      break;
  }
    // If 'symmetric' is a symmetric block cipher (not TPM_ALG_NULL or TPM_ALG_XOR)
    // then the mode must be CFB.
    if(in->symmetric.algorithm != TPM_ALG_NULL
       && in->symmetric.algorithm != TPM_ALG_XOR
       && in->symmetric.mode.sym != TPM_ALG_CFB)
  return TPM_RCS_MODE + RC_StartAuthSession_symmetric;
    // Internal Data Update and command output
    // Create internal session structure.  TPM_RC_CONTEXT_GAP, TPM_RC_NO_HANDLES
    // or TPM_RC_SESSION_MEMORY errors may be returned at this point.
    //
    // The detailed actions for creating the session context are not shown here
    // as the details are implementation dependent
    // SessionCreate sets the output handle and nonceTPM
    result = SessionCreate(in->sessionType, in->authHash, &in->nonceCaller,
         &in->symmetric, in->bind, &salt, &out->sessionHandle,
         &out->nonceTPM);
    return result;
}
#endif // CC_StartAuthSession
#include "Tpm.h"
#include "PolicyRestart_fp.h"
#if CC_PolicyRestart  // Conditional expansion of this file
TPM_RC
TPM2_PolicyRestart(
       PolicyRestart_In    *in             // IN: input parameter list
       )
{
    // Initialize policy session data
    SessionResetPolicyData(SessionGet(in->sessionHandle));
    return TPM_RC_SUCCESS;
}
#endif // CC_PolicyRestart

Line	Count	Source (jump to first uncovered line)
1		/********************************************************************************/
2		/* */
3		/* Session Commands */
4		/* Written by Ken Goldman */
5		/* IBM Thomas J. Watson Research Center */
6		/* $Id: SessionCommands.c 1519 2019-11-15 20:43:51Z kgoldman $ */
7		/* */
8		/* Licenses and Notices */
9		/* */
10		/* 1. Copyright Licenses: */
11		/* */
12		/* - Trusted Computing Group (TCG) grants to the user of the source code in */
13		/* this specification (the "Source Code") a worldwide, irrevocable, */
14		/* nonexclusive, royalty free, copyright license to reproduce, create */
15		/* derivative works, distribute, display and perform the Source Code and */
16		/* derivative works thereof, and to grant others the rights granted herein. */
17		/* */
18		/* - The TCG grants to the user of the other parts of the specification */
19		/* (other than the Source Code) the rights to reproduce, distribute, */
20		/* display, and perform the specification solely for the purpose of */
21		/* developing products based on such documents. */
22		/* */
23		/* 2. Source Code Distribution Conditions: */
24		/* */
25		/* - Redistributions of Source Code must retain the above copyright licenses, */
26		/* this list of conditions and the following disclaimers. */
27		/* */
28		/* - Redistributions in binary form must reproduce the above copyright */
29		/* licenses, this list of conditions and the following disclaimers in the */
30		/* documentation and/or other materials provided with the distribution. */
31		/* */
32		/* 3. Disclaimers: */
33		/* */
34		/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
35		/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
36		/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
37		/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
38		/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
39		/* information on specification licensing rights available through TCG */
40		/* membership agreements. */
41		/* */
42		/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
43		/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
44		/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
45		/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
46		/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
47		/* */
48		/* - Without limitation, TCG and its members and licensors disclaim all */
49		/* liability, including liability for infringement of any proprietary */
50		/* rights, relating to use of information in this specification and to the */
51		/* implementation of this specification, and TCG disclaims all liability for */
52		/* cost of procurement of substitute goods or services, lost profits, loss */
53		/* of use, loss of data or any incidental, consequential, direct, indirect, */
54		/* or special damages, whether under contract, tort, warranty or otherwise, */
55		/* arising in any way out of use or reliance upon this specification or any */
56		/* information herein. */
57		/* */
58		/* (c) Copyright IBM Corp. and others, 2016 - 2019 */
59		/* */
60		/********************************************************************************/
61
62		#include "Tpm.h"
63		#include "StartAuthSession_fp.h"
64		#if CC_StartAuthSession // Conditional expansion of this file
65		TPM_RC
66		TPM2_StartAuthSession(
67		StartAuthSession_In *in, // IN: input parameter buffer
68		StartAuthSession_Out *out // OUT: output parameter buffer
69		)
70	31	{
71	31	TPM_RC result = TPM_RC_SUCCESS;
72	31	OBJECT *tpmKey; // TPM key for decrypt salt
73	31	TPM2B_DATA salt;
74		// Input Validation
75		// Check input nonce size. IT should be at least 16 bytes but not larger
76		// than the digest size of session hash.
77	31	if(in->nonceCaller.t.size < 16
78	31	\|\| in->nonceCaller.t.size > CryptHashGetDigestSize(in->authHash))
79	4	return TPM_RCS_SIZE + RC_StartAuthSession_nonceCaller;
80		// If an decrypt key is passed in, check its validation
81	27	if(in->tpmKey != TPM_RH_NULL)
82	0	{
83		// Get pointer to loaded decrypt key
84	0	tpmKey = HandleToObject(in->tpmKey);
85		// key must be asymmetric with its sensitive area loaded. Since this
86		// command does not require authorization, the presence of the sensitive
87		// area was not already checked as it is with most other commands that
88		// use the sensitive are so check it here
89	0	if(!CryptIsAsymAlgorithm(tpmKey->publicArea.type))
90	0	return TPM_RCS_KEY + RC_StartAuthSession_tpmKey;
91		// secret size cannot be 0
92	0	if(in->encryptedSalt.t.size == 0)
93	0	return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt;
94		// Decrypting salt requires accessing the private portion of a key.
95		// Therefore, tmpKey can not be a key with only public portion loaded
96	0	if(tpmKey->attributes.publicOnly)
97	0	return TPM_RCS_HANDLE + RC_StartAuthSession_tpmKey;
98		// HMAC session input handle check.
99		// tpmKey should be a decryption key
100	0	if(!IS_ATTRIBUTE(tpmKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt))
101	0	return TPM_RCS_ATTRIBUTES + RC_StartAuthSession_tpmKey;
102		// Secret Decryption. A TPM_RC_VALUE, TPM_RC_KEY or Unmarshal errors
103		// may be returned at this point
104	0	result = CryptSecretDecrypt(tpmKey, &in->nonceCaller, SECRET_KEY,
105	0	&in->encryptedSalt, &salt);
106	0	if(result != TPM_RC_SUCCESS)
107	0	return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt;
108	0	}
109	27	else
110	27	{
111		// secret size must be 0
112	27	if(in->encryptedSalt.t.size != 0)
113	1	return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt;
114	26	salt.t.size = 0;
115	26	}
116	26	switch(HandleGetType(in->bind))
117	26	{
118	0	case TPM_HT_TRANSIENT:
119	0	{
120	0	OBJECT *object = HandleToObject(in->bind);
121		// If the bind handle references a transient object, make sure that we
122		// can get to the authorization value. Also, make sure that the object
123		// has a proper Name (nameAlg != TPM_ALG_NULL). If it doesn't, then
124		// it might be possible to bind to an object where the authValue is
125		// known. This does not create a real issue in that, if you know the
126		// authorization value, you can actually bind to the object. However,
127		// there is a potential
128	0	if(object->attributes.publicOnly == SET)
129	0	return TPM_RCS_HANDLE + RC_StartAuthSession_bind;
130	0	break;
131	0	}
132	0	case TPM_HT_NV_INDEX:
133		// a PIN index can't be a bind object
134	0	{
135	0	NV_INDEX *nvIndex = NvGetIndexInfo(in->bind, NULL);
136	0	if(IsNvPinPassIndex(nvIndex->publicArea.attributes)
137	0	\|\| IsNvPinFailIndex(nvIndex->publicArea.attributes))
138	0	return TPM_RCS_HANDLE + RC_StartAuthSession_bind;
139	0	break;
140	0	}
141	26	default:
142	26	break;
143	26	}
144		// If 'symmetric' is a symmetric block cipher (not TPM_ALG_NULL or TPM_ALG_XOR)
145		// then the mode must be CFB.
146	26	if(in->symmetric.algorithm != TPM_ALG_NULL
147	26	&& in->symmetric.algorithm != TPM_ALG_XOR
148	26	&& in->symmetric.mode.sym != TPM_ALG_CFB)
149	2	return TPM_RCS_MODE + RC_StartAuthSession_symmetric;
150		// Internal Data Update and command output
151		// Create internal session structure. TPM_RC_CONTEXT_GAP, TPM_RC_NO_HANDLES
152		// or TPM_RC_SESSION_MEMORY errors may be returned at this point.
153		//
154		// The detailed actions for creating the session context are not shown here
155		// as the details are implementation dependent
156		// SessionCreate sets the output handle and nonceTPM
157	24	result = SessionCreate(in->sessionType, in->authHash, &in->nonceCaller,
158	24	&in->symmetric, in->bind, &salt, &out->sessionHandle,
159	24	&out->nonceTPM);
160	24	return result;
161	26	}
162		#endif // CC_StartAuthSession
163		#include "Tpm.h"
164		#include "PolicyRestart_fp.h"
165		#if CC_PolicyRestart // Conditional expansion of this file
166		TPM_RC
167		TPM2_PolicyRestart(
168		PolicyRestart_In *in // IN: input parameter list
169		)
170	0	{
171		// Initialize policy session data
172	0	SessionResetPolicyData(SessionGet(in->sessionHandle));
173	0	return TPM_RC_SUCCESS;
174	0	}
175		#endif // CC_PolicyRestart

Coverage Report

Created: 2025-07-18 06:10