[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2Session.c

/** @file\r
  Implement TPM2 Session related command.\r
\r
Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Library/Tpm2CommandLib.h>\r
#include <Library/Tpm2DeviceLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
\r
#pragma pack(1)\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_DH_OBJECT            TpmKey;\r
  TPMI_DH_ENTITY            Bind;\r
  TPM2B_NONCE               NonceCaller;\r
  TPM2B_ENCRYPTED_SECRET    Salt;\r
  TPM_SE                    SessionType;\r
  TPMT_SYM_DEF              Symmetric;\r
  TPMI_ALG_HASH             AuthHash;\r
} TPM2_START_AUTH_SESSION_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER      Header;\r
  TPMI_SH_AUTH_SESSION      SessionHandle;\r
  TPM2B_NONCE               NonceTPM;\r
} TPM2_START_AUTH_SESSION_RESPONSE;\r
\r
#pragma pack()\r
\r
/**\r
  This command is used to start an authorization session using alternative methods of\r
  establishing the session key (sessionKey) that is used for authorization and encrypting value.\r
\r
  @param[in]  TpmKey             Handle of a loaded decrypt key used to encrypt salt.\r
  @param[in]  Bind               Entity providing the authValue.\r
  @param[in]  NonceCaller        Initial nonceCaller, sets nonce size for the session.\r
  @param[in]  Salt               Value encrypted according to the type of tpmKey.\r
  @param[in]  SessionType        Indicates the type of the session.\r
  @param[in]  Symmetric          The algorithm and key size for parameter encryption.\r
  @param[in]  AuthHash           Hash algorithm to use for the session.\r
  @param[out] SessionHandle      Handle for the newly created session.\r
  @param[out] NonceTPM           The initial nonce from the TPM, used in the computation of the sessionKey.\r
  \r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2StartAuthSession (\r
  IN      TPMI_DH_OBJECT            TpmKey,\r
  IN      TPMI_DH_ENTITY            Bind,\r
  IN      TPM2B_NONCE               *NonceCaller,\r
  IN      TPM2B_ENCRYPTED_SECRET    *Salt,\r
  IN      TPM_SE                    SessionType,\r
  IN      TPMT_SYM_DEF              *Symmetric,\r
  IN      TPMI_ALG_HASH             AuthHash,\r
     OUT  TPMI_SH_AUTH_SESSION      *SessionHandle,\r
     OUT  TPM2B_NONCE               *NonceTPM\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  TPM2_START_AUTH_SESSION_COMMAND   SendBuffer;\r
  TPM2_START_AUTH_SESSION_RESPONSE  RecvBuffer;\r
  UINT32                            SendBufferSize;\r
  UINT32                            RecvBufferSize;\r
  UINT8                             *Buffer;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_StartAuthSession);\r
\r
  SendBuffer.TpmKey = SwapBytes32 (TpmKey);\r
  SendBuffer.Bind = SwapBytes32 (Bind);\r
  Buffer = (UINT8 *)&SendBuffer.NonceCaller;\r
\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceCaller->size));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (Buffer, NonceCaller->buffer, NonceCaller->size);\r
  Buffer += NonceCaller->size;\r
\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Salt->size));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (Buffer, Salt->secret, Salt->size);\r
  Buffer += Salt->size;\r
\r
  *(TPM_SE *)Buffer = SessionType;\r
  Buffer++;\r
\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->algorithm));\r
  Buffer += sizeof(UINT16);\r
  switch (Symmetric->algorithm) {\r
  case TPM_ALG_NULL:\r
    break;\r
  case TPM_ALG_AES:\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes));\r
    Buffer += sizeof(UINT16);\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes));\r
    Buffer += sizeof(UINT16);\r
    break;\r
  case TPM_ALG_SM4:\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4));\r
    Buffer += sizeof(UINT16);\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4));\r
    Buffer += sizeof(UINT16);\r
    break;\r
  case TPM_ALG_SYMCIPHER:\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym));\r
    Buffer += sizeof(UINT16);\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym));\r
    Buffer += sizeof(UINT16);\r
    break;\r
  case TPM_ALG_XOR:\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor));\r
    Buffer += sizeof(UINT16);\r
    break;\r
  default:\r
    ASSERT (FALSE);\r
    DEBUG ((EFI_D_ERROR, "Tpm2StartAuthSession - Symmetric->algorithm - %x\n", Symmetric->algorithm));\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash));\r
  Buffer += sizeof(UINT16);\r
 \r
  SendBufferSize = (UINT32) ((UINTN)Buffer - (UINTN)&SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    return EFI_DEVICE_ERROR;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  //\r
  // Return the response\r
  //\r
  *SessionHandle = SwapBytes32 (RecvBuffer.SessionHandle);\r
  NonceTPM->size = SwapBytes16 (RecvBuffer.NonceTPM.size);\r
  CopyMem (NonceTPM->buffer, &RecvBuffer.NonceTPM.buffer, NonceTPM->size);\r
\r
  return EFI_SUCCESS;\r
}\r
Commit	Line	Data
967eacca JY	1	/** @file\r
	2	Implement TPM2 Session related command.\r
	3	\r
	4	Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>\r
	5	This program and the accompanying materials\r
	6	are licensed and made available under the terms and conditions of the BSD License\r
	7	which accompanies this distribution. The full text of the license may be found at\r
	8	http://opensource.org/licenses/bsd-license.php\r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	12	\r
	13	**/\r
	14	\r
	15	#include <IndustryStandard/UefiTcgPlatform.h>\r
	16	#include <Library/Tpm2CommandLib.h>\r
	17	#include <Library/Tpm2DeviceLib.h>\r
	18	#include <Library/BaseMemoryLib.h>\r
	19	#include <Library/BaseLib.h>\r
	20	#include <Library/DebugLib.h>\r
	21	\r
	22	#pragma pack(1)\r
	23	\r
	24	typedef struct {\r
	25	TPM2_COMMAND_HEADER Header;\r
	26	TPMI_DH_OBJECT TpmKey;\r
	27	TPMI_DH_ENTITY Bind;\r
	28	TPM2B_NONCE NonceCaller;\r
	29	TPM2B_ENCRYPTED_SECRET Salt;\r
	30	TPM_SE SessionType;\r
	31	TPMT_SYM_DEF Symmetric;\r
	32	TPMI_ALG_HASH AuthHash;\r
	33	} TPM2_START_AUTH_SESSION_COMMAND;\r
	34	\r
	35	typedef struct {\r
	36	TPM2_RESPONSE_HEADER Header;\r
	37	TPMI_SH_AUTH_SESSION SessionHandle;\r
	38	TPM2B_NONCE NonceTPM;\r
	39	} TPM2_START_AUTH_SESSION_RESPONSE;\r
	40	\r
	41	#pragma pack()\r
	42	\r
	43	/**\r
	44	This command is used to start an authorization session using alternative methods of\r
	45	establishing the session key (sessionKey) that is used for authorization and encrypting value.\r
	46	\r
	47	@param[in] TpmKey Handle of a loaded decrypt key used to encrypt salt.\r
	48	@param[in] Bind Entity providing the authValue.\r
	49	@param[in] NonceCaller Initial nonceCaller, sets nonce size for the session.\r
	50	@param[in] Salt Value encrypted according to the type of tpmKey.\r
	51	@param[in] SessionType Indicates the type of the session.\r
	52	@param[in] Symmetric The algorithm and key size for parameter encryption.\r
	53	@param[in] AuthHash Hash algorithm to use for the session.\r
	54	@param[out] SessionHandle Handle for the newly created session.\r
	55	@param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey.\r
	56	\r
	57	@retval EFI_SUCCESS Operation completed successfully.\r
	58	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
	59	**/\r
	60	EFI_STATUS\r
	61	EFIAPI\r
	62	Tpm2StartAuthSession (\r
	63	IN TPMI_DH_OBJECT TpmKey,\r
	64	IN TPMI_DH_ENTITY Bind,\r
65	IN TPM2B_NONCE *NonceCaller,\r
66	IN TPM2B_ENCRYPTED_SECRET *Salt,\r
67	IN TPM_SE SessionType,\r
68	IN TPMT_SYM_DEF *Symmetric,\r
69	IN TPMI_ALG_HASH AuthHash,\r
70	OUT TPMI_SH_AUTH_SESSION *SessionHandle,\r
71	OUT TPM2B_NONCE *NonceTPM\r
72	)\r
73	{\r
74	EFI_STATUS Status;\r
75	TPM2_START_AUTH_SESSION_COMMAND SendBuffer;\r
76	TPM2_START_AUTH_SESSION_RESPONSE RecvBuffer;\r
77	UINT32 SendBufferSize;\r
78	UINT32 RecvBufferSize;\r
79	UINT8 *Buffer;\r
80	\r
81	//\r
82	// Construct command\r
83	//\r
84	SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
85	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_StartAuthSession);\r
86	\r
87	SendBuffer.TpmKey = SwapBytes32 (TpmKey);\r
88	SendBuffer.Bind = SwapBytes32 (Bind);\r
89	Buffer = (UINT8 *)&SendBuffer.NonceCaller;\r
90	\r
91	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceCaller->size));\r
92	Buffer += sizeof(UINT16);\r
93	CopyMem (Buffer, NonceCaller->buffer, NonceCaller->size);\r
94	Buffer += NonceCaller->size;\r
95	\r
96	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Salt->size));\r
97	Buffer += sizeof(UINT16);\r
98	CopyMem (Buffer, Salt->secret, Salt->size);\r
99	Buffer += Salt->size;\r
100	\r
101	(TPM_SE )Buffer = SessionType;\r
51455674	102	Buffer++;\r
967eacca JY	103	\r
	104	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->algorithm));\r
	105	Buffer += sizeof(UINT16);\r
	106	switch (Symmetric->algorithm) {\r
	107	case TPM_ALG_NULL:\r
	108	break;\r
	109	case TPM_ALG_AES:\r
	110	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes));\r
	111	Buffer += sizeof(UINT16);\r
	112	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes));\r
	113	Buffer += sizeof(UINT16);\r
	114	break;\r
	115	case TPM_ALG_SM4:\r
	116	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4));\r
	117	Buffer += sizeof(UINT16);\r
	118	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4));\r
	119	Buffer += sizeof(UINT16);\r
	120	break;\r
	121	case TPM_ALG_SYMCIPHER:\r
	122	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym));\r
	123	Buffer += sizeof(UINT16);\r
	124	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym));\r
	125	Buffer += sizeof(UINT16);\r
	126	break;\r
	127	case TPM_ALG_XOR:\r
	128	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor));\r
	129	Buffer += sizeof(UINT16);\r
	130	break;\r
	131	default:\r
	132	ASSERT (FALSE);\r
	133	DEBUG ((EFI_D_ERROR, "Tpm2StartAuthSession - Symmetric->algorithm - %x\n", Symmetric->algorithm));\r
	134	return EFI_UNSUPPORTED;\r
	135	}\r
	136	\r
	137	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash));\r
	138	Buffer += sizeof(UINT16);\r
	139	\r
	140	SendBufferSize = (UINT32) ((UINTN)Buffer - (UINTN)&SendBuffer);\r
	141	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
	142	\r
	143	//\r
	144	// send Tpm command\r
	145	//\r
	146	RecvBufferSize = sizeof (RecvBuffer);\r
	147	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
	148	if (EFI_ERROR (Status)) {\r
	149	return Status;\r
	150	}\r
	151	\r
	152	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
	153	DEBUG ((EFI_D_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize));\r
	154	return EFI_DEVICE_ERROR;\r
	155	}\r
	156	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
	157	DEBUG ((EFI_D_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
	158	return EFI_DEVICE_ERROR;\r
	159	}\r
	160	\r
	161	//\r
	162	// Return the response\r
	163	//\r
	164	*SessionHandle = SwapBytes32 (RecvBuffer.SessionHandle);\r
	165	NonceTPM->size = SwapBytes16 (RecvBuffer.NonceTPM.size);\r
	166	CopyMem (NonceTPM->buffer, &RecvBuffer.NonceTPM.buffer, NonceTPM->size);\r
167	\r
168	return EFI_SUCCESS;\r
169	}\r