[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2Session.c

/** @file\r
  Implement TPM2 Session related command.\r
\r
Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved. <BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Library/Tpm2CommandLib.h>\r
#include <Library/Tpm2DeviceLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
\r
#pragma pack(1)\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_DH_OBJECT            TpmKey;\r
  TPMI_DH_ENTITY            Bind;\r
  TPM2B_NONCE               NonceCaller;\r
  TPM2B_ENCRYPTED_SECRET    Salt;\r
  TPM_SE                    SessionType;\r
  TPMT_SYM_DEF              Symmetric;\r
  TPMI_ALG_HASH             AuthHash;\r
} TPM2_START_AUTH_SESSION_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER      Header;\r
  TPMI_SH_AUTH_SESSION      SessionHandle;\r
  TPM2B_NONCE               NonceTPM;\r
} TPM2_START_AUTH_SESSION_RESPONSE;\r
\r
#pragma pack()\r
\r
/**\r
  This command is used to start an authorization session using alternative methods of\r
  establishing the session key (sessionKey) that is used for authorization and encrypting value.\r
\r
  @param[in]  TpmKey             Handle of a loaded decrypt key used to encrypt salt.\r
  @param[in]  Bind               Entity providing the authValue.\r
  @param[in]  NonceCaller        Initial nonceCaller, sets nonce size for the session.\r
  @param[in]  Salt               Value encrypted according to the type of tpmKey.\r
  @param[in]  SessionType        Indicates the type of the session.\r
  @param[in]  Symmetric          The algorithm and key size for parameter encryption.\r
  @param[in]  AuthHash           Hash algorithm to use for the session.\r
  @param[out] SessionHandle      Handle for the newly created session.\r
  @param[out] NonceTPM           The initial nonce from the TPM, used in the computation of the sessionKey.\r
\r
  @retval EFI_SUCCESS            Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR       The command was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2StartAuthSession (\r
  IN      TPMI_DH_OBJECT            TpmKey,\r
  IN      TPMI_DH_ENTITY            Bind,\r
  IN      TPM2B_NONCE               *NonceCaller,\r
  IN      TPM2B_ENCRYPTED_SECRET    *Salt,\r
  IN      TPM_SE                    SessionType,\r
  IN      TPMT_SYM_DEF              *Symmetric,\r
  IN      TPMI_ALG_HASH             AuthHash,\r
     OUT  TPMI_SH_AUTH_SESSION      *SessionHandle,\r
     OUT  TPM2B_NONCE               *NonceTPM\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  TPM2_START_AUTH_SESSION_COMMAND   SendBuffer;\r
  TPM2_START_AUTH_SESSION_RESPONSE  RecvBuffer;\r
  UINT32                            SendBufferSize;\r
  UINT32                            RecvBufferSize;\r
  UINT8                             *Buffer;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_StartAuthSession);\r
\r
  SendBuffer.TpmKey = SwapBytes32 (TpmKey);\r
  SendBuffer.Bind = SwapBytes32 (Bind);\r
  Buffer = (UINT8 *)&SendBuffer.NonceCaller;\r
\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceCaller->size));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (Buffer, NonceCaller->buffer, NonceCaller->size);\r
  Buffer += NonceCaller->size;\r
\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Salt->size));\r
  Buffer += sizeof(UINT16);\r
  CopyMem (Buffer, Salt->secret, Salt->size);\r
  Buffer += Salt->size;\r
\r
  *(TPM_SE *)Buffer = SessionType;\r
  Buffer++;\r
\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->algorithm));\r
  Buffer += sizeof(UINT16);\r
  switch (Symmetric->algorithm) {\r
  case TPM_ALG_NULL:\r
    break;\r
  case TPM_ALG_AES:\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes));\r
    Buffer += sizeof(UINT16);\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes));\r
    Buffer += sizeof(UINT16);\r
    break;\r
  case TPM_ALG_SM4:\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4));\r
    Buffer += sizeof(UINT16);\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4));\r
    Buffer += sizeof(UINT16);\r
    break;\r
  case TPM_ALG_SYMCIPHER:\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym));\r
    Buffer += sizeof(UINT16);\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym));\r
    Buffer += sizeof(UINT16);\r
    break;\r
  case TPM_ALG_XOR:\r
    WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor));\r
    Buffer += sizeof(UINT16);\r
    break;\r
  default:\r
    ASSERT (FALSE);\r
    DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - Symmetric->algorithm - %x\n", Symmetric->algorithm));\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash));\r
  Buffer += sizeof(UINT16);\r
\r
  SendBufferSize = (UINT32) ((UINTN)Buffer - (UINTN)&SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    return EFI_DEVICE_ERROR;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  //\r
  // Return the response\r
  //\r
  *SessionHandle = SwapBytes32 (RecvBuffer.SessionHandle);\r
  NonceTPM->size = SwapBytes16 (RecvBuffer.NonceTPM.size);\r
  if (NonceTPM->size > sizeof(TPMU_HA)) {\r
    DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - NonceTPM->size error %x\n", NonceTPM->size));\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  CopyMem (NonceTPM->buffer, &RecvBuffer.NonceTPM.buffer, NonceTPM->size);\r
\r
  return EFI_SUCCESS;\r
}\r
Commit	Line	Data
967eacca JY	1	/** @file\r
	2	Implement TPM2 Session related command.\r
	3	\r
dd577319	4	Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved. <BR>\r
289b714b	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
967eacca JY	6	\r
	7	**/\r
	8	\r
	9	#include <IndustryStandard/UefiTcgPlatform.h>\r
	10	#include <Library/Tpm2CommandLib.h>\r
	11	#include <Library/Tpm2DeviceLib.h>\r
	12	#include <Library/BaseMemoryLib.h>\r
	13	#include <Library/BaseLib.h>\r
	14	#include <Library/DebugLib.h>\r
	15	\r
	16	#pragma pack(1)\r
	17	\r
	18	typedef struct {\r
	19	TPM2_COMMAND_HEADER Header;\r
	20	TPMI_DH_OBJECT TpmKey;\r
	21	TPMI_DH_ENTITY Bind;\r
	22	TPM2B_NONCE NonceCaller;\r
	23	TPM2B_ENCRYPTED_SECRET Salt;\r
	24	TPM_SE SessionType;\r
	25	TPMT_SYM_DEF Symmetric;\r
	26	TPMI_ALG_HASH AuthHash;\r
	27	} TPM2_START_AUTH_SESSION_COMMAND;\r
	28	\r
	29	typedef struct {\r
	30	TPM2_RESPONSE_HEADER Header;\r
	31	TPMI_SH_AUTH_SESSION SessionHandle;\r
	32	TPM2B_NONCE NonceTPM;\r
	33	} TPM2_START_AUTH_SESSION_RESPONSE;\r
	34	\r
	35	#pragma pack()\r
	36	\r
	37	/**\r
	38	This command is used to start an authorization session using alternative methods of\r
	39	establishing the session key (sessionKey) that is used for authorization and encrypting value.\r
	40	\r
	41	@param[in] TpmKey Handle of a loaded decrypt key used to encrypt salt.\r
	42	@param[in] Bind Entity providing the authValue.\r
	43	@param[in] NonceCaller Initial nonceCaller, sets nonce size for the session.\r
	44	@param[in] Salt Value encrypted according to the type of tpmKey.\r
	45	@param[in] SessionType Indicates the type of the session.\r
	46	@param[in] Symmetric The algorithm and key size for parameter encryption.\r
	47	@param[in] AuthHash Hash algorithm to use for the session.\r
	48	@param[out] SessionHandle Handle for the newly created session.\r
	49	@param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey.\r
b3548d32	50	\r
967eacca JY	51	@retval EFI_SUCCESS Operation completed successfully.\r
	52	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
	53	**/\r
	54	EFI_STATUS\r
	55	EFIAPI\r
	56	Tpm2StartAuthSession (\r
	57	IN TPMI_DH_OBJECT TpmKey,\r
	58	IN TPMI_DH_ENTITY Bind,\r
	59	IN TPM2B_NONCE *NonceCaller,\r
	60	IN TPM2B_ENCRYPTED_SECRET *Salt,\r
	61	IN TPM_SE SessionType,\r
	62	IN TPMT_SYM_DEF *Symmetric,\r
	63	IN TPMI_ALG_HASH AuthHash,\r
	64	OUT TPMI_SH_AUTH_SESSION *SessionHandle,\r
	65	OUT TPM2B_NONCE *NonceTPM\r
	66	)\r
	67	{\r
	68	EFI_STATUS Status;\r
	69	TPM2_START_AUTH_SESSION_COMMAND SendBuffer;\r
	70	TPM2_START_AUTH_SESSION_RESPONSE RecvBuffer;\r
	71	UINT32 SendBufferSize;\r
	72	UINT32 RecvBufferSize;\r
	73	UINT8 *Buffer;\r
	74	\r
	75	//\r
	76	// Construct command\r
	77	//\r
	78	SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);\r
	79	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_StartAuthSession);\r
	80	\r
	81	SendBuffer.TpmKey = SwapBytes32 (TpmKey);\r
	82	SendBuffer.Bind = SwapBytes32 (Bind);\r
	83	Buffer = (UINT8 *)&SendBuffer.NonceCaller;\r
	84	\r
	85	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceCaller->size));\r
	86	Buffer += sizeof(UINT16);\r
	87	CopyMem (Buffer, NonceCaller->buffer, NonceCaller->size);\r
	88	Buffer += NonceCaller->size;\r
	89	\r
	90	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Salt->size));\r
	91	Buffer += sizeof(UINT16);\r
	92	CopyMem (Buffer, Salt->secret, Salt->size);\r
	93	Buffer += Salt->size;\r
	94	\r
	95	(TPM_SE )Buffer = SessionType;\r
51455674	96	Buffer++;\r
967eacca JY	97	\r
	98	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->algorithm));\r
	99	Buffer += sizeof(UINT16);\r
	100	switch (Symmetric->algorithm) {\r
	101	case TPM_ALG_NULL:\r
	102	break;\r
	103	case TPM_ALG_AES:\r
	104	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes));\r
	105	Buffer += sizeof(UINT16);\r
	106	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes));\r
	107	Buffer += sizeof(UINT16);\r
	108	break;\r
	109	case TPM_ALG_SM4:\r
	110	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4));\r
	111	Buffer += sizeof(UINT16);\r
	112	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4));\r
	113	Buffer += sizeof(UINT16);\r
	114	break;\r
	115	case TPM_ALG_SYMCIPHER:\r
	116	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym));\r
	117	Buffer += sizeof(UINT16);\r
	118	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym));\r
	119	Buffer += sizeof(UINT16);\r
	120	break;\r
	121	case TPM_ALG_XOR:\r
	122	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor));\r
	123	Buffer += sizeof(UINT16);\r
	124	break;\r
	125	default:\r
	126	ASSERT (FALSE);\r
e905fbb0	127	DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - Symmetric->algorithm - %x\n", Symmetric->algorithm));\r
967eacca JY	128	return EFI_UNSUPPORTED;\r
	129	}\r
	130	\r
	131	WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash));\r
	132	Buffer += sizeof(UINT16);\r
b3548d32	133	\r
967eacca JY	134	SendBufferSize = (UINT32) ((UINTN)Buffer - (UINTN)&SendBuffer);\r
	135	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
	136	\r
	137	//\r
	138	// send Tpm command\r
	139	//\r
	140	RecvBufferSize = sizeof (RecvBuffer);\r
	141	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
	142	if (EFI_ERROR (Status)) {\r
	143	return Status;\r
	144	}\r
	145	\r
	146	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0	147	DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize));\r
967eacca JY	148	return EFI_DEVICE_ERROR;\r
	149	}\r
	150	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
e905fbb0	151	DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
967eacca JY	152	return EFI_DEVICE_ERROR;\r
	153	}\r
	154	\r
	155	//\r
	156	// Return the response\r
	157	//\r
	158	*SessionHandle = SwapBytes32 (RecvBuffer.SessionHandle);\r
	159	NonceTPM->size = SwapBytes16 (RecvBuffer.NonceTPM.size);\r
dd577319 ZC	160	if (NonceTPM->size > sizeof(TPMU_HA)) {\r
	161	DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - NonceTPM->size error %x\n", NonceTPM->size));\r
	162	return EFI_DEVICE_ERROR;\r
	163	}\r
	164	\r
967eacca JY	165	CopyMem (NonceTPM->buffer, &RecvBuffer.NonceTPM.buffer, NonceTPM->size);\r
	166	\r
	167	return EFI_SUCCESS;\r
	168	}\r