1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
/* SPDX-License-Identifier: BSD-2 */
/*******************************************************************************
* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
* All rights reserved.
******************************************************************************/
#include "tss2_mu.h"
#include "tss2_sys.h"
#include "tss2_esys.h"
#include "esys_types.h"
#include "esys_iutil.h"
#include "esys_mu.h"
#define LOGMODULE esys
#include "util/log.h"
/** Store command parameters inside the ESYS_CONTEXT for use during _Finish */
static void store_input_parameters (
ESYS_CONTEXT *esysContext,
TPM2_SU startupType)
{
esysContext->in.Startup.startupType = startupType;
}
/** One-Call function for TPM2_Startup
*
* This function invokes the TPM2_Startup command in a one-call
* variant. This means the function will block until the TPM response is
* available. All input parameters are const. The memory for non-simple output
* parameters is allocated by the function implementation.
*
* @param[in,out] esysContext The ESYS_CONTEXT.
* @param[in] startupType TPM2_SU_CLEAR or TPM2_SU_STATE.
* @retval TSS2_RC_SUCCESS if the function call was a success.
* @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
* pointers or required output handle references are NULL.
* @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
* @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
* internal operations or return parameters.
* @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
* operation already pending.
* @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
* at least contain the tag, response length, and response code.
* @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
* @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM
did not verify.
* @retval TSS2_RCs produced by lower layers of the software stack may be
* returned to the caller unaltered unless handled internally.
*/
TSS2_RC
Esys_Startup(
ESYS_CONTEXT *esysContext,
TPM2_SU startupType)
{
TSS2_RC r;
r = Esys_Startup_Async(esysContext, startupType);
return_if_error(r, "Error in async function");
/* Set the timeout to indefinite for now, since we want _Finish to block */
int32_t timeouttmp = esysContext->timeout;
esysContext->timeout = -1;
/*
* Now we call the finish function, until return code is not equal to
* from TSS2_BASE_RC_TRY_AGAIN.
* Note that the finish function may return TSS2_RC_TRY_AGAIN, even if we
* have set the timeout to -1. This occurs for example if the TPM requests
* a retransmission of the command via TPM2_RC_YIELDED.
*/
do {
r = Esys_Startup_Finish(esysContext);
/* This is just debug information about the reattempt to finish the
command */
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN)
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32
" => resubmitting command", r);
} while ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN);
/* Restore the timeout value to the original value */
esysContext->timeout = timeouttmp;
return_if_error(r, "Esys Finish");
return TSS2_RC_SUCCESS;
}
/** Asynchronous function for TPM2_Startup
*
* This function invokes the TPM2_Startup command in a asynchronous
* variant. This means the function will return as soon as the command has been
* sent downwards the stack to the TPM. All input parameters are const.
* In order to retrieve the TPM's response call Esys_Startup_Finish.
*
* @param[in,out] esysContext The ESYS_CONTEXT.
* @param[in] startupType TPM2_SU_CLEAR or TPM2_SU_STATE.
* @retval ESYS_RC_SUCCESS if the function call was a success.
* @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
* pointers or required output handle references are NULL.
* @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
* @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
* internal operations or return parameters.
* @retval TSS2_RCs produced by lower layers of the software stack may be
returned to the caller unaltered unless handled internally.
*/
TSS2_RC
Esys_Startup_Async(
ESYS_CONTEXT *esysContext,
TPM2_SU startupType)
{
TSS2_RC r;
LOG_TRACE("context=%p, startupType=%04"PRIx16"",
esysContext, startupType);
/* Check context, sequence correctness and set state to error for now */
if (esysContext == NULL) {
LOG_ERROR("esyscontext is NULL.");
return TSS2_ESYS_RC_BAD_REFERENCE;
}
r = iesys_check_sequence_async(esysContext);
if (r != TSS2_RC_SUCCESS)
return r;
esysContext->state = _ESYS_STATE_INTERNALERROR;
store_input_parameters(esysContext, startupType);
/* Initial invocation of SAPI to prepare the command buffer with parameters */
r = Tss2_Sys_Startup_Prepare(esysContext->sys, startupType);
return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error.");
/* Trigger execution and finish the async invocation */
r = Tss2_Sys_ExecuteAsync(esysContext->sys);
return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
"Finish (Execute Async)");
esysContext->state = _ESYS_STATE_SENT;
return r;
}
/** Asynchronous finish function for TPM2_Startup
*
* This function returns the results of a TPM2_Startup command
* invoked via Esys_Startup_Finish. All non-simple output parameters
* are allocated by the function's implementation. NULL can be passed for every
* output parameter if the value is not required.
*
* @param[in,out] esysContext The ESYS_CONTEXT.
* @retval TSS2_RC_SUCCESS on success
* @retval ESYS_RC_SUCCESS if the function call was a success.
* @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input
* pointers or required output handle references are NULL.
* @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected.
* @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for
* internal operations or return parameters.
* @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous
* operation already pending.
* @retval TSS2_ESYS_RC_TRY_AGAIN: if the timeout counter expires before the
* TPM response is received.
* @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not
* at least contain the tag, response length, and response code.
* @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM did
* not verify.
* @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted.
* @retval TSS2_RCs produced by lower layers of the software stack may be
* returned to the caller unaltered unless handled internally.
*/
TSS2_RC
Esys_Startup_Finish(
ESYS_CONTEXT *esysContext)
{
TSS2_RC r;
LOG_TRACE("context=%p",
esysContext);
if (esysContext == NULL) {
LOG_ERROR("esyscontext is NULL.");
return TSS2_ESYS_RC_BAD_REFERENCE;
}
/* Check for correct sequence and set sequence to irregular for now */
if (esysContext->state != _ESYS_STATE_SENT) {
LOG_ERROR("Esys called in bad sequence.");
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
esysContext->state = _ESYS_STATE_INTERNALERROR;
/*Receive the TPM response and handle resubmissions if necessary. */
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
esysContext->state = _ESYS_STATE_SENT;
return r;
}
/* This block handle the resubmission of TPM commands given a certain set of
* TPM response codes. */
if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) {
LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a "
"resubmission: %" PRIx32, r);
if (esysContext->submissionCount >= _ESYS_MAX_SUBMISSIONS) {
LOG_WARNING("Maximum number of (re)submissions has been reached.");
esysContext->state = _ESYS_STATE_INIT;
return r;
}
esysContext->state = _ESYS_STATE_RESUBMISSION;
r = Esys_Startup_Async(esysContext,
esysContext->in.Startup.startupType);
if (r != TSS2_RC_SUCCESS) {
LOG_WARNING("Error attempting to resubmit");
/* We do not set esysContext->state here but inherit the most recent
* state of the _async function. */
return r;
}
r = TSS2_ESYS_RC_TRY_AGAIN;
LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN.");
return r;
}
/* The following is the "regular error" handling. */
if (iesys_tpm_error(r) && r != TPM2_RC_INITIALIZE) {
LOG_WARNING("Received TPM Error");
esysContext->state = _ESYS_STATE_INIT;
return r;
} else if (r != TSS2_RC_SUCCESS && r != TPM2_RC_INITIALIZE) {
LOG_ERROR("Received a non-TPM Error");
esysContext->state = _ESYS_STATE_INTERNALERROR;
return r;
}
r = Tss2_Sys_Startup_Complete(esysContext->sys);
return_state_if_error(r, _ESYS_STATE_INTERNALERROR,
"Received error from SAPI unmarshaling" );
esysContext->state = _ESYS_STATE_INIT;
return TSS2_RC_SUCCESS;
}
|
