StartAuthSession.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

// This file was extracted from the TCG Published
// Trusted Platform Module Library
// Part 3: Commands
// Family "2.0"
// Level 00 Revision 01.16
// October 30, 2014

#include "InternalRoutines.h"
#include "StartAuthSession_fp.h"
//
//
//     Error Returns                     Meaning
//
//     TPM_RC_ATTRIBUTES                 tpmKey does not reference a decrypt key
//     TPM_RC_CONTEXT_GAP                the difference between the most recently created active context and
//                                       the oldest active context is at the limits of the TPM
//     TPM_RC_HANDLE                     input decrypt key handle only has public portion loaded
//     TPM_RC_MODE                       symmetric specifies a block cipher but the mode is not
//                                       TPM_ALG_CFB.
//     TPM_RC_SESSION_HANDLES            no session handle is available
//     TPM_RC_SESSION_MEMORY             no more slots for loading a session
//     TPM_RC_SIZE                       nonce less than 16 octets or greater than the size of the digest
//                                       produced by authHash
//     TPM_RC_VALUE                      secret size does not match decrypt key type; or the recovered secret
//                                       is larger than the digest size of the nameAlg of tpmKey; or, for an
//                                       RSA decrypt key, if encryptedSecret is greater than the public
//                                       exponent of tpmKey.
//
TPM_RC
TPM2_StartAuthSession(
   StartAuthSession_In       *in,                   // IN: input parameter buffer
   StartAuthSession_Out      *out                   // OUT: output parameter buffer
   )
{
   TPM_RC                     result = TPM_RC_SUCCESS;
   OBJECT                    *tpmKey;                // TPM key for decrypt salt
   SESSION                   *session;               // session internal data
   TPM2B_DATA                 salt;

// Input Validation

   // Check input nonce size. IT should be at least 16 bytes but not larger
   // than the digest size of session hash.
   if(    in->nonceCaller.t.size < 16
       || in->nonceCaller.t.size > CryptGetHashDigestSize(in->authHash))
       return TPM_RC_SIZE + RC_StartAuthSession_nonceCaller;

   // If an decrypt key is passed in, check its validation
   if(in->tpmKey != TPM_RH_NULL)
   {
       // secret size cannot be 0
       if(in->encryptedSalt.t.size == 0)
           return TPM_RC_VALUE + RC_StartAuthSession_encryptedSalt;

       // Get pointer to loaded decrypt key
       tpmKey = ObjectGet(in->tpmKey);

       // Decrypting salt requires accessing the private portion of a key.
       // Therefore, tmpKey can not be a key with only public portion loaded
       if(tpmKey->attributes.publicOnly)
           return TPM_RC_HANDLE + RC_StartAuthSession_tpmKey;

       // HMAC session input handle check.
         // tpmKey should be a decryption key
         if(tpmKey->publicArea.objectAttributes.decrypt != SET)
             return TPM_RC_ATTRIBUTES + RC_StartAuthSession_tpmKey;

         // Secret Decryption. A TPM_RC_VALUE, TPM_RC_KEY or Unmarshal errors
         // may be returned at this point
         result = CryptSecretDecrypt(in->tpmKey, &in->nonceCaller, "SECRET",
                                     &in->encryptedSalt, &salt);
         if(result != TPM_RC_SUCCESS)
             return TPM_RC_VALUE + RC_StartAuthSession_encryptedSalt;

  }
  else
  {
      // secret size must be 0
      if(in->encryptedSalt.t.size != 0)
          return TPM_RC_VALUE + RC_StartAuthSession_encryptedSalt;
      salt.t.size = 0;
  }
  // If the bind handle references a transient object, make sure that the
  // sensitive area is loaded so that the authValue can be accessed.
  if(     HandleGetType(in->bind) == TPM_HT_TRANSIENT
      && ObjectGet(in->bind)->attributes.publicOnly == SET)
      return TPM_RC_HANDLE + RC_StartAuthSession_bind;

  // If 'symmetric' is a symmetric block cipher (not TPM_ALG_NULL or TPM_ALG_XOR)
  // then the mode must be CFB.
  if(    in->symmetric.algorithm != TPM_ALG_NULL
      && in->symmetric.algorithm != TPM_ALG_XOR
      && in->symmetric.mode.sym != TPM_ALG_CFB)
      return TPM_RC_MODE + RC_StartAuthSession_symmetric;

// Internal Data Update

  // Create internal session structure. TPM_RC_CONTEXT_GAP, TPM_RC_NO_HANDLES
  // or TPM_RC_SESSION_MEMORY errors may be returned returned at this point.
  //
  // The detailed actions for creating the session context are not shown here
  // as the details are implementation dependent
  // SessionCreate sets the output handle
  result = SessionCreate(in->sessionType, in->authHash,
                         &in->nonceCaller, &in->symmetric,
                         in->bind, &salt, &out->sessionHandle);

  if(result != TPM_RC_SUCCESS)
      return result;

// Command Output

  // Get session pointer
  session = SessionGet(out->sessionHandle);

  // Copy nonceTPM
  out->nonceTPM = session->nonceTPM;

   return TPM_RC_SUCCESS;
}