ESAPI: Deduplicate code in response handling
Depublicate code regarding response auth checking
in Esys_*_finish functions.
Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
diff --git a/esapi/esapi/Esys_ActivateCredential.c b/esapi/esapi/Esys_ActivateCredential.c
index a98d737..4ff92db 100644
--- a/esapi/esapi/Esys_ActivateCredential.c
+++ b/esapi/esapi/Esys_ActivateCredential.c
@@ -262,7 +262,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -300,50 +299,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Certify.c b/esapi/esapi/Esys_Certify.c
index 95f905e..14f2a03 100644
--- a/esapi/esapi/Esys_Certify.c
+++ b/esapi/esapi/Esys_Certify.c
@@ -275,7 +275,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -313,50 +312,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_CertifyCreation.c b/esapi/esapi/Esys_CertifyCreation.c
index 3d14d25..1b9d71c 100644
--- a/esapi/esapi/Esys_CertifyCreation.c
+++ b/esapi/esapi/Esys_CertifyCreation.c
@@ -304,7 +304,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -344,50 +343,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ChangeEPS.c b/esapi/esapi/Esys_ChangeEPS.c
index db5a4a3..9b7510e 100644
--- a/esapi/esapi/Esys_ChangeEPS.c
+++ b/esapi/esapi/Esys_ChangeEPS.c
@@ -202,7 +202,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -237,46 +236,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ChangePPS.c b/esapi/esapi/Esys_ChangePPS.c
index a3cc151..b2ffa2d 100644
--- a/esapi/esapi/Esys_ChangePPS.c
+++ b/esapi/esapi/Esys_ChangePPS.c
@@ -202,7 +202,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -237,46 +236,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Clear.c b/esapi/esapi/Esys_Clear.c
index ad9198b..bb73572 100644
--- a/esapi/esapi/Esys_Clear.c
+++ b/esapi/esapi/Esys_Clear.c
@@ -202,7 +202,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -237,46 +236,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ClearControl.c b/esapi/esapi/Esys_ClearControl.c
index 5f2abfd..f6a9654 100644
--- a/esapi/esapi/Esys_ClearControl.c
+++ b/esapi/esapi/Esys_ClearControl.c
@@ -212,7 +212,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -248,46 +247,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ClockRateAdjust.c b/esapi/esapi/Esys_ClockRateAdjust.c
index 84cc30f..d05c040 100644
--- a/esapi/esapi/Esys_ClockRateAdjust.c
+++ b/esapi/esapi/Esys_ClockRateAdjust.c
@@ -212,7 +212,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -248,46 +247,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ClockSet.c b/esapi/esapi/Esys_ClockSet.c
index 62e33ae..290a7b7 100644
--- a/esapi/esapi/Esys_ClockSet.c
+++ b/esapi/esapi/Esys_ClockSet.c
@@ -212,7 +212,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -248,46 +247,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Commit.c b/esapi/esapi/Esys_Commit.c
index 850840a..fbb8be4 100644
--- a/esapi/esapi/Esys_Commit.c
+++ b/esapi/esapi/Esys_Commit.c
@@ -295,7 +295,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -333,50 +332,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ContextLoad.c b/esapi/esapi/Esys_ContextLoad.c
index 7c74c17..2e835a0 100644
--- a/esapi/esapi/Esys_ContextLoad.c
+++ b/esapi/esapi/Esys_ContextLoad.c
@@ -221,7 +221,6 @@
goto_if_error(r, "while unmarshaling context ", error_cleanup);
loadedHandleNode->rsrc = esyscontextData.esysMetadata.data;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
diff --git a/esapi/esapi/Esys_ContextSave.c b/esapi/esapi/Esys_ContextSave.c
index 0f93d78..9e1302c 100644
--- a/esapi/esapi/Esys_ContextSave.c
+++ b/esapi/esapi/Esys_ContextSave.c
@@ -182,7 +182,6 @@
if (lcontext == NULL) {
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
diff --git a/esapi/esapi/Esys_Create.c b/esapi/esapi/Esys_Create.c
index 4c7b07d..755cf6c 100644
--- a/esapi/esapi/Esys_Create.c
+++ b/esapi/esapi/Esys_Create.c
@@ -329,7 +329,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -368,50 +367,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_CreatePrimary.c b/esapi/esapi/Esys_CreatePrimary.c
index d6c908b..c02b7cd 100644
--- a/esapi/esapi/Esys_CreatePrimary.c
+++ b/esapi/esapi/Esys_CreatePrimary.c
@@ -333,7 +333,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -372,50 +371,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_DictionaryAttackLockReset.c b/esapi/esapi/Esys_DictionaryAttackLockReset.c
index 2160b08..ae9ed51 100644
--- a/esapi/esapi/Esys_DictionaryAttackLockReset.c
+++ b/esapi/esapi/Esys_DictionaryAttackLockReset.c
@@ -202,7 +202,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -237,46 +236,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_DictionaryAttackParameters.c b/esapi/esapi/Esys_DictionaryAttackParameters.c
index 389e876..2cc4340 100644
--- a/esapi/esapi/Esys_DictionaryAttackParameters.c
+++ b/esapi/esapi/Esys_DictionaryAttackParameters.c
@@ -231,7 +231,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -269,46 +268,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Duplicate.c b/esapi/esapi/Esys_Duplicate.c
index a0f3b32..4fa8f0f 100644
--- a/esapi/esapi/Esys_Duplicate.c
+++ b/esapi/esapi/Esys_Duplicate.c
@@ -287,7 +287,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -325,50 +324,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ECC_Parameters.c b/esapi/esapi/Esys_ECC_Parameters.c
index a56994a..481df9f 100644
--- a/esapi/esapi/Esys_ECC_Parameters.c
+++ b/esapi/esapi/Esys_ECC_Parameters.c
@@ -209,7 +209,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -244,50 +243,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ECDH_KeyGen.c b/esapi/esapi/Esys_ECDH_KeyGen.c
index 1886bac..73e59cc 100644
--- a/esapi/esapi/Esys_ECDH_KeyGen.c
+++ b/esapi/esapi/Esys_ECDH_KeyGen.c
@@ -227,7 +227,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -262,50 +261,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ECDH_ZGen.c b/esapi/esapi/Esys_ECDH_ZGen.c
index 31c1233..ff6682f 100644
--- a/esapi/esapi/Esys_ECDH_ZGen.c
+++ b/esapi/esapi/Esys_ECDH_ZGen.c
@@ -231,7 +231,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -267,50 +266,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_EC_Ephemeral.c b/esapi/esapi/Esys_EC_Ephemeral.c
index 06def29..3889abc 100644
--- a/esapi/esapi/Esys_EC_Ephemeral.c
+++ b/esapi/esapi/Esys_EC_Ephemeral.c
@@ -216,7 +216,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -251,50 +250,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_EncryptDecrypt.c b/esapi/esapi/Esys_EncryptDecrypt.c
index a4019ad..69ab6d1 100644
--- a/esapi/esapi/Esys_EncryptDecrypt.c
+++ b/esapi/esapi/Esys_EncryptDecrypt.c
@@ -278,7 +278,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -317,50 +316,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_EventSequenceComplete.c b/esapi/esapi/Esys_EventSequenceComplete.c
index 95872bb..208d9d4 100644
--- a/esapi/esapi/Esys_EventSequenceComplete.c
+++ b/esapi/esapi/Esys_EventSequenceComplete.c
@@ -247,7 +247,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -284,50 +283,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_EvictControl.c b/esapi/esapi/Esys_EvictControl.c
index 6fe4583..89f588f 100644
--- a/esapi/esapi/Esys_EvictControl.c
+++ b/esapi/esapi/Esys_EvictControl.c
@@ -248,7 +248,6 @@
if (r != TSS2_RC_SUCCESS)
return r;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -285,50 +284,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_FlushContext.c b/esapi/esapi/Esys_FlushContext.c
index 979be3a..ad304df 100644
--- a/esapi/esapi/Esys_FlushContext.c
+++ b/esapi/esapi/Esys_FlushContext.c
@@ -170,7 +170,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
diff --git a/esapi/esapi/Esys_GetCapability.c b/esapi/esapi/Esys_GetCapability.c
index b184413..4ee2213 100644
--- a/esapi/esapi/Esys_GetCapability.c
+++ b/esapi/esapi/Esys_GetCapability.c
@@ -236,7 +236,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -273,50 +272,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_GetCommandAuditDigest.c b/esapi/esapi/Esys_GetCommandAuditDigest.c
index 925cb08..c9c5096 100644
--- a/esapi/esapi/Esys_GetCommandAuditDigest.c
+++ b/esapi/esapi/Esys_GetCommandAuditDigest.c
@@ -275,7 +275,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -313,50 +312,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_GetRandom.c b/esapi/esapi/Esys_GetRandom.c
index 4f26eed..5871a48 100644
--- a/esapi/esapi/Esys_GetRandom.c
+++ b/esapi/esapi/Esys_GetRandom.c
@@ -209,7 +209,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -244,50 +243,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_GetSessionAuditDigest.c b/esapi/esapi/Esys_GetSessionAuditDigest.c
index 9b4ae49..a37a1c3 100644
--- a/esapi/esapi/Esys_GetSessionAuditDigest.c
+++ b/esapi/esapi/Esys_GetSessionAuditDigest.c
@@ -289,7 +289,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -328,50 +327,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_GetTestResult.c b/esapi/esapi/Esys_GetTestResult.c
index 5b9e915..610dd87 100644
--- a/esapi/esapi/Esys_GetTestResult.c
+++ b/esapi/esapi/Esys_GetTestResult.c
@@ -199,7 +199,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -233,50 +232,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_GetTime.c b/esapi/esapi/Esys_GetTime.c
index b82b8a9..a65522f 100644
--- a/esapi/esapi/Esys_GetTime.c
+++ b/esapi/esapi/Esys_GetTime.c
@@ -275,7 +275,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -313,50 +312,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_HMAC.c b/esapi/esapi/Esys_HMAC.c
index fe435ea..e787b19 100644
--- a/esapi/esapi/Esys_HMAC.c
+++ b/esapi/esapi/Esys_HMAC.c
@@ -241,7 +241,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -278,50 +277,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_HMAC_Start.c b/esapi/esapi/Esys_HMAC_Start.c
index c454a07..c1e3653 100644
--- a/esapi/esapi/Esys_HMAC_Start.c
+++ b/esapi/esapi/Esys_HMAC_Start.c
@@ -245,7 +245,6 @@
if (r != TSS2_RC_SUCCESS)
return r;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -282,50 +281,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Hash.c b/esapi/esapi/Esys_Hash.c
index 4a1e506..323371e 100644
--- a/esapi/esapi/Esys_Hash.c
+++ b/esapi/esapi/Esys_Hash.c
@@ -248,7 +248,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -285,50 +284,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_HashSequenceStart.c b/esapi/esapi/Esys_HashSequenceStart.c
index 65a801e..0ba8f7d 100644
--- a/esapi/esapi/Esys_HashSequenceStart.c
+++ b/esapi/esapi/Esys_HashSequenceStart.c
@@ -229,7 +229,6 @@
if (r != TSS2_RC_SUCCESS)
return r;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -265,50 +264,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_HierarchyChangeAuth.c b/esapi/esapi/Esys_HierarchyChangeAuth.c
index 9ca5081..97c2859 100644
--- a/esapi/esapi/Esys_HierarchyChangeAuth.c
+++ b/esapi/esapi/Esys_HierarchyChangeAuth.c
@@ -218,7 +218,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -254,46 +253,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_HierarchyControl.c b/esapi/esapi/Esys_HierarchyControl.c
index 1c88980..a8b54f1 100644
--- a/esapi/esapi/Esys_HierarchyControl.c
+++ b/esapi/esapi/Esys_HierarchyControl.c
@@ -222,7 +222,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -259,46 +258,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Import.c b/esapi/esapi/Esys_Import.c
index 1396940..77b3942 100644
--- a/esapi/esapi/Esys_Import.c
+++ b/esapi/esapi/Esys_Import.c
@@ -292,7 +292,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -332,50 +331,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_IncrementalSelfTest.c b/esapi/esapi/Esys_IncrementalSelfTest.c
index 4112d6f..f0dd051 100644
--- a/esapi/esapi/Esys_IncrementalSelfTest.c
+++ b/esapi/esapi/Esys_IncrementalSelfTest.c
@@ -215,7 +215,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -250,50 +249,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Load.c b/esapi/esapi/Esys_Load.c
index bb17d00..6444a3c 100644
--- a/esapi/esapi/Esys_Load.c
+++ b/esapi/esapi/Esys_Load.c
@@ -254,7 +254,6 @@
objectHandleNode->rsrc.rsrcType = IESYSC_KEY_RSRC;
objectHandleNode->rsrc.misc.rsrc_key_pub = *esysContext->in.Load.inPublic;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -291,50 +290,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_LoadExternal.c b/esapi/esapi/Esys_LoadExternal.c
index 5c967dd..c9a3c4b 100644
--- a/esapi/esapi/Esys_LoadExternal.c
+++ b/esapi/esapi/Esys_LoadExternal.c
@@ -248,7 +248,6 @@
objectHandleNode->rsrc.rsrcType = IESYSC_KEY_RSRC;
objectHandleNode->rsrc.misc.rsrc_key_pub = *esysContext->in.LoadExternal.inPublic;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -285,50 +284,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_MakeCredential.c b/esapi/esapi/Esys_MakeCredential.c
index d990278..d10859f 100644
--- a/esapi/esapi/Esys_MakeCredential.c
+++ b/esapi/esapi/Esys_MakeCredential.c
@@ -259,7 +259,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -296,50 +295,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_Certify.c b/esapi/esapi/Esys_NV_Certify.c
index f640fed..47a5f7f 100644
--- a/esapi/esapi/Esys_NV_Certify.c
+++ b/esapi/esapi/Esys_NV_Certify.c
@@ -307,7 +307,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -348,50 +347,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_ChangeAuth.c b/esapi/esapi/Esys_NV_ChangeAuth.c
index 9f85688..de4d259 100644
--- a/esapi/esapi/Esys_NV_ChangeAuth.c
+++ b/esapi/esapi/Esys_NV_ChangeAuth.c
@@ -218,7 +218,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -254,46 +253,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_DefineSpace.c b/esapi/esapi/Esys_NV_DefineSpace.c
index 1cef231..e62714d 100644
--- a/esapi/esapi/Esys_NV_DefineSpace.c
+++ b/esapi/esapi/Esys_NV_DefineSpace.c
@@ -251,7 +251,6 @@
if (r != TSS2_RC_SUCCESS)
return r;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -288,50 +287,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_Extend.c b/esapi/esapi/Esys_NV_Extend.c
index 2c27a66..d7c307f 100644
--- a/esapi/esapi/Esys_NV_Extend.c
+++ b/esapi/esapi/Esys_NV_Extend.c
@@ -233,7 +233,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -270,46 +269,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_GlobalWriteLock.c b/esapi/esapi/Esys_NV_GlobalWriteLock.c
index 5d7c9cd..247049e 100644
--- a/esapi/esapi/Esys_NV_GlobalWriteLock.c
+++ b/esapi/esapi/Esys_NV_GlobalWriteLock.c
@@ -202,7 +202,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -237,46 +236,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_Increment.c b/esapi/esapi/Esys_NV_Increment.c
index 8ac5f23..3d62d1d 100644
--- a/esapi/esapi/Esys_NV_Increment.c
+++ b/esapi/esapi/Esys_NV_Increment.c
@@ -217,7 +217,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -253,46 +252,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_Read.c b/esapi/esapi/Esys_NV_Read.c
index 5123e25..5701a36 100644
--- a/esapi/esapi/Esys_NV_Read.c
+++ b/esapi/esapi/Esys_NV_Read.c
@@ -249,7 +249,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -287,50 +286,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_ReadLock.c b/esapi/esapi/Esys_NV_ReadLock.c
index 933a581..7e829ae 100644
--- a/esapi/esapi/Esys_NV_ReadLock.c
+++ b/esapi/esapi/Esys_NV_ReadLock.c
@@ -217,7 +217,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -253,46 +252,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_ReadPublic.c b/esapi/esapi/Esys_NV_ReadPublic.c
index 477bbb9..9fbb9e2 100644
--- a/esapi/esapi/Esys_NV_ReadPublic.c
+++ b/esapi/esapi/Esys_NV_ReadPublic.c
@@ -225,7 +225,6 @@
if (lnvName == NULL) {
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -260,50 +259,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_SetBits.c b/esapi/esapi/Esys_NV_SetBits.c
index eff49f6..15a19d8 100644
--- a/esapi/esapi/Esys_NV_SetBits.c
+++ b/esapi/esapi/Esys_NV_SetBits.c
@@ -227,7 +227,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -264,46 +263,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_UndefineSpace.c b/esapi/esapi/Esys_NV_UndefineSpace.c
index bef3857..096ff20 100644
--- a/esapi/esapi/Esys_NV_UndefineSpace.c
+++ b/esapi/esapi/Esys_NV_UndefineSpace.c
@@ -217,7 +217,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -253,46 +252,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_UndefineSpaceSpecial.c b/esapi/esapi/Esys_NV_UndefineSpaceSpecial.c
index a01ab1d..a5d3be0 100644
--- a/esapi/esapi/Esys_NV_UndefineSpaceSpecial.c
+++ b/esapi/esapi/Esys_NV_UndefineSpaceSpecial.c
@@ -218,7 +218,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -254,46 +253,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_Write.c b/esapi/esapi/Esys_NV_Write.c
index da3797b..77b1153 100644
--- a/esapi/esapi/Esys_NV_Write.c
+++ b/esapi/esapi/Esys_NV_Write.c
@@ -242,7 +242,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -280,46 +279,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_NV_WriteLock.c b/esapi/esapi/Esys_NV_WriteLock.c
index f039198..0d0a607 100644
--- a/esapi/esapi/Esys_NV_WriteLock.c
+++ b/esapi/esapi/Esys_NV_WriteLock.c
@@ -217,7 +217,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -253,46 +252,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ObjectChangeAuth.c b/esapi/esapi/Esys_ObjectChangeAuth.c
index 2b0cd45..692c9a1 100644
--- a/esapi/esapi/Esys_ObjectChangeAuth.c
+++ b/esapi/esapi/Esys_ObjectChangeAuth.c
@@ -246,7 +246,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -283,50 +282,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PCR_Allocate.c b/esapi/esapi/Esys_PCR_Allocate.c
index b934fd0..e0d7b18 100644
--- a/esapi/esapi/Esys_PCR_Allocate.c
+++ b/esapi/esapi/Esys_PCR_Allocate.c
@@ -246,7 +246,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -282,46 +281,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PCR_Event.c b/esapi/esapi/Esys_PCR_Event.c
index ee0d75f..6848b1c 100644
--- a/esapi/esapi/Esys_PCR_Event.c
+++ b/esapi/esapi/Esys_PCR_Event.c
@@ -231,7 +231,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -267,50 +266,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PCR_Extend.c b/esapi/esapi/Esys_PCR_Extend.c
index 8a65faa..6baa777 100644
--- a/esapi/esapi/Esys_PCR_Extend.c
+++ b/esapi/esapi/Esys_PCR_Extend.c
@@ -218,7 +218,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -254,46 +253,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PCR_Read.c b/esapi/esapi/Esys_PCR_Read.c
index 812ee30..1ef07ce 100644
--- a/esapi/esapi/Esys_PCR_Read.c
+++ b/esapi/esapi/Esys_PCR_Read.c
@@ -235,7 +235,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -270,50 +269,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PCR_Reset.c b/esapi/esapi/Esys_PCR_Reset.c
index 056ab3f..e3ae9ac 100644
--- a/esapi/esapi/Esys_PCR_Reset.c
+++ b/esapi/esapi/Esys_PCR_Reset.c
@@ -202,7 +202,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -237,46 +236,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PCR_SetAuthPolicy.c b/esapi/esapi/Esys_PCR_SetAuthPolicy.c
index df72d36..ac26de9 100644
--- a/esapi/esapi/Esys_PCR_SetAuthPolicy.c
+++ b/esapi/esapi/Esys_PCR_SetAuthPolicy.c
@@ -237,7 +237,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -275,46 +274,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PCR_SetAuthValue.c b/esapi/esapi/Esys_PCR_SetAuthValue.c
index d241c39..0a937d4 100644
--- a/esapi/esapi/Esys_PCR_SetAuthValue.c
+++ b/esapi/esapi/Esys_PCR_SetAuthValue.c
@@ -218,7 +218,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -254,46 +253,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PP_Commands.c b/esapi/esapi/Esys_PP_Commands.c
index 6541c3d..510221a 100644
--- a/esapi/esapi/Esys_PP_Commands.c
+++ b/esapi/esapi/Esys_PP_Commands.c
@@ -234,7 +234,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -271,46 +270,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyAuthValue.c b/esapi/esapi/Esys_PolicyAuthValue.c
index 719a991..d440d14 100644
--- a/esapi/esapi/Esys_PolicyAuthValue.c
+++ b/esapi/esapi/Esys_PolicyAuthValue.c
@@ -201,7 +201,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -236,46 +235,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyAuthorize.c b/esapi/esapi/Esys_PolicyAuthorize.c
index 258e430..8ed560e 100644
--- a/esapi/esapi/Esys_PolicyAuthorize.c
+++ b/esapi/esapi/Esys_PolicyAuthorize.c
@@ -263,7 +263,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -302,46 +301,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyCommandCode.c b/esapi/esapi/Esys_PolicyCommandCode.c
index ae1f465..a6aa2aa 100644
--- a/esapi/esapi/Esys_PolicyCommandCode.c
+++ b/esapi/esapi/Esys_PolicyCommandCode.c
@@ -206,7 +206,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -242,46 +241,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyCounterTimer.c b/esapi/esapi/Esys_PolicyCounterTimer.c
index dff4c0f..9a20a05 100644
--- a/esapi/esapi/Esys_PolicyCounterTimer.c
+++ b/esapi/esapi/Esys_PolicyCounterTimer.c
@@ -236,7 +236,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -274,46 +273,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyCpHash.c b/esapi/esapi/Esys_PolicyCpHash.c
index 74da667..00e00dd 100644
--- a/esapi/esapi/Esys_PolicyCpHash.c
+++ b/esapi/esapi/Esys_PolicyCpHash.c
@@ -212,7 +212,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -248,46 +247,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyDuplicationSelect.c b/esapi/esapi/Esys_PolicyDuplicationSelect.c
index 08f8d12..e99a027 100644
--- a/esapi/esapi/Esys_PolicyDuplicationSelect.c
+++ b/esapi/esapi/Esys_PolicyDuplicationSelect.c
@@ -237,7 +237,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -275,46 +274,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyGetDigest.c b/esapi/esapi/Esys_PolicyGetDigest.c
index 098087e..852e99a 100644
--- a/esapi/esapi/Esys_PolicyGetDigest.c
+++ b/esapi/esapi/Esys_PolicyGetDigest.c
@@ -214,7 +214,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -249,50 +248,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyLocality.c b/esapi/esapi/Esys_PolicyLocality.c
index 9a93744..866075e 100644
--- a/esapi/esapi/Esys_PolicyLocality.c
+++ b/esapi/esapi/Esys_PolicyLocality.c
@@ -206,7 +206,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -242,46 +241,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyNV.c b/esapi/esapi/Esys_PolicyNV.c
index 34ce564..8bf2ced 100644
--- a/esapi/esapi/Esys_PolicyNV.c
+++ b/esapi/esapi/Esys_PolicyNV.c
@@ -265,7 +265,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -305,46 +304,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyNameHash.c b/esapi/esapi/Esys_PolicyNameHash.c
index 2699564..cdba2ad 100644
--- a/esapi/esapi/Esys_PolicyNameHash.c
+++ b/esapi/esapi/Esys_PolicyNameHash.c
@@ -212,7 +212,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -248,46 +247,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyNvWritten.c b/esapi/esapi/Esys_PolicyNvWritten.c
index 41d3b51..453acd7 100644
--- a/esapi/esapi/Esys_PolicyNvWritten.c
+++ b/esapi/esapi/Esys_PolicyNvWritten.c
@@ -211,7 +211,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -247,46 +246,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyOR.c b/esapi/esapi/Esys_PolicyOR.c
index 6a19a1d..35c74c3 100644
--- a/esapi/esapi/Esys_PolicyOR.c
+++ b/esapi/esapi/Esys_PolicyOR.c
@@ -217,7 +217,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -253,46 +252,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyPCR.c b/esapi/esapi/Esys_PolicyPCR.c
index 115cb40..c102b3a 100644
--- a/esapi/esapi/Esys_PolicyPCR.c
+++ b/esapi/esapi/Esys_PolicyPCR.c
@@ -233,7 +233,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -270,46 +269,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyPassword.c b/esapi/esapi/Esys_PolicyPassword.c
index ab8404b..c918662 100644
--- a/esapi/esapi/Esys_PolicyPassword.c
+++ b/esapi/esapi/Esys_PolicyPassword.c
@@ -201,7 +201,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -236,46 +235,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyPhysicalPresence.c b/esapi/esapi/Esys_PolicyPhysicalPresence.c
index 8d649d9..01ccab3 100644
--- a/esapi/esapi/Esys_PolicyPhysicalPresence.c
+++ b/esapi/esapi/Esys_PolicyPhysicalPresence.c
@@ -201,7 +201,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -236,46 +235,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyRestart.c b/esapi/esapi/Esys_PolicyRestart.c
index f4ab055..3b301d9 100644
--- a/esapi/esapi/Esys_PolicyRestart.c
+++ b/esapi/esapi/Esys_PolicyRestart.c
@@ -201,7 +201,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -236,46 +235,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicySecret.c b/esapi/esapi/Esys_PolicySecret.c
index 04eb749..ac1ca01 100644
--- a/esapi/esapi/Esys_PolicySecret.c
+++ b/esapi/esapi/Esys_PolicySecret.c
@@ -298,7 +298,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -338,50 +337,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicySigned.c b/esapi/esapi/Esys_PolicySigned.c
index 0605a7c..ba0b917 100644
--- a/esapi/esapi/Esys_PolicySigned.c
+++ b/esapi/esapi/Esys_PolicySigned.c
@@ -312,7 +312,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -353,50 +352,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_PolicyTicket.c b/esapi/esapi/Esys_PolicyTicket.c
index be74fc1..7b315b5 100644
--- a/esapi/esapi/Esys_PolicyTicket.c
+++ b/esapi/esapi/Esys_PolicyTicket.c
@@ -278,7 +278,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -318,46 +317,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Quote.c b/esapi/esapi/Esys_Quote.c
index db2636d..468def9 100644
--- a/esapi/esapi/Esys_Quote.c
+++ b/esapi/esapi/Esys_Quote.c
@@ -275,7 +275,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -313,50 +312,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_RSA_Decrypt.c b/esapi/esapi/Esys_RSA_Decrypt.c
index db34902..10ade7c 100644
--- a/esapi/esapi/Esys_RSA_Decrypt.c
+++ b/esapi/esapi/Esys_RSA_Decrypt.c
@@ -262,7 +262,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -300,50 +299,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_RSA_Encrypt.c b/esapi/esapi/Esys_RSA_Encrypt.c
index 7a73239..4983907 100644
--- a/esapi/esapi/Esys_RSA_Encrypt.c
+++ b/esapi/esapi/Esys_RSA_Encrypt.c
@@ -261,7 +261,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -299,50 +298,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ReadClock.c b/esapi/esapi/Esys_ReadClock.c
index 7d75478..53049ef 100644
--- a/esapi/esapi/Esys_ReadClock.c
+++ b/esapi/esapi/Esys_ReadClock.c
@@ -192,7 +192,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -226,50 +225,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ReadPublic.c b/esapi/esapi/Esys_ReadPublic.c
index 2d66431..33ceb51 100644
--- a/esapi/esapi/Esys_ReadPublic.c
+++ b/esapi/esapi/Esys_ReadPublic.c
@@ -240,7 +240,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -275,50 +274,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Rewrap.c b/esapi/esapi/Esys_Rewrap.c
index e2ade66..aeea6b6 100644
--- a/esapi/esapi/Esys_Rewrap.c
+++ b/esapi/esapi/Esys_Rewrap.c
@@ -289,7 +289,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -328,50 +327,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_SelfTest.c b/esapi/esapi/Esys_SelfTest.c
index d37a596..2d383c9 100644
--- a/esapi/esapi/Esys_SelfTest.c
+++ b/esapi/esapi/Esys_SelfTest.c
@@ -196,7 +196,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -231,46 +230,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_SequenceComplete.c b/esapi/esapi/Esys_SequenceComplete.c
index eaf131c..842c63a 100644
--- a/esapi/esapi/Esys_SequenceComplete.c
+++ b/esapi/esapi/Esys_SequenceComplete.c
@@ -254,7 +254,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -291,50 +290,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_SequenceUpdate.c b/esapi/esapi/Esys_SequenceUpdate.c
index b2fd46a..1b71e05 100644
--- a/esapi/esapi/Esys_SequenceUpdate.c
+++ b/esapi/esapi/Esys_SequenceUpdate.c
@@ -218,7 +218,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -254,46 +253,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_SetAlgorithmSet.c b/esapi/esapi/Esys_SetAlgorithmSet.c
index 5cf9a1f..89048aa 100644
--- a/esapi/esapi/Esys_SetAlgorithmSet.c
+++ b/esapi/esapi/Esys_SetAlgorithmSet.c
@@ -212,7 +212,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -248,46 +247,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_SetCommandCodeAuditStatus.c b/esapi/esapi/Esys_SetCommandCodeAuditStatus.c
index 50a9c23..5da8c6e 100644
--- a/esapi/esapi/Esys_SetCommandCodeAuditStatus.c
+++ b/esapi/esapi/Esys_SetCommandCodeAuditStatus.c
@@ -243,7 +243,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -281,46 +280,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_SetPrimaryPolicy.c b/esapi/esapi/Esys_SetPrimaryPolicy.c
index 585987c..c0c1a68 100644
--- a/esapi/esapi/Esys_SetPrimaryPolicy.c
+++ b/esapi/esapi/Esys_SetPrimaryPolicy.c
@@ -228,7 +228,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -265,46 +264,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Shutdown.c b/esapi/esapi/Esys_Shutdown.c
index 7f2f0b2..3c95ba5 100644
--- a/esapi/esapi/Esys_Shutdown.c
+++ b/esapi/esapi/Esys_Shutdown.c
@@ -196,7 +196,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -231,46 +230,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Sign.c b/esapi/esapi/Esys_Sign.c
index 27e3ee2..ca92f87 100644
--- a/esapi/esapi/Esys_Sign.c
+++ b/esapi/esapi/Esys_Sign.c
@@ -262,7 +262,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -300,50 +299,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_StartAuthSession.c b/esapi/esapi/Esys_StartAuthSession.c
index dd10337..738c072 100644
--- a/esapi/esapi/Esys_StartAuthSession.c
+++ b/esapi/esapi/Esys_StartAuthSession.c
@@ -335,7 +335,6 @@
*esysContext->in.StartAuthSession.symmetric;
rsrc->misc.rsrc_session.nonceCaller =
esysContext->in.StartAuthSession.nonceCallerData;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -375,50 +374,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Startup.c b/esapi/esapi/Esys_Startup.c
index 9e40d92..6fb9ee9 100644
--- a/esapi/esapi/Esys_Startup.c
+++ b/esapi/esapi/Esys_Startup.c
@@ -165,7 +165,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
diff --git a/esapi/esapi/Esys_StirRandom.c b/esapi/esapi/Esys_StirRandom.c
index 1099122..4b47e30 100644
--- a/esapi/esapi/Esys_StirRandom.c
+++ b/esapi/esapi/Esys_StirRandom.c
@@ -202,7 +202,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -237,46 +236,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_TestParms.c b/esapi/esapi/Esys_TestParms.c
index f3781f3..a539e41 100644
--- a/esapi/esapi/Esys_TestParms.c
+++ b/esapi/esapi/Esys_TestParms.c
@@ -202,7 +202,6 @@
return TSS2_ESYS_RC_BAD_SEQUENCE;
}
TSS2_RC r = TSS2_RC_SUCCESS;
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -237,46 +236,8 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- return r;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- return r;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- return_if_error(r, "Error: get rp buffer");
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- return_if_error(r, "Error: while computing response hashes");
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- return_if_error(r, "Error: response hmac check");
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- return_if_error(r, "Error: while decrypting parameter.");
- }
- }
+ r = iesys_check_response(esysContext);
+ return_if_error(r, "Error: check response");
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Unseal.c b/esapi/esapi/Esys_Unseal.c
index 5ee4eb6..80366b0 100644
--- a/esapi/esapi/Esys_Unseal.c
+++ b/esapi/esapi/Esys_Unseal.c
@@ -215,7 +215,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -250,50 +249,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_Vendor_TCG_Test.c b/esapi/esapi/Esys_Vendor_TCG_Test.c
index 7a724ec..fbe6e69 100644
--- a/esapi/esapi/Esys_Vendor_TCG_Test.c
+++ b/esapi/esapi/Esys_Vendor_TCG_Test.c
@@ -215,7 +215,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -250,50 +249,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_VerifySignature.c b/esapi/esapi/Esys_VerifySignature.c
index 5c4141a..ef8f6bb 100644
--- a/esapi/esapi/Esys_VerifySignature.c
+++ b/esapi/esapi/Esys_VerifySignature.c
@@ -246,7 +246,6 @@
return_error(TSS2_ESYS_RC_MEMORY, "Out of memory");
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -283,50 +282,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi/Esys_ZGen_2Phase.c b/esapi/esapi/Esys_ZGen_2Phase.c
index a167f9b..06eea02 100644
--- a/esapi/esapi/Esys_ZGen_2Phase.c
+++ b/esapi/esapi/Esys_ZGen_2Phase.c
@@ -278,7 +278,6 @@
goto_error(r, TSS2_ESYS_RC_MEMORY, "Out of memory", error_cleanup);
}
}
-
r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout);
if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) {
LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r);
@@ -317,50 +316,9 @@
* Now the verification of the response (hmac check) and if necessary the
* parameter decryption have to be done
*/
- const uint8_t *rpBuffer;
- size_t rpBuffer_size;
- TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
- HASH_TAB_ITEM rp_hash_tab[3];
- HASH_TAB_ITEM rp_hash_tab2[3];
- uint8_t rpHashNum = 0;
- uint8_t rpHashNum2 = 0;
- r = Tss2_Sys_GetRspAuths(esysContext->sys, &rspAuths);
- if (r != TSS2_RC_SUCCESS)
- goto error_cleanup;
-
- if (rspAuths.count != esysContext->authsCount) {
- LOG_ERROR("Number of response auths differs: %i (expected %i)",
- rspAuths.count, esysContext->authsCount);
- r = TSS2_ESYS_RC_GENERAL_FAILURE;
- goto error_cleanup;
- }
- /*
- * At least one session object is defined so the rp hashes must be computed
- * and the HMACs of the responses have to be checked.
- * Encrypted response parameters will be decrypted.
- */
- if (esysContext->session_type[0] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[1] >= ESYS_TR_MIN_OBJECT ||
- esysContext->session_type[2] >= ESYS_TR_MIN_OBJECT) {
- r = Tss2_Sys_GetRpBuffer(esysContext->sys, &rpBuffer_size, &rpBuffer);
- goto_if_error(r, "Error: get rp buffer",
+ r = iesys_check_response(esysContext);
+ goto_if_error(r, "Error: check response",
error_cleanup);
-
- r = iesys_compute_rp_hashtab(esysContext,
- &rspAuths, rpBuffer, rpBuffer_size,
- &rp_hash_tab[0], &rpHashNum);
- goto_if_error(r, "Error: while computing response hashes",
- error_cleanup);
-
- r = iesys_check_rp_hmacs(esysContext, &rspAuths, &rp_hash_tab[0]);
- goto_if_error(r, "Error: response hmac check",
- error_cleanup);
- if (esysContext->encryptNonce != NULL) {
- r = iesys_decrypt_param(esysContext, rpBuffer, rpBuffer_size);
- goto_if_error(r, "Error: while decrypting parameter.",
- error_cleanup);
- }
- }
/*
* After the verification of the response we call the complete function
* to deliver the result.
diff --git a/esapi/esapi_util/esys_iutil.c b/esapi/esapi_util/esys_iutil.c
index 6525d6a..74c581d 100644
--- a/esapi/esapi_util/esys_iutil.c
+++ b/esapi/esapi_util/esys_iutil.c
@@ -1082,6 +1082,51 @@
}
TSS2_RC
+iesys_check_response(ESYS_CONTEXT * esys_context)
+{
+ TSS2_RC r;
+ const uint8_t *rpBuffer;
+ size_t rpBuffer_size;
+ TSS2L_SYS_AUTH_RESPONSE rspAuths = {0};
+ HASH_TAB_ITEM rp_hash_tab[3];
+ HASH_TAB_ITEM rp_hash_tab2[3];
+ uint8_t rpHashNum = 0;
+ r = Tss2_Sys_GetRspAuths(esys_context->sys, &rspAuths);
+ return_if_error(r, "Error: GetRspAuths");
+
+ if (rspAuths.count != esys_context->authsCount) {
+ LOG_ERROR("Number of response auths differs: %i (expected %i)",
+ rspAuths.count, esys_context->authsCount);
+ return TSS2_ESYS_RC_GENERAL_FAILURE;
+ }
+ /*
+ * At least one session object is defined so the rp hashes must be computed
+ * and the HMACs of the responses have to be checked.
+ * Encrypted response parameters will be decrypted.
+ */
+ if (esys_context->session_type[0] >= ESYS_TR_MIN_OBJECT ||
+ esys_context->session_type[1] >= ESYS_TR_MIN_OBJECT ||
+ esys_context->session_type[2] >= ESYS_TR_MIN_OBJECT) {
+ r = Tss2_Sys_GetRpBuffer(esys_context->sys, &rpBuffer_size, &rpBuffer);
+ return_if_error(r, "Error: get rp buffer");
+
+ r = iesys_compute_rp_hashtab(esys_context,
+ &rspAuths, rpBuffer, rpBuffer_size,
+ &rp_hash_tab[0], &rpHashNum);
+ return_if_error(r, "Error: while computing response hashes");
+
+ r = iesys_check_rp_hmacs(esys_context, &rspAuths, &rp_hash_tab[0]);
+ return_if_error(r, "Error: response hmac check");
+
+ if (esys_context->encryptNonce != NULL) {
+ r = iesys_decrypt_param(esys_context, rpBuffer, rpBuffer_size);
+ return_if_error(r, "Error: while decrypting parameter.");
+ }
+ }
+ return TSS2_RC_SUCCESS;
+}
+
+TSS2_RC
iesys_nv_get_name(TPM2B_NV_PUBLIC * publicInfo, TPM2B_NAME * name)
{
BYTE buffer[sizeof(TPMS_NV_PUBLIC)];
diff --git a/esapi/esapi_util/esys_iutil.h b/esapi/esapi_util/esys_iutil.h
index e0364e9..d654c07 100644
--- a/esapi/esapi_util/esys_iutil.h
+++ b/esapi/esapi_util/esys_iutil.h
@@ -247,6 +247,9 @@
RSRC_NODE_T *h3,
TSS2L_SYS_AUTH_COMMAND *auths);
+TSS2_RC iesys_check_response(
+ ESYS_CONTEXT * esys_context);
+
TSS2_RC iesys_nv_get_name(
TPM2B_NV_PUBLIC *publicInfo,
TPM2B_NAME *name);