Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / tpm2-tss / 2daba1f50c8cd16204d6016e9217166ca253854e / . / test / tpmclient / SessionHmac.c
blob: efd7e0c6b2809016a5c404c8720031f1201be945 [file] [log] [blame]
//**********************************************************************;
// Copyright (c) 2015, Intel Corporation
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice,
// this list of conditions and the following disclaimer in the documentation
// and/or other materials provided with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
// THE POSSIBILITY OF SUCH DAMAGE.
//**********************************************************************;
#include <stdio.h>
#include <stdlib.h>
#include "tss2_sys.h"
#include "../integration/sapi-util.h"
#include "../integration/session-util.h"
#include "tpmclient.int.h"
#include "sysapi_util.h"
#include "util/tss2_endian.h"
#define LOGMODULE test
#include "util/log.h"
static TSS2_RC
TpmComputeSessionHmac(
TSS2_SYS_CONTEXT *sysContext,
SESSION *session,
TPMS_AUTH_COMMAND *pSessionDataIn,
bool command,
TPM2_HANDLE handle1,
TPM2_HANDLE handle2,
TPM2_HANDLE handle3,
TPM2B_MAX_BUFFER *hmacKey)
{
TPM2B_DIGEST *bufferList[7];
TPM2B_DIGEST pHash;
TPM2B sessionAttributesByteBuffer = {
.size = 1,
.buffer = pSessionDataIn->sessionAttributes
};
UINT16 i;
TSS2_RC rval;
TPM2_CC cmdCode;
INIT_SIMPLE_TPM2B_SIZE(pHash);
rval = TpmCalcPHash(sysContext, handle1, handle2, handle3,
session->authHash, command, &pHash);
if (rval != TPM2_RC_SUCCESS)
return rval;
rval = Tss2_Sys_GetCommandCode(sysContext, (UINT8 *)&cmdCode);
if (rval != TPM2_RC_SUCCESS)
return rval;
/* cmdCode comes back as BigEndian; not suited for comparisons below. */
cmdCode = BE_TO_HOST_32(cmdCode);
LOGBLOB_DEBUG(hmacKey->buffer, hmacKey->size, "hmacKey=");
i = 0;
bufferList[i++] = (TPM2B_DIGEST *)&pHash;
bufferList[i++] = (TPM2B_DIGEST *)&session->nonceNewer;
bufferList[i++] = (TPM2B_DIGEST *)&session->nonceOlder;
bufferList[i++] = (TPM2B_DIGEST *)&session->nonceTpmDecrypt;
bufferList[i++] = (TPM2B_DIGEST *)&session->nonceTpmEncrypt;
bufferList[i++] = (TPM2B_DIGEST *)&sessionAttributesByteBuffer;
bufferList[i++] = 0;
for (int j = 0; bufferList[j] != 0; j++) {
LOGBLOB_DEBUG(&bufferList[j]->buffer[0],
bufferList[j]->size, "bufferlist[%d]:", j);
;
}
rval = hmac(session->authHash, hmacKey->buffer,
hmacKey->size, bufferList,
(TPM2B_DIGEST *)&pSessionDataIn->hmac);
if (rval != TPM2_RC_SUCCESS) {
LOGBLOB_ERROR(pSessionDataIn->hmac.buffer,
pSessionDataIn->hmac.size,
"HMAC Failed rval = %d !!!", rval);
return rval;
}
return rval;
}
TSS2_RC ComputeCommandHmacs(
TSS2_SYS_CONTEXT *sysContext,
TPM2_HANDLE handle1,
TPM2_HANDLE handle2,
TPM2_HANDLE handle3,
TSS2L_SYS_AUTH_COMMAND *pSessionsDataIn)
{
TPM2_HANDLE handles[3] = {handle1, handle2, handle3};
ENTITY *entity;
SESSION *session;
TPM2B_MAX_BUFFER hmac_key;
TSS2_RC rval = TPM2_RC_SUCCESS;
unsigned int i;
for (i = 0; i < pSessionsDataIn->count; i++) {
if (handles[i] == TPM2_RH_NULL)
break;
entity = GetEntity(handles[i]);
if (!entity)
return APPLICATION_HMAC_ERROR(i+1);
session = get_session(pSessionsDataIn->auths[i].sessionHandle);
if (!session)
return TPM2_RC_SUCCESS;
CopySizedByteBuffer((TPM2B *)&hmac_key, (TPM2B *)&session->sessionKey);
if (handles[i] != session->bind || handles[i] == TPM2_RH_NULL)
ConcatSizedByteBuffer(&hmac_key, (TPM2B *)&entity->entityAuth);
rval = TpmComputeSessionHmac(sysContext,
session,
&pSessionsDataIn->auths[i],
true,
handle1,
handle2,
handle3,
&hmac_key);
if (rval != TPM2_RC_SUCCESS)
break;
}
return rval;
}
TSS2_RC CheckResponseHMACs(
TSS2_SYS_CONTEXT *sysContext,
TSS2L_SYS_AUTH_COMMAND *pSessionsDataIn,
TPM2_HANDLE handle1,
TPM2_HANDLE handle2,
TPM2_HANDLE handle3,
TSS2L_SYS_AUTH_RESPONSE *pSessionsDataOut)
{
TPM2_HANDLE handles[3] = {handle1, handle2, handle3};
ENTITY *entity;
SESSION *session;
TPM2B_MAX_BUFFER hmac_key;
TSS2_RC rval = TPM2_RC_SUCCESS;
unsigned int i;
for (i = 0; i < pSessionsDataIn->count; i++) {
if (handles[i] == TPM2_RH_NULL)
break;
entity = GetEntity(handles[i]);
if (!entity)
return APPLICATION_HMAC_ERROR(i+1);
session = get_session(pSessionsDataIn->auths[i].sessionHandle);
if (!session)
return TPM2_RC_SUCCESS;
CopySizedByteBuffer((TPM2B *)&hmac_key, (TPM2B *)&session->sessionKey);
if (handles[i] != session->bind)
ConcatSizedByteBuffer(&hmac_key, (TPM2B *)&entity->entityAuth);
rval = TpmComputeSessionHmac(sysContext,
session,
&pSessionsDataIn->auths[i],
false,
handle1,
handle2,
handle3,
&hmac_key);
if (rval != TPM2_RC_SUCCESS)
return rval;
rval = CompareSizedByteBuffer((TPM2B *)&pSessionsDataIn->auths[i].hmac,
(TPM2B *)&pSessionsDataOut->auths[i].hmac);
if (rval != TPM2_RC_SUCCESS)
return APPLICATION_HMAC_ERROR(i+1);
}
return rval;
}