Peter Huewe | d5a36f6 | 2018-06-12 00:59:26 +0200 | [diff] [blame] | 1 | /* SPDX-License-Identifier: BSD-2 */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 2 | /******************************************************************************* |
| 3 | * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG |
| 4 | * All rights reserved. |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 5 | ******************************************************************************/ |
| 6 | |
Philip Tricca | 910f17c | 2018-03-15 12:38:37 -0700 | [diff] [blame] | 7 | #include "tss2_mu.h" |
| 8 | #include "tss2_sys.h" |
Philip Tricca | 8ffd3c4 | 2018-03-09 16:27:24 -0800 | [diff] [blame] | 9 | #include "tss2_esys.h" |
Juergen Repp | ed6e6e2 | 2018-03-19 17:34:32 +0100 | [diff] [blame] | 10 | |
| 11 | #include "esys_types.h" |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 12 | #include "esys_iutil.h" |
| 13 | #include "esys_mu.h" |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 14 | #define LOGMODULE esys |
Philip Tricca | a7c51ce | 2018-03-10 18:28:25 -0800 | [diff] [blame] | 15 | #include "util/log.h" |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 16 | |
Juergen Repp | add438d | 2018-04-09 10:00:19 +0200 | [diff] [blame] | 17 | /** Store command parameters inside the ESYS_CONTEXT for use during _Finish */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 18 | /** One-Call function for TPM2_ReadClock |
| 19 | * |
| 20 | * This function invokes the TPM2_ReadClock command in a one-call |
| 21 | * variant. This means the function will block until the TPM response is |
| 22 | * available. All input parameters are const. The memory for non-simple output |
| 23 | * parameters is allocated by the function implementation. |
| 24 | * |
| 25 | * @param[in,out] esysContext The ESYS_CONTEXT. |
Juergen Repp | f7e5bd3 | 2018-04-26 11:11:32 +0200 | [diff] [blame] | 26 | * @param[in] shandle1 First session handle. |
| 27 | * @param[in] shandle2 Second session handle. |
| 28 | * @param[in] shandle3 Third session handle. |
| 29 | * @param[out] currentTime . |
| 30 | * (callee-allocated) |
Juergen Repp | c3cf4b6 | 2018-08-22 15:27:59 +0200 | [diff] [blame] | 31 | * @retval TSS2_RC_SUCCESS if the function call was a success. |
Juergen Repp | f7e5bd3 | 2018-04-26 11:11:32 +0200 | [diff] [blame] | 32 | * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input |
| 33 | * pointers or required output handle references are NULL. |
| 34 | * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected. |
| 35 | * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for |
| 36 | * internal operations or return parameters. |
| 37 | * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous |
| 38 | * operation already pending. |
| 39 | * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not |
| 40 | * at least contain the tag, response length, and response code. |
| 41 | * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted. |
Juergen Repp | c3cf4b6 | 2018-08-22 15:27:59 +0200 | [diff] [blame] | 42 | * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM |
| 43 | did not verify. |
Juergen Repp | f7e5bd3 | 2018-04-26 11:11:32 +0200 | [diff] [blame] | 44 | * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has |
| 45 | * the 'decrypt' attribute bit set. |
| 46 | * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has |
| 47 | * the 'encrypt' attribute bit set. |
| 48 | * @retval TSS2_ESYS_RC_NO_DECRYPT_PARAM: if one of the sessions has the |
| 49 | * 'decrypt' attribute set and the command does not support encryption |
| 50 | * of the first command parameter. |
| 51 | * @retval TSS2_ESYS_RC_NO_ENCRYPT_PARAM: if one of the sessions has the |
| 52 | * 'encrypt' attribute set and the command does not support encryption |
| 53 | * of the first response parameter. |
| 54 | * @retval TSS2_RCs produced by lower layers of the software stack may be |
| 55 | * returned to the caller unaltered unless handled internally. |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 56 | */ |
| 57 | TSS2_RC |
| 58 | Esys_ReadClock( |
| 59 | ESYS_CONTEXT *esysContext, |
| 60 | ESYS_TR shandle1, |
| 61 | ESYS_TR shandle2, |
| 62 | ESYS_TR shandle3, |
| 63 | TPMS_TIME_INFO **currentTime) |
| 64 | { |
Juergen Repp | 3b7b41b | 2018-03-19 15:58:04 +0100 | [diff] [blame] | 65 | TSS2_RC r; |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 66 | |
Juergen Repp | 6698927 | 2018-09-04 11:13:06 +0200 | [diff] [blame^] | 67 | r = Esys_ReadClock_Async(esysContext, shandle1, shandle2, shandle3); |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 68 | return_if_error(r, "Error in async function"); |
| 69 | |
Juergen Repp | add438d | 2018-04-09 10:00:19 +0200 | [diff] [blame] | 70 | /* Set the timeout to indefinite for now, since we want _Finish to block */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 71 | int32_t timeouttmp = esysContext->timeout; |
| 72 | esysContext->timeout = -1; |
| 73 | /* |
| 74 | * Now we call the finish function, until return code is not equal to |
| 75 | * from TSS2_BASE_RC_TRY_AGAIN. |
| 76 | * Note that the finish function may return TSS2_RC_TRY_AGAIN, even if we |
| 77 | * have set the timeout to -1. This occurs for example if the TPM requests |
| 78 | * a retransmission of the command via TPM2_RC_YIELDED. |
| 79 | */ |
| 80 | do { |
Juergen Repp | 6698927 | 2018-09-04 11:13:06 +0200 | [diff] [blame^] | 81 | r = Esys_ReadClock_Finish(esysContext, currentTime); |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 82 | /* This is just debug information about the reattempt to finish the |
| 83 | command */ |
| 84 | if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) |
| 85 | LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32 |
| 86 | " => resubmitting command", r); |
| 87 | } while ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN); |
| 88 | |
| 89 | /* Restore the timeout value to the original value */ |
| 90 | esysContext->timeout = timeouttmp; |
| 91 | return_if_error(r, "Esys Finish"); |
| 92 | |
| 93 | return TSS2_RC_SUCCESS; |
| 94 | } |
| 95 | |
| 96 | /** Asynchronous function for TPM2_ReadClock |
| 97 | * |
| 98 | * This function invokes the TPM2_ReadClock command in a asynchronous |
| 99 | * variant. This means the function will return as soon as the command has been |
| 100 | * sent downwards the stack to the TPM. All input parameters are const. |
Juergen Repp | add438d | 2018-04-09 10:00:19 +0200 | [diff] [blame] | 101 | * In order to retrieve the TPM's response call Esys_ReadClock_Finish. |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 102 | * |
| 103 | * @param[in,out] esysContext The ESYS_CONTEXT. |
Juergen Repp | f7e5bd3 | 2018-04-26 11:11:32 +0200 | [diff] [blame] | 104 | * @param[in] shandle1 First session handle. |
| 105 | * @param[in] shandle2 Second session handle. |
| 106 | * @param[in] shandle3 Third session handle. |
| 107 | * @retval ESYS_RC_SUCCESS if the function call was a success. |
| 108 | * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input |
| 109 | * pointers or required output handle references are NULL. |
| 110 | * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected. |
| 111 | * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for |
| 112 | * internal operations or return parameters. |
| 113 | * @retval TSS2_RCs produced by lower layers of the software stack may be |
| 114 | returned to the caller unaltered unless handled internally. |
| 115 | * @retval TSS2_ESYS_RC_MULTIPLE_DECRYPT_SESSIONS: if more than one session has |
| 116 | * the 'decrypt' attribute bit set. |
| 117 | * @retval TSS2_ESYS_RC_MULTIPLE_ENCRYPT_SESSIONS: if more than one session has |
| 118 | * the 'encrypt' attribute bit set. |
| 119 | * @retval TSS2_ESYS_RC_NO_DECRYPT_PARAM: if one of the sessions has the |
| 120 | * 'decrypt' attribute set and the command does not support encryption |
| 121 | * of the first command parameter. |
| 122 | * @retval TSS2_ESYS_RC_NO_ENCRYPT_PARAM: if one of the sessions has the |
| 123 | * 'encrypt' attribute set and the command does not support encryption |
| 124 | * of the first response parameter. |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 125 | */ |
| 126 | TSS2_RC |
Juergen Repp | add438d | 2018-04-09 10:00:19 +0200 | [diff] [blame] | 127 | Esys_ReadClock_Async( |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 128 | ESYS_CONTEXT *esysContext, |
| 129 | ESYS_TR shandle1, |
| 130 | ESYS_TR shandle2, |
| 131 | ESYS_TR shandle3) |
| 132 | { |
Juergen Repp | 3b7b41b | 2018-03-19 15:58:04 +0100 | [diff] [blame] | 133 | TSS2_RC r; |
Andreas Fuchs | 15bbb67 | 2018-03-27 13:21:13 +0200 | [diff] [blame] | 134 | LOG_TRACE("context=%p", |
| 135 | esysContext); |
Andreas Fuchs | c5a73eb | 2018-03-19 16:01:00 +0100 | [diff] [blame] | 136 | TSS2L_SYS_AUTH_COMMAND auths; |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 137 | |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 138 | /* Check context, sequence correctness and set state to error for now */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 139 | if (esysContext == NULL) { |
| 140 | LOG_ERROR("esyscontext is NULL."); |
| 141 | return TSS2_ESYS_RC_BAD_REFERENCE; |
| 142 | } |
| 143 | r = iesys_check_sequence_async(esysContext); |
| 144 | if (r != TSS2_RC_SUCCESS) |
| 145 | return r; |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 146 | esysContext->state = _ESYS_STATE_INTERNALERROR; |
| 147 | |
| 148 | /* Check and store input parameters */ |
dantpm | f6ef247 | 2018-04-06 15:21:59 -0700 | [diff] [blame] | 149 | r = check_session_feasibility(shandle1, shandle2, shandle3, 0); |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 150 | return_state_if_error(r, _ESYS_STATE_INIT, "Check session usage"); |
| 151 | |
| 152 | /* Initial invocation of SAPI to prepare the command buffer with parameters */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 153 | r = Tss2_Sys_ReadClock_Prepare(esysContext->sys); |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 154 | return_state_if_error(r, _ESYS_STATE_INIT, "SAPI Prepare returned error."); |
| 155 | |
| 156 | /* Calculate the cpHash Values */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 157 | r = init_session_tab(esysContext, shandle1, shandle2, shandle3); |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 158 | return_state_if_error(r, _ESYS_STATE_INIT, "Initialize session resources"); |
| 159 | iesys_compute_session_value(esysContext->session_tab[0], NULL, NULL); |
| 160 | iesys_compute_session_value(esysContext->session_tab[1], NULL, NULL); |
| 161 | iesys_compute_session_value(esysContext->session_tab[2], NULL, NULL); |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 162 | |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 163 | /* Generate the auth values and set them in the SAPI command buffer */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 164 | r = iesys_gen_auths(esysContext, NULL, NULL, NULL, &auths); |
Juergen Repp | 6698927 | 2018-09-04 11:13:06 +0200 | [diff] [blame^] | 165 | return_state_if_error(r, _ESYS_STATE_INIT, |
| 166 | "Error in computation of auth values"); |
| 167 | |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 168 | esysContext->authsCount = auths.count; |
| 169 | r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths); |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 170 | return_state_if_error(r, _ESYS_STATE_INIT, "SAPI error on SetCmdAuths"); |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 171 | |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 172 | /* Trigger execution and finish the async invocation */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 173 | r = Tss2_Sys_ExecuteAsync(esysContext->sys); |
Juergen Repp | 6698927 | 2018-09-04 11:13:06 +0200 | [diff] [blame^] | 174 | return_state_if_error(r, _ESYS_STATE_INTERNALERROR, |
| 175 | "Finish (Execute Async)"); |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 176 | |
| 177 | esysContext->state = _ESYS_STATE_SENT; |
| 178 | |
| 179 | return r; |
| 180 | } |
| 181 | |
| 182 | /** Asynchronous finish function for TPM2_ReadClock |
| 183 | * |
| 184 | * This function returns the results of a TPM2_ReadClock command |
Juergen Repp | add438d | 2018-04-09 10:00:19 +0200 | [diff] [blame] | 185 | * invoked via Esys_ReadClock_Finish. All non-simple output parameters |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 186 | * are allocated by the function's implementation. NULL can be passed for every |
| 187 | * output parameter if the value is not required. |
| 188 | * |
| 189 | * @param[in,out] esysContext The ESYS_CONTEXT. |
Juergen Repp | f7e5bd3 | 2018-04-26 11:11:32 +0200 | [diff] [blame] | 190 | * @param[out] currentTime . |
| 191 | * (callee-allocated) |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 192 | * @retval TSS2_RC_SUCCESS on success |
Juergen Repp | f7e5bd3 | 2018-04-26 11:11:32 +0200 | [diff] [blame] | 193 | * @retval ESYS_RC_SUCCESS if the function call was a success. |
| 194 | * @retval TSS2_ESYS_RC_BAD_REFERENCE if the esysContext or required input |
| 195 | * pointers or required output handle references are NULL. |
| 196 | * @retval TSS2_ESYS_RC_BAD_CONTEXT: if esysContext corruption is detected. |
| 197 | * @retval TSS2_ESYS_RC_MEMORY: if the ESAPI cannot allocate enough memory for |
| 198 | * internal operations or return parameters. |
| 199 | * @retval TSS2_ESYS_RC_BAD_SEQUENCE: if the context has an asynchronous |
| 200 | * operation already pending. |
| 201 | * @retval TSS2_ESYS_RC_TRY_AGAIN: if the timeout counter expires before the |
| 202 | * TPM response is received. |
| 203 | * @retval TSS2_ESYS_RC_INSUFFICIENT_RESPONSE: if the TPM's response does not |
Juergen Repp | c3cf4b6 | 2018-08-22 15:27:59 +0200 | [diff] [blame] | 204 | * at least contain the tag, response length, and response code. |
| 205 | * @retval TSS2_ESYS_RC_RSP_AUTH_FAILED: if the response HMAC from the TPM did |
| 206 | * not verify. |
Juergen Repp | f7e5bd3 | 2018-04-26 11:11:32 +0200 | [diff] [blame] | 207 | * @retval TSS2_ESYS_RC_MALFORMED_RESPONSE: if the TPM's response is corrupted. |
| 208 | * @retval TSS2_RCs produced by lower layers of the software stack may be |
| 209 | * returned to the caller unaltered unless handled internally. |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 210 | */ |
| 211 | TSS2_RC |
Juergen Repp | add438d | 2018-04-09 10:00:19 +0200 | [diff] [blame] | 212 | Esys_ReadClock_Finish( |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 213 | ESYS_CONTEXT *esysContext, |
| 214 | TPMS_TIME_INFO **currentTime) |
| 215 | { |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 216 | TSS2_RC r; |
Andreas Fuchs | 15bbb67 | 2018-03-27 13:21:13 +0200 | [diff] [blame] | 217 | LOG_TRACE("context=%p, currentTime=%p", |
| 218 | esysContext, currentTime); |
| 219 | |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 220 | if (esysContext == NULL) { |
| 221 | LOG_ERROR("esyscontext is NULL."); |
| 222 | return TSS2_ESYS_RC_BAD_REFERENCE; |
| 223 | } |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 224 | |
| 225 | /* Check for correct sequence and set sequence to irregular for now */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 226 | if (esysContext->state != _ESYS_STATE_SENT) { |
| 227 | LOG_ERROR("Esys called in bad sequence."); |
| 228 | return TSS2_ESYS_RC_BAD_SEQUENCE; |
| 229 | } |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 230 | esysContext->state = _ESYS_STATE_INTERNALERROR; |
| 231 | |
| 232 | /* Allocate memory for response parameters */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 233 | if (currentTime != NULL) { |
| 234 | *currentTime = calloc(sizeof(TPMS_TIME_INFO), 1); |
| 235 | if (*currentTime == NULL) { |
| 236 | return_error(TSS2_ESYS_RC_MEMORY, "Out of memory"); |
| 237 | } |
| 238 | } |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 239 | |
| 240 | /*Receive the TPM response and handle resubmissions if necessary. */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 241 | r = Tss2_Sys_ExecuteFinish(esysContext->sys, esysContext->timeout); |
| 242 | if ((r & ~TSS2_RC_LAYER_MASK) == TSS2_BASE_RC_TRY_AGAIN) { |
| 243 | LOG_DEBUG("A layer below returned TRY_AGAIN: %" PRIx32, r); |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 244 | esysContext->state = _ESYS_STATE_SENT; |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 245 | goto error_cleanup; |
| 246 | } |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 247 | /* This block handle the resubmission of TPM commands given a certain set of |
| 248 | * TPM response codes. */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 249 | if (r == TPM2_RC_RETRY || r == TPM2_RC_TESTING || r == TPM2_RC_YIELDED) { |
| 250 | LOG_DEBUG("TPM returned RETRY, TESTING or YIELDED, which triggers a " |
| 251 | "resubmission: %" PRIx32, r); |
Andreas Fuchs | 631d7e6 | 2018-03-19 10:54:56 +0100 | [diff] [blame] | 252 | if (esysContext->submissionCount >= _ESYS_MAX_SUBMISSIONS) { |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 253 | LOG_WARNING("Maximum number of (re)submissions has been reached."); |
| 254 | esysContext->state = _ESYS_STATE_INIT; |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 255 | goto error_cleanup; |
| 256 | } |
| 257 | esysContext->state = _ESYS_STATE_RESUBMISSION; |
Juergen Repp | 6698927 | 2018-09-04 11:13:06 +0200 | [diff] [blame^] | 258 | r = Esys_ReadClock_Async(esysContext, esysContext->session_type[0], |
| 259 | esysContext->session_type[1], |
| 260 | esysContext->session_type[2]); |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 261 | if (r != TSS2_RC_SUCCESS) { |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 262 | LOG_WARNING("Error attempting to resubmit"); |
| 263 | /* We do not set esysContext->state here but inherit the most recent |
| 264 | * state of the _async function. */ |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 265 | goto error_cleanup; |
| 266 | } |
| 267 | r = TSS2_ESYS_RC_TRY_AGAIN; |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 268 | LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN."); |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 269 | goto error_cleanup; |
| 270 | } |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 271 | /* The following is the "regular error" handling. */ |
Juergen Repp | 033da11 | 2018-07-10 13:06:18 +0200 | [diff] [blame] | 272 | if (iesys_tpm_error(r)) { |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 273 | LOG_WARNING("Received TPM Error"); |
| 274 | esysContext->state = _ESYS_STATE_INIT; |
| 275 | goto error_cleanup; |
| 276 | } else if (r != TSS2_RC_SUCCESS) { |
| 277 | LOG_ERROR("Received a non-TPM Error"); |
| 278 | esysContext->state = _ESYS_STATE_INTERNALERROR; |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 279 | goto error_cleanup; |
| 280 | } |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 281 | |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 282 | /* |
| 283 | * Now the verification of the response (hmac check) and if necessary the |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 284 | * parameter decryption have to be done. |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 285 | */ |
Juergen Repp | 109de7d | 2018-02-23 13:42:08 +0100 | [diff] [blame] | 286 | r = iesys_check_response(esysContext); |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 287 | goto_state_if_error(r, _ESYS_STATE_INTERNALERROR, "Error: check response", |
Juergen Repp | 6698927 | 2018-09-04 11:13:06 +0200 | [diff] [blame^] | 288 | error_cleanup); |
| 289 | |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 290 | /* |
| 291 | * After the verification of the response we call the complete function |
| 292 | * to deliver the result. |
| 293 | */ |
| 294 | r = Tss2_Sys_ReadClock_Complete(esysContext->sys, |
Juergen Repp | 6698927 | 2018-09-04 11:13:06 +0200 | [diff] [blame^] | 295 | (currentTime != NULL) ? *currentTime |
| 296 | : NULL); |
| 297 | goto_state_if_error(r, _ESYS_STATE_INTERNALERROR, |
| 298 | "Received error from SAPI unmarshaling" , |
| 299 | error_cleanup); |
| 300 | |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 301 | esysContext->state = _ESYS_STATE_INIT; |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 302 | |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 303 | return TSS2_RC_SUCCESS; |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 304 | |
| 305 | error_cleanup: |
| 306 | if (currentTime != NULL) |
| 307 | SAFE_FREE(*currentTime); |
Andreas Fuchs | 4d9961e | 2018-03-20 15:51:48 +0100 | [diff] [blame] | 308 | |
Juergen Repp | ff821bd | 2017-12-11 15:21:42 +0100 | [diff] [blame] | 309 | return r; |
Philip Tricca | 910f17c | 2018-03-15 12:38:37 -0700 | [diff] [blame] | 310 | } |