TSS2_RC GenerateSessionEncryptDecryptKey( SESSION *session, TPM2B_MAX_BUFFER *cfbKey, TPM2B_IV *ivIn, TPM2B_AUTH *authValue )
{
TSS2_RC rval = TSS2_RC_SUCCESS;
UINT32 blockSize;
TPM2B_MAX_BUFFER key, sessionValue;
rval = GetBlockSizeInBits( session->symmetric.algorithm, &blockSize );
CopySizedByteBuffer( &sessionValue.b, &session->sessionKey.b );
CatSizedByteBuffer( &sessionValue.b, &authValue->b );
if( rval == TSS2_RC_SUCCESS )
{
key.t.size = sizeof( key ) - 2;
rval = KDFa( session->authHash, &( sessionValue.b ), "CFB", &( session->nonceNewer.b ),
&( session->nonceOlder.b ), session->symmetric.keyBits.sym + blockSize, &key );
if( rval == TSS2_RC_SUCCESS )
{
if( key.t.size == ( session->symmetric.keyBits.sym + blockSize ) / 8 )
{
if( ivIn != 0 && cfbKey != 0 )
{
ivIn->t.size = blockSize / 8;
cfbKey->t.size = (session->symmetric.keyBits.sym) / 8;
if( ( ivIn->t.size <= sizeof( ivIn->t.buffer ) ) &&
( ( cfbKey->t.size + ivIn->t.size ) <= MAX_DIGEST_BUFFER ) &&
( cfbKey->t.size <= MAX_DIGEST_BUFFER ) )
{
memcpy( (void *)&ivIn->t.buffer[0],
(void *)&( key.t.buffer[ cfbKey->t.size ] ),
ivIn->t.size );
memcpy( (void *)&cfbKey->t.buffer[0], (void *)&key.t.buffer[0],
cfbKey->t.size );
}
else
{
rval = APPLICATION_ERROR( TSS2_BASE_RC_INSUFFICIENT_BUFFER );
}
}
else
{
rval = APPLICATION_ERROR( TSS2_BASE_RC_INSUFFICIENT_BUFFER );
}
}
}
}
return rval;
}
TSS2_RC EncryptDecryptXOR( SESSION *session, TPM2B_MAX_BUFFER *outputData, TPM2B_MAX_BUFFER *inputData, TPM2B_AUTH *authValue )
{
TSS2_RC rval = TSS2_RC_SUCCESS;
TPM2B_MAX_BUFFER key, mask;
int i;
CopySizedByteBuffer( &key.b, &session->sessionKey.b );
CatSizedByteBuffer( &key.b, &authValue->b );
rval = KDFa( session->authHash, &key.b, "XOR", &session->nonceNewer.b, &session->nonceOlder.b, inputData->t.size * 8, &mask );
if( rval == TSS2_RC_SUCCESS )
{
for( i = 0; i < inputData->t.size; i++ )
{
outputData->t.buffer[i] = inputData->t.buffer[i] ^ mask.t.buffer[i];
}
outputData->t.size = inputData->t.size;
}
return rval;
}
//
// This is a wrapper function around the TPM2_StartAuthSession command.
// It performs the command, calculates the session key, and updates a
// SESSION structure.
//
TPM_RC StartAuthSession( SESSION *session )
{
TPM_RC rval;
TPM2B_ENCRYPTED_SECRET key;
char label[] = "ATH";
TSS2_SYS_CONTEXT *tmpSysContext;
UINT16 bytes;
int i;
key.t.size = 0;
tmpSysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
if( tmpSysContext == 0 )
return TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED;
if( session->nonceOlder.t.size == 0 )
{
session->nonceOlder.t.size = GetDigestSize( TPM_ALG_SHA1 );
for( i = 0; i < session->nonceOlder.t.size; i++ )
session->nonceOlder.t.buffer[i] = 0;
}
session->nonceNewer.t.size = session->nonceOlder.t.size;
rval = Tss2_Sys_StartAuthSession( tmpSysContext, session->tpmKey, session->bind, 0,
&( session->nonceOlder ), &( session->encryptedSalt ), session->sessionType,
&( session->symmetric ), session->authHash, &( session->sessionHandle ),
&( session->nonceNewer ), 0 );
if( rval == TPM_RC_SUCCESS )
{
if( session->tpmKey == TPM_RH_NULL )
session->salt.t.size = 0;
if( session->bind == TPM_RH_NULL )
session->authValueBind.t.size = 0;
if( session->tpmKey == TPM_RH_NULL && session->bind == TPM_RH_NULL )
{
session->sessionKey.b.size = 0;
}
else
{
// Generate the key used as input to the KDF.
rval = ConcatSizedByteBuffer( (TPM2B_MAX_BUFFER *)&key, &( session->authValueBind.b ) );
if( rval != TPM_RC_SUCCESS )
{
TeardownSysContext( &tmpSysContext );
return( rval );
}
rval = ConcatSizedByteBuffer( (TPM2B_MAX_BUFFER *)&key, &( session->salt.b ) );
if( rval != TPM_RC_SUCCESS )
{
TeardownSysContext( &tmpSysContext );
return( rval );
}
bytes = GetDigestSize( session->authHash );
if( key.t.size == 0 )
{
session->sessionKey.t.size = 0;
}
else
{
rval = KDFa( session->authHash, &(key.b), label, &( session->nonceNewer.b ),
&( session->nonceOlder.b ), bytes * 8, (TPM2B_MAX_BUFFER *)&( session->sessionKey ) );
}
if( rval != TPM_RC_SUCCESS )
{
TeardownSysContext( &tmpSysContext );
return( TSS2_APP_RC_CREATE_SESSION_KEY_FAILED );
}
}
session->nonceTpmDecrypt.b.size = 0;
session->nonceTpmEncrypt.b.size = 0;
session->nvNameChanged = 0;
}
TeardownSysContext( &tmpSysContext );
return rval;
}
