TSS2_RC GenerateSessionEncryptDecryptKey( SESSION *session, TPM2B_MAX_BUFFER *cfbKey, TPM2B_IV *ivIn, TPM2B_AUTH *authValue ) { TSS2_RC rval = TSS2_RC_SUCCESS; UINT32 blockSize; TPM2B_MAX_BUFFER key, sessionValue; rval = GetBlockSizeInBits( session->symmetric.algorithm, &blockSize ); CopySizedByteBuffer( &sessionValue.b, &session->sessionKey.b ); CatSizedByteBuffer( &sessionValue.b, &authValue->b ); if( rval == TSS2_RC_SUCCESS ) { key.t.size = sizeof( key ) - 2; rval = KDFa( session->authHash, &( sessionValue.b ), "CFB", &( session->nonceNewer.b ), &( session->nonceOlder.b ), session->symmetric.keyBits.sym + blockSize, &key ); if( rval == TSS2_RC_SUCCESS ) { if( key.t.size == ( session->symmetric.keyBits.sym + blockSize ) / 8 ) { if( ivIn != 0 && cfbKey != 0 ) { ivIn->t.size = blockSize / 8; cfbKey->t.size = (session->symmetric.keyBits.sym) / 8; if( ( ivIn->t.size <= sizeof( ivIn->t.buffer ) ) && ( ( cfbKey->t.size + ivIn->t.size ) <= MAX_DIGEST_BUFFER ) && ( cfbKey->t.size <= MAX_DIGEST_BUFFER ) ) { memcpy( (void *)&ivIn->t.buffer[0], (void *)&( key.t.buffer[ cfbKey->t.size ] ), ivIn->t.size ); memcpy( (void *)&cfbKey->t.buffer[0], (void *)&key.t.buffer[0], cfbKey->t.size ); } else { rval = APPLICATION_ERROR( TSS2_BASE_RC_INSUFFICIENT_BUFFER ); } } else { rval = APPLICATION_ERROR( TSS2_BASE_RC_INSUFFICIENT_BUFFER ); } } } } return rval; }
TSS2_RC EncryptDecryptXOR( SESSION *session, TPM2B_MAX_BUFFER *outputData, TPM2B_MAX_BUFFER *inputData, TPM2B_AUTH *authValue ) { TSS2_RC rval = TSS2_RC_SUCCESS; TPM2B_MAX_BUFFER key, mask; int i; CopySizedByteBuffer( &key.b, &session->sessionKey.b ); CatSizedByteBuffer( &key.b, &authValue->b ); rval = KDFa( session->authHash, &key.b, "XOR", &session->nonceNewer.b, &session->nonceOlder.b, inputData->t.size * 8, &mask ); if( rval == TSS2_RC_SUCCESS ) { for( i = 0; i < inputData->t.size; i++ ) { outputData->t.buffer[i] = inputData->t.buffer[i] ^ mask.t.buffer[i]; } outputData->t.size = inputData->t.size; } return rval; }
// // This is a wrapper function around the TPM2_StartAuthSession command. // It performs the command, calculates the session key, and updates a // SESSION structure. // TPM_RC StartAuthSession( SESSION *session ) { TPM_RC rval; TPM2B_ENCRYPTED_SECRET key; char label[] = "ATH"; TSS2_SYS_CONTEXT *tmpSysContext; UINT16 bytes; int i; key.t.size = 0; tmpSysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion ); if( tmpSysContext == 0 ) return TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED; if( session->nonceOlder.t.size == 0 ) { session->nonceOlder.t.size = GetDigestSize( TPM_ALG_SHA1 ); for( i = 0; i < session->nonceOlder.t.size; i++ ) session->nonceOlder.t.buffer[i] = 0; } session->nonceNewer.t.size = session->nonceOlder.t.size; rval = Tss2_Sys_StartAuthSession( tmpSysContext, session->tpmKey, session->bind, 0, &( session->nonceOlder ), &( session->encryptedSalt ), session->sessionType, &( session->symmetric ), session->authHash, &( session->sessionHandle ), &( session->nonceNewer ), 0 ); if( rval == TPM_RC_SUCCESS ) { if( session->tpmKey == TPM_RH_NULL ) session->salt.t.size = 0; if( session->bind == TPM_RH_NULL ) session->authValueBind.t.size = 0; if( session->tpmKey == TPM_RH_NULL && session->bind == TPM_RH_NULL ) { session->sessionKey.b.size = 0; } else { // Generate the key used as input to the KDF. rval = ConcatSizedByteBuffer( (TPM2B_MAX_BUFFER *)&key, &( session->authValueBind.b ) ); if( rval != TPM_RC_SUCCESS ) { TeardownSysContext( &tmpSysContext ); return( rval ); } rval = ConcatSizedByteBuffer( (TPM2B_MAX_BUFFER *)&key, &( session->salt.b ) ); if( rval != TPM_RC_SUCCESS ) { TeardownSysContext( &tmpSysContext ); return( rval ); } bytes = GetDigestSize( session->authHash ); if( key.t.size == 0 ) { session->sessionKey.t.size = 0; } else { rval = KDFa( session->authHash, &(key.b), label, &( session->nonceNewer.b ), &( session->nonceOlder.b ), bytes * 8, (TPM2B_MAX_BUFFER *)&( session->sessionKey ) ); } if( rval != TPM_RC_SUCCESS ) { TeardownSysContext( &tmpSysContext ); return( TSS2_APP_RC_CREATE_SESSION_KEY_FAILED ); } } session->nonceTpmDecrypt.b.size = 0; session->nonceTpmEncrypt.b.size = 0; session->nvNameChanged = 0; } TeardownSysContext( &tmpSysContext ); return rval; }