sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: Clear AuthSession content after use.

Browse Source 
Some commands in Tpm2CommandLib accept AuthSession
as input parameter and copy to local command buffer.
After use, this AuthSession content should be zeroed,
because there might be some secrete there.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19635 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Yao, Jiewen
2016-01-11 05:18:32 +00:00
committed by jyao1
parent f1e95ab817
commit 7ae130da85
6 changed files with 333 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
View File

@ -1,7 +1,7 @@
/** @file
Implement TPM2 Hierarchy related command.
Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -186,19 +186,27 @@ Tpm2SetPrimaryPolicy (
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
goto Done;
}
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
Status = EFI_DEVICE_ERROR;
goto Done;
}
return EFI_SUCCESS;
Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof(SendBuffer));
ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
return Status;
}
/**
@ -246,12 +254,13 @@ Tpm2Clear (
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
return Status;
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
DEBUG ((EFI_D_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
//
@ -260,7 +269,8 @@ Tpm2Clear (
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
DEBUG ((EFI_D_ERROR, "Clear: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
//
@ -268,7 +278,8 @@ Tpm2Clear (
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((EFI_D_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
Status = EFI_DEVICE_ERROR;
goto Done;
}
//
@ -276,8 +287,13 @@ Tpm2Clear (
//
// None
return EFI_SUCCESS;
Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
return Status;
}
/**
@ -332,12 +348,13 @@ Tpm2ClearControl (
ResultBufSize = sizeof(Res);
Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res);
if (EFI_ERROR(Status)) {
return Status;
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
DEBUG ((EFI_D_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
//
@ -346,7 +363,8 @@ Tpm2ClearControl (
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
DEBUG ((EFI_D_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
//
@ -354,7 +372,8 @@ Tpm2ClearControl (
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((EFI_D_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
Status = EFI_DEVICE_ERROR;
goto Done;
}
//
@ -362,8 +381,13 @@ Tpm2ClearControl (
//
// None
return EFI_SUCCESS;
Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
return Status;
}
/**
@ -436,10 +460,14 @@ Tpm2HierarchyChangeAuth (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
//
@ -448,7 +476,8 @@ Tpm2HierarchyChangeAuth (
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
//
@ -456,10 +485,17 @@ Tpm2HierarchyChangeAuth (
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((EFI_D_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
Status = EFI_DEVICE_ERROR;
goto Done;
}
return EFI_SUCCESS;
Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
return Status;
}
/**
@ -522,10 +558,14 @@ Tpm2ChangeEPS (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
DEBUG ((EFI_D_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
//
@ -534,7 +574,8 @@ Tpm2ChangeEPS (
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
DEBUG ((EFI_D_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
//
@ -542,10 +583,17 @@ Tpm2ChangeEPS (
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((EFI_D_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
Status = EFI_DEVICE_ERROR;
goto Done;
}
return EFI_SUCCESS;
Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
return Status;
}
/**
@ -608,10 +656,14 @@ Tpm2ChangePPS (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
DEBUG ((EFI_D_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
//
@ -620,7 +672,8 @@ Tpm2ChangePPS (
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
DEBUG ((EFI_D_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
//
@ -628,10 +681,17 @@ Tpm2ChangePPS (
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((EFI_D_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
Status = EFI_DEVICE_ERROR;
goto Done;
}
return EFI_SUCCESS;
Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
return Status;
}
/**
@ -704,10 +764,14 @@ Tpm2HierarchyControl (
&ResultBufSize,
ResultBuf
);
if (EFI_ERROR(Status)) {
goto Done;
}
if (ResultBufSize > sizeof(Res)) {
DEBUG ((EFI_D_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
//
@ -716,7 +780,8 @@ Tpm2HierarchyControl (
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
DEBUG ((EFI_D_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
//
@ -724,8 +789,15 @@ Tpm2HierarchyControl (
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG((EFI_D_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
Status = EFI_DEVICE_ERROR;
goto Done;
}
return EFI_SUCCESS;
Done:
//
// Clear AuthSession Content
//
ZeroMem (&Cmd, sizeof(Cmd));
ZeroMem (&Res, sizeof(Res));
return Status;
}