Fixes for properly setting auth (needs to include name for HMAC cpHash/rpHash calculation). Fix for sessionAttributes when command / response doesn't support it. Fixes for the TLS client / server examples. Added back the useful param enc / hmac debugging enabled with `--enable-debug=verbose`.

examples/tls/tls_client.c

@@ -130,9 +130,11 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
     sockIoCtx.fd = -1;
     XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));
 #ifndef NO_RSA
+    XMEMSET(&rsaKey, 0, sizeof(rsaKey));
     XMEMSET(&wolfRsaKey, 0, sizeof(wolfRsaKey));
 #endif
 #ifdef HAVE_ECC
+    XMEMSET(&eccKey, 0, sizeof(eccKey));
     XMEMSET(&wolfEccKey, 0, sizeof(wolfEccKey));
 #endif
     XMEMSET(&tpmSession, 0, sizeof(tpmSession));
@@ -523,6 +525,7 @@ exit:
     wc_ecc_free(&wolfEccKey);
     wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
 #endif
+    wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
 
     wolfSSL_shutdown(ssl);
 

examples/tls/tls_server.c

@@ -137,10 +137,16 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
     sockIoCtx.fd = -1;
     XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));
 #ifndef NO_RSA
+    XMEMSET(&rsaKey, 0, sizeof(rsaKey));
     XMEMSET(&wolfRsaKey, 0, sizeof(wolfRsaKey));
 #endif
 #ifdef HAVE_ECC
+    XMEMSET(&eccKey, 0, sizeof(eccKey));
     XMEMSET(&wolfEccKey, 0, sizeof(wolfEccKey));
+    #ifndef WOLFTPM2_USE_SW_ECDHE
+    /* Ephemeral Key */
+    XMEMSET(&ecdhKey, 0, sizeof(ecdhKey));
+    #endif
 #endif
     XMEMSET(&tpmSession, 0, sizeof(tpmSession));
 
@@ -236,7 +242,6 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
 
     #ifndef WOLFTPM2_USE_SW_ECDHE
     /* Ephemeral Key */
-    XMEMSET(&ecdhKey, 0, sizeof(ecdhKey));
     tpmCtx.ecdhKey = &ecdhKey;
     #endif
 #endif /* HAVE_ECC */
@@ -497,6 +502,7 @@ exit:
     wc_ecc_free(&wolfEccKey);
     wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
 #endif
+    wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
 
     wolfTPM2_Cleanup(&dev);
 

examples/wrap/wrap_test.c

@@ -121,6 +121,8 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
     WOLFTPM2_SESSION tpmSession;
 
+    XMEMSET(&aesKey, 0, sizeof(aesKey));
+    XMEMSET(&publicKey, 0, sizeof(publicKey));
 #ifndef WOLFTPM2_NO_WOLFCRYPT
 #ifndef NO_RSA
     XMEMSET(&wolfRsaPubKey, 0, sizeof(wolfRsaPubKey));
@@ -415,6 +417,7 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
 
     /* Close TPM session based on RSA storage key */
     wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
+    wolfTPM2_SetAuthSession(&dev, 1, NULL, 0); /* clear auth session */
 
 
     /*------------------------------------------------------------------------*/
@@ -462,6 +465,7 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
             storageKey.handle.auth.size);
     }
 
+#if 0 /* disabled until ECC Encrypted salt is added */
     /* Start an authenticated session (salted / unbound) with parameter encryption */
     if (paramEncAlg != TPM_ALG_NULL) {
         rc = wolfTPM2_StartSession(&dev, &tpmSession, &storageKey, NULL,
@@ -475,6 +479,7 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
             (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
         if (rc != 0) goto exit;
     }
+#endif
 
     /* Create an ECC key for ECDSA */
     rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
@@ -630,9 +635,11 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
     if (rc != 0) goto exit;
 
+#if 0 /* disabled until ECC Encrypted salt is added */
     /* Close TPM session based on ECC storage key */
     wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
-
+    wolfTPM2_SetAuthSession(&dev, 1, NULL, 0); /* clear auth session */
+#endif
 
     /*------------------------------------------------------------------------*/
     /* NV TESTS */
@@ -792,7 +799,6 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     /*------------------------------------------------------------------------*/
     /* ENCRYPT/DECRYPT TESTS */
     /*------------------------------------------------------------------------*/
-    XMEMSET(&aesKey, 0, sizeof(aesKey));
     rc = wolfTPM2_LoadSymmetricKey(&dev, &aesKey, TEST_AES_MODE,
         TEST_AES_KEY, (word32)sizeof(TEST_AES_KEY));
     if (rc != 0) goto exit;
@@ -904,6 +910,7 @@ exit:
     wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
     wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
     wolfTPM2_UnloadHandle(&dev, &ekKey.handle);
+    wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
 
     wolfTPM2_Shutdown(&dev, 0); /* 0=just shutdown, no startup */
 

src/tpm2.c

@@ -175,7 +175,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
             }
 
             /* Handle session request for encryption */
-            if (encParam && session->sessionAttributes & TPMA_SESSION_decrypt) {
+            if (encParam && authCmd.sessionAttributes & TPMA_SESSION_decrypt) {
                 /* Encrypt the first command parameter */
                 rc = TPM2_ParamEnc_CmdRequest(session, encParam, encParamSz);
                 if (rc != TPM_RC_SUCCESS) {
@@ -210,7 +210,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
             /* this is done after encryption */
             rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash, 
                 &session->nonceCaller, &session->nonceTPM, 
-                session->sessionAttributes, &authCmd.hmac);
+                authCmd.sessionAttributes, &authCmd.hmac);
             if (rc != TPM_RC_SUCCESS) {
             #ifdef DEBUG_WOLFTPM
                 printf("Error calculating command HMAC!\n");
@@ -302,7 +302,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
                 /* Calculate HMAC prior to decryption */
                 rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash, 
                     &session->nonceTPM, &session->nonceCaller, 
-                    session->sessionAttributes, &hmac);
+                    authRsp.sessionAttributes, &hmac);
                 if (rc != TPM_RC_SUCCESS) {
                 #ifdef DEBUG_WOLFTPM
                     printf("Error calculating response HMAC!\n");
@@ -323,7 +323,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
 
             /* Handle session request for decryption */
             /* If the response supports decryption */
-            if (decParam && session->sessionAttributes & TPMA_SESSION_encrypt) {
+            if (decParam && authRsp.sessionAttributes & TPMA_SESSION_encrypt) {
                 /* Decrypt the first response parameter */
                 rc = TPM2_ParamDec_CmdResponse(session, decParam, decParamSz);
                 if (rc != TPM_RC_SUCCESS) {
@@ -5282,6 +5282,10 @@ int TPM2_GetName(TPM2_CTX* ctx, int handleCnt, int idx, TPM2B_NAME* name)
         name->size = session->name.size;
         XMEMCPY(name->name, session->name.name, name->size);
     }
+#ifdef WOLFTPM_DEBUG_VERBOSE
+    printf("Name %d: %d\n", idx, name->size);
+    TPM2_PrintBin(name->name, name->size);
+#endif
     return TPM_RC_SUCCESS;
 }
 

src/tpm2_param_enc.c

@@ -286,6 +286,12 @@ static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
         return TPM_RC_FAILURE;
     }
 
+#ifdef WOLFTPM_DEBUG_VERBOSE
+    printf("AES Enc Key %d, IV %d\n", symKeySz, symKeyIvSz);
+    TPM2_PrintBin(symKey, symKeySz);
+    TPM2_PrintBin(&symKey[symKeySz], symKeyIvSz);
+#endif
+
     /* Perform AES CFB Encryption */
     rc = wc_AesInit(&enc, NULL, INVALID_DEVID);
     if (rc == 0) {
@@ -325,6 +331,12 @@ static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
         return TPM_RC_FAILURE;
     }
 
+#ifdef WOLFTPM_DEBUG_VERBOSE
+    printf("AES Dec Key %d, IV %d\n", symKeySz, symKeyIvSz);
+    TPM2_PrintBin(symKey, symKeySz);
+    TPM2_PrintBin(&symKey[symKeySz], symKeyIvSz);
+#endif
+
     /* Perform AES CFB Decryption */
     rc = wc_AesInit(&dec, NULL, INVALID_DEVID);
     if (rc == 0) {
@@ -386,6 +398,11 @@ int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
         wc_HashFree(&hash_ctx, hashType);
     }
 
+#ifdef WOLFTPM_DEBUG_VERBOSE
+    printf("cpHash: cmd %x, size %d\n", cmdCode, hash->size);
+    TPM2_PrintBin(hash->buffer, hash->size);
+#endif
+
     return rc;
 }
 
@@ -430,6 +447,11 @@ int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
         wc_HashFree(&hash_ctx, hashType);
     }
 
+#ifdef WOLFTPM_DEBUG_VERBOSE
+    printf("rpHash: cmd %x, size %d\n", cmdCode, hash->size);
+    TPM2_PrintBin(hash->buffer, hash->size);
+#endif
+
     return rc;
 }
 
@@ -455,9 +477,14 @@ int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
     rc = wc_HmacInit(&hmac_ctx, NULL, INVALID_DEVID);
     if (rc != 0)
         return rc;
+
     /* start HMAC - sessionKey || authValue */
     /* TODO: Handle "authValue" case "a value that is found in the sensitive area of an entity" */
     if (auth) {
+#ifdef WOLFTPM_DEBUG_VERBOSE
+    printf("HMAC Key: %d\n", auth->size);
+    TPM2_PrintBin(auth->buffer, auth->size);
+#endif
         rc = wc_HmacSetKey(&hmac_ctx, hashType, auth->buffer, auth->size);
     }
     else {
@@ -488,6 +515,11 @@ int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
         rc = wc_HmacFinal(&hmac_ctx, hmac->buffer);
     wc_HmacFree(&hmac_ctx);
 
+#ifdef WOLFTPM_DEBUG_VERBOSE
+    printf("HMAC Auth: attrib %x, size %d\n", sessionAttributes, hmac->size);
+    TPM2_PrintBin(hmac->buffer, hmac->size);
+#endif
+
     return rc;
 }
 #endif /* !WOLFTPM2_NO_WOLFCRYPT */
@@ -497,6 +529,16 @@ TPM_RC TPM2_ParamEnc_CmdRequest(TPM2_AUTH_SESSION *session,
 {
     TPM_RC rc = TPM_RC_FAILURE;
 
+ #ifdef WOLFTPM_DEBUG_VERBOSE
+    printf("CmdEnc Session Key %d\n", session->auth.size);
+    TPM2_PrintBin(session->auth.buffer, session->auth.size);
+    printf("CmdEnc Nonce caller %d\n", session->nonceCaller.size);
+    TPM2_PrintBin(session->nonceCaller.buffer, session->nonceCaller.size);
+    printf("CmdEnc Nonce TPM %d\n", session->nonceTPM.size);
+    TPM2_PrintBin(session->nonceTPM.buffer, session->nonceTPM.size);
+ #endif
+
+
     if (session->symmetric.algorithm == TPM_ALG_XOR) {
         rc = TPM2_ParamEnc_XOR(session, &session->auth, &session->nonceCaller,
             &session->nonceTPM, paramData, paramSz);
@@ -517,6 +559,15 @@ TPM_RC TPM2_ParamDec_CmdResponse(TPM2_AUTH_SESSION *session,
 {
     TPM_RC rc = TPM_RC_FAILURE;
 
+#ifdef WOLFTPM_DEBUG_VERBOSE
+    printf("RspDec Session Key %d\n", session->auth.size);
+    TPM2_PrintBin(session->auth.buffer, session->auth.size);
+    printf("RspDec Nonce caller %d\n", session->nonceCaller.size);
+    TPM2_PrintBin(session->nonceCaller.buffer, session->nonceCaller.size);
+    printf("RspDec Nonce TPM %d\n", session->nonceTPM.size);
+    TPM2_PrintBin(session->nonceTPM.buffer, session->nonceTPM.size);
+ #endif
+
     if (session->symmetric.algorithm == TPM_ALG_XOR) {
         rc = TPM2_ParamDec_XOR(session, &session->auth, &session->nonceCaller,
             &session->nonceTPM, paramData, paramSz);

src/tpm2_wrap.c

@@ -424,6 +424,12 @@ int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
         return BAD_FUNC_ARG;
     }
 
+    if (tpmSession == NULL) {
+        /* clearing auth session */
+        XMEMSET(&dev->session[index], 0, sizeof(TPM2_AUTH_SESSION));
+        return TPM_RC_SUCCESS;
+    }
+
     rc = wolfTPM2_SetAuth(dev, index, tpmSession->handle.hndl,
         &tpmSession->handle.auth, sessionAttributes, NULL);
     if (rc == TPM_RC_SUCCESS) {
@@ -575,6 +581,11 @@ int wolfTPM2_EncryptSalt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
         return rc;
     }
 
+#ifdef WOLFTPM_DEBUG_VERBOSE
+    printf("Session Salt %d\n", salt->size);
+    TPM2_PrintBin(salt->buffer, salt->size);
+#endif
+
     switch (tpmKey->pub.publicArea.type) {
     #ifdef HAVE_ECC
         case TPM_ALG_ECC:
@@ -712,6 +723,12 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
         rc = TPM_RC_SUCCESS;
     }
 
+#ifdef WOLFTPM_DEBUG_VERBOSE
+    printf("Session Key %d\n", session->handle.auth.size);
+    TPM2_PrintBin(session->handle.auth.buffer, session->handle.auth.size);
+#endif
+
+
     /* return session */
     session->type = authSesIn.sessionType;
     session->authHash = authSesIn.authHash;
@@ -919,7 +936,7 @@ int wolfTPM2_LoadKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEYBLOB* keyBlob,
 
     /* set session auth for parent key */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = parent->auth;
+        wolfTPM2_SetAuthHandle(dev, 0, parent);
     }
 
     /* Load new key */
@@ -2178,9 +2195,7 @@ int wolfTPM2_ECDHGenZ(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* privKey,
 
     /* set session auth for key */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = privKey->handle.auth;
-        dev->ctx.session[0].symmetric =
-            privKey->pub.publicArea.parameters.eccDetail.symmetric;
+        wolfTPM2_SetAuthHandle(dev, 0, &privKey->handle);
     }
 
     XMEMSET(&ecdhZIn, 0, sizeof(ecdhZIn));
@@ -2262,9 +2277,7 @@ int wolfTPM2_ECDHEGenZ(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* parentKey,
 
     /* set session auth for key */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = parentKey->handle.auth;
-        dev->ctx.session[0].symmetric =
-            parentKey->pub.publicArea.parameters.eccDetail.symmetric;
+        wolfTPM2_SetAuthHandle(dev, 0, &parentKey->handle);
     }
 
     XMEMSET(&inZGen2Ph, 0, sizeof(inZGen2Ph));
@@ -2310,9 +2323,7 @@ int wolfTPM2_RsaEncrypt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
 
     /* set session auth for key */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = key->handle.auth;
-        dev->ctx.session[0].symmetric =
-            key->pub.publicArea.parameters.rsaDetail.symmetric;
+        wolfTPM2_SetAuthHandle(dev, 0, &key->handle);
     }
 
     /* RSA Encrypt */
@@ -2361,11 +2372,9 @@ int wolfTPM2_RsaDecrypt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
         return BAD_FUNC_ARG;
     }
 
-    /* set session auth for key */
+    /* set session auth and name for key */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = key->handle.auth;
-        dev->ctx.session[0].symmetric =
-            key->pub.publicArea.parameters.rsaDetail.symmetric;
+        wolfTPM2_SetAuthHandle(dev, 0, &key->handle);
     }
 
     /* RSA Decrypt */
@@ -2416,7 +2425,7 @@ int wolfTPM2_ReadPCR(WOLFTPM2_DEV* dev, int pcrIndex, int hashAlg, byte* digest,
     
     /* set session auth to blank */
     if (dev->ctx.session) {
-        XMEMSET(&dev->ctx.session[0].auth, 0, sizeof(TPM2B_AUTH));
+        wolfTPM2_SetAuthPassword(dev, 0, NULL);
     }
 
     wolfTPM2_SetupPCRSel(&pcrReadIn.pcrSelectionIn, hashAlg, pcrIndex);
@@ -2521,7 +2530,7 @@ int wolfTPM2_NVCreateAuth(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* parent,
 
     /* set session auth for key */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = parent->auth;
+        wolfTPM2_SetAuthHandle(dev, 0, parent);
     }
 
     XMEMSET(&in, 0, sizeof(in));
@@ -2593,7 +2602,7 @@ int wolfTPM2_NVWriteAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
     
     /* set session auth for key */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = nv->handle.auth;
+        wolfTPM2_SetAuthHandle(dev, 0, &nv->handle);
     }
 
     while (dataSz > 0) {
@@ -2653,7 +2662,7 @@ int wolfTPM2_NVReadAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
     
     /* set session auth for key */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = nv->handle.auth;
+        wolfTPM2_SetAuthHandle(dev, 0, &nv->handle);
     }
 
     dataSz = *pDataSz;
@@ -2763,7 +2772,7 @@ int wolfTPM2_NVDeleteAuth(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* parent,
 
     /* set session auth for key */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = parent->auth;
+        wolfTPM2_SetAuthHandle(dev, 0, parent);
     }
 
     XMEMSET(&in, 0, sizeof(in));
@@ -2934,7 +2943,7 @@ int wolfTPM2_HashUpdate(WOLFTPM2_DEV* dev, WOLFTPM2_HASH* hash,
 
     /* set session auth for hash handle */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = hash->handle.auth;
+        wolfTPM2_SetAuthHandle(dev, 0, &hash->handle);
     }
 
     XMEMSET(&in, 0, sizeof(in));
@@ -2980,7 +2989,7 @@ int wolfTPM2_HashFinish(WOLFTPM2_DEV* dev, WOLFTPM2_HASH* hash,
 
     /* set session auth for hash handle */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = hash->handle.auth;
+        wolfTPM2_SetAuthHandle(dev, 0, &hash->handle);
     }
 
     XMEMSET(&in, 0, sizeof(in));
@@ -3179,7 +3188,7 @@ int wolfTPM2_EncryptDecryptBlock(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
 
     /* set session auth for key */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = key->handle.auth;
+        wolfTPM2_SetAuthHandle(dev, 0, &key->handle);
     }
 
     XMEMSET(&encDecIn, 0, sizeof(encDecIn));
@@ -3322,7 +3331,7 @@ int wolfTPM2_LoadKeyedHashKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
 
     /* set session auth for parent key */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = parent->auth;
+        wolfTPM2_SetAuthHandle(dev, 0, parent);
     }
 
     XMEMSET(&createIn, 0, sizeof(createIn));
@@ -3410,7 +3419,7 @@ int wolfTPM2_HmacStart(WOLFTPM2_DEV* dev, WOLFTPM2_HMAC* hmac,
 
     /* set session auth for hmac key */
     if (dev->ctx.session) {
-        dev->ctx.session[0].auth = hmac->hash.handle.auth;
+        wolfTPM2_SetAuthHandle(dev, 0, &hmac->hash.handle);
     }
 
     /* Setup HMAC start command */
@@ -4010,6 +4019,7 @@ int wolfTPM2_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                     /* otherwise load public key and perform public op */
 
                     /* load public key into TPM */
+                    XMEMSET(&rsaPub, 0, sizeof(rsaPub));
                     rc = wolfTPM2_RsaKey_WolfToTpm(tlsCtx->dev,
                         info->pk.rsa.key, &rsaPub);
                     if (rc != 0) {