From 72e365329c44c327c8f8bc85c197334ca346c572 Mon Sep 17 00:00:00 2001
From: Dimitar Tomov <dimi@wolfssl.com>
Date: Wed, 18 Nov 2020 20:30:06 +0200
Subject: [PATCH] New nonceTPM solution needed, restoring TPMS_AUTH_COMMAND to
 its TCG spec form

Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
---
 examples/keygen/keygen_paramenc.c  |  9 +++------
 examples/keygen/keyload_paramenc.c |  9 +++------
 examples/pcr/quote_paramenc.c      |  6 +++---
 src/tpm2_packet.c                  |  4 ++--
 src/tpm2_param_enc.c               | 26 +++++++++++++++-----------
 wolftpm/tpm2.h                     |  3 +--
 6 files changed, 27 insertions(+), 30 deletions(-)

diff --git a/examples/keygen/keygen_paramenc.c b/examples/keygen/keygen_paramenc.c
index d9c803d..5039a19 100644
--- a/examples/keygen/keygen_paramenc.c
+++ b/examples/keygen/keygen_paramenc.c
@@ -136,16 +136,13 @@ int TPM2_Keygen_ParamEnc_Example(void* userCtx, int argc, char *argv[])
     session[1].symmetric.keyBits.aes = 128;
 #endif
     session[1].authHash = TPM_ALG_SHA256;
-    session[1].nonceCaller.size = TPM_SHA256_DIGEST_SIZE;
-    rc = TPM2_GetNonce(session[1].nonceCaller.buffer,
-                       session[1].nonceCaller.size);
+    session[1].nonce.size = TPM_SHA256_DIGEST_SIZE;
+    rc = TPM2_GetNonce(session[1].nonce.buffer,
+                       session[1].nonce.size);
     if (rc < 0) {
         printf("TPM2_GetNonce failed\n");
         goto exit;
     }
-    session[1].nonceTPM.size = session[1].nonceCaller.size;
-    XMEMCPY(session[1].nonceTPM.buffer, tpmSession.nonceTPM.buffer,
-            session[1].nonceTPM.size);
 
     /* Create new key */
     if (alg == TPM_ALG_RSA) {
diff --git a/examples/keygen/keyload_paramenc.c b/examples/keygen/keyload_paramenc.c
index a809b6c..d8bde55 100644
--- a/examples/keygen/keyload_paramenc.c
+++ b/examples/keygen/keyload_paramenc.c
@@ -107,16 +107,13 @@ int TPM2_Keyload_ParamEnc_Example(void* userCtx, int argc, char *argv[])
     session[1].symmetric.keyBits.aes = 128;
 #endif
     session[1].authHash = TPM_ALG_SHA256;
-    session[1].nonceCaller.size = TPM_SHA256_DIGEST_SIZE;
-    rc = TPM2_GetNonce(session[1].nonceCaller.buffer,
-                       session[1].nonceCaller.size);
+    session[1].nonce.size = TPM_SHA256_DIGEST_SIZE;
+    rc = TPM2_GetNonce(session[1].nonce.buffer,
+                       session[1].nonce.size);
     if (rc < 0) {
         printf("TPM2_GetNonce failed\n");
         goto exit;
     }
-    session[1].nonceTPM.size = session[1].nonceCaller.size;
-    XMEMCPY(session[1].nonceTPM.buffer, tpmSession.nonceTPM.buffer,
-            session[1].nonceTPM.size);
 
     /* Load encrypted key from the disk */
 #if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
diff --git a/examples/pcr/quote_paramenc.c b/examples/pcr/quote_paramenc.c
index 72be8ba..e84aa55 100644
--- a/examples/pcr/quote_paramenc.c
+++ b/examples/pcr/quote_paramenc.c
@@ -200,9 +200,9 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
     session[1].authHash = TPM_ALG_SHA256;
     session[1].auth.size = sizeof(gXorAuth)-1;
     XMEMCPY(session[1].auth.buffer, gXorAuth, session[1].auth.size);
-    session[1].nonceCaller.size = TPM_SHA256_DIGEST_SIZE;
-    rc = TPM2_GetNonce(session[1].nonceCaller.buffer,
-                       session[1].nonceCaller.size);
+    session[1].nonce.size = TPM_SHA256_DIGEST_SIZE;
+    rc = TPM2_GetNonce(session[1].nonce.buffer,
+                       session[1].nonce.size);
     if (rc < 0) {
         printf("TPM2_GetNonce failed\n");
         goto exit;
diff --git a/src/tpm2_packet.c b/src/tpm2_packet.c
index 9da8008..1056a1d 100644
--- a/src/tpm2_packet.c
+++ b/src/tpm2_packet.c
@@ -343,8 +343,8 @@ void TPM2_Packet_AppendAuth(TPM2_Packet* packet, TPM2_CTX* ctx)
             auth[i].sessionAttributes |= TPMA_SESSION_continueSession;
         }
         TPM2_Packet_AppendU32(packet, auth[i].sessionHandle);
-        TPM2_Packet_AppendU16(packet, auth[i].nonceCaller.size);
-        TPM2_Packet_AppendBytes(packet, auth[i].nonceCaller.buffer, auth[i].nonceCaller.size);
+        TPM2_Packet_AppendU16(packet, auth[i].nonce.size);
+        TPM2_Packet_AppendBytes(packet, auth[i].nonce.buffer, auth[i].nonce.size);
         TPM2_Packet_AppendU8(packet, auth[i].sessionAttributes);
         TPM2_Packet_AppendU16(packet, auth[i].auth.size);
         TPM2_Packet_AppendBytes(packet, auth[i].auth.buffer, auth[i].auth.size);
diff --git a/src/tpm2_param_enc.c b/src/tpm2_param_enc.c
index 8b19968..5c4a872 100644
--- a/src/tpm2_param_enc.c
+++ b/src/tpm2_param_enc.c
@@ -373,20 +373,23 @@ TPM_RC TPM2_ParamEnc_CmdRequest(TPMS_AUTH_COMMAND *session,
                                 const BYTE *paramData, UINT32 paramSz)
 {
     TPM_RC rc = TPM_RC_FAILURE;
+    /* TODO: second nonce should be nonceTPM from StartAuthSession
+     *       make a new design choice how to pass that nonce
+     *       - using active context
+     *       - using WOLFTPM2_SESSION
+     *       - other?
+     */
     if (session->symmetric.algorithm == TPM_ALG_XOR) {
-        rc = TPM2_ParamEnc_XOR(session, &session->auth, &session->nonceCaller,
-            &session->nonceTPM, encryptedParameter, paramData, paramSz);
+        rc = TPM2_ParamEnc_XOR(session, &session->auth, &session->nonce,
+            &session->nonce, encryptedParameter, paramData, paramSz);
     }
 #ifdef WOLFSSL_AES_CFB
     else if (session->symmetric.algorithm == TPM_ALG_CFB) {
-        rc = TPM2_ParamEnc_AESCFB(session, &session->auth, &session->nonceCaller,
-            &session->nonceTPM, encryptedParameter, paramData, paramSz);
+        rc = TPM2_ParamEnc_AESCFB(session, &session->auth, &session->nonce,
+            &session->nonce, encryptedParameter, paramData, paramSz);
     }
 #endif
 
-    /* TODO: generate new nonce? Copy old nonce? */
-    //TPM2_GetNonce(session->nonceCaller.buffer, session->nonceCaller.size);
-
     return rc;
 }
 
@@ -396,14 +399,15 @@ TPM_RC TPM2_ParamDec_CmdResponse(TPMS_AUTH_COMMAND *session,
 {
     TPM_RC rc = TPM_RC_FAILURE;
 
+    /* TODO: second nonce should be nonceTPM from StartAuthSession response */
     if (session->symmetric.algorithm == TPM_ALG_XOR) {
-        rc = TPM2_ParamDec_XOR(session, &session->auth, &session->nonceCaller,
-            &session->nonceTPM, decryptedParameter, paramData, paramSz);
+        rc = TPM2_ParamDec_XOR(session, &session->auth, &session->nonce,
+            &session->nonce, decryptedParameter, paramData, paramSz);
     }
 #ifdef WOLFSSL_AES_CFB
     else if (session->symmetric.algorithm == TPM_ALG_CFB) {
-        rc = TPM2_ParamDec_AESCFB(session, &session->auth, &session->nonceCaller,
-            &session->nonceTPM, decryptedParameter, paramData, paramSz);
+        rc = TPM2_ParamDec_AESCFB(session, &session->auth, &session->nonce,
+            &session->nonce, decryptedParameter, paramData, paramSz);
     }
 #endif
 
diff --git a/wolftpm/tpm2.h b/wolftpm/tpm2.h
index a18534f..aa687cf 100644
--- a/wolftpm/tpm2.h
+++ b/wolftpm/tpm2.h
@@ -1568,8 +1568,7 @@ typedef struct TPM2B_CREATION_DATA {
 
 typedef struct TPMS_AUTH_COMMAND {
     TPMI_SH_AUTH_SESSION sessionHandle;
-    TPM2B_NONCE nonceCaller;
-    TPM2B_NONCE nonceTPM;
+    TPM2B_NONCE nonce;
     TPMA_SESSION sessionAttributes;
     TPM2B_AUTH auth; /* TCG Spec Part 2 calls this field hmac */
     /* TPM2B_AUTH can be an HMAC, a password or an Empty Auth */