commit 76c97e5adc391f77a613b62f2ae49f9067e7ddcf
author Jeffrey Ferreira <jeffpferreira@gmail.com> Fri Aug 16 16:04:24 2019 -0700
committer Tadeusz Struk <tadeusz.struk@intel.com> Tue Aug 27 10:24:20 2019 -0700
tree 0c1ff9a7a974210113c29504657bf6b1aa2d51a6
parent 3440cdeb6b5a3233d45fbb47e7de2f141405e5bb

esys: Fix HMAC generation for policy sessions

Policy sessions which do not include TPM2_PolicyAuthValue should not include
authValue in their HMAC computation.

Signed-off-by: Jeffrey Ferreira <jeffpferreira@gmail.com>

src/tss2-esys/esys_iutil.c

diff --git a/src/tss2-esys/esys_iutil.c b/src/tss2-esys/esys_iutil.c
index 35bca6e..94d0332 100644
--- a/src/tss2-esys/esys_iutil.c
+++ b/src/tss2-esys/esys_iutil.c
@@ -1019,11 +1019,14 @@
     /* Then if we are a bound session, the auth value is not appended to the end
        of the session value for HMAC computation. The size of the key will not be
        increased.*/
-    if (iesys_is_object_bound(name, auth_value,
-                              session) &&
-        /* type_policy_session set to POLICY_AUTH by command PolicyAuthValue */
-        (session->rsrc.misc.rsrc_session.type_policy_session != POLICY_AUTH))
+    if (iesys_is_object_bound(name, auth_value, session))
         return;
+
+    /* type_policy_session set to POLICY_AUTH by command PolicyAuthValue */
+    if (session->rsrc.misc.rsrc_session.sessionType == TPM2_SE_POLICY &&
+        session->rsrc.misc.rsrc_session.type_policy_session != POLICY_AUTH)
+        return;
+
     session->rsrc.misc.rsrc_session.sizeHmacValue += auth_value->size;
 }