Authorizations and Sessions
Authorizations and sessions are among the most important concepts in TPM 2.0. Authorizations control access to entities in the TPM, providing many of the security guarantees of the TPM. Sessions are the vehicle for authorizations and maintain state between subsequent commands; additionally, sessions configure some per-command attributes such as encryption and decryption of command and response parameters and auditing. This chapter describes sessions as they relate to authorization of actions on entities. Chapters 16 and 17 describe details of the per-command session use modifiers.
Authorizations and sessions represent a large topic, so this chapter will proceed as follows:
1. You'll learn some new terms specific to sessions and authorizations. You are advised to review the definitions in Chapter 5 as well.
2. You'll see password, HMAC, and policy authorizations at a high level, along with the security properties of each.
3. The chapter clarifies the differences and commonalities between sessions and authorizations, as well as some aspects of the specification that can be confusing.
4. You'll drill down into some aspects of authorizations that apply to all three types of authorizations: password, HMAC, and policy. You will learn about the authorization roles and the authorization area in the command and response byte streams.
5. You will examine the different types of authorizations in detail, from simplest to most complex: password, HMAC, and policy. After looking at password authorizations, you will see some common aspects of HMAC and policy authorizations, followed by the details of HMAC and policy authorizations.
6. Finally, all the authorization types are tied together into a combined authorization lifecycle.
This chapter doesn't describe the various policy authorization commands. Nor does it describe decrypt, encrypt, and audit sessions, other than to note that sessions are the vehicle for setting these.
This chapter uses diagrams, logical flows, and working code examples to illustrate how authorizations and sessions work. This material is foundational to understanding TPM 2.0. Get ready for a deep but rewarding dive.
Before you delve into this subject, you need to clearly understand some new terms. These are in addition to the terms described in Chapter 5; you should refer to those definitions as well as these while reading this chapter:
• Session creation variations: These are set at session creation time and last for the lifetime of the session. They determine how the session and HMAC keys are created and how the HMAC is generated. There are two choices here: bound vs. unbound, and salted vs. unsalted. The combination of these two choices results in four session variations. These are discussed in detail later. For now, here are high-level descriptions:
• Bound sessions essentially “bind” the authorization to some entity's authorization value. This binding is done by
including the bind entity's authorization value in the session key generation. This affects all calculations that depend on the session key, including HMAC, policy, encryption, and decryption calculations.
• An unbound session doesn't use a bind entity's authorization in the session key generation.
• A salted session adds extra entropy, the salt, into the session key generation; similar to bound sessions, this affects all calculations that depend on the session key. The extra entropy is sent to the TPM in encrypted form, the encrypted salt parameter which is passed in to the TPM2_StartAuthSession command.
• An unsalted session doesn't add entropy in this way.
• Session use modifiers: These modify the actions of an HMAC or policy session on a per-command basis. Continue, encrypt, decrypt, and audit are the more commonly used modifiers:
• Continue: If not set, the session is terminated after a successful command.
• Decrypt: Indicates that the first TPM2B command parameter is sent to the TPM in encrypted form.
• Encrypt: Causes the first TPM2B response parameter to be returned from the TPM in encrypted form.
• Audit: Causes a command using the session to be audited.
Based on an understanding of these terms, I can now describe the different types of sessions.