As noted earlier, the parameters to the TPM2_StartAuthSession function determine many of the session's characteristics, including the session's security properties. The command schematic for this command is shown in Figure 13-10; the response is shown in Figure 13-11.
Figure 13-10. TPM2_StartAuthSession command
Figure 13-11. TPM2_StartAuthSession response
This command takes the following handles and parameters as inputs:
• Two handles:
• If tpmKey is TPM_RH_NULL, the session is an unsalted session; otherwise, it's a salted session, and the encryptedSalt parameter is decrypted by the TPM to get the salt value used to add entropy. The TPM uses the loaded key pointed to by the tpmKey handle to do the decryption of encryptedSalt.
• If bind is TPM_RH_NULL, the session is an unbound session. Otherwise, it's a bound session, and the authValue of the entity pointed to by the bind handle is concatenated with the salt value to form K, which is used in calculating the sessionKey.
• Five parameters:
• nonceCaller is the first nonce set by the caller and sets the size for all subsequent nonces returned by the TPM.
• encryptedSalt is used only if the session is salted as described earlier in the discussion of tpmKey. If the session is unsalted, this parameter must be a zero-sized buffer.
• sessionType determines the type of the session: HMAC, policy, or trial policy.
• symmetric determines the type of parameter encryption that will be used when the session is set for encrypt or decrypt.
• authHash is the algorithm ID for the hash algorithm that will be used by the session for HMAC operations.
When a session is started, the TPM processes the command and generates a session handle, computes a nonceTPM, and calculates a session key. This key is used to generate HMACs, encrypt command parameters, and decrypt response parameters. After the session is created, the session key remains the same for the lifetime of the session. The session handle and the nonceTPM are returned by the command.
The session key is determined by these command parameters passed in to TPM2_StartAuthSession: tpmKey, bind, encryptedSalt, nonceCaller, and authHash. The response parameter, nonceTPM, also figures into the session key.  Use of the nonceTPM in creating the session key guarantees that using the same authValue, salt, and nonceCaller will generate a different session key.
Because the calling application also has to know the session key, it duplicates the TPM's calculations using the nonceTPM along with the input variables to perform this calculation. At this point, the session has started, and both the caller and the TPM know the session key.
-  The symmetric parameter to TPM2_StartAuthSession is only used for encryption and decryption of command and response parameters, so it isn't described in this chapter.