1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (c) 2013 The Chromium OS Authors. 4 * Coypright (c) 2013 Guntermann & Drunck GmbH 5 */ 6 7 #include <common.h> 8 #include <dm.h> 9 #include <asm/unaligned.h> 10 #include <u-boot/sha1.h> 11 #include <tpm-common.h> 12 #include <tpm-v1.h> 13 #include "tpm-utils.h" 14 15 #ifdef CONFIG_TPM_AUTH_SESSIONS 16 17 #ifndef CONFIG_SHA1 18 #error "TPM_AUTH_SESSIONS require SHA1 to be configured, too" 19 #endif /* !CONFIG_SHA1 */ 20 21 struct session_data { 22 int valid; 23 u32 handle; 24 u8 nonce_even[DIGEST_LENGTH]; 25 u8 nonce_odd[DIGEST_LENGTH]; 26 }; 27 28 static struct session_data oiap_session = {0, }; 29 30 #endif /* CONFIG_TPM_AUTH_SESSIONS */ 31 32 u32 tpm_startup(enum tpm_startup_type mode) 33 { 34 const u8 command[12] = { 35 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x99, 0x0, 0x0, 36 }; 37 const size_t mode_offset = 10; 38 u8 buf[COMMAND_BUFFER_SIZE]; 39 40 if (pack_byte_string(buf, sizeof(buf), "sw", 41 0, command, sizeof(command), 42 mode_offset, mode)) 43 return TPM_LIB_ERROR; 44 45 return tpm_sendrecv_command(buf, NULL, NULL); 46 } 47 48 u32 tpm_self_test_full(void) 49 { 50 const u8 command[10] = { 51 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x50, 52 }; 53 return tpm_sendrecv_command(command, NULL, NULL); 54 } 55 56 u32 tpm_continue_self_test(void) 57 { 58 const u8 command[10] = { 59 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53, 60 }; 61 return tpm_sendrecv_command(command, NULL, NULL); 62 } 63 64 u32 tpm_nv_define_space(u32 index, u32 perm, u32 size) 65 { 66 const u8 command[101] = { 67 0x0, 0xc1, /* TPM_TAG */ 68 0x0, 0x0, 0x0, 0x65, /* parameter size */ 69 0x0, 0x0, 0x0, 0xcc, /* TPM_COMMAND_CODE */ 70 /* TPM_NV_DATA_PUBLIC->... */ 71 0x0, 0x18, /* ...->TPM_STRUCTURE_TAG */ 72 0, 0, 0, 0, /* ...->TPM_NV_INDEX */ 73 /* TPM_NV_DATA_PUBLIC->TPM_PCR_INFO_SHORT */ 74 0x0, 0x3, 75 0, 0, 0, 76 0x1f, 77 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 78 /* TPM_NV_DATA_PUBLIC->TPM_PCR_INFO_SHORT */ 79 0x0, 0x3, 80 0, 0, 0, 81 0x1f, 82 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 83 /* TPM_NV_ATTRIBUTES->... */ 84 0x0, 0x17, /* ...->TPM_STRUCTURE_TAG */ 85 0, 0, 0, 0, /* ...->attributes */ 86 /* End of TPM_NV_ATTRIBUTES */ 87 0, /* bReadSTClear */ 88 0, /* bWriteSTClear */ 89 0, /* bWriteDefine */ 90 0, 0, 0, 0, /* size */ 91 }; 92 const size_t index_offset = 12; 93 const size_t perm_offset = 70; 94 const size_t size_offset = 77; 95 u8 buf[COMMAND_BUFFER_SIZE]; 96 97 if (pack_byte_string(buf, sizeof(buf), "sddd", 98 0, command, sizeof(command), 99 index_offset, index, 100 perm_offset, perm, 101 size_offset, size)) 102 return TPM_LIB_ERROR; 103 104 return tpm_sendrecv_command(buf, NULL, NULL); 105 } 106 107 u32 tpm_nv_read_value(u32 index, void *data, u32 count) 108 { 109 const u8 command[22] = { 110 0x0, 0xc1, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0xcf, 111 }; 112 const size_t index_offset = 10; 113 const size_t length_offset = 18; 114 const size_t data_size_offset = 10; 115 const size_t data_offset = 14; 116 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE]; 117 size_t response_length = sizeof(response); 118 u32 data_size; 119 u32 err; 120 121 if (pack_byte_string(buf, sizeof(buf), "sdd", 122 0, command, sizeof(command), 123 index_offset, index, 124 length_offset, count)) 125 return TPM_LIB_ERROR; 126 err = tpm_sendrecv_command(buf, response, &response_length); 127 if (err) 128 return err; 129 if (unpack_byte_string(response, response_length, "d", 130 data_size_offset, &data_size)) 131 return TPM_LIB_ERROR; 132 if (data_size > count) 133 return TPM_LIB_ERROR; 134 if (unpack_byte_string(response, response_length, "s", 135 data_offset, data, data_size)) 136 return TPM_LIB_ERROR; 137 138 return 0; 139 } 140 141 u32 tpm_nv_write_value(u32 index, const void *data, u32 length) 142 { 143 const u8 command[256] = { 144 0x0, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd, 145 }; 146 const size_t command_size_offset = 2; 147 const size_t index_offset = 10; 148 const size_t length_offset = 18; 149 const size_t data_offset = 22; 150 const size_t write_info_size = 12; 151 const u32 total_length = 152 TPM_REQUEST_HEADER_LENGTH + write_info_size + length; 153 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE]; 154 size_t response_length = sizeof(response); 155 u32 err; 156 157 if (pack_byte_string(buf, sizeof(buf), "sddds", 158 0, command, sizeof(command), 159 command_size_offset, total_length, 160 index_offset, index, 161 length_offset, length, 162 data_offset, data, length)) 163 return TPM_LIB_ERROR; 164 err = tpm_sendrecv_command(buf, response, &response_length); 165 if (err) 166 return err; 167 168 return 0; 169 } 170 171 u32 tpm_extend(u32 index, const void *in_digest, void *out_digest) 172 { 173 const u8 command[34] = { 174 0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x14, 175 }; 176 const size_t index_offset = 10; 177 const size_t in_digest_offset = 14; 178 const size_t out_digest_offset = 10; 179 u8 buf[COMMAND_BUFFER_SIZE]; 180 u8 response[TPM_RESPONSE_HEADER_LENGTH + PCR_DIGEST_LENGTH]; 181 size_t response_length = sizeof(response); 182 u32 err; 183 184 if (pack_byte_string(buf, sizeof(buf), "sds", 185 0, command, sizeof(command), 186 index_offset, index, 187 in_digest_offset, in_digest, 188 PCR_DIGEST_LENGTH)) 189 return TPM_LIB_ERROR; 190 err = tpm_sendrecv_command(buf, response, &response_length); 191 if (err) 192 return err; 193 194 if (unpack_byte_string(response, response_length, "s", 195 out_digest_offset, out_digest, 196 PCR_DIGEST_LENGTH)) 197 return TPM_LIB_ERROR; 198 199 return 0; 200 } 201 202 u32 tpm_pcr_read(u32 index, void *data, size_t count) 203 { 204 const u8 command[14] = { 205 0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15, 206 }; 207 const size_t index_offset = 10; 208 const size_t out_digest_offset = 10; 209 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE]; 210 size_t response_length = sizeof(response); 211 u32 err; 212 213 if (count < PCR_DIGEST_LENGTH) 214 return TPM_LIB_ERROR; 215 216 if (pack_byte_string(buf, sizeof(buf), "sd", 217 0, command, sizeof(command), 218 index_offset, index)) 219 return TPM_LIB_ERROR; 220 err = tpm_sendrecv_command(buf, response, &response_length); 221 if (err) 222 return err; 223 if (unpack_byte_string(response, response_length, "s", 224 out_digest_offset, data, PCR_DIGEST_LENGTH)) 225 return TPM_LIB_ERROR; 226 227 return 0; 228 } 229 230 u32 tpm_tsc_physical_presence(u16 presence) 231 { 232 const u8 command[12] = { 233 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x0, 0x0, 234 }; 235 const size_t presence_offset = 10; 236 u8 buf[COMMAND_BUFFER_SIZE]; 237 238 if (pack_byte_string(buf, sizeof(buf), "sw", 239 0, command, sizeof(command), 240 presence_offset, presence)) 241 return TPM_LIB_ERROR; 242 243 return tpm_sendrecv_command(buf, NULL, NULL); 244 } 245 246 u32 tpm_read_pubek(void *data, size_t count) 247 { 248 const u8 command[30] = { 249 0x0, 0xc1, 0x0, 0x0, 0x0, 0x1e, 0x0, 0x0, 0x0, 0x7c, 250 }; 251 const size_t response_size_offset = 2; 252 const size_t data_offset = 10; 253 const size_t header_and_checksum_size = TPM_RESPONSE_HEADER_LENGTH + 20; 254 u8 response[COMMAND_BUFFER_SIZE + TPM_PUBEK_SIZE]; 255 size_t response_length = sizeof(response); 256 u32 data_size; 257 u32 err; 258 259 err = tpm_sendrecv_command(command, response, &response_length); 260 if (err) 261 return err; 262 if (unpack_byte_string(response, response_length, "d", 263 response_size_offset, &data_size)) 264 return TPM_LIB_ERROR; 265 if (data_size < header_and_checksum_size) 266 return TPM_LIB_ERROR; 267 data_size -= header_and_checksum_size; 268 if (data_size > count) 269 return TPM_LIB_ERROR; 270 if (unpack_byte_string(response, response_length, "s", 271 data_offset, data, data_size)) 272 return TPM_LIB_ERROR; 273 274 return 0; 275 } 276 277 u32 tpm_force_clear(void) 278 { 279 const u8 command[10] = { 280 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x5d, 281 }; 282 283 return tpm_sendrecv_command(command, NULL, NULL); 284 } 285 286 u32 tpm_physical_enable(void) 287 { 288 const u8 command[10] = { 289 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6f, 290 }; 291 292 return tpm_sendrecv_command(command, NULL, NULL); 293 } 294 295 u32 tpm_physical_disable(void) 296 { 297 const u8 command[10] = { 298 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x70, 299 }; 300 301 return tpm_sendrecv_command(command, NULL, NULL); 302 } 303 304 u32 tpm_physical_set_deactivated(u8 state) 305 { 306 const u8 command[11] = { 307 0x0, 0xc1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x72, 308 }; 309 const size_t state_offset = 10; 310 u8 buf[COMMAND_BUFFER_SIZE]; 311 312 if (pack_byte_string(buf, sizeof(buf), "sb", 313 0, command, sizeof(command), 314 state_offset, state)) 315 return TPM_LIB_ERROR; 316 317 return tpm_sendrecv_command(buf, NULL, NULL); 318 } 319 320 u32 tpm_get_capability(u32 cap_area, u32 sub_cap, void *cap, size_t count) 321 { 322 const u8 command[22] = { 323 0x0, 0xc1, /* TPM_TAG */ 324 0x0, 0x0, 0x0, 0x16, /* parameter size */ 325 0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */ 326 0x0, 0x0, 0x0, 0x0, /* TPM_CAPABILITY_AREA */ 327 0x0, 0x0, 0x0, 0x4, /* subcap size */ 328 0x0, 0x0, 0x0, 0x0, /* subcap value */ 329 }; 330 const size_t cap_area_offset = 10; 331 const size_t sub_cap_offset = 18; 332 const size_t cap_offset = 14; 333 const size_t cap_size_offset = 10; 334 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE]; 335 size_t response_length = sizeof(response); 336 u32 cap_size; 337 u32 err; 338 339 if (pack_byte_string(buf, sizeof(buf), "sdd", 340 0, command, sizeof(command), 341 cap_area_offset, cap_area, 342 sub_cap_offset, sub_cap)) 343 return TPM_LIB_ERROR; 344 err = tpm_sendrecv_command(buf, response, &response_length); 345 if (err) 346 return err; 347 if (unpack_byte_string(response, response_length, "d", 348 cap_size_offset, &cap_size)) 349 return TPM_LIB_ERROR; 350 if (cap_size > response_length || cap_size > count) 351 return TPM_LIB_ERROR; 352 if (unpack_byte_string(response, response_length, "s", 353 cap_offset, cap, cap_size)) 354 return TPM_LIB_ERROR; 355 356 return 0; 357 } 358 359 u32 tpm_get_permanent_flags(struct tpm_permanent_flags *pflags) 360 { 361 const u8 command[22] = { 362 0x0, 0xc1, /* TPM_TAG */ 363 0x0, 0x0, 0x0, 0x16, /* parameter size */ 364 0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */ 365 0x0, 0x0, 0x0, 0x4, /* TPM_CAP_FLAG_PERM */ 366 0x0, 0x0, 0x0, 0x4, /* subcap size */ 367 0x0, 0x0, 0x1, 0x8, /* subcap value */ 368 }; 369 const size_t data_size_offset = TPM_HEADER_SIZE; 370 const size_t data_offset = TPM_HEADER_SIZE + sizeof(u32); 371 u8 response[COMMAND_BUFFER_SIZE]; 372 size_t response_length = sizeof(response); 373 u32 err; 374 u32 data_size; 375 376 err = tpm_sendrecv_command(command, response, &response_length); 377 if (err) 378 return err; 379 if (unpack_byte_string(response, response_length, "d", 380 data_size_offset, &data_size)) 381 return TPM_LIB_ERROR; 382 if (data_size < sizeof(*pflags)) 383 return TPM_LIB_ERROR; 384 if (unpack_byte_string(response, response_length, "s", 385 data_offset, pflags, sizeof(*pflags))) 386 return TPM_LIB_ERROR; 387 388 return 0; 389 } 390 391 u32 tpm_get_permissions(u32 index, u32 *perm) 392 { 393 const u8 command[22] = { 394 0x0, 0xc1, /* TPM_TAG */ 395 0x0, 0x0, 0x0, 0x16, /* parameter size */ 396 0x0, 0x0, 0x0, 0x65, /* TPM_COMMAND_CODE */ 397 0x0, 0x0, 0x0, 0x11, 398 0x0, 0x0, 0x0, 0x4, 399 }; 400 const size_t index_offset = 18; 401 const size_t perm_offset = 60; 402 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE]; 403 size_t response_length = sizeof(response); 404 u32 err; 405 406 if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command), 407 index_offset, index)) 408 return TPM_LIB_ERROR; 409 err = tpm_sendrecv_command(buf, response, &response_length); 410 if (err) 411 return err; 412 if (unpack_byte_string(response, response_length, "d", 413 perm_offset, perm)) 414 return TPM_LIB_ERROR; 415 416 return 0; 417 } 418 419 #ifdef CONFIG_TPM_FLUSH_RESOURCES 420 u32 tpm_flush_specific(u32 key_handle, u32 resource_type) 421 { 422 const u8 command[18] = { 423 0x00, 0xc1, /* TPM_TAG */ 424 0x00, 0x00, 0x00, 0x12, /* parameter size */ 425 0x00, 0x00, 0x00, 0xba, /* TPM_COMMAND_CODE */ 426 0x00, 0x00, 0x00, 0x00, /* key handle */ 427 0x00, 0x00, 0x00, 0x00, /* resource type */ 428 }; 429 const size_t key_handle_offset = 10; 430 const size_t resource_type_offset = 14; 431 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE]; 432 size_t response_length = sizeof(response); 433 u32 err; 434 435 if (pack_byte_string(buf, sizeof(buf), "sdd", 436 0, command, sizeof(command), 437 key_handle_offset, key_handle, 438 resource_type_offset, resource_type)) 439 return TPM_LIB_ERROR; 440 441 err = tpm_sendrecv_command(buf, response, &response_length); 442 if (err) 443 return err; 444 return 0; 445 } 446 #endif /* CONFIG_TPM_FLUSH_RESOURCES */ 447 448 #ifdef CONFIG_TPM_AUTH_SESSIONS 449 450 /** 451 * Fill an authentication block in a request. 452 * This func can create the first as well as the second auth block (for 453 * double authorized commands). 454 * 455 * @param request pointer to the request (w/ uninitialised auth data) 456 * @param request_len0 length of the request without auth data 457 * @param handles_len length of the handles area in request 458 * @param auth_session pointer to the (valid) auth session to be used 459 * @param request_auth pointer to the auth block of the request to be filled 460 * @param auth authentication data (HMAC key) 461 */ 462 static u32 create_request_auth(const void *request, size_t request_len0, 463 size_t handles_len, 464 struct session_data *auth_session, 465 void *request_auth, const void *auth) 466 { 467 u8 hmac_data[DIGEST_LENGTH * 3 + 1]; 468 sha1_context hash_ctx; 469 const size_t command_code_offset = 6; 470 const size_t auth_nonce_odd_offset = 4; 471 const size_t auth_continue_offset = 24; 472 const size_t auth_auth_offset = 25; 473 474 if (!auth_session || !auth_session->valid) 475 return TPM_LIB_ERROR; 476 477 sha1_starts(&hash_ctx); 478 sha1_update(&hash_ctx, request + command_code_offset, 4); 479 if (request_len0 > TPM_REQUEST_HEADER_LENGTH + handles_len) 480 sha1_update(&hash_ctx, 481 request + TPM_REQUEST_HEADER_LENGTH + handles_len, 482 request_len0 - TPM_REQUEST_HEADER_LENGTH 483 - handles_len); 484 sha1_finish(&hash_ctx, hmac_data); 485 486 sha1_starts(&hash_ctx); 487 sha1_update(&hash_ctx, auth_session->nonce_odd, DIGEST_LENGTH); 488 sha1_update(&hash_ctx, hmac_data, sizeof(hmac_data)); 489 sha1_finish(&hash_ctx, auth_session->nonce_odd); 490 491 if (pack_byte_string(request_auth, TPM_REQUEST_AUTH_LENGTH, "dsb", 492 0, auth_session->handle, 493 auth_nonce_odd_offset, auth_session->nonce_odd, 494 DIGEST_LENGTH, 495 auth_continue_offset, 1)) 496 return TPM_LIB_ERROR; 497 if (pack_byte_string(hmac_data, sizeof(hmac_data), "ss", 498 DIGEST_LENGTH, 499 auth_session->nonce_even, 500 DIGEST_LENGTH, 501 2 * DIGEST_LENGTH, 502 request_auth + auth_nonce_odd_offset, 503 DIGEST_LENGTH + 1)) 504 return TPM_LIB_ERROR; 505 sha1_hmac(auth, DIGEST_LENGTH, hmac_data, sizeof(hmac_data), 506 request_auth + auth_auth_offset); 507 508 return TPM_SUCCESS; 509 } 510 511 /** 512 * Verify an authentication block in a response. 513 * Since this func updates the nonce_even in the session data it has to be 514 * called when receiving a succesfull AUTH response. 515 * This func can verify the first as well as the second auth block (for 516 * double authorized commands). 517 * 518 * @param command_code command code of the request 519 * @param response pointer to the request (w/ uninitialised auth data) 520 * @param handles_len length of the handles area in response 521 * @param auth_session pointer to the (valid) auth session to be used 522 * @param response_auth pointer to the auth block of the response to be verified 523 * @param auth authentication data (HMAC key) 524 */ 525 static u32 verify_response_auth(u32 command_code, const void *response, 526 size_t response_len0, size_t handles_len, 527 struct session_data *auth_session, 528 const void *response_auth, const void *auth) 529 { 530 u8 hmac_data[DIGEST_LENGTH * 3 + 1]; 531 u8 computed_auth[DIGEST_LENGTH]; 532 sha1_context hash_ctx; 533 const size_t return_code_offset = 6; 534 const size_t auth_continue_offset = 20; 535 const size_t auth_auth_offset = 21; 536 u8 auth_continue; 537 538 if (!auth_session || !auth_session->valid) 539 return TPM_AUTHFAIL; 540 if (pack_byte_string(hmac_data, sizeof(hmac_data), "d", 541 0, command_code)) 542 return TPM_LIB_ERROR; 543 if (response_len0 < TPM_RESPONSE_HEADER_LENGTH) 544 return TPM_LIB_ERROR; 545 546 sha1_starts(&hash_ctx); 547 sha1_update(&hash_ctx, response + return_code_offset, 4); 548 sha1_update(&hash_ctx, hmac_data, 4); 549 if (response_len0 > TPM_RESPONSE_HEADER_LENGTH + handles_len) 550 sha1_update(&hash_ctx, 551 response + TPM_RESPONSE_HEADER_LENGTH + handles_len, 552 response_len0 - TPM_RESPONSE_HEADER_LENGTH 553 - handles_len); 554 sha1_finish(&hash_ctx, hmac_data); 555 556 memcpy(auth_session->nonce_even, response_auth, DIGEST_LENGTH); 557 auth_continue = ((u8 *)response_auth)[auth_continue_offset]; 558 if (pack_byte_string(hmac_data, sizeof(hmac_data), "ssb", 559 DIGEST_LENGTH, 560 response_auth, 561 DIGEST_LENGTH, 562 2 * DIGEST_LENGTH, 563 auth_session->nonce_odd, 564 DIGEST_LENGTH, 565 3 * DIGEST_LENGTH, 566 auth_continue)) 567 return TPM_LIB_ERROR; 568 569 sha1_hmac(auth, DIGEST_LENGTH, hmac_data, sizeof(hmac_data), 570 computed_auth); 571 572 if (memcmp(computed_auth, response_auth + auth_auth_offset, 573 DIGEST_LENGTH)) 574 return TPM_AUTHFAIL; 575 576 return TPM_SUCCESS; 577 } 578 579 u32 tpm_terminate_auth_session(u32 auth_handle) 580 { 581 const u8 command[18] = { 582 0x00, 0xc1, /* TPM_TAG */ 583 0x00, 0x00, 0x00, 0x00, /* parameter size */ 584 0x00, 0x00, 0x00, 0xba, /* TPM_COMMAND_CODE */ 585 0x00, 0x00, 0x00, 0x00, /* TPM_HANDLE */ 586 0x00, 0x00, 0x00, 0x02, /* TPM_RESOURCE_TYPE */ 587 }; 588 const size_t req_handle_offset = TPM_REQUEST_HEADER_LENGTH; 589 u8 request[COMMAND_BUFFER_SIZE]; 590 591 if (pack_byte_string(request, sizeof(request), "sd", 592 0, command, sizeof(command), 593 req_handle_offset, auth_handle)) 594 return TPM_LIB_ERROR; 595 if (oiap_session.valid && oiap_session.handle == auth_handle) 596 oiap_session.valid = 0; 597 598 return tpm_sendrecv_command(request, NULL, NULL); 599 } 600 601 u32 tpm_end_oiap(void) 602 { 603 u32 err = TPM_SUCCESS; 604 605 if (oiap_session.valid) 606 err = tpm_terminate_auth_session(oiap_session.handle); 607 return err; 608 } 609 610 u32 tpm_oiap(u32 *auth_handle) 611 { 612 const u8 command[10] = { 613 0x00, 0xc1, /* TPM_TAG */ 614 0x00, 0x00, 0x00, 0x0a, /* parameter size */ 615 0x00, 0x00, 0x00, 0x0a, /* TPM_COMMAND_CODE */ 616 }; 617 const size_t res_auth_handle_offset = TPM_RESPONSE_HEADER_LENGTH; 618 const size_t res_nonce_even_offset = TPM_RESPONSE_HEADER_LENGTH + 4; 619 u8 response[COMMAND_BUFFER_SIZE]; 620 size_t response_length = sizeof(response); 621 u32 err; 622 623 if (oiap_session.valid) 624 tpm_terminate_auth_session(oiap_session.handle); 625 626 err = tpm_sendrecv_command(command, response, &response_length); 627 if (err) 628 return err; 629 if (unpack_byte_string(response, response_length, "ds", 630 res_auth_handle_offset, &oiap_session.handle, 631 res_nonce_even_offset, &oiap_session.nonce_even, 632 (u32)DIGEST_LENGTH)) 633 return TPM_LIB_ERROR; 634 oiap_session.valid = 1; 635 if (auth_handle) 636 *auth_handle = oiap_session.handle; 637 return 0; 638 } 639 640 u32 tpm_load_key2_oiap(u32 parent_handle, const void *key, size_t key_length, 641 const void *parent_key_usage_auth, u32 *key_handle) 642 { 643 const u8 command[14] = { 644 0x00, 0xc2, /* TPM_TAG */ 645 0x00, 0x00, 0x00, 0x00, /* parameter size */ 646 0x00, 0x00, 0x00, 0x41, /* TPM_COMMAND_CODE */ 647 0x00, 0x00, 0x00, 0x00, /* parent handle */ 648 }; 649 const size_t req_size_offset = 2; 650 const size_t req_parent_handle_offset = TPM_REQUEST_HEADER_LENGTH; 651 const size_t req_key_offset = TPM_REQUEST_HEADER_LENGTH + 4; 652 const size_t res_handle_offset = TPM_RESPONSE_HEADER_LENGTH; 653 u8 request[sizeof(command) + TPM_KEY12_MAX_LENGTH + 654 TPM_REQUEST_AUTH_LENGTH]; 655 u8 response[COMMAND_BUFFER_SIZE]; 656 size_t response_length = sizeof(response); 657 u32 err; 658 659 if (!oiap_session.valid) { 660 err = tpm_oiap(NULL); 661 if (err) 662 return err; 663 } 664 if (pack_byte_string(request, sizeof(request), "sdds", 665 0, command, sizeof(command), 666 req_size_offset, 667 sizeof(command) + key_length 668 + TPM_REQUEST_AUTH_LENGTH, 669 req_parent_handle_offset, parent_handle, 670 req_key_offset, key, key_length 671 )) 672 return TPM_LIB_ERROR; 673 674 err = create_request_auth(request, sizeof(command) + key_length, 4, 675 &oiap_session, 676 request + sizeof(command) + key_length, 677 parent_key_usage_auth); 678 if (err) 679 return err; 680 err = tpm_sendrecv_command(request, response, &response_length); 681 if (err) { 682 if (err == TPM_AUTHFAIL) 683 oiap_session.valid = 0; 684 return err; 685 } 686 687 err = verify_response_auth(0x00000041, response, 688 response_length - TPM_RESPONSE_AUTH_LENGTH, 689 4, &oiap_session, 690 response + response_length - 691 TPM_RESPONSE_AUTH_LENGTH, 692 parent_key_usage_auth); 693 if (err) 694 return err; 695 696 if (key_handle) { 697 if (unpack_byte_string(response, response_length, "d", 698 res_handle_offset, key_handle)) 699 return TPM_LIB_ERROR; 700 } 701 702 return 0; 703 } 704 705 u32 tpm_get_pub_key_oiap(u32 key_handle, const void *usage_auth, void *pubkey, 706 size_t *pubkey_len) 707 { 708 const u8 command[14] = { 709 0x00, 0xc2, /* TPM_TAG */ 710 0x00, 0x00, 0x00, 0x00, /* parameter size */ 711 0x00, 0x00, 0x00, 0x21, /* TPM_COMMAND_CODE */ 712 0x00, 0x00, 0x00, 0x00, /* key handle */ 713 }; 714 const size_t req_size_offset = 2; 715 const size_t req_key_handle_offset = TPM_REQUEST_HEADER_LENGTH; 716 const size_t res_pubkey_offset = TPM_RESPONSE_HEADER_LENGTH; 717 u8 request[sizeof(command) + TPM_REQUEST_AUTH_LENGTH]; 718 u8 response[TPM_RESPONSE_HEADER_LENGTH + TPM_PUBKEY_MAX_LENGTH + 719 TPM_RESPONSE_AUTH_LENGTH]; 720 size_t response_length = sizeof(response); 721 u32 err; 722 723 if (!oiap_session.valid) { 724 err = tpm_oiap(NULL); 725 if (err) 726 return err; 727 } 728 if (pack_byte_string(request, sizeof(request), "sdd", 729 0, command, sizeof(command), 730 req_size_offset, 731 (u32)(sizeof(command) 732 + TPM_REQUEST_AUTH_LENGTH), 733 req_key_handle_offset, key_handle 734 )) 735 return TPM_LIB_ERROR; 736 err = create_request_auth(request, sizeof(command), 4, &oiap_session, 737 request + sizeof(command), usage_auth); 738 if (err) 739 return err; 740 err = tpm_sendrecv_command(request, response, &response_length); 741 if (err) { 742 if (err == TPM_AUTHFAIL) 743 oiap_session.valid = 0; 744 return err; 745 } 746 err = verify_response_auth(0x00000021, response, 747 response_length - TPM_RESPONSE_AUTH_LENGTH, 748 0, &oiap_session, 749 response + response_length - 750 TPM_RESPONSE_AUTH_LENGTH, 751 usage_auth); 752 if (err) 753 return err; 754 755 if (pubkey) { 756 if ((response_length - TPM_RESPONSE_HEADER_LENGTH 757 - TPM_RESPONSE_AUTH_LENGTH) > *pubkey_len) 758 return TPM_LIB_ERROR; 759 *pubkey_len = response_length - TPM_RESPONSE_HEADER_LENGTH 760 - TPM_RESPONSE_AUTH_LENGTH; 761 memcpy(pubkey, response + res_pubkey_offset, 762 response_length - TPM_RESPONSE_HEADER_LENGTH 763 - TPM_RESPONSE_AUTH_LENGTH); 764 } 765 766 return 0; 767 } 768 769 #ifdef CONFIG_TPM_LOAD_KEY_BY_SHA1 770 u32 tpm_find_key_sha1(const u8 auth[20], const u8 pubkey_digest[20], 771 u32 *handle) 772 { 773 u16 key_count; 774 u32 key_handles[10]; 775 u8 buf[288]; 776 u8 *ptr; 777 u32 err; 778 u8 digest[20]; 779 size_t buf_len; 780 unsigned int i; 781 782 /* fetch list of already loaded keys in the TPM */ 783 err = tpm_get_capability(TPM_CAP_HANDLE, TPM_RT_KEY, buf, sizeof(buf)); 784 if (err) 785 return -1; 786 key_count = get_unaligned_be16(buf); 787 ptr = buf + 2; 788 for (i = 0; i < key_count; ++i, ptr += 4) 789 key_handles[i] = get_unaligned_be32(ptr); 790 791 /* now search a(/ the) key which we can access with the given auth */ 792 for (i = 0; i < key_count; ++i) { 793 buf_len = sizeof(buf); 794 err = tpm_get_pub_key_oiap(key_handles[i], auth, buf, &buf_len); 795 if (err && err != TPM_AUTHFAIL) 796 return -1; 797 if (err) 798 continue; 799 sha1_csum(buf, buf_len, digest); 800 if (!memcmp(digest, pubkey_digest, 20)) { 801 *handle = key_handles[i]; 802 return 0; 803 } 804 } 805 return 1; 806 } 807 #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */ 808 809 #endif /* CONFIG_TPM_AUTH_SESSIONS */ 810 811 u32 tpm_get_random(void *data, u32 count) 812 { 813 const u8 command[14] = { 814 0x0, 0xc1, /* TPM_TAG */ 815 0x0, 0x0, 0x0, 0xe, /* parameter size */ 816 0x0, 0x0, 0x0, 0x46, /* TPM_COMMAND_CODE */ 817 }; 818 const size_t length_offset = 10; 819 const size_t data_size_offset = 10; 820 const size_t data_offset = 14; 821 u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE]; 822 size_t response_length = sizeof(response); 823 u32 data_size; 824 u8 *out = data; 825 826 while (count > 0) { 827 u32 this_bytes = min((size_t)count, 828 sizeof(response) - data_offset); 829 u32 err; 830 831 if (pack_byte_string(buf, sizeof(buf), "sd", 832 0, command, sizeof(command), 833 length_offset, this_bytes)) 834 return TPM_LIB_ERROR; 835 err = tpm_sendrecv_command(buf, response, &response_length); 836 if (err) 837 return err; 838 if (unpack_byte_string(response, response_length, "d", 839 data_size_offset, &data_size)) 840 return TPM_LIB_ERROR; 841 if (data_size > count) 842 return TPM_LIB_ERROR; 843 if (unpack_byte_string(response, response_length, "s", 844 data_offset, out, data_size)) 845 return TPM_LIB_ERROR; 846 847 count -= data_size; 848 out += data_size; 849 } 850 851 return 0; 852 } 853
