From b1a31f22ec895bf231a527500f5d3d0599ccec82 Mon Sep 17 00:00:00 2001 From: Gary Lin Date: Mon, 24 Jun 2024 14:03:05 +0800 Subject: [PATCH 1/3] tss2: Add TPM2 buffer handling functions As the prepartion to support TPM2 Software Stack (TSS2), this commit implements the TPM2 buffer handling functions to pack data for the TPM2 commands and unpack the data from the response. Cc: Stefan Berger Signed-off-by: Hernan Gatta Signed-off-by: Gary Lin Reviewed-by: Daniel Kiper --- grub-core/lib/tss2/buffer.c | 147 +++++++++++++++++++++++++++++++ grub-core/lib/tss2/tss2_buffer.h | 64 ++++++++++++++ 2 files changed, 211 insertions(+) create mode 100644 grub-core/lib/tss2/buffer.c create mode 100644 grub-core/lib/tss2/tss2_buffer.h diff --git a/grub-core/lib/tss2/buffer.c b/grub-core/lib/tss2/buffer.c new file mode 100644 index 000000000..16d59a8f5 --- /dev/null +++ b/grub-core/lib/tss2/buffer.c @@ -0,0 +1,147 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2022 Microsoft Corporation + * Copyright (C) 2024 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include + +#include + +void grub_tpm2_buffer_init (grub_tpm2_buffer_t buffer) +{ + grub_memset (buffer->data, 0, sizeof (buffer->data)); + buffer->size = 0; + buffer->offset = 0; + buffer->cap = sizeof (buffer->data); + buffer->error = 0; +} + +void +grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void *data, grub_size_t size) +{ + grub_uint32_t r = buffer->cap - buffer->size; + + if (buffer->error) + return; + + if (size > r) + { + buffer->error = 1; + return; + } + + grub_memcpy (&buffer->data[buffer->size], (void *) data, size); + buffer->size += size; +} + +void +grub_tpm2_buffer_pack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t value) +{ + grub_tpm2_buffer_pack (buffer, (const void *) &value, sizeof (value)); +} + +void +grub_tpm2_buffer_pack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t value) +{ + grub_uint16_t tmp = grub_cpu_to_be16 (value); + + grub_tpm2_buffer_pack (buffer, (const void *) &tmp, sizeof (tmp)); +} + +void +grub_tpm2_buffer_pack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t value) +{ + grub_uint32_t tmp = grub_cpu_to_be32 (value); + + grub_tpm2_buffer_pack (buffer, (const void *) &tmp, sizeof (tmp)); +} + +void +grub_tpm2_buffer_unpack (grub_tpm2_buffer_t buffer, void *data, grub_size_t size) +{ + grub_uint32_t r = buffer->size - buffer->offset; + + if (buffer->error) + return; + + if (size > r) + { + buffer->error = 1; + return; + } + + grub_memcpy (data, &buffer->data[buffer->offset], size); + buffer->offset += size; +} + +void +grub_tpm2_buffer_unpack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t *value) +{ + grub_uint32_t r = buffer->size - buffer->offset; + + if (buffer->error) + return; + + if (sizeof (*value) > r) + { + buffer->error = 1; + return; + } + + grub_memcpy (value, &buffer->data[buffer->offset], sizeof (*value)); + buffer->offset += sizeof (*value); +} + +void +grub_tpm2_buffer_unpack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t *value) +{ + grub_uint16_t tmp; + grub_uint32_t r = buffer->size - buffer->offset; + + if (buffer->error) + return; + + if (sizeof (tmp) > r) + { + buffer->error = 1; + return; + } + + grub_memcpy (&tmp, &buffer->data[buffer->offset], sizeof (tmp)); + buffer->offset += sizeof (tmp); + *value = grub_be_to_cpu16 (tmp); +} + +void +grub_tpm2_buffer_unpack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t *value) +{ + grub_uint32_t tmp; + grub_uint32_t r = buffer->size - buffer->offset; + + if (buffer->error) + return; + + if (sizeof (tmp) > r) + { + buffer->error = 1; + return; + } + + grub_memcpy (&tmp, &buffer->data[buffer->offset], sizeof (tmp)); + buffer->offset += sizeof (tmp); + *value = grub_be_to_cpu32 (tmp); +} diff --git a/grub-core/lib/tss2/tss2_buffer.h b/grub-core/lib/tss2/tss2_buffer.h new file mode 100644 index 000000000..fb9db1aed --- /dev/null +++ b/grub-core/lib/tss2/tss2_buffer.h @@ -0,0 +1,64 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2022 Microsoft Corporation + * Copyright (C) 2024 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_TPM2_BUFFER_HEADER +#define GRUB_TPM2_BUFFER_HEADER 1 + +#include + +#define GRUB_TPM2_BUFFER_CAPACITY 4096 + +struct grub_tpm2_buffer +{ + grub_uint8_t data[GRUB_TPM2_BUFFER_CAPACITY]; + grub_size_t size; + grub_size_t offset; + grub_size_t cap; + bool error; +}; +typedef struct grub_tpm2_buffer *grub_tpm2_buffer_t; + +extern void +grub_tpm2_buffer_init (grub_tpm2_buffer_t buffer); + +extern void +grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void *data, grub_size_t size); + +extern void +grub_tpm2_buffer_pack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t value); + +extern void +grub_tpm2_buffer_pack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t value); + +extern void +grub_tpm2_buffer_pack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t value); + +extern void +grub_tpm2_buffer_unpack (grub_tpm2_buffer_t buffer, void *data, grub_size_t size); + +extern void +grub_tpm2_buffer_unpack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t *value); + +extern void +grub_tpm2_buffer_unpack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t *value); + +extern void +grub_tpm2_buffer_unpack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t *value); + +#endif /* ! GRUB_TPM2_BUFFER_HEADER */ -- 2.43.0 From 47f0b938daac250dedbe2a3b126ca6090babb4c9 Mon Sep 17 00:00:00 2001 From: Gary Lin Date: Mon, 24 Jun 2024 14:04:56 +0800 Subject: [PATCH 2/3] tss2: Add TPM2 types and Marshal/Unmarshal functions This commit adds the necessary TPM2 types and structs as the preparation for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal functions are also added to handle the data structure to be submitted to TPM2 commands and to be received from the response. Signed-off-by: Hernan Gatta Signed-off-by: Gary Lin Reviewed-by: Daniel Kiper Reviewed-by: Stefan Berger --- grub-core/lib/tss2/tss2_mu.c | 1174 +++++++++++++++++++++++++++++ grub-core/lib/tss2/tss2_mu.h | 397 ++++++++++ grub-core/lib/tss2/tss2_structs.h | 796 +++++++++++++++++++ grub-core/lib/tss2/tss2_types.h | 404 ++++++++++ 4 files changed, 2771 insertions(+) create mode 100644 grub-core/lib/tss2/tss2_mu.c create mode 100644 grub-core/lib/tss2/tss2_mu.h create mode 100644 grub-core/lib/tss2/tss2_structs.h create mode 100644 grub-core/lib/tss2/tss2_types.h diff --git a/grub-core/lib/tss2/tss2_mu.c b/grub-core/lib/tss2/tss2_mu.c new file mode 100644 index 000000000..86134cc0a --- /dev/null +++ b/grub-core/lib/tss2/tss2_mu.c @@ -0,0 +1,1174 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2022 Microsoft Corporation + * Copyright (C) 2024 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include + +#include + +void +grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_AUTH_COMMAND_t *authCommand) +{ + grub_uint32_t start; + grub_uint32_t tmp; + + grub_tpm2_buffer_pack_u32 (buffer, 0); + start = buffer->size; + + grub_tpm2_buffer_pack_u32 (buffer, authCommand->sessionHandle); + + grub_tpm2_buffer_pack_u16 (buffer, authCommand->nonce.size); + grub_tpm2_buffer_pack (buffer, authCommand->nonce.buffer, authCommand->nonce.size); + + grub_tpm2_buffer_pack_u8 (buffer, *((const grub_uint8_t *) &authCommand->sessionAttributes)); + + grub_tpm2_buffer_pack_u16 (buffer, authCommand->hmac.size); + grub_tpm2_buffer_pack (buffer, authCommand->hmac.buffer, authCommand->hmac.size); + + tmp = grub_cpu_to_be32 (buffer->size - start); + grub_memcpy (&buffer->data[start - sizeof (grub_uint32_t)], &tmp, sizeof (tmp)); +} + +void +grub_Tss2_MU_TPM2B_Marshal (grub_tpm2_buffer_t buffer, + const grub_uint16_t size, + const grub_uint8_t *b) +{ + grub_uint16_t i; + + grub_tpm2_buffer_pack_u16 (buffer, size); + + for (i = 0; i < size; i++) + grub_tpm2_buffer_pack_u8 (buffer, b[i]); +} + +void +grub_Tss2_MU_TPMU_SYM_KEY_BITS_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_SYM_OBJECT_t algorithm, + const TPMU_SYM_KEY_BITS_t *p) +{ + switch (algorithm) + { + case TPM_ALG_AES: + case TPM_ALG_SM4: + case TPM_ALG_CAMELLIA: + case TPM_ALG_XOR: + grub_tpm2_buffer_pack_u16 (buffer, *((const grub_uint16_t *) p)); + break; + case TPM_ALG_NULL: + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMU_SYM_MODE_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_SYM_OBJECT_t algorithm, + const TPMU_SYM_MODE_t *p) +{ + switch (algorithm) + { + case TPM_ALG_AES: + case TPM_ALG_SM4: + case TPM_ALG_CAMELLIA: + grub_tpm2_buffer_pack_u16 (buffer, *((const grub_uint16_t *) p)); + break; + case TPM_ALG_XOR: + case TPM_ALG_NULL: + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_SYM_DEF_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_SYM_DEF_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->algorithm); + grub_Tss2_MU_TPMU_SYM_KEY_BITS_Marshal (buffer, p->algorithm, &p->keyBits); + grub_Tss2_MU_TPMU_SYM_MODE_Marshal (buffer, p->algorithm, &p->mode); +} + +void +grub_Tss2_MU_TPMS_PCR_SELECTION_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_PCR_SELECTION_t *pcrSelection) +{ + grub_uint32_t i; + + grub_tpm2_buffer_pack_u16 (buffer, pcrSelection->hash); + grub_tpm2_buffer_pack_u8 (buffer, pcrSelection->sizeOfSelect); + + for (i = 0; i < pcrSelection->sizeOfSelect; i++) + grub_tpm2_buffer_pack_u8 (buffer, pcrSelection->pcrSelect[i]); +} + +void +grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (grub_tpm2_buffer_t buffer, + const TPML_PCR_SELECTION_t *pcrSelection) +{ + grub_uint32_t i; + + grub_tpm2_buffer_pack_u32 (buffer, pcrSelection->count); + + for (i = 0; i < pcrSelection->count; i++) + grub_Tss2_MU_TPMS_PCR_SELECTION_Marshal (buffer, &pcrSelection->pcrSelections[i]); +} + +void +grub_Tss2_MU_TPMA_OBJECT_Marshal (grub_tpm2_buffer_t buffer, + const TPMA_OBJECT_t *p) +{ + grub_tpm2_buffer_pack_u32 (buffer, *((const grub_uint32_t *) p)); +} + +void +grub_Tss2_MU_TPMS_SCHEME_XOR_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SCHEME_XOR_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->hashAlg); + grub_tpm2_buffer_pack_u16 (buffer, p->kdf); +} + +void +grub_Tss2_MU_TPMS_SCHEME_HMAC_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SCHEME_HMAC_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->hashAlg); +} + +void +grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_KEYEDHASH_SCHEME_t scheme, + const TPMU_SCHEME_KEYEDHASH_t *p) +{ + switch (scheme) + { + case TPM_ALG_HMAC: + grub_Tss2_MU_TPMS_SCHEME_HMAC_Marshal (buffer, &p->hmac); + break; + case TPM_ALG_XOR: + grub_Tss2_MU_TPMS_SCHEME_XOR_Marshal (buffer, &p->exclusiveOr); + break; + case TPM_ALG_NULL: + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_KEYEDHASH_SCHEME_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->scheme); + grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Marshal (buffer, p->scheme, &p->details); +} + +void +grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_KEYEDHASH_PARMS_t *p) +{ + grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Marshal (buffer, &p->scheme); +} + +void +grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_SYM_DEF_OBJECT_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->algorithm); + grub_Tss2_MU_TPMU_SYM_KEY_BITS_Marshal (buffer, p->algorithm, &p->keyBits); + grub_Tss2_MU_TPMU_SYM_MODE_Marshal (buffer, p->algorithm, &p->mode); +} + +void +grub_Tss2_MU_TPMU_ASYM_SCHEME_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_RSA_DECRYPT_t scheme, + const TPMU_ASYM_SCHEME_t *p __attribute__ ((unused))) +{ + switch (scheme) + { + case TPM_ALG_NULL: + break; + default: + /* Unsupported */ + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_RSA_SCHEME_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_RSA_SCHEME_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->scheme); + grub_Tss2_MU_TPMU_ASYM_SCHEME_Marshal (buffer, p->scheme, &p->details); +} + +void +grub_Tss2_MU_TPMS_RSA_PARMS_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_RSA_PARMS_t *p) +{ + grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (buffer, &p->symmetric); + grub_Tss2_MU_TPMT_RSA_SCHEME_Marshal (buffer, &p->scheme); + grub_tpm2_buffer_pack_u16 (buffer, p->keyBits); + grub_tpm2_buffer_pack_u32 (buffer, p->exponent); +} + +void +grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SYMCIPHER_PARMS_t *p) +{ + grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (buffer, &p->sym); +} + +void +grub_Tss2_MU_TPMT_ECC_SCHEME_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_ECC_SCHEME_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->scheme); + grub_Tss2_MU_TPMU_ASYM_SCHEME_Marshal (buffer, p->scheme, &p->details); +} + +void +grub_Tss2_MU_TPMU_KDF_SCHEME_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_KDF_t scheme, + const TPMU_KDF_SCHEME_t *p) +{ + switch (scheme) + { + case TPM_ALG_MGF1: + grub_tpm2_buffer_pack_u16 (buffer, p->mgf1.hashAlg); + break; + case TPM_ALG_KDF1_SP800_56A: + grub_tpm2_buffer_pack_u16 (buffer, p->kdf1_sp800_56a.hashAlg); + break; + case TPM_ALG_KDF2: + grub_tpm2_buffer_pack_u16 (buffer, p->kdf2.hashAlg); + break; + case TPM_ALG_KDF1_SP800_108: + grub_tpm2_buffer_pack_u16 (buffer, p->kdf1_sp800_108.hashAlg); + break; + case TPM_ALG_NULL: + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_KDF_SCHEME_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_KDF_SCHEME_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->scheme); + grub_Tss2_MU_TPMU_KDF_SCHEME_Marshal (buffer, p->scheme, &p->details); +} + +void +grub_Tss2_MU_TPMS_ECC_PARMS_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_ECC_PARMS_t *p) +{ + grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (buffer, &p->symmetric); + grub_Tss2_MU_TPMT_ECC_SCHEME_Marshal (buffer, &p->scheme); + grub_tpm2_buffer_pack_u16 (buffer, p->curveID); + grub_Tss2_MU_TPMT_KDF_SCHEME_Marshal (buffer, &p->kdf); +} + +void +grub_Tss2_MU_TPMU_PUBLIC_PARMS_Marshal (grub_tpm2_buffer_t buffer, + const grub_uint32_t type, + const TPMU_PUBLIC_PARMS_t *p) +{ + switch (type) + { + case TPM_ALG_KEYEDHASH: + grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Marshal (buffer, &p->keyedHashDetail); + break; + case TPM_ALG_SYMCIPHER: + grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Marshal (buffer, &p->symDetail); + break; + case TPM_ALG_RSA: + grub_Tss2_MU_TPMS_RSA_PARMS_Marshal (buffer, &p->rsaDetail); + break; + case TPM_ALG_ECC: + grub_Tss2_MU_TPMS_ECC_PARMS_Marshal (buffer, &p->eccDetail); + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMS_ECC_POINT_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_ECC_POINT_t *p) +{ + grub_Tss2_MU_TPM2B_Marshal (buffer, p->x.size, p->x.buffer); + grub_Tss2_MU_TPM2B_Marshal (buffer, p->y.size, p->y.buffer); +} + +void +grub_Tss2_MU_TPMU_PUBLIC_ID_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_PUBLIC_t type, + const TPMU_PUBLIC_ID_t *p) +{ + switch(type) + { + case TPM_ALG_KEYEDHASH: + grub_Tss2_MU_TPM2B_Marshal (buffer, p->keyedHash.size, p->keyedHash.buffer); + break; + case TPM_ALG_SYMCIPHER: + grub_Tss2_MU_TPM2B_Marshal (buffer, p->sym.size, p->sym.buffer); + break; + case TPM_ALG_RSA: + grub_Tss2_MU_TPM2B_Marshal (buffer, p->rsa.size, p->rsa.buffer); + break; + case TPM_ALG_ECC: + grub_Tss2_MU_TPMS_ECC_POINT_Marshal (buffer, &p->ecc); + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_PUBLIC_PARMS_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_PUBLIC_PARMS_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->type); + grub_Tss2_MU_TPMU_PUBLIC_PARMS_Marshal (buffer, p->type, &p->parameters); +} + +void +grub_Tss2_MU_TPMT_PUBLIC_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_PUBLIC_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->type); + grub_tpm2_buffer_pack_u16 (buffer, p->nameAlg); + grub_Tss2_MU_TPMA_OBJECT_Marshal (buffer, &p->objectAttributes); + grub_Tss2_MU_TPM2B_Marshal (buffer, p->authPolicy.size, p->authPolicy.buffer); + grub_Tss2_MU_TPMU_PUBLIC_PARMS_Marshal (buffer, p->type, &p->parameters); + grub_Tss2_MU_TPMU_PUBLIC_ID_Marshal (buffer, p->type, &p->unique); +} + +void +grub_Tss2_MU_TPM2B_PUBLIC_Marshal (grub_tpm2_buffer_t buffer, + const TPM2B_PUBLIC_t *p) +{ + grub_uint32_t start; + grub_uint16_t size; + + if (p) + { + grub_tpm2_buffer_pack_u16 (buffer, p->size); + + start = buffer->size; + grub_Tss2_MU_TPMT_PUBLIC_Marshal (buffer, &p->publicArea); + size = grub_cpu_to_be16 (buffer->size - start); + grub_memcpy (&buffer->data[start - sizeof (grub_uint16_t)], &size, sizeof (size)); + } + else + grub_tpm2_buffer_pack_u16 (buffer, 0); +} + +void +grub_Tss2_MU_TPMS_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SENSITIVE_CREATE_t *p) +{ + grub_Tss2_MU_TPM2B_Marshal (buffer, p->userAuth.size, p->userAuth.buffer); + grub_Tss2_MU_TPM2B_Marshal (buffer, p->data.size, p->data.buffer); +} + +void +grub_Tss2_MU_TPMU_SENSITIVE_COMPOSITE_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_PUBLIC_t type, + const TPMU_SENSITIVE_COMPOSITE_t *p) +{ + switch(type) + { + case TPM_ALG_RSA: + grub_Tss2_MU_TPM2B_Marshal (buffer, p->rsa.size, p->rsa.buffer); + break; + case TPM_ALG_ECC: + grub_Tss2_MU_TPM2B_Marshal (buffer, p->ecc.size, p->ecc.buffer); + break; + case TPM_ALG_KEYEDHASH: + grub_Tss2_MU_TPM2B_Marshal (buffer, p->bits.size, p->bits.buffer); + break; + case TPM_ALG_SYMCIPHER: + grub_Tss2_MU_TPM2B_Marshal (buffer, p->sym.size, p->sym.buffer); + break; + default: + buffer->error = 1; + } +} + +void +grub_Tss2_MU_TPMT_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_SENSITIVE_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->sensitiveType); + grub_Tss2_MU_TPM2B_Marshal (buffer, p->authValue.size, p->authValue.buffer); + grub_Tss2_MU_TPM2B_Marshal (buffer, p->seedValue.size, p->seedValue.buffer); + grub_Tss2_MU_TPMU_SENSITIVE_COMPOSITE_Marshal (buffer, p->sensitiveType, &p->sensitive); +} + +void +grub_Tss2_MU_TPM2B_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer, + const TPM2B_SENSITIVE_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->size); + grub_Tss2_MU_TPMT_SENSITIVE_Marshal (buffer, &p->sensitiveArea); +} + +void +grub_Tss2_MU_TPM2B_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer, + const TPM2B_SENSITIVE_CREATE_t *sensitiveCreate) +{ + grub_uint32_t start; + grub_uint16_t size; + + if (sensitiveCreate) + { + grub_tpm2_buffer_pack_u16 (buffer, sensitiveCreate->size); + start = buffer->size; + grub_Tss2_MU_TPMS_SENSITIVE_CREATE_Marshal (buffer, &sensitiveCreate->sensitive); + size = grub_cpu_to_be16 (buffer->size - start); + + grub_memcpy (&buffer->data[start - sizeof (grub_uint16_t)], &size, sizeof (size)); + } + else + grub_tpm2_buffer_pack_u16 (buffer, 0); +} + +void +grub_Tss2_MU_TPMS_SIGNATURE_RSA_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SIGNATURE_RSA_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->hash); + grub_Tss2_MU_TPM2B_Marshal (buffer, p->sig.size, p->sig.buffer); +} + +void +grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SIGNATURE_ECC_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->hash); + grub_Tss2_MU_TPM2B_Marshal (buffer, p->signatureR.size, p->signatureR.buffer); + grub_Tss2_MU_TPM2B_Marshal (buffer, p->signatureS.size, p->signatureS.buffer); +} + +void +grub_Tss2_MU_TPMU_HA_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_HASH_t hashAlg, + const TPMU_HA_t *p) +{ + grub_uint16_t i; + + switch (hashAlg) + { + case TPM_ALG_SHA1: + for (i = 0; i < TPM_SHA1_DIGEST_SIZE; i++) + grub_tpm2_buffer_pack_u8 (buffer, p->sha1[i]); + break; + case TPM_ALG_SHA256: + for (i = 0; i < TPM_SHA256_DIGEST_SIZE; i++) + grub_tpm2_buffer_pack_u8 (buffer, p->sha256[i]); + break; + case TPM_ALG_SHA384: + for (i = 0; i < TPM_SHA384_DIGEST_SIZE; i++) + grub_tpm2_buffer_pack_u8 (buffer, p->sha384[i]); + break; + case TPM_ALG_SHA512: + for (i = 0; i < TPM_SHA512_DIGEST_SIZE; i++) + grub_tpm2_buffer_pack_u8 (buffer, p->sha512[i]); + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_HA_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_HA_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->hashAlg); + grub_Tss2_MU_TPMU_HA_Marshal (buffer, p->hashAlg, &p->digest); +} + +void +grub_Tss2_MU_TPMU_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_SIG_SCHEME_t sigAlg, + const TPMU_SIGNATURE_t *p) +{ + switch (sigAlg) + { + case TPM_ALG_RSASSA: + grub_Tss2_MU_TPMS_SIGNATURE_RSA_Marshal (buffer, (TPMS_SIGNATURE_RSA_t *) &p->rsassa); + break; + case TPM_ALG_RSAPSS: + grub_Tss2_MU_TPMS_SIGNATURE_RSA_Marshal (buffer, (TPMS_SIGNATURE_RSA_t *) &p->rsapss); + break; + case TPM_ALG_ECDSA: + grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC_t *) &p->ecdsa); + break; + case TPM_ALG_ECDAA: + grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC_t *) &p->ecdaa); + break; + case TPM_ALG_SM2: + grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC_t *) &p->sm2); + break; + case TPM_ALG_ECSCHNORR: + grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC_t *) &p->ecschnorr); + break; + case TPM_ALG_HMAC: + grub_Tss2_MU_TPMT_HA_Marshal (buffer, &p->hmac); + break; + case TPM_ALG_NULL: + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_SIGNATURE_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->sigAlg); + grub_Tss2_MU_TPMU_SIGNATURE_Marshal (buffer, p->sigAlg, &p->signature); +} + +void +grub_Tss2_MU_TPMT_TK_VERIFIED_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_TK_VERIFIED_t *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->tag); + grub_tpm2_buffer_pack_u32 (buffer, p->hierarchy); + grub_Tss2_MU_TPM2B_Marshal (buffer, p->digest.size, p->digest.buffer); +} + +static void +__Tss2_MU_TPM2B_BUFFER_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_t *p, grub_uint16_t bound) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->size); + + if (p->size > bound) + { + buffer->error = 1; + return; + } + + grub_tpm2_buffer_unpack (buffer, &p->buffer, p->size); +} + +#define TPM2B_BUFFER_UNMARSHAL(buffer, type, data) \ + __Tss2_MU_TPM2B_BUFFER_Unmarshal(buffer, (TPM2B_t *)data, sizeof(type) - sizeof(grub_uint16_t)) + +void +grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_AUTH_RESPONSE_t *p) +{ + grub_uint8_t tmp; + grub_uint32_t tmp32; + + grub_tpm2_buffer_unpack_u16 (buffer, &p->nonce.size); + + if (p->nonce.size) + grub_tpm2_buffer_unpack (buffer, &p->nonce.buffer, p->nonce.size); + + grub_tpm2_buffer_unpack_u8 (buffer, &tmp); + tmp32 = tmp; + grub_memcpy (&p->sessionAttributes, &tmp32, sizeof (grub_uint32_t)); + + grub_tpm2_buffer_unpack_u16 (buffer, &p->hmac.size); + + if (p->hmac.size) + grub_tpm2_buffer_unpack (buffer, &p->hmac.buffer, p->hmac.size); +} + +void +grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_DIGEST_t *digest) +{ + TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_DIGEST_t, digest); +} + +void +grub_Tss2_MU_TPM2B_NONCE_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_NONCE_t *nonce) +{ + TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_NONCE_t, nonce); +} + +void +grub_Tss2_MU_TPM2B_DATA_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_DATA_t *data) +{ + TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_DATA_t, data); +} + +void +grub_Tss2_MU_TPMS_CREATION_DATA_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_CREATION_DATA_t *data) +{ + grub_Tss2_MU_TPML_PCR_SELECTION_Unmarshal (buffer, &data->pcrSelect); + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &data->pcrDigest); + grub_tpm2_buffer_unpack_u8 (buffer, (grub_uint8_t *)&data->locality); + grub_tpm2_buffer_unpack_u16 (buffer, &data->parentNameAlg); + grub_Tss2_MU_TPM2B_NAME_Unmarshal (buffer, &data->parentName); + grub_Tss2_MU_TPM2B_NAME_Unmarshal (buffer, &data->parentQualifiedName); + grub_Tss2_MU_TPM2B_DATA_Unmarshal (buffer, &data->outsideInfo); +} + +void +grub_Tss2_MU_TPM2B_CREATION_DATA_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_CREATION_DATA_t *data) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &data->size); + grub_Tss2_MU_TPMS_CREATION_DATA_Unmarshal (buffer, &data->creationData); +} + +void +grub_Tss2_MU_TPM2B_PRIVATE_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_PRIVATE_t *private) +{ + TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_PRIVATE_t, private); +} + +void +grub_Tss2_MU_TPM2B_SENSITIVE_DATA_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_SENSITIVE_DATA_t *data) +{ + TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_SENSITIVE_DATA_t, data); +} + +void +grub_Tss2_MU_TPM2B_PUBLIC_KEY_RSA_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_PUBLIC_KEY_RSA_t *rsa) +{ + TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_PUBLIC_KEY_RSA_t, rsa); +} + +void +grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_ECC_PARAMETER_t *param) +{ + TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_ECC_PARAMETER_t, param); +} + +void +grub_Tss2_MU_TPMA_OBJECT_Unmarshal (grub_tpm2_buffer_t buffer, + TPMA_OBJECT_t *p) +{ + grub_tpm2_buffer_unpack_u32 (buffer, (grub_uint32_t *) p); +} + +void +grub_Tss2_MU_TPMS_SCHEME_HMAC_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_SCHEME_HMAC_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->hashAlg); +} + +void +grub_Tss2_MU_TPMS_SCHEME_XOR_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_SCHEME_XOR_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->hashAlg); + grub_tpm2_buffer_unpack_u16 (buffer, &p->kdf); +} + +void +grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_KEYEDHASH_SCHEME_t scheme, + TPMU_SCHEME_KEYEDHASH_t *p) +{ + switch (scheme) + { + case TPM_ALG_HMAC: + grub_Tss2_MU_TPMS_SCHEME_HMAC_Unmarshal (buffer, &p->hmac); + break; + case TPM_ALG_XOR: + grub_Tss2_MU_TPMS_SCHEME_XOR_Unmarshal (buffer, &p->exclusiveOr); + break; + case TPM_ALG_NULL: + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_KEYEDHASH_SCHEME_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->scheme); + grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Unmarshal (buffer, p->scheme, &p->details); +} + +void +grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_KEYEDHASH_PARMS_t *p) +{ + grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Unmarshal (buffer, &p->scheme); +} + +void +grub_Tss2_MU_TPMU_SYM_KEY_BITS_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_SYM_OBJECT_t algorithm, + TPMU_SYM_KEY_BITS_t *p) +{ + switch (algorithm) + { + case TPM_ALG_AES: + case TPM_ALG_SM4: + case TPM_ALG_CAMELLIA: + case TPM_ALG_XOR: + grub_tpm2_buffer_unpack_u16 (buffer, (grub_uint16_t *) p); + break; + case TPM_ALG_NULL: + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMU_SYM_MODE_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_SYM_OBJECT_t algorithm, + TPMU_SYM_MODE_t *p) +{ + switch (algorithm) + { + case TPM_ALG_AES: + case TPM_ALG_SM4: + case TPM_ALG_CAMELLIA: + grub_tpm2_buffer_unpack_u16 (buffer, (grub_uint16_t *) p); + break; + case TPM_ALG_XOR: + case TPM_ALG_NULL: + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_SYM_DEF_OBJECT_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->algorithm); + grub_Tss2_MU_TPMU_SYM_KEY_BITS_Unmarshal (buffer, p->algorithm, &p->keyBits); + grub_Tss2_MU_TPMU_SYM_MODE_Unmarshal (buffer, p->algorithm, &p->mode); +} + +void +grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_SYMCIPHER_PARMS_t *p) +{ + grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (buffer, &p->sym); +} + +void +grub_Tss2_MU_TPMU_ASYM_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_RSA_DECRYPT_t scheme, + TPMU_ASYM_SCHEME_t *p __attribute__((unused))) +{ + switch (scheme) + { + case TPM_ALG_NULL: + break; + default: + /* Unsupported */ + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_RSA_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_RSA_SCHEME_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->scheme); + grub_Tss2_MU_TPMU_ASYM_SCHEME_Unmarshal (buffer, p->scheme, &p->details); +} + +void +grub_Tss2_MU_TPMS_RSA_PARMS_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_RSA_PARMS_t *p) +{ + grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (buffer, &p->symmetric); + grub_Tss2_MU_TPMT_RSA_SCHEME_Unmarshal (buffer, &p->scheme); + grub_tpm2_buffer_unpack_u16 (buffer, &p->keyBits); + grub_tpm2_buffer_unpack_u32 (buffer, &p->exponent); +} + +void +grub_Tss2_MU_TPMT_ECC_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_ECC_SCHEME_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->scheme); + grub_Tss2_MU_TPMU_ASYM_SCHEME_Unmarshal (buffer, p->scheme, &p->details); +} + +void +grub_Tss2_MU_TPMU_KDF_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_KDF_t scheme, + TPMU_KDF_SCHEME_t *p) +{ + switch (scheme) + { + case TPM_ALG_MGF1: + grub_tpm2_buffer_unpack_u16 (buffer, &p->mgf1.hashAlg); + break; + case TPM_ALG_KDF1_SP800_56A: + grub_tpm2_buffer_unpack_u16 (buffer, &p->kdf1_sp800_56a.hashAlg); + break; + case TPM_ALG_KDF2: + grub_tpm2_buffer_unpack_u16 (buffer, &p->kdf2.hashAlg); + break; + case TPM_ALG_KDF1_SP800_108: + grub_tpm2_buffer_unpack_u16 (buffer, &p->kdf1_sp800_108.hashAlg); + break; + case TPM_ALG_NULL: + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_KDF_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_KDF_SCHEME_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->scheme); + grub_Tss2_MU_TPMU_KDF_SCHEME_Unmarshal (buffer, p->scheme, &p->details); +} + +void +grub_Tss2_MU_TPMS_ECC_PARMS_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_ECC_PARMS_t *p) +{ + grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (buffer, &p->symmetric); + grub_Tss2_MU_TPMT_ECC_SCHEME_Unmarshal (buffer, &p->scheme ); + grub_tpm2_buffer_unpack_u16 (buffer, &p->curveID); + grub_Tss2_MU_TPMT_KDF_SCHEME_Unmarshal (buffer, &p->kdf); +} + +void +grub_Tss2_MU_TPMU_PUBLIC_PARMS_Unmarshal (grub_tpm2_buffer_t buffer, + grub_uint32_t type, + TPMU_PUBLIC_PARMS_t *p) +{ + switch (type) + { + case TPM_ALG_KEYEDHASH: + grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Unmarshal (buffer, &p->keyedHashDetail); + break; + case TPM_ALG_SYMCIPHER: + grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Unmarshal (buffer, &p->symDetail); + break; + case TPM_ALG_RSA: + grub_Tss2_MU_TPMS_RSA_PARMS_Unmarshal (buffer, &p->rsaDetail); + break; + case TPM_ALG_ECC: + grub_Tss2_MU_TPMS_ECC_PARMS_Unmarshal (buffer, &p->eccDetail); + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMS_ECC_POINT_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_ECC_POINT_t *p) +{ + grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (buffer, &p->x); + grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (buffer, &p->y); +} + +void +grub_Tss2_MU_TPMU_PUBLIC_ID_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_PUBLIC_t type, + TPMU_PUBLIC_ID_t *p) +{ + switch(type) + { + case TPM_ALG_KEYEDHASH: + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->keyedHash); + break; + case TPM_ALG_SYMCIPHER: + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->sym); + break; + case TPM_ALG_RSA: + grub_Tss2_MU_TPM2B_PUBLIC_KEY_RSA_Unmarshal (buffer, &p->rsa); + break; + case TPM_ALG_ECC: + grub_Tss2_MU_TPMS_ECC_POINT_Unmarshal (buffer, &p->ecc); + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_PUBLIC_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->type); + grub_tpm2_buffer_unpack_u16 (buffer, &p->nameAlg); + grub_Tss2_MU_TPMA_OBJECT_Unmarshal (buffer, &p->objectAttributes); + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->authPolicy); + grub_Tss2_MU_TPMU_PUBLIC_PARMS_Unmarshal (buffer, p->type, &p->parameters); + grub_Tss2_MU_TPMU_PUBLIC_ID_Unmarshal (buffer, p->type, &p->unique); +} + +void +grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_PUBLIC_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->size); + grub_Tss2_MU_TPMT_PUBLIC_Unmarshal (buffer, &p->publicArea); +} + +void +grub_Tss2_MU_TPMS_NV_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_NV_PUBLIC_t *p) +{ + grub_tpm2_buffer_unpack_u32 (buffer, &p->nvIndex); + grub_tpm2_buffer_unpack_u16 (buffer, &p->nameAlg); + grub_tpm2_buffer_unpack_u32 (buffer, &p->attributes); + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->authPolicy); + grub_tpm2_buffer_unpack_u16 (buffer, &p->dataSize); +} + +void +grub_Tss2_MU_TPM2B_NV_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_NV_PUBLIC_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->size); + grub_Tss2_MU_TPMS_NV_PUBLIC_Unmarshal (buffer, &p->nvPublic); +} + +void +grub_Tss2_MU_TPM2B_NAME_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_NAME_t *n) +{ + TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_NAME_t, n); +} + +void +grub_Tss2_MU_TPMS_TAGGED_PROPERTY_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_TAGGED_PROPERTY_t *property) +{ + grub_tpm2_buffer_unpack_u32 (buffer, &property->property); + grub_tpm2_buffer_unpack_u32 (buffer, &property->value); +} + +void +grub_Tss2_MU_TPMT_TK_CREATION_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_TK_CREATION_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->tag); + grub_tpm2_buffer_unpack_u32 (buffer, &p->hierarchy); + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->digest); +} + +void +grub_Tss2_MU_TPMT_TK_HASHCHECK_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_TK_HASHCHECK_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->tag); + grub_tpm2_buffer_unpack_u32 (buffer, &p->hierarchy); + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->digest); +} + +void +grub_Tss2_MU_TPMT_TK_VERIFIED_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_TK_VERIFIED_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->tag); + grub_tpm2_buffer_unpack_u32 (buffer, &p->hierarchy); + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &p->digest); +} + +void +grub_Tss2_MU_TPMS_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_PCR_SELECTION_t *pcrSelection) +{ + grub_uint32_t i; + + grub_tpm2_buffer_unpack_u16 (buffer, &pcrSelection->hash); + grub_tpm2_buffer_unpack_u8 (buffer, &pcrSelection->sizeOfSelect); + + if (pcrSelection->sizeOfSelect > TPM_PCR_SELECT_MAX) + { + buffer->error = 1; + return; + } + + for (i = 0; i < pcrSelection->sizeOfSelect; i++) + grub_tpm2_buffer_unpack_u8 (buffer, &pcrSelection->pcrSelect[i]); +} + +void +grub_Tss2_MU_TPML_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buffer, + TPML_PCR_SELECTION_t *pcrSelection) +{ + grub_uint32_t i; + + grub_tpm2_buffer_unpack_u32 (buffer, &pcrSelection->count); + + if (pcrSelection->count > TPM_NUM_PCR_BANKS) + { + buffer->error = 1; + return; + } + + for (i = 0; i < pcrSelection->count; i++) + grub_Tss2_MU_TPMS_PCR_SELECTION_Unmarshal (buffer, &pcrSelection->pcrSelections[i]); +} + +void +grub_Tss2_MU_TPML_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer, + TPML_DIGEST_t *digest) +{ + grub_uint32_t i; + + grub_tpm2_buffer_unpack_u32 (buffer, &digest->count); + + if (digest->count > 8) + { + buffer->error = 1; + return; + } + + for (i = 0; i < digest->count; i++) + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (buffer, &digest->digests[i]); +} + +void +grub_Tss2_MU_TPMS_SIGNATURE_RSA_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_SIGNATURE_RSA_t *rsa) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &rsa->hash); + grub_Tss2_MU_TPM2B_PUBLIC_KEY_RSA_Unmarshal (buffer, &rsa->sig); +} + +void +grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_SIGNATURE_ECC_t *ecc) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &ecc->hash); + grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (buffer, &ecc->signatureR); + grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (buffer, &ecc->signatureS); +} + +void +grub_Tss2_MU_TPMU_HA_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_HASH_t hashAlg, + TPMU_HA_t *p) +{ + switch (hashAlg) + { + case TPM_ALG_SHA1: + grub_tpm2_buffer_unpack (buffer, &p->sha1, TPM_SHA1_DIGEST_SIZE); + break; + case TPM_ALG_SHA256: + grub_tpm2_buffer_unpack (buffer, &p->sha256, TPM_SHA256_DIGEST_SIZE); + break; + case TPM_ALG_SHA384: + grub_tpm2_buffer_unpack (buffer, &p->sha384, TPM_SHA384_DIGEST_SIZE); + break; + case TPM_ALG_SHA512: + grub_tpm2_buffer_unpack (buffer, &p->sha512, TPM_SHA512_DIGEST_SIZE); + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_HA_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_HA_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->hashAlg); + grub_Tss2_MU_TPMU_HA_Unmarshal (buffer, p->hashAlg, &p->digest); +} + +void +grub_Tss2_MU_TPMU_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_SIG_SCHEME_t sigAlg, + TPMU_SIGNATURE_t *p) +{ + switch (sigAlg) + { + case TPM_ALG_RSASSA: + grub_Tss2_MU_TPMS_SIGNATURE_RSA_Unmarshal (buffer, (TPMS_SIGNATURE_RSA_t *)&p->rsassa); + break; + case TPM_ALG_RSAPSS: + grub_Tss2_MU_TPMS_SIGNATURE_RSA_Unmarshal (buffer, (TPMS_SIGNATURE_RSA_t *)&p->rsapss); + break; + case TPM_ALG_ECDSA: + grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC_t *)&p->ecdsa); + break; + case TPM_ALG_ECDAA: + grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC_t *)&p->ecdaa); + break; + case TPM_ALG_SM2: + grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC_t *)&p->sm2); + break; + case TPM_ALG_ECSCHNORR: + grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC_t *)&p->ecschnorr); + break; + case TPM_ALG_HMAC: + grub_Tss2_MU_TPMT_HA_Unmarshal (buffer, &p->hmac); + break; + case TPM_ALG_NULL: + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_Tss2_MU_TPMT_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_SIGNATURE_t *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->sigAlg); + grub_Tss2_MU_TPMU_SIGNATURE_Unmarshal (buffer, p->sigAlg, &p->signature); +} diff --git a/grub-core/lib/tss2/tss2_mu.h b/grub-core/lib/tss2/tss2_mu.h new file mode 100644 index 000000000..8f82126e1 --- /dev/null +++ b/grub-core/lib/tss2/tss2_mu.h @@ -0,0 +1,397 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2022 Microsoft Corporation + * Copyright (C) 2024 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_TPM2_MU_HEADER +#define GRUB_TPM2_MU_HEADER 1 + +#include +#include + +extern void +grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_AUTH_COMMAND_t *authCommand); + +extern void +grub_Tss2_MU_TPM2B_Marshal (grub_tpm2_buffer_t buffer, + const grub_uint16_t size, + const grub_uint8_t *b); + +extern void +grub_Tss2_MU_TPMU_SYM_KEY_BITS_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_SYM_OBJECT_t algorithm, + const TPMU_SYM_KEY_BITS_t *p); + +extern void +grub_Tss2_MU_TPMU_SYM_MODE_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_SYM_OBJECT_t algorithm, + const TPMU_SYM_MODE_t *p); + +extern void +grub_Tss2_MU_TPMT_SYM_DEF_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_SYM_DEF_t *p); + +extern void +grub_Tss2_MU_TPMS_PCR_SELECTION_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_PCR_SELECTION_t *pcrSelection); + +extern void +grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (grub_tpm2_buffer_t buffer, + const TPML_PCR_SELECTION_t *pcrSelection); + +extern void +grub_Tss2_MU_TPMA_OBJECT_Marshal (grub_tpm2_buffer_t buffer, + const TPMA_OBJECT_t *p); + +extern void +grub_Tss2_MU_TPMS_SCHEME_XOR_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SCHEME_XOR_t *p); + +extern void +grub_Tss2_MU_TPMS_SCHEME_HMAC_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SCHEME_HMAC_t *p); + +extern void +grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_KEYEDHASH_SCHEME_t scheme, + const TPMU_SCHEME_KEYEDHASH_t *p); + +extern void +grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_KEYEDHASH_SCHEME_t *p); + +extern void +grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_KEYEDHASH_PARMS_t *p); + +extern void +grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_SYM_DEF_OBJECT_t *p); + +extern void +grub_Tss2_MU_TPMU_ASYM_SCHEME_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_RSA_DECRYPT_t scheme, + const TPMU_ASYM_SCHEME_t *p); + +extern void +grub_Tss2_MU_TPMT_RSA_SCHEME_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_RSA_SCHEME_t *p); + +extern void +grub_Tss2_MU_TPMS_RSA_PARMS_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_RSA_PARMS_t *p); + +extern void +grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SYMCIPHER_PARMS_t *p); + +extern void +grub_Tss2_MU_TPMT_ECC_SCHEME_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_ECC_SCHEME_t *p); + +extern void +grub_Tss2_MU_TPMU_KDF_SCHEME_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_KDF_t scheme, + const TPMU_KDF_SCHEME_t *p); + +extern void +grub_Tss2_MU_TPMT_KDF_SCHEME_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_KDF_SCHEME_t *p); + +extern void +grub_Tss2_MU_TPMS_ECC_PARMS_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_ECC_PARMS_t *p); + +extern void +grub_Tss2_MU_TPMU_PUBLIC_PARMS_Marshal (grub_tpm2_buffer_t buffer, + const grub_uint32_t type, + const TPMU_PUBLIC_PARMS_t *p); + +extern void +grub_Tss2_MU_TPMS_ECC_POINT_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_ECC_POINT_t *p); + +extern void +grub_Tss2_MU_TPMU_PUBLIC_ID_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_PUBLIC_t type, + const TPMU_PUBLIC_ID_t *p); + +extern void +grub_Tss2_MU_TPMT_PUBLIC_PARMS_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_PUBLIC_PARMS_t *p); + +extern void +grub_Tss2_MU_TPMT_PUBLIC_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_PUBLIC_t *p); + +extern void +grub_Tss2_MU_TPM2B_PUBLIC_Marshal (grub_tpm2_buffer_t buffer, + const TPM2B_PUBLIC_t *p); + +extern void +grub_Tss2_MU_TPMS_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SENSITIVE_CREATE_t *p); + +extern void +grub_Tss2_MU_TPM2B_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer, + const TPM2B_SENSITIVE_CREATE_t *sensitiveCreate); + +extern void +grub_Tss2_MU_TPMU_SENSITIVE_COMPOSITE_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_PUBLIC_t type, + const TPMU_SENSITIVE_COMPOSITE_t *p); +extern void +grub_Tss2_MU_TPMT_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_SENSITIVE_t *p); + +extern void +grub_Tss2_MU_TPM2B_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer, + const TPM2B_SENSITIVE_t *p); + +extern void +grub_Tss2_MU_TPMS_SIGNATURE_RSA_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SIGNATURE_RSA_t *p); + +extern void +grub_Tss2_MU_TPMS_SIGNATURE_ECC_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SIGNATURE_ECC_t *p); + +extern void +grub_Tss2_MU_TPMU_HA_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_HASH_t hashAlg, + const TPMU_HA_t *p); + +extern void +grub_Tss2_MU_TPMT_HA_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_HA_t *p); + +extern void +grub_Tss2_MU_TPMU_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_SIG_SCHEME_t sigAlg, + const TPMU_SIGNATURE_t *p); + +extern void +grub_Tss2_MU_TPMT_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_SIGNATURE_t *p); + +extern void +grub_Tss2_MU_TPMT_TK_VERIFIED_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_TK_VERIFIED_t *p); + +extern void +grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_AUTH_RESPONSE_t *p); + +extern void +grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_DIGEST_t *digest); + +extern void +grub_Tss2_MU_TPM2B_NONCE_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_NONCE_t *nonce); + +extern void +grub_Tss2_MU_TPM2B_DATA_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_DATA_t *data); + +extern void +grub_Tss2_MU_TPMS_CREATION_DATA_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_CREATION_DATA_t *data); + +extern void +grub_Tss2_MU_TPM2B_CREATION_DATA_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_CREATION_DATA_t *data); + +extern void +grub_Tss2_MU_TPM2B_PRIVATE_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_PRIVATE_t *private); + +extern void +grub_Tss2_MU_TPM2B_SENSITIVE_DATA_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_SENSITIVE_DATA_t *data); + +extern void +grub_Tss2_MU_TPM2B_PUBLIC_KEY_RSA_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_PUBLIC_KEY_RSA_t *rsa); + +extern void +grub_Tss2_MU_TPM2B_ECC_PARAMETER_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_ECC_PARAMETER_t *param); + +extern void +grub_Tss2_MU_TPMA_OBJECT_Unmarshal (grub_tpm2_buffer_t buffer, + TPMA_OBJECT_t *p); + +extern void +grub_Tss2_MU_TPMS_SCHEME_HMAC_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_SCHEME_HMAC_t *p); + +extern void +grub_Tss2_MU_TPMS_SCHEME_XOR_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_SCHEME_XOR_t *p); + +extern void +grub_Tss2_MU_TPMU_SCHEME_KEYEDHASH_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_KEYEDHASH_SCHEME_t scheme, + TPMU_SCHEME_KEYEDHASH_t *p); + +extern void +grub_Tss2_MU_TPMT_KEYEDHASH_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_KEYEDHASH_SCHEME_t *p); + +extern void +grub_Tss2_MU_TPMS_KEYEDHASH_PARMS_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_KEYEDHASH_PARMS_t *p); + +extern void +grub_Tss2_MU_TPMU_SYM_KEY_BITS_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_SYM_OBJECT_t algorithm, + TPMU_SYM_KEY_BITS_t *p); + +extern void +grub_Tss2_MU_TPMU_SYM_MODE_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_SYM_OBJECT_t algorithm, + TPMU_SYM_MODE_t *p); + +extern void +grub_Tss2_MU_TPMT_SYM_DEF_OBJECT_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_SYM_DEF_OBJECT_t *p); + +extern void +grub_Tss2_MU_TPMS_SYMCIPHER_PARMS_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_SYMCIPHER_PARMS_t *p); + +extern void +grub_Tss2_MU_TPMU_ASYM_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_RSA_DECRYPT_t scheme, + TPMU_ASYM_SCHEME_t *p); + +extern void +grub_Tss2_MU_TPMT_RSA_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_RSA_SCHEME_t *p); + +extern void +grub_Tss2_MU_TPMS_RSA_PARMS_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_RSA_PARMS_t *p); + +extern void +grub_Tss2_MU_TPMT_ECC_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_ECC_SCHEME_t *p); + +extern void +grub_Tss2_MU_TPMU_KDF_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_KDF_t scheme, + TPMU_KDF_SCHEME_t *p); + +extern void +grub_Tss2_MU_TPMT_KDF_SCHEME_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_KDF_SCHEME_t *p); + +extern void +grub_Tss2_MU_TPMS_ECC_PARMS_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_ECC_PARMS_t *p); + +extern void +grub_Tss2_MU_TPMU_PUBLIC_PARMS_Unmarshal (grub_tpm2_buffer_t buffer, + grub_uint32_t type, + TPMU_PUBLIC_PARMS_t *p); + +extern void +grub_Tss2_MU_TPMS_ECC_POINT_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_ECC_POINT_t *p); + +extern void +grub_Tss2_MU_TPMU_PUBLIC_ID_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_PUBLIC_t type, + TPMU_PUBLIC_ID_t *p); + +extern void +grub_Tss2_MU_TPMT_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_PUBLIC_t *p); + +extern void +grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_PUBLIC_t *p); + +extern void +grub_Tss2_MU_TPMS_NV_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_NV_PUBLIC_t *p); + +extern void +grub_Tss2_MU_TPM2B_NV_PUBLIC_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_NV_PUBLIC_t *p); + +extern void +grub_Tss2_MU_TPM2B_NAME_Unmarshal (grub_tpm2_buffer_t buffer, + TPM2B_NAME_t *n); + +extern void +grub_Tss2_MU_TPMS_TAGGED_PROPERTY_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_TAGGED_PROPERTY_t *property); + +extern void +grub_Tss2_MU_TPMT_TK_CREATION_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_TK_CREATION_t *p); + +extern void +grub_Tss2_MU_TPMT_TK_HASHCHECK_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_TK_HASHCHECK_t *p); + +extern void +grub_Tss2_MU_TPMT_TK_VERIFIED_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_TK_VERIFIED_t *p); + +extern void +grub_Tss2_MU_TPMS_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_PCR_SELECTION_t *pcrSelection); + +extern void +grub_Tss2_MU_TPML_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buffer, + TPML_PCR_SELECTION_t *pcrSelection); + +extern void +grub_Tss2_MU_TPML_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer, + TPML_DIGEST_t *digest); + +extern void +grub_Tss2_MU_TPMS_SIGNATURE_RSA_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_SIGNATURE_RSA_t *p); + +extern void +grub_Tss2_MU_TPMS_SIGNATURE_ECC_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_SIGNATURE_ECC_t *p); + +extern void +grub_Tss2_MU_TPMU_HA_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_HASH_t hashAlg, + TPMU_HA_t *p); + +extern void +grub_Tss2_MU_TPMT_HA_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_HA_t *p); + +extern void +grub_Tss2_MU_TPMU_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_SIG_SCHEME_t sigAlg, + TPMU_SIGNATURE_t *p); + +extern void +grub_Tss2_MU_TPMT_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_SIGNATURE_t *p); + +#endif /* ! GRUB_TPM2_MU_HEADER */ diff --git a/grub-core/lib/tss2/tss2_structs.h b/grub-core/lib/tss2/tss2_structs.h new file mode 100644 index 000000000..798cd45df --- /dev/null +++ b/grub-core/lib/tss2/tss2_structs.h @@ -0,0 +1,796 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2022 Microsoft Corporation + * Copyright (C) 2024 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_TPM2_INTERNAL_STRUCTS_HEADER +#define GRUB_TPM2_INTERNAL_STRUCTS_HEADER 1 + +#include + +/* + * TPM response header + * This struct is used to calculate the minimum size of the TPM 2.0 response. + * The format of the response: + * + * +----------------------+ + * | UINT16 tag | + * +----------------------+ + * | UINT32 repsonse_size | + * +----------------------+ + * | UINT32 response_code | + * +======================+ + * | response_data | (optional) + * +======================+ + */ +struct __attribute__ ((__packed__)) TPM_RESPONSE_HEADER +{ + grub_uint16_t tag; + grub_uint32_t response_size; + TPM_RC_t response_code; +}; +typedef struct TPM_RESPONSE_HEADER TPM_RESPONSE_HEADER_t; + +/* TPMS_TAGGED_PROPERTY Structure */ +struct TPMS_TAGGED_PROPERTY +{ + TPM_PT_t property; + grub_uint32_t value; +}; +typedef struct TPMS_TAGGED_PROPERTY TPMS_TAGGED_PROPERTY_t; + +/* TPML_TAGGED_TPM_PROPERTY Structure */ +struct TPML_TAGGED_TPM_PROPERTY +{ + grub_uint32_t count; + TPMS_TAGGED_PROPERTY_t tpmProperty[TPM_MAX_TPM_PROPERTIES]; +}; +typedef struct TPML_TAGGED_TPM_PROPERTY TPML_TAGGED_TPM_PROPERTY_t; + +/* TPMU_CAPABILITIES Structure */ +union TPMU_CAPABILITIES +{ + TPML_TAGGED_TPM_PROPERTY_t tpmProperties; +}; +typedef union TPMU_CAPABILITIES TPMU_CAPABILITIES_t; + +/* TPMS_CAPABILITY_DATA Structure */ +struct TPMS_CAPABILITY_DATA +{ + TPM_CAP_t capability; + TPMU_CAPABILITIES_t data; +}; +typedef struct TPMS_CAPABILITY_DATA TPMS_CAPABILITY_DATA_t; + +/* TPMS_PCR_SELECT Structure */ +struct TPMS_PCR_SELECT +{ + grub_uint8_t sizeOfSelect; + grub_uint8_t pcrSelect[TPM_PCR_SELECT_MAX]; +}; +typedef struct TPMS_PCR_SELECT TPMS_PCR_SELECT_t; + +/* TPMS_PCR_SELECTION Structure */ +struct TPMS_PCR_SELECTION +{ + TPMI_ALG_HASH_t hash; + grub_uint8_t sizeOfSelect; + grub_uint8_t pcrSelect[TPM_PCR_SELECT_MAX]; +}; +typedef struct TPMS_PCR_SELECTION TPMS_PCR_SELECTION_t; + +static inline void TPMS_PCR_SELECTION_SelectPCR(TPMS_PCR_SELECTION_t *self, grub_uint32_t n) +{ + self->pcrSelect[(n / 8)] |= (1 << (n % 8)); +} + +/* TPML_PCR_SELECTION Structure */ +struct TPML_PCR_SELECTION +{ + grub_uint32_t count; + TPMS_PCR_SELECTION_t pcrSelections[TPM_NUM_PCR_BANKS]; +}; +typedef struct TPML_PCR_SELECTION TPML_PCR_SELECTION_t; + +/* TPMU_HA Structure */ +union TPMU_HA +{ + grub_uint8_t sha1[TPM_SHA1_DIGEST_SIZE]; + grub_uint8_t sha256[TPM_SHA256_DIGEST_SIZE]; + grub_uint8_t sha384[TPM_SHA384_DIGEST_SIZE]; + grub_uint8_t sha512[TPM_SHA512_DIGEST_SIZE]; + grub_uint8_t sm3_256[TPM_SM3_256_DIGEST_SIZE]; +}; +typedef union TPMU_HA TPMU_HA_t; + +/* TPM2B Structure */ +struct TPM2B +{ + grub_uint16_t size; + grub_uint8_t buffer[1]; +}; +typedef struct TPM2B TPM2B_t; + +/* TPM2B_DIGEST Structure */ +struct TPM2B_DIGEST +{ + grub_uint16_t size; + grub_uint8_t buffer[sizeof(TPMU_HA_t)]; +}; +typedef struct TPM2B_DIGEST TPM2B_DIGEST_t; + +/* TPML_DIGEST Structure */ +struct TPML_DIGEST +{ + grub_uint32_t count; + TPM2B_DIGEST_t digests[8]; +}; +typedef struct TPML_DIGEST TPML_DIGEST_t; + +/* TPM2B_NONCE Type */ +typedef TPM2B_DIGEST_t TPM2B_NONCE_t; + +/* TPMA_SESSION Structure */ +struct TPMA_SESSION +{ + grub_uint8_t continueSession:1; + grub_uint8_t auditExclusive:1; + grub_uint8_t auditReset:1; + grub_uint8_t reserved:2; + grub_uint8_t decrypt:1; + grub_uint8_t encrypt:1; + grub_uint8_t audit:1; +}; +typedef struct TPMA_SESSION TPMA_SESSION_t; + +/* TPM2B_AUTH Type */ +typedef TPM2B_DIGEST_t TPM2B_AUTH_t; + +/* TPMS_AUTH_COMMAND Structure */ +struct TPMS_AUTH_COMMAND +{ + TPMI_SH_AUTH_SESSION_t sessionHandle; + TPM2B_NONCE_t nonce; + TPMA_SESSION_t sessionAttributes; + TPM2B_AUTH_t hmac; +}; +typedef struct TPMS_AUTH_COMMAND TPMS_AUTH_COMMAND_t; + +/* TPMS_AUTH_RESPONSE Structure */ +struct TPMS_AUTH_RESPONSE +{ + TPM2B_NONCE_t nonce; + TPMA_SESSION_t sessionAttributes; + TPM2B_AUTH_t hmac; +}; +typedef struct TPMS_AUTH_RESPONSE TPMS_AUTH_RESPONSE_t; + +/* TPM2B_SENSITIVE_DATA Structure */ +struct TPM2B_SENSITIVE_DATA +{ + grub_uint16_t size; + grub_uint8_t buffer[TPM_MAX_SYM_DATA]; +}; +typedef struct TPM2B_SENSITIVE_DATA TPM2B_SENSITIVE_DATA_t; + +/* TPMS_SENSITIVE_CREATE Structure */ +struct TPMS_SENSITIVE_CREATE +{ + TPM2B_AUTH_t userAuth; + TPM2B_SENSITIVE_DATA_t data; +}; +typedef struct TPMS_SENSITIVE_CREATE TPMS_SENSITIVE_CREATE_t; + +/* TPM2B_SENSITIVE_CREATE Structure */ +struct TPM2B_SENSITIVE_CREATE +{ + grub_uint16_t size; + TPMS_SENSITIVE_CREATE_t sensitive; +}; +typedef struct TPM2B_SENSITIVE_CREATE TPM2B_SENSITIVE_CREATE_t; + +/* TPMA_OBJECT Structure */ +struct TPMA_OBJECT +{ + grub_uint32_t reserved1:1; + grub_uint32_t fixedTPM:1; + grub_uint32_t stClear:1; + grub_uint32_t reserved2:1; + grub_uint32_t fixedParent:1; + grub_uint32_t sensitiveDataOrigin:1; + grub_uint32_t userWithAuth:1; + grub_uint32_t adminWithPolicy:1; + grub_uint32_t reserved3:2; + grub_uint32_t noDA:1; + grub_uint32_t encryptedDuplication:1; + grub_uint32_t reserved4:4; + grub_uint32_t restricted:1; + grub_uint32_t decrypt:1; + grub_uint32_t sign:1; + grub_uint32_t reserved5:13; +}; +typedef struct TPMA_OBJECT TPMA_OBJECT_t; + +/* TPMS_SCHEME_HASH Structure */ +struct TPMS_SCHEME_HASH +{ + TPMI_ALG_HASH_t hashAlg; +}; +typedef struct TPMS_SCHEME_HASH TPMS_SCHEME_HASH_t; + +/* TPMS_SCHEME_HASH Types */ +typedef TPMS_SCHEME_HASH_t TPMS_KEY_SCHEME_ECDH_t; +typedef TPMS_SCHEME_HASH_t TPMS_KEY_SCHEME_ECMQV_t; +typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_RSASSA_t; +typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_RSAPSS_t; +typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_ECDSA_t; +typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_ECDAA_t; +typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_SM2_t; +typedef TPMS_SCHEME_HASH_t TPMS_SIG_SCHEME_ECSCHNORR_t; +typedef TPMS_SCHEME_HASH_t TPMS_ENC_SCHEME_RSAES_t; +typedef TPMS_SCHEME_HASH_t TPMS_ENC_SCHEME_OAEP_t; +typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF2_t; +typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_MGF1_t; +typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF1_SP800_56A_t; +typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF2_t; +typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF1_SP800_108_t; + +/* TPMS_SCHEME_HMAC Type */ +typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_HMAC_t; + +/* TPMS_SCHEME_XOR Structure */ +struct TPMS_SCHEME_XOR +{ + TPMI_ALG_HASH_t hashAlg; + TPMI_ALG_KDF_t kdf; +}; +typedef struct TPMS_SCHEME_XOR TPMS_SCHEME_XOR_t; + +/* TPMU_SCHEME_KEYEDHASH Union */ +union TPMU_SCHEME_KEYEDHASH +{ + TPMS_SCHEME_HMAC_t hmac; + TPMS_SCHEME_XOR_t exclusiveOr; +}; +typedef union TPMU_SCHEME_KEYEDHASH TPMU_SCHEME_KEYEDHASH_t; + +/* TPMT_KEYEDHASH_SCHEME Structure */ +struct TPMT_KEYEDHASH_SCHEME +{ + TPMI_ALG_KEYEDHASH_SCHEME_t scheme; + TPMU_SCHEME_KEYEDHASH_t details; +}; +typedef struct TPMT_KEYEDHASH_SCHEME TPMT_KEYEDHASH_SCHEME_t; + +/* TPMS_KEYEDHASH_PARMS Structure */ +struct TPMS_KEYEDHASH_PARMS +{ + TPMT_KEYEDHASH_SCHEME_t scheme; +}; +typedef struct TPMS_KEYEDHASH_PARMS TPMS_KEYEDHASH_PARMS_t; + +/* TPMU_SYM_KEY_BITS Union */ +union TPMU_SYM_KEY_BITS +{ + TPM_KEY_BITS_t aes; + TPM_KEY_BITS_t exclusiveOr; + TPM_KEY_BITS_t sm4; + TPM_KEY_BITS_t camellia; +}; +typedef union TPMU_SYM_KEY_BITS TPMU_SYM_KEY_BITS_t; + +/* TPMU_SYM_MODE Union */ +union TPMU_SYM_MODE +{ + TPMI_ALG_SYM_MODE_t aes; + TPMI_ALG_SYM_MODE_t sm4; + TPMI_ALG_SYM_MODE_t camellia; + TPMI_ALG_SYM_MODE_t sym; +}; +typedef union TPMU_SYM_MODE TPMU_SYM_MODE_t; + +/* TPMT_SYM_DEF_OBJECT Structure */ +struct TPMT_SYM_DEF_OBJECT +{ + TPMI_ALG_SYM_OBJECT_t algorithm; + TPMU_SYM_KEY_BITS_t keyBits; + TPMU_SYM_MODE_t mode; +}; +typedef struct TPMT_SYM_DEF_OBJECT TPMT_SYM_DEF_OBJECT_t; + +/* TPMS_SYMCIPHER_PARMS Structure */ +struct TPMS_SYMCIPHER_PARMS +{ + TPMT_SYM_DEF_OBJECT_t sym; +}; +typedef struct TPMS_SYMCIPHER_PARMS TPMS_SYMCIPHER_PARMS_t; + +/* TPMU_ASYM_SCHEME Union */ +union TPMU_ASYM_SCHEME +{ + TPMS_KEY_SCHEME_ECDH_t ecdh; + TPMS_KEY_SCHEME_ECMQV_t ecmqv; + TPMS_SIG_SCHEME_RSASSA_t rsassa; + TPMS_SIG_SCHEME_RSAPSS_t rsapss; + TPMS_SIG_SCHEME_ECDSA_t ecdsa; + TPMS_SIG_SCHEME_ECDAA_t ecdaa; + TPMS_SIG_SCHEME_SM2_t sm2; + TPMS_SIG_SCHEME_ECSCHNORR_t ecschnorr; + TPMS_ENC_SCHEME_RSAES_t rsaes; + TPMS_ENC_SCHEME_OAEP_t oaep; + TPMS_SCHEME_HASH_t anySig; + unsigned char padding[4]; +}; +typedef union TPMU_ASYM_SCHEME TPMU_ASYM_SCHEME_t; + +/* TPMT_RSA_SCHEME Structure */ +struct TPMT_RSA_SCHEME +{ + TPMI_ALG_RSA_SCHEME_t scheme; + TPMU_ASYM_SCHEME_t details; +}; +typedef struct TPMT_RSA_SCHEME TPMT_RSA_SCHEME_t; + +/* TPMS_RSA_PARMS Structure */ +struct TPMS_RSA_PARMS +{ + TPMT_SYM_DEF_OBJECT_t symmetric; + TPMT_RSA_SCHEME_t scheme; + TPM_KEY_BITS_t keyBits; + grub_uint32_t exponent; +}; +typedef struct TPMS_RSA_PARMS TPMS_RSA_PARMS_t; + +/* TPMT_ECC_SCHEME Structure */ +struct TPMT_ECC_SCHEME +{ + TPMI_ALG_ECC_SCHEME_t scheme; + TPMU_ASYM_SCHEME_t details; +}; +typedef struct TPMT_ECC_SCHEME TPMT_ECC_SCHEME_t; + +/* TPMU_KDF_SCHEME Union */ +union TPMU_KDF_SCHEME +{ + TPMS_SCHEME_MGF1_t mgf1; + TPMS_SCHEME_KDF1_SP800_56A_t kdf1_sp800_56a; + TPMS_SCHEME_KDF2_t kdf2; + TPMS_SCHEME_KDF1_SP800_108_t kdf1_sp800_108; +}; +typedef union TPMU_KDF_SCHEME TPMU_KDF_SCHEME_t; + +/* TPMT_KDF_SCHEME Structure */ +struct TPMT_KDF_SCHEME +{ + TPMI_ALG_KDF_t scheme; + TPMU_KDF_SCHEME_t details; +}; +typedef struct TPMT_KDF_SCHEME TPMT_KDF_SCHEME_t; + +/* TPMS_ECC_PARMS Structure */ +struct TPMS_ECC_PARMS +{ + TPMT_SYM_DEF_OBJECT_t symmetric; + TPMT_ECC_SCHEME_t scheme; + TPMI_ECC_CURVE_t curveID; + TPMT_KDF_SCHEME_t kdf; +}; +typedef struct TPMS_ECC_PARMS TPMS_ECC_PARMS_t; + +/* TPMT_ASYM_SCHEME Structure */ +struct TPMT_ASYM_SCHEME +{ + TPMI_ALG_ASYM_SCHEME_t scheme; + TPMU_ASYM_SCHEME_t details; +}; +typedef struct TPMT_ASYM_SCHEME TPMT_ASYM_SCHEME_t; + +/* TPMS_ASYM_PARMS Structure */ +struct TPMS_ASYM_PARMS +{ + TPMT_SYM_DEF_OBJECT_t symmetric; + TPMT_ASYM_SCHEME_t scheme; +}; +typedef struct TPMS_ASYM_PARMS TPMS_ASYM_PARMS_t; + +/* TPMU_PUBLIC_PARMS Union */ +union TPMU_PUBLIC_PARMS +{ + TPMS_KEYEDHASH_PARMS_t keyedHashDetail; + TPMS_SYMCIPHER_PARMS_t symDetail; + TPMS_RSA_PARMS_t rsaDetail; + TPMS_ECC_PARMS_t eccDetail; + TPMS_ASYM_PARMS_t asymDetail; +}; +typedef union TPMU_PUBLIC_PARMS TPMU_PUBLIC_PARMS_t; + +/* TPMT_PUBLIC_PARMS Structure */ +struct TPMT_PUBLIC_PARMS { + TPMI_ALG_PUBLIC_t type; + TPMU_PUBLIC_PARMS_t parameters; +}; +typedef struct TPMT_PUBLIC_PARMS TPMT_PUBLIC_PARMS_t; + +/* TPM2B_PUBLIC_KEY_RSA Structure */ +struct TPM2B_PUBLIC_KEY_RSA +{ + grub_uint16_t size; + grub_uint8_t buffer[TPM_MAX_RSA_KEY_BYTES]; +}; +typedef struct TPM2B_PUBLIC_KEY_RSA TPM2B_PUBLIC_KEY_RSA_t; + +/* TPM2B_ECC_PARAMETER Structure */ +struct TPM2B_ECC_PARAMETER +{ + grub_uint16_t size; + grub_uint8_t buffer[TPM_MAX_ECC_KEY_BYTES]; +}; +typedef struct TPM2B_ECC_PARAMETER TPM2B_ECC_PARAMETER_t; + +/* TPMS_ECC_POINT Structure */ +struct TPMS_ECC_POINT +{ + TPM2B_ECC_PARAMETER_t x; + TPM2B_ECC_PARAMETER_t y; +}; +typedef struct TPMS_ECC_POINT TPMS_ECC_POINT_t; + +/* TPMU_ENCRYPTED_SECRET Union */ +union TPMU_ENCRYPTED_SECRET +{ + grub_uint8_t ecc[sizeof(TPMS_ECC_POINT_t)]; + grub_uint8_t rsa[TPM_MAX_RSA_KEY_BYTES]; + grub_uint8_t symmetric[sizeof(TPM2B_DIGEST_t)]; + grub_uint8_t keyedHash[sizeof(TPM2B_DIGEST_t)]; +}; +typedef union TPMU_ENCRYPTED_SECRET TPMU_ENCRYPTED_SECRET_t; + +/* TPM2B_ENCRYPTED_SECRET Structure */ +struct TPM2B_ENCRYPTED_SECRET +{ + grub_uint16_t size; + grub_uint8_t secret[sizeof(TPMU_ENCRYPTED_SECRET_t)]; +}; +typedef struct TPM2B_ENCRYPTED_SECRET TPM2B_ENCRYPTED_SECRET_t; + +/* TPMU_PUBLIC_ID Union */ +union TPMU_PUBLIC_ID +{ + TPM2B_DIGEST_t keyedHash; + TPM2B_DIGEST_t sym; + TPM2B_PUBLIC_KEY_RSA_t rsa; + TPMS_ECC_POINT_t ecc; +}; +typedef union TPMU_PUBLIC_ID TPMU_PUBLIC_ID_t; + +/* TPMT_PUBLIC Structure */ +struct TPMT_PUBLIC +{ + TPMI_ALG_PUBLIC_t type; + TPMI_ALG_HASH_t nameAlg; + TPMA_OBJECT_t objectAttributes; + TPM2B_DIGEST_t authPolicy; + TPMU_PUBLIC_PARMS_t parameters; + TPMU_PUBLIC_ID_t unique; +}; +typedef struct TPMT_PUBLIC TPMT_PUBLIC_t; + +/* TPM2B_PUBLIC Structure */ +struct TPM2B_PUBLIC +{ + grub_uint16_t size; + TPMT_PUBLIC_t publicArea; +}; +typedef struct TPM2B_PUBLIC TPM2B_PUBLIC_t; + +/* TPMT_HA Structure */ +struct TPMT_HA +{ + TPMI_ALG_HASH_t hashAlg; + TPMU_HA_t digest; +}; +typedef struct TPMT_HA TPMT_HA_t; + +/* TPM2B_DATA Structure */ +struct TPM2B_DATA +{ + grub_uint16_t size; + grub_uint8_t buffer[sizeof(TPMT_HA_t)]; +}; +typedef struct TPM2B_DATA TPM2B_DATA_t; + +/* TPMA_LOCALITY Structure */ +struct TPMA_LOCALITY +{ + grub_uint8_t TPM_LOC_ZERO:1; + grub_uint8_t TPM_LOC_ONE:1; + grub_uint8_t TPM_LOC_TWO:1; + grub_uint8_t TPM_LOC_THREE:1; + grub_uint8_t TPM_LOC_FOUR:1; + grub_uint8_t Extended:3; +}; +typedef struct TPMA_LOCALITY TPMA_LOCALITY_t; + +/* TPMU_NAME Union */ +union TPMU_NAME +{ + TPMT_HA_t digest; + TPM_HANDLE_t handle; +}; +typedef union TPMU_NAME TPMU_NAME_t; + +/* TPM2B_NAME Structure */ +struct TPM2B_NAME +{ + grub_uint16_t size; + grub_uint8_t name[sizeof(TPMU_NAME_t)]; +}; +typedef struct TPM2B_NAME TPM2B_NAME_t; + +/* TPMS_CREATION_DATA Structure */ +struct TPMS_CREATION_DATA +{ + TPML_PCR_SELECTION_t pcrSelect; + TPM2B_DIGEST_t pcrDigest; + TPMA_LOCALITY_t locality; + TPM_ALG_ID_t parentNameAlg; + TPM2B_NAME_t parentName; + TPM2B_NAME_t parentQualifiedName; + TPM2B_DATA_t outsideInfo; +}; +typedef struct TPMS_CREATION_DATA TPMS_CREATION_DATA_t; + +/* TPM2B_CREATION_DATA Structure */ +struct TPM2B_CREATION_DATA +{ + grub_uint16_t size; + TPMS_CREATION_DATA_t creationData; +}; +typedef struct TPM2B_CREATION_DATA TPM2B_CREATION_DATA_t; + +/* TPMT_SYM_DEF Structure */ +struct TPMT_SYM_DEF +{ + TPMI_ALG_SYM_t algorithm; + TPMU_SYM_KEY_BITS_t keyBits; + TPMU_SYM_MODE_t mode; +}; +typedef struct TPMT_SYM_DEF TPMT_SYM_DEF_t; + +/* TPM2B_MAX_BUFFER Structure */ +struct TPM2B_MAX_BUFFER +{ + grub_uint16_t size; + grub_uint8_t buffer[TPM_MAX_DIGEST_BUFFER]; +}; +typedef struct TPM2B_MAX_BUFFER TPM2B_MAX_BUFFER_t; + +/* TPMT_TK_HASHCHECK Structure */ +struct TPMT_TK_HASHCHECK +{ + TPM_ST_t tag; + TPMI_RH_HIERARCHY_t hierarchy; + TPM2B_DIGEST_t digest; +}; +typedef struct TPMT_TK_HASHCHECK TPMT_TK_HASHCHECK_t; + +/* TPM2B_SYM_KEY Structure */ +struct TPM2B_SYM_KEY +{ + grub_uint16_t size; + grub_uint8_t buffer[TPM_MAX_SYM_KEY_BYTES]; +}; +typedef struct TPM2B_SYM_KEY TPM2B_SYM_KEY_t; + +/* TPM2B_PRIVATE_KEY_RSA Structure */ +struct TPM2B_PRIVATE_KEY_RSA +{ + grub_uint16_t size; + grub_uint8_t buffer[TPM_MAX_RSA_KEY_BYTES/2]; +}; +typedef struct TPM2B_PRIVATE_KEY_RSA TPM2B_PRIVATE_KEY_RSA_t; + +/* TPM2B_PRIVATE_VENDOR_SPECIFIC Structure */ +struct TPM2B_PRIVATE_VENDOR_SPECIFIC +{ + grub_uint16_t size; + grub_uint8_t buffer[TPM_PRIVATE_VENDOR_SPECIFIC_BYTES]; +}; +typedef struct TPM2B_PRIVATE_VENDOR_SPECIFIC TPM2B_PRIVATE_VENDOR_SPECIFIC_t; + +/* TPM2B_PRIVATE_VENDOR_SPECIFIC Union */ +union TPMU_SENSITIVE_COMPOSITE +{ + TPM2B_PRIVATE_KEY_RSA_t rsa; + TPM2B_ECC_PARAMETER_t ecc; + TPM2B_SENSITIVE_DATA_t bits; + TPM2B_SYM_KEY_t sym; + TPM2B_PRIVATE_VENDOR_SPECIFIC_t any; +}; +typedef union TPMU_SENSITIVE_COMPOSITE TPMU_SENSITIVE_COMPOSITE_t; + +/* TPMT_SENSITIVE Structure */ +struct TPMT_SENSITIVE +{ + TPMI_ALG_PUBLIC_t sensitiveType; + TPM2B_AUTH_t authValue; + TPM2B_DIGEST_t seedValue; + TPMU_SENSITIVE_COMPOSITE_t sensitive; +}; +typedef struct TPMT_SENSITIVE TPMT_SENSITIVE_t; + +/* TPM2B_SENSITIVE Structure */ +struct TPM2B_SENSITIVE +{ + grub_uint16_t size; + TPMT_SENSITIVE_t sensitiveArea; +}; +typedef struct TPM2B_SENSITIVE TPM2B_SENSITIVE_t; + +/* + * _PRIVATE Structure + * + * Although '_PRIVATE' is the name defined in the TPM2 SPEC, it is too generic, + * so here we add the '__TPM2B' prefix to make the struct specific for 'TPM2B_PRIVATE'. + */ +struct __TPM2B_PRIVATE +{ + TPM2B_DIGEST_t integrityOuter; + TPM2B_DIGEST_t integrityInner; + TPM2B_SENSITIVE_t sensitive; +}; +typedef struct __TPM2B_PRIVATE __TPM2B_PRIVATE_t; + +/* TPM2B_PRIVATE Structure */ +struct TPM2B_PRIVATE +{ + grub_uint16_t size; + grub_uint8_t buffer[sizeof(__TPM2B_PRIVATE_t)]; +}; +typedef struct TPM2B_PRIVATE TPM2B_PRIVATE_t; + +/* TPML_DIGEST_VALUES Structure */ +struct TPML_DIGEST_VALUES +{ + grub_uint16_t count; + TPMT_HA_t digests[TPM_NUM_PCR_BANKS]; +}; +typedef struct TPML_DIGEST_VALUES TPML_DIGEST_VALUES_t; + +/* TPM2B_MAX_NV_BUFFER Structure */ +struct TPM2B_MAX_NV_BUFFER +{ + grub_uint16_t size; + grub_uint8_t buffer[TPM_MAX_NV_BUFFER_SIZE]; +}; +typedef struct TPM2B_MAX_NV_BUFFER TPM2B_MAX_NV_BUFFER_t; + +/* TPMS_NV_PUBLIC Structure */ +struct TPMS_NV_PUBLIC +{ + TPMI_RH_NV_INDEX_t nvIndex; + TPMI_ALG_HASH_t nameAlg; + TPMA_NV_t attributes; + TPM2B_DIGEST_t authPolicy; + grub_uint16_t dataSize; +}; +typedef struct TPMS_NV_PUBLIC TPMS_NV_PUBLIC_t; + +/* TPM2B_NV_PUBLIC Structure */ +struct TPM2B_NV_PUBLIC +{ + grub_uint16_t size; + TPMS_NV_PUBLIC_t nvPublic; +}; +typedef struct TPM2B_NV_PUBLIC TPM2B_NV_PUBLIC_t; + +/* TPMT_TK_CREATION Structure */ +struct TPMT_TK_CREATION +{ + TPM_ST_t tag; + TPMI_RH_HIERARCHY_t hierarchy; + TPM2B_DIGEST_t digest; +}; +typedef struct TPMT_TK_CREATION TPMT_TK_CREATION_t; + +/* TPMS_EMPTY Structure */ +struct TPMS_EMPTY { + grub_uint8_t empty[1]; /* a structure with no member */ +}; +typedef struct TPMS_EMPTY TPMS_EMPTY_t; + +/* TPMS_SIGNATURE_RSA Structure */ +struct TPMS_SIGNATURE_RSA { + TPMI_ALG_HASH_t hash; + TPM2B_PUBLIC_KEY_RSA_t sig; +}; +typedef struct TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSA_t; + +/* Definition of Types for RSA Signature */ +typedef TPMS_SIGNATURE_RSA_t TPMS_SIGNATURE_RSASSA_t; +typedef TPMS_SIGNATURE_RSA_t TPMS_SIGNATURE_RSAPSS_t; + +/* TPMS_SIGNATURE_ECC Structure */ +struct TPMS_SIGNATURE_ECC { + TPMI_ALG_HASH_t hash; + TPM2B_ECC_PARAMETER_t signatureR; + TPM2B_ECC_PARAMETER_t signatureS; +}; +typedef struct TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECC_t; + +/* Definition of Types for ECC TPMS_SIGNATURE_ECC */ +typedef TPMS_SIGNATURE_ECC_t TPMS_SIGNATURE_ECDSA_t; +typedef TPMS_SIGNATURE_ECC_t TPMS_SIGNATURE_ECDAA_t; +typedef TPMS_SIGNATURE_ECC_t TPMS_SIGNATURE_SM2_t; +typedef TPMS_SIGNATURE_ECC_t TPMS_SIGNATURE_ECSCHNORR_t; + +/* TPMU_SIGNATURE Structure */ +union TPMU_SIGNATURE { + TPMS_SIGNATURE_RSASSA_t rsassa; + TPMS_SIGNATURE_RSAPSS_t rsapss; + TPMS_SIGNATURE_ECDSA_t ecdsa; + TPMS_SIGNATURE_ECDAA_t ecdaa; + TPMS_SIGNATURE_SM2_t sm2; + TPMS_SIGNATURE_ECSCHNORR_t ecschnorr; + TPMT_HA_t hmac; + TPMS_SCHEME_HASH_t any; + TPMS_EMPTY_t null; +}; +typedef union TPMU_SIGNATURE TPMU_SIGNATURE_t; + +/* TPMT_SIGNATURE Structure */ +struct TPMT_SIGNATURE { + TPMI_ALG_SIG_SCHEME_t sigAlg; + TPMU_SIGNATURE_t signature; +}; +typedef struct TPMT_SIGNATURE TPMT_SIGNATURE_t; + +static inline TPMI_ALG_HASH_t +TPMT_SIGNATURE_get_hash_alg (TPMT_SIGNATURE_t *sig) +{ + switch (sig->sigAlg) + { + case TPM_ALG_RSASSA: + return sig->signature.rsassa.hash; + case TPM_ALG_RSAPSS: + return sig->signature.rsapss.hash; + case TPM_ALG_ECDSA: + return sig->signature.ecdsa.hash; + case TPM_ALG_ECDAA: + return sig->signature.ecdaa.hash; + case TPM_ALG_SM2: + return sig->signature.sm2.hash; + case TPM_ALG_ECSCHNORR: + return sig->signature.ecschnorr.hash; + case TPM_ALG_HMAC: + return sig->signature.hmac.hashAlg; + default: + break; + } + + return TPM_ALG_NULL; +} + +/* TPMT_TK_VERIFIED Structure */ +struct TPMT_TK_VERIFIED { + TPM_ST_t tag; + TPMI_RH_HIERARCHY_t hierarchy; + TPM2B_DIGEST_t digest; +}; +typedef struct TPMT_TK_VERIFIED TPMT_TK_VERIFIED_t; + +#endif /* ! GRUB_TPM2_INTERNAL_STRUCTS_HEADER */ diff --git a/grub-core/lib/tss2/tss2_types.h b/grub-core/lib/tss2/tss2_types.h new file mode 100644 index 000000000..5b1a7947d --- /dev/null +++ b/grub-core/lib/tss2/tss2_types.h @@ -0,0 +1,404 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2022 Microsoft Corporation + * Copyright (C) 2024 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_TPM2_INTERNAL_TYPES_HEADER +#define GRUB_TPM2_INTERNAL_TYPES_HEADER 1 + +#include + +/* TPM2_RC Constants */ +typedef grub_uint32_t TPM_RC_t; + +#define TPM_RC_1 ((TPM_RC_t) 0x100) +#define TPM_RC_2 ((TPM_RC_t) 0x200) +#define TPM_RC_3 ((TPM_RC_t) 0x300) +#define TPM_RC_4 ((TPM_RC_t) 0x400) +#define TPM_RC_5 ((TPM_RC_t) 0x500) +#define TPM_RC_6 ((TPM_RC_t) 0x600) +#define TPM_RC_7 ((TPM_RC_t) 0x700) +#define TPM_RC_8 ((TPM_RC_t) 0x800) +#define TPM_RC_9 ((TPM_RC_t) 0x900) +#define TPM_RC_A ((TPM_RC_t) 0xA00) +#define TPM_RC_ASYMMETRIC ((TPM_RC_t) 0x081) +#define TPM_RC_ATTRIBUTES ((TPM_RC_t) 0x082) +#define TPM_RC_AUTH_CONTEXT ((TPM_RC_t) 0x145) +#define TPM_RC_AUTH_FAIL ((TPM_RC_t) 0x08E) +#define TPM_RC_AUTH_MISSING ((TPM_RC_t) 0x125) +#define TPM_RC_AUTHSIZE ((TPM_RC_t) 0x144) +#define TPM_RC_AUTH_TYPE ((TPM_RC_t) 0x124) +#define TPM_RC_AUTH_UNAVAILABLE ((TPM_RC_t) 0x12F) +#define TPM_RC_B ((TPM_RC_t) 0xB00) +#define TPM_RC_BAD_AUTH ((TPM_RC_t) 0x0A2) +#define TPM_RC_BAD_CONTEXT ((TPM_RC_t) 0x150) +#define TPM_RC_BAD_TAG ((TPM_RC_t) 0x01E) +#define TPM_RC_BINDING ((TPM_RC_t) 0x0A5) +#define TPM_RC_C ((TPM_RC_t) 0xC00) +#define TPM_RC_CANCELED ((TPM_RC_t) 0x909) +#define TPM_RC_COMMAND_CODE ((TPM_RC_t) 0x143) +#define TPM_RC_COMMAND_SIZE ((TPM_RC_t) 0x142) +#define TPM_RC_CONTEXT_GAP ((TPM_RC_t) 0x901) +#define TPM_RC_CPHASH ((TPM_RC_t) 0x151) +#define TPM_RC_CURVE ((TPM_RC_t) 0x0A6) +#define TPM_RC_D ((TPM_RC_t) 0xD00) +#define TPM_RC_DISABLED ((TPM_RC_t) 0x120) +#define TPM_RC_E ((TPM_RC_t) 0xE00) +#define TPM_RC_ECC_POINT ((TPM_RC_t) 0x0A7) +#define TPM_RC_EXCLUSIVE ((TPM_RC_t) 0x121) +#define TPM_RC_EXPIRED ((TPM_RC_t) 0x0A3) +#define TPM_RC_F ((TPM_RC_t) 0xF00) +#define TPM_RC_FAILURE ((TPM_RC_t) 0x101) +#define TPM_RC_H ((TPM_RC_t) 0x000) +#define TPM_RC_HANDLE ((TPM_RC_t) 0x08B) +#define TPM_RC_HASH ((TPM_RC_t) 0x083) +#define TPM_RC_HIERARCHY ((TPM_RC_t) 0x085) +#define TPM_RC_HMAC ((TPM_RC_t) 0x119) +#define TPM_RC_INITIALIZE ((TPM_RC_t) 0x100) +#define TPM_RC_INSUFFICIENT ((TPM_RC_t) 0x09A) +#define TPM_RC_INTEGRITY ((TPM_RC_t) 0x09F) +#define TPM_RC_KDF ((TPM_RC_t) 0x08C) +#define TPM_RC_KEY ((TPM_RC_t) 0x09C) +#define TPM_RC_KEY_SIZE ((TPM_RC_t) 0x087) +#define TPM_RC_LOCALITY ((TPM_RC_t) 0x907) +#define TPM_RC_LOCKOUT ((TPM_RC_t) 0x921) +#define TPM_RC_MEMORY ((TPM_RC_t) 0x904) +#define TPM_RC_MGF ((TPM_RC_t) 0x088) +#define TPM_RC_MODE ((TPM_RC_t) 0x089) +#define TPM_RC_NEEDS_TEST ((TPM_RC_t) 0x153) +#define TPM_RC_N_MASK ((TPM_RC_t) 0xF00) +#define TPM_RC_NONCE ((TPM_RC_t) 0x08F) +#define TPM_RC_NO_RESULT ((TPM_RC_t) 0x154) +#define TPM_RC_NOT_USED ((TPM_RC_t) 0x97F) +#define TPM_RC_NV_AUTHORIZATION ((TPM_RC_t) 0x149) +#define TPM_RC_NV_DEFINED ((TPM_RC_t) 0x14C) +#define TPM_RC_NV_LOCKED ((TPM_RC_t) 0x148) +#define TPM_RC_NV_RANGE ((TPM_RC_t) 0x146) +#define TPM_RC_NV_RATE ((TPM_RC_t) 0x920) +#define TPM_RC_NV_SIZE ((TPM_RC_t) 0x147) +#define TPM_RC_NV_SPACE ((TPM_RC_t) 0x14B) +#define TPM_RC_NV_UNAVAILABLE ((TPM_RC_t) 0x923) +#define TPM_RC_NV_UNINITIALIZED ((TPM_RC_t) 0x14A) +#define TPM_RC_OBJECT_HANDLES ((TPM_RC_t) 0x906) +#define TPM_RC_OBJECT_MEMORY ((TPM_RC_t) 0x902) +#define TPM_RC_P ((TPM_RC_t) 0x040) +#define TPM_RC_PARENT ((TPM_RC_t) 0x152) +#define TPM_RC_PCR ((TPM_RC_t) 0x127) +#define TPM_RC_PCR_CHANGED ((TPM_RC_t) 0x128) +#define TPM_RC_POLICY ((TPM_RC_t) 0x126) +#define TPM_RC_POLICY_CC ((TPM_RC_t) 0x0A4) +#define TPM_RC_POLICY_FAIL ((TPM_RC_t) 0x09D) +#define TPM_RC_PP ((TPM_RC_t) 0x090) +#define TPM_RC_PRIVATE ((TPM_RC_t) 0x10B) +#define TPM_RC_RANGE ((TPM_RC_t) 0x08D) +#define TPM_RC_REBOOT ((TPM_RC_t) 0x130) +#define TPM_RC_REFERENCE_H0 ((TPM_RC_t) 0x910) +#define TPM_RC_REFERENCE_H1 ((TPM_RC_t) 0x911) +#define TPM_RC_REFERENCE_H2 ((TPM_RC_t) 0x912) +#define TPM_RC_REFERENCE_H3 ((TPM_RC_t) 0x913) +#define TPM_RC_REFERENCE_H4 ((TPM_RC_t) 0x914) +#define TPM_RC_REFERENCE_H5 ((TPM_RC_t) 0x915) +#define TPM_RC_REFERENCE_H6 ((TPM_RC_t) 0x916) +#define TPM_RC_REFERENCE_S0 ((TPM_RC_t) 0x918) +#define TPM_RC_REFERENCE_S1 ((TPM_RC_t) 0x919) +#define TPM_RC_REFERENCE_S2 ((TPM_RC_t) 0x91A) +#define TPM_RC_REFERENCE_S3 ((TPM_RC_t) 0x91B) +#define TPM_RC_REFERENCE_S4 ((TPM_RC_t) 0x91C) +#define TPM_RC_REFERENCE_S5 ((TPM_RC_t) 0x91D) +#define TPM_RC_REFERENCE_S6 ((TPM_RC_t) 0x91E) +#define TPM_RC_RESERVED_BITS ((TPM_RC_t) 0x0A1) +#define TPM_RC_RETRY ((TPM_RC_t) 0x922) +#define TPM_RC_S ((TPM_RC_t) 0x800) +#define TPM_RC_SCHEME ((TPM_RC_t) 0x092) +#define TPM_RC_SELECTOR ((TPM_RC_t) 0x098) +#define TPM_RC_SENSITIVE ((TPM_RC_t) 0x155) +#define TPM_RC_SEQUENCE ((TPM_RC_t) 0x103) +#define TPM_RC_SESSION_HANDLES ((TPM_RC_t) 0x905) +#define TPM_RC_SESSION_MEMORY ((TPM_RC_t) 0x903) +#define TPM_RC_SIGNATURE ((TPM_RC_t) 0x09B) +#define TPM_RC_SIZE ((TPM_RC_t) 0x095) +#define TPM_RC_SUCCESS ((TPM_RC_t) 0x000) +#define TPM_RC_SYMMETRIC ((TPM_RC_t) 0x096) +#define TPM_RC_TAG ((TPM_RC_t) 0x097) +#define TPM_RC_TESTING ((TPM_RC_t) 0x90A) +#define TPM_RC_TICKET ((TPM_RC_t) 0x0A0) +#define TPM_RC_TOO_MANY_CONTEXTS ((TPM_RC_t) 0x12E) +#define TPM_RC_TYPE ((TPM_RC_t) 0x08A) +#define TPM_RC_UNBALANCED ((TPM_RC_t) 0x131) +#define TPM_RC_UPGRADE ((TPM_RC_t) 0x12D) +#define TPM_RC_VALUE ((TPM_RC_t) 0x084) +#define TPM_RC_YIELDED ((TPM_RC_t) 0x908) + +/* TPMA_NV_t Constants */ +typedef grub_uint32_t TPMA_NV_t; + +#define TPMA_NV_PPWRITE ((TPMA_NV_t) 0x00000001) +#define TPMA_NV_OWNERWRITE ((TPMA_NV_t) 0x00000002) +#define TPMA_NV_AUTHWRITE ((TPMA_NV_t) 0x00000004) +#define TPMA_NV_POLICYWRITE ((TPMA_NV_t) 0x00000008) +#define TPMA_NV_TPM2_NT_MASK ((TPMA_NV_t) 0x000000F0) +#define TPMA_NV_TPM2_NT_SHIFT (4) +#define TPMA_NV_RESERVED1_MASK ((TPMA_NV_t) 0x00000300) +#define TPMA_NV_POLICY_DELETE ((TPMA_NV_t) 0x00000400) +#define TPMA_NV_WRITELOCKED ((TPMA_NV_t) 0x00000800) +#define TPMA_NV_WRITEALL ((TPMA_NV_t) 0x00001000) +#define TPMA_NV_WRITEDEFINE ((TPMA_NV_t) 0x00002000) +#define TPMA_NV_WRITE_STCLEAR ((TPMA_NV_t) 0x00004000) +#define TPMA_NV_GLOBALLOCK ((TPMA_NV_t) 0x00008000) +#define TPMA_NV_PPREAD ((TPMA_NV_t) 0x00010000) +#define TPMA_NV_OWNERREAD ((TPMA_NV_t) 0x00020000) +#define TPMA_NV_AUTHREAD ((TPMA_NV_t) 0x00040000) +#define TPMA_NV_POLICYREAD ((TPMA_NV_t) 0x00080000) +#define TPMA_NV_RESERVED2_MASK ((TPMA_NV_t) 0x01F00000) +#define TPMA_NV_NO_DA ((TPMA_NV_t) 0x02000000) +#define TPMA_NV_ORDERLY ((TPMA_NV_t) 0x04000000) +#define TPMA_NV_CLEAR_STCLEAR ((TPMA_NV_t) 0x08000000) +#define TPMA_NV_READLOCKED ((TPMA_NV_t) 0x10000000) +#define TPMA_NV_WRITTEN ((TPMA_NV_t) 0x20000000) +#define TPMA_NV_PLATFORMCREATE ((TPMA_NV_t) 0x40000000) +#define TPMA_NV_READ_STCLEAR ((TPMA_NV_t) 0x80000000) + +/* TPM_ALG_ID_t Constants */ +typedef grub_uint16_t TPM_ALG_ID_t; + +#define TPM_ALG_ERROR ((TPM_ALG_ID_t) 0x0000) +#define TPM_ALG_AES ((TPM_ALG_ID_t) 0x0006) +#define TPM_ALG_CAMELLIA ((TPM_ALG_ID_t) 0x0026) +#define TPM_ALG_CBC ((TPM_ALG_ID_t) 0x0042) +#define TPM_ALG_CFB ((TPM_ALG_ID_t) 0x0043) +#define TPM_ALG_ECB ((TPM_ALG_ID_t) 0x0044) +#define TPM_ALG_ECC ((TPM_ALG_ID_t) 0x0023) +#define TPM_ALG_ECDAA ((TPM_ALG_ID_t) 0x001A) +#define TPM_ALG_ECDSA ((TPM_ALG_ID_t) 0x0018) +#define TPM_ALG_ECSCHNORR ((TPM_ALG_ID_t) 0x001C) +#define TPM_ALG_HMAC ((TPM_ALG_ID_t) 0x0005) +#define TPM_ALG_KDF1_SP800_108 ((TPM_ALG_ID_t) 0x0022) +#define TPM_ALG_KDF1_SP800_56A ((TPM_ALG_ID_t) 0x0020) +#define TPM_ALG_KDF2 ((TPM_ALG_ID_t) 0x0021) +#define TPM_ALG_KEYEDHASH ((TPM_ALG_ID_t) 0x0008) +#define TPM_ALG_MGF1 ((TPM_ALG_ID_t) 0x0007) +#define TPM_ALG_NULL ((TPM_ALG_ID_t) 0x0010) +#define TPM_ALG_RSA ((TPM_ALG_ID_t) 0x0001) +#define TPM_ALG_RSASSA ((TPM_ALG_ID_t) 0x0014) +#define TPM_ALG_RSAPSS ((TPM_ALG_ID_t) 0x0016) +#define TPM_ALG_SHA1 ((TPM_ALG_ID_t) 0x0004) +#define TPM_ALG_SHA256 ((TPM_ALG_ID_t) 0x000B) +#define TPM_ALG_SHA384 ((TPM_ALG_ID_t) 0x000C) +#define TPM_ALG_SHA512 ((TPM_ALG_ID_t) 0x000D) +#define TPM_ALG_SM2 ((TPM_ALG_ID_t) 0x001B) +#define TPM_ALG_SM3_256 ((TPM_ALG_ID_t) 0x0012) +#define TPM_ALG_SM4 ((TPM_ALG_ID_t) 0x0013) +#define TPM_ALG_SYMCIPHER ((TPM_ALG_ID_t) 0x0025) +#define TPM_ALG_XOR ((TPM_ALG_ID_t) 0x000A) + +/* TPM_CAP_t Constants */ +typedef grub_uint32_t TPM_CAP_t; + +#define TPM_CAP_FIRST ((TPM_CAP_t) 0x00000000) +#define TPM_CAP_ALGS ((TPM_CAP_t) 0x00000000) +#define TPM_CAP_HANDLES ((TPM_CAP_t) 0x00000001) +#define TPM_CAP_COMMANDS ((TPM_CAP_t) 0x00000002) +#define TPM_CAP_PP_COMMANDS ((TPM_CAP_t) 0x00000003) +#define TPM_CAP_AUDIT_COMMANDS ((TPM_CAP_t) 0x00000004) +#define TPM_CAP_PCRS ((TPM_CAP_t) 0x00000005) +#define TPM_CAP_TPM_PROPERTIES ((TPM_CAP_t) 0x00000006) +#define TPM_CAP_PCR_PROPERTIES ((TPM_CAP_t) 0x00000007) +#define TPM_CAP_ECC_CURVES ((TPM_CAP_t) 0x00000008) +#define TPM_CAP_LAST ((TPM_CAP_t) 0x00000008) +#define TPM_CAP_VENDOR_PROPERTY ((TPM_CAP_t) 0x00000100) + +/* TPM_PT_t Constants */ +typedef grub_uint32_t TPM_PT_t; + +#define TPM_PT_NONE ((TPM_PT_t) 0x00000000) +#define PT_GROUP ((TPM_PT_t) 0x00000100) +#define PT_FIXED ((TPM_PT_t) (PT_GROUP * 1)) +#define TPM_PT_FAMILY_INDICATOR ((TPM_PT_t) (PT_FIXED + 0)) +#define TPM_PT_LEVEL ((TPM_PT_t) (PT_FIXED + 1)) +#define TPM_PT_REVISION ((TPM_PT_t) (PT_FIXED + 2)) +#define TPM_PT_DAY_OF_YEAR ((TPM_PT_t) (PT_FIXED + 3)) +#define TPM_PT_YEAR ((TPM_PT_t) (PT_FIXED + 4)) +#define TPM_PT_PCR_COUNT ((TPM_PT_t) (PT_FIXED + 18)) + +/* TPM_SE_t Constants */ +typedef grub_uint8_t TPM_SE_t; + +#define TPM_SE_HMAC ((TPM_SE_t) 0x00) +#define TPM_SE_POLICY ((TPM_SE_t) 0x01) +#define TPM_SE_TRIAL ((TPM_SE_t) 0x03) + +/* TPMI_YES_NO_t Constants */ +typedef grub_uint8_t TPMI_YES_NO_t; + +#define TPM_NO ((TPMI_YES_NO_t)0) +#define TPM_YES ((TPMI_YES_NO_t)1) + +/* TPM_ST_t Constants */ +typedef grub_uint16_t TPM_ST_t; +typedef TPM_ST_t TPMI_ST_COMMAND_TAG_t; + +#define TPM_ST_NO_SESSIONS ((TPMI_ST_COMMAND_TAG_t) 0x8001) +#define TPM_ST_SESSIONS ((TPMI_ST_COMMAND_TAG_t) 0x8002) + +/* TPM_HANDLE_t Types */ +typedef grub_uint32_t TPM_HANDLE_t; + +typedef TPM_HANDLE_t TPMI_RH_HIERARCHY_t; +typedef TPM_HANDLE_t TPMI_RH_LOCKOUT_t; +typedef TPM_HANDLE_t TPMI_SH_AUTH_SESSION_t; +typedef TPM_HANDLE_t TPMI_DH_CONTEXT_t; +typedef TPM_HANDLE_t TPMI_DH_OBJECT_t; +typedef TPM_HANDLE_t TPMI_DH_ENTITY_t; +typedef TPM_HANDLE_t TPMI_SH_POLICY_t; +typedef TPM_HANDLE_t TPMI_DH_PCR_t; +typedef TPM_HANDLE_t TPMI_RH_NV_AUTH_t; +typedef TPM_HANDLE_t TPMI_RH_NV_INDEX_t; + +/* TPM_HT_t Constants */ +typedef grub_uint8_t TPM_HT_t; +#define TPM_HT_PERMANENT ((TPM_HT_t) 0x40) +#define TPM_HT_PERSISTENT ((TPM_HT_t) 0x81) + +/* TPM_RH_t Constants */ +typedef TPM_HANDLE_t TPM_RH_t; + +#define TPM_RH_FIRST ((TPM_RH_t) 0x40000000) +#define TPM_RH_SRK ((TPM_RH_t) 0x40000000) +#define TPM_RH_OWNER ((TPM_RH_t) 0x40000001) +#define TPM_RH_REVOKE ((TPM_RH_t) 0x40000002) +#define TPM_RH_TRANSPORT ((TPM_RH_t) 0x40000003) +#define TPM_RH_OPERATOR ((TPM_RH_t) 0x40000004) +#define TPM_RH_ADMIN ((TPM_RH_t) 0x40000005) +#define TPM_RH_EK ((TPM_RH_t) 0x40000006) +#define TPM_RH_NULL ((TPM_RH_t) 0x40000007) +#define TPM_RH_UNASSIGNED ((TPM_RH_t) 0x40000008) +#define TPM_RS_PW ((TPM_RH_t) 0x40000009) +#define TPM_RH_LOCKOUT ((TPM_RH_t) 0x4000000A) +#define TPM_RH_ENDORSEMENT ((TPM_RH_t) 0x4000000B) +#define TPM_RH_PLATFORM ((TPM_RH_t) 0x4000000C) +#define TPM_RH_PLATFORM_NV ((TPM_RH_t) 0x4000000D) +#define TPM_RH_AUTH_00 ((TPM_RH_t) 0x40000010) +#define TPM_RH_AUTH_FF ((TPM_RH_t) 0x4000010F) +#define TPM_RH_LAST ((TPM_RH_t) 0x4000010F) + +/* TPM_HC_t Constants */ +typedef TPM_HANDLE_t TPM_HC_t; +#define TPM_HR_HANDLE_MASK ((TPM_HC_t) 0x00FFFFFF) +#define TPM_HR_RANGE_MASK ((TPM_HC_t) 0xFF000000) +#define TPM_HR_SHIFT ((TPM_HC_t) 24) +#define TPM_HR_PERSISTENT ((TPM_HC_t) (TPM_HT_PERSISTENT << TPM_HR_SHIFT)) +#define TPM_HR_PERMANENT ((TPM_HC_t) (TPM_HT_PERMANENT << TPM_HR_SHIFT)) +#define TPM_PERSISTENT_FIRST ((TPM_HC_t) (TPM_HR_PERSISTENT + 0)) +#define TPM_PERSISTENT_LAST ((TPM_HC_t) (TPM_PERSISTENT_FIRST + 0x00FFFFFF)) +#define TPM_PERMANENT_FIRST ((TPM_HC_t) TPM_RH_FIRST) +#define TPM_PERMANENT_LAST ((TPM_HC_t) TPM_RH_LAST) + +/* TPM Handle Type Checks */ +#define TPM_HT_IS_PERMANENT(HANDLE) (((HANDLE) >> TPM_HR_SHIFT) == TPM_HT_PERMANENT) +#define TPM_HT_IS_PERSISTENT(HANDLE) (((HANDLE) >> TPM_HR_SHIFT) == TPM_HT_PERSISTENT) + +/* TPM_ECC_CURVE_t Constants */ +typedef grub_uint16_t TPM_ECC_CURVE_t; + +#define TPM_ECC_NONE ((TPM_ECC_CURVE_t) 0x0000) +#define TPM_ECC_NIST_P192 ((TPM_ECC_CURVE_t) 0x0001) +#define TPM_ECC_NIST_P224 ((TPM_ECC_CURVE_t) 0x0002) +#define TPM_ECC_NIST_P256 ((TPM_ECC_CURVE_t) 0x0003) +#define TPM_ECC_NIST_P384 ((TPM_ECC_CURVE_t) 0x0004) +#define TPM_ECC_NIST_P521 ((TPM_ECC_CURVE_t) 0x0005) +#define TPM_ECC_BN_P256 ((TPM_ECC_CURVE_t) 0x0010) +#define TPM_ECC_BN_P638 ((TPM_ECC_CURVE_t) 0x0011) +#define TPM_ECC_SM2_P256 ((TPM_ECC_CURVE_t) 0x0020) + +/* TPM_CC_t Constants */ +typedef grub_uint32_t TPM_CC_t; + +#define TPM_CC_EvictControl ((TPM_CC_t) 0x00000120) +#define TPM_CC_CreatePrimary ((TPM_CC_t) 0x00000131) +#define TPM_CC_Create ((TPM_CC_t) 0x00000153) +#define TPM_CC_FlushContext ((TPM_CC_t) 0x00000165) +#define TPM_CC_ReadPublic ((TPM_CC_t) 0x00000173) +#define TPM_CC_StartAuthSession ((TPM_CC_t) 0x00000176) +#define TPM_CC_PolicyPCR ((TPM_CC_t) 0x0000017f) +#define TPM_CC_NV_Read ((TPM_CC_t) 0x0000014e) +#define TPM_CC_NV_ReadPublic ((TPM_CC_t) 0x00000169) +#define TPM_CC_GetCapability ((TPM_CC_t) 0x0000017a) +#define TPM_CC_PCR_Read ((TPM_CC_t) 0x0000017e) +#define TPM_CC_Load ((TPM_CC_t) 0x00000157) +#define TPM_CC_LoadExternal ((TPM_CC_t) 0x00000167) +#define TPM_CC_Unseal ((TPM_CC_t) 0x0000015e) +#define TPM_CC_PolicyGetDigest ((TPM_CC_t) 0x00000189) +#define TPM_CC_Hash ((TPM_CC_t) 0x0000017d) +#define TPM_CC_VerifySignature ((TPM_CC_t) 0x00000177) +#define TPM_CC_PolicyAuthorize ((TPM_CC_t) 0x0000016a) +#define TPM_CC_TestParms ((TPM_CC_t) 0x0000018a) + +/* Hash algorithm sizes */ +#define TPM_SHA1_DIGEST_SIZE 20 +#define TPM_SHA256_DIGEST_SIZE 32 +#define TPM_SM3_256_DIGEST_SIZE 32 +#define TPM_SHA384_DIGEST_SIZE 48 +#define TPM_SHA512_DIGEST_SIZE 64 + +/* Encryption algorithm sizes */ +#define TPM_MAX_SYM_BLOCK_SIZE 16 +#define TPM_MAX_SYM_DATA 256 +#define TPM_MAX_ECC_KEY_BYTES 128 +#define TPM_MAX_SYM_KEY_BYTES 32 +#define TPM_MAX_RSA_KEY_BYTES 512 + +/* Buffer Size Constants */ +#define TPM_MAX_PCRS 24 +#define TPM_NUM_PCR_BANKS 16 +#define TPM_PCR_SELECT_MAX ((TPM_MAX_PCRS + 7) / 8) +#define TPM_MAX_DIGEST_BUFFER 1024 +#define TPM_MAX_TPM_PROPERTIES 8 +#define TPM_MAX_NV_BUFFER_SIZE 2048 +#define TPM_PRIVATE_VENDOR_SPECIFIC_BYTES 1280 + +/* TPM_GENERATED_t Constants */ +typedef grub_uint32_t TPM_GENERATED_t; + +#define TPM_GENERATED_VALUE ((TPM_GENERATED_t) 0xff544347) + +/* TPM_ALG_ID_t Types */ +typedef TPM_ALG_ID_t TPMI_ALG_PUBLIC_t; +typedef TPM_ALG_ID_t TPMI_ALG_HASH_t; +typedef TPM_ALG_ID_t TPMI_ALG_KEYEDHASH_SCHEME_t; +typedef TPM_ALG_ID_t TPMI_ALG_KDF_t; +typedef TPM_ALG_ID_t TPMI_ALG_SYM_OBJECT_t; +typedef TPM_ALG_ID_t TPMI_ALG_SYM_MODE_t; +typedef TPM_ALG_ID_t TPMI_ALG_RSA_DECRYPT_t; +typedef TPM_ALG_ID_t TPMI_ALG_ECC_SCHEME_t; +typedef TPM_ALG_ID_t TPMI_ALG_ASYM_SCHEME_t; +typedef TPM_ALG_ID_t TPMI_ALG_RSA_SCHEME_t; +typedef TPM_ALG_ID_t TPMI_ALG_SYM_t; +typedef TPM_ALG_ID_t TPMI_ALG_SIG_SCHEME_t; + +/* TPM_KEY_BITS_t Type */ +typedef grub_uint16_t TPM_KEY_BITS_t; + +/* TPMI_ECC_CURVE_t Types */ +typedef TPM_ECC_CURVE_t TPMI_ECC_CURVE_t; + +/* TPMI_RH_PROVISION_t Type */ +typedef TPM_HANDLE_t TPMI_RH_PROVISION_t; + +/* TPMI_RH_PROVISION_t Type */ +typedef TPM_HANDLE_t TPMI_DH_PERSISTENT_t; + +#endif /* ! GRUB_TPM2_INTERNAL_TYPES_HEADER */ -- 2.43.0 From 50a5ff62f0f4ae18936beb66e4751a9dbcc0c80f Mon Sep 17 00:00:00 2001 From: Gary Lin Date: Mon, 24 Jun 2024 14:05:50 +0800 Subject: [PATCH 3/3] tss2: Add TPM2 Software Stack (TSS2) support A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to compose and submit TPM commands and parse reponses. A limited number of TPM commands may be accessed via the EFI TCG2 protocol. This protocol exposes functionality that is primarily geared toward TPM usage within the context of Secure Boot. For all other TPM commands, however, such as sealing and unsealing, this protocol does not provide any help, with the exception of passthrough command submission. The SubmitCommand method allows a caller to send raw commands to the system's TPM and to receive the corresponding response. These command/response pairs are formatted using the TPM wire protocol. To construct commands in this way, and to parse the TPM's response, it is necessary to, first, possess knowledge of the various TPM structures, and, second, of the TPM wire protocol itself. As such, this patch includes implementations of various grub_tpm2_* functions (inventoried below), and logic to write and read command and response buffers, respectively, using the TPM wire protocol. Functions: * grub_tpm2_create() * grub_tpm2_createprimary() * grub_tpm2_evictcontrol() * grub_tpm2_flushcontext() * grub_tpm2_load() * grub_tpm2_pcr_read() * grub_tpm2_policygetdigest() * grub_tpm2_policypcr() * grub_tpm2_readpublic() * grub_tpm2_startauthsession() * grub_tpm2_unseal() * grub_tpm2_loadexternal() * grub_tpm2_hash() * grub_tpm2_verifysignature() * grub_tpm2_policyauthorize() * grub_tpm2_testparms() Signed-off-by: Hernan Gatta Signed-off-by: Gary Lin Reviewed-by: Daniel Kiper Reviewed-by: Stefan Berger --- grub-core/Makefile.core.def | 11 + grub-core/lib/efi/tcg2.c | 143 +++++ grub-core/lib/tss2/tcg2.h | 35 ++ grub-core/lib/tss2/tpm2_cmd.c | 1043 +++++++++++++++++++++++++++++++++ grub-core/lib/tss2/tpm2_cmd.h | 157 +++++ grub-core/lib/tss2/tss2.c | 21 + 6 files changed, 1410 insertions(+) create mode 100644 grub-core/lib/efi/tcg2.c create mode 100644 grub-core/lib/tss2/tcg2.h create mode 100644 grub-core/lib/tss2/tpm2_cmd.c create mode 100644 grub-core/lib/tss2/tpm2_cmd.h create mode 100644 grub-core/lib/tss2/tss2.c diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def index 37f131ae2..45b705a34 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -2567,6 +2567,17 @@ module = { enable = efi; }; +module = { + name = tss2; + common = lib/tss2/buffer.c; + common = lib/tss2/tss2_mu.c; + common = lib/tss2/tpm2_cmd.c; + common = lib/tss2/tss2.c; + efi = lib/efi/tcg2.c; + enable = efi; + cppflags = '-I$(srcdir)/lib/tss2'; +}; + module = { name = tr; common = commands/tr.c; diff --git a/grub-core/lib/efi/tcg2.c b/grub-core/lib/efi/tcg2.c new file mode 100644 index 000000000..841bf50bb --- /dev/null +++ b/grub-core/lib/efi/tcg2.c @@ -0,0 +1,143 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2022 Microsoft Corporation + * Copyright (C) 2024 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include +#include +#include + +#include + +static grub_err_t +tcg2_get_caps (grub_efi_tpm2_protocol_t *protocol, int *tpm2, grub_size_t *max_output_size) +{ + grub_efi_status_t status; + static bool has_caps = 0; + static EFI_TCG2_BOOT_SERVICE_CAPABILITY caps = + { + .Size = (grub_uint8_t) sizeof (caps) + }; + + if (has_caps) + goto exit; + + status = protocol->get_capability (protocol, &caps); + if (status != GRUB_EFI_SUCCESS || !caps.TPMPresentFlag) + return GRUB_ERR_FILE_NOT_FOUND; + + has_caps = 1; + + exit: + if (tpm2 != NULL) + *tpm2 = caps.TPMPresentFlag; + if (max_output_size != NULL) + *max_output_size = caps.MaxResponseSize; + + return GRUB_ERR_NONE; +} + +static grub_err_t +tcg2_get_protocol (grub_efi_tpm2_protocol_t **protocol) +{ + static grub_guid_t tpm2_guid = EFI_TPM2_GUID; + static grub_efi_tpm2_protocol_t *tpm2_protocol = NULL; + int tpm2; + grub_efi_handle_t *handles; + grub_efi_uintn_t num_handles; + grub_efi_handle_t tpm2_handle; + grub_err_t err = GRUB_ERR_FILE_NOT_FOUND; + + if (tpm2_protocol != NULL) + { + *protocol = tpm2_protocol; + return GRUB_ERR_NONE; + } + + handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &tpm2_guid, NULL, + &num_handles); + if (handles == NULL || num_handles == 0) + return err; + + tpm2_handle = handles[0]; + + tpm2_protocol = grub_efi_open_protocol (tpm2_handle, &tpm2_guid, + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if (tpm2_protocol == NULL) + goto exit; + + err = tcg2_get_caps (tpm2_protocol, &tpm2, NULL); + if (err != GRUB_ERR_NONE || tpm2 == 0) + goto exit; + + *protocol = tpm2_protocol; + err = GRUB_ERR_NONE; + + exit: + grub_free (handles); + return err; +} + +grub_err_t +grub_tcg2_get_max_output_size (grub_size_t *size) +{ + grub_err_t err; + grub_size_t max; + grub_efi_tpm2_protocol_t *protocol; + + if (size == NULL) + return GRUB_ERR_BAD_ARGUMENT; + + err = tcg2_get_protocol (&protocol); + if (err != GRUB_ERR_NONE) + return err; + + err = tcg2_get_caps (protocol, NULL, &max); + if (err != GRUB_ERR_NONE) + return err; + + *size = max; + + return GRUB_ERR_NONE; +} + +grub_err_t +grub_tcg2_submit_command (grub_size_t input_size, + grub_uint8_t *input, + grub_size_t output_size, + grub_uint8_t *output) +{ + grub_err_t err; + grub_efi_status_t status; + grub_efi_tpm2_protocol_t *protocol; + + if (input_size == 0 || input == NULL || + output_size == 0 || output == NULL) + return GRUB_ERR_BAD_ARGUMENT; + + err = tcg2_get_protocol (&protocol); + if (err != GRUB_ERR_NONE) + return err; + + status = protocol->submit_command (protocol, input_size, input, + output_size, output); + if (status != GRUB_EFI_SUCCESS) + return GRUB_ERR_INVALID_COMMAND; + + return GRUB_ERR_NONE; +} diff --git a/grub-core/lib/tss2/tcg2.h b/grub-core/lib/tss2/tcg2.h new file mode 100644 index 000000000..3d26373dd --- /dev/null +++ b/grub-core/lib/tss2/tcg2.h @@ -0,0 +1,35 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2022 Microsoft Corporation + * Copyright (C) 2024 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_TPM2_TCG2_HEADER +#define GRUB_TPM2_TCG2_HEADER 1 + +#include +#include + +extern grub_err_t +grub_tcg2_get_max_output_size (grub_size_t *size); + +extern grub_err_t +grub_tcg2_submit_command (grub_size_t input_size, + grub_uint8_t *input, + grub_size_t output_size, + grub_uint8_t *output); + +#endif /* ! GRUB_TPM2_TCG2_HEADER */ diff --git a/grub-core/lib/tss2/tpm2_cmd.c b/grub-core/lib/tss2/tpm2_cmd.c new file mode 100644 index 000000000..cd0c6fd31 --- /dev/null +++ b/grub-core/lib/tss2/tpm2_cmd.c @@ -0,0 +1,1043 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2022 Microsoft Corporation + * Copyright (C) 2024 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static TPM_RC_t +tpm2_submit_command_real (const TPMI_ST_COMMAND_TAG_t tag, + const TPM_CC_t commandCode, + TPM_RC_t *responseCode, + const struct grub_tpm2_buffer *in, + struct grub_tpm2_buffer *out) +{ + grub_err_t err; + struct grub_tpm2_buffer buf; + TPMI_ST_COMMAND_TAG_t tag_out; + grub_uint32_t command_size; + grub_size_t max_output_size; + + /* Marshal */ + grub_tpm2_buffer_init (&buf); + grub_tpm2_buffer_pack_u16 (&buf, tag); + grub_tpm2_buffer_pack_u32 (&buf, 0); + grub_tpm2_buffer_pack_u32 (&buf, commandCode); + grub_tpm2_buffer_pack (&buf, in->data, in->size); + + if (buf.error != 0) + return TPM_RC_FAILURE; + + /* Convert the command size to big endian to fill the u32 buffer below 'tag' */ + command_size = grub_cpu_to_be32 (buf.size); + grub_memcpy (&buf.data[sizeof (grub_uint16_t)], &command_size, sizeof (command_size)); + + /* Stay within output block limits */ + err = grub_tcg2_get_max_output_size (&max_output_size); + if (err != GRUB_ERR_NONE || max_output_size > out->cap) + max_output_size = out->cap - 1; + + /* Submit */ + err = grub_tcg2_submit_command (buf.size, buf.data, max_output_size, out->data); + if (err != GRUB_ERR_NONE) + return TPM_RC_FAILURE; + + /* Unmarshal */ + out->size = sizeof (grub_uint16_t) + sizeof (grub_uint32_t) + sizeof (grub_uint32_t); + grub_tpm2_buffer_unpack_u16 (out, &tag_out); + grub_tpm2_buffer_unpack_u32 (out, &command_size); + grub_tpm2_buffer_unpack_u32 (out, responseCode); + out->size = command_size; + if (out->error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +static TPM_RC_t +tpm2_submit_command (const TPMI_ST_COMMAND_TAG_t tag, + const TPM_CC_t commandCode, + TPM_RC_t *responseCode, + const struct grub_tpm2_buffer *in, + struct grub_tpm2_buffer *out) +{ + TPM_RC_t err; + int retry_cnt = 0; + + /* Catch TPM_RC_RETRY and send the command again */ + do { + err = tpm2_submit_command_real (tag, commandCode, responseCode, in, out); + if (*responseCode != TPM_RC_RETRY) + break; + + retry_cnt++; + } while (retry_cnt < 3); + + return err; +} + +TPM_RC_t +grub_tpm2_createprimary (const TPMI_RH_HIERARCHY_t primaryHandle, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_SENSITIVE_CREATE_t *inSensitive, + const TPM2B_PUBLIC_t *inPublic, + const TPM2B_DATA_t *outsideInfo, + const TPML_PCR_SELECTION_t *creationPCR, + TPM_HANDLE_t *objectHandle, + TPM2B_PUBLIC_t *outPublic, + TPM2B_CREATION_DATA_t *creationData, + TPM2B_DIGEST_t *creationHash, + TPMT_TK_CREATION_t *creationTicket, + TPM2B_NAME_t *name, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPM_HANDLE_t objectHandleTmp; + TPM2B_PUBLIC_t outPublicTmp; + TPM2B_CREATION_DATA_t creationDataTmp; + TPM2B_DIGEST_t creationHashTmp; + TPMT_TK_CREATION_t creationTicketTmp; + TPM2B_NAME_t nameTmp; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + grub_uint32_t parameterSize; + + if (inSensitive == NULL || inPublic == NULL || outsideInfo == NULL || + creationPCR == NULL) + return TPM_RC_VALUE; + + if (objectHandle == NULL) + objectHandle = &objectHandleTmp; + if (outPublic == NULL) + outPublic = &outPublicTmp; + if (creationData == NULL) + creationData = &creationDataTmp; + if (creationHash == NULL) + creationHash = &creationHashTmp; + if (creationTicket == NULL) + creationTicket = &creationTicketTmp; + if (name == NULL) + name = &nameTmp; + if (authResponse == NULL) + authResponse = &authResponseTmp; + + grub_memset (outPublic, 0, sizeof (*outPublic)); + grub_memset (creationData, 0, sizeof (*creationData)); + grub_memset (creationHash, 0, sizeof (*creationHash)); + grub_memset (creationTicket, 0, sizeof (*creationTicket)); + grub_memset (name, 0, sizeof (*name)); + grub_memset (authResponse, 0, sizeof (*authResponse)); + + /* Marshal */ + grub_tpm2_buffer_init (&in); + grub_tpm2_buffer_pack_u32 (&in, primaryHandle); + if (authCommand != NULL) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + grub_Tss2_MU_TPM2B_SENSITIVE_CREATE_Marshal (&in, inSensitive); + grub_Tss2_MU_TPM2B_PUBLIC_Marshal (&in, inPublic); + grub_Tss2_MU_TPM2B_Marshal (&in, outsideInfo->size, outsideInfo->buffer); + grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (&in, creationPCR); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_CreatePrimary, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + grub_tpm2_buffer_unpack_u32 (&out, objectHandle); + if (tag == TPM_ST_SESSIONS) + grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize); + grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (&out, outPublic); + grub_Tss2_MU_TPM2B_CREATION_DATA_Unmarshal (&out, creationData); + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (&out, creationHash); + grub_Tss2_MU_TPMT_TK_CREATION_Unmarshal (&out, creationTicket); + grub_Tss2_MU_TPM2B_NAME_Unmarshal (&out, name); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse); + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_startauthsession (const TPMI_DH_OBJECT_t tpmKey, + const TPMI_DH_ENTITY_t bind, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_NONCE_t *nonceCaller, + const TPM2B_ENCRYPTED_SECRET_t *encryptedSalt, + const TPM_SE_t sessionType, + const TPMT_SYM_DEF_t *symmetric, + const TPMI_ALG_HASH_t authHash, + TPMI_SH_AUTH_SESSION_t *sessionHandle, + TPM2B_NONCE_t *nonceTpm, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPMI_SH_AUTH_SESSION_t sessionHandleTmp; + TPM2B_NONCE_t nonceTpmTmp; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + grub_uint32_t param_size; + + if (nonceCaller == NULL || symmetric == NULL) + return TPM_RC_VALUE; + + if (tpmKey == TPM_RH_NULL && + (encryptedSalt && encryptedSalt->size != 0)) + return TPM_RC_VALUE; + + if (sessionHandle == NULL) + sessionHandle = &sessionHandleTmp; + if (nonceTpm == NULL) + nonceTpm = &nonceTpmTmp; + if (authResponse == NULL) + authResponse = &authResponseTmp; + + grub_memset (sessionHandle, 0, sizeof (*sessionHandle)); + grub_memset (nonceTpm, 0, sizeof (*nonceTpm)); + grub_memset (authResponse, 0, sizeof (*authResponse)); + + /* Marshal */ + grub_tpm2_buffer_init (&in); + grub_tpm2_buffer_pack_u32 (&in, tpmKey); + grub_tpm2_buffer_pack_u32 (&in, bind); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + grub_Tss2_MU_TPM2B_Marshal (&in, nonceCaller->size, nonceCaller->buffer); + if (encryptedSalt != NULL) + grub_Tss2_MU_TPM2B_Marshal (&in, encryptedSalt->size, encryptedSalt->secret); + else + grub_tpm2_buffer_pack_u16 (&in, 0); + grub_tpm2_buffer_pack_u8 (&in, sessionType); + grub_Tss2_MU_TPMT_SYM_DEF_Marshal (&in, symmetric); + grub_tpm2_buffer_pack_u16 (&in, authHash); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_StartAuthSession, &responseCode, + &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + grub_tpm2_buffer_unpack_u32 (&out, sessionHandle); + if (tag == TPM_ST_SESSIONS) + grub_tpm2_buffer_unpack_u32 (&out, ¶m_size); + grub_Tss2_MU_TPM2B_NONCE_Unmarshal (&out, nonceTpm); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse); + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_policypcr (const TPMI_SH_POLICY_t policySessions, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_DIGEST_t *pcrDigest, + const TPML_PCR_SELECTION_t *pcrs, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + grub_uint32_t param_size; + + if (pcrs == NULL) + return TPM_RC_VALUE; + + if (authResponse == NULL) + authResponse = &authResponseTmp; + + grub_memset (authResponse, 0, sizeof (*authResponse)); + + /* Marshal */ + grub_tpm2_buffer_init (&in); + grub_tpm2_buffer_pack_u32 (&in, policySessions); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + if (pcrDigest != NULL) + grub_Tss2_MU_TPM2B_Marshal (&in, pcrDigest->size, pcrDigest->buffer); + else + grub_tpm2_buffer_pack_u16 (&in, 0); + grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (&in, pcrs); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_PolicyPCR, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal*/ + if (tag == TPM_ST_SESSIONS) + grub_tpm2_buffer_unpack_u32 (&out, ¶m_size); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse); + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_readpublic (const TPMI_DH_OBJECT_t objectHandle, + const TPMS_AUTH_COMMAND_t *authCommand, + TPM2B_PUBLIC_t *outPublic) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + grub_uint32_t parameterSize; + + /* Marshal */ + grub_tpm2_buffer_init (&in); + grub_tpm2_buffer_pack_u32 (&in, objectHandle); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_ReadPublic, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + if (tag == TPM_ST_SESSIONS) + grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize); + grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (&out, outPublic); + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_load (const TPMI_DH_OBJECT_t parent_handle, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_PRIVATE_t *inPrivate, + const TPM2B_PUBLIC_t *inPublic, + TPM_HANDLE_t *objectHandle, + TPM2B_NAME_t *name, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPM_HANDLE_t objectHandleTmp; + TPM2B_NAME_t nameTmp; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + grub_uint32_t param_size; + + if (inPrivate == NULL || inPublic == NULL) + return TPM_RC_VALUE; + + if (objectHandle == NULL) + objectHandle = &objectHandleTmp; + if (name == NULL) + name = &nameTmp; + if (authResponse == NULL) + authResponse = &authResponseTmp; + + grub_memset (objectHandle, 0, sizeof (*objectHandle)); + grub_memset (name, 0, sizeof (*name)); + grub_memset (authResponse, 0, sizeof (*authResponse)); + + /* Marshal */ + grub_tpm2_buffer_init (&in); + grub_tpm2_buffer_pack_u32 (&in, parent_handle); + if (authCommand) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + grub_Tss2_MU_TPM2B_Marshal (&in, inPrivate->size, inPrivate->buffer); + grub_Tss2_MU_TPM2B_PUBLIC_Marshal (&in, inPublic); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_Load, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + grub_tpm2_buffer_unpack_u32 (&out, objectHandle); + if (tag == TPM_ST_SESSIONS) + grub_tpm2_buffer_unpack_u32 (&out, ¶m_size); + grub_Tss2_MU_TPM2B_NAME_Unmarshal (&out, name); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse); + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_loadexternal (const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_SENSITIVE_t *inPrivate, + const TPM2B_PUBLIC_t *inPublic, + const TPMI_RH_HIERARCHY_t hierarchy, + TPM_HANDLE_t *objectHandle, + TPM2B_NAME_t *name, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPM_HANDLE_t objectHandleTmp; + TPM2B_NAME_t nameTmp; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + grub_uint32_t param_size; + + if (inPublic == NULL) + return TPM_RC_VALUE; + + if (objectHandle == NULL) + objectHandle = &objectHandleTmp; + if (name == NULL) + name = &nameTmp; + if (authResponse == NULL) + authResponse = &authResponseTmp; + + grub_memset (objectHandle, 0, sizeof (*objectHandle)); + grub_memset (name, 0, sizeof (*name)); + grub_memset (authResponse, 0, sizeof (*authResponse)); + + /* Marshal */ + grub_tpm2_buffer_init (&in); + if (authCommand) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + if (inPrivate) + grub_Tss2_MU_TPM2B_SENSITIVE_Marshal (&in, inPrivate); + else + grub_tpm2_buffer_pack_u16 (&in, 0); + grub_Tss2_MU_TPM2B_PUBLIC_Marshal (&in, inPublic); + grub_tpm2_buffer_pack_u32 (&in, hierarchy); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_LoadExternal, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + grub_tpm2_buffer_unpack_u32 (&out, objectHandle); + if (tag == TPM_ST_SESSIONS) + grub_tpm2_buffer_unpack_u32 (&out, ¶m_size); + grub_Tss2_MU_TPM2B_NAME_Unmarshal (&out, name); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse); + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_unseal (const TPMI_DH_OBJECT_t itemHandle, + const TPMS_AUTH_COMMAND_t *authCommand, + TPM2B_SENSITIVE_DATA_t *outData, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPM2B_SENSITIVE_DATA_t outDataTmp; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + grub_uint32_t param_size; + + if (outData == NULL) + outData = &outDataTmp; + if (authResponse == NULL) + authResponse = &authResponseTmp; + + grub_memset (outData, 0, sizeof (*outData)); + grub_memset (authResponse, 0, sizeof (*authResponse)); + + /* Marshal */ + grub_tpm2_buffer_init (&in); + grub_tpm2_buffer_pack_u32 (&in, itemHandle); + if (authCommand != NULL) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_Unseal, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + if (tag == TPM_ST_SESSIONS) + grub_tpm2_buffer_unpack_u32 (&out, ¶m_size); + grub_Tss2_MU_TPM2B_SENSITIVE_DATA_Unmarshal (&out, outData); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse); + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_flushcontext (const TPMI_DH_CONTEXT_t handle) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPM_RC_t responseCode; + + /* Marshal */ + grub_tpm2_buffer_init (&in); + grub_tpm2_buffer_pack_u32 (&in, handle); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (TPM_ST_NO_SESSIONS, TPM_CC_FlushContext, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_pcr_read (const TPMS_AUTH_COMMAND_t *authCommand, + const TPML_PCR_SELECTION_t *pcrSelectionIn, + grub_uint32_t *pcrUpdateCounter, + TPML_PCR_SELECTION_t *pcrSelectionOut, + TPML_DIGEST_t *pcrValues, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + grub_uint32_t pcrUpdateCounterTmp; + TPML_PCR_SELECTION_t pcrSelectionOutTmp; + TPML_DIGEST_t pcrValuesTmp; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + grub_uint32_t parameterSize; + + if (pcrSelectionIn == NULL) + return TPM_RC_VALUE; + + if (pcrUpdateCounter == NULL) + pcrUpdateCounter = &pcrUpdateCounterTmp; + if (pcrSelectionOut == NULL) + pcrSelectionOut = &pcrSelectionOutTmp; + if (pcrValues == NULL) + pcrValues = &pcrValuesTmp; + if (authResponse == NULL) + authResponse = &authResponseTmp; + + /* Marshal */ + grub_tpm2_buffer_init (&in); + if (authCommand != NULL) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (&in, pcrSelectionIn); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_PCR_Read, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + if (tag == TPM_ST_SESSIONS) + grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize); + grub_tpm2_buffer_unpack_u32 (&out, pcrUpdateCounter); + grub_Tss2_MU_TPML_PCR_SELECTION_Unmarshal (&out, pcrSelectionOut); + grub_Tss2_MU_TPML_DIGEST_Unmarshal (&out, pcrValues); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse); + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_policygetdigest (const TPMI_SH_POLICY_t policySession, + const TPMS_AUTH_COMMAND_t *authCommand, + TPM2B_DIGEST_t *policyDigest, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPM2B_DIGEST_t policyDigestTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + grub_uint32_t parameterSize; + + if (authResponse == NULL) + authResponse = &authResponseTmp; + if (policyDigest == NULL) + policyDigest = &policyDigestTmp; + + grub_memset (authResponse, 0, sizeof (*authResponse)); + grub_memset (policyDigest, 0, sizeof (*policyDigest)); + + /* Submit */ + grub_tpm2_buffer_init (&in); + grub_tpm2_buffer_pack_u32 (&in, policySession); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_PolicyGetDigest, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + if (tag == TPM_ST_SESSIONS) + grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize); + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (&out, policyDigest); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse); + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_create (const TPMI_DH_OBJECT_t parentHandle, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_SENSITIVE_CREATE_t *inSensitive, + const TPM2B_PUBLIC_t *inPublic, + const TPM2B_DATA_t *outsideInfo, + const TPML_PCR_SELECTION_t *creationPCR, + TPM2B_PRIVATE_t *outPrivate, + TPM2B_PUBLIC_t *outPublic, + TPM2B_CREATION_DATA_t *creationData, + TPM2B_DIGEST_t *creationHash, + TPMT_TK_CREATION_t *creationTicket, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPM2B_PUBLIC_t outPublicTmp; + TPM2B_PRIVATE_t outPrivateTmp; + TPM2B_CREATION_DATA_t creationDataTmp; + TPM2B_DIGEST_t creationHashTmp; + TPMT_TK_CREATION_t creationTicketTmp; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS:TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + TPM_RC_t rc; + grub_uint32_t parameterSize; + + if (inSensitive == NULL || inPublic == NULL || outsideInfo == NULL || + creationPCR == NULL) + return TPM_RC_VALUE; + + if (outPrivate == NULL) + outPrivate = &outPrivateTmp; + if (outPublic == NULL) + outPublic = &outPublicTmp; + if (creationData == NULL) + creationData = &creationDataTmp; + if (creationHash == NULL) + creationHash = &creationHashTmp; + if (creationTicket == NULL) + creationTicket = &creationTicketTmp; + if (authResponse == NULL) + authResponse = &authResponseTmp; + + grub_memset (outPrivate, 0, sizeof (*outPrivate)); + grub_memset (outPublic, 0, sizeof (*outPublic)); + grub_memset (creationData, 0, sizeof (*creationData)); + grub_memset (creationHash, 0, sizeof (*creationHash)); + grub_memset (creationTicket, 0, sizeof (*creationTicket)); + grub_memset (authResponse, 0, sizeof (*authResponse)); + + /* Marshal */ + grub_tpm2_buffer_init (&in); + grub_tpm2_buffer_pack_u32 (&in, parentHandle); + if (authCommand != NULL) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + grub_Tss2_MU_TPM2B_SENSITIVE_CREATE_Marshal (&in, inSensitive); + grub_Tss2_MU_TPM2B_PUBLIC_Marshal (&in, inPublic); + grub_Tss2_MU_TPM2B_Marshal (&in, outsideInfo->size, outsideInfo->buffer); + grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (&in, creationPCR); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_Create, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + if (tag == TPM_ST_SESSIONS) + grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize); + grub_Tss2_MU_TPM2B_PRIVATE_Unmarshal (&out, outPrivate); + grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal (&out, outPublic); + grub_Tss2_MU_TPM2B_CREATION_DATA_Unmarshal (&out, creationData); + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (&out, creationHash); + grub_Tss2_MU_TPMT_TK_CREATION_Unmarshal (&out, creationTicket); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal(&out, authResponse); + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_evictcontrol (const TPMI_RH_PROVISION_t auth, + const TPMI_DH_OBJECT_t objectHandle, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPMI_DH_PERSISTENT_t persistentHandle, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + TPM_RC_t rc; + grub_uint32_t parameterSize; + + if (authResponse == NULL) + authResponse = &authResponseTmp; + + grub_memset (authResponse, 0, sizeof (*authResponse)); + + /* Marshal */ + grub_tpm2_buffer_init (&in); + grub_tpm2_buffer_pack_u32 (&in, auth); + grub_tpm2_buffer_pack_u32 (&in, objectHandle); + if (authCommand != NULL) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + grub_tpm2_buffer_pack_u32 (&in, persistentHandle); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_EvictControl, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + if (tag == TPM_ST_SESSIONS) + { + grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize); + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal(&out, authResponse); + } + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_hash (const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_MAX_BUFFER_t *data, + const TPMI_ALG_HASH_t hashAlg, + const TPMI_RH_HIERARCHY_t hierarchy, + TPM2B_DIGEST_t *outHash, + TPMT_TK_HASHCHECK_t *validation, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPM2B_DIGEST_t outHashTmp; + TPMT_TK_HASHCHECK_t validationTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + grub_uint32_t param_size; + + if (hashAlg == TPM_ALG_NULL) + return TPM_RC_VALUE; + + if (outHash == NULL) + outHash = &outHashTmp; + if (validation == NULL) + validation = &validationTmp; + if (authResponse == NULL) + authResponse = &authResponseTmp; + + grub_memset (outHash, 0, sizeof (*outHash)); + grub_memset (validation, 0, sizeof (*validation)); + grub_memset (authResponse, 0, sizeof (*authResponse)); + + /* Marshal */ + grub_tpm2_buffer_init (&in); + if (authCommand != NULL) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + if (data != NULL) + grub_Tss2_MU_TPM2B_Marshal (&in, data->size, data->buffer); + else + grub_tpm2_buffer_pack_u16 (&in, 0); + grub_tpm2_buffer_pack_u16 (&in, hashAlg); + grub_tpm2_buffer_pack_u32 (&in, hierarchy); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_Hash, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + if (tag == TPM_ST_SESSIONS) + grub_tpm2_buffer_unpack_u32 (&out, ¶m_size); + grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (&out, outHash); + grub_Tss2_MU_TPMT_TK_HASHCHECK_Unmarshal (&out, validation); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse); + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_verifysignature (const TPMI_DH_OBJECT_t keyHandle, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_DIGEST_t *digest, + const TPMT_SIGNATURE_t *signature, + TPMT_TK_VERIFIED_t *validation, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPMT_TK_VERIFIED_t validationTmp; + TPM_RC_t responseCode; + grub_uint32_t param_size; + + if (digest == NULL || signature == NULL) + return TPM_RC_VALUE; + + if (validation == NULL) + validation = &validationTmp; + if (authResponse == NULL) + authResponse = &authResponseTmp; + + grub_memset (validation, 0, sizeof (*validation)); + grub_memset (authResponse, 0, sizeof (*authResponse)); + + /* Marshal */ + grub_tpm2_buffer_init (&in); + if (authCommand != NULL) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + grub_tpm2_buffer_pack_u32 (&in, keyHandle); + grub_Tss2_MU_TPM2B_Marshal (&in, digest->size, digest->buffer); + grub_Tss2_MU_TPMT_SIGNATURE_Marshal (&in, signature); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_VerifySignature, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + if (tag == TPM_ST_SESSIONS) + grub_tpm2_buffer_unpack_u32 (&out, ¶m_size); + grub_Tss2_MU_TPMT_TK_VERIFIED_Unmarshal (&out, validation); + if (tag == TPM_ST_SESSIONS) + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse); + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_policyauthorize (const TPMI_SH_POLICY_t policySession, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_DIGEST_t *approvedPolicy, + const TPM2B_NONCE_t *policyRef, + const TPM2B_NAME_t *keySign, + const TPMT_TK_VERIFIED_t *checkTicket, + TPMS_AUTH_RESPONSE_t *authResponse) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPMS_AUTH_RESPONSE_t authResponseTmp; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + grub_uint32_t param_size; + + if (approvedPolicy == NULL || keySign == NULL || checkTicket == NULL) + return TPM_RC_VALUE; + + if (authResponse == NULL) + authResponse = &authResponseTmp; + + grub_memset (authResponse, 0, sizeof (*authResponse)); + + /* Marshal */ + grub_tpm2_buffer_init (&in); + grub_tpm2_buffer_pack_u32 (&in, policySession); + if (authCommand != NULL) + grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand); + grub_Tss2_MU_TPM2B_Marshal (&in, approvedPolicy->size, approvedPolicy->buffer); + if (policyRef != NULL) + grub_Tss2_MU_TPM2B_Marshal (&in, policyRef->size, policyRef->buffer); + else + grub_tpm2_buffer_pack_u16 (&in, 0); + grub_Tss2_MU_TPM2B_Marshal (&in, keySign->size, keySign->name); + grub_Tss2_MU_TPMT_TK_VERIFIED_Marshal (&in, checkTicket); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_PolicyAuthorize, &responseCode, &in, &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + if (tag == TPM_ST_SESSIONS) + { + grub_tpm2_buffer_unpack_u32 (&out, ¶m_size); + grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (&out, authResponse); + } + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} + +TPM_RC_t +grub_tpm2_testparms (const TPMT_PUBLIC_PARMS_t *parms, + const TPMS_AUTH_COMMAND_t *authCommand) +{ + TPM_RC_t rc; + struct grub_tpm2_buffer in; + struct grub_tpm2_buffer out; + TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS : TPM_ST_NO_SESSIONS; + TPM_RC_t responseCode; + + if (parms == NULL) + return TPM_RC_VALUE; + + /* Marshal */ + grub_tpm2_buffer_init (&in); + grub_Tss2_MU_TPMT_PUBLIC_PARMS_Marshal (&in, parms); + if (in.error != 0) + return TPM_RC_FAILURE; + + /* Submit */ + grub_tpm2_buffer_init (&out); + rc = tpm2_submit_command (tag, TPM_CC_TestParms, &responseCode, &in, + &out); + if (rc != TPM_RC_SUCCESS) + return rc; + if (responseCode != TPM_RC_SUCCESS) + return responseCode; + + /* Unmarshal */ + if (out.error != 0) + return TPM_RC_FAILURE; + + return TPM_RC_SUCCESS; +} diff --git a/grub-core/lib/tss2/tpm2_cmd.h b/grub-core/lib/tss2/tpm2_cmd.h new file mode 100644 index 000000000..d313cba00 --- /dev/null +++ b/grub-core/lib/tss2/tpm2_cmd.h @@ -0,0 +1,157 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2022 Microsoft Corporation + * Copyright (C) 2024 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_TPM2_COMMANDS_HEADER +#define GRUB_TPM2_COMMANDS_HEADER 1 + +#include + +extern TPM_RC_t +grub_tpm2_createprimary (const TPMI_RH_HIERARCHY_t primaryHandle, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_SENSITIVE_CREATE_t *inSensitive, + const TPM2B_PUBLIC_t *inPublic, + const TPM2B_DATA_t *outsideInfo, + const TPML_PCR_SELECTION_t *creationPCR, + TPM_HANDLE_t *objectHandle, + TPM2B_PUBLIC_t *outPublic, + TPM2B_CREATION_DATA_t *creationData, + TPM2B_DIGEST_t *creationHash, + TPMT_TK_CREATION_t *creationTicket, + TPM2B_NAME_t *name, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_startauthsession (const TPMI_DH_OBJECT_t tpmKey, + const TPMI_DH_ENTITY_t bind, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_NONCE_t *nonceCaller, + const TPM2B_ENCRYPTED_SECRET_t *encryptedSalt, + const TPM_SE_t sessionType, + const TPMT_SYM_DEF_t *symmetric, + const TPMI_ALG_HASH_t authHash, + TPMI_SH_AUTH_SESSION_t *sessionHandle, + TPM2B_NONCE_t *nonceTpm, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_policypcr (const TPMI_SH_POLICY_t policySession, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_DIGEST_t *pcrDigest, + const TPML_PCR_SELECTION_t *pcrs, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_readpublic (const TPMI_DH_OBJECT_t objectHandle, + const TPMS_AUTH_COMMAND_t *authCommand, + TPM2B_PUBLIC_t *outPublic); + +extern TPM_RC_t +grub_tpm2_load (const TPMI_DH_OBJECT_t parent_handle, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_PRIVATE_t *inPrivate, + const TPM2B_PUBLIC_t *inPublic, + TPM_HANDLE_t *objectHandle, + TPM2B_NAME_t *name, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_loadexternal (const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_SENSITIVE_t *inPrivate, + const TPM2B_PUBLIC_t *inPublic, + const TPMI_RH_HIERARCHY_t hierarchy, + TPM_HANDLE_t *objectHandle, + TPM2B_NAME_t *name, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_unseal (const TPMI_DH_OBJECT_t item_handle, + const TPMS_AUTH_COMMAND_t *authCommand, + TPM2B_SENSITIVE_DATA_t *outData, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_flushcontext (const TPMI_DH_CONTEXT_t handle); + +extern TPM_RC_t +grub_tpm2_pcr_read (const TPMS_AUTH_COMMAND_t *authCommand, + const TPML_PCR_SELECTION_t *pcrSelectionIn, + grub_uint32_t *pcrUpdateCounter, + TPML_PCR_SELECTION_t *pcrSelectionOut, + TPML_DIGEST_t *pcrValues, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_policygetdigest (const TPMI_SH_POLICY_t policySession, + const TPMS_AUTH_COMMAND_t *authCommand, + TPM2B_DIGEST_t *policyDigest, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_create (const TPMI_DH_OBJECT_t parentHandle, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_SENSITIVE_CREATE_t *inSensitive, + const TPM2B_PUBLIC_t *inPublic, + const TPM2B_DATA_t *outsideInfo, + const TPML_PCR_SELECTION_t *creationPCR, + TPM2B_PRIVATE_t *outPrivate, + TPM2B_PUBLIC_t *outPublic, + TPM2B_CREATION_DATA_t *creationData, + TPM2B_DIGEST_t *creationHash, + TPMT_TK_CREATION_t *creationTicket, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_evictcontrol (const TPMI_RH_PROVISION_t auth, + const TPMI_DH_OBJECT_t objectHandle, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPMI_DH_PERSISTENT_t persistentHandle, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_hash (const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_MAX_BUFFER_t *data, + const TPMI_ALG_HASH_t hashAlg, + const TPMI_RH_HIERARCHY_t hierarchy, + TPM2B_DIGEST_t *outHash, + TPMT_TK_HASHCHECK_t *validation, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_verifysignature (const TPMI_DH_OBJECT_t keyHandle, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_DIGEST_t *digest, + const TPMT_SIGNATURE_t *signature, + TPMT_TK_VERIFIED_t *validation, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_policyauthorize (const TPMI_SH_POLICY_t policySession, + const TPMS_AUTH_COMMAND_t *authCommand, + const TPM2B_DIGEST_t *approvedPolicy, + const TPM2B_NONCE_t *policyRef, + const TPM2B_NAME_t *keySign, + const TPMT_TK_VERIFIED_t *checkTicket, + TPMS_AUTH_RESPONSE_t *authResponse); + +extern TPM_RC_t +grub_tpm2_testparms (const TPMT_PUBLIC_PARMS_t *parms, + const TPMS_AUTH_COMMAND_t *authCommand); + +#endif /* ! GRUB_TPM2_COMMANDS_HEADER */ diff --git a/grub-core/lib/tss2/tss2.c b/grub-core/lib/tss2/tss2.c new file mode 100644 index 000000000..48251e9b4 --- /dev/null +++ b/grub-core/lib/tss2/tss2.c @@ -0,0 +1,21 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2024 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include + +GRUB_MOD_LICENSE ("GPLv3+"); -- 2.43.0