From ac5c47af318652a25df1788c73884e4e9b6e4ac1 Mon Sep 17 00:00:00 2001 From: Gary Lin Date: Tue, 7 Feb 2023 18:33:42 +0800 Subject: [PATCH 05/13] tpm2: add more marshal/unmarshal functions Add a few more marshal/unmarshal functions to support authorized policy. * Marshal: grub_tpm2_mu_TPMU_SENSITIVE_COMPOSITE_Marshal() grub_tpm2_mu_TPMT_SENSITIVE_Marshal() grub_tpm2_mu_TPM2B_SENSITIVE_Marshal() grub_tpm2_mu_TPMS_SIGNATURE_RSA_Marshal() grub_tpm2_mu_TPMS_SIGNATURE_ECC_Marshal() grub_tpm2_mu_TPMU_HA_Marshal() grub_tpm2_mu_TPMT_HA_Marshal() grub_tpm2_mu_TPMU_SIGNATURE_Marshal() grub_tpm2_mu_TPMT_SIGNATURE_Marshal() grub_tpm2_mu_TPMT_TK_VERIFIED_Marshal() * Unmarshal: grub_tpm2_mu_TPMT_TK_HASHCHECK_Unmarshal() grub_tpm2_mu_TPMT_TK_VERIFIED_Unmarshal() grub_tpm2_mu_TPMS_SIGNATURE_RSA_Unmarshal() grub_tpm2_mu_TPMS_SIGNATURE_ECC_Unmarshal() grub_tpm2_mu_TPMU_HA_Unmarshal() grub_tpm2_mu_TPMT_HA_Unmarshal() grub_tpm2_mu_TPMU_SIGNATURE_Unmarshal() grub_tpm2_mu_TPMT_SIGNATURE_Unmarshal() Signed-off-by: Gary Lin --- grub-core/tpm2/mu.c | 262 +++++++++++++++++++++++++++++++++++++++++ include/grub/tpm2/mu.h | 75 ++++++++++++ 2 files changed, 337 insertions(+) diff --git a/grub-core/tpm2/mu.c b/grub-core/tpm2/mu.c index 6d3294c5b..150a8d37d 100644 --- a/grub-core/tpm2/mu.c +++ b/grub-core/tpm2/mu.c @@ -383,6 +383,49 @@ grub_tpm2_mu_TPMS_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer, grub_tpm2_mu_TPM2B_Marshal (buffer, p->data.size, p->data.buffer); } +void +grub_tpm2_mu_TPMU_SENSITIVE_COMPOSITE_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_PUBLIC type, + const TPMU_SENSITIVE_COMPOSITE *p) +{ + switch(type) + { + case TPM_ALG_RSA: + grub_tpm2_mu_TPM2B_Marshal (buffer, p->rsa.size, p->rsa.buffer); + break; + case TPM_ALG_ECC: + grub_tpm2_mu_TPM2B_Marshal (buffer, p->ecc.size, p->ecc.buffer); + break; + case TPM_ALG_KEYEDHASH: + grub_tpm2_mu_TPM2B_Marshal (buffer, p->bits.size, p->bits.buffer); + break; + case TPM_ALG_SYMCIPHER: + grub_tpm2_mu_TPM2B_Marshal (buffer, p->sym.size, p->sym.buffer); + break; + default: + buffer->error = 1; + } +} + +void +grub_tpm2_mu_TPMT_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_SENSITIVE *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->sensitiveType); + grub_tpm2_mu_TPM2B_Marshal (buffer, p->authValue.size, p->authValue.buffer); + grub_tpm2_mu_TPM2B_Marshal (buffer, p->seedValue.size, p->seedValue.buffer); + grub_tpm2_mu_TPMU_SENSITIVE_COMPOSITE_Marshal (buffer, p->sensitiveType, + &p->sensitive); +} + +void +grub_tpm2_mu_TPM2B_SENSITIVE_Marshal (grub_tpm2_buffer_t buffer, + const TPM2B_SENSITIVE *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->size); + grub_tpm2_mu_TPMT_SENSITIVE_Marshal (buffer, &p->sensitiveArea); +} + void grub_tpm2_mu_TPM2B_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer, const TPM2B_SENSITIVE_CREATE *sensitiveCreate) @@ -405,6 +448,113 @@ grub_tpm2_mu_TPM2B_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buffer, grub_tpm2_buffer_pack_u16 (buffer, 0); } +void +grub_tpm2_mu_TPMS_SIGNATURE_RSA_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SIGNATURE_RSA *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->hash); + grub_tpm2_mu_TPM2B_Marshal (buffer, p->sig.size, p->sig.buffer); +} + +void +grub_tpm2_mu_TPMS_SIGNATURE_ECC_Marshal (grub_tpm2_buffer_t buffer, + const TPMS_SIGNATURE_ECC *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->hash); + grub_tpm2_mu_TPM2B_Marshal (buffer, p->signatureR.size, p->signatureR.buffer); + grub_tpm2_mu_TPM2B_Marshal (buffer, p->signatureS.size, p->signatureS.buffer); +} + +void +grub_tpm2_mu_TPMU_HA_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_HASH hashAlg, + const TPMU_HA *p) +{ + switch (hashAlg) + { + case TPM_ALG_SHA1: + for (grub_uint16_t i = 0; i < TPM_SHA1_DIGEST_SIZE; i++) + grub_tpm2_buffer_pack_u8 (buffer, p->sha1[i]); + break; + case TPM_ALG_SHA256: + for (grub_uint16_t i = 0; i < TPM_SHA256_DIGEST_SIZE; i++) + grub_tpm2_buffer_pack_u8 (buffer, p->sha256[i]); + break; + case TPM_ALG_SHA384: + for (grub_uint16_t i = 0; i < TPM_SHA384_DIGEST_SIZE; i++) + grub_tpm2_buffer_pack_u8 (buffer, p->sha384[i]); + break; + case TPM_ALG_SHA512: + for (grub_uint16_t i = 0; i < TPM_SHA512_DIGEST_SIZE; i++) + grub_tpm2_buffer_pack_u8 (buffer, p->sha512[i]); + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_tpm2_mu_TPMT_HA_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_HA *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->hashAlg); + grub_tpm2_mu_TPMU_HA_Marshal (buffer, p->hashAlg, &p->digest); +} + +void +grub_tpm2_mu_TPMU_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer, + const TPMI_ALG_SIG_SCHEME sigAlg, + const TPMU_SIGNATURE *p) +{ + switch (sigAlg) + { + case TPM_ALG_RSASSA: + grub_tpm2_mu_TPMS_SIGNATURE_RSA_Marshal (buffer, (TPMS_SIGNATURE_RSA *)&p->rsassa); + break; + case TPM_ALG_RSAPSS: + grub_tpm2_mu_TPMS_SIGNATURE_RSA_Marshal (buffer, (TPMS_SIGNATURE_RSA *)&p->rsapss); + break; + case TPM_ALG_ECDSA: + grub_tpm2_mu_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC *)&p->ecdsa); + break; + case TPM_ALG_ECDAA: + grub_tpm2_mu_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC *)&p->ecdaa); + break; + case TPM_ALG_SM2: + grub_tpm2_mu_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC *)&p->sm2); + break; + case TPM_ALG_ECSCHNORR: + grub_tpm2_mu_TPMS_SIGNATURE_ECC_Marshal (buffer, (TPMS_SIGNATURE_ECC *)&p->ecschnorr); + break; + case TPM_ALG_HMAC: + grub_tpm2_mu_TPMT_HA_Marshal (buffer, &p->hmac); + break; + case TPM_ALG_NULL: + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_tpm2_mu_TPMT_SIGNATURE_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_SIGNATURE *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->sigAlg); + grub_tpm2_mu_TPMU_SIGNATURE_Marshal (buffer, p->sigAlg, &p->signature); +} + +void +grub_tpm2_mu_TPMT_TK_VERIFIED_Marshal (grub_tpm2_buffer_t buffer, + const TPMT_TK_VERIFIED *p) +{ + grub_tpm2_buffer_pack_u16 (buffer, p->tag); + grub_tpm2_buffer_pack_u32 (buffer, p->hierarchy); + grub_tpm2_mu_TPM2B_Marshal (buffer, p->digest.size, p->digest.buffer); +} + void grub_tpm2_mu_TPM2B_Unmarshal (grub_tpm2_buffer_t buffer, TPM2B* p) @@ -775,6 +925,24 @@ grub_tpm2_mu_TPMT_TK_CREATION_Unmarshal (grub_tpm2_buffer_t buffer, grub_tpm2_mu_TPM2B_Unmarshal (buffer, (TPM2B*) &p->digest); } +void +grub_tpm2_mu_TPMT_TK_HASHCHECK_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_TK_HASHCHECK *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->tag); + grub_tpm2_buffer_unpack_u32 (buffer, &p->hierarchy); + grub_tpm2_mu_TPM2B_Unmarshal (buffer, (TPM2B*) &p->digest); +} + +void +grub_tpm2_mu_TPMT_TK_VERIFIED_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_TK_VERIFIED *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->tag); + grub_tpm2_buffer_unpack_u32 (buffer, &p->hierarchy); + grub_tpm2_mu_TPM2B_Unmarshal (buffer, (TPM2B*) &p->digest); +} + void grub_tpm2_mu_TPMS_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buf, TPMS_PCR_SELECTION* pcrSelection) @@ -805,3 +973,97 @@ grub_tpm2_mu_TPML_DIGEST_Unmarshal (grub_tpm2_buffer_t buf, for (grub_uint32_t i = 0; i < digest->count; i++) grub_tpm2_mu_TPM2B_DIGEST_Unmarshal (buf, &digest->digests[i]); } + +void +grub_tpm2_mu_TPMS_SIGNATURE_RSA_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_SIGNATURE_RSA *rsa) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &rsa->hash); + grub_tpm2_mu_TPM2B_Unmarshal (buffer, (TPM2B*)&rsa->sig); +} + +void +grub_tpm2_mu_TPMS_SIGNATURE_ECC_Unmarshal (grub_tpm2_buffer_t buffer, + TPMS_SIGNATURE_ECC *ecc) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &ecc->hash); + grub_tpm2_mu_TPM2B_Unmarshal (buffer, (TPM2B*)&ecc->signatureR); + grub_tpm2_mu_TPM2B_Unmarshal (buffer, (TPM2B*)&ecc->signatureS); +} + +void +grub_tpm2_mu_TPMU_HA_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_HASH hashAlg, + TPMU_HA *p) +{ + switch (hashAlg) + { + case TPM_ALG_SHA1: + grub_tpm2_buffer_unpack (buffer, &p->sha1, TPM_SHA1_DIGEST_SIZE); + break; + case TPM_ALG_SHA256: + grub_tpm2_buffer_unpack (buffer, &p->sha256, TPM_SHA256_DIGEST_SIZE); + break; + case TPM_ALG_SHA384: + grub_tpm2_buffer_unpack (buffer, &p->sha384, TPM_SHA384_DIGEST_SIZE); + break; + case TPM_ALG_SHA512: + grub_tpm2_buffer_unpack (buffer, &p->sha512, TPM_SHA512_DIGEST_SIZE); + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_tpm2_mu_TPMT_HA_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_HA *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->hashAlg); + grub_tpm2_mu_TPMU_HA_Unmarshal (buffer, p->hashAlg, &p->digest); +} + +void +grub_tpm2_mu_TPMU_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer, + TPMI_ALG_SIG_SCHEME sigAlg, + TPMU_SIGNATURE *p) +{ + switch (sigAlg) + { + case TPM_ALG_RSASSA: + grub_tpm2_mu_TPMS_SIGNATURE_RSA_Unmarshal (buffer, (TPMS_SIGNATURE_RSA *)&p->rsassa); + break; + case TPM_ALG_RSAPSS: + grub_tpm2_mu_TPMS_SIGNATURE_RSA_Unmarshal (buffer, (TPMS_SIGNATURE_RSA *)&p->rsapss); + break; + case TPM_ALG_ECDSA: + grub_tpm2_mu_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC *)&p->ecdsa); + break; + case TPM_ALG_ECDAA: + grub_tpm2_mu_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC *)&p->ecdaa); + break; + case TPM_ALG_SM2: + grub_tpm2_mu_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC *)&p->sm2); + break; + case TPM_ALG_ECSCHNORR: + grub_tpm2_mu_TPMS_SIGNATURE_ECC_Unmarshal (buffer, (TPMS_SIGNATURE_ECC *)&p->ecschnorr); + break; + case TPM_ALG_HMAC: + grub_tpm2_mu_TPMT_HA_Unmarshal (buffer, &p->hmac); + break; + case TPM_ALG_NULL: + break; + default: + buffer->error = 1; + break; + } +} + +void +grub_tpm2_mu_TPMT_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buffer, + TPMT_SIGNATURE *p) +{ + grub_tpm2_buffer_unpack_u16 (buffer, &p->sigAlg); + grub_tpm2_mu_TPMU_SIGNATURE_Unmarshal (buffer, p->sigAlg, &p->signature); +} diff --git a/include/grub/tpm2/mu.h b/include/grub/tpm2/mu.h index 1e5065bb4..158dbe188 100644 --- a/include/grub/tpm2/mu.h +++ b/include/grub/tpm2/mu.h @@ -147,6 +147,47 @@ grub_tpm2_mu_TPM2B_SENSITIVE_CREATE_Marshal (grub_tpm2_buffer_t buf, const TPM2B_SENSITIVE_CREATE *sensitiveCreate); void +grub_tpm2_mu_TPMU_SENSITIVE_COMPOSITE_Marshal (grub_tpm2_buffer_t buf, + const TPMI_ALG_PUBLIC type, + const TPMU_SENSITIVE_COMPOSITE *p); +void +grub_tpm2_mu_TPMT_SENSITIVE_Marshal (grub_tpm2_buffer_t buf, + const TPMT_SENSITIVE *p); + +void +grub_tpm2_mu_TPM2B_SENSITIVE_Marshal (grub_tpm2_buffer_t buf, + const TPM2B_SENSITIVE *p); + +void +grub_tpm2_mu_TPMS_SIGNATURE_RSA_Marshal (grub_tpm2_buffer_t buf, + const TPMS_SIGNATURE_RSA *p); + +void +grub_tpm2_mu_TPMS_SIGNATURE_ECC_Marshal (grub_tpm2_buffer_t buf, + const TPMS_SIGNATURE_ECC *p); + +void +grub_tpm2_mu_TPMU_HA_Marshal (grub_tpm2_buffer_t buf, + const TPMI_ALG_HASH hashAlg, + const TPMU_HA *p); + +void +grub_tpm2_mu_TPMT_HA_Marshal (grub_tpm2_buffer_t buf, + const TPMT_HA *p); + +void +grub_tpm2_mu_TPMU_SIGNATURE_Marshal (grub_tpm2_buffer_t buf, + const TPMI_ALG_SIG_SCHEME sigAlg, + const TPMU_SIGNATURE *p); + +void +grub_tpm2_mu_TPMT_SIGNATURE_Marshal (grub_tpm2_buffer_t buf, + const TPMT_SIGNATURE *p); + +void +grub_tpm2_mu_TPMT_TK_VERIFIED_Marshal (grub_tpm2_buffer_t buf, + const TPMT_TK_VERIFIED *p); +void grub_tpm2_mu_TPM2B_Unmarshal (grub_tpm2_buffer_t buf, TPM2B* p); @@ -277,6 +318,14 @@ void grub_tpm2_mu_TPMT_TK_CREATION_Unmarshal (grub_tpm2_buffer_t buf, TPMT_TK_CREATION *p); +void +grub_tpm2_mu_TPMT_TK_HASHCHECK_Unmarshal (grub_tpm2_buffer_t buf, + TPMT_TK_HASHCHECK *p); + +void +grub_tpm2_mu_TPMT_TK_VERIFIED_Unmarshal (grub_tpm2_buffer_t buf, + TPMT_TK_VERIFIED *p); + void grub_tpm2_mu_TPMS_PCR_SELECTION_Unmarshal (grub_tpm2_buffer_t buf, TPMS_PCR_SELECTION* pcrSelection); @@ -289,4 +338,30 @@ void grub_tpm2_mu_TPML_DIGEST_Unmarshal (grub_tpm2_buffer_t buf, TPML_DIGEST* digest); +void +grub_tpm2_mu_TPMS_SIGNATURE_RSA_Unmarshal (grub_tpm2_buffer_t buf, + TPMS_SIGNATURE_RSA *p); + +void +grub_tpm2_mu_TPMS_SIGNATURE_ECC_Unmarshal (grub_tpm2_buffer_t buf, + TPMS_SIGNATURE_ECC *p); + +void +grub_tpm2_mu_TPMU_HA_Unmarshal (grub_tpm2_buffer_t buf, + TPMI_ALG_HASH hashAlg, + TPMU_HA *p); + +void +grub_tpm2_mu_TPMT_HA_Unmarshal (grub_tpm2_buffer_t buf, + TPMT_HA *p); + +void +grub_tpm2_mu_TPMU_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buf, + TPMI_ALG_SIG_SCHEME sigAlg, + TPMU_SIGNATURE *p); + +void +grub_tpm2_mu_TPMT_SIGNATURE_Unmarshal (grub_tpm2_buffer_t buf, + TPMT_SIGNATURE *p); + #endif /* ! GRUB_TPM2_MU_HEADER */ -- 2.35.3