From 5a417f32f1afe0ffca7f5cbff67145a157b1589b Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Tue, 7 Feb 2023 18:31:12 +0800
Subject: [PATCH 1/4] tpm2: Add TPM2 types, structures, and command constants

Add new TPM2 types and structures as the preparation to support
authorized policy.

* New types:
  TPM_ALG_ECDAA, TPM_ALG_ECDSA, TPM_ALG_ECSCHNORR, TPM_ALG_RSASSA,
  TPM_ALG_RSAPSS, TPM_ALG_SM2, and TPMI_ALG_SIG_SCHEME

* New structures:
  TPMS_EMPTY, TPMS_SIGNATURE_RSA, TPMS_SIGNATURE_ECC,
  TPMS_SIGNATURE_ECDSA, TPMS_SIGNATURE_ECDAA, TPMS_SIGNATURE_SM2,
  TPMS_SIGNATURE_ECSCHNORR, TPMU_SIGNATURE, and TPMT_TK_VERIFIED

* New command constants:
  TPM_CC_LoadExternal, TPM_CC_HashSequenceStart, TPM_CC_SequenceUpdate,
  TPM_CC_SequenceComplete, TPM_CC_Hash, TPM_CC_VerifySignature,
  TPM_CC_PolicyAuthorize

Signed-off-by: Gary Lin <glin@suse.com>
---
 include/grub/tpm2/internal/structs.h | 86 ++++++++++++++++++++++++++++
 include/grub/tpm2/internal/types.h   | 42 +++++++++-----
 2 files changed, 114 insertions(+), 14 deletions(-)

diff --git a/include/grub/tpm2/internal/structs.h b/include/grub/tpm2/internal/structs.h
index 72d71eb70..db9eb6cf6 100644
--- a/include/grub/tpm2/internal/structs.h
+++ b/include/grub/tpm2/internal/structs.h
@@ -672,4 +672,90 @@ struct TPMT_TK_CREATION
 };
 typedef struct TPMT_TK_CREATION TPMT_TK_CREATION;
 
+/* TPMS_EMPTY Structure */
+struct TPMS_EMPTY {
+  grub_uint8_t empty[1]; /* a structure with no member */
+};
+typedef struct TPMS_EMPTY TPMS_EMPTY;
+
+/* TPMS_SIGNATURE_RSA Structure */
+struct TPMS_SIGNATURE_RSA {
+  TPMI_ALG_HASH hash;
+  TPM2B_PUBLIC_KEY_RSA sig;
+};
+typedef struct TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSA;
+
+/* Definition of Types for RSA Signature */
+typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSASSA;
+typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSAPSS;
+
+/* TPMS_SIGNATURE_ECC Structure */
+struct TPMS_SIGNATURE_ECC {
+  TPMI_ALG_HASH hash;
+  TPM2B_ECC_PARAMETER signatureR;
+  TPM2B_ECC_PARAMETER signatureS;
+};
+typedef struct TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECC;
+
+/* Definition of Types for ECC TPMS_SIGNATURE_ECC */
+typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDSA;
+typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDAA;
+typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_SM2;
+typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECSCHNORR;
+
+/* TPMU_SIGNATURE Structure */
+union TPMU_SIGNATURE {
+  TPMS_SIGNATURE_RSASSA rsassa;
+  TPMS_SIGNATURE_RSAPSS rsapss;
+  TPMS_SIGNATURE_ECDSA ecdsa;
+  TPMS_SIGNATURE_ECDAA ecdaa;
+  TPMS_SIGNATURE_SM2 sm2;
+  TPMS_SIGNATURE_ECSCHNORR ecschnorr;
+  TPMT_HA hmac;
+  TPMS_SCHEME_HASH any;
+  TPMS_EMPTY null;
+};
+typedef union TPMU_SIGNATURE TPMU_SIGNATURE;
+
+/* TPMT_SIGNATURE Structure */
+struct TPMT_SIGNATURE {
+  TPMI_ALG_SIG_SCHEME sigAlg;
+  TPMU_SIGNATURE signature;
+};
+typedef struct TPMT_SIGNATURE TPMT_SIGNATURE;
+
+static inline TPMI_ALG_HASH
+TPMT_SIGNATURE_get_hash_alg (TPMT_SIGNATURE *sig)
+{
+  switch (sig->sigAlg)
+    {
+    case TPM_ALG_RSASSA:
+      return sig->signature.rsassa.hash;
+    case TPM_ALG_RSAPSS:
+      return sig->signature.rsapss.hash;
+    case TPM_ALG_ECDSA:
+      return sig->signature.ecdsa.hash;
+    case TPM_ALG_ECDAA:
+      return sig->signature.ecdaa.hash;
+    case TPM_ALG_SM2:
+      return sig->signature.sm2.hash;
+    case TPM_ALG_ECSCHNORR:
+      return sig->signature.ecschnorr.hash;
+    case TPM_ALG_HMAC:
+      return sig->signature.hmac.hashAlg;
+    default:
+      break;
+    }
+
+  return TPM_ALG_NULL;
+}
+
+/* TPMT_TK_VERIFIED Structure */
+struct TPMT_TK_VERIFIED {
+  TPM_ST tag;
+  TPMI_RH_HIERARCHY hierarchy;
+  TPM2B_DIGEST digest;
+};
+typedef struct TPMT_TK_VERIFIED TPMT_TK_VERIFIED;
+
 #endif /* ! GRUB_TPM2_INTERNAL_STRUCTS_HEADER */
diff --git a/include/grub/tpm2/internal/types.h b/include/grub/tpm2/internal/types.h
index 9714f75d4..a1902ef0c 100644
--- a/include/grub/tpm2/internal/types.h
+++ b/include/grub/tpm2/internal/types.h
@@ -181,6 +181,9 @@ typedef grub_uint16_t TPM_ALG_ID;
 #define TPM_ALG_CFB            ((TPM_ALG_ID) 0x0043)
 #define TPM_ALG_ECB            ((TPM_ALG_ID) 0x0044)
 #define TPM_ALG_ECC            ((TPM_ALG_ID) 0x0023)
+#define TPM_ALG_ECDAA          ((TPM_ALG_ID) 0x001A)
+#define TPM_ALG_ECDSA          ((TPM_ALG_ID) 0x0018)
+#define TPM_ALG_ECSCHNORR      ((TPM_ALG_ID) 0x001C)
 #define TPM_ALG_HMAC           ((TPM_ALG_ID) 0x0005)
 #define TPM_ALG_KDF1_SP800_108 ((TPM_ALG_ID) 0x0022)
 #define TPM_ALG_KDF1_SP800_56A ((TPM_ALG_ID) 0x0020)
@@ -189,10 +192,13 @@ typedef grub_uint16_t TPM_ALG_ID;
 #define TPM_ALG_MGF1           ((TPM_ALG_ID) 0x0007)
 #define TPM_ALG_NULL           ((TPM_ALG_ID) 0x0010)
 #define TPM_ALG_RSA            ((TPM_ALG_ID) 0x0001)
+#define TPM_ALG_RSASSA         ((TPM_ALG_ID) 0x0014)
+#define TPM_ALG_RSAPSS         ((TPM_ALG_ID) 0x0016)
 #define TPM_ALG_SHA1           ((TPM_ALG_ID) 0x0004)
 #define TPM_ALG_SHA256         ((TPM_ALG_ID) 0x000B)
 #define TPM_ALG_SHA384         ((TPM_ALG_ID) 0x000C)
 #define TPM_ALG_SHA512         ((TPM_ALG_ID) 0x000D)
+#define TPM_ALG_SM2            ((TPM_ALG_ID) 0x001B)
 #define TPM_ALG_SM3_256        ((TPM_ALG_ID) 0x0012)
 #define TPM_ALG_SM4            ((TPM_ALG_ID) 0x0013)
 #define TPM_ALG_SYMCIPHER      ((TPM_ALG_ID) 0x0025)
@@ -299,20 +305,27 @@ typedef grub_uint16_t TPM2_ECC_CURVE;
 /* TPM_CC Constants */
 typedef grub_uint32_t TPM_CC;
 
-#define TPM_CC_EvictControl     ((TPM_CC) 0x00000120)
-#define TPM_CC_CreatePrimary    ((TPM_CC) 0x00000131)
-#define TPM_CC_Create           ((TPM_CC) 0x00000153)
-#define TPM_CC_FlushContext     ((TPM_CC) 0x00000165)
-#define TPM_CC_ReadPublic       ((TPM_CC) 0x00000173)
-#define TPM_CC_StartAuthSession ((TPM_CC) 0x00000176)
-#define TPM_CC_PolicyPCR        ((TPM_CC) 0x0000017f)
-#define TPM_CC_NV_Read          ((TPM_CC) 0x0000014e)
-#define TPM_CC_NV_ReadPublic    ((TPM_CC) 0x00000169)
-#define TPM_CC_GetCapability    ((TPM_CC) 0x0000017a)
-#define TPM_CC_PCR_Read         ((TPM_CC) 0x0000017e)
-#define TPM_CC_Load             ((TPM_CC) 0x00000157)
-#define TPM_CC_Unseal           ((TPM_CC) 0x0000015e)
-#define TPM_CC_PolicyGetDigest  ((TPM_CC) 0x00000189)
+#define TPM_CC_EvictControl      ((TPM_CC) 0x00000120)
+#define TPM_CC_CreatePrimary     ((TPM_CC) 0x00000131)
+#define TPM_CC_Create            ((TPM_CC) 0x00000153)
+#define TPM_CC_FlushContext      ((TPM_CC) 0x00000165)
+#define TPM_CC_ReadPublic        ((TPM_CC) 0x00000173)
+#define TPM_CC_StartAuthSession  ((TPM_CC) 0x00000176)
+#define TPM_CC_PolicyPCR         ((TPM_CC) 0x0000017f)
+#define TPM_CC_NV_Read           ((TPM_CC) 0x0000014e)
+#define TPM_CC_NV_ReadPublic     ((TPM_CC) 0x00000169)
+#define TPM_CC_GetCapability     ((TPM_CC) 0x0000017a)
+#define TPM_CC_PCR_Read          ((TPM_CC) 0x0000017e)
+#define TPM_CC_Load              ((TPM_CC) 0x00000157)
+#define TPM_CC_LoadExternal      ((TPM_CC) 0x00000167)
+#define TPM_CC_Unseal            ((TPM_CC) 0x0000015e)
+#define TPM_CC_PolicyGetDigest   ((TPM_CC) 0x00000189)
+#define TPM_CC_HashSequenceStart ((TPM_CC) 0x00000186)
+#define TPM_CC_SequenceUpdate    ((TPM_CC) 0x0000015c)
+#define TPM_CC_SequenceComplete  ((TPM_CC) 0x0000013e)
+#define TPM_CC_Hash              ((TPM_CC) 0x0000017d)
+#define TPM_CC_VerifySignature   ((TPM_CC) 0x00000177)
+#define TPM_CC_PolicyAuthorize   ((TPM_CC) 0x0000016a)
 
 /* Hash algorithm sizes */
 #define TPM_SHA1_DIGEST_SIZE    20
@@ -354,6 +367,7 @@ typedef TPM_ALG_ID TPMI_ALG_ECC_SCHEME;
 typedef TPM_ALG_ID TPMI_ALG_ASYM_SCHEME;
 typedef TPM_ALG_ID TPMI_ALG_RSA_SCHEME;
 typedef TPM_ALG_ID TPMI_ALG_SYM;
+typedef TPM_ALG_ID TPMI_ALG_SIG_SCHEME;
 
 /* TPM_KEY_BITS Type */
 typedef grub_uint16_t TPM_KEY_BITS;
-- 
2.35.3