diff options
-rw-r--r-- | src/lib/Makefile.inc | 1 | ||||
-rw-r--r-- | src/lib/tpm2_marshaling.c | 516 | ||||
-rw-r--r-- | src/lib/tpm2_marshaling.h | 49 |
3 files changed, 566 insertions, 0 deletions
diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index fe8ec0ac8e..5a8f77f844 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -55,6 +55,7 @@ ifeq ($(MOCK_TPM),1) libverstage-y += mocked_tlcl.c else libverstage-$(CONFIG_TPM) += tlcl.c +libverstage-$(CONFIG_TPM2) += tpm2_marshaling.c libverstage-$(CONFIG_TPM2) += tpm2_tlcl.c endif diff --git a/src/lib/tpm2_marshaling.c b/src/lib/tpm2_marshaling.c new file mode 100644 index 0000000000..6eba82641c --- /dev/null +++ b/src/lib/tpm2_marshaling.c @@ -0,0 +1,516 @@ +/* + * Copyright 2016 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include <commonlib/endian.h> +#include <console/console.h> +#include <stdlib.h> +#include <string.h> + +#include "tpm2_marshaling.h" + +static uint16_t tpm_tag; /* Depends on the command type. */ + +/* + * Each unmarshaling function receives a pointer to the buffer pointer and a + * pointer to the size of data still in the buffer. The function extracts data + * from the buffer and adjusts both buffer pointer and remaining data size. + * + * Should there be not enough data in the buffer to unmarshal the required + * object, the remaining data size is set to -1 to indicate the error. The + * remaining data size is expected to be set to zero once the last data item + * has been extracted from the buffer. + */ +static uint16_t unmarshal_u16(void **buffer, int *buffer_space) +{ + uint16_t value; + + if (*buffer_space < sizeof(value)) { + *buffer_space = -1; /* Indicate a failure. */ + return 0; + } + + value = read_be16(*buffer); + *buffer = (void *) ((uintptr_t) (*buffer) + sizeof(value)); + *buffer_space -= sizeof(value); + + return value; +} + +static uint16_t unmarshal_u32(void **buffer, int *buffer_space) +{ + uint32_t value; + + if (*buffer_space < sizeof(value)) { + *buffer_space = -1; /* Indicate a failure. */ + return 0; + } + + value = read_be32(*buffer); + *buffer = (void *) ((uintptr_t) (*buffer) + sizeof(value)); + *buffer_space -= sizeof(value); + + return value; +} + +static uint8_t unmarshal_u8(void **buffer, int *buffer_space) +{ + uint8_t value; + + if (*buffer_space < sizeof(value)) { + *buffer_space = -1; /* Indicate a failure. */ + return 0; + } + + value = ((uint8_t *)(*buffer))[0]; + *buffer = (void *) ((uintptr_t) (*buffer) + sizeof(value)); + *buffer_space -= sizeof(value); + + return value; +} + +#define unmarshal_TPM_CAP(a, b) unmarshal_u32(a, b) +#define unmarshal_TPM_CC(a, b) unmarshal_u32(a, b) +#define unmarshal_TPM_PT(a, b) unmarshal_u32(a, b) +#define unmarshal_TPM_HANDLE(a, b) unmarshal_u32(a, b) + +/* + * Each marshaling function receives a pointer to the buffer to marshal into, + * a pointer to the data item to be marshaled, and a pointer to the remaining + * room in the buffer. + */ + + /* + * Marshaling an arbitrary blob requires its size in addition to common + * parameter set. + */ +static void marshal_blob(void **buffer, void *blob, + size_t blob_size, int *buffer_space) +{ + if (*buffer_space < blob_size) { + *buffer_space = -1; + return; + } + + memcpy(*buffer, blob, blob_size); + buffer_space -= blob_size; + *buffer = (void *)((uintptr_t)(*buffer) + blob_size); +} + +static void marshal_u8(void **buffer, uint8_t value, int *buffer_space) +{ + uint8_t *bp = *buffer; + + if (*buffer_space < sizeof(value)) { + *buffer_space = -1; + return; + } + + *bp++ = value; + *buffer = bp; + *buffer_space -= sizeof(value); +} + +static void marshal_u16(void **buffer, uint16_t value, int *buffer_space) +{ + if (*buffer_space < sizeof(value)) { + *buffer_space = -1; + return; + } + write_be16(*buffer, value); + *buffer = (void *)((uintptr_t)(*buffer) + sizeof(value)); + *buffer_space -= sizeof(value); +} + +static void marshal_u32(void **buffer, uint32_t value, int *buffer_space) +{ + if (*buffer_space < sizeof(value)) { + *buffer_space = -1; + return; + } + + write_be32(*buffer, value); + *buffer = (void *)((uintptr_t)(*buffer) + sizeof(value)); + *buffer_space -= sizeof(value); +} + +#define marshal_TPM_HANDLE(a, b, c) marshal_u32(a, b, c) +#define marshal_TPMI_RH_NV_AUTH(a, b, c) marshal_TPM_HANDLE(a, b, c) +#define marshal_TPMI_RH_NV_INDEX(a, b, c) marshal_TPM_HANDLE(a, b, c) +#define marshal_TPMI_SH_AUTH_SESSION(a, b, c) marshal_TPM_HANDLE(a, b, c) +#define marshal_TPMI_ALG_HASH(a, b, c) marshal_u16(a, b, c) + +static void marshal_startup(void **buffer, + struct tpm2_startup *cmd_body, + int *buffer_space) +{ + marshal_u16(buffer, cmd_body->startup_type, buffer_space); +} + +static void marshal_get_capability(void **buffer, + struct tpm2_get_capability *cmd_body, + int *buffer_space) +{ + marshal_u32(buffer, cmd_body->capability, buffer_space); + marshal_u32(buffer, cmd_body->property, buffer_space); + marshal_u32(buffer, cmd_body->propertyCount, buffer_space); +} + +static void marshal_TPM2B(void **buffer, + TPM2B *data, + int *buffer_space) +{ + size_t total_size = data->size + sizeof(data->size); + + if (total_size > *buffer_space) { + *buffer_space = -1; + return; + } + marshal_u16(buffer, data->size, buffer_space); + memcpy(*buffer, data->buffer, data->size); + *buffer = ((uint8_t *)(*buffer)) + data->size; + *buffer_space -= data->size; +} + +static void marshal_TPMA_NV(void **buffer, + TPMA_NV *nv, + int *buffer_space) +{ + marshal_u32(buffer, *((uint32_t *)nv), buffer_space); +} + +static void marshal_TPMS_NV_PUBLIC(void **buffer, + TPMS_NV_PUBLIC *nvpub, + int *buffer_space) +{ + marshal_TPM_HANDLE(buffer, nvpub->nvIndex, buffer_space); + marshal_TPMI_ALG_HASH(buffer, nvpub->nameAlg, buffer_space); + marshal_TPMA_NV(buffer, &nvpub->attributes, buffer_space); + marshal_TPM2B(buffer, &nvpub->authPolicy.b, buffer_space); + marshal_u16(buffer, nvpub->dataSize, buffer_space); +} + +static void marshal_session_header(void **buffer, + struct tpm2_session_header *session_header, + int *buffer_space) +{ + int base_size; + void *size_location = *buffer; + + /* Skip room for the session header size. */ + *buffer_space -= sizeof(uint32_t); + *buffer = (void *)(((uintptr_t) *buffer) + sizeof(uint32_t)); + + base_size = *buffer_space; + + marshal_u32(buffer, session_header->session_handle, buffer_space); + marshal_u16(buffer, session_header->nonce_size, buffer_space); + marshal_blob(buffer, session_header->nonce, + session_header->nonce_size, buffer_space); + marshal_u8(buffer, session_header->session_attrs, buffer_space); + marshal_u16(buffer, session_header->auth_size, buffer_space); + marshal_blob(buffer, session_header->auth, + session_header->auth_size, buffer_space); + + if (*buffer_space < 0) + return; /* The structure did not fit. */ + + /* Paste in the session size. */ + marshal_u32(&size_location, base_size - *buffer_space, &base_size); +} + +static void marshal_nv_define_space(void **buffer, + struct tpm2_nv_define_space_cmd *nvd_in, + int *buffer_space) +{ + void *size_location; + int base_size; + struct tpm2_session_header session_header; + + marshal_TPM_HANDLE(buffer, TPM_RH_PLATFORM, buffer_space); + memset(&session_header, 0, sizeof(session_header)); + session_header.session_handle = TPM_RS_PW; + marshal_session_header(buffer, &session_header, buffer_space); + tpm_tag = TPM_ST_SESSIONS; + + marshal_TPM2B(buffer, &nvd_in->auth.b, buffer_space); + + /* This is where the TPMS_NV_PUBLIC size will be stored. */ + size_location = *buffer; + + /* Allocate room for the size. */ + *buffer = ((uint8_t *)(*buffer)) + sizeof(uint16_t); + *buffer_space -= sizeof(uint16_t); + base_size = *buffer_space; + + marshal_TPMS_NV_PUBLIC(buffer, &nvd_in->publicInfo, buffer_space); + base_size = base_size - *buffer_space; + marshal_u16(&size_location, (uint16_t)base_size, &base_size); +} + +static void marshal_nv_write(void **buffer, + struct tpm2_nv_write_cmd *command_body, + int *buffer_space) +{ + struct tpm2_session_header session_header; + + marshal_TPM_HANDLE(buffer, TPM_RH_PLATFORM, buffer_space); + marshal_TPM_HANDLE(buffer, command_body->nvIndex, buffer_space); + memset(&session_header, 0, sizeof(session_header)); + session_header.session_handle = TPM_RS_PW; + marshal_session_header(buffer, &session_header, buffer_space); + tpm_tag = TPM_ST_SESSIONS; + + marshal_TPM2B(buffer, &command_body->data.b, buffer_space); + marshal_u16(buffer, command_body->offset, buffer_space); +} + +static void marshal_nv_read(void **buffer, + struct tpm2_nv_read_cmd *command_body, + int *buffer_space) +{ + struct tpm2_session_header session_header; + + marshal_TPM_HANDLE(buffer, TPM_RH_PLATFORM, buffer_space); + marshal_TPM_HANDLE(buffer, command_body->nvIndex, buffer_space); + memset(&session_header, 0, sizeof(session_header)); + session_header.session_handle = TPM_RS_PW; + marshal_session_header(buffer, &session_header, buffer_space); + tpm_tag = TPM_ST_SESSIONS; + marshal_u16(buffer, command_body->size, buffer_space); + marshal_u16(buffer, command_body->offset, buffer_space); +} + +static void marshal_selftest(void **buffer, + struct tpm2_self_test *command_body, + int *buffer_space) +{ + marshal_u8(buffer, command_body->yes_no, buffer_space); +} + +int tpm_marshal_command(TPM_CC command, void *tpm_command_body, + void *buffer, int buffer_size) +{ + void *cmd_body = (uint8_t *)buffer + sizeof(struct tpm_header); + int max_body_size = buffer_size - sizeof(struct tpm_header); + int body_size = max_body_size; + + /* Will be modified when marshaling some commands. */ + tpm_tag = TPM_ST_NO_SESSIONS; + + switch (command) { + case TPM2_Startup: + marshal_startup(&cmd_body, tpm_command_body, &body_size); + break; + + case TPM2_GetCapability: + marshal_get_capability(&cmd_body, tpm_command_body, + &body_size); + break; + + case TPM2_NV_Read: + marshal_nv_read(&cmd_body, tpm_command_body, &body_size); + break; + + case TPM2_NV_DefineSpace: + marshal_nv_define_space(&cmd_body, + tpm_command_body, &body_size); + break; + + case TPM2_NV_Write: + marshal_nv_write(&cmd_body, tpm_command_body, &body_size); + break; + + case TPM2_SelfTest: + marshal_selftest(&cmd_body, tpm_command_body, &body_size); + break; + + default: + body_size = -1; + printk(BIOS_INFO, "%s:%d:Request to marshal unsupported command %#x\n", + __FILE__, __LINE__, command); + } + + if (body_size > 0) { + + /* See how much room was taken by marshaling. */ + body_size = max_body_size - body_size; + + body_size += sizeof(struct tpm_header); + + marshal_u16(&buffer, tpm_tag, &max_body_size); + marshal_u32(&buffer, body_size, &max_body_size); + marshal_u32(&buffer, command, &max_body_size); + } + + return body_size; +} + +static void unmarshal_get_capability(void **buffer, int *size, + struct get_cap_response *gcr) +{ + int i; + + gcr->more_data = unmarshal_u8(buffer, size); + + gcr->cd.capability = unmarshal_TPM_CAP(buffer, size); + if (*size < 0) + return; + + switch (gcr->cd.capability) { + case TPM_CAP_TPM_PROPERTIES: + gcr->cd.data.tpmProperties.count = + unmarshal_u32(buffer, size); + if (*size < 0) + return; + if (gcr->cd.data.tpmProperties.count > ARRAY_SIZE + (gcr->cd.data.tpmProperties.tpmProperty)) { + printk(BIOS_INFO, "%s:%s:%d - %d - too many properties\n", + __FILE__, __func__, __LINE__, + gcr->cd.data.tpmProperties.count); + *size = -1; + return; + } + for (i = 0; i < gcr->cd.data.tpmProperties.count; i++) { + TPMS_TAGGED_PROPERTY *pp; + + pp = gcr->cd.data.tpmProperties.tpmProperty + i; + pp->property = unmarshal_TPM_PT(buffer, size); + pp->value = unmarshal_u32(buffer, size); + } + break; + default: + printk(BIOS_ERR, + "%s:%d - unable to unmarshal capability response", + __func__, __LINE__); + printk(BIOS_ERR, " for %d\n", gcr->cd.capability); + *size = -1; + break; + } +} + +static void unmarshal_TPM2B_MAX_NV_BUFFER(void **buffer, + int *size, + TPM2B_MAX_NV_BUFFER *nv_buffer) +{ + nv_buffer->t.size = unmarshal_u16(buffer, size); + if (nv_buffer->t.size > *size) { + printk(BIOS_ERR, "%s:%d - " + "size mismatch: expected %d, remaining %d\n", + __func__, __LINE__, nv_buffer->t.size, *size); + return; + } + + nv_buffer->t.buffer = *buffer; + + *buffer = ((uint8_t *)(*buffer)) + nv_buffer->t.size; + *size -= nv_buffer->t.size; +} + +static void unmarshal_nv_read(void **buffer, int *size, + struct nv_read_response *nvr) +{ + /* Total size of the parameter field. */ + nvr->params_size = unmarshal_u32(buffer, size); + unmarshal_TPM2B_MAX_NV_BUFFER(buffer, size, &nvr->buffer); + + if (nvr->params_size != + (nvr->buffer.t.size + sizeof(nvr->buffer.t.size))) { + printk(BIOS_ERR, + "%s:%d - parameter/buffer %d/%d size mismatch", + __func__, __LINE__, nvr->params_size, + nvr->buffer.t.size); + return; + } + + if (*size < 0) + return; + /* + * Let's ignore the authorisation section. It should be 5 bytes total, + * just confirm that this is the case and report any discrepancy. + */ + if (*size != 5) + printk(BIOS_ERR, + "%s:%d - unexpected authorisation seciton size %d\n", + __func__, __LINE__, *size); + + *buffer = ((uint8_t *)(*buffer)) + *size; + *size = 0; +} + +struct tpm2_response *tpm_unmarshal_response(TPM_CC command, + void *response_body, + int cr_size) +{ + static struct tpm2_response tpm2_resp; + + if (cr_size < sizeof(struct tpm_header)) + return NULL; + + tpm2_resp.hdr.tpm_tag = unmarshal_u16(&response_body, &cr_size); + tpm2_resp.hdr.tpm_size = unmarshal_u32(&response_body, &cr_size); + tpm2_resp.hdr.tpm_code = unmarshal_TPM_CC(&response_body, &cr_size); + + if (!cr_size) { + if (tpm2_resp.hdr.tpm_size != sizeof(tpm2_resp.hdr)) + printk(BIOS_ERR, + "%s: size mismatch in response to command %#x\n", + __func__, command); + return &tpm2_resp; + } + + switch (command) { + case TPM2_Startup: + break; + + case TPM2_GetCapability: + unmarshal_get_capability(&response_body, &cr_size, + &tpm2_resp.gc); + break; + + case TPM2_NV_Read: + unmarshal_nv_read(&response_body, &cr_size, + &tpm2_resp.nvr); + break; + + case TPM2_NV_DefineSpace: + case TPM2_NV_Write: + /* Session data included in response can be safely ignored. */ + cr_size = 0; + break; + + default: + { + int i; + + printk(BIOS_INFO, "%s:%d:" + "Request to unmarshal unexpected command %#x," + " code %#x", + __func__, __LINE__, command, + tpm2_resp.hdr.tpm_code); + + for (i = 0; i < cr_size; i++) { + if (!(i % 16)) + printk(BIOS_INFO, "\n"); + printk(BIOS_INFO, "%2.2x ", + ((uint8_t *)response_body)[i]); + } + } + printk(BIOS_INFO, "\n"); + return NULL; + } + + if (cr_size) { + printk(BIOS_INFO, + "%s:%d got %d bytes back in response to %#x," + " failed to parse (%d)\n", + __func__, __LINE__, tpm2_resp.hdr.tpm_size, + command, cr_size); + return NULL; + } + + /* The entire message have been parsed. */ + return &tpm2_resp; +} diff --git a/src/lib/tpm2_marshaling.h b/src/lib/tpm2_marshaling.h new file mode 100644 index 0000000000..69a345d731 --- /dev/null +++ b/src/lib/tpm2_marshaling.h @@ -0,0 +1,49 @@ +/* + * Copyright 2016 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ +#ifndef __SRC_LIB_TPM2_MARSHALING_H +#define __SRC_LIB_TPM2_MARSHALING_H + +#include "tpm2_tlcl_structures.h" + +/* The below functions are used to serialize/deserialize TPM2 commands. */ + +/** + * tpm_marshal_command + * + * Given a structure containing a TPM2 command, serialize the structure for + * sending it to the TPM. + * + * @command: code of the TPM2 command to marshal + * @tpm_command_body: a pointer to the command specific structure + * @buffer: buffer where command is marshaled to + * @buffer_size: size of the buffer + * + * Returns number of bytes placed in the buffer, or -1 on error. + * + */ +int tpm_marshal_command(TPM_CC command, void *tpm_command_body, + void *buffer, int buffer_size); + +/** + * tpm_unmarshal_response + * + * Given a buffer received from the TPM in response to a certain command, + * deserialize the buffer into the expeced response structure. + * + * struct tpm2_response is a union of all possible responses. + * + * @command: code of the TPM2 command for which a response is unmarshaled + * @response_body: buffer containing the serialized response. + * @response_size: number of bytes in the buffer containing response + * + * Returns a pointer to the deserialized response or NULL in case of + * unmarshaling problems. + */ +struct tpm2_response *tpm_unmarshal_response(TPM_CC command, + void *response_body, + int response_size); + +#endif // __SRC_LIB_TPM2_MARSHALING_H |