From patchwork Thu Mar  8 15:40:11 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Miquel Raynal <miquel.raynal@bootlin.com>
X-Patchwork-Id: 883191
X-Patchwork-Delegate: sjg@chromium.org
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=bootlin.com
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 3zxvwy3hV2z9shl
	for <incoming@patchwork.ozlabs.org>;
	Fri,  9 Mar 2018 02:45:38 +1100 (AEDT)
Received: by lists.denx.de (Postfix, from userid 105)
	id 3B190C21F48; Thu,  8 Mar 2018 15:43:43 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id DB32CC21F9B;
	Thu,  8 Mar 2018 15:40:49 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 9EA6BC21F21; Thu,  8 Mar 2018 15:40:43 +0000 (UTC)
Received: from mail.bootlin.com (mail.bootlin.com [62.4.15.54])
	by lists.denx.de (Postfix) with ESMTP id 494FAC21C2C
	for <u-boot@lists.denx.de>; Thu,  8 Mar 2018 15:40:42 +0000 (UTC)
Received: by mail.bootlin.com (Postfix, from userid 110)
	id AB81A20732; Thu,  8 Mar 2018 16:40:40 +0100 (CET)
Received: from localhost.localdomain
	(LStLambert-657-1-97-87.w90-63.abo.wanadoo.fr [90.63.216.87])
	by mail.bootlin.com (Postfix) with ESMTPSA id 0B50F207E9;
	Thu,  8 Mar 2018 16:40:28 +0100 (CET)
From: Miquel Raynal <miquel.raynal@bootlin.com>
To: u-boot@lists.denx.de
Date: Thu,  8 Mar 2018 16:40:11 +0100
Message-Id: <20180308154021.25255-9-miquel.raynal@bootlin.com>
X-Mailer: git-send-email 2.14.1
In-Reply-To: <20180308154021.25255-1-miquel.raynal@bootlin.com>
References: <20180308154021.25255-1-miquel.raynal@bootlin.com>
Subject: [U-Boot] [PATCH 08/18] tpm: handle different buffer sizes
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Usual buffer sizes for TPMv1 and TPMv2 are different. Change TPMv1
buffer size definition for that and declare another size for TPMv2
buffers.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
 cmd/tpm.c     |  5 +++--
 include/tpm.h |  2 ++
 lib/tpm.c     | 60 +++++++++++++++++++++++++++++------------------------------
 3 files changed, 34 insertions(+), 33 deletions(-)

diff --git a/cmd/tpm.c b/cmd/tpm.c
index 1d32028b64..3e2bb3b118 100644
--- a/cmd/tpm.c
+++ b/cmd/tpm.c
@@ -323,8 +323,9 @@ static int do_tpm_nv_write_value(cmd_tbl_t *cmdtp, int flag,
 static int do_tpm_extend(cmd_tbl_t *cmdtp, int flag,
 		int argc, char * const argv[])
 {
+	uint8_t in_digest[TPM1_DIGEST_LENGTH];
+	uint8_t out_digest[TPM1_DIGEST_LENGTH];
 	uint32_t index, rc;
-	uint8_t in_digest[20], out_digest[20];
 
 	if (argc != 3)
 		return CMD_RET_USAGE;
@@ -337,7 +338,7 @@ static int do_tpm_extend(cmd_tbl_t *cmdtp, int flag,
 	rc = tpm_extend(index, in_digest, out_digest);
 	if (!rc) {
 		puts("PCR value after execution of the command:\n");
-		print_byte_string(out_digest, sizeof(out_digest));
+		print_byte_string(out_digest, TPM1_DIGEST_LENGTH);
 	}
 
 	return report_return_code(rc);
diff --git a/include/tpm.h b/include/tpm.h
index 0ec3428ea4..1a60ef5b36 100644
--- a/include/tpm.h
+++ b/include/tpm.h
@@ -14,6 +14,8 @@
  */
 
 #define TPM_HEADER_SIZE		10
+#define TPM1_DIGEST_LENGTH	20
+#define TPM2_DIGEST_LENGTH	32
 
 enum tpm_duration {
 	TPM_SHORT = 0,
diff --git a/lib/tpm.c b/lib/tpm.c
index c32fc51ff9..f8e99a1e91 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -29,8 +29,6 @@ enum {
 	COMMAND_BUFFER_SIZE		= 256,
 	TPM_REQUEST_HEADER_LENGTH	= 10,
 	TPM_RESPONSE_HEADER_LENGTH	= 10,
-	PCR_DIGEST_LENGTH		= 20,
-	DIGEST_LENGTH			= 20,
 	TPM_REQUEST_AUTH_LENGTH		= 45,
 	TPM_RESPONSE_AUTH_LENGTH	= 41,
 	/* some max lengths, valid for RSA keys <= 2048 bits */
@@ -47,8 +45,8 @@ enum {
 struct session_data {
 	int		valid;
 	uint32_t	handle;
-	uint8_t		nonce_even[DIGEST_LENGTH];
-	uint8_t		nonce_odd[DIGEST_LENGTH];
+	uint8_t		nonce_even[TPM1_DIGEST_LENGTH];
+	uint8_t		nonce_odd[TPM1_DIGEST_LENGTH];
 };
 
 static struct session_data oiap_session = {0, };
@@ -469,7 +467,7 @@ uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest)
 	const size_t in_digest_offset = 14;
 	const size_t out_digest_offset = 10;
 	uint8_t buf[COMMAND_BUFFER_SIZE];
-	uint8_t response[TPM_RESPONSE_HEADER_LENGTH + PCR_DIGEST_LENGTH];
+	uint8_t response[TPM_RESPONSE_HEADER_LENGTH + TPM1_DIGEST_LENGTH];
 	size_t response_length = sizeof(response);
 	uint32_t err;
 
@@ -477,18 +475,18 @@ uint32_t tpm_extend(uint32_t index, const void *in_digest, void *out_digest)
 		return -EOPNOTSUPP;
 
 	if (pack_byte_string(buf, sizeof(buf), "sds",
-				0, command, sizeof(command),
-				index_offset, index,
-				in_digest_offset, in_digest,
-				PCR_DIGEST_LENGTH))
+			     0, command, sizeof(command),
+			     index_offset, index,
+			     in_digest_offset, in_digest,
+			     TPM1_DIGEST_LENGTH))
 		return TPM_LIB_ERROR;
 	err = tpm_sendrecv_command(buf, response, &response_length);
 	if (err)
 		return err;
 
 	if (unpack_byte_string(response, response_length, "s",
-				out_digest_offset, out_digest,
-				PCR_DIGEST_LENGTH))
+			       out_digest_offset, out_digest,
+			       TPM1_DIGEST_LENGTH))
 		return TPM_LIB_ERROR;
 
 	return 0;
@@ -516,7 +514,7 @@ uint32_t tpm_pcr_read(uint32_t index, void *data, size_t count)
 	if (err)
 		return err;
 	if (unpack_byte_string(response, response_length, "s",
-				out_digest_offset, data, PCR_DIGEST_LENGTH))
+				out_digest_offset, data, TPM1_DIGEST_LENGTH))
 		return TPM_LIB_ERROR;
 
 	return 0;
@@ -784,7 +782,7 @@ static uint32_t create_request_auth(const void *request, size_t request_len0,
 	struct session_data *auth_session,
 	void *request_auth, const void *auth)
 {
-	uint8_t hmac_data[DIGEST_LENGTH * 3 + 1];
+	uint8_t hmac_data[TPM1_DIGEST_LENGTH * 3 + 1];
 	sha1_context hash_ctx;
 	const size_t command_code_offset = 6;
 	const size_t auth_nonce_odd_offset = 4;
@@ -804,25 +802,25 @@ static uint32_t create_request_auth(const void *request, size_t request_len0,
 	sha1_finish(&hash_ctx, hmac_data);
 
 	sha1_starts(&hash_ctx);
-	sha1_update(&hash_ctx, auth_session->nonce_odd, DIGEST_LENGTH);
+	sha1_update(&hash_ctx, auth_session->nonce_odd, TPM1_DIGEST_LENGTH);
 	sha1_update(&hash_ctx, hmac_data, sizeof(hmac_data));
 	sha1_finish(&hash_ctx, auth_session->nonce_odd);
 
 	if (pack_byte_string(request_auth, TPM_REQUEST_AUTH_LENGTH, "dsb",
 			     0, auth_session->handle,
 			     auth_nonce_odd_offset, auth_session->nonce_odd,
-			     DIGEST_LENGTH,
+			     TPM1_DIGEST_LENGTH,
 			     auth_continue_offset, 1))
 		return TPM_LIB_ERROR;
 	if (pack_byte_string(hmac_data, sizeof(hmac_data), "ss",
-			     DIGEST_LENGTH,
+			     TPM1_DIGEST_LENGTH,
 			     auth_session->nonce_even,
-			     DIGEST_LENGTH,
-			     2 * DIGEST_LENGTH,
+			     TPM1_DIGEST_LENGTH,
+			     2 * TPM1_DIGEST_LENGTH,
 			     request_auth + auth_nonce_odd_offset,
-			     DIGEST_LENGTH + 1))
+			     TPM1_DIGEST_LENGTH + 1))
 		return TPM_LIB_ERROR;
-	sha1_hmac(auth, DIGEST_LENGTH, hmac_data, sizeof(hmac_data),
+	sha1_hmac(auth, TPM1_DIGEST_LENGTH, hmac_data, sizeof(hmac_data),
 		  request_auth + auth_auth_offset);
 
 	return TPM_SUCCESS;
@@ -848,8 +846,8 @@ static uint32_t verify_response_auth(uint32_t command_code,
 	struct session_data *auth_session,
 	const void *response_auth, const void *auth)
 {
-	uint8_t hmac_data[DIGEST_LENGTH * 3 + 1];
-	uint8_t computed_auth[DIGEST_LENGTH];
+	uint8_t hmac_data[TPM1_DIGEST_LENGTH * 3 + 1];
+	uint8_t computed_auth[TPM1_DIGEST_LENGTH];
 	sha1_context hash_ctx;
 	const size_t return_code_offset = 6;
 	const size_t auth_continue_offset = 20;
@@ -874,24 +872,24 @@ static uint32_t verify_response_auth(uint32_t command_code,
 			    - handles_len);
 	sha1_finish(&hash_ctx, hmac_data);
 
-	memcpy(auth_session->nonce_even, response_auth, DIGEST_LENGTH);
+	memcpy(auth_session->nonce_even, response_auth, TPM1_DIGEST_LENGTH);
 	auth_continue = ((uint8_t *)response_auth)[auth_continue_offset];
 	if (pack_byte_string(hmac_data, sizeof(hmac_data), "ssb",
-			     DIGEST_LENGTH,
+			     TPM1_DIGEST_LENGTH,
 			     response_auth,
-			     DIGEST_LENGTH,
-			     2 * DIGEST_LENGTH,
+			     TPM1_DIGEST_LENGTH,
+			     2 * TPM1_DIGEST_LENGTH,
 			     auth_session->nonce_odd,
-			     DIGEST_LENGTH,
-			     3 * DIGEST_LENGTH,
+			     TPM1_DIGEST_LENGTH,
+			     3 * TPM1_DIGEST_LENGTH,
 			     auth_continue))
 		return TPM_LIB_ERROR;
 
-	sha1_hmac(auth, DIGEST_LENGTH, hmac_data, sizeof(hmac_data),
+	sha1_hmac(auth, TPM1_DIGEST_LENGTH, hmac_data, sizeof(hmac_data),
 		  computed_auth);
 
 	if (memcmp(computed_auth, response_auth + auth_auth_offset,
-		   DIGEST_LENGTH))
+		   TPM1_DIGEST_LENGTH))
 		return TPM_AUTHFAIL;
 
 	return TPM_SUCCESS;
@@ -961,7 +959,7 @@ uint32_t tpm_oiap(uint32_t *auth_handle)
 	if (unpack_byte_string(response, response_length, "ds",
 			       res_auth_handle_offset, &oiap_session.handle,
 			       res_nonce_even_offset, &oiap_session.nonce_even,
-			       (uint32_t)DIGEST_LENGTH))
+			       (uint32_t)TPM1_DIGEST_LENGTH))
 		return TPM_LIB_ERROR;
 	oiap_session.valid = 1;
 	if (auth_handle)