Signed-off-by: Yann Diorcet <[email protected]>
---
grub-core/Makefile.core.def | 1 +
grub-core/lib/tss2/tss2_iesys.c | 114 ++++++++++++++++++++++++++++++
grub-core/lib/tss2/tss2_iesys.h | 41 +++++++++++
grub-core/lib/tss2/tss2_mu.c | 15 ++++
grub-core/lib/tss2/tss2_mu.h | 8 +++
grub-core/lib/tss2/tss2_structs.h | 41 +++++++++++
grub-core/lib/tss2/tss2_types.h | 22 ++++++
7 files changed, 242 insertions(+)
create mode 100644 grub-core/lib/tss2/tss2_iesys.c
create mode 100644 grub-core/lib/tss2/tss2_iesys.h
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index f6d312033..9a5a88884 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -2561,6 +2561,7 @@ module = {
name = tss2;
common = lib/tss2/buffer.c;
common = lib/tss2/tss2_mu.c;
+ common = lib/tss2/tss2_iesys.c;
common = lib/tss2/tpm2_cmd.c;
common = lib/tss2/tss2.c;
efi = lib/efi/tcg2.c;
diff --git a/grub-core/lib/tss2/tss2_iesys.c b/grub-core/lib/tss2/tss2_iesys.c
new file mode 100644
index 000000000..ce59c3be3
--- /dev/null
+++ b/grub-core/lib/tss2/tss2_iesys.c
@@ -0,0 +1,114 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/mm.h>
+#include <grub/misc.h>
+
+#include <tss2_mu.h>
+#include <tss2_iesys.h>
+
+void
+grub_Tss2_iesys_MU_IESYSC_PARAM_ENCRYPT_Unmarshal(grub_tpm2_buffer_t buffer,
TPM_IESYSC_PARAM_ENCRYPT_t *p)
+{
+ grub_tpm2_buffer_unpack_u32 (buffer, (grub_uint32_t*)p);
+ if (*p != TPM_ENCRYPT && *p != TPM_NO_ENCRYPT)
+ {
+ buffer->error = 1;
+ }
+}
+
+void
+grub_Tss2_iesys_MU_IESYSC_PARAM_DECRYPT_Unmarshal(grub_tpm2_buffer_t buffer,
TPM_IESYSC_PARAM_DECRYPT_t *p)
+{
+ grub_tpm2_buffer_unpack_u32 (buffer, (grub_uint32_t*)p);
+ if (*p != TPM_DECRYPT && *p != TPM_NO_DECRYPT)
+ {
+ buffer->error = 1;
+ }
+}
+
+void
+grub_Tss2_iesys_MU_IESYSC_TYPE_POLICY_AUTH_Unmarshal(grub_tpm2_buffer_t
buffer, TPM_IESYSC_TYPE_POLICY_AUTH_t *p)
+{
+ grub_tpm2_buffer_unpack_u32 (buffer, (grub_uint32_t*)p);
+ if (*p != TPM_POLICY_PASSWORD && *p != TPM_POLICY_AUTH && *p !=
TPM_NO_POLICY_AUTH)
+ {
+ buffer->error = 1;
+ }
+}
+
+static void
+grub_Tss2_iesys_MU_BYTE_array_Unmarshal(grub_tpm2_buffer_t buffer,
grub_uint16_t size, char *p, grub_uint16_t bound)
+{
+ if (size > bound)
+ {
+ buffer->error = 1;
+ return;
+ }
+ grub_tpm2_buffer_unpack (buffer, &p, size);
+}
+
+void
+grub_Tss2_IESYS_SESSION_Unmarshal(grub_tpm2_buffer_t buffer,
TPM_IESYS_SESSION_t *p)
+{
+ grub_Tss2_MU_TPM2B_NAME_Unmarshal(buffer, &p->bound_entity);
+ grub_Tss2_MU_TPM2B_ENCRYPTED_SECRET_Unmarshal(buffer, &p->encryptedSalt);
+ grub_Tss2_MU_TPM2B_DATA_Unmarshal(buffer, &p->salt);
+ grub_Tss2_MU_TPMT_SYM_DEF_Unmarshal(buffer, &p->symmetric);
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->authHash);
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal(buffer, &p->sessionKey);
+ grub_tpm2_buffer_unpack_u8 (buffer, &p->sessionType);
+ grub_tpm2_buffer_unpack_u8 (buffer, ((grub_uint8_t *)
&p->sessionAttributes));
+ grub_Tss2_MU_TPM2B_NONCE_Unmarshal(buffer, &p->nonceCaller);
+ grub_Tss2_MU_TPM2B_NONCE_Unmarshal(buffer, &p->nonceTPM);
+ grub_Tss2_iesys_MU_IESYSC_PARAM_ENCRYPT_Unmarshal(buffer, &p->encrypt);
+ grub_Tss2_iesys_MU_IESYSC_PARAM_DECRYPT_Unmarshal(buffer, &p->decrypt);
+ grub_Tss2_iesys_MU_IESYSC_TYPE_POLICY_AUTH_Unmarshal(buffer,
&p->type_policy_session);
+ grub_tpm2_buffer_unpack_u16(buffer, &p->sizeSessionValue);
+ grub_Tss2_iesys_MU_BYTE_array_Unmarshal(buffer, p->sizeSessionValue,
&p->sessionValue[0], sizeof(p->sessionValue));
+ grub_tpm2_buffer_unpack_u16(buffer, &p->sizeHmacValue);
+}
+
+static void
+grub_Tss2_IESYS_RSRC_UNION_Unmarshal(grub_tpm2_buffer_t buffer, grub_uint32_t
selector, TPM_IESYS_RSRC_UNION_t *p)
+{
+ switch (selector) {
+ case TPM_IESYSC_KEY_RSRC:
+ grub_Tss2_MU_TPM2B_PUBLIC_Unmarshal(buffer, &p->rsrc_key_pub);
+ break;
+ case TPM_IESYSC_NV_RSRC:
+ grub_Tss2_MU_TPM2B_NV_PUBLIC_Unmarshal(buffer, &p->rsrc_nv_pub);
+ break;
+ case TPM_IESYSC_SESSION_RSRC:
+ grub_Tss2_IESYS_SESSION_Unmarshal(buffer, &p->rsrc_session);
+ break;
+ case TPM_IESYSC_WITHOUT_MISC_RSRC:
+ break;
+ default:
+ buffer->error = 1;
+ };
+}
+
+void
+grub_Tss2_IESYS_RESOURCE_Unmarshal(grub_tpm2_buffer_t buffer,
TPM_IESYS_RESOURCE_t *p)
+{
+ grub_tpm2_buffer_unpack_u32 (buffer, &p->handle);
+ grub_Tss2_MU_TPM2B_NAME_Unmarshal (buffer, &p->name);
+ grub_tpm2_buffer_unpack_u32 (buffer, &p->rsrcType);
+ grub_Tss2_IESYS_RSRC_UNION_Unmarshal(buffer, p->rsrcType, &p->misc);
+}
\ No newline at end of file
diff --git a/grub-core/lib/tss2/tss2_iesys.h b/grub-core/lib/tss2/tss2_iesys.h
new file mode 100644
index 000000000..0606a13cf
--- /dev/null
+++ b/grub-core/lib/tss2/tss2_iesys.h
@@ -0,0 +1,41 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_TPM2_IESYS_HEADER
+#define GRUB_TPM2_IESYS_HEADER 1
+
+#include <tss2_buffer.h>
+#include <tss2_structs.h>
+
+void
+grub_Tss2_iesys_MU_IESYSC_PARAM_ENCRYPT_Unmarshal(grub_tpm2_buffer_t buffer,
TPM_IESYSC_PARAM_ENCRYPT_t *p);
+
+void
+grub_Tss2_iesys_MU_IESYSC_PARAM_DECRYPT_Unmarshal(grub_tpm2_buffer_t buffer,
TPM_IESYSC_PARAM_DECRYPT_t *p);
+
+void
+grub_Tss2_iesys_MU_IESYSC_TYPE_POLICY_AUTH_Unmarshal(grub_tpm2_buffer_t
buffer, TPM_IESYSC_TYPE_POLICY_AUTH_t *p);
+
+void
+grub_Tss2_IESYS_SESSION_Unmarshal(grub_tpm2_buffer_t buffer,
TPM_IESYS_SESSION_t *p);
+
+void
+grub_Tss2_IESYS_RESOURCE_Unmarshal(grub_tpm2_buffer_t buffer,
TPM_IESYS_RESOURCE_t *p);
+
+
+#endif /* ! GRUB_TPM2_IESYS_HEADER */
diff --git a/grub-core/lib/tss2/tss2_mu.c b/grub-core/lib/tss2/tss2_mu.c
index 816e5b37f..495899118 100644
--- a/grub-core/lib/tss2/tss2_mu.c
+++ b/grub-core/lib/tss2/tss2_mu.c
@@ -622,6 +622,21 @@ __Tss2_MU_TPM2B_BUFFER_Unmarshal (grub_tpm2_buffer_t
buffer,
#define TPM2B_BUFFER_UNMARSHAL(buffer, type, data) \
__Tss2_MU_TPM2B_BUFFER_Unmarshal(buffer, (TPM2B_t *)data, sizeof(type) -
sizeof(grub_uint16_t))
+void
+grub_Tss2_MU_TPM2B_ENCRYPTED_SECRET_Unmarshal (grub_tpm2_buffer_t buffer,
TPM2B_ENCRYPTED_SECRET_t *encrypted_secret)
+{
+ TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_ENCRYPTED_SECRET_t, encrypted_secret);
+}
+
+extern void
+grub_Tss2_MU_TPMT_SYM_DEF_Unmarshal (grub_tpm2_buffer_t buffer,
+ TPMT_SYM_DEF_t *p)
+{
+ grub_tpm2_buffer_unpack_u16 (buffer, &p->algorithm);
+ grub_Tss2_MU_TPMU_SYM_KEY_BITS_Unmarshal (buffer, p->algorithm, &p->keyBits);
+ grub_Tss2_MU_TPMU_SYM_MODE_Unmarshal (buffer, p->algorithm, &p->mode);
+}
+
void
grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (grub_tpm2_buffer_t buffer,
TPMS_AUTH_RESPONSE_t *p)
diff --git a/grub-core/lib/tss2/tss2_mu.h b/grub-core/lib/tss2/tss2_mu.h
index 6440de57c..ef29ba91c 100644
--- a/grub-core/lib/tss2/tss2_mu.h
+++ b/grub-core/lib/tss2/tss2_mu.h
@@ -201,6 +201,14 @@ extern void
grub_Tss2_MU_TPM2B_NV_PUBLIC_Marshal (grub_tpm2_buffer_t buffer,
const TPM2B_NV_PUBLIC_t *p);
+extern void
+grub_Tss2_MU_TPM2B_ENCRYPTED_SECRET_Unmarshal (grub_tpm2_buffer_t buffer,
+ TPM2B_ENCRYPTED_SECRET_t
*encrypted_secret);
+
+extern void
+grub_Tss2_MU_TPMT_SYM_DEF_Unmarshal (grub_tpm2_buffer_t buffer,
+ TPMT_SYM_DEF_t *p);
+
extern void
grub_Tss2_MU_TPMS_AUTH_RESPONSE_Unmarshal (grub_tpm2_buffer_t buffer,
TPMS_AUTH_RESPONSE_t *p);
diff --git a/grub-core/lib/tss2/tss2_structs.h
b/grub-core/lib/tss2/tss2_structs.h
index ca33db3ec..8eb6c227e 100644
--- a/grub-core/lib/tss2/tss2_structs.h
+++ b/grub-core/lib/tss2/tss2_structs.h
@@ -793,4 +793,45 @@ struct TPMT_TK_VERIFIED {
};
typedef struct TPMT_TK_VERIFIED TPMT_TK_VERIFIED_t;
+
+/** Type for representing TPM-Session
+ */
+struct TPM_IESYS_SESSION {
+ TPM2B_NAME_t bound_entity; /**< Entity to
which the session is bound */
+ TPM2B_ENCRYPTED_SECRET_t encryptedSalt; /**< Encrypted
salt which can be provided by application */
+ TPM2B_DATA_t salt; /**< Salt computed
if no encrypted salt is provided */
+ TPMT_SYM_DEF_t symmetric; /**< Algorithm
selection for parameter encryption */
+ TPMI_ALG_HASH_t authHash; /**< Hashalg used
for authorization */
+ TPM2B_DIGEST_t sessionKey; /**< sessionKey
used for KDFa to compute symKey */
+ TPM_SE_t sessionType; /**< Type of the
session (HMAC, Policy) */
+ TPMA_SESSION_t sessionAttributes; /**< Flags which
define the session behaviour */
+ TPMA_SESSION_t origSessionAttributes; /**< Copy of flags
which define the session behaviour */
+ TPM2B_NONCE_t nonceCaller; /**< Nonce
computed by the ESAPI for every session call */
+ TPM2B_NONCE_t nonceTPM; /**< Nonce which
is returned by the TPM for every session call */
+ TPM_IESYSC_PARAM_ENCRYPT_t encrypt; /**< Indicate
parameter encryption by the TPM */
+ TPM_IESYSC_PARAM_DECRYPT_t decrypt; /**< Indicate
parameter decryption by the TPM */
+ TPM_IESYSC_TYPE_POLICY_AUTH_t type_policy_session; /**< Field to
store markers for policy sessions */
+ grub_uint16_t sizeSessionValue; /**< Size of
sessionKey plus optionally authValue */
+ char sessionValue [2*sizeof(TPMU_HA_t)]; /**< sessionKey ||
AuthValue */
+ grub_uint16_t sizeHmacValue; /**< Size of
sessionKey plus optionally authValue */
+};
+typedef struct TPM_IESYS_SESSION TPM_IESYS_SESSION_t;
+
+union TPM_IESYS_RSRC_UNION {
+ TPM2B_PUBLIC_t rsrc_key_pub; /**< Public info
for key objects */
+ TPM2B_NV_PUBLIC_t rsrc_nv_pub; /**< Public info
for NV ram objects */
+ TPM_IESYS_SESSION_t rsrc_session; /**< Internal
esapi session information */
+ TPMS_EMPTY_t rsrc_empty; /**< no
specialized date for resource */
+};
+typedef union TPM_IESYS_RSRC_UNION TPM_IESYS_RSRC_UNION_t;
+
+struct TPM_IESYS_RESOURCE {
+ TPM_HANDLE_t handle; /**< Handle used
by TPM */
+ TPM2B_NAME_t name; /**< TPM name of
the object */
+ TPM_IESYSC_RESOURCE_TYPE_t rsrcType; /**< Selector for
resource type */
+ TPM_IESYS_RSRC_UNION_t misc; /**< Resource
specific information */
+} ;
+
+typedef struct TPM_IESYS_RESOURCE TPM_IESYS_RESOURCE_t;
+
#endif /* ! GRUB_TPM2_INTERNAL_STRUCTS_HEADER */
diff --git a/grub-core/lib/tss2/tss2_types.h b/grub-core/lib/tss2/tss2_types.h
index bddde7191..a44c49569 100644
--- a/grub-core/lib/tss2/tss2_types.h
+++ b/grub-core/lib/tss2/tss2_types.h
@@ -407,4 +407,26 @@ typedef TPM_HANDLE_t TPMI_RH_PROVISION_t;
/* TPMI_RH_PROVISION_t Type */
typedef TPM_HANDLE_t TPMI_DH_PERSISTENT_t;
+typedef grub_uint32_t TPM_IESYSC_RESOURCE_TYPE_t;
+
+typedef grub_uint32_t TPM_IESYSC_RESOURCE_TYPE_CONSTANT_t;
+#define TPM_IESYSC_KEY_RSRC 1 /**< Tag for key resource */
+#define TPM_IESYSC_NV_RSRC 2 /**< Tag for NV Ram resource */
+#define TPM_IESYSC_SESSION_RSRC 3 /**< Tag for session resources
*/
+#define TPM_IESYSC_DEGRADED_SESSION_RSRC 4 /**< Tag for degraded session
resources */
+#define TPM_IESYSC_WITHOUT_MISC_RSRC 0 /**< Tag for other resources,
e.g. PCR register, hierarchies */
+
+typedef grub_uint32_t TPM_IESYSC_PARAM_ENCRYPT_t;
+#define TPM_ENCRYPT 1 /**< Parameter encryption by
TPM */
+#define TPM_NO_ENCRYPT 0 /**< No parameter encryption
by TPM */
+
+typedef grub_uint32_t TPM_IESYSC_PARAM_DECRYPT_t;
+#define TPM_DECRYPT 1 /**< Parameter decryption by
TPM */
+#define TPM_NO_DECRYPT 0 /**< No parameter decryption
by TPM */
+
+typedef grub_uint32_t TPM_IESYSC_TYPE_POLICY_AUTH_t;
+#define TPM_POLICY_PASSWORD 2 /**< Marker to include auth
value of the authorized object */
+#define TPM_POLICY_AUTH 1 /**< Marker to include the
auth value in the HMAC key */
+#define TPM_NO_POLICY_AUTH 0 /**< no special handling */
+
#endif /* ! GRUB_TPM2_INTERNAL_TYPES_HEADER */
--
2.39.5
_______________________________________________
Grub-devel mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/grub-devel
