Reposting due to line-wraps in previous posting. This patch adds functions for parsing NVRAM related data structures. It follows the same pattern as all the other functions that are there for deserializing data structures -- which are unfortunately 'unsafe'.
Signed-off-by: Stefan Berger <[email protected]> --- src/include/trousers/trousers.h | 3 ++ src/trspi/trousers.c | 60 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) Index: trousers/src/trspi/trousers.c =================================================================== --- trousers.orig/src/trspi/trousers.c +++ trousers/src/trspi/trousers.c @@ -2737,3 +2737,63 @@ Trspi_UnloadBlob_CAP_VERSION_INFO(UINT64 return TSS_SUCCESS; } + +TSS_RESULT +Trspi_UnloadBlob_NV_INDEX(UINT64 *offset, BYTE *blob, TPM_NV_INDEX *v) +{ + if (!v) { + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT32(offset, v, blob); + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_UnloadBlob_NV_ATTRIBUTES(UINT64 *offset, BYTE *blob, TPM_NV_ATTRIBUTES *v) +{ + if (!v) { + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &v->tag, blob); + Trspi_UnloadBlob_UINT32(offset, &v->attributes, blob); + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_UnloadBlob_NV_DATA_PUBLIC(UINT64 *offset, BYTE *blob, TPM_NV_DATA_PUBLIC *v) +{ + if (!v) { + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_NV_INDEX(offset, blob, NULL); + Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, NULL); + Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, NULL); + Trspi_UnloadBlob_NV_ATTRIBUTES(offset, blob, NULL); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &v->tag, blob); + Trspi_UnloadBlob_NV_INDEX(offset, blob, &v->nvIndex); + Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, &v->pcrInfoRead); + Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, &v->pcrInfoWrite); + Trspi_UnloadBlob_NV_ATTRIBUTES(offset, blob, &v->permission); + Trspi_UnloadBlob_BYTE(offset, &v->bReadSTClear, blob); + Trspi_UnloadBlob_BYTE(offset, &v->bWriteSTClear, blob); + Trspi_UnloadBlob_BYTE(offset, &v->bWriteDefine, blob); + Trspi_UnloadBlob_UINT32(offset, &v->dataSize, blob); + + return TSS_SUCCESS; +} Index: trousers/src/include/trousers/trousers.h =================================================================== --- trousers.orig/src/include/trousers/trousers.h +++ trousers/src/include/trousers/trousers.h @@ -72,6 +72,9 @@ TSS_RESULT Trspi_UnloadBlob_TSS_PCR_INFO TSS_RESULT Trspi_UnloadBlob_TSS_DELEGATION_TABLE_ENTRY(UINT64 *offset, BYTE *blob, TSS_DELEGATION_TABLE_ENTRY *entry); TSS_RESULT Trspi_UnloadBlob_TSS_PLATFORM_CLASS(UINT64 *offset, BYTE *blob, TSS_PLATFORM_CLASS *platClass); TSS_RESULT Trspi_UnloadBlob_CAP_VERSION_INFO(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v); +TSS_RESULT Trspi_UnloadBlob_NV_INDEX(UINT64 *offset, BYTE *blob, TPM_NV_INDEX *v); +TSS_RESULT Trspi_UnloadBlob_NV_ATTRIBUTES(UINT64 *offset, BYTE *blob, TPM_NV_ATTRIBUTES *v); +TSS_RESULT Trspi_UnloadBlob_NV_DATA_PUBLIC(UINT64 *offset, BYTE *blob, TPM_NV_DATA_PUBLIC *v); /* Blob loading functions */ void Trspi_LoadBlob_BOUND_DATA(UINT64 *, TCPA_BOUND_DATA, UINT32, BYTE *); ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
