TianoCore EDK2 master
Loading...
Searching...
No Matches
HashLibBaseCryptoRouterDxe.c
Go to the documentation of this file.
1
11#include <PiPei.h>
12#include <Library/BaseLib.h>
13#include <Library/BaseMemoryLib.h>
14#include <Library/Tpm2CommandLib.h>
15#include <Library/DebugLib.h>
16#include <Library/MemoryAllocationLib.h>
17#include <Library/PcdLib.h>
18#include <Library/HashLib.h>
19#include <Protocol/Tcg2Protocol.h>
20
21#include "HashLibBaseCryptoRouterCommon.h"
22
23HASH_INTERFACE mHashInterface[HASH_COUNT] = {
24 {
25 { 0 }, NULL, NULL, NULL
26 }
27};
28UINTN mHashInterfaceCount = 0;
29
30UINT32 mSupportedHashMaskLast = 0;
31UINT32 mSupportedHashMaskCurrent = 0;
32
38VOID
39CheckSupportedHashMaskMismatch (
40 VOID
41 )
42{
43 if (mSupportedHashMaskCurrent != mSupportedHashMaskLast) {
44 DEBUG ((
45 DEBUG_WARN,
46 "WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n",
47 mSupportedHashMaskCurrent,
48 mSupportedHashMaskLast
49 ));
50 DEBUG ((DEBUG_WARN, "that are linking different HashInstanceLib instances!\n"));
51 }
52}
53
62EFI_STATUS
63EFIAPI
64HashStart (
65 OUT HASH_HANDLE *HashHandle
66 )
67{
68 HASH_HANDLE *HashCtx;
69 UINTN Index;
70 UINT32 HashMask;
71
72 if (mHashInterfaceCount == 0) {
73 return EFI_UNSUPPORTED;
74 }
75
76 CheckSupportedHashMaskMismatch ();
77
78 HashCtx = AllocatePool (sizeof (*HashCtx) * mHashInterfaceCount);
79 ASSERT (HashCtx != NULL);
80
81 for (Index = 0; Index < mHashInterfaceCount; Index++) {
82 HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
83 if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
84 mHashInterface[Index].HashInit (&HashCtx[Index]);
85 }
86 }
87
88 *HashHandle = (HASH_HANDLE)HashCtx;
89
90 return EFI_SUCCESS;
91}
92
102EFI_STATUS
103EFIAPI
104HashUpdate (
105 IN HASH_HANDLE HashHandle,
106 IN VOID *DataToHash,
107 IN UINTN DataToHashLen
108 )
109{
110 HASH_HANDLE *HashCtx;
111 UINTN Index;
112 UINT32 HashMask;
113
114 if (mHashInterfaceCount == 0) {
115 return EFI_UNSUPPORTED;
116 }
117
118 CheckSupportedHashMaskMismatch ();
119
120 HashCtx = (HASH_HANDLE *)HashHandle;
121
122 for (Index = 0; Index < mHashInterfaceCount; Index++) {
123 HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
124 if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
125 mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
126 }
127 }
128
129 return EFI_SUCCESS;
130}
131
143EFI_STATUS
144EFIAPI
145Tpm2ExtendNvIndex (
146 TPMI_RH_NV_INDEX NvIndex,
147 UINT16 DataSize,
148 BYTE *Data
149 )
150{
151 EFI_STATUS Status;
152 TPMI_RH_NV_AUTH AuthHandle;
153 TPM2B_MAX_BUFFER NvExtendData;
154
155 AuthHandle = TPM_RH_PLATFORM;
156 ZeroMem (&NvExtendData, sizeof (NvExtendData));
157 CopyMem (NvExtendData.buffer, Data, DataSize);
158 NvExtendData.size = DataSize;
159 Status = Tpm2NvExtend (
160 AuthHandle,
161 NvIndex,
162 NULL,
163 &NvExtendData
164 );
165 if (EFI_ERROR (Status)) {
166 DEBUG (
167 (DEBUG_ERROR, "Extend TPM NV index failed, Index: 0x%x Status: %d\n",
168 NvIndex, Status)
169 );
170 }
171
172 return Status;
173}
174
186EFI_STATUS
187EFIAPI
188HashCompleteAndExtend (
189 IN HASH_HANDLE HashHandle,
190 IN TPMI_DH_PCR PcrIndex,
191 IN VOID *DataToHash,
192 IN UINTN DataToHashLen,
193 OUT TPML_DIGEST_VALUES *DigestList
194 )
195{
196 TPML_DIGEST_VALUES Digest;
197 HASH_HANDLE *HashCtx;
198 UINTN Index;
199 EFI_STATUS Status;
200 UINT32 HashMask;
201 TPML_DIGEST_VALUES TcgPcrEvent2Digest;
202 EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
203 UINT32 ActivePcrBanks;
204 UINT32 *BufferPtr;
205 UINT32 DigestListBinSize;
206
207 if (mHashInterfaceCount == 0) {
208 return EFI_UNSUPPORTED;
209 }
210
211 CheckSupportedHashMaskMismatch ();
212
213 HashCtx = (HASH_HANDLE *)HashHandle;
214 ZeroMem (DigestList, sizeof (*DigestList));
215
216 for (Index = 0; Index < mHashInterfaceCount; Index++) {
217 HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid);
218 if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
219 mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen);
220 mHashInterface[Index].HashFinal (HashCtx[Index], &Digest);
221 Tpm2SetHashToDigestList (DigestList, &Digest);
222 }
223 }
224
225 FreePool (HashCtx);
226
227 if (PcrIndex <= MAX_PCR_INDEX) {
228 Status = Tpm2PcrExtend (
229 PcrIndex,
230 DigestList
231 );
232 } else {
233 Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);
234 ASSERT_EFI_ERROR (Status);
235 ActivePcrBanks = ActivePcrBanks & mSupportedHashMaskCurrent;
236 ZeroMem (&TcgPcrEvent2Digest, sizeof (TcgPcrEvent2Digest));
237 BufferPtr = CopyDigestListToBuffer (&TcgPcrEvent2Digest, DigestList, ActivePcrBanks);
238 DigestListBinSize = (UINT32)((UINT8 *)BufferPtr - (UINT8 *)&TcgPcrEvent2Digest);
239
240 //
241 // Extend to TPM NvIndex
242 //
243 Status = Tpm2ExtendNvIndex (
244 PcrIndex,
245 (UINT16)DigestListBinSize,
246 (BYTE *)&TcgPcrEvent2Digest
247 );
248 }
249
250 return Status;
251}
252
263EFI_STATUS
264EFIAPI
265HashAndExtend (
266 IN TPMI_DH_PCR PcrIndex,
267 IN VOID *DataToHash,
268 IN UINTN DataToHashLen,
269 OUT TPML_DIGEST_VALUES *DigestList
270 )
271{
272 HASH_HANDLE HashHandle;
273 EFI_STATUS Status;
274
275 if (mHashInterfaceCount == 0) {
276 return EFI_UNSUPPORTED;
277 }
278
279 CheckSupportedHashMaskMismatch ();
280
281 HashStart (&HashHandle);
282 HashUpdate (HashHandle, DataToHash, DataToHashLen);
283 Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList);
284
285 return Status;
286}
287
297EFI_STATUS
298EFIAPI
299RegisterHashInterfaceLib (
300 IN HASH_INTERFACE *HashInterface
301 )
302{
303 UINTN Index;
304 UINT32 HashMask;
305 UINT32 Tpm2HashMask;
306 EFI_STATUS Status;
307
308 //
309 // Check allow
310 //
311 HashMask = Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid);
312 Tpm2HashMask = PcdGet32 (PcdTpm2HashMask);
313
314 if ((Tpm2HashMask != 0) &&
315 ((HashMask & Tpm2HashMask) == 0))
316 {
317 return EFI_UNSUPPORTED;
318 }
319
320 if (mHashInterfaceCount >= sizeof (mHashInterface)/sizeof (mHashInterface[0])) {
321 return EFI_OUT_OF_RESOURCES;
322 }
323
324 //
325 // Check duplication
326 //
327 for (Index = 0; Index < mHashInterfaceCount; Index++) {
328 if (CompareGuid (&mHashInterface[Index].HashGuid, &HashInterface->HashGuid)) {
329 DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid));
330 return EFI_ALREADY_STARTED;
331 }
332 }
333
334 //
335 // Record hash algorithm bitmap of CURRENT module which consumes HashLib.
336 //
337 mSupportedHashMaskCurrent = PcdGet32 (PcdTcg2HashAlgorithmBitmap) | HashMask;
338 Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent);
339 ASSERT_EFI_ERROR (Status);
340
341 CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof (*HashInterface));
342 mHashInterfaceCount++;
343
344 return EFI_SUCCESS;
345}
346
356EFI_STATUS
357EFIAPI
358HashLibBaseCryptoRouterDxeConstructor (
359 IN EFI_HANDLE ImageHandle,
360 IN EFI_SYSTEM_TABLE *SystemTable
361 )
362{
363 EFI_STATUS Status;
364
365 //
366 // Record hash algorithm bitmap of LAST module which also consumes HashLib.
367 //
368 mSupportedHashMaskLast = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
369
370 //
371 // Set PcdTcg2HashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
372 //
373 Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, 0);
374 ASSERT_EFI_ERROR (Status);
375
376 return EFI_SUCCESS;
377}
UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112
CopyMem
VOID *EFIAPI CopyMem(OUT VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
Definition: CopyMemWrapper.c:41
CompareGuid
BOOLEAN EFIAPI CompareGuid(IN CONST GUID *Guid1, IN CONST GUID *Guid2)
Definition: MemLibGuid.c:73
ZeroMem
VOID *EFIAPI ZeroMem(OUT VOID *Buffer, IN UINTN Length)
Definition: ZeroMemWrapper.c:38
FreePool
VOID EFIAPI FreePool(IN VOID *Buffer)
Definition: MemoryAllocationLib.c:266
Tpm2GetHashMaskFromAlgo
UINT32 EFIAPI Tpm2GetHashMaskFromAlgo(IN EFI_GUID *HashGuid)
Definition: HashLibBaseCryptoRouterCommon.c:40
Tpm2SetHashToDigestList
VOID EFIAPI Tpm2SetHashToDigestList(IN OUT TPML_DIGEST_VALUES *DigestList, IN TPML_DIGEST_VALUES *Digest)
Definition: HashLibBaseCryptoRouterCommon.c:63
HashLibBaseCryptoRouterDxeConstructor
EFI_STATUS EFIAPI HashLibBaseCryptoRouterDxeConstructor(IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable)
Definition: HashLibBaseCryptoRouterDxe.c:358
HashStart
EFI_STATUS EFIAPI HashStart(OUT HASH_HANDLE *HashHandle)
Definition: HashLibBaseCryptoRouterDxe.c:64
RegisterHashInterfaceLib
EFI_STATUS EFIAPI RegisterHashInterfaceLib(IN HASH_INTERFACE *HashInterface)
Definition: HashLibBaseCryptoRouterDxe.c:299
HashUpdate
EFI_STATUS EFIAPI HashUpdate(IN HASH_HANDLE HashHandle, IN VOID *DataToHash, IN UINTN DataToHashLen)
Definition: HashLibBaseCryptoRouterDxe.c:104
HashAndExtend
EFI_STATUS EFIAPI HashAndExtend(IN TPMI_DH_PCR PcrIndex, IN VOID *DataToHash, IN UINTN DataToHashLen, OUT TPML_DIGEST_VALUES *DigestList)
Definition: HashLibBaseCryptoRouterDxe.c:265
CheckSupportedHashMaskMismatch
VOID CheckSupportedHashMaskMismatch(VOID)
Definition: HashLibBaseCryptoRouterDxe.c:39
Tpm2ExtendNvIndex
EFI_STATUS EFIAPI Tpm2ExtendNvIndex(TPMI_RH_NV_INDEX NvIndex, UINT16 DataSize, BYTE *Data)
Definition: HashLibBaseCryptoRouterDxe.c:145
HashCompleteAndExtend
EFI_STATUS EFIAPI HashCompleteAndExtend(IN HASH_HANDLE HashHandle, IN TPMI_DH_PCR PcrIndex, IN VOID *DataToHash, IN UINTN DataToHashLen, OUT TPML_DIGEST_VALUES *DigestList)
Definition: HashLibBaseCryptoRouterDxe.c:188
NULL
#define NULL
Definition: Base.h:319
IN
#define IN
Definition: Base.h:279
OUT
#define OUT
Definition: Base.h:284
ASSERT_EFI_ERROR
#define ASSERT_EFI_ERROR(StatusParameter)
Definition: DebugLib.h:462
DEBUG
#define DEBUG(Expression)
Definition: DebugLib.h:434
PcdGet32
#define PcdGet32(TokenName)
Definition: PcdLib.h:362
PcdSet32S
#define PcdSet32S(TokenName, Value)
Definition: PcdLib.h:497
AllocatePool
VOID *EFIAPI AllocatePool(IN UINTN AllocationSize)
Definition: MemoryAllocationLib.c:195
CopyDigestListToBuffer
VOID * CopyDigestListToBuffer(IN OUT VOID *Buffer, IN TPML_DIGEST_VALUES *DigestList, IN UINT32 HashAlgorithmMask)
Definition: TdTcg2Dxe.c:201
Tpm2GetCapabilitySupportedAndActivePcrs
EFI_STATUS EFIAPI Tpm2GetCapabilitySupportedAndActivePcrs(OUT UINT32 *TpmHashAlgorithmBitmap, OUT UINT32 *ActivePcrBanks)
Definition: Tpm2Capability.c:527
Tpm2NvExtend
EFI_STATUS EFIAPI Tpm2NvExtend(IN TPMI_RH_NV_AUTH AuthHandle, IN TPMI_RH_NV_INDEX NvIndex, IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, IN TPM2B_MAX_BUFFER *InData)
Definition: Tpm2NVStorage.c:1086
Tpm2PcrExtend
EFI_STATUS EFIAPI Tpm2PcrExtend(IN TPMI_DH_PCR PcrHandle, IN TPML_DIGEST_VALUES *Digests)
Definition: Tpm2Integrity.c:92
EFI_STATUS
RETURN_STATUS EFI_STATUS
Definition: UefiBaseType.h:29
EFI_HANDLE
VOID * EFI_HANDLE
Definition: UefiBaseType.h:33
EFI_SUCCESS
#define EFI_SUCCESS
Definition: UefiBaseType.h:112
EFI_SYSTEM_TABLE
Definition: UefiSpec.h:2028
HASH_INTERFACE
Definition: HashLib.h:145
TPM2B_MAX_BUFFER
Definition: Tpm20.h:947
TPML_DIGEST_VALUES
Definition: Tpm20.h:1073