TianoCore EDK2 master
Loading...
Searching...
No Matches
Tpm2EnhancedAuthorization.c
Go to the documentation of this file.
1
9#include <IndustryStandard/UefiTcgPlatform.h>
10#include <Library/Tpm2CommandLib.h>
11#include <Library/Tpm2DeviceLib.h>
12#include <Library/BaseMemoryLib.h>
13#include <Library/BaseLib.h>
14#include <Library/DebugLib.h>
15
16#pragma pack(1)
17
18typedef struct {
19 TPM2_COMMAND_HEADER Header;
20 TPMI_DH_ENTITY AuthHandle;
21 TPMI_SH_POLICY PolicySession;
22 UINT32 AuthSessionSize;
23 TPMS_AUTH_COMMAND AuthSession;
24 TPM2B_NONCE NonceTPM;
25 TPM2B_DIGEST CpHashA;
26 TPM2B_NONCE PolicyRef;
27 INT32 Expiration;
28} TPM2_POLICY_SECRET_COMMAND;
29
30typedef struct {
31 TPM2_RESPONSE_HEADER Header;
32 UINT32 AuthSessionSize;
33 TPM2B_TIMEOUT Timeout;
34 TPMT_TK_AUTH PolicyTicket;
35 TPMS_AUTH_RESPONSE AuthSession;
36} TPM2_POLICY_SECRET_RESPONSE;
37
38typedef struct {
39 TPM2_COMMAND_HEADER Header;
40 TPMI_SH_POLICY PolicySession;
41 TPML_DIGEST HashList;
42} TPM2_POLICY_OR_COMMAND;
43
44typedef struct {
45 TPM2_RESPONSE_HEADER Header;
46} TPM2_POLICY_OR_RESPONSE;
47
48typedef struct {
49 TPM2_COMMAND_HEADER Header;
50 TPMI_SH_POLICY PolicySession;
51 TPM_CC Code;
52} TPM2_POLICY_COMMAND_CODE_COMMAND;
53
54typedef struct {
55 TPM2_RESPONSE_HEADER Header;
56} TPM2_POLICY_COMMAND_CODE_RESPONSE;
57
58typedef struct {
59 TPM2_COMMAND_HEADER Header;
60 TPMI_SH_POLICY PolicySession;
61} TPM2_POLICY_GET_DIGEST_COMMAND;
62
63typedef struct {
64 TPM2_RESPONSE_HEADER Header;
65 TPM2B_DIGEST PolicyHash;
66} TPM2_POLICY_GET_DIGEST_RESPONSE;
67
68#pragma pack()
69
88EFI_STATUS
89EFIAPI
90Tpm2PolicySecret (
91 IN TPMI_DH_ENTITY AuthHandle,
92 IN TPMI_SH_POLICY PolicySession,
93 IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
94 IN TPM2B_NONCE *NonceTPM,
95 IN TPM2B_DIGEST *CpHashA,
96 IN TPM2B_NONCE *PolicyRef,
97 IN INT32 Expiration,
98 OUT TPM2B_TIMEOUT *Timeout,
99 OUT TPMT_TK_AUTH *PolicyTicket
100 )
101{
102 EFI_STATUS Status;
103 TPM2_POLICY_SECRET_COMMAND SendBuffer;
104 TPM2_POLICY_SECRET_RESPONSE RecvBuffer;
105 UINT32 SendBufferSize;
106 UINT32 RecvBufferSize;
107 UINT8 *Buffer;
108 UINT32 SessionInfoSize;
109
110 //
111 // Construct command
112 //
113 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
114 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicySecret);
115 SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
116 SendBuffer.PolicySession = SwapBytes32 (PolicySession);
117
118 //
119 // Add in Auth session
120 //
121 Buffer = (UINT8 *)&SendBuffer.AuthSession;
122
123 // sessionInfoSize
124 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
125 Buffer += SessionInfoSize;
126 SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
127
128 //
129 // Real data
130 //
131 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceTPM->size));
132 Buffer += sizeof (UINT16);
133 CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size);
134 Buffer += NonceTPM->size;
135
136 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (CpHashA->size));
137 Buffer += sizeof (UINT16);
138 CopyMem (Buffer, CpHashA->buffer, CpHashA->size);
139 Buffer += CpHashA->size;
140
141 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (PolicyRef->size));
142 Buffer += sizeof (UINT16);
143 CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);
144 Buffer += PolicyRef->size;
145
146 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 ((UINT32)Expiration));
147 Buffer += sizeof (UINT32);
148
149 SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
150 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
151
152 //
153 // send Tpm command
154 //
155 RecvBufferSize = sizeof (RecvBuffer);
156 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
157 if (EFI_ERROR (Status)) {
158 goto Done;
159 }
160
161 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
162 DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - RecvBufferSize Error - %x\n", RecvBufferSize));
163 Status = EFI_DEVICE_ERROR;
164 goto Done;
165 }
166
167 if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
168 DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
169 Status = EFI_DEVICE_ERROR;
170 goto Done;
171 }
172
173 //
174 // Return the response
175 //
176 Buffer = (UINT8 *)&RecvBuffer.Timeout;
177 Timeout->size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
178 if (Timeout->size > sizeof (UINT64)) {
179 DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - Timeout->size error %x\n", Timeout->size));
180 Status = EFI_DEVICE_ERROR;
181 goto Done;
182 }
183
184 Buffer += sizeof (UINT16);
185 CopyMem (Timeout->buffer, Buffer, Timeout->size);
186
187 PolicyTicket->tag = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
188 Buffer += sizeof (UINT16);
189 PolicyTicket->hierarchy = SwapBytes32 (ReadUnaligned32 ((UINT32 *)Buffer));
190 Buffer += sizeof (UINT32);
191 PolicyTicket->digest.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
192 Buffer += sizeof (UINT16);
193 if (PolicyTicket->digest.size > sizeof (TPMU_HA)) {
194 DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - digest.size error %x\n", PolicyTicket->digest.size));
195 Status = EFI_DEVICE_ERROR;
196 goto Done;
197 }
198
199 CopyMem (PolicyTicket->digest.buffer, Buffer, PolicyTicket->digest.size);
200
201Done:
202 //
203 // Clear AuthSession Content
204 //
205 ZeroMem (&SendBuffer, sizeof (SendBuffer));
206 ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
207 return Status;
208}
209
222EFI_STATUS
223EFIAPI
224Tpm2PolicyOR (
225 IN TPMI_SH_POLICY PolicySession,
226 IN TPML_DIGEST *HashList
227 )
228{
229 EFI_STATUS Status;
230 TPM2_POLICY_OR_COMMAND SendBuffer;
231 TPM2_POLICY_OR_RESPONSE RecvBuffer;
232 UINT32 SendBufferSize;
233 UINT32 RecvBufferSize;
234 UINT8 *Buffer;
235 UINTN Index;
236
237 //
238 // Construct command
239 //
240 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
241 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyOR);
242
243 SendBuffer.PolicySession = SwapBytes32 (PolicySession);
244 Buffer = (UINT8 *)&SendBuffer.HashList;
245 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count));
246 Buffer += sizeof (UINT32);
247 for (Index = 0; Index < HashList->count; Index++) {
248 WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size));
249 Buffer += sizeof (UINT16);
250 CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size);
251 Buffer += HashList->digests[Index].size;
252 }
253
254 SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
255 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
256
257 //
258 // send Tpm command
259 //
260 RecvBufferSize = sizeof (RecvBuffer);
261 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
262 if (EFI_ERROR (Status)) {
263 return Status;
264 }
265
266 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
267 DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize));
268 return EFI_DEVICE_ERROR;
269 }
270
271 if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
272 DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
273 return EFI_DEVICE_ERROR;
274 }
275
276 return EFI_SUCCESS;
277}
278
288EFI_STATUS
289EFIAPI
290Tpm2PolicyCommandCode (
291 IN TPMI_SH_POLICY PolicySession,
292 IN TPM_CC Code
293 )
294{
295 EFI_STATUS Status;
296 TPM2_POLICY_COMMAND_CODE_COMMAND SendBuffer;
297 TPM2_POLICY_COMMAND_CODE_RESPONSE RecvBuffer;
298 UINT32 SendBufferSize;
299 UINT32 RecvBufferSize;
300
301 //
302 // Construct command
303 //
304 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
305 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyCommandCode);
306
307 SendBuffer.PolicySession = SwapBytes32 (PolicySession);
308 SendBuffer.Code = SwapBytes32 (Code);
309
310 SendBufferSize = (UINT32)sizeof (SendBuffer);
311 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
312
313 //
314 // send Tpm command
315 //
316 RecvBufferSize = sizeof (RecvBuffer);
317 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
318 if (EFI_ERROR (Status)) {
319 return Status;
320 }
321
322 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
323 DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize));
324 return EFI_DEVICE_ERROR;
325 }
326
327 if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
328 DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
329 return EFI_DEVICE_ERROR;
330 }
331
332 return EFI_SUCCESS;
333}
334
345EFI_STATUS
346EFIAPI
347Tpm2PolicyGetDigest (
348 IN TPMI_SH_POLICY PolicySession,
349 OUT TPM2B_DIGEST *PolicyHash
350 )
351{
352 EFI_STATUS Status;
353 TPM2_POLICY_GET_DIGEST_COMMAND SendBuffer;
354 TPM2_POLICY_GET_DIGEST_RESPONSE RecvBuffer;
355 UINT32 SendBufferSize;
356 UINT32 RecvBufferSize;
357
358 //
359 // Construct command
360 //
361 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
362 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyGetDigest);
363
364 SendBuffer.PolicySession = SwapBytes32 (PolicySession);
365
366 SendBufferSize = (UINT32)sizeof (SendBuffer);
367 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
368
369 //
370 // send Tpm command
371 //
372 RecvBufferSize = sizeof (RecvBuffer);
373 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
374 if (EFI_ERROR (Status)) {
375 return Status;
376 }
377
378 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
379 DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize));
380 return EFI_DEVICE_ERROR;
381 }
382
383 if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
384 DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
385 return EFI_DEVICE_ERROR;
386 }
387
388 //
389 // Return the response
390 //
391 PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);
392 if (PolicyHash->size > sizeof (TPMU_HA)) {
393 DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - PolicyHash->size error %x\n", PolicyHash->size));
394 return EFI_DEVICE_ERROR;
395 }
396
397 CopyMem (PolicyHash->buffer, &RecvBuffer.PolicyHash.buffer, PolicyHash->size);
398
399 return EFI_SUCCESS;
400}
UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112
SwapBytes16
UINT16 EFIAPI SwapBytes16(IN UINT16 Value)
Definition: SwapBytes16.c:25
ReadUnaligned16
UINT16 EFIAPI ReadUnaligned16(IN CONST UINT16 *Buffer)
Definition: Unaligned.c:29
SwapBytes32
UINT32 EFIAPI SwapBytes32(IN UINT32 Value)
Definition: SwapBytes32.c:25
WriteUnaligned32
UINT32 EFIAPI WriteUnaligned32(OUT UINT32 *Buffer, IN UINT32 Value)
Definition: Unaligned.c:177
WriteUnaligned16
UINT16 EFIAPI WriteUnaligned16(OUT UINT16 *Buffer, IN UINT16 Value)
Definition: Unaligned.c:61
ReadUnaligned32
UINT32 EFIAPI ReadUnaligned32(IN CONST UINT32 *Buffer)
Definition: Unaligned.c:145
CopyMem
VOID *EFIAPI CopyMem(OUT VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
Definition: CopyMemWrapper.c:41
ZeroMem
VOID *EFIAPI ZeroMem(OUT VOID *Buffer, IN UINTN Length)
Definition: ZeroMemWrapper.c:38
IN
#define IN
Definition: Base.h:279
OUT
#define OUT
Definition: Base.h:284
DEBUG
#define DEBUG(Expression)
Definition: DebugLib.h:434
CopyAuthSessionCommand
UINT32 EFIAPI CopyAuthSessionCommand(IN TPMS_AUTH_COMMAND *AuthSessionIn OPTIONAL, OUT UINT8 *AuthSessionOut)
Definition: Tpm2Help.c:88
Tpm2SubmitCommand
EFI_STATUS EFIAPI Tpm2SubmitCommand(IN UINT32 InputParameterBlockSize, IN UINT8 *InputParameterBlock, IN OUT UINT32 *OutputParameterBlockSize, IN UINT8 *OutputParameterBlock)
Definition: Tpm2DeviceLibDTpm.c:66
Tpm2PolicyOR
EFI_STATUS EFIAPI Tpm2PolicyOR(IN TPMI_SH_POLICY PolicySession, IN TPML_DIGEST *HashList)
Definition: Tpm2EnhancedAuthorization.c:224
Tpm2PolicyCommandCode
EFI_STATUS EFIAPI Tpm2PolicyCommandCode(IN TPMI_SH_POLICY PolicySession, IN TPM_CC Code)
Definition: Tpm2EnhancedAuthorization.c:290
Tpm2PolicySecret
EFI_STATUS EFIAPI Tpm2PolicySecret(IN TPMI_DH_ENTITY AuthHandle, IN TPMI_SH_POLICY PolicySession, IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL, IN TPM2B_NONCE *NonceTPM, IN TPM2B_DIGEST *CpHashA, IN TPM2B_NONCE *PolicyRef, IN INT32 Expiration, OUT TPM2B_TIMEOUT *Timeout, OUT TPMT_TK_AUTH *PolicyTicket)
Definition: Tpm2EnhancedAuthorization.c:90
Tpm2PolicyGetDigest
EFI_STATUS EFIAPI Tpm2PolicyGetDigest(IN TPMI_SH_POLICY PolicySession, OUT TPM2B_DIGEST *PolicyHash)
Definition: Tpm2EnhancedAuthorization.c:347
EFI_STATUS
RETURN_STATUS EFI_STATUS
Definition: UefiBaseType.h:29
EFI_SUCCESS
#define EFI_SUCCESS
Definition: UefiBaseType.h:112
TPM2_COMMAND_HEADER
Definition: Tpm20.h:1790
TPM2_POLICY_COMMAND_CODE_COMMAND
Definition: Tpm2EnhancedAuthorization.c:48
TPM2_POLICY_COMMAND_CODE_RESPONSE
Definition: Tpm2EnhancedAuthorization.c:54
TPM2_POLICY_GET_DIGEST_COMMAND
Definition: Tpm2EnhancedAuthorization.c:58
TPM2_POLICY_GET_DIGEST_RESPONSE
Definition: Tpm2EnhancedAuthorization.c:63
TPM2_POLICY_OR_COMMAND
Definition: Tpm2EnhancedAuthorization.c:38
TPM2_POLICY_OR_RESPONSE
Definition: Tpm2EnhancedAuthorization.c:44
TPM2_POLICY_SECRET_COMMAND
Definition: Tpm2EnhancedAuthorization.c:18
TPM2_POLICY_SECRET_RESPONSE
Definition: Tpm2EnhancedAuthorization.c:30
TPM2_RESPONSE_HEADER
Definition: Tpm20.h:1796
TPM2B_DIGEST
Definition: Tpm20.h:920
TPM2B_TIMEOUT
Definition: Tpm20.h:959
TPML_DIGEST
Definition: Tpm20.h:1067
TPMS_AUTH_COMMAND
Definition: Tpm20.h:1224
TPMS_AUTH_RESPONSE
Definition: Tpm20.h:1232
TPMT_TK_AUTH
Definition: Tpm20.h:1010
TPMU_HA
Definition: Tpm20.h:905