1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
|
/** @file
Implement TPM2 EnhancedAuthorization related command.
Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <IndustryStandard/UefiTcgPlatform.h>
#include <Library/Tpm2CommandLib.h>
#include <Library/Tpm2DeviceLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#pragma pack(1)
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_DH_ENTITY AuthHandle;
TPMI_SH_POLICY PolicySession;
UINT32 AuthSessionSize;
TPMS_AUTH_COMMAND AuthSession;
TPM2B_NONCE NonceTPM;
TPM2B_DIGEST CpHashA;
TPM2B_NONCE PolicyRef;
INT32 Expiration;
} TPM2_POLICY_SECRET_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
UINT32 AuthSessionSize;
TPM2B_TIMEOUT Timeout;
TPMT_TK_AUTH PolicyTicket;
TPMS_AUTH_RESPONSE AuthSession;
} TPM2_POLICY_SECRET_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_SH_POLICY PolicySession;
TPML_DIGEST HashList;
} TPM2_POLICY_OR_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
} TPM2_POLICY_OR_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_SH_POLICY PolicySession;
TPM_CC Code;
} TPM2_POLICY_COMMAND_CODE_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
} TPM2_POLICY_COMMAND_CODE_RESPONSE;
typedef struct {
TPM2_COMMAND_HEADER Header;
TPMI_SH_POLICY PolicySession;
} TPM2_POLICY_GET_DIGEST_COMMAND;
typedef struct {
TPM2_RESPONSE_HEADER Header;
TPM2B_DIGEST PolicyHash;
} TPM2_POLICY_GET_DIGEST_RESPONSE;
#pragma pack()
/**
This command includes a secret-based authorization to a policy.
The caller proves knowledge of the secret value using an authorization
session using the authValue associated with authHandle.
@param[in] AuthHandle Handle for an entity providing the authorization
@param[in] PolicySession Handle for the policy session being extended.
@param[in] AuthSession Auth Session context
@param[in] NonceTPM The policy nonce for the session.
@param[in] CpHashA Digest of the command parameters to which this authorization is limited.
@param[in] PolicyRef A reference to a policy relating to the authorization.
@param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.
@param[out] Timeout Time value used to indicate to the TPM when the ticket expires.
@param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
EFI_STATUS
EFIAPI
Tpm2PolicySecret (
IN TPMI_DH_ENTITY AuthHandle,
IN TPMI_SH_POLICY PolicySession,
IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL,
IN TPM2B_NONCE *NonceTPM,
IN TPM2B_DIGEST *CpHashA,
IN TPM2B_NONCE *PolicyRef,
IN INT32 Expiration,
OUT TPM2B_TIMEOUT *Timeout,
OUT TPMT_TK_AUTH *PolicyTicket
)
{
EFI_STATUS Status;
TPM2_POLICY_SECRET_COMMAND SendBuffer;
TPM2_POLICY_SECRET_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINT32 SessionInfoSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicySecret);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
//
// Add in Auth session
//
Buffer = (UINT8 *)&SendBuffer.AuthSession;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
Buffer += SessionInfoSize;
SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
//
// Real data
//
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceTPM->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size);
Buffer += NonceTPM->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (CpHashA->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, CpHashA->buffer, CpHashA->size);
Buffer += CpHashA->size;
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (PolicyRef->size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);
Buffer += PolicyRef->size;
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 ((UINT32)Expiration));
Buffer += sizeof (UINT32);
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
goto Done;
}
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - RecvBufferSize Error - %x\n", RecvBufferSize));
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
//
// Return the response
//
Buffer = (UINT8 *)&RecvBuffer.Timeout;
Timeout->size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
if (Timeout->size > sizeof (UINT64)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - Timeout->size error %x\n", Timeout->size));
Status = EFI_DEVICE_ERROR;
goto Done;
}
Buffer += sizeof (UINT16);
CopyMem (Timeout->buffer, Buffer, Timeout->size);
PolicyTicket->tag = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
PolicyTicket->hierarchy = SwapBytes32 (ReadUnaligned32 ((UINT32 *)Buffer));
Buffer += sizeof (UINT32);
PolicyTicket->digest.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
if (PolicyTicket->digest.size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - digest.size error %x\n", PolicyTicket->digest.size));
Status = EFI_DEVICE_ERROR;
goto Done;
}
CopyMem (PolicyTicket->digest.buffer, Buffer, PolicyTicket->digest.size);
Done:
//
// Clear AuthSession Content
//
ZeroMem (&SendBuffer, sizeof (SendBuffer));
ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
return Status;
}
/**
This command allows options in authorizations without requiring that the TPM evaluate all of the options.
If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that
satisfies the policy. This command will indicate that one of the required sets of conditions has been
satisfied.
@param[in] PolicySession Handle for the policy session being extended.
@param[in] HashList the list of hashes to check for a match.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
EFI_STATUS
EFIAPI
Tpm2PolicyOR (
IN TPMI_SH_POLICY PolicySession,
IN TPML_DIGEST *HashList
)
{
EFI_STATUS Status;
TPM2_POLICY_OR_COMMAND SendBuffer;
TPM2_POLICY_OR_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
UINT8 *Buffer;
UINTN Index;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyOR);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
Buffer = (UINT8 *)&SendBuffer.HashList;
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count));
Buffer += sizeof (UINT32);
for (Index = 0; Index < HashList->count; Index++) {
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size));
Buffer += sizeof (UINT16);
CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size);
Buffer += HashList->digests[Index].size;
}
SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
return EFI_SUCCESS;
}
/**
This command indicates that the authorization will be limited to a specific command code.
@param[in] PolicySession Handle for the policy session being extended.
@param[in] Code The allowed commandCode.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
EFI_STATUS
EFIAPI
Tpm2PolicyCommandCode (
IN TPMI_SH_POLICY PolicySession,
IN TPM_CC Code
)
{
EFI_STATUS Status;
TPM2_POLICY_COMMAND_CODE_COMMAND SendBuffer;
TPM2_POLICY_COMMAND_CODE_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyCommandCode);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
SendBuffer.Code = SwapBytes32 (Code);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
return EFI_SUCCESS;
}
/**
This command returns the current policyDigest of the session. This command allows the TPM
to be used to perform the actions required to precompute the authPolicy for an object.
@param[in] PolicySession Handle for the policy session.
@param[out] PolicyHash the current value of the policyHash of policySession.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
EFI_STATUS
EFIAPI
Tpm2PolicyGetDigest (
IN TPMI_SH_POLICY PolicySession,
OUT TPM2B_DIGEST *PolicyHash
)
{
EFI_STATUS Status;
TPM2_POLICY_GET_DIGEST_COMMAND SendBuffer;
TPM2_POLICY_GET_DIGEST_RESPONSE RecvBuffer;
UINT32 SendBufferSize;
UINT32 RecvBufferSize;
//
// Construct command
//
SendBuffer.Header.tag = SwapBytes16 (TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_PolicyGetDigest);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
SendBufferSize = (UINT32)sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
RecvBufferSize = sizeof (RecvBuffer);
Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
if (EFI_ERROR (Status)) {
return Status;
}
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
//
// Return the response
//
PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);
if (PolicyHash->size > sizeof (TPMU_HA)) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - PolicyHash->size error %x\n", PolicyHash->size));
return EFI_DEVICE_ERROR;
}
CopyMem (PolicyHash->buffer, &RecvBuffer.PolicyHash.buffer, PolicyHash->size);
return EFI_SUCCESS;
}
|
