Usual buffer sizes for TPMv1 and TPMv2 are different. Change TPMv1
buffer size definition for that and declare another size for TPMv2
buffers.

Signed-off-by: Miquel Raynal <miquel.ray...@bootlin.com>
---
 cmd/tpm.c     |  5 +++--
 include/tpm.h |  2 ++
 lib/tpm.c     | 60 +++++++++++++++++++++++++++++------------------------------
 3 files changed, 34 insertions(+), 33 deletions(-)

diff --git a/cmd/tpm.c b/cmd/tpm.c
index 1d32028b64..3e2bb3b118 100644
--- a/cmd/tpm.c
+++ b/cmd/tpm.c
@@ -323,8 +323,9 @@ static int do_tpm_nv_write_value(cmd_tbl_t *cmdtp, int flag,
 static int do_tpm_extend(cmd_tbl_t *cmdtp, int flag,
                int argc, char * const argv[])
 {
+       uint8_t in_digest[TPM1_DIGEST_LENGTH];
+       uint8_t out_digest[TPM1_DIGEST_LENGTH];
        uint32_t index, rc;
-       uint8_t in_digest[20], out_digest[20];
 
        if (argc != 3)
                return CMD_RET_USAGE;
@@ -337,7 +338,7 @@ static int do_tpm_extend(cmd_tbl_t *cmdtp, int flag,
        rc = tpm_extend(index, in_digest, out_digest);
        if (!rc) {
                puts("PCR value after execution of the command:\n");
-               print_byte_string(out_digest, sizeof(out_digest));
+               print_byte_string(out_digest, TPM1_DIGEST_LENGTH);
        }
 
        return report_return_code(rc);
diff --git a/include/tpm.h b/include/tpm.h
index 0ec3428ea4..1a60ef5b36 100644
--- a/include/tpm.h
+++ b/include/tpm.h
@@ -14,6 +14,8 @@
  */
 
 #define TPM_HEADER_SIZE                10
+#define TPM1_DIGEST_LENGTH     20
+#define TPM2_DIGEST_LENGTH     32
 
 enum tpm_duration {
        TPM_SHORT = 0,
diff --git a/lib/tpm.c b/lib/tpm.c
index aa46ec1693..c0fbba86ff 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -29,8 +29,6 @@ enum {
        COMMAND_BUFFER_SIZE             = 256,
        TPM_REQUEST_HEADER_LENGTH       = 10,
        TPM_RESPONSE_HEADER_LENGTH      = 10,
-       PCR_DIGEST_LENGTH               = 20,
-       DIGEST_LENGTH                   = 20,
        TPM_REQUEST_AUTH_LENGTH         = 45,
        TPM_RESPONSE_AUTH_LENGTH        = 41,
        /* some max lengths, valid for RSA keys <= 2048 bits */
@@ -47,8 +45,8 @@ enum {
 struct session_data {
        int             valid;
        uint32_t        handle;
-       uint8_t         nonce_even[DIGEST_LENGTH];
-       uint8_t         nonce_odd[DIGEST_LENGTH];
+       uint8_t         nonce_even[TPM1_DIGEST_LENGTH];
+       uint8_t         nonce_odd[TPM1_DIGEST_LENGTH];
 };
 
 static struct session_data oiap_session = {0, };
@@ -469,7 +467,7 @@ uint32_t tpm_extend(uint32_t index, const void *in_digest, 
void *out_digest)
        const size_t in_digest_offset = 14;
        const size_t out_digest_offset = 10;
        uint8_t buf[COMMAND_BUFFER_SIZE];
-       uint8_t response[TPM_RESPONSE_HEADER_LENGTH + PCR_DIGEST_LENGTH];
+       uint8_t response[TPM_RESPONSE_HEADER_LENGTH + TPM1_DIGEST_LENGTH];
        size_t response_length = sizeof(response);
        uint32_t err;
 
@@ -477,18 +475,18 @@ uint32_t tpm_extend(uint32_t index, const void 
*in_digest, void *out_digest)
                return -EOPNOTSUPP;
 
        if (pack_byte_string(buf, sizeof(buf), "sds",
-                               0, command, sizeof(command),
-                               index_offset, index,
-                               in_digest_offset, in_digest,
-                               PCR_DIGEST_LENGTH))
+                            0, command, sizeof(command),
+                            index_offset, index,
+                            in_digest_offset, in_digest,
+                            TPM1_DIGEST_LENGTH))
                return TPM_LIB_ERROR;
        err = tpm_sendrecv_command(buf, response, &response_length);
        if (err)
                return err;
 
        if (unpack_byte_string(response, response_length, "s",
-                               out_digest_offset, out_digest,
-                               PCR_DIGEST_LENGTH))
+                              out_digest_offset, out_digest,
+                              TPM1_DIGEST_LENGTH))
                return TPM_LIB_ERROR;
 
        return 0;
@@ -516,7 +514,7 @@ uint32_t tpm_pcr_read(uint32_t index, void *data, size_t 
count)
        if (err)
                return err;
        if (unpack_byte_string(response, response_length, "s",
-                               out_digest_offset, data, PCR_DIGEST_LENGTH))
+                               out_digest_offset, data, TPM1_DIGEST_LENGTH))
                return TPM_LIB_ERROR;
 
        return 0;
@@ -784,7 +782,7 @@ static uint32_t create_request_auth(const void *request, 
size_t request_len0,
        struct session_data *auth_session,
        void *request_auth, const void *auth)
 {
-       uint8_t hmac_data[DIGEST_LENGTH * 3 + 1];
+       uint8_t hmac_data[TPM1_DIGEST_LENGTH * 3 + 1];
        sha1_context hash_ctx;
        const size_t command_code_offset = 6;
        const size_t auth_nonce_odd_offset = 4;
@@ -804,25 +802,25 @@ static uint32_t create_request_auth(const void *request, 
size_t request_len0,
        sha1_finish(&hash_ctx, hmac_data);
 
        sha1_starts(&hash_ctx);
-       sha1_update(&hash_ctx, auth_session->nonce_odd, DIGEST_LENGTH);
+       sha1_update(&hash_ctx, auth_session->nonce_odd, TPM1_DIGEST_LENGTH);
        sha1_update(&hash_ctx, hmac_data, sizeof(hmac_data));
        sha1_finish(&hash_ctx, auth_session->nonce_odd);
 
        if (pack_byte_string(request_auth, TPM_REQUEST_AUTH_LENGTH, "dsb",
                             0, auth_session->handle,
                             auth_nonce_odd_offset, auth_session->nonce_odd,
-                            DIGEST_LENGTH,
+                            TPM1_DIGEST_LENGTH,
                             auth_continue_offset, 1))
                return TPM_LIB_ERROR;
        if (pack_byte_string(hmac_data, sizeof(hmac_data), "ss",
-                            DIGEST_LENGTH,
+                            TPM1_DIGEST_LENGTH,
                             auth_session->nonce_even,
-                            DIGEST_LENGTH,
-                            2 * DIGEST_LENGTH,
+                            TPM1_DIGEST_LENGTH,
+                            2 * TPM1_DIGEST_LENGTH,
                             request_auth + auth_nonce_odd_offset,
-                            DIGEST_LENGTH + 1))
+                            TPM1_DIGEST_LENGTH + 1))
                return TPM_LIB_ERROR;
-       sha1_hmac(auth, DIGEST_LENGTH, hmac_data, sizeof(hmac_data),
+       sha1_hmac(auth, TPM1_DIGEST_LENGTH, hmac_data, sizeof(hmac_data),
                  request_auth + auth_auth_offset);
 
        return TPM_SUCCESS;
@@ -848,8 +846,8 @@ static uint32_t verify_response_auth(uint32_t command_code,
        struct session_data *auth_session,
        const void *response_auth, const void *auth)
 {
-       uint8_t hmac_data[DIGEST_LENGTH * 3 + 1];
-       uint8_t computed_auth[DIGEST_LENGTH];
+       uint8_t hmac_data[TPM1_DIGEST_LENGTH * 3 + 1];
+       uint8_t computed_auth[TPM1_DIGEST_LENGTH];
        sha1_context hash_ctx;
        const size_t return_code_offset = 6;
        const size_t auth_continue_offset = 20;
@@ -874,24 +872,24 @@ static uint32_t verify_response_auth(uint32_t 
command_code,
                            - handles_len);
        sha1_finish(&hash_ctx, hmac_data);
 
-       memcpy(auth_session->nonce_even, response_auth, DIGEST_LENGTH);
+       memcpy(auth_session->nonce_even, response_auth, TPM1_DIGEST_LENGTH);
        auth_continue = ((uint8_t *)response_auth)[auth_continue_offset];
        if (pack_byte_string(hmac_data, sizeof(hmac_data), "ssb",
-                            DIGEST_LENGTH,
+                            TPM1_DIGEST_LENGTH,
                             response_auth,
-                            DIGEST_LENGTH,
-                            2 * DIGEST_LENGTH,
+                            TPM1_DIGEST_LENGTH,
+                            2 * TPM1_DIGEST_LENGTH,
                             auth_session->nonce_odd,
-                            DIGEST_LENGTH,
-                            3 * DIGEST_LENGTH,
+                            TPM1_DIGEST_LENGTH,
+                            3 * TPM1_DIGEST_LENGTH,
                             auth_continue))
                return TPM_LIB_ERROR;
 
-       sha1_hmac(auth, DIGEST_LENGTH, hmac_data, sizeof(hmac_data),
+       sha1_hmac(auth, TPM1_DIGEST_LENGTH, hmac_data, sizeof(hmac_data),
                  computed_auth);
 
        if (memcmp(computed_auth, response_auth + auth_auth_offset,
-                  DIGEST_LENGTH))
+                  TPM1_DIGEST_LENGTH))
                return TPM_AUTHFAIL;
 
        return TPM_SUCCESS;
@@ -961,7 +959,7 @@ uint32_t tpm_oiap(uint32_t *auth_handle)
        if (unpack_byte_string(response, response_length, "ds",
                               res_auth_handle_offset, &oiap_session.handle,
                               res_nonce_even_offset, &oiap_session.nonce_even,
-                              (uint32_t)DIGEST_LENGTH))
+                              (uint32_t)TPM1_DIGEST_LENGTH))
                return TPM_LIB_ERROR;
        oiap_session.valid = 1;
        if (auth_handle)
-- 
2.14.1

_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

Reply via email to