xref: /openbmc/linux/drivers/char/tpm/tpm2-cmd.c (revision 3dc4b6fb)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2014, 2015 Intel Corporation
4  *
5  * Authors:
6  * Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
7  *
8  * Maintained by: <tpmdd-devel@lists.sourceforge.net>
9  *
10  * This file contains TPM2 protocol implementations of the commands
11  * used by the kernel internally.
12  */
13 
14 #include "tpm.h"
15 #include <crypto/hash_info.h>
16 #include <keys/trusted-type.h>
17 
18 enum tpm2_object_attributes {
19 	TPM2_OA_USER_WITH_AUTH		= BIT(6),
20 };
21 
22 enum tpm2_session_attributes {
23 	TPM2_SA_CONTINUE_SESSION	= BIT(0),
24 };
25 
26 struct tpm2_hash {
27 	unsigned int crypto_id;
28 	unsigned int tpm_id;
29 };
30 
31 static struct tpm2_hash tpm2_hash_map[] = {
32 	{HASH_ALGO_SHA1, TPM_ALG_SHA1},
33 	{HASH_ALGO_SHA256, TPM_ALG_SHA256},
34 	{HASH_ALGO_SHA384, TPM_ALG_SHA384},
35 	{HASH_ALGO_SHA512, TPM_ALG_SHA512},
36 	{HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
37 };
38 
39 int tpm2_get_timeouts(struct tpm_chip *chip)
40 {
41 	/* Fixed timeouts for TPM2 */
42 	chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A);
43 	chip->timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B);
44 	chip->timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C);
45 	chip->timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D);
46 
47 	/* PTP spec timeouts */
48 	chip->duration[TPM_SHORT] = msecs_to_jiffies(TPM2_DURATION_SHORT);
49 	chip->duration[TPM_MEDIUM] = msecs_to_jiffies(TPM2_DURATION_MEDIUM);
50 	chip->duration[TPM_LONG] = msecs_to_jiffies(TPM2_DURATION_LONG);
51 
52 	/* Key creation commands long timeouts */
53 	chip->duration[TPM_LONG_LONG] =
54 		msecs_to_jiffies(TPM2_DURATION_LONG_LONG);
55 
56 	chip->flags |= TPM_CHIP_FLAG_HAVE_TIMEOUTS;
57 
58 	return 0;
59 }
60 
61 /**
62  * tpm2_ordinal_duration_index() - returns an index to the chip duration table
63  * @ordinal: TPM command ordinal.
64  *
65  * The function returns an index to the chip duration table
66  * (enum tpm_duration), that describes the maximum amount of
67  * time the chip could take to return the result for a  particular ordinal.
68  *
69  * The values of the MEDIUM, and LONG durations are taken
70  * from the PC Client Profile (PTP) specification (750, 2000 msec)
71  *
72  * LONG_LONG is for commands that generates keys which empirically takes
73  * a longer time on some systems.
74  *
75  * Return:
76  * * TPM_MEDIUM
77  * * TPM_LONG
78  * * TPM_LONG_LONG
79  * * TPM_UNDEFINED
80  */
81 static u8 tpm2_ordinal_duration_index(u32 ordinal)
82 {
83 	switch (ordinal) {
84 	/* Startup */
85 	case TPM2_CC_STARTUP:                 /* 144 */
86 		return TPM_MEDIUM;
87 
88 	case TPM2_CC_SELF_TEST:               /* 143 */
89 		return TPM_LONG;
90 
91 	case TPM2_CC_GET_RANDOM:              /* 17B */
92 		return TPM_LONG;
93 
94 	case TPM2_CC_SEQUENCE_UPDATE:         /* 15C */
95 		return TPM_MEDIUM;
96 	case TPM2_CC_SEQUENCE_COMPLETE:       /* 13E */
97 		return TPM_MEDIUM;
98 	case TPM2_CC_EVENT_SEQUENCE_COMPLETE: /* 185 */
99 		return TPM_MEDIUM;
100 	case TPM2_CC_HASH_SEQUENCE_START:     /* 186 */
101 		return TPM_MEDIUM;
102 
103 	case TPM2_CC_VERIFY_SIGNATURE:        /* 177 */
104 		return TPM_LONG;
105 
106 	case TPM2_CC_PCR_EXTEND:              /* 182 */
107 		return TPM_MEDIUM;
108 
109 	case TPM2_CC_HIERARCHY_CONTROL:       /* 121 */
110 		return TPM_LONG;
111 	case TPM2_CC_HIERARCHY_CHANGE_AUTH:   /* 129 */
112 		return TPM_LONG;
113 
114 	case TPM2_CC_GET_CAPABILITY:          /* 17A */
115 		return TPM_MEDIUM;
116 
117 	case TPM2_CC_NV_READ:                 /* 14E */
118 		return TPM_LONG;
119 
120 	case TPM2_CC_CREATE_PRIMARY:          /* 131 */
121 		return TPM_LONG_LONG;
122 	case TPM2_CC_CREATE:                  /* 153 */
123 		return TPM_LONG_LONG;
124 	case TPM2_CC_CREATE_LOADED:           /* 191 */
125 		return TPM_LONG_LONG;
126 
127 	default:
128 		return TPM_UNDEFINED;
129 	}
130 }
131 
132 /**
133  * tpm2_calc_ordinal_duration() - calculate the maximum command duration
134  * @chip:    TPM chip to use.
135  * @ordinal: TPM command ordinal.
136  *
137  * The function returns the maximum amount of time the chip could take
138  * to return the result for a particular ordinal in jiffies.
139  *
140  * Return: A maximal duration time for an ordinal in jiffies.
141  */
142 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
143 {
144 	unsigned int index;
145 
146 	index = tpm2_ordinal_duration_index(ordinal);
147 
148 	if (index != TPM_UNDEFINED)
149 		return chip->duration[index];
150 	else
151 		return msecs_to_jiffies(TPM2_DURATION_DEFAULT);
152 }
153 
154 
155 struct tpm2_pcr_read_out {
156 	__be32	update_cnt;
157 	__be32	pcr_selects_cnt;
158 	__be16	hash_alg;
159 	u8	pcr_select_size;
160 	u8	pcr_select[TPM2_PCR_SELECT_MIN];
161 	__be32	digests_cnt;
162 	__be16	digest_size;
163 	u8	digest[];
164 } __packed;
165 
166 /**
167  * tpm2_pcr_read() - read a PCR value
168  * @chip:	TPM chip to use.
169  * @pcr_idx:	index of the PCR to read.
170  * @digest:	PCR bank and buffer current PCR value is written to.
171  * @digest_size_ptr:	pointer to variable that stores the digest size.
172  *
173  * Return: Same as with tpm_transmit_cmd.
174  */
175 int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
176 		  struct tpm_digest *digest, u16 *digest_size_ptr)
177 {
178 	int i;
179 	int rc;
180 	struct tpm_buf buf;
181 	struct tpm2_pcr_read_out *out;
182 	u8 pcr_select[TPM2_PCR_SELECT_MIN] = {0};
183 	u16 digest_size;
184 	u16 expected_digest_size = 0;
185 
186 	if (pcr_idx >= TPM2_PLATFORM_PCR)
187 		return -EINVAL;
188 
189 	if (!digest_size_ptr) {
190 		for (i = 0; i < chip->nr_allocated_banks &&
191 		     chip->allocated_banks[i].alg_id != digest->alg_id; i++)
192 			;
193 
194 		if (i == chip->nr_allocated_banks)
195 			return -EINVAL;
196 
197 		expected_digest_size = chip->allocated_banks[i].digest_size;
198 	}
199 
200 	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_PCR_READ);
201 	if (rc)
202 		return rc;
203 
204 	pcr_select[pcr_idx >> 3] = 1 << (pcr_idx & 0x7);
205 
206 	tpm_buf_append_u32(&buf, 1);
207 	tpm_buf_append_u16(&buf, digest->alg_id);
208 	tpm_buf_append_u8(&buf, TPM2_PCR_SELECT_MIN);
209 	tpm_buf_append(&buf, (const unsigned char *)pcr_select,
210 		       sizeof(pcr_select));
211 
212 	rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to read a pcr value");
213 	if (rc)
214 		goto out;
215 
216 	out = (struct tpm2_pcr_read_out *)&buf.data[TPM_HEADER_SIZE];
217 	digest_size = be16_to_cpu(out->digest_size);
218 	if (digest_size > sizeof(digest->digest) ||
219 	    (!digest_size_ptr && digest_size != expected_digest_size)) {
220 		rc = -EINVAL;
221 		goto out;
222 	}
223 
224 	if (digest_size_ptr)
225 		*digest_size_ptr = digest_size;
226 
227 	memcpy(digest->digest, out->digest, digest_size);
228 out:
229 	tpm_buf_destroy(&buf);
230 	return rc;
231 }
232 
233 struct tpm2_null_auth_area {
234 	__be32  handle;
235 	__be16  nonce_size;
236 	u8  attributes;
237 	__be16  auth_size;
238 } __packed;
239 
240 /**
241  * tpm2_pcr_extend() - extend a PCR value
242  *
243  * @chip:	TPM chip to use.
244  * @pcr_idx:	index of the PCR.
245  * @digests:	list of pcr banks and corresponding digest values to extend.
246  *
247  * Return: Same as with tpm_transmit_cmd.
248  */
249 int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
250 		    struct tpm_digest *digests)
251 {
252 	struct tpm_buf buf;
253 	struct tpm2_null_auth_area auth_area;
254 	int rc;
255 	int i;
256 
257 	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
258 	if (rc)
259 		return rc;
260 
261 	tpm_buf_append_u32(&buf, pcr_idx);
262 
263 	auth_area.handle = cpu_to_be32(TPM2_RS_PW);
264 	auth_area.nonce_size = 0;
265 	auth_area.attributes = 0;
266 	auth_area.auth_size = 0;
267 
268 	tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area));
269 	tpm_buf_append(&buf, (const unsigned char *)&auth_area,
270 		       sizeof(auth_area));
271 	tpm_buf_append_u32(&buf, chip->nr_allocated_banks);
272 
273 	for (i = 0; i < chip->nr_allocated_banks; i++) {
274 		tpm_buf_append_u16(&buf, digests[i].alg_id);
275 		tpm_buf_append(&buf, (const unsigned char *)&digests[i].digest,
276 			       chip->allocated_banks[i].digest_size);
277 	}
278 
279 	rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value");
280 
281 	tpm_buf_destroy(&buf);
282 
283 	return rc;
284 }
285 
286 struct tpm2_get_random_out {
287 	__be16 size;
288 	u8 buffer[TPM_MAX_RNG_DATA];
289 } __packed;
290 
291 /**
292  * tpm2_get_random() - get random bytes from the TPM RNG
293  *
294  * @chip:	a &tpm_chip instance
295  * @dest:	destination buffer
296  * @max:	the max number of random bytes to pull
297  *
298  * Return:
299  *   size of the buffer on success,
300  *   -errno otherwise (positive TPM return codes are masked to -EIO)
301  */
302 int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
303 {
304 	struct tpm2_get_random_out *out;
305 	struct tpm_buf buf;
306 	u32 recd;
307 	u32 num_bytes = max;
308 	int err;
309 	int total = 0;
310 	int retries = 5;
311 	u8 *dest_ptr = dest;
312 
313 	if (!num_bytes || max > TPM_MAX_RNG_DATA)
314 		return -EINVAL;
315 
316 	err = tpm_buf_init(&buf, 0, 0);
317 	if (err)
318 		return err;
319 
320 	do {
321 		tpm_buf_reset(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_RANDOM);
322 		tpm_buf_append_u16(&buf, num_bytes);
323 		err = tpm_transmit_cmd(chip, &buf,
324 				       offsetof(struct tpm2_get_random_out,
325 						buffer),
326 				       "attempting get random");
327 		if (err) {
328 			if (err > 0)
329 				err = -EIO;
330 			goto out;
331 		}
332 
333 		out = (struct tpm2_get_random_out *)
334 			&buf.data[TPM_HEADER_SIZE];
335 		recd = min_t(u32, be16_to_cpu(out->size), num_bytes);
336 		if (tpm_buf_length(&buf) <
337 		    TPM_HEADER_SIZE +
338 		    offsetof(struct tpm2_get_random_out, buffer) +
339 		    recd) {
340 			err = -EFAULT;
341 			goto out;
342 		}
343 		memcpy(dest_ptr, out->buffer, recd);
344 
345 		dest_ptr += recd;
346 		total += recd;
347 		num_bytes -= recd;
348 	} while (retries-- && total < max);
349 
350 	tpm_buf_destroy(&buf);
351 	return total ? total : -EIO;
352 out:
353 	tpm_buf_destroy(&buf);
354 	return err;
355 }
356 
357 /**
358  * tpm2_flush_context() - execute a TPM2_FlushContext command
359  * @chip:	TPM chip to use
360  * @handle:	context handle
361  */
362 void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
363 {
364 	struct tpm_buf buf;
365 	int rc;
366 
367 	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT);
368 	if (rc) {
369 		dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n",
370 			 handle);
371 		return;
372 	}
373 
374 	tpm_buf_append_u32(&buf, handle);
375 
376 	tpm_transmit_cmd(chip, &buf, 0, "flushing context");
377 	tpm_buf_destroy(&buf);
378 }
379 
380 /**
381  * tpm_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer.
382  *
383  * @buf: an allocated tpm_buf instance
384  * @session_handle: session handle
385  * @nonce: the session nonce, may be NULL if not used
386  * @nonce_len: the session nonce length, may be 0 if not used
387  * @attributes: the session attributes
388  * @hmac: the session HMAC or password, may be NULL if not used
389  * @hmac_len: the session HMAC or password length, maybe 0 if not used
390  */
391 static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle,
392 				 const u8 *nonce, u16 nonce_len,
393 				 u8 attributes,
394 				 const u8 *hmac, u16 hmac_len)
395 {
396 	tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len);
397 	tpm_buf_append_u32(buf, session_handle);
398 	tpm_buf_append_u16(buf, nonce_len);
399 
400 	if (nonce && nonce_len)
401 		tpm_buf_append(buf, nonce, nonce_len);
402 
403 	tpm_buf_append_u8(buf, attributes);
404 	tpm_buf_append_u16(buf, hmac_len);
405 
406 	if (hmac && hmac_len)
407 		tpm_buf_append(buf, hmac, hmac_len);
408 }
409 
410 /**
411  * tpm2_seal_trusted() - seal the payload of a trusted key
412  *
413  * @chip: TPM chip to use
414  * @payload: the key data in clear and encrypted form
415  * @options: authentication values and other options
416  *
417  * Return: < 0 on error and 0 on success.
418  */
419 int tpm2_seal_trusted(struct tpm_chip *chip,
420 		      struct trusted_key_payload *payload,
421 		      struct trusted_key_options *options)
422 {
423 	unsigned int blob_len;
424 	struct tpm_buf buf;
425 	u32 hash;
426 	int i;
427 	int rc;
428 
429 	for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
430 		if (options->hash == tpm2_hash_map[i].crypto_id) {
431 			hash = tpm2_hash_map[i].tpm_id;
432 			break;
433 		}
434 	}
435 
436 	if (i == ARRAY_SIZE(tpm2_hash_map))
437 		return -EINVAL;
438 
439 	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_CREATE);
440 	if (rc)
441 		return rc;
442 
443 	tpm_buf_append_u32(&buf, options->keyhandle);
444 	tpm2_buf_append_auth(&buf, TPM2_RS_PW,
445 			     NULL /* nonce */, 0,
446 			     0 /* session_attributes */,
447 			     options->keyauth /* hmac */,
448 			     TPM_DIGEST_SIZE);
449 
450 	/* sensitive */
451 	tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1);
452 
453 	tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE);
454 	tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE);
455 	tpm_buf_append_u16(&buf, payload->key_len + 1);
456 	tpm_buf_append(&buf, payload->key, payload->key_len);
457 	tpm_buf_append_u8(&buf, payload->migratable);
458 
459 	/* public */
460 	tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
461 	tpm_buf_append_u16(&buf, TPM_ALG_KEYEDHASH);
462 	tpm_buf_append_u16(&buf, hash);
463 
464 	/* policy */
465 	if (options->policydigest_len) {
466 		tpm_buf_append_u32(&buf, 0);
467 		tpm_buf_append_u16(&buf, options->policydigest_len);
468 		tpm_buf_append(&buf, options->policydigest,
469 			       options->policydigest_len);
470 	} else {
471 		tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH);
472 		tpm_buf_append_u16(&buf, 0);
473 	}
474 
475 	/* public parameters */
476 	tpm_buf_append_u16(&buf, TPM_ALG_NULL);
477 	tpm_buf_append_u16(&buf, 0);
478 
479 	/* outside info */
480 	tpm_buf_append_u16(&buf, 0);
481 
482 	/* creation PCR */
483 	tpm_buf_append_u32(&buf, 0);
484 
485 	if (buf.flags & TPM_BUF_OVERFLOW) {
486 		rc = -E2BIG;
487 		goto out;
488 	}
489 
490 	rc = tpm_transmit_cmd(chip, &buf, 4, "sealing data");
491 	if (rc)
492 		goto out;
493 
494 	blob_len = be32_to_cpup((__be32 *) &buf.data[TPM_HEADER_SIZE]);
495 	if (blob_len > MAX_BLOB_SIZE) {
496 		rc = -E2BIG;
497 		goto out;
498 	}
499 	if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 4 + blob_len) {
500 		rc = -EFAULT;
501 		goto out;
502 	}
503 
504 	memcpy(payload->blob, &buf.data[TPM_HEADER_SIZE + 4], blob_len);
505 	payload->blob_len = blob_len;
506 
507 out:
508 	tpm_buf_destroy(&buf);
509 
510 	if (rc > 0) {
511 		if (tpm2_rc_value(rc) == TPM2_RC_HASH)
512 			rc = -EINVAL;
513 		else
514 			rc = -EPERM;
515 	}
516 
517 	return rc;
518 }
519 
520 /**
521  * tpm2_load_cmd() - execute a TPM2_Load command
522  *
523  * @chip: TPM chip to use
524  * @payload: the key data in clear and encrypted form
525  * @options: authentication values and other options
526  * @blob_handle: returned blob handle
527  *
528  * Return: 0 on success.
529  *        -E2BIG on wrong payload size.
530  *        -EPERM on tpm error status.
531  *        < 0 error from tpm_transmit_cmd.
532  */
533 static int tpm2_load_cmd(struct tpm_chip *chip,
534 			 struct trusted_key_payload *payload,
535 			 struct trusted_key_options *options,
536 			 u32 *blob_handle)
537 {
538 	struct tpm_buf buf;
539 	unsigned int private_len;
540 	unsigned int public_len;
541 	unsigned int blob_len;
542 	int rc;
543 
544 	private_len = be16_to_cpup((__be16 *) &payload->blob[0]);
545 	if (private_len > (payload->blob_len - 2))
546 		return -E2BIG;
547 
548 	public_len = be16_to_cpup((__be16 *) &payload->blob[2 + private_len]);
549 	blob_len = private_len + public_len + 4;
550 	if (blob_len > payload->blob_len)
551 		return -E2BIG;
552 
553 	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD);
554 	if (rc)
555 		return rc;
556 
557 	tpm_buf_append_u32(&buf, options->keyhandle);
558 	tpm2_buf_append_auth(&buf, TPM2_RS_PW,
559 			     NULL /* nonce */, 0,
560 			     0 /* session_attributes */,
561 			     options->keyauth /* hmac */,
562 			     TPM_DIGEST_SIZE);
563 
564 	tpm_buf_append(&buf, payload->blob, blob_len);
565 
566 	if (buf.flags & TPM_BUF_OVERFLOW) {
567 		rc = -E2BIG;
568 		goto out;
569 	}
570 
571 	rc = tpm_transmit_cmd(chip, &buf, 4, "loading blob");
572 	if (!rc)
573 		*blob_handle = be32_to_cpup(
574 			(__be32 *) &buf.data[TPM_HEADER_SIZE]);
575 
576 out:
577 	tpm_buf_destroy(&buf);
578 
579 	if (rc > 0)
580 		rc = -EPERM;
581 
582 	return rc;
583 }
584 
585 /**
586  * tpm2_unseal_cmd() - execute a TPM2_Unload command
587  *
588  * @chip: TPM chip to use
589  * @payload: the key data in clear and encrypted form
590  * @options: authentication values and other options
591  * @blob_handle: blob handle
592  *
593  * Return: 0 on success
594  *         -EPERM on tpm error status
595  *         < 0 error from tpm_transmit_cmd
596  */
597 static int tpm2_unseal_cmd(struct tpm_chip *chip,
598 			   struct trusted_key_payload *payload,
599 			   struct trusted_key_options *options,
600 			   u32 blob_handle)
601 {
602 	struct tpm_buf buf;
603 	u16 data_len;
604 	u8 *data;
605 	int rc;
606 
607 	rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
608 	if (rc)
609 		return rc;
610 
611 	tpm_buf_append_u32(&buf, blob_handle);
612 	tpm2_buf_append_auth(&buf,
613 			     options->policyhandle ?
614 			     options->policyhandle : TPM2_RS_PW,
615 			     NULL /* nonce */, 0,
616 			     TPM2_SA_CONTINUE_SESSION,
617 			     options->blobauth /* hmac */,
618 			     TPM_DIGEST_SIZE);
619 
620 	rc = tpm_transmit_cmd(chip, &buf, 6, "unsealing");
621 	if (rc > 0)
622 		rc = -EPERM;
623 
624 	if (!rc) {
625 		data_len = be16_to_cpup(
626 			(__be16 *) &buf.data[TPM_HEADER_SIZE + 4]);
627 		if (data_len < MIN_KEY_SIZE ||  data_len > MAX_KEY_SIZE + 1) {
628 			rc = -EFAULT;
629 			goto out;
630 		}
631 
632 		if (tpm_buf_length(&buf) < TPM_HEADER_SIZE + 6 + data_len) {
633 			rc = -EFAULT;
634 			goto out;
635 		}
636 		data = &buf.data[TPM_HEADER_SIZE + 6];
637 
638 		memcpy(payload->key, data, data_len - 1);
639 		payload->key_len = data_len - 1;
640 		payload->migratable = data[data_len - 1];
641 	}
642 
643 out:
644 	tpm_buf_destroy(&buf);
645 	return rc;
646 }
647 
648 /**
649  * tpm2_unseal_trusted() - unseal the payload of a trusted key
650  *
651  * @chip: TPM chip to use
652  * @payload: the key data in clear and encrypted form
653  * @options: authentication values and other options
654  *
655  * Return: Same as with tpm_transmit_cmd.
656  */
657 int tpm2_unseal_trusted(struct tpm_chip *chip,
658 			struct trusted_key_payload *payload,
659 			struct trusted_key_options *options)
660 {
661 	u32 blob_handle;
662 	int rc;
663 
664 	rc = tpm2_load_cmd(chip, payload, options, &blob_handle);
665 	if (rc)
666 		return rc;
667 
668 	rc = tpm2_unseal_cmd(chip, payload, options, blob_handle);
669 	tpm2_flush_context(chip, blob_handle);
670 	return rc;
671 }
672 
673 struct tpm2_get_cap_out {
674 	u8 more_data;
675 	__be32 subcap_id;
676 	__be32 property_cnt;
677 	__be32 property_id;
678 	__be32 value;
679 } __packed;
680 
681 /**
682  * tpm2_get_tpm_pt() - get value of a TPM_CAP_TPM_PROPERTIES type property
683  * @chip:		a &tpm_chip instance
684  * @property_id:	property ID.
685  * @value:		output variable.
686  * @desc:		passed to tpm_transmit_cmd()
687  *
688  * Return:
689  *   0 on success,
690  *   -errno or a TPM return code otherwise
691  */
692 ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,  u32 *value,
693 			const char *desc)
694 {
695 	struct tpm2_get_cap_out *out;
696 	struct tpm_buf buf;
697 	int rc;
698 
699 	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
700 	if (rc)
701 		return rc;
702 	tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES);
703 	tpm_buf_append_u32(&buf, property_id);
704 	tpm_buf_append_u32(&buf, 1);
705 	rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
706 	if (!rc) {
707 		out = (struct tpm2_get_cap_out *)
708 			&buf.data[TPM_HEADER_SIZE];
709 		*value = be32_to_cpu(out->value);
710 	}
711 	tpm_buf_destroy(&buf);
712 	return rc;
713 }
714 EXPORT_SYMBOL_GPL(tpm2_get_tpm_pt);
715 
716 /**
717  * tpm2_shutdown() - send a TPM shutdown command
718  *
719  * Sends a TPM shutdown command. The shutdown command is used in call
720  * sites where the system is going down. If it fails, there is not much
721  * that can be done except print an error message.
722  *
723  * @chip:		a &tpm_chip instance
724  * @shutdown_type:	TPM_SU_CLEAR or TPM_SU_STATE.
725  */
726 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type)
727 {
728 	struct tpm_buf buf;
729 	int rc;
730 
731 	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SHUTDOWN);
732 	if (rc)
733 		return;
734 	tpm_buf_append_u16(&buf, shutdown_type);
735 	tpm_transmit_cmd(chip, &buf, 0, "stopping the TPM");
736 	tpm_buf_destroy(&buf);
737 }
738 
739 /**
740  * tpm2_do_selftest() - ensure that all self tests have passed
741  *
742  * @chip: TPM chip to use
743  *
744  * Return: Same as with tpm_transmit_cmd.
745  *
746  * The TPM can either run all self tests synchronously and then return
747  * RC_SUCCESS once all tests were successful. Or it can choose to run the tests
748  * asynchronously and return RC_TESTING immediately while the self tests still
749  * execute in the background. This function handles both cases and waits until
750  * all tests have completed.
751  */
752 static int tpm2_do_selftest(struct tpm_chip *chip)
753 {
754 	struct tpm_buf buf;
755 	int full;
756 	int rc;
757 
758 	for (full = 0; full < 2; full++) {
759 		rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST);
760 		if (rc)
761 			return rc;
762 
763 		tpm_buf_append_u8(&buf, full);
764 		rc = tpm_transmit_cmd(chip, &buf, 0,
765 				      "attempting the self test");
766 		tpm_buf_destroy(&buf);
767 
768 		if (rc == TPM2_RC_TESTING)
769 			rc = TPM2_RC_SUCCESS;
770 		if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS)
771 			return rc;
772 	}
773 
774 	return rc;
775 }
776 
777 /**
778  * tpm2_probe() - probe for the TPM 2.0 protocol
779  * @chip:	a &tpm_chip instance
780  *
781  * Send an idempotent TPM 2.0 command and see whether there is TPM2 chip in the
782  * other end based on the response tag. The flag TPM_CHIP_FLAG_TPM2 is set by
783  * this function if this is the case.
784  *
785  * Return:
786  *   0 on success,
787  *   -errno otherwise
788  */
789 int tpm2_probe(struct tpm_chip *chip)
790 {
791 	struct tpm_header *out;
792 	struct tpm_buf buf;
793 	int rc;
794 
795 	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
796 	if (rc)
797 		return rc;
798 	tpm_buf_append_u32(&buf, TPM2_CAP_TPM_PROPERTIES);
799 	tpm_buf_append_u32(&buf, TPM_PT_TOTAL_COMMANDS);
800 	tpm_buf_append_u32(&buf, 1);
801 	rc = tpm_transmit_cmd(chip, &buf, 0, NULL);
802 	/* We ignore TPM return codes on purpose. */
803 	if (rc >=  0) {
804 		out = (struct tpm_header *)buf.data;
805 		if (be16_to_cpu(out->tag) == TPM2_ST_NO_SESSIONS)
806 			chip->flags |= TPM_CHIP_FLAG_TPM2;
807 	}
808 	tpm_buf_destroy(&buf);
809 	return 0;
810 }
811 EXPORT_SYMBOL_GPL(tpm2_probe);
812 
813 static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index)
814 {
815 	struct tpm_bank_info *bank = chip->allocated_banks + bank_index;
816 	struct tpm_digest digest = { .alg_id = bank->alg_id };
817 	int i;
818 
819 	/*
820 	 * Avoid unnecessary PCR read operations to reduce overhead
821 	 * and obtain identifiers of the crypto subsystem.
822 	 */
823 	for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
824 		enum hash_algo crypto_algo = tpm2_hash_map[i].crypto_id;
825 
826 		if (bank->alg_id != tpm2_hash_map[i].tpm_id)
827 			continue;
828 
829 		bank->digest_size = hash_digest_size[crypto_algo];
830 		bank->crypto_id = crypto_algo;
831 		return 0;
832 	}
833 
834 	return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size);
835 }
836 
837 struct tpm2_pcr_selection {
838 	__be16  hash_alg;
839 	u8  size_of_select;
840 	u8  pcr_select[3];
841 } __packed;
842 
843 ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
844 {
845 	struct tpm2_pcr_selection pcr_selection;
846 	struct tpm_buf buf;
847 	void *marker;
848 	void *end;
849 	void *pcr_select_offset;
850 	u32 sizeof_pcr_selection;
851 	u32 nr_possible_banks;
852 	u32 nr_alloc_banks = 0;
853 	u16 hash_alg;
854 	u32 rsp_len;
855 	int rc;
856 	int i = 0;
857 
858 	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
859 	if (rc)
860 		return rc;
861 
862 	tpm_buf_append_u32(&buf, TPM2_CAP_PCRS);
863 	tpm_buf_append_u32(&buf, 0);
864 	tpm_buf_append_u32(&buf, 1);
865 
866 	rc = tpm_transmit_cmd(chip, &buf, 9, "get tpm pcr allocation");
867 	if (rc)
868 		goto out;
869 
870 	nr_possible_banks = be32_to_cpup(
871 		(__be32 *)&buf.data[TPM_HEADER_SIZE + 5]);
872 
873 	chip->allocated_banks = kcalloc(nr_possible_banks,
874 					sizeof(*chip->allocated_banks),
875 					GFP_KERNEL);
876 	if (!chip->allocated_banks) {
877 		rc = -ENOMEM;
878 		goto out;
879 	}
880 
881 	marker = &buf.data[TPM_HEADER_SIZE + 9];
882 
883 	rsp_len = be32_to_cpup((__be32 *)&buf.data[2]);
884 	end = &buf.data[rsp_len];
885 
886 	for (i = 0; i < nr_possible_banks; i++) {
887 		pcr_select_offset = marker +
888 			offsetof(struct tpm2_pcr_selection, size_of_select);
889 		if (pcr_select_offset >= end) {
890 			rc = -EFAULT;
891 			break;
892 		}
893 
894 		memcpy(&pcr_selection, marker, sizeof(pcr_selection));
895 		hash_alg = be16_to_cpu(pcr_selection.hash_alg);
896 
897 		pcr_select_offset = memchr_inv(pcr_selection.pcr_select, 0,
898 					       pcr_selection.size_of_select);
899 		if (pcr_select_offset) {
900 			chip->allocated_banks[nr_alloc_banks].alg_id = hash_alg;
901 
902 			rc = tpm2_init_bank_info(chip, nr_alloc_banks);
903 			if (rc < 0)
904 				break;
905 
906 			nr_alloc_banks++;
907 		}
908 
909 		sizeof_pcr_selection = sizeof(pcr_selection.hash_alg) +
910 			sizeof(pcr_selection.size_of_select) +
911 			pcr_selection.size_of_select;
912 		marker = marker + sizeof_pcr_selection;
913 	}
914 
915 	chip->nr_allocated_banks = nr_alloc_banks;
916 out:
917 	tpm_buf_destroy(&buf);
918 
919 	return rc;
920 }
921 
922 static int tpm2_get_cc_attrs_tbl(struct tpm_chip *chip)
923 {
924 	struct tpm_buf buf;
925 	u32 nr_commands;
926 	__be32 *attrs;
927 	u32 cc;
928 	int i;
929 	int rc;
930 
931 	rc = tpm2_get_tpm_pt(chip, TPM_PT_TOTAL_COMMANDS, &nr_commands, NULL);
932 	if (rc)
933 		goto out;
934 
935 	if (nr_commands > 0xFFFFF) {
936 		rc = -EFAULT;
937 		goto out;
938 	}
939 
940 	chip->cc_attrs_tbl = devm_kcalloc(&chip->dev, 4, nr_commands,
941 					  GFP_KERNEL);
942 
943 	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_CAPABILITY);
944 	if (rc)
945 		goto out;
946 
947 	tpm_buf_append_u32(&buf, TPM2_CAP_COMMANDS);
948 	tpm_buf_append_u32(&buf, TPM2_CC_FIRST);
949 	tpm_buf_append_u32(&buf, nr_commands);
950 
951 	rc = tpm_transmit_cmd(chip, &buf, 9 + 4 * nr_commands, NULL);
952 	if (rc) {
953 		tpm_buf_destroy(&buf);
954 		goto out;
955 	}
956 
957 	if (nr_commands !=
958 	    be32_to_cpup((__be32 *)&buf.data[TPM_HEADER_SIZE + 5])) {
959 		tpm_buf_destroy(&buf);
960 		goto out;
961 	}
962 
963 	chip->nr_commands = nr_commands;
964 
965 	attrs = (__be32 *)&buf.data[TPM_HEADER_SIZE + 9];
966 	for (i = 0; i < nr_commands; i++, attrs++) {
967 		chip->cc_attrs_tbl[i] = be32_to_cpup(attrs);
968 		cc = chip->cc_attrs_tbl[i] & 0xFFFF;
969 
970 		if (cc == TPM2_CC_CONTEXT_SAVE || cc == TPM2_CC_FLUSH_CONTEXT) {
971 			chip->cc_attrs_tbl[i] &=
972 				~(GENMASK(2, 0) << TPM2_CC_ATTR_CHANDLES);
973 			chip->cc_attrs_tbl[i] |= 1 << TPM2_CC_ATTR_CHANDLES;
974 		}
975 	}
976 
977 	tpm_buf_destroy(&buf);
978 
979 out:
980 	if (rc > 0)
981 		rc = -ENODEV;
982 	return rc;
983 }
984 
985 /**
986  * tpm2_startup - turn on the TPM
987  * @chip: TPM chip to use
988  *
989  * Normally the firmware should start the TPM. This function is provided as a
990  * workaround if this does not happen. A legal case for this could be for
991  * example when a TPM emulator is used.
992  *
993  * Return: same as tpm_transmit_cmd()
994  */
995 
996 static int tpm2_startup(struct tpm_chip *chip)
997 {
998 	struct tpm_buf buf;
999 	int rc;
1000 
1001 	dev_info(&chip->dev, "starting up the TPM manually\n");
1002 
1003 	rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_STARTUP);
1004 	if (rc < 0)
1005 		return rc;
1006 
1007 	tpm_buf_append_u16(&buf, TPM2_SU_CLEAR);
1008 	rc = tpm_transmit_cmd(chip, &buf, 0, "attempting to start the TPM");
1009 	tpm_buf_destroy(&buf);
1010 
1011 	return rc;
1012 }
1013 
1014 /**
1015  * tpm2_auto_startup - Perform the standard automatic TPM initialization
1016  *                     sequence
1017  * @chip: TPM chip to use
1018  *
1019  * Returns 0 on success, < 0 in case of fatal error.
1020  */
1021 int tpm2_auto_startup(struct tpm_chip *chip)
1022 {
1023 	int rc;
1024 
1025 	rc = tpm2_get_timeouts(chip);
1026 	if (rc)
1027 		goto out;
1028 
1029 	rc = tpm2_do_selftest(chip);
1030 	if (rc && rc != TPM2_RC_INITIALIZE)
1031 		goto out;
1032 
1033 	if (rc == TPM2_RC_INITIALIZE) {
1034 		rc = tpm2_startup(chip);
1035 		if (rc)
1036 			goto out;
1037 
1038 		rc = tpm2_do_selftest(chip);
1039 		if (rc)
1040 			goto out;
1041 	}
1042 
1043 	rc = tpm2_get_cc_attrs_tbl(chip);
1044 
1045 out:
1046 	if (rc > 0)
1047 		rc = -ENODEV;
1048 	return rc;
1049 }
1050 
1051 int tpm2_find_cc(struct tpm_chip *chip, u32 cc)
1052 {
1053 	int i;
1054 
1055 	for (i = 0; i < chip->nr_commands; i++)
1056 		if (cc == (chip->cc_attrs_tbl[i] & GENMASK(15, 0)))
1057 			return i;
1058 
1059 	return -1;
1060 }
1061