1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef __TRUSTED_TPM_H 3 #define __TRUSTED_TPM_H 4 5 #include <keys/trusted-type.h> 6 #include <linux/tpm_command.h> 7 8 /* implementation specific TPM constants */ 9 #define MAX_BUF_SIZE 1024 10 #define TPM_GETRANDOM_SIZE 14 11 #define TPM_SIZE_OFFSET 2 12 #define TPM_RETURN_OFFSET 6 13 #define TPM_DATA_OFFSET 10 14 15 #define LOAD32(buffer, offset) (ntohl(*(uint32_t *)&buffer[offset])) 16 #define LOAD32N(buffer, offset) (*(uint32_t *)&buffer[offset]) 17 #define LOAD16(buffer, offset) (ntohs(*(uint16_t *)&buffer[offset])) 18 19 struct osapsess { 20 uint32_t handle; 21 unsigned char secret[SHA1_DIGEST_SIZE]; 22 unsigned char enonce[TPM_NONCE_SIZE]; 23 }; 24 25 /* discrete values, but have to store in uint16_t for TPM use */ 26 enum { 27 SEAL_keytype = 1, 28 SRK_keytype = 4 29 }; 30 31 int TSS_authhmac(unsigned char *digest, const unsigned char *key, 32 unsigned int keylen, unsigned char *h1, 33 unsigned char *h2, unsigned int h3, ...); 34 int TSS_checkhmac1(unsigned char *buffer, 35 const uint32_t command, 36 const unsigned char *ononce, 37 const unsigned char *key, 38 unsigned int keylen, ...); 39 40 int trusted_tpm_send(unsigned char *cmd, size_t buflen); 41 int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce); 42 43 #define TPM_DEBUG 0 44 45 #if TPM_DEBUG 46 static inline void dump_options(struct trusted_key_options *o) 47 { 48 pr_info("trusted_key: sealing key type %d\n", o->keytype); 49 pr_info("trusted_key: sealing key handle %0X\n", o->keyhandle); 50 pr_info("trusted_key: pcrlock %d\n", o->pcrlock); 51 pr_info("trusted_key: pcrinfo %d\n", o->pcrinfo_len); 52 print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE, 53 16, 1, o->pcrinfo, o->pcrinfo_len, 0); 54 } 55 56 static inline void dump_payload(struct trusted_key_payload *p) 57 { 58 pr_info("trusted_key: key_len %d\n", p->key_len); 59 print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE, 60 16, 1, p->key, p->key_len, 0); 61 pr_info("trusted_key: bloblen %d\n", p->blob_len); 62 print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE, 63 16, 1, p->blob, p->blob_len, 0); 64 pr_info("trusted_key: migratable %d\n", p->migratable); 65 } 66 67 static inline void dump_sess(struct osapsess *s) 68 { 69 print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE, 70 16, 1, &s->handle, 4, 0); 71 pr_info("trusted-key: secret:\n"); 72 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 73 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0); 74 pr_info("trusted-key: enonce:\n"); 75 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 76 16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0); 77 } 78 79 static inline void dump_tpm_buf(unsigned char *buf) 80 { 81 int len; 82 83 pr_info("\ntrusted-key: tpm buffer\n"); 84 len = LOAD32(buf, TPM_SIZE_OFFSET); 85 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0); 86 } 87 #else 88 static inline void dump_options(struct trusted_key_options *o) 89 { 90 } 91 92 static inline void dump_payload(struct trusted_key_payload *p) 93 { 94 } 95 96 static inline void dump_sess(struct osapsess *s) 97 { 98 } 99 100 static inline void dump_tpm_buf(unsigned char *buf) 101 { 102 } 103 #endif 104 #endif 105