1*dc9d6147SAndrew GeisslerIndex: git/include/tpm_tspi.h 2*dc9d6147SAndrew Geissler=================================================================== 3*dc9d6147SAndrew Geissler--- git.orig/include/tpm_tspi.h 4*dc9d6147SAndrew Geissler+++ git/include/tpm_tspi.h 5*dc9d6147SAndrew Geissler@@ -117,6 +117,10 @@ TSS_RESULT tpmPcrRead(TSS_HTPM a_hTpm, U 6*dc9d6147SAndrew Geissler UINT32 *a_PcrSize, BYTE **a_PcrValue); 7*dc9d6147SAndrew Geissler TSS_RESULT pcrcompositeSetPcrValue(TSS_HPCRS a_hPcrs, UINT32 a_Idx, 8*dc9d6147SAndrew Geissler UINT32 a_PcrSize, BYTE *a_PcrValue); 9*dc9d6147SAndrew Geissler+TSS_RESULT tpmPcrExtend(TSS_HTPM a_hTpm, UINT32 a_Idx, 10*dc9d6147SAndrew Geissler+ UINT32 a_DataSize, BYTE *a_Data, 11*dc9d6147SAndrew Geissler+ TSS_PCR_EVENT *a_Event, 12*dc9d6147SAndrew Geissler+ UINT32 *a_PcrSize, BYTE **a_PcrValue); 13*dc9d6147SAndrew Geissler #ifdef TSS_LIB_IS_12 14*dc9d6147SAndrew Geissler TSS_RESULT unloadVersionInfo(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v); 15*dc9d6147SAndrew Geissler TSS_RESULT pcrcompositeSetPcrLocality(TSS_HPCRS a_hPcrs, UINT32 localityValue); 16*dc9d6147SAndrew GeisslerIndex: git/lib/tpm_tspi.c 17*dc9d6147SAndrew Geissler=================================================================== 18*dc9d6147SAndrew Geissler--- git.orig/lib/tpm_tspi.c 19*dc9d6147SAndrew Geissler+++ git/lib/tpm_tspi.c 20*dc9d6147SAndrew Geissler@@ -594,6 +594,20 @@ pcrcompositeSetPcrValue(TSS_HPCRS a_hPcr 21*dc9d6147SAndrew Geissler return result; 22*dc9d6147SAndrew Geissler } 23*dc9d6147SAndrew Geissler 24*dc9d6147SAndrew Geissler+TSS_RESULT 25*dc9d6147SAndrew Geissler+tpmPcrExtend(TSS_HTPM a_hTpm, UINT32 a_Idx, 26*dc9d6147SAndrew Geissler+ UINT32 a_DataSize, BYTE *a_Data, 27*dc9d6147SAndrew Geissler+ TSS_PCR_EVENT *a_Event, 28*dc9d6147SAndrew Geissler+ UINT32 *a_PcrSize, BYTE **a_PcrValue) 29*dc9d6147SAndrew Geissler+{ 30*dc9d6147SAndrew Geissler+ TSS_RESULT result = 31*dc9d6147SAndrew Geissler+ Tspi_TPM_PcrExtend(a_hTpm, a_Idx, a_DataSize, a_Data, a_Event, 32*dc9d6147SAndrew Geissler+ a_PcrSize, a_PcrValue); 33*dc9d6147SAndrew Geissler+ tspiResult("Tspi_TPM_PcrExtend", result); 34*dc9d6147SAndrew Geissler+ 35*dc9d6147SAndrew Geissler+ return result; 36*dc9d6147SAndrew Geissler+} 37*dc9d6147SAndrew Geissler+ 38*dc9d6147SAndrew Geissler #ifdef TSS_LIB_IS_12 39*dc9d6147SAndrew Geissler /* 40*dc9d6147SAndrew Geissler * These getPasswd functions will wrap calls to the other functions and check to see if the TSS 41*dc9d6147SAndrew GeisslerIndex: git/src/cmds/Makefile.am 42*dc9d6147SAndrew Geissler=================================================================== 43*dc9d6147SAndrew Geissler--- git.orig/src/cmds/Makefile.am 44*dc9d6147SAndrew Geissler+++ git/src/cmds/Makefile.am 45*dc9d6147SAndrew Geissler@@ -22,6 +22,7 @@ 46*dc9d6147SAndrew Geissler # 47*dc9d6147SAndrew Geissler 48*dc9d6147SAndrew Geissler bin_PROGRAMS = tpm_sealdata \ 49*dc9d6147SAndrew Geissler+ tpm_extendpcr \ 50*dc9d6147SAndrew Geissler tpm_unsealdata 51*dc9d6147SAndrew Geissler 52*dc9d6147SAndrew Geissler if TSS_LIB_IS_12 53*dc9d6147SAndrew Geissler@@ -33,4 +34,5 @@ endif 54*dc9d6147SAndrew Geissler LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi $(top_builddir)/lib/libtpm_unseal.la -ltpm_unseal -lcrypto @INTLLIBS@ 55*dc9d6147SAndrew Geissler 56*dc9d6147SAndrew Geissler tpm_sealdata_SOURCES = tpm_sealdata.c 57*dc9d6147SAndrew Geissler+tpm_extendpcr_SOURCES = tpm_extendpcr.c 58*dc9d6147SAndrew Geissler tpm_unsealdata_SOURCES = tpm_unsealdata.c 59*dc9d6147SAndrew GeisslerIndex: git/src/cmds/tpm_extendpcr.c 60*dc9d6147SAndrew Geissler=================================================================== 61*dc9d6147SAndrew Geissler--- /dev/null 62*dc9d6147SAndrew Geissler+++ git/src/cmds/tpm_extendpcr.c 63*dc9d6147SAndrew Geissler@@ -0,0 +1,181 @@ 64*dc9d6147SAndrew Geissler+/* 65*dc9d6147SAndrew Geissler+ * The Initial Developer of the Original Code is International 66*dc9d6147SAndrew Geissler+ * Business Machines Corporation. Portions created by IBM 67*dc9d6147SAndrew Geissler+ * Corporation are Copyright (C) 2005, 2006 International Business 68*dc9d6147SAndrew Geissler+ * Machines Corporation. All Rights Reserved. 69*dc9d6147SAndrew Geissler+ * 70*dc9d6147SAndrew Geissler+ * This program is free software; you can redistribute it and/or modify 71*dc9d6147SAndrew Geissler+ * it under the terms of the Common Public License as published by 72*dc9d6147SAndrew Geissler+ * IBM Corporation; either version 1 of the License, or (at your option) 73*dc9d6147SAndrew Geissler+ * any later version. 74*dc9d6147SAndrew Geissler+ * 75*dc9d6147SAndrew Geissler+ * This program is distributed in the hope that it will be useful, 76*dc9d6147SAndrew Geissler+ * but WITHOUT ANY WARRANTY; without even the implied warranty of 77*dc9d6147SAndrew Geissler+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 78*dc9d6147SAndrew Geissler+ * Common Public License for more details. 79*dc9d6147SAndrew Geissler+ * 80*dc9d6147SAndrew Geissler+ * You should have received a copy of the Common Public License 81*dc9d6147SAndrew Geissler+ * along with this program; if not, a copy can be viewed at 82*dc9d6147SAndrew Geissler+ * http://www.opensource.org/licenses/cpl1.0.php. 83*dc9d6147SAndrew Geissler+ */ 84*dc9d6147SAndrew Geissler+#include <openssl/evp.h> 85*dc9d6147SAndrew Geissler+#include <openssl/sha.h> 86*dc9d6147SAndrew Geissler+#include <limits.h> 87*dc9d6147SAndrew Geissler+#include "tpm_tspi.h" 88*dc9d6147SAndrew Geissler+#include "tpm_utils.h" 89*dc9d6147SAndrew Geissler+#include "tpm_seal.h" 90*dc9d6147SAndrew Geissler+ 91*dc9d6147SAndrew Geissler+// #define TPM_EXTENDPCR_DEBUG 92*dc9d6147SAndrew Geissler+ 93*dc9d6147SAndrew Geissler+static void help(const char *aCmd) 94*dc9d6147SAndrew Geissler+{ 95*dc9d6147SAndrew Geissler+ logCmdHelp(aCmd); 96*dc9d6147SAndrew Geissler+ logCmdOption("-i, --infile FILE", 97*dc9d6147SAndrew Geissler+ _ 98*dc9d6147SAndrew Geissler+ ("Filename containing data to extend PCRs with. Default is STDIN.")); 99*dc9d6147SAndrew Geissler+ logCmdOption("-p, --pcr NUMBER", 100*dc9d6147SAndrew Geissler+ _("PCR to extend.")); 101*dc9d6147SAndrew Geissler+ 102*dc9d6147SAndrew Geissler+} 103*dc9d6147SAndrew Geissler+ 104*dc9d6147SAndrew Geissler+static char in_filename[PATH_MAX] = ""; 105*dc9d6147SAndrew Geissler+static TSS_HPCRS hPcrs = NULL_HPCRS; 106*dc9d6147SAndrew Geissler+static TSS_HTPM hTpm; 107*dc9d6147SAndrew Geissler+static UINT32 selectedPcrs[24]; 108*dc9d6147SAndrew Geissler+static UINT32 selectedPcrsLen = 0; 109*dc9d6147SAndrew Geissler+TSS_HCONTEXT hContext = 0; 110*dc9d6147SAndrew Geissler+ 111*dc9d6147SAndrew Geissler+static int parse(const int aOpt, const char *aArg) 112*dc9d6147SAndrew Geissler+{ 113*dc9d6147SAndrew Geissler+ int rc = -1; 114*dc9d6147SAndrew Geissler+ 115*dc9d6147SAndrew Geissler+ switch (aOpt) { 116*dc9d6147SAndrew Geissler+ case 'i': 117*dc9d6147SAndrew Geissler+ if (aArg) { 118*dc9d6147SAndrew Geissler+ strncpy(in_filename, aArg, PATH_MAX); 119*dc9d6147SAndrew Geissler+ rc = 0; 120*dc9d6147SAndrew Geissler+ } 121*dc9d6147SAndrew Geissler+ break; 122*dc9d6147SAndrew Geissler+ case 'p': 123*dc9d6147SAndrew Geissler+ if (aArg) { 124*dc9d6147SAndrew Geissler+ selectedPcrs[selectedPcrsLen++] = atoi(aArg); 125*dc9d6147SAndrew Geissler+ rc = 0; 126*dc9d6147SAndrew Geissler+ } 127*dc9d6147SAndrew Geissler+ break; 128*dc9d6147SAndrew Geissler+ default: 129*dc9d6147SAndrew Geissler+ break; 130*dc9d6147SAndrew Geissler+ } 131*dc9d6147SAndrew Geissler+ return rc; 132*dc9d6147SAndrew Geissler+ 133*dc9d6147SAndrew Geissler+} 134*dc9d6147SAndrew Geissler+ 135*dc9d6147SAndrew Geissler+int main(int argc, char **argv) 136*dc9d6147SAndrew Geissler+{ 137*dc9d6147SAndrew Geissler+ 138*dc9d6147SAndrew Geissler+ int iRc = -1; 139*dc9d6147SAndrew Geissler+ struct option opts[] = { 140*dc9d6147SAndrew Geissler+ {"infile", required_argument, NULL, 'i'}, 141*dc9d6147SAndrew Geissler+ {"pcr", required_argument, NULL, 'p'}, 142*dc9d6147SAndrew Geissler+ }; 143*dc9d6147SAndrew Geissler+ unsigned char line[EVP_MD_block_size(EVP_sha1()) * 16]; 144*dc9d6147SAndrew Geissler+ int lineLen; 145*dc9d6147SAndrew Geissler+ UINT32 i; 146*dc9d6147SAndrew Geissler+ 147*dc9d6147SAndrew Geissler+ BIO *bin = NULL; 148*dc9d6147SAndrew Geissler+ 149*dc9d6147SAndrew Geissler+ initIntlSys(); 150*dc9d6147SAndrew Geissler+ 151*dc9d6147SAndrew Geissler+ if (genericOptHandler(argc, argv, "i:p:", opts, 152*dc9d6147SAndrew Geissler+ sizeof(opts) / sizeof(struct option), parse, 153*dc9d6147SAndrew Geissler+ help) != 0) 154*dc9d6147SAndrew Geissler+ goto out; 155*dc9d6147SAndrew Geissler+ 156*dc9d6147SAndrew Geissler+ if (contextCreate(&hContext) != TSS_SUCCESS) 157*dc9d6147SAndrew Geissler+ goto out; 158*dc9d6147SAndrew Geissler+ 159*dc9d6147SAndrew Geissler+ if (contextConnect(hContext) != TSS_SUCCESS) 160*dc9d6147SAndrew Geissler+ goto out_close; 161*dc9d6147SAndrew Geissler+ 162*dc9d6147SAndrew Geissler+ if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) 163*dc9d6147SAndrew Geissler+ goto out_close; 164*dc9d6147SAndrew Geissler+ 165*dc9d6147SAndrew Geissler+ /* Create a BIO for the input file */ 166*dc9d6147SAndrew Geissler+ if ((bin = BIO_new(BIO_s_file())) == NULL) { 167*dc9d6147SAndrew Geissler+ logError(_("Unable to open input BIO\n")); 168*dc9d6147SAndrew Geissler+ goto out_close; 169*dc9d6147SAndrew Geissler+ } 170*dc9d6147SAndrew Geissler+ 171*dc9d6147SAndrew Geissler+ /* Assign the input file to the BIO */ 172*dc9d6147SAndrew Geissler+ if (strlen(in_filename) == 0) 173*dc9d6147SAndrew Geissler+ BIO_set_fp(bin, stdin, BIO_NOCLOSE); 174*dc9d6147SAndrew Geissler+ else if (!BIO_read_filename(bin, in_filename)) { 175*dc9d6147SAndrew Geissler+ logError(_("Unable to open input file: %s\n"), 176*dc9d6147SAndrew Geissler+ in_filename); 177*dc9d6147SAndrew Geissler+ goto out_close; 178*dc9d6147SAndrew Geissler+ } 179*dc9d6147SAndrew Geissler+ 180*dc9d6147SAndrew Geissler+ /* Create the PCRs object. If any PCRs above 15 are selected, this will need to be 181*dc9d6147SAndrew Geissler+ * a 1.2 TSS/TPM */ 182*dc9d6147SAndrew Geissler+ if (selectedPcrsLen) { 183*dc9d6147SAndrew Geissler+ TSS_FLAG initFlag = 0; 184*dc9d6147SAndrew Geissler+ UINT32 pcrSize; 185*dc9d6147SAndrew Geissler+ BYTE *pcrValue; 186*dc9d6147SAndrew Geissler+ 187*dc9d6147SAndrew Geissler+ for (i = 0; i < selectedPcrsLen; i++) { 188*dc9d6147SAndrew Geissler+ if (selectedPcrs[i] > 15) { 189*dc9d6147SAndrew Geissler+#ifdef TSS_LIB_IS_12 190*dc9d6147SAndrew Geissler+ initFlag |= TSS_PCRS_STRUCT_INFO_LONG; 191*dc9d6147SAndrew Geissler+#else 192*dc9d6147SAndrew Geissler+ logError(_("This version of %s was compiled for a v1.1 TSS, which " 193*dc9d6147SAndrew Geissler+ "can only seal\n data to PCRs 0-15. PCR %u is out of range" 194*dc9d6147SAndrew Geissler+ "\n"), argv[0], selectedPcrs[i]); 195*dc9d6147SAndrew Geissler+ goto out_close; 196*dc9d6147SAndrew Geissler+#endif 197*dc9d6147SAndrew Geissler+ } 198*dc9d6147SAndrew Geissler+ } 199*dc9d6147SAndrew Geissler+ 200*dc9d6147SAndrew Geissler+ unsigned char msg[EVP_MAX_MD_SIZE]; 201*dc9d6147SAndrew Geissler+ unsigned int msglen; 202*dc9d6147SAndrew Geissler+ EVP_MD_CTX ctx; 203*dc9d6147SAndrew Geissler+ EVP_DigestInit(&ctx, EVP_sha1()); 204*dc9d6147SAndrew Geissler+ while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) 205*dc9d6147SAndrew Geissler+ EVP_DigestUpdate(&ctx, line, lineLen); 206*dc9d6147SAndrew Geissler+ EVP_DigestFinal(&ctx, msg, &msglen); 207*dc9d6147SAndrew Geissler+ 208*dc9d6147SAndrew Geissler+ if (contextCreateObject(hContext, TSS_OBJECT_TYPE_PCRS, initFlag, 209*dc9d6147SAndrew Geissler+ &hPcrs) != TSS_SUCCESS) 210*dc9d6147SAndrew Geissler+ goto out_close; 211*dc9d6147SAndrew Geissler+ 212*dc9d6147SAndrew Geissler+ for (i = 0; i < selectedPcrsLen; i++) { 213*dc9d6147SAndrew Geissler+#ifdef TPM_EXTENDPCR_DEBUG 214*dc9d6147SAndrew Geissler+ if (tpmPcrRead(hTpm, selectedPcrs[i], &pcrSize, &pcrValue) != TSS_SUCCESS) 215*dc9d6147SAndrew Geissler+ goto out_close; 216*dc9d6147SAndrew Geissler+ 217*dc9d6147SAndrew Geissler+ unsigned int j; 218*dc9d6147SAndrew Geissler+ for (j = 0; j < pcrSize; j++) 219*dc9d6147SAndrew Geissler+ printf("%02X ", pcrValue[j]); 220*dc9d6147SAndrew Geissler+ printf("\n"); 221*dc9d6147SAndrew Geissler+#endif 222*dc9d6147SAndrew Geissler+ 223*dc9d6147SAndrew Geissler+ if (tpmPcrExtend(hTpm, selectedPcrs[i], msglen, msg, NULL, &pcrSize, &pcrValue) != TSS_SUCCESS) 224*dc9d6147SAndrew Geissler+ goto out_close; 225*dc9d6147SAndrew Geissler+ 226*dc9d6147SAndrew Geissler+#ifdef TPM_EXTENDPCR_DEBUG 227*dc9d6147SAndrew Geissler+ for (j = 0; j < pcrSize; j++) 228*dc9d6147SAndrew Geissler+ printf("%02X ", pcrValue[j]); 229*dc9d6147SAndrew Geissler+ printf("\n"); 230*dc9d6147SAndrew Geissler+#endif 231*dc9d6147SAndrew Geissler+ } 232*dc9d6147SAndrew Geissler+ } 233*dc9d6147SAndrew Geissler+ 234*dc9d6147SAndrew Geissler+ iRc = 0; 235*dc9d6147SAndrew Geissler+ logSuccess(argv[0]); 236*dc9d6147SAndrew Geissler+ 237*dc9d6147SAndrew Geissler+out_close: 238*dc9d6147SAndrew Geissler+ contextClose(hContext); 239*dc9d6147SAndrew Geissler+ 240*dc9d6147SAndrew Geissler+out: 241*dc9d6147SAndrew Geissler+ if (bin) 242*dc9d6147SAndrew Geissler+ BIO_free(bin); 243*dc9d6147SAndrew Geissler+ return iRc; 244*dc9d6147SAndrew Geissler+} 245