include/keys/trusted_tpm.h

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 #ifndef __TRUSTED_TPM_H
   3 #define __TRUSTED_TPM_H
   4
   5 #include <keys/trusted-type.h>
   6 #include <linux/tpm_command.h>
   7
   8 /* implementation specific TPM constants */
   9 #define TPM_SIZE_OFFSET                 2
  10 #define TPM_RETURN_OFFSET               6
  11 #define TPM_DATA_OFFSET                 10
  12
  13 #define LOAD32(buffer, offset)  (ntohl(*(uint32_t *)&buffer[offset]))
  14 #define LOAD32N(buffer, offset) (*(uint32_t *)&buffer[offset])
  15 #define LOAD16(buffer, offset)  (ntohs(*(uint16_t *)&buffer[offset]))
  16
  17 extern struct trusted_key_ops trusted_key_tpm_ops;
  18
  19 struct osapsess {
  20         uint32_t handle;
  21         unsigned char secret[SHA1_DIGEST_SIZE];
  22         unsigned char enonce[TPM_NONCE_SIZE];
  23 };
  24
  25 /* discrete values, but have to store in uint16_t for TPM use */
  26 enum {
  27         SEAL_keytype = 1,
  28         SRK_keytype = 4
  29 };
  30
  31 int TSS_authhmac(unsigned char *digest, const unsigned char *key,
  32                         unsigned int keylen, unsigned char *h1,
  33                         unsigned char *h2, unsigned int h3, ...);
  34 int TSS_checkhmac1(unsigned char *buffer,
  35                           const uint32_t command,
  36                           const unsigned char *ononce,
  37                           const unsigned char *key,
  38                           unsigned int keylen, ...);
  39
  40 int trusted_tpm_send(unsigned char *cmd, size_t buflen);
  41 int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce);
  42
  43 int tpm2_seal_trusted(struct tpm_chip *chip,
  44                       struct trusted_key_payload *payload,
  45                       struct trusted_key_options *options);
  46 int tpm2_unseal_trusted(struct tpm_chip *chip,
  47                         struct trusted_key_payload *payload,
  48                         struct trusted_key_options *options);
  49
  50 #define TPM_DEBUG 0
  51
  52 #if TPM_DEBUG
  53 static inline void dump_options(struct trusted_key_options *o)
  54 {
  55         pr_info("sealing key type %d\n", o->keytype);
  56         pr_info("sealing key handle %0X\n", o->keyhandle);
  57         pr_info("pcrlock %d\n", o->pcrlock);
  58         pr_info("pcrinfo %d\n", o->pcrinfo_len);
  59         print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE,
  60                        16, 1, o->pcrinfo, o->pcrinfo_len, 0);
  61 }
  62
  63 static inline void dump_sess(struct osapsess *s)
  64 {
  65         print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE,
  66                        16, 1, &s->handle, 4, 0);
  67         pr_info("secret:\n");
  68         print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
  69                        16, 1, &s->secret, SHA1_DIGEST_SIZE, 0);
  70         pr_info("trusted-key: enonce:\n");
  71         print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
  72                        16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0);
  73 }
  74
  75 static inline void dump_tpm_buf(unsigned char *buf)
  76 {
  77         int len;
  78
  79         pr_info("\ntpm buffer\n");
  80         len = LOAD32(buf, TPM_SIZE_OFFSET);
  81         print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0);
  82 }
  83 #else
  84 static inline void dump_options(struct trusted_key_options *o)
  85 {
  86 }
  87
  88 static inline void dump_sess(struct osapsess *s)
  89 {
  90 }
  91
  92 static inline void dump_tpm_buf(unsigned char *buf)
  93 {
  94 }
  95 #endif
  96 #endif