[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v9 13/22] tpm2: Add TPM2 types, structures, and command constants
From: |
Gary Lin |
Subject: |
[PATCH v9 13/22] tpm2: Add TPM2 types, structures, and command constants |
Date: |
Mon, 5 Feb 2024 15:39:46 +0800 |
Add new TPM2 types and structures as the preparation to support
authorized policy.
* New types:
TPM_ALG_ECDAA, TPM_ALG_ECDSA, TPM_ALG_ECSCHNORR, TPM_ALG_RSASSA,
TPM_ALG_RSAPSS, TPM_ALG_SM2, and TPMI_ALG_SIG_SCHEME
* New structures:
TPMS_EMPTY, TPMS_SIGNATURE_RSA, TPMS_SIGNATURE_ECC,
TPMS_SIGNATURE_ECDSA, TPMS_SIGNATURE_ECDAA, TPMS_SIGNATURE_SM2,
TPMS_SIGNATURE_ECSCHNORR, TPMU_SIGNATURE, and TPMT_TK_VERIFIED
* New command constants:
TPM_CC_LoadExternal, TPM_CC_HashSequenceStart, TPM_CC_SequenceUpdate,
TPM_CC_SequenceComplete, TPM_CC_Hash, TPM_CC_VerifySignature,
TPM_CC_PolicyAuthorize
Signed-off-by: Gary Lin <glin@suse.com>
---
include/grub/tpm2/internal/structs.h | 86 ++++++++++++++++++++++++++++
include/grub/tpm2/internal/types.h | 42 +++++++++-----
2 files changed, 114 insertions(+), 14 deletions(-)
diff --git a/include/grub/tpm2/internal/structs.h
b/include/grub/tpm2/internal/structs.h
index 72d71eb70..db9eb6cf6 100644
--- a/include/grub/tpm2/internal/structs.h
+++ b/include/grub/tpm2/internal/structs.h
@@ -672,4 +672,90 @@ struct TPMT_TK_CREATION
};
typedef struct TPMT_TK_CREATION TPMT_TK_CREATION;
+/* TPMS_EMPTY Structure */
+struct TPMS_EMPTY {
+ grub_uint8_t empty[1]; /* a structure with no member */
+};
+typedef struct TPMS_EMPTY TPMS_EMPTY;
+
+/* TPMS_SIGNATURE_RSA Structure */
+struct TPMS_SIGNATURE_RSA {
+ TPMI_ALG_HASH hash;
+ TPM2B_PUBLIC_KEY_RSA sig;
+};
+typedef struct TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSA;
+
+/* Definition of Types for RSA Signature */
+typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSASSA;
+typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSAPSS;
+
+/* TPMS_SIGNATURE_ECC Structure */
+struct TPMS_SIGNATURE_ECC {
+ TPMI_ALG_HASH hash;
+ TPM2B_ECC_PARAMETER signatureR;
+ TPM2B_ECC_PARAMETER signatureS;
+};
+typedef struct TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECC;
+
+/* Definition of Types for ECC TPMS_SIGNATURE_ECC */
+typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDSA;
+typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDAA;
+typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_SM2;
+typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECSCHNORR;
+
+/* TPMU_SIGNATURE Structure */
+union TPMU_SIGNATURE {
+ TPMS_SIGNATURE_RSASSA rsassa;
+ TPMS_SIGNATURE_RSAPSS rsapss;
+ TPMS_SIGNATURE_ECDSA ecdsa;
+ TPMS_SIGNATURE_ECDAA ecdaa;
+ TPMS_SIGNATURE_SM2 sm2;
+ TPMS_SIGNATURE_ECSCHNORR ecschnorr;
+ TPMT_HA hmac;
+ TPMS_SCHEME_HASH any;
+ TPMS_EMPTY null;
+};
+typedef union TPMU_SIGNATURE TPMU_SIGNATURE;
+
+/* TPMT_SIGNATURE Structure */
+struct TPMT_SIGNATURE {
+ TPMI_ALG_SIG_SCHEME sigAlg;
+ TPMU_SIGNATURE signature;
+};
+typedef struct TPMT_SIGNATURE TPMT_SIGNATURE;
+
+static inline TPMI_ALG_HASH
+TPMT_SIGNATURE_get_hash_alg (TPMT_SIGNATURE *sig)
+{
+ switch (sig->sigAlg)
+ {
+ case TPM_ALG_RSASSA:
+ return sig->signature.rsassa.hash;
+ case TPM_ALG_RSAPSS:
+ return sig->signature.rsapss.hash;
+ case TPM_ALG_ECDSA:
+ return sig->signature.ecdsa.hash;
+ case TPM_ALG_ECDAA:
+ return sig->signature.ecdaa.hash;
+ case TPM_ALG_SM2:
+ return sig->signature.sm2.hash;
+ case TPM_ALG_ECSCHNORR:
+ return sig->signature.ecschnorr.hash;
+ case TPM_ALG_HMAC:
+ return sig->signature.hmac.hashAlg;
+ default:
+ break;
+ }
+
+ return TPM_ALG_NULL;
+}
+
+/* TPMT_TK_VERIFIED Structure */
+struct TPMT_TK_VERIFIED {
+ TPM_ST tag;
+ TPMI_RH_HIERARCHY hierarchy;
+ TPM2B_DIGEST digest;
+};
+typedef struct TPMT_TK_VERIFIED TPMT_TK_VERIFIED;
+
#endif /* ! GRUB_TPM2_INTERNAL_STRUCTS_HEADER */
diff --git a/include/grub/tpm2/internal/types.h
b/include/grub/tpm2/internal/types.h
index 9118cad5d..4eef085f1 100644
--- a/include/grub/tpm2/internal/types.h
+++ b/include/grub/tpm2/internal/types.h
@@ -181,6 +181,9 @@ typedef grub_uint16_t TPM_ALG_ID;
#define TPM_ALG_CFB ((TPM_ALG_ID) 0x0043)
#define TPM_ALG_ECB ((TPM_ALG_ID) 0x0044)
#define TPM_ALG_ECC ((TPM_ALG_ID) 0x0023)
+#define TPM_ALG_ECDAA ((TPM_ALG_ID) 0x001A)
+#define TPM_ALG_ECDSA ((TPM_ALG_ID) 0x0018)
+#define TPM_ALG_ECSCHNORR ((TPM_ALG_ID) 0x001C)
#define TPM_ALG_HMAC ((TPM_ALG_ID) 0x0005)
#define TPM_ALG_KDF1_SP800_108 ((TPM_ALG_ID) 0x0022)
#define TPM_ALG_KDF1_SP800_56A ((TPM_ALG_ID) 0x0020)
@@ -189,10 +192,13 @@ typedef grub_uint16_t TPM_ALG_ID;
#define TPM_ALG_MGF1 ((TPM_ALG_ID) 0x0007)
#define TPM_ALG_NULL ((TPM_ALG_ID) 0x0010)
#define TPM_ALG_RSA ((TPM_ALG_ID) 0x0001)
+#define TPM_ALG_RSASSA ((TPM_ALG_ID) 0x0014)
+#define TPM_ALG_RSAPSS ((TPM_ALG_ID) 0x0016)
#define TPM_ALG_SHA1 ((TPM_ALG_ID) 0x0004)
#define TPM_ALG_SHA256 ((TPM_ALG_ID) 0x000B)
#define TPM_ALG_SHA384 ((TPM_ALG_ID) 0x000C)
#define TPM_ALG_SHA512 ((TPM_ALG_ID) 0x000D)
+#define TPM_ALG_SM2 ((TPM_ALG_ID) 0x001B)
#define TPM_ALG_SM3_256 ((TPM_ALG_ID) 0x0012)
#define TPM_ALG_SM4 ((TPM_ALG_ID) 0x0013)
#define TPM_ALG_SYMCIPHER ((TPM_ALG_ID) 0x0025)
@@ -299,20 +305,27 @@ typedef grub_uint16_t TPM_ECC_CURVE;
/* TPM_CC Constants */
typedef grub_uint32_t TPM_CC;
-#define TPM_CC_EvictControl ((TPM_CC) 0x00000120)
-#define TPM_CC_CreatePrimary ((TPM_CC) 0x00000131)
-#define TPM_CC_Create ((TPM_CC) 0x00000153)
-#define TPM_CC_FlushContext ((TPM_CC) 0x00000165)
-#define TPM_CC_ReadPublic ((TPM_CC) 0x00000173)
-#define TPM_CC_StartAuthSession ((TPM_CC) 0x00000176)
-#define TPM_CC_PolicyPCR ((TPM_CC) 0x0000017f)
-#define TPM_CC_NV_Read ((TPM_CC) 0x0000014e)
-#define TPM_CC_NV_ReadPublic ((TPM_CC) 0x00000169)
-#define TPM_CC_GetCapability ((TPM_CC) 0x0000017a)
-#define TPM_CC_PCR_Read ((TPM_CC) 0x0000017e)
-#define TPM_CC_Load ((TPM_CC) 0x00000157)
-#define TPM_CC_Unseal ((TPM_CC) 0x0000015e)
-#define TPM_CC_PolicyGetDigest ((TPM_CC) 0x00000189)
+#define TPM_CC_EvictControl ((TPM_CC) 0x00000120)
+#define TPM_CC_CreatePrimary ((TPM_CC) 0x00000131)
+#define TPM_CC_Create ((TPM_CC) 0x00000153)
+#define TPM_CC_FlushContext ((TPM_CC) 0x00000165)
+#define TPM_CC_ReadPublic ((TPM_CC) 0x00000173)
+#define TPM_CC_StartAuthSession ((TPM_CC) 0x00000176)
+#define TPM_CC_PolicyPCR ((TPM_CC) 0x0000017f)
+#define TPM_CC_NV_Read ((TPM_CC) 0x0000014e)
+#define TPM_CC_NV_ReadPublic ((TPM_CC) 0x00000169)
+#define TPM_CC_GetCapability ((TPM_CC) 0x0000017a)
+#define TPM_CC_PCR_Read ((TPM_CC) 0x0000017e)
+#define TPM_CC_Load ((TPM_CC) 0x00000157)
+#define TPM_CC_LoadExternal ((TPM_CC) 0x00000167)
+#define TPM_CC_Unseal ((TPM_CC) 0x0000015e)
+#define TPM_CC_PolicyGetDigest ((TPM_CC) 0x00000189)
+#define TPM_CC_HashSequenceStart ((TPM_CC) 0x00000186)
+#define TPM_CC_SequenceUpdate ((TPM_CC) 0x0000015c)
+#define TPM_CC_SequenceComplete ((TPM_CC) 0x0000013e)
+#define TPM_CC_Hash ((TPM_CC) 0x0000017d)
+#define TPM_CC_VerifySignature ((TPM_CC) 0x00000177)
+#define TPM_CC_PolicyAuthorize ((TPM_CC) 0x0000016a)
/* Hash algorithm sizes */
#define TPM_SHA1_DIGEST_SIZE 20
@@ -354,6 +367,7 @@ typedef TPM_ALG_ID TPMI_ALG_ECC_SCHEME;
typedef TPM_ALG_ID TPMI_ALG_ASYM_SCHEME;
typedef TPM_ALG_ID TPMI_ALG_RSA_SCHEME;
typedef TPM_ALG_ID TPMI_ALG_SYM;
+typedef TPM_ALG_ID TPMI_ALG_SIG_SCHEME;
/* TPM_KEY_BITS Type */
typedef grub_uint16_t TPM_KEY_BITS;
--
2.35.3
- [PATCH v9 02/22] libtasn1: import libtasn1-4.19.0, (continued)
- [PATCH v9 02/22] libtasn1: import libtasn1-4.19.0, Gary Lin, 2024/02/05
- [PATCH v9 05/22] libtasn1: compile into asn1 module, Gary Lin, 2024/02/05
- [PATCH v9 03/22] libtasn1: disable code not needed in grub, Gary Lin, 2024/02/05
- [PATCH v9 07/22] libtasn1: Add the documentation, Gary Lin, 2024/02/05
- [PATCH v9 06/22] asn1_test: test module for libtasn1, Gary Lin, 2024/02/05
- [PATCH v9 08/22] key_protector: Add key protectors framework, Gary Lin, 2024/02/05
- [PATCH v9 09/22] tpm2: Add TPM Software Stack (TSS), Gary Lin, 2024/02/05
- [PATCH v9 11/22] cryptodisk: Support key protectors, Gary Lin, 2024/02/05
- [PATCH v9 10/22] key_protector: Add TPM2 Key Protector, Gary Lin, 2024/02/05
- [PATCH v9 12/22] util/grub-protect: Add new tool, Gary Lin, 2024/02/05
- [PATCH v9 13/22] tpm2: Add TPM2 types, structures, and command constants,
Gary Lin <=
- [PATCH v9 14/22] tpm2: Add more marshal/unmarshal functions, Gary Lin, 2024/02/05
- [PATCH v9 15/22] tpm2: Implement more TPM2 commands, Gary Lin, 2024/02/05
- [PATCH v9 16/22] tpm2: Support authorized policy, Gary Lin, 2024/02/05
- [PATCH v9 17/22] tpm2: Implement NV index, Gary Lin, 2024/02/05
- [PATCH v9 18/22] cryptodisk: Fallback to passphrase, Gary Lin, 2024/02/05
- [PATCH v9 19/22] cryptodisk: wipe out the cached keys from protectors, Gary Lin, 2024/02/05
- [PATCH v9 21/22] tpm2: Enable tpm2 module for grub-emu, Gary Lin, 2024/02/05
- [PATCH v9 20/22] diskfilter: look up cryptodisk devices first, Gary Lin, 2024/02/05
- [PATCH v9 22/22] tests: Add tpm2_test, Gary Lin, 2024/02/05
- Re: [PATCH v9 00/22] Automatic Disk Unlock with TPM2, Daniel Kiper, 2024/02/08