[thirdparty/kernel/linux.git] / include / keys / trusted_tpm.h

/* SPDX-License-Identifier: GPL-2.0 */
#ifndef __TRUSTED_TPM_H
#define __TRUSTED_TPM_H

#include <keys/trusted-type.h>
#include <linux/tpm_command.h>

/* implementation specific TPM constants */
#define MAX_BUF_SIZE			1024
#define TPM_GETRANDOM_SIZE		14
#define TPM_SIZE_OFFSET			2
#define TPM_RETURN_OFFSET		6
#define TPM_DATA_OFFSET			10

#define LOAD32(buffer, offset)	(ntohl(*(uint32_t *)&buffer[offset]))
#define LOAD32N(buffer, offset)	(*(uint32_t *)&buffer[offset])
#define LOAD16(buffer, offset)	(ntohs(*(uint16_t *)&buffer[offset]))

extern struct trusted_key_ops trusted_key_tpm_ops;

struct osapsess {
	uint32_t handle;
	unsigned char secret[SHA1_DIGEST_SIZE];
	unsigned char enonce[TPM_NONCE_SIZE];
};

/* discrete values, but have to store in uint16_t for TPM use */
enum {
	SEAL_keytype = 1,
	SRK_keytype = 4
};

int TSS_authhmac(unsigned char *digest, const unsigned char *key,
			unsigned int keylen, unsigned char *h1,
			unsigned char *h2, unsigned int h3, ...);
int TSS_checkhmac1(unsigned char *buffer,
			  const uint32_t command,
			  const unsigned char *ononce,
			  const unsigned char *key,
			  unsigned int keylen, ...);

int trusted_tpm_send(unsigned char *cmd, size_t buflen);
int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce);

int tpm2_seal_trusted(struct tpm_chip *chip,
		      struct trusted_key_payload *payload,
		      struct trusted_key_options *options);
int tpm2_unseal_trusted(struct tpm_chip *chip,
			struct trusted_key_payload *payload,
			struct trusted_key_options *options);

#define TPM_DEBUG 0

#if TPM_DEBUG
static inline void dump_options(struct trusted_key_options *o)
{
	pr_info("sealing key type %d\n", o->keytype);
	pr_info("sealing key handle %0X\n", o->keyhandle);
	pr_info("pcrlock %d\n", o->pcrlock);
	pr_info("pcrinfo %d\n", o->pcrinfo_len);
	print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE,
		       16, 1, o->pcrinfo, o->pcrinfo_len, 0);
}

static inline void dump_sess(struct osapsess *s)
{
	print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE,
		       16, 1, &s->handle, 4, 0);
	pr_info("secret:\n");
	print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
		       16, 1, &s->secret, SHA1_DIGEST_SIZE, 0);
	pr_info("trusted-key: enonce:\n");
	print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
		       16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0);
}

static inline void dump_tpm_buf(unsigned char *buf)
{
	int len;

	pr_info("\ntpm buffer\n");
	len = LOAD32(buf, TPM_SIZE_OFFSET);
	print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0);
}
#else
static inline void dump_options(struct trusted_key_options *o)
{
}

static inline void dump_sess(struct osapsess *s)
{
}

static inline void dump_tpm_buf(unsigned char *buf)
{
}
#endif
#endif
Commit	Line	Data
b2441318	1	/* SPDX-License-Identifier: GPL-2.0 */
47f9c279 SG	2	#ifndef __TRUSTED_TPM_H
	3	#define __TRUSTED_TPM_H
	4
	5	#include <keys/trusted-type.h>
	6	#include <linux/tpm_command.h>
d00a1c72 MZ	7
d00a1c72 MZ	8	/* implementation specific TPM constants */
e1ea9f86	9	#define MAX_BUF_SIZE 1024
d00a1c72	10	#define TPM_GETRANDOM_SIZE 14
d00a1c72 MZ	11	#define TPM_SIZE_OFFSET 2
	12	#define TPM_RETURN_OFFSET 6
	13	#define TPM_DATA_OFFSET 10
	14
	15	#define LOAD32(buffer, offset) (ntohl((uint32_t )&buffer[offset]))
	16	#define LOAD32N(buffer, offset) ((uint32_t )&buffer[offset])
	17	#define LOAD16(buffer, offset) (ntohs((uint16_t )&buffer[offset]))
	18
5d0682be SG	19	extern struct trusted_key_ops trusted_key_tpm_ops;
5d0682be SG	20
d00a1c72 MZ	21	struct osapsess {
	22	uint32_t handle;
	23	unsigned char secret[SHA1_DIGEST_SIZE];
	24	unsigned char enonce[TPM_NONCE_SIZE];
	25	};
	26
	27	/* discrete values, but have to store in uint16_t for TPM use */
	28	enum {
	29	SEAL_keytype = 1,
	30	SRK_keytype = 4
	31	};
	32
e1ea9f86 DK	33	int TSS_authhmac(unsigned char digest, const unsigned char key,
e1ea9f86 DK	34	unsigned int keylen, unsigned char *h1,
be24b37e	35	unsigned char *h2, unsigned int h3, ...);
e1ea9f86 DK	36	int TSS_checkhmac1(unsigned char *buffer,
	37	const uint32_t command,
	38	const unsigned char *ononce,
	39	const unsigned char *key,
	40	unsigned int keylen, ...);
	41
	42	int trusted_tpm_send(unsigned char *cmd, size_t buflen);
c6f61e59	43	int oiap(struct tpm_buf tb, uint32_t handle, unsigned char *nonce);
e1ea9f86	44
2e19e101 SG	45	int tpm2_seal_trusted(struct tpm_chip *chip,
	46	struct trusted_key_payload *payload,
	47	struct trusted_key_options *options);
	48	int tpm2_unseal_trusted(struct tpm_chip *chip,
	49	struct trusted_key_payload *payload,
	50	struct trusted_key_options *options);
	51
d00a1c72 MZ	52	#define TPM_DEBUG 0
	53
	54	#if TPM_DEBUG
	55	static inline void dump_options(struct trusted_key_options *o)
	56	{
5d0682be SG	57	pr_info("sealing key type %d\n", o->keytype);
	58	pr_info("sealing key handle %0X\n", o->keyhandle);
	59	pr_info("pcrlock %d\n", o->pcrlock);
	60	pr_info("pcrinfo %d\n", o->pcrinfo_len);
d00a1c72 MZ	61	print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE,
	62	16, 1, o->pcrinfo, o->pcrinfo_len, 0);
	63	}
	64
d00a1c72 MZ	65	static inline void dump_sess(struct osapsess *s)
	66	{
	67	print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE,
	68	16, 1, &s->handle, 4, 0);
5d0682be	69	pr_info("secret:\n");
d00a1c72 MZ	70	print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
	71	16, 1, &s->secret, SHA1_DIGEST_SIZE, 0);
	72	pr_info("trusted-key: enonce:\n");
	73	print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
	74	16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0);
	75	}
	76
	77	static inline void dump_tpm_buf(unsigned char *buf)
	78	{
	79	int len;
	80
5d0682be	81	pr_info("\ntpm buffer\n");
d00a1c72 MZ	82	len = LOAD32(buf, TPM_SIZE_OFFSET);
	83	print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0);
	84	}
	85	#else
	86	static inline void dump_options(struct trusted_key_options *o)
	87	{
	88	}
	89
d00a1c72 MZ	90	static inline void dump_sess(struct osapsess *s)
	91	{
	92	}
	93
	94	static inline void dump_tpm_buf(unsigned char *buf)
	95	{
	96	}
	97	#endif
d00a1c72	98	#endif