vincent/eltt2
1
0
Fork 0
mirror of https://github.com/Infineon/eltt2.git synced 2026-01-11 15:10:45 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4 from Infineon/dev

Browse Source 
Dev
This commit is contained in:
Thomas Furtner
2017-09-11 14:24:27 +02:00
committed by GitHub
parent c248520926 bc8a126309
commit 7957b2befb
3 changed files with 2071 additions and 1591 deletions
Download Patch File Download Diff File Expand all files Collapse all files

333
README.txt Normal file
View File

@@ -0,0 +1,333 @@
--------------------------------------------------------------------------------
Infineon Embedded Linux TPM Toolbox 2 (ELTT2) for TPM 2.0 v1.1
Infineon Technologies AG
All information in this document is Copyright (c) 2014, Infineon Technologies AG
All rights reserved.
--------------------------------------------------------------------------------
Contents:
1. Welcome
1.1 Prerequisites
1.2 Contents of the package
1.3 Getting Started
2. Usage of Embedded Linux TPM Toolbox 2 (ELTT2)
2.1 Generic Usage
2.2 Examples
3. If you have questions
4. Release Info
5. FAQ
================================================================================
1. Welcome
Welcome to Embedded Linux TPM Toolbox 2 (ELTT2).
ELTT2 is a single-file executable program intended for testing, performing
diagnosis and basic state changes of the Infineon Technologies TPM 2.0.
1.1 Prerequisites
To build and run ELTT2 you need GCC and a Linux system capable of hosting a
TPM 2.0.
Tested PC Platforms (x86):
- Ubuntu (R) Linux 12.04 LTS - 64 bit (modified Kernel 3.15.4)
with Infineon TPM 2.0 SLB9665 Firmware 5.22
Tested Embedded Platforms (ARM):
- Android 6.0 "Marshmallow" - 64 bit (modified Kernel 3.18.0+) on HiKey
with Prototype Infineon I2C TPM 2.0 for Embedded Platforms
ELTT2 may run on many other little-endian hardware and software
configurations capable of running Linux and hosting a TPM 2.0, but this has
not been tested.
ELTT2 does not support machines with a big-endian CPU.
1.2 Contents of Package
ELTT2 consists of the following files:
- eltt2.c
Contains all method implementations of ELTT2.
- eltt2.h
Contains all constant definitions, method and command byte declarations
for the operation of ELTT2.
- License.txt
Contains the license agreement for ELTT2.
- Makefile
Contains the command to compile ELTT2.
- README.txt
This file.
1.3 Getting Started
In order to execute ELTT2, you need to compile it first:
1. Switch to the directory with the ELTT2 source code
2. Compile the source code by typing the following command:
make
Due to hardware (and thus TPM) access restrictions for normal users, ELTT2
requires root (aka superuser or administrator) privileges. They can be
obtained e.g. by using the 'sudo' command on Debian Linux derivates.
2. Usage of ELTT2
2.1 Generic Usage
ELTT2 is operated as follows:
Call: ./eltt2 <option(s)>
For example: ./eltt2 -g or ./eltt2 -gc
For getting an overview of the possible commands, run ./eltt2 -h
Some options require the TPM to be in a specific state. This state is shown
in brackets ("[]") behind each command line option in the list below:
[u]: started
To get the TPM into the required state, call ELTT2 with the corresponding
commands ("x" for a state means that whether this state is required or not
depends on the actual command or the command parameters sent eventually to
the TPM).
Command line options: Preconditions:
-a <data bytes>: Hash Sequence SHA-1 [u]
-A <data bytes>: Hash Sequence SHA-256 [u]
-b <command bytes>: Enter your own TPM command [u]
-c: Read Clock [u]
-d <shutdown type>: Shutdown [u]
-e: PCR Extend SHA-1 <PCR index> <PCR digest> [u]
-E: PCR Extend SHA-256 <PCR index> <PCR digest> [u]
-g: Get fixed capability values [u]
-v: Get variable capability values [u]
-G <data length>: Get Random [u]
-h: Help [-]
-r <PCR index>: PCR Read SHA-1 [u]
-R <PCR index>: PCR Read SHA-256 [u]
-s <data bytes>: Hash SHA-1 [u]
-S <data bytes>: Hash SHA-256 [u]
-t <test type>: Self Test [u]
-T: Get Test Result [u]
-u <startup type>: Startup [-]
-z <PCR index>: PCR Reset [u]
Additional information:
-a:
With the "-a" command you can hash given data with the SHA-1 hash algorithm.
This hash sequence sends 3 commands [start, update, complete] to the TPM and
allows to hash an arbitrary amount of data.
For example, use the following command to hash the byte sequence {0x41,
0x62, 0x43, 0x64}:
./eltt2 -a 41624364
-A:
With the "-A" command you can hash given data with the SHA-256 hash
algorithm. This hash sequence sends 3 commands [start, update, complete] to
the TPM and allows to hash an arbitrary amount of data.
For example, use the following command to hash the byte sequence {0x41,
0x62, 0x43, 0x64}:
./eltt2 -A 41624364
-b:
With the "-b" command you can enter your own TPM command bytes and read the
TPM response.
For example, use the following command to send a TPM2_Startup with startup
type CLEAR to the TPM:
./eltt2 -b 80010000000C000001440000
-c:
With the "-c" command you can read the clock values of the TPM.
-d:
With the "-d" command you can issue a TPM shutdown. It has 2 options:
./eltt2 -d
or
./eltt2 -d clear send a TPM2_Shutdown command with shutdown type CLEAR to
the TPM.
./eltt2 -d state send a TPM2_Shutdown command with shutdown type STATE to
the TPM.
-e:
With the "-e" command you can extend bytes in the selected PCR with SHA-1.
To do so, you have to enter the index of PCR in hexadecimal that you like to
extend and the digest you want to extend the selected PCR with. Note that
you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest
must have a length of 20 bytes (will be padded with 0 if necessary).
The TPM then builds an SHA-1 hash over the PCR data in the selected PCR and
the digest you provided and writes the result back to the selected PCR.
For example, use the following command to extend PCR 23 (0x17) with the byte
sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}:
./eltt2 -e 17 41624364
-E:
With the "-E" command you can extend bytes in the selected PCR with SHA-256.
To do so, you have to enter the index of PCR in hexadecimal that you like to
extend and the digest you want to extend the selected PCR with. Note that
you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest
must have a length of 32 bytes (will be padded with 0 if necessary).
The TPM then builds an SHA-256 hash over the PCR data in the selected PCR
and the digest you provided and writes the result back to the selected PCR.
For example, use the following command to extend PCR 23 (0x17) with the byte
sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}:
./eltt2 -E 17 41624364
-g:
With the "-g" command you can read the TPM's fixed properties.
-v:
With the "-v" command you can read the TPM's variable properties.
-G:
With the "-G" command you can get a given amount of random bytes. Note that
you can only request a maximum amount of 32 random bytes at once.
For example, use the following command to get 20 (0x14) random bytes:
./eltt2 -G 14
-r:
With the "-r" command you can read data from a selected SHA-1 PCR.
For example, use the following command to read data from PCR 23 (0x17):
./eltt2 -r 17
-R:
With the "-R" command you can read data from a selected SHA-256 PCR.
For example, use the following command to read data from PCR 23 (0x17):
./eltt2 -R 17
-s:
With the "-s" command you can hash given data with the SHA-1 hash algorithm.
This command only allows a limited amount of data to be hashed (depending on
the TPM's maximum input buffer size).
For example, use the following command to hash the byte sequence {0x41,
0x62, 0x43, 0x64}:
./eltt2 -s 41624364
-S:
With the "-S" command you can hash given data with the SHA-256 hash
algorithm. This command only allows a limited amount of data to be hashed
(depending on the TPM input buffer size).
For example, use the following command to hash the byte sequence {0x41,
0x62, 0x43, 0x64}:
./eltt2 -S 41624364
-t:
With the "-t" command you can issue a TPM selftest. It has 3 options:
./eltt2 -t
or
./eltt2 -t not_full Perform a partial TPM2_Selftest to test previously
untested TPM capabilities.
./eltt2 -t full Perform a full TPM2_Selftest to test all TPM
capabilities.
./eltt2 -t incremental Perform a test of selected algorithms.
-T:
With the "-T" command you can read the results of a previously run selftest.
-u:
With the "-u" command you can issue a TPM startup command. It has 2 options:
./eltt2 -u
or
./eltt2 -u clear send a TPM2_Startup with startup type CLEAR to the TPM.
./eltt2 -u state send a TPM2_Startup with startup type STATE to the TPM.
-z:
With the "-z" command you can reset a selected PCR. Note that you can only
reset PCRs 16 and 23 and that the PCR is going to be reset in both banks
(SHA-1 and SHA-256).
For example, use the following command to reset PCR 23 (0x17):
./eltt2 -z 17
2.2 Examples:
In order to work with the TPM, perform the following steps:
- Send the TPM2_Startup command: ./eltt2 -u
3. If you have questions
If you have any questions or problems, please read the section "FAQ and
Troubleshooting" in this document.
In case you still have questions, contact your local Infineon
Representative.
Further information is available at http://www.infineon.com/tpm.
4. Release Info
This is version 1.1. This version is a general release.
5. FAQ and Troubleshooting
If you encounter any error, please make sure that
- the TPM is properly connected.
- the TPM driver is loaded, i.e. check that "/dev/tpm0" exists. In case of
driver loading problems (e.g. shown by "Error opening device"), reboot
your system and try to load the driver again.
- ELTT2 has been started with root permissions. Please note that ELTT2 needs
root permissions for all commands.
- the TPM is started. (See section 2.2 in this document on how to do this.)
- Trousers do not run anymore. In some cases the Kernel starts Trousers by
booting.
Shut down Trousers by entering the following command:
sudo pkill tcsd
The following list shows the most common errors and their solution:
The ELTT2 response is "Error opening the device.":
- You need to load a TPM driver before you can work with ELTT2.
- You need to start ELTT2 with root permissions.
The ELTT2 responds with error code 0x100.
- You need to send the TPM2_Startup command, or you did send it twice. In
case you have not sent it yet, do so with "./eltt2 -u".
The TPM does not change any of the permanent flags shown by sending the "-g"
command , e.g. after a force clear.
- The TPM requires a reset in order to change any of the permanent flags.
Press the reset button or disconnect the TPM to do so.
The value of a PCR does not change after sending PCR extend or reset.
- With the application permissions you cannot modify every PCR. For more
details, please refer to the description for the different PCR commands
in this file.

2609
eltt2.c
View File

File diff suppressed because it is too large Load Diff

720
eltt2.h
View File

@@ -1,11 +1,11 @@
#ifndef _ELTT2_H_
#define _ELTT2_H_
/**
* @brief Infineon Embedded Linux TPM Toolbox 2 (ELTT2) for TPM 2.0
* @details eltt2.h implements all TPM byte commands and the prototype declarations for eltt2.c.
* @file eltt2.h
* @date 2014/06/26
* @copyright Copyright (c) 2014, Infineon Technologies AG\n
* @brief Infineon Embedded Linux TPM Toolbox 2 (ELTT2) for TPM 2.0
* @details eltt2.h implements all TPM byte commands and the prototype declarations for eltt2.c.
* @file eltt2.h
* @date 2014/06/26
* @copyright Copyright (c) 2014 - 2017 Infineon Technologies AG ( www.infineon.com ).\n
* All rights reserved.\n
* \n
* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
@@ -28,18 +28,18 @@
*/
// this is the main page for doxygen documentation.
/** @mainpage Infineon Embedded Linux TPM Toolbox 2 (ELTT2) for TPM 2.0 Documentation
/** @mainpage Infineon Embedded Linux TPM Toolbox 2 (ELTT2) for TPM 2.0 Documentation
*
* @section Welcome
* @section Welcome
* Welcome to Infineon TPM 2.0 Software-Tool "Embedded Linux TPM Toolbox 2 (ELTT2)".\n
* \n
* @section Introduction
* @section Introduction
* ELTT2 is a single file-executable program
* intended for test, diagnosis and basic state changes of the Infineon
* Technologies TPM 2.0.\n
* \n
* @section Copyright
* Copyright (c) 2014, Infineon Technologies AG\n
* @section Copyright
* Copyright (c) 2014 - 2017 Infineon Technologies AG ( www.infineon.com ).\n
* All rights reserved.\n
* \n
* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
@@ -71,47 +71,51 @@
#include <string.h>
//-------------"Defines"-------------
#define TPM_RESP_MAX_SIZE 4096 ///< This is the maximum possible TPM response size in bytes.
#define TPM_REQ_MAX_SIZE 1024 ///< This is the maximum possible TPM request size in bytes. TBD: Find out correct value.
#define ERR_COMMUNICATION -1 ///< Return error check for read and write to the TPM.
#define ERR_BAD_CMD -2 ///< Error code for a bad command line argument or option.
#define TPM_SHA1_DIGEST_SIZE 20 ///< For all SHA-1 operations the digest's size is always 20 bytes.
#define TPM_SHA256_DIGEST_SIZE 32 ///< For all SHA-256 operations the digest's size is always 32 bytes.
#define TPM_CMD_HEADER_SIZE 10 ///< The size of a standard TPM command header is 10 bytes.
#define TPM_RESP_MAX_SIZE 4096 ///< This is the maximum possible TPM response size in bytes.
#define TPM_REQ_MAX_SIZE 1024 ///< This is the maximum possible TPM request size in bytes. TBD: Find out correct value.
#define ERR_COMMUNICATION -1 ///< Return error check for read and write to the TPM.
#define ERR_BAD_CMD -2 ///< Error code for a bad command line argument or option.
#define TPM_SHA1_DIGEST_SIZE 20 ///< For all SHA-1 operations the digest's size is always 20 bytes.
#define TPM_SHA256_DIGEST_SIZE 32 ///< For all SHA-256 operations the digest's size is always 32 bytes.
#define TPM_CMD_HEADER_SIZE 10 ///< The size of a standard TPM command header is 10 bytes.
#define TPM_CMD_SIZE_OFFSET 2 ///< The offset of a TPM command's size value is 2 bytes.
#define HEX_BYTE_STRING_LENGTH 2 ///< A byte can be represented by two hexadecimal characters.
#ifndef INT_MAX
#define INT_MAX 0x7FFFFFF ///< The maximum value of a signed 32-bit integer.
#endif
// TPM Return codes
#define TPM_RC_SUCCESS 0x00000000 ///< The response error code for TPM_SUCCESS.
#define TPM_RC_BAD_TAG 0x0000001E ///< The response error code for TPM_RC_BAD_TAG.
#define TPM_RC_SIZE 0x00000095 ///< The response error code for TPM_RC_SIZE.
#define TPM_RC_INITIALIZE 0x00000100 ///< The response error code for TPM_RC_INITIALIZE.
#define TPM_RC_FAILURE 0x00000101 ///< The response error code for TPM_RC_FAILURE.
#define TPM_RC_LOCALITY 0x00000907 ///< The response error code for TPM_RC_LOCALITY.
#define FU_FIRMWARE_VALID_FLAG 4 ///< If this flag is set, the firmware is valid.
#define FU_OWNER_FLAG 1 ///< If this flag is set, the owner is set.
#define TPM_RC_SUCCESS 0x00000000 ///< The response error code for TPM_SUCCESS.
#define TPM_RC_BAD_TAG 0x0000001E ///< The response error code for TPM_RC_BAD_TAG.
#define TPM_RC_SIZE 0x00000095 ///< The response error code for TPM_RC_SIZE.
#define TPM_RC_INITIALIZE 0x00000100 ///< The response error code for TPM_RC_INITIALIZE.
#define TPM_RC_FAILURE 0x00000101 ///< The response error code for TPM_RC_FAILURE.
#define TPM_RC_LOCALITY 0x00000907 ///< The response error code for TPM_RC_LOCALITY.
#define FU_FIRMWARE_VALID_FLAG 4 ///< If this flag is set, the firmware is valid.
#define FU_OWNER_FLAG 1 ///< If this flag is set, the owner is set.
// print_response_buf options
#define PRINT_RESPONSE_CLEAR 1 ///< Prints response unformatted.
#define PRINT_RESPONSE_HEADERBLOCKS 2 ///< Prints response in commented blocks.
#define PRINT_RESPONSE_HEX_BLOCK 3 ///< Prints response in rows of 16 bytes and shows the line number.
#define PRINT_RESPONSE_HASH 4 ///< Prints response of Hash
#define PRINT_RESPONSE_WITHOUT_HEADER 12 ///< Prints the response buffer from byte 12.
#define PRINT_RESPONSE_HASH_WITHOUT_HEADER 16 ///< Prints the response buffer from byte 16.
#define PRINT_RESPONSE_WITH_HEADER 0 ///< Prints the response buffer from byte 0.
#define PRINT_RESPONSE_PCR_WITHOUT_HEADER 30 ///< Prints the pcr buffer from pcr_read.
#define PRINT_RESPONSE_CLEAR 1 ///< Prints response unformatted.
#define PRINT_RESPONSE_HEADERBLOCKS 2 ///< Prints response in commented blocks.
#define PRINT_RESPONSE_HEX_BLOCK 3 ///< Prints response in rows of 16 bytes and shows the line number.
#define PRINT_RESPONSE_HASH 4 ///< Prints response of Hash
#define PRINT_RESPONSE_WITHOUT_HEADER 12 ///< Prints the response buffer from byte 12.
#define PRINT_RESPONSE_HASH_WITHOUT_HEADER 16 ///< Prints the response buffer from byte 16.
#define PRINT_RESPONSE_WITH_HEADER 0 ///< Prints the response buffer from byte 0.
#define PRINT_RESPONSE_PCR_WITHOUT_HEADER 30 ///< Prints the pcr buffer from pcr_read.
// time conversion
#define YEAR_SECONDS 31536000 ///< Number of seconds in one year
#define DAY_SECONDS 86400 ///< Number of seconds in one day
#define HOUR_SECONDS 3600 ///< Number of seconds in one hour
#define MINUTE_SECONDS 60 ///< Number of seconds in one minute
#define MILISECOND_TO_SECOND 1000 ///< Convertion from miliseconds to seconds
#define YEAR_SECONDS 31536000 ///< Number of seconds in one year
#define DAY_SECONDS 86400 ///< Number of seconds in one day
#define HOUR_SECONDS 3600 ///< Number of seconds in one hour
#define MINUTE_SECONDS 60 ///< Number of seconds in one minute
#define MILISECOND_TO_SECOND 1000 ///< Convertion from miliseconds to seconds
// hash
#define STD_CC_HASH_SIZE 18 ///< Hash command size
#define STD_CC_HASH_SIZE 18 ///< Hash command size
// TPM_PT constants
#define PT_FIXED_SELECTOR 1
#define PT_VAR_SELECTOR 2
//-------------"Macros"-------------
// Null pointer check
#define NULL_POINTER_CHECK(x) if (NULL == x) { ret_val = EINVAL; fprintf(stderr, "Error: Invalid argument.\n"); break; } ///< Argument NULL check.
#define NULL_POINTER_CHECK(x) if (NULL == x) { ret_val = EINVAL; fprintf(stderr, "Error: Invalid argument.\n"); break; } ///< Argument NULL check.
#define MALLOC_ERROR_CHECK(x) if (NULL == x) { ret_val = errno; fprintf(stderr, "Error (re)allocating memory.\n"); break; } ///< Malloc error check.
#define MEMSET_FREE(x, y) if (NULL != x) { memset(x, 0, y); free(x); x = NULL; } ///< Sets memory to 0, frees memory and sets pointer to NULL.
// Return value check
@@ -119,423 +123,413 @@
//-------------"Methods"-------------
/**
* @brief Convert (max.) 8 byte buffer to an unsigned long long integer.
* @param [in] *input_buffer Input buffer. Make sure that its size is at least as high as offset + length.
* @param [in] offset Start byte for conversion.
* @param [in] length Amount of bytes to be converted.
* @param [out] *output_value Return the converted unsigned long long integer.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer or length is greater than 8.
* @retval EXIT_SUCCESS In case of success.
* @date 2014/06/26
* @brief Convert (max.) 8 byte buffer to an unsigned 64-bit integer.
* @param [in] *input_buffer Input buffer. Make sure that its size is at least as high as offset + length.
* @param [in] offset Start byte for conversion.
* @param [in] length Amount of bytes to be converted.
* @param [out] *output_value Return the converted unsigned 64-bit integer.
* @param [in] input_buffer_size Size of input_buffer in bytes.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer or length is greater than 8.
* @retval EXIT_SUCCESS In case of success.
* @date 2014/06/26
*/
int buf_to_uint64(uint8_t *input_buffer, uint32_t offset, uint8_t length, unsigned long long *output_value);
static int buf_to_uint64(uint8_t *input_buffer, uint32_t offset, uint32_t length, uint64_t *output_value, uint32_t input_buffer_size);
/**
* @brief Convert a hexadecimal string representation of bytes like "0A1F" and returns an array containing the actual byte values as an array (e.g. { 0x0A, 0x1F }).
* @param [in] *byte_string Incoming bytes as string.
* @param [out] *byte_values Byte array representation of given input string. Must be allocated by caller with the length given in byte_values_size.
* @param [in] byte_values_size Size of byte_values array.
* @return One of the listed return codes.
* @retval EXIT_SUCCESS In case of success.
* @retval EINVAL In case of a NULL pointer.
* @retval value of errno In case parsing error.
* @date 2014/06/26
* @brief Convert a hexadecimal string representation of bytes like "0A1F" and returns an array containing the actual byte values as an array (e.g. { 0x0A, 0x1F }).
* @param [in] *byte_string Incoming bytes as string.
* @param [out] *byte_values Byte array representation of given input string. Must be allocated by caller with the length given in byte_values_size.
* @param [in] byte_values_size Size of byte_values array.
* @return One of the listed return codes.
* @retval EXIT_SUCCESS In case of success.
* @retval EINVAL In case of a NULL pointer.
* @retval value of errno In case parsing error.
* @date 2014/06/26
*/
int hexstr_to_bytearray(char *byte_string, uint8_t *byte_values, size_t byte_values_size);
static int hexstr_to_bytearray(char *byte_string, uint8_t *byte_values, size_t byte_values_size);
/**
* @brief Convert a number to a byte buffer.
* @param [in] input User input.
* @param [in] input_size Size of input data type in bytes.
* @param [out] *output_byte Return buffer for the converted integer. Must be allocated by the caller with at least a size of 'input_size'.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @date 2014/06/26
* @brief Convert a number to a byte buffer.
* @param [in] input User input.
* @param [in] input_size Size of input data type in bytes.
* @param [out] *output_byte Return buffer for the converted integer. Must be allocated by the caller with at least a size of 'input_size'.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @date 2014/06/26
*/
int int_to_bytearray(uint64_t input, uint32_t input_size, uint8_t *output_byte);
static int int_to_bytearray(uint64_t input, uint32_t input_size, uint8_t *output_byte);
/**
* @brief Create the PCR_Extend command.
* @param [in] *pcr_index_str User input string for PCR index.
* @param [in] *pcr_digest_str User input string of value to extend the selected PCR with.
* @param [out] *pcr_cmd_buf Return buffer for the complete command. Must be allocated by caller.
* @param [in] *pcr_cmd_buf_size Size of memory allocated at pcr_cmd_buf in bytes.
* @param [in] *option Set to 'e' for extending with SHA-1 and to 'E' for SHA-256.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer or an invalid option.
* @retval EXIT_SUCCESS In case of success.
* @retval ERR_BAD_CMD In case of bad user input.
* @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray.
* @date 2014/06/26
* @brief Create the PCR_Extend command.
* @param [in] *pcr_index_str User input string for PCR index.
* @param [in] *pcr_digest_str User input string of value to extend the selected PCR with.
* @param [out] *pcr_cmd_buf Return buffer for the complete command. Must be allocated by caller.
* @param [in] *pcr_cmd_buf_size Size of memory allocated at pcr_cmd_buf in bytes.
* @param [in] *option Set to 'e' for extending with SHA-1 and to 'E' for SHA-256.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer or an invalid option.
* @retval EXIT_SUCCESS In case of success.
* @retval ERR_BAD_CMD In case of bad user input.
* @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray.
* @date 2014/06/26
*/
int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cmd_buf, size_t pcr_cmd_buf_size, char option);
static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cmd_buf, size_t pcr_cmd_buf_size, char option);
/**
* @brief Create the PCR_Read command.
* @param [in] *pcr_index_str User input string for PCR index.
* @param [out] *pcr_cmd_buf Return buffer for the complete command.
* @param [in] *option Set to 'r' for reading with SHA-1 and to 'R' for SHA-256.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer or an invalid option.
* @retval EXIT_SUCCESS In case of success.
* @retval ERR_BAD_CMD In case of bad user input.
* @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray.
* @date 2014/06/26
* @brief Create the PCR_Read command.
* @param [in] *pcr_index_str User input string for PCR index.
* @param [out] *pcr_cmd_buf Return buffer for the complete command.
* @param [in] *option Set to 'r' for reading with SHA-1 and to 'R' for SHA-256.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer or an invalid option.
* @retval EXIT_SUCCESS In case of success.
* @retval ERR_BAD_CMD In case of bad user input.
* @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray.
* @date 2014/06/26
*/
int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, char option);
static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, char option);
/**
* @brief Create the PCR_Reset command.
* @param [in] *pcr_index_str User input string for PCR index.
* @param [out] *pcr_cmd_buf Return buffer for the complete command.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval ERR_BAD_CMD In case of bad user input.
* @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray.
* @date 2014/06/26
* @brief Create the PCR_Reset command.
* @param [in] *pcr_index_str User input string for PCR index.
* @param [out] *pcr_cmd_buf Return buffer for the complete command.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval ERR_BAD_CMD In case of bad user input.
* @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray.
* @date 2014/06/26
*/
int pcr_reset(char *pcr_index_str, uint8_t *pcr_cmd_buf);
static int pcr_reset(char *pcr_index_str, uint8_t *pcr_cmd_buf);
/**
* @brief Print the command line usage and switches.
* @date 2014/06/26
* @brief Print the command line usage and switches.
* @date 2014/06/26
*/
void print_help();
static void print_help();
/**
* @brief Print the response buffer in different formats.
* @param [in] *response_buf TPM response.
* @param [in] resp_size TPM response size.
* @param [in] offset Starting point for printing buffer.
* @param [in] format Select the output format.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer or an unknown output format has been transfered.
* @retval EXIT_SUCCESS In case of success.
* @retval buf_to_uint64 All error codes from buf_to_uint64.
* @date 2014/06/26
* @brief Print the response buffer in different formats.
* @param [in] *response_buf TPM response.
* @param [in] resp_size TPM response size.
* @param [in] offset Starting point for printing buffer.
* @param [in] format Select the output format.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer or an unknown output format has been transfered.
* @retval EXIT_SUCCESS In case of success.
* @retval buf_to_uint64 All error codes from buf_to_uint64.
* @date 2014/06/26
*/
int print_response_buf(uint8_t *response_buf, size_t resp_size, uint32_t offset, int format);
static int print_response_buf(uint8_t *response_buf, size_t resp_size, uint32_t offset, int format);
/**
* @brief Print a TPM response.
* @param [in] *response_buf TPM response.
* @param [in] resp_size TPM response size.
* @param [in] option Defines appearance of output. Can have the following values:\n
- PRINT_RESPONSE_CLEAR
- PRINT_RESPONSE_HEADERBLOCKS
- PRINT_RESPONSE_HEX_BLOCK
- PRINT_RESPONSE_WITHOUT_HEADER
- PRINT_RESPONSE_WITH_HEADER
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval print_response_buf All error codes from print_response_buf.
* @retval print_clock_info All error codes from print_clock_info.
* @retval print_capability_flags All error codes from print_capability_flags.
* @date 2014/06/26
* @brief Print a TPM response.
* @param [in] *response_buf TPM response.
* @param [in] resp_size TPM response size.
* @param [in] option Defines appearance of output. Can have the following values:\n
- PRINT_RESPONSE_CLEAR
- PRINT_RESPONSE_HEADERBLOCKS
- PRINT_RESPONSE_HEX_BLOCK
- PRINT_RESPONSE_WITHOUT_HEADER
- PRINT_RESPONSE_WITH_HEADER
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval print_response_buf All error codes from print_response_buf.
* @retval print_clock_info All error codes from print_clock_info.
* @retval print_capability_flags All error codes from print_capability_flags.
* @date 2014/06/26
*/
int response_print(uint8_t *response_buf, size_t resp_size, int option);
static int response_print(uint8_t *response_buf, size_t resp_size, int option);
/**
* @brief Check a TPM response for errors.
* @param [in] *response_buf TPM response. Must have at least a size of TPM_CMD_HEADER_SIZE bytes.
* @return Returns the TPM return code extracted from the given TPM response or one of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval buf_to_uint64 All error codes from buf_to_uint64.
* @retval EXIT_SUCCESS In case of success.
* @date 2014/06/26
* @brief Check a TPM response for errors.
* @param [in] *response_buf TPM response. Must have at least a size of TPM_CMD_HEADER_SIZE bytes.
* @return Returns the TPM return code extracted from the given TPM response or one of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval buf_to_uint64 All error codes from buf_to_uint64.
* @retval EXIT_SUCCESS In case of success.
* @date 2014/06/26
*/
int return_error_handling(uint8_t *response_buf);
static int return_error_handling(uint8_t *response_buf);
/**
* @brief Transmit TPM command to /dev/tpm0 and get the response.
* @param [in] *buf TPM request.
* @param [in] length TPM request length.
* @param [out] *response TPM response.
* @param [out] *resp_length TPM response length.
* @return One of the listed return codes or the error code stored in the global errno system variable.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @date 2014/06/26
* @brief Transmit TPM command to /dev/tpm0 and get the response.
* @param [in] *buf TPM request.
* @param [in] length TPM request length.
* @param [out] *response TPM response.
* @param [out] *resp_length TPM response length.
* @return One of the listed return codes or the error code stored in the global errno system variable.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @date 2014/06/26
*/
int tpmtool_transmit(const uint8_t *buf, ssize_t length, uint8_t *response, ssize_t *resp_length);
static int tpmtool_transmit(const uint8_t *buf, ssize_t length, uint8_t *response, ssize_t *resp_length);
/**
* @brief Print the capability flags.
* @param [in] *response_buf TPM response.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval buf_to_uint64 All error codes from buf_to_uint64.
* @date 2014/06/26
* @brief Print the capability flags.
* @param [in] *response_buf TPM response.
* @param [in] cap_selector Type of capabilities to print.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval buf_to_uint64 All error codes from buf_to_uint64.
* @date 2014/06/26
*/
int print_capability_flags(uint8_t *response_buf, uint8_t cap_selector);
static int print_capability_flags(uint8_t *response_buf, uint8_t cap_selector);
/**
* @brief Print the clock info.
* @param [in] *response_buf TPM response.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval buf_to_uint64 All error codes from buf_to_uint64.
* @date 2014/06/26
* @brief Print the clock info.
* @param [in] *response_buf TPM response.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval buf_to_uint64 All error codes from buf_to_uint64.
* @date 2014/06/26
*/
int print_clock_info(uint8_t *response_buf);
static int print_clock_info(uint8_t *response_buf);
/**
* @brief Create the get_random command.
* @param [in] *data_length_string User input string for random data length.
* @param [out] *response_buf Return buffer for the complete command.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval ERR_BAD_CMD In case of bad user input.
* @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray.
* @date 2014/06/26
* @brief Create the get_random command.
* @param [in] *data_length_string User input string for random data length.
* @param [out] *response_buf Return buffer for the complete command.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval ERR_BAD_CMD In case of bad user input.
* @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray.
* @date 2014/06/26
*/
int get_random(char *data_length_string, uint8_t *response_buf);
static int get_random(char *data_length_string, uint8_t *response_buf);
/**
* @brief Create the simple hash command.
* @param [in] *data_string User input string of data to be hashed.
* @param [in] option Set to 's' for hashing with SHA-1 and to 'S' for SHA-256.
* @param [out] *hash_cmd_buf Return buffer for the complete command.
* @param [in] hash_cmd_buf_size Return buffer size.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray.
* @retval int_to_bytearray All error codes from int_to_bytearray.
* @date 2014/06/26
* @brief Create the simple hash command.
* @param [in] *data_string User input string of data to be hashed.
* @param [in] option Set to 's' for hashing with SHA-1 and to 'S' for SHA-256.
* @param [out] *hash_cmd_buf Return buffer for the complete command.
* @param [in] hash_cmd_buf_size Return buffer size.
* @return One of the listed return codes.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray.
* @retval int_to_bytearray All error codes from int_to_bytearray.
* @date 2014/06/26
*/
int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, uint32_t hash_cmd_buf_size);
static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, uint32_t hash_cmd_buf_size);
/**
* @brief Create and transmit a sequence of TPM commands for hashing larger amounts of data.
* @param [in] *data_string User input string of data to be hashed.
* @param [in] option Set to 'a' for hashing with SHA-1 and to 'A' for SHA-256.
* @param [out] *tpm_response_buf TPM response.
* @param [out] *tpm_response_buf_size Size of tpm_response_buf.
* @return One of the listed return codes or the error code stored in the global errno system variable.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval value of errno In case of memory allocation error.
* @retval buf_to_uint64 All error codes from buf_to_uint64.
* @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray.
* @retval int_to_bytearray All error codes from int_to_bytearray.
* @retval tpmtool_transmit All error codes from tpmtool_transmit.
* @retval print_response_buf All error codes from print_response_buf
* @date 2014/06/26
* @brief Create and transmit a sequence of TPM commands for hashing larger amounts of data.
* @param [in] *data_string User input string of data to be hashed.
* @param [in] option Set to 'a' for hashing with SHA-1 and to 'A' for SHA-256.
* @param [out] *tpm_response_buf TPM response.
* @param [out] *tpm_response_buf_size Size of tpm_response_buf.
* @return One of the listed return codes or the error code stored in the global errno system variable.
* @retval EINVAL In case of a NULL pointer.
* @retval EXIT_SUCCESS In case of success.
* @retval value of errno In case of memory allocation error.
* @retval buf_to_uint64 All error codes from buf_to_uint64.
* @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray.
* @retval int_to_bytearray All error codes from int_to_bytearray.
* @retval tpmtool_transmit All error codes from tpmtool_transmit.
* @retval print_response_buf All error codes from print_response_buf
* @date 2014/06/26
*/
int create_hash_sequence(char *data_string, char option, uint8_t *tpm_response_buf, ssize_t *tpm_response_buf_size);
static int create_hash_sequence(char *data_string, char option, uint8_t *tpm_response_buf, ssize_t *tpm_response_buf_size);
//-------------"command bytes"-------------
static const uint8_t tpm2_startup_clear[] ={
// TPM2_Startup(SU_CLEAR)
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0C, // commandSize
0x00, 0x00, 0x01, 0x44, // TPM_CC_Startup
0x00, 0x00 // TPM_ST_CLEAR
static const uint8_t tpm2_startup_clear[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0C, // commandSize
0x00, 0x00, 0x01, 0x44, // TPM_CC_Startup
0x00, 0x00 // TPM_ST_CLEAR
};
static const uint8_t tpm2_startup_state[] ={
// TPM2_Startup(SU_STATE)
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0C, // commandSize
0x00, 0x00, 0x01, 0x44, // TPM_CC_Startup
0x00, 0x01 // TPM_ST_STATE
static const uint8_t tpm2_startup_state[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0C, // commandSize
0x00, 0x00, 0x01, 0x44, // TPM_CC_Startup
0x00, 0x01 // TPM_ST_STATE
};
static const uint8_t tpm_cc_shutdown_clear[] ={
// TPM_CC_Shutdown(CLEAR)
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0C, // commandSize
0x00, 0x00, 0x01, 0x45, // TPM_CC_Shutdown
0x00, 0x00 // TPM_SU_CLEAR
static const uint8_t tpm_cc_shutdown_clear[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0C, // commandSize
0x00, 0x00, 0x01, 0x45, // TPM_CC_Shutdown
0x00, 0x00 // TPM_SU_CLEAR
};
static const uint8_t tpm_cc_shutdown_state[] ={
// TPM_CC_Shutdown(STATE)
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0C, // commandSize
0x00, 0x00, 0x01, 0x45, // TPM_CC_Shutdown
0x00, 0x01 // TPM_SU_STATE
static const uint8_t tpm_cc_shutdown_state[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0C, // commandSize
0x00, 0x00, 0x01, 0x45, // TPM_CC_Shutdown
0x00, 0x01 // TPM_SU_STATE
};
static const uint8_t tpm2_self_test[] ={
// TPM2_SelfTest(fullTest=No)
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0B, // commandSize
0x00, 0x00, 0x01, 0x43, // TPM_CC_SelfTest
0x00 // fullTest=No
static const uint8_t tpm2_self_test[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0B, // commandSize
0x00, 0x00, 0x01, 0x43, // TPM_CC_SelfTest
0x00 // fullTest=No
};
static const uint8_t tpm2_self_test_full[] ={
// TPM2_SelfTest(fullTest=YES)
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0B, // commandSize
0x00, 0x00, 0x01, 0x43, // TPM_CC_SelfTest
0x01 // fullTest=Yes
static const uint8_t tpm2_self_test_full[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0B, // commandSize
0x00, 0x00, 0x01, 0x43, // TPM_CC_SelfTest
0x01 // fullTest=Yes
};
static const uint8_t tpm_cc_get_test_result[] ={
// TPM_CC_GetTestResult
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0A, // commandSize
0x00, 0x00, 0x01, 0x7C // TPM_CC_GetTestResult
static const uint8_t tpm_cc_get_test_result[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0A, // commandSize
0x00, 0x00, 0x01, 0x7C // TPM_CC_GetTestResult
};
static const uint8_t tpm2_self_test_incremental[] ={
// TPM_CC_IncrementalSelfTest
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x2A, // commandSize
0x00, 0x00, 0x01, 0x42, // TPM_CC_IncrementalSelfTest
0x00, 0x00, 0x00, 0x0E, // Count of Algorithm
0x00, 0x01, 0x00, 0x04, // Algorithm two per line
0x00, 0x05, 0x00, 0x06,
0x00, 0x08, 0x00, 0x0A,
0x00, 0x0B, 0x00, 0x14,
0x00, 0x15, 0x00, 0x16,
0x00, 0x17, 0x00, 0x22,
0x00, 0x25, 0x00, 0x43
static const uint8_t tpm2_self_test_incremental[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x2A, // commandSize
0x00, 0x00, 0x01, 0x42, // TPM_CC_IncrementalSelfTest
0x00, 0x00, 0x00, 0x0E, // Count of Algorithm
0x00, 0x01, 0x00, 0x04, // Algorithm two per line
0x00, 0x05, 0x00, 0x06,
0x00, 0x08, 0x00, 0x0A,
0x00, 0x0B, 0x00, 0x14,
0x00, 0x15, 0x00, 0x16,
0x00, 0x17, 0x00, 0x22,
0x00, 0x25, 0x00, 0x43
};
static const uint8_t tpm2_getrandom[] ={
// TPM_CC_GetRandom
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0C, // commandSize
0x00, 0x00, 0x01, 0x7B, // TPM_CC_GetRandom
0x00, 0x00 // bytesRequested (will be set later)
static const uint8_t tpm2_getrandom[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0C, // commandSize
0x00, 0x00, 0x01, 0x7B, // TPM_CC_GetRandom
0x00, 0x00 // bytesRequested (will be set later)
};
static const uint8_t tpm_cc_readclock[] ={
// TPM_CC_ReadClock
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0A, // commandSize
0x00, 0x00, 0x01, 0x81 // TPM_CC_ReadClock
static const uint8_t tpm_cc_readclock[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0A, // commandSize
0x00, 0x00, 0x01, 0x81 // TPM_CC_ReadClock
};
static const uint8_t tpm2_getcapability_fixed[] ={
// TPM2_GetCapability (TPM_CAP_TPM_PROPERTIES, -- )
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x16, // commandSize
0x00, 0x00, 0x01, 0x7A, // TPM_CC_GetCapability
0x00, 0x00, 0x00, 0x06, // TPM_CAP_TPM_PROPERTIES (Property Type: TPM_PT)
0x00, 0x00, 0x01, 0x00, // Property: TPM_PT_FAMILY_INDICATOR: PT_GROUP * 1 + 0
0x00, 0x00, 0x00, 0x2D // PropertyCount 2D (from 100 - 201)
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x16, // commandSize
0x00, 0x00, 0x01, 0x7A, // TPM_CC_GetCapability
0x00, 0x00, 0x00, 0x06, // TPM_CAP_TPM_PROPERTIES (Property Type: TPM_PT)
0x00, 0x00, 0x01, 0x00, // Property: TPM_PT_FAMILY_INDICATOR: PT_GROUP * 1 + 0
0x00, 0x00, 0x00, 0x2D // PropertyCount 2D (from 100 - 201)
};
static const uint8_t tpm2_getcapability_var[] ={
// TPM2_GetCapability (TPM_CAP_TPM_PROPERTIES, -- )
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x16, // commandSize
0x00, 0x00, 0x01, 0x7A, // TPM_CC_GetCapability
0x00, 0x00, 0x00, 0x06, // TPM_CAP_TPM_PROPERTIES (Property Type: TPM_PT)
0x00, 0x00, 0x02, 0x00, // Property: TPM_PT_FAMILY_INDICATOR: PT_GROUP * 2 + 0
0x00, 0x00, 0x00, 0x2D // PropertyCount 2D (from 200 - 301)
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x16, // commandSize
0x00, 0x00, 0x01, 0x7A, // TPM_CC_GetCapability
0x00, 0x00, 0x00, 0x06, // TPM_CAP_TPM_PROPERTIES (Property Type: TPM_PT)
0x00, 0x00, 0x02, 0x00, // Property: TPM_PT_FAMILY_INDICATOR: PT_GROUP * 2 + 0
0x00, 0x00, 0x00, 0x2D // PropertyCount 2D (from 200 - 301)
};
// Hash
static const uint8_t tpm2_hash[] ={
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0e, // commandSize
0x00, 0x00, 0x01, 0x7D, // TPM_CC_Hash
0x00, 0x00, // size (will be set later)
// buffer (will be added later)
0x00, 0x00, // hashAlg (will be added later)
0x00, 0x00, 0x00, 0x00 // hierarchy of the ticket (TPM_RH_NULL; will be added later)
static const uint8_t tpm2_hash[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0e, // commandSize
0x00, 0x00, 0x01, 0x7D, // TPM_CC_Hash
0x00, 0x00, // size (will be set later)
// buffer (will be added later)
0x00, 0x00, // hashAlg (will be added later)
0x00, 0x00, 0x00, 0x00 // hierarchy of the ticket (TPM_RH_NULL; will be added later)
};
// HashSequence
static uint8_t tpm2_hash_sequence_start[] ={
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0e, // commandSize
0x00, 0x00, 0x01, 0x86, // TPM_CC_HashSequenceStart
0x00, 0x00, // authSize (NULL Password)
// null (indicate a NULL Password)
0x00, 0x00 // hashAlg (will be set later)
static uint8_t tpm2_hash_sequence_start[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x0e, // commandSize
0x00, 0x00, 0x01, 0x86, // TPM_CC_HashSequenceStart
0x00, 0x00, // authSize (NULL Password)
// null (indicate a NULL Password)
0x00, 0x00 // hashAlg (will be set later)
};
static uint8_t tpm2_sequence_update[] ={
0x80, 0x02, // TPM_ST_SESSIONS
0x00, 0x00, 0x00, 0x00, // commandSize (will be set later)
0x00, 0x00, 0x01, 0x5c, // TPM_CC_SequenceUpdate
0x00, 0x00, 0x00, 0x00, // sequenceHandle (will be set later)
0x00, 0x00, // authSize (NULL Password)
// null (indicate a NULL Password)
0x00, 0x09, // authSize (password authorization session)
0x40, 0x00, 0x00, 0x09, // TPM_RS_PW (indicate a password authorization session)
0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00 // size (will be set later)
// buffer (will be added later)
static uint8_t tpm2_sequence_update[] = {
0x80, 0x02, // TPM_ST_SESSIONS
0x00, 0x00, 0x00, 0x00, // commandSize (will be set later)
0x00, 0x00, 0x01, 0x5c, // TPM_CC_SequenceUpdate
0x00, 0x00, 0x00, 0x00, // sequenceHandle (will be set later)
0x00, 0x00, // authSize (NULL Password)
// null (indicate a NULL Password)
0x00, 0x09, // authSize (password authorization session)
0x40, 0x00, 0x00, 0x09, // TPM_RS_PW (indicate a password authorization session)
0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00 // size (will be set later)
// buffer (will be added later)
};
static uint8_t tpm2_sequence_complete[] ={
0x80, 0x02, // TPM_ST_SESSIONS
0x00, 0x00, 0x00, 0x21, // commandSize
0x00, 0x00, 0x01, 0x3e, // TPM_CC_SequenceComplete
0x00, 0x00, 0x00, 0x00, // sequenceHandle (will be set later)
0x00, 0x00, // authSize (NULL Password)
// null (indicate a NULL Password)
0x00, 0x09, // authSize (password authorization session)
0x40, 0x00, 0x00, 0x09, // TPM_RS_PW (indicate a password authorization session)
0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, // size (NULL buffer)
// null (indicate an empty buffer buffer)
0x40, 0x00, 0x00, 0x07 // hierarchy of the ticket (TPM_RH_NULL)
static uint8_t tpm2_sequence_complete[] = {
0x80, 0x02, // TPM_ST_SESSIONS
0x00, 0x00, 0x00, 0x21, // commandSize
0x00, 0x00, 0x01, 0x3e, // TPM_CC_SequenceComplete
0x00, 0x00, 0x00, 0x00, // sequenceHandle (will be set later)
0x00, 0x00, // authSize (NULL Password)
// null (indicate a NULL Password)
0x00, 0x09, // authSize (password authorization session)
0x40, 0x00, 0x00, 0x09, // TPM_RS_PW (indicate a password authorization session)
0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, // size (NULL buffer)
// null (indicate an empty buffer buffer)
0x40, 0x00, 0x00, 0x07 // hierarchy of the ticket (TPM_RH_NULL)
};
static const uint8_t sha1_alg[] ={
0x00, 0x04 // command for sha1 alg
static const uint8_t sha1_alg[] = {
0x00, 0x04 // command for sha1 alg
};
static const uint8_t sha256_alg[] ={
0x00, 0x0B // command for sha256 alg
static const uint8_t sha256_alg[] = {
0x00, 0x0B // command for sha256 alg
};
static const uint8_t tpm_cc_hash_hierarchy[] ={
0x40, 0x00, 0x00, 0x07 // hierarchy of the ticket (TPM_RH_NULL)
static const uint8_t tpm_cc_hash_hierarchy[] = {
0x40, 0x00, 0x00, 0x07 // hierarchy of the ticket (TPM_RH_NULL)
};
//PCR_Command
static const uint8_t tpm2_pcr_read[] ={
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x14, // commandSize
0x00, 0x00, 0x01, 0x7E, // TPM_CC_PCR_Read
0x00, 0x00, 0x00, 0x01, // count (TPML_PCR_SELECTION)
0x00, 0x00, // hash (TPMS_PCR_SELECTION; will be set later)
0x03, // sizeofSelect (TPMS_PCR_SELECTION)
0x00, 0x00, 0x00 // pcrSelect (TPMS_PCR_SELECTION)
static const uint8_t tpm2_pcr_read[] = {
0x80, 0x01, // TPM_ST_NO_SESSIONS
0x00, 0x00, 0x00, 0x14, // commandSize
0x00, 0x00, 0x01, 0x7E, // TPM_CC_PCR_Read
0x00, 0x00, 0x00, 0x01, // count (TPML_PCR_SELECTION)
0x00, 0x00, // hash (TPMS_PCR_SELECTION; will be set later)
0x03, // sizeofSelect (TPMS_PCR_SELECTION)
0x00, 0x00, 0x00 // pcrSelect (TPMS_PCR_SELECTION)
};
static const uint8_t tpm2_pcr_extend[] ={
0x80, 0x02, // TPM_ST_SESSIONS
0x00, 0x00, 0x00, 0x00, // commandSize (will be set later)
0x00, 0x00, 0x01, 0x82, // TPM_CC_PCR_Extend
0x00, 0x00, 0x00, 0x00, // {PCR_FIRST:PCR_LAST} (TPMI_DH_PCR)
0x00, 0x00, // authSize (NULL Password)
// null (indicate a NULL Password)
0x00, 0x09, // authSize (password authorization session)
0x40, 0x00, 0x00, 0x09, // TPM_RS_PW (indicate a password authorization session)
0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, // count (TPML_DIGEST_VALUES)
0x00, 0x00 // hashAlg (TPMT_HA; will be set later)
// digest (TPMT_HA; will be added later)
static const uint8_t tpm2_pcr_extend[] = {
0x80, 0x02, // TPM_ST_SESSIONS
0x00, 0x00, 0x00, 0x00, // commandSize (will be set later)
0x00, 0x00, 0x01, 0x82, // TPM_CC_PCR_Extend
0x00, 0x00, 0x00, 0x00, // {PCR_FIRST:PCR_LAST} (TPMI_DH_PCR)
0x00, 0x00, // authSize (NULL Password)
// null (indicate a NULL Password)
0x00, 0x09, // authSize (password authorization session)
0x40, 0x00, 0x00, 0x09, // TPM_RS_PW (indicate a password authorization session)
0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, // count (TPML_DIGEST_VALUES)
0x00, 0x00 // hashAlg (TPMT_HA; will be set later)
// digest (TPMT_HA; will be added later)
};
static const uint8_t tpm2_pcr_reset[] ={
0x80, 0x02, // TPM_ST_SESSIONS
0x00, 0x00, 0x00, 0x1B, // commandSize
0x00, 0x00, 0x01, 0x3D, // TPM_CC_PCR_Reset
0x00, 0x00, 0x00, 0x00, // {PCR_FIRST:PCR_LAST} (TPMI_DH_PCR)
0x00, 0x00, // authSize (NULL Password)
// null (indicate a NULL Password)
0x00, 0x09, // authSize (password authorization session)
0x40, 0x00, 0x00, 0x09, // TPM_RS_PW (indicate a password authorization session)
0x00, 0x00, 0x01, 0x00, 0x00
static const uint8_t tpm2_pcr_reset[] = {
0x80, 0x02, // TPM_ST_SESSIONS
0x00, 0x00, 0x00, 0x1B, // commandSize
0x00, 0x00, 0x01, 0x3D, // TPM_CC_PCR_Reset
0x00, 0x00, 0x00, 0x00, // {PCR_FIRST:PCR_LAST} (TPMI_DH_PCR)
0x00, 0x00, // authSize (NULL Password)
// null (indicate a NULL Password)
0x00, 0x09, // authSize (password authorization session)
0x40, 0x00, 0x00, 0x09, // TPM_RS_PW (indicate a password authorization session)
0x00, 0x00, 0x01, 0x00, 0x00
};
#endif /* _ELTT2_H_ */