From: "André Draszik" <git@andred.net>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 3/5] tpm: add tpm_get_random()
Date: Tue, 3 Oct 2017 16:52:26 +0100 [thread overview]
Message-ID: <20171003155228.9702-3-git@andred.net> (raw)
In-Reply-To: <20171003155228.9702-1-git@andred.net>
From: André Draszik <adraszik@tycoint.com>
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
include/tpm.h | 12 ++++++++++++
lib/tpm.c | 43 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 55 insertions(+)
diff --git a/include/tpm.h b/include/tpm.h
index f88388f353..2a7528dd48 100644
--- a/include/tpm.h
+++ b/include/tpm.h
@@ -651,4 +651,16 @@ uint32_t tpm_flush_specific(uint32_t key_handle, uint32_t resource_type);
uint32_t tpm_find_key_sha1(const uint8_t auth[20], const uint8_t
pubkey_digest[20], uint32_t *handle);
#endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
+
+/**
+ * Read random bytes from the TPM RNG. The implementation deals with the fact
+ * that the TPM may legally return fewer bytes than requested by retrying
+ * until @p count bytes have been received.
+ *
+ * @param data output buffer for the random bytes
+ * @param count size of output buffer
+ * @return return code of the operation
+ */
+uint32_t tpm_get_random(void *data, uint32_t count);
+
#endif /* __TPM_H */
diff --git a/lib/tpm.c b/lib/tpm.c
index 5659fa5e18..42a6591f81 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -1049,3 +1049,46 @@ uint32_t tpm_find_key_sha1(const uint8_t auth[20], const uint8_t
#endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
#endif /* CONFIG_TPM_AUTH_SESSIONS */
+
+uint32_t tpm_get_random(void *data, uint32_t count)
+{
+ const uint8_t command[14] = {
+ 0x0, 0xc1, /* TPM_TAG */
+ 0x0, 0x0, 0x0, 0xe, /* parameter size */
+ 0x0, 0x0, 0x0, 0x46, /* TPM_COMMAND_CODE */
+ };
+ const size_t length_offset = 10;
+ const size_t data_size_offset = 10;
+ const size_t data_offset = 14;
+ uint8_t buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
+ size_t response_length = sizeof(response);
+ uint32_t data_size;
+ uint8_t *out = data;
+
+ while (count > 0) {
+ uint32_t this_bytes = min(count,
+ sizeof (response) - data_offset);
+ uint32_t err;
+
+ if (pack_byte_string(buf, sizeof(buf), "sd",
+ 0, command, sizeof(command),
+ length_offset, this_bytes))
+ return TPM_LIB_ERROR;
+ err = tpm_sendrecv_command(buf, response, &response_length);
+ if (err)
+ return err;
+ if (unpack_byte_string(response, response_length, "d",
+ data_size_offset, &data_size))
+ return TPM_LIB_ERROR;
+ if (data_size > count)
+ return TPM_LIB_ERROR;
+ if (unpack_byte_string(response, response_length, "s",
+ data_offset, out, data_size))
+ return TPM_LIB_ERROR;
+
+ count -= data_size;
+ out += data_size;
+ }
+
+ return 0;
+}
--
2.14.2
next prev parent reply other threads:[~2017-10-03 15:52 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-03 15:52 [U-Boot] [PATCH 1/5] SPL: fix printing of image name André Draszik
2017-10-03 15:52 ` [U-Boot] [PATCH 2/5] tpm: fix reading of permanent flags André Draszik
2017-10-03 15:52 ` André Draszik [this message]
2017-10-03 15:52 ` [U-Boot] [PATCH 4/5] tpm: add more useful NV storage permission flags André Draszik
2017-11-17 14:05 ` Simon Glass
2017-11-17 15:41 ` sjg at google.com
2017-10-03 15:52 ` [U-Boot] [PATCH 5/5] tpm: add more missing va_end() André Draszik
2017-10-03 15:55 ` [U-Boot] [PATCH v2 1/5] SPL: fix printing of image name André Draszik
2017-10-03 15:55 ` [U-Boot] [PATCH v2 2/5] tpm: fix reading of permanent flags André Draszik
2017-11-17 14:05 ` Simon Glass
2017-11-17 15:41 ` sjg at google.com
2017-10-03 15:55 ` [U-Boot] [PATCH v2 3/5] tpm: add tpm_get_random() André Draszik
2017-11-17 14:05 ` Simon Glass
2017-11-17 15:41 ` sjg at google.com
2017-11-17 15:47 ` Simon Glass
2017-10-03 15:55 ` [U-Boot] [PATCH v2 4/5] tpm: add more useful NV storage permission flags André Draszik
2017-10-03 15:55 ` [U-Boot] [PATCH v2 5/5] tpm: add more missing va_end() André Draszik
2017-11-17 14:06 ` Simon Glass
2017-11-17 15:41 ` sjg at google.com
2017-11-01 9:09 ` [U-Boot] [PATCH v2 1/5] SPL: fix printing of image name André Draszik
2017-11-17 14:05 ` Simon Glass
2017-11-17 15:41 ` sjg at google.com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171003155228.9702-3-git@andred.net \
--to=git@andred.net \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.