From: "André Draszik" <git@andred.net>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 3/5] tpm: add tpm_get_random()
Date: Tue, 3 Oct 2017 16:52:26 +0100 [thread overview]
Message-ID: <20171003155228.9702-3-git@andred.net> (raw)
In-Reply-To: <20171003155228.9702-1-git@andred.net>
From: André Draszik <adraszik@tycoint.com>
Signed-off-by: André Draszik <adraszik@tycoint.com>
---
include/tpm.h | 12 ++++++++++++
lib/tpm.c | 43 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 55 insertions(+)
diff --git a/include/tpm.h b/include/tpm.h
index f88388f353..2a7528dd48 100644
--- a/include/tpm.h
+++ b/include/tpm.h
@@ -651,4 +651,16 @@ uint32_t tpm_flush_specific(uint32_t key_handle, uint32_t resource_type);
uint32_t tpm_find_key_sha1(const uint8_t auth[20], const uint8_t
pubkey_digest[20], uint32_t *handle);
#endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
+
+/**
+ * Read random bytes from the TPM RNG. The implementation deals with the fact
+ * that the TPM may legally return fewer bytes than requested by retrying
+ * until @p count bytes have been received.
+ *
+ * @param data output buffer for the random bytes
+ * @param count size of output buffer
+ * @return return code of the operation
+ */
+uint32_t tpm_get_random(void *data, uint32_t count);
+
#endif /* __TPM_H */
diff --git a/lib/tpm.c b/lib/tpm.c
index 5659fa5e18..42a6591f81 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -1049,3 +1049,46 @@ uint32_t tpm_find_key_sha1(const uint8_t auth[20], const uint8_t
#endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
#endif /* CONFIG_TPM_AUTH_SESSIONS */
+
+uint32_t tpm_get_random(void *data, uint32_t count)
+{
+ const uint8_t command[14] = {
+ 0x0, 0xc1, /* TPM_TAG */
+ 0x0, 0x0, 0x0, 0xe, /* parameter size */
+ 0x0, 0x0, 0x0, 0x46, /* TPM_COMMAND_CODE */
+ };
+ const size_t length_offset = 10;
+ const size_t data_size_offset = 10;
+ const size_t data_offset = 14;
+ uint8_t buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
+ size_t response_length = sizeof(response);
+ uint32_t data_size;
+ uint8_t *out = data;
+
+ while (count > 0) {
+ uint32_t this_bytes = min(count,
+ sizeof (response) - data_offset);
+ uint32_t err;
+
+ if (pack_byte_string(buf, sizeof(buf), "sd",
+ 0, command, sizeof(command),
+ length_offset, this_bytes))
+ return TPM_LIB_ERROR;
+ err = tpm_sendrecv_command(buf, response, &response_length);
+ if (err)
+ return err;
+ if (unpack_byte_string(response, response_length, "d",
+ data_size_offset, &data_size))
+ return TPM_LIB_ERROR;
+ if (data_size > count)
+ return TPM_LIB_ERROR;
+ if (unpack_byte_string(response, response_length, "s",
+ data_offset, out, data_size))
+ return TPM_LIB_ERROR;
+
+ count -= data_size;
+ out += data_size;
+ }
+
+ return 0;
+}
--
2.14.2
next prev parent reply other threads:[~2017-10-03 15:52 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-03 15:52 [U-Boot] [PATCH 1/5] SPL: fix printing of image name André Draszik
2017-10-03 15:52 ` [U-Boot] [PATCH 2/5] tpm: fix reading of permanent flags André Draszik
2017-10-03 15:52 ` André Draszik [this message]
2017-10-03 15:52 ` [U-Boot] [PATCH 4/5] tpm: add more useful NV storage permission flags André Draszik
2017-11-17 14:05 ` Simon Glass
2017-11-17 15:41 ` sjg at google.com
2017-10-03 15:52 ` [U-Boot] [PATCH 5/5] tpm: add more missing va_end() André Draszik
2017-10-03 15:55 ` [U-Boot] [PATCH v2 1/5] SPL: fix printing of image name André Draszik
2017-10-03 15:55 ` [U-Boot] [PATCH v2 2/5] tpm: fix reading of permanent flags André Draszik
2017-11-17 14:05 ` Simon Glass
2017-11-17 15:41 ` sjg at google.com
2017-10-03 15:55 ` [U-Boot] [PATCH v2 3/5] tpm: add tpm_get_random() André Draszik
2017-11-17 14:05 ` Simon Glass
2017-11-17 15:41 ` sjg at google.com
2017-11-17 15:47 ` Simon Glass
2017-10-03 15:55 ` [U-Boot] [PATCH v2 4/5] tpm: add more useful NV storage permission flags André Draszik
2017-10-03 15:55 ` [U-Boot] [PATCH v2 5/5] tpm: add more missing va_end() André Draszik
2017-11-17 14:06 ` Simon Glass
2017-11-17 15:41 ` sjg at google.com
2017-11-01 9:09 ` [U-Boot] [PATCH v2 1/5] SPL: fix printing of image name André Draszik
2017-11-17 14:05 ` Simon Glass
2017-11-17 15:41 ` sjg at google.com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171003155228.9702-3-git@andred.net \
--to=git@andred.net \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox