]> git.sur5r.net Git - u-boot/commitdiff
tpm: add tpm_get_random()
authorAndré Draszik <adraszik@tycoint.com>
Tue, 3 Oct 2017 15:55:52 +0000 (16:55 +0100)
committerSimon Glass <sjg@chromium.org>
Fri, 17 Nov 2017 14:15:40 +0000 (07:15 -0700)
Add a function to obtain random data from the TPM.

Signed-off-by: André Draszik <adraszik@tycoint.com>
Added commit message, add cast to min()
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
include/tpm.h
lib/tpm.c

index f88388f3530f99cebf7ded7456bc5740a65f99a0..2a7528dd486c2ce639d7d0234884d6d3886dd7fa 100644 (file)
@@ -651,4 +651,16 @@ uint32_t tpm_flush_specific(uint32_t key_handle, uint32_t resource_type);
 uint32_t tpm_find_key_sha1(const uint8_t auth[20], const uint8_t
                           pubkey_digest[20], uint32_t *handle);
 #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
+
+/**
+ * Read random bytes from the TPM RNG. The implementation deals with the fact
+ * that the TPM may legally return fewer bytes than requested by retrying
+ * until @p count bytes have been received.
+ *
+ * @param data         output buffer for the random bytes
+ * @param count                size of output buffer
+ * @return return code of the operation
+ */
+uint32_t tpm_get_random(void *data, uint32_t count);
+
 #endif /* __TPM_H */
index 5659fa5e18beea1a028647c97b6e143f065840be..d21bbcfb11d2183bb7d83a51064c99805eab9e36 100644 (file)
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -1049,3 +1049,46 @@ uint32_t tpm_find_key_sha1(const uint8_t auth[20], const uint8_t
 #endif /* CONFIG_TPM_LOAD_KEY_BY_SHA1 */
 
 #endif /* CONFIG_TPM_AUTH_SESSIONS */
+
+uint32_t tpm_get_random(void *data, uint32_t count)
+{
+       const uint8_t command[14] = {
+               0x0, 0xc1,              /* TPM_TAG */
+               0x0, 0x0, 0x0, 0xe,     /* parameter size */
+               0x0, 0x0, 0x0, 0x46,    /* TPM_COMMAND_CODE */
+       };
+       const size_t length_offset = 10;
+       const size_t data_size_offset = 10;
+       const size_t data_offset = 14;
+       uint8_t buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE];
+       size_t response_length = sizeof(response);
+       uint32_t data_size;
+       uint8_t *out = data;
+
+       while (count > 0) {
+               uint32_t this_bytes = min((size_t)count,
+                                         sizeof (response) - data_offset);
+               uint32_t err;
+
+               if (pack_byte_string(buf, sizeof(buf), "sd",
+                                    0, command, sizeof(command),
+                                    length_offset, this_bytes))
+                       return TPM_LIB_ERROR;
+               err = tpm_sendrecv_command(buf, response, &response_length);
+               if (err)
+                       return err;
+               if (unpack_byte_string(response, response_length, "d",
+                                      data_size_offset, &data_size))
+                       return TPM_LIB_ERROR;
+               if (data_size > count)
+                       return TPM_LIB_ERROR;
+               if (unpack_byte_string(response, response_length, "s",
+                                      data_offset, out, data_size))
+                       return TPM_LIB_ERROR;
+
+               count -= data_size;
+               out += data_size;
+       }
+
+       return 0;
+}