int flush_keys(void) { u16 key_count; u8 buf[288]; u8 *ptr; u32 err; uint i; /* fetch list of already loaded keys in the TPM */ err = tpm_get_capability(TPM_CAP_HANDLE, TPM_RT_KEY, buf, sizeof(buf)); if (err) return -1; key_count = get_unaligned_be16(buf); ptr = buf + 2; for (i = 0; i < key_count; ++i, ptr += 4) { err = tpm_flush_specific(get_unaligned_be32(ptr), TPM_RT_KEY); if (err && err != TPM_KEY_OWNER_CONTROL) return err; } return 0; }
static int do_tpm_get_capability(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { uint32_t cap_area, sub_cap, rc; void *cap; size_t count; if (argc != 5) return CMD_RET_USAGE; cap_area = simple_strtoul(argv[1], NULL, 0); sub_cap = simple_strtoul(argv[2], NULL, 0); cap = (void *)simple_strtoul(argv[3], NULL, 0); count = simple_strtoul(argv[4], NULL, 0); rc = tpm_get_capability(cap_area, sub_cap, cap, count); if (!rc) { puts("capability information:\n"); print_byte_string(cap, count); } return convert_return_code(rc); }
u32 tpm_find_key_sha1(struct udevice *dev, const u8 auth[20], const u8 pubkey_digest[20], u32 *handle) { u16 key_count; u32 key_handles[10]; u8 buf[288]; u8 *ptr; u32 err; u8 digest[20]; size_t buf_len; unsigned int i; /* fetch list of already loaded keys in the TPM */ err = tpm_get_capability(dev, TPM_CAP_HANDLE, TPM_RT_KEY, buf, sizeof(buf)); if (err) return -1; key_count = get_unaligned_be16(buf); ptr = buf + 2; for (i = 0; i < key_count; ++i, ptr += 4) key_handles[i] = get_unaligned_be32(ptr); /* now search a(/ the) key which we can access with the given auth */ for (i = 0; i < key_count; ++i) { buf_len = sizeof(buf); err = tpm_get_pub_key_oiap(key_handles[i], auth, buf, &buf_len); if (err && err != TPM_AUTHFAIL) return -1; if (err) continue; sha1_csum(buf, buf_len, digest); if (!memcmp(digest, pubkey_digest, 20)) { *handle = key_handles[i]; return 0; } } return 1; }
extern uint32_t tpm_get_nv_data_public(uint32_t locality, tpm_nv_index_t index, tpm_nv_data_public_t *pub) { uint32_t ret, offset, resp_size; uint8_t sub_cap[sizeof(index)]; uint8_t resp[sizeof(tpm_nv_data_public_t)]; tpm_nv_index_t idx; if ( pub == NULL ) { printf("TPM: tpm_get_nvindex_size() bad parameter\n"); return TPM_BAD_PARAMETER; } offset = 0; UNLOAD_INTEGER(sub_cap, offset, index); resp_size = sizeof(resp); ret = tpm_get_capability(locality, TPM_CAP_NV_INDEX, sizeof(sub_cap), sub_cap, &resp_size, resp); #ifdef TPM_TRACE printf("TPM: get nv_data_public, return value = %08X\n", ret); #endif if ( ret != TPM_SUCCESS ) { printf("TPM: fail to get public data of 0x%08X in TPM NV\n", index); return ret; } #ifdef TPM_TRACE { printf("TPM: "); print_hex(NULL, resp, resp_size); } #endif /* check size */ if ( resp_size == 0 ) { printf("TPM: Index 0x%08X does not exist\n", index); return TPM_BADINDEX; } /* check index */ offset = sizeof(tpm_structure_tag_t); LOAD_INTEGER(resp, offset, idx); #ifdef TPM_TRACE printf("TPM: get index value = %08X\n", idx); #endif if ( idx != index ) { printf("TPM: Index 0x%08X is not the one expected 0x%08X\n", idx, index); return TPM_BADINDEX; } if ( resp_size != sizeof(resp) ) { printf("TPM: public data size of Index 0x%08X responsed incorrect\n", index); return TPM_FAIL; } offset = 0; LOAD_NV_DATA_PUBLIC(resp, offset, pub); /*print_hex(" NV pub: ", pub, resp_size);*/ return ret; }