Change in coreboot[master]: security/tpm: Fix tlcl_extend operation - coreboot-gerrit

18 Dec 2020

Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/48740 )
Change subject: security/tpm: Fix tlcl_extend operation
......................................................................
security/tpm: Fix tlcl_extend operation
* Added size checks and padding for tlcl_extend
* Support for TPM 1.2 and 2.0
Change-Id: If3353f989e74cfa11900b2b92a6ed11ade3d24e2
Signed-off-by: Philipp Deppenwiese zaolin@das-labor.org
---
M src/security/tpm/tspi/tspi.c
M src/security/tpm/tss.h
M src/security/tpm/tss/tcg-1.2/tss.c
M src/security/tpm/tss/tcg-2.0/tss.c
M src/vendorcode/eltan/security/mboot/mboot.c
5 files changed, 17 insertions(+), 8 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/40/48740/1

diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c
index 966b8b7..790578e 100644
--- a/src/security/tpm/tspi/tspi.c
+++ b/src/security/tpm/tspi/tspi.c
@@ -214,7 +214,7 @@
    if (!digest)
    	return TPM_E_IOERROR;
-	result = tlcl_extend(pcr, digest, NULL);
+	result = tlcl_extend(pcr, digest, digest_len, NULL);
    if (result != TPM_SUCCESS)
    	return result;
diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h
index 336935d..9e56ca2 100644
--- a/src/security/tpm/tss.h
+++ b/src/security/tpm/tss.h
@@ -185,7 +185,7 @@
  * Perform a TPM_Extend.
  */
 uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
-		     uint8_t *out_digest);
+			size_t in_digest_len, uint8_t *out_digest);
/**
  * Disable platform hierarchy. Specific to TPM2. The TPM error code is returned.
diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c
index b11d6a3..2b87e306 100644
--- a/src/security/tpm/tss/tcg-1.2/tss.c
+++ b/src/security/tpm/tss/tcg-1.2/tss.c
@@ -342,7 +342,7 @@
 }
uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
-		     uint8_t *out_digest)
+		     size_t in_digest_len, uint8_t *out_digest)
 {
    struct s_tpm_extend_cmd cmd;
    uint8_t response[kTpmResponseHeaderLength + kPcrDigestLength];
@@ -350,8 +350,13 @@
memcpy(&cmd, &tpm_extend_cmd, sizeof(cmd));
    to_tpm_uint32(cmd.buffer + tpm_extend_cmd.pcrNum, pcr_num);
-	memcpy(cmd.buffer + cmd.inDigest, in_digest, kPcrDigestLength);
+	if (in_digest_len > kPcrDigestLength)
+		return TPM_E_HASH_ERROR;
+	else if (in_digest_len < kPcrDigestLength)
+		memset(cmd.buffer + cmd.inDigest, 0, kPcrDigestLength);
+
+	memcpy(cmd.buffer + cmd.inDigest, in_digest, in_digest_len);
    result = tlcl_send_receive(cmd.buffer, response, sizeof(response));
    if (result != TPM_SUCCESS)
    	return result;
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index 16e40fe..fbb1760 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -131,7 +131,7 @@
  * sha256 digest.
  */
 uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest,
-		     uint8_t *out_digest)
+		     size_t in_digest_len, uint8_t *out_digest)
 {
    struct tpm2_pcr_extend_cmd pcr_ext_cmd;
    struct tpm2_response *response;
@@ -139,9 +139,13 @@
    pcr_ext_cmd.pcrHandle = HR_PCR + pcr_num;
    pcr_ext_cmd.digests.count = 1;
    pcr_ext_cmd.digests.digests[0].hashAlg = TPM_ALG_SHA256;
-	memcpy(pcr_ext_cmd.digests.digests[0].digest.sha256, in_digest,
-	       sizeof(pcr_ext_cmd.digests.digests[0].digest.sha256));
+	if (in_digest_len > SHA256_DIGEST_SIZE)
+		return TPM_E_HASH_ERROR;
+	else if (in_digest_len < SHA256_DIGEST_SIZE)
+		memset(pcr_ext_cmd.digests.digests[0].digest.sha256, 0, SHA256_DIGEST_SIZE);
+
+	memcpy(pcr_ext_cmd.digests.digests[0].digest.sha256, in_digest, in_digest_len);
    response = tpm_process_command(TPM2_PCR_Extend, &pcr_ext_cmd);
printk(BIOS_INFO, "%s: response is %x\n",
diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c
index c5523a5..f2792e6 100644
--- a/src/vendorcode/eltan/security/mboot/mboot.c
+++ b/src/vendorcode/eltan/security/mboot/mboot.c
@@ -150,7 +150,7 @@
    printk(BIOS_DEBUG, "%s: SHA256 Hash Digest:\n", __func__);
    mboot_print_buffer(digest->digest.sha256, VB2_SHA256_DIGEST_SIZE);
-	return (tlcl_extend(newEventHdr->pcrIndex, (uint8_t *)&(newEventHdr->digest), NULL));
+	return (tlcl_extend(newEventHdr->pcrIndex, (uint8_t *)&(newEventHdr->digest), hashDataLen, NULL));
 }
/*
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/48740
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: If3353f989e74cfa11900b2b92a6ed11ade3d24e2
Gerrit-Change-Number: 48740
Gerrit-PatchSet: 1
Gerrit-Owner: Philipp Deppenwiese zaolin.daisuki@gmail.com
Gerrit-MessageType: newchange



    