Add submodule dependency filesHEAD master

Change-Id: Iaf8d18082d3991dec7c0ebbea540f092188eb4ec
author: Angelos Mouzakitis <a.mouzakitis@virtualopensystems.com> 2023-10-10 14:33:42 +0000
committer: Angelos Mouzakitis <a.mouzakitis@virtualopensystems.com> 2023-10-10 14:33:42 +0000
commit: af1a266670d040d2f4083ff309d732d648afba2a (patch)
tree: 2fc46203448ddcc6f81546d379abfaeb323575e9 /roms/skiboot/libstb/tss2/ibmtpm20tss/utils/ekutils.h
parent: e02cda008591317b1625707ff8e115a4841aa889 (diff)
1 files changed, 258 insertions, 0 deletions
diff --git a/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/ekutils.h b/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/ekutils.h
new file mode 100644
index 000000000..bffde5371
--- /dev/null
+++ b/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/ekutils.h
@@ -0,0 +1,258 @@
+/********************************************************************************/
+/*										*/
+/*			IWG EK Index Parsing Utilities				*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2016 - 2019.					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+#ifndef EKUTILS_H
+#define EKUTILS_H
+
+/* Windows 10 crypto API clashes with openssl */
+#ifdef TPM_WINDOWS
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#endif
+
+#ifndef TPM_TSS_NO_OPENSSL
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/bn.h>
+#endif	/* TPM_TSS_NO_OPENSSL */
+
+#include <ibmtss/tss.h>
+
+/* legacy TCG IWG NV indexes */
+
+#define EK_CERT_RSA_INDEX 	0x01c00002
+#define EK_NONCE_RSA_INDEX 	0x01c00003 
+#define EK_TEMPLATE_RSA_INDEX 	0x01c00004
+
+#define EK_CERT_EC_INDEX 	0x01c0000a
+#define EK_NONCE_EC_INDEX 	0x01c0000b
+#define EK_TEMPLATE_EC_INDEX 	0x01c0000c
+
+#define MAX_ROOTS		100	/* 100 should be more than enough */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    /*
+      crypto library independent functions
+    */
+    
+    TPM_RC readNvBufferMax(TSS_CONTEXT *tssContext,
+			   uint32_t *nvBufferMax);
+    TPM_RC getIndexSize(TSS_CONTEXT *tssContext,
+			uint16_t *dataSize,
+			TPMI_RH_NV_INDEX nvIndex);
+    TPM_RC getIndexData(TSS_CONTEXT *tssContext,
+			unsigned char **buffer,
+			TPMI_RH_NV_INDEX nvIndex,
+			uint16_t dataSize);
+    TPM_RC getIndexContents(TSS_CONTEXT *tssContext,
+			    unsigned char **buffer,
+			    uint16_t *bufferSize,
+			    TPMI_RH_NV_INDEX nvIndex);
+    void getRsaTemplate(TPMT_PUBLIC *tpmtPublic);
+    void getEccTemplate(TPMT_PUBLIC *tpmtPublic);
+    TPM_RC getRootCertificateFilenames(char *rootFilename[],
+				       unsigned int *rootFileCount,
+				       const char *listFilename,
+				       int print);
+    TPM_RC processEKNonce(TSS_CONTEXT *tssContext,
+			  unsigned char **nonce,
+			  uint16_t *nonceSize,
+			  TPMI_RH_NV_INDEX ekNonceIndex,
+			  int print);
+    TPM_RC processEKTemplate(TSS_CONTEXT *tssContext,
+			     TPMT_PUBLIC *tpmtPublic,
+			     TPMI_RH_NV_INDEX ekTemplateIndex,
+			     int print);
+    TPM_RC convertDerToX509(void **x509Certificate,
+			    uint16_t readLength,
+			    const unsigned char *readBuffer);
+    TPM_RC convertX509PemToDer(uint32_t *certLength,
+				unsigned char **certificate,
+				const char *pemCertificateFilename);
+    TPM_RC convertX509ToPem(const char *pemFilename,
+			    void *x509);
+    void x509FreeStructure(void *x509);
+    void x509PrintStructure(void *x509);
+    TPM_RC processEKCertificate(TSS_CONTEXT *tssContext,
+				void **ekCertificate,
+				uint8_t **modulusBin,
+				int *modulusBytes,
+				TPMI_RH_NV_INDEX ekCertIndex,
+				int print);
+    TPM_RC getIndexX509Certificate(TSS_CONTEXT *tssContext,
+				   void **certificate,
+				   TPMI_RH_NV_INDEX nvIndex);
+    TPM_RC convertCertificatePubKey(uint8_t **modulusBin,
+				    int *modulusBytes,
+				    void *ekCertificate,
+				    TPMI_RH_NV_INDEX ekCertIndex,
+				    int print);
+    TPM_RC createCertificate(char **x509CertString,
+			     char **pemCertString,
+			     uint32_t *certLength,
+			     unsigned char **certificate,
+			     TPMT_PUBLIC *tpmtPublic,	
+			     const char *caKeyFileName,
+			     size_t issuerEntriesSize,
+			     char **issuerEntries,
+			     size_t subjectEntriesSize,
+			     char **subjectEntries,
+			     const char *caKeyPassword);
+    TPM_RC processRoot(TSS_CONTEXT *tssContext,
+		       TPMI_RH_NV_INDEX ekCertIndex,
+		       const char *rootFilename[],
+		       unsigned int rootFileCount,
+		       int print);
+    TPM_RC verifyCertificate(void *x509Certificate,
+			     const char *rootFilename[],
+			     unsigned int rootFileCount,
+			     int print);
+    TPM_RC processCreatePrimary(TSS_CONTEXT *tssContext,
+				TPM_HANDLE *keyHandle,
+				TPMI_RH_NV_INDEX ekCertIndex,
+				unsigned char *nonce,
+				uint16_t nonceSize,
+				TPMT_PUBLIC *tpmtPublicIn,
+				TPMT_PUBLIC *tpmtPublicOut,
+				unsigned int noFlush,
+				int print);
+    TPM_RC processValidatePrimary(uint8_t *publicKeyBin,
+				  int publicKeyBytes,
+				  TPMT_PUBLIC *tpmtPublic,
+				  TPMI_RH_NV_INDEX ekCertIndex,
+				  int print);
+    TPM_RC processPrimary(TSS_CONTEXT *tssContext,
+			  TPM_HANDLE *keyHandle,
+			  TPMI_RH_NV_INDEX ekCertIndex,
+			  TPMI_RH_NV_INDEX ekNonceIndex, 
+			  TPMI_RH_NV_INDEX ekTemplateIndex,
+			  unsigned int noFlush,
+			  int print);
+
+    /*
+      deprecated OpenSSL specific functions
+    */
+   
+#ifndef TPM_TSS_NO_OPENSSL
+
+
+    uint32_t getPubkeyFromDerCertFile(RSA  **rsaPkey,
+				      X509 **x509,
+				      const char *derCertificateFileName);
+    uint32_t getPubKeyFromX509Cert(RSA  **rsaPkey,
+				   X509 *x509);
+    TPM_RC getCaStore(X509_STORE **caStore,
+		      X509 *caCert[],
+		      const char *rootFilename[],
+		      unsigned int rootFileCount);
+    TPM_RC verifyKeyUsage(X509 *ekX509Certificate,
+			  int pkeyType,
+			  int print);
+    TPM_RC convertX509ToDer(uint32_t *certLength,
+			    unsigned char **certificate,
+			    X509 *x509Certificate);
+#ifndef TPM_TSS_NOECC
+    TPM_RC convertX509ToEc(EC_KEY **ecKey,
+			   X509 *x509);
+#endif	/* TPM_TSS_NOECC */
+    TPM_RC convertX509ToDer(uint32_t *certLength,
+			    unsigned char **certificate,
+			    X509 *x509Certificate);
+    TPM_RC convertPemToX509(X509 **x509,
+			    const char *pemCertificateFilename);
+    TPM_RC convertPemMemToX509(X509 **x509,
+			       const char *pemCertificate);
+    TPM_RC convertX509ToPemMem(char **pemString,
+			       X509 *x509);
+    TPM_RC convertX509ToString(char **x509String,
+			       X509 *x509);
+    TPM_RC convertCertificatePubKey12(uint8_t **modulusBin,
+				      int *modulusBytes,
+				      X509 *ekCertificate);
+
+    /* certificate key to nid mapping array */
+
+    TPM_RC startCertificate(X509 *x509Certificate,
+			    uint16_t keyLength,
+			    const unsigned char *keyBuffer,
+			    size_t issuerEntriesSize,
+			    char **issuerEntries,
+			    size_t subjectEntriesSize,
+			    char **subjectEntries);
+
+    typedef struct tdCertificateName
+    {
+	const char *key;
+	int nid;
+    } CertificateName;
+
+    TPM_RC calculateNid(void);
+    TPM_RC createX509Name(X509_NAME **x509Name,
+			  size_t entriesSize,
+			  char **entries);
+    TPM_RC addCertExtension(X509 *x509Certificate, int nid, const char *value);
+    TPM_RC addCertKeyRsa(X509 *x509Certificate,
+			 const TPM2B_PUBLIC_KEY_RSA *tpm2bRsa);
+#ifndef TPM_TSS_NOECC
+    TPM_RC addCertKeyEcc(X509 *x509Certificate,
+			 const TPMS_ECC_POINT *tpmsEccPoint);
+#endif	/* TPM_TSS_NOECC */
+    TPM_RC addCertSignatureRoot(X509 *x509Certificate,
+				const char *caKeyFileName,
+				const char *caKeyPassword);
+    TPM_RC TSS_RSAGetKey(const BIGNUM **n,
+			 const BIGNUM **e,
+			 const BIGNUM **d,
+			 const BIGNUM **p,
+			 const BIGNUM **q,
+			 const RSA *rsaKey);
+
+    int TSS_Pubkey_GetAlgorithm(EVP_PKEY *pkey);
+
+
+#endif /* TPM_TSS_NO_OPENSSL */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
author	Angelos Mouzakitis <a.mouzakitis@virtualopensystems.com>	2023-10-10 14:33:42 +0000
committer	Angelos Mouzakitis <a.mouzakitis@virtualopensystems.com>	2023-10-10 14:33:42 +0000
commit	af1a266670d040d2f4083ff309d732d648afba2a (patch)
tree	2fc46203448ddcc6f81546d379abfaeb323575e9 /roms/skiboot/libstb/tss2/ibmtpm20tss/utils/ekutils.h
parent	e02cda008591317b1625707ff8e115a4841aa889 (diff)