Add submodule dependency filesHEADmaster

Change-Id: Iaf8d18082d3991dec7c0ebbea540f092188eb4ec

1 files changed, 354 insertions, 0 deletions

diff --git a/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/policymaker.c b/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/policymaker.c
new file mode 100644
index 000000000..7290ed722
--- /dev/null
+++ b/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/policymaker.c
@@ -0,0 +1,354 @@
+/********************************************************************************/
+/*										*/
+/*			   policymaker						*/
+/*			     Written by Ken Goldman				*/
+/*		       IBM Thomas J. Watson Research Center			*/
+/*										*/
+/* (c) Copyright IBM Corporation 2015 - 2019					*/
+/*										*/
+/* All rights reserved.								*/
+/* 										*/
+/* Redistribution and use in source and binary forms, with or without		*/
+/* modification, are permitted provided that the following conditions are	*/
+/* met:										*/
+/* 										*/
+/* Redistributions of source code must retain the above copyright notice,	*/
+/* this list of conditions and the following disclaimer.			*/
+/* 										*/
+/* Redistributions in binary form must reproduce the above copyright		*/
+/* notice, this list of conditions and the following disclaimer in the		*/
+/* documentation and/or other materials provided with the distribution.		*/
+/* 										*/
+/* Neither the names of the IBM Corporation nor the names of its		*/
+/* contributors may be used to endorse or promote products derived from		*/
+/* this software without specific prior written permission.			*/
+/* 										*/
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
+/********************************************************************************/
+
+/* 
+   policymaker calculates a TPM2 policy hash
+
+   Inputs are:
+
+   a hash algorithm
+   a file with lines in hexascii, to be extended into the policy digest, big endian
+
+   NOTE: Empty lines (lines with just a newline character) are permitted and cause a double hash.
+   This is useful for e.g. TPM2_PolicySigned when the policyRef is empty.
+
+   Outputs are:
+
+   if specified, a file with a binary digest
+   if specified, a print of the hash
+
+   Example input: policy command code with a command code of NV write
+
+   0000016c00000137
+
+   TPM2_PolicyCounterTimer is handled as a special case, where there is a double hash.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <errno.h>
+
+#include <ibmtss/tss.h>
+#include <ibmtss/tssutils.h>
+#include <ibmtss/tsscryptoh.h>
+#include <ibmtss/tsscrypto.h>
+
+static void printUsage(void);
+static int Format_FromHexascii(unsigned char *binary,
+			       const char *string,
+			       size_t length);
+static int Format_ByteFromHexascii(unsigned char *byte,
+				   const char *string);
+
+extern int tssUtilsVerbose;
+
+int main(int argc, char *argv[])
+{
+    TPM_RC		rc = 0;
+    int			i;    			/* argc iterator */
+    char 		*prc = NULL;		/* pointer return code */
+    const char 		*inFilename = NULL;
+    const char 		*outFilename = NULL;
+    int			pr = FALSE;
+    int			nz = FALSE;
+    int			noSpace = FALSE;
+    TPMT_HA 		digest;
+    /* initialized to suppress false gcc -O3 warning */
+    uint32_t           	sizeInBytes = 0;	/* hash algorithm mapped to size */
+    uint32_t           	startSizeInBytes = 0;	/* starting buffer for extend */
+    FILE 		*inFile = NULL;
+    FILE 		*outFile = NULL;
+
+    setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
+    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
+    tssUtilsVerbose = FALSE;
+    
+    /* command line defaults */
+    digest.hashAlg = TPM_ALG_SHA256;
+
+    for (i=1 ; (i<argc) && (rc == 0) ; i++) {
+	if (strcmp(argv[i],"-halg") == 0) {
+	    i++;
+	    if (i < argc) {
+		if (strcmp(argv[i],"sha1") == 0) {
+		    digest.hashAlg = TPM_ALG_SHA1;
+		}
+		else if (strcmp(argv[i],"sha256") == 0) {
+		    digest.hashAlg = TPM_ALG_SHA256;
+		}
+		else if (strcmp(argv[i],"sha384") == 0) {
+		    digest.hashAlg = TPM_ALG_SHA384;
+		}
+		else if (strcmp(argv[i],"sha512") == 0) {
+		    digest.hashAlg = TPM_ALG_SHA512;
+		}
+		else {
+		    printf("Bad parameter %s for -halg\n", argv[i]);
+		    printUsage();
+		}
+	    }
+	    else {
+		printf("Missing parameter for -hi\n");
+		printUsage();
+	    }
+	    
+	}
+	else if (strcmp(argv[i],"-if") == 0) {
+	    i++;
+	    if (i < argc) {
+		inFilename = argv[i];
+	    }
+	    else {
+		printf("-if option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-of") == 0) {
+	    i++;
+	    if (i < argc) {
+		outFilename = argv[i];
+	    }
+	    else {
+		printf("-of option needs a value\n");
+		printUsage();
+	    }
+	}
+	else if (strcmp(argv[i],"-pr") == 0) {
+	    pr = TRUE;
+	}
+	else if (strcmp(argv[i],"-nz") == 0) {
+	    nz = TRUE;
+	}
+	else if (strcmp(argv[i],"-ns") == 0) {
+	    noSpace = TRUE;
+	}
+	else if (strcmp(argv[i],"-h") == 0) {
+	    printUsage();
+	}
+	else if (strcmp(argv[i],"-v") == 0) {
+	    tssUtilsVerbose = TRUE;
+	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
+	}
+	else {
+	    printf("\n%s is not a valid option\n", argv[i]);
+	    printUsage();
+	}
+    }
+    if (inFilename == NULL) {
+	printf("Missing input file parameter -if\n");
+	printUsage();
+    }
+    /* open the input file */
+    if (rc == 0) {
+	inFile = fopen(inFilename, "r");
+	if (inFile == NULL) {
+	    printf("Error opening %s for %s, %s\n", inFilename, "r", strerror(errno));
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if (rc == 0) {
+	sizeInBytes = TSS_GetDigestSize(digest.hashAlg);
+	/* startauthsession sets session digest to zero */
+	if (!nz) {
+	    startSizeInBytes = sizeInBytes;
+	    memset((uint8_t *)&digest.digest, 0, sizeInBytes);
+	}
+	else {	/* nz TRUE, start with empty buffer */
+	    startSizeInBytes = 0;
+	}
+    }
+    /* iterate through each line */
+    do {
+	char 		lineString[10240];		/* returned line in hex ascii */
+	unsigned char 	lineBinary[5120];		/* returned line in binary */
+	size_t		lineLength;			
+
+	if (rc == 0) {
+	    prc = fgets(lineString, sizeof(lineString), inFile);
+	}
+	if (prc != NULL) {
+	    /* convert hex ascii to binary */ 
+	    if (rc == 0) {
+		lineLength = strlen(lineString);
+		rc = Format_FromHexascii(lineBinary,
+					 lineString, lineLength/2);
+	    }
+	    if (rc == 0) {
+		/* not TPM2_PolicyCounterTimer */
+		if (memcmp(lineString, "0000016d", 8) != 0) {
+		    /* hash extend digest.digest with line */
+		    if (rc == 0) {
+			rc = TSS_Hash_Generate(&digest,
+					       startSizeInBytes, (uint8_t *)&digest.digest,
+					       lineLength /2, lineBinary,
+					       0, NULL);
+		    }
+		}
+		/* TPM2_PolicyCounterTimer is a special case - double hash */
+		else {
+		    TPMT_HA	args;
+		    args.hashAlg = digest.hashAlg;
+		    if (rc == 0) {
+			/* args is a hash of the arguments excluding the command code */
+			rc = TSS_Hash_Generate(&args,
+					       (lineLength /2) -4, lineBinary +4,
+					       0, NULL);
+		    }
+		    if (rc == 0) {
+			uint8_t commandCode[] = {0x00, 0x00, 0x01, 0x6d};
+			rc = TSS_Hash_Generate(&digest,
+					       startSizeInBytes, (uint8_t *)&digest.digest,
+					       sizeof(commandCode), commandCode,
+					       startSizeInBytes, (uint8_t *)&args.digest,
+					       0, NULL);
+		    }
+		}
+	    }
+	    if (rc == 0) {
+		if (tssUtilsVerbose) TSS_PrintAll("intermediate policy digest",
+					  (uint8_t *)&digest.digest, sizeInBytes);
+	    }
+	}
+    }
+    while ((rc == 0) && (prc != NULL));
+
+    if ((rc == 0) && pr) {
+	TSS_PrintAll("policy digest", (uint8_t *)&digest.digest, sizeInBytes);
+    }
+    if ((rc == 0) && noSpace) {
+	unsigned int b;
+	printf("policy digest:\n");
+	for (b = 0 ; b < sizeInBytes ; b++) {
+	    printf("%02x", *(((uint8_t *)&digest.digest) + b));
+	}
+	printf("\n");
+    }
+    /* open the output file */
+    if ((rc == 0) && (outFilename != NULL)) {
+	outFile = fopen(outFilename, "wb");
+	if (outFile == NULL) {
+	    printf("Error opening %s for %s, %s\n", outFilename , "W", strerror(errno));
+	    rc = EXIT_FAILURE;
+	}
+    }
+    if ((rc == 0) && (outFilename != NULL)) {
+	fwrite((uint8_t *)&digest.digest, 1, sizeInBytes, outFile);
+    }
+    if (inFile != NULL) {
+	fclose(inFile);
+    }
+    if (outFile != NULL) {
+	fclose(outFile);
+    }
+    if (rc != 0) {
+	rc = EXIT_FAILURE;
+    }
+    return rc;
+}
+
+/* Format_FromHexAscii() converts 'string' in hex ascii to 'binary' of 'length'
+
+   It assumes that the string has enough bytes to accommodate the length.
+*/
+
+static int Format_FromHexascii(unsigned char *binary,
+			       const char *string,
+			       size_t length)
+{
+    int 	rc = 0;
+    size_t	i;
+
+    for (i = 0 ; (rc == 0) && (i < length) ; i++) {
+	rc = Format_ByteFromHexascii(binary + i,
+				     string + (i * 2));
+	
+    }
+    return rc;
+}
+
+/* Format_ByteFromHexAscii() converts two bytes of hex ascii to one byte of binary
+ */
+
+static int Format_ByteFromHexascii(unsigned char *byte,
+				   const char *string)
+{
+    int 	rc = 0;
+    size_t	i;
+    char	c;
+    *byte 	= 0;
+    
+    for (i = 0 ; (rc == 0) && (i < 2) ; i++) {
+	(*byte) <<= 4;		/* big endian, shift up the nibble */
+	c = *(string + i);	/* extract the next character from the string */
+
+	if ((c >= '0') && (c <= '9')) {
+	    *byte += c - '0';
+	}
+	else if ((c >= 'a') && (c <= 'f')) {
+	    *byte += c + 10 - 'a';
+	}
+	else if ((c >= 'A') && (c <= 'F')) {
+	    *byte += c + 10 - 'A';
+	}
+	else {
+	    printf("Format_ByteFromHexascii: "
+		   "Error: Line has non hex ascii character: %02x %c\n", c, c);
+	    rc = EXIT_FAILURE;
+	}
+    }
+    return rc;
+}
+
+
+static void printUsage(void)
+{
+    printf("\n");
+    printf("policymaker\n");
+    printf("\n");
+    printf("\t[-halg\thash algorithm (sha1 sha256 sha384 sha512) (default sha256)]\n");
+    printf("\t[-nz\tdo not extend starting with zeros, just hash the last line]\n");
+    printf("\t-if\tinput policy statements in hex ascii\n");
+    printf("\t[-of\toutput file - policy hash in binary]\n");
+    printf("\t[-pr\tstdout - policy hash in hex ascii]\n");
+    printf("\t[-ns\tadditionally print policy hash in hex ascii on one line]\n");
+    printf("\t\tUseful to paste into policy OR\n");
+    printf("\n");
+    exit(1);	
+}