2016-06-19 21:13:18 +02:00
|
|
|
/*
|
|
|
|
|
* Copyright 2016 The Chromium OS Authors. All rights reserved.
|
|
|
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
|
|
|
* found in the LICENSE file.
|
|
|
|
|
*/
|
|
|
|
|
#ifndef __SRC_LIB_TPM2_MARSHALING_H
|
|
|
|
|
#define __SRC_LIB_TPM2_MARSHALING_H
|
|
|
|
|
|
|
|
|
|
#include "tpm2_tlcl_structures.h"
|
|
|
|
|
|
|
|
|
|
/* The below functions are used to serialize/deserialize TPM2 commands. */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* tpm_marshal_command
|
|
|
|
|
*
|
|
|
|
|
* Given a structure containing a TPM2 command, serialize the structure for
|
|
|
|
|
* sending it to the TPM.
|
|
|
|
|
*
|
|
|
|
|
* @command: code of the TPM2 command to marshal
|
|
|
|
|
* @tpm_command_body: a pointer to the command specific structure
|
|
|
|
|
* @buffer: buffer where command is marshaled to
|
|
|
|
|
* @buffer_size: size of the buffer
|
|
|
|
|
*
|
|
|
|
|
* Returns number of bytes placed in the buffer, or -1 on error.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
int tpm_marshal_command(TPM_CC command, void *tpm_command_body,
|
tpm2: avoid comparison between signed and unsigned ints
The marshaling/unmarshaling code is using integer values to represent
room left in the buffer, to be able to communicate three conditions:
positive number means there is room left in the buffer, zero means
that the exact amount of data in the buffer was unmarshaled and
negative value means that the result of the operation did not fit into
the buffer.
The implementation is wrong though, as it compares directly signed and
unsigned values, which is illegal, as signed values get promoted to
unsigned by the compiler.
This patch changes the marshaling code to use size_t for the size, and
use zero as marshaling failure indication - after all the buffer where
the data is marshaled to should definitely be large enough, and it is
reasonable to expect at least some room left in it after marshaling.
The unmarshaling situation is different: we sure want to communicate
errors to the caller, but do not want to propagate error return values
through multiple layers. This patch keeps the size value in int, but
checks if it is negative separately, before comparing with positive
values.
BRANCH=none
BUG=chrome-os-partner:50645
TEST=with the rest of the patches applied kevin successfully boots up.
Change-Id: Ibfbd1b351e35e37c8925a78d095e4e8492805bad
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: b1e862c2a650fa5f6cb25a01fe61e848a696cf17
Original-Change-Id: Ie7552b333afaff9a1234c948caf9d9a64447b2e1
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358772
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/15610
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-07 19:52:46 +02:00
|
|
|
void *buffer, size_t buffer_size);
|
2016-06-19 21:13:18 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* tpm_unmarshal_response
|
|
|
|
|
*
|
|
|
|
|
* Given a buffer received from the TPM in response to a certain command,
|
|
|
|
|
* deserialize the buffer into the expeced response structure.
|
|
|
|
|
*
|
|
|
|
|
* struct tpm2_response is a union of all possible responses.
|
|
|
|
|
*
|
|
|
|
|
* @command: code of the TPM2 command for which a response is unmarshaled
|
|
|
|
|
* @response_body: buffer containing the serialized response.
|
|
|
|
|
* @response_size: number of bytes in the buffer containing response
|
|
|
|
|
*
|
|
|
|
|
* Returns a pointer to the deserialized response or NULL in case of
|
|
|
|
|
* unmarshaling problems.
|
|
|
|
|
*/
|
|
|
|
|
struct tpm2_response *tpm_unmarshal_response(TPM_CC command,
|
|
|
|
|
void *response_body,
|
tpm2: avoid comparison between signed and unsigned ints
The marshaling/unmarshaling code is using integer values to represent
room left in the buffer, to be able to communicate three conditions:
positive number means there is room left in the buffer, zero means
that the exact amount of data in the buffer was unmarshaled and
negative value means that the result of the operation did not fit into
the buffer.
The implementation is wrong though, as it compares directly signed and
unsigned values, which is illegal, as signed values get promoted to
unsigned by the compiler.
This patch changes the marshaling code to use size_t for the size, and
use zero as marshaling failure indication - after all the buffer where
the data is marshaled to should definitely be large enough, and it is
reasonable to expect at least some room left in it after marshaling.
The unmarshaling situation is different: we sure want to communicate
errors to the caller, but do not want to propagate error return values
through multiple layers. This patch keeps the size value in int, but
checks if it is negative separately, before comparing with positive
values.
BRANCH=none
BUG=chrome-os-partner:50645
TEST=with the rest of the patches applied kevin successfully boots up.
Change-Id: Ibfbd1b351e35e37c8925a78d095e4e8492805bad
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: b1e862c2a650fa5f6cb25a01fe61e848a696cf17
Original-Change-Id: Ie7552b333afaff9a1234c948caf9d9a64447b2e1
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358772
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/15610
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2016-07-07 19:52:46 +02:00
|
|
|
size_t response_size);
|
2016-06-19 21:13:18 +02:00
|
|
|
|
|
|
|
|
#endif // __SRC_LIB_TPM2_MARSHALING_H
|