From 3dd13d39ca2025821602adbd1434f38e29ac6635 Mon Sep 17 00:00:00 2001 From: "wenxin.leong" Date: Wed, 4 May 2022 15:56:19 +0800 Subject: [PATCH] Add optional parameter for setting hash algorithm Add a new optional parameter (e.g., 'sha1', 'sha256') to set the hash algorithm for option '-a', '-e', '-r', and '-s'. If the parameter is not present, default value is SHA-1. --- README.md | 70 +++++++++++++++++++++++++------------------ README.txt | 82 ++++++++++++++++++++++++++++---------------------- eltt2.c | 87 +++++++++++++++++++++++++----------------------------- eltt2.h | 58 +++++++++++++++++++++++++++++++----- 4 files changed, 178 insertions(+), 119 deletions(-) diff --git a/README.md b/README.md index aee6d34..18d78dc 100644 --- a/README.md +++ b/README.md @@ -56,34 +56,37 @@ Some options require the TPM to be in a specific state. This state is shown in b To get the TPM into the required state, call ELTT2 with the corresponding commands ("x" for a state means that whether this state is required or not depends on the actual command or the command parameters sent eventually to the TPM). - Command line option | Explanation | Precondition - --- | --- | --- - -a \ | Hash Sequence SHA-1 | \[u\] - -A \ | Hash Sequence SHA-256 | \[u\] - -b \ | Enter your own TPM command | \[u\] - -c | Read Clock | \[u\] - -d \ | Shutdown | \[u\] - -e \ \ | PCR Extend SHA-1 | \[u\] - -E \ \ | PCR Extend SHA-256 | \[u\] - -g | Get fixed capability values | \[u\] - -v | Get variable capability values | \[u\] - -G \ | Get Random | \[u\] - -h | Help | \[-\] - -r \ | PCR Read SHA-1 | \[u\] - -R \ | PCR Read SHA-256 | \[u\] - -s \ | Hash SHA-1 | \[u\] - -S \ | Hash SHA-256 | \[u\] - -t \ | Self Test | \[u\] - -T | Get Test Result | \[u\] - -u \ | Startup | \[-\] - -z \ | PCR Reset | \[u\] + Command line option | Explanation | Precondition + --- | --- | --- + -a \[hash algorithm\] \ | Hash Sequence SHA-1/SHA-256 \[default: SHA-1\] | \[u\] + -A \ | Hash Sequence SHA-256 | \[u\] + -b \ | Enter your own TPM command | \[u\] + -c | Read Clock | \[u\] + -d \ | Shutdown | \[u\] + -e \[hash algorithm\] \ \ | PCR Extend SHA-1/SHA-256 \[default: SHA-1\] | \[u\] + -E \ \ | PCR Extend SHA-256 | \[u\] + -g | Get fixed capability values | \[u\] + -v | Get variable capability values | \[u\] + -G \ | Get Random | \[u\] + -h | Help | \[-\] + -r \[hash algorithm\] \ | PCR Read SHA-1/SHA-256 \[default: SHA-1\] | \[u\] + -R \ | PCR Read SHA-256 | \[u\] + -s \[hash algorithm\] \ | Hash SHA-1/SHA-256 \[default: SHA-1\] | \[u\] + -S \ | Hash SHA-256 | \[u\] + -t \ | Self Test | \[u\] + -T | Get Test Result | \[u\] + -u \ | Startup | \[-\] + -z \ | PCR Reset | \[u\] Additional information: -a:
-With the "-a" command you can hash given data with the SHA-1 hash algorithm. This hash sequence sends 3 commands [start, update, complete] to the TPM and allows to hash an arbitrary amount of data. For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}:
- ./eltt2 -a 41624364 +With the "-a" command you can hash given data with the SHA-1/SHA-256 hash algorithm. This hash sequence sends 3 commands [start, update, complete] to the TPM and allows to hash an arbitrary amount of data. For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}:
+./eltt2 -a 41624364 Hash given data with SHA-1 hash algorithm.
+or
+./eltt2 -a sha1 41624364 Hash given data with SHA-1 hash algorithm.
+./eltt2 -a sha256 41624364 Hash given data with SHA-256 hash algorithm.
-A:
With the "-A" command you can hash given data with the SHA-256 hash algorithm. This hash sequence sends 3 commands [start, update, complete] to the TPM and allows to hash an arbitrary amount of data. For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}:
@@ -104,8 +107,11 @@ or
./eltt2 -d state send a TPM2_Shutdown command with shutdown type STATE to the TPM.
-e:
- With the "-e" command you can extend bytes in the selected PCR with SHA-1. To do so, you have to enter the index of PCR in hexadecimal that you like to extend and the digest you want to extend the selected PCR with. Note that you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest must have a length of 20 bytes (will be padded with 0 if necessary). The TPM then builds an SHA-1 hash over the PCR data in the selected PCR and the digest you provided and writes the result back to the selected PCR. For example, use the following command to extend PCR 23 (0x17) with the byte sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}:
- ./eltt2 -e 17 41624364 + With the "-e" command you can extend bytes in the selected PCR with SHA-1/SHA-256. To do so, you have to enter the index of PCR in hexadecimal that you like to extend and the digest you want to extend the selected PCR with. Note that you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest must have a length of 20/32 bytes (will be padded with 0 if necessary). The TPM then builds an SHA-1/SHA-256 hash over the PCR data in the selected PCR and the digest you provided and writes the result back to the selected PCR. For example, use the following command to extend PCR 23 (0x17) with the byte sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}:
+./eltt2 -e 17 41624364 Extend bytes in PCR 23 with SHA-1.
+or
+./eltt2 -e sha1 17 41624364 Extend bytes in PCR 23 with SHA-1.
+./eltt2 -e sha256 17 41624364 Extend bytes in PCR 23 with SHA-256.
-E:
With the "-E" command you can extend bytes in the selected PCR with SHA-256. To do so, you have to enter the index of PCR in hexadecimal that you like to extend and the digest you want to extend the selected PCR with. Note that you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest must have a length of 32 bytes (will be padded with 0 if necessary). The TPM then builds an SHA-256 hash over the PCR data in the selected PCR and the digest you provided and writes the result back to the selected PCR. For example, use the following command to extend PCR 23 (0x17) with the byte sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}:
@@ -122,16 +128,22 @@ With the "-G" command you can get a given amount of random bytes. Note that you ./eltt2 -G 14 -r:
-With the "-r" command you can read data from a selected SHA-1 PCR. For example, use the following command to read data from PCR 23 (0x17):
-./eltt2 -r 17 +With the "-r" command you can read data from a selected SHA-1/SHA-256 PCR. For example, use the following command to read data from PCR 23 (0x17):
+./eltt2 -r 17 Read data from SHA-1 PCR 23.
+or
+./eltt2 -r sha1 17 Read data from SHA-1 PCR 23.
+./eltt2 -r sha256 17 Read data from SHA-256 PCR 23.
-R:
With the "-R" command you can read data from a selected SHA-256 PCR. For example, use the following command to read data from PCR 23 (0x17):
./eltt2 -R 17 -s:
-With the "-s" command you can hash given data with the SHA-1 hash algorithm. This command only allows a limited amount of data to be hashed (depending on the TPM's maximum input buffer size). For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}:
- ./eltt2 -s 41624364 +With the "-s" command you can hash given data with the SHA-1/SHA-256 hash algorithm. This command only allows a limited amount of data to be hashed (depending on the TPM's maximum input buffer size). For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}:
+./eltt2 -s 41624364 Hash given data with SHA-1 hash algorithm.
+or
+./eltt2 -s sha1 41624364 Hash given data with SHA-1 hash algorithm.
+./eltt2 -s sha256 41624364 Hash given data with SHA-256 hash algorithm.
-S:
With the "-S" command you can hash given data with the SHA-256 hash algorithm. This command only allows a limited amount of data to be hashed (depending on the TPM input buffer size). For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}:
diff --git a/README.txt b/README.txt index 242cf92..39f4173 100644 --- a/README.txt +++ b/README.txt @@ -106,56 +106,59 @@ Contents: the TPM). - Command line options: Preconditions: + Command line options: Preconditions: - -a : Hash Sequence SHA-1 [u] + -a [hash algorithm] : Hash Sequence SHA-1/SHA-256 [default: SHA-1] [u] - -A : Hash Sequence SHA-256 [u] + -A : Hash Sequence SHA-256 [u] - -b : Enter your own TPM command [u] + -b : Enter your own TPM command [u] - -c: Read Clock [u] + -c: Read Clock [u] - -d : Shutdown [u] + -d : Shutdown [u] - -e: PCR Extend SHA-1 [u] + -e [hash algorithm] : PCR Extend SHA-1/SHA-256 [default: SHA-1] [u] - -E: PCR Extend SHA-256 [u] + -E : PCR Extend SHA-256 [u] - -g: Get fixed capability values [u] + -g: Get fixed capability values [u] - -v: Get variable capability values [u] + -v: Get variable capability values [u] - -G : Get Random [u] + -G : Get Random [u] - -h: Help [-] + -h: Help [-] - -r : PCR Read SHA-1 [u] + -r [hash algorithm] : PCR Read SHA-1/SHA-256 [default: SHA-1] [u] - -R : PCR Read SHA-256 [u] + -R : PCR Read SHA-256 [u] - -s : Hash SHA-1 [u] + -s [hash algorithm] : Hash SHA-1/SHA256 [default: SHA-1] [u] - -S : Hash SHA-256 [u] + -S : Hash SHA-256 [u] - -t : Self Test [u] + -t : Self Test [u] - -T: Get Test Result [u] + -T: Get Test Result [u] - -u : Startup [-] + -u : Startup [-] - -z : PCR Reset [u] + -z : PCR Reset [u] Additional information: -a: - With the "-a" command you can hash given data with the SHA-1 hash algorithm. - This hash sequence sends 3 commands [start, update, complete] to the TPM and - allows to hash an arbitrary amount of data. + With the "-a" command you can hash given data with the SHA-1/SHA-256 hash + algorithm. This hash sequence sends 3 commands [start, update, complete] + to the TPM and allows to hash an arbitrary amount of data. For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}: - ./eltt2 -a 41624364 + ./eltt2 -a 41624364 Hash given data with SHA-1 hash algorithm. + or + ./eltt2 -a sha1 41624364 Hash given data with SHA-1 hash algorithm. + ./eltt2 -a sha256 41624364 Hash given data with SHA-256 hash algorithm. -A: With the "-A" command you can hash given data with the SHA-256 hash @@ -185,16 +188,19 @@ Contents: the TPM. -e: - With the "-e" command you can extend bytes in the selected PCR with SHA-1. + With the "-e" command you can extend bytes in the selected PCR with SHA-1/SHA-256. To do so, you have to enter the index of PCR in hexadecimal that you like to extend and the digest you want to extend the selected PCR with. Note that you can only extend PCRs with index 0 to 16 and PCR 23 and that the digest - must have a length of 20 bytes (will be padded with 0 if necessary). - The TPM then builds an SHA-1 hash over the PCR data in the selected PCR and - the digest you provided and writes the result back to the selected PCR. + must have a length of 20/32 bytes (will be padded with 0 if necessary). + The TPM then builds an SHA-1/SHA-256 hash over the PCR data in the selected PCR + and the digest you provided and writes the result back to the selected PCR. For example, use the following command to extend PCR 23 (0x17) with the byte sequence {0x41, 0x62, 0x43, 0x64, 0x00, ... (will be filled with 0x00)}: - ./eltt2 -e 17 41624364 + ./eltt2 -e 17 41624364 Extend bytes in PCR 23 with SHA-1. + or + ./eltt2 -e sha1 17 41624364 Extend bytes in PCR 23 with SHA-1. + ./eltt2 -e sha256 17 41624364 Extend bytes in PCR 23 with SHA-256. -E: With the "-E" command you can extend bytes in the selected PCR with SHA-256. @@ -221,9 +227,12 @@ Contents: ./eltt2 -G 14 -r: - With the "-r" command you can read data from a selected SHA-1 PCR. + With the "-r" command you can read data from a selected SHA-1/SHA-256 PCR. For example, use the following command to read data from PCR 23 (0x17): - ./eltt2 -r 17 + ./eltt2 -r 17 Read data from SHA-1 PCR 23. + or + ./eltt2 -r sha1 17 Read data from SHA-1 PCR 23. + ./eltt2 -r sha256 17 Read data from SHA-256 PCR 23. -R: With the "-R" command you can read data from a selected SHA-256 PCR. @@ -231,12 +240,15 @@ Contents: ./eltt2 -R 17 -s: - With the "-s" command you can hash given data with the SHA-1 hash algorithm. - This command only allows a limited amount of data to be hashed (depending on - the TPM's maximum input buffer size). + With the "-s" command you can hash given data with the SHA-1/SHA-256 hash + algorithm. This command only allows a limited amount of data to be hashed + (depending on the TPM's maximum input buffer size). For example, use the following command to hash the byte sequence {0x41, 0x62, 0x43, 0x64}: - ./eltt2 -s 41624364 + ./eltt2 -s 41624364 Hash given data with SHA-1 hash algorithm. + or + ./eltt2 -s sha1 41624364 Hash given data with SHA-1 hash algorithm. + ./eltt2 -s sha256 41624364 Hash given data with SHA-256 hash algorithm. -S: With the "-S" command you can hash given data with the SHA-256 hash diff --git a/eltt2.c b/eltt2.c index 01151f1..128f090 100644 --- a/eltt2.c +++ b/eltt2.c @@ -58,6 +58,7 @@ int main(int argc, char **argv) size_t input_bytes_size = 0; // Size of input_bytes. int no_transmission = 0; // Flag to skip the transmission call, e.g. in case of command line option -h. int tpm_error = 0; // Flag to indicate whether a TPM response has returned a TPM error code or not. + hash_algo_enum hash_algo = ALG_NULL; // Variable to indicate the selected hash algorithm. // ---------- Program flow ---------- printf("\n"); @@ -87,7 +88,9 @@ int main(int argc, char **argv) { case 'a': // TPM2_HashSequenceStart SHA-1 case 'A': // TPM2_HashSequenceStart SHA-256 - ret_val = create_hash_sequence(optarg, option, tpm_response_buf, &tpm_response_buf_size); + HASH_ALG_PARSER('a', 3); + + ret_val = create_hash_sequence(optarg, hash_algo, tpm_response_buf, &tpm_response_buf_size); break; case 'b': // Enter your own command bytes @@ -130,15 +133,17 @@ int main(int argc, char **argv) if (4 > argc) { ret_val = ERR_BAD_CMD; - fprintf(stderr, "The command '-%c' needs two arguments. Use '-h' for more information.\n", option); + fprintf(stderr, "The command '-%c' needs minimum two arguments. Use '-h' for more information.\n", option); // Set the argument count to the next option for error handling. optind += 2; break; } + HASH_ALG_PARSER('e', 4); + // Allocate the input buffer for pcr_extend and tpmtool_transmit. - if ('e' == option) + if (ALG_SHA1 == hash_algo) { input_bytes_size = sizeof(tpm2_pcr_extend) + TPM_SHA1_DIGEST_SIZE; } @@ -151,7 +156,7 @@ int main(int argc, char **argv) memset(input_bytes, 0, input_bytes_size); // Create PCR_Extend TPM request. - ret_val = pcr_extend(optarg, argv[optind], input_bytes, input_bytes_size, option); + ret_val = pcr_extend(optarg, argv[optind], input_bytes, input_bytes_size, hash_algo); // Set the argument count to the next option for error handling. optind++; @@ -193,6 +198,8 @@ int main(int argc, char **argv) case 'r': // PCR_Read SHA-1 case 'R': // PCR_Read SHA-256 + HASH_ALG_PARSER('r', 3); + // Allocate the input buffer for pcr_read and tpmtool_transmit. input_bytes_size = sizeof(tpm2_pcr_read); input_bytes = malloc(input_bytes_size); @@ -200,7 +207,7 @@ int main(int argc, char **argv) memset(input_bytes, 0, input_bytes_size); // Create PCR_Read TPM request. - ret_val = pcr_read(optarg, input_bytes, option); + ret_val = pcr_read(optarg, input_bytes, hash_algo); RET_VAL_CHECK(ret_val); // Send bytes to TPM. @@ -209,6 +216,8 @@ int main(int argc, char **argv) case 's': // Hash SHA-1 case 'S': // Hash SHA-256 + HASH_ALG_PARSER('s', 3); + // Allocate the input buffer for create_hash and tpmtool_transmit. input_bytes_size = strlen(optarg) / HEX_BYTE_STRING_LENGTH + strlen(optarg) % HEX_BYTE_STRING_LENGTH + sizeof(tpm2_hash); input_bytes = malloc(input_bytes_size); @@ -216,7 +225,7 @@ int main(int argc, char **argv) memset(input_bytes, 0, input_bytes_size); // Create Hash TPM request. - ret_val = create_hash(optarg, option, input_bytes, input_bytes_size); + ret_val = create_hash(optarg, hash_algo, input_bytes, input_bytes_size); RET_VAL_CHECK(ret_val); // Send bytes to TPM. @@ -715,8 +724,9 @@ static int print_response_buf(uint8_t *response_buf, size_t resp_size, uint32_t static void print_help() { - printf("'-a ': Hash Sequence SHA-1\n"); - printf(" -> Data bytes: Enter a byte sequence like '0F56...' for {0x0f, 0x56, ...}\n"); + printf("'-a [hash algorithm] ': Hash Sequence SHA-1/SHA-256 [default: SHA-1]\n"); + printf(" -> Hash algorithm: Enter hash algorithm like 'sha1', 'sha256'\n"); + printf(" Data bytes: Enter a byte sequence like '0F56...' for {0x0f, 0x56, ...}\n"); printf("'-A ': Hash Sequence SHA-256\n"); printf(" -> Data bytes: Enter a byte sequence like '0F56...' for {0x0f, 0x56, ...}\n"); printf("'-b ': Enter your own TPM command\n"); @@ -724,8 +734,9 @@ static void print_help() printf("'-c': Read Clock\n"); printf("'-d ': Shutdown\n"); printf(" -> Shutdown types: clear [default], state\n"); - printf("'-e ': PCR Extend SHA-1\n"); - printf(" -> PCR index: Enter the PCR index in hex like '17' for 0x17\n"); + printf("'-e [hash algorithm] ': PCR Extend SHA-1/SHA-256 [default: SHA-1]\n"); + printf(" -> Hash algorithm: Enter hash algorithm like 'sha1', 'sha256'\n"); + printf(" PCR index: Enter the PCR index in hex like '17' for 0x17\n"); printf(" PCR digest: Enter the value to extend the PCR with in hex like '0f56...' for {0x0f, 0x56, ...}\n"); printf("'-E ': PCR Extend SHA-256\n"); printf(" -> PCR index: Enter the PCR index in hex like '17' for 0x17\n"); @@ -735,12 +746,14 @@ static void print_help() printf("'-G ': Get Random\n"); printf(" -> Enter desired number of random bytes in hex like '20' for 0x20 (=32 bytes, maximum)\n"); printf("'-h': Help\n"); - printf("'-r ': PCR Read SHA-1\n"); - printf(" -> PCR index: Enter PCR number in hex like '17' for 0x17\n"); + printf("'-r [hash algorithm] ': PCR Read SHA-1/SHA-256 [default: SHA-1]\n"); + printf(" -> Hash algorithm: Enter hash algorithm like 'sha1', 'sha256'\n"); + printf(" PCR index: Enter PCR number in hex like '17' for 0x17\n"); printf("'-R ': PCR Read SHA-256\n"); printf(" -> PCR index: Enter PCR number in hex like '17' for 0x17\n"); - printf("'-s ': Hash SHA-1\n"); - printf(" -> Data bytes: Enter a byte sequence like '0F56...' for {0x0f, 0x56, ...}\n"); + printf("'-s [hash algorithm] ': Hash SHA-1/SHA-256 [default: SHA-1]\n"); + printf(" -> Hash algorithm: Enter hash algorithm like 'sha1', 'sha256'\n"); + printf(" Data bytes: Enter a byte sequence like '0F56...' for {0x0f, 0x56, ...}\n"); printf("'-S ': Hash SHA-256\n"); printf(" -> Data bytes: Enter a byte sequence like '0F56...' for {0x0f, 0x56, ...}\n"); printf("'-t ': SelfTest\n"); @@ -1208,7 +1221,7 @@ static int get_random(char *data_length_string, uint8_t *response_buf) return ret_val; } -static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, uint32_t hash_cmd_buf_size) +static int create_hash(char *data_string, hash_algo_enum hash_algo, uint8_t *hash_cmd_buf, uint32_t hash_cmd_buf_size) { int ret_val = EXIT_SUCCESS; // Return value. uint32_t offset = 0; // Helper offset for generating command request. @@ -1220,13 +1233,6 @@ static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, ui NULL_POINTER_CHECK(data_string); NULL_POINTER_CHECK(hash_cmd_buf); - if ('s' != option && 'S' != option) - { - ret_val = EINVAL; - fprintf(stderr, "Bad parameter. Option argument must be 's' or 'S'.\n"); - break; - } - if (TPM_REQ_MAX_SIZE < hash_cmd_buf_size) { ret_val = EINVAL; @@ -1259,7 +1265,7 @@ static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, ui memcpy(hash_cmd_buf, tpm2_hash, sizeof(tpm2_hash)); // Set hash algorithm, command and data sizes depending on user input option at the correct byte index in the command byte stream. - if ('s' == option) + if (ALG_SHA1 == hash_algo) { tpm_hash_alg = sha1_alg; printf("\nTPM2_Hash of '%s' with SHA-1:\n", data_string); @@ -1292,7 +1298,7 @@ static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, ui return ret_val; } -static int create_hash_sequence(char *data_string, char option, uint8_t *tpm_response_buf, ssize_t *tpm_response_buf_size) +static int create_hash_sequence(char *data_string, hash_algo_enum hash_algo, uint8_t *tpm_response_buf, ssize_t *tpm_response_buf_size) { int ret_val = EXIT_SUCCESS; // Return value. uint16_t data_string_bytes_size = 0; // Size of user input data string in bytes. @@ -1330,16 +1336,10 @@ static int create_hash_sequence(char *data_string, char option, uint8_t *tpm_res break; } - if ('a' != option && 'A' != option) - { - ret_val = EINVAL; - fprintf(stderr, "Bad parameter. Option argument must be 'a' or 'A'.\n"); - break; - } original_response_buf_size = *tpm_response_buf_size; // Set hash algorithm depending on user input option at the correct byte index in the command byte stream. - if ('a' == option) + if (ALG_SHA1 == hash_algo) { printf("\nTPM2_HashSequenceStart of '%s' with SHA-1:\n", data_string); memcpy(tpm2_hash_sequence_start + 12, sha1_alg, sizeof(sha1_alg)); @@ -1463,7 +1463,7 @@ static int create_hash_sequence(char *data_string, char option, uint8_t *tpm_res return ret_val; } -static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cmd_buf, size_t pcr_cmd_buf_size, char option) +static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cmd_buf, size_t pcr_cmd_buf_size, hash_algo_enum hash_algo) { int ret_val = EXIT_SUCCESS; // Return value. uint8_t pcr_index = 0; // PCR index user input byte. @@ -1490,7 +1490,7 @@ static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cm memset(pcr_cmd_buf, 0, pcr_cmd_buf_size); - if ('e' != option && 'E' != option) + if (ALG_SHA1 != hash_algo && ALG_SHA256 != hash_algo) { ret_val = EINVAL; fprintf(stderr, "Bad parameter. Option argument must be 'e' or 'E'.\n"); @@ -1515,13 +1515,13 @@ static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cm // Check the command line input (PCR digest). pcr_digest_size = strlen(pcr_digest_str) / HEX_BYTE_STRING_LENGTH + strlen(pcr_digest_str) % HEX_BYTE_STRING_LENGTH; - if ('e' == option && TPM_SHA1_DIGEST_SIZE < pcr_digest_size) + if (ALG_SHA1 == hash_algo && TPM_SHA1_DIGEST_SIZE < pcr_digest_size) { ret_val = ERR_BAD_CMD; fprintf(stderr, "Bad option. Maximum SHA-1 PCR digest size is 20 byte (40 characters), but you entered %u byte.\n", pcr_digest_size); break; } - if ('E' == option && TPM_SHA256_DIGEST_SIZE < pcr_digest_size) + if (ALG_SHA256 == hash_algo && TPM_SHA256_DIGEST_SIZE < pcr_digest_size) { ret_val = ERR_BAD_CMD; fprintf(stderr, "Bad option. Maximum SHA-256 PCR digest size is 32 byte (64 characters), but you entered %u byte.\n", pcr_digest_size); @@ -1539,13 +1539,13 @@ static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cm RET_VAL_CHECK(ret_val); // Set hash algorithm and command length depending on user input option at the correct byte index in the command byte stream. - if ('e' == option) + if (ALG_SHA1 == hash_algo) { pcr_cmd_buf[5] = sizeof(tpm2_pcr_extend) + TPM_SHA1_DIGEST_SIZE; memcpy(pcr_cmd_buf + 31, sha1_alg, sizeof(sha1_alg)); printf("Extend PCR %i (SHA-1) with digest { ", pcr_index); } - else if ('E' == option) + else if (ALG_SHA256 == hash_algo) { pcr_cmd_buf[5] = sizeof(tpm2_pcr_extend) + TPM_SHA256_DIGEST_SIZE; memcpy(pcr_cmd_buf + 31, sha256_alg, sizeof(sha256_alg)); @@ -1558,7 +1558,7 @@ static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cm return ret_val; } -static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, char option) +static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, hash_algo_enum hash_algo) { int ret_val = EXIT_SUCCESS; // Return value. int pcr_byte_index = 0; // The location for pcr_select on pcr_cmd_buf. @@ -1572,13 +1572,6 @@ static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, char option) memset(pcr_cmd_buf, 0, 20); - if ('r' != option && 'R' != option) - { - ret_val = EINVAL; - fprintf(stderr, "Bad parameter. Option argument must be 'r' or 'R'.\n"); - break; - } - // Convert the command line input to bytes. if (1 != strlen(pcr_index_str) / HEX_BYTE_STRING_LENGTH + strlen(pcr_index_str) % HEX_BYTE_STRING_LENGTH) { @@ -1610,12 +1603,12 @@ static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, char option) pcr_cmd_buf[17 + pcr_byte_index] = pcr_select; // Set hash algorithm depending on user input option at the correct byte index in the command byte stream. - if ('r' == option) + if (ALG_SHA1 == hash_algo) { memcpy(pcr_cmd_buf + 14, sha1_alg, sizeof(sha1_alg)); printf("Read PCR %i (SHA-1):\n", pcr_index); } - else if ('R' == option) + else if (ALG_SHA256 == hash_algo) { memcpy(pcr_cmd_buf + 14, sha256_alg, sizeof(sha256_alg)); printf("Read PCR %i (SHA-256):\n", pcr_index); diff --git a/eltt2.h b/eltt2.h index b67fd82..6e7ca36 100644 --- a/eltt2.h +++ b/eltt2.h @@ -123,6 +123,48 @@ #define MEMSET_FREE(x, y) if (NULL != x) { memset(x, 0, y); free(x); x = NULL; } ///< Sets memory to 0, frees memory and sets pointer to NULL. // Return value check #define RET_VAL_CHECK(x) if (EXIT_SUCCESS != x) { break; } ///< Return value check +// Command line option parser for hash algorithm +#define HASH_ALG_PARSER(o, c) \ + do { \ + if (o == option) \ + { \ + if (c == argc) \ + { \ + hash_algo = ALG_SHA1; \ + } \ + else \ + { \ + if (0 == strcasecmp(optarg, "sha1")) \ + { \ + hash_algo = ALG_SHA1; \ + } \ + else if (0 == strcasecmp(optarg, "sha256")) \ + { \ + hash_algo = ALG_SHA256; \ + } \ + else \ + { \ + ret_val = ERR_BAD_CMD; \ + fprintf(stderr, "Unknown option. Use '-h' for more information.\n"); \ + break; \ + } \ + optarg = argv[optind++]; \ + } \ + } \ + else \ + { \ + hash_algo = ALG_SHA256; \ + } \ + } while (0) + +//--------------"Enums"-------------- +// Hash algorithms +typedef enum hash_algo_enum +{ + ALG_NULL, + ALG_SHA1, + ALG_SHA256, +} hash_algo_enum; //-------------"Methods"------------- /** @@ -173,7 +215,7 @@ static int int_to_bytearray(uint64_t input, uint32_t input_size, uint8_t *output * @param [in] *pcr_digest_str User input string of value to extend the selected PCR with. * @param [out] *pcr_cmd_buf Return buffer for the complete command. Must be allocated by caller. * @param [in] *pcr_cmd_buf_size Size of memory allocated at pcr_cmd_buf in bytes. - * @param [in] *option Set to 'e' for extending with SHA-1 and to 'E' for SHA-256. + * @param [in] hash_algo Set to ALG_SHA1 for extending with SHA-1 and to ALG_SHA256 for SHA-256. * @return One of the listed return codes. * @retval EINVAL In case of a NULL pointer or an invalid option. * @retval EXIT_SUCCESS In case of success. @@ -181,13 +223,13 @@ static int int_to_bytearray(uint64_t input, uint32_t input_size, uint8_t *output * @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray. * @date 2014/06/26 */ -static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cmd_buf, size_t pcr_cmd_buf_size, char option); +static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cmd_buf, size_t pcr_cmd_buf_size, hash_algo_enum hash_algo); /** * @brief Create the PCR_Read command. * @param [in] *pcr_index_str User input string for PCR index. * @param [out] *pcr_cmd_buf Return buffer for the complete command. - * @param [in] *option Set to 'r' for reading with SHA-1 and to 'R' for SHA-256. + * @param [in] hash_algo Set to ALG_SHA1 for reading with SHA-1 and to ALG_SHA256 for SHA-256. * @return One of the listed return codes. * @retval EINVAL In case of a NULL pointer or an invalid option. * @retval EXIT_SUCCESS In case of success. @@ -195,7 +237,7 @@ static int pcr_extend(char *pcr_index_str, char *pcr_digest_str, uint8_t *pcr_cm * @retval hexstr_to_bytearray All error codes from hexstr_to_bytearray. * @date 2014/06/26 */ -static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, char option); +static int pcr_read(char *pcr_index_str, uint8_t *pcr_cmd_buf, hash_algo_enum hash_algo); /** * @brief Create the PCR_Reset command. @@ -313,7 +355,7 @@ static int get_random(char *data_length_string, uint8_t *response_buf); /** * @brief Create the simple hash command. * @param [in] *data_string User input string of data to be hashed. - * @param [in] option Set to 's' for hashing with SHA-1 and to 'S' for SHA-256. + * @param [in] hash_algo Set to ALG_SHA1 for hashing with SHA-1 and to ALG_SHA256 for SHA-256. * @param [out] *hash_cmd_buf Return buffer for the complete command. * @param [in] hash_cmd_buf_size Return buffer size. * @return One of the listed return codes. @@ -323,12 +365,12 @@ static int get_random(char *data_length_string, uint8_t *response_buf); * @retval int_to_bytearray All error codes from int_to_bytearray. * @date 2014/06/26 */ -static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, uint32_t hash_cmd_buf_size); +static int create_hash(char *data_string, hash_algo_enum hash_algo, uint8_t *hash_cmd_buf, uint32_t hash_cmd_buf_size); /** * @brief Create and transmit a sequence of TPM commands for hashing larger amounts of data. * @param [in] *data_string User input string of data to be hashed. - * @param [in] option Set to 'a' for hashing with SHA-1 and to 'A' for SHA-256. + * @param [in] hash_algo Set to ALG_SHA1 for hashing with SHA-1 and to ALG_SHA256 for SHA-256. * @param [out] *tpm_response_buf TPM response. * @param [out] *tpm_response_buf_size Size of tpm_response_buf. * @return One of the listed return codes or the error code stored in the global errno system variable. @@ -342,7 +384,7 @@ static int create_hash(char *data_string, char option, uint8_t *hash_cmd_buf, ui * @retval print_response_buf All error codes from print_response_buf * @date 2014/06/26 */ -static int create_hash_sequence(char *data_string, char option, uint8_t *tpm_response_buf, ssize_t *tpm_response_buf_size); +static int create_hash_sequence(char *data_string, hash_algo_enum hash_algo, uint8_t *tpm_response_buf, ssize_t *tpm_response_buf_size); //-------------"command bytes"------------- static const uint8_t tpm2_startup_clear[] = {