This patch adds functions for parsing NVRAM related data structures. It follows the same pattern as all the other functions that are there for deserializing data structures -- which are unfortunately 'unsafe'.
Signed-off-by: Stefan Berger <[email protected]> --- src/include/trousers/trousers.h | 3 ++ src/trspi/trousers.c | 60 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) Index: trousers/src/trspi/trousers.c =================================================================== --- trousers.orig/src/trspi/trousers.c +++ trousers/src/trspi/trousers.c @@ -2737,3 +2737,63 @@ Trspi_UnloadBlob_CAP_VERSION_INFO(UINT64 return TSS_SUCCESS; } + +TSS_RESULT +Trspi_UnloadBlob_NV_INDEX(UINT64 *offset, BYTE *blob, TPM_NV_INDEX *v) +{ + if (!v) { + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT32(offset, v, blob); + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_UnloadBlob_NV_ATTRIBUTES(UINT64 *offset, BYTE *blob, TPM_NV_ATTRIBUTES *v) +{ + if (!v) { + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &v->tag, blob); + Trspi_UnloadBlob_UINT32(offset, &v->attributes, blob); + + return TSS_SUCCESS; +} + +TSS_RESULT +Trspi_UnloadBlob_NV_DATA_PUBLIC(UINT64 *offset, BYTE *blob, TPM_NV_DATA_PUBLIC *v) +{ + if (!v) { + Trspi_UnloadBlob_UINT16(offset, NULL, blob); + Trspi_UnloadBlob_NV_INDEX(offset, blob, NULL); + Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, NULL); + Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, NULL); + Trspi_UnloadBlob_NV_ATTRIBUTES(offset, blob, NULL); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_BYTE(offset, NULL, blob); + Trspi_UnloadBlob_UINT32(offset, NULL, blob); + + return TSS_SUCCESS; + } + + Trspi_UnloadBlob_UINT16(offset, &v->tag, blob); + Trspi_UnloadBlob_NV_INDEX(offset, blob, &v->nvIndex); + Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, &v->pcrInfoRead); + Trspi_UnloadBlob_PCR_INFO_SHORT(offset, blob, &v->pcrInfoWrite); + Trspi_UnloadBlob_NV_ATTRIBUTES(offset, blob, &v->permission); + Trspi_UnloadBlob_BYTE(offset, &v->bReadSTClear, blob); + Trspi_UnloadBlob_BYTE(offset, &v->bWriteSTClear, blob); + Trspi_UnloadBlob_BYTE(offset, &v->bWriteDefine, blob); + Trspi_UnloadBlob_UINT32(offset, &v->dataSize, blob); + + return TSS_SUCCESS; +} Index: trousers/src/include/trousers/trousers.h =================================================================== --- trousers.orig/src/include/trousers/trousers.h +++ trousers/src/include/trousers/trousers.h @@ -72,6 +72,9 @@ TSS_RESULT Trspi_UnloadBlob_TSS_PCR_INFO TSS_RESULT Trspi_UnloadBlob_TSS_DELEGATION_TABLE_ENTRY(UINT64 *offset, BYTE *blob, TSS_DELEGATION_TABLE_ENTRY *entry); TSS_RESULT Trspi_UnloadBlob_TSS_PLATFORM_CLASS(UINT64 *offset, BYTE *blob, TSS_PLATFORM_CLASS *platClass); TSS_RESULT Trspi_UnloadBlob_CAP_VERSION_INFO(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v); +TSS_RESULT Trspi_UnloadBlob_NV_INDEX(UINT64 *offset, BYTE *blob, TPM_NV_INDEX *v); +TSS_RESULT Trspi_UnloadBlob_NV_ATTRIBUTES(UINT64 *offset, BYTE *blob, TPM_NV_ATTRIBUTES *v); +TSS_RESULT Trspi_UnloadBlob_NV_DATA_PUBLIC(UINT64 *offset, BYTE *blob, TPM_NV_DATA_PUBLIC *v); /* Blob loading functions */ void Trspi_LoadBlob_BOUND_DATA(UINT64 *, TCPA_BOUND_DATA, UINT32, BYTE *); ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
