<p>Philipp Deppenwiese has uploaded this change for <strong>review</strong>.</p><p><a href="https://review.coreboot.org/22735">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">security/tpm: Implement hashing function in TSS<br><br>* Implement hash_start, hash_update and hash_complete<br>functionality of the TPM into the TSS.<br>* TPM 1.2 and 2.0 support<br><br>Change-Id: Ib84513e8cbfe1ef11f495b873de0331178915c59<br>Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org><br>---<br>M src/security/tpm/tss.h<br>M src/security/tpm/tss/tcg-1.2/tss.c<br>M src/security/tpm/tss/tcg-1.2/tss_commands.h<br>M src/security/tpm/tss/tcg-2.0/tss.c<br>4 files changed, 118 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://review.coreboot.org:29418/coreboot refs/changes/35/22735/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h<br>index c680a33..3cc50ef 100644<br>--- a/src/security/tpm/tss.h<br>+++ b/src/security/tpm/tss.h<br>@@ -161,6 +161,22 @@<br> uint32_t tlcl_disable_platform_hierarchy(void);<br> <br> /**<br>+ *<br>+ */<br>+uint32_t tlcl_hash_start(uint32_t *data_length);<br>+<br>+/**<br>+ *<br>+ */<br>+uint32_t tlcl_hash_update(const void *message, uint32_t message_length);<br>+<br>+/**<br>+ *<br>+ */<br>+uint32_t tlcl_hash_complete(const void *message, uint32_t message_length,<br>+   uint8_t **digest);<br>+<br>+/**<br>  * CR50 specific tpm command to enable nvmem commits before internal timeout<br>  * expires.<br>  */<br>diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c<br>index 1602ba1..086c080 100644<br>--- a/src/security/tpm/tss/tcg-1.2/tss.c<br>+++ b/src/security/tpm/tss/tcg-1.2/tss.c<br>@@ -347,3 +347,67 @@<br>                        kPcrDigestLength);<br>     return result;<br> }<br>+<br>+uint32_t tlcl_hash_start(uint32_t *data_length)<br>+{<br>+  struct s_tpm_sha1_start_cmd cmd;<br>+     uint8_t response[kTpmResponseHeaderLength + sizeof(uint32_t)];<br>+       uint32_t result;<br>+<br>+  memcpy(&cmd, &tpm_sha1_start_cmd, sizeof(cmd));<br>+<br>+   result = tlcl_send_receive(cmd.buffer, response, sizeof(response));<br>+  if (result != TPM_SUCCESS)<br>+           return result;<br>+<br>+    if (data_length)<br>+             from_tpm_uint32(response + kTpmResponseHeaderLength,<br>+                         data_length);<br>+<br>+     return result;<br>+}<br>+<br>+uint32_t tlcl_hash_update(const void *message, uint32_t message_length)<br>+{<br>+  struct s_tpm_sha1_update_cmd cmd;<br>+    uint8_t response[TPM_MAX_COMMAND_SIZE];<br>+      int total_length;<br>+<br>+ total_length =<br>+           kTpmRequestHeaderLength + sizeof(uint32_t) + message_length;<br>+     memcpy(&cmd, &tpm_sha1_update_cmd, sizeof(cmd));<br>+     assert(total_length <= TPM_MAX_COMMAND_SIZE);<br>+     set_tpm_command_size(cmd.buffer, total_length);<br>+<br>+   to_tpm_uint32(cmd.buffer + tpm_sha1_update_cmd.length, message_length);<br>+      memcpy(cmd.buffer + tpm_sha1_update_cmd.data, message, message_length);<br>+<br>+   return tlcl_send_receive(cmd.buffer, response, sizeof(response));<br>+}<br>+<br>+uint32_t tlcl_hash_complete(const void *message, uint32_t message_length,<br>+                     uint8_t **digest)<br>+{<br>+    struct s_tpm_sha1_complete_cmd cmd;<br>+  uint8_t response[TPM_MAX_COMMAND_SIZE];<br>+      int total_length;<br>+    uint32_t result;<br>+<br>+  total_length =<br>+           kTpmRequestHeaderLength + sizeof(uint32_t) + message_length;<br>+     memcpy(&cmd, &tpm_sha1_complete_cmd, sizeof(cmd));<br>+   assert(total_length <= TPM_MAX_COMMAND_SIZE);<br>+     set_tpm_command_size(cmd.buffer, total_length);<br>+<br>+   to_tpm_uint32(cmd.buffer + tpm_sha1_complete_cmd.length,<br>+                   message_length);<br>+       memcpy(cmd.buffer + tpm_sha1_complete_cmd.data, message,<br>+            message_length);<br>+<br>+   result = tlcl_send_receive(cmd.buffer, response, sizeof(response));<br>+  if (result == TPM_SUCCESS)<br>+           memcpy(*digest, response + kTpmResponseHeaderLength,<br>+                kPcrDigestLength);<br>+<br>+ return result;<br>+}<br>diff --git a/src/security/tpm/tss/tcg-1.2/tss_commands.h b/src/security/tpm/tss/tcg-1.2/tss_commands.h<br>index 880864e..71f6c16 100644<br>--- a/src/security/tpm/tss/tcg-1.2/tss_commands.h<br>+++ b/src/security/tpm/tss/tcg-1.2/tss_commands.h<br>@@ -1,5 +1,3 @@<br>-/* This file is automatically generated */<br>-<br> const struct s_tpm_extend_cmd{<br>     uint8_t buffer[34];<br>   uint16_t pcrNum;<br>@@ -160,5 +158,27 @@<br>        12, 70, 77,<br> };<br> <br>+const struct s_tpm_sha1_start_cmd{<br>+     uint8_t buffer[10];<br>+} tpm_sha1_start_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0xa0, },<br>+};<br>+<br>+const struct s_tpm_sha1_update_cmd{<br>+  uint8_t buffer[4096];<br>+        uint16_t length;<br>+     uint16_t data;<br>+} tpm_sha1_update_cmd = {<br>+   {0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0xa1, },<br>+     10, 14, };<br>+<br>+const struct s_tpm_sha1_complete_cmd{<br>+        uint8_t buffer[4096];<br>+        uint16_t length;<br>+     uint16_t data;<br>+} tpm_sha1_complete_cmd = {<br>+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0xa2, },<br>+     10, 14, };<br>+<br>+<br> const int kWriteInfoLength = 12;<br> const int kNvDataPublicPermissionsOffset = 60;<br>diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c<br>index 670d748..0dbf8c8 100644<br>--- a/src/security/tpm/tss/tcg-2.0/tss.c<br>+++ b/src/security/tpm/tss/tcg-2.0/tss.c<br>@@ -400,3 +400,19 @@<br> <br>        return TPM_SUCCESS;<br> }<br>+<br>+uint32_t tlcl_hash_start(uint32_t *data_length)<br>+{<br>+     return TPM_SUCCESS;<br>+}<br>+<br>+uint32_t tlcl_hash_update(const void *message, uint32_t message_length)<br>+{<br>+     return TPM_SUCCESS;<br>+}<br>+<br>+uint32_t tlcl_hash_complete(const void *message, uint32_t message_length,<br>+       uint8_t **digest)<br>+{<br>+        return TPM_SUCCESS;<br>+}<br></pre><p>To view, visit <a href="https://review.coreboot.org/22735">change 22735</a>. To unsubscribe, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/22735"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: Ib84513e8cbfe1ef11f495b873de0331178915c59 </div>
<div style="display:none"> Gerrit-Change-Number: 22735 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki@gmail.com> </div>