<p>Philipp Deppenwiese has uploaded this change for <strong>review</strong>.</p><p><a href="https://review.coreboot.org/24908">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">security/tpm: Implement hashing function in TSS<br><br>* Implement hash_start, hash_update and hash_complete<br>functionality of the TPM into the TSS.<br>* TPM 1.2 and 2.0 support.<br><br>Change-Id: I6c570a6725ff2f26c9d480303eff273ae9d5ac3b<br>Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org><br>---<br>M src/security/tpm/tss.h<br>M src/security/tpm/tss/tcg-1.2/tss.c<br>M src/security/tpm/tss/tcg-1.2/tss_commands.h<br>M src/security/tpm/tss/tcg-1.2/tss_structures.h<br>M src/security/tpm/tss/tcg-2.0/tss.c<br>M src/security/tpm/tss_errors.h<br>6 files changed, 121 insertions(+), 1 deletion(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://review.coreboot.org:29418/coreboot refs/changes/08/24908/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h</span><br><span>index 151d450..1b928ab 100644</span><br><span>--- a/src/security/tpm/tss.h</span><br><span>+++ b/src/security/tpm/tss.h</span><br><span>@@ -159,6 +159,22 @@</span><br><span> uint8_t *out_digest);</span><br><span> </span><br><span> /**</span><br><span style="color: hsl(120, 100%, 40%);">+ * Hash start function, returns size of data which can hashed at once.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_hash_start(uint32_t *data_length);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/**</span><br><span style="color: hsl(120, 100%, 40%);">+ * Hash update function, measures a message into the hash.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_hash_update(const void *message, uint32_t message_length);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/**</span><br><span style="color: hsl(120, 100%, 40%);">+ * Hash complete function, hashes the lastest chunk and returns the digest.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_hash_complete(const void *message, uint32_t message_length,</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t *digest, uint32_t *digest_length);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/**</span><br><span> * Get the entire set of permanent flags.</span><br><span> */</span><br><span> uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags);</span><br><span>diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c</span><br><span>index b6a61c1..0d317e0 100644</span><br><span>--- a/src/security/tpm/tss/tcg-1.2/tss.c</span><br><span>+++ b/src/security/tpm/tss/tcg-1.2/tss.c</span><br><span>@@ -352,3 +352,68 @@</span><br><span> kPcrDigestLength);</span><br><span> return result;</span><br><span> }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_hash_start(uint32_t *data_length)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ struct s_tpm_sha1_start_cmd cmd = tpm_sha1_start_cmd;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t response[kTpmResponseHeaderLength + sizeof(uint32_t)];</span><br><span style="color: hsl(120, 100%, 40%);">+ uint32_t result;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_send_receive(cmd.buffer, response, sizeof(response));</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result != TPM_SUCCESS)</span><br><span style="color: hsl(120, 100%, 40%);">+ return result;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (data_length) {</span><br><span style="color: hsl(120, 100%, 40%);">+ from_tpm_uint32(response + kTpmResponseHeaderLength,</span><br><span style="color: hsl(120, 100%, 40%);">+ data_length);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (*data_length >= TPM_MAX_COMMAND_SIZE)</span><br><span style="color: hsl(120, 100%, 40%);">+ *data_length = TPM_MAX_COMMAND_SIZE;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return result;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_hash_update(const void *message, uint32_t message_length)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ struct s_tpm_sha1_update_cmd cmd = tpm_sha1_update_cmd;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint32_t total_length;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t response[TPM_MAX_COMMAND_SIZE];</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ total_length =</span><br><span style="color: hsl(120, 100%, 40%);">+ kTpmRequestHeaderLength + sizeof(uint32_t) + message_length;</span><br><span style="color: hsl(120, 100%, 40%);">+ assert(total_length <= TPM_MAX_COMMAND_SIZE);</span><br><span style="color: hsl(120, 100%, 40%);">+ set_tpm_command_size(cmd.buffer, total_length);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ to_tpm_uint32(cmd.buffer + tpm_sha1_update_cmd.length, message_length);</span><br><span style="color: hsl(120, 100%, 40%);">+ memcpy(cmd.buffer + tpm_sha1_update_cmd.data, message, message_length);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return tlcl_send_receive(cmd.buffer, response, sizeof(response));</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_hash_complete(const void *message, uint32_t message_length,</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t *digest, uint32_t *digest_length)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ struct s_tpm_sha1_complete_cmd cmd = tpm_sha1_complete_cmd;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint32_t total_length;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint32_t result;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ total_length =</span><br><span style="color: hsl(120, 100%, 40%);">+ kTpmRequestHeaderLength + sizeof(uint32_t) + message_length;</span><br><span style="color: hsl(120, 100%, 40%);">+ assert(total_length <= TPM_LARGE_ENOUGH_COMMAND_SIZE);</span><br><span style="color: hsl(120, 100%, 40%);">+ set_tpm_command_size(cmd.buffer, total_length);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ to_tpm_uint32(cmd.buffer + tpm_sha1_complete_cmd.length,</span><br><span style="color: hsl(120, 100%, 40%);">+ message_length);</span><br><span style="color: hsl(120, 100%, 40%);">+ memcpy(cmd.buffer + tpm_sha1_complete_cmd.data, message,</span><br><span style="color: hsl(120, 100%, 40%);">+ message_length);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ result = tlcl_send_receive(cmd.buffer, response, sizeof(response));</span><br><span style="color: hsl(120, 100%, 40%);">+ if (result == TPM_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ memcpy(digest, response + kTpmResponseHeaderLength,</span><br><span style="color: hsl(120, 100%, 40%);">+ kPcrDigestLength);</span><br><span style="color: hsl(120, 100%, 40%);">+ *digest_length = TPM_PCR_DIGEST;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return result;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span>diff --git a/src/security/tpm/tss/tcg-1.2/tss_commands.h b/src/security/tpm/tss/tcg-1.2/tss_commands.h</span><br><span>index f245664..e9e77b2 100644</span><br><span>--- a/src/security/tpm/tss/tcg-1.2/tss_commands.h</span><br><span>+++ b/src/security/tpm/tss/tcg-1.2/tss_commands.h</span><br><span>@@ -173,5 +173,26 @@</span><br><span> 12, 70, 77,</span><br><span> };</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_sha1_start_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[10];</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_sha1_start_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0xa0, },</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_sha1_update_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[64];</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t length;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t data;</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_sha1_update_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0xa1, },</span><br><span style="color: hsl(120, 100%, 40%);">+ 10, 14, };</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+const struct s_tpm_sha1_complete_cmd{</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t buffer[64];</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t length;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint16_t data;</span><br><span style="color: hsl(120, 100%, 40%);">+} tpm_sha1_complete_cmd = {</span><br><span style="color: hsl(120, 100%, 40%);">+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0xa2, },</span><br><span style="color: hsl(120, 100%, 40%);">+ 10, 14, };</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> const int kWriteInfoLength = 12;</span><br><span> const int kNvDataPublicPermissionsOffset = 60;</span><br><span>diff --git a/src/security/tpm/tss/tcg-1.2/tss_structures.h b/src/security/tpm/tss/tcg-1.2/tss_structures.h</span><br><span>index 9429b79..c9ac8cf 100644</span><br><span>--- a/src/security/tpm/tss/tcg-1.2/tss_structures.h</span><br><span>+++ b/src/security/tpm/tss/tcg-1.2/tss_structures.h</span><br><span>@@ -11,10 +11,13 @@</span><br><span> #include <stdint.h></span><br><span> #include "../common/tss_common.h"</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-#define TPM_MAX_COMMAND_SIZE 4096</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_MAX_COMMAND_SIZE 1400</span><br><span> #define TPM_LARGE_ENOUGH_COMMAND_SIZE 256 /* saves space in the firmware */</span><br><span> #define TPM_PUBEK_SIZE 256</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_HASH_MIN_COUNT 64</span><br><span style="color: hsl(120, 100%, 40%);">+#define TPM_HASH_MAX_COUNT 1024</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> #define TPM_NV_INDEX0 ((uint32_t)0x00000000)</span><br><span> #define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff)</span><br><span> #define TPM_NV_PER_GLOBALLOCK (((uint32_t)1)<<15)</span><br><span>diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c</span><br><span>index b64593a..5731be1 100644</span><br><span>--- a/src/security/tpm/tss/tcg-2.0/tss.c</span><br><span>+++ b/src/security/tpm/tss/tcg-2.0/tss.c</span><br><span>@@ -321,3 +321,17 @@</span><br><span> </span><br><span> return TPM_SUCCESS;</span><br><span> }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_hash_start(uint32_t *data_length)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ return NOT_IMPLEMENTED;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_hash_update(const void *message, uint32_t message_length)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ return NOT_IMPLEMENTED;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+uint32_t tlcl_hash_complete(const void *message, uint32_t message_length,</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t *digest, uint32_t *digest_length)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ return NOT_IMPLEMENTED;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span>diff --git a/src/security/tpm/tss_errors.h b/src/security/tpm/tss_errors.h</span><br><span>index e2f1486..e958ef2 100644</span><br><span>--- a/src/security/tpm/tss_errors.h</span><br><span>+++ b/src/security/tpm/tss_errors.h</span><br><span>@@ -14,6 +14,7 @@</span><br><span> </span><br><span> #define TPM_E_BASE 0x0</span><br><span> #define TPM_E_NON_FATAL 0x800</span><br><span style="color: hsl(120, 100%, 40%);">+#define NOT_IMPLEMENTED 0x100</span><br><span> </span><br><span> #define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c)</span><br><span> #define TPM_E_BADINDEX ((uint32_t)0x00000002)</span><br><span></span><br></pre><p>To view, visit <a href="https://review.coreboot.org/24908">change 24908</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/24908"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I6c570a6725ff2f26c9d480303eff273ae9d5ac3b </div>
<div style="display:none"> Gerrit-Change-Number: 24908 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki@gmail.com> </div>