Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/22735
Change subject: security/tpm: Implement hashing function in TSS ......................................................................
security/tpm: Implement hashing function in TSS
* Implement hash_start, hash_update and hash_complete functionality of the TPM into the TSS. * TPM 1.2 and 2.0 support
Change-Id: Ib84513e8cbfe1ef11f495b873de0331178915c59 Signed-off-by: Philipp Deppenwiese zaolin@das-labor.org --- M src/security/tpm/tss.h M src/security/tpm/tss/tcg-1.2/tss.c M src/security/tpm/tss/tcg-1.2/tss_commands.h M src/security/tpm/tss/tcg-2.0/tss.c 4 files changed, 118 insertions(+), 2 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/35/22735/1
diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h index c680a33..3cc50ef 100644 --- a/src/security/tpm/tss.h +++ b/src/security/tpm/tss.h @@ -161,6 +161,22 @@ uint32_t tlcl_disable_platform_hierarchy(void);
/** + * + */ +uint32_t tlcl_hash_start(uint32_t *data_length); + +/** + * + */ +uint32_t tlcl_hash_update(const void *message, uint32_t message_length); + +/** + * + */ +uint32_t tlcl_hash_complete(const void *message, uint32_t message_length, + uint8_t **digest); + +/** * CR50 specific tpm command to enable nvmem commits before internal timeout * expires. */ diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c index 1602ba1..086c080 100644 --- a/src/security/tpm/tss/tcg-1.2/tss.c +++ b/src/security/tpm/tss/tcg-1.2/tss.c @@ -347,3 +347,67 @@ kPcrDigestLength); return result; } + +uint32_t tlcl_hash_start(uint32_t *data_length) +{ + struct s_tpm_sha1_start_cmd cmd; + uint8_t response[kTpmResponseHeaderLength + sizeof(uint32_t)]; + uint32_t result; + + memcpy(&cmd, &tpm_sha1_start_cmd, sizeof(cmd)); + + result = tlcl_send_receive(cmd.buffer, response, sizeof(response)); + if (result != TPM_SUCCESS) + return result; + + if (data_length) + from_tpm_uint32(response + kTpmResponseHeaderLength, + data_length); + + return result; +} + +uint32_t tlcl_hash_update(const void *message, uint32_t message_length) +{ + struct s_tpm_sha1_update_cmd cmd; + uint8_t response[TPM_MAX_COMMAND_SIZE]; + int total_length; + + total_length = + kTpmRequestHeaderLength + sizeof(uint32_t) + message_length; + memcpy(&cmd, &tpm_sha1_update_cmd, sizeof(cmd)); + assert(total_length <= TPM_MAX_COMMAND_SIZE); + set_tpm_command_size(cmd.buffer, total_length); + + to_tpm_uint32(cmd.buffer + tpm_sha1_update_cmd.length, message_length); + memcpy(cmd.buffer + tpm_sha1_update_cmd.data, message, message_length); + + return tlcl_send_receive(cmd.buffer, response, sizeof(response)); +} + +uint32_t tlcl_hash_complete(const void *message, uint32_t message_length, + uint8_t **digest) +{ + struct s_tpm_sha1_complete_cmd cmd; + uint8_t response[TPM_MAX_COMMAND_SIZE]; + int total_length; + uint32_t result; + + total_length = + kTpmRequestHeaderLength + sizeof(uint32_t) + message_length; + memcpy(&cmd, &tpm_sha1_complete_cmd, sizeof(cmd)); + assert(total_length <= TPM_MAX_COMMAND_SIZE); + set_tpm_command_size(cmd.buffer, total_length); + + to_tpm_uint32(cmd.buffer + tpm_sha1_complete_cmd.length, + message_length); + memcpy(cmd.buffer + tpm_sha1_complete_cmd.data, message, + message_length); + + result = tlcl_send_receive(cmd.buffer, response, sizeof(response)); + if (result == TPM_SUCCESS) + memcpy(*digest, response + kTpmResponseHeaderLength, + kPcrDigestLength); + + return result; +} diff --git a/src/security/tpm/tss/tcg-1.2/tss_commands.h b/src/security/tpm/tss/tcg-1.2/tss_commands.h index 880864e..71f6c16 100644 --- a/src/security/tpm/tss/tcg-1.2/tss_commands.h +++ b/src/security/tpm/tss/tcg-1.2/tss_commands.h @@ -1,5 +1,3 @@ -/* This file is automatically generated */ - const struct s_tpm_extend_cmd{ uint8_t buffer[34]; uint16_t pcrNum; @@ -160,5 +158,27 @@ 12, 70, 77, };
+const struct s_tpm_sha1_start_cmd{ + uint8_t buffer[10]; +} tpm_sha1_start_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0xa0, }, +}; + +const struct s_tpm_sha1_update_cmd{ + uint8_t buffer[4096]; + uint16_t length; + uint16_t data; +} tpm_sha1_update_cmd = { + {0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0xa1, }, + 10, 14, }; + +const struct s_tpm_sha1_complete_cmd{ + uint8_t buffer[4096]; + uint16_t length; + uint16_t data; +} tpm_sha1_complete_cmd = { + {0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0xa2, }, + 10, 14, }; + + const int kWriteInfoLength = 12; const int kNvDataPublicPermissionsOffset = 60; diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c index 670d748..0dbf8c8 100644 --- a/src/security/tpm/tss/tcg-2.0/tss.c +++ b/src/security/tpm/tss/tcg-2.0/tss.c @@ -400,3 +400,19 @@
return TPM_SUCCESS; } + +uint32_t tlcl_hash_start(uint32_t *data_length) +{ + return TPM_SUCCESS; +} + +uint32_t tlcl_hash_update(const void *message, uint32_t message_length) +{ + return TPM_SUCCESS; +} + +uint32_t tlcl_hash_complete(const void *message, uint32_t message_length, + uint8_t **digest) +{ + return TPM_SUCCESS; +}
-
Philipp Deppenwiese (Code Review)