[coreboot-gerrit] Change in coreboot[master]: security/tpm: Implement hashing function in TSS
Philipp Deppenwiese (Code Review)
gerrit at coreboot.org
Tue Dec 5 20:21:19 CET 2017
Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/22735
Change subject: security/tpm: Implement hashing function in TSS
......................................................................
security/tpm: Implement hashing function in TSS
* Implement hash_start, hash_update and hash_complete
functionality of the TPM into the TSS.
* TPM 1.2 and 2.0 support
Change-Id: Ib84513e8cbfe1ef11f495b873de0331178915c59
Signed-off-by: Philipp Deppenwiese <zaolin at das-labor.org>
---
M src/security/tpm/tss.h
M src/security/tpm/tss/tcg-1.2/tss.c
M src/security/tpm/tss/tcg-1.2/tss_commands.h
M src/security/tpm/tss/tcg-2.0/tss.c
4 files changed, 118 insertions(+), 2 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/35/22735/1
diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h
index c680a33..3cc50ef 100644
--- a/src/security/tpm/tss.h
+++ b/src/security/tpm/tss.h
@@ -161,6 +161,22 @@
uint32_t tlcl_disable_platform_hierarchy(void);
/**
+ *
+ */
+uint32_t tlcl_hash_start(uint32_t *data_length);
+
+/**
+ *
+ */
+uint32_t tlcl_hash_update(const void *message, uint32_t message_length);
+
+/**
+ *
+ */
+uint32_t tlcl_hash_complete(const void *message, uint32_t message_length,
+ uint8_t **digest);
+
+/**
* CR50 specific tpm command to enable nvmem commits before internal timeout
* expires.
*/
diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c
index 1602ba1..086c080 100644
--- a/src/security/tpm/tss/tcg-1.2/tss.c
+++ b/src/security/tpm/tss/tcg-1.2/tss.c
@@ -347,3 +347,67 @@
kPcrDigestLength);
return result;
}
+
+uint32_t tlcl_hash_start(uint32_t *data_length)
+{
+ struct s_tpm_sha1_start_cmd cmd;
+ uint8_t response[kTpmResponseHeaderLength + sizeof(uint32_t)];
+ uint32_t result;
+
+ memcpy(&cmd, &tpm_sha1_start_cmd, sizeof(cmd));
+
+ result = tlcl_send_receive(cmd.buffer, response, sizeof(response));
+ if (result != TPM_SUCCESS)
+ return result;
+
+ if (data_length)
+ from_tpm_uint32(response + kTpmResponseHeaderLength,
+ data_length);
+
+ return result;
+}
+
+uint32_t tlcl_hash_update(const void *message, uint32_t message_length)
+{
+ struct s_tpm_sha1_update_cmd cmd;
+ uint8_t response[TPM_MAX_COMMAND_SIZE];
+ int total_length;
+
+ total_length =
+ kTpmRequestHeaderLength + sizeof(uint32_t) + message_length;
+ memcpy(&cmd, &tpm_sha1_update_cmd, sizeof(cmd));
+ assert(total_length <= TPM_MAX_COMMAND_SIZE);
+ set_tpm_command_size(cmd.buffer, total_length);
+
+ to_tpm_uint32(cmd.buffer + tpm_sha1_update_cmd.length, message_length);
+ memcpy(cmd.buffer + tpm_sha1_update_cmd.data, message, message_length);
+
+ return tlcl_send_receive(cmd.buffer, response, sizeof(response));
+}
+
+uint32_t tlcl_hash_complete(const void *message, uint32_t message_length,
+ uint8_t **digest)
+{
+ struct s_tpm_sha1_complete_cmd cmd;
+ uint8_t response[TPM_MAX_COMMAND_SIZE];
+ int total_length;
+ uint32_t result;
+
+ total_length =
+ kTpmRequestHeaderLength + sizeof(uint32_t) + message_length;
+ memcpy(&cmd, &tpm_sha1_complete_cmd, sizeof(cmd));
+ assert(total_length <= TPM_MAX_COMMAND_SIZE);
+ set_tpm_command_size(cmd.buffer, total_length);
+
+ to_tpm_uint32(cmd.buffer + tpm_sha1_complete_cmd.length,
+ message_length);
+ memcpy(cmd.buffer + tpm_sha1_complete_cmd.data, message,
+ message_length);
+
+ result = tlcl_send_receive(cmd.buffer, response, sizeof(response));
+ if (result == TPM_SUCCESS)
+ memcpy(*digest, response + kTpmResponseHeaderLength,
+ kPcrDigestLength);
+
+ return result;
+}
diff --git a/src/security/tpm/tss/tcg-1.2/tss_commands.h b/src/security/tpm/tss/tcg-1.2/tss_commands.h
index 880864e..71f6c16 100644
--- a/src/security/tpm/tss/tcg-1.2/tss_commands.h
+++ b/src/security/tpm/tss/tcg-1.2/tss_commands.h
@@ -1,5 +1,3 @@
-/* This file is automatically generated */
-
const struct s_tpm_extend_cmd{
uint8_t buffer[34];
uint16_t pcrNum;
@@ -160,5 +158,27 @@
12, 70, 77,
};
+const struct s_tpm_sha1_start_cmd{
+ uint8_t buffer[10];
+} tpm_sha1_start_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0xa0, },
+};
+
+const struct s_tpm_sha1_update_cmd{
+ uint8_t buffer[4096];
+ uint16_t length;
+ uint16_t data;
+} tpm_sha1_update_cmd = {
+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0xa1, },
+ 10, 14, };
+
+const struct s_tpm_sha1_complete_cmd{
+ uint8_t buffer[4096];
+ uint16_t length;
+ uint16_t data;
+} tpm_sha1_complete_cmd = {
+ {0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0xa2, },
+ 10, 14, };
+
+
const int kWriteInfoLength = 12;
const int kNvDataPublicPermissionsOffset = 60;
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index 670d748..0dbf8c8 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -400,3 +400,19 @@
return TPM_SUCCESS;
}
+
+uint32_t tlcl_hash_start(uint32_t *data_length)
+{
+ return TPM_SUCCESS;
+}
+
+uint32_t tlcl_hash_update(const void *message, uint32_t message_length)
+{
+ return TPM_SUCCESS;
+}
+
+uint32_t tlcl_hash_complete(const void *message, uint32_t message_length,
+ uint8_t **digest)
+{
+ return TPM_SUCCESS;
+}
--
To view, visit https://review.coreboot.org/22735
To unsubscribe, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib84513e8cbfe1ef11f495b873de0331178915c59
Gerrit-Change-Number: 22735
Gerrit-PatchSet: 1
Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20171205/947ebbdf/attachment.html>
More information about the coreboot-gerrit
mailing list