[coreboot-gerrit] Change in coreboot[master]: security/tpm: Implement hashing function in TSS

Philipp Deppenwiese (Code Review) gerrit at coreboot.org
Tue Dec 5 20:21:19 CET 2017 

Philipp Deppenwiese has uploaded this change for review. ( https://review.coreboot.org/22735


Change subject: security/tpm: Implement hashing function in TSS
......................................................................

security/tpm: Implement hashing function in TSS

* Implement hash_start, hash_update and hash_complete
functionality of the TPM into the TSS.
* TPM 1.2 and 2.0 support

Change-Id: Ib84513e8cbfe1ef11f495b873de0331178915c59
Signed-off-by: Philipp Deppenwiese <zaolin at das-labor.org>
---
M src/security/tpm/tss.h
M src/security/tpm/tss/tcg-1.2/tss.c
M src/security/tpm/tss/tcg-1.2/tss_commands.h
M src/security/tpm/tss/tcg-2.0/tss.c
4 files changed, 118 insertions(+), 2 deletions(-)



  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/35/22735/1

diff --git a/src/security/tpm/tss.h b/src/security/tpm/tss.h
index c680a33..3cc50ef 100644
--- a/src/security/tpm/tss.h
+++ b/src/security/tpm/tss.h
@@ -161,6 +161,22 @@
 uint32_t tlcl_disable_platform_hierarchy(void);
 
 /**
+ *
+ */
+uint32_t tlcl_hash_start(uint32_t *data_length);
+
+/**
+ *
+ */
+uint32_t tlcl_hash_update(const void *message, uint32_t message_length);
+
+/**
+ *
+ */
+uint32_t tlcl_hash_complete(const void *message, uint32_t message_length,
+	uint8_t **digest);
+
+/**
  * CR50 specific tpm command to enable nvmem commits before internal timeout
  * expires.
  */
diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c
index 1602ba1..086c080 100644
--- a/src/security/tpm/tss/tcg-1.2/tss.c
+++ b/src/security/tpm/tss/tcg-1.2/tss.c
@@ -347,3 +347,67 @@
 		       kPcrDigestLength);
 	return result;
 }
+
+uint32_t tlcl_hash_start(uint32_t *data_length)
+{
+	struct s_tpm_sha1_start_cmd cmd;
+	uint8_t response[kTpmResponseHeaderLength + sizeof(uint32_t)];
+	uint32_t result;
+
+	memcpy(&cmd, &tpm_sha1_start_cmd, sizeof(cmd));
+
+	result = tlcl_send_receive(cmd.buffer, response, sizeof(response));
+	if (result != TPM_SUCCESS)
+		return result;
+
+	if (data_length)
+		from_tpm_uint32(response + kTpmResponseHeaderLength,
+				data_length);
+
+	return result;
+}
+
+uint32_t tlcl_hash_update(const void *message, uint32_t message_length)
+{
+	struct s_tpm_sha1_update_cmd cmd;
+	uint8_t response[TPM_MAX_COMMAND_SIZE];
+	int total_length;
+
+	total_length =
+	    kTpmRequestHeaderLength + sizeof(uint32_t) + message_length;
+	memcpy(&cmd, &tpm_sha1_update_cmd, sizeof(cmd));
+	assert(total_length <= TPM_MAX_COMMAND_SIZE);
+	set_tpm_command_size(cmd.buffer, total_length);
+
+	to_tpm_uint32(cmd.buffer + tpm_sha1_update_cmd.length, message_length);
+	memcpy(cmd.buffer + tpm_sha1_update_cmd.data, message, message_length);
+
+	return tlcl_send_receive(cmd.buffer, response, sizeof(response));
+}
+
+uint32_t tlcl_hash_complete(const void *message, uint32_t message_length,
+			    uint8_t **digest)
+{
+	struct s_tpm_sha1_complete_cmd cmd;
+	uint8_t response[TPM_MAX_COMMAND_SIZE];
+	int total_length;
+	uint32_t result;
+
+	total_length =
+	    kTpmRequestHeaderLength + sizeof(uint32_t) + message_length;
+	memcpy(&cmd, &tpm_sha1_complete_cmd, sizeof(cmd));
+	assert(total_length <= TPM_MAX_COMMAND_SIZE);
+	set_tpm_command_size(cmd.buffer, total_length);
+
+	to_tpm_uint32(cmd.buffer + tpm_sha1_complete_cmd.length,
+		      message_length);
+	memcpy(cmd.buffer + tpm_sha1_complete_cmd.data, message,
+	       message_length);
+
+	result = tlcl_send_receive(cmd.buffer, response, sizeof(response));
+	if (result == TPM_SUCCESS)
+		memcpy(*digest, response + kTpmResponseHeaderLength,
+		       kPcrDigestLength);
+
+	return result;
+}
diff --git a/src/security/tpm/tss/tcg-1.2/tss_commands.h b/src/security/tpm/tss/tcg-1.2/tss_commands.h
index 880864e..71f6c16 100644
--- a/src/security/tpm/tss/tcg-1.2/tss_commands.h
+++ b/src/security/tpm/tss/tcg-1.2/tss_commands.h
@@ -1,5 +1,3 @@
-/* This file is automatically generated */
-
 const struct s_tpm_extend_cmd{
 	uint8_t buffer[34];
 	uint16_t pcrNum;
@@ -160,5 +158,27 @@
 	12, 70, 77,
 };
 
+const struct s_tpm_sha1_start_cmd{
+	uint8_t buffer[10];
+} tpm_sha1_start_cmd = {{0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0xa0, },
+};
+
+const struct s_tpm_sha1_update_cmd{
+	uint8_t buffer[4096];
+	uint16_t length;
+	uint16_t data;
+} tpm_sha1_update_cmd = {
+	{0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0xa1, },
+	10, 14, };
+
+const struct s_tpm_sha1_complete_cmd{
+	uint8_t buffer[4096];
+	uint16_t length;
+	uint16_t data;
+} tpm_sha1_complete_cmd = {
+	{0x0, 0xc1, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0xa2, },
+	10, 14, };
+
+
 const int kWriteInfoLength = 12;
 const int kNvDataPublicPermissionsOffset = 60;
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index 670d748..0dbf8c8 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -400,3 +400,19 @@
 
 	return TPM_SUCCESS;
 }
+
+uint32_t tlcl_hash_start(uint32_t *data_length)
+{
+	return TPM_SUCCESS;
+}
+
+uint32_t tlcl_hash_update(const void *message, uint32_t message_length)
+{
+	return TPM_SUCCESS;
+}
+
+uint32_t tlcl_hash_complete(const void *message, uint32_t message_length,
+	uint8_t **digest)
+{
+	return TPM_SUCCESS;
+}

-- 
To view, visit https://review.coreboot.org/22735
To unsubscribe, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib84513e8cbfe1ef11f495b873de0331178915c59
Gerrit-Change-Number: 22735
Gerrit-PatchSet: 1
Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20171205/947ebbdf/attachment.html>

More information about the coreboot-gerrit mailing list