Message ID | 20210709025313.674287-1-stefanb@linux.vnet.ibm.com |
---|---|
Headers | show
Return-Path: <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=qW7i/RSC; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GLd5K4t14z9sWq for <incoming@patchwork.ozlabs.org>; Fri, 9 Jul 2021 12:53:25 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4GLd5K3qp9z3bXy for <incoming@patchwork.ozlabs.org>; Fri, 9 Jul 2021 12:53:25 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=qW7i/RSC; dkim-atps=neutral X-Original-To: slof@lists.ozlabs.org Delivered-To: slof@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=stefanb@linux.vnet.ibm.com; receiver=<UNKNOWN>) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=qW7i/RSC; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4GLd5F0ZClz306s for <slof@lists.ozlabs.org>; Fri, 9 Jul 2021 12:53:20 +1000 (AEST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 1692XfSF045884; Thu, 8 Jul 2021 22:53:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=yMWvEb7m3HJKrhs0iFG0oUfhdzTtG8k8Qu4ykVsrSEc=; b=qW7i/RSCMpKqXbjtl3GjXIVdEoHcO1bzT8aKRwvhQBbUVps6jxGNz7w4mcYXZZ84FPc/ Igwq4p+QsA7p4j5hi1FUw7YUo0TURJPofM4FiyHC4Dz2yaOP+D2pK/UMlnJfSIY48Bpm E86r1Vz2NMMfe6QgIIRwgY+rZ/Zc7YCSwWe7RQCJnZceAdcUCbaQn4HZi/8DTsybX8r4 GJdFG1kkd2a1qehgtEcY88sdXx2aOHm2oRluNhPSqreUixnptCxJyBQusK7QhUUF0YBd mQ1buQ4M4Dnrc5BpELycNYCZLnOue7OGJ9+Eb7HW79IgPorAHbfklfsTUlvun0sDvkkz 5A== Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0a-001b2d01.pphosted.com with ESMTP id 39nhcbpvhq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 08 Jul 2021 22:53:18 -0400 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1692pjsu029883; Fri, 9 Jul 2021 02:53:17 GMT Received: from b03cxnp07027.gho.boulder.ibm.com (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14]) by ppma03wdc.us.ibm.com with ESMTP id 39jfhdkv07-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 09 Jul 2021 02:53:17 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1692rGg327066786 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 9 Jul 2021 02:53:16 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2118BC6061; Fri, 9 Jul 2021 02:53:16 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D3E9DC605D; Fri, 9 Jul 2021 02:53:15 +0000 (GMT) Received: from localhost.localdomain (unknown [9.47.158.152]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 9 Jul 2021 02:53:15 +0000 (GMT) From: Stefan Berger <stefanb@linux.vnet.ibm.com> To: slof@lists.ozlabs.org Date: Thu, 8 Jul 2021 22:53:06 -0400 Message-Id: <20210709025313.674287-1-stefanb@linux.vnet.ibm.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: qPHeGvieHwRTlL6Li5i59n10WEU252Bx X-Proofpoint-GUID: qPHeGvieHwRTlL6Li5i59n10WEU252Bx X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-09_01:2021-07-09, 2021-07-08 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 malwarescore=0 phishscore=0 mlxlogscore=999 mlxscore=0 spamscore=0 clxscore=1015 impostorscore=0 priorityscore=1501 adultscore=0 suspectscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107090010 Subject: [SLOF] [PATCH v3 0/7] tcgbios: Use the proper hashes for the TPM 2 PCR banks X-BeenThere: slof@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches for https://github.com/aik/SLOF" <slof.lists.ozlabs.org> List-Unsubscribe: <https://lists.ozlabs.org/options/slof>, <mailto:slof-request@lists.ozlabs.org?subject=unsubscribe> List-Archive: <http://lists.ozlabs.org/pipermail/slof/> List-Post: <mailto:slof@lists.ozlabs.org> List-Help: <mailto:slof-request@lists.ozlabs.org?subject=help> List-Subscribe: <https://lists.ozlabs.org/listinfo/slof>, <mailto:slof-request@lists.ozlabs.org?subject=subscribe> Cc: Stefan Berger <stefanb@linux.ibm.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> |
Series |
tcgbios: Use the proper hashes for the TPM 2 PCR banks
|
expand
|
From: Stefan Berger <stefanb@linux.ibm.com> This PR adds the implementations for sha{1, 384, 512} and makes use of the hash implementation when extending the PCRs of the respective banks rather than always using the sha256 and either truncating the hash or zero-padding it to fit the hash for a PCR bank. Another patch in this series converts the S_CTRM_VERSION string to ucs_2 format (following a long-term TCG contributor) commonly used for this purpose. Test cases for the sha implementations are added in the last patch. They require OpenSSL's -lcrypto on the host since they use its hashing functions for producing comparable results. A test script to run the tests is also added. Regards, Stefan v3: - Add patch for Travis - Adjustments to test code to not have to include openssl/sha.h v2: - split out type fix in sha256 documentation into own patch - replace rotr in sha256 implementation with assembly macro - Added test cases needing -lcrypto on host; added test script Stefan Berger (7): tcgbios: Change format of S_CRTM_VERSION string to ucs-2 tcgbios: Use assembly for 32 bit rotr in sha256 tcgbios: Fix a typo in the sha256 algo description tcgbios: Add implementations for sha1, sha384, and sha512 tcgbios: Use The proper sha function for each PCR bank tcgbios: Add test cases and test script to run them Travis: Add script for running tests on Travis .travis.yml | 15 ++ lib/libtpm/Makefile | 2 +- lib/libtpm/sha.c | 231 +++++++++++++++++++++++++++ lib/libtpm/{sha256.h => sha.h} | 9 +- lib/libtpm/sha256.c | 43 ++++- lib/libtpm/sha512.c | 281 +++++++++++++++++++++++++++++++++ lib/libtpm/sha_test.h | 58 +++++++ lib/libtpm/tcgbios.c | 89 ++++++++--- lib/libtpm/test.sh | 29 ++++ 9 files changed, 728 insertions(+), 29 deletions(-) create mode 100644 .travis.yml create mode 100644 lib/libtpm/sha.c rename lib/libtpm/{sha256.h => sha.h} (70%) create mode 100644 lib/libtpm/sha512.c create mode 100644 lib/libtpm/sha_test.h create mode 100755 lib/libtpm/test.sh