From patchwork Fri Jul 9 15:38:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 1503245 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=112.213.38.117; helo=lists.ozlabs.org; envelope-from=slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=je+cjpgT; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GLy552RxYz9sWX for ; Sat, 10 Jul 2021 01:39:21 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4GLy5512plz3bVq for ; Sat, 10 Jul 2021 01:39:21 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=je+cjpgT; dkim-atps=neutral X-Original-To: slof@lists.ozlabs.org Delivered-To: slof@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.158.5; helo=mx0b-001b2d01.pphosted.com; envelope-from=stefanb@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=je+cjpgT; dkim-atps=neutral Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4GLy4y4MvPz2yyP for ; Sat, 10 Jul 2021 01:39:13 +1000 (AEST) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 169FX5HJ041784; Fri, 9 Jul 2021 11:39:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=cBKDACo3V18MqEj49H2d1jktsmOTYoLxho4l7d9a/do=; b=je+cjpgTvaohBjnFn2NNZh+ZvKJNp8g9UfUtpyw9Wn48KwLgdnvPOzjxRhHdnGjGt59e +wRItvc7n7NBp8zc7OCYEoFF5bBODClDxpqMn4ykqOL1iPryrI8aDRn5rwwAlNbbGtIM FAThrgcUXiZavUGfndaOkWCUcv/jc75xSECmr8/dQNVC1gUYI/U1TnQMpAgplmHaae7a c9QpAxS/0U0zzi5BKFG+b/QuVFEUmDKkAp63xIGn+CfwuNShycZzD++GF3Yx6i6KUXBN kwFLkO0wv5llTLp48MLPymboNL4BqXfTm5/7HguTgCfxhb9YLo/l3CHBCl19oNVg3msw QA== Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 39p0hrjxhd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 09 Jul 2021 11:39:11 -0400 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 169Fc3Ig017337; Fri, 9 Jul 2021 15:39:10 GMT Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma02dal.us.ibm.com with ESMTP id 39jfhf9rd6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 09 Jul 2021 15:39:10 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 169Fd8ja15991444 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 9 Jul 2021 15:39:08 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B7F1F78064; Fri, 9 Jul 2021 15:39:08 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 740AC7805E; Fri, 9 Jul 2021 15:39:08 +0000 (GMT) Received: from localhost.localdomain (unknown [9.47.158.152]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 9 Jul 2021 15:39:08 +0000 (GMT) From: Stefan Berger To: slof@lists.ozlabs.org Date: Fri, 9 Jul 2021 11:38:58 -0400 Message-Id: <20210709153903.691945-1-stefanb@linux.vnet.ibm.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 9-2NgBcPm6OnmrrIDx36UlfRxNC-P_Of X-Proofpoint-ORIG-GUID: 9-2NgBcPm6OnmrrIDx36UlfRxNC-P_Of X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-09_09:2021-07-09, 2021-07-09 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 suspectscore=0 priorityscore=1501 adultscore=0 lowpriorityscore=0 mlxscore=0 phishscore=0 impostorscore=0 clxscore=1015 bulkscore=0 malwarescore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107090078 Subject: [SLOF] [PATCH v4 0/5] tcgbios: Use the proper hashes for the TPM 2 PCR banks X-BeenThere: slof@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches for https://github.com/aik/SLOF" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefan Berger Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" From: Stefan Berger This PR modifies the tcgbios implementation so that it maskes use of the proper hash function when extending a PCR of a particular PCR bank rather than always using the sha256 and either truncating the hash or zero-padding it to fit the hash for a PCR bank. Another patch in this series converts the S_CTRM_VERSION string to ucs-2 format (following a long-term TCG contributor) commonly used for this purpose. Test cases for the sha implementations are added as well. They require OpenSSL's -lcrypto on the host since they use its hashing functions for producing comparable results. A test script to run the tests is also added along with a script to run the tests on Travis. Regards, Stefan v4: - Removed applied patches - Refactored test scripts and modified programs following feedback - Adjusted commit texts - Using Alexey's ucs-2 patch now v3: - Add patch for Travis - Adjustments to test code to not have to include openssl/sha.h v2: - split out type fix in sha256 documentation into own patch - replace rotr in sha256 implementation with assembly macro - Added test cases needing -lcrypto on host; added test script Stefan Berger (5): tcgbios: Change format of S_CRTM_VERSION string to ucs-2 tcgbios: Use assembly for 32 bit rotr in sha256 tcgbios: Use The proper sha function for each PCR bank tcgbios: Add test cases and test script to run them Travis: Add script for running tests on Travis .travis.yml | 15 ++++++++++ Makefile.gen | 2 +- lib/libtpm/Makefile | 1 + lib/libtpm/sha.c | 27 ++++++++++++++++++ lib/libtpm/sha256.c | 40 +++++++++++++++++++++++--- lib/libtpm/sha512.c | 36 ++++++++++++++++++++++++ lib/libtpm/sha_test.h | 59 +++++++++++++++++++++++++++++++++++++++ lib/libtpm/tcgbios.c | 65 +++++++++++++++++++++++++++++-------------- lib/libtpm/test.sh | 31 +++++++++++++++++++++ make.rules | 3 +- 10 files changed, 252 insertions(+), 27 deletions(-) create mode 100644 .travis.yml create mode 100644 lib/libtpm/sha_test.h create mode 100755 lib/libtpm/test.sh