Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 629158,
    "url": "http://patchwork.ozlabs.org/api/patches/629158/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/petitboot/patch/1464861418-19709-3-git-send-email-nayna@linux.vnet.ibm.com/",
    "project": {
        "id": 53,
        "url": "http://patchwork.ozlabs.org/api/projects/53/?format=api",
        "name": "Petitboot development",
        "link_name": "petitboot",
        "list_id": "petitboot.lists.ozlabs.org",
        "list_email": "petitboot@lists.ozlabs.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<1464861418-19709-3-git-send-email-nayna@linux.vnet.ibm.com>",
    "list_archive_url": null,
    "date": "2016-06-02T09:56:57",
    "name": "[2/3] lib/security: New lib for security functions.",
    "commit_ref": null,
    "pull_url": null,
    "state": "rfc",
    "archived": false,
    "hash": "1e656e29125ebb42186ccafc20162a66a44bf08a",
    "submitter": {
        "id": 69141,
        "url": "http://patchwork.ozlabs.org/api/people/69141/?format=api",
        "name": "Nayna",
        "email": "nayna@linux.vnet.ibm.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/petitboot/patch/1464861418-19709-3-git-send-email-nayna@linux.vnet.ibm.com/mbox/",
    "series": [],
    "comments": "http://patchwork.ozlabs.org/api/patches/629158/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/629158/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "petitboot@lists.ozlabs.org"
        ],
        "Delivered-To": [
            "patchwork-incoming@bilbo.ozlabs.org",
            "petitboot@lists.ozlabs.org"
        ],
        "Received": [
            "from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3rL2wz1bZLz9t3V\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu,  2 Jun 2016 20:08:19 +1000 (AEST)",
            "from ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 3rL2wz0qzNzDvMl\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu,  2 Jun 2016 20:08:19 +1000 (AEST)",
            "from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com\n\t[148.163.158.5])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 3rL2hw3TWZzDr13\n\tfor <petitboot@lists.ozlabs.org>;\n\tThu,  2 Jun 2016 19:57:52 +1000 (AEST)",
            "from pps.filterd (m0048817.ppops.net [127.0.0.1])\n\tby mx0a-001b2d01.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id\n\tu529vJLG010212\n\tfor <petitboot@lists.ozlabs.org>; Thu, 2 Jun 2016 05:57:50 -0400",
            "from e23smtp05.au.ibm.com (e23smtp05.au.ibm.com [202.81.31.147])\n\tby mx0a-001b2d01.pphosted.com with ESMTP id 23a4fx4s4x-1\n\t(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)\n\tfor <petitboot@lists.ozlabs.org>; Thu, 02 Jun 2016 05:57:50 -0400",
            "from localhost\n\tby e23smtp05.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use\n\tOnly! Violators will be prosecuted\n\tfor <petitboot@lists.ozlabs.org> from <nayna@linux.vnet.ibm.com>;\n\tThu, 2 Jun 2016 19:57:45 +1000",
            "from d23dlp01.au.ibm.com (202.81.31.203)\n\tby e23smtp05.au.ibm.com (202.81.31.211) with IBM ESMTP SMTP Gateway:\n\tAuthorized Use Only! Violators will be prosecuted; \n\tThu, 2 Jun 2016 19:57:32 +1000",
            "from d23relay10.au.ibm.com (d23relay10.au.ibm.com [9.190.26.77])\n\tby d23dlp01.au.ibm.com (Postfix) with ESMTP id C826A2CE8060\n\tfor <petitboot@lists.ozlabs.org>;\n\tThu,  2 Jun 2016 19:57:26 +1000 (EST)",
            "from d23av06.au.ibm.com (d23av06.au.ibm.com [9.190.235.151])\n\tby d23relay10.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id\n\tu529vGtt1245456\n\tfor <petitboot@lists.ozlabs.org>; Thu, 2 Jun 2016 19:57:21 +1000",
            "from d23av06.au.ibm.com (localhost [127.0.0.1])\n\tby d23av06.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id\n\tu529vG4d019624\n\tfor <petitboot@lists.ozlabs.org>; Thu, 2 Jun 2016 19:57:16 +1000",
            "from c365f16u1b3.pok.stglabs.ibm.com\n\t(c365f16u1b3.pok.stglabs.ibm.com [9.47.77.42])\n\tby d23av06.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id\n\tu529v6cR019479; Thu, 2 Jun 2016 19:57:14 +1000"
        ],
        "X-IBM-Helo": "d23dlp01.au.ibm.com",
        "X-IBM-MailFrom": "nayna@linux.vnet.ibm.com",
        "X-IBM-RcptTo": "petitboot@lists.ozlabs.org",
        "From": "Nayna Jain <nayna@linux.vnet.ibm.com>",
        "To": "petitboot@lists.ozlabs.org",
        "Subject": "[PATCH 2/3] lib/security: New lib for security functions.",
        "Date": "Thu,  2 Jun 2016 05:56:57 -0400",
        "X-Mailer": "git-send-email 2.5.0",
        "In-Reply-To": "<1464861418-19709-1-git-send-email-nayna@linux.vnet.ibm.com>",
        "References": "<1464861418-19709-1-git-send-email-nayna@linux.vnet.ibm.com>",
        "X-TM-AS-MML": "disable",
        "X-Content-Scanned": "Fidelis XPS MAILER",
        "x-cbid": "16060209-0016-0000-0000-000001A126C3",
        "X-IBM-AV-DETECTION": "SAVI=unused REMOTE=unused XFE=unused",
        "x-cbparentid": "16060209-0017-0000-0000-000004C07DE8",
        "Message-Id": "<1464861418-19709-3-git-send-email-nayna@linux.vnet.ibm.com>",
        "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10432:, ,\n\tdefinitions=2016-06-02_04:, , signatures=0",
        "X-Proofpoint-Spam-Details": "rule=outbound_notspam policy=outbound score=0\n\tspamscore=0 suspectscore=1\n\tmalwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam\n\tadjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000\n\tdefinitions=main-1606020110",
        "X-BeenThere": "petitboot@lists.ozlabs.org",
        "X-Mailman-Version": "2.1.22",
        "Precedence": "list",
        "List-Id": "Petitboot bootloader development <petitboot.lists.ozlabs.org>",
        "List-Unsubscribe": "<https://lists.ozlabs.org/options/petitboot>,\n\t<mailto:petitboot-request@lists.ozlabs.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.ozlabs.org/pipermail/petitboot/>",
        "List-Post": "<mailto:petitboot@lists.ozlabs.org>",
        "List-Help": "<mailto:petitboot-request@lists.ozlabs.org?subject=help>",
        "List-Subscribe": "<https://lists.ozlabs.org/listinfo/petitboot>,\n\t<mailto:petitboot-request@lists.ozlabs.org?subject=subscribe>",
        "Cc": "hellerda@us.ibm.com, gcwilson@us.ibm.com",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=\"utf-8\"",
        "Content-Transfer-Encoding": "base64",
        "Errors-To": "petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org",
        "Sender": "\"Petitboot\"\n\t<petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>"
    },
    "content": "Adds new lib to support security specific functions.\nFunctions are separated into different files based on\nfunctionality they provide. Details as below:\n\nlib/security/crypto: Set of files to support crypto functions\nlike hash, encryption etc. Currently, it provides support\nonly for hash function and can be extended as needed. Hash\nfunction is implemented using kernel crypto API.\n\nlib/security/tpmOperations: Set of files to support tpm\nspecific operations. Currently, it provides function to extend TPM.\nThe implmentation of this function is currently experimental and\nis bound to change.\n\nSigned-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>\n---\n lib/Makefile.am              |  6 +++-\n lib/security/crypto.c        | 73 ++++++++++++++++++++++++++++++++++++++++++++\n lib/security/crypto.h        | 22 +++++++++++++\n lib/security/tpmOperations.c | 72 +++++++++++++++++++++++++++++++++++++++++++\n lib/security/tpmOperations.h | 18 +++++++++++\n 5 files changed, 190 insertions(+), 1 deletion(-)\n create mode 100644 lib/security/crypto.c\n create mode 100644 lib/security/crypto.h\n create mode 100644 lib/security/tpmOperations.c\n create mode 100644 lib/security/tpmOperations.h",
    "diff": "diff --git a/lib/Makefile.am b/lib/Makefile.am\nindex 09bc1aa..d5559f0 100644\n--- a/lib/Makefile.am\n+++ b/lib/Makefile.am\n@@ -50,7 +50,11 @@ lib_libpbcore_la_SOURCES = \\\n \tlib/util/util.c \\\n \tlib/util/util.h \\\n \tlib/flash/config.h \\\n-\tlib/flash/flash.h\n+\tlib/flash/flash.h \\\n+\tlib/security/tpmOperations.c \\\n+\tlib/security/tpmOperations.h \\\n+\tlib/security/crypto.c \\\n+\tlib/security/crypto.h\n \n if ENABLE_MTD\n lib_libpbcore_la_SOURCES += \\\ndiff --git a/lib/security/crypto.c b/lib/security/crypto.c\nnew file mode 100644\nindex 0000000..e5344a8\n--- /dev/null\n+++ b/lib/security/crypto.c\n@@ -0,0 +1,73 @@\n+#include <stdio.h>\n+#include <stdlib.h>\n+#include <string.h>\n+#include <unistd.h>\n+\n+#include <sys/socket.h>\n+#include <linux/if_alg.h>\n+#include <linux/socket.h>\n+\n+#include <log/log.h>\n+\n+#include \"crypto.h\"\n+\n+#define DIGEST_SIZE(digestname)\t!strcmp(digestname, \"sha1\")? \\\n+\tSHA1_DIGEST_SIZE : !strcmp(digestname, \"sha256\")? \\\n+\tSHA256_DIGEST_SIZE : !strcmp(digestname, \"sha512\")? \\\n+\tSHA512_DIGEST_SIZE : 0\n+\n+\n+int calc_digest(const char *digestname, const unsigned char *ibuf,\n+\t\tuint8_t *obuf)\n+{\n+        struct sockaddr_alg sa = {\n+                .salg_family = AF_ALG,\n+                .salg_type = \"hash\",\n+        };\n+\n+\tint fd = -1;\n+\tint sockfd = -1;\n+\tint rc = 0;\n+\tunsigned char digest[DIGEST_SIZE(digestname)];\n+        char *input = NULL;\n+\tinput = ibuf ;\n+\tmemset(sa.salg_name, 0, sizeof(sa.salg_name));\n+        memcpy(sa.salg_name, digestname, sizeof(sa.salg_name));\n+\n+        sockfd = socket(AF_ALG, SOCK_SEQPACKET, 0);\n+\tif (sockfd == -1)\n+\t{\n+\t\trc = -1;\n+\t\tgoto out;\n+\t}\n+\n+        rc = bind(sockfd, (struct sockaddr *)&sa, sizeof(sa));\n+\tif (rc == -1)\n+\t\tgoto out;\n+\n+        fd = accept(sockfd, NULL, 0);\n+\tif (fd == -1)\n+\t{\n+\t\trc = -1;\n+\t\tgoto out;\n+\t}\n+\n+\trc = write(fd, input, sizeof(input));\n+\tif (rc == -1)\n+\t\tgoto out;\n+\n+        read(fd, digest, sizeof(digest));\n+\n+        memset(obuf, 0, sizeof(digest));\n+        memcpy(obuf, digest, sizeof(digest));\n+\n+\n+out:\n+\tif (fd > 0)\n+\t\tclose(fd);\n+\tif (sockfd > 0)\n+\t\tclose(sockfd);\n+\n+        return 0;\n+\n+}\ndiff --git a/lib/security/crypto.h b/lib/security/crypto.h\nnew file mode 100644\nindex 0000000..111c1ea\n--- /dev/null\n+++ b/lib/security/crypto.h\n@@ -0,0 +1,22 @@\n+#ifndef CRYPTO_H\n+#define CRYPTO_H\n+\n+#include <stdint.h>\n+\n+#define SHA1_DIGEST_SIZE\t 20\n+#define SHA256_DIGEST_SIZE\t 32\n+#define SHA512_DIGEST_SIZE\t 64\n+\n+/**\n+ * Calculates and returns the digest of the input buffer.\n+ * @digestname: Type of digest to be calculated.\n+ * @ibuf: Input buffer whose digest is to be calculated.\n+ * @obuf: Output buffer in which calculated digest is returned.\n+ *\n+ * On success, 0 is returned. On error, -1 is returned.\n+ **/\n+int calc_digest(const char *digestname, const unsigned char *ibuf,\n+\t\tuint8_t *obuf);\n+\n+#endif /* CRYPTO_H */\n+\ndiff --git a/lib/security/tpmOperations.c b/lib/security/tpmOperations.c\nnew file mode 100644\nindex 0000000..bfb2c21\n--- /dev/null\n+++ b/lib/security/tpmOperations.c\n@@ -0,0 +1,72 @@\n+#include <stdio.h>\n+#include <string.h>\n+#include <stdlib.h>\n+#include <unistd.h>\n+#include <sys/socket.h>\n+#include <linux/if_alg.h>\n+#include <linux/socket.h>\n+\n+#include <log/log.h>\n+\n+#include \"crypto.h\"\n+#include \"tpmOperations.h\"\n+\n+/**\n+Note: The implementation of this function is experimental.\n+It only servers the purpose of showing tpm_extend API and its interface.\n+Final implementation will be changed.\n+**/\n+\n+int tpm_extend(unsigned int pcr, const char* pcr_bank_hash_alg, uint8_t * buf,\n+\t\tuint8_t buflen)\n+{\n+\n+        struct sockaddr_alg sa = {\n+                .salg_family = AF_ALG,\n+                .salg_type = \"tpm-extend\",\n+        };\n+\tint i=0;\n+\tint sockfd = -1;\n+\tint fd = -1;\n+        int rc = 0;\n+\tchar res[256];\t//This is temporary size and will be defined correctly once \n+\t//response status code is finalized for extend operation.\n+\tmemset(sa.salg_name, 0, sizeof(sa.salg_name));\n+\tmemcpy(sa.salg_name, pcr_bank_hash_alg, sizeof(pcr_bank_hash_alg));\n+\n+        sockfd = socket(AF_ALG, SOCK_SEQPACKET, 0);\n+\tif (sockfd == -1)\n+\t{\n+\t\trc = -1;\n+\t\tgoto out;\n+\t}\n+\n+        rc = bind(sockfd, (struct sockaddr *)&sa, sizeof(sa));\n+\tif (rc == -1)\n+\t\tgoto out;\n+\n+        fd = accept(sockfd, NULL, 0);\n+\tif (fd == -1)\n+\t{\n+\t\trc = -1;\n+\t\tgoto out;\n+\t}\n+\n+        rc = write(fd, buf, buflen);\n+\tif (rc == -1)\n+\t{\n+\t\trc = -1;\n+\t\tgoto out;\n+\t}\n+\n+\t//response will contain status code for extend operation.\n+\t//handling of error status code is yet to be finalized.\n+\tread(fd, res, sizeof(res));\n+\n+out:\n+\tif (fd > 0)\n+        \tclose(fd);\n+\tif (sockfd > 0)\n+\t        close(sockfd);\n+        return rc;\n+}\ndiff --git a/lib/security/tpmOperations.h b/lib/security/tpmOperations.h\nnew file mode 100644\nindex 0000000..2231152\n--- /dev/null\n+++ b/lib/security/tpmOperations.h\n@@ -0,0 +1,18 @@\n+#ifndef _TPM_OPERATIONS_H \n+#define _TPM_OPERATIONS_H\n+\n+/**\n+ * Prepares the request and send to TPM for extend.\n+ * @pcr : PCR Index to which to be extended.\n+ * @pcr_bank : PCR Bank to which to be extended.\n+ * @buf : Input data to be extended.\n+ * @buflen : Length of the input data.\n+ *\n+ * On success, 0 is returned. On error, -1 is returned.\n+**/\n+\n+int tpm_extend(unsigned int pcr, const char* pcr_bank, uint8_t * buf,\n+\t\tuint8_t buflen);\n+\n+#endif /* _TPM_OPERATIONS_H */\n+\n",
    "prefixes": [
        "2/3"
    ]
}