From patchwork Wed Sep 16 16:21:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365448 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs55H73RNz9sTq for ; Thu, 17 Sep 2020 02:24:03 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=JmW75M/V; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs55H43sGzDqMM for ; Thu, 17 Sep 2020 02:24:03 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=JmW75M/V; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52k5ydhzDqMk for ; Thu, 17 Sep 2020 02:21:47 +1000 (AEST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG2RVM051558 for ; Wed, 16 Sep 2020 12:21:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=N0vuk/Mi5kUMzHmKrpe6RCeBnzk+XoI5ufHkjcEiPgo=; b=JmW75M/VCouKiYSGC4hGxf0cLb4jyoTzNX2HuWy1FpFpDsOkVN9ZRxueJiXRfFvUuf5t l8M4hO9KVFgsWKNYIQgE/BB1AQvLEwR9iR1VP4IiQYbkWLJCHUBdLj+EJ7ptsZ5vHCMi pR/yFKPOwFvbHyOUJpSq0jfXOFl8AN8IqG5LKQunvxCOcNQLVd/ir2ML8Z6HGcjtXstw iuJpyPFtyruWDNsdHe0akivTd28pvXXagMVJ+ouxeF7LxsqkOfKxGYrUuOdodesA4MGf JgXH3D8DEfD24Lp/gjFepFB7jkzAprjSRddbOf/d3bFIs9DSaWvtLEWw8pinbhRo2jre Uw== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com with ESMTP id 33knk1h8pg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:43 -0400 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGH2bx003493 for ; Wed, 16 Sep 2020 16:21:40 GMT Received: from b06cxnps3074.portsmouth.uk.ibm.com (d06relay09.portsmouth.uk.ibm.com [9.149.109.194]) by ppma01fra.de.ibm.com with ESMTP id 33k5v98eep-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:40 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLbb314221736 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:37 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 28C2811C050; Wed, 16 Sep 2020 16:21:37 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7A98F11C04C; Wed, 16 Sep 2020 16:21:36 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:36 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:12 -0500 Message-Id: <20200916162131.22478-2-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 clxscore=1015 priorityscore=1501 lowpriorityscore=0 bulkscore=0 spamscore=0 suspectscore=1 mlxscore=0 impostorscore=0 phishscore=0 mlxlogscore=976 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 01/20] libstb/secureboot: expose secureboot_enforce for later use in secvar X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch exposes the secureboot_enforce() function to unify any system-halting behavior enacted by either firmware or OS secure boot. Signed-off-by: Eric Richter --- libstb/secureboot.c | 2 +- libstb/secureboot.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/libstb/secureboot.c b/libstb/secureboot.c index c8697216..60324809 100644 --- a/libstb/secureboot.c +++ b/libstb/secureboot.c @@ -27,7 +27,7 @@ static struct { { IBM_SECUREBOOT_V2, "ibm,secureboot-v2" }, }; -static void secureboot_enforce(void) +void secureboot_enforce(void) { /* Sanity check */ if (!secure_mode) diff --git a/libstb/secureboot.h b/libstb/secureboot.h index 0792dd5a..721b28de 100644 --- a/libstb/secureboot.h +++ b/libstb/secureboot.h @@ -15,6 +15,7 @@ enum secureboot_version { IBM_SECUREBOOT_V2, }; +void secureboot_enforce(void); bool secureboot_is_compatible(struct dt_node *node, int *version, const char **compat); void secureboot_init(void); From patchwork Wed Sep 16 16:21:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365445 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs54H4KcFz9sTS for ; Thu, 17 Sep 2020 02:23:11 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=qb9VxKyN; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs54H3c0PzDqX7 for ; Thu, 17 Sep 2020 02:23:11 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=qb9VxKyN; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52h4FPKzDqM5 for ; Thu, 17 Sep 2020 02:21:45 +1000 (AEST) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GGG5RK077275 for ; Wed, 16 Sep 2020 12:21:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=SwxEvwIGbLexnAuu2MMF7clzCACWxSrQefkMfa+Klbg=; b=qb9VxKyNIZLcLdh8IhApGg36YwnwRtxsVx8OvSI24e8xXJtUTuyHHCWBaZ7yFhYoecJU /xACG/oO20WQyqJ/taYFlArxK/vD/LJHBfUOLVFGU2Gou+ljnLFkYEZkZGLORa9h3pxF vW0ptkLR5Q0llDDDl1rmksTQLmZ7Hpt/+GtKaUJC16Hc4iJIPZsXP9nbdoZQGDZPcvKl qKIA+kLl05Agl124Kyf6+F1EtB+3YKq2Lh3ttDCZlhmfkZ65yY/Ktn5dS0pCxtPPdh1n Rv7w6F3Ez2RkzaJbw149Z4bXVXOOzRdsDTi89ElJPuhj1+oCNhQst6XisuSQA1FbbODT 9Q== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0b-001b2d01.pphosted.com with ESMTP id 33kp30053a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:42 -0400 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGHCQB003531 for ; Wed, 16 Sep 2020 16:21:41 GMT Received: from b06cxnps4075.portsmouth.uk.ibm.com (d06relay12.portsmouth.uk.ibm.com [9.149.109.197]) by ppma01fra.de.ibm.com with ESMTP id 33k5v98eeq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:41 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLcrT25493794 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:38 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1DD3611C050; Wed, 16 Sep 2020 16:21:38 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6F5D711C05C; Wed, 16 Sep 2020 16:21:37 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:37 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:13 -0500 Message-Id: <20200916162131.22478-3-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 mlxscore=0 lowpriorityscore=0 suspectscore=1 clxscore=1015 mlxlogscore=999 phishscore=0 priorityscore=1501 malwarescore=0 spamscore=0 bulkscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 02/20] libstb/secureboot: OS Secure Boot is enabled only if FW secureboot is enabled X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Nayna Jain OS Secure Boot establishes a chain of trust from firmware to the OS. However, OS Secure Boot can only be secure if the chain of trust beneath it - from hardware to firmware - has been established by Firmware Secure Boot. This patch ensures that OS Secure Boot is enabled only if Firmware Secure Boot is enabled. Signed-off-by: Nayna Jain Signed-off-by: Eric Richter --- core/init.c | 2 +- libstb/secureboot.c | 5 +++++ libstb/secureboot.h | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/core/init.c b/core/init.c index bff4e968..7ad563e0 100644 --- a/core/init.c +++ b/core/init.c @@ -1260,7 +1260,7 @@ void __noreturn __nomcount main_cpu_entry(const void *fdt) trustedboot_init(); /* Secure variables init, handled by platform */ - if (platform.secvar_init) + if (platform.secvar_init && is_fw_secureboot()) platform.secvar_init(); /* diff --git a/libstb/secureboot.c b/libstb/secureboot.c index 60324809..f8cce285 100644 --- a/libstb/secureboot.c +++ b/libstb/secureboot.c @@ -62,6 +62,11 @@ bool secureboot_is_compatible(struct dt_node *node, int *version, const char **c return false; } +bool is_fw_secureboot(void) +{ + return secure_mode; +} + void secureboot_init(void) { struct dt_node *node; diff --git a/libstb/secureboot.h b/libstb/secureboot.h index 721b28de..74e93c84 100644 --- a/libstb/secureboot.h +++ b/libstb/secureboot.h @@ -18,6 +18,7 @@ enum secureboot_version { void secureboot_enforce(void); bool secureboot_is_compatible(struct dt_node *node, int *version, const char **compat); void secureboot_init(void); +bool is_fw_secureboot(void); /** * secureboot_verify - verify a PNOR partition content From patchwork Wed Sep 16 16:21:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365450 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs56W6SyCz9sTS for ; Thu, 17 Sep 2020 02:25:07 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=frw8H7iB; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs56W5VTszDqXq for ; Thu, 17 Sep 2020 02:25:07 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0b-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=frw8H7iB; dkim-atps=neutral Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52k5wvlzDqMM for ; Thu, 17 Sep 2020 02:21:50 +1000 (AEST) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG5Q9Y004466 for ; Wed, 16 Sep 2020 12:21:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=8YGMfS+QJxEXGO7+bLdDTyG81W9j+8FrQEO3/Dh4fTw=; b=frw8H7iBugWaKSTK4ZcUU79JjoVw2bUB8vzWjssYjIEvdz/QO/p4fSAH1jL0hzm1gNvb OKrySxXkQM6Pxfy2020MGFWHcLKtIQOxHQnpzuUgVJiLy1GQS7j5OXsNJTnXYqWWZsRU 6FqueS3oMrQ25Oq17QSdfi4VNCgEsO7twHRsjWZcygPie29m2f6ykHXK9p4+tNVRpMWC A+EOd9Fs1vE+K8/EKaLXYSe6xY4Vl0TThwcD6CJwk5StbYemkaRt9E0smXso2uMylu9g D8rHKCAxvrnLKpghrdMrCIANTkEHS0xnsw4yF7XLmiZ+Vf9+C4V5btx8z123MFifujnX Kg== Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108]) by mx0a-001b2d01.pphosted.com with ESMTP id 33knuygfp5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:48 -0400 Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1]) by ppma05fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGGqHa026337 for ; Wed, 16 Sep 2020 16:21:42 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma05fra.de.ibm.com with ESMTP id 33k6f2gdy0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:42 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLdRt29098306 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:39 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 12E7D11C058; Wed, 16 Sep 2020 16:21:39 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5A85E11C04C; Wed, 16 Sep 2020 16:21:38 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:38 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:14 -0500 Message-Id: <20200916162131.22478-4-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 mlxscore=0 malwarescore=0 priorityscore=1501 adultscore=0 phishscore=0 bulkscore=0 impostorscore=0 lowpriorityscore=0 mlxlogscore=893 suspectscore=1 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160116 Subject: [Skiboot] [PATCH v6 03/20] include/secvar.h: add .lockdown() hook to secvar storage driver X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Previously, it was implied that the storage driver would lock itself after performing a write action. As this behavior is not particularly clear when reviewing the main secvar flow, this action instead has been made explicit. Signed-off-by: Eric Richter --- include/secvar.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/secvar.h b/include/secvar.h index ec812b85..76525534 100644 --- a/include/secvar.h +++ b/include/secvar.h @@ -9,9 +9,10 @@ struct secvar; struct secvar_storage_driver { - int (*load_bank)(struct list_head *bank, int section); - int (*write_bank)(struct list_head *bank, int section); - int (*store_init)(void); + int (*load_bank)(struct list_head *bank, int section); + int (*write_bank)(struct list_head *bank, int section); + int (*store_init)(void); + void (*lockdown)(void); uint64_t max_var_size; }; From patchwork Wed Sep 16 16:21:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365449 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs5616LShz9sTq for ; Thu, 17 Sep 2020 02:24:41 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=QX6QZX8k; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs5614cdxzDqQB for ; Thu, 17 Sep 2020 02:24:41 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=QX6QZX8k; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52k5wm8zDqM5 for ; Thu, 17 Sep 2020 02:21:47 +1000 (AEST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GGKoZE105167 for ; Wed, 16 Sep 2020 12:21:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=9vR0mTqIfExmJzdYVffokgw1fHWL3YJyMtRnnqF1uDY=; b=QX6QZX8kAV0/z/Is9t5071aB7L/BvyHR1EQU8riK/Q0V4TdNaGtgeWkVUROuWysEBNod dWO37vncjPC7y3ahlStn1sT0h/HvxLd0Kv5Mm0FnHZBmyXY3+tz+ZmIkR/SHkBgYvlVB 23yjMVnCIxPS3ccVaviXlWBHqXPvtHLmZnyPYmYIBf9NRiSfD9ACgRLHsPpqO+XwNtkR yJmwdetJuhk3KgWGpy0lY91yzGSE2iA6f8tqL3XH57BImB32qU/7XJxPpLKN47JyJaqZ 5nuMWUZShX5f3fdyVldqGJVP+oKugKYgb9itBedgcvsmrNW7agvKh8UwardIIOH7333D Zg== Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com with ESMTP id 33kp5800d4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:44 -0400 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGH02o020633 for ; Wed, 16 Sep 2020 16:21:42 GMT Received: from b06avi18878370.portsmouth.uk.ibm.com (b06avi18878370.portsmouth.uk.ibm.com [9.149.26.194]) by ppma04fra.de.ibm.com with ESMTP id 33k64s8e88-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:42 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLd2o29950264 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:39 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F12AB11C04A; Wed, 16 Sep 2020 16:21:39 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4F1F811C04C; Wed, 16 Sep 2020 16:21:39 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:39 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:15 -0500 Message-Id: <20200916162131.22478-5-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=10 spamscore=10 suspectscore=1 mlxlogscore=97 adultscore=0 malwarescore=0 clxscore=1015 phishscore=0 priorityscore=1501 impostorscore=0 mlxscore=10 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 04/20] secvar_main: rework secvar_main error flow, make storage locking explicit X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch adjusts the behavior of secvar_main to actually halt the boot in some form if there is an issue initializing secure variables. The secvar storage driver contains the secure boot state, and therefore if that fails to initialize, we immediately need to halt the boot. For all other cases we enforce secure boot in the bootloader by setting the secure mode flag, but booting with an empty keyring (and thus, cannot verify a kexec image). Previously, the storage driver was expected to handle any locking procedures implicitly as part of the write operation. This patch uses the new lockdown hook which makes locking explicit and part of the secvar_main flow. The storage driver is now locked unconditionally when exiting secvar_main, and the lockdown() call should halt the boot if it encounters any sign of struggle. Signed-off-by: Eric Richter --- V4: - adjusted lines to 80 columns - calls secureboot_enforce() instead of abort() V5: - adjusted and expanded the comments to hopefully make the flow a little easier to follow - renamed .lock() to .lockdown() - renamed out to soft_fail libstb/secvar/secvar_main.c | 81 ++++++++++++++++++++++++++++++------- 1 file changed, 67 insertions(+), 14 deletions(-) diff --git a/libstb/secvar/secvar_main.c b/libstb/secvar/secvar_main.c index b40dd646..d8737621 100644 --- a/libstb/secvar/secvar_main.c +++ b/libstb/secvar/secvar_main.c @@ -8,6 +8,7 @@ #include #include #include +#include #include "secvar.h" #include "secvar_devtree.h" @@ -39,11 +40,14 @@ int secvar_main(struct secvar_storage_driver storage_driver, list_head_init(&variable_bank); list_head_init(&update_bank); + /* + * Failures here should indicate some kind of hardware problem, + * therefore we don't even attempt to continue + */ rc = secvar_storage.store_init(); if (rc) - goto fail; + secureboot_enforce(); - // Failures here should indicate some kind of hardware problem rc = secvar_storage.load_bank(&variable_bank, SECVAR_VARIABLE_BANK); if (rc) goto fail; @@ -52,40 +56,89 @@ int secvar_main(struct secvar_storage_driver storage_driver, if (rc) goto fail; - // At this point, base secvar is functional. Rest is up to the backend + /* + * At this point, base secvar is functional. + * In the event of some error, boot up to Petitboot in secure mode + * with an empty keyring, for an admin to attempt to debug. + */ secvar_ready = 1; secvar_set_status("okay"); - if (secvar_backend.pre_process) + if (secvar_backend.pre_process) { rc = secvar_backend.pre_process(); + if (rc) { + prlog(PR_ERR, "Error in backend pre_process = %d\n", rc); + /* Early failure state, lock the storage */ + secvar_storage.lockdown(); + goto soft_fail; + } + } // Process is required, error if it doesn't exist if (!secvar_backend.process) - goto out; + goto soft_fail; + /* Process variable updates from the update bank. */ rc = secvar_backend.process(); - secvar_set_update_status(rc); + + /* Create and set the update-status device tree property */ + secvar_set_update_status(rc); + + /* + * Only write to the storage if we actually processed updates + * OPAL_EMPTY implies no updates were processed + * Refer to full table in doc/device-tree/ibm,opal/secvar.rst + */ if (rc == OPAL_SUCCESS) { rc = secvar_storage.write_bank(&variable_bank, SECVAR_VARIABLE_BANK); if (rc) - goto out; - - rc = secvar_storage.write_bank(&update_bank, SECVAR_UPDATE_BANK); + goto soft_fail; + } + /* + * Write (and probably clear) the update bank if .process() actually detected + * and handled updates in the update bank. Unlike above, this includes error + * cases, where the backend should probably be clearing the bank. + */ + if (rc != OPAL_EMPTY) { + rc = secvar_storage.write_bank(&update_bank, + SECVAR_UPDATE_BANK); if (rc) - goto out; + goto soft_fail; } + /* Unconditionally lock the storage at this point */ + secvar_storage.lockdown(); - if (secvar_backend.post_process) + if (secvar_backend.post_process) { rc = secvar_backend.post_process(); - if (rc) - goto out; + if (rc) { + prlog(PR_ERR, "Error in backend post_process = %d\n", rc); + goto soft_fail; + } + } prlog(PR_INFO, "secvar initialized successfully\n"); return OPAL_SUCCESS; + fail: + /* Early failure, base secvar support failed to initialize */ secvar_set_status("fail"); -out: + secvar_storage.lockdown(); + secvar_set_secure_mode(); + + prerror("secvar failed to initialize, rc = %04x\n", rc); + return rc; + +soft_fail: + /* + * Soft-failure, enforce secure boot with an empty keyring in + * bootloader for debug/recovery + */ + clear_bank_list(&variable_bank); + clear_bank_list(&update_bank); + secvar_storage.lockdown(); + secvar_set_secure_mode(); + prerror("secvar failed to initialize, rc = %04x\n", rc); return rc; } From patchwork Wed Sep 16 16:21:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365451 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs5711VtYz9sS8 for ; Thu, 17 Sep 2020 02:25:33 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=qtWE3VXj; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs5702vtYzDqXN for ; Thu, 17 Sep 2020 02:25:32 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=qtWE3VXj; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52l16gVzDqNT for ; Thu, 17 Sep 2020 02:21:47 +1000 (AEST) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG25ht082026 for ; Wed, 16 Sep 2020 12:21:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=EEJXdOAPaIraUXY2+e59bnE7iucLAB9DvzF5pcZPtUY=; b=qtWE3VXjtzSQ8b7TOSmxxdzYEfsCOnjVoEEAZ+o0wHwM/L6d9XvoNkjmZYjPYn+1++ty L9Q7tEThjxadi5XFRWplk7wy4eMv0jfLnmAYZilzmKkoKutlojbt5cYS80uSvlNLW/mP j2cIWCShlVwweRbzDkh6ErU3uKP+MV7KHEDUcblLswa+y5BJ9RTQbrkyF7r+tVEDq25J JnjGuW9JEsDCOC6I0fDh0dBOIKI2I/waZe7y9xSqRBQac9boOWtmQ2TTYWydnh/sDjJW hQTSZaxNThJ3dikZIoMjl/BH//nutl5ucKT8tjLC8xsvw0pNk2/anQbyETPtF0edXGwZ Jg== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 33knsnrsbj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:45 -0400 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGI9RD017134 for ; Wed, 16 Sep 2020 16:21:43 GMT Received: from b06avi18878370.portsmouth.uk.ibm.com (b06avi18878370.portsmouth.uk.ibm.com [9.149.26.194]) by ppma04ams.nl.ibm.com with ESMTP id 33k5up8urq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:43 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLeMO29950272 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:40 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E461511C054; Wed, 16 Sep 2020 16:21:40 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3B0C611C04C; Wed, 16 Sep 2020 16:21:40 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:40 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:16 -0500 Message-Id: <20200916162131.22478-6-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 clxscore=1015 malwarescore=0 mlxlogscore=933 phishscore=0 suspectscore=1 lowpriorityscore=0 mlxscore=0 impostorscore=0 spamscore=0 bulkscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 05/20] secvar: change backend hook interface to take in bank references X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Nayna Jain Previously, backends were implicitly expected to operate on global references to the variable and update banks. This patch changes the interface for this driver to instead take the banks in as an argument. This removes the implict dependency on these references, makes the design consistent with the storage driver, and also will simplify unit testing of these functions. Signed-off-by: Nayna Jain Signed-off-by: Eric Richter --- V4: - squashed in a whitespace fix for the storage driver struct V5: - adjusted comments so they don't blow way past the column limit include/secvar.h | 22 +++++++++++++++++----- libstb/secvar/secvar_main.c | 6 +++--- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/include/secvar.h b/include/secvar.h index 76525534..db103953 100644 --- a/include/secvar.h +++ b/include/secvar.h @@ -17,11 +17,23 @@ struct secvar_storage_driver { }; struct secvar_backend_driver { - int (*pre_process)(void); // Perform any pre-processing stuff (e.g. determine secure boot state) - int (*process)(void); // Process all updates - int (*post_process)(void); // Perform any post-processing stuff (e.g. derive/update variables) - int (*validate)(struct secvar *var); // Validate a single variable, return boolean - const char *compatible; // String to use for compatible in secvar node + /* Perform any pre-processing stuff (e.g. determine secure boot state) */ + int (*pre_process)(struct list_head *variable_bank, + struct list_head *update_bank); + + /* Process all updates */ + int (*process)(struct list_head *variable_bank, + struct list_head *update_bank); + + /* Perform any post-processing stuff (e.g. derive/update variables)*/ + int (*post_process)(struct list_head *variable_bank, + struct list_head *update_bank); + + /* Validate a single variable, return boolean */ + int (*validate)(struct secvar *var); + + /* String to use for compatible in secvar node */ + const char *compatible; }; diff --git a/libstb/secvar/secvar_main.c b/libstb/secvar/secvar_main.c index d8737621..759d8ef4 100644 --- a/libstb/secvar/secvar_main.c +++ b/libstb/secvar/secvar_main.c @@ -65,7 +65,7 @@ int secvar_main(struct secvar_storage_driver storage_driver, secvar_set_status("okay"); if (secvar_backend.pre_process) { - rc = secvar_backend.pre_process(); + rc = secvar_backend.pre_process(&variable_bank, &update_bank); if (rc) { prlog(PR_ERR, "Error in backend pre_process = %d\n", rc); /* Early failure state, lock the storage */ @@ -79,7 +79,7 @@ int secvar_main(struct secvar_storage_driver storage_driver, goto soft_fail; /* Process variable updates from the update bank. */ - rc = secvar_backend.process(); + rc = secvar_backend.process(&variable_bank, &update_bank); /* Create and set the update-status device tree property */ secvar_set_update_status(rc); @@ -109,7 +109,7 @@ int secvar_main(struct secvar_storage_driver storage_driver, secvar_storage.lockdown(); if (secvar_backend.post_process) { - rc = secvar_backend.post_process(); + rc = secvar_backend.post_process(&variable_bank, &update_bank); if (rc) { prlog(PR_ERR, "Error in backend post_process = %d\n", rc); goto soft_fail; From patchwork Wed Sep 16 16:21:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365443 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs52v41w3z9sTq for ; Thu, 17 Sep 2020 02:21:59 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=qWyhBbv4; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs52v1pRqzDqNs for ; Thu, 17 Sep 2020 02:21:59 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=qWyhBbv4; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52h5CD4zDqMM for ; Thu, 17 Sep 2020 02:21:48 +1000 (AEST) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GGG3PQ077223 for ; Wed, 16 Sep 2020 12:21:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=zebUlG9CqF8kwGZ/svW05sy6TehIFoSEogqs/huFTC4=; b=qWyhBbv48LKJkah+qCZAuKleZ51mDl6EIJhRYrQzMbMW7FRZywbeCG8YIjvHEYsODUIB ZkCkjM3rCP3HzhFX65C6z70RLcgfnB+TaTMRA4CCJTSWhEBM99bKo2iMBnn+Yj6AXxAH Ct7Ye8kQdQcZLOu9S9em3eoppQMD+CdApYVauQQdvpBXy9bP9e0NWS2js0rsPFyZqxl0 NRZVWoNVVrp1OTycfq7l2tAVuO+800QPWA9zRNI2l5+joTlNomn0g5P29yGex5o37qnt 73p98zzPd3qY4uNUzKCIsAfXo50lS5SDQtS/FWTl5O44PMfmoMFuwFG82cRuANyWNJt7 GQ== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0b-001b2d01.pphosted.com with ESMTP id 33kp30054m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:46 -0400 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGIm5J017718 for ; Wed, 16 Sep 2020 16:21:44 GMT Received: from b06avi18626390.portsmouth.uk.ibm.com (b06avi18626390.portsmouth.uk.ibm.com [9.149.26.192]) by ppma04ams.nl.ibm.com with ESMTP id 33k5up8urr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:44 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGK7ve34537966 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:20:07 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CED5D11C054; Wed, 16 Sep 2020 16:21:41 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2C63A11C050; Wed, 16 Sep 2020 16:21:41 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:41 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:17 -0500 Message-Id: <20200916162131.22478-7-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 mlxscore=0 lowpriorityscore=0 suspectscore=3 clxscore=1015 mlxlogscore=516 phishscore=0 priorityscore=1501 malwarescore=0 spamscore=0 bulkscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 06/20] secvar_util: add new helper functions X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch adds the following helper functions: - dealloc_secvar() - new_secvar() - copy_bank_list() dealloc_secvar() frees a whole secvar_node reference including its children allocations. This also updates the clear_bank_list() helper function to use this destructor. new_secvar() allocates a secvar_node, and fills it with data provided via arguments. copy_bank_list() creates a deep copy of a secvar bank list Signed-off-by: Eric Richter --- libstb/secvar/secvar.h | 5 +++ libstb/secvar/secvar_util.c | 63 +++++++++++++++++++++++++++++++++++-- 2 files changed, 65 insertions(+), 3 deletions(-) diff --git a/libstb/secvar/secvar.h b/libstb/secvar/secvar.h index a0cafbb0..b141b705 100644 --- a/libstb/secvar/secvar.h +++ b/libstb/secvar/secvar.h @@ -43,8 +43,13 @@ extern struct secvar_backend_driver secvar_backend; // Helper functions void clear_bank_list(struct list_head *bank); +int copy_bank_list(struct list_head *dst, struct list_head *src); struct secvar_node *alloc_secvar(uint64_t size); +struct secvar_node *new_secvar(const char *key, uint64_t key_len, + const char *data, uint64_t data_size, + uint64_t flags); int realloc_secvar(struct secvar_node *node, uint64_t size); +void dealloc_secvar(struct secvar_node *node); struct secvar_node *find_secvar(const char *key, uint64_t key_len, struct list_head *bank); int is_key_empty(const char *key, uint64_t key_len); int list_length(struct list_head *bank); diff --git a/libstb/secvar/secvar_util.c b/libstb/secvar/secvar_util.c index 2005de58..3aadbd98 100644 --- a/libstb/secvar/secvar_util.c +++ b/libstb/secvar/secvar_util.c @@ -20,11 +20,31 @@ void clear_bank_list(struct list_head *bank) list_for_each_safe(bank, node, next, link) { list_del(&node->link); + dealloc_secvar(node); + } +} + +int copy_bank_list(struct list_head *dst, struct list_head *src) +{ + struct secvar_node *node, *tmp; - if (node->var) - free(node->var); - free(node); + list_for_each(src, node, link) { + /* Allocate new secvar using actual data size */ + tmp = alloc_secvar(node->var->data_size); + if (!tmp) + return OPAL_NO_MEM; + + /* Copy over flags metadata */ + tmp->flags = node->flags; + + /* Full-clone over the secvar struct */ + memcpy(tmp->var, node->var, tmp->size + sizeof(struct secvar)); + + /* Append to new list */ + list_add_tail(dst, &tmp->link); } + + return OPAL_SUCCESS; } struct secvar_node *alloc_secvar(uint64_t size) @@ -46,6 +66,34 @@ struct secvar_node *alloc_secvar(uint64_t size) return ret; } +struct secvar_node *new_secvar(const char *key, uint64_t key_len, + const char *data, uint64_t data_size, + uint64_t flags) +{ + struct secvar_node *ret; + + if (!key) + return NULL; + if ((!key_len) || (key_len > SECVAR_MAX_KEY_LEN)) + return NULL; + if ((!data) && (data_size)) + return NULL; + + ret = alloc_secvar(data_size); + if (!ret) + return NULL; + + ret->var->key_len = key_len; + ret->var->data_size = data_size; + memcpy(ret->var->key, key, key_len); + ret->flags = flags; + + if (data) + memcpy(ret->var->data, data, data_size); + + return ret; +} + int realloc_secvar(struct secvar_node *node, uint64_t size) { void *tmp; @@ -64,6 +112,15 @@ int realloc_secvar(struct secvar_node *node, uint64_t size) return 0; } +void dealloc_secvar(struct secvar_node *node) +{ + if (!node) + return; + + free(node->var); + free(node); +} + struct secvar_node *find_secvar(const char *key, uint64_t key_len, struct list_head *bank) { struct secvar_node *node = NULL; From patchwork Wed Sep 16 16:21:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365447 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs54m2rxPz9sTS for ; Thu, 17 Sep 2020 02:23:36 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=nV8j71o2; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs54l5ySKzDqXr for ; Thu, 17 Sep 2020 02:23:35 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0b-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=nV8j71o2; dkim-atps=neutral Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52k3Z23zDqLw for ; Thu, 17 Sep 2020 02:21:50 +1000 (AEST) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG5O7J004390 for ; Wed, 16 Sep 2020 12:21:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=3fSzymun4StSS5EruobujT7DCpCQt8n5dlh2PIU2x+I=; b=nV8j71o2gKoK4kb8ArFYMKKJ+LwgObELveKqcvW/7fCAzgeMTJB3e3KeyUJnafdIhwVA BZ33K6l+FIq4fwCbov7T7TwtkjCEQI7mbnoE1qNkBkiFZQ4jX81auzwK+4SM9MzEllp8 8XXJLqqO8/vzsiOO1jAp3wg61baCHfRePU0QMIqsdJ00TeISDkmc1Sk0YzQK+8qbwtJJ QiDYYMIi21PTW5o1F2VQ3/z1shYS2B3CZXupLfP5X55UFLnFHNySF0IEwA1QvUQOLhvr 15+34GLkd6wYGohwqZ8zEUOmLObTOLalxjutM3Br1+NZ+xYz/ELqxVV/aPO+dDQa8xVi zw== Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0a-001b2d01.pphosted.com with ESMTP id 33knuygfqj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:47 -0400 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGJ7Ft007815 for ; Wed, 16 Sep 2020 16:21:45 GMT Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195]) by ppma02fra.de.ibm.com with ESMTP id 33k623ge6s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:45 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLgWn29884708 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:43 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D93EE11C04A; Wed, 16 Sep 2020 16:21:42 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 17B2E11C04C; Wed, 16 Sep 2020 16:21:42 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:41 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:18 -0500 Message-Id: <20200916162131.22478-8-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 mlxscore=0 malwarescore=0 priorityscore=1501 adultscore=0 phishscore=0 bulkscore=0 impostorscore=0 lowpriorityscore=0 mlxlogscore=999 suspectscore=3 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160116 Subject: [Skiboot] [PATCH v6 07/20] secvar: overhaul secvar struct by removing static sized fields X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Eric Richter Originally, the secvar struct was intended to contain all the variable information seperate from the linked list/etc metadata, so that copying and serialization/deserialization could be handled by a single memcpy(). This is fragile, potentially compiler dependent, and doesn't account for endianness. Therefore, this patch removes the static allocation for key, now allocates a buffer for data, and completely removes the now unnecessary secvar_node struct. As a side effect, some of the secvar_util functionality has been tweaked where it makes sense. Most notably alloc_secvar now takes in an extra argument as it now has to allocate the key Signed-off-by: Eric Richter --- libstb/secvar/secvar.h | 24 ++++------ libstb/secvar/secvar_api.c | 68 +++++++++++++-------------- libstb/secvar/secvar_util.c | 93 ++++++++++++++++++------------------- 3 files changed, 88 insertions(+), 97 deletions(-) diff --git a/libstb/secvar/secvar.h b/libstb/secvar/secvar.h index b141b705..fe660217 100644 --- a/libstb/secvar/secvar.h +++ b/libstb/secvar/secvar.h @@ -16,24 +16,18 @@ enum { }; -struct secvar_node { - struct list_node link; - struct secvar *var; - uint64_t flags; // Flag for how *var should be stored - uint64_t size; // How much space was allocated for data -}; - #define SECVAR_FLAG_VOLATILE 0x1 // Instructs storage driver to ignore variable on writes #define SECVAR_FLAG_SECURE_STORAGE 0x2 // Hint for storage driver to select storage location struct secvar { + struct list_node link; uint64_t key_len; uint64_t data_size; - char key[SECVAR_MAX_KEY_LEN]; - char data[0]; + uint64_t flags; + char *key; + char *data; }; - extern struct list_head variable_bank; extern struct list_head update_bank; extern int secvar_enabled; @@ -44,13 +38,13 @@ extern struct secvar_backend_driver secvar_backend; // Helper functions void clear_bank_list(struct list_head *bank); int copy_bank_list(struct list_head *dst, struct list_head *src); -struct secvar_node *alloc_secvar(uint64_t size); -struct secvar_node *new_secvar(const char *key, uint64_t key_len, +struct secvar *alloc_secvar(uint64_t key_len, uint64_t data_size); +struct secvar *new_secvar(const char *key, uint64_t key_len, const char *data, uint64_t data_size, uint64_t flags); -int realloc_secvar(struct secvar_node *node, uint64_t size); -void dealloc_secvar(struct secvar_node *node); -struct secvar_node *find_secvar(const char *key, uint64_t key_len, struct list_head *bank); +int realloc_secvar(struct secvar *node, uint64_t size); +void dealloc_secvar(struct secvar *node); +struct secvar *find_secvar(const char *key, uint64_t key_len, struct list_head *bank); int is_key_empty(const char *key, uint64_t key_len); int list_length(struct list_head *bank); diff --git a/libstb/secvar/secvar_api.c b/libstb/secvar/secvar_api.c index 62c32500..7245e859 100644 --- a/libstb/secvar/secvar_api.c +++ b/libstb/secvar/secvar_api.c @@ -11,7 +11,7 @@ static int64_t opal_secvar_get(const char *key, uint64_t key_len, void *data, uint64_t *data_size) { - struct secvar_node *node; + struct secvar *var; int64_t rc = OPAL_SUCCESS; if (!secvar_enabled) @@ -26,18 +26,18 @@ static int64_t opal_secvar_get(const char *key, uint64_t key_len, void *data, ui if (!data_size) return OPAL_PARAMETER; - node = find_secvar(key, key_len, &variable_bank); - if (!node) + var = find_secvar(key, key_len, &variable_bank); + if (!var) return OPAL_EMPTY; // Variable not found, bail early if (!data) rc = OPAL_SUCCESS; - else if (*data_size < node->var->data_size) + else if (*data_size < var->data_size) rc = OPAL_PARTIAL; else - memcpy(data, node->var->data, node->var->data_size); + memcpy(data, var->data, var->data_size); - *data_size = node->var->data_size; + *data_size = var->data_size; return rc; } @@ -46,7 +46,7 @@ opal_call(OPAL_SECVAR_GET, opal_secvar_get, 4); static int64_t opal_secvar_get_next(char *key, uint64_t *key_len, uint64_t key_buf_size) { - struct secvar_node *node; + struct secvar *var; if (!secvar_enabled) return OPAL_UNSUPPORTED; @@ -64,25 +64,25 @@ static int64_t opal_secvar_get_next(char *key, uint64_t *key_len, uint64_t key_b return OPAL_PARAMETER; if (!is_key_empty(key, *key_len)) { - node = find_secvar(key, *key_len, &variable_bank); - if (!node) + var = find_secvar(key, *key_len, &variable_bank); + if (!var) return OPAL_PARAMETER; - node = list_next(&variable_bank, node, link); + var = list_next(&variable_bank, var, link); } else { - node = list_top(&variable_bank, struct secvar_node, link); + var = list_top(&variable_bank, struct secvar, link); } - if (!node) + if (!var) return OPAL_EMPTY; - if (key_buf_size < node->var->key_len) { - *key_len = node->var->key_len; + if (key_buf_size < var->key_len) { + *key_len = var->key_len; return OPAL_PARTIAL; } - *key_len = node->var->key_len; - memcpy(key, node->var->key, node->var->key_len); + *key_len = var->key_len; + memcpy(key, var->key, var->key_len); return OPAL_SUCCESS; } @@ -91,7 +91,7 @@ opal_call(OPAL_SECVAR_GET_NEXT, opal_secvar_get_next, 3); static int64_t opal_secvar_enqueue_update(const char *key, uint64_t key_len, void *data, uint64_t data_size) { - struct secvar_node *node; + struct secvar *var; if (!secvar_enabled) return OPAL_UNSUPPORTED; @@ -114,41 +114,39 @@ static int64_t opal_secvar_enqueue_update(const char *key, uint64_t key_len, voi if (is_key_empty(key, key_len)) return OPAL_PARAMETER; - node = find_secvar(key, key_len, &update_bank); + var = find_secvar(key, key_len, &update_bank); // Unstage an update if (data_size == 0) { - if (!node) + if (!var) return OPAL_EMPTY; - if (node->var) - free(node->var); - list_del(&node->link); - free(node); + list_del(&var->link); + dealloc_secvar(var); goto out; } - if (node) { - list_del(&node->link); + if (var) { + list_del(&var->link); // Realloc var if too small - if (node->size < data_size) { - if (realloc_secvar(node, data_size)) + if (var->data_size < data_size) { + if (realloc_secvar(var, data_size)) return OPAL_NO_MEM; } else { - memset(node->var, 0x00, sizeof(struct secvar) + node->var->data_size); + memset(var->data, 0x00, var->data_size); } } else { - node = alloc_secvar(data_size); - if (!node) + var = alloc_secvar(key_len, data_size); + if (!var) return OPAL_NO_MEM; } - memcpy(node->var->key, key, key_len); - node->var->key_len = key_len; - memcpy(node->var->data, data, data_size); - node->var->data_size = data_size; + memcpy(var->key, key, key_len); + var->key_len = key_len; + memcpy(var->data, data, data_size); + var->data_size = data_size; - list_add_tail(&update_bank, &node->link); + list_add_tail(&update_bank, &var->link); out: if (secvar_storage.write_bank(&update_bank, SECVAR_UPDATE_BANK)) diff --git a/libstb/secvar/secvar_util.c b/libstb/secvar/secvar_util.c index 3aadbd98..533170a3 100644 --- a/libstb/secvar/secvar_util.c +++ b/libstb/secvar/secvar_util.c @@ -13,33 +13,25 @@ void clear_bank_list(struct list_head *bank) { - struct secvar_node *node, *next; + struct secvar *var, *next; if (!bank) return; - list_for_each_safe(bank, node, next, link) { - list_del(&node->link); - dealloc_secvar(node); + list_for_each_safe(bank, var, next, link) { + list_del(&var->link); + dealloc_secvar(var); } } int copy_bank_list(struct list_head *dst, struct list_head *src) { - struct secvar_node *node, *tmp; + struct secvar *var, *tmp; - list_for_each(src, node, link) { + list_for_each(src, var, link) { /* Allocate new secvar using actual data size */ - tmp = alloc_secvar(node->var->data_size); - if (!tmp) - return OPAL_NO_MEM; - - /* Copy over flags metadata */ - tmp->flags = node->flags; - - /* Full-clone over the secvar struct */ - memcpy(tmp->var, node->var, tmp->size + sizeof(struct secvar)); - + tmp = new_secvar(var->key, var->key_len, var->data, + var->data_size, var->flags); /* Append to new list */ list_add_tail(dst, &tmp->link); } @@ -47,30 +39,38 @@ int copy_bank_list(struct list_head *dst, struct list_head *src) return OPAL_SUCCESS; } -struct secvar_node *alloc_secvar(uint64_t size) +struct secvar *alloc_secvar(uint64_t key_len, uint64_t data_size) { - struct secvar_node *ret; + struct secvar *ret; - ret = zalloc(sizeof(struct secvar_node)); + ret = zalloc(sizeof(struct secvar)); if (!ret) return NULL; - ret->var = zalloc(sizeof(struct secvar) + size); - if (!ret->var) { + ret->key = zalloc(key_len); + if (!ret->key) { + free(ret->key); + return NULL; + } + + ret->data = zalloc(data_size); + if (!ret->data) { + free(ret->key); free(ret); return NULL; } - ret->size = size; + ret->key_len = key_len; + ret->data_size = data_size; return ret; } -struct secvar_node *new_secvar(const char *key, uint64_t key_len, +struct secvar *new_secvar(const char *key, uint64_t key_len, const char *data, uint64_t data_size, uint64_t flags) { - struct secvar_node *ret; + struct secvar *ret; if (!key) return NULL; @@ -79,58 +79,57 @@ struct secvar_node *new_secvar(const char *key, uint64_t key_len, if ((!data) && (data_size)) return NULL; - ret = alloc_secvar(data_size); + ret = alloc_secvar(key_len, data_size); if (!ret) return NULL; - ret->var->key_len = key_len; - ret->var->data_size = data_size; - memcpy(ret->var->key, key, key_len); + memcpy(ret->key, key, key_len); ret->flags = flags; if (data) - memcpy(ret->var->data, data, data_size); + memcpy(ret->data, data, data_size); return ret; } -int realloc_secvar(struct secvar_node *node, uint64_t size) +int realloc_secvar(struct secvar *var, uint64_t size) { void *tmp; - if (node->size >= size) + if (var->data_size >= size) return 0; - tmp = zalloc(sizeof(struct secvar) + size); + tmp = zalloc(size); if (!tmp) return -1; - memcpy(tmp, node->var, sizeof(struct secvar) + node->size); - free(node->var); - node->var = tmp; + memcpy(tmp, var->data, var->data_size); + free(var->data); + var->data = tmp; return 0; } -void dealloc_secvar(struct secvar_node *node) +void dealloc_secvar(struct secvar *var) { - if (!node) + if (!var) return; - free(node->var); - free(node); + free(var->key); + free(var->data); + free(var); } -struct secvar_node *find_secvar(const char *key, uint64_t key_len, struct list_head *bank) +struct secvar *find_secvar(const char *key, uint64_t key_len, struct list_head *bank) { - struct secvar_node *node = NULL; + struct secvar *var = NULL; - list_for_each(bank, node, link) { + list_for_each(bank, var, link) { // Prevent matching shorter key subsets / bail early - if (key_len != node->var->key_len) + if (key_len != var->key_len) continue; - if (!memcmp(key, node->var->key, key_len)) - return node; + if (!memcmp(key, var->key, key_len)) + return var; } return NULL; @@ -150,9 +149,9 @@ int is_key_empty(const char *key, uint64_t key_len) int list_length(struct list_head *bank) { int ret = 0; - struct secvar_node *node; + struct secvar *var; - list_for_each(bank, node, link) + list_for_each(bank, var, link) ret++; return ret; From patchwork Wed Sep 16 16:21:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365452 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs57h1Hj5z9sTS for ; Thu, 17 Sep 2020 02:26:08 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=P5Htg0Pu; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs57d5nQYzDqXN for ; Thu, 17 Sep 2020 02:26:05 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=P5Htg0Pu; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52l3JYpzDqLw for ; Thu, 17 Sep 2020 02:21:51 +1000 (AEST) Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG5bcp026974 for ; Wed, 16 Sep 2020 12:21:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=OeZfP9Xw6++yRVMtyqYxU+IMn5V4SiKXXvSksMbKDz4=; b=P5Htg0PuY9VlY1yV20S+qbpIi1teoahepADUZx89GXYPCGQPlLq3NtoedrYhqb1vsV1M x7US7p2SnCZsBsQg4n9VoheXSq0SGOd8KBhAy3cp/+T6HiBsk0qO8KJKwj7vijAqU1lD ZGT1bKsZRhvX40YRoMzlM2YOKRaWL3uW1D9Roi6iW0h33XCeZb4kebe5fDW4kLG/3zA/ ZWiwpJuAWWAB2fGkDJHy3iH/q45Q7j2zjRPUkyyni8FSnsT1iyDM3jbJuufOo0ghbJOz MnMJSiDbDYs4DA3QtmaMi0rVKl63vUvvi7STqgxXzbYJmVih/d/se/VJ9x+rmxvCkoto /Q== Received: from ppma06fra.de.ibm.com (48.49.7a9f.ip4.static.sl-reverse.com [159.122.73.72]) by mx0a-001b2d01.pphosted.com with ESMTP id 33knp3gwdv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:49 -0400 Received: from pps.filterd (ppma06fra.de.ibm.com [127.0.0.1]) by ppma06fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGGtVN029644 for ; Wed, 16 Sep 2020 16:21:47 GMT Received: from b06cxnps4074.portsmouth.uk.ibm.com (d06relay11.portsmouth.uk.ibm.com [9.149.109.196]) by ppma06fra.de.ibm.com with ESMTP id 33k5u7reed-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:47 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLiTW28967220 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:44 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E380E11C050; Wed, 16 Sep 2020 16:21:43 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 21F2D11C04C; Wed, 16 Sep 2020 16:21:43 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:42 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:19 -0500 Message-Id: <20200916162131.22478-9-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 mlxlogscore=837 lowpriorityscore=0 adultscore=0 malwarescore=0 impostorscore=0 mlxscore=0 bulkscore=0 suspectscore=3 spamscore=0 priorityscore=1501 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 08/20] secvar/test: update API tests for new secvar struct X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Eric Richter This patch adjusts the API unit tests to use the secvar struct rather than the old secvar_node. Where applicable, some manual allocations have also been replaced with the util functions. Signed-off-by: Eric Richter --- libstb/secvar/test/secvar-test-enqueue.c | 6 +++--- libstb/secvar/test/secvar-test-getvar.c | 21 +++++-------------- libstb/secvar/test/secvar-test-nextvar.c | 26 ++++++------------------ 3 files changed, 14 insertions(+), 39 deletions(-) diff --git a/libstb/secvar/test/secvar-test-enqueue.c b/libstb/secvar/test/secvar-test-enqueue.c index 61c22d16..b4b2c140 100644 --- a/libstb/secvar/test/secvar-test-enqueue.c +++ b/libstb/secvar/test/secvar-test-enqueue.c @@ -16,7 +16,7 @@ int run_test(void) { int64_t rc; - struct secvar_node *node; + struct secvar *var; char key[1024] = {0}; uint64_t data_size = 128; @@ -106,8 +106,8 @@ int run_test(void) rc = secvar_enqueue(key, 4, data, data_size); ASSERT(rc == OPAL_SUCCESS); ASSERT(list_length(&update_bank) == 3); // should not increase - node = list_tail(&update_bank, struct secvar_node, link); - ASSERT(!memcmp(node->var->key, key, 4)) // should be at end + var = list_tail(&update_bank, struct secvar, link); + ASSERT(!memcmp(var->key, key, 4)) // should be at end // Unstage the variable update rc = secvar_enqueue(key, 4, NULL, 0); diff --git a/libstb/secvar/test/secvar-test-getvar.c b/libstb/secvar/test/secvar-test-getvar.c index 53885ea1..a2e06681 100644 --- a/libstb/secvar/test/secvar-test-getvar.c +++ b/libstb/secvar/test/secvar-test-getvar.c @@ -14,32 +14,25 @@ int run_test(void) { int64_t rc; - uint64_t size = 4; + uint64_t size; char *temp = zalloc(100); char key[1024] = {0}; - struct secvar_node *node = zalloc(sizeof(struct secvar_node)); - struct secvar *var = zalloc(sizeof(struct secvar) + 1024); // over-allocate for now, this should be rewritten + struct secvar *var; size_t data_size = sizeof("foobar"); char *data = zalloc(data_size); uint64_t key_len = 4; memcpy(data, "foobar", data_size); - memcpy(key, "test", 4); // List should be empty at start - rc = secvar_get(key, key_len, data, &data_size); + rc = secvar_get(key, key_len, temp, &size); ASSERT(rc == OPAL_EMPTY); ASSERT(list_length(&variable_bank) == 0); // Manually add variables, and check get_variable call - var->key_len = key_len; - memcpy(var->key, key, key_len); - var->data_size = data_size; - memcpy(var->data, data, data_size); - - node->var = var; - list_add_tail(&variable_bank, &node->link); + var = new_secvar(key, key_len, data, data_size, 0); + list_add_tail(&variable_bank, &var->link); ASSERT(list_length(&variable_bank) == 1); @@ -88,10 +81,6 @@ int run_test(void) ASSERT(rc == OPAL_RESOURCE); secvar_ready = 1; - list_del(&node->link); - - free(var); - free(node); free(data); free(temp); diff --git a/libstb/secvar/test/secvar-test-nextvar.c b/libstb/secvar/test/secvar-test-nextvar.c index 0b3dea45..dcd9e9d5 100644 --- a/libstb/secvar/test/secvar-test-nextvar.c +++ b/libstb/secvar/test/secvar-test-nextvar.c @@ -10,37 +10,23 @@ int run_test(void) int64_t rc; struct secvar *tmpvar; - struct secvar_node *tmpnode; char key[1024] = {0}; uint64_t key_len = 16; - // Load up the bank with some variables. // If these fail, we have bigger issues. ASSERT(list_length(&variable_bank) == 0); - tmpvar = zalloc(sizeof(struct secvar) + 6); - tmpnode = zalloc(sizeof(struct secvar_node)); - memcpy(tmpvar->key, "test1", 6); // ascii w/ null - tmpvar->key_len = 6; - tmpnode->var = tmpvar; - list_add_tail(&variable_bank, &tmpnode->link); + tmpvar = new_secvar("test1", 6, NULL, 0, 0); + list_add_tail(&variable_bank, &tmpvar->link); ASSERT(list_length(&variable_bank) == 1); - tmpvar = zalloc(sizeof(struct secvar) + 5); - tmpnode = zalloc(sizeof(struct secvar_node)); - memcpy(tmpvar->key, "test2", 5); // ascii w/o null - tmpvar->key_len = 5; - tmpnode->var = tmpvar; - list_add_tail(&variable_bank, &tmpnode->link); + tmpvar = new_secvar("test2", 5, NULL, 0, 0); // ascii w/o null + list_add_tail(&variable_bank, &tmpvar->link); ASSERT(list_length(&variable_bank) == 2); - tmpvar = zalloc(sizeof(struct secvar) + 5*2); - tmpnode = zalloc(sizeof(struct secvar_node)); - memcpy(tmpvar->key, L"test3", 5*2); // wide char "unicode" - tmpvar->key_len = 10; - tmpnode->var = tmpvar; - list_add_tail(&variable_bank, &tmpnode->link); + tmpvar = new_secvar((const char*) L"test3", 5*2, NULL, 0, 0); // wide char "unicode" + list_add_tail(&variable_bank, &tmpvar->link); ASSERT(list_length(&variable_bank) == 3); // Test sequential nexts From patchwork Wed Sep 16 16:21:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365453 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs58P32WGz9sTs for ; Thu, 17 Sep 2020 02:26:45 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=G+p4RS6Q; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs58N6C41zDqMM for ; Thu, 17 Sep 2020 02:26:44 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=G+p4RS6Q; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52l6JpnzDqM5 for ; Thu, 17 Sep 2020 02:21:51 +1000 (AEST) Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG2T3q057399 for ; Wed, 16 Sep 2020 12:21:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=GjUSNb/uA56JgVh3vIMhybchTHkJSQLwwhu9jDstjXI=; b=G+p4RS6QHYiJNO0AAmuxHgeE5R+S3xknijNb+SNgsYTK4OOzf6miXidOOJN9KT+jmyrF BWHefLWqJDxIKygcKrvge44cKB+6h85yD5m8NgE7v8gr08La83dyUd0Mel3/ienFIkOp mmG0HlTGHRZJIcmwBTfnMIr+wTaT8LGMaWNQZagv9F6F/hSPk99w5V/DOHQi1Z4wUzF/ Mrw11sfaEs+mUeuRNyQHAGiuYZlMVsgk/1NwNKQfLD4MaEibUPAaSylvRrbz5Ttkq5vf vMzOAUx1j7G+jjgVVz0p35+8rbRJVXrxG3M5RLgjVT6Kzv1rnG+5ZSx8CfGzzSGjuDee iQ== Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 33km92v32d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:49 -0400 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGIM79029284 for ; Wed, 16 Sep 2020 16:21:47 GMT Received: from b06cxnps3074.portsmouth.uk.ibm.com (d06relay09.portsmouth.uk.ibm.com [9.149.109.194]) by ppma03ams.nl.ibm.com with ESMTP id 33k6esgtnk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:47 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLiql10748164 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:45 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D0C1E11C052; Wed, 16 Sep 2020 16:21:44 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2BB0111C050; Wed, 16 Sep 2020 16:21:44 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:44 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:20 -0500 Message-Id: <20200916162131.22478-10-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=1 phishscore=0 mlxscore=0 impostorscore=0 adultscore=0 lowpriorityscore=0 malwarescore=0 clxscore=1015 priorityscore=1501 spamscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 09/20] hdata/spira: add physical presence flags X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Nayna Jain This patch reads the hdata bits to check for physical presence assertion, and creates device tree entries to be consumed later in the boot. Signed-off-by: Nayna Jain Signed-off-by: Eric Richter --- V5: - added documentation for the device tree nodes created by this patch doc/device-tree/ibm,secureboot.rst | 17 +++++++++++++++++ hdata/spira.c | 11 +++++++++++ hdata/spira.h | 7 ++++++- 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/doc/device-tree/ibm,secureboot.rst b/doc/device-tree/ibm,secureboot.rst index 3113b3f2..42f69b21 100644 --- a/doc/device-tree/ibm,secureboot.rst +++ b/doc/device-tree/ibm,secureboot.rst @@ -39,6 +39,23 @@ Required properties images (e.g. kernels) to be signed by an appropriate key stored in secure variables. + physical-presence-asserted: + this property exists to indicate the physical presence + of user to request key clearance. + + clear-os-keys: this property exists when the firmware indicates that + physical presence is asserted to clear only Host OS + secure boot keys. + + clear-all-keys: this property exists when the firmware indicates that + physical presence is asserted to clear all sensistive + data controlled by platform firmware. + + clear-mfg-keys: this property exists only during manufacturing process + when the firmware indicates to clear all senstive data + during manufacturing. It is only valid on development + drivers. + Obsolete properties ------------------- diff --git a/hdata/spira.c b/hdata/spira.c index 35d6109d..deb2dea4 100644 --- a/hdata/spira.c +++ b/hdata/spira.c @@ -921,6 +921,7 @@ static void dt_init_secureboot_node(const struct iplparams_sysparams *sysparams) struct dt_node *node; u16 sys_sec_setting; u16 hw_key_hash_size; + u16 host_fw_key_clear; node = dt_new(dt_root, "ibm,secureboot"); assert(node); @@ -933,6 +934,16 @@ static void dt_init_secureboot_node(const struct iplparams_sysparams *sysparams) dt_add_property(node, "secure-enabled", NULL, 0); if (sys_sec_setting & SEC_HASHES_EXTENDED_TO_TPM) dt_add_property(node, "trusted-enabled", NULL, 0); + if (sys_sec_setting & PHYSICAL_PRESENCE_ASSERTED) + dt_add_property(node, "physical-presence-asserted", NULL, 0); + + host_fw_key_clear = be16_to_cpu(sysparams->host_fw_key_clear); + if (host_fw_key_clear & KEY_CLEAR_OS_KEYS) + dt_add_property(node, "clear-os-keys", NULL, 0); + if (host_fw_key_clear & KEY_CLEAR_MFG) + dt_add_property(node, "clear-mfg-keys", NULL, 0); + if (host_fw_key_clear & KEY_CLEAR_ALL) + dt_add_property(node, "clear-all-keys", NULL, 0); hw_key_hash_size = be16_to_cpu(sysparams->hw_key_hash_size); diff --git a/hdata/spira.h b/hdata/spira.h index ffe53942..f7a1b823 100644 --- a/hdata/spira.h +++ b/hdata/spira.h @@ -364,10 +364,15 @@ struct iplparams_sysparams { __be16 hv_disp_wheel; /* >= 0x58 */ __be32 nest_freq_mhz; /* >= 0x5b */ uint8_t split_core_mode; /* >= 0x5c */ - uint8_t reserved[3]; + uint8_t reserved[1]; +#define KEY_CLEAR_ALL PPC_BIT16(0) +#define KEY_CLEAR_OS_KEYS PPC_BIT16(1) +#define KEY_CLEAR_MFG PPC_BIT16(7) + __be16 host_fw_key_clear; uint8_t sys_vendor[64]; /* >= 0x5f */ #define SEC_CONTAINER_SIG_CHECKING PPC_BIT16(0) #define SEC_HASHES_EXTENDED_TO_TPM PPC_BIT16(1) +#define PHYSICAL_PRESENCE_ASSERTED PPC_BIT16(3) __be16 sys_sec_setting; /* >= 0x60 */ __be16 tpm_config_bit; /* >= 0x60 */ __be16 tpm_drawer; /* >= 0x60 */ From patchwork Wed Sep 16 16:21:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365456 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs5921DNPz9sTS for ; Thu, 17 Sep 2020 02:27:18 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=DSS3WM2Q; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs5916K4vzDqXP for ; Thu, 17 Sep 2020 02:27:17 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=DSS3WM2Q; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52m6kkfzDqLw for ; Thu, 17 Sep 2020 02:21:52 +1000 (AEST) Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG1PDq053812 for ; Wed, 16 Sep 2020 12:21:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=v370gYbSbYXy0aOtV+NGjYrUurK2n3eLxYiMsrJZqLg=; b=DSS3WM2QwtGfqPEYSYq1jtzRGiIWwKmeHQL+rCxWXHNkYbrrstLbu3dlB9ydq+RaEDXQ bfPZzwzChJl77+z/seuEJv9PNkYz7CJPDMGO/mlCuexh1I5D3lPuBjPxnzWSST/hFnqQ aTIYJiztDNxOQN9Mp1V7vLn3ygzv8zTutbW6/l1KVJBz1cWnaRaHhdQVAUpZ2Iba2Ogj AokPY6SdBqFgk4yIgVcjGOphQeOLNkGgPI8H+HcDY6uTed5WNpZeT9j1jcNeYEyCXvAp 9pZlGw4BTdeLQHwIkDs5oJYlEL3AKeHS5AWgfgL+T1Uwd93CPVe6zs9ieMZfTHIIhmou Cg== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0b-001b2d01.pphosted.com with ESMTP id 33knq10x6g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:50 -0400 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGILGS011830 for ; Wed, 16 Sep 2020 16:21:48 GMT Received: from b06cxnps4075.portsmouth.uk.ibm.com (d06relay12.portsmouth.uk.ibm.com [9.149.109.197]) by ppma06ams.nl.ibm.com with ESMTP id 33k9ge8p2c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:48 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLje025690620 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:45 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BC71811C04A; Wed, 16 Sep 2020 16:21:45 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 19BFF11C04C; Wed, 16 Sep 2020 16:21:45 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:44 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:21 -0500 Message-Id: <20200916162131.22478-11-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 phishscore=0 lowpriorityscore=0 priorityscore=1501 mlxlogscore=833 clxscore=1015 suspectscore=1 mlxscore=0 bulkscore=0 malwarescore=0 spamscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 10/20] secvar_devtree: add physical presence mode helper X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch adds a simple function to detect whether or not physical presence has been asserted. In the current implementation, all physical presence assertion modes are treated the same. Signed-off-by: Eric Richter --- libstb/secvar/secvar_devtree.c | 15 +++++++++++++++ libstb/secvar/secvar_devtree.h | 2 ++ 2 files changed, 17 insertions(+) diff --git a/libstb/secvar/secvar_devtree.c b/libstb/secvar/secvar_devtree.c index 998093f7..5903ee34 100644 --- a/libstb/secvar/secvar_devtree.c +++ b/libstb/secvar/secvar_devtree.c @@ -64,3 +64,18 @@ void secvar_set_update_status(uint64_t val) dt_add_property_u64(secvar_node, "update-status", val); } +bool secvar_check_physical_presence(void) +{ + struct dt_node *secureboot; + + secureboot = dt_find_by_path(dt_root, "ibm,secureboot"); + if (!secureboot) + return false; + + if (dt_find_property(secureboot, "clear-os-keys") + || dt_find_property(secureboot, "clear-all-keys") + || dt_find_property(secureboot, "clear-mfg-keys")) + return true; + + return false; +} diff --git a/libstb/secvar/secvar_devtree.h b/libstb/secvar/secvar_devtree.h index c1c923d9..04eb00de 100644 --- a/libstb/secvar/secvar_devtree.h +++ b/libstb/secvar/secvar_devtree.h @@ -10,4 +10,6 @@ void secvar_init_devnode(const char *compatible); void secvar_set_status(const char *status); void secvar_set_update_status(uint64_t val); +bool secvar_check_physical_presence(void); + #endif From patchwork Wed Sep 16 16:21:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365457 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs59Y68wlz9sTS for ; Thu, 17 Sep 2020 02:27:45 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=lUV3nA0w; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs59Y3MKVzDqXN for ; Thu, 17 Sep 2020 02:27:45 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0b-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=lUV3nA0w; dkim-atps=neutral Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52n6JLqzDqLw for ; Thu, 17 Sep 2020 02:21:53 +1000 (AEST) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG7Foi115719 for ; Wed, 16 Sep 2020 12:21:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=BJOZF6Bm8zhVztaaTpJajCwqkH4l8QOue1T7PjM2I7M=; b=lUV3nA0wVbp+sAyiYGKd1GoyHQVMm2LT6ldRDQxvkY4sRk/o62vDGwFg2N4G/JI3FNzt QZ8lIWaOwdyVwhIh5it95J/gI3lE3WGtl2ToI1/JmzUgmgc5wfXOO13ohYb5WLzdbYNL rU4Z9iOCbGJm7NjmR7mj688riBtHNwERe5K/B5TMucQpHNH+RgT6Zbt0WV5dLWj/hP0O TBRpiZleVSr0k/0jtTnjlqqFIfJzCMjrZDia5dxZ6P9x3i7+Zw+6SZMrItKchVxV4e/B H/IqhN/5ekbgp8N85cLYP8EVOdnFBERkCN2LoPbo2dWWy5diWNg+T7I988ze08LYBkDi AA== Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 33kgc4c7hs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:51 -0400 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGIGIf029273 for ; Wed, 16 Sep 2020 16:21:49 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma03ams.nl.ibm.com with ESMTP id 33k6esgtnm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:49 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLklt14221660 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:46 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A8F9A11C050; Wed, 16 Sep 2020 16:21:46 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 04E2911C04C; Wed, 16 Sep 2020 16:21:46 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:45 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:22 -0500 Message-Id: <20200916162131.22478-12-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 bulkscore=0 spamscore=0 impostorscore=0 phishscore=0 mlxlogscore=999 priorityscore=1501 adultscore=0 mlxscore=0 suspectscore=1 lowpriorityscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160116 Subject: [Skiboot] [PATCH v6 11/20] doc/secvar: add document detailing secvar driver API X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch adds a reference document that explains the intended use for each of the secvar driver API functions to aid in future secvar driver implementations. Signed-off-by: Eric Richter --- doc/secvar/driver-api.rst | 312 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 312 insertions(+) create mode 100644 doc/secvar/driver-api.rst diff --git a/doc/secvar/driver-api.rst b/doc/secvar/driver-api.rst new file mode 100644 index 00000000..32ca5785 --- /dev/null +++ b/doc/secvar/driver-api.rst @@ -0,0 +1,312 @@ +.. _secvar-driver-api: + +Secvar Drivers +============== + +This document will attempt to define the expected behavior of the two secvar +drivers, and how a developer should implement a new one. + + +Storage vs Backend drivers +-------------------------- + +There are two types of drivers for secure variable support, storage and backend +drivers. Storage drivers are the most simple: they control how and where secure +variables are stored for a given platform. Backend drivers on the other hand, +can be bit more complex. They control the overall scheme of OS secureboot -- +from what variables are used, what format the variables are intended to be, how +they are updated, and how to determine the platform's OS secure boot state. + +These drivers are intended to be as self-contained as possible, so that ideally +any combination of storage and backend drivers in the future should be +compatible. + + +Storage Driver API +------------------ + +The storage driver is expected to: + * persist secure variables in a tamper-resistant manner + * handle two logical types of variable lists (referred to as "banks") + * the "variable bank" stores the active list of variables + * the "update bank" stores proposed updates to the variable bank + * handle variables using a specific secvar flag in a sensible manner + +Storage drivers must implement the following hooks for secvar to properly +utilize: + +.. code-block:: c + + struct secvar_storage_driver { + int (*load_bank)(struct list_head *bank, int section); + int (*write_bank)(struct list_head *bank, int section); + int (*store_init)(void); + void (*lock)(void); + uint64_t max_var_size; + }; + +The following subsections will give a summary of each hook, when they are used, +and their expected behavior. + + +store_init +^^^^^^^^^^ + +The ``store_init`` hook is called at the beginning of secure variable +intialization. This hook should perform any initialization logic required for +the other hooks to operate. + +IMPORTANT: If this hook returns an error (non-zero) code, secvar will +immediately halt the boot. When implementing this hook, consider the +implications of any errors in initialization, and whether they may affect the +secure state. For example, if secure state is indeterminable due to some +hardware failure, this is grounds for a halt. + +This hook should only be called once. Subsequent calls should have no effect, +or raise an error. + + +load_bank +^^^^^^^^^ + +The ``load_bank`` hook should load variables from persistent storage into the +in-memory linked lists, for the rest of secvar to operate on. + +The ``bank`` parameter should be an initialized linked list. This list may not +be empty, and this hook should only append variables to the list. + +The variables this hook loads should depend on the ``section`` flag: + * if ``SECVAR_VARIABLE_BANK``, load the active variables + * if ``SECVAR_UPDATE_BANK``, load the proposed updates + +This hook is called twice at the beginning of secure variable initialization, +one for loading each bank type into their respective lists. This hook may be +called again afterwards (e.g. a reset mechanism by a backend). + + +write_bank +^^^^^^^^^^ + +The ``write_bank`` hook should persist variables using some non-volatile +storage (e.g. flash). + +The ``bank`` parameter should be an initialized linked list. This list may be +empty. It is up to the storage driver to determine how to handle this, but it is +strongly recommended to zeroize the storage location. + +The ``section`` parameter indicates which list of variables is to be written +following the same pattern as in ``load_bank``. + +This hook is called for the variable bank if the backend driver reports that +updates were processed. This hook is called for the update bank in all cases +EXCEPT where no updates were found by the backend (this includes error cases). + +This hook should not be called more than once for the variable bank. This hook +is called once in the secvar initialization procedure, and then each time +``opal_secvar_enqueue_update()`` is successfully called. + + +lock +^^^^ + +The ``lock`` hook may perform any write-lock protections as necessary by the +platform. This hook is unconditionally called after the processing step +performed in the main secure variable logic, and should only be called once. +Subsequent calls should have no effect, or raise an error. + +This hook MUST also be called in any error cases that may interrupt the regular +secure variable initialization flow, to prevent leaving the storage mechanism +open to unauthorized writes. + +This hook MUST halt the boot if any internal errors arise that may compromise +the protection of the storage. + +If locking is not applicable to the storage mechanism, this hook may be +implemented as a no-op. + + +max_var_size +^^^^^^^^^^^^ + +The ``max_var_size`` field is not a function hook, but a value to be referenced +by other components to determine the maximum variable size. As this driver is +responsible for persisting variables somewhere, it has the option to determine +the maximum size to use. + + +A Quick Note on Secvar Flags +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +While "communication" between the storage and backend drivers has been +minimized as best as possible, there are a few cases where the storage driver +may need to take a few hints from the backend. + +The ``flags`` field in ``struct secvar_node`` may contain one of the following +values: + +.. code-block:: c + + #define SECVAR_FLAG_VOLATILE 0x1 + #define SECVAR_FLAG_PROTECTED 0x2 + +At time of writing this document, the flags are mutually exclusive, however +this may change in the future. + +``VOLATILE`` indicates that the storage driver should NOT persist this variable +to storage. + +``PROTECTED`` indicates that this variable has a heightened importance than +other variables, and if applicable to the storage driver, stored in a more +secure/tamper-resistant region (e.g. store variables important to secureboot +state in TPM NV rather than PNOR on p9). + + +Backend Driver API +------------------ + +The backend driver at the core defines how secure variables are defined and +processed, and by extension, also how operate the platform's secure boot modes. + +.. code-block:: c + + struct secvar_backend_driver { + int (*pre_process)(struct list_head *variable_bank + struct list_head *update_bank); + int (*process)(struct list_head *variable_bank + struct list_head *update_bank); + int (*post_process)(struct list_head *variable_bank + struct list_head *update_bank); + int (*validate)(struct secvar *var); + const char *compatible; + }; + +The following subsections will give a summary of each hook, when they are used, +and their expected behaviors. + + +pre_process +^^^^^^^^^^^ + +The ``pre_process`` hook is an optional hook that a backend driver may implement +to handle any early logic prior to processing. If this hook is set to ``NULL``, +it is skipped. + +As this hook is called just after loading the variables from the storage driver +but just before ``process``, this hook is provided for convenience to do any +early initialization logic as necessary. + +Any error code returned by this hook will be treated as a failure, and halt +secure variable initialization. + +Example usage: + * initialize empty variables that were not loaded from storage + * allocate any internal structures that may be needed for processing + + +process +^^^^^^^ + +The ``process`` hook is the only required hook, and should contain all variable +update process logic. Unlike the other two hooks, this hook must be defined, or +secure variable initialization will halt. + +This hook is expected to iterate through any variables contained in the +``update_bank`` list argument, and perform any action on the +``variable_bank`` list argument as the backend seems appropriate for the given +update (e.g. add/remove/update variable) + +NOTE: the state of these bank lists will be written to persistent storage as-is, +so for example, if the update bank should be cleared, it should be done prior to +returning from this hook. + +Unlike the other two hooks, this hook may return a series of return codes +indicating various status situations. This return code is exposed in the device +tree at ``secvar/update-status``. See the table below for an expected definition +of the return code meanings. Backends SHOULD document any deviations or +extensions to these definitions for their specific implementation. + +To prevent excessive writes to flash, the main secure variable flow will only +perform writes when the ``process`` hook returns a status that declares +something has been changed. The variable bank is only written to storage if +``process`` returns ``OPAL_SUCCESS``. + +On the other hand, the update bank is written to storage if the return code is +anything other than ``OPAL_EMPTY`` (which signals that there were no updates to +process). This includes all error cases, therefore the backend is responsible +for emptying the update bank prior to exiting with an error, if the bank is to +be cleared. + + +Status codes +"""""""""""" + ++-----------------+-----------------------------------------------+ +| update-status | Generic Reason | ++-----------------+-----------------------------------------------+ +| OPAL_SUCCESS | Updates were found and processed successfully | ++-----------------+-----------------------------------------------+ +| OPAL_EMPTY | No updates were found, none processed | ++-----------------+-----------------------------------------------+ +| OPAL_PARAMETER | Malformed, or unexpected update data blob | ++-----------------+-----------------------------------------------+ +| OPAL_PERMISSION | Update failed to apply, possible auth failure | ++-----------------+-----------------------------------------------+ +| OPAL_HARDWARE | Misc. storage-related error | ++-----------------+-----------------------------------------------+ +| OPAL_RESOURCE | Out of space (reported by storage) | ++-----------------+-----------------------------------------------+ +| OPAL_NO_MEM | Out of memory | ++-----------------+-----------------------------------------------+ + +See also: ``device-tree/ibm,opal/secvar/secvar.rst``. + + +post_process +^^^^^^^^^^^^ + +The ``post_process`` hook is an optional hook that a backend driver may +implement to handle any additional logic after the processing step. Like +``pre_process``, it may be set to ``NULL`` if unused. + +This hook is called AFTER performing any writes to storage, and AFTER locking +the persistant storage. Any changes to the variable bank list in this hook will +NOT be persisted to storage. + +Any error code returned by this hook will be treated as a failure, and halt +secure variable initialization. + +Example usage: + * determine secure boot state (and set ``os-secure-enforcing``) + * remove any variables from the variable bank that do not need to be exposed + * append any additional volatile variables + + +validate +^^^^^^^^ + +!!NOTE!! This is not currently implemented, and the detail below is subject to +change. + +The ``validate`` hook is an optional hook that a backend may implement to check +if a single variable is valid. If implemented, this hook is called during +``opal_secvar_enqueue_update`` to provide more immediate feedback to the caller +on proposed variable validity. + +This hook should return ``OPAL_SUCCESS`` if the validity check passes. Any +other return code is treated as a failure, and will be passed through the +``enqueue_update`` call. + +Example usage: + * check for valid payload data structure + * check for valid signature format + * validate the signature against current variables + * implement a variable white/blacklist + + +compatible +^^^^^^^^^^ + +The compatible field is a required field that declares the compatibility of +this backend driver. This compatible field is exposed in the +``secvar/compatible`` device tree node for subsequent kernels, etc to +determine how to interact with the secure variables. From patchwork Wed Sep 16 16:21:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365458 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs5B4287cz9sTs for ; Thu, 17 Sep 2020 02:28:12 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=fhFqTuti; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs5B35wrfzDqXq for ; Thu, 17 Sep 2020 02:28:11 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=fhFqTuti; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52q0T3zzDqLw for ; Thu, 17 Sep 2020 02:21:54 +1000 (AEST) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG2tdh059211 for ; Wed, 16 Sep 2020 12:21:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=oDoEeDBcTWDFrJ8cxg1/RJQUvkd3b2JkOztSTsUnz20=; b=fhFqTutiZd2+VoUnoy9GtSOhliemBNEy3au0hbx/8MPmpgYNs7pbvqZ1Tr2hnNFIeEeE 3R6TGnP95KkivF8VRuY7zmtBpJRr2BGVj/vyHKWoc5auTPSNlSrbMDksxRZdYlWk8QD2 6JR/yWBkPJcbaMxJwujvYFl/iolUPZ3nO2v4GdW8zqozQY65cB1qhc9T8Zq0+dRAmIJO BuP5sAta6lNFqK7ajKgyNkGHPQKzn9H9zTBORfWUAXwNNVtKfkPX0GKTmepWYWi5jaOh humnwu8OIToMkMdyfBWgU+mHJJBFeowKm+c70T8iMLc6/92KemhSQfgqKaRcbvILWCYy 0g== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0b-001b2d01.pphosted.com with ESMTP id 33knkwh76c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:52 -0400 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGH4c9003496 for ; Wed, 16 Sep 2020 16:21:51 GMT Received: from b06avi18878370.portsmouth.uk.ibm.com (b06avi18878370.portsmouth.uk.ibm.com [9.149.26.194]) by ppma01fra.de.ibm.com with ESMTP id 33k5v98ees-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:50 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLldv19661240 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:47 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B725011C058; Wed, 16 Sep 2020 16:21:47 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E5BE511C04A; Wed, 16 Sep 2020 16:21:46 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:46 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:23 -0500 Message-Id: <20200916162131.22478-13-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 adultscore=0 spamscore=0 impostorscore=0 bulkscore=0 malwarescore=0 phishscore=0 mlxlogscore=999 priorityscore=1501 clxscore=1015 suspectscore=1 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 12/20] core/flash.c: add SECBOOT read and write support X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Claudio Carvalho In secure boot enabled systems, the petitboot linux kernel verifies the OS kernel against x509 certificates that are wrapped in secure variables controlled by OPAL. These secure variables are stored in the PNOR SECBOOT partition, as well as the updates submitted for them using userspace tools. This patch adds read and write support to the PNOR SECBOOT partition in a similar fashion to that of NVRAM, so that OPAL can handle the secure variables. Signed-off-by: Claudio Carvalho Signed-off-by: Eric Richter --- V2: - lowered logging level for secboot_probe V5: - removed hooks from platform.h - expose hooks in skiboot.h core/flash.c | 126 ++++++++++++++++++++++++++++++++++++++++++++++ include/skiboot.h | 3 ++ 2 files changed, 129 insertions(+) diff --git a/core/flash.c b/core/flash.c index de748641..8c1e788c 100644 --- a/core/flash.c +++ b/core/flash.c @@ -59,6 +59,10 @@ static struct lock flash_lock; static struct flash *nvram_flash; static u32 nvram_offset, nvram_size; +/* secboot-on-flash support */ +static struct flash *secboot_flash; +static u32 secboot_offset, secboot_size; + bool flash_reserve(void) { bool rc = false; @@ -93,6 +97,91 @@ bool flash_unregister(void) return true; } +int flash_secboot_info(uint32_t *total_size) +{ + int rc; + + lock(&flash_lock); + if (!secboot_flash) { + rc = OPAL_HARDWARE; + } else if (secboot_flash->busy) { + rc = OPAL_BUSY; + } else { + *total_size = secboot_size; + rc = OPAL_SUCCESS; + } + unlock(&flash_lock); + + return rc; +} + +int flash_secboot_read(void *dst, uint32_t src, uint32_t len) +{ + int rc; + + if (!try_lock(&flash_lock)) + return OPAL_BUSY; + + if (!secboot_flash) { + rc = OPAL_HARDWARE; + goto out; + } + + if (secboot_flash->busy) { + rc = OPAL_BUSY; + goto out; + } + + if ((src + len) > secboot_size) { + prerror("FLASH_SECBOOT: read out of bound (0x%x,0x%x)\n", + src, len); + rc = OPAL_PARAMETER; + goto out; + } + + secboot_flash->busy = true; + unlock(&flash_lock); + + rc = blocklevel_read(secboot_flash->bl, secboot_offset + src, dst, len); + + lock(&flash_lock); + secboot_flash->busy = false; +out: + unlock(&flash_lock); + return rc; +} + +int flash_secboot_write(uint32_t dst, void *src, uint32_t len) +{ + int rc; + + if (!try_lock(&flash_lock)) + return OPAL_BUSY; + + if (secboot_flash->busy) { + rc = OPAL_BUSY; + goto out; + } + + if ((dst + len) > secboot_size) { + prerror("FLASH_SECBOOT: write out of bound (0x%x,0x%x)\n", + dst, len); + rc = OPAL_PARAMETER; + goto out; + } + + secboot_flash->busy = true; + unlock(&flash_lock); + + rc = blocklevel_write(secboot_flash->bl, secboot_offset + dst, src, len); + + lock(&flash_lock); + secboot_flash->busy = false; +out: + unlock(&flash_lock); + return rc; +} + static int flash_nvram_info(uint32_t *total_size) { int rc; @@ -182,6 +271,42 @@ out: return rc; } + +static int flash_secboot_probe(struct flash *flash, struct ffs_handle *ffs) +{ + uint32_t start, size, part; + bool ecc; + int rc; + + prlog(PR_DEBUG, "FLASH: probing for SECBOOT\n"); + + rc = ffs_lookup_part(ffs, "SECBOOT", &part); + if (rc) { + prlog(PR_WARNING, "FLASH: no SECBOOT partition found\n"); + return OPAL_HARDWARE; + } + + rc = ffs_part_info(ffs, part, NULL, + &start, &size, NULL, &ecc); + if (rc) { + /** + * @fwts-label SECBOOTNoPartition + * @fwts-advice OPAL could not find an SECBOOT partition + * on the system flash. Check that the system flash + * has a valid partition table, and that the firmware + * build process has added a SECBOOT partition. + */ + prlog(PR_ERR, "FLASH: Can't parse ffs info for SECBOOT\n"); + return OPAL_HARDWARE; + } + + secboot_flash = flash; + secboot_offset = start; + secboot_size = ecc ? ecc_buffer_size_minus_ecc(size) : size; + + return 0; +} + static int flash_nvram_probe(struct flash *flash, struct ffs_handle *ffs) { uint32_t start, size, part; @@ -332,6 +457,7 @@ static void setup_system_flash(struct flash *flash, struct dt_node *node, prlog(PR_INFO, "registered system flash device %s\n", name); flash_nvram_probe(flash, ffs); + flash_secboot_probe(flash, ffs); } static int num_flashes(void) diff --git a/include/skiboot.h b/include/skiboot.h index 30ff500c..7b71ebd9 100644 --- a/include/skiboot.h +++ b/include/skiboot.h @@ -229,6 +229,9 @@ extern int flash_subpart_info(void *part_header, uint32_t header_len, extern void flash_fw_version_preload(void); extern void flash_dt_add_fw_version(void); extern const char *flash_map_resource_name(enum resource_id id); +extern int flash_secboot_info(uint32_t *total_size); +extern int flash_secboot_read(void *dst, uint32_t src, uint32_t len); +extern int flash_secboot_write(uint32_t dst, void *src, uint32_t len); /* * Decompression routines From patchwork Wed Sep 16 16:21:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365461 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs5Bx75Xqz9sTs for ; Thu, 17 Sep 2020 02:28:57 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Otouk5V7; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs5Bx4tSRzDqX9 for ; Thu, 17 Sep 2020 02:28:57 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Otouk5V7; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52r3sx6zDqM5 for ; Thu, 17 Sep 2020 02:21:56 +1000 (AEST) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG5mTN025586 for ; Wed, 16 Sep 2020 12:21:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=QxZoe8J2j2vOFVq1c8j1wnOdhvr1k4HkJKZFEa+xJUE=; b=Otouk5V7/AC6te1pDwDIDjvimifFJ5uUUs8mZAdX2iPpPWu4Ki11++kH9G3ObPQLupGn VgaqIsrzZGIR9CQGv3s4X8/IEFoFTHj5qDvByVU32YSnR9qLFl02XqTspuiLtoaXs/c9 oPvth/K6yRdVmOrBXldQAzbjTgGALU5F2ap70TkfCzekJupVV3MhpSvUfVpdfpnnvE2/ FcPr2tdoIIfFST7Rh89ZHlFUEussolIlksAREGoANOLGxo/trqfC+7Q3BVes4wpNKtYQ SJ9+6J3qM15TJDSsrVNFLkFDpUWZOdJl0sxmB2NyurkV17rJsPtoJZcoNLHMxXntdO/w 0g== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com with ESMTP id 33kku5n6q4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:54 -0400 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGHJK8011189 for ; Wed, 16 Sep 2020 16:21:51 GMT Received: from b06avi18626390.portsmouth.uk.ibm.com (b06avi18626390.portsmouth.uk.ibm.com [9.149.26.192]) by ppma06ams.nl.ibm.com with ESMTP id 33k9ge8p2f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:51 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGKEtf31588654 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:20:14 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C348211C052; Wed, 16 Sep 2020 16:21:48 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 01B6411C05B; Wed, 16 Sep 2020 16:21:48 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:47 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:24 -0500 Message-Id: <20200916162131.22478-14-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=4 lowpriorityscore=0 clxscore=1015 impostorscore=0 bulkscore=0 phishscore=0 spamscore=0 malwarescore=0 mlxlogscore=999 priorityscore=1501 adultscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 13/20] secvar/storage: add secvar storage driver for pnor-based p9 X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch implements the platform specific logic for persisting the secure variable storage banks across reboots via the SECBOOT PNOR partition. For POWER 9, all secure variables and updates are stored in the in the SECBOOT PNOR partition. The partition is split into three sections: two variable bank sections, and a section for storing updates. The driver alternates writes between the two variable sections, so that the final switch from one set of variables to the next can be as atomic as possible by flipping an "active bit" stored in TPM NV. PNOR space provides no lock protection, so prior to writing the variable bank, a sha256 hash is calculated and stored in TPM NV. This hash is compared against the hash of the variables loaded from PNOR to ensure consistency -- otherwise a failure is reported, no keys are loaded (which should cause skiroot to refuse to boot if secure boot support is enabled). Signed-off-by: Eric Richter --- V5: - overhauled serialization/deserialization: - no longer memcpy's full structs - always uses the tighter packing scheme - cleaned up/merged helper functions - writes all numeric values as BE - change some programming errors to asserts - moved the public name hashes back into the .c file V6: - added a comment to the nv indices to clarify that they are calculated BEFORE writelock is set - added manufacturing-provisioned TPM NV public name hashes - redefine the NV indices if the above hashes are detected - restructured the init flow to accomodate the above changes doc/secvar/secboot_tpm.rst | 175 +++++++ include/secvar.h | 1 + libstb/secvar/secvar.h | 4 +- libstb/secvar/storage/Makefile.inc | 5 +- libstb/secvar/storage/secboot_tpm.c | 737 ++++++++++++++++++++++++++++ libstb/secvar/storage/secboot_tpm.h | 61 +++ libstb/secvar/storage/tpmnv_ops.c | 15 + 7 files changed, 994 insertions(+), 4 deletions(-) create mode 100644 doc/secvar/secboot_tpm.rst create mode 100644 libstb/secvar/storage/secboot_tpm.c create mode 100644 libstb/secvar/storage/secboot_tpm.h create mode 100644 libstb/secvar/storage/tpmnv_ops.c diff --git a/doc/secvar/secboot_tpm.rst b/doc/secvar/secboot_tpm.rst new file mode 100644 index 00000000..8da0c2f0 --- /dev/null +++ b/doc/secvar/secboot_tpm.rst @@ -0,0 +1,175 @@ +.. _secvar/secboot_tpm: + +secboot_tpm secvar storage driver for P9 platforms +================================================== + +Overview +-------- + +This storage driver utilizes the SECBOOT PNOR partition and TPM NV space to +persist secure variables across reboots in a tamper-resistant manner. While +writes to PNOR cannot be completely prevented, writes CAN be prevented to TPM +NV. On the other hand, there is limited available space in TPM NV. + +Therefore, this driver uses both in conjunction: large variable data is written +to SECBOOT, and a hash of the variable data is stored in TPM NV. When the +variables are loaded from SECBOOT, this hash is recalculated and compared +against the value stored in the TPM. If they do not match, then the variables +must have been altered and are not loaded. + +See the following sections for more information on the internals of the driver. + + +Storage Layouts +--------------- + +At a high-level, there are a few major logical components: + + - (PNOR) Variable storage (split in half, active/staging) + - (PNOR) Update storage + - (TPM) Protected variable storage + - (TPM) Bank hashes & active bit + +Variable storage consists of two smaller banks, variable bank 0 and variable +bank 1. Either of the banks may be designated "active" by setting the active +bank bit to either 0 or 1, indicating that the corresponding bank is now +"active". The other bank is then considered "staging". See the "Persisting +Variable Bank Updates" for more on the active/staging bank logic. + +Protected variable storage is stored in ``VARS`` TPM NV index. Unlike the other +variable storage, there is only one bank due to limited storage space. See the +TPM NV Indices section for more. + + +Persisting the Variable Bank +---------------------------- + +When writing a new variable bank to storage, this is (roughly) the procedure the +driver will follow: + +1. write variables to the staging bank +2. calculate hash of the staging bank +3. store the staging bank hash in the TPM NV +4. flip the active bank bit + +This procedure ensures that the switch-over from the old variables to the +new variables is as atomic as possible. This should prevent any possible +issues caused by an interruption during the writing process, such as power loss. + +The bank hashes are a SHA256 hash calculated over the whole region of +storage space allocated to the bank, including unused storage. For consistency, +unused space is always written as zeroes. Like the active/staging variable +banks, there are also two corresponding active/staging bank hashes stored in +the TPM. + + +TPM NV Indices +-------------- + +The driver utilizes two TPM NV indices: + +.. code-block:: c + + # size). datadefine SECBOOT_TPMNV_VARS_INDEX 0x01c10190 + #define SECBOOT_TPMNV_CONTROL_INDEX 0x01c10191 + +The ``VARS`` index stores variables flagged with ``SECVAR_FLAG_PROTECTED``. +These variables are critical to the state of OS secure boot, and therefore +cannot be safely stored in the SECBOOT partition. This index is defined to be +1024 bytes in size, which is enough for the current implementation on P9. It +is kept small by default to preserve the very limited NV index space. + +The ``CONTROL`` index stores the bank hashes, and the bit to determine which +bank is active. See the Active/Staging Bank Swapping section for more. + +Both indices are defined on first boot with the same set of attributes. If the +indices are already defined but not in the expected state, (different +attributes, size, etc), then the driver will halt the boot. Asserting physical +presence will redefine the indices in the correct state. + + +Locking +------- + +PNOR cannot be locked, however the TPM can be. The TPM NV indices are double +protected via two locking mechanisms: + + - The driver's ``.lock()`` hook sends the ``TSS_NV_WriteLock`` TPM command. +This sets the ``WRITELOCKED`` attribute, which is cleared on the next +TPM reset. + + - The TPM NV indices are defined under the platform hierarchy. Skiboot will add +a global lock to all the NV indices under this hierarchy prior to loading a +kernel. This is also reset on the next TPM reset. + +NOTE: The TPM is only reset during a cold reboot. Fast reboots or kexecs will +NOT unlock the TPM. + + +Resetting Storage / Physical Presence +------------------------------------- + +In the case that secure boot/secvar has been rendered unusable, (for example: +corrupted data, lost/compromised private key, improperly defined NV indices, etc) +this storage driver responds to physical presence assertion as a last-resort +method to recover the system. + +Asserting physical presence undefines, and immediately redefines the TPM NV +indices. Defining the NV indices then causes a cascading set of reformats for +the remaining components of storage, similar to a first-boot scenario. + +This driver considers physical presence to be asserted if any of the following +device tree nodes are present in ``ibm,secureboot``: + - ``clear-os-keys`` + - ``clear-all-keys`` + - ``clear-mfg-keys`` + + +Storage Formats/Layouts +======================= + +SECBOOT (PNOR) +-------------- + +Partition Format: + - 8b secboot header + - 4b: u32. magic number, always 0x5053424b + - 1b: u8. version, always 1 + - 3b: unused padding + - 32k: secvars. variable bank 0 + - 32k: secvars. variable bank 1 + - 32k: secvars. update bank + +Variable Format (secvar): + - 8b: u64. key length + - 8b: u64. data size + - 1k: string. key + - (data size). data + +TPM VARS (NV) +------------- + +NV Index Format: + - 8b secboot header + - 4b: u32. magic number, always 0x5053424b + - 1b: u8. version, always 1 + - 3b: unused padding + - 1016b: packed secvars. protected variable storage + +Variable Format (packed secvar): + - 8b: u64. key length + - 8b: u64. data size + - (key length): string. key + - (data size). data + +TPM CONTROL (NV) +---------------- + + - 8b secboot header + - 4b: u32. magic number, always 0x5053424b + - 1b: u8. version, always 1 + - 3b: unused padding + - 1b: u8. active bit, 0 or 1 + - 32b: sha256 hash of variable bank 0 + - 32b: sha256 hash of variable bank 1 + diff --git a/include/secvar.h b/include/secvar.h index db103953..21210277 100644 --- a/include/secvar.h +++ b/include/secvar.h @@ -36,6 +36,7 @@ struct secvar_backend_driver { const char *compatible; }; +extern struct secvar_storage_driver secboot_tpm_driver; int secvar_main(struct secvar_storage_driver, struct secvar_backend_driver); diff --git a/libstb/secvar/secvar.h b/libstb/secvar/secvar.h index fe660217..33cd0a08 100644 --- a/libstb/secvar/secvar.h +++ b/libstb/secvar/secvar.h @@ -16,8 +16,8 @@ enum { }; -#define SECVAR_FLAG_VOLATILE 0x1 // Instructs storage driver to ignore variable on writes -#define SECVAR_FLAG_SECURE_STORAGE 0x2 // Hint for storage driver to select storage location +#define SECVAR_FLAG_VOLATILE 0x1 /* Instructs storage driver to ignore variable on writes */ +#define SECVAR_FLAG_PROTECTED 0x2 /* Instructs storage driver to store in lockable flash */ struct secvar { struct list_node link; diff --git a/libstb/secvar/storage/Makefile.inc b/libstb/secvar/storage/Makefile.inc index 3fd9543a..35fba723 100644 --- a/libstb/secvar/storage/Makefile.inc +++ b/libstb/secvar/storage/Makefile.inc @@ -1,11 +1,12 @@ # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -*-Makefile-*- -SECVAR_STORAGE_DIR = libstb/secvar/storage +SECVAR_STORAGE_DIR = $(SRC)/libstb/secvar/storage SUBDIRS += $(SECVAR_STORAGE_DIR) -SECVAR_STORAGE_SRCS = +SECVAR_STORAGE_SRCS = secboot_tpm.c tpmnv_ops.c +#SECVAR_STORAGE_SRCS = secboot_tpm.c fakenv_ops.c SECVAR_STORAGE_OBJS = $(SECVAR_STORAGE_SRCS:%.c=%.o) SECVAR_STORAGE = $(SECVAR_STORAGE_DIR)/built-in.a diff --git a/libstb/secvar/storage/secboot_tpm.c b/libstb/secvar/storage/secboot_tpm.c new file mode 100644 index 00000000..b6a294b0 --- /dev/null +++ b/libstb/secvar/storage/secboot_tpm.c @@ -0,0 +1,737 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2020 IBM Corp. */ +#ifndef pr_fmt +#define pr_fmt(fmt) "SECBOOT_TPM: " fmt +#endif + +#include +#include +#include +#include +#include "../secvar.h" +#include "../secvar_devtree.h" +#include "secboot_tpm.h" +#include +#include + +#define CYCLE_BIT(b) (b^0x1) + +#define SECBOOT_TPM_MAX_VAR_SIZE 8192 + +struct secboot *secboot_image = NULL; +struct tpmnv_vars *tpmnv_vars_image = NULL; +struct tpmnv_control *tpmnv_control_image = NULL; + +const size_t tpmnv_vars_size = 1024; + +/* Expected TPM NV index name field from NV_ReadPublic given our known + * set of attributes (see tss_nv_define_space). + * See Part 1 Section 16, and Part 2 Section 13.5 of the TPM Specification + * for how this is calculated + * + * These hashes are calculated and checked BEFORE TPM2_NV_WriteLock is called, + * which alters the hash slightly as it sets TPMA_NV_WRITELOCKED + */ +const uint8_t tpmnv_vars_name[] = { + 0x00, 0x0b, 0x94, 0x64, 0x36, 0x25, 0xfc, 0xc1, 0x1d, 0xc1, 0x0e, 0x28, 0xe7, + 0xac, 0xaf, 0xc6, 0x08, 0x8e, 0xda, 0x21, 0xd6, 0x43, 0xd2, 0x77, 0xe7, 0x2d, + 0x83, 0x39, 0x0f, 0xa6, 0xdf, 0xc0, 0x59, 0x37, +}; + +const uint8_t tpmnv_control_name[] = { + 0x00, 0x0b, 0xad, 0x47, 0x6b, 0xa5, 0xdf, 0xb1, 0xe2, 0x18, 0x50, 0xf6, 0x05, + 0x67, 0xe8, 0x8b, 0xa9, 0x0f, 0x86, 0x1f, 0x06, 0xab, 0x43, 0x96, 0x7f, 0x6e, + 0x85, 0x33, 0x5b, 0xa6, 0xf0, 0x63, 0x73, 0xd0, +}; + +const uint8_t tpmnv_vars_prov_name[] = { + 0x00, 0x0b, 0x58, 0x36, 0x2c, 0xbf, 0xec, 0x0e, 0xcc, 0xbf, 0xa9, 0x41, 0x94, + 0xe9, 0x95, 0xe8, 0x3b, 0xd7, 0x8b, 0x52, 0xac, 0x61, 0x6f, 0xe6, 0x42, 0x93, + 0xbb, 0x5a, 0x79, 0x9f, 0xcc, 0x60, 0x5e, 0x8d, +}; + +const uint8_t tpmnv_control_prov_name[] = { + 0x00, 0x0b, 0x7b, 0xd6, 0x02, 0xac, 0xf5, 0x34, 0x54, 0x5c, 0x3e, 0xda, 0xe5, + 0xb2, 0xe4, 0x93, 0x4f, 0x36, 0xfb, 0x7f, 0xea, 0xbe, 0xfa, 0x3c, 0xfe, 0xed, + 0x6a, 0x12, 0xfb, 0xc8, 0xf7, 0x92, 0x0e, 0xd3, +}; + +/* Calculate a SHA256 hash over the supplied buffer */ +static int calc_bank_hash(char *target_hash, const char *source_buf, uint64_t size) +{ + mbedtls_sha256_context ctx; + int rc; + + mbedtls_sha256_init(&ctx); + + rc = mbedtls_sha256_update_ret(&ctx, source_buf, size); + if (rc) + goto out; + + mbedtls_sha256_finish_ret(&ctx, target_hash); + if (rc) + goto out; + +out: + mbedtls_sha256_free(&ctx); + return rc; +} + +/* Reformat the TPMNV space */ +static int tpmnv_format(void) +{ + int rc; + + memset(tpmnv_vars_image, 0x00, tpmnv_vars_size); + memset(tpmnv_control_image, 0x00, sizeof(struct tpmnv_control)); + + tpmnv_vars_image->header.magic_number = SECBOOT_MAGIC_NUMBER; + tpmnv_vars_image->header.version = SECBOOT_VERSION; + tpmnv_control_image->header.magic_number = SECBOOT_MAGIC_NUMBER; + tpmnv_control_image->header.version = SECBOOT_VERSION; + + /* Counts as first write to the TPM NV, which sets the + * TPMA_NVA_WRITTEN attribute */ + rc = tpmnv_ops.write(SECBOOT_TPMNV_VARS_INDEX, + tpmnv_vars_image, + tpmnv_vars_size, 0); + if (rc) { + prlog(PR_ERR, "Could not write new formatted data to VARS index, rc=%d\n", rc); + return rc; + } + + rc = tpmnv_ops.write(SECBOOT_TPMNV_CONTROL_INDEX, + tpmnv_control_image, + sizeof(struct tpmnv_control), 0); + if (rc) + prlog(PR_ERR, "Could not write new formatted data to CONTROL index, rc=%d\n", rc); + + return rc; +} + +/* Reformat the secboot PNOR space */ +static int secboot_format(void) +{ + int rc; + + memset(secboot_image, 0x00, sizeof(struct secboot)); + + secboot_image->header.magic_number = SECBOOT_MAGIC_NUMBER; + secboot_image->header.version = SECBOOT_VERSION; + + /* Write the hash of the empty bank to the tpm so future loads work */ + rc = calc_bank_hash(tpmnv_control_image->bank_hash[0], + secboot_image->bank[0], + SECBOOT_VARIABLE_BANK_SIZE); + if (rc) { + prlog(PR_ERR, "Bank hash failed to calculate somehow\n"); + return rc; + } + + rc = tpmnv_ops.write(SECBOOT_TPMNV_CONTROL_INDEX, + tpmnv_control_image->bank_hash[0], + SHA256_DIGEST_SIZE, + offsetof(struct tpmnv_control, + bank_hash[0])); + if (rc) { + prlog(PR_ERR, "Could not write fresh formatted bank hashes to CONTROL index, rc=%d\n", rc); + return rc; + } + + rc = flash_secboot_write(0, secboot_image, sizeof(struct secboot)); + if (rc) + prlog(PR_ERR, "Could not write formatted data to PNOR, rc=%d\n", rc); + + return rc; +} + + +/* + * Serialize one variable to a target memory location. + * Returns the advanced target pointer, + * NULL if advanced pointer would exceed the supplied bound + */ +static char *secboot_serialize_secvar(char *target, const struct secvar *var, const char *end) +{ + if ((target + sizeof(uint64_t) + sizeof(uint64_t) + + var->key_len + var->data_size) > end) + return NULL; + + *((uint64_t*) target) = cpu_to_be64(var->key_len); + target += sizeof(var->key_len); + *((uint64_t*) target) = cpu_to_be64(var->data_size); + target += sizeof(var->data_size); + memcpy(target, var->key, var->key_len); + target += var->key_len; + memcpy(target, var->data, var->data_size); + target += var->data_size; + + return target; +} + + +/* Flattens a linked-list bank into a contiguous buffer for writing */ +static int secboot_serialize_bank(const struct list_head *bank, char *target, + size_t target_size, int flags) +{ + struct secvar *var; + char *end = target + target_size; + + assert(bank); + assert(target); + + memset(target, 0x00, target_size); + + list_for_each(bank, var, link) { + if (var->flags != flags) + continue; + + target = secboot_serialize_secvar(target, var, end); + if (!target) { + prlog(PR_ERR, "Ran out of %s space, giving up!", + (flags & SECVAR_FLAG_PROTECTED) ? "TPMNV" : "PNOR"); + return OPAL_EMPTY; + } + } + + return OPAL_SUCCESS; +} + +/* Helper for the variable-bank specific writing logic */ +static int secboot_tpm_write_variable_bank(const struct list_head *bank) +{ + int rc; + uint64_t bit; + + bit = CYCLE_BIT(tpmnv_control_image->active_bit); + /* Serialize TPMNV variables */ + rc = secboot_serialize_bank(bank, tpmnv_vars_image->vars, tpmnv_vars_size - sizeof(struct tpmnv_vars), SECVAR_FLAG_PROTECTED); + if (rc) + goto out; + + + /* Write TPMNV variables to actual NV */ + rc = tpmnv_ops.write(SECBOOT_TPMNV_VARS_INDEX, tpmnv_vars_image, tpmnv_vars_size, 0); + if (rc) + goto out; + + /* Serialize the PNOR variables, but don't write to flash until after the bank hash */ + rc = secboot_serialize_bank(bank, secboot_image->bank[bit], SECBOOT_VARIABLE_BANK_SIZE, 0); + if (rc) + goto out; + + /* Calculate the bank hash, and write to TPM NV */ + rc = calc_bank_hash(tpmnv_control_image->bank_hash[bit], secboot_image->bank[bit], SECBOOT_VARIABLE_BANK_SIZE); + if (rc) + goto out; + + rc = tpmnv_ops.write(SECBOOT_TPMNV_CONTROL_INDEX, tpmnv_control_image->bank_hash[bit], + SHA256_DIGEST_LENGTH, offsetof(struct tpmnv_control, bank_hash[bit])); + if (rc) + goto out; + + /* Write new variable bank to pnor */ + rc = flash_secboot_write(0, secboot_image, sizeof(struct secboot)); + if (rc) + goto out; + + /* Flip the bit, and write to TPM NV */ + tpmnv_control_image->active_bit = bit; + rc = tpmnv_ops.write(SECBOOT_TPMNV_CONTROL_INDEX, + &tpmnv_control_image->active_bit, + sizeof(tpmnv_control_image->active_bit), + offsetof(struct tpmnv_control, active_bit)); +out: + + return rc; +} + +static int secboot_tpm_write_bank(struct list_head *bank, int section) +{ + int rc; + + switch (section) { + case SECVAR_VARIABLE_BANK: + rc = secboot_tpm_write_variable_bank(bank); + break; + case SECVAR_UPDATE_BANK: + memset(secboot_image->update, 0, SECBOOT_UPDATE_BANK_SIZE); + rc = secboot_serialize_bank(bank, secboot_image->update, + SECBOOT_UPDATE_BANK_SIZE, 0); + if (rc) + break; + + rc = flash_secboot_write(0, secboot_image, + sizeof(struct secboot)); + break; + default: + rc = OPAL_HARDWARE; + } + + return rc; +} + + +/* + * Deserialize a single secvar from a buffer. + * Returns an advanced pointer, and an allocated secvar in *var. + * Returns NULL if out of bounds reached, or out of memory. + */ +static int secboot_deserialize_secvar(struct secvar **var, char **src, const char *end) +{ + uint64_t key_len; + uint64_t data_size; + struct secvar *ret; + + assert(var); + + /* Load in the two header values */ + key_len = be64_to_cpu(*((uint64_t *) *src)); + *src += sizeof(uint64_t); + data_size = be64_to_cpu(*((uint64_t *) *src)); + *src += sizeof(uint64_t); + + /* Check if we've reached the last var to deserialize */ + if ((key_len == 0) && (data_size == 0)) { + return OPAL_EMPTY; + } + + if (key_len > SECVAR_MAX_KEY_LEN) { + prlog(PR_ERR, "Deserialization failed: key length exceeded maximum value" + "%llu > %u", key_len, SECVAR_MAX_KEY_LEN); + return OPAL_RESOURCE; + } + if (data_size > SECBOOT_TPM_MAX_VAR_SIZE) { + prlog(PR_ERR, "Deserialization failed: data size exceeded maximum value" + "%llu > %u", key_len, SECBOOT_TPM_MAX_VAR_SIZE); + return OPAL_RESOURCE; + } + + /* Make sure these fields aren't oversized... */ + if ((*src + key_len + data_size) > end) { + *var = NULL; + prlog(PR_ERR, "key_len or data_size exceeded the expected bounds"); + return OPAL_RESOURCE; + } + + ret = alloc_secvar(key_len, data_size); + if (!ret) { + *var = NULL; + prlog(PR_ERR, "Out of memory, could not allocate new secvar"); + return OPAL_NO_MEM; + } + + /* Load in variable-sized data */ + memcpy(ret->key, *src, ret->key_len); + *src += ret->key_len; + memcpy(ret->data, *src, ret->data_size); + *src += ret->data_size; + + *var = ret; + + return OPAL_SUCCESS; +} + + +/* Load variables from a flattened buffer into a bank list */ +static int secboot_tpm_deserialize_from_buffer(struct list_head *bank, char *src, + uint64_t size, uint64_t flags) +{ + struct secvar *var; + char *cur; + char *end; + int rc = 0; + + cur = src; + end = src + size; + + while (cur < end) { + /* Ensure there is enough space to even check for another var header */ + if ((end - cur) < (sizeof(uint64_t) * 2)) + break; + + rc = secboot_deserialize_secvar(&var, &cur, end); + switch (rc) { + case OPAL_RESOURCE: + case OPAL_NO_MEM: + goto fail; + case OPAL_EMPTY: + goto done; + default: assert(1); + } + + var->flags |= flags; + + list_add_tail(bank, &var->link); + } +done: + return OPAL_SUCCESS; +fail: + clear_bank_list(bank); + return rc; +} + +static int secboot_tpm_load_variable_bank(struct list_head *bank) +{ + char bank_hash[SHA256_DIGEST_LENGTH]; + uint64_t bit = tpmnv_control_image->active_bit; + int rc; + + /* Check the hash of the bank we loaded from PNOR + * versus the expected hash in TPM NV */ + rc = calc_bank_hash(bank_hash, + secboot_image->bank[bit], + SECBOOT_VARIABLE_BANK_SIZE); + if (rc) + return rc; + + if (memcmp(bank_hash, + tpmnv_control_image->bank_hash[bit], + SHA256_DIGEST_LENGTH)) + /* Tampered pnor space detected, abandon ship */ + return OPAL_PERMISSION; + + rc = secboot_tpm_deserialize_from_buffer(bank, tpmnv_vars_image->vars, tpmnv_vars_size, SECVAR_FLAG_PROTECTED); + if (rc) + return rc; + + return secboot_tpm_deserialize_from_buffer(bank, secboot_image->bank[bit], SECBOOT_VARIABLE_BANK_SIZE, 0); +} + + +static int secboot_tpm_load_bank(struct list_head *bank, int section) +{ + switch (section) { + case SECVAR_VARIABLE_BANK: + return secboot_tpm_load_variable_bank(bank); + case SECVAR_UPDATE_BANK: + return secboot_tpm_deserialize_from_buffer(bank, secboot_image->update, SECBOOT_UPDATE_BANK_SIZE, 0); + } + + return OPAL_HARDWARE; +} + +static int secboot_tpm_get_tpmnv_names(char *nv_vars_name, char *nv_control_name) +{ + TPMS_NV_PUBLIC nv_public; /* Throwaway, we only want the name field */ + TPM2B_NAME vars_tmp; + TPM2B_NAME control_tmp; + int rc; + + rc = tpmnv_ops.readpublic(SECBOOT_TPMNV_VARS_INDEX, + &nv_public, + &vars_tmp); + if (rc) { + prlog(PR_ERR, "Failed to readpublic from the VARS index, rc=%d\n", rc); + return rc; + } + rc = tpmnv_ops.readpublic(SECBOOT_TPMNV_CONTROL_INDEX, + &nv_public, + &control_tmp); + if (rc) { + prlog(PR_ERR, "Failed to readpublic from the CONTROL index, rc=%d\n", rc); + return rc; + } + + memcpy(nv_vars_name, vars_tmp.t.name, MIN(sizeof(tpmnv_vars_name), vars_tmp.t.size)); + memcpy(nv_control_name, control_tmp.t.name, MIN(sizeof(tpmnv_control_name), control_tmp.t.size)); + + return OPAL_SUCCESS; +} + + +/* Ensure the NV indices were defined with the correct set of attributes */ +static int secboot_tpm_check_tpmnv_attrs(char *nv_vars_name, char *nv_control_name) +{ + if (memcmp(tpmnv_vars_name, + nv_vars_name, + sizeof(tpmnv_vars_name))) { + prlog(PR_ERR, "VARS index not defined with the correct attributes\n"); + return OPAL_RESOURCE; + } + if (memcmp(tpmnv_control_name, + nv_control_name, + sizeof(tpmnv_control_name))) { + prlog(PR_ERR, "CONTROL index not defined with the correct attributes\n"); + return OPAL_RESOURCE; + } + + return OPAL_SUCCESS; +} + +static bool secboot_tpm_check_provisioned_indices(char *nv_vars_name, char *nv_control_name) +{ + /* Check for provisioned NV indices, redefine them if detected. */ + if (!memcmp(tpmnv_vars_prov_name, + nv_vars_name, + sizeof(tpmnv_vars_prov_name)) && + !memcmp(tpmnv_control_prov_name, + nv_control_name, + sizeof(tpmnv_control_prov_name))) { + return true; + } + + /* + * If one matches but the other doesn't, do NOT redefine. + * The next step should detect they don't match the expected values + * and fail the boot. + */ + return false; +} + +static int secboot_tpm_define_indices(void) +{ + int rc = OPAL_SUCCESS; + + rc = tpmnv_ops.definespace(SECBOOT_TPMNV_VARS_INDEX, tpmnv_vars_size); + if (rc) { + prlog(PR_ERR, "Failed to define the VARS index, rc=%d\n", rc); + return rc; + } + + rc = tpmnv_ops.definespace(SECBOOT_TPMNV_CONTROL_INDEX, sizeof(struct tpmnv_control)); + if (rc) { + prlog(PR_ERR, "Failed to define the CONTROL index, rc=%d\n", rc); + return rc; + } + + rc = tpmnv_format(); + if (rc) + return rc; + + /* TPM NV just got redefined, so unconditionally format the SECBOOT partition */ + return secboot_format(); +} + +static int secboot_tpm_undefine_indices(bool *vars_defined, bool *control_defined) +{ + int rc; + + if (vars_defined) { + rc = tpmnv_ops.undefinespace(SECBOOT_TPMNV_VARS_INDEX); + if (rc) { + prlog(PR_ERR, "Failed to undefine VARS, something is seriously wrong\n"); + return rc; + } + } + + if (control_defined) { + rc = tpmnv_ops.undefinespace(SECBOOT_TPMNV_CONTROL_INDEX); + if (rc) { + prlog(PR_ERR, "Failed to undefine CONTROL, something is seriously wrong\n"); + return rc; + } + } + + *vars_defined = *control_defined = false; + + return OPAL_SUCCESS; +} + + +static int secboot_tpm_store_init(void) +{ + int rc; + unsigned int secboot_size; + + TPMI_RH_NV_INDEX *indices = NULL; + char nv_vars_name[sizeof(tpmnv_vars_name)]; + char nv_control_name[sizeof(tpmnv_control_name)]; + size_t count = 0; + bool control_defined = false; + bool vars_defined = false; + int i; + + if (secboot_image) + return OPAL_SUCCESS; + + prlog(PR_DEBUG, "Initializing for pnor+tpm based platform\n"); + + /* Initialize SECBOOT first, we may need to format this later */ + rc = flash_secboot_info(&secboot_size); + if (rc) { + prlog(PR_ERR, "error %d retrieving keystore info\n", rc); + goto error; + } + if (sizeof(struct secboot) > secboot_size) { + prlog(PR_ERR, "secboot partition %d KB too small. min=%ld\n", + secboot_size >> 10, sizeof(struct secboot)); + rc = OPAL_RESOURCE; + goto error; + } + + secboot_image = memalign(0x1000, sizeof(struct secboot)); + if (!secboot_image) { + prlog(PR_ERR, "Failed to allocate space for the secboot image\n"); + rc = OPAL_NO_MEM; + goto error; + } + + /* Read in the PNOR data, bank hash is checked on call to .load_bank() */ + rc = flash_secboot_read(secboot_image, 0, sizeof(struct secboot)); + if (rc) { + prlog(PR_ERR, "failed to read the secboot partition, rc=%d\n", rc); + goto error; + } + + /* Allocate the tpmnv data buffers */ + tpmnv_vars_image = zalloc(tpmnv_vars_size); + if (!tpmnv_vars_image) + return OPAL_NO_MEM; + tpmnv_control_image = zalloc(sizeof(struct tpmnv_control)); + if (!tpmnv_control_image) + return OPAL_NO_MEM; + + /* Check if the NV indices have been defined already */ + rc = tpmnv_ops.getindices(&indices, &count); + if (rc) { + prlog(PR_ERR, "Could not load defined indicies from TPM, rc=%d\n", rc); + goto error; + } + + for (i = 0; i < count; i++) { + if (indices[i] == SECBOOT_TPMNV_VARS_INDEX) + vars_defined = true; + else if (indices[i] == SECBOOT_TPMNV_CONTROL_INDEX) + control_defined = true; + } + free(indices); + + /* Undefine the NV indices if physical presence has been asserted */ + if (secvar_check_physical_presence()) { + prlog(PR_INFO, "Physical presence asserted, redefining NV indices, and resetting keystore\n"); + rc = secboot_tpm_undefine_indices(&vars_defined, &control_defined); + if (rc) + goto error; + + rc = secboot_tpm_define_indices(); + if (rc) + goto error; + + /* Indices got defined and formatted, we're done here */ + goto done; + } + /* Determine if we need to define the indices. These should BOTH be false or true */ + if (!vars_defined && !control_defined) { + rc = secboot_tpm_define_indices(); + if (rc) + goto error; + + /* Indices got defined and formatted, we're done here */ + goto done; + } + if (vars_defined ^ control_defined) { + /* This should never happen. Both indices should be defined at the same + * time. Otherwise something seriously went wrong. */ + prlog(PR_ERR, "NV indices defined with unexpected attributes. Assert physical presence to clear\n"); + goto error; + } + + /* Both indices are defined, now need to validate their contents */ + + rc = secboot_tpm_get_tpmnv_names(nv_vars_name, nv_control_name); + if (rc) + goto error; + + /* Check for provisioned TPMNV indices, redefine them if detected */ + if (secboot_tpm_check_provisioned_indices(nv_vars_name, nv_control_name)) { + prlog(PR_INFO, "Provisioned TPM NV indices detected, redefining NV indices, and resetting keystore\n"); + rc = secboot_tpm_undefine_indices(&vars_defined, &control_defined); + if (rc) + goto error; + + rc = secboot_tpm_define_indices(); + if (rc) + goto error; + + /* Indices got defined and formatted, we're done here */ + goto done; + } + + /* Otherwise, ensure the NV indices were defined with the correct set of attributes */ + rc = secboot_tpm_check_tpmnv_attrs(nv_vars_name, nv_control_name); + if (rc) + goto error; + + + /* TPMNV indices exist, are correct, and weren't just formatted, so read them in */ + rc = tpmnv_ops.read(SECBOOT_TPMNV_VARS_INDEX, + tpmnv_vars_image, + tpmnv_vars_size, 0); + if (rc) { + prlog(PR_ERR, "Failed to read from the VARS index\n"); + goto error; + } + + rc = tpmnv_ops.read(SECBOOT_TPMNV_CONTROL_INDEX, + tpmnv_control_image, + sizeof(struct tpmnv_control), 0); + if (rc) { + prlog(PR_ERR, "Failed to read from the CONTROL index\n"); + goto error; + } + + /* Verify the header information is correct */ + if (tpmnv_vars_image->header.magic_number != SECBOOT_MAGIC_NUMBER || + tpmnv_control_image->header.magic_number != SECBOOT_MAGIC_NUMBER || + tpmnv_vars_image->header.version != SECBOOT_VERSION || + tpmnv_control_image->header.version != SECBOOT_VERSION) { + prlog(PR_ERR, "TPMNV indices defined, but contain bad data. Assert physical presence to clear\n"); + goto error; + } + + /* Verify the secboot partition header information, + * reformat if incorrect + * Note: Future variants should attempt to handle older versions safely + */ + if (secboot_image->header.magic_number != SECBOOT_MAGIC_NUMBER || + secboot_image->header.version != SECBOOT_VERSION) { + rc = secboot_format(); + if (rc) + goto error; + } + +done: + return OPAL_SUCCESS; + +error: + free(secboot_image); + secboot_image = NULL; + free(tpmnv_vars_image); + tpmnv_vars_image = NULL; + free(tpmnv_control_image); + tpmnv_control_image = NULL; + + return rc; +} + + +static void secboot_tpm_lockdown(void) +{ + /* Note: While write lock is called here on the two NV indices, + * both indices are also defined on the platform hierarchy. + * The platform hierarchy auth is set later in the skiboot + * initialization process, and not by any secvar-related code. + */ + int rc; + + rc = tpmnv_ops.writelock(SECBOOT_TPMNV_VARS_INDEX); + if (rc) { + prlog(PR_EMERG, "TSS Write Lock failed on VARS index, halting.\n"); + abort(); + } + + rc = tpmnv_ops.writelock(SECBOOT_TPMNV_CONTROL_INDEX); + if (rc) { + prlog(PR_EMERG, "TSS Write Lock failed on CONTROL index, halting.\n"); + abort(); + } +} + +struct secvar_storage_driver secboot_tpm_driver = { + .load_bank = secboot_tpm_load_bank, + .write_bank = secboot_tpm_write_bank, + .store_init = secboot_tpm_store_init, + .lockdown = secboot_tpm_lockdown, + .max_var_size = SECBOOT_TPM_MAX_VAR_SIZE, +}; diff --git a/libstb/secvar/storage/secboot_tpm.h b/libstb/secvar/storage/secboot_tpm.h new file mode 100644 index 00000000..30a747a7 --- /dev/null +++ b/libstb/secvar/storage/secboot_tpm.h @@ -0,0 +1,61 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2020 IBM Corp. */ +#ifndef _SECBOOT_TPM_H_ +#define _SECBOOT_TPM_H_ + +#include + +#define SECBOOT_VARIABLE_BANK_SIZE 32000 +#define SECBOOT_UPDATE_BANK_SIZE 32000 + +#define SECBOOT_VARIABLE_BANK_NUM 2 + +/* Because mbedtls doesn't define this? */ +#define SHA256_DIGEST_LENGTH 32 + +/* 0x5053424b = "PSBK" or Power Secure Boot Keystore */ +#define SECBOOT_MAGIC_NUMBER 0x5053424b +#define SECBOOT_VERSION 1 + +#define SECBOOT_TPMNV_VARS_INDEX 0x01c10190 +#define SECBOOT_TPMNV_CONTROL_INDEX 0x01c10191 + +struct secboot_header { + uint32_t magic_number; + uint8_t version; + uint8_t reserved[3]; /* Fix alignment */ +} __attribute__((packed)); + +struct secboot { + struct secboot_header header; + char bank[SECBOOT_VARIABLE_BANK_NUM][SECBOOT_VARIABLE_BANK_SIZE]; + char update[SECBOOT_UPDATE_BANK_SIZE]; +} __attribute__((packed)); + +struct tpmnv_vars { + struct secboot_header header; + char vars[0]; +} __attribute__((packed)); + +struct tpmnv_control { + struct secboot_header header; + uint8_t active_bit; + char bank_hash[SECBOOT_VARIABLE_BANK_NUM][SHA256_DIGEST_LENGTH]; +} __attribute__((packed)); + +struct tpmnv_ops_s { + int (*read)(TPMI_RH_NV_INDEX nv, void*, size_t, uint16_t); + int (*write)(TPMI_RH_NV_INDEX nv, void*, size_t, uint16_t); + int (*writelock)(TPMI_RH_NV_INDEX); + int (*definespace)(TPMI_RH_NV_INDEX, uint16_t); + int (*getindices)(TPMI_RH_NV_INDEX**, size_t*); + int (*undefinespace)(TPMI_RH_NV_INDEX); + int (*readpublic)(TPMI_RH_NV_INDEX, TPMS_NV_PUBLIC*, TPM2B_NAME*); +}; + +extern struct tpmnv_ops_s tpmnv_ops; + +extern const uint8_t tpmnv_vars_name[]; +extern const uint8_t tpmnv_control_name[]; + +#endif diff --git a/libstb/secvar/storage/tpmnv_ops.c b/libstb/secvar/storage/tpmnv_ops.c new file mode 100644 index 00000000..d6135c31 --- /dev/null +++ b/libstb/secvar/storage/tpmnv_ops.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2020 IBM Corp. */ +#include +#include "secboot_tpm.h" + +struct tpmnv_ops_s tpmnv_ops = { + .read = tss_nv_read, + .write = tss_nv_write, + .writelock = tss_nv_write_lock, + .definespace = tss_nv_define_space, + .getindices = tss_get_defined_nv_indices, + .undefinespace = tss_nv_undefine_space, + .readpublic = tss_nv_read_public, +}; + From patchwork Wed Sep 16 16:21:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365459 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs5BT0Nmtz9sTq for ; Thu, 17 Sep 2020 02:28:33 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=l22T1Sm5; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs5BS4L56zDqBH for ; Thu, 17 Sep 2020 02:28:32 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=l22T1Sm5; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52r6Z2pzDqMM for ; Thu, 17 Sep 2020 02:21:56 +1000 (AEST) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG25eM082082 for ; Wed, 16 Sep 2020 12:21:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=Qj5v8uKwiRrilwBSQQSuf5j508uUBvYCbjka4IIYC7I=; b=l22T1Sm5xMogTBwRB6lJP1AvuFIsliQF3M268oTuwxdXzdKxeKJhlptlE6N89NyGVXqO nl+Z+MbCzfes2axMxwoMDZ4Tf4P22Qud329HXG4fD61tVLcqRkLwYQ45k5l5hqvPeBDR ia7qjr16I/YePtwG8Mf5JAfxCX2BoLsg8V67i3BGjsxeTtELtL+fJUfnRj8jEbKBcJn+ U+ZhloOjwY7pHLJSsFQS718HlUJ6F9qXaLHikoiCdTPAjMMqv5yScY2YtWVTK6gAV9rR mw/BF1SlEazr/aKBBZXlzEdBjpmaNN86RF4oyio1WFEFyrIGARGpDXSXyOPoNScPe4Xg eQ== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com with ESMTP id 33knsnrsfg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:55 -0400 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGH2c0003493 for ; Wed, 16 Sep 2020 16:21:53 GMT Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195]) by ppma01fra.de.ibm.com with ESMTP id 33k5v98eeu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:52 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLnk910617106 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:49 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AFFC211C05B; Wed, 16 Sep 2020 16:21:49 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0BF5611C052; Wed, 16 Sep 2020 16:21:49 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:48 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:25 -0500 Message-Id: <20200916162131.22478-15-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 clxscore=1015 malwarescore=0 mlxlogscore=964 phishscore=0 suspectscore=1 lowpriorityscore=0 mlxscore=0 impostorscore=0 spamscore=0 bulkscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 14/20] secvar/storage/fakenv: add fake tpm operations for testing X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" The secboot_tpm storage driver heavily relies on the TPM to ensure data integrity, which makes it difficult to test in userspace or on hardware without a TPM. This patch adds a bunch of functions that implement the tssskiboot interface, and simulates the expected TPM behavior utilizing PNOR space instead. THIS IS NOT INTENDED FOR PRODUCTION USE. Signed-off-by: Eric Richter --- libstb/secvar/storage/Makefile.inc | 3 + libstb/secvar/storage/fakenv_ops.c | 175 +++++++++++++++++++++++++++++ 2 files changed, 178 insertions(+) create mode 100644 libstb/secvar/storage/fakenv_ops.c diff --git a/libstb/secvar/storage/Makefile.inc b/libstb/secvar/storage/Makefile.inc index 35fba723..99f7b073 100644 --- a/libstb/secvar/storage/Makefile.inc +++ b/libstb/secvar/storage/Makefile.inc @@ -5,8 +5,11 @@ SECVAR_STORAGE_DIR = $(SRC)/libstb/secvar/storage SUBDIRS += $(SECVAR_STORAGE_DIR) +# Swap the comment on these two lines to use the fake TPM NV +# implementation hardware without a TPM SECVAR_STORAGE_SRCS = secboot_tpm.c tpmnv_ops.c #SECVAR_STORAGE_SRCS = secboot_tpm.c fakenv_ops.c + SECVAR_STORAGE_OBJS = $(SECVAR_STORAGE_SRCS:%.c=%.o) SECVAR_STORAGE = $(SECVAR_STORAGE_DIR)/built-in.a diff --git a/libstb/secvar/storage/fakenv_ops.c b/libstb/secvar/storage/fakenv_ops.c new file mode 100644 index 00000000..64d5d51e --- /dev/null +++ b/libstb/secvar/storage/fakenv_ops.c @@ -0,0 +1,175 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2020 IBM Corp. */ +#include +#include "secboot_tpm.h" + +/* Offset into the SECBOOT PNOR partition to write "TPMNV" data */ +static size_t fakenv_offset = sizeof(struct secboot); + +struct fake_tpmnv { + struct { + struct secboot_header header; + char vars[1024]; // Hardcode the size to 1024 for now + } vars; + struct tpmnv_control control; + int defined[2]; +} __attribute__((packed)); + +static struct fake_tpmnv fakenv = {0}; +static int tpm_ready = 0; + + +static inline void *nv_index_address(int index) +{ + switch (index) { + case SECBOOT_TPMNV_VARS_INDEX: + return &fakenv.vars; + case SECBOOT_TPMNV_CONTROL_INDEX: + return &fakenv.control; + default: + return 0; + } +} + + +static int tpm_init(void) +{ + int rc; + + if (tpm_ready) + return 0; + + rc = flash_secboot_read(&fakenv, fakenv_offset, sizeof(struct fake_tpmnv)); + if (rc) + return rc; + + tpm_ready = 1; + + return 0; +} + +static int fakenv_read(TPMI_RH_NV_INDEX nvIndex, void *buf, + size_t bufsize, uint16_t off) +{ + if (tpm_init()) + return OPAL_INTERNAL_ERROR; + + memcpy(buf, nv_index_address(nvIndex) + off, bufsize); + + return 0; +} + +static int fakenv_write(TPMI_RH_NV_INDEX nvIndex, void *buf, + size_t bufsize, uint16_t off) +{ + if (tpm_init()) + return OPAL_INTERNAL_ERROR; + + memcpy(nv_index_address(nvIndex) + off, buf, bufsize); + + /* Just write the whole NV struct for now */ + return flash_secboot_write(fakenv_offset, &fakenv, sizeof(struct fake_tpmnv)); +} + +static int fakenv_definespace(TPMI_RH_NV_INDEX nvIndex, uint16_t dataSize) +{ + if (tpm_init()) + return OPAL_INTERNAL_ERROR; + + (void) dataSize; + + switch (nvIndex) { + case SECBOOT_TPMNV_VARS_INDEX: + fakenv.defined[0] = 1; + return 0; + case SECBOOT_TPMNV_CONTROL_INDEX: + fakenv.defined[1] = 1; + return 0; + } + + return OPAL_INTERNAL_ERROR; +} + +static int fakenv_writelock(TPMI_RH_NV_INDEX nvIndex) +{ + if (tpm_init()) + return OPAL_INTERNAL_ERROR; + + (void) nvIndex; + + return 0; +} + +static int fakenv_get_defined_indices(TPMI_RH_NV_INDEX **indices, size_t *count) +{ + if (tpm_init()) + return OPAL_INTERNAL_ERROR; + + *indices = zalloc(sizeof(fakenv.defined)); + if (*indices == NULL) + return OPAL_NO_MEM; + + *count = 0; + + if (fakenv.defined[0]) { + *indices[0] = SECBOOT_TPMNV_VARS_INDEX; + (*count)++; + } + if (fakenv.defined[1]) { + *indices[1] = SECBOOT_TPMNV_CONTROL_INDEX; + (*count)++; + } + + return 0; +} + +static int fakenv_undefinespace(TPMI_RH_NV_INDEX index) +{ + if (tpm_init()) + return OPAL_INTERNAL_ERROR; + + switch (index) { + case SECBOOT_TPMNV_VARS_INDEX: + fakenv.defined[0] = 0; + memset(&fakenv.vars, 0, sizeof(fakenv.vars)); + return 0; + case SECBOOT_TPMNV_CONTROL_INDEX: + fakenv.defined[1] = 0; + memset(&fakenv.control, 0, sizeof(fakenv.control)); + return 0; + } + + return -1; +} + +static int fakenv_readpublic(TPMI_RH_NV_INDEX index, TPMS_NV_PUBLIC *nv_public, + TPM2B_NAME *nv_name) +{ + if (tpm_init()) + return OPAL_INTERNAL_ERROR; + + (void) nv_public; + + switch (index) { + case SECBOOT_TPMNV_VARS_INDEX: + memcpy(&nv_name->t.name, tpmnv_vars_name, sizeof(TPM2B_NAME)); + break; + case SECBOOT_TPMNV_CONTROL_INDEX: + memcpy(&nv_name->t.name, tpmnv_control_name, sizeof(TPM2B_NAME)); + break; + default: + return OPAL_INTERNAL_ERROR; + } + + return 0; +} + +struct tpmnv_ops_s tpmnv_ops = { + .read = fakenv_read, + .write = fakenv_write, + .writelock = fakenv_writelock, + .definespace = fakenv_definespace, + .getindices = fakenv_get_defined_indices, + .undefinespace = fakenv_undefinespace, + .readpublic = fakenv_readpublic, +}; From patchwork Wed Sep 16 16:21:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365462 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs5Cj2cbYz9sTS for ; Thu, 17 Sep 2020 02:29:37 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=SkSqOFhu; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs5Cj15qRzDqXq for ; Thu, 17 Sep 2020 02:29:37 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=SkSqOFhu; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52s3W1dzDqLw for ; Thu, 17 Sep 2020 02:21:57 +1000 (AEST) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG310l059539 for ; Wed, 16 Sep 2020 12:21:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=EXLVUVdg7t29xVkHEZMKEcHC906Y3QBim8clUH7VY08=; b=SkSqOFhuD6BNKVIcdylswLYt+IhXk3ZUwdRg1nXrdATtc3BmHwS/KxCUsHKuR5HUSbxh qGnmJbkmOliCLTW4dRs29Bxbnct1PhvBkli8cltFphIYZxfgUq7Kx1t8PQyROOi65RFQ RwvFx+VrUyzU+Oh8liInfd1TxxjvY9bExSmItTR7a3m1Q/yt7DQfXhaMBJC0ekPoHffC /MKE2fKVYkJcpWYkLIeMFTwKNxyqRgD40Yozfj+B97Co4MvfUBXIrHZdgWilWDNo810M TWYMbAcnGjM0tt30krDauAGqnTt8umgos0GZ3lnSjTOn+FH1vNfNw3e9AfGpqEVdbXd+ gA== Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0b-001b2d01.pphosted.com with ESMTP id 33knkwh77u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:55 -0400 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGI5nA007330 for ; Wed, 16 Sep 2020 16:21:53 GMT Received: from b06cxnps4074.portsmouth.uk.ibm.com (d06relay11.portsmouth.uk.ibm.com [9.149.109.196]) by ppma02fra.de.ibm.com with ESMTP id 33k623ge6w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:53 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLoEC29491562 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:50 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9C0E711C04A; Wed, 16 Sep 2020 16:21:50 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id ED09211C058; Wed, 16 Sep 2020 16:21:49 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:49 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:26 -0500 Message-Id: <20200916162131.22478-16-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 adultscore=0 spamscore=0 impostorscore=0 bulkscore=0 malwarescore=0 phishscore=0 mlxlogscore=999 priorityscore=1501 clxscore=1015 suspectscore=3 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 15/20] secvar/test: add secboot_tpm storage driver test cases X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch adds some simple unit cases to exercise the storage driver, using the fake TPM NV implementation. Signed-off-by: Eric Richter --- libstb/secvar/test/Makefile.check | 4 +- libstb/secvar/test/secvar-test-secboot-tpm.c | 143 +++++++++++++++++++ 2 files changed, 146 insertions(+), 1 deletion(-) create mode 100644 libstb/secvar/test/secvar-test-secboot-tpm.c diff --git a/libstb/secvar/test/Makefile.check b/libstb/secvar/test/Makefile.check index b41eaf48..5999b2a9 100644 --- a/libstb/secvar/test/Makefile.check +++ b/libstb/secvar/test/Makefile.check @@ -5,7 +5,9 @@ SECVAR_TEST_DIR = libstb/secvar/test SECVAR_TEST = $(patsubst %.c, %, $(wildcard $(SECVAR_TEST_DIR)/secvar-test-*.c)) -HOSTCFLAGS+=-I . -I include +HOSTCFLAGS+=-I . -I include -I libstb/tss2 -I libstb/tss2/ibmtpm20tss/utils +# Needed because x86 and POWER disagree on the type for uint64_t, causes printf issues +HOSTCFLAGS+= -Wno-format .PHONY : secvar-check secvar-check: $(SECVAR_TEST:%=%-check) $(SECVAR_TEST:%=%-gcov-run) diff --git a/libstb/secvar/test/secvar-test-secboot-tpm.c b/libstb/secvar/test/secvar-test-secboot-tpm.c new file mode 100644 index 00000000..e883b884 --- /dev/null +++ b/libstb/secvar/test/secvar-test-secboot-tpm.c @@ -0,0 +1,143 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2020 IBM Corp. */ +#define TPM_SKIBOOT +#include "secvar_common_test.c" +#include "../storage/secboot_tpm.c" +#include "../storage/fakenv_ops.c" +#include "../../crypto/mbedtls/library/sha256.c" +#include "../../crypto/mbedtls/library/platform_util.c" +#include "../secvar_util.c" + +char *secboot_buffer; + +#define ARBITRARY_SECBOOT_SIZE 128000 + +const char *secvar_test_name = "secboot_tpm"; + +int flash_secboot_read(void *dst, uint32_t src, uint32_t len) +{ + memcpy(dst, secboot_buffer + src, len); + return 0; +} + +int flash_secboot_write(uint32_t dst, void *src, uint32_t len) +{ + memcpy(secboot_buffer + dst, src, len); + return 0; +} + +int flash_secboot_info(uint32_t *total_size) +{ + *total_size = ARBITRARY_SECBOOT_SIZE; + return 0; +} + +/* Toggle this to test the physical presence resetting */ +bool phys_presence = false; +bool secvar_check_physical_presence(void) +{ + return phys_presence; +} + +struct platform platform; + +int run_test(void) +{ + int rc; + struct secvar *tmp; + + secboot_buffer = zalloc(ARBITRARY_SECBOOT_SIZE); + + // Initialize and format the storage + rc = secboot_tpm_store_init(); + ASSERT(OPAL_SUCCESS == rc); + + // Load the just-formatted empty section + rc = secboot_tpm_load_bank(&variable_bank, SECVAR_VARIABLE_BANK); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(0 == list_length(&variable_bank)); + + // Add some test variables + tmp = new_secvar("test", 5, "testdata", 8, 0); + list_add_tail(&variable_bank, &tmp->link); + + tmp = new_secvar("foo", 3, "moredata", 8, 0); + list_add_tail(&variable_bank, &tmp->link); + + // Add a priority variable, ensure that works + tmp = new_secvar("priority", 9, "meep", 4, SECVAR_FLAG_PROTECTED); + list_add_tail(&variable_bank, &tmp->link); + + // Add another one + tmp = new_secvar("priority2", 9, "meep", 4, SECVAR_FLAG_PROTECTED); + list_add_tail(&variable_bank, &tmp->link); + + ASSERT(4 == list_length(&variable_bank)); + + // Write the bank + rc = secboot_tpm_write_bank(&variable_bank, SECVAR_VARIABLE_BANK); + ASSERT(OPAL_SUCCESS == rc); + // should write to bank 1 first + ASSERT(*((uint64_t*) secboot_image->bank[1]) != 0llu); + ASSERT(*((uint64_t*) secboot_image->bank[0]) == 0llu); + + // Clear the variable list + clear_bank_list(&variable_bank); + ASSERT(0 == list_length(&variable_bank)); + + // Load the bank + rc = secboot_tpm_load_bank(&variable_bank, SECVAR_VARIABLE_BANK); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(4 == list_length(&variable_bank)); + + // Change a variable + tmp = list_tail(&variable_bank, struct secvar, link); + memcpy(tmp->data, "somethin", 8); + + // Write the bank + rc = secboot_tpm_write_bank(&variable_bank, SECVAR_VARIABLE_BANK); + ASSERT(OPAL_SUCCESS == rc); + // should have data in both now + ASSERT(*((uint64_t*) secboot_image->bank[0]) != 0llu); + ASSERT(*((uint64_t*) secboot_image->bank[1]) != 0llu); + + clear_bank_list(&variable_bank); + + // Tamper with pnor, hash check should catch this + secboot_image->bank[0][0] = ~secboot_image->bank[0][0]; + + rc = secboot_tpm_load_bank(&variable_bank, SECVAR_VARIABLE_BANK); + ASSERT(rc != OPAL_SUCCESS); // TODO: permission? + + // Fix it back... + secboot_image->bank[0][0] = ~secboot_image->bank[0][0]; + + // Should be ok again + rc = secboot_tpm_load_bank(&variable_bank, SECVAR_VARIABLE_BANK); + ASSERT(rc == OPAL_SUCCESS); + + clear_bank_list(&variable_bank); + free(secboot_buffer); + + return 0; +} + +int main(void) +{ + int rc = 0; + + list_head_init(&variable_bank); + + rc = run_test(); + + if (rc) + printf(COLOR_RED "FAILED" COLOR_RESET "\n"); + else + printf(COLOR_GREEN "OK" COLOR_RESET "\n"); + + free(tpmnv_vars_image); + free(tpmnv_control_image); + free(secboot_image); + + return rc; +} From patchwork Wed Sep 16 16:21:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365463 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs5D74g0hz9sTS for ; Thu, 17 Sep 2020 02:29:59 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=ToShIP0R; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs5D73VPCzDqGG for ; Thu, 17 Sep 2020 02:29:59 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0b-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=ToShIP0R; dkim-atps=neutral Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52t2P2KzDqLw for ; Thu, 17 Sep 2020 02:21:58 +1000 (AEST) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG7Fqp115720 for ; Wed, 16 Sep 2020 12:21:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=bZOXgCUsm+skJu8qC7G8sVCbGwEYam1p5laH83VAdRg=; b=ToShIP0R9qW6hZCiXG8otU5r9VM1MxcthXEC+GvnM49ePhsPuNfAT0IY/pIHk/w5WEs+ LP8Si+nuMd/H/dt2PGF/yBFC3xn0l7IjTBdCAVw0IX0UqWumNK0rduYgjg6tSIMcKMmY q1xBz2koMvvOn46cQLN2lF6JSYxphFlKsFboo59iJ1/tpkszbfVyGDujXCeuMWMmHGve xKGvo6Ec5hR29UO8ReaL0ajIEufoofk49DtzkuTTvtdriKuH6+4qfFOX9JmSX5K3sdmt fF87lHW4I9Fnw6u1X0A3+nseHQv3mLCjM7Ses5rPXTEzMe90GRm7jPjW9p/SGr25fvbc 5w== Received: from ppma06fra.de.ibm.com (48.49.7a9f.ip4.static.sl-reverse.com [159.122.73.72]) by mx0a-001b2d01.pphosted.com with ESMTP id 33kgc4c7m2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:56 -0400 Received: from pps.filterd (ppma06fra.de.ibm.com [127.0.0.1]) by ppma06fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGH7ZY029824 for ; Wed, 16 Sep 2020 16:21:54 GMT Received: from b06cxnps3074.portsmouth.uk.ibm.com (d06relay09.portsmouth.uk.ibm.com [9.149.109.194]) by ppma06fra.de.ibm.com with ESMTP id 33k5u7reeh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:54 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLpC58257932 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:51 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7D74E11C05B; Wed, 16 Sep 2020 16:21:51 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D8EB011C04A; Wed, 16 Sep 2020 16:21:50 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:50 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:27 -0500 Message-Id: <20200916162131.22478-17-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 bulkscore=0 spamscore=0 impostorscore=0 phishscore=0 mlxlogscore=999 priorityscore=1501 adultscore=0 mlxscore=0 suspectscore=3 lowpriorityscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160116 Subject: [Skiboot] [PATCH v6 16/20] secvar/storage: add utility tool to generate NV public name hashes X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch adds a small userspace utility to locally generate the expected hash returned by a TSS_NV_ReadPublic command for the NV indices as defined by the secboot_tpm storage driver. This removes the need for manually copying in the hash from the ReadPublic output if for some reason the set of attributes used when defining the NV indices changes in the future. As this is an auxiliary tool, it is not built by default and must be manually built using `make gen_tpmnv_public_name`. Signed-off-by: Eric Richter --- libstb/secvar/storage/Makefile.inc | 3 + libstb/secvar/storage/gen_tpmnv_public_name.c | 107 ++++++++++++++++++ 2 files changed, 110 insertions(+) create mode 100644 libstb/secvar/storage/gen_tpmnv_public_name.c diff --git a/libstb/secvar/storage/Makefile.inc b/libstb/secvar/storage/Makefile.inc index 99f7b073..dc5353ff 100644 --- a/libstb/secvar/storage/Makefile.inc +++ b/libstb/secvar/storage/Makefile.inc @@ -14,3 +14,6 @@ SECVAR_STORAGE_OBJS = $(SECVAR_STORAGE_SRCS:%.c=%.o) SECVAR_STORAGE = $(SECVAR_STORAGE_DIR)/built-in.a $(SECVAR_STORAGE): $(SECVAR_STORAGE_OBJS:%=$(SECVAR_STORAGE_DIR)/%) + +gen_tpmnv_public_name: $@ + gcc -o $@ $(SECVAR_STORAGE_DIR)/$@.c -I $(SRC)/libstb/tss2/ibmtpm20tss/utils/ -lmbedcrypto diff --git a/libstb/secvar/storage/gen_tpmnv_public_name.c b/libstb/secvar/storage/gen_tpmnv_public_name.c new file mode 100644 index 00000000..bfeb9743 --- /dev/null +++ b/libstb/secvar/storage/gen_tpmnv_public_name.c @@ -0,0 +1,107 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +#define TPM_TPM20 +#include "../../tss2/ibmtpm20tss/utils/tssmarshal.c" +#include "../../tss2/ibmtpm20tss/utils/Unmarshal.c" + +#define zalloc(a) calloc(1,a) +// Silence linking complaints +int verbose; + +#define COPYRIGHT_YEAR "2020" + + +TPMS_NV_PUBLIC vars = { + .nvIndex = 0x01c10190, + .nameAlg = TPM_ALG_SHA256, + .dataSize = 1024, + .attributes.val = TPMA_NVA_PPWRITE | + TPMA_NVA_ORDINARY | + TPMA_NVA_WRITE_STCLEAR | + TPMA_NVA_AUTHREAD | + TPMA_NVA_NO_DA | + TPMA_NVA_WRITTEN | + TPMA_NVA_PLATFORMCREATE, +}; + +TPMS_NV_PUBLIC control = { + .nvIndex = 0x01c10191, + .nameAlg = TPM_ALG_SHA256, + .dataSize = 73, + .attributes.val = TPMA_NVA_PPWRITE | + TPMA_NVA_ORDINARY | + TPMA_NVA_WRITE_STCLEAR | + TPMA_NVA_AUTHREAD | + TPMA_NVA_NO_DA | + TPMA_NVA_WRITTEN | + TPMA_NVA_PLATFORMCREATE, +}; + +int calc_hash(TPMS_NV_PUBLIC *public, char *name) +{ + uint16_t written = 0; + uint32_t size = 4096; + unsigned char *buffer = zalloc(size); + unsigned char *buffer_tmp = buffer; + char output[34]; + mbedtls_sha256_context cxt; + int ret = 0; + int i; + + // Output hash includes the hash algorithm in the first two bytes + *((uint16_t *) output) = htons(public->nameAlg); + + // Serialize the NV Public struct + ret = TSS_TPMS_NV_PUBLIC_Marshalu(public, &written, &buffer_tmp, &size); + if (ret) return ret; + + // Hash it + mbedtls_sha256_init(&cxt); + ret = mbedtls_sha256_starts_ret(&cxt, 0); + if (ret) return ret; + + ret = mbedtls_sha256_update_ret(&cxt, buffer, written); + if (ret) return ret; + + mbedtls_sha256_finish_ret(&cxt, output+2); + mbedtls_sha256_free(&cxt); + + free(buffer); + + // Print it + printf("\nconst uint8_t tpmnv_%s_name[] = {", name); + for (i = 0; i < sizeof(output); i++) { + if (!(i % 13)) + printf("\n\t"); + printf("0x%02x, ", output[i] & 0xff); + } + printf("\n};\n"); + + return 0; +} + + +int main() +{ + printf("// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later\n"); + printf("/* Copyright " COPYRIGHT_YEAR " IBM Corp. */\n"); + + printf("#ifndef _SECBOOT_TPM_PUBLIC_NAME_H_\n"); + printf("#define _SECBOOT_TPM_PUBLIC_NAME_H_\n"); + + calc_hash(&vars, "vars"); + calc_hash(&control, "control"); + + printf("\n"); + printf("#endif\n"); + + return 0; +} + From patchwork Wed Sep 16 16:21:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365465 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs5DY23Myz9sTS for ; Thu, 17 Sep 2020 02:30:21 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=icq2HjJF; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs5DY00FjzDqCq for ; Thu, 17 Sep 2020 02:30:21 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=icq2HjJF; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52w00rRzDqNw for ; Thu, 17 Sep 2020 02:21:59 +1000 (AEST) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG25Cc082036 for ; Wed, 16 Sep 2020 12:21:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=MrhB8Ol3WmVkRmaNPguL/b8kuI+j4Wy7hg+YIyJVmcc=; b=icq2HjJFm1i1JbcivdQVD3ihMwn6pFbAVjdP+HtWcgk3Y2N3DUlfRNPMuy+sJRqMrAa+ 1R++kozPigkLfd967ZArz5NhLZTsMLTIwa/AXxsdk32s5vuuJXlSlnU1JQZvk8yTLV5E RVFQEITPWtlgKlAnsZF6iLDwx4NPWRg2lp0pMgU8rHddnhoYdoiv8V9OEbZnaEWwavKX ILj+7DI97+0DaBiNd6eYlB804ep3VpwaLSE40LPv8V2Peo/m6XWHEOCPo5QXB+yqCVLe Vh+6AhXfs7Sw4LGQuFDdCkho+Qlj+BbZ83IuOT93ZQZgyEd3mVYJP0cw00IR+yvJ65ll Hg== Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com with ESMTP id 33knsnrsgy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:57 -0400 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGIdxu021809 for ; Wed, 16 Sep 2020 16:21:55 GMT Received: from b06cxnps4075.portsmouth.uk.ibm.com (d06relay12.portsmouth.uk.ibm.com [9.149.109.197]) by ppma04fra.de.ibm.com with ESMTP id 33k64s8e8b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:55 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLqpC29360630 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:52 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7203C11C052; Wed, 16 Sep 2020 16:21:52 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C418611C058; Wed, 16 Sep 2020 16:21:51 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:51 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:28 -0500 Message-Id: <20200916162131.22478-18-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 clxscore=1015 malwarescore=0 mlxlogscore=999 phishscore=0 suspectscore=0 lowpriorityscore=0 mlxscore=0 impostorscore=0 spamscore=0 bulkscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 17/20] crypto: add out-of-tree mbedtls pkcs7 parser X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Nayna Jain This patch adds a pkcs7 parser for mbedtls that hasn't yet gone upstream. Once/if that implementation is accepted, this patch can be removed. Signed-off-by: Nayna Jain Signed-off-by: Eric Richter --- V6: - allow parsing bare SignedData blobs - mbedtls_pkcs7_parse_der now returns the data type instead of 0 on success - adjusted for feedback based on ongoing pull request - now errors if it detects multiple signers (only single is supported for now) libstb/crypto/Makefile.inc | 4 +- libstb/crypto/mbedtls-config.h | 1 + libstb/crypto/mbedtls/include/mbedtls/oid.h | 11 + libstb/crypto/pkcs7/Makefile.inc | 12 + libstb/crypto/pkcs7/pkcs7.c | 596 ++++++++++++++++++++ libstb/crypto/pkcs7/pkcs7.h | 225 ++++++++ 6 files changed, 848 insertions(+), 1 deletion(-) create mode 100644 libstb/crypto/pkcs7/Makefile.inc create mode 100644 libstb/crypto/pkcs7/pkcs7.c create mode 100644 libstb/crypto/pkcs7/pkcs7.h diff --git a/libstb/crypto/Makefile.inc b/libstb/crypto/Makefile.inc index 42b5d8b9..ed2387e3 100644 --- a/libstb/crypto/Makefile.inc +++ b/libstb/crypto/Makefile.inc @@ -42,6 +42,8 @@ MBEDTLS_SRCS = $(addprefix mbedtls/library/,$(MBED_CRYPTO_SRCS) $(MBED_X509_SRCS MBEDTLS_OBJS = $(MBEDTLS_SRCS:%.c=%.o) +include $(CRYPTO_DIR)/pkcs7/Makefile.inc + CRYPTO = $(CRYPTO_DIR)/built-in.a -$(CRYPTO): $(MBEDTLS_OBJS:%=$(CRYPTO_DIR)/%) +$(CRYPTO): $(MBEDTLS_OBJS:%=$(CRYPTO_DIR)/%) $(PKCS7) diff --git a/libstb/crypto/mbedtls-config.h b/libstb/crypto/mbedtls-config.h index 414bbfd8..9560993b 100644 --- a/libstb/crypto/mbedtls-config.h +++ b/libstb/crypto/mbedtls-config.h @@ -72,6 +72,7 @@ //#define MBEDTLS_PEM_PARSE_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PKCS7_C //#define MBEDTLS_PK_WRITE_C #define MBEDTLS_PLATFORM_C #define MBEDTLS_RSA_C diff --git a/libstb/crypto/mbedtls/include/mbedtls/oid.h b/libstb/crypto/mbedtls/include/mbedtls/oid.h index 6fbd018a..a879d7df 100644 --- a/libstb/crypto/mbedtls/include/mbedtls/oid.h +++ b/libstb/crypto/mbedtls/include/mbedtls/oid.h @@ -190,6 +190,7 @@ #define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */ #define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */ #define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */ +#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" /**< pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } */ #define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */ #define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */ @@ -274,6 +275,16 @@ #define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */ #define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */ +/* + * PKCS#7 OIDs + */ +#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" /**< Content type is Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ +#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" /**< Content type is Signed Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ +#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" /**< Content type is Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ +#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" /**< Content type is Signed and Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ +#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ +#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ + /* * PKCS#8 OIDs */ diff --git a/libstb/crypto/pkcs7/Makefile.inc b/libstb/crypto/pkcs7/Makefile.inc new file mode 100644 index 00000000..bef339b5 --- /dev/null +++ b/libstb/crypto/pkcs7/Makefile.inc @@ -0,0 +1,12 @@ + +PKCS7_DIR = libstb/crypto/pkcs7 + +SUBDIRS += $(PKCS7_DIR) + +PKCS7_SRCS = pkcs7.c +PKCS7_OBJS = $(PKCS7_SRCS:%.c=%.o) +PKCS7 = $(PKCS7_DIR)/built-in.a + +CFLAGS_$(PKCS7_DIR)/ = -I$(SRC)/$(LIBSTB_DIR)/crypto -DMBEDTLS_CONFIG_FILE='' + +$(PKCS7): $(PKCS7_OBJS:%=$(PKCS7_DIR)/%) diff --git a/libstb/crypto/pkcs7/pkcs7.c b/libstb/crypto/pkcs7/pkcs7.c new file mode 100644 index 00000000..4407e201 --- /dev/null +++ b/libstb/crypto/pkcs7/pkcs7.c @@ -0,0 +1,596 @@ +/* Copyright 2019 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif +#if defined(MBEDTLS_PKCS7_C) + +#include "mbedtls/x509.h" +#include "mbedtls/asn1.h" +#include "pkcs7.h" +#include "mbedtls/x509_crt.h" +#include "mbedtls/x509_crl.h" +#include "mbedtls/oid.h" + +#include +#include +#include +#if defined(MBEDTLS_FS_IO) +#include +#include +#endif +#include + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#include "mbedtls/platform_util.h" +#else +#include +#include +#define mbedtls_free free +#define mbedtls_calloc calloc +#define mbedtls_printf printf +#define mbedtls_snprintf snprintf +#endif + +#if defined(MBEDTLS_HAVE_TIME) +#include "mbedtls/platform_time.h" +#endif +#if defined(MBEDTLS_HAVE_TIME_DATE) +#include +#endif + +#if defined(MBEDTLS_FS_IO) +/* + * Load all data from a file into a given buffer. + * + * The file is expected to contain DER encoded data. + * A terminating null byte is always appended. + */ +int mbedtls_pkcs7_load_file( const char *path, unsigned char **buf, size_t *n ) +{ + FILE *file; + + if( ( file = fopen( path, "rb" ) ) == NULL ) + return( MBEDTLS_ERR_PKCS7_FILE_IO_ERROR ); + + fseek( file, 0, SEEK_END ); + *n = (size_t) ftell( file ); + fseek( file, 0, SEEK_SET ); + + *buf = mbedtls_calloc( 1, *n + 1 ); + if( *buf == NULL ) + return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED ); + + if( fread( *buf, 1, *n, file ) != *n ) + { + fclose( file ); + + mbedtls_platform_zeroize( *buf, *n + 1 ); + mbedtls_free( *buf ); + + return( MBEDTLS_ERR_PKCS7_FILE_IO_ERROR ); + } + + fclose( file ); + + (*buf)[*n] = '\0'; + + return( 0 ); +} +#endif + +/** + * Initializes the pkcs7 structure. + */ +void mbedtls_pkcs7_init( mbedtls_pkcs7 *pkcs7 ) +{ + memset( pkcs7, 0, sizeof( mbedtls_pkcs7 ) ); +} + +static int pkcs7_get_next_content_len( unsigned char **p, unsigned char *end, + size_t *len ) +{ + int ret; + + if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) + { + return( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + } + + return( 0 ); +} + +/** + * version Version + * Version ::= INTEGER + **/ +static int pkcs7_get_version( unsigned char **p, unsigned char *end, int *ver ) +{ + int ret; + + if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + /* If version != 1, return invalid version */ + if( *ver != MBEDTLS_PKCS7_SUPPORTED_VERSION ) + return( MBEDTLS_ERR_PKCS7_INVALID_VERSION ); + + return( 0 ); +} + +/** + * ContentInfo ::= SEQUENCE { + * contentType ContentType, + * content + * [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } + **/ +static int pkcs7_get_content_info_type( unsigned char **p, unsigned char *end, + mbedtls_pkcs7_buf *pkcs7 ) +{ + size_t len = 0; + int ret; + unsigned char *start = *p; + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO + ret ); + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OID ); + if( ret != 0 ) { + *p = start; + return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO + ret ); + } + + pkcs7->tag = MBEDTLS_ASN1_OID; + pkcs7->len = len; + pkcs7->p = *p; + + return( ret ); +} + +/** + * DigestAlgorithmIdentifier ::= AlgorithmIdentifier + * + * This is from x509.h + **/ +static int pkcs7_get_digest_algorithm( unsigned char **p, unsigned char *end, + mbedtls_x509_buf *alg ) +{ + int ret; + + if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_ALG + ret ); + + return( 0 ); +} + +/** + * DigestAlgorithmIdentifiers :: SET of DigestAlgorithmIdentifier + **/ +static int pkcs7_get_digest_algorithm_set( unsigned char **p, + unsigned char *end, + mbedtls_x509_buf *alg ) +{ + size_t len = 0; + int ret; + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SET ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_ALG + ret ); + + end = *p + len; + + /** For now, it assumes there is only one digest algorithm specified **/ + ret = mbedtls_asn1_get_alg_null( p, end, alg ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_ALG + ret ); + + if (*p != end) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT ); + + return( 0 ); +} + +/** + * certificates :: SET OF ExtendedCertificateOrCertificate, + * ExtendedCertificateOrCertificate ::= CHOICE { + * certificate Certificate -- x509, + * extendedCertificate[0] IMPLICIT ExtendedCertificate } + **/ +static int pkcs7_get_certificates( unsigned char **p, unsigned char *end, + mbedtls_x509_crt *certs ) +{ + int ret; + size_t len1 = 0; + size_t len2 = 0; + unsigned char *end_set, *end_cert; + unsigned char *start = *p; + + if( ( ret = mbedtls_asn1_get_tag( p, end, &len1, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) + { + if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) + return( 0 ); + + return( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + } + start = *p; + end_set = *p + len1; + + /* This is to verify that there is only signer certificate, it can + have its chain though. */ + ret = mbedtls_asn1_get_tag( p, end_set, &len2, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + end_cert = *p + len2; + + if (end_cert != end_set) + return (MBEDTLS_ERR_PKCS7_INVALID_FORMAT); + + /* Since it satisfies the condition of single signer, continue parsing */ + *p = start; + if( ( ret = mbedtls_x509_crt_parse( certs, *p, len1 ) ) < 0 ) + return( ret ); + + *p = *p + len1; + + /** + * Currently we do not check for certificate chain, so we are not handling + * "> 0" case. Return if atleast one certificate in the chain is correctly + * parsed. + **/ + + return( 0 ); +} + +/** + * EncryptedDigest ::= OCTET STRING + **/ +static int pkcs7_get_signature( unsigned char **p, unsigned char *end, + mbedtls_pkcs7_buf *signature ) +{ + int ret; + size_t len = 0; + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OCTET_STRING ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE + ret ); + + signature->tag = MBEDTLS_ASN1_OCTET_STRING; + signature->len = len; + signature->p = *p; + + *p = *p + len; + + return( 0 ); +} + +/** + * SignerInfos ::= SET of SignerInfo + * SignerInfo ::= SEQUENCE { + * version Version; + * issuerAndSerialNumber IssuerAndSerialNumber, + * digestAlgorithm DigestAlgorithmIdentifier, + * authenticatedAttributes + * [0] IMPLICIT Attributes OPTIONAL, + * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, + * encryptedDigest EncryptedDigest, + * unauthenticatedAttributes + * [1] IMPLICIT Attributes OPTIONAL, + **/ +static int pkcs7_get_signers_info_set( unsigned char **p, unsigned char *end, + mbedtls_pkcs7_signer_info *signers_set ) +{ + unsigned char *end_set; + int ret; + size_t len = 0; + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SET ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + + end_set = *p + len; + + ret = mbedtls_asn1_get_tag( p, end_set, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + + end_set = *p + len; + + ret = mbedtls_asn1_get_int( p, end_set, &signers_set->version ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + + ret = mbedtls_asn1_get_tag( p, end_set, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + + /* Parsing IssuerAndSerialNumber */ + signers_set->issuer_raw.p = *p; + + ret = mbedtls_asn1_get_tag( p, end_set, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + + ret = mbedtls_x509_get_name( p, *p + len, &signers_set->issuer ); + if( ret != 0 ) + return( ret ); + + signers_set->issuer_raw.len = *p - signers_set->issuer_raw.p; + + ret = mbedtls_x509_get_serial( p, end_set, &signers_set->serial ); + if( ret != 0 ) + return( ret ); + + ret = pkcs7_get_digest_algorithm( p, end_set, + &signers_set->alg_identifier ); + if( ret != 0 ) + return( ret ); + + ret = pkcs7_get_digest_algorithm( p, end_set, + &signers_set->sig_alg_identifier ); + if( ret != 0 ) + return( ret ); + + ret = pkcs7_get_signature( p, end_set, &signers_set->sig ); + if( ret != 0 ) + return( ret ); + + signers_set->next = NULL; + + if (*p != end_set) + return ( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + return( 0 ); +} + +/** + * SignedData ::= SEQUENCE { + * version Version, + * digestAlgorithms DigestAlgorithmIdentifiers, + * contentInfo ContentInfo, + * certificates + * [0] IMPLICIT ExtendedCertificatesAndCertificates + * OPTIONAL, + * crls + * [0] IMPLICIT CertificateRevocationLists OPTIONAL, + * signerInfos SignerInfos } + */ +static int pkcs7_get_signed_data( unsigned char *buf, size_t buflen, + mbedtls_pkcs7_signed_data *signed_data ) +{ + unsigned char *p = buf; + unsigned char *end = buf + buflen; + unsigned char *end_set; + size_t len = 0; + int ret; + mbedtls_md_type_t md_alg; + + ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + end_set = p + len; + + /* Get version of signed data */ + ret = pkcs7_get_version( &p, end_set, &signed_data->version ); + if( ret != 0 ) + return( ret ); + + /* Get digest algorithm */ + ret = pkcs7_get_digest_algorithm_set( &p, end_set, + &signed_data->digest_alg_identifiers ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_oid_get_md_alg( &signed_data->digest_alg_identifiers, &md_alg ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_ALG + ret ); + + /* Do not expect any content */ + ret = pkcs7_get_content_info_type( &p, end_set, &signed_data->content.oid ); + if( ret != 0 ) + return( ret ); + + if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_DATA, &signed_data->content.oid ) ) + { + return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO ) ; + } + + p = p + signed_data->content.oid.len; + + /* Look for certificates, there may or may not be any */ + mbedtls_x509_crt_init( &signed_data->certs ); + ret = pkcs7_get_certificates( &p, end_set, &signed_data->certs ); + if( ret != 0 ) + return( ret ) ; + + /* TODO: optional CRLs go here, currently no CRLs are expected */ + + /* Get signers info */ + ret = pkcs7_get_signers_info_set( &p, end_set, &signed_data->signers ); + if( ret != 0 ) + return( ret ); + + if ( p != end ) + ret = MBEDTLS_ERR_PKCS7_INVALID_FORMAT; + + return( ret ); +} + +int mbedtls_pkcs7_parse_der( const unsigned char *buf, const int buflen, + mbedtls_pkcs7 *pkcs7 ) +{ + unsigned char *start; + unsigned char *end; + size_t len = 0; + int ret; + int isoidset = 0; + + /* use internal buffer for parsing */ + start = (unsigned char *)buf; + end = start + buflen; + + if( !pkcs7 ) + return( MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA ); + + ret = pkcs7_get_content_info_type( &start, end, &pkcs7->content_type_oid ); + if( ret != 0 ) + { + len = buflen; + goto try_data; + } + + if( ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_DATA, &pkcs7->content_type_oid ) + || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, &pkcs7->content_type_oid ) + || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_ENVELOPED_DATA, &pkcs7->content_type_oid ) + || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, &pkcs7->content_type_oid ) + || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_DIGESTED_DATA, &pkcs7->content_type_oid ) + || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, &pkcs7->content_type_oid ) ) + { + ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; + goto out; + } + + if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_SIGNED_DATA, &pkcs7->content_type_oid ) ) + { + ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; + goto out; + } + + isoidset = 1; + start = start + pkcs7->content_type_oid.len; + + ret = pkcs7_get_next_content_len( &start, end, &len ); + if( ret != 0 ) + goto out; + +try_data: + ret = pkcs7_get_signed_data( start, len, &pkcs7->signed_data ); + if (ret != 0) + goto out; + + if (!isoidset) + { + pkcs7->content_type_oid.tag = MBEDTLS_ASN1_OID; + pkcs7->content_type_oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS7_SIGNED_DATA); + pkcs7->content_type_oid.p = (unsigned char *)MBEDTLS_OID_PKCS7_SIGNED_DATA; + } + + ret = MBEDTLS_PKCS7_SIGNED_DATA; + +out: + if ( ret < 0 ) + mbedtls_pkcs7_free( pkcs7 ); + + return( ret ); +} + +int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, + mbedtls_x509_crt *cert, + const unsigned char *data, + size_t datalen ) +{ + + int ret; + unsigned char *hash; + mbedtls_pk_context pk_cxt = cert->pk; + const mbedtls_md_info_t *md_info; + mbedtls_md_type_t md_alg; + + ret = mbedtls_oid_get_md_alg( &pkcs7->signed_data.digest_alg_identifiers, &md_alg ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_ALG + ret ); + + md_info = mbedtls_md_info_from_type( md_alg ); + + hash = mbedtls_calloc( mbedtls_md_get_size( md_info ), 1 ); + if( hash == NULL ) { + return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED ); + } + + mbedtls_md( md_info, data, datalen, hash ); + + ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, sizeof(hash), + pkcs7->signed_data.signers.sig.p, + pkcs7->signed_data.signers.sig.len ); + + mbedtls_free( hash ); + + return( ret ); +} + +int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, + mbedtls_x509_crt *cert, + const unsigned char *hash, int hashlen) +{ + int ret; + mbedtls_md_type_t md_alg; + mbedtls_pk_context pk_cxt; + + ret = mbedtls_oid_get_md_alg( &pkcs7->signed_data.digest_alg_identifiers, &md_alg ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_ALG + ret ); + + pk_cxt = cert->pk; + ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, hashlen, + pkcs7->signed_data.signers.sig.p, + pkcs7->signed_data.signers.sig.len ); + + return ( ret ); +} + +/* + * Unallocate all pkcs7 data + */ +void mbedtls_pkcs7_free( mbedtls_pkcs7 *pkcs7 ) +{ + mbedtls_x509_name *name_cur; + mbedtls_x509_name *name_prv; + + if( pkcs7 == NULL ) + return; + + mbedtls_x509_crt_free( &pkcs7->signed_data.certs ); + mbedtls_x509_crl_free( &pkcs7->signed_data.crl ); + + name_cur = pkcs7->signed_data.signers.issuer.next; + while( name_cur != NULL ) + { + name_prv = name_cur; + name_cur = name_cur->next; + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_free( name_prv ); + } + + mbedtls_platform_zeroize( pkcs7, sizeof( mbedtls_pkcs7 ) ); +} + +#endif diff --git a/libstb/crypto/pkcs7/pkcs7.h b/libstb/crypto/pkcs7/pkcs7.h new file mode 100644 index 00000000..df898a61 --- /dev/null +++ b/libstb/crypto/pkcs7/pkcs7.h @@ -0,0 +1,225 @@ +/** + * \file pkcs7.h + * + * \brief PKCS7 generic defines and structures + */ +/* + * Copyright (C) 2019, IBM Corp, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_PKCS7_H +#define MBEDTLS_PKCS7_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "mbedtls/asn1.h" +#include "mbedtls/x509.h" +#include "mbedtls/x509_crt.h" + +/** + * \name PKCS7 Error codes + * \{ + */ +#define MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE -0x5300 /**< Unavailable feature, e.g. anything other than signed data. */ +#define MBEDTLS_ERR_PKCS7_INVALID_FORMAT -0x53F0 /**< The CRT/CRL format is invalid, e.g. different type expected. */ +#define MBEDTLS_ERR_PKCS7_INVALID_VERSION -0x5400 /**< The PKCS7 version element is invalid or cannot be parsed. */ +#define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x54F0 /**< The PKCS7 content info invalid or cannot be parsed. */ +#define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 /**< The algorithm tag or value is invalid or cannot be parsed. */ +#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x55F0 /**< Error parsing the signature */ +#define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5600 /**< Error parsing the signer's info */ +#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x56F0 /**< Input invalid. */ +#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5700 /**< Allocation of memory failed. */ +#define MBEDTLS_ERR_PKCS7_FILE_IO_ERROR -0x57F0 /**< File Read/Write Error */ +/* \} name */ + +/** + * \name PKCS7 Supported Version + * \{ + */ +#define MBEDTLS_PKCS7_SUPPORTED_VERSION 0x01 +/* \} name */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Type-length-value structure that allows for ASN1 using DER. + */ +typedef mbedtls_asn1_buf mbedtls_pkcs7_buf; + +/** + * Container for ASN1 named information objects. + * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.). + */ +typedef mbedtls_asn1_named_data mbedtls_pkcs7_name; + +/** + * Container for a sequence of ASN.1 items + */ +typedef mbedtls_asn1_sequence mbedtls_pkcs7_sequence; + +/** + * PKCS7 types + */ +typedef enum { + MBEDTLS_PKCS7_NONE=0, + MBEDTLS_PKCS7_DATA, + MBEDTLS_PKCS7_SIGNED_DATA, + MBEDTLS_PKCS7_ENVELOPED_DATA, + MBEDTLS_PKCS7_SIGNED_AND_ENVELOPED_DAYA, + MBEDTLS_PKCS7_DIGESTED_DATA, + MBEDTLS_PKCS7_ENCRYPTED_DATA, +} +mbedtls_pkcs7_type; + +/** + * Structure holding PKCS7 signer info + */ +typedef struct mbedtls_pkcs7_signer_info +{ + int version; + mbedtls_x509_buf serial; + mbedtls_x509_name issuer; + mbedtls_x509_buf issuer_raw; + mbedtls_x509_buf alg_identifier; + mbedtls_x509_buf sig_alg_identifier; + mbedtls_x509_buf sig; + struct mbedtls_pkcs7_signer_info *next; +} +mbedtls_pkcs7_signer_info; + +/** + * Structure holding attached data as part of PKCS7 signed data format + */ +typedef struct mbedtls_pkcs7_data +{ + mbedtls_pkcs7_buf oid; + mbedtls_pkcs7_buf data; +} +mbedtls_pkcs7_data; + +/** + * Structure holding the signed data section + */ +typedef struct mbedtls_pkcs7_signed_data +{ + int version; + mbedtls_pkcs7_buf digest_alg_identifiers; + struct mbedtls_pkcs7_data content; + mbedtls_x509_crt certs; + mbedtls_x509_crl crl; + struct mbedtls_pkcs7_signer_info signers; +} +mbedtls_pkcs7_signed_data; + +/** + * Structure holding PKCS7 structure, only signed data for now + */ +typedef struct mbedtls_pkcs7 +{ + mbedtls_pkcs7_buf content_type_oid; + struct mbedtls_pkcs7_signed_data signed_data; +} +mbedtls_pkcs7; + +/** + * \brief Initialize pkcs7 structure. + * + * \param pkcs7 pkcs7 structure. + */ +void mbedtls_pkcs7_init( mbedtls_pkcs7 *pkcs7 ); + +/** + * \brief Parse a single DER formatted pkcs7 content. + * + * \param buf The buffer holding the DER encoded pkcs7. + * \param buflen The size in Bytes of \p buf. + * + * \note This function makes an internal copy of the PKCS7 buffer + * \p buf. In particular, \p buf may be destroyed or reused + * after this call returns. + * + * \return \c 0, if successful. + * \return A negative error code on failure. + */ +int mbedtls_pkcs7_parse_der( const unsigned char *buf, const int buflen, + mbedtls_pkcs7 *pkcs7 ); + +/** + * \brief Verification of PKCS7 signature. + * + * \param pkcs7 PKCS7 structure containing signature. + * \param cert Certificate containing key to verify signature. + * \param data Plain data on which signature has to be verified. + * \param datalen Length of the data. + * + * \note This function internally calculates the hash on the supplied + * plain data for signature verification. + * + * \return A negative error code on failure. + */ +int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, + mbedtls_x509_crt *cert, + const unsigned char *data, + size_t datalen ); + +/** + * \brief Verification of PKCS7 signature. + * + * \param pkcs7 PKCS7 structure containing signature. + * \param cert Certificate containing key to verify signature. + * \param hash Hash of the plain data on which signature has to be verified. + * \param hashlen Length of the hash. + * + * \note This function is different from mbedtls_pkcs7_signed_data_verify() + * in a way that it directly recieves the hash of the data. + * + * \return A negative error code on failure. + */ +int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, + mbedtls_x509_crt *cert, + const unsigned char *hash, int hashlen); + +/** + * \brief Reads the PKCS7 data from the file in a buffer. + * + * \param path Path of the file. + * \param buf Buffer to store the PKCS7 contents from the file. + * \param n Size of the buffer (the contents read from the file). + * + * \return A negative error code on failure. + */ +int mbedtls_pkcs7_load_file( const char *path, unsigned char **buf, size_t *n ); + +/** + * \brief Unallocate all PKCS7 data and zeroize the memory. + * It doesn't free pkcs7 itself. It should be done by the caller. + * + * \param pkcs7 PKCS7 structure to free. + */ +void mbedtls_pkcs7_free( mbedtls_pkcs7 *pkcs7 ); + +#ifdef __cplusplus +} +#endif + +#endif /* pkcs7.h */ From patchwork Wed Sep 16 16:21:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365466 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs5F72FhDz9sTS for ; Thu, 17 Sep 2020 02:30:51 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=dHoraOcx; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs5F71M27zDqPN for ; Thu, 17 Sep 2020 02:30:51 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0b-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=dHoraOcx; dkim-atps=neutral Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs52x5b1nzDqPy for ; Thu, 17 Sep 2020 02:22:01 +1000 (AEST) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG7Evt115657 for ; Wed, 16 Sep 2020 12:21:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=7cYfMIf4JaXjM8wpRe4jR9Z/T7TIlt7Vxl4pEUzGeNw=; b=dHoraOcx3mg2irBNTnN+x3L3jl/8UpPdWx4wGQVDTpGVhyYr8/9U3MET4Qd356Y1VGL0 VKJJZ+MDiGvyrFCfMSWXNh/JThFrc9yNdnKiZcgqkwi/PkM1MD3Frc40kMYlc99+HA2U ov/1R+Lc/SpB5W2vJdtAlANVQyxQ85btKylb+rykg4rHcMcQK8gVd6FJcNDBEd3TY/kl 4euTJCOY0Lyv021epeGX66+tKdGctWkGtgQIUYb1ARoXc00Xlk3a2hwtQwN7KfvnaeY3 OqReXw21yakv3LzRMkyXeUclVuYvSsVSArpXbukyiiESNRwKKcerjlPDNqXkB1bWafyk eg== Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com with ESMTP id 33kgc4c7nc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:21:58 -0400 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGH02p020633 for ; Wed, 16 Sep 2020 16:21:56 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma04fra.de.ibm.com with ESMTP id 33k64s8e8c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:56 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLrTE9175422 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:53 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7B8CD11C05E; Wed, 16 Sep 2020 16:21:53 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AF1A311C052; Wed, 16 Sep 2020 16:21:52 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:52 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:29 -0500 Message-Id: <20200916162131.22478-19-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 bulkscore=0 spamscore=0 impostorscore=0 phishscore=0 mlxlogscore=999 priorityscore=1501 adultscore=0 mlxscore=0 suspectscore=0 lowpriorityscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160116 Subject: [Skiboot] [PATCH v6 18/20] secvar/backend: add edk2 derived key updates processing X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Nayna Jain As part of secureboot key management, the scheme for handling key updates is derived from tianocore reference implementation[1]. The wrappers for holding the signed update is the Authentication Header and for holding the public key certificate is ESL (EFI Signature List), both derived from tianocore reference implementation[1]. This patch adds the support to process update queue. This involves: 1. Verification of the update signature using the key authorized as per the key hierarchy 2. Handling addition/deletion of the keys 3. Support for dbx (blacklisting of hashes) 4. Validation checks for the updates 5. Supporting multiple ESLs for single variable both for update/verification 6. Timestamp check 7. Allowing only single PK 8. Failure Handling 9. Resetting keystore if the hardware key hash changes [1] https://github.com/tianocore/edk2-staging.git Signed-off-by: Nayna Jain Signed-off-by: Eric Richter --- V5: - rename utf8_to_ucs2 to char_to_wchar, as it is only widening the string, not adjusting the encoding - reworked get_esl_* functions - added const to various parameters where fitting - converted programming faults to asserts over return codes - packs the edk2-flavored timestamp into a single uint64_t for easy compare - incrementally calculates signature hash, instead of packing everything into a buffer - avoid calling find_secvar() for TS on each iteration of process loop - fixed leaking the staging bank after processing updates - adjusted an edk2.h struct to use zero-width array rather than of size 1 - use key_equals() instead of strncmp() - updated to use struct secvar instead of struct secvar_node V6: - fix esl validation to allow hash for dbx variable - fix unneccessary prlog in validate_cert() - fix handling of the return from pkcs7 parsing doc/secvar/edk2.rst | 49 ++ include/secvar.h | 1 + libstb/secvar/backend/Makefile.inc | 4 +- libstb/secvar/backend/edk2-compat-process.c | 762 ++++++++++++++++++++ libstb/secvar/backend/edk2-compat-process.h | 63 ++ libstb/secvar/backend/edk2-compat-reset.c | 115 +++ libstb/secvar/backend/edk2-compat-reset.h | 24 + libstb/secvar/backend/edk2-compat.c | 282 ++++++++ libstb/secvar/backend/edk2.h | 251 +++++++ 9 files changed, 1549 insertions(+), 2 deletions(-) create mode 100644 doc/secvar/edk2.rst create mode 100644 libstb/secvar/backend/edk2-compat-process.c create mode 100644 libstb/secvar/backend/edk2-compat-process.h create mode 100644 libstb/secvar/backend/edk2-compat-reset.c create mode 100644 libstb/secvar/backend/edk2-compat-reset.h create mode 100644 libstb/secvar/backend/edk2-compat.c create mode 100644 libstb/secvar/backend/edk2.h diff --git a/doc/secvar/edk2.rst b/doc/secvar/edk2.rst new file mode 100644 index 00000000..1e4cc9e3 --- /dev/null +++ b/doc/secvar/edk2.rst @@ -0,0 +1,49 @@ +.. _secvar/edk2: + +Skiboot edk2-compatible Secure Variable Backend +=============================================== + +Overview +-------- + +The edk2 secure variable backend for skiboot borrows from edk2 concepts +such as the three key hierarchy (PK, KEK, and db), and a similar +structure. In general, variable updates must be signed with a key +of a higher level. So, updates to the db must be signed with a key stored +in the KEK; updates to the KEK must be signed with the PK. Updates to the +PK must be signed with the previous PK (if any). + +Variables are stored in the efi signature list format, and updates are a +signed variant that includes an authentication header. + +If no PK is currently enrolled, the system is considered to be in "Setup +Mode". Any key can be enrolled without signature checks. However, once a +PK is enrolled, the system switches to "User Mode", and each update must +now be signed according to the hierarchy. Furthermore, when in "User +Mode", the backend initialized the ``os-secure-mode`` device tree flag, +signaling to the kernel that we are in secure mode. + +Updates are processed sequentially, in the order that they were provided +in the update queue. If any update fails to validate, appears to be +malformed, or any other error occurs, NO updates will not be applied. +This includes updates that may have successfully applied prior to the +error. The system will continue in an error state, reporting the error +reason via the ``update-status`` device tree property. + +P9 Special Case for the Platform Key +------------------------------------ + +Due to the powerful nature of the platform key and the lack of lockable +flash, the edk2 backend will store the PK in TPM NV rather than PNOR on +P9 systems. (TODO expand on this) + +Update Status Return Codes +-------------------------- + +TODO, edk2 driver needs to actually return these properly first + + +Device Tree Bindings +-------------------- + +TODO diff --git a/include/secvar.h b/include/secvar.h index 21210277..413d7997 100644 --- a/include/secvar.h +++ b/include/secvar.h @@ -37,6 +37,7 @@ struct secvar_backend_driver { }; extern struct secvar_storage_driver secboot_tpm_driver; +extern struct secvar_backend_driver edk2_compatible_v1; int secvar_main(struct secvar_storage_driver, struct secvar_backend_driver); diff --git a/libstb/secvar/backend/Makefile.inc b/libstb/secvar/backend/Makefile.inc index 6f491a63..bc987f69 100644 --- a/libstb/secvar/backend/Makefile.inc +++ b/libstb/secvar/backend/Makefile.inc @@ -1,11 +1,11 @@ # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -*-Makefile-*- -SECVAR_BACKEND_DIR = libstb/secvar/backend +SECVAR_BACKEND_DIR = $(SRC)/libstb/secvar/backend SUBDIRS += $(SECVAR_BACKEND_DIR) -SECVAR_BACKEND_SRCS = +SECVAR_BACKEND_SRCS = edk2-compat.c edk2-compat-process.c edk2-compat-reset.c SECVAR_BACKEND_OBJS = $(SECVAR_BACKEND_SRCS:%.c=%.o) SECVAR_BACKEND = $(SECVAR_BACKEND_DIR)/built-in.a diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c new file mode 100644 index 00000000..0129023e --- /dev/null +++ b/libstb/secvar/backend/edk2-compat-process.c @@ -0,0 +1,762 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2020 IBM Corp. */ +#ifndef pr_fmt +#define pr_fmt(fmt) "EDK2_COMPAT: " fmt +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "libstb/crypto/pkcs7/pkcs7.h" +#include "edk2.h" +#include "../secvar.h" +#include "edk2-compat-process.h" + +bool setup_mode; + +int update_variable_in_bank(struct secvar *update_var, const char *data, + const uint64_t dsize, struct list_head *bank) +{ + struct secvar *var; + + var = find_secvar(update_var->key, update_var->key_len, bank); + if (!var) + return OPAL_EMPTY; + + /* Reallocate the data memory, if there is change in data size */ + if (var->data_size < dsize) + if (realloc_secvar(var, dsize)) + return OPAL_NO_MEM; + + if (dsize && data) + memcpy(var->data, data, dsize); + var->data_size = dsize; + + /* Clear the volatile bit only if updated with positive data size */ + if (dsize) + var->flags &= ~SECVAR_FLAG_VOLATILE; + else + var->flags |= SECVAR_FLAG_VOLATILE; + + if (key_equals(update_var->key, "PK") || key_equals(update_var->key, "HWKH")) + var->flags |= SECVAR_FLAG_PROTECTED; + + return 0; +} + +/* Expand char to wide character size */ +static char *char_to_wchar(const char *key, const size_t keylen) +{ + int i; + char *str; + + str = zalloc(keylen * 2); + if (!str) + return NULL; + + for (i = 0; i < keylen*2; key++) { + str[i++] = *key; + str[i++] = '\0'; + } + + return str; +} + +/* Returns the authority that can sign the given key update */ +static void get_key_authority(const char *ret[3], const char *key) +{ + int i = 0; + + if (key_equals(key, "PK")) { + ret[i++] = "PK"; + } else if (key_equals(key, "KEK")) { + ret[i++] = "PK"; + } else if (key_equals(key, "db") || key_equals(key, "dbx")) { + ret[i++] = "KEK"; + ret[i++] = "PK"; + } + + ret[i] = NULL; +} + +static EFI_SIGNATURE_LIST* get_esl_signature_list(const char *buf, size_t buflen) +{ + EFI_SIGNATURE_LIST *list = NULL; + + if (buflen < sizeof(EFI_SIGNATURE_LIST) || !buf) + return NULL; + + list = (EFI_SIGNATURE_LIST *)buf; + + return list; +} + +/* Returns the size of the complete ESL. */ +static int32_t get_esl_signature_list_size(const char *buf, const size_t buflen) +{ + EFI_SIGNATURE_LIST *list = get_esl_signature_list(buf, buflen); + + if (!list) + return OPAL_PARAMETER; + + prlog(PR_DEBUG, "size of signature list size is %u\n", + le32_to_cpu(list->SignatureListSize)); + + return le32_to_cpu(list->SignatureListSize); +} + +/* + * Copies the certificate from the ESL into cert buffer and returns the size + * of the certificate + */ +static int get_esl_cert(const char *buf, const size_t buflen, char **cert) +{ + size_t sig_data_offset; + size_t size; + EFI_SIGNATURE_LIST *list = get_esl_signature_list(buf, buflen); + + if (!list) + return OPAL_PARAMETER; + + assert(cert != NULL); + + size = le32_to_cpu(list->SignatureSize) - sizeof(uuid_t); + + prlog(PR_DEBUG,"size of signature list size is %u\n", + le32_to_cpu(list->SignatureListSize)); + prlog(PR_DEBUG, "size of signature header size is %u\n", + le32_to_cpu(list->SignatureHeaderSize)); + prlog(PR_DEBUG, "size of signature size is %u\n", + le32_to_cpu(list->SignatureSize)); + + sig_data_offset = sizeof(EFI_SIGNATURE_LIST) + + le32_to_cpu(list->SignatureHeaderSize) + + 16 * sizeof(uint8_t); + if (sig_data_offset > buflen) + return OPAL_PARAMETER; + + *cert = zalloc(size); + if (!(*cert)) + return OPAL_NO_MEM; + + /* Since buf can have more than one ESL, copy only the size calculated + * to return single ESL */ + memcpy(*cert, buf + sig_data_offset, size); + + return size; +} + +/* + * Extracts size of the PKCS7 signed data embedded in the + * struct Authentication 2 Descriptor Header. + */ +static size_t get_pkcs7_len(const struct efi_variable_authentication_2 *auth) +{ + uint32_t dw_length; + size_t size; + + assert(auth != NULL); + + dw_length = le32_to_cpu(auth->auth_info.hdr.dw_length); + size = dw_length - (sizeof(auth->auth_info.hdr.dw_length) + + sizeof(auth->auth_info.hdr.w_revision) + + sizeof(auth->auth_info.hdr.w_certificate_type) + + sizeof(auth->auth_info.cert_type)); + + return size; +} + +int get_auth_descriptor2(const void *buf, const size_t buflen, void **auth_buffer) +{ + const struct efi_variable_authentication_2 *auth = buf; + int auth_buffer_size; + size_t len; + + assert(auth_buffer != NULL); + if (buflen < sizeof(struct efi_variable_authentication_2) + || !buf) + return OPAL_PARAMETER; + + len = get_pkcs7_len(auth); + /* pkcs7 content length cannot be greater than buflen */ + if (len > buflen) + return OPAL_PARAMETER; + + auth_buffer_size = sizeof(auth->timestamp) + sizeof(auth->auth_info.hdr) + + sizeof(auth->auth_info.cert_type) + len; + + *auth_buffer = zalloc(auth_buffer_size); + if (!(*auth_buffer)) + return OPAL_NO_MEM; + + /* + * Data = auth descriptor + new ESL data. + * Extracts only the auth descriptor from data. + */ + memcpy(*auth_buffer, buf, auth_buffer_size); + + return auth_buffer_size; +} + +static bool validate_cert(char *signing_cert, int signing_cert_size) +{ + mbedtls_x509_crt x509; + char *x509_buf = NULL; + int rc; + + mbedtls_x509_crt_init(&x509); + rc = mbedtls_x509_crt_parse(&x509, signing_cert, signing_cert_size); + + /* If failure in parsing the certificate, exit */ + if(rc) { + prlog(PR_ERR, "X509 certificate parsing failed %04x\n", rc); + return false; + } + + x509_buf = zalloc(CERT_BUFFER_SIZE); + rc = mbedtls_x509_crt_info(x509_buf, CERT_BUFFER_SIZE, "CRT:", &x509); + + mbedtls_x509_crt_free(&x509); + free(x509_buf); + x509_buf = NULL; + + /* If failure in reading the certificate, exit */ + if (rc < 0) + return false; + + return true; +} + +static bool validate_hash(uuid_t type, int size) +{ + if (uuid_equals(&type, &EFI_CERT_SHA1_GUID) && (size == 20)) + return true; + + if (uuid_equals(&type, &EFI_CERT_SHA224_GUID) && (size == 28)) + return true; + + if (uuid_equals(&type, &EFI_CERT_SHA256_GUID) && (size == 32)) + return true; + + if (uuid_equals(&type, &EFI_CERT_SHA384_GUID) && (size == 48)) + return true; + + if (uuid_equals(&type, &EFI_CERT_SHA512_GUID) && (size == 64)) + return true; + + return false; +} + +int validate_esl_list(const char *key, const char *esl, const size_t size) +{ + int count = 0; + int dsize; + char *data = NULL; + int eslvarsize = size; + int eslsize; + int rc = OPAL_SUCCESS; + int offset = 0; + EFI_SIGNATURE_LIST *list = NULL; + + while (eslvarsize > 0) { + prlog(PR_DEBUG, "esl var size size is %d offset is %d\n", eslvarsize, offset); + if (eslvarsize < sizeof(EFI_SIGNATURE_LIST)) + break; + + /* Check Supported ESL Type */ + list = get_esl_signature_list(esl, eslvarsize); + + if (!list) + return OPAL_PARAMETER; + + prlog(PR_DEBUG, "size of signature list size is %u\n", + le32_to_cpu(list->SignatureListSize)); + + /* Calculate the size of the ESL */ + eslsize = le32_to_cpu(list->SignatureListSize); + + /* If could not extract the size */ + if (eslsize <= 0) { + prlog(PR_ERR, "Invalid size of the ESL\n"); + rc = OPAL_PARAMETER; + break; + } + + /* Extract the certificate from the ESL */ + dsize = get_esl_cert(esl, eslvarsize, &data); + if (dsize < 0) { + rc = dsize; + break; + } + + if (key_equals(key, "dbx")) { + if (!validate_hash(list->SignatureType, dsize)) { + rc = OPAL_PARAMETER; + break; + } + } else { + if (!uuid_equals(&list->SignatureType, &EFI_CERT_X509_GUID) + || !validate_cert(data, dsize)) { + rc = OPAL_PARAMETER; + break; + } + } + + count++; + + /* Look for the next ESL */ + offset = offset + eslsize; + eslvarsize = eslvarsize - eslsize; + free(data); + /* Since we are going to allocate again in the next iteration */ + data = NULL; + } + + if (rc == OPAL_SUCCESS) { + if (key_equals(key, "PK") && (count > 1)) { + prlog(PR_ERR, "PK can only be one\n"); + rc = OPAL_PARAMETER; + } else { + rc = count; + } + } + + prlog(PR_INFO, "Total ESLs are %d\n", rc); + return rc; +} + +/* Get the timestamp for the last update of the give key */ +static struct efi_time *get_last_timestamp(const char *key, char *last_timestamp) +{ + struct efi_time *timestamp = (struct efi_time*)last_timestamp; + + if (!last_timestamp) + return NULL; + + if (key_equals(key, "PK")) + return ×tamp[0]; + else if (key_equals(key, "KEK")) + return ×tamp[1]; + else if (key_equals(key, "db")) + return ×tamp[2]; + else if (key_equals(key, "dbx")) + return ×tamp[3]; + else + return NULL; +} + +int update_timestamp(const char *key, const struct efi_time *timestamp, char *last_timestamp) +{ + struct efi_time *prev; + + prev = get_last_timestamp(key, last_timestamp); + if (prev == NULL) + return OPAL_INTERNAL_ERROR; + + /* Update with new timestamp */ + memcpy(prev, timestamp, sizeof(struct efi_time)); + + prlog(PR_DEBUG, "updated prev year is %d month %d day %d\n", + le16_to_cpu(prev->year), prev->month, prev->day); + + return OPAL_SUCCESS; +} + +static uint64_t unpack_timestamp(const struct efi_time *timestamp) +{ + uint64_t val = 0; + uint16_t year = le32_to_cpu(timestamp->year); + + /* pad1, nanosecond, timezone, daylight and pad2 are meant to be zero */ + val |= ((uint64_t) timestamp->pad1 & 0xFF) << 0; + val |= ((uint64_t) timestamp->second & 0xFF) << (1*8); + val |= ((uint64_t) timestamp->minute & 0xFF) << (2*8); + val |= ((uint64_t) timestamp->hour & 0xFF) << (3*8); + val |= ((uint64_t) timestamp->day & 0xFF) << (4*8); + val |= ((uint64_t) timestamp->month & 0xFF) << (5*8); + val |= ((uint64_t) year) << (6*8); + + return val; +} + +int check_timestamp(const char *key, const struct efi_time *timestamp, + char *last_timestamp) +{ + struct efi_time *prev; + uint64_t new; + uint64_t last; + + prev = get_last_timestamp(key, last_timestamp); + if (prev == NULL) + return OPAL_INTERNAL_ERROR; + + prlog(PR_DEBUG, "timestamp year is %d month %d day %d\n", + le16_to_cpu(timestamp->year), timestamp->month, + timestamp->day); + prlog(PR_DEBUG, "prev year is %d month %d day %d\n", + le16_to_cpu(prev->year), prev->month, prev->day); + + new = unpack_timestamp(timestamp); + last = unpack_timestamp(prev); + + if (new > last) + return OPAL_SUCCESS; + + return OPAL_PERMISSION; +} + +/* Extract PKCS7 from the authentication header */ +static mbedtls_pkcs7* get_pkcs7(const struct efi_variable_authentication_2 *auth) +{ + char *checkpkcs7cert = NULL; + size_t len; + mbedtls_pkcs7 *pkcs7 = NULL; + int rc; + + len = get_pkcs7_len(auth); + + pkcs7 = malloc(sizeof(struct mbedtls_pkcs7)); + if (!pkcs7) + return NULL; + + mbedtls_pkcs7_init(pkcs7); + rc = mbedtls_pkcs7_parse_der( auth->auth_info.cert_data, len, pkcs7); + if (rc <= 0) { + prlog(PR_ERR, "Parsing pkcs7 failed %04x\n", rc); + goto out; + } + + checkpkcs7cert = zalloc(CERT_BUFFER_SIZE); + if (!checkpkcs7cert) + goto out; + + rc = mbedtls_x509_crt_info(checkpkcs7cert, CERT_BUFFER_SIZE, "CRT:", + &(pkcs7->signed_data.certs)); + if (rc < 0) { + prlog(PR_ERR, "Failed to parse the certificate in PKCS7 structure\n"); + free(checkpkcs7cert); + goto out; + } + + prlog(PR_DEBUG, "%s \n", checkpkcs7cert); + free(checkpkcs7cert); + return pkcs7; + +out: + mbedtls_pkcs7_free(pkcs7); + pkcs7 = NULL; + return pkcs7; +} + +/* Verify the PKCS7 signature on the signed data. */ +static int verify_signature(const struct efi_variable_authentication_2 *auth, + const char *newcert, const size_t new_data_size, + const struct secvar *avar) +{ + mbedtls_pkcs7 *pkcs7 = NULL; + mbedtls_x509_crt x509; + char *signing_cert = NULL; + char *x509_buf = NULL; + int signing_cert_size; + int rc = 0; + char *errbuf; + int eslvarsize; + int eslsize; + int offset = 0; + + if (!auth) + return OPAL_PARAMETER; + + /* Extract the pkcs7 from the auth structure */ + pkcs7 = get_pkcs7(auth); + /* Failure to parse pkcs7 implies bad input. */ + if (!pkcs7) + return OPAL_PARAMETER; + + prlog(PR_INFO, "Load the signing certificate from the keystore"); + + eslvarsize = avar->data_size; + + /* Variable is not empty */ + while (eslvarsize > 0) { + prlog(PR_DEBUG, "esl var size size is %d offset is %d\n", eslvarsize, offset); + if (eslvarsize < sizeof(EFI_SIGNATURE_LIST)) + break; + + /* Calculate the size of the ESL */ + eslsize = get_esl_signature_list_size(avar->data + offset, + eslvarsize); + /* If could not extract the size */ + if (eslsize <= 0) { + rc = OPAL_PARAMETER; + break; + } + + /* Extract the certificate from the ESL */ + signing_cert_size = get_esl_cert(avar->data + offset, + eslvarsize, &signing_cert); + if (signing_cert_size < 0) { + rc = signing_cert_size; + break; + } + + mbedtls_x509_crt_init(&x509); + rc = mbedtls_x509_crt_parse(&x509, + signing_cert, + signing_cert_size); + + /* This should not happen, unless something corrupted in PNOR */ + if(rc) { + prlog(PR_INFO, "X509 certificate parsing failed %04x\n", rc); + rc = OPAL_INTERNAL_ERROR; + break; + } + + x509_buf = zalloc(CERT_BUFFER_SIZE); + rc = mbedtls_x509_crt_info(x509_buf, + CERT_BUFFER_SIZE, + "CRT:", + &x509); + + /* This should not happen, unless something corrupted in PNOR */ + if (rc < 0) { + free(x509_buf); + rc = OPAL_INTERNAL_ERROR; + break; + } + + prlog(PR_INFO, "%s \n", x509_buf); + free(x509_buf); + x509_buf = NULL; + + rc = mbedtls_pkcs7_signed_hash_verify(pkcs7, &x509, newcert, new_data_size); + + /* If you find a signing certificate, you are done */ + if (rc == 0) { + prlog(PR_INFO, "Signature Verification passed\n"); + mbedtls_x509_crt_free(&x509); + break; + } + + errbuf = zalloc(MBEDTLS_ERR_BUFFER_SIZE); + mbedtls_strerror(rc, errbuf, MBEDTLS_ERR_BUFFER_SIZE); + prlog(PR_INFO, "Signature Verification failed %02x %s\n", + rc, errbuf); + free(errbuf); + + /* Look for the next ESL */ + offset = offset + eslsize; + eslvarsize = eslvarsize - eslsize; + mbedtls_x509_crt_free(&x509); + free(signing_cert); + /* Since we are going to allocate again in the next iteration */ + signing_cert = NULL; + + } + + free(signing_cert); + mbedtls_pkcs7_free(pkcs7); + free(pkcs7); + + return rc; +} + +/* + * Create the hash of the buffer + * name || vendor guid || attributes || timestamp || newcontent + * which is submitted as signed by the user. + * Returns the sha256 hash, else negative error code. + */ +static char *get_hash_to_verify(const char *key, const char *new_data, + const size_t new_data_size, + const struct efi_time *timestamp) +{ + le32 attr = cpu_to_le32(SECVAR_ATTRIBUTES); + size_t varlen; + char *wkey; + uuid_t guid; + unsigned char *hash = NULL; + const mbedtls_md_info_t *md_info; + mbedtls_md_context_t ctx; + int rc; + + md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ); + mbedtls_md_init(&ctx); + + rc = mbedtls_md_setup(&ctx, md_info, 0); + if (rc) + goto out; + + rc = mbedtls_md_starts(&ctx); + if (rc) + goto out; + + if (key_equals(key, "PK") + || key_equals(key, "KEK")) + guid = EFI_GLOBAL_VARIABLE_GUID; + else if (key_equals(key, "db") + || key_equals(key, "dbx")) + guid = EFI_IMAGE_SECURITY_DATABASE_GUID; + else + return NULL; + + /* Expand char name to wide character width */ + varlen = strlen(key) * 2; + wkey = char_to_wchar(key, strlen(key)); + rc = mbedtls_md_update(&ctx, wkey, varlen); + free(wkey); + if (rc) + goto out; + + rc = mbedtls_md_update(&ctx, (const unsigned char *)&guid, sizeof(guid)); + if (rc) + goto out; + + rc = mbedtls_md_update(&ctx, (const unsigned char *)&attr, sizeof(attr)); + if (rc) + goto out; + + rc = mbedtls_md_update(&ctx, (const unsigned char *)timestamp, + sizeof(struct efi_time)); + if (rc) + goto out; + + rc = mbedtls_md_update(&ctx, new_data, new_data_size); + if (rc) + goto out; + + hash = zalloc(32); + if (!hash) + return NULL; + rc = mbedtls_md_finish(&ctx, hash); + if (rc) { + free(hash); + hash = NULL; + } + +out: + mbedtls_md_free(&ctx); + return hash; +} + +bool is_pkcs7_sig_format(const void *data) +{ + const struct efi_variable_authentication_2 *auth = data; + uuid_t pkcs7_guid = EFI_CERT_TYPE_PKCS7_GUID; + + return !memcmp(&auth->auth_info.cert_type, &pkcs7_guid, 16); +} + +int process_update(const struct secvar *update, char **newesl, + int *new_data_size, struct efi_time *timestamp, + struct list_head *bank, char *last_timestamp) +{ + struct efi_variable_authentication_2 *auth = NULL; + void *auth_buffer = NULL; + int auth_buffer_size = 0; + const char *key_authority[3]; + char *tbhbuffer = NULL; + size_t tbhbuffersize = 0; + struct secvar *avar = NULL; + int rc = 0; + int i; + + /* We need to split data into authentication descriptor and new ESL */ + auth_buffer_size = get_auth_descriptor2(update->data, + update->data_size, + &auth_buffer); + if ((auth_buffer_size < 0) + || (update->data_size < auth_buffer_size)) { + prlog(PR_ERR, "Invalid auth buffer size\n"); + rc = auth_buffer_size; + goto out; + } + + auth = auth_buffer; + + if (!timestamp) { + rc = OPAL_INTERNAL_ERROR; + goto out; + } + + memcpy(timestamp, auth_buffer, sizeof(struct efi_time)); + + rc = check_timestamp(update->key, timestamp, last_timestamp); + /* Failure implies probably an older command being resubmitted */ + if (rc != OPAL_SUCCESS) { + prlog(PR_INFO, "Timestamp verification failed for key %s\n", update->key); + goto out; + } + + /* Calculate the size of new ESL data */ + *new_data_size = update->data_size - auth_buffer_size; + if (*new_data_size < 0) { + prlog(PR_ERR, "Invalid new ESL (new data content) size\n"); + rc = OPAL_PARAMETER; + goto out; + } + *newesl = zalloc(*new_data_size); + if (!(*newesl)) { + rc = OPAL_NO_MEM; + goto out; + } + memcpy(*newesl, update->data + auth_buffer_size, *new_data_size); + + /* Validate the new ESL is in right format */ + rc = validate_esl_list(update->key, *newesl, *new_data_size); + if (rc < 0) { + prlog(PR_ERR, "ESL validation failed for key %s with error %04x\n", + update->key, rc); + goto out; + } + + if (setup_mode) { + rc = OPAL_SUCCESS; + goto out; + } + + /* Prepare the data to be verified */ + tbhbuffer = get_hash_to_verify(update->key, *newesl, *new_data_size, + timestamp); + if (!tbhbuffer) { + rc = OPAL_INTERNAL_ERROR; + goto out; + } + + /* Get the authority to verify the signature */ + get_key_authority(key_authority, update->key); + + /* + * Try for all the authorities that are allowed to sign. + * For eg. db/dbx can be signed by both PK or KEK + */ + for (i = 0; key_authority[i] != NULL; i++) { + prlog(PR_DEBUG, "key is %s\n", update->key); + prlog(PR_DEBUG, "key authority is %s\n", key_authority[i]); + avar = find_secvar(key_authority[i], + strlen(key_authority[i]) + 1, + bank); + if (!avar || !avar->data_size) + continue; + + /* Verify the signature */ + rc = verify_signature(auth, tbhbuffer, tbhbuffersize, + avar); + + /* Break if signature verification is successful */ + if (rc == OPAL_SUCCESS) + break; + } + +out: + free(auth_buffer); + free(tbhbuffer); + + return rc; +} diff --git a/libstb/secvar/backend/edk2-compat-process.h b/libstb/secvar/backend/edk2-compat-process.h new file mode 100644 index 00000000..737c7329 --- /dev/null +++ b/libstb/secvar/backend/edk2-compat-process.h @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2020 IBM Corp. */ + +#ifndef __SECVAR_EDK2_COMPAT_PROCESS__ +#define __SECVAR_EDK2_COMPAT_PROCESS__ + +#ifndef pr_fmt +#define pr_fmt(fmt) "EDK2_COMPAT: " fmt +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include "libstb/crypto/pkcs7/pkcs7.h" +#include "edk2.h" +#include "opal-api.h" +#include "../secvar.h" +#include "../secvar_devtree.h" + +#define CERT_BUFFER_SIZE 2048 +#define MBEDTLS_ERR_BUFFER_SIZE 1024 + +#define EDK2_MAX_KEY_LEN SECVAR_MAX_KEY_LEN +#define key_equals(a,b) (!strncmp(a, b, EDK2_MAX_KEY_LEN)) +#define uuid_equals(a,b) (!memcmp(a, b, UUID_SIZE)) + +extern bool setup_mode; +extern struct list_head staging_bank; + +/* Update the variable in the variable bank with the new value. */ +int update_variable_in_bank(struct secvar *update_var, const char *data, + uint64_t dsize, struct list_head *bank); + +/* This function outputs the Authentication 2 Descriptor in the + * auth_buffer and returns the size of the buffer. Please refer to + * edk2.h for details on Authentication 2 Descriptor + */ +int get_auth_descriptor2(const void *buf, const size_t buflen, + void **auth_buffer); + +/* Check the format of the ESL */ +int validate_esl_list(const char *key, const char *esl, const size_t size); + +/* Update the TS variable with the new timestamp */ +int update_timestamp(const char *key, const struct efi_time *timestamp, char *last_timestamp); + +/* Check the new timestamp against the timestamp last update was done */ +int check_timestamp(const char *key, const struct efi_time *timestamp, char *last_timestamp); + +/* Check the GUID of the data type */ +bool is_pkcs7_sig_format(const void *data); + +/* Process the update */ +int process_update(const struct secvar *update, char **newesl, + int *neweslsize, struct efi_time *timestamp, + struct list_head *bank, char *last_timestamp); + +#endif diff --git a/libstb/secvar/backend/edk2-compat-reset.c b/libstb/secvar/backend/edk2-compat-reset.c new file mode 100644 index 00000000..cc3c6d08 --- /dev/null +++ b/libstb/secvar/backend/edk2-compat-reset.c @@ -0,0 +1,115 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2020 IBM Corp. */ +#include +#include +#include "edk2-compat-process.h" +#include "edk2-compat-reset.h" +#include "../secvar.h" + +int reset_keystore(struct list_head *bank) +{ + struct secvar *var; + int rc = 0; + + var = find_secvar("PK", 3, bank); + if (var) + rc = update_variable_in_bank(var, NULL, 0, bank); + if (rc) + return rc; + + var = find_secvar("KEK", 4, bank); + if (var) + rc = update_variable_in_bank(var, NULL, 0, bank); + if (rc) + return rc; + + var = find_secvar("db", 3, bank); + if (var) + rc = update_variable_in_bank(var, NULL, 0, bank); + if (rc) + return rc; + + var = find_secvar("dbx", 4, bank); + if (var) + rc = update_variable_in_bank(var, NULL, 0, bank); + if (rc) + return rc; + + var = find_secvar("TS", 3, bank); + if (var) + rc = update_variable_in_bank(var, NULL, 0, bank); + if (rc) + return rc; + + var = find_secvar("HWKH", 5, bank); + if (var) + rc = update_variable_in_bank(var, NULL, 0, bank); + + return rc; +} + + +int add_hw_key_hash(struct list_head *bank) +{ + struct secvar *var; + uint32_t hw_key_hash_size; + const char *hw_key_hash; + struct dt_node *secureboot; + + secureboot = dt_find_by_path(dt_root, "ibm,secureboot"); + if (!secureboot) + return false; + + hw_key_hash_size = dt_prop_get_u32(secureboot, "hw-key-hash-size"); + + hw_key_hash = dt_prop_get(secureboot, "hw-key-hash"); + + if (!hw_key_hash) + return OPAL_PERMISSION; + + var = new_secvar("HWKH", 5, hw_key_hash, + hw_key_hash_size, SECVAR_FLAG_PROTECTED); + list_add_tail(bank, &var->link); + + return OPAL_SUCCESS; +} + +int delete_hw_key_hash(struct list_head *bank) +{ + struct secvar *var; + int rc; + + var = find_secvar("HWKH", 5, bank); + if (!var) + return OPAL_SUCCESS; + + rc = update_variable_in_bank(var, NULL, 0, bank); + return rc; +} + +int verify_hw_key_hash(void) +{ + const char *hw_key_hash; + struct dt_node *secureboot; + struct secvar *var; + + secureboot = dt_find_by_path(dt_root, "ibm,secureboot"); + if (!secureboot) + return OPAL_INTERNAL_ERROR; + + hw_key_hash = dt_prop_get(secureboot, "hw-key-hash"); + + if (!hw_key_hash) + return OPAL_INTERNAL_ERROR; + + /* This value is from the protected storage */ + var = find_secvar("HWKH", 5, &variable_bank); + if (!var) + return OPAL_PERMISSION; + + if (memcmp(hw_key_hash, var->data, var->data_size) != 0) + return OPAL_PERMISSION; + + return OPAL_SUCCESS; +} + diff --git a/libstb/secvar/backend/edk2-compat-reset.h b/libstb/secvar/backend/edk2-compat-reset.h new file mode 100644 index 00000000..bede9c9d --- /dev/null +++ b/libstb/secvar/backend/edk2-compat-reset.h @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2020 IBM Corp. */ + +#ifndef __SECVAR_EDK2_COMPAT_CLEAR_KEYS__ +#define __SECVAR_EDK2_COMPAT_CLEAR_KEYS__ + +#ifndef pr_fmt +#define pr_fmt(fmt) "EDK2_COMPAT: " fmt +#endif + +/* clear all os keys and the timestamp*/ +int reset_keystore(struct list_head *bank); + +/* Compares the hw-key-hash from device tree to the value stored in + * the protected storage to ensure it is not modified */ +int verify_hw_key_hash(void); + +/* Adds hw-key-hash */ +int add_hw_key_hash(struct list_head *bank); + +/* Delete hw-key-hash */ +int delete_hw_key_hash(struct list_head *bank); + +#endif diff --git a/libstb/secvar/backend/edk2-compat.c b/libstb/secvar/backend/edk2-compat.c new file mode 100644 index 00000000..52631c0b --- /dev/null +++ b/libstb/secvar/backend/edk2-compat.c @@ -0,0 +1,282 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2020 IBM Corp. */ +#ifndef pr_fmt +#define pr_fmt(fmt) "EDK2_COMPAT: " fmt +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include "libstb/crypto/pkcs7/pkcs7.h" +#include "edk2.h" +#include "../secvar.h" +#include "edk2-compat-process.h" +#include "edk2-compat-reset.h" + +struct list_head staging_bank; + +/* + * Initializes supported variables as empty if not loaded from + * storage. Variables are initialized as volatile if not found. + * Updates should clear this flag. + * Returns OPAL Error if anything fails in initialization + */ +static int edk2_compat_pre_process(struct list_head *variable_bank, + struct list_head *update_bank __unused) +{ + struct secvar *pkvar; + struct secvar *kekvar; + struct secvar *dbvar; + struct secvar *dbxvar; + struct secvar *tsvar; + + pkvar = find_secvar("PK", 3, variable_bank); + if (!pkvar) { + pkvar = new_secvar("PK", 3, NULL, 0, SECVAR_FLAG_VOLATILE + | SECVAR_FLAG_PROTECTED); + if (!pkvar) + return OPAL_NO_MEM; + + list_add_tail(variable_bank, &pkvar->link); + } + if (pkvar->data_size == 0) + setup_mode = true; + else + setup_mode = false; + + kekvar = find_secvar("KEK", 4, variable_bank); + if (!kekvar) { + kekvar = new_secvar("KEK", 4, NULL, 0, SECVAR_FLAG_VOLATILE); + if (!kekvar) + return OPAL_NO_MEM; + + list_add_tail(variable_bank, &kekvar->link); + } + + dbvar = find_secvar("db", 3, variable_bank); + if (!dbvar) { + dbvar = new_secvar("db", 3, NULL, 0, SECVAR_FLAG_VOLATILE); + if (!dbvar) + return OPAL_NO_MEM; + + list_add_tail(variable_bank, &dbvar->link); + } + + dbxvar = find_secvar("dbx", 4, variable_bank); + if (!dbxvar) { + dbxvar = new_secvar("dbx", 4, NULL, 0, SECVAR_FLAG_VOLATILE); + if (!dbxvar) + return OPAL_NO_MEM; + + list_add_tail(variable_bank, &dbxvar->link); + } + + /* + * Should only ever happen on first boot. Timestamp is + * initialized with all zeroes. + */ + tsvar = find_secvar("TS", 3, variable_bank); + if (!tsvar) { + tsvar = alloc_secvar(3, sizeof(struct efi_time) * 4); + if (!tsvar) + return OPAL_NO_MEM; + + memcpy(tsvar->key, "TS", 3); + tsvar->key_len = 3; + tsvar->data_size = sizeof(struct efi_time) * 4; + memset(tsvar->data, 0, tsvar->data_size); + list_add_tail(variable_bank, &tsvar->link); + } + + return OPAL_SUCCESS; +}; + +static int edk2_compat_process(struct list_head *variable_bank, + struct list_head *update_bank) +{ + struct secvar *var = NULL; + struct secvar *tsvar = NULL; + struct efi_time timestamp; + char *newesl = NULL; + int neweslsize; + int rc = 0; + + prlog(PR_INFO, "Setup mode = %d\n", setup_mode); + + /* Check HW-KEY-HASH */ + if (!setup_mode) { + rc = verify_hw_key_hash(); + if (rc != OPAL_SUCCESS) { + prlog(PR_ERR, "Hardware key hash verification mismatch\n"); + rc = reset_keystore(variable_bank); + if (rc) + goto cleanup; + setup_mode = true; + goto cleanup; + } + } + + /* Return early if we have no updates to process */ + if (list_empty(update_bank)) { + return OPAL_EMPTY; + } + + /* + * Make a working copy of variable bank that is updated + * during process + */ + list_head_init(&staging_bank); + copy_bank_list(&staging_bank, variable_bank); + + /* + * Loop through each command in the update bank. + * If any command fails, it just loops out of the update bank. + * It should also clear the update bank. + */ + + /* Read the TS variable first time and then keep updating it in-memory */ + tsvar = find_secvar("TS", 3, &staging_bank); + + /* + * We cannot find timestamp variable, did someone tamper it ?, return + * OPAL_PERMISSION + */ + if (!tsvar) + return OPAL_PERMISSION; + + list_for_each(update_bank, var, link) { + + /* + * Submitted data is auth_2 descriptor + new ESL data + * Extract the auth_2 2 descriptor + */ + prlog(PR_INFO, "Update for %s\n", var->key); + + rc = process_update(var, &newesl, + &neweslsize, ×tamp, + &staging_bank, + tsvar->data); + if (rc) { + prlog(PR_ERR, "Update processing failed with rc %04x\n", rc); + break; + } + + /* + * If reached here means, signature is verified so update the + * value in the variable bank + */ + rc = update_variable_in_bank(var, + newesl, + neweslsize, + &staging_bank); + if (rc) { + prlog(PR_ERR, "Updating the variable data failed %04x\n", rc); + break; + } + + free(newesl); + newesl = NULL; + /* Update the TS variable with the new timestamp */ + rc = update_timestamp(var->key, + ×tamp, + tsvar->data); + if (rc) { + prlog (PR_ERR, "Variable updated, but timestamp updated failed %04x\n", rc); + break; + } + + /* + * If the PK is updated, update the secure boot state of the + * system at the end of processing + */ + if (key_equals(var->key, "PK")) { + /* + * PK is tied to a particular firmware image by mapping it with + * hw-key-hash of that firmware. When PK is updated, hw-key-hash + * is updated. And when PK is deleted, delete hw-key-hash as well + */ + if(neweslsize == 0) { + setup_mode = true; + delete_hw_key_hash(&staging_bank); + } else { + setup_mode = false; + add_hw_key_hash(&staging_bank); + } + prlog(PR_DEBUG, "setup mode is %d\n", setup_mode); + } + } + + if (rc == 0) { + /* Update the variable bank with updated working copy */ + clear_bank_list(variable_bank); + copy_bank_list(variable_bank, &staging_bank); + } + +cleanup: + /* + * For any failure in processing update queue, we clear the update bank + * and return failure + */ + free(newesl); + clear_bank_list(&staging_bank); + clear_bank_list(update_bank); + + return rc; +} + +static int edk2_compat_post_process(struct list_head *variable_bank, + struct list_head *update_bank __unused) +{ + struct secvar *hwvar; + if (!setup_mode) { + secvar_set_secure_mode(); + prlog(PR_INFO, "Enforcing OS secure mode\n"); + /* + * HW KEY HASH is no more needed after this point. It is already + * visible to userspace via device-tree, so exposing via sysfs is + * just a duplication. Remove it from in-memory copy. + */ + hwvar = find_secvar("HWKH", 5, variable_bank); + if (!hwvar) { + prlog(PR_ERR, "cannot find hw-key-hash, should not happen\n"); + return OPAL_INTERNAL_ERROR; + } + list_del(&hwvar->link); + dealloc_secvar(hwvar); + } + + return OPAL_SUCCESS; +} + +static int edk2_compat_validate(struct secvar *var) +{ + + /* + * Checks if the update is for supported + * Non-volatile secure variables + */ + if (!key_equals(var->key, "PK") + && !key_equals(var->key, "KEK") + && !key_equals(var->key, "db") + && !key_equals(var->key, "dbx")) + return OPAL_PARAMETER; + + /* Check that signature type is PKCS7 */ + if (!is_pkcs7_sig_format(var->data)) + return OPAL_PARAMETER; + + return OPAL_SUCCESS; +}; + +struct secvar_backend_driver edk2_compatible_v1 = { + .pre_process = edk2_compat_pre_process, + .process = edk2_compat_process, + .post_process = edk2_compat_post_process, + .validate = edk2_compat_validate, + .compatible = "ibm,edk2-compat-v1", +}; diff --git a/libstb/secvar/backend/edk2.h b/libstb/secvar/backend/edk2.h new file mode 100644 index 00000000..1ed9a119 --- /dev/null +++ b/libstb/secvar/backend/edk2.h @@ -0,0 +1,251 @@ +/* Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved. This + * program and the accompanying materials are licensed and made available + * under the terms and conditions of the 2-Clause BSD License which + * accompanies this distribution. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * This file is derived from the following files referred from edk2-staging[1] repo + * of tianocore + * + * MdePkg/Include/Guid/GlobalVariable.h + * MdePkg/Include/Guid/WinCertificate.h + * MdePkg/Include/Uefi/UefiMultiPhase.h + * MdePkg/Include/Uefi/UefiBaseType.h + * MdePkg/Include/Guid/ImageAuthentication.h + * + * [1] https://github.com/tianocore/edk2-staging + * + * Copyright 2020 IBM Corp. + */ + +#ifndef __EDK2_H__ +#define __EDK2_H__ + +#define UUID_SIZE 16 + +typedef struct { + u8 b[UUID_SIZE]; +} uuid_t; + +#define EFI_GLOBAL_VARIABLE_GUID (uuid_t){{0x61, 0xDF, 0xe4, 0x8b, 0xca, 0x93, 0xd2, 0x11, 0xaa, \ + 0x0d, 0x00, 0xe0, 0x98, 0x03, 0x2b, 0x8c}} + +#define EFI_IMAGE_SECURITY_DATABASE_GUID (uuid_t){{0xcb, 0xb2, 0x19, 0xd7, 0x3a, 0x3d, 0x96, 0x45, \ + 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f}} + +#define SECVAR_ATTRIBUTES 39 + +/// +/// This identifies a signature based on an X.509 certificate. If the signature is an X.509 +/// certificate then verification of the signature of an image should validate the public +/// key certificate in the image using certificate path verification, up to this X.509 +/// certificate as a trusted root. The SignatureHeader size shall always be 0. The +/// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + +/// the size of the certificate itself. +/// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST. +/// + +static const uuid_t EFI_CERT_TYPE_PKCS7_GUID = {{0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7}}; + +static const uuid_t EFI_CERT_X509_GUID = {{ 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 }}; + +static const uuid_t EFI_CERT_SHA1_GUID = {{ 0x12, 0xa5, 0x6c, 0x82, 0x10, 0xcf, 0xc9, 0x4a, 0xb1, 0x87, 0xbe, 0x01, 0x49, 0x66, 0x31, 0xbd }}; + +static const uuid_t EFI_CERT_SHA224_GUID = {{ 0x33, 0x52, 0x6e, 0x0b, 0x5c, 0xa6, 0xc9, 0x44, 0x94, 0x07, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd }}; + +static const uuid_t EFI_CERT_SHA256_GUID = {{ 0x26, 0x16, 0xc4, 0xc1, 0x4c, 0x50, 0x92, 0x40, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }}; + +static const uuid_t EFI_CERT_SHA384_GUID = {{ 0x07, 0x53, 0x3e, 0xff, 0xd0, 0x9f, 0xc9, 0x48, 0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x01 }}; + +static const uuid_t EFI_CERT_SHA512_GUID = {{ 0xae, 0x0f, 0x3e, 0x09, 0xc4, 0xa6, 0x50, 0x4f, 0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a }}; + +#define EFI_VARIABLE_NON_VOLATILE 0x00000001 +#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 +#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 + +/* + * Attributes of Authenticated Variable + */ +#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020 +#define EFI_VARIABLE_APPEND_WRITE 0x00000040 +/* + * NOTE: EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and should be + * considered reserved. + */ +#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 + +/* + * win_certificate.w_certificate_type + */ +#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 + +#define SECURE_BOOT_MODE_ENABLE 1 +#define SECURE_BOOT_MODE_DISABLE 0 +/// +/// Depricated value definition for SetupMode variable +/// +#define SETUP_MODE 1 +#define USER_MODE 0 + +/* + * EFI Time Abstraction: + * Year: 1900 - 9999 + * Month: 1 - 12 + * Day: 1 - 31 + * Hour: 0 - 23 + * Minute: 0 - 59 + * Second: 0 - 59 + * Nanosecond: 0 - 999,999,999 + * TimeZone: -1440 to 1440 or 2047 + */ +struct efi_time { + u16 year; + u8 month; + u8 day; + u8 hour; + u8 minute; + u8 second; + u8 pad1; + u32 nanosecond; + s16 timezone; + u8 daylight; + u8 pad2; +}; +//*********************************************************************** +// Signature Database +//*********************************************************************** +/// +/// The format of a signature database. +/// +#pragma pack(1) + +typedef struct { + /// + /// An identifier which identifies the agent which added the signature to the list. + /// + uuid_t SignatureOwner; + /// + /// The format of the signature is defined by the SignatureType. + /// + unsigned char SignatureData[0]; +} EFI_SIGNATURE_DATA; + +typedef struct { + /// + /// Type of the signature. GUID signature types are defined in below. + /// + uuid_t SignatureType; + /// + /// Total size of the signature list, including this header. + /// + uint32_t SignatureListSize; + /// + /// Size of the signature header which precedes the array of signatures. + /// + uint32_t SignatureHeaderSize; + /// + /// Size of each signature. + /// + uint32_t SignatureSize; + /// + /// Header before the array of signatures. The format of this header is specified + /// by the SignatureType. + /// UINT8 SignatureHeader[SignatureHeaderSize]; + /// + /// An array of signatures. Each signature is SignatureSize bytes in length. + /// EFI_SIGNATURE_DATA Signatures[][SignatureSize]; + /// +} EFI_SIGNATURE_LIST; + + +/* + * The win_certificate structure is part of the PE/COFF specification. + */ +struct win_certificate { + /* + * The length of the entire certificate, including the length of the + * header, in bytes. + */ + u32 dw_length; + /* + * The revision level of the WIN_CERTIFICATE structure. The current + * revision level is 0x0200. + */ + u16 w_revision; + /* + * The certificate type. See WIN_CERT_TYPE_xxx for the UEFI certificate + * types. The UEFI specification reserves the range of certificate type + * values from 0x0EF0 to 0x0EFF. + */ + u16 w_certificate_type; + /* + * The following is the actual certificate. The format of + * the certificate depends on wCertificateType. + */ + /// UINT8 bCertificate[ANYSIZE_ARRAY]; +}; + +/* + * Certificate which encapsulates a GUID-specific digital signature + */ +struct win_certificate_uefi_guid { + /* + * This is the standard win_certificate header, where w_certificate_type + * is set to WIN_CERT_TYPE_EFI_GUID. + */ + struct win_certificate hdr; + /* + * This is the unique id which determines the format of the cert_data. + */ + uuid_t cert_type; + /* + * The following is the certificate data. The format of the data is + * determined by the @cert_type. If @cert_type is + * EFI_CERT_TYPE_RSA2048_SHA256_GUID, the @cert_data will be + * EFI_CERT_BLOCK_RSA_2048_SHA256 structure. + */ + u8 cert_data[]; +}; +/* + * When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is set, + * then the Data buffer shall begin with an instance of a complete (and + * serialized) EFI_VARIABLE_AUTHENTICATION_2 descriptor. The descriptor shall be + * followed by the new variable value and DataSize shall reflect the combined + * size of the descriptor and the new variable value. The authentication + * descriptor is not part of the variable data and is not returned by subsequent + * calls to GetVariable(). + */ +struct efi_variable_authentication_2 { + /* + * For the TimeStamp value, components Pad1, Nanosecond, TimeZone, Daylight and + * Pad2 shall be set to 0. This means that the time shall always be expressed in GMT. + */ + struct efi_time timestamp; + /* + * Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted. + */ + struct win_certificate_uefi_guid auth_info; +}; + +#endif From patchwork Wed Sep 16 16:21:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365469 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs5GG16wqz9sTq for ; Thu, 17 Sep 2020 02:31:50 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=W8cLzcyH; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs5GF6cWmzDqMk for ; Thu, 17 Sep 2020 02:31:49 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=W8cLzcyH; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs5335mbXzDqPR for ; Thu, 17 Sep 2020 02:22:07 +1000 (AEST) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GGFu29014165 for ; Wed, 16 Sep 2020 12:22:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=TEAzBucglL0I4DW3eUuHldVoSXkuHOm32q3X0nzNbg8=; b=W8cLzcyHYNGSwnoqWIgpp8LH7AU+V1DHlFRQbcPcP+TzLg+tbPBlv1xSaLV8iHWWcPNq V6xgxVGC9710uGcvnov8SThnRQfovOo9ONBgweSRQnF04X/S8DmV1WQsLQPY0YPRBoHs gMpa9fv/b6V71BzFOs065SPMPDny3B8jcOcjXtk6psAS4JBH+hFHLqB/SPdQefrIuMgA Lc1ih3E47Qg6kre6LSZ3TYp9RIWI9wKg4fQcDQWscS7cpSfgg9hXeVCCJ+HlS0O7SBGa 02hVg9HNiS1u/4+k62rhvhogeUrYmjKYUdD4NbnQ4sPWd6nYwIoWs6uzYuJuXBTVoi6k Kw== Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 33kp2w85r3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:22:01 -0400 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGICQJ029260 for ; Wed, 16 Sep 2020 16:21:58 GMT Received: from b06avi18878370.portsmouth.uk.ibm.com (b06avi18878370.portsmouth.uk.ibm.com [9.149.26.194]) by ppma03ams.nl.ibm.com with ESMTP id 33k6esgtnu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:57 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGLsr519923254 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:21:54 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 89E9011C05C; Wed, 16 Sep 2020 16:21:54 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BA87211C050; Wed, 16 Sep 2020 16:21:53 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:53 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:30 -0500 Message-Id: <20200916162131.22478-20-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 lowpriorityscore=0 spamscore=0 mlxlogscore=999 mlxscore=0 adultscore=0 bulkscore=0 phishscore=0 impostorscore=0 clxscore=1015 suspectscore=1 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160114 Subject: [Skiboot] [PATCH v6 19/20] secvar/test: add edk2-compat driver test and test data X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch contains a set of tests to exercise the edk2 driver using actual properly (and in some cases, improperly) signed binary data. Due to the excessive size of the binary data included in the header files, this test was split into its own patch. Co-developed-by: Nayna Jain Signed-off-by: Nayna Jain Signed-off-by: Eric Richter --- V6: - added new unit test for dbx - updated for changes in the pkcs7 parser - cleaned up test data formatting - add pkcs7 blob vs pkcs7 signed data blob test libstb/secvar/test/Makefile.check | 7 +- libstb/secvar/test/data/KEK.h | 161 ++++++++++ libstb/secvar/test/data/OldTSKEK.h | 161 ++++++++++ libstb/secvar/test/data/PK.h | 161 ++++++++++ libstb/secvar/test/data/db.h | 161 ++++++++++ libstb/secvar/test/data/dbsigneddata.h | 160 ++++++++++ libstb/secvar/test/data/dbx.h | 102 +++++++ libstb/secvar/test/data/dbxmalformed.h | 105 +++++++ libstb/secvar/test/data/dbxsha512.h | 104 +++++++ libstb/secvar/test/data/invalidkek.h | 161 ++++++++++ libstb/secvar/test/data/malformedkek.h | 102 +++++++ libstb/secvar/test/data/multipleDB.h | 225 ++++++++++++++ libstb/secvar/test/data/multipleKEK.h | 225 ++++++++++++++ libstb/secvar/test/data/multiplePK.h | 224 ++++++++++++++ libstb/secvar/test/data/noPK.h | 98 +++++++ libstb/secvar/test/secvar-test-edk2-compat.c | 291 +++++++++++++++++++ libstb/secvar/test/secvar_common_test.c | 2 + 17 files changed, 2448 insertions(+), 2 deletions(-) create mode 100644 libstb/secvar/test/data/KEK.h create mode 100644 libstb/secvar/test/data/OldTSKEK.h create mode 100644 libstb/secvar/test/data/PK.h create mode 100644 libstb/secvar/test/data/db.h create mode 100644 libstb/secvar/test/data/dbsigneddata.h create mode 100644 libstb/secvar/test/data/dbx.h create mode 100644 libstb/secvar/test/data/dbxmalformed.h create mode 100644 libstb/secvar/test/data/dbxsha512.h create mode 100644 libstb/secvar/test/data/invalidkek.h create mode 100644 libstb/secvar/test/data/malformedkek.h create mode 100644 libstb/secvar/test/data/multipleDB.h create mode 100644 libstb/secvar/test/data/multipleKEK.h create mode 100644 libstb/secvar/test/data/multiplePK.h create mode 100644 libstb/secvar/test/data/noPK.h create mode 100644 libstb/secvar/test/secvar-test-edk2-compat.c diff --git a/libstb/secvar/test/Makefile.check b/libstb/secvar/test/Makefile.check index 5999b2a9..3a99f8d8 100644 --- a/libstb/secvar/test/Makefile.check +++ b/libstb/secvar/test/Makefile.check @@ -6,6 +6,7 @@ SECVAR_TEST_DIR = libstb/secvar/test SECVAR_TEST = $(patsubst %.c, %, $(wildcard $(SECVAR_TEST_DIR)/secvar-test-*.c)) HOSTCFLAGS+=-I . -I include -I libstb/tss2 -I libstb/tss2/ibmtpm20tss/utils +HOSTCFLAGS += -I$(SRC)/$(LIBSTB_DIR)/crypto/mbedtls/include # Needed because x86 and POWER disagree on the type for uint64_t, causes printf issues HOSTCFLAGS+= -Wno-format @@ -31,13 +32,15 @@ $(SECVAR_TEST:%=%-check) : %-check: % $(call QTEST, RUN-TEST ,$(VALGRIND) $<, $<) @$(RM) -f secboot.img +HOSTMBEDFLAGS += -lmbedcrypto -lmbedx509 + $(SECVAR_TEST) : core/test/stubs.o $(SECVAR_TEST) : % : %.c - $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) -O0 -g -I include -I . -I libfdt -o $@ $< core/test/stubs.o, $<) + $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) $(HOSTMBEDFLAGS) -O0 -g -I include -I . -I libfdt -o $@ $< core/test/stubs.o, $<) $(SECVAR_TEST:%=%-gcov): %-gcov : %.c % - $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) $(HOSTGCOVCFLAGS) -I include -I . -I libfdt -lgcov -o $@ $< core/test/stubs.o, $<) + $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) $(HOSTGCOVCFLAGS) $(HOSTMBEDFLAGS) -I include -I . -I libfdt -lgcov -o $@ $< core/test/stubs.o, $<) -include $(wildcard libstb/secvar/test/*.d) diff --git a/libstb/secvar/test/data/KEK.h b/libstb/secvar/test/data/KEK.h new file mode 100644 index 00000000..bfbc0da7 --- /dev/null +++ b/libstb/secvar/test/data/KEK.h @@ -0,0 +1,161 @@ +unsigned char KEK_auth[] = { +0xe4 ,0x07 ,0x09 ,0x0e ,0x0e ,0x22 ,0x2e ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd3 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xb7 ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xa8 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 +,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 +,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 +,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 +,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 +,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 +,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 +,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f +,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e +,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 +,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 +,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 +,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 +,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d +,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea +,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 +,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 +,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 +,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 +,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 +,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb +,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 +,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 +,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e +,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d +,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 +,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f +,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e +,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe +,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 +,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 +,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba +,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 +,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 +,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c +,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba +,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 +,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 +,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 +,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 +,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc +,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc +,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 +,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab +,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 +,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a +,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b +,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 +,0x01 ,0xb1 ,0x30 ,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 +,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 +,0x82 ,0x01 ,0x00 ,0x9a ,0x63 ,0x09 ,0xe0 ,0x7f ,0xb8 ,0x20 ,0xd5 ,0x19 ,0x63 ,0x05 ,0x37 ,0x22 +,0x8d ,0xe4 ,0x03 ,0x0e ,0xd1 ,0x62 ,0x05 ,0x90 ,0xb4 ,0x49 ,0x9b ,0x03 ,0x1c ,0x4b ,0xd8 ,0x0f +,0x0f ,0xf5 ,0x43 ,0x17 ,0xe9 ,0xf6 ,0xb4 ,0x5f ,0x41 ,0x0f ,0xc1 ,0x7e ,0x92 ,0x5d ,0x39 ,0x53 +,0xd7 ,0x5c ,0x7a ,0x0b ,0x00 ,0x71 ,0x62 ,0x29 ,0x7c ,0xb2 ,0xf7 ,0x85 ,0xc6 ,0x77 ,0x34 ,0x9c +,0x6c ,0xdc ,0x08 ,0x8d ,0x11 ,0x93 ,0x5c ,0x8c ,0x0d ,0x76 ,0xc0 ,0x27 ,0xc2 ,0x1f ,0x15 ,0x32 +,0x72 ,0xdc ,0xff ,0xfc ,0xf1 ,0x56 ,0xbd ,0x82 ,0xe4 ,0xe4 ,0xc0 ,0xbd ,0x76 ,0xaa ,0x99 ,0x16 +,0x89 ,0x26 ,0x43 ,0x2c ,0xef ,0xa8 ,0xd4 ,0x2e ,0x01 ,0x77 ,0x13 ,0x32 ,0xbe ,0xdc ,0xea ,0xaf +,0xc0 ,0x18 ,0x4d ,0x90 ,0xb5 ,0x8d ,0x07 ,0xd7 ,0x86 ,0x21 ,0x71 ,0x3f ,0xf7 ,0x18 ,0xa9 ,0x41 +,0x3b ,0x97 ,0xf9 ,0x4f ,0xe8 ,0x3a ,0x91 ,0x8b ,0xe8 ,0xf1 ,0xae ,0x99 ,0x63 ,0x5d ,0xc1 ,0x63 +,0xc2 ,0x74 ,0xdf ,0xeb ,0x3e ,0x10 ,0xa5 ,0x34 ,0x24 ,0x95 ,0x1d ,0xba ,0xd2 ,0xa0 ,0xae ,0x78 +,0x94 ,0x0b ,0xfd ,0x75 ,0x4b ,0x55 ,0x4c ,0x1d ,0x75 ,0x91 ,0xc9 ,0xd0 ,0x1c ,0x48 ,0x01 ,0x84 +,0x35 ,0xbd ,0xcd ,0xbf ,0xbc ,0x5b ,0xd0 ,0x83 ,0xf4 ,0x0d ,0x19 ,0x4f ,0x9c ,0xa7 ,0xfe ,0x60 +,0x24 ,0x9b ,0x06 ,0x9d ,0x7e ,0xe5 ,0x3b ,0x69 ,0x7f ,0x6a ,0x09 ,0x73 ,0xb9 ,0x7d ,0x23 ,0x70 +,0x6e ,0x70 ,0x5e ,0x20 ,0x67 ,0xda ,0x65 ,0xfe ,0x27 ,0x07 ,0x27 ,0xee ,0x38 ,0x22 ,0xd1 ,0x12 +,0x94 ,0xf6 ,0x8c ,0x14 ,0x95 ,0xd7 ,0x8e ,0xc6 ,0x43 ,0x71 ,0xc1 ,0xcf ,0x96 ,0xcb ,0x7b ,0xa7 +,0x98 ,0x7b ,0x83 ,0x65 ,0x2c ,0xd9 ,0x9f ,0xb3 ,0xff ,0x05 ,0xa3 ,0x70 ,0xc0 ,0x52 ,0x8c ,0xf3 +,0x2c ,0x2e ,0x3d ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 ,0xab ,0x15 ,0x5c +,0x2b ,0xf0 ,0x72 ,0xf8 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0xdc ,0x03 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 +,0x82 ,0x03 ,0xc8 ,0x30 ,0x82 ,0x02 ,0xb0 ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 ,0x00 ,0xb0 +,0x40 ,0xaf ,0x25 ,0xfd ,0xbc ,0xd9 ,0xb1 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 +,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 +,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c +,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c +,0x54 ,0x43 ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b +,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 +,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f +,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x35 +,0x35 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x35 ,0x35 +,0x5a ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 +,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 +,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 +,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 +,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0c ,0x30 +,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 +,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e +,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 ,0x22 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 +,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xc1 ,0xeb ,0xb8 +,0xf7 ,0x3f ,0x53 ,0xb6 ,0xa1 ,0x8a ,0x3f ,0xca ,0x99 ,0x56 ,0xbc ,0x3b ,0xdf ,0xbf ,0x70 ,0x0a +,0x78 ,0x5b ,0x06 ,0xc1 ,0xeb ,0xbe ,0x4e ,0xd7 ,0xd9 ,0xe9 ,0x57 ,0x1f ,0xc4 ,0xf4 ,0xe5 ,0x78 +,0xb6 ,0x14 ,0xda ,0x87 ,0x43 ,0x31 ,0xad ,0x6d ,0x9f ,0xae ,0x6c ,0x44 ,0xe3 ,0x12 ,0xe4 ,0xf1 +,0xa4 ,0x81 ,0xf8 ,0x7d ,0x09 ,0x0e ,0xa6 ,0x6a ,0xe1 ,0xf7 ,0xcb ,0xe9 ,0x63 ,0xd6 ,0xd6 ,0x58 +,0x28 ,0x10 ,0xf2 ,0xb9 ,0xcf ,0xd7 ,0x85 ,0x95 ,0x0b ,0x24 ,0x51 ,0xe8 ,0x5a ,0x08 ,0x74 ,0xbc +,0x42 ,0x9b ,0xd6 ,0x84 ,0xcd ,0x5e ,0xe5 ,0x61 ,0x83 ,0x7c ,0x5f ,0x0e ,0x3a ,0x9d ,0x3d ,0x6d +,0x84 ,0xe2 ,0xc0 ,0x26 ,0x64 ,0x35 ,0x80 ,0x6c ,0xb1 ,0x37 ,0x72 ,0x38 ,0x00 ,0xa0 ,0x90 ,0x51 +,0xd3 ,0x64 ,0x01 ,0x62 ,0x70 ,0xf8 ,0xa4 ,0xe4 ,0xc8 ,0x87 ,0x4c ,0xe1 ,0x76 ,0xd7 ,0xe6 ,0xbf +,0xed ,0x08 ,0xba ,0xde ,0x42 ,0x90 ,0x00 ,0xb7 ,0x19 ,0x81 ,0x91 ,0xd0 ,0x18 ,0xcb ,0x03 ,0xe6 +,0xf5 ,0xf9 ,0x31 ,0x2b ,0x56 ,0xc3 ,0x21 ,0x39 ,0x4d ,0x9a ,0x63 ,0x0a ,0xb7 ,0x1c ,0xa9 ,0xdc +,0xce ,0xa9 ,0xc4 ,0xe0 ,0x0a ,0xa4 ,0x53 ,0x8f ,0x78 ,0xd1 ,0xc0 ,0x3f ,0xc2 ,0x8e ,0x8a ,0x37 +,0x52 ,0x42 ,0x60 ,0x97 ,0xb3 ,0x53 ,0xaa ,0xa4 ,0x4f ,0x98 ,0x7e ,0xa5 ,0x2a ,0xe1 ,0x52 ,0xfa +,0x9f ,0xc1 ,0x32 ,0xf7 ,0x15 ,0x12 ,0x62 ,0x6b ,0x5a ,0x4d ,0xfe ,0x22 ,0x8d ,0x88 ,0x87 ,0xfd +,0x83 ,0x2f ,0xaa ,0x1a ,0xb8 ,0xad ,0x3d ,0x4f ,0xdc ,0xe0 ,0x39 ,0x8b ,0x88 ,0xed ,0xc6 ,0xf5 +,0xee ,0x32 ,0xea ,0xd6 ,0x25 ,0xcf ,0x91 ,0x66 ,0x77 ,0x4c ,0xa1 ,0x0c ,0x6a ,0x7b ,0x6e ,0xb2 +,0x72 ,0xa8 ,0xf4 ,0xc7 ,0xeb ,0xa4 ,0x91 ,0xda ,0x5d ,0x14 ,0xf9 ,0x9e ,0xe9 ,0x02 ,0x03 ,0x01 +,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 +,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 ,0x18 ,0x91 ,0x75 ,0xd6 ,0xad ,0xb1 +,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 +,0x80 ,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 ,0x18 ,0x91 ,0x75 ,0xd6 ,0xad +,0xb1 ,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff +,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x7a ,0xc8 ,0xc9 ,0x0e ,0x45 +,0x1c ,0xa6 ,0xce ,0xd5 ,0xdb ,0x9c ,0x5d ,0x95 ,0x8b ,0x8b ,0xbc ,0x90 ,0xca ,0x98 ,0xd1 ,0xe9 +,0x4b ,0xfb ,0xf3 ,0xef ,0x48 ,0xb0 ,0x9e ,0x0d ,0x95 ,0x0f ,0x3a ,0xa0 ,0xb6 ,0x93 ,0x9f ,0xc6 +,0xf7 ,0xca ,0xca ,0xf1 ,0x04 ,0x90 ,0x4d ,0x6b ,0x57 ,0xc1 ,0xe5 ,0x85 ,0xfd ,0x87 ,0x09 ,0xe5 +,0xaf ,0x98 ,0x89 ,0x32 ,0x27 ,0x35 ,0x85 ,0xcf ,0xe1 ,0x1f ,0xaf ,0xc0 ,0x8c ,0x3f ,0x2a ,0xba +,0xa4 ,0xfc ,0xaa ,0x40 ,0x02 ,0x7c ,0x57 ,0xd9 ,0x73 ,0xc6 ,0xc0 ,0x59 ,0xcb ,0x47 ,0x71 ,0x07 +,0x1a ,0xfe ,0x46 ,0xb1 ,0x81 ,0x14 ,0x6b ,0xa5 ,0xeb ,0xe7 ,0x9c ,0x2b ,0x87 ,0xee ,0x72 ,0x96 +,0xe0 ,0xb0 ,0x11 ,0x86 ,0x33 ,0x95 ,0xdf ,0x6e ,0x9c ,0x3f ,0x0f ,0xc1 ,0x46 ,0x8c ,0x53 ,0x12 +,0xf1 ,0xd9 ,0xa8 ,0xee ,0x04 ,0xc5 ,0x71 ,0x52 ,0x22 ,0x13 ,0x0f ,0x91 ,0x0c ,0x73 ,0xca ,0x34 +,0xb1 ,0x36 ,0x5f ,0x8c ,0x2e ,0x0f ,0x3a ,0x04 ,0x42 ,0xfe ,0x45 ,0x82 ,0x29 ,0x56 ,0x5e ,0xe5 +,0x4c ,0xeb ,0x4b ,0xa6 ,0xe5 ,0xe0 ,0x1d ,0x74 ,0xc0 ,0x5a ,0x2f ,0x42 ,0xa5 ,0xf2 ,0x65 ,0xd5 +,0x4d ,0x3b ,0x22 ,0xd2 ,0x96 ,0x42 ,0xcf ,0xbd ,0xd7 ,0x8b ,0x37 ,0x7a ,0xb6 ,0xd9 ,0xd4 ,0xd7 +,0x45 ,0x47 ,0x3b ,0x3c ,0xb3 ,0xd9 ,0x29 ,0x69 ,0x91 ,0x7d ,0x4c ,0x06 ,0xad ,0x6c ,0xea ,0x62 +,0xf1 ,0xf7 ,0xec ,0x67 ,0xae ,0xd5 ,0x43 ,0xd0 ,0xab ,0xb8 ,0xbf ,0xa4 ,0x28 ,0xd4 ,0x75 ,0xd2 +,0x3f ,0x53 ,0x5d ,0xa8 ,0x09 ,0x46 ,0x89 ,0x7f ,0x84 ,0x36 ,0xad ,0x78 ,0x41 ,0x03 ,0xf4 ,0xc4 +,0x43 ,0x43 ,0xdc ,0x52 ,0xc6 ,0xff ,0xab ,0xd6 ,0x8c ,0x7f ,0xc0 ,0xab ,0x67 ,0x5b ,0x0b ,0xa9 +,0x6a ,0xd2 ,0x85 ,0x71 ,0x9f ,0xc2 ,0xf1 ,0x96 ,0xd2 ,0x41 ,0xb0 }; + +unsigned int KEK_auth_len = 2523; diff --git a/libstb/secvar/test/data/OldTSKEK.h b/libstb/secvar/test/data/OldTSKEK.h new file mode 100644 index 00000000..4a88b4a5 --- /dev/null +++ b/libstb/secvar/test/data/OldTSKEK.h @@ -0,0 +1,161 @@ +unsigned char OldTS_KEK_auth[] = { +0xe4 ,0x07 ,0x09 ,0x0e ,0x0d ,0x08 ,0x27 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd3 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xb7 ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xa8 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 +,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 +,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 +,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 +,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 +,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 +,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 +,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f +,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e +,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 +,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 +,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 +,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 +,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d +,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea +,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 +,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 +,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 +,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 +,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 +,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb +,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 +,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 +,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e +,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d +,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 +,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f +,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e +,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe +,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 +,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 +,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba +,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 +,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 +,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c +,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba +,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 +,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 +,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 +,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 +,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc +,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc +,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 +,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab +,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 +,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a +,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b +,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 +,0x01 ,0xb1 ,0x30 ,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 +,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 +,0x82 ,0x01 ,0x00 ,0x3a ,0xd5 ,0x45 ,0xb4 ,0xd4 ,0xd6 ,0x64 ,0xf1 ,0xeb ,0x28 ,0xdf ,0x45 ,0xda +,0xc2 ,0xf9 ,0xb9 ,0x5f ,0x80 ,0x3f ,0x9b ,0x3b ,0xee ,0x96 ,0x92 ,0x53 ,0x3f ,0x05 ,0x5d ,0xed +,0xa8 ,0x36 ,0x6c ,0x6b ,0x3f ,0xe8 ,0x42 ,0xa8 ,0x21 ,0x41 ,0x76 ,0x6a ,0xd7 ,0xd7 ,0xfa ,0x6c +,0x95 ,0x13 ,0xbe ,0x7e ,0x55 ,0x6b ,0xe4 ,0x2d ,0x49 ,0xd0 ,0xf2 ,0x94 ,0xae ,0x38 ,0x83 ,0xb2 +,0x3b ,0x66 ,0x55 ,0x13 ,0x66 ,0x52 ,0x18 ,0xf5 ,0x3f ,0x22 ,0xbe ,0xfe ,0x3d ,0xd9 ,0x7b ,0x9e +,0x89 ,0x26 ,0x55 ,0x33 ,0x00 ,0xe4 ,0x63 ,0x6c ,0x5d ,0x83 ,0xf3 ,0x5d ,0x7e ,0xcb ,0x14 ,0x84 +,0x03 ,0x7c ,0xad ,0xbe ,0x21 ,0x85 ,0x27 ,0x12 ,0xc1 ,0xf9 ,0xcb ,0x7c ,0xb7 ,0x40 ,0xa4 ,0x5e +,0x06 ,0x0f ,0x1d ,0xe8 ,0xe0 ,0xdb ,0xa3 ,0xa6 ,0xf4 ,0xde ,0xbd ,0xd7 ,0x7d ,0x79 ,0x4b ,0x7f +,0xf1 ,0x66 ,0x28 ,0x93 ,0xc8 ,0x4b ,0x2d ,0x04 ,0x4c ,0x1b ,0xb5 ,0x2d ,0xeb ,0xf8 ,0xa7 ,0xcb +,0x7d ,0xdf ,0x2f ,0x53 ,0xf7 ,0xc0 ,0x1b ,0xab ,0x1b ,0xc6 ,0xc9 ,0xd0 ,0xd9 ,0x02 ,0x91 ,0x84 +,0xb5 ,0xdf ,0x49 ,0x96 ,0x08 ,0x7d ,0x1f ,0xee ,0xbb ,0x8b ,0xf3 ,0x4b ,0x3d ,0x38 ,0x77 ,0xf7 +,0x95 ,0xbd ,0x1a ,0x6f ,0x4d ,0x5d ,0xfb ,0xbd ,0x1d ,0x99 ,0x4c ,0x61 ,0x6a ,0x55 ,0xb4 ,0x37 +,0xd9 ,0xcc ,0xfd ,0x43 ,0x3b ,0x04 ,0xfe ,0x08 ,0xae ,0x61 ,0x03 ,0x3b ,0xbf ,0x8e ,0x5b ,0x24 +,0x67 ,0x2c ,0x7c ,0x50 ,0xf6 ,0x34 ,0x77 ,0xee ,0x1a ,0x4f ,0x30 ,0xdb ,0x3d ,0x7b ,0x2f ,0xe5 +,0x56 ,0xc2 ,0x9e ,0xca ,0x6f ,0xa2 ,0xe4 ,0xf0 ,0x2f ,0x24 ,0xd9 ,0x4d ,0xea ,0xb5 ,0xa9 ,0x1c +,0x5e ,0x67 ,0xfc ,0x55 ,0xf5 ,0x91 ,0xc3 ,0x03 ,0xcc ,0x74 ,0x55 ,0x4f ,0x93 ,0x30 ,0x1e ,0x20 +,0xcf ,0xf9 ,0x1f ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 ,0xab ,0x15 ,0x5c +,0x2b ,0xf0 ,0x72 ,0xf8 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0xdc ,0x03 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 +,0x82 ,0x03 ,0xc8 ,0x30 ,0x82 ,0x02 ,0xb0 ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 ,0x00 ,0xb0 +,0x40 ,0xaf ,0x25 ,0xfd ,0xbc ,0xd9 ,0xb1 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 +,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 +,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c +,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c +,0x54 ,0x43 ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b +,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 +,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f +,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x35 +,0x35 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x35 ,0x35 +,0x5a ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 +,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 +,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 +,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 +,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0c ,0x30 +,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 +,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e +,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 ,0x22 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 +,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xc1 ,0xeb ,0xb8 +,0xf7 ,0x3f ,0x53 ,0xb6 ,0xa1 ,0x8a ,0x3f ,0xca ,0x99 ,0x56 ,0xbc ,0x3b ,0xdf ,0xbf ,0x70 ,0x0a +,0x78 ,0x5b ,0x06 ,0xc1 ,0xeb ,0xbe ,0x4e ,0xd7 ,0xd9 ,0xe9 ,0x57 ,0x1f ,0xc4 ,0xf4 ,0xe5 ,0x78 +,0xb6 ,0x14 ,0xda ,0x87 ,0x43 ,0x31 ,0xad ,0x6d ,0x9f ,0xae ,0x6c ,0x44 ,0xe3 ,0x12 ,0xe4 ,0xf1 +,0xa4 ,0x81 ,0xf8 ,0x7d ,0x09 ,0x0e ,0xa6 ,0x6a ,0xe1 ,0xf7 ,0xcb ,0xe9 ,0x63 ,0xd6 ,0xd6 ,0x58 +,0x28 ,0x10 ,0xf2 ,0xb9 ,0xcf ,0xd7 ,0x85 ,0x95 ,0x0b ,0x24 ,0x51 ,0xe8 ,0x5a ,0x08 ,0x74 ,0xbc +,0x42 ,0x9b ,0xd6 ,0x84 ,0xcd ,0x5e ,0xe5 ,0x61 ,0x83 ,0x7c ,0x5f ,0x0e ,0x3a ,0x9d ,0x3d ,0x6d +,0x84 ,0xe2 ,0xc0 ,0x26 ,0x64 ,0x35 ,0x80 ,0x6c ,0xb1 ,0x37 ,0x72 ,0x38 ,0x00 ,0xa0 ,0x90 ,0x51 +,0xd3 ,0x64 ,0x01 ,0x62 ,0x70 ,0xf8 ,0xa4 ,0xe4 ,0xc8 ,0x87 ,0x4c ,0xe1 ,0x76 ,0xd7 ,0xe6 ,0xbf +,0xed ,0x08 ,0xba ,0xde ,0x42 ,0x90 ,0x00 ,0xb7 ,0x19 ,0x81 ,0x91 ,0xd0 ,0x18 ,0xcb ,0x03 ,0xe6 +,0xf5 ,0xf9 ,0x31 ,0x2b ,0x56 ,0xc3 ,0x21 ,0x39 ,0x4d ,0x9a ,0x63 ,0x0a ,0xb7 ,0x1c ,0xa9 ,0xdc +,0xce ,0xa9 ,0xc4 ,0xe0 ,0x0a ,0xa4 ,0x53 ,0x8f ,0x78 ,0xd1 ,0xc0 ,0x3f ,0xc2 ,0x8e ,0x8a ,0x37 +,0x52 ,0x42 ,0x60 ,0x97 ,0xb3 ,0x53 ,0xaa ,0xa4 ,0x4f ,0x98 ,0x7e ,0xa5 ,0x2a ,0xe1 ,0x52 ,0xfa +,0x9f ,0xc1 ,0x32 ,0xf7 ,0x15 ,0x12 ,0x62 ,0x6b ,0x5a ,0x4d ,0xfe ,0x22 ,0x8d ,0x88 ,0x87 ,0xfd +,0x83 ,0x2f ,0xaa ,0x1a ,0xb8 ,0xad ,0x3d ,0x4f ,0xdc ,0xe0 ,0x39 ,0x8b ,0x88 ,0xed ,0xc6 ,0xf5 +,0xee ,0x32 ,0xea ,0xd6 ,0x25 ,0xcf ,0x91 ,0x66 ,0x77 ,0x4c ,0xa1 ,0x0c ,0x6a ,0x7b ,0x6e ,0xb2 +,0x72 ,0xa8 ,0xf4 ,0xc7 ,0xeb ,0xa4 ,0x91 ,0xda ,0x5d ,0x14 ,0xf9 ,0x9e ,0xe9 ,0x02 ,0x03 ,0x01 +,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 +,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 ,0x18 ,0x91 ,0x75 ,0xd6 ,0xad ,0xb1 +,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 +,0x80 ,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 ,0x18 ,0x91 ,0x75 ,0xd6 ,0xad +,0xb1 ,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff +,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x7a ,0xc8 ,0xc9 ,0x0e ,0x45 +,0x1c ,0xa6 ,0xce ,0xd5 ,0xdb ,0x9c ,0x5d ,0x95 ,0x8b ,0x8b ,0xbc ,0x90 ,0xca ,0x98 ,0xd1 ,0xe9 +,0x4b ,0xfb ,0xf3 ,0xef ,0x48 ,0xb0 ,0x9e ,0x0d ,0x95 ,0x0f ,0x3a ,0xa0 ,0xb6 ,0x93 ,0x9f ,0xc6 +,0xf7 ,0xca ,0xca ,0xf1 ,0x04 ,0x90 ,0x4d ,0x6b ,0x57 ,0xc1 ,0xe5 ,0x85 ,0xfd ,0x87 ,0x09 ,0xe5 +,0xaf ,0x98 ,0x89 ,0x32 ,0x27 ,0x35 ,0x85 ,0xcf ,0xe1 ,0x1f ,0xaf ,0xc0 ,0x8c ,0x3f ,0x2a ,0xba +,0xa4 ,0xfc ,0xaa ,0x40 ,0x02 ,0x7c ,0x57 ,0xd9 ,0x73 ,0xc6 ,0xc0 ,0x59 ,0xcb ,0x47 ,0x71 ,0x07 +,0x1a ,0xfe ,0x46 ,0xb1 ,0x81 ,0x14 ,0x6b ,0xa5 ,0xeb ,0xe7 ,0x9c ,0x2b ,0x87 ,0xee ,0x72 ,0x96 +,0xe0 ,0xb0 ,0x11 ,0x86 ,0x33 ,0x95 ,0xdf ,0x6e ,0x9c ,0x3f ,0x0f ,0xc1 ,0x46 ,0x8c ,0x53 ,0x12 +,0xf1 ,0xd9 ,0xa8 ,0xee ,0x04 ,0xc5 ,0x71 ,0x52 ,0x22 ,0x13 ,0x0f ,0x91 ,0x0c ,0x73 ,0xca ,0x34 +,0xb1 ,0x36 ,0x5f ,0x8c ,0x2e ,0x0f ,0x3a ,0x04 ,0x42 ,0xfe ,0x45 ,0x82 ,0x29 ,0x56 ,0x5e ,0xe5 +,0x4c ,0xeb ,0x4b ,0xa6 ,0xe5 ,0xe0 ,0x1d ,0x74 ,0xc0 ,0x5a ,0x2f ,0x42 ,0xa5 ,0xf2 ,0x65 ,0xd5 +,0x4d ,0x3b ,0x22 ,0xd2 ,0x96 ,0x42 ,0xcf ,0xbd ,0xd7 ,0x8b ,0x37 ,0x7a ,0xb6 ,0xd9 ,0xd4 ,0xd7 +,0x45 ,0x47 ,0x3b ,0x3c ,0xb3 ,0xd9 ,0x29 ,0x69 ,0x91 ,0x7d ,0x4c ,0x06 ,0xad ,0x6c ,0xea ,0x62 +,0xf1 ,0xf7 ,0xec ,0x67 ,0xae ,0xd5 ,0x43 ,0xd0 ,0xab ,0xb8 ,0xbf ,0xa4 ,0x28 ,0xd4 ,0x75 ,0xd2 +,0x3f ,0x53 ,0x5d ,0xa8 ,0x09 ,0x46 ,0x89 ,0x7f ,0x84 ,0x36 ,0xad ,0x78 ,0x41 ,0x03 ,0xf4 ,0xc4 +,0x43 ,0x43 ,0xdc ,0x52 ,0xc6 ,0xff ,0xab ,0xd6 ,0x8c ,0x7f ,0xc0 ,0xab ,0x67 ,0x5b ,0x0b ,0xa9 +,0x6a ,0xd2 ,0x85 ,0x71 ,0x9f ,0xc2 ,0xf1 ,0x96 ,0xd2 ,0x41 ,0xb0 }; + +unsigned int OldTS_KEK_auth_len = 2523; diff --git a/libstb/secvar/test/data/PK.h b/libstb/secvar/test/data/PK.h new file mode 100644 index 00000000..61eac0d7 --- /dev/null +++ b/libstb/secvar/test/data/PK.h @@ -0,0 +1,161 @@ +unsigned char PK_auth[] = { +0xe4 ,0x07 ,0x09 ,0x0e ,0x0d ,0x08 ,0x37 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd3 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xb7 ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xa8 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 +,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 +,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 +,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 +,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 +,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 +,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 +,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f +,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e +,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 +,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 +,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 +,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 +,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d +,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea +,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 +,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 +,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 +,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 +,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 +,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb +,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 +,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 +,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e +,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d +,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 +,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f +,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e +,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe +,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 +,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 +,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba +,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 +,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 +,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c +,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba +,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 +,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 +,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 +,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 +,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc +,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc +,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 +,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab +,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 +,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a +,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b +,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 +,0x01 ,0xb1 ,0x30 ,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 +,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 +,0x82 ,0x01 ,0x00 ,0x8d ,0x27 ,0x9f ,0x42 ,0x8b ,0xf4 ,0xb5 ,0x38 ,0x89 ,0x11 ,0xce ,0x26 ,0xf9 +,0x3c ,0x8b ,0x05 ,0xff ,0x9d ,0xfd ,0x60 ,0x94 ,0x58 ,0x4b ,0xfb ,0x67 ,0xd0 ,0x0f ,0x9f ,0x8e +,0xb8 ,0xb6 ,0x9f ,0xb5 ,0xb0 ,0x06 ,0x5e ,0x3b ,0x14 ,0xdf ,0x3a ,0x3d ,0x41 ,0x40 ,0x97 ,0x6a +,0x93 ,0xd4 ,0x10 ,0xd0 ,0xc8 ,0x2c ,0x11 ,0x19 ,0x66 ,0x83 ,0x29 ,0x85 ,0xc4 ,0x8b ,0x1f ,0xf6 +,0x37 ,0x98 ,0x75 ,0xce ,0x6f ,0xa4 ,0x04 ,0x9b ,0x8e ,0xf6 ,0x71 ,0xa0 ,0x88 ,0xcf ,0xc6 ,0x68 +,0xce ,0xa6 ,0x9a ,0x9c ,0xb3 ,0xe1 ,0x83 ,0xd7 ,0x65 ,0x90 ,0xe0 ,0x80 ,0xd4 ,0x13 ,0xa4 ,0xa6 +,0xdf ,0x0e ,0x3b ,0xca ,0x1e ,0xdf ,0xdc ,0x13 ,0xd6 ,0x7a ,0x64 ,0x0c ,0x60 ,0xa4 ,0x66 ,0x5b +,0x1a ,0x12 ,0x03 ,0x4b ,0xd6 ,0x59 ,0xde ,0x41 ,0xea ,0x08 ,0xae ,0xde ,0xa0 ,0xf2 ,0x53 ,0x15 +,0xa2 ,0xb7 ,0xcc ,0x0d ,0x80 ,0xaa ,0x19 ,0x3a ,0xab ,0xb8 ,0x5a ,0xea ,0x38 ,0x92 ,0xd5 ,0xb6 +,0xfb ,0xb4 ,0xfa ,0x66 ,0xb2 ,0x05 ,0x2b ,0x4d ,0xcd ,0xb3 ,0xbf ,0x38 ,0x8d ,0x7c ,0x7e ,0x39 +,0x26 ,0x6b ,0x5a ,0x1e ,0x0e ,0x6e ,0x91 ,0xdc ,0x72 ,0x51 ,0x53 ,0x89 ,0x7a ,0xe1 ,0xe8 ,0x09 +,0xab ,0x61 ,0xf4 ,0xc2 ,0x2f ,0x08 ,0x39 ,0x88 ,0xd8 ,0x1a ,0xfd ,0x0d ,0x98 ,0x0b ,0x21 ,0xc3 +,0x1a ,0x6b ,0x60 ,0x00 ,0x0c ,0x53 ,0x15 ,0x8d ,0x0b ,0x56 ,0xf5 ,0x5e ,0x4b ,0x1f ,0x11 ,0xe7 +,0x89 ,0x2c ,0x06 ,0x48 ,0x58 ,0x8e ,0x7c ,0xe5 ,0x7f ,0x6f ,0x3b ,0xdf ,0x5e ,0x42 ,0xd9 ,0x74 +,0x0b ,0xb0 ,0xf9 ,0xbf ,0x7e ,0x42 ,0x74 ,0x9e ,0x75 ,0x0d ,0x70 ,0xa5 ,0xe5 ,0x82 ,0x79 ,0xd8 +,0xb9 ,0xb7 ,0x05 ,0x82 ,0xfe ,0x25 ,0x5f ,0x28 ,0x85 ,0x9e ,0x04 ,0x4f ,0x58 ,0xab ,0x81 ,0x24 +,0x1d ,0xbf ,0xc8 ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 ,0xab ,0x15 ,0x5c +,0x2b ,0xf0 ,0x72 ,0xf6 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0xda ,0x03 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 +,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 ,0x00 ,0xda +,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 +,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 +,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c +,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c +,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 +,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 +,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d +,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x32 ,0x30 +,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a +,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 +,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 +,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e +,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c +,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 +,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a +,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 +,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 ,0x22 ,0x30 ,0x0d +,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 +,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 +,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 ,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 +,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 ,0x9d ,0xac ,0xa1 ,0x6a ,0x52 +,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d ,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd +,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea ,0x69 ,0xbc ,0x24 ,0x2c ,0x1b +,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 ,0x69 ,0x5e ,0x30 ,0xbe ,0x6f +,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 ,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e +,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 ,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 +,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 ,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 +,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 ,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 +,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb ,0xa4 ,0xaf ,0x75 ,0xec ,0x7c +,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 ,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 +,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 ,0x68 ,0x8a ,0x83 ,0xbc ,0x62 +,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e ,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d +,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d ,0x9b ,0x9e ,0x6f ,0x7f ,0x0b +,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 ,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 +,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f ,0x02 ,0x03 ,0x01 ,0x00 ,0x01 +,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 ,0x14 ,0x89 +,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb +,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80 ,0x14 +,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe ,0x7e ,0xee ,0x66 ,0x79 +,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff ,0x04 ,0x05 +,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 +,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba ,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 +,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 ,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 +,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 ,0xd5 ,0x45 ,0xde ,0x89 ,0x99 +,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c ,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 +,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba ,0xeb ,0x6d ,0x53 ,0xde ,0xb2 +,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 ,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 +,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 ,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 +,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 ,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 +,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 ,0xc0 ,0x6f ,0x51 ,0xab ,0x46 +,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc ,0xbe ,0x9d ,0x54 ,0x17 ,0x54 +,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc ,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 +,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 ,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 +,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab ,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 +,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 ,0x5b ,0x61 ,0x5f ,0x63 ,0x16 +,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a ,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 +,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b ,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 +,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf }; + +unsigned int PK_auth_len = 2521; diff --git a/libstb/secvar/test/data/db.h b/libstb/secvar/test/data/db.h new file mode 100644 index 00000000..0c2c1c6b --- /dev/null +++ b/libstb/secvar/test/data/db.h @@ -0,0 +1,161 @@ +unsigned char DB_auth[] = { +0xe4 ,0x07 ,0x09 ,0x0e ,0x0d ,0x0d ,0x0d ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd6 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xba ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xab ,0x30 ,0x82 ,0x05 ,0xa7 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xcc ,0x30 ,0x82 ,0x03 ,0xc8 ,0x30 ,0x82 ,0x02 ,0xb0 ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xb0 ,0x40 ,0xaf ,0x25 ,0xfd ,0xbc ,0xd9 ,0xb1 ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 +,0x31 ,0x35 ,0x35 ,0x30 ,0x35 ,0x35 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x35 ,0x35 ,0x5a ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 +,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 +,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c +,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c +,0x54 ,0x43 ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b +,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 +,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f +,0x6d ,0x30 ,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 +,0x01 ,0x01 ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 +,0x01 ,0x00 ,0xc1 ,0xeb ,0xb8 ,0xf7 ,0x3f ,0x53 ,0xb6 ,0xa1 ,0x8a ,0x3f ,0xca ,0x99 ,0x56 ,0xbc +,0x3b ,0xdf ,0xbf ,0x70 ,0x0a ,0x78 ,0x5b ,0x06 ,0xc1 ,0xeb ,0xbe ,0x4e ,0xd7 ,0xd9 ,0xe9 ,0x57 +,0x1f ,0xc4 ,0xf4 ,0xe5 ,0x78 ,0xb6 ,0x14 ,0xda ,0x87 ,0x43 ,0x31 ,0xad ,0x6d ,0x9f ,0xae ,0x6c +,0x44 ,0xe3 ,0x12 ,0xe4 ,0xf1 ,0xa4 ,0x81 ,0xf8 ,0x7d ,0x09 ,0x0e ,0xa6 ,0x6a ,0xe1 ,0xf7 ,0xcb +,0xe9 ,0x63 ,0xd6 ,0xd6 ,0x58 ,0x28 ,0x10 ,0xf2 ,0xb9 ,0xcf ,0xd7 ,0x85 ,0x95 ,0x0b ,0x24 ,0x51 +,0xe8 ,0x5a ,0x08 ,0x74 ,0xbc ,0x42 ,0x9b ,0xd6 ,0x84 ,0xcd ,0x5e ,0xe5 ,0x61 ,0x83 ,0x7c ,0x5f +,0x0e ,0x3a ,0x9d ,0x3d ,0x6d ,0x84 ,0xe2 ,0xc0 ,0x26 ,0x64 ,0x35 ,0x80 ,0x6c ,0xb1 ,0x37 ,0x72 +,0x38 ,0x00 ,0xa0 ,0x90 ,0x51 ,0xd3 ,0x64 ,0x01 ,0x62 ,0x70 ,0xf8 ,0xa4 ,0xe4 ,0xc8 ,0x87 ,0x4c +,0xe1 ,0x76 ,0xd7 ,0xe6 ,0xbf ,0xed ,0x08 ,0xba ,0xde ,0x42 ,0x90 ,0x00 ,0xb7 ,0x19 ,0x81 ,0x91 +,0xd0 ,0x18 ,0xcb ,0x03 ,0xe6 ,0xf5 ,0xf9 ,0x31 ,0x2b ,0x56 ,0xc3 ,0x21 ,0x39 ,0x4d ,0x9a ,0x63 +,0x0a ,0xb7 ,0x1c ,0xa9 ,0xdc ,0xce ,0xa9 ,0xc4 ,0xe0 ,0x0a ,0xa4 ,0x53 ,0x8f ,0x78 ,0xd1 ,0xc0 +,0x3f ,0xc2 ,0x8e ,0x8a ,0x37 ,0x52 ,0x42 ,0x60 ,0x97 ,0xb3 ,0x53 ,0xaa ,0xa4 ,0x4f ,0x98 ,0x7e +,0xa5 ,0x2a ,0xe1 ,0x52 ,0xfa ,0x9f ,0xc1 ,0x32 ,0xf7 ,0x15 ,0x12 ,0x62 ,0x6b ,0x5a ,0x4d ,0xfe +,0x22 ,0x8d ,0x88 ,0x87 ,0xfd ,0x83 ,0x2f ,0xaa ,0x1a ,0xb8 ,0xad ,0x3d ,0x4f ,0xdc ,0xe0 ,0x39 +,0x8b ,0x88 ,0xed ,0xc6 ,0xf5 ,0xee ,0x32 ,0xea ,0xd6 ,0x25 ,0xcf ,0x91 ,0x66 ,0x77 ,0x4c ,0xa1 +,0x0c ,0x6a ,0x7b ,0x6e ,0xb2 ,0x72 ,0xa8 ,0xf4 ,0xc7 ,0xeb ,0xa4 ,0x91 ,0xda ,0x5d ,0x14 ,0xf9 +,0x9e ,0xe9 ,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 +,0x1d ,0x0e ,0x04 ,0x16 ,0x04 ,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 ,0x18 +,0x91 ,0x75 ,0xd6 ,0xad ,0xb1 ,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d +,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 +,0x18 ,0x91 ,0x75 ,0xd6 ,0xad ,0xb1 ,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 +,0x1d ,0x13 ,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 +,0x7a ,0xc8 ,0xc9 ,0x0e ,0x45 ,0x1c ,0xa6 ,0xce ,0xd5 ,0xdb ,0x9c ,0x5d ,0x95 ,0x8b ,0x8b ,0xbc +,0x90 ,0xca ,0x98 ,0xd1 ,0xe9 ,0x4b ,0xfb ,0xf3 ,0xef ,0x48 ,0xb0 ,0x9e ,0x0d ,0x95 ,0x0f ,0x3a +,0xa0 ,0xb6 ,0x93 ,0x9f ,0xc6 ,0xf7 ,0xca ,0xca ,0xf1 ,0x04 ,0x90 ,0x4d ,0x6b ,0x57 ,0xc1 ,0xe5 +,0x85 ,0xfd ,0x87 ,0x09 ,0xe5 ,0xaf ,0x98 ,0x89 ,0x32 ,0x27 ,0x35 ,0x85 ,0xcf ,0xe1 ,0x1f ,0xaf +,0xc0 ,0x8c ,0x3f ,0x2a ,0xba ,0xa4 ,0xfc ,0xaa ,0x40 ,0x02 ,0x7c ,0x57 ,0xd9 ,0x73 ,0xc6 ,0xc0 +,0x59 ,0xcb ,0x47 ,0x71 ,0x07 ,0x1a ,0xfe ,0x46 ,0xb1 ,0x81 ,0x14 ,0x6b ,0xa5 ,0xeb ,0xe7 ,0x9c +,0x2b ,0x87 ,0xee ,0x72 ,0x96 ,0xe0 ,0xb0 ,0x11 ,0x86 ,0x33 ,0x95 ,0xdf ,0x6e ,0x9c ,0x3f ,0x0f +,0xc1 ,0x46 ,0x8c ,0x53 ,0x12 ,0xf1 ,0xd9 ,0xa8 ,0xee ,0x04 ,0xc5 ,0x71 ,0x52 ,0x22 ,0x13 ,0x0f +,0x91 ,0x0c ,0x73 ,0xca ,0x34 ,0xb1 ,0x36 ,0x5f ,0x8c ,0x2e ,0x0f ,0x3a ,0x04 ,0x42 ,0xfe ,0x45 +,0x82 ,0x29 ,0x56 ,0x5e ,0xe5 ,0x4c ,0xeb ,0x4b ,0xa6 ,0xe5 ,0xe0 ,0x1d ,0x74 ,0xc0 ,0x5a ,0x2f +,0x42 ,0xa5 ,0xf2 ,0x65 ,0xd5 ,0x4d ,0x3b ,0x22 ,0xd2 ,0x96 ,0x42 ,0xcf ,0xbd ,0xd7 ,0x8b ,0x37 +,0x7a ,0xb6 ,0xd9 ,0xd4 ,0xd7 ,0x45 ,0x47 ,0x3b ,0x3c ,0xb3 ,0xd9 ,0x29 ,0x69 ,0x91 ,0x7d ,0x4c +,0x06 ,0xad ,0x6c ,0xea ,0x62 ,0xf1 ,0xf7 ,0xec ,0x67 ,0xae ,0xd5 ,0x43 ,0xd0 ,0xab ,0xb8 ,0xbf +,0xa4 ,0x28 ,0xd4 ,0x75 ,0xd2 ,0x3f ,0x53 ,0x5d ,0xa8 ,0x09 ,0x46 ,0x89 ,0x7f ,0x84 ,0x36 ,0xad +,0x78 ,0x41 ,0x03 ,0xf4 ,0xc4 ,0x43 ,0x43 ,0xdc ,0x52 ,0xc6 ,0xff ,0xab ,0xd6 ,0x8c ,0x7f ,0xc0 +,0xab ,0x67 ,0x5b ,0x0b ,0xa9 ,0x6a ,0xd2 ,0x85 ,0x71 ,0x9f ,0xc2 ,0xf1 ,0x96 ,0xd2 ,0x41 ,0xb0 +,0x31 ,0x82 ,0x01 ,0xb2 ,0x30 ,0x82 ,0x01 ,0xae ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x86 ,0x30 ,0x79 +,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 +,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 +,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c +,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 +,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xb0 ,0x40 ,0xaf ,0x25 +,0xfd ,0xbc ,0xd9 ,0xb1 ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x04 ,0x82 ,0x01 ,0x00 ,0xb2 ,0xcf ,0xbf ,0xba ,0xba ,0xaf ,0xde ,0x99 ,0xaf ,0x7f +,0x65 ,0x06 ,0x32 ,0x78 ,0x12 ,0xcb ,0xd5 ,0xe1 ,0x94 ,0xa7 ,0x9c ,0x4e ,0x9f ,0x02 ,0x4f ,0x16 +,0x36 ,0x6f ,0x56 ,0xc2 ,0xbd ,0x50 ,0x32 ,0x2f ,0x5b ,0x98 ,0x14 ,0x34 ,0xff ,0x91 ,0x9d ,0xdc +,0xcf ,0x93 ,0x9a ,0x53 ,0x63 ,0x5b ,0x2f ,0x63 ,0xa6 ,0x63 ,0xfe ,0xdc ,0x6d ,0x88 ,0x09 ,0x0c +,0x58 ,0xaa ,0x3a ,0x44 ,0x26 ,0x6b ,0x7e ,0xb0 ,0xb0 ,0x3e ,0x06 ,0x77 ,0xbc ,0x00 ,0xcf ,0x49 +,0x7f ,0x95 ,0xb4 ,0xba ,0x02 ,0x5f ,0x32 ,0xb2 ,0xba ,0xfc ,0x28 ,0x8d ,0x73 ,0xf7 ,0x59 ,0x23 +,0x01 ,0x70 ,0xdb ,0x93 ,0x8c ,0x54 ,0x05 ,0x34 ,0x06 ,0x0b ,0x8a ,0xb7 ,0xe0 ,0xa0 ,0xbc ,0x3e +,0xfd ,0xa4 ,0xc4 ,0x75 ,0x76 ,0x0f ,0xd1 ,0x81 ,0x6d ,0xb0 ,0x5b ,0x8f ,0xb7 ,0x71 ,0x7c ,0xd8 +,0x15 ,0xec ,0x0c ,0x6e ,0x38 ,0x04 ,0x5e ,0x84 ,0x3e ,0x1a ,0xb9 ,0xa0 ,0x69 ,0x55 ,0xb3 ,0xbe +,0x81 ,0x51 ,0xaa ,0x67 ,0x28 ,0x15 ,0x12 ,0xb9 ,0x1d ,0x51 ,0x06 ,0xe0 ,0x8a ,0x9c ,0x9a ,0x61 +,0x3a ,0x08 ,0x3a ,0x77 ,0x2c ,0x09 ,0x5b ,0xcc ,0xf3 ,0x0c ,0x78 ,0x64 ,0x35 ,0x4d ,0x8d ,0x8d +,0x46 ,0xf7 ,0x8e ,0x32 ,0x82 ,0x93 ,0xcd ,0xff ,0x22 ,0x30 ,0x0a ,0x63 ,0xbe ,0x32 ,0xc6 ,0x25 +,0x2e ,0xb8 ,0x18 ,0x80 ,0x0c ,0xf2 ,0x1c ,0xaa ,0x60 ,0x05 ,0x15 ,0xfe ,0x2f ,0x87 ,0x48 ,0xa2 +,0xfb ,0xe2 ,0xd2 ,0x53 ,0x4e ,0xf9 ,0x4e ,0x5e ,0xa7 ,0x11 ,0x11 ,0xe5 ,0x2c ,0xae ,0xaa ,0xb8 +,0xfc ,0x66 ,0x5c ,0x5d ,0x2d ,0xab ,0x56 ,0xa0 ,0xd8 ,0xf1 ,0x36 ,0x39 ,0xa8 ,0xb4 ,0x93 ,0xb6 +,0x38 ,0xe2 ,0x36 ,0x97 ,0xad ,0x37 ,0x3a ,0xfe ,0x23 ,0x9d ,0x17 ,0x2a ,0xc2 ,0x9a ,0xca ,0x39 +,0x02 ,0x80 ,0xf4 ,0xfd ,0x49 ,0x80 ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 +,0xab ,0x15 ,0x5c ,0x2b ,0xf0 ,0x72 ,0xf6 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0xda ,0x03 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 +,0x09 ,0x00 ,0x99 ,0x04 ,0x63 ,0xe8 ,0x8c ,0x39 ,0xba ,0x08 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 +,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 +,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 +,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b +,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 +,0x44 ,0x42 ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 +,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e +,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 +,0x30 ,0x34 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 +,0x34 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 +,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 +,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 +,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 +,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 +,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x44 ,0x42 ,0x31 ,0x1f ,0x30 ,0x1d +,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 +,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 +,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 +,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xa9 ,0x0d +,0x4c ,0xc6 ,0xc3 ,0x61 ,0xe3 ,0x89 ,0xd8 ,0x6b ,0x02 ,0x78 ,0x2a ,0x49 ,0xc8 ,0x04 ,0x24 ,0xd9 +,0xae ,0xb2 ,0xa4 ,0xfa ,0x7d ,0xe9 ,0x94 ,0x59 ,0x6c ,0xb4 ,0x17 ,0xb2 ,0x2b ,0x3b ,0x7f ,0x2e +,0x1a ,0xbf ,0xc8 ,0x8e ,0xb7 ,0xe8 ,0xe1 ,0x79 ,0x9f ,0xed ,0x45 ,0x64 ,0x0a ,0x58 ,0x52 ,0x4b +,0x1f ,0xf1 ,0xe9 ,0xf6 ,0xc7 ,0x98 ,0xe6 ,0x1c ,0x0b ,0xe9 ,0x2e ,0x61 ,0xc3 ,0x28 ,0x95 ,0x1b +,0xf9 ,0x25 ,0xc3 ,0x5f ,0xa1 ,0x55 ,0x06 ,0xbe ,0x4b ,0xd5 ,0xef ,0x51 ,0x4a ,0x64 ,0x6d ,0x6d +,0x02 ,0x3e ,0xcd ,0x61 ,0x1c ,0xc6 ,0xb6 ,0x84 ,0x65 ,0xee ,0xb5 ,0xb0 ,0x73 ,0x46 ,0x1a ,0x22 +,0xe7 ,0x3e ,0x22 ,0x5b ,0xbf ,0x52 ,0x19 ,0x69 ,0x34 ,0xc0 ,0xfd ,0x44 ,0x64 ,0xe7 ,0xca ,0xc0 +,0x29 ,0xb0 ,0x15 ,0x7a ,0xb7 ,0x47 ,0x59 ,0xbd ,0xac ,0x1d ,0xe3 ,0x5c ,0x70 ,0xb0 ,0x35 ,0xd2 +,0x11 ,0xd4 ,0x3e ,0x99 ,0x7e ,0x94 ,0x2c ,0x0b ,0x29 ,0xe0 ,0xf2 ,0xe5 ,0x8d ,0x34 ,0xd1 ,0xb3 +,0xfb ,0xdc ,0xe1 ,0x77 ,0x02 ,0x4e ,0x1e ,0xcf ,0xee ,0x82 ,0xe4 ,0x30 ,0x4b ,0x70 ,0xbe ,0x5e +,0x2b ,0x35 ,0x2f ,0x73 ,0xcc ,0xc2 ,0x45 ,0xd5 ,0xd3 ,0x8f ,0xd7 ,0xd2 ,0x36 ,0xc8 ,0x23 ,0xdd +,0x57 ,0xc6 ,0x86 ,0xd1 ,0x48 ,0xef ,0xd7 ,0x24 ,0x09 ,0x13 ,0xda ,0x22 ,0x31 ,0xa6 ,0x9d ,0x12 +,0x51 ,0xf2 ,0xff ,0x8c ,0x91 ,0xfb ,0x5b ,0xc2 ,0x3a ,0x58 ,0x92 ,0x7e ,0x79 ,0x8b ,0xdb ,0x62 +,0x17 ,0xd8 ,0x00 ,0x90 ,0xfc ,0x40 ,0xa5 ,0x39 ,0x82 ,0x3b ,0xde ,0xec ,0xb2 ,0xe2 ,0xe8 ,0x70 +,0x78 ,0xdf ,0x7d ,0x72 ,0x0d ,0xff ,0xd2 ,0x8a ,0xd5 ,0x0b ,0xb9 ,0xf0 ,0xe0 ,0x30 ,0xee ,0xdd +,0xa6 ,0xd2 ,0xa2 ,0x04 ,0xf7 ,0x38 ,0xc1 ,0xee ,0xd1 ,0xb3 ,0x91 ,0x42 ,0x64 ,0x71 ,0x02 ,0x03 +,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 +,0x04 ,0x14 ,0x59 ,0x42 ,0xac ,0x51 ,0xf6 ,0x4e ,0xc4 ,0xe5 ,0x34 ,0x80 ,0x9b ,0x61 ,0xfc ,0x48 +,0xf4 ,0xa6 ,0x24 ,0xc8 ,0x68 ,0xf3 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 +,0x16 ,0x80 ,0x14 ,0x59 ,0x42 ,0xac ,0x51 ,0xf6 ,0x4e ,0xc4 ,0xe5 ,0x34 ,0x80 ,0x9b ,0x61 ,0xfc +,0x48 ,0xf4 ,0xa6 ,0x24 ,0xc8 ,0x68 ,0xf3 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 +,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 +,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x90 ,0x90 ,0xf4 ,0x01 +,0xc1 ,0x37 ,0x11 ,0xcb ,0x31 ,0x64 ,0xe2 ,0x3f ,0x78 ,0x95 ,0x1d ,0x51 ,0x73 ,0x65 ,0x02 ,0x23 +,0x15 ,0xed ,0x46 ,0xa5 ,0x71 ,0x60 ,0x3e ,0x24 ,0xa8 ,0x1e ,0x51 ,0xcc ,0xc7 ,0x40 ,0x0d ,0x8a +,0x73 ,0xf1 ,0x40 ,0x60 ,0x6a ,0xbe ,0xce ,0xfa ,0xdf ,0xbc ,0x7d ,0x9c ,0x5f ,0x24 ,0x3b ,0x29 +,0x22 ,0xe5 ,0xda ,0xbd ,0x85 ,0x6d ,0x33 ,0x50 ,0xf8 ,0xb3 ,0x20 ,0x8e ,0x0d ,0xc4 ,0x14 ,0x93 +,0x0d ,0x8a ,0xd2 ,0x74 ,0x10 ,0x92 ,0x14 ,0x5e ,0xde ,0x5f ,0x33 ,0x3d ,0x39 ,0x18 ,0xd5 ,0xa2 +,0x4a ,0x42 ,0x8c ,0x64 ,0x75 ,0xd3 ,0xfa ,0x8d ,0xce ,0x57 ,0xda ,0xb6 ,0x44 ,0x6a ,0xb0 ,0x53 +,0xf1 ,0x00 ,0x53 ,0x64 ,0xd8 ,0xf7 ,0xa4 ,0xc2 ,0x1a ,0xa6 ,0x00 ,0xc4 ,0x40 ,0x63 ,0x61 ,0x38 +,0x97 ,0xe1 ,0x65 ,0xbd ,0x4f ,0x36 ,0x7c ,0x77 ,0x8c ,0x26 ,0x41 ,0xa3 ,0x69 ,0x10 ,0x87 ,0xf4 +,0x66 ,0xe2 ,0xad ,0x13 ,0x60 ,0x77 ,0x71 ,0xf6 ,0xc2 ,0xad ,0xec ,0x9c ,0xac ,0x85 ,0xf9 ,0x5d +,0xaf ,0xa4 ,0x19 ,0x70 ,0xb9 ,0xe4 ,0xfa ,0xbf ,0x5b ,0x00 ,0x2f ,0x46 ,0xd9 ,0xc4 ,0x9a ,0x32 +,0x96 ,0xb7 ,0x7f ,0x22 ,0xf9 ,0xa4 ,0xea ,0xba ,0xc8 ,0xb8 ,0x59 ,0xbd ,0x12 ,0x30 ,0x76 ,0x50 +,0x4f ,0x62 ,0x72 ,0x05 ,0xe2 ,0xf4 ,0x29 ,0x91 ,0x05 ,0x28 ,0xba ,0x3c ,0xf0 ,0x6b ,0x1e ,0x54 +,0xa2 ,0x47 ,0xa7 ,0xfc ,0x64 ,0x20 ,0x9c ,0xf1 ,0x95 ,0xe3 ,0xd1 ,0xc9 ,0x37 ,0xe8 ,0xeb ,0x4e +,0xda ,0x2b ,0x5f ,0x1c ,0x7a ,0xb3 ,0xe2 ,0x0a ,0x01 ,0x5c ,0x7a ,0x1e ,0xfc ,0x24 ,0x60 ,0x14 +,0x75 ,0xcd ,0xe9 ,0x9e ,0x77 ,0xbf ,0x3a ,0x6f ,0xd7 ,0x7f ,0x42 ,0x14 ,0x94 ,0x27 ,0x0b ,0x6e +,0x1d ,0x78 ,0x9b ,0xc5 ,0x82 ,0x28 ,0xf7 ,0x78 ,0xc4 ,0xdf ,0x4e ,0x85 }; + +unsigned int DB_auth_len = 2524; diff --git a/libstb/secvar/test/data/dbsigneddata.h b/libstb/secvar/test/data/dbsigneddata.h new file mode 100644 index 00000000..a82fbcc4 --- /dev/null +++ b/libstb/secvar/test/data/dbsigneddata.h @@ -0,0 +1,160 @@ +unsigned char dbsigneddata_auth[] = +{0xe4 ,0x07 ,0x09 ,0x0e ,0x12 ,0x0c ,0x06 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xc0 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 ,0x01 ,0x01 ,0x31 +,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 ,0xa0 ,0x82 ,0x03 +,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 +,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 +,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 +,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 +,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 +,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 +,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c +,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 +,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 +,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 +,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 +,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x32 +,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 +,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 +,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 +,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d +,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 +,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e +,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 ,0x22 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 +,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xaf ,0xca ,0xd3 +,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 ,0x21 ,0x93 ,0x58 +,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 ,0x9d ,0xac ,0xa1 +,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d ,0x73 ,0xa9 ,0x41 +,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea ,0x69 ,0xbc ,0x24 +,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 ,0x69 ,0x5e ,0x30 +,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 ,0xc6 ,0xd8 ,0x4e +,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 ,0x8c ,0xa8 ,0xfe +,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 ,0x3a ,0xa5 ,0x54 +,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 ,0x96 ,0x0b ,0xb2 +,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb ,0xa4 ,0xaf ,0x75 +,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 ,0x60 ,0x67 ,0x9a +,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 ,0x68 ,0x8a ,0x83 +,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e ,0x1a ,0x66 ,0x2e +,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d ,0x9b ,0x9e ,0x6f +,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 ,0x75 ,0xf7 ,0xb6 +,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f ,0x02 ,0x03 ,0x01 +,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 +,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe ,0x7e ,0xee ,0x66 +,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 +,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe ,0x7e ,0xee +,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff +,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba ,0x93 ,0xe4 ,0x7e +,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 ,0xa9 ,0x14 ,0x28 +,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 ,0xd5 ,0x45 ,0xde +,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c ,0x0a ,0xea ,0x63 +,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba ,0xeb ,0x6d ,0x53 +,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 ,0x1c ,0xb1 ,0xd3 +,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 ,0xf0 ,0x23 ,0x46 +,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 ,0x41 ,0x66 ,0xa0 +,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 ,0xc0 ,0x6f ,0x51 +,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc ,0xbe ,0x9d ,0x54 +,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc ,0xe2 ,0x53 ,0xde +,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 ,0x14 ,0xb9 ,0xc9 +,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab ,0x2b ,0x9e ,0xe9 +,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 ,0x5b ,0x61 ,0x5f +,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a ,0xd5 ,0x77 ,0xb5 +,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b ,0x5d ,0xd7 ,0x0f +,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 ,0x01 ,0xb1 ,0x30 +,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 +,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 +,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 +,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b +,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 +,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 +,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e +,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d +,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 ,0x30 ,0x0d ,0x06 +,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 ,0x82 ,0x01 ,0x00 +,0x23 ,0x1a ,0x70 ,0x33 ,0x6f ,0x24 ,0xb0 ,0xc1 ,0xd8 ,0xd2 ,0x48 ,0x83 ,0x45 ,0x0a ,0x17 ,0x81 +,0x98 ,0x98 ,0x29 ,0xb6 ,0x49 ,0xbc ,0xcb ,0x55 ,0xb7 ,0xbf ,0xa3 ,0x98 ,0x3e ,0xec ,0xe2 ,0xee +,0x2f ,0xec ,0x2e ,0xd3 ,0x7b ,0x4b ,0xf7 ,0xfd ,0xd4 ,0xde ,0x2b ,0xf3 ,0x1b ,0x75 ,0xca ,0x28 +,0xed ,0xa8 ,0x9d ,0xef ,0xfd ,0xca ,0x78 ,0x59 ,0x02 ,0xe9 ,0x61 ,0x4b ,0xe8 ,0x66 ,0x6c ,0xa7 +,0x6c ,0x3e ,0x82 ,0xa1 ,0xde ,0xcd ,0xe4 ,0x26 ,0x14 ,0xc1 ,0xee ,0xcf ,0x34 ,0x07 ,0x2a ,0x75 +,0x61 ,0x8b ,0xf9 ,0xb6 ,0x9a ,0x12 ,0x47 ,0xa7 ,0x09 ,0xf3 ,0x4e ,0x5a ,0x1f ,0x6d ,0xf9 ,0x7b +,0xf4 ,0xdf ,0x7c ,0x0f ,0x18 ,0xf7 ,0x8c ,0xab ,0xf5 ,0x8b ,0xf9 ,0xf4 ,0x2e ,0xec ,0x02 ,0x35 +,0x5f ,0x0f ,0xab ,0xdc ,0x95 ,0x61 ,0x5f ,0xd0 ,0x4f ,0xee ,0xe2 ,0xea ,0xd5 ,0x66 ,0x2a ,0xac +,0x7f ,0x09 ,0x74 ,0x38 ,0xcd ,0x35 ,0x15 ,0x13 ,0xa2 ,0x71 ,0x83 ,0x98 ,0xcd ,0x98 ,0x18 ,0x76 +,0x79 ,0x75 ,0xf4 ,0xab ,0xa7 ,0x4c ,0x66 ,0xf4 ,0x25 ,0xbe ,0x97 ,0xc9 ,0x0f ,0x13 ,0x81 ,0x86 +,0x71 ,0xf4 ,0x6b ,0x8c ,0x84 ,0xc6 ,0xa5 ,0x8e ,0xaf ,0x9e ,0x7f ,0x55 ,0x1d ,0xd1 ,0xb0 ,0x7b +,0x77 ,0xfe ,0xe0 ,0x36 ,0xd8 ,0x11 ,0xa8 ,0x3b ,0xb2 ,0x3f ,0xc2 ,0x54 ,0x45 ,0x37 ,0x1d ,0x41 +,0xcb ,0x84 ,0x54 ,0x65 ,0xc5 ,0xfa ,0xde ,0x10 ,0x36 ,0x95 ,0x51 ,0x6a ,0xa6 ,0x6d ,0xda ,0xb9 +,0x2c ,0x78 ,0x6b ,0xd1 ,0x25 ,0x69 ,0x91 ,0xfe ,0xef ,0x53 ,0x88 ,0x29 ,0x52 ,0x91 ,0xea ,0x81 +,0xdf ,0xbc ,0xc6 ,0xaa ,0xd4 ,0x67 ,0xfd ,0x23 ,0x17 ,0xf0 ,0x10 ,0x90 ,0x0e ,0x0a ,0x38 ,0xad +,0x21 ,0x8d ,0x6b ,0x0d ,0x0a ,0xf2 ,0x02 ,0x4e ,0x08 ,0xa3 ,0x15 ,0x6a ,0xd0 ,0x98 ,0xe6 ,0x20 +,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 ,0xab ,0x15 ,0x5c ,0x2b ,0xf0 ,0x72 +,0xf6 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0xda ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 ,0x82 ,0x03 ,0xc6 +,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 ,0x00 ,0x99 ,0x04 ,0x63 ,0xe8 +,0x8c ,0x39 ,0xba ,0x08 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 +,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 +,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 +,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 +,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 +,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 +,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x44 ,0x42 ,0x31 ,0x1f ,0x30 ,0x1d +,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 +,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 +,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x34 ,0x30 ,0x5a ,0x17 ,0x0d +,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x34 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 +,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c +,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d +,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 +,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 +,0x04 ,0x03 ,0x0c ,0x02 ,0x44 ,0x42 ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 +,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 +,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a +,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 +,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xa9 ,0x0d ,0x4c ,0xc6 ,0xc3 ,0x61 ,0xe3 ,0x89 +,0xd8 ,0x6b ,0x02 ,0x78 ,0x2a ,0x49 ,0xc8 ,0x04 ,0x24 ,0xd9 ,0xae ,0xb2 ,0xa4 ,0xfa ,0x7d ,0xe9 +,0x94 ,0x59 ,0x6c ,0xb4 ,0x17 ,0xb2 ,0x2b ,0x3b ,0x7f ,0x2e ,0x1a ,0xbf ,0xc8 ,0x8e ,0xb7 ,0xe8 +,0xe1 ,0x79 ,0x9f ,0xed ,0x45 ,0x64 ,0x0a ,0x58 ,0x52 ,0x4b ,0x1f ,0xf1 ,0xe9 ,0xf6 ,0xc7 ,0x98 +,0xe6 ,0x1c ,0x0b ,0xe9 ,0x2e ,0x61 ,0xc3 ,0x28 ,0x95 ,0x1b ,0xf9 ,0x25 ,0xc3 ,0x5f ,0xa1 ,0x55 +,0x06 ,0xbe ,0x4b ,0xd5 ,0xef ,0x51 ,0x4a ,0x64 ,0x6d ,0x6d ,0x02 ,0x3e ,0xcd ,0x61 ,0x1c ,0xc6 +,0xb6 ,0x84 ,0x65 ,0xee ,0xb5 ,0xb0 ,0x73 ,0x46 ,0x1a ,0x22 ,0xe7 ,0x3e ,0x22 ,0x5b ,0xbf ,0x52 +,0x19 ,0x69 ,0x34 ,0xc0 ,0xfd ,0x44 ,0x64 ,0xe7 ,0xca ,0xc0 ,0x29 ,0xb0 ,0x15 ,0x7a ,0xb7 ,0x47 +,0x59 ,0xbd ,0xac ,0x1d ,0xe3 ,0x5c ,0x70 ,0xb0 ,0x35 ,0xd2 ,0x11 ,0xd4 ,0x3e ,0x99 ,0x7e ,0x94 +,0x2c ,0x0b ,0x29 ,0xe0 ,0xf2 ,0xe5 ,0x8d ,0x34 ,0xd1 ,0xb3 ,0xfb ,0xdc ,0xe1 ,0x77 ,0x02 ,0x4e +,0x1e ,0xcf ,0xee ,0x82 ,0xe4 ,0x30 ,0x4b ,0x70 ,0xbe ,0x5e ,0x2b ,0x35 ,0x2f ,0x73 ,0xcc ,0xc2 +,0x45 ,0xd5 ,0xd3 ,0x8f ,0xd7 ,0xd2 ,0x36 ,0xc8 ,0x23 ,0xdd ,0x57 ,0xc6 ,0x86 ,0xd1 ,0x48 ,0xef +,0xd7 ,0x24 ,0x09 ,0x13 ,0xda ,0x22 ,0x31 ,0xa6 ,0x9d ,0x12 ,0x51 ,0xf2 ,0xff ,0x8c ,0x91 ,0xfb +,0x5b ,0xc2 ,0x3a ,0x58 ,0x92 ,0x7e ,0x79 ,0x8b ,0xdb ,0x62 ,0x17 ,0xd8 ,0x00 ,0x90 ,0xfc ,0x40 +,0xa5 ,0x39 ,0x82 ,0x3b ,0xde ,0xec ,0xb2 ,0xe2 ,0xe8 ,0x70 ,0x78 ,0xdf ,0x7d ,0x72 ,0x0d ,0xff +,0xd2 ,0x8a ,0xd5 ,0x0b ,0xb9 ,0xf0 ,0xe0 ,0x30 ,0xee ,0xdd ,0xa6 ,0xd2 ,0xa2 ,0x04 ,0xf7 ,0x38 +,0xc1 ,0xee ,0xd1 ,0xb3 ,0x91 ,0x42 ,0x64 ,0x71 ,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 +,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 ,0x14 ,0x59 ,0x42 ,0xac ,0x51 +,0xf6 ,0x4e ,0xc4 ,0xe5 ,0x34 ,0x80 ,0x9b ,0x61 ,0xfc ,0x48 ,0xf4 ,0xa6 ,0x24 ,0xc8 ,0x68 ,0xf3 +,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x59 ,0x42 ,0xac +,0x51 ,0xf6 ,0x4e ,0xc4 ,0xe5 ,0x34 ,0x80 ,0x9b ,0x61 ,0xfc ,0x48 ,0xf4 ,0xa6 ,0x24 ,0xc8 ,0x68 +,0xf3 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 +,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 +,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x90 ,0x90 ,0xf4 ,0x01 ,0xc1 ,0x37 ,0x11 ,0xcb ,0x31 ,0x64 +,0xe2 ,0x3f ,0x78 ,0x95 ,0x1d ,0x51 ,0x73 ,0x65 ,0x02 ,0x23 ,0x15 ,0xed ,0x46 ,0xa5 ,0x71 ,0x60 +,0x3e ,0x24 ,0xa8 ,0x1e ,0x51 ,0xcc ,0xc7 ,0x40 ,0x0d ,0x8a ,0x73 ,0xf1 ,0x40 ,0x60 ,0x6a ,0xbe +,0xce ,0xfa ,0xdf ,0xbc ,0x7d ,0x9c ,0x5f ,0x24 ,0x3b ,0x29 ,0x22 ,0xe5 ,0xda ,0xbd ,0x85 ,0x6d +,0x33 ,0x50 ,0xf8 ,0xb3 ,0x20 ,0x8e ,0x0d ,0xc4 ,0x14 ,0x93 ,0x0d ,0x8a ,0xd2 ,0x74 ,0x10 ,0x92 +,0x14 ,0x5e ,0xde ,0x5f ,0x33 ,0x3d ,0x39 ,0x18 ,0xd5 ,0xa2 ,0x4a ,0x42 ,0x8c ,0x64 ,0x75 ,0xd3 +,0xfa ,0x8d ,0xce ,0x57 ,0xda ,0xb6 ,0x44 ,0x6a ,0xb0 ,0x53 ,0xf1 ,0x00 ,0x53 ,0x64 ,0xd8 ,0xf7 +,0xa4 ,0xc2 ,0x1a ,0xa6 ,0x00 ,0xc4 ,0x40 ,0x63 ,0x61 ,0x38 ,0x97 ,0xe1 ,0x65 ,0xbd ,0x4f ,0x36 +,0x7c ,0x77 ,0x8c ,0x26 ,0x41 ,0xa3 ,0x69 ,0x10 ,0x87 ,0xf4 ,0x66 ,0xe2 ,0xad ,0x13 ,0x60 ,0x77 +,0x71 ,0xf6 ,0xc2 ,0xad ,0xec ,0x9c ,0xac ,0x85 ,0xf9 ,0x5d ,0xaf ,0xa4 ,0x19 ,0x70 ,0xb9 ,0xe4 +,0xfa ,0xbf ,0x5b ,0x00 ,0x2f ,0x46 ,0xd9 ,0xc4 ,0x9a ,0x32 ,0x96 ,0xb7 ,0x7f ,0x22 ,0xf9 ,0xa4 +,0xea ,0xba ,0xc8 ,0xb8 ,0x59 ,0xbd ,0x12 ,0x30 ,0x76 ,0x50 ,0x4f ,0x62 ,0x72 ,0x05 ,0xe2 ,0xf4 +,0x29 ,0x91 ,0x05 ,0x28 ,0xba ,0x3c ,0xf0 ,0x6b ,0x1e ,0x54 ,0xa2 ,0x47 ,0xa7 ,0xfc ,0x64 ,0x20 +,0x9c ,0xf1 ,0x95 ,0xe3 ,0xd1 ,0xc9 ,0x37 ,0xe8 ,0xeb ,0x4e ,0xda ,0x2b ,0x5f ,0x1c ,0x7a ,0xb3 +,0xe2 ,0x0a ,0x01 ,0x5c ,0x7a ,0x1e ,0xfc ,0x24 ,0x60 ,0x14 ,0x75 ,0xcd ,0xe9 ,0x9e ,0x77 ,0xbf +,0x3a ,0x6f ,0xd7 ,0x7f ,0x42 ,0x14 ,0x94 ,0x27 ,0x0b ,0x6e ,0x1d ,0x78 ,0x9b ,0xc5 ,0x82 ,0x28 +,0xf7 ,0x78 ,0xc4 ,0xdf ,0x4e ,0x85 }; + +unsigned int dbsigneddata_auth_len = 2502; diff --git a/libstb/secvar/test/data/dbx.h b/libstb/secvar/test/data/dbx.h new file mode 100644 index 00000000..bd983e9a --- /dev/null +++ b/libstb/secvar/test/data/dbx.h @@ -0,0 +1,102 @@ +unsigned char dbxauth[] = +{0xe4 ,0x07 ,0x09 ,0x0e ,0x0f ,0x1c ,0x1f ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd3 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xb7 ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xa8 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 +,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 +,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 +,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 +,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 +,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 +,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 +,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f +,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e +,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 +,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 +,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 +,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 +,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d +,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea +,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 +,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 +,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 +,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 +,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 +,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb +,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 +,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 +,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e +,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d +,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 +,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f +,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e +,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe +,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 +,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 +,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba +,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 +,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 +,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c +,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba +,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 +,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 +,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 +,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 +,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc +,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc +,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 +,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab +,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 +,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a +,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b +,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 +,0x01 ,0xb1 ,0x30 ,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 +,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 +,0x82 ,0x01 ,0x00 ,0x70 ,0xd0 ,0x21 ,0x6e ,0xdf ,0x7c ,0xdb ,0x40 ,0x84 ,0xc9 ,0x08 ,0xb0 ,0x93 +,0x9b ,0x03 ,0xa7 ,0x6f ,0x41 ,0x47 ,0xf1 ,0x41 ,0xf3 ,0xce ,0x05 ,0xeb ,0x27 ,0x58 ,0x1f ,0x95 +,0x79 ,0x29 ,0x82 ,0xf6 ,0x9c ,0x45 ,0x53 ,0x9e ,0x40 ,0x71 ,0xa1 ,0xae ,0x90 ,0x80 ,0xd2 ,0xc9 +,0x5f ,0x69 ,0xd5 ,0xb1 ,0xad ,0x69 ,0xeb ,0x25 ,0xba ,0x2d ,0x8a ,0x18 ,0x0a ,0x80 ,0x37 ,0xe7 +,0x3b ,0x6b ,0x2e ,0x2c ,0x0f ,0x08 ,0x4c ,0xd1 ,0x50 ,0xc8 ,0xe9 ,0x33 ,0x22 ,0x43 ,0x0b ,0x66 +,0x41 ,0xc4 ,0x82 ,0x9f ,0xc5 ,0xe5 ,0x57 ,0xe7 ,0xbb ,0xca ,0xfb ,0xbe ,0xab ,0xaf ,0x55 ,0xee +,0x56 ,0xca ,0x32 ,0xdc ,0x49 ,0xb9 ,0x6d ,0x6e ,0x8d ,0x99 ,0x87 ,0x95 ,0x2d ,0xe3 ,0xfa ,0xd3 +,0x55 ,0x1c ,0xe9 ,0x53 ,0xf7 ,0xee ,0xaf ,0x2b ,0x75 ,0x4d ,0x97 ,0x98 ,0x83 ,0xea ,0x48 ,0x68 +,0x52 ,0xae ,0x65 ,0xab ,0x44 ,0x09 ,0x14 ,0x19 ,0x6d ,0x99 ,0xbf ,0x2d ,0xf7 ,0x03 ,0x63 ,0x98 +,0x0b ,0xec ,0xe1 ,0xf6 ,0x93 ,0xb3 ,0xe1 ,0x60 ,0xe8 ,0x17 ,0xfa ,0xb8 ,0xec ,0xcd ,0x42 ,0xe0 +,0x27 ,0xf4 ,0xb3 ,0xa3 ,0x37 ,0x95 ,0x82 ,0xb4 ,0x65 ,0xdf ,0xbe ,0xbc ,0xde ,0xea ,0xe3 ,0xd3 +,0x8e ,0x65 ,0x19 ,0x9e ,0x28 ,0x8a ,0x70 ,0x30 ,0xf1 ,0xd7 ,0x95 ,0xf7 ,0xcd ,0x19 ,0xd1 ,0x3b +,0x4a ,0x04 ,0xcf ,0x7b ,0x81 ,0x58 ,0x59 ,0x5a ,0x7e ,0x67 ,0x89 ,0x6a ,0x40 ,0xe0 ,0x07 ,0xe6 +,0x17 ,0xcd ,0x8b ,0xc4 ,0x05 ,0xe1 ,0x0d ,0x10 ,0x66 ,0xbf ,0x3b ,0x95 ,0xde ,0x82 ,0x1c ,0x07 +,0x38 ,0x15 ,0xe1 ,0x70 ,0x25 ,0xa2 ,0x52 ,0x30 ,0x87 ,0x4b ,0x71 ,0xb6 ,0x71 ,0x5a ,0x7f ,0x45 +,0x58 ,0xf8 ,0x09 ,0xc8 ,0xba ,0x53 ,0xf5 ,0x07 ,0x08 ,0x25 ,0x4a ,0xbb ,0x84 ,0x5e ,0x09 ,0xd8 +,0x92 ,0xcf ,0x42 ,0x26 ,0x16 ,0xc4 ,0xc1 ,0x4c ,0x50 ,0x92 ,0x40 ,0xac ,0xa9 ,0x41 ,0xf9 ,0x36 +,0x93 ,0x43 ,0x28 ,0x4c ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 ,0x00 ,0x00 ,0x00 ,0x50 +,0xab ,0x5d ,0x60 ,0x46 ,0xe0 ,0x00 ,0x43 ,0xab ,0xb6 ,0x3d ,0xd8 ,0x10 ,0xdd ,0x8b ,0x23 ,0xfc +,0xe7 ,0x8e ,0x16 ,0xb1 ,0xdd ,0x1f ,0xdc ,0xf2 ,0x7e ,0xb7 ,0xa8 ,0x83 ,0x28 ,0x9b ,0xf0 ,0x10 +,0x66 ,0xea ,0x30 ,0x22 ,0x67 ,0xc7 ,0xd4 ,0x56 ,0xb0 ,0x90 ,0xd5 ,0xd6 ,0xa1 ,0x48 ,0x92 }; + +unsigned int dbx_auth_len = 1583; diff --git a/libstb/secvar/test/data/dbxmalformed.h b/libstb/secvar/test/data/dbxmalformed.h new file mode 100644 index 00000000..125042f8 --- /dev/null +++ b/libstb/secvar/test/data/dbxmalformed.h @@ -0,0 +1,105 @@ +/* SHA512 dbx with wrong GUID of SHA256 */ +unsigned char wrongdbxauth[] = { +0xe4 ,0x07 ,0x09 ,0x0e ,0x11 ,0x29 ,0x1f ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd3 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xb7 ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xa8 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 +,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 +,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 +,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 +,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 +,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 +,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 +,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f +,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e +,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 +,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 +,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 +,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 +,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d +,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea +,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 +,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 +,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 +,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 +,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 +,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb +,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 +,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 +,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e +,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d +,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 +,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f +,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e +,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe +,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 +,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 +,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba +,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 +,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 +,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c +,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba +,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 +,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 +,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 +,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 +,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc +,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc +,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 +,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab +,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 +,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a +,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b +,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 +,0x01 ,0xb1 ,0x30 ,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 +,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 +,0x82 ,0x01 ,0x00 ,0x4e ,0x44 ,0x55 ,0x32 ,0xef ,0x83 ,0x9c ,0x98 ,0x04 ,0x60 ,0x4d ,0x7f ,0x1c +,0x75 ,0x79 ,0x6d ,0xd4 ,0x46 ,0x15 ,0xa3 ,0x27 ,0x09 ,0xec ,0x31 ,0x65 ,0x76 ,0x80 ,0xea ,0xd5 +,0x6e ,0x45 ,0x63 ,0xab ,0x2f ,0x61 ,0x2e ,0x06 ,0x3f ,0x05 ,0x7d ,0xec ,0xcb ,0xaf ,0xa8 ,0xa4 +,0x1d ,0x19 ,0x88 ,0x07 ,0x86 ,0x20 ,0x98 ,0x85 ,0xb2 ,0xa8 ,0x4d ,0xd4 ,0xe4 ,0x6e ,0x58 ,0x3a +,0x55 ,0xd1 ,0xb0 ,0xb2 ,0xee ,0xd3 ,0x44 ,0x92 ,0x0a ,0xc0 ,0x72 ,0xa0 ,0xdd ,0xde ,0xe2 ,0xdf +,0x81 ,0x92 ,0x4c ,0x01 ,0x38 ,0xc0 ,0x45 ,0xdf ,0x79 ,0x71 ,0xbd ,0xe9 ,0x6c ,0x4b ,0x83 ,0x58 +,0xcc ,0x97 ,0x19 ,0x8b ,0x1b ,0x3d ,0x45 ,0x4a ,0x54 ,0xf6 ,0x7d ,0xab ,0x7d ,0xa5 ,0xbe ,0x51 +,0x67 ,0x2f ,0x3a ,0xa2 ,0xf6 ,0x10 ,0x16 ,0x97 ,0xbe ,0xef ,0xf9 ,0x64 ,0x39 ,0xf8 ,0x26 ,0xb1 +,0x58 ,0xc1 ,0x92 ,0x88 ,0x1a ,0xa0 ,0x9b ,0x5c ,0xe9 ,0x87 ,0x96 ,0x2f ,0x44 ,0xc5 ,0x39 ,0x1d +,0x52 ,0xf5 ,0xf9 ,0x83 ,0x97 ,0x39 ,0xb6 ,0x2d ,0x7b ,0xd8 ,0xe7 ,0xa7 ,0x3e ,0x55 ,0x71 ,0x2e +,0x85 ,0x5f ,0xc4 ,0x59 ,0xfa ,0xf5 ,0xeb ,0x1a ,0x1f ,0x40 ,0xfd ,0xd9 ,0xa1 ,0x07 ,0x0a ,0x91 +,0xaa ,0x4c ,0x33 ,0x73 ,0xfd ,0xd5 ,0xfa ,0x55 ,0x03 ,0xb6 ,0x7e ,0x8d ,0xbd ,0x8d ,0x80 ,0x40 +,0x63 ,0xe1 ,0x1b ,0xcf ,0xc3 ,0xb9 ,0xf0 ,0x34 ,0x95 ,0x51 ,0x93 ,0x28 ,0xf4 ,0x14 ,0x31 ,0x02 +,0x76 ,0xd3 ,0x30 ,0x2d ,0x80 ,0x9f ,0xd8 ,0x5a ,0x32 ,0x56 ,0xef ,0x99 ,0xfa ,0x2c ,0x57 ,0xa7 +,0x6c ,0x12 ,0xfd ,0xbc ,0x98 ,0xce ,0xf0 ,0xd1 ,0x46 ,0xac ,0x7e ,0x38 ,0xa5 ,0x6f ,0x73 ,0x45 +,0x38 ,0x82 ,0x33 ,0xeb ,0xea ,0x7c ,0x7f ,0x24 ,0xbf ,0x22 ,0xfd ,0x2e ,0xa2 ,0x09 ,0x94 ,0xe7 +,0x07 ,0x56 ,0xd5 ,0x26 ,0x16 ,0xc4 ,0xc1 ,0x4c ,0x50 ,0x92 ,0x40 ,0xac ,0xa9 ,0x41 ,0xf9 ,0x36 +,0x93 ,0x43 ,0x28 ,0x6c ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x50 ,0x00 ,0x00 ,0x00 ,0x50 +,0xab ,0x5d ,0x60 ,0x46 ,0xe0 ,0x00 ,0x43 ,0xab ,0xb6 ,0x3d ,0xd8 ,0x10 ,0xdd ,0x8b ,0x23 ,0x35 +,0xd8 ,0x8e ,0x23 ,0xfa ,0xc0 ,0xf9 ,0xcd ,0xc1 ,0x00 ,0x29 ,0xd1 ,0x9f ,0x16 ,0x7b ,0x7f ,0xfa +,0xf6 ,0x72 ,0x56 ,0xbd ,0x69 ,0x91 ,0x30 ,0x57 ,0x3b ,0xd3 ,0x82 ,0xf6 ,0x6d ,0xee ,0x60 ,0x42 +,0x73 ,0x04 ,0x0d ,0xf2 ,0x2f ,0x4c ,0x28 ,0x1c ,0xa1 ,0xcc ,0x18 ,0xf5 ,0x34 ,0x68 ,0xd0 ,0x69 +,0x52 ,0x34 ,0x79 ,0xb1 ,0xec ,0xd6 ,0xec ,0xfd ,0x8c ,0x32 ,0xe4 ,0x23 ,0xcc ,0x82 ,0x52 }; + +unsigned int wrong_dbx_auth_len = 1615; diff --git a/libstb/secvar/test/data/dbxsha512.h b/libstb/secvar/test/data/dbxsha512.h new file mode 100644 index 00000000..e008457d --- /dev/null +++ b/libstb/secvar/test/data/dbxsha512.h @@ -0,0 +1,104 @@ +unsigned char dbx512[] = { +0xe4 ,0x07 ,0x09 ,0x0e ,0x11 ,0x29 ,0x08 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd3 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xb7 ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xa8 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 +,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 +,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 +,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 +,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 +,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 +,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 +,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f +,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e +,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 +,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 +,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 +,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 +,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d +,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea +,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 +,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 +,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 +,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 +,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 +,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb +,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 +,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 +,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e +,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d +,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 +,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f +,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e +,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe +,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 +,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 +,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba +,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 +,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 +,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c +,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba +,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 +,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 +,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 +,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 +,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc +,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc +,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 +,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab +,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 +,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a +,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b +,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 +,0x01 ,0xb1 ,0x30 ,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 +,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 +,0x82 ,0x01 ,0x00 ,0x99 ,0x08 ,0x03 ,0x11 ,0x84 ,0x47 ,0xc9 ,0x20 ,0x3b ,0x1a ,0x87 ,0x2c ,0x3c +,0xe1 ,0xeb ,0x13 ,0x5a ,0x7d ,0x65 ,0x7e ,0x83 ,0x49 ,0xe5 ,0xb8 ,0x91 ,0x5c ,0xc9 ,0x33 ,0xec +,0x50 ,0x5d ,0x43 ,0xe2 ,0xe3 ,0xb1 ,0x39 ,0xc4 ,0xc0 ,0xcf ,0x3b ,0x2c ,0xb0 ,0x37 ,0xeb ,0x6f +,0xa1 ,0x30 ,0x75 ,0x69 ,0x6b ,0x6d ,0xc0 ,0x6f ,0xe1 ,0x8e ,0x94 ,0xdb ,0x92 ,0x60 ,0x85 ,0xa1 +,0x37 ,0x8e ,0xf0 ,0x5c ,0xb2 ,0x69 ,0x30 ,0x9a ,0xc5 ,0x4c ,0xda ,0x7d ,0x0a ,0xa7 ,0x79 ,0x7b +,0x1e ,0x68 ,0x65 ,0x0a ,0xd7 ,0xa7 ,0x74 ,0xa4 ,0x60 ,0x19 ,0x7d ,0x91 ,0x75 ,0x94 ,0x2d ,0xb9 +,0x14 ,0x97 ,0xe6 ,0x62 ,0xf0 ,0xcf ,0x60 ,0x61 ,0xfa ,0x85 ,0xd4 ,0xda ,0x00 ,0x69 ,0xe5 ,0x8a +,0x62 ,0x68 ,0xbf ,0x9f ,0x60 ,0x93 ,0xe0 ,0xb2 ,0xd1 ,0xa4 ,0xd4 ,0xf1 ,0x68 ,0xfa ,0x69 ,0xf0 +,0x7b ,0xb7 ,0xdb ,0xe9 ,0x99 ,0x8e ,0x2a ,0x62 ,0xb2 ,0x49 ,0x04 ,0x8d ,0x0c ,0x5f ,0xa3 ,0xba +,0x01 ,0xab ,0x8e ,0xa5 ,0xaa ,0x23 ,0x9c ,0xd3 ,0xc4 ,0x6f ,0xac ,0xeb ,0xdd ,0x0b ,0xb6 ,0xf3 +,0x6d ,0xb0 ,0x45 ,0xfc ,0x7d ,0xdc ,0x32 ,0x13 ,0x75 ,0x81 ,0x37 ,0x7b ,0xa1 ,0xeb ,0x8f ,0x69 +,0x59 ,0xb4 ,0x1e ,0x2d ,0x81 ,0x8d ,0xef ,0xfb ,0x8f ,0x13 ,0x53 ,0xbf ,0x53 ,0x74 ,0x3c ,0x02 +,0x5e ,0x93 ,0x60 ,0x2a ,0x63 ,0xf6 ,0xa1 ,0x3a ,0x2a ,0x64 ,0xa5 ,0x6a ,0x6f ,0x91 ,0xa8 ,0x28 +,0xbf ,0x79 ,0x20 ,0xdc ,0xb7 ,0x26 ,0x72 ,0x3a ,0x47 ,0x0f ,0x6d ,0x9d ,0x1e ,0x23 ,0xa7 ,0x32 +,0xc7 ,0xba ,0x76 ,0x2e ,0x3c ,0x42 ,0xde ,0xae ,0xdf ,0xea ,0x42 ,0xb1 ,0xa3 ,0x01 ,0xf8 ,0x7e +,0x15 ,0x6c ,0xfd ,0xc6 ,0x45 ,0xb7 ,0xe8 ,0x23 ,0x0d ,0x0c ,0x6f ,0xee ,0x6e ,0x5b ,0x64 ,0x5c +,0xae ,0x3b ,0x5a ,0xae ,0x0f ,0x3e ,0x09 ,0xc4 ,0xa6 ,0x50 ,0x4f ,0x9f ,0x1b ,0xd4 ,0x1e ,0x2b +,0x89 ,0xc1 ,0x9a ,0x6c ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x50 ,0x00 ,0x00 ,0x00 ,0x50 +,0xab ,0x5d ,0x60 ,0x46 ,0xe0 ,0x00 ,0x43 ,0xab ,0xb6 ,0x3d ,0xd8 ,0x10 ,0xdd ,0x8b ,0x23 ,0x35 +,0xd8 ,0x8e ,0x23 ,0xfa ,0xc0 ,0xf9 ,0xcd ,0xc1 ,0x00 ,0x29 ,0xd1 ,0x9f ,0x16 ,0x7b ,0x7f ,0xfa +,0xf6 ,0x72 ,0x56 ,0xbd ,0x69 ,0x91 ,0x30 ,0x57 ,0x3b ,0xd3 ,0x82 ,0xf6 ,0x6d ,0xee ,0x60 ,0x42 +,0x73 ,0x04 ,0x0d ,0xf2 ,0x2f ,0x4c ,0x28 ,0x1c ,0xa1 ,0xcc ,0x18 ,0xf5 ,0x34 ,0x68 ,0xd0 ,0x69 +,0x52 ,0x34 ,0x79 ,0xb1 ,0xec ,0xd6 ,0xec ,0xfd ,0x8c ,0x32 ,0xe4 ,0x23 ,0xcc ,0x82 ,0x52 }; + +unsigned int dbx512_auth_len = 1615; diff --git a/libstb/secvar/test/data/invalidkek.h b/libstb/secvar/test/data/invalidkek.h new file mode 100644 index 00000000..2515ee2c --- /dev/null +++ b/libstb/secvar/test/data/invalidkek.h @@ -0,0 +1,161 @@ +unsigned char InvalidKEK_auth[] = { +0xe4 ,0x07 ,0x09 ,0x0e ,0x0d ,0x0d ,0x0d ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd6 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xba ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xab ,0x30 ,0x82 ,0x05 ,0xa7 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xcc ,0x30 ,0x82 ,0x03 ,0xc8 ,0x30 ,0x82 ,0x02 ,0xb0 ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xb0 ,0x40 ,0xaf ,0x25 ,0xfd ,0xbc ,0xd9 ,0xb1 ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 +,0x31 ,0x35 ,0x35 ,0x30 ,0x35 ,0x35 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x35 ,0x35 ,0x5a ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 +,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 +,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c +,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c +,0x54 ,0x43 ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b +,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 +,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f +,0x6d ,0x30 ,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 +,0x01 ,0x01 ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 +,0x01 ,0x00 ,0xc1 ,0xeb ,0xb8 ,0xf7 ,0x3f ,0x53 ,0xb6 ,0xa1 ,0x8a ,0x3f ,0xca ,0x99 ,0x56 ,0xbc +,0x3b ,0xdf ,0xbf ,0x70 ,0x0a ,0x78 ,0x5b ,0x06 ,0xc1 ,0xeb ,0xbe ,0x4e ,0xd7 ,0xd9 ,0xe9 ,0x57 +,0x1f ,0xc4 ,0xf4 ,0xe5 ,0x78 ,0xb6 ,0x14 ,0xda ,0x87 ,0x43 ,0x31 ,0xad ,0x6d ,0x9f ,0xae ,0x6c +,0x44 ,0xe3 ,0x12 ,0xe4 ,0xf1 ,0xa4 ,0x81 ,0xf8 ,0x7d ,0x09 ,0x0e ,0xa6 ,0x6a ,0xe1 ,0xf7 ,0xcb +,0xe9 ,0x63 ,0xd6 ,0xd6 ,0x58 ,0x28 ,0x10 ,0xf2 ,0xb9 ,0xcf ,0xd7 ,0x85 ,0x95 ,0x0b ,0x24 ,0x51 +,0xe8 ,0x5a ,0x08 ,0x74 ,0xbc ,0x42 ,0x9b ,0xd6 ,0x84 ,0xcd ,0x5e ,0xe5 ,0x61 ,0x83 ,0x7c ,0x5f +,0x0e ,0x3a ,0x9d ,0x3d ,0x6d ,0x84 ,0xe2 ,0xc0 ,0x26 ,0x64 ,0x35 ,0x80 ,0x6c ,0xb1 ,0x37 ,0x72 +,0x38 ,0x00 ,0xa0 ,0x90 ,0x51 ,0xd3 ,0x64 ,0x01 ,0x62 ,0x70 ,0xf8 ,0xa4 ,0xe4 ,0xc8 ,0x87 ,0x4c +,0xe1 ,0x76 ,0xd7 ,0xe6 ,0xbf ,0xed ,0x08 ,0xba ,0xde ,0x42 ,0x90 ,0x00 ,0xb7 ,0x19 ,0x81 ,0x91 +,0xd0 ,0x18 ,0xcb ,0x03 ,0xe6 ,0xf5 ,0xf9 ,0x31 ,0x2b ,0x56 ,0xc3 ,0x21 ,0x39 ,0x4d ,0x9a ,0x63 +,0x0a ,0xb7 ,0x1c ,0xa9 ,0xdc ,0xce ,0xa9 ,0xc4 ,0xe0 ,0x0a ,0xa4 ,0x53 ,0x8f ,0x78 ,0xd1 ,0xc0 +,0x3f ,0xc2 ,0x8e ,0x8a ,0x37 ,0x52 ,0x42 ,0x60 ,0x97 ,0xb3 ,0x53 ,0xaa ,0xa4 ,0x4f ,0x98 ,0x7e +,0xa5 ,0x2a ,0xe1 ,0x52 ,0xfa ,0x9f ,0xc1 ,0x32 ,0xf7 ,0x15 ,0x12 ,0x62 ,0x6b ,0x5a ,0x4d ,0xfe +,0x22 ,0x8d ,0x88 ,0x87 ,0xfd ,0x83 ,0x2f ,0xaa ,0x1a ,0xb8 ,0xad ,0x3d ,0x4f ,0xdc ,0xe0 ,0x39 +,0x8b ,0x88 ,0xed ,0xc6 ,0xf5 ,0xee ,0x32 ,0xea ,0xd6 ,0x25 ,0xcf ,0x91 ,0x66 ,0x77 ,0x4c ,0xa1 +,0x0c ,0x6a ,0x7b ,0x6e ,0xb2 ,0x72 ,0xa8 ,0xf4 ,0xc7 ,0xeb ,0xa4 ,0x91 ,0xda ,0x5d ,0x14 ,0xf9 +,0x9e ,0xe9 ,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 +,0x1d ,0x0e ,0x04 ,0x16 ,0x04 ,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 ,0x18 +,0x91 ,0x75 ,0xd6 ,0xad ,0xb1 ,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d +,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 +,0x18 ,0x91 ,0x75 ,0xd6 ,0xad ,0xb1 ,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 +,0x1d ,0x13 ,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 +,0x7a ,0xc8 ,0xc9 ,0x0e ,0x45 ,0x1c ,0xa6 ,0xce ,0xd5 ,0xdb ,0x9c ,0x5d ,0x95 ,0x8b ,0x8b ,0xbc +,0x90 ,0xca ,0x98 ,0xd1 ,0xe9 ,0x4b ,0xfb ,0xf3 ,0xef ,0x48 ,0xb0 ,0x9e ,0x0d ,0x95 ,0x0f ,0x3a +,0xa0 ,0xb6 ,0x93 ,0x9f ,0xc6 ,0xf7 ,0xca ,0xca ,0xf1 ,0x04 ,0x90 ,0x4d ,0x6b ,0x57 ,0xc1 ,0xe5 +,0x85 ,0xfd ,0x87 ,0x09 ,0xe5 ,0xaf ,0x98 ,0x89 ,0x32 ,0x27 ,0x35 ,0x85 ,0xcf ,0xe1 ,0x1f ,0xaf +,0xc0 ,0x8c ,0x3f ,0x2a ,0xba ,0xa4 ,0xfc ,0xaa ,0x40 ,0x02 ,0x7c ,0x57 ,0xd9 ,0x73 ,0xc6 ,0xc0 +,0x59 ,0xcb ,0x47 ,0x71 ,0x07 ,0x1a ,0xfe ,0x46 ,0xb1 ,0x81 ,0x14 ,0x6b ,0xa5 ,0xeb ,0xe7 ,0x9c +,0x2b ,0x87 ,0xee ,0x72 ,0x96 ,0xe0 ,0xb0 ,0x11 ,0x86 ,0x33 ,0x95 ,0xdf ,0x6e ,0x9c ,0x3f ,0x0f +,0xc1 ,0x46 ,0x8c ,0x53 ,0x12 ,0xf1 ,0xd9 ,0xa8 ,0xee ,0x04 ,0xc5 ,0x71 ,0x52 ,0x22 ,0x13 ,0x0f +,0x91 ,0x0c ,0x73 ,0xca ,0x34 ,0xb1 ,0x36 ,0x5f ,0x8c ,0x2e ,0x0f ,0x3a ,0x04 ,0x42 ,0xfe ,0x45 +,0x82 ,0x29 ,0x56 ,0x5e ,0xe5 ,0x4c ,0xeb ,0x4b ,0xa6 ,0xe5 ,0xe0 ,0x1d ,0x74 ,0xc0 ,0x5a ,0x2f +,0x42 ,0xa5 ,0xf2 ,0x65 ,0xd5 ,0x4d ,0x3b ,0x22 ,0xd2 ,0x96 ,0x42 ,0xcf ,0xbd ,0xd7 ,0x8b ,0x37 +,0x7a ,0xb6 ,0xd9 ,0xd4 ,0xd7 ,0x45 ,0x47 ,0x3b ,0x3c ,0xb3 ,0xd9 ,0x29 ,0x69 ,0x91 ,0x7d ,0x4c +,0x06 ,0xad ,0x6c ,0xea ,0x62 ,0xf1 ,0xf7 ,0xec ,0x67 ,0xae ,0xd5 ,0x43 ,0xd0 ,0xab ,0xb8 ,0xbf +,0xa4 ,0x28 ,0xd4 ,0x75 ,0xd2 ,0x3f ,0x53 ,0x5d ,0xa8 ,0x09 ,0x46 ,0x89 ,0x7f ,0x84 ,0x36 ,0xad +,0x78 ,0x41 ,0x03 ,0xf4 ,0xc4 ,0x43 ,0x43 ,0xdc ,0x52 ,0xc6 ,0xff ,0xab ,0xd6 ,0x8c ,0x7f ,0xc0 +,0xab ,0x67 ,0x5b ,0x0b ,0xa9 ,0x6a ,0xd2 ,0x85 ,0x71 ,0x9f ,0xc2 ,0xf1 ,0x96 ,0xd2 ,0x41 ,0xb0 +,0x31 ,0x82 ,0x01 ,0xb2 ,0x30 ,0x82 ,0x01 ,0xae ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x86 ,0x30 ,0x79 +,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 +,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 +,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c +,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 +,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xb0 ,0x40 ,0xaf ,0x25 +,0xfd ,0xbc ,0xd9 ,0xb1 ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x04 ,0x82 ,0x01 ,0x00 ,0xb2 ,0xcf ,0xbf ,0xba ,0xba ,0xaf ,0xde ,0x99 ,0xaf ,0x7f +,0x65 ,0x06 ,0x32 ,0x78 ,0x12 ,0xcb ,0xd5 ,0xe1 ,0x94 ,0xa7 ,0x9c ,0x4e ,0x9f ,0x02 ,0x4f ,0x16 +,0x36 ,0x6f ,0x56 ,0xc2 ,0xbd ,0x50 ,0x32 ,0x2f ,0x5b ,0x98 ,0x14 ,0x34 ,0xff ,0x91 ,0x9d ,0xdc +,0xcf ,0x93 ,0x9a ,0x53 ,0x63 ,0x5b ,0x2f ,0x63 ,0xa6 ,0x63 ,0xfe ,0xdc ,0x6d ,0x88 ,0x09 ,0x0c +,0x58 ,0xaa ,0x3a ,0x44 ,0x26 ,0x6b ,0x7e ,0xb0 ,0xb0 ,0x3e ,0x06 ,0x77 ,0xbc ,0x00 ,0xcf ,0x49 +,0x7f ,0x95 ,0xb4 ,0xba ,0x02 ,0x5f ,0x32 ,0xb2 ,0xba ,0xfc ,0x28 ,0x8d ,0x73 ,0xf7 ,0x59 ,0x23 +,0x01 ,0x70 ,0xdb ,0x93 ,0x8c ,0x54 ,0x05 ,0x34 ,0x06 ,0x0b ,0x8a ,0xb7 ,0xe0 ,0xa0 ,0xbc ,0x3e +,0xfd ,0xa4 ,0xc4 ,0x75 ,0x76 ,0x0f ,0xd1 ,0x81 ,0x6d ,0xb0 ,0x5b ,0x8f ,0xb7 ,0x71 ,0x7c ,0xd8 +,0x15 ,0xec ,0x0c ,0x6e ,0x38 ,0x04 ,0x5e ,0x84 ,0x3e ,0x1a ,0xb9 ,0xa0 ,0x69 ,0x55 ,0xb3 ,0xbe +,0x81 ,0x51 ,0xaa ,0x67 ,0x28 ,0x15 ,0x12 ,0xb9 ,0x1d ,0x51 ,0x06 ,0xe0 ,0x8a ,0x9c ,0x9a ,0x61 +,0x3a ,0x08 ,0x3a ,0x77 ,0x2c ,0x09 ,0x5b ,0xcc ,0xf3 ,0x0c ,0x78 ,0x64 ,0x35 ,0x4d ,0x8d ,0x8d +,0x46 ,0xf7 ,0x8e ,0x32 ,0x82 ,0x93 ,0xcd ,0xff ,0x22 ,0x30 ,0x0a ,0x63 ,0xbe ,0x32 ,0xc6 ,0x25 +,0x2e ,0xb8 ,0x18 ,0x80 ,0x0c ,0xf2 ,0x1c ,0xaa ,0x60 ,0x05 ,0x15 ,0xfe ,0x2f ,0x87 ,0x48 ,0xa2 +,0xfb ,0xe2 ,0xd2 ,0x53 ,0x4e ,0xf9 ,0x4e ,0x5e ,0xa7 ,0x11 ,0x11 ,0xe5 ,0x2c ,0xae ,0xaa ,0xb8 +,0xfc ,0x66 ,0x5c ,0x5d ,0x2d ,0xab ,0x56 ,0xa0 ,0xd8 ,0xf1 ,0x36 ,0x39 ,0xa8 ,0xb4 ,0x93 ,0xb6 +,0x38 ,0xe2 ,0x36 ,0x97 ,0xad ,0x37 ,0x3a ,0xfe ,0x23 ,0x9d ,0x17 ,0x2a ,0xc2 ,0x9a ,0xca ,0x39 +,0x02 ,0x80 ,0xf4 ,0xfd ,0x49 ,0x80 ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 +,0xab ,0x15 ,0x5c ,0x2b ,0xf0 ,0x72 ,0xf6 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0xda ,0x03 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 +,0x09 ,0x00 ,0x99 ,0x04 ,0x63 ,0xe8 ,0x8c ,0x39 ,0xba ,0x08 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 +,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 +,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 +,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b +,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 +,0x44 ,0x42 ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 +,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e +,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 +,0x30 ,0x34 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 +,0x34 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 +,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 +,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 +,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 +,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 +,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x44 ,0x42 ,0x31 ,0x1f ,0x30 ,0x1d +,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 +,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 +,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 +,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xa9 ,0x0d +,0x4c ,0xc6 ,0xc3 ,0x61 ,0xe3 ,0x89 ,0xd8 ,0x6b ,0x02 ,0x78 ,0x2a ,0x49 ,0xc8 ,0x04 ,0x24 ,0xd9 +,0xae ,0xb2 ,0xa4 ,0xfa ,0x7d ,0xe9 ,0x94 ,0x59 ,0x6c ,0xb4 ,0x17 ,0xb2 ,0x2b ,0x3b ,0x7f ,0x2e +,0x1a ,0xbf ,0xc8 ,0x8e ,0xb7 ,0xe8 ,0xe1 ,0x79 ,0x9f ,0xed ,0x45 ,0x64 ,0x0a ,0x58 ,0x52 ,0x4b +,0x1f ,0xf1 ,0xe9 ,0xf6 ,0xc7 ,0x98 ,0xe6 ,0x1c ,0x0b ,0xe9 ,0x2e ,0x61 ,0xc3 ,0x28 ,0x95 ,0x1b +,0xf9 ,0x25 ,0xc3 ,0x5f ,0xa1 ,0x55 ,0x06 ,0xbe ,0x4b ,0xd5 ,0xef ,0x51 ,0x4a ,0x64 ,0x6d ,0x6d +,0x02 ,0x3e ,0xcd ,0x61 ,0x1c ,0xc6 ,0xb6 ,0x84 ,0x65 ,0xee ,0xb5 ,0xb0 ,0x73 ,0x46 ,0x1a ,0x22 +,0xe7 ,0x3e ,0x22 ,0x5b ,0xbf ,0x52 ,0x19 ,0x69 ,0x34 ,0xc0 ,0xfd ,0x44 ,0x64 ,0xe7 ,0xca ,0xc0 +,0x29 ,0xb0 ,0x15 ,0x7a ,0xb7 ,0x47 ,0x59 ,0xbd ,0xac ,0x1d ,0xe3 ,0x5c ,0x70 ,0xb0 ,0x35 ,0xd2 +,0x11 ,0xd4 ,0x3e ,0x99 ,0x7e ,0x94 ,0x2c ,0x0b ,0x29 ,0xe0 ,0xf2 ,0xe5 ,0x8d ,0x34 ,0xd1 ,0xb3 +,0xfb ,0xdc ,0xe1 ,0x77 ,0x02 ,0x4e ,0x1e ,0xcf ,0xee ,0x82 ,0xe4 ,0x30 ,0x4b ,0x70 ,0xbe ,0x5e +,0x2b ,0x35 ,0x2f ,0x73 ,0xcc ,0xc2 ,0x45 ,0xd5 ,0xd3 ,0x8f ,0xd7 ,0xd2 ,0x36 ,0xc8 ,0x23 ,0xdd +,0x57 ,0xc6 ,0x86 ,0xd1 ,0x48 ,0xef ,0xd7 ,0x24 ,0x09 ,0x13 ,0xda ,0x22 ,0x31 ,0xa6 ,0x9d ,0x12 +,0x51 ,0xf2 ,0xff ,0x8c ,0x91 ,0xfb ,0x5b ,0xc2 ,0x3a ,0x58 ,0x92 ,0x7e ,0x79 ,0x8b ,0xdb ,0x62 +,0x17 ,0xd8 ,0x00 ,0x90 ,0xfc ,0x40 ,0xa5 ,0x39 ,0x82 ,0x3b ,0xde ,0xec ,0xb2 ,0xe2 ,0xe8 ,0x70 +,0x78 ,0xdf ,0x7d ,0x72 ,0x0d ,0xff ,0xd2 ,0x8a ,0xd5 ,0x0b ,0xb9 ,0xf0 ,0xe0 ,0x30 ,0xee ,0xdd +,0xa6 ,0xd2 ,0xa2 ,0x04 ,0xf7 ,0x38 ,0xc1 ,0xee ,0xd1 ,0xb3 ,0x91 ,0x42 ,0x64 ,0x71 ,0x02 ,0x03 +,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 +,0x04 ,0x14 ,0x59 ,0x42 ,0xac ,0x51 ,0xf6 ,0x4e ,0xc4 ,0xe5 ,0x34 ,0x80 ,0x9b ,0x61 ,0xfc ,0x48 +,0xf4 ,0xa6 ,0x24 ,0xc8 ,0x68 ,0xf3 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 +,0x16 ,0x80 ,0x14 ,0x59 ,0x42 ,0xac ,0x51 ,0xf6 ,0x4e ,0xc4 ,0xe5 ,0x34 ,0x80 ,0x9b ,0x61 ,0xfc +,0x48 ,0xf4 ,0xa6 ,0x24 ,0xc8 ,0x68 ,0xf3 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 +,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 +,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x90 ,0x90 ,0xf4 ,0x01 +,0xc1 ,0x37 ,0x11 ,0xcb ,0x31 ,0x64 ,0xe2 ,0x3f ,0x78 ,0x95 ,0x1d ,0x51 ,0x73 ,0x65 ,0x02 ,0x23 +,0x15 ,0xed ,0x46 ,0xa5 ,0x71 ,0x60 ,0x3e ,0x24 ,0xa8 ,0x1e ,0x51 ,0xcc ,0xc7 ,0x40 ,0x0d ,0x8a +,0x73 ,0xf1 ,0x40 ,0x60 ,0x6a ,0xbe ,0xce ,0xfa ,0xdf ,0xbc ,0x7d ,0x9c ,0x5f ,0x24 ,0x3b ,0x29 +,0x22 ,0xe5 ,0xda ,0xbd ,0x85 ,0x6d ,0x33 ,0x50 ,0xf8 ,0xb3 ,0x20 ,0x8e ,0x0d ,0xc4 ,0x14 ,0x93 +,0x0d ,0x8a ,0xd2 ,0x74 ,0x10 ,0x92 ,0x14 ,0x5e ,0xde ,0x5f ,0x33 ,0x3d ,0x39 ,0x18 ,0xd5 ,0xa2 +,0x4a ,0x42 ,0x8c ,0x64 ,0x75 ,0xd3 ,0xfa ,0x8d ,0xce ,0x57 ,0xda ,0xb6 ,0x44 ,0x6a ,0xb0 ,0x53 +,0xf1 ,0x00 ,0x53 ,0x64 ,0xd8 ,0xf7 ,0xa4 ,0xc2 ,0x1a ,0xa6 ,0x00 ,0xc4 ,0x40 ,0x63 ,0x61 ,0x38 +,0x97 ,0xe1 ,0x65 ,0xbd ,0x4f ,0x36 ,0x7c ,0x77 ,0x8c ,0x26 ,0x41 ,0xa3 ,0x69 ,0x10 ,0x87 ,0xf4 +,0x66 ,0xe2 ,0xad ,0x13 ,0x60 ,0x77 ,0x71 ,0xf6 ,0xc2 ,0xad ,0xec ,0x9c ,0xac ,0x85 ,0xf9 ,0x5d +,0xaf ,0xa4 ,0x19 ,0x70 ,0xb9 ,0xe4 ,0xfa ,0xbf ,0x5b ,0x00 ,0x2f ,0x46 ,0xd9 ,0xc4 ,0x9a ,0x32 +,0x96 ,0xb7 ,0x7f ,0x22 ,0xf9 ,0xa4 ,0xea ,0xba ,0xc8 ,0xb8 ,0x59 ,0xbd ,0x12 ,0x30 ,0x76 ,0x50 +,0x4f ,0x62 ,0x72 ,0x05 ,0xe2 ,0xf4 ,0x29 ,0x91 ,0x05 ,0x28 ,0xba ,0x3c ,0xf0 ,0x6b ,0x1e ,0x54 +,0xa2 ,0x47 ,0xa7 ,0xfc ,0x64 ,0x20 ,0x9c ,0xf1 ,0x95 ,0xe3 ,0xd1 ,0xc9 ,0x37 ,0xe8 ,0xeb ,0x4e +,0xda ,0x2b ,0x5f ,0x1c ,0x7a ,0xb3 ,0xe2 ,0x0a ,0x01 ,0x5c ,0x7a ,0x1e ,0xfc ,0x24 ,0x60 ,0x14 +,0x75 ,0xcd ,0xe9 ,0x9e ,0x77 ,0xbf ,0x3a ,0x6f ,0xd7 ,0x7f ,0x42 ,0x14 ,0x94 ,0x27 ,0x0b ,0x6e +,0x1d ,0x78 ,0x9b ,0xc5 ,0x82 ,0x28 ,0xf7 ,0x78 ,0xc4 ,0xdf ,0x4e ,0x85 }; + +unsigned int InvalidKEK_auth_len = 2524; diff --git a/libstb/secvar/test/data/malformedkek.h b/libstb/secvar/test/data/malformedkek.h new file mode 100644 index 00000000..9e98e5b5 --- /dev/null +++ b/libstb/secvar/test/data/malformedkek.h @@ -0,0 +1,102 @@ +unsigned char MalformedKEK_auth[] = +{0xe4 ,0x07 ,0x09 ,0x0e ,0x0f ,0x1c ,0x1f ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd3 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xb7 ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xa8 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 +,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 +,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 +,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 +,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 +,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 +,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 +,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f +,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e +,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 +,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 +,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 +,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 +,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d +,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea +,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 +,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 +,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 +,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 +,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 +,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb +,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 +,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 +,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e +,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d +,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 +,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f +,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e +,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe +,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 +,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 +,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba +,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 +,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 +,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c +,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba +,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 +,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 +,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 +,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 +,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc +,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc +,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 +,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab +,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 +,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a +,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b +,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 +,0x01 ,0xb1 ,0x30 ,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 +,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 +,0x82 ,0x01 ,0x00 ,0x70 ,0xd0 ,0x21 ,0x6e ,0xdf ,0x7c ,0xdb ,0x40 ,0x84 ,0xc9 ,0x08 ,0xb0 ,0x93 +,0x9b ,0x03 ,0xa7 ,0x6f ,0x41 ,0x47 ,0xf1 ,0x41 ,0xf3 ,0xce ,0x05 ,0xeb ,0x27 ,0x58 ,0x1f ,0x95 +,0x79 ,0x29 ,0x82 ,0xf6 ,0x9c ,0x45 ,0x53 ,0x9e ,0x40 ,0x71 ,0xa1 ,0xae ,0x90 ,0x80 ,0xd2 ,0xc9 +,0x5f ,0x69 ,0xd5 ,0xb1 ,0xad ,0x69 ,0xeb ,0x25 ,0xba ,0x2d ,0x8a ,0x18 ,0x0a ,0x80 ,0x37 ,0xe7 +,0x3b ,0x6b ,0x2e ,0x2c ,0x0f ,0x08 ,0x4c ,0xd1 ,0x50 ,0xc8 ,0xe9 ,0x33 ,0x22 ,0x43 ,0x0b ,0x66 +,0x41 ,0xc4 ,0x82 ,0x9f ,0xc5 ,0xe5 ,0x57 ,0xe7 ,0xbb ,0xca ,0xfb ,0xbe ,0xab ,0xaf ,0x55 ,0xee +,0x56 ,0xca ,0x32 ,0xdc ,0x49 ,0xb9 ,0x6d ,0x6e ,0x8d ,0x99 ,0x87 ,0x95 ,0x2d ,0xe3 ,0xfa ,0xd3 +,0x55 ,0x1c ,0xe9 ,0x53 ,0xf7 ,0xee ,0xaf ,0x2b ,0x75 ,0x4d ,0x97 ,0x98 ,0x83 ,0xea ,0x48 ,0x68 +,0x52 ,0xae ,0x65 ,0xab ,0x44 ,0x09 ,0x14 ,0x19 ,0x6d ,0x99 ,0xbf ,0x2d ,0xf7 ,0x03 ,0x63 ,0x98 +,0x0b ,0xec ,0xe1 ,0xf6 ,0x93 ,0xb3 ,0xe1 ,0x60 ,0xe8 ,0x17 ,0xfa ,0xb8 ,0xec ,0xcd ,0x42 ,0xe0 +,0x27 ,0xf4 ,0xb3 ,0xa3 ,0x37 ,0x95 ,0x82 ,0xb4 ,0x65 ,0xdf ,0xbe ,0xbc ,0xde ,0xea ,0xe3 ,0xd3 +,0x8e ,0x65 ,0x19 ,0x9e ,0x28 ,0x8a ,0x70 ,0x30 ,0xf1 ,0xd7 ,0x95 ,0xf7 ,0xcd ,0x19 ,0xd1 ,0x3b +,0x4a ,0x04 ,0xcf ,0x7b ,0x81 ,0x58 ,0x59 ,0x5a ,0x7e ,0x67 ,0x89 ,0x6a ,0x40 ,0xe0 ,0x07 ,0xe6 +,0x17 ,0xcd ,0x8b ,0xc4 ,0x05 ,0xe1 ,0x0d ,0x10 ,0x66 ,0xbf ,0x3b ,0x95 ,0xde ,0x82 ,0x1c ,0x07 +,0x38 ,0x15 ,0xe1 ,0x70 ,0x25 ,0xa2 ,0x52 ,0x30 ,0x87 ,0x4b ,0x71 ,0xb6 ,0x71 ,0x5a ,0x7f ,0x45 +,0x58 ,0xf8 ,0x09 ,0xc8 ,0xba ,0x53 ,0xf5 ,0x07 ,0x08 ,0x25 ,0x4a ,0xbb ,0x84 ,0x5e ,0x09 ,0xd8 +,0x92 ,0xcf ,0x42 ,0x26 ,0x16 ,0xc4 ,0xc1 ,0x4c ,0x50 ,0x92 ,0x40 ,0xac ,0xa9 ,0x41 ,0xf9 ,0x36 +,0x93 ,0x43 ,0x28 ,0x4c ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 ,0x00 ,0x00 ,0x00 ,0x50 +,0xab ,0x5d ,0x60 ,0x46 ,0xe0 ,0x00 ,0x43 ,0xab ,0xb6 ,0x3d ,0xd8 ,0x10 ,0xdd ,0x8b ,0x23 ,0xfc +,0xe7 ,0x8e ,0x16 ,0xb1 ,0xdd ,0x1f ,0xdc ,0xf2 ,0x7e ,0xb7 ,0xa8 ,0x83 ,0x28 ,0x9b ,0xf0 ,0x10 +,0x66 ,0xea ,0x30 ,0x22 ,0x67 ,0xc7 ,0xd4 ,0x56 ,0xb0 ,0x90 ,0xd5 ,0xd6 ,0xa1 ,0x48 ,0x92 }; + +unsigned int MalformedKEK_auth_len = 1583; diff --git a/libstb/secvar/test/data/multipleDB.h b/libstb/secvar/test/data/multipleDB.h new file mode 100644 index 00000000..37876482 --- /dev/null +++ b/libstb/secvar/test/data/multipleDB.h @@ -0,0 +1,225 @@ +unsigned char multipleDB_auth[] = { +0xe4 ,0x07 ,0x09 ,0x0e ,0x10 ,0x1c ,0x2f ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd9 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xbd ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xae ,0x30 ,0x82 ,0x05 ,0xaa ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xce ,0x30 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x02 ,0xb2 ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xee ,0x9a ,0xcd ,0x6d ,0x46 ,0xac ,0xda ,0xd7 ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x7a ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0d ,0x30 ,0x0b ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x04 ,0x4b ,0x45 ,0x4b ,0x31 ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 +,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 +,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 +,0x34 ,0x31 ,0x38 ,0x34 ,0x38 ,0x30 ,0x39 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 +,0x31 ,0x38 ,0x34 ,0x38 ,0x30 ,0x39 ,0x5a ,0x30 ,0x7a ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 +,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c +,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c +,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a +,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 +,0x4c ,0x54 ,0x43 ,0x31 ,0x0d ,0x30 ,0x0b ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x04 ,0x4b ,0x45 +,0x4b ,0x31 ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 +,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e +,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 +,0x82 ,0x01 ,0x01 ,0x00 ,0xad ,0xd0 ,0x43 ,0x6b ,0x3c ,0xa2 ,0xbd ,0xb8 ,0x30 ,0x26 ,0xa9 ,0x2a +,0xa7 ,0x63 ,0xb6 ,0x59 ,0x27 ,0xfb ,0x28 ,0xd5 ,0x5a ,0x3c ,0x2f ,0x8b ,0x8f ,0x71 ,0xda ,0x2a +,0x15 ,0x30 ,0x3c ,0x07 ,0xd5 ,0x6c ,0x4e ,0xe4 ,0xff ,0x30 ,0x24 ,0x6c ,0x72 ,0x26 ,0xf6 ,0x5b +,0x22 ,0xea ,0x12 ,0x96 ,0xf8 ,0x20 ,0x71 ,0xb5 ,0xa8 ,0x9e ,0xdc ,0xd8 ,0xbf ,0x5c ,0xa3 ,0xd6 +,0x5a ,0xa6 ,0x17 ,0xe3 ,0x91 ,0x92 ,0x31 ,0x25 ,0x1f ,0x36 ,0x76 ,0x21 ,0x15 ,0x04 ,0x4c ,0xdd +,0x77 ,0x09 ,0xd6 ,0xe2 ,0x71 ,0x2e ,0x85 ,0x43 ,0x4d ,0x5e ,0x37 ,0x30 ,0x01 ,0x03 ,0x6b ,0x61 +,0xce ,0x08 ,0xd8 ,0xa9 ,0xaa ,0x6b ,0x24 ,0x41 ,0x64 ,0xd3 ,0x6a ,0x8a ,0xb7 ,0x4f ,0xf4 ,0xaf +,0x92 ,0x6e ,0x39 ,0x35 ,0x6a ,0x5c ,0xeb ,0xbb ,0x91 ,0xff ,0xa3 ,0x28 ,0xee ,0xde ,0x13 ,0xfb +,0x9d ,0xae ,0x6e ,0x00 ,0xb5 ,0x32 ,0xc8 ,0xcf ,0x17 ,0x9a ,0xef ,0x6b ,0xcd ,0x4c ,0x23 ,0xf7 +,0xc6 ,0x00 ,0x87 ,0x66 ,0xac ,0xb6 ,0x41 ,0x07 ,0x97 ,0x14 ,0x9e ,0x48 ,0x1f ,0x74 ,0xde ,0x05 +,0xe4 ,0x46 ,0xc3 ,0xb9 ,0xc3 ,0x72 ,0xeb ,0xca ,0x43 ,0x08 ,0x41 ,0x1f ,0x16 ,0xa8 ,0x3e ,0x5b +,0xd3 ,0x22 ,0xa7 ,0x7f ,0xdf ,0x57 ,0xc0 ,0x7d ,0x52 ,0x2a ,0xfb ,0xcb ,0xbe ,0x78 ,0xfa ,0x8f +,0x71 ,0x08 ,0x7e ,0x41 ,0x8a ,0x0e ,0xe1 ,0x6a ,0x2f ,0x94 ,0xe3 ,0x46 ,0xbc ,0x1b ,0xe9 ,0xd2 +,0x9c ,0x86 ,0x7a ,0xf8 ,0xe6 ,0x0d ,0x27 ,0x53 ,0x94 ,0x08 ,0x21 ,0x72 ,0xb0 ,0x33 ,0x8f ,0xcf +,0x40 ,0xc9 ,0x5e ,0x26 ,0x36 ,0xc2 ,0xcd ,0x41 ,0x7c ,0x58 ,0x25 ,0x7c ,0xed ,0xf2 ,0x73 ,0x34 +,0xb8 ,0xf6 ,0x16 ,0x75 ,0x80 ,0xe7 ,0x63 ,0x91 ,0xe5 ,0x1c ,0x24 ,0x15 ,0xf3 ,0xf5 ,0xca ,0x38 +,0x28 ,0x1e ,0xa5 ,0x0d ,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 +,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 ,0x14 ,0xce ,0x7d ,0xc6 ,0x2c ,0x19 ,0x32 ,0xfe ,0x51 +,0x4a ,0x06 ,0x17 ,0x4b ,0xe7 ,0x8c ,0x2e ,0x30 ,0x35 ,0xf2 ,0xfc ,0xab ,0x30 ,0x1f ,0x06 ,0x03 +,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0xce ,0x7d ,0xc6 ,0x2c ,0x19 ,0x32 ,0xfe +,0x51 ,0x4a ,0x06 ,0x17 ,0x4b ,0xe7 ,0x8c ,0x2e ,0x30 ,0x35 ,0xf2 ,0xfc ,0xab ,0x30 ,0x0f ,0x06 +,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d +,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 +,0x01 ,0x00 ,0x9e ,0x63 ,0xd0 ,0xd8 ,0x70 ,0x78 ,0x42 ,0x2d ,0xc9 ,0xdb ,0xc9 ,0x8d ,0x47 ,0xda +,0x72 ,0x7b ,0xa9 ,0xb2 ,0x26 ,0x67 ,0x98 ,0xb6 ,0x17 ,0xe6 ,0xf3 ,0x0f ,0xd8 ,0xc9 ,0x10 ,0x95 +,0xb0 ,0x99 ,0xee ,0x76 ,0x74 ,0x24 ,0x7f ,0xce ,0x49 ,0x28 ,0x46 ,0xfd ,0x66 ,0x9a ,0x3e ,0x66 +,0x0d ,0xed ,0x6e ,0x54 ,0xc7 ,0xb9 ,0x64 ,0xc3 ,0xb3 ,0xa6 ,0xb8 ,0xb2 ,0x71 ,0xa5 ,0x00 ,0x33 +,0xf4 ,0xed ,0x44 ,0x38 ,0xa1 ,0x28 ,0xcc ,0x88 ,0xe7 ,0xc8 ,0x53 ,0x47 ,0x90 ,0xc2 ,0x37 ,0xe7 +,0xbb ,0x37 ,0x61 ,0x36 ,0x96 ,0x96 ,0x96 ,0x3a ,0xe9 ,0x63 ,0xfc ,0xc2 ,0x98 ,0xc4 ,0x75 ,0x62 +,0x60 ,0xc5 ,0x19 ,0x98 ,0xf0 ,0xd3 ,0x03 ,0xc2 ,0x45 ,0x06 ,0x54 ,0xa3 ,0x75 ,0x29 ,0x92 ,0x91 +,0x1c ,0xef ,0x42 ,0xba ,0x9f ,0x65 ,0x87 ,0xb0 ,0x9a ,0xbb ,0xbf ,0x09 ,0xde ,0xe3 ,0x28 ,0xce +,0xb3 ,0x72 ,0xb0 ,0x64 ,0xec ,0xf3 ,0x3e ,0x64 ,0xe6 ,0x62 ,0x40 ,0xbd ,0x6b ,0x16 ,0xd3 ,0xac +,0x94 ,0x2a ,0x15 ,0x27 ,0xa6 ,0x54 ,0x31 ,0xa9 ,0x05 ,0xae ,0xb5 ,0x72 ,0xe5 ,0x8e ,0x0e ,0x93 +,0xe9 ,0xd6 ,0x67 ,0xd1 ,0xba ,0x86 ,0xa1 ,0x2c ,0x84 ,0x43 ,0xa6 ,0x8b ,0x43 ,0x6f ,0x5f ,0x2c +,0x6c ,0xcc ,0x91 ,0x60 ,0x29 ,0x45 ,0xdf ,0x95 ,0x4e ,0x82 ,0xee ,0xea ,0x1e ,0x5d ,0x34 ,0x5a +,0xc0 ,0x65 ,0x07 ,0x85 ,0x00 ,0x4c ,0x4c ,0x42 ,0x8f ,0x28 ,0x3a ,0x95 ,0xfb ,0x96 ,0xa0 ,0x1c +,0x97 ,0xfc ,0x42 ,0x78 ,0x11 ,0x77 ,0xdf ,0xdf ,0x6c ,0xdc ,0x61 ,0xaf ,0x2a ,0x00 ,0x93 ,0xa6 +,0xca ,0x81 ,0xb4 ,0x9f ,0x3e ,0x9b ,0x61 ,0x89 ,0xdb ,0x36 ,0x1d ,0x99 ,0x4e ,0xbc ,0x50 ,0xcb +,0x55 ,0xbc ,0xe7 ,0x34 ,0x70 ,0xf7 ,0x31 ,0x3a ,0xf2 ,0xca ,0xb2 ,0x83 ,0x1a ,0xb4 ,0xe7 ,0x20 +,0x2d ,0x1a ,0x31 ,0x82 ,0x01 ,0xb3 ,0x30 ,0x82 ,0x01 ,0xaf ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x87 +,0x30 ,0x7a ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 +,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 +,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e +,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c +,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0d ,0x30 ,0x0b +,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x04 ,0x4b ,0x45 ,0x4b ,0x31 ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 +,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e +,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xee +,0x9a ,0xcd ,0x6d ,0x46 ,0xac ,0xda ,0xd7 ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 +,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 ,0x82 ,0x01 ,0x00 ,0x40 ,0x75 ,0x08 ,0xb4 ,0x23 ,0x52 ,0xd3 +,0xf7 ,0x2e ,0x32 ,0x71 ,0xa3 ,0xa7 ,0xde ,0x2c ,0x09 ,0xc2 ,0xa7 ,0xc4 ,0x02 ,0xc9 ,0x68 ,0xe9 +,0x98 ,0xcc ,0x6d ,0xf8 ,0xcc ,0x39 ,0x8c ,0x09 ,0x52 ,0x1c ,0xca ,0x8a ,0x6e ,0xff ,0x7c ,0x41 +,0x66 ,0x5d ,0x32 ,0x7b ,0xea ,0x33 ,0xec ,0x8e ,0xc7 ,0x1c ,0x4e ,0xdf ,0x67 ,0x59 ,0x88 ,0x9a +,0xb8 ,0x3a ,0x57 ,0x18 ,0x50 ,0xc9 ,0xc4 ,0x7a ,0xe2 ,0x77 ,0x2a ,0x80 ,0x45 ,0xdc ,0xc4 ,0xd7 +,0x65 ,0x47 ,0x72 ,0xe2 ,0xa3 ,0x1e ,0xd8 ,0x1f ,0x80 ,0x90 ,0x41 ,0xbf ,0x00 ,0x4e ,0xce ,0xa9 +,0xd5 ,0x6e ,0xbb ,0x75 ,0xa3 ,0x98 ,0xf8 ,0x2d ,0x57 ,0x41 ,0xb9 ,0x41 ,0x6d ,0xc2 ,0x4e ,0xa3 +,0x08 ,0x33 ,0x66 ,0x08 ,0xf9 ,0xe5 ,0x04 ,0x4d ,0xe6 ,0x97 ,0xdb ,0xb3 ,0x78 ,0xcf ,0xdc ,0xe3 +,0x8d ,0x44 ,0x8f ,0x74 ,0x2a ,0x9c ,0x03 ,0x78 ,0xb6 ,0xeb ,0xc5 ,0xbb ,0x01 ,0xf1 ,0xc1 ,0x3b +,0x1f ,0x4f ,0x60 ,0xeb ,0x09 ,0x26 ,0xcb ,0x6f ,0x58 ,0x40 ,0x6a ,0x1a ,0x32 ,0x08 ,0x6d ,0x7c +,0xa7 ,0x04 ,0x9f ,0x51 ,0x15 ,0x29 ,0x9e ,0x53 ,0x16 ,0xc6 ,0x5e ,0x77 ,0x09 ,0xe4 ,0xa1 ,0xf8 +,0x5f ,0x4f ,0x87 ,0xb6 ,0x05 ,0xfb ,0xf3 ,0xf6 ,0xc1 ,0x8e ,0xa0 ,0xef ,0x7f ,0x0c ,0xe1 ,0x8b +,0x64 ,0x1e ,0xfd ,0x01 ,0xed ,0x68 ,0x87 ,0x56 ,0xe9 ,0xc6 ,0x87 ,0x83 ,0x05 ,0x89 ,0x94 ,0x76 +,0x4f ,0xaa ,0xd0 ,0x27 ,0xf1 ,0x03 ,0xec ,0x4c ,0x01 ,0x8f ,0xc2 ,0x9a ,0x3b ,0xb6 ,0x70 ,0x6f +,0x4e ,0x54 ,0x48 ,0x1f ,0xfa ,0x7f ,0x8f ,0x69 ,0x86 ,0x37 ,0x57 ,0x9d ,0x35 ,0x11 ,0xeb ,0x54 +,0x6b ,0xa3 ,0x1d ,0x90 ,0x21 ,0x0e ,0xd0 ,0xc1 ,0xb5 ,0x66 ,0xd9 ,0xe6 ,0xa2 ,0x9f ,0x85 ,0xdf +,0x1a ,0xb6 ,0xd0 ,0x3d ,0x9c ,0xa1 ,0xb7 ,0x41 ,0x02 ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 +,0x4a ,0x87 ,0xb5 ,0xab ,0x15 ,0x5c ,0x2b ,0xf0 ,0x72 ,0xf6 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0x00 ,0xda ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 +,0x01 ,0x02 ,0x02 ,0x09 ,0x00 ,0x99 ,0x04 ,0x63 ,0xe8 ,0x8c ,0x39 ,0xba ,0x08 ,0x30 ,0x0d ,0x06 +,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x44 ,0x42 ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 +,0x31 ,0x35 ,0x35 ,0x30 ,0x34 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x34 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 +,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 +,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c +,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c +,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x44 ,0x42 ,0x31 +,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 +,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d +,0x30 ,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 +,0x01 ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 +,0x00 ,0xa9 ,0x0d ,0x4c ,0xc6 ,0xc3 ,0x61 ,0xe3 ,0x89 ,0xd8 ,0x6b ,0x02 ,0x78 ,0x2a ,0x49 ,0xc8 +,0x04 ,0x24 ,0xd9 ,0xae ,0xb2 ,0xa4 ,0xfa ,0x7d ,0xe9 ,0x94 ,0x59 ,0x6c ,0xb4 ,0x17 ,0xb2 ,0x2b +,0x3b ,0x7f ,0x2e ,0x1a ,0xbf ,0xc8 ,0x8e ,0xb7 ,0xe8 ,0xe1 ,0x79 ,0x9f ,0xed ,0x45 ,0x64 ,0x0a +,0x58 ,0x52 ,0x4b ,0x1f ,0xf1 ,0xe9 ,0xf6 ,0xc7 ,0x98 ,0xe6 ,0x1c ,0x0b ,0xe9 ,0x2e ,0x61 ,0xc3 +,0x28 ,0x95 ,0x1b ,0xf9 ,0x25 ,0xc3 ,0x5f ,0xa1 ,0x55 ,0x06 ,0xbe ,0x4b ,0xd5 ,0xef ,0x51 ,0x4a +,0x64 ,0x6d ,0x6d ,0x02 ,0x3e ,0xcd ,0x61 ,0x1c ,0xc6 ,0xb6 ,0x84 ,0x65 ,0xee ,0xb5 ,0xb0 ,0x73 +,0x46 ,0x1a ,0x22 ,0xe7 ,0x3e ,0x22 ,0x5b ,0xbf ,0x52 ,0x19 ,0x69 ,0x34 ,0xc0 ,0xfd ,0x44 ,0x64 +,0xe7 ,0xca ,0xc0 ,0x29 ,0xb0 ,0x15 ,0x7a ,0xb7 ,0x47 ,0x59 ,0xbd ,0xac ,0x1d ,0xe3 ,0x5c ,0x70 +,0xb0 ,0x35 ,0xd2 ,0x11 ,0xd4 ,0x3e ,0x99 ,0x7e ,0x94 ,0x2c ,0x0b ,0x29 ,0xe0 ,0xf2 ,0xe5 ,0x8d +,0x34 ,0xd1 ,0xb3 ,0xfb ,0xdc ,0xe1 ,0x77 ,0x02 ,0x4e ,0x1e ,0xcf ,0xee ,0x82 ,0xe4 ,0x30 ,0x4b +,0x70 ,0xbe ,0x5e ,0x2b ,0x35 ,0x2f ,0x73 ,0xcc ,0xc2 ,0x45 ,0xd5 ,0xd3 ,0x8f ,0xd7 ,0xd2 ,0x36 +,0xc8 ,0x23 ,0xdd ,0x57 ,0xc6 ,0x86 ,0xd1 ,0x48 ,0xef ,0xd7 ,0x24 ,0x09 ,0x13 ,0xda ,0x22 ,0x31 +,0xa6 ,0x9d ,0x12 ,0x51 ,0xf2 ,0xff ,0x8c ,0x91 ,0xfb ,0x5b ,0xc2 ,0x3a ,0x58 ,0x92 ,0x7e ,0x79 +,0x8b ,0xdb ,0x62 ,0x17 ,0xd8 ,0x00 ,0x90 ,0xfc ,0x40 ,0xa5 ,0x39 ,0x82 ,0x3b ,0xde ,0xec ,0xb2 +,0xe2 ,0xe8 ,0x70 ,0x78 ,0xdf ,0x7d ,0x72 ,0x0d ,0xff ,0xd2 ,0x8a ,0xd5 ,0x0b ,0xb9 ,0xf0 ,0xe0 +,0x30 ,0xee ,0xdd ,0xa6 ,0xd2 ,0xa2 ,0x04 ,0xf7 ,0x38 ,0xc1 ,0xee ,0xd1 ,0xb3 ,0x91 ,0x42 ,0x64 +,0x71 ,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d +,0x0e ,0x04 ,0x16 ,0x04 ,0x14 ,0x59 ,0x42 ,0xac ,0x51 ,0xf6 ,0x4e ,0xc4 ,0xe5 ,0x34 ,0x80 ,0x9b +,0x61 ,0xfc ,0x48 ,0xf4 ,0xa6 ,0x24 ,0xc8 ,0x68 ,0xf3 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 +,0x04 ,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x59 ,0x42 ,0xac ,0x51 ,0xf6 ,0x4e ,0xc4 ,0xe5 ,0x34 ,0x80 +,0x9b ,0x61 ,0xfc ,0x48 ,0xf4 ,0xa6 ,0x24 ,0xc8 ,0x68 ,0xf3 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d +,0x13 ,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a +,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x90 +,0x90 ,0xf4 ,0x01 ,0xc1 ,0x37 ,0x11 ,0xcb ,0x31 ,0x64 ,0xe2 ,0x3f ,0x78 ,0x95 ,0x1d ,0x51 ,0x73 +,0x65 ,0x02 ,0x23 ,0x15 ,0xed ,0x46 ,0xa5 ,0x71 ,0x60 ,0x3e ,0x24 ,0xa8 ,0x1e ,0x51 ,0xcc ,0xc7 +,0x40 ,0x0d ,0x8a ,0x73 ,0xf1 ,0x40 ,0x60 ,0x6a ,0xbe ,0xce ,0xfa ,0xdf ,0xbc ,0x7d ,0x9c ,0x5f +,0x24 ,0x3b ,0x29 ,0x22 ,0xe5 ,0xda ,0xbd ,0x85 ,0x6d ,0x33 ,0x50 ,0xf8 ,0xb3 ,0x20 ,0x8e ,0x0d +,0xc4 ,0x14 ,0x93 ,0x0d ,0x8a ,0xd2 ,0x74 ,0x10 ,0x92 ,0x14 ,0x5e ,0xde ,0x5f ,0x33 ,0x3d ,0x39 +,0x18 ,0xd5 ,0xa2 ,0x4a ,0x42 ,0x8c ,0x64 ,0x75 ,0xd3 ,0xfa ,0x8d ,0xce ,0x57 ,0xda ,0xb6 ,0x44 +,0x6a ,0xb0 ,0x53 ,0xf1 ,0x00 ,0x53 ,0x64 ,0xd8 ,0xf7 ,0xa4 ,0xc2 ,0x1a ,0xa6 ,0x00 ,0xc4 ,0x40 +,0x63 ,0x61 ,0x38 ,0x97 ,0xe1 ,0x65 ,0xbd ,0x4f ,0x36 ,0x7c ,0x77 ,0x8c ,0x26 ,0x41 ,0xa3 ,0x69 +,0x10 ,0x87 ,0xf4 ,0x66 ,0xe2 ,0xad ,0x13 ,0x60 ,0x77 ,0x71 ,0xf6 ,0xc2 ,0xad ,0xec ,0x9c ,0xac +,0x85 ,0xf9 ,0x5d ,0xaf ,0xa4 ,0x19 ,0x70 ,0xb9 ,0xe4 ,0xfa ,0xbf ,0x5b ,0x00 ,0x2f ,0x46 ,0xd9 +,0xc4 ,0x9a ,0x32 ,0x96 ,0xb7 ,0x7f ,0x22 ,0xf9 ,0xa4 ,0xea ,0xba ,0xc8 ,0xb8 ,0x59 ,0xbd ,0x12 +,0x30 ,0x76 ,0x50 ,0x4f ,0x62 ,0x72 ,0x05 ,0xe2 ,0xf4 ,0x29 ,0x91 ,0x05 ,0x28 ,0xba ,0x3c ,0xf0 +,0x6b ,0x1e ,0x54 ,0xa2 ,0x47 ,0xa7 ,0xfc ,0x64 ,0x20 ,0x9c ,0xf1 ,0x95 ,0xe3 ,0xd1 ,0xc9 ,0x37 +,0xe8 ,0xeb ,0x4e ,0xda ,0x2b ,0x5f ,0x1c ,0x7a ,0xb3 ,0xe2 ,0x0a ,0x01 ,0x5c ,0x7a ,0x1e ,0xfc +,0x24 ,0x60 ,0x14 ,0x75 ,0xcd ,0xe9 ,0x9e ,0x77 ,0xbf ,0x3a ,0x6f ,0xd7 ,0x7f ,0x42 ,0x14 ,0x94 +,0x27 ,0x0b ,0x6e ,0x1d ,0x78 ,0x9b ,0xc5 ,0x82 ,0x28 ,0xf7 ,0x78 ,0xc4 ,0xdf ,0x4e ,0x85 ,0xa1 +,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 ,0xab ,0x15 ,0x5c ,0x2b ,0xf0 ,0x72 ,0xf8 +,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0xdc ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 ,0x82 ,0x03 ,0xc8 ,0x30 +,0x82 ,0x02 ,0xb0 ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 ,0x00 ,0x8a ,0x52 ,0x0c ,0xa5 ,0x92 +,0xb0 ,0xcc ,0x93 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b +,0x05 ,0x00 ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 +,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 +,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 +,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d +,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0c +,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x44 ,0x42 ,0x31 ,0x31 ,0x1f ,0x30 ,0x1d +,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 +,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 +,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x32 ,0x30 ,0x32 ,0x30 ,0x30 ,0x31 ,0x5a ,0x17 ,0x0d +,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x32 ,0x30 ,0x32 ,0x30 ,0x30 ,0x31 ,0x5a ,0x30 ,0x79 ,0x31 +,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c +,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d +,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 +,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x03 ,0x0c ,0x03 ,0x44 ,0x42 ,0x31 ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 +,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e +,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 +,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xc4 ,0xf0 ,0x54 ,0xd5 ,0x27 ,0x42 ,0xe9 +,0x35 ,0x6c ,0x01 ,0x79 ,0x90 ,0x7c ,0x96 ,0x9e ,0xc4 ,0x58 ,0xd3 ,0xf5 ,0x32 ,0xdf ,0xd7 ,0xe3 +,0xf7 ,0x5b ,0xe0 ,0x56 ,0x1c ,0x15 ,0xe7 ,0xb4 ,0x6b ,0xa6 ,0x5e ,0xfa ,0xbd ,0x81 ,0x72 ,0x08 +,0x54 ,0xe0 ,0xdc ,0xdd ,0xaa ,0x12 ,0xbc ,0xb7 ,0x48 ,0xf7 ,0xe1 ,0x4d ,0xa2 ,0x25 ,0x82 ,0xa9 +,0xe0 ,0x2a ,0x3b ,0x93 ,0x59 ,0x8a ,0x12 ,0x67 ,0x55 ,0x92 ,0xca ,0x9d ,0x9f ,0x3d ,0x87 ,0xc7 +,0x92 ,0x8d ,0x4b ,0xb0 ,0xb8 ,0x67 ,0xee ,0xad ,0x05 ,0xc3 ,0xd7 ,0x75 ,0x46 ,0xb5 ,0x15 ,0x67 +,0xed ,0x8c ,0x35 ,0x2e ,0xb3 ,0x27 ,0x55 ,0xf2 ,0x63 ,0xa3 ,0xd9 ,0x5f ,0x53 ,0xfa ,0x6f ,0x2b +,0x81 ,0xf6 ,0x05 ,0x38 ,0xde ,0x82 ,0x6d ,0x4b ,0x26 ,0xa1 ,0xf8 ,0x28 ,0x4a ,0xb8 ,0xee ,0x83 +,0xfa ,0xef ,0x89 ,0x70 ,0x7c ,0xde ,0xf4 ,0xfc ,0xc7 ,0x4a ,0xe9 ,0x02 ,0x29 ,0x94 ,0x90 ,0xb6 +,0x99 ,0xae ,0x9c ,0x6c ,0xda ,0x22 ,0x17 ,0x2c ,0x41 ,0x91 ,0x34 ,0x8f ,0x68 ,0xa2 ,0x9d ,0x54 +,0xf5 ,0xc3 ,0xca ,0xc8 ,0x14 ,0x3a ,0x98 ,0x1f ,0x3d ,0xd9 ,0x4e ,0xc3 ,0x5e ,0xe3 ,0x44 ,0x5e +,0x8c ,0xf6 ,0x37 ,0x7a ,0x5f ,0x9e ,0x55 ,0x71 ,0xa9 ,0x34 ,0xcd ,0x19 ,0x93 ,0x09 ,0xff ,0x2e +,0x9e ,0xd9 ,0x6d ,0x6d ,0x70 ,0xeb ,0x88 ,0x45 ,0xa2 ,0x20 ,0x32 ,0x1b ,0x97 ,0x96 ,0x2a ,0x28 +,0xb0 ,0x9d ,0x5a ,0x79 ,0x45 ,0xf2 ,0x89 ,0x81 ,0x3d ,0xa1 ,0xc6 ,0xaf ,0x73 ,0x9f ,0x52 ,0x19 +,0x07 ,0x86 ,0x7b ,0x58 ,0x73 ,0xb0 ,0x2d ,0x4e ,0x90 ,0xb4 ,0xf3 ,0xbb ,0xde ,0x3b ,0x9f ,0xda +,0x4d ,0x9f ,0xa7 ,0xcd ,0xfa ,0x0a ,0x1f ,0xa6 ,0xa4 ,0x2b ,0x01 ,0x2a ,0x79 ,0x2b ,0xff ,0x13 +,0xe6 ,0xc2 ,0x2e ,0xad ,0xba ,0x85 ,0xab ,0xab ,0x19 ,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 +,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 ,0x14 ,0x65 ,0xac ,0x0c +,0x55 ,0x9c ,0xd9 ,0x59 ,0x8b ,0xbc ,0x77 ,0xdf ,0xb2 ,0xa6 ,0xd2 ,0xb8 ,0xd8 ,0x83 ,0x22 ,0x70 +,0xf1 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x65 ,0xac +,0x0c ,0x55 ,0x9c ,0xd9 ,0x59 ,0x8b ,0xbc ,0x77 ,0xdf ,0xb2 ,0xa6 ,0xd2 ,0xb8 ,0xd8 ,0x83 ,0x22 +,0x70 ,0xf1 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 +,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x54 ,0x2b ,0xfc ,0x3c ,0x1d ,0x22 ,0x61 ,0xae ,0xab +,0xc2 ,0x59 ,0x86 ,0x60 ,0xba ,0x4e ,0x1c ,0xb2 ,0x1c ,0x78 ,0x4e ,0xc7 ,0x26 ,0x97 ,0x36 ,0x1c +,0xe5 ,0xc9 ,0x5b ,0x99 ,0x42 ,0x37 ,0x6b ,0xf8 ,0xf5 ,0xbe ,0xf4 ,0xf3 ,0x6e ,0xbe ,0x4b ,0xad +,0xb7 ,0x75 ,0xeb ,0xcb ,0x5d ,0x5c ,0xf7 ,0xa3 ,0xd0 ,0xfe ,0x93 ,0x41 ,0x7d ,0xde ,0xe7 ,0xd6 +,0x26 ,0x11 ,0x11 ,0xc0 ,0xb9 ,0x21 ,0x39 ,0xc7 ,0xed ,0x29 ,0x96 ,0x57 ,0xa3 ,0x68 ,0x17 ,0xe4 +,0x5c ,0x3e ,0xd4 ,0xe7 ,0x98 ,0xc5 ,0x1c ,0xaf ,0xb7 ,0xc4 ,0x21 ,0xf5 ,0x54 ,0x4e ,0xf3 ,0x37 +,0x22 ,0x75 ,0x2c ,0x44 ,0xac ,0x6b ,0x38 ,0xfe ,0x0e ,0xa6 ,0xeb ,0xf9 ,0xe1 ,0x1e ,0x6f ,0x2f +,0x87 ,0xef ,0x10 ,0xc1 ,0xbd ,0xf3 ,0xe2 ,0x84 ,0xb6 ,0x7e ,0xce ,0x21 ,0x52 ,0x39 ,0xb3 ,0x9e +,0x1f ,0x82 ,0xaf ,0xe4 ,0x78 ,0xbe ,0xc8 ,0x4e ,0xc6 ,0x52 ,0x9b ,0x3c ,0x00 ,0xfe ,0x76 ,0x2f +,0xe3 ,0x37 ,0x7e ,0xc9 ,0x8f ,0x03 ,0x8b ,0x6f ,0xf3 ,0x58 ,0x46 ,0x4d ,0xde ,0x4c ,0x3e ,0x33 +,0x46 ,0x1f ,0xe9 ,0x3d ,0x57 ,0x89 ,0x65 ,0x2f ,0xea ,0x2a ,0x78 ,0x41 ,0x93 ,0xac ,0xcd ,0x03 +,0xf6 ,0x04 ,0x4b ,0x18 ,0x33 ,0xe8 ,0x5b ,0x5b ,0x47 ,0xd0 ,0x6e ,0x3c ,0x8b ,0xa4 ,0x77 ,0xd4 +,0xbe ,0xef ,0xfb ,0x5c ,0x05 ,0x8f ,0x85 ,0x60 ,0x53 ,0x38 ,0x5d ,0x45 ,0x58 ,0x2f ,0xc5 ,0x3b +,0xef ,0x1e ,0x1b ,0x72 ,0x02 ,0xe5 ,0xe0 ,0x86 ,0x06 ,0xb1 ,0x13 ,0xb0 ,0xc0 ,0xde ,0x5e ,0x50 +,0x88 ,0x77 ,0xd8 ,0x47 ,0xef ,0xa8 ,0xd8 ,0x6e ,0xbb ,0x88 ,0xed ,0xe7 ,0x9c ,0x33 ,0x04 ,0xd7 +,0x3b ,0x93 ,0x04 ,0xe2 ,0x78 ,0xfd ,0xe1 ,0xbf ,0x19 ,0x83 ,0x28 ,0x6a ,0xfa ,0x5b ,0x43 ,0x9a +,0x5a ,0x9a ,0x36 ,0x87 ,0x5a ,0x22 ,0x57 }; + +unsigned int multipleDB_auth_len = 3543; diff --git a/libstb/secvar/test/data/multipleKEK.h b/libstb/secvar/test/data/multipleKEK.h new file mode 100644 index 00000000..667153be --- /dev/null +++ b/libstb/secvar/test/data/multipleKEK.h @@ -0,0 +1,225 @@ +unsigned char multipleKEK_auth[] = { +0xe4 ,0x07 ,0x09 ,0x0e ,0x0e ,0x37 ,0x12 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd3 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xb7 ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xa8 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 +,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 +,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 +,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 +,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 +,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 +,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 +,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f +,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e +,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 +,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 +,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 +,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 +,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d +,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea +,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 +,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 +,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 +,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 +,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 +,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb +,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 +,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 +,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e +,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d +,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 +,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f +,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e +,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe +,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 +,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 +,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba +,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 +,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 +,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c +,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba +,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 +,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 +,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 +,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 +,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc +,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc +,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 +,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab +,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 +,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a +,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b +,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 +,0x01 ,0xb1 ,0x30 ,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 +,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 +,0x82 ,0x01 ,0x00 ,0x3d ,0x69 ,0xc6 ,0x7f ,0x96 ,0xd3 ,0x00 ,0x22 ,0x16 ,0x28 ,0x56 ,0xd0 ,0x56 +,0x8d ,0xfe ,0xd2 ,0xed ,0xa0 ,0x36 ,0x05 ,0xb5 ,0xac ,0xd6 ,0xf6 ,0x45 ,0x5a ,0x40 ,0x47 ,0xfb +,0x47 ,0xc2 ,0x71 ,0xaa ,0x5d ,0xc8 ,0x52 ,0xcf ,0x46 ,0x44 ,0xfe ,0x0e ,0x64 ,0x82 ,0xda ,0x3a +,0x23 ,0xaf ,0x79 ,0x90 ,0x2b ,0xcc ,0x3a ,0x66 ,0x29 ,0x8e ,0x78 ,0x0b ,0xdc ,0xdc ,0x06 ,0xa2 +,0xd4 ,0x87 ,0x19 ,0x7a ,0xae ,0x60 ,0xba ,0xaa ,0xa1 ,0xca ,0x34 ,0x4f ,0x1c ,0x84 ,0xf6 ,0x26 +,0xb7 ,0xc1 ,0xe5 ,0xf4 ,0x3d ,0x3c ,0x08 ,0x42 ,0x14 ,0x8a ,0xec ,0xeb ,0x02 ,0x27 ,0x83 ,0x06 +,0x09 ,0x1c ,0xaa ,0x19 ,0x26 ,0xa5 ,0x47 ,0xc9 ,0xaa ,0x28 ,0x08 ,0xea ,0xb2 ,0x0f ,0x9a ,0x2f +,0x06 ,0x8f ,0x68 ,0xea ,0xbe ,0x39 ,0x0d ,0x37 ,0x8c ,0xc5 ,0x42 ,0xc4 ,0xe2 ,0xba ,0x7e ,0xf1 +,0xf6 ,0x76 ,0x28 ,0x8c ,0xf3 ,0x21 ,0x97 ,0x02 ,0xf4 ,0x94 ,0xb6 ,0xc3 ,0xa8 ,0xe2 ,0x2d ,0x4b +,0x30 ,0x05 ,0x6c ,0xd5 ,0x91 ,0xb5 ,0xaa ,0xd2 ,0xff ,0x06 ,0xd9 ,0xde ,0xa9 ,0x04 ,0xad ,0xd5 +,0x02 ,0x83 ,0x12 ,0x5a ,0x0b ,0x8f ,0xf7 ,0xfe ,0x75 ,0x86 ,0xd0 ,0xc0 ,0xb2 ,0xd6 ,0x7d ,0xb9 +,0xa4 ,0xfa ,0x0a ,0xf0 ,0xd3 ,0x28 ,0xe7 ,0x04 ,0x41 ,0x98 ,0x49 ,0x96 ,0xa5 ,0x24 ,0xd0 ,0xc5 +,0x12 ,0xa0 ,0xec ,0xe6 ,0x68 ,0xd7 ,0x71 ,0x52 ,0x7b ,0x09 ,0x06 ,0xe6 ,0xbd ,0xa5 ,0xb4 ,0xc5 +,0x1c ,0x27 ,0x3a ,0xeb ,0xa3 ,0x0c ,0x9b ,0x20 ,0x65 ,0x1c ,0x31 ,0x62 ,0xcf ,0x53 ,0x7f ,0xec +,0xa6 ,0x0a ,0x40 ,0xd7 ,0xab ,0xcf ,0x3c ,0x30 ,0xf3 ,0x36 ,0x03 ,0x53 ,0xff ,0x81 ,0x5d ,0xcd +,0x22 ,0x66 ,0xec ,0x92 ,0x63 ,0xd8 ,0x57 ,0x17 ,0xda ,0x58 ,0xf2 ,0x53 ,0x43 ,0x5e ,0x10 ,0x19 +,0x53 ,0x6e ,0xfb ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 ,0xab ,0x15 ,0x5c +,0x2b ,0xf0 ,0x72 ,0xf8 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0xdc ,0x03 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 +,0x82 ,0x03 ,0xc8 ,0x30 ,0x82 ,0x02 ,0xb0 ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 ,0x00 ,0xb0 +,0x40 ,0xaf ,0x25 ,0xfd ,0xbc ,0xd9 ,0xb1 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 +,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 +,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c +,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c +,0x54 ,0x43 ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b +,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 +,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f +,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x35 +,0x35 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x35 ,0x35 +,0x5a ,0x30 ,0x79 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 +,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 +,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 +,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 +,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0c ,0x30 +,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 +,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e +,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 ,0x22 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 +,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xc1 ,0xeb ,0xb8 +,0xf7 ,0x3f ,0x53 ,0xb6 ,0xa1 ,0x8a ,0x3f ,0xca ,0x99 ,0x56 ,0xbc ,0x3b ,0xdf ,0xbf ,0x70 ,0x0a +,0x78 ,0x5b ,0x06 ,0xc1 ,0xeb ,0xbe ,0x4e ,0xd7 ,0xd9 ,0xe9 ,0x57 ,0x1f ,0xc4 ,0xf4 ,0xe5 ,0x78 +,0xb6 ,0x14 ,0xda ,0x87 ,0x43 ,0x31 ,0xad ,0x6d ,0x9f ,0xae ,0x6c ,0x44 ,0xe3 ,0x12 ,0xe4 ,0xf1 +,0xa4 ,0x81 ,0xf8 ,0x7d ,0x09 ,0x0e ,0xa6 ,0x6a ,0xe1 ,0xf7 ,0xcb ,0xe9 ,0x63 ,0xd6 ,0xd6 ,0x58 +,0x28 ,0x10 ,0xf2 ,0xb9 ,0xcf ,0xd7 ,0x85 ,0x95 ,0x0b ,0x24 ,0x51 ,0xe8 ,0x5a ,0x08 ,0x74 ,0xbc +,0x42 ,0x9b ,0xd6 ,0x84 ,0xcd ,0x5e ,0xe5 ,0x61 ,0x83 ,0x7c ,0x5f ,0x0e ,0x3a ,0x9d ,0x3d ,0x6d +,0x84 ,0xe2 ,0xc0 ,0x26 ,0x64 ,0x35 ,0x80 ,0x6c ,0xb1 ,0x37 ,0x72 ,0x38 ,0x00 ,0xa0 ,0x90 ,0x51 +,0xd3 ,0x64 ,0x01 ,0x62 ,0x70 ,0xf8 ,0xa4 ,0xe4 ,0xc8 ,0x87 ,0x4c ,0xe1 ,0x76 ,0xd7 ,0xe6 ,0xbf +,0xed ,0x08 ,0xba ,0xde ,0x42 ,0x90 ,0x00 ,0xb7 ,0x19 ,0x81 ,0x91 ,0xd0 ,0x18 ,0xcb ,0x03 ,0xe6 +,0xf5 ,0xf9 ,0x31 ,0x2b ,0x56 ,0xc3 ,0x21 ,0x39 ,0x4d ,0x9a ,0x63 ,0x0a ,0xb7 ,0x1c ,0xa9 ,0xdc +,0xce ,0xa9 ,0xc4 ,0xe0 ,0x0a ,0xa4 ,0x53 ,0x8f ,0x78 ,0xd1 ,0xc0 ,0x3f ,0xc2 ,0x8e ,0x8a ,0x37 +,0x52 ,0x42 ,0x60 ,0x97 ,0xb3 ,0x53 ,0xaa ,0xa4 ,0x4f ,0x98 ,0x7e ,0xa5 ,0x2a ,0xe1 ,0x52 ,0xfa +,0x9f ,0xc1 ,0x32 ,0xf7 ,0x15 ,0x12 ,0x62 ,0x6b ,0x5a ,0x4d ,0xfe ,0x22 ,0x8d ,0x88 ,0x87 ,0xfd +,0x83 ,0x2f ,0xaa ,0x1a ,0xb8 ,0xad ,0x3d ,0x4f ,0xdc ,0xe0 ,0x39 ,0x8b ,0x88 ,0xed ,0xc6 ,0xf5 +,0xee ,0x32 ,0xea ,0xd6 ,0x25 ,0xcf ,0x91 ,0x66 ,0x77 ,0x4c ,0xa1 ,0x0c ,0x6a ,0x7b ,0x6e ,0xb2 +,0x72 ,0xa8 ,0xf4 ,0xc7 ,0xeb ,0xa4 ,0x91 ,0xda ,0x5d ,0x14 ,0xf9 ,0x9e ,0xe9 ,0x02 ,0x03 ,0x01 +,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 +,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 ,0x18 ,0x91 ,0x75 ,0xd6 ,0xad ,0xb1 +,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 +,0x80 ,0x14 ,0x78 ,0x48 ,0xa9 ,0x71 ,0x20 ,0x25 ,0xcf ,0x26 ,0xe8 ,0x18 ,0x91 ,0x75 ,0xd6 ,0xad +,0xb1 ,0x5f ,0x7f ,0x6b ,0x7f ,0x6d ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff +,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x7a ,0xc8 ,0xc9 ,0x0e ,0x45 +,0x1c ,0xa6 ,0xce ,0xd5 ,0xdb ,0x9c ,0x5d ,0x95 ,0x8b ,0x8b ,0xbc ,0x90 ,0xca ,0x98 ,0xd1 ,0xe9 +,0x4b ,0xfb ,0xf3 ,0xef ,0x48 ,0xb0 ,0x9e ,0x0d ,0x95 ,0x0f ,0x3a ,0xa0 ,0xb6 ,0x93 ,0x9f ,0xc6 +,0xf7 ,0xca ,0xca ,0xf1 ,0x04 ,0x90 ,0x4d ,0x6b ,0x57 ,0xc1 ,0xe5 ,0x85 ,0xfd ,0x87 ,0x09 ,0xe5 +,0xaf ,0x98 ,0x89 ,0x32 ,0x27 ,0x35 ,0x85 ,0xcf ,0xe1 ,0x1f ,0xaf ,0xc0 ,0x8c ,0x3f ,0x2a ,0xba +,0xa4 ,0xfc ,0xaa ,0x40 ,0x02 ,0x7c ,0x57 ,0xd9 ,0x73 ,0xc6 ,0xc0 ,0x59 ,0xcb ,0x47 ,0x71 ,0x07 +,0x1a ,0xfe ,0x46 ,0xb1 ,0x81 ,0x14 ,0x6b ,0xa5 ,0xeb ,0xe7 ,0x9c ,0x2b ,0x87 ,0xee ,0x72 ,0x96 +,0xe0 ,0xb0 ,0x11 ,0x86 ,0x33 ,0x95 ,0xdf ,0x6e ,0x9c ,0x3f ,0x0f ,0xc1 ,0x46 ,0x8c ,0x53 ,0x12 +,0xf1 ,0xd9 ,0xa8 ,0xee ,0x04 ,0xc5 ,0x71 ,0x52 ,0x22 ,0x13 ,0x0f ,0x91 ,0x0c ,0x73 ,0xca ,0x34 +,0xb1 ,0x36 ,0x5f ,0x8c ,0x2e ,0x0f ,0x3a ,0x04 ,0x42 ,0xfe ,0x45 ,0x82 ,0x29 ,0x56 ,0x5e ,0xe5 +,0x4c ,0xeb ,0x4b ,0xa6 ,0xe5 ,0xe0 ,0x1d ,0x74 ,0xc0 ,0x5a ,0x2f ,0x42 ,0xa5 ,0xf2 ,0x65 ,0xd5 +,0x4d ,0x3b ,0x22 ,0xd2 ,0x96 ,0x42 ,0xcf ,0xbd ,0xd7 ,0x8b ,0x37 ,0x7a ,0xb6 ,0xd9 ,0xd4 ,0xd7 +,0x45 ,0x47 ,0x3b ,0x3c ,0xb3 ,0xd9 ,0x29 ,0x69 ,0x91 ,0x7d ,0x4c ,0x06 ,0xad ,0x6c ,0xea ,0x62 +,0xf1 ,0xf7 ,0xec ,0x67 ,0xae ,0xd5 ,0x43 ,0xd0 ,0xab ,0xb8 ,0xbf ,0xa4 ,0x28 ,0xd4 ,0x75 ,0xd2 +,0x3f ,0x53 ,0x5d ,0xa8 ,0x09 ,0x46 ,0x89 ,0x7f ,0x84 ,0x36 ,0xad ,0x78 ,0x41 ,0x03 ,0xf4 ,0xc4 +,0x43 ,0x43 ,0xdc ,0x52 ,0xc6 ,0xff ,0xab ,0xd6 ,0x8c ,0x7f ,0xc0 ,0xab ,0x67 ,0x5b ,0x0b ,0xa9 +,0x6a ,0xd2 ,0x85 ,0x71 ,0x9f ,0xc2 ,0xf1 ,0x96 ,0xd2 ,0x41 ,0xb0 ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 +,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 ,0xab ,0x15 ,0x5c ,0x2b ,0xf0 ,0x72 ,0xfa ,0x03 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0xde ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x02 ,0xb2 ,0xa0 +,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 ,0x00 ,0xee ,0x9a ,0xcd ,0x6d ,0x46 ,0xac ,0xda ,0xd7 ,0x30 +,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x7a +,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 +,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 +,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c +,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0d ,0x30 ,0x0b ,0x06 ,0x03 +,0x55 ,0x04 ,0x03 ,0x0c ,0x04 ,0x4b ,0x45 ,0x4b ,0x31 ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a +,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 +,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 +,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x38 ,0x34 ,0x38 ,0x30 ,0x39 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 +,0x39 ,0x31 ,0x34 ,0x31 ,0x38 ,0x34 ,0x38 ,0x30 ,0x39 ,0x5a ,0x30 ,0x7a ,0x31 ,0x0b ,0x30 ,0x09 +,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 +,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 +,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 +,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0d ,0x30 ,0x0b ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c +,0x04 ,0x4b ,0x45 ,0x4b ,0x31 ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 +,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xad ,0xd0 ,0x43 ,0x6b ,0x3c ,0xa2 ,0xbd ,0xb8 ,0x30 +,0x26 ,0xa9 ,0x2a ,0xa7 ,0x63 ,0xb6 ,0x59 ,0x27 ,0xfb ,0x28 ,0xd5 ,0x5a ,0x3c ,0x2f ,0x8b ,0x8f +,0x71 ,0xda ,0x2a ,0x15 ,0x30 ,0x3c ,0x07 ,0xd5 ,0x6c ,0x4e ,0xe4 ,0xff ,0x30 ,0x24 ,0x6c ,0x72 +,0x26 ,0xf6 ,0x5b ,0x22 ,0xea ,0x12 ,0x96 ,0xf8 ,0x20 ,0x71 ,0xb5 ,0xa8 ,0x9e ,0xdc ,0xd8 ,0xbf +,0x5c ,0xa3 ,0xd6 ,0x5a ,0xa6 ,0x17 ,0xe3 ,0x91 ,0x92 ,0x31 ,0x25 ,0x1f ,0x36 ,0x76 ,0x21 ,0x15 +,0x04 ,0x4c ,0xdd ,0x77 ,0x09 ,0xd6 ,0xe2 ,0x71 ,0x2e ,0x85 ,0x43 ,0x4d ,0x5e ,0x37 ,0x30 ,0x01 +,0x03 ,0x6b ,0x61 ,0xce ,0x08 ,0xd8 ,0xa9 ,0xaa ,0x6b ,0x24 ,0x41 ,0x64 ,0xd3 ,0x6a ,0x8a ,0xb7 +,0x4f ,0xf4 ,0xaf ,0x92 ,0x6e ,0x39 ,0x35 ,0x6a ,0x5c ,0xeb ,0xbb ,0x91 ,0xff ,0xa3 ,0x28 ,0xee +,0xde ,0x13 ,0xfb ,0x9d ,0xae ,0x6e ,0x00 ,0xb5 ,0x32 ,0xc8 ,0xcf ,0x17 ,0x9a ,0xef ,0x6b ,0xcd +,0x4c ,0x23 ,0xf7 ,0xc6 ,0x00 ,0x87 ,0x66 ,0xac ,0xb6 ,0x41 ,0x07 ,0x97 ,0x14 ,0x9e ,0x48 ,0x1f +,0x74 ,0xde ,0x05 ,0xe4 ,0x46 ,0xc3 ,0xb9 ,0xc3 ,0x72 ,0xeb ,0xca ,0x43 ,0x08 ,0x41 ,0x1f ,0x16 +,0xa8 ,0x3e ,0x5b ,0xd3 ,0x22 ,0xa7 ,0x7f ,0xdf ,0x57 ,0xc0 ,0x7d ,0x52 ,0x2a ,0xfb ,0xcb ,0xbe +,0x78 ,0xfa ,0x8f ,0x71 ,0x08 ,0x7e ,0x41 ,0x8a ,0x0e ,0xe1 ,0x6a ,0x2f ,0x94 ,0xe3 ,0x46 ,0xbc +,0x1b ,0xe9 ,0xd2 ,0x9c ,0x86 ,0x7a ,0xf8 ,0xe6 ,0x0d ,0x27 ,0x53 ,0x94 ,0x08 ,0x21 ,0x72 ,0xb0 +,0x33 ,0x8f ,0xcf ,0x40 ,0xc9 ,0x5e ,0x26 ,0x36 ,0xc2 ,0xcd ,0x41 ,0x7c ,0x58 ,0x25 ,0x7c ,0xed +,0xf2 ,0x73 ,0x34 ,0xb8 ,0xf6 ,0x16 ,0x75 ,0x80 ,0xe7 ,0x63 ,0x91 ,0xe5 ,0x1c ,0x24 ,0x15 ,0xf3 +,0xf5 ,0xca ,0x38 ,0x28 ,0x1e ,0xa5 ,0x0d ,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 +,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 ,0x14 ,0xce ,0x7d ,0xc6 ,0x2c ,0x19 +,0x32 ,0xfe ,0x51 ,0x4a ,0x06 ,0x17 ,0x4b ,0xe7 ,0x8c ,0x2e ,0x30 ,0x35 ,0xf2 ,0xfc ,0xab ,0x30 +,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0xce ,0x7d ,0xc6 ,0x2c +,0x19 ,0x32 ,0xfe ,0x51 ,0x4a ,0x06 ,0x17 ,0x4b ,0xe7 ,0x8c ,0x2e ,0x30 ,0x35 ,0xf2 ,0xfc ,0xab +,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 +,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 +,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x9e ,0x63 ,0xd0 ,0xd8 ,0x70 ,0x78 ,0x42 ,0x2d ,0xc9 ,0xdb ,0xc9 +,0x8d ,0x47 ,0xda ,0x72 ,0x7b ,0xa9 ,0xb2 ,0x26 ,0x67 ,0x98 ,0xb6 ,0x17 ,0xe6 ,0xf3 ,0x0f ,0xd8 +,0xc9 ,0x10 ,0x95 ,0xb0 ,0x99 ,0xee ,0x76 ,0x74 ,0x24 ,0x7f ,0xce ,0x49 ,0x28 ,0x46 ,0xfd ,0x66 +,0x9a ,0x3e ,0x66 ,0x0d ,0xed ,0x6e ,0x54 ,0xc7 ,0xb9 ,0x64 ,0xc3 ,0xb3 ,0xa6 ,0xb8 ,0xb2 ,0x71 +,0xa5 ,0x00 ,0x33 ,0xf4 ,0xed ,0x44 ,0x38 ,0xa1 ,0x28 ,0xcc ,0x88 ,0xe7 ,0xc8 ,0x53 ,0x47 ,0x90 +,0xc2 ,0x37 ,0xe7 ,0xbb ,0x37 ,0x61 ,0x36 ,0x96 ,0x96 ,0x96 ,0x3a ,0xe9 ,0x63 ,0xfc ,0xc2 ,0x98 +,0xc4 ,0x75 ,0x62 ,0x60 ,0xc5 ,0x19 ,0x98 ,0xf0 ,0xd3 ,0x03 ,0xc2 ,0x45 ,0x06 ,0x54 ,0xa3 ,0x75 +,0x29 ,0x92 ,0x91 ,0x1c ,0xef ,0x42 ,0xba ,0x9f ,0x65 ,0x87 ,0xb0 ,0x9a ,0xbb ,0xbf ,0x09 ,0xde +,0xe3 ,0x28 ,0xce ,0xb3 ,0x72 ,0xb0 ,0x64 ,0xec ,0xf3 ,0x3e ,0x64 ,0xe6 ,0x62 ,0x40 ,0xbd ,0x6b +,0x16 ,0xd3 ,0xac ,0x94 ,0x2a ,0x15 ,0x27 ,0xa6 ,0x54 ,0x31 ,0xa9 ,0x05 ,0xae ,0xb5 ,0x72 ,0xe5 +,0x8e ,0x0e ,0x93 ,0xe9 ,0xd6 ,0x67 ,0xd1 ,0xba ,0x86 ,0xa1 ,0x2c ,0x84 ,0x43 ,0xa6 ,0x8b ,0x43 +,0x6f ,0x5f ,0x2c ,0x6c ,0xcc ,0x91 ,0x60 ,0x29 ,0x45 ,0xdf ,0x95 ,0x4e ,0x82 ,0xee ,0xea ,0x1e +,0x5d ,0x34 ,0x5a ,0xc0 ,0x65 ,0x07 ,0x85 ,0x00 ,0x4c ,0x4c ,0x42 ,0x8f ,0x28 ,0x3a ,0x95 ,0xfb +,0x96 ,0xa0 ,0x1c ,0x97 ,0xfc ,0x42 ,0x78 ,0x11 ,0x77 ,0xdf ,0xdf ,0x6c ,0xdc ,0x61 ,0xaf ,0x2a +,0x00 ,0x93 ,0xa6 ,0xca ,0x81 ,0xb4 ,0x9f ,0x3e ,0x9b ,0x61 ,0x89 ,0xdb ,0x36 ,0x1d ,0x99 ,0x4e +,0xbc ,0x50 ,0xcb ,0x55 ,0xbc ,0xe7 ,0x34 ,0x70 ,0xf7 ,0x31 ,0x3a ,0xf2 ,0xca ,0xb2 ,0x83 ,0x1a +,0xb4 ,0xe7 ,0x20 ,0x2d ,0x1a }; + +unsigned int multipleKEK_auth_len = 3541; diff --git a/libstb/secvar/test/data/multiplePK.h b/libstb/secvar/test/data/multiplePK.h new file mode 100644 index 00000000..2ef955db --- /dev/null +++ b/libstb/secvar/test/data/multiplePK.h @@ -0,0 +1,224 @@ +unsigned char multiplePK_auth[] = { +0xe4 ,0x07 ,0x09 ,0x0e ,0x10 ,0x2e ,0x2c ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd3 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xb7 ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xa8 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 +,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 +,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 +,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 +,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 +,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 +,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 +,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f +,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e +,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 +,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 +,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 +,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 +,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d +,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea +,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 +,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 +,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 +,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 +,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 +,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb +,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 +,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 +,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e +,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d +,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 +,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f +,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e +,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe +,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 +,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 +,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba +,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 +,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 +,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c +,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba +,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 +,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 +,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 +,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 +,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc +,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc +,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 +,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab +,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 +,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a +,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b +,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 +,0x01 ,0xb1 ,0x30 ,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 +,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 +,0x82 ,0x01 ,0x00 ,0xa8 ,0xe0 ,0xff ,0x8e ,0x7d ,0x11 ,0x72 ,0x0e ,0x02 ,0xd2 ,0x84 ,0xc6 ,0x3e +,0x82 ,0x80 ,0x99 ,0xc0 ,0xcb ,0xe2 ,0x69 ,0x6e ,0x17 ,0xb5 ,0x20 ,0x34 ,0xd0 ,0x60 ,0x13 ,0x8b +,0xb8 ,0xa3 ,0x89 ,0x79 ,0x9e ,0x0e ,0x95 ,0xb5 ,0xe7 ,0x0e ,0xca ,0x44 ,0x33 ,0x35 ,0xcc ,0x9d +,0x41 ,0x77 ,0xa0 ,0x2a ,0xb6 ,0x7e ,0x45 ,0x2d ,0x4e ,0xcf ,0x87 ,0x6a ,0x5a ,0x36 ,0x50 ,0xfe +,0x21 ,0x8c ,0x6c ,0x86 ,0xe8 ,0xeb ,0x45 ,0xfc ,0x3c ,0x82 ,0x77 ,0x5a ,0x43 ,0x51 ,0xd7 ,0xda +,0x11 ,0xc0 ,0x7b ,0x92 ,0x4a ,0xe5 ,0x9c ,0x97 ,0x50 ,0x12 ,0xf4 ,0x1f ,0xcd ,0x7a ,0x27 ,0xfd +,0x74 ,0x71 ,0xe5 ,0x1b ,0x92 ,0xca ,0x25 ,0x7d ,0xdf ,0x3d ,0x4e ,0xd8 ,0xe5 ,0x5d ,0x04 ,0xb2 +,0x35 ,0x02 ,0x67 ,0x99 ,0xc2 ,0x43 ,0x7b ,0x2b ,0x22 ,0x56 ,0xb5 ,0xa0 ,0x34 ,0xa6 ,0x25 ,0xf6 +,0xde ,0xbd ,0xd6 ,0x4c ,0xcb ,0xa2 ,0x0e ,0xa1 ,0x98 ,0xbb ,0x10 ,0xb8 ,0x51 ,0xe0 ,0xad ,0xeb +,0xf7 ,0xf1 ,0xea ,0x6e ,0x04 ,0xfc ,0xeb ,0x2a ,0x57 ,0x15 ,0x0a ,0x59 ,0x56 ,0xb2 ,0xca ,0xf9 +,0xae ,0x62 ,0x67 ,0x8b ,0x6b ,0xb8 ,0x16 ,0xee ,0x2f ,0xde ,0xba ,0xf1 ,0xcb ,0x8b ,0x5a ,0x67 +,0x91 ,0x8e ,0xe4 ,0x13 ,0xde ,0x7a ,0x48 ,0x23 ,0xa1 ,0x3a ,0x91 ,0x91 ,0x66 ,0x7a ,0xcc ,0xc2 +,0x05 ,0xda ,0x2b ,0x9a ,0x66 ,0x03 ,0x9a ,0x3b ,0xda ,0xcd ,0x54 ,0x0b ,0xb6 ,0x09 ,0x28 ,0x56 +,0x60 ,0x4d ,0x7e ,0x36 ,0x61 ,0x87 ,0x2a ,0x64 ,0xb2 ,0xef ,0x2a ,0x66 ,0x10 ,0xc5 ,0x33 ,0xda +,0x99 ,0x73 ,0x4d ,0x44 ,0xb7 ,0x20 ,0xbb ,0x06 ,0xd6 ,0xa8 ,0x48 ,0x07 ,0xfc ,0xad ,0xdd ,0x46 +,0x0a ,0xf1 ,0xbc ,0xfc ,0x1d ,0xe6 ,0x0e ,0x02 ,0xa3 ,0xa0 ,0x3d ,0xc9 ,0x6e ,0xdb ,0x27 ,0x21 +,0xdf ,0xd7 ,0x1e ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 ,0xab ,0x15 ,0x5c +,0x2b ,0xf0 ,0x72 ,0xf6 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0xda ,0x03 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 +,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 ,0x00 ,0xda +,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 +,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 +,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c +,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c +,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 +,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 +,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d +,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x32 ,0x30 +,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a +,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 +,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 +,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e +,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c +,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 +,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a +,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 +,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x82 ,0x01 ,0x22 ,0x30 ,0x0d +,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 +,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 +,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 ,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 +,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 ,0x9d ,0xac ,0xa1 ,0x6a ,0x52 +,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d ,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd +,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea ,0x69 ,0xbc ,0x24 ,0x2c ,0x1b +,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 ,0x69 ,0x5e ,0x30 ,0xbe ,0x6f +,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 ,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e +,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 ,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 +,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 ,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 +,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 ,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 +,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb ,0xa4 ,0xaf ,0x75 ,0xec ,0x7c +,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 ,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 +,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 ,0x68 ,0x8a ,0x83 ,0xbc ,0x62 +,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e ,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d +,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d ,0x9b ,0x9e ,0x6f ,0x7f ,0x0b +,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 ,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 +,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f ,0x02 ,0x03 ,0x01 ,0x00 ,0x01 +,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 ,0x14 ,0x89 +,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb +,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80 ,0x14 +,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe ,0x7e ,0xee ,0x66 ,0x79 +,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff ,0x04 ,0x05 +,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 +,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba ,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 +,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 ,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 +,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 ,0xd5 ,0x45 ,0xde ,0x89 ,0x99 +,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c ,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 +,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba ,0xeb ,0x6d ,0x53 ,0xde ,0xb2 +,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 ,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 +,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 ,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 +,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 ,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 +,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 ,0xc0 ,0x6f ,0x51 ,0xab ,0x46 +,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc ,0xbe ,0x9d ,0x54 ,0x17 ,0x54 +,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc ,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 +,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 ,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 +,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab ,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 +,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 ,0x5b ,0x61 ,0x5f ,0x63 ,0x16 +,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a ,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 +,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b ,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 +,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 +,0x4a ,0x87 ,0xb5 ,0xab ,0x15 ,0x5c ,0x2b ,0xf0 ,0x72 ,0xf6 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0x00 ,0xda ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 +,0x01 ,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 +,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 +,0x31 ,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 +,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 +,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c +,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c +,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 +,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 +,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d +,0x30 ,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 +,0x01 ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 +,0x00 ,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 +,0xc4 ,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 +,0xa8 ,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b +,0x1d ,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d +,0xea ,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 +,0xd9 ,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 +,0x20 ,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 +,0x32 ,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 +,0x03 ,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 +,0xc1 ,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 +,0xcb ,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 +,0x20 ,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 +,0xb7 ,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c +,0x5e ,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e +,0x2d ,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 +,0xd6 ,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 +,0x7f ,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d +,0x0e ,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 +,0x04 ,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 +,0x2d ,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d +,0x13 ,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a +,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 +,0xba ,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 +,0x51 ,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc +,0xe3 ,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 +,0x9c ,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 +,0xba ,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c +,0xe9 ,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb +,0x38 ,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 +,0x97 ,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 +,0x37 ,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 +,0xbc ,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 +,0xcc ,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 +,0xe6 ,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c +,0xab ,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba +,0x22 ,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c +,0x5a ,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e +,0x9b ,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf }; + +unsigned int multiplePK_auth_len = 3535; diff --git a/libstb/secvar/test/data/noPK.h b/libstb/secvar/test/data/noPK.h new file mode 100644 index 00000000..1f016ca1 --- /dev/null +++ b/libstb/secvar/test/data/noPK.h @@ -0,0 +1,98 @@ +unsigned char noPK_auth[] = +{0xe4 ,0x07 ,0x09 ,0x0e ,0x10 ,0x2a ,0x0c ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 +,0xd3 ,0x05 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 +,0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x05 ,0xb7 ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x05 ,0xa8 ,0x30 ,0x82 ,0x05 ,0xa4 ,0x02 +,0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 +,0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 +,0xa0 ,0x82 ,0x03 ,0xca ,0x30 ,0x82 ,0x03 ,0xc6 ,0x30 ,0x82 ,0x02 ,0xae ,0xa0 ,0x03 ,0x02 ,0x01 +,0x02 ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 ,0xeb ,0x30 ,0x0d ,0x06 ,0x09 +,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 +,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 +,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 +,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 +,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 +,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 +,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d +,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 +,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 ,0x1e ,0x17 ,0x0d ,0x32 ,0x30 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 +,0x35 ,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x17 ,0x0d ,0x32 ,0x31 ,0x30 ,0x39 ,0x31 ,0x34 ,0x31 ,0x35 +,0x35 ,0x30 ,0x32 ,0x30 ,0x5a ,0x30 ,0x78 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 +,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 ,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 +,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 +,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 +,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 +,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f +,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e +,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 ,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x30 +,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 +,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 +,0xaf ,0xca ,0xd3 ,0xaa ,0xb0 ,0xc7 ,0xb5 ,0x2e ,0x3b ,0x12 ,0x27 ,0x68 ,0x2d ,0x90 ,0x17 ,0xc4 +,0x21 ,0x93 ,0x58 ,0x53 ,0xd7 ,0xa6 ,0x2f ,0x40 ,0xfa ,0x37 ,0x8e ,0x7a ,0x85 ,0x5b ,0xd3 ,0xa8 +,0x9d ,0xac ,0xa1 ,0x6a ,0x52 ,0xeb ,0x07 ,0x05 ,0x8c ,0x74 ,0x00 ,0xbe ,0xa6 ,0x54 ,0x1b ,0x1d +,0x73 ,0xa9 ,0x41 ,0x67 ,0xfd ,0xd4 ,0xdb ,0xcd ,0x49 ,0xed ,0x63 ,0x29 ,0x97 ,0xb5 ,0x6d ,0xea +,0x69 ,0xbc ,0x24 ,0x2c ,0x1b ,0x09 ,0x32 ,0x09 ,0x65 ,0x99 ,0xc4 ,0xd0 ,0x76 ,0x9a ,0x07 ,0xd9 +,0x69 ,0x5e ,0x30 ,0xbe ,0x6f ,0x67 ,0x0b ,0xa4 ,0x90 ,0xe0 ,0x3e ,0xd7 ,0xf9 ,0xe8 ,0xb6 ,0x20 +,0xc6 ,0xd8 ,0x4e ,0xfd ,0x7e ,0x3f ,0x6f ,0xf3 ,0x97 ,0x09 ,0x82 ,0xec ,0x81 ,0x53 ,0x10 ,0x32 +,0x8c ,0xa8 ,0xfe ,0xf4 ,0x77 ,0x48 ,0x0d ,0x84 ,0x83 ,0x14 ,0xeb ,0xa4 ,0x75 ,0xaa ,0x30 ,0x03 +,0x3a ,0xa5 ,0x54 ,0x7e ,0xb3 ,0x2e ,0x2b ,0x95 ,0xcf ,0x4d ,0x8c ,0x67 ,0x6d ,0xf1 ,0x48 ,0xc1 +,0x96 ,0x0b ,0xb2 ,0x2d ,0x07 ,0x27 ,0x65 ,0xa3 ,0x3b ,0x96 ,0x76 ,0xc4 ,0xa9 ,0x2c ,0x65 ,0xcb +,0xa4 ,0xaf ,0x75 ,0xec ,0x7c ,0x90 ,0x3a ,0x8e ,0x78 ,0xa6 ,0xa5 ,0x4a ,0x99 ,0x79 ,0x51 ,0x20 +,0x60 ,0x67 ,0x9a ,0xc8 ,0x96 ,0x03 ,0xa1 ,0x98 ,0xfc ,0x88 ,0x24 ,0x50 ,0xaf ,0xb7 ,0x30 ,0xb7 +,0x68 ,0x8a ,0x83 ,0xbc ,0x62 ,0xff ,0x93 ,0x70 ,0xc7 ,0x72 ,0xf3 ,0x95 ,0x48 ,0xf1 ,0x9c ,0x5e +,0x1a ,0x66 ,0x2e ,0xa1 ,0x1d ,0x4a ,0xf7 ,0x9d ,0x04 ,0x52 ,0xdd ,0x19 ,0xfe ,0x1e ,0x4e ,0x2d +,0x9b ,0x9e ,0x6f ,0x7f ,0x0b ,0x93 ,0x0b ,0x3b ,0x08 ,0x81 ,0x68 ,0x9b ,0x0d ,0x45 ,0xf7 ,0xd6 +,0x75 ,0xf7 ,0xb6 ,0xbf ,0xa9 ,0x63 ,0x24 ,0xab ,0x92 ,0x38 ,0x3a ,0xac ,0x04 ,0x69 ,0x14 ,0x7f +,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e +,0x04 ,0x16 ,0x04 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d ,0xfe +,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 +,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0x89 ,0x84 ,0xb5 ,0xcf ,0x3e ,0x9d ,0xde ,0xca ,0x8c ,0xc8 ,0x2d +,0xfe ,0x7e ,0xee ,0x66 ,0x79 ,0xeb ,0x21 ,0xfc ,0xe5 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 +,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 +,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x37 ,0xba +,0x93 ,0xe4 ,0x7e ,0xcd ,0xb2 ,0xa4 ,0xe2 ,0x75 ,0x37 ,0x53 ,0xbc ,0x43 ,0x47 ,0xc9 ,0x94 ,0x51 +,0xa9 ,0x14 ,0x28 ,0x0a ,0xa6 ,0xa1 ,0x90 ,0x0a ,0xbc ,0x50 ,0x67 ,0x85 ,0x47 ,0xb7 ,0xfc ,0xe3 +,0xd5 ,0x45 ,0xde ,0x89 ,0x99 ,0x46 ,0xba ,0xff ,0x32 ,0x45 ,0x70 ,0x22 ,0x84 ,0x9e ,0x35 ,0x9c +,0x0a ,0xea ,0x63 ,0xf5 ,0xc7 ,0x7c ,0xe0 ,0xc1 ,0x9f ,0xb1 ,0xb6 ,0xe0 ,0xc1 ,0x1c ,0xb1 ,0xba +,0xeb ,0x6d ,0x53 ,0xde ,0xb2 ,0xf9 ,0xf8 ,0x4a ,0x2c ,0x48 ,0xf4 ,0x12 ,0xcb ,0x26 ,0x3c ,0xe9 +,0x1c ,0xb1 ,0xd3 ,0x36 ,0x48 ,0xa4 ,0xec ,0x24 ,0x35 ,0xf3 ,0x47 ,0xa9 ,0xf7 ,0xe1 ,0xfb ,0x38 +,0xf0 ,0x23 ,0x46 ,0x02 ,0xf5 ,0x76 ,0xd1 ,0x39 ,0xf9 ,0x58 ,0x50 ,0x5c ,0xe9 ,0x39 ,0xa8 ,0x97 +,0x41 ,0x66 ,0xa0 ,0x8a ,0xb2 ,0xd9 ,0x83 ,0x2d ,0xed ,0xb0 ,0x49 ,0x2b ,0x6a ,0xc4 ,0xd8 ,0x37 +,0xc0 ,0x6f ,0x51 ,0xab ,0x46 ,0x26 ,0x0f ,0x90 ,0x2b ,0x63 ,0xc2 ,0x87 ,0x75 ,0xaa ,0x47 ,0xbc +,0xbe ,0x9d ,0x54 ,0x17 ,0x54 ,0xa0 ,0x7c ,0x1b ,0x58 ,0x82 ,0x3f ,0x44 ,0x0b ,0xc1 ,0xa6 ,0xcc +,0xe2 ,0x53 ,0xde ,0x6e ,0xf7 ,0x52 ,0x0d ,0x83 ,0xb7 ,0x03 ,0xfd ,0xed ,0x4c ,0xc3 ,0x76 ,0xe6 +,0x14 ,0xb9 ,0xc9 ,0x45 ,0xc0 ,0x40 ,0x45 ,0x4a ,0x70 ,0x40 ,0xe6 ,0x1a ,0x10 ,0x76 ,0x0c ,0xab +,0x2b ,0x9e ,0xe9 ,0xfd ,0x29 ,0xcb ,0xf8 ,0xce ,0x11 ,0xf7 ,0x27 ,0x43 ,0xbb ,0xcd ,0xba ,0x22 +,0x5b ,0x61 ,0x5f ,0x63 ,0x16 ,0xb3 ,0x2b ,0x83 ,0x75 ,0x98 ,0x2e ,0xca ,0x0a ,0x9e ,0x8c ,0x5a +,0xd5 ,0x77 ,0xb5 ,0xa2 ,0x74 ,0xeb ,0x94 ,0x4f ,0x8f ,0xf6 ,0xc3 ,0x30 ,0x9c ,0xf4 ,0x6e ,0x9b +,0x5d ,0xd7 ,0x0f ,0x43 ,0x16 ,0xba ,0x5e ,0xa3 ,0xe3 ,0x8b ,0x8f ,0x74 ,0x27 ,0xaf ,0x31 ,0x82 +,0x01 ,0xb1 ,0x30 ,0x82 ,0x01 ,0xad ,0x02 ,0x01 ,0x01 ,0x30 ,0x81 ,0x85 ,0x30 ,0x78 ,0x31 ,0x0b +,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 ,0x06 ,0x13 ,0x02 ,0x55 ,0x53 ,0x31 ,0x0e ,0x30 ,0x0c ,0x06 +,0x03 ,0x55 ,0x04 ,0x08 ,0x0c ,0x05 ,0x54 ,0x65 ,0x78 ,0x61 ,0x73 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 +,0x03 ,0x55 ,0x04 ,0x07 ,0x0c ,0x06 ,0x41 ,0x75 ,0x73 ,0x74 ,0x69 ,0x6e ,0x31 ,0x0c ,0x30 ,0x0a +,0x06 ,0x03 ,0x55 ,0x04 ,0x0a ,0x0c ,0x03 ,0x49 ,0x42 ,0x4d ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 +,0x55 ,0x04 ,0x0b ,0x0c ,0x03 ,0x4c ,0x54 ,0x43 ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 +,0x03 ,0x0c ,0x02 ,0x50 ,0x4b ,0x31 ,0x1f ,0x30 ,0x1d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 +,0x0d ,0x01 ,0x09 ,0x01 ,0x16 ,0x10 ,0x6e ,0x61 ,0x79 ,0x6e ,0x6a ,0x61 ,0x69 ,0x6e ,0x40 ,0x69 +,0x62 ,0x6d ,0x2e ,0x63 ,0x6f ,0x6d ,0x02 ,0x09 ,0x00 ,0xda ,0xf3 ,0xf9 ,0x20 ,0x41 ,0x00 ,0xa8 +,0xeb ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 ,0x00 +,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x04 +,0x82 ,0x01 ,0x00 ,0x2a ,0x4e ,0x6d ,0x12 ,0x30 ,0x78 ,0xe1 ,0x07 ,0x05 ,0xb2 ,0x5d ,0xb1 ,0xc7 +,0xd2 ,0x6b ,0x0e ,0xc4 ,0x83 ,0x26 ,0x5a ,0xcf ,0x2b ,0xcc ,0x98 ,0x01 ,0x5e ,0x7c ,0x6b ,0x7a +,0xc0 ,0x45 ,0xb4 ,0xa9 ,0x87 ,0xe8 ,0x86 ,0x50 ,0x30 ,0x8a ,0x46 ,0x7c ,0x4d ,0xa8 ,0xab ,0x8b +,0x1d ,0x84 ,0x4f ,0x96 ,0x48 ,0xff ,0x96 ,0x6f ,0x05 ,0x51 ,0xbf ,0x20 ,0x17 ,0x29 ,0xa8 ,0xf9 +,0x4e ,0x11 ,0xa9 ,0x0b ,0xd9 ,0x3f ,0x6f ,0x01 ,0xfb ,0xdd ,0xa7 ,0xa4 ,0x03 ,0x2a ,0x51 ,0x96 +,0x81 ,0x2c ,0x02 ,0xae ,0x51 ,0xb2 ,0xd4 ,0x48 ,0x9b ,0x3e ,0xe4 ,0xbc ,0xc0 ,0x7d ,0x11 ,0x71 +,0xd4 ,0xf2 ,0xb9 ,0x2e ,0x86 ,0x42 ,0xac ,0x02 ,0x21 ,0xb9 ,0x23 ,0x85 ,0xb9 ,0x54 ,0xcd ,0x22 +,0x15 ,0x3d ,0x9d ,0x10 ,0x64 ,0xc8 ,0xe3 ,0x7a ,0x25 ,0xb9 ,0x8d ,0xb9 ,0x1e ,0x75 ,0xbc ,0x8b +,0x7e ,0x7b ,0x98 ,0x4c ,0x41 ,0xcc ,0x7f ,0xc2 ,0xfb ,0x15 ,0x89 ,0x9f ,0xbe ,0xb6 ,0xce ,0x07 +,0x42 ,0x27 ,0x66 ,0xaf ,0x55 ,0x15 ,0xa8 ,0xf3 ,0x17 ,0x38 ,0x22 ,0xec ,0xc8 ,0xd6 ,0x4d ,0x76 +,0x0e ,0x98 ,0xdb ,0xef ,0xe1 ,0x22 ,0x74 ,0x45 ,0x30 ,0xa7 ,0x06 ,0x38 ,0xb9 ,0xd9 ,0x3e ,0x32 +,0x8b ,0xa0 ,0x0b ,0x3f ,0x7b ,0xe8 ,0x82 ,0xa9 ,0xc6 ,0x81 ,0xf3 ,0x4e ,0x0d ,0x8d ,0x42 ,0x67 +,0x0e ,0x30 ,0x99 ,0x84 ,0xdb ,0x6c ,0x6d ,0xf6 ,0x4e ,0x63 ,0xa5 ,0xb8 ,0x8e ,0x01 ,0xa9 ,0x4f +,0x47 ,0xf0 ,0x4a ,0x76 ,0x16 ,0xdf ,0xba ,0x90 ,0x5d ,0x8c ,0x91 ,0x6e ,0x26 ,0x06 ,0x4e ,0x8f +,0x73 ,0x39 ,0xdb ,0x88 ,0x4f ,0x02 ,0xe0 ,0xcd ,0x96 ,0x11 ,0x70 ,0x4e ,0x38 ,0x8d ,0xcb ,0xb6 +,0xd1 ,0x90 ,0x2c ,0x2e ,0x9d ,0xff ,0x25 ,0x0c ,0x9d ,0xb9 ,0x10 ,0xe7 ,0x58 ,0x3c ,0x98 ,0xff +,0xbc ,0x2f ,0x19 }; + +unsigned int noPK_auth_len = 1507; diff --git a/libstb/secvar/test/secvar-test-edk2-compat.c b/libstb/secvar/test/secvar-test-edk2-compat.c new file mode 100644 index 00000000..3ec4afdc --- /dev/null +++ b/libstb/secvar/test/secvar-test-edk2-compat.c @@ -0,0 +1,291 @@ +// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +/* Copyright 2020 IBM Corp. */ + +#define MBEDTLS_PKCS7_C +#include "secvar_common_test.c" +#include "../backend/edk2-compat.c" +#include "../backend/edk2-compat-process.c" +#include "../secvar_util.c" +#include "../../crypto/pkcs7/pkcs7.c" +#include "./data/PK.h" +#include "./data/noPK.h" +#include "./data/KEK.h" +#include "./data/invalidkek.h" +#include "./data/malformedkek.h" +#include "./data/db.h" +#include "./data/dbsigneddata.h" +#include "./data/OldTSKEK.h" +#include "./data/multipleKEK.h" +#include "./data/multipleDB.h" +#include "./data/multiplePK.h" +#include "./data/dbx.h" +#include "./data/dbxsha512.h" +#include "./data/dbxmalformed.h" + +int reset_keystore(struct list_head *bank __unused) { return 0; } +int add_hw_key_hash(struct list_head *bank __unused) { return 0; } +int delete_hw_key_hash(struct list_head *bank __unused) { return 0; } +int verify_hw_key_hash(void) { return 0; } + +const char *secvar_test_name = "edk2-compat"; + +int secvar_set_secure_mode(void) { return 0; }; + +int run_test() +{ + int rc = -1; + struct secvar *tmp; + char empty[64] = {0}; + + // Check pre-process creates the empty variables + ASSERT(0 == list_length(&variable_bank)); + rc = edk2_compat_pre_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + tmp = find_secvar("TS", 3, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(64 == tmp->data_size); + ASSERT(!(memcmp(tmp->data, empty, 64))); + + // Add PK to update and .process() + printf("Add PK"); + tmp = new_secvar("PK", 3, PK_auth, PK_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("PK", 3, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->data_size); + ASSERT(PK_auth_len > tmp->data_size); // esl should be smaller without auth + ASSERT(!setup_mode); + + // Add db, should fail with no KEK + printf("Add db"); + tmp = new_secvar("db", 3, DB_auth, DB_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + printf("rc is %d %04x\n", rc, rc); + ASSERT(OPAL_SUCCESS != rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("db", 3, &variable_bank); + ASSERT(NULL != tmp); + + printf("Add KEK"); + + // Add valid KEK, .process(), succeeds + tmp = new_secvar("KEK", 4, KEK_auth, KEK_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->data_size); + + // Add valid KEK, .process(), timestamp check fails + + tmp = new_secvar("KEK", 4, OldTS_KEK_auth, OldTS_KEK_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_PERMISSION == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->data_size); + + // Add db, .process(), should succeed + printf("Add db again\n"); + tmp = new_secvar("db", 3, DB_auth, DB_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("db", 3, &variable_bank); + printf("tmp is %s\n", tmp->key); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->data_size); + + // Add db, .process(), should fail because of timestamp + printf("Add db again\n"); + tmp = new_secvar("db", 3, DB_auth, DB_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_PERMISSION == rc); + + // Add valid sha256 dbx + printf("Add sha256 dbx\n"); + tmp = new_secvar("dbx", 4, dbxauth, dbx_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS == rc); + + // Add invalid KEK, .process(), should fail + printf("Add invalid KEK\n"); + tmp = new_secvar("KEK", 4, InvalidKEK_auth, InvalidKEK_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS != rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->data_size); + + // Add ill formatted KEK, .process(), should fail + printf("Add invalid KEK\n"); + tmp = new_secvar("KEK", 4, MalformedKEK_auth, MalformedKEK_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS != rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->data_size); + + // Add multiple KEK ESLs, one of them should sign the db + printf("Add multiple KEK\n"); + tmp = new_secvar("KEK", 4, multipleKEK_auth, multipleKEK_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->data_size); + + // Add multiple DB ESLs signed with second key of the KEK + printf("Add multiple db\n"); + tmp = new_secvar("db", 3, multipleDB_auth, multipleDB_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("db", 3, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->data_size); + + // Add db with signeddata PKCS7 format. + printf("DB with signed data\n"); + tmp = new_secvar("db", 3, dbsigneddata_auth, dbsigneddata_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS == rc); + + // Delete PK. + printf("Delete PK\n"); + tmp = new_secvar("PK", 3, noPK_auth, noPK_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("PK", 3, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 == tmp->data_size); + ASSERT(setup_mode); + + // Add multiple PK. + printf("Multiple PK\n"); + tmp = new_secvar("PK", 3, multiplePK_auth, multiplePK_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS != rc); + + + printf("Add invalid dbx\n"); + tmp = new_secvar("dbx", 4, wrongdbxauth, wrong_dbx_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS != rc); + + printf("Add sha512 dbx\n"); + tmp = new_secvar("dbx", 4, dbx512, dbx512_auth_len, 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS == rc); + + printf("Add db(cert) as dbx\n"); + tmp = new_secvar("dbx", 4, DB_auth, sizeof(DB_auth), 0); + ASSERT(0 == edk2_compat_validate(tmp)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(&variable_bank, &update_bank); + ASSERT(OPAL_SUCCESS != rc); + + return 0; +} + +int main(void) +{ + int rc; + + list_head_init(&variable_bank); + list_head_init(&update_bank); + + secvar_storage.max_var_size = 4096; + + rc = run_test(); + + clear_bank_list(&variable_bank); + clear_bank_list(&update_bank); + + return rc; +} diff --git a/libstb/secvar/test/secvar_common_test.c b/libstb/secvar/test/secvar_common_test.c index 3bab5cf9..d862dffb 100644 --- a/libstb/secvar/test/secvar_common_test.c +++ b/libstb/secvar/test/secvar_common_test.c @@ -4,6 +4,8 @@ #define SECBOOT_FILE "secboot.img" #define SECBOOT_SIZE 128000 +#define HAVE_LITTLE_ENDIAN 1 + #include #include #include From patchwork Wed Sep 16 16:21:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1365468 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Bs5Fn1ZNGz9sTs for ; Thu, 17 Sep 2020 02:31:25 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=KS13PpEM; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4Bs5Fm51lNzDqX7 for ; Thu, 17 Sep 2020 02:31:24 +1000 (AEST) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=KS13PpEM; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4Bs5323bGkzDqPR for ; Thu, 17 Sep 2020 02:22:06 +1000 (AEST) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08GG3D7g131847 for ; Wed, 16 Sep 2020 12:22:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=5oWbGMBSqtk/bZglE9+rUJwzGdQuyGUvJumSmLCI9EI=; b=KS13PpEMk9sUAvqCwGvJtxklaZq0tF5sq3r1xMFZmC/yC9DG10iWVmGK/3J+jxPeAIiG YdnMcgcyDWlBsNODCDRroawDiIumjcTFT2e5OcAGPPsIc12LiVVqVu3eNKPKMI0RicD+ VBkb5eBdHpvtjLSrVcQ/D9snIpTi/vNUrV/j3AkNNELlWYi3HdwM+NXEDt8fLtp3YZIC W48RTwpjLguwxbiSe8PJFSh9ZxtGSmoYzZBpz5CYCrhIam9/LGQ6RFJLyWZBeHwOU/RZ C1FWkYRK4I7rOyyhyStUBTmfhv/xVmmRKOBFsMVcTQb8mzsFa5oGSwjZe7OxD5W3IUeC TA== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 33knv40f8a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 12:22:01 -0400 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 08GGI9RE017134 for ; Wed, 16 Sep 2020 16:21:58 GMT Received: from b06avi18626390.portsmouth.uk.ibm.com (b06avi18626390.portsmouth.uk.ibm.com [9.149.26.192]) by ppma04ams.nl.ibm.com with ESMTP id 33k5up8us4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 16 Sep 2020 16:21:58 +0000 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 08GGKL9P15073678 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 Sep 2020 16:20:21 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7EDA611C04A; Wed, 16 Sep 2020 16:21:55 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C6B4C11C05B; Wed, 16 Sep 2020 16:21:54 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.109.67]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 16 Sep 2020 16:21:54 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 16 Sep 2020 11:21:31 -0500 Message-Id: <20200916162131.22478-21-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200916162131.22478-1-erichte@linux.ibm.com> References: <20200916162131.22478-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_10:2020-09-16, 2020-09-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 priorityscore=1501 impostorscore=0 lowpriorityscore=0 mlxscore=0 clxscore=1015 mlxlogscore=926 spamscore=0 suspectscore=1 bulkscore=0 adultscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009160116 Subject: [Skiboot] [PATCH v6 20/20] witherspoon: enable secvar for witherspoon platform X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Secure variable support needs to be enabled for each platform, and each platform needs to select which storage and backend drivers to use (or alternatively implement their own). This patch adds secure variable support to the witherspoon platform. Signed-off-by: Eric Richter --- platforms/astbmc/witherspoon.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/platforms/astbmc/witherspoon.c b/platforms/astbmc/witherspoon.c index 39c3f161..a69114cf 100644 --- a/platforms/astbmc/witherspoon.c +++ b/platforms/astbmc/witherspoon.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "astbmc.h" #include "ast.h" @@ -572,6 +573,11 @@ static void witherspoon_finalise_dt(bool is_reboot) } } +static int witherspoon_secvar_init(void) +{ + return secvar_main(secboot_tpm_driver, edk2_compatible_v1); +} + /* The only difference between these is the PCI slot handling */ DECLARE_PLATFORM(witherspoon) = { @@ -594,4 +600,5 @@ DECLARE_PLATFORM(witherspoon) = { .ocapi = &witherspoon_ocapi, .npu2_device_detect = witherspoon_npu2_device_detect, .op_display = op_display_lpc, + .secvar_init = witherspoon_secvar_init, };