From patchwork Thu Jul 8 14:45:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 1502353 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=112.213.38.117; helo=lists.ozlabs.org; envelope-from=slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=kULd47VX; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GLJyN30sbz9sXh for ; Fri, 9 Jul 2021 00:46:20 +1000 (AEST) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4GLJyN29M9z3bXH for ; Fri, 9 Jul 2021 00:46:20 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=kULd47VX; dkim-atps=neutral X-Original-To: slof@lists.ozlabs.org Delivered-To: slof@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=stefanb@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=kULd47VX; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4GLJyD1wgXz30HW for ; Fri, 9 Jul 2021 00:46:11 +1000 (AEST) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 168EXpTc012225; Thu, 8 Jul 2021 10:46:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=CPskhr7HUUfN7rhn7URhUUuxCBKQN5+SFxWcEUrCWzw=; b=kULd47VXcLpGU1sJ9nANAr5knJ5FT4tm6Os5DZrYoH1dUQT9lpjGjiGxkPtmlLpc/r5/ N/oPZMlKjRJJL6XnNPklT5I1TIMNWldF+uNqc1+r6DU0nZc4bvLxza7lBLBq5b7QKoAr aeq6G6AeNtuN5QAC/qXeHHucE21KmSAJKCxJVeYw11EJNj3wVsXwompAxkfQpnTXZCn9 Aye0DcheVvPcUpu7+lP9v2AIptrax4fEgGH+GGsF9uEIdn5uWqdMXiu36GznTYiOvr4k CcWkyffg4Ag3h5qyGVDKO2eL6AiTg/LigotmRLfY4X/3MqTVUYyv5tJaS4U1hwfk8eUe qQ== Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0a-001b2d01.pphosted.com with ESMTP id 39n287ev3f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 08 Jul 2021 10:46:08 -0400 Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 168EhX5t014384; Thu, 8 Jul 2021 14:46:08 GMT Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com [9.57.198.25]) by ppma04dal.us.ibm.com with ESMTP id 39jfhebd4m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 08 Jul 2021 14:46:07 +0000 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 168Ek7Hj12583374 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 8 Jul 2021 14:46:07 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EB89B112070; Thu, 8 Jul 2021 14:46:06 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E8A02112063; Thu, 8 Jul 2021 14:46:06 +0000 (GMT) Received: from localhost.localdomain (unknown [9.47.158.152]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Thu, 8 Jul 2021 14:46:06 +0000 (GMT) From: Stefan Berger To: slof@lists.ozlabs.org Date: Thu, 8 Jul 2021 10:45:55 -0400 Message-Id: <20210708144601.437435-1-stefanb@linux.vnet.ibm.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: G6M5lmPu0GQ2cNLnKWk6P0OVkOjpCXsT X-Proofpoint-ORIG-GUID: G6M5lmPu0GQ2cNLnKWk6P0OVkOjpCXsT X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-08_06:2021-07-08, 2021-07-08 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 impostorscore=0 mlxscore=0 priorityscore=1501 malwarescore=0 suspectscore=0 spamscore=0 phishscore=0 lowpriorityscore=0 mlxlogscore=999 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107080078 Subject: [SLOF] [PATCH v2 0/6] tcgbios: Use the proper hashes for the TPM 2 PCR banks X-BeenThere: slof@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches for https://github.com/aik/SLOF" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefan Berger Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" From: Stefan Berger This PR adds the implementations for sha{1, 384, 512} and makes use of the hash implementation when extending the PCRs of the respective banks rather than always using the sha256 and either truncating the hash or zero-padding it to fit the hash for a PCR bank. Another patch in this series converts the S_CTRM_VERSION string to ucs_2 format (following a long-term TCG contributor) commonly used for this purpose. Test cases for the sha implementations are added in the last patch. They require OpenSSL's -lcrypto on the host since they use its hashing functions for producing comparable results. A test script to run the tests is also added. Regards, Stefan v2: - split out type fix in sha256 documentation into own patch - replace rotr in sha256 implementation with assembly macro - Added test cases needing -lcrypto on host; added test script Stefan Berger (6): tcgbios: Change format of S_CRTM_VERSION string to ucs-2 tcgbios: Use assembly for 32 bit rotr in sha256 tcgbios: Fix a typo in the sha256 algo description tcgbios: Add implementations for sha1, sha384, and sha512 tcgbios: Use The proper sha function for each PCR bank tcgbios: Add test cases and test script to run them lib/libtpm/Makefile | 2 +- lib/libtpm/sha.c | 231 +++++++++++++++++++++++++++ lib/libtpm/{sha256.h => sha.h} | 9 +- lib/libtpm/sha256.c | 43 ++++- lib/libtpm/sha512.c | 281 +++++++++++++++++++++++++++++++++ lib/libtpm/sha_test.h | 53 +++++++ lib/libtpm/tcgbios.c | 89 ++++++++--- lib/libtpm/test.sh | 23 +++ 8 files changed, 702 insertions(+), 29 deletions(-) create mode 100644 lib/libtpm/sha.c rename lib/libtpm/{sha256.h => sha.h} (70%) create mode 100644 lib/libtpm/sha512.c create mode 100644 lib/libtpm/sha_test.h create mode 100755 lib/libtpm/test.sh