From patchwork Mon Jan 20 02:36:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225595 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481G7R1wMvz9sR1 for ; Mon, 20 Jan 2020 13:38:27 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481G7Q621yzDqYB for ; Mon, 20 Jan 2020 13:38:26 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G6369DnzDqY2 for ; Mon, 20 Jan 2020 13:37:12 +1100 (AEDT) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2Wu2X157863 for ; Sun, 19 Jan 2020 21:37:10 -0500 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xkxhwesvs-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:09 -0500 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:07 -0000 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:06 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2b4B252756598 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:37:04 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7BB794C040; Mon, 20 Jan 2020 02:37:04 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9CC934C046; Mon, 20 Jan 2020 02:37:03 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:03 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:36:49 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0008-0000-0000-0000034AE74E X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0009-0000-0000-00004A6B4867 Message-Id: <20200120023700.5373-2-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1011 phishscore=0 lowpriorityscore=0 malwarescore=0 suspectscore=0 priorityscore=1501 bulkscore=0 adultscore=0 mlxscore=0 mlxlogscore=999 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 01/12] crypto: add mbedtls build integration via git submodule X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Secure variable support requires more crypto support than skiboot currently has. Since mbedtls' x509, etc implementations have rather tight dependencies which prevent easy cherry picking (unlike the existing sha512.c), it is easier to integrate and maintain the whole mbedtls library as a submodule. This revised version of the patch now integrates the files from the library directly into skiboot's build system rather than invoking mbedtls' Makefile. This version also removes the previously cherry picked SHA512 files. Signed-off-by: Eric Richter --- .gitmodules | 4 + libstb/Makefile.inc | 6 +- libstb/crypto/Makefile.inc | 44 +++ libstb/crypto/mbedtls | 1 + libstb/crypto/mbedtls-config.h | 99 +++++++ libstb/mbedtls/Makefile.inc | 11 - libstb/mbedtls/sha512.c | 480 --------------------------------- libstb/mbedtls/sha512.h | 141 ---------- 8 files changed, 152 insertions(+), 634 deletions(-) create mode 100644 .gitmodules create mode 100644 libstb/crypto/Makefile.inc create mode 160000 libstb/crypto/mbedtls create mode 100644 libstb/crypto/mbedtls-config.h delete mode 100644 libstb/mbedtls/Makefile.inc delete mode 100644 libstb/mbedtls/sha512.c delete mode 100644 libstb/mbedtls/sha512.h diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..78998dae --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "libstb/crypto/mbedtls"] + path = libstb/crypto/mbedtls + url = https://github.com/ARMmbed/mbedtls + branch = mbedtls-2.16 diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc index d3f68496..1434b3d4 100644 --- a/libstb/Makefile.inc +++ b/libstb/Makefile.inc @@ -9,11 +9,13 @@ LIBSTB_OBJS = $(LIBSTB_SRCS:%.c=%.o) LIBSTB = $(LIBSTB_DIR)/built-in.a include $(SRC)/$(LIBSTB_DIR)/secvar/Makefile.inc -include $(SRC)/$(LIBSTB_DIR)/mbedtls/Makefile.inc include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc +include $(SRC)/$(LIBSTB_DIR)/crypto/Makefile.inc -$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(MBEDTLS) +CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/crypto/mbedtls/include + +$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO) libstb/create-container: libstb/create-container.c libstb/container-utils.c $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \ diff --git a/libstb/crypto/Makefile.inc b/libstb/crypto/Makefile.inc new file mode 100644 index 00000000..82803e0d --- /dev/null +++ b/libstb/crypto/Makefile.inc @@ -0,0 +1,44 @@ +CRYPTO_DIR = $(LIBSTB_DIR)/crypto +MBEDTLS_DIR = $(CRYPTO_DIR)/mbedtls/library + +SUBDIRS += $(CRYPTO_DIR) $(MBEDTLS_DIR) + +# Source file list borrowed from mbedtls/library/Makefile +# Can probably trim disabled files for slightly less noise +MBED_CRYPTO_SRCS = aes.c aesni.c arc4.c +MBED_CRYPTO_SRCS += aria.c asn1parse.c asn1write.c +MBED_CRYPTO_SRCS += base64.c bignum.c blowfish.c +MBED_CRYPTO_SRCS += camellia.c ccm.c chacha20.c +MBED_CRYPTO_SRCS += chachapoly.c cipher.c cipher_wrap.c +MBED_CRYPTO_SRCS += cmac.c ctr_drbg.c des.c +MBED_CRYPTO_SRCS += dhm.c ecdh.c ecdsa.c +MBED_CRYPTO_SRCS += ecjpake.c ecp.c +MBED_CRYPTO_SRCS += ecp_curves.c entropy.c entropy_poll.c +MBED_CRYPTO_SRCS += error.c gcm.c havege.c +MBED_CRYPTO_SRCS += hkdf.c +MBED_CRYPTO_SRCS += hmac_drbg.c md.c md2.c +MBED_CRYPTO_SRCS += md4.c md5.c md_wrap.c +MBED_CRYPTO_SRCS += memory_buffer_alloc.c nist_kw.c +MBED_CRYPTO_SRCS += oid.c padlock.c pem.c +MBED_CRYPTO_SRCS += pk.c pk_wrap.c pkcs12.c +MBED_CRYPTO_SRCS += pkcs5.c pkparse.c pkwrite.c +MBED_CRYPTO_SRCS += platform.c platform_util.c poly1305.c +MBED_CRYPTO_SRCS += ripemd160.c rsa_internal.c rsa.c +MBED_CRYPTO_SRCS += sha1.c sha256.c sha512.c +MBED_CRYPTO_SRCS += threading.c timing.c version.c +MBED_CRYPTO_SRCS += version_features.c xtea.c + +MBED_X509_SRCS = certs.c pkcs11.c x509.c +MBED_X509_SRCS += x509_create.c x509_crl.c x509_crt.c +MBED_X509_SRCS += x509_csr.c x509write_crt.c x509write_csr.c + +CFLAGS_$(MBEDTLS_DIR)/ = -I$(SRC)/$(LIBSTB_DIR)/crypto -DMBEDTLS_CONFIG_FILE='' +CFLAGS_$(MBEDTLS_DIR)/ += -Wno-unused-function -Wno-suggest-attribute=const + +MBEDTLS_SRCS = $(addprefix mbedtls/library/,$(MBED_CRYPTO_SRCS) $(MBED_X509_SRCS)) + +MBEDTLS_OBJS = $(MBEDTLS_SRCS:%.c=%.o) + +CRYPTO = $(CRYPTO_DIR)/built-in.a + +$(CRYPTO): $(MBEDTLS_OBJS:%=$(CRYPTO_DIR)/%) diff --git a/libstb/crypto/mbedtls b/libstb/crypto/mbedtls new file mode 160000 index 00000000..d81c11b8 --- /dev/null +++ b/libstb/crypto/mbedtls @@ -0,0 +1 @@ +Subproject commit d81c11b8ab61fd5b2da8133aa73c5fe33a0633eb diff --git a/libstb/crypto/mbedtls-config.h b/libstb/crypto/mbedtls-config.h new file mode 100644 index 00000000..999a6044 --- /dev/null +++ b/libstb/crypto/mbedtls-config.h @@ -0,0 +1,99 @@ +/** + * \file config-no-entropy.h + * + * \brief Minimal configuration of features that do not require an entropy source + */ +/* + * Copyright (C) 2016, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +/* + * Minimal configuration of features that do not require an entropy source + * Distinguishing reatures: + * - no entropy module + * - no TLS protocol implementation available due to absence of an entropy + * source + * + * See README.txt for usage instructions. + */ + +#ifndef MBEDTLS_CONFIG_H +#define MBEDTLS_CONFIG_H + +/* System support */ +#define MBEDTLS_HAVE_ASM +#define MBEDTLS_HAVE_TIME + +/* mbed TLS feature support */ +//#define MBEDTLS_CIPHER_MODE_CBC +#define MBEDTLS_CIPHER_MODE_CFB +//#define MBEDTLS_CIPHER_PADDING_PKCS7 +//#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES +//#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +//#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +//#define MBEDTLS_ECP_NIST_OPTIM +//#define MBEDTLS_ECDSA_DETERMINISTIC +//#define MBEDTLS_PK_RSA_ALT_SUPPORT +#define MBEDTLS_PKCS1_V15 +//#define MBEDTLS_PKCS1_V21 +//#define MBEDTLS_SELF_TEST +#define MBEDTLS_VERSION_FEATURES +#define MBEDTLS_X509_CHECK_KEY_USAGE +#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE + +/* mbed TLS modules */ +//#define MBEDTLS_AES_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_BASE64_C +#define MBEDTLS_BIGNUM_C +//#define MBEDTLS_CCM_C +//#define MBEDTLS_CIPHER_C +//#define MBEDTLS_ECDSA_C +//#define MBEDTLS_ECP_C +#define MBEDTLS_ERROR_C +//#define MBEDTLS_GCM_C +#define MBEDTLS_MD_C +#define MBEDTLS_OID_C +//#define MBEDTLS_PEM_PARSE_C +#define MBEDTLS_PK_C +#define MBEDTLS_PK_PARSE_C +//#define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PLATFORM_C +#define MBEDTLS_RSA_C +#define MBEDTLS_SHA256_C +#define MBEDTLS_SHA512_C +#define MBEDTLS_X509_USE_C +#define MBEDTLS_X509_CRT_PARSE_C +#define MBEDTLS_X509_CRL_PARSE_C +//#define MBEDTLS_CMAC_C + +/* Settings to reduce/remove warnings */ +#define MBEDTLS_MPI_WINDOW_SIZE 3 // (max/default is 6) Increase for speed, may introduce warnings +#define MBEDTLS_MPI_MAX_SIZE 512 // (default is 1024) increase for more bits in user-MPIs +#define SIZE_MAX 65535 // this might need to be in libc? + +/* Disableable to mitigate warnings */ +//#define MBEDTLS_ASN1_WRITE_C // Expects SIZE_MAX +#define MBEDTLS_VERSION_C // Possible 'const' function +#define MBEDTLS_HMAC_DRBG_C + +/* Miscellaneous options and fixes*/ +//#define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_NO_UDBL_DIVISION // Disabled due to unsupported operation + +#endif /* MBEDTLS_CONFIG_H */ diff --git a/libstb/mbedtls/Makefile.inc b/libstb/mbedtls/Makefile.inc deleted file mode 100644 index deacd26c..00000000 --- a/libstb/mbedtls/Makefile.inc +++ /dev/null @@ -1,11 +0,0 @@ -# -*-Makefile-*- - -MBEDTLS_DIR = libstb/mbedtls - -SUBDIRS += $(MBEDTLS_DIR) - -MBEDTLS_SRCS = sha512.c -MBEDTLS_OBJS = $(MBEDTLS_SRCS:%.c=%.o) -MBEDTLS = $(MBEDTLS_DIR)/built-in.a - -$(MBEDTLS): $(MBEDTLS_OBJS:%=$(MBEDTLS_DIR)/%) diff --git a/libstb/mbedtls/sha512.c b/libstb/mbedtls/sha512.c deleted file mode 100644 index a1337954..00000000 --- a/libstb/mbedtls/sha512.c +++ /dev/null @@ -1,480 +0,0 @@ -/* - * FIPS-180-2 compliant SHA-384/512 implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -/* - * The SHA-512 Secure Hash Standard was published by NIST in 2002. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - */ - -#include "sha512.h" - -#define UL64(x) x - -#include -#include -#define mbedtls_printf printf - -#if !defined(MBEDTLS_SHA512_ALT) - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - -/* - * 64-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT64_BE -#define GET_UINT64_BE(n,b,i) \ -{ \ - (n) = ( (uint64_t) (b)[(i) ] << 56 ) \ - | ( (uint64_t) (b)[(i) + 1] << 48 ) \ - | ( (uint64_t) (b)[(i) + 2] << 40 ) \ - | ( (uint64_t) (b)[(i) + 3] << 32 ) \ - | ( (uint64_t) (b)[(i) + 4] << 24 ) \ - | ( (uint64_t) (b)[(i) + 5] << 16 ) \ - | ( (uint64_t) (b)[(i) + 6] << 8 ) \ - | ( (uint64_t) (b)[(i) + 7] ); \ -} -#endif /* GET_UINT64_BE */ - -#ifndef PUT_UINT64_BE -#define PUT_UINT64_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \ - (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 7] = (unsigned char) ( (n) ); \ -} -#endif /* PUT_UINT64_BE */ - -void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); -} - -void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) -{ - if( ctx == NULL ) - return; - - mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); -} - -void mbedtls_sha512_clone( mbedtls_sha512_context *dst, - const mbedtls_sha512_context *src ) -{ - *dst = *src; -} - -/* - * SHA-512 context setup - */ -void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - - if( is384 == 0 ) - { - /* SHA-512 */ - ctx->state[0] = UL64(0x6A09E667F3BCC908); - ctx->state[1] = UL64(0xBB67AE8584CAA73B); - ctx->state[2] = UL64(0x3C6EF372FE94F82B); - ctx->state[3] = UL64(0xA54FF53A5F1D36F1); - ctx->state[4] = UL64(0x510E527FADE682D1); - ctx->state[5] = UL64(0x9B05688C2B3E6C1F); - ctx->state[6] = UL64(0x1F83D9ABFB41BD6B); - ctx->state[7] = UL64(0x5BE0CD19137E2179); - } - else - { - /* SHA-384 */ - ctx->state[0] = UL64(0xCBBB9D5DC1059ED8); - ctx->state[1] = UL64(0x629A292A367CD507); - ctx->state[2] = UL64(0x9159015A3070DD17); - ctx->state[3] = UL64(0x152FECD8F70E5939); - ctx->state[4] = UL64(0x67332667FFC00B31); - ctx->state[5] = UL64(0x8EB44A8768581511); - ctx->state[6] = UL64(0xDB0C2E0D64F98FA7); - ctx->state[7] = UL64(0x47B5481DBEFA4FA4); - } - - ctx->is384 = is384; -} - -#if !defined(MBEDTLS_SHA512_PROCESS_ALT) - -/* - * Round constants - */ -static const uint64_t K[80] = -{ - UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD), - UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC), - UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019), - UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118), - UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE), - UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2), - UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1), - UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694), - UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3), - UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65), - UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483), - UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5), - UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210), - UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4), - UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725), - UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70), - UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926), - UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF), - UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8), - UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B), - UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001), - UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30), - UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910), - UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8), - UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53), - UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8), - UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB), - UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3), - UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60), - UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC), - UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9), - UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B), - UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207), - UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178), - UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6), - UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B), - UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493), - UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C), - UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A), - UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) -}; - -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) -{ - int i; - uint64_t temp1, temp2, W[80]; - uint64_t A, B, C, D, E, F, G, H; - -#define SHR(x,n) (x >> n) -#define ROTR(x,n) (SHR(x,n) | (x << (64 - n))) - -#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) -#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6)) - -#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) -#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) - -#define F0(x,y,z) ((x & y) | (z & (x | y))) -#define F1(x,y,z) (z ^ (x & (y ^ z))) - -#define P(a,b,c,d,e,f,g,h,x,K) \ -{ \ - temp1 = h + S3(e) + F1(e,f,g) + K + x; \ - temp2 = S2(a) + F0(a,b,c); \ - d += temp1; h = temp1 + temp2; \ -} - - for( i = 0; i < 16; i++ ) - { - GET_UINT64_BE( W[i], data, i << 3 ); - } - - for( ; i < 80; i++ ) - { - W[i] = S1(W[i - 2]) + W[i - 7] + - S0(W[i - 15]) + W[i - 16]; - } - - A = ctx->state[0]; - B = ctx->state[1]; - C = ctx->state[2]; - D = ctx->state[3]; - E = ctx->state[4]; - F = ctx->state[5]; - G = ctx->state[6]; - H = ctx->state[7]; - i = 0; - - do - { - P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++; - P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++; - P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++; - P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++; - P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++; - P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++; - P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++; - P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++; - } - while( i < 80 ); - - ctx->state[0] += A; - ctx->state[1] += B; - ctx->state[2] += C; - ctx->state[3] += D; - ctx->state[4] += E; - ctx->state[5] += F; - ctx->state[6] += G; - ctx->state[7] += H; -} -#endif /* !MBEDTLS_SHA512_PROCESS_ALT */ - -/* - * SHA-512 process buffer - */ -void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, - size_t ilen ) -{ - size_t fill; - unsigned int left; - - if( ilen == 0 ) - return; - - left = (unsigned int) (ctx->total[0] & 0x7F); - fill = 128 - left; - - ctx->total[0] += (uint64_t) ilen; - - if( ctx->total[0] < (uint64_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_sha512_process( ctx, ctx->buffer ); - input += fill; - ilen -= fill; - left = 0; - } - - while( ilen >= 128 ) - { - mbedtls_sha512_process( ctx, input ); - input += 128; - ilen -= 128; - } - - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); -} - -static const unsigned char sha512_padding[128] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * SHA-512 final digest - */ -void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ) -{ - size_t last, padn; - uint64_t high, low; - unsigned char msglen[16]; - - high = ( ctx->total[0] >> 61 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT64_BE( high, msglen, 0 ); - PUT_UINT64_BE( low, msglen, 8 ); - - last = (size_t)( ctx->total[0] & 0x7F ); - padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); - - mbedtls_sha512_update( ctx, sha512_padding, padn ); - mbedtls_sha512_update( ctx, msglen, 16 ); - - PUT_UINT64_BE( ctx->state[0], output, 0 ); - PUT_UINT64_BE( ctx->state[1], output, 8 ); - PUT_UINT64_BE( ctx->state[2], output, 16 ); - PUT_UINT64_BE( ctx->state[3], output, 24 ); - PUT_UINT64_BE( ctx->state[4], output, 32 ); - PUT_UINT64_BE( ctx->state[5], output, 40 ); - - if( ctx->is384 == 0 ) - { - PUT_UINT64_BE( ctx->state[6], output, 48 ); - PUT_UINT64_BE( ctx->state[7], output, 56 ); - } -} - -#endif /* !MBEDTLS_SHA512_ALT */ - -/* - * output = SHA-512( input buffer ) - */ -void mbedtls_sha512( const unsigned char *input, size_t ilen, - unsigned char output[64], int is384 ) -{ - mbedtls_sha512_context ctx; - - mbedtls_sha512_init( &ctx ); - mbedtls_sha512_starts( &ctx, is384 ); - mbedtls_sha512_update( &ctx, input, ilen ); - mbedtls_sha512_finish( &ctx, output ); - mbedtls_sha512_free( &ctx ); -} - -#if defined(MBEDTLS_SELF_TEST) - -/* - * FIPS-180-2 test vectors - */ -static const unsigned char sha512_test_buf[3][113] = -{ - { "abc" }, - { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" }, - { "" } -}; - -static const int sha512_test_buflen[3] = -{ - 3, 112, 1000 -}; - -static const unsigned char sha512_test_sum[6][64] = -{ - /* - * SHA-384 test vectors - */ - { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B, - 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07, - 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63, - 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED, - 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23, - 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 }, - { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8, - 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47, - 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2, - 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12, - 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9, - 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 }, - { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB, - 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C, - 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52, - 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B, - 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB, - 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 }, - - /* - * SHA-512 test vectors - */ - { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, - 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31, - 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2, - 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, - 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8, - 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD, - 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E, - 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F }, - { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA, - 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F, - 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1, - 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18, - 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4, - 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A, - 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54, - 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 }, - { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64, - 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63, - 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28, - 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB, - 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A, - 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B, - 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E, - 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B } -}; - -/* - * Checkup routine - */ -int mbedtls_sha512_self_test( int verbose ) -{ - int i, j, k, buflen, ret = 0; - unsigned char buf[1024]; - unsigned char sha512sum[64]; - mbedtls_sha512_context ctx; - - mbedtls_sha512_init( &ctx ); - - for( i = 0; i < 6; i++ ) - { - j = i % 3; - k = i < 3; - - if( verbose != 0 ) - mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); - - mbedtls_sha512_starts( &ctx, k ); - - if( j == 2 ) - { - memset( buf, 'a', buflen = 1000 ); - - for( j = 0; j < 1000; j++ ) - mbedtls_sha512_update( &ctx, buf, buflen ); - } - else - mbedtls_sha512_update( &ctx, sha512_test_buf[j], - sha512_test_buflen[j] ); - - mbedtls_sha512_finish( &ctx, sha512sum ); - - if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - -exit: - mbedtls_sha512_free( &ctx ); - - return( ret ); -} - -#endif /* MBEDTLS_SELF_TEST */ diff --git a/libstb/mbedtls/sha512.h b/libstb/mbedtls/sha512.h deleted file mode 100644 index 627694f4..00000000 --- a/libstb/mbedtls/sha512.h +++ /dev/null @@ -1,141 +0,0 @@ -/** - * \file sha512.h - * - * \brief SHA-384 and SHA-512 cryptographic hash function - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ -#ifndef MBEDTLS_SHA512_H -#define MBEDTLS_SHA512_H - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include -#include - -#if !defined(MBEDTLS_SHA512_ALT) -// Regular implementation -// - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief SHA-512 context structure - */ -typedef struct -{ - uint64_t total[2]; /*!< number of bytes processed */ - uint64_t state[8]; /*!< intermediate digest state */ - unsigned char buffer[128]; /*!< data block being processed */ - int is384; /*!< 0 => SHA-512, else SHA-384 */ -} -mbedtls_sha512_context; - -/** - * \brief Initialize SHA-512 context - * - * \param ctx SHA-512 context to be initialized - */ -void mbedtls_sha512_init( mbedtls_sha512_context *ctx ); - -/** - * \brief Clear SHA-512 context - * - * \param ctx SHA-512 context to be cleared - */ -void mbedtls_sha512_free( mbedtls_sha512_context *ctx ); - -/** - * \brief Clone (the state of) a SHA-512 context - * - * \param dst The destination context - * \param src The context to be cloned - */ -void mbedtls_sha512_clone( mbedtls_sha512_context *dst, - const mbedtls_sha512_context *src ); - -/** - * \brief SHA-512 context setup - * - * \param ctx context to be initialized - * \param is384 0 = use SHA512, 1 = use SHA384 - */ -void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ); - -/** - * \brief SHA-512 process buffer - * - * \param ctx SHA-512 context - * \param input buffer holding the data - * \param ilen length of the input data - */ -void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, - size_t ilen ); - -/** - * \brief SHA-512 final digest - * - * \param ctx SHA-512 context - * \param output SHA-384/512 checksum result - */ -void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ); - -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_SHA512_ALT */ -#include "sha512_alt.h" -#endif /* MBEDTLS_SHA512_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Output = SHA-512( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output SHA-384/512 checksum result - * \param is384 0 = use SHA512, 1 = use SHA384 - */ -void mbedtls_sha512( const unsigned char *input, size_t ilen, - unsigned char output[64], int is384 ); - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_sha512_self_test( int verbose ); - -/* Internal use */ -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ); - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_sha512.h */ From patchwork Mon Jan 20 02:36:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225596 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481G7m6Kz0z9sPJ for ; Mon, 20 Jan 2020 13:38:44 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481G7m5c1lzDqbm for ; Mon, 20 Jan 2020 13:38:44 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G6428jHzDqXw for ; Mon, 20 Jan 2020 13:37:12 +1100 (AEDT) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2WpYq005179 for ; Sun, 19 Jan 2020 21:37:10 -0500 Received: from e06smtp04.uk.ibm.com (e06smtp04.uk.ibm.com [195.75.94.100]) by mx0b-001b2d01.pphosted.com with ESMTP id 2xmg7gr0r4-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:10 -0500 Received: from localhost by e06smtp04.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:08 -0000 Received: from b06avi18626390.portsmouth.uk.ibm.com (9.149.26.192) by e06smtp04.uk.ibm.com (192.168.101.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:07 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2aFx438470084 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:36:15 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8E1E94C040; Mon, 20 Jan 2020 02:37:05 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BA3464C044; Mon, 20 Jan 2020 02:37:04 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:04 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:36:50 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0016-0000-0000-000002DEE18C X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0017-0000-0000-000033418338 Message-Id: <20200120023700.5373-3-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 spamscore=0 suspectscore=0 clxscore=1015 impostorscore=0 malwarescore=0 priorityscore=1501 lowpriorityscore=0 bulkscore=0 phishscore=0 adultscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 02/12] crypto: add out-of-tree mbedtls pkcs7 parser X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Nayna Jain This patch adds a pkcs7 parser for mbedtls that hasn't yet gone upstream. Once/if that implementation is accepted, this patch can be removed. Signed-off-by: Eric Richter --- libstb/crypto/Makefile.inc | 4 +- libstb/crypto/mbedtls-config.h | 1 + libstb/crypto/pkcs7/Makefile.inc | 12 + libstb/crypto/pkcs7/pkcs7.c | 505 +++++++++++++++++++++++++++++++ libstb/crypto/pkcs7/pkcs7.h | 178 +++++++++++ 5 files changed, 699 insertions(+), 1 deletion(-) create mode 100644 libstb/crypto/pkcs7/Makefile.inc create mode 100644 libstb/crypto/pkcs7/pkcs7.c create mode 100644 libstb/crypto/pkcs7/pkcs7.h diff --git a/libstb/crypto/Makefile.inc b/libstb/crypto/Makefile.inc index 82803e0d..a6d29acc 100644 --- a/libstb/crypto/Makefile.inc +++ b/libstb/crypto/Makefile.inc @@ -39,6 +39,8 @@ MBEDTLS_SRCS = $(addprefix mbedtls/library/,$(MBED_CRYPTO_SRCS) $(MBED_X509_SRCS MBEDTLS_OBJS = $(MBEDTLS_SRCS:%.c=%.o) +include $(CRYPTO_DIR)/pkcs7/Makefile.inc + CRYPTO = $(CRYPTO_DIR)/built-in.a -$(CRYPTO): $(MBEDTLS_OBJS:%=$(CRYPTO_DIR)/%) +$(CRYPTO): $(MBEDTLS_OBJS:%=$(CRYPTO_DIR)/%) $(PKCS7) diff --git a/libstb/crypto/mbedtls-config.h b/libstb/crypto/mbedtls-config.h index 999a6044..711cc2a1 100644 --- a/libstb/crypto/mbedtls-config.h +++ b/libstb/crypto/mbedtls-config.h @@ -72,6 +72,7 @@ //#define MBEDTLS_PEM_PARSE_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PKCS7_USE_C //#define MBEDTLS_PK_WRITE_C #define MBEDTLS_PLATFORM_C #define MBEDTLS_RSA_C diff --git a/libstb/crypto/pkcs7/Makefile.inc b/libstb/crypto/pkcs7/Makefile.inc new file mode 100644 index 00000000..bef339b5 --- /dev/null +++ b/libstb/crypto/pkcs7/Makefile.inc @@ -0,0 +1,12 @@ + +PKCS7_DIR = libstb/crypto/pkcs7 + +SUBDIRS += $(PKCS7_DIR) + +PKCS7_SRCS = pkcs7.c +PKCS7_OBJS = $(PKCS7_SRCS:%.c=%.o) +PKCS7 = $(PKCS7_DIR)/built-in.a + +CFLAGS_$(PKCS7_DIR)/ = -I$(SRC)/$(LIBSTB_DIR)/crypto -DMBEDTLS_CONFIG_FILE='' + +$(PKCS7): $(PKCS7_OBJS:%=$(PKCS7_DIR)/%) diff --git a/libstb/crypto/pkcs7/pkcs7.c b/libstb/crypto/pkcs7/pkcs7.c new file mode 100644 index 00000000..48768517 --- /dev/null +++ b/libstb/crypto/pkcs7/pkcs7.c @@ -0,0 +1,505 @@ +/* Copyright 2019 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif +#if defined(MBEDTLS_PKCS7_USE_C) + +#include "mbedtls/x509.h" +#include "mbedtls/asn1.h" +#include "pkcs7.h" +#include "mbedtls/x509_crt.h" +#include "mbedtls/x509_crl.h" +#include "mbedtls/oid.h" + +#include +#include +#include +#include + +#if defined(MBEDTLS_FS_IO) +#include +#include +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#include "mbedtls/platform_util.h" +#else +#include +#include +#define mbedtls_free free +#define mbedtls_calloc calloc +#define mbedtls_printf printf +#define mbedtls_snprintf snprintf +#endif + +#if defined(MBEDTLS_HAVE_TIME) +#include "mbedtls/platform_time.h" +#endif +#if defined(MBEDTLS_HAVE_TIME_DATE) +#include +#endif + +#if defined(MBEDTLS_FS_IO) +/* + * Load all data from a file into a given buffer. + * + * The file is expected to contain DER encoded data. + * A terminating null byte is always appended. + */ + +int mbedtls_pkcs7_load_file( const char *path, unsigned char **buf, size_t *n ) +{ + FILE *file; + struct stat st; + int rc; + + rc = stat( path, &st ); + if ( rc ) + return( MBEDTLS_ERR_PKCS7_FILE_IO_ERROR); + + if( ( file = fopen( path, "rb" ) ) == NULL ) + return( MBEDTLS_ERR_PKCS7_FILE_IO_ERROR ); + + mbedtls_printf( "file size is %lu\n", st.st_size ); + + *n = (size_t) st.st_size; + + *buf = mbedtls_calloc( 1, *n + 1 ); + if ( *buf == NULL ) + return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED ); + + if( fread( *buf, 1, *n, file ) != *n ) + { + fclose( file ); + + mbedtls_platform_zeroize( *buf, *n + 1 ); + mbedtls_free( *buf ); + + return( MBEDTLS_ERR_PKCS7_FILE_IO_ERROR ); + } + + fclose( file ); + + (*buf)[*n] = '\0'; + + return( 0 ); +} +#endif + +/** + * Initializes the pkcs7 structure. + */ +void mbedtls_pkcs7_init( mbedtls_pkcs7 *pkcs7 ) +{ + memset( pkcs7, 0, sizeof( mbedtls_pkcs7 ) ); +} + + +static int pkcs7_get_next_content_len( unsigned char **p, unsigned char *end, size_t *len ) +{ + int ret; + + if ( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + return ( 0 ); +} + +/** + * version Version + * Version ::= INTEGER + **/ +static int pkcs7_get_version( unsigned char **p, unsigned char *end, int *ver ) +{ + int ret; + + if ( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + return ( 0 ); +} + +/** + * ContentInfo ::= SEQUENCE { + * contentType ContentType, + * content + * [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } + **/ +static int pkcs7_get_content_info_type( unsigned char **p, unsigned char *end, mbedtls_pkcs7_buf *pkcs7 ) +{ + size_t len = 0; + int ret; + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if ( ret ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OID ); + if ( ret ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + pkcs7->tag = MBEDTLS_ASN1_OID; + pkcs7->len = len; + pkcs7->p = *p; + + return ret; +} + +/** + * DigestAlgorithmIdentifier ::= AlgorithmIdentifier + * + * This is from x509.h + **/ +static int pkcs7_get_digest_algorithm( unsigned char **p, unsigned char *end, mbedtls_x509_buf *alg ) +{ + int ret; + + if ( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_ALG + ret ); + + return ( 0 ); +} + +/** + * DigestAlgorithmIdentifiers :: SET of DigestAlgorithmIdentifier + **/ +static int pkcs7_get_digest_algorithm_set( unsigned char **p, unsigned char *end, + mbedtls_x509_buf *alg ) +{ + size_t len = 0; + int ret; + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SET ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + end = *p + len; + + /** For now, it assumes there is only one digest algorithm specified **/ + ret = mbedtls_asn1_get_alg_null( p, end, alg ); + if ( ret ) + return ret; + + return ( 0 ); +} + +/** + * certificates :: SET OF ExtendedCertificateOrCertificate, + * ExtendedCertificateOrCertificate ::= CHOICE { + * certificate Certificate -- x509, + * extendedCertificate[0] IMPLICIT ExtendedCertificate } + **/ +static int pkcs7_get_certificates( unsigned char **buf, size_t buflen, + mbedtls_x509_crt *certs ) +{ + int ret; + + if ( ( ret = mbedtls_x509_crt_parse( certs, *buf, buflen ) ) != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + return ( 0 ); +} + +/** + * EncryptedDigest ::= OCTET STRING + **/ +static int pkcs7_get_signature( unsigned char **p, unsigned char *end, + mbedtls_pkcs7_buf *signature ) +{ + int ret; + size_t len = 0; + + ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + signature->tag = MBEDTLS_ASN1_OCTET_STRING; + signature->len = len; + signature->p = *p; + + return ( 0 ); +} + +/** + * SignerInfo ::= SEQUENCE { + * version Version; + * issuerAndSerialNumber IssuerAndSerialNumber, + * digestAlgorithm DigestAlgorithmIdentifier, + * authenticatedAttributes + * [0] IMPLICIT Attributes OPTIONAL, + * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, + * encryptedDigest EncryptedDigest, + * unauthenticatedAttributes + * [1] IMPLICIT Attributes OPTIONAL, + **/ +static int pkcs7_get_signers_info_set( unsigned char **p, unsigned char *end, + mbedtls_pkcs7_signer_info *signers_set ) +{ + unsigned char *end_set; + int ret; + size_t len = 0; + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SET ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + end_set = *p + len; + + ret = mbedtls_asn1_get_tag( p, end_set, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + ret = mbedtls_asn1_get_int( p, end_set, &signers_set->version ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + ret = mbedtls_asn1_get_tag( p, end_set, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + signers_set->issuer_raw.p = *p; + + ret = mbedtls_asn1_get_tag( p, end_set, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + ret = mbedtls_x509_get_name( p, *p + len, &signers_set->issuer ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + signers_set->issuer_raw.len = *p - signers_set->issuer_raw.p; + + ret = mbedtls_x509_get_serial( p, end_set, &signers_set->serial ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + ret = pkcs7_get_digest_algorithm( p, end_set, + &signers_set->alg_identifier ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + ret = pkcs7_get_digest_algorithm( p, end_set, + &signers_set->sig_alg_identifier ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + ret = pkcs7_get_signature( p, end, &signers_set->sig ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + signers_set->next = NULL; + + return ( 0 ); +} + +/** + * SignedData ::= SEQUENCE { + * version Version, + * digestAlgorithms DigestAlgorithmIdentifiers, + * contentInfo ContentInfo, + * certificates + * [0] IMPLICIT ExtendedCertificatesAndCertificates + * OPTIONAL, + * crls + * [0] IMPLICIT CertificateRevocationLists OPTIONAL, + * signerInfos SignerInfos } + */ +static int pkcs7_get_signed_data( unsigned char *buf, size_t buflen, + mbedtls_pkcs7_signed_data *signed_data ) +{ + unsigned char *p = buf; + unsigned char *end = buf + buflen; + size_t len = 0; + int ret; + + ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + /* Get version of signed data */ + ret = pkcs7_get_version( &p, end, &signed_data->version ); + if ( ret != 0 ) + return ( ret ); + + /* If version != 1, return invalid version */ + if ( signed_data->version != MBEDTLS_PKCS7_SUPPORTED_VERSION ) { + mbedtls_printf("Invalid version\n"); + return ( MBEDTLS_ERR_PKCS7_INVALID_VERSION ); + } + + /* Get digest algorithm */ + ret = pkcs7_get_digest_algorithm_set( &p, end, + &signed_data->digest_alg_identifiers ); + if ( ret != 0 ) { + mbedtls_printf("error getting digest algorithms\n"); + return ( ret ); + } + + if ( signed_data->digest_alg_identifiers.len != strlen( MBEDTLS_OID_DIGEST_ALG_SHA256 ) ) + return ( MBEDTLS_ERR_PKCS7_INVALID_ALG ); + + if ( memcmp( signed_data->digest_alg_identifiers.p, MBEDTLS_OID_DIGEST_ALG_SHA256, + signed_data->digest_alg_identifiers.len ) ) { + mbedtls_fprintf(stdout, "Digest Algorithm other than SHA256 is not supported\n"); + return ( MBEDTLS_ERR_PKCS7_INVALID_ALG ); + } + + /* Do not expect any content */ + ret = pkcs7_get_content_info_type( &p, end, &signed_data->content.oid ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA ); + + if ( memcmp( signed_data->content.oid.p, MBEDTLS_OID_PKCS7_DATA, + signed_data->content.oid.len ) ) { + mbedtls_printf("Invalid PKCS7 data\n"); + return ( MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA ) ; + } + + p = p + signed_data->content.oid.len; + + ret = pkcs7_get_next_content_len( &p, end, &len ); + if ( ret != 0 ) + return ( ret ); + + /* Get certificates */ + mbedtls_x509_crt_init( &signed_data->certs ); + ret = pkcs7_get_certificates( &p, len, &signed_data->certs ); + if ( ret != 0 ) + return ( ret ) ; + + p = p + len; + + /* Get signers info */ + ret = pkcs7_get_signers_info_set( &p, end, &signed_data->signers ); + if ( ret != 0 ) + return ( ret ); + + return ( ret ); +} + +int mbedtls_pkcs7_parse_der( const unsigned char *buf, const int buflen, + mbedtls_pkcs7 *pkcs7 ) +{ + unsigned char *start; + unsigned char *end; + size_t len = 0; + int ret; + + /* use internal buffer for parsing */ + start = ( unsigned char * )buf; + end = start + buflen; + + if (!pkcs7) + return ( MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA ); + + ret = pkcs7_get_content_info_type( &start, end, &pkcs7->content_type_oid ); + if ( ret != 0 ) + goto out; + + if ( ( !memcmp( pkcs7->content_type_oid.p, MBEDTLS_OID_PKCS7_DATA, + pkcs7->content_type_oid.len ) ) + || ( !memcmp( pkcs7->content_type_oid.p, MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, + pkcs7->content_type_oid.len ) ) + || ( !memcmp(pkcs7->content_type_oid.p, MBEDTLS_OID_PKCS7_ENVELOPED_DATA, + pkcs7->content_type_oid.len ) ) + || ( !memcmp(pkcs7->content_type_oid.p, MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, + pkcs7->content_type_oid.len ) ) + || ( !memcmp(pkcs7->content_type_oid.p, MBEDTLS_OID_PKCS7_DIGESTED_DATA, + pkcs7->content_type_oid.len ) ) + || ( !memcmp(pkcs7->content_type_oid.p, MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, + pkcs7->content_type_oid.len ) ) ) { + mbedtls_printf("Unsupported PKCS7 data type\n"); + ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; + goto out; + } + + if ( ( memcmp( pkcs7->content_type_oid.p, MBEDTLS_OID_PKCS7_SIGNED_DATA, + pkcs7->content_type_oid.len ) ) ) { + mbedtls_printf("Invalid PKCS7 data type\n"); + ret = MBEDTLS_ERR_PKCS7_INVALID_ALG; + goto out; + } + mbedtls_printf("Content type is SignedData\n"); + + start = start + pkcs7->content_type_oid.len; + + ret = pkcs7_get_next_content_len( &start, end, &len ); + if ( ret != 0 ) + goto out; + + ret = pkcs7_get_signed_data( start, len, &pkcs7->signed_data ); + if ( ret != 0 ) + goto out; + +out: + return ( ret ); +} + +int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, mbedtls_x509_crt *cert, const unsigned char *data, int datalen ) +{ + + int ret; + unsigned char hash[32]; + mbedtls_pk_context pk_cxt = cert->pk; + const mbedtls_md_info_t *md_info = + mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ); + + mbedtls_md( md_info, data, datalen, hash ); + ret = mbedtls_pk_verify( &pk_cxt, MBEDTLS_MD_SHA256,hash, 32, pkcs7->signed_data.signers.sig.p, pkcs7->signed_data.signers.sig.len ); + + mbedtls_printf("Verification return code is %02x\n", ret); + + return ( ret ); +} + +/* + * Unallocate all pkcs7 data + */ +void mbedtls_pkcs7_free( mbedtls_pkcs7 *pkcs7 ) +{ + mbedtls_x509_name *name_cur; + mbedtls_x509_name *name_prv; + + if (pkcs7 == NULL) + return; + + mbedtls_x509_crt_free( &pkcs7->signed_data.certs ); + mbedtls_x509_crl_free( &pkcs7->signed_data.crl ); + + name_cur = pkcs7->signed_data.signers.issuer.next; + while( name_cur != NULL ) + { + name_prv = name_cur; + name_cur = name_cur->next; + mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); + mbedtls_free( name_prv ); + } +} + +#endif diff --git a/libstb/crypto/pkcs7/pkcs7.h b/libstb/crypto/pkcs7/pkcs7.h new file mode 100644 index 00000000..9fa12996 --- /dev/null +++ b/libstb/crypto/pkcs7/pkcs7.h @@ -0,0 +1,178 @@ +/** + * \file pkcs7.h + * + * \brief PKCS7 generic defines and structures + */ +/* + * Copyright (C) 2019, IBM Corp, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ +#ifndef MBEDTLS_PKCS7_H +#define MBEDTLS_PKCS7_H + +//#if !defined(MBEDTLS_CONFIG_FILE) +//#include "config.h" +//#else +//#include MBEDTLS_CONFIG_FILE +//#endif + +#include "mbedtls/asn1.h" +#include "mbedtls/x509.h" +#include "mbedtls/x509_crt.h" + +/** + * \name PKCS7 Error codes + * \{ + */ +#define MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE -0x7080 /**< Unavailable feature, e.g. anything other than signed data. */ +#define MBEDTLS_ERR_PKCS7_UNKNOWN_OID -0x7100 /**< Requested OID is unknown. */ +#define MBEDTLS_ERR_PKCS7_INVALID_FORMAT -0x7180 /**< The CRT/CRL format is invalid, e.g. different type expected. */ +#define MBEDTLS_ERR_PKCS7_INVALID_VERSION -0x7200 /**< The PKCS7 version element is invalid. */ +#define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x7280 /**< The algorithm tag or value is invalid. */ +#define MBEDTLS_ERR_PKCS7_INVALID_SIG_ALG -0x7300 /**< Signature algorithm (oid) is unsupported. */ +#define MBEDTLS_ERR_PKCS7_SIG_MISMATCH -0x7380 /**< Signature verification fails. (see \c ::mbedtls_x509_crt sig_oid) */ +#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x7400 /**< Input invalid. */ +#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x7480 /**< Allocation of memory failed. */ +#define MBEDTLS_ERR_PKCS7_FILE_IO_ERROR -0x7500 /**< File Read/Write Error */ +/* \} name */ + + +/** + * \name PKCS7 Supported Version + * \{ + */ +#define MBEDTLS_PKCS7_SUPPORTED_VERSION 0x01 +/* \} name */ + + + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Type-length-value structure that allows for ASN1 using DER. + */ +typedef mbedtls_asn1_buf mbedtls_pkcs7_buf; + +/** + * Container for ASN1 named information objects. + * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.). + */ +typedef mbedtls_asn1_named_data mbedtls_pkcs7_name; + +/** + * Container for a sequence of ASN.1 items + */ +typedef mbedtls_asn1_sequence mbedtls_pkcs7_sequence; + +/** + * Structure holding PKCS7 signer info + */ +typedef struct mbedtls_pkcs7_signer_info { + int version; + mbedtls_x509_buf serial; + mbedtls_x509_name issuer; + mbedtls_x509_buf issuer_raw; + mbedtls_x509_buf alg_identifier; + mbedtls_x509_buf sig_alg_identifier; + mbedtls_x509_buf sig; + struct mbedtls_pkcs7_signer_info *next; +} +mbedtls_pkcs7_signer_info; + +/** + * Structure holding attached data as part of PKCS7 signed data format + */ +typedef struct mbedtls_pkcs7_data { + mbedtls_pkcs7_buf oid; + mbedtls_pkcs7_buf data; +} +mbedtls_pkcs7_data; + +/** + * Structure holding the signed data section + */ +typedef struct mbedtls_pkcs7_signed_data { + int version; + mbedtls_pkcs7_buf digest_alg_identifiers; + struct mbedtls_pkcs7_data content; + mbedtls_x509_crt certs; + mbedtls_x509_crl crl; + struct mbedtls_pkcs7_signer_info signers; +} +mbedtls_pkcs7_signed_data; + +/** + * Structure holding PKCS7 structure, only signed data for now + */ +typedef struct mbedtls_pkcs7 { + mbedtls_pkcs7_buf content_type_oid; + struct mbedtls_pkcs7_signed_data signed_data; +} +mbedtls_pkcs7; + +void mbedtls_pkcs7_init( mbedtls_pkcs7 *pkcs7 ); + +int mbedtls_pkcs7_parse_der(const unsigned char *buf, const int buflen, mbedtls_pkcs7 *pkcs7); + +int mbedtls_pkcs7_signed_data_verify(mbedtls_pkcs7 *pkcs7, mbedtls_x509_crt *cert, const unsigned char *data, int datalen); + +int mbedtls_pkcs7_load_file( const char *path, unsigned char **buf, size_t *n ); + +void mbedtls_pkcs7_free( mbedtls_pkcs7 *pkcs7 ); + +#if defined(MBEDTLS_SELF_TEST) + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int mbedtls_x509_self_test( int verbose ); + +#endif /* MBEDTLS_SELF_TEST */ + +#define MBEDTLS_X509_SAFE_SNPRINTF \ + do { \ + if( ret < 0 || (size_t) ret >= n ) \ + return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); \ + \ + n -= (size_t) ret; \ + p += (size_t) ret; \ + } while( 0 ) + +#ifdef __cplusplus +} +#endif + +/* + * PKCS#7 OIDs + */ +#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" /**< pkcs-7 */ + +#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */ +#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */ +#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */ +#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */ +#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */ +#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */ + + + + +#endif /* pkcs7.h */ From patchwork Mon Jan 20 02:36:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225593 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481G6Z0KkDz9sRd for ; Mon, 20 Jan 2020 13:37:42 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481G6W5bF0zDqYV for ; Mon, 20 Jan 2020 13:37:39 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G632hdvzDqXw for ; Mon, 20 Jan 2020 13:37:15 +1100 (AEDT) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2Won3140486 for ; Sun, 19 Jan 2020 21:37:12 -0500 Received: from e06smtp04.uk.ibm.com (e06smtp04.uk.ibm.com [195.75.94.100]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xmgcmqsur-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:12 -0500 Received: from localhost by e06smtp04.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:10 -0000 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp04.uk.ibm.com (192.168.101.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:08 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2b6Td57999390 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:37:06 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8D4EF4C046; Mon, 20 Jan 2020 02:37:06 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D3F0E4C040; Mon, 20 Jan 2020 02:37:05 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:05 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:36:51 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0016-0000-0000-000002DEE18D X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0017-0000-0000-000033418339 Message-Id: <20200120023700.5373-4-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 mlxscore=0 phishscore=0 impostorscore=0 priorityscore=1501 bulkscore=0 adultscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 malwarescore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 03/12] libstb: add ibmtpm20tss library via submodule X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" In order to support upcoming security features within skiboot (such as secure boot and trusted boot), there needs to be an interface between skiboot and a TPM 2.0 device. This patch adds IBM's TSS 2.0 as a submodule, with the intent of replacing the current, barebones TSS implementation within skiboot. Also included are a few minor files containing helper functions or definitions needed to build the TSS. Signed-off-by: Eric Richter --- .gitmodules | 4 ++++ libstb/Makefile.inc | 5 +++- libstb/tss2/Makefile.inc | 39 ++++++++++++++++++++++++++++++++ libstb/tss2/ibmtpm20tss | 1 + libstb/tss2/netinet/in.h | 13 +++++++++++ libstb/tss2/tpm2.c | 38 +++++++++++++++++++++++++++++++ libstb/tss2/tpm2.h | 49 ++++++++++++++++++++++++++++++++++++++++ 7 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 libstb/tss2/Makefile.inc create mode 160000 libstb/tss2/ibmtpm20tss create mode 100644 libstb/tss2/netinet/in.h create mode 100644 libstb/tss2/tpm2.c create mode 100644 libstb/tss2/tpm2.h diff --git a/.gitmodules b/.gitmodules index 78998dae..c4a50464 100644 --- a/.gitmodules +++ b/.gitmodules @@ -2,3 +2,7 @@ path = libstb/crypto/mbedtls url = https://github.com/ARMmbed/mbedtls branch = mbedtls-2.16 +[submodule "libstb/ibmtpm20tss"] + path = libstb/tss2/ibmtpm20tss + url = https://github.com/erichte-ibm/ibmtpm20tss + branch = maurosr/v3-tss-skiboot diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc index 1434b3d4..0b21971f 100644 --- a/libstb/Makefile.inc +++ b/libstb/Makefile.inc @@ -12,10 +12,13 @@ include $(SRC)/$(LIBSTB_DIR)/secvar/Makefile.inc include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc include $(SRC)/$(LIBSTB_DIR)/crypto/Makefile.inc +include $(SRC)/$(LIBSTB_DIR)/tss2/Makefile.inc CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/crypto/mbedtls/include +CPPFLAGS += -I$(SRC)/$(LIBSTB_DIR)/ibmtpm20tss/utils +CFLAGS += -DTPM_NOSOCKET -DTPM_SKIBOOT -$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO) +$(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS) $(SECVAR) $(CRYPTO) $(TSS2) libstb/create-container: libstb/create-container.c libstb/container-utils.c $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \ diff --git a/libstb/tss2/Makefile.inc b/libstb/tss2/Makefile.inc new file mode 100644 index 00000000..b2536faf --- /dev/null +++ b/libstb/tss2/Makefile.inc @@ -0,0 +1,39 @@ +# -*-Makefile-*- + +TSS2_DIR = libstb/tss2 +IBMTSS_DIR = $(TSS2_DIR)/ibmtpm20tss/utils + +SUBDIRS += $(TSS2_DIR) $(IBMTSS_DIR) + +CPPFLAGS += -I$(SRC)/$(TSS2_DIR) +CPPFLAGS += -I$(SRC)/$(IBMTSS_DIR) + +TSS2LIB_SRCS = tss.c tss20.c tssauth.c tssauth20.c tssccattributes.c +#TSS2LIB_SRCS += tsscryptoh.c +TSS2LIB_SRCS += tssmarshal.c tssprint.c tssprintcmd.c tssproperties.c +TSS2LIB_SRCS += tssresponsecode.c tsstransmit.c tssutils.c tssntc.c +TSS2LIB_SRCS += Commands.c CommandAttributeData.c Unmarshal.c +TSS2LIB_SRCS += tssdevskiboot.c + +TSS2_SRCS = $(addprefix ibmtpm20tss/utils/,$(TSS2LIB_SRCS)) +TSS2_SRCS += tpm2.c + +#tsscryptombed.c tsscryptouv.c tssdevuv.c tssuv.c +#tssskiboot.c eventlog.c eventlib.c tpm_nv.c opalcreate.c + +TSS2_OBJS = $(TSS2_SRCS:%.c=%.o) + +CFLAGS_$(TSS2_DIR)/ = -DTPM_POSIX -DTPM_TPM20 -DTPM_SKIBOOT +CFLAGS_$(TSS2_DIR)/ += -DTPM_NOSOCKET +CFLAGS_$(TSS2_DIR)/ += -DTPM_TSS_NOECC -DTPM_TSS_NORSA -DTPM_TSS_NOCRYPTO +CFLAGS_$(TSS2_DIR)/ += -DTPM_TSS_NOFILE -DTPM_TSS_NOENV +CFLAGS_$(TSS2_DIR)/ += -Wstack-usage=4096 -Wframe-larger-than=4096 + +CFLAGS_$(IBMTSS_DIR)/ = $(CFLAGS_$(TSS2_DIR)/) + +CFLAGS_SKIP_$(TSS2_DIR)/ = -Wsuggest-attribute=const +CFLAGS_SKIP_$(IBMTSS_DIR)/ = $(CFLAGS_SKIP_$(TSS2_DIR)/) + +TSS2 = $(TSS2_DIR)/built-in.a + +$(TSS2): $(TSS2_OBJS:%=$(TSS2_DIR)/%) diff --git a/libstb/tss2/ibmtpm20tss b/libstb/tss2/ibmtpm20tss new file mode 160000 index 00000000..3ad7b8b0 --- /dev/null +++ b/libstb/tss2/ibmtpm20tss @@ -0,0 +1 @@ +Subproject commit 3ad7b8b0915888fb5e3012c86063c5cbc50eb3e1 diff --git a/libstb/tss2/netinet/in.h b/libstb/tss2/netinet/in.h new file mode 100644 index 00000000..ecb8a001 --- /dev/null +++ b/libstb/tss2/netinet/in.h @@ -0,0 +1,13 @@ +#ifndef _NETINIT_IN_H +#define _NETINIT_IN_H + +//#pragma message "Implment in.h functions \n" + +#include + +#define htonl(x) cpu_to_be32(x) +#define ntohl(x) be32_to_cpu(x) +#define htons(x) cpu_to_be16(x) +#define ntohs(x) be16_to_cpu(x) + +#endif /* _NETINIT_IN_H */ diff --git a/libstb/tss2/tpm2.c b/libstb/tss2/tpm2.c new file mode 100644 index 00000000..1daa648e --- /dev/null +++ b/libstb/tss2/tpm2.c @@ -0,0 +1,38 @@ +/* Copyright 2013-2016 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include "tpm2.h" + +static struct tpm_dev *tpm_device; +static struct tpm_driver *tpm_driver; + +void tpm2_register(struct tpm_dev *dev, struct tpm_driver *driver) +{ + tpm_device = dev; + tpm_driver = driver; +} + + +struct tpm_dev* tpm2_get_device(void) +{ + return tpm_device; +} + +struct tpm_driver* tpm2_get_driver(void) +{ + return tpm_driver; +} diff --git a/libstb/tss2/tpm2.h b/libstb/tss2/tpm2.h new file mode 100644 index 00000000..d7dd8f30 --- /dev/null +++ b/libstb/tss2/tpm2.h @@ -0,0 +1,49 @@ +/* Copyright 2013-2016 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __TPM2_H +#define __TPM2_H + +#include + +struct tpm_dev { + + /* TPM bus id */ + int bus_id; + + /* TPM address in the bus */ + int i2c_addr; +}; + +struct tpm_driver { + + /* Driver name */ + const char* name; + + /* Transmit the TPM command stored in buf to the tpm device */ + int (*transmit)(struct tpm_dev *dev, uint8_t* buf, size_t cmdlen, + size_t *buflen); + + int (*send)(struct tpm_dev *dev, const uint8_t *buf, uint32_t len); + + int (*receive)(struct tpm_dev *dev, uint8_t *buf, uint32_t *len); +}; + +void tpm2_register(struct tpm_dev *dev, struct tpm_driver *driver); +struct tpm_dev* tpm2_get_device(void); +struct tpm_driver* tpm2_get_driver(void); + +#endif /* __TPM2_H */ From patchwork Mon Jan 20 02:36:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225598 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481G8Z4P8Nz9sR1 for ; Mon, 20 Jan 2020 13:39:26 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481G8Y1MQlzDqb1 for ; Mon, 20 Jan 2020 13:39:25 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G655QB2zDqY2 for ; Mon, 20 Jan 2020 13:37:17 +1100 (AEDT) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2WoVm082292 for ; Sun, 19 Jan 2020 21:37:13 -0500 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xmgbnftgb-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:13 -0500 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:12 -0000 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:09 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2b7Yt31391780 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:37:07 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 815ED4C04E; Mon, 20 Jan 2020 02:37:07 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CB6B14C046; Mon, 20 Jan 2020 02:37:06 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:06 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:36:52 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0020-0000-0000-000003A2314C X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0021-0000-0000-000021F9BA4D Message-Id: <20200120023700.5373-5-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=38 phishscore=0 mlxlogscore=999 spamscore=0 malwarescore=0 lowpriorityscore=0 adultscore=0 mlxscore=0 bulkscore=0 impostorscore=0 clxscore=1015 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 04/12] libstb/tss2: add skiboot wrappers for TSS commands X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" While the TSS does most of the heavy lifting for serialization and deserialization of TSS commands, there is still a little bit of legwork to utilize the library effectively. This patch introduces a set of functions that simplify TPM commands to a single function call that does not depend on any other TPM or TSS-related headers. Signed-off-by: Eric Richter --- libstb/tss2/Makefile.inc | 2 +- libstb/tss2/tssskiboot.c | 527 +++++++++++++++++++++++++++++++++++++++ libstb/tss2/tssskiboot.h | 62 +++++ 3 files changed, 590 insertions(+), 1 deletion(-) create mode 100644 libstb/tss2/tssskiboot.c create mode 100644 libstb/tss2/tssskiboot.h diff --git a/libstb/tss2/Makefile.inc b/libstb/tss2/Makefile.inc index b2536faf..804ba519 100644 --- a/libstb/tss2/Makefile.inc +++ b/libstb/tss2/Makefile.inc @@ -16,7 +16,7 @@ TSS2LIB_SRCS += Commands.c CommandAttributeData.c Unmarshal.c TSS2LIB_SRCS += tssdevskiboot.c TSS2_SRCS = $(addprefix ibmtpm20tss/utils/,$(TSS2LIB_SRCS)) -TSS2_SRCS += tpm2.c +TSS2_SRCS += tpm2.c tssskiboot.c #tsscryptombed.c tsscryptouv.c tssdevuv.c tssuv.c #tssskiboot.c eventlog.c eventlib.c tpm_nv.c opalcreate.c diff --git a/libstb/tss2/tssskiboot.c b/libstb/tss2/tssskiboot.c new file mode 100644 index 00000000..3888e2b6 --- /dev/null +++ b/libstb/tss2/tssskiboot.c @@ -0,0 +1,527 @@ +/********************************************************************************/ +/* */ +/* Skiboot Support Interface */ +/* */ +/* (c) Copyright IBM Corporation 2019 */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +#ifdef __SKIBOOT__ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include "tssproperties.h" +#include "tssskiboot.h" + +static TSS_CONTEXT *context = NULL; + +static TPM_RC get_context(void){ + TPM_RC rc = TPM_RC_SUCCESS; + + if(!context){ + rc = TSS_Create(&context); + if(rc) + return rc; + + context->tpm_device = tpm2_get_device(); + context->tpm_driver = tpm2_get_driver(); + context->tssInterfaceType = "skiboot"; + } + + return rc; +} + +static void traceError(const char *command, TPM_RC rc) +{ + const char *msg; + const char *submsg; + const char *num; + printf("%s: failed, rc %08x\n", command, rc); + TSS_ResponseCode_toString(&msg, &submsg, &num, rc); + printf("%s%s%s\n", msg, submsg, num); +} + + +int TSS_NV_Read_Public(TPMI_RH_NV_INDEX nvIndex) +{ + TPM_RC rc; + + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + unsigned int sessionAttributes1 = 0; + unsigned int sessionAttributes2 = 0; + + NV_ReadPublic_In *in; + NV_ReadPublic_Out *out; + + in = zalloc(sizeof(NV_ReadPublic_In)); + if (!in) + return -1; + out = zalloc(sizeof(NV_ReadPublic_Out)); + if (!out) { + free(in); + return -1; + } + + in->nvIndex = nvIndex; + + rc = get_context(); + if (rc) + goto cleanup; + + rc = TSS_Execute(context, + (RESPONSE_PARAMETERS *) out, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_NV_ReadPublic, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + +cleanup: + free(in); + free(out); + + return rc; +} + + +int TSS_NV_Read(uint32_t nvIndex, void *buf, size_t bufsize, uint64_t off) +{ + int rc; + + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + unsigned int sessionAttributes1 = 0; + unsigned int sessionAttributes2 = 0; + + NV_Read_In *in; + NV_Read_Out *out; + + in = zalloc(sizeof(NV_Read_In)); + if (!in) + return -1; + out = zalloc(sizeof(NV_Read_Out)); + if (!out) { + free(in); + return -1; + } + + in->nvIndex = nvIndex; + in->offset = off; + in->size = bufsize; + in->authHandle = nvIndex; + + rc = get_context(); + if (rc) + goto cleanup; + + // TODO: Wrap this in multiple reads based on NV Buffer Max (1024) + // TODO: Maybe use getcap to make sure. + rc = TSS_Execute(context, + (RESPONSE_PARAMETERS *) out, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_NV_Read, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + + if (!rc) { + if (out->data.b.size < bufsize) + bufsize = out->data.b.size; + memcpy(buf, out->data.b.buffer, bufsize); + } + + if(rc) + traceError("TSS_NV_Read", rc); + +cleanup: + free(in); + free(out); + + return rc; + + +} + + +int TSS_NV_Write(uint32_t nvIndex, void *buf, size_t bufsize, uint64_t off) +{ + int rc; + + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + unsigned int sessionAttributes1 = 0; + unsigned int sessionAttributes2 = 0; + + NV_Write_In *in; + + in = zalloc(sizeof(NV_Write_In)); + if (!in) + return -1; + + in->nvIndex = nvIndex; + in->offset = off; + in->authHandle = nvIndex; + + rc = TSS_TPM2B_Create(&in->data.b, buf, bufsize, sizeof(in->data.t.buffer)); + if (rc) + goto cleanup; + + rc = get_context(); + if (rc) + goto cleanup; + + // TODO: Wrap this in multiple writes based on NV Buffer Max (1024) + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_NV_Write, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + + if (rc) + traceError("TSS_NV_Write", rc); + +cleanup: + free(in); + + return rc; + + +} + + +int TSS_NV_WriteLock(TPMI_RH_NV_INDEX nvIndex) +{ + int rc; + + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + unsigned int sessionAttributes1 = 0; + unsigned int sessionAttributes2 = 0; + + NV_WriteLock_In *in; + + in = zalloc(sizeof(NV_Read_In)); + if (!in) + return -1; + + // TODO: make this an arg probably? + in->authHandle = 'p'; + in->nvIndex = nvIndex; + + rc = get_context(); + if (rc) + goto cleanup; + + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_NV_WriteLock, + sessionHandle0, NULL, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + +cleanup: + free(in); + + return rc; + + +} + + +int TSS_NV_Define_Space(TPMI_RH_NV_INDEX nvIndex, const char hierarchy, + const char hierarchy_authorization, + uint16_t dataSize) +{ + //NOTE(maurosr): we don't care with session values so far + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; + TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; + TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + unsigned int sessionAttributes1 = 0; + unsigned int sessionAttributes2 = 0; + + + TPMA_NV nvAttributes, setAttributes, clearAttributes; + + + TPMI_ALG_HASH nalg = TPM_ALG_SHA256; + char typeChar = 'o'; + const char *nvPassword = NULL, *parentPassword = NULL; + + NV_DefineSpace_In *in = calloc(1, sizeof(NV_DefineSpace_In)); + TPM_RC rc; + + nvAttributes.val = 0; + setAttributes.val = TPMA_NVA_NO_DA; + clearAttributes.val = 0; + + + if(!in) + return 1; + + rc = get_context(); + if(rc) + goto cleanup; + + + switch(hierarchy_authorization){ + case 'o': + nvAttributes.val |= TPMA_NVA_OWNERWRITE | TPMA_NVA_OWNERREAD; + break; + case 'p': + nvAttributes.val |= TPMA_NVA_PPWRITE | TPMA_NVA_PPREAD; + break; + case '\0': + nvAttributes.val |= TPMA_NVA_AUTHWRITE | TPMA_NVA_AUTHREAD; + break; + default: + printf("Invalid value for hierarchy authorization"); + rc = 1; + goto cleanup; + } + switch(hierarchy){ + case 'p': + in->authHandle = TPM_RH_PLATFORM; + nvAttributes.val |= TPMA_NVA_PLATFORMCREATE; + break; + case 'o': + nvAttributes.val |= TPMA_NVA_PLATFORMCREATE; + in->authHandle = TPM_RH_OWNER; + break; + default: + printf("Invalid value for hierarchy"); + rc = 1; + goto cleanup; + } + + + if (typeChar == 'o') + nvAttributes.val |= TPMA_NVA_ORDINARY; + else{ + printf("TypeChar is set to somehing other than 'o', please add code to support that\n"); + rc = 1; + goto cleanup; + } + + /* + * NOTE(maurosr): This should receive proper piece of code for password + * handling when it becomes a parameter for this function. + * Ideally the code in here should just use TSS's parameters handling + * helpers, such helpers don't exist yet, but we should extract them from + * the main function of the binary utils living in TSS code. + * */ + if (nvPassword == NULL) + in->auth.b.size = 0; + else{ + + printf("Password is not NULL, you need to add code for supporting this case. Aborting...\n"); + rc = 1; + goto cleanup; + } + + // Empty policy, support for non-empty should be added + in->publicInfo.nvPublic.authPolicy.t.size = 0; + + in->publicInfo.nvPublic.nvIndex = nvIndex; + // Default alg is SHA256, support for customizing this should be added. + in->publicInfo.nvPublic.nameAlg = nalg; + + /* + * This carries the flags set according to default settings, excepting + * for what is set by this function parameters. Further customization + * will require a different setup for nvAttribute flags as is done in + * TSS's code. + * */ + in->publicInfo.nvPublic.attributes = nvAttributes; + + in->publicInfo.nvPublic.attributes.val |= setAttributes.val; + in->publicInfo.nvPublic.attributes.val &= ~(clearAttributes.val); + + in->publicInfo.nvPublic.dataSize = dataSize; + + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *)in, + NULL, + TPM_CC_NV_DefineSpace, + sessionHandle0, parentPassword, sessionAttributes0, + sessionHandle1, NULL, sessionAttributes1, + sessionHandle2, NULL, sessionAttributes2, + TPM_RH_NULL, NULL, 0); + if(rc) + traceError("TSS_NV_Define_Space", rc); + + +cleanup: + free(in); + return rc? 1: 0 ; +} + +/** + * @brief Extends a PCR using the given hashes and digest + * @param pcrHandle The PCR to be extended + * @param hashes A pointer to an array of hash algorithms, each one + * used to extend its respective PCR bank. + * @param hashes_len The length of hashes array. + * @param digest The digest data. + */ +int TSS_PCR_Extend(TPMI_DH_PCR pcrHandle, TPMI_ALG_HASH *hashes, + uint8_t hashes_len, const char *digest) +{ + PCR_Extend_In *in = calloc(1, sizeof(PCR_Extend_In)); + + uint32_t rc = 1; + + if(!in || (strlen(digest) > sizeof(TPMU_HA)) ) + return 1; + + if(hashes_len >= HASH_COUNT) + goto exit; + + rc = get_context(); + if(rc) + goto exit; + + in->digests.count = hashes_len; + in->pcrHandle = pcrHandle; + for(int i=0; i < hashes_len; i++){ + in->digests.digests[i].hashAlg = hashes[i]; + // memset zeroes first to assure the digest data is zero padded. + memset((uint8_t*) &in->digests.digests[i].digest, 0, sizeof(TPMU_HA)); + memcpy((uint8_t*) &in->digests.digests[i].digest, digest, strlen(digest)); + } + rc = TSS_Execute(context, + NULL, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_PCR_Extend, + TPM_RS_PW, NULL, 0, + TPM_RH_NULL, NULL, 0); + + if (rc != 0){ + traceError("TSS_PCR_Extend", rc); + } + +exit: + free(in); + return rc? 1: 0; +} + +/** + * @brief Reads the PCR content + * @param + */ +int TSS_PCR_Read(TPMI_DH_PCR pcrHandle, TPMI_ALG_HASH *hashes, + uint8_t hashes_len) +{ + TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; + unsigned int sessionAttributes0 = 0; + PCR_Read_Out *out; + PCR_Read_In *in; + uint32_t rc = 1; + + TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); + + if (hashes_len >= HASH_COUNT) + return 1; + + in = calloc(1, sizeof(PCR_Read_In)); + if (!in) + return 1; + + out = calloc(1, sizeof(PCR_Read_Out)); + if (!out) + goto cleanup_in; + + rc = get_context(); + + if (rc) + goto cleanup_all; + + in->pcrSelectionIn.count = hashes_len; + for( int i=0; i < hashes_len; i++){ + in->pcrSelectionIn.pcrSelections[i].hash = hashes[i]; + in->pcrSelectionIn.pcrSelections[i].sizeofSelect = 3; + in->pcrSelectionIn.pcrSelections[i].pcrSelect[0] = 0; + in->pcrSelectionIn.pcrSelections[i].pcrSelect[1] = 0; + in->pcrSelectionIn.pcrSelections[i].pcrSelect[2] = 0; + in->pcrSelectionIn.pcrSelections[i].pcrSelect[pcrHandle/8] = 1 << (pcrHandle % 8); + } + + rc = TSS_Execute(context, + (RESPONSE_PARAMETERS *) out, + (COMMAND_PARAMETERS *) in, + NULL, + TPM_CC_PCR_Read, + sessionHandle0, NULL, sessionAttributes0, + TPM_RH_NULL, NULL, 0); + + if (rc != 0) + traceError("newTSS_PCR_Read", rc); + + +cleanup_all: + free(out); +cleanup_in: + free(in); + return rc? 1: 0; +} +#endif /* __SKIBOOT__ */ diff --git a/libstb/tss2/tssskiboot.h b/libstb/tss2/tssskiboot.h new file mode 100644 index 00000000..b1990130 --- /dev/null +++ b/libstb/tss2/tssskiboot.h @@ -0,0 +1,62 @@ +/********************************************************************************/ +/* */ +/* SKIBOOT Interface */ +/* */ +/* (c) Copyright IBM Corporation 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ +#ifdef __SKIBOOT__ + +#ifndef TSSSKIBOOT_H +#define TSSSKIBOOT_H + +#ifndef TPM_POSIX +#define TPM_POSIX +#endif + +#include "tssproperties.h" + +int TSS_PCR_Read(TPMI_DH_PCR pcrHandle, TPMI_ALG_HASH *hashes, + uint8_t hashes_len); +int TSS_PCR_Extend(TPMI_DH_PCR pcrHandle, TPMI_ALG_HASH *v_hashes, + uint8_t hashes_len, const char *digest); + +int TSS_NV_Read_Public(TPMI_RH_NV_INDEX nvIndex); +int TSS_NV_Read(uint32_t nvIndex, void *buf, size_t bufsize, uint64_t off); +int TSS_NV_Write(uint32_t nvIndex, void *buf, size_t bufsize, uint64_t off); +int TSS_NV_WriteLock(TPMI_RH_NV_INDEX nvIndex); + +int TSS_NV_Define_Space(uint32_t nvIndex, const char hierarchy, + const char hierarchy_authorization, + uint16_t dataSize); + +#endif /* TSSSKIBOOT_H */ +#endif /* __SKIBOOT__ */ From patchwork Mon Jan 20 02:36:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225594 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481G711lxLz9sPJ for ; Mon, 20 Jan 2020 13:38:05 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481G7036rTzDqbW for ; Mon, 20 Jan 2020 13:38:04 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G636GbCzDqY4 for ; Mon, 20 Jan 2020 13:37:15 +1100 (AEDT) Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2WrCJ007242 for ; Sun, 19 Jan 2020 21:37:13 -0500 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xmg5rr3nk-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:13 -0500 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:11 -0000 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:10 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2b8JG51183718 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:37:08 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A19CE4C040; Mon, 20 Jan 2020 02:37:08 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C107E4C044; Mon, 20 Jan 2020 02:37:07 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:07 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:36:53 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0012-0000-0000-0000037EDFB1 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0013-0000-0000-000021BB1B03 Message-Id: <20200120023700.5373-6-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 suspectscore=3 bulkscore=0 phishscore=0 impostorscore=0 priorityscore=1501 mlxscore=0 malwarescore=0 mlxlogscore=640 adultscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 05/12] libstb: Register TPM chip for further use within TSS X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: "Mauro S. M. Rodrigues" TSS will know which device and transmit handler to use through this registration. Signed-off-by: Mauro S. M. Rodrigues Signed-off-by: Eric Richter --- libstb/drivers/tpm_i2c_nuvoton.c | 2 ++ libstb/tpm_chip.h | 19 +------------------ 2 files changed, 3 insertions(+), 18 deletions(-) diff --git a/libstb/drivers/tpm_i2c_nuvoton.c b/libstb/drivers/tpm_i2c_nuvoton.c index 3679ddaf..44a61471 100644 --- a/libstb/drivers/tpm_i2c_nuvoton.c +++ b/libstb/drivers/tpm_i2c_nuvoton.c @@ -10,6 +10,7 @@ #include "tpm_i2c_interface.h" #include "tpm_i2c_nuvoton.h" #include +#include //#define DBG(fmt, ...) prlog(PR_DEBUG, fmt, ##__VA_ARGS__) #define DBG(fmt, ...) @@ -593,6 +594,7 @@ void tpm_i2c_nuvoton_probe(void) free(tpm_device); continue; } + tpm2_register(tpm_device, &tpm_i2c_nuvoton_driver); bus = i2c_find_bus_by_id(tpm_device->bus_id); assert(bus->check_quirk == NULL); bus->check_quirk = nuvoton_tpm_quirk; diff --git a/libstb/tpm_chip.h b/libstb/tpm_chip.h index dede420f..b7d291e8 100644 --- a/libstb/tpm_chip.h +++ b/libstb/tpm_chip.h @@ -8,25 +8,8 @@ #include "tss/tpmLogMgr.H" #include "tss/trustedTypes.H" +#include -struct tpm_dev { - - /* TPM bus id */ - int bus_id; - - /* TPM address in the bus */ - int i2c_addr; -}; - -struct tpm_driver { - - /* Driver name */ - const char* name; - - /* Transmit the TPM command stored in buf to the tpm device */ - int (*transmit)(struct tpm_dev *dev, uint8_t* buf, size_t cmdlen, - size_t *buflen); -}; struct tpm_chip { From patchwork Mon Jan 20 02:36:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225599 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481G8q32XTz9sR1 for ; Mon, 20 Jan 2020 13:39:39 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481G8q2JbmzDqZm for ; Mon, 20 Jan 2020 13:39:39 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G6674KmzDqXw for ; Mon, 20 Jan 2020 13:37:18 +1100 (AEDT) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2WsKT020274 for ; Sun, 19 Jan 2020 21:37:16 -0500 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xmfyx8q8b-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:16 -0500 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:14 -0000 Received: from b06cxnps4076.portsmouth.uk.ibm.com (9.149.109.198) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:11 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2b94O44105744 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:37:09 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 975764C052; Mon, 20 Jan 2020 02:37:09 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DF3A34C044; Mon, 20 Jan 2020 02:37:08 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:08 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:36:54 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0012-0000-0000-0000037EDFB3 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0013-0000-0000-000021BB1B04 Message-Id: <20200120023700.5373-7-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 bulkscore=0 impostorscore=0 lowpriorityscore=0 suspectscore=1 mlxlogscore=999 clxscore=1015 mlxscore=0 spamscore=0 phishscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 06/12] secvar_tpmnv: add high-level tpm nv index abstraction for secvar X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Multiple components, like the storage driver or backend driver, may need to store information in the one TPM NV index assigned for secure boot. This abstraction provides a method for these components to share the index space without stomping on each other's data, and without them needing to understand anything about the other. This is probably an overengineered solution to the problem, but the intent is to keep the drivers as independent from one another as possible. NOTE: This version of the patch now includes the ability to switch between a "Fake TPMNV" mode simulated using PNOR, and use of an actual TPM. The simulated mode exists for unit test and review purposes on machines without a TPM. It is not intended for production use. Signed-off-by: Eric Richter --- libstb/secvar/Makefile.inc | 3 +- libstb/secvar/secvar_tpmnv.c | 265 +++++++++++++++++++++++++++++++++++ libstb/secvar/secvar_tpmnv.h | 16 +++ 3 files changed, 282 insertions(+), 2 deletions(-) create mode 100644 libstb/secvar/secvar_tpmnv.c create mode 100644 libstb/secvar/secvar_tpmnv.h diff --git a/libstb/secvar/Makefile.inc b/libstb/secvar/Makefile.inc index f4b196d9..1d68941e 100644 --- a/libstb/secvar/Makefile.inc +++ b/libstb/secvar/Makefile.inc @@ -8,8 +8,7 @@ SUBDIRS += $(SECVAR_DIR) include $(SECVAR_DIR)/storage/Makefile.inc include $(SECVAR_DIR)/backend/Makefile.inc -SECVAR_SRCS = secvar_main.c secvar_util.c secvar_devtree.c -SECVAR_SRCS = secvar_main.c secvar_util.c secvar_devtree.c secvar_api.c +SECVAR_SRCS = secvar_main.c secvar_util.c secvar_devtree.c secvar_api.c secvar_tpmnv.c SECVAR_OBJS = $(SECVAR_SRCS:%.c=%.o) SECVAR = $(SECVAR_DIR)/built-in.a diff --git a/libstb/secvar/secvar_tpmnv.c b/libstb/secvar/secvar_tpmnv.c new file mode 100644 index 00000000..2944ece4 --- /dev/null +++ b/libstb/secvar/secvar_tpmnv.c @@ -0,0 +1,265 @@ +// SPDX-License-Identifier: Apache-2.0 +/* Copyright 2019 IBM Corp. */ +#ifndef pr_fmt +#define pr_fmt(fmt) "SECVAR_TPMNV: " fmt +#endif + +#include +#include +#include +#include +#include "secvar_tpmnv.h" + +#define TPM_SECVAR_NV_INDEX 0x01c10191 +#define TPM_SECVAR_MAGIC_NUM 0x53544e56 + +struct tpm_nv_id { + uint32_t id; + uint32_t size; + char data[0]; +} __packed; + +struct tpm_nv { + uint32_t magic_num; + uint32_t version; + struct tpm_nv_id vars[0]; +} __packed; + +int tpm_ready = 0; +int tpm_error = 0; +int tpm_first_init = 0; +struct tpm_nv *tpm_image; +size_t tpm_nv_size = 0; + +// Values set by a platform to enable TPMNV simulation mode +// NOT INTENDED FOR PRODUCTION USE +int tpm_fake_nv = 0; // Use fake NV mode using pnor +uint64_t tpm_fake_nv_offset = 0; // Offset into SECBOOT pnor to use +uint64_t tpm_fake_nv_max_size = 0; + +static int TSS_Fake_Read(uint32_t nvIndex, void *buf, size_t bufsize, uint64_t off) +{ + (void) nvIndex; + (void) off; + return platform.secboot_read(buf, tpm_fake_nv_offset, bufsize); +} + +static int TSS_Fake_Write(uint32_t nvIndex, void *buf, size_t bufsize, uint64_t off) +{ + (void) nvIndex; + (void) off; + return platform.secboot_write(tpm_fake_nv_offset, buf, bufsize); +} + +static int TSS_Fake_Define_Space(uint32_t nvIndex, const char hierarchy, + const char hierarchy_authorization, + uint16_t dataSize) +{ + (void) nvIndex; + (void) hierarchy; + (void) hierarchy_authorization; + (void) dataSize; + return 0; +} + +struct tpmnv_ops_s { + int (*tss_nv_read)(uint32_t, void*, size_t, uint64_t); + int (*tss_nv_write)(uint32_t, void*, size_t, uint64_t); + int (*tss_nv_define_space)(uint32_t, const char, const char, uint16_t); +}; + +struct tpmnv_ops_s TSS_tpmnv_ops = { + .tss_nv_read = TSS_NV_Read, + .tss_nv_write = TSS_NV_Write, + .tss_nv_define_space = TSS_NV_Define_Space, +}; + +struct tpmnv_ops_s Fake_tpmnv_ops = { + .tss_nv_read = TSS_Fake_Read, + .tss_nv_write = TSS_Fake_Write, + .tss_nv_define_space = TSS_Fake_Define_Space, +}; + +struct tpmnv_ops_s *tpmnv_ops = &TSS_tpmnv_ops; + +// This function should be replaced with logic that performs the initial +// TPM NV Index definition, and any first-write logic +static int secvar_tpmnv_format(void) +{ + int rc; + + memset(tpm_image, 0, sizeof(tpm_nv_size)); + + // TODO: Determine the proper auths + rc = tpmnv_ops->tss_nv_define_space(TPM_SECVAR_NV_INDEX, 'p', 'p', tpm_nv_size); + if (rc) { + prlog(PR_INFO, "Failed to define NV index, rc = %d\n", rc); + return rc; + } + + tpm_image->magic_num = TPM_SECVAR_MAGIC_NUM; + tpm_image->version = 1; + + tpm_first_init = 1; + + return tpmnv_ops->tss_nv_write(TPM_SECVAR_NV_INDEX, tpm_image, tpm_nv_size, 0); +} + + +static int secvar_tpmnv_init(void) +{ + int rc; + + if (tpm_ready) + return OPAL_SUCCESS; + if (tpm_error) + return OPAL_HARDWARE; + + prlog(PR_INFO, "Initializing TPMNV space...\n"); + + // Check here if TPM NV Index is defined + // if not, call secvar_tpmnv_format() here + + // Using the minimum defined by the spec for now + // This value should probably be determined by tss_get_capatibility + tpm_nv_size = 1024; + + tpm_image = malloc(tpm_nv_size); + if (!tpm_image) { + tpm_error = 1; + return OPAL_NO_MEM; + } + + if (tpm_fake_nv) { + prlog(PR_INFO, "Enabling fake TPM NV mode\n"); + tpmnv_ops = &Fake_tpmnv_ops; + } + + prlog(PR_INFO, "Reading in from TPM NV...\n"); + rc = tpmnv_ops->tss_nv_read(TPM_SECVAR_NV_INDEX, tpm_image, tpm_nv_size, 0); + if (rc) { + prlog(PR_INFO, "Failed to read from NV index, rc = %d\n", rc); + tpm_error = 1; + return OPAL_HARDWARE; + } + + if (tpm_image->magic_num != TPM_SECVAR_MAGIC_NUM) { + prlog(PR_INFO, "Magic num mismatch, reformatting NV space...\n"); + rc = secvar_tpmnv_format(); + if (rc) { + prlog(PR_INFO, "Failed to format tpmnv space, rc = %d\n", rc); + tpm_error = 1; + return OPAL_HARDWARE; + } + } + prlog(PR_INFO, "TPMNV space initialized successfully\n"); + tpm_ready = 1; + + return OPAL_SUCCESS; +} + + +static struct tpm_nv_id *find_tpmnv_id(uint32_t id) +{ + struct tpm_nv_id *tmp; + char *cur, *end; + + cur = (char *) tpm_image->vars; + end = ((char *) tpm_image) + tpm_nv_size; + while (cur < end) { + tmp = (struct tpm_nv_id *) cur; + if (tmp->id == 0) + return NULL; + if (tmp->id == id) + return tmp; + cur += sizeof(struct tpm_nv_id) + tmp->size; + } + + return NULL; +} + + +// "Allocate" space within the secvar tpm +int secvar_tpmnv_alloc(uint32_t id, int32_t size) +{ + struct tpm_nv_id *tmp; + char *cur; + char *end; + + if (secvar_tpmnv_init()) + return OPAL_RESOURCE; + + cur = (char *) tpm_image->vars; + end = ((char *) tpm_image) + tpm_nv_size; + while (cur < end) { + tmp = (struct tpm_nv_id *) cur; + if (tmp->id == 0) + goto allocate; + if (tmp->id == id) + return OPAL_SUCCESS; // Already allocated + + cur += sizeof(struct tpm_nv_id) + tmp->size; + } + // We ran out of space... + return OPAL_EMPTY; + +allocate: + tmp->id = id; + + // Special case: size of -1 gives remaining space + if (size == -1) + tmp->size = end - tmp->data; + else + tmp->size = size; + + return OPAL_SUCCESS; +} + + +int secvar_tpmnv_read(uint32_t id, void *buf, size_t size, size_t off) +{ + struct tpm_nv_id *var; + + if (secvar_tpmnv_init()) + return OPAL_RESOURCE; + + var = find_tpmnv_id(id); + if (!var) + return OPAL_EMPTY; + + size = MIN(size, var->size); + memcpy(buf, var->data + off, size); + + return 0; +} + + +int secvar_tpmnv_write(uint32_t id, void *buf, size_t size, size_t off) +{ + struct tpm_nv_id *var; + + if (secvar_tpmnv_init()) + return OPAL_RESOURCE; + + var = find_tpmnv_id(id); + if (!var) + return OPAL_EMPTY; + + size = MIN(size, var->size); + memcpy(var->data, buf + off, size); + + return tpmnv_ops->tss_nv_write(TPM_SECVAR_NV_INDEX, tpm_image, tpm_nv_size, 0); +} + +int secvar_tpmnv_size(uint32_t id) +{ + struct tpm_nv_id *var; + + if (secvar_tpmnv_init()) + return OPAL_RESOURCE; + + var = find_tpmnv_id(id); + if (!var) + return 0; + return var->size; +} diff --git a/libstb/secvar/secvar_tpmnv.h b/libstb/secvar/secvar_tpmnv.h new file mode 100644 index 00000000..697a52c2 --- /dev/null +++ b/libstb/secvar/secvar_tpmnv.h @@ -0,0 +1,16 @@ +#ifndef _SECVAR_TPMNV_H_ +#define _SECVAR_TPMNV_H_ +#include + +extern int tpm_first_init; + +int secvar_tpmnv_alloc(uint32_t id, int32_t size); +int secvar_tpmnv_read(uint32_t id, void *buf, size_t size, size_t off); +int secvar_tpmnv_write(uint32_t id, void *buf, size_t size, size_t off); +int secvar_tpmnv_size(uint32_t id); + +extern int tpm_fake_nv; +extern uint64_t tpm_fake_nv_offset; + +#endif + From patchwork Mon Jan 20 02:36:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225600 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481G9C4n9jz9sRQ for ; Mon, 20 Jan 2020 13:39:59 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481G9C1sWlzDqZj for ; Mon, 20 Jan 2020 13:39:59 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G6736VpzDqY2 for ; Mon, 20 Jan 2020 13:37:19 +1100 (AEDT) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2WpdP003425 for ; Sun, 19 Jan 2020 21:37:16 -0500 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0b-001b2d01.pphosted.com with ESMTP id 2xmg3783y8-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:16 -0500 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:15 -0000 Received: from b06avi18878370.portsmouth.uk.ibm.com (9.149.26.194) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:12 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2bAp040239490 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:37:10 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A94274C046; Mon, 20 Jan 2020 02:37:10 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D45374C040; Mon, 20 Jan 2020 02:37:09 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:09 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:36:55 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0012-0000-0000-0000037EDFB5 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0013-0000-0000-000021BB1B05 Message-Id: <20200120023700.5373-8-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 mlxlogscore=999 suspectscore=1 phishscore=0 malwarescore=0 impostorscore=0 bulkscore=0 lowpriorityscore=0 mlxscore=0 adultscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 07/12] core/flash.c: add SECBOOT read and write support X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Claudio Carvalho In secure boot enabled systems, the petitboot linux kernel verifies the OS kernel against x509 certificates that are wrapped in secure variables controlled by OPAL. These secure variables are stored in the PNOR SECBOOT partition, as well as the updates submitted for them using userspace tools. This patch adds read and write support to the PNOR SECBOOT partition in a similar fashion to that of NVRAM, so that OPAL can handle the secure variables. V2: - lowered logging level for secboot_probe Signed-off-by: Claudio Carvalho Signed-off-by: Eric Richter --- core/flash.c | 130 +++++++++++++++++++++++++++++++++++++++++++++ include/platform.h | 4 ++ 2 files changed, 134 insertions(+) diff --git a/core/flash.c b/core/flash.c index 7fbfca22..5fbc395a 100644 --- a/core/flash.c +++ b/core/flash.c @@ -59,6 +59,10 @@ static struct lock flash_lock; static struct flash *nvram_flash; static u32 nvram_offset, nvram_size; +/* secboot-on-flash support */ +static struct flash *secboot_flash; +static u32 secboot_offset, secboot_size; + bool flash_reserve(void) { bool rc = false; @@ -93,6 +97,91 @@ bool flash_unregister(void) return true; } +static int flash_secboot_info(uint32_t *total_size) +{ + int rc; + + lock(&flash_lock); + if (!secboot_flash) { + rc = OPAL_HARDWARE; + } else if (secboot_flash->busy) { + rc = OPAL_BUSY; + } else { + *total_size = secboot_size; + rc = OPAL_SUCCESS; + } + unlock(&flash_lock); + + return rc; +} + +static int flash_secboot_read(void *dst, uint32_t src, uint32_t len) +{ + int rc; + + if (!try_lock(&flash_lock)) + return OPAL_BUSY; + + if (!secboot_flash) { + rc = OPAL_HARDWARE; + goto out; + } + + if (secboot_flash->busy) { + rc = OPAL_BUSY; + goto out; + } + + if ((src + len) > secboot_size) { + prerror("FLASH_SECBOOT: read out of bound (0x%x,0x%x)\n", + src, len); + rc = OPAL_PARAMETER; + goto out; + } + + secboot_flash->busy = true; + unlock(&flash_lock); + + rc = blocklevel_read(secboot_flash->bl, secboot_offset + src, dst, len); + + lock(&flash_lock); + secboot_flash->busy = false; +out: + unlock(&flash_lock); + return rc; +} + +static int flash_secboot_write(uint32_t dst, void *src, uint32_t len) +{ + int rc; + + if (!try_lock(&flash_lock)) + return OPAL_BUSY; + + if (secboot_flash->busy) { + rc = OPAL_BUSY; + goto out; + } + + if ((dst + len) > secboot_size) { + prerror("FLASH_SECBOOT: write out of bound (0x%x,0x%x)\n", + dst, len); + rc = OPAL_PARAMETER; + goto out; + } + + secboot_flash->busy = true; + unlock(&flash_lock); + + rc = blocklevel_write(secboot_flash->bl, secboot_offset + dst, src, len); + + lock(&flash_lock); + secboot_flash->busy = false; +out: + unlock(&flash_lock); + return rc; +} + static int flash_nvram_info(uint32_t *total_size) { int rc; @@ -182,6 +271,46 @@ out: return rc; } + +static int flash_secboot_probe(struct flash *flash, struct ffs_handle *ffs) +{ + uint32_t start, size, part; + bool ecc; + int rc; + + prlog(PR_DEBUG, "FLASH: probing for SECBOOT\n"); + + rc = ffs_lookup_part(ffs, "SECBOOT", &part); + if (rc) { + prlog(PR_WARNING, "FLASH: no SECBOOT partition found\n"); + return OPAL_HARDWARE; + } + + rc = ffs_part_info(ffs, part, NULL, + &start, &size, NULL, &ecc); + if (rc) { + /** + * @fwts-label SECBOOTNoPartition + * @fwts-advice OPAL could not find an SECBOOT partition + * on the system flash. Check that the system flash + * has a valid partition table, and that the firmware + * build process has added a SECBOOT partition. + */ + prlog(PR_ERR, "FLASH: Can't parse ffs info for SECBOOT\n"); + return OPAL_HARDWARE; + } + + secboot_flash = flash; + secboot_offset = start; + secboot_size = ecc ? ecc_buffer_size_minus_ecc(size) : size; + + platform.secboot_info = flash_secboot_info; + platform.secboot_read = flash_secboot_read; + platform.secboot_write = flash_secboot_write; + + return 0; +} + static int flash_nvram_probe(struct flash *flash, struct ffs_handle *ffs) { uint32_t start, size, part; @@ -332,6 +461,7 @@ static void setup_system_flash(struct flash *flash, struct dt_node *node, prlog(PR_INFO, "registered system flash device %s\n", name); flash_nvram_probe(flash, ffs); + flash_secboot_probe(flash, ffs); } static int num_flashes(void) diff --git a/include/platform.h b/include/platform.h index 412f8fc8..cdc64e0a 100644 --- a/include/platform.h +++ b/include/platform.h @@ -212,6 +212,10 @@ struct platform { int (*secvar_init)(void); + int (*secboot_info)(uint32_t *total_size); + int (*secboot_read)(void *dst, uint32_t src, uint32_t len); + int (*secboot_write)(uint32_t dst, void *src, uint32_t len); + /* * OCC timeout. This return how long we should wait for the OCC * before timing out. This lets us use a high value on larger FSP From patchwork Mon Jan 20 02:36:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225602 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481G9r5gnKz9sRQ for ; Mon, 20 Jan 2020 13:40:32 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481G9p3yR1zDqZB for ; Mon, 20 Jan 2020 13:40:30 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G681b11zDqY2 for ; Mon, 20 Jan 2020 13:37:19 +1100 (AEDT) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2WoZL082237 for ; Sun, 19 Jan 2020 21:37:18 -0500 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xmgbnfth2-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:17 -0500 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:16 -0000 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:13 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2bBpm42926106 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:37:11 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9EB974C04A; Mon, 20 Jan 2020 02:37:11 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E62524C046; Mon, 20 Jan 2020 02:37:10 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:10 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:36:56 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0012-0000-0000-0000037EDFB6 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0013-0000-0000-000021BB1B07 Message-Id: <20200120023700.5373-9-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=3 phishscore=0 mlxlogscore=999 spamscore=0 malwarescore=0 lowpriorityscore=0 adultscore=0 mlxscore=0 bulkscore=0 impostorscore=0 clxscore=1015 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 08/12] secvar/storage: add secvar storage driver for pnor-based p9 platforms X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch implements the platform specific logic for persisting the secure variable storage banks across reboots via the SECBOOT PNOR partition. For POWER 9, all secure variables and updates are stored in the in the SECBOOT PNOR partition. The partition is split into three sections: two variable bank sections, and a section for storing updates. The driver alternates writes between the two variable sections, so that the final switch from one set of variables to the next can be as atomic as possible by flipping an "active bit" stored in TPM NV. PNOR space provides no lock protection, so prior to writing the variable bank, a sha256 hash is calculated and stored in TPM NV. This hash is compared against the hash of the variables loaded from PNOR to ensure consistency -- otherwise a failure is reported, no keys are loaded (which should cause skiroot to refuse to boot if secure boot support is enabled). Signed-off-by: Eric Richter --- include/secvar.h | 1 + libstb/secvar/storage/Makefile.inc | 4 +- libstb/secvar/storage/secboot_tpm.c | 267 +++++++++++++++++++ libstb/secvar/storage/secboot_tpm.h | 26 ++ libstb/secvar/test/Makefile.check | 2 +- libstb/secvar/test/secvar-test-secboot-tpm.c | 142 ++++++++++ 6 files changed, 439 insertions(+), 3 deletions(-) create mode 100644 libstb/secvar/storage/secboot_tpm.c create mode 100644 libstb/secvar/storage/secboot_tpm.h create mode 100644 libstb/secvar/test/secvar-test-secboot-tpm.c diff --git a/include/secvar.h b/include/secvar.h index c41fb739..2875c700 100644 --- a/include/secvar.h +++ b/include/secvar.h @@ -23,6 +23,7 @@ struct secvar_backend_driver { const char *compatible; // String to use for compatible in secvar node }; +extern struct secvar_storage_driver secboot_tpm_driver; int secvar_main(struct secvar_storage_driver, struct secvar_backend_driver); diff --git a/libstb/secvar/storage/Makefile.inc b/libstb/secvar/storage/Makefile.inc index b7a821ec..5926e2f5 100644 --- a/libstb/secvar/storage/Makefile.inc +++ b/libstb/secvar/storage/Makefile.inc @@ -1,11 +1,11 @@ # SPDX-License-Identifier: Apache-2.0 # -*-Makefile-*- -SECVAR_STORAGE_DIR = libstb/secvar/storage +SECVAR_STORAGE_DIR = $(SRC)/libstb/secvar/storage SUBDIRS += $(SECVAR_STORAGE_DIR) -SECVAR_STORAGE_SRCS = +SECVAR_STORAGE_SRCS = secboot_tpm.c SECVAR_STORAGE_OBJS = $(SECVAR_STORAGE_SRCS:%.c=%.o) SECVAR_STORAGE = $(SECVAR_STORAGE_DIR)/built-in.a diff --git a/libstb/secvar/storage/secboot_tpm.c b/libstb/secvar/storage/secboot_tpm.c new file mode 100644 index 00000000..9a3d228a --- /dev/null +++ b/libstb/secvar/storage/secboot_tpm.c @@ -0,0 +1,267 @@ +// SPDX-License-Identifier: Apache-2.0 +/* Copyright 2019 IBM Corp. */ +#ifndef pr_fmt +#define pr_fmt(fmt) "SECBOOT_TPM: " fmt +#endif + +#include +#include +#include +#include +#include "../secvar.h" +#include "../secvar_tpmnv.h" +#include "secboot_tpm.h" + +//#define CYCLE_BIT(b) (((((b-1)%SECBOOT_VARIABLE_BANK_NUM)+1)%SECBOOT_VARIABLE_BANK_NUM)+1) +#define CYCLE_BIT(b) (b^0x1) + +#define TPMNV_ID_ACTIVE_BIT 0x53414242 // SABB +#define TPMNV_ID_HASH_BANK_0 0x53484230 // SHB0 +#define TPMNV_ID_HASH_BANK_1 0x53484231 // SHB1 + +#define GET_HASH_BANK_ID(bit) ((bit)?TPMNV_ID_HASH_BANK_1:TPMNV_ID_HASH_BANK_0) + +// Because mbedtls doesn't define this? +#define SHA256_DIGEST_LENGTH 32 + +struct secboot *secboot_image; + +static void calc_bank_hash(char *target_hash, char *source_buf, uint64_t size) +{ + mbedtls_sha256_context ctx; + + mbedtls_sha256_init(&ctx); + mbedtls_sha256_update_ret(&ctx, source_buf, size); + mbedtls_sha256_finish_ret(&ctx, target_hash); +} + +static int secboot_format(void) +{ + char bank_hash[SHA256_DIGEST_LENGTH]; + + if (!platform.secboot_write) + return OPAL_UNSUPPORTED; + + memset(secboot_image, 0x00, sizeof(struct secboot)); + + secboot_image->header.magic_number = SECBOOT_MAGIC_NUMBER; + secboot_image->header.version = SECBOOT_VERSION; + + // Write the empty hash to the tpm so loads work in the future + calc_bank_hash(bank_hash, secboot_image->bank[0], SECBOOT_VARIABLE_BANK_SIZE); + secvar_tpmnv_write(TPMNV_ID_HASH_BANK_0, bank_hash, SHA256_DIGEST_LENGTH, 0); + + return platform.secboot_write(0, secboot_image, sizeof(struct secboot)); +} + +// Flattens a linked-list bank into a contiguous buffer for writing +static int secboot_serialize_bank(struct list_head *bank, char *target, size_t target_size, int flags) +{ + struct secvar_node *node; + char *tmp = target; + + if (!bank) + return OPAL_INTERNAL_ERROR; + if (!target) + return OPAL_INTERNAL_ERROR; + + list_for_each(bank, node, link) { + if (node->flags != flags) + continue; + + // Bail early if we are out of storage space + if ((target - tmp) + sizeof(struct secvar) + node->var->data_size > target_size) { + return OPAL_EMPTY; + } + + memcpy(target, node->var, sizeof(struct secvar) + node->var->data_size); + + target += sizeof(struct secvar) + node->var->data_size; + } + + return OPAL_SUCCESS; +} + + +static int secboot_load_from_pnor(struct list_head *bank, char *source, size_t max_size) +{ + char *src; + struct secvar_node *tmp; + struct secvar *hdr; + + src = source; + + while (src < (source + max_size)) { + // Load in the header first to get the size, and check if we are at the end + hdr = (struct secvar *) src; + if (hdr->key_len == 0) { + break; + } + + tmp = alloc_secvar(hdr->data_size); + if (!tmp) { + prlog(PR_ERR, "Could not allocate memory for loading secvar from image\n"); + return OPAL_NO_MEM; + } + + memcpy(tmp->var, src, sizeof(struct secvar) + hdr->data_size); + + list_add_tail(bank, &tmp->link); + src += sizeof(struct secvar) + hdr->data_size; + } + + return OPAL_SUCCESS; +} + + +static int secboot_tpm_write_bank(struct list_head *bank, int section) +{ + int rc; + uint64_t bit; + char bank_hash[SHA256_DIGEST_LENGTH]; + + switch(section) { + case SECVAR_VARIABLE_BANK: + // Get the current bit and flip it + secvar_tpmnv_read(TPMNV_ID_ACTIVE_BIT, &bit, sizeof(bit), 0); + bit = CYCLE_BIT(bit); + + // Calculate the bank hash, and write to TPM NV + rc = secboot_serialize_bank(bank, secboot_image->bank[bit], SECBOOT_VARIABLE_BANK_SIZE, 0); + if (rc) + break; + + calc_bank_hash(bank_hash, secboot_image->bank[bit], SECBOOT_VARIABLE_BANK_SIZE); + rc = secvar_tpmnv_write(GET_HASH_BANK_ID(bit), bank_hash, SHA256_DIGEST_LENGTH, 0); + if (rc) + break; + + // Write new variable bank to pnor + rc = platform.secboot_write(0, secboot_image, sizeof(struct secboot)); + if (rc) + break; + + // Flip the bit, and write to TPM NV + rc = secvar_tpmnv_write(TPMNV_ID_ACTIVE_BIT, &bit, sizeof(bit), 0); + break; + case SECVAR_UPDATE_BANK: + memset(secboot_image->update, 0, SECBOOT_UPDATE_BANK_SIZE); + rc = secboot_serialize_bank(bank, secboot_image->update, SECBOOT_UPDATE_BANK_SIZE, 0); + if (rc) + break; + + rc = platform.secboot_write(0, secboot_image, sizeof(struct secboot)); + break; + default: + rc = OPAL_HARDWARE; + } + + return rc; +} + + +static int secboot_tpm_load_variable_bank(struct list_head *bank) +{ + char bank_hash[SHA256_DIGEST_LENGTH]; + char tpm_bank_hash[SHA256_DIGEST_LENGTH]; + uint64_t bit; + + secvar_tpmnv_read(TPMNV_ID_ACTIVE_BIT, &bit, sizeof(bit), 0); + secvar_tpmnv_read(GET_HASH_BANK_ID(bit), tpm_bank_hash, SHA256_DIGEST_LENGTH, 0); + + calc_bank_hash(bank_hash, secboot_image->bank[bit], SECBOOT_VARIABLE_BANK_SIZE); + if (memcmp(bank_hash, tpm_bank_hash, SHA256_DIGEST_LENGTH)) + return OPAL_PERMISSION; // Tampered pnor space detected, abandon ship + + return secboot_load_from_pnor(bank, secboot_image->bank[bit], SECBOOT_VARIABLE_BANK_SIZE); +} + + +static int secboot_tpm_load_bank(struct list_head *bank, int section) +{ + switch(section) { + case SECVAR_VARIABLE_BANK: + return secboot_tpm_load_variable_bank(bank); + case SECVAR_UPDATE_BANK: + return secboot_load_from_pnor(bank, secboot_image->update, SECBOOT_UPDATE_BANK_SIZE); + default: + return OPAL_HARDWARE; + } + + return OPAL_HARDWARE; +} + + +static int secboot_tpm_store_init(void) +{ + int rc; + unsigned secboot_size; + + // Already initialized + if (secboot_image) + return OPAL_SUCCESS; + + if (!platform.secboot_info) + return OPAL_UNSUPPORTED; + + prlog(PR_DEBUG, "Initializing for pnor+tpm based platform\n"); + + rc = secvar_tpmnv_alloc(TPMNV_ID_ACTIVE_BIT, sizeof(uint64_t)); + rc |= secvar_tpmnv_alloc(TPMNV_ID_HASH_BANK_0, SHA256_DIGEST_LENGTH); + rc |= secvar_tpmnv_alloc(TPMNV_ID_HASH_BANK_1, SHA256_DIGEST_LENGTH); + if (rc) { + prlog(PR_ERR, "unable to alloc or find the tpmnv space, rc = %d\n", rc); + return rc; + } + + rc = platform.secboot_info(&secboot_size); + if (rc) { + prlog(PR_ERR, "error %d retrieving keystore info\n", rc); + return rc; + } + if (sizeof(struct secboot) > secboot_size) { + prlog(PR_ERR, "secboot partition %d KB too small. min=%ld\n", + secboot_size >> 10, sizeof(struct secboot)); + return OPAL_RESOURCE; + } + + secboot_image = memalign(0x1000, sizeof(struct secboot)); + if (!secboot_image) { + prlog(PR_ERR, "Failed to allocate space for the secboot image\n"); + return OPAL_NO_MEM; + } + + /* Read it in */ + rc = platform.secboot_read(secboot_image, 0, sizeof(struct secboot)); + if (rc) { + prlog(PR_ERR, "failed to read the secboot partition, rc=%d\n", rc); + goto out_free; + } + + if ((secboot_image->header.magic_number != SECBOOT_MAGIC_NUMBER) + || tpm_first_init ) { + prlog(PR_INFO, "Formatting secboot partition...\n"); + rc = secboot_format(); + if (rc) { + prlog(PR_ERR, "Failed to format secboot!\n"); + goto out_free; + } + } + + return OPAL_SUCCESS; + +out_free: + if (secboot_image) { + free(secboot_image); + secboot_image = NULL; + } + + return rc; +} + +struct secvar_storage_driver secboot_tpm_driver = { + .load_bank = secboot_tpm_load_bank, + .write_bank = secboot_tpm_write_bank, + .store_init = secboot_tpm_store_init, + .max_var_size = 8192, +}; diff --git a/libstb/secvar/storage/secboot_tpm.h b/libstb/secvar/storage/secboot_tpm.h new file mode 100644 index 00000000..ea48688c --- /dev/null +++ b/libstb/secvar/storage/secboot_tpm.h @@ -0,0 +1,26 @@ +#ifndef _SECBOOT_TPM_H_ +#define _SECBOOT_TPM_H_ + +// TODO: Determine reasonable values for these, or have platform set it? +#define SECBOOT_VARIABLE_BANK_SIZE 32000 +#define SECBOOT_UPDATE_BANK_SIZE 32000 + +#define SECBOOT_VARIABLE_BANK_NUM 2 + +/* 0x5053424b = "PSBK" or Power Secure Boot Keystore */ +#define SECBOOT_MAGIC_NUMBER 0x5053424b +#define SECBOOT_VERSION 1 + +struct secboot_header { + uint32_t magic_number; + uint8_t version; + uint8_t reserved[3]; // Fix alignment +} __packed; + +struct secboot { + struct secboot_header header; + char bank[SECBOOT_VARIABLE_BANK_NUM][SECBOOT_VARIABLE_BANK_SIZE]; + char update[SECBOOT_UPDATE_BANK_SIZE]; +} __packed; + +#endif diff --git a/libstb/secvar/test/Makefile.check b/libstb/secvar/test/Makefile.check index 6dc24f1e..b704a071 100644 --- a/libstb/secvar/test/Makefile.check +++ b/libstb/secvar/test/Makefile.check @@ -5,7 +5,7 @@ SECVAR_TEST_DIR = libstb/secvar/test SECVAR_TEST = $(patsubst %.c, %, $(wildcard $(SECVAR_TEST_DIR)/secvar-test-*.c)) -HOSTCFLAGS+=-I . -I include +HOSTCFLAGS+=-I . -I include -I libstb/tss2 .PHONY : secvar-check secvar-check: $(SECVAR_TEST:%=%-check) $(SECVAR_TEST:%=%-gcov-run) diff --git a/libstb/secvar/test/secvar-test-secboot-tpm.c b/libstb/secvar/test/secvar-test-secboot-tpm.c new file mode 100644 index 00000000..acc2da5b --- /dev/null +++ b/libstb/secvar/test/secvar-test-secboot-tpm.c @@ -0,0 +1,142 @@ +#include "secvar_common_test.c" +#include "../storage/secboot_tpm.c" +#include "../../crypto/mbedtls/library/sha256.c" +#include "../../crypto/mbedtls/library/platform_util.c" +#include "../secvar_util.c" + +#define TSS_NV_Read NULL +#define TSS_NV_Write NULL +#define TSS_NV_Define_Space NULL + +#include "../secvar_tpmnv.c" + +char *secboot_buffer; + +#define ARBITRARY_SECBOOT_SIZE 128000 + +const char *secvar_test_name = "secboot_tpm"; + +static int secboot_read(void *dst, uint32_t src, uint32_t len) +{ + memcpy(dst, secboot_buffer + src, len); + return 0; +} + +static int secboot_write(uint32_t dst, void *src, uint32_t len) +{ + memcpy(secboot_buffer + dst, src, len); + return 0; +} + +static int secboot_info(uint32_t *total_size) +{ + *total_size = ARBITRARY_SECBOOT_SIZE; + return 0; +} + +struct platform platform; + +int run_test(void) +{ + int rc; + struct secvar_node *tmp; + + platform.secboot_read = secboot_read; + platform.secboot_write = secboot_write; + platform.secboot_info = secboot_info; + + secboot_buffer = zalloc(ARBITRARY_SECBOOT_SIZE); + + // Initialize and format the storage + rc = secboot_tpm_store_init(); + ASSERT(OPAL_SUCCESS == rc); + + // Load the just-formatted empty section + rc = secboot_tpm_load_bank(&variable_bank, SECVAR_VARIABLE_BANK); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(0 == list_length(&variable_bank)); + + // Add some test variables + tmp = alloc_secvar(8); + tmp->var->key_len = 5; + memcpy(tmp->var->key, "test", 5); + tmp->var->data_size = 8; + memcpy(tmp->var->data, "testdata", 8); + list_add_tail(&variable_bank, &tmp->link); + + tmp = alloc_secvar(8); + tmp->var->key_len = 4; + memcpy(tmp->var->key, "foo", 4); + tmp->var->data_size = 8; + memcpy(tmp->var->data, "moredata", 8); + list_add_tail(&variable_bank, &tmp->link); + + // Write the bank + rc = secboot_tpm_write_bank(&variable_bank, SECVAR_VARIABLE_BANK); + ASSERT(OPAL_SUCCESS == rc); + // should write to bank 1 first + ASSERT(secboot_image->bank[1][0] != 0); + ASSERT(secboot_image->bank[0][0] == 0); + + // Clear the variable list + clear_bank_list(&variable_bank); + ASSERT(0 == list_length(&variable_bank)); + + // Load the bank + rc = secboot_tpm_load_bank(&variable_bank, SECVAR_VARIABLE_BANK); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(2 == list_length(&variable_bank)); + + // Change a variable + tmp = list_top(&variable_bank, struct secvar_node, link); + memcpy(tmp->var->data, "somethin", 8); + + // Write the bank + rc = secboot_tpm_write_bank(&variable_bank, SECVAR_VARIABLE_BANK); + ASSERT(OPAL_SUCCESS == rc); + // should have data in both now + ASSERT(secboot_image->bank[0][0] != 0); + ASSERT(secboot_image->bank[1][0] != 0); + + clear_bank_list(&variable_bank); + + // Tamper with pnor, hash check should catch this + secboot_image->bank[0][0] = ~secboot_image->bank[0][0]; + + rc = secboot_tpm_load_bank(&variable_bank, SECVAR_VARIABLE_BANK); + ASSERT(rc != OPAL_SUCCESS); // TODO: permission? + + // Fix it back... + secboot_image->bank[0][0] = ~secboot_image->bank[0][0]; + + // Should be ok again + rc = secboot_tpm_load_bank(&variable_bank, SECVAR_VARIABLE_BANK); + ASSERT(rc == OPAL_SUCCESS); + + clear_bank_list(&variable_bank); + free(secboot_buffer); + + return 0; +} + +int main(void) +{ + int rc = 0; + + tpm_fake_nv = 1; + tpm_fake_nv_offset = 0; + + list_head_init(&variable_bank); + + rc = run_test(); + + if (rc) + printf(COLOR_RED "FAILED" COLOR_RESET "\n"); + else + printf(COLOR_GREEN "OK" COLOR_RESET "\n"); + + free(tpm_image); + free(secboot_image); + + return rc; +} From patchwork Mon Jan 20 02:36:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225601 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481G9X0MXzz9sRQ for ; Mon, 20 Jan 2020 13:40:16 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481G9W64fhzDqZk for ; Mon, 20 Jan 2020 13:40:15 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G674jpmzDqXw for ; Mon, 20 Jan 2020 13:37:19 +1100 (AEDT) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2Wu2c157863 for ; Sun, 19 Jan 2020 21:37:18 -0500 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xkxhwesxv-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:17 -0500 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:15 -0000 Received: from b06avi18626390.portsmouth.uk.ibm.com (9.149.26.192) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:14 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2aMFL50069846 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:36:23 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9D5B04C046; Mon, 20 Jan 2020 02:37:12 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EA0054C040; Mon, 20 Jan 2020 02:37:11 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:11 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:36:57 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0008-0000-0000-0000034AE751 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0009-0000-0000-00004A6B486A Message-Id: <20200120023700.5373-10-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 phishscore=0 lowpriorityscore=0 malwarescore=0 suspectscore=0 priorityscore=1501 bulkscore=0 adultscore=0 mlxscore=0 mlxlogscore=999 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 09/12] secvar/backend: add edk2 derived key updates processing X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Nayna Jain As part of secureboot key management, the scheme for handling key updates is derived from tianocore reference implementation[1]. The wrappers for holding the signed update is the Authentication Header and for holding the public key certificate is ESL (EFI Signature List), both derived from tianocore reference implementation[1]. This patch adds the support to process update queue. This involves: 1. Verification of the update signature using the key authorized as per the key hierarchy 2. Handling addition/deletion of the keys 3. Support for dbx(blacklisting of hashes) 4. Validation checks for the updates 5. Supporting multiple ESLs for single variable both for update/verification 6. Timestamp check 7. Allowing only single PK 8. Failure Handling [1] https://github.com/tianocore/edk2-staging.git Signed-off-by: Nayna Jain Signed-off-by: Eric Richter --- V5: - Finalizes the previous version to a complete version taking care of validation, multiple ESLs, single PK, dbx support, timestamp checks and failure handling. doc/secvar/edk2.rst | 49 ++ include/secvar.h | 1 + libstb/secvar/backend/Makefile.inc | 4 +- libstb/secvar/backend/edk2-compat.c | 877 ++++++++++++++++++++++++++++ libstb/secvar/backend/edk2.h | 243 ++++++++ 5 files changed, 1172 insertions(+), 2 deletions(-) create mode 100644 doc/secvar/edk2.rst create mode 100644 libstb/secvar/backend/edk2-compat.c create mode 100644 libstb/secvar/backend/edk2.h diff --git a/doc/secvar/edk2.rst b/doc/secvar/edk2.rst new file mode 100644 index 00000000..e0c29457 --- /dev/null +++ b/doc/secvar/edk2.rst @@ -0,0 +1,49 @@ +.. _secvar/edk2: + +Skiboot edk2-compatible Secure Variable Backend +=============================================== + +Overview +-------- + +The edk2 secure variable backend for skiboot borrows from edk2 concepts +such as the three key hierarchy (PK, KEK, and db), and a similar +structure. In general, variable updates must be signed with a key +of a higher level. So, updates to the db must be signed with a key stored +in the KEK; updates to the KEK must be signed with the PK. Updates to the +PK must be signed with the previous PK (if any). + +Variables are stored in the efi signature list format, and updates are a +signed variant that includes an authentication header. + +If no PK is currently enrolled, the system is considered to be in "Setup +Mode". Any key can be enrolled without signature checks. However, once a +PK is enrolled, the system switches to "User Mode", and each update must +now be signed according to the hierarchy. Furthermore, when in "User +Mode", the backend initialized the ``os-secure-mode`` device tree flag, +signaling to the kernel that we are in secure mode. + +Updates are processed sequentially, in the order that they were provided +in the update queue. If any update fails to validate, appears to be +malformed, or any other error occurs, NO updates will not be applied. +This includes updates that may have successfully applied prior to the +error. The system will continue in an error state, reporting the error +reason via the ``update-status`` device tree property. + +P9 Special Case for the Platform Key +------------------------------------ + +Due to the powerful nature of the platform key and the lack of lockable +flash, the edk2 backend will store the PK in TPM NV rather than PNOR on +P9 systems. (TODO expand on this) + +Update Status Return Codes +-------------------------- + +TODO, edk2 driver needs to actually return these properly first + + +Device Tree Bindings +-------------------- + +TODO diff --git a/include/secvar.h b/include/secvar.h index 2875c700..8b701e00 100644 --- a/include/secvar.h +++ b/include/secvar.h @@ -24,6 +24,7 @@ struct secvar_backend_driver { }; extern struct secvar_storage_driver secboot_tpm_driver; +extern struct secvar_backend_driver edk2_compatible_v1; int secvar_main(struct secvar_storage_driver, struct secvar_backend_driver); diff --git a/libstb/secvar/backend/Makefile.inc b/libstb/secvar/backend/Makefile.inc index cc1a49fa..1c1896ab 100644 --- a/libstb/secvar/backend/Makefile.inc +++ b/libstb/secvar/backend/Makefile.inc @@ -1,11 +1,11 @@ # SPDX-License-Identifier: Apache-2.0 # -*-Makefile-*- -SECVAR_BACKEND_DIR = libstb/secvar/backend +SECVAR_BACKEND_DIR = $(SRC)/libstb/secvar/backend SUBDIRS += $(SECVAR_BACKEND_DIR) -SECVAR_BACKEND_SRCS = +SECVAR_BACKEND_SRCS = edk2-compat.c SECVAR_BACKEND_OBJS = $(SECVAR_BACKEND_SRCS:%.c=%.o) SECVAR_BACKEND = $(SECVAR_BACKEND_DIR)/built-in.a diff --git a/libstb/secvar/backend/edk2-compat.c b/libstb/secvar/backend/edk2-compat.c new file mode 100644 index 00000000..b99738b1 --- /dev/null +++ b/libstb/secvar/backend/edk2-compat.c @@ -0,0 +1,877 @@ +// SPDX-License-Identifier: Apache-2.0 +/* Copyright 2019 IBM Corp. */ +#ifndef pr_fmt +#define pr_fmt(fmt) "EDK2_COMPAT: " fmt +#endif + +#include +#include +#include +#include +#include +#include +#include "libstb/crypto/pkcs7/pkcs7.h" +#include "edk2.h" +#include "opal-api.h" +#include "../secvar.h" +#include "../secvar_devtree.h" +#include "../secvar_tpmnv.h" +#include + +#define TPMNV_ID_EDK2_PK 0x4532504b // E2PK + +static bool setup_mode; + +//struct efi_time *timestamp_list; + +/* + * Converts utf8 string to ucs2 + */ +static char *utf8_to_ucs2(const char *key, const char keylen) +{ + int i; + char *str; + str = zalloc(keylen * 2); + + for (i = 0; i < keylen*2; key++) { + str[i++] = *key; + str[i++] = '\0'; + } + return str; +} + +/* + * Returns true if key1 = key2 + */ +static bool key_equals(const char *key1, const char *key2) +{ + if (memcmp(key1, key2, strlen(key2)+1) == 0) + return true; + + return false; +} + +/** + * Returns the authority that can sign the given key update + */ +static void get_key_authority(const char *ret[3], const char *key) +{ + int i = 0; + + memset(ret, 0, sizeof(char *) * 3); + if (key_equals(key, "PK")) + ret[i++] = "PK"; + if (key_equals(key, "KEK")) + ret[i++] = "PK"; + if (key_equals(key, "db") || key_equals(key, "dbx")) { + ret[i++] = "KEK"; + ret[i++] = "PK"; + } + ret[i] = NULL; +} + +/* + * PK needs to be stored in the TPMNV space if on p9 + * We store it using the form , the + * extra secvar headers are unnecessary + */ +static int edk2_p9_load_pk(void) +{ + struct secvar_node *pkvar; + uint64_t size; + int rc; + + // Ensure it exists + rc = secvar_tpmnv_alloc(TPMNV_ID_EDK2_PK, -1); + + // Peek to get the size + rc = secvar_tpmnv_read(TPMNV_ID_EDK2_PK, &size, sizeof(size), 0); + if (rc == OPAL_EMPTY) + return 0; + else if (rc) + return -1; + + if (size > secvar_storage.max_var_size) + return OPAL_RESOURCE; + + pkvar = alloc_secvar(size); + memcpy(pkvar->var->key, "PK", 3); + pkvar->var->key_len = 3; + pkvar->var->data_size = size; + pkvar->flags |= SECVAR_FLAG_VOLATILE; + + rc = secvar_tpmnv_read(TPMNV_ID_EDK2_PK, pkvar->var->data, pkvar->var->data_size, sizeof(pkvar->var->data_size)); + if (rc) + return rc; + + list_add_tail(&variable_bank, &pkvar->link); + + return OPAL_SUCCESS; +} + +/* + * Writes the PK to the TPM. + */ +static int edk2_p9_write_pk(void) +{ + char *tmp; + int32_t tmpsize; + struct secvar_node *pkvar; + int rc; + + pkvar = find_secvar("PK", 3, &variable_bank); + + // Should not happen + if (!pkvar) + return OPAL_INTERNAL_ERROR; + + // Reset the pk flag to volatile on p9 + pkvar->flags |= SECVAR_FLAG_VOLATILE; + + tmpsize = secvar_tpmnv_size(TPMNV_ID_EDK2_PK); + if (tmpsize < 0) { + prlog(PR_ERR, "TPMNV space for PK was not allocated properly\n"); + return OPAL_RESOURCE; + } + if (tmpsize < pkvar->var->data_size + sizeof(pkvar->var->data_size)) { + prlog(PR_ERR, "TPMNV PK space is insufficient, %d < %llu\n", tmpsize, + // Cast needed because x86 compiler complains building the test + (long long unsigned) pkvar->var->data_size + sizeof(pkvar->var->data_size)); + return OPAL_RESOURCE; + } + + tmp = zalloc(tmpsize); + if (!tmp) + return OPAL_NO_MEM; + + memcpy(tmp, &pkvar->var->data_size, sizeof(pkvar->var->data_size)); + memcpy(tmp + sizeof(pkvar->var->data_size), + pkvar->var->data, + pkvar->var->data_size); + + tmpsize = pkvar->var->data_size + sizeof(pkvar->var->data_size); + + rc = secvar_tpmnv_write(TPMNV_ID_EDK2_PK, tmp, tmpsize, 0); + + free(tmp); + + return rc; +} + +/* + * Returns the size of the ESL. + */ +static int get_esl_signature_list_size(char *buf) +{ + EFI_SIGNATURE_LIST list; + + memcpy(&list, buf, sizeof(EFI_SIGNATURE_LIST)); + + prlog(PR_DEBUG, "size of signature list size is %u\n", le32_to_cpu(list.SignatureListSize)); + + return le32_to_cpu(list.SignatureListSize); +} + +/* + * Returns the size of the certificate contained in the ESL. + */ +static int get_esl_cert_size(char *buf) +{ + EFI_SIGNATURE_LIST list; + uint32_t sigsize; + + memcpy(&list, buf, sizeof(EFI_SIGNATURE_LIST)); + + sigsize = le32_to_cpu(list.SignatureListSize) - sizeof(list) + - le32_to_cpu(list.SignatureHeaderSize) - sizeof(uuid_t); + + prlog(PR_DEBUG, "sig size is %u\n", sigsize); + return sigsize; +} + +/* + * Copies the certificate from the ESL into cert buffer. + */ +static int get_esl_cert(char *buf, char **cert) +{ + int sig_data_offset; + int size; + EFI_SIGNATURE_LIST list; + + memset(&list, 0, sizeof(EFI_SIGNATURE_LIST)); + memcpy(&list, buf, sizeof(EFI_SIGNATURE_LIST)); + + prlog(PR_DEBUG,"size of signature list size is %u\n", le32_to_cpu(list.SignatureListSize)); + prlog(PR_DEBUG, "size of signature header size is %u\n", le32_to_cpu(list.SignatureHeaderSize)); + prlog(PR_DEBUG, "size of signature size is %u\n", le32_to_cpu(list.SignatureSize)); + sig_data_offset = sizeof(list.SignatureType) + + sizeof(list.SignatureListSize) + + sizeof(list.SignatureHeaderSize) + + sizeof(list.SignatureSize) + + le32_to_cpu(list.SignatureHeaderSize) + + 16 * sizeof(uint8_t); + + size = le32_to_cpu(list.SignatureSize) - sizeof(uuid_t); + + memcpy(*cert, buf + sig_data_offset, size); + + return size; +} + +/* + * Extracts size of the PKCS7 signed data embedded in the + * struct Authentication 2 Descriptor Header. + */ +static int get_pkcs7_len(struct efi_variable_authentication_2 *auth) +{ + uint32_t dw_length = le32_to_cpu(auth->auth_info.hdr.dw_length); + int size; + + size = dw_length - (sizeof(auth->auth_info.hdr.dw_length) + + sizeof(auth->auth_info.hdr.w_revision) + + sizeof(auth->auth_info.hdr.w_certificate_type) + + sizeof(auth->auth_info.cert_type)); + + return size; +} + +/* + * Return the timestamp from the Authentication 2 Descriptor. + */ +static int get_timestamp_from_auth(char *data, struct efi_time **timestamp) +{ + *timestamp = (struct efi_time *) data; + + return 0; +} + +/* + * This function outputs the Authentication 2 Descriptor in the + * auth_buffer and returns the size of the buffer. + */ +static int get_auth_descriptor2(void *data, char **auth_buffer) +{ + struct efi_variable_authentication_2 *auth = data; + uint64_t auth_buffer_size; + int len; + + if (!auth_buffer) + return OPAL_PARAMETER; + + len = get_pkcs7_len(auth); + if (len < 0) + return OPAL_NO_MEM; + + auth_buffer_size = sizeof(auth->timestamp) + sizeof(auth->auth_info.hdr) + + sizeof(auth->auth_info.cert_type) + len; + + *auth_buffer = zalloc(auth_buffer_size); + if (!(*auth_buffer)) + return OPAL_NO_MEM; + + memcpy(*auth_buffer, data, auth_buffer_size); + + return auth_buffer_size; +} + +/* Check that PK has single ESL */ +static bool is_single_pk(char *data, uint64_t data_size) +{ + char *auth_buffer = NULL; + uint64_t auth_buffer_size = 0; + char *newesl = NULL; + uint64_t new_data_size = 0; + int esllistsize; + + auth_buffer_size = get_auth_descriptor2(data, &auth_buffer); + printf("auth buffer size is %d\n", (int)auth_buffer_size); + free(auth_buffer); + if (auth_buffer_size <= 0) + return false; + + /* Calculate the size of new ESL data */ + new_data_size = data_size - auth_buffer_size; + printf("new data size is %d\n", (int)new_data_size); + + if (!new_data_size) + return true; + + newesl = zalloc(new_data_size); + memcpy(newesl, data + auth_buffer_size, new_data_size); + + esllistsize = get_esl_signature_list_size(newesl); + printf("esl list size is %d\n", esllistsize); + free(newesl); + if (new_data_size > esllistsize) + return false; + + return true; +} + +/* + * Initializes supported variables as empty if not loaded from + * storage. Variables are initialized as volatile if not found. + * Updates should clear this flag. +ec* + * Returns OPAL Error if anything fails in initialization + */ +static int edk2_compat_pre_process(void) +{ + struct secvar_node *pkvar; + struct secvar_node *kekvar; + struct secvar_node *dbvar; + struct secvar_node *dbxvar; + struct secvar_node *tsvar; + + // If we are on p9, we need to store the PK in write-lockable + // TPMNV space, as we determine our secure mode based on if this + // variable exists. + // NOTE: Activation of this behavior is subject to change in a later + // patch version, ideally the platform should be able to configure + // whether it wants this extra protection, or to instead store + // everything via the storage driver. + if (proc_gen == proc_gen_p9) + edk2_p9_load_pk(); + + pkvar = find_secvar("PK", 3, &variable_bank); + if (!pkvar) { + pkvar = alloc_secvar(0); + if (!pkvar) + return OPAL_NO_MEM; + + memcpy(pkvar->var->key, "PK", 3); + pkvar->var->key_len = 3; + pkvar->flags |= SECVAR_FLAG_VOLATILE; + list_add_tail(&variable_bank, &pkvar->link); + } + if (pkvar->var->data_size == 0) + setup_mode = true; + else + setup_mode = false; + + kekvar = find_secvar("KEK", 4, &variable_bank); + if (!kekvar) { + kekvar = alloc_secvar(0); + if (!kekvar) + return OPAL_NO_MEM; + + memcpy(kekvar->var->key, "KEK", 4); + kekvar->var->key_len = 4; + kekvar->flags |= SECVAR_FLAG_VOLATILE; + list_add_tail(&variable_bank, &kekvar->link); + } + + dbvar = find_secvar("db", 3, &variable_bank); + if (!dbvar) { + dbvar = alloc_secvar(0); + if (!dbvar) + return OPAL_NO_MEM; + + memcpy(dbvar->var->key, "db", 3); + dbvar->var->key_len = 3; + dbvar->flags |= SECVAR_FLAG_VOLATILE; + list_add_tail(&variable_bank, &dbvar->link); + } + + dbxvar = find_secvar("dbx", 4, &variable_bank); + if (!dbxvar) { + dbxvar = alloc_secvar(0); + if (!dbxvar) + return OPAL_NO_MEM; + + memcpy(dbxvar->var->key, "dbx", 4); + dbxvar->var->key_len = 4; + dbxvar->flags |= SECVAR_FLAG_VOLATILE; + list_add_tail(&variable_bank, &dbxvar->link); + } + + tsvar = find_secvar("TS", 3, &variable_bank); + // Should only ever happen on first boot + if (!tsvar) { + tsvar = alloc_secvar(sizeof(struct efi_time) * 4); + if (!tsvar) + return OPAL_NO_MEM; + + memcpy(tsvar->var->key, "TS", 3); + tsvar->var->key_len = 3; + tsvar->var->data_size = sizeof(struct efi_time) * 4; + memset(tsvar->var->data, 0, tsvar->var->data_size); + //tsvar->flags |= SECVAR_FLAG_VOLATILE; + list_add_tail(&variable_bank, &tsvar->link); + } + + return OPAL_SUCCESS; +}; + +/** + * Returns true if we are in Setup Mode + * + * Setup Mode is active if we have no PK. + * Otherwise, we are in user mode. + */ +/** +static int is_setup_mode(void) +{ + struct secvar_node *setup; + + setup = find_secvar((char *)"PK", 3, &variable_bank); + + // Not sure why this wouldn't exist + if (!setup) + return 1; + + return !setup->var->data_size; +} +**/ + +/** + * Update the variable with the new value. + */ +static int add_to_variable_bank(struct secvar *secvar, void *data, uint64_t dsize) +{ + struct secvar_node *node; + + node = find_secvar(secvar->key, secvar->key_len, &variable_bank); + if (!node) + return OPAL_INTERNAL_ERROR; + + // Expand the secvar allocated memory if needed + if (node->size < dsize) + if (realloc_secvar(node, dsize)) + return OPAL_NO_MEM; + + node->var->data_size = dsize; + memcpy(node->var->data, data, dsize); + node->flags &= ~SECVAR_FLAG_VOLATILE; // Clear the volatile bit when updated + + return 0; +} + +static struct efi_time *get_last_timestamp(char *key) +{ + struct secvar_node *node; + struct efi_time *prev; + char *timestamp_list; + u8 off; + + node = find_secvar("TS", 3, &variable_bank); + if (!strncmp(key, "PK", 3)) + off = 0; + else if (!strncmp(key, "KEK", 4)) + off = 1; + else if (!strncmp(key, "db", 3)) + off = 2; + else if (!strncmp(key, "dbx", 4)) + off = 3; + else + return NULL; // unexpected variable name? + + timestamp_list = node->var->data; + if (!timestamp_list) + return NULL; + + prev = (struct efi_time *) (timestamp_list + (off * sizeof(struct efi_time))); + + return prev; +} + +// Update the TS variable with the new timestamp +static int update_timestamp(char *key, struct efi_time *timestamp) +{ + struct efi_time *prev; + + prev = get_last_timestamp(key); + if (prev == NULL) + return OPAL_PARAMETER; + + memcpy(prev, timestamp, sizeof(struct efi_time)); + + printf("updated prev year is %d month %d day %d\n", le16_to_cpu(prev->year), prev->month, prev->day); +// add_to_variable_bank(node->var, timestamp_list, node->var->data_size); + + return OPAL_SUCCESS; +} + +static int check_timestamp(char *key, struct efi_time *timestamp) +{ + struct efi_time *prev; + char *current = NULL; + char *last =NULL; + int s1 = 0; + + prev = get_last_timestamp(key); + if (prev == NULL) + return OPAL_PARAMETER; + + printf("timestamp year is %d month %d day %d\n", le16_to_cpu(timestamp->year), timestamp->month, timestamp->day); + printf("prev year is %d month %d day %d\n", le16_to_cpu(prev->year), prev->month, prev->day); + if (le16_to_cpu(timestamp->year) > le16_to_cpu(prev->year)) + return OPAL_SUCCESS; + if (le16_to_cpu(timestamp->year) < le16_to_cpu(prev->year)) + return OPAL_PERMISSION; + + current = &(timestamp->month); + last = &(prev->month); + + s1 = memcmp(current, last, 5); + if (s1 <= 0) { + printf("s1 is %d\n", s1); + return OPAL_PERMISSION; + } + + return OPAL_SUCCESS; +} + +/* + * Verify the PKCS7 signature on the signed data. + */ +static int verify_signature(void *auth_buffer, char *newcert, + uint64_t new_data_size, struct secvar *avar) +{ + struct efi_variable_authentication_2 *auth; + mbedtls_pkcs7 *pkcs7; + mbedtls_x509_crt x509; + char *checkpkcs7cert; + char *signing_cert = NULL; + char *x509_buf; + int len; + int signing_cert_size; + int rc; + char *errbuf; + int eslvarsize; + int offset = 0; + + auth = auth_buffer; + len = get_pkcs7_len(auth); + pkcs7 = malloc(sizeof(struct mbedtls_pkcs7)); + mbedtls_pkcs7_init(pkcs7); + + rc = mbedtls_pkcs7_parse_der( + (const unsigned char *)auth->auth_info.cert_data, + (const unsigned int)len, pkcs7); + if (rc) { + prlog(PR_ERR, "Parsing pkcs7 failed %04x\n", rc); + goto pkcs7out; + } + + checkpkcs7cert = zalloc(2048); + mbedtls_x509_crt_info(checkpkcs7cert, 2048, "CRT:", &(pkcs7->signed_data.certs)); + prlog(PR_DEBUG, "%s \n", checkpkcs7cert); + free(checkpkcs7cert); + + prlog(PR_INFO, "Load the signing certificate from the keystore"); + + eslvarsize = avar->data_size; + + while (eslvarsize > 0) { + prlog(PR_DEBUG, "esl var size size is %d offset is %d\n", eslvarsize, offset); + if (eslvarsize < sizeof(EFI_SIGNATURE_LIST)) + break; + + signing_cert_size = get_esl_cert_size(avar->data + offset); + if (!signing_cert_size) { + rc = OPAL_PERMISSION; + break; + } + + signing_cert = zalloc(signing_cert_size); + get_esl_cert(avar->data + offset, &signing_cert); + + mbedtls_x509_crt_init(&x509); + rc = mbedtls_x509_crt_parse(&x509, signing_cert, signing_cert_size); + + /* If failure in parsing the certificate, try next */ + if(rc) { + prlog(PR_INFO, "X509 certificate parsing failed %04x\n", rc); + goto next; + } + + x509_buf = zalloc(2048); + mbedtls_x509_crt_info(x509_buf, 2048, "CRT:", &x509); + prlog(PR_INFO, "%s \n", x509_buf); + free(x509_buf); + rc = mbedtls_pkcs7_signed_data_verify(pkcs7, &x509, newcert, new_data_size); + + /* If find a signing certificate, you are done */ + if (rc == 0) { + if (signing_cert) + free(signing_cert); + mbedtls_x509_crt_free(&x509); + prlog(PR_INFO, "Signature Verification passed\n"); + break; + } + + errbuf = zalloc(1024); + mbedtls_strerror(rc, errbuf, 1024); + prlog(PR_INFO, "Signature Verification failed %02x %s\n", rc, errbuf); + free(errbuf); + +next: + offset += get_esl_signature_list_size(avar->data + offset); + eslvarsize = eslvarsize - offset; + mbedtls_x509_crt_free(&x509); + if (signing_cert) + free(signing_cert); + + } + +pkcs7out: + mbedtls_pkcs7_free(pkcs7); + free(pkcs7); + + return rc; +} + + +/** + * Create the single buffer + * name || vendor guid || attributes || timestamp || newcontent + * which is submitted as signed by the user. + */ +static int get_data_to_verify(char *key, char *new_data, + uint64_t new_data_size, + char **buffer, + uint64_t *buffer_size, struct efi_time *timestamp) +{ + le32 attr = cpu_to_le32(SECVAR_ATTRIBUTES); + int size = 0; + int varlen; + char *wkey; + uuid_t guid; + + if (key_equals(key, "PK") + || key_equals(key, "KEK")) + guid = EFI_GLOBAL_VARIABLE_GUID; + + if (key_equals(key, "db") + || key_equals(key, "dbx")) + guid = EFI_IMAGE_SECURITY_DATABASE_GUID; + + // Convert utf8 name to ucs2 width + varlen = strlen(key) * 2; + wkey = utf8_to_ucs2(key, strlen(key)); + + // Prepare the single buffer + *buffer_size = varlen + UUID_SIZE + sizeof(attr) + + sizeof(struct efi_time) + new_data_size; + *buffer = zalloc(*buffer_size); + + memcpy(*buffer + size, wkey, varlen); + size = size + varlen; + memcpy(*buffer + size, &guid, sizeof(guid)); + size = size + sizeof(guid); + memcpy(*buffer + size, &attr, sizeof(attr)); + size = size + sizeof(attr); + memcpy(*buffer + size, timestamp , sizeof(struct efi_time)); + size = size + sizeof(struct efi_time); + + memcpy(*buffer + size, new_data, new_data_size); + size = size + new_data_size; + + free(wkey); + + return 0; +} + +static int edk2_compat_process(void) +{ + char *auth_buffer = NULL; + uint64_t auth_buffer_size = 0; + struct efi_time *timestamp = NULL; + const char *key_authority[3]; + char *newesl = NULL; + uint64_t new_data_size = 0; + char *tbhbuffer = NULL; + uint64_t tbhbuffersize = 0; + struct secvar_node *anode = NULL; + struct secvar_node *node = NULL; + int rc = 0; + int pk_updated = 0; + int i; + + //setup_mode = is_setup_mode(); + prlog(PR_INFO, "Setup mode = %d\n", setup_mode); + + /* Loop through each command in the update bank. + * If any command fails, it just loops out of the update bank. + * It should also clear the update bank. + */ + list_for_each(&update_bank, node, link) { + + /* Submitted data is auth_2 descriptor + new ESL data + * Extract the auth_2 2 descriptor + */ + printf("setup mode is %d\n", setup_mode); + prlog(PR_INFO, "update for %s\n", node->var->key); + auth_buffer_size = get_auth_descriptor2(node->var->data, &auth_buffer); + if (auth_buffer_size <= 0) + return OPAL_PARAMETER; + + if (node->var->data_size < auth_buffer_size) { + rc = OPAL_PARAMETER; + goto out; + } + + rc = get_timestamp_from_auth(auth_buffer, ×tamp); + if (rc < 0) + goto out; + + rc = check_timestamp(node->var->key, timestamp); + if (rc) + goto out; + + /* Calculate the size of new ESL data */ + new_data_size = node->var->data_size - auth_buffer_size; + newesl = zalloc(new_data_size); + memcpy(newesl, node->var->data + auth_buffer_size, new_data_size); + + if (!setup_mode) { + /* Prepare the data to be verified */ + rc = get_data_to_verify(node->var->key, newesl, + new_data_size, &tbhbuffer, + &tbhbuffersize, timestamp); + + /* Get the authority to verify the signature */ + get_key_authority(key_authority, node->var->key); + i = 0; + + /* Try for all the authorities that are allowed to sign. + * For eg. db/dbx can be signed by both PK or KEK + */ + while (key_authority[i] != NULL) { + prlog(PR_DEBUG, "key is %s\n", node->var->key); + prlog(PR_DEBUG, "key authority is %s\n", key_authority[i]); + anode = find_secvar(key_authority[i], strlen(key_authority[i]) + 1, + &variable_bank); + if (!anode) { + rc = OPAL_PERMISSION; + goto out; + } + if (anode->var->data_size == 0) { + rc = OPAL_PERMISSION; + goto out; + } + + /* Verify the signature */ + rc = verify_signature(auth_buffer, tbhbuffer, + tbhbuffersize, anode->var); + + /* Break if signature verification is successful */ + if (!rc) + break; + i++; + } + } + + if (rc) + goto out; + + /* + * If reached here means, signature is verified so update the + * value in the variable bank + */ + add_to_variable_bank(node->var, newesl, new_data_size); + // Update the TS variable with the new timestamp + update_timestamp(node->var->key, timestamp); + + /* If the PK is updated, update the secure boot state of the + * system at the end of processing */ + if (key_equals(node->var->key, "PK")) { + pk_updated = 1; + if(new_data_size == 0) + setup_mode = true; + else + setup_mode = false; + printf("setup mode is %d\n", setup_mode); + } + } + + if (pk_updated) { + // Store the updated pk in TPMNV on p9 + if (proc_gen == proc_gen_p9) { + rc = edk2_p9_write_pk(); + prlog(PR_INFO, "edk2_p9_write rc=%d\n", rc); + } + } + +out: + if (auth_buffer) + free(auth_buffer); + if (newesl) + free(newesl); + if (tbhbuffer) + free(tbhbuffer); + + clear_bank_list(&update_bank); + + return rc; +} + +static int edk2_compat_post_process(void) +{ + printf("setup mode is %d\n", setup_mode); + if (!setup_mode) { + secvar_set_secure_mode(); + prlog(PR_INFO, "Enforcing OS secure mode\n"); + } + + return 0; +} + +static bool is_pkcs7_sig_format(void *data) +{ + struct efi_variable_authentication_2 *auth = data; + uuid_t pkcs7_guid = EFI_CERT_TYPE_PKCS7_GUID; + + if(!(memcmp(&auth->auth_info.cert_type, &pkcs7_guid, 16) == 0)) + return false; + + return true; +} + +static int edk2_compat_validate(struct secvar *var) +{ + + /* + * Checks if the update is for supported + * Non-volatile secure variales + */ + if (!key_equals(var->key, "PK") + && !key_equals(var->key, "KEK") + && !key_equals(var->key, "db") + && !key_equals(var->key, "dbx")) + return -1; + + /* + * PK update should contain single ESL. + */ + //Not sure if we need to restrict it but, am adding as of now. + //Feel free to remove it if you don't it as good idea + if (key_equals(var->key, "PK")) { + printf("check if single PK\n"); + if (!is_single_pk(var->data, var->data_size)) { + printf("not single pk\n"); + return -1; + } + } + + /* + * Check that signature type is PKCS7 + */ + if (!is_pkcs7_sig_format(var->data)) + return -1; + //Some more checks needs to be added: + // - check guid + // - check auth struct + // - possibly check signature? can't add but can validate + + return 0; +}; + +struct secvar_backend_driver edk2_compatible_v1 = { + .pre_process = edk2_compat_pre_process, + .process = edk2_compat_process, + .post_process = edk2_compat_post_process, + .validate = edk2_compat_validate, + .compatible = "ibm,edk2-compat-v1", +}; diff --git a/libstb/secvar/backend/edk2.h b/libstb/secvar/backend/edk2.h new file mode 100644 index 00000000..29874ef7 --- /dev/null +++ b/libstb/secvar/backend/edk2.h @@ -0,0 +1,243 @@ +/* Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved. This + * program and the accompanying materials are licensed and made available + * under the terms and conditions of the 2-Clause BSD License which + * accompanies this distribution. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * This file is derived from the following files referred from edk2-staging[1] repo + * of tianocore + * + * MdePkg/Include/Guid/GlobalVariable.h + * MdePkg/Include/Guid/WinCertificate.h + * MdePkg/Include/Uefi/UefiMultiPhase.h + * MdePkg/Include/Uefi/UefiBaseType.h + * MdePkg/Include/Guid/ImageAuthentication.h + * + * [1] https://github.com/tianocore/edk2-staging + * + * Copyright 2019 IBM Corp. + */ + +#ifndef __EDK2_H__ +#define __EDK2_H__ + +#define UUID_SIZE 16 + +typedef struct { + u8 b[UUID_SIZE]; +} uuid_t; + +#define EFI_GLOBAL_VARIABLE_GUID (uuid_t){{0x61, 0xDF, 0xe4, 0x8b, 0xca, 0x93, 0xd2, 0x11, 0xaa, \ + 0x0d, 0x00, 0xe0, 0x98, 0x03, 0x2b, 0x8c}} + +#define EFI_IMAGE_SECURITY_DATABASE_GUID (uuid_t){{0xcb, 0xb2, 0x19, 0xd7, 0x3a, 0x3d, 0x96, 0x45, \ + 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f}} + +#define SECVAR_ATTRIBUTES 39 + +/// +/// This identifies a signature based on an X.509 certificate. If the signature is an X.509 +/// certificate then verification of the signature of an image should validate the public +/// key certificate in the image using certificate path verification, up to this X.509 +/// certificate as a trusted root. The SignatureHeader size shall always be 0. The +/// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + +/// the size of the certificate itself. +/// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST. +/// + +#define EFI_CERT_RSA2048_GUID \ + (UUID_INIT) (0x3c5766e8, 0x269c, 0x4e34, 0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6) + +#define EFI_CERT_TYPE_PKCS7_GUID (uuid_t){{0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, \ + 0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7}} + +#define EFI_VARIABLE_NON_VOLATILE 0x00000001 +#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 +#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 + +/* + * Attributes of Authenticated Variable + */ +#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020 +#define EFI_VARIABLE_APPEND_WRITE 0x00000040 +/* + * NOTE: EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and should be + * considered reserved. + */ +#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 + +/* + * win_certificate.w_certificate_type + */ +#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 + +#define SECURE_BOOT_MODE_ENABLE 1 +#define SECURE_BOOT_MODE_DISABLE 0 +/// +/// Depricated value definition for SetupMode variable +/// +#define SETUP_MODE 1 +#define USER_MODE 0 + +/* + * EFI Time Abstraction: + * Year: 1900 - 9999 + * Month: 1 - 12 + * Day: 1 - 31 + * Hour: 0 - 23 + * Minute: 0 - 59 + * Second: 0 - 59 + * Nanosecond: 0 - 999,999,999 + * TimeZone: -1440 to 1440 or 2047 + */ +struct efi_time { + u16 year; + u8 month; + u8 day; + u8 hour; + u8 minute; + u8 second; + u8 pad1; + u32 nanosecond; + s16 timezone; + u8 daylight; + u8 pad2; +}; +//*********************************************************************** +// Signature Database +//*********************************************************************** +/// +/// The format of a signature database. +/// +#pragma pack(1) + +typedef struct { + /// + /// An identifier which identifies the agent which added the signature to the list. + /// + uuid_t SignatureOwner; + /// + /// The format of the signature is defined by the SignatureType. + /// + unsigned char SignatureData[0]; +} EFI_SIGNATURE_DATA; + +typedef struct { + /// + /// Type of the signature. GUID signature types are defined in below. + /// + uuid_t SignatureType; + /// + /// Total size of the signature list, including this header. + /// + uint32_t SignatureListSize; + /// + /// Size of the signature header which precedes the array of signatures. + /// + uint32_t SignatureHeaderSize; + /// + /// Size of each signature. + /// + uint32_t SignatureSize; + /// + /// Header before the array of signatures. The format of this header is specified + /// by the SignatureType. + /// UINT8 SignatureHeader[SignatureHeaderSize]; + /// + /// An array of signatures. Each signature is SignatureSize bytes in length. + /// EFI_SIGNATURE_DATA Signatures[][SignatureSize]; + /// +} EFI_SIGNATURE_LIST; + + +/* + * The win_certificate structure is part of the PE/COFF specification. + */ +struct win_certificate { + /* + * The length of the entire certificate, including the length of the + * header, in bytes. + */ + u32 dw_length; + /* + * The revision level of the WIN_CERTIFICATE structure. The current + * revision level is 0x0200. + */ + u16 w_revision; + /* + * The certificate type. See WIN_CERT_TYPE_xxx for the UEFI certificate + * types. The UEFI specification reserves the range of certificate type + * values from 0x0EF0 to 0x0EFF. + */ + u16 w_certificate_type; + /* + * The following is the actual certificate. The format of + * the certificate depends on wCertificateType. + */ + /// UINT8 bCertificate[ANYSIZE_ARRAY]; +}; + +/* + * Certificate which encapsulates a GUID-specific digital signature + */ +struct win_certificate_uefi_guid { + /* + * This is the standard win_certificate header, where w_certificate_type + * is set to WIN_CERT_TYPE_EFI_GUID. + */ + struct win_certificate hdr; + /* + * This is the unique id which determines the format of the cert_data. + */ + uuid_t cert_type; + /* + * The following is the certificate data. The format of the data is + * determined by the @cert_type. If @cert_type is + * EFI_CERT_TYPE_RSA2048_SHA256_GUID, the @cert_data will be + * EFI_CERT_BLOCK_RSA_2048_SHA256 structure. + */ + u8 cert_data[1]; +}; +/* + * When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is set, + * then the Data buffer shall begin with an instance of a complete (and + * serialized) EFI_VARIABLE_AUTHENTICATION_2 descriptor. The descriptor shall be + * followed by the new variable value and DataSize shall reflect the combined + * size of the descriptor and the new variable value. The authentication + * descriptor is not part of the variable data and is not returned by subsequent + * calls to GetVariable(). + */ +struct efi_variable_authentication_2 { + /* + * For the TimeStamp value, components Pad1, Nanosecond, TimeZone, Daylight and + * Pad2 shall be set to 0. This means that the time shall always be expressed in GMT. + */ + struct efi_time timestamp; + /* + * Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted. + */ + struct win_certificate_uefi_guid auth_info; +}; + +#endif From patchwork Mon Jan 20 02:36:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225605 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481GBp5lKbz9sPJ for ; Mon, 20 Jan 2020 13:41:22 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481GBp3X8gzDqYq for ; Mon, 20 Jan 2020 13:41:22 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G6B5j6LzDqY4 for ; Mon, 20 Jan 2020 13:37:22 +1100 (AEDT) Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2WpAF122719 for ; Sun, 19 Jan 2020 21:37:20 -0500 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0b-001b2d01.pphosted.com with ESMTP id 2xmfy08act-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:19 -0500 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:17 -0000 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:15 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2bDBK60096764 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:37:13 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CC8B94C046; Mon, 20 Jan 2020 02:37:13 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E95134C04A; Mon, 20 Jan 2020 02:37:12 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:12 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:36:58 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0012-0000-0000-0000037EDFB8 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0013-0000-0000-000021BB1B09 Message-Id: <20200120023700.5373-11-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 phishscore=0 spamscore=0 adultscore=0 bulkscore=0 impostorscore=0 clxscore=1015 mlxlogscore=999 suspectscore=4 priorityscore=1501 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 10/12] secvar/test: add edk2-compat driver test and test data X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This patch contains a set of tests to exercise the edk2 driver using actual properly (and in some cases, improperly) signed binary data. Due to the excessive size of the binary data included in the header files, this test was split into its own patch. Co-developed-by: Nayna Jain Signed-off-by: Nayna Jain Signed-off-by: Eric Richter --- libstb/secvar/test/Makefile.check | 6 +- libstb/secvar/test/data/KEK.h | 170 +++++ libstb/secvar/test/data/PK1.h | 170 +++++ libstb/secvar/test/data/edk2_test_data.h | 764 +++++++++++++++++++ libstb/secvar/test/data/multipleDB.h | 246 ++++++ libstb/secvar/test/data/multipleKEK.h | 236 ++++++ libstb/secvar/test/data/multiplePK.h | 236 ++++++ libstb/secvar/test/data/noPK.h | 102 +++ libstb/secvar/test/secvar-test-edk2-compat.c | 394 ++++++++++ libstb/secvar/test/secvar_common_test.c | 2 + 10 files changed, 2324 insertions(+), 2 deletions(-) create mode 100644 libstb/secvar/test/data/KEK.h create mode 100644 libstb/secvar/test/data/PK1.h create mode 100644 libstb/secvar/test/data/edk2_test_data.h create mode 100644 libstb/secvar/test/data/multipleDB.h create mode 100644 libstb/secvar/test/data/multipleKEK.h create mode 100644 libstb/secvar/test/data/multiplePK.h create mode 100644 libstb/secvar/test/data/noPK.h create mode 100644 libstb/secvar/test/secvar-test-edk2-compat.c diff --git a/libstb/secvar/test/Makefile.check b/libstb/secvar/test/Makefile.check index b704a071..8d1b98d6 100644 --- a/libstb/secvar/test/Makefile.check +++ b/libstb/secvar/test/Makefile.check @@ -29,13 +29,15 @@ $(SECVAR_TEST:%=%-check) : %-check: % $(call QTEST, RUN-TEST ,$(VALGRIND) $<, $<) @$(RM) -f secboot.img +HOSTMBEDFLAGS += -lmbedcrypto -lmbedx509 + $(SECVAR_TEST) : core/test/stubs.o $(SECVAR_TEST) : % : %.c - $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) -O0 -g -I include -I . -I libfdt -o $@ $< core/test/stubs.o, $<) + $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) $(HOSTMBEDFLAGS) -O0 -g -I include -I . -I libfdt -o $@ $< core/test/stubs.o, $<) $(SECVAR_TEST:%=%-gcov): %-gcov : %.c % - $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) $(HOSTGCOVCFLAGS) -I include -I . -I libfdt -lgcov -o $@ $< core/test/stubs.o, $<) + $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) $(HOSTGCOVCFLAGS) $(HOSTMBEDFLAGS) -I include -I . -I libfdt -lgcov -o $@ $< core/test/stubs.o, $<) -include $(wildcard libstb/secvar/test/*.d) diff --git a/libstb/secvar/test/data/KEK.h b/libstb/secvar/test/data/KEK.h new file mode 100644 index 00000000..23dc3774 --- /dev/null +++ b/libstb/secvar/test/data/KEK.h @@ -0,0 +1,170 @@ +/* Good KEK */ +unsigned char KEK_auth[] = { + 0xe3, 0x07, 0x0b, 0x16, 0x0e, 0x05, 0x2b, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x91, 0x04, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, + 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, + 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x04, 0x75, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x04, 0x66, 0x30, + 0x82, 0x04, 0x62, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, + 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, + 0xa0, 0x82, 0x02, 0xf4, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, 0xd8, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, 0xbe, + 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, 0x36, + 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, 0x31, + 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, + 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, 0x2d, + 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, 0x61, + 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, 0xd3, + 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, 0xb4, + 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, 0x0d, + 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, 0x8d, + 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, 0x5f, + 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, 0xf0, + 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, 0x75, + 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, 0x91, + 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, 0xbf, + 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, 0x21, + 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, 0x41, + 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, 0x87, + 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, 0x0e, + 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, 0xac, + 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, 0x2c, + 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, 0xed, + 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, 0x8d, + 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, 0xee, + 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, 0x2a, + 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, + 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, + 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, 0x3e, + 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, 0x30, + 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, 0x37, + 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, 0x9c, + 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, 0xb1, + 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, 0x9f, + 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, 0xe5, + 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, 0xe1, + 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, 0xed, + 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, 0xd4, + 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, 0xe0, + 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, 0xcc, + 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, 0x14, + 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, 0x23, + 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, 0xe2, + 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, 0x7f, + 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, 0xfa, + 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, 0x52, + 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, 0xe7, + 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, 0xb7, + 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, 0x0c, + 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, 0x8b, + 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, 0xe7, + 0x12, 0xe1, 0x66, 0x15, 0x31, 0x82, 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, + 0x02, 0x01, 0x01, 0x30, 0x1a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x02, 0x09, 0x00, 0xec, + 0x89, 0x21, 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x04, 0x82, 0x01, 0x00, 0x32, 0x9b, 0x97, 0xe6, 0xed, 0x49, 0xc7, + 0x0d, 0xa9, 0x5d, 0xdd, 0x22, 0x62, 0xa4, 0x89, 0x11, 0x9e, 0x47, 0x94, + 0x08, 0x55, 0x7b, 0xd8, 0xd0, 0xc7, 0xbf, 0x65, 0x56, 0x9f, 0x31, 0x86, + 0x2e, 0x32, 0x52, 0x7d, 0x2d, 0x1a, 0x3b, 0xbf, 0x21, 0x87, 0xbb, 0x23, + 0xe8, 0xa9, 0xad, 0x2d, 0xa8, 0x6e, 0xea, 0x2d, 0x3a, 0x48, 0xac, 0xf4, + 0xed, 0xcf, 0x9e, 0xba, 0x8b, 0x7e, 0xcc, 0x5a, 0x13, 0x47, 0x88, 0xba, + 0x4e, 0x59, 0xc8, 0xea, 0xf2, 0x17, 0x9f, 0x64, 0x4d, 0x14, 0x73, 0xf5, + 0x49, 0xd3, 0x5e, 0x5b, 0x42, 0x23, 0x73, 0x3e, 0xf4, 0x59, 0xc6, 0x24, + 0x68, 0x53, 0x50, 0xf9, 0x97, 0x6b, 0xfe, 0xad, 0xdd, 0xa1, 0x5a, 0x4d, + 0x43, 0x86, 0xdc, 0x33, 0x22, 0xf5, 0x8e, 0xec, 0xc8, 0xc9, 0xb5, 0xd0, + 0x73, 0xa3, 0x86, 0x50, 0xc0, 0x6d, 0xd1, 0x22, 0xcc, 0xd4, 0x42, 0x58, + 0x52, 0xf6, 0x8b, 0x58, 0x3b, 0x62, 0xe7, 0x27, 0x59, 0xa8, 0xac, 0xf0, + 0x67, 0x33, 0xcf, 0xdf, 0xef, 0x26, 0xf9, 0x08, 0x0b, 0xc2, 0xd3, 0xd8, + 0xcb, 0x9e, 0x05, 0x71, 0x3f, 0x09, 0xac, 0x5d, 0x5f, 0xa9, 0x09, 0x08, + 0xaf, 0xd1, 0xe9, 0x0c, 0x64, 0x85, 0x11, 0xee, 0xc9, 0xb9, 0x7b, 0xfe, + 0x90, 0x5d, 0x5f, 0x42, 0x65, 0xfa, 0xb3, 0xce, 0xae, 0x2f, 0xdd, 0x50, + 0xb9, 0x60, 0xd8, 0x3d, 0xad, 0x39, 0xa8, 0x4f, 0x94, 0xa2, 0x16, 0xef, + 0xee, 0xa5, 0xd4, 0x07, 0xba, 0xb9, 0x00, 0xa6, 0x5c, 0xf6, 0x73, 0x82, + 0xc2, 0x4a, 0xee, 0x6d, 0xdf, 0x1d, 0xdf, 0x30, 0xf4, 0x3b, 0x06, 0x6b, + 0xb5, 0x5a, 0xf4, 0x02, 0x40, 0x15, 0x86, 0xa6, 0xad, 0x68, 0x12, 0xb8, + 0xb8, 0xdc, 0xd4, 0x8d, 0xc0, 0x28, 0x90, 0x34, 0x41, 0xed, 0xce, 0x79, + 0x00, 0x86, 0x50, 0x60, 0xd1, 0xf6, 0x57, 0xd0, 0x4d, 0xa1, 0x59, 0xc0, + 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, + 0x72, 0x22, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x03, 0x00, + 0x00, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x12, + 0x34, 0x56, 0x78, 0x9a, 0xbc, 0x30, 0x82, 0x02, 0xf2, 0x30, 0x82, 0x01, + 0xda, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xfe, 0xdd, 0x2e, + 0xec, 0xe0, 0x22, 0xdd, 0xf9, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0e, 0x31, 0x0c, + 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, 0x45, 0x4b, + 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, + 0x35, 0x36, 0x33, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, + 0x39, 0x31, 0x38, 0x35, 0x36, 0x33, 0x31, 0x5a, 0x30, 0x0e, 0x31, 0x0c, + 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, 0x45, 0x4b, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd1, 0xf8, 0xab, + 0xdb, 0xc2, 0xf5, 0x51, 0xde, 0x7b, 0x9f, 0x28, 0xff, 0xae, 0xdb, 0xa5, + 0xbf, 0x73, 0x63, 0x99, 0x5e, 0x04, 0xa5, 0x9d, 0xfd, 0xcd, 0x24, 0x2e, + 0xdd, 0x0b, 0x02, 0x88, 0xe9, 0x71, 0x7b, 0xf2, 0x89, 0x90, 0xae, 0xaf, + 0x0d, 0xa0, 0x68, 0x4d, 0x31, 0x1b, 0x30, 0xe8, 0x19, 0x2e, 0xfc, 0x33, + 0x8f, 0xee, 0x6d, 0x2a, 0x0a, 0x09, 0x42, 0x34, 0xc1, 0x40, 0xa8, 0xe8, + 0xb6, 0xc7, 0x92, 0x5d, 0xa5, 0x96, 0x14, 0xd7, 0xaf, 0x8c, 0x71, 0x6b, + 0x4e, 0x7d, 0x6e, 0xfa, 0x73, 0x1c, 0x40, 0x4c, 0x05, 0x9e, 0xfa, 0xb2, + 0x4c, 0x8c, 0xcb, 0x9d, 0xe2, 0xa9, 0x04, 0x01, 0x91, 0x5b, 0xbf, 0xff, + 0x85, 0x54, 0x2a, 0x65, 0x96, 0x84, 0x6f, 0xfa, 0x99, 0x1c, 0x9e, 0xe0, + 0x77, 0x68, 0x4d, 0x58, 0x2a, 0xc7, 0xc0, 0x8f, 0x71, 0x5a, 0x8f, 0xa9, + 0xff, 0x44, 0xed, 0xf7, 0xe4, 0x47, 0xd8, 0x4c, 0x9c, 0xf4, 0x78, 0xa0, + 0xb3, 0x37, 0xaf, 0x43, 0x0b, 0x03, 0x6f, 0xe4, 0xe1, 0x2d, 0x52, 0x0b, + 0x4b, 0x62, 0xc6, 0x2f, 0xe3, 0xfc, 0x32, 0xf2, 0xe2, 0x11, 0x1c, 0xac, + 0xdf, 0x5a, 0xe8, 0xdd, 0x55, 0x65, 0xa4, 0x6f, 0x61, 0xb7, 0x0f, 0x1c, + 0xc6, 0x08, 0x2a, 0xaf, 0x5d, 0x36, 0x50, 0x06, 0x7b, 0x49, 0xa0, 0x8b, + 0x1c, 0x93, 0xdc, 0x72, 0x69, 0x7b, 0xf1, 0xcc, 0xee, 0xa4, 0xe8, 0xd0, + 0x7b, 0x5f, 0x61, 0xbc, 0xbe, 0x20, 0xfb, 0x0b, 0xaa, 0x54, 0xf6, 0xe0, + 0x13, 0xad, 0xe8, 0x96, 0x53, 0x6a, 0xa9, 0x4b, 0xa1, 0xcf, 0x56, 0x10, + 0xbc, 0x2a, 0x09, 0xc9, 0x0a, 0xcc, 0x8d, 0x20, 0xdd, 0x4d, 0x14, 0xc7, + 0x08, 0xab, 0xc1, 0xc3, 0xaf, 0x0b, 0x35, 0x40, 0x57, 0x34, 0x97, 0x3b, + 0xa2, 0x2d, 0xa3, 0x46, 0xc1, 0x30, 0x14, 0x88, 0xa8, 0x74, 0x79, 0xdd, + 0xb1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd7, 0x75, 0xfc, + 0xed, 0xb7, 0xc8, 0xb5, 0xf8, 0x7d, 0x28, 0xc5, 0x13, 0x34, 0xcd, 0x0b, + 0xbe, 0x57, 0x0d, 0x94, 0xa8, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xd7, 0x75, 0xfc, 0xed, 0xb7, 0xc8, + 0xb5, 0xf8, 0x7d, 0x28, 0xc5, 0x13, 0x34, 0xcd, 0x0b, 0xbe, 0x57, 0x0d, + 0x94, 0xa8, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, + 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0x58, 0xd2, 0x25, 0xa3, 0xe6, 0xaa, 0xb9, 0x56, 0x67, + 0xc3, 0xa6, 0x4b, 0x88, 0x99, 0xfe, 0xde, 0xc6, 0x16, 0x4c, 0x43, 0x1b, + 0xb8, 0xea, 0xe3, 0x77, 0xc4, 0xe4, 0x66, 0x15, 0x9f, 0x92, 0x6d, 0xe3, + 0x7f, 0x3c, 0xac, 0x88, 0x8b, 0xb9, 0xc5, 0x5c, 0x39, 0x4f, 0x02, 0x75, + 0x5a, 0x3d, 0xc5, 0xaf, 0xad, 0x8f, 0x32, 0xd4, 0x5a, 0x44, 0xc8, 0xcb, + 0x1f, 0x40, 0xa1, 0x44, 0xef, 0xa8, 0x2a, 0xa4, 0x0d, 0x7a, 0x25, 0xe1, + 0x6c, 0x09, 0x4b, 0x96, 0x6a, 0x73, 0x0f, 0xe0, 0x9b, 0x0e, 0x26, 0xff, + 0x61, 0x96, 0xc4, 0xb6, 0x10, 0xe1, 0x90, 0x36, 0xfd, 0x96, 0xb5, 0x90, + 0xb0, 0x76, 0xed, 0xc2, 0x17, 0xc0, 0xfe, 0xd4, 0x38, 0xff, 0x7f, 0xc3, + 0xa0, 0x88, 0x60, 0xe8, 0x27, 0x10, 0x34, 0x35, 0x93, 0x59, 0xcb, 0x12, + 0xe5, 0x25, 0xaf, 0x2d, 0x1d, 0x7d, 0x3f, 0x16, 0x95, 0x71, 0x57, 0x8e, + 0x3f, 0xc2, 0xad, 0x8e, 0xc4, 0x0e, 0xe1, 0xed, 0x46, 0xf9, 0xd7, 0x07, + 0x85, 0xb3, 0x05, 0xbe, 0xf1, 0x4c, 0xba, 0xf1, 0x34, 0xe5, 0xd5, 0x26, + 0x9b, 0x6c, 0x15, 0x9e, 0x35, 0xa2, 0xd5, 0x81, 0x09, 0x36, 0x05, 0xa6, + 0x99, 0x1f, 0xa2, 0x17, 0x35, 0x3a, 0x38, 0x18, 0x52, 0x44, 0xcf, 0x22, + 0xb3, 0x69, 0xba, 0x07, 0x74, 0x48, 0x1c, 0x8e, 0x4c, 0xa7, 0xb0, 0xc2, + 0x65, 0x6c, 0x1d, 0x30, 0xe2, 0x82, 0xc2, 0x35, 0x60, 0x25, 0xf2, 0xb1, + 0x05, 0x18, 0x0a, 0x73, 0x87, 0x27, 0xee, 0x6e, 0xc2, 0x5f, 0xff, 0xd8, + 0xfc, 0x77, 0x06, 0x2e, 0x3d, 0x4f, 0xa1, 0x14, 0x04, 0x5d, 0xae, 0x38, + 0x28, 0xf9, 0x3d, 0x82, 0x5f, 0xc6, 0xd0, 0x31, 0x21, 0x88, 0xda, 0x7f, + 0x78, 0xe3, 0xb7, 0xed, 0x52, 0x37, 0xf4, 0x29, 0x08, 0x88, 0x50, 0x54, + 0x56, 0x67, 0xc0, 0xe1, 0xf4, 0xe7, 0xcf, +}; +unsigned int KEK_auth_len = 1987; diff --git a/libstb/secvar/test/data/PK1.h b/libstb/secvar/test/data/PK1.h new file mode 100644 index 00000000..b85ef13c --- /dev/null +++ b/libstb/secvar/test/data/PK1.h @@ -0,0 +1,170 @@ +/* Validly signed PK generated at 2019 12-13 23:32:28 */ +unsigned char PK1_auth[] = { + 0xe3, 0x07, 0x0c, 0x0d, 0x17, 0x20, 0x1c, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x91, 0x04, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, + 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, + 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x04, 0x75, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x04, 0x66, 0x30, + 0x82, 0x04, 0x62, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, + 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, + 0xa0, 0x82, 0x02, 0xf4, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, 0xd8, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, 0xbe, + 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, 0x36, + 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, 0x31, + 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, + 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, 0x2d, + 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, 0x61, + 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, 0xd3, + 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, 0xb4, + 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, 0x0d, + 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, 0x8d, + 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, 0x5f, + 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, 0xf0, + 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, 0x75, + 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, 0x91, + 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, 0xbf, + 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, 0x21, + 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, 0x41, + 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, 0x87, + 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, 0x0e, + 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, 0xac, + 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, 0x2c, + 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, 0xed, + 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, 0x8d, + 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, 0xee, + 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, 0x2a, + 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, + 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, + 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, 0x3e, + 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, 0x30, + 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, 0x37, + 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, 0x9c, + 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, 0xb1, + 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, 0x9f, + 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, 0xe5, + 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, 0xe1, + 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, 0xed, + 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, 0xd4, + 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, 0xe0, + 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, 0xcc, + 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, 0x14, + 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, 0x23, + 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, 0xe2, + 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, 0x7f, + 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, 0xfa, + 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, 0x52, + 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, 0xe7, + 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, 0xb7, + 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, 0x0c, + 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, 0x8b, + 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, 0xe7, + 0x12, 0xe1, 0x66, 0x15, 0x31, 0x82, 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, + 0x02, 0x01, 0x01, 0x30, 0x1a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x02, 0x09, 0x00, 0xec, + 0x89, 0x21, 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x04, 0x82, 0x01, 0x00, 0x5a, 0x80, 0x8f, 0x41, 0xa7, 0xad, 0xdb, + 0x5b, 0xe1, 0xd8, 0x9e, 0xe7, 0x53, 0x79, 0x26, 0xf0, 0x37, 0xde, 0x18, + 0xbe, 0x9c, 0xe0, 0x10, 0x3f, 0x63, 0xad, 0x27, 0xfd, 0x56, 0x5a, 0xff, + 0xf9, 0xd0, 0x8c, 0x90, 0x65, 0x28, 0x9d, 0xcf, 0x4d, 0xf1, 0x83, 0x19, + 0x54, 0x70, 0xf0, 0x06, 0x22, 0x6d, 0xc5, 0xeb, 0xc2, 0x50, 0x67, 0x7f, + 0x2a, 0x58, 0xf8, 0xca, 0xe7, 0x1d, 0xc4, 0xb2, 0x3d, 0x51, 0x65, 0x68, + 0x7f, 0x0f, 0x20, 0xab, 0x89, 0xa0, 0x68, 0x67, 0xf7, 0xe4, 0x78, 0xcd, + 0x3a, 0xf5, 0x2a, 0xe1, 0xb5, 0x82, 0x69, 0x17, 0x5c, 0x00, 0xcd, 0x61, + 0xf4, 0xe8, 0x13, 0xf3, 0xf8, 0x80, 0xa6, 0xac, 0x75, 0xde, 0x69, 0x18, + 0xb2, 0x98, 0x57, 0x2d, 0xbf, 0x7f, 0xe0, 0xcf, 0xc3, 0x82, 0x19, 0x89, + 0x4b, 0x56, 0x0e, 0xfe, 0xa6, 0x56, 0x56, 0x14, 0xb8, 0xf2, 0xf7, 0xe1, + 0xd9, 0xc7, 0x7c, 0x1c, 0x0f, 0xe7, 0x2a, 0xa5, 0x22, 0x97, 0xfc, 0x10, + 0x38, 0xab, 0x08, 0x2a, 0x7b, 0x35, 0x17, 0x73, 0x5d, 0x6c, 0x27, 0x98, + 0x79, 0xa8, 0x3e, 0x7a, 0x43, 0xb7, 0x81, 0x94, 0xcd, 0x27, 0x18, 0x0d, + 0xd5, 0x0c, 0xec, 0xd6, 0x35, 0x96, 0x95, 0xd1, 0xe7, 0xbb, 0x0b, 0x27, + 0x39, 0xde, 0x2e, 0x03, 0x83, 0xb1, 0x15, 0x79, 0x59, 0x93, 0xd3, 0x5f, + 0x69, 0x0d, 0x89, 0x5e, 0x0b, 0x3a, 0xe2, 0x5a, 0xff, 0xd6, 0x62, 0x24, + 0x84, 0x37, 0x57, 0xd7, 0x91, 0x38, 0x15, 0x80, 0x08, 0x95, 0x66, 0x96, + 0x33, 0x0f, 0x8c, 0x7e, 0x53, 0x67, 0x1f, 0x65, 0x18, 0x4e, 0x14, 0x4f, + 0xba, 0xc6, 0xe0, 0xaa, 0x8e, 0x7d, 0x90, 0x59, 0xe8, 0x0f, 0x7a, 0xfb, + 0xc0, 0x41, 0xbc, 0x35, 0x2e, 0xca, 0x5f, 0xb5, 0xa6, 0xab, 0xdf, 0xcb, + 0xaa, 0xcc, 0xda, 0x5e, 0x1d, 0xc5, 0xef, 0x64, 0x0a, 0xa1, 0x59, 0xc0, + 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, + 0x72, 0x20, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x03, 0x00, + 0x00, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x12, + 0x34, 0x56, 0x78, 0x9a, 0xbc, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, + 0xd8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, + 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, + 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, + 0x36, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, + 0x31, 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, + 0x2d, 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, + 0x61, 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, + 0xd3, 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, + 0xb4, 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, + 0x0d, 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, + 0x8d, 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, + 0x5f, 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, + 0xf0, 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, + 0x75, 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, + 0x91, 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, + 0xbf, 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, + 0x21, 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, + 0x41, 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, + 0x87, 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, + 0x0e, 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, + 0xac, 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, + 0x2c, 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, + 0xed, 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, + 0x8d, 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, + 0xee, 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, + 0x2a, 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, + 0x99, 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, + 0xef, 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, + 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, + 0x00, 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, + 0x37, 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, + 0x9c, 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, + 0xb1, 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, + 0x9f, 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, + 0xe5, 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, + 0xe1, 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, + 0xed, 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, + 0xd4, 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, + 0xe0, 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, + 0xcc, 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, + 0x14, 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, + 0x23, 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, + 0xe2, 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, + 0x7f, 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, + 0xfa, 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, + 0x52, 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, + 0xe7, 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, + 0xb7, 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, + 0x0c, 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, + 0x8b, 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, + 0xe7, 0x12, 0xe1, 0x66, 0x15, +}; +unsigned int PK1_auth_len = 1985; diff --git a/libstb/secvar/test/data/edk2_test_data.h b/libstb/secvar/test/data/edk2_test_data.h new file mode 100644 index 00000000..13d4cc80 --- /dev/null +++ b/libstb/secvar/test/data/edk2_test_data.h @@ -0,0 +1,764 @@ +unsigned char PK_auth[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x91, 0x04, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, + 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, + 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x04, 0x75, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x04, 0x66, 0x30, + 0x82, 0x04, 0x62, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, + 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, + 0xa0, 0x82, 0x02, 0xf4, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, 0xd8, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, 0xbe, + 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, 0x36, + 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, 0x31, + 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, + 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, 0x2d, + 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, 0x61, + 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, 0xd3, + 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, 0xb4, + 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, 0x0d, + 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, 0x8d, + 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, 0x5f, + 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, 0xf0, + 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, 0x75, + 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, 0x91, + 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, 0xbf, + 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, 0x21, + 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, 0x41, + 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, 0x87, + 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, 0x0e, + 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, 0xac, + 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, 0x2c, + 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, 0xed, + 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, 0x8d, + 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, 0xee, + 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, 0x2a, + 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, + 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, + 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, 0x3e, + 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, 0x30, + 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, 0x37, + 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, 0x9c, + 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, 0xb1, + 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, 0x9f, + 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, 0xe5, + 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, 0xe1, + 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, 0xed, + 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, 0xd4, + 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, 0xe0, + 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, 0xcc, + 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, 0x14, + 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, 0x23, + 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, 0xe2, + 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, 0x7f, + 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, 0xfa, + 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, 0x52, + 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, 0xe7, + 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, 0xb7, + 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, 0x0c, + 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, 0x8b, + 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, 0xe7, + 0x12, 0xe1, 0x66, 0x15, 0x31, 0x82, 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, + 0x02, 0x01, 0x01, 0x30, 0x1a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x02, 0x09, 0x00, 0xec, + 0x89, 0x21, 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x04, 0x82, 0x01, 0x00, 0x21, 0xa2, 0xb4, 0x87, 0x9c, 0xa0, 0xe7, + 0x62, 0x82, 0x2a, 0x50, 0x0f, 0x59, 0xf0, 0x0e, 0xe4, 0xd8, 0xf1, 0x99, + 0xa1, 0x6f, 0x70, 0x76, 0x14, 0xe6, 0x59, 0xa1, 0x7f, 0xc7, 0xf6, 0xfa, + 0x6f, 0x7d, 0x43, 0xb9, 0x4c, 0x0a, 0x6f, 0x2e, 0xc3, 0x46, 0xe5, 0xbd, + 0xea, 0xa8, 0xaa, 0x88, 0x09, 0x99, 0x93, 0xb5, 0x31, 0x41, 0x3e, 0x30, + 0xdb, 0x2f, 0xad, 0x34, 0x45, 0x84, 0xaa, 0xac, 0xd5, 0xa0, 0x1a, 0x16, + 0x55, 0x7c, 0x12, 0xa9, 0x24, 0x0e, 0x5b, 0xc1, 0x28, 0x4b, 0x77, 0x70, + 0x6f, 0xc3, 0x7a, 0xf5, 0x98, 0x32, 0xe2, 0x0d, 0x24, 0x87, 0x70, 0x65, + 0x0c, 0xb1, 0x72, 0x3f, 0xde, 0x07, 0xcb, 0x35, 0x1b, 0x88, 0x0e, 0x4c, + 0x3b, 0x18, 0x65, 0x0e, 0x6c, 0xa9, 0x99, 0x5d, 0xa0, 0x13, 0x99, 0xaa, + 0x91, 0xc4, 0xbd, 0x1a, 0x77, 0x47, 0x2d, 0x0d, 0x0c, 0xda, 0x82, 0xd6, + 0x29, 0xc2, 0x08, 0x3c, 0x7e, 0x2a, 0x3b, 0x38, 0x99, 0x44, 0x51, 0xb1, + 0x41, 0x86, 0xb7, 0xe3, 0x31, 0xe4, 0x0c, 0x1b, 0xb4, 0xfb, 0x53, 0x7b, + 0xb1, 0x32, 0x04, 0x02, 0x40, 0x26, 0xfa, 0x67, 0xfa, 0xc0, 0xb5, 0x9a, + 0xd7, 0x86, 0x33, 0xfa, 0x5a, 0x88, 0x78, 0xf4, 0x45, 0x07, 0xdb, 0x6c, + 0x91, 0x4a, 0x4d, 0x61, 0x4a, 0x8f, 0x14, 0x63, 0x2a, 0x4a, 0xc9, 0x37, + 0x1c, 0xf3, 0xb0, 0x87, 0xd1, 0x1b, 0x10, 0xe2, 0x1e, 0x9b, 0x7b, 0xd6, + 0x44, 0xf2, 0x09, 0x88, 0xdc, 0x82, 0x52, 0x35, 0xec, 0xd7, 0x76, 0xc0, + 0xcc, 0xb4, 0x90, 0x66, 0x29, 0xd5, 0x18, 0xf9, 0xb3, 0x44, 0x70, 0x94, + 0x80, 0x10, 0xd0, 0x33, 0x7e, 0xfa, 0xe7, 0xfc, 0x6b, 0x3e, 0x81, 0x64, + 0xdb, 0xaa, 0x2f, 0x9f, 0x18, 0xc1, 0xae, 0x4a, 0x50, 0x59, 0x9f, 0xd4, + 0x1a, 0x3f, 0xc3, 0x08, 0x08, 0x1c, 0xbf, 0x61, 0xe7, 0xa1, 0x59, 0xc0, + 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, + 0x72, 0x20, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x03, 0x00, + 0x00, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x12, + 0x34, 0x56, 0x78, 0x9a, 0xbc, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, + 0xd8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, + 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, + 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, + 0x36, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, + 0x31, 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, + 0x2d, 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, + 0x61, 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, + 0xd3, 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, + 0xb4, 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, + 0x0d, 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, + 0x8d, 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, + 0x5f, 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, + 0xf0, 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, + 0x75, 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, + 0x91, 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, + 0xbf, 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, + 0x21, 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, + 0x41, 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, + 0x87, 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, + 0x0e, 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, + 0xac, 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, + 0x2c, 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, + 0xed, 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, + 0x8d, 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, + 0xee, 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, + 0x2a, 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, + 0x99, 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, + 0xef, 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, + 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, + 0x00, 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, + 0x37, 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, + 0x9c, 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, + 0xb1, 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, + 0x9f, 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, + 0xe5, 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, + 0xe1, 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, + 0xed, 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, + 0xd4, 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, + 0xe0, 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, + 0xcc, 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, + 0x14, 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, + 0x23, 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, + 0xe2, 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, + 0x7f, 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, + 0xfa, 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, + 0x52, 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, + 0xe7, 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, + 0xb7, 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, + 0x0c, 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, + 0x8b, 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, + 0xe7, 0x12, 0xe1, 0x66, 0x15, +}; +unsigned int PK_auth_len = 1985; + +unsigned char ValidKEK_auth[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x91, 0x04, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, + 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, + 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x04, 0x75, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x04, 0x66, 0x30, + 0x82, 0x04, 0x62, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, + 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, + 0xa0, 0x82, 0x02, 0xf4, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, 0xd8, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, 0xbe, + 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, 0x36, + 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, 0x31, + 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, + 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, 0x2d, + 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, 0x61, + 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, 0xd3, + 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, 0xb4, + 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, 0x0d, + 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, 0x8d, + 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, 0x5f, + 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, 0xf0, + 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, 0x75, + 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, 0x91, + 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, 0xbf, + 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, 0x21, + 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, 0x41, + 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, 0x87, + 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, 0x0e, + 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, 0xac, + 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, 0x2c, + 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, 0xed, + 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, 0x8d, + 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, 0xee, + 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, 0x2a, + 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, + 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, + 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, 0x3e, + 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, 0x30, + 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, 0x37, + 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, 0x9c, + 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, 0xb1, + 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, 0x9f, + 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, 0xe5, + 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, 0xe1, + 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, 0xed, + 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, 0xd4, + 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, 0xe0, + 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, 0xcc, + 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, 0x14, + 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, 0x23, + 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, 0xe2, + 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, 0x7f, + 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, 0xfa, + 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, 0x52, + 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, 0xe7, + 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, 0xb7, + 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, 0x0c, + 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, 0x8b, + 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, 0xe7, + 0x12, 0xe1, 0x66, 0x15, 0x31, 0x82, 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, + 0x02, 0x01, 0x01, 0x30, 0x1a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x02, 0x09, 0x00, 0xec, + 0x89, 0x21, 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x04, 0x82, 0x01, 0x00, 0xbf, 0xe8, 0x0c, 0x4c, 0x32, 0x9a, 0x6e, + 0x05, 0x20, 0x92, 0xa5, 0x65, 0x4e, 0xc3, 0x46, 0x24, 0x8d, 0xaf, 0x84, + 0xd5, 0xe6, 0x43, 0xa0, 0x12, 0xa1, 0x4b, 0x98, 0x71, 0x5e, 0xe6, 0xed, + 0x2c, 0x1d, 0x83, 0xeb, 0x67, 0xb5, 0x85, 0x57, 0xce, 0x1a, 0x01, 0x20, + 0x2b, 0x79, 0xe0, 0x07, 0x8f, 0x25, 0x8e, 0xf4, 0xdf, 0x17, 0x83, 0xe6, + 0x4f, 0xf0, 0xba, 0x98, 0xb7, 0xc4, 0x82, 0xae, 0x8b, 0x63, 0xa0, 0x77, + 0x6b, 0xe2, 0x63, 0x36, 0x0a, 0xce, 0x7c, 0x0a, 0xb9, 0x25, 0xa7, 0xf6, + 0x26, 0x06, 0x40, 0x49, 0xeb, 0x40, 0x7b, 0xff, 0xb0, 0xc7, 0xf6, 0xd2, + 0x7f, 0x5e, 0x17, 0xf5, 0x28, 0x37, 0x0d, 0x82, 0x32, 0x22, 0xfb, 0xdd, + 0x52, 0x00, 0xc4, 0x63, 0xda, 0x4c, 0x81, 0x88, 0xc3, 0xda, 0x36, 0x40, + 0x18, 0xea, 0x8e, 0x6e, 0x2f, 0xeb, 0xc1, 0xb7, 0x69, 0x0d, 0xe3, 0xd6, + 0xda, 0xca, 0x10, 0xac, 0x88, 0x4a, 0x88, 0x13, 0xfe, 0x93, 0x48, 0xf5, + 0x00, 0x6e, 0x98, 0xb4, 0x9c, 0xc9, 0x24, 0xfc, 0xfb, 0x6a, 0x72, 0x40, + 0x76, 0x79, 0x10, 0x5c, 0xa1, 0x96, 0x95, 0x15, 0x7e, 0x6d, 0x07, 0x2c, + 0x02, 0xb1, 0xf8, 0xa9, 0x07, 0x1a, 0xba, 0x67, 0xc5, 0x7d, 0x6a, 0xdf, + 0x0c, 0xa1, 0xee, 0x6f, 0xbc, 0xac, 0x8e, 0xee, 0x43, 0x1f, 0xb2, 0xac, + 0xaf, 0x43, 0x67, 0xef, 0x6e, 0xac, 0x7a, 0x72, 0x85, 0xb3, 0x64, 0x93, + 0xde, 0x16, 0x13, 0x10, 0xd9, 0x98, 0x13, 0xec, 0x71, 0xb0, 0xef, 0x67, + 0x7d, 0x0c, 0x10, 0xde, 0x98, 0xe0, 0xc7, 0x56, 0x00, 0xbf, 0x21, 0x38, + 0x99, 0x2f, 0xf6, 0x52, 0x9b, 0x7e, 0x44, 0xd7, 0x85, 0x49, 0xd1, 0x2b, + 0x4f, 0xcb, 0x6e, 0x9d, 0x63, 0x93, 0xe0, 0xd2, 0xcb, 0x8b, 0x28, 0xb6, + 0x43, 0xc6, 0x12, 0x1f, 0xd6, 0x94, 0xad, 0xc7, 0xf2, 0xa1, 0x59, 0xc0, + 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, + 0x72, 0x22, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x03, 0x00, + 0x00, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x12, + 0x34, 0x56, 0x78, 0x9a, 0xbc, 0x30, 0x82, 0x02, 0xf2, 0x30, 0x82, 0x01, + 0xda, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xfe, 0xdd, 0x2e, + 0xec, 0xe0, 0x22, 0xdd, 0xf9, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0e, 0x31, 0x0c, + 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, 0x45, 0x4b, + 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, + 0x35, 0x36, 0x33, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, + 0x39, 0x31, 0x38, 0x35, 0x36, 0x33, 0x31, 0x5a, 0x30, 0x0e, 0x31, 0x0c, + 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, 0x45, 0x4b, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd1, 0xf8, 0xab, + 0xdb, 0xc2, 0xf5, 0x51, 0xde, 0x7b, 0x9f, 0x28, 0xff, 0xae, 0xdb, 0xa5, + 0xbf, 0x73, 0x63, 0x99, 0x5e, 0x04, 0xa5, 0x9d, 0xfd, 0xcd, 0x24, 0x2e, + 0xdd, 0x0b, 0x02, 0x88, 0xe9, 0x71, 0x7b, 0xf2, 0x89, 0x90, 0xae, 0xaf, + 0x0d, 0xa0, 0x68, 0x4d, 0x31, 0x1b, 0x30, 0xe8, 0x19, 0x2e, 0xfc, 0x33, + 0x8f, 0xee, 0x6d, 0x2a, 0x0a, 0x09, 0x42, 0x34, 0xc1, 0x40, 0xa8, 0xe8, + 0xb6, 0xc7, 0x92, 0x5d, 0xa5, 0x96, 0x14, 0xd7, 0xaf, 0x8c, 0x71, 0x6b, + 0x4e, 0x7d, 0x6e, 0xfa, 0x73, 0x1c, 0x40, 0x4c, 0x05, 0x9e, 0xfa, 0xb2, + 0x4c, 0x8c, 0xcb, 0x9d, 0xe2, 0xa9, 0x04, 0x01, 0x91, 0x5b, 0xbf, 0xff, + 0x85, 0x54, 0x2a, 0x65, 0x96, 0x84, 0x6f, 0xfa, 0x99, 0x1c, 0x9e, 0xe0, + 0x77, 0x68, 0x4d, 0x58, 0x2a, 0xc7, 0xc0, 0x8f, 0x71, 0x5a, 0x8f, 0xa9, + 0xff, 0x44, 0xed, 0xf7, 0xe4, 0x47, 0xd8, 0x4c, 0x9c, 0xf4, 0x78, 0xa0, + 0xb3, 0x37, 0xaf, 0x43, 0x0b, 0x03, 0x6f, 0xe4, 0xe1, 0x2d, 0x52, 0x0b, + 0x4b, 0x62, 0xc6, 0x2f, 0xe3, 0xfc, 0x32, 0xf2, 0xe2, 0x11, 0x1c, 0xac, + 0xdf, 0x5a, 0xe8, 0xdd, 0x55, 0x65, 0xa4, 0x6f, 0x61, 0xb7, 0x0f, 0x1c, + 0xc6, 0x08, 0x2a, 0xaf, 0x5d, 0x36, 0x50, 0x06, 0x7b, 0x49, 0xa0, 0x8b, + 0x1c, 0x93, 0xdc, 0x72, 0x69, 0x7b, 0xf1, 0xcc, 0xee, 0xa4, 0xe8, 0xd0, + 0x7b, 0x5f, 0x61, 0xbc, 0xbe, 0x20, 0xfb, 0x0b, 0xaa, 0x54, 0xf6, 0xe0, + 0x13, 0xad, 0xe8, 0x96, 0x53, 0x6a, 0xa9, 0x4b, 0xa1, 0xcf, 0x56, 0x10, + 0xbc, 0x2a, 0x09, 0xc9, 0x0a, 0xcc, 0x8d, 0x20, 0xdd, 0x4d, 0x14, 0xc7, + 0x08, 0xab, 0xc1, 0xc3, 0xaf, 0x0b, 0x35, 0x40, 0x57, 0x34, 0x97, 0x3b, + 0xa2, 0x2d, 0xa3, 0x46, 0xc1, 0x30, 0x14, 0x88, 0xa8, 0x74, 0x79, 0xdd, + 0xb1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd7, 0x75, 0xfc, + 0xed, 0xb7, 0xc8, 0xb5, 0xf8, 0x7d, 0x28, 0xc5, 0x13, 0x34, 0xcd, 0x0b, + 0xbe, 0x57, 0x0d, 0x94, 0xa8, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xd7, 0x75, 0xfc, 0xed, 0xb7, 0xc8, + 0xb5, 0xf8, 0x7d, 0x28, 0xc5, 0x13, 0x34, 0xcd, 0x0b, 0xbe, 0x57, 0x0d, + 0x94, 0xa8, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, + 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0x58, 0xd2, 0x25, 0xa3, 0xe6, 0xaa, 0xb9, 0x56, 0x67, + 0xc3, 0xa6, 0x4b, 0x88, 0x99, 0xfe, 0xde, 0xc6, 0x16, 0x4c, 0x43, 0x1b, + 0xb8, 0xea, 0xe3, 0x77, 0xc4, 0xe4, 0x66, 0x15, 0x9f, 0x92, 0x6d, 0xe3, + 0x7f, 0x3c, 0xac, 0x88, 0x8b, 0xb9, 0xc5, 0x5c, 0x39, 0x4f, 0x02, 0x75, + 0x5a, 0x3d, 0xc5, 0xaf, 0xad, 0x8f, 0x32, 0xd4, 0x5a, 0x44, 0xc8, 0xcb, + 0x1f, 0x40, 0xa1, 0x44, 0xef, 0xa8, 0x2a, 0xa4, 0x0d, 0x7a, 0x25, 0xe1, + 0x6c, 0x09, 0x4b, 0x96, 0x6a, 0x73, 0x0f, 0xe0, 0x9b, 0x0e, 0x26, 0xff, + 0x61, 0x96, 0xc4, 0xb6, 0x10, 0xe1, 0x90, 0x36, 0xfd, 0x96, 0xb5, 0x90, + 0xb0, 0x76, 0xed, 0xc2, 0x17, 0xc0, 0xfe, 0xd4, 0x38, 0xff, 0x7f, 0xc3, + 0xa0, 0x88, 0x60, 0xe8, 0x27, 0x10, 0x34, 0x35, 0x93, 0x59, 0xcb, 0x12, + 0xe5, 0x25, 0xaf, 0x2d, 0x1d, 0x7d, 0x3f, 0x16, 0x95, 0x71, 0x57, 0x8e, + 0x3f, 0xc2, 0xad, 0x8e, 0xc4, 0x0e, 0xe1, 0xed, 0x46, 0xf9, 0xd7, 0x07, + 0x85, 0xb3, 0x05, 0xbe, 0xf1, 0x4c, 0xba, 0xf1, 0x34, 0xe5, 0xd5, 0x26, + 0x9b, 0x6c, 0x15, 0x9e, 0x35, 0xa2, 0xd5, 0x81, 0x09, 0x36, 0x05, 0xa6, + 0x99, 0x1f, 0xa2, 0x17, 0x35, 0x3a, 0x38, 0x18, 0x52, 0x44, 0xcf, 0x22, + 0xb3, 0x69, 0xba, 0x07, 0x74, 0x48, 0x1c, 0x8e, 0x4c, 0xa7, 0xb0, 0xc2, + 0x65, 0x6c, 0x1d, 0x30, 0xe2, 0x82, 0xc2, 0x35, 0x60, 0x25, 0xf2, 0xb1, + 0x05, 0x18, 0x0a, 0x73, 0x87, 0x27, 0xee, 0x6e, 0xc2, 0x5f, 0xff, 0xd8, + 0xfc, 0x77, 0x06, 0x2e, 0x3d, 0x4f, 0xa1, 0x14, 0x04, 0x5d, 0xae, 0x38, + 0x28, 0xf9, 0x3d, 0x82, 0x5f, 0xc6, 0xd0, 0x31, 0x21, 0x88, 0xda, 0x7f, + 0x78, 0xe3, 0xb7, 0xed, 0x52, 0x37, 0xf4, 0x29, 0x08, 0x88, 0x50, 0x54, + 0x56, 0x67, 0xc0, 0xe1, 0xf4, 0xe7, 0xcf, +}; +unsigned int ValidKEK_auth_len = 1987; + +unsigned char InvalidKEK_auth[] = { + 0x00, 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , + 0x91, 0x04 , 0x00 , 0x00 , 0x00 , 0x02 , 0xf1 , 0x0e , 0x9d , 0xd2 , 0xaf , 0x4a , 0xdf , 0x68 , 0xee , 0x49 , + 0x8a, 0xa9 , 0x34 , 0x7d , 0x37 , 0x56 , 0x65 , 0xa7 , 0x30 , 0x82 , 0x04 , 0x75 , 0x06 , 0x09 , 0x2a , 0x86 , + 0x48, 0x86 , 0xf7 , 0x0d , 0x01 , 0x07 , 0x02 , 0xa0 , 0x82 , 0x04 , 0x66 , 0x30 , 0x82 , 0x04 , 0x62 , 0x02 , + 0x01, 0x01 , 0x31 , 0x0f , 0x30 , 0x0d , 0x06 , 0x09 , 0x60 , 0x86 , 0x48 , 0x01 , 0x65 , 0x03 , 0x04 , 0x02 , + 0x01, 0x05 , 0x00 , 0x30 , 0x0b , 0x06 , 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x07 , 0x01 , + 0xa0, 0x82 , 0x02 , 0xf4 , 0x30 , 0x82 , 0x02 , 0xf0 , 0x30 , 0x82 , 0x01 , 0xd8 , 0xa0 , 0x03 , 0x02 , 0x01 , + 0x02, 0x02 , 0x09 , 0x00 , 0xec , 0x89 , 0x21 , 0xbe , 0xc3 , 0xb0 , 0x04 , 0xc6 , 0x30 , 0x0d , 0x06 , 0x09 , + 0x2a, 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x01 , 0x0b , 0x05 , 0x00 , 0x30 , 0x0d , 0x31 , 0x0b , 0x30 , + 0x09, 0x06 , 0x03 , 0x55 , 0x04 , 0x03 , 0x0c , 0x02 , 0x50 , 0x4b , 0x30 , 0x1e , 0x17 , 0x0d , 0x31 , 0x39 , + 0x30, 0x31 , 0x31 , 0x32 , 0x31 , 0x38 , 0x35 , 0x36 , 0x32 , 0x39 , 0x5a , 0x17 , 0x0d , 0x32 , 0x39 , 0x30 , + 0x31, 0x30 , 0x39 , 0x31 , 0x38 , 0x35 , 0x36 , 0x32 , 0x39 , 0x5a , 0x30 , 0x0d , 0x31 , 0x0b , 0x30 , 0x09 , + 0x06, 0x03 , 0x55 , 0x04 , 0x03 , 0x0c , 0x02 , 0x50 , 0x4b , 0x30 , 0x82 , 0x01 , 0x22 , 0x30 , 0x0d , 0x06 , + 0x09, 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x01 , 0x01 , 0x05 , 0x00 , 0x03 , 0x82 , 0x01 , 0x0f , + 0x00, 0x30 , 0x82 , 0x01 , 0x0a , 0x02 , 0x82 , 0x01 , 0x01 , 0x00 , 0xee , 0xa9 , 0xd0 , 0x47 , 0xf4 , 0x2d , + 0xfd, 0xff , 0x21 , 0x6f , 0x11 , 0x89 , 0x9d , 0x54 , 0xe8 , 0xb1 , 0x97 , 0x61 , 0x10 , 0x21 , 0xe1 , 0x9e , + 0x51, 0x09 , 0x66 , 0xea , 0x23 , 0xdb , 0x01 , 0xd3 , 0x5d , 0xa6 , 0xce , 0xc5 , 0x75 , 0x52 , 0xec , 0x2f , + 0xb4, 0x1f , 0x36 , 0xb4 , 0x35 , 0xca , 0x30 , 0xfd , 0xd9 , 0xed , 0x14 , 0x63 , 0xa3 , 0x9e , 0xc6 , 0x0d , + 0xc0, 0x8d , 0xca , 0x7a , 0x1b , 0x9a , 0xcd , 0xbf , 0xb4 , 0x4c , 0x21 , 0x8d , 0xe0 , 0xf6 , 0xbc , 0x74 , + 0xbc, 0xef , 0xc6 , 0x8f , 0xc1 , 0x81 , 0x33 , 0x5f , 0x1e , 0xe6 , 0xed , 0x69 , 0x68 , 0x49 , 0x4c , 0xd7 , + 0x0f, 0x84 , 0x70 , 0xf0 , 0xf6 , 0x1b , 0x07 , 0x35 , 0xa4 , 0x09 , 0xae , 0x5e , 0xdd , 0x42 , 0xa2 , 0x75 , + 0x48, 0xd4 , 0xfa , 0x3c , 0x28 , 0xe7 , 0xaa , 0xc9 , 0x2b , 0xbf , 0xc1 , 0x91 , 0x65 , 0x19 , 0x99 , 0x3b , + 0x56, 0x80 , 0x1a , 0xee , 0x90 , 0x43 , 0xae , 0xbf , 0x1f , 0xff , 0xd2 , 0x55 , 0x1d , 0x18 , 0xff , 0x49 , + 0x38, 0xd8 , 0xdc , 0x21 , 0xe1 , 0x86 , 0xfb , 0xf2 , 0x86 , 0x43 , 0x37 , 0x2e , 0x93 , 0xe8 , 0xd0 , 0x41 , + 0xdb, 0xc9 , 0x73 , 0xd8 , 0x0f , 0xf5 , 0x11 , 0x18 , 0xa9 , 0x93 , 0xb2 , 0x87 , 0x90 , 0xc2 , 0x58 , 0x96 , + 0x93, 0xff , 0x69 , 0xb2 , 0x05 , 0xec , 0xaa , 0x0e , 0xcc , 0xfe , 0x1a , 0x78 , 0x6c , 0x31 , 0xfa , 0x6b , + 0x0d, 0xb6 , 0xeb , 0xac , 0xaf , 0xc9 , 0xa5 , 0x09 , 0xbb , 0xdd , 0x01 , 0x16 , 0x6d , 0x31 , 0x53 , 0x2c , + 0xcb, 0xc1 , 0x82 , 0x87 , 0x81 , 0x99 , 0x7f , 0xc1 , 0xee , 0x86 , 0x6a , 0xed , 0x50 , 0xfc , 0x39 , 0xc1 , + 0x51, 0x71 , 0x04 , 0xe0 , 0x66 , 0x63 , 0x6f , 0x8d , 0x17 , 0x35 , 0x63 , 0x56 , 0x4b , 0x90 , 0x20 , 0x7a , + 0x5f, 0xc8 , 0x63 , 0xee , 0xf4 , 0x82 , 0xe1 , 0x61 , 0xbf , 0x41 , 0x46 , 0x04 , 0xfd , 0x96 , 0x46 , 0x2a , + 0x8b, 0x8d , 0xa2 , 0x4c , 0x82 , 0xe3 , 0xf0 , 0x6e , 0x24 , 0x8b , 0x02 , 0x03 , 0x01 , 0x00 , 0x01 , 0xa3 , + 0x53, 0x30 , 0x51 , 0x30 , 0x1d , 0x06 , 0x03 , 0x55 , 0x1d , 0x0e , 0x04 , 0x16 , 0x04 , 0x14 , 0x14 , 0xb2 , + 0x26, 0xdc , 0xe0 , 0x99 , 0x4b , 0xb1 , 0x3e , 0xc4 , 0xc8 , 0xeb , 0xe3 , 0xc9 , 0x8b , 0x69 , 0x78 , 0xef , + 0x55, 0xbd , 0x30 , 0x1f , 0x06 , 0x03 , 0x55 , 0x1d , 0x23 , 0x04 , 0x18 , 0x30 , 0x16 , 0x80 , 0x14 , 0x14 , + 0xb2, 0x26 , 0xdc , 0xe0 , 0x99 , 0x4b , 0xb1 , 0x3e , 0xc4 , 0xc8 , 0xeb , 0xe3 , 0xc9 , 0x8b , 0x69 , 0x78 , + 0xef, 0x55 , 0xbd , 0x30 , 0x0f , 0x06 , 0x03 , 0x55 , 0x1d , 0x13 , 0x01 , 0x01 , 0xff , 0x04 , 0x05 , 0x30 , + 0x03, 0x01 , 0x01 , 0xff , 0x30 , 0x0d , 0x06 , 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x01 , + 0x0b, 0x05 , 0x00 , 0x03 , 0x82 , 0x01 , 0x01 , 0x00 , 0x8f , 0x4b , 0x0e , 0x4d , 0xd6 , 0xed , 0x73 , 0xb0 , + 0xe6, 0xa5 , 0xcf , 0x37 , 0xed , 0x7b , 0x89 , 0x82 , 0xc4 , 0x67 , 0x95 , 0x16 , 0x03 , 0x19 , 0x3d , 0x9c , + 0xbf, 0x10 , 0x8e , 0x23 , 0x71 , 0xcb , 0x53 , 0xa2 , 0xb0 , 0xa1 , 0x88 , 0xb1 , 0x9b , 0x2e , 0x68 , 0xda , + 0x1e, 0x74 , 0xfe , 0x32 , 0x6f , 0xa1 , 0xda , 0x9f , 0x5b , 0x52 , 0x6b , 0x10 , 0x11 , 0x48 , 0x0d , 0x71 , + 0xec, 0x08 , 0x24 , 0xe5 , 0x0b , 0xb4 , 0x60 , 0x52 , 0x47 , 0x64 , 0xfb , 0xf5 , 0x99 , 0x45 , 0x15 , 0xe1 , + 0x35, 0x6c , 0x43 , 0xe3 , 0x9c , 0xeb , 0xe4 , 0xfd , 0x5b , 0x91 , 0x5d , 0xed , 0xa9 , 0x98 , 0x13 , 0x79 , + 0x6d, 0xcd , 0x8a , 0x8f , 0xae , 0x09 , 0x42 , 0xd4 , 0xa1 , 0x46 , 0x89 , 0xd1 , 0x95 , 0x20 , 0x27 , 0x82 , + 0x80, 0x93 , 0x3d , 0xe0 , 0x32 , 0xb2 , 0x07 , 0x2e , 0xee , 0x89 , 0xbf , 0x08 , 0xca , 0x3c , 0xc5 , 0xcc , + 0x1d, 0x64 , 0x61 , 0x4c , 0xdd , 0x26 , 0x99 , 0x3d , 0xee , 0x0f , 0xad , 0x14 , 0xbe , 0x8f , 0x70 , 0x9e , + 0xb1, 0x31 , 0xd1 , 0xb2 , 0x7d , 0xdf , 0xbc , 0x23 , 0xc6 , 0x36 , 0x23 , 0xfc , 0xa1 , 0x77 , 0xdb , 0x80 , + 0xaf, 0x41 , 0xaf , 0xe2 , 0xb2 , 0x37 , 0x8c , 0x74 , 0xff , 0x19 , 0x04 , 0x96 , 0x6a , 0x40 , 0x37 , 0x7f , + 0x5e, 0x76 , 0x9b , 0xee , 0x84 , 0x7e , 0x4e , 0x2f , 0x75 , 0x7d , 0x76 , 0xfa , 0x90 , 0x76 , 0x08 , 0x41 , + 0x61, 0x63 , 0xa4 , 0x9e , 0x79 , 0x2e , 0xb0 , 0x52 , 0xec , 0xc7 , 0xa0 , 0x47 , 0x16 , 0x76 , 0x4f , 0x01 , + 0xb1, 0x58 , 0x67 , 0xe7 , 0x59 , 0x6a , 0x9a , 0xe9 , 0xf8 , 0x59 , 0x33 , 0x52 , 0x98 , 0x52 , 0xc8 , 0xb7 , + 0x6f, 0xc8 , 0x44 , 0x52 , 0x8b , 0xa2 , 0x30 , 0x1e , 0xb6 , 0xd2 , 0xc2 , 0x0c , 0x43 , 0x9f , 0x13 , 0x1f , + 0x0f, 0xef , 0x16 , 0xa6 , 0xc0 , 0xf7 , 0x09 , 0x8b , 0x2e , 0xa7 , 0x7d , 0x6a , 0x30 , 0x0b , 0x09 , 0xbb , + 0x69, 0x2f , 0xaf , 0xe7 , 0x12 , 0xe1 , 0x66 , 0x15 , 0x31 , 0x82 , 0x01 , 0x45 , 0x30 , 0x82 , 0x01 , 0x41 , + 0x02, 0x01 , 0x01 , 0x30 , 0x1a , 0x30 , 0x0d , 0x31 , 0x0b , 0x30 , 0x09 , 0x06 , 0x03 , 0x55 , 0x04 , 0x03 , + 0x0c, 0x02 , 0x50 , 0x4b , 0x02 , 0x09 , 0x00 , 0xec , 0x89 , 0x21 , 0xbe , 0xc3 , 0xb0 , 0x04 , 0xc6 , 0x30 , + 0x0d, 0x06 , 0x09 , 0x60 , 0x86 , 0x48 , 0x01 , 0x65 , 0x03 , 0x04 , 0x02 , 0x01 , 0x05 , 0x00 , 0x30 , 0x0d , + 0x06, 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x01 , 0x01 , 0x05 , 0x00 , 0x04 , 0x82 , 0x01 , + 0x00, 0x0d , 0x5c , 0x86 , 0xe2 , 0xe1 , 0x7e , 0x1c , 0x1d , 0x8a , 0x4b , 0x57 , 0xd8 , 0x68 , 0x78 , 0x34 , + 0x8b, 0xd9 , 0xaa , 0xc5 , 0x67 , 0xbc , 0xf4 , 0x9f , 0x16 , 0xfe , 0x2c , 0xba , 0x5b , 0xe3 , 0x35 , 0x9a , + 0xb1, 0xec , 0x57 , 0x12 , 0x26 , 0x1f , 0x5b , 0xd0 , 0x15 , 0x28 , 0x25 , 0xa9 , 0x09 , 0xd9 , 0x1a , 0x56 , + 0xe7, 0xb2 , 0xd1 , 0x04 , 0x0f , 0x83 , 0x70 , 0x99 , 0xff , 0x6f , 0x5f , 0xa4 , 0x89 , 0x91 , 0xa9 , 0x2a , + 0xe7, 0xb0 , 0x30 , 0xbd , 0x07 , 0xcf , 0x8d , 0x93 , 0xd2 , 0x5a , 0xf0 , 0x16 , 0x13 , 0x7c , 0xc3 , 0xef , + 0x27, 0xbb , 0x4d , 0x72 , 0x04 , 0x9f , 0xbb , 0x49 , 0xf3 , 0x7c , 0x18 , 0x1a , 0xcd , 0x12 , 0x99 , 0xea , + 0x3a, 0x41 , 0x0a , 0xa1 , 0x55 , 0x74 , 0xa3 , 0x30 , 0x17 , 0xfd , 0x4e , 0x8d , 0x4a , 0x3d , 0x5f , 0x0f , + 0x08, 0x7c , 0x1a , 0x39 , 0xc5 , 0xc4 , 0xd7 , 0xb6 , 0xf6 , 0x3b , 0xa7 , 0x3e , 0x6c , 0x68 , 0xf9 , 0x69 , + 0xcd, 0x7a , 0x47 , 0x43 , 0xc5 , 0x68 , 0x56 , 0x74 , 0xde , 0x4c , 0x38 , 0xf5 , 0x6d , 0xf6 , 0x96 , 0xac , + 0xf3, 0x5c , 0x6a , 0xc9 , 0x7d , 0x45 , 0x44 , 0x4e , 0x98 , 0xcc , 0xd9 , 0xbe , 0x5f , 0xbd , 0xa3 , 0x0a , + 0x34, 0x0e , 0x53 , 0x4b , 0x08 , 0x93 , 0x8b , 0xf9 , 0x46 , 0x49 , 0xca , 0x6a , 0x98 , 0x26 , 0x90 , 0x86 , + 0x51, 0xee , 0x24 , 0x2f , 0xcb , 0xa0 , 0x7f , 0x94 , 0xd8 , 0x6d , 0xee , 0x58 , 0xf9 , 0xe3 , 0x4e , 0x6d , + 0xaf, 0xa2 , 0x00 , 0xb6 , 0xeb , 0x70 , 0x8c , 0x9d , 0x90 , 0xfe , 0x58 , 0xdd , 0x48 , 0xf6 , 0x99 , 0x09 , + 0x41, 0xdd , 0xde , 0x7c , 0xae , 0xd7 , 0x8c , 0x57 , 0x4e , 0x47 , 0x79 , 0x38 , 0x03 , 0x42 , 0xeb , 0xb4 , + 0x2d, 0xb8 , 0x9e , 0xcf , 0x58 , 0xa4 , 0x32 , 0x00 , 0x2a , 0x66 , 0x4e , 0xf5 , 0xde , 0x96 , 0x9b , 0x60 , + 0xc7, 0xc5 , 0xcf , 0xe2 , 0xa2 , 0x9b , 0x0f , 0x39 , 0x64 , 0x13 , 0x12 , 0x41 , 0x77 , 0xb2 , 0xd2 , 0x50 , + 0x5c, 0xa1 , 0x59 , 0xc0 , 0xa5 , 0xe4 , 0x94 , 0xa7 , 0x4a , 0x87 , 0xb5 , 0xab , 0x15 , 0x5c , 0x2b , 0xf0 , + 0x72, 0x22 , 0x03 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x06 , 0x03 , 0x00 , 0x00 , 0x11 , 0x11 , 0x11 , + 0x11, 0x22 , 0x22 , 0x33 , 0x33 , 0x44 , 0x44 , 0x12 , 0x34 , 0x56 , 0x78 , 0x9a , 0xbc , 0x30 , 0x82 , 0x02 , + 0xf2, 0x30 , 0x82 , 0x01 , 0xda , 0xa0 , 0x03 , 0x02 , 0x01 , 0x02 , 0x02 , 0x09 , 0x00 , 0xfe , 0xdd , 0x2e , + 0xec, 0xe0 , 0x22 , 0xdd , 0xf9 , 0x30 , 0x0d , 0x06 , 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , + 0x01, 0x0b , 0x05 , 0x00 , 0x30 , 0x0e , 0x31 , 0x0c , 0x30 , 0x0a , 0x06 , 0x03 , 0x55 , 0x04 , 0x03 , 0x0c , + 0x03, 0x4b , 0x45 , 0x4b , 0x30 , 0x1e , 0x17 , 0x0d , 0x31 , 0x39 , 0x30 , 0x31 , 0x31 , 0x32 , 0x31 , 0x38 , + 0x35, 0x36 , 0x33 , 0x31 , 0x5a , 0x17 , 0x0d , 0x32 , 0x39 , 0x30 , 0x31 , 0x30 , 0x39 , 0x31 , 0x38 , 0x35 , + 0x36, 0x33 , 0x31 , 0x5a , 0x30 , 0x0e , 0x31 , 0x0c , 0x30 , 0x0a , 0x06 , 0x03 , 0x55 , 0x04 , 0x03 , 0x0c , + 0x03, 0x4b , 0x45 , 0x4b , 0x30 , 0x82 , 0x01 , 0x22 , 0x30 , 0x0d , 0x06 , 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , + 0xf7, 0x0d , 0x01 , 0x01 , 0x01 , 0x05 , 0x00 , 0x03 , 0x82 , 0x01 , 0x0f , 0x00 , 0x30 , 0x82 , 0x01 , 0x0a , + 0x02, 0x82 , 0x01 , 0x01 , 0x00 , 0xd1 , 0xf8 , 0xab , 0xdb , 0xc2 , 0xf5 , 0x51 , 0xde , 0x7b , 0x9f , 0x28 , + 0xff, 0xae , 0xdb , 0xa5 , 0xbf , 0x73 , 0x63 , 0x99 , 0x5e , 0x04 , 0xa5 , 0x9d , 0xfd , 0xcd , 0x24 , 0x2e , + 0xdd, 0x0b , 0x02 , 0x88 , 0xe9 , 0x71 , 0x7b , 0xf2 , 0x89 , 0x90 , 0xae , 0xaf , 0x0d , 0xa0 , 0x68 , 0x4d , + 0x31, 0x1b , 0x30 , 0xe8 , 0x19 , 0x2e , 0xfc , 0x33 , 0x8f , 0xee , 0x6d , 0x2a , 0x0a , 0x09 , 0x42 , 0x34 , + 0xc1, 0x40 , 0xa8 , 0xe8 , 0xb6 , 0xc7 , 0x92 , 0x5d , 0xa5 , 0x96 , 0x14 , 0xd7 , 0xaf , 0x8c , 0x71 , 0x6b , + 0x4e, 0x7d , 0x6e , 0xfa , 0x73 , 0x1c , 0x40 , 0x4c , 0x05 , 0x9e , 0xfa , 0xb2 , 0x4c , 0x8c , 0xcb , 0x9d , + 0xe2, 0xa9 , 0x04 , 0x01 , 0x91 , 0x5b , 0xbf , 0xff , 0x85 , 0x54 , 0x2a , 0x65 , 0x96 , 0x84 , 0x6f , 0xfa , + 0x99, 0x1c , 0x9e , 0xe0 , 0x77 , 0x68 , 0x4d , 0x58 , 0x2a , 0xc7 , 0xc0 , 0x8f , 0x71 , 0x5a , 0x8f , 0xa9 , + 0xff, 0x44 , 0xed , 0xf7 , 0xe4 , 0x47 , 0xd8 , 0x4c , 0x9c , 0xf4 , 0x78 , 0xa0 , 0xb3 , 0x37 , 0xaf , 0x43 , + 0x0b, 0x03 , 0x6f , 0xe4 , 0xe1 , 0x2d , 0x52 , 0x0b , 0x4b , 0x62 , 0xc6 , 0x2f , 0xe3 , 0xfc , 0x32 , 0xf2 , + 0xe2, 0x11 , 0x1c , 0xac , 0xdf , 0x5a , 0xe8 , 0xdd , 0x55 , 0x65 , 0xa4 , 0x6f , 0x61 , 0xb7 , 0x0f , 0x1c , + 0xc6, 0x08 , 0x2a , 0xaf , 0x5d , 0x36 , 0x50 , 0x06 , 0x7b , 0x49 , 0xa0 , 0x8b , 0x1c , 0x93 , 0xdc , 0x72 , + 0x69, 0x7b , 0xf1 , 0xcc , 0xee , 0xa4 , 0xe8 , 0xd0 , 0x7b , 0x5f , 0x61 , 0xbc , 0xbe , 0x20 , 0xfb , 0x0b , + 0xaa, 0x54 , 0xf6 , 0xe0 , 0x13 , 0xad , 0xe8 , 0x96 , 0x53 , 0x6a , 0xa9 , 0x4b , 0xa1 , 0xcf , 0x56 , 0x10 , + 0xbc, 0x2a , 0x09 , 0xc9 , 0x0a , 0xcc , 0x8d , 0x20 , 0xdd , 0x4d , 0x14 , 0xc7 , 0x08 , 0xab , 0xc1 , 0xc3 , + 0xaf, 0x0b , 0x35 , 0x40 , 0x57 , 0x34 , 0x97 , 0x3b , 0xa2 , 0x2d , 0xa3 , 0x46 , 0xc1 , 0x30 , 0x14 , 0x88 , + 0xa8, 0x74 , 0x79 , 0xdd , 0xb1 , 0x02 , 0x03 , 0x01 , 0x00 , 0x01 , 0xa3 , 0x53 , 0x30 , 0x51 , 0x30 , 0x1d , + 0x06, 0x03 , 0x55 , 0x1d , 0x0e , 0x04 , 0x16 , 0x04 , 0x14 , 0xd7 , 0x75 , 0xfc , 0xed , 0xb7 , 0xc8 , 0xb5 , + 0xf8, 0x7d , 0x28 , 0xc5 , 0x13 , 0x34 , 0xcd , 0x0b , 0xbe , 0x57 , 0x0d , 0x94 , 0xa8 , 0x30 , 0x1f , 0x06 , + 0x03, 0x55 , 0x1d , 0x23 , 0x04 , 0x18 , 0x30 , 0x16 , 0x80 , 0x14 , 0xd7 , 0x75 , 0xfc , 0xed , 0xb7 , 0xc8 , + 0xb5, 0xf8 , 0x7d , 0x28 , 0xc5 , 0x13 , 0x34 , 0xcd , 0x0b , 0xbe , 0x57 , 0x0d , 0x94 , 0xa8 , 0x30 , 0x0f , + 0x06, 0x03 , 0x55 , 0x1d , 0x13 , 0x01 , 0x01 , 0xff , 0x04 , 0x05 , 0x30 , 0x03 , 0x01 , 0x01 , 0xff , 0x30 , + 0x0d, 0x06 , 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x01 , 0x0b , 0x05 , 0x00 , 0x03 , 0x82 , + 0x01, 0x01 , 0x00 , 0x58 , 0xd2 , 0x25 , 0xa3 , 0xe6 , 0xaa , 0xb9 , 0x56 , 0x67 , 0xc3 , 0xa6 , 0x4b , 0x88 , + 0x99, 0xfe , 0xde , 0xc6 , 0x16 , 0x4c , 0x43 , 0x1b , 0xb8 , 0xea , 0xe3 , 0x77 , 0xc4 , 0xe4 , 0x66 , 0x15 , + 0x9f, 0x92 , 0x6d , 0xe3 , 0x7f , 0x3c , 0xac , 0x88 , 0x8b , 0xb9 , 0xc5 , 0x5c , 0x39 , 0x4f , 0x02 , 0x75 , + 0x5a, 0x3d , 0xc5 , 0xaf , 0xad , 0x8f , 0x32 , 0xd4 , 0x5a , 0x44 , 0xc8 , 0xcb , 0x1f , 0x40 , 0xa1 , 0x44 , + 0xef, 0xa8 , 0x2a , 0xa4 , 0x0d , 0x7a , 0x25 , 0xe1 , 0x6c , 0x09 , 0x4b , 0x96 , 0x6a , 0x73 , 0x0f , 0xe0 , + 0x9b, 0x0e , 0x26 , 0xff , 0x61 , 0x96 , 0xc4 , 0xb6 , 0x10 , 0xe1 , 0x90 , 0x36 , 0xfd , 0x96 , 0xb5 , 0x90 , + 0xb0, 0x76 , 0xed , 0xc2 , 0x17 , 0xc0 , 0xfe , 0xd4 , 0x38 , 0xff , 0x7f , 0xc3 , 0xa0 , 0x88 , 0x60 , 0xe8 , + 0x27, 0x10 , 0x34 , 0x35 , 0x93 , 0x59 , 0xcb , 0x12 , 0xe5 , 0x25 , 0xaf , 0x2d , 0x1d , 0x7d , 0x3f , 0x16 , + 0x95, 0x71 , 0x57 , 0x8e , 0x3f , 0xc2 , 0xad , 0x8e , 0xc4 , 0x0e , 0xe1 , 0xed , 0x46 , 0xf9 , 0xd7 , 0x07 , + 0x85, 0xb3 , 0x05 , 0xbe , 0xf1 , 0x4c , 0xba , 0xf1 , 0x34 , 0xe5 , 0xd5 , 0x26 , 0x9b , 0x6c , 0x15 , 0x9e , + 0x35, 0xa2 , 0xd5 , 0x81 , 0x09 , 0x36 , 0x05 , 0xa6 , 0x99 , 0x1f , 0xa2 , 0x17 , 0x35 , 0x3a , 0x38 , 0x18 , + 0x52, 0x44 , 0xcf , 0x22 , 0xb3 , 0x69 , 0xba , 0x07 , 0x74 , 0x48 , 0x1c , 0x8e , 0x4c , 0xa7 , 0xb0 , 0xc2 , + 0x65, 0x6c , 0x1d , 0x30 , 0xe2 , 0x82 , 0xc2 , 0x35 , 0x60 , 0x25 , 0xf2 , 0xb1 , 0x05 , 0x18 , 0x0a , 0x73 , + 0x87, 0x27 , 0xee , 0x6e , 0xc2 , 0x5f , 0xff , 0xd8 , 0xfc , 0x77 , 0x06 , 0x2e , 0x3d , 0x4f , 0xa1 , 0x14 , + 0x04, 0x5d , 0xae , 0x38 , 0x28 , 0xf9 , 0x3d , 0x82 , 0x5f , 0xc6 , 0xd0 , 0x31 , 0x21 , 0x88 , 0xda , 0x7f , + 0x78, 0xe3 , 0xb7 , 0xed , 0x52 , 0x37 , 0xf4 , 0x29 , 0x08 , 0x88 , 0x50 , 0x54 , 0x56 , 0x67 , 0xc0 , 0xe1 , + 0xf4, 0xe7 , 0xcf }; + +unsigned char DB_auth[] = { + 0xe3 ,0x07 ,0x0b ,0x19 ,0x0a ,0x1a ,0x35 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 , + 0x94 ,0x04 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 , + 0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x04 ,0x78 ,0x06 ,0x09 ,0x2a ,0x86 , + 0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x04 ,0x69 ,0x30 ,0x82 ,0x04 ,0x65 ,0x02 , + 0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 , + 0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 , + 0xa0 ,0x82 ,0x02 ,0xf6 ,0x30 ,0x82 ,0x02 ,0xf2 ,0x30 ,0x82 ,0x01 ,0xda ,0xa0 ,0x03 ,0x02 ,0x01 , + 0x02 ,0x02 ,0x09 ,0x00 ,0xfe ,0xdd ,0x2e ,0xec ,0xe0 ,0x22 ,0xdd ,0xf9 ,0x30 ,0x0d ,0x06 ,0x09 , + 0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x0e ,0x31 ,0x0c ,0x30 , + 0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x30 ,0x1e ,0x17 ,0x0d ,0x31 , + 0x39 ,0x30 ,0x31 ,0x31 ,0x32 ,0x31 ,0x38 ,0x35 ,0x36 ,0x33 ,0x31 ,0x5a ,0x17 ,0x0d ,0x32 ,0x39 , + 0x30 ,0x31 ,0x30 ,0x39 ,0x31 ,0x38 ,0x35 ,0x36 ,0x33 ,0x31 ,0x5a ,0x30 ,0x0e ,0x31 ,0x0c ,0x30 , + 0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x30 ,0x82 ,0x01 ,0x22 ,0x30 , + 0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 ,0x82 , + 0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xd1 ,0xf8 ,0xab ,0xdb , + 0xc2 ,0xf5 ,0x51 ,0xde ,0x7b ,0x9f ,0x28 ,0xff ,0xae ,0xdb ,0xa5 ,0xbf ,0x73 ,0x63 ,0x99 ,0x5e , + 0x04 ,0xa5 ,0x9d ,0xfd ,0xcd ,0x24 ,0x2e ,0xdd ,0x0b ,0x02 ,0x88 ,0xe9 ,0x71 ,0x7b ,0xf2 ,0x89 , + 0x90 ,0xae ,0xaf ,0x0d ,0xa0 ,0x68 ,0x4d ,0x31 ,0x1b ,0x30 ,0xe8 ,0x19 ,0x2e ,0xfc ,0x33 ,0x8f , + 0xee ,0x6d ,0x2a ,0x0a ,0x09 ,0x42 ,0x34 ,0xc1 ,0x40 ,0xa8 ,0xe8 ,0xb6 ,0xc7 ,0x92 ,0x5d ,0xa5 , + 0x96 ,0x14 ,0xd7 ,0xaf ,0x8c ,0x71 ,0x6b ,0x4e ,0x7d ,0x6e ,0xfa ,0x73 ,0x1c ,0x40 ,0x4c ,0x05 , + 0x9e ,0xfa ,0xb2 ,0x4c ,0x8c ,0xcb ,0x9d ,0xe2 ,0xa9 ,0x04 ,0x01 ,0x91 ,0x5b ,0xbf ,0xff ,0x85 , + 0x54 ,0x2a ,0x65 ,0x96 ,0x84 ,0x6f ,0xfa ,0x99 ,0x1c ,0x9e ,0xe0 ,0x77 ,0x68 ,0x4d ,0x58 ,0x2a , + 0xc7 ,0xc0 ,0x8f ,0x71 ,0x5a ,0x8f ,0xa9 ,0xff ,0x44 ,0xed ,0xf7 ,0xe4 ,0x47 ,0xd8 ,0x4c ,0x9c , + 0xf4 ,0x78 ,0xa0 ,0xb3 ,0x37 ,0xaf ,0x43 ,0x0b ,0x03 ,0x6f ,0xe4 ,0xe1 ,0x2d ,0x52 ,0x0b ,0x4b , + 0x62 ,0xc6 ,0x2f ,0xe3 ,0xfc ,0x32 ,0xf2 ,0xe2 ,0x11 ,0x1c ,0xac ,0xdf ,0x5a ,0xe8 ,0xdd ,0x55 , + 0x65 ,0xa4 ,0x6f ,0x61 ,0xb7 ,0x0f ,0x1c ,0xc6 ,0x08 ,0x2a ,0xaf ,0x5d ,0x36 ,0x50 ,0x06 ,0x7b , + 0x49 ,0xa0 ,0x8b ,0x1c ,0x93 ,0xdc ,0x72 ,0x69 ,0x7b ,0xf1 ,0xcc ,0xee ,0xa4 ,0xe8 ,0xd0 ,0x7b , + 0x5f ,0x61 ,0xbc ,0xbe ,0x20 ,0xfb ,0x0b ,0xaa ,0x54 ,0xf6 ,0xe0 ,0x13 ,0xad ,0xe8 ,0x96 ,0x53 , + 0x6a ,0xa9 ,0x4b ,0xa1 ,0xcf ,0x56 ,0x10 ,0xbc ,0x2a ,0x09 ,0xc9 ,0x0a ,0xcc ,0x8d ,0x20 ,0xdd , + 0x4d ,0x14 ,0xc7 ,0x08 ,0xab ,0xc1 ,0xc3 ,0xaf ,0x0b ,0x35 ,0x40 ,0x57 ,0x34 ,0x97 ,0x3b ,0xa2 , + 0x2d ,0xa3 ,0x46 ,0xc1 ,0x30 ,0x14 ,0x88 ,0xa8 ,0x74 ,0x79 ,0xdd ,0xb1 ,0x02 ,0x03 ,0x01 ,0x00 , + 0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 ,0x14 , + 0xd7 ,0x75 ,0xfc ,0xed ,0xb7 ,0xc8 ,0xb5 ,0xf8 ,0x7d ,0x28 ,0xc5 ,0x13 ,0x34 ,0xcd ,0x0b ,0xbe , + 0x57 ,0x0d ,0x94 ,0xa8 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80 , + 0x14 ,0xd7 ,0x75 ,0xfc ,0xed ,0xb7 ,0xc8 ,0xb5 ,0xf8 ,0x7d ,0x28 ,0xc5 ,0x13 ,0x34 ,0xcd ,0x0b , + 0xbe ,0x57 ,0x0d ,0x94 ,0xa8 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff ,0x04 , + 0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d , + 0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x58 ,0xd2 ,0x25 ,0xa3 ,0xe6 ,0xaa , + 0xb9 ,0x56 ,0x67 ,0xc3 ,0xa6 ,0x4b ,0x88 ,0x99 ,0xfe ,0xde ,0xc6 ,0x16 ,0x4c ,0x43 ,0x1b ,0xb8 , + 0xea ,0xe3 ,0x77 ,0xc4 ,0xe4 ,0x66 ,0x15 ,0x9f ,0x92 ,0x6d ,0xe3 ,0x7f ,0x3c ,0xac ,0x88 ,0x8b , + 0xb9 ,0xc5 ,0x5c ,0x39 ,0x4f ,0x02 ,0x75 ,0x5a ,0x3d ,0xc5 ,0xaf ,0xad ,0x8f ,0x32 ,0xd4 ,0x5a , + 0x44 ,0xc8 ,0xcb ,0x1f ,0x40 ,0xa1 ,0x44 ,0xef ,0xa8 ,0x2a ,0xa4 ,0x0d ,0x7a ,0x25 ,0xe1 ,0x6c , + 0x09 ,0x4b ,0x96 ,0x6a ,0x73 ,0x0f ,0xe0 ,0x9b ,0x0e ,0x26 ,0xff ,0x61 ,0x96 ,0xc4 ,0xb6 ,0x10 , + 0xe1 ,0x90 ,0x36 ,0xfd ,0x96 ,0xb5 ,0x90 ,0xb0 ,0x76 ,0xed ,0xc2 ,0x17 ,0xc0 ,0xfe ,0xd4 ,0x38 , + 0xff ,0x7f ,0xc3 ,0xa0 ,0x88 ,0x60 ,0xe8 ,0x27 ,0x10 ,0x34 ,0x35 ,0x93 ,0x59 ,0xcb ,0x12 ,0xe5 , + 0x25 ,0xaf ,0x2d ,0x1d ,0x7d ,0x3f ,0x16 ,0x95 ,0x71 ,0x57 ,0x8e ,0x3f ,0xc2 ,0xad ,0x8e ,0xc4 , + 0x0e ,0xe1 ,0xed ,0x46 ,0xf9 ,0xd7 ,0x07 ,0x85 ,0xb3 ,0x05 ,0xbe ,0xf1 ,0x4c ,0xba ,0xf1 ,0x34 , + 0xe5 ,0xd5 ,0x26 ,0x9b ,0x6c ,0x15 ,0x9e ,0x35 ,0xa2 ,0xd5 ,0x81 ,0x09 ,0x36 ,0x05 ,0xa6 ,0x99 , + 0x1f ,0xa2 ,0x17 ,0x35 ,0x3a ,0x38 ,0x18 ,0x52 ,0x44 ,0xcf ,0x22 ,0xb3 ,0x69 ,0xba ,0x07 ,0x74 , + 0x48 ,0x1c ,0x8e ,0x4c ,0xa7 ,0xb0 ,0xc2 ,0x65 ,0x6c ,0x1d ,0x30 ,0xe2 ,0x82 ,0xc2 ,0x35 ,0x60 , + 0x25 ,0xf2 ,0xb1 ,0x05 ,0x18 ,0x0a ,0x73 ,0x87 ,0x27 ,0xee ,0x6e ,0xc2 ,0x5f ,0xff ,0xd8 ,0xfc , + 0x77 ,0x06 ,0x2e ,0x3d ,0x4f ,0xa1 ,0x14 ,0x04 ,0x5d ,0xae ,0x38 ,0x28 ,0xf9 ,0x3d ,0x82 ,0x5f , + 0xc6 ,0xd0 ,0x31 ,0x21 ,0x88 ,0xda ,0x7f ,0x78 ,0xe3 ,0xb7 ,0xed ,0x52 ,0x37 ,0xf4 ,0x29 ,0x08 , + 0x88 ,0x50 ,0x54 ,0x56 ,0x67 ,0xc0 ,0xe1 ,0xf4 ,0xe7 ,0xcf ,0x31 ,0x82 ,0x01 ,0x46 ,0x30 ,0x82 , + 0x01 ,0x42 ,0x02 ,0x01 ,0x01 ,0x30 ,0x1b ,0x30 ,0x0e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 , + 0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x02 ,0x09 ,0x00 ,0xfe ,0xdd ,0x2e ,0xec ,0xe0 ,0x22 , + 0xdd ,0xf9 ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 , + 0x00 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 , + 0x04 ,0x82 ,0x01 ,0x00 ,0x28 ,0x9f ,0xc0 ,0xf5 ,0x52 ,0x8b ,0x45 ,0x8a ,0xaf ,0x43 ,0x39 ,0xd9 , + 0x39 ,0x1d ,0xde ,0x1f ,0x20 ,0x82 ,0x44 ,0x08 ,0xf7 ,0x68 ,0x02 ,0x17 ,0xdb ,0x9f ,0xdf ,0x1e , + 0x2d ,0x88 ,0x6a ,0x9b ,0xe8 ,0xb1 ,0xbb ,0x8f ,0x0b ,0xe1 ,0x45 ,0x64 ,0xf3 ,0xb7 ,0xae ,0x90 , + 0x69 ,0x5c ,0xa7 ,0x0c ,0x98 ,0xb2 ,0x09 ,0x77 ,0xda ,0x24 ,0x1d ,0x01 ,0x94 ,0x1f ,0x95 ,0xbf , + 0x77 ,0xe5 ,0x0e ,0xe4 ,0xd4 ,0x5b ,0x89 ,0x9b ,0xa2 ,0x87 ,0x97 ,0x41 ,0xd4 ,0xb4 ,0xae ,0xb4 , + 0x47 ,0x8a ,0x6e ,0x3f ,0x6b ,0xe7 ,0x8c ,0x04 ,0x04 ,0x0e ,0x27 ,0xcd ,0x4a ,0xd6 ,0x65 ,0x72 , + 0x26 ,0x91 ,0xc9 ,0xb0 ,0x51 ,0x2d ,0x1e ,0x19 ,0xb8 ,0x85 ,0xef ,0x63 ,0x23 ,0xd7 ,0xde ,0x26 , + 0x3d ,0xdb ,0x59 ,0x18 ,0xd3 ,0x80 ,0xc0 ,0xdf ,0xde ,0xe9 ,0x6d ,0x7a ,0xd4 ,0x19 ,0x83 ,0x60 , + 0x96 ,0xe8 ,0x3e ,0xb7 ,0x9a ,0xf5 ,0x69 ,0xe1 ,0xc9 ,0x57 ,0xa6 ,0xad ,0x7f ,0x23 ,0x2f ,0xdd , + 0x5e ,0x15 ,0x38 ,0xc3 ,0x18 ,0xc8 ,0x0a ,0x5d ,0x8e ,0xe9 ,0x6c ,0x20 ,0xad ,0x12 ,0x47 ,0xc9 , + 0x67 ,0x15 ,0xb7 ,0x72 ,0x43 ,0x3e ,0x16 ,0x77 ,0xa6 ,0x2f ,0x72 ,0xfe ,0x34 ,0x45 ,0x2d ,0xa1 , + 0x53 ,0xeb ,0x9e ,0xc4 ,0xfd ,0x2c ,0xf5 ,0x58 ,0xac ,0x05 ,0xbc ,0x57 ,0xd4 ,0xbe ,0x3d ,0xcd , + 0x97 ,0x1d ,0xc5 ,0x14 ,0x29 ,0x17 ,0x19 ,0x4d ,0x0d ,0x2b ,0x28 ,0x87 ,0x14 ,0x02 ,0x1b ,0x6b , + 0x0e ,0xfd ,0x55 ,0xdd ,0x95 ,0x99 ,0x4c ,0xc4 ,0x0c ,0xb3 ,0x68 ,0x1d ,0x71 ,0x64 ,0x1f ,0x48 , + 0xab ,0x34 ,0xa5 ,0xa5 ,0xb7 ,0x1e ,0xb7 ,0xac ,0x86 ,0x2e ,0x0e ,0x7f ,0xb9 ,0xb9 ,0x10 ,0x72 , + 0x76 ,0x07 ,0x8d ,0x6f ,0xc9 ,0xe5 ,0x14 ,0x6e ,0xef ,0x04 ,0x7f ,0xad ,0x33 ,0x98 ,0xf2 ,0x13 , + 0x5c ,0x12 ,0xf1 ,0x48 ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 ,0xab ,0x15 , + 0x5c ,0x2b ,0xf0 ,0x72 ,0x20 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x04 ,0x03 ,0x00 ,0x00 , + 0x11 ,0x11 ,0x11 ,0x11 ,0x22 ,0x22 ,0x33 ,0x33 ,0x44 ,0x44 ,0x12 ,0x34 ,0x56 ,0x78 ,0x9a ,0xbc , + 0x30 ,0x82 ,0x02 ,0xf0 ,0x30 ,0x82 ,0x01 ,0xd8 ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 ,0x00 , + 0x89 ,0x65 ,0xe1 ,0xbe ,0x1d ,0x33 ,0xea ,0xb7 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 , + 0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x0d ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 , + 0x04 ,0x03 ,0x0c ,0x02 ,0x44 ,0x42 ,0x30 ,0x1e ,0x17 ,0x0d ,0x31 ,0x39 ,0x30 ,0x31 ,0x31 ,0x32 , + 0x31 ,0x38 ,0x35 ,0x36 ,0x32 ,0x39 ,0x5a ,0x17 ,0x0d ,0x32 ,0x39 ,0x30 ,0x31 ,0x30 ,0x39 ,0x31 , + 0x38 ,0x35 ,0x36 ,0x32 ,0x39 ,0x5a ,0x30 ,0x0d ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 , + 0x03 ,0x0c ,0x02 ,0x44 ,0x42 ,0x30 ,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 , + 0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 , + 0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xce ,0x70 ,0xf2 ,0x2d ,0xa0 ,0x56 ,0xac ,0xc0 ,0xc0 ,0x33 , + 0x9a ,0xa6 ,0x2c ,0x89 ,0x3c ,0x88 ,0xa9 ,0x9c ,0x67 ,0xaf ,0xeb ,0x0d ,0x44 ,0x7b ,0xe7 ,0x85 , + 0xf1 ,0x3d ,0xc4 ,0x71 ,0xdd ,0xb4 ,0xa7 ,0x51 ,0xac ,0x87 ,0xfa ,0x85 ,0xf0 ,0x3c ,0x80 ,0x0a , + 0x33 ,0x43 ,0x02 ,0xd6 ,0xa8 ,0x59 ,0xe3 ,0xc3 ,0x42 ,0x22 ,0xe0 ,0x0c ,0xbc ,0xc7 ,0x02 ,0x60 , + 0xff ,0x09 ,0x81 ,0x1c ,0x73 ,0x76 ,0x22 ,0x29 ,0xb8 ,0x67 ,0x2a ,0x76 ,0x17 ,0xd2 ,0x9a ,0x33 , + 0x78 ,0x6d ,0x40 ,0x60 ,0x24 ,0x07 ,0xfb ,0x1f ,0xf6 ,0xf5 ,0xb2 ,0xac ,0x44 ,0x77 ,0xd2 ,0x5e , + 0x9d ,0xd7 ,0x24 ,0xe2 ,0x6e ,0xa1 ,0xf2 ,0xb8 ,0x08 ,0x18 ,0x61 ,0x77 ,0x83 ,0xe8 ,0x82 ,0x72 , + 0x6d ,0xf6 ,0xb3 ,0x98 ,0x39 ,0x43 ,0xb8 ,0xaa ,0x97 ,0x03 ,0xc7 ,0x68 ,0x2e ,0x1d ,0xf8 ,0xaf , + 0x75 ,0xad ,0x9e ,0x18 ,0x48 ,0xa3 ,0x24 ,0x3e ,0x04 ,0x30 ,0xe2 ,0xa7 ,0x30 ,0xf7 ,0xf7 ,0xb3 , + 0x05 ,0xac ,0x11 ,0xf4 ,0x20 ,0x47 ,0x36 ,0xcf ,0xca ,0xe0 ,0x8c ,0x52 ,0x0d ,0x4b ,0x30 ,0xf0 , + 0x7e ,0x6f ,0x48 ,0x83 ,0xe1 ,0xb9 ,0xd1 ,0x1d ,0x27 ,0x5d ,0xd3 ,0x10 ,0x9d ,0x63 ,0xdb ,0xe0 , + 0x87 ,0x53 ,0x75 ,0xae ,0xdd ,0xc0 ,0x6c ,0x89 ,0x33 ,0xeb ,0x3e ,0x87 ,0x33 ,0x58 ,0x11 ,0xe5 , + 0x04 ,0xcd ,0xeb ,0x8e ,0xfe ,0x48 ,0x7b ,0xd1 ,0x37 ,0xb4 ,0x41 ,0x9a ,0x3b ,0xab ,0x99 ,0x03 , + 0xfc ,0x72 ,0x4f ,0x39 ,0xb2 ,0x0c ,0x34 ,0x7d ,0x4f ,0xa7 ,0x5e ,0x8b ,0x1e ,0x13 ,0xea ,0xab , + 0x37 ,0x28 ,0x34 ,0x6a ,0x91 ,0xb9 ,0x21 ,0x79 ,0x1b ,0x82 ,0xc0 ,0x61 ,0x4d ,0xb7 ,0xa0 ,0xc5 , + 0x73 ,0xe7 ,0x11 ,0x75 ,0x88 ,0x41 ,0x36 ,0xf7 ,0x55 ,0x94 ,0x87 ,0x6e ,0x25 ,0x82 ,0xf7 ,0xf9 , + 0xcf ,0xc3 ,0x3c ,0x24 ,0xa2 ,0xcb ,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 , + 0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 ,0x14 ,0xe6 ,0xb8 ,0x4e ,0x62 ,0xdb ,0xbd , + 0x98 ,0x8a ,0xbb ,0xfd ,0xa0 ,0x08 ,0x35 ,0x5a ,0xa6 ,0xa0 ,0x80 ,0x01 ,0xc5 ,0x8c ,0x30 ,0x1f , + 0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0xe6 ,0xb8 ,0x4e ,0x62 ,0xdb , + 0xbd ,0x98 ,0x8a ,0xbb ,0xfd ,0xa0 ,0x08 ,0x35 ,0x5a ,0xa6 ,0xa0 ,0x80 ,0x01 ,0xc5 ,0x8c ,0x30 , + 0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff , + 0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 , + 0x82 ,0x01 ,0x01 ,0x00 ,0x6e ,0xb3 ,0x79 ,0x61 ,0xeb ,0xa5 ,0xa6 ,0x6b ,0x77 ,0xcd ,0x6a ,0x76 , + 0xb7 ,0xbf ,0x86 ,0xcf ,0x4c ,0xa2 ,0xa5 ,0xa5 ,0x01 ,0xb7 ,0xb7 ,0x61 ,0x71 ,0x85 ,0x92 ,0x02 , + 0xee ,0x5a ,0xaa ,0xd7 ,0x4a ,0xcf ,0x87 ,0x2a ,0xa2 ,0x70 ,0x8c ,0x49 ,0xe9 ,0x05 ,0x49 ,0x46 , + 0x3d ,0xc1 ,0xe6 ,0xe9 ,0x59 ,0x95 ,0xd4 ,0xc8 ,0x0e ,0xb6 ,0x6d ,0x01 ,0xfb ,0x74 ,0x01 ,0x69 , + 0xb2 ,0xb4 ,0x9b ,0xe8 ,0x2c ,0x99 ,0xb3 ,0x96 ,0x7f ,0xd9 ,0x96 ,0xa6 ,0x28 ,0x02 ,0x10 ,0x07 , + 0x6a ,0xc2 ,0x19 ,0x27 ,0x63 ,0x9c ,0x35 ,0x0a ,0x9a ,0xda ,0x5c ,0x9c ,0x91 ,0xb5 ,0xc6 ,0xe5 , + 0x7c ,0x64 ,0x76 ,0x07 ,0xf6 ,0x56 ,0x7a ,0xf0 ,0xf6 ,0x09 ,0xaf ,0x3b ,0x4b ,0x40 ,0xd6 ,0x80 , + 0xd5 ,0x3e ,0x7f ,0xea ,0x11 ,0xe4 ,0xe1 ,0x78 ,0xac ,0x1e ,0x4b ,0xc4 ,0xdf ,0xb9 ,0xd6 ,0x5f , + 0x68 ,0xba ,0x77 ,0x40 ,0xf5 ,0x1d ,0xb7 ,0x35 ,0xaf ,0xcd ,0x37 ,0xc4 ,0xc9 ,0xb4 ,0x22 ,0x37 , + 0xac ,0x2d ,0xf3 ,0xc3 ,0xf7 ,0x94 ,0x74 ,0x70 ,0xfc ,0xc8 ,0x13 ,0xb2 ,0xdf ,0x98 ,0xa1 ,0x9c , + 0x10 ,0xba ,0x14 ,0x34 ,0xb5 ,0x1b ,0x4a ,0x50 ,0x00 ,0x22 ,0x83 ,0x88 ,0x79 ,0x1e ,0xac ,0xa4 , + 0xe4 ,0x6f ,0xbf ,0x96 ,0x8e ,0xf1 ,0x20 ,0x53 ,0x60 ,0x9d ,0x63 ,0x74 ,0x40 ,0x30 ,0x72 ,0x5e , + 0x56 ,0x75 ,0xf3 ,0x0b ,0x60 ,0x6a ,0xe8 ,0xab ,0x45 ,0x81 ,0xe9 ,0x7b ,0x32 ,0x31 ,0x5b ,0x28 , + 0x3e ,0xc1 ,0x96 ,0x9f ,0x28 ,0x2d ,0x74 ,0xbe ,0xfb ,0x4d ,0xe1 ,0x15 ,0x21 ,0x5a ,0x89 ,0xde , + 0x02 ,0x0f ,0x83 ,0x18 ,0x33 ,0xa4 ,0x0e ,0x58 ,0x20 ,0xaa ,0xea ,0xcf ,0xb0 ,0xbc ,0x35 ,0xfa , + 0x0c ,0x8a ,0x2d ,0x66 ,0xfa ,0x2a ,0xc6 ,0xae ,0xe0 ,0x07 ,0x99 ,0xfa ,0xb3 ,0x44 ,0x61 ,0x61 , + 0x60 ,0x6e ,0xd4 ,0x70 }; + +unsigned char IllformatKEK_auth[] = { + 0xe3, 0x07, 0x0b, 0x13, 0x0a, 0x28, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x94, 0x04, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, + 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, + 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x04, 0x78, 0x02, 0x01, 0x01, 0x31, + 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, + 0x02, 0x01, 0x05, 0x00, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x02, 0xff, 0x30, 0x82, 0x02, + 0xfb, 0x30, 0x82, 0x01, 0xe3, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, + 0x65, 0x75, 0x53, 0x72, 0x12, 0x66, 0xdd, 0x35, 0x15, 0x7c, 0xe8, 0x6c, + 0x53, 0x88, 0xd2, 0x01, 0x81, 0x62, 0xe7, 0x36, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, + 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, + 0x50, 0x4b, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x31, 0x31, 0x39, + 0x31, 0x36, 0x34, 0x30, 0x35, 0x32, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x31, + 0x31, 0x31, 0x36, 0x31, 0x36, 0x34, 0x30, 0x35, 0x32, 0x5a, 0x30, 0x0d, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, + 0x4b, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, + 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd0, 0xe5, + 0xb4, 0x7c, 0x37, 0xec, 0x22, 0xf1, 0xae, 0x68, 0xf8, 0x50, 0xcd, 0x00, + 0xb6, 0xa9, 0xc8, 0x56, 0x47, 0xe1, 0x2f, 0xdc, 0xd0, 0x48, 0x9a, 0x18, + 0x01, 0x59, 0xa1, 0x02, 0x02, 0xd4, 0x2c, 0xbd, 0x46, 0x28, 0xa2, 0x6b, + 0x27, 0x5e, 0xa4, 0x53, 0x6d, 0x17, 0xd5, 0x8f, 0x8d, 0x56, 0x9e, 0xf3, + 0x79, 0x4d, 0x74, 0x1c, 0xb5, 0xff, 0xb5, 0x50, 0xf2, 0x50, 0x7d, 0x2d, + 0x13, 0x1c, 0x4f, 0xd9, 0xf7, 0x2c, 0x25, 0x42, 0xa1, 0xcb, 0x91, 0x8e, + 0x10, 0x43, 0x1f, 0xac, 0x14, 0x23, 0x6b, 0x40, 0x40, 0xa5, 0x48, 0x40, + 0x34, 0xdd, 0x40, 0xdf, 0xc3, 0x29, 0x2a, 0xc3, 0x38, 0xcc, 0x6b, 0x00, + 0xa3, 0xac, 0x63, 0x03, 0x38, 0x75, 0x59, 0xab, 0x5c, 0xbc, 0x98, 0x44, + 0xf6, 0x2c, 0xd5, 0x9d, 0x11, 0x2f, 0xae, 0x2f, 0x11, 0xeb, 0x4d, 0xc4, + 0xbd, 0x86, 0xe0, 0xe9, 0xbb, 0x8d, 0x46, 0x62, 0xbd, 0x33, 0xf4, 0xf4, + 0x78, 0x32, 0xda, 0xcf, 0xd3, 0x35, 0x13, 0x95, 0x55, 0x39, 0xc0, 0x10, + 0x9d, 0xcb, 0x98, 0xa9, 0x6a, 0x31, 0x2e, 0x6b, 0xcb, 0xc8, 0x9a, 0xc6, + 0xaa, 0x48, 0xd6, 0x6e, 0xf3, 0xc0, 0x4b, 0x57, 0x06, 0x51, 0xa3, 0xad, + 0x82, 0xe7, 0xeb, 0x8c, 0x40, 0x64, 0x32, 0xf1, 0xee, 0x1e, 0xe4, 0xae, + 0x81, 0x06, 0x5b, 0x6a, 0x06, 0xbc, 0x96, 0xfc, 0xe6, 0xbc, 0x62, 0x0b, + 0x02, 0x8d, 0x27, 0xa2, 0x9c, 0x44, 0x5e, 0x9e, 0x60, 0x35, 0xa2, 0xc2, + 0x2e, 0xfe, 0x34, 0x53, 0xd8, 0x31, 0xe4, 0xca, 0xa1, 0xb3, 0x99, 0x11, + 0xd5, 0xd3, 0x1b, 0x00, 0x76, 0x8a, 0x2d, 0x9a, 0x94, 0xdc, 0x43, 0xdd, + 0xb0, 0x14, 0x41, 0xb3, 0x70, 0x56, 0x85, 0x31, 0x01, 0x6b, 0xf6, 0x82, + 0x9a, 0x8a, 0x89, 0x5e, 0x72, 0xfe, 0xec, 0x53, 0x04, 0x16, 0x79, 0xa0, + 0xb3, 0xfd, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x70, + 0xbe, 0x22, 0xf9, 0x09, 0xbf, 0xce, 0x96, 0x5a, 0xb6, 0xe7, 0xdb, 0x1a, + 0xa4, 0x5f, 0x84, 0xbf, 0x2c, 0x5b, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x50, 0x70, 0xbe, 0x22, 0xf9, + 0x09, 0xbf, 0xce, 0x96, 0x5a, 0xb6, 0xe7, 0xdb, 0x1a, 0xa4, 0x5f, 0x84, + 0xbf, 0x2c, 0x5b, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, + 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0xcd, 0xca, 0xa3, 0xd4, 0xc9, 0x11, 0xdf, 0x4f, + 0x42, 0x13, 0xdf, 0xcd, 0x5a, 0x13, 0x07, 0x47, 0x16, 0xae, 0x6b, 0xb2, + 0xca, 0xec, 0x70, 0x71, 0x45, 0x5c, 0x61, 0x29, 0x17, 0x63, 0x2c, 0xe9, + 0x75, 0x6f, 0x8a, 0xb7, 0xd5, 0x8d, 0xc8, 0x23, 0x2e, 0xe2, 0x39, 0x1b, + 0xf3, 0x1a, 0xb1, 0xec, 0xf4, 0xc4, 0x88, 0x5a, 0xfe, 0xe2, 0x97, 0x3f, + 0xcb, 0x86, 0x22, 0x8e, 0x58, 0x99, 0x5d, 0x83, 0x46, 0xad, 0x97, 0xbe, + 0x11, 0x13, 0xf0, 0x4b, 0x64, 0x8c, 0x22, 0xca, 0x1f, 0xa4, 0x5d, 0xd7, + 0xf2, 0xc0, 0xc7, 0x1e, 0x57, 0x97, 0x51, 0x26, 0x8d, 0x2b, 0xbb, 0x32, + 0x0e, 0x52, 0xa0, 0xdc, 0xde, 0x4f, 0x85, 0x6e, 0x48, 0xe5, 0x0d, 0xf0, + 0x9e, 0xad, 0xa2, 0xda, 0x69, 0xe0, 0x71, 0x06, 0x63, 0xb1, 0x82, 0x20, + 0xcc, 0x55, 0x08, 0x2f, 0x1b, 0xf9, 0x0b, 0xdd, 0xda, 0xa4, 0xe0, 0xfe, + 0xd6, 0xc2, 0xc3, 0xf1, 0xf8, 0xe1, 0x14, 0xf6, 0xd3, 0xbc, 0x82, 0x53, + 0x06, 0xca, 0xf6, 0x4e, 0x40, 0x88, 0x50, 0x51, 0x33, 0xe2, 0x2a, 0x8b, + 0xa6, 0x1a, 0x37, 0x89, 0xa7, 0xbf, 0x35, 0x2c, 0x4b, 0xf5, 0x7d, 0xc9, + 0x6a, 0x59, 0xb8, 0x62, 0x23, 0x16, 0xf1, 0xd7, 0x2d, 0x67, 0x2d, 0xae, + 0x52, 0x5e, 0x7d, 0x5f, 0xf6, 0x77, 0x9a, 0xed, 0x9c, 0xd0, 0xbd, 0x85, + 0x11, 0xf7, 0xd6, 0x13, 0xbd, 0x49, 0x55, 0x66, 0xc5, 0xa7, 0x88, 0xee, + 0xb3, 0x52, 0x39, 0x43, 0xfa, 0x9e, 0x43, 0xe4, 0x0b, 0x8f, 0xad, 0x7e, + 0x6c, 0xb8, 0xf5, 0x27, 0x7d, 0x29, 0x7b, 0xb1, 0x1a, 0xb3, 0x24, 0x8a, + 0xff, 0xfe, 0x3f, 0x17, 0xfe, 0x17, 0xb7, 0x20, 0x0a, 0xb5, 0x98, 0x32, + 0x72, 0x55, 0xd4, 0xfa, 0x94, 0x09, 0x28, 0xdf, 0x67, 0xc9, 0x61, 0x90, + 0xab, 0x03, 0x79, 0xcf, 0x00, 0xa1, 0x0a, 0x4c, 0x31, 0x82, 0x01, 0x50, + 0x30, 0x82, 0x01, 0x4c, 0x02, 0x01, 0x01, 0x30, 0x25, 0x30, 0x0d, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, + 0x02, 0x14, 0x65, 0x75, 0x53, 0x72, 0x12, 0x66, 0xdd, 0x35, 0x15, 0x7c, + 0xe8, 0x6c, 0x53, 0x88, 0xd2, 0x01, 0x81, 0x62, 0xe7, 0x36, 0x30, 0x0d, + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0xca, 0x5f, 0x9a, 0xc7, + 0x7d, 0xc6, 0x89, 0xab, 0xec, 0x1c, 0xc6, 0xdd, 0x79, 0xf7, 0xee, 0x53, + 0xbd, 0xc4, 0xed, 0x59, 0x82, 0xa0, 0xe1, 0x98, 0x86, 0x20, 0xd0, 0xac, + 0x76, 0x45, 0x44, 0x0e, 0x20, 0xf9, 0x96, 0xf5, 0xcf, 0x60, 0x43, 0x3a, + 0x05, 0x31, 0xf8, 0xe4, 0x6b, 0x75, 0xe3, 0x11, 0x8f, 0x9b, 0x4b, 0x4a, + 0xd9, 0x60, 0xc2, 0x03, 0xdf, 0x06, 0xef, 0x3c, 0x85, 0x03, 0x81, 0x61, + 0x6a, 0x0f, 0xa4, 0x72, 0x02, 0xf9, 0x3a, 0x25, 0xa7, 0x7e, 0xf5, 0x6c, + 0x36, 0x02, 0x6c, 0x47, 0x3e, 0x8d, 0x27, 0x5e, 0x79, 0xc6, 0xaa, 0x67, + 0x74, 0x6a, 0x77, 0x0f, 0x21, 0x95, 0x0d, 0xfe, 0xa2, 0x90, 0x2a, 0x54, + 0x90, 0xff, 0x3d, 0x6a, 0x5d, 0x4d, 0x43, 0xa5, 0xa3, 0xd1, 0x04, 0xcb, + 0x75, 0xd1, 0x2a, 0xf5, 0xa7, 0x27, 0x1e, 0x74, 0xbd, 0xef, 0x47, 0xae, + 0xb5, 0x42, 0xb5, 0x24, 0x9f, 0xc0, 0x01, 0x9b, 0xca, 0x7e, 0xda, 0xa9, + 0x76, 0x7c, 0xf1, 0x2e, 0x43, 0xdc, 0x6c, 0x21, 0x1c, 0x7e, 0xe2, 0x6b, + 0x2b, 0x1a, 0x41, 0x00, 0x95, 0xbe, 0x8a, 0xb9, 0x88, 0x6f, 0x2b, 0xaf, + 0x64, 0x75, 0xb8, 0xa1, 0xe6, 0xf5, 0x03, 0x8a, 0x7f, 0xd9, 0x7d, 0x94, + 0x36, 0xa4, 0x37, 0xba, 0xaa, 0xc1, 0xb1, 0xae, 0xe6, 0xbf, 0x32, 0x79, + 0x2e, 0x27, 0xbf, 0xfd, 0x41, 0x98, 0x3d, 0xe3, 0x6e, 0x25, 0x0a, 0xaf, + 0xfd, 0x37, 0xef, 0x68, 0xc3, 0xdc, 0xb9, 0x9c, 0xa0, 0xb9, 0xa4, 0x92, + 0x01, 0xfb, 0x87, 0x18, 0x89, 0xf2, 0xc7, 0x8e, 0xb1, 0xdb, 0x4b, 0xf0, + 0xca, 0xf6, 0x1e, 0x8c, 0x19, 0x82, 0xa8, 0x1e, 0xe9, 0xfc, 0x12, 0xdd, + 0xe2, 0x57, 0x5f, 0x1b, 0xe2, 0xd9, 0x63, 0xbb, 0x16, 0x99, 0x46, 0x03, + 0x8c, 0x09, 0x9a, 0xd5, 0x87, 0x32, 0x9c, 0x57, 0x84, 0xd9, 0xf4, 0x0f, + 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, + 0x5c, 0x2b, 0xf0, 0x72, 0x2d, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x03, 0x00, 0x00, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, + 0x44, 0x44, 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0x30, 0x82, 0x02, 0xfd, + 0x30, 0x82, 0x01, 0xe5, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x35, + 0xa7, 0x5b, 0x54, 0x85, 0x3a, 0x10, 0xbd, 0x95, 0xed, 0x28, 0xda, 0x7e, + 0xc5, 0x26, 0x7d, 0xb7, 0xc5, 0x9c, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0e, + 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, + 0x45, 0x4b, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x31, 0x31, 0x39, + 0x31, 0x36, 0x34, 0x30, 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x31, + 0x31, 0x31, 0x36, 0x31, 0x36, 0x34, 0x30, 0x35, 0x34, 0x5a, 0x30, 0x0e, + 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, + 0x45, 0x4b, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc9, + 0x9e, 0x2a, 0x8a, 0x23, 0x86, 0xe1, 0x81, 0xff, 0xeb, 0x0f, 0x4d, 0x9a, + 0xf9, 0x67, 0x63, 0xb4, 0x8a, 0x43, 0x12, 0x7d, 0xf8, 0x27, 0x32, 0x9f, + 0xd8, 0xcd, 0x88, 0xd8, 0xf3, 0x28, 0xa8, 0x7a, 0xb8, 0xdf, 0x5f, 0x23, + 0xcc, 0x8a, 0x02, 0x4f, 0xe3, 0xc1, 0xe6, 0x5d, 0xbe, 0x68, 0xeb, 0x15, + 0x8c, 0x8d, 0x15, 0x1d, 0xd6, 0x4e, 0x4f, 0xe2, 0x77, 0xc3, 0xb0, 0x1d, + 0x9c, 0x46, 0xa8, 0x14, 0x9f, 0x6e, 0x30, 0x0f, 0x88, 0x0a, 0x6d, 0xa7, + 0x88, 0x8a, 0xeb, 0xa8, 0xcf, 0xe9, 0xb7, 0x12, 0xc8, 0x40, 0x09, 0xa1, + 0xe9, 0x0a, 0xc6, 0xe4, 0x55, 0xf4, 0x30, 0x85, 0x5d, 0x25, 0x4b, 0x4c, + 0xf8, 0x37, 0xf5, 0x94, 0x38, 0x20, 0x21, 0x54, 0x29, 0xe1, 0xd8, 0xdf, + 0x36, 0xf4, 0xad, 0xaa, 0x1c, 0x90, 0x82, 0xbf, 0xfa, 0x3e, 0xcc, 0xf9, + 0x6a, 0x04, 0x59, 0xa6, 0xf8, 0xb4, 0x22, 0x11, 0x60, 0xcf, 0xa7, 0x41, + 0x6b, 0xce, 0x0e, 0xdf, 0xfa, 0xa6, 0x39, 0x6a, 0x6f, 0x27, 0x7e, 0x13, + 0x44, 0x23, 0xc5, 0x2b, 0x6d, 0x76, 0xb6, 0x1c, 0x5c, 0x4d, 0x07, 0x1a, + 0x53, 0x23, 0x39, 0x65, 0x3b, 0x10, 0xfc, 0xd3, 0x7d, 0x50, 0xb4, 0x13, + 0x62, 0x0d, 0x0f, 0x11, 0x50, 0x1d, 0x9f, 0x25, 0x00, 0xff, 0x9f, 0x8c, + 0xb8, 0x57, 0x45, 0x67, 0x6a, 0x41, 0x2f, 0x6b, 0xff, 0x8f, 0x12, 0x04, + 0x0c, 0xcd, 0xf9, 0xf4, 0x92, 0x0a, 0xea, 0xf6, 0x48, 0x38, 0x4a, 0x9f, + 0xdf, 0x92, 0xb4, 0x84, 0xcf, 0x49, 0x6e, 0xb5, 0x88, 0x7d, 0x7b, 0x33, + 0x86, 0xc3, 0x84, 0x08, 0x08, 0x8b, 0x16, 0x9f, 0x4d, 0x82, 0xb5, 0x15, + 0x03, 0x7e, 0x98, 0x4a, 0xb8, 0xe4, 0xee, 0xf6, 0x01, 0xea, 0x0e, 0x9f, + 0x41, 0x91, 0x2c, 0x37, 0xf2, 0xab, 0xaf, 0xa0, 0x85, 0x9c, 0x31, 0xfa, + 0x3f, 0xe9, 0x33, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x88, + 0xf1, 0x79, 0xea, 0xd8, 0xf9, 0xbe, 0xc7, 0x96, 0x92, 0xa9, 0x08, 0xf3, + 0x75, 0x67, 0x6f, 0xf8, 0x42, 0x0f, 0xc4, 0x30, 0x1f, 0x06, 0x03, 0x55, + 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x88, 0xf1, 0x79, 0xea, + 0xd8, 0xf9, 0xbe, 0xc7, 0x96, 0x92, 0xa9, 0x08, 0xf3, 0x75, 0x67, 0x6f, + 0xf8, 0x42, 0x0f, 0xc4, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x70, 0xec, 0x6a, 0x52, 0x39, 0xb8, 0xe4, + 0x5e, 0x05, 0xbb, 0xef, 0x4b, 0x8d, 0xfa, 0xb8, 0x3d, 0xc0, 0x11, 0x32, + 0xda, 0xe8, 0x51, 0xfd, 0x70, 0x93, 0x0e, 0x90, 0x01, 0x16, 0x78, 0x39, + 0xb6, 0xc5, 0x03, 0x13, 0x93, 0xb1, 0x5d, 0x76, 0xb9, 0x16, 0xcd, 0xfb, + 0x50, 0x43, 0x67, 0x0b, 0xa1, 0x5a, 0x8f, 0x01, 0xdf, 0x98, 0xbf, 0x9c, + 0xaa, 0x04, 0xf3, 0x2d, 0xeb, 0x3d, 0x8c, 0x7c, 0x0d, 0xcd, 0x41, 0x30, + 0x89, 0x47, 0xd4, 0x50, 0x36, 0x8f, 0x44, 0x8e, 0x63, 0x9d, 0x0d, 0x16, + 0x39, 0xf0, 0xf9, 0x42, 0xac, 0x50, 0x79, 0x0e, 0xa1, 0xe4, 0x96, 0x3b, + 0x23, 0xf1, 0x7c, 0xe4, 0x9a, 0xc3, 0x9a, 0x35, 0x6f, 0x83, 0xb1, 0x78, + 0x24, 0xf4, 0x07, 0xdd, 0x38, 0xa1, 0x54, 0xe3, 0x39, 0x3e, 0x86, 0x67, + 0x19, 0xe4, 0xb8, 0x2b, 0x87, 0xf9, 0x9e, 0x78, 0x7f, 0x8c, 0x8f, 0xf2, + 0x64, 0x75, 0xc2, 0x93, 0xd2, 0x18, 0xf9, 0x6d, 0xdc, 0x6e, 0x18, 0x27, + 0xfe, 0x49, 0xce, 0x96, 0x7b, 0xb4, 0x17, 0xd8, 0xbc, 0x19, 0x81, 0x9a, + 0x18, 0x31, 0xbd, 0x78, 0xdb, 0xcd, 0xca, 0x08, 0xe2, 0x54, 0x7d, 0x15, + 0xc5, 0x79, 0x97, 0xbf, 0xab, 0x14, 0xdf, 0x61, 0x10, 0x1d, 0x1c, 0xae, + 0x10, 0x00, 0x0c, 0x06, 0x8b, 0x72, 0xdc, 0xff, 0xbe, 0xf7, 0x1f, 0xac, + 0x9c, 0x87, 0x36, 0x47, 0x72, 0x1f, 0x7f, 0x61, 0x3c, 0xee, 0xc8, 0x2b, + 0xaa, 0x24, 0x58, 0x93, 0xdb, 0x71, 0x47, 0x81, 0xeb, 0xa5, 0x42, 0xfc, + 0x61, 0x2a, 0xf1, 0x70, 0xab, 0xdc, 0xe8, 0x94, 0x10, 0xcc, 0x0e, 0xb8, + 0xea, 0xaa, 0x1e, 0x62, 0xb4, 0x10, 0xc6, 0xa2, 0x25, 0xe7, 0x21, 0xff, + 0x71, 0x61, 0x04, 0xad, 0x54, 0x7c, 0x60, 0x60, 0x56, 0x4a, 0x0d, 0x1d, + 0x2d, 0x9e, 0x7c, 0x59, 0x4b, 0x8a, 0x40, 0xd3, 0x76, +}; +unsigned int IllformatKEK_auth_len = 2001; diff --git a/libstb/secvar/test/data/multipleDB.h b/libstb/secvar/test/data/multipleDB.h new file mode 100644 index 00000000..0c0a5d40 --- /dev/null +++ b/libstb/secvar/test/data/multipleDB.h @@ -0,0 +1,246 @@ +unsigned char multipleDB_auth[] = { + 0xe3, 0x07, 0x0c, 0x0c, 0x0a, 0x2c, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x94, 0x04, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, + 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, + 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x04, 0x78, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x04, 0x69, 0x30, + 0x82, 0x04, 0x65, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, + 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, + 0xa0, 0x82, 0x02, 0xf6, 0x30, 0x82, 0x02, 0xf2, 0x30, 0x82, 0x01, 0xda, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xfe, 0xdd, 0x2e, 0xec, + 0xe0, 0x22, 0xdd, 0xf9, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0e, 0x31, 0x0c, 0x30, + 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, 0x45, 0x4b, 0x30, + 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, + 0x36, 0x33, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, + 0x31, 0x38, 0x35, 0x36, 0x33, 0x31, 0x5a, 0x30, 0x0e, 0x31, 0x0c, 0x30, + 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, 0x45, 0x4b, 0x30, + 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, + 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd1, 0xf8, 0xab, 0xdb, + 0xc2, 0xf5, 0x51, 0xde, 0x7b, 0x9f, 0x28, 0xff, 0xae, 0xdb, 0xa5, 0xbf, + 0x73, 0x63, 0x99, 0x5e, 0x04, 0xa5, 0x9d, 0xfd, 0xcd, 0x24, 0x2e, 0xdd, + 0x0b, 0x02, 0x88, 0xe9, 0x71, 0x7b, 0xf2, 0x89, 0x90, 0xae, 0xaf, 0x0d, + 0xa0, 0x68, 0x4d, 0x31, 0x1b, 0x30, 0xe8, 0x19, 0x2e, 0xfc, 0x33, 0x8f, + 0xee, 0x6d, 0x2a, 0x0a, 0x09, 0x42, 0x34, 0xc1, 0x40, 0xa8, 0xe8, 0xb6, + 0xc7, 0x92, 0x5d, 0xa5, 0x96, 0x14, 0xd7, 0xaf, 0x8c, 0x71, 0x6b, 0x4e, + 0x7d, 0x6e, 0xfa, 0x73, 0x1c, 0x40, 0x4c, 0x05, 0x9e, 0xfa, 0xb2, 0x4c, + 0x8c, 0xcb, 0x9d, 0xe2, 0xa9, 0x04, 0x01, 0x91, 0x5b, 0xbf, 0xff, 0x85, + 0x54, 0x2a, 0x65, 0x96, 0x84, 0x6f, 0xfa, 0x99, 0x1c, 0x9e, 0xe0, 0x77, + 0x68, 0x4d, 0x58, 0x2a, 0xc7, 0xc0, 0x8f, 0x71, 0x5a, 0x8f, 0xa9, 0xff, + 0x44, 0xed, 0xf7, 0xe4, 0x47, 0xd8, 0x4c, 0x9c, 0xf4, 0x78, 0xa0, 0xb3, + 0x37, 0xaf, 0x43, 0x0b, 0x03, 0x6f, 0xe4, 0xe1, 0x2d, 0x52, 0x0b, 0x4b, + 0x62, 0xc6, 0x2f, 0xe3, 0xfc, 0x32, 0xf2, 0xe2, 0x11, 0x1c, 0xac, 0xdf, + 0x5a, 0xe8, 0xdd, 0x55, 0x65, 0xa4, 0x6f, 0x61, 0xb7, 0x0f, 0x1c, 0xc6, + 0x08, 0x2a, 0xaf, 0x5d, 0x36, 0x50, 0x06, 0x7b, 0x49, 0xa0, 0x8b, 0x1c, + 0x93, 0xdc, 0x72, 0x69, 0x7b, 0xf1, 0xcc, 0xee, 0xa4, 0xe8, 0xd0, 0x7b, + 0x5f, 0x61, 0xbc, 0xbe, 0x20, 0xfb, 0x0b, 0xaa, 0x54, 0xf6, 0xe0, 0x13, + 0xad, 0xe8, 0x96, 0x53, 0x6a, 0xa9, 0x4b, 0xa1, 0xcf, 0x56, 0x10, 0xbc, + 0x2a, 0x09, 0xc9, 0x0a, 0xcc, 0x8d, 0x20, 0xdd, 0x4d, 0x14, 0xc7, 0x08, + 0xab, 0xc1, 0xc3, 0xaf, 0x0b, 0x35, 0x40, 0x57, 0x34, 0x97, 0x3b, 0xa2, + 0x2d, 0xa3, 0x46, 0xc1, 0x30, 0x14, 0x88, 0xa8, 0x74, 0x79, 0xdd, 0xb1, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, + 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd7, 0x75, 0xfc, 0xed, + 0xb7, 0xc8, 0xb5, 0xf8, 0x7d, 0x28, 0xc5, 0x13, 0x34, 0xcd, 0x0b, 0xbe, + 0x57, 0x0d, 0x94, 0xa8, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, + 0x18, 0x30, 0x16, 0x80, 0x14, 0xd7, 0x75, 0xfc, 0xed, 0xb7, 0xc8, 0xb5, + 0xf8, 0x7d, 0x28, 0xc5, 0x13, 0x34, 0xcd, 0x0b, 0xbe, 0x57, 0x0d, 0x94, + 0xa8, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x01, 0x00, 0x58, 0xd2, 0x25, 0xa3, 0xe6, 0xaa, 0xb9, 0x56, 0x67, 0xc3, + 0xa6, 0x4b, 0x88, 0x99, 0xfe, 0xde, 0xc6, 0x16, 0x4c, 0x43, 0x1b, 0xb8, + 0xea, 0xe3, 0x77, 0xc4, 0xe4, 0x66, 0x15, 0x9f, 0x92, 0x6d, 0xe3, 0x7f, + 0x3c, 0xac, 0x88, 0x8b, 0xb9, 0xc5, 0x5c, 0x39, 0x4f, 0x02, 0x75, 0x5a, + 0x3d, 0xc5, 0xaf, 0xad, 0x8f, 0x32, 0xd4, 0x5a, 0x44, 0xc8, 0xcb, 0x1f, + 0x40, 0xa1, 0x44, 0xef, 0xa8, 0x2a, 0xa4, 0x0d, 0x7a, 0x25, 0xe1, 0x6c, + 0x09, 0x4b, 0x96, 0x6a, 0x73, 0x0f, 0xe0, 0x9b, 0x0e, 0x26, 0xff, 0x61, + 0x96, 0xc4, 0xb6, 0x10, 0xe1, 0x90, 0x36, 0xfd, 0x96, 0xb5, 0x90, 0xb0, + 0x76, 0xed, 0xc2, 0x17, 0xc0, 0xfe, 0xd4, 0x38, 0xff, 0x7f, 0xc3, 0xa0, + 0x88, 0x60, 0xe8, 0x27, 0x10, 0x34, 0x35, 0x93, 0x59, 0xcb, 0x12, 0xe5, + 0x25, 0xaf, 0x2d, 0x1d, 0x7d, 0x3f, 0x16, 0x95, 0x71, 0x57, 0x8e, 0x3f, + 0xc2, 0xad, 0x8e, 0xc4, 0x0e, 0xe1, 0xed, 0x46, 0xf9, 0xd7, 0x07, 0x85, + 0xb3, 0x05, 0xbe, 0xf1, 0x4c, 0xba, 0xf1, 0x34, 0xe5, 0xd5, 0x26, 0x9b, + 0x6c, 0x15, 0x9e, 0x35, 0xa2, 0xd5, 0x81, 0x09, 0x36, 0x05, 0xa6, 0x99, + 0x1f, 0xa2, 0x17, 0x35, 0x3a, 0x38, 0x18, 0x52, 0x44, 0xcf, 0x22, 0xb3, + 0x69, 0xba, 0x07, 0x74, 0x48, 0x1c, 0x8e, 0x4c, 0xa7, 0xb0, 0xc2, 0x65, + 0x6c, 0x1d, 0x30, 0xe2, 0x82, 0xc2, 0x35, 0x60, 0x25, 0xf2, 0xb1, 0x05, + 0x18, 0x0a, 0x73, 0x87, 0x27, 0xee, 0x6e, 0xc2, 0x5f, 0xff, 0xd8, 0xfc, + 0x77, 0x06, 0x2e, 0x3d, 0x4f, 0xa1, 0x14, 0x04, 0x5d, 0xae, 0x38, 0x28, + 0xf9, 0x3d, 0x82, 0x5f, 0xc6, 0xd0, 0x31, 0x21, 0x88, 0xda, 0x7f, 0x78, + 0xe3, 0xb7, 0xed, 0x52, 0x37, 0xf4, 0x29, 0x08, 0x88, 0x50, 0x54, 0x56, + 0x67, 0xc0, 0xe1, 0xf4, 0xe7, 0xcf, 0x31, 0x82, 0x01, 0x46, 0x30, 0x82, + 0x01, 0x42, 0x02, 0x01, 0x01, 0x30, 0x1b, 0x30, 0x0e, 0x31, 0x0c, 0x30, + 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, 0x45, 0x4b, 0x02, + 0x09, 0x00, 0xfe, 0xdd, 0x2e, 0xec, 0xe0, 0x22, 0xdd, 0xf9, 0x30, 0x0d, + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0xb9, 0x54, 0x15, 0x97, + 0x74, 0xe4, 0x9c, 0xc7, 0xf8, 0x45, 0x2a, 0xdb, 0xca, 0x34, 0x58, 0x0a, + 0x82, 0x32, 0x58, 0xaa, 0x82, 0xde, 0xc2, 0x47, 0xda, 0x77, 0xf6, 0x52, + 0xc6, 0x84, 0x55, 0x0b, 0x80, 0x1d, 0x9a, 0xc3, 0x18, 0xb8, 0x73, 0xea, + 0x4d, 0x77, 0x37, 0xa3, 0xa7, 0x44, 0xc3, 0xfc, 0x82, 0x29, 0xeb, 0x39, + 0x9c, 0xb6, 0xb8, 0xdb, 0x3c, 0x77, 0xce, 0x3d, 0xfb, 0x53, 0x5c, 0xd6, + 0x81, 0xd5, 0xca, 0x69, 0x3c, 0x61, 0xec, 0x1a, 0x38, 0xdb, 0x6e, 0x74, + 0xf8, 0xf3, 0xc1, 0xe4, 0x7d, 0x62, 0x35, 0xd0, 0x51, 0xca, 0x02, 0x55, + 0x46, 0x86, 0x03, 0x39, 0x00, 0x1c, 0xa7, 0x3c, 0xe5, 0xcf, 0x46, 0x67, + 0x9a, 0x23, 0x93, 0x6f, 0x58, 0xcb, 0x9b, 0x78, 0xb7, 0x49, 0x7b, 0x5c, + 0x4a, 0x56, 0xf2, 0xdd, 0x78, 0xde, 0x88, 0xd2, 0xeb, 0x4c, 0x4a, 0x2d, + 0xf1, 0x35, 0x66, 0x45, 0x75, 0xfa, 0x62, 0xac, 0xd4, 0xee, 0x7b, 0x5e, + 0x84, 0x08, 0xd6, 0xec, 0xb6, 0xe0, 0xaa, 0x44, 0x78, 0xd5, 0x41, 0x96, + 0x4f, 0xaf, 0x0a, 0xcd, 0x5c, 0x6a, 0x46, 0x48, 0x08, 0x02, 0xf9, 0xfa, + 0xba, 0x01, 0xce, 0x5d, 0xda, 0xbe, 0xcf, 0xf5, 0x51, 0x99, 0x3c, 0x0a, + 0x01, 0xad, 0xbf, 0x92, 0x3f, 0x9e, 0x2c, 0x16, 0x27, 0x0f, 0xc6, 0x47, + 0x07, 0x77, 0x82, 0x17, 0x48, 0x3b, 0xdc, 0xef, 0x99, 0x77, 0x4d, 0x10, + 0xe6, 0x2c, 0xf4, 0x47, 0x6a, 0xe8, 0xe7, 0x82, 0xae, 0x00, 0x3c, 0x4c, + 0xde, 0x76, 0x88, 0xe5, 0x5e, 0xc9, 0xc6, 0x6a, 0x64, 0x5c, 0xf6, 0x44, + 0x60, 0x99, 0x1e, 0xb0, 0x3c, 0x5f, 0x17, 0xba, 0xc9, 0xfc, 0xb6, 0x29, + 0xbf, 0x53, 0x53, 0xca, 0xba, 0x7d, 0x0d, 0xd7, 0x41, 0xc4, 0x43, 0x98, + 0xec, 0xc0, 0xde, 0x5c, 0xeb, 0x04, 0x35, 0x9e, 0x0f, 0x60, 0xe8, 0x31, + 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, + 0x5c, 0x2b, 0xf0, 0x72, 0x20, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x03, 0x00, 0x00, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, + 0x44, 0x44, 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0x30, 0x82, 0x02, 0xf0, + 0x30, 0x82, 0x01, 0xd8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, + 0x89, 0x65, 0xe1, 0xbe, 0x1d, 0x33, 0xea, 0xb7, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, + 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, + 0x44, 0x42, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, + 0x31, 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, + 0x31, 0x30, 0x39, 0x31, 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x44, + 0x42, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, + 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x70, + 0xf2, 0x2d, 0xa0, 0x56, 0xac, 0xc0, 0xc0, 0x33, 0x9a, 0xa6, 0x2c, 0x89, + 0x3c, 0x88, 0xa9, 0x9c, 0x67, 0xaf, 0xeb, 0x0d, 0x44, 0x7b, 0xe7, 0x85, + 0xf1, 0x3d, 0xc4, 0x71, 0xdd, 0xb4, 0xa7, 0x51, 0xac, 0x87, 0xfa, 0x85, + 0xf0, 0x3c, 0x80, 0x0a, 0x33, 0x43, 0x02, 0xd6, 0xa8, 0x59, 0xe3, 0xc3, + 0x42, 0x22, 0xe0, 0x0c, 0xbc, 0xc7, 0x02, 0x60, 0xff, 0x09, 0x81, 0x1c, + 0x73, 0x76, 0x22, 0x29, 0xb8, 0x67, 0x2a, 0x76, 0x17, 0xd2, 0x9a, 0x33, + 0x78, 0x6d, 0x40, 0x60, 0x24, 0x07, 0xfb, 0x1f, 0xf6, 0xf5, 0xb2, 0xac, + 0x44, 0x77, 0xd2, 0x5e, 0x9d, 0xd7, 0x24, 0xe2, 0x6e, 0xa1, 0xf2, 0xb8, + 0x08, 0x18, 0x61, 0x77, 0x83, 0xe8, 0x82, 0x72, 0x6d, 0xf6, 0xb3, 0x98, + 0x39, 0x43, 0xb8, 0xaa, 0x97, 0x03, 0xc7, 0x68, 0x2e, 0x1d, 0xf8, 0xaf, + 0x75, 0xad, 0x9e, 0x18, 0x48, 0xa3, 0x24, 0x3e, 0x04, 0x30, 0xe2, 0xa7, + 0x30, 0xf7, 0xf7, 0xb3, 0x05, 0xac, 0x11, 0xf4, 0x20, 0x47, 0x36, 0xcf, + 0xca, 0xe0, 0x8c, 0x52, 0x0d, 0x4b, 0x30, 0xf0, 0x7e, 0x6f, 0x48, 0x83, + 0xe1, 0xb9, 0xd1, 0x1d, 0x27, 0x5d, 0xd3, 0x10, 0x9d, 0x63, 0xdb, 0xe0, + 0x87, 0x53, 0x75, 0xae, 0xdd, 0xc0, 0x6c, 0x89, 0x33, 0xeb, 0x3e, 0x87, + 0x33, 0x58, 0x11, 0xe5, 0x04, 0xcd, 0xeb, 0x8e, 0xfe, 0x48, 0x7b, 0xd1, + 0x37, 0xb4, 0x41, 0x9a, 0x3b, 0xab, 0x99, 0x03, 0xfc, 0x72, 0x4f, 0x39, + 0xb2, 0x0c, 0x34, 0x7d, 0x4f, 0xa7, 0x5e, 0x8b, 0x1e, 0x13, 0xea, 0xab, + 0x37, 0x28, 0x34, 0x6a, 0x91, 0xb9, 0x21, 0x79, 0x1b, 0x82, 0xc0, 0x61, + 0x4d, 0xb7, 0xa0, 0xc5, 0x73, 0xe7, 0x11, 0x75, 0x88, 0x41, 0x36, 0xf7, + 0x55, 0x94, 0x87, 0x6e, 0x25, 0x82, 0xf7, 0xf9, 0xcf, 0xc3, 0x3c, 0x24, + 0xa2, 0xcb, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xe6, 0xb8, + 0x4e, 0x62, 0xdb, 0xbd, 0x98, 0x8a, 0xbb, 0xfd, 0xa0, 0x08, 0x35, 0x5a, + 0xa6, 0xa0, 0x80, 0x01, 0xc5, 0x8c, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xe6, 0xb8, 0x4e, 0x62, 0xdb, + 0xbd, 0x98, 0x8a, 0xbb, 0xfd, 0xa0, 0x08, 0x35, 0x5a, 0xa6, 0xa0, 0x80, + 0x01, 0xc5, 0x8c, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, + 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0x6e, 0xb3, 0x79, 0x61, 0xeb, 0xa5, 0xa6, 0x6b, + 0x77, 0xcd, 0x6a, 0x76, 0xb7, 0xbf, 0x86, 0xcf, 0x4c, 0xa2, 0xa5, 0xa5, + 0x01, 0xb7, 0xb7, 0x61, 0x71, 0x85, 0x92, 0x02, 0xee, 0x5a, 0xaa, 0xd7, + 0x4a, 0xcf, 0x87, 0x2a, 0xa2, 0x70, 0x8c, 0x49, 0xe9, 0x05, 0x49, 0x46, + 0x3d, 0xc1, 0xe6, 0xe9, 0x59, 0x95, 0xd4, 0xc8, 0x0e, 0xb6, 0x6d, 0x01, + 0xfb, 0x74, 0x01, 0x69, 0xb2, 0xb4, 0x9b, 0xe8, 0x2c, 0x99, 0xb3, 0x96, + 0x7f, 0xd9, 0x96, 0xa6, 0x28, 0x02, 0x10, 0x07, 0x6a, 0xc2, 0x19, 0x27, + 0x63, 0x9c, 0x35, 0x0a, 0x9a, 0xda, 0x5c, 0x9c, 0x91, 0xb5, 0xc6, 0xe5, + 0x7c, 0x64, 0x76, 0x07, 0xf6, 0x56, 0x7a, 0xf0, 0xf6, 0x09, 0xaf, 0x3b, + 0x4b, 0x40, 0xd6, 0x80, 0xd5, 0x3e, 0x7f, 0xea, 0x11, 0xe4, 0xe1, 0x78, + 0xac, 0x1e, 0x4b, 0xc4, 0xdf, 0xb9, 0xd6, 0x5f, 0x68, 0xba, 0x77, 0x40, + 0xf5, 0x1d, 0xb7, 0x35, 0xaf, 0xcd, 0x37, 0xc4, 0xc9, 0xb4, 0x22, 0x37, + 0xac, 0x2d, 0xf3, 0xc3, 0xf7, 0x94, 0x74, 0x70, 0xfc, 0xc8, 0x13, 0xb2, + 0xdf, 0x98, 0xa1, 0x9c, 0x10, 0xba, 0x14, 0x34, 0xb5, 0x1b, 0x4a, 0x50, + 0x00, 0x22, 0x83, 0x88, 0x79, 0x1e, 0xac, 0xa4, 0xe4, 0x6f, 0xbf, 0x96, + 0x8e, 0xf1, 0x20, 0x53, 0x60, 0x9d, 0x63, 0x74, 0x40, 0x30, 0x72, 0x5e, + 0x56, 0x75, 0xf3, 0x0b, 0x60, 0x6a, 0xe8, 0xab, 0x45, 0x81, 0xe9, 0x7b, + 0x32, 0x31, 0x5b, 0x28, 0x3e, 0xc1, 0x96, 0x9f, 0x28, 0x2d, 0x74, 0xbe, + 0xfb, 0x4d, 0xe1, 0x15, 0x21, 0x5a, 0x89, 0xde, 0x02, 0x0f, 0x83, 0x18, + 0x33, 0xa4, 0x0e, 0x58, 0x20, 0xaa, 0xea, 0xcf, 0xb0, 0xbc, 0x35, 0xfa, + 0x0c, 0x8a, 0x2d, 0x66, 0xfa, 0x2a, 0xc6, 0xae, 0xe0, 0x07, 0x99, 0xfa, + 0xb3, 0x44, 0x61, 0x61, 0x60, 0x6e, 0xd4, 0x70, 0xa1, 0x59, 0xc0, 0xa5, + 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72, + 0x96, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7a, 0x03, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x30, 0x82, 0x03, 0x66, 0x30, 0x82, 0x02, 0x4e, + 0x02, 0x09, 0x00, 0x95, 0x31, 0xa3, 0x02, 0x84, 0x1f, 0x73, 0x3f, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x75, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x02, 0x54, 0x58, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x06, 0x41, 0x55, 0x53, 0x54, 0x49, 0x4e, 0x31, + 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x03, 0x49, 0x42, + 0x4d, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x03, + 0x4c, 0x54, 0x43, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x02, 0x73, 0x62, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x6e, 0x61, 0x79, + 0x6e, 0x6a, 0x61, 0x69, 0x6e, 0x40, 0x69, 0x62, 0x6d, 0x2e, 0x63, 0x6f, + 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x32, 0x31, 0x32, 0x31, + 0x35, 0x32, 0x34, 0x33, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x31, 0x32, + 0x31, 0x31, 0x31, 0x35, 0x32, 0x34, 0x33, 0x39, 0x5a, 0x30, 0x75, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x54, + 0x58, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x06, + 0x41, 0x55, 0x53, 0x54, 0x49, 0x4e, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, + 0x55, 0x04, 0x0a, 0x0c, 0x03, 0x49, 0x42, 0x4d, 0x31, 0x0c, 0x30, 0x0a, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x03, 0x4c, 0x54, 0x43, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x73, 0x62, 0x31, + 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x6e, 0x61, 0x79, 0x6e, 0x6a, 0x61, 0x69, 0x6e, + 0x40, 0x69, 0x62, 0x6d, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, + 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0xcd, 0x62, 0x15, 0x94, 0xc3, 0x3d, + 0xde, 0x0d, 0xe7, 0xb3, 0xfc, 0x30, 0x4a, 0xbb, 0x72, 0x85, 0xd3, 0x9b, + 0xcc, 0xc2, 0xd5, 0x44, 0xf2, 0x36, 0xea, 0xb8, 0x67, 0x66, 0xba, 0x1d, + 0xf1, 0x60, 0x6e, 0x74, 0xe5, 0xd4, 0x85, 0x9e, 0x2c, 0x28, 0xbe, 0xec, + 0x7a, 0xb5, 0xce, 0xb3, 0x61, 0x41, 0xf4, 0xd6, 0xc6, 0xbb, 0x61, 0xe0, + 0xf1, 0x2d, 0x5f, 0xca, 0xca, 0xc3, 0xb0, 0x4b, 0x70, 0xac, 0x37, 0x31, + 0xcd, 0x33, 0xff, 0x7f, 0xef, 0x90, 0x60, 0x49, 0xf8, 0x93, 0xc9, 0x99, + 0x06, 0x6e, 0xdb, 0xe8, 0x81, 0x51, 0xa9, 0x49, 0xd9, 0x0e, 0xda, 0x3e, + 0xff, 0xfe, 0x69, 0x0a, 0x17, 0x80, 0x90, 0x01, 0xe9, 0x49, 0x6e, 0x6f, + 0x30, 0x50, 0x97, 0xb8, 0xba, 0x05, 0xa2, 0x23, 0x22, 0x44, 0xb8, 0x7b, + 0xcf, 0x1c, 0x02, 0xd4, 0xb8, 0x05, 0x38, 0xd7, 0xa3, 0xde, 0x1f, 0x88, + 0x37, 0x1a, 0x7f, 0xb8, 0x5d, 0x3d, 0x8d, 0x04, 0x0e, 0xbe, 0x85, 0x12, + 0x20, 0x89, 0xbc, 0xe0, 0xea, 0xe7, 0xd8, 0xd1, 0x68, 0xab, 0xc7, 0x50, + 0xc5, 0x42, 0x4d, 0x15, 0xa3, 0xdd, 0x15, 0x80, 0xe5, 0x7d, 0x1f, 0x23, + 0x51, 0xf3, 0x02, 0x79, 0x2e, 0x62, 0x40, 0xf6, 0x74, 0xb0, 0x55, 0x28, + 0x90, 0x6b, 0x3c, 0x97, 0x4d, 0x21, 0x09, 0xd6, 0x44, 0x05, 0xe6, 0xa5, + 0xaf, 0x8c, 0x76, 0x7a, 0x30, 0xc9, 0x08, 0xd4, 0x1c, 0x4a, 0x80, 0xcc, + 0xbe, 0xd4, 0x7c, 0x84, 0xa5, 0x6b, 0xe9, 0x9b, 0x9c, 0xcc, 0x32, 0xb9, + 0xe9, 0x7e, 0xb4, 0x87, 0x2c, 0x3e, 0xc8, 0x5a, 0x18, 0xda, 0xed, 0x9d, + 0x4a, 0xbd, 0xeb, 0xd8, 0xdc, 0x03, 0xc9, 0x08, 0x83, 0x80, 0x71, 0x2b, + 0xca, 0x92, 0x91, 0x9b, 0x33, 0x23, 0x62, 0xd4, 0x2b, 0x0a, 0x89, 0x70, + 0x8e, 0x22, 0xd2, 0x88, 0xa3, 0x89, 0x2f, 0x93, 0xf7, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x98, 0x35, + 0x19, 0x40, 0x98, 0xb9, 0x01, 0x27, 0xe3, 0x65, 0x35, 0x5e, 0xef, 0x0d, + 0x0c, 0x17, 0xee, 0x63, 0xe8, 0xc5, 0x60, 0xfd, 0xdf, 0xc0, 0xbc, 0x5b, + 0xaf, 0xd2, 0xbb, 0x2b, 0x23, 0xdb, 0x78, 0x17, 0xc5, 0xdd, 0x89, 0xa6, + 0x1b, 0xd6, 0xe1, 0x75, 0xa6, 0x5c, 0x62, 0xaa, 0x25, 0x6a, 0xbf, 0xd2, + 0xf3, 0x00, 0x71, 0x4d, 0x07, 0x28, 0xac, 0x31, 0x5f, 0x72, 0x78, 0xdb, + 0x50, 0xcc, 0x53, 0x05, 0x72, 0x41, 0x9f, 0x09, 0x8f, 0x33, 0x28, 0x9d, + 0x2f, 0xa9, 0xeb, 0x5d, 0xe8, 0x4d, 0x7f, 0x58, 0x88, 0x69, 0x54, 0x7d, + 0x5f, 0x1a, 0xe4, 0x07, 0x0b, 0x63, 0x71, 0xd6, 0x8e, 0xe3, 0xaa, 0xe7, + 0x09, 0xa7, 0xa7, 0xfe, 0xec, 0xa3, 0x9e, 0xc3, 0x60, 0x07, 0x5d, 0xa8, + 0x01, 0xac, 0x6b, 0xd9, 0x19, 0x57, 0x82, 0x76, 0x0d, 0x5a, 0xdc, 0x40, + 0x82, 0xbb, 0x04, 0xa4, 0xb4, 0xd9, 0x88, 0xab, 0xa2, 0x8f, 0xca, 0xf4, + 0xd7, 0x91, 0x84, 0x46, 0x5a, 0x49, 0x6e, 0xc9, 0xcd, 0xcc, 0xf5, 0x2a, + 0x17, 0xf4, 0xbf, 0xcc, 0x78, 0x0c, 0xe0, 0x18, 0xf9, 0x73, 0xa7, 0x81, + 0x39, 0x08, 0x07, 0xdf, 0x56, 0x95, 0xd0, 0xa5, 0x54, 0xe5, 0xad, 0x85, + 0xc6, 0x51, 0xfd, 0x69, 0x4b, 0xa8, 0x90, 0xdd, 0x3a, 0xf8, 0xe7, 0x57, + 0x93, 0x5e, 0xcd, 0x8e, 0x62, 0x9c, 0x66, 0xd5, 0x86, 0x48, 0xfe, 0x81, + 0xa3, 0xc0, 0xdb, 0x70, 0x01, 0xbd, 0x76, 0xd9, 0x74, 0x95, 0x5c, 0xf1, + 0xce, 0x90, 0x6a, 0xd8, 0x3d, 0x9f, 0x32, 0x24, 0x18, 0x69, 0x55, 0x68, + 0x95, 0x91, 0x54, 0x99, 0xe3, 0x87, 0x47, 0xea, 0x3c, 0xa1, 0xc2, 0x23, + 0x66, 0xf2, 0xf4, 0xcc, 0xb9, 0x57, 0x46, 0x72, 0x73, 0x20, 0x71, 0xd3, + 0x57, 0x56, 0xd4, 0x46, 0x29, 0x54, 0xb8, 0x8c, 0x6e, 0x30, 0x17, 0x38, + 0xcd, 0xdd, +}; +unsigned int multipleDB_auth_len = 2906; diff --git a/libstb/secvar/test/data/multipleKEK.h b/libstb/secvar/test/data/multipleKEK.h new file mode 100644 index 00000000..c7b31971 --- /dev/null +++ b/libstb/secvar/test/data/multipleKEK.h @@ -0,0 +1,236 @@ +unsigned char multipleKEK_auth[] = { + 0xe3, 0x07, 0x0c, 0x0c, 0x16, 0x27, 0x17, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x91, 0x04, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, + 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, + 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x04, 0x75, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x04, 0x66, 0x30, + 0x82, 0x04, 0x62, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, + 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, + 0xa0, 0x82, 0x02, 0xf4, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, 0xd8, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, 0xbe, + 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, 0x36, + 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, 0x31, + 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, + 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, 0x2d, + 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, 0x61, + 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, 0xd3, + 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, 0xb4, + 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, 0x0d, + 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, 0x8d, + 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, 0x5f, + 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, 0xf0, + 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, 0x75, + 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, 0x91, + 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, 0xbf, + 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, 0x21, + 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, 0x41, + 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, 0x87, + 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, 0x0e, + 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, 0xac, + 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, 0x2c, + 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, 0xed, + 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, 0x8d, + 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, 0xee, + 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, 0x2a, + 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, + 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, + 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, 0x3e, + 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, 0x30, + 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, 0x37, + 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, 0x9c, + 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, 0xb1, + 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, 0x9f, + 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, 0xe5, + 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, 0xe1, + 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, 0xed, + 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, 0xd4, + 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, 0xe0, + 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, 0xcc, + 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, 0x14, + 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, 0x23, + 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, 0xe2, + 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, 0x7f, + 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, 0xfa, + 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, 0x52, + 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, 0xe7, + 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, 0xb7, + 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, 0x0c, + 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, 0x8b, + 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, 0xe7, + 0x12, 0xe1, 0x66, 0x15, 0x31, 0x82, 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, + 0x02, 0x01, 0x01, 0x30, 0x1a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x02, 0x09, 0x00, 0xec, + 0x89, 0x21, 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x04, 0x82, 0x01, 0x00, 0x61, 0x13, 0xf4, 0x87, 0xad, 0xa5, 0xab, + 0x76, 0x07, 0x49, 0x66, 0x79, 0xcd, 0xe4, 0x64, 0x0b, 0x0c, 0xfe, 0x75, + 0x94, 0xa9, 0xff, 0xc2, 0xbf, 0xc8, 0xbc, 0x00, 0x13, 0x5f, 0x08, 0x08, + 0x89, 0xd8, 0x63, 0x79, 0x19, 0xf0, 0x90, 0x59, 0x0e, 0x6e, 0x53, 0xee, + 0x1a, 0xee, 0x60, 0xcb, 0x26, 0xaf, 0x05, 0xb4, 0xbc, 0x97, 0x0b, 0x91, + 0xd9, 0xad, 0x42, 0xa9, 0x6e, 0x4e, 0xc3, 0xae, 0xad, 0xa4, 0x20, 0x54, + 0x59, 0x64, 0xba, 0xbb, 0x8b, 0x11, 0xfa, 0x45, 0x02, 0xa6, 0xa0, 0xb1, + 0x18, 0x39, 0x8a, 0xc0, 0x5e, 0x44, 0xc3, 0xdc, 0x65, 0x7f, 0xef, 0x18, + 0x03, 0x2a, 0xe2, 0x46, 0xa8, 0xbe, 0xc7, 0xb0, 0xdf, 0x1b, 0x7d, 0xf9, + 0x97, 0xbd, 0x94, 0xd8, 0x38, 0x38, 0x9b, 0x57, 0x35, 0xf8, 0xdb, 0xe9, + 0x27, 0xc7, 0x70, 0xad, 0x10, 0x6d, 0x81, 0xd7, 0xad, 0x7d, 0xfd, 0xdb, + 0x1c, 0x7e, 0x2b, 0x0e, 0x5b, 0xd3, 0xa9, 0x04, 0x7e, 0xcc, 0xc1, 0x50, + 0x6d, 0x51, 0xf6, 0xad, 0x4b, 0xb3, 0x14, 0x29, 0xad, 0x2e, 0xcd, 0xd0, + 0x54, 0x67, 0xa2, 0x88, 0xe6, 0x60, 0x03, 0x62, 0x1a, 0x7e, 0x20, 0x42, + 0xd5, 0xa1, 0x2b, 0x1a, 0xac, 0x69, 0x03, 0xc4, 0x99, 0x92, 0xa0, 0xbd, + 0x3b, 0x8a, 0x0c, 0x12, 0x77, 0x2b, 0x0e, 0xc3, 0xbc, 0x64, 0x9f, 0x73, + 0x7a, 0xa3, 0x4f, 0x1a, 0x0f, 0x1d, 0x92, 0xd0, 0x86, 0x55, 0x1d, 0x73, + 0x87, 0xf2, 0xdd, 0x25, 0xf3, 0x2a, 0x4b, 0x22, 0x64, 0x8d, 0x7d, 0x25, + 0x5b, 0xe6, 0xe4, 0x39, 0x95, 0x32, 0xd9, 0xa9, 0x11, 0xd2, 0x9c, 0x42, + 0xd0, 0x00, 0xa7, 0x02, 0x07, 0x36, 0x64, 0x2b, 0xdc, 0x8a, 0x75, 0x71, + 0xde, 0xa8, 0xf7, 0x3d, 0xdf, 0xe0, 0xcc, 0x90, 0x0f, 0x99, 0x26, 0xd4, + 0x76, 0xc8, 0x03, 0xf4, 0x68, 0xe1, 0x37, 0xc7, 0x8f, 0xa1, 0x59, 0xc0, + 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, + 0x72, 0x20, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x03, 0x00, + 0x00, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x12, + 0x34, 0x56, 0x78, 0x9a, 0xbc, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, + 0xd8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, + 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, + 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, + 0x36, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, + 0x31, 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, + 0x2d, 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, + 0x61, 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, + 0xd3, 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, + 0xb4, 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, + 0x0d, 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, + 0x8d, 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, + 0x5f, 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, + 0xf0, 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, + 0x75, 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, + 0x91, 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, + 0xbf, 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, + 0x21, 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, + 0x41, 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, + 0x87, 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, + 0x0e, 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, + 0xac, 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, + 0x2c, 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, + 0xed, 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, + 0x8d, 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, + 0xee, 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, + 0x2a, 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, + 0x99, 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, + 0xef, 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, + 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, + 0x00, 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, + 0x37, 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, + 0x9c, 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, + 0xb1, 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, + 0x9f, 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, + 0xe5, 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, + 0xe1, 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, + 0xed, 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, + 0xd4, 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, + 0xe0, 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, + 0xcc, 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, + 0x14, 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, + 0x23, 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, + 0xe2, 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, + 0x7f, 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, + 0xfa, 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, + 0x52, 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, + 0xe7, 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, + 0xb7, 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, + 0x0c, 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, + 0x8b, 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, + 0xe7, 0x12, 0xe1, 0x66, 0x15, 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, 0xa7, + 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72, 0x22, 0x03, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x03, 0x00, 0x00, 0x11, 0x11, 0x11, + 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x12, 0x34, 0x56, 0x78, 0x9a, + 0xbc, 0x30, 0x82, 0x02, 0xf2, 0x30, 0x82, 0x01, 0xda, 0xa0, 0x03, 0x02, + 0x01, 0x02, 0x02, 0x09, 0x00, 0xfe, 0xdd, 0x2e, 0xec, 0xe0, 0x22, 0xdd, + 0xf9, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0e, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, 0x45, 0x4b, 0x30, 0x1e, 0x17, 0x0d, + 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, 0x36, 0x33, 0x31, + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, 0x31, 0x38, 0x35, + 0x36, 0x33, 0x31, 0x5a, 0x30, 0x0e, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, 0x45, 0x4b, 0x30, 0x82, 0x01, 0x22, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, + 0x02, 0x82, 0x01, 0x01, 0x00, 0xd1, 0xf8, 0xab, 0xdb, 0xc2, 0xf5, 0x51, + 0xde, 0x7b, 0x9f, 0x28, 0xff, 0xae, 0xdb, 0xa5, 0xbf, 0x73, 0x63, 0x99, + 0x5e, 0x04, 0xa5, 0x9d, 0xfd, 0xcd, 0x24, 0x2e, 0xdd, 0x0b, 0x02, 0x88, + 0xe9, 0x71, 0x7b, 0xf2, 0x89, 0x90, 0xae, 0xaf, 0x0d, 0xa0, 0x68, 0x4d, + 0x31, 0x1b, 0x30, 0xe8, 0x19, 0x2e, 0xfc, 0x33, 0x8f, 0xee, 0x6d, 0x2a, + 0x0a, 0x09, 0x42, 0x34, 0xc1, 0x40, 0xa8, 0xe8, 0xb6, 0xc7, 0x92, 0x5d, + 0xa5, 0x96, 0x14, 0xd7, 0xaf, 0x8c, 0x71, 0x6b, 0x4e, 0x7d, 0x6e, 0xfa, + 0x73, 0x1c, 0x40, 0x4c, 0x05, 0x9e, 0xfa, 0xb2, 0x4c, 0x8c, 0xcb, 0x9d, + 0xe2, 0xa9, 0x04, 0x01, 0x91, 0x5b, 0xbf, 0xff, 0x85, 0x54, 0x2a, 0x65, + 0x96, 0x84, 0x6f, 0xfa, 0x99, 0x1c, 0x9e, 0xe0, 0x77, 0x68, 0x4d, 0x58, + 0x2a, 0xc7, 0xc0, 0x8f, 0x71, 0x5a, 0x8f, 0xa9, 0xff, 0x44, 0xed, 0xf7, + 0xe4, 0x47, 0xd8, 0x4c, 0x9c, 0xf4, 0x78, 0xa0, 0xb3, 0x37, 0xaf, 0x43, + 0x0b, 0x03, 0x6f, 0xe4, 0xe1, 0x2d, 0x52, 0x0b, 0x4b, 0x62, 0xc6, 0x2f, + 0xe3, 0xfc, 0x32, 0xf2, 0xe2, 0x11, 0x1c, 0xac, 0xdf, 0x5a, 0xe8, 0xdd, + 0x55, 0x65, 0xa4, 0x6f, 0x61, 0xb7, 0x0f, 0x1c, 0xc6, 0x08, 0x2a, 0xaf, + 0x5d, 0x36, 0x50, 0x06, 0x7b, 0x49, 0xa0, 0x8b, 0x1c, 0x93, 0xdc, 0x72, + 0x69, 0x7b, 0xf1, 0xcc, 0xee, 0xa4, 0xe8, 0xd0, 0x7b, 0x5f, 0x61, 0xbc, + 0xbe, 0x20, 0xfb, 0x0b, 0xaa, 0x54, 0xf6, 0xe0, 0x13, 0xad, 0xe8, 0x96, + 0x53, 0x6a, 0xa9, 0x4b, 0xa1, 0xcf, 0x56, 0x10, 0xbc, 0x2a, 0x09, 0xc9, + 0x0a, 0xcc, 0x8d, 0x20, 0xdd, 0x4d, 0x14, 0xc7, 0x08, 0xab, 0xc1, 0xc3, + 0xaf, 0x0b, 0x35, 0x40, 0x57, 0x34, 0x97, 0x3b, 0xa2, 0x2d, 0xa3, 0x46, + 0xc1, 0x30, 0x14, 0x88, 0xa8, 0x74, 0x79, 0xdd, 0xb1, 0x02, 0x03, 0x01, + 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, + 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd7, 0x75, 0xfc, 0xed, 0xb7, 0xc8, 0xb5, + 0xf8, 0x7d, 0x28, 0xc5, 0x13, 0x34, 0xcd, 0x0b, 0xbe, 0x57, 0x0d, 0x94, + 0xa8, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, + 0x80, 0x14, 0xd7, 0x75, 0xfc, 0xed, 0xb7, 0xc8, 0xb5, 0xf8, 0x7d, 0x28, + 0xc5, 0x13, 0x34, 0xcd, 0x0b, 0xbe, 0x57, 0x0d, 0x94, 0xa8, 0x30, 0x0f, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, + 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x58, + 0xd2, 0x25, 0xa3, 0xe6, 0xaa, 0xb9, 0x56, 0x67, 0xc3, 0xa6, 0x4b, 0x88, + 0x99, 0xfe, 0xde, 0xc6, 0x16, 0x4c, 0x43, 0x1b, 0xb8, 0xea, 0xe3, 0x77, + 0xc4, 0xe4, 0x66, 0x15, 0x9f, 0x92, 0x6d, 0xe3, 0x7f, 0x3c, 0xac, 0x88, + 0x8b, 0xb9, 0xc5, 0x5c, 0x39, 0x4f, 0x02, 0x75, 0x5a, 0x3d, 0xc5, 0xaf, + 0xad, 0x8f, 0x32, 0xd4, 0x5a, 0x44, 0xc8, 0xcb, 0x1f, 0x40, 0xa1, 0x44, + 0xef, 0xa8, 0x2a, 0xa4, 0x0d, 0x7a, 0x25, 0xe1, 0x6c, 0x09, 0x4b, 0x96, + 0x6a, 0x73, 0x0f, 0xe0, 0x9b, 0x0e, 0x26, 0xff, 0x61, 0x96, 0xc4, 0xb6, + 0x10, 0xe1, 0x90, 0x36, 0xfd, 0x96, 0xb5, 0x90, 0xb0, 0x76, 0xed, 0xc2, + 0x17, 0xc0, 0xfe, 0xd4, 0x38, 0xff, 0x7f, 0xc3, 0xa0, 0x88, 0x60, 0xe8, + 0x27, 0x10, 0x34, 0x35, 0x93, 0x59, 0xcb, 0x12, 0xe5, 0x25, 0xaf, 0x2d, + 0x1d, 0x7d, 0x3f, 0x16, 0x95, 0x71, 0x57, 0x8e, 0x3f, 0xc2, 0xad, 0x8e, + 0xc4, 0x0e, 0xe1, 0xed, 0x46, 0xf9, 0xd7, 0x07, 0x85, 0xb3, 0x05, 0xbe, + 0xf1, 0x4c, 0xba, 0xf1, 0x34, 0xe5, 0xd5, 0x26, 0x9b, 0x6c, 0x15, 0x9e, + 0x35, 0xa2, 0xd5, 0x81, 0x09, 0x36, 0x05, 0xa6, 0x99, 0x1f, 0xa2, 0x17, + 0x35, 0x3a, 0x38, 0x18, 0x52, 0x44, 0xcf, 0x22, 0xb3, 0x69, 0xba, 0x07, + 0x74, 0x48, 0x1c, 0x8e, 0x4c, 0xa7, 0xb0, 0xc2, 0x65, 0x6c, 0x1d, 0x30, + 0xe2, 0x82, 0xc2, 0x35, 0x60, 0x25, 0xf2, 0xb1, 0x05, 0x18, 0x0a, 0x73, + 0x87, 0x27, 0xee, 0x6e, 0xc2, 0x5f, 0xff, 0xd8, 0xfc, 0x77, 0x06, 0x2e, + 0x3d, 0x4f, 0xa1, 0x14, 0x04, 0x5d, 0xae, 0x38, 0x28, 0xf9, 0x3d, 0x82, + 0x5f, 0xc6, 0xd0, 0x31, 0x21, 0x88, 0xda, 0x7f, 0x78, 0xe3, 0xb7, 0xed, + 0x52, 0x37, 0xf4, 0x29, 0x08, 0x88, 0x50, 0x54, 0x56, 0x67, 0xc0, 0xe1, + 0xf4, 0xe7, 0xcf, +}; +unsigned int multipleKEK_auth_len = 2787; diff --git a/libstb/secvar/test/data/multiplePK.h b/libstb/secvar/test/data/multiplePK.h new file mode 100644 index 00000000..528c0d50 --- /dev/null +++ b/libstb/secvar/test/data/multiplePK.h @@ -0,0 +1,236 @@ +unsigned char multiplePK_auth[] = { + 0xe3, 0x07, 0x0c, 0x0e, 0x0f, 0x02, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x91, 0x04, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, + 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, + 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x04, 0x75, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x04, 0x66, 0x30, + 0x82, 0x04, 0x62, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, + 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, + 0xa0, 0x82, 0x02, 0xf4, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, 0xd8, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, 0xbe, + 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, 0x36, + 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, 0x31, + 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, + 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, 0x2d, + 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, 0x61, + 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, 0xd3, + 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, 0xb4, + 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, 0x0d, + 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, 0x8d, + 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, 0x5f, + 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, 0xf0, + 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, 0x75, + 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, 0x91, + 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, 0xbf, + 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, 0x21, + 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, 0x41, + 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, 0x87, + 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, 0x0e, + 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, 0xac, + 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, 0x2c, + 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, 0xed, + 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, 0x8d, + 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, 0xee, + 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, 0x2a, + 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, + 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, + 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, 0x3e, + 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, 0x30, + 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, 0x37, + 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, 0x9c, + 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, 0xb1, + 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, 0x9f, + 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, 0xe5, + 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, 0xe1, + 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, 0xed, + 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, 0xd4, + 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, 0xe0, + 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, 0xcc, + 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, 0x14, + 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, 0x23, + 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, 0xe2, + 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, 0x7f, + 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, 0xfa, + 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, 0x52, + 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, 0xe7, + 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, 0xb7, + 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, 0x0c, + 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, 0x8b, + 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, 0xe7, + 0x12, 0xe1, 0x66, 0x15, 0x31, 0x82, 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, + 0x02, 0x01, 0x01, 0x30, 0x1a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x02, 0x09, 0x00, 0xec, + 0x89, 0x21, 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x04, 0x82, 0x01, 0x00, 0xce, 0xc5, 0x99, 0x68, 0xad, 0x54, 0xfb, + 0x86, 0xb0, 0xdd, 0xee, 0x3f, 0xa6, 0xe9, 0xa1, 0x9d, 0x90, 0x13, 0x09, + 0xba, 0xc1, 0x92, 0x30, 0x11, 0x5a, 0xdb, 0x53, 0xde, 0xff, 0xb6, 0x4a, + 0xe1, 0x60, 0x07, 0x48, 0x62, 0x81, 0x48, 0x1d, 0x62, 0x52, 0x0c, 0xfe, + 0x09, 0xcb, 0x30, 0xf6, 0xb1, 0xea, 0x1a, 0x15, 0x38, 0x37, 0xd8, 0xe5, + 0xdd, 0xb6, 0x09, 0xf7, 0x8a, 0x60, 0x91, 0x57, 0x52, 0x99, 0xbf, 0xd9, + 0xc9, 0x25, 0xa9, 0x44, 0x46, 0x46, 0xda, 0xdb, 0xe5, 0x73, 0x3d, 0xc5, + 0x07, 0x75, 0x92, 0xce, 0x36, 0x0b, 0xb8, 0xe6, 0xdf, 0x84, 0x85, 0xdd, + 0x45, 0xbc, 0x52, 0x5b, 0xb6, 0x90, 0x56, 0x9d, 0x0e, 0x05, 0x86, 0x2d, + 0x85, 0xc2, 0x05, 0xff, 0xd5, 0x49, 0x85, 0xe8, 0x8f, 0x0f, 0x3a, 0x28, + 0x79, 0x67, 0x1e, 0x46, 0x70, 0x7f, 0x4d, 0xdf, 0x52, 0x5f, 0x3d, 0xe6, + 0xd5, 0x25, 0x6e, 0xe0, 0x74, 0xee, 0xa8, 0xfd, 0x9b, 0x3d, 0xee, 0x5c, + 0x26, 0x8c, 0x7a, 0x31, 0xb7, 0x0c, 0x42, 0xbf, 0xa4, 0x5c, 0x9c, 0x4b, + 0x52, 0x66, 0x17, 0x94, 0x53, 0x6f, 0x5e, 0x3b, 0xc1, 0x9d, 0x68, 0x79, + 0xb8, 0x31, 0xa6, 0x05, 0xc5, 0x3b, 0xf2, 0x20, 0xa8, 0xe6, 0x17, 0xd4, + 0xee, 0x0a, 0x3c, 0x93, 0x03, 0xaf, 0x87, 0xe1, 0x11, 0x10, 0xc9, 0xf3, + 0xfe, 0xbd, 0x0a, 0x40, 0xc3, 0xc1, 0xa3, 0xc0, 0x83, 0xcf, 0xf5, 0xbb, + 0xa6, 0x31, 0x22, 0x40, 0x43, 0xb0, 0x81, 0x27, 0xd1, 0x2a, 0x07, 0x2c, + 0xe1, 0xbf, 0x3a, 0xde, 0xec, 0x00, 0x36, 0xae, 0xdd, 0xa2, 0xf7, 0x42, + 0xdb, 0x90, 0x44, 0x18, 0xc3, 0x82, 0xfb, 0xbf, 0x4e, 0xf5, 0x84, 0x27, + 0xa4, 0x95, 0x6c, 0x6d, 0xe9, 0x20, 0xc2, 0x19, 0x3b, 0x81, 0x08, 0xa4, + 0xcb, 0x02, 0xff, 0x9a, 0xec, 0xf1, 0x04, 0xe1, 0x4f, 0xa1, 0x59, 0xc0, + 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, + 0x72, 0x20, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x03, 0x00, + 0x00, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x12, + 0x34, 0x56, 0x78, 0x9a, 0xbc, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, + 0xd8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, + 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, + 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, + 0x36, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, + 0x31, 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, + 0x2d, 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, + 0x61, 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, + 0xd3, 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, + 0xb4, 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, + 0x0d, 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, + 0x8d, 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, + 0x5f, 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, + 0xf0, 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, + 0x75, 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, + 0x91, 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, + 0xbf, 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, + 0x21, 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, + 0x41, 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, + 0x87, 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, + 0x0e, 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, + 0xac, 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, + 0x2c, 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, + 0xed, 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, + 0x8d, 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, + 0xee, 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, + 0x2a, 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, + 0x99, 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, + 0xef, 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, + 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, + 0x00, 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, + 0x37, 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, + 0x9c, 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, + 0xb1, 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, + 0x9f, 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, + 0xe5, 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, + 0xe1, 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, + 0xed, 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, + 0xd4, 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, + 0xe0, 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, + 0xcc, 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, + 0x14, 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, + 0x23, 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, + 0xe2, 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, + 0x7f, 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, + 0xfa, 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, + 0x52, 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, + 0xe7, 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, + 0xb7, 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, + 0x0c, 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, + 0x8b, 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, + 0xe7, 0x12, 0xe1, 0x66, 0x15, 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, 0xa7, + 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72, 0x20, 0x03, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x03, 0x00, 0x00, 0x11, 0x11, 0x11, + 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x12, 0x34, 0x56, 0x78, 0x9a, + 0xbc, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, 0xd8, 0xa0, 0x03, 0x02, + 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, 0xbe, 0xc3, 0xb0, 0x04, + 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x1e, 0x17, 0x0d, 0x31, + 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, + 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, 0x31, 0x38, 0x35, 0x36, + 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, + 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, 0x2d, 0xfd, 0xff, 0x21, + 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, 0x61, 0x10, 0x21, 0xe1, + 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, 0xd3, 0x5d, 0xa6, 0xce, + 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, 0xb4, 0x35, 0xca, 0x30, + 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, 0x0d, 0xc0, 0x8d, 0xca, + 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, 0x8d, 0xe0, 0xf6, 0xbc, + 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, 0x5f, 0x1e, 0xe6, 0xed, + 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, 0xf0, 0xf6, 0x1b, 0x07, + 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, 0x75, 0x48, 0xd4, 0xfa, + 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, 0x91, 0x65, 0x19, 0x99, + 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, 0xbf, 0x1f, 0xff, 0xd2, + 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, 0x21, 0xe1, 0x86, 0xfb, + 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, 0x41, 0xdb, 0xc9, 0x73, + 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, 0x87, 0x90, 0xc2, 0x58, + 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, 0x0e, 0xcc, 0xfe, 0x1a, + 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, 0xac, 0xaf, 0xc9, 0xa5, + 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, 0x2c, 0xcb, 0xc1, 0x82, + 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, 0xed, 0x50, 0xfc, 0x39, + 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, 0x8d, 0x17, 0x35, 0x63, + 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, 0xee, 0xf4, 0x82, 0xe1, + 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, 0x2a, 0x8b, 0x8d, 0xa2, + 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, 0x03, 0x01, 0x00, 0x01, + 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, 0x3e, + 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, 0x30, + 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, + 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, + 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, 0x30, 0x0f, 0x06, 0x03, + 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8f, 0x4b, 0x0e, + 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, 0x37, 0xed, 0x7b, 0x89, + 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, 0x9c, 0xbf, 0x10, 0x8e, + 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, 0xb1, 0x9b, 0x2e, 0x68, + 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, 0x9f, 0x5b, 0x52, 0x6b, + 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, 0xe5, 0x0b, 0xb4, 0x60, + 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, 0xe1, 0x35, 0x6c, 0x43, + 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, 0xed, 0xa9, 0x98, 0x13, + 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, 0xd4, 0xa1, 0x46, 0x89, + 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, 0xe0, 0x32, 0xb2, 0x07, + 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, 0xcc, 0x1d, 0x64, 0x61, + 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, 0x14, 0xbe, 0x8f, 0x70, + 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, 0x23, 0xc6, 0x36, 0x23, + 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, 0xe2, 0xb2, 0x37, 0x8c, + 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, 0x7f, 0x5e, 0x76, 0x9b, + 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, 0xfa, 0x90, 0x76, 0x08, + 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, 0x52, 0xec, 0xc7, 0xa0, + 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, 0xe7, 0x59, 0x6a, 0x9a, + 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, 0xb7, 0x6f, 0xc8, 0x44, + 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, 0x0c, 0x43, 0x9f, 0x13, + 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, 0x8b, 0x2e, 0xa7, 0x7d, + 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, 0xe7, 0x12, 0xe1, 0x66, + 0x15, +}; +unsigned int multiplePK_auth_len = 2785; diff --git a/libstb/secvar/test/data/noPK.h b/libstb/secvar/test/data/noPK.h new file mode 100644 index 00000000..eff9314f --- /dev/null +++ b/libstb/secvar/test/data/noPK.h @@ -0,0 +1,102 @@ +unsigned char noPK_auth[] = { + 0xe3, 0x07, 0x0c, 0x0e, 0x0e, 0x14, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x91, 0x04, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, + 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, + 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x04, 0x75, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x04, 0x66, 0x30, + 0x82, 0x04, 0x62, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, + 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, + 0xa0, 0x82, 0x02, 0xf4, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, 0xd8, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, 0xbe, + 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, 0x36, + 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, 0x31, + 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, + 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, 0x2d, + 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, 0x61, + 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, 0xd3, + 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, 0xb4, + 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, 0x0d, + 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, 0x8d, + 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, 0x5f, + 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, 0xf0, + 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, 0x75, + 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, 0x91, + 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, 0xbf, + 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, 0x21, + 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, 0x41, + 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, 0x87, + 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, 0x0e, + 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, 0xac, + 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, 0x2c, + 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, 0xed, + 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, 0x8d, + 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, 0xee, + 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, 0x2a, + 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, + 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, + 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, 0x3e, + 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, 0x30, + 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, 0x37, + 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, 0x9c, + 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, 0xb1, + 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, 0x9f, + 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, 0xe5, + 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, 0xe1, + 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, 0xed, + 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, 0xd4, + 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, 0xe0, + 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, 0xcc, + 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, 0x14, + 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, 0x23, + 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, 0xe2, + 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, 0x7f, + 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, 0xfa, + 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, 0x52, + 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, 0xe7, + 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, 0xb7, + 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, 0x0c, + 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, 0x8b, + 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, 0xe7, + 0x12, 0xe1, 0x66, 0x15, 0x31, 0x82, 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, + 0x02, 0x01, 0x01, 0x30, 0x1a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x02, 0x09, 0x00, 0xec, + 0x89, 0x21, 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x04, 0x82, 0x01, 0x00, 0x24, 0xc8, 0x03, 0x40, 0x7f, 0xf1, 0xb0, + 0x31, 0xc7, 0x0f, 0x26, 0x95, 0x27, 0xb7, 0x7c, 0x80, 0x5a, 0x97, 0x35, + 0x27, 0x72, 0xb4, 0xe4, 0x91, 0x05, 0x09, 0xa8, 0x57, 0x40, 0x39, 0xb6, + 0x75, 0x4f, 0x74, 0x12, 0x91, 0xfd, 0x55, 0x63, 0x65, 0x3a, 0x68, 0xb5, + 0x2e, 0x67, 0x1f, 0x06, 0xbb, 0x08, 0x23, 0xb8, 0x8e, 0xaa, 0x46, 0x50, + 0x73, 0xc2, 0x90, 0x85, 0xcd, 0xa9, 0x4e, 0xd8, 0x65, 0xca, 0x6c, 0x0a, + 0x62, 0x19, 0x97, 0x07, 0xa8, 0x31, 0x9a, 0x4d, 0x7f, 0x90, 0x5f, 0xbd, + 0x34, 0x63, 0xa1, 0xa2, 0x80, 0xf3, 0x0b, 0xb8, 0x73, 0x1c, 0xfe, 0x4c, + 0xee, 0x7e, 0xc8, 0x50, 0xb6, 0xfe, 0x94, 0xf0, 0x28, 0x03, 0x25, 0x28, + 0xf7, 0x99, 0xca, 0x4b, 0xa9, 0x97, 0x79, 0x74, 0x71, 0x3b, 0x58, 0xc4, + 0x37, 0x8b, 0xf7, 0x7d, 0x14, 0x55, 0x97, 0xe2, 0xd3, 0xc7, 0x09, 0x40, + 0x55, 0x64, 0xb2, 0xeb, 0xe7, 0xc1, 0xa2, 0x66, 0x23, 0xe2, 0x79, 0x41, + 0x40, 0xd2, 0xda, 0x63, 0xac, 0x6a, 0x5c, 0x29, 0x30, 0x51, 0xd6, 0x08, + 0x39, 0x54, 0xb8, 0x19, 0x5f, 0x15, 0x77, 0x20, 0x04, 0xcf, 0x98, 0x28, + 0x3e, 0x77, 0x6a, 0x21, 0xfb, 0x07, 0xa6, 0xe5, 0xe9, 0xed, 0x79, 0xf7, + 0xfe, 0xe9, 0xea, 0x59, 0x97, 0x87, 0x05, 0x9e, 0x57, 0xf3, 0x49, 0xe4, + 0x5a, 0xe7, 0xf4, 0xa6, 0xcc, 0x48, 0xc1, 0xf1, 0xb3, 0xb2, 0x45, 0x60, + 0x48, 0x1e, 0x45, 0xa3, 0x02, 0x31, 0xd6, 0x12, 0xc5, 0x96, 0x69, 0x69, + 0x73, 0x23, 0xa5, 0x64, 0x2a, 0xbb, 0xd6, 0xf9, 0x66, 0x34, 0xb2, 0x86, + 0x6a, 0x15, 0x13, 0x24, 0xc8, 0x87, 0xf4, 0xd5, 0xd1, 0xcc, 0x88, 0xc2, + 0x64, 0xdc, 0xb3, 0x55, 0x8f, 0x04, 0x89, 0x99, 0x2c, 0x9d, 0x45, 0x16, + 0x99, 0x4f, 0x48, 0xb8, 0xe9, 0xa9, 0xc9, 0xbd, 0x19, +}; +unsigned int noPK_auth_len = 1185; diff --git a/libstb/secvar/test/secvar-test-edk2-compat.c b/libstb/secvar/test/secvar-test-edk2-compat.c new file mode 100644 index 00000000..9ad92ee9 --- /dev/null +++ b/libstb/secvar/test/secvar-test-edk2-compat.c @@ -0,0 +1,394 @@ +/* Copyright 2019 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define TSS_NV_Read NULL +#define TSS_NV_Write NULL +#define TSS_NV_Define_Space NULL + +#include "secvar_common_test.c" +#include "../backend/edk2-compat.c" +#include "../secvar_util.c" +#include "../secvar_tpmnv.c" +#define MBEDTLS_PKCS7_USE_C +#include "../../crypto/pkcs7/pkcs7.c" +#include +#include "./data/edk2_test_data.h" +#include "./data/PK1.h" +#include "./data/noPK.h" +#include "./data/KEK.h" +#include "./data/multipleKEK.h" +#include "./data/multipleDB.h" +#include "./data/multiplePK.h" + +const char *secvar_test_name = "edk2-compat"; + +struct platform platform; + +// Change to TSS-intercepting wrappers +#define ARBITRARY_TPMNV_SIZE 2048 +char *secboot_buffer; +static int secboot_read(void *dst, uint32_t src, uint32_t len) +{ + (void) src; // Don't need to use offset here + memcpy(dst, secboot_buffer, len); + return 0; +} + +static int secboot_write(uint32_t dst, void *src, uint32_t len) +{ + (void) dst; + memcpy(secboot_buffer, src, len); + return 0; +} + +int secvar_set_secure_mode(void) { return 0; }; + +int run_test() +{ + int rc = -1; + struct secvar_node *tmp; + int keksize; + int dbsize; + struct secvar_node *ts; + ts = alloc_secvar(sizeof(struct secvar) + 64); + memcpy(ts->var->key, "TS", 3); + ts->var->key_len = 3; + memset(ts->var->data, 0, 64); + ts->var->data_size = 64; + + // Check pre-process creates the empty variables + ASSERT(0 == list_length(&variable_bank)); + rc = edk2_compat_pre_process(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + tmp = find_secvar("TS", 3, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(64 == tmp->var->data_size); + ASSERT(!(memcmp(tmp->var->data, ts->var->data, 64))); + + + // Add PK to update and .process() + printf("Add PK"); + tmp = alloc_secvar(PK1_auth_len); + memcpy(tmp->var->key, "PK", 3); + tmp->var->key_len = 3; + memcpy(tmp->var->data, PK1_auth, PK1_auth_len); + tmp->var->data_size = PK1_auth_len; + ASSERT(0 == edk2_compat_validate(tmp->var)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("PK", 3, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + ASSERT(PK_auth_len > tmp->var->data_size); // esl should be smaller without auth + ASSERT(!setup_mode); + + // Add db, should fail with no KEK + printf("Add db"); + dbsize = sizeof(DB_auth); + tmp = alloc_secvar(dbsize); + memcpy(tmp->var->key, "db", 3); + tmp->var->key_len = 3; + memcpy(tmp->var->data, DB_auth, dbsize); + tmp->var->data_size = dbsize; + ASSERT(0 == edk2_compat_validate(tmp->var)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS != rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("db", 3, &variable_bank); + ASSERT(NULL != tmp); + + printf("Add KEK"); + + // Add valid KEK, .process(), succeeds + + tmp = alloc_secvar(KEK_auth_len); + memcpy(tmp->var->key, "KEK", 4); + tmp->var->key_len = 4; + memcpy(tmp->var->data, KEK_auth, KEK_auth_len); + tmp->var->data_size = KEK_auth_len; + ASSERT(0 == edk2_compat_validate(tmp->var)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + + // Add valid KEK, .process(), timestamp check fails + + tmp = alloc_secvar(ValidKEK_auth_len); + memcpy(tmp->var->key, "KEK", 4); + tmp->var->key_len = 4; + memcpy(tmp->var->data, ValidKEK_auth, ValidKEK_auth_len); + tmp->var->data_size = ValidKEK_auth_len; + ASSERT(0 == edk2_compat_validate(tmp->var)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_PERMISSION == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + + // Add db, .process(), should succeed + printf("Add db again\n"); + dbsize = sizeof(DB_auth); + tmp = alloc_secvar(dbsize); + memcpy(tmp->var->key, "db", 3); + tmp->var->key_len = 3; + memcpy(tmp->var->data, DB_auth, dbsize); + tmp->var->data_size = dbsize; + ASSERT(0 == edk2_compat_validate(tmp->var)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("db", 3, &variable_bank); + printf("tmp is %s\n", tmp->var->key); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + + // Add db, .process(), should fail because of timestamp + printf("Add db again\n"); + dbsize = sizeof(DB_auth); + tmp = alloc_secvar(dbsize); + memcpy(tmp->var->key, "db", 3); + tmp->var->key_len = 3; + memcpy(tmp->var->data, DB_auth, dbsize); + tmp->var->data_size = dbsize; + ASSERT(0 == edk2_compat_validate(tmp->var)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_PERMISSION == rc); + + // Add invalid KEK, .process(), should fail + printf("Add invalid KEK\n"); + keksize = sizeof(InvalidKEK_auth); + tmp = alloc_secvar(keksize); + memcpy(tmp->var->key, "KEK", 4); + tmp->var->key_len = 4; + memcpy(tmp->var->data, InvalidKEK_auth, keksize); + tmp->var->data_size = keksize; + ASSERT(0 == edk2_compat_validate(tmp->var)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS != rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + + // Add ill formatted KEK, .process(), should fail + printf("Add invalid KEK\n"); + keksize = sizeof(IllformatKEK_auth); + tmp = alloc_secvar(keksize); + memcpy(tmp->var->key, "KEK", 4); + tmp->var->key_len = 4; + memcpy(tmp->var->data, IllformatKEK_auth, keksize); + tmp->var->data_size = keksize; + ASSERT(0 == edk2_compat_validate(tmp->var)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS != rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + + // Add multiple KEK ESLs, one of them should sign the db + printf("Add multiple KEK\n"); + tmp = alloc_secvar(multipleKEK_auth_len); + memcpy(tmp->var->key, "KEK", 4); + tmp->var->key_len = 4; + memcpy(tmp->var->data, multipleKEK_auth, multipleKEK_auth_len); + tmp->var->data_size = multipleKEK_auth_len; + ASSERT(0 == edk2_compat_validate(tmp->var)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + + // Add multiple DB ESLs signed with second key of the KEK + printf("Add multiple db\n"); + tmp = alloc_secvar(multipleDB_auth_len); + memcpy(tmp->var->key, "db", 3); + tmp->var->key_len = 3; + memcpy(tmp->var->data, multipleDB_auth, multipleDB_auth_len); + tmp->var->data_size = multipleDB_auth_len; + ASSERT(0 == edk2_compat_validate(tmp->var)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("db", 3, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + + // Delete PK. + printf("Delete PK\n"); + tmp = alloc_secvar(noPK_auth_len); + memcpy(tmp->var->key, "PK", 3); + tmp->var->key_len = 3; + memcpy(tmp->var->data, noPK_auth, noPK_auth_len); + tmp->var->data_size = noPK_auth_len; + ASSERT(0 == edk2_compat_validate(tmp->var)); + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(5 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("PK", 3, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 == tmp->var->data_size); + ASSERT(setup_mode); + + // Add multiple PK. + printf("Multiple PK\n"); + tmp = alloc_secvar(multiplePK_auth_len); + memcpy(tmp->var->key, "PK", 3); + tmp->var->key_len = 3; + memcpy(tmp->var->data, multiplePK_auth, multiplePK_auth_len); + tmp->var->data_size = multiplePK_auth_len; + ASSERT(0 != edk2_compat_validate(tmp->var)); + + return 0; +} + +static int run_edk2_tpmnv_test(void) +{ + int size, rc; + char *tmp; + + size = secvar_tpmnv_size(TPMNV_ID_EDK2_PK); + ASSERT(size > 0); + ASSERT(size < 1024); + tmp = malloc(size); + rc = secvar_tpmnv_read(TPMNV_ID_EDK2_PK, tmp, size, 0); + ASSERT(OPAL_SUCCESS == rc); + // memcmp here? + + free(tmp); + tmp = NULL; // Going to reuse this pointer later... + + clear_bank_list(&variable_bank); + ASSERT(0 == list_length(&variable_bank)); + + rc = edk2_p9_load_pk(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(1 == list_length(&variable_bank)); + + // Now lets double check that write is working... + memset(secboot_buffer, 0, ARBITRARY_TPMNV_SIZE); + + rc = edk2_p9_write_pk(); + ASSERT(OPAL_SUCCESS == rc); + + for (tmp = secboot_buffer; + tmp <= secboot_buffer + ARBITRARY_TPMNV_SIZE; + tmp++) + if (*tmp != '\0') + return 0; // Something was written + + // Buffer was still empty + return 1; +} + +int main(void) +{ + int rc; + + tpm_fake_nv = 1; + tpm_fake_nv_offset = 0; + + list_head_init(&variable_bank); + list_head_init(&update_bank); + + secvar_storage.max_var_size = 4096; + + // Run as a generic platform using whatever storage + proc_gen = 0; + rc = run_test(); + if (rc) + goto out_bank; + + clear_bank_list(&variable_bank); + clear_bank_list(&update_bank); + ASSERT(0 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + printf("PASSED FIRST TEST\n"); + + // Run as "p9" and use the TPM for pk + // TODO: Change to TSS stubs when this matters + platform.secboot_read = secboot_read; + platform.secboot_write = secboot_write; + secboot_buffer = zalloc(ARBITRARY_TPMNV_SIZE); + + proc_gen = proc_gen_p9; + rc = run_test(); + if (rc) + goto out; + + printf("Run TPMNV tests\n"); + // Check that PK was actually written to "TPM" and load it + rc = run_edk2_tpmnv_test(); + +out: + free(secboot_buffer); +out_bank: + clear_bank_list(&variable_bank); + clear_bank_list(&update_bank); + + return rc; +} diff --git a/libstb/secvar/test/secvar_common_test.c b/libstb/secvar/test/secvar_common_test.c index fbc23145..13371bd6 100644 --- a/libstb/secvar/test/secvar_common_test.c +++ b/libstb/secvar/test/secvar_common_test.c @@ -4,6 +4,8 @@ #define SECBOOT_FILE "secboot.img" #define SECBOOT_SIZE 128000 +#define HAVE_LITTLE_ENDIAN 1 + #include #include #include From patchwork Mon Jan 20 02:36:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225603 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481GBB1QRvz9sR1 for ; Mon, 20 Jan 2020 13:40:50 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481GB96GbxzDqY2 for ; Mon, 20 Jan 2020 13:40:49 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G6B1xTpzDqXw for ; Mon, 20 Jan 2020 13:37:22 +1100 (AEDT) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2WoGk140490 for ; Sun, 19 Jan 2020 21:37:20 -0500 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xmgcmqswf-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:20 -0500 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:18 -0000 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:16 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2bEll46006456 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:37:14 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B934C4C04A; Mon, 20 Jan 2020 02:37:14 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 15FB14C046; Mon, 20 Jan 2020 02:37:14 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:13 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:36:59 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0020-0000-0000-000003A2314D X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0021-0000-0000-000021F9BA4E Message-Id: <20200120023700.5373-12-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=957 mlxscore=0 phishscore=0 impostorscore=0 priorityscore=1501 bulkscore=0 adultscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 malwarescore=0 suspectscore=3 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 11/12] secvar_util.c: add dealloc_secvar helper to match alloc_secvar X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Since there is a constructor function for alloc_secvar, there should be a matching destructor function for any of its non-toplevel allocations. This patch introduces dealloc_secvar(), which frees a whole secvar_node reference including its children allocations. This also updates the clear_bank_list() helper function to use this destructor. Signed-off-by: Eric Richter --- libstb/secvar/secvar.h | 1 + libstb/secvar/secvar_util.c | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/libstb/secvar/secvar.h b/libstb/secvar/secvar.h index 771ff648..1bc00476 100644 --- a/libstb/secvar/secvar.h +++ b/libstb/secvar/secvar.h @@ -45,6 +45,7 @@ extern struct secvar_backend_driver secvar_backend; void clear_bank_list(struct list_head *bank); struct secvar_node *alloc_secvar(uint64_t size); int realloc_secvar(struct secvar_node *node, uint64_t size); +void dealloc_secvar(struct secvar_node *node); struct secvar_node *find_secvar(const char *key, uint64_t key_len, struct list_head *bank); int is_key_empty(const char *key, uint64_t key_len); int list_length(struct list_head *bank); diff --git a/libstb/secvar/secvar_util.c b/libstb/secvar/secvar_util.c index a143d0bc..eb0def29 100644 --- a/libstb/secvar/secvar_util.c +++ b/libstb/secvar/secvar_util.c @@ -64,6 +64,16 @@ int realloc_secvar(struct secvar_node *node, uint64_t size) return 0; } +void dealloc_secvar(struct secvar_node *node) +{ + if (!node) + return; + + if (node->var) + free(node->var); + free(node); +} + struct secvar_node *find_secvar(const char *key, uint64_t key_len, struct list_head *bank) { struct secvar_node *node = NULL; From patchwork Mon Jan 20 02:37:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1225604 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481GBV4fzgz9sPJ for ; Mon, 20 Jan 2020 13:41:06 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 481GBV3tCVzDqY2 for ; Mon, 20 Jan 2020 13:41:06 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 481G6B3g9LzDqY2 for ; Mon, 20 Jan 2020 13:37:22 +1100 (AEDT) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00K2WqDL003549 for ; Sun, 19 Jan 2020 21:37:20 -0500 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 2xmg378402-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 19 Jan 2020 21:37:19 -0500 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 20 Jan 2020 02:37:18 -0000 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 20 Jan 2020 02:37:17 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00K2bFuh52232210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 20 Jan 2020 02:37:15 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A5EC04C04A; Mon, 20 Jan 2020 02:37:15 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0260A4C040; Mon, 20 Jan 2020 02:37:15 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.231.232]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 20 Jan 2020 02:37:14 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Sun, 19 Jan 2020 20:37:00 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20200120023700.5373-1-erichte@linux.ibm.com> References: <20200120023700.5373-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20012002-0008-0000-0000-0000034AE753 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20012002-0009-0000-0000-00004A6B486C Message-Id: <20200120023700.5373-13-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-19_08:2020-01-16, 2020-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 mlxlogscore=999 suspectscore=1 phishscore=0 malwarescore=0 impostorscore=0 bulkscore=0 lowpriorityscore=0 mlxscore=0 adultscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-2001200020 Subject: [Skiboot] [PATCH v2 12/12] witherspoon: enable secvar for witherspoon platform X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Secure variable support needs to be enabled for each platform, and each platform needs to select which storage and backend drivers to use (or alternatively implement their own). This patch adds secure variable support to the witherspoon platform. NOTE: This patch includes commented out code to enable "Fake NV" mode, intended for review purposes only. To review or test secure variables on a non-witherspoon platform, replace this patch with a similar one for your given platform with the Fake NV lines uncommented. Signed-off-by: Eric Richter --- platforms/astbmc/witherspoon.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/platforms/astbmc/witherspoon.c b/platforms/astbmc/witherspoon.c index c576a176..cbaa9b97 100644 --- a/platforms/astbmc/witherspoon.c +++ b/platforms/astbmc/witherspoon.c @@ -17,6 +17,9 @@ #include #include #include +#include +#include "libstb/secvar/secvar_tpmnv.h" +#include "libstb/secvar/storage/secboot_tpm.h" #include "astbmc.h" #include "ast.h" @@ -506,6 +509,15 @@ static void witherspoon_finalise_dt(bool is_reboot) } } +static int witherspoon_secvar_init(void) +{ + // REMOVE THESE TO USE ACTUAL TPM +// tpm_fake_nv = 1; +// tpm_fake_nv_offset = sizeof(struct secboot); + + return secvar_main(secboot_tpm_driver, edk2_compatible_v1); +} + /* The only difference between these is the PCI slot handling */ DECLARE_PLATFORM(witherspoon) = { @@ -527,4 +539,5 @@ DECLARE_PLATFORM(witherspoon) = { .ocapi = &witherspoon_ocapi, .npu2_device_detect = witherspoon_npu2_device_detect, .op_display = op_display_lpc, + .secvar_init = witherspoon_secvar_init, };