Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hash: add more configurable hash algorithm for public key digest #611

Merged
merged 1 commit into from
Jul 11, 2023
Merged

hash: add more configurable hash algorithm for public key digest #611

merged 1 commit into from
Jul 11, 2023

Conversation

dongx1x
Copy link
Contributor

@dongx1x dongx1x commented Jul 6, 2023

The current public key digest is using SHA1 and SHA256, and the digest will extend to TPM PCR 16. But from TPM2, SHA1 is not mandatory anymore, so this patch makes the hash algorithm configurable.

Reference:
TCG PC Client Platform TPM Profile Specification for TPM 2.0, Section 4.6 https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2p0-v1p05p_r14_pub.pdf

@keylime-bot keylime-bot requested review from THS-on, ueno and ansasaki July 6, 2023 01:40
@dongx1x dongx1x force-pushed the hash-algo branch 2 times, most recently from 560ef3a to de2e420 Compare July 6, 2023 03:09
ueno
ueno reviewed Jul 6, 2023
View reviewed changes
keylime/src/tpm.rs Outdated Show resolved Hide resolved
THS-on
THS-on reviewed Jul 10, 2023
View reviewed changes
Copy link
Member

@THS-on THS-on left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dongx1x can you fix the formatting (cargo fmt) and also add SM3_256 as an hash algorithm (that one is also supported by the server side: https://github.com/keylime/keylime/blob/master/keylime/common/algorithms.py)?

Otherwise the change LGTM.

aplanas
aplanas reviewed Jul 10, 2023
View reviewed changes
keylime/src/tpm.rs Outdated Show resolved Hide resolved
@dongx1x dongx1x force-pushed the hash-algo branch 2 times, most recently from c268dc4 to f0fd09a Compare July 11, 2023 00:56
@dongx1x
hash: add more configurable hash algorithm for public key digest
6a12670 
The current public key digest is using SHA1 and SHA256, and the digest
will extend to TPM PCR 16. But from TPM2, SHA1 is not mandatory anymore,
so this patch makes the hash algorithm configurable.

Reference:
TCG PC Client Platform TPM Profile Specification for TPM 2.0, Section 4.6
https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2p0-v1p05p_r14_pub.pdf

Signed-off-by: Dong, Xiaocheng <[email protected]>
@dongx1x
Copy link
Contributor Author

dongx1x commented Jul 11, 2023

@dongx1x can you fix the formatting (cargo fmt) and also add SM3_256 as an hash algorithm (that one is also supported by the server side: https://github.com/keylime/keylime/blob/master/keylime/common/algorithms.py)?

Otherwise the change LGTM.

Sure, updated.

aplanas
aplanas approved these changes Jul 11, 2023
View reviewed changes
Copy link
Contributor

@aplanas aplanas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM ... but I would wait the imput of @ansasaki or @ueno

@ansasaki ansasaki merged commit 88e033c into keylime:master Jul 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@THS-on THS-on THS-on left review comments

@ansasaki ansasaki ansasaki approved these changes

@aplanas aplanas aplanas approved these changes

@ueno ueno ueno approved these changes

Assignees

@THS-on THS-on

@ansasaki ansasaki

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dongx1x @ueno @aplanas @THS-on @ansasaki