* [tpm2] PCR missing SHA-512 support
@ 2018-05-10 17:09 Anderson, Daniel
0 siblings, 0 replies; 6+ messages in thread
From: Anderson, Daniel @ 2018-05-10 17:09 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 591 bytes --]
I was playing around with tpm2_pcrlist and noticed it supports SHA-1, SHA-256, SHA-384, but SHA-512 is missing:
tumalo ~/tpm/bin$ tpm2_pcrlist -L sha512:22
WARN: Ignore unsupported bank/algorithm: sha512(0x000d)
ERROR: Unable to run tpm2_pcrlist
tumalo ~/tpm/bin$ tpm2_pcrlist -L sha384:22
sha384:
22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Then I look in the man page and see SHA-512 is supported.
Is this a bug or a feature?
There's also bugs in the man page example, but I will fix that separately.
Dan
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 2797 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [tpm2] PCR missing SHA-512 support
@ 2018-05-25 15:03 Anderson, Daniel
0 siblings, 0 replies; 6+ messages in thread
From: Anderson, Daniel @ 2018-05-25 15:03 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 404 bytes --]
Ricardo,
My guess is it is a tpm2-tss or tpm2-tools bug, not a simulator issue.
That is especially true since we tend to use the Microsoft/IBM tpm2 simulator, which, by default, has the SHA-512 PCR bank disabled.
Yes, it looks like this:
https://github.com/tpm2-software/tpm2-tools/issues/1021
Could you add your information to issue #1021 or file a new issue if it is different?
Dan
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [tpm2] PCR missing SHA-512 support
@ 2018-05-24 21:02 Anderson, Daniel
0 siblings, 0 replies; 6+ messages in thread
From: Anderson, Daniel @ 2018-05-24 21:02 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 843 bytes --]
Ricardo,
No I have not seen that before.
This is just a hunch. But I suspect that the code needs to be recompiled with your simulator (or real TPM).
Some more information would be useful--does your TPM (real or virtual or simulated) have a SHA-512 PCR bank?
Did you compile it on the same machine? Or did you compile elsewhere or use a precompiled package or something like that?
Dan
From: Ricardo Araújo [mailto:ricardo(a)lsd.ufcg.edu.br]
> Not sure it is the same simulator, but I'm using
> https://github.com/stefanberger/libtpms/tree/tpm2-preview.rev146.v2 and after SHA-512 was enabled (yesterday) tpm2_pcrlist is crashing with this error:
> WARNING:marshal:src/tss2-mu/tpml-types.c:197:Tss2_MU_TPML_PCR_SELECTION_Unmarshal() count too big
> ERROR: Tss2_Sys_GetCapability(0x80011) - sys:Response is malformed
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [tpm2] PCR missing SHA-512 support
@ 2018-05-24 19:04
0 siblings, 0 replies; 6+ messages in thread
From: @ 2018-05-24 19:04 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 1293 bytes --]
Hey,
Not sure it is the same simulator, but I'm using https://github.com/stefanberger/libtpms/tree/tpm2-preview.rev146.v2 and after SHA-512 was enabled (yesterday) tpm2_pcrlist is crashing with this error:
WARNING:marshal:src/tss2-mu/tpml-types.c:197:Tss2_MU_TPML_PCR_SELECTION_Unmarshal() count too big
ERROR: Tss2_Sys_GetCapability(0x80011) - sys:Response is malformed
ERROR: Unable to run tpm2_pcrlist
Anyone has seen this happening too?
Ricardo
Ricardo Araújo Santos -
www.lsd.ufcg.edu.br/~ricardo
M.Sc in Computer Science at UFCG - www.ufcg.edu.br
Researcher and Developer at Distributed Systems Laboratory - www.lsd.ufcg.edu.br
Paraíba - Brasil
----- Mensagem original -----
De: "Anderson, Daniel" <daniel.anderson(a)intel.com>
Para: tpm2(a)lists.01.org
Enviadas: Quinta-feira, 10 de maio de 2018 17:34:16
Assunto: Re: [tpm2] PCR missing SHA-512 support
OK Thanks!--not a big deal if it's just a simulator issue.
I could see the simulator not supporting SHA-3, since it is relatively new and perhaps unknown, but it's funny that SHA-384 is supported but not SHA-512, since they are very similar.
Dan
...
_______________________________________________
tpm2 mailing list
tpm2(a)lists.01.org
https://lists.01.org/mailman/listinfo/tpm2
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [tpm2] PCR missing SHA-512 support
@ 2018-05-10 20:34 Anderson, Daniel
0 siblings, 0 replies; 6+ messages in thread
From: Anderson, Daniel @ 2018-05-10 20:34 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 260 bytes --]
OK Thanks!--not a big deal if it's just a simulator issue.
I could see the simulator not supporting SHA-3, since it is relatively new and perhaps unknown, but it's funny that SHA-384 is supported but not SHA-512, since they are very similar.
Dan
...
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [tpm2] PCR missing SHA-512 support
@ 2018-05-10 19:17 Tadeusz Struk
0 siblings, 0 replies; 6+ messages in thread
From: Tadeusz Struk @ 2018-05-10 19:17 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 878 bytes --]
On 05/10/2018 10:09 AM, Anderson, Daniel wrote:
> I was playing around with tpm2_pcrlist and noticed it supports SHA-1, SHA-256, SHA-384, but SHA-512 is missing:
>
>
>
>
>
> tumalo ~/tpm/bin$ tpm2_pcrlist -L sha512:22
>
> WARN: Ignore unsupported bank/algorithm: sha512(0x000d)
>
> ERROR: Unable to run tpm2_pcrlist
>
> tumalo ~/tpm/bin$ tpm2_pcrlist -L sha384:22
>
> sha384:
>
> 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
>
>
> Then I look in the man page and see SHA-512 is supported.
>
>
>
> Is this a bug or a feature?
>
It is supported, but it looks like the TPM simulator doesn't support SHA512 by default:
Implementation.h:
#define ALG_SHA256 ALG_YES
#define ALG_SHA384 ALG_YES
#define ALG_SHA512 ALG_NO
...
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-05-25 15:03 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-10 17:09 [tpm2] PCR missing SHA-512 support Anderson, Daniel
2018-05-10 19:17 Tadeusz Struk
2018-05-10 20:34 Anderson, Daniel
2018-05-24 19:04
2018-05-24 21:02 Anderson, Daniel
2018-05-25 15:03 Anderson, Daniel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.