gowthamsk-arm
commented
1 year ago For future reference, can you also explain here in the PR how this was detected and what prompted your initial PR that changed the sha1 to sha512?
Closed tgonzalezorlandoarm closed 1 year ago
gowthamsk-arm
commented
1 year ago For future reference, can you also explain here in the PR how this was detected and what prompted your initial PR that changed the sha1 to sha512?
tgonzalezorlandoarm
commented
1 year ago For future reference:
The PR that @gowthamsk-arm is referring to is #695. This PR contains an explanation of the issue that led to the SHA1 being changed to SHA512 in the first place: Sha1 is deprecated and this caused an error in the nightly as can be seen in: https://github.com/parallaxsecond/parsec/actions/runs/6043757513/job/16401314344#step:3:6417
Now, what led to this PR in particular: When testing on an Hardware TPM, there was an issue when creating a Sha512 key with the involved test. This is because the TPM does not support this. As clarified in the commit comment, the TPM is guaranteed to support Sha256 and Sha384, so this is what we use in the tests from now on.
…lity
TPM 2.0 specifies in https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2p0-v1p05p_r14_pub.pdf#%5B%7B%22num%22%3A82%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C33%2C375%2C0%5D "A conformant TPM SHALL support SHA-384 (0x000C) and SHA-256 (0x000B)"