tpm2: Prevent HMAC verification with sha1: no-sha1-hmac-verification

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

man/man3/TPMLIB_SetProfile.pod

@@ -219,6 +219,14 @@ algorithms
 
 =back
 
+=item B<no-sha1-hmac-verification>: (since v0.10)
+
+=over 2
+
+=item * Prevents verification of an HMAC using SHA1
+
+=back
+
 =item B<fips-host>: (since v0.10)
 
 =over 2

src/tpm2/CryptUtil.c

@@ -123,6 +123,12 @@ static TPM_RC CryptHMACVerifySignature(
        && ((keyScheme->scheme != signature->sigAlg)
 	   || (keyScheme->details.hmac.hashAlg != signature->signature.any.hashAlg)))
 	return TPM_RC_SIGNATURE;
+
+    if (signature->signature.any.hashAlg == TPM_ALG_SHA1 &&			// libtpms added begin
+        RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile,
+					     RUNTIME_ATTRIBUTE_NO_SHA1_HMAC_VERIFICATION))
+	return TPM_RC_HASH;							// libtpms added end
+
     test.sigAlg                 = signature->sigAlg;
     test.signature.hmac.hashAlg = signature->signature.hmac.hashAlg;
 

src/tpm2/RuntimeAttributes.c

@@ -65,6 +65,8 @@ static const struct {
 	      7),
     ATTRIBUTE("no-sha1-hmac-creation", RUNTIME_ATTRIBUTE_NO_SHA1_HMAC_CREATION,
 	      7),
+    ATTRIBUTE("no-sha1-hmac-verification", RUNTIME_ATTRIBUTE_NO_SHA1_HMAC_VERIFICATION,
+	      7),
     ATTRIBUTE("fips-host", RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION |
 			   RUNTIME_ATTRIBUTE_NO_SHA1_SIGNING |
 			   RUNTIME_ATTRIBUTE_NO_SHA1_VERIFICATION,

src/tpm2/RuntimeAttributes_fp.h

@@ -42,12 +42,13 @@
 #ifndef RUNTIME_ATTRIBUTES_H
 #define RUNTIME_ATTRIBUTES_H
 
-#define NUM_ENTRIES_ATTRIBUTE_PROPERTIES          5
+#define NUM_ENTRIES_ATTRIBUTE_PROPERTIES          6
 
 #define RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION  (1 << 0)
 #define RUNTIME_ATTRIBUTE_NO_SHA1_SIGNING         (1 << 1)
 #define RUNTIME_ATTRIBUTE_NO_SHA1_VERIFICATION    (1 << 2)
 #define RUNTIME_ATTRIBUTE_NO_SHA1_HMAC_CREATION   (1 << 3)
+#define RUNTIME_ATTRIBUTE_NO_SHA1_HMAC_VERIFICATION (1 << 4)
 
 struct RuntimeAttributes {
     /* */