From 4c7dcf2db313fef5c8e8fa8fa57c919202ae9be4 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Thu, 24 Jul 2025 12:02:00 -0400 Subject: [PATCH] tpm2: Rebase on TPM v1.83: Reduce diffs - Rename files so the filenames match - Reduce whitespace diffs - Other trivial changes Signed-off-by: Stefan Berger --- src/Makefile.am | 10 +- src/tpm2/ACT.h | 224 +- src/tpm2/ACT_SetTimeout_fp.h | 165 +- src/tpm2/ACT_spt.c | 228 +- src/tpm2/ACT_spt_fp.h | 16 +- src/tpm2/ActivateCredential_fp.h | 48 +- src/tpm2/AlgorithmCap.c | 244 +- src/tpm2/AlgorithmCap_fp.h | 44 +- src/tpm2/AlgorithmTests.c | 873 +- src/tpm2/AlgorithmTests_fp.h | 37 +- src/tpm2/Attest_spt.c | 275 +- src/tpm2/Attest_spt_fp.h | 73 +- src/tpm2/BaseTypes.h | 37 +- src/tpm2/Bits.c | 76 +- src/tpm2/Bits_fp.h | 60 +- src/tpm2/BnConvert.c | 162 +- src/tpm2/BnEccConstants.c | 150 +- src/tpm2/BnMath.c | 246 +- src/tpm2/BnMemory.c | 206 +- src/tpm2/BnSupport_Interface.h | 24 +- src/tpm2/Cancel.c | 49 +- src/tpm2/Capabilities.h | 24 +- src/tpm2/CertifyCreation_fp.h | 58 +- src/tpm2/CertifyX509_fp.h | 57 +- src/tpm2/Certify_fp.h | 50 +- src/tpm2/ChangeEPS_fp.h | 27 +- src/tpm2/ChangePPS_fp.h | 27 +- src/tpm2/ClearControl_fp.h | 31 +- src/tpm2/Clear_fp.h | 26 +- src/tpm2/Clock.c | 110 +- src/tpm2/ClockRateAdjust_fp.h | 31 +- src/tpm2/ClockSet_fp.h | 31 +- src/tpm2/CommandAttributeData.h | 1278 +-- src/tpm2/CommandAttributes.h | 56 +- src/tpm2/CommandAudit.c | 146 +- src/tpm2/CommandAudit_fp.h | 116 +- src/tpm2/CommandCodeAttributes.c | 816 +- src/tpm2/CommandCodeAttributes_fp.h | 183 +- src/tpm2/CommandDispatchData.h | 7901 +++++++++-------- src/tpm2/CommandDispatcher.c | 570 +- src/tpm2/CommandDispatcher_fp.h | 26 +- src/tpm2/Commit_fp.h | 55 +- src/tpm2/ContextLoad_fp.h | 36 +- src/tpm2/ContextSave_fp.h | 36 +- src/tpm2/Context_spt.c | 150 +- src/tpm2/Context_spt_fp.h | 22 +- src/tpm2/CreateLoaded_fp.h | 51 +- src/tpm2/CreatePrimary_fp.h | 63 +- src/tpm2/Create_fp.h | 60 +- src/tpm2/CryptEccData.c | 64 +- src/tpm2/CryptSelfTest.c | 94 +- src/tpm2/CryptSelfTest_fp.h | 78 +- src/tpm2/CryptUtil.c | 2091 +++-- src/tpm2/DA.c | 269 +- src/tpm2/DA_fp.h | 64 +- src/tpm2/DebugHelpers.c | 131 +- src/tpm2/DictionaryAttackLockReset_fp.h | 27 +- src/tpm2/DictionaryAttackParameters_fp.h | 38 +- src/tpm2/Duplicate_fp.h | 49 +- src/tpm2/EACommands.c | 2 +- src/tpm2/ECC_Parameters_fp.h | 36 +- src/tpm2/ECDH_KeyGen_fp.h | 38 +- src/tpm2/ECDH_ZGen_fp.h | 40 +- src/tpm2/EC_Ephemeral_fp.h | 39 +- src/tpm2/EccTestData.h | 242 +- src/tpm2/EncryptDecrypt2_fp.h | 54 +- src/tpm2/EncryptDecrypt_fp.h | 54 +- src/tpm2/EncryptDecrypt_spt.c | 146 +- src/tpm2/EncryptDecrypt_spt_fp.h | 36 +- src/tpm2/Entity.c | 570 +- src/tpm2/Entity_fp.h | 85 +- src/tpm2/Entropy.c | 158 +- src/tpm2/EventSequenceComplete_fp.h | 45 +- src/tpm2/EvictControl_fp.h | 34 +- src/tpm2/ExecCommand.c | 318 +- src/tpm2/ExecCommand_fp.h | 61 +- src/tpm2/ExtraData.c | 8 +- src/tpm2/FlushContext_fp.h | 26 +- src/tpm2/GetCapability_fp.h | 45 +- src/tpm2/GetCommandAuditDigest_fp.h | 51 +- src/tpm2/GetRandom_fp.h | 36 +- src/tpm2/GetSessionAuditDigest_fp.h | 55 +- src/tpm2/GetTestResult_fp.h | 29 +- src/tpm2/GetTime_fp.h | 50 +- src/tpm2/Global.c | 50 +- src/tpm2/Global.h | 358 +- src/tpm2/GpMacros.h | 290 +- src/tpm2/HMAC_Start_fp.h | 42 +- src/tpm2/HMAC_fp.h | 44 +- src/tpm2/Handle.c | 258 +- src/tpm2/Handle_fp.h | 84 +- src/tpm2/HashSequenceStart_fp.h | 40 +- src/tpm2/HashTestData.h | 116 +- src/tpm2/Hash_fp.h | 46 +- src/tpm2/Hierarchy.c | 460 +- src/tpm2/HierarchyChangeAuth_fp.h | 30 +- src/tpm2/HierarchyControl_fp.h | 35 +- src/tpm2/Hierarchy_fp.h | 25 +- src/tpm2/Import_fp.h | 57 +- src/tpm2/IncrementalSelfTest_fp.h | 36 +- src/tpm2/InternalRoutines.h | 46 +- src/tpm2/IoBuffers.c | 108 +- src/tpm2/IoBuffers_fp.h | 62 +- src/tpm2/KdfTestData.h | 79 +- src/tpm2/LoadExternal_fp.h | 46 +- src/tpm2/Load_fp.h | 47 +- src/tpm2/Locality.c | 64 +- src/tpm2/LocalityPlat.c | 31 +- src/tpm2/Locality_fp.h | 22 +- src/tpm2/MAC_Start_fp.h | 42 +- src/tpm2/MAC_fp.h | 39 +- src/tpm2/MakeCredential_fp.h | 48 +- src/tpm2/Manufacture.c | 132 +- src/tpm2/Manufacture_fp.h | 9 +- src/tpm2/Marshal.c | 1 + src/tpm2/Marshal.h | 1 + src/tpm2/MathLibraryInterface.h | 92 +- src/tpm2/MathLibraryInterfaceTypes.h | 55 +- src/tpm2/MathOnByteBuffers.c | 146 +- src/tpm2/MathOnByteBuffers_fp.h | 48 +- src/tpm2/Memory.c | 283 +- src/tpm2/Memory_fp.h | 170 +- src/tpm2/MinMax.h | 1 - src/tpm2/NV.h | 189 +- src/tpm2/NVDynamic_fp.h | 256 - src/tpm2/NVMem.c | 229 +- src/tpm2/NV_Certify_fp.h | 63 +- src/tpm2/NV_ChangeAuth_fp.h | 31 +- src/tpm2/NV_DefineSpace2_fp.h | 18 +- src/tpm2/NV_DefineSpace_fp.h | 35 +- src/tpm2/NV_Extend_fp.h | 35 +- src/tpm2/NV_GlobalWriteLock_fp.h | 27 +- src/tpm2/NV_Increment_fp.h | 33 +- src/tpm2/NV_ReadLock_fp.h | 31 +- src/tpm2/NV_ReadPublic2_fp.h | 16 +- src/tpm2/NV_ReadPublic_fp.h | 38 +- src/tpm2/NV_Read_fp.h | 49 +- src/tpm2/NV_SetBits_fp.h | 35 +- src/tpm2/NV_UndefineSpaceSpecial_fp.h | 31 +- src/tpm2/NV_UndefineSpace_fp.h | 31 +- src/tpm2/NV_WriteLock_fp.h | 31 +- src/tpm2/NV_Write_fp.h | 39 +- src/tpm2/NV_spt.c | 338 +- src/tpm2/NV_spt_fp.h | 121 +- src/tpm2/{NVDynamic.c => NvDynamic.c} | 1078 +-- src/tpm2/NvDynamic_fp.h | 436 + src/tpm2/{NVReserved.c => NvReserved.c} | 70 +- src/tpm2/{NVReserved_fp.h => NvReserved_fp.h} | 118 +- src/tpm2/OIDs.h | 326 +- src/tpm2/Object.c | 786 +- src/tpm2/ObjectChangeAuth_fp.h | 43 +- src/tpm2/ObjectCommands.c | 26 + src/tpm2/Object_fp.h | 117 +- src/tpm2/Object_spt.c | 1647 ++-- src/tpm2/Object_spt_fp.h | 252 +- src/tpm2/PCR.c | 1224 +-- src/tpm2/PCR_Allocate_fp.h | 46 +- src/tpm2/PCR_Event_fp.h | 41 +- src/tpm2/PCR_Extend_fp.h | 31 +- src/tpm2/PCR_Read_fp.h | 41 +- src/tpm2/PCR_Reset_fp.h | 26 +- src/tpm2/PCR_SetAuthPolicy_fp.h | 39 +- src/tpm2/PCR_SetAuthValue_fp.h | 31 +- src/tpm2/PCR_fp.h | 116 +- src/tpm2/PP.c | 189 +- src/tpm2/PPPlat.c | 49 +- src/tpm2/PP_Commands_fp.h | 34 +- src/tpm2/PP_fp.h | 81 +- src/tpm2/PRNG_TestVectors.h | 132 +- src/tpm2/Platform.h | 6 +- src/tpm2/PlatformACT.c | 416 +- src/tpm2/PlatformACT.h | 212 +- src/tpm2/PlatformClock.h | 23 +- src/tpm2/PlatformData.c | 12 +- src/tpm2/PlatformData.h | 140 +- src/tpm2/PolicyAuthValue_fp.h | 27 +- src/tpm2/PolicyAuthorizeNV_fp.h | 34 +- src/tpm2/PolicyAuthorize_fp.h | 42 +- src/tpm2/PolicyCapability_fp.h | 26 +- src/tpm2/PolicyCommandCode_fp.h | 30 +- src/tpm2/PolicyCounterTimer_fp.h | 39 +- src/tpm2/PolicyCpHash_fp.h | 31 +- src/tpm2/PolicyDuplicationSelect_fp.h | 39 +- src/tpm2/PolicyGetDigest_fp.h | 36 +- src/tpm2/PolicyLocality_fp.h | 31 +- src/tpm2/PolicyNV_fp.h | 46 +- src/tpm2/PolicyNameHash_fp.h | 31 +- src/tpm2/PolicyNvWritten_fp.h | 31 +- src/tpm2/PolicyOR_fp.h | 31 +- src/tpm2/PolicyPCR_fp.h | 34 +- src/tpm2/PolicyParameters_fp.h | 16 +- src/tpm2/PolicyPassword_fp.h | 27 +- src/tpm2/PolicyPhysicalPresence_fp.h | 26 +- src/tpm2/PolicyRestart_fp.h | 27 +- src/tpm2/PolicySecret_fp.h | 58 +- src/tpm2/PolicySigned_fp.h | 63 +- src/tpm2/PolicyTemplate_fp.h | 31 +- src/tpm2/PolicyTicket_fp.h | 47 +- src/tpm2/Policy_spt.c | 374 +- src/tpm2/Policy_spt_fp.h | 95 +- src/tpm2/Power.c | 53 +- src/tpm2/PowerPlat.c | 81 +- src/tpm2/Power_fp.h | 38 +- src/tpm2/PrimeData.c | 14 +- src/tpm2/PropertyCap.c | 1027 +-- src/tpm2/PropertyCap_fp.h | 38 +- src/tpm2/Quote_fp.h | 50 +- src/tpm2/RSA_Decrypt_fp.h | 48 +- src/tpm2/RSA_Encrypt_fp.h | 49 +- src/tpm2/ReadClock_fp.h | 24 +- src/tpm2/ReadPublic_fp.h | 40 +- src/tpm2/Response.c | 70 +- src/tpm2/ResponseCodeProcessing.c | 26 +- src/tpm2/ResponseCodeProcessing_fp.h | 19 +- src/tpm2/Response_fp.h | 23 +- src/tpm2/Rewrap_fp.h | 55 +- src/tpm2/RsaTestData.h | 823 +- src/tpm2/RunCommand.c | 70 +- src/tpm2/RuntimeProfile_fp.h | 2 + src/tpm2/SelfTest.h | 2 +- src/tpm2/SelfTest_fp.h | 28 +- src/tpm2/SequenceComplete_fp.h | 47 +- src/tpm2/SequenceUpdate_fp.h | 30 +- src/tpm2/Session.c | 719 +- src/tpm2/SessionProcess.c | 2233 ++--- src/tpm2/SessionProcess_fp.h | 114 +- src/tpm2/Session_fp.h | 308 +- src/tpm2/SetAlgorithmSet_fp.h | 34 +- src/tpm2/SetCapability_fp.h | 12 +- src/tpm2/SetCommandCodeAuditStatus_fp.h | 38 +- src/tpm2/SetPrimaryPolicy_fp.h | 34 +- src/tpm2/Shutdown_fp.h | 25 +- src/tpm2/Sign_fp.h | 49 +- src/tpm2/Simulator_fp.h | 2 +- src/tpm2/StartAuthSession_fp.h | 62 +- src/tpm2/Startup_fp.h | 28 +- src/tpm2/StirRandom_fp.h | 26 +- src/tpm2/SymmetricTestData.h | 148 +- src/tpm2/TPMB.h | 18 +- src/tpm2/TPMCmdp.c | 62 +- src/tpm2/TestParms_fp.h | 27 +- src/tpm2/Ticket.c | 90 +- src/tpm2/Ticket_fp.h | 96 +- src/tpm2/Time.c | 106 +- src/tpm2/Time_fp.h | 8 +- src/tpm2/Tpm.h | 6 +- src/tpm2/{TpmAsn1.c => TpmASN1.c} | 148 +- src/tpm2/TpmASN1.h | 10 +- src/tpm2/TpmASN1_fp.h | 13 +- src/tpm2/TpmAlgorithmDefines.h | 405 +- src/tpm2/TpmBigNumThunks.c | 109 +- src/tpm2/TpmBuildSwitches.h | 2 +- src/tpm2/TpmCalculatedAttributes.h | 41 +- src/tpm2/TpmEcc_Signature_ECDAA.c | 124 +- src/tpm2/TpmEcc_Signature_ECDAA_fp.h | 20 +- src/tpm2/TpmEcc_Signature_ECDSA.c | 144 +- src/tpm2/TpmEcc_Signature_ECDSA_fp.h | 28 +- src/tpm2/TpmEcc_Signature_SM2.c | 231 +- src/tpm2/TpmEcc_Signature_SM2_fp.h | 28 +- src/tpm2/TpmEcc_Signature_Schnorr.c | 128 +- src/tpm2/TpmEcc_Signature_Schnorr_fp.h | 32 +- src/tpm2/TpmEcc_Signature_Util.c | 14 +- src/tpm2/TpmEcc_Signature_Util_fp.h | 12 +- src/tpm2/TpmEcc_Util.c | 30 +- src/tpm2/TpmEcc_Util_fp.h | 14 +- src/tpm2/TpmFail.c | 222 +- src/tpm2/TpmFail_fp.h | 18 +- src/tpm2/TpmMath_Debug.c | 90 +- src/tpm2/TpmMath_Debug_fp.h | 14 +- src/tpm2/TpmMath_Util.c | 158 +- src/tpm2/TpmMath_Util_fp.h | 34 +- src/tpm2/TpmSizeChecks.c | 197 +- src/tpm2/TpmSizeChecks_fp.h | 19 +- src/tpm2/TpmTcpProtocol.h | 127 +- src/tpm2/TpmTypes.h | 4947 ++++++----- src/tpm2/Unique.c | 20 +- src/tpm2/Unseal_fp.h | 37 +- src/tpm2/VendorInfo.c | 51 +- src/tpm2/Vendor_TCG_Test.c | 22 +- src/tpm2/Vendor_TCG_Test_fp.h | 31 +- src/tpm2/VerifyConfiguration.h | 10 +- src/tpm2/VerifySignature_fp.h | 44 +- src/tpm2/X509.h | 135 +- src/tpm2/X509_ECC.c | 60 +- src/tpm2/X509_ECC_fp.h | 46 +- src/tpm2/X509_RSA.c | 234 +- src/tpm2/X509_RSA_fp.h | 38 +- src/tpm2/X509_spt.c | 203 +- src/tpm2/X509_spt_fp.h | 230 +- src/tpm2/ZGen_2Phase_fp.h | 54 +- src/tpm2/_TPM_Hash_Data_fp.h | 19 +- src/tpm2/_TPM_Hash_End_fp.h | 16 +- src/tpm2/_TPM_Hash_Start_fp.h | 16 +- src/tpm2/_TPM_Init_fp.h | 18 +- src/tpm2/crypto/CryptCmac_fp.h | 2 +- src/tpm2/crypto/CryptEcc.h | 2 +- src/tpm2/crypto/CryptEccCrypt_fp.h | 85 +- src/tpm2/crypto/CryptEccKeyExchange_fp.h | 32 +- src/tpm2/crypto/CryptEccMain_fp.h | 142 +- src/tpm2/crypto/CryptEccSignature_fp.h | 34 +- src/tpm2/crypto/CryptHash.h | 365 +- src/tpm2/crypto/CryptHash_fp.h | 172 +- src/tpm2/crypto/CryptPrimeSieve_fp.h | 28 +- src/tpm2/crypto/CryptPrime_fp.h | 20 +- src/tpm2/crypto/CryptRand.h | 6 +- src/tpm2/crypto/CryptRand_fp.h | 235 +- src/tpm2/crypto/CryptRsa.c | 0 src/tpm2/crypto/CryptRsa.h | 8 +- src/tpm2/crypto/CryptRsa_fp.h | 221 +- src/tpm2/crypto/CryptSelfTest_fp.h | 78 +- src/tpm2/crypto/CryptSmac_fp.h | 72 +- src/tpm2/crypto/CryptSym.h | 43 +- src/tpm2/crypto/CryptSym_fp.h | 124 +- src/tpm2/crypto/CryptUtil_fp.h | 536 +- src/tpm2/crypto/ECC_Decrypt_fp.h | 51 +- src/tpm2/crypto/ECC_Encrypt_fp.h | 48 +- src/tpm2/crypto/openssl/BnConvert_fp.h | 40 +- src/tpm2/crypto/openssl/BnMath_fp.h | 12 +- src/tpm2/crypto/openssl/BnMemory_fp.h | 98 +- src/tpm2/crypto/openssl/BnToOsslMath.c | 347 +- src/tpm2/crypto/openssl/BnToOsslMath.h | 28 +- src/tpm2/crypto/openssl/BnToOsslMath_fp.h | 4 +- src/tpm2/crypto/openssl/BnValues.h | 98 +- src/tpm2/crypto/openssl/CryptCmac.c | 80 +- src/tpm2/crypto/openssl/CryptEccCrypt.c | 94 +- src/tpm2/crypto/openssl/CryptEccKeyExchange.c | 180 +- src/tpm2/crypto/openssl/CryptEccMain.c | 494 +- src/tpm2/crypto/openssl/CryptEccSignature.c | 263 +- src/tpm2/crypto/openssl/CryptHash.c | 584 +- src/tpm2/crypto/openssl/CryptPrime.c | 200 +- src/tpm2/crypto/openssl/CryptPrimeSieve.c | 398 +- src/tpm2/crypto/openssl/CryptRand.c | 712 +- src/tpm2/crypto/openssl/CryptRsa.c | 924 +- src/tpm2/crypto/openssl/CryptSmac.c | 120 +- src/tpm2/crypto/openssl/CryptSym.c | 687 +- src/tpm2/crypto/openssl/TpmToOsslHash.h | 59 +- src/tpm2/crypto/openssl/TpmToOsslSupport.c | 4 +- src/tpm2/crypto/openssl/TpmToOsslSym.h | 15 +- src/tpm2/crypto/openssl/tpm_radix.h | 14 +- src/tpm2/endian_swap.h | 142 +- src/tpm2/pcrstruct.h | 10 +- src/tpm2/platform_pcr_fp.h | 15 +- src/tpm2/platform_public_interface.h | 23 +- src/tpm2/simulator_sysheaders.h | 4 - src/tpm2/tpm_to_platform_interface.h | 150 +- 345 files changed, 31128 insertions(+), 27246 deletions(-) delete mode 100644 src/tpm2/NVDynamic_fp.h rename src/tpm2/{NVDynamic.c => NvDynamic.c} (70%) create mode 100644 src/tpm2/NvDynamic_fp.h rename src/tpm2/{NVReserved.c => NvReserved.c} (89%) rename src/tpm2/{NVReserved_fp.h => NvReserved_fp.h} (56%) rename src/tpm2/{TpmAsn1.c => TpmASN1.c} (86%) delete mode 100644 src/tpm2/crypto/CryptRsa.c diff --git a/src/Makefile.am b/src/Makefile.am index e1e7d0fe..94fe6588 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -237,9 +237,9 @@ libtpms_tpm2_la_SOURCES = \ tpm2/MathOnByteBuffers.c \ tpm2/Memory.c \ tpm2/NVCommands.c \ - tpm2/NVDynamic.c \ + tpm2/NvDynamic.c \ tpm2/NVMem.c \ - tpm2/NVReserved.c \ + tpm2/NvReserved.c \ tpm2/NV_spt.c \ tpm2/Object.c \ tpm2/ObjectCommands.c \ @@ -268,7 +268,7 @@ libtpms_tpm2_la_SOURCES = \ tpm2/TestingCommands.c \ tpm2/Ticket.c \ tpm2/Time.c \ - tpm2/TpmAsn1.c \ + tpm2/TpmASN1.c \ tpm2/TpmBigNumThunks.c \ tpm2/TpmEcc_Signature_ECDAA.c \ tpm2/TpmEcc_Signature_ECDSA.c \ @@ -426,7 +426,7 @@ noinst_HEADERS += \ tpm2/NV_ChangeAuth_fp.h \ tpm2/NV_DefineSpace_fp.h \ tpm2/NV_DefineSpace2_fp.h \ - tpm2/NVDynamic_fp.h \ + tpm2/NvDynamic_fp.h \ tpm2/NV_Extend_fp.h \ tpm2/NV_GlobalWriteLock_fp.h \ tpm2/NV.h \ @@ -435,7 +435,7 @@ noinst_HEADERS += \ tpm2/NV_ReadLock_fp.h \ tpm2/NV_ReadPublic_fp.h \ tpm2/NV_ReadPublic2_fp.h \ - tpm2/NVReserved_fp.h \ + tpm2/NvReserved_fp.h \ tpm2/NV_SetBits_fp.h \ tpm2/NV_spt_fp.h \ tpm2/NV_UndefineSpace_fp.h \ diff --git a/src/tpm2/ACT.h b/src/tpm2/ACT.h index ec609afb..d9a510af 100644 --- a/src/tpm2/ACT.h +++ b/src/tpm2/ACT.h @@ -59,199 +59,213 @@ /* */ /********************************************************************************/ -// 5.24 ACT.h - #ifndef _ACT_H_ #define _ACT_H_ + #include "TpmProfile.h" + +#if 0 // libtpms added +#if ACT_SUPPORT \ + != (RH_ACT_0 | RH_ACT_1 | RH_ACT_2 | RH_ACT_3 | RH_ACT_4 | RH_ACT_5 | RH_ACT_6 \ + | RH_ACT_7 | RH_ACT_8 | RH_ACT_9 | RH_ACT_A | RH_ACT_B | RH_ACT_C | RH_ACT_D \ + | RH_ACT_E | RH_ACT_F) +# error "If ACT_SUPPORT == NO, no ACTs can be enabled" +#endif // (ACT_SUPPORT != ...) +#endif // libtpms added + #if !(defined RH_ACT_0) || (RH_ACT_0 != YES) -# undef RH_ACT_0 -# define RH_ACT_0 NO -# define IF_ACT_0_IMPLEMENTED(op) +# undef RH_ACT_0 +# define RH_ACT_0 NO +# define IF_ACT_0_IMPLEMENTED(op) #else -# define IF_ACT_0_IMPLEMENTED(op) op(0) +# define IF_ACT_0_IMPLEMENTED(op) op(0) #endif #if !(defined RH_ACT_1) || (RH_ACT_1 != YES) -# undef RH_ACT_1 -# define RH_ACT_1 NO -# define IF_ACT_1_IMPLEMENTED(op) +# undef RH_ACT_1 +# define RH_ACT_1 NO +# define IF_ACT_1_IMPLEMENTED(op) #else -# define IF_ACT_1_IMPLEMENTED(op) op(1) +# define IF_ACT_1_IMPLEMENTED(op) op(1) #endif #if !(defined RH_ACT_2) || (RH_ACT_2 != YES) -# undef RH_ACT_2 -# define RH_ACT_2 NO -# define IF_ACT_2_IMPLEMENTED(op) +# undef RH_ACT_2 +# define RH_ACT_2 NO +# define IF_ACT_2_IMPLEMENTED(op) #else -# define IF_ACT_2_IMPLEMENTED(op) op(2) +# define IF_ACT_2_IMPLEMENTED(op) op(2) #endif #if !(defined RH_ACT_3) || (RH_ACT_3 != YES) -# undef RH_ACT_3 -# define RH_ACT_3 NO -# define IF_ACT_3_IMPLEMENTED(op) +# undef RH_ACT_3 +# define RH_ACT_3 NO +# define IF_ACT_3_IMPLEMENTED(op) #else -# define IF_ACT_3_IMPLEMENTED(op) op(3) +# define IF_ACT_3_IMPLEMENTED(op) op(3) #endif #if !(defined RH_ACT_4) || (RH_ACT_4 != YES) -# undef RH_ACT_4 -# define RH_ACT_4 NO -# define IF_ACT_4_IMPLEMENTED(op) +# undef RH_ACT_4 +# define RH_ACT_4 NO +# define IF_ACT_4_IMPLEMENTED(op) #else -# define IF_ACT_4_IMPLEMENTED(op) op(4) +# define IF_ACT_4_IMPLEMENTED(op) op(4) #endif #if !(defined RH_ACT_5) || (RH_ACT_5 != YES) -# undef RH_ACT_5 -# define RH_ACT_5 NO -# define IF_ACT_5_IMPLEMENTED(op) +# undef RH_ACT_5 +# define RH_ACT_5 NO +# define IF_ACT_5_IMPLEMENTED(op) #else -# define IF_ACT_5_IMPLEMENTED(op) op(5) +# define IF_ACT_5_IMPLEMENTED(op) op(5) #endif #if !(defined RH_ACT_6) || (RH_ACT_6 != YES) -# undef RH_ACT_6 -# define RH_ACT_6 NO -# define IF_ACT_6_IMPLEMENTED(op) +# undef RH_ACT_6 +# define RH_ACT_6 NO +# define IF_ACT_6_IMPLEMENTED(op) #else -# define IF_ACT_6_IMPLEMENTED(op) op(6) +# define IF_ACT_6_IMPLEMENTED(op) op(6) #endif #if !(defined RH_ACT_7) || (RH_ACT_7 != YES) -# undef RH_ACT_7 -# define RH_ACT_7 NO -# define IF_ACT_7_IMPLEMENTED(op) +# undef RH_ACT_7 +# define RH_ACT_7 NO +# define IF_ACT_7_IMPLEMENTED(op) #else -# define IF_ACT_7_IMPLEMENTED(op) op(7) +# define IF_ACT_7_IMPLEMENTED(op) op(7) #endif #if !(defined RH_ACT_8) || (RH_ACT_8 != YES) -# undef RH_ACT_8 -# define RH_ACT_8 NO -# define IF_ACT_8_IMPLEMENTED(op) +# undef RH_ACT_8 +# define RH_ACT_8 NO +# define IF_ACT_8_IMPLEMENTED(op) #else -# define IF_ACT_8_IMPLEMENTED(op) op(8) +# define IF_ACT_8_IMPLEMENTED(op) op(8) #endif #if !(defined RH_ACT_9) || (RH_ACT_9 != YES) -# undef RH_ACT_9 -# define RH_ACT_9 NO -# define IF_ACT_9_IMPLEMENTED(op) +# undef RH_ACT_9 +# define RH_ACT_9 NO +# define IF_ACT_9_IMPLEMENTED(op) #else -# define IF_ACT_9_IMPLEMENTED(op) op(9) +# define IF_ACT_9_IMPLEMENTED(op) op(9) #endif #if !(defined RH_ACT_A) || (RH_ACT_A != YES) -# undef RH_ACT_A -# define RH_ACT_A NO -# define IF_ACT_A_IMPLEMENTED(op) +# undef RH_ACT_A +# define RH_ACT_A NO +# define IF_ACT_A_IMPLEMENTED(op) #else -# define IF_ACT_A_IMPLEMENTED(op) op(A) +# define IF_ACT_A_IMPLEMENTED(op) op(A) #endif #if !(defined RH_ACT_B) || (RH_ACT_B != YES) -# undef RH_ACT_B -# define RH_ACT_B NO -# define IF_ACT_B_IMPLEMENTED(op) +# undef RH_ACT_B +# define RH_ACT_B NO +# define IF_ACT_B_IMPLEMENTED(op) #else -# define IF_ACT_B_IMPLEMENTED(op) op(B) +# define IF_ACT_B_IMPLEMENTED(op) op(B) #endif #if !(defined RH_ACT_C) || (RH_ACT_C != YES) -# undef RH_ACT_C -# define RH_ACT_C NO -# define IF_ACT_C_IMPLEMENTED(op) +# undef RH_ACT_C +# define RH_ACT_C NO +# define IF_ACT_C_IMPLEMENTED(op) #else -# define IF_ACT_C_IMPLEMENTED(op) op(C) +# define IF_ACT_C_IMPLEMENTED(op) op(C) #endif #if !(defined RH_ACT_D) || (RH_ACT_D != YES) -# undef RH_ACT_D -# define RH_ACT_D NO -# define IF_ACT_D_IMPLEMENTED(op) +# undef RH_ACT_D +# define RH_ACT_D NO +# define IF_ACT_D_IMPLEMENTED(op) #else -# define IF_ACT_D_IMPLEMENTED(op) op(D) +# define IF_ACT_D_IMPLEMENTED(op) op(D) #endif #if !(defined RH_ACT_E) || (RH_ACT_E != YES) -# undef RH_ACT_E -# define RH_ACT_E NO -# define IF_ACT_E_IMPLEMENTED(op) +# undef RH_ACT_E +# define RH_ACT_E NO +# define IF_ACT_E_IMPLEMENTED(op) #else -# define IF_ACT_E_IMPLEMENTED(op) op(E) +# define IF_ACT_E_IMPLEMENTED(op) op(E) #endif #if !(defined RH_ACT_F) || (RH_ACT_F != YES) -# undef RH_ACT_F -# define RH_ACT_F NO -# define IF_ACT_F_IMPLEMENTED(op) +# undef RH_ACT_F +# define RH_ACT_F NO +# define IF_ACT_F_IMPLEMENTED(op) #else -# define IF_ACT_F_IMPLEMENTED(op) op(F) +# define IF_ACT_F_IMPLEMENTED(op) op(F) #endif + #ifndef TPM_RH_ACT_0 -#error Need numeric definition for TPM_RH_ACT_0 +# error Need numeric definition for TPM_RH_ACT_0 #endif + #ifndef TPM_RH_ACT_1 -# define TPM_RH_ACT_1 (TPM_RH_ACT_0 + 1) +# define TPM_RH_ACT_1 (TPM_RH_ACT_0 + 1) #endif #ifndef TPM_RH_ACT_2 -# define TPM_RH_ACT_2 (TPM_RH_ACT_0 + 2) +# define TPM_RH_ACT_2 (TPM_RH_ACT_0 + 2) #endif #ifndef TPM_RH_ACT_3 -# define TPM_RH_ACT_3 (TPM_RH_ACT_0 + 3) +# define TPM_RH_ACT_3 (TPM_RH_ACT_0 + 3) #endif #ifndef TPM_RH_ACT_4 -# define TPM_RH_ACT_4 (TPM_RH_ACT_0 + 4) +# define TPM_RH_ACT_4 (TPM_RH_ACT_0 + 4) #endif #ifndef TPM_RH_ACT_5 -# define TPM_RH_ACT_5 (TPM_RH_ACT_0 + 5) +# define TPM_RH_ACT_5 (TPM_RH_ACT_0 + 5) #endif #ifndef TPM_RH_ACT_6 -# define TPM_RH_ACT_6 (TPM_RH_ACT_0 + 6) +# define TPM_RH_ACT_6 (TPM_RH_ACT_0 + 6) #endif #ifndef TPM_RH_ACT_7 -# define TPM_RH_ACT_7 (TPM_RH_ACT_0 + 7) +# define TPM_RH_ACT_7 (TPM_RH_ACT_0 + 7) #endif #ifndef TPM_RH_ACT_8 -# define TPM_RH_ACT_8 (TPM_RH_ACT_0 + 8) +# define TPM_RH_ACT_8 (TPM_RH_ACT_0 + 8) #endif #ifndef TPM_RH_ACT_9 -# define TPM_RH_ACT_9 (TPM_RH_ACT_0 + 9) +# define TPM_RH_ACT_9 (TPM_RH_ACT_0 + 9) #endif #ifndef TPM_RH_ACT_A -# define TPM_RH_ACT_A (TPM_RH_ACT_0 + 0xA) +# define TPM_RH_ACT_A (TPM_RH_ACT_0 + 0xA) #endif #ifndef TPM_RH_ACT_B -# define TPM_RH_ACT_B (TPM_RH_ACT_0 + 0xB) +# define TPM_RH_ACT_B (TPM_RH_ACT_0 + 0xB) #endif #ifndef TPM_RH_ACT_C -# define TPM_RH_ACT_C (TPM_RH_ACT_0 + 0xC) +# define TPM_RH_ACT_C (TPM_RH_ACT_0 + 0xC) #endif #ifndef TPM_RH_ACT_D -# define TPM_RH_ACT_D (TPM_RH_ACT_0 + 0xD) +# define TPM_RH_ACT_D (TPM_RH_ACT_0 + 0xD) #endif #ifndef TPM_RH_ACT_E -# define TPM_RH_ACT_E (TPM_RH_ACT_0 + 0xE) +# define TPM_RH_ACT_E (TPM_RH_ACT_0 + 0xE) #endif #ifndef TPM_RH_ACT_F -# define TPM_RH_ACT_F (TPM_RH_ACT_0 + 0xF) +# define TPM_RH_ACT_F (TPM_RH_ACT_0 + 0xF) #endif -#define FOR_EACH_ACT(op) \ - IF_ACT_0_IMPLEMENTED(op) \ - IF_ACT_1_IMPLEMENTED(op) \ - IF_ACT_2_IMPLEMENTED(op) \ - IF_ACT_3_IMPLEMENTED(op) \ - IF_ACT_4_IMPLEMENTED(op) \ - IF_ACT_5_IMPLEMENTED(op) \ - IF_ACT_6_IMPLEMENTED(op) \ - IF_ACT_7_IMPLEMENTED(op) \ - IF_ACT_8_IMPLEMENTED(op) \ - IF_ACT_9_IMPLEMENTED(op) \ - IF_ACT_A_IMPLEMENTED(op) \ - IF_ACT_B_IMPLEMENTED(op) \ - IF_ACT_C_IMPLEMENTED(op) \ - IF_ACT_D_IMPLEMENTED(op) \ - IF_ACT_E_IMPLEMENTED(op) \ + +#define FOR_EACH_ACT(op) \ + IF_ACT_0_IMPLEMENTED(op) \ + IF_ACT_1_IMPLEMENTED(op) \ + IF_ACT_2_IMPLEMENTED(op) \ + IF_ACT_3_IMPLEMENTED(op) \ + IF_ACT_4_IMPLEMENTED(op) \ + IF_ACT_5_IMPLEMENTED(op) \ + IF_ACT_6_IMPLEMENTED(op) \ + IF_ACT_7_IMPLEMENTED(op) \ + IF_ACT_8_IMPLEMENTED(op) \ + IF_ACT_9_IMPLEMENTED(op) \ + IF_ACT_A_IMPLEMENTED(op) \ + IF_ACT_B_IMPLEMENTED(op) \ + IF_ACT_C_IMPLEMENTED(op) \ + IF_ACT_D_IMPLEMENTED(op) \ + IF_ACT_E_IMPLEMENTED(op) \ IF_ACT_F_IMPLEMENTED(op) // This is the mask for ACT that are implemented - //#define ACT_MASK(N) | (1 << 0x##N) //#define ACT_IMPLEMENTED_MASK (0 FOR_EACH_ACT(ACT_MASK)) -#define CASE_ACT_HANDLE(N) case TPM_RH_ACT_##N: -#define CASE_ACT_NUMBER(N) case 0x##N: + +#define CASE_ACT_HANDLE(N) case TPM_RH_ACT_##N: +#define CASE_ACT_NUMBER(N) case 0x##N: + typedef struct ACT_STATE { - UINT32 remaining; - TPM_ALG_ID hashAlg; - TPM2B_DIGEST authPolicy; + UINT32 remaining; + TPM_ALG_ID hashAlg; + TPM2B_DIGEST authPolicy; } ACT_STATE, *P_ACT_STATE; -#endif // _ACT_H_ + +#endif // _ACT_H_ diff --git a/src/tpm2/ACT_SetTimeout_fp.h b/src/tpm2/ACT_SetTimeout_fp.h index 81375386..af84262f 100644 --- a/src/tpm2/ACT_SetTimeout_fp.h +++ b/src/tpm2/ACT_SetTimeout_fp.h @@ -1,79 +1,86 @@ -/********************************************************************************/ -/* */ -/* TPM2_ACT_SetTimeout Header */ -/* Written by Ken Goldman */ -/* IBM Thomas J. Watson Research Center */ -/* $Id$ */ -/* */ -/* Licenses and Notices */ -/* */ -/* 1. Copyright Licenses: */ -/* */ -/* - Trusted Computing Group (TCG) grants to the user of the source code in */ -/* this specification (the "Source Code") a worldwide, irrevocable, */ -/* nonexclusive, royalty free, copyright license to reproduce, create */ -/* derivative works, distribute, display and perform the Source Code and */ -/* derivative works thereof, and to grant others the rights granted herein. */ -/* */ -/* - The TCG grants to the user of the other parts of the specification */ -/* (other than the Source Code) the rights to reproduce, distribute, */ -/* display, and perform the specification solely for the purpose of */ -/* developing products based on such documents. */ -/* */ -/* 2. Source Code Distribution Conditions: */ -/* */ -/* - Redistributions of Source Code must retain the above copyright licenses, */ -/* this list of conditions and the following disclaimers. */ -/* */ -/* - Redistributions in binary form must reproduce the above copyright */ -/* licenses, this list of conditions and the following disclaimers in the */ -/* documentation and/or other materials provided with the distribution. */ -/* */ -/* 3. Disclaimers: */ -/* */ -/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ -/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ -/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ -/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ -/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ -/* information on specification licensing rights available through TCG */ -/* membership agreements. */ -/* */ -/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ -/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ -/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ -/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ -/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ -/* */ -/* - Without limitation, TCG and its members and licensors disclaim all */ -/* liability, including liability for infringement of any proprietary */ -/* rights, relating to use of information in this specification and to the */ -/* implementation of this specification, and TCG disclaims all liability for */ -/* cost of procurement of substitute goods or services, lost profits, loss */ -/* of use, loss of data or any incidental, consequential, direct, indirect, */ -/* or special damages, whether under contract, tort, warranty or otherwise, */ -/* arising in any way out of use or reliance upon this specification or any */ -/* information herein. */ -/* */ -/* (c) Copyright IBM Corp. and others, 2019 */ -/* */ -/********************************************************************************/ - -#ifndef ACT_SETTIMEOUT_FP_H -#define ACT_SETTIMEOUT_FP_H - -typedef struct { - TPMI_RH_ACT actHandle; - UINT32 startTimeout; -} ACT_SetTimeout_In; - -#define RC_ACT_SetTimeout_actHandle (TPM_RC_H + TPM_RC_1) -#define RC_ACT_SetTimeout_startTimeout (TPM_RC_H + TPM_RC_2) - -TPM_RC -TPM2_ACT_SetTimeout( - ACT_SetTimeout_In *in // IN: input parameter list - ); - - -#endif +/********************************************************************************/ +/* */ +/* TPM2_ACT_SetTimeout Header */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id$ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2019 */ +/* */ +/********************************************************************************/ + + +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT + +#if CC_ACT_SetTimeout // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ACT_SETTIMEOUT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ACT_SETTIMEOUT_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_ACT actHandle; + UINT32 startTimeout; +} ACT_SetTimeout_In; + +// Response code modifiers +# define RC_ACT_SetTimeout_actHandle (TPM_RC_H + TPM_RC_1) +# define RC_ACT_SetTimeout_startTimeout (TPM_RC_P + TPM_RC_1) + +// Function prototype +TPM_RC +TPM2_ACT_SetTimeout(ACT_SetTimeout_In* in); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ACT_SETTIMEOUT_FP_H_ +#endif // CC_ACT_SetTimeout diff --git a/src/tpm2/ACT_spt.c b/src/tpm2/ACT_spt.c index ed09ae7b..be0262b4 100644 --- a/src/tpm2/ACT_spt.c +++ b/src/tpm2/ACT_spt.c @@ -82,15 +82,15 @@ // and turns signaling back on if necessary. #ifndef __ACT_DISABLED // libtpms added static void _ActResume(UINT32 act, //IN: the act number - ACT_STATE* actData //IN: pointer to the saved ACT data - ) + ACT_STATE* actData //IN: pointer to the saved ACT data +) { // If the act was non-zero, then restore the counter value. if(actData->remaining > 0) - _plat__ACT_UpdateCounter(act, actData->remaining); + _plat__ACT_UpdateCounter(act, actData->remaining); // if the counter was zero and the ACT signaling, enable the signaling. else if(go.signaledACT & (1 << act)) - _plat__ACT_SetSignaled(act, TRUE); + _plat__ACT_SetSignaled(act, TRUE); } #endif // libtpms added @@ -100,35 +100,35 @@ BOOL ActStartup(STARTUP_TYPE type) { // Reset all the ACT hardware _plat__ACT_Initialize(); - + // If this not a cold start, copy all the current 'signaled' settings to // 'preservedSignaled'. #ifndef __ACT_DISABLED // libtpms added if(g_powerWasLost) - go.preservedSignaled = 0; + go.preservedSignaled = 0; else - go.preservedSignaled |= go.signaledACT; + go.preservedSignaled |= go.signaledACT; #endif // libtpms added - + // For TPM_RESET or TPM_RESTART, the ACTs will all be disabled and the output // de-asserted. if(type != SU_RESUME) - { + { #ifndef __ACT_DISABLED // libtpms added - go.signaledACT = 0; + go.signaledACT = 0; #endif // libtpms added -# define CLEAR_ACT_POLICY(N) \ - go.ACT_##N.hashAlg = TPM_ALG_NULL; \ - go.ACT_##N.authPolicy.b.size = 0; - FOR_EACH_ACT(CLEAR_ACT_POLICY) - } +# define CLEAR_ACT_POLICY(N) \ + go.ACT_##N.hashAlg = TPM_ALG_NULL; \ + go.ACT_##N.authPolicy.b.size = 0; + FOR_EACH_ACT(CLEAR_ACT_POLICY) + } else - { - // Resume each of the implemented ACT + { + // Resume each of the implemented ACT # define RESUME_ACT(N) _ActResume(0x##N, &go.ACT_##N); - - FOR_EACH_ACT(RESUME_ACT) - } + + FOR_EACH_ACT(RESUME_ACT) + } // set no ACT updated since last startup. This is to enable the halving of the // timeout value s_ActUpdated = 0; @@ -146,13 +146,13 @@ static void _ActSaveState(UINT32 act, P_ACT_STATE actData) // If the ACT hasn't been updated since the last startup, then it should be // be halved. if((s_ActUpdated & (1 << act)) == 0) - { - // Don't halve if the count is set to max or if halving would make it zero - if((actData->remaining != UINT32_MAX) && (actData->remaining > 1)) - actData->remaining /= 2; - } + { + // Don't halve if the count is set to max or if halving would make it zero + if((actData->remaining != UINT32_MAX) && (actData->remaining > 1)) + actData->remaining /= 2; + } if(_plat__ACT_GetSignaled(act)) - go.signaledACT |= (1 << act); + go.signaledACT |= (1 << act); } //*** ActGetSignaled() @@ -168,7 +168,7 @@ BOOL ActGetSignaled(TPM_RH actHandle) //***ActShutdown() // This function saves the current state of the counters BOOL ActShutdown(TPM_SU state //IN: the type of the shutdown. - ) +) { // if this is not shutdown state, then the only type of startup is TPM_RESTART // so the timer values will be cleared. If this is shutdown state, get the current @@ -176,16 +176,16 @@ BOOL ActShutdown(TPM_SU state //IN: the type of the shutdown. // since the last restart, divide the time by 2 so that there is no attack on the // countdown by saving the countdown state early and then not using the TPM. if(state == TPM_SU_STATE) - { - // This will be populated as each of the ACT is queried + { + // This will be populated as each of the ACT is queried #ifndef __ACT_DISABLED // libtpms added - go.signaledACT = 0; + go.signaledACT = 0; #endif // libtpms added - // Get the current count and the signaled state + // Get the current count and the signaled state # define SAVE_ACT_STATE(N) _ActSaveState(0x##N, &go.ACT_##N); - - FOR_EACH_ACT(SAVE_ACT_STATE); - } + + FOR_EACH_ACT(SAVE_ACT_STATE); + } return TRUE; } @@ -196,16 +196,16 @@ BOOL ActIsImplemented(UINT32 act) { // This switch accounts for the TPM implemented values. switch(act) - { + { #ifndef __ACT_DISABLED // libtpms added - FOR_EACH_ACT(CASE_ACT_NUMBER) - // This ensures that the platform implements the values implemented by - // the TPM - return _plat__ACT_GetImplemented(act); + FOR_EACH_ACT(CASE_ACT_NUMBER) + // This ensures that the platform implements the values implemented by + // the TPM + return _plat__ACT_GetImplemented(act); #endif // libtpms added - default: - break; - } + default: + break; + } return FALSE; } @@ -215,8 +215,8 @@ BOOL ActIsImplemented(UINT32 act) // it returns TPM_RC_RETRY so that the update can be tried again later. TPM_RC ActCounterUpdate(TPM_RH handle, //IN: the handle of the act - UINT32 newValue //IN: the value to set in the ACT - ) + UINT32 newValue //IN: the value to set in the ACT +) { UINT32 act; TPM_RC result; @@ -224,31 +224,31 @@ ActCounterUpdate(TPM_RH handle, //IN: the handle of the act act = handle - TPM_RH_ACT_0; // This should never fail, but... if(!_plat__ACT_GetImplemented(act)) - result = TPM_RC_VALUE; + result = TPM_RC_VALUE; else - { - // Will need to clear orderly so fail if we are orderly and NV is - // not available - if(NV_IS_ORDERLY) - RETURN_IF_NV_IS_NOT_AVAILABLE; - // if the attempt to update the counter fails, it means that there is an - // update pending so wait until it has occurred and then do an update. - if(!_plat__ACT_UpdateCounter(act, newValue)) - result = TPM_RC_RETRY; - else - { - // Indicate that the ACT has been updated since last TPM2_Startup(). - s_ActUpdated |= (UINT16)(1 << act); - - // Clear the preservedSignaled attribute. - go.preservedSignaled &= ~((UINT16)(1 << act)); - - // Need to clear the orderly flag - g_clearOrderly = TRUE; - - result = TPM_RC_SUCCESS; - } - } + { + // Will need to clear orderly so fail if we are orderly and NV is + // not available + if(NV_IS_ORDERLY) + RETURN_IF_NV_IS_NOT_AVAILABLE; + // if the attempt to update the counter fails, it means that there is an + // update pending so wait until it has occurred and then do an update. + if(!_plat__ACT_UpdateCounter(act, newValue)) + result = TPM_RC_RETRY; + else + { + // Indicate that the ACT has been updated since last TPM2_Startup(). + s_ActUpdated |= (UINT16)(1 << act); + + // Clear the preservedSignaled attribute. + go.preservedSignaled &= ~((UINT16)(1 << act)); + + // Need to clear the orderly flag + g_clearOrderly = TRUE; + + result = TPM_RC_SUCCESS; + } + } return result; } #endif // libtpms added @@ -260,49 +260,49 @@ ActCounterUpdate(TPM_RH handle, //IN: the handle of the act // NO if no more ACT data to TPMI_YES_NO ActGetCapabilityData(TPM_HANDLE actHandle, // IN: the handle for the starting ACT - UINT32 maxCount, // IN: maximum allowed return values - TPML_ACT_DATA* actList // OUT: ACT data list - ) + UINT32 maxCount, // IN: maximum allowed return values + TPML_ACT_DATA* actList // OUT: ACT data list +) { // Initialize output property list actList->count = 0; - + // Make sure that the starting handle value is in range (again) if((actHandle < TPM_RH_ACT_0) || (actHandle > TPM_RH_ACT_F)) - return FALSE; + return FALSE; // The maximum count of curves we may return is MAX_ECC_CURVES if(maxCount > MAX_ACT_DATA) maxCount = MAX_ACT_DATA; // Scan the ACT data from the starting ACT for(; actHandle <= TPM_RH_ACT_F; actHandle++) - { - UINT32 act = actHandle - TPM_RH_ACT_0; - if(actList->count < maxCount) - { - if(ActIsImplemented(act)) - { - TPMS_ACT_DATA* actData = &actList->actData[actList->count]; - // - memset(&actData->attributes, 0, sizeof(actData->attributes)); - actData->handle = actHandle; - actData->timeout = _plat__ACT_GetRemaining(act); - if(_plat__ACT_GetSignaled(act)) - SET_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled); - else - CLEAR_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled); + { + UINT32 act = actHandle - TPM_RH_ACT_0; + if(actList->count < maxCount) + { + if(ActIsImplemented(act)) + { + TPMS_ACT_DATA* actData = &actList->actData[actList->count]; + // + memset(&actData->attributes, 0, sizeof(actData->attributes)); + actData->handle = actHandle; + actData->timeout = _plat__ACT_GetRemaining(act); + if(_plat__ACT_GetSignaled(act)) + SET_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled); + else + CLEAR_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled); #ifndef __ACT_DISABLED // libtpms added - if(go.preservedSignaled & (1 << act)) - SET_ATTRIBUTE(actData->attributes, TPMA_ACT, preserveSignaled); + if(go.preservedSignaled & (1 << act)) + SET_ATTRIBUTE(actData->attributes, TPMA_ACT, preserveSignaled); #endif // libtpms added - actList->count++; - } - } - else - { - if(_plat__ACT_GetImplemented(act)) - return YES; - } - } + actList->count++; + } + } + else + { + if(_plat__ACT_GetImplemented(act)) + return YES; + } + } // If we get here, either all of the ACT values were put in the list, or the list // was filled and there are no more ACT values to return return NO; @@ -312,24 +312,24 @@ ActGetCapabilityData(TPM_HANDLE actHandle, // IN: the handle for the starti //*** ActGetOneCapability() // This function returns an ACT's capability, if present. BOOL ActGetOneCapability(TPM_HANDLE actHandle, // IN: the handle for the ACT - TPMS_ACT_DATA* actData // OUT: ACT data - ) + TPMS_ACT_DATA* actData // OUT: ACT data +) { UINT32 act = actHandle - TPM_RH_ACT_0; - + if(ActIsImplemented(actHandle - TPM_RH_ACT_0)) - { - memset(&actData->attributes, 0, sizeof(actData->attributes)); - actData->handle = actHandle; - actData->timeout = _plat__ACT_GetRemaining(act); - if(_plat__ACT_GetSignaled(act)) - SET_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled); - else - CLEAR_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled); - if(go.preservedSignaled & (1 << act)) - SET_ATTRIBUTE(actData->attributes, TPMA_ACT, preserveSignaled); - return TRUE; - } + { + memset(&actData->attributes, 0, sizeof(actData->attributes)); + actData->handle = actHandle; + actData->timeout = _plat__ACT_GetRemaining(act); + if(_plat__ACT_GetSignaled(act)) + SET_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled); + else + CLEAR_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled); + if(go.preservedSignaled & (1 << act)) + SET_ATTRIBUTE(actData->attributes, TPMA_ACT, preserveSignaled); + return TRUE; + } return FALSE; } #endif // libtpms: added diff --git a/src/tpm2/ACT_spt_fp.h b/src/tpm2/ACT_spt_fp.h index c69fb721..368bb4cd 100644 --- a/src/tpm2/ACT_spt_fp.h +++ b/src/tpm2/ACT_spt_fp.h @@ -77,7 +77,7 @@ BOOL ActGetSignaled(TPM_RH actHandle); //***ActShutdown() // This function saves the current state of the counters BOOL ActShutdown(TPM_SU state //IN: the type of the shutdown. - ); +); //*** ActIsImplemented() // This function determines if an ACT is implemented in both the TPM and the platform @@ -89,8 +89,8 @@ BOOL ActIsImplemented(UINT32 act); // it returns TPM_RC_RETRY so that the update can be tried again later. TPM_RC ActCounterUpdate(TPM_RH handle, //IN: the handle of the act - UINT32 newValue //IN: the value to set in the ACT - ); + UINT32 newValue //IN: the value to set in the ACT +); //*** ActGetCapabilityData() // This function returns the list of ACT data @@ -99,14 +99,14 @@ ActCounterUpdate(TPM_RH handle, //IN: the handle of the act // NO if no more ACT data to TPMI_YES_NO ActGetCapabilityData(TPM_HANDLE actHandle, // IN: the handle for the starting ACT - UINT32 maxCount, // IN: maximum allowed return values - TPML_ACT_DATA* actList // OUT: ACT data list - ); + UINT32 maxCount, // IN: maximum allowed return values + TPML_ACT_DATA* actList // OUT: ACT data list +); //*** ActGetOneCapability() // This function returns an ACT's capability, if present. BOOL ActGetOneCapability(TPM_HANDLE actHandle, // IN: the handle for the ACT - TPMS_ACT_DATA* actData // OUT: ACT data - ); + TPMS_ACT_DATA* actData // OUT: ACT data +); #endif // _ACT_SPT_FP_H_ diff --git a/src/tpm2/ActivateCredential_fp.h b/src/tpm2/ActivateCredential_fp.h index 841d1178..0083e2e7 100644 --- a/src/tpm2/ActivateCredential_fp.h +++ b/src/tpm2/ActivateCredential_fp.h @@ -59,30 +59,38 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef ACTIVATECREDENTIAL_FP_H -#define ACTIVATECREDENTIAL_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT activateHandle; - TPMI_DH_OBJECT keyHandle; - TPM2B_ID_OBJECT credentialBlob; - TPM2B_ENCRYPTED_SECRET secret; +#if CC_ActivateCredential // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ACTIVATECREDENTIAL_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ACTIVATECREDENTIAL_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT activateHandle; + TPMI_DH_OBJECT keyHandle; + TPM2B_ID_OBJECT credentialBlob; + TPM2B_ENCRYPTED_SECRET secret; } ActivateCredential_In; -#define RC_ActivateCredential_activateHandle (TPM_RC_H + TPM_RC_1) -#define RC_ActivateCredential_keyHandle (TPM_RC_H + TPM_RC_2) -#define RC_ActivateCredential_credentialBlob (TPM_RC_P + TPM_RC_1) -#define RC_ActivateCredential_secret (TPM_RC_P + TPM_RC_2) - -typedef struct { - TPM2B_DIGEST certInfo; +// Output structure definition +typedef struct +{ + TPM2B_DIGEST certInfo; } ActivateCredential_Out; +// Response code modifiers +# define RC_ActivateCredential_activateHandle (TPM_RC_H + TPM_RC_1) +# define RC_ActivateCredential_keyHandle (TPM_RC_H + TPM_RC_2) +# define RC_ActivateCredential_credentialBlob (TPM_RC_P + TPM_RC_1) +# define RC_ActivateCredential_secret (TPM_RC_P + TPM_RC_2) + +// Function prototype TPM_RC -TPM2_ActivateCredential( - ActivateCredential_In *in, // IN: input parameter list - ActivateCredential_Out *out // OUT: output parameter list - ); -#endif +TPM2_ActivateCredential(ActivateCredential_In* in, ActivateCredential_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ACTIVATECREDENTIAL_FP_H_ +#endif // CC_ActivateCredential diff --git a/src/tpm2/AlgorithmCap.c b/src/tpm2/AlgorithmCap.c index 15546439..d2becd80 100644 --- a/src/tpm2/AlgorithmCap.c +++ b/src/tpm2/AlgorithmCap.c @@ -58,170 +58,188 @@ /* */ /********************************************************************************/ -/* 9.1 AlgorithmCap.c */ -/* 9.1.1 Description */ -/* This file contains the algorithm property definitions for the algorithms and the code for the - TPM2_GetCapability() to return the algorithm properties. */ -/* 9.1.2 Includes and Defines */ +//** Description +// This file contains the algorithm property definitions for the algorithms and the +// code for the TPM2_GetCapability() to return the algorithm properties. + +//** Includes and Defines + #include "Tpm.h" + typedef struct { - TPM_ALG_ID algID; - TPMA_ALGORITHM attributes; + TPM_ALG_ID algID; + TPMA_ALGORITHM attributes; } ALGORITHM; -static const ALGORITHM s_algorithms[] = - { - // The entries in this table need to be in ascending order but the table doesn't - // need to be full (gaps are allowed). One day, a tool might exist to fill in the - // table from the TPM_ALG description + +static const ALGORITHM s_algorithms[] = { +// The entries in this table need to be in ascending order but the table doesn't +// need to be full (gaps are allowed). One day, a tool might exist to fill in the +// table from the TPM_ALG description #if ALG_RSA - {TPM_ALG_RSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, + {TPM_ALG_RSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, #endif -#if ALG_TDES + +#if ALG_TDES // libtpms added begin {TPM_ALG_TDES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, -#endif +#endif // libtpms added end + #if ALG_SHA1 - {TPM_ALG_SHA1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, + {TPM_ALG_SHA1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, #endif - {TPM_ALG_HMAC, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 1, 0, 0, 0)}, + + {TPM_ALG_HMAC, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 1, 0, 0, 0)}, + #if ALG_AES - {TPM_ALG_AES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, + {TPM_ALG_AES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_MGF1 - {TPM_ALG_MGF1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, + {TPM_ALG_MGF1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, #endif - {TPM_ALG_KEYEDHASH, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 1, 0, 1, 1, 0, 0)}, + + {TPM_ALG_KEYEDHASH, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 1, 0, 1, 1, 0, 0)}, + #if ALG_XOR - {TPM_ALG_XOR, TPMA_ALGORITHM_INITIALIZER(0, 1, 1, 0, 0, 0, 0, 0, 0)}, + {TPM_ALG_XOR, TPMA_ALGORITHM_INITIALIZER(0, 1, 1, 0, 0, 0, 0, 0, 0)}, #endif + #if ALG_SHA256 - {TPM_ALG_SHA256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, + {TPM_ALG_SHA256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_SHA384 - {TPM_ALG_SHA384, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, + {TPM_ALG_SHA384, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_SHA512 - {TPM_ALG_SHA512, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, + {TPM_ALG_SHA512, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_SM3_256 - {TPM_ALG_SM3_256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, + {TPM_ALG_SM3_256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_SM4 - {TPM_ALG_SM4, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, + {TPM_ALG_SM4, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_RSASSA - {TPM_ALG_RSASSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, + {TPM_ALG_RSASSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, #endif #if ALG_RSAES - {TPM_ALG_RSAES, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, + {TPM_ALG_RSAES, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, #endif #if ALG_RSAPSS - {TPM_ALG_RSAPSS, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, + {TPM_ALG_RSAPSS, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, #endif #if ALG_OAEP - {TPM_ALG_OAEP, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, + {TPM_ALG_OAEP, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, #endif #if ALG_ECDSA - {TPM_ALG_ECDSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, + {TPM_ALG_ECDSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, #endif #if ALG_ECDH - {TPM_ALG_ECDH, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, + {TPM_ALG_ECDH, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, #endif #if ALG_ECDAA - {TPM_ALG_ECDAA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, + {TPM_ALG_ECDAA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, #endif #if ALG_SM2 - {TPM_ALG_SM2, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 1, 0)}, + {TPM_ALG_SM2, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 1, 0)}, #endif #if ALG_ECSCHNORR - {TPM_ALG_ECSCHNORR, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, + {TPM_ALG_ECSCHNORR, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, #endif #if ALG_ECMQV - {TPM_ALG_ECMQV, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, + {TPM_ALG_ECMQV, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, #endif #if ALG_KDF1_SP800_56A - {TPM_ALG_KDF1_SP800_56A, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, + {TPM_ALG_KDF1_SP800_56A, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, #endif #if ALG_KDF2 - {TPM_ALG_KDF2, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, + {TPM_ALG_KDF2, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, #endif #if ALG_KDF1_SP800_108 - {TPM_ALG_KDF1_SP800_108, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, + {TPM_ALG_KDF1_SP800_108, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, #endif #if ALG_ECC - {TPM_ALG_ECC, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, + {TPM_ALG_ECC, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, #endif - {TPM_ALG_SYMCIPHER, TPMA_ALGORITHM_INITIALIZER(0, 0, 0, 1, 0, 0, 0, 0, 0)}, + + {TPM_ALG_SYMCIPHER, TPMA_ALGORITHM_INITIALIZER(0, 0, 0, 1, 0, 0, 0, 0, 0)}, + #if ALG_CAMELLIA - {TPM_ALG_CAMELLIA, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, + {TPM_ALG_CAMELLIA, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_CMAC - {TPM_ALG_CMAC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 1, 0, 0, 0)}, + {TPM_ALG_CMAC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 1, 0, 0, 0)}, #endif #if ALG_CTR - {TPM_ALG_CTR, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, + {TPM_ALG_CTR, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, #endif #if ALG_OFB - {TPM_ALG_OFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, + {TPM_ALG_OFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, #endif #if ALG_CBC - {TPM_ALG_CBC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, + {TPM_ALG_CBC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, #endif #if ALG_CFB - {TPM_ALG_CFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, + {TPM_ALG_CFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, #endif #if ALG_ECB - {TPM_ALG_ECB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, + {TPM_ALG_ECB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, #endif - }; -/* 9.1.3 AlgorithmCapGetImplemented() */ -/* This function is used by TPM2_GetCapability() to return a list of the implemented algorithms. */ -/* Return Values Meaning */ -/* YES more algorithms to report */ -/* NO no more algorithms to report */ +}; + +//** AlgorithmCapGetImplemented() +// This function is used by TPM2_GetCapability() to return a list of the +// implemented algorithms. +// +// Return Type: TPMI_YES_NO +// YES more algorithms to report +// NO no more algorithms to report TPMI_YES_NO -AlgorithmCapGetImplemented( - TPM_ALG_ID algID, // IN: the starting algorithm ID - UINT32 count, // IN: count of returned algorithms - TPML_ALG_PROPERTY *algList // OUT: algorithm list - ) +AlgorithmCapGetImplemented(TPM_ALG_ID algID, // IN: the starting algorithm ID + UINT32 count, // IN: count of returned algorithms + TPML_ALG_PROPERTY* algList // OUT: algorithm list +) { - TPMI_YES_NO more = NO; - UINT32 i; - UINT32 algNum; + TPMI_YES_NO more = NO; + UINT32 i; + UINT32 algNum; + // initialize output algorithm list algList->count = 0; + // The maximum count of algorithms we may return is MAX_CAP_ALGS. if(count > MAX_CAP_ALGS) - count = MAX_CAP_ALGS; + count = MAX_CAP_ALGS; + // Compute how many algorithms are defined in s_algorithms array. algNum = sizeof(s_algorithms) / sizeof(s_algorithms[0]); + // Scan the implemented algorithm list to see if there is a match to 'algID'. for(i = 0; i < algNum; i++) - { - // If algID is less than the starting algorithm ID, skip it - if(s_algorithms[i].algID < algID) - continue; - if(!RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,// libtpms added begin - s_algorithms[i].algID)) - continue; // libtpms added end - if(algList->count < count) - { - // If we have not filled up the return list, add more algorithms - // to it - algList->algProperties[algList->count].alg = s_algorithms[i].algID; - algList->algProperties[algList->count].algProperties = - s_algorithms[i].attributes; - algList->count++; - } - else - { - // If the return list is full but we still have algorithms - // available, report this and stop scanning. - more = YES; - break; - } - } + { + // If algID is less than the starting algorithm ID, skip it + if(s_algorithms[i].algID < algID) + continue; + if(!RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,// libtpms added begin + s_algorithms[i].algID)) + continue; // libtpms added end + if(algList->count < count) + { + // If we have not filled up the return list, add more algorithms + // to it + algList->algProperties[algList->count].alg = s_algorithms[i].algID; + algList->algProperties[algList->count].algProperties = + s_algorithms[i].attributes; + algList->count++; + } + else + { + // If the return list is full but we still have algorithms + // available, report this and stop scanning. + more = YES; + break; + } + } + return more; } @@ -229,9 +247,9 @@ AlgorithmCapGetImplemented( // This function returns whether a single algorithm was implemented, along // with its properties (if implemented). BOOL AlgorithmCapGetOneImplemented( - TPM_ALG_ID algID, // IN: the algorithm ID - TPMS_ALG_PROPERTY* algProperty // OUT: algorithm properties - ) + TPM_ALG_ID algID, // IN: the algorithm ID + TPMS_ALG_PROPERTY* algProperty // OUT: algorithm properties +) { UINT32 i; UINT32 algNum; @@ -244,39 +262,37 @@ BOOL AlgorithmCapGetOneImplemented( // Scan the implemented algorithm list to see if there is a match to 'algID'. for(i = 0; i < algNum; i++) - { - // If algID is less than the starting algorithm ID, skip it - if(s_algorithms[i].algID == algID) - { - algProperty->alg = algID; - algProperty->algProperties = s_algorithms[i].attributes; - return TRUE; - } - } + { + // If algID is less than the starting algorithm ID, skip it + if(s_algorithms[i].algID == algID) + { + algProperty->alg = algID; + algProperty->algProperties = s_algorithms[i].attributes; + return TRUE; + } + } + return FALSE; } - -/* 9.1.4 AlgorithmGetImplementedVector() - - This function returns the bit vector of the implemented algorithms. -*/ +//** AlgorithmGetImplementedVector() +// This function returns the bit vector of the implemented algorithms. LIB_EXPORT -void -AlgorithmGetImplementedVector( - ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET - ) +void AlgorithmGetImplementedVector( + ALGORITHM_VECTOR* implemented // OUT: the implemented bits are SET +) { - int index; + int index; + // Nothing implemented until we say it is MemorySet(implemented, 0, sizeof(ALGORITHM_VECTOR)); // Go through the list of implemented algorithms and SET the corresponding bit in // in the implemented vector - for(index = (sizeof(s_algorithms) / sizeof(s_algorithms[0])) - 1; - index >= 0; index--) { // libtpms changed - if (RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, // libtpms added begin - s_algorithms[index].algID)) - SET_BIT(s_algorithms[index].algID, *implemented); + for(index = (sizeof(s_algorithms) / sizeof(s_algorithms[0])) - 1; index >= 0; + index--) { // libtpms changed + if (RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, // libtpms added begin + s_algorithms[index].algID)) + SET_BIT(s_algorithms[index].algID, *implemented); } // libtpms added end return; } diff --git a/src/tpm2/AlgorithmCap_fp.h b/src/tpm2/AlgorithmCap_fp.h index c51b2feb..b37ad4a0 100644 --- a/src/tpm2/AlgorithmCap_fp.h +++ b/src/tpm2/AlgorithmCap_fp.h @@ -58,28 +58,40 @@ /* */ /********************************************************************************/ -#ifndef ALGORITHMCAP_FP_H -#define ALGORITHMCAP_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ +#ifndef _ALGORITHM_CAP_FP_H_ +#define _ALGORITHM_CAP_FP_H_ + +//** AlgorithmCapGetImplemented() +// This function is used by TPM2_GetCapability() to return a list of the +// implemented algorithms. +// +// Return Type: TPMI_YES_NO +// YES more algorithms to report +// NO no more algorithms to report TPMI_YES_NO -AlgorithmCapGetImplemented( - TPM_ALG_ID algID, // IN: the starting algorithm ID - UINT32 count, // IN: count of returned algorithms - TPML_ALG_PROPERTY *algList // OUT: algorithm list - ); +AlgorithmCapGetImplemented(TPM_ALG_ID algID, // IN: the starting algorithm ID + UINT32 count, // IN: count of returned algorithms + TPML_ALG_PROPERTY* algList // OUT: algorithm list +); + //** AlgorithmCapGetOneImplemented() // This function returns whether a single algorithm was implemented, along // with its properties (if implemented). BOOL AlgorithmCapGetOneImplemented( - TPM_ALG_ID algID, // IN: the algorithm ID - TPMS_ALG_PROPERTY* algProperty // OUT: algorithm properties - ); + TPM_ALG_ID algID, // IN: the algorithm ID + TPMS_ALG_PROPERTY* algProperty // OUT: algorithm properties +); +//** AlgorithmGetImplementedVector() +// This function returns the bit vector of the implemented algorithms. LIB_EXPORT -void -AlgorithmGetImplementedVector( - ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET - ); +void AlgorithmGetImplementedVector( + ALGORITHM_VECTOR* implemented // OUT: the implemented bits are SET +); - -#endif +#endif // _ALGORITHM_CAP_FP_H_ diff --git a/src/tpm2/AlgorithmTests.c b/src/tpm2/AlgorithmTests.c index eca917d0..9bc5f868 100644 --- a/src/tpm2/AlgorithmTests.c +++ b/src/tpm2/AlgorithmTests.c @@ -80,33 +80,33 @@ # include "HashTestData.h" # include "KdfTestData.h" -# define TEST_DEFAULT_TEST_HASH(vector) \ - if(TEST_BIT(DEFAULT_TEST_HASH, g_toTest)) \ - TestHash(DEFAULT_TEST_HASH, vector); +# define TEST_DEFAULT_TEST_HASH(vector) \ + if(TEST_BIT(DEFAULT_TEST_HASH, g_toTest)) \ + TestHash(DEFAULT_TEST_HASH, vector); // Make sure that the algorithm has been tested -# define CLEAR_BOTH(alg) \ - { \ - CLEAR_BIT(alg, *toTest); \ - if(toTest != &g_toTest) \ - CLEAR_BIT(alg, g_toTest); \ - } +# define CLEAR_BOTH(alg) \ + { \ + CLEAR_BIT(alg, *toTest); \ + if(toTest != &g_toTest) \ + CLEAR_BIT(alg, g_toTest); \ + } -# define SET_BOTH(alg) \ - { \ - SET_BIT(alg, *toTest); \ - if(toTest != &g_toTest) \ - SET_BIT(alg, g_toTest); \ - } +# define SET_BOTH(alg) \ + { \ + SET_BIT(alg, *toTest); \ + if(toTest != &g_toTest) \ + SET_BIT(alg, g_toTest); \ + } -# define TEST_BOTH(alg) \ - ((toTest != &g_toTest) ? TEST_BIT(alg, *toTest) || TEST_BIT(alg, g_toTest) \ - : TEST_BIT(alg, *toTest)) +# define TEST_BOTH(alg) \ + ((toTest != &g_toTest) ? TEST_BIT(alg, *toTest) || TEST_BIT(alg, g_toTest) \ + : TEST_BIT(alg, *toTest)) // Can only cancel if doing a list. -# define CHECK_CANCELED \ - if(_plat__IsCanceled() && toTest != &g_toTest) \ - return TPM_RC_CANCELED; +# define CHECK_CANCELED \ + if(_plat__IsCanceled() && toTest != &g_toTest) \ + return TPM_RC_CANCELED; //** Hash Tests @@ -124,35 +124,35 @@ static TPM_RC TestHash(TPM_ALG_ID hashAlg, ALGORITHM_VECTOR* toTest) // TPM2B_TYPE(HMAC_BLOCK, DEFAULT_TEST_HASH_BLOCK_SIZE); pAssert(hashAlg != TPM_ALG_NULL); -# define HASH_CASE_FOR_TEST(HASH, hash) \ - case ALG_##HASH##_VALUE: \ - testDigest = &c_##HASH##_digest.b; \ - break; +# define HASH_CASE_FOR_TEST(HASH, hash) \ + case ALG_##HASH##_VALUE: \ + testDigest = &c_##HASH##_digest.b; \ + break; switch(hashAlg) - { - FOR_EACH_HASH(HASH_CASE_FOR_TEST) + { + FOR_EACH_HASH(HASH_CASE_FOR_TEST) - default: - FAIL(FATAL_ERROR_INTERNAL); - } + default: + FAIL(FATAL_ERROR_INTERNAL); + } // Clear the to-test bits CLEAR_BOTH(hashAlg); // If there is an algorithm without test vectors, then assume that things are OK. if(testDigest == NULL || testDigest->size == 0) - return TPM_RC_SUCCESS; + return TPM_RC_SUCCESS; // Set the HMAC key to twice the digest size digestSize = CryptHashGetDigestSize(hashAlg); CryptHmacStart(&state, hashAlg, digestSize * 2, (BYTE*)c_hashTestKey.t.buffer); CryptDigestUpdate(&state.hashState, - 2 * CryptHashGetBlockSize(hashAlg), - (BYTE*)c_hashTestData.t.buffer); + 2 * CryptHashGetBlockSize(hashAlg), + (BYTE*)c_hashTestData.t.buffer); computed.t.size = digestSize; CryptHmacEnd(&state, digestSize, computed.t.buffer); if((testDigest->size != computed.t.size) || (memcmp(testDigest->buffer, computed.t.buffer, computed.b.size) != 0)) - SELF_TEST_FAILURE; + SELF_TEST_FAILURE; return TPM_RC_SUCCESS; } // libtpms added begin @@ -197,33 +197,33 @@ TestSMAC( //*** MakeIv() // Internal function to make the appropriate IV depending on the mode. static UINT32 MakeIv(TPM_ALG_ID mode, // IN: symmetric mode - UINT32 size, // IN: block size of the algorithm - BYTE* iv // OUT: IV to fill in - ) + UINT32 size, // IN: block size of the algorithm + BYTE* iv // OUT: IV to fill in +) { BYTE i; if(mode == TPM_ALG_ECB) - return 0; + return 0; if(mode == TPM_ALG_CTR) - { - // The test uses an IV that has 0xff in the last byte - for(i = 1; i <= size; i++) - *iv++ = 0xff - (BYTE)(size - i); - } + { + // The test uses an IV that has 0xff in the last byte + for(i = 1; i <= size; i++) + *iv++ = 0xff - (BYTE)(size - i); + } else - { - for(i = 0; i < size; i++) - *iv++ = i; - } + { + for(i = 0; i < size; i++) + *iv++ = i; + } return size; } //*** TestSymmetricAlgorithm() // Function to test a specific algorithm, key size, and mode. static void TestSymmetricAlgorithm(const SYMMETRIC_TEST_VECTOR* test, // - TPM_ALG_ID mode // - ) + TPM_ALG_ID mode // +) { static BYTE encrypted[MAX_SYM_BLOCK_SIZE * 2]; static BYTE decrypted[MAX_SYM_BLOCK_SIZE * 2]; @@ -246,30 +246,30 @@ static void TestSymmetricAlgorithm(const SYMMETRIC_TEST_VECTOR* test, // // Encrypt known data CryptSymmetricEncrypt(encrypted, - test->alg, - test->keyBits, - test->key, - &iv, - mode, - test->dataInOutSize, - test->dataIn); + test->alg, + test->keyBits, + test->key, + &iv, + mode, + test->dataInOutSize, + test->dataIn); // Check that it matches the expected value if(!MemoryEqual( - encrypted, test->dataOut[mode - TPM_ALG_CTR], test->dataInOutSize)) - SELF_TEST_FAILURE; + encrypted, test->dataOut[mode - TPM_ALG_CTR], test->dataInOutSize)) + SELF_TEST_FAILURE; // Reinitialize the iv for decryption MakeIv(mode, test->ivSize, iv.t.buffer); CryptSymmetricDecrypt(decrypted, - test->alg, - test->keyBits, - test->key, - &iv, - mode, - test->dataInOutSize, - test->dataOut[mode - TPM_ALG_CTR]); + test->alg, + test->keyBits, + test->key, + &iv, + mode, + test->dataInOutSize, + test->dataOut[mode - TPM_ALG_CTR]); // Make sure that it matches what we started with if(!MemoryEqual(decrypted, test->dataIn, test->dataInOutSize)) - SELF_TEST_FAILURE; + SELF_TEST_FAILURE; } //*** AllSymsAreDone() @@ -294,8 +294,8 @@ static BOOL AllModesAreDone(ALGORITHM_VECTOR* toTest) { TPM_ALG_ID alg; for(alg = SYM_MODE_FIRST; alg <= SYM_MODE_LAST; alg++) - if(TEST_BOTH(alg)) - return FALSE; + if(TEST_BOTH(alg)) + return FALSE; return TRUE; } @@ -308,65 +308,65 @@ static TPM_RC TestSymmetric(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest) TPM_ALG_ID mode; // if(!TEST_BIT(alg, *toTest)) - return TPM_RC_SUCCESS; - if(alg == TPM_ALG_AES || alg == TPM_ALG_SM4 || alg == TPM_ALG_CAMELLIA || alg == TPM_ALG_TDES) - { - // Will test the algorithm for all modes and key sizes - CLEAR_BOTH(alg); + return TPM_RC_SUCCESS; + if(alg == TPM_ALG_AES || alg == TPM_ALG_SM4 || alg == TPM_ALG_CAMELLIA || alg == TPM_ALG_TDES) // libtpms added TPM_ALG_TDES + { + // Will test the algorithm for all modes and key sizes + CLEAR_BOTH(alg); - // A test this algorithm for all modes - for(index = 0; index < NUM_SYMS; index++) - { - if(c_symTestValues[index].alg == alg) - { - for(mode = SYM_MODE_FIRST; mode <= SYM_MODE_LAST; mode++) - { - if(TEST_BIT(mode, g_implementedAlgorithms)) // libtpms always test implemented modes - TestSymmetricAlgorithm(&c_symTestValues[index], mode); - } - } - } - // if all the symmetric tests are done - if(AllSymsAreDone(toTest)) - { - // all symmetric algorithms tested so no modes should be set - for(alg = SYM_MODE_FIRST; alg <= SYM_MODE_LAST; alg++) - CLEAR_BOTH(alg); - } - } + // A test this algorithm for all modes + for(index = 0; index < NUM_SYMS; index++) + { + if(c_symTestValues[index].alg == alg) + { + for(mode = SYM_MODE_FIRST; mode <= SYM_MODE_LAST; mode++) + { + if(TEST_BIT(mode, g_implementedAlgorithms)) // libtpms always test implemented modes + TestSymmetricAlgorithm(&c_symTestValues[index], mode); + } + } + } + // if all the symmetric tests are done + if(AllSymsAreDone(toTest)) + { + // all symmetric algorithms tested so no modes should be set + for(alg = SYM_MODE_FIRST; alg <= SYM_MODE_LAST; alg++) + CLEAR_BOTH(alg); + } + } else if(SYM_MODE_FIRST <= alg && alg <= SYM_MODE_LAST) - { - // Test this mode for all key sizes and algorithms - for(index = 0; index < NUM_SYMS; index++) - { - // The mode testing only comes into play when doing self tests - // by command. When doing self tests by command, the block ciphers are - // tested first. That means that all of their modes would have been - // tested for all key sizes. If there is no block cipher left to - // test, then clear this mode bit. - if(!TEST_BIT(TPM_ALG_AES, *toTest) && !TEST_BIT(TPM_ALG_SM4, *toTest)) - { - CLEAR_BOTH(alg); - } - else - { - for(index = 0; index < NUM_SYMS; index++) - { - if(TEST_BIT(c_symTestValues[index].alg, *toTest)) - TestSymmetricAlgorithm(&c_symTestValues[index], alg); - } - // have tested this mode for all algorithms - CLEAR_BOTH(alg); - } - } - if(AllModesAreDone(toTest)) - { - CLEAR_BOTH(TPM_ALG_AES); - CLEAR_BOTH(TPM_ALG_SM4); - } - } + { + // Test this mode for all key sizes and algorithms + for(index = 0; index < NUM_SYMS; index++) + { + // The mode testing only comes into play when doing self tests + // by command. When doing self tests by command, the block ciphers are + // tested first. That means that all of their modes would have been + // tested for all key sizes. If there is no block cipher left to + // test, then clear this mode bit. + if(!TEST_BIT(TPM_ALG_AES, *toTest) && !TEST_BIT(TPM_ALG_SM4, *toTest)) + { + CLEAR_BOTH(alg); + } + else + { + for(index = 0; index < NUM_SYMS; index++) + { + if(TEST_BIT(c_symTestValues[index].alg, *toTest)) + TestSymmetricAlgorithm(&c_symTestValues[index], alg); + } + // have tested this mode for all algorithms + CLEAR_BOTH(alg); + } + } + if(AllModesAreDone(toTest)) + { + CLEAR_BOTH(TPM_ALG_AES); + CLEAR_BOTH(TPM_ALG_SM4); + } + } else - pAssert(alg == 0 && alg != 0); + pAssert(alg == 0 && alg != 0); return TPM_RC_SUCCESS; } @@ -399,11 +399,11 @@ static TPM_RC TestSymmetric(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest) static void RsaKeyInitialize(OBJECT* testObject) { MemoryCopy2B(&testObject->publicArea.unique.rsa.b, - (P2B)&c_rsaPublicModulus, - sizeof(c_rsaPublicModulus)); + (P2B)&c_rsaPublicModulus, + sizeof(c_rsaPublicModulus)); MemoryCopy2B(&testObject->sensitive.sensitive.rsa.b, - (P2B)&c_rsaPrivatePrime, - sizeof(testObject->sensitive.sensitive.rsa.t.buffer)); + (P2B)&c_rsaPrivatePrime, + sizeof(testObject->sensitive.sensitive.rsa.t.buffer)); testObject->publicArea.parameters.rsaDetail.keyBits = RSA_TEST_KEY_SIZE * 8; // Use the default exponent testObject->publicArea.parameters.rsaDetail.exponent = 0; @@ -413,8 +413,8 @@ static void RsaKeyInitialize(OBJECT* testObject) //*** TestRsaEncryptDecrypt() // These tests are for a public key encryption that uses a random value. static TPM_RC TestRsaEncryptDecrypt(TPM_ALG_ID scheme, // IN: the scheme - ALGORITHM_VECTOR* toTest // - ) + ALGORITHM_VECTOR* toTest // +) { static TPM2B_PUBLIC_KEY_RSA testInput; static TPM2B_PUBLIC_KEY_RSA testOutput; @@ -432,85 +432,85 @@ static TPM_RC TestRsaEncryptDecrypt(TPM_ALG_ID scheme, // IN: the scheme CLEAR_BOTH(scheme); CLEAR_BOTH(TPM_ALG_NULL); if(scheme == TPM_ALG_NULL) - { - if (RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, // libtpms added begin - RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION)) - return TPM_RC_SUCCESS; // don't test NULL with RSA // libtpms added end - // This is an encryption scheme using the private key without any encoding. - memcpy(testInput.t.buffer, c_RsaTestValue, sizeof(c_RsaTestValue)); - testInput.t.size = sizeof(c_RsaTestValue); - if(TPM_RC_SUCCESS - != CryptRsaEncrypt( - &testOutput, &testInput.b, &testObject, &rsaScheme, NULL, NULL)) - SELF_TEST_FAILURE; - if(!MemoryEqual(testOutput.t.buffer, c_RsaepKvt.buffer, c_RsaepKvt.size)) - SELF_TEST_FAILURE; - MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); - if(TPM_RC_SUCCESS - != CryptRsaDecrypt( - &testOutput.b, &testInput.b, &testObject, &rsaScheme, NULL)) - SELF_TEST_FAILURE; - if(!MemoryEqual(testOutput.t.buffer, c_RsaTestValue, sizeof(c_RsaTestValue))) - SELF_TEST_FAILURE; - } + { + if (RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, // libtpms added begin + RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION)) + return TPM_RC_SUCCESS; // don't test NULL with RSA // libtpms added end + // This is an encryption scheme using the private key without any encoding. + memcpy(testInput.t.buffer, c_RsaTestValue, sizeof(c_RsaTestValue)); + testInput.t.size = sizeof(c_RsaTestValue); + if(TPM_RC_SUCCESS + != CryptRsaEncrypt( + &testOutput, &testInput.b, &testObject, &rsaScheme, NULL, NULL)) + SELF_TEST_FAILURE; + if(!MemoryEqual(testOutput.t.buffer, c_RsaepKvt.buffer, c_RsaepKvt.size)) + SELF_TEST_FAILURE; + MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); + if(TPM_RC_SUCCESS + != CryptRsaDecrypt( + &testOutput.b, &testInput.b, &testObject, &rsaScheme, NULL)) + SELF_TEST_FAILURE; + if(!MemoryEqual(testOutput.t.buffer, c_RsaTestValue, sizeof(c_RsaTestValue))) + SELF_TEST_FAILURE; + } else - { - // TPM_ALG_RSAES: - // This is an decryption scheme using padding according to - // PKCS#1v2.1, 7.2. This padding uses random bits. To test a public - // key encryption that uses random data, encrypt a value and then - // decrypt the value and see that we get the encrypted data back. - // The hash is not used by this encryption so it can be TMP_ALG_NULL + { + // TPM_ALG_RSAES: + // This is an decryption scheme using padding according to + // PKCS#1v2.1, 7.2. This padding uses random bits. To test a public + // key encryption that uses random data, encrypt a value and then + // decrypt the value and see that we get the encrypted data back. + // The hash is not used by this encryption so it can be TMP_ALG_NULL - // TPM_ALG_OAEP: - // This is also an decryption scheme and it also uses a - // pseudo-random - // value. However, this also uses a hash algorithm. So, we may need - // to test that algorithm before use. - if(scheme == TPM_ALG_OAEP) - { - TEST_DEFAULT_TEST_HASH(toTest); - kvtValue = &c_OaepKvt; - testLabel = OAEP_TEST_STRING; - } - else if(scheme == TPM_ALG_RSAES) - { - kvtValue = &c_RsaesKvt; - testLabel = NULL; - } - else - SELF_TEST_FAILURE; - // Only use a digest-size portion of the test value - memcpy(testInput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); - testInput.t.size = DEFAULT_TEST_DIGEST_SIZE; + // TPM_ALG_OAEP: + // This is also an decryption scheme and it also uses a + // pseudo-random + // value. However, this also uses a hash algorithm. So, we may need + // to test that algorithm before use. + if(scheme == TPM_ALG_OAEP) + { + TEST_DEFAULT_TEST_HASH(toTest); + kvtValue = &c_OaepKvt; + testLabel = OAEP_TEST_STRING; + } + else if(scheme == TPM_ALG_RSAES) + { + kvtValue = &c_RsaesKvt; + testLabel = NULL; + } + else + SELF_TEST_FAILURE; + // Only use a digest-size portion of the test value + memcpy(testInput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); + testInput.t.size = DEFAULT_TEST_DIGEST_SIZE; - // See if the encryption works - if(TPM_RC_SUCCESS - != CryptRsaEncrypt( - &testOutput, &testInput.b, &testObject, &rsaScheme, testLabel, NULL)) - SELF_TEST_FAILURE; - MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); - // see if we can decrypt this value and get the original data back - if(TPM_RC_SUCCESS - != CryptRsaDecrypt( - &testOutput.b, &testInput.b, &testObject, &rsaScheme, testLabel)) - SELF_TEST_FAILURE; - // See if the results compare - if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE - || !MemoryEqual( - testOutput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE)) - SELF_TEST_FAILURE; - // Now check that the decryption works on a known value - MemoryCopy2B(&testInput.b, (P2B)kvtValue, sizeof(testInput.t.buffer)); - if(TPM_RC_SUCCESS - != CryptRsaDecrypt( - &testOutput.b, &testInput.b, &testObject, &rsaScheme, testLabel)) - SELF_TEST_FAILURE; - if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE - || !MemoryEqual( - testOutput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE)) - SELF_TEST_FAILURE; - } + // See if the encryption works + if(TPM_RC_SUCCESS + != CryptRsaEncrypt( + &testOutput, &testInput.b, &testObject, &rsaScheme, testLabel, NULL)) + SELF_TEST_FAILURE; + MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); + // see if we can decrypt this value and get the original data back + if(TPM_RC_SUCCESS + != CryptRsaDecrypt( + &testOutput.b, &testInput.b, &testObject, &rsaScheme, testLabel)) + SELF_TEST_FAILURE; + // See if the results compare + if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE + || !MemoryEqual( + testOutput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE)) + SELF_TEST_FAILURE; + // Now check that the decryption works on a known value + MemoryCopy2B(&testInput.b, (P2B)kvtValue, sizeof(testInput.t.buffer)); + if(TPM_RC_SUCCESS + != CryptRsaDecrypt( + &testOutput.b, &testInput.b, &testObject, &rsaScheme, testLabel)) + SELF_TEST_FAILURE; + if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE + || !MemoryEqual( + testOutput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE)) + SELF_TEST_FAILURE; + } return result; } @@ -561,31 +561,31 @@ static TPM_RC TestRsaSignAndVerify(TPM_ALG_ID scheme, ALGORITHM_VECTOR* toTest) // the validation function works. if(TPM_RC_SUCCESS != CryptRsaSign(&testSig, &testObject, &testDigest, NULL)) - SELF_TEST_FAILURE; + SELF_TEST_FAILURE; // For RSASSA, make sure the results is what we are looking for if(testSig.sigAlg == TPM_ALG_RSASSA) - { - if(testSig.signature.rsassa.sig.t.size != RSA_TEST_KEY_SIZE - || !MemoryEqual(c_RsassaKvt.buffer, - testSig.signature.rsassa.sig.t.buffer, - RSA_TEST_KEY_SIZE)) - SELF_TEST_FAILURE; - } + { + if(testSig.signature.rsassa.sig.t.size != RSA_TEST_KEY_SIZE + || !MemoryEqual(c_RsassaKvt.buffer, + testSig.signature.rsassa.sig.t.buffer, + RSA_TEST_KEY_SIZE)) + SELF_TEST_FAILURE; + } // See if the TPM will validate its own signatures if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject, &testDigest)) - SELF_TEST_FAILURE; + SELF_TEST_FAILURE; // If this is RSAPSS, check the verification with known signature // Have to copy because CrytpRsaValidateSignature() eats the signature if(TPM_ALG_RSAPSS == scheme) - { - MemoryCopy2B(&testSig.signature.rsapss.sig.b, - (P2B)&c_RsapssKvt, - sizeof(testSig.signature.rsapss.sig.t.buffer)); - if(TPM_RC_SUCCESS - != CryptRsaValidateSignature(&testSig, &testObject, &testDigest)) - SELF_TEST_FAILURE; - } + { + MemoryCopy2B(&testSig.signature.rsapss.sig.b, + (P2B)&c_RsapssKvt, + sizeof(testSig.signature.rsapss.sig.t.buffer)); + if(TPM_RC_SUCCESS + != CryptRsaValidateSignature(&testSig, &testObject, &testDigest)) + SELF_TEST_FAILURE; + } return result; } @@ -597,35 +597,35 @@ static TPM_RC TestRsa(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest) TPM_RC result = TPM_RC_SUCCESS; // switch(alg) - { - case TPM_ALG_NULL: - // This is the RSAEP/RSADP function. If we are processing a list, don't - // need to test these now because any other test will validate - // RSAEP/RSADP. Can tell this is list of test by checking to see if - // 'toTest' is pointing at g_toTest. If so, this is an isolated test - // an need to go ahead and do the test; - if((toTest == &g_toTest) - || (!TEST_BIT(TPM_ALG_RSASSA, *toTest) - && !TEST_BIT(TPM_ALG_RSAES, *toTest) - && !TEST_BIT(TPM_ALG_RSAPSS, *toTest) - && !TEST_BIT(TPM_ALG_OAEP, *toTest))) - // Not running a list of tests or no other tests on the list - // so run the test now - result = TestRsaEncryptDecrypt(alg, toTest); - // if not running the test now, leave the bit on, just in case things - // get interrupted - break; - case TPM_ALG_OAEP: - case TPM_ALG_RSAES: - result = TestRsaEncryptDecrypt(alg, toTest); - break; - case TPM_ALG_RSAPSS: - case TPM_ALG_RSASSA: - result = TestRsaSignAndVerify(alg, toTest); - break; - default: - SELF_TEST_FAILURE; - } + { + case TPM_ALG_NULL: + // This is the RSAEP/RSADP function. If we are processing a list, don't + // need to test these now because any other test will validate + // RSAEP/RSADP. Can tell this is list of test by checking to see if + // 'toTest' is pointing at g_toTest. If so, this is an isolated test + // an need to go ahead and do the test; + if((toTest == &g_toTest) + || (!TEST_BIT(TPM_ALG_RSASSA, *toTest) + && !TEST_BIT(TPM_ALG_RSAES, *toTest) + && !TEST_BIT(TPM_ALG_RSAPSS, *toTest) + && !TEST_BIT(TPM_ALG_OAEP, *toTest))) + // Not running a list of tests or no other tests on the list + // so run the test now + result = TestRsaEncryptDecrypt(alg, toTest); + // if not running the test now, leave the bit on, just in case things + // get interrupted + break; + case TPM_ALG_OAEP: + case TPM_ALG_RSAES: + result = TestRsaEncryptDecrypt(alg, toTest); + break; + case TPM_ALG_RSAPSS: + case TPM_ALG_RSASSA: + result = TestRsaSignAndVerify(alg, toTest); + break; + default: + SELF_TEST_FAILURE; + } return result; } @@ -638,16 +638,16 @@ static TPM_RC TestRsa(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest) //*** LoadEccParameter() // This function is mostly for readability and type checking static void LoadEccParameter(TPM2B_ECC_PARAMETER* to, // target - const TPM2B_EC_TEST* from // source - ) + const TPM2B_EC_TEST* from // source +) { MemoryCopy2B(&to->b, &from->b, sizeof(to->t.buffer)); } //*** LoadEccPoint() static void LoadEccPoint(TPMS_ECC_POINT* point, // target - const TPM2B_EC_TEST* x, // source - const TPM2B_EC_TEST* y) + const TPM2B_EC_TEST* x, // source + const TPM2B_EC_TEST* y) { MemoryCopy2B(&point->x.b, (TPM2B*)x, sizeof(point->x.t.buffer)); MemoryCopy2B(&point->y.b, (TPM2B*)y, sizeof(point->y.t.buffer)); @@ -656,8 +656,8 @@ static void LoadEccPoint(TPMS_ECC_POINT* point, // target //*** TestECDH() // This test does a KVT on a point multiply. static TPM_RC TestECDH(TPM_ALG_ID scheme, // IN: for consistency - ALGORITHM_VECTOR* toTest // IN/OUT: modified after test is run - ) + ALGORITHM_VECTOR* toTest // IN/OUT: modified after test is run +) { static TPMS_ECC_POINT Z; static TPMS_ECC_POINT Qe; @@ -669,10 +669,10 @@ static TPM_RC TestECDH(TPM_ALG_ID scheme, // IN: for consistency LoadEccParameter(&ds, &c_ecTestKey_ds); LoadEccPoint(&Qe, &c_ecTestKey_QeX, &c_ecTestKey_QeY); if(TPM_RC_SUCCESS != CryptEccPointMultiply(&Z, c_testCurve, &Qe, &ds, NULL, NULL)) - SELF_TEST_FAILURE; + SELF_TEST_FAILURE; if(!MemoryEqual2B(&c_ecTestEcdh_X.b, &Z.x.b) || !MemoryEqual2B(&c_ecTestEcdh_Y.b, &Z.y.b)) - SELF_TEST_FAILURE; + SELF_TEST_FAILURE; return result; } @@ -694,56 +694,56 @@ static TPM_RC TestEccSignAndVerify(TPM_ALG_ID scheme, ALGORITHM_VECTOR* toTest) // ECC signature verification testing uses a KVT. switch(scheme) - { - case TPM_ALG_ECDSA: - LoadEccParameter(&testSig.signature.ecdsa.signatureR, &c_TestEcDsa_r); - LoadEccParameter(&testSig.signature.ecdsa.signatureS, &c_TestEcDsa_s); - break; - case TPM_ALG_ECSCHNORR: - LoadEccParameter(&testSig.signature.ecschnorr.signatureR, - &c_TestEcSchnorr_r); - LoadEccParameter(&testSig.signature.ecschnorr.signatureS, - &c_TestEcSchnorr_s); - break; - case TPM_ALG_SM2: - // don't have a test for SM2 - return TPM_RC_SUCCESS; - default: - SELF_TEST_FAILURE; - break; - } + { + case TPM_ALG_ECDSA: + LoadEccParameter(&testSig.signature.ecdsa.signatureR, &c_TestEcDsa_r); + LoadEccParameter(&testSig.signature.ecdsa.signatureS, &c_TestEcDsa_s); + break; + case TPM_ALG_ECSCHNORR: + LoadEccParameter(&testSig.signature.ecschnorr.signatureR, + &c_TestEcSchnorr_r); + LoadEccParameter(&testSig.signature.ecschnorr.signatureS, + &c_TestEcSchnorr_s); + break; + case TPM_ALG_SM2: + // don't have a test for SM2 + return TPM_RC_SUCCESS; + default: + SELF_TEST_FAILURE; + break; + } TEST_DEFAULT_TEST_HASH(toTest); // Have to copy the key. This is because the size used in the test vectors // is the size of the ECC parameter for the test key while the size of a point // is TPM dependent MemoryCopy2B(&testObject.sensitive.sensitive.ecc.b, - &c_ecTestKey_ds.b, - sizeof(testObject.sensitive.sensitive.ecc.t.buffer)); + &c_ecTestKey_ds.b, + sizeof(testObject.sensitive.sensitive.ecc.t.buffer)); LoadEccPoint( - &testObject.publicArea.unique.ecc, &c_ecTestKey_QsX, &c_ecTestKey_QsY); + &testObject.publicArea.unique.ecc, &c_ecTestKey_QsX, &c_ecTestKey_QsY); testObject.publicArea.parameters.eccDetail.curveID = c_testCurve; if(TPM_RC_SUCCESS != CryptEccValidateSignature( - &testSig, &testObject, (TPM2B_DIGEST*)&c_ecTestValue.b)) - { - SELF_TEST_FAILURE; - } + &testSig, &testObject, (TPM2B_DIGEST*)&c_ecTestValue.b)) + { + SELF_TEST_FAILURE; + } CHECK_CANCELED; // Now sign and verify some data if(TPM_RC_SUCCESS != CryptEccSign( - &testSig, &testObject, (TPM2B_DIGEST*)&c_ecTestValue, &eccScheme, NULL)) - SELF_TEST_FAILURE; + &testSig, &testObject, (TPM2B_DIGEST*)&c_ecTestValue, &eccScheme, NULL)) + SELF_TEST_FAILURE; CHECK_CANCELED; if(TPM_RC_SUCCESS != CryptEccValidateSignature( - &testSig, &testObject, (TPM2B_DIGEST*)&c_ecTestValue)) - SELF_TEST_FAILURE; + &testSig, &testObject, (TPM2B_DIGEST*)&c_ecTestValue)) + SELF_TEST_FAILURE; CHECK_CANCELED; @@ -759,17 +759,17 @@ static TPM_RC TestKDFa(ALGORITHM_VECTOR* toTest) CLEAR_BOTH(TPM_ALG_KDF1_SP800_108); keyOut.t.size = CryptKDFa(KDF_TEST_ALG, - &c_kdfTestKeyIn.b, - &c_kdfTestLabel.b, - &c_kdfTestContextU.b, - &c_kdfTestContextV.b, - TEST_KDF_KEY_SIZE * 8, - keyOut.t.buffer, - &counter, - FALSE); + &c_kdfTestKeyIn.b, + &c_kdfTestLabel.b, + &c_kdfTestContextU.b, + &c_kdfTestContextV.b, + TEST_KDF_KEY_SIZE * 8, + keyOut.t.buffer, + &counter, + FALSE); if(keyOut.t.size != TEST_KDF_KEY_SIZE || !MemoryEqual(keyOut.t.buffer, c_kdfTestKeyOut.t.buffer, TEST_KDF_KEY_SIZE)) - SELF_TEST_FAILURE; + SELF_TEST_FAILURE; return TPM_RC_SUCCESS; } @@ -780,30 +780,30 @@ static TPM_RC TestEcc(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest) TPM_RC result = TPM_RC_SUCCESS; NOT_REFERENCED(toTest); switch(alg) - { - case TPM_ALG_ECC: - case TPM_ALG_ECDH: - // If this is in a loop then see if another test is going to deal with - // this. - // If toTest is not a self-test list - if((toTest == &g_toTest) - // or this is the only ECC test in the list - || !(TEST_BIT(TPM_ALG_ECDSA, *toTest) - || TEST_BIT(TPM_ALG_ECSCHNORR, *toTest) // libtpms: fixed - || TEST_BIT(TPM_ALG_SM2, *toTest))) - { - result = TestECDH(alg, toTest); - } - break; - case TPM_ALG_ECDSA: - case TPM_ALG_ECSCHNORR: - case TPM_ALG_SM2: - result = TestEccSignAndVerify(alg, toTest); - break; - default: - SELF_TEST_FAILURE; - break; - } + { + case TPM_ALG_ECC: + case TPM_ALG_ECDH: + // If this is in a loop then see if another test is going to deal with + // this. + // If toTest is not a self-test list + if((toTest == &g_toTest) + // or this is the only ECC test in the list + || !(TEST_BIT(TPM_ALG_ECDSA, *toTest) + || TEST_BIT(TPM_ALG_ECSCHNORR, *toTest) // libtpms: fixed + || TEST_BIT(TPM_ALG_SM2, *toTest))) + { + result = TestECDH(alg, toTest); + } + break; + case TPM_ALG_ECDSA: + case TPM_ALG_ECSCHNORR: + case TPM_ALG_SM2: + result = TestEccSignAndVerify(alg, toTest); + break; + default: + SELF_TEST_FAILURE; + break; + } return result; } @@ -839,7 +839,7 @@ TestAlgorithm(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest) TPM_RC result = TPM_RC_SUCCESS; if(toTest == NULL) - toTest = &g_toTest; + toTest = &g_toTest; // This is kind of strange. This function will either run a test of the selected // algorithm or just clear a bit if there is no test for the algorithm. So, @@ -851,153 +851,154 @@ TestAlgorithm(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest) // statement than to have multiple ones to manage whenever an algorithm ID is // added. for(alg = first; (alg <= last); alg++) - { - // if 'alg' was TPM_ALG_ERROR, then we will be cycling through - // values, some of which may not be implemented. If the bit in toTest - // happens to be set, then we could either generated an assert, or just - // silently CLEAR it. Decided to just clear. - if(!TEST_BIT(alg, g_implementedAlgorithms)) - { - CLEAR_BIT(alg, *toTest); - continue; - } - // Process whatever is left. - // NOTE: since this switch will only be called if the algorithm is - // implemented, it is not necessary to modify this list except to comment - // out the algorithms for which there is no test - switch(alg) - { - // Symmetric block ciphers + { + // if 'alg' was TPM_ALG_ERROR, then we will be cycling through + // values, some of which may not be implemented. If the bit in toTest + // happens to be set, then we could either generated an assert, or just + // silently CLEAR it. Decided to just clear. + if(!TEST_BIT(alg, g_implementedAlgorithms)) + { + CLEAR_BIT(alg, *toTest); + continue; + } + // Process whatever is left. + // NOTE: since this switch will only be called if the algorithm is + // implemented, it is not necessary to modify this list except to comment + // out the algorithms for which there is no test + switch(alg) + { + // Symmetric block ciphers # if ALG_AES - case TPM_ALG_AES: + case TPM_ALG_AES: // libtpms added begin # if SMAC_IMPLEMENTED && ALG_CMAC - if (doTest) { - result = TestSMAC(toTest); - if (result != TPM_RC_SUCCESS) - break; - } + if (doTest) + { + result = TestSMAC(toTest); + if (result != TPM_RC_SUCCESS) + break; + } # endif // libtpms added end # endif # if ALG_SM4 - // if SM4 is implemented, its test is like other block ciphers but there - // aren't any test vectors for it yet - case TPM_ALG_SM4: /* libtpms changed */ + // if SM4 is implemented, its test is like other block ciphers but there + // aren't any test vectors for it yet + case TPM_ALG_SM4: /* libtpms changed */ # endif // ALG_SM4 # if ALG_CAMELLIA - /* fallthrough */ - case TPM_ALG_CAMELLIA: // libtpms activated + /* fallthrough */ + case TPM_ALG_CAMELLIA: // libtpms activated # endif # if ALG_TDES - case TPM_ALG_TDES: // libtpms added + case TPM_ALG_TDES: // libtpms added # endif - // Symmetric modes + // Symmetric modes # if !ALG_CFB # error CFB is required in all TPM implementations # endif // !ALG_CFB - case TPM_ALG_CFB: - if(doTest) - result = TestSymmetric(alg, toTest); - break; + case TPM_ALG_CFB: + if(doTest) + result = TestSymmetric(alg, toTest); + break; # if ALG_CTR - case TPM_ALG_CTR: + case TPM_ALG_CTR: # endif // ALG_CRT # if ALG_OFB - case TPM_ALG_OFB: + case TPM_ALG_OFB: # endif // ALG_OFB # if ALG_CBC - case TPM_ALG_CBC: + case TPM_ALG_CBC: # endif // ALG_CBC # if ALG_ECB - case TPM_ALG_ECB: + case TPM_ALG_ECB: # endif - if(doTest) - result = TestSymmetric(alg, toTest); - else - // If doing the initialization of g_toTest vector, only need - // to test one of the modes for the symmetric algorithms. If - // initializing for a SelfTest(FULL_TEST), allow all the modes. - if(toTest == &g_toTest) - CLEAR_BIT(alg, *toTest); - break; + if(doTest) + result = TestSymmetric(alg, toTest); + else + // If doing the initialization of g_toTest vector, only need + // to test one of the modes for the symmetric algorithms. If + // initializing for a SelfTest(FULL_TEST), allow all the modes. + if(toTest == &g_toTest) + CLEAR_BIT(alg, *toTest); + break; # if !ALG_HMAC # error HMAC is required in all TPM implementations # endif - case TPM_ALG_HMAC: - // Clear the bit that indicates that HMAC is required because - // HMAC is used as the basic test for all hash algorithms. - CLEAR_BOTH(alg); - // Testing HMAC means test the default hash - if(doTest) - TestHash(DEFAULT_TEST_HASH, toTest); - else - // If not testing, then indicate that the hash needs to be - // tested because this uses HMAC - SET_BOTH(DEFAULT_TEST_HASH); - break; - // Have to use two arguments for the macro even though only the first is used in the - // expansion. + case TPM_ALG_HMAC: + // Clear the bit that indicates that HMAC is required because + // HMAC is used as the basic test for all hash algorithms. + CLEAR_BOTH(alg); + // Testing HMAC means test the default hash + if(doTest) + TestHash(DEFAULT_TEST_HASH, toTest); + else + // If not testing, then indicate that the hash needs to be + // tested because this uses HMAC + SET_BOTH(DEFAULT_TEST_HASH); + break; +// Have to use two arguments for the macro even though only the first is used in the +// expansion. # define HASH_CASE_TEST(HASH, hash) case ALG_##HASH##_VALUE: - FOR_EACH_HASH(HASH_CASE_TEST) + FOR_EACH_HASH(HASH_CASE_TEST) # undef HASH_CASE_TEST - if(doTest) - result = TestHash(alg, toTest); - break; - // RSA-dependent + if(doTest) + result = TestHash(alg, toTest); + break; + // RSA-dependent # if ALG_RSA - case TPM_ALG_RSA: - CLEAR_BOTH(alg); - if(doTest) - result = TestRsa(TPM_ALG_NULL, toTest); - else - SET_BOTH(TPM_ALG_NULL); - break; - case TPM_ALG_RSASSA: - case TPM_ALG_RSAES: - case TPM_ALG_RSAPSS: - case TPM_ALG_OAEP: - case TPM_ALG_NULL: // used or RSADP - if(doTest) - result = TestRsa(alg, toTest); - break; + case TPM_ALG_RSA: + CLEAR_BOTH(alg); + if(doTest) + result = TestRsa(TPM_ALG_NULL, toTest); + else + SET_BOTH(TPM_ALG_NULL); + break; + case TPM_ALG_RSASSA: + case TPM_ALG_RSAES: + case TPM_ALG_RSAPSS: + case TPM_ALG_OAEP: + case TPM_ALG_NULL: // used or RSADP + if(doTest) + result = TestRsa(alg, toTest); + break; # endif // ALG_RSA # if ALG_KDF1_SP800_108 - case TPM_ALG_KDF1_SP800_108: - if(doTest) - result = TestKDFa(toTest); - break; + case TPM_ALG_KDF1_SP800_108: + if(doTest) + result = TestKDFa(toTest); + break; # endif // ALG_KDF1_SP800_108 # if ALG_ECC - // ECC dependent but no tests - // case TPM_ALG_ECDAA: - // case TPM_ALG_ECMQV: - // case TPM_ALG_KDF1_SP800_56a: - // case TPM_ALG_KDF2: - // case TPM_ALG_MGF1: - case TPM_ALG_ECC: - CLEAR_BOTH(alg); - if(doTest) - result = TestEcc(TPM_ALG_ECDH, toTest); - else - SET_BOTH(TPM_ALG_ECDH); - break; - case TPM_ALG_ECDSA: - case TPM_ALG_ECDH: - case TPM_ALG_ECSCHNORR: - // case TPM_ALG_SM2: - if(doTest) - result = TestEcc(alg, toTest); - break; + // ECC dependent but no tests + // case TPM_ALG_ECDAA: + // case TPM_ALG_ECMQV: + // case TPM_ALG_KDF1_SP800_56a: + // case TPM_ALG_KDF2: + // case TPM_ALG_MGF1: + case TPM_ALG_ECC: + CLEAR_BOTH(alg); + if(doTest) + result = TestEcc(TPM_ALG_ECDH, toTest); + else + SET_BOTH(TPM_ALG_ECDH); + break; + case TPM_ALG_ECDSA: + case TPM_ALG_ECDH: + case TPM_ALG_ECSCHNORR: + // case TPM_ALG_SM2: + if(doTest) + result = TestEcc(alg, toTest); + break; # endif // ALG_ECC - default: - CLEAR_BIT(alg, *toTest); - break; - } - if(result != TPM_RC_SUCCESS) - break; - } + default: + CLEAR_BIT(alg, *toTest); + break; + } + if(result != TPM_RC_SUCCESS) + break; + } return result; } -#endif // ENABLE_SELF_TESTS +#endif // SELF_TESTS diff --git a/src/tpm2/AlgorithmTests_fp.h b/src/tpm2/AlgorithmTests_fp.h index 5981b991..5e76d373 100644 --- a/src/tpm2/AlgorithmTests_fp.h +++ b/src/tpm2/AlgorithmTests_fp.h @@ -58,17 +58,38 @@ /* */ /********************************************************************************/ -#ifndef ALGORITHMTESTS_FP_H -#define ALGORITHMTESTS_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 4, 2020 Time: 02:36:44PM + */ + +#ifndef _ALGORITHM_TESTS_FP_H_ +#define _ALGORITHM_TESTS_FP_H_ #if ENABLE_SELF_TESTS +//*** TestAlgorithm() +// Dispatches to the correct test function for the algorithm or gets a list of +// testable algorithms. +// +// If 'toTest' is not NULL, then the test decisions are based on the algorithm +// selections in 'toTest'. Otherwise, 'g_toTest' is used. When bits are clear in +// 'g_toTest' they will also be cleared 'toTest'. +// +// If there doesn't happen to be a test for the algorithm, its associated bit is +// quietly cleared. +// +// If 'alg' is zero (TPM_ALG_ERROR), then the toTest vector is cleared of any bits +// for which there is no test (i.e. no tests are actually run but the vector is +// cleared). +// +// Note: 'toTest' will only ever have bits set for implemented algorithms but 'alg' +// can be anything. +// Return Type: TPM_RC +// TPM_RC_CANCELED test was canceled LIB_EXPORT TPM_RC -TestAlgorithm( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ); - +TestAlgorithm(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest); #endif // ENABLE_SELF_TESTS -#endif // ALGORITHMTESTS_FP_H + +#endif // _ALGORITHM_TESTS_FP_H_ diff --git a/src/tpm2/Attest_spt.c b/src/tpm2/Attest_spt.c index 0b8d29c8..12bccad5 100644 --- a/src/tpm2/Attest_spt.c +++ b/src/tpm2/Attest_spt.c @@ -59,151 +59,172 @@ /* */ /********************************************************************************/ +//** Includes #include "Tpm.h" #include "Attest_spt_fp.h" -/* 7.2.2 Functions */ -/* 7.2.2.1 FillInAttestInfo() */ -/* Fill in common fields of TPMS_ATTEST structure. */ -void -FillInAttestInfo( - TPMI_DH_OBJECT signHandle, // IN: handle of signing object - TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing - TPM2B_DATA *data, // IN: qualifying data - TPMS_ATTEST *attest // OUT: attest structure - ) +#include "Marshal.h" + +//** Functions + +//***FillInAttestInfo() +// Fill in common fields of TPMS_ATTEST structure. +void FillInAttestInfo( + TPMI_DH_OBJECT signHandle, // IN: handle of signing object + TPMT_SIG_SCHEME* scheme, // IN/OUT: scheme to be used for signing + TPM2B_DATA* data, // IN: qualifying data + TPMS_ATTEST* attest // OUT: attest structure +) { - OBJECT *signObject = HandleToObject(signHandle); + OBJECT* signObject = HandleToObject(signHandle); + // Magic number attest->magic = TPM_GENERATED_VALUE; + if(signObject == NULL) - { - // The name for a null handle is TPM_RH_NULL - // This is defined because UINT32_TO_BYTE_ARRAY does a cast. If the - // size of the cast is smaller than a constant, the compiler warns - // about the truncation of a constant value. - TPM_HANDLE nullHandle = TPM_RH_NULL; - attest->qualifiedSigner.t.size = sizeof(TPM_HANDLE); - UINT32_TO_BYTE_ARRAY(nullHandle, attest->qualifiedSigner.t.name); - } + { + // The name for a null handle is TPM_RH_NULL + // This is defined because UINT32_TO_BYTE_ARRAY does a cast. If the + // size of the cast is smaller than a constant, the compiler warns + // about the truncation of a constant value. + TPM_HANDLE nullHandle = TPM_RH_NULL; + attest->qualifiedSigner.t.size = sizeof(TPM_HANDLE); + UINT32_TO_BYTE_ARRAY(nullHandle, attest->qualifiedSigner.t.name); + } else - { - // Certifying object qualified name - // if the scheme is anonymous, this is an empty buffer - if(CryptIsSchemeAnonymous(scheme->scheme)) - attest->qualifiedSigner.t.size = 0; - else - attest->qualifiedSigner = signObject->qualifiedName; - } + { + // Certifying object qualified name + // if the scheme is anonymous, this is an empty buffer + if(CryptIsSchemeAnonymous(scheme->scheme)) + attest->qualifiedSigner.t.size = 0; + else + attest->qualifiedSigner = signObject->qualifiedName; + } // current clock in plain text TimeFillInfo(&attest->clockInfo); + // Firmware version in plain text attest->firmwareVersion = ((UINT64)gp.firmwareV1 << (sizeof(UINT32) * 8)); attest->firmwareVersion += gp.firmwareV2; + // Check the hierarchy of sign object. For NULL sign handle, the hierarchy // will be TPM_RH_NULL if((signObject == NULL) || (!signObject->attributes.epsHierarchy - && !signObject->attributes.ppsHierarchy)) - { - // For signing key that is not in platform or endorsement hierarchy, - // obfuscate the reset, restart and firmware version information - UINT64 obfuscation[2]; - CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &gp.shProof.b, OBFUSCATE_STRING, - &attest->qualifiedSigner.b, NULL, 128, - (BYTE *)&obfuscation[0], NULL, FALSE); - // Obfuscate data - attest->firmwareVersion += obfuscation[0]; - attest->clockInfo.resetCount += (UINT32)(obfuscation[1] >> 32); - attest->clockInfo.restartCount += (UINT32)obfuscation[1]; - } + && !signObject->attributes.ppsHierarchy)) + { + // For signing key that is not in platform or endorsement hierarchy, + // obfuscate the reset, restart and firmware version information + UINT64 obfuscation[2]; + CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, + &gp.shProof.b, + OBFUSCATE_STRING, + &attest->qualifiedSigner.b, + NULL, + 128, + (BYTE*)&obfuscation[0], + NULL, + FALSE); + // Obfuscate data + attest->firmwareVersion += obfuscation[0]; + attest->clockInfo.resetCount += (UINT32)(obfuscation[1] >> 32); + attest->clockInfo.restartCount += (UINT32)obfuscation[1]; + } // External data if(CryptIsSchemeAnonymous(scheme->scheme)) - attest->extraData.t.size = 0; + attest->extraData.t.size = 0; else - { - // If we move the data to the attestation structure, then it is not - // used in the signing operation except as part of the signed data - attest->extraData = *data; - data->t.size = 0; - } -} -/* 7.2.2.2 SignAttestInfo() */ -/* Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature is returned. */ -/* Error Returns Meaning */ -/* TPM_RC_ATTRIBUTES signHandle references not a signing key */ -/* TPM_RC_SCHEME scheme is not compatible with signHandle type */ -/* TPM_RC_VALUE digest generated for the given scheme is greater than the modulus of signHandle (for - an RSA key); invalid commit status or failed to generate r value (for an ECC key) */ -TPM_RC -SignAttestInfo( - OBJECT *signKey, // IN: sign object - TPMT_SIG_SCHEME *scheme, // IN: sign scheme - TPMS_ATTEST *certifyInfo, // IN: the data to be signed - TPM2B_DATA *qualifyingData, // IN: extra data for the signing - // process - TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be - // signed - TPMT_SIGNATURE *signature // OUT: signature - ) -{ - BYTE *buffer; - HASH_STATE hashState; - TPM2B_DIGEST digest; - TPM_RC result; - // Marshal TPMS_ATTEST structure for hash - buffer = attest->t.attestationData; - attest->t.size = TPMS_ATTEST_Marshal(certifyInfo, &buffer, NULL); - if(signKey == NULL) - { - signature->sigAlg = TPM_ALG_NULL; - result = TPM_RC_SUCCESS; - } - else - { - TPMI_ALG_HASH hashAlg; - // Compute hash - hashAlg = scheme->details.any.hashAlg; - // need to set the receive buffer to get something put in it - digest.t.size = sizeof(digest.t.buffer); - digest.t.size = CryptHashBlock(hashAlg, attest->t.size, - attest->t.attestationData, - digest.t.size, digest.t.buffer); - // If there is qualifying data, need to rehash the data - // hash(qualifyingData || hash(attestationData)) - if(qualifyingData->t.size != 0) - { - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate2B(&hashState, &qualifyingData->b); - CryptDigestUpdate2B(&hashState, &digest.b); - CryptHashEnd2B(&hashState, &digest.b); - } - // Sign the hash. A TPM_RC_VALUE, TPM_RC_SCHEME, or - // TPM_RC_ATTRIBUTES error may be returned at this point - result = CryptSign(signKey, scheme, &digest, signature); - // Since the clock is used in an attestation, the state in NV is no longer - // "orderly" with respect to the data in RAM if the signature is valid - if(result == TPM_RC_SUCCESS) - { - // Command uses the clock so need to clear the orderly state if it is - // set. - result = NvClearOrderly(); - } - } - return result; -} -/* 7.2.2.3 IsSigningObject() */ -/* Checks to see if the object is OK for signing. This is here rather than in Object_spt.c because - all the attestation commands use this file but not Object_spt.c. */ -/* Return Values Meaning */ -/* TRUE object may sign */ -/* FALSE object may not sign */ -BOOL -IsSigningObject( - OBJECT *object // IN: - ) -{ - return ((object == NULL) - || ((IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign) - && object->publicArea.type != TPM_ALG_SYMCIPHER))); + { + // If we move the data to the attestation structure, then it is not + // used in the signing operation except as part of the signed data + attest->extraData = *data; + data->t.size = 0; + } } +//***SignAttestInfo() +// Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature +// is returned. +// +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'signHandle' references not a signing key +// TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type +// TPM_RC_VALUE digest generated for the given 'scheme' is greater than +// the modulus of 'signHandle' (for an RSA key); +// invalid commit status or failed to generate "r" value +// (for an ECC key) +TPM_RC +SignAttestInfo(OBJECT* signKey, // IN: sign object + TPMT_SIG_SCHEME* scheme, // IN: sign scheme + TPMS_ATTEST* certifyInfo, // IN: the data to be signed + TPM2B_DATA* qualifyingData, // IN: extra data for the signing + // process + TPM2B_ATTEST* attest, // OUT: marshaled attest blob to be + // signed + TPMT_SIGNATURE* signature // OUT: signature +) +{ + BYTE* buffer; + HASH_STATE hashState; + TPM2B_DIGEST digest; + TPM_RC result; + + // Marshal TPMS_ATTEST structure for hash + buffer = attest->t.attestationData; + attest->t.size = TPMS_ATTEST_Marshal(certifyInfo, &buffer, NULL); + + if(signKey == NULL) + { + signature->sigAlg = TPM_ALG_NULL; + result = TPM_RC_SUCCESS; + } + else + { + TPMI_ALG_HASH hashAlg; + // Compute hash + hashAlg = scheme->details.any.hashAlg; + // need to set the receive buffer to get something put in it + digest.t.size = sizeof(digest.t.buffer); + digest.t.size = CryptHashBlock(hashAlg, + attest->t.size, + attest->t.attestationData, + digest.t.size, + digest.t.buffer); + // If there is qualifying data, need to rehash the data + // hash(qualifyingData || hash(attestationData)) + if(qualifyingData->t.size != 0) + { + CryptHashStart(&hashState, hashAlg); + CryptDigestUpdate2B(&hashState, &qualifyingData->b); + CryptDigestUpdate2B(&hashState, &digest.b); + CryptHashEnd2B(&hashState, &digest.b); + } + // Sign the hash. A TPM_RC_VALUE, TPM_RC_SCHEME, or + // TPM_RC_ATTRIBUTES error may be returned at this point + result = CryptSign(signKey, scheme, &digest, signature); + + // Since the clock is used in an attestation, the state in NV is no longer + // "orderly" with respect to the data in RAM if the signature is valid + if(result == TPM_RC_SUCCESS) + { + // Command uses the clock so need to clear the orderly state if it is + // set. + result = NvClearOrderly(); + } + } + return result; +} + +//*** IsSigningObject() +// Checks to see if the object is OK for signing. This is here rather than in +// Object_spt.c because all the attestation commands use this file but not +// Object_spt.c. +// Return Type: BOOL +// TRUE(1) object may sign +// FALSE(0) object may not sign +BOOL IsSigningObject(OBJECT* object // IN: +) +{ + return ((object == NULL) + || ((IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign) + && object->publicArea.type != TPM_ALG_SYMCIPHER))); +} diff --git a/src/tpm2/Attest_spt_fp.h b/src/tpm2/Attest_spt_fp.h index 25add179..fbb4a538 100644 --- a/src/tpm2/Attest_spt_fp.h +++ b/src/tpm2/Attest_spt_fp.h @@ -59,34 +59,53 @@ /* */ /********************************************************************************/ -#ifndef ATTEST_SPT_FP_H -#define ATTEST_SPT_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ -void -FillInAttestInfo( - TPMI_DH_OBJECT signHandle, // IN: handle of signing object - TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing - TPM2B_DATA *data, // IN: qualifying data - TPMS_ATTEST *attest // OUT: attest structure - ); +#ifndef _ATTEST_SPT_FP_H_ +#define _ATTEST_SPT_FP_H_ + +//***FillInAttestInfo() +// Fill in common fields of TPMS_ATTEST structure. +void FillInAttestInfo( + TPMI_DH_OBJECT signHandle, // IN: handle of signing object + TPMT_SIG_SCHEME* scheme, // IN/OUT: scheme to be used for signing + TPM2B_DATA* data, // IN: qualifying data + TPMS_ATTEST* attest // OUT: attest structure +); + +//***SignAttestInfo() +// Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature +// is returned. +// +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'signHandle' references not a signing key +// TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type +// TPM_RC_VALUE digest generated for the given 'scheme' is greater than +// the modulus of 'signHandle' (for an RSA key); +// invalid commit status or failed to generate "r" value +// (for an ECC key) TPM_RC -SignAttestInfo( - OBJECT *signKey, // IN: sign object - TPMT_SIG_SCHEME *scheme, // IN: sign scheme - TPMS_ATTEST *certifyInfo, // IN: the data to be signed - TPM2B_DATA *qualifyingData, // IN: extra data for the signing - // process - TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be - // signed - TPMT_SIGNATURE *signature // OUT: signature - ); -BOOL -IsSigningObject( - OBJECT *object // IN: - ); +SignAttestInfo(OBJECT* signKey, // IN: sign object + TPMT_SIG_SCHEME* scheme, // IN: sign scheme + TPMS_ATTEST* certifyInfo, // IN: the data to be signed + TPM2B_DATA* qualifyingData, // IN: extra data for the signing + // process + TPM2B_ATTEST* attest, // OUT: marshaled attest blob to be + // signed + TPMT_SIGNATURE* signature // OUT: signature +); +//*** IsSigningObject() +// Checks to see if the object is OK for signing. This is here rather than in +// Object_spt.c because all the attestation commands use this file but not +// Object_spt.c. +// Return Type: BOOL +// TRUE(1) object may sign +// FALSE(0) object may not sign +BOOL IsSigningObject(OBJECT* object // IN: +); - - - -#endif +#endif // _ATTEST_SPT_FP_H_ diff --git a/src/tpm2/BaseTypes.h b/src/tpm2/BaseTypes.h index b134b22c..43615ab5 100644 --- a/src/tpm2/BaseTypes.h +++ b/src/tpm2/BaseTypes.h @@ -59,27 +59,26 @@ /* */ /********************************************************************************/ -/* 5.2 BaseTypes.h */ -#ifndef BASETYPES_H -#define BASETYPES_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -#include +#ifndef _TPM_INCLUDE_PUBLIC_BASETYPES_H_ +#define _TPM_INCLUDE_PUBLIC_BASETYPES_H_ -/* NULL definition */ +// NULL definition +#ifndef NULL +# define NULL (0) +#endif // NULL -#ifndef NULL -#define NULL (0) -#endif -typedef uint8_t UINT8; -typedef uint8_t BYTE; -typedef int8_t INT8; -typedef int BOOL; -typedef uint16_t UINT16; -typedef int16_t INT16; -typedef uint32_t UINT32; -typedef int32_t INT32; -typedef uint64_t UINT64; -typedef int64_t INT64; +typedef uint8_t UINT8; +typedef uint8_t BYTE; +typedef int8_t INT8; +typedef int BOOL; +typedef uint16_t UINT16; +typedef int16_t INT16; +typedef uint32_t UINT32; +typedef int32_t INT32; +typedef uint64_t UINT64; +typedef int64_t INT64; -#endif +#endif // _TPM_INCLUDE_PUBLIC_BASETYPES_H_ diff --git a/src/tpm2/Bits.c b/src/tpm2/Bits.c index 5fb47851..47bfeff3 100644 --- a/src/tpm2/Bits.c +++ b/src/tpm2/Bits.c @@ -59,55 +59,53 @@ /* */ /********************************************************************************/ -/* 9.2 Bits.c */ -/* 9.2.1 Introduction */ -/* This file contains bit manipulation routines. They operate on bit arrays. */ -/* The 0th bit in the array is the right-most bit in the 0th octet in the array. */ -/* NOTE: If pAssert() is defined, the functions will assert if the indicated bit number is outside - of the range of bArray. How the assert is handled is implementation dependent. */ -/* 9.2.2 Includes */ -#include "Tpm.h" -/* 9.2.3 Functions */ -/* 9.2.3.1 TestBit() */ -/* This function is used to check the setting of a bit in an array of bits. */ -/* Return Values Meaning */ -/* TRUE bit is set */ -/* FALSE bit is not set */ +//** Introduction +// This file contains bit manipulation routines. They operate on bit arrays. +// +// The 0th bit in the array is the right-most bit in the 0th octet in +// the array. +// +// NOTE: If pAssert() is defined, the functions will assert if the indicated bit +// number is outside of the range of 'bArray'. How the assert is handled is +// implementation dependent. -BOOL -TestBit( - unsigned int bitNum, // IN: number of the bit in 'bArray' - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' - ) +//** Includes + +#include "Tpm.h" + +//** Functions + +//*** TestBit() +// This function is used to check the setting of a bit in an array of bits. +// Return Type: BOOL +// TRUE(1) bit is set +// FALSE(0) bit is not set +BOOL TestBit(unsigned int bitNum, // IN: number of the bit in 'bArray' + BYTE* bArray, // IN: array containing the bits + unsigned int bytesInArray // IN: size in bytes of 'bArray' +) { pAssert(bytesInArray > (bitNum >> 3)); - return((bArray[bitNum >> 3] & (1 << (bitNum & 7))) != 0); + return ((bArray[bitNum >> 3] & (1 << (bitNum & 7))) != 0); } -/* 9.2.3.2 SetBit() */ -/* This function will set the indicated bit in bArray. */ - -void -SetBit( - unsigned int bitNum, // IN: number of the bit in 'bArray' - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' - ) +//*** SetBit() +// This function will set the indicated bit in 'bArray'. +void SetBit(unsigned int bitNum, // IN: number of the bit in 'bArray' + BYTE* bArray, // IN: array containing the bits + unsigned int bytesInArray // IN: size in bytes of 'bArray' +) { pAssert(bytesInArray > (bitNum >> 3)); bArray[bitNum >> 3] |= (1 << (bitNum & 7)); } -/* 9.2.3.3 ClearBit() */ -/* This function will clear the indicated bit in bArray. */ - -void -ClearBit( - unsigned int bitNum, // IN: number of the bit in 'bArray'. - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' - ) +//*** ClearBit() +// This function will clear the indicated bit in 'bArray'. +void ClearBit(unsigned int bitNum, // IN: number of the bit in 'bArray'. + BYTE* bArray, // IN: array containing the bits + unsigned int bytesInArray // IN: size in bytes of 'bArray' +) { pAssert(bytesInArray > (bitNum >> 3)); bArray[bitNum >> 3] &= ~(1 << (bitNum & 7)); diff --git a/src/tpm2/Bits_fp.h b/src/tpm2/Bits_fp.h index c4775cd8..2b4810e9 100644 --- a/src/tpm2/Bits_fp.h +++ b/src/tpm2/Bits_fp.h @@ -59,40 +59,36 @@ /* */ /********************************************************************************/ -#ifndef BITS_FP_H -#define BITS_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ -/* 5.3.1 TestBit() */ -/* This function is used to check the setting of a bit in an array of bits. */ -/* Return Value Meaning */ -/* TRUE bit is set */ -/* FALSE bit is not set */ +#ifndef _BITS_FP_H_ +#define _BITS_FP_H_ -BOOL -TestBit( - unsigned int bitNum, // IN: number of the bit in 'bArray' - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' - ); +//*** TestBit() +// This function is used to check the setting of a bit in an array of bits. +// Return Type: BOOL +// TRUE(1) bit is set +// FALSE(0) bit is not set +BOOL TestBit(unsigned int bitNum, // IN: number of the bit in 'bArray' + BYTE* bArray, // IN: array containing the bits + unsigned int bytesInArray // IN: size in bytes of 'bArray' +); -/* 5.3.2 SetBit() */ -/* This function will set the indicated bit in bArray. */ +//*** SetBit() +// This function will set the indicated bit in 'bArray'. +void SetBit(unsigned int bitNum, // IN: number of the bit in 'bArray' + BYTE* bArray, // IN: array containing the bits + unsigned int bytesInArray // IN: size in bytes of 'bArray' +); -void -SetBit( - unsigned int bitNum, // IN: number of the bit in 'bArray' - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' - ); +//*** ClearBit() +// This function will clear the indicated bit in 'bArray'. +void ClearBit(unsigned int bitNum, // IN: number of the bit in 'bArray'. + BYTE* bArray, // IN: array containing the bits + unsigned int bytesInArray // IN: size in bytes of 'bArray' +); -/* 5.3.3 ClearBit() */ -/* This function will clear the indicated bit in bArray. */ - -void -ClearBit( - unsigned int bitNum, // IN: number of the bit in 'bArray'. - BYTE *bArray, // IN: array containing the bits - unsigned int bytesInArray // IN: size in bytes of 'bArray' - ); - -#endif +#endif // _BITS_FP_H_ diff --git a/src/tpm2/BnConvert.c b/src/tpm2/BnConvert.c index 03e902fd..e2bfd305 100644 --- a/src/tpm2/BnConvert.c +++ b/src/tpm2/BnConvert.c @@ -84,32 +84,32 @@ LIB_EXPORT bigNum BnFromBytes(bigNum bn, const BYTE* bytes, NUMBYTES nBytes) // If nothing in, nothing out if(bn == NULL) - return NULL; + return NULL; // make sure things fit pAssert(BnGetAllocated(bn) >= size); if(size > 0) - { - // Clear the topmost word in case it is not filled with data - bn->d[size - 1] = 0; - // Moving the input bytes from the end of the list (LSB) end - pFrom = bytes + nBytes - 1; - // To the LS0 of the LSW of the bigNum. - pTo = (BYTE*)bn->d; - for(; nBytes != 0; nBytes--) - *pTo++ = *pFrom--; - // For a little-endian machine, the conversion is a straight byte - // reversal. For a big-endian machine, we have to put the words in - // big-endian byte order + { + // Clear the topmost word in case it is not filled with data + bn->d[size - 1] = 0; + // Moving the input bytes from the end of the list (LSB) end + pFrom = bytes + nBytes - 1; + // To the LS0 of the LSW of the bigNum. + pTo = (BYTE*)bn->d; + for(; nBytes != 0; nBytes--) + *pTo++ = *pFrom--; + // For a little-endian machine, the conversion is a straight byte + // reversal. For a big-endian machine, we have to put the words in + // big-endian byte order #if BIG_ENDIAN_TPM - { - crypt_word_t t; - for(t = (crypt_word_t)size - 1; t >= 0; t--) - bn->d[t] = SWAP_CRYPT_WORD(bn->d[t]); - } + { + crypt_word_t t; + for(t = (crypt_word_t)size - 1; t >= 0; t--) + bn->d[t] = SWAP_CRYPT_WORD(bn->d[t]); + } #endif - } + } BnSetTop(bn, size); return bn; } @@ -119,11 +119,11 @@ LIB_EXPORT bigNum BnFromBytes(bigNum bn, const BYTE* bytes, NUMBYTES nBytes) // If the input value does not exist, or the output does not exist, or the input // will not fit into the output the function returns NULL LIB_EXPORT bigNum BnFrom2B(bigNum bn, // OUT: - const TPM2B* a2B // IN: number to convert - ) + const TPM2B* a2B // IN: number to convert +) { if(a2B != NULL) - return BnFromBytes(bn, a2B->buffer, a2B->size); + return BnFromBytes(bn, a2B->buffer, a2B->size); // Make sure that the number has an initialized value rather than whatever // was there before BnSetTop(bn, 0); // Function accepts NULL @@ -142,11 +142,11 @@ LIB_EXPORT bigNum BnFrom2B(bigNum bn, // OUT: // unpack each word individually, the bigNum is converted to little-endian words, // copied, and then converted back to big-endian. LIB_EXPORT BOOL BnToBytes(bigConst bn, - BYTE* buffer, - NUMBYTES* size // This the number of bytes that are - // available in the buffer. The result - // should be this big. - ) + BYTE* buffer, + NUMBYTES* size // This the number of bytes that are + // available in the buffer. The result + // should be this big. +) { crypt_uword_t requiredSize; BYTE* pFrom; @@ -158,41 +158,41 @@ LIB_EXPORT BOOL BnToBytes(bigConst bn, requiredSize = (BnSizeInBits(bn) + 7) / 8; if(requiredSize == 0) - { - // If the input value is 0, return a byte of zero - *size = 1; - *buffer = 0; - } + { + // If the input value is 0, return a byte of zero + *size = 1; + *buffer = 0; + } else - { + { #if BIG_ENDIAN_TPM - // Copy the constant input value into a modifiable value - BN_VAR(bnL, LARGEST_NUMBER_BITS * 2); - BnCopy(bnL, bn); - // byte swap the words in the local value to make them little-endian - for(count = 0; count < bnL->size; count++) - bnL->d[count] = SWAP_CRYPT_WORD(bnL->d[count]); - bn = (bigConst)bnL; + // Copy the constant input value into a modifiable value + BN_VAR(bnL, LARGEST_NUMBER_BITS * 2); + BnCopy(bnL, bn); + // byte swap the words in the local value to make them little-endian + for(count = 0; count < bnL->size; count++) + bnL->d[count] = SWAP_CRYPT_WORD(bnL->d[count]); + bn = (bigConst)bnL; #endif - if(*size == 0) - *size = (NUMBYTES)requiredSize; - pAssert(requiredSize <= *size); - // Byte swap the number (not words but the whole value) - count = *size; - // Start from the least significant word and offset to the most significant - // byte which is in some high word - pFrom = (BYTE*)(&bn->d[0]) + requiredSize - 1; - pTo = buffer; + if(*size == 0) + *size = (NUMBYTES)requiredSize; + pAssert(requiredSize <= *size); + // Byte swap the number (not words but the whole value) + count = *size; + // Start from the least significant word and offset to the most significant + // byte which is in some high word + pFrom = (BYTE*)(&bn->d[0]) + requiredSize - 1; + pTo = buffer; - // If the number of output bytes is larger than the number bytes required - // for the input number, pad with zeros - for(count = *size; count > requiredSize; count--) - *pTo++ = 0; - // Move the most significant byte at the end of the BigNum to the next most - // significant byte position of the 2B and repeat for all significant bytes. - for(; requiredSize > 0; requiredSize--) - *pTo++ = *pFrom--; - } + // If the number of output bytes is larger than the number bytes required + // for the input number, pad with zeros + for(count = *size; count > requiredSize; count--) + *pTo++ = 0; + // Move the most significant byte at the end of the BigNum to the next most + // significant byte position of the 2B and repeat for all significant bytes. + for(; requiredSize > 0; requiredSize--) + *pTo++ = *pFrom--; + } return TRUE; } @@ -203,16 +203,16 @@ LIB_EXPORT BOOL BnToBytes(bigConst bn, // is returned. If 'size' is zero, then the TPM2B is assumed to be large enough // for the data and a2b->size will be adjusted accordingly. LIB_EXPORT BOOL BnTo2B(bigConst bn, // IN: - TPM2B* a2B, // OUT: - NUMBYTES size // IN: the desired size - ) + TPM2B* a2B, // OUT: + NUMBYTES size // IN: the desired size +) { // Set the output size if(bn && a2B) - { - a2B->size = size; - return BnToBytes(bn, a2B->buffer, &a2B->size); - } + { + a2B->size = size; + return BnToBytes(bn, a2B->buffer, &a2B->size); + } return FALSE; } @@ -223,21 +223,21 @@ LIB_EXPORT BOOL BnTo2B(bigConst bn, // IN: // A point is going to be two ECC values in the same buffer. The values are going // to be the size of the modulus. They are in modular form. LIB_EXPORT bn_point_t* BnPointFromBytes( - bigPoint ecP, // OUT: the preallocated point structure - const BYTE* x, - NUMBYTES nBytesX, - const BYTE* y, - NUMBYTES nBytesY) + bigPoint ecP, // OUT: the preallocated point structure + const BYTE* x, + NUMBYTES nBytesX, + const BYTE* y, + NUMBYTES nBytesY) { if(x == NULL || y == NULL) - return NULL; + return NULL; if(NULL != ecP) - { - BnFromBytes(ecP->x, x, nBytesX); - BnFromBytes(ecP->y, y, nBytesY); - BnSetWord(ecP->z, 1); - } + { + BnFromBytes(ecP->x, x, nBytesX); + BnFromBytes(ecP->y, y, nBytesY); + BnSetWord(ecP->z, 1); + } return ecP; } @@ -248,11 +248,11 @@ LIB_EXPORT bn_point_t* BnPointFromBytes( // on input the NUMBYTES* parameters indicate the maximum buffer size. // on output, they represent the amount of significant data in that buffer. LIB_EXPORT BOOL BnPointToBytes( - pointConst ecP, // OUT: the preallocated point structure - BYTE* x, - NUMBYTES* pBytesX, - BYTE* y, - NUMBYTES* pBytesY) + pointConst ecP, // OUT: the preallocated point structure + BYTE* x, + NUMBYTES* pBytesX, + BYTE* y, + NUMBYTES* pBytesY) { pAssert(ecP && x && y && pBytesX && pBytesY); pAssert(BnEqualWord(ecP->z, 1)); diff --git a/src/tpm2/BnEccConstants.c b/src/tpm2/BnEccConstants.c index 441aee74..01489c49 100644 --- a/src/tpm2/BnEccConstants.c +++ b/src/tpm2/BnEccConstants.c @@ -93,13 +93,13 @@ # define TO_ECC_528(a, b, c, d, e, f, g, h, i) i, h, g, f, e, d, c, b, a # define TO_ECC_640(a, b, c, d, e, f, g, h, i, j) j, i, h, g, f, e, d, c, b, a -# define BN_MIN_ALLOC(bytes) \ - (BYTES_TO_CRYPT_WORDS(bytes) == 0) ? 1 : BYTES_TO_CRYPT_WORDS(bytes) -# define ECC_CONST(NAME, bytes, initializer) \ - const struct \ - { \ - crypt_uword_t allocate, size, d[BN_MIN_ALLOC(bytes)]; \ - } NAME = {BN_MIN_ALLOC(bytes), BYTES_TO_CRYPT_WORDS(bytes), {initializer}} +# define BN_MIN_ALLOC(bytes) \ + (BYTES_TO_CRYPT_WORDS(bytes) == 0) ? 1 : BYTES_TO_CRYPT_WORDS(bytes) +# define ECC_CONST(NAME, bytes, initializer) \ + const struct \ + { \ + crypt_uword_t allocate, size, d[BN_MIN_ALLOC(bytes)]; \ + } NAME = {BN_MIN_ALLOC(bytes), BYTES_TO_CRYPT_WORDS(bytes), {initializer}} // This file contains the raw data for ECC curve constants. The data is wrapped // in macros so this file can be included in other files that format the data in @@ -110,98 +110,98 @@ # if ECC_NIST_P192 const TPMBN_ECC_CURVE_CONSTANTS NIST_P192 = {TPM_ECC_NIST_P192, - (bigNum)&NIST_P192_p, - (bigNum)&NIST_P192_n, - (bigNum)&NIST_P192_h, - (bigNum)&NIST_P192_a, - (bigNum)&NIST_P192_b, - {(bigNum)&NIST_P192_gX, - (bigNum)&NIST_P192_gY, - (bigNum)&NIST_P192_gZ}}; + (bigNum)&NIST_P192_p, + (bigNum)&NIST_P192_n, + (bigNum)&NIST_P192_h, + (bigNum)&NIST_P192_a, + (bigNum)&NIST_P192_b, + {(bigNum)&NIST_P192_gX, + (bigNum)&NIST_P192_gY, + (bigNum)&NIST_P192_gZ}}; # endif // ECC_NIST_P192 # if ECC_NIST_P224 const TPMBN_ECC_CURVE_CONSTANTS NIST_P224 = {TPM_ECC_NIST_P224, - (bigNum)&NIST_P224_p, - (bigNum)&NIST_P224_n, - (bigNum)&NIST_P224_h, - (bigNum)&NIST_P224_a, - (bigNum)&NIST_P224_b, - {(bigNum)&NIST_P224_gX, - (bigNum)&NIST_P224_gY, - (bigNum)&NIST_P224_gZ}}; + (bigNum)&NIST_P224_p, + (bigNum)&NIST_P224_n, + (bigNum)&NIST_P224_h, + (bigNum)&NIST_P224_a, + (bigNum)&NIST_P224_b, + {(bigNum)&NIST_P224_gX, + (bigNum)&NIST_P224_gY, + (bigNum)&NIST_P224_gZ}}; # endif // ECC_NIST_P224 # if ECC_NIST_P256 const TPMBN_ECC_CURVE_CONSTANTS NIST_P256 = {TPM_ECC_NIST_P256, - (bigNum)&NIST_P256_p, - (bigNum)&NIST_P256_n, - (bigNum)&NIST_P256_h, - (bigNum)&NIST_P256_a, - (bigNum)&NIST_P256_b, - {(bigNum)&NIST_P256_gX, - (bigNum)&NIST_P256_gY, - (bigNum)&NIST_P256_gZ}}; + (bigNum)&NIST_P256_p, + (bigNum)&NIST_P256_n, + (bigNum)&NIST_P256_h, + (bigNum)&NIST_P256_a, + (bigNum)&NIST_P256_b, + {(bigNum)&NIST_P256_gX, + (bigNum)&NIST_P256_gY, + (bigNum)&NIST_P256_gZ}}; # endif // ECC_NIST_P256 # if ECC_NIST_P384 const TPMBN_ECC_CURVE_CONSTANTS NIST_P384 = {TPM_ECC_NIST_P384, - (bigNum)&NIST_P384_p, - (bigNum)&NIST_P384_n, - (bigNum)&NIST_P384_h, - (bigNum)&NIST_P384_a, - (bigNum)&NIST_P384_b, - {(bigNum)&NIST_P384_gX, - (bigNum)&NIST_P384_gY, - (bigNum)&NIST_P384_gZ}}; + (bigNum)&NIST_P384_p, + (bigNum)&NIST_P384_n, + (bigNum)&NIST_P384_h, + (bigNum)&NIST_P384_a, + (bigNum)&NIST_P384_b, + {(bigNum)&NIST_P384_gX, + (bigNum)&NIST_P384_gY, + (bigNum)&NIST_P384_gZ}}; # endif // ECC_NIST_P384 # if ECC_NIST_P521 const TPMBN_ECC_CURVE_CONSTANTS NIST_P521 = {TPM_ECC_NIST_P521, - (bigNum)&NIST_P521_p, - (bigNum)&NIST_P521_n, - (bigNum)&NIST_P521_h, - (bigNum)&NIST_P521_a, - (bigNum)&NIST_P521_b, - {(bigNum)&NIST_P521_gX, - (bigNum)&NIST_P521_gY, - (bigNum)&NIST_P521_gZ}}; + (bigNum)&NIST_P521_p, + (bigNum)&NIST_P521_n, + (bigNum)&NIST_P521_h, + (bigNum)&NIST_P521_a, + (bigNum)&NIST_P521_b, + {(bigNum)&NIST_P521_gX, + (bigNum)&NIST_P521_gY, + (bigNum)&NIST_P521_gZ}}; # endif // ECC_NIST_P521 # if ECC_BN_P256 const TPMBN_ECC_CURVE_CONSTANTS BN_P256 = {TPM_ECC_BN_P256, - (bigNum)&BN_P256_p, - (bigNum)&BN_P256_n, - (bigNum)&BN_P256_h, - (bigNum)&BN_P256_a, - (bigNum)&BN_P256_b, - {(bigNum)&BN_P256_gX, - (bigNum)&BN_P256_gY, - (bigNum)&BN_P256_gZ}}; + (bigNum)&BN_P256_p, + (bigNum)&BN_P256_n, + (bigNum)&BN_P256_h, + (bigNum)&BN_P256_a, + (bigNum)&BN_P256_b, + {(bigNum)&BN_P256_gX, + (bigNum)&BN_P256_gY, + (bigNum)&BN_P256_gZ}}; # endif // ECC_BN_P256 # if ECC_BN_P638 const TPMBN_ECC_CURVE_CONSTANTS BN_P638 = {TPM_ECC_BN_P638, - (bigNum)&BN_P638_p, - (bigNum)&BN_P638_n, - (bigNum)&BN_P638_h, - (bigNum)&BN_P638_a, - (bigNum)&BN_P638_b, - {(bigNum)&BN_P638_gX, - (bigNum)&BN_P638_gY, - (bigNum)&BN_P638_gZ}}; + (bigNum)&BN_P638_p, + (bigNum)&BN_P638_n, + (bigNum)&BN_P638_h, + (bigNum)&BN_P638_a, + (bigNum)&BN_P638_b, + {(bigNum)&BN_P638_gX, + (bigNum)&BN_P638_gY, + (bigNum)&BN_P638_gZ}}; # endif // ECC_BN_P638 # if ECC_SM2_P256 const TPMBN_ECC_CURVE_CONSTANTS SM2_P256 = {TPM_ECC_SM2_P256, - (bigNum)&SM2_P256_p, - (bigNum)&SM2_P256_n, - (bigNum)&SM2_P256_h, - (bigNum)&SM2_P256_a, - (bigNum)&SM2_P256_b, - {(bigNum)&SM2_P256_gX, - (bigNum)&SM2_P256_gY, - (bigNum)&SM2_P256_gZ}}; + (bigNum)&SM2_P256_p, + (bigNum)&SM2_P256_n, + (bigNum)&SM2_P256_h, + (bigNum)&SM2_P256_a, + (bigNum)&SM2_P256_b, + {(bigNum)&SM2_P256_gX, + (bigNum)&SM2_P256_gY, + (bigNum)&SM2_P256_gZ}}; # endif // ECC_SM2_P256 # define comma @@ -240,10 +240,10 @@ MUST_BE((sizeof(bnEccCurveData) / sizeof(bnEccCurveData[0])) == (ECC_CURVE_COUNT const TPMBN_ECC_CURVE_CONSTANTS* BnGetCurveData(TPM_ECC_CURVE curveId) { for(int i = 0; i < ECC_CURVE_COUNT; i++) - { - if(bnEccCurveData[i]->curveId == curveId) - return bnEccCurveData[i]; - } + { + if(bnEccCurveData[i]->curveId == curveId) + return bnEccCurveData[i]; + } return NULL; } diff --git a/src/tpm2/BnMath.c b/src/tpm2/BnMath.c index 31be13d8..34690c25 100644 --- a/src/tpm2/BnMath.c +++ b/src/tpm2/BnMath.c @@ -87,7 +87,7 @@ //** Includes #include "Tpm.h" // libtpms: for CryptRand.h -#include "TpmMath_Util_fp.h" +#include "TpmMath_Util_fp.h" // libtpms: added #include "TpmBigNum.h" extern BOOL g_inFailureMode; // can't use global.h because we can't use tpm.h @@ -107,45 +107,45 @@ const bignum_t BnConstZero = {1, 0, {0}}; // 0 no carry out // 1 carry out static BOOL AddSame(crypt_uword_t* result, - const crypt_uword_t* op1, - const crypt_uword_t* op2, - int count) + const crypt_uword_t* op1, + const crypt_uword_t* op2, + int count) { int carry = 0; int i; for(i = 0; i < count; i++) - { - crypt_uword_t a = op1[i]; - crypt_uword_t sum = a + op2[i]; - result[i] = sum + carry; - // generate a carry if the sum is less than either of the inputs - // propagate a carry if there was a carry and the sum + carry is zero - // do this using bit operations rather than logical operations so that - // the time is about the same. - // propagate term | generate term - carry = ((result[i] == 0) & carry) | (sum < a); - } + { + crypt_uword_t a = op1[i]; + crypt_uword_t sum = a + op2[i]; + result[i] = sum + carry; + // generate a carry if the sum is less than either of the inputs + // propagate a carry if there was a carry and the sum + carry is zero + // do this using bit operations rather than logical operations so that + // the time is about the same. + // propagate term | generate term + carry = ((result[i] == 0) & carry) | (sum < a); + } return carry; } //*** CarryProp() // Propagate a carry static int CarryProp( - crypt_uword_t* result, const crypt_uword_t* op, int count, int carry) + crypt_uword_t* result, const crypt_uword_t* op, int count, int carry) { for(; count; count--) - carry = ((*result++ = *op++ + carry) == 0) & carry; + carry = ((*result++ = *op++ + carry) == 0) & carry; return carry; } static void CarryResolve(bigNum result, int stop, int carry) { if(carry) - { - pAssert((unsigned)stop < result->allocated); - result->d[stop++] = 1; - } + { + pAssert((unsigned)stop < result->allocated); + result->d[stop++] = 1; + } BnSetTop(result, stop); } @@ -160,16 +160,16 @@ LIB_EXPORT BOOL BnAdd(bigNum result, bigConst op1, bigConst op2) // if(n2->size > n1->size) - { - n1 = op2; - n2 = op1; - } + { + n1 = op2; + n2 = op1; + } pAssert(result->allocated >= n1->size); stop = MIN(n1->size, n2->allocated); carry = (int)AddSame(result->d, n1->d, n2->d, (int)stop); if(n1->size > stop) - carry = - CarryProp(&result->d[stop], &n1->d[stop], (int)(n1->size - stop), carry); + carry = + CarryProp(&result->d[stop], &n1->d[stop], (int)(n1->size - stop), carry); CarryResolve(result, (int)n1->size, carry); return TRUE; } @@ -189,20 +189,20 @@ LIB_EXPORT BOOL BnAddWord(bigNum result, bigConst op, crypt_uword_t word) //*** SubSame() // This function subtracts two values that have the same size. static int SubSame(crypt_uword_t* result, - const crypt_uword_t* op1, - const crypt_uword_t* op2, - int count) + const crypt_uword_t* op1, + const crypt_uword_t* op2, + int count) { int borrow = 0; int i; for(i = 0; i < count; i++) - { - crypt_uword_t a = op1[i]; - crypt_uword_t diff = a - op2[i]; - result[i] = diff - borrow; - // generate | propagate - borrow = (diff > a) | ((diff == 0) & borrow); - } + { + crypt_uword_t a = op1[i]; + crypt_uword_t diff = a - op2[i]; + result[i] = diff - borrow; + // generate | propagate + borrow = (diff > a) | ((diff == 0) & borrow); + } return borrow; } @@ -214,10 +214,10 @@ static int SubSame(crypt_uword_t* result, // are on large positive numbers (primes) or on fields. // Propagate a borrow. static int BorrowProp( - crypt_uword_t* result, const crypt_uword_t* op, int size, int borrow) + crypt_uword_t* result, const crypt_uword_t* op, int size, int borrow) { for(; size > 0; size--) - borrow = ((*result++ = *op++ - borrow) == MAX_CRYPT_UWORD) && borrow; + borrow = ((*result++ = *op++ - borrow) == MAX_CRYPT_UWORD) && borrow; return borrow; } @@ -234,8 +234,8 @@ LIB_EXPORT BOOL BnSub(bigNum result, bigConst op1, bigConst op2) pAssert(op1->size >= op2->size); borrow = SubSame(result->d, op1->d, op2->d, stop); if(op1->size > (crypt_uword_t)stop) - borrow = BorrowProp( - &result->d[stop], &op1->d[stop], (int)(op1->size - stop), borrow); + borrow = BorrowProp( + &result->d[stop], &op1->d[stop], (int)(op1->size - stop), borrow); pAssert(!borrow); BnSetTop(result, op1->size); return TRUE; @@ -274,15 +274,15 @@ LIB_EXPORT int BnUnsignedCmp(bigConst op1, bigConst op2) pAssert((op1 != NULL) && (op2 != NULL)); retVal = (int)(op1->size - op2->size); if(retVal == 0) - { - for(i = (int)(op1->size - 1); i >= 0; i--) - { - diff = (op1->d[i] < op2->d[i]) ? -1 : (op1->d[i] != op2->d[i]); - retVal = retVal == 0 ? diff : retVal; - } - } + { + for(i = (int)(op1->size - 1); i >= 0; i--) + { + diff = (op1->d[i] < op2->d[i]) ? -1 : (op1->d[i] != op2->d[i]); + retVal = retVal == 0 ? diff : retVal; + } + } else - retVal = (retVal < 0) ? -1 : 1; + retVal = (retVal < 0) ? -1 : 1; return retVal; } @@ -295,12 +295,12 @@ LIB_EXPORT int BnUnsignedCmp(bigConst op1, bigConst op2) LIB_EXPORT int BnUnsignedCmpWord(bigConst op1, crypt_uword_t word) { if(op1->size > 1) - return 1; + return 1; else if(op1->size == 1) - return (op1->d[0] < word) ? -1 : (op1->d[0] > word); + return (op1->d[0] < word) ? -1 : (op1->d[0] > word); else // op1 is zero - // equal if word is zero - return (word == 0) ? 0 : -1; + // equal if word is zero + return (word == 0) ? 0 : -1; } //*** BnModWord() @@ -327,39 +327,39 @@ LIB_EXPORT crypt_word_t BnModWord(bigConst numerator, crypt_word_t modulus) static int Msb(crypt_uword_t word) { int retVal = -1; - // +// #if RADIX_BITS == 64 if(word & 0xffffffff00000000) - { - retVal += 32; - word >>= 32; - } + { + retVal += 32; + word >>= 32; + } #endif if(word & 0xffff0000) - { - retVal += 16; - word >>= 16; - } + { + retVal += 16; + word >>= 16; + } if(word & 0x0000ff00) - { - retVal += 8; - word >>= 8; - } + { + retVal += 8; + word >>= 8; + } if(word & 0x000000f0) - { - retVal += 4; - word >>= 4; - } + { + retVal += 4; + word >>= 4; + } if(word & 0x0000000c) - { - retVal += 2; - word >>= 2; - } + { + retVal += 2; + word >>= 2; + } if(word & 0x00000002) - { - retVal += 1; - word >>= 1; - } + { + retVal += 1; + word >>= 1; + } return retVal + (int)word; } @@ -372,13 +372,13 @@ LIB_EXPORT int BnMsb(bigConst bn) { // If the value is NULL, or the size is zero then treat as zero and return -1 if(bn != NULL && bn->size > 0) - { - int retVal = Msb(bn->d[bn->size - 1]); - retVal += (int)(bn->size - 1) * RADIX_BITS; - return retVal; - } + { + int retVal = Msb(bn->d[bn->size - 1]); + retVal += (int)(bn->size - 1) * RADIX_BITS; + return retVal; + } else - return -1; + return -1; } //*** BnSizeInBits() @@ -397,11 +397,11 @@ LIB_EXPORT unsigned BnSizeInBits(bigConst n) LIB_EXPORT bigNum BnSetWord(bigNum n, crypt_uword_t w) { if(n != NULL) - { - pAssert(n->allocated > 1); - n->d[0] = w; - BnSetTop(n, (w != 0) ? 1 : 0); - } + { + pAssert(n->allocated > 1); + n->d[0] = w; + BnSetTop(n, (w != 0) ? 1 : 0); + } return n; } @@ -409,18 +409,18 @@ LIB_EXPORT bigNum BnSetWord(bigNum n, crypt_uword_t w) // This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in // the 0th digit_t. The function will return FALSE if the bitNum is invalid, else TRUE. LIB_EXPORT BOOL BnSetBit(bigNum bn, // IN/OUT: big number to modify - unsigned int bitNum // IN: Bit number to SET - ) + unsigned int bitNum // IN: Bit number to SET +) { crypt_uword_t offset = bitNum / RADIX_BITS; if(bitNum > bn->allocated * RADIX_BITS) - { - // out of range - return FALSE; - } + { + // out of range + return FALSE; + } // Grow the number if necessary to set the bit. while(bn->size <= offset) - bn->d[bn->size++] = 0; + bn->d[bn->size++] = 0; bn->d[offset] |= ((crypt_uword_t)1 << RADIX_MOD(bitNum)); return TRUE; } @@ -432,15 +432,15 @@ LIB_EXPORT BOOL BnSetBit(bigNum bn, // IN/OUT: big number to modify // TRUE(1) the bit is set // FALSE(0) the bit is not set or the number is out of range LIB_EXPORT BOOL BnTestBit(bigNum bn, // IN: number to check - unsigned int bitNum // IN: bit to test - ) + unsigned int bitNum // IN: bit to test +) { crypt_uword_t offset = RADIX_DIV(bitNum); // if(bn->size > offset) - return ((bn->d[offset] & (((crypt_uword_t)1) << RADIX_MOD(bitNum))) != 0); + return ((bn->d[offset] & (((crypt_uword_t)1) << RADIX_MOD(bitNum))) != 0); else - return FALSE; + return FALSE; } //***BnMaskBits() @@ -452,8 +452,8 @@ LIB_EXPORT BOOL BnTestBit(bigNum bn, // IN: number to check // TRUE(1) result masked // FALSE(0) the input was not as large as the mask LIB_EXPORT BOOL BnMaskBits(bigNum bn, // IN/OUT: number to mask - crypt_uword_t maskBit // IN: the bit number for the mask. - ) + crypt_uword_t maskBit // IN: the bit number for the mask. +) { crypt_uword_t finalSize; BOOL retVal; @@ -461,11 +461,11 @@ LIB_EXPORT BOOL BnMaskBits(bigNum bn, // IN/OUT: number to mask finalSize = BITS_TO_CRYPT_WORDS(maskBit); retVal = (finalSize <= bn->allocated); if(retVal && (finalSize > 0)) - { - crypt_uword_t mask; - mask = ~((crypt_uword_t)0) >> RADIX_MOD(maskBit); - bn->d[finalSize - 1] &= mask; - } + { + crypt_uword_t mask; + mask = ~((crypt_uword_t)0) >> RADIX_MOD(maskBit); + bn->d[finalSize - 1] &= mask; + } BnSetTop(bn, finalSize); return retVal; } @@ -486,24 +486,24 @@ LIB_EXPORT BOOL BnShiftRight(bigNum result, bigConst toShift, uint32_t shiftAmou // The end size is toShift->size - offset less one additional // word if the shiftAmount would make the upper word == 0 if(toShift->size > offset) - { - finalSize = toShift->size - offset; - finalSize -= (toShift->d[toShift->size - 1] >> shiftAmount) == 0 ? 1 : 0; - } + { + finalSize = toShift->size - offset; + finalSize -= (toShift->d[toShift->size - 1] >> shiftAmount) == 0 ? 1 : 0; + } else - finalSize = 0; + finalSize = 0; pAssert(finalSize <= result->allocated); if(finalSize != 0) - { - for(i = 0; i < finalSize; i++) - { - result->d[i] = (toShift->d[i + offset] >> shiftAmount) - | (toShift->d[i + offset + 1] << shiftIn); - } - if(offset == 0) - result->d[i] = toShift->d[i] >> shiftAmount; - } + { + for(i = 0; i < finalSize; i++) + { + result->d[i] = (toShift->d[i + offset] >> shiftAmount) + | (toShift->d[i + offset + 1] << shiftIn); + } + if(offset == 0) + result->d[i] = toShift->d[i] >> shiftAmount; + } BnSetTop(result, finalSize); return TRUE; } @@ -537,9 +537,9 @@ BOOL BnIsPointOnCurve(pointConst Q, const TPMBN_ECC_CURVE_CONSTANTS* C) BnMod(right, prime); if(BnUnsignedCmp(left, right) == 0) - return TRUE; + return TRUE; else - return FALSE; + return FALSE; } // libtpms added begin diff --git a/src/tpm2/BnMemory.c b/src/tpm2/BnMemory.c index 620ca997..28032777 100644 --- a/src/tpm2/BnMemory.c +++ b/src/tpm2/BnMemory.c @@ -59,142 +59,133 @@ /* */ /********************************************************************************/ -/* 10.2.5 BnMemory.c */ -/* 10.2.5.1 Introduction */ -/* This file contains the memory setup functions used by the bigNum functions in CryptoEngine() */ -/* 10.2.5.2 Includes */ -#include "Tpm.h" -/* 10.2.5.3 Functions */ -/* 10.2.5.3.1 BnSetTop() */ -/* This function is used when the size of a bignum_t is changed. It makes sure that the unused words - are set to zero and that any significant words of zeros are eliminated from the used size - indicator. */ -LIB_EXPORT bigNum -BnSetTop( - bigNum bn, // IN/OUT: number to clean - crypt_uword_t top // IN: the new top - ) +//** Introduction +// This file contains the memory setup functions used by the bigNum functions +// in CryptoEngine + +//** Includes +#include "TpmBigNum.h" + +//** Functions + +//*** BnSetTop() +// This function is used when the size of a bignum_t is changed. It +// makes sure that the unused words are set to zero and that any significant +// words of zeros are eliminated from the used size indicator. +LIB_EXPORT bigNum BnSetTop(bigNum bn, // IN/OUT: number to clean + crypt_uword_t top // IN: the new top +) { if(bn != NULL) - { - pAssert(top <= bn->allocated); - // If forcing the size to be decreased, make sure that the words being - // discarded are being set to 0 - while(bn->size > top) - bn->d[--bn->size] = 0; - bn->size = top; - // Now make sure that the words that are left are 'normalized' (no high-order - // words of zero. - while((bn->size > 0) && (bn->d[bn->size - 1] == 0)) - bn->size -= 1; - } + { + pAssert(top <= bn->allocated); + // If forcing the size to be decreased, make sure that the words being + // discarded are being set to 0 + while(bn->size > top) + bn->d[--bn->size] = 0; + bn->size = top; + // Now make sure that the words that are left are 'normalized' (no high-order + // words of zero. + while((bn->size > 0) && (bn->d[bn->size - 1] == 0)) + bn->size -= 1; + } return bn; } #if 0 /* libtpms added */ -/* 10.2.5.3.2 BnClearTop() */ -/* This function will make sure that all unused words are zero. */ -LIB_EXPORT bigNum -BnClearTop( - bigNum bn - ) + +//*** BnClearTop() +// This function will make sure that all unused words are zero. +LIB_EXPORT bigNum BnClearTop(bigNum bn) { - crypt_uword_t i; + crypt_uword_t i; // if(bn != NULL) - { - for(i = bn->size; i < bn->allocated; i++) - bn->d[i] = 0; - while((bn->size > 0) && (bn->d[bn->size] == 0)) - bn->size -= 1; - } + { + for(i = bn->size; i < bn->allocated; i++) + bn->d[i] = 0; + while((bn->size > 0) && (bn->d[bn->size] == 0)) + bn->size -= 1; + } return bn; } #endif /* libtpms added */ -/* 10.2.5.3.3 BnInitializeWord() */ -/* This function is used to initialize an allocated bigNum with a word value. The bigNum does not - have to be allocated with a single word. */ -LIB_EXPORT bigNum -BnInitializeWord( - bigNum bn, // IN: - crypt_uword_t allocated, // IN: - crypt_uword_t word // IN: - ) + +//*** BnInitializeWord() +// This function is used to initialize an allocated bigNum with a word value. The +// bigNum does not have to be allocated with a single word. +LIB_EXPORT bigNum BnInitializeWord(bigNum bn, // IN: + crypt_uword_t allocated, // IN: + crypt_uword_t word // IN: +) { bn->allocated = allocated; - bn->size = (word != 0); - bn->d[0] = word; + bn->size = (word != 0); + bn->d[0] = word; while(allocated > 1) - bn->d[--allocated] = 0; + bn->d[--allocated] = 0; return bn; } -/* 10.2.5.3.4 BnInit() */ -/* This function initializes a stack allocated bignum_t. It initializes allocated and size and zeros - the words of d. */ -LIB_EXPORT bigNum -BnInit( - bigNum bn, - crypt_uword_t allocated - ) + +//*** BnInit() +// This function initializes a stack allocated bignum_t. It initializes +// 'allocated' and 'size' and zeros the words of 'd'. +LIB_EXPORT bigNum BnInit(bigNum bn, crypt_uword_t allocated) { if(bn != NULL) - { - bn->allocated = allocated; - bn->size = 0; - while(allocated != 0) - bn->d[--allocated] = 0; - } + { + bn->allocated = allocated; + bn->size = 0; + while(allocated != 0) + bn->d[--allocated] = 0; + } return bn; } -/* 10.2.5.3.5 BnCopy() */ -/* Function to copy a bignum_t. If the output is NULL, then nothing happens. If the input is NULL, - the output is set to zero. */ -LIB_EXPORT BOOL -BnCopy( - bigNum out, - bigConst in - ) + +//*** BnCopy() +// Function to copy a bignum_t. If the output is NULL, then +// nothing happens. If the input is NULL, the output is set +// to zero. +LIB_EXPORT BOOL BnCopy(bigNum out, bigConst in) { if(in == out) - BnSetTop(out, BnGetSize(out)); + BnSetTop(out, BnGetSize(out)); else if(out != NULL) - { - if(in != NULL) - { - unsigned int i; - pAssert(BnGetAllocated(out) >= BnGetSize(in)); - for(i = 0; i < BnGetSize(in); i++) - out->d[i] = in->d[i]; - BnSetTop(out, BnGetSize(in)); - } - else - BnSetTop(out, 0); - } + { + if(in != NULL) + { + unsigned int i; + pAssert(BnGetAllocated(out) >= BnGetSize(in)); + for(i = 0; i < BnGetSize(in); i++) + out->d[i] = in->d[i]; + BnSetTop(out, BnGetSize(in)); + } + else + BnSetTop(out, 0); + } return TRUE; } + #if ALG_ECC #if 0 /* libtpms added */ -/* 10.2.5.3.6 BnPointCopy() */ -/* Function to copy a bn point. */ -LIB_EXPORT BOOL -BnPointCopy( - bigPoint pOut, - pointConst pIn - ) + +//*** BnPointCopy() +// Function to copy a bn point. +LIB_EXPORT BOOL BnPointCopy(bigPoint pOut, pointConst pIn) { - return BnCopy(pOut->x, pIn->x) - && BnCopy(pOut->y, pIn->y) - && BnCopy(pOut->z, pIn->z); + return BnCopy(pOut->x, pIn->x) && BnCopy(pOut->y, pIn->y) + && BnCopy(pOut->z, pIn->z); } #endif /* libtpms added */ -/* 10.2.5.3.7 BnInitializePoint() */ -/* This function is used to initialize a point structure with the addresses of the coordinates. */ -LIB_EXPORT bn_point_t * -BnInitializePoint( - bigPoint p, // OUT: structure to receive pointers - bigNum x, // IN: x coordinate - bigNum y, // IN: y coordinate - bigNum z // IN: x coordinate - ) + +//*** BnInitializePoint() +// This function is used to initialize a point structure with the addresses +// of the coordinates. +LIB_EXPORT bn_point_t* BnInitializePoint( + bigPoint p, // OUT: structure to receive pointers + bigNum x, // IN: x coordinate + bigNum y, // IN: y coordinate + bigNum z // IN: x coordinate +) { p->x = x; p->y = y; @@ -202,4 +193,5 @@ BnInitializePoint( BnSetWord(z, 1); return p; } -#endif // TPM_ALG_ECC + +#endif // ALG_ECC diff --git a/src/tpm2/BnSupport_Interface.h b/src/tpm2/BnSupport_Interface.h index 28d726f4..7ad401ea 100644 --- a/src/tpm2/BnSupport_Interface.h +++ b/src/tpm2/BnSupport_Interface.h @@ -95,7 +95,7 @@ BOOL BnMathLibraryCompatibilityCheck(void); //** BnModMult() // Does 'op1' * 'op2' and divide by 'modulus' returning the remainder of the divide. LIB_EXPORT BOOL BnModMult( - bigNum result, bigConst op1, bigConst op2, bigConst modulus); + bigNum result, bigConst op1, bigConst op2, bigConst modulus); //** BnMult() // Multiplies two numbers and returns the result @@ -105,7 +105,7 @@ LIB_EXPORT BOOL BnMult(bigNum result, bigConst multiplicand, bigConst multiplier // This function divides two bigNum values. The function returns FALSE if there is // an error in the operation. LIB_EXPORT BOOL BnDiv( - bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor); + bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor); //** BnMod() #define BnMod(a, b) BnDiv(NULL, (a), (a), (b)) @@ -119,11 +119,11 @@ LIB_EXPORT BOOL BnGcd(bigNum gcd, bigConst number1, bigConst number2); // Do modular exponentiation using bigNum values. This function is only needed // when the TPM implements RSA. LIB_EXPORT BOOL BnModExp( - bigNum result, bigConst number, bigConst exponent, bigConst modulus); + bigNum result, bigConst number, bigConst exponent, bigConst modulus); #endif // ALG_RSA - //** BnModInverse() - // Modular multiplicative inverse. +//** BnModInverse() +// Modular multiplicative inverse. LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, bigConst modulus); #if ALG_ECC @@ -145,25 +145,25 @@ LIB_EXPORT void BnCurveFree(bigCurveData* E); // indicates that the result was the point at infinity. This function is only needed // if the TPM supports ECC. LIB_EXPORT BOOL BnEccModMult( - bigPoint R, pointConst S, bigConst d, const bigCurveData* E); + bigPoint R, pointConst S, bigConst d, const bigCurveData* E); //** BnEccModMult2() // This function does a point multiply of the form R = [d]S + [u]Q. A return of // FALSE indicates that the result was the point at infinity. This function is only // needed if the TPM supports ECC. LIB_EXPORT BOOL BnEccModMult2(bigPoint R, - pointConst S, - bigConst d, - pointConst Q, - bigConst u, - const bigCurveData* E); + pointConst S, + bigConst d, + pointConst Q, + bigConst u, + const bigCurveData* E); //** BnEccAdd() // This function does a point add R = S + Q. A return of FALSE // indicates that the result was the point at infinity. This function is only needed // if the TPM supports ECC. LIB_EXPORT BOOL BnEccAdd( - bigPoint R, pointConst S, pointConst Q, const bigCurveData* E); + bigPoint R, pointConst S, pointConst Q, const bigCurveData* E); #endif // ALG_ECC diff --git a/src/tpm2/Cancel.c b/src/tpm2/Cancel.c index 2026ec0d..0d0359fe 100644 --- a/src/tpm2/Cancel.c +++ b/src/tpm2/Cancel.c @@ -59,41 +59,38 @@ /* */ /********************************************************************************/ -/* C.2 Cancel.c */ -/* C.2.1. Description */ -/* This module simulates the cancel pins on the TPM. */ -/* C.2.2. Includes, Typedefs, Structures, and Defines */ +//** Description +// +// This module simulates the cancel pins on the TPM. +// +//** Includes, Typedefs, Structures, and Defines #include "Platform.h" -/* C.2.3. Functions */ -/* C.2.3.1. _plat__IsCanceled() */ -/* Check if the cancel flag is set */ -/* Return Values Meaning */ -/* TRUE(1) if cancel flag is set */ -/* FALSE(0) if cancel flag is not set */ -LIB_EXPORT int -_plat__IsCanceled( - void - ) + +//** Functions + +//***_plat__IsCanceled() +// Check if the cancel flag is set +// Return Type: int +// TRUE(1) if cancel flag is set +// FALSE(0) if cancel flag is not set +LIB_EXPORT int _plat__IsCanceled(void) { // return cancel flag return s_isCanceled; } -/* C.2.3.2. _plat__SetCancel() */ -/* Set cancel flag. */ -LIB_EXPORT void -_plat__SetCancel( - void - ) + +//***_plat__SetCancel() + +// Set cancel flag. +LIB_EXPORT void _plat__SetCancel(void) { s_isCanceled = TRUE; return; } -/* C.2.3.3. _plat__ClearCancel() */ -/* Clear cancel flag */ -LIB_EXPORT void -_plat__ClearCancel( - void - ) + +//***_plat__ClearCancel() +// Clear cancel flag +LIB_EXPORT void _plat__ClearCancel(void) { s_isCanceled = FALSE; return; diff --git a/src/tpm2/Capabilities.h b/src/tpm2/Capabilities.h index 832187fe..572f40fe 100644 --- a/src/tpm2/Capabilities.h +++ b/src/tpm2/Capabilities.h @@ -59,18 +59,18 @@ /* */ /********************************************************************************/ -#ifndef _CAPABILITIES_H -#define _CAPABILITIES_H +#ifndef _CAPABILITIES_H +#define _CAPABILITIES_H -#define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP)-sizeof(UINT32)) -#define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY)) -#define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE)) -#define MAX_CAP_CC (MAX_CAP_DATA / sizeof(TPM_CC)) -#define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY)) -#define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT)) -#define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE)) -#define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY)) -#define MAX_ACT_DATA (MAX_CAP_DATA / sizeof(TPMS_ACT_DATA)) -#define MAX_AC_CAPABILITIES (MAX_CAP_DATA / sizeof(TPMS_AC_OUTPUT)) +#define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP) - sizeof(UINT32)) +#define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY)) +#define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE)) +#define MAX_CAP_CC (MAX_CAP_DATA / sizeof(TPM_CC)) +#define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY)) +#define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT)) +#define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE)) +#define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY)) +#define MAX_ACT_DATA (MAX_CAP_DATA / sizeof(TPMS_ACT_DATA)) +#define MAX_AC_CAPABILITIES (MAX_CAP_DATA / sizeof(TPMS_AC_OUTPUT)) #endif diff --git a/src/tpm2/CertifyCreation_fp.h b/src/tpm2/CertifyCreation_fp.h index 98be3b92..12093c8a 100644 --- a/src/tpm2/CertifyCreation_fp.h +++ b/src/tpm2/CertifyCreation_fp.h @@ -59,37 +59,43 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef CERTIFYCREATION_FP_H -#define CERTIFYCREATION_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT signHandle; - TPMI_DH_OBJECT objectHandle; - TPM2B_DATA qualifyingData; - TPM2B_DIGEST creationHash; - TPMT_SIG_SCHEME inScheme; - TPMT_TK_CREATION creationTicket; +#if CC_CertifyCreation // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFYCREATION_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFYCREATION_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT signHandle; + TPMI_DH_OBJECT objectHandle; + TPM2B_DATA qualifyingData; + TPM2B_DIGEST creationHash; + TPMT_SIG_SCHEME inScheme; + TPMT_TK_CREATION creationTicket; } CertifyCreation_In; -#define RC_CertifyCreation_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_CertifyCreation_objectHandle (TPM_RC_H + TPM_RC_2) -#define RC_CertifyCreation_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_CertifyCreation_creationHash (TPM_RC_P + TPM_RC_2) -#define RC_CertifyCreation_inScheme (TPM_RC_P + TPM_RC_3) -#define RC_CertifyCreation_creationTicket (TPM_RC_P + TPM_RC_4) - -typedef struct { - TPM2B_ATTEST certifyInfo; - TPMT_SIGNATURE signature; +// Output structure definition +typedef struct +{ + TPM2B_ATTEST certifyInfo; + TPMT_SIGNATURE signature; } CertifyCreation_Out; +// Response code modifiers +# define RC_CertifyCreation_signHandle (TPM_RC_H + TPM_RC_1) +# define RC_CertifyCreation_objectHandle (TPM_RC_H + TPM_RC_2) +# define RC_CertifyCreation_qualifyingData (TPM_RC_P + TPM_RC_1) +# define RC_CertifyCreation_creationHash (TPM_RC_P + TPM_RC_2) +# define RC_CertifyCreation_inScheme (TPM_RC_P + TPM_RC_3) +# define RC_CertifyCreation_creationTicket (TPM_RC_P + TPM_RC_4) + +// Function prototype TPM_RC -TPM2_CertifyCreation( - CertifyCreation_In *in, // IN: input parameter list - CertifyCreation_Out *out // OUT: output parameter list - ); +TPM2_CertifyCreation(CertifyCreation_In* in, CertifyCreation_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFYCREATION_FP_H_ +#endif // CC_CertifyCreation diff --git a/src/tpm2/CertifyX509_fp.h b/src/tpm2/CertifyX509_fp.h index b7a002ab..5a9ee6b3 100644 --- a/src/tpm2/CertifyX509_fp.h +++ b/src/tpm2/CertifyX509_fp.h @@ -59,35 +59,42 @@ /* */ /********************************************************************************/ -/* rev 155 */ -#ifndef CERTIFYX509_FP_H -#define CERTIFYX509_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT objectHandle; - TPMI_DH_OBJECT signHandle; - TPM2B_DATA reserved; - TPMT_SIG_SCHEME inScheme; - TPM2B_MAX_BUFFER partialCertificate; +#if CC_CertifyX509 // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFYX509_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFYX509_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT objectHandle; + TPMI_DH_OBJECT signHandle; + TPM2B_DATA reserved; + TPMT_SIG_SCHEME inScheme; + TPM2B_MAX_BUFFER partialCertificate; } CertifyX509_In; -#define RC_CertifyX509_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_CertifyX509_objectHandle (TPM_RC_H + TPM_RC_2) -#define RC_CertifyX509_reserved (TPM_RC_P + TPM_RC_1) -#define RC_CertifyX509_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_CertifyX509_partialCertificate (TPM_RC_P + TPM_RC_3) - -typedef struct { - TPM2B_MAX_BUFFER addedToCertificate; - TPM2B_DIGEST tbsDigest; - TPMT_SIGNATURE signature; +// Output structure definition +typedef struct +{ + TPM2B_MAX_BUFFER addedToCertificate; + TPM2B_DIGEST tbsDigest; + TPMT_SIGNATURE signature; } CertifyX509_Out; -TPM_RC -TPM2_CertifyX509( - CertifyX509_In *in, // IN: input parameter list - CertifyX509_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_CertifyX509_signHandle (TPM_RC_H + TPM_RC_1) +# define RC_CertifyX509_objectHandle (TPM_RC_H + TPM_RC_2) +# define RC_CertifyX509_reserved (TPM_RC_P + TPM_RC_1) +# define RC_CertifyX509_inScheme (TPM_RC_P + TPM_RC_2) +# define RC_CertifyX509_partialCertificate (TPM_RC_P + TPM_RC_3) -#endif +// Function prototype +TPM_RC +TPM2_CertifyX509(CertifyX509_In* in, CertifyX509_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFYX509_FP_H_ +#endif // CC_CertifyX509 diff --git a/src/tpm2/Certify_fp.h b/src/tpm2/Certify_fp.h index 2e2ff6d7..2549b05f 100644 --- a/src/tpm2/Certify_fp.h +++ b/src/tpm2/Certify_fp.h @@ -59,35 +59,39 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef CERTIFY_FP_H -#define CERTIFY_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT objectHandle; - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; +#if CC_Certify // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFY_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFY_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT objectHandle; + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; } Certify_In; -#define RC_Certify_objectHandle (TPM_RC_H + TPM_RC_1) -#define RC_Certify_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_Certify_inScheme (TPM_RC_P + TPM_RC_2) - -typedef struct { - TPM2B_ATTEST certifyInfo; - TPMT_SIGNATURE signature; +// Output structure definition +typedef struct +{ + TPM2B_ATTEST certifyInfo; + TPMT_SIGNATURE signature; } Certify_Out; +// Response code modifiers +# define RC_Certify_objectHandle (TPM_RC_H + TPM_RC_1) +# define RC_Certify_signHandle (TPM_RC_H + TPM_RC_2) +# define RC_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) +# define RC_Certify_inScheme (TPM_RC_P + TPM_RC_2) - +// Function prototype TPM_RC -TPM2_Certify( - Certify_In *in, // IN: input parameter list - Certify_Out *out // OUT: output parameter list - ); +TPM2_Certify(Certify_In* in, Certify_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFY_FP_H_ +#endif // CC_Certify diff --git a/src/tpm2/ChangeEPS_fp.h b/src/tpm2/ChangeEPS_fp.h index 33001e92..51cdda33 100644 --- a/src/tpm2/ChangeEPS_fp.h +++ b/src/tpm2/ChangeEPS_fp.h @@ -59,21 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef CHANGEEPS_FP_H -#define CHANGEEPS_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_PLATFORM authHandle; +#if CC_ChangeEPS // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CHANGEEPS_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CHANGEEPS_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PLATFORM authHandle; } ChangeEPS_In; -#define RC_ChangeEPS_authHandle (TPM_RC_H + TPM_RC_1) +// Response code modifiers +# define RC_ChangeEPS_authHandle (TPM_RC_H + TPM_RC_1) +// Function prototype TPM_RC -TPM2_ChangeEPS( - ChangeEPS_In *in // IN: input parameter list - ); +TPM2_ChangeEPS(ChangeEPS_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CHANGEEPS_FP_H_ +#endif // CC_ChangeEPS diff --git a/src/tpm2/ChangePPS_fp.h b/src/tpm2/ChangePPS_fp.h index ec1ba459..56c22754 100644 --- a/src/tpm2/ChangePPS_fp.h +++ b/src/tpm2/ChangePPS_fp.h @@ -59,21 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef CHANGEPPS_FP_H -#define CHANGEPPS_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_PLATFORM authHandle; +#if CC_ChangePPS // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CHANGEPPS_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CHANGEPPS_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PLATFORM authHandle; } ChangePPS_In; -#define RC_ChangePPS_authHandle (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_ChangePPS_authHandle (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_ChangePPS( - ChangePPS_In *in // IN: input parameter list - ); +TPM2_ChangePPS(ChangePPS_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CHANGEPPS_FP_H_ +#endif // CC_ChangePPS diff --git a/src/tpm2/ClearControl_fp.h b/src/tpm2/ClearControl_fp.h index 7c6920e2..a993b887 100644 --- a/src/tpm2/ClearControl_fp.h +++ b/src/tpm2/ClearControl_fp.h @@ -59,21 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef CLEARCONTROL_FP_H -#define CLEARCONTROL_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_CLEAR auth; - TPMI_YES_NO disable; +#if CC_ClearControl // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLEARCONTROL_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLEARCONTROL_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_CLEAR auth; + TPMI_YES_NO disable; } ClearControl_In; -#define RC_ClearControl_auth (TPM_RC_H + TPM_RC_1) -#define RC_ClearControl_disable (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_ClearControl_auth (TPM_RC_H + TPM_RC_1) +# define RC_ClearControl_disable (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_ClearControl( - ClearControl_In *in // IN: input parameter list - ); -#endif +TPM2_ClearControl(ClearControl_In* in); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLEARCONTROL_FP_H_ +#endif // CC_ClearControl diff --git a/src/tpm2/Clear_fp.h b/src/tpm2/Clear_fp.h index 44407778..2cd97355 100644 --- a/src/tpm2/Clear_fp.h +++ b/src/tpm2/Clear_fp.h @@ -59,20 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef CLEAR_FP_H -#define CLEAR_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_CLEAR authHandle; +#if CC_Clear // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLEAR_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLEAR_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_CLEAR authHandle; } Clear_In; -#define RC_Clear_authHandle (TPM_RC_H + TPM_RC_1) +// Response code modifiers +# define RC_Clear_authHandle (TPM_RC_H + TPM_RC_1) +// Function prototype TPM_RC -TPM2_Clear( - Clear_In *in // IN: input parameter list - ); +TPM2_Clear(Clear_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLEAR_FP_H_ +#endif // CC_Clear diff --git a/src/tpm2/Clock.c b/src/tpm2/Clock.c index bb6b40a2..6f1b81d1 100644 --- a/src/tpm2/Clock.c +++ b/src/tpm2/Clock.c @@ -175,16 +175,16 @@ clock_t debugTime; LIB_EXPORT uint64_t _plat__RealTime(void) { clock64_t time; - //#ifdef _MSC_VER kgold + //#ifdef _MSC_VER kgold // libtpms changed begin #ifdef TPM_WINDOWS - #include + #include // libtpms changed end struct _timeb sysTime; // _ftime(&sysTime); /* kgold, mingw doesn't have _ftime_s */ time = (clock64_t)(sysTime.time) * 1000 + sysTime.millitm; // set the time back by one hour if daylight savings if(sysTime.dstflag) - time -= 1000 * 60 * 60; // mSec/sec * sec/min * min/hour = ms/hour + time -= 1000 * 60 * 60; // mSec/sec * sec/min * min/hour = ms/hour #else // hopefully, this will work with most UNIX systems struct timespec systime; @@ -226,7 +226,7 @@ LIB_EXPORT uint64_t _plat__TimerRead(void) # error "need a defintion for reading the hardware clock" return HARDWARE_CLOCK #else - clock64_t timeDiff; + clock64_t timeDiff; clock64_t adjustedTimeDiff; clock64_t timeNow; clock64_t readjustedTimeDiff; @@ -236,17 +236,17 @@ LIB_EXPORT uint64_t _plat__TimerRead(void) // if this hasn't been initialized, initialize it if(s_lastSystemTime == 0) - { - s_lastSystemTime = timeNow; - debugTime = clock(); - s_lastReportedTime = 0; - s_realTimePrevious = 0; - } + { + s_lastSystemTime = timeNow; + debugTime = clock(); + s_lastReportedTime = 0; + s_realTimePrevious = 0; + } // The system time can bounce around and that's OK as long as we don't allow // time to go backwards. When the time does appear to go backwards, set // lastSystemTime to be the new value and then update the reported time. if(timeNow < s_lastReportedTime) - s_lastSystemTime = timeNow; + s_lastSystemTime = timeNow; s_lastReportedTime = s_lastReportedTime + timeNow - s_lastSystemTime; s_lastSystemTime = timeNow; timeNow = s_lastReportedTime; @@ -257,7 +257,7 @@ LIB_EXPORT uint64_t _plat__TimerRead(void) // uses that value and does the rate adjustment on the time value. // If there is no difference in time, then skip all the computations if(s_realTimePrevious >= timeNow) - return s_tpmTime; + return s_tpmTime; // Compute the amount of time since the last update of the system clock timeDiff = timeNow - s_realTimePrevious; @@ -324,71 +324,33 @@ LIB_EXPORT void _plat__ClockRateAdjust(_plat__ClockAdjustStep adjust) // We expect the caller should only use a fixed set of constant values to // adjust the rate switch(adjust) - { - // slower increases the divisor - case PLAT_TPM_CLOCK_ADJUST_COARSE_SLOWER: - s_adjustRate += CLOCK_ADJUST_COARSE; - break; - case PLAT_TPM_CLOCK_ADJUST_MEDIUM_SLOWER: - s_adjustRate += CLOCK_ADJUST_MEDIUM; - break; - case PLAT_TPM_CLOCK_ADJUST_FINE_SLOWER: - s_adjustRate += CLOCK_ADJUST_FINE; - break; - // faster decreases the divisor - case PLAT_TPM_CLOCK_ADJUST_FINE_FASTER: - s_adjustRate -= CLOCK_ADJUST_FINE; - break; - case PLAT_TPM_CLOCK_ADJUST_MEDIUM_FASTER: - s_adjustRate -= CLOCK_ADJUST_MEDIUM; - break; - case PLAT_TPM_CLOCK_ADJUST_COARSE_FASTER: - s_adjustRate -= CLOCK_ADJUST_COARSE; - break; - } + { + // slower increases the divisor + case PLAT_TPM_CLOCK_ADJUST_COARSE_SLOWER: + s_adjustRate += CLOCK_ADJUST_COARSE; + break; + case PLAT_TPM_CLOCK_ADJUST_MEDIUM_SLOWER: + s_adjustRate += CLOCK_ADJUST_MEDIUM; + break; + case PLAT_TPM_CLOCK_ADJUST_FINE_SLOWER: + s_adjustRate += CLOCK_ADJUST_FINE; + break; + // faster decreases the divisor + case PLAT_TPM_CLOCK_ADJUST_FINE_FASTER: + s_adjustRate -= CLOCK_ADJUST_FINE; + break; + case PLAT_TPM_CLOCK_ADJUST_MEDIUM_FASTER: + s_adjustRate -= CLOCK_ADJUST_MEDIUM; + break; + case PLAT_TPM_CLOCK_ADJUST_COARSE_FASTER: + s_adjustRate -= CLOCK_ADJUST_COARSE; + break; + } if(s_adjustRate > (CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT)) - s_adjustRate = CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT; + s_adjustRate = CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT; if(s_adjustRate < (CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT)) - s_adjustRate = CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT; + s_adjustRate = CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT; return; } - -#if 0 - -/* added for portability because Linux clock is 32 bits */ - -#include -#include -#include - -#include "TpmFail_fp.h" - -LIB_EXPORT uint64_t -_plat__RealTime( - void - ) -{ - clock64_t time; - //#ifdef _MSC_VER kgold -#ifdef TPM_WINDOWS - #include - struct _timeb sysTime; - // - _ftime(&sysTime); /* kgold, mingw doesn't have _ftime_s */ - time = (clock64_t)(sysTime.time) * 1000 + sysTime.millitm; - // set the time back by one hour if daylight savings - if(sysTime.dstflag) - time -= 1000 * 60 * 60; // mSec/sec * sec/min * min/hour = ms/hour -#else - // hopefully, this will work with most UNIX systems - struct timespec systime; - // - clock_gettime(CLOCK_MONOTONIC, &systime); - time = (clock64_t)systime.tv_sec * 1000 + (systime.tv_nsec / 1000000); -#endif - return time; -} - -#endif diff --git a/src/tpm2/ClockRateAdjust_fp.h b/src/tpm2/ClockRateAdjust_fp.h index 0c02067b..4d4317c7 100644 --- a/src/tpm2/ClockRateAdjust_fp.h +++ b/src/tpm2/ClockRateAdjust_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef CLOCKRATEADJUST_FP_H -#define CLOCKRATEADJUST_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_PROVISION auth; - TPM_CLOCK_ADJUST rateAdjust; +#if CC_ClockRateAdjust // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLOCKRATEADJUST_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLOCKRATEADJUST_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PROVISION auth; + TPM_CLOCK_ADJUST rateAdjust; } ClockRateAdjust_In; -#define RC_ClockRateAdjust_auth (TPM_RC_H + TPM_RC_1) -#define RC_ClockRateAdjust_rateAdjust (TPM_RC_P + TPM_RC_1) - +// Response code modifiers +# define RC_ClockRateAdjust_auth (TPM_RC_H + TPM_RC_1) +# define RC_ClockRateAdjust_rateAdjust (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_ClockRateAdjust( - ClockRateAdjust_In *in // IN: input parameter list - ); +TPM2_ClockRateAdjust(ClockRateAdjust_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLOCKRATEADJUST_FP_H_ +#endif // CC_ClockRateAdjust diff --git a/src/tpm2/ClockSet_fp.h b/src/tpm2/ClockSet_fp.h index 8f76b735..73bc5217 100644 --- a/src/tpm2/ClockSet_fp.h +++ b/src/tpm2/ClockSet_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef CLOCKSET_FP_H -#define CLOCKSET_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_PROVISION auth; - UINT64 newTime; +#if CC_ClockSet // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLOCKSET_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLOCKSET_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PROVISION auth; + UINT64 newTime; } ClockSet_In; -#define RC_ClockSet_auth (TPM_RC_H + TPM_RC_1) -#define RC_ClockSet_newTime (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_ClockSet_auth (TPM_RC_H + TPM_RC_1) +# define RC_ClockSet_newTime (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_ClockSet( - ClockSet_In *in // IN: input parameter list - ); +TPM2_ClockSet(ClockSet_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLOCKSET_FP_H_ +#endif // CC_ClockSet diff --git a/src/tpm2/CommandAttributeData.h b/src/tpm2/CommandAttributeData.h index eab4fad9..ab86ae2a 100644 --- a/src/tpm2/CommandAttributeData.h +++ b/src/tpm2/CommandAttributeData.h @@ -58,935 +58,937 @@ /* */ /********************************************************************************/ -/* 5.6 CommandAttributeData.h */ -/* This file should only be included by CommandCodeAttibutes.c */ +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT +// clang-format off + +// This file should only be included by CommandCodeAttibutes.c #ifdef _COMMAND_CODE_ATTRIBUTES_ + #include "CommandAttributes.h" + #if COMPRESSED_LISTS # define PAD_LIST 0 #else # define PAD_LIST 1 #endif -/* This is the command code attribute array for GetCapability(). Both this array and - s_commandAttributes provides command code attributes, but tuned for different purpose */ - +// This is the command code attribute array for GetCapability. +// Both this array and s_commandAttributes provides command code attributes, +// but tuned for different purpose const TPMA_CC s_ccAttr [] = { -#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) - TPMA_CC_INITIALIZER(0x011f, 0, 1, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) + TPMA_CC_INITIALIZER(0x011F, 0, 1, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_EvictControl) - TPMA_CC_INITIALIZER(0x0120, 0, 1, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_EvictControl) + TPMA_CC_INITIALIZER(0x0120, 0, 1, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_HierarchyControl) - TPMA_CC_INITIALIZER(0x0121, 0, 1, 1, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_HierarchyControl) + TPMA_CC_INITIALIZER(0x0121, 0, 1, 1, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_NV_UndefineSpace) - TPMA_CC_INITIALIZER(0x0122, 0, 1, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_NV_UndefineSpace) + TPMA_CC_INITIALIZER(0x0122, 0, 1, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x0123, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST) + TPMA_CC_INITIALIZER(0x0123, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_ChangeEPS) - TPMA_CC_INITIALIZER(0x0124, 0, 1, 1, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_ChangeEPS) + TPMA_CC_INITIALIZER(0x0124, 0, 1, 1, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_ChangePPS) - TPMA_CC_INITIALIZER(0x0125, 0, 1, 1, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_ChangePPS) + TPMA_CC_INITIALIZER(0x0125, 0, 1, 1, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_Clear) - TPMA_CC_INITIALIZER(0x0126, 0, 1, 1, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_Clear) + TPMA_CC_INITIALIZER(0x0126, 0, 1, 1, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_ClearControl) - TPMA_CC_INITIALIZER(0x0127, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_ClearControl) + TPMA_CC_INITIALIZER(0x0127, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_ClockSet) - TPMA_CC_INITIALIZER(0x0128, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_ClockSet) + TPMA_CC_INITIALIZER(0x0128, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_HierarchyChangeAuth) - TPMA_CC_INITIALIZER(0x0129, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_HierarchyChangeAuth) + TPMA_CC_INITIALIZER(0x0129, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_NV_DefineSpace) - TPMA_CC_INITIALIZER(0x012a, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_NV_DefineSpace) + TPMA_CC_INITIALIZER(0x012A, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PCR_Allocate) - TPMA_CC_INITIALIZER(0x012b, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PCR_Allocate) + TPMA_CC_INITIALIZER(0x012B, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PCR_SetAuthPolicy) - TPMA_CC_INITIALIZER(0x012c, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PCR_SetAuthPolicy) + TPMA_CC_INITIALIZER(0x012C, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PP_Commands) - TPMA_CC_INITIALIZER(0x012d, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PP_Commands) + TPMA_CC_INITIALIZER(0x012D, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_SetPrimaryPolicy) - TPMA_CC_INITIALIZER(0x012e, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_SetPrimaryPolicy) + TPMA_CC_INITIALIZER(0x012E, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_FieldUpgradeStart) - TPMA_CC_INITIALIZER(0x012f, 0, 0, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_FieldUpgradeStart) + TPMA_CC_INITIALIZER(0x012F, 0, 0, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_ClockRateAdjust) - TPMA_CC_INITIALIZER(0x0130, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_ClockRateAdjust) + TPMA_CC_INITIALIZER(0x0130, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_CreatePrimary) - TPMA_CC_INITIALIZER(0x0131, 0, 0, 0, 0, 1, 1, 0, 0), +#if (PAD_LIST || CC_CreatePrimary) + TPMA_CC_INITIALIZER(0x0131, 0, 0, 0, 0, 1, 1, 0, 0), #endif -#if (PAD_LIST || CC_NV_GlobalWriteLock) - TPMA_CC_INITIALIZER(0x0132, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_NV_GlobalWriteLock) + TPMA_CC_INITIALIZER(0x0132, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_GetCommandAuditDigest) - TPMA_CC_INITIALIZER(0x0133, 0, 1, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_GetCommandAuditDigest) + TPMA_CC_INITIALIZER(0x0133, 0, 1, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_NV_Increment) - TPMA_CC_INITIALIZER(0x0134, 0, 1, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_NV_Increment) + TPMA_CC_INITIALIZER(0x0134, 0, 1, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_NV_SetBits) - TPMA_CC_INITIALIZER(0x0135, 0, 1, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_NV_SetBits) + TPMA_CC_INITIALIZER(0x0135, 0, 1, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_NV_Extend) - TPMA_CC_INITIALIZER(0x0136, 0, 1, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_NV_Extend) + TPMA_CC_INITIALIZER(0x0136, 0, 1, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_NV_Write) - TPMA_CC_INITIALIZER(0x0137, 0, 1, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_NV_Write) + TPMA_CC_INITIALIZER(0x0137, 0, 1, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_NV_WriteLock) - TPMA_CC_INITIALIZER(0x0138, 0, 1, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_NV_WriteLock) + TPMA_CC_INITIALIZER(0x0138, 0, 1, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_DictionaryAttackLockReset) - TPMA_CC_INITIALIZER(0x0139, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_DictionaryAttackLockReset) + TPMA_CC_INITIALIZER(0x0139, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_DictionaryAttackParameters) - TPMA_CC_INITIALIZER(0x013a, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_DictionaryAttackParameters) + TPMA_CC_INITIALIZER(0x013A, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_NV_ChangeAuth) - TPMA_CC_INITIALIZER(0x013b, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_NV_ChangeAuth) + TPMA_CC_INITIALIZER(0x013B, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PCR_Event) - TPMA_CC_INITIALIZER(0x013c, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PCR_Event) + TPMA_CC_INITIALIZER(0x013C, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PCR_Reset) - TPMA_CC_INITIALIZER(0x013d, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PCR_Reset) + TPMA_CC_INITIALIZER(0x013D, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_SequenceComplete) - TPMA_CC_INITIALIZER(0x013e, 0, 0, 0, 1, 1, 0, 0, 0), +#if (PAD_LIST || CC_SequenceComplete) + TPMA_CC_INITIALIZER(0x013E, 0, 0, 0, 1, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_SetAlgorithmSet) - TPMA_CC_INITIALIZER(0x013f, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_SetAlgorithmSet) + TPMA_CC_INITIALIZER(0x013F, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_SetCommandCodeAuditStatus) - TPMA_CC_INITIALIZER(0x0140, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_SetCommandCodeAuditStatus) + TPMA_CC_INITIALIZER(0x0140, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_FieldUpgradeData) - TPMA_CC_INITIALIZER(0x0141, 0, 1, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_FieldUpgradeData) + TPMA_CC_INITIALIZER(0x0141, 0, 1, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_IncrementalSelfTest) - TPMA_CC_INITIALIZER(0x0142, 0, 1, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_IncrementalSelfTest) + TPMA_CC_INITIALIZER(0x0142, 0, 1, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_SelfTest) - TPMA_CC_INITIALIZER(0x0143, 0, 1, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_SelfTest) + TPMA_CC_INITIALIZER(0x0143, 0, 1, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_Startup) - TPMA_CC_INITIALIZER(0x0144, 0, 1, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_Startup) + TPMA_CC_INITIALIZER(0x0144, 0, 1, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_Shutdown) - TPMA_CC_INITIALIZER(0x0145, 0, 1, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_Shutdown) + TPMA_CC_INITIALIZER(0x0145, 0, 1, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_StirRandom) - TPMA_CC_INITIALIZER(0x0146, 0, 1, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_StirRandom) + TPMA_CC_INITIALIZER(0x0146, 0, 1, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_ActivateCredential) - TPMA_CC_INITIALIZER(0x0147, 0, 0, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_ActivateCredential) + TPMA_CC_INITIALIZER(0x0147, 0, 0, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_Certify) - TPMA_CC_INITIALIZER(0x0148, 0, 0, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_Certify) + TPMA_CC_INITIALIZER(0x0148, 0, 0, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyNV) - TPMA_CC_INITIALIZER(0x0149, 0, 0, 0, 0, 3, 0, 0, 0), +#if (PAD_LIST || CC_PolicyNV) + TPMA_CC_INITIALIZER(0x0149, 0, 0, 0, 0, 3, 0, 0, 0), #endif -#if (PAD_LIST || CC_CertifyCreation) - TPMA_CC_INITIALIZER(0x014a, 0, 0, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_CertifyCreation) + TPMA_CC_INITIALIZER(0x014A, 0, 0, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_Duplicate) - TPMA_CC_INITIALIZER(0x014b, 0, 0, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_Duplicate) + TPMA_CC_INITIALIZER(0x014B, 0, 0, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_GetTime) - TPMA_CC_INITIALIZER(0x014c, 0, 0, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_GetTime) + TPMA_CC_INITIALIZER(0x014C, 0, 0, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_GetSessionAuditDigest) - TPMA_CC_INITIALIZER(0x014d, 0, 0, 0, 0, 3, 0, 0, 0), +#if (PAD_LIST || CC_GetSessionAuditDigest) + TPMA_CC_INITIALIZER(0x014D, 0, 0, 0, 0, 3, 0, 0, 0), #endif -#if (PAD_LIST || CC_NV_Read) - TPMA_CC_INITIALIZER(0x014e, 0, 0, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_NV_Read) + TPMA_CC_INITIALIZER(0x014E, 0, 0, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_NV_ReadLock) - TPMA_CC_INITIALIZER(0x014f, 0, 1, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_NV_ReadLock) + TPMA_CC_INITIALIZER(0x014F, 0, 1, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_ObjectChangeAuth) - TPMA_CC_INITIALIZER(0x0150, 0, 0, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_ObjectChangeAuth) + TPMA_CC_INITIALIZER(0x0150, 0, 0, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicySecret) - TPMA_CC_INITIALIZER(0x0151, 0, 0, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_PolicySecret) + TPMA_CC_INITIALIZER(0x0151, 0, 0, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_Rewrap) - TPMA_CC_INITIALIZER(0x0152, 0, 0, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_Rewrap) + TPMA_CC_INITIALIZER(0x0152, 0, 0, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_Create) - TPMA_CC_INITIALIZER(0x0153, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_Create) + TPMA_CC_INITIALIZER(0x0153, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_ECDH_ZGen) - TPMA_CC_INITIALIZER(0x0154, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_ECDH_ZGen) + TPMA_CC_INITIALIZER(0x0154, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || (CC_HMAC || CC_MAC)) - TPMA_CC_INITIALIZER(0x0155, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || (CC_HMAC || CC_MAC)) + TPMA_CC_INITIALIZER(0x0155, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_Import) - TPMA_CC_INITIALIZER(0x0156, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_Import) + TPMA_CC_INITIALIZER(0x0156, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_Load) - TPMA_CC_INITIALIZER(0x0157, 0, 0, 0, 0, 1, 1, 0, 0), +#if (PAD_LIST || CC_Load) + TPMA_CC_INITIALIZER(0x0157, 0, 0, 0, 0, 1, 1, 0, 0), #endif -#if (PAD_LIST || CC_Quote) - TPMA_CC_INITIALIZER(0x0158, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_Quote) + TPMA_CC_INITIALIZER(0x0158, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_RSA_Decrypt) - TPMA_CC_INITIALIZER(0x0159, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_RSA_Decrypt) + TPMA_CC_INITIALIZER(0x0159, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x015a, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST) + TPMA_CC_INITIALIZER(0x015A, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) - TPMA_CC_INITIALIZER(0x015b, 0, 0, 0, 0, 1, 1, 0, 0), +#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) + TPMA_CC_INITIALIZER(0x015B, 0, 0, 0, 0, 1, 1, 0, 0), #endif -#if (PAD_LIST || CC_SequenceUpdate) - TPMA_CC_INITIALIZER(0x015c, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_SequenceUpdate) + TPMA_CC_INITIALIZER(0x015C, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_Sign) - TPMA_CC_INITIALIZER(0x015d, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_Sign) + TPMA_CC_INITIALIZER(0x015D, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_Unseal) - TPMA_CC_INITIALIZER(0x015e, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_Unseal) + TPMA_CC_INITIALIZER(0x015E, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x015f, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST) + TPMA_CC_INITIALIZER(0x015F, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicySigned) - TPMA_CC_INITIALIZER(0x0160, 0, 0, 0, 0, 2, 0, 0, 0), +#if (PAD_LIST || CC_PolicySigned) + TPMA_CC_INITIALIZER(0x0160, 0, 0, 0, 0, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_ContextLoad) - TPMA_CC_INITIALIZER(0x0161, 0, 0, 0, 0, 0, 1, 0, 0), +#if (PAD_LIST || CC_ContextLoad) + TPMA_CC_INITIALIZER(0x0161, 0, 0, 0, 0, 0, 1, 0, 0), #endif -#if (PAD_LIST || CC_ContextSave) - TPMA_CC_INITIALIZER(0x0162, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_ContextSave) + TPMA_CC_INITIALIZER(0x0162, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_ECDH_KeyGen) - TPMA_CC_INITIALIZER(0x0163, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_ECDH_KeyGen) + TPMA_CC_INITIALIZER(0x0163, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_EncryptDecrypt) - TPMA_CC_INITIALIZER(0x0164, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_EncryptDecrypt) + TPMA_CC_INITIALIZER(0x0164, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_FlushContext) - TPMA_CC_INITIALIZER(0x0165, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_FlushContext) + TPMA_CC_INITIALIZER(0x0165, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x0166, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST) + TPMA_CC_INITIALIZER(0x0166, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_LoadExternal) - TPMA_CC_INITIALIZER(0x0167, 0, 0, 0, 0, 0, 1, 0, 0), +#if (PAD_LIST || CC_LoadExternal) + TPMA_CC_INITIALIZER(0x0167, 0, 0, 0, 0, 0, 1, 0, 0), #endif -#if (PAD_LIST || CC_MakeCredential) - TPMA_CC_INITIALIZER(0x0168, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_MakeCredential) + TPMA_CC_INITIALIZER(0x0168, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_NV_ReadPublic) - TPMA_CC_INITIALIZER(0x0169, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_NV_ReadPublic) + TPMA_CC_INITIALIZER(0x0169, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyAuthorize) - TPMA_CC_INITIALIZER(0x016a, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyAuthorize) + TPMA_CC_INITIALIZER(0x016A, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyAuthValue) - TPMA_CC_INITIALIZER(0x016b, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyAuthValue) + TPMA_CC_INITIALIZER(0x016B, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyCommandCode) - TPMA_CC_INITIALIZER(0x016c, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyCommandCode) + TPMA_CC_INITIALIZER(0x016C, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyCounterTimer) - TPMA_CC_INITIALIZER(0x016d, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyCounterTimer) + TPMA_CC_INITIALIZER(0x016D, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyCpHash) - TPMA_CC_INITIALIZER(0x016e, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyCpHash) + TPMA_CC_INITIALIZER(0x016E, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyLocality) - TPMA_CC_INITIALIZER(0x016f, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyLocality) + TPMA_CC_INITIALIZER(0x016F, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyNameHash) - TPMA_CC_INITIALIZER(0x0170, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyNameHash) + TPMA_CC_INITIALIZER(0x0170, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyOR) - TPMA_CC_INITIALIZER(0x0171, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyOR) + TPMA_CC_INITIALIZER(0x0171, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyTicket) - TPMA_CC_INITIALIZER(0x0172, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyTicket) + TPMA_CC_INITIALIZER(0x0172, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_ReadPublic) - TPMA_CC_INITIALIZER(0x0173, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_ReadPublic) + TPMA_CC_INITIALIZER(0x0173, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_RSA_Encrypt) - TPMA_CC_INITIALIZER(0x0174, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_RSA_Encrypt) + TPMA_CC_INITIALIZER(0x0174, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST ) - TPMA_CC_INITIALIZER(0x0175, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST) + TPMA_CC_INITIALIZER(0x0175, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_StartAuthSession) - TPMA_CC_INITIALIZER(0x0176, 0, 0, 0, 0, 2, 1, 0, 0), +#if (PAD_LIST || CC_StartAuthSession) + TPMA_CC_INITIALIZER(0x0176, 0, 0, 0, 0, 2, 1, 0, 0), #endif -#if (PAD_LIST || CC_VerifySignature) - TPMA_CC_INITIALIZER(0x0177, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_VerifySignature) + TPMA_CC_INITIALIZER(0x0177, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_ECC_Parameters) - TPMA_CC_INITIALIZER(0x0178, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_ECC_Parameters) + TPMA_CC_INITIALIZER(0x0178, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_FirmwareRead) - TPMA_CC_INITIALIZER(0x0179, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_FirmwareRead) + TPMA_CC_INITIALIZER(0x0179, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_GetCapability) - TPMA_CC_INITIALIZER(0x017a, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_GetCapability) + TPMA_CC_INITIALIZER(0x017A, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_GetRandom) - TPMA_CC_INITIALIZER(0x017b, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_GetRandom) + TPMA_CC_INITIALIZER(0x017B, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_GetTestResult) - TPMA_CC_INITIALIZER(0x017c, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_GetTestResult) + TPMA_CC_INITIALIZER(0x017C, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_Hash) - TPMA_CC_INITIALIZER(0x017d, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_Hash) + TPMA_CC_INITIALIZER(0x017D, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_PCR_Read) - TPMA_CC_INITIALIZER(0x017e, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_PCR_Read) + TPMA_CC_INITIALIZER(0x017E, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyPCR) - TPMA_CC_INITIALIZER(0x017f, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyPCR) + TPMA_CC_INITIALIZER(0x017F, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyRestart) - TPMA_CC_INITIALIZER(0x0180, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyRestart) + TPMA_CC_INITIALIZER(0x0180, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_ReadClock) - TPMA_CC_INITIALIZER(0x0181, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_ReadClock) + TPMA_CC_INITIALIZER(0x0181, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_PCR_Extend) - TPMA_CC_INITIALIZER(0x0182, 0, 1, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PCR_Extend) + TPMA_CC_INITIALIZER(0x0182, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PCR_SetAuthValue) - TPMA_CC_INITIALIZER(0x0183, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PCR_SetAuthValue) + TPMA_CC_INITIALIZER(0x0183, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_NV_Certify) - TPMA_CC_INITIALIZER(0x0184, 0, 0, 0, 0, 3, 0, 0, 0), +#if (PAD_LIST || CC_NV_Certify) + TPMA_CC_INITIALIZER(0x0184, 0, 0, 0, 0, 3, 0, 0, 0), #endif -#if (PAD_LIST || CC_EventSequenceComplete) - TPMA_CC_INITIALIZER(0x0185, 0, 1, 0, 1, 2, 0, 0, 0), +#if (PAD_LIST || CC_EventSequenceComplete) + TPMA_CC_INITIALIZER(0x0185, 0, 1, 0, 1, 2, 0, 0, 0), #endif -#if (PAD_LIST || CC_HashSequenceStart) - TPMA_CC_INITIALIZER(0x0186, 0, 0, 0, 0, 0, 1, 0, 0), +#if (PAD_LIST || CC_HashSequenceStart) + TPMA_CC_INITIALIZER(0x0186, 0, 0, 0, 0, 0, 1, 0, 0), #endif -#if (PAD_LIST || CC_PolicyPhysicalPresence) - TPMA_CC_INITIALIZER(0x0187, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyPhysicalPresence) + TPMA_CC_INITIALIZER(0x0187, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyDuplicationSelect) - TPMA_CC_INITIALIZER(0x0188, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyDuplicationSelect) + TPMA_CC_INITIALIZER(0x0188, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyGetDigest) - TPMA_CC_INITIALIZER(0x0189, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyGetDigest) + TPMA_CC_INITIALIZER(0x0189, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_TestParms) - TPMA_CC_INITIALIZER(0x018a, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_TestParms) + TPMA_CC_INITIALIZER(0x018A, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_Commit) - TPMA_CC_INITIALIZER(0x018b, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_Commit) + TPMA_CC_INITIALIZER(0x018B, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyPassword) - TPMA_CC_INITIALIZER(0x018c, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyPassword) + TPMA_CC_INITIALIZER(0x018C, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_ZGen_2Phase) - TPMA_CC_INITIALIZER(0x018d, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_ZGen_2Phase) + TPMA_CC_INITIALIZER(0x018D, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_EC_Ephemeral) - TPMA_CC_INITIALIZER(0x018e, 0, 0, 0, 0, 0, 0, 0, 0), +#if (PAD_LIST || CC_EC_Ephemeral) + TPMA_CC_INITIALIZER(0x018E, 0, 0, 0, 0, 0, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyNvWritten) - TPMA_CC_INITIALIZER(0x018f, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyNvWritten) + TPMA_CC_INITIALIZER(0x018F, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_PolicyTemplate) - TPMA_CC_INITIALIZER(0x0190, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_PolicyTemplate) + TPMA_CC_INITIALIZER(0x0190, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_CreateLoaded) - TPMA_CC_INITIALIZER(0x0191, 0, 0, 0, 0, 1, 1, 0, 0), +#if (PAD_LIST || CC_CreateLoaded) + TPMA_CC_INITIALIZER(0x0191, 0, 0, 0, 0, 1, 1, 0, 0), #endif -#if (PAD_LIST || CC_PolicyAuthorizeNV) - TPMA_CC_INITIALIZER(0x0192, 0, 0, 0, 0, 3, 0, 0, 0), +#if (PAD_LIST || CC_PolicyAuthorizeNV) + TPMA_CC_INITIALIZER(0x0192, 0, 0, 0, 0, 3, 0, 0, 0), #endif -#if (PAD_LIST || CC_EncryptDecrypt2) - TPMA_CC_INITIALIZER(0x0193, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_EncryptDecrypt2) + TPMA_CC_INITIALIZER(0x0193, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_AC_GetCapability) - TPMA_CC_INITIALIZER(0x0194, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_AC_GetCapability) + TPMA_CC_INITIALIZER(0x0194, 0, 0, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_AC_Send) - TPMA_CC_INITIALIZER(0x0195, 0, 0, 0, 0, 3, 0, 0, 0), +#if (PAD_LIST || CC_AC_Send) + TPMA_CC_INITIALIZER(0x0195, 0, 0, 0, 0, 3, 0, 0, 0), #endif -#if (PAD_LIST || CC_Policy_AC_SendSelect) - TPMA_CC_INITIALIZER(0x0196, 0, 0, 0, 0, 1, 0, 0, 0), +#if (PAD_LIST || CC_Policy_AC_SendSelect) + TPMA_CC_INITIALIZER(0x0196, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_CertifyX509) - TPMA_CC_INITIALIZER(0x0197, 0, 0, 0, 0, 2, 0, 0, 0), + TPMA_CC_INITIALIZER(0x0197, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_ACT_SetTimeout) - TPMA_CC_INITIALIZER(0x0198, 0, 0, 0, 0, 1, 0, 0, 0), + TPMA_CC_INITIALIZER(0x0198, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_ECC_Encrypt) - TPMA_CC_INITIALIZER(0x0199, 0, 0, 0, 0, 1, 0, 0, 0), + TPMA_CC_INITIALIZER(0x0199, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_ECC_Decrypt) - TPMA_CC_INITIALIZER(0x019A, 0, 0, 0, 0, 1, 0, 0, 0), + TPMA_CC_INITIALIZER(0x019A, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyCapability) - TPMA_CC_INITIALIZER(0x019B, 0, 0, 0, 0, 1, 0, 0, 0), + TPMA_CC_INITIALIZER(0x019B, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyParameters) - TPMA_CC_INITIALIZER(0x019C, 0, 0, 0, 0, 1, 0, 0, 0), + TPMA_CC_INITIALIZER(0x019C, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_DefineSpace2) - TPMA_CC_INITIALIZER(0x019D, 0, 1, 0, 0, 1, 0, 0, 0), + TPMA_CC_INITIALIZER(0x019D, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_ReadPublic2) - TPMA_CC_INITIALIZER(0x019E, 0, 0, 0, 0, 1, 0, 0, 0), + TPMA_CC_INITIALIZER(0x019E, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_SetCapability) - TPMA_CC_INITIALIZER(0x019F, 0, 1, 0, 0, 1, 0, 0, 0), + TPMA_CC_INITIALIZER(0x019F, 0, 1, 0, 0, 1, 0, 0, 0), #endif -#if (PAD_LIST || CC_Vendor_TCG_Test) - TPMA_CC_INITIALIZER(0x0000, 0, 0, 0, 0, 0, 0, 1, 0), +#if (PAD_LIST || CC_Vendor_TCG_Test) + TPMA_CC_INITIALIZER(0x0000, 0, 0, 0, 0, 0, 0, 1, 0), #endif - - TPMA_ZERO_INITIALIZER() + TPMA_ZERO_INITIALIZER() }; -/* This is the command code attribute structure. */ +// This is the command code attribute structure. const COMMAND_ATTRIBUTES s_commandAttributes [] = { -#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) - (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpaceSpecial * // 0x011f - (IS_IMPLEMENTED+HANDLE_1_ADMIN+HANDLE_2_USER+PP_COMMAND)), +#if (PAD_LIST || CC_NV_UndefineSpaceSpecial) + (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpaceSpecial * // 0x011F + (IS_IMPLEMENTED+HANDLE_1_ADMIN+HANDLE_2_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_EvictControl) - (COMMAND_ATTRIBUTES)(CC_EvictControl * // 0x0120 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_EvictControl) + (COMMAND_ATTRIBUTES)(CC_EvictControl * // 0x0120 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_HierarchyControl) - (COMMAND_ATTRIBUTES)(CC_HierarchyControl * // 0x0121 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_HierarchyControl) + (COMMAND_ATTRIBUTES)(CC_HierarchyControl * // 0x0121 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_NV_UndefineSpace) - (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpace * // 0x0122 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_NV_UndefineSpace) + (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpace * // 0x0122 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x0123 +#if (PAD_LIST) + (COMMAND_ATTRIBUTES)(0), // 0x0123 #endif -#if (PAD_LIST || CC_ChangeEPS) - (COMMAND_ATTRIBUTES)(CC_ChangeEPS * // 0x0124 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_ChangeEPS) + (COMMAND_ATTRIBUTES)(CC_ChangeEPS * // 0x0124 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_ChangePPS) - (COMMAND_ATTRIBUTES)(CC_ChangePPS * // 0x0125 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_ChangePPS) + (COMMAND_ATTRIBUTES)(CC_ChangePPS * // 0x0125 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_Clear) - (COMMAND_ATTRIBUTES)(CC_Clear * // 0x0126 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_Clear) + (COMMAND_ATTRIBUTES)(CC_Clear * // 0x0126 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_ClearControl) - (COMMAND_ATTRIBUTES)(CC_ClearControl * // 0x0127 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_ClearControl) + (COMMAND_ATTRIBUTES)(CC_ClearControl * // 0x0127 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_ClockSet) - (COMMAND_ATTRIBUTES)(CC_ClockSet * // 0x0128 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_ClockSet) + (COMMAND_ATTRIBUTES)(CC_ClockSet * // 0x0128 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_HierarchyChangeAuth) - (COMMAND_ATTRIBUTES)(CC_HierarchyChangeAuth * // 0x0129 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_HierarchyChangeAuth) + (COMMAND_ATTRIBUTES)(CC_HierarchyChangeAuth * // 0x0129 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_NV_DefineSpace) - (COMMAND_ATTRIBUTES)(CC_NV_DefineSpace * // 0x012a - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_NV_DefineSpace) + (COMMAND_ATTRIBUTES)(CC_NV_DefineSpace * // 0x012A + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_PCR_Allocate) - (COMMAND_ATTRIBUTES)(CC_PCR_Allocate * // 0x012b - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_PCR_Allocate) + (COMMAND_ATTRIBUTES)(CC_PCR_Allocate * // 0x012B + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_PCR_SetAuthPolicy) - (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthPolicy * // 0x012c - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_PCR_SetAuthPolicy) + (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthPolicy * // 0x012C + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_PP_Commands) - (COMMAND_ATTRIBUTES)(CC_PP_Commands * // 0x012d - (IS_IMPLEMENTED+HANDLE_1_USER+PP_REQUIRED)), +#if (PAD_LIST || CC_PP_Commands) + (COMMAND_ATTRIBUTES)(CC_PP_Commands * // 0x012D + (IS_IMPLEMENTED+HANDLE_1_USER+PP_REQUIRED)), #endif -#if (PAD_LIST || CC_SetPrimaryPolicy) - (COMMAND_ATTRIBUTES)(CC_SetPrimaryPolicy * // 0x012e - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_SetPrimaryPolicy) + (COMMAND_ATTRIBUTES)(CC_SetPrimaryPolicy * // 0x012E + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_FieldUpgradeStart) - (COMMAND_ATTRIBUTES)(CC_FieldUpgradeStart * // 0x012f - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+PP_COMMAND)), +#if (PAD_LIST || CC_FieldUpgradeStart) + (COMMAND_ATTRIBUTES)(CC_FieldUpgradeStart * // 0x012F + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+PP_COMMAND)), #endif -#if (PAD_LIST || CC_ClockRateAdjust) - (COMMAND_ATTRIBUTES)(CC_ClockRateAdjust * // 0x0130 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_ClockRateAdjust) + (COMMAND_ATTRIBUTES)(CC_ClockRateAdjust * // 0x0130 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_CreatePrimary) - (COMMAND_ATTRIBUTES)(CC_CreatePrimary * // 0x0131 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), +#if (PAD_LIST || CC_CreatePrimary) + (COMMAND_ATTRIBUTES)(CC_CreatePrimary * // 0x0131 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), #endif -#if (PAD_LIST || CC_NV_GlobalWriteLock) - (COMMAND_ATTRIBUTES)(CC_NV_GlobalWriteLock * // 0x0132 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_NV_GlobalWriteLock) + (COMMAND_ATTRIBUTES)(CC_NV_GlobalWriteLock * // 0x0132 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_GetCommandAuditDigest) - (COMMAND_ATTRIBUTES)(CC_GetCommandAuditDigest * // 0x0133 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_GetCommandAuditDigest) + (COMMAND_ATTRIBUTES)(CC_GetCommandAuditDigest * // 0x0133 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_NV_Increment) - (COMMAND_ATTRIBUTES)(CC_NV_Increment * // 0x0134 - (IS_IMPLEMENTED+HANDLE_1_USER)), +#if (PAD_LIST || CC_NV_Increment) + (COMMAND_ATTRIBUTES)(CC_NV_Increment * // 0x0134 + (IS_IMPLEMENTED+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_NV_SetBits) - (COMMAND_ATTRIBUTES)(CC_NV_SetBits * // 0x0135 - (IS_IMPLEMENTED+HANDLE_1_USER)), +#if (PAD_LIST || CC_NV_SetBits) + (COMMAND_ATTRIBUTES)(CC_NV_SetBits * // 0x0135 + (IS_IMPLEMENTED+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_NV_Extend) - (COMMAND_ATTRIBUTES)(CC_NV_Extend * // 0x0136 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#if (PAD_LIST || CC_NV_Extend) + (COMMAND_ATTRIBUTES)(CC_NV_Extend * // 0x0136 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_NV_Write) - (COMMAND_ATTRIBUTES)(CC_NV_Write * // 0x0137 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#if (PAD_LIST || CC_NV_Write) + (COMMAND_ATTRIBUTES)(CC_NV_Write * // 0x0137 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_NV_WriteLock) - (COMMAND_ATTRIBUTES)(CC_NV_WriteLock * // 0x0138 - (IS_IMPLEMENTED+HANDLE_1_USER)), +#if (PAD_LIST || CC_NV_WriteLock) + (COMMAND_ATTRIBUTES)(CC_NV_WriteLock * // 0x0138 + (IS_IMPLEMENTED+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_DictionaryAttackLockReset) - (COMMAND_ATTRIBUTES)(CC_DictionaryAttackLockReset * // 0x0139 - (IS_IMPLEMENTED+HANDLE_1_USER)), +#if (PAD_LIST || CC_DictionaryAttackLockReset) + (COMMAND_ATTRIBUTES)(CC_DictionaryAttackLockReset * // 0x0139 + (IS_IMPLEMENTED+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_DictionaryAttackParameters) - (COMMAND_ATTRIBUTES)(CC_DictionaryAttackParameters * // 0x013a - (IS_IMPLEMENTED+HANDLE_1_USER)), +#if (PAD_LIST || CC_DictionaryAttackParameters) + (COMMAND_ATTRIBUTES)(CC_DictionaryAttackParameters * // 0x013A + (IS_IMPLEMENTED+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_NV_ChangeAuth) - (COMMAND_ATTRIBUTES)(CC_NV_ChangeAuth * // 0x013b - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN)), +#if (PAD_LIST || CC_NV_ChangeAuth) + (COMMAND_ATTRIBUTES)(CC_NV_ChangeAuth * // 0x013B + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN)), #endif -#if (PAD_LIST || CC_PCR_Event) - (COMMAND_ATTRIBUTES)(CC_PCR_Event * // 0x013c - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#if (PAD_LIST || CC_PCR_Event) + (COMMAND_ATTRIBUTES)(CC_PCR_Event * // 0x013C + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_PCR_Reset) - (COMMAND_ATTRIBUTES)(CC_PCR_Reset * // 0x013d - (IS_IMPLEMENTED+HANDLE_1_USER)), +#if (PAD_LIST || CC_PCR_Reset) + (COMMAND_ATTRIBUTES)(CC_PCR_Reset * // 0x013D + (IS_IMPLEMENTED+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_SequenceComplete) - (COMMAND_ATTRIBUTES)(CC_SequenceComplete * // 0x013e - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_SequenceComplete) + (COMMAND_ATTRIBUTES)(CC_SequenceComplete * // 0x013E + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_SetAlgorithmSet) - (COMMAND_ATTRIBUTES)(CC_SetAlgorithmSet * // 0x013f - (IS_IMPLEMENTED+HANDLE_1_USER)), +#if (PAD_LIST || CC_SetAlgorithmSet) + (COMMAND_ATTRIBUTES)(CC_SetAlgorithmSet * // 0x013F + (IS_IMPLEMENTED+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_SetCommandCodeAuditStatus) - (COMMAND_ATTRIBUTES)(CC_SetCommandCodeAuditStatus * // 0x0140 - (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), +#if (PAD_LIST || CC_SetCommandCodeAuditStatus) + (COMMAND_ATTRIBUTES)(CC_SetCommandCodeAuditStatus * // 0x0140 + (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif -#if (PAD_LIST || CC_FieldUpgradeData) - (COMMAND_ATTRIBUTES)(CC_FieldUpgradeData * // 0x0141 - (IS_IMPLEMENTED+DECRYPT_2)), +#if (PAD_LIST || CC_FieldUpgradeData) + (COMMAND_ATTRIBUTES)(CC_FieldUpgradeData * // 0x0141 + (IS_IMPLEMENTED+DECRYPT_2)), #endif -#if (PAD_LIST || CC_IncrementalSelfTest) - (COMMAND_ATTRIBUTES)(CC_IncrementalSelfTest * // 0x0142 - (IS_IMPLEMENTED)), +#if (PAD_LIST || CC_IncrementalSelfTest) + (COMMAND_ATTRIBUTES)(CC_IncrementalSelfTest * // 0x0142 + (IS_IMPLEMENTED)), #endif -#if (PAD_LIST || CC_SelfTest) - (COMMAND_ATTRIBUTES)(CC_SelfTest * // 0x0143 - (IS_IMPLEMENTED)), +#if (PAD_LIST || CC_SelfTest) + (COMMAND_ATTRIBUTES)(CC_SelfTest * // 0x0143 + (IS_IMPLEMENTED)), #endif -#if (PAD_LIST || CC_Startup) - (COMMAND_ATTRIBUTES)(CC_Startup * // 0x0144 - (IS_IMPLEMENTED+NO_SESSIONS)), +#if (PAD_LIST || CC_Startup) + (COMMAND_ATTRIBUTES)(CC_Startup * // 0x0144 + (IS_IMPLEMENTED+NO_SESSIONS)), #endif -#if (PAD_LIST || CC_Shutdown) - (COMMAND_ATTRIBUTES)(CC_Shutdown * // 0x0145 - (IS_IMPLEMENTED)), +#if (PAD_LIST || CC_Shutdown) + (COMMAND_ATTRIBUTES)(CC_Shutdown * // 0x0145 + (IS_IMPLEMENTED)), #endif -#if (PAD_LIST || CC_StirRandom) - (COMMAND_ATTRIBUTES)(CC_StirRandom * // 0x0146 - (IS_IMPLEMENTED+DECRYPT_2)), +#if (PAD_LIST || CC_StirRandom) + (COMMAND_ATTRIBUTES)(CC_StirRandom * // 0x0146 + (IS_IMPLEMENTED+DECRYPT_2)), #endif -#if (PAD_LIST || CC_ActivateCredential) - (COMMAND_ATTRIBUTES)(CC_ActivateCredential * // 0x0147 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_ActivateCredential) + (COMMAND_ATTRIBUTES)(CC_ActivateCredential * // 0x0147 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_Certify) - (COMMAND_ATTRIBUTES)(CC_Certify * // 0x0148 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_Certify) + (COMMAND_ATTRIBUTES)(CC_Certify * // 0x0148 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_PolicyNV) - (COMMAND_ATTRIBUTES)(CC_PolicyNV * // 0x0149 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyNV) + (COMMAND_ATTRIBUTES)(CC_PolicyNV * // 0x0149 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_CertifyCreation) - (COMMAND_ATTRIBUTES)(CC_CertifyCreation * // 0x014a - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_CertifyCreation) + (COMMAND_ATTRIBUTES)(CC_CertifyCreation * // 0x014A + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_Duplicate) - (COMMAND_ATTRIBUTES)(CC_Duplicate * // 0x014b - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+ENCRYPT_2)), +#if (PAD_LIST || CC_Duplicate) + (COMMAND_ATTRIBUTES)(CC_Duplicate * // 0x014B + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_GetTime) - (COMMAND_ATTRIBUTES)(CC_GetTime * // 0x014c - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_GetTime) + (COMMAND_ATTRIBUTES)(CC_GetTime * // 0x014C + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_GetSessionAuditDigest) - (COMMAND_ATTRIBUTES)(CC_GetSessionAuditDigest * // 0x014d - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_GetSessionAuditDigest) + (COMMAND_ATTRIBUTES)(CC_GetSessionAuditDigest * // 0x014D + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_NV_Read) - (COMMAND_ATTRIBUTES)(CC_NV_Read * // 0x014e - (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_NV_Read) + (COMMAND_ATTRIBUTES)(CC_NV_Read * // 0x014E + (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_NV_ReadLock) - (COMMAND_ATTRIBUTES)(CC_NV_ReadLock * // 0x014f - (IS_IMPLEMENTED+HANDLE_1_USER)), +#if (PAD_LIST || CC_NV_ReadLock) + (COMMAND_ATTRIBUTES)(CC_NV_ReadLock * // 0x014F + (IS_IMPLEMENTED+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_ObjectChangeAuth) - (COMMAND_ATTRIBUTES)(CC_ObjectChangeAuth * // 0x0150 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+ENCRYPT_2)), +#if (PAD_LIST || CC_ObjectChangeAuth) + (COMMAND_ATTRIBUTES)(CC_ObjectChangeAuth * // 0x0150 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_PolicySecret) - (COMMAND_ATTRIBUTES)(CC_PolicySecret * // 0x0151 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL+ENCRYPT_2)), +#if (PAD_LIST || CC_PolicySecret) + (COMMAND_ATTRIBUTES)(CC_PolicySecret * // 0x0151 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_Rewrap) - (COMMAND_ATTRIBUTES)(CC_Rewrap * // 0x0152 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_Rewrap) + (COMMAND_ATTRIBUTES)(CC_Rewrap * // 0x0152 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_Create) - (COMMAND_ATTRIBUTES)(CC_Create * // 0x0153 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_Create) + (COMMAND_ATTRIBUTES)(CC_Create * // 0x0153 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_ECDH_ZGen) - (COMMAND_ATTRIBUTES)(CC_ECDH_ZGen * // 0x0154 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_ECDH_ZGen) + (COMMAND_ATTRIBUTES)(CC_ECDH_ZGen * // 0x0154 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || (CC_HMAC || CC_MAC)) - (COMMAND_ATTRIBUTES)((CC_HMAC || CC_MAC) * // 0x0155 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || (CC_HMAC || CC_MAC)) + (COMMAND_ATTRIBUTES)((CC_HMAC || CC_MAC) * // 0x0155 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_Import) - (COMMAND_ATTRIBUTES)(CC_Import * // 0x0156 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_Import) + (COMMAND_ATTRIBUTES)(CC_Import * // 0x0156 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_Load) - (COMMAND_ATTRIBUTES)(CC_Load * // 0x0157 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2+R_HANDLE)), +#if (PAD_LIST || CC_Load) + (COMMAND_ATTRIBUTES)(CC_Load * // 0x0157 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2+R_HANDLE)), #endif -#if (PAD_LIST || CC_Quote) - (COMMAND_ATTRIBUTES)(CC_Quote * // 0x0158 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_Quote) + (COMMAND_ATTRIBUTES)(CC_Quote * // 0x0158 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_RSA_Decrypt) - (COMMAND_ATTRIBUTES)(CC_RSA_Decrypt * // 0x0159 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_RSA_Decrypt) + (COMMAND_ATTRIBUTES)(CC_RSA_Decrypt * // 0x0159 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x015a +#if (PAD_LIST) + (COMMAND_ATTRIBUTES)(0), // 0x015A #endif -#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) - (COMMAND_ATTRIBUTES)((CC_HMAC_Start || CC_MAC_Start) * // 0x015b - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+R_HANDLE)), +#if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) + (COMMAND_ATTRIBUTES)((CC_HMAC_Start || CC_MAC_Start) * // 0x015B + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+R_HANDLE)), #endif -#if (PAD_LIST || CC_SequenceUpdate) - (COMMAND_ATTRIBUTES)(CC_SequenceUpdate * // 0x015c - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#if (PAD_LIST || CC_SequenceUpdate) + (COMMAND_ATTRIBUTES)(CC_SequenceUpdate * // 0x015C + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_Sign) - (COMMAND_ATTRIBUTES)(CC_Sign * // 0x015d - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#if (PAD_LIST || CC_Sign) + (COMMAND_ATTRIBUTES)(CC_Sign * // 0x015D + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_Unseal) - (COMMAND_ATTRIBUTES)(CC_Unseal * // 0x015e - (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_Unseal) + (COMMAND_ATTRIBUTES)(CC_Unseal * // 0x015E + (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x015f +#if (PAD_LIST) + (COMMAND_ATTRIBUTES)(0), // 0x015F #endif -#if (PAD_LIST || CC_PolicySigned) - (COMMAND_ATTRIBUTES)(CC_PolicySigned * // 0x0160 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL+ENCRYPT_2)), +#if (PAD_LIST || CC_PolicySigned) + (COMMAND_ATTRIBUTES)(CC_PolicySigned * // 0x0160 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_ContextLoad) - (COMMAND_ATTRIBUTES)(CC_ContextLoad * // 0x0161 - (IS_IMPLEMENTED+NO_SESSIONS+R_HANDLE)), +#if (PAD_LIST || CC_ContextLoad) + (COMMAND_ATTRIBUTES)(CC_ContextLoad * // 0x0161 + (IS_IMPLEMENTED+NO_SESSIONS+R_HANDLE)), #endif -#if (PAD_LIST || CC_ContextSave) - (COMMAND_ATTRIBUTES)(CC_ContextSave * // 0x0162 - (IS_IMPLEMENTED+NO_SESSIONS)), +#if (PAD_LIST || CC_ContextSave) + (COMMAND_ATTRIBUTES)(CC_ContextSave * // 0x0162 + (IS_IMPLEMENTED+NO_SESSIONS)), #endif -#if (PAD_LIST || CC_ECDH_KeyGen) - (COMMAND_ATTRIBUTES)(CC_ECDH_KeyGen * // 0x0163 - (IS_IMPLEMENTED+ENCRYPT_2)), +#if (PAD_LIST || CC_ECDH_KeyGen) + (COMMAND_ATTRIBUTES)(CC_ECDH_KeyGen * // 0x0163 + (IS_IMPLEMENTED+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_EncryptDecrypt) - (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt * // 0x0164 - (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_EncryptDecrypt) + (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt * // 0x0164 + (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_FlushContext) - (COMMAND_ATTRIBUTES)(CC_FlushContext * // 0x0165 - (IS_IMPLEMENTED+NO_SESSIONS)), +#if (PAD_LIST || CC_FlushContext) + (COMMAND_ATTRIBUTES)(CC_FlushContext * // 0x0165 + (IS_IMPLEMENTED+NO_SESSIONS)), #endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x0166 +#if (PAD_LIST) + (COMMAND_ATTRIBUTES)(0), // 0x0166 #endif -#if (PAD_LIST || CC_LoadExternal) - (COMMAND_ATTRIBUTES)(CC_LoadExternal * // 0x0167 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), +#if (PAD_LIST || CC_LoadExternal) + (COMMAND_ATTRIBUTES)(CC_LoadExternal * // 0x0167 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), #endif -#if (PAD_LIST || CC_MakeCredential) - (COMMAND_ATTRIBUTES)(CC_MakeCredential * // 0x0168 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), +#if (PAD_LIST || CC_MakeCredential) + (COMMAND_ATTRIBUTES)(CC_MakeCredential * // 0x0168 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_NV_ReadPublic) - (COMMAND_ATTRIBUTES)(CC_NV_ReadPublic * // 0x0169 - (IS_IMPLEMENTED+ENCRYPT_2)), +#if (PAD_LIST || CC_NV_ReadPublic) + (COMMAND_ATTRIBUTES)(CC_NV_ReadPublic * // 0x0169 + (IS_IMPLEMENTED+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_PolicyAuthorize) - (COMMAND_ATTRIBUTES)(CC_PolicyAuthorize * // 0x016a - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyAuthorize) + (COMMAND_ATTRIBUTES)(CC_PolicyAuthorize * // 0x016A + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_PolicyAuthValue) - (COMMAND_ATTRIBUTES)(CC_PolicyAuthValue * // 0x016b - (IS_IMPLEMENTED+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyAuthValue) + (COMMAND_ATTRIBUTES)(CC_PolicyAuthValue * // 0x016B + (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_PolicyCommandCode) - (COMMAND_ATTRIBUTES)(CC_PolicyCommandCode * // 0x016c - (IS_IMPLEMENTED+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyCommandCode) + (COMMAND_ATTRIBUTES)(CC_PolicyCommandCode * // 0x016C + (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_PolicyCounterTimer) - (COMMAND_ATTRIBUTES)(CC_PolicyCounterTimer * // 0x016d - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyCounterTimer) + (COMMAND_ATTRIBUTES)(CC_PolicyCounterTimer * // 0x016D + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_PolicyCpHash) - (COMMAND_ATTRIBUTES)(CC_PolicyCpHash * // 0x016e - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyCpHash) + (COMMAND_ATTRIBUTES)(CC_PolicyCpHash * // 0x016E + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_PolicyLocality) - (COMMAND_ATTRIBUTES)(CC_PolicyLocality * // 0x016f - (IS_IMPLEMENTED+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyLocality) + (COMMAND_ATTRIBUTES)(CC_PolicyLocality * // 0x016F + (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_PolicyNameHash) - (COMMAND_ATTRIBUTES)(CC_PolicyNameHash * // 0x0170 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyNameHash) + (COMMAND_ATTRIBUTES)(CC_PolicyNameHash * // 0x0170 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_PolicyOR) - (COMMAND_ATTRIBUTES)(CC_PolicyOR * // 0x0171 - (IS_IMPLEMENTED+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyOR) + (COMMAND_ATTRIBUTES)(CC_PolicyOR * // 0x0171 + (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_PolicyTicket) - (COMMAND_ATTRIBUTES)(CC_PolicyTicket * // 0x0172 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyTicket) + (COMMAND_ATTRIBUTES)(CC_PolicyTicket * // 0x0172 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_ReadPublic) - (COMMAND_ATTRIBUTES)(CC_ReadPublic * // 0x0173 - (IS_IMPLEMENTED+ENCRYPT_2)), +#if (PAD_LIST || CC_ReadPublic) + (COMMAND_ATTRIBUTES)(CC_ReadPublic * // 0x0173 + (IS_IMPLEMENTED+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_RSA_Encrypt) - (COMMAND_ATTRIBUTES)(CC_RSA_Encrypt * // 0x0174 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), +#if (PAD_LIST || CC_RSA_Encrypt) + (COMMAND_ATTRIBUTES)(CC_RSA_Encrypt * // 0x0174 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif -#if (PAD_LIST ) - (COMMAND_ATTRIBUTES)(0), // 0x0175 +#if (PAD_LIST) + (COMMAND_ATTRIBUTES)(0), // 0x0175 #endif -#if (PAD_LIST || CC_StartAuthSession) - (COMMAND_ATTRIBUTES)(CC_StartAuthSession * // 0x0176 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), +#if (PAD_LIST || CC_StartAuthSession) + (COMMAND_ATTRIBUTES)(CC_StartAuthSession * // 0x0176 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), #endif -#if (PAD_LIST || CC_VerifySignature) - (COMMAND_ATTRIBUTES)(CC_VerifySignature * // 0x0177 - (IS_IMPLEMENTED+DECRYPT_2)), +#if (PAD_LIST || CC_VerifySignature) + (COMMAND_ATTRIBUTES)(CC_VerifySignature * // 0x0177 + (IS_IMPLEMENTED+DECRYPT_2)), #endif -#if (PAD_LIST || CC_ECC_Parameters) - (COMMAND_ATTRIBUTES)(CC_ECC_Parameters * // 0x0178 - (IS_IMPLEMENTED)), +#if (PAD_LIST || CC_ECC_Parameters) + (COMMAND_ATTRIBUTES)(CC_ECC_Parameters * // 0x0178 + (IS_IMPLEMENTED)), #endif -#if (PAD_LIST || CC_FirmwareRead) - (COMMAND_ATTRIBUTES)(CC_FirmwareRead * // 0x0179 - (IS_IMPLEMENTED+ENCRYPT_2)), +#if (PAD_LIST || CC_FirmwareRead) + (COMMAND_ATTRIBUTES)(CC_FirmwareRead * // 0x0179 + (IS_IMPLEMENTED+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_GetCapability) - (COMMAND_ATTRIBUTES)(CC_GetCapability * // 0x017a - (IS_IMPLEMENTED)), +#if (PAD_LIST || CC_GetCapability) + (COMMAND_ATTRIBUTES)(CC_GetCapability * // 0x017A + (IS_IMPLEMENTED)), #endif -#if (PAD_LIST || CC_GetRandom) - (COMMAND_ATTRIBUTES)(CC_GetRandom * // 0x017b - (IS_IMPLEMENTED+ENCRYPT_2)), +#if (PAD_LIST || CC_GetRandom) + (COMMAND_ATTRIBUTES)(CC_GetRandom * // 0x017B + (IS_IMPLEMENTED+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_GetTestResult) - (COMMAND_ATTRIBUTES)(CC_GetTestResult * // 0x017c - (IS_IMPLEMENTED+ENCRYPT_2)), +#if (PAD_LIST || CC_GetTestResult) + (COMMAND_ATTRIBUTES)(CC_GetTestResult * // 0x017C + (IS_IMPLEMENTED+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_Hash) - (COMMAND_ATTRIBUTES)(CC_Hash * // 0x017d - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), +#if (PAD_LIST || CC_Hash) + (COMMAND_ATTRIBUTES)(CC_Hash * // 0x017D + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_PCR_Read) - (COMMAND_ATTRIBUTES)(CC_PCR_Read * // 0x017e - (IS_IMPLEMENTED)), +#if (PAD_LIST || CC_PCR_Read) + (COMMAND_ATTRIBUTES)(CC_PCR_Read * // 0x017E + (IS_IMPLEMENTED)), #endif -#if (PAD_LIST || CC_PolicyPCR) - (COMMAND_ATTRIBUTES)(CC_PolicyPCR * // 0x017f - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyPCR) + (COMMAND_ATTRIBUTES)(CC_PolicyPCR * // 0x017F + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_PolicyRestart) - (COMMAND_ATTRIBUTES)(CC_PolicyRestart * // 0x0180 - (IS_IMPLEMENTED+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyRestart) + (COMMAND_ATTRIBUTES)(CC_PolicyRestart * // 0x0180 + (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_ReadClock) - (COMMAND_ATTRIBUTES)(CC_ReadClock * // 0x0181 - (IS_IMPLEMENTED)), +#if (PAD_LIST || CC_ReadClock) + (COMMAND_ATTRIBUTES)(CC_ReadClock * // 0x0181 + (IS_IMPLEMENTED)), #endif -#if (PAD_LIST || CC_PCR_Extend) - (COMMAND_ATTRIBUTES)(CC_PCR_Extend * // 0x0182 - (IS_IMPLEMENTED+HANDLE_1_USER)), +#if (PAD_LIST || CC_PCR_Extend) + (COMMAND_ATTRIBUTES)(CC_PCR_Extend * // 0x0182 + (IS_IMPLEMENTED+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_PCR_SetAuthValue) - (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthValue * // 0x0183 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), +#if (PAD_LIST || CC_PCR_SetAuthValue) + (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthValue * // 0x0183 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_NV_Certify) - (COMMAND_ATTRIBUTES)(CC_NV_Certify * // 0x0184 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_NV_Certify) + (COMMAND_ATTRIBUTES)(CC_NV_Certify * // 0x0184 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_EventSequenceComplete) - (COMMAND_ATTRIBUTES)(CC_EventSequenceComplete * // 0x0185 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER)), +#if (PAD_LIST || CC_EventSequenceComplete) + (COMMAND_ATTRIBUTES)(CC_EventSequenceComplete * // 0x0185 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER)), #endif -#if (PAD_LIST || CC_HashSequenceStart) - (COMMAND_ATTRIBUTES)(CC_HashSequenceStart * // 0x0186 - (IS_IMPLEMENTED+DECRYPT_2+R_HANDLE)), +#if (PAD_LIST || CC_HashSequenceStart) + (COMMAND_ATTRIBUTES)(CC_HashSequenceStart * // 0x0186 + (IS_IMPLEMENTED+DECRYPT_2+R_HANDLE)), #endif -#if (PAD_LIST || CC_PolicyPhysicalPresence) - (COMMAND_ATTRIBUTES)(CC_PolicyPhysicalPresence * // 0x0187 - (IS_IMPLEMENTED+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyPhysicalPresence) + (COMMAND_ATTRIBUTES)(CC_PolicyPhysicalPresence * // 0x0187 + (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_PolicyDuplicationSelect) - (COMMAND_ATTRIBUTES)(CC_PolicyDuplicationSelect * // 0x0188 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyDuplicationSelect) + (COMMAND_ATTRIBUTES)(CC_PolicyDuplicationSelect * // 0x0188 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_PolicyGetDigest) - (COMMAND_ATTRIBUTES)(CC_PolicyGetDigest * // 0x0189 - (IS_IMPLEMENTED+ALLOW_TRIAL+ENCRYPT_2)), +#if (PAD_LIST || CC_PolicyGetDigest) + (COMMAND_ATTRIBUTES)(CC_PolicyGetDigest * // 0x0189 + (IS_IMPLEMENTED+ALLOW_TRIAL+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_TestParms) - (COMMAND_ATTRIBUTES)(CC_TestParms * // 0x018a - (IS_IMPLEMENTED)), +#if (PAD_LIST || CC_TestParms) + (COMMAND_ATTRIBUTES)(CC_TestParms * // 0x018A + (IS_IMPLEMENTED)), #endif -#if (PAD_LIST || CC_Commit) - (COMMAND_ATTRIBUTES)(CC_Commit * // 0x018b - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_Commit) + (COMMAND_ATTRIBUTES)(CC_Commit * // 0x018B + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_PolicyPassword) - (COMMAND_ATTRIBUTES)(CC_PolicyPassword * // 0x018c - (IS_IMPLEMENTED+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyPassword) + (COMMAND_ATTRIBUTES)(CC_PolicyPassword * // 0x018C + (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_ZGen_2Phase) - (COMMAND_ATTRIBUTES)(CC_ZGen_2Phase * // 0x018d - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_ZGen_2Phase) + (COMMAND_ATTRIBUTES)(CC_ZGen_2Phase * // 0x018D + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_EC_Ephemeral) - (COMMAND_ATTRIBUTES)(CC_EC_Ephemeral * // 0x018e - (IS_IMPLEMENTED+ENCRYPT_2)), +#if (PAD_LIST || CC_EC_Ephemeral) + (COMMAND_ATTRIBUTES)(CC_EC_Ephemeral * // 0x018E + (IS_IMPLEMENTED+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_PolicyNvWritten) - (COMMAND_ATTRIBUTES)(CC_PolicyNvWritten * // 0x018f - (IS_IMPLEMENTED+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyNvWritten) + (COMMAND_ATTRIBUTES)(CC_PolicyNvWritten * // 0x018F + (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_PolicyTemplate) - (COMMAND_ATTRIBUTES)(CC_PolicyTemplate * // 0x0190 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyTemplate) + (COMMAND_ATTRIBUTES)(CC_PolicyTemplate * // 0x0190 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_CreateLoaded) - (COMMAND_ATTRIBUTES)(CC_CreateLoaded * // 0x0191 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), +#if (PAD_LIST || CC_CreateLoaded) + (COMMAND_ATTRIBUTES)(CC_CreateLoaded * // 0x0191 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), #endif -#if (PAD_LIST || CC_PolicyAuthorizeNV) - (COMMAND_ATTRIBUTES)(CC_PolicyAuthorizeNV * // 0x0192 - (IS_IMPLEMENTED+HANDLE_1_USER+ALLOW_TRIAL)), +#if (PAD_LIST || CC_PolicyAuthorizeNV) + (COMMAND_ATTRIBUTES)(CC_PolicyAuthorizeNV * // 0x0192 + (IS_IMPLEMENTED+HANDLE_1_USER+ALLOW_TRIAL)), #endif -#if (PAD_LIST || CC_EncryptDecrypt2) - (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt2 * // 0x0193 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), +#if (PAD_LIST || CC_EncryptDecrypt2) + (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt2 * // 0x0193 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif -#if (PAD_LIST || CC_AC_GetCapability) - (COMMAND_ATTRIBUTES)(CC_AC_GetCapability * // 0x0194 - (IS_IMPLEMENTED)), +#if (PAD_LIST || CC_AC_GetCapability) + (COMMAND_ATTRIBUTES)(CC_AC_GetCapability * // 0x0194 + (IS_IMPLEMENTED)), #endif -#if (PAD_LIST || CC_AC_Send) - (COMMAND_ATTRIBUTES)(CC_AC_Send * // 0x0195 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+HANDLE_2_USER)), +#if (PAD_LIST || CC_AC_Send) + (COMMAND_ATTRIBUTES)(CC_AC_Send * // 0x0195 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+HANDLE_2_USER)), #endif -#if (PAD_LIST || CC_Policy_AC_SendSelect) - (COMMAND_ATTRIBUTES)(CC_Policy_AC_SendSelect * // 0x0196 - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), +#if (PAD_LIST || CC_Policy_AC_SendSelect) + (COMMAND_ATTRIBUTES)(CC_Policy_AC_SendSelect * // 0x0196 + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_CertifyX509) - (COMMAND_ATTRIBUTES)(CC_CertifyX509 * // 0x0197 - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), + (COMMAND_ATTRIBUTES)(CC_CertifyX509 * // 0x0197 + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_ACT_SetTimeout) - (COMMAND_ATTRIBUTES)(CC_ACT_SetTimeout * // 0x0198 - (IS_IMPLEMENTED+HANDLE_1_USER)), + (COMMAND_ATTRIBUTES)(CC_ACT_SetTimeout * // 0x0198 + (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_ECC_Encrypt) - (COMMAND_ATTRIBUTES)(CC_ECC_Encrypt * // 0x0199 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), + (COMMAND_ATTRIBUTES)(CC_ECC_Encrypt * // 0x0199 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif #if (PAD_LIST || CC_ECC_Decrypt) - (COMMAND_ATTRIBUTES)(CC_ECC_Decrypt * // 0x019A - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), + (COMMAND_ATTRIBUTES)(CC_ECC_Decrypt * // 0x019A + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PolicyCapability) - (COMMAND_ATTRIBUTES)(CC_PolicyCapability * // 0x019B - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), + (COMMAND_ATTRIBUTES)(CC_PolicyCapability * // 0x019B + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyParameters) - (COMMAND_ATTRIBUTES)(CC_PolicyParameters * // 0x019C - (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), + (COMMAND_ATTRIBUTES)(CC_PolicyParameters * // 0x019C + (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_NV_DefineSpace2) - (COMMAND_ATTRIBUTES)(CC_NV_DefineSpace2 * // 0x019D - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), + (COMMAND_ATTRIBUTES)(CC_NV_DefineSpace2 * // 0x019D + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_NV_ReadPublic2) - (COMMAND_ATTRIBUTES)(CC_NV_ReadPublic2 * // 0x019E - (IS_IMPLEMENTED+ENCRYPT_2)), + (COMMAND_ATTRIBUTES)(CC_NV_ReadPublic2 * // 0x019E + (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_SetCapability) - (COMMAND_ATTRIBUTES)(CC_SetCapability * // 0x019F - (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), + (COMMAND_ATTRIBUTES)(CC_SetCapability * // 0x019F + (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif -#if (PAD_LIST || CC_Vendor_TCG_Test) - (COMMAND_ATTRIBUTES)(CC_Vendor_TCG_Test * // 0x0000 - (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), +#if (PAD_LIST || CC_Vendor_TCG_Test) + (COMMAND_ATTRIBUTES)(CC_Vendor_TCG_Test * // 0x0000 + (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif - - 0 + 0 }; -#endif // _COMMAND_CODE_ATTRIBUTES_ +#endif // _COMMAND_CODE_ATTRIBUTES_ diff --git a/src/tpm2/CommandAttributes.h b/src/tpm2/CommandAttributes.h index d7b6d677..71973a95 100644 --- a/src/tpm2/CommandAttributes.h +++ b/src/tpm2/CommandAttributes.h @@ -59,30 +59,36 @@ /* */ /********************************************************************************/ -#ifndef COMMANDATTRIBUTES_H -#define COMMANDATTRIBUTES_H +/*(Auto-generated) + * Created by TpmStructures; Version 4.4 Mar 26, 2019 + * Date: Aug 30, 2019 Time: 02:11:52PM + */ -/* 5.7 CommandAttributes.h */ -/* The attributes defined in this file are produced by the parser that creates the structure - definitions from Part 3. The attributes are defined in that parser and should track the - attributes being tested in CommandCodeAttributes.c. Generally, when an attribute is added to this - list, new code will be needed in CommandCodeAttributes.c to test it. */ +// The attributes defined in this file are produced by the parser that +// creates the structure definitions from Part 3. The attributes are defined +// in that parser and should track the attributes being tested in +// CommandCodeAttributes.c. Generally, when an attribute is added to this list, +// new code will be needed in CommandCodeAttributes.c to test it. -typedef UINT16 COMMAND_ATTRIBUTES; -#define NOT_IMPLEMENTED (COMMAND_ATTRIBUTES)(0) -#define ENCRYPT_2 ((COMMAND_ATTRIBUTES)1 << 0) -#define ENCRYPT_4 ((COMMAND_ATTRIBUTES)1 << 1) -#define DECRYPT_2 ((COMMAND_ATTRIBUTES)1 << 2) -#define DECRYPT_4 ((COMMAND_ATTRIBUTES)1 << 3) -#define HANDLE_1_USER ((COMMAND_ATTRIBUTES)1 << 4) -#define HANDLE_1_ADMIN ((COMMAND_ATTRIBUTES)1 << 5) -#define HANDLE_1_DUP ((COMMAND_ATTRIBUTES)1 << 6) -#define HANDLE_2_USER ((COMMAND_ATTRIBUTES)1 << 7) -#define PP_COMMAND ((COMMAND_ATTRIBUTES)1 << 8) -#define IS_IMPLEMENTED ((COMMAND_ATTRIBUTES)1 << 9) -#define NO_SESSIONS ((COMMAND_ATTRIBUTES)1 << 10) -#define NV_COMMAND ((COMMAND_ATTRIBUTES)1 << 11) -#define PP_REQUIRED ((COMMAND_ATTRIBUTES)1 << 12) -#define R_HANDLE ((COMMAND_ATTRIBUTES)1 << 13) -#define ALLOW_TRIAL ((COMMAND_ATTRIBUTES)1 << 14) -#endif // COMMAND_ATTRIBUTES_H +#ifndef COMMAND_ATTRIBUTES_H +#define COMMAND_ATTRIBUTES_H + +typedef UINT16 COMMAND_ATTRIBUTES; +#define NOT_IMPLEMENTED (COMMAND_ATTRIBUTES)(0) +#define ENCRYPT_2 ((COMMAND_ATTRIBUTES)1 << 0) +#define ENCRYPT_4 ((COMMAND_ATTRIBUTES)1 << 1) +#define DECRYPT_2 ((COMMAND_ATTRIBUTES)1 << 2) +#define DECRYPT_4 ((COMMAND_ATTRIBUTES)1 << 3) +#define HANDLE_1_USER ((COMMAND_ATTRIBUTES)1 << 4) +#define HANDLE_1_ADMIN ((COMMAND_ATTRIBUTES)1 << 5) +#define HANDLE_1_DUP ((COMMAND_ATTRIBUTES)1 << 6) +#define HANDLE_2_USER ((COMMAND_ATTRIBUTES)1 << 7) +#define PP_COMMAND ((COMMAND_ATTRIBUTES)1 << 8) +#define IS_IMPLEMENTED ((COMMAND_ATTRIBUTES)1 << 9) +#define NO_SESSIONS ((COMMAND_ATTRIBUTES)1 << 10) +#define NV_COMMAND ((COMMAND_ATTRIBUTES)1 << 11) +#define PP_REQUIRED ((COMMAND_ATTRIBUTES)1 << 12) +#define R_HANDLE ((COMMAND_ATTRIBUTES)1 << 13) +#define ALLOW_TRIAL ((COMMAND_ATTRIBUTES)1 << 14) + +#endif // COMMAND_ATTRIBUTES_H diff --git a/src/tpm2/CommandAudit.c b/src/tpm2/CommandAudit.c index ddc3dc71..c546dd11 100644 --- a/src/tpm2/CommandAudit.c +++ b/src/tpm2/CommandAudit.c @@ -100,13 +100,13 @@ void CommandAuditPreInstall_Init(void) //*** CommandAuditStartup() // This function clears the command audit digest on a TPM Reset. BOOL CommandAuditStartup(STARTUP_TYPE type // IN: start up type - ) +) { if((type != SU_RESTART) && (type != SU_RESUME)) - { - // Reset the digest size to initialize the digest - gr.commandAuditDigest.t.size = 0; - } + { + // Reset the digest size to initialize the digest + gr.commandAuditDigest.t.size = 0; + } return TRUE; } @@ -124,24 +124,24 @@ BOOL CommandAuditStartup(STARTUP_TYPE type // IN: start up type // TRUE(1) command code audit status was changed // FALSE(0) command code audit status was not changed BOOL CommandAuditSet(TPM_CC commandCode // IN: command code - ) +) { COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); // Only SET a bit if the corresponding command is implemented if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) - { - // Can't audit shutdown - if(commandCode != TPM_CC_Shutdown) - { - if(!TEST_BIT(commandIndex, gp.auditCommands)) - { - // Set bit - SET_BIT(commandIndex, gp.auditCommands); - return TRUE; - } - } - } + { + // Can't audit shutdown + if(commandCode != TPM_CC_Shutdown) + { + if(!TEST_BIT(commandIndex, gp.auditCommands)) + { + // Set bit + SET_BIT(commandIndex, gp.auditCommands); + return TRUE; + } + } + } // No change return FALSE; } @@ -158,25 +158,25 @@ BOOL CommandAuditSet(TPM_CC commandCode // IN: command code // TRUE(1) command code audit status was changed // FALSE(0) command code audit status was not changed BOOL CommandAuditClear(TPM_CC commandCode // IN: command code - ) +) { COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); // Do nothing if the command is not implemented if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) - { - // The bit associated with TPM_CC_SetCommandCodeAuditStatus() cannot be - // cleared - if(commandCode != TPM_CC_SetCommandCodeAuditStatus) - { - if(TEST_BIT(commandIndex, gp.auditCommands)) - { - // Clear bit - CLEAR_BIT(commandIndex, gp.auditCommands); - return TRUE; - } - } - } + { + // The bit associated with TPM_CC_SetCommandCodeAuditStatus() cannot be + // cleared + if(commandCode != TPM_CC_SetCommandCodeAuditStatus) + { + if(TEST_BIT(commandIndex, gp.auditCommands)) + { + // Clear bit + CLEAR_BIT(commandIndex, gp.auditCommands); + return TRUE; + } + } + } // No change return FALSE; } @@ -187,7 +187,7 @@ BOOL CommandAuditClear(TPM_CC commandCode // IN: command code // TRUE(1) command is audited // FALSE(0) command is not audited BOOL CommandAuditIsRequired(COMMAND_INDEX commandIndex // IN: command index - ) +) { // Check the bit map. If the bit is SET, command audit is required return (TEST_BIT(commandIndex, gp.auditCommands)); @@ -202,9 +202,9 @@ BOOL CommandAuditIsRequired(COMMAND_INDEX commandIndex // IN: command index // NO all the available command code has been returned TPMI_YES_NO CommandAuditCapGetCCList(TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: count of returned TPM_CC - TPML_CC* commandList // OUT: list of TPM_CC - ) + UINT32 count, // IN: count of returned TPM_CC + TPML_CC* commandList // OUT: list of TPM_CC +) { TPMI_YES_NO more = NO; COMMAND_INDEX commandIndex; @@ -214,37 +214,37 @@ CommandAuditCapGetCCList(TPM_CC commandCode, // IN: start command code // The maximum count of command we may return is MAX_CAP_CC if(count > MAX_CAP_CC) - count = MAX_CAP_CC; + count = MAX_CAP_CC; // Find the implemented command that has a command code that is the same or // higher than the input // Collect audit commands for(commandIndex = GetClosestCommandIndex(commandCode); - commandIndex != UNIMPLEMENTED_COMMAND_INDEX; - commandIndex = GetNextCommandIndex(commandIndex)) - { - if(CommandAuditIsRequired(commandIndex)) - { - if(commandList->count < count) - { - // If we have not filled up the return list, add this command - // code to its - TPM_CC cc = - GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex); - if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) - cc += (1 << 29); - commandList->commandCodes[commandList->count] = cc; - commandList->count++; - } - else - { - // If the return list is full but we still have command - // available, report this and stop iterating - more = YES; - break; - } - } - } + commandIndex != UNIMPLEMENTED_COMMAND_INDEX; + commandIndex = GetNextCommandIndex(commandIndex)) + { + if(CommandAuditIsRequired(commandIndex)) + { + if(commandList->count < count) + { + // If we have not filled up the return list, add this command + // code to its + TPM_CC cc = + GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex); + if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) + cc += (1 << 29); + commandList->commandCodes[commandList->count] = cc; + commandList->count++; + } + else + { + // If the return list is full but we still have command + // available, report this and stop iterating + more = YES; + break; + } + } + } return more; } @@ -255,9 +255,9 @@ BOOL CommandAuditCapGetOneCC(TPM_CC commandCode) // IN: command code { COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) - { - return CommandAuditIsRequired(commandIndex); - } + { + return CommandAuditIsRequired(commandIndex); + } return FALSE; } @@ -267,7 +267,7 @@ BOOL CommandAuditCapGetOneCC(TPM_CC commandCode) // IN: command code // added to a hash. This operates as if all the audited command codes were // concatenated and then hashed. void CommandAuditGetDigest(TPM2B_DIGEST* digest // OUT: command digest - ) +) { TPM_CC commandCode; COMMAND_INDEX commandIndex; @@ -278,13 +278,13 @@ void CommandAuditGetDigest(TPM2B_DIGEST* digest // OUT: command digest // Add command code for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++) - { - if(CommandAuditIsRequired(commandIndex)) - { - commandCode = GetCommandCode(commandIndex); - CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); - } - } + { + if(CommandAuditIsRequired(commandIndex)) + { + commandCode = GetCommandCode(commandIndex); + CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); + } + } // Complete hash CryptHashEnd2B(&hashState, &digest->b); diff --git a/src/tpm2/CommandAudit_fp.h b/src/tpm2/CommandAudit_fp.h index fe69c45e..ed6dd60c 100644 --- a/src/tpm2/CommandAudit_fp.h +++ b/src/tpm2/CommandAudit_fp.h @@ -58,41 +58,91 @@ /* */ /********************************************************************************/ -#ifndef COMMANDAUDIT_FP_H -#define COMMANDAUDIT_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 04:23:27PM + */ -void -CommandAuditPreInstall_Init( - void - ); -BOOL -CommandAuditStartup( - STARTUP_TYPE type // IN: start up type - ); -BOOL -CommandAuditSet( - TPM_CC commandCode // IN: command code - ); -BOOL -CommandAuditClear( - TPM_CC commandCode // IN: command code - ); -BOOL -CommandAuditIsRequired( - COMMAND_INDEX commandIndex // IN: command index - ); +#ifndef _COMMAND_AUDIT_FP_H_ +#define _COMMAND_AUDIT_FP_H_ + +//*** CommandAuditPreInstall_Init() +// This function initializes the command audit list. This function simulates +// the behavior of manufacturing. A function is used instead of a structure +// definition because this is easier than figuring out the initialization value +// for a bit array. +// +// This function would not be implemented outside of a manufacturing or +// simulation environment. +void CommandAuditPreInstall_Init(void); + +//*** CommandAuditStartup() +// This function clears the command audit digest on a TPM Reset. +BOOL CommandAuditStartup(STARTUP_TYPE type // IN: start up type +); + +//*** CommandAuditSet() +// This function will SET the audit flag for a command. This function +// will not SET the audit flag for a command that is not implemented. This +// ensures that the audit status is not SET when TPM2_GetCapability() is +// used to read the list of audited commands. +// +// This function is only used by TPM2_SetCommandCodeAuditStatus(). +// +// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the +// changes to be saved to NV after it is setting and clearing bits. +// Return Type: BOOL +// TRUE(1) command code audit status was changed +// FALSE(0) command code audit status was not changed +BOOL CommandAuditSet(TPM_CC commandCode // IN: command code +); + +//*** CommandAuditClear() +// This function will CLEAR the audit flag for a command. It will not CLEAR the +// audit flag for TPM_CC_SetCommandCodeAuditStatus(). +// +// This function is only used by TPM2_SetCommandCodeAuditStatus(). +// +// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the +// changes to be saved to NV after it is setting and clearing bits. +// Return Type: BOOL +// TRUE(1) command code audit status was changed +// FALSE(0) command code audit status was not changed +BOOL CommandAuditClear(TPM_CC commandCode // IN: command code +); + +//*** CommandAuditIsRequired() +// This function indicates if the audit flag is SET for a command. +// Return Type: BOOL +// TRUE(1) command is audited +// FALSE(0) command is not audited +BOOL CommandAuditIsRequired(COMMAND_INDEX commandIndex // IN: command index +); + +//*** CommandAuditCapGetCCList() +// This function returns a list of commands that have their audit bit SET. +// +// The list starts at the input commandCode. +// Return Type: TPMI_YES_NO +// YES if there are more command code available +// NO all the available command code has been returned TPMI_YES_NO -CommandAuditCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: count of returned TPM_CC - TPML_CC *commandList // OUT: list of TPM_CC - ); +CommandAuditCapGetCCList(TPM_CC commandCode, // IN: start command code + UINT32 count, // IN: count of returned TPM_CC + TPML_CC* commandList // OUT: list of TPM_CC +); + +//*** CommandAuditCapGetOneCC() +// This function returns true if a command has its audit bit set. BOOL CommandAuditCapGetOneCC(TPM_CC commandCode // IN: command code - ); -void -CommandAuditGetDigest( - TPM2B_DIGEST *digest // OUT: command digest - ); +); +//*** CommandAuditGetDigest +// This command is used to create a digest of the commands being audited. The +// commands are processed in ascending numeric order with a list of TPM_CC being +// added to a hash. This operates as if all the audited command codes were +// concatenated and then hashed. +void CommandAuditGetDigest(TPM2B_DIGEST* digest // OUT: command digest +); -#endif +#endif // _COMMAND_AUDIT_FP_H_ diff --git a/src/tpm2/CommandCodeAttributes.c b/src/tpm2/CommandCodeAttributes.c index 24e786df..fbba01f6 100644 --- a/src/tpm2/CommandCodeAttributes.c +++ b/src/tpm2/CommandCodeAttributes.c @@ -58,532 +58,534 @@ /* */ /********************************************************************************/ -/* 9.3 CommandCodeAttributes.c */ -/* 9.3.1 Introduction */ -/* This file contains the functions for testing various command properties. */ -/* 9.3.2 Includes and Defines */ +//** Introduction +// This file contains the functions for testing various command properties. + +//** Includes and Defines + #include "Tpm.h" #include "CommandCodeAttributes_fp.h" -/* Set the default value for CC_VEND if not already set */ -#ifndef CC_VEND -#define CC_VEND (TPM_CC)(0x20000000) -#endif -typedef UINT16 ATTRIBUTE_TYPE; -/* The following file is produced from the command tables in part 3 of the specification. It defines - the attributes for each of the commands. */ -/* NOTE: This file is currently produced by an automated process. Files produced from Part 2 or Part - 3 tables through automated processes are not included in the specification so that there is no - ambiguity about the table containing the information being the normative definition. */ -#define _COMMAND_CODE_ATTRIBUTES_ -#include "CommandAttributeData.h" -/* 9.3.3 Command Attribute Functions */ -/* 9.3.3.1 NextImplementedIndex() */ -/* This function is used when the lists are not compressed. In a compressed list, only the - implemented commands are present. So, a search might find a value but that value may not be - implemented. This function checks to see if the input commandIndex points to an implemented - command and, if not, it searches upwards until it finds one. When the list is compressed, this - function gets defined as a no-op. */ -/* Return Value Meaning */ -/* UNIMPLEMENTED_COMMAND_INDEX command is not implemented */ -/* other index of the command */ +// Set the default value for CC_VEND if not already set +#ifndef CC_VEND +# define CC_VEND (TPM_CC)(0x20000000) +#endif + +typedef UINT16 ATTRIBUTE_TYPE; + +// The following file is produced from the command tables in part 3 of the +// specification. It defines the attributes for each of the commands. +// NOTE: This file is currently produced by an automated process. Files +// produced from Part 2 or Part 3 tables through automated processes are not +// included in the specification so that their is no ambiguity about the +// table containing the information being the normative definition. +#define _COMMAND_CODE_ATTRIBUTES_ +#include "CommandAttributeData.h" + +//** Command Attribute Functions + +//*** NextImplementedIndex() +// This function is used when the lists are not compressed. In a compressed list, +// only the implemented commands are present. So, a search might find a value +// but that value may not be implemented. This function checks to see if the input +// commandIndex points to an implemented command and, if not, it searches upwards +// until it finds one. When the list is compressed, this function gets defined +// as a no-op. +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX command is not implemented +// other index of the command #if !COMPRESSED_LISTS -static COMMAND_INDEX -NextImplementedIndex( - COMMAND_INDEX commandIndex - ) +static COMMAND_INDEX NextImplementedIndex(COMMAND_INDEX commandIndex) { - for(;commandIndex < COMMAND_COUNT; commandIndex++) - { - if((s_commandAttributes[commandIndex] & IS_IMPLEMENTED) && // libtpms changed - RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added begin - GET_ATTRIBUTE(s_ccAttr[commandIndex], - TPMA_CC, commandIndex)))// libtpms added end - return commandIndex; - } + for(; commandIndex < COMMAND_COUNT; commandIndex++) + { + if((s_commandAttributes[commandIndex] & IS_IMPLEMENTED) && // libtpms changed + RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added begin + GET_ATTRIBUTE(s_ccAttr[commandIndex], + TPMA_CC, commandIndex))) // libtpms added end + return commandIndex; + } return UNIMPLEMENTED_COMMAND_INDEX; } #else -#define NextImplementedIndex(x) (x) +# define NextImplementedIndex(x) (x) #endif -/* 9.3.3.2 GetClosestCommandIndex() */ -/* This function returns the command index for the command with a value that is equal to or greater - than the input value */ -/* Return Value Meaning */ -/* UNIMPLEMENTED_COMMAND_INDEX command is not implemented */ -/* other index of the command */ +//*** GetClosestCommandIndex() +// This function returns the command index for the command with a value that is +// equal to or greater than the input value +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX command is not implemented +// other index of a command COMMAND_INDEX -GetClosestCommandIndex( - TPM_CC commandCode // IN: the command code to start at - ) +GetClosestCommandIndex(TPM_CC commandCode // IN: the command code to start at +) { - BOOL vendor = (commandCode & CC_VEND) != 0; - COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; + BOOL vendor = (commandCode & CC_VEND) != 0; + COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; + // The commandCode is a UINT32 and the search index is UINT16. We are going to // search for a match but need to make sure that the commandCode value is not // out of range. To do this, need to clear the vendor bit of the commandCode // (if set) and compare the result to the 16-bit searchIndex value. If it is // out of range, indicate that the command is not implemented if((commandCode & ~CC_VEND) != searchIndex) - return UNIMPLEMENTED_COMMAND_INDEX; + return UNIMPLEMENTED_COMMAND_INDEX; + // if there is at least one vendor command, the last entry in the array will // have the v bit set. If the input commandCode is larger than the last // vendor-command, then it is out of range. if(vendor) - { + { #if VENDOR_COMMAND_ARRAY_SIZE > 0 - COMMAND_INDEX commandIndex; - COMMAND_INDEX min; - COMMAND_INDEX max; - int diff; -#if LIBRARY_COMMAND_ARRAY_SIZE == COMMAND_COUNT -#error "Constants are not consistent." -#endif - // Check to see if the value is equal to or below the minimum - // entry. - // Note: Put this check first so that the typical case of only one vendor- - // specific command doesn't waste any more time. - if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE], TPMA_CC, - commandIndex) >= searchIndex) - { - // the vendor array is always assumed to be packed so there is - // no need to check to see if the command is implemented - return LIBRARY_COMMAND_ARRAY_SIZE; - } - // See if this is out of range on the top - if(GET_ATTRIBUTE(s_ccAttr[COMMAND_COUNT - 1], TPMA_CC, commandIndex) - < searchIndex) - { - return UNIMPLEMENTED_COMMAND_INDEX; - } - commandIndex = UNIMPLEMENTED_COMMAND_INDEX; // Needs initialization to keep - // compiler happy - min = LIBRARY_COMMAND_ARRAY_SIZE; // first vendor command - max = COMMAND_COUNT - 1; // last vendor command - diff = 1; // needs initialization to keep - // compiler happy - while(min <= max) - { - commandIndex = (min + max + 1) / 2; - diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) - - searchIndex; - if(diff == 0) - return commandIndex; - if(diff > 0) - max = commandIndex - 1; - else - min = commandIndex + 1; - } - // didn't find and exact match. commandIndex will be pointing at the last - // item tested. If 'diff' is positive, then the last item tested was - // larger index of the command code so it is the smallest value - // larger than the requested value. - if(diff > 0) - return commandIndex; - // if 'diff' is negative, then the value tested was smaller than - // the commandCode index and the next higher value is the correct one. - // Note: this will necessarily be in range because of the earlier check - // that the index was within range. - return commandIndex + 1; + COMMAND_INDEX commandIndex; + COMMAND_INDEX min; + COMMAND_INDEX max; + int diff; +# if LIBRARY_COMMAND_ARRAY_SIZE == COMMAND_COUNT +# error "Constants are not consistent." +# endif + // Check to see if the value is equal to or below the minimum + // entry. + // Note: Put this check first so that the typical case of only one vendor- + // specific command doesn't waste any more time. + if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE], TPMA_CC, commandIndex) + >= searchIndex) + { + // the vendor array is always assumed to be packed so there is + // no need to check to see if the command is implemented + return LIBRARY_COMMAND_ARRAY_SIZE; + } + // See if this is out of range on the top + if(GET_ATTRIBUTE(s_ccAttr[COMMAND_COUNT - 1], TPMA_CC, commandIndex) + < searchIndex) + { + return UNIMPLEMENTED_COMMAND_INDEX; + } + commandIndex = UNIMPLEMENTED_COMMAND_INDEX; // Needs initialization to keep + // compiler happy + min = LIBRARY_COMMAND_ARRAY_SIZE; // first vendor command + max = COMMAND_COUNT - 1; // last vendor command + diff = 1; // needs initialization to keep + // compiler happy + while(min <= max) + { + commandIndex = (min + max + 1) / 2; + diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) + - searchIndex; + if(diff == 0) + return commandIndex; + if(diff > 0) + max = commandIndex - 1; + else + min = commandIndex + 1; + } + // didn't find and exact match. commandIndex will be pointing at the last + // item tested. If 'diff' is positive, then the last item tested was + // larger index of the command code so it is the smallest value + // larger than the requested value. + if(diff > 0) + return commandIndex; + // if 'diff' is negative, then the value tested was smaller than + // the commandCode index and the next higher value is the correct one. + // Note: this will necessarily be in range because of the earlier check + // that the index was within range. + return commandIndex + 1; #else - // If there are no vendor commands so anything with the vendor bit set is out - // of range - return UNIMPLEMENTED_COMMAND_INDEX; + // If there are no vendor commands so anything with the vendor bit set is out + // of range + return UNIMPLEMENTED_COMMAND_INDEX; #endif - } + } // Get here if the V-Bit was not set in 'commandCode' - if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE - 1], TPMA_CC, - commandIndex) < searchIndex) - { - // requested index is out of the range to the top + + if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE - 1], TPMA_CC, commandIndex) + < searchIndex) + { + // requested index is out of the range to the top #if VENDOR_COMMAND_ARRAY_SIZE > 0 - // If there are vendor commands, then the first vendor command - // is the next value greater than the commandCode. - // NOTE: we got here if the starting index did not have the V bit but we - // reached the end of the array of library commands (non-vendor). Since - // there is at least one vendor command, and vendor commands are always - // in a compressed list that starts after the library list, the next - // index value contains a valid vendor command. - return LIBRARY_COMMAND_ARRAY_SIZE; + // If there are vendor commands, then the first vendor command + // is the next value greater than the commandCode. + // NOTE: we got here if the starting index did not have the V bit but we + // reached the end of the array of library commands (non-vendor). Since + // there is at least one vendor command, and vendor commands are always + // in a compressed list that starts after the library list, the next + // index value contains a valid vendor command. + return LIBRARY_COMMAND_ARRAY_SIZE; #else - // if there are no vendor commands, then this is out of range - return UNIMPLEMENTED_COMMAND_INDEX; + // if there are no vendor commands, then this is out of range + return UNIMPLEMENTED_COMMAND_INDEX; #endif - } + } // If the request is lower than any value in the array, then return // the lowest value (needs to be an index for an implemented command if(GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex) >= searchIndex) - { - return NextImplementedIndex(0); - } + { + return NextImplementedIndex(0); + } else - { + { #if COMPRESSED_LISTS - COMMAND_INDEX commandIndex = UNIMPLEMENTED_COMMAND_INDEX; - COMMAND_INDEX min = 0; - COMMAND_INDEX max = LIBRARY_COMMAND_ARRAY_SIZE - 1; - int diff = 1; -#if LIBRARY_COMMAND_ARRAY_SIZE == 0 -#error "Something is terribly wrong" -#endif - // The s_ccAttr array contains an extra entry at the end (a zero value). - // Don't count this as an array entry. This means that max should start - // out pointing to the last valid entry in the array which is - 2 - pAssert(max == (sizeof(s_ccAttr) / sizeof(TPMA_CC) - - VENDOR_COMMAND_ARRAY_SIZE - 2)); - while(min <= max) - { - commandIndex = (min + max + 1) / 2; - diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, - commandIndex) - searchIndex; - if(diff == 0) - return commandIndex; - if(diff > 0) - max = commandIndex - 1; - else - min = commandIndex + 1; - } - // didn't find and exact match. commandIndex will be pointing at the - // last item tested. If diff is positive, then the last item tested was - // larger index of the command code so it is the smallest value - // larger than the requested value. - if(diff > 0) - return commandIndex; - // if diff is negative, then the value tested was smaller than - // the commandCode index and the next higher value is the correct one. - // Note: this will necessarily be in range because of the earlier check - // that the index was within range. - return commandIndex + 1; + COMMAND_INDEX commandIndex = UNIMPLEMENTED_COMMAND_INDEX; + COMMAND_INDEX min = 0; + COMMAND_INDEX max = LIBRARY_COMMAND_ARRAY_SIZE - 1; + int diff = 1; +# if LIBRARY_COMMAND_ARRAY_SIZE == 0 +# error "Something is terribly wrong" +# endif + // The s_ccAttr array contains an extra entry at the end (a zero value). + // Don't count this as an array entry. This means that max should start + // out pointing to the last valid entry in the array which is - 2 + pAssert( + max + == (sizeof(s_ccAttr) / sizeof(TPMA_CC) - VENDOR_COMMAND_ARRAY_SIZE - 2)); + while(min <= max) + { + commandIndex = (min + max + 1) / 2; + diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) + - searchIndex; + if(diff == 0) + return commandIndex; + if(diff > 0) + max = commandIndex - 1; + else + min = commandIndex + 1; + } + // didn't find and exact match. commandIndex will be pointing at the + // last item tested. If diff is positive, then the last item tested was + // larger index of the command code so it is the smallest value + // larger than the requested value. + if(diff > 0) + return commandIndex; + // if diff is negative, then the value tested was smaller than + // the commandCode index and the next higher value is the correct one. + // Note: this will necessarily be in range because of the earlier check + // that the index was within range. + return commandIndex + 1; #else - // The list is not compressed so offset into the array by the command - // code value of the first entry in the list. Then go find the first - // implemented command. - return NextImplementedIndex(searchIndex - - (COMMAND_INDEX)GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex)); // libtpms changed + // The list is not compressed so offset into the array by the command + // code value of the first entry in the list. Then go find the first + // implemented command. + return NextImplementedIndex( + searchIndex - (COMMAND_INDEX)GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex)); // libtpms changed #endif - } + } } -/* 9.3.3.3 CommandCodeToComandIndex() */ -/* This function returns the index in the various attributes arrays of the command. */ -/* Return Values Meaning */ -/* UNIMPLEMENTED_COMMAND_INDEX command is not implemented */ -/* other index of the command */ + +//*** CommandCodeToComandIndex() +// This function returns the index in the various attributes arrays of the +// command. +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX command is not implemented +// other index of the command COMMAND_INDEX -CommandCodeToCommandIndex( - TPM_CC commandCode // IN: the command code to look up - ) +CommandCodeToCommandIndex(TPM_CC commandCode // IN: the command code to look up +) { // Extract the low 16-bits of the command code to get the starting search index - COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; - BOOL vendor = (commandCode & CC_VEND) != 0; - COMMAND_INDEX commandIndex; + COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; + BOOL vendor = (commandCode & CC_VEND) != 0; + COMMAND_INDEX commandIndex; #if !COMPRESSED_LISTS if(!vendor) - { - commandIndex = searchIndex - (COMMAND_INDEX)GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex); // libtpms changed - // Check for out of range or unimplemented. - // Note, since a COMMAND_INDEX is unsigned, if searchIndex is smaller than - // the lowest value of command, it will become a 'negative' number making - // it look like a large unsigned number, this will cause it to fail - // the unsigned check below. - if(commandIndex >= LIBRARY_COMMAND_ARRAY_SIZE - || (s_commandAttributes[commandIndex] & IS_IMPLEMENTED) == 0 - || !RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands,// libtpms added - commandCode)) // libtpms added - return UNIMPLEMENTED_COMMAND_INDEX; - return commandIndex; - } + { + commandIndex = searchIndex - (COMMAND_INDEX)GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex); // libtpms changed + // Check for out of range or unimplemented. + // Note, since a COMMAND_INDEX is unsigned, if searchIndex is smaller than + // the lowest value of command, it will become a 'negative' number making + // it look like a large unsigned number, this will cause it to fail + // the unsigned check below. + if(commandIndex >= LIBRARY_COMMAND_ARRAY_SIZE + || (s_commandAttributes[commandIndex] & IS_IMPLEMENTED) == 0 + || !RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added + commandCode)) // libtpms added + return UNIMPLEMENTED_COMMAND_INDEX; + return commandIndex; + } #endif // Need this code for any vendor code lookup or for compressed lists commandIndex = GetClosestCommandIndex(commandCode); + // Look at the returned value from get closest. If it isn't the one that was // requested, then the command is not implemented. // libtpms: Or it may be runtime-disabled if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) - { - if((GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) - != searchIndex) - || (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) != vendor - || !RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands,// libtpms added - commandCode)) // libtpms added - commandIndex = UNIMPLEMENTED_COMMAND_INDEX; - } + { + if((GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) + != searchIndex) + || (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) != vendor + || !RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added + commandCode)) // libtpms added + commandIndex = UNIMPLEMENTED_COMMAND_INDEX; + } return commandIndex; } -/* 9.3.3.4 GetNextCommandIndex() */ -/* This function returns the index of the next implemented command. */ -/* Return Values Meaning */ -/* UNIMPLEMENTED_COMMAND_INDEX no more implemented commands */ -/* other the index of the next implemented command */ + +//*** GetNextCommandIndex() +// This function returns the index of the next implemented command. +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX no more implemented commands +// other the index of the next implemented command COMMAND_INDEX -GetNextCommandIndex( - COMMAND_INDEX commandIndex // IN: the starting index - ) +GetNextCommandIndex(COMMAND_INDEX commandIndex // IN: the starting index +) { while(++commandIndex < COMMAND_COUNT) - { - if(!RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added begin - GET_ATTRIBUTE(s_ccAttr[commandIndex], - TPMA_CC, commandIndex))) - continue; // libtpms added end + { + if(!RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added begin + GET_ATTRIBUTE(s_ccAttr[commandIndex], + TPMA_CC, commandIndex))) + continue; // libtpms added end #if !COMPRESSED_LISTS - if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED) + if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED) #endif - return commandIndex; - } + return commandIndex; + } return UNIMPLEMENTED_COMMAND_INDEX; } -/* 9.3.3.5 GetCommandCode() */ -/* This function returns the commandCode associated with the command index */ + +//*** GetCommandCode() +// This function returns the commandCode associated with the command index TPM_CC -GetCommandCode( - COMMAND_INDEX commandIndex // IN: the command index - ) +GetCommandCode(COMMAND_INDEX commandIndex // IN: the command index +) { - TPM_CC commandCode = GET_ATTRIBUTE(s_ccAttr[commandIndex], - TPMA_CC, commandIndex); + TPM_CC commandCode = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex); if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) - commandCode += CC_VEND; + commandCode += CC_VEND; return commandCode; } -/* 9.3.3.6 CommandAuthRole() */ -/* This function returns the authorization role required of a handle. */ -/* Return Values Meaning */ -/* AUTH_NONE no authorization is required */ -/* AUTH_USER user role authorization is required */ -/* AUTH_ADMIN admin role authorization is required */ -/* AUTH_DUP duplication role authorization is required */ + +//*** CommandAuthRole() +// +// This function returns the authorization role required of a handle. +// +// Return Type: AUTH_ROLE +// AUTH_NONE no authorization is required +// AUTH_USER user role authorization is required +// AUTH_ADMIN admin role authorization is required +// AUTH_DUP duplication role authorization is required AUTH_ROLE -CommandAuthRole( - COMMAND_INDEX commandIndex, // IN: command index - UINT32 handleIndex // IN: handle index (zero based) - ) +CommandAuthRole(COMMAND_INDEX commandIndex, // IN: command index + UINT32 handleIndex // IN: handle index (zero based) +) { if(0 == handleIndex) - { - // Any authorization role set? - COMMAND_ATTRIBUTES properties = s_commandAttributes[commandIndex]; - if(properties & HANDLE_1_USER) - return AUTH_USER; - if(properties & HANDLE_1_ADMIN) - return AUTH_ADMIN; - if(properties & HANDLE_1_DUP) - return AUTH_DUP; - } + { + // Any authorization role set? + COMMAND_ATTRIBUTES properties = s_commandAttributes[commandIndex]; + + if(properties & HANDLE_1_USER) + return AUTH_USER; + if(properties & HANDLE_1_ADMIN) + return AUTH_ADMIN; + if(properties & HANDLE_1_DUP) + return AUTH_DUP; + } else if(1 == handleIndex) - { - if(s_commandAttributes[commandIndex] & HANDLE_2_USER) - return AUTH_USER; - } + { + if(s_commandAttributes[commandIndex] & HANDLE_2_USER) + return AUTH_USER; + } return AUTH_NONE; } -/* 9.3.3.7 EncryptSize() */ -/* This function returns the size of the decrypt size field. This function returns 0 if encryption - is not allowed */ -/* Return Values Meaning */ -/* 0 encryption not allowed */ -/* 2 size field is two bytes */ -/* 4 size field is four bytes */ -int -EncryptSize( - COMMAND_INDEX commandIndex // IN: command index - ) +//*** EncryptSize() +// This function returns the size of the decrypt size field. This function returns +// 0 if encryption is not allowed +// Return Type: int +// 0 encryption not allowed +// 2 size field is two bytes +// 4 size field is four bytes +int EncryptSize(COMMAND_INDEX commandIndex // IN: command index +) { - return ((s_commandAttributes[commandIndex] & ENCRYPT_2) ? 2 : - (s_commandAttributes[commandIndex] & ENCRYPT_4) ? 4 : 0); + return ((s_commandAttributes[commandIndex] & ENCRYPT_2) ? 2 + : (s_commandAttributes[commandIndex] & ENCRYPT_4) ? 4 + : 0); } -/* 9.3.3.8 DecryptSize() */ -/* This function returns the size of the decrypt size field. This function returns 0 if decryption - is not allowed */ -/* Return Values Meaning */ -/* 0 encryption not allowed */ -/* 2 size field is two bytes */ -/* 4 size field is four bytes */ - -int -DecryptSize( - COMMAND_INDEX commandIndex // IN: command index - ) +//*** DecryptSize() +// This function returns the size of the decrypt size field. This function returns +// 0 if decryption is not allowed +// Return Type: int +// 0 encryption not allowed +// 2 size field is two bytes +// 4 size field is four bytes +int DecryptSize(COMMAND_INDEX commandIndex // IN: command index +) { - return ((s_commandAttributes[commandIndex] & DECRYPT_2) ? 2 : - (s_commandAttributes[commandIndex] & DECRYPT_4) ? 4 : 0); + return ((s_commandAttributes[commandIndex] & DECRYPT_2) ? 2 + : (s_commandAttributes[commandIndex] & DECRYPT_4) ? 4 + : 0); } -/* 9.3.3.9 IsSessionAllowed() */ -/* This function indicates if the command is allowed to have sessions. */ -/* This function must not be called if the command is not known to be implemented. */ -/* Return Values Meaning */ -/* TRUE session is allowed with this command */ -/* FALSE session is not allowed with this command */ - -BOOL -IsSessionAllowed( - COMMAND_INDEX commandIndex // IN: the command to be checked - ) +//*** IsSessionAllowed() +// +// This function indicates if the command is allowed to have sessions. +// +// This function must not be called if the command is not known to be implemented. +// +// Return Type: BOOL +// TRUE(1) session is allowed with this command +// FALSE(0) session is not allowed with this command +BOOL IsSessionAllowed(COMMAND_INDEX commandIndex // IN: the command to be checked +) { return ((s_commandAttributes[commandIndex] & NO_SESSIONS) == 0); } -/* 9.3.3.10 IsHandleInResponse() */ -/* This function determines if a command has a handle in the response */ - -BOOL -IsHandleInResponse( - COMMAND_INDEX commandIndex - ) +//*** IsHandleInResponse() +// This function determines if a command has a handle in the response +BOOL IsHandleInResponse(COMMAND_INDEX commandIndex) { return ((s_commandAttributes[commandIndex] & R_HANDLE) != 0); } -/* 9.3.3.11 IsWriteOperation() */ -/* Checks to see if an operation will write to an NV Index and is subject to being blocked by - read-lock */ -BOOL -IsWriteOperation( - COMMAND_INDEX commandIndex // IN: Command to check - ) +//*** IsWriteOperation() +// Checks to see if an operation will write to an NV Index and is subject to being +// blocked by read-lock +BOOL IsWriteOperation(COMMAND_INDEX commandIndex // IN: Command to check +) { -#ifdef WRITE_LOCK +#ifdef WRITE_LOCK return ((s_commandAttributes[commandIndex] & WRITE_LOCK) != 0); #else if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) - { - switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) - { - case TPM_CC_NV_Write: -#if CC_NV_Increment - case TPM_CC_NV_Increment: -#endif -#if CC_NV_SetBits - case TPM_CC_NV_SetBits: -#endif -#if CC_NV_Extend - case TPM_CC_NV_Extend: -#endif -#if CC_AC_Send - case TPM_CC_AC_Send: -#endif - // NV write lock counts as a write operation for authorization purposes. - // We check to see if the NV is write locked before we do the - // authorization. If it is locked, we fail the command early. - case TPM_CC_NV_WriteLock: - return TRUE; - default: - break; - } - } + { + switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) + { + case TPM_CC_NV_Write: +# if CC_NV_Increment + case TPM_CC_NV_Increment: +# endif +# if CC_NV_SetBits + case TPM_CC_NV_SetBits: +# endif +# if CC_NV_Extend + case TPM_CC_NV_Extend: +# endif +# if CC_AC_Send + case TPM_CC_AC_Send: +# endif + // NV write lock counts as a write operation for authorization purposes. + // We check to see if the NV is write locked before we do the + // authorization. If it is locked, we fail the command early. + case TPM_CC_NV_WriteLock: + return TRUE; + default: + break; + } + } return FALSE; #endif } -/* 9.3.3.12 IsReadOperation() */ -/* Checks to see if an operation will write to an NV Index and is subject to being blocked by - write-lock. */ -BOOL -IsReadOperation( - COMMAND_INDEX commandIndex // IN: Command to check - ) + +//*** IsReadOperation() +// Checks to see if an operation will write to an NV Index and is +// subject to being blocked by write-lock. +BOOL IsReadOperation(COMMAND_INDEX commandIndex // IN: Command to check +) { -#ifdef READ_LOCK +#ifdef READ_LOCK return ((s_commandAttributes[commandIndex] & READ_LOCK) != 0); #else + if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) - { - switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) - { - case TPM_CC_NV_Read: - case TPM_CC_PolicyNV: - case TPM_CC_NV_Certify: - // NV read lock counts as a read operation for authorization purposes. - // We check to see if the NV is read locked before we do the - // authorization. If it is locked, we fail the command early. - case TPM_CC_NV_ReadLock: - return TRUE; - default: - break; - } - } + { + switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) + { + case TPM_CC_NV_Read: + case TPM_CC_PolicyNV: + case TPM_CC_NV_Certify: + // NV read lock counts as a read operation for authorization purposes. + // We check to see if the NV is read locked before we do the + // authorization. If it is locked, we fail the command early. + case TPM_CC_NV_ReadLock: + return TRUE; + default: + break; + } + } return FALSE; #endif } -/* 9.3.3.13 CommandCapGetCCList() */ -/* This function returns a list of implemented commands and command attributes starting from the - command in commandCode. */ -/* Return Values Meaning */ -/* YES more command attributes are available */ -/* NO no more command attributes are available */ + +//*** CommandCapGetCCList() +// This function returns a list of implemented commands and command attributes +// starting from the command in 'commandCode'. +// Return Type: TPMI_YES_NO +// YES more command attributes are available +// NO no more command attributes are available TPMI_YES_NO -CommandCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: maximum count for number of entries in - // 'commandList' - TPML_CCA *commandList // OUT: list of TPMA_CC - ) +CommandCapGetCCList(TPM_CC commandCode, // IN: start command code + UINT32 count, // IN: maximum count for number of entries in + // 'commandList' + TPML_CCA* commandList // OUT: list of TPMA_CC +) { - TPMI_YES_NO more = NO; - COMMAND_INDEX commandIndex; + TPMI_YES_NO more = NO; + COMMAND_INDEX commandIndex; + // initialize output handle list count commandList->count = 0; + for(commandIndex = GetClosestCommandIndex(commandCode); - commandIndex != UNIMPLEMENTED_COMMAND_INDEX; - commandIndex = GetNextCommandIndex(commandIndex)) - { + commandIndex != UNIMPLEMENTED_COMMAND_INDEX; + commandIndex = GetNextCommandIndex(commandIndex)) + { #if !COMPRESSED_LISTS - // this check isn't needed for compressed lists. - if(!(s_commandAttributes[commandIndex] & IS_IMPLEMENTED)) - continue; + // this check isn't needed for compressed lists. + if(!(s_commandAttributes[commandIndex] & IS_IMPLEMENTED)) + continue; #endif - if (!RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added begin - GET_ATTRIBUTE(s_ccAttr[commandIndex], - TPMA_CC, commandIndex))) - continue; // libtpms added end - if(commandList->count < count) - { - // If the list is not full, add the attributes for this command. - commandList->commandAttributes[commandList->count] - = s_ccAttr[commandIndex]; - commandList->count++; - } - else - { - // If the list is full but there are more commands to report, - // indicate this and return. - more = YES; - break; - } - } + if (!RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added begin + GET_ATTRIBUTE(s_ccAttr[commandIndex], + TPMA_CC, commandIndex))) + continue; // libtpms added end + if(commandList->count < count) + { + // If the list is not full, add the attributes for this command. + commandList->commandAttributes[commandList->count] = + s_ccAttr[commandIndex]; + commandList->count++; + } + else + { + // If the list is full but there are more commands to report, + // indicate this and return. + more = YES; + break; + } + } return more; } + //*** CommandCapGetOneCC() // This function checks whether a command is implemented, and returns its // attributes if so. BOOL CommandCapGetOneCC(TPM_CC commandCode, // IN: command code - TPMA_CC* commandAttributes // OUT: command attributes - ) + TPMA_CC* commandAttributes // OUT: command attributes +) { COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) - { - *commandAttributes = s_ccAttr[commandIndex]; - return TRUE; - } + { + *commandAttributes = s_ccAttr[commandIndex]; + return TRUE; + } return FALSE; } #if 0 /* libtpms added */ -/* 9.3.3.14 IsVendorCommand() */ -/* Function indicates if a command index references a vendor command. */ -/* Return Values Meaning */ -/* TRUE command is a vendor command */ -/* FALSE command is not a vendor command */ -BOOL -IsVendorCommand( - COMMAND_INDEX commandIndex // IN: command index to check - ) +//*** IsVendorCommand() +// Function indicates if a command index references a vendor command. +// Return Type: BOOL +// TRUE(1) command is a vendor command +// FALSE(0) command is not a vendor command +BOOL IsVendorCommand(COMMAND_INDEX commandIndex // IN: command index to check +) { return (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)); } #endif /* libtpms added */ - diff --git a/src/tpm2/CommandCodeAttributes_fp.h b/src/tpm2/CommandCodeAttributes_fp.h index 4f1d70a0..de5d8def 100644 --- a/src/tpm2/CommandCodeAttributes_fp.h +++ b/src/tpm2/CommandCodeAttributes_fp.h @@ -58,70 +58,141 @@ /* */ /********************************************************************************/ -#ifndef COMMANDCODEATTRIBUTES_FP_H -#define COMMANDCODEATTRIBUTES_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ +#ifndef _COMMAND_CODE_ATTRIBUTES_FP_H_ +#define _COMMAND_CODE_ATTRIBUTES_FP_H_ + +//*** GetClosestCommandIndex() +// This function returns the command index for the command with a value that is +// equal to or greater than the input value +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX command is not implemented +// other index of a command COMMAND_INDEX -GetClosestCommandIndex( - TPM_CC commandCode // IN: the command code to start at - ); +GetClosestCommandIndex(TPM_CC commandCode // IN: the command code to start at +); + +//*** CommandCodeToComandIndex() +// This function returns the index in the various attributes arrays of the +// command. +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX command is not implemented +// other index of the command COMMAND_INDEX -CommandCodeToCommandIndex( - TPM_CC commandCode // IN: the command code to look up - ); +CommandCodeToCommandIndex(TPM_CC commandCode // IN: the command code to look up +); + +//*** GetNextCommandIndex() +// This function returns the index of the next implemented command. +// Return Type: COMMAND_INDEX +// UNIMPLEMENTED_COMMAND_INDEX no more implemented commands +// other the index of the next implemented command COMMAND_INDEX -GetNextCommandIndex( - COMMAND_INDEX commandIndex // IN: the starting index - ); +GetNextCommandIndex(COMMAND_INDEX commandIndex // IN: the starting index +); + +//*** GetCommandCode() +// This function returns the commandCode associated with the command index TPM_CC -GetCommandCode( - COMMAND_INDEX commandIndex // IN: the command index - ); +GetCommandCode(COMMAND_INDEX commandIndex // IN: the command index +); + +//*** CommandAuthRole() +// +// This function returns the authorization role required of a handle. +// +// Return Type: AUTH_ROLE +// AUTH_NONE no authorization is required +// AUTH_USER user role authorization is required +// AUTH_ADMIN admin role authorization is required +// AUTH_DUP duplication role authorization is required AUTH_ROLE -CommandAuthRole( - COMMAND_INDEX commandIndex, // IN: command index - UINT32 handleIndex // IN: handle index (zero based) - ); -int -EncryptSize( - COMMAND_INDEX commandIndex // IN: command index - ); -int -DecryptSize( - COMMAND_INDEX commandIndex // IN: command index - ); -BOOL -IsSessionAllowed( - COMMAND_INDEX commandIndex // IN: the command to be checked - ); -BOOL -IsHandleInResponse( - COMMAND_INDEX commandIndex - ); -BOOL -IsWriteOperation( - COMMAND_INDEX commandIndex // IN: Command to check - ); -BOOL -IsReadOperation( - COMMAND_INDEX commandIndex // IN: Command to check - ); +CommandAuthRole(COMMAND_INDEX commandIndex, // IN: command index + UINT32 handleIndex // IN: handle index (zero based) +); + +//*** EncryptSize() +// This function returns the size of the decrypt size field. This function returns +// 0 if encryption is not allowed +// Return Type: int +// 0 encryption not allowed +// 2 size field is two bytes +// 4 size field is four bytes +int EncryptSize(COMMAND_INDEX commandIndex // IN: command index +); + +//*** DecryptSize() +// This function returns the size of the decrypt size field. This function returns +// 0 if decryption is not allowed +// Return Type: int +// 0 encryption not allowed +// 2 size field is two bytes +// 4 size field is four bytes +int DecryptSize(COMMAND_INDEX commandIndex // IN: command index +); + +//*** IsSessionAllowed() +// +// This function indicates if the command is allowed to have sessions. +// +// This function must not be called if the command is not known to be implemented. +// +// Return Type: BOOL +// TRUE(1) session is allowed with this command +// FALSE(0) session is not allowed with this command +BOOL IsSessionAllowed(COMMAND_INDEX commandIndex // IN: the command to be checked +); + +//*** IsHandleInResponse() +// This function determines if a command has a handle in the response +BOOL IsHandleInResponse(COMMAND_INDEX commandIndex); + +//*** IsWriteOperation() +// Checks to see if an operation will write to an NV Index and is subject to being +// blocked by read-lock +BOOL IsWriteOperation(COMMAND_INDEX commandIndex // IN: Command to check +); + +//*** IsReadOperation() +// Checks to see if an operation will write to an NV Index and is +// subject to being blocked by write-lock. +BOOL IsReadOperation(COMMAND_INDEX commandIndex // IN: Command to check +); + +//*** CommandCapGetCCList() +// This function returns a list of implemented commands and command attributes +// starting from the command in 'commandCode'. +// Return Type: TPMI_YES_NO +// YES more command attributes are available +// NO no more command attributes are available TPMI_YES_NO -CommandCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: maximum count for number of entries in - // 'commandList' - TPML_CCA *commandList // OUT: list of TPMA_CC - ); +CommandCapGetCCList(TPM_CC commandCode, // IN: start command code + UINT32 count, // IN: maximum count for number of entries in + // 'commandList' + TPML_CCA* commandList // OUT: list of TPMA_CC +); + +//*** CommandCapGetOneCC() +// This function checks whether a command is implemented, and returns its +// attributes if so. BOOL CommandCapGetOneCC(TPM_CC commandCode, // IN: command code - TPMA_CC* commandAttributes // OUT: Command attributes - ); + TPMA_CC* commandAttributes // OUT: Command attributes +); + #if 0 /* libtpms added */ -BOOL -IsVendorCommand( - COMMAND_INDEX commandIndex // IN: command index to check - ); + +//*** IsVendorCommand() +// Function indicates if a command index references a vendor command. +// Return Type: BOOL +// TRUE(1) command is a vendor command +// FALSE(0) command is not a vendor command +BOOL IsVendorCommand(COMMAND_INDEX commandIndex // IN: command index to check +); + #endif /* libtpms added */ - -#endif +#endif // _COMMAND_CODE_ATTRIBUTES_FP_H_ diff --git a/src/tpm2/CommandDispatchData.h b/src/tpm2/CommandDispatchData.h index 539088b5..546a0d3f 100644 --- a/src/tpm2/CommandDispatchData.h +++ b/src/tpm2/CommandDispatchData.h @@ -58,21 +58,29 @@ /* */ /********************************************************************************/ -/* This file should only be included by CommandCodeAttibutes.c */ + +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT +// clang-format off + +// This file should only be included by CommandCodeAttributes.c #ifdef _COMMAND_TABLE_DISPATCH_ +// Define the stop value #define END_OF_LIST 0xff #define ADD_FLAG 0x80 -/* These macros provide some variability in how the data is encoded. They also make the lines a - little shorter. ;-) */ - +// These macros provide some variability in how the data is encoded. They also +// make the lines a little shorter. :-) +// When TABLE_DRIVEN_MARSHAL is 'NO', the un/marshaling of parameters uses +// calls to the function that does the type-specific un/marshaling. When +// TABLE_DRIVEN_MARSHAL is 'YES', the un/marshaling of parameters calls the +// singular code with a value that is the offset of the data descriptor of the +// type. #if TABLE_DRIVEN_MARSHAL # define UNMARSHAL_DISPATCH(name) (marshalIndex_t)name##_MARSHAL_REF # define MARSHAL_DISPATCH(name) (marshalIndex_t)name##_MARSHAL_REF # define _UNMARSHAL_T_ marshalIndex_t # define _MARSHAL_T_ marshalIndex_t -# #else # define UNMARSHAL_DISPATCH(name) (UNMARSHAL_t)name##_Unmarshal # define MARSHAL_DISPATCH(name) (MARSHAL_t)name##_Marshal @@ -80,126 +88,123 @@ # define _MARSHAL_T_ MARSHAL_t #endif +// The unmarshalArray contains the dispatch functions for the unmarshaling +// code. The defines in this array are used to make it easier to cross +// reference the unmarshaling values in the types array of each command + const _UNMARSHAL_T_ unmarshalArray[] = { #define TPMI_DH_CONTEXT_H_UNMARSHAL 0 - UNMARSHAL_DISPATCH(TPMI_DH_CONTEXT), + UNMARSHAL_DISPATCH(TPMI_DH_CONTEXT), #define TPMI_RH_AC_H_UNMARSHAL (TPMI_DH_CONTEXT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_AC), + UNMARSHAL_DISPATCH(TPMI_RH_AC), #define TPMI_RH_ACT_H_UNMARSHAL (TPMI_RH_AC_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_ACT), + UNMARSHAL_DISPATCH(TPMI_RH_ACT), #define TPMI_RH_CLEAR_H_UNMARSHAL (TPMI_RH_ACT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_CLEAR), + UNMARSHAL_DISPATCH(TPMI_RH_CLEAR), #define TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL (TPMI_RH_CLEAR_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY_AUTH), -#define TPMI_RH_HIERARCHY_POLICY_H_UNMARSHAL \ - (TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY_POLICY), -#define TPMI_RH_LOCKOUT_H_UNMARSHAL \ - (TPMI_RH_HIERARCHY_POLICY_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_LOCKOUT), + UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY_AUTH), +#define TPMI_RH_HIERARCHY_POLICY_H_UNMARSHAL \ + (TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY_POLICY), +#define TPMI_RH_LOCKOUT_H_UNMARSHAL \ + (TPMI_RH_HIERARCHY_POLICY_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_LOCKOUT), #define TPMI_RH_NV_AUTH_H_UNMARSHAL (TPMI_RH_LOCKOUT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_NV_AUTH), + UNMARSHAL_DISPATCH(TPMI_RH_NV_AUTH), #define TPMI_RH_NV_INDEX_H_UNMARSHAL (TPMI_RH_NV_AUTH_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_NV_INDEX), + UNMARSHAL_DISPATCH(TPMI_RH_NV_INDEX), #define TPMI_RH_PLATFORM_H_UNMARSHAL (TPMI_RH_NV_INDEX_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_PLATFORM), + UNMARSHAL_DISPATCH(TPMI_RH_PLATFORM), #define TPMI_RH_PROVISION_H_UNMARSHAL (TPMI_RH_PLATFORM_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_PROVISION), + UNMARSHAL_DISPATCH(TPMI_RH_PROVISION), #define TPMI_SH_HMAC_H_UNMARSHAL (TPMI_RH_PROVISION_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_SH_HMAC), + UNMARSHAL_DISPATCH(TPMI_SH_HMAC), #define TPMI_SH_POLICY_H_UNMARSHAL (TPMI_SH_HMAC_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_SH_POLICY), - // HANDLE_FIRST_FLAG_TYPE is the first handle that needs a flag when called. + UNMARSHAL_DISPATCH(TPMI_SH_POLICY), +// HANDLE_FIRST_FLAG_TYPE is the first handle that needs a flag when called. #define HANDLE_FIRST_FLAG_TYPE (TPMI_SH_POLICY_H_UNMARSHAL + 1) #define TPMI_DH_ENTITY_H_UNMARSHAL (TPMI_SH_POLICY_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_ENTITY), + UNMARSHAL_DISPATCH(TPMI_DH_ENTITY), #define TPMI_DH_OBJECT_H_UNMARSHAL (TPMI_DH_ENTITY_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_OBJECT), + UNMARSHAL_DISPATCH(TPMI_DH_OBJECT), #define TPMI_DH_PARENT_H_UNMARSHAL (TPMI_DH_OBJECT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_PARENT), + UNMARSHAL_DISPATCH(TPMI_DH_PARENT), #define TPMI_DH_PCR_H_UNMARSHAL (TPMI_DH_PARENT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_PCR), + UNMARSHAL_DISPATCH(TPMI_DH_PCR), #define TPMI_RH_ENDORSEMENT_H_UNMARSHAL (TPMI_DH_PCR_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_ENDORSEMENT), -#define TPMI_RH_HIERARCHY_H_UNMARSHAL \ - (TPMI_RH_ENDORSEMENT_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY), - // PARAMETER_FIRST_TYPE marks the end of the handle list. + UNMARSHAL_DISPATCH(TPMI_RH_ENDORSEMENT), +#define TPMI_RH_HIERARCHY_H_UNMARSHAL (TPMI_RH_ENDORSEMENT_H_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY), +// PARAMETER_FIRST_TYPE marks the end of the handle list. #define PARAMETER_FIRST_TYPE (TPMI_RH_HIERARCHY_H_UNMARSHAL + 1) #define TPM2B_DATA_P_UNMARSHAL (TPMI_RH_HIERARCHY_H_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_DATA), + UNMARSHAL_DISPATCH(TPM2B_DATA), #define TPM2B_DIGEST_P_UNMARSHAL (TPM2B_DATA_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_DIGEST), + UNMARSHAL_DISPATCH(TPM2B_DIGEST), #define TPM2B_ECC_PARAMETER_P_UNMARSHAL (TPM2B_DIGEST_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_ECC_PARAMETER), -#define TPM2B_ECC_POINT_P_UNMARSHAL \ - (TPM2B_ECC_PARAMETER_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_ECC_POINT), + UNMARSHAL_DISPATCH(TPM2B_ECC_PARAMETER), +#define TPM2B_ECC_POINT_P_UNMARSHAL (TPM2B_ECC_PARAMETER_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_ECC_POINT), #define TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL (TPM2B_ECC_POINT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_ENCRYPTED_SECRET), -#define TPM2B_EVENT_P_UNMARSHAL \ - (TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_EVENT), + UNMARSHAL_DISPATCH(TPM2B_ENCRYPTED_SECRET), +#define TPM2B_EVENT_P_UNMARSHAL (TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_EVENT), #define TPM2B_ID_OBJECT_P_UNMARSHAL (TPM2B_EVENT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_ID_OBJECT), + UNMARSHAL_DISPATCH(TPM2B_ID_OBJECT), #define TPM2B_IV_P_UNMARSHAL (TPM2B_ID_OBJECT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_IV), + UNMARSHAL_DISPATCH(TPM2B_IV), #define TPM2B_MAX_BUFFER_P_UNMARSHAL (TPM2B_IV_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_MAX_BUFFER), + UNMARSHAL_DISPATCH(TPM2B_MAX_BUFFER), #define TPM2B_MAX_NV_BUFFER_P_UNMARSHAL (TPM2B_MAX_BUFFER_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_MAX_NV_BUFFER), -#define TPM2B_NAME_P_UNMARSHAL \ - (TPM2B_MAX_NV_BUFFER_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_NAME), + UNMARSHAL_DISPATCH(TPM2B_MAX_NV_BUFFER), +#define TPM2B_NAME_P_UNMARSHAL (TPM2B_MAX_NV_BUFFER_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_NAME), #define TPM2B_NV_PUBLIC_P_UNMARSHAL (TPM2B_NAME_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_NV_PUBLIC), + UNMARSHAL_DISPATCH(TPM2B_NV_PUBLIC), #define TPM2B_NV_PUBLIC_2_P_UNMARSHAL (TPM2B_NV_PUBLIC_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_NV_PUBLIC_2), + UNMARSHAL_DISPATCH(TPM2B_NV_PUBLIC_2), #define TPM2B_PRIVATE_P_UNMARSHAL (TPM2B_NV_PUBLIC_2_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_PRIVATE), + UNMARSHAL_DISPATCH(TPM2B_PRIVATE), #define TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL (TPM2B_PRIVATE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_PUBLIC_KEY_RSA), -#define TPM2B_SENSITIVE_P_UNMARSHAL \ - (TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_SENSITIVE), + UNMARSHAL_DISPATCH(TPM2B_PUBLIC_KEY_RSA), +#define TPM2B_SENSITIVE_P_UNMARSHAL (TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_SENSITIVE), #define TPM2B_SENSITIVE_CREATE_P_UNMARSHAL (TPM2B_SENSITIVE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_SENSITIVE_CREATE), -#define TPM2B_SENSITIVE_DATA_P_UNMARSHAL \ - (TPM2B_SENSITIVE_CREATE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_SENSITIVE_DATA), + UNMARSHAL_DISPATCH(TPM2B_SENSITIVE_CREATE), +#define TPM2B_SENSITIVE_DATA_P_UNMARSHAL (TPM2B_SENSITIVE_CREATE_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_SENSITIVE_DATA), #define TPM2B_SET_CAPABILITY_DATA_P_UNMARSHAL (TPM2B_SENSITIVE_DATA_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_SET_CAPABILITY_DATA), -#define TPM2B_TEMPLATE_P_UNMARSHAL \ - (TPM2B_SET_CAPABILITY_DATA_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_TEMPLATE), + UNMARSHAL_DISPATCH(TPM2B_SET_CAPABILITY_DATA), +#define TPM2B_TEMPLATE_P_UNMARSHAL (TPM2B_SET_CAPABILITY_DATA_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPM2B_TEMPLATE), #define TPM2B_TIMEOUT_P_UNMARSHAL (TPM2B_TEMPLATE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_TIMEOUT), + UNMARSHAL_DISPATCH(TPM2B_TIMEOUT), #define TPMI_DH_CONTEXT_P_UNMARSHAL (TPM2B_TIMEOUT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_CONTEXT), + UNMARSHAL_DISPATCH(TPMI_DH_CONTEXT), #define TPMI_DH_PERSISTENT_P_UNMARSHAL (TPMI_DH_CONTEXT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_PERSISTENT), + UNMARSHAL_DISPATCH(TPMI_DH_PERSISTENT), #define TPMI_YES_NO_P_UNMARSHAL (TPMI_DH_PERSISTENT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_YES_NO), + UNMARSHAL_DISPATCH(TPMI_YES_NO), #define TPML_ALG_P_UNMARSHAL (TPMI_YES_NO_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_ALG), + UNMARSHAL_DISPATCH(TPML_ALG), #define TPML_CC_P_UNMARSHAL (TPML_ALG_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_CC), + UNMARSHAL_DISPATCH(TPML_CC), #define TPML_DIGEST_P_UNMARSHAL (TPML_CC_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_DIGEST), + UNMARSHAL_DISPATCH(TPML_DIGEST), #define TPML_DIGEST_VALUES_P_UNMARSHAL (TPML_DIGEST_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_DIGEST_VALUES), + UNMARSHAL_DISPATCH(TPML_DIGEST_VALUES), #define TPML_PCR_SELECTION_P_UNMARSHAL (TPML_DIGEST_VALUES_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPML_PCR_SELECTION), + UNMARSHAL_DISPATCH(TPML_PCR_SELECTION), #define TPMS_CONTEXT_P_UNMARSHAL (TPML_PCR_SELECTION_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMS_CONTEXT), + UNMARSHAL_DISPATCH(TPMS_CONTEXT), #define TPMT_PUBLIC_PARMS_P_UNMARSHAL (TPMS_CONTEXT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_PUBLIC_PARMS), + UNMARSHAL_DISPATCH(TPMT_PUBLIC_PARMS), #define TPMT_TK_AUTH_P_UNMARSHAL (TPMT_PUBLIC_PARMS_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_TK_AUTH), + UNMARSHAL_DISPATCH(TPMT_TK_AUTH), #define TPMT_TK_CREATION_P_UNMARSHAL (TPMT_TK_AUTH_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_TK_CREATION), + UNMARSHAL_DISPATCH(TPMT_TK_CREATION), #define TPMT_TK_HASHCHECK_P_UNMARSHAL (TPMT_TK_CREATION_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_TK_HASHCHECK), + UNMARSHAL_DISPATCH(TPMT_TK_HASHCHECK), #define TPMT_TK_VERIFIED_P_UNMARSHAL (TPMT_TK_HASHCHECK_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMT_TK_VERIFIED), #define TPM_AT_P_UNMARSHAL (TPMT_TK_VERIFIED_P_UNMARSHAL + 1) @@ -217,509 +222,586 @@ const _UNMARSHAL_T_ unmarshalArray[] = { #define UINT16_P_UNMARSHAL (TPM_SU_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(UINT16), #define UINT32_P_UNMARSHAL (UINT16_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(UINT32), + UNMARSHAL_DISPATCH(UINT32), #define UINT64_P_UNMARSHAL (UINT32_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(UINT64), + UNMARSHAL_DISPATCH(UINT64), #define UINT8_P_UNMARSHAL (UINT64_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(UINT8), - // PARAMETER_FIRST_FLAG_TYPE is the first parameter to need a flag. + UNMARSHAL_DISPATCH(UINT8), +// PARAMETER_FIRST_FLAG_TYPE is the first parameter to need a flag. #define PARAMETER_FIRST_FLAG_TYPE (UINT8_P_UNMARSHAL + 1) #define TPM2B_PUBLIC_P_UNMARSHAL (UINT8_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPM2B_PUBLIC), + UNMARSHAL_DISPATCH(TPM2B_PUBLIC), #define TPMI_ALG_CIPHER_MODE_P_UNMARSHAL (TPM2B_PUBLIC_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ALG_CIPHER_MODE), -#define TPMI_ALG_HASH_P_UNMARSHAL \ - (TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ALG_HASH), + UNMARSHAL_DISPATCH(TPMI_ALG_CIPHER_MODE), +#define TPMI_ALG_HASH_P_UNMARSHAL (TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_ALG_HASH), #define TPMI_ALG_MAC_SCHEME_P_UNMARSHAL (TPMI_ALG_HASH_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ALG_MAC_SCHEME), -#define TPMI_DH_PCR_P_UNMARSHAL \ - (TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_DH_PCR), + UNMARSHAL_DISPATCH(TPMI_ALG_MAC_SCHEME), +#define TPMI_DH_PCR_P_UNMARSHAL (TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_DH_PCR), #define TPMI_ECC_CURVE_P_UNMARSHAL (TPMI_DH_PCR_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ECC_CURVE), + UNMARSHAL_DISPATCH(TPMI_ECC_CURVE), #define TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL (TPMI_ECC_CURVE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_ECC_KEY_EXCHANGE), -#define TPMI_RH_ENABLES_P_UNMARSHAL \ - (TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_ENABLES), + UNMARSHAL_DISPATCH(TPMI_ECC_KEY_EXCHANGE), +#define TPMI_RH_ENABLES_P_UNMARSHAL (TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL + 1) + UNMARSHAL_DISPATCH(TPMI_RH_ENABLES), #define TPMI_RH_HIERARCHY_P_UNMARSHAL (TPMI_RH_ENABLES_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY), + UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY), #define TPMT_KDF_SCHEME_P_UNMARSHAL (TPMI_RH_HIERARCHY_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_KDF_SCHEME), + UNMARSHAL_DISPATCH(TPMT_KDF_SCHEME), #define TPMT_RSA_DECRYPT_P_UNMARSHAL (TPMT_KDF_SCHEME_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_RSA_DECRYPT), + UNMARSHAL_DISPATCH(TPMT_RSA_DECRYPT), #define TPMT_SIGNATURE_P_UNMARSHAL (TPMT_RSA_DECRYPT_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_SIGNATURE), + UNMARSHAL_DISPATCH(TPMT_SIGNATURE), #define TPMT_SIG_SCHEME_P_UNMARSHAL (TPMT_SIGNATURE_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_SIG_SCHEME), + UNMARSHAL_DISPATCH(TPMT_SIG_SCHEME), #define TPMT_SYM_DEF_P_UNMARSHAL (TPMT_SIG_SCHEME_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_SYM_DEF), + UNMARSHAL_DISPATCH(TPMT_SYM_DEF), #define TPMT_SYM_DEF_OBJECT_P_UNMARSHAL (TPMT_SYM_DEF_P_UNMARSHAL + 1) - UNMARSHAL_DISPATCH(TPMT_SYM_DEF_OBJECT) - // PARAMETER_LAST_TYPE is the end of the command parameter list. - - // PARAMETER_LAST_TYPE is the end of the command parameter list. -#define PARAMETER_LAST_TYPE (TPMT_SYM_DEF_OBJECT_P_UNMARSHAL) - + UNMARSHAL_DISPATCH(TPMT_SYM_DEF_OBJECT) +// PARAMETER_LAST_TYPE is the index of the last command parameter. +#define PARAMETER_LAST_TYPE (TPMT_SYM_DEF_OBJECT_P_UNMARSHAL) }; - +// The marshalArray contains the dispatch functions for the marshaling code. +// The defines in this array are used to make it easier to cross reference the +// marshaling values in the types array of each command const _MARSHAL_T_ marshalArray[] = { - #define UINT32_H_MARSHAL 0 - MARSHAL_DISPATCH(UINT32), - // RESPONSE_PARAMETER_FIRST_TYPE marks the end of the response handles. + MARSHAL_DISPATCH(UINT32), +// RESPONSE_PARAMETER_FIRST_TYPE marks the end of the response handles. #define RESPONSE_PARAMETER_FIRST_TYPE (UINT32_H_MARSHAL + 1) #define TPM2B_ATTEST_P_MARSHAL (UINT32_H_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_ATTEST), + MARSHAL_DISPATCH(TPM2B_ATTEST), #define TPM2B_CREATION_DATA_P_MARSHAL (TPM2B_ATTEST_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_CREATION_DATA), + MARSHAL_DISPATCH(TPM2B_CREATION_DATA), #define TPM2B_DATA_P_MARSHAL (TPM2B_CREATION_DATA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_DATA), + MARSHAL_DISPATCH(TPM2B_DATA), #define TPM2B_DIGEST_P_MARSHAL (TPM2B_DATA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_DIGEST), + MARSHAL_DISPATCH(TPM2B_DIGEST), #define TPM2B_ECC_POINT_P_MARSHAL (TPM2B_DIGEST_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_ECC_POINT), + MARSHAL_DISPATCH(TPM2B_ECC_POINT), #define TPM2B_ENCRYPTED_SECRET_P_MARSHAL (TPM2B_ECC_POINT_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_ENCRYPTED_SECRET), -#define TPM2B_ID_OBJECT_P_MARSHAL \ - (TPM2B_ENCRYPTED_SECRET_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_ID_OBJECT), + MARSHAL_DISPATCH(TPM2B_ENCRYPTED_SECRET), +#define TPM2B_ID_OBJECT_P_MARSHAL (TPM2B_ENCRYPTED_SECRET_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPM2B_ID_OBJECT), #define TPM2B_IV_P_MARSHAL (TPM2B_ID_OBJECT_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_IV), + MARSHAL_DISPATCH(TPM2B_IV), #define TPM2B_MAX_BUFFER_P_MARSHAL (TPM2B_IV_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_MAX_BUFFER), + MARSHAL_DISPATCH(TPM2B_MAX_BUFFER), #define TPM2B_MAX_NV_BUFFER_P_MARSHAL (TPM2B_MAX_BUFFER_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_MAX_NV_BUFFER), + MARSHAL_DISPATCH(TPM2B_MAX_NV_BUFFER), #define TPM2B_NAME_P_MARSHAL (TPM2B_MAX_NV_BUFFER_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_NAME), + MARSHAL_DISPATCH(TPM2B_NAME), #define TPM2B_NV_PUBLIC_P_MARSHAL (TPM2B_NAME_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_NV_PUBLIC), + MARSHAL_DISPATCH(TPM2B_NV_PUBLIC), #define TPM2B_NV_PUBLIC_2_P_MARSHAL (TPM2B_NV_PUBLIC_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_NV_PUBLIC_2), + MARSHAL_DISPATCH(TPM2B_NV_PUBLIC_2), #define TPM2B_PRIVATE_P_MARSHAL (TPM2B_NV_PUBLIC_2_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_PRIVATE), + MARSHAL_DISPATCH(TPM2B_PRIVATE), #define TPM2B_PUBLIC_P_MARSHAL (TPM2B_PRIVATE_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_PUBLIC), + MARSHAL_DISPATCH(TPM2B_PUBLIC), #define TPM2B_PUBLIC_KEY_RSA_P_MARSHAL (TPM2B_PUBLIC_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_PUBLIC_KEY_RSA), + MARSHAL_DISPATCH(TPM2B_PUBLIC_KEY_RSA), #define TPM2B_SENSITIVE_DATA_P_MARSHAL (TPM2B_PUBLIC_KEY_RSA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_SENSITIVE_DATA), + MARSHAL_DISPATCH(TPM2B_SENSITIVE_DATA), #define TPM2B_TIMEOUT_P_MARSHAL (TPM2B_SENSITIVE_DATA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPM2B_TIMEOUT), + MARSHAL_DISPATCH(TPM2B_TIMEOUT), #define UINT8_P_MARSHAL (TPM2B_TIMEOUT_P_MARSHAL + 1) - MARSHAL_DISPATCH(UINT8), + MARSHAL_DISPATCH(UINT8), #define TPML_AC_CAPABILITIES_P_MARSHAL (UINT8_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_AC_CAPABILITIES), + MARSHAL_DISPATCH(TPML_AC_CAPABILITIES), #define TPML_ALG_P_MARSHAL (TPML_AC_CAPABILITIES_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_ALG), + MARSHAL_DISPATCH(TPML_ALG), #define TPML_DIGEST_P_MARSHAL (TPML_ALG_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_DIGEST), + MARSHAL_DISPATCH(TPML_DIGEST), #define TPML_DIGEST_VALUES_P_MARSHAL (TPML_DIGEST_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_DIGEST_VALUES), + MARSHAL_DISPATCH(TPML_DIGEST_VALUES), #define TPML_PCR_SELECTION_P_MARSHAL (TPML_DIGEST_VALUES_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPML_PCR_SELECTION), + MARSHAL_DISPATCH(TPML_PCR_SELECTION), #define TPMS_AC_OUTPUT_P_MARSHAL (TPML_PCR_SELECTION_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_AC_OUTPUT), + MARSHAL_DISPATCH(TPMS_AC_OUTPUT), #define TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL (TPMS_AC_OUTPUT_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_ALGORITHM_DETAIL_ECC), -#define TPMS_CAPABILITY_DATA_P_MARSHAL \ - (TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_CAPABILITY_DATA), + MARSHAL_DISPATCH(TPMS_ALGORITHM_DETAIL_ECC), +#define TPMS_CAPABILITY_DATA_P_MARSHAL (TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL + 1) + MARSHAL_DISPATCH(TPMS_CAPABILITY_DATA), #define TPMS_CONTEXT_P_MARSHAL (TPMS_CAPABILITY_DATA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_CONTEXT), + MARSHAL_DISPATCH(TPMS_CONTEXT), #define TPMS_TIME_INFO_P_MARSHAL (TPMS_CONTEXT_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMS_TIME_INFO), + MARSHAL_DISPATCH(TPMS_TIME_INFO), #define TPMT_HA_P_MARSHAL (TPMS_TIME_INFO_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_HA), + MARSHAL_DISPATCH(TPMT_HA), #define TPMT_SIGNATURE_P_MARSHAL (TPMT_HA_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_SIGNATURE), + MARSHAL_DISPATCH(TPMT_SIGNATURE), #define TPMT_TK_AUTH_P_MARSHAL (TPMT_SIGNATURE_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_TK_AUTH), + MARSHAL_DISPATCH(TPMT_TK_AUTH), #define TPMT_TK_CREATION_P_MARSHAL (TPMT_TK_AUTH_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_TK_CREATION), + MARSHAL_DISPATCH(TPMT_TK_CREATION), #define TPMT_TK_HASHCHECK_P_MARSHAL (TPMT_TK_CREATION_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_TK_HASHCHECK), + MARSHAL_DISPATCH(TPMT_TK_HASHCHECK), #define TPMT_TK_VERIFIED_P_MARSHAL (TPMT_TK_HASHCHECK_P_MARSHAL + 1) - MARSHAL_DISPATCH(TPMT_TK_VERIFIED), + MARSHAL_DISPATCH(TPMT_TK_VERIFIED), #define UINT32_P_MARSHAL (TPMT_TK_VERIFIED_P_MARSHAL + 1) - MARSHAL_DISPATCH(UINT32), + MARSHAL_DISPATCH(UINT32), #define UINT16_P_MARSHAL (UINT32_P_MARSHAL + 1) - MARSHAL_DISPATCH(UINT16) - -#define RESPONSE_PARAMETER_LAST_TYPE (UINT16_P_MARSHAL) + MARSHAL_DISPATCH(UINT16) +// RESPONSE_PARAMETER_LAST_TYPE is the index of the last response parameter. +#define RESPONSE_PARAMETER_LAST_TYPE (UINT16_P_MARSHAL) }; -/* This list of aliases allows the types in the _COMMAND_DESCRIPTOR_T to match the types in the - command/response templates of part 3. */ -#define INT32_P_UNMARSHAL UINT32_P_UNMARSHAL -#define TPM2B_AUTH_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL -#define TPM2B_NONCE_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL -#define TPM2B_OPERAND_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL -#define TPMA_LOCALITY_P_UNMARSHAL UINT8_P_UNMARSHAL -#define TPM_CC_P_UNMARSHAL UINT32_P_UNMARSHAL -#define TPMI_DH_CONTEXT_H_MARSHAL UINT32_H_MARSHAL -#define TPMI_DH_OBJECT_H_MARSHAL UINT32_H_MARSHAL -#define TPMI_SH_AUTH_SESSION_H_MARSHAL UINT32_H_MARSHAL -#define TPM_HANDLE_H_MARSHAL UINT32_H_MARSHAL -#define TPM2B_NONCE_P_MARSHAL TPM2B_DIGEST_P_MARSHAL -#define TPMI_YES_NO_P_MARSHAL UINT8_P_MARSHAL -#define TPM_RC_P_MARSHAL UINT32_P_MARSHAL +// This list of aliases allows the types in the _COMMAND_DESCRIPTOR_t to match +// the types in the command/response templates of part 3. +#define TPM2B_NONCE_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL +#define TPM2B_AUTH_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL +#define TPM2B_OPERAND_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL +#define INT32_P_UNMARSHAL UINT32_P_UNMARSHAL +#define TPM_CC_P_UNMARSHAL UINT32_P_UNMARSHAL +#define TPMA_LOCALITY_P_UNMARSHAL UINT8_P_UNMARSHAL +#define TPMI_SH_AUTH_SESSION_H_MARSHAL UINT32_H_MARSHAL +#define TPM_HANDLE_H_MARSHAL UINT32_H_MARSHAL +#define TPMI_DH_OBJECT_H_MARSHAL UINT32_H_MARSHAL +#define TPMI_DH_CONTEXT_H_MARSHAL UINT32_H_MARSHAL +#define TPM2B_NONCE_P_MARSHAL TPM2B_DIGEST_P_MARSHAL +#define TPM_RC_P_MARSHAL UINT32_P_MARSHAL +#define TPMI_YES_NO_P_MARSHAL UINT8_P_MARSHAL -#if CC_Startup -#include "Startup_fp.h" -typedef TPM_RC (Startup_Entry)( - Startup_In *in - ); -typedef const struct { - Startup_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; + +// Per-command un/marshaling tables + +#if CC_Startup +#include "Startup_fp.h" + +typedef TPM_RC (Startup_Entry)( + Startup_In* in +); + + +typedef const struct +{ + Startup_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } Startup_COMMAND_DESCRIPTOR_t; + Startup_COMMAND_DESCRIPTOR_t _StartupData = { - /* entry */ &TPM2_Startup, - /* inSize */ (UINT16)(sizeof(Startup_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(Startup_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPM_SU_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_Startup, + /* inSize */ (UINT16)(sizeof(Startup_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(Startup_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPM_SU_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _StartupDataAddress (&_StartupData) #else #define _StartupDataAddress 0 -#endif -#if CC_Shutdown -#include "Shutdown_fp.h" -typedef TPM_RC (Shutdown_Entry)( - Shutdown_In *in - ); -typedef const struct { - Shutdown_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_Startup + +#if CC_Shutdown +#include "Shutdown_fp.h" + +typedef TPM_RC (Shutdown_Entry)( + Shutdown_In* in +); + + +typedef const struct +{ + Shutdown_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } Shutdown_COMMAND_DESCRIPTOR_t; + Shutdown_COMMAND_DESCRIPTOR_t _ShutdownData = { - /* entry */ &TPM2_Shutdown, - /* inSize */ (UINT16)(sizeof(Shutdown_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(Shutdown_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPM_SU_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_Shutdown, + /* inSize */ (UINT16)(sizeof(Shutdown_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(Shutdown_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPM_SU_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _ShutdownDataAddress (&_ShutdownData) #else #define _ShutdownDataAddress 0 -#endif -#if CC_SelfTest -#include "SelfTest_fp.h" -typedef TPM_RC (SelfTest_Entry)( - SelfTest_In *in - ); -typedef const struct { - SelfTest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_Shutdown + +#if CC_SelfTest +#include "SelfTest_fp.h" + +typedef TPM_RC (SelfTest_Entry)( + SelfTest_In* in +); + + +typedef const struct +{ + SelfTest_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } SelfTest_COMMAND_DESCRIPTOR_t; + SelfTest_COMMAND_DESCRIPTOR_t _SelfTestData = { - /* entry */ &TPM2_SelfTest, - /* inSize */ (UINT16)(sizeof(SelfTest_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SelfTest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_SelfTest, + /* inSize */ (UINT16)(sizeof(SelfTest_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(SelfTest_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_YES_NO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _SelfTestDataAddress (&_SelfTestData) #else #define _SelfTestDataAddress 0 -#endif -#if CC_IncrementalSelfTest -#include "IncrementalSelfTest_fp.h" -typedef TPM_RC (IncrementalSelfTest_Entry)( - IncrementalSelfTest_In *in, - IncrementalSelfTest_Out *out - ); -typedef const struct { - IncrementalSelfTest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; +#endif // CC_SelfTest + +#if CC_IncrementalSelfTest +#include "IncrementalSelfTest_fp.h" + +typedef TPM_RC (IncrementalSelfTest_Entry)( + IncrementalSelfTest_In* in, + IncrementalSelfTest_Out* out +); + + +typedef const struct +{ + IncrementalSelfTest_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; } IncrementalSelfTest_COMMAND_DESCRIPTOR_t; + IncrementalSelfTest_COMMAND_DESCRIPTOR_t _IncrementalSelfTestData = { - /* entry */ &TPM2_IncrementalSelfTest, - /* inSize */ (UINT16)(sizeof(IncrementalSelfTest_In)), - /* outSize */ (UINT16)(sizeof(IncrementalSelfTest_Out)), - /* offsetOfTypes */ offsetof(IncrementalSelfTest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPML_ALG_P_UNMARSHAL, - END_OF_LIST, - TPML_ALG_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_IncrementalSelfTest, + /* inSize */ (UINT16)(sizeof(IncrementalSelfTest_In)), + /* outSize */ (UINT16)(sizeof(IncrementalSelfTest_Out)), + /* offsetOfTypes */ offsetof(IncrementalSelfTest_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPML_ALG_P_UNMARSHAL, + END_OF_LIST, + TPML_ALG_P_MARSHAL, + END_OF_LIST} }; + #define _IncrementalSelfTestDataAddress (&_IncrementalSelfTestData) #else #define _IncrementalSelfTestDataAddress 0 -#endif -#if CC_GetTestResult -#include "GetTestResult_fp.h" -typedef TPM_RC (GetTestResult_Entry)( - GetTestResult_Out *out - ); -typedef const struct { - GetTestResult_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_IncrementalSelfTest + +#if CC_GetTestResult +#include "GetTestResult_fp.h" + +typedef TPM_RC (GetTestResult_Entry)( + GetTestResult_Out* out +); + + +typedef const struct +{ + GetTestResult_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } GetTestResult_COMMAND_DESCRIPTOR_t; + GetTestResult_COMMAND_DESCRIPTOR_t _GetTestResultData = { - /* entry */ &TPM2_GetTestResult, - /* inSize */ 0, - /* outSize */ (UINT16)(sizeof(GetTestResult_Out)), - /* offsetOfTypes */ offsetof(GetTestResult_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetTestResult_Out, testResult))}, - /* types */ {END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM_RC_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_GetTestResult, + /* inSize */ 0, + /* outSize */ (UINT16)(sizeof(GetTestResult_Out)), + /* offsetOfTypes */ offsetof(GetTestResult_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(GetTestResult_Out, testResult))}, + /* types */ {END_OF_LIST, + TPM2B_MAX_BUFFER_P_MARSHAL, + TPM_RC_P_MARSHAL, + END_OF_LIST} }; + #define _GetTestResultDataAddress (&_GetTestResultData) #else #define _GetTestResultDataAddress 0 -#endif -#if CC_StartAuthSession -#include "StartAuthSession_fp.h" -typedef TPM_RC (StartAuthSession_Entry)( - StartAuthSession_In *in, - StartAuthSession_Out *out - ); -typedef const struct { - StartAuthSession_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[7]; - BYTE types[11]; +#endif // CC_GetTestResult + +#if CC_StartAuthSession +#include "StartAuthSession_fp.h" + +typedef TPM_RC (StartAuthSession_Entry)( + StartAuthSession_In* in, + StartAuthSession_Out* out +); + + +typedef const struct +{ + StartAuthSession_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[7]; + BYTE types[11]; } StartAuthSession_COMMAND_DESCRIPTOR_t; + StartAuthSession_COMMAND_DESCRIPTOR_t _StartAuthSessionData = { - /* entry */ &TPM2_StartAuthSession, - /* inSize */ (UINT16)(sizeof(StartAuthSession_In)), - /* outSize */ (UINT16)(sizeof(StartAuthSession_Out)), - /* offsetOfTypes */ offsetof(StartAuthSession_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(StartAuthSession_In, bind)), - (UINT16)(offsetof(StartAuthSession_In, nonceCaller)), - (UINT16)(offsetof(StartAuthSession_In, encryptedSalt)), - (UINT16)(offsetof(StartAuthSession_In, sessionType)), - (UINT16)(offsetof(StartAuthSession_In, symmetric)), - (UINT16)(offsetof(StartAuthSession_In, authHash)), - (UINT16)(offsetof(StartAuthSession_Out, nonceTPM))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_DH_ENTITY_H_UNMARSHAL + ADD_FLAG, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, - TPM_SE_P_UNMARSHAL, - TPMT_SYM_DEF_P_UNMARSHAL + ADD_FLAG, - TPMI_ALG_HASH_P_UNMARSHAL, - END_OF_LIST, - TPMI_SH_AUTH_SESSION_H_MARSHAL, - TPM2B_NONCE_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_StartAuthSession, + /* inSize */ (UINT16)(sizeof(StartAuthSession_In)), + /* outSize */ (UINT16)(sizeof(StartAuthSession_Out)), + /* offsetOfTypes */ offsetof(StartAuthSession_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(StartAuthSession_In, bind)), + (UINT16)(offsetof(StartAuthSession_In, nonceCaller)), + (UINT16)(offsetof(StartAuthSession_In, encryptedSalt)), + (UINT16)(offsetof(StartAuthSession_In, sessionType)), + (UINT16)(offsetof(StartAuthSession_In, symmetric)), + (UINT16)(offsetof(StartAuthSession_In, authHash)), + (UINT16)(offsetof(StartAuthSession_Out, nonceTPM))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPMI_DH_ENTITY_H_UNMARSHAL + ADD_FLAG, + TPM2B_NONCE_P_UNMARSHAL, + TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, + TPM_SE_P_UNMARSHAL, + TPMT_SYM_DEF_P_UNMARSHAL + ADD_FLAG, + TPMI_ALG_HASH_P_UNMARSHAL, + END_OF_LIST, + TPMI_SH_AUTH_SESSION_H_MARSHAL, + TPM2B_NONCE_P_MARSHAL, + END_OF_LIST} }; + #define _StartAuthSessionDataAddress (&_StartAuthSessionData) #else #define _StartAuthSessionDataAddress 0 -#endif -#if CC_PolicyRestart -#include "PolicyRestart_fp.h" -typedef TPM_RC (PolicyRestart_Entry)( - PolicyRestart_In *in - ); -typedef const struct { - PolicyRestart_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_StartAuthSession + +#if CC_PolicyRestart +#include "PolicyRestart_fp.h" + +typedef TPM_RC (PolicyRestart_Entry)( + PolicyRestart_In* in +); + + +typedef const struct +{ + PolicyRestart_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } PolicyRestart_COMMAND_DESCRIPTOR_t; + PolicyRestart_COMMAND_DESCRIPTOR_t _PolicyRestartData = { - /* entry */ &TPM2_PolicyRestart, - /* inSize */ (UINT16)(sizeof(PolicyRestart_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyRestart_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyRestart, + /* inSize */ (UINT16)(sizeof(PolicyRestart_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyRestart_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyRestartDataAddress (&_PolicyRestartData) #else #define _PolicyRestartDataAddress 0 -#endif -#if CC_Create -#include "Create_fp.h" -typedef TPM_RC (Create_Entry)( - Create_In *in, - Create_Out *out - ); -typedef const struct { - Create_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[8]; - BYTE types[12]; +#endif // CC_PolicyRestart + +#if CC_Create +#include "Create_fp.h" + +typedef TPM_RC (Create_Entry)( + Create_In* in, + Create_Out* out +); + + +typedef const struct +{ + Create_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[8]; + BYTE types[12]; } Create_COMMAND_DESCRIPTOR_t; + Create_COMMAND_DESCRIPTOR_t _CreateData = { - /* entry */ &TPM2_Create, - /* inSize */ (UINT16)(sizeof(Create_In)), - /* outSize */ (UINT16)(sizeof(Create_Out)), - /* offsetOfTypes */ offsetof(Create_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Create_In, inSensitive)), - (UINT16)(offsetof(Create_In, inPublic)), - (UINT16)(offsetof(Create_In, outsideInfo)), - (UINT16)(offsetof(Create_In, creationPCR)), - (UINT16)(offsetof(Create_Out, outPublic)), - (UINT16)(offsetof(Create_Out, creationData)), - (UINT16)(offsetof(Create_Out, creationHash)), - (UINT16)(offsetof(Create_Out, creationTicket))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PRIVATE_P_MARSHAL, - TPM2B_PUBLIC_P_MARSHAL, - TPM2B_CREATION_DATA_P_MARSHAL, - TPM2B_DIGEST_P_MARSHAL, - TPMT_TK_CREATION_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_Create, + /* inSize */ (UINT16)(sizeof(Create_In)), + /* outSize */ (UINT16)(sizeof(Create_Out)), + /* offsetOfTypes */ offsetof(Create_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Create_In, inSensitive)), + (UINT16)(offsetof(Create_In, inPublic)), + (UINT16)(offsetof(Create_In, outsideInfo)), + (UINT16)(offsetof(Create_In, creationPCR)), + (UINT16)(offsetof(Create_Out, outPublic)), + (UINT16)(offsetof(Create_Out, creationData)), + (UINT16)(offsetof(Create_Out, creationHash)), + (UINT16)(offsetof(Create_Out, creationTicket))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, + TPM2B_PUBLIC_P_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPML_PCR_SELECTION_P_UNMARSHAL, + END_OF_LIST, + TPM2B_PRIVATE_P_MARSHAL, + TPM2B_PUBLIC_P_MARSHAL, + TPM2B_CREATION_DATA_P_MARSHAL, + TPM2B_DIGEST_P_MARSHAL, + TPMT_TK_CREATION_P_MARSHAL, + END_OF_LIST} }; + #define _CreateDataAddress (&_CreateData) #else #define _CreateDataAddress 0 -#endif -#if CC_Load -#include "Load_fp.h" -typedef TPM_RC (Load_Entry)( - Load_In *in, - Load_Out *out - ); -typedef const struct { - Load_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; +#endif // CC_Create + +#if CC_Load +#include "Load_fp.h" + +typedef TPM_RC (Load_Entry)( + Load_In* in, + Load_Out* out +); + + +typedef const struct +{ + Load_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; } Load_COMMAND_DESCRIPTOR_t; + Load_COMMAND_DESCRIPTOR_t _LoadData = { - /* entry */ &TPM2_Load, - /* inSize */ (UINT16)(sizeof(Load_In)), - /* outSize */ (UINT16)(sizeof(Load_Out)), - /* offsetOfTypes */ offsetof(Load_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Load_In, inPrivate)), - (UINT16)(offsetof(Load_In, inPublic)), - (UINT16)(offsetof(Load_Out, name))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_PRIVATE_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL, - END_OF_LIST, - TPM_HANDLE_H_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_Load, + /* inSize */ (UINT16)(sizeof(Load_In)), + /* outSize */ (UINT16)(sizeof(Load_Out)), + /* offsetOfTypes */ offsetof(Load_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Load_In, inPrivate)), + (UINT16)(offsetof(Load_In, inPublic)), + (UINT16)(offsetof(Load_Out, name))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_PRIVATE_P_UNMARSHAL, + TPM2B_PUBLIC_P_UNMARSHAL, + END_OF_LIST, + TPM_HANDLE_H_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} }; + #define _LoadDataAddress (&_LoadData) #else #define _LoadDataAddress 0 -#endif -#if CC_LoadExternal -#include "LoadExternal_fp.h" -typedef TPM_RC (LoadExternal_Entry)( - LoadExternal_In *in, - LoadExternal_Out *out - ); -typedef const struct { - LoadExternal_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; +#endif // CC_Load + +#if CC_LoadExternal +#include "LoadExternal_fp.h" + +typedef TPM_RC (LoadExternal_Entry)( + LoadExternal_In* in, + LoadExternal_Out* out +); + + +typedef const struct +{ + LoadExternal_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; } LoadExternal_COMMAND_DESCRIPTOR_t; + LoadExternal_COMMAND_DESCRIPTOR_t _LoadExternalData = { - /* entry */ &TPM2_LoadExternal, - /* inSize */ (UINT16)(sizeof(LoadExternal_In)), - /* outSize */ (UINT16)(sizeof(LoadExternal_Out)), - /* offsetOfTypes */ offsetof(LoadExternal_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(LoadExternal_In, inPublic)), - (UINT16)(offsetof(LoadExternal_In, hierarchy)), - (UINT16)(offsetof(LoadExternal_Out, name))}, - /* types */ {TPM2B_SENSITIVE_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL + ADD_FLAG, - TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM_HANDLE_H_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_LoadExternal, + /* inSize */ (UINT16)(sizeof(LoadExternal_In)), + /* outSize */ (UINT16)(sizeof(LoadExternal_Out)), + /* offsetOfTypes */ offsetof(LoadExternal_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(LoadExternal_In, inPublic)), + (UINT16)(offsetof(LoadExternal_In, hierarchy)), + (UINT16)(offsetof(LoadExternal_Out, name))}, + /* types */ {TPM2B_SENSITIVE_P_UNMARSHAL, + TPM2B_PUBLIC_P_UNMARSHAL + ADD_FLAG, + TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM_HANDLE_H_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} }; + #define _LoadExternalDataAddress (&_LoadExternalData) #else #define _LoadExternalDataAddress 0 -#endif -#if CC_ReadPublic -#include "ReadPublic_fp.h" -typedef TPM_RC (ReadPublic_Entry)( - ReadPublic_In *in, - ReadPublic_Out *out - ); -typedef const struct { - ReadPublic_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; +#endif // CC_LoadExternal + +#if CC_ReadPublic +#include "ReadPublic_fp.h" + +typedef TPM_RC (ReadPublic_Entry)( + ReadPublic_In* in, + ReadPublic_Out* out +); + + +typedef const struct +{ + ReadPublic_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; } ReadPublic_COMMAND_DESCRIPTOR_t; + ReadPublic_COMMAND_DESCRIPTOR_t _ReadPublicData = { - /* entry */ &TPM2_ReadPublic, - /* inSize */ (UINT16)(sizeof(ReadPublic_In)), - /* outSize */ (UINT16)(sizeof(ReadPublic_Out)), - /* offsetOfTypes */ offsetof(ReadPublic_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ReadPublic_Out, name)), - (UINT16)(offsetof(ReadPublic_Out, qualifiedName))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - END_OF_LIST, - TPM2B_PUBLIC_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_ReadPublic, + /* inSize */ (UINT16)(sizeof(ReadPublic_In)), + /* outSize */ (UINT16)(sizeof(ReadPublic_Out)), + /* offsetOfTypes */ offsetof(ReadPublic_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ReadPublic_Out, name)), + (UINT16)(offsetof(ReadPublic_Out, qualifiedName))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + END_OF_LIST, + TPM2B_PUBLIC_P_MARSHAL, + TPM2B_NAME_P_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} }; + #define _ReadPublicDataAddress (&_ReadPublicData) #else #define _ReadPublicDataAddress 0 -#endif -#if CC_ActivateCredential -#include "ActivateCredential_fp.h" -typedef TPM_RC (ActivateCredential_Entry)( - ActivateCredential_In *in, - ActivateCredential_Out *out - ); -typedef const struct { +#endif // CC_ReadPublic + +#if CC_ActivateCredential +#include "ActivateCredential_fp.h" + +typedef TPM_RC (ActivateCredential_Entry)( + ActivateCredential_In* in, + ActivateCredential_Out* out +); + + +typedef const struct +{ ActivateCredential_Entry *entry; UINT16 inSize; UINT16 outSize; @@ -727,436 +809,596 @@ typedef const struct { UINT16 paramOffsets[3]; BYTE types[7]; } ActivateCredential_COMMAND_DESCRIPTOR_t; + ActivateCredential_COMMAND_DESCRIPTOR_t _ActivateCredentialData = { - /* entry */ &TPM2_ActivateCredential, - /* inSize */ (UINT16)(sizeof(ActivateCredential_In)), - /* outSize */ (UINT16)(sizeof(ActivateCredential_Out)), - /* offsetOfTypes */ offsetof(ActivateCredential_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ActivateCredential_In, keyHandle)), - (UINT16)(offsetof(ActivateCredential_In, credentialBlob)), - (UINT16)(offsetof(ActivateCredential_In, secret))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ID_OBJECT_P_UNMARSHAL, - TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_ActivateCredential, + /* inSize */ (UINT16)(sizeof(ActivateCredential_In)), + /* outSize */ (UINT16)(sizeof(ActivateCredential_Out)), + /* offsetOfTypes */ offsetof(ActivateCredential_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ActivateCredential_In, keyHandle)), + (UINT16)(offsetof(ActivateCredential_In, credentialBlob)), + (UINT16)(offsetof(ActivateCredential_In, secret))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_ID_OBJECT_P_UNMARSHAL, + TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + END_OF_LIST} }; + #define _ActivateCredentialDataAddress (&_ActivateCredentialData) #else #define _ActivateCredentialDataAddress 0 -#endif -#if CC_MakeCredential -#include "MakeCredential_fp.h" -typedef TPM_RC (MakeCredential_Entry)( - MakeCredential_In *in, - MakeCredential_Out *out - ); -typedef const struct { - MakeCredential_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; +#endif // CC_ActivateCredential + +#if CC_MakeCredential +#include "MakeCredential_fp.h" + +typedef TPM_RC (MakeCredential_Entry)( + MakeCredential_In* in, + MakeCredential_Out* out +); + + +typedef const struct +{ + MakeCredential_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; } MakeCredential_COMMAND_DESCRIPTOR_t; + MakeCredential_COMMAND_DESCRIPTOR_t _MakeCredentialData = { - /* entry */ &TPM2_MakeCredential, - /* inSize */ (UINT16)(sizeof(MakeCredential_In)), - /* outSize */ (UINT16)(sizeof(MakeCredential_Out)), - /* offsetOfTypes */ offsetof(MakeCredential_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(MakeCredential_In, credential)), - (UINT16)(offsetof(MakeCredential_In, objectName)), - (UINT16)(offsetof(MakeCredential_Out, secret))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ID_OBJECT_P_MARSHAL, - TPM2B_ENCRYPTED_SECRET_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_MakeCredential, + /* inSize */ (UINT16)(sizeof(MakeCredential_In)), + /* outSize */ (UINT16)(sizeof(MakeCredential_Out)), + /* offsetOfTypes */ offsetof(MakeCredential_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(MakeCredential_In, credential)), + (UINT16)(offsetof(MakeCredential_In, objectName)), + (UINT16)(offsetof(MakeCredential_Out, secret))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ID_OBJECT_P_MARSHAL, + TPM2B_ENCRYPTED_SECRET_P_MARSHAL, + END_OF_LIST} }; + #define _MakeCredentialDataAddress (&_MakeCredentialData) #else #define _MakeCredentialDataAddress 0 -#endif -#if CC_Unseal -#include "Unseal_fp.h" -typedef TPM_RC (Unseal_Entry)( - Unseal_In *in, - Unseal_Out *out - ); -typedef const struct { - Unseal_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; +#endif // CC_MakeCredential + +#if CC_Unseal +#include "Unseal_fp.h" + +typedef TPM_RC (Unseal_Entry)( + Unseal_In* in, + Unseal_Out* out +); + + +typedef const struct +{ + Unseal_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; } Unseal_COMMAND_DESCRIPTOR_t; + Unseal_COMMAND_DESCRIPTOR_t _UnsealData = { - /* entry */ &TPM2_Unseal, - /* inSize */ (UINT16)(sizeof(Unseal_In)), - /* outSize */ (UINT16)(sizeof(Unseal_Out)), - /* offsetOfTypes */ offsetof(Unseal_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - END_OF_LIST, - TPM2B_SENSITIVE_DATA_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_Unseal, + /* inSize */ (UINT16)(sizeof(Unseal_In)), + /* outSize */ (UINT16)(sizeof(Unseal_Out)), + /* offsetOfTypes */ offsetof(Unseal_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + END_OF_LIST, + TPM2B_SENSITIVE_DATA_P_MARSHAL, + END_OF_LIST} }; + #define _UnsealDataAddress (&_UnsealData) #else #define _UnsealDataAddress 0 -#endif -#if CC_ObjectChangeAuth -#include "ObjectChangeAuth_fp.h" -typedef TPM_RC (ObjectChangeAuth_Entry)( - ObjectChangeAuth_In *in, - ObjectChangeAuth_Out *out - ); -typedef const struct { - ObjectChangeAuth_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; +#endif // CC_Unseal + +#if CC_ObjectChangeAuth +#include "ObjectChangeAuth_fp.h" + +typedef TPM_RC (ObjectChangeAuth_Entry)( + ObjectChangeAuth_In* in, + ObjectChangeAuth_Out* out +); + + +typedef const struct +{ + ObjectChangeAuth_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; } ObjectChangeAuth_COMMAND_DESCRIPTOR_t; + ObjectChangeAuth_COMMAND_DESCRIPTOR_t _ObjectChangeAuthData = { - /* entry */ &TPM2_ObjectChangeAuth, - /* inSize */ (UINT16)(sizeof(ObjectChangeAuth_In)), - /* outSize */ (UINT16)(sizeof(ObjectChangeAuth_Out)), - /* offsetOfTypes */ offsetof(ObjectChangeAuth_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ObjectChangeAuth_In, parentHandle)), - (UINT16)(offsetof(ObjectChangeAuth_In, newAuth))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PRIVATE_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_ObjectChangeAuth, + /* inSize */ (UINT16)(sizeof(ObjectChangeAuth_In)), + /* outSize */ (UINT16)(sizeof(ObjectChangeAuth_Out)), + /* offsetOfTypes */ offsetof(ObjectChangeAuth_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ObjectChangeAuth_In, parentHandle)), + (UINT16)(offsetof(ObjectChangeAuth_In, newAuth))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_AUTH_P_UNMARSHAL, + END_OF_LIST, + TPM2B_PRIVATE_P_MARSHAL, + END_OF_LIST} }; + #define _ObjectChangeAuthDataAddress (&_ObjectChangeAuthData) #else #define _ObjectChangeAuthDataAddress 0 -#endif -#if CC_CreateLoaded -#include "CreateLoaded_fp.h" -typedef TPM_RC (CreateLoaded_Entry)( - CreateLoaded_In *in, - CreateLoaded_Out *out - ); -typedef const struct { - CreateLoaded_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; +#endif // CC_ObjectChangeAuth + +#if CC_CreateLoaded +#include "CreateLoaded_fp.h" + +typedef TPM_RC (CreateLoaded_Entry)( + CreateLoaded_In* in, + CreateLoaded_Out* out +); + + +typedef const struct +{ + CreateLoaded_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; } CreateLoaded_COMMAND_DESCRIPTOR_t; + CreateLoaded_COMMAND_DESCRIPTOR_t _CreateLoadedData = { - /* entry */ &TPM2_CreateLoaded, - /* inSize */ (UINT16)(sizeof(CreateLoaded_In)), - /* outSize */ (UINT16)(sizeof(CreateLoaded_Out)), - /* offsetOfTypes */ offsetof(CreateLoaded_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(CreateLoaded_In, inSensitive)), - (UINT16)(offsetof(CreateLoaded_In, inPublic)), - (UINT16)(offsetof(CreateLoaded_Out, outPrivate)), - (UINT16)(offsetof(CreateLoaded_Out, outPublic)), - (UINT16)(offsetof(CreateLoaded_Out, name))}, - /* types */ {TPMI_DH_PARENT_H_UNMARSHAL + ADD_FLAG, - TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, - TPM2B_TEMPLATE_P_UNMARSHAL, - END_OF_LIST, - TPM_HANDLE_H_MARSHAL, - TPM2B_PRIVATE_P_MARSHAL, - TPM2B_PUBLIC_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_CreateLoaded, + /* inSize */ (UINT16)(sizeof(CreateLoaded_In)), + /* outSize */ (UINT16)(sizeof(CreateLoaded_Out)), + /* offsetOfTypes */ offsetof(CreateLoaded_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(CreateLoaded_In, inSensitive)), + (UINT16)(offsetof(CreateLoaded_In, inPublic)), + (UINT16)(offsetof(CreateLoaded_Out, outPrivate)), + (UINT16)(offsetof(CreateLoaded_Out, outPublic)), + (UINT16)(offsetof(CreateLoaded_Out, name))}, + /* types */ {TPMI_DH_PARENT_H_UNMARSHAL + ADD_FLAG, + TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, + TPM2B_TEMPLATE_P_UNMARSHAL, + END_OF_LIST, + TPM_HANDLE_H_MARSHAL, + TPM2B_PRIVATE_P_MARSHAL, + TPM2B_PUBLIC_P_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} }; + #define _CreateLoadedDataAddress (&_CreateLoadedData) #else #define _CreateLoadedDataAddress 0 -#endif -#if CC_Duplicate -#include "Duplicate_fp.h" -typedef TPM_RC (Duplicate_Entry)( - Duplicate_In *in, - Duplicate_Out *out - ); -typedef const struct { - Duplicate_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; +#endif // CC_CreateLoaded + +#if CC_Duplicate +#include "Duplicate_fp.h" + +typedef TPM_RC (Duplicate_Entry)( + Duplicate_In* in, + Duplicate_Out* out +); + + +typedef const struct +{ + Duplicate_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; } Duplicate_COMMAND_DESCRIPTOR_t; + Duplicate_COMMAND_DESCRIPTOR_t _DuplicateData = { - /* entry */ &TPM2_Duplicate, - /* inSize */ (UINT16)(sizeof(Duplicate_In)), - /* outSize */ (UINT16)(sizeof(Duplicate_Out)), - /* offsetOfTypes */ offsetof(Duplicate_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Duplicate_In, newParentHandle)), - (UINT16)(offsetof(Duplicate_In, encryptionKeyIn)), - (UINT16)(offsetof(Duplicate_In, symmetricAlg)), - (UINT16)(offsetof(Duplicate_Out, duplicate)), - (UINT16)(offsetof(Duplicate_Out, outSymSeed))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SYM_DEF_OBJECT_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DATA_P_MARSHAL, - TPM2B_PRIVATE_P_MARSHAL, - TPM2B_ENCRYPTED_SECRET_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_Duplicate, + /* inSize */ (UINT16)(sizeof(Duplicate_In)), + /* outSize */ (UINT16)(sizeof(Duplicate_Out)), + /* offsetOfTypes */ offsetof(Duplicate_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Duplicate_In, newParentHandle)), + (UINT16)(offsetof(Duplicate_In, encryptionKeyIn)), + (UINT16)(offsetof(Duplicate_In, symmetricAlg)), + (UINT16)(offsetof(Duplicate_Out, duplicate)), + (UINT16)(offsetof(Duplicate_Out, outSymSeed))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SYM_DEF_OBJECT_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_DATA_P_MARSHAL, + TPM2B_PRIVATE_P_MARSHAL, + TPM2B_ENCRYPTED_SECRET_P_MARSHAL, + END_OF_LIST} }; + #define _DuplicateDataAddress (&_DuplicateData) #else #define _DuplicateDataAddress 0 -#endif -#if CC_Rewrap -#include "Rewrap_fp.h" -typedef TPM_RC (Rewrap_Entry)( - Rewrap_In *in, - Rewrap_Out *out - ); -typedef const struct { - Rewrap_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; +#endif // CC_Duplicate + +#if CC_Rewrap +#include "Rewrap_fp.h" + +typedef TPM_RC (Rewrap_Entry)( + Rewrap_In* in, + Rewrap_Out* out +); + + +typedef const struct +{ + Rewrap_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; } Rewrap_COMMAND_DESCRIPTOR_t; + Rewrap_COMMAND_DESCRIPTOR_t _RewrapData = { - /* entry */ &TPM2_Rewrap, - /* inSize */ (UINT16)(sizeof(Rewrap_In)), - /* outSize */ (UINT16)(sizeof(Rewrap_Out)), - /* offsetOfTypes */ offsetof(Rewrap_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Rewrap_In, newParent)), - (UINT16)(offsetof(Rewrap_In, inDuplicate)), - (UINT16)(offsetof(Rewrap_In, name)), - (UINT16)(offsetof(Rewrap_In, inSymSeed)), - (UINT16)(offsetof(Rewrap_Out, outSymSeed))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_PRIVATE_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PRIVATE_P_MARSHAL, - TPM2B_ENCRYPTED_SECRET_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_Rewrap, + /* inSize */ (UINT16)(sizeof(Rewrap_In)), + /* outSize */ (UINT16)(sizeof(Rewrap_Out)), + /* offsetOfTypes */ offsetof(Rewrap_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Rewrap_In, newParent)), + (UINT16)(offsetof(Rewrap_In, inDuplicate)), + (UINT16)(offsetof(Rewrap_In, name)), + (UINT16)(offsetof(Rewrap_In, inSymSeed)), + (UINT16)(offsetof(Rewrap_Out, outSymSeed))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_PRIVATE_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, + END_OF_LIST, + TPM2B_PRIVATE_P_MARSHAL, + TPM2B_ENCRYPTED_SECRET_P_MARSHAL, + END_OF_LIST} }; + #define _RewrapDataAddress (&_RewrapData) #else #define _RewrapDataAddress 0 -#endif -#if CC_Import -#include "Import_fp.h" -typedef TPM_RC (Import_Entry)( - Import_In *in, - Import_Out *out - ); -typedef const struct { - Import_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; +#endif // CC_Rewrap + +#if CC_Import +#include "Import_fp.h" + +typedef TPM_RC (Import_Entry)( + Import_In* in, + Import_Out* out +); + + +typedef const struct +{ + Import_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; } Import_COMMAND_DESCRIPTOR_t; + Import_COMMAND_DESCRIPTOR_t _ImportData = { - /* entry */ &TPM2_Import, - /* inSize */ (UINT16)(sizeof(Import_In)), - /* outSize */ (UINT16)(sizeof(Import_Out)), - /* offsetOfTypes */ offsetof(Import_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Import_In, encryptionKey)), - (UINT16)(offsetof(Import_In, objectPublic)), - (UINT16)(offsetof(Import_In, duplicate)), - (UINT16)(offsetof(Import_In, inSymSeed)), - (UINT16)(offsetof(Import_In, symmetricAlg))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL, - TPM2B_PRIVATE_P_UNMARSHAL, - TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, - TPMT_SYM_DEF_OBJECT_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_PRIVATE_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_Import, + /* inSize */ (UINT16)(sizeof(Import_In)), + /* outSize */ (UINT16)(sizeof(Import_Out)), + /* offsetOfTypes */ offsetof(Import_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Import_In, encryptionKey)), + (UINT16)(offsetof(Import_In, objectPublic)), + (UINT16)(offsetof(Import_In, duplicate)), + (UINT16)(offsetof(Import_In, inSymSeed)), + (UINT16)(offsetof(Import_In, symmetricAlg))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPM2B_PUBLIC_P_UNMARSHAL, + TPM2B_PRIVATE_P_UNMARSHAL, + TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, + TPMT_SYM_DEF_OBJECT_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_PRIVATE_P_MARSHAL, + END_OF_LIST} }; + #define _ImportDataAddress (&_ImportData) #else #define _ImportDataAddress 0 -#endif -#if CC_RSA_Encrypt -#include "RSA_Encrypt_fp.h" -typedef TPM_RC (RSA_Encrypt_Entry)( - RSA_Encrypt_In *in, - RSA_Encrypt_Out *out - ); -typedef const struct { - RSA_Encrypt_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; +#endif // CC_Import + +#if CC_RSA_Encrypt +#include "RSA_Encrypt_fp.h" + +typedef TPM_RC (RSA_Encrypt_Entry)( + RSA_Encrypt_In* in, + RSA_Encrypt_Out* out +); + + +typedef const struct +{ + RSA_Encrypt_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; } RSA_Encrypt_COMMAND_DESCRIPTOR_t; + RSA_Encrypt_COMMAND_DESCRIPTOR_t _RSA_EncryptData = { - /* entry */ &TPM2_RSA_Encrypt, - /* inSize */ (UINT16)(sizeof(RSA_Encrypt_In)), - /* outSize */ (UINT16)(sizeof(RSA_Encrypt_Out)), - /* offsetOfTypes */ offsetof(RSA_Encrypt_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(RSA_Encrypt_In, message)), - (UINT16)(offsetof(RSA_Encrypt_In, inScheme)), - (UINT16)(offsetof(RSA_Encrypt_In, label))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL, - TPMT_RSA_DECRYPT_P_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PUBLIC_KEY_RSA_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_RSA_Encrypt, + /* inSize */ (UINT16)(sizeof(RSA_Encrypt_In)), + /* outSize */ (UINT16)(sizeof(RSA_Encrypt_Out)), + /* offsetOfTypes */ offsetof(RSA_Encrypt_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(RSA_Encrypt_In, message)), + (UINT16)(offsetof(RSA_Encrypt_In, inScheme)), + (UINT16)(offsetof(RSA_Encrypt_In, label))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL, + TPMT_RSA_DECRYPT_P_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + END_OF_LIST, + TPM2B_PUBLIC_KEY_RSA_P_MARSHAL, + END_OF_LIST} }; + #define _RSA_EncryptDataAddress (&_RSA_EncryptData) #else #define _RSA_EncryptDataAddress 0 -#endif -#if CC_RSA_Decrypt -#include "RSA_Decrypt_fp.h" -typedef TPM_RC (RSA_Decrypt_Entry)( - RSA_Decrypt_In *in, - RSA_Decrypt_Out *out - ); -typedef const struct { - RSA_Decrypt_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; +#endif // CC_RSA_Encrypt + +#if CC_RSA_Decrypt +#include "RSA_Decrypt_fp.h" + +typedef TPM_RC (RSA_Decrypt_Entry)( + RSA_Decrypt_In* in, + RSA_Decrypt_Out* out +); + + +typedef const struct +{ + RSA_Decrypt_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; } RSA_Decrypt_COMMAND_DESCRIPTOR_t; + RSA_Decrypt_COMMAND_DESCRIPTOR_t _RSA_DecryptData = { - /* entry */ &TPM2_RSA_Decrypt, - /* inSize */ (UINT16)(sizeof(RSA_Decrypt_In)), - /* outSize */ (UINT16)(sizeof(RSA_Decrypt_Out)), - /* offsetOfTypes */ offsetof(RSA_Decrypt_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(RSA_Decrypt_In, cipherText)), - (UINT16)(offsetof(RSA_Decrypt_In, inScheme)), - (UINT16)(offsetof(RSA_Decrypt_In, label))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL, - TPMT_RSA_DECRYPT_P_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - END_OF_LIST, - TPM2B_PUBLIC_KEY_RSA_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_RSA_Decrypt, + /* inSize */ (UINT16)(sizeof(RSA_Decrypt_In)), + /* outSize */ (UINT16)(sizeof(RSA_Decrypt_Out)), + /* offsetOfTypes */ offsetof(RSA_Decrypt_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(RSA_Decrypt_In, cipherText)), + (UINT16)(offsetof(RSA_Decrypt_In, inScheme)), + (UINT16)(offsetof(RSA_Decrypt_In, label))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL, + TPMT_RSA_DECRYPT_P_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + END_OF_LIST, + TPM2B_PUBLIC_KEY_RSA_P_MARSHAL, + END_OF_LIST} }; + #define _RSA_DecryptDataAddress (&_RSA_DecryptData) #else #define _RSA_DecryptDataAddress 0 -#endif -#if CC_ECDH_KeyGen -#include "ECDH_KeyGen_fp.h" -typedef TPM_RC (ECDH_KeyGen_Entry)( - ECDH_KeyGen_In *in, - ECDH_KeyGen_Out *out - ); -typedef const struct { - ECDH_KeyGen_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; +#endif // CC_RSA_Decrypt + +#if CC_ECDH_KeyGen +#include "ECDH_KeyGen_fp.h" + +typedef TPM_RC (ECDH_KeyGen_Entry)( + ECDH_KeyGen_In* in, + ECDH_KeyGen_Out* out +); + + +typedef const struct +{ + ECDH_KeyGen_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; } ECDH_KeyGen_COMMAND_DESCRIPTOR_t; + ECDH_KeyGen_COMMAND_DESCRIPTOR_t _ECDH_KeyGenData = { - /* entry */ &TPM2_ECDH_KeyGen, - /* inSize */ (UINT16)(sizeof(ECDH_KeyGen_In)), - /* outSize */ (UINT16)(sizeof(ECDH_KeyGen_Out)), - /* offsetOfTypes */ offsetof(ECDH_KeyGen_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ECDH_KeyGen_Out, pubPoint))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_ECC_POINT_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_ECDH_KeyGen, + /* inSize */ (UINT16)(sizeof(ECDH_KeyGen_In)), + /* outSize */ (UINT16)(sizeof(ECDH_KeyGen_Out)), + /* offsetOfTypes */ offsetof(ECDH_KeyGen_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ECDH_KeyGen_Out, pubPoint))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + END_OF_LIST, + TPM2B_ECC_POINT_P_MARSHAL, + TPM2B_ECC_POINT_P_MARSHAL, + END_OF_LIST} }; + #define _ECDH_KeyGenDataAddress (&_ECDH_KeyGenData) #else #define _ECDH_KeyGenDataAddress 0 -#endif -#if CC_ECDH_ZGen -#include "ECDH_ZGen_fp.h" -typedef TPM_RC (ECDH_ZGen_Entry)( - ECDH_ZGen_In *in, - ECDH_ZGen_Out *out - ); -typedef const struct { - ECDH_ZGen_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; +#endif // CC_ECDH_KeyGen + +#if CC_ECDH_ZGen +#include "ECDH_ZGen_fp.h" + +typedef TPM_RC (ECDH_ZGen_Entry)( + ECDH_ZGen_In* in, + ECDH_ZGen_Out* out +); + + +typedef const struct +{ + ECDH_ZGen_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; } ECDH_ZGen_COMMAND_DESCRIPTOR_t; + ECDH_ZGen_COMMAND_DESCRIPTOR_t _ECDH_ZGenData = { - /* entry */ &TPM2_ECDH_ZGen, - /* inSize */ (UINT16)(sizeof(ECDH_ZGen_In)), - /* outSize */ (UINT16)(sizeof(ECDH_ZGen_Out)), - /* offsetOfTypes */ offsetof(ECDH_ZGen_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ECDH_ZGen_In, inPoint))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_ECDH_ZGen, + /* inSize */ (UINT16)(sizeof(ECDH_ZGen_In)), + /* outSize */ (UINT16)(sizeof(ECDH_ZGen_Out)), + /* offsetOfTypes */ offsetof(ECDH_ZGen_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ECDH_ZGen_In, inPoint))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_ECC_POINT_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ECC_POINT_P_MARSHAL, + END_OF_LIST} }; + #define _ECDH_ZGenDataAddress (&_ECDH_ZGenData) #else #define _ECDH_ZGenDataAddress 0 -#endif +#endif // CC_ECDH_ZGen -#if CC_ECC_Encrypt +#if CC_ECC_Parameters +#include "ECC_Parameters_fp.h" -#include "ECC_Encrypt_fp.h" +typedef TPM_RC (ECC_Parameters_Entry)( + ECC_Parameters_In* in, + ECC_Parameters_Out* out +); -typedef TPM_RC (ECC_Encrypt_Entry)( - ECC_Encrypt_In *in, - ECC_Encrypt_Out *out - ); -typedef const struct { - ECC_Encrypt_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; +typedef const struct +{ + ECC_Parameters_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; +} ECC_Parameters_COMMAND_DESCRIPTOR_t; + +ECC_Parameters_COMMAND_DESCRIPTOR_t _ECC_ParametersData = { + /* entry */ &TPM2_ECC_Parameters, + /* inSize */ (UINT16)(sizeof(ECC_Parameters_In)), + /* outSize */ (UINT16)(sizeof(ECC_Parameters_Out)), + /* offsetOfTypes */ offsetof(ECC_Parameters_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_ECC_CURVE_P_UNMARSHAL, + END_OF_LIST, + TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL, + END_OF_LIST} +}; + +#define _ECC_ParametersDataAddress (&_ECC_ParametersData) +#else +#define _ECC_ParametersDataAddress 0 +#endif // CC_ECC_Parameters + +#if CC_ZGen_2Phase +#include "ZGen_2Phase_fp.h" + +typedef TPM_RC (ZGen_2Phase_Entry)( + ZGen_2Phase_In* in, + ZGen_2Phase_Out* out +); + + +typedef const struct +{ + ZGen_2Phase_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; +} ZGen_2Phase_COMMAND_DESCRIPTOR_t; + +ZGen_2Phase_COMMAND_DESCRIPTOR_t _ZGen_2PhaseData = { + /* entry */ &TPM2_ZGen_2Phase, + /* inSize */ (UINT16)(sizeof(ZGen_2Phase_In)), + /* outSize */ (UINT16)(sizeof(ZGen_2Phase_Out)), + /* offsetOfTypes */ offsetof(ZGen_2Phase_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ZGen_2Phase_In, inQsB)), + (UINT16)(offsetof(ZGen_2Phase_In, inQeB)), + (UINT16)(offsetof(ZGen_2Phase_In, inScheme)), + (UINT16)(offsetof(ZGen_2Phase_In, counter)), + (UINT16)(offsetof(ZGen_2Phase_Out, outZ2))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_ECC_POINT_P_UNMARSHAL, + TPM2B_ECC_POINT_P_UNMARSHAL, + TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ECC_POINT_P_MARSHAL, + TPM2B_ECC_POINT_P_MARSHAL, + END_OF_LIST} +}; + +#define _ZGen_2PhaseDataAddress (&_ZGen_2PhaseData) +#else +#define _ZGen_2PhaseDataAddress 0 +#endif // CC_ZGen_2Phase + +#if CC_ECC_Encrypt +#include "ECC_Encrypt_fp.h" + +typedef TPM_RC (ECC_Encrypt_Entry)( + ECC_Encrypt_In* in, + ECC_Encrypt_Out* out +); + + +typedef const struct +{ + ECC_Encrypt_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[8]; } ECC_Encrypt_COMMAND_DESCRIPTOR_t; ECC_Encrypt_COMMAND_DESCRIPTOR_t _ECC_EncryptData = { - /* entry */ &TPM2_ECC_Encrypt, - /* inSize */ (UINT16)(sizeof(ECC_Encrypt_In)), - /* outSize */ (UINT16)(sizeof(ECC_Encrypt_Out)), - /* offsetOfTypes */ offsetof(ECC_Encrypt_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ECC_Encrypt_In, plainText)), - (UINT16)(offsetof(ECC_Encrypt_In, inScheme)), - (UINT16)(offsetof(ECC_Encrypt_Out, C2)), - (UINT16)(offsetof(ECC_Encrypt_Out, C3))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMT_KDF_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_ECC_Encrypt, + /* inSize */ (UINT16)(sizeof(ECC_Encrypt_In)), + /* outSize */ (UINT16)(sizeof(ECC_Encrypt_Out)), + /* offsetOfTypes */ offsetof(ECC_Encrypt_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ECC_Encrypt_In, plainText)), + (UINT16)(offsetof(ECC_Encrypt_In, inScheme)), + (UINT16)(offsetof(ECC_Encrypt_Out, C2)), + (UINT16)(offsetof(ECC_Encrypt_Out, C3))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + TPMT_KDF_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_ECC_POINT_P_MARSHAL, + TPM2B_MAX_BUFFER_P_MARSHAL, + TPM2B_DIGEST_P_MARSHAL, + END_OF_LIST} }; #define _ECC_EncryptDataAddress (&_ECC_EncryptData) @@ -1164,41 +1406,42 @@ ECC_Encrypt_COMMAND_DESCRIPTOR_t _ECC_EncryptData = { #define _ECC_EncryptDataAddress 0 #endif // CC_ECC_Encrypt -#if CC_ECC_Decrypt +#if CC_ECC_Decrypt +#include "ECC_Decrypt_fp.h" -#include "ECC_Decrypt_fp.h" +typedef TPM_RC (ECC_Decrypt_Entry)( + ECC_Decrypt_In* in, + ECC_Decrypt_Out* out +); -typedef TPM_RC (ECC_Decrypt_Entry)( - ECC_Decrypt_In *in, - ECC_Decrypt_Out *out - ); -typedef const struct { - ECC_Decrypt_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; +typedef const struct +{ + ECC_Decrypt_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[8]; } ECC_Decrypt_COMMAND_DESCRIPTOR_t; ECC_Decrypt_COMMAND_DESCRIPTOR_t _ECC_DecryptData = { - /* entry */ &TPM2_ECC_Decrypt, - /* inSize */ (UINT16)(sizeof(ECC_Decrypt_In)), - /* outSize */ (UINT16)(sizeof(ECC_Decrypt_Out)), - /* offsetOfTypes */ offsetof(ECC_Decrypt_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ECC_Decrypt_In, C1)), - (UINT16)(offsetof(ECC_Decrypt_In, C2)), - (UINT16)(offsetof(ECC_Decrypt_In, C3)), - (UINT16)(offsetof(ECC_Decrypt_In, inScheme))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_KDF_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_ECC_Decrypt, + /* inSize */ (UINT16)(sizeof(ECC_Decrypt_In)), + /* outSize */ (UINT16)(sizeof(ECC_Decrypt_Out)), + /* offsetOfTypes */ offsetof(ECC_Decrypt_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ECC_Decrypt_In, C1)), + (UINT16)(offsetof(ECC_Decrypt_In, C2)), + (UINT16)(offsetof(ECC_Decrypt_In, C3)), + (UINT16)(offsetof(ECC_Decrypt_In, inScheme))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_ECC_POINT_P_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMT_KDF_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_MAX_BUFFER_P_MARSHAL, + END_OF_LIST} }; #define _ECC_DecryptDataAddress (&_ECC_DecryptData) @@ -1206,1376 +1449,1587 @@ ECC_Decrypt_COMMAND_DESCRIPTOR_t _ECC_DecryptData = { #define _ECC_DecryptDataAddress 0 #endif // CC_ECC_Decrypt -#if CC_ECC_Parameters -#include "ECC_Parameters_fp.h" -typedef TPM_RC (ECC_Parameters_Entry)( - ECC_Parameters_In *in, - ECC_Parameters_Out *out - ); -typedef const struct { - ECC_Parameters_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; -} ECC_Parameters_COMMAND_DESCRIPTOR_t; -ECC_Parameters_COMMAND_DESCRIPTOR_t _ECC_ParametersData = { - /* entry */ &TPM2_ECC_Parameters, - /* inSize */ (UINT16)(sizeof(ECC_Parameters_In)), - /* outSize */ (UINT16)(sizeof(ECC_Parameters_Out)), - /* offsetOfTypes */ offsetof(ECC_Parameters_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_ECC_CURVE_P_UNMARSHAL, - END_OF_LIST, - TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL, - END_OF_LIST} -}; -#define _ECC_ParametersDataAddress (&_ECC_ParametersData) -#else -#define _ECC_ParametersDataAddress 0 -#endif -#if CC_ZGen_2Phase -#include "ZGen_2Phase_fp.h" -typedef TPM_RC (ZGen_2Phase_Entry)( - ZGen_2Phase_In *in, - ZGen_2Phase_Out *out - ); -typedef const struct { - ZGen_2Phase_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; -} ZGen_2Phase_COMMAND_DESCRIPTOR_t; -ZGen_2Phase_COMMAND_DESCRIPTOR_t _ZGen_2PhaseData = { - /* entry */ &TPM2_ZGen_2Phase, - /* inSize */ (UINT16)(sizeof(ZGen_2Phase_In)), - /* outSize */ (UINT16)(sizeof(ZGen_2Phase_Out)), - /* offsetOfTypes */ offsetof(ZGen_2Phase_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ZGen_2Phase_In, inQsB)), - (UINT16)(offsetof(ZGen_2Phase_In, inQeB)), - (UINT16)(offsetof(ZGen_2Phase_In, inScheme)), - (UINT16)(offsetof(ZGen_2Phase_In, counter)), - (UINT16)(offsetof(ZGen_2Phase_Out, outZ2))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_ECC_POINT_P_MARSHAL, - END_OF_LIST} -}; -#define _ZGen_2PhaseDataAddress (&_ZGen_2PhaseData) -#else -#define _ZGen_2PhaseDataAddress 0 -#endif -#if CC_EncryptDecrypt -#include "EncryptDecrypt_fp.h" -typedef TPM_RC (EncryptDecrypt_Entry)( - EncryptDecrypt_In *in, - EncryptDecrypt_Out *out - ); -typedef const struct { - EncryptDecrypt_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; +#if CC_EncryptDecrypt +#include "EncryptDecrypt_fp.h" + +typedef TPM_RC (EncryptDecrypt_Entry)( + EncryptDecrypt_In* in, + EncryptDecrypt_Out* out +); + + +typedef const struct +{ + EncryptDecrypt_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; } EncryptDecrypt_COMMAND_DESCRIPTOR_t; + EncryptDecrypt_COMMAND_DESCRIPTOR_t _EncryptDecryptData = { - /* entry */ &TPM2_EncryptDecrypt, - /* inSize */ (UINT16)(sizeof(EncryptDecrypt_In)), - /* outSize */ (UINT16)(sizeof(EncryptDecrypt_Out)), - /* offsetOfTypes */ offsetof(EncryptDecrypt_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EncryptDecrypt_In, decrypt)), - (UINT16)(offsetof(EncryptDecrypt_In, mode)), - (UINT16)(offsetof(EncryptDecrypt_In, ivIn)), - (UINT16)(offsetof(EncryptDecrypt_In, inData)), - (UINT16)(offsetof(EncryptDecrypt_Out, ivOut))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + ADD_FLAG, - TPM2B_IV_P_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM2B_IV_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_EncryptDecrypt, + /* inSize */ (UINT16)(sizeof(EncryptDecrypt_In)), + /* outSize */ (UINT16)(sizeof(EncryptDecrypt_Out)), + /* offsetOfTypes */ offsetof(EncryptDecrypt_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(EncryptDecrypt_In, decrypt)), + (UINT16)(offsetof(EncryptDecrypt_In, mode)), + (UINT16)(offsetof(EncryptDecrypt_In, ivIn)), + (UINT16)(offsetof(EncryptDecrypt_In, inData)), + (UINT16)(offsetof(EncryptDecrypt_Out, ivOut))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + ADD_FLAG, + TPM2B_IV_P_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + END_OF_LIST, + TPM2B_MAX_BUFFER_P_MARSHAL, + TPM2B_IV_P_MARSHAL, + END_OF_LIST} }; + #define _EncryptDecryptDataAddress (&_EncryptDecryptData) #else #define _EncryptDecryptDataAddress 0 -#endif -#if CC_EncryptDecrypt2 -#include "EncryptDecrypt2_fp.h" -typedef TPM_RC (EncryptDecrypt2_Entry)( - EncryptDecrypt2_In *in, - EncryptDecrypt2_Out *out - ); -typedef const struct { - EncryptDecrypt2_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; +#endif // CC_EncryptDecrypt + +#if CC_EncryptDecrypt2 +#include "EncryptDecrypt2_fp.h" + +typedef TPM_RC (EncryptDecrypt2_Entry)( + EncryptDecrypt2_In* in, + EncryptDecrypt2_Out* out +); + + +typedef const struct +{ + EncryptDecrypt2_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; } EncryptDecrypt2_COMMAND_DESCRIPTOR_t; + EncryptDecrypt2_COMMAND_DESCRIPTOR_t _EncryptDecrypt2Data = { - /* entry */ &TPM2_EncryptDecrypt2, - /* inSize */ (UINT16)(sizeof(EncryptDecrypt2_In)), - /* outSize */ (UINT16)(sizeof(EncryptDecrypt2_Out)), - /* offsetOfTypes */ offsetof(EncryptDecrypt2_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EncryptDecrypt2_In, inData)), - (UINT16)(offsetof(EncryptDecrypt2_In, decrypt)), - (UINT16)(offsetof(EncryptDecrypt2_In, mode)), - (UINT16)(offsetof(EncryptDecrypt2_In, ivIn)), - (UINT16)(offsetof(EncryptDecrypt2_Out, ivOut))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + ADD_FLAG, - TPM2B_IV_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM2B_IV_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_EncryptDecrypt2, + /* inSize */ (UINT16)(sizeof(EncryptDecrypt2_In)), + /* outSize */ (UINT16)(sizeof(EncryptDecrypt2_Out)), + /* offsetOfTypes */ offsetof(EncryptDecrypt2_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(EncryptDecrypt2_In, inData)), + (UINT16)(offsetof(EncryptDecrypt2_In, decrypt)), + (UINT16)(offsetof(EncryptDecrypt2_In, mode)), + (UINT16)(offsetof(EncryptDecrypt2_In, ivIn)), + (UINT16)(offsetof(EncryptDecrypt2_Out, ivOut))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + ADD_FLAG, + TPM2B_IV_P_UNMARSHAL, + END_OF_LIST, + TPM2B_MAX_BUFFER_P_MARSHAL, + TPM2B_IV_P_MARSHAL, + END_OF_LIST} }; + #define _EncryptDecrypt2DataAddress (&_EncryptDecrypt2Data) #else #define _EncryptDecrypt2DataAddress 0 -#endif -#if CC_Hash -#include "Hash_fp.h" -typedef TPM_RC (Hash_Entry)( - Hash_In *in, - Hash_Out *out - ); -typedef const struct { - Hash_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; +#endif // CC_EncryptDecrypt2 + +#if CC_Hash +#include "Hash_fp.h" + +typedef TPM_RC (Hash_Entry)( + Hash_In* in, + Hash_Out* out +); + + +typedef const struct +{ + Hash_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; } Hash_COMMAND_DESCRIPTOR_t; + Hash_COMMAND_DESCRIPTOR_t _HashData = { - /* entry */ &TPM2_Hash, - /* inSize */ (UINT16)(sizeof(Hash_In)), - /* outSize */ (UINT16)(sizeof(Hash_Out)), - /* offsetOfTypes */ offsetof(Hash_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Hash_In, hashAlg)), - (UINT16)(offsetof(Hash_In, hierarchy)), - (UINT16)(offsetof(Hash_Out, validation))}, - /* types */ {TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL, - TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - TPMT_TK_HASHCHECK_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_Hash, + /* inSize */ (UINT16)(sizeof(Hash_In)), + /* outSize */ (UINT16)(sizeof(Hash_Out)), + /* offsetOfTypes */ offsetof(Hash_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Hash_In, hashAlg)), + (UINT16)(offsetof(Hash_In, hierarchy)), + (UINT16)(offsetof(Hash_Out, validation))}, + /* types */ {TPM2B_MAX_BUFFER_P_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL, + TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + TPMT_TK_HASHCHECK_P_MARSHAL, + END_OF_LIST} }; + #define _HashDataAddress (&_HashData) #else #define _HashDataAddress 0 -#endif -#if CC_HMAC -#include "HMAC_fp.h" -typedef TPM_RC (HMAC_Entry)( - HMAC_In *in, - HMAC_Out *out - ); -typedef const struct { - HMAC_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; +#endif // CC_Hash + +#if CC_HMAC +#include "HMAC_fp.h" + +typedef TPM_RC (HMAC_Entry)( + HMAC_In* in, + HMAC_Out* out +); + + +typedef const struct +{ + HMAC_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; } HMAC_COMMAND_DESCRIPTOR_t; + HMAC_COMMAND_DESCRIPTOR_t _HMACData = { - /* entry */ &TPM2_HMAC, - /* inSize */ (UINT16)(sizeof(HMAC_In)), - /* outSize */ (UINT16)(sizeof(HMAC_Out)), - /* offsetOfTypes */ offsetof(HMAC_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HMAC_In, buffer)), - (UINT16)(offsetof(HMAC_In, hashAlg))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_HMAC, + /* inSize */ (UINT16)(sizeof(HMAC_In)), + /* outSize */ (UINT16)(sizeof(HMAC_Out)), + /* offsetOfTypes */ offsetof(HMAC_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(HMAC_In, buffer)), + (UINT16)(offsetof(HMAC_In, hashAlg))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + END_OF_LIST} }; + #define _HMACDataAddress (&_HMACData) #else #define _HMACDataAddress 0 -#endif -#if CC_MAC -#include "MAC_fp.h" -typedef TPM_RC (MAC_Entry)( - MAC_In *in, - MAC_Out *out - ); -typedef const struct { - MAC_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; +#endif // CC_HMAC + +#if CC_MAC +#include "MAC_fp.h" + +typedef TPM_RC (MAC_Entry)( + MAC_In* in, + MAC_Out* out +); + + +typedef const struct +{ + MAC_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; } MAC_COMMAND_DESCRIPTOR_t; + MAC_COMMAND_DESCRIPTOR_t _MACData = { - /* entry */ &TPM2_MAC, - /* inSize */ (UINT16)(sizeof(MAC_In)), - /* outSize */ (UINT16)(sizeof(MAC_Out)), - /* offsetOfTypes */ offsetof(MAC_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(MAC_In, buffer)), - (UINT16)(offsetof(MAC_In, inScheme))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_MAC, + /* inSize */ (UINT16)(sizeof(MAC_In)), + /* outSize */ (UINT16)(sizeof(MAC_Out)), + /* offsetOfTypes */ offsetof(MAC_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(MAC_In, buffer)), + (UINT16)(offsetof(MAC_In, inScheme))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + END_OF_LIST} }; + #define _MACDataAddress (&_MACData) #else #define _MACDataAddress 0 -#endif -#if CC_GetRandom -#include "GetRandom_fp.h" -typedef TPM_RC (GetRandom_Entry)( - GetRandom_In *in, - GetRandom_Out *out - ); -typedef const struct { - GetRandom_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; +#endif // CC_MAC + +#if CC_GetRandom +#include "GetRandom_fp.h" + +typedef TPM_RC (GetRandom_Entry)( + GetRandom_In* in, + GetRandom_Out* out +); + + +typedef const struct +{ + GetRandom_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; } GetRandom_COMMAND_DESCRIPTOR_t; + GetRandom_COMMAND_DESCRIPTOR_t _GetRandomData = { - /* entry */ &TPM2_GetRandom, - /* inSize */ (UINT16)(sizeof(GetRandom_In)), - /* outSize */ (UINT16)(sizeof(GetRandom_Out)), - /* offsetOfTypes */ offsetof(GetRandom_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {UINT16_P_UNMARSHAL, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_GetRandom, + /* inSize */ (UINT16)(sizeof(GetRandom_In)), + /* outSize */ (UINT16)(sizeof(GetRandom_Out)), + /* offsetOfTypes */ offsetof(GetRandom_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {UINT16_P_UNMARSHAL, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + END_OF_LIST} }; + #define _GetRandomDataAddress (&_GetRandomData) #else #define _GetRandomDataAddress 0 -#endif -#if CC_StirRandom -#include "StirRandom_fp.h" -typedef TPM_RC (StirRandom_Entry)( - StirRandom_In *in - ); -typedef const struct { - StirRandom_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_GetRandom + +#if CC_StirRandom +#include "StirRandom_fp.h" + +typedef TPM_RC (StirRandom_Entry)( + StirRandom_In* in +); + + +typedef const struct +{ + StirRandom_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } StirRandom_COMMAND_DESCRIPTOR_t; + StirRandom_COMMAND_DESCRIPTOR_t _StirRandomData = { - /* entry */ &TPM2_StirRandom, - /* inSize */ (UINT16)(sizeof(StirRandom_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(StirRandom_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPM2B_SENSITIVE_DATA_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_StirRandom, + /* inSize */ (UINT16)(sizeof(StirRandom_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(StirRandom_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPM2B_SENSITIVE_DATA_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _StirRandomDataAddress (&_StirRandomData) #else #define _StirRandomDataAddress 0 -#endif -#if CC_HMAC_Start -#include "HMAC_Start_fp.h" -typedef TPM_RC (HMAC_Start_Entry)( - HMAC_Start_In *in, - HMAC_Start_Out *out - ); -typedef const struct { - HMAC_Start_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; +#endif // CC_StirRandom + +#if CC_HMAC_Start +#include "HMAC_Start_fp.h" + +typedef TPM_RC (HMAC_Start_Entry)( + HMAC_Start_In* in, + HMAC_Start_Out* out +); + + +typedef const struct +{ + HMAC_Start_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; } HMAC_Start_COMMAND_DESCRIPTOR_t; + HMAC_Start_COMMAND_DESCRIPTOR_t _HMAC_StartData = { - /* entry */ &TPM2_HMAC_Start, - /* inSize */ (UINT16)(sizeof(HMAC_Start_In)), - /* outSize */ (UINT16)(sizeof(HMAC_Start_Out)), - /* offsetOfTypes */ offsetof(HMAC_Start_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HMAC_Start_In, auth)), - (UINT16)(offsetof(HMAC_Start_In, hashAlg))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPMI_DH_OBJECT_H_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_HMAC_Start, + /* inSize */ (UINT16)(sizeof(HMAC_Start_In)), + /* outSize */ (UINT16)(sizeof(HMAC_Start_Out)), + /* offsetOfTypes */ offsetof(HMAC_Start_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(HMAC_Start_In, auth)), + (UINT16)(offsetof(HMAC_Start_In, hashAlg))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_AUTH_P_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPMI_DH_OBJECT_H_MARSHAL, + END_OF_LIST} }; + #define _HMAC_StartDataAddress (&_HMAC_StartData) #else #define _HMAC_StartDataAddress 0 -#endif -#if CC_MAC_Start -#include "MAC_Start_fp.h" -typedef TPM_RC (MAC_Start_Entry)( - MAC_Start_In *in, - MAC_Start_Out *out - ); -typedef const struct { - MAC_Start_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; +#endif // CC_HMAC_Start + +#if CC_MAC_Start +#include "MAC_Start_fp.h" + +typedef TPM_RC (MAC_Start_Entry)( + MAC_Start_In* in, + MAC_Start_Out* out +); + + +typedef const struct +{ + MAC_Start_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; } MAC_Start_COMMAND_DESCRIPTOR_t; + MAC_Start_COMMAND_DESCRIPTOR_t _MAC_StartData = { - /* entry */ &TPM2_MAC_Start, - /* inSize */ (UINT16)(sizeof(MAC_Start_In)), - /* outSize */ (UINT16)(sizeof(MAC_Start_Out)), - /* offsetOfTypes */ offsetof(MAC_Start_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(MAC_Start_In, auth)), - (UINT16)(offsetof(MAC_Start_In, inScheme))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPMI_DH_OBJECT_H_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_MAC_Start, + /* inSize */ (UINT16)(sizeof(MAC_Start_In)), + /* outSize */ (UINT16)(sizeof(MAC_Start_Out)), + /* offsetOfTypes */ offsetof(MAC_Start_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(MAC_Start_In, auth)), + (UINT16)(offsetof(MAC_Start_In, inScheme))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_AUTH_P_UNMARSHAL, + TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPMI_DH_OBJECT_H_MARSHAL, + END_OF_LIST} }; + #define _MAC_StartDataAddress (&_MAC_StartData) #else #define _MAC_StartDataAddress 0 -#endif -#if CC_HashSequenceStart -#include "HashSequenceStart_fp.h" -typedef TPM_RC (HashSequenceStart_Entry)( - HashSequenceStart_In *in, - HashSequenceStart_Out *out - ); -typedef const struct { - HashSequenceStart_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; +#endif // CC_MAC_Start + +#if CC_HashSequenceStart +#include "HashSequenceStart_fp.h" + +typedef TPM_RC (HashSequenceStart_Entry)( + HashSequenceStart_In* in, + HashSequenceStart_Out* out +); + + +typedef const struct +{ + HashSequenceStart_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; } HashSequenceStart_COMMAND_DESCRIPTOR_t; + HashSequenceStart_COMMAND_DESCRIPTOR_t _HashSequenceStartData = { - /* entry */ &TPM2_HashSequenceStart, - /* inSize */ (UINT16)(sizeof(HashSequenceStart_In)), - /* outSize */ (UINT16)(sizeof(HashSequenceStart_Out)), - /* offsetOfTypes */ offsetof(HashSequenceStart_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HashSequenceStart_In, hashAlg))}, - /* types */ {TPM2B_AUTH_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPMI_DH_OBJECT_H_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_HashSequenceStart, + /* inSize */ (UINT16)(sizeof(HashSequenceStart_In)), + /* outSize */ (UINT16)(sizeof(HashSequenceStart_Out)), + /* offsetOfTypes */ offsetof(HashSequenceStart_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(HashSequenceStart_In, hashAlg))}, + /* types */ {TPM2B_AUTH_P_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPMI_DH_OBJECT_H_MARSHAL, + END_OF_LIST} }; + #define _HashSequenceStartDataAddress (&_HashSequenceStartData) #else #define _HashSequenceStartDataAddress 0 -#endif -#if CC_SequenceUpdate -#include "SequenceUpdate_fp.h" -typedef TPM_RC (SequenceUpdate_Entry)( - SequenceUpdate_In *in - ); -typedef const struct { - SequenceUpdate_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_HashSequenceStart + +#if CC_SequenceUpdate +#include "SequenceUpdate_fp.h" + +typedef TPM_RC (SequenceUpdate_Entry)( + SequenceUpdate_In* in +); + + +typedef const struct +{ + SequenceUpdate_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } SequenceUpdate_COMMAND_DESCRIPTOR_t; + SequenceUpdate_COMMAND_DESCRIPTOR_t _SequenceUpdateData = { - /* entry */ &TPM2_SequenceUpdate, - /* inSize */ (UINT16)(sizeof(SequenceUpdate_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SequenceUpdate_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SequenceUpdate_In, buffer))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_SequenceUpdate, + /* inSize */ (UINT16)(sizeof(SequenceUpdate_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(SequenceUpdate_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(SequenceUpdate_In, buffer))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _SequenceUpdateDataAddress (&_SequenceUpdateData) #else #define _SequenceUpdateDataAddress 0 -#endif -#if CC_SequenceComplete -#include "SequenceComplete_fp.h" -typedef TPM_RC (SequenceComplete_Entry)( - SequenceComplete_In *in, - SequenceComplete_Out *out - ); -typedef const struct { - SequenceComplete_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; +#endif // CC_SequenceUpdate + +#if CC_SequenceComplete +#include "SequenceComplete_fp.h" + +typedef TPM_RC (SequenceComplete_Entry)( + SequenceComplete_In* in, + SequenceComplete_Out* out +); + + +typedef const struct +{ + SequenceComplete_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; } SequenceComplete_COMMAND_DESCRIPTOR_t; + SequenceComplete_COMMAND_DESCRIPTOR_t _SequenceCompleteData = { - /* entry */ &TPM2_SequenceComplete, - /* inSize */ (UINT16)(sizeof(SequenceComplete_In)), - /* outSize */ (UINT16)(sizeof(SequenceComplete_Out)), - /* offsetOfTypes */ offsetof(SequenceComplete_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SequenceComplete_In, buffer)), - (UINT16)(offsetof(SequenceComplete_In, hierarchy)), - (UINT16)(offsetof(SequenceComplete_Out, validation))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - TPMT_TK_HASHCHECK_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_SequenceComplete, + /* inSize */ (UINT16)(sizeof(SequenceComplete_In)), + /* outSize */ (UINT16)(sizeof(SequenceComplete_Out)), + /* offsetOfTypes */ offsetof(SequenceComplete_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(SequenceComplete_In, buffer)), + (UINT16)(offsetof(SequenceComplete_In, hierarchy)), + (UINT16)(offsetof(SequenceComplete_Out, validation))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + TPMT_TK_HASHCHECK_P_MARSHAL, + END_OF_LIST} }; + #define _SequenceCompleteDataAddress (&_SequenceCompleteData) #else #define _SequenceCompleteDataAddress 0 -#endif -#if CC_EventSequenceComplete -#include "EventSequenceComplete_fp.h" -typedef TPM_RC (EventSequenceComplete_Entry)( - EventSequenceComplete_In *in, - EventSequenceComplete_Out *out - ); -typedef const struct { - EventSequenceComplete_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; +#endif // CC_SequenceComplete + +#if CC_EventSequenceComplete +#include "EventSequenceComplete_fp.h" + +typedef TPM_RC (EventSequenceComplete_Entry)( + EventSequenceComplete_In* in, + EventSequenceComplete_Out* out +); + + +typedef const struct +{ + EventSequenceComplete_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; } EventSequenceComplete_COMMAND_DESCRIPTOR_t; + EventSequenceComplete_COMMAND_DESCRIPTOR_t _EventSequenceCompleteData = { - /* entry */ &TPM2_EventSequenceComplete, - /* inSize */ (UINT16)(sizeof(EventSequenceComplete_In)), - /* outSize */ (UINT16)(sizeof(EventSequenceComplete_Out)), - /* offsetOfTypes */ offsetof(EventSequenceComplete_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EventSequenceComplete_In, sequenceHandle)), - (UINT16)(offsetof(EventSequenceComplete_In, buffer))}, - /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPML_DIGEST_VALUES_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_EventSequenceComplete, + /* inSize */ (UINT16)(sizeof(EventSequenceComplete_In)), + /* outSize */ (UINT16)(sizeof(EventSequenceComplete_Out)), + /* offsetOfTypes */ offsetof(EventSequenceComplete_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(EventSequenceComplete_In, sequenceHandle)), + (UINT16)(offsetof(EventSequenceComplete_In, buffer))}, + /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + END_OF_LIST, + TPML_DIGEST_VALUES_P_MARSHAL, + END_OF_LIST} }; + #define _EventSequenceCompleteDataAddress (&_EventSequenceCompleteData) #else #define _EventSequenceCompleteDataAddress 0 -#endif -#if CC_Certify -#include "Certify_fp.h" -typedef TPM_RC (Certify_Entry)( - Certify_In *in, - Certify_Out *out - ); -typedef const struct { - Certify_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; +#endif // CC_EventSequenceComplete + +#if CC_Certify +#include "Certify_fp.h" + +typedef TPM_RC (Certify_Entry)( + Certify_In* in, + Certify_Out* out +); + + +typedef const struct +{ + Certify_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[8]; } Certify_COMMAND_DESCRIPTOR_t; + Certify_COMMAND_DESCRIPTOR_t _CertifyData = { - /* entry */ &TPM2_Certify, - /* inSize */ (UINT16)(sizeof(Certify_In)), - /* outSize */ (UINT16)(sizeof(Certify_Out)), - /* offsetOfTypes */ offsetof(Certify_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Certify_In, signHandle)), - (UINT16)(offsetof(Certify_In, qualifyingData)), - (UINT16)(offsetof(Certify_In, inScheme)), - (UINT16)(offsetof(Certify_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_Certify, + /* inSize */ (UINT16)(sizeof(Certify_In)), + /* outSize */ (UINT16)(sizeof(Certify_Out)), + /* offsetOfTypes */ offsetof(Certify_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Certify_In, signHandle)), + (UINT16)(offsetof(Certify_In, qualifyingData)), + (UINT16)(offsetof(Certify_In, inScheme)), + (UINT16)(offsetof(Certify_Out, signature))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} }; + #define _CertifyDataAddress (&_CertifyData) #else #define _CertifyDataAddress 0 -#endif -#if CC_CertifyCreation -#include "CertifyCreation_fp.h" -typedef TPM_RC (CertifyCreation_Entry)( - CertifyCreation_In *in, - CertifyCreation_Out *out - ); -typedef const struct { - CertifyCreation_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[6]; - BYTE types[10]; +#endif // CC_Certify + +#if CC_CertifyCreation +#include "CertifyCreation_fp.h" + +typedef TPM_RC (CertifyCreation_Entry)( + CertifyCreation_In* in, + CertifyCreation_Out* out +); + + +typedef const struct +{ + CertifyCreation_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[6]; + BYTE types[10]; } CertifyCreation_COMMAND_DESCRIPTOR_t; + CertifyCreation_COMMAND_DESCRIPTOR_t _CertifyCreationData = { - /* entry */ &TPM2_CertifyCreation, - /* inSize */ (UINT16)(sizeof(CertifyCreation_In)), - /* outSize */ (UINT16)(sizeof(CertifyCreation_Out)), - /* offsetOfTypes */ offsetof(CertifyCreation_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(CertifyCreation_In, objectHandle)), - (UINT16)(offsetof(CertifyCreation_In, qualifyingData)), - (UINT16)(offsetof(CertifyCreation_In, creationHash)), - (UINT16)(offsetof(CertifyCreation_In, inScheme)), - (UINT16)(offsetof(CertifyCreation_In, creationTicket)), - (UINT16)(offsetof(CertifyCreation_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - TPMT_TK_CREATION_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_CertifyCreation, + /* inSize */ (UINT16)(sizeof(CertifyCreation_In)), + /* outSize */ (UINT16)(sizeof(CertifyCreation_Out)), + /* offsetOfTypes */ offsetof(CertifyCreation_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(CertifyCreation_In, objectHandle)), + (UINT16)(offsetof(CertifyCreation_In, qualifyingData)), + (UINT16)(offsetof(CertifyCreation_In, creationHash)), + (UINT16)(offsetof(CertifyCreation_In, inScheme)), + (UINT16)(offsetof(CertifyCreation_In, creationTicket)), + (UINT16)(offsetof(CertifyCreation_Out, signature))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + TPMT_TK_CREATION_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} }; + #define _CertifyCreationDataAddress (&_CertifyCreationData) #else #define _CertifyCreationDataAddress 0 -#endif -#if CC_Quote -#include "Quote_fp.h" -typedef TPM_RC (Quote_Entry)( - Quote_In *in, - Quote_Out *out - ); -typedef const struct { - Quote_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; +#endif // CC_CertifyCreation + +#if CC_Quote +#include "Quote_fp.h" + +typedef TPM_RC (Quote_Entry)( + Quote_In* in, + Quote_Out* out +); + + +typedef const struct +{ + Quote_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[8]; } Quote_COMMAND_DESCRIPTOR_t; + Quote_COMMAND_DESCRIPTOR_t _QuoteData = { - /* entry */ &TPM2_Quote, - /* inSize */ (UINT16)(sizeof(Quote_In)), - /* outSize */ (UINT16)(sizeof(Quote_Out)), - /* offsetOfTypes */ offsetof(Quote_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Quote_In, qualifyingData)), - (UINT16)(offsetof(Quote_In, inScheme)), - (UINT16)(offsetof(Quote_In, PCRselect)), - (UINT16)(offsetof(Quote_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_Quote, + /* inSize */ (UINT16)(sizeof(Quote_In)), + /* outSize */ (UINT16)(sizeof(Quote_Out)), + /* offsetOfTypes */ offsetof(Quote_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Quote_In, qualifyingData)), + (UINT16)(offsetof(Quote_In, inScheme)), + (UINT16)(offsetof(Quote_In, PCRselect)), + (UINT16)(offsetof(Quote_Out, signature))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + TPML_PCR_SELECTION_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} }; + #define _QuoteDataAddress (&_QuoteData) #else #define _QuoteDataAddress 0 -#endif -#if CC_GetSessionAuditDigest -#include "GetSessionAuditDigest_fp.h" -typedef TPM_RC (GetSessionAuditDigest_Entry)( - GetSessionAuditDigest_In *in, - GetSessionAuditDigest_Out *out - ); -typedef const struct { - GetSessionAuditDigest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[9]; +#endif // CC_Quote + +#if CC_GetSessionAuditDigest +#include "GetSessionAuditDigest_fp.h" + +typedef TPM_RC (GetSessionAuditDigest_Entry)( + GetSessionAuditDigest_In* in, + GetSessionAuditDigest_Out* out +); + + +typedef const struct +{ + GetSessionAuditDigest_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[9]; } GetSessionAuditDigest_COMMAND_DESCRIPTOR_t; + GetSessionAuditDigest_COMMAND_DESCRIPTOR_t _GetSessionAuditDigestData = { - /* entry */ &TPM2_GetSessionAuditDigest, - /* inSize */ (UINT16)(sizeof(GetSessionAuditDigest_In)), - /* outSize */ (UINT16)(sizeof(GetSessionAuditDigest_Out)), - /* offsetOfTypes */ offsetof(GetSessionAuditDigest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetSessionAuditDigest_In, signHandle)), - (UINT16)(offsetof(GetSessionAuditDigest_In, sessionHandle)), - (UINT16)(offsetof(GetSessionAuditDigest_In, qualifyingData)), - (UINT16)(offsetof(GetSessionAuditDigest_In, inScheme)), - (UINT16)(offsetof(GetSessionAuditDigest_Out, signature))}, - /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_SH_HMAC_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_GetSessionAuditDigest, + /* inSize */ (UINT16)(sizeof(GetSessionAuditDigest_In)), + /* outSize */ (UINT16)(sizeof(GetSessionAuditDigest_Out)), + /* offsetOfTypes */ offsetof(GetSessionAuditDigest_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(GetSessionAuditDigest_In, signHandle)), + (UINT16)(offsetof(GetSessionAuditDigest_In, sessionHandle)), + (UINT16)(offsetof(GetSessionAuditDigest_In, qualifyingData)), + (UINT16)(offsetof(GetSessionAuditDigest_In, inScheme)), + (UINT16)(offsetof(GetSessionAuditDigest_Out, signature))}, + /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPMI_SH_HMAC_H_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} }; + #define _GetSessionAuditDigestDataAddress (&_GetSessionAuditDigestData) #else #define _GetSessionAuditDigestDataAddress 0 -#endif -#if CC_GetCommandAuditDigest -#include "GetCommandAuditDigest_fp.h" -typedef TPM_RC (GetCommandAuditDigest_Entry)( - GetCommandAuditDigest_In *in, - GetCommandAuditDigest_Out *out - ); -typedef const struct { - GetCommandAuditDigest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; +#endif // CC_GetSessionAuditDigest + +#if CC_GetCommandAuditDigest +#include "GetCommandAuditDigest_fp.h" + +typedef TPM_RC (GetCommandAuditDigest_Entry)( + GetCommandAuditDigest_In* in, + GetCommandAuditDigest_Out* out +); + + +typedef const struct +{ + GetCommandAuditDigest_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[8]; } GetCommandAuditDigest_COMMAND_DESCRIPTOR_t; + GetCommandAuditDigest_COMMAND_DESCRIPTOR_t _GetCommandAuditDigestData = { - /* entry */ &TPM2_GetCommandAuditDigest, - /* inSize */ (UINT16)(sizeof(GetCommandAuditDigest_In)), - /* outSize */ (UINT16)(sizeof(GetCommandAuditDigest_Out)), - /* offsetOfTypes */ offsetof(GetCommandAuditDigest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetCommandAuditDigest_In, signHandle)), - (UINT16)(offsetof(GetCommandAuditDigest_In, qualifyingData)), - (UINT16)(offsetof(GetCommandAuditDigest_In, inScheme)), - (UINT16)(offsetof(GetCommandAuditDigest_Out, signature))}, - /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_GetCommandAuditDigest, + /* inSize */ (UINT16)(sizeof(GetCommandAuditDigest_In)), + /* outSize */ (UINT16)(sizeof(GetCommandAuditDigest_Out)), + /* offsetOfTypes */ offsetof(GetCommandAuditDigest_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(GetCommandAuditDigest_In, signHandle)), + (UINT16)(offsetof(GetCommandAuditDigest_In, qualifyingData)), + (UINT16)(offsetof(GetCommandAuditDigest_In, inScheme)), + (UINT16)(offsetof(GetCommandAuditDigest_Out, signature))}, + /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} }; + #define _GetCommandAuditDigestDataAddress (&_GetCommandAuditDigestData) #else #define _GetCommandAuditDigestDataAddress 0 -#endif -#if CC_GetTime -#include "GetTime_fp.h" -typedef TPM_RC (GetTime_Entry)( - GetTime_In *in, - GetTime_Out *out - ); -typedef const struct { - GetTime_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; +#endif // CC_GetCommandAuditDigest + +#if CC_GetTime +#include "GetTime_fp.h" + +typedef TPM_RC (GetTime_Entry)( + GetTime_In* in, + GetTime_Out* out +); + + +typedef const struct +{ + GetTime_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[8]; } GetTime_COMMAND_DESCRIPTOR_t; + GetTime_COMMAND_DESCRIPTOR_t _GetTimeData = { - /* entry */ &TPM2_GetTime, - /* inSize */ (UINT16)(sizeof(GetTime_In)), - /* outSize */ (UINT16)(sizeof(GetTime_Out)), - /* offsetOfTypes */ offsetof(GetTime_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetTime_In, signHandle)), - (UINT16)(offsetof(GetTime_In, qualifyingData)), - (UINT16)(offsetof(GetTime_In, inScheme)), - (UINT16)(offsetof(GetTime_Out, signature))}, - /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_GetTime, + /* inSize */ (UINT16)(sizeof(GetTime_In)), + /* outSize */ (UINT16)(sizeof(GetTime_Out)), + /* offsetOfTypes */ offsetof(GetTime_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(GetTime_In, signHandle)), + (UINT16)(offsetof(GetTime_In, qualifyingData)), + (UINT16)(offsetof(GetTime_In, inScheme)), + (UINT16)(offsetof(GetTime_Out, signature))}, + /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} }; + #define _GetTimeDataAddress (&_GetTimeData) #else #define _GetTimeDataAddress 0 -#endif -#if CC_CertifyX509 -#include "CertifyX509_fp.h" -typedef TPM_RC (CertifyX509_Entry)( - CertifyX509_In *in, - CertifyX509_Out *out - ); -typedef const struct { - CertifyX509_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[6]; - BYTE types[10]; +#endif // CC_GetTime + +#if CC_CertifyX509 +#include "CertifyX509_fp.h" + +typedef TPM_RC (CertifyX509_Entry)( + CertifyX509_In* in, + CertifyX509_Out* out +); + + +typedef const struct +{ + CertifyX509_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[6]; + BYTE types[10]; } CertifyX509_COMMAND_DESCRIPTOR_t; + CertifyX509_COMMAND_DESCRIPTOR_t _CertifyX509Data = { - /* entry */ &TPM2_CertifyX509, - /* inSize */ (UINT16)(sizeof(CertifyX509_In)), - /* outSize */ (UINT16)(sizeof(CertifyX509_Out)), - /* offsetOfTypes */ offsetof(CertifyX509_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(CertifyX509_In, signHandle)), - (UINT16)(offsetof(CertifyX509_In, reserved)), - (UINT16)(offsetof(CertifyX509_In, inScheme)), - (UINT16)(offsetof(CertifyX509_In, partialCertificate)), - (UINT16)(offsetof(CertifyX509_Out, tbsDigest)), - (UINT16)(offsetof(CertifyX509_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - TPM2B_DIGEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_CertifyX509, + /* inSize */ (UINT16)(sizeof(CertifyX509_In)), + /* outSize */ (UINT16)(sizeof(CertifyX509_Out)), + /* offsetOfTypes */ offsetof(CertifyX509_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(CertifyX509_In, signHandle)), + (UINT16)(offsetof(CertifyX509_In, reserved)), + (UINT16)(offsetof(CertifyX509_In, inScheme)), + (UINT16)(offsetof(CertifyX509_In, partialCertificate)), + (UINT16)(offsetof(CertifyX509_Out, tbsDigest)), + (UINT16)(offsetof(CertifyX509_Out, signature))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + END_OF_LIST, + TPM2B_MAX_BUFFER_P_MARSHAL, + TPM2B_DIGEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} }; + #define _CertifyX509DataAddress (&_CertifyX509Data) #else #define _CertifyX509DataAddress 0 #endif // CC_CertifyX509 -#if CC_Commit -#include "Commit_fp.h" -typedef TPM_RC (Commit_Entry)( - Commit_In *in, - Commit_Out *out - ); -typedef const struct { - Commit_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[6]; - BYTE types[10]; + +#if CC_Commit +#include "Commit_fp.h" + +typedef TPM_RC (Commit_Entry)( + Commit_In* in, + Commit_Out* out +); + + +typedef const struct +{ + Commit_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[6]; + BYTE types[10]; } Commit_COMMAND_DESCRIPTOR_t; + Commit_COMMAND_DESCRIPTOR_t _CommitData = { - /* entry */ &TPM2_Commit, - /* inSize */ (UINT16)(sizeof(Commit_In)), - /* outSize */ (UINT16)(sizeof(Commit_Out)), - /* offsetOfTypes */ offsetof(Commit_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Commit_In, P1)), - (UINT16)(offsetof(Commit_In, s2)), - (UINT16)(offsetof(Commit_In, y2)), - (UINT16)(offsetof(Commit_Out, L)), - (UINT16)(offsetof(Commit_Out, E)), - (UINT16)(offsetof(Commit_Out, counter))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_ECC_POINT_P_UNMARSHAL, - TPM2B_SENSITIVE_DATA_P_UNMARSHAL, - TPM2B_ECC_PARAMETER_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_ECC_POINT_P_MARSHAL, - TPM2B_ECC_POINT_P_MARSHAL, - UINT16_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_Commit, + /* inSize */ (UINT16)(sizeof(Commit_In)), + /* outSize */ (UINT16)(sizeof(Commit_Out)), + /* offsetOfTypes */ offsetof(Commit_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Commit_In, P1)), + (UINT16)(offsetof(Commit_In, s2)), + (UINT16)(offsetof(Commit_In, y2)), + (UINT16)(offsetof(Commit_Out, L)), + (UINT16)(offsetof(Commit_Out, E)), + (UINT16)(offsetof(Commit_Out, counter))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_ECC_POINT_P_UNMARSHAL, + TPM2B_SENSITIVE_DATA_P_UNMARSHAL, + TPM2B_ECC_PARAMETER_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ECC_POINT_P_MARSHAL, + TPM2B_ECC_POINT_P_MARSHAL, + TPM2B_ECC_POINT_P_MARSHAL, + UINT16_P_MARSHAL, + END_OF_LIST} }; + #define _CommitDataAddress (&_CommitData) #else #define _CommitDataAddress 0 -#endif -#if CC_EC_Ephemeral -#include "EC_Ephemeral_fp.h" -typedef TPM_RC (EC_Ephemeral_Entry)( - EC_Ephemeral_In *in, - EC_Ephemeral_Out *out - ); -typedef const struct { - EC_Ephemeral_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; +#endif // CC_Commit + +#if CC_EC_Ephemeral +#include "EC_Ephemeral_fp.h" + +typedef TPM_RC (EC_Ephemeral_Entry)( + EC_Ephemeral_In* in, + EC_Ephemeral_Out* out +); + + +typedef const struct +{ + EC_Ephemeral_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; } EC_Ephemeral_COMMAND_DESCRIPTOR_t; + EC_Ephemeral_COMMAND_DESCRIPTOR_t _EC_EphemeralData = { - /* entry */ &TPM2_EC_Ephemeral, - /* inSize */ (UINT16)(sizeof(EC_Ephemeral_In)), - /* outSize */ (UINT16)(sizeof(EC_Ephemeral_Out)), - /* offsetOfTypes */ offsetof(EC_Ephemeral_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EC_Ephemeral_Out, counter))}, - /* types */ {TPMI_ECC_CURVE_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ECC_POINT_P_MARSHAL, - UINT16_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_EC_Ephemeral, + /* inSize */ (UINT16)(sizeof(EC_Ephemeral_In)), + /* outSize */ (UINT16)(sizeof(EC_Ephemeral_Out)), + /* offsetOfTypes */ offsetof(EC_Ephemeral_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(EC_Ephemeral_Out, counter))}, + /* types */ {TPMI_ECC_CURVE_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ECC_POINT_P_MARSHAL, + UINT16_P_MARSHAL, + END_OF_LIST} }; + #define _EC_EphemeralDataAddress (&_EC_EphemeralData) #else #define _EC_EphemeralDataAddress 0 -#endif -#if CC_VerifySignature -#include "VerifySignature_fp.h" -typedef TPM_RC (VerifySignature_Entry)( - VerifySignature_In *in, - VerifySignature_Out *out - ); -typedef const struct { - VerifySignature_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; +#endif // CC_EC_Ephemeral + +#if CC_VerifySignature +#include "VerifySignature_fp.h" + +typedef TPM_RC (VerifySignature_Entry)( + VerifySignature_In* in, + VerifySignature_Out* out +); + + +typedef const struct +{ + VerifySignature_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; } VerifySignature_COMMAND_DESCRIPTOR_t; + VerifySignature_COMMAND_DESCRIPTOR_t _VerifySignatureData = { - /* entry */ &TPM2_VerifySignature, - /* inSize */ (UINT16)(sizeof(VerifySignature_In)), - /* outSize */ (UINT16)(sizeof(VerifySignature_Out)), - /* offsetOfTypes */ offsetof(VerifySignature_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(VerifySignature_In, digest)), - (UINT16)(offsetof(VerifySignature_In, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_SIGNATURE_P_UNMARSHAL, - END_OF_LIST, - TPMT_TK_VERIFIED_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_VerifySignature, + /* inSize */ (UINT16)(sizeof(VerifySignature_In)), + /* outSize */ (UINT16)(sizeof(VerifySignature_Out)), + /* offsetOfTypes */ offsetof(VerifySignature_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(VerifySignature_In, digest)), + (UINT16)(offsetof(VerifySignature_In, signature))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMT_SIGNATURE_P_UNMARSHAL, + END_OF_LIST, + TPMT_TK_VERIFIED_P_MARSHAL, + END_OF_LIST} }; + #define _VerifySignatureDataAddress (&_VerifySignatureData) #else #define _VerifySignatureDataAddress 0 -#endif -#if CC_Sign -#include "Sign_fp.h" -typedef TPM_RC (Sign_Entry)( - Sign_In *in, - Sign_Out *out - ); -typedef const struct { - Sign_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; +#endif // CC_VerifySignature + +#if CC_Sign +#include "Sign_fp.h" + +typedef TPM_RC (Sign_Entry)( + Sign_In* in, + Sign_Out* out +); + + +typedef const struct +{ + Sign_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; } Sign_COMMAND_DESCRIPTOR_t; + Sign_COMMAND_DESCRIPTOR_t _SignData = { - /* entry */ &TPM2_Sign, - /* inSize */ (UINT16)(sizeof(Sign_In)), - /* outSize */ (UINT16)(sizeof(Sign_Out)), - /* offsetOfTypes */ offsetof(Sign_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Sign_In, digest)), - (UINT16)(offsetof(Sign_In, inScheme)), - (UINT16)(offsetof(Sign_In, validation))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - TPMT_TK_HASHCHECK_P_UNMARSHAL, - END_OF_LIST, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_Sign, + /* inSize */ (UINT16)(sizeof(Sign_In)), + /* outSize */ (UINT16)(sizeof(Sign_Out)), + /* offsetOfTypes */ offsetof(Sign_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Sign_In, digest)), + (UINT16)(offsetof(Sign_In, inScheme)), + (UINT16)(offsetof(Sign_In, validation))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + TPMT_TK_HASHCHECK_P_UNMARSHAL, + END_OF_LIST, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} }; + #define _SignDataAddress (&_SignData) #else #define _SignDataAddress 0 -#endif -#if CC_SetCommandCodeAuditStatus -#include "SetCommandCodeAuditStatus_fp.h" -typedef TPM_RC (SetCommandCodeAuditStatus_Entry)( - SetCommandCodeAuditStatus_In *in - ); -typedef const struct { - SetCommandCodeAuditStatus_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; +#endif // CC_Sign + +#if CC_SetCommandCodeAuditStatus +#include "SetCommandCodeAuditStatus_fp.h" + +typedef TPM_RC (SetCommandCodeAuditStatus_Entry)( + SetCommandCodeAuditStatus_In* in +); + + +typedef const struct +{ + SetCommandCodeAuditStatus_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[6]; } SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t; + SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t _SetCommandCodeAuditStatusData = { - /* entry */ &TPM2_SetCommandCodeAuditStatus, - /* inSize */ (UINT16)(sizeof(SetCommandCodeAuditStatus_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SetCommandCodeAuditStatus_In, auditAlg)), - (UINT16)(offsetof(SetCommandCodeAuditStatus_In, setList)), - (UINT16)(offsetof(SetCommandCodeAuditStatus_In, clearList))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - TPML_CC_P_UNMARSHAL, - TPML_CC_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_SetCommandCodeAuditStatus, + /* inSize */ (UINT16)(sizeof(SetCommandCodeAuditStatus_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(SetCommandCodeAuditStatus_In, auditAlg)), + (UINT16)(offsetof(SetCommandCodeAuditStatus_In, setList)), + (UINT16)(offsetof(SetCommandCodeAuditStatus_In, clearList))}, + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, + TPML_CC_P_UNMARSHAL, + TPML_CC_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _SetCommandCodeAuditStatusDataAddress (&_SetCommandCodeAuditStatusData) #else #define _SetCommandCodeAuditStatusDataAddress 0 -#endif -#if CC_PCR_Extend -#include "PCR_Extend_fp.h" -typedef TPM_RC (PCR_Extend_Entry)( - PCR_Extend_In *in - ); -typedef const struct { - PCR_Extend_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_SetCommandCodeAuditStatus + +#if CC_PCR_Extend +#include "PCR_Extend_fp.h" + +typedef TPM_RC (PCR_Extend_Entry)( + PCR_Extend_In* in +); + + +typedef const struct +{ + PCR_Extend_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } PCR_Extend_COMMAND_DESCRIPTOR_t; + PCR_Extend_COMMAND_DESCRIPTOR_t _PCR_ExtendData = { - /* entry */ &TPM2_PCR_Extend, - /* inSize */ (UINT16)(sizeof(PCR_Extend_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PCR_Extend_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_Extend_In, digests))}, - /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, - TPML_DIGEST_VALUES_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PCR_Extend, + /* inSize */ (UINT16)(sizeof(PCR_Extend_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PCR_Extend_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PCR_Extend_In, digests))}, + /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, + TPML_DIGEST_VALUES_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PCR_ExtendDataAddress (&_PCR_ExtendData) #else #define _PCR_ExtendDataAddress 0 -#endif -#if CC_PCR_Event -#include "PCR_Event_fp.h" -typedef TPM_RC (PCR_Event_Entry)( - PCR_Event_In *in, - PCR_Event_Out *out - ); -typedef const struct { - PCR_Event_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; +#endif // CC_PCR_Extend + +#if CC_PCR_Event +#include "PCR_Event_fp.h" + +typedef TPM_RC (PCR_Event_Entry)( + PCR_Event_In* in, + PCR_Event_Out* out +); + + +typedef const struct +{ + PCR_Event_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; } PCR_Event_COMMAND_DESCRIPTOR_t; + PCR_Event_COMMAND_DESCRIPTOR_t _PCR_EventData = { - /* entry */ &TPM2_PCR_Event, - /* inSize */ (UINT16)(sizeof(PCR_Event_In)), - /* outSize */ (UINT16)(sizeof(PCR_Event_Out)), - /* offsetOfTypes */ offsetof(PCR_Event_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_Event_In, eventData))}, - /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, - TPM2B_EVENT_P_UNMARSHAL, - END_OF_LIST, - TPML_DIGEST_VALUES_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_PCR_Event, + /* inSize */ (UINT16)(sizeof(PCR_Event_In)), + /* outSize */ (UINT16)(sizeof(PCR_Event_Out)), + /* offsetOfTypes */ offsetof(PCR_Event_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PCR_Event_In, eventData))}, + /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, + TPM2B_EVENT_P_UNMARSHAL, + END_OF_LIST, + TPML_DIGEST_VALUES_P_MARSHAL, + END_OF_LIST} }; + #define _PCR_EventDataAddress (&_PCR_EventData) #else #define _PCR_EventDataAddress 0 -#endif -#if CC_PCR_Read -#include "PCR_Read_fp.h" -typedef TPM_RC (PCR_Read_Entry)( - PCR_Read_In *in, - PCR_Read_Out *out - ); -typedef const struct { - PCR_Read_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[6]; +#endif // CC_PCR_Event + +#if CC_PCR_Read +#include "PCR_Read_fp.h" + +typedef TPM_RC (PCR_Read_Entry)( + PCR_Read_In* in, + PCR_Read_Out* out +); + + +typedef const struct +{ + PCR_Read_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[6]; } PCR_Read_COMMAND_DESCRIPTOR_t; + PCR_Read_COMMAND_DESCRIPTOR_t _PCR_ReadData = { - /* entry */ &TPM2_PCR_Read, - /* inSize */ (UINT16)(sizeof(PCR_Read_In)), - /* outSize */ (UINT16)(sizeof(PCR_Read_Out)), - /* offsetOfTypes */ offsetof(PCR_Read_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_Read_Out, pcrSelectionOut)), - (UINT16)(offsetof(PCR_Read_Out, pcrValues))}, - /* types */ {TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - UINT32_P_MARSHAL, - TPML_PCR_SELECTION_P_MARSHAL, - TPML_DIGEST_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_PCR_Read, + /* inSize */ (UINT16)(sizeof(PCR_Read_In)), + /* outSize */ (UINT16)(sizeof(PCR_Read_Out)), + /* offsetOfTypes */ offsetof(PCR_Read_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PCR_Read_Out, pcrSelectionOut)), + (UINT16)(offsetof(PCR_Read_Out, pcrValues))}, + /* types */ {TPML_PCR_SELECTION_P_UNMARSHAL, + END_OF_LIST, + UINT32_P_MARSHAL, + TPML_PCR_SELECTION_P_MARSHAL, + TPML_DIGEST_P_MARSHAL, + END_OF_LIST} }; + #define _PCR_ReadDataAddress (&_PCR_ReadData) #else #define _PCR_ReadDataAddress 0 -#endif -#if CC_PCR_Allocate -#include "PCR_Allocate_fp.h" -typedef TPM_RC (PCR_Allocate_Entry)( - PCR_Allocate_In *in, - PCR_Allocate_Out *out - ); -typedef const struct { - PCR_Allocate_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[8]; +#endif // CC_PCR_Read + +#if CC_PCR_Allocate +#include "PCR_Allocate_fp.h" + +typedef TPM_RC (PCR_Allocate_Entry)( + PCR_Allocate_In* in, + PCR_Allocate_Out* out +); + + +typedef const struct +{ + PCR_Allocate_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[8]; } PCR_Allocate_COMMAND_DESCRIPTOR_t; + PCR_Allocate_COMMAND_DESCRIPTOR_t _PCR_AllocateData = { - /* entry */ &TPM2_PCR_Allocate, - /* inSize */ (UINT16)(sizeof(PCR_Allocate_In)), - /* outSize */ (UINT16)(sizeof(PCR_Allocate_Out)), - /* offsetOfTypes */ offsetof(PCR_Allocate_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_Allocate_In, pcrAllocation)), - (UINT16)(offsetof(PCR_Allocate_Out, maxPCR)), - (UINT16)(offsetof(PCR_Allocate_Out, sizeNeeded)), - (UINT16)(offsetof(PCR_Allocate_Out, sizeAvailable))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - TPMI_YES_NO_P_MARSHAL, - UINT32_P_MARSHAL, - UINT32_P_MARSHAL, - UINT32_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_PCR_Allocate, + /* inSize */ (UINT16)(sizeof(PCR_Allocate_In)), + /* outSize */ (UINT16)(sizeof(PCR_Allocate_Out)), + /* offsetOfTypes */ offsetof(PCR_Allocate_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PCR_Allocate_In, pcrAllocation)), + (UINT16)(offsetof(PCR_Allocate_Out, maxPCR)), + (UINT16)(offsetof(PCR_Allocate_Out, sizeNeeded)), + (UINT16)(offsetof(PCR_Allocate_Out, sizeAvailable))}, + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + TPML_PCR_SELECTION_P_UNMARSHAL, + END_OF_LIST, + TPMI_YES_NO_P_MARSHAL, + UINT32_P_MARSHAL, + UINT32_P_MARSHAL, + UINT32_P_MARSHAL, + END_OF_LIST} }; + #define _PCR_AllocateDataAddress (&_PCR_AllocateData) #else #define _PCR_AllocateDataAddress 0 -#endif -#if CC_PCR_SetAuthPolicy -#include "PCR_SetAuthPolicy_fp.h" -typedef TPM_RC (PCR_SetAuthPolicy_Entry)( - PCR_SetAuthPolicy_In *in - ); -typedef const struct { - PCR_SetAuthPolicy_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; +#endif // CC_PCR_Allocate + +#if CC_PCR_SetAuthPolicy +#include "PCR_SetAuthPolicy_fp.h" + +typedef TPM_RC (PCR_SetAuthPolicy_Entry)( + PCR_SetAuthPolicy_In* in +); + + +typedef const struct +{ + PCR_SetAuthPolicy_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[6]; } PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t; + PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t _PCR_SetAuthPolicyData = { - /* entry */ &TPM2_PCR_SetAuthPolicy, - /* inSize */ (UINT16)(sizeof(PCR_SetAuthPolicy_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_SetAuthPolicy_In, authPolicy)), - (UINT16)(offsetof(PCR_SetAuthPolicy_In, hashAlg)), - (UINT16)(offsetof(PCR_SetAuthPolicy_In, pcrNum))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - TPMI_DH_PCR_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PCR_SetAuthPolicy, + /* inSize */ (UINT16)(sizeof(PCR_SetAuthPolicy_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PCR_SetAuthPolicy_In, authPolicy)), + (UINT16)(offsetof(PCR_SetAuthPolicy_In, hashAlg)), + (UINT16)(offsetof(PCR_SetAuthPolicy_In, pcrNum))}, + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, + TPMI_DH_PCR_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PCR_SetAuthPolicyDataAddress (&_PCR_SetAuthPolicyData) #else #define _PCR_SetAuthPolicyDataAddress 0 -#endif -#if CC_PCR_SetAuthValue -#include "PCR_SetAuthValue_fp.h" -typedef TPM_RC (PCR_SetAuthValue_Entry)( - PCR_SetAuthValue_In *in - ); -typedef const struct { - PCR_SetAuthValue_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_PCR_SetAuthPolicy + +#if CC_PCR_SetAuthValue +#include "PCR_SetAuthValue_fp.h" + +typedef TPM_RC (PCR_SetAuthValue_Entry)( + PCR_SetAuthValue_In* in +); + + +typedef const struct +{ + PCR_SetAuthValue_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } PCR_SetAuthValue_COMMAND_DESCRIPTOR_t; + PCR_SetAuthValue_COMMAND_DESCRIPTOR_t _PCR_SetAuthValueData = { - /* entry */ &TPM2_PCR_SetAuthValue, - /* inSize */ (UINT16)(sizeof(PCR_SetAuthValue_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PCR_SetAuthValue_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PCR_SetAuthValue_In, auth))}, - /* types */ {TPMI_DH_PCR_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PCR_SetAuthValue, + /* inSize */ (UINT16)(sizeof(PCR_SetAuthValue_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PCR_SetAuthValue_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PCR_SetAuthValue_In, auth))}, + /* types */ {TPMI_DH_PCR_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PCR_SetAuthValueDataAddress (&_PCR_SetAuthValueData) #else #define _PCR_SetAuthValueDataAddress 0 -#endif -#if CC_PCR_Reset -#include "PCR_Reset_fp.h" -typedef TPM_RC (PCR_Reset_Entry)( - PCR_Reset_In *in - ); -typedef const struct { - PCR_Reset_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_PCR_SetAuthValue + +#if CC_PCR_Reset +#include "PCR_Reset_fp.h" + +typedef TPM_RC (PCR_Reset_Entry)( + PCR_Reset_In* in +); + + +typedef const struct +{ + PCR_Reset_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } PCR_Reset_COMMAND_DESCRIPTOR_t; + PCR_Reset_COMMAND_DESCRIPTOR_t _PCR_ResetData = { - /* entry */ &TPM2_PCR_Reset, - /* inSize */ (UINT16)(sizeof(PCR_Reset_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PCR_Reset_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_DH_PCR_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PCR_Reset, + /* inSize */ (UINT16)(sizeof(PCR_Reset_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PCR_Reset_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_DH_PCR_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PCR_ResetDataAddress (&_PCR_ResetData) #else #define _PCR_ResetDataAddress 0 -#endif -#if CC_PolicySigned -#include "PolicySigned_fp.h" -typedef TPM_RC (PolicySigned_Entry)( - PolicySigned_In *in, - PolicySigned_Out *out - ); -typedef const struct { - PolicySigned_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[7]; - BYTE types[11]; +#endif // CC_PCR_Reset + +#if CC_PolicySigned +#include "PolicySigned_fp.h" + +typedef TPM_RC (PolicySigned_Entry)( + PolicySigned_In* in, + PolicySigned_Out* out +); + + +typedef const struct +{ + PolicySigned_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[7]; + BYTE types[11]; } PolicySigned_COMMAND_DESCRIPTOR_t; + PolicySigned_COMMAND_DESCRIPTOR_t _PolicySignedData = { - /* entry */ &TPM2_PolicySigned, - /* inSize */ (UINT16)(sizeof(PolicySigned_In)), - /* outSize */ (UINT16)(sizeof(PolicySigned_Out)), - /* offsetOfTypes */ offsetof(PolicySigned_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicySigned_In, policySession)), - (UINT16)(offsetof(PolicySigned_In, nonceTPM)), - (UINT16)(offsetof(PolicySigned_In, cpHashA)), - (UINT16)(offsetof(PolicySigned_In, policyRef)), - (UINT16)(offsetof(PolicySigned_In, expiration)), - (UINT16)(offsetof(PolicySigned_In, auth)), - (UINT16)(offsetof(PolicySigned_Out, policyTicket))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - INT32_P_UNMARSHAL, - TPMT_SIGNATURE_P_UNMARSHAL, - END_OF_LIST, - TPM2B_TIMEOUT_P_MARSHAL, - TPMT_TK_AUTH_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_PolicySigned, + /* inSize */ (UINT16)(sizeof(PolicySigned_In)), + /* outSize */ (UINT16)(sizeof(PolicySigned_Out)), + /* offsetOfTypes */ offsetof(PolicySigned_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicySigned_In, policySession)), + (UINT16)(offsetof(PolicySigned_In, nonceTPM)), + (UINT16)(offsetof(PolicySigned_In, cpHashA)), + (UINT16)(offsetof(PolicySigned_In, policyRef)), + (UINT16)(offsetof(PolicySigned_In, expiration)), + (UINT16)(offsetof(PolicySigned_In, auth)), + (UINT16)(offsetof(PolicySigned_Out, policyTicket))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_NONCE_P_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPM2B_NONCE_P_UNMARSHAL, + INT32_P_UNMARSHAL, + TPMT_SIGNATURE_P_UNMARSHAL, + END_OF_LIST, + TPM2B_TIMEOUT_P_MARSHAL, + TPMT_TK_AUTH_P_MARSHAL, + END_OF_LIST} }; + #define _PolicySignedDataAddress (&_PolicySignedData) #else #define _PolicySignedDataAddress 0 -#endif -#if CC_PolicySecret -#include "PolicySecret_fp.h" -typedef TPM_RC (PolicySecret_Entry)( - PolicySecret_In *in, - PolicySecret_Out *out - ); -typedef const struct { - PolicySecret_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[6]; - BYTE types[10]; +#endif // CC_PolicySigned + +#if CC_PolicySecret +#include "PolicySecret_fp.h" + +typedef TPM_RC (PolicySecret_Entry)( + PolicySecret_In* in, + PolicySecret_Out* out +); + + +typedef const struct +{ + PolicySecret_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[6]; + BYTE types[10]; } PolicySecret_COMMAND_DESCRIPTOR_t; + PolicySecret_COMMAND_DESCRIPTOR_t _PolicySecretData = { - /* entry */ &TPM2_PolicySecret, - /* inSize */ (UINT16)(sizeof(PolicySecret_In)), - /* outSize */ (UINT16)(sizeof(PolicySecret_Out)), - /* offsetOfTypes */ offsetof(PolicySecret_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicySecret_In, policySession)), - (UINT16)(offsetof(PolicySecret_In, nonceTPM)), - (UINT16)(offsetof(PolicySecret_In, cpHashA)), - (UINT16)(offsetof(PolicySecret_In, policyRef)), - (UINT16)(offsetof(PolicySecret_In, expiration)), - (UINT16)(offsetof(PolicySecret_Out, policyTicket))}, - /* types */ {TPMI_DH_ENTITY_H_UNMARSHAL, - TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - INT32_P_UNMARSHAL, - END_OF_LIST, - TPM2B_TIMEOUT_P_MARSHAL, - TPMT_TK_AUTH_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_PolicySecret, + /* inSize */ (UINT16)(sizeof(PolicySecret_In)), + /* outSize */ (UINT16)(sizeof(PolicySecret_Out)), + /* offsetOfTypes */ offsetof(PolicySecret_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicySecret_In, policySession)), + (UINT16)(offsetof(PolicySecret_In, nonceTPM)), + (UINT16)(offsetof(PolicySecret_In, cpHashA)), + (UINT16)(offsetof(PolicySecret_In, policyRef)), + (UINT16)(offsetof(PolicySecret_In, expiration)), + (UINT16)(offsetof(PolicySecret_Out, policyTicket))}, + /* types */ {TPMI_DH_ENTITY_H_UNMARSHAL, + TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_NONCE_P_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPM2B_NONCE_P_UNMARSHAL, + INT32_P_UNMARSHAL, + END_OF_LIST, + TPM2B_TIMEOUT_P_MARSHAL, + TPMT_TK_AUTH_P_MARSHAL, + END_OF_LIST} }; + #define _PolicySecretDataAddress (&_PolicySecretData) #else #define _PolicySecretDataAddress 0 -#endif -#if CC_PolicyTicket -#include "PolicyTicket_fp.h" -typedef TPM_RC (PolicyTicket_Entry)( - PolicyTicket_In *in - ); -typedef const struct { - PolicyTicket_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[8]; +#endif // CC_PolicySecret + +#if CC_PolicyTicket +#include "PolicyTicket_fp.h" + +typedef TPM_RC (PolicyTicket_Entry)( + PolicyTicket_In* in +); + + +typedef const struct +{ + PolicyTicket_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[8]; } PolicyTicket_COMMAND_DESCRIPTOR_t; + PolicyTicket_COMMAND_DESCRIPTOR_t _PolicyTicketData = { - /* entry */ &TPM2_PolicyTicket, - /* inSize */ (UINT16)(sizeof(PolicyTicket_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyTicket_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyTicket_In, timeout)), - (UINT16)(offsetof(PolicyTicket_In, cpHashA)), - (UINT16)(offsetof(PolicyTicket_In, policyRef)), - (UINT16)(offsetof(PolicyTicket_In, authName)), - (UINT16)(offsetof(PolicyTicket_In, ticket))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_TIMEOUT_P_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPMT_TK_AUTH_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyTicket, + /* inSize */ (UINT16)(sizeof(PolicyTicket_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyTicket_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyTicket_In, timeout)), + (UINT16)(offsetof(PolicyTicket_In, cpHashA)), + (UINT16)(offsetof(PolicyTicket_In, policyRef)), + (UINT16)(offsetof(PolicyTicket_In, authName)), + (UINT16)(offsetof(PolicyTicket_In, ticket))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_TIMEOUT_P_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPM2B_NONCE_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPMT_TK_AUTH_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyTicketDataAddress (&_PolicyTicketData) #else #define _PolicyTicketDataAddress 0 -#endif -#if CC_PolicyOR -#include "PolicyOR_fp.h" -typedef TPM_RC (PolicyOR_Entry)( - PolicyOR_In *in - ); -typedef const struct { - PolicyOR_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_PolicyTicket + +#if CC_PolicyOR +#include "PolicyOR_fp.h" + +typedef TPM_RC (PolicyOR_Entry)( + PolicyOR_In* in +); + + +typedef const struct +{ + PolicyOR_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } PolicyOR_COMMAND_DESCRIPTOR_t; + PolicyOR_COMMAND_DESCRIPTOR_t _PolicyORData = { - /* entry */ &TPM2_PolicyOR, - /* inSize */ (UINT16)(sizeof(PolicyOR_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyOR_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyOR_In, pHashList))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPML_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyOR, + /* inSize */ (UINT16)(sizeof(PolicyOR_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyOR_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyOR_In, pHashList))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPML_DIGEST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyORDataAddress (&_PolicyORData) #else #define _PolicyORDataAddress 0 -#endif -#if CC_PolicyPCR -#include "PolicyPCR_fp.h" -typedef TPM_RC (PolicyPCR_Entry)( - PolicyPCR_In *in - ); -typedef const struct { - PolicyPCR_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; +#endif // CC_PolicyOR + +#if CC_PolicyPCR +#include "PolicyPCR_fp.h" + +typedef TPM_RC (PolicyPCR_Entry)( + PolicyPCR_In* in +); + + +typedef const struct +{ + PolicyPCR_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; } PolicyPCR_COMMAND_DESCRIPTOR_t; + PolicyPCR_COMMAND_DESCRIPTOR_t _PolicyPCRData = { - /* entry */ &TPM2_PolicyPCR, - /* inSize */ (UINT16)(sizeof(PolicyPCR_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyPCR_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyPCR_In, pcrDigest)), - (UINT16)(offsetof(PolicyPCR_In, pcrs))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyPCR, + /* inSize */ (UINT16)(sizeof(PolicyPCR_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyPCR_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyPCR_In, pcrDigest)), + (UINT16)(offsetof(PolicyPCR_In, pcrs))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPML_PCR_SELECTION_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyPCRDataAddress (&_PolicyPCRData) #else #define _PolicyPCRDataAddress 0 -#endif -#if CC_PolicyLocality -#include "PolicyLocality_fp.h" -typedef TPM_RC (PolicyLocality_Entry)( - PolicyLocality_In *in - ); -typedef const struct { - PolicyLocality_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_PolicyPCR + +#if CC_PolicyLocality +#include "PolicyLocality_fp.h" + +typedef TPM_RC (PolicyLocality_Entry)( + PolicyLocality_In* in +); + + +typedef const struct +{ + PolicyLocality_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } PolicyLocality_COMMAND_DESCRIPTOR_t; + PolicyLocality_COMMAND_DESCRIPTOR_t _PolicyLocalityData = { - /* entry */ &TPM2_PolicyLocality, - /* inSize */ (UINT16)(sizeof(PolicyLocality_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyLocality_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyLocality_In, locality))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPMA_LOCALITY_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyLocality, + /* inSize */ (UINT16)(sizeof(PolicyLocality_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyLocality_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyLocality_In, locality))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPMA_LOCALITY_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyLocalityDataAddress (&_PolicyLocalityData) #else #define _PolicyLocalityDataAddress 0 -#endif -#if CC_PolicyNV -#include "PolicyNV_fp.h" -typedef TPM_RC (PolicyNV_Entry)( - PolicyNV_In *in - ); -typedef const struct { - PolicyNV_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[5]; - BYTE types[8]; +#endif // CC_PolicyLocality + +#if CC_PolicyNV +#include "PolicyNV_fp.h" + +typedef TPM_RC (PolicyNV_Entry)( + PolicyNV_In* in +); + + +typedef const struct +{ + PolicyNV_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[5]; + BYTE types[8]; } PolicyNV_COMMAND_DESCRIPTOR_t; + PolicyNV_COMMAND_DESCRIPTOR_t _PolicyNVData = { - /* entry */ &TPM2_PolicyNV, - /* inSize */ (UINT16)(sizeof(PolicyNV_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyNV_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyNV_In, nvIndex)), - (UINT16)(offsetof(PolicyNV_In, policySession)), - (UINT16)(offsetof(PolicyNV_In, operandB)), - (UINT16)(offsetof(PolicyNV_In, offset)), - (UINT16)(offsetof(PolicyNV_In, operation))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_OPERAND_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - TPM_EO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyNV, + /* inSize */ (UINT16)(sizeof(PolicyNV_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyNV_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyNV_In, nvIndex)), + (UINT16)(offsetof(PolicyNV_In, policySession)), + (UINT16)(offsetof(PolicyNV_In, operandB)), + (UINT16)(offsetof(PolicyNV_In, offset)), + (UINT16)(offsetof(PolicyNV_In, operation))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_OPERAND_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + TPM_EO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyNVDataAddress (&_PolicyNVData) #else #define _PolicyNVDataAddress 0 -#endif -#if CC_PolicyCounterTimer -#include "PolicyCounterTimer_fp.h" -typedef TPM_RC (PolicyCounterTimer_Entry)( - PolicyCounterTimer_In *in - ); -typedef const struct { +#endif // CC_PolicyNV + +#if CC_PolicyCounterTimer +#include "PolicyCounterTimer_fp.h" + +typedef TPM_RC (PolicyCounterTimer_Entry)( + PolicyCounterTimer_In* in +); + + +typedef const struct +{ PolicyCounterTimer_Entry *entry; UINT16 inSize; UINT16 outSize; @@ -2583,374 +3037,461 @@ typedef const struct { UINT16 paramOffsets[3]; BYTE types[6]; } PolicyCounterTimer_COMMAND_DESCRIPTOR_t; + PolicyCounterTimer_COMMAND_DESCRIPTOR_t _PolicyCounterTimerData = { - /* entry */ &TPM2_PolicyCounterTimer, - /* inSize */ (UINT16)(sizeof(PolicyCounterTimer_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyCounterTimer_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyCounterTimer_In, operandB)), - (UINT16)(offsetof(PolicyCounterTimer_In, offset)), - (UINT16)(offsetof(PolicyCounterTimer_In, operation))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_OPERAND_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - TPM_EO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyCounterTimer, + /* inSize */ (UINT16)(sizeof(PolicyCounterTimer_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyCounterTimer_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyCounterTimer_In, operandB)), + (UINT16)(offsetof(PolicyCounterTimer_In, offset)), + (UINT16)(offsetof(PolicyCounterTimer_In, operation))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_OPERAND_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + TPM_EO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyCounterTimerDataAddress (&_PolicyCounterTimerData) #else #define _PolicyCounterTimerDataAddress 0 -#endif -#if CC_PolicyCommandCode -#include "PolicyCommandCode_fp.h" -typedef TPM_RC (PolicyCommandCode_Entry)( - PolicyCommandCode_In *in - ); -typedef const struct { - PolicyCommandCode_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_PolicyCounterTimer + +#if CC_PolicyCommandCode +#include "PolicyCommandCode_fp.h" + +typedef TPM_RC (PolicyCommandCode_Entry)( + PolicyCommandCode_In* in +); + + +typedef const struct +{ + PolicyCommandCode_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } PolicyCommandCode_COMMAND_DESCRIPTOR_t; + PolicyCommandCode_COMMAND_DESCRIPTOR_t _PolicyCommandCodeData = { - /* entry */ &TPM2_PolicyCommandCode, - /* inSize */ (UINT16)(sizeof(PolicyCommandCode_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyCommandCode_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyCommandCode_In, code))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM_CC_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyCommandCode, + /* inSize */ (UINT16)(sizeof(PolicyCommandCode_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyCommandCode_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyCommandCode_In, code))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM_CC_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyCommandCodeDataAddress (&_PolicyCommandCodeData) #else #define _PolicyCommandCodeDataAddress 0 -#endif -#if CC_PolicyPhysicalPresence -#include "PolicyPhysicalPresence_fp.h" -typedef TPM_RC (PolicyPhysicalPresence_Entry)( - PolicyPhysicalPresence_In *in - ); -typedef const struct { +#endif // CC_PolicyCommandCode + +#if CC_PolicyPhysicalPresence +#include "PolicyPhysicalPresence_fp.h" + +typedef TPM_RC (PolicyPhysicalPresence_Entry)( + PolicyPhysicalPresence_In* in +); + + +typedef const struct +{ PolicyPhysicalPresence_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t; + PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t _PolicyPhysicalPresenceData = { - /* entry */ &TPM2_PolicyPhysicalPresence, - /* inSize */ (UINT16)(sizeof(PolicyPhysicalPresence_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyPhysicalPresence, + /* inSize */ (UINT16)(sizeof(PolicyPhysicalPresence_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyPhysicalPresenceDataAddress (&_PolicyPhysicalPresenceData) #else #define _PolicyPhysicalPresenceDataAddress 0 -#endif -#if CC_PolicyCpHash -#include "PolicyCpHash_fp.h" -typedef TPM_RC (PolicyCpHash_Entry)( - PolicyCpHash_In *in - ); -typedef const struct { - PolicyCpHash_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_PolicyPhysicalPresence + +#if CC_PolicyCpHash +#include "PolicyCpHash_fp.h" + +typedef TPM_RC (PolicyCpHash_Entry)( + PolicyCpHash_In* in +); + + +typedef const struct +{ + PolicyCpHash_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } PolicyCpHash_COMMAND_DESCRIPTOR_t; + PolicyCpHash_COMMAND_DESCRIPTOR_t _PolicyCpHashData = { - /* entry */ &TPM2_PolicyCpHash, - /* inSize */ (UINT16)(sizeof(PolicyCpHash_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyCpHash_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyCpHash_In, cpHashA))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyCpHash, + /* inSize */ (UINT16)(sizeof(PolicyCpHash_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyCpHash_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyCpHash_In, cpHashA))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyCpHashDataAddress (&_PolicyCpHashData) #else #define _PolicyCpHashDataAddress 0 -#endif -#if CC_PolicyNameHash -#include "PolicyNameHash_fp.h" -typedef TPM_RC (PolicyNameHash_Entry)( - PolicyNameHash_In *in - ); -typedef const struct { - PolicyNameHash_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_PolicyCpHash + +#if CC_PolicyNameHash +#include "PolicyNameHash_fp.h" + +typedef TPM_RC (PolicyNameHash_Entry)( + PolicyNameHash_In* in +); + + +typedef const struct +{ + PolicyNameHash_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } PolicyNameHash_COMMAND_DESCRIPTOR_t; + PolicyNameHash_COMMAND_DESCRIPTOR_t _PolicyNameHashData = { - /* entry */ &TPM2_PolicyNameHash, - /* inSize */ (UINT16)(sizeof(PolicyNameHash_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyNameHash_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyNameHash_In, nameHash))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyNameHash, + /* inSize */ (UINT16)(sizeof(PolicyNameHash_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyNameHash_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyNameHash_In, nameHash))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyNameHashDataAddress (&_PolicyNameHashData) #else #define _PolicyNameHashDataAddress 0 -#endif -#if CC_PolicyDuplicationSelect -#include "PolicyDuplicationSelect_fp.h" -typedef TPM_RC (PolicyDuplicationSelect_Entry)( - PolicyDuplicationSelect_In *in - ); -typedef const struct { - PolicyDuplicationSelect_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; +#endif // CC_PolicyNameHash + +#if CC_PolicyDuplicationSelect +#include "PolicyDuplicationSelect_fp.h" + +typedef TPM_RC (PolicyDuplicationSelect_Entry)( + PolicyDuplicationSelect_In* in +); + + +typedef const struct +{ + PolicyDuplicationSelect_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[6]; } PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t; + PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t _PolicyDuplicationSelectData = { - /* entry */ &TPM2_PolicyDuplicationSelect, - /* inSize */ (UINT16)(sizeof(PolicyDuplicationSelect_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyDuplicationSelect_In, objectName)), - (UINT16)(offsetof(PolicyDuplicationSelect_In, newParentName)), - (UINT16)(offsetof(PolicyDuplicationSelect_In, includeObject))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyDuplicationSelect, + /* inSize */ (UINT16)(sizeof(PolicyDuplicationSelect_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyDuplicationSelect_In, objectName)), + (UINT16)(offsetof(PolicyDuplicationSelect_In, newParentName)), + (UINT16)(offsetof(PolicyDuplicationSelect_In, includeObject))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyDuplicationSelectDataAddress (&_PolicyDuplicationSelectData) #else #define _PolicyDuplicationSelectDataAddress 0 -#endif -#if CC_PolicyAuthorize -#include "PolicyAuthorize_fp.h" -typedef TPM_RC (PolicyAuthorize_Entry)( - PolicyAuthorize_In *in - ); -typedef const struct { - PolicyAuthorize_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[7]; +#endif // CC_PolicyDuplicationSelect + +#if CC_PolicyAuthorize +#include "PolicyAuthorize_fp.h" + +typedef TPM_RC (PolicyAuthorize_Entry)( + PolicyAuthorize_In* in +); + + +typedef const struct +{ + PolicyAuthorize_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[7]; } PolicyAuthorize_COMMAND_DESCRIPTOR_t; + PolicyAuthorize_COMMAND_DESCRIPTOR_t _PolicyAuthorizeData = { - /* entry */ &TPM2_PolicyAuthorize, - /* inSize */ (UINT16)(sizeof(PolicyAuthorize_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyAuthorize_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyAuthorize_In, approvedPolicy)), - (UINT16)(offsetof(PolicyAuthorize_In, policyRef)), - (UINT16)(offsetof(PolicyAuthorize_In, keySign)), - (UINT16)(offsetof(PolicyAuthorize_In, checkTicket))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPM2B_NONCE_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPMT_TK_VERIFIED_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyAuthorize, + /* inSize */ (UINT16)(sizeof(PolicyAuthorize_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyAuthorize_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyAuthorize_In, approvedPolicy)), + (UINT16)(offsetof(PolicyAuthorize_In, policyRef)), + (UINT16)(offsetof(PolicyAuthorize_In, keySign)), + (UINT16)(offsetof(PolicyAuthorize_In, checkTicket))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPM2B_NONCE_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPMT_TK_VERIFIED_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyAuthorizeDataAddress (&_PolicyAuthorizeData) #else #define _PolicyAuthorizeDataAddress 0 -#endif -#if CC_PolicyAuthValue -#include "PolicyAuthValue_fp.h" -typedef TPM_RC (PolicyAuthValue_Entry)( - PolicyAuthValue_In *in - ); -typedef const struct { - PolicyAuthValue_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_PolicyAuthorize + +#if CC_PolicyAuthValue +#include "PolicyAuthValue_fp.h" + +typedef TPM_RC (PolicyAuthValue_Entry)( + PolicyAuthValue_In* in +); + + +typedef const struct +{ + PolicyAuthValue_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } PolicyAuthValue_COMMAND_DESCRIPTOR_t; + PolicyAuthValue_COMMAND_DESCRIPTOR_t _PolicyAuthValueData = { - /* entry */ &TPM2_PolicyAuthValue, - /* inSize */ (UINT16)(sizeof(PolicyAuthValue_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyAuthValue_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyAuthValue, + /* inSize */ (UINT16)(sizeof(PolicyAuthValue_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyAuthValue_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyAuthValueDataAddress (&_PolicyAuthValueData) #else #define _PolicyAuthValueDataAddress 0 -#endif -#if CC_PolicyPassword -#include "PolicyPassword_fp.h" -typedef TPM_RC (PolicyPassword_Entry)( - PolicyPassword_In *in - ); -typedef const struct { - PolicyPassword_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_PolicyAuthValue + +#if CC_PolicyPassword +#include "PolicyPassword_fp.h" + +typedef TPM_RC (PolicyPassword_Entry)( + PolicyPassword_In* in +); + + +typedef const struct +{ + PolicyPassword_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } PolicyPassword_COMMAND_DESCRIPTOR_t; + PolicyPassword_COMMAND_DESCRIPTOR_t _PolicyPasswordData = { - /* entry */ &TPM2_PolicyPassword, - /* inSize */ (UINT16)(sizeof(PolicyPassword_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyPassword_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyPassword, + /* inSize */ (UINT16)(sizeof(PolicyPassword_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyPassword_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyPasswordDataAddress (&_PolicyPasswordData) #else #define _PolicyPasswordDataAddress 0 -#endif -#if CC_PolicyGetDigest -#include "PolicyGetDigest_fp.h" -typedef TPM_RC (PolicyGetDigest_Entry)( - PolicyGetDigest_In *in, - PolicyGetDigest_Out *out - ); -typedef const struct { - PolicyGetDigest_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; +#endif // CC_PolicyPassword + +#if CC_PolicyGetDigest +#include "PolicyGetDigest_fp.h" + +typedef TPM_RC (PolicyGetDigest_Entry)( + PolicyGetDigest_In* in, + PolicyGetDigest_Out* out +); + + +typedef const struct +{ + PolicyGetDigest_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; } PolicyGetDigest_COMMAND_DESCRIPTOR_t; + PolicyGetDigest_COMMAND_DESCRIPTOR_t _PolicyGetDigestData = { - /* entry */ &TPM2_PolicyGetDigest, - /* inSize */ (UINT16)(sizeof(PolicyGetDigest_In)), - /* outSize */ (UINT16)(sizeof(PolicyGetDigest_Out)), - /* offsetOfTypes */ offsetof(PolicyGetDigest_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - TPM2B_DIGEST_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_PolicyGetDigest, + /* inSize */ (UINT16)(sizeof(PolicyGetDigest_In)), + /* outSize */ (UINT16)(sizeof(PolicyGetDigest_Out)), + /* offsetOfTypes */ offsetof(PolicyGetDigest_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + END_OF_LIST, + TPM2B_DIGEST_P_MARSHAL, + END_OF_LIST} }; + #define _PolicyGetDigestDataAddress (&_PolicyGetDigestData) #else #define _PolicyGetDigestDataAddress 0 -#endif -#if CC_PolicyNvWritten -#include "PolicyNvWritten_fp.h" -typedef TPM_RC (PolicyNvWritten_Entry)( - PolicyNvWritten_In *in - ); -typedef const struct { - PolicyNvWritten_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_PolicyGetDigest + +#if CC_PolicyNvWritten +#include "PolicyNvWritten_fp.h" + +typedef TPM_RC (PolicyNvWritten_Entry)( + PolicyNvWritten_In* in +); + + +typedef const struct +{ + PolicyNvWritten_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } PolicyNvWritten_COMMAND_DESCRIPTOR_t; + PolicyNvWritten_COMMAND_DESCRIPTOR_t _PolicyNvWrittenData = { - /* entry */ &TPM2_PolicyNvWritten, - /* inSize */ (UINT16)(sizeof(PolicyNvWritten_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyNvWritten_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyNvWritten_In, writtenSet))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyNvWritten, + /* inSize */ (UINT16)(sizeof(PolicyNvWritten_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyNvWritten_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyNvWritten_In, writtenSet))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyNvWrittenDataAddress (&_PolicyNvWrittenData) #else #define _PolicyNvWrittenDataAddress 0 -#endif -#if CC_PolicyTemplate -#include "PolicyTemplate_fp.h" -typedef TPM_RC (PolicyTemplate_Entry)( - PolicyTemplate_In *in - ); -typedef const struct { - PolicyTemplate_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_PolicyNvWritten + +#if CC_PolicyTemplate +#include "PolicyTemplate_fp.h" + +typedef TPM_RC (PolicyTemplate_Entry)( + PolicyTemplate_In* in +); + + +typedef const struct +{ + PolicyTemplate_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } PolicyTemplate_COMMAND_DESCRIPTOR_t; + PolicyTemplate_COMMAND_DESCRIPTOR_t _PolicyTemplateData = { - /* entry */ &TPM2_PolicyTemplate, - /* inSize */ (UINT16)(sizeof(PolicyTemplate_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyTemplate_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyTemplate_In, templateHash))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyTemplate, + /* inSize */ (UINT16)(sizeof(PolicyTemplate_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyTemplate_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyTemplate_In, templateHash))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyTemplateDataAddress (&_PolicyTemplateData) #else #define _PolicyTemplateDataAddress 0 -#endif -#if CC_PolicyAuthorizeNV -#include "PolicyAuthorizeNV_fp.h" -typedef TPM_RC (PolicyAuthorizeNV_Entry)( - PolicyAuthorizeNV_In *in - ); -typedef const struct { - PolicyAuthorizeNV_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; +#endif // CC_PolicyTemplate + +#if CC_PolicyAuthorizeNV +#include "PolicyAuthorizeNV_fp.h" + +typedef TPM_RC (PolicyAuthorizeNV_Entry)( + PolicyAuthorizeNV_In* in +); + + +typedef const struct +{ + PolicyAuthorizeNV_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; } PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t; + PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t _PolicyAuthorizeNVData = { - /* entry */ &TPM2_PolicyAuthorizeNV, - /* inSize */ (UINT16)(sizeof(PolicyAuthorizeNV_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PolicyAuthorizeNV_In, nvIndex)), - (UINT16)(offsetof(PolicyAuthorizeNV_In, policySession))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPMI_SH_POLICY_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PolicyAuthorizeNV, + /* inSize */ (UINT16)(sizeof(PolicyAuthorizeNV_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PolicyAuthorizeNV_In, nvIndex)), + (UINT16)(offsetof(PolicyAuthorizeNV_In, policySession))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPMI_SH_POLICY_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PolicyAuthorizeNVDataAddress (&_PolicyAuthorizeNVData) #else #define _PolicyAuthorizeNVDataAddress 0 -#endif +#endif // CC_PolicyAuthorizeNV #if CC_PolicyCapability #include "PolicyCapability_fp.h" typedef TPM_RC (PolicyCapability_Entry)( - PolicyCapability_In* in - ); + PolicyCapability_In* in +); + typedef const struct { @@ -2968,18 +3509,18 @@ PolicyCapability_COMMAND_DESCRIPTOR_t _PolicyCapabilityData = { /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyCapability_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyCapability_In, operandB)), - (UINT16)(offsetof(PolicyCapability_In, offset)), - (UINT16)(offsetof(PolicyCapability_In, operation)), - (UINT16)(offsetof(PolicyCapability_In, capability)), - (UINT16)(offsetof(PolicyCapability_In, property))}, + (UINT16)(offsetof(PolicyCapability_In, offset)), + (UINT16)(offsetof(PolicyCapability_In, operation)), + (UINT16)(offsetof(PolicyCapability_In, capability)), + (UINT16)(offsetof(PolicyCapability_In, property))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_OPERAND_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - TPM_EO_P_UNMARSHAL, - TPM_CAP_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + TPM2B_OPERAND_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + TPM_EO_P_UNMARSHAL, + TPM_CAP_P_UNMARSHAL, + UINT32_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; #define _PolicyCapabilityDataAddress (&_PolicyCapabilityData) @@ -2991,8 +3532,8 @@ PolicyCapability_COMMAND_DESCRIPTOR_t _PolicyCapabilityData = { #include "PolicyParameters_fp.h" typedef TPM_RC (PolicyParameters_Entry)( - PolicyParameters_In* in - ); + PolicyParameters_In* in +); typedef const struct @@ -3012,9 +3553,9 @@ PolicyParameters_COMMAND_DESCRIPTOR_t _PolicyParametersData = { /* offsetOfTypes */ offsetof(PolicyParameters_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyParameters_In, pHash))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + TPM2B_DIGEST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; #define _PolicyParametersDataAddress (&_PolicyParametersData) @@ -3022,278 +3563,345 @@ PolicyParameters_COMMAND_DESCRIPTOR_t _PolicyParametersData = { #define _PolicyParametersDataAddress 0 #endif // CC_PolicyParameters -#if CC_CreatePrimary -#include "CreatePrimary_fp.h" -typedef TPM_RC (CreatePrimary_Entry)( - CreatePrimary_In *in, - CreatePrimary_Out *out - ); -typedef const struct { - CreatePrimary_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[9]; - BYTE types[13]; +#if CC_CreatePrimary +#include "CreatePrimary_fp.h" + +typedef TPM_RC (CreatePrimary_Entry)( + CreatePrimary_In* in, + CreatePrimary_Out* out +); + + +typedef const struct +{ + CreatePrimary_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[9]; + BYTE types[13]; } CreatePrimary_COMMAND_DESCRIPTOR_t; + CreatePrimary_COMMAND_DESCRIPTOR_t _CreatePrimaryData = { - /* entry */ &TPM2_CreatePrimary, - /* inSize */ (UINT16)(sizeof(CreatePrimary_In)), - /* outSize */ (UINT16)(sizeof(CreatePrimary_Out)), - /* offsetOfTypes */ offsetof(CreatePrimary_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(CreatePrimary_In, inSensitive)), - (UINT16)(offsetof(CreatePrimary_In, inPublic)), - (UINT16)(offsetof(CreatePrimary_In, outsideInfo)), - (UINT16)(offsetof(CreatePrimary_In, creationPCR)), - (UINT16)(offsetof(CreatePrimary_Out, outPublic)), - (UINT16)(offsetof(CreatePrimary_Out, creationData)), - (UINT16)(offsetof(CreatePrimary_Out, creationHash)), - (UINT16)(offsetof(CreatePrimary_Out, creationTicket)), - (UINT16)(offsetof(CreatePrimary_Out, name))}, - /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL + ADD_FLAG, - TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, - TPM2B_PUBLIC_P_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPML_PCR_SELECTION_P_UNMARSHAL, - END_OF_LIST, - TPM_HANDLE_H_MARSHAL, - TPM2B_PUBLIC_P_MARSHAL, - TPM2B_CREATION_DATA_P_MARSHAL, - TPM2B_DIGEST_P_MARSHAL, - TPMT_TK_CREATION_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_CreatePrimary, + /* inSize */ (UINT16)(sizeof(CreatePrimary_In)), + /* outSize */ (UINT16)(sizeof(CreatePrimary_Out)), + /* offsetOfTypes */ offsetof(CreatePrimary_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(CreatePrimary_In, inSensitive)), + (UINT16)(offsetof(CreatePrimary_In, inPublic)), + (UINT16)(offsetof(CreatePrimary_In, outsideInfo)), + (UINT16)(offsetof(CreatePrimary_In, creationPCR)), + (UINT16)(offsetof(CreatePrimary_Out, outPublic)), + (UINT16)(offsetof(CreatePrimary_Out, creationData)), + (UINT16)(offsetof(CreatePrimary_Out, creationHash)), + (UINT16)(offsetof(CreatePrimary_Out, creationTicket)), + (UINT16)(offsetof(CreatePrimary_Out, name))}, + /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL + ADD_FLAG, + TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, + TPM2B_PUBLIC_P_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPML_PCR_SELECTION_P_UNMARSHAL, + END_OF_LIST, + TPM_HANDLE_H_MARSHAL, + TPM2B_PUBLIC_P_MARSHAL, + TPM2B_CREATION_DATA_P_MARSHAL, + TPM2B_DIGEST_P_MARSHAL, + TPMT_TK_CREATION_P_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} }; + #define _CreatePrimaryDataAddress (&_CreatePrimaryData) #else #define _CreatePrimaryDataAddress 0 -#endif -#if CC_HierarchyControl -#include "HierarchyControl_fp.h" -typedef TPM_RC (HierarchyControl_Entry)( - HierarchyControl_In *in - ); -typedef const struct { - HierarchyControl_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; +#endif // CC_CreatePrimary + +#if CC_HierarchyControl +#include "HierarchyControl_fp.h" + +typedef TPM_RC (HierarchyControl_Entry)( + HierarchyControl_In* in +); + + +typedef const struct +{ + HierarchyControl_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; } HierarchyControl_COMMAND_DESCRIPTOR_t; + HierarchyControl_COMMAND_DESCRIPTOR_t _HierarchyControlData = { - /* entry */ &TPM2_HierarchyControl, - /* inSize */ (UINT16)(sizeof(HierarchyControl_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(HierarchyControl_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HierarchyControl_In, enable)), - (UINT16)(offsetof(HierarchyControl_In, state))}, - /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL, - TPMI_RH_ENABLES_P_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_HierarchyControl, + /* inSize */ (UINT16)(sizeof(HierarchyControl_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(HierarchyControl_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(HierarchyControl_In, enable)), + (UINT16)(offsetof(HierarchyControl_In, state))}, + /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL, + TPMI_RH_ENABLES_P_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _HierarchyControlDataAddress (&_HierarchyControlData) #else #define _HierarchyControlDataAddress 0 -#endif -#if CC_SetPrimaryPolicy -#include "SetPrimaryPolicy_fp.h" -typedef TPM_RC (SetPrimaryPolicy_Entry)( - SetPrimaryPolicy_In *in - ); -typedef const struct { - SetPrimaryPolicy_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; +#endif // CC_HierarchyControl + +#if CC_SetPrimaryPolicy +#include "SetPrimaryPolicy_fp.h" + +typedef TPM_RC (SetPrimaryPolicy_Entry)( + SetPrimaryPolicy_In* in +); + + +typedef const struct +{ + SetPrimaryPolicy_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; } SetPrimaryPolicy_COMMAND_DESCRIPTOR_t; + SetPrimaryPolicy_COMMAND_DESCRIPTOR_t _SetPrimaryPolicyData = { - /* entry */ &TPM2_SetPrimaryPolicy, - /* inSize */ (UINT16)(sizeof(SetPrimaryPolicy_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SetPrimaryPolicy_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SetPrimaryPolicy_In, authPolicy)), - (UINT16)(offsetof(SetPrimaryPolicy_In, hashAlg))}, - /* types */ {TPMI_RH_HIERARCHY_POLICY_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_SetPrimaryPolicy, + /* inSize */ (UINT16)(sizeof(SetPrimaryPolicy_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(SetPrimaryPolicy_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(SetPrimaryPolicy_In, authPolicy)), + (UINT16)(offsetof(SetPrimaryPolicy_In, hashAlg))}, + /* types */ {TPMI_RH_HIERARCHY_POLICY_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, + END_OF_LIST, + END_OF_LIST} }; + #define _SetPrimaryPolicyDataAddress (&_SetPrimaryPolicyData) #else #define _SetPrimaryPolicyDataAddress 0 -#endif -#if CC_ChangePPS -#include "ChangePPS_fp.h" -typedef TPM_RC (ChangePPS_Entry)( - ChangePPS_In *in - ); -typedef const struct { - ChangePPS_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_SetPrimaryPolicy + +#if CC_ChangePPS +#include "ChangePPS_fp.h" + +typedef TPM_RC (ChangePPS_Entry)( + ChangePPS_In* in +); + + +typedef const struct +{ + ChangePPS_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } ChangePPS_COMMAND_DESCRIPTOR_t; + ChangePPS_COMMAND_DESCRIPTOR_t _ChangePPSData = { - /* entry */ &TPM2_ChangePPS, - /* inSize */ (UINT16)(sizeof(ChangePPS_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ChangePPS_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_ChangePPS, + /* inSize */ (UINT16)(sizeof(ChangePPS_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(ChangePPS_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _ChangePPSDataAddress (&_ChangePPSData) #else #define _ChangePPSDataAddress 0 -#endif -#if CC_ChangeEPS -#include "ChangeEPS_fp.h" -typedef TPM_RC (ChangeEPS_Entry)( - ChangeEPS_In *in - ); -typedef const struct { - ChangeEPS_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_ChangePPS + +#if CC_ChangeEPS +#include "ChangeEPS_fp.h" + +typedef TPM_RC (ChangeEPS_Entry)( + ChangeEPS_In* in +); + + +typedef const struct +{ + ChangeEPS_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } ChangeEPS_COMMAND_DESCRIPTOR_t; + ChangeEPS_COMMAND_DESCRIPTOR_t _ChangeEPSData = { - /* entry */ &TPM2_ChangeEPS, - /* inSize */ (UINT16)(sizeof(ChangeEPS_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ChangeEPS_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_ChangeEPS, + /* inSize */ (UINT16)(sizeof(ChangeEPS_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(ChangeEPS_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _ChangeEPSDataAddress (&_ChangeEPSData) #else #define _ChangeEPSDataAddress 0 -#endif -#if CC_Clear -#include "Clear_fp.h" -typedef TPM_RC (Clear_Entry)( - Clear_In *in - ); -typedef const struct { - Clear_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_ChangeEPS + +#if CC_Clear +#include "Clear_fp.h" + +typedef TPM_RC (Clear_Entry)( + Clear_In* in +); + + +typedef const struct +{ + Clear_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } Clear_COMMAND_DESCRIPTOR_t; + Clear_COMMAND_DESCRIPTOR_t _ClearData = { - /* entry */ &TPM2_Clear, - /* inSize */ (UINT16)(sizeof(Clear_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(Clear_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_RH_CLEAR_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_Clear, + /* inSize */ (UINT16)(sizeof(Clear_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(Clear_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_RH_CLEAR_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _ClearDataAddress (&_ClearData) #else #define _ClearDataAddress 0 -#endif -#if CC_ClearControl -#include "ClearControl_fp.h" -typedef TPM_RC (ClearControl_Entry)( - ClearControl_In *in - ); -typedef const struct { - ClearControl_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_Clear + +#if CC_ClearControl +#include "ClearControl_fp.h" + +typedef TPM_RC (ClearControl_Entry)( + ClearControl_In* in +); + + +typedef const struct +{ + ClearControl_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } ClearControl_COMMAND_DESCRIPTOR_t; + ClearControl_COMMAND_DESCRIPTOR_t _ClearControlData = { - /* entry */ &TPM2_ClearControl, - /* inSize */ (UINT16)(sizeof(ClearControl_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ClearControl_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ClearControl_In, disable))}, - /* types */ {TPMI_RH_CLEAR_H_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_ClearControl, + /* inSize */ (UINT16)(sizeof(ClearControl_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(ClearControl_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ClearControl_In, disable))}, + /* types */ {TPMI_RH_CLEAR_H_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _ClearControlDataAddress (&_ClearControlData) #else #define _ClearControlDataAddress 0 -#endif -#if CC_HierarchyChangeAuth -#include "HierarchyChangeAuth_fp.h" -typedef TPM_RC (HierarchyChangeAuth_Entry)( - HierarchyChangeAuth_In *in - ); -typedef const struct { - HierarchyChangeAuth_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_ClearControl + +#if CC_HierarchyChangeAuth +#include "HierarchyChangeAuth_fp.h" + +typedef TPM_RC (HierarchyChangeAuth_Entry)( + HierarchyChangeAuth_In* in +); + + +typedef const struct +{ + HierarchyChangeAuth_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } HierarchyChangeAuth_COMMAND_DESCRIPTOR_t; + HierarchyChangeAuth_COMMAND_DESCRIPTOR_t _HierarchyChangeAuthData = { - /* entry */ &TPM2_HierarchyChangeAuth, - /* inSize */ (UINT16)(sizeof(HierarchyChangeAuth_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(HierarchyChangeAuth_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(HierarchyChangeAuth_In, newAuth))}, - /* types */ {TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_HierarchyChangeAuth, + /* inSize */ (UINT16)(sizeof(HierarchyChangeAuth_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(HierarchyChangeAuth_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(HierarchyChangeAuth_In, newAuth))}, + /* types */ {TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL, + TPM2B_AUTH_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _HierarchyChangeAuthDataAddress (&_HierarchyChangeAuthData) #else #define _HierarchyChangeAuthDataAddress 0 -#endif -#if CC_DictionaryAttackLockReset -#include "DictionaryAttackLockReset_fp.h" -typedef TPM_RC (DictionaryAttackLockReset_Entry)( - DictionaryAttackLockReset_In *in - ); -typedef const struct { - DictionaryAttackLockReset_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_HierarchyChangeAuth + +#if CC_DictionaryAttackLockReset +#include "DictionaryAttackLockReset_fp.h" + +typedef TPM_RC (DictionaryAttackLockReset_Entry)( + DictionaryAttackLockReset_In* in +); + + +typedef const struct +{ + DictionaryAttackLockReset_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t; + DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t _DictionaryAttackLockResetData = { - /* entry */ &TPM2_DictionaryAttackLockReset, - /* inSize */ (UINT16)(sizeof(DictionaryAttackLockReset_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_RH_LOCKOUT_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_DictionaryAttackLockReset, + /* inSize */ (UINT16)(sizeof(DictionaryAttackLockReset_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_RH_LOCKOUT_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _DictionaryAttackLockResetDataAddress (&_DictionaryAttackLockResetData) #else #define _DictionaryAttackLockResetDataAddress 0 -#endif -#if CC_DictionaryAttackParameters -#include "DictionaryAttackParameters_fp.h" -typedef TPM_RC (DictionaryAttackParameters_Entry)( - DictionaryAttackParameters_In *in - ); -typedef const struct { +#endif // CC_DictionaryAttackLockReset + +#if CC_DictionaryAttackParameters +#include "DictionaryAttackParameters_fp.h" + +typedef TPM_RC (DictionaryAttackParameters_Entry)( + DictionaryAttackParameters_In* in +); + + +typedef const struct +{ DictionaryAttackParameters_Entry *entry; UINT16 inSize; UINT16 outSize; @@ -3301,856 +3909,1055 @@ typedef const struct { UINT16 paramOffsets[3]; BYTE types[6]; } DictionaryAttackParameters_COMMAND_DESCRIPTOR_t; + DictionaryAttackParameters_COMMAND_DESCRIPTOR_t _DictionaryAttackParametersData = { - /* entry */ &TPM2_DictionaryAttackParameters, - /* inSize */ (UINT16)(sizeof(DictionaryAttackParameters_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(DictionaryAttackParameters_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(DictionaryAttackParameters_In, newMaxTries)), - (UINT16)(offsetof(DictionaryAttackParameters_In, newRecoveryTime)), - (UINT16)(offsetof(DictionaryAttackParameters_In, lockoutRecovery))}, - /* types */ {TPMI_RH_LOCKOUT_H_UNMARSHAL, - UINT32_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_DictionaryAttackParameters, + /* inSize */ (UINT16)(sizeof(DictionaryAttackParameters_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(DictionaryAttackParameters_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(DictionaryAttackParameters_In, newMaxTries)), + (UINT16)(offsetof(DictionaryAttackParameters_In, newRecoveryTime)), + (UINT16)(offsetof(DictionaryAttackParameters_In, lockoutRecovery))}, + /* types */ {TPMI_RH_LOCKOUT_H_UNMARSHAL, + UINT32_P_UNMARSHAL, + UINT32_P_UNMARSHAL, + UINT32_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _DictionaryAttackParametersDataAddress (&_DictionaryAttackParametersData) #else #define _DictionaryAttackParametersDataAddress 0 -#endif -#if CC_PP_Commands -#include "PP_Commands_fp.h" -typedef TPM_RC (PP_Commands_Entry)( - PP_Commands_In *in - ); -typedef const struct { - PP_Commands_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; +#endif // CC_DictionaryAttackParameters + +#if CC_PP_Commands +#include "PP_Commands_fp.h" + +typedef TPM_RC (PP_Commands_Entry)( + PP_Commands_In* in +); + + +typedef const struct +{ + PP_Commands_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; } PP_Commands_COMMAND_DESCRIPTOR_t; + PP_Commands_COMMAND_DESCRIPTOR_t _PP_CommandsData = { - /* entry */ &TPM2_PP_Commands, - /* inSize */ (UINT16)(sizeof(PP_Commands_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(PP_Commands_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(PP_Commands_In, setList)), - (UINT16)(offsetof(PP_Commands_In, clearList))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - TPML_CC_P_UNMARSHAL, - TPML_CC_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_PP_Commands, + /* inSize */ (UINT16)(sizeof(PP_Commands_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(PP_Commands_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(PP_Commands_In, setList)), + (UINT16)(offsetof(PP_Commands_In, clearList))}, + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + TPML_CC_P_UNMARSHAL, + TPML_CC_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _PP_CommandsDataAddress (&_PP_CommandsData) #else #define _PP_CommandsDataAddress 0 -#endif -#if CC_SetAlgorithmSet -#include "SetAlgorithmSet_fp.h" -typedef TPM_RC (SetAlgorithmSet_Entry)( - SetAlgorithmSet_In *in - ); -typedef const struct { - SetAlgorithmSet_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_PP_Commands + +#if CC_SetAlgorithmSet +#include "SetAlgorithmSet_fp.h" + +typedef TPM_RC (SetAlgorithmSet_Entry)( + SetAlgorithmSet_In* in +); + + +typedef const struct +{ + SetAlgorithmSet_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } SetAlgorithmSet_COMMAND_DESCRIPTOR_t; + SetAlgorithmSet_COMMAND_DESCRIPTOR_t _SetAlgorithmSetData = { - /* entry */ &TPM2_SetAlgorithmSet, - /* inSize */ (UINT16)(sizeof(SetAlgorithmSet_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(SetAlgorithmSet_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(SetAlgorithmSet_In, algorithmSet))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_SetAlgorithmSet, + /* inSize */ (UINT16)(sizeof(SetAlgorithmSet_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(SetAlgorithmSet_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(SetAlgorithmSet_In, algorithmSet))}, + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + UINT32_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _SetAlgorithmSetDataAddress (&_SetAlgorithmSetData) #else #define _SetAlgorithmSetDataAddress 0 -#endif -#if CC_FieldUpgradeStart -#include "FieldUpgradeStart_fp.h" -typedef TPM_RC (FieldUpgradeStart_Entry)( - FieldUpgradeStart_In *in - ); -typedef const struct { - FieldUpgradeStart_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; +#endif // CC_SetAlgorithmSet + +#if CC_FieldUpgradeStart +#include "FieldUpgradeStart_fp.h" + +typedef TPM_RC (FieldUpgradeStart_Entry)( + FieldUpgradeStart_In* in +); + + +typedef const struct +{ + FieldUpgradeStart_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[6]; } FieldUpgradeStart_COMMAND_DESCRIPTOR_t; + FieldUpgradeStart_COMMAND_DESCRIPTOR_t _FieldUpgradeStartData = { - /* entry */ &TPM2_FieldUpgradeStart, - /* inSize */ (UINT16)(sizeof(FieldUpgradeStart_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(FieldUpgradeStart_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(FieldUpgradeStart_In, keyHandle)), - (UINT16)(offsetof(FieldUpgradeStart_In, fuDigest)), - (UINT16)(offsetof(FieldUpgradeStart_In, manifestSignature))}, - /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPM2B_DIGEST_P_UNMARSHAL, - TPMT_SIGNATURE_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_FieldUpgradeStart, + /* inSize */ (UINT16)(sizeof(FieldUpgradeStart_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(FieldUpgradeStart_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(FieldUpgradeStart_In, keyHandle)), + (UINT16)(offsetof(FieldUpgradeStart_In, fuDigest)), + (UINT16)(offsetof(FieldUpgradeStart_In, manifestSignature))}, + /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPM2B_DIGEST_P_UNMARSHAL, + TPMT_SIGNATURE_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _FieldUpgradeStartDataAddress (&_FieldUpgradeStartData) #else #define _FieldUpgradeStartDataAddress 0 -#endif -#if CC_FieldUpgradeData -#include "FieldUpgradeData_fp.h" -typedef TPM_RC (FieldUpgradeData_Entry)( - FieldUpgradeData_In *in, - FieldUpgradeData_Out *out - ); -typedef const struct { - FieldUpgradeData_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; +#endif // CC_FieldUpgradeStart + +#if CC_FieldUpgradeData +#include "FieldUpgradeData_fp.h" + +typedef TPM_RC (FieldUpgradeData_Entry)( + FieldUpgradeData_In* in, + FieldUpgradeData_Out* out +); + + +typedef const struct +{ + FieldUpgradeData_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; } FieldUpgradeData_COMMAND_DESCRIPTOR_t; + FieldUpgradeData_COMMAND_DESCRIPTOR_t _FieldUpgradeDataData = { - /* entry */ &TPM2_FieldUpgradeData, - /* inSize */ (UINT16)(sizeof(FieldUpgradeData_In)), - /* outSize */ (UINT16)(sizeof(FieldUpgradeData_Out)), - /* offsetOfTypes */ offsetof(FieldUpgradeData_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(FieldUpgradeData_Out, firstDigest))}, - /* types */ {TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPMT_HA_P_MARSHAL, - TPMT_HA_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_FieldUpgradeData, + /* inSize */ (UINT16)(sizeof(FieldUpgradeData_In)), + /* outSize */ (UINT16)(sizeof(FieldUpgradeData_Out)), + /* offsetOfTypes */ offsetof(FieldUpgradeData_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(FieldUpgradeData_Out, firstDigest))}, + /* types */ {TPM2B_MAX_BUFFER_P_UNMARSHAL, + END_OF_LIST, + TPMT_HA_P_MARSHAL, + TPMT_HA_P_MARSHAL, + END_OF_LIST} }; + #define _FieldUpgradeDataDataAddress (&_FieldUpgradeDataData) #else #define _FieldUpgradeDataDataAddress 0 -#endif -#if CC_FirmwareRead -#include "FirmwareRead_fp.h" -typedef TPM_RC (FirmwareRead_Entry)( - FirmwareRead_In *in, - FirmwareRead_Out *out - ); -typedef const struct { - FirmwareRead_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; +#endif // CC_FieldUpgradeData + +#if CC_FirmwareRead +#include "FirmwareRead_fp.h" + +typedef TPM_RC (FirmwareRead_Entry)( + FirmwareRead_In* in, + FirmwareRead_Out* out +); + + +typedef const struct +{ + FirmwareRead_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; } FirmwareRead_COMMAND_DESCRIPTOR_t; + FirmwareRead_COMMAND_DESCRIPTOR_t _FirmwareReadData = { - /* entry */ &TPM2_FirmwareRead, - /* inSize */ (UINT16)(sizeof(FirmwareRead_In)), - /* outSize */ (UINT16)(sizeof(FirmwareRead_Out)), - /* offsetOfTypes */ offsetof(FirmwareRead_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {UINT32_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_BUFFER_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_FirmwareRead, + /* inSize */ (UINT16)(sizeof(FirmwareRead_In)), + /* outSize */ (UINT16)(sizeof(FirmwareRead_Out)), + /* offsetOfTypes */ offsetof(FirmwareRead_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {UINT32_P_UNMARSHAL, + END_OF_LIST, + TPM2B_MAX_BUFFER_P_MARSHAL, + END_OF_LIST} }; + #define _FirmwareReadDataAddress (&_FirmwareReadData) #else #define _FirmwareReadDataAddress 0 -#endif -#if CC_ContextSave -#include "ContextSave_fp.h" -typedef TPM_RC (ContextSave_Entry)( - ContextSave_In *in, - ContextSave_Out *out - ); -typedef const struct { - ContextSave_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; +#endif // CC_FirmwareRead + +#if CC_ContextSave +#include "ContextSave_fp.h" + +typedef TPM_RC (ContextSave_Entry)( + ContextSave_In* in, + ContextSave_Out* out +); + + +typedef const struct +{ + ContextSave_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; } ContextSave_COMMAND_DESCRIPTOR_t; + ContextSave_COMMAND_DESCRIPTOR_t _ContextSaveData = { - /* entry */ &TPM2_ContextSave, - /* inSize */ (UINT16)(sizeof(ContextSave_In)), - /* outSize */ (UINT16)(sizeof(ContextSave_Out)), - /* offsetOfTypes */ offsetof(ContextSave_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_DH_CONTEXT_H_UNMARSHAL, - END_OF_LIST, - TPMS_CONTEXT_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_ContextSave, + /* inSize */ (UINT16)(sizeof(ContextSave_In)), + /* outSize */ (UINT16)(sizeof(ContextSave_Out)), + /* offsetOfTypes */ offsetof(ContextSave_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_DH_CONTEXT_H_UNMARSHAL, + END_OF_LIST, + TPMS_CONTEXT_P_MARSHAL, + END_OF_LIST} }; + #define _ContextSaveDataAddress (&_ContextSaveData) #else #define _ContextSaveDataAddress 0 -#endif -#if CC_ContextLoad -#include "ContextLoad_fp.h" -typedef TPM_RC (ContextLoad_Entry)( - ContextLoad_In *in, - ContextLoad_Out *out - ); -typedef const struct { - ContextLoad_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; +#endif // CC_ContextSave + +#if CC_ContextLoad +#include "ContextLoad_fp.h" + +typedef TPM_RC (ContextLoad_Entry)( + ContextLoad_In* in, + ContextLoad_Out* out +); + + +typedef const struct +{ + ContextLoad_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; } ContextLoad_COMMAND_DESCRIPTOR_t; + ContextLoad_COMMAND_DESCRIPTOR_t _ContextLoadData = { - /* entry */ &TPM2_ContextLoad, - /* inSize */ (UINT16)(sizeof(ContextLoad_In)), - /* outSize */ (UINT16)(sizeof(ContextLoad_Out)), - /* offsetOfTypes */ offsetof(ContextLoad_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMS_CONTEXT_P_UNMARSHAL, - END_OF_LIST, - TPMI_DH_CONTEXT_H_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_ContextLoad, + /* inSize */ (UINT16)(sizeof(ContextLoad_In)), + /* outSize */ (UINT16)(sizeof(ContextLoad_Out)), + /* offsetOfTypes */ offsetof(ContextLoad_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMS_CONTEXT_P_UNMARSHAL, + END_OF_LIST, + TPMI_DH_CONTEXT_H_MARSHAL, + END_OF_LIST} }; + #define _ContextLoadDataAddress (&_ContextLoadData) #else #define _ContextLoadDataAddress 0 -#endif -#if CC_FlushContext -#include "FlushContext_fp.h" -typedef TPM_RC (FlushContext_Entry)( - FlushContext_In *in - ); -typedef const struct { - FlushContext_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_ContextLoad + +#if CC_FlushContext +#include "FlushContext_fp.h" + +typedef TPM_RC (FlushContext_Entry)( + FlushContext_In* in +); + + +typedef const struct +{ + FlushContext_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } FlushContext_COMMAND_DESCRIPTOR_t; + FlushContext_COMMAND_DESCRIPTOR_t _FlushContextData = { - /* entry */ &TPM2_FlushContext, - /* inSize */ (UINT16)(sizeof(FlushContext_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(FlushContext_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_DH_CONTEXT_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_FlushContext, + /* inSize */ (UINT16)(sizeof(FlushContext_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(FlushContext_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_DH_CONTEXT_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _FlushContextDataAddress (&_FlushContextData) #else #define _FlushContextDataAddress 0 -#endif -#if CC_EvictControl -#include "EvictControl_fp.h" -typedef TPM_RC (EvictControl_Entry)( - EvictControl_In *in - ); -typedef const struct { - EvictControl_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; +#endif // CC_FlushContext + +#if CC_EvictControl +#include "EvictControl_fp.h" + +typedef TPM_RC (EvictControl_Entry)( + EvictControl_In* in +); + + +typedef const struct +{ + EvictControl_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; } EvictControl_COMMAND_DESCRIPTOR_t; + EvictControl_COMMAND_DESCRIPTOR_t _EvictControlData = { - /* entry */ &TPM2_EvictControl, - /* inSize */ (UINT16)(sizeof(EvictControl_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(EvictControl_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(EvictControl_In, objectHandle)), - (UINT16)(offsetof(EvictControl_In, persistentHandle))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_DH_PERSISTENT_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_EvictControl, + /* inSize */ (UINT16)(sizeof(EvictControl_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(EvictControl_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(EvictControl_In, objectHandle)), + (UINT16)(offsetof(EvictControl_In, persistentHandle))}, + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_DH_PERSISTENT_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _EvictControlDataAddress (&_EvictControlData) #else #define _EvictControlDataAddress 0 -#endif -#if CC_ReadClock -#include "ReadClock_fp.h" -typedef TPM_RC (ReadClock_Entry)( - ReadClock_Out *out - ); -typedef const struct { - ReadClock_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_EvictControl + +#if CC_ReadClock +#include "ReadClock_fp.h" + +typedef TPM_RC (ReadClock_Entry)( + ReadClock_Out* out +); + + +typedef const struct +{ + ReadClock_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } ReadClock_COMMAND_DESCRIPTOR_t; + ReadClock_COMMAND_DESCRIPTOR_t _ReadClockData = { - /* entry */ &TPM2_ReadClock, - /* inSize */ 0, - /* outSize */ (UINT16)(sizeof(ReadClock_Out)), - /* offsetOfTypes */ offsetof(ReadClock_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {END_OF_LIST, - TPMS_TIME_INFO_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_ReadClock, + /* inSize */ 0, + /* outSize */ (UINT16)(sizeof(ReadClock_Out)), + /* offsetOfTypes */ offsetof(ReadClock_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {END_OF_LIST, + TPMS_TIME_INFO_P_MARSHAL, + END_OF_LIST} }; + #define _ReadClockDataAddress (&_ReadClockData) #else #define _ReadClockDataAddress 0 -#endif -#if CC_ClockSet -#include "ClockSet_fp.h" -typedef TPM_RC (ClockSet_Entry)( - ClockSet_In *in - ); -typedef const struct { - ClockSet_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_ReadClock + +#if CC_ClockSet +#include "ClockSet_fp.h" + +typedef TPM_RC (ClockSet_Entry)( + ClockSet_In* in +); + + +typedef const struct +{ + ClockSet_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } ClockSet_COMMAND_DESCRIPTOR_t; + ClockSet_COMMAND_DESCRIPTOR_t _ClockSetData = { - /* entry */ &TPM2_ClockSet, - /* inSize */ (UINT16)(sizeof(ClockSet_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ClockSet_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ClockSet_In, newTime))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - UINT64_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_ClockSet, + /* inSize */ (UINT16)(sizeof(ClockSet_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(ClockSet_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ClockSet_In, newTime))}, + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + UINT64_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _ClockSetDataAddress (&_ClockSetData) #else #define _ClockSetDataAddress 0 -#endif -#if CC_ClockRateAdjust -#include "ClockRateAdjust_fp.h" -typedef TPM_RC (ClockRateAdjust_Entry)( - ClockRateAdjust_In *in - ); -typedef const struct { - ClockRateAdjust_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_ClockSet + +#if CC_ClockRateAdjust +#include "ClockRateAdjust_fp.h" + +typedef TPM_RC (ClockRateAdjust_Entry)( + ClockRateAdjust_In* in +); + + +typedef const struct +{ + ClockRateAdjust_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } ClockRateAdjust_COMMAND_DESCRIPTOR_t; + ClockRateAdjust_COMMAND_DESCRIPTOR_t _ClockRateAdjustData = { - /* entry */ &TPM2_ClockRateAdjust, - /* inSize */ (UINT16)(sizeof(ClockRateAdjust_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ClockRateAdjust_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ClockRateAdjust_In, rateAdjust))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPM_CLOCK_ADJUST_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_ClockRateAdjust, + /* inSize */ (UINT16)(sizeof(ClockRateAdjust_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(ClockRateAdjust_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ClockRateAdjust_In, rateAdjust))}, + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + TPM_CLOCK_ADJUST_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _ClockRateAdjustDataAddress (&_ClockRateAdjustData) #else #define _ClockRateAdjustDataAddress 0 -#endif -#if CC_GetCapability -#include "GetCapability_fp.h" -typedef TPM_RC (GetCapability_Entry)( - GetCapability_In *in, - GetCapability_Out *out - ); -typedef const struct { - GetCapability_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; +#endif // CC_ClockRateAdjust + +#if CC_GetCapability +#include "GetCapability_fp.h" + +typedef TPM_RC (GetCapability_Entry)( + GetCapability_In* in, + GetCapability_Out* out +); + + +typedef const struct +{ + GetCapability_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; } GetCapability_COMMAND_DESCRIPTOR_t; + GetCapability_COMMAND_DESCRIPTOR_t _GetCapabilityData = { - /* entry */ &TPM2_GetCapability, - /* inSize */ (UINT16)(sizeof(GetCapability_In)), - /* outSize */ (UINT16)(sizeof(GetCapability_Out)), - /* offsetOfTypes */ offsetof(GetCapability_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(GetCapability_In, property)), - (UINT16)(offsetof(GetCapability_In, propertyCount)), - (UINT16)(offsetof(GetCapability_Out, capabilityData))}, - /* types */ {TPM_CAP_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - TPMI_YES_NO_P_MARSHAL, - TPMS_CAPABILITY_DATA_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_GetCapability, + /* inSize */ (UINT16)(sizeof(GetCapability_In)), + /* outSize */ (UINT16)(sizeof(GetCapability_Out)), + /* offsetOfTypes */ offsetof(GetCapability_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(GetCapability_In, property)), + (UINT16)(offsetof(GetCapability_In, propertyCount)), + (UINT16)(offsetof(GetCapability_Out, capabilityData))}, + /* types */ {TPM_CAP_P_UNMARSHAL, + UINT32_P_UNMARSHAL, + UINT32_P_UNMARSHAL, + END_OF_LIST, + TPMI_YES_NO_P_MARSHAL, + TPMS_CAPABILITY_DATA_P_MARSHAL, + END_OF_LIST} }; + #define _GetCapabilityDataAddress (&_GetCapabilityData) #else #define _GetCapabilityDataAddress 0 -#endif -#if CC_TestParms -#include "TestParms_fp.h" -typedef TPM_RC (TestParms_Entry)( - TestParms_In *in - ); -typedef const struct { - TestParms_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[3]; +#endif // CC_GetCapability + +#if CC_TestParms +#include "TestParms_fp.h" + +typedef TPM_RC (TestParms_Entry)( + TestParms_In* in +); + + +typedef const struct +{ + TestParms_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[3]; } TestParms_COMMAND_DESCRIPTOR_t; + TestParms_COMMAND_DESCRIPTOR_t _TestParmsData = { - /* entry */ &TPM2_TestParms, - /* inSize */ (UINT16)(sizeof(TestParms_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(TestParms_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMT_PUBLIC_PARMS_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_TestParms, + /* inSize */ (UINT16)(sizeof(TestParms_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(TestParms_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMT_PUBLIC_PARMS_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _TestParmsDataAddress (&_TestParmsData) #else #define _TestParmsDataAddress 0 -#endif -#if CC_NV_DefineSpace -#include "NV_DefineSpace_fp.h" -typedef TPM_RC (NV_DefineSpace_Entry)( - NV_DefineSpace_In *in - ); -typedef const struct { - NV_DefineSpace_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; +#endif // CC_TestParms + +#if CC_NV_DefineSpace +#include "NV_DefineSpace_fp.h" + +typedef TPM_RC (NV_DefineSpace_Entry)( + NV_DefineSpace_In* in +); + + +typedef const struct +{ + NV_DefineSpace_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; } NV_DefineSpace_COMMAND_DESCRIPTOR_t; + NV_DefineSpace_COMMAND_DESCRIPTOR_t _NV_DefineSpaceData = { - /* entry */ &TPM2_NV_DefineSpace, - /* inSize */ (UINT16)(sizeof(NV_DefineSpace_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_DefineSpace_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_DefineSpace_In, auth)), - (UINT16)(offsetof(NV_DefineSpace_In, publicInfo))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - TPM2B_NV_PUBLIC_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_NV_DefineSpace, + /* inSize */ (UINT16)(sizeof(NV_DefineSpace_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_DefineSpace_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_DefineSpace_In, auth)), + (UINT16)(offsetof(NV_DefineSpace_In, publicInfo))}, + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + TPM2B_AUTH_P_UNMARSHAL, + TPM2B_NV_PUBLIC_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _NV_DefineSpaceDataAddress (&_NV_DefineSpaceData) #else #define _NV_DefineSpaceDataAddress 0 -#endif -#if CC_NV_UndefineSpace -#include "NV_UndefineSpace_fp.h" -typedef TPM_RC (NV_UndefineSpace_Entry)( - NV_UndefineSpace_In *in - ); -typedef const struct { - NV_UndefineSpace_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_NV_DefineSpace + +#if CC_NV_UndefineSpace +#include "NV_UndefineSpace_fp.h" + +typedef TPM_RC (NV_UndefineSpace_Entry)( + NV_UndefineSpace_In* in +); + + +typedef const struct +{ + NV_UndefineSpace_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } NV_UndefineSpace_COMMAND_DESCRIPTOR_t; + NV_UndefineSpace_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceData = { - /* entry */ &TPM2_NV_UndefineSpace, - /* inSize */ (UINT16)(sizeof(NV_UndefineSpace_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_UndefineSpace_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_UndefineSpace_In, nvIndex))}, - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_NV_UndefineSpace, + /* inSize */ (UINT16)(sizeof(NV_UndefineSpace_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_UndefineSpace_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_UndefineSpace_In, nvIndex))}, + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _NV_UndefineSpaceDataAddress (&_NV_UndefineSpaceData) #else #define _NV_UndefineSpaceDataAddress 0 -#endif -#if CC_NV_UndefineSpaceSpecial -#include "NV_UndefineSpaceSpecial_fp.h" -typedef TPM_RC (NV_UndefineSpaceSpecial_Entry)( - NV_UndefineSpaceSpecial_In *in - ); -typedef const struct { - NV_UndefineSpaceSpecial_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_NV_UndefineSpace + +#if CC_NV_UndefineSpaceSpecial +#include "NV_UndefineSpaceSpecial_fp.h" + +typedef TPM_RC (NV_UndefineSpaceSpecial_Entry)( + NV_UndefineSpaceSpecial_In* in +); + + +typedef const struct +{ + NV_UndefineSpaceSpecial_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t; + NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceSpecialData = { - /* entry */ &TPM2_NV_UndefineSpaceSpecial, - /* inSize */ (UINT16)(sizeof(NV_UndefineSpaceSpecial_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_UndefineSpaceSpecial_In, platform))}, - /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPMI_RH_PLATFORM_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_NV_UndefineSpaceSpecial, + /* inSize */ (UINT16)(sizeof(NV_UndefineSpaceSpecial_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_UndefineSpaceSpecial_In, platform))}, + /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPMI_RH_PLATFORM_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _NV_UndefineSpaceSpecialDataAddress (&_NV_UndefineSpaceSpecialData) #else #define _NV_UndefineSpaceSpecialDataAddress 0 -#endif -#if CC_NV_ReadPublic -#include "NV_ReadPublic_fp.h" -typedef TPM_RC (NV_ReadPublic_Entry)( - NV_ReadPublic_In *in, - NV_ReadPublic_Out *out - ); -typedef const struct { - NV_ReadPublic_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[5]; +#endif // CC_NV_UndefineSpaceSpecial + +#if CC_NV_ReadPublic +#include "NV_ReadPublic_fp.h" + +typedef TPM_RC (NV_ReadPublic_Entry)( + NV_ReadPublic_In* in, + NV_ReadPublic_Out* out +); + + +typedef const struct +{ + NV_ReadPublic_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[5]; } NV_ReadPublic_COMMAND_DESCRIPTOR_t; + NV_ReadPublic_COMMAND_DESCRIPTOR_t _NV_ReadPublicData = { - /* entry */ &TPM2_NV_ReadPublic, - /* inSize */ (UINT16)(sizeof(NV_ReadPublic_In)), - /* outSize */ (UINT16)(sizeof(NV_ReadPublic_Out)), - /* offsetOfTypes */ offsetof(NV_ReadPublic_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_ReadPublic_Out, nvName))}, - /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - TPM2B_NV_PUBLIC_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_NV_ReadPublic, + /* inSize */ (UINT16)(sizeof(NV_ReadPublic_In)), + /* outSize */ (UINT16)(sizeof(NV_ReadPublic_Out)), + /* offsetOfTypes */ offsetof(NV_ReadPublic_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_ReadPublic_Out, nvName))}, + /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, + END_OF_LIST, + TPM2B_NV_PUBLIC_P_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} }; + #define _NV_ReadPublicDataAddress (&_NV_ReadPublicData) #else #define _NV_ReadPublicDataAddress 0 -#endif -#if CC_NV_Write -#include "NV_Write_fp.h" -typedef TPM_RC (NV_Write_Entry)( - NV_Write_In *in - ); -typedef const struct { - NV_Write_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[6]; +#endif // CC_NV_ReadPublic + +#if CC_NV_Write +#include "NV_Write_fp.h" + +typedef TPM_RC (NV_Write_Entry)( + NV_Write_In* in +); + + +typedef const struct +{ + NV_Write_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[6]; } NV_Write_COMMAND_DESCRIPTOR_t; + NV_Write_COMMAND_DESCRIPTOR_t _NV_WriteData = { - /* entry */ &TPM2_NV_Write, - /* inSize */ (UINT16)(sizeof(NV_Write_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_Write_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Write_In, nvIndex)), - (UINT16)(offsetof(NV_Write_In, data)), - (UINT16)(offsetof(NV_Write_In, offset))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPM2B_MAX_NV_BUFFER_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_NV_Write, + /* inSize */ (UINT16)(sizeof(NV_Write_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_Write_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_Write_In, nvIndex)), + (UINT16)(offsetof(NV_Write_In, data)), + (UINT16)(offsetof(NV_Write_In, offset))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPM2B_MAX_NV_BUFFER_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _NV_WriteDataAddress (&_NV_WriteData) #else #define _NV_WriteDataAddress 0 -#endif -#if CC_NV_Increment -#include "NV_Increment_fp.h" -typedef TPM_RC (NV_Increment_Entry)( - NV_Increment_In *in - ); -typedef const struct { - NV_Increment_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_NV_Write + +#if CC_NV_Increment +#include "NV_Increment_fp.h" + +typedef TPM_RC (NV_Increment_Entry)( + NV_Increment_In* in +); + + +typedef const struct +{ + NV_Increment_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } NV_Increment_COMMAND_DESCRIPTOR_t; + NV_Increment_COMMAND_DESCRIPTOR_t _NV_IncrementData = { - /* entry */ &TPM2_NV_Increment, - /* inSize */ (UINT16)(sizeof(NV_Increment_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_Increment_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Increment_In, nvIndex))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_NV_Increment, + /* inSize */ (UINT16)(sizeof(NV_Increment_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_Increment_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_Increment_In, nvIndex))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _NV_IncrementDataAddress (&_NV_IncrementData) #else #define _NV_IncrementDataAddress 0 -#endif -#if CC_NV_Extend -#include "NV_Extend_fp.h" -typedef TPM_RC (NV_Extend_Entry)( - NV_Extend_In *in - ); -typedef const struct { - NV_Extend_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; +#endif // CC_NV_Increment + +#if CC_NV_Extend +#include "NV_Extend_fp.h" + +typedef TPM_RC (NV_Extend_Entry)( + NV_Extend_In* in +); + + +typedef const struct +{ + NV_Extend_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; } NV_Extend_COMMAND_DESCRIPTOR_t; + NV_Extend_COMMAND_DESCRIPTOR_t _NV_ExtendData = { - /* entry */ &TPM2_NV_Extend, - /* inSize */ (UINT16)(sizeof(NV_Extend_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_Extend_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Extend_In, nvIndex)), - (UINT16)(offsetof(NV_Extend_In, data))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPM2B_MAX_NV_BUFFER_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_NV_Extend, + /* inSize */ (UINT16)(sizeof(NV_Extend_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_Extend_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_Extend_In, nvIndex)), + (UINT16)(offsetof(NV_Extend_In, data))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPM2B_MAX_NV_BUFFER_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _NV_ExtendDataAddress (&_NV_ExtendData) #else #define _NV_ExtendDataAddress 0 -#endif -#if CC_NV_SetBits -#include "NV_SetBits_fp.h" -typedef TPM_RC (NV_SetBits_Entry)( - NV_SetBits_In *in - ); -typedef const struct { - NV_SetBits_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[2]; - BYTE types[5]; +#endif // CC_NV_Extend + +#if CC_NV_SetBits +#include "NV_SetBits_fp.h" + +typedef TPM_RC (NV_SetBits_Entry)( + NV_SetBits_In* in +); + + +typedef const struct +{ + NV_SetBits_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[2]; + BYTE types[5]; } NV_SetBits_COMMAND_DESCRIPTOR_t; + NV_SetBits_COMMAND_DESCRIPTOR_t _NV_SetBitsData = { - /* entry */ &TPM2_NV_SetBits, - /* inSize */ (UINT16)(sizeof(NV_SetBits_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_SetBits_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_SetBits_In, nvIndex)), - (UINT16)(offsetof(NV_SetBits_In, bits))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - UINT64_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_NV_SetBits, + /* inSize */ (UINT16)(sizeof(NV_SetBits_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_SetBits_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_SetBits_In, nvIndex)), + (UINT16)(offsetof(NV_SetBits_In, bits))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + UINT64_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _NV_SetBitsDataAddress (&_NV_SetBitsData) #else #define _NV_SetBitsDataAddress 0 -#endif -#if CC_NV_WriteLock -#include "NV_WriteLock_fp.h" -typedef TPM_RC (NV_WriteLock_Entry)( - NV_WriteLock_In *in - ); -typedef const struct { - NV_WriteLock_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_NV_SetBits + +#if CC_NV_WriteLock +#include "NV_WriteLock_fp.h" + +typedef TPM_RC (NV_WriteLock_Entry)( + NV_WriteLock_In* in +); + + +typedef const struct +{ + NV_WriteLock_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } NV_WriteLock_COMMAND_DESCRIPTOR_t; + NV_WriteLock_COMMAND_DESCRIPTOR_t _NV_WriteLockData = { - /* entry */ &TPM2_NV_WriteLock, - /* inSize */ (UINT16)(sizeof(NV_WriteLock_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_WriteLock_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_WriteLock_In, nvIndex))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_NV_WriteLock, + /* inSize */ (UINT16)(sizeof(NV_WriteLock_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_WriteLock_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_WriteLock_In, nvIndex))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _NV_WriteLockDataAddress (&_NV_WriteLockData) #else #define _NV_WriteLockDataAddress 0 -#endif -#if CC_NV_GlobalWriteLock -#include "NV_GlobalWriteLock_fp.h" -typedef TPM_RC (NV_GlobalWriteLock_Entry)( - NV_GlobalWriteLock_In *in - ); -typedef const struct { +#endif // CC_NV_WriteLock + +#if CC_NV_GlobalWriteLock +#include "NV_GlobalWriteLock_fp.h" + +typedef TPM_RC (NV_GlobalWriteLock_Entry)( + NV_GlobalWriteLock_In* in +); + + +typedef const struct +{ NV_GlobalWriteLock_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t; + NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t _NV_GlobalWriteLockData = { - /* entry */ &TPM2_NV_GlobalWriteLock, - /* inSize */ (UINT16)(sizeof(NV_GlobalWriteLock_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_NV_GlobalWriteLock, + /* inSize */ (UINT16)(sizeof(NV_GlobalWriteLock_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _NV_GlobalWriteLockDataAddress (&_NV_GlobalWriteLockData) #else #define _NV_GlobalWriteLockDataAddress 0 -#endif -#if CC_NV_Read -#include "NV_Read_fp.h" -typedef TPM_RC (NV_Read_Entry)( - NV_Read_In *in, - NV_Read_Out *out - ); -typedef const struct { - NV_Read_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; +#endif // CC_NV_GlobalWriteLock + +#if CC_NV_Read +#include "NV_Read_fp.h" + +typedef TPM_RC (NV_Read_Entry)( + NV_Read_In* in, + NV_Read_Out* out +); + + +typedef const struct +{ + NV_Read_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; } NV_Read_COMMAND_DESCRIPTOR_t; + NV_Read_COMMAND_DESCRIPTOR_t _NV_ReadData = { - /* entry */ &TPM2_NV_Read, - /* inSize */ (UINT16)(sizeof(NV_Read_In)), - /* outSize */ (UINT16)(sizeof(NV_Read_Out)), - /* offsetOfTypes */ offsetof(NV_Read_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Read_In, nvIndex)), - (UINT16)(offsetof(NV_Read_In, size)), - (UINT16)(offsetof(NV_Read_In, offset))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - UINT16_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - END_OF_LIST, - TPM2B_MAX_NV_BUFFER_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_NV_Read, + /* inSize */ (UINT16)(sizeof(NV_Read_In)), + /* outSize */ (UINT16)(sizeof(NV_Read_Out)), + /* offsetOfTypes */ offsetof(NV_Read_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_Read_In, nvIndex)), + (UINT16)(offsetof(NV_Read_In, size)), + (UINT16)(offsetof(NV_Read_In, offset))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + UINT16_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + END_OF_LIST, + TPM2B_MAX_NV_BUFFER_P_MARSHAL, + END_OF_LIST} }; + #define _NV_ReadDataAddress (&_NV_ReadData) #else #define _NV_ReadDataAddress 0 -#endif -#if CC_NV_ReadLock -#include "NV_ReadLock_fp.h" -typedef TPM_RC (NV_ReadLock_Entry)( - NV_ReadLock_In *in - ); -typedef const struct { - NV_ReadLock_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_NV_Read + +#if CC_NV_ReadLock +#include "NV_ReadLock_fp.h" + +typedef TPM_RC (NV_ReadLock_Entry)( + NV_ReadLock_In* in +); + + +typedef const struct +{ + NV_ReadLock_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } NV_ReadLock_COMMAND_DESCRIPTOR_t; + NV_ReadLock_COMMAND_DESCRIPTOR_t _NV_ReadLockData = { - /* entry */ &TPM2_NV_ReadLock, - /* inSize */ (UINT16)(sizeof(NV_ReadLock_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_ReadLock_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_ReadLock_In, nvIndex))}, - /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_NV_ReadLock, + /* inSize */ (UINT16)(sizeof(NV_ReadLock_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_ReadLock_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_ReadLock_In, nvIndex))}, + /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _NV_ReadLockDataAddress (&_NV_ReadLockData) #else #define _NV_ReadLockDataAddress 0 -#endif -#if CC_NV_ChangeAuth -#include "NV_ChangeAuth_fp.h" -typedef TPM_RC (NV_ChangeAuth_Entry)( - NV_ChangeAuth_In *in - ); -typedef const struct { - NV_ChangeAuth_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#endif // CC_NV_ReadLock + +#if CC_NV_ChangeAuth +#include "NV_ChangeAuth_fp.h" + +typedef TPM_RC (NV_ChangeAuth_Entry)( + NV_ChangeAuth_In* in +); + + +typedef const struct +{ + NV_ChangeAuth_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } NV_ChangeAuth_COMMAND_DESCRIPTOR_t; + NV_ChangeAuth_COMMAND_DESCRIPTOR_t _NV_ChangeAuthData = { - /* entry */ &TPM2_NV_ChangeAuth, - /* inSize */ (UINT16)(sizeof(NV_ChangeAuth_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(NV_ChangeAuth_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_ChangeAuth_In, newAuth))}, - /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_NV_ChangeAuth, + /* inSize */ (UINT16)(sizeof(NV_ChangeAuth_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(NV_ChangeAuth_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_ChangeAuth_In, newAuth))}, + /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPM2B_AUTH_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _NV_ChangeAuthDataAddress (&_NV_ChangeAuthData) #else #define _NV_ChangeAuthDataAddress 0 -#endif -#if CC_NV_Certify -#include "NV_Certify_fp.h" -typedef TPM_RC (NV_Certify_Entry)( - NV_Certify_In *in, - NV_Certify_Out *out - ); -typedef const struct { - NV_Certify_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[7]; - BYTE types[11]; +#endif // CC_NV_ChangeAuth + +#if CC_NV_Certify +#include "NV_Certify_fp.h" + +typedef TPM_RC (NV_Certify_Entry)( + NV_Certify_In* in, + NV_Certify_Out* out +); + + +typedef const struct +{ + NV_Certify_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[7]; + BYTE types[11]; } NV_Certify_COMMAND_DESCRIPTOR_t; + NV_Certify_COMMAND_DESCRIPTOR_t _NV_CertifyData = { - /* entry */ &TPM2_NV_Certify, - /* inSize */ (UINT16)(sizeof(NV_Certify_In)), - /* outSize */ (UINT16)(sizeof(NV_Certify_Out)), - /* offsetOfTypes */ offsetof(NV_Certify_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(NV_Certify_In, authHandle)), - (UINT16)(offsetof(NV_Certify_In, nvIndex)), - (UINT16)(offsetof(NV_Certify_In, qualifyingData)), - (UINT16)(offsetof(NV_Certify_In, inScheme)), - (UINT16)(offsetof(NV_Certify_In, size)), - (UINT16)(offsetof(NV_Certify_In, offset)), - (UINT16)(offsetof(NV_Certify_Out, signature))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, - TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_NV_INDEX_H_UNMARSHAL, - TPM2B_DATA_P_UNMARSHAL, - TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, - UINT16_P_UNMARSHAL, - UINT16_P_UNMARSHAL, - END_OF_LIST, - TPM2B_ATTEST_P_MARSHAL, - TPMT_SIGNATURE_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_NV_Certify, + /* inSize */ (UINT16)(sizeof(NV_Certify_In)), + /* outSize */ (UINT16)(sizeof(NV_Certify_Out)), + /* offsetOfTypes */ offsetof(NV_Certify_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(NV_Certify_In, authHandle)), + (UINT16)(offsetof(NV_Certify_In, nvIndex)), + (UINT16)(offsetof(NV_Certify_In, qualifyingData)), + (UINT16)(offsetof(NV_Certify_In, inScheme)), + (UINT16)(offsetof(NV_Certify_In, size)), + (UINT16)(offsetof(NV_Certify_In, offset)), + (UINT16)(offsetof(NV_Certify_Out, signature))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, + TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_NV_INDEX_H_UNMARSHAL, + TPM2B_DATA_P_UNMARSHAL, + TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, + UINT16_P_UNMARSHAL, + UINT16_P_UNMARSHAL, + END_OF_LIST, + TPM2B_ATTEST_P_MARSHAL, + TPMT_SIGNATURE_P_MARSHAL, + END_OF_LIST} }; + #define _NV_CertifyDataAddress (&_NV_CertifyData) #else #define _NV_CertifyDataAddress 0 -#endif +#endif // CC_NV_Certify #if CC_NV_DefineSpace2 #include "NV_DefineSpace2_fp.h" typedef TPM_RC (NV_DefineSpace2_Entry)( - NV_DefineSpace2_In* in - ); + NV_DefineSpace2_In* in +); + typedef const struct { @@ -4168,12 +4975,12 @@ NV_DefineSpace2_COMMAND_DESCRIPTOR_t _NV_DefineSpace2Data = { /* outSize */ 0, /* offsetOfTypes */ offsetof(NV_DefineSpace2_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_DefineSpace2_In, auth)), - (UINT16)(offsetof(NV_DefineSpace2_In, publicInfo))}, + (UINT16)(offsetof(NV_DefineSpace2_In, publicInfo))}, /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, - TPM2B_AUTH_P_UNMARSHAL, - TPM2B_NV_PUBLIC_2_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + TPM2B_AUTH_P_UNMARSHAL, + TPM2B_NV_PUBLIC_2_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; #define _NV_DefineSpace2DataAddress (&_NV_DefineSpace2Data) @@ -4185,9 +4992,9 @@ NV_DefineSpace2_COMMAND_DESCRIPTOR_t _NV_DefineSpace2Data = { #include "NV_ReadPublic2_fp.h" typedef TPM_RC (NV_ReadPublic2_Entry)( - NV_ReadPublic2_In* in, - NV_ReadPublic2_Out* out - ); + NV_ReadPublic2_In* in, + NV_ReadPublic2_Out* out +); typedef const struct @@ -4207,10 +5014,10 @@ NV_ReadPublic2_COMMAND_DESCRIPTOR_t _NV_ReadPublic2Data = { /* offsetOfTypes */ offsetof(NV_ReadPublic2_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_ReadPublic2_Out, nvName))}, /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, - END_OF_LIST, - TPM2B_NV_PUBLIC_2_P_MARSHAL, - TPM2B_NAME_P_MARSHAL, - END_OF_LIST} + END_OF_LIST, + TPM2B_NV_PUBLIC_2_P_MARSHAL, + TPM2B_NAME_P_MARSHAL, + END_OF_LIST} }; #define _NV_ReadPublic2DataAddress (&_NV_ReadPublic2Data) @@ -4222,8 +5029,8 @@ NV_ReadPublic2_COMMAND_DESCRIPTOR_t _NV_ReadPublic2Data = { #include "SetCapability_fp.h" typedef TPM_RC (SetCapability_Entry)( - SetCapability_In* in - ); + SetCapability_In* in +); typedef const struct { @@ -4242,9 +5049,9 @@ SetCapability_COMMAND_DESCRIPTOR_t _SetCapabilityData = { /* offsetOfTypes */ offsetof(SetCapability_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(SetCapability_In, setCapabilityData))}, /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL, - TPM2B_SET_CAPABILITY_DATA_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + TPM2B_SET_CAPABILITY_DATA_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; #define _SetCapabilityDataAddress (&_SetCapabilityData) @@ -4287,542 +5094,570 @@ AC_GetCapability_COMMAND_DESCRIPTOR_t _AC_GetCapabilityData = { #define _AC_GetCapabilityDataAddress 0 #endif -#if CC_AC_Send -#include "AC_Send_fp.h" -typedef TPM_RC (AC_Send_Entry)( - AC_Send_In *in, - AC_Send_Out *out - ); -typedef const struct { - AC_Send_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[3]; - BYTE types[7]; +#if CC_AC_Send +#include "AC_Send_fp.h" + +typedef TPM_RC (AC_Send_Entry)( + AC_Send_In* in, + AC_Send_Out* out +); + + +typedef const struct +{ + AC_Send_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[3]; + BYTE types[7]; } AC_Send_COMMAND_DESCRIPTOR_t; + AC_Send_COMMAND_DESCRIPTOR_t _AC_SendData = { - /* entry */ &TPM2_AC_Send, - /* inSize */ (UINT16)(sizeof(AC_Send_In)), - /* outSize */ (UINT16)(sizeof(AC_Send_Out)), - /* offsetOfTypes */ offsetof(AC_Send_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(AC_Send_In, authHandle)), - (UINT16)(offsetof(AC_Send_In, ac)), - (UINT16)(offsetof(AC_Send_In, acDataIn))}, - /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, - TPMI_RH_NV_AUTH_H_UNMARSHAL, - TPMI_RH_AC_H_UNMARSHAL, - TPM2B_MAX_BUFFER_P_UNMARSHAL, - END_OF_LIST, - TPMS_AC_OUTPUT_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_AC_Send, + /* inSize */ (UINT16)(sizeof(AC_Send_In)), + /* outSize */ (UINT16)(sizeof(AC_Send_Out)), + /* offsetOfTypes */ offsetof(AC_Send_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(AC_Send_In, authHandle)), + (UINT16)(offsetof(AC_Send_In, ac)), + (UINT16)(offsetof(AC_Send_In, acDataIn))}, + /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, + TPMI_RH_NV_AUTH_H_UNMARSHAL, + TPMI_RH_AC_H_UNMARSHAL, + TPM2B_MAX_BUFFER_P_UNMARSHAL, + END_OF_LIST, + TPMS_AC_OUTPUT_P_MARSHAL, + END_OF_LIST} }; + #define _AC_SendDataAddress (&_AC_SendData) #else #define _AC_SendDataAddress 0 -#endif +#endif // CC_AC_Send -#if CC_Policy_AC_SendSelect -#include "Policy_AC_SendSelect_fp.h" -typedef TPM_RC (Policy_AC_SendSelect_Entry)( - Policy_AC_SendSelect_In *in - ); -typedef const struct { - Policy_AC_SendSelect_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[4]; - BYTE types[7]; +#if CC_Policy_AC_SendSelect +#include "Policy_AC_SendSelect_fp.h" + +typedef TPM_RC (Policy_AC_SendSelect_Entry)( + Policy_AC_SendSelect_In* in +); + + +typedef const struct +{ + Policy_AC_SendSelect_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[4]; + BYTE types[7]; } Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t; + Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t _Policy_AC_SendSelectData = { - /* entry */ &TPM2_Policy_AC_SendSelect, - /* inSize */ (UINT16)(sizeof(Policy_AC_SendSelect_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(Policy_AC_SendSelect_In, objectName)), - (UINT16)(offsetof(Policy_AC_SendSelect_In, authHandleName)), - (UINT16)(offsetof(Policy_AC_SendSelect_In, acName)), - (UINT16)(offsetof(Policy_AC_SendSelect_In, includeObject))}, - /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPM2B_NAME_P_UNMARSHAL, - TPMI_YES_NO_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_Policy_AC_SendSelect, + /* inSize */ (UINT16)(sizeof(Policy_AC_SendSelect_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(Policy_AC_SendSelect_In, objectName)), + (UINT16)(offsetof(Policy_AC_SendSelect_In, authHandleName)), + (UINT16)(offsetof(Policy_AC_SendSelect_In, acName)), + (UINT16)(offsetof(Policy_AC_SendSelect_In, includeObject))}, + /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPM2B_NAME_P_UNMARSHAL, + TPMI_YES_NO_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _Policy_AC_SendSelectDataAddress (&_Policy_AC_SendSelectData) #else #define _Policy_AC_SendSelectDataAddress 0 -#endif +#endif // CC_Policy_AC_SendSelect -#if CC_ACT_SetTimeout -#include "ACT_SetTimeout_fp.h" -typedef TPM_RC (ACT_SetTimeout_Entry)( - ACT_SetTimeout_In *in - ); -typedef const struct { - ACT_SetTimeout_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - UINT16 paramOffsets[1]; - BYTE types[4]; +#if CC_ACT_SetTimeout +#include "ACT_SetTimeout_fp.h" + +typedef TPM_RC (ACT_SetTimeout_Entry)( + ACT_SetTimeout_In* in +); + + +typedef const struct +{ + ACT_SetTimeout_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + UINT16 paramOffsets[1]; + BYTE types[4]; } ACT_SetTimeout_COMMAND_DESCRIPTOR_t; + ACT_SetTimeout_COMMAND_DESCRIPTOR_t _ACT_SetTimeoutData = { - /* entry */ &TPM2_ACT_SetTimeout, - /* inSize */ (UINT16)(sizeof(ACT_SetTimeout_In)), - /* outSize */ 0, - /* offsetOfTypes */ offsetof(ACT_SetTimeout_COMMAND_DESCRIPTOR_t, types), - /* offsets */ {(UINT16)(offsetof(ACT_SetTimeout_In, startTimeout))}, - /* types */ {TPMI_RH_ACT_H_UNMARSHAL, - UINT32_P_UNMARSHAL, - END_OF_LIST, - END_OF_LIST} + /* entry */ &TPM2_ACT_SetTimeout, + /* inSize */ (UINT16)(sizeof(ACT_SetTimeout_In)), + /* outSize */ 0, + /* offsetOfTypes */ offsetof(ACT_SetTimeout_COMMAND_DESCRIPTOR_t, types), + /* offsets */ {(UINT16)(offsetof(ACT_SetTimeout_In, startTimeout))}, + /* types */ {TPMI_RH_ACT_H_UNMARSHAL, + UINT32_P_UNMARSHAL, + END_OF_LIST, + END_OF_LIST} }; + #define _ACT_SetTimeoutDataAddress (&_ACT_SetTimeoutData) #else #define _ACT_SetTimeoutDataAddress 0 #endif // CC_ACT_SetTimeout -#if CC_Vendor_TCG_Test -#include "Vendor_TCG_Test_fp.h" -typedef TPM_RC (Vendor_TCG_Test_Entry)( - Vendor_TCG_Test_In *in, - Vendor_TCG_Test_Out *out - ); -typedef const struct { - Vendor_TCG_Test_Entry *entry; - UINT16 inSize; - UINT16 outSize; - UINT16 offsetOfTypes; - BYTE types[4]; +#if CC_Vendor_TCG_Test +#include "Vendor_TCG_Test_fp.h" + +typedef TPM_RC (Vendor_TCG_Test_Entry)( + Vendor_TCG_Test_In* in, + Vendor_TCG_Test_Out* out +); + + +typedef const struct +{ + Vendor_TCG_Test_Entry *entry; + UINT16 inSize; + UINT16 outSize; + UINT16 offsetOfTypes; + BYTE types[4]; } Vendor_TCG_Test_COMMAND_DESCRIPTOR_t; + Vendor_TCG_Test_COMMAND_DESCRIPTOR_t _Vendor_TCG_TestData = { - /* entry */ &TPM2_Vendor_TCG_Test, - /* inSize */ (UINT16)(sizeof(Vendor_TCG_Test_In)), - /* outSize */ (UINT16)(sizeof(Vendor_TCG_Test_Out)), - /* offsetOfTypes */ offsetof(Vendor_TCG_Test_COMMAND_DESCRIPTOR_t, types), - /* offsets */ // No parameter offsets - /* types */ {TPM2B_DATA_P_UNMARSHAL, - END_OF_LIST, - TPM2B_DATA_P_MARSHAL, - END_OF_LIST} + /* entry */ &TPM2_Vendor_TCG_Test, + /* inSize */ (UINT16)(sizeof(Vendor_TCG_Test_In)), + /* outSize */ (UINT16)(sizeof(Vendor_TCG_Test_Out)), + /* offsetOfTypes */ offsetof(Vendor_TCG_Test_COMMAND_DESCRIPTOR_t, types), + /* offsets */ // No parameter offsets + /* types */ {TPM2B_DATA_P_UNMARSHAL, + END_OF_LIST, + TPM2B_DATA_P_MARSHAL, + END_OF_LIST} }; + #define _Vendor_TCG_TestDataAddress (&_Vendor_TCG_TestData) #else #define _Vendor_TCG_TestDataAddress 0 -#endif +#endif // CC_Vendor_TCG_Test -COMMAND_DESCRIPTOR_t *s_CommandDataArray[] = { + +// Lookup table to access the per-command tables above + +COMMAND_DESCRIPTOR_t* s_CommandDataArray[] = { #if (PAD_LIST || CC_NV_UndefineSpaceSpecial) - (COMMAND_DESCRIPTOR_t *)_NV_UndefineSpaceSpecialDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_UndefineSpaceSpecialDataAddress, +#endif // CC_NV_UndefineSpaceSpecial #if (PAD_LIST || CC_EvictControl) - (COMMAND_DESCRIPTOR_t *)_EvictControlDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_EvictControlDataAddress, +#endif // CC_EvictControl #if (PAD_LIST || CC_HierarchyControl) - (COMMAND_DESCRIPTOR_t *)_HierarchyControlDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_HierarchyControlDataAddress, +#endif // CC_HierarchyControl #if (PAD_LIST || CC_NV_UndefineSpace) - (COMMAND_DESCRIPTOR_t *)_NV_UndefineSpaceDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_UndefineSpaceDataAddress, +#endif // CC_NV_UndefineSpace #if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif + (COMMAND_DESCRIPTOR_t*)0, +#endif // #if (PAD_LIST || CC_ChangeEPS) - (COMMAND_DESCRIPTOR_t *)_ChangeEPSDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ChangeEPSDataAddress, +#endif // CC_ChangeEPS #if (PAD_LIST || CC_ChangePPS) - (COMMAND_DESCRIPTOR_t *)_ChangePPSDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ChangePPSDataAddress, +#endif // CC_ChangePPS #if (PAD_LIST || CC_Clear) - (COMMAND_DESCRIPTOR_t *)_ClearDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ClearDataAddress, +#endif // CC_Clear #if (PAD_LIST || CC_ClearControl) - (COMMAND_DESCRIPTOR_t *)_ClearControlDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ClearControlDataAddress, +#endif // CC_ClearControl #if (PAD_LIST || CC_ClockSet) - (COMMAND_DESCRIPTOR_t *)_ClockSetDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ClockSetDataAddress, +#endif // CC_ClockSet #if (PAD_LIST || CC_HierarchyChangeAuth) - (COMMAND_DESCRIPTOR_t *)_HierarchyChangeAuthDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_HierarchyChangeAuthDataAddress, +#endif // CC_HierarchyChangeAuth #if (PAD_LIST || CC_NV_DefineSpace) - (COMMAND_DESCRIPTOR_t *)_NV_DefineSpaceDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_DefineSpaceDataAddress, +#endif // CC_NV_DefineSpace #if (PAD_LIST || CC_PCR_Allocate) - (COMMAND_DESCRIPTOR_t *)_PCR_AllocateDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PCR_AllocateDataAddress, +#endif // CC_PCR_Allocate #if (PAD_LIST || CC_PCR_SetAuthPolicy) - (COMMAND_DESCRIPTOR_t *)_PCR_SetAuthPolicyDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PCR_SetAuthPolicyDataAddress, +#endif // CC_PCR_SetAuthPolicy #if (PAD_LIST || CC_PP_Commands) - (COMMAND_DESCRIPTOR_t *)_PP_CommandsDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PP_CommandsDataAddress, +#endif // CC_PP_Commands #if (PAD_LIST || CC_SetPrimaryPolicy) - (COMMAND_DESCRIPTOR_t *)_SetPrimaryPolicyDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_SetPrimaryPolicyDataAddress, +#endif // CC_SetPrimaryPolicy #if (PAD_LIST || CC_FieldUpgradeStart) - (COMMAND_DESCRIPTOR_t *)_FieldUpgradeStartDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_FieldUpgradeStartDataAddress, +#endif // CC_FieldUpgradeStart #if (PAD_LIST || CC_ClockRateAdjust) - (COMMAND_DESCRIPTOR_t *)_ClockRateAdjustDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ClockRateAdjustDataAddress, +#endif // CC_ClockRateAdjust #if (PAD_LIST || CC_CreatePrimary) - (COMMAND_DESCRIPTOR_t *)_CreatePrimaryDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_CreatePrimaryDataAddress, +#endif // CC_CreatePrimary #if (PAD_LIST || CC_NV_GlobalWriteLock) - (COMMAND_DESCRIPTOR_t *)_NV_GlobalWriteLockDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_GlobalWriteLockDataAddress, +#endif // CC_NV_GlobalWriteLock #if (PAD_LIST || CC_GetCommandAuditDigest) - (COMMAND_DESCRIPTOR_t *)_GetCommandAuditDigestDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_GetCommandAuditDigestDataAddress, +#endif // CC_GetCommandAuditDigest #if (PAD_LIST || CC_NV_Increment) - (COMMAND_DESCRIPTOR_t *)_NV_IncrementDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_IncrementDataAddress, +#endif // CC_NV_Increment #if (PAD_LIST || CC_NV_SetBits) - (COMMAND_DESCRIPTOR_t *)_NV_SetBitsDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_SetBitsDataAddress, +#endif // CC_NV_SetBits #if (PAD_LIST || CC_NV_Extend) - (COMMAND_DESCRIPTOR_t *)_NV_ExtendDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_ExtendDataAddress, +#endif // CC_NV_Extend #if (PAD_LIST || CC_NV_Write) - (COMMAND_DESCRIPTOR_t *)_NV_WriteDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_WriteDataAddress, +#endif // CC_NV_Write #if (PAD_LIST || CC_NV_WriteLock) - (COMMAND_DESCRIPTOR_t *)_NV_WriteLockDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_WriteLockDataAddress, +#endif // CC_NV_WriteLock #if (PAD_LIST || CC_DictionaryAttackLockReset) - (COMMAND_DESCRIPTOR_t *)_DictionaryAttackLockResetDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_DictionaryAttackLockResetDataAddress, +#endif // CC_DictionaryAttackLockReset #if (PAD_LIST || CC_DictionaryAttackParameters) - (COMMAND_DESCRIPTOR_t *)_DictionaryAttackParametersDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_DictionaryAttackParametersDataAddress, +#endif // CC_DictionaryAttackParameters #if (PAD_LIST || CC_NV_ChangeAuth) - (COMMAND_DESCRIPTOR_t *)_NV_ChangeAuthDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_ChangeAuthDataAddress, +#endif // CC_NV_ChangeAuth #if (PAD_LIST || CC_PCR_Event) - (COMMAND_DESCRIPTOR_t *)_PCR_EventDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PCR_EventDataAddress, +#endif // CC_PCR_Event #if (PAD_LIST || CC_PCR_Reset) - (COMMAND_DESCRIPTOR_t *)_PCR_ResetDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PCR_ResetDataAddress, +#endif // CC_PCR_Reset #if (PAD_LIST || CC_SequenceComplete) - (COMMAND_DESCRIPTOR_t *)_SequenceCompleteDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_SequenceCompleteDataAddress, +#endif // CC_SequenceComplete #if (PAD_LIST || CC_SetAlgorithmSet) - (COMMAND_DESCRIPTOR_t *)_SetAlgorithmSetDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_SetAlgorithmSetDataAddress, +#endif // CC_SetAlgorithmSet #if (PAD_LIST || CC_SetCommandCodeAuditStatus) - (COMMAND_DESCRIPTOR_t *)_SetCommandCodeAuditStatusDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_SetCommandCodeAuditStatusDataAddress, +#endif // CC_SetCommandCodeAuditStatus #if (PAD_LIST || CC_FieldUpgradeData) - (COMMAND_DESCRIPTOR_t *)_FieldUpgradeDataDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_FieldUpgradeDataDataAddress, +#endif // CC_FieldUpgradeData #if (PAD_LIST || CC_IncrementalSelfTest) - (COMMAND_DESCRIPTOR_t *)_IncrementalSelfTestDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_IncrementalSelfTestDataAddress, +#endif // CC_IncrementalSelfTest #if (PAD_LIST || CC_SelfTest) - (COMMAND_DESCRIPTOR_t *)_SelfTestDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_SelfTestDataAddress, +#endif // CC_SelfTest #if (PAD_LIST || CC_Startup) - (COMMAND_DESCRIPTOR_t *)_StartupDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_StartupDataAddress, +#endif // CC_Startup #if (PAD_LIST || CC_Shutdown) - (COMMAND_DESCRIPTOR_t *)_ShutdownDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ShutdownDataAddress, +#endif // CC_Shutdown #if (PAD_LIST || CC_StirRandom) - (COMMAND_DESCRIPTOR_t *)_StirRandomDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_StirRandomDataAddress, +#endif // CC_StirRandom #if (PAD_LIST || CC_ActivateCredential) - (COMMAND_DESCRIPTOR_t *)_ActivateCredentialDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ActivateCredentialDataAddress, +#endif // CC_ActivateCredential #if (PAD_LIST || CC_Certify) - (COMMAND_DESCRIPTOR_t *)_CertifyDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_CertifyDataAddress, +#endif // CC_Certify #if (PAD_LIST || CC_PolicyNV) - (COMMAND_DESCRIPTOR_t *)_PolicyNVDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyNVDataAddress, +#endif // CC_PolicyNV #if (PAD_LIST || CC_CertifyCreation) - (COMMAND_DESCRIPTOR_t *)_CertifyCreationDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_CertifyCreationDataAddress, +#endif // CC_CertifyCreation #if (PAD_LIST || CC_Duplicate) - (COMMAND_DESCRIPTOR_t *)_DuplicateDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_DuplicateDataAddress, +#endif // CC_Duplicate #if (PAD_LIST || CC_GetTime) - (COMMAND_DESCRIPTOR_t *)_GetTimeDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_GetTimeDataAddress, +#endif // CC_GetTime #if (PAD_LIST || CC_GetSessionAuditDigest) - (COMMAND_DESCRIPTOR_t *)_GetSessionAuditDigestDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_GetSessionAuditDigestDataAddress, +#endif // CC_GetSessionAuditDigest #if (PAD_LIST || CC_NV_Read) - (COMMAND_DESCRIPTOR_t *)_NV_ReadDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_ReadDataAddress, +#endif // CC_NV_Read #if (PAD_LIST || CC_NV_ReadLock) - (COMMAND_DESCRIPTOR_t *)_NV_ReadLockDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_ReadLockDataAddress, +#endif // CC_NV_ReadLock #if (PAD_LIST || CC_ObjectChangeAuth) - (COMMAND_DESCRIPTOR_t *)_ObjectChangeAuthDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ObjectChangeAuthDataAddress, +#endif // CC_ObjectChangeAuth #if (PAD_LIST || CC_PolicySecret) - (COMMAND_DESCRIPTOR_t *)_PolicySecretDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicySecretDataAddress, +#endif // CC_PolicySecret #if (PAD_LIST || CC_Rewrap) - (COMMAND_DESCRIPTOR_t *)_RewrapDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_RewrapDataAddress, +#endif // CC_Rewrap #if (PAD_LIST || CC_Create) - (COMMAND_DESCRIPTOR_t *)_CreateDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_CreateDataAddress, +#endif // CC_Create #if (PAD_LIST || CC_ECDH_ZGen) - (COMMAND_DESCRIPTOR_t *)_ECDH_ZGenDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ECDH_ZGenDataAddress, +#endif // CC_ECDH_ZGen #if (PAD_LIST || (CC_HMAC || CC_MAC)) -# if CC_HMAC - (COMMAND_DESCRIPTOR_t *)_HMACDataAddress, -# endif -# if CC_MAC - (COMMAND_DESCRIPTOR_t *)_MACDataAddress, -# endif +# if CC_HMAC + (COMMAND_DESCRIPTOR_t*)_HMACDataAddress, +# endif +# if CC_MAC + (COMMAND_DESCRIPTOR_t*)_MACDataAddress, +# endif # if (CC_HMAC || CC_MAC) > 1 # error "More than one aliased command defined" # endif -#endif // CC_HMAC CC_MAC +#endif // (CC_HMAC || CC_MAC) #if (PAD_LIST || CC_Import) - (COMMAND_DESCRIPTOR_t *)_ImportDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ImportDataAddress, +#endif // CC_Import #if (PAD_LIST || CC_Load) - (COMMAND_DESCRIPTOR_t *)_LoadDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_LoadDataAddress, +#endif // CC_Load #if (PAD_LIST || CC_Quote) - (COMMAND_DESCRIPTOR_t *)_QuoteDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_QuoteDataAddress, +#endif // CC_Quote #if (PAD_LIST || CC_RSA_Decrypt) - (COMMAND_DESCRIPTOR_t *)_RSA_DecryptDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_RSA_DecryptDataAddress, +#endif // CC_RSA_Decrypt #if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif + (COMMAND_DESCRIPTOR_t*)0, +#endif // #if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) -# if CC_HMAC_Start - (COMMAND_DESCRIPTOR_t *)_HMAC_StartDataAddress, -# endif -# if CC_MAC_Start - (COMMAND_DESCRIPTOR_t *)_MAC_StartDataAddress, -# endif -# if (CC_HMAC_Start || CC_MAC_Start) > 1 +# if CC_HMAC_Start + (COMMAND_DESCRIPTOR_t*)_HMAC_StartDataAddress, +# endif +# if CC_MAC_Start + (COMMAND_DESCRIPTOR_t*)_MAC_StartDataAddress, +# endif +# if (CC_HMAC_Start || CC_MAC_Start) > 1 # error "More than one aliased command defined" # endif -#endif // CC_HMAC_Start CC_MAC_Start +#endif // (CC_HMAC_Start || CC_MAC_Start) #if (PAD_LIST || CC_SequenceUpdate) - (COMMAND_DESCRIPTOR_t *)_SequenceUpdateDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_SequenceUpdateDataAddress, +#endif // CC_SequenceUpdate #if (PAD_LIST || CC_Sign) - (COMMAND_DESCRIPTOR_t *)_SignDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_SignDataAddress, +#endif // CC_Sign #if (PAD_LIST || CC_Unseal) - (COMMAND_DESCRIPTOR_t *)_UnsealDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_UnsealDataAddress, +#endif // CC_Unseal #if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif + (COMMAND_DESCRIPTOR_t*)0, +#endif // #if (PAD_LIST || CC_PolicySigned) - (COMMAND_DESCRIPTOR_t *)_PolicySignedDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicySignedDataAddress, +#endif // CC_PolicySigned #if (PAD_LIST || CC_ContextLoad) - (COMMAND_DESCRIPTOR_t *)_ContextLoadDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ContextLoadDataAddress, +#endif // CC_ContextLoad #if (PAD_LIST || CC_ContextSave) - (COMMAND_DESCRIPTOR_t *)_ContextSaveDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ContextSaveDataAddress, +#endif // CC_ContextSave #if (PAD_LIST || CC_ECDH_KeyGen) - (COMMAND_DESCRIPTOR_t *)_ECDH_KeyGenDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ECDH_KeyGenDataAddress, +#endif // CC_ECDH_KeyGen #if (PAD_LIST || CC_EncryptDecrypt) - (COMMAND_DESCRIPTOR_t *)_EncryptDecryptDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_EncryptDecryptDataAddress, +#endif // CC_EncryptDecrypt #if (PAD_LIST || CC_FlushContext) - (COMMAND_DESCRIPTOR_t *)_FlushContextDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_FlushContextDataAddress, +#endif // CC_FlushContext #if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif + (COMMAND_DESCRIPTOR_t*)0, +#endif // #if (PAD_LIST || CC_LoadExternal) - (COMMAND_DESCRIPTOR_t *)_LoadExternalDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_LoadExternalDataAddress, +#endif // CC_LoadExternal #if (PAD_LIST || CC_MakeCredential) - (COMMAND_DESCRIPTOR_t *)_MakeCredentialDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_MakeCredentialDataAddress, +#endif // CC_MakeCredential #if (PAD_LIST || CC_NV_ReadPublic) - (COMMAND_DESCRIPTOR_t *)_NV_ReadPublicDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_ReadPublicDataAddress, +#endif // CC_NV_ReadPublic #if (PAD_LIST || CC_PolicyAuthorize) - (COMMAND_DESCRIPTOR_t *)_PolicyAuthorizeDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyAuthorizeDataAddress, +#endif // CC_PolicyAuthorize #if (PAD_LIST || CC_PolicyAuthValue) - (COMMAND_DESCRIPTOR_t *)_PolicyAuthValueDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyAuthValueDataAddress, +#endif // CC_PolicyAuthValue #if (PAD_LIST || CC_PolicyCommandCode) - (COMMAND_DESCRIPTOR_t *)_PolicyCommandCodeDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyCommandCodeDataAddress, +#endif // CC_PolicyCommandCode #if (PAD_LIST || CC_PolicyCounterTimer) - (COMMAND_DESCRIPTOR_t *)_PolicyCounterTimerDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyCounterTimerDataAddress, +#endif // CC_PolicyCounterTimer #if (PAD_LIST || CC_PolicyCpHash) - (COMMAND_DESCRIPTOR_t *)_PolicyCpHashDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyCpHashDataAddress, +#endif // CC_PolicyCpHash #if (PAD_LIST || CC_PolicyLocality) - (COMMAND_DESCRIPTOR_t *)_PolicyLocalityDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyLocalityDataAddress, +#endif // CC_PolicyLocality #if (PAD_LIST || CC_PolicyNameHash) - (COMMAND_DESCRIPTOR_t *)_PolicyNameHashDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyNameHashDataAddress, +#endif // CC_PolicyNameHash #if (PAD_LIST || CC_PolicyOR) - (COMMAND_DESCRIPTOR_t *)_PolicyORDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyORDataAddress, +#endif // CC_PolicyOR #if (PAD_LIST || CC_PolicyTicket) - (COMMAND_DESCRIPTOR_t *)_PolicyTicketDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyTicketDataAddress, +#endif // CC_PolicyTicket #if (PAD_LIST || CC_ReadPublic) - (COMMAND_DESCRIPTOR_t *)_ReadPublicDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ReadPublicDataAddress, +#endif // CC_ReadPublic #if (PAD_LIST || CC_RSA_Encrypt) - (COMMAND_DESCRIPTOR_t *)_RSA_EncryptDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_RSA_EncryptDataAddress, +#endif // CC_RSA_Encrypt #if (PAD_LIST) - (COMMAND_DESCRIPTOR_t *)0, -#endif + (COMMAND_DESCRIPTOR_t*)0, +#endif // #if (PAD_LIST || CC_StartAuthSession) - (COMMAND_DESCRIPTOR_t *)_StartAuthSessionDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_StartAuthSessionDataAddress, +#endif // CC_StartAuthSession #if (PAD_LIST || CC_VerifySignature) - (COMMAND_DESCRIPTOR_t *)_VerifySignatureDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_VerifySignatureDataAddress, +#endif // CC_VerifySignature #if (PAD_LIST || CC_ECC_Parameters) - (COMMAND_DESCRIPTOR_t *)_ECC_ParametersDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ECC_ParametersDataAddress, +#endif // CC_ECC_Parameters #if (PAD_LIST || CC_FirmwareRead) - (COMMAND_DESCRIPTOR_t *)_FirmwareReadDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_FirmwareReadDataAddress, +#endif // CC_FirmwareRead #if (PAD_LIST || CC_GetCapability) - (COMMAND_DESCRIPTOR_t *)_GetCapabilityDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_GetCapabilityDataAddress, +#endif // CC_GetCapability #if (PAD_LIST || CC_GetRandom) - (COMMAND_DESCRIPTOR_t *)_GetRandomDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_GetRandomDataAddress, +#endif // CC_GetRandom #if (PAD_LIST || CC_GetTestResult) - (COMMAND_DESCRIPTOR_t *)_GetTestResultDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_GetTestResultDataAddress, +#endif // CC_GetTestResult #if (PAD_LIST || CC_Hash) - (COMMAND_DESCRIPTOR_t *)_HashDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_HashDataAddress, +#endif // CC_Hash #if (PAD_LIST || CC_PCR_Read) - (COMMAND_DESCRIPTOR_t *)_PCR_ReadDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PCR_ReadDataAddress, +#endif // CC_PCR_Read #if (PAD_LIST || CC_PolicyPCR) - (COMMAND_DESCRIPTOR_t *)_PolicyPCRDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyPCRDataAddress, +#endif // CC_PolicyPCR #if (PAD_LIST || CC_PolicyRestart) - (COMMAND_DESCRIPTOR_t *)_PolicyRestartDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyRestartDataAddress, +#endif // CC_PolicyRestart #if (PAD_LIST || CC_ReadClock) - (COMMAND_DESCRIPTOR_t *)_ReadClockDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ReadClockDataAddress, +#endif // CC_ReadClock #if (PAD_LIST || CC_PCR_Extend) - (COMMAND_DESCRIPTOR_t *)_PCR_ExtendDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PCR_ExtendDataAddress, +#endif // CC_PCR_Extend #if (PAD_LIST || CC_PCR_SetAuthValue) - (COMMAND_DESCRIPTOR_t *)_PCR_SetAuthValueDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PCR_SetAuthValueDataAddress, +#endif // CC_PCR_SetAuthValue #if (PAD_LIST || CC_NV_Certify) - (COMMAND_DESCRIPTOR_t *)_NV_CertifyDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_NV_CertifyDataAddress, +#endif // CC_NV_Certify #if (PAD_LIST || CC_EventSequenceComplete) - (COMMAND_DESCRIPTOR_t *)_EventSequenceCompleteDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_EventSequenceCompleteDataAddress, +#endif // CC_EventSequenceComplete #if (PAD_LIST || CC_HashSequenceStart) - (COMMAND_DESCRIPTOR_t *)_HashSequenceStartDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_HashSequenceStartDataAddress, +#endif // CC_HashSequenceStart #if (PAD_LIST || CC_PolicyPhysicalPresence) - (COMMAND_DESCRIPTOR_t *)_PolicyPhysicalPresenceDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyPhysicalPresenceDataAddress, +#endif // CC_PolicyPhysicalPresence #if (PAD_LIST || CC_PolicyDuplicationSelect) - (COMMAND_DESCRIPTOR_t *)_PolicyDuplicationSelectDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyDuplicationSelectDataAddress, +#endif // CC_PolicyDuplicationSelect #if (PAD_LIST || CC_PolicyGetDigest) - (COMMAND_DESCRIPTOR_t *)_PolicyGetDigestDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyGetDigestDataAddress, +#endif // CC_PolicyGetDigest #if (PAD_LIST || CC_TestParms) - (COMMAND_DESCRIPTOR_t *)_TestParmsDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_TestParmsDataAddress, +#endif // CC_TestParms #if (PAD_LIST || CC_Commit) - (COMMAND_DESCRIPTOR_t *)_CommitDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_CommitDataAddress, +#endif // CC_Commit #if (PAD_LIST || CC_PolicyPassword) - (COMMAND_DESCRIPTOR_t *)_PolicyPasswordDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyPasswordDataAddress, +#endif // CC_PolicyPassword #if (PAD_LIST || CC_ZGen_2Phase) - (COMMAND_DESCRIPTOR_t *)_ZGen_2PhaseDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_ZGen_2PhaseDataAddress, +#endif // CC_ZGen_2Phase #if (PAD_LIST || CC_EC_Ephemeral) - (COMMAND_DESCRIPTOR_t *)_EC_EphemeralDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_EC_EphemeralDataAddress, +#endif // CC_EC_Ephemeral #if (PAD_LIST || CC_PolicyNvWritten) - (COMMAND_DESCRIPTOR_t *)_PolicyNvWrittenDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyNvWrittenDataAddress, +#endif // CC_PolicyNvWritten #if (PAD_LIST || CC_PolicyTemplate) - (COMMAND_DESCRIPTOR_t *)_PolicyTemplateDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyTemplateDataAddress, +#endif // CC_PolicyTemplate #if (PAD_LIST || CC_CreateLoaded) - (COMMAND_DESCRIPTOR_t *)_CreateLoadedDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_CreateLoadedDataAddress, +#endif // CC_CreateLoaded #if (PAD_LIST || CC_PolicyAuthorizeNV) - (COMMAND_DESCRIPTOR_t *)_PolicyAuthorizeNVDataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_PolicyAuthorizeNVDataAddress, +#endif // CC_PolicyAuthorizeNV #if (PAD_LIST || CC_EncryptDecrypt2) - (COMMAND_DESCRIPTOR_t *)_EncryptDecrypt2DataAddress, -#endif + (COMMAND_DESCRIPTOR_t*)_EncryptDecrypt2DataAddress, +#endif // CC_EncryptDecrypt2 #if (PAD_LIST || CC_AC_GetCapability) - (COMMAND_DESCRIPTOR_t *)_AC_GetCapabilityDataAddress, + (COMMAND_DESCRIPTOR_t*)_AC_GetCapabilityDataAddress, #endif // CC_AC_GetCapability #if (PAD_LIST || CC_AC_Send) - (COMMAND_DESCRIPTOR_t *)_AC_SendDataAddress, + (COMMAND_DESCRIPTOR_t*)_AC_SendDataAddress, #endif // CC_AC_Send #if (PAD_LIST || CC_Policy_AC_SendSelect) - (COMMAND_DESCRIPTOR_t *)_Policy_AC_SendSelectDataAddress, + (COMMAND_DESCRIPTOR_t*)_Policy_AC_SendSelectDataAddress, #endif // CC_Policy_AC_SendSelect #if (PAD_LIST || CC_CertifyX509) - (COMMAND_DESCRIPTOR_t *)_CertifyX509DataAddress, + (COMMAND_DESCRIPTOR_t*)_CertifyX509DataAddress, #endif // CC_CertifyX509 #if (PAD_LIST || CC_ACT_SetTimeout) - (COMMAND_DESCRIPTOR_t *)_ACT_SetTimeoutDataAddress, + (COMMAND_DESCRIPTOR_t*)_ACT_SetTimeoutDataAddress, #endif // CC_ACT_SetTimeout #if (PAD_LIST || CC_ECC_Encrypt) - (COMMAND_DESCRIPTOR_t *)_ECC_EncryptDataAddress, + (COMMAND_DESCRIPTOR_t*)_ECC_EncryptDataAddress, #endif // CC_ECC_Encrypt #if (PAD_LIST || CC_ECC_Decrypt) - (COMMAND_DESCRIPTOR_t *)_ECC_DecryptDataAddress, + (COMMAND_DESCRIPTOR_t*)_ECC_DecryptDataAddress, #endif // CC_ECC_Decrypt #if (PAD_LIST || CC_PolicyCapability) - (COMMAND_DESCRIPTOR_t*)_PolicyCapabilityDataAddress, + (COMMAND_DESCRIPTOR_t*)_PolicyCapabilityDataAddress, #endif // CC_PolicyCapability #if (PAD_LIST || CC_PolicyParameters) - (COMMAND_DESCRIPTOR_t*)_PolicyParametersDataAddress, + (COMMAND_DESCRIPTOR_t*)_PolicyParametersDataAddress, #endif // CC_PolicyParameters #if (PAD_LIST || CC_NV_DefineSpace2) - (COMMAND_DESCRIPTOR_t*)_NV_DefineSpace2DataAddress, + (COMMAND_DESCRIPTOR_t*)_NV_DefineSpace2DataAddress, #endif // CC_NV_DefineSpace2 #if (PAD_LIST || CC_NV_ReadPublic2) - (COMMAND_DESCRIPTOR_t*)_NV_ReadPublic2DataAddress, + (COMMAND_DESCRIPTOR_t*)_NV_ReadPublic2DataAddress, #endif // CC_NV_ReadPublic2 #if (PAD_LIST || CC_SetCapability) - (COMMAND_DESCRIPTOR_t*)_SetCapabilityDataAddress, + (COMMAND_DESCRIPTOR_t*)_SetCapabilityDataAddress, #endif // CC_SetCapability #if (PAD_LIST || CC_Vendor_TCG_Test) - (COMMAND_DESCRIPTOR_t *)_Vendor_TCG_TestDataAddress, -#endif - 0 + (COMMAND_DESCRIPTOR_t*)_Vendor_TCG_TestDataAddress, +#endif // CC_Vendor_TCG_Test + + 0 }; -#endif // _COMMAND_TABLE_DISPATCH_ +#endif // _COMMAND_TABLE_DISPATCH_ diff --git a/src/tpm2/CommandDispatcher.c b/src/tpm2/CommandDispatcher.c index c0464b95..d4af851d 100644 --- a/src/tpm2/CommandDispatcher.c +++ b/src/tpm2/CommandDispatcher.c @@ -59,350 +59,424 @@ /* */ /********************************************************************************/ -/* 6.3 CommandDispatcher.c */ -/* CommandDispatcher() performs the following operations: */ -/* * unmarshals command parameters from the input buffer; */ -/* NOTE Unlike other unmarshaling functions, parmBufferStart does not advance. parmBufferSize Is - reduced. */ -/* * invokes the function that performs the command actions; */ -/* * marshals the returned handles, if any; and */ -/* * marshals the returned parameters, if any, into the output buffer putting in the - * parameterSize field if authorization sessions are present. */ -/* NOTE 1 The output buffer is the return from the MemoryGetResponseBuffer() function. It includes - the header, handles, response parameters, and authorization area. respParmSize is the response - parameter size, and does not include the header, handles, or authorization area. */ -/* NOTE 2 The reference implementation is permitted to do compare operations over a union as a byte - array. Therefore, the command parameter in structure must be initialized (e.g., zeroed) before - unmarshaling so that the compare operation is valid in cases where some bytes are unused. */ -/* 6.3.1.1 Includes and Typedefs */ +//* Includes and Typedefs #include "Tpm.h" // #include "Marshal.h" kgold #if TABLE_DRIVEN_DISPATCH -typedef TPM_RC(NoFlagFunction)(void *target, BYTE **buffer, INT32 *size); -typedef TPM_RC(FlagFunction)(void *target, BYTE **buffer, INT32 *size, BOOL flag); -typedef FlagFunction *UNMARSHAL_t; -typedef INT16(MarshalFunction)(void *source, BYTE **buffer, INT32 *size); -typedef MarshalFunction *MARSHAL_t; + +typedef TPM_RC(NoFlagFunction)(void* target, BYTE** buffer, INT32* size); +typedef TPM_RC(FlagFunction)(void* target, BYTE** buffer, INT32* size, BOOL flag); + +typedef FlagFunction* UNMARSHAL_t; + +typedef INT16(MarshalFunction)(void* source, BYTE** buffer, INT32* size); +typedef MarshalFunction* MARSHAL_t; + typedef TPM_RC(COMMAND_NO_ARGS)(void); -typedef TPM_RC(COMMAND_IN_ARG)(void *in); -typedef TPM_RC(COMMAND_OUT_ARG)(void *out); -typedef TPM_RC(COMMAND_INOUT_ARG)(void *in, void *out); -typedef union +typedef TPM_RC(COMMAND_IN_ARG)(void* in); +typedef TPM_RC(COMMAND_OUT_ARG)(void* out); +typedef TPM_RC(COMMAND_INOUT_ARG)(void* in, void* out); + +typedef union COMMAND_t { - COMMAND_NO_ARGS *noArgs; - COMMAND_IN_ARG *inArg; - COMMAND_OUT_ARG *outArg; - COMMAND_INOUT_ARG *inOutArg; + COMMAND_NO_ARGS* noArgs; + COMMAND_IN_ARG* inArg; + COMMAND_OUT_ARG* outArg; + COMMAND_INOUT_ARG* inOutArg; } COMMAND_t; -typedef struct + +// This structure is used by ParseHandleBuffer() and CommandDispatcher(). The +// parameters in this structure are unique for each command. The parameters are: +// command holds the address of the command processing function that is called +// by Command Dispatcher +// inSize This is the size of the command-dependent input structure. The +// input structure holds the unmarshaled handles and command +// parameters. If the command takes no arguments (handles or +// parameters) then inSize will have a value of 0. +// outSize This is the size of the command-dependent output structure. The +// output structure holds the results of the command in an unmarshaled +// form. When command processing is completed, these values are +// marshaled into the output buffer. It is always the case that the +// unmarshaled version of an output structure is larger then the +// marshaled version. This is because the marshaled version contains +// the exact same number of significant bytes but with padding removed. +// typesOffsets This parameter points to the list of data types that are to be +// marshaled or unmarshaled. The list of types follows the 'offsets' +// array. The offsets array is variable sized so the typesOffset filed +// is necessary for the handle and command processing to be able to +// find the types that are being handled. The 'offsets' array may be +// empty. The 'types' structure is described below. +// offsets This is an array of offsets of each of the parameters in the +// command or response. When processing the command parameters (not +// handles) the list contains the offset of the next parameter. For +// example, if the first command parameter has a size of 4 and there is +// a second command parameter, then the offset would be 4, indicating +// that the second parameter starts at 4. If the second parameter has +// a size of 8, and there is a third parameter, then the second entry +// in offsets is 12 (4 for the first parameter and 8 for the second). +// An offset value of 0 in the list indicates the start of the response +// parameter list. When CommandDispatcher hits this value, it will stop +// unmarshaling the parameters and call 'command'. If a command has no +// response parameters and only one command parameter, then offsets can +// be an empty list. + +typedef struct COMMAND_DESCRIPTOR_t { - COMMAND_t command; // Address of the command - UINT16 inSize; // Maximum size of the input structure - UINT16 outSize; // Maximum size of the output structure - UINT16 typesOffset; // address of the types field - UINT16 offsets[1]; + COMMAND_t command; // Address of the command + UINT16 inSize; // Maximum size of the input structure + UINT16 outSize; // Maximum size of the output structure + UINT16 typesOffset; // address of the types field + UINT16 offsets[1]; } COMMAND_DESCRIPTOR_t; -#if COMPRESSED_LISTS -# define PAD_LIST 0 + +// The 'types' list is an encoded byte array. The byte value has two parts. The most +// significant bit is used when a parameter takes a flag and indicates if the flag +// should be SET or not. The remaining 7 bits are an index into an array of +// addresses of marshaling and unmarshaling functions. +// The array of functions is divided into 6 sections with a value assigned +// to denote the start of that section (and the end of the previous section). The +// defined offset values for each section are: +// 0 unmarshaling for handles that do not take flags +// HANDLE_FIRST_FLAG_TYPE unmarshaling for handles that take flags +// PARAMETER_FIRST_TYPE unmarshaling for parameters that do not take flags +// PARAMETER_FIRST_FLAG_TYPE unmarshaling for parameters that take flags +// PARAMETER_LAST_TYPE + 1 marshaling for handles +// RESPONSE_PARAMETER_FIRST_TYPE marshaling for parameters +// RESPONSE_PARAMETER_LAST_TYPE is the last value in the list of marshaling and +// unmarshaling functions. +// +// The types list is constructed with a byte of 0xff at the end of the command +// parameters and with an 0xff at the end of the response parameters. + +# if COMPRESSED_LISTS +# define PAD_LIST 0 +# else +# define PAD_LIST 1 +# endif +# define _COMMAND_TABLE_DISPATCH_ +# include "CommandDispatchData.h" + +# define TEST_COMMAND TPM_CC_Startup + +# define NEW_CC + #else -# define PAD_LIST 1 -#endif -#define _COMMAND_TABLE_DISPATCH_ -#include "CommandDispatchData.h" -#define TEST_COMMAND TPM_CC_Startup -#define NEW_CC -#else -#include "Commands.h" + +# include "Commands.h" + #endif -/* 6.3.1.2 Marshal/Unmarshal Functions */ -/* 6.3.1.2.1 ParseHandleBuffer() */ -/* This is the table-driven version of the handle buffer unmarshaling code */ +//* Marshal/Unmarshal Functions +//** ParseHandleBuffer() +// This is the table-driven version of the handle buffer unmarshaling code TPM_RC -ParseHandleBuffer( - COMMAND *command - ) +ParseHandleBuffer(COMMAND* command) { - TPM_RC result; + TPM_RC result; #if TABLE_DRIVEN_DISPATCH - COMMAND_DESCRIPTOR_t *desc; - BYTE *types; - BYTE type; - BYTE dType; + COMMAND_DESCRIPTOR_t* desc; + BYTE* types; + BYTE type; + BYTE dType; + // Make sure that nothing strange has happened - pAssert(command->index - < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *)); + pAssert( + command->index < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t*)); // Get the address of the descriptor for this command desc = s_CommandDataArray[command->index]; + pAssert(desc != NULL); // Get the associated list of unmarshaling data types. - types = &((BYTE *)desc)[desc->typesOffset]; + types = &((BYTE*)desc)[desc->typesOffset]; + // if(s_ccAttr[commandIndex].commandIndex == TEST_COMMAND) // commandIndex = commandIndex; // No handles yet command->handleNum = 0; + // Get the first type value for(type = *types++; - // check each byte to make sure that we have not hit the start - // of the parameters - (dType = (type & 0x7F)) < PARAMETER_FIRST_TYPE; - // get the next type - type = *types++) - { -#if TABLE_DRIVEN_MARSHAL - marshalIndex_t index; - index = unmarshalArray[dType] | ((type & 0x80) ? NULL_FLAG : 0); - result = Unmarshal(index, &(command->handles[command->handleNum]), - &command->parameterBuffer, &command->parameterSize); - -#else + // check each byte to make sure that we have not hit the start + // of the parameters + (dType = (type & 0x7F)) < PARAMETER_FIRST_TYPE; + // get the next type + type = *types++) + { +# if TABLE_DRIVEN_MARSHAL + marshalIndex_t index; + index = unmarshalArray[dType] | ((type & 0x80) ? NULL_FLAG : 0); + result = Unmarshal(index, + &(command->handles[command->handleNum]), + &command->parameterBuffer, + &command->parameterSize); - // See if unmarshaling of this handle type requires a flag - if(dType < HANDLE_FIRST_FLAG_TYPE) - { - // Look up the function to do the unmarshaling - NoFlagFunction *f = (NoFlagFunction *)unmarshalArray[dType]; - // call it - result = f(&(command->handles[command->handleNum]), - &command->parameterBuffer, - &command->parameterSize); - } - else - { - // Look up the function - FlagFunction *f = unmarshalArray[dType]; - // Call it setting the flag to the appropriate value - result = f(&(command->handles[command->handleNum]), - &command->parameterBuffer, - &command->parameterSize, (type & 0x80) != 0); - } -#endif - // Got a handle - // We do this first so that the match for the handle offset of the - // response code works correctly. - command->handleNum += 1; - if(result != TPM_RC_SUCCESS) - // if the unmarshaling failed, return the response code with the - // handle indication set - return result + TPM_RC_H + (command->handleNum * TPM_RC_1); - } +# else + // See if unmarshaling of this handle type requires a flag + if(dType < HANDLE_FIRST_FLAG_TYPE) + { + // Look up the function to do the unmarshaling + NoFlagFunction* f = (NoFlagFunction*)unmarshalArray[dType]; + // call it + result = f(&(command->handles[command->handleNum]), + &command->parameterBuffer, + &command->parameterSize); + } + else + { + // Look up the function + FlagFunction* f = unmarshalArray[dType]; + + // Call it setting the flag to the appropriate value + result = f(&(command->handles[command->handleNum]), + &command->parameterBuffer, + &command->parameterSize, + (type & 0x80) != 0); + } +# endif + + // Got a handle + // We do this first so that the match for the handle offset of the + // response code works correctly. + command->handleNum += 1; + if(result != TPM_RC_SUCCESS) + // if the unmarshaling failed, return the response code with the + // handle indication set + return result + TPM_RC_H + (command->handleNum * TPM_RC_1); + } #else - BYTE **handleBufferStart = &command->parameterBuffer; - INT32 *bufferRemainingSize = &command->parameterSize; - TPM_HANDLE *handles = &command->handles[0]; - UINT32 *handleCount = &command->handleNum; - *handleCount = 0; + BYTE** handleBufferStart = &command->parameterBuffer; + INT32* bufferRemainingSize = &command->parameterSize; + TPM_HANDLE* handles = &command->handles[0]; + UINT32* handleCount = &command->handleNum; + *handleCount = 0; switch(command->code) - { -#include "HandleProcess.h" -#undef handles - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } + { +# include "HandleProcess.h" +# undef handles + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } #endif return TPM_RC_SUCCESS; } -/* 6.3.1.2.2 CommandDispatcher() */ -/* Function to unmarshal the command parameters, call the selected action code, and marshal the - response parameters. */ - +//** CommandDispatcher() +// Function to unmarshal the command parameters, call the selected action code, and +// marshal the response parameters. TPM_RC -CommandDispatcher( - COMMAND *command - ) +CommandDispatcher(COMMAND* command) { #if !TABLE_DRIVEN_DISPATCH - TPM_RC result; - BYTE **paramBuffer = &command->parameterBuffer; - INT32 *paramBufferSize = &command->parameterSize; - BYTE **responseBuffer = &command->responseBuffer; - INT32 *respParmSize = &command->parameterSize; - INT32 rSize; - TPM_HANDLE *handles = &command->handles[0]; - - command->handleNum = 0; /* The command-specific code knows how many handles there are. This - is for cataloging the number of response handles */ - MemoryIoBufferAllocationReset(); /* Initialize so that allocation will work properly */ + TPM_RC result; + BYTE** paramBuffer = &command->parameterBuffer; + INT32* paramBufferSize = &command->parameterSize; + BYTE** responseBuffer = &command->responseBuffer; + INT32* respParmSize = &command->parameterSize; + INT32 rSize; + TPM_HANDLE* handles = &command->handles[0]; + // + command->handleNum = 0; // The command-specific code knows how + // many handles there are. This is for + // cataloging the number of response + // handles + MemoryIoBufferAllocationReset(); // Initialize so that allocation will + // work properly switch(GetCommandCode(command->index)) - { -#include "CommandDispatcher.h" - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - Exit: + { +# include "CommandDispatcher.h" + + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } +Exit: MemoryIoBufferZero(); return result; #else - COMMAND_DESCRIPTOR_t *desc; - BYTE *types; - BYTE type; - UINT16 *offsets; - UINT16 offset = 0; - UINT32 maxInSize; - BYTE *commandIn; - INT32 maxOutSize; - BYTE *commandOut; - COMMAND_t cmd; - TPM_HANDLE *handles; - UINT32 hasInParameters = 0; - BOOL hasOutParameters = FALSE; - UINT32 pNum = 0; - BYTE dType; // dispatch type - TPM_RC result; + COMMAND_DESCRIPTOR_t* desc; + BYTE* types; + BYTE type; + UINT16* offsets; + UINT16 offset = 0; + UINT32 maxInSize; + BYTE* commandIn; + INT32 maxOutSize; + BYTE* commandOut; + COMMAND_t cmd; + TPM_HANDLE* handles; + UINT32 hasInParameters = 0; + BOOL hasOutParameters = FALSE; + UINT32 pNum = 0; + BYTE dType; // dispatch type + TPM_RC result; // // Get the address of the descriptor for this command - pAssert(command->index - < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *)); + pAssert( + command->index < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t*)); desc = s_CommandDataArray[command->index]; + // Get the list of parameter types for this command pAssert(desc != NULL); - types = &((BYTE *)desc)[desc->typesOffset]; + types = &((BYTE*)desc)[desc->typesOffset]; + // Get a pointer to the list of parameter offsets offsets = &desc->offsets[0]; // pointer to handles handles = command->handles; + // Get the size required to hold all the unmarshaled parameters for this command maxInSize = desc->inSize; // and the size of the output parameter structure returned by this command maxOutSize = desc->outSize; + MemoryIoBufferAllocationReset(); // Get a buffer for the input parameters commandIn = MemoryGetInBuffer(maxInSize); // And the output parameters - commandOut = (BYTE *)MemoryGetOutBuffer((UINT32)maxOutSize); + commandOut = (BYTE*)MemoryGetOutBuffer((UINT32)maxOutSize); + // Get the address of the action code dispatch cmd = desc->command; + // Copy any handles into the input buffer for(type = *types++; (type & 0x7F) < PARAMETER_FIRST_TYPE; type = *types++) - { - // 'offset' was initialized to zero so the first unmarshaling will always - // be to the start of the data structure - *(TPM_HANDLE *)&(commandIn[offset]) = *handles++; - // This check is used so that we don't have to add an additional offset - // value to the offsets list to correspond to the stop value in the - // command parameter list. - if(*types != 0xFF) - offset = *offsets++; - // maxInSize -= sizeof(TPM_HANDLE); - hasInParameters++; - } + { + // 'offset' was initialized to zero so the first unmarshaling will always + // be to the start of the data structure + *(TPM_HANDLE*)&(commandIn[offset]) = *handles++; + // This check is used so that we don't have to add an additional offset + // value to the offsets list to correspond to the stop value in the + // command parameter list. + if(*types != 0xFF) + offset = *offsets++; + // maxInSize -= sizeof(TPM_HANDLE); + hasInParameters++; + } // Exit loop with type containing the last value read from types // maxInSize has the amount of space remaining in the command action input // buffer. Make sure that we don't have more data to unmarshal than is going to // fit. + // type contains the last value read from types so it is not necessary to // reload it, which is good because *types now points to the next value for(; (dType = (type & 0x7F)) <= PARAMETER_LAST_TYPE; type = *types++) - { - pNum++; -#if TABLE_DRIVEN_MARSHAL - { - marshalIndex_t index = unmarshalArray[dType]; - index |= (type & 0x80) ? NULL_FLAG : 0; - result = Unmarshal(index, &commandIn[offset], &command->parameterBuffer, - &command->parameterSize); - } -#else - if(dType < PARAMETER_FIRST_FLAG_TYPE) - { - NoFlagFunction *f = (NoFlagFunction *)unmarshalArray[dType]; - result = f(&commandIn[offset], &command->parameterBuffer, - &command->parameterSize); - } - else - { - FlagFunction *f = unmarshalArray[dType]; - result = f(&commandIn[offset], &command->parameterBuffer, - &command->parameterSize, - (type & 0x80) != 0); - } -#endif - if(result != TPM_RC_SUCCESS) - { - result += TPM_RC_P + (TPM_RC_1 * pNum); - goto Exit; - } - // This check is used so that we don't have to add an additional offset - // value to the offsets list to correspond to the stop value in the - // command parameter list. - if(*types != 0xFF) - offset = *offsets++; - hasInParameters++; - } + { + pNum++; +# if TABLE_DRIVEN_MARSHAL + { + marshalIndex_t index = unmarshalArray[dType]; + index |= (type & 0x80) ? NULL_FLAG : 0; + result = Unmarshal(index, + &commandIn[offset], + &command->parameterBuffer, + &command->parameterSize); + } +# else + if(dType < PARAMETER_FIRST_FLAG_TYPE) + { + NoFlagFunction* f = (NoFlagFunction*)unmarshalArray[dType]; + result = f(&commandIn[offset], + &command->parameterBuffer, + &command->parameterSize); + } + else + { + FlagFunction* f = unmarshalArray[dType]; + result = f(&commandIn[offset], + &command->parameterBuffer, + &command->parameterSize, + (type & 0x80) != 0); + } +# endif + if(result != TPM_RC_SUCCESS) + { + result += TPM_RC_P + (TPM_RC_1 * pNum); + goto Exit; + } + // This check is used so that we don't have to add an additional offset + // value to the offsets list to correspond to the stop value in the + // command parameter list. + if(*types != 0xFF) + offset = *offsets++; + hasInParameters++; + } // Should have used all the bytes in the input if(command->parameterSize != 0) - { - result = TPM_RC_SIZE; - goto Exit; - } + { + result = TPM_RC_SIZE; + goto Exit; + } + // The command parameter unmarshaling stopped when it hit a value that was out // of range for unmarshaling values and left *types pointing to the first // marshaling type. If that type happens to be the STOP value, then there // are no response parameters. So, set the flag to indicate if there are // output parameters. hasOutParameters = *types != 0xFF; + // There are four cases for calling, with and without input parameters and with // and without output parameters. if(hasInParameters > 0) - { - if(hasOutParameters) - result = cmd.inOutArg(commandIn, commandOut); - else - result = cmd.inArg(commandIn); - } + { + if(hasOutParameters) + result = cmd.inOutArg(commandIn, commandOut); + else + result = cmd.inArg(commandIn); + } else - { - if(hasOutParameters) - result = cmd.outArg(commandOut); - else - result = cmd.noArgs(); - } + { + if(hasOutParameters) + result = cmd.outArg(commandOut); + else + result = cmd.noArgs(); + } if(result != TPM_RC_SUCCESS) - goto Exit; + goto Exit; + // Offset in the marshaled output structure offset = 0; + // Process the return handles, if any command->handleNum = 0; + // Could make this a loop to process output handles but there is only ever // one handle in the outputs (for now). type = *types++; if((dType = (type & 0x7F)) < RESPONSE_PARAMETER_FIRST_TYPE) - { - // The out->handle value was referenced as TPM_HANDLE in the - // action code so it has to be properly aligned. - command->handles[command->handleNum++] = - *((TPM_HANDLE *)&(commandOut[offset])); - maxOutSize -= sizeof(UINT32); - type = *types++; - offset = *offsets++; - } + { + // The out->handle value was referenced as TPM_HANDLE in the + // action code so it has to be properly aligned. + command->handles[command->handleNum++] = + *((TPM_HANDLE*)&(commandOut[offset])); + maxOutSize -= sizeof(UINT32); + type = *types++; + offset = *offsets++; + } // Use the size of the command action output buffer as the maximum for the // number of bytes that can get marshaled. Since the marshaling code has // no pointers to data, all of the data being returned has to be in the // command action output buffer. If we try to marshal more bytes than // could fit into the output buffer, we need to fail. - for(;(dType = (type & 0x7F)) <= RESPONSE_PARAMETER_LAST_TYPE - && !g_inFailureMode; type = *types++) - { -#if TABLE_DRIVEN_MARSHAL - marshalIndex_t index = marshalArray[dType]; - command->parameterSize += Marshal(index, &commandOut[offset], - &command->responseBuffer, - &maxOutSize); -#else - const MARSHAL_t f = marshalArray[dType]; - command->parameterSize += f(&commandOut[offset], &command->responseBuffer, - &maxOutSize); -#endif - offset = *offsets++; - } + for(; (dType = (type & 0x7F)) <= RESPONSE_PARAMETER_LAST_TYPE && !g_inFailureMode; + type = *types++) + { +# if TABLE_DRIVEN_MARSHAL + marshalIndex_t index = marshalArray[dType]; + command->parameterSize += Marshal( + index, &commandOut[offset], &command->responseBuffer, &maxOutSize); +# else + const MARSHAL_t f = marshalArray[dType]; + + command->parameterSize += + f(&commandOut[offset], &command->responseBuffer, &maxOutSize); +# endif + offset = *offsets++; + } result = (maxOutSize < 0) ? TPM_RC_FAILURE : TPM_RC_SUCCESS; - Exit: +Exit: MemoryIoBufferZero(); return result; #endif diff --git a/src/tpm2/CommandDispatcher_fp.h b/src/tpm2/CommandDispatcher_fp.h index 6065ace2..9eec0666 100644 --- a/src/tpm2/CommandDispatcher_fp.h +++ b/src/tpm2/CommandDispatcher_fp.h @@ -59,17 +59,23 @@ /* */ /********************************************************************************/ -#ifndef COMMANDDISPATCHER_FP_H -#define COMMANDDISPATCHER_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 7, 2020 Time: 07:06:44PM + */ +#ifndef _COMMAND_DISPATCHER_FP_H_ +#define _COMMAND_DISPATCHER_FP_H_ + +//** ParseHandleBuffer() +// This is the table-driven version of the handle buffer unmarshaling code TPM_RC -CommandDispatcher( - COMMAND *command - ); +ParseHandleBuffer(COMMAND* command); + +//** CommandDispatcher() +// Function to unmarshal the command parameters, call the selected action code, and +// marshal the response parameters. TPM_RC -ParseHandleBuffer( - COMMAND *command - ); +CommandDispatcher(COMMAND* command); - -#endif +#endif // _COMMAND_DISPATCHER_FP_H_ diff --git a/src/tpm2/Commit_fp.h b/src/tpm2/Commit_fp.h index 6233eaf7..bafb37bf 100644 --- a/src/tpm2/Commit_fp.h +++ b/src/tpm2/Commit_fp.h @@ -59,36 +59,41 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef COMMIT_FP_H -#define COMMIT_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT signHandle; - TPM2B_ECC_POINT P1; - TPM2B_SENSITIVE_DATA s2; - TPM2B_ECC_PARAMETER y2; +#if CC_Commit // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_COMMIT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_COMMIT_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT signHandle; + TPM2B_ECC_POINT P1; + TPM2B_SENSITIVE_DATA s2; + TPM2B_ECC_PARAMETER y2; } Commit_In; -#define RC_Commit_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_Commit_P1 (TPM_RC_P + TPM_RC_1) -#define RC_Commit_s2 (TPM_RC_P + TPM_RC_2) -#define RC_Commit_y2 (TPM_RC_P + TPM_RC_3) - -typedef struct { - TPM2B_ECC_POINT K; - TPM2B_ECC_POINT L; - TPM2B_ECC_POINT E; - UINT16 counter; +// Output structure definition +typedef struct +{ + TPM2B_ECC_POINT K; + TPM2B_ECC_POINT L; + TPM2B_ECC_POINT E; + UINT16 counter; } Commit_Out; +// Response code modifiers +# define RC_Commit_signHandle (TPM_RC_H + TPM_RC_1) +# define RC_Commit_P1 (TPM_RC_P + TPM_RC_1) +# define RC_Commit_s2 (TPM_RC_P + TPM_RC_2) +# define RC_Commit_y2 (TPM_RC_P + TPM_RC_3) + +// Function prototype TPM_RC -TPM2_Commit( - Commit_In *in, // IN: input parameter list - Commit_Out *out // OUT: output parameter list - ); +TPM2_Commit(Commit_In* in, Commit_Out* out); - - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_COMMIT_FP_H_ +#endif // CC_Commit diff --git a/src/tpm2/ContextLoad_fp.h b/src/tpm2/ContextLoad_fp.h index 79e8800d..ec49cd6d 100644 --- a/src/tpm2/ContextLoad_fp.h +++ b/src/tpm2/ContextLoad_fp.h @@ -59,26 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef CONTEXTLOAD_FP_H -#define CONTEXTLOAD_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMS_CONTEXT context; +#if CC_ContextLoad // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CONTEXTLOAD_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CONTEXTLOAD_FP_H_ + +// Input structure definition +typedef struct +{ + TPMS_CONTEXT context; } ContextLoad_In; -#define RC_ContextLoad_context (TPM_RC_P + TPM_RC_1) - -typedef struct { - TPMI_DH_CONTEXT loadedHandle; +// Output structure definition +typedef struct +{ + TPMI_DH_CONTEXT loadedHandle; } ContextLoad_Out; +// Response code modifiers +# define RC_ContextLoad_context (TPM_RC_P + TPM_RC_1) + +// Function prototype TPM_RC -TPM2_ContextLoad( - ContextLoad_In *in, // IN: input parameter list - ContextLoad_Out *out // OUT: output parameter list - ); +TPM2_ContextLoad(ContextLoad_In* in, ContextLoad_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CONTEXTLOAD_FP_H_ +#endif // CC_ContextLoad diff --git a/src/tpm2/ContextSave_fp.h b/src/tpm2/ContextSave_fp.h index 631ee915..1f6dc2ec 100644 --- a/src/tpm2/ContextSave_fp.h +++ b/src/tpm2/ContextSave_fp.h @@ -59,26 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef CONTEXTSAVE_FP_H -#define CONTEXTSAVE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_CONTEXT saveHandle; +#if CC_ContextSave // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CONTEXTSAVE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CONTEXTSAVE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_CONTEXT saveHandle; } ContextSave_In; -#define RC_ContextSave_saveHandle (TPM_RC_P + TPM_RC_1) - -typedef struct { - TPMS_CONTEXT context; +// Output structure definition +typedef struct +{ + TPMS_CONTEXT context; } ContextSave_Out; +// Response code modifiers +# define RC_ContextSave_saveHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype TPM_RC -TPM2_ContextSave( - ContextSave_In *in, // IN: input parameter list - ContextSave_Out *out // OUT: output parameter list - ); +TPM2_ContextSave(ContextSave_In* in, ContextSave_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CONTEXTSAVE_FP_H_ +#endif // CC_ContextSave diff --git a/src/tpm2/Context_spt.c b/src/tpm2/Context_spt.c index ba98a4fc..963d9f88 100644 --- a/src/tpm2/Context_spt.c +++ b/src/tpm2/Context_spt.c @@ -70,18 +70,18 @@ // It is used by TPM2_ConextSave and TPM2_ContextLoad to create the symmetric // encryption key and iv /*(See part 1 specification) - KDFa is used to generate the symmetric encryption key and IV. The parameters - of the call are: - Symkey = KDFa(hashAlg, hProof, vendorString, sequence, handle, bits) - where - hashAlg a vendor-defined hash algorithm - hProof the hierarchy proof as selected by the hierarchy parameter - of the TPMS_CONTEXT - vendorString a value used to differentiate the uses of the KDF - sequence the sequence parameter of the TPMS_CONTEXT - handle the handle parameter of the TPMS_CONTEXT - bits the number of bits needed for a symmetric key and IV for - the context encryption + KDFa is used to generate the symmetric encryption key and IV. The parameters + of the call are: + Symkey = KDFa(hashAlg, hProof, vendorString, sequence, handle, bits) + where + hashAlg a vendor-defined hash algorithm + hProof the hierarchy proof as selected by the hierarchy parameter + of the TPMS_CONTEXT + vendorString a value used to differentiate the uses of the KDF + sequence the sequence parameter of the TPMS_CONTEXT + handle the handle parameter of the TPMS_CONTEXT + bits the number of bits needed for a symmetric key and IV for + the context encryption */ // Return Type: TPM_RC // TPM_RC_FW_LIMITED The requested hierarchy is FW-limited, but the TPM @@ -92,13 +92,13 @@ // failed to derive the Firmware SVN Secret for the // requested SVN. TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context blob - TPM2B_SYM_KEY* symKey, // OUT: the symmetric key - TPM2B_IV* iv // OUT: the IV. - ) + TPM2B_SYM_KEY* symKey, // OUT: the symmetric key + TPM2B_IV* iv // OUT: the IV. +) { TPM_RC result = TPM_RC_SUCCESS; UINT16 symKeyBits; // number of bits in the parent's - // symmetric key + // symmetric key TPM2B_PROOF proof; // the proof value to use BYTE kdfResult[sizeof(TPMU_HA) * 2]; // Value produced by the KDF @@ -124,18 +124,18 @@ TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context b // Get proof value result = HierarchyGetProof(contextBlob->hierarchy, &proof); if(result != TPM_RC_SUCCESS) - return result; + return result; // KDFa to generate symmetric key and IV value CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, - &proof.b, - CONTEXT_KEY, - &sequence2B.b, - &handle2B.b, - (symKey->t.size + iv->t.size) * 8, - kdfResult, - NULL, - FALSE); + &proof.b, + CONTEXT_KEY, + &sequence2B.b, + &handle2B.b, + (symKey->t.size + iv->t.size) * 8, + kdfResult, + NULL, + FALSE); MemorySet(proof.b.buffer, 0, proof.b.size); @@ -155,23 +155,23 @@ TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context b // It is used by TPM2_ContextSave to create an integrity hash // and by TPM2_ContextLoad to compare an integrity hash /*(See part 1 specification) - The HMAC integrity computation for a saved context is: - HMACvendorAlg(hProof, resetValue {|| clearCount} || sequence || handle || - encContext) - where - HMACvendorAlg HMAC using a vendor-defined hash algorithm - hProof the hierarchy proof as selected by the hierarchy - parameter of the TPMS_CONTEXT - resetValue either a counter value that increments on each TPM Reset - and is not reset over the lifetime of the TPM or a random - value that changes on each TPM Reset and has the size of - the digest produced by vendorAlg - clearCount a counter value that is incremented on each TPM Reset - or TPM Restart. This value is only included if the handle - value is 0x80000002. - sequence the sequence parameter of the TPMS_CONTEXT - handle the handle parameter of the TPMS_CONTEXT - encContext the encrypted context blob + The HMAC integrity computation for a saved context is: + HMACvendorAlg(hProof, resetValue {|| clearCount} || sequence || handle || + encContext) + where + HMACvendorAlg HMAC using a vendor-defined hash algorithm + hProof the hierarchy proof as selected by the hierarchy + parameter of the TPMS_CONTEXT + resetValue either a counter value that increments on each TPM Reset + and is not reset over the lifetime of the TPM or a random + value that changes on each TPM Reset and has the size of + the digest produced by vendorAlg + clearCount a counter value that is incremented on each TPM Reset + or TPM Restart. This value is only included if the handle + value is 0x80000002. + sequence the sequence parameter of the TPMS_CONTEXT + handle the handle parameter of the TPMS_CONTEXT + encContext the encrypted context blob */ // Return Type: TPM_RC // TPM_RC_FW_LIMITED The requested hierarchy is FW-limited, but the TPM @@ -182,8 +182,8 @@ TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context b // failed to derive the Firmware SVN Secret for the // requested SVN. TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob - TPM2B_DIGEST* integrity // OUT: integrity - ) + TPM2B_DIGEST* integrity // OUT: integrity +) { TPM_RC result = TPM_RC_SUCCESS; HMAC_STATE hmacState; @@ -193,11 +193,11 @@ TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob // Get proof value result = HierarchyGetProof(contextBlob->hierarchy, &proof); if(result != TPM_RC_SUCCESS) - return result; + return result; // Start HMAC integrity->t.size = - CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof.b); + CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof.b); MemorySet(proof.b.buffer, 0, proof.b.size); @@ -207,28 +207,28 @@ TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob // Adding total reset counter so that the context cannot be // used after a TPM Reset CryptDigestUpdateInt( - &hmacState.hashState, sizeof(gp.totalResetCount), gp.totalResetCount); + &hmacState.hashState, sizeof(gp.totalResetCount), gp.totalResetCount); // If this is a ST_CLEAR object, add the clear count // so that this contest cannot be loaded after a TPM Restart if(contextBlob->savedHandle == 0x80000002) - CryptDigestUpdateInt( - &hmacState.hashState, sizeof(gr.clearCount), gr.clearCount); + CryptDigestUpdateInt( + &hmacState.hashState, sizeof(gr.clearCount), gr.clearCount); // Adding sequence number to the HMAC to make sure that it doesn't // get changed CryptDigestUpdateInt( - &hmacState.hashState, sizeof(contextBlob->sequence), contextBlob->sequence); + &hmacState.hashState, sizeof(contextBlob->sequence), contextBlob->sequence); // Protect the handle CryptDigestUpdateInt(&hmacState.hashState, - sizeof(contextBlob->savedHandle), - contextBlob->savedHandle); + sizeof(contextBlob->savedHandle), + contextBlob->savedHandle); // Adding sensitive contextData, skip the leading integrity area CryptDigestUpdate(&hmacState.hashState, - contextBlob->contextBlob.t.size - integritySize, - contextBlob->contextBlob.t.buffer + integritySize); + contextBlob->contextBlob.t.size - integritySize, + contextBlob->contextBlob.t.buffer + integritySize); // Complete HMAC CryptHmacEnd2B(&hmacState, &integrity->b); @@ -236,7 +236,7 @@ TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob return TPM_RC_SUCCESS; } -#if 0 +#if 0 // libtpms added //*** SequenceDataExport(); // This function is used scan through the sequence object and // either modify the hash state data for export (contextSave) or to @@ -247,21 +247,21 @@ TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob // same size as the internal representation so nothing outsize of the hash context // area gets modified. void SequenceDataExport( - HASH_OBJECT* object, // IN: an internal hash object - HASH_OBJECT_BUFFER* exportObject // OUT: a sequence context in a buffer - ) + HASH_OBJECT* object, // IN: an internal hash object + HASH_OBJECT_BUFFER* exportObject // OUT: a sequence context in a buffer +) { // If the hash object is not an event, then only one hash context is needed int count = (object->attributes.eventSeq) ? HASH_COUNT : 1; for(count--; count >= 0; count--) - { - HASH_STATE* hash = &object->state.hashState[count]; - size_t offset = (BYTE*)hash - (BYTE*)object; - BYTE* exportHash = &((BYTE*)exportObject)[offset]; + { + HASH_STATE* hash = &object->state.hashState[count]; + size_t offset = (BYTE*)hash - (BYTE*)object; + BYTE* exportHash = &((BYTE*)exportObject)[offset]; - CryptHashExportState(hash, (EXPORT_HASH_STATE*)exportHash); - } + CryptHashExportState(hash, (EXPORT_HASH_STATE*)exportHash); + } } //*** SequenceDataImport(); @@ -274,20 +274,20 @@ void SequenceDataExport( // same size as the internal representation so nothing outsize of the hash context // area gets modified. void SequenceDataImport( - HASH_OBJECT* object, // IN/OUT: an internal hash object - HASH_OBJECT_BUFFER* exportObject // IN/OUT: a sequence context in a buffer - ) + HASH_OBJECT* object, // IN/OUT: an internal hash object + HASH_OBJECT_BUFFER* exportObject // IN/OUT: a sequence context in a buffer +) { // If the hash object is not an event, then only one hash context is needed int count = (object->attributes.eventSeq) ? HASH_COUNT : 1; for(count--; count >= 0; count--) - { - HASH_STATE* hash = &object->state.hashState[count]; - size_t offset = (BYTE*)hash - (BYTE*)object; - BYTE* importHash = &((BYTE*)exportObject)[offset]; - // - CryptHashImportState(hash, (EXPORT_HASH_STATE*)importHash); - } + { + HASH_STATE* hash = &object->state.hashState[count]; + size_t offset = (BYTE*)hash - (BYTE*)object; + BYTE* importHash = &((BYTE*)exportObject)[offset]; + // + CryptHashImportState(hash, (EXPORT_HASH_STATE*)importHash); + } } -#endif +#endif // libtpms added diff --git a/src/tpm2/Context_spt_fp.h b/src/tpm2/Context_spt_fp.h index 5b55d063..5b7e892e 100644 --- a/src/tpm2/Context_spt_fp.h +++ b/src/tpm2/Context_spt_fp.h @@ -79,9 +79,9 @@ // failed to derive the Firmware SVN Secret for the // requested SVN. TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context blob - TPM2B_SYM_KEY* symKey, // OUT: the symmetric key - TPM2B_IV* iv // OUT: the IV. - ); + TPM2B_SYM_KEY* symKey, // OUT: the symmetric key + TPM2B_IV* iv // OUT: the IV. +); //*** ComputeContextIntegrity() // Generate the integrity hash for a context @@ -96,8 +96,8 @@ TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context b // failed to derive the Firmware SVN Secret for the // requested SVN. TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob - TPM2B_DIGEST* integrity // OUT: integrity - ); + TPM2B_DIGEST* integrity // OUT: integrity +); //*** SequenceDataExport() // This function is used scan through the sequence object and @@ -109,9 +109,9 @@ TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob // same size as the internal representation so nothing outsize of the hash context // area gets modified. void SequenceDataExport( - HASH_OBJECT* object, // IN: an internal hash object - HASH_OBJECT_BUFFER* exportObject // OUT: a sequence context in a buffer - ); + HASH_OBJECT* object, // IN: an internal hash object + HASH_OBJECT_BUFFER* exportObject // OUT: a sequence context in a buffer +); //*** SequenceDataImport() // This function is used scan through the sequence object and @@ -123,8 +123,8 @@ void SequenceDataExport( // same size as the internal representation so nothing outsize of the hash context // area gets modified. void SequenceDataImport( - HASH_OBJECT* object, // IN/OUT: an internal hash object - HASH_OBJECT_BUFFER* exportObject // IN/OUT: a sequence context in a buffer - ); + HASH_OBJECT* object, // IN/OUT: an internal hash object + HASH_OBJECT_BUFFER* exportObject // IN/OUT: a sequence context in a buffer +); #endif // _CONTEXT_SPT_FP_H_ diff --git a/src/tpm2/CreateLoaded_fp.h b/src/tpm2/CreateLoaded_fp.h index 302e606f..0198c5ba 100644 --- a/src/tpm2/CreateLoaded_fp.h +++ b/src/tpm2/CreateLoaded_fp.h @@ -59,32 +59,39 @@ /* */ /********************************************************************************/ -#ifndef CREATELOADED_FP_H -#define CREATELOADED_FP_H -/* rev 136 */ +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_PARENT parentHandle; - TPM2B_SENSITIVE_CREATE inSensitive; - TPM2B_TEMPLATE inPublic; +#if CC_CreateLoaded // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATELOADED_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATELOADED_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_PARENT parentHandle; + TPM2B_SENSITIVE_CREATE inSensitive; + TPM2B_TEMPLATE inPublic; } CreateLoaded_In; -#define RC_CreateLoaded_parentHandle (TPM_RC_H + TPM_RC_1) -#define RC_CreateLoaded_inSensitive (TPM_RC_P + TPM_RC_1) -#define RC_CreateLoaded_inPublic (TPM_RC_P + TPM_RC_2) - -typedef struct { - TPM_HANDLE objectHandle; - TPM2B_PRIVATE outPrivate; - TPM2B_PUBLIC outPublic; - TPM2B_NAME name; +// Output structure definition +typedef struct +{ + TPM_HANDLE objectHandle; + TPM2B_PRIVATE outPrivate; + TPM2B_PUBLIC outPublic; + TPM2B_NAME name; } CreateLoaded_Out; -TPM_RC -TPM2_CreateLoaded( - CreateLoaded_In *in, // IN: input parameter list - CreateLoaded_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_CreateLoaded_parentHandle (TPM_RC_H + TPM_RC_1) +# define RC_CreateLoaded_inSensitive (TPM_RC_P + TPM_RC_1) +# define RC_CreateLoaded_inPublic (TPM_RC_P + TPM_RC_2) -#endif +// Function prototype +TPM_RC +TPM2_CreateLoaded(CreateLoaded_In* in, CreateLoaded_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATELOADED_FP_H_ +#endif // CC_CreateLoaded diff --git a/src/tpm2/CreatePrimary_fp.h b/src/tpm2/CreatePrimary_fp.h index 724d1bc8..6fcf801a 100644 --- a/src/tpm2/CreatePrimary_fp.h +++ b/src/tpm2/CreatePrimary_fp.h @@ -59,38 +59,45 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef CREATEPRIMARY_FP_H -#define CREATEPRIMARY_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_HIERARCHY primaryHandle; - TPM2B_SENSITIVE_CREATE inSensitive; - TPM2B_PUBLIC inPublic; - TPM2B_DATA outsideInfo; - TPML_PCR_SELECTION creationPCR; +#if CC_CreatePrimary // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATEPRIMARY_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATEPRIMARY_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_HIERARCHY primaryHandle; + TPM2B_SENSITIVE_CREATE inSensitive; + TPM2B_PUBLIC inPublic; + TPM2B_DATA outsideInfo; + TPML_PCR_SELECTION creationPCR; } CreatePrimary_In; -#define RC_CreatePrimary_primaryHandle (TPM_RC_H + TPM_RC_1) -#define RC_CreatePrimary_inSensitive (TPM_RC_P + TPM_RC_1) -#define RC_CreatePrimary_inPublic (TPM_RC_P + TPM_RC_2) -#define RC_CreatePrimary_outsideInfo (TPM_RC_P + TPM_RC_3) -#define RC_CreatePrimary_creationPCR (TPM_RC_P + TPM_RC_4) - -typedef struct { - TPM_HANDLE objectHandle; - TPM2B_PUBLIC outPublic; - TPM2B_CREATION_DATA creationData; - TPM2B_DIGEST creationHash; - TPMT_TK_CREATION creationTicket; - TPM2B_NAME name; +// Output structure definition +typedef struct +{ + TPM_HANDLE objectHandle; + TPM2B_PUBLIC outPublic; + TPM2B_CREATION_DATA creationData; + TPM2B_DIGEST creationHash; + TPMT_TK_CREATION creationTicket; + TPM2B_NAME name; } CreatePrimary_Out; -TPM_RC -TPM2_CreatePrimary( - CreatePrimary_In *in, // IN: input parameter list - CreatePrimary_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_CreatePrimary_primaryHandle (TPM_RC_H + TPM_RC_1) +# define RC_CreatePrimary_inSensitive (TPM_RC_P + TPM_RC_1) +# define RC_CreatePrimary_inPublic (TPM_RC_P + TPM_RC_2) +# define RC_CreatePrimary_outsideInfo (TPM_RC_P + TPM_RC_3) +# define RC_CreatePrimary_creationPCR (TPM_RC_P + TPM_RC_4) -#endif +// Function prototype +TPM_RC +TPM2_CreatePrimary(CreatePrimary_In* in, CreatePrimary_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATEPRIMARY_FP_H_ +#endif // CC_CreatePrimary diff --git a/src/tpm2/Create_fp.h b/src/tpm2/Create_fp.h index 69752a15..6e509166 100644 --- a/src/tpm2/Create_fp.h +++ b/src/tpm2/Create_fp.h @@ -59,38 +59,44 @@ /* */ /********************************************************************************/ -/* rev 137 */ -#ifndef CREATE_FP_H -#define CREATE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT parentHandle; - TPM2B_SENSITIVE_CREATE inSensitive; - TPM2B_PUBLIC inPublic; - TPM2B_DATA outsideInfo; - TPML_PCR_SELECTION creationPCR; -} Create_In; +#if CC_Create // Command must be enabled -#define RC_Create_parentHandle (TPM_RC_H + TPM_RC_1) -#define RC_Create_inSensitive (TPM_RC_P + TPM_RC_1) -#define RC_Create_inPublic (TPM_RC_P + TPM_RC_2) -#define RC_Create_outsideInfo (TPM_RC_P + TPM_RC_3) -#define RC_Create_creationPCR (TPM_RC_P + TPM_RC_4) +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATE_FP_H_ -typedef struct { - TPM2B_PRIVATE outPrivate; - TPM2B_PUBLIC outPublic; - TPM2B_CREATION_DATA creationData; - TPM2B_DIGEST creationHash; - TPMT_TK_CREATION creationTicket; +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT parentHandle; + TPM2B_SENSITIVE_CREATE inSensitive; + TPM2B_PUBLIC inPublic; + TPM2B_DATA outsideInfo; + TPML_PCR_SELECTION creationPCR; +} Create_In; + +// Output structure definition +typedef struct +{ + TPM2B_PRIVATE outPrivate; + TPM2B_PUBLIC outPublic; + TPM2B_CREATION_DATA creationData; + TPM2B_DIGEST creationHash; + TPMT_TK_CREATION creationTicket; } Create_Out; +// Response code modifiers +# define RC_Create_parentHandle (TPM_RC_H + TPM_RC_1) +# define RC_Create_inSensitive (TPM_RC_P + TPM_RC_1) +# define RC_Create_inPublic (TPM_RC_P + TPM_RC_2) +# define RC_Create_outsideInfo (TPM_RC_P + TPM_RC_3) +# define RC_Create_creationPCR (TPM_RC_P + TPM_RC_4) + +// Function prototype TPM_RC -TPM2_Create( - Create_In *in, // IN: input parameter list - Create_Out *out // OUT: output parameter list - ); +TPM2_Create(Create_In* in, Create_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATE_FP_H_ +#endif // CC_Create diff --git a/src/tpm2/CryptEccData.c b/src/tpm2/CryptEccData.c index 15264b23..658f7da0 100644 --- a/src/tpm2/CryptEccData.c +++ b/src/tpm2/CryptEccData.c @@ -79,73 +79,73 @@ const TPM_ECC_CURVE_METADATA eccCurves[] = { # if ECC_NIST_P192 comma{TPM_ECC_NIST_P192, - 192, - {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA256}}}, - {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, - OID_ECC_NIST_P192 CURVE_NAME("NIST_P192")} + 192, + {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA256}}}, + {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, + OID_ECC_NIST_P192 CURVE_NAME("NIST_P192")} # undef comma # define comma , # endif // ECC_NIST_P192 # if ECC_NIST_P224 comma{TPM_ECC_NIST_P224, - 224, - {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA256}}}, - {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, - OID_ECC_NIST_P224 CURVE_NAME("NIST_P224")} + 224, + {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA256}}}, + {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, + OID_ECC_NIST_P224 CURVE_NAME("NIST_P224")} # undef comma # define comma , # endif // ECC_NIST_P224 # if ECC_NIST_P256 comma{TPM_ECC_NIST_P256, - 256, - {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA256}}}, - {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, - OID_ECC_NIST_P256 CURVE_NAME("NIST_P256")} + 256, + {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA256}}}, + {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, + OID_ECC_NIST_P256 CURVE_NAME("NIST_P256")} # undef comma # define comma , # endif // ECC_NIST_P256 # if ECC_NIST_P384 comma{TPM_ECC_NIST_P384, - 384, - {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA384}}}, - {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, - OID_ECC_NIST_P384 CURVE_NAME("NIST_P384")} + 384, + {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA384}}}, + {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, + OID_ECC_NIST_P384 CURVE_NAME("NIST_P384")} # undef comma # define comma , # endif // ECC_NIST_P384 # if ECC_NIST_P521 comma{TPM_ECC_NIST_P521, - 521, - {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA512}}}, - {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, - OID_ECC_NIST_P521 CURVE_NAME("NIST_P521")} + 521, + {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA512}}}, + {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, + OID_ECC_NIST_P521 CURVE_NAME("NIST_P521")} # undef comma # define comma , # endif // ECC_NIST_P521 # if ECC_BN_P256 comma{TPM_ECC_BN_P256, - 256, - {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, - {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, - OID_ECC_BN_P256 CURVE_NAME("BN_P256")} + 256, + {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, + {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, + OID_ECC_BN_P256 CURVE_NAME("BN_P256")} # undef comma # define comma , # endif // ECC_BN_P256 # if ECC_BN_P638 comma{TPM_ECC_BN_P638, - 638, - {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, - {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, - OID_ECC_BN_P638 CURVE_NAME("BN_P638")} + 638, + {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, + {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, + OID_ECC_BN_P638 CURVE_NAME("BN_P638")} # undef comma # define comma , # endif // ECC_BN_P638 # if ECC_SM2_P256 comma{TPM_ECC_SM2_P256, - 256, - {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SM3_256}}}, - {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, - OID_ECC_SM2_P256 CURVE_NAME("SM2_P256")} + 256, + {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SM3_256}}}, + {TPM_ALG_NULL, {{TPM_ALG_NULL}}}, + OID_ECC_SM2_P256 CURVE_NAME("SM2_P256")} # undef comma # define comma , # endif // ECC_SM2_P256 diff --git a/src/tpm2/CryptSelfTest.c b/src/tpm2/CryptSelfTest.c index 6f37b94a..d20831aa 100644 --- a/src/tpm2/CryptSelfTest.c +++ b/src/tpm2/CryptSelfTest.c @@ -79,22 +79,22 @@ //*** RunSelfTest() // Local function to run self-test static TPM_RC CryptRunSelfTests( - ALGORITHM_VECTOR* toTest // IN: the vector of the algorithms to test - ) + ALGORITHM_VECTOR* toTest // IN: the vector of the algorithms to test +) { TPM_ALG_ID alg; // For each of the algorithms that are in the toTestVecor, need to run a // test for(alg = TPM_ALG_FIRST; alg <= TPM_ALG_LAST; alg++) - { - if(TEST_BIT(alg, *toTest)) - { - TPM_RC result = CryptTestAlgorithm(alg, toTest); - if(result != TPM_RC_SUCCESS) - return result; - } - } + { + if(TEST_BIT(alg, *toTest)) + { + TPM_RC result = CryptTestAlgorithm(alg, toTest); + if(result != TPM_RC_SUCCESS) + return result; + } + } return TPM_RC_SUCCESS; } @@ -114,19 +114,19 @@ static TPM_RC CryptRunSelfTests( LIB_EXPORT TPM_RC CryptSelfTest(TPMI_YES_NO fullTest // IN: if full test is required - ) +) { #if ALLOW_FORCE_FAILURE_MODE if(g_forceFailureMode) - FAIL(FATAL_ERROR_FORCED); + FAIL(FATAL_ERROR_FORCED); #endif // If the caller requested a full test, then reset the to test vector so that // all the tests will be run if(fullTest == YES) - { - MemoryCopy(g_toTest, g_implementedAlgorithms, sizeof(g_toTest)); - } + { + MemoryCopy(g_toTest, g_implementedAlgorithms, sizeof(g_toTest)); + } return CryptRunSelfTests(&g_toTest); } @@ -144,8 +144,8 @@ CryptSelfTest(TPMI_YES_NO fullTest // IN: if full test is required // TPM_RC_VALUE an algorithm in the toTest list is not implemented TPM_RC CryptIncrementalSelfTest(TPML_ALG* toTest, // IN: list of algorithms to be tested - TPML_ALG* toDoList // OUT: list of algorithms needing test - ) + TPML_ALG* toDoList // OUT: list of algorithms needing test +) { ALGORITHM_VECTOR toTestVector = {0}; TPM_ALG_ID alg; @@ -153,36 +153,36 @@ CryptIncrementalSelfTest(TPML_ALG* toTest, // IN: list of algorithms to be tes pAssert(toTest != NULL && toDoList != NULL); if(toTest->count > 0) - { - // Transcribe the toTest list into the toTestVector - for(i = 0; i < toTest->count; i++) - { - alg = toTest->algorithms[i]; + { + // Transcribe the toTest list into the toTestVector + for(i = 0; i < toTest->count; i++) + { + alg = toTest->algorithms[i]; - // make sure that the algorithm value is not out of range - if((alg > TPM_ALG_LAST) || !TEST_BIT(alg, g_implementedAlgorithms)) - return TPM_RC_VALUE; - // libtpms added begin - if(!RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, - alg)) - return TPM_RC_VALUE; - // libtpms added end - SET_BIT(alg, toTestVector); - } - // Run the test - if(CryptRunSelfTests(&toTestVector) == TPM_RC_CANCELED) - return TPM_RC_CANCELED; - } + // make sure that the algorithm value is not out of range + if((alg > TPM_ALG_LAST) || !TEST_BIT(alg, g_implementedAlgorithms)) + return TPM_RC_VALUE; + // libtpms added begin + if(!RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, + alg)) + return TPM_RC_VALUE; + // libtpms added end + SET_BIT(alg, toTestVector); + } + // Run the test + if(CryptRunSelfTests(&toTestVector) == TPM_RC_CANCELED) + return TPM_RC_CANCELED; + } // Fill in the toDoList with the algorithms that are still untested toDoList->count = 0; for(alg = TPM_ALG_FIRST; - toDoList->count < MAX_ALG_LIST_SIZE && alg <= TPM_ALG_LAST; - alg++) - { - if(TEST_BIT(alg, g_toTest)) - toDoList->algorithms[toDoList->count++] = alg; - } + toDoList->count < MAX_ALG_LIST_SIZE && alg <= TPM_ALG_LAST; + alg++) + { + if(TEST_BIT(alg, g_toTest)) + toDoList->algorithms[toDoList->count++] = alg; + } return TPM_RC_SUCCESS; } @@ -231,11 +231,11 @@ CryptTestAlgorithm(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest) // will over report. This can be changed so that any call to check on which // algorithms have tests, 'toTest' can be cleared. if(alg != TPM_ALG_ERROR) - { - CLEAR_BIT(alg, g_toTest); - if(toTest != NULL) - CLEAR_BIT(alg, *toTest); - } + { + CLEAR_BIT(alg, g_toTest); + if(toTest != NULL) + CLEAR_BIT(alg, *toTest); + } result = TPM_RC_SUCCESS; #endif return result; diff --git a/src/tpm2/CryptSelfTest_fp.h b/src/tpm2/CryptSelfTest_fp.h index 8dd3822c..e91df04b 100644 --- a/src/tpm2/CryptSelfTest_fp.h +++ b/src/tpm2/CryptSelfTest_fp.h @@ -59,29 +59,69 @@ /* */ /********************************************************************************/ -#ifndef CRYPTSELFTEST_FP_H -#define CRYPTSELFTEST_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 4, 2020 Time: 02:36:44PM + */ +#ifndef _CRYPT_SELF_TEST_FP_H_ +#define _CRYPT_SELF_TEST_FP_H_ + +//*** CryptSelfTest() +// This function is called to start/complete a full self-test. +// If 'fullTest' is NO, then only the untested algorithms will be run. If +// 'fullTest' is YES, then 'g_untestedDecryptionAlgorithms' is reinitialized and then +// all tests are run. +// This implementation of the reference design does not support processing outside +// the framework of a TPM command. As a consequence, this command does not +// complete until all tests are done. Since this can take a long time, the TPM +// will check after each test to see if the command is canceled. If so, then the +// TPM will returned TPM_RC_CANCELLED. To continue with the self-tests, call +// TPM2_SelfTest(fullTest == No) and the TPM will complete the testing. +// Return Type: TPM_RC +// TPM_RC_CANCELED if the command is canceled LIB_EXPORT TPM_RC -CryptSelfTest( - TPMI_YES_NO fullTest // IN: if full test is required - ); +CryptSelfTest(TPMI_YES_NO fullTest // IN: if full test is required +); + +//*** CryptIncrementalSelfTest() +// This function is used to perform an incremental self-test. This implementation +// will perform the toTest values before returning. That is, it assumes that the +// TPM cannot perform background tasks between commands. +// +// This command may be canceled. If it is, then there is no return result. +// However, this command can be run again and the incremental progress will not +// be lost. +// Return Type: TPM_RC +// TPM_RC_CANCELED processing of this command was canceled +// TPM_RC_TESTING if toTest list is not empty +// TPM_RC_VALUE an algorithm in the toTest list is not implemented TPM_RC -CryptIncrementalSelfTest( - TPML_ALG *toTest, // IN: list of algorithms to be tested - TPML_ALG *toDoList // OUT: list of algorithms needing test - ); -void -CryptInitializeToTest( - void - ); +CryptIncrementalSelfTest(TPML_ALG* toTest, // IN: list of algorithms to be tested + TPML_ALG* toDoList // OUT: list of algorithms needing test +); + +//*** CryptInitializeToTest() +// This function will initialize the data structures for testing all the +// algorithms. This should not be called unless CryptAlgsSetImplemented() has +// been called +void CryptInitializeToTest(void); + +//*** CryptTestAlgorithm() +// Only point of contact with the actual self tests. If a self-test fails, there +// is no return and the TPM goes into failure mode. +// The call to TestAlgorithm uses an algorithm selector and a bit vector. When the +// test is run, the corresponding bit in 'toTest' and in 'g_toTest' is CLEAR. If +// 'toTest' is NULL, then only the bit in 'g_toTest' is CLEAR. +// There is a special case for the call to TestAlgorithm(). When 'alg' is +// ALG_ERROR, TestAlgorithm() will CLEAR any bit in 'toTest' for which it has +// no test. This allows the knowledge about which algorithms have test to be +// accessed through the interface that provides the test. +// Return Type: TPM_RC +// TPM_RC_CANCELED test was canceled LIB_EXPORT TPM_RC -CryptTestAlgorithm( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ); +CryptTestAlgorithm(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest); - -#endif +#endif // _CRYPT_SELF_TEST_FP_H_ diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c index 36e82eaa..e5e6174a 100644 --- a/src/tpm2/CryptUtil.c +++ b/src/tpm2/CryptUtil.c @@ -78,28 +78,28 @@ // Return Type: TPM_RC // TPM_RC_HASH not a valid hash static TPM_RC CryptHmacSign(TPMT_SIGNATURE* signature, // OUT: signature - OBJECT* signKey, // IN: HMAC key sign the hash - TPM2B_DIGEST* hashData // IN: hash to be signed - ) + OBJECT* signKey, // IN: HMAC key sign the hash + TPM2B_DIGEST* hashData // IN: hash to be signed +) { HMAC_STATE hmacState; UINT32 digestSize; if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,// libtpms added begin - TPM_ALG_HMAC, - signKey->sensitive.sensitive.bits.t.size * 8, - TPM_ECC_NONE, - g_RuntimeProfile.stateFormatLevel)) + TPM_ALG_HMAC, + signKey->sensitive.sensitive.bits.t.size * 8, + TPM_ECC_NONE, + g_RuntimeProfile.stateFormatLevel)) return TPM_RC_KEY_SIZE; // libtpms added end if (signature->sigAlg == TPM_ALG_HMAC) { - digestSize = CryptHmacStart2B(&hmacState, - signature->signature.any.hashAlg, - &signKey->sensitive.sensitive.bits.b); - CryptDigestUpdate2B(&hmacState.hashState, &hashData->b); - CryptHmacEnd(&hmacState, digestSize, (BYTE*)&signature->signature.hmac.digest); - return TPM_RC_SUCCESS; + digestSize = CryptHmacStart2B(&hmacState, + signature->signature.any.hashAlg, + &signKey->sensitive.sensitive.bits.b); + CryptDigestUpdate2B(&hmacState.hashState, &hashData->b); + CryptHmacEnd(&hmacState, digestSize, (BYTE*)&signature->signature.hmac.digest); + return TPM_RC_SUCCESS; } return TPM_RC_SCHEME; } @@ -113,14 +113,14 @@ static TPM_RC CryptHmacSign(TPMT_SIGNATURE* signature, // OUT: signature // TPM_RC_SCHEME not the proper scheme for this key type // TPM_RC_SIGNATURE if invalid input or signature is not genuine static TPM_RC CryptHMACVerifySignature( - OBJECT* signKey, // IN: HMAC key signed the hash - TPM2B_DIGEST* hashData, // IN: digest being verified - TPMT_SIGNATURE* signature // IN: signature to be verified - ) + OBJECT* signKey, // IN: HMAC key signed the hash + TPM2B_DIGEST* hashData, // IN: digest being verified + TPMT_SIGNATURE* signature // IN: signature to be verified +) { TPMT_SIGNATURE test; TPMT_KEYEDHASH_SCHEME* keyScheme = - &signKey->publicArea.parameters.keyedHashDetail.scheme; + &signKey->publicArea.parameters.keyedHashDetail.scheme; if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,// libtpm added begin TPM_ALG_HMAC, @@ -132,7 +132,7 @@ static TPM_RC CryptHMACVerifySignature( // if((signature->sigAlg != TPM_ALG_HMAC) || (signature->signature.hmac.hashAlg == TPM_ALG_NULL)) - return TPM_RC_SCHEME; + return TPM_RC_SCHEME; // This check is not really needed for verification purposes. However, it does // prevent someone from trying to validate a signature using a weaker hash // algorithm than otherwise allowed by the key. That is, a key with a scheme @@ -140,8 +140,8 @@ static TPM_RC CryptHMACVerifySignature( // a matching scheme. if((keyScheme->scheme != TPM_ALG_NULL) && ((keyScheme->scheme != signature->sigAlg) - || (keyScheme->details.hmac.hashAlg != signature->signature.any.hashAlg))) - return TPM_RC_SIGNATURE; + || (keyScheme->details.hmac.hashAlg != signature->signature.any.hashAlg))) + return TPM_RC_SIGNATURE; if (signature->signature.any.hashAlg == TPM_ALG_SHA1 && // libtpms added begin RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, @@ -155,9 +155,9 @@ static TPM_RC CryptHMACVerifySignature( // Compare digest if(!MemoryEqual(&test.signature.hmac.digest, - &signature->signature.hmac.digest, - CryptHashGetDigestSize(signature->signature.any.hashAlg))) - return TPM_RC_SIGNATURE; + &signature->signature.hmac.digest, + CryptHashGetDigestSize(signature->signature.any.hashAlg))) + return TPM_RC_SIGNATURE; return TPM_RC_SUCCESS; } @@ -169,12 +169,12 @@ static TPM_RC CryptHMACVerifySignature( // TPM_RC_SIZE sensitive data size is larger than allowed for // the scheme static TPM_RC CryptGenerateKeyedHash( - TPMT_PUBLIC* publicArea, // IN/OUT: the public area template - // for the new key. - TPMT_SENSITIVE* sensitive, // OUT: sensitive area - TPMS_SENSITIVE_CREATE* sensitiveCreate, // IN: sensitive creation data - RAND_STATE* rand // IN: "entropy" source - ) + TPMT_PUBLIC* publicArea, // IN/OUT: the public area template + // for the new key. + TPMT_SENSITIVE* sensitive, // OUT: sensitive area + TPMS_SENSITIVE_CREATE* sensitiveCreate, // IN: sensitive creation data + RAND_STATE* rand // IN: "entropy" source +) { TPMT_KEYEDHASH_SCHEME* scheme; TPM_ALG_ID hashAlg; @@ -183,15 +183,15 @@ static TPM_RC CryptGenerateKeyedHash( scheme = &publicArea->parameters.keyedHashDetail.scheme; if(publicArea->type != TPM_ALG_KEYEDHASH) - return TPM_RC_FAILURE; + return TPM_RC_FAILURE; // Pick the limiting hash algorithm if(scheme->scheme == TPM_ALG_NULL) - hashAlg = publicArea->nameAlg; + hashAlg = publicArea->nameAlg; else if(scheme->scheme == TPM_ALG_XOR) - hashAlg = scheme->details.xorr.hashAlg; + hashAlg = scheme->details.xorr.hashAlg; else - hashAlg = scheme->details.hmac.hashAlg; + hashAlg = scheme->details.hmac.hashAlg; digestSize = CryptHashGetDigestSize(hashAlg); // if this is a signing or a decryption key, then the limit @@ -201,32 +201,32 @@ static TPM_RC CryptGenerateKeyedHash( // //If the user provided the key, check that it is a proper size if(sensitiveCreate->data.t.size != 0) - { - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) - || IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - { - if(sensitiveCreate->data.t.size > CryptHashGetBlockSize(hashAlg)) - return TPM_RC_SIZE; + { + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) + || IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) + { + if(sensitiveCreate->data.t.size > CryptHashGetBlockSize(hashAlg)) + return TPM_RC_SIZE; #if 0 // May make this a FIPS-mode requirement - if(sensitiveCreate->data.t.size < (digestSize / 2)) - return TPM_RC_SIZE; + if(sensitiveCreate->data.t.size < (digestSize / 2)) + return TPM_RC_SIZE; #endif - } - // If this is a data blob, then anything that will get past the unmarshaling - // is OK - MemoryCopy2B(&sensitive->sensitive.bits.b, - &sensitiveCreate->data.b, - sizeof(sensitive->sensitive.bits.t.buffer)); - } + } + // If this is a data blob, then anything that will get past the unmarshaling + // is OK + MemoryCopy2B(&sensitive->sensitive.bits.b, + &sensitiveCreate->data.b, + sizeof(sensitive->sensitive.bits.t.buffer)); + } else - { - // The TPM is going to generate the data so set the size to be the - // size of the digest of the algorithm - sensitive->sensitive.bits.t.size = - DRBG_Generate(rand, sensitive->sensitive.bits.t.buffer, digestSize); - if(sensitive->sensitive.bits.t.size == 0) - return (g_inFailureMode) ? TPM_RC_FAILURE : TPM_RC_NO_RESULT; - } + { + // The TPM is going to generate the data so set the size to be the + // size of the digest of the algorithm + sensitive->sensitive.bits.t.size = + DRBG_Generate(rand, sensitive->sensitive.bits.t.buffer, digestSize); + if(sensitive->sensitive.bits.t.size == 0) + return (g_inFailureMode) ? TPM_RC_FAILURE : TPM_RC_NO_RESULT; + } return TPM_RC_SUCCESS; } @@ -235,7 +235,7 @@ static TPM_RC CryptGenerateKeyedHash( // The only anonymous scheme is ECDAA. ECDAA can be used to do things // like U-Prove. BOOL CryptIsSchemeAnonymous(TPM_ALG_ID scheme // IN: the scheme algorithm to test - ) +) { return scheme == TPM_ALG_ECDAA; } @@ -260,14 +260,14 @@ BOOL CryptIsSchemeAnonymous(TPM_ALG_ID scheme // IN: the scheme algorithm to te // plus an IV */ void ParmDecryptSym(TPM_ALG_ID symAlg, // IN: the symmetric algorithm - TPM_ALG_ID hash, // IN: hash algorithm for KDFa - UINT16 keySizeInBits, // IN: the key size in bits - TPM2B* key, // IN: KDF HMAC key - TPM2B* nonceCaller, // IN: nonce caller - TPM2B* nonceTpm, // IN: nonce TPM - UINT32 dataSize, // IN: size of parameter buffer - BYTE* data // OUT: buffer to be decrypted - ) + TPM_ALG_ID hash, // IN: hash algorithm for KDFa + UINT16 keySizeInBits, // IN: the key size in bits + TPM2B* key, // IN: KDF HMAC key + TPM2B* nonceCaller, // IN: nonce caller + TPM2B* nonceTpm, // IN: nonce TPM + UINT32 dataSize, // IN: size of parameter buffer + BYTE* data // OUT: buffer to be decrypted +) { // KDF output buffer // It contains parameters for the CFB encryption @@ -280,28 +280,28 @@ void ParmDecryptSym(TPM_ALG_ID symAlg, // IN: the symmetric algorithm iv.t.size = CryptGetSymmetricBlockSize(symAlg, keySizeInBits); // If there is decryption to do... if(iv.t.size > 0) - { - // Generate key and iv - CryptKDFa(hash, - key, - CFB_KEY, - nonceCaller, - nonceTpm, - keySizeInBits + (iv.t.size * 8), - symParmString, - NULL, - FALSE); - MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size); + { + // Generate key and iv + CryptKDFa(hash, + key, + CFB_KEY, + nonceCaller, + nonceTpm, + keySizeInBits + (iv.t.size * 8), + symParmString, + NULL, + FALSE); + MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size); - CryptSymmetricDecrypt(data, - symAlg, - keySizeInBits, - symParmString, - &iv, - TPM_ALG_CFB, - dataSize, - data); - } + CryptSymmetricDecrypt(data, + symAlg, + keySizeInBits, + symParmString, + &iv, + TPM_ALG_CFB, + dataSize, + data); + } return; } @@ -320,14 +320,14 @@ void ParmDecryptSym(TPM_ALG_ID symAlg, // IN: the symmetric algorithm // plus an IV */ void ParmEncryptSym(TPM_ALG_ID symAlg, // IN: symmetric algorithm - TPM_ALG_ID hash, // IN: hash algorithm for KDFa - UINT16 keySizeInBits, // IN: symmetric key size in bits - TPM2B* key, // IN: KDF HMAC key - TPM2B* nonceCaller, // IN: nonce caller - TPM2B* nonceTpm, // IN: nonce TPM - UINT32 dataSize, // IN: size of parameter buffer - BYTE* data // OUT: buffer to be encrypted - ) + TPM_ALG_ID hash, // IN: hash algorithm for KDFa + UINT16 keySizeInBits, // IN: symmetric key size in bits + TPM2B* key, // IN: KDF HMAC key + TPM2B* nonceCaller, // IN: nonce caller + TPM2B* nonceTpm, // IN: nonce TPM + UINT32 dataSize, // IN: size of parameter buffer + BYTE* data // OUT: buffer to be encrypted +) { // KDF output buffer // It contains parameters for the CFB encryption @@ -341,28 +341,28 @@ void ParmEncryptSym(TPM_ALG_ID symAlg, // IN: symmetric algorithm iv.t.size = CryptGetSymmetricBlockSize(symAlg, keySizeInBits); // See if there is any encryption to do if(iv.t.size > 0) - { - // Generate key and iv - CryptKDFa(hash, - key, - CFB_KEY, - nonceTpm, - nonceCaller, - keySizeInBits + (iv.t.size * 8), - symParmString, - NULL, - FALSE); - MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size); + { + // Generate key and iv + CryptKDFa(hash, + key, + CFB_KEY, + nonceTpm, + nonceCaller, + keySizeInBits + (iv.t.size * 8), + symParmString, + NULL, + FALSE); + MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size); - CryptSymmetricEncrypt(data, - symAlg, - keySizeInBits, - symParmString, - &iv, - TPM_ALG_CFB, - dataSize, - data); - } + CryptSymmetricEncrypt(data, + symAlg, + keySizeInBits, + symParmString, + &iv, + TPM_ALG_CFB, + dataSize, + data); + } return; } @@ -375,29 +375,29 @@ void ParmEncryptSym(TPM_ALG_ID symAlg, // IN: symmetric algorithm // in the sensitive creation area // TPM_RC_KEY provided key value is not allowed static TPM_RC CryptGenerateKeySymmetric( - TPMT_PUBLIC* publicArea, // IN/OUT: The public area template - // for the new key. - TPMT_SENSITIVE* sensitive, // OUT: sensitive area - TPMS_SENSITIVE_CREATE* sensitiveCreate, // IN: sensitive creation data - RAND_STATE* rand // IN: the "entropy" source for - ) + TPMT_PUBLIC* publicArea, // IN/OUT: The public area template + // for the new key. + TPMT_SENSITIVE* sensitive, // OUT: sensitive area + TPMS_SENSITIVE_CREATE* sensitiveCreate, // IN: sensitive creation data + RAND_STATE* rand // IN: the "entropy" source for +) { UINT16 keyBits = publicArea->parameters.symDetail.sym.keyBits.sym; TPM_RC result; // // only do multiples of RADIX_BITS if((keyBits % RADIX_BITS) != 0) - return TPM_RC_KEY_SIZE; + return TPM_RC_KEY_SIZE; // If this is not a new key, then the provided key data must be the right size if(sensitiveCreate->data.t.size != 0) - { - result = CryptSymKeyValidate(&publicArea->parameters.symDetail.sym, - (TPM2B_SYM_KEY*)&sensitiveCreate->data); - if(result == TPM_RC_SUCCESS) - MemoryCopy2B(&sensitive->sensitive.sym.b, - &sensitiveCreate->data.b, - sizeof(sensitive->sensitive.sym.t.buffer)); - } + { + result = CryptSymKeyValidate(&publicArea->parameters.symDetail.sym, + (TPM2B_SYM_KEY*)&sensitiveCreate->data); + if(result == TPM_RC_SUCCESS) + MemoryCopy2B(&sensitive->sensitive.sym.b, + &sensitiveCreate->data.b, + sizeof(sensitive->sensitive.sym.t.buffer)); + } #if ALG_TDES else if(publicArea->parameters.symDetail.sym.algorithm == TPM_ALG_TDES) { @@ -405,16 +405,16 @@ static TPM_RC CryptGenerateKeySymmetric( } #endif else - { - sensitive->sensitive.sym.t.size = DRBG_Generate( - rand, sensitive->sensitive.sym.t.buffer, BITS_TO_BYTES(keyBits)); - if(g_inFailureMode) - result = TPM_RC_FAILURE; - else if(sensitive->sensitive.sym.t.size == 0) - result = TPM_RC_NO_RESULT; - else - result = TPM_RC_SUCCESS; - } + { + sensitive->sensitive.sym.t.size = DRBG_Generate( + rand, sensitive->sensitive.sym.t.buffer, BITS_TO_BYTES(keyBits)); + if(g_inFailureMode) + result = TPM_RC_FAILURE; + else if(sensitive->sensitive.sym.t.size == 0) + result = TPM_RC_NO_RESULT; + else + result = TPM_RC_SUCCESS; + } return result; } @@ -423,12 +423,12 @@ static TPM_RC CryptGenerateKeySymmetric( // hash algorithm is not implemented. The only return value from this function // is TPM_RC_SUCCESS. void CryptXORObfuscation(TPM_ALG_ID hash, // IN: hash algorithm for KDF - TPM2B* key, // IN: KDF key - TPM2B* contextU, // IN: contextU - TPM2B* contextV, // IN: contextV - UINT32 dataSize, // IN: size of data buffer - BYTE* data // IN/OUT: data to be XORed in place - ) + TPM2B* key, // IN: KDF key + TPM2B* contextU, // IN: contextU + TPM2B* contextV, // IN: contextV + UINT32 dataSize, // IN: size of data buffer + BYTE* data // IN/OUT: data to be XORed in place +) { BYTE mask[MAX_DIGEST_SIZE]; // Allocate a digest sized buffer BYTE* pm; @@ -442,23 +442,23 @@ void CryptXORObfuscation(TPM_ALG_ID hash, // IN: hash algorithm for KDF // Call KDFa to generate XOR mask for(; remainBytes > 0; remainBytes -= hLen) - { - // Make a call to KDFa to get next iteration - CryptKDFa(hash, - key, - XOR_KEY, - contextU, - contextV, - requestSize, - mask, - &counter, - TRUE); + { + // Make a call to KDFa to get next iteration + CryptKDFa(hash, + key, + XOR_KEY, + contextU, + contextV, + requestSize, + mask, + &counter, + TRUE); - // XOR next piece of the data - pm = mask; - for(i = hLen < remainBytes ? hLen : remainBytes; i > 0; i--) - *data++ ^= *pm++; - } + // XOR next piece of the data + pm = mask; + for(i = hLen < remainBytes ? hLen : remainBytes; i > 0; i--) + *data++ ^= *pm++; + } return; } @@ -510,32 +510,32 @@ BOOL CryptInit(void) // FALSE(0) startup failed and caller should place the TPM into // Failure Mode BOOL CryptStartup(STARTUP_TYPE type // IN: the startup type - ) +) { BOOL OK; NOT_REFERENCED(type); OK = CryptSymStartup() && CryptRandStartup() && CryptHashStartup() #if ALG_RSA - && CryptRsaStartup() + && CryptRsaStartup() #endif // ALG_RSA #if ALG_ECC - && CryptEccStartup() + && CryptEccStartup() #endif // ALG_ECC - ; + ; #if ALG_ECC // Don't directly check for SU_RESET because that is the default if(OK && (type != SU_RESTART) && (type != SU_RESUME)) - { - // If the shutdown was orderly, then the values recovered from NV will - // be OK to use. - // Get a new random commit nonce - gr.commitNonce.t.size = sizeof(gr.commitNonce.t.buffer); - CryptRandomGenerate(gr.commitNonce.t.size, gr.commitNonce.t.buffer); - // Reset the counter and commit array - gr.commitCounter = 0; - MemorySet(gr.commitArray, 0, sizeof(gr.commitArray)); - } + { + // If the shutdown was orderly, then the values recovered from NV will + // be OK to use. + // Get a new random commit nonce + gr.commitNonce.t.size = sizeof(gr.commitNonce.t.buffer); + CryptRandomGenerate(gr.commitNonce.t.size, gr.commitNonce.t.buffer); + // Reset the counter and commit array + gr.commitCounter = 0; + MemorySet(gr.commitArray, 0, sizeof(gr.commitArray)); + } #endif // ALG_ECC return OK; } @@ -554,21 +554,21 @@ BOOL CryptStartup(STARTUP_TYPE type // IN: the startup type // TRUE(1) if it is an asymmetric algorithm // FALSE(0) if it is not an asymmetric algorithm BOOL CryptIsAsymAlgorithm(TPM_ALG_ID algID // IN: algorithm ID - ) +) { switch(algID) - { + { #if ALG_RSA - case TPM_ALG_RSA: + case TPM_ALG_RSA: #endif #if ALG_ECC - case TPM_ALG_ECC: + case TPM_ALG_ECC: #endif - return TRUE; - break; - default: - break; - } + return TRUE; + break; + default: + break; + } return FALSE; } @@ -586,15 +586,15 @@ BOOL CryptIsAsymAlgorithm(TPM_ALG_ID algID // IN: algorithm ID // than the RSA key modulus TPM_RC CryptSecretEncrypt(OBJECT* encryptKey, // IN: encryption key object - const TPM2B* label, // IN: a null-terminated string as L - TPM2B_DATA* data, // OUT: secret value - TPM2B_ENCRYPTED_SECRET* secret // OUT: secret structure - ) + const TPM2B* label, // IN: a null-terminated string as L + TPM2B_DATA* data, // OUT: secret value + TPM2B_ENCRYPTED_SECRET* secret // OUT: secret structure +) { TPM_RC result = TPM_RC_SUCCESS; // if(data == NULL || secret == NULL) - return TPM_RC_FAILURE; + return TPM_RC_FAILURE; // CryptKDFe was fixed to not add a NULL byte as per NIST.SP.800-56Cr2.pdf // (required for ACVP tests). This check ensures backwards compatibility with @@ -604,110 +604,110 @@ CryptSecretEncrypt(OBJECT* encryptKey, // IN: encryption key object // runtime check of hardcoded constants; provided the code is correct it will never // fail, and running the compliance tests will verify this isn't hit. if((label == NULL) || (label->size == 0) || (label->buffer[label->size - 1] != 0)) - return TPM_RC_FAILURE; + return TPM_RC_FAILURE; // The output secret value has the size of the digest produced by the nameAlg. data->t.size = CryptHashGetDigestSize(encryptKey->publicArea.nameAlg); if(!IS_ATTRIBUTE(encryptKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) - return TPM_RC_ATTRIBUTES; + return TPM_RC_ATTRIBUTES; switch(encryptKey->publicArea.type) - { + { #if ALG_RSA - case TPM_ALG_RSA: - { - // The encryption scheme is OAEP using the nameAlg of the encrypt key. - TPMT_RSA_DECRYPT scheme; - scheme.scheme = TPM_ALG_OAEP; - scheme.details.anySig.hashAlg = encryptKey->publicArea.nameAlg; + case TPM_ALG_RSA: + { + // The encryption scheme is OAEP using the nameAlg of the encrypt key. + TPMT_RSA_DECRYPT scheme; + scheme.scheme = TPM_ALG_OAEP; + scheme.details.anySig.hashAlg = encryptKey->publicArea.nameAlg; - // Create secret data from RNG - CryptRandomGenerate(data->t.size, data->t.buffer); + // Create secret data from RNG + CryptRandomGenerate(data->t.size, data->t.buffer); - // Encrypt the data by RSA OAEP into encrypted secret - result = CryptRsaEncrypt((TPM2B_PUBLIC_KEY_RSA*)secret, - &data->b, - encryptKey, - &scheme, - label, - NULL); - } - break; + // Encrypt the data by RSA OAEP into encrypted secret + result = CryptRsaEncrypt((TPM2B_PUBLIC_KEY_RSA*)secret, + &data->b, + encryptKey, + &scheme, + label, + NULL); + } + break; #endif // ALG_RSA #if ALG_ECC - case TPM_ALG_ECC: - { - TPMS_ECC_POINT eccPublic; - TPM2B_ECC_PARAMETER eccPrivate; - TPMS_ECC_POINT eccSecret; - BYTE* buffer = secret->t.secret; + case TPM_ALG_ECC: + { + TPMS_ECC_POINT eccPublic; + TPM2B_ECC_PARAMETER eccPrivate; + TPMS_ECC_POINT eccSecret; + BYTE* buffer = secret->t.secret; - // Need to make sure that the public point of the key is on the - // curve defined by the key. - if(!CryptEccIsPointOnCurve( - encryptKey->publicArea.parameters.eccDetail.curveID, - &encryptKey->publicArea.unique.ecc)) - result = TPM_RC_KEY; - else - { - // Call crypto engine to create an auxiliary ECC key - // We assume crypt engine initialization should always success. - // Otherwise, TPM should go to failure mode. + // Need to make sure that the public point of the key is on the + // curve defined by the key. + if(!CryptEccIsPointOnCurve( + encryptKey->publicArea.parameters.eccDetail.curveID, + &encryptKey->publicArea.unique.ecc)) + result = TPM_RC_KEY; + else + { + // Call crypto engine to create an auxiliary ECC key + // We assume crypt engine initialization should always success. + // Otherwise, TPM should go to failure mode. - CryptEccNewKeyPair( - &eccPublic, - &eccPrivate, - encryptKey->publicArea.parameters.eccDetail.curveID); - // Marshal ECC public to secret structure. This will be used by the - // recipient to decrypt the secret with their private key. - secret->t.size = TPMS_ECC_POINT_Marshal(&eccPublic, &buffer, NULL); + CryptEccNewKeyPair( + &eccPublic, + &eccPrivate, + encryptKey->publicArea.parameters.eccDetail.curveID); + // Marshal ECC public to secret structure. This will be used by the + // recipient to decrypt the secret with their private key. + secret->t.size = TPMS_ECC_POINT_Marshal(&eccPublic, &buffer, NULL); - // Compute ECDH shared secret which is R = [d]Q where d is the - // private part of the ephemeral key and Q is the public part of a - // TPM key. TPM_RC_KEY error return from CryptComputeECDHSecret - // because the auxiliary ECC key is just created according to the - // parameters of input ECC encrypt key. - if(CryptEccPointMultiply( - &eccSecret, - encryptKey->publicArea.parameters.eccDetail.curveID, - &encryptKey->publicArea.unique.ecc, - &eccPrivate, - NULL, - NULL) - != TPM_RC_SUCCESS) - result = TPM_RC_KEY; - else - { - // The secret value is computed from Z using KDFe as: - // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) - // Where: - // HashID the nameAlg of the decrypt key - // Z the x coordinate (Px) of the product (P) of the point - // (Q) of the secret and the private x coordinate (de,V) - // of the decryption key - // Use a null-terminated string containing "SECRET" - // PartyUInfo the x coordinate of the point in the secret - // (Qe,U ) - // PartyVInfo the x coordinate of the public key (Qs,V ) - // bits the number of bits in the digest of HashID - // Retrieve seed from KDFe - CryptKDFe(encryptKey->publicArea.nameAlg, - &eccSecret.x.b, - label, - &eccPublic.x.b, - &encryptKey->publicArea.unique.ecc.x.b, - data->t.size * 8, - data->t.buffer); - } - } - } - break; + // Compute ECDH shared secret which is R = [d]Q where d is the + // private part of the ephemeral key and Q is the public part of a + // TPM key. TPM_RC_KEY error return from CryptComputeECDHSecret + // because the auxiliary ECC key is just created according to the + // parameters of input ECC encrypt key. + if(CryptEccPointMultiply( + &eccSecret, + encryptKey->publicArea.parameters.eccDetail.curveID, + &encryptKey->publicArea.unique.ecc, + &eccPrivate, + NULL, + NULL) + != TPM_RC_SUCCESS) + result = TPM_RC_KEY; + else + { + // The secret value is computed from Z using KDFe as: + // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) + // Where: + // HashID the nameAlg of the decrypt key + // Z the x coordinate (Px) of the product (P) of the point + // (Q) of the secret and the private x coordinate (de,V) + // of the decryption key + // Use a null-terminated string containing "SECRET" + // PartyUInfo the x coordinate of the point in the secret + // (Qe,U ) + // PartyVInfo the x coordinate of the public key (Qs,V ) + // bits the number of bits in the digest of HashID + // Retrieve seed from KDFe + CryptKDFe(encryptKey->publicArea.nameAlg, + &eccSecret.x.b, + label, + &eccPublic.x.b, + &encryptKey->publicArea.unique.ecc.x.b, + data->t.size * 8, + data->t.buffer); + } + } + } + break; #endif // ALG_ECC - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } return result; } @@ -734,14 +734,14 @@ CryptSecretEncrypt(OBJECT* encryptKey, // IN: encryption key object // TPM_RC_FAILURE internal error TPM_RC CryptSecretDecrypt(OBJECT* decryptKey, // IN: decrypt key - TPM2B_NONCE* nonceCaller, // IN: nonceCaller. It is needed for - // symmetric decryption. For - // asymmetric decryption, this - // parameter is NULL - const TPM2B* label, // IN: a value for L - TPM2B_ENCRYPTED_SECRET* secret, // IN: input secret - TPM2B_DATA* data // OUT: decrypted secret value - ) + TPM2B_NONCE* nonceCaller, // IN: nonceCaller. It is needed for + // symmetric decryption. For + // asymmetric decryption, this + // parameter is NULL + const TPM2B* label, // IN: a value for L + TPM2B_ENCRYPTED_SECRET* secret, // IN: input secret + TPM2B_DATA* data // OUT: decrypted secret value +) { TPM_RC result = TPM_RC_SUCCESS; @@ -753,228 +753,228 @@ CryptSecretDecrypt(OBJECT* decryptKey, // IN: decrypt key // runtime check of hardcoded constants; provided the code is correct it will never // fail, and running the compliance tests will verify this isn't hit. if((label == NULL) || (label->size == 0) || (label->buffer[label->size - 1] != 0)) - return TPM_RC_FAILURE; + return TPM_RC_FAILURE; // Decryption for secret switch(decryptKey->publicArea.type) - { + { #if ALG_RSA - case TPM_ALG_RSA: - { - TPMT_RSA_DECRYPT scheme; - TPMT_RSA_SCHEME* keyScheme = - &decryptKey->publicArea.parameters.rsaDetail.scheme; - UINT16 digestSize; + case TPM_ALG_RSA: + { + TPMT_RSA_DECRYPT scheme; + TPMT_RSA_SCHEME* keyScheme = + &decryptKey->publicArea.parameters.rsaDetail.scheme; + UINT16 digestSize; - scheme = *(TPMT_RSA_DECRYPT*)keyScheme; - // If the key scheme is TPM_ALG_NULL, set the scheme to OAEP and - // set the algorithm to the name algorithm. - if(scheme.scheme == TPM_ALG_NULL) - { - // Use OAEP scheme - scheme.scheme = TPM_ALG_OAEP; - scheme.details.oaep.hashAlg = decryptKey->publicArea.nameAlg; - } - // use the digestSize as an indicator of whether or not the scheme - // is using a supported hash algorithm. - // Note: depending on the scheme used for encryption, a hashAlg might - // not be needed. However, the return value has to have some upper - // limit on the size. In this case, it is the size of the digest of the - // hash algorithm. It is checked after the decryption is done but, there - // is no point in doing the decryption if the size is going to be - // 'wrong' anyway. - digestSize = CryptHashGetDigestSize(scheme.details.oaep.hashAlg); - if(scheme.scheme != TPM_ALG_OAEP || digestSize == 0) - return TPM_RC_SCHEME; + scheme = *(TPMT_RSA_DECRYPT*)keyScheme; + // If the key scheme is TPM_ALG_NULL, set the scheme to OAEP and + // set the algorithm to the name algorithm. + if(scheme.scheme == TPM_ALG_NULL) + { + // Use OAEP scheme + scheme.scheme = TPM_ALG_OAEP; + scheme.details.oaep.hashAlg = decryptKey->publicArea.nameAlg; + } + // use the digestSize as an indicator of whether or not the scheme + // is using a supported hash algorithm. + // Note: depending on the scheme used for encryption, a hashAlg might + // not be needed. However, the return value has to have some upper + // limit on the size. In this case, it is the size of the digest of the + // hash algorithm. It is checked after the decryption is done but, there + // is no point in doing the decryption if the size is going to be + // 'wrong' anyway. + digestSize = CryptHashGetDigestSize(scheme.details.oaep.hashAlg); + if(scheme.scheme != TPM_ALG_OAEP || digestSize == 0) + return TPM_RC_SCHEME; - // Set the output buffer capacity - data->t.size = sizeof(data->t.buffer); + // Set the output buffer capacity + data->t.size = sizeof(data->t.buffer); - // Decrypt seed by RSA OAEP - result = - CryptRsaDecrypt(&data->b, &secret->b, decryptKey, &scheme, label); - if((result == TPM_RC_SUCCESS) && (data->t.size > digestSize)) - result = TPM_RC_VALUE; - } - break; + // Decrypt seed by RSA OAEP + result = + CryptRsaDecrypt(&data->b, &secret->b, decryptKey, &scheme, label); + if((result == TPM_RC_SUCCESS) && (data->t.size > digestSize)) + result = TPM_RC_VALUE; + } + break; #endif // ALG_RSA #if ALG_ECC - case TPM_ALG_ECC: - { - TPMS_ECC_POINT eccPublic; - TPMS_ECC_POINT eccSecret; - BYTE* buffer = secret->t.secret; - INT32 size = secret->t.size; + case TPM_ALG_ECC: + { + TPMS_ECC_POINT eccPublic; + TPMS_ECC_POINT eccSecret; + BYTE* buffer = secret->t.secret; + INT32 size = secret->t.size; - MemorySet(&eccPublic, 0, sizeof(eccPublic)); // libtpms added: Coverity + MemorySet(&eccPublic, 0, sizeof(eccPublic)); // libtpms added: Coverity - // Retrieve ECC point from secret buffer - result = TPMS_ECC_POINT_Unmarshal(&eccPublic, &buffer, &size); - if(result == TPM_RC_SUCCESS) - { - result = CryptEccPointMultiply( - &eccSecret, - decryptKey->publicArea.parameters.eccDetail.curveID, - &eccPublic, - &decryptKey->sensitive.sensitive.ecc, - NULL, - NULL); - if(result == TPM_RC_SUCCESS) - { - // Set the size of the "recovered" secret value to be the size - // of the digest produced by the nameAlg. - data->t.size = - CryptHashGetDigestSize(decryptKey->publicArea.nameAlg); + // Retrieve ECC point from secret buffer + result = TPMS_ECC_POINT_Unmarshal(&eccPublic, &buffer, &size); + if(result == TPM_RC_SUCCESS) + { + result = CryptEccPointMultiply( + &eccSecret, + decryptKey->publicArea.parameters.eccDetail.curveID, + &eccPublic, + &decryptKey->sensitive.sensitive.ecc, + NULL, + NULL); + if(result == TPM_RC_SUCCESS) + { + // Set the size of the "recovered" secret value to be the size + // of the digest produced by the nameAlg. + data->t.size = + CryptHashGetDigestSize(decryptKey->publicArea.nameAlg); - // The secret value is computed from Z using KDFe as: - // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) - // Where: - // HashID -- the nameAlg of the decrypt key - // Z -- the x coordinate (Px) of the product (P) of the point - // (Q) of the secret and the private x coordinate (de,V) - // of the decryption key - // Use -- a null-terminated string containing "SECRET" - // PartyUInfo -- the x coordinate of the point in the secret - // (Qe,U ) - // PartyVInfo -- the x coordinate of the public key (Qs,V ) - // bits -- the number of bits in the digest of HashID - // Retrieve seed from KDFe - CryptKDFe(decryptKey->publicArea.nameAlg, - &eccSecret.x.b, - label, - &eccPublic.x.b, - &decryptKey->publicArea.unique.ecc.x.b, - data->t.size * 8, - data->t.buffer); - } - } - } - break; + // The secret value is computed from Z using KDFe as: + // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) + // Where: + // HashID -- the nameAlg of the decrypt key + // Z -- the x coordinate (Px) of the product (P) of the point + // (Q) of the secret and the private x coordinate (de,V) + // of the decryption key + // Use -- a null-terminated string containing "SECRET" + // PartyUInfo -- the x coordinate of the point in the secret + // (Qe,U ) + // PartyVInfo -- the x coordinate of the public key (Qs,V ) + // bits -- the number of bits in the digest of HashID + // Retrieve seed from KDFe + CryptKDFe(decryptKey->publicArea.nameAlg, + &eccSecret.x.b, + label, + &eccPublic.x.b, + &decryptKey->publicArea.unique.ecc.x.b, + data->t.size * 8, + data->t.buffer); + } + } + } + break; #endif // ALG_ECC #if !ALG_KEYEDHASH # error "KEYEDHASH support is required" #endif - case TPM_ALG_KEYEDHASH: - // The seed size can not be bigger than the digest size of nameAlg - if(secret->t.size - > CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) - result = TPM_RC_VALUE; - else - { - // Retrieve seed by XOR Obfuscation: - // seed = XOR(secret, hash, key, nonceCaller, nullNonce) - // where: - // secret the secret parameter from the TPM2_StartAuthHMAC - // command that contains the seed value - // hash nameAlg of tpmKey - // key the key or data value in the object referenced by - // entityHandle in the TPM2_StartAuthHMAC command - // nonceCaller the parameter from the TPM2_StartAuthHMAC command - // nullNonce a zero-length nonce - // XOR Obfuscation in place - CryptXORObfuscation(decryptKey->publicArea.nameAlg, - &decryptKey->sensitive.sensitive.bits.b, - &nonceCaller->b, - NULL, - secret->t.size, - secret->t.secret); - // Copy decrypted seed - MemoryCopy2B(&data->b, &secret->b, sizeof(data->t.buffer)); - } - break; - case TPM_ALG_SYMCIPHER: - { - TPM2B_IV iv = {{0}}; - TPMT_SYM_DEF_OBJECT* symDef; - // The seed size can not be bigger than the digest size of nameAlg - if(secret->t.size - > CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) - result = TPM_RC_VALUE; - else - { - symDef = &decryptKey->publicArea.parameters.symDetail.sym; - iv.t.size = CryptGetSymmetricBlockSize(symDef->algorithm, - symDef->keyBits.sym); - if(iv.t.size == 0) - return TPM_RC_FAILURE; - if(nonceCaller->t.size >= iv.t.size) - { - MemoryCopy(iv.t.buffer, nonceCaller->t.buffer, iv.t.size); - } - else - { - if(nonceCaller->t.size > sizeof(iv.t.buffer)) - return TPM_RC_FAILURE; - MemoryCopy(iv.t.buffer, nonceCaller->t.buffer, // libtpms changed: use iv.t.buffer - nonceCaller->t.size); - } - // make sure secret will fit - if(secret->t.size > sizeof(data->t.buffer)) - return TPM_RC_FAILURE; - data->t.size = secret->t.size; - // CFB decrypt, using nonceCaller as iv - CryptSymmetricDecrypt(data->t.buffer, - symDef->algorithm, - symDef->keyBits.sym, - decryptKey->sensitive.sensitive.sym.t.buffer, - &iv, - TPM_ALG_CFB, - secret->t.size, - secret->t.secret); - } - } - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } + case TPM_ALG_KEYEDHASH: + // The seed size can not be bigger than the digest size of nameAlg + if(secret->t.size + > CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) + result = TPM_RC_VALUE; + else + { + // Retrieve seed by XOR Obfuscation: + // seed = XOR(secret, hash, key, nonceCaller, nullNonce) + // where: + // secret the secret parameter from the TPM2_StartAuthHMAC + // command that contains the seed value + // hash nameAlg of tpmKey + // key the key or data value in the object referenced by + // entityHandle in the TPM2_StartAuthHMAC command + // nonceCaller the parameter from the TPM2_StartAuthHMAC command + // nullNonce a zero-length nonce + // XOR Obfuscation in place + CryptXORObfuscation(decryptKey->publicArea.nameAlg, + &decryptKey->sensitive.sensitive.bits.b, + &nonceCaller->b, + NULL, + secret->t.size, + secret->t.secret); + // Copy decrypted seed + MemoryCopy2B(&data->b, &secret->b, sizeof(data->t.buffer)); + } + break; + case TPM_ALG_SYMCIPHER: + { + TPM2B_IV iv = {{0}}; + TPMT_SYM_DEF_OBJECT* symDef; + // The seed size can not be bigger than the digest size of nameAlg + if(secret->t.size + > CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) + result = TPM_RC_VALUE; + else + { + symDef = &decryptKey->publicArea.parameters.symDetail.sym; + iv.t.size = CryptGetSymmetricBlockSize(symDef->algorithm, + symDef->keyBits.sym); + if(iv.t.size == 0) + return TPM_RC_FAILURE; + if(nonceCaller->t.size >= iv.t.size) + { + MemoryCopy(iv.t.buffer, nonceCaller->t.buffer, iv.t.size); + } + else + { + if(nonceCaller->t.size > sizeof(iv.t.buffer)) + return TPM_RC_FAILURE; + MemoryCopy( + iv.t.buffer, nonceCaller->t.buffer, nonceCaller->t.size); // libtpms changed: use iv.t.buffer + } + // make sure secret will fit + if(secret->t.size > sizeof(data->t.buffer)) + return TPM_RC_FAILURE; + data->t.size = secret->t.size; + // CFB decrypt, using nonceCaller as iv + CryptSymmetricDecrypt(data->t.buffer, + symDef->algorithm, + symDef->keyBits.sym, + decryptKey->sensitive.sensitive.sym.t.buffer, + &iv, + TPM_ALG_CFB, + secret->t.size, + secret->t.secret); + } + } + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } return result; } //*** CryptParameterEncryption() // This function does in-place encryption of a response parameter. void CryptParameterEncryption( - TPM_HANDLE handle, // IN: encrypt session handle - TPM2B* nonceCaller, // IN: nonce caller - INT32 bufferSize, // IN: size of parameter buffer - UINT16 leadingSizeInByte, // IN: the size of the leading size field in - // bytes - TPM2B_AUTH* extraKey, // IN: additional key material other than - // sessionAuth - BYTE* buffer // IN/OUT: parameter buffer to be encrypted - ) + TPM_HANDLE handle, // IN: encrypt session handle + TPM2B* nonceCaller, // IN: nonce caller + INT32 bufferSize, // IN: size of parameter buffer + UINT16 leadingSizeInByte, // IN: the size of the leading size field in + // bytes + TPM2B_AUTH* extraKey, // IN: additional key material other than + // sessionAuth + BYTE* buffer // IN/OUT: parameter buffer to be encrypted +) { SESSION* session = SessionGet(handle); // encrypt session TPM2B_TYPE(TEMP_KEY, - (sizeof(extraKey->t.buffer) + sizeof(session->sessionKey.t.buffer))); + (sizeof(extraKey->t.buffer) + sizeof(session->sessionKey.t.buffer))); TPM2B_TEMP_KEY key; // encryption key UINT16 cipherSize = 0; // size of cipher text if(bufferSize < leadingSizeInByte) - { - FAIL(FATAL_ERROR_INTERNAL); - return; - } + { + FAIL(FATAL_ERROR_INTERNAL); + return; + } // Parameter encryption for a non-2B is not supported. if(leadingSizeInByte != 2) - { - FAIL(FATAL_ERROR_INTERNAL); - return; - } + { + FAIL(FATAL_ERROR_INTERNAL); + return; + } // Retrieve encrypted data size. if(UINT16_Unmarshal(&cipherSize, &buffer, &bufferSize) != TPM_RC_SUCCESS) - { - FAIL(FATAL_ERROR_INTERNAL); - return; - } + { + FAIL(FATAL_ERROR_INTERNAL); + return; + } if(cipherSize > bufferSize) - { - FAIL(FATAL_ERROR_INTERNAL); - return; - } + { + FAIL(FATAL_ERROR_INTERNAL); + return; + } // Compute encryption key by concatenating sessionKey with extra key MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); @@ -982,23 +982,23 @@ void CryptParameterEncryption( if(session->symmetric.algorithm == TPM_ALG_XOR) - // XOR parameter encryption formulation: - // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) - CryptXORObfuscation(session->authHashAlg, - &(key.b), - &(session->nonceTPM.b), - nonceCaller, - (UINT32)cipherSize, - buffer); + // XOR parameter encryption formulation: + // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) + CryptXORObfuscation(session->authHashAlg, + &(key.b), + &(session->nonceTPM.b), + nonceCaller, + (UINT32)cipherSize, + buffer); else - ParmEncryptSym(session->symmetric.algorithm, - session->authHashAlg, - session->symmetric.keyBits.aes, - &(key.b), - nonceCaller, - &(session->nonceTPM.b), - (UINT32)cipherSize, - buffer); + ParmEncryptSym(session->symmetric.algorithm, + session->authHashAlg, + session->symmetric.keyBits.aes, + &(key.b), + nonceCaller, + &(session->nonceTPM.b), + (UINT32)cipherSize, + buffer); return; } @@ -1009,70 +1009,70 @@ void CryptParameterEncryption( // the number of bytes to be decrypted. TPM_RC CryptParameterDecryption( - TPM_HANDLE handle, // IN: encrypted session handle - TPM2B* nonceCaller, // IN: nonce caller - INT32 bufferSize, // IN: size of parameter buffer - UINT16 leadingSizeInByte, // IN: the size of the leading size field in - // byte - TPM2B_AUTH* extraKey, // IN: the authValue - BYTE* buffer // IN/OUT: parameter buffer to be decrypted - ) + TPM_HANDLE handle, // IN: encrypted session handle + TPM2B* nonceCaller, // IN: nonce caller + INT32 bufferSize, // IN: size of parameter buffer + UINT16 leadingSizeInByte, // IN: the size of the leading size field in + // byte + TPM2B_AUTH* extraKey, // IN: the authValue + BYTE* buffer // IN/OUT: parameter buffer to be decrypted +) { SESSION* session = SessionGet(handle); // encrypt session // The HMAC key is going to be the concatenation of the session key and any // additional key material (like the authValue). The size of both of these // is the size of the buffer which can contain a TPMT_HA. TPM2B_TYPE(HMAC_KEY, - (sizeof(extraKey->t.buffer) + sizeof(session->sessionKey.t.buffer))); + (sizeof(extraKey->t.buffer) + sizeof(session->sessionKey.t.buffer))); TPM2B_HMAC_KEY key; // decryption key UINT16 cipherSize = 0; // size of ciphertext if(bufferSize < leadingSizeInByte) - { - return TPM_RC_INSUFFICIENT; - } + { + return TPM_RC_INSUFFICIENT; + } // Parameter encryption for a non-2B is not supported. if(leadingSizeInByte != 2) - { - FAIL_RC(FATAL_ERROR_INTERNAL); - } + { + FAIL_RC(FATAL_ERROR_INTERNAL); + } // Retrieve encrypted data size. if(UINT16_Unmarshal(&cipherSize, &buffer, &bufferSize) != TPM_RC_SUCCESS) - { - return TPM_RC_INSUFFICIENT; - } + { + return TPM_RC_INSUFFICIENT; + } if(cipherSize > bufferSize) - { - return TPM_RC_SIZE; - } + { + return TPM_RC_SIZE; + } // Compute decryption key by concatenating sessionAuth with extra input key MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); if(session->symmetric.algorithm == TPM_ALG_XOR) - // XOR parameter decryption formulation: - // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) - // Call XOR obfuscation function - CryptXORObfuscation(session->authHashAlg, - &key.b, - nonceCaller, - &(session->nonceTPM.b), - (UINT32)cipherSize, - buffer); + // XOR parameter decryption formulation: + // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) + // Call XOR obfuscation function + CryptXORObfuscation(session->authHashAlg, + &key.b, + nonceCaller, + &(session->nonceTPM.b), + (UINT32)cipherSize, + buffer); else - // Assume that it is one of the symmetric block ciphers. - ParmDecryptSym(session->symmetric.algorithm, - session->authHashAlg, - session->symmetric.keyBits.sym, - &key.b, - nonceCaller, - &session->nonceTPM.b, - (UINT32)cipherSize, - buffer); + // Assume that it is one of the symmetric block ciphers. + ParmDecryptSym(session->symmetric.algorithm, + session->authHashAlg, + session->symmetric.keyBits.sym, + &key.b, + nonceCaller, + &session->nonceTPM.b, + (UINT32)cipherSize, + buffer); return TPM_RC_SUCCESS; } @@ -1080,32 +1080,32 @@ CryptParameterDecryption( //*** CryptComputeSymmetricUnique() // This function computes the unique field in public area for symmetric objects. void CryptComputeSymmetricUnique( - TPMT_PUBLIC* publicArea, // IN: the object's public area - TPMT_SENSITIVE* sensitive, // IN: the associated sensitive area - TPM2B_DIGEST* unique // OUT: unique buffer - ) + TPMT_PUBLIC* publicArea, // IN: the object's public area + TPMT_SENSITIVE* sensitive, // IN: the associated sensitive area + TPM2B_DIGEST* unique // OUT: unique buffer +) { // For parents (symmetric and derivation), use an HMAC to compute // the 'unique' field if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt)) - { - // Unique field is HMAC(sensitive->seedValue, sensitive->sensitive) - HMAC_STATE hmacState; - unique->b.size = CryptHmacStart2B( - &hmacState, publicArea->nameAlg, &sensitive->seedValue.b); - CryptDigestUpdate2B(&hmacState.hashState, &sensitive->sensitive.any.b); - CryptHmacEnd2B(&hmacState, &unique->b); - } + { + // Unique field is HMAC(sensitive->seedValue, sensitive->sensitive) + HMAC_STATE hmacState; + unique->b.size = CryptHmacStart2B( + &hmacState, publicArea->nameAlg, &sensitive->seedValue.b); + CryptDigestUpdate2B(&hmacState.hashState, &sensitive->sensitive.any.b); + CryptHmacEnd2B(&hmacState, &unique->b); + } else - { - HASH_STATE hashState; - // Unique := Hash(sensitive->seedValue || sensitive->sensitive) - unique->t.size = CryptHashStart(&hashState, publicArea->nameAlg); - CryptDigestUpdate2B(&hashState, &sensitive->seedValue.b); - CryptDigestUpdate2B(&hashState, &sensitive->sensitive.any.b); - CryptHashEnd2B(&hashState, &unique->b); - } + { + HASH_STATE hashState; + // Unique := Hash(sensitive->seedValue || sensitive->sensitive) + unique->t.size = CryptHashStart(&hashState, publicArea->nameAlg); + CryptDigestUpdate2B(&hashState, &sensitive->seedValue.b); + CryptDigestUpdate2B(&hashState, &sensitive->sensitive.any.b); + CryptHashEnd2B(&hashState, &unique->b); + } return; } @@ -1147,10 +1147,10 @@ void CryptComputeSymmetricUnique( // unsupported name algorithm for an ECC key TPM_RC CryptCreateObject(OBJECT* object, // IN: new object structure pointer - TPMS_SENSITIVE_CREATE* sensitiveCreate, // IN: sensitive creation - RAND_STATE* rand // IN: the random number generator - // to use - ) + TPMS_SENSITIVE_CREATE* sensitiveCreate, // IN: sensitive creation + RAND_STATE* rand // IN: the random number generator + // to use +) { TPMT_PUBLIC* publicArea = &object->publicArea; TPMT_SENSITIVE* sensitive = &object->sensitive; @@ -1165,72 +1165,72 @@ CryptCreateObject(OBJECT* object, // IN: new object structure po // If the TPM is the source of the data, set the size of the provided data to // zero so that there's no confusion about what to do. if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sensitiveDataOrigin)) - sensitiveCreate->data.t.size = 0; + sensitiveCreate->data.t.size = 0; // Generate the key and unique fields for the asymmetric keys and just the // sensitive value for symmetric object switch(publicArea->type) - { + { #if ALG_RSA - // Create RSA key - case TPM_ALG_RSA: - // RSA uses full object so that it has a place to put the private - // exponent - result = CryptRsaGenerateKey(publicArea, sensitive, object, rand); // libtpms: added object - break; + // Create RSA key + case TPM_ALG_RSA: + // RSA uses full object so that it has a place to put the private + // exponent + result = CryptRsaGenerateKey(publicArea, sensitive, object, rand); // libtpms: added object + break; #endif // ALG_RSA #if ALG_ECC - // Create ECC key - case TPM_ALG_ECC: - result = CryptEccGenerateKey(publicArea, sensitive, rand); - break; + // Create ECC key + case TPM_ALG_ECC: + result = CryptEccGenerateKey(publicArea, sensitive, rand); + break; #endif // ALG_ECC - case TPM_ALG_SYMCIPHER: - result = CryptGenerateKeySymmetric( - publicArea, sensitive, sensitiveCreate, rand); - break; - case TPM_ALG_KEYEDHASH: - result = - CryptGenerateKeyedHash(publicArea, sensitive, sensitiveCreate, rand); - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } + case TPM_ALG_SYMCIPHER: + result = CryptGenerateKeySymmetric( + publicArea, sensitive, sensitiveCreate, rand); + break; + case TPM_ALG_KEYEDHASH: + result = + CryptGenerateKeyedHash(publicArea, sensitive, sensitiveCreate, rand); + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } if(result != TPM_RC_SUCCESS) - return result; + return result; // Create the sensitive seed value // If this is a primary key in the endorsement hierarchy, stir the DRBG state // This implementation uses both shProof and ehProof to make sure that there // is no leakage of either. if(object->attributes.primary && object->attributes.epsHierarchy) - { - DRBG_AdditionalData((DRBG_STATE*)rand, &gp.shProof.b); - DRBG_AdditionalData((DRBG_STATE*)rand, &gp.ehProof.b); - } + { + DRBG_AdditionalData((DRBG_STATE*)rand, &gp.shProof.b); + DRBG_AdditionalData((DRBG_STATE*)rand, &gp.ehProof.b); + } // Generate a seedValue that is the size of the digest produced by nameAlg sensitive->seedValue.t.size = - DRBG_Generate(rand, - sensitive->seedValue.t.buffer, - CryptHashGetDigestSize(publicArea->nameAlg)); + DRBG_Generate(rand, + sensitive->seedValue.t.buffer, + CryptHashGetDigestSize(publicArea->nameAlg)); if(g_inFailureMode) - return TPM_RC_FAILURE; + return TPM_RC_FAILURE; else if(sensitive->seedValue.t.size == 0) - return TPM_RC_NO_RESULT; + return TPM_RC_NO_RESULT; // For symmetric objects, need to compute the unique value for the public area if(publicArea->type == TPM_ALG_SYMCIPHER || publicArea->type == TPM_ALG_KEYEDHASH) - { - CryptComputeSymmetricUnique(publicArea, sensitive, &publicArea->unique.sym); - } + { + CryptComputeSymmetricUnique(publicArea, sensitive, &publicArea->unique.sym); + } else - { - // if this is an asymmetric key and it isn't a parent, then - // get rid of the seed. - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) - || !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) - memset(&sensitive->seedValue, 0, sizeof(sensitive->seedValue)); - } + { + // if this is an asymmetric key and it isn't a parent, then + // get rid of the seed. + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) + || !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) + memset(&sensitive->seedValue, 0, sizeof(sensitive->seedValue)); + } // Compute the name PublicMarshalAndComputeName(publicArea, &object->name); return result; @@ -1242,56 +1242,56 @@ CryptCreateObject(OBJECT* object, // IN: new object structure po // This is a function for easy access TPMI_ALG_HASH CryptGetSignHashAlg(TPMT_SIGNATURE* auth // IN: signature - ) +) { if(auth->sigAlg == TPM_ALG_NULL) - FAIL(FATAL_ERROR_INTERNAL); + FAIL(FATAL_ERROR_INTERNAL); // Get authHash algorithm based on signing scheme switch(auth->sigAlg) - { + { #if ALG_RSA - // If RSA is supported, both RSASSA and RSAPSS are required + // If RSA is supported, both RSASSA and RSAPSS are required # if !defined TPM_ALG_RSASSA || !defined TPM_ALG_RSAPSS # error "RSASSA and RSAPSS are required for RSA" # endif - case TPM_ALG_RSASSA: - return auth->signature.rsassa.hash; - case TPM_ALG_RSAPSS: - return auth->signature.rsapss.hash; + case TPM_ALG_RSASSA: + return auth->signature.rsassa.hash; + case TPM_ALG_RSAPSS: + return auth->signature.rsapss.hash; #endif // ALG_RSA #if ALG_ECC - // If ECC is defined, ECDSA is mandatory + // If ECC is defined, ECDSA is mandatory # if !ALG_ECDSA # error "ECDSA is requried for ECC" # endif - case TPM_ALG_ECDSA: - // SM2 and ECSCHNORR are optional + case TPM_ALG_ECDSA: + // SM2 and ECSCHNORR are optional # if ALG_SM2 - case TPM_ALG_SM2: + case TPM_ALG_SM2: # endif # if ALG_ECSCHNORR - case TPM_ALG_ECSCHNORR: + case TPM_ALG_ECSCHNORR: # endif - //all ECC signatures look the same - return auth->signature.ecdsa.hash; + //all ECC signatures look the same + return auth->signature.ecdsa.hash; # if ALG_ECDAA - // Don't know how to verify an ECDAA signature - case TPM_ALG_ECDAA: - break; + // Don't know how to verify an ECDAA signature + case TPM_ALG_ECDAA: + break; # endif #endif // ALG_ECC - case TPM_ALG_HMAC: - return auth->signature.hmac.hashAlg; + case TPM_ALG_HMAC: + return auth->signature.hmac.hashAlg; - default: - break; - } + default: + break; + } return TPM_ALG_NULL; } @@ -1300,78 +1300,78 @@ CryptGetSignHashAlg(TPMT_SIGNATURE* auth // IN: signature // signing operation that required a TPM2_Commit(). // BOOL CryptIsSplitSign(TPM_ALG_ID scheme // IN: the algorithm selector - ) +) { switch(scheme) - { + { #if ALG_ECDAA - case TPM_ALG_ECDAA: - return TRUE; - break; + case TPM_ALG_ECDAA: + return TRUE; + break; #endif // ALG_ECDAA - default: - return FALSE; - break; - } + default: + return FALSE; + break; + } } //*** CryptIsAsymSignScheme() -// This function indicates if a scheme algorithm is a sign algorithm valid for the -// public key type. +// This function indicates if a scheme algorithm is a sign algorithm. BOOL CryptIsAsymSignScheme(TPMI_ALG_PUBLIC publicType, // IN: Type of the object - TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme - ) + TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme +) { BOOL isSignScheme = TRUE; switch(publicType) - { + { #if ALG_RSA - case TPM_ALG_RSA: - switch(scheme) - { + case TPM_ALG_RSA: + switch(scheme) + { # if !ALG_RSASSA || !ALG_RSAPSS # error "RSASSA and PSAPSS required if RSA used." # endif - case TPM_ALG_RSASSA: - case TPM_ALG_RSAPSS: - break; - default: - isSignScheme = FALSE; - break; - } - break; + case TPM_ALG_RSASSA: + case TPM_ALG_RSAPSS: + break; + default: + isSignScheme = FALSE; + break; + } + break; #endif // ALG_RSA #if ALG_ECC - // If ECC is implemented ECDSA is required - case TPM_ALG_ECC: + // If ECC is implemented ECDSA is required + case TPM_ALG_ECC: # if !ALG_ECDSA # error "ECDSA required if ECC enabled." # endif - switch(scheme) - { - case TPM_ALG_ECDSA: + switch(scheme) + { + // Support for ECDSA is required for ECC + case TPM_ALG_ECDSA: # if ALG_ECDAA // ECDAA is optional - case TPM_ALG_ECDAA: + case TPM_ALG_ECDAA: # endif # if ALG_ECSCHNORR // Schnorr is also optional - case TPM_ALG_ECSCHNORR: + case TPM_ALG_ECSCHNORR: # endif # if ALG_SM2 // SM2 is optional - case TPM_ALG_SM2: + case TPM_ALG_SM2: # endif - break; - default: - isSignScheme = FALSE; - break; - } - break; + break; + default: + isSignScheme = FALSE; + break; + } + break; #endif // ALG_ECC - default: - isSignScheme = FALSE; - break; - } + default: + isSignScheme = FALSE; + break; + } return isSignScheme; } @@ -1431,66 +1431,64 @@ static BOOL CryptIsValidSignScheme(TPMI_ALG_PUBLIC publicType, // IN: Type of //*** CryptIsAsymDecryptScheme() // This function indicate if a scheme algorithm is a decrypt algorithm. BOOL CryptIsAsymDecryptScheme(TPMI_ALG_PUBLIC publicType, // IN: Type of the object - TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme - ) + TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme +) { BOOL isDecryptScheme = TRUE; switch(publicType) - { + { #if ALG_RSA - case TPM_ALG_RSA: - switch(scheme) - { - case TPM_ALG_RSAES: - case TPM_ALG_OAEP: - break; - default: - isDecryptScheme = FALSE; - break; - } - break; + case TPM_ALG_RSA: + switch(scheme) + { + case TPM_ALG_RSAES: + case TPM_ALG_OAEP: + break; + default: + isDecryptScheme = FALSE; + break; + } + break; #endif // ALG_RSA #if ALG_ECC - // If ECC is implemented ECDH is required - case TPM_ALG_ECC: - switch(scheme) - { + // If ECC is implemented ECDH is required + case TPM_ALG_ECC: + switch(scheme) + { # if !ALG_ECDH # error "ECDH is required for ECC" # endif - case TPM_ALG_ECDH: + case TPM_ALG_ECDH: # if ALG_SM2 - case TPM_ALG_SM2: + case TPM_ALG_SM2: # endif # if ALG_ECMQV - case TPM_ALG_ECMQV: + case TPM_ALG_ECMQV: # endif - break; - default: - isDecryptScheme = FALSE; - break; - } - break; + break; + default: + isDecryptScheme = FALSE; + break; + } + break; #endif // ALG_ECC - default: - isDecryptScheme = FALSE; - break; - } + default: + isDecryptScheme = FALSE; + break; + } return isDecryptScheme; } //*** CryptSelectSignScheme() // This function is used by the attestation and signing commands. It implements -// the rules for selecting the signature scheme to use in signing and validates -// that the selected scheme is compatible with the key type. It also ensures -// the selected scheme specifies a valid hash algorithm. This function requires -// that the signing key either be TPM_RH_NULL or be loaded. +// the rules for selecting the signature scheme to use in signing. This function +// requires that the signing key either be TPM_RH_NULL or be loaded. // // If a default scheme is defined in object, the default scheme should be chosen, // otherwise, the input scheme should be chosen. -// In the case that both object and input scheme has a non-NULL scheme +// In the case that both object and input scheme has a non-NULL scheme // algorithm, if the schemes are compatible, the input scheme will be chosen. // // This function should not be called if 'signObject->publicArea.type' == @@ -1501,12 +1499,10 @@ BOOL CryptIsAsymDecryptScheme(TPMI_ALG_PUBLIC publicType, // IN: Type of the ob // FALSE(0) both 'scheme' and key's default scheme are empty; or // 'scheme' is empty while key's default scheme requires // explicit input scheme (split signing); or -// non-empty default key scheme differs from 'scheme'; or -// 'scheme' not valid for key type; or invalid hash -// algorithm specified; or key type is ALG_SYMCIPHER +// non-empty default key scheme differs from 'scheme' BOOL CryptSelectSignScheme(OBJECT* signObject, // IN: signing key - TPMT_SIG_SCHEME* scheme // IN/OUT: signing scheme - ) + TPMT_SIG_SCHEME* scheme // IN/OUT: signing scheme +) { TPMT_SIG_SCHEME* objectScheme; TPMT_PUBLIC* publicArea; @@ -1515,77 +1511,78 @@ BOOL CryptSelectSignScheme(OBJECT* signObject, // IN: signing key // If the signHandle is TPM_RH_NULL, then the NULL scheme is used, regardless // of the setting of scheme if(signObject == NULL) - { - OK = TRUE; - scheme->scheme = TPM_ALG_NULL; - scheme->details.any.hashAlg = TPM_ALG_NULL; - } + { + OK = TRUE; + scheme->scheme = TPM_ALG_NULL; + scheme->details.any.hashAlg = TPM_ALG_NULL; + } else - { - // assignment to save typing. - publicArea = &signObject->publicArea; + { + // assignment to save typing. + publicArea = &signObject->publicArea; - // Get a pointer to the scheme object. - if(CryptIsAsymAlgorithm(publicArea->type)) - { - objectScheme = - (TPMT_SIG_SCHEME*)&publicArea->parameters.asymDetail.scheme; - } - else if(publicArea->type == TPM_ALG_KEYEDHASH) - { - objectScheme = - (TPMT_SIG_SCHEME*)&publicArea->parameters.keyedHashDetail.scheme; - } - else - { - // Only asymmetric key types (RSA, ECC) and keyed hashes can be - // used for signing. A symmetric cipher can be used to encrypt and - // decrypt but can't be used for signing. - return FALSE; - } + // Get a pointer to the scheme object. + if(CryptIsAsymAlgorithm(publicArea->type)) + { + objectScheme = + (TPMT_SIG_SCHEME*)&publicArea->parameters.asymDetail.scheme; + } + else if(publicArea->type == TPM_ALG_KEYEDHASH) + { + objectScheme = + (TPMT_SIG_SCHEME*)&publicArea->parameters.keyedHashDetail.scheme; + } + else + { + // Only asymmetric key types (RSA, ECC) and keyed hashes can be + // used for signing. A symmetric cipher can be used to encrypt and + // decrypt but can't be used for signing. + return FALSE; + } - // If the object doesn't have a default scheme, then use the - // input scheme. - if(objectScheme->scheme == TPM_ALG_NULL) - { - // Input and default can't both be NULL - OK = (scheme->scheme != TPM_ALG_NULL); - } - else if(scheme->scheme == TPM_ALG_NULL) - { - // input scheme is NULL so use default + // If the object doesn't have a default scheme, then use the + // input scheme. + if(objectScheme->scheme == TPM_ALG_NULL) + { + // Input and default can't both be NULL + OK = (scheme->scheme != TPM_ALG_NULL); + // Assume that the scheme is compatible with the key. If not, + // an error will be generated in the signing operation. + } + else if(scheme->scheme == TPM_ALG_NULL) + { + // input scheme is NULL so use default - // First, check to see if the default requires that the caller - // provided scheme data - OK = !CryptIsSplitSign(objectScheme->scheme); - if(OK) - { - // The object has a scheme and the input is TPM_ALG_NULL so copy - // the object scheme as the final scheme. It is better to use a - // structure copy than a copy of the individual fields. - *scheme = *objectScheme; - } - } - else - { - // Both input and object have scheme selectors - // If the scheme and the hash are not the same then... - // NOTE: the reason that there is no copy here is that the input - // might contain extra data for a split signing scheme and that - // data is not in the object so, it has to be preserved. - OK = - (objectScheme->scheme == scheme->scheme) - && (objectScheme->details.any.hashAlg == scheme->details.any.hashAlg); - } + // First, check to see if the default requires that the caller + // provided scheme data + OK = !CryptIsSplitSign(objectScheme->scheme); + if(OK) + { + // The object has a scheme and the input is TPM_ALG_NULL so copy + // the object scheme as the final scheme. It is better to use a + // structure copy than a copy of the individual fields. + *scheme = *objectScheme; + } + } + else + { + // Both input and object have scheme selectors + // If the scheme and the hash are not the same then... + // NOTE: the reason that there is no copy here is that the input + // might contain extra data for a split signing scheme and that + // data is not in the object so, it has to be preserved. + OK = + (objectScheme->scheme == scheme->scheme) + && (objectScheme->details.any.hashAlg == scheme->details.any.hashAlg); + } - if(OK) - { - // Check that the scheme is compatible with the key type and has a - // valid hash algorithm specified. - OK = CryptIsValidSignScheme(publicArea->type, scheme); - } - - } + if(OK) + { + // Check that the scheme is compatible with the key type and has a + // valid hash algorithm specified. + OK = CryptIsValidSignScheme(publicArea->type, scheme); + } + } return OK; } @@ -1607,10 +1604,10 @@ BOOL CryptSelectSignScheme(OBJECT* signObject, // IN: signing key // (for an ECC key) TPM_RC CryptSign(OBJECT* signKey, // IN: signing key - TPMT_SIG_SCHEME* signScheme, // IN: sign scheme. - TPM2B_DIGEST* digest, // IN: The digest being signed - TPMT_SIGNATURE* signature // OUT: signature - ) + TPMT_SIG_SCHEME* signScheme, // IN: sign scheme. + TPM2B_DIGEST* digest, // IN: The digest being signed + TPMT_SIGNATURE* signature // OUT: signature +) { TPM_RC result = TPM_RC_SCHEME; @@ -1620,7 +1617,7 @@ CryptSign(OBJECT* signKey, // IN: signing key // If the signature algorithm is TPM_ALG_NULL or the signing key is NULL, // then we are done if((signature->sigAlg == TPM_ALG_NULL) || (signKey == NULL)) - return TPM_RC_SUCCESS; + return TPM_RC_SUCCESS; // Initialize signature hash // Note: need to do the check for TPM_ALG_NULL first because the null scheme @@ -1646,28 +1643,28 @@ CryptSign(OBJECT* signKey, // IN: signing key // perform sign operation based on different key type switch(signKey->publicArea.type) - { + { #if ALG_RSA - case TPM_ALG_RSA: - result = CryptRsaSign(signature, signKey, digest, NULL); - break; + case TPM_ALG_RSA: + result = CryptRsaSign(signature, signKey, digest, NULL); + break; #endif // ALG_RSA #if ALG_ECC - case TPM_ALG_ECC: - // The reason that signScheme is passed to CryptEccSign but not to the - // other signing methods is that the signing for ECC may be split and - // need the 'r' value that is in the scheme but not in the signature. - result = CryptEccSign( - signature, signKey, digest, (TPMT_ECC_SCHEME*)signScheme, NULL); - break; + case TPM_ALG_ECC: + // The reason that signScheme is passed to CryptEccSign but not to the + // other signing methods is that the signing for ECC may be split and + // need the 'r' value that is in the scheme but not in the signature. + result = CryptEccSign( + signature, signKey, digest, (TPMT_ECC_SCHEME*)signScheme, NULL); + break; #endif // ALG_ECC - case TPM_ALG_KEYEDHASH: - result = CryptHmacSign(signature, signKey, digest); - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } + case TPM_ALG_KEYEDHASH: + result = CryptHmacSign(signature, signKey, digest); + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } return result; } @@ -1687,9 +1684,9 @@ CryptSign(OBJECT* signKey, // IN: signing key // private part of the key is not loaded TPM_RC CryptValidateSignature(TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key - TPM2B_DIGEST* digest, // IN: The digest being validated - TPMT_SIGNATURE* signature // IN: signature - ) + TPM2B_DIGEST* digest, // IN: The digest being validated + TPMT_SIGNATURE* signature // IN: signature +) { // NOTE: HandleToObject will either return a pointer to a loaded object or // will assert. It will never return a non-valid value. This makes it save @@ -1702,35 +1699,35 @@ CryptValidateSignature(TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key // The input unmarshaling should prevent any input signature from being // a NULL signature, but just in case if(signature->sigAlg == TPM_ALG_NULL) - return TPM_RC_SIGNATURE; + return TPM_RC_SIGNATURE; switch(publicArea->type) - { + { #if ALG_RSA - case TPM_ALG_RSA: - { - // - // Call RSA code to verify signature - result = CryptRsaValidateSignature(signature, signObject, digest); - break; - } + case TPM_ALG_RSA: + { + // + // Call RSA code to verify signature + result = CryptRsaValidateSignature(signature, signObject, digest); + break; + } #endif // ALG_RSA #if ALG_ECC - case TPM_ALG_ECC: - result = CryptEccValidateSignature(signature, signObject, digest); - break; + case TPM_ALG_ECC: + result = CryptEccValidateSignature(signature, signObject, digest); + break; #endif // ALG_ECC - case TPM_ALG_KEYEDHASH: - if(signObject->attributes.publicOnly) - result = TPM_RCS_HANDLE; - else - result = CryptHMACVerifySignature(signObject, digest, signature); - break; - default: - break; - } + case TPM_ALG_KEYEDHASH: + if(signObject->attributes.publicOnly) + result = TPM_RCS_HANDLE; + else + result = CryptHMACVerifySignature(signObject, digest, signature); + break; + default: + break; + } return result; } @@ -1742,7 +1739,7 @@ CryptValidateSignature(TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key // consult the part 3 specification for TPM2_GetTestResult(). TPM_RC CryptGetTestResult(TPM2B_MAX_BUFFER* outData // OUT: test result data - ) +) { outData->t.size = 0; return TPM_RC_SUCCESS; @@ -1767,9 +1764,9 @@ CryptGetTestResult(TPM2B_MAX_BUFFER* outData // OUT: test result data // TPM_RC_TYPE the types of the sensitive and private parts do not match TPM_RC CryptValidateKeys(TPMT_PUBLIC* publicArea, - TPMT_SENSITIVE* sensitive, - TPM_RC blamePublic, - TPM_RC blameSensitive) + TPMT_SENSITIVE* sensitive, + TPM_RC blamePublic, + TPM_RC blameSensitive) { TPM_RC result; UINT16 keySizeInBytes; @@ -1778,175 +1775,175 @@ CryptValidateKeys(TPMT_PUBLIC* publicArea, TPMU_PUBLIC_ID* unique = &publicArea->unique; if(sensitive != NULL) - { - // Make sure that the types of the public and sensitive are compatible - if(publicArea->type != sensitive->sensitiveType) - return TPM_RCS_TYPE + blameSensitive; - // Make sure that the authValue is not bigger than allowed - // If there is no name algorithm, then the size just needs to be less than - // the maximum size of the buffer used for authorization. That size check - // was made during unmarshaling of the sensitive area - if((sensitive->authValue.t.size) > digestSize && (digestSize > 0)) - return TPM_RCS_SIZE + blameSensitive; - } + { + // Make sure that the types of the public and sensitive are compatible + if(publicArea->type != sensitive->sensitiveType) + return TPM_RCS_TYPE + blameSensitive; + // Make sure that the authValue is not bigger than allowed + // If there is no name algorithm, then the size just needs to be less than + // the maximum size of the buffer used for authorization. That size check + // was made during unmarshaling of the sensitive area + if((sensitive->authValue.t.size) > digestSize && (digestSize > 0)) + return TPM_RCS_SIZE + blameSensitive; + } switch(publicArea->type) - { + { #if ALG_RSA - case TPM_ALG_RSA: - keySizeInBytes = BITS_TO_BYTES(params->rsaDetail.keyBits); + case TPM_ALG_RSA: + keySizeInBytes = BITS_TO_BYTES(params->rsaDetail.keyBits); - // Regardless of whether there is a sensitive area, the public modulus - // needs to have the correct size. Otherwise, it can't be used for - // any public key operation nor can it be used to compute the private - // exponent. - // NOTE: This implementation only supports key sizes that are multiples - // of 1024 bits which means that the MSb of the 0th byte will always be - // SET in any prime and in the public modulus. - if((unique->rsa.t.size != keySizeInBytes) - || (unique->rsa.t.buffer[0] < 0x80)) - return TPM_RCS_KEY + blamePublic; - if(params->rsaDetail.exponent != 0 && params->rsaDetail.exponent < 7) - return TPM_RCS_VALUE + blamePublic; - if(sensitive != NULL) - { - // If there is a sensitive area, it has to be the correct size - // including having the correct high order bit SET. - if(((sensitive->sensitive.rsa.t.size * 2) != keySizeInBytes) - || (sensitive->sensitive.rsa.t.buffer[0] < 0x80)) - return TPM_RCS_KEY_SIZE + blameSensitive; - } - break; + // Regardless of whether there is a sensitive area, the public modulus + // needs to have the correct size. Otherwise, it can't be used for + // any public key operation nor can it be used to compute the private + // exponent. + // NOTE: This implementation only supports key sizes that are multiples + // of 1024 bits which means that the MSb of the 0th byte will always be + // SET in any prime and in the public modulus. + if((unique->rsa.t.size != keySizeInBytes) + || (unique->rsa.t.buffer[0] < 0x80)) + return TPM_RCS_KEY + blamePublic; + if(params->rsaDetail.exponent != 0 && params->rsaDetail.exponent < 7) + return TPM_RCS_VALUE + blamePublic; + if(sensitive != NULL) + { + // If there is a sensitive area, it has to be the correct size + // including having the correct high order bit SET. + if(((sensitive->sensitive.rsa.t.size * 2) != keySizeInBytes) + || (sensitive->sensitive.rsa.t.buffer[0] < 0x80)) + return TPM_RCS_KEY_SIZE + blameSensitive; + } + break; #endif #if ALG_ECC - case TPM_ALG_ECC: - { - TPMI_ECC_CURVE curveId; - curveId = params->eccDetail.curveID; - keySizeInBytes = BITS_TO_BYTES(CryptEccGetKeySizeForCurve(curveId)); - if(sensitive == NULL) - { - // Validate the public key size - if(unique->ecc.x.t.size != keySizeInBytes - || unique->ecc.y.t.size != keySizeInBytes) - return TPM_RCS_KEY + blamePublic; - if(publicArea->nameAlg != TPM_ALG_NULL) - { - if(!CryptEccIsPointOnCurve(curveId, &unique->ecc)) - return TPM_RCS_ECC_POINT + blamePublic; - } - } - else - { - // If the nameAlg is TPM_ALG_NULL, then only verify that the - // private part of the key is OK. - if(!CryptEccIsValidPrivateKey(&sensitive->sensitive.ecc, curveId)) - return TPM_RCS_KEY_SIZE; - if(publicArea->nameAlg != TPM_ALG_NULL) - { - // Full key load, verify that the public point belongs to the - // private key. - TPMS_ECC_POINT toCompare; - result = CryptEccPointMultiply(&toCompare, - curveId, - NULL, - &sensitive->sensitive.ecc, - NULL, - NULL); - if(result != TPM_RC_SUCCESS) - return TPM_RCS_BINDING; - else - { - // Make sure that the private key generated the public key. - // The input values and the values produced by the point - // multiply may not be the same size so adjust the computed - // value to match the size of the input value by adding or - // removing zeros. - AdjustNumberB(&toCompare.x.b, unique->ecc.x.t.size); - AdjustNumberB(&toCompare.y.b, unique->ecc.y.t.size); - if(!MemoryEqual2B(&unique->ecc.x.b, &toCompare.x.b) - || !MemoryEqual2B(&unique->ecc.y.b, &toCompare.y.b)) - return TPM_RCS_BINDING; - } - } - } - break; - } + case TPM_ALG_ECC: + { + TPMI_ECC_CURVE curveId; + curveId = params->eccDetail.curveID; + keySizeInBytes = BITS_TO_BYTES(CryptEccGetKeySizeForCurve(curveId)); + if(sensitive == NULL) + { + // Validate the public key size + if(unique->ecc.x.t.size != keySizeInBytes + || unique->ecc.y.t.size != keySizeInBytes) + return TPM_RCS_KEY + blamePublic; + if(publicArea->nameAlg != TPM_ALG_NULL) + { + if(!CryptEccIsPointOnCurve(curveId, &unique->ecc)) + return TPM_RCS_ECC_POINT + blamePublic; + } + } + else + { + // If the nameAlg is TPM_ALG_NULL, then only verify that the + // private part of the key is OK. + if(!CryptEccIsValidPrivateKey(&sensitive->sensitive.ecc, curveId)) + return TPM_RCS_KEY_SIZE; + if(publicArea->nameAlg != TPM_ALG_NULL) + { + // Full key load, verify that the public point belongs to the + // private key. + TPMS_ECC_POINT toCompare; + result = CryptEccPointMultiply(&toCompare, + curveId, + NULL, + &sensitive->sensitive.ecc, + NULL, + NULL); + if(result != TPM_RC_SUCCESS) + return TPM_RCS_BINDING; + else + { + // Make sure that the private key generated the public key. + // The input values and the values produced by the point + // multiply may not be the same size so adjust the computed + // value to match the size of the input value by adding or + // removing zeros. + AdjustNumberB(&toCompare.x.b, unique->ecc.x.t.size); + AdjustNumberB(&toCompare.y.b, unique->ecc.y.t.size); + if(!MemoryEqual2B(&unique->ecc.x.b, &toCompare.x.b) + || !MemoryEqual2B(&unique->ecc.y.b, &toCompare.y.b)) + return TPM_RCS_BINDING; + } + } + } + break; + } #endif - default: - // Checks for SYMCIPHER and KEYEDHASH are largely the same - // If public area has a nameAlg, then validate the public area size - // and if there is also a sensitive area, validate the binding + default: + // Checks for SYMCIPHER and KEYEDHASH are largely the same + // If public area has a nameAlg, then validate the public area size + // and if there is also a sensitive area, validate the binding - // For consistency, if the object is public-only just make sure that - // the unique field is consistent with the name algorithm - if(sensitive == NULL) - { - if(unique->sym.t.size != digestSize) - return TPM_RCS_KEY + blamePublic; - } - else - { - // Make sure that the key size in the sensitive area is consistent. - if(publicArea->type == TPM_ALG_SYMCIPHER) - { - result = CryptSymKeyValidate(¶ms->symDetail.sym, - &sensitive->sensitive.sym); - if(result != TPM_RC_SUCCESS) - return result + blameSensitive; - } - else - { - // For a keyed hash object, the key has to be less than the - // smaller of the block size of the hash used in the scheme or - // 128 bytes. The worst case value is limited by the - // unmarshaling code so the only thing left to be checked is - // that it does not exceed the block size of the hash. - // by the hash algorithm of the scheme. - TPMT_KEYEDHASH_SCHEME* scheme; - UINT16 maxSize; - scheme = ¶ms->keyedHashDetail.scheme; - if(scheme->scheme == TPM_ALG_XOR) - { - maxSize = CryptHashGetBlockSize(scheme->details.xorr.hashAlg); - } - else if(scheme->scheme == TPM_ALG_HMAC) - { - maxSize = CryptHashGetBlockSize(scheme->details.hmac.hashAlg); - } - else if(scheme->scheme == TPM_ALG_NULL) - { - // Not signing or xor so must be a data block - maxSize = 128; - } - else - return TPM_RCS_SCHEME + blamePublic; - if(sensitive->sensitive.bits.t.size > maxSize) - return TPM_RCS_KEY_SIZE + blameSensitive; - } - // If there is a nameAlg, check the binding - if(publicArea->nameAlg != TPM_ALG_NULL) - { - TPM2B_DIGEST compare; - if(sensitive->seedValue.t.size != digestSize) - return TPM_RCS_KEY_SIZE + blameSensitive; + // For consistency, if the object is public-only just make sure that + // the unique field is consistent with the name algorithm + if(sensitive == NULL) + { + if(unique->sym.t.size != digestSize) + return TPM_RCS_KEY + blamePublic; + } + else + { + // Make sure that the key size in the sensitive area is consistent. + if(publicArea->type == TPM_ALG_SYMCIPHER) + { + result = CryptSymKeyValidate(¶ms->symDetail.sym, + &sensitive->sensitive.sym); + if(result != TPM_RC_SUCCESS) + return result + blameSensitive; + } + else + { + // For a keyed hash object, the key has to be less than the + // smaller of the block size of the hash used in the scheme or + // 128 bytes. The worst case value is limited by the + // unmarshaling code so the only thing left to be checked is + // that it does not exceed the block size of the hash. + // by the hash algorithm of the scheme. + TPMT_KEYEDHASH_SCHEME* scheme; + UINT16 maxSize; + scheme = ¶ms->keyedHashDetail.scheme; + if(scheme->scheme == TPM_ALG_XOR) + { + maxSize = CryptHashGetBlockSize(scheme->details.xorr.hashAlg); + } + else if(scheme->scheme == TPM_ALG_HMAC) + { + maxSize = CryptHashGetBlockSize(scheme->details.hmac.hashAlg); + } + else if(scheme->scheme == TPM_ALG_NULL) + { + // Not signing or xor so must be a data block + maxSize = 128; + } + else + return TPM_RCS_SCHEME + blamePublic; + if(sensitive->sensitive.bits.t.size > maxSize) + return TPM_RCS_KEY_SIZE + blameSensitive; + } + // If there is a nameAlg, check the binding + if(publicArea->nameAlg != TPM_ALG_NULL) + { + TPM2B_DIGEST compare; + if(sensitive->seedValue.t.size != digestSize) + return TPM_RCS_KEY_SIZE + blameSensitive; - CryptComputeSymmetricUnique(publicArea, sensitive, &compare); - if(!MemoryEqual2B(&unique->sym.b, &compare.b)) - return TPM_RC_BINDING; - } - } - break; - } + CryptComputeSymmetricUnique(publicArea, sensitive, &compare); + if(!MemoryEqual2B(&unique->sym.b, &compare.b)) + return TPM_RC_BINDING; + } + } + break; + } // For a parent, need to check that the seedValue is the correct size for // protections. It should be at least half the size of the nameAlg if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) && sensitive != NULL && publicArea->nameAlg != TPM_ALG_NULL) - { - if((sensitive->seedValue.t.size < (digestSize / 2)) - || (sensitive->seedValue.t.size > digestSize)) - return TPM_RCS_SIZE + blameSensitive; - } + { + if((sensitive->seedValue.t.size < (digestSize / 2)) + || (sensitive->seedValue.t.size > digestSize)) + return TPM_RCS_SIZE + blameSensitive; + } return TPM_RC_SUCCESS; } @@ -1962,47 +1959,47 @@ CryptSelectMac(TPMT_PUBLIC* publicArea, TPMI_ALG_MAC_SCHEME* inMac) { TPM_ALG_ID macAlg = TPM_ALG_NULL; switch(publicArea->type) - { - case TPM_ALG_KEYEDHASH: - { - // Local value to keep lines from getting too long - TPMT_KEYEDHASH_SCHEME* scheme; - scheme = &publicArea->parameters.keyedHashDetail.scheme; - // Expect that the scheme is either HMAC or NULL - if(scheme->scheme != TPM_ALG_NULL) - macAlg = scheme->details.hmac.hashAlg; - break; - } - case TPM_ALG_SYMCIPHER: - { - TPMT_SYM_DEF_OBJECT* scheme; - scheme = &publicArea->parameters.symDetail.sym; - // Expect that the scheme is either valid symmetric cipher or NULL - if(scheme->algorithm != TPM_ALG_NULL) - macAlg = scheme->mode.sym; - break; - } - default: - return TPM_RCS_TYPE; - } + { + case TPM_ALG_KEYEDHASH: + { + // Local value to keep lines from getting too long + TPMT_KEYEDHASH_SCHEME* scheme; + scheme = &publicArea->parameters.keyedHashDetail.scheme; + // Expect that the scheme is either HMAC or NULL + if(scheme->scheme != TPM_ALG_NULL) + macAlg = scheme->details.hmac.hashAlg; + break; + } + case TPM_ALG_SYMCIPHER: + { + TPMT_SYM_DEF_OBJECT* scheme; + scheme = &publicArea->parameters.symDetail.sym; + // Expect that the scheme is either valid symmetric cipher or NULL + if(scheme->algorithm != TPM_ALG_NULL) + macAlg = scheme->mode.sym; + break; + } + default: + return TPM_RCS_TYPE; + } // If the input value is not TPM_ALG_NULL ... if(*inMac != TPM_ALG_NULL) - { - // ... then either the scheme in the key must be TPM_ALG_NULL or the input - // value must match - if((macAlg != TPM_ALG_NULL) && (*inMac != macAlg)) - return TPM_RCS_VALUE; - } + { + // ... then either the scheme in the key must be TPM_ALG_NULL or the input + // value must match + if((macAlg != TPM_ALG_NULL) && (*inMac != macAlg)) + return TPM_RCS_VALUE; + } else - { - // Since the input value is TPM_ALG_NULL, then the key value can't be - // TPM_ALG_NULL - if(macAlg == TPM_ALG_NULL) - return TPM_RCS_VALUE; - *inMac = macAlg; - } + { + // Since the input value is TPM_ALG_NULL, then the key value can't be + // TPM_ALG_NULL + if(macAlg == TPM_ALG_NULL) + return TPM_RCS_VALUE; + *inMac = macAlg; + } if(!CryptMacIsValidForKey(publicArea->type, *inMac, FALSE)) - return TPM_RCS_SCHEME; + return TPM_RCS_SCHEME; return TPM_RC_SUCCESS; } @@ -2011,16 +2008,16 @@ CryptSelectMac(TPMT_PUBLIC* publicArea, TPMI_ALG_MAC_SCHEME* inMac) BOOL CryptMacIsValidForKey(TPM_ALG_ID keyType, TPM_ALG_ID macAlg, BOOL flag) { switch(keyType) - { - case TPM_ALG_KEYEDHASH: - return CryptHashIsValidAlg(macAlg, flag); - break; - case TPM_ALG_SYMCIPHER: - return CryptSmacIsValidAlg(macAlg, flag); - break; - default: - break; - } + { + case TPM_ALG_KEYEDHASH: + return CryptHashIsValidAlg(macAlg, flag); + break; + case TPM_ALG_SYMCIPHER: + return CryptSmacIsValidAlg(macAlg, flag); + break; + default: + break; + } return FALSE; } @@ -2028,22 +2025,22 @@ BOOL CryptMacIsValidForKey(TPM_ALG_ID keyType, TPM_ALG_ID macAlg, BOOL flag) // This function is used to test if an algorithm is a supported SMAC algorithm. It // needs to be updated as new algorithms are added. BOOL CryptSmacIsValidAlg(TPM_ALG_ID alg, - BOOL FLAG // IN: Indicates if TPM_ALG_NULL is valid - ) + BOOL FLAG // IN: Indicates if TPM_ALG_NULL is valid +) { switch(alg) - { + { #if ALG_CMAC - case TPM_ALG_CMAC: - return TRUE; - break; + case TPM_ALG_CMAC: + return TRUE; + break; #endif - case TPM_ALG_NULL: - return FLAG; - break; - default: - return FALSE; - } + case TPM_ALG_NULL: + return FLAG; + break; + default: + return FALSE; + } } //*** CryptSymModeIsValid() @@ -2053,28 +2050,28 @@ BOOL CryptSmacIsValidAlg(TPM_ALG_ID alg, BOOL CryptSymModeIsValid(TPM_ALG_ID mode, BOOL flag) { switch(mode) - { + { #if ALG_CTR - case TPM_ALG_CTR: + case TPM_ALG_CTR: #endif // ALG_CTR #if ALG_OFB - case TPM_ALG_OFB: + case TPM_ALG_OFB: #endif // ALG_OFB #if ALG_CBC - case TPM_ALG_CBC: + case TPM_ALG_CBC: #endif // ALG_CBC #if ALG_CFB - case TPM_ALG_CFB: + case TPM_ALG_CFB: #endif // ALG_CFB #if ALG_ECB - case TPM_ALG_ECB: + case TPM_ALG_ECB: #endif // ALG_ECB - return TRUE; - case TPM_ALG_NULL: - return flag; - break; - default: - break; - } + return TRUE; + case TPM_ALG_NULL: + return flag; + break; + default: + break; + } return FALSE; } diff --git a/src/tpm2/DA.c b/src/tpm2/DA.c index d61272e1..07262aaf 100644 --- a/src/tpm2/DA.c +++ b/src/tpm2/DA.c @@ -59,182 +59,193 @@ /* */ /********************************************************************************/ -/* 8.2 DA.c */ -/* 8.2.1 Introduction */ -/* This file contains the functions and data definitions relating to the dictionary attack logic. */ -/* 8.2.2 Includes and Data Definitions */ +//** Introduction +// This file contains the functions and data definitions relating to the +// dictionary attack logic. + +//** Includes and Data Definitions #define DA_C #include "Tpm.h" -/* 8.2.3 Functions */ -/* 8.2.3.1 DAPreInstall_Init() */ -/* This function initializes the DA parameters to their manufacturer-default values. The default - values are determined by a platform-specific specification. */ -/* This function should not be called outside of a manufacturing or simulation environment. */ -/* The DA parameters will be restored to these initial values by TPM2_Clear(). */ -void -DAPreInstall_Init( - void - ) + +//** Functions + +//*** DAPreInstall_Init() +// This function initializes the DA parameters to their manufacturer-default +// values. The default values are determined by a platform-specific specification. +// +// This function should not be called outside of a manufacturing or simulation +// environment. +// +// The DA parameters will be restored to these initial values by TPM2_Clear(). +void DAPreInstall_Init(void) { - gp.failedTries = 0; - gp.maxTries = 3; - gp.recoveryTime = 1000; // in seconds (~16.67 minutes) - gp.lockoutRecovery = 1000; // in seconds - gp.lockOutAuthEnabled = TRUE; // Use of lockoutAuth is enabled + gp.failedTries = 0; + gp.maxTries = 3; + gp.recoveryTime = 1000; // in seconds (~16.67 minutes) + gp.lockoutRecovery = 1000; // in seconds + gp.lockOutAuthEnabled = TRUE; // Use of lockoutAuth is enabled + // Record persistent DA parameter changes to NV NV_SYNC_PERSISTENT(failedTries); NV_SYNC_PERSISTENT(maxTries); NV_SYNC_PERSISTENT(recoveryTime); NV_SYNC_PERSISTENT(lockoutRecovery); NV_SYNC_PERSISTENT(lockOutAuthEnabled); + return; } -/* 8.2.3.2 DAStartup() */ -/* This function is called by TPM2_Startup() to initialize the DA parameters. In the case of - Startup(CLEAR), use of lockoutAuth will be enabled if the lockout recovery time is 0. Otherwise, - lockoutAuth will not be enabled until the TPM has been continuously powered for the - lockoutRecovery time. */ -/* This function requires that NV be available and not rate limiting. */ -BOOL -DAStartup( - STARTUP_TYPE type // IN: startup type - ) + +//*** DAStartup() +// This function is called by TPM2_Startup() to initialize the DA parameters. +// In the case of Startup(CLEAR), use of lockoutAuth will be enabled if the +// lockout recovery time is 0. Otherwise, lockoutAuth will not be enabled until +// the TPM has been continuously powered for the lockoutRecovery time. +// +// This function requires that NV be available and not rate limiting. +BOOL DAStartup(STARTUP_TYPE type // IN: startup type +) { NOT_REFERENCED(type); #if !ACCUMULATE_SELF_HEAL_TIMER _plat__TimerWasReset(); s_selfHealTimer = 0; - s_lockoutTimer = 0; + s_lockoutTimer = 0; #else if(_plat__TimerWasReset()) - { - if(!NV_IS_ORDERLY) - { - // If shutdown was not orderly, then don't really know if go.time has - // any useful value so reset the timer to 0. This is what the tick - // was reset to - s_selfHealTimer = 0; - s_lockoutTimer = 0; - } - else - { - // If we know how much time was accumulated at the last orderly shutdown - // subtract that from the saved timer values so that they effectively - // have the accumulated values - s_selfHealTimer -= go.time; - s_lockoutTimer -= go.time; - } - } + { + if(!NV_IS_ORDERLY) + { + // If shutdown was not orderly, then don't really know if go.time has + // any useful value so reset the timer to 0. This is what the tick + // was reset to + s_selfHealTimer = 0; + s_lockoutTimer = 0; + } + else + { + // If we know how much time was accumulated at the last orderly shutdown + // subtract that from the saved timer values so that they effectively + // have the accumulated values + s_selfHealTimer -= go.time; + s_lockoutTimer -= go.time; + } + } #endif + // For any Startup(), if lockoutRecovery is 0, enable use of lockoutAuth. if(gp.lockoutRecovery == 0) - { - gp.lockOutAuthEnabled = TRUE; - // Record the changes to NV - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - } + { + gp.lockOutAuthEnabled = TRUE; + // Record the changes to NV + NV_SYNC_PERSISTENT(lockOutAuthEnabled); + } + // If DA has not been disabled and the previous shutdown is not orderly // failedTries is not already at its maximum then increment 'failedTries' - if(gp.recoveryTime != 0 - && gp.failedTries < gp.maxTries + if(gp.recoveryTime != 0 && gp.failedTries < gp.maxTries && !IS_ORDERLY(g_prevOrderlyState)) - { + { #if USE_DA_USED - gp.failedTries += g_daUsed; - g_daUsed = FALSE; + gp.failedTries += g_daUsed; + g_daUsed = FALSE; #else - gp.failedTries++; + gp.failedTries++; #endif - // Record the change to NV - NV_SYNC_PERSISTENT(failedTries); - } + // Record the change to NV + NV_SYNC_PERSISTENT(failedTries); + } // Before Startup, the TPM will not do clock updates. At startup, need to // do a time update which will do the DA update. TimeUpdate(); + return TRUE; } -/* 8.2.3.3 DARegisterFailure() */ -/* This function is called when an authorization failure occurs on an entity that is subject to - dictionary-attack protection. When a DA failure is triggered, register the failure by resetting - the relevant self-healing timer to the current time. */ -void -DARegisterFailure( - TPM_HANDLE handle // IN: handle for failure - ) + +//*** DARegisterFailure() +// This function is called when an authorization failure occurs on an entity +// that is subject to dictionary-attack protection. When a DA failure is +// triggered, register the failure by resetting the relevant self-healing +// timer to the current time. +void DARegisterFailure(TPM_HANDLE handle // IN: handle for failure +) { // Reset the timer associated with lockout if the handle is the lockoutAuth. if(handle == TPM_RH_LOCKOUT) - s_lockoutTimer = g_time; + s_lockoutTimer = g_time; else - s_selfHealTimer = g_time; + s_selfHealTimer = g_time; return; } -/* 8.2.3.4 DASelfHeal() */ -/* This function is called to check if sufficient time has passed to allow decrement of failedTries - or to re-enable use of lockoutAuth. */ -/* This function should be called when the time interval is updated. */ -void -DASelfHeal( - void - ) + +//*** DASelfHeal() +// This function is called to check if sufficient time has passed to allow +// decrement of failedTries or to re-enable use of lockoutAuth. +// +// This function should be called when the time interval is updated. +void DASelfHeal(void) { // Regular authorization self healing logic // If no failed authorization tries, do nothing. Otherwise, try to // decrease failedTries if(gp.failedTries != 0) - { - // if recovery time is 0, DA logic has been disabled. Clear failed tries - // immediately - if(gp.recoveryTime == 0) - { - gp.failedTries = 0; - // Update NV record - NV_SYNC_PERSISTENT(failedTries); - } - else - { - UINT64 decreaseCount; -#if 0 // Errata eliminates this code - // In the unlikely event that failedTries should become larger than - // maxTries - if(gp.failedTries > gp.maxTries) - gp.failedTries = gp.maxTries; + { + // if recovery time is 0, DA logic has been disabled. Clear failed tries + // immediately + if(gp.recoveryTime == 0) + { + gp.failedTries = 0; + // Update NV record + NV_SYNC_PERSISTENT(failedTries); + } + else + { + UINT64 decreaseCount; +#if 0 + // Errata eliminates this code + // In the unlikely event that failedTries should become larger than + // maxTries + if(gp.failedTries > gp.maxTries) + gp.failedTries = gp.maxTries; #endif - // How much can failedTries be decreased - // Cast s_selfHealTimer to an int in case it became negative at - // startup - decreaseCount = ((g_time - (INT64)s_selfHealTimer) / 1000) - / gp.recoveryTime; - if(gp.failedTries <= (UINT32)decreaseCount) - // should not set failedTries below zero - gp.failedTries = 0; - else - gp.failedTries -= (UINT32)decreaseCount; - // the cast prevents overflow of the product - s_selfHealTimer += (decreaseCount * (UINT64)gp.recoveryTime) * 1000; - if(decreaseCount != 0) - // If there was a change to the failedTries, record the changes - // to NV - NV_SYNC_PERSISTENT(failedTries); - } - } + // How much can failedTries be decreased + + // Cast s_selfHealTimer to an int in case it became negative at + // startup + decreaseCount = + ((g_time - (INT64)s_selfHealTimer) / 1000) / gp.recoveryTime; + + if(gp.failedTries <= (UINT32)decreaseCount) + // should not set failedTries below zero + gp.failedTries = 0; + else + gp.failedTries -= (UINT32)decreaseCount; + + // the cast prevents overflow of the product + s_selfHealTimer += (decreaseCount * (UINT64)gp.recoveryTime) * 1000; + if(decreaseCount != 0) + // If there was a change to the failedTries, record the changes + // to NV + NV_SYNC_PERSISTENT(failedTries); + } + } + // LockoutAuth self healing logic // If lockoutAuth is enabled, do nothing. Otherwise, try to see if we // may enable it if(!gp.lockOutAuthEnabled) - { - // if lockout authorization recovery time is 0, a reboot is required to - // re-enable use of lockout authorization. Self-healing would not - // apply in this case. - if(gp.lockoutRecovery != 0) - { - if(((g_time - (INT64)s_lockoutTimer) / 1000) >= gp.lockoutRecovery) - { - gp.lockOutAuthEnabled = TRUE; - // Record the changes to NV - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - } - } - } + { + // if lockout authorization recovery time is 0, a reboot is required to + // re-enable use of lockout authorization. Self-healing would not + // apply in this case. + if(gp.lockoutRecovery != 0) + { + if(((g_time - (INT64)s_lockoutTimer) / 1000) >= gp.lockoutRecovery) + { + gp.lockOutAuthEnabled = TRUE; + // Record the changes to NV + NV_SYNC_PERSISTENT(lockOutAuthEnabled); + } + } + } return; } diff --git a/src/tpm2/DA_fp.h b/src/tpm2/DA_fp.h index bb5f4644..68c7c444 100644 --- a/src/tpm2/DA_fp.h +++ b/src/tpm2/DA_fp.h @@ -59,29 +59,47 @@ /* */ /********************************************************************************/ -#ifndef DA_FP_H -#define DA_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 04:23:27PM + */ -void -DAPreInstall_Init( - void - ); -void -DAInit( - void - ); -BOOL -DAStartup( - STARTUP_TYPE type // IN: startup type - ); -void -DARegisterFailure( - TPM_HANDLE handle // IN: handle for failure - ); -void -DASelfHeal( - void - ); +#ifndef _DA_FP_H_ +#define _DA_FP_H_ +//*** DAPreInstall_Init() +// This function initializes the DA parameters to their manufacturer-default +// values. The default values are determined by a platform-specific specification. +// +// This function should not be called outside of a manufacturing or simulation +// environment. +// +// The DA parameters will be restored to these initial values by TPM2_Clear(). +void DAPreInstall_Init(void); -#endif +//*** DAStartup() +// This function is called by TPM2_Startup() to initialize the DA parameters. +// In the case of Startup(CLEAR), use of lockoutAuth will be enabled if the +// lockout recovery time is 0. Otherwise, lockoutAuth will not be enabled until +// the TPM has been continuously powered for the lockoutRecovery time. +// +// This function requires that NV be available and not rate limiting. +BOOL DAStartup(STARTUP_TYPE type // IN: startup type +); + +//*** DARegisterFailure() +// This function is called when a authorization failure occurs on an entity +// that is subject to dictionary-attack protection. When a DA failure is +// triggered, register the failure by resetting the relevant self-healing +// timer to the current time. +void DARegisterFailure(TPM_HANDLE handle // IN: handle for failure +); + +//*** DASelfHeal() +// This function is called to check if sufficient time has passed to allow +// decrement of failedTries or to re-enable use of lockoutAuth. +// +// This function should be called when the time interval is updated. +void DASelfHeal(void); + +#endif // _DA_FP_H_ diff --git a/src/tpm2/DebugHelpers.c b/src/tpm2/DebugHelpers.c index eb58a29a..b17f3cba 100644 --- a/src/tpm2/DebugHelpers.c +++ b/src/tpm2/DebugHelpers.c @@ -59,102 +59,89 @@ /* */ /********************************************************************************/ -/* C.13 DebugHelpers.c */ -/* C.13.1. Description */ -/* This file contains the NV read and write access methods. This implementation uses RAM/file and - does not manage the RAM/file as NV blocks. The implementation may become more sophisticated over - time. */ -/* C.13.2. Includes and Local */ -#include -#include +//** Description +// +// This file contains the NV read and write access methods. This implementation +// uses RAM/file and does not manage the RAM/file as NV blocks. +// The implementation may become more sophisticated over time. +// + +//** Includes and Local +#include +#include #include "Platform.h" -#include "DebugHelpers_fp.h" #if CERTIFYX509_DEBUG -const char *debugFileName = "DebugFile.txt"; -/* C.13.2.1. fileOpen() */ +const char* debugFileName = "DebugFile.txt"; -/* This exists to allow use of the safe version of fopen() with a MS runtime. */ - -static FILE * -fileOpen( - const char *fn, - const char *mode - ) +//*** fileOpen() +// This exists to allow use of the 'safe' version of fopen() with a MS runtime. +static FILE* fileOpen(const char* fn, const char* mode) { - FILE *f; -# if defined _MSC_VER + FILE* f; +# if defined _MSC_VER if(fopen_s(&f, fn, mode) != 0) - f = NULL; -# else + f = NULL; +# else f = fopen(fn, mode); -# endif +# endif return f; } -/* C.13.2.2. DebugFileInit() */ -/* This function initializes the file containing the debug data with the time of the file - creation. */ -/* This function opens the file used to hold the debug data. */ -/* Return Value Meaning */ -/* 0 success */ -/* != 0 error */ -int -DebugFileInit( - void - ) + +//*** DebugFileInit() +// This function initializes the file containing the debug data with the time of the +// file creation. +// Return Type: int +// 0 success +// != 0 error +int DebugFileInit(void) { - FILE *f = NULL; - time_t t = time(NULL); - // - // Get current date and time. -# if defined _MSC_VER - char timeString[100]; + FILE* f = NULL; + time_t t = time(NULL); +// +// Get current date and time. +# if defined _MSC_VER + char timeString[100]; ctime_s(timeString, (size_t)sizeof(timeString), &t); -# else - char *timeString; +# else + char* timeString; timeString = ctime(&t); -# endif +# endif // Try to open the debug file f = fileOpen(debugFileName, "w"); if(f) - { - /* Initialize the contents with the time. */ - fprintf(f, "%s\n", timeString); - fclose(f); - return 0; - } + { + // Initialize the contents with the time. + fprintf(f, "%s\n", timeString); + fclose(f); + return 0; + } return -1; } -/* C.13.2.3. DebugDumpBuffer() */ - -void -DebugDumpBuffer( - int size, - unsigned char *buf, - const char *identifier - ) +//*** DebugDumpBuffer() +void DebugDumpBuffer(int size, unsigned char* buf, const char* identifier) { - int i; + int i; // - FILE *f = fileOpen(debugFileName, "a"); + FILE* f = fileOpen(debugFileName, "a"); if(!f) - return; + return; if(identifier) - fprintf(f, "%s\n", identifier); + fprintf(f, "%s\n", identifier); if(buf) - { - for(i = 0; i < size; i++) - { - if(((i % 16) == 0) && (i)) - fprintf(f, "\n"); - fprintf(f, " %02X", buf[i]); - } - if((size % 16) != 0) - fprintf(f, "\n"); - } + { + for(i = 0; i < size; i++) + { + if(((i % 16) == 0) && (i)) + fprintf(f, "\n"); + fprintf(f, " %02X", buf[i]); + } + if((size % 16) != 0) + fprintf(f, "\n"); + } fclose(f); } -#endif // CERTIFYX509_DEBUG +#endif // CERTIFYX509_DEBUG diff --git a/src/tpm2/DictionaryAttackLockReset_fp.h b/src/tpm2/DictionaryAttackLockReset_fp.h index 7be9f3ad..571114c6 100644 --- a/src/tpm2/DictionaryAttackLockReset_fp.h +++ b/src/tpm2/DictionaryAttackLockReset_fp.h @@ -59,21 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef DICTIONARYATTACKLOCKRESET_FP_H -#define DICTIONARYATTACKLOCKRESET_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_LOCKOUT lockHandle; +#if CC_DictionaryAttackLockReset // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_DICTIONARYATTACKLOCKRESET_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_DICTIONARYATTACKLOCKRESET_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_LOCKOUT lockHandle; } DictionaryAttackLockReset_In; -#define RC_DictionaryAttackLockReset_lockHandle (TPM_RC_H + TPM_RC_1) +// Response code modifiers +# define RC_DictionaryAttackLockReset_lockHandle (TPM_RC_H + TPM_RC_1) +// Function prototype TPM_RC -TPM2_DictionaryAttackLockReset( - DictionaryAttackLockReset_In *in // IN: input parameter list - ); +TPM2_DictionaryAttackLockReset(DictionaryAttackLockReset_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_DICTIONARYATTACKLOCKRESET_FP_H_ +#endif // CC_DictionaryAttackLockReset diff --git a/src/tpm2/DictionaryAttackParameters_fp.h b/src/tpm2/DictionaryAttackParameters_fp.h index cfc6124a..cdf7c165 100644 --- a/src/tpm2/DictionaryAttackParameters_fp.h +++ b/src/tpm2/DictionaryAttackParameters_fp.h @@ -59,28 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef DICTIONARYATTACKPARAMETERS_FP_H -#define DICTIONARYATTACKPARAMETERS_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT +#if CC_DictionaryAttackParameters // Command must be enabled -typedef struct { - TPMI_RH_LOCKOUT lockHandle; - UINT32 newMaxTries; - UINT32 newRecoveryTime; - UINT32 lockoutRecovery; +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_DICTIONARYATTACKPARAMETERS_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_DICTIONARYATTACKPARAMETERS_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_LOCKOUT lockHandle; + UINT32 newMaxTries; + UINT32 newRecoveryTime; + UINT32 lockoutRecovery; } DictionaryAttackParameters_In; -#define RC_DictionaryAttackParameters_lockHandle (TPM_RC_H + TPM_RC_1) -#define RC_DictionaryAttackParameters_newMaxTries (TPM_RC_P + TPM_RC_1) -#define RC_DictionaryAttackParameters_newRecoveryTime (TPM_RC_P + TPM_RC_2) -#define RC_DictionaryAttackParameters_lockoutRecovery (TPM_RC_P + TPM_RC_3) +// Response code modifiers +# define RC_DictionaryAttackParameters_lockHandle (TPM_RC_H + TPM_RC_1) +# define RC_DictionaryAttackParameters_newMaxTries (TPM_RC_P + TPM_RC_1) +# define RC_DictionaryAttackParameters_newRecoveryTime (TPM_RC_P + TPM_RC_2) +# define RC_DictionaryAttackParameters_lockoutRecovery (TPM_RC_P + TPM_RC_3) +// Function prototype TPM_RC -TPM2_DictionaryAttackParameters( - DictionaryAttackParameters_In *in // IN: input parameter list - ); +TPM2_DictionaryAttackParameters(DictionaryAttackParameters_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_DICTIONARYATTACKPARAMETERS_FP_H_ +#endif // CC_DictionaryAttackParameters diff --git a/src/tpm2/Duplicate_fp.h b/src/tpm2/Duplicate_fp.h index 5deffa15..72d4539a 100644 --- a/src/tpm2/Duplicate_fp.h +++ b/src/tpm2/Duplicate_fp.h @@ -59,33 +59,40 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef DUPLICATE_FP_H -#define DUPLICATE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT objectHandle; - TPMI_DH_OBJECT newParentHandle; - TPM2B_DATA encryptionKeyIn; - TPMT_SYM_DEF_OBJECT symmetricAlg; +#if CC_Duplicate // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_DUPLICATE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_DUPLICATE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT objectHandle; + TPMI_DH_OBJECT newParentHandle; + TPM2B_DATA encryptionKeyIn; + TPMT_SYM_DEF_OBJECT symmetricAlg; } Duplicate_In; -typedef struct { - TPM2B_DATA encryptionKeyOut; - TPM2B_PRIVATE duplicate; - TPM2B_ENCRYPTED_SECRET outSymSeed; +// Output structure definition +typedef struct +{ + TPM2B_DATA encryptionKeyOut; + TPM2B_PRIVATE duplicate; + TPM2B_ENCRYPTED_SECRET outSymSeed; } Duplicate_Out; -#define RC_Duplicate_objectHandle (TPM_RC_H + TPM_RC_1) -#define RC_Duplicate_newParentHandle (TPM_RC_H + TPM_RC_2) -#define RC_Duplicate_encryptionKeyIn (TPM_RC_P + TPM_RC_1) -#define RC_Duplicate_symmetricAlg (TPM_RC_P + TPM_RC_2) +// Response code modifiers +# define RC_Duplicate_objectHandle (TPM_RC_H + TPM_RC_1) +# define RC_Duplicate_newParentHandle (TPM_RC_H + TPM_RC_2) +# define RC_Duplicate_encryptionKeyIn (TPM_RC_P + TPM_RC_1) +# define RC_Duplicate_symmetricAlg (TPM_RC_P + TPM_RC_2) +// Function prototype TPM_RC -TPM2_Duplicate( - Duplicate_In *in, // IN: input parameter list - Duplicate_Out *out // OUT: output parameter list - ); +TPM2_Duplicate(Duplicate_In* in, Duplicate_Out* out); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_DUPLICATE_FP_H_ +#endif // CC_Duplicate diff --git a/src/tpm2/EACommands.c b/src/tpm2/EACommands.c index 42a82af0..44eb88cf 100644 --- a/src/tpm2/EACommands.c +++ b/src/tpm2/EACommands.c @@ -1643,7 +1643,7 @@ TPM2_PolicyAuthorizeNV(PolicyAuthorizeNV_In* in) #include "CommandCodeAttributes_fp.h" #include "CryptEccMain_fp.h" #include "Handle_fp.h" -#include "NVDynamic_fp.h" +#include "NvDynamic_fp.h" #include "Object_fp.h" #include "PCR_fp.h" #include "PP_fp.h" diff --git a/src/tpm2/ECC_Parameters_fp.h b/src/tpm2/ECC_Parameters_fp.h index 75f9cdf4..1314bd9e 100644 --- a/src/tpm2/ECC_Parameters_fp.h +++ b/src/tpm2/ECC_Parameters_fp.h @@ -59,26 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef ECC_PARAMETERS_FP_H -#define ECC_PARAMETERS_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_ECC_CURVE curveID; +#if CC_ECC_Parameters // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECC_PARAMETERS_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECC_PARAMETERS_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_ECC_CURVE curveID; } ECC_Parameters_In; -#define RC_ECC_Parameters_curveID (TPM_RC_P + TPM_RC_1) - -typedef struct { - TPMS_ALGORITHM_DETAIL_ECC parameters; +// Output structure definition +typedef struct +{ + TPMS_ALGORITHM_DETAIL_ECC parameters; } ECC_Parameters_Out; +// Response code modifiers +# define RC_ECC_Parameters_curveID (TPM_RC_P + TPM_RC_1) + +// Function prototype TPM_RC -TPM2_ECC_Parameters( - ECC_Parameters_In *in, // IN: input parameter list - ECC_Parameters_Out *out // OUT: output parameter list - ); +TPM2_ECC_Parameters(ECC_Parameters_In* in, ECC_Parameters_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECC_PARAMETERS_FP_H_ +#endif // CC_ECC_Parameters diff --git a/src/tpm2/ECDH_KeyGen_fp.h b/src/tpm2/ECDH_KeyGen_fp.h index 85f16f5b..1ec59874 100644 --- a/src/tpm2/ECDH_KeyGen_fp.h +++ b/src/tpm2/ECDH_KeyGen_fp.h @@ -59,27 +59,33 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef ECDH_KEYGEN_FP_H -#define ECDH_KEYGEN_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT keyHandle; +#if CC_ECDH_KeyGen // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECDH_KEYGEN_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECDH_KEYGEN_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT keyHandle; } ECDH_KeyGen_In; -#define RC_ECDH_KeyGen_keyHandle (TPM_RC_H + TPM_RC_1) - -typedef struct { - TPM2B_ECC_POINT zPoint; - TPM2B_ECC_POINT pubPoint; +// Output structure definition +typedef struct +{ + TPM2B_ECC_POINT zPoint; + TPM2B_ECC_POINT pubPoint; } ECDH_KeyGen_Out; +// Response code modifiers +# define RC_ECDH_KeyGen_keyHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype TPM_RC -TPM2_ECDH_KeyGen( - ECDH_KeyGen_In *in, // IN: input parameter list - ECDH_KeyGen_Out *out // OUT: output parameter list - ); +TPM2_ECDH_KeyGen(ECDH_KeyGen_In* in, ECDH_KeyGen_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECDH_KEYGEN_FP_H_ +#endif // CC_ECDH_KeyGen diff --git a/src/tpm2/ECDH_ZGen_fp.h b/src/tpm2/ECDH_ZGen_fp.h index 5cc5b713..c7af17ad 100644 --- a/src/tpm2/ECDH_ZGen_fp.h +++ b/src/tpm2/ECDH_ZGen_fp.h @@ -59,28 +59,34 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef ECDH_ZGEN_FP_H -#define ECDH_ZGEN_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_ECC_POINT inPoint; +#if CC_ECDH_ZGen // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECDH_ZGEN_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECDH_ZGEN_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT keyHandle; + TPM2B_ECC_POINT inPoint; } ECDH_ZGen_In; -#define RC_ECDH_ZGen_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_ECDH_ZGen_inPoint (TPM_RC_P + TPM_RC_1) - -typedef struct { - TPM2B_ECC_POINT outPoint; +// Output structure definition +typedef struct +{ + TPM2B_ECC_POINT outPoint; } ECDH_ZGen_Out; +// Response code modifiers +# define RC_ECDH_ZGen_keyHandle (TPM_RC_H + TPM_RC_1) +# define RC_ECDH_ZGen_inPoint (TPM_RC_P + TPM_RC_1) + +// Function prototype TPM_RC -TPM2_ECDH_ZGen( - ECDH_ZGen_In *in, // IN: input parameter list - ECDH_ZGen_Out *out // OUT: output parameter list - ); +TPM2_ECDH_ZGen(ECDH_ZGen_In* in, ECDH_ZGen_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECDH_ZGEN_FP_H_ +#endif // CC_ECDH_ZGen diff --git a/src/tpm2/EC_Ephemeral_fp.h b/src/tpm2/EC_Ephemeral_fp.h index c0047671..dc004fab 100644 --- a/src/tpm2/EC_Ephemeral_fp.h +++ b/src/tpm2/EC_Ephemeral_fp.h @@ -59,26 +59,33 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef EC_EPHEMERAL_FP_H -#define EC_EPHEMERAL_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_ECC_CURVE curveID; +#if CC_EC_Ephemeral // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_EC_EPHEMERAL_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_EC_EPHEMERAL_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_ECC_CURVE curveID; } EC_Ephemeral_In; -#define RC_EC_Ephemeral_curveID (TPM_RC_P + TPM_RC_1) - -typedef struct { - TPM2B_ECC_POINT Q; - UINT16 counter; +// Output structure definition +typedef struct +{ + TPM2B_ECC_POINT Q; + UINT16 counter; } EC_Ephemeral_Out; -TPM_RC -TPM2_EC_Ephemeral( - EC_Ephemeral_In *in, // IN: input parameter list - EC_Ephemeral_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_EC_Ephemeral_curveID (TPM_RC_P + TPM_RC_1) -#endif +// Function prototype +TPM_RC +TPM2_EC_Ephemeral(EC_Ephemeral_In* in, EC_Ephemeral_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_EC_EPHEMERAL_FP_H_ +#endif // CC_EC_Ephemeral diff --git a/src/tpm2/EccTestData.h b/src/tpm2/EccTestData.h index 44ebaca3..a68a1417 100644 --- a/src/tpm2/EccTestData.h +++ b/src/tpm2/EccTestData.h @@ -59,97 +59,153 @@ /* */ /********************************************************************************/ -#ifdef SELF_TEST_DATA -TPM2B_TYPE(EC_TEST, 32); -const TPM_ECC_CURVE c_testCurve = 00003; -// The static key -const TPM2B_EC_TEST c_ecTestKey_ds = {{32, { - 0xdf,0x8d,0xa4,0xa3,0x88,0xf6,0x76,0x96,0x89,0xfc,0x2f,0x2d,0xa1,0xb4,0x39,0x7a, - 0x78,0xc4,0x7f,0x71,0x8c,0xa6,0x91,0x85,0xc0,0xbf,0xf3,0x54,0x20,0x91,0x2f,0x73}}}; -const TPM2B_EC_TEST c_ecTestKey_QsX = {{32, { - 0x17,0xad,0x2f,0xcb,0x18,0xd4,0xdb,0x3f,0x2c,0x53,0x13,0x82,0x42,0x97,0xff,0x8d, - 0x99,0x50,0x16,0x02,0x35,0xa7,0x06,0xae,0x1f,0xda,0xe2,0x9c,0x12,0x77,0xc0,0xf9}}}; -const TPM2B_EC_TEST c_ecTestKey_QsY = {{32, { - 0xa6,0xca,0xf2,0x18,0x45,0x96,0x6e,0x58,0xe6,0x72,0x34,0x12,0x89,0xcd,0xaa,0xad, - 0xcb,0x68,0xb2,0x51,0xdc,0x5e,0xd1,0x6d,0x38,0x20,0x35,0x57,0xb2,0xfd,0xc7,0x52}}}; -// The ephemeral key -const TPM2B_EC_TEST c_ecTestKey_de = {{32, { - 0xb6,0xb5,0x33,0x5c,0xd1,0xee,0x52,0x07,0x99,0xea,0x2e,0x8f,0x8b,0x19,0x18,0x07, - 0xc1,0xf8,0xdf,0xdd,0xb8,0x77,0x00,0xc7,0xd6,0x53,0x21,0xed,0x02,0x53,0xee,0xac}}}; -const TPM2B_EC_TEST c_ecTestKey_QeX = {{32, { - 0xa5,0x1e,0x80,0xd1,0x76,0x3e,0x8b,0x96,0xce,0xcc,0x21,0x82,0xc9,0xa2,0xa2,0xed, - 0x47,0x21,0x89,0x53,0x44,0xe9,0xc7,0x92,0xe7,0x31,0x48,0x38,0xe6,0xea,0x93,0x47}}}; -const TPM2B_EC_TEST c_ecTestKey_QeY = {{32, { - 0x30,0xe6,0x4f,0x97,0x03,0xa1,0xcb,0x3b,0x32,0x2a,0x70,0x39,0x94,0xeb,0x4e,0xea, - 0x55,0x88,0x81,0x3f,0xb5,0x00,0xb8,0x54,0x25,0xab,0xd4,0xda,0xfd,0x53,0x7a,0x18}}}; -// ECDH test results -const TPM2B_EC_TEST c_ecTestEcdh_X = {{32, { - 0x64,0x02,0x68,0x92,0x78,0xdb,0x33,0x52,0xed,0x3b,0xfa,0x3b,0x74,0xa3,0x3d,0x2c, - 0x2f,0x9c,0x59,0x03,0x07,0xf8,0x22,0x90,0xed,0xe3,0x45,0xf8,0x2a,0x0a,0xd8,0x1d}}}; -const TPM2B_EC_TEST c_ecTestEcdh_Y = {{32, { - 0x58,0x94,0x05,0x82,0xbe,0x5f,0x33,0x02,0x25,0x90,0x3a,0x33,0x90,0x89,0xe3,0xe5, - 0x10,0x4a,0xbc,0x78,0xa5,0xc5,0x07,0x64,0xaf,0x91,0xbc,0xe6,0xff,0x85,0x11,0x40}}}; -TPM2B_TYPE(TEST_VALUE, 64); -const TPM2B_TEST_VALUE c_ecTestValue = {{64, { - 0x78,0xd5,0xd4,0x56,0x43,0x61,0xdb,0x97,0xa4,0x32,0xc4,0x0b,0x06,0xa9,0xa8,0xa0, - 0xf4,0x45,0x7f,0x13,0xd8,0x13,0x81,0x0b,0xe5,0x76,0xbe,0xaa,0xb6,0x3f,0x8d,0x4d, - 0x23,0x65,0xcc,0xa7,0xc9,0x19,0x10,0xce,0x69,0xcb,0x0c,0xc7,0x11,0x8d,0xc3,0xff, - 0x62,0x69,0xa2,0xbe,0x46,0x90,0xe7,0x7d,0x81,0x77,0x94,0x65,0x1c,0x3e,0xc1,0x3e}}}; -#if ALG_SHA1_VALUE == DEFAULT_TEST_HASH -const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { - 0x57,0xf3,0x36,0xb7,0xec,0xc2,0xdd,0x76,0x0e,0xe2,0x81,0x21,0x49,0xc5,0x66,0x11, - 0x4b,0x8a,0x4f,0x17,0x62,0x82,0xcc,0x06,0xf6,0x64,0x78,0xef,0x6b,0x7c,0xf2,0x6c}}}; -const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { - 0x1b,0xed,0x23,0x72,0x8f,0x17,0x5f,0x47,0x2e,0xa7,0x97,0x2c,0x51,0x57,0x20,0x70, - 0x6f,0x89,0x74,0x8a,0xa8,0xf4,0x26,0xf4,0x96,0xa1,0xb8,0x3e,0xe5,0x35,0xc5,0x94}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{ - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x1b,0x08,0x9f,0xde, - 0xef,0x62,0xe3,0xf1,0x14,0xcb,0x54,0x28,0x13,0x76,0xfc,0x6d,0x69,0x22,0xb5,0x3e}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ - 0xd9,0xd3,0x20,0xfb,0x4d,0x16,0xf2,0xe6,0xe2,0x45,0x07,0x45,0x1c,0x92,0x92,0x92, - 0xa9,0x6b,0x48,0xf8,0xd1,0x98,0x29,0x4d,0xd3,0x8f,0x56,0xf2,0xbb,0x2e,0x22,0x3b}}}; -#endif // SHA1 -#if ALG_SHA256_VALUE == DEFAULT_TEST_HASH -const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { - 0x04,0x7d,0x54,0xeb,0x04,0x6f,0x56,0xec,0xa2,0x6c,0x38,0x8c,0xeb,0x43,0x0b,0x71, - 0xf8,0xf2,0xf4,0xa5,0xe0,0x1d,0x3c,0xa2,0x39,0x31,0xe4,0xe7,0x36,0x3b,0xb5,0x5f}}}; -const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { - 0x8f,0xd0,0x12,0xd9,0x24,0x75,0xf6,0xc4,0x3b,0xb5,0x46,0x75,0x3a,0x41,0x8d,0x80, - 0x23,0x99,0x38,0xd7,0xe2,0x40,0xca,0x9a,0x19,0x2a,0xfc,0x54,0x75,0xd3,0x4a,0x6e}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, { - 0xf7,0xb9,0x15,0x4c,0x34,0xf6,0x41,0x19,0xa3,0xd2,0xf1,0xbd,0xf4,0x13,0x6a,0x4f, - 0x63,0xb8,0x4d,0xb5,0xc8,0xcd,0xde,0x85,0x95,0xa5,0x39,0x0a,0x14,0x49,0x3d,0x2f}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ - 0xfe,0xbe,0x17,0xaa,0x31,0x22,0x9f,0xd0,0xd2,0xf5,0x25,0x04,0x92,0xb0,0xaa,0x4e, - 0xcc,0x1c,0xb6,0x79,0xd6,0x42,0xb3,0x4e,0x3f,0xbb,0xfe,0x5f,0xd0,0xd0,0x8b,0xc3}}}; -#endif // SHA256 -#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH -const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { - 0xf5,0x74,0x6d,0xd6,0xc6,0x56,0x86,0xbb,0xba,0x1c,0xba,0x75,0x65,0xee,0x64,0x31, - 0xce,0x04,0xe3,0x9f,0x24,0x3f,0xbd,0xfe,0x04,0xcd,0xab,0x7e,0xfe,0xad,0xcb,0x82}}}; -const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { - 0xc2,0x4f,0x32,0xa1,0x06,0xc0,0x85,0x4f,0xc6,0xd8,0x31,0x66,0x91,0x9f,0x79,0xcd, - 0x5b,0xe5,0x7b,0x94,0xa1,0x91,0x38,0xac,0xd4,0x20,0xa2,0x10,0xf0,0xd5,0x9d,0xbf}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, { - 0x1e,0xb8,0xe1,0xbf,0xa1,0x9e,0x39,0x1e,0x58,0xa2,0xe6,0x59,0xd0,0x1a,0x6a,0x03, - 0x6a,0x1f,0x1c,0x4f,0x36,0x19,0xc1,0xec,0x30,0xa4,0x85,0x1b,0xe9,0x74,0x35,0x66}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ - 0xb9,0xe6,0xe3,0x7e,0xcb,0xb9,0xea,0xf1,0xcc,0xf4,0x48,0x44,0x4a,0xda,0xc8,0xd7, - 0x87,0xb4,0xba,0x40,0xfe,0x5b,0x68,0x11,0x14,0xcf,0xa0,0x0e,0x85,0x46,0x99,0x01}}}; -#endif // SHA384 -#if ALG_SHA512_VALUE == DEFAULT_TEST_HASH -const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { - 0xc9,0x71,0xa6,0xb4,0xaf,0x46,0x26,0x8c,0x27,0x00,0x06,0x3b,0x00,0x0f,0xa3,0x17, - 0x72,0x48,0x40,0x49,0x4d,0x51,0x4f,0xa4,0xcb,0x7e,0x86,0xe9,0xe7,0xb4,0x79,0xb2}}}; -const TPM2B_EC_TEST c_TestEcDsa_s = {{32,{ - 0x87,0xbc,0xc0,0xed,0x74,0x60,0x9e,0xfa,0x4e,0xe8,0x16,0xf3,0xf9,0x6b,0x26,0x07, - 0x3c,0x74,0x31,0x7e,0xf0,0x62,0x46,0xdc,0xd6,0x45,0x22,0x47,0x3e,0x0c,0xa0,0x02}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{ - 0xcc,0x07,0xad,0x65,0x91,0xdd,0xa0,0x10,0x23,0xae,0x53,0xec,0xdf,0xf1,0x50,0x90, - 0x16,0x96,0xf4,0x45,0x09,0x73,0x9c,0x84,0xb5,0x5c,0x5f,0x08,0x51,0xcb,0x60,0x01}}}; -const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ - 0x55,0x20,0x21,0x54,0xe2,0x49,0x07,0x47,0x71,0xf4,0x99,0x15,0x54,0xf3,0xab,0x14, - 0xdb,0x8e,0xda,0x79,0xb6,0x02,0x0e,0xe3,0x5e,0x6f,0x2c,0xb6,0x05,0xbd,0x14,0x10}}}; -#endif // SHA512 -#endif // SELF_TEST_DATA +// This file contains the parameter data for ECC testing. +#ifdef SELF_TEST_DATA + +TPM2B_TYPE(EC_TEST, 32); +const TPM_ECC_CURVE c_testCurve = 00003; + +// The "static" key + +const TPM2B_EC_TEST c_ecTestKey_ds = { + {32, {0xdf, 0x8d, 0xa4, 0xa3, 0x88, 0xf6, 0x76, 0x96, 0x89, 0xfc, 0x2f, + 0x2d, 0xa1, 0xb4, 0x39, 0x7a, 0x78, 0xc4, 0x7f, 0x71, 0x8c, 0xa6, + 0x91, 0x85, 0xc0, 0xbf, 0xf3, 0x54, 0x20, 0x91, 0x2f, 0x73}}}; + +const TPM2B_EC_TEST c_ecTestKey_QsX = { + {32, {0x17, 0xad, 0x2f, 0xcb, 0x18, 0xd4, 0xdb, 0x3f, 0x2c, 0x53, 0x13, + 0x82, 0x42, 0x97, 0xff, 0x8d, 0x99, 0x50, 0x16, 0x02, 0x35, 0xa7, + 0x06, 0xae, 0x1f, 0xda, 0xe2, 0x9c, 0x12, 0x77, 0xc0, 0xf9}}}; + +const TPM2B_EC_TEST c_ecTestKey_QsY = { + {32, {0xa6, 0xca, 0xf2, 0x18, 0x45, 0x96, 0x6e, 0x58, 0xe6, 0x72, 0x34, + 0x12, 0x89, 0xcd, 0xaa, 0xad, 0xcb, 0x68, 0xb2, 0x51, 0xdc, 0x5e, + 0xd1, 0x6d, 0x38, 0x20, 0x35, 0x57, 0xb2, 0xfd, 0xc7, 0x52}}}; + +// The "ephemeral" key + +const TPM2B_EC_TEST c_ecTestKey_de = { + {32, {0xb6, 0xb5, 0x33, 0x5c, 0xd1, 0xee, 0x52, 0x07, 0x99, 0xea, 0x2e, + 0x8f, 0x8b, 0x19, 0x18, 0x07, 0xc1, 0xf8, 0xdf, 0xdd, 0xb8, 0x77, + 0x00, 0xc7, 0xd6, 0x53, 0x21, 0xed, 0x02, 0x53, 0xee, 0xac}}}; + +const TPM2B_EC_TEST c_ecTestKey_QeX = { + {32, {0xa5, 0x1e, 0x80, 0xd1, 0x76, 0x3e, 0x8b, 0x96, 0xce, 0xcc, 0x21, + 0x82, 0xc9, 0xa2, 0xa2, 0xed, 0x47, 0x21, 0x89, 0x53, 0x44, 0xe9, + 0xc7, 0x92, 0xe7, 0x31, 0x48, 0x38, 0xe6, 0xea, 0x93, 0x47}}}; + +const TPM2B_EC_TEST c_ecTestKey_QeY = { + {32, {0x30, 0xe6, 0x4f, 0x97, 0x03, 0xa1, 0xcb, 0x3b, 0x32, 0x2a, 0x70, + 0x39, 0x94, 0xeb, 0x4e, 0xea, 0x55, 0x88, 0x81, 0x3f, 0xb5, 0x00, + 0xb8, 0x54, 0x25, 0xab, 0xd4, 0xda, 0xfd, 0x53, 0x7a, 0x18}}}; + +// ECDH test results +const TPM2B_EC_TEST c_ecTestEcdh_X = { + {32, {0x64, 0x02, 0x68, 0x92, 0x78, 0xdb, 0x33, 0x52, 0xed, 0x3b, 0xfa, + 0x3b, 0x74, 0xa3, 0x3d, 0x2c, 0x2f, 0x9c, 0x59, 0x03, 0x07, 0xf8, + 0x22, 0x90, 0xed, 0xe3, 0x45, 0xf8, 0x2a, 0x0a, 0xd8, 0x1d}}}; + +const TPM2B_EC_TEST c_ecTestEcdh_Y = { + {32, {0x58, 0x94, 0x05, 0x82, 0xbe, 0x5f, 0x33, 0x02, 0x25, 0x90, 0x3a, + 0x33, 0x90, 0x89, 0xe3, 0xe5, 0x10, 0x4a, 0xbc, 0x78, 0xa5, 0xc5, + 0x07, 0x64, 0xaf, 0x91, 0xbc, 0xe6, 0xff, 0x85, 0x11, 0x40}}}; + +TPM2B_TYPE(TEST_VALUE, 64); +const TPM2B_TEST_VALUE c_ecTestValue = { + {64, + {0x78, 0xd5, 0xd4, 0x56, 0x43, 0x61, 0xdb, 0x97, 0xa4, 0x32, 0xc4, 0x0b, 0x06, + 0xa9, 0xa8, 0xa0, 0xf4, 0x45, 0x7f, 0x13, 0xd8, 0x13, 0x81, 0x0b, 0xe5, 0x76, + 0xbe, 0xaa, 0xb6, 0x3f, 0x8d, 0x4d, 0x23, 0x65, 0xcc, 0xa7, 0xc9, 0x19, 0x10, + 0xce, 0x69, 0xcb, 0x0c, 0xc7, 0x11, 0x8d, 0xc3, 0xff, 0x62, 0x69, 0xa2, 0xbe, + 0x46, 0x90, 0xe7, 0x7d, 0x81, 0x77, 0x94, 0x65, 0x1c, 0x3e, 0xc1, 0x3e}}}; + +# if ALG_SHA1_VALUE == DEFAULT_TEST_HASH + +const TPM2B_EC_TEST c_TestEcDsa_r = { + {32, {0x57, 0xf3, 0x36, 0xb7, 0xec, 0xc2, 0xdd, 0x76, 0x0e, 0xe2, 0x81, + 0x21, 0x49, 0xc5, 0x66, 0x11, 0x4b, 0x8a, 0x4f, 0x17, 0x62, 0x82, + 0xcc, 0x06, 0xf6, 0x64, 0x78, 0xef, 0x6b, 0x7c, 0xf2, 0x6c}}}; +const TPM2B_EC_TEST c_TestEcDsa_s = { + {32, {0x1b, 0xed, 0x23, 0x72, 0x8f, 0x17, 0x5f, 0x47, 0x2e, 0xa7, 0x97, + 0x2c, 0x51, 0x57, 0x20, 0x70, 0x6f, 0x89, 0x74, 0x8a, 0xa8, 0xf4, + 0x26, 0xf4, 0x96, 0xa1, 0xb8, 0x3e, 0xe5, 0x35, 0xc5, 0x94}}}; + +const TPM2B_EC_TEST c_TestEcSchnorr_r = { + {32, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x1b, 0x08, 0x9f, 0xde, 0xef, 0x62, 0xe3, 0xf1, 0x14, 0xcb, + 0x54, 0x28, 0x13, 0x76, 0xfc, 0x6d, 0x69, 0x22, 0xb5, 0x3e}}}; +const TPM2B_EC_TEST c_TestEcSchnorr_s = { + {32, {0xd9, 0xd3, 0x20, 0xfb, 0x4d, 0x16, 0xf2, 0xe6, 0xe2, 0x45, 0x07, + 0x45, 0x1c, 0x92, 0x92, 0x92, 0xa9, 0x6b, 0x48, 0xf8, 0xd1, 0x98, + 0x29, 0x4d, 0xd3, 0x8f, 0x56, 0xf2, 0xbb, 0x2e, 0x22, 0x3b}}}; + +# endif // SHA1 + +# if ALG_SHA256_VALUE == DEFAULT_TEST_HASH + +const TPM2B_EC_TEST c_TestEcDsa_r = { + {32, {0x04, 0x7d, 0x54, 0xeb, 0x04, 0x6f, 0x56, 0xec, 0xa2, 0x6c, 0x38, + 0x8c, 0xeb, 0x43, 0x0b, 0x71, 0xf8, 0xf2, 0xf4, 0xa5, 0xe0, 0x1d, + 0x3c, 0xa2, 0x39, 0x31, 0xe4, 0xe7, 0x36, 0x3b, 0xb5, 0x5f}}}; +const TPM2B_EC_TEST c_TestEcDsa_s = { + {32, {0x8f, 0xd0, 0x12, 0xd9, 0x24, 0x75, 0xf6, 0xc4, 0x3b, 0xb5, 0x46, + 0x75, 0x3a, 0x41, 0x8d, 0x80, 0x23, 0x99, 0x38, 0xd7, 0xe2, 0x40, + 0xca, 0x9a, 0x19, 0x2a, 0xfc, 0x54, 0x75, 0xd3, 0x4a, 0x6e}}}; + +const TPM2B_EC_TEST c_TestEcSchnorr_r = { + {32, {0xf7, 0xb9, 0x15, 0x4c, 0x34, 0xf6, 0x41, 0x19, 0xa3, 0xd2, 0xf1, + 0xbd, 0xf4, 0x13, 0x6a, 0x4f, 0x63, 0xb8, 0x4d, 0xb5, 0xc8, 0xcd, + 0xde, 0x85, 0x95, 0xa5, 0x39, 0x0a, 0x14, 0x49, 0x3d, 0x2f}}}; +const TPM2B_EC_TEST c_TestEcSchnorr_s = { + {32, {0xfe, 0xbe, 0x17, 0xaa, 0x31, 0x22, 0x9f, 0xd0, 0xd2, 0xf5, 0x25, + 0x04, 0x92, 0xb0, 0xaa, 0x4e, 0xcc, 0x1c, 0xb6, 0x79, 0xd6, 0x42, + 0xb3, 0x4e, 0x3f, 0xbb, 0xfe, 0x5f, 0xd0, 0xd0, 0x8b, 0xc3}}}; + +# endif // SHA256 + +# if ALG_SHA384_VALUE == DEFAULT_TEST_HASH + +const TPM2B_EC_TEST c_TestEcDsa_r = { + {32, {0xf5, 0x74, 0x6d, 0xd6, 0xc6, 0x56, 0x86, 0xbb, 0xba, 0x1c, 0xba, + 0x75, 0x65, 0xee, 0x64, 0x31, 0xce, 0x04, 0xe3, 0x9f, 0x24, 0x3f, + 0xbd, 0xfe, 0x04, 0xcd, 0xab, 0x7e, 0xfe, 0xad, 0xcb, 0x82}}}; +const TPM2B_EC_TEST c_TestEcDsa_s = { + {32, {0xc2, 0x4f, 0x32, 0xa1, 0x06, 0xc0, 0x85, 0x4f, 0xc6, 0xd8, 0x31, + 0x66, 0x91, 0x9f, 0x79, 0xcd, 0x5b, 0xe5, 0x7b, 0x94, 0xa1, 0x91, + 0x38, 0xac, 0xd4, 0x20, 0xa2, 0x10, 0xf0, 0xd5, 0x9d, 0xbf}}}; + +const TPM2B_EC_TEST c_TestEcSchnorr_r = { + {32, {0x1e, 0xb8, 0xe1, 0xbf, 0xa1, 0x9e, 0x39, 0x1e, 0x58, 0xa2, 0xe6, + 0x59, 0xd0, 0x1a, 0x6a, 0x03, 0x6a, 0x1f, 0x1c, 0x4f, 0x36, 0x19, + 0xc1, 0xec, 0x30, 0xa4, 0x85, 0x1b, 0xe9, 0x74, 0x35, 0x66}}}; +const TPM2B_EC_TEST c_TestEcSchnorr_s = { + {32, {0xb9, 0xe6, 0xe3, 0x7e, 0xcb, 0xb9, 0xea, 0xf1, 0xcc, 0xf4, 0x48, + 0x44, 0x4a, 0xda, 0xc8, 0xd7, 0x87, 0xb4, 0xba, 0x40, 0xfe, 0x5b, + 0x68, 0x11, 0x14, 0xcf, 0xa0, 0x0e, 0x85, 0x46, 0x99, 0x01}}}; + +# endif // SHA384 + +# if ALG_SHA512_VALUE == DEFAULT_TEST_HASH + +const TPM2B_EC_TEST c_TestEcDsa_r = { + {32, {0xc9, 0x71, 0xa6, 0xb4, 0xaf, 0x46, 0x26, 0x8c, 0x27, 0x00, 0x06, + 0x3b, 0x00, 0x0f, 0xa3, 0x17, 0x72, 0x48, 0x40, 0x49, 0x4d, 0x51, + 0x4f, 0xa4, 0xcb, 0x7e, 0x86, 0xe9, 0xe7, 0xb4, 0x79, 0xb2}}}; +const TPM2B_EC_TEST c_TestEcDsa_s = { + {32, {0x87, 0xbc, 0xc0, 0xed, 0x74, 0x60, 0x9e, 0xfa, 0x4e, 0xe8, 0x16, + 0xf3, 0xf9, 0x6b, 0x26, 0x07, 0x3c, 0x74, 0x31, 0x7e, 0xf0, 0x62, + 0x46, 0xdc, 0xd6, 0x45, 0x22, 0x47, 0x3e, 0x0c, 0xa0, 0x02}}}; + +const TPM2B_EC_TEST c_TestEcSchnorr_r = { + {32, {0xcc, 0x07, 0xad, 0x65, 0x91, 0xdd, 0xa0, 0x10, 0x23, 0xae, 0x53, + 0xec, 0xdf, 0xf1, 0x50, 0x90, 0x16, 0x96, 0xf4, 0x45, 0x09, 0x73, + 0x9c, 0x84, 0xb5, 0x5c, 0x5f, 0x08, 0x51, 0xcb, 0x60, 0x01}}}; +const TPM2B_EC_TEST c_TestEcSchnorr_s = { + {32, {0x55, 0x20, 0x21, 0x54, 0xe2, 0x49, 0x07, 0x47, 0x71, 0xf4, 0x99, + 0x15, 0x54, 0xf3, 0xab, 0x14, 0xdb, 0x8e, 0xda, 0x79, 0xb6, 0x02, + 0x0e, 0xe3, 0x5e, 0x6f, 0x2c, 0xb6, 0x05, 0xbd, 0x14, 0x10}}}; + +# endif // SHA512 + +#endif // SELF_TEST_DATA diff --git a/src/tpm2/EncryptDecrypt2_fp.h b/src/tpm2/EncryptDecrypt2_fp.h index 76964655..71fb7df6 100644 --- a/src/tpm2/EncryptDecrypt2_fp.h +++ b/src/tpm2/EncryptDecrypt2_fp.h @@ -59,35 +59,41 @@ /* */ /********************************************************************************/ -/* rev 146 */ -#ifndef ENCRYPTDECRYPT2_FP_H -#define ENCRYPTDECRYPT2_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_MAX_BUFFER inData; - TPMI_YES_NO decrypt; - TPMI_ALG_CIPHER_MODE mode; - TPM2B_IV ivIn; +#if CC_EncryptDecrypt2 // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ENCRYPTDECRYPT2_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ENCRYPTDECRYPT2_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT keyHandle; + TPM2B_MAX_BUFFER inData; + TPMI_YES_NO decrypt; + TPMI_ALG_CIPHER_MODE mode; + TPM2B_IV ivIn; } EncryptDecrypt2_In; -#define RC_EncryptDecrypt2_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_EncryptDecrypt2_inData (TPM_RC_P + TPM_RC_1) -#define RC_EncryptDecrypt2_decrypt (TPM_RC_P + TPM_RC_2) -#define RC_EncryptDecrypt2_mode (TPM_RC_P + TPM_RC_3) -#define RC_EncryptDecrypt2_ivIn (TPM_RC_P + TPM_RC_4) - -typedef struct { - TPM2B_MAX_BUFFER outData; - TPM2B_IV ivOut; +// Output structure definition +typedef struct +{ + TPM2B_MAX_BUFFER outData; + TPM2B_IV ivOut; } EncryptDecrypt2_Out; +// Response code modifiers +# define RC_EncryptDecrypt2_keyHandle (TPM_RC_H + TPM_RC_1) +# define RC_EncryptDecrypt2_inData (TPM_RC_P + TPM_RC_1) +# define RC_EncryptDecrypt2_decrypt (TPM_RC_P + TPM_RC_2) +# define RC_EncryptDecrypt2_mode (TPM_RC_P + TPM_RC_3) +# define RC_EncryptDecrypt2_ivIn (TPM_RC_P + TPM_RC_4) + +// Function prototype TPM_RC -TPM2_EncryptDecrypt2( - EncryptDecrypt2_In *in, // IN: input parameter list - EncryptDecrypt2_Out *out // OUT: output parameter list - ); +TPM2_EncryptDecrypt2(EncryptDecrypt2_In* in, EncryptDecrypt2_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ENCRYPTDECRYPT2_FP_H_ +#endif // CC_EncryptDecrypt2 diff --git a/src/tpm2/EncryptDecrypt_fp.h b/src/tpm2/EncryptDecrypt_fp.h index 814acce0..37cf7734 100644 --- a/src/tpm2/EncryptDecrypt_fp.h +++ b/src/tpm2/EncryptDecrypt_fp.h @@ -59,35 +59,41 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef ENCRYPTDECRYPT_FP_H -#define ENCRYPTDECRYPT_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPMI_YES_NO decrypt; - TPMI_ALG_CIPHER_MODE mode; - TPM2B_IV ivIn; - TPM2B_MAX_BUFFER inData; +#if CC_EncryptDecrypt // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ENCRYPTDECRYPT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ENCRYPTDECRYPT_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT keyHandle; + TPMI_YES_NO decrypt; + TPMI_ALG_CIPHER_MODE mode; + TPM2B_IV ivIn; + TPM2B_MAX_BUFFER inData; } EncryptDecrypt_In; -#define RC_EncryptDecrypt_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_EncryptDecrypt_decrypt (TPM_RC_P + TPM_RC_1) -#define RC_EncryptDecrypt_mode (TPM_RC_P + TPM_RC_2) -#define RC_EncryptDecrypt_ivIn (TPM_RC_P + TPM_RC_3) -#define RC_EncryptDecrypt_inData (TPM_RC_P + TPM_RC_4) - -typedef struct { - TPM2B_MAX_BUFFER outData; - TPM2B_IV ivOut; +// Output structure definition +typedef struct +{ + TPM2B_MAX_BUFFER outData; + TPM2B_IV ivOut; } EncryptDecrypt_Out; +// Response code modifiers +# define RC_EncryptDecrypt_keyHandle (TPM_RC_H + TPM_RC_1) +# define RC_EncryptDecrypt_decrypt (TPM_RC_P + TPM_RC_1) +# define RC_EncryptDecrypt_mode (TPM_RC_P + TPM_RC_2) +# define RC_EncryptDecrypt_ivIn (TPM_RC_P + TPM_RC_3) +# define RC_EncryptDecrypt_inData (TPM_RC_P + TPM_RC_4) + +// Function prototype TPM_RC -TPM2_EncryptDecrypt( - EncryptDecrypt_In *in, // IN: input parameter list - EncryptDecrypt_Out *out // OUT: output parameter list - ); +TPM2_EncryptDecrypt(EncryptDecrypt_In* in, EncryptDecrypt_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ENCRYPTDECRYPT_FP_H_ +#endif // CC_EncryptDecrypt diff --git a/src/tpm2/EncryptDecrypt_spt.c b/src/tpm2/EncryptDecrypt_spt.c index 13e8cca4..95d70b67 100644 --- a/src/tpm2/EncryptDecrypt_spt.c +++ b/src/tpm2/EncryptDecrypt_spt.c @@ -59,108 +59,132 @@ /* */ /********************************************************************************/ -/* 7.7 Encrypt Decrypt Support (EncryptDecrypt_spt.c) */ #include "Tpm.h" #include "EncryptDecrypt_fp.h" #include "EncryptDecrypt_spt_fp.h" + #if CC_EncryptDecrypt2 -/* Error Returns Meaning */ -/* TPM_RC_KEY is not a symmetric decryption key with both public and private portions loaded */ -/* TPM_RC_SIZE IvIn size is incompatible with the block cipher mode; or inData size is not an even - multiple of the block size for CBC or ECB mode */ -/* TPM_RC_VALUE keyHandle is restricted and the argument mode does not match the key's mode */ + +/*(See part 3 specification) +// symmetric encryption or decryption +*/ +// Return Type: TPM_RC +// TPM_RC_KEY is not a symmetric decryption key with both +// public and private portions loaded +// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; +// or 'inData' size is not an even multiple of the block +// size for CBC or ECB mode +// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does +// not match the key's mode TPM_RC -EncryptDecryptShared( - TPMI_DH_OBJECT keyHandleIn, - TPMI_YES_NO decryptIn, - TPMI_ALG_SYM_MODE modeIn, - TPM2B_IV *ivIn, - TPM2B_MAX_BUFFER *inData, - EncryptDecrypt_Out *out - ) +EncryptDecryptShared(TPMI_DH_OBJECT keyHandleIn, + TPMI_YES_NO decryptIn, + TPMI_ALG_SYM_MODE modeIn, + TPM2B_IV* ivIn, + TPM2B_MAX_BUFFER* inData, + EncryptDecrypt_Out* out) { - OBJECT *symKey; - UINT16 keySize; - UINT16 blockSize; - BYTE *key; - TPM_ALG_ID alg; - TPM_ALG_ID mode; - TPM_RC result; - BOOL OK; + OBJECT* symKey; + UINT16 keySize; + UINT16 blockSize; + BYTE* key; + TPM_ALG_ID alg; + TPM_ALG_ID mode; + TPM_RC result; + BOOL OK; // Input Validation symKey = HandleToObject(keyHandleIn); - mode = symKey->publicArea.parameters.symDetail.sym.mode.sym; + mode = symKey->publicArea.parameters.symDetail.sym.mode.sym; + // The input key should be a symmetric key if(symKey->publicArea.type != TPM_ALG_SYMCIPHER) - return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; + return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; // The key must be unrestricted and allow the selected operation - OK = !IS_ATTRIBUTE(symKey->publicArea.objectAttributes, - TPMA_OBJECT, restricted); + OK = !IS_ATTRIBUTE(symKey->publicArea.objectAttributes, TPMA_OBJECT, restricted); if(YES == decryptIn) - OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes, - TPMA_OBJECT, decrypt); + OK = OK + && IS_ATTRIBUTE( + symKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt); else - OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes, - TPMA_OBJECT, sign); + OK = OK + && IS_ATTRIBUTE(symKey->publicArea.objectAttributes, TPMA_OBJECT, sign); if(!OK) - return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle; + return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle; + // Make sure that key is an encrypt/decrypt key and not SMAC if(!CryptSymModeIsValid(mode, TRUE)) - return TPM_RCS_MODE + RC_EncryptDecrypt_keyHandle; + return TPM_RCS_MODE + RC_EncryptDecrypt_keyHandle; + // If the key mode is not TPM_ALG_NULL... // or TPM_ALG_NULL if(mode != TPM_ALG_NULL) - { - // then the input mode has to be TPM_ALG_NULL or the same as the key - if((modeIn != TPM_ALG_NULL) && (modeIn != mode)) - return TPM_RCS_MODE + RC_EncryptDecrypt_mode; - } + { + // then the input mode has to be TPM_ALG_NULL or the same as the key + if((modeIn != TPM_ALG_NULL) && (modeIn != mode)) + return TPM_RCS_MODE + RC_EncryptDecrypt_mode; + } else - { - // if the key mode is null, then the input can't be null - if(modeIn == TPM_ALG_NULL) - return TPM_RCS_MODE + RC_EncryptDecrypt_mode; - mode = modeIn; - } + { + // if the key mode is null, then the input can't be null + if(modeIn == TPM_ALG_NULL) + return TPM_RCS_MODE + RC_EncryptDecrypt_mode; + mode = modeIn; + } // The input iv for ECB mode should be an Empty Buffer. All the other modes // should have an iv size same as encryption block size - keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym; - alg = symKey->publicArea.parameters.symDetail.sym.algorithm; + keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym; + alg = symKey->publicArea.parameters.symDetail.sym.algorithm; blockSize = CryptGetSymmetricBlockSize(alg, keySize); + // reverify the algorithm. This is mainly to keep static analysis tools happy if(blockSize == 0) - return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; + return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; + if(((mode == TPM_ALG_ECB) && (ivIn->t.size != 0)) || ((mode != TPM_ALG_ECB) && (ivIn->t.size != blockSize))) - return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn; + return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn; + // The input data size of CBC mode or ECB mode must be an even multiple of // the symmetric algorithm's block size if(((mode == TPM_ALG_CBC) || (mode == TPM_ALG_ECB)) && ((inData->t.size % blockSize) != 0)) - return TPM_RCS_SIZE + RC_EncryptDecrypt_inData; + return TPM_RCS_SIZE + RC_EncryptDecrypt_inData; + // Copy IV // Note: This is copied here so that the calls to the encrypt/decrypt functions // will modify the output buffer, not the input buffer out->ivOut = *ivIn; + // Command Output key = symKey->sensitive.sensitive.sym.t.buffer; // For symmetric encryption, the cipher data size is the same as plain data // size. out->outData.t.size = inData->t.size; if(decryptIn == YES) - { - // Decrypt data to output - result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key, - &(out->ivOut), mode, inData->t.size, - inData->t.buffer); - } + { + // Decrypt data to output + result = CryptSymmetricDecrypt(out->outData.t.buffer, + alg, + keySize, + key, + &(out->ivOut), + mode, + inData->t.size, + inData->t.buffer); + } else - { - // Encrypt data to output - result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key, - &(out->ivOut), mode, inData->t.size, - inData->t.buffer); - } + { + // Encrypt data to output + result = CryptSymmetricEncrypt(out->outData.t.buffer, + alg, + keySize, + key, + &(out->ivOut), + mode, + inData->t.size, + inData->t.buffer); + } return result; } -#endif // CC_EncryptDecrypt + +#endif // CC_EncryptDecrypt diff --git a/src/tpm2/EncryptDecrypt_spt_fp.h b/src/tpm2/EncryptDecrypt_spt_fp.h index 563a435e..bca20b70 100644 --- a/src/tpm2/EncryptDecrypt_spt_fp.h +++ b/src/tpm2/EncryptDecrypt_spt_fp.h @@ -59,17 +59,31 @@ /* */ /********************************************************************************/ -#ifndef ENCRYPTDECRYPT_SPT_FP_H -#define ENCRYPTDECRYPT_SPT_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ +#ifndef _ENCRYPT_DECRYPT_SPT_FP_H_ +#define _ENCRYPT_DECRYPT_SPT_FP_H_ + +#if CC_EncryptDecrypt2 + +// Return Type: TPM_RC +// TPM_RC_KEY is not a symmetric decryption key with both +// public and private portions loaded +// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; +// or 'inData' size is not an even multiple of the block +// size for CBC or ECB mode +// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does +// not match the key's mode TPM_RC -EncryptDecryptShared( - TPMI_DH_OBJECT keyHandleIn, - TPMI_YES_NO decryptIn, - TPMI_ALG_SYM_MODE modeIn, - TPM2B_IV *ivIn, - TPM2B_MAX_BUFFER *inData, - EncryptDecrypt_Out *out - ); +EncryptDecryptShared(TPMI_DH_OBJECT keyHandleIn, + TPMI_YES_NO decryptIn, + TPMI_ALG_SYM_MODE modeIn, + TPM2B_IV* ivIn, + TPM2B_MAX_BUFFER* inData, + EncryptDecrypt_Out* out); +#endif // CC_EncryptDecrypt -#endif +#endif // _ENCRYPT_DECRYPT_SPT_FP_H_ diff --git a/src/tpm2/Entity.c b/src/tpm2/Entity.c index f9fc30c6..7d38e67e 100644 --- a/src/tpm2/Entity.c +++ b/src/tpm2/Entity.c @@ -78,133 +78,133 @@ // space to load it to RAM TPM_RC EntityGetLoadStatus(COMMAND* command // IN/OUT: command parsing structure - ) +) { UINT32 i; TPM_RC result = TPM_RC_SUCCESS; // for(i = 0; i < command->handleNum; i++) - { - TPM_HANDLE handle = command->handles[i]; - switch(HandleGetType(handle)) - { - // For handles associated with hierarchies, the entity is present - // only if the associated enable is SET. - case TPM_HT_PERMANENT: - switch(handle) - { - // First handle non-hierarchy cases + { + TPM_HANDLE handle = command->handles[i]; + switch(HandleGetType(handle)) + { + // For handles associated with hierarchies, the entity is present + // only if the associated enable is SET. + case TPM_HT_PERMANENT: + switch(handle) + { + // First handle non-hierarchy cases #if VENDOR_PERMANENT_AUTH_ENABLED == YES - case VENDOR_PERMANENT_AUTH_HANDLE: - if(!gc.ehEnable) - result = TPM_RC_HIERARCHY; - break; + case VENDOR_PERMANENT_AUTH_HANDLE: + if(!gc.ehEnable) + result = TPM_RC_HIERARCHY; + break; #endif - // PW session handle and lockout handle are always available - case TPM_RS_PW: - // Need to be careful for lockout. Lockout is always available - // for policy checks but not always available when authValue - // is being checked. - case TPM_RH_LOCKOUT: - // Rather than have #ifdefs all over the code, - // CASE_ACT_HANDLE is defined in ACT.h. It is 'case TPM_RH_ACT_x:' - // FOR_EACH_ACT(CASE_ACT_HANDLE) creates a simple - // case TPM_RH_ACT_x: // for each of the implemented ACT. - FOR_EACH_ACT(CASE_ACT_HANDLE) - break; - default: - // If the implementation has a manufacturer-specific value - // then test for it here. Since this implementation does - // not have any, this implementation returns the same failure - // that unmarshaling of a bad handle would produce. - if(((TPM_RH)handle >= TPM_RH_AUTH_00) - && ((TPM_RH)handle <= TPM_RH_AUTH_FF)) - // if the implementation has a manufacturer-specific value - result = TPM_RC_VALUE; - else - // The handle either refers to a hierarchy or is invalid. - result = ValidateHierarchy(handle); - break; - } - break; - case TPM_HT_TRANSIENT: - // For a transient object, check if the handle is associated - // with a loaded object. - if(!IsObjectPresent(handle)) - result = TPM_RC_REFERENCE_H0; - break; - case TPM_HT_PERSISTENT: - // Persistent object - // Copy the persistent object to RAM and replace the handle with the - // handle of the assigned slot. A TPM_RC_OBJECT_MEMORY, - // TPM_RC_HIERARCHY or TPM_RC_REFERENCE_H0 error may be returned by - // ObjectLoadEvict() - result = ObjectLoadEvict(&command->handles[i], command->index); - break; - case TPM_HT_HMAC_SESSION: - // For an HMAC session, see if the session is loaded - // and if the session in the session slot is actually - // an HMAC session. - if(SessionIsLoaded(handle)) - { - SESSION* session; - session = SessionGet(handle); - // Check if the session is a HMAC session - if(session->attributes.isPolicy == SET) - result = TPM_RC_HANDLE; - } - else - result = TPM_RC_REFERENCE_H0; - break; - case TPM_HT_POLICY_SESSION: - // For a policy session, see if the session is loaded - // and if the session in the session slot is actually - // a policy session. - if(SessionIsLoaded(handle)) - { - SESSION* session; - session = SessionGet(handle); - // Check if the session is a policy session - if(session->attributes.isPolicy == CLEAR) - result = TPM_RC_HANDLE; - } - else - result = TPM_RC_REFERENCE_H0; - break; - case TPM_HT_NV_INDEX: - // For an NV Index, use the TPM-specific routine - // to search the IN Index space. - result = NvIndexIsAccessible(handle); - break; - case TPM_HT_PCR: - // Any PCR handle that is unmarshaled successfully referenced - // a PCR that is defined. - break; + // PW session handle and lockout handle are always available + case TPM_RS_PW: + // Need to be careful for lockout. Lockout is always available + // for policy checks but not always available when authValue + // is being checked. + case TPM_RH_LOCKOUT: + // Rather than have #ifdefs all over the code, + // CASE_ACT_HANDLE is defined in ACT.h. It is 'case TPM_RH_ACT_x:' + // FOR_EACH_ACT(CASE_ACT_HANDLE) creates a simple + // case TPM_RH_ACT_x: // for each of the implemented ACT. + FOR_EACH_ACT(CASE_ACT_HANDLE) + break; + default: + // If the implementation has a manufacturer-specific value + // then test for it here. Since this implementation does + // not have any, this implementation returns the same failure + // that unmarshaling of a bad handle would produce. + if(((TPM_RH)handle >= TPM_RH_AUTH_00) + && ((TPM_RH)handle <= TPM_RH_AUTH_FF)) + // if the implementation has a manufacturer-specific value + result = TPM_RC_VALUE; + else + // The handle either refers to a hierarchy or is invalid. + result = ValidateHierarchy(handle); + break; + } + break; + case TPM_HT_TRANSIENT: + // For a transient object, check if the handle is associated + // with a loaded object. + if(!IsObjectPresent(handle)) + result = TPM_RC_REFERENCE_H0; + break; + case TPM_HT_PERSISTENT: + // Persistent object + // Copy the persistent object to RAM and replace the handle with the + // handle of the assigned slot. A TPM_RC_OBJECT_MEMORY, + // TPM_RC_HIERARCHY or TPM_RC_REFERENCE_H0 error may be returned by + // ObjectLoadEvict() + result = ObjectLoadEvict(&command->handles[i], command->index); + break; + case TPM_HT_HMAC_SESSION: + // For an HMAC session, see if the session is loaded + // and if the session in the session slot is actually + // an HMAC session. + if(SessionIsLoaded(handle)) + { + SESSION* session; + session = SessionGet(handle); + // Check if the session is a HMAC session + if(session->attributes.isPolicy == SET) + result = TPM_RC_HANDLE; + } + else + result = TPM_RC_REFERENCE_H0; + break; + case TPM_HT_POLICY_SESSION: + // For a policy session, see if the session is loaded + // and if the session in the session slot is actually + // a policy session. + if(SessionIsLoaded(handle)) + { + SESSION* session; + session = SessionGet(handle); + // Check if the session is a policy session + if(session->attributes.isPolicy == CLEAR) + result = TPM_RC_HANDLE; + } + else + result = TPM_RC_REFERENCE_H0; + break; + case TPM_HT_NV_INDEX: + // For an NV Index, use the TPM-specific routine + // to search the IN Index space. + result = NvIndexIsAccessible(handle); + break; + case TPM_HT_PCR: + // Any PCR handle that is unmarshaled successfully referenced + // a PCR that is defined. + break; #if CC_AC_Send - case TPM_HT_AC: - // Use the TPM-specific routine to search for the AC - result = AcIsAccessible(handle); - break; + case TPM_HT_AC: + // Use the TPM-specific routine to search for the AC + result = AcIsAccessible(handle); + break; #endif - case TPM_HT_EXTERNAL_NV: - case TPM_HT_PERMANENT_NV: - // Not yet supported. - result = TPM_RC_VALUE; - break; - default: - // Any other handle type is a defect in the unmarshaling code. - FAIL(FATAL_ERROR_INTERNAL); - break; - } - if(result != TPM_RC_SUCCESS) - { - if(result == TPM_RC_REFERENCE_H0) - result = result + i; - else - result = RcSafeAddToResult(result, TPM_RC_H + g_rcIndex[i]); - break; - } - } + case TPM_HT_EXTERNAL_NV: + case TPM_HT_PERMANENT_NV: + // Not yet supported. + result = TPM_RC_VALUE; + break; + default: + // Any other handle type is a defect in the unmarshaling code. + FAIL(FATAL_ERROR_INTERNAL); + break; + } + if(result != TPM_RC_SUCCESS) + { + if(result == TPM_RC_REFERENCE_H0) + result = result + i; + else + result = RcSafeAddToResult(result, TPM_RC_H + g_rcIndex[i]); + break; + } + } return result; } @@ -221,96 +221,96 @@ EntityGetLoadStatus(COMMAND* command // IN/OUT: command parsing structure UINT16 EntityGetAuthValue(TPMI_DH_ENTITY handle, // IN: handle of entity TPM2B_AUTH* auth // OUT: authValue of the entity - ) +) { TPM2B_AUTH* pAuth = NULL; auth->t.size = 0; switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - { - switch(HierarchyNormalizeHandle(handle)) - { - case TPM_RH_OWNER: - // ownerAuth for TPM_RH_OWNER - pAuth = &gp.ownerAuth; - break; - case TPM_RH_ENDORSEMENT: - // endorsementAuth for TPM_RH_ENDORSEMENT - pAuth = &gp.endorsementAuth; - break; + { + case TPM_HT_PERMANENT: + { + switch(HierarchyNormalizeHandle(handle)) + { + case TPM_RH_OWNER: + // ownerAuth for TPM_RH_OWNER + pAuth = &gp.ownerAuth; + break; + case TPM_RH_ENDORSEMENT: + // endorsementAuth for TPM_RH_ENDORSEMENT + pAuth = &gp.endorsementAuth; + break; - // The ACT use platformAuth for auth - FOR_EACH_ACT(CASE_ACT_HANDLE) + // The ACT use platformAuth for auth + FOR_EACH_ACT(CASE_ACT_HANDLE) - case TPM_RH_PLATFORM: - // platformAuth for TPM_RH_PLATFORM - pAuth = &gc.platformAuth; - break; - case TPM_RH_LOCKOUT: - // lockoutAuth for TPM_RH_LOCKOUT - pAuth = &gp.lockoutAuth; - break; - case TPM_RH_NULL: - // nullAuth for TPM_RH_NULL. Return 0 directly here - return 0; - break; + case TPM_RH_PLATFORM: + // platformAuth for TPM_RH_PLATFORM + pAuth = &gc.platformAuth; + break; + case TPM_RH_LOCKOUT: + // lockoutAuth for TPM_RH_LOCKOUT + pAuth = &gp.lockoutAuth; + break; + case TPM_RH_NULL: + // nullAuth for TPM_RH_NULL. Return 0 directly here + return 0; + break; #if VENDOR_PERMANENT_AUTH_ENABLED == YES - case VENDOR_PERMANENT_AUTH_HANDLE: - // vendor authorization value - pAuth = &g_platformUniqueAuth; + case VENDOR_PERMANENT_AUTH_HANDLE: + // vendor authorization value + pAuth = &g_platformUniqueAuth; #endif - default: - // If any other permanent handle is present it is - // a code defect. - FAIL(FATAL_ERROR_INTERNAL); - break; - } - break; - } - case TPM_HT_TRANSIENT: + default: + // If any other permanent handle is present it is + // a code defect. + FAIL(FATAL_ERROR_INTERNAL); + break; + } + break; + } + case TPM_HT_TRANSIENT: // authValue for an object // A persistent object would have been copied into RAM // and would have an transient object handle here. - { - OBJECT* object; + { + OBJECT* object; - object = HandleToObject(handle); - // special handling if this is a sequence object - if(ObjectIsSequence(object)) - { - pAuth = &((HASH_OBJECT*)object)->auth; - } - else - { - // Authorization is available only when the private portion of - // the object is loaded. The check should be made before - // this function is called - pAssert(object->attributes.publicOnly == CLEAR); - pAuth = &object->sensitive.authValue; - } - } - break; - case TPM_HT_NV_INDEX: + object = HandleToObject(handle); + // special handling if this is a sequence object + if(ObjectIsSequence(object)) + { + pAuth = &((HASH_OBJECT*)object)->auth; + } + else + { + // Authorization is available only when the private portion of + // the object is loaded. The check should be made before + // this function is called + pAssert(object->attributes.publicOnly == CLEAR); + pAuth = &object->sensitive.authValue; + } + } + break; + case TPM_HT_NV_INDEX: // authValue for an NV index - { - NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); - pAssert(nvIndex != NULL); - pAuth = &nvIndex->authValue; - } - break; - case TPM_HT_PCR: + { + NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); + pAssert(nvIndex != NULL); + pAuth = &nvIndex->authValue; + } + break; + case TPM_HT_PCR: // authValue for PCR pAuth = PCRGetAuthValue(handle); break; - default: + default: // If any other handle type is present here, then there is a defect // in the unmarshaling code. FAIL(FATAL_ERROR_INTERNAL); break; - } + } // Copy the authValue MemoryCopy2B((TPM2B*)auth, (TPM2B*)pAuth, sizeof(auth->t.buffer)); MemoryRemoveTrailingZeros(auth); @@ -330,74 +330,74 @@ EntityGetAuthValue(TPMI_DH_ENTITY handle, // IN: handle of entity TPMI_ALG_HASH EntityGetAuthPolicy(TPMI_DH_ENTITY handle, // IN: handle of entity TPM2B_DIGEST* authPolicy // OUT: authPolicy of the entity - ) +) { TPMI_ALG_HASH hashAlg = TPM_ALG_NULL; authPolicy->t.size = 0; switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: + { + case TPM_HT_PERMANENT: switch(HierarchyNormalizeHandle(handle)) - { - case TPM_RH_OWNER: + { + case TPM_RH_OWNER: // ownerPolicy for TPM_RH_OWNER *authPolicy = gp.ownerPolicy; hashAlg = gp.ownerAlg; break; - case TPM_RH_ENDORSEMENT: + case TPM_RH_ENDORSEMENT: // endorsementPolicy for TPM_RH_ENDORSEMENT *authPolicy = gp.endorsementPolicy; hashAlg = gp.endorsementAlg; break; - case TPM_RH_PLATFORM: + case TPM_RH_PLATFORM: // platformPolicy for TPM_RH_PLATFORM *authPolicy = gc.platformPolicy; hashAlg = gc.platformAlg; break; - case TPM_RH_LOCKOUT: + case TPM_RH_LOCKOUT: // lockoutPolicy for TPM_RH_LOCKOUT *authPolicy = gp.lockoutPolicy; hashAlg = gp.lockoutAlg; break; -#define ACT_GET_POLICY(N) \ - case TPM_RH_ACT_##N: \ - *authPolicy = go.ACT_##N.authPolicy; \ - hashAlg = go.ACT_##N.hashAlg; \ - break; +#define ACT_GET_POLICY(N) \ + case TPM_RH_ACT_##N: \ + *authPolicy = go.ACT_##N.authPolicy; \ + hashAlg = go.ACT_##N.hashAlg; \ + break; // Get the policy for each implemented ACT FOR_EACH_ACT(ACT_GET_POLICY) - default: + default: hashAlg = TPM_ALG_ERROR; break; - } + } break; - case TPM_HT_TRANSIENT: + case TPM_HT_TRANSIENT: // authPolicy for an object - { - OBJECT* object = HandleToObject(handle); - *authPolicy = object->publicArea.authPolicy; - hashAlg = object->publicArea.nameAlg; - } - break; - case TPM_HT_NV_INDEX: + { + OBJECT* object = HandleToObject(handle); + *authPolicy = object->publicArea.authPolicy; + hashAlg = object->publicArea.nameAlg; + } + break; + case TPM_HT_NV_INDEX: // authPolicy for a NV index - { - NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); - pAssert(nvIndex != 0); - *authPolicy = nvIndex->publicArea.authPolicy; - hashAlg = nvIndex->publicArea.nameAlg; - } - break; - case TPM_HT_PCR: + { + NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); + pAssert(nvIndex != 0); + *authPolicy = nvIndex->publicArea.authPolicy; + hashAlg = nvIndex->publicArea.nameAlg; + } + break; + case TPM_HT_PCR: // authPolicy for a PCR hashAlg = PCRGetAuthPolicy(handle, authPolicy); break; - default: + default: // If any other handle type is present it is a code defect. FAIL(FATAL_ERROR_INTERNAL); break; - } + } return hashAlg; } @@ -405,31 +405,31 @@ EntityGetAuthPolicy(TPMI_DH_ENTITY handle, // IN: handle of entity // This function returns the Name associated with a handle. TPM2B_NAME* EntityGetName(TPMI_DH_ENTITY handle, // IN: handle of entity TPM2B_NAME* name // OUT: name of entity - ) +) { switch(HandleGetType(handle)) - { - case TPM_HT_TRANSIENT: - { - // Name for an object - OBJECT* object = HandleToObject(handle); - // an object with no nameAlg has no name - if(object->publicArea.nameAlg == TPM_ALG_NULL) - name->b.size = 0; - else - *name = object->name; - break; - } - case TPM_HT_NV_INDEX: + { + case TPM_HT_TRANSIENT: + { + // Name for an object + OBJECT* object = HandleToObject(handle); + // an object with no nameAlg has no name + if(object->publicArea.nameAlg == TPM_ALG_NULL) + name->b.size = 0; + else + *name = object->name; + break; + } + case TPM_HT_NV_INDEX: // Name for a NV index NvGetNameByIndexHandle(handle, name); break; - default: + default: // For all other types, the handle is the Name name->t.size = sizeof(TPM_HANDLE); UINT32_TO_BYTE_ARRAY(handle, name->t.name); break; - } + } return name; } @@ -441,77 +441,77 @@ TPM2B_NAME* EntityGetName(TPMI_DH_ENTITY handle, // IN: handle of entity // c) An object handle belongs to its hierarchy. TPMI_RH_HIERARCHY EntityGetHierarchy(TPMI_DH_ENTITY handle // IN :handle of entity - ) +) { TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL; switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: + { + case TPM_HT_PERMANENT: // hierarchy for a permanent handle if(HierarchyIsFirmwareLimited(handle) || HierarchyIsSvnLimited(handle)) - { - hierarchy = handle; - break; - } + { + hierarchy = handle; + break; + } switch(handle) - { - case TPM_RH_PLATFORM: - case TPM_RH_ENDORSEMENT: - case TPM_RH_NULL: + { + case TPM_RH_PLATFORM: + case TPM_RH_ENDORSEMENT: + case TPM_RH_NULL: hierarchy = handle; break; - // all other permanent handles are associated with the owner - // hierarchy. (should only be TPM_RH_OWNER and TPM_RH_LOCKOUT) - default: + // all other permanent handles are associated with the owner + // hierarchy. (should only be TPM_RH_OWNER and TPM_RH_LOCKOUT) + default: hierarchy = TPM_RH_OWNER; break; - } + } break; - case TPM_HT_NV_INDEX: + case TPM_HT_NV_INDEX: // hierarchy for NV index - { - NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); - pAssert(nvIndex != NULL); + { + NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); + pAssert(nvIndex != NULL); - // If only the platform can delete the index, then it is - // considered to be in the platform hierarchy, otherwise it - // is in the owner hierarchy. - if(IS_ATTRIBUTE( - nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) - hierarchy = TPM_RH_PLATFORM; - else - hierarchy = TPM_RH_OWNER; - } - break; - case TPM_HT_TRANSIENT: + // If only the platform can delete the index, then it is + // considered to be in the platform hierarchy, otherwise it + // is in the owner hierarchy. + if(IS_ATTRIBUTE( + nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) + hierarchy = TPM_RH_PLATFORM; + else + hierarchy = TPM_RH_OWNER; + } + break; + case TPM_HT_TRANSIENT: // hierarchy for an object - { - OBJECT* object; - object = HandleToObject(handle); - if(object->attributes.ppsHierarchy) - { - hierarchy = TPM_RH_PLATFORM; - } - else if(object->attributes.epsHierarchy) - { - hierarchy = TPM_RH_ENDORSEMENT; - } - else if(object->attributes.spsHierarchy) - { - hierarchy = TPM_RH_OWNER; - } - } - break; - case TPM_HT_PCR: + { + OBJECT* object; + object = HandleToObject(handle); + if(object->attributes.ppsHierarchy) + { + hierarchy = TPM_RH_PLATFORM; + } + else if(object->attributes.epsHierarchy) + { + hierarchy = TPM_RH_ENDORSEMENT; + } + else if(object->attributes.spsHierarchy) + { + hierarchy = TPM_RH_OWNER; + } + } + break; + case TPM_HT_PCR: hierarchy = TPM_RH_OWNER; break; - default: + default: FAIL(FATAL_ERROR_INTERNAL); break; - } + } // this is unreachable but it provides a return value for the default // case which makes the complier happy return hierarchy; diff --git a/src/tpm2/Entity_fp.h b/src/tpm2/Entity_fp.h index fd94a872..e93f9c20 100644 --- a/src/tpm2/Entity_fp.h +++ b/src/tpm2/Entity_fp.h @@ -59,32 +59,71 @@ /* */ /********************************************************************************/ -#ifndef ENTITY_FP_H -#define ENTITY_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 7, 2020 Time: 07:19:36PM + */ +#ifndef _ENTITY_FP_H_ +#define _ENTITY_FP_H_ + +//** Functions +//*** EntityGetLoadStatus() +// This function will check that all the handles access loaded entities. +// Return Type: TPM_RC +// TPM_RC_HANDLE handle type does not match +// TPM_RC_REFERENCE_Hx entity is not present +// TPM_RC_HIERARCHY entity belongs to a disabled hierarchy +// TPM_RC_OBJECT_MEMORY handle is an evict object but there is no +// space to load it to RAM TPM_RC -EntityGetLoadStatus( - COMMAND *command // IN/OUT: command parsing structure - ); +EntityGetLoadStatus(COMMAND* command // IN/OUT: command parsing structure +); + +//*** EntityGetAuthValue() +// This function is used to access the 'authValue' associated with a handle. +// This function assumes that the handle references an entity that is accessible +// and the handle is not for a persistent objects. That is EntityGetLoadStatus() +// should have been called. Also, the accessibility of the authValue should have +// been verified by IsAuthValueAvailable(). +// +// This function copies the authorization value of the entity to 'auth'. +// Return Type: UINT16 +// count number of bytes in the authValue with 0's stripped UINT16 -EntityGetAuthValue( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_AUTH *auth // OUT: authValue of the entity - ); +EntityGetAuthValue(TPMI_DH_ENTITY handle, // IN: handle of entity + TPM2B_AUTH* auth // OUT: authValue of the entity +); + +//*** EntityGetAuthPolicy() +// This function is used to access the 'authPolicy' associated with a handle. +// This function assumes that the handle references an entity that is accessible +// and the handle is not for a persistent objects. That is EntityGetLoadStatus() +// should have been called. Also, the accessibility of the authPolicy should have +// been verified by IsAuthPolicyAvailable(). +// +// This function copies the authorization policy of the entity to 'authPolicy'. +// +// The return value is the hash algorithm for the policy. TPMI_ALG_HASH -EntityGetAuthPolicy( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity - ); -TPM2B_NAME * -EntityGetName( - TPMI_DH_ENTITY handle, // IN: handle of entity - TPM2B_NAME *name // OUT: name of entity - ); +EntityGetAuthPolicy(TPMI_DH_ENTITY handle, // IN: handle of entity + TPM2B_DIGEST* authPolicy // OUT: authPolicy of the entity +); + +//*** EntityGetName() +// This function returns the Name associated with a handle. +TPM2B_NAME* EntityGetName(TPMI_DH_ENTITY handle, // IN: handle of entity + TPM2B_NAME* name // OUT: name of entity +); + +//*** EntityGetHierarchy() +// This function returns the hierarchy handle associated with an entity. +// a) A handle that is a hierarchy handle is associated with itself. +// b) An NV index belongs to TPM_RH_PLATFORM if TPMA_NV_PLATFORMCREATE, +// is SET, otherwise it belongs to TPM_RH_OWNER +// c) An object handle belongs to its hierarchy. TPMI_RH_HIERARCHY -EntityGetHierarchy( - TPMI_DH_ENTITY handle // IN :handle of entity - ); +EntityGetHierarchy(TPMI_DH_ENTITY handle // IN :handle of entity +); - -#endif +#endif // _ENTITY_FP_H_ diff --git a/src/tpm2/Entropy.c b/src/tpm2/Entropy.c index 0f755156..7a0c4b12 100644 --- a/src/tpm2/Entropy.c +++ b/src/tpm2/Entropy.c @@ -59,8 +59,8 @@ /* */ /********************************************************************************/ -/* C.4 Entropy.c */ -/* C.4.1. Includes and Local values*/ +//** Includes and Local Values + #define _CRT_RAND_S #include #include @@ -70,31 +70,31 @@ #include #include "Platform.h" -#if defined _MSC_VER || defined _MINGW -#include +#if defined _MSC_VER || defined _MINGW // libtpms changed +# include #else -#include +# include #endif -/* This is the last 32-bits of hardware entropy produced. We have to check to see that two - consecutive 32-bit values are not the same because (according to FIPS 140-2, annex C */ -/* "If each call to a RNG produces blocks of n bits (where n > 15), the first n-bit block generated - after power-up, initialization, or reset shall not be used, but shall be saved for comparison - with the next n-bit block to be generated. Each subsequent generation of an n-bit block shall be - compared with the previously generated block. The test shall fail if any two compared n-bit - blocks are equal." */ -extern uint32_t lastEntropy; +// This is the last 32-bits of hardware entropy produced. We have to check to +// see that two consecutive 32-bit values are not the same because +// according to FIPS 140-2, annex C: +// +// "If each call to an RNG produces blocks of n bits (where n > 15), the first +// n-bit block generated after power-up, initialization, or reset shall not be +// used, but shall be saved for comparison with the next n-bit block to be +// generated. Each subsequent generation of an n-bit block shall be compared with +// the previously generated block. The test shall fail if any two compared n-bit +// blocks are equal." +extern uint32_t lastEntropy; -/* C.4.2. Functions */ -/* C.4.2.1. rand32() */ -/* Local function to get a 32-bit random number */ +//** Functions -static uint32_t -rand32( - void - ) +//*** rand32() +// Local function to get a 32-bit random number +static uint32_t rand32(void) { - uint32_t rndNum = rand(); + uint32_t rndNum = rand(); #if RAND_MAX < UINT16_MAX // If the maximum value of the random number is a 15-bit number, then shift it up // 15 bits, get 15 more bits, shift that up 2 and then XOR in another value to get @@ -111,20 +111,20 @@ rand32( return rndNum; } -/* C.4.2.2 _plat__GetEntropy() */ -/* This function is used to get available hardware entropy. In a hardware implementation of this - function, there would be no call to the system to get entropy. */ -/* Return Values Meaning */ -/* < 0 hardware failure of the entropy generator, this is sticky */ -/* >= 0 the returned amount of entropy (bytes) */ -LIB_EXPORT int32_t -_plat__GetEntropy( - unsigned char *entropy, // output buffer - uint32_t amount // amount requested - ) +//*** _plat__GetEntropy() +// This function is used to get available hardware entropy. In a hardware +// implementation of this function, there would be no call to the system +// to get entropy. +// Return Type: int32_t +// < 0 hardware failure of the entropy generator, this is sticky +// >= 0 the returned amount of entropy (bytes) +// +LIB_EXPORT int32_t _plat__GetEntropy(unsigned char* entropy, // output buffer + uint32_t amount // amount requested +) { - uint32_t rndNum; - int32_t ret; + uint32_t rndNum; + int32_t ret; // // libtpms added begin if (amount > 0 && RAND_bytes(entropy, amount) == 1) @@ -133,53 +133,53 @@ _plat__GetEntropy( // libtpms added end if(amount == 0) - { - // Seed the platform entropy source if the entropy source is software. There is - // no reason to put a guard macro (#if or #ifdef) around this code because this - // code would not be here if someone was changing it for a system with actual - // hardware. - // - // NOTE 1: The following command does not provide proper cryptographic entropy. - // Its primary purpose to make sure that different instances of the simulator, - // possibly started by a script on the same machine, are seeded differently. - // Vendors of the actual TPMs need to ensure availability of proper entropy - // using their platform specific means. - // - // NOTE 2: In debug builds by default the reference implementation will seed - // its RNG deterministically (without using any platform provided randomness). - // See the USE_DEBUG_RNG macro and DRBG_GetEntropy() function. -#if defined _MSC_VER || defined _MINGW - srand((unsigned)_plat__RealTime() ^ _getpid()); + { + // Seed the platform entropy source if the entropy source is software. There + // is no reason to put a guard macro (#if or #ifdef) around this code because + // this code would not be here if someone was changing it for a system with + // actual hardware. + // + // NOTE 1: The following command does not provide proper cryptographic + // entropy. Its primary purpose to make sure that different instances of the + // simulator, possibly started by a script on the same machine, are seeded + // differently. Vendors of the actual TPMs need to ensure availability of + // proper entropy using their platform-specific means. + // + // NOTE 2: In debug builds by default the reference implementation will seed + // its RNG deterministically (without using any platform provided randomness). + // See the USE_DEBUG_RNG macro and DRBG_GetEntropy() function. +#if defined _MSC_VER || defined _MINGW // libtpms changed + srand((unsigned)_plat__RealTime() ^ _getpid()); #else - srand((unsigned)_plat__RealTime() ^ getpid()); + srand((unsigned)_plat__RealTime() ^ getpid()); #endif - lastEntropy = rand32(); - ret = 0; - } + lastEntropy = rand32(); + ret = 0; + } else - { - rndNum = rand32(); - if(rndNum == lastEntropy) - { - ret = -1; - } - else - { - lastEntropy = rndNum; - // Each process will have its random number generator initialized according - // to the process id and the initialization time. This is not a lot of - // entropy so, to add a bit more, XOR the current time value into the - // returned entropy value. - // NOTE: the reason for including the time here rather than have it in - // in the value assigned to lastEntropy is that rand() could be broken and - // using the time would in the lastEntropy value would hide this. - rndNum ^= (uint32_t)_plat__RealTime(); - // Only provide entropy 32 bits at a time to test the ability - // of the caller to deal with partial results. - ret = MIN(amount, sizeof(rndNum)); - memcpy(entropy, &rndNum, ret); - } - } + { + rndNum = rand32(); + if(rndNum == lastEntropy) + { + ret = -1; + } + else + { + lastEntropy = rndNum; + // Each process will have its random number generator initialized + // according to the process id and the initialization time. This is not a + // lot of entropy so, to add a bit more, XOR the current time value into + // the returned entropy value. + // NOTE: the reason for including the time here rather than have it in + // in the value assigned to lastEntropy is that rand() could be broken and + // using the time would in the lastEntropy value would hide this. + rndNum ^= (uint32_t)_plat__RealTime(); + + // Only provide entropy 32 bits at a time to test the ability + // of the caller to deal with partial results. + ret = MIN(amount, sizeof(rndNum)); + memcpy(entropy, &rndNum, ret); + } + } return ret; } - diff --git a/src/tpm2/EventSequenceComplete_fp.h b/src/tpm2/EventSequenceComplete_fp.h index aa75a81d..6ca9ef9d 100644 --- a/src/tpm2/EventSequenceComplete_fp.h +++ b/src/tpm2/EventSequenceComplete_fp.h @@ -59,30 +59,37 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef EVENTSEQUENCECOMPLETE_FP_H -#define EVENTSEQUENCECOMPLETE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_PCR pcrHandle; - TPMI_DH_OBJECT sequenceHandle; - TPM2B_MAX_BUFFER buffer; +#if CC_EventSequenceComplete // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_EVENTSEQUENCECOMPLETE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_EVENTSEQUENCECOMPLETE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_PCR pcrHandle; + TPMI_DH_OBJECT sequenceHandle; + TPM2B_MAX_BUFFER buffer; } EventSequenceComplete_In; -#define RC_EventSequenceComplete_pcrHandle (TPM_RC_H + TPM_RC_1) -#define RC_EventSequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_2) -#define RC_EventSequenceComplete_buffer (TPM_RC_P + TPM_RC_1) - -typedef struct { - TPML_DIGEST_VALUES results; +// Output structure definition +typedef struct +{ + TPML_DIGEST_VALUES results; } EventSequenceComplete_Out; +// Response code modifiers +# define RC_EventSequenceComplete_pcrHandle (TPM_RC_H + TPM_RC_1) +# define RC_EventSequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_2) +# define RC_EventSequenceComplete_buffer (TPM_RC_P + TPM_RC_1) + +// Function prototype TPM_RC -TPM2_EventSequenceComplete( - EventSequenceComplete_In *in, // IN: input parameter list - EventSequenceComplete_Out *out // OUT: output parameter list - ); +TPM2_EventSequenceComplete(EventSequenceComplete_In* in, + EventSequenceComplete_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_EVENTSEQUENCECOMPLETE_FP_H_ +#endif // CC_EventSequenceComplete diff --git a/src/tpm2/EvictControl_fp.h b/src/tpm2/EvictControl_fp.h index 0de7abb3..57b9a91e 100644 --- a/src/tpm2/EvictControl_fp.h +++ b/src/tpm2/EvictControl_fp.h @@ -59,24 +59,30 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef EVICTCONTROL_FP_H -#define EVICTCONTROL_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_PROVISION auth; - TPMI_DH_OBJECT objectHandle; - TPMI_DH_PERSISTENT persistentHandle; +#if CC_EvictControl // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_EVICTCONTROL_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_EVICTCONTROL_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PROVISION auth; + TPMI_DH_OBJECT objectHandle; + TPMI_DH_PERSISTENT persistentHandle; } EvictControl_In; -#define RC_EvictControl_auth (TPM_RC_H + TPM_RC_1) -#define RC_EvictControl_objectHandle (TPM_RC_H + TPM_RC_2) -#define RC_EvictControl_persistentHandle (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_EvictControl_auth (TPM_RC_H + TPM_RC_1) +# define RC_EvictControl_objectHandle (TPM_RC_H + TPM_RC_2) +# define RC_EvictControl_persistentHandle (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_EvictControl( - EvictControl_In *in // IN: input parameter list - ); +TPM2_EvictControl(EvictControl_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_EVICTCONTROL_FP_H_ +#endif // CC_EvictControl diff --git a/src/tpm2/ExecCommand.c b/src/tpm2/ExecCommand.c index b1716e69..069f3e3a 100644 --- a/src/tpm2/ExecCommand.c +++ b/src/tpm2/ExecCommand.c @@ -58,59 +58,75 @@ /* */ /********************************************************************************/ -/* 6.2 ExecCommand.c */ -/* This file contains the entry function ExecuteCommand() which provides the main control flow for - TPM command execution. */ +//** Introduction +// +// This file contains the entry function ExecuteCommand() which provides the main +// control flow for TPM command execution. + +//** Includes + #include "Tpm.h" -#include "ExecCommand_fp.h" +#include "Marshal.h" +// TODO_RENAME_INC_FOLDER:platform_interface refers to the TPM_CoreLib platform interface +#include "ExecCommand_fp.h" // libtpms changed + +// Uncomment this next #include if doing static command/response buffer sizing +// #include "CommandResponseSizes_fp.h" #define TPM_HAVE_TPM2_DECLARATIONS #include "tpm_library_intern.h" // libtpms added -/* Uncomment this next #include if doing static command/response buffer sizing */ -// #include "CommandResponseSizes_fp.h" +//** ExecuteCommand() +// // The function performs the following steps. -// a) Parses the command header from input buffer. -// b) Calls ParseHandleBuffer() to parse the handle area of the command. -// c) Validates that each of the handles references a loaded entity. -// d) Calls ParseSessionBuffer() () to: -// 1) unmarshal and parse the session area; -// 2) check the authorizations; and -// 3) when necessary, decrypt a parameter. -// e) Calls CommandDispatcher() to: -// 1) unmarshal the command parameters from the command buffer; -// 2) call the routine that performs the command actions; and -// 3) marshal the responses into the response buffer. -// f) If any error occurs in any of the steps above create the error response and return. -// g) Calls BuildResponseSession() to: -// 1) when necessary, encrypt a parameter -// 2) build the response authorization sessions -// 3) update the audit sessions and nonces -// h) Calls BuildResponseHeader() to complete the construction of the response. - -// responseSize is set by the caller to the maximum number of bytes available in the output -// buffer. ExecuteCommand() will adjust the value and return the number of bytes placed in -// the buffer. -// response is also set by the caller to indicate the buffer into which ExecuteCommand() is -// to place the response. -// request and response may point to the same buffer -// NOTE: As of February, 2016, the failure processing has been moved to the platform-specific -// code. When the TPM code encounters an unrecoverable failure, it will SET g_inFailureMode -// and call _plat__Fail(). That function should not return but may call ExecuteCommand(). -LIB_EXPORT void -ExecuteCommand( - uint32_t requestSize, // IN: command buffer size - unsigned char *request, // IN: command buffer - uint32_t *responseSize, // IN/OUT: response buffer size - unsigned char **response // IN/OUT: response buffer - ) +// +// a) Parses the command header from input buffer. +// b) Calls ParseHandleBuffer() to parse the handle area of the command. +// c) Validates that each of the handles references a loaded entity. +// d) Calls ParseSessionBuffer () to: +// 1) unmarshal and parse the session area; +// 2) check the authorizations; and +// 3) when necessary, decrypt a parameter. +// e) Calls CommandDispatcher() to: +// 1) unmarshal the command parameters from the command buffer; +// 2) call the routine that performs the command actions; and +// 3) marshal the responses into the response buffer. +// f) If any error occurs in any of the steps above create the error response +// and return. +// g) Calls BuildResponseSession() to: +// 1) when necessary, encrypt a parameter +// 2) build the response authorization sessions +// 3) update the audit sessions and nonces +// h) Calls BuildResponseHeader() to complete the construction of the response. +// +// 'responseSize' is set by the caller to the maximum number of bytes available in +// the output buffer. ExecuteCommand will adjust the value and return the number +// of bytes placed in the buffer. +// +// 'response' is also set by the caller to indicate the buffer into which +// ExecuteCommand is to place the response. +// +// 'request' and 'response' may point to the same buffer +// +// Note: As of February, 2016, the failure processing has been moved to the +// platform-specific code. When the TPM code encounters an unrecoverable failure, it +// will SET g_inFailureMode and call _plat__Fail(). That function should not return +// but may call ExecuteCommand(). +// +LIB_EXPORT void ExecuteCommand( + uint32_t requestSize, // IN: command buffer size + unsigned char* request, // IN: command buffer + uint32_t* responseSize, // IN/OUT: response buffer size + unsigned char** response // IN/OUT: response buffer +) { // Command local variables - UINT32 commandSize; - COMMAND command; + UINT32 commandSize; + COMMAND command; + // Response local variables - UINT32 maxResponse = *responseSize; - TPM_RC result; // return code for the command + UINT32 maxResponse = *responseSize; + TPM_RC result; // return code for the command /* check for an unreasonably large command size, since it's cast to a signed integer later */ if (requestSize > INT32_MAX) { @@ -119,7 +135,7 @@ ExecuteCommand( } // This next function call is used in development to size the command and response // buffers. The values printed are the sizes of the internal structures and - // not the sizes of the canonical forms of he command response structures. Also, + // not the sizes of the canonical forms of the command response structures. Also, // the sizes do not include the tag, command.code, requestSize, or the authorization // fields. //CommandResponseSizes(); @@ -127,14 +143,14 @@ ExecuteCommand( // operation that may require a NV write. Note, that this needs to be done // even when in failure mode. Otherwise, g_updateNV would stay SET while in // Failure mode and the NV would be written on each call. - g_updateNV = UT_NONE; + g_updateNV = UT_NONE; g_clearOrderly = FALSE; if(g_inFailureMode) - { - // Do failure mode processing - TpmFailureMode(requestSize, request, responseSize, response); - return; - } + { + // Do failure mode processing + TpmFailureMode(requestSize, request, responseSize, response); + return; + } // Query platform to get the NV state. The result state is saved internally // and will be reported by NvIsAvailable(). The reference code requires that // accessibility of NV does not change during the execution of a command. @@ -142,34 +158,36 @@ ExecuteCommand( // is not available later when it is necessary to write to NV, then the TPM // will go into failure mode. NvCheckState(); + // Due to the limitations of the simulation, TPM clock must be explicitly // synchronized with the system clock whenever a command is received. // This function call is not necessary in a hardware TPM. However, taking // a snapshot of the hardware timer at the beginning of the command allows // the time value to be consistent for the duration of the command execution. TimeUpdateToCurrent(); + // Any command through this function will unceremoniously end the // _TPM_Hash_Data/_TPM_Hash_End sequence. if(g_DRTMHandle != TPM_RH_UNASSIGNED) - ObjectTerminateEvent(); + ObjectTerminateEvent(); + // Get command buffer size and command buffer. command.tag = 0; // libtpms added: Coverity command.parameterBuffer = request; - command.parameterSize = requestSize; + command.parameterSize = requestSize; + // Parse command header: tag, commandSize and command.code. // First parse the tag. The unmarshaling routine will validate // that it is either TPM_ST_SESSIONS or TPM_ST_NO_SESSIONS. - result = TPMI_ST_COMMAND_TAG_Unmarshal(&command.tag, - &command.parameterBuffer, - &command.parameterSize); + result = TPMI_ST_COMMAND_TAG_Unmarshal( + &command.tag, &command.parameterBuffer, &command.parameterSize); if(result != TPM_RC_SUCCESS) - goto Cleanup; + goto Cleanup; // Unmarshal the commandSize indicator. - result = UINT32_Unmarshal(&commandSize, - &command.parameterBuffer, - &command.parameterSize); + result = UINT32_Unmarshal( + &commandSize, &command.parameterBuffer, &command.parameterSize); if(result != TPM_RC_SUCCESS) - goto Cleanup; + goto Cleanup; // On a TPM that receives bytes on a port, the number of bytes that were // received on that port is requestSize it must be identical to commandSize. // In addition, commandSize must not be larger than MAX_COMMAND_SIZE allowed @@ -178,150 +196,158 @@ ExecuteCommand( // places them in the input buffer) would likely have the input truncated when // it reaches MAX_COMMAND_SIZE, and requestSize would not equal commandSize. if(commandSize != requestSize || commandSize > MAX_COMMAND_SIZE) - { - result = TPM_RC_COMMAND_SIZE; - goto Cleanup; - } + { + result = TPM_RC_COMMAND_SIZE; + goto Cleanup; + } // Unmarshal the command code. - result = TPM_CC_Unmarshal(&command.code, &command.parameterBuffer, - &command.parameterSize); + result = TPM_CC_Unmarshal( + &command.code, &command.parameterBuffer, &command.parameterSize); if(result != TPM_RC_SUCCESS) - goto Cleanup; + goto Cleanup; // Check to see if the command is implemented. command.index = CommandCodeToCommandIndex(command.code); if(UNIMPLEMENTED_COMMAND_INDEX == command.index) - { - result = TPM_RC_COMMAND_CODE; - goto Cleanup; - } -#if FIELD_UPGRADE_IMPLEMENTED == YES + { + result = TPM_RC_COMMAND_CODE; + goto Cleanup; + } +#if FIELD_UPGRADE_IMPLEMENTED == YES // If the TPM is in FUM, then the only allowed command is // TPM_CC_FieldUpgradeData. if(IsFieldUgradeMode() && (command.code != TPM_CC_FieldUpgradeData)) - { - result = TPM_RC_UPGRADE; - goto Cleanup; - } + { + result = TPM_RC_UPGRADE; + goto Cleanup; + } else #endif - // Excepting FUM, the TPM only accepts TPM2_Startup() after - // _TPM_Init. After getting a TPM2_Startup(), TPM2_Startup() - // is no longer allowed. - if((!TPMIsStarted() && command.code != TPM_CC_Startup) - || (TPMIsStarted() && command.code == TPM_CC_Startup)) - { - result = TPM_RC_INITIALIZE; - goto Cleanup; - } + // Excepting FUM, the TPM only accepts TPM2_Startup() after + // _TPM_Init. After getting a TPM2_Startup(), TPM2_Startup() + // is no longer allowed. + if((!TPMIsStarted() && command.code != TPM_CC_Startup) + || (TPMIsStarted() && command.code == TPM_CC_Startup)) + { + result = TPM_RC_INITIALIZE; + goto Cleanup; + } // Start regular command process. NvIndexCacheInit(); // Parse Handle buffer. result = ParseHandleBuffer(&command); if(result != TPM_RC_SUCCESS) - goto Cleanup; + goto Cleanup; // All handles in the handle area are required to reference TPM-resident // entities. result = EntityGetLoadStatus(&command); if(result != TPM_RC_SUCCESS) - goto Cleanup; + goto Cleanup; // Authorization session handling for the command. ClearCpRpHashes(&command); if(command.tag == TPM_ST_SESSIONS) - { - // Find out session buffer size. - result = UINT32_Unmarshal((UINT32 *)&command.authSize, - &command.parameterBuffer, - &command.parameterSize); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - // Perform sanity check on the unmarshaled value. If it is smaller than - // the smallest possible session or larger than the remaining size of - // the command, then it is an error. NOTE: This check could pass but the - // session size could still be wrong. That will be determined after the - // sessions are unmarshaled. - if(command.authSize < 9 - || command.authSize > command.parameterSize) - { - result = TPM_RC_SIZE; - goto Cleanup; - } - command.parameterSize -= command.authSize; - // The actions of ParseSessionBuffer() are described in the introduction. - // As the sessions are parsed command.parameterBuffer is advanced so, on a - // successful return, command.parameterBuffer should be pointing at the - // first byte of the parameters. - result = ParseSessionBuffer(&command); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - } + { + // Find out session buffer size. + result = UINT32_Unmarshal((UINT32*)&command.authSize, + &command.parameterBuffer, + &command.parameterSize); + if(result != TPM_RC_SUCCESS) + goto Cleanup; + // Perform sanity check on the unmarshaled value. If it is smaller than + // the smallest possible session or larger than the remaining size of + // the command, then it is an error. NOTE: This check could pass but the + // session size could still be wrong. That will be determined after the + // sessions are unmarshaled. + if(command.authSize < 9 || command.authSize > command.parameterSize) + { + result = TPM_RC_SIZE; + goto Cleanup; + } + command.parameterSize -= command.authSize; + + // The actions of ParseSessionBuffer() are described in the introduction. + // As the sessions are parsed command.parameterBuffer is advanced so, on a + // successful return, command.parameterBuffer should be pointing at the + // first byte of the parameters. + result = ParseSessionBuffer(&command); + if(result != TPM_RC_SUCCESS) + goto Cleanup; + } else - { - command.authSize = 0; - // The command has no authorization sessions. - // If the command requires authorizations, then CheckAuthNoSession() will - // return an error. - result = CheckAuthNoSession(&command); - if(result != TPM_RC_SUCCESS) - goto Cleanup; - } + { + command.authSize = 0; + // The command has no authorization sessions. + // If the command requires authorizations, then CheckAuthNoSession() will + // return an error. + result = CheckAuthNoSession(&command); + if(result != TPM_RC_SUCCESS) + goto Cleanup; + } // Set up the response buffer pointers. CommandDispatch will marshal the // response parameters starting at the address in command.responseBuffer. - // *response = MemoryGetResponseBuffer(command.index); + //*response = MemoryGetResponseBuffer(command.index); // leave space for the command header command.responseBuffer = *response + STD_RESPONSE_HEADER; + // leave space for the parameter size field if needed if(command.tag == TPM_ST_SESSIONS) - command.responseBuffer += sizeof(UINT32); + command.responseBuffer += sizeof(UINT32); if(IsHandleInResponse(command.index)) - command.responseBuffer += sizeof(TPM_HANDLE); + command.responseBuffer += sizeof(TPM_HANDLE); + // CommandDispatcher returns a response handle buffer and a response parameter // buffer if it succeeds. It will also set the parameterSize field in the // buffer if the tag is TPM_RC_SESSIONS. result = CommandDispatcher(&command); if(result != TPM_RC_SUCCESS) - goto Cleanup; + goto Cleanup; + // Build the session area at the end of the parameter area. result = BuildResponseSession(&command); if(result != TPM_RC_SUCCESS) - { - goto Cleanup; - } - Cleanup: - if(g_clearOrderly == TRUE - && NV_IS_ORDERLY) - { + { + goto Cleanup; + } + +Cleanup: + if(g_clearOrderly == TRUE && NV_IS_ORDERLY) + { #if USE_DA_USED - gp.orderlyState = g_daUsed ? SU_DA_USED_VALUE : SU_NONE_VALUE; + gp.orderlyState = g_daUsed ? SU_DA_USED_VALUE : SU_NONE_VALUE; #else - gp.orderlyState = SU_NONE_VALUE; + gp.orderlyState = SU_NONE_VALUE; #endif - NV_SYNC_PERSISTENT(orderlyState); - } + NV_SYNC_PERSISTENT(orderlyState); + } // This implementation loads an "evict" object to a transient object slot in // RAM whenever an "evict" object handle is used in a command so that the // access to any object is the same. These temporary objects need to be // cleared from RAM whether the command succeeds or fails. ObjectCleanupEvict(); + // The parameters and sessions have been marshaled. Now tack on the header and // set the sizes BuildResponseHeader(&command, *response, result); + // Try to commit all the writes to NV if any NV write happened during this // command execution. This check should be made for both succeeded and failed // commands, because a failed one may trigger a NV write in DA logic as well. // This is the only place in the command execution path that may call the NV // commit. If the NV commit fails, the TPM should be put in failure mode. if((g_updateNV != UT_NONE) && !g_inFailureMode) - { - if(g_updateNV == UT_ORDERLY) - NvUpdateIndexOrderlyData(); - if(!NvCommit()) - FAIL(FATAL_ERROR_INTERNAL); - g_updateNV = UT_NONE; - } + { + if(g_updateNV == UT_ORDERLY) + NvUpdateIndexOrderlyData(); + if(!NvCommit()) + FAIL(FATAL_ERROR_INTERNAL); + g_updateNV = UT_NONE; + } pAssert((UINT32)command.parameterSize <= maxResponse); + // Clear unused bits in response buffer. MemorySet(*response + *responseSize, 0, maxResponse - *responseSize); + // as a final act, and not before, update the response size. *responseSize = (UINT32)command.parameterSize; + return; } diff --git a/src/tpm2/ExecCommand_fp.h b/src/tpm2/ExecCommand_fp.h index 43b5dbec..c2d25d6e 100644 --- a/src/tpm2/ExecCommand_fp.h +++ b/src/tpm2/ExecCommand_fp.h @@ -59,15 +59,56 @@ /* */ /********************************************************************************/ -#ifndef EXECCOMMAND_FP_H -#define EXECCOMMAND_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ -LIB_EXPORT void -ExecuteCommand( - uint32_t requestSize, // IN: command buffer size - unsigned char *request, // IN: command buffer - uint32_t *responseSize, // IN/OUT: response buffer size - unsigned char **response // IN/OUT: response buffer - ); +#ifndef _EXEC_COMMAND_FP_H_ +#define _EXEC_COMMAND_FP_H_ -#endif +//** ExecuteCommand() +// +// The function performs the following steps. +// +// a) Parses the command header from input buffer. +// b) Calls ParseHandleBuffer() to parse the handle area of the command. +// c) Validates that each of the handles references a loaded entity. +// d) Calls ParseSessionBuffer () to: +// 1) unmarshal and parse the session area; +// 2) check the authorizations; and +// 3) when necessary, decrypt a parameter. +// e) Calls CommandDispatcher() to: +// 1) unmarshal the command parameters from the command buffer; +// 2) call the routine that performs the command actions; and +// 3) marshal the responses into the response buffer. +// f) If any error occurs in any of the steps above create the error response +// and return. +// g) Calls BuildResponseSession() to: +// 1) when necessary, encrypt a parameter +// 2) build the response authorization sessions +// 3) update the audit sessions and nonces +// h) Calls BuildResponseHeader() to complete the construction of the response. +// +// 'responseSize' is set by the caller to the maximum number of bytes available in +// the output buffer. ExecuteCommand will adjust the value and return the number +// of bytes placed in the buffer. +// +// 'response' is also set by the caller to indicate the buffer into which +// ExecuteCommand is to place the response. +// +// 'request' and 'response' may point to the same buffer +// +// Note: As of February, 2016, the failure processing has been moved to the +// platform-specific code. When the TPM code encounters an unrecoverable failure, it +// will SET g_inFailureMode and call _plat__Fail(). That function should not return +// but may call ExecuteCommand(). +// +LIB_EXPORT void ExecuteCommand( + uint32_t requestSize, // IN: command buffer size + unsigned char* request, // IN: command buffer + uint32_t* responseSize, // IN/OUT: response buffer size + unsigned char** response // IN/OUT: response buffer +); + +#endif // _EXEC_COMMAND_FP_H_ diff --git a/src/tpm2/ExtraData.c b/src/tpm2/ExtraData.c index c42e15f2..7e8da760 100644 --- a/src/tpm2/ExtraData.c +++ b/src/tpm2/ExtraData.c @@ -81,10 +81,10 @@ // manufacture and CLEAR. The buffer will contain the last value provided // to the Core library. LIB_EXPORT void _plat__GetPlatformManufactureData(uint8_t* pPlatformPersistentData, - uint32_t bufferSize) + uint32_t bufferSize) { if(bufferSize != 0) - { - memset((void*)pPlatformPersistentData, 0xFF, bufferSize); - } + { + memset((void*)pPlatformPersistentData, 0xFF, bufferSize); + } } diff --git a/src/tpm2/FlushContext_fp.h b/src/tpm2/FlushContext_fp.h index 6426e9f5..015b1e77 100644 --- a/src/tpm2/FlushContext_fp.h +++ b/src/tpm2/FlushContext_fp.h @@ -59,20 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef FLUSHCONTEXT_FP_H -#define FLUSHCONTEXT_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_CONTEXT flushHandle; +#if CC_FlushContext // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_FLUSHCONTEXT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_FLUSHCONTEXT_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_CONTEXT flushHandle; } FlushContext_In; -#define RC_FlushContext_flushHandle (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_FlushContext_flushHandle (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_FlushContext( - FlushContext_In *in // IN: input parameter list - ); +TPM2_FlushContext(FlushContext_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_FLUSHCONTEXT_FP_H_ +#endif // CC_FlushContext diff --git a/src/tpm2/GetCapability_fp.h b/src/tpm2/GetCapability_fp.h index 52b81d3d..01f9fb2a 100644 --- a/src/tpm2/GetCapability_fp.h +++ b/src/tpm2/GetCapability_fp.h @@ -59,32 +59,37 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef GETCAPABILITY_FP_H -#define GETCAPABILITY_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPM_CAP capability; - UINT32 property; - UINT32 propertyCount; +#if CC_GetCapability // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETCAPABILITY_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETCAPABILITY_FP_H_ + +// Input structure definition +typedef struct +{ + TPM_CAP capability; + UINT32 property; + UINT32 propertyCount; } GetCapability_In; -#define RC_GetCapability_capability (TPM_RC_P + TPM_RC_1) -#define RC_GetCapability_property (TPM_RC_P + TPM_RC_2) -#define RC_GetCapability_propertyCount (TPM_RC_P + TPM_RC_3) - -typedef struct { - TPMI_YES_NO moreData; - TPMS_CAPABILITY_DATA capabilityData; +// Output structure definition +typedef struct +{ + TPMI_YES_NO moreData; + TPMS_CAPABILITY_DATA capabilityData; } GetCapability_Out; +// Response code modifiers +# define RC_GetCapability_capability (TPM_RC_P + TPM_RC_1) +# define RC_GetCapability_property (TPM_RC_P + TPM_RC_2) +# define RC_GetCapability_propertyCount (TPM_RC_P + TPM_RC_3) +// Function prototype TPM_RC -TPM2_GetCapability( - GetCapability_In *in, // IN: input parameter list - GetCapability_Out *out // OUT: output parameter list - ); +TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETCAPABILITY_FP_H_ +#endif // CC_GetCapability diff --git a/src/tpm2/GetCommandAuditDigest_fp.h b/src/tpm2/GetCommandAuditDigest_fp.h index e3467ca1..cd95554e 100644 --- a/src/tpm2/GetCommandAuditDigest_fp.h +++ b/src/tpm2/GetCommandAuditDigest_fp.h @@ -59,33 +59,40 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef GETCOMMANDAUDITDIGEST_FP_H -#define GETCOMMANDAUDITDIGEST_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_ENDORSEMENT privacyHandle; - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; +#if CC_GetCommandAuditDigest // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETCOMMANDAUDITDIGEST_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETCOMMANDAUDITDIGEST_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_ENDORSEMENT privacyHandle; + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; } GetCommandAuditDigest_In; -#define RC_GetCommandAuditDigest_privacyHandle (TPM_RC_H + TPM_RC_1) -#define RC_GetCommandAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_GetCommandAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_GetCommandAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) - -typedef struct { - TPM2B_ATTEST auditInfo; - TPMT_SIGNATURE signature; +// Output structure definition +typedef struct +{ + TPM2B_ATTEST auditInfo; + TPMT_SIGNATURE signature; } GetCommandAuditDigest_Out; +// Response code modifiers +# define RC_GetCommandAuditDigest_privacyHandle (TPM_RC_H + TPM_RC_1) +# define RC_GetCommandAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) +# define RC_GetCommandAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) +# define RC_GetCommandAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) + +// Function prototype TPM_RC -TPM2_GetCommandAuditDigest( - GetCommandAuditDigest_In *in, // IN: input parameter list - GetCommandAuditDigest_Out *out // OUT: output parameter list - ); +TPM2_GetCommandAuditDigest(GetCommandAuditDigest_In* in, + GetCommandAuditDigest_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETCOMMANDAUDITDIGEST_FP_H_ +#endif // CC_GetCommandAuditDigest diff --git a/src/tpm2/GetRandom_fp.h b/src/tpm2/GetRandom_fp.h index 27326d08..bf72c538 100644 --- a/src/tpm2/GetRandom_fp.h +++ b/src/tpm2/GetRandom_fp.h @@ -59,26 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef GETRANDOM_FP_H -#define GETRANDOM_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - UINT16 bytesRequested; +#if CC_GetRandom // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETRANDOM_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETRANDOM_FP_H_ + +// Input structure definition +typedef struct +{ + UINT16 bytesRequested; } GetRandom_In; -#define RC_GetRandom_bytesRequested (TPM_RC_P + TPM_RC_1) - -typedef struct { - TPM2B_DIGEST randomBytes; +// Output structure definition +typedef struct +{ + TPM2B_DIGEST randomBytes; } GetRandom_Out; +// Response code modifiers +# define RC_GetRandom_bytesRequested (TPM_RC_P + TPM_RC_1) + +// Function prototype TPM_RC -TPM2_GetRandom( - GetRandom_In *in, // IN: input parameter list - GetRandom_Out *out // OUT: output parameter list - ); +TPM2_GetRandom(GetRandom_In* in, GetRandom_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETRANDOM_FP_H_ +#endif // CC_GetRandom diff --git a/src/tpm2/GetSessionAuditDigest_fp.h b/src/tpm2/GetSessionAuditDigest_fp.h index 412ce4b2..9264b1c0 100644 --- a/src/tpm2/GetSessionAuditDigest_fp.h +++ b/src/tpm2/GetSessionAuditDigest_fp.h @@ -59,35 +59,42 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef GETSESSIONAUDITDIGEST_FP_H -#define GETSESSIONAUDITDIGEST_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_ENDORSEMENT privacyAdminHandle; - TPMI_DH_OBJECT signHandle; - TPMI_SH_HMAC sessionHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; +#if CC_GetSessionAuditDigest // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETSESSIONAUDITDIGEST_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETSESSIONAUDITDIGEST_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_ENDORSEMENT privacyAdminHandle; + TPMI_DH_OBJECT signHandle; + TPMI_SH_HMAC sessionHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; } GetSessionAuditDigest_In; -#define RC_GetSessionAuditDigest_privacyAdminHandle (TPM_RC_H + TPM_RC_1) -#define RC_GetSessionAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_GetSessionAuditDigest_sessionHandle (TPM_RC_H + TPM_RC_3) -#define RC_GetSessionAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_GetSessionAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) - -typedef struct { - TPM2B_ATTEST auditInfo; - TPMT_SIGNATURE signature; +// Output structure definition +typedef struct +{ + TPM2B_ATTEST auditInfo; + TPMT_SIGNATURE signature; } GetSessionAuditDigest_Out; +// Response code modifiers +# define RC_GetSessionAuditDigest_privacyAdminHandle (TPM_RC_H + TPM_RC_1) +# define RC_GetSessionAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) +# define RC_GetSessionAuditDigest_sessionHandle (TPM_RC_H + TPM_RC_3) +# define RC_GetSessionAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) +# define RC_GetSessionAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) + +// Function prototype TPM_RC -TPM2_GetSessionAuditDigest( - GetSessionAuditDigest_In *in, // IN: input parameter list - GetSessionAuditDigest_Out *out // OUT: output parameter list - ); +TPM2_GetSessionAuditDigest(GetSessionAuditDigest_In* in, + GetSessionAuditDigest_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETSESSIONAUDITDIGEST_FP_H_ +#endif // CC_GetSessionAuditDigest diff --git a/src/tpm2/GetTestResult_fp.h b/src/tpm2/GetTestResult_fp.h index 21d1e9c4..d82cb792 100644 --- a/src/tpm2/GetTestResult_fp.h +++ b/src/tpm2/GetTestResult_fp.h @@ -59,21 +59,24 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef GETTESTRESULT_FP_H -#define GETTESTRESULT_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct{ - TPM2B_MAX_BUFFER outData; - TPM_RC testResult; +#if CC_GetTestResult // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETTESTRESULT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETTESTRESULT_FP_H_ + +// Output structure definition +typedef struct +{ + TPM2B_MAX_BUFFER outData; + TPM_RC testResult; } GetTestResult_Out; +// Function prototype +TPM_RC +TPM2_GetTestResult(GetTestResult_Out* out); - TPM_RC -TPM2_GetTestResult( - GetTestResult_Out *out // OUT: output parameter list - ); - - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETTESTRESULT_FP_H_ +#endif // CC_GetTestResult diff --git a/src/tpm2/GetTime_fp.h b/src/tpm2/GetTime_fp.h index 0aeba2a1..2d3ec13e 100644 --- a/src/tpm2/GetTime_fp.h +++ b/src/tpm2/GetTime_fp.h @@ -59,33 +59,39 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef GETTIME_FP_H -#define GETTIME_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_ENDORSEMENT privacyAdminHandle; - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; +#if CC_GetTime // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETTIME_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETTIME_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_ENDORSEMENT privacyAdminHandle; + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; } GetTime_In; -#define RC_GetTime_privacyAdminHandle (TPM_RC_H + TPM_RC_1) -#define RC_GetTime_signHandle (TPM_RC_H + TPM_RC_2) -#define RC_GetTime_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_GetTime_inScheme (TPM_RC_P + TPM_RC_2) - -typedef struct { - TPM2B_ATTEST timeInfo; - TPMT_SIGNATURE signature; +// Output structure definition +typedef struct +{ + TPM2B_ATTEST timeInfo; + TPMT_SIGNATURE signature; } GetTime_Out; +// Response code modifiers +# define RC_GetTime_privacyAdminHandle (TPM_RC_H + TPM_RC_1) +# define RC_GetTime_signHandle (TPM_RC_H + TPM_RC_2) +# define RC_GetTime_qualifyingData (TPM_RC_P + TPM_RC_1) +# define RC_GetTime_inScheme (TPM_RC_P + TPM_RC_2) + +// Function prototype TPM_RC -TPM2_GetTime( - GetTime_In *in, // IN: input parameter list - GetTime_Out *out // OUT: output parameter list - ); +TPM2_GetTime(GetTime_In* in, GetTime_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETTIME_FP_H_ +#endif // CC_GetTime diff --git a/src/tpm2/Global.c b/src/tpm2/Global.c index 6f603fe6..1ba989d8 100644 --- a/src/tpm2/Global.c +++ b/src/tpm2/Global.c @@ -92,17 +92,17 @@ // are all using consistent string values. // each instance must define a different struct since the buffer sizes vary. -#define TPM2B_STRING(name, value) \ - typedef union name##_ \ - { \ - struct \ - { \ - UINT16 size; \ - BYTE buffer[sizeof(value)]; \ - } t; \ - TPM2B b; \ - } TPM2B_##name##_; \ - const TPM2B_##name##_ name##_data = {{sizeof(value), {value}}}; \ +#define TPM2B_STRING(name, value) \ + typedef union name##_ \ + { \ + struct \ + { \ + UINT16 size; \ + BYTE buffer[sizeof(value)]; \ + } t; \ + TPM2B b; \ + } TPM2B_##name##_; \ + const TPM2B_##name##_ name##_data = {{sizeof(value), {value}}}; \ const TPM2B* name = &name##_data.b TPM2B_STRING(PRIMARY_OBJECT_CREATION, "Primary Object Creation"); @@ -127,19 +127,19 @@ TPM2B_STRING(OAEP_TEST_STRING, "OAEP Test Value"); //*** g_rcIndex[] const UINT16 g_rcIndex[15] = {TPM_RC_1, - TPM_RC_2, - TPM_RC_3, - TPM_RC_4, - TPM_RC_5, - TPM_RC_6, - TPM_RC_7, - TPM_RC_8, - TPM_RC_9, - TPM_RC_A, - TPM_RC_B, - TPM_RC_C, - TPM_RC_D, - TPM_RC_E, - TPM_RC_F}; + TPM_RC_2, + TPM_RC_3, + TPM_RC_4, + TPM_RC_5, + TPM_RC_6, + TPM_RC_7, + TPM_RC_8, + TPM_RC_9, + TPM_RC_A, + TPM_RC_B, + TPM_RC_C, + TPM_RC_D, + TPM_RC_E, + TPM_RC_F}; BOOL g_manufactured = FALSE; diff --git a/src/tpm2/Global.h b/src/tpm2/Global.h index c4d7176f..43398d98 100644 --- a/src/tpm2/Global.h +++ b/src/tpm2/Global.h @@ -157,36 +157,36 @@ typedef struct { #if LITTLE_ENDIAN_TPM == YES /* libtpms added */ unsigned publicOnly : 1; //0) SET if only the public portion of - // an object is loaded + // an object is loaded unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS - // Hierarchy + // Hierarchy unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS - // Hierarchy + // Hierarchy unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS - // Hierarchy + // Hierarchy unsigned evict : 1; //4) SET if the object is a platform or - // owner evict object. Platform- - // evict object belongs to PPS - // hierarchy, owner-evict object - // belongs to SPS or EPS hierarchy. - // This bit is also used to mark a - // completed sequence object so it - // will be flush when the - // SequenceComplete command succeeds. + // owner evict object. Platform- + // evict object belongs to PPS + // hierarchy, owner-evict object + // belongs to SPS or EPS hierarchy. + // This bit is also used to mark a + // completed sequence object so it + // will be flush when the + // SequenceComplete command succeeds. unsigned primary : 1; //5) SET for a primary object unsigned temporary : 1; //6) SET for a temporary object unsigned stClear : 1; //7) SET for an stClear object unsigned hmacSeq : 1; //8) SET for an HMAC or MAC sequence - // object + // object unsigned hashSeq : 1; //9) SET for a hash sequence object unsigned eventSeq : 1; //10) SET for an event sequence object unsigned ticketSafe : 1; //11) SET if a ticket is safe to create - // for hash sequence object + // for hash sequence object unsigned firstBlock : 1; //12) SET if the first block of hash - // data has been received. It - // works with ticketSafe bit + // data has been received. It + // works with ticketSafe bit unsigned isParent : 1; //13) SET if the key has the proper - // attributes to be a parent key + // attributes to be a parent key unsigned privateExp : 1; //14) SET when the private exponent // libtpms: keep // // of an RSA key has been validated. #if 0 // lbtpms added @@ -253,18 +253,18 @@ typedef struct OBJECT #endif // libtpms added end TPM2B_NAME qualifiedName; // object qualified name TPMI_DH_OBJECT evictHandle; // if the object is an evict object, - // the original handle is kept here. - // The 'working' handle will be the - // handle of an object slot. + // the original handle is kept here. + // The 'working' handle will be the + // handle of an object slot. TPM2B_NAME name; // Name of the object name. Kept here - // to avoid repeatedly computing it. + // to avoid repeatedly computing it. TPMI_RH_HIERARCHY hierarchy; // Hierarchy for the object. While the - // base hierarchy can be deduced from - // 'attributes', if the hierarchy is - // firmware-bound or SVN-bound then - // this field carries additional metadata - // needed to derive the proof value for - // the object. + // base hierarchy can be deduced from + // 'attributes', if the hierarchy is + // firmware-bound or SVN-bound then + // this field carries additional metadata + // needed to derive the proof value for + // the object. #if __LONG_WIDTH__ == 32 UINT8 _pad1[4]; /* 32 bit targets need padding */ #endif @@ -292,13 +292,13 @@ typedef struct HASH_OBJECT TPMI_ALG_PUBLIC type; // algorithm TPMI_ALG_HASH nameAlg; // name algorithm TPMA_OBJECT objectAttributes; // object attributes - + // The data below is unique to a sequence object TPM2B_AUTH auth; // authorization for use of sequence union { - HASH_STATE hashState[HASH_COUNT]; - HMAC_STATE hmacState; + HASH_STATE hashState[HASH_COUNT]; + HMAC_STATE hmacState; } state; } HASH_OBJECT; @@ -436,46 +436,46 @@ typedef struct SESSION { SESSION_ATTRIBUTES attributes; // session attributes UINT32 pcrCounter; // PCR counter value when PCR is - // included (policy session) - // If no PCR is included, this - // value is 0. + // included (policy session) + // If no PCR is included, this + // value is 0. UINT64 startTime; // The value in g_time when the session - // was started (policy session) + // was started (policy session) UINT64 timeout; // The timeout relative to g_time - // There is no timeout if this value - // is 0. + // There is no timeout if this value + // is 0. CLOCK_NONCE epoch; // The g_clockEpoch value when the - // session was started. If g_clockEpoch - // does not match this value when the - // timeout is used, then - // then the command will fail. + // session was started. If g_clockEpoch + // does not match this value when the + // timeout is used, then + // then the command will fail. TPM_CC commandCode; // command code (policy session) TPM_ALG_ID authHashAlg; // session hash algorithm TPMA_LOCALITY commandLocality; // command locality (policy session) TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any) TPM2B_AUTH sessionKey; // session secret value used for - // this session + // this session TPM2B_NONCE nonceTPM; // last TPM-generated nonce for - // generating HMAC and encryption keys + // generating HMAC and encryption keys union { - TPM2B_NAME boundEntity; // value used to track the entity to - // which the session is bound - - TPM2B_DIGEST cpHash; // the required cpHash value for the - // command being authorized - TPM2B_DIGEST nameHash; // the required nameHash - TPM2B_DIGEST templateHash; // the required template for creation - TPM2B_DIGEST pHash; // the required parameter hash value for the - // command being authorized + TPM2B_NAME boundEntity; // value used to track the entity to + // which the session is bound + + TPM2B_DIGEST cpHash; // the required cpHash value for the + // command being authorized + TPM2B_DIGEST nameHash; // the required nameHash + TPM2B_DIGEST templateHash; // the required template for creation + TPM2B_DIGEST pHash; // the required parameter hash value for the + // command being authorized } u1; - + union { - TPM2B_DIGEST auditDigest; // audit session digest - TPM2B_DIGEST policyDigest; // policyHash + TPM2B_DIGEST auditDigest; // audit session digest + TPM2B_DIGEST policyDigest; // policyHash } u2; // audit log and policyHash may - // share space to save memory + // share space to save memory } SESSION; # define EXPIRES_ON_RESET INT32_MIN @@ -499,7 +499,7 @@ typedef BYTE SESSION_BUF[sizeof(SESSION)]; typedef struct PCR_SAVE { FOR_EACH_HASH(PCR_SAVE_SPACE) - + // This counter increments whenever the PCR are updated. // NOTE: A platform-specific specification may designate // certain PCR changes as not causing this counter @@ -531,11 +531,11 @@ typedef struct PCR_AUTH_VALUE // This enumeration is the possible startup types. The type is determined // by the combination of TPM2_ShutDown and TPM2_Startup. typedef enum - { - SU_RESET, - SU_RESTART, - SU_RESUME - } STARTUP_TYPE; +{ + SU_RESET, + SU_RESTART, + SU_RESUME +} STARTUP_TYPE; //**NV @@ -797,15 +797,15 @@ typedef struct // data provided by the platform library during manufacturing. // Opaque to the TPM Core library, but may be used by the platform library. BYTE platformReserved[PERSISTENT_DATA_PLATFORM_SPACE]; - + //********************************************************************************* // Hierarchy //********************************************************************************* // The values in this section are related to the hierarchies. - + BOOL disableClear; // TRUE if TPM2_Clear() using - // lockoutAuth is disabled - + // lockoutAuth is disabled + // Hierarchy authPolicies TPMI_ALG_HASH ownerAlg; TPMI_ALG_HASH endorsementAlg; @@ -813,12 +813,12 @@ typedef struct TPM2B_DIGEST ownerPolicy; TPM2B_DIGEST endorsementPolicy; TPM2B_DIGEST lockoutPolicy; - + // Hierarchy authValues TPM2B_AUTH ownerAuth; TPM2B_AUTH endorsementAuth; TPM2B_AUTH lockoutAuth; - + // Primary Seeds TPM2B_SEED EPSeed; TPM2B_SEED SPSeed; @@ -828,13 +828,13 @@ typedef struct SEED_COMPAT_LEVEL SPSeedCompatLevel; SEED_COMPAT_LEVEL PPSeedCompatLevel; // libtpms added end // Note there is a nullSeed in the state_reset memory. - + // Hierarchy proofs TPM2B_PROOF phProof; TPM2B_PROOF shProof; TPM2B_PROOF ehProof; // Note there is a nullProof in the state_reset memory. - + //********************************************************************************* // Reset Events //********************************************************************************* @@ -843,28 +843,28 @@ typedef struct // manufacture process. It is used to invalidate all saved contexts after a TPM // Reset. UINT64 totalResetCount; - + // This counter increments on each TPM Reset. The counter is reset by // TPM2_Clear(). UINT32 resetCount; - - //********************************************************************************* - // PCR - //********************************************************************************* - // This structure hold the policies for those PCR that have an update policy. - // This implementation only supports a single group of PCR controlled by - // policy. If more are required, then this structure would be changed to - // an array. + +//********************************************************************************* +// PCR +//********************************************************************************* +// This structure hold the policies for those PCR that have an update policy. +// This implementation only supports a single group of PCR controlled by +// policy. If more are required, then this structure would be changed to +// an array. # if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 PCR_POLICY pcrPolicies; # endif - + // This structure indicates the allocation of PCR. The structure contains a // list of PCR allocations for each implemented algorithm. If no PCR are // allocated for an algorithm, a list entry still exists but the bit map // will contain no SET bits. TPML_PCR_SELECTION pcrAllocated; - + //********************************************************************************* // Physical Presence //********************************************************************************* @@ -875,41 +875,41 @@ typedef struct // // These bits may be changed with TPM2_PP_Commands(). BYTE ppList[(COMMAND_COUNT + 7) / 8]; - + //********************************************************************************* // Dictionary attack values //********************************************************************************* // These values are used for dictionary attack tracking and control. UINT32 failedTries; // the current count of unexpired - // authorization failures - + // authorization failures + UINT32 maxTries; // number of unexpired authorization - // failures before the TPM is in - // lockout - + // failures before the TPM is in + // lockout + UINT32 recoveryTime; // time between authorization failures - // before failedTries is decremented - + // before failedTries is decremented + UINT32 lockoutRecovery; // time that must expire between - // authorization failures associated - // with lockoutAuth - + // authorization failures associated + // with lockoutAuth + BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is - // allowed - + // allowed + //***************************************************************************** // Orderly State //***************************************************************************** // The orderly state for current cycle TPM_SU orderlyState; - + //***************************************************************************** // Command audit values. //***************************************************************************** BYTE auditCommands[((COMMAND_COUNT + 1) + 7) / 8]; TPMI_ALG_HASH auditHashAlg; UINT64 auditCounter; - + //***************************************************************************** // Algorithm selection //***************************************************************************** @@ -917,7 +917,7 @@ typedef struct // The 'algorithmSet' value indicates the collection of algorithms that are // currently in used on the TPM. The interpretation of value is vendor dependent. UINT32 algorithmSet; - + //***************************************************************************** // Firmware version //***************************************************************************** @@ -927,26 +927,26 @@ typedef struct // is consistent with vendor needs. The values are maintained in RAM for simplified // access with a master version in NV. These values are modified in a // vendor-specific way. - + // g_firmwareV1 contains the more significant 32-bits of the vendor version number. // In the reference implementation, if this value is printed as a hex // value, it will have the format of YYYYMMDD UINT32 firmwareV1; - + // g_firmwareV1 contains the less significant 32-bits of the vendor version number. // In the reference implementation, if this value is printed as a hex // value, it will have the format of 00 HH MM SS UINT32 firmwareV2; - //***************************************************************************** - // Timer Epoch - //***************************************************************************** - // timeEpoch contains a nonce that has a vendor=specific size (should not be - // less than 8 bytes. This nonce changes when the clock epoch changes. The clock - // epoch changes when there is a discontinuity in the timing of the TPM. +//***************************************************************************** +// Timer Epoch +//***************************************************************************** +// timeEpoch contains a nonce that has a vendor=specific size (should not be +// less than 8 bytes. This nonce changes when the clock epoch changes. The clock +// epoch changes when there is a discontinuity in the timing of the TPM. # if !CLOCK_STOPS CLOCK_NONCE timeEpoch; # endif - + } PERSISTENT_DATA; EXTERN PERSISTENT_DATA gp; @@ -962,18 +962,18 @@ typedef struct orderly_data //***************************************************************************** // TIME //***************************************************************************** - + // Clock has two parts. One is the state save part and one is the NV part. The // state save version is updated on each command. When the clock rolls over, the // NV version is updated. When the TPM starts up, if the TPM was shutdown in and // orderly way, then the sClock value is used to initialize the clock. If the // TPM shutdown was not orderly, then the persistent value is used and the safe // attribute is clear. - + UINT64 clock; // The orderly version of clock TPMI_YES_NO clockSafe; // Indicates if the clock value is - // safe. - + // safe. + // In many implementations, the quality of the entropy available is not that // high. To compensate, the current value of the drbgState can be saved and // restored on each power cycle. This prevents the internal state from reverting @@ -981,31 +981,31 @@ typedef struct orderly_data // of entropy. By keeping the old state and adding entropy, the entropy will // accumulate. DRBG_STATE drbgState; - - // These values allow the accumulation of self-healing time across orderly shutdown - // of the TPM. + +// These values allow the accumulation of self-healing time across orderly shutdown +// of the TPM. # if ACCUMULATE_SELF_HEAL_TIMER UINT64 selfHealTimer; // current value of s_selfHealTimer UINT64 lockoutTimer; // current value of s_lockoutTimer UINT64 time; // current value of g_time at shutdown # endif // ACCUMULATE_SELF_HEAL_TIMER - + #ifndef __ACT_DISABLED // libtpms added #error ACT not supported in ORDERLY_DATA! - // These are the ACT Timeout values. They are saved with the other timers +// These are the ACT Timeout values. They are saved with the other timers # define DefineActData(N) ACT_STATE ACT_##N; FOR_EACH_ACT(DefineActData) - + // this is the 'signaled' attribute data for all the ACT. It is done this way so // that they can be manipulated by ACT number rather than having to access a // structure. UINT16 signaledACT; UINT16 preservedSignaled; - + # if ORDERLY_DATA_PADDING != 0 BYTE reserved[ORDERLY_DATA_PADDING]; # endif - + #endif // libtpms added } ORDERLY_DATA; @@ -1042,27 +1042,27 @@ typedef struct state_clear_data TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer TPM2B_AUTH platformAuth; // default reset is an Empty Buffer - + //***************************************************************************** // PCR //***************************************************************************** // The set of PCR to be saved on Shutdown(STATE) PCR_SAVE pcrSave; // default reset is 0...0 - + // This structure hold the authorization values for those PCR that have an // update authorization. // This implementation only supports a single group of PCR controlled by // authorization. If more are required, then this structure would be changed to // an array. PCR_AUTHVALUE pcrAuthValues; - + #ifndef __ACT_DISABLED // libtpms added - //***************************************************************************** - // ACT - //***************************************************************************** +//***************************************************************************** +// ACT +//***************************************************************************** # define DefineActPolicySpace(N) TPMT_HA act_##N; FOR_EACH_ACT(DefineActPolicySpace) - + # if STATE_CLEAR_DATA_PADDING != 0 BYTE reserved[STATE_CLEAR_DATA_PADDING]; # endif @@ -1089,14 +1089,14 @@ typedef struct state_reset_data // Hierarchy Control //***************************************************************************** TPM2B_PROOF nullProof; // The proof value associated with - // the TPM_RH_NULL hierarchy. The - // default reset value is from the RNG. - + // the TPM_RH_NULL hierarchy. The + // default reset value is from the RNG. + TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL + // hierarchy. The default reset value + // is from the RNG. SEED_COMPAT_LEVEL nullSeedCompatLevel; // libtpms added - // hierarchy. The default reset value - // is from the RNG. - + //***************************************************************************** // Context //***************************************************************************** @@ -1107,21 +1107,21 @@ typedef struct state_reset_data // If 'clearCount' is at its maximum value when the TPM receives a Shutdown(STATE), // the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR). UINT32 clearCount; // The default reset value is 0. - + UINT64 objectContextID; // This is the context ID for a saved - // object context. The default reset - // value is 0. + // object context. The default reset + // value is 0. CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS]; // This array contains - // contains the values used to track - // the version numbers of saved - // contexts (see - // Session.c in for details). The - // default reset value is {0}. - + // contains the values used to track + // the version numbers of saved + // contexts (see + // Session.c in for details). The + // default reset value is {0}. + CONTEXT_COUNTER contextCounter; // This is the value from which the - // 'contextID' is derived. The - // default reset value is {0}. - + // 'contextID' is derived. The + // default reset value is {0}. + //***************************************************************************** // Command Audit //***************************************************************************** @@ -1130,18 +1130,18 @@ typedef struct state_reset_data // TPM will extend the cpHash and rpHash for the command to this value. If this // digest was the Zero Digest before the cpHash was extended, the audit counter // is incremented. - + TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest - // by TPM2_GetCommandAuditDigest() or a - // TPM Reset. - + // by TPM2_GetCommandAuditDigest() or a + // TPM Reset. + //***************************************************************************** // Boot counter //***************************************************************************** - + UINT32 restartCount; // This counter counts TPM Restarts. - // The default reset value is 0. - + // The default reset value is 0. + //********************************************************************************* // PCR //********************************************************************************* @@ -1153,25 +1153,25 @@ typedef struct state_reset_data // NOTE: A platform-specific specification may designate that certain PCR changes // do not increment this counter to increment. UINT32 pcrCounter; // The default reset value is 0. - + # if ALG_ECC - + //***************************************************************************** // ECDAA //***************************************************************************** UINT64 commitCounter; // This counter increments each time - // TPM2_Commit() returns - // TPM_RC_SUCCESS. The default reset - // value is 0. - + // TPM2_Commit() returns + // TPM_RC_SUCCESS. The default reset + // value is 0. + TPM2B_NONCE commitNonce; // This random value is used to compute - // the commit values. The default reset - // value is from the RNG. - + // the commit values. The default reset + // value is from the RNG. + // This implementation relies on the number of bits in g_commitArray being a // power of 2 (8, 16, 32, 64, etc.) and no greater than 64K. BYTE commitArray[16]; // The default reset value is {0}. - + # endif // ALG_ECC # if STATE_RESET_DATA_PADDING != 0 BYTE reserved[STATE_RESET_DATA_PADDING]; @@ -1225,14 +1225,14 @@ EXTERN CONTEXT_SLOT s_ContextSlotMask; //** Global Macro Definitions // The NV_READ_PERSISTENT and NV_WRITE_PERSISTENT macros are used to access members // of the PERSISTENT_DATA structure in NV. -# define NV_READ_PERSISTENT(to, from) \ - NvRead(&to, offsetof(PERSISTENT_DATA, from), sizeof(to)) +# define NV_READ_PERSISTENT(to, from) \ + NvRead(&to, offsetof(PERSISTENT_DATA, from), sizeof(to)) -# define NV_WRITE_PERSISTENT(to, from) \ - NvWrite(offsetof(PERSISTENT_DATA, to), sizeof(gp.to), &from) +# define NV_WRITE_PERSISTENT(to, from) \ + NvWrite(offsetof(PERSISTENT_DATA, to), sizeof(gp.to), &from) -# define CLEAR_PERSISTENT(item) \ - NvClearPersistent(offsetof(PERSISTENT_DATA, item), sizeof(gp.item)) +# define CLEAR_PERSISTENT(item) \ + NvClearPersistent(offsetof(PERSISTENT_DATA, item), sizeof(gp.item)) # define NV_SYNC_PERSISTENT(item) NV_WRITE_PERSISTENT(item, gp.item) @@ -1248,9 +1248,9 @@ typedef struct _COMMAND_FLAGS_ { #if LITTLE_ENDIAN_TPM == YES /* libtpms added */ unsigned trialPolicy : 1; //1) If SET, one of the handles references a - // trial policy and authorization may be - // skipped. This is only allowed for a policy - // command. + // trial policy and authorization may be + // skipped. This is only allowed for a policy + // command. unsigned reserved : 31; //2-31) /* libtpms added begin */ #endif #if BIG_ENDIAN_TPM == YES @@ -1276,20 +1276,20 @@ typedef struct COMMAND TPM_CC code; // the parsed command code COMMAND_INDEX index; // the computed command index UINT32 handleNum; // the number of entity handles in the - // handle area of the command + // handle area of the command TPM_HANDLE handles[MAX_HANDLE_NUM]; // the parsed handle values UINT32 sessionNum; // the number of sessions found INT32 parameterSize; // starts out with the parsed command size - // and is reduced and values are - // unmarshaled. Just before calling the - // command actions, this should be zero. - // After the command actions, this number - // should grow as values are marshaled - // in to the response buffer. + // and is reduced and values are + // unmarshaled. Just before calling the + // command actions, this should be zero. + // After the command actions, this number + // should grow as values are marshaled + // in to the response buffer. INT32 authSize; // this is initialized with the parsed size - // of authorizationSize field and should - // be zero when the authorizations are - // parsed. + // of authorizationSize field and should + // be zero when the authorizations are + // parsed. BYTE* parameterBuffer; // input to ExecuteCommand BYTE* responseBuffer; // input to ExecuteCommand FOR_EACH_HASH(CP_HASH) // space for the CP hashes @@ -1501,7 +1501,7 @@ EXTERN int s_freeSessionSlots; // dispatch code will marshal the response values into the final output buffer. EXTERN UINT64 s_actionIoBuffer[768]; // action I/O buffer EXTERN UINT32 s_actionIoAllocation; // number of UIN64 allocated for the -// action input structure + // action input structure # endif // IO_BUFFER_C //***************************************************************************** diff --git a/src/tpm2/GpMacros.h b/src/tpm2/GpMacros.h index 64661614..b266ea52 100644 --- a/src/tpm2/GpMacros.h +++ b/src/tpm2/GpMacros.h @@ -101,9 +101,9 @@ # endif #endif // FAIL_TRACE - // SETFAILED calls TpmFail. It may or may not return based on the NO_LONGJMP flag. - // CODELOCATOR is a macro that expands to either one 64-bit value that encodes the - // location, or two parameters: Function Name and Line Number. +// SETFAILED calls TpmFail. It may or may not return based on the NO_LONGJMP flag. +// CODELOCATOR is a macro that expands to either one 64-bit value that encodes the +// location, or two parameters: Function Name and Line Number. #define SETFAILED(errorCode) (TpmFail(CODELOCATOR(), errorCode)) // If implementation is using longjmp, then calls to TpmFail() will never @@ -156,12 +156,12 @@ # define FAIL_RC(failCode) SETFAILED(failCode) # define FAIL_VOID(failCode) SETFAILED(failCode) # define FAIL_NULL(failCode) SETFAILED(failCode) -# define FAIL_EXIT(failCode, returnVar, returnCode) \ - do \ - { \ - SETFAILED(failCode); \ - goto Exit; \ - } while(0) +# define FAIL_EXIT(failCode, returnVar, returnCode) \ + do \ + { \ + SETFAILED(failCode); \ + goto Exit; \ + } while(0) #else // NO_LONGJMP // no longjmp service is available @@ -175,20 +175,20 @@ # define FAIL_NORET(failCode) SETFAILED(failCode) // fail and immediately return void -# define FAIL_VOID(failCode) \ - do \ - { \ - SETFAILED(failCode); \ - return; \ - } while(0) +# define FAIL_VOID(failCode) \ + do \ + { \ + SETFAILED(failCode); \ + return; \ + } while(0) // fail and immediately return a value -# define FAIL_IMMEDIATE(failCode, retval) \ - do \ - { \ - SETFAILED(failCode); \ - return retval; \ - } while(0) +# define FAIL_IMMEDIATE(failCode, retval) \ + do \ + { \ + SETFAILED(failCode); \ + return retval; \ + } while(0) // fail and return FALSE # define FAIL_BOOL(failCode) FAIL_IMMEDIATE(failCode, FALSE) @@ -200,13 +200,13 @@ # define FAIL_NULL(failCode) FAIL_IMMEDIATE(failCode, NULL) // fail and return using the goto exit pattern -# define FAIL_EXIT(failCode, returnVar, returnCode) \ - do \ - { \ - SETFAILED(failCode); \ - returnVar = returnCode; \ - goto Exit; \ - } while(0) +# define FAIL_EXIT(failCode, returnVar, returnCode) \ + do \ + { \ + SETFAILED(failCode); \ + returnVar = returnCode; \ + goto Exit; \ + } while(0) #endif @@ -214,66 +214,66 @@ // if it is not. If longjmp is being used, then the macro makes a call from // which there is no return. Otherwise, the function will return the given // return code. -#define VERIFY(condition, failCode, returnCode) \ - do \ - { \ - if(!(condition)) \ - { \ - FAIL_IMMEDIATE(failCode, returnCode); \ - } \ - } while(0) +#define VERIFY(condition, failCode, returnCode) \ + do \ + { \ + if(!(condition)) \ + { \ + FAIL_IMMEDIATE(failCode, returnCode); \ + } \ + } while(0) // this function also verifies a condition and enters failure mode, but sets a // return value and jumps to Exit on failure - allowing for cleanup. -#define VERIFY_OR_EXIT(condition, failCode, returnVar, returnCode) \ - do \ - { \ - if(!(condition)) \ - { \ - FAIL_EXIT(failCode, returnVar, returnCode); \ - } \ - } while(0) +#define VERIFY_OR_EXIT(condition, failCode, returnVar, returnCode) \ + do \ + { \ + if(!(condition)) \ + { \ + FAIL_EXIT(failCode, returnVar, returnCode); \ + } \ + } while(0) // verify the given TPM_RC is success and we are not in // failure mode. Otherwise, return immediately with TPM_RC_FAILURE. // note that failure mode is checked first so that an existing FATAL_* error code // is not overwritten with the default from this macro. -#define VERIFY_RC(rc) \ - do \ - { \ - if(g_inFailureMode) \ - { \ - return TPM_RC_FAILURE; \ - } \ - if(rc != TPM_RC_SUCCESS) \ - { \ - FAIL_IMMEDIATE(FATAL_ERROR_ASSERT, TPM_RC_FAILURE); \ - } \ - } while(0) +#define VERIFY_RC(rc) \ + do \ + { \ + if(g_inFailureMode) \ + { \ + return TPM_RC_FAILURE; \ + } \ + if(rc != TPM_RC_SUCCESS) \ + { \ + FAIL_IMMEDIATE(FATAL_ERROR_ASSERT, TPM_RC_FAILURE); \ + } \ + } while(0) // verify the TPM is not in failure mode or return failure -#define VERIFY_NOT_FAILED() \ - do \ - { \ - if(g_inFailureMode) \ - { \ - return TPM_RC_FAILURE; \ - } \ - } while(0) +#define VERIFY_NOT_FAILED() \ + do \ + { \ + if(g_inFailureMode) \ + { \ + return TPM_RC_FAILURE; \ + } \ + } while(0) // Enter failure mode if the given TPM_RC is not success, return void. -#define VERIFY_RC_VOID(rc) \ - do \ - { \ - if(g_inFailureMode) \ - { \ - return; \ - } \ - if(rc != TPM_RC_SUCCESS) \ - { \ - FAIL_VOID(FATAL_ERROR_ASSERT); \ - } \ - } while(0) +#define VERIFY_RC_VOID(rc) \ + do \ + { \ + if(g_inFailureMode) \ + { \ + return; \ + } \ + if(rc != TPM_RC_SUCCESS) \ + { \ + FAIL_VOID(FATAL_ERROR_ASSERT); \ + } \ + } while(0) // These VERIFY_CRYPTO macros all set failure mode to FATAL_ERROR_CRYPTO // and immediately return. The general way to parse the names is: @@ -300,95 +300,95 @@ #define VERIFY_CRYPTO_OR_NULL(fn) VERIFY((fn), FATAL_ERROR_CRYPTO, NULL) // these VERIFY_CRYPTO macros all set a result value and goto Exit -#define VERIFY_CRYPTO_OR_EXIT(fn, returnVar, returnCode) \ +#define VERIFY_CRYPTO_OR_EXIT(fn, returnVar, returnCode) \ VERIFY_OR_EXIT(fn, FATAL_ERROR_CRYPTO, returnVar, returnCode); // these VERIFY_CRYPTO_OR_EXIT functions assume the return value variable is // named retVal -#define VERIFY_CRYPTO_OR_EXIT_RC(fn) \ +#define VERIFY_CRYPTO_OR_EXIT_RC(fn) \ VERIFY_CRYPTO_OR_EXIT_GENERIC(fn, retVal, TPM_RC_FAILURE) -#define VERIFY_CRYPTO_OR_EXIT_FALSE(fn) \ +#define VERIFY_CRYPTO_OR_EXIT_FALSE(fn) \ VERIFY_CRYPTO_OR_EXIT_GENERIC(fn, retVal, FALSE) -#define VERIFY_CRYPTO_RC_OR_EXIT(fn) \ - do \ - { \ - TPM_RC rc = fn; \ - if(rc != TPM_RC_SUCCESS) \ - { \ - FAIL_EXIT(FATAL_ERROR_CRYPTO, retVal, rc); \ - } \ - } while(0) +#define VERIFY_CRYPTO_RC_OR_EXIT(fn) \ + do \ + { \ + TPM_RC rc = fn; \ + if(rc != TPM_RC_SUCCESS) \ + { \ + FAIL_EXIT(FATAL_ERROR_CRYPTO, retVal, rc); \ + } \ + } while(0) #if(defined EMPTY_ASSERT) && (EMPTY_ASSERT != NO) # define pAssert(a) ((void)0) #else -# define pAssert(a) \ - do \ - { \ - if(!(a)) \ - FAIL(FATAL_ERROR_PARAMETER); \ - } while(0) +# define pAssert(a) \ + do \ + { \ + if(!(a)) \ + FAIL(FATAL_ERROR_PARAMETER); \ + } while(0) -# define pAssert_ZERO(a) \ - do \ - { \ - if(!(a)) \ - FAIL_IMMEDIATE(FATAL_ERROR_ASSERT, 0); \ - } while(0); +# define pAssert_ZERO(a) \ + do \ + { \ + if(!(a)) \ + FAIL_IMMEDIATE(FATAL_ERROR_ASSERT, 0); \ + } while(0); -# define pAssert_RC(a) \ - do \ - { \ - if(!(a)) \ - FAIL_RC(FATAL_ERROR_ASSERT); \ - } while(0); +# define pAssert_RC(a) \ + do \ + { \ + if(!(a)) \ + FAIL_RC(FATAL_ERROR_ASSERT); \ + } while(0); -# define pAssert_BOOL(a) \ - do \ - { \ - if(!(a)) \ - FAIL_BOOL(FATAL_ERROR_ASSERT); \ - } while(0); +# define pAssert_BOOL(a) \ + do \ + { \ + if(!(a)) \ + FAIL_BOOL(FATAL_ERROR_ASSERT); \ + } while(0); -# define pAssert_NULL(a) \ - do \ - { \ - if(!(a)) \ - FAIL_NULL(FATAL_ERROR_ASSERT); \ - } while(0); +# define pAssert_NULL(a) \ + do \ + { \ + if(!(a)) \ + FAIL_NULL(FATAL_ERROR_ASSERT); \ + } while(0); // using FAIL_NORET isn't optimium but is available in limited cases that // result in wrong calculated values, and can be checked later // but should have no vulnerability implications. -# define pAssert_NORET(a) \ - { \ - if(!(a)) \ - FAIL_NORET(FATAL_ERROR_ASSERT); \ - } +# define pAssert_NORET(a) \ + { \ + if(!(a)) \ + FAIL_NORET(FATAL_ERROR_ASSERT); \ + } // this macro is used where a calling code has been verified to function correctly // when the failing assert immediately returns without an error code. // this can be because either the caller checks the fatal error flag, or // the state is safe and a higher-level check will catch it. -# define pAssert_VOID_OK(a) \ - { \ - if(!(a)) \ - FAIL_VOID(FATAL_ERROR_ASSERT); \ - } +# define pAssert_VOID_OK(a) \ + { \ + if(!(a)) \ + FAIL_VOID(FATAL_ERROR_ASSERT); \ + } #endif // These macros are commonly used in the "Crypt" code as a way to keep listings from // getting too long. This is not to save paper but to allow one to see more // useful stuff on the screen at any given time. Neither macro sets failure mode. -#define ERROR_EXIT(returnCode) \ - do \ - { \ - retVal = returnCode; \ - goto Exit; \ - } while(0) +#define ERROR_EXIT(returnCode) \ + do \ + { \ + retVal = returnCode; \ + goto Exit; \ + } while(0) // braces are necessary for this usage: // if (y) @@ -397,17 +397,17 @@ // without braces the else would attach to the GOTO macro instead of the // outer if statement; given the amount of TPM code that doesn't use braces on // if statements, this is a live risk. -#define GOTO_ERROR_UNLESS(_X) \ - do \ - { \ - if(!(_X)) \ - goto Error; \ - } while(0) +#define GOTO_ERROR_UNLESS(_X) \ + do \ + { \ + if(!(_X)) \ + goto Error; \ + } while(0) #include "MinMax.h" #ifndef IsOdd -# define IsOdd(a) (((a)&1) != 0) +# define IsOdd(a) (((a) & 1) != 0) #endif #ifndef BITS_TO_BYTES @@ -455,10 +455,10 @@ # define SET_ATTRIBUTE(a, type, b) (a.b = SET) # define CLEAR_ATTRIBUTE(a, type, b) (a.b = CLEAR) # define GET_ATTRIBUTE(a, type, b) (a.b) -# define TPMA_ZERO_INITIALIZER() \ - { \ - 0 \ - } +# define TPMA_ZERO_INITIALIZER() \ + { \ + 0 \ + } #else # define IS_ATTRIBUTE(a, type, b) ((a & type##_##b) != 0) # define SET_ATTRIBUTE(a, type, b) (a |= type##_##b) diff --git a/src/tpm2/HMAC_Start_fp.h b/src/tpm2/HMAC_Start_fp.h index a05ddf15..687200c8 100644 --- a/src/tpm2/HMAC_Start_fp.h +++ b/src/tpm2/HMAC_Start_fp.h @@ -59,30 +59,36 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef HMAC_START_FP_H -#define HMAC_START_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_AUTH auth; - TPMI_ALG_HASH hashAlg; +#if CC_HMAC_Start // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_HMAC_START_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_HMAC_START_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT handle; + TPM2B_AUTH auth; + TPMI_ALG_HASH hashAlg; } HMAC_Start_In; -typedef struct { - TPMI_DH_OBJECT sequenceHandle; +// Output structure definition +typedef struct +{ + TPMI_DH_OBJECT sequenceHandle; } HMAC_Start_Out; -#define RC_HMAC_Start_handle (TPM_RC_H + TPM_RC_1) -#define RC_HMAC_Start_auth (TPM_RC_P + TPM_RC_1) -#define RC_HMAC_Start_hashAlg (TPM_RC_P + TPM_RC_2) +// Response code modifiers +# define RC_HMAC_Start_handle (TPM_RC_H + TPM_RC_1) +# define RC_HMAC_Start_auth (TPM_RC_P + TPM_RC_1) +# define RC_HMAC_Start_hashAlg (TPM_RC_P + TPM_RC_2) +// Function prototype TPM_RC -TPM2_HMAC_Start( - HMAC_Start_In *in, // IN: input parameter list - HMAC_Start_Out *out // OUT: output parameter list - ); +TPM2_HMAC_Start(HMAC_Start_In* in, HMAC_Start_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_HMAC_START_FP_H_ +#endif // CC_HMAC_Start diff --git a/src/tpm2/HMAC_fp.h b/src/tpm2/HMAC_fp.h index deb4fc22..e483005e 100644 --- a/src/tpm2/HMAC_fp.h +++ b/src/tpm2/HMAC_fp.h @@ -59,30 +59,36 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef HMAC_FP_H -#define HMAC_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_MAX_BUFFER buffer; - TPMI_ALG_HASH hashAlg; +#if CC_HMAC // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_HMAC_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_HMAC_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT handle; + TPM2B_MAX_BUFFER buffer; + TPMI_ALG_HASH hashAlg; } HMAC_In; -#define RC_HMAC_handle (TPM_RC_H + TPM_RC_1) -#define RC_HMAC_buffer (TPM_RC_P + TPM_RC_1) -#define RC_HMAC_hashAlg (TPM_RC_P + TPM_RC_2) - -typedef struct { - TPM2B_DIGEST outHMAC; +// Output structure definition +typedef struct +{ + TPM2B_DIGEST outHMAC; } HMAC_Out; +// Response code modifiers +# define RC_HMAC_handle (TPM_RC_H + TPM_RC_1) +# define RC_HMAC_buffer (TPM_RC_P + TPM_RC_1) +# define RC_HMAC_hashAlg (TPM_RC_P + TPM_RC_2) + +// Function prototype TPM_RC -TPM2_HMAC( - HMAC_In *in, // IN: input parameter list - HMAC_Out *out // OUT: output parameter list - ); +TPM2_HMAC(HMAC_In* in, HMAC_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_HMAC_FP_H_ +#endif // CC_HMAC diff --git a/src/tpm2/Handle.c b/src/tpm2/Handle.c index 24ae872f..46041719 100644 --- a/src/tpm2/Handle.c +++ b/src/tpm2/Handle.c @@ -70,7 +70,7 @@ // This function returns the type of a handle which is the MSO of the handle. TPM_HT HandleGetType(TPM_HANDLE handle // IN: a handle to be checked - ) +) { // return the upper bytes of input data return (TPM_HT)((handle & HR_RANGE_MASK) >> HR_SHIFT); @@ -82,63 +82,63 @@ HandleGetType(TPM_HANDLE handle // IN: a handle to be checked // is no next higher value, it returns 0: TPM_HANDLE NextPermanentHandle(TPM_HANDLE inHandle // IN: the handle to check - ) +) { // If inHandle is below the start of the range of permanent handles // set it to the start and scan from there if(inHandle < TPM_RH_FIRST) - inHandle = TPM_RH_FIRST; + inHandle = TPM_RH_FIRST; // scan from input value until we find an implemented permanent handle // or go out of range for(; inHandle <= TPM_RH_LAST; inHandle++) - { - // Skip over gaps in the reserved handle space. - if(inHandle > TPM_RH_FW_NULL && inHandle < SVN_OWNER_FIRST) - inHandle = SVN_OWNER_FIRST; - if(inHandle > SVN_OWNER_FIRST && inHandle <= SVN_OWNER_LAST) - inHandle = SVN_ENDORSEMENT_FIRST; - if(inHandle > SVN_ENDORSEMENT_FIRST && inHandle <= SVN_ENDORSEMENT_LAST) - inHandle = SVN_PLATFORM_FIRST; - if(inHandle > SVN_PLATFORM_FIRST && inHandle <= SVN_PLATFORM_LAST) - inHandle = SVN_NULL_FIRST; - if(inHandle > SVN_NULL_FIRST) - inHandle = TPM_RH_LAST; - - switch(inHandle) - { - case TPM_RH_OWNER: - case TPM_RH_NULL: - case TPM_RS_PW: - case TPM_RH_LOCKOUT: - case TPM_RH_ENDORSEMENT: - case TPM_RH_PLATFORM: - case TPM_RH_PLATFORM_NV: + { + // Skip over gaps in the reserved handle space. + if(inHandle > TPM_RH_FW_NULL && inHandle < SVN_OWNER_FIRST) + inHandle = SVN_OWNER_FIRST; + if(inHandle > SVN_OWNER_FIRST && inHandle <= SVN_OWNER_LAST) + inHandle = SVN_ENDORSEMENT_FIRST; + if(inHandle > SVN_ENDORSEMENT_FIRST && inHandle <= SVN_ENDORSEMENT_LAST) + inHandle = SVN_PLATFORM_FIRST; + if(inHandle > SVN_PLATFORM_FIRST && inHandle <= SVN_PLATFORM_LAST) + inHandle = SVN_NULL_FIRST; + if(inHandle > SVN_NULL_FIRST) + inHandle = TPM_RH_LAST; + + switch(inHandle) + { + case TPM_RH_OWNER: + case TPM_RH_NULL: + case TPM_RS_PW: + case TPM_RH_LOCKOUT: + case TPM_RH_ENDORSEMENT: + case TPM_RH_PLATFORM: + case TPM_RH_PLATFORM_NV: #if FW_LIMITED_SUPPORT - case TPM_RH_FW_OWNER: - case TPM_RH_FW_ENDORSEMENT: - case TPM_RH_FW_PLATFORM: - case TPM_RH_FW_NULL: + case TPM_RH_FW_OWNER: + case TPM_RH_FW_ENDORSEMENT: + case TPM_RH_FW_PLATFORM: + case TPM_RH_FW_NULL: #endif #if SVN_LIMITED_SUPPORT - case TPM_RH_SVN_OWNER_BASE: - case TPM_RH_SVN_ENDORSEMENT_BASE: - case TPM_RH_SVN_PLATFORM_BASE: - case TPM_RH_SVN_NULL_BASE: + case TPM_RH_SVN_OWNER_BASE: + case TPM_RH_SVN_ENDORSEMENT_BASE: + case TPM_RH_SVN_PLATFORM_BASE: + case TPM_RH_SVN_NULL_BASE: #endif #if VENDOR_PERMANENT_AUTH_ENABLED == YES - case VENDOR_PERMANENT_AUTH_HANDLE: + case VENDOR_PERMANENT_AUTH_HANDLE: #endif - // Each of the implemented ACT +// Each of the implemented ACT #define ACT_IMPLEMENTED_CASE(N) case TPM_RH_ACT_##N: - - FOR_EACH_ACT(ACT_IMPLEMENTED_CASE) - - return inHandle; - break; - default: - break; - } - } + + FOR_EACH_ACT(ACT_IMPLEMENTED_CASE) + + return inHandle; + break; + default: + break; + } + } // Out of range on the top return 0; } @@ -152,40 +152,40 @@ NextPermanentHandle(TPM_HANDLE inHandle // IN: the handle to check // NO all the available handles has been returned TPMI_YES_NO PermanentCapGetHandles(TPM_HANDLE handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE* handleList // OUT: list of handle - ) + UINT32 count, // IN: count of returned handles + TPML_HANDLE* handleList // OUT: list of handle +) { TPMI_YES_NO more = NO; UINT32 i; - + pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); - + // Initialize output handle list handleList->count = 0; - + // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) - count = MAX_CAP_HANDLES; - + count = MAX_CAP_HANDLES; + // Iterate permanent handle range for(i = NextPermanentHandle(handle); i != 0; i = NextPermanentHandle(i + 1)) - { - if(handleList->count < count) - { - // If we have not filled up the return list, add this permanent - // handle to it - handleList->handle[handleList->count] = i; - handleList->count++; - } - else - { - // If the return list is full but we still have permanent handle - // available, report this and stop iterating - more = YES; - break; - } - } + { + if(handleList->count < count) + { + // If we have not filled up the return list, add this permanent + // handle to it + handleList->handle[handleList->count] = i; + handleList->count++; + } + else + { + // If the return list is full but we still have permanent handle + // available, report this and stop iterating + more = YES; + break; + } + } return more; } @@ -194,17 +194,17 @@ PermanentCapGetHandles(TPM_HANDLE handle, // IN: start handle BOOL PermanentCapGetOneHandle(TPM_HANDLE handle) // IN: handle { UINT32 i; - + pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); - + // Iterate permanent handle range for(i = NextPermanentHandle(handle); i != 0; i = NextPermanentHandle(i + 1)) - { - if(i == handle) - { - return TRUE; - } - } + { + if(i == handle) + { + return TRUE; + } + } return FALSE; } @@ -217,76 +217,76 @@ BOOL PermanentCapGetOneHandle(TPM_HANDLE handle) // IN: handle // NO all the available handles has been returned TPMI_YES_NO PermanentHandleGetPolicy(TPM_HANDLE handle, // IN: start handle - UINT32 count, // IN: max count of returned handles - TPML_TAGGED_POLICY* policyList // OUT: list of handle - ) + UINT32 count, // IN: max count of returned handles + TPML_TAGGED_POLICY* policyList // OUT: list of handle +) { TPMI_YES_NO more = NO; - + pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); - + // Initialize output handle list policyList->count = 0; - + // The maximum count of policies we may return is MAX_TAGGED_POLICIES if(count > MAX_TAGGED_POLICIES) - count = MAX_TAGGED_POLICIES; - + count = MAX_TAGGED_POLICIES; + // Iterate permanent handle range for(handle = NextPermanentHandle(handle); handle != 0; - handle = NextPermanentHandle(handle + 1)) - { - TPM2B_DIGEST policyDigest; - TPM_ALG_ID policyAlg; - // Check to see if this permanent handle has a policy - policyAlg = EntityGetAuthPolicy(handle, &policyDigest); - if(policyAlg == TPM_ALG_ERROR) - continue; - if(policyList->count < count) - { - // If we have not filled up the return list, add this - // policy to the list; - policyList->policies[policyList->count].handle = handle; - policyList->policies[policyList->count].policyHash.hashAlg = policyAlg; - MemoryCopy(&policyList->policies[policyList->count].policyHash.digest, - policyDigest.t.buffer, - policyDigest.t.size); - policyList->count++; - } - else - { - // If the return list is full but we still have permanent handle - // available, report this and stop iterating - more = YES; - break; - } - } + handle = NextPermanentHandle(handle + 1)) + { + TPM2B_DIGEST policyDigest; + TPM_ALG_ID policyAlg; + // Check to see if this permanent handle has a policy + policyAlg = EntityGetAuthPolicy(handle, &policyDigest); + if(policyAlg == TPM_ALG_ERROR) + continue; + if(policyList->count < count) + { + // If we have not filled up the return list, add this + // policy to the list; + policyList->policies[policyList->count].handle = handle; + policyList->policies[policyList->count].policyHash.hashAlg = policyAlg; + MemoryCopy(&policyList->policies[policyList->count].policyHash.digest, + policyDigest.t.buffer, + policyDigest.t.size); + policyList->count++; + } + else + { + // If the return list is full but we still have permanent handle + // available, report this and stop iterating + more = YES; + break; + } + } return more; } //*** PermanentHandleGetOnePolicy() // This function returns a permanent handle's policy, if present. BOOL PermanentHandleGetOnePolicy(TPM_HANDLE handle, // IN: handle - TPMS_TAGGED_POLICY* policy // OUT: tagged policy - ) + TPMS_TAGGED_POLICY* policy // OUT: tagged policy +) { pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); - + if(NextPermanentHandle(handle) == handle) - { - TPM2B_DIGEST policyDigest; - TPM_ALG_ID policyAlg; - // Check to see if this permanent handle has a policy - policyAlg = EntityGetAuthPolicy(handle, &policyDigest); - if(policyAlg == TPM_ALG_ERROR) - { - return FALSE; - } - policy->handle = handle; - policy->policyHash.hashAlg = policyAlg; - MemoryCopy( - &policy->policyHash.digest, policyDigest.t.buffer, policyDigest.t.size); - return TRUE; - } + { + TPM2B_DIGEST policyDigest; + TPM_ALG_ID policyAlg; + // Check to see if this permanent handle has a policy + policyAlg = EntityGetAuthPolicy(handle, &policyDigest); + if(policyAlg == TPM_ALG_ERROR) + { + return FALSE; + } + policy->handle = handle; + policy->policyHash.hashAlg = policyAlg; + MemoryCopy( + &policy->policyHash.digest, policyDigest.t.buffer, policyDigest.t.size); + return TRUE; + } return FALSE; } diff --git a/src/tpm2/Handle_fp.h b/src/tpm2/Handle_fp.h index 0b4e7cc3..a746a475 100644 --- a/src/tpm2/Handle_fp.h +++ b/src/tpm2/Handle_fp.h @@ -58,33 +58,63 @@ /* */ /********************************************************************************/ -#ifndef HANDLE_FP_H -#define HANDLE_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ +#ifndef _HANDLE_FP_H_ +#define _HANDLE_FP_H_ + +//*** HandleGetType() +// This function returns the type of a handle which is the MSO of the handle. TPM_HT -HandleGetType( - TPM_HANDLE handle // IN: a handle to be checked - ); -TPM_HANDLE -NextPermanentHandle( - TPM_HANDLE inHandle // IN: the handle to check - ); -TPMI_YES_NO -PermanentCapGetHandles( - TPM_HANDLE handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ); -BOOL PermanentCapGetOneHandle(TPM_HANDLE handle // IN: handle - ); -TPMI_YES_NO -PermanentHandleGetPolicy( - TPM_HANDLE handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_TAGGED_POLICY *policyList // OUT: list of handle - ); -BOOL PermanentHandleGetOnePolicy(TPM_HANDLE handle, // IN: handle - TPMS_TAGGED_POLICY* policy // OUT: tagged policy - ); +HandleGetType(TPM_HANDLE handle // IN: a handle to be checked +); -#endif +//*** NextPermanentHandle() +// This function returns the permanent handle that is equal to the input value or +// is the next higher value. If there is no handle with the input value and there +// is no next higher value, it returns 0: +TPM_HANDLE +NextPermanentHandle(TPM_HANDLE inHandle // IN: the handle to check +); + +//*** PermanentCapGetHandles() +// This function returns a list of the permanent handles of PCR, started from +// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list +// will be returned with 'more' set to NO. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +PermanentCapGetHandles(TPM_HANDLE handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE* handleList // OUT: list of handle +); + +//*** PermanentCapGetOneHandle() +// This function returns whether a permanent handle exists. +BOOL PermanentCapGetOneHandle(TPM_HANDLE handle // IN: handle +); + +//*** PermanentHandleGetPolicy() +// This function returns a list of the permanent handles of PCR, started from +// 'handle'. If 'handle' is larger than the largest permanent handle, an empty list +// will be returned with 'more' set to NO. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +PermanentHandleGetPolicy(TPM_HANDLE handle, // IN: start handle + UINT32 count, // IN: max count of returned handles + TPML_TAGGED_POLICY* policyList // OUT: list of handle +); + +//*** PermanentHandleGetOnePolicy() +// This function returns a permanent handle's policy, if present. +BOOL PermanentHandleGetOnePolicy(TPM_HANDLE handle, // IN: handle + TPMS_TAGGED_POLICY* policy // OUT: tagged policy +); + +#endif // _HANDLE_FP_H_ diff --git a/src/tpm2/HashSequenceStart_fp.h b/src/tpm2/HashSequenceStart_fp.h index 9f7d9fc1..fc3fbfed 100644 --- a/src/tpm2/HashSequenceStart_fp.h +++ b/src/tpm2/HashSequenceStart_fp.h @@ -59,30 +59,34 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef HASHSEQUENCESTART_FP_H -#define HASHSEQUENCESTART_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPM2B_AUTH auth; - TPMI_ALG_HASH hashAlg; +#if CC_HashSequenceStart // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_HASHSEQUENCESTART_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_HASHSEQUENCESTART_FP_H_ + +// Input structure definition +typedef struct +{ + TPM2B_AUTH auth; + TPMI_ALG_HASH hashAlg; } HashSequenceStart_In; -#define RC_HashSequenceStart_auth (TPM_RC_P + TPM_RC_1) -#define RC_HashSequenceStart_hashAlg (TPM_RC_P + TPM_RC_2) - -typedef struct { - TPMI_DH_OBJECT sequenceHandle; +// Output structure definition +typedef struct +{ + TPMI_DH_OBJECT sequenceHandle; } HashSequenceStart_Out; +// Response code modifiers +# define RC_HashSequenceStart_auth (TPM_RC_P + TPM_RC_1) +# define RC_HashSequenceStart_hashAlg (TPM_RC_P + TPM_RC_2) - +// Function prototype TPM_RC -TPM2_HashSequenceStart( - HashSequenceStart_In *in, // IN: input parameter list - HashSequenceStart_Out *out // OUT: output parameter list - ); +TPM2_HashSequenceStart(HashSequenceStart_In* in, HashSequenceStart_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_HASHSEQUENCESTART_FP_H_ +#endif // CC_HashSequenceStart diff --git a/src/tpm2/HashTestData.h b/src/tpm2/HashTestData.h index ea0b0af1..79280626 100644 --- a/src/tpm2/HashTestData.h +++ b/src/tpm2/HashTestData.h @@ -59,72 +59,81 @@ /* */ /********************************************************************************/ -#ifndef HASHTESTDATA_H -#define HASHTESTDATA_H +// +// Hash Test Vectors +// -/* 10.1.8 HashTestData.h */ -/* Hash Test Vectors */ -TPM2B_TYPE(HASH_TEST_KEY, 128); // Twice the largest digest size -TPM2B_HASH_TEST_KEY c_hashTestKey = {{128, { - 0xa0,0xed,0x5c,0x9a,0xd2,0x4a,0x21,0x40,0x1a,0xd0,0x81,0x47,0x39,0x63,0xf9,0x50, - 0xdc,0x59,0x47,0x11,0x40,0x13,0x99,0x92,0xc0,0x72,0xa4,0x0f,0xe2,0x33,0xe4,0x63, - 0x9b,0xb6,0x76,0xc3,0x1e,0x6f,0x13,0xee,0xcc,0x99,0x71,0xa5,0xc0,0xcf,0x9a,0x40, - 0xcf,0xdb,0x66,0x70,0x05,0x63,0x54,0x12,0x25,0xf4,0xe0,0x1b,0x23,0x35,0xe3,0x70, - 0x7d,0x19,0x5f,0x00,0xe4,0xf1,0x61,0x73,0x05,0xd8,0x58,0x7f,0x60,0x61,0x84,0x36, - 0xec,0xbe,0x96,0x1b,0x69,0x00,0xf0,0x9a,0x6e,0xe3,0x26,0x73,0x0d,0x17,0x5b,0x33, - 0x41,0x44,0x9d,0x90,0xab,0xd9,0x6b,0x7d,0x48,0x99,0x25,0x93,0x29,0x14,0x2b,0xce, - 0x93,0x8d,0x8c,0xaf,0x31,0x0e,0x9c,0x57,0xd8,0x5b,0x57,0x20,0x1b,0x9f,0x2d,0xa5 - }}}; +TPM2B_TYPE(HASH_TEST_KEY, 128); // Twice the largest digest size +TPM2B_HASH_TEST_KEY c_hashTestKey = { + {128, + {0xa0, 0xed, 0x5c, 0x9a, 0xd2, 0x4a, 0x21, 0x40, 0x1a, 0xd0, 0x81, 0x47, 0x39, + 0x63, 0xf9, 0x50, 0xdc, 0x59, 0x47, 0x11, 0x40, 0x13, 0x99, 0x92, 0xc0, 0x72, + 0xa4, 0x0f, 0xe2, 0x33, 0xe4, 0x63, 0x9b, 0xb6, 0x76, 0xc3, 0x1e, 0x6f, 0x13, + 0xee, 0xcc, 0x99, 0x71, 0xa5, 0xc0, 0xcf, 0x9a, 0x40, 0xcf, 0xdb, 0x66, 0x70, + 0x05, 0x63, 0x54, 0x12, 0x25, 0xf4, 0xe0, 0x1b, 0x23, 0x35, 0xe3, 0x70, 0x7d, + 0x19, 0x5f, 0x00, 0xe4, 0xf1, 0x61, 0x73, 0x05, 0xd8, 0x58, 0x7f, 0x60, 0x61, + 0x84, 0x36, 0xec, 0xbe, 0x96, 0x1b, 0x69, 0x00, 0xf0, 0x9a, 0x6e, 0xe3, 0x26, + 0x73, 0x0d, 0x17, 0x5b, 0x33, 0x41, 0x44, 0x9d, 0x90, 0xab, 0xd9, 0x6b, 0x7d, + 0x48, 0x99, 0x25, 0x93, 0x29, 0x14, 0x2b, 0xce, 0x93, 0x8d, 0x8c, 0xaf, 0x31, + 0x0e, 0x9c, 0x57, 0xd8, 0x5b, 0x57, 0x20, 0x1b, 0x9f, 0x2d, 0xa5}}}; + +TPM2B_TYPE(HASH_TEST_DATA, 256); // Twice the largest block size +TPM2B_HASH_TEST_DATA c_hashTestData = { + {256, + {0x88, 0xac, 0xc3, 0xe5, 0x5f, 0x66, 0x9d, 0x18, 0x80, 0xc9, 0x7a, 0x9c, 0xa4, + 0x08, 0x90, 0x98, 0x0f, 0x3a, 0x53, 0x92, 0x4c, 0x67, 0x4e, 0xb7, 0x37, 0xec, + 0x67, 0x87, 0xb6, 0xbe, 0x10, 0xca, 0x11, 0x5b, 0x4a, 0x0b, 0x45, 0xc3, 0x32, + 0x68, 0x48, 0x69, 0xce, 0x25, 0x1b, 0xc8, 0xaf, 0x44, 0x79, 0x22, 0x83, 0xc8, + 0xfb, 0xe2, 0x63, 0x94, 0xa2, 0x3c, 0x59, 0x3e, 0x3e, 0xc6, 0x64, 0x2c, 0x1f, + 0x8c, 0x11, 0x93, 0x24, 0xa3, 0x17, 0xc5, 0x2f, 0x37, 0xcf, 0x95, 0x97, 0x8e, + 0x63, 0x39, 0x68, 0xd5, 0xca, 0xba, 0x18, 0x37, 0x69, 0x6e, 0x4f, 0x19, 0xfd, + 0x8a, 0xc0, 0x8d, 0x87, 0x3a, 0xbc, 0x31, 0x42, 0x04, 0x05, 0xef, 0xb5, 0x02, + 0xef, 0x1e, 0x92, 0x4b, 0xb7, 0x73, 0x2c, 0x8c, 0xeb, 0x23, 0x13, 0x81, 0x34, + 0xb9, 0xb5, 0xc1, 0x17, 0x37, 0x39, 0xf8, 0x3e, 0xe4, 0x4c, 0x06, 0xa8, 0x81, + 0x52, 0x2f, 0xef, 0xc9, 0x9c, 0x69, 0x89, 0xbc, 0x85, 0x9c, 0x30, 0x16, 0x02, + 0xca, 0xe3, 0x61, 0xd4, 0x0f, 0xed, 0x34, 0x1b, 0xca, 0xc1, 0x1b, 0xd1, 0xfa, + 0xc1, 0xa2, 0xe0, 0xdf, 0x52, 0x2f, 0x0b, 0x4b, 0x9f, 0x0e, 0x45, 0x54, 0xb9, + 0x17, 0xb6, 0xaf, 0xd6, 0xd5, 0xca, 0x90, 0x29, 0x57, 0x7b, 0x70, 0x50, 0x94, + 0x5c, 0x8e, 0xf6, 0x4e, 0x21, 0x8b, 0xc6, 0x8b, 0xa6, 0xbc, 0xb9, 0x64, 0xd4, + 0x4d, 0xf3, 0x68, 0xd8, 0xac, 0xde, 0xd8, 0xd8, 0xb5, 0x6d, 0xcd, 0x93, 0xeb, + 0x28, 0xa4, 0xe2, 0x5c, 0x44, 0xef, 0xf0, 0xe1, 0x6f, 0x38, 0x1a, 0x3c, 0xe6, + 0xef, 0xa2, 0x9d, 0xb9, 0xa8, 0x05, 0x2a, 0x95, 0xec, 0x5f, 0xdb, 0xb0, 0x25, + 0x67, 0x9c, 0x86, 0x7a, 0x8e, 0xea, 0x51, 0xcc, 0xc3, 0xd3, 0xff, 0x6e, 0xf0, + 0xed, 0xa3, 0xae, 0xf9, 0x5d, 0x33, 0x70, 0xf2, 0x11}}}; -TPM2B_TYPE(HASH_TEST_DATA, 256); // Twice the largest block size -TPM2B_HASH_TEST_DATA c_hashTestData = {{256, { - 0x88,0xac,0xc3,0xe5,0x5f,0x66,0x9d,0x18,0x80,0xc9,0x7a,0x9c,0xa4,0x08,0x90,0x98, - 0x0f,0x3a,0x53,0x92,0x4c,0x67,0x4e,0xb7,0x37,0xec,0x67,0x87,0xb6,0xbe,0x10,0xca, - 0x11,0x5b,0x4a,0x0b,0x45,0xc3,0x32,0x68,0x48,0x69,0xce,0x25,0x1b,0xc8,0xaf,0x44, - 0x79,0x22,0x83,0xc8,0xfb,0xe2,0x63,0x94,0xa2,0x3c,0x59,0x3e,0x3e,0xc6,0x64,0x2c, - 0x1f,0x8c,0x11,0x93,0x24,0xa3,0x17,0xc5,0x2f,0x37,0xcf,0x95,0x97,0x8e,0x63,0x39, - 0x68,0xd5,0xca,0xba,0x18,0x37,0x69,0x6e,0x4f,0x19,0xfd,0x8a,0xc0,0x8d,0x87,0x3a, - 0xbc,0x31,0x42,0x04,0x05,0xef,0xb5,0x02,0xef,0x1e,0x92,0x4b,0xb7,0x73,0x2c,0x8c, - 0xeb,0x23,0x13,0x81,0x34,0xb9,0xb5,0xc1,0x17,0x37,0x39,0xf8,0x3e,0xe4,0x4c,0x06, - 0xa8,0x81,0x52,0x2f,0xef,0xc9,0x9c,0x69,0x89,0xbc,0x85,0x9c,0x30,0x16,0x02,0xca, - 0xe3,0x61,0xd4,0x0f,0xed,0x34,0x1b,0xca,0xc1,0x1b,0xd1,0xfa,0xc1,0xa2,0xe0,0xdf, - 0x52,0x2f,0x0b,0x4b,0x9f,0x0e,0x45,0x54,0xb9,0x17,0xb6,0xaf,0xd6,0xd5,0xca,0x90, - 0x29,0x57,0x7b,0x70,0x50,0x94,0x5c,0x8e,0xf6,0x4e,0x21,0x8b,0xc6,0x8b,0xa6,0xbc, - 0xb9,0x64,0xd4,0x4d,0xf3,0x68,0xd8,0xac,0xde,0xd8,0xd8,0xb5,0x6d,0xcd,0x93,0xeb, - 0x28,0xa4,0xe2,0x5c,0x44,0xef,0xf0,0xe1,0x6f,0x38,0x1a,0x3c,0xe6,0xef,0xa2,0x9d, - 0xb9,0xa8,0x05,0x2a,0x95,0xec,0x5f,0xdb,0xb0,0x25,0x67,0x9c,0x86,0x7a,0x8e,0xea, - 0x51,0xcc,0xc3,0xd3,0xff,0x6e,0xf0,0xed,0xa3,0xae,0xf9,0x5d,0x33,0x70,0xf2,0x11 - }}}; #if ALG_SHA1 == YES TPM2B_TYPE(SHA1, 20); -TPM2B_SHA1 c_SHA1_digest = {{20, { - 0xee,0x2c,0xef,0x93,0x76,0xbd,0xf8,0x91,0xbc,0xe6,0xe5,0x57,0x53,0x77,0x01,0xb5, - 0x70,0x95,0xe5,0x40 - }}}; +TPM2B_SHA1 c_SHA1_digest = { + {20, {0xee, 0x2c, 0xef, 0x93, 0x76, 0xbd, 0xf8, 0x91, 0xbc, 0xe6, + 0xe5, 0x57, 0x53, 0x77, 0x01, 0xb5, 0x70, 0x95, 0xe5, 0x40}}}; #endif + #if ALG_SHA256 == YES TPM2B_TYPE(SHA256, 32); -TPM2B_SHA256 c_SHA256_digest = {{32, { - 0x64,0xe8,0xe0,0xc3,0xa9,0xa4,0x51,0x49,0x10,0x55,0x8d,0x31,0x71,0xe5,0x2f,0x69, - 0x3a,0xdc,0xc7,0x11,0x32,0x44,0x61,0xbd,0x34,0x39,0x57,0xb0,0xa8,0x75,0x86,0x1b - }}}; +TPM2B_SHA256 c_SHA256_digest = { + {32, {0x64, 0xe8, 0xe0, 0xc3, 0xa9, 0xa4, 0x51, 0x49, 0x10, 0x55, 0x8d, + 0x31, 0x71, 0xe5, 0x2f, 0x69, 0x3a, 0xdc, 0xc7, 0x11, 0x32, 0x44, + 0x61, 0xbd, 0x34, 0x39, 0x57, 0xb0, 0xa8, 0x75, 0x86, 0x1b}}}; #endif + #if ALG_SHA384 == YES TPM2B_TYPE(SHA384, 48); -TPM2B_SHA384 c_SHA384_digest = {{48, { - 0x37,0x75,0x29,0xb5,0x20,0x15,0x6e,0xa3,0x7e,0xa3,0x0d,0xcd,0x80,0xa8,0xa3,0x3d, - 0xeb,0xe8,0xad,0x4e,0x1c,0x77,0x94,0x5a,0xaf,0x6c,0xd0,0xc1,0xfa,0x43,0x3f,0xc7, - 0xb8,0xf1,0x01,0xc0,0x60,0xbf,0xf2,0x87,0xe8,0x71,0x9e,0x51,0x97,0xa0,0x09,0x8d - }}}; +TPM2B_SHA384 c_SHA384_digest = { + {48, {0x37, 0x75, 0x29, 0xb5, 0x20, 0x15, 0x6e, 0xa3, 0x7e, 0xa3, 0x0d, 0xcd, + 0x80, 0xa8, 0xa3, 0x3d, 0xeb, 0xe8, 0xad, 0x4e, 0x1c, 0x77, 0x94, 0x5a, + 0xaf, 0x6c, 0xd0, 0xc1, 0xfa, 0x43, 0x3f, 0xc7, 0xb8, 0xf1, 0x01, 0xc0, + 0x60, 0xbf, 0xf2, 0x87, 0xe8, 0x71, 0x9e, 0x51, 0x97, 0xa0, 0x09, 0x8d}}}; #endif + #if ALG_SHA512 == YES TPM2B_TYPE(SHA512, 64); -TPM2B_SHA512 c_SHA512_digest = {{64, { - 0xe2,0x7b,0x10,0x3d,0x5e,0x48,0x58,0x44,0x67,0xac,0xa3,0x81,0x8c,0x1d,0xc5,0x71, - 0x66,0x92,0x8a,0x89,0xaa,0xd4,0x35,0x51,0x60,0x37,0x31,0xd7,0xba,0xe7,0x93,0x0b, - 0x16,0x4d,0xb3,0xc8,0x34,0x98,0x3c,0xd3,0x53,0xde,0x5e,0xe8,0x0c,0xbc,0xaf,0xc9, - 0x24,0x2c,0xcc,0xed,0xdb,0xde,0xba,0x1f,0x14,0x14,0x5a,0x95,0x80,0xde,0x66,0xbd - }}}; +TPM2B_SHA512 c_SHA512_digest = { + {64, + {0xe2, 0x7b, 0x10, 0x3d, 0x5e, 0x48, 0x58, 0x44, 0x67, 0xac, 0xa3, 0x81, 0x8c, + 0x1d, 0xc5, 0x71, 0x66, 0x92, 0x8a, 0x89, 0xaa, 0xd4, 0x35, 0x51, 0x60, 0x37, + 0x31, 0xd7, 0xba, 0xe7, 0x93, 0x0b, 0x16, 0x4d, 0xb3, 0xc8, 0x34, 0x98, 0x3c, + 0xd3, 0x53, 0xde, 0x5e, 0xe8, 0x0c, 0xbc, 0xaf, 0xc9, 0x24, 0x2c, 0xcc, 0xed, + 0xdb, 0xde, 0xba, 0x1f, 0x14, 0x14, 0x5a, 0x95, 0x80, 0xde, 0x66, 0xbd}}}; #endif TPM2B_TYPE(EMPTY, 1); @@ -207,4 +216,3 @@ static const struct CMACTest { #endif // libtpms added end -#endif diff --git a/src/tpm2/Hash_fp.h b/src/tpm2/Hash_fp.h index 710fffc4..a1a7bd82 100644 --- a/src/tpm2/Hash_fp.h +++ b/src/tpm2/Hash_fp.h @@ -59,31 +59,37 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef HASH_FP_H -#define HASH_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPM2B_MAX_BUFFER data; - TPMI_ALG_HASH hashAlg; - TPMI_RH_HIERARCHY hierarchy; +#if CC_Hash // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_HASH_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_HASH_FP_H_ + +// Input structure definition +typedef struct +{ + TPM2B_MAX_BUFFER data; + TPMI_ALG_HASH hashAlg; + TPMI_RH_HIERARCHY hierarchy; } Hash_In; -#define RC_Hash_data (TPM_RC_P + TPM_RC_1) -#define RC_Hash_hashAlg (TPM_RC_P + TPM_RC_2) -#define RC_Hash_hierarchy (TPM_RC_P + TPM_RC_3) - -typedef struct { - TPM2B_DIGEST outHash; - TPMT_TK_HASHCHECK validation; +// Output structure definition +typedef struct +{ + TPM2B_DIGEST outHash; + TPMT_TK_HASHCHECK validation; } Hash_Out; +// Response code modifiers +# define RC_Hash_data (TPM_RC_P + TPM_RC_1) +# define RC_Hash_hashAlg (TPM_RC_P + TPM_RC_2) +# define RC_Hash_hierarchy (TPM_RC_P + TPM_RC_3) + +// Function prototype TPM_RC -TPM2_Hash( - Hash_In *in, // IN: input parameter list - Hash_Out *out // OUT: output parameter list - ); +TPM2_Hash(Hash_In* in, Hash_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_HASH_FP_H_ +#endif // CC_Hash diff --git a/src/tpm2/Hierarchy.c b/src/tpm2/Hierarchy.c index fba2748b..22328c72 100644 --- a/src/tpm2/Hierarchy.c +++ b/src/tpm2/Hierarchy.c @@ -69,11 +69,11 @@ //**HIERARCHY_MODIFIER_TYPE // This enumerates the possible hierarchy modifiers. typedef enum - { - HM_NONE = 0, - HM_FW_LIMITED, // Hierarchy is firmware-limited. - HM_SVN_LIMITED // Hierarchy is SVN-limited. - } HIERARCHY_MODIFIER_TYPE; +{ + HM_NONE = 0, + HM_FW_LIMITED, // Hierarchy is firmware-limited. + HM_SVN_LIMITED // Hierarchy is SVN-limited. +} HIERARCHY_MODIFIER_TYPE; //*** HIERARCHY_MODIFIER Structure // A HIERARCHY_MODIFIER structure holds metadata about an OBJECT's @@ -82,7 +82,7 @@ typedef struct HIERARCHY_MODIFIER { HIERARCHY_MODIFIER_TYPE type; // The type of modification. uint16_t min_svn; // The minimum SVN to which the hierarchy is limited. - // Only valid if 'type' is HM_SVN_LIMITED. + // Only valid if 'type' is HM_SVN_LIMITED. } HIERARCHY_MODIFIER; //** Functions @@ -161,7 +161,7 @@ void HierarchyPreInstall_Init(void) // This function is called at TPM2_Startup() to initialize the hierarchy // related values. BOOL HierarchyStartup(STARTUP_TYPE type // IN: start up type - ) +) { // phEnable is SET on any startup g_phEnable = TRUE; @@ -169,24 +169,24 @@ BOOL HierarchyStartup(STARTUP_TYPE type // IN: start up type // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and // TPM_RESTART if(type != SU_RESUME) - { - gc.platformAuth.t.size = 0; - gc.platformPolicy.t.size = 0; - gc.platformAlg = TPM_ALG_NULL; + { + gc.platformAuth.t.size = 0; + gc.platformPolicy.t.size = 0; + gc.platformAlg = TPM_ALG_NULL; - // enable the storage and endorsement hierarchies and the platformNV - gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE; - } + // enable the storage and endorsement hierarchies and the platformNV + gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE; + } // nullProof and nullSeed are updated at every TPM_RESET if((type != SU_RESTART) && (type != SU_RESUME)) - { - gr.nullProof.t.size = sizeof(gr.nullProof.t.buffer); - CryptRandomGenerate(gr.nullProof.t.size, gr.nullProof.t.buffer); - gr.nullSeed.t.size = sizeof(gr.nullSeed.t.buffer); - CryptRandomGenerate(gr.nullSeed.t.size, gr.nullSeed.t.buffer); - gr.nullSeedCompatLevel = RuntimeProfileGetSeedCompatLevel(); // libtpms added - } + { + gr.nullProof.t.size = sizeof(gr.nullProof.t.buffer); + CryptRandomGenerate(gr.nullProof.t.size, gr.nullProof.t.buffer); + gr.nullSeed.t.size = sizeof(gr.nullSeed.t.buffer); + CryptRandomGenerate(gr.nullSeed.t.size, gr.nullSeed.t.buffer); + gr.nullSeedCompatLevel = RuntimeProfileGetSeedCompatLevel(); // libtpms added + } return TRUE; } @@ -195,8 +195,8 @@ BOOL HierarchyStartup(STARTUP_TYPE type // IN: start up type // This function extracts the base hierarchy and modifier from a given handle. // Returns the base hierarchy. static TPMI_RH_HIERARCHY DecomposeHandle(TPMI_RH_HIERARCHY handle, // IN - HIERARCHY_MODIFIER* modifier // OUT - ) + HIERARCHY_MODIFIER* modifier // OUT +) { TPMI_RH_HIERARCHY base_hierarchy = handle; @@ -204,64 +204,64 @@ static TPMI_RH_HIERARCHY DecomposeHandle(TPMI_RH_HIERARCHY handle, // IN // See if the handle is firmware-bound. switch(handle) - { - case TPM_RH_FW_OWNER: - { - modifier->type = HM_FW_LIMITED; - base_hierarchy = TPM_RH_OWNER; - break; - } - case TPM_RH_FW_ENDORSEMENT: - { - modifier->type = HM_FW_LIMITED; - base_hierarchy = TPM_RH_ENDORSEMENT; - break; - } - case TPM_RH_FW_PLATFORM: - { - modifier->type = HM_FW_LIMITED; - base_hierarchy = TPM_RH_PLATFORM; - break; - } - case TPM_RH_FW_NULL: - { - modifier->type = HM_FW_LIMITED; - base_hierarchy = TPM_RH_NULL; - break; - } - } + { + case TPM_RH_FW_OWNER: + { + modifier->type = HM_FW_LIMITED; + base_hierarchy = TPM_RH_OWNER; + break; + } + case TPM_RH_FW_ENDORSEMENT: + { + modifier->type = HM_FW_LIMITED; + base_hierarchy = TPM_RH_ENDORSEMENT; + break; + } + case TPM_RH_FW_PLATFORM: + { + modifier->type = HM_FW_LIMITED; + base_hierarchy = TPM_RH_PLATFORM; + break; + } + case TPM_RH_FW_NULL: + { + modifier->type = HM_FW_LIMITED; + base_hierarchy = TPM_RH_NULL; + break; + } + } if(modifier->type == HM_FW_LIMITED) - { - return base_hierarchy; - } + { + return base_hierarchy; + } // See if the handle is SVN-bound. switch(handle & 0xFFFF0000) - { - case TPM_RH_SVN_OWNER_BASE: - modifier->type = HM_SVN_LIMITED; - base_hierarchy = TPM_RH_OWNER; - break; - case TPM_RH_SVN_ENDORSEMENT_BASE: - modifier->type = HM_SVN_LIMITED; - base_hierarchy = TPM_RH_ENDORSEMENT; - break; - case TPM_RH_SVN_PLATFORM_BASE: - modifier->type = HM_SVN_LIMITED; - base_hierarchy = TPM_RH_PLATFORM; - break; - case TPM_RH_SVN_NULL_BASE: - modifier->type = HM_SVN_LIMITED; - base_hierarchy = TPM_RH_NULL; - break; - } + { + case TPM_RH_SVN_OWNER_BASE: + modifier->type = HM_SVN_LIMITED; + base_hierarchy = TPM_RH_OWNER; + break; + case TPM_RH_SVN_ENDORSEMENT_BASE: + modifier->type = HM_SVN_LIMITED; + base_hierarchy = TPM_RH_ENDORSEMENT; + break; + case TPM_RH_SVN_PLATFORM_BASE: + modifier->type = HM_SVN_LIMITED; + base_hierarchy = TPM_RH_PLATFORM; + break; + case TPM_RH_SVN_NULL_BASE: + modifier->type = HM_SVN_LIMITED; + base_hierarchy = TPM_RH_NULL; + break; + } if(modifier->type == HM_SVN_LIMITED) - { - modifier->min_svn = handle & 0x0000FFFF; - return base_hierarchy; - } + { + modifier->min_svn = handle & 0x0000FFFF; + return base_hierarchy; + } // Handle is neither FW- nor SVN-bound; return it unmodified. return handle; @@ -282,55 +282,55 @@ static TPMI_RH_HIERARCHY DecomposeHandle(TPMI_RH_HIERARCHY handle, // IN // to derive the Firmware SVN Secret for the requested // SVN. static TPM_RC GetAdditionalSecret(const HIERARCHY_MODIFIER* modifier, // IN - TPM2B_SEED* secret_buffer, // OUT - const TPM2B** secret_label // OUT - ) + TPM2B_SEED* secret_buffer, // OUT + const TPM2B** secret_label // OUT +) { switch(modifier->type) - { - case HM_FW_LIMITED: - { + { + case HM_FW_LIMITED: + { #if FW_LIMITED_SUPPORT - if(_plat__GetTpmFirmwareSecret(sizeof(secret_buffer->t.buffer), - secret_buffer->t.buffer, - &secret_buffer->t.size) - != 0) - { - return TPM_RC_FW_LIMITED; - } + if(_plat__GetTpmFirmwareSecret(sizeof(secret_buffer->t.buffer), + secret_buffer->t.buffer, + &secret_buffer->t.size) + != 0) + { + return TPM_RC_FW_LIMITED; + } - *secret_label = HIERARCHY_FW_SECRET_LABEL; - break; + *secret_label = HIERARCHY_FW_SECRET_LABEL; + break; #else - return TPM_RC_FW_LIMITED; + return TPM_RC_FW_LIMITED; #endif // FW_LIMITED_SUPPORT - } - case HM_SVN_LIMITED: - { + } + case HM_SVN_LIMITED: + { #if SVN_LIMITED_SUPPORT - if(_plat__GetTpmFirmwareSvnSecret(modifier->min_svn, - sizeof(secret_buffer->t.buffer), - secret_buffer->t.buffer, - &secret_buffer->t.size) - != 0) - { - return TPM_RC_SVN_LIMITED; - } + if(_plat__GetTpmFirmwareSvnSecret(modifier->min_svn, + sizeof(secret_buffer->t.buffer), + secret_buffer->t.buffer, + &secret_buffer->t.size) + != 0) + { + return TPM_RC_SVN_LIMITED; + } - *secret_label = HIERARCHY_SVN_SECRET_LABEL; - break; + *secret_label = HIERARCHY_SVN_SECRET_LABEL; + break; #else - return TPM_RC_SVN_LIMITED; + return TPM_RC_SVN_LIMITED; #endif // SVN_LIMITED_SUPPORT - } - case HM_NONE: - default: - { - secret_buffer->t.size = 0; - *secret_label = NULL; - break; - } - } + } + case HM_NONE: + default: + { + secret_buffer->t.size = 0; + *secret_label = NULL; + break; + } + } return TPM_RC_SUCCESS; } @@ -351,38 +351,38 @@ static TPM_RC GetAdditionalSecret(const HIERARCHY_MODIFIER* modifier, // I // to derive the Firmware SVN Secret for the requested // SVN. static TPM_RC MixAdditionalSecret(const HIERARCHY_MODIFIER* modifier, // IN - const TPM2B* base_secret_label, // IN - const TPM2B* base_secret, // IN - TPM2B* output_secret // OUT - ) + const TPM2B* base_secret_label, // IN + const TPM2B* base_secret, // IN + TPM2B* output_secret // OUT +) { TPM_RC result = TPM_RC_SUCCESS; TPM2B_SEED additional_secret; const TPM2B* additional_secret_label = NULL; result = - GetAdditionalSecret(modifier, &additional_secret, &additional_secret_label); + GetAdditionalSecret(modifier, &additional_secret, &additional_secret_label); if(result != TPM_RC_SUCCESS) - return result; + return result; output_secret->size = base_secret->size; if(additional_secret.b.size == 0) - { - memcpy(output_secret->buffer, base_secret->buffer, base_secret->size); - } + { + memcpy(output_secret->buffer, base_secret->buffer, base_secret->size); + } else - { - CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, - base_secret, - base_secret_label, - &additional_secret.b, - additional_secret_label, - base_secret->size * 8, - output_secret->buffer, - NULL, - FALSE); - } + { + CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, + base_secret, + base_secret_label, + &additional_secret.b, + additional_secret_label, + base_secret->size * 8, + output_secret->buffer, + NULL, + FALSE); + } MemorySet(additional_secret.b.buffer, 0, additional_secret.b.size); @@ -393,90 +393,90 @@ static TPM_RC MixAdditionalSecret(const HIERARCHY_MODIFIER* modifier, // This function derives the proof value associated with a hierarchy. It returns a // buffer containing the proof value. TPM_RC HierarchyGetProof(TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant - TPM2B_PROOF* proof // OUT: proof buffer - ) + TPM2B_PROOF* proof // OUT: proof buffer +) { TPM2B_PROOF* base_proof = NULL; HIERARCHY_MODIFIER modifier; switch(DecomposeHandle(hierarchy, &modifier)) - { - case TPM_RH_PLATFORM: - // phProof for TPM_RH_PLATFORM - base_proof = &gp.phProof; - break; - case TPM_RH_ENDORSEMENT: - // ehProof for TPM_RH_ENDORSEMENT - base_proof = &gp.ehProof; - break; - case TPM_RH_OWNER: - // shProof for TPM_RH_OWNER - base_proof = &gp.shProof; - break; - default: - // nullProof for TPM_RH_NULL or anything else - base_proof = &gr.nullProof; - break; - } + { + case TPM_RH_PLATFORM: + // phProof for TPM_RH_PLATFORM + base_proof = &gp.phProof; + break; + case TPM_RH_ENDORSEMENT: + // ehProof for TPM_RH_ENDORSEMENT + base_proof = &gp.ehProof; + break; + case TPM_RH_OWNER: + // shProof for TPM_RH_OWNER + base_proof = &gp.shProof; + break; + default: + // nullProof for TPM_RH_NULL or anything else + base_proof = &gr.nullProof; + break; + } return MixAdditionalSecret( - &modifier, HIERARCHY_PROOF_SECRET_LABEL, &base_proof->b, &proof->b); + &modifier, HIERARCHY_PROOF_SECRET_LABEL, &base_proof->b, &proof->b); } //*** HierarchyGetPrimarySeed() // This function derives the primary seed of a hierarchy. TPM_RC HierarchyGetPrimarySeed(TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy - TPM2B_SEED* seed // OUT: seed buffer - ) + TPM2B_SEED* seed // OUT: seed buffer +) { TPM2B_SEED* base_seed = NULL; HIERARCHY_MODIFIER modifier; switch(DecomposeHandle(hierarchy, &modifier)) - { - case TPM_RH_PLATFORM: - base_seed = &gp.PPSeed; - break; - case TPM_RH_OWNER: - base_seed = &gp.SPSeed; - break; - case TPM_RH_ENDORSEMENT: - base_seed = &gp.EPSeed; - break; - default: - base_seed = &gr.nullSeed; - break; - } + { + case TPM_RH_PLATFORM: + base_seed = &gp.PPSeed; + break; + case TPM_RH_OWNER: + base_seed = &gp.SPSeed; + break; + case TPM_RH_ENDORSEMENT: + base_seed = &gp.EPSeed; + break; + default: + base_seed = &gr.nullSeed; + break; + } return MixAdditionalSecret( - &modifier, HIERARCHY_SEED_SECRET_LABEL, &base_seed->b, &seed->b); + &modifier, HIERARCHY_SEED_SECRET_LABEL, &base_seed->b, &seed->b); } // libtpms added begin SEED_COMPAT_LEVEL HierarchyGetPrimarySeedCompatLevel( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy - ) + TPMI_RH_HIERARCHY hierarchy // IN: hierarchy + ) { HIERARCHY_MODIFIER modifier; switch(DecomposeHandle(hierarchy, &modifier)) - { - case TPM_RH_PLATFORM: - return gp.PPSeedCompatLevel; - break; - case TPM_RH_OWNER: - return gp.SPSeedCompatLevel; - break; - case TPM_RH_ENDORSEMENT: - return gp.EPSeedCompatLevel; - break; - case TPM_RH_NULL: - return gr.nullSeedCompatLevel; - default: - return RuntimeProfileGetSeedCompatLevel(); - break; - } + { + case TPM_RH_PLATFORM: + return gp.PPSeedCompatLevel; + break; + case TPM_RH_OWNER: + return gp.SPSeedCompatLevel; + break; + case TPM_RH_ENDORSEMENT: + return gp.EPSeedCompatLevel; + break; + case TPM_RH_NULL: + return gr.nullSeedCompatLevel; + default: + return RuntimeProfileGetSeedCompatLevel(); + break; + } } // libtpms added end @@ -491,7 +491,7 @@ HierarchyGetPrimarySeedCompatLevel( // is greater than the TPM's current SVN. // TPM_RC_VALUE Hierarchy is not valid TPM_RC ValidateHierarchy(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy - ) +) { BOOL enabled; HIERARCHY_MODIFIER modifier; @@ -500,50 +500,50 @@ TPM_RC ValidateHierarchy(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy // Modifier-specific checks. switch(modifier.type) - { - case HM_NONE: - break; - case HM_FW_LIMITED: - { + { + case HM_NONE: + break; + case HM_FW_LIMITED: + { #if FW_LIMITED_SUPPORT - break; + break; #else - return TPM_RC_FW_LIMITED; + return TPM_RC_FW_LIMITED; #endif // FW_LIMITED_SUPPORT - } - case HM_SVN_LIMITED: - { + } + case HM_SVN_LIMITED: + { #if SVN_LIMITED_SUPPORT - // SVN-limited hierarchies are only enabled for SVNs less than or - // equal to the current firmware's SVN. - if(modifier.min_svn > _plat__GetTpmFirmwareSvn()) - { - return TPM_RC_SVN_LIMITED; - } - break; + // SVN-limited hierarchies are only enabled for SVNs less than or + // equal to the current firmware's SVN. + if(modifier.min_svn > _plat__GetTpmFirmwareSvn()) + { + return TPM_RC_SVN_LIMITED; + } + break; #else - return TPM_RC_SVN_LIMITED; + return TPM_RC_SVN_LIMITED; #endif // SVN_LIMITED_SUPPORT - } - } + } + } switch(hierarchy) - { - case TPM_RH_PLATFORM: - enabled = g_phEnable; - break; - case TPM_RH_OWNER: - enabled = gc.shEnable; - break; - case TPM_RH_ENDORSEMENT: - enabled = gc.ehEnable; - break; - case TPM_RH_NULL: - enabled = TRUE; - break; - default: - return TPM_RC_VALUE; - } + { + case TPM_RH_PLATFORM: + enabled = g_phEnable; + break; + case TPM_RH_OWNER: + enabled = gc.shEnable; + break; + case TPM_RH_ENDORSEMENT: + enabled = gc.ehEnable; + break; + case TPM_RH_NULL: + enabled = TRUE; + break; + default: + return TPM_RC_VALUE; + } return enabled ? TPM_RC_SUCCESS : TPM_RC_HIERARCHY; } @@ -555,7 +555,7 @@ TPM_RC ValidateHierarchy(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy // TRUE(1) hierarchy is enabled // FALSE(0) hierarchy is disabled BOOL HierarchyIsEnabled(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy - ) +) { return ValidateHierarchy(hierarchy) == TPM_RC_SUCCESS; } @@ -564,7 +564,7 @@ BOOL HierarchyIsEnabled(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy // This function accepts a handle that may or may not be FW- or SVN-bound, // and returns the base hierarchy to which the handle refers. TPMI_RH_HIERARCHY HierarchyNormalizeHandle(TPMI_RH_HIERARCHY handle // IN: handle - ) +) { HIERARCHY_MODIFIER unused_modifier; @@ -575,7 +575,7 @@ TPMI_RH_HIERARCHY HierarchyNormalizeHandle(TPMI_RH_HIERARCHY handle // IN: hand // This function accepts a hierarchy handle and returns whether it is firmware- // limited. BOOL HierarchyIsFirmwareLimited(TPMI_RH_HIERARCHY handle // IN - ) +) { HIERARCHY_MODIFIER modifier; @@ -587,7 +587,7 @@ BOOL HierarchyIsFirmwareLimited(TPMI_RH_HIERARCHY handle // IN // This function accepts a hierarchy handle and returns whether it is SVN- // limited. BOOL HierarchyIsSvnLimited(TPMI_RH_HIERARCHY handle // IN - ) +) { HIERARCHY_MODIFIER modifier; diff --git a/src/tpm2/HierarchyChangeAuth_fp.h b/src/tpm2/HierarchyChangeAuth_fp.h index 74f03973..e8c04dcd 100644 --- a/src/tpm2/HierarchyChangeAuth_fp.h +++ b/src/tpm2/HierarchyChangeAuth_fp.h @@ -59,22 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef HIERARCHYCHANGEAUTH_FP_H -#define HIERARCHYCHANGEAUTH_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_HIERARCHY_AUTH authHandle; - TPM2B_AUTH newAuth; +#if CC_HierarchyChangeAuth // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_HIERARCHYCHANGEAUTH_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_HIERARCHYCHANGEAUTH_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_HIERARCHY_AUTH authHandle; + TPM2B_AUTH newAuth; } HierarchyChangeAuth_In; -#define RC_HierarchyChangeAuth_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_HierarchyChangeAuth_newAuth (TPM_RC_P + TPM_RC_2) +// Response code modifiers +# define RC_HierarchyChangeAuth_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_HierarchyChangeAuth_newAuth (TPM_RC_P + TPM_RC_2) +// Function prototype TPM_RC -TPM2_HierarchyChangeAuth( - HierarchyChangeAuth_In *in // IN: input parameter list - ); +TPM2_HierarchyChangeAuth(HierarchyChangeAuth_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_HIERARCHYCHANGEAUTH_FP_H_ +#endif // CC_HierarchyChangeAuth diff --git a/src/tpm2/HierarchyControl_fp.h b/src/tpm2/HierarchyControl_fp.h index ab22a35a..4c9aea1b 100644 --- a/src/tpm2/HierarchyControl_fp.h +++ b/src/tpm2/HierarchyControl_fp.h @@ -59,25 +59,30 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef HIERARCHYCONTROL_FP_H -#define HIERARCHYCONTROL_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_HIERARCHY authHandle; - TPMI_RH_ENABLES enable; - TPMI_YES_NO state; +#if CC_HierarchyControl // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_HIERARCHYCONTROL_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_HIERARCHYCONTROL_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_HIERARCHY authHandle; + TPMI_RH_ENABLES enable; + TPMI_YES_NO state; } HierarchyControl_In; -#define RC_HierarchyControl_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_HierarchyControl_enable (TPM_RC_P + TPM_RC_1) -#define RC_HierarchyControl_state (TPM_RC_P + TPM_RC_2) +// Response code modifiers +# define RC_HierarchyControl_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_HierarchyControl_enable (TPM_RC_P + TPM_RC_1) +# define RC_HierarchyControl_state (TPM_RC_P + TPM_RC_2) +// Function prototype TPM_RC -TPM2_HierarchyControl( - HierarchyControl_In *in // IN: input parameter list - ); +TPM2_HierarchyControl(HierarchyControl_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_HIERARCHYCONTROL_FP_H_ +#endif // CC_HierarchyControl diff --git a/src/tpm2/Hierarchy_fp.h b/src/tpm2/Hierarchy_fp.h index a45844ee..49a5dcd6 100644 --- a/src/tpm2/Hierarchy_fp.h +++ b/src/tpm2/Hierarchy_fp.h @@ -77,7 +77,7 @@ void HierarchyPreInstall_Init(void); // This function is called at TPM2_Startup() to initialize the hierarchy // related values. BOOL HierarchyStartup(STARTUP_TYPE type // IN: start up type - ); +); //*** HierarchyGetProof() // This function derives the proof value associated with a hierarchy. It returns a @@ -92,8 +92,8 @@ BOOL HierarchyStartup(STARTUP_TYPE type // IN: start up type // to derive the Firmware SVN Secret for the requested // SVN. TPM_RC HierarchyGetProof(TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant - TPM2B_PROOF* proof // OUT: proof buffer - ); + TPM2B_PROOF* proof // OUT: proof buffer +); //*** HierarchyGetPrimarySeed() // This function derives the primary seed of a hierarchy. @@ -107,8 +107,8 @@ TPM_RC HierarchyGetProof(TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant // to derive the Firmware SVN Secret for the requested // SVN. TPM_RC HierarchyGetPrimarySeed(TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy - TPM2B_SEED* seed // OUT: seed buffer - ); + TPM2B_SEED* seed // OUT: seed buffer +); //*** ValidateHierarchy() // This function ensures a given hierarchy is valid and enabled. @@ -121,13 +121,12 @@ TPM_RC HierarchyGetPrimarySeed(TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy // is greater than the TPM's current SVN. // TPM_RC_VALUE Hierarchy is not valid TPM_RC ValidateHierarchy(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy - ); +); // libtpms added begin SEED_COMPAT_LEVEL -HierarchyGetPrimarySeedCompatLevel( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy - ); +HierarchyGetPrimarySeedCompatLevel(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy +); // libtpms added end //*** HierarchyIsEnabled() @@ -137,24 +136,24 @@ HierarchyGetPrimarySeedCompatLevel( // TRUE(1) hierarchy is enabled // FALSE(0) hierarchy is disabled BOOL HierarchyIsEnabled(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy - ); +); //*** HierarchyNormalizeHandle // This function accepts a handle that may or may not be FW- or SVN-bound, // and returns the base hierarchy to which the handle refers. TPMI_RH_HIERARCHY HierarchyNormalizeHandle(TPMI_RH_HIERARCHY handle // IN - ); +); //*** HierarchyIsFirmwareLimited // This function accepts a hierarchy handle and returns whether it is firmware- // limited. BOOL HierarchyIsFirmwareLimited(TPMI_RH_HIERARCHY handle // IN - ); +); //*** HierarchyIsSvnLimited // This function accepts a hierarchy handle and returns whether it is SVN- // limited. BOOL HierarchyIsSvnLimited(TPMI_RH_HIERARCHY handle // IN - ); +); #endif // _HIERARCHY_FP_H_ diff --git a/src/tpm2/Import_fp.h b/src/tpm2/Import_fp.h index f059b98c..67d1e982 100644 --- a/src/tpm2/Import_fp.h +++ b/src/tpm2/Import_fp.h @@ -59,35 +59,42 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef IMPORT_FP_H -#define IMPORT_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT parentHandle; - TPM2B_DATA encryptionKey; - TPM2B_PUBLIC objectPublic; - TPM2B_PRIVATE duplicate; - TPM2B_ENCRYPTED_SECRET inSymSeed; - TPMT_SYM_DEF_OBJECT symmetricAlg; +#if CC_Import // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_IMPORT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_IMPORT_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT parentHandle; + TPM2B_DATA encryptionKey; + TPM2B_PUBLIC objectPublic; + TPM2B_PRIVATE duplicate; + TPM2B_ENCRYPTED_SECRET inSymSeed; + TPMT_SYM_DEF_OBJECT symmetricAlg; } Import_In; -#define RC_Import_parentHandle (TPM_RC_H + TPM_RC_1) -#define RC_Import_encryptionKey (TPM_RC_P + TPM_RC_1) -#define RC_Import_objectPublic (TPM_RC_P + TPM_RC_2) -#define RC_Import_duplicate (TPM_RC_P + TPM_RC_3) -#define RC_Import_inSymSeed (TPM_RC_P + TPM_RC_4) -#define RC_Import_symmetricAlg (TPM_RC_P + TPM_RC_5) - -typedef struct { - TPM2B_PRIVATE outPrivate; +// Output structure definition +typedef struct +{ + TPM2B_PRIVATE outPrivate; } Import_Out; -TPM_RC -TPM2_Import( - Import_In *in, // IN: input parameter list - Import_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_Import_parentHandle (TPM_RC_H + TPM_RC_1) +# define RC_Import_encryptionKey (TPM_RC_P + TPM_RC_1) +# define RC_Import_objectPublic (TPM_RC_P + TPM_RC_2) +# define RC_Import_duplicate (TPM_RC_P + TPM_RC_3) +# define RC_Import_inSymSeed (TPM_RC_P + TPM_RC_4) +# define RC_Import_symmetricAlg (TPM_RC_P + TPM_RC_5) -#endif +// Function prototype +TPM_RC +TPM2_Import(Import_In* in, Import_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_IMPORT_FP_H_ +#endif // CC_Import diff --git a/src/tpm2/IncrementalSelfTest_fp.h b/src/tpm2/IncrementalSelfTest_fp.h index f8173522..4cecbb0d 100644 --- a/src/tpm2/IncrementalSelfTest_fp.h +++ b/src/tpm2/IncrementalSelfTest_fp.h @@ -59,26 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef INCREMENTALSELFTEST_FP_H -#define INCREMENTALSELFTEST_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct{ - TPML_ALG toTest; +#if CC_IncrementalSelfTest // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_INCREMENTALSELFTEST_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_INCREMENTALSELFTEST_FP_H_ + +// Input structure definition +typedef struct +{ + TPML_ALG toTest; } IncrementalSelfTest_In; -typedef struct{ - TPML_ALG toDoList; -} IncrementalSelfTest_Out; +// Output structure definition +typedef struct +{ + TPML_ALG toDoList; +} IncrementalSelfTest_Out; -#define RC_IncrementalSelfTest_toTest (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_IncrementalSelfTest_toTest (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_IncrementalSelfTest( - IncrementalSelfTest_In *in, // IN: input parameter list - IncrementalSelfTest_Out *out // OUT: output parameter list - ); +TPM2_IncrementalSelfTest(IncrementalSelfTest_In* in, IncrementalSelfTest_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_INCREMENTALSELFTEST_FP_H_ +#endif // CC_IncrementalSelfTest diff --git a/src/tpm2/InternalRoutines.h b/src/tpm2/InternalRoutines.h index 78ffbfdd..f397485f 100644 --- a/src/tpm2/InternalRoutines.h +++ b/src/tpm2/InternalRoutines.h @@ -59,32 +59,35 @@ /* */ /********************************************************************************/ -#ifndef INTERNALROUTINES_H -#define INTERNALROUTINES_H +#ifndef INTERNAL_ROUTINES_H +#define INTERNAL_ROUTINES_H #if !defined _LIB_SUPPORT_H_ && !defined _TPM_H_ -#error "Should not be called" +# error "Should not be called" #endif -/* DRTM functions */ + +// DRTM functions #include "_TPM_Hash_Start_fp.h" #include "_TPM_Hash_Data_fp.h" #include "_TPM_Hash_End_fp.h" -/* Internal subsystem functions */ + +// Internal subsystem functions #include "Object_fp.h" #include "Context_spt_fp.h" #include "Object_spt_fp.h" #include "Entity_fp.h" #include "Session_fp.h" #include "Hierarchy_fp.h" -#include "NVReserved_fp.h" -#include "NVDynamic_fp.h" +#include "NvReserved_fp.h" +#include "NvDynamic_fp.h" #include "NV_spt_fp.h" #include "ACT_spt_fp.h" #include "PCR_fp.h" #include "DA_fp.h" #include "TpmFail_fp.h" #include "SessionProcess_fp.h" -/* Internal support functions */ + +// Internal support functions #include "CommandCodeAttributes_fp.h" #include "Marshal_fp.h" #include "Unmarshal_fp.h" /* kgold */ @@ -97,10 +100,12 @@ #include "Power_fp.h" #include "Response_fp.h" #include "CommandDispatcher_fp.h" + #if CC_AC_Send # include "AC_spt_fp.h" #endif // CC_AC_Send -/* Miscellaneous */ + +// Miscellaneous #include "Bits_fp.h" #include "AlgorithmCap_fp.h" #include "PropertyCap_fp.h" @@ -122,21 +127,24 @@ #include "MathOnByteBuffers_fp.h" #include "CryptSym_fp.h" #include "AlgorithmTests_fp.h" + #if ALG_RSA -#include "CryptRsa_fp.h" -#include "CryptPrimeSieve_fp.h" +# include "CryptRsa_fp.h" +# include "CryptPrimeSieve_fp.h" #endif + #if ALG_ECC -#include "CryptEccMain_fp.h" -#include "CryptEccSignature_fp.h" -#include "CryptEccKeyExchange_fp.h" -#include "CryptEccCrypt_fp.h" +# include "CryptEccMain_fp.h" +# include "CryptEccSignature_fp.h" +# include "CryptEccKeyExchange_fp.h" +# include "CryptEccCrypt_fp.h" #endif + #if CC_MAC || CC_MAC_Start -# include "CryptSmac_fp.h" -# if ALG_CMAC -# include "CryptCmac_fp.h" -# endif +# include "CryptSmac_fp.h" +# if ALG_CMAC +# include "CryptCmac_fp.h" +# endif #endif // Asymmetric Support library Interface // TODO_RENAME_INC_FOLDER: needs a component prefix diff --git a/src/tpm2/IoBuffers.c b/src/tpm2/IoBuffers.c index 03739ede..f9de0ef0 100644 --- a/src/tpm2/IoBuffers.c +++ b/src/tpm2/IoBuffers.c @@ -59,66 +59,66 @@ /* */ /********************************************************************************/ -/* 9.7 IoBuffers.c */ -/* 9.7.1 Includes and Data Definitions */ -/* This definition allows this module to see the values that are private to this module but kept in - Global.c for ease of state migration. */ + +//** Includes and Data Definitions + +// This definition allows this module to "see" the values that are private +// to this module but kept in Global.c for ease of state migration. #define IO_BUFFER_C #include "Tpm.h" #include "IoBuffers_fp.h" -/* 9.7.2 Buffers and Functions */ -/* These buffers are set aside to hold command and response values. In this implementation, it is - not guaranteed that the code will stop accessing the s_actionInputBuffer before starting to put - values in the s_actionOutputBuffer so different buffers are required. */ -/* 9.7.2.1 MemoryIoBufferAllocationReset() */ -/* This function is used to reset the allocation of buffers. */ -void -MemoryIoBufferAllocationReset( - void - ) + +//** Buffers and Functions + +// These buffers are set aside to hold command and response values. In this +// implementation, it is not guaranteed that the code will stop accessing +// the s_actionInputBuffer before starting to put values in the +// s_actionOutputBuffer so different buffers are required. +// + +//*** MemoryIoBufferAllocationReset() +// This function is used to reset the allocation of buffers. +void MemoryIoBufferAllocationReset(void) { s_actionIoAllocation = 0; } -/* 9.7.2.2 MemoryIoBufferZero() */ -/* Function zeros the action I/O buffer at the end of a command. Calling this is not mandatory for - proper functionality. */ -void -MemoryIoBufferZero( - void - ) + +//*** MemoryIoBufferZero() +// Function zeros the action I/O buffer at the end of a command. Calling this is +// not mandatory for proper functionality. +void MemoryIoBufferZero(void) { memset(s_actionIoBuffer, 0, s_actionIoAllocation); } -/* 9.7.2.3 MemoryGetInBuffer() */ -/* This function returns the address of the buffer into which the command parameters will be - unmarshaled in preparation for calling the command actions. */ -BYTE * -MemoryGetInBuffer( - UINT32 size // Size, in bytes, required for the input - // unmarshaling - ) + +//*** MemoryGetInBuffer() +// This function returns the address of the buffer into which the +// command parameters will be unmarshaled in preparation for calling +// the command actions. +BYTE* MemoryGetInBuffer(UINT32 size // Size, in bytes, required for the input + // unmarshaling +) { pAssert(size <= sizeof(s_actionIoBuffer)); - // In this implementation, a static buffer is set aside for the command action - // buffers. The buffer is shared between input and output. This is because - // there is no need to allocate for the worst case input and worst case output - // at the same time. - // Round size up -#define UoM (sizeof(s_actionIoBuffer[0])) +// In this implementation, a static buffer is set aside for the command action +// buffers. The buffer is shared between input and output. This is because +// there is no need to allocate for the worst case input and worst case output +// at the same time. +// Round size up +#define UoM (sizeof(s_actionIoBuffer[0])) size = (size + (UoM - 1)) & (UINT32_MAX - (UoM - 1)); memset(s_actionIoBuffer, 0, size); s_actionIoAllocation = size; - return (BYTE *)&s_actionIoBuffer[0]; + return (BYTE*)&s_actionIoBuffer[0]; } -/* 9.7.2.4 MemoryGetOutBuffer() */ -/* This function returns the address of the buffer into which the command action code places its - output values. */ -BYTE * -MemoryGetOutBuffer( - UINT32 size // required size of the buffer - ) + +//*** MemoryGetOutBuffer() +// This function returns the address of the buffer into which the command +// action code places its output values. +BYTE* MemoryGetOutBuffer(UINT32 size // required size of the buffer +) { - BYTE *retVal = (BYTE *)(&s_actionIoBuffer[s_actionIoAllocation / UoM]); + BYTE* retVal = (BYTE*)(&s_actionIoBuffer[s_actionIoAllocation / UoM]); pAssert((size + s_actionIoAllocation) < (sizeof(s_actionIoBuffer))); // In this implementation, a static buffer is set aside for the command action // output buffer. @@ -126,20 +126,14 @@ MemoryGetOutBuffer( s_actionIoAllocation += size; return retVal; } -/* 9.7.2.5 IsLabelProperlyFormatted() */ -/* This function checks that a label is a null-terminated string. */ -/* NOTE: this function is here because there was no better place for it. */ -/* Return Value Meaning */ -/* FALSE string is not null terminated */ -/* TRUE string is null terminated */ -BOOL -IsLabelProperlyFormatted( - TPM2B *x - ) +//*** IsLabelProperlyFormatted() +// This function checks that a label is a null-terminated string. +// NOTE: this function is here because there was no better place for it. +// Return Type: BOOL +// TRUE(1) string is null terminated +// FALSE(0) string is not null terminated +BOOL IsLabelProperlyFormatted(TPM2B* x) { return (((x)->size == 0) || ((x)->buffer[(x)->size - 1] == 0)); } - - - diff --git a/src/tpm2/IoBuffers_fp.h b/src/tpm2/IoBuffers_fp.h index 91113e1e..90e26b85 100644 --- a/src/tpm2/IoBuffers_fp.h +++ b/src/tpm2/IoBuffers_fp.h @@ -59,29 +59,43 @@ /* */ /********************************************************************************/ -#ifndef IOBUFFERS_FP_H -#define IOBUFFERS_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ -void -MemoryIoBufferAllocationReset( - void - ); -void -MemoryIoBufferZero( - void - ); -BYTE * -MemoryGetInBuffer( - UINT32 size // Size, in bytes, required for the input - // unmarshaling - ); -BYTE * -MemoryGetOutBuffer( - UINT32 size // required size of the buffer - ); -BOOL -IsLabelProperlyFormatted( - TPM2B *x - ); +#ifndef _IO_BUFFERS_FP_H_ +#define _IO_BUFFERS_FP_H_ -#endif +//*** MemoryIoBufferAllocationReset() +// This function is used to reset the allocation of buffers. +void MemoryIoBufferAllocationReset(void); + +//*** MemoryIoBufferZero() +// Function zeros the action I/O buffer at the end of a command. Calling this is +// not mandatory for proper functionality. +void MemoryIoBufferZero(void); + +//*** MemoryGetInBuffer() +// This function returns the address of the buffer into which the +// command parameters will be unmarshaled in preparation for calling +// the command actions. +BYTE* MemoryGetInBuffer(UINT32 size // Size, in bytes, required for the input + // unmarshaling +); + +//*** MemoryGetOutBuffer() +// This function returns the address of the buffer into which the command +// action code places its output values. +BYTE* MemoryGetOutBuffer(UINT32 size // required size of the buffer +); + +//*** IsLabelProperlyFormatted() +// This function checks that a label is a null-terminated string. +// NOTE: this function is here because there was no better place for it. +// Return Type: BOOL +// TRUE(1) string is null terminated +// FALSE(0) string is not null terminated +BOOL IsLabelProperlyFormatted(TPM2B* x); + +#endif // _IO_BUFFERS_FP_H_ diff --git a/src/tpm2/KdfTestData.h b/src/tpm2/KdfTestData.h index aa6c9cec..a632fd75 100644 --- a/src/tpm2/KdfTestData.h +++ b/src/tpm2/KdfTestData.h @@ -59,42 +59,67 @@ /* */ /********************************************************************************/ + // // Hash Test Vectors // -#define TEST_KDF_KEY_SIZE 20 +#define TEST_KDF_KEY_SIZE 20 + TPM2B_TYPE(KDF_TEST_KEY, TEST_KDF_KEY_SIZE); -TPM2B_KDF_TEST_KEY c_kdfTestKeyIn = {{TEST_KDF_KEY_SIZE, { - 0x27, 0x1F, 0xA0, 0x8B, 0xBD, 0xC5, 0x06, 0x0E, 0xC3, 0xDF, - 0xA9, 0x28, 0xFF, 0x9B, 0x73, 0x12, 0x3A, 0x12, 0xDA, 0x0C }}}; +TPM2B_KDF_TEST_KEY c_kdfTestKeyIn = { + {TEST_KDF_KEY_SIZE, + {0x27, 0x1F, 0xA0, 0x8B, 0xBD, 0xC5, 0x06, 0x0E, 0xC3, 0xDF, + 0xA9, 0x28, 0xFF, 0x9B, 0x73, 0x12, 0x3A, 0x12, 0xDA, 0x0C}}}; + TPM2B_TYPE(KDF_TEST_LABEL, 17); -TPM2B_KDF_TEST_LABEL c_kdfTestLabel = {{17, { - 0x4B, 0x44, 0x46, 0x53, 0x45, 0x4C, 0x46, 0x54, - 0x45, 0x53, 0x54, 0x4C, 0x41, 0x42, 0x45, 0x4C, 0x00 }}}; +TPM2B_KDF_TEST_LABEL c_kdfTestLabel = {{17, + {0x4B, + 0x44, + 0x46, + 0x53, + 0x45, + 0x4C, + 0x46, + 0x54, + 0x45, + 0x53, + 0x54, + 0x4C, + 0x41, + 0x42, + 0x45, + 0x4C, + 0x00}}}; + TPM2B_TYPE(KDF_TEST_CONTEXT, 8); -TPM2B_KDF_TEST_CONTEXT c_kdfTestContextU = {{8, { - 0xCE, 0x24, 0x4F, 0x39, 0x5D, 0xCA, 0x73, 0x91 }}}; -TPM2B_KDF_TEST_CONTEXT c_kdfTestContextV = {{8, { - 0xDA, 0x50, 0x40, 0x31, 0xDD, 0xF1, 0x2E, 0x83 }}}; +TPM2B_KDF_TEST_CONTEXT c_kdfTestContextU = { + {8, {0xCE, 0x24, 0x4F, 0x39, 0x5D, 0xCA, 0x73, 0x91}}}; + +TPM2B_KDF_TEST_CONTEXT c_kdfTestContextV = { + {8, {0xDA, 0x50, 0x40, 0x31, 0xDD, 0xF1, 0x2E, 0x83}}}; + #if ALG_SHA512 == ALG_YES -TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { - 0x8b, 0xe2, 0xc1, 0xb8, 0x5b, 0x78, 0x56, 0x9b, 0x9f, 0xa7, - 0x59, 0xf5, 0x85, 0x7c, 0x56, 0xd6, 0x84, 0x81, 0x0f, 0xd3 }}}; -#define KDF_TEST_ALG TPM_ALG_SHA512 +TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = { + {20, {0x8b, 0xe2, 0xc1, 0xb8, 0x5b, 0x78, 0x56, 0x9b, 0x9f, 0xa7, + 0x59, 0xf5, 0x85, 0x7c, 0x56, 0xd6, 0x84, 0x81, 0x0f, 0xd3}}}; +# define KDF_TEST_ALG TPM_ALG_SHA512 + #elif ALG_SHA384 == ALG_YES -TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { - 0x1d, 0xce, 0x70, 0xc9, 0x11, 0x3e, 0xb2, 0xdb, 0xa4, 0x7b, - 0xd9, 0xcf, 0xc7, 0x2b, 0xf4, 0x6f, 0x45, 0xb0, 0x93, 0x12 }}}; -#define KDF_TEST_ALG TPM_ALG_SHA384 +TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = { + {20, {0x1d, 0xce, 0x70, 0xc9, 0x11, 0x3e, 0xb2, 0xdb, 0xa4, 0x7b, + 0xd9, 0xcf, 0xc7, 0x2b, 0xf4, 0x6f, 0x45, 0xb0, 0x93, 0x12}}}; +# define KDF_TEST_ALG TPM_ALG_SHA384 + #elif ALG_SHA256 == ALG_YES -TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { - 0xbb, 0x02, 0x59, 0xe1, 0xc8, 0xba, 0x60, 0x7e, 0x6a, 0x2c, - 0xd7, 0x04, 0xb6, 0x9a, 0x90, 0x2e, 0x9a, 0xde, 0x84, 0xc4 }}}; -#define KDF_TEST_ALG TPM_ALG_SHA256 +TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = { + {20, {0xbb, 0x02, 0x59, 0xe1, 0xc8, 0xba, 0x60, 0x7e, 0x6a, 0x2c, + 0xd7, 0x04, 0xb6, 0x9a, 0x90, 0x2e, 0x9a, 0xde, 0x84, 0xc4}}}; +# define KDF_TEST_ALG TPM_ALG_SHA256 + #elif ALG_SHA1 == ALG_YES -TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { - 0x55, 0xb5, 0xa7, 0x18, 0x4a, 0xa0, 0x74, 0x23, 0xc4, 0x7d, - 0xae, 0x76, 0x6c, 0x26, 0xa2, 0x37, 0x7d, 0x7c, 0xf8, 0x51 }}}; -#define KDF_TEST_ALG TPM_ALG_SHA1 +TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = { + {20, {0x55, 0xb5, 0xa7, 0x18, 0x4a, 0xa0, 0x74, 0x23, 0xc4, 0x7d, + 0xae, 0x76, 0x6c, 0x26, 0xa2, 0x37, 0x7d, 0x7c, 0xf8, 0x51}}}; +# define KDF_TEST_ALG TPM_ALG_SHA1 #endif diff --git a/src/tpm2/LoadExternal_fp.h b/src/tpm2/LoadExternal_fp.h index f57f942d..ee7c2a15 100644 --- a/src/tpm2/LoadExternal_fp.h +++ b/src/tpm2/LoadExternal_fp.h @@ -59,29 +59,37 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef LOADEXTERNAL_FP_H -#define LOADEXTERNAL_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPM2B_SENSITIVE inPrivate; - TPM2B_PUBLIC inPublic; - TPMI_RH_HIERARCHY hierarchy; -} LoadExternal_In; +#if CC_LoadExternal // Command must be enabled -#define RC_LoadExternal_inPrivate (TPM_RC_P + TPM_RC_1) -#define RC_LoadExternal_inPublic (TPM_RC_P + TPM_RC_2) -#define RC_LoadExternal_hierarchy (TPM_RC_P + TPM_RC_3) +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_LOADEXTERNAL_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_LOADEXTERNAL_FP_H_ -typedef struct { - TPM_HANDLE objectHandle; - TPM2B_NAME name; +// Input structure definition +typedef struct +{ + TPM2B_SENSITIVE inPrivate; + TPM2B_PUBLIC inPublic; + TPMI_RH_HIERARCHY hierarchy; +} LoadExternal_In; + +// Output structure definition +typedef struct +{ + TPM_HANDLE objectHandle; + TPM2B_NAME name; } LoadExternal_Out; +// Response code modifiers +# define RC_LoadExternal_inPrivate (TPM_RC_P + TPM_RC_1) +# define RC_LoadExternal_inPublic (TPM_RC_P + TPM_RC_2) +# define RC_LoadExternal_hierarchy (TPM_RC_P + TPM_RC_3) + +// Function prototype TPM_RC -TPM2_LoadExternal( - LoadExternal_In *in, // IN: input parameter list - LoadExternal_Out *out // OUT: output parameter list - ); -#endif +TPM2_LoadExternal(LoadExternal_In* in, LoadExternal_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_LOADEXTERNAL_FP_H_ +#endif // CC_LoadExternal diff --git a/src/tpm2/Load_fp.h b/src/tpm2/Load_fp.h index 7d5c2a5f..304b3062 100644 --- a/src/tpm2/Load_fp.h +++ b/src/tpm2/Load_fp.h @@ -59,30 +59,37 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef LOAD_FP_H -#define LOAD_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT parentHandle; - TPM2B_PRIVATE inPrivate; - TPM2B_PUBLIC inPublic; +#if CC_Load // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_LOAD_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_LOAD_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT parentHandle; + TPM2B_PRIVATE inPrivate; + TPM2B_PUBLIC inPublic; } Load_In; -#define RC_Load_parentHandle (TPM_RC_H + TPM_RC_1) -#define RC_Load_inPrivate (TPM_RC_P + TPM_RC_1) -#define RC_Load_inPublic (TPM_RC_P + TPM_RC_2) - -typedef struct { - TPM_HANDLE objectHandle; - TPM2B_NAME name; +// Output structure definition +typedef struct +{ + TPM_HANDLE objectHandle; + TPM2B_NAME name; } Load_Out; -TPM_RC -TPM2_Load( - Load_In *in, // IN: input parameter list - Load_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_Load_parentHandle (TPM_RC_H + TPM_RC_1) +# define RC_Load_inPrivate (TPM_RC_P + TPM_RC_1) +# define RC_Load_inPublic (TPM_RC_P + TPM_RC_2) -#endif +// Function prototype +TPM_RC +TPM2_Load(Load_In* in, Load_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_LOAD_FP_H_ +#endif // CC_Load diff --git a/src/tpm2/Locality.c b/src/tpm2/Locality.c index d3f08c9e..f9cf2354 100644 --- a/src/tpm2/Locality.c +++ b/src/tpm2/Locality.c @@ -59,41 +59,43 @@ /* */ /********************************************************************************/ -/* 9.8 Locality.c */ -/* 9.8.1 Includes */ +//** Includes #include "Tpm.h" -/* 9.8.2 LocalityGetAttributes() */ -/* This function will convert a locality expressed as an integer into TPMA_LOCALITY form. */ -/* The function returns the locality attribute. */ + +//** LocalityGetAttributes() +// This function will convert a locality expressed as an integer into +// TPMA_LOCALITY form. +// +// The function returns the locality attribute. TPMA_LOCALITY -LocalityGetAttributes( - UINT8 locality // IN: locality value - ) +LocalityGetAttributes(UINT8 locality // IN: locality value +) { - TPMA_LOCALITY locality_attributes; - BYTE *localityAsByte = (BYTE *)&locality_attributes; + TPMA_LOCALITY locality_attributes; + BYTE* localityAsByte = (BYTE*)&locality_attributes; + MemorySet(&locality_attributes, 0, sizeof(TPMA_LOCALITY)); switch(locality) - { - case 0: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_ZERO); - break; - case 1: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_ONE); - break; - case 2: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_TWO); - break; - case 3: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_THREE); - break; - case 4: - SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_FOUR); - break; - default: - pAssert(locality > 31); - *localityAsByte = locality; - break; - } + { + case 0: + SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_ZERO); + break; + case 1: + SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_ONE); + break; + case 2: + SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_TWO); + break; + case 3: + SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_THREE); + break; + case 4: + SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_FOUR); + break; + default: + pAssert(locality > 31); + *localityAsByte = locality; + break; + } return locality_attributes; } diff --git a/src/tpm2/LocalityPlat.c b/src/tpm2/LocalityPlat.c index c3dc7de5..cf297d1d 100644 --- a/src/tpm2/LocalityPlat.c +++ b/src/tpm2/LocalityPlat.c @@ -59,29 +59,26 @@ /* */ /********************************************************************************/ -/* C.5 LocalityPlat.c */ -/* C.5.1. Includes */ +//** Includes #include "Platform.h" -/* C.5.2. Functions */ -/* C.5.2.1. _plat__LocalityGet() */ -/* Get the most recent command locality in locality value form. This is an integer value for - locality and not a locality structure The locality can be 0-4 or 32-255. 5-31 is not allowed. */ -LIB_EXPORT unsigned char -_plat__LocalityGet( - void - ) + +//** Functions + +//***_plat__LocalityGet() +// Get the most recent command locality in locality value form. +// This is an integer value for locality and not a locality structure +// The locality can be 0-4 or 32-255. 5-31 is not allowed. +LIB_EXPORT unsigned char _plat__LocalityGet(void) { return s_locality; } -/* C.5.2.2. _plat__LocalitySet() */ -/* Set the most recent command locality in locality value form */ -LIB_EXPORT void -_plat__LocalitySet( - unsigned char locality - ) + +//***_plat__LocalitySet() +// Set the most recent command locality in locality value form +LIB_EXPORT void _plat__LocalitySet(unsigned char locality) { if(locality > 4 && locality < 32) - locality = 0; + locality = 0; s_locality = locality; return; } diff --git a/src/tpm2/Locality_fp.h b/src/tpm2/Locality_fp.h index 35921269..b0a3056c 100644 --- a/src/tpm2/Locality_fp.h +++ b/src/tpm2/Locality_fp.h @@ -59,13 +59,21 @@ /* */ /********************************************************************************/ -#ifndef LOCALITY_FP_H -#define LOCALITY_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ +#ifndef _LOCALITY_FP_H_ +#define _LOCALITY_FP_H_ + +//** LocalityGetAttributes() +// This function will convert a locality expressed as an integer into +// TPMA_LOCALITY form. +// +// The function returns the locality attribute. TPMA_LOCALITY -LocalityGetAttributes( - UINT8 locality // IN: locality value - ); +LocalityGetAttributes(UINT8 locality // IN: locality value +); - -#endif +#endif // _LOCALITY_FP_H_ diff --git a/src/tpm2/MAC_Start_fp.h b/src/tpm2/MAC_Start_fp.h index 6d73ad1e..5d4879a3 100644 --- a/src/tpm2/MAC_Start_fp.h +++ b/src/tpm2/MAC_Start_fp.h @@ -59,30 +59,36 @@ /* */ /********************************************************************************/ -/* rev 146 */ -#ifndef MAC_START_FP_H -#define MAC_START_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_AUTH auth; - TPMI_ALG_MAC_SCHEME inScheme; +#if CC_MAC_Start // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_MAC_START_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_MAC_START_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT handle; + TPM2B_AUTH auth; + TPMI_ALG_MAC_SCHEME inScheme; } MAC_Start_In; -typedef struct { - TPMI_DH_OBJECT sequenceHandle; +// Output structure definition +typedef struct +{ + TPMI_DH_OBJECT sequenceHandle; } MAC_Start_Out; -#define RC_MAC_Start_handle (TPM_RC_H + TPM_RC_1) -#define RC_MAC_Start_auth (TPM_RC_P + TPM_RC_1) -#define RC_MAC_Start_inScheme (TPM_RC_P + TPM_RC_2) +// Response code modifiers +# define RC_MAC_Start_handle (TPM_RC_H + TPM_RC_1) +# define RC_MAC_Start_auth (TPM_RC_P + TPM_RC_1) +# define RC_MAC_Start_inScheme (TPM_RC_P + TPM_RC_2) +// Function prototype TPM_RC -TPM2_MAC_Start( - MAC_Start_In *in, // IN: input parameter list - MAC_Start_Out *out // OUT: output parameter list - ); +TPM2_MAC_Start(MAC_Start_In* in, MAC_Start_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_MAC_START_FP_H_ +#endif // CC_MAC_Start diff --git a/src/tpm2/MAC_fp.h b/src/tpm2/MAC_fp.h index 0dc96794..5faacd3d 100644 --- a/src/tpm2/MAC_fp.h +++ b/src/tpm2/MAC_fp.h @@ -59,30 +59,35 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef MAC_FP_H -#define MAC_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_MAX_BUFFER buffer; - TPMI_ALG_MAC_SCHEME inScheme; +#if CC_MAC // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_MAC_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_MAC_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT handle; + TPM2B_MAX_BUFFER buffer; + TPMI_ALG_MAC_SCHEME inScheme; } MAC_In; -#define RC_MAC_handle (TPM_RC_H + TPM_RC_1) -#define RC_MAC_buffer (TPM_RC_P + TPM_RC_1) -#define RC_MAC_inScheme (TPM_RC_P + TPM_RC_2) - +// Output structure definition typedef struct { TPM2B_MAX_BUFFER outMAC; } MAC_Out; +// Response code modifiers +# define RC_MAC_handle (TPM_RC_H + TPM_RC_1) +# define RC_MAC_buffer (TPM_RC_P + TPM_RC_1) +# define RC_MAC_inScheme (TPM_RC_P + TPM_RC_2) + +// Function prototype TPM_RC -TPM2_MAC( - MAC_In *in, // IN: input parameter list - MAC_Out *out // OUT: output parameter list - ); +TPM2_MAC(MAC_In* in, MAC_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_MAC_FP_H_ +#endif // CC_MAC diff --git a/src/tpm2/MakeCredential_fp.h b/src/tpm2/MakeCredential_fp.h index e824a51c..4ba7b0af 100644 --- a/src/tpm2/MakeCredential_fp.h +++ b/src/tpm2/MakeCredential_fp.h @@ -59,31 +59,37 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef MAKECREDENTIAL_FP_H -#define MAKECREDENTIAL_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT handle; - TPM2B_DIGEST credential; - TPM2B_NAME objectName; +#if CC_MakeCredential // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_MAKECREDENTIAL_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_MAKECREDENTIAL_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT handle; + TPM2B_DIGEST credential; + TPM2B_NAME objectName; } MakeCredential_In; -#define RC_MakeCredential_handle (TPM_RC_H + TPM_RC_1) -#define RC_MakeCredential_credential (TPM_RC_P + TPM_RC_1) -#define RC_MakeCredential_objectName (TPM_RC_P + TPM_RC_2) - - -typedef struct { - TPM2B_ID_OBJECT credentialBlob; - TPM2B_ENCRYPTED_SECRET secret; +// Output structure definition +typedef struct +{ + TPM2B_ID_OBJECT credentialBlob; + TPM2B_ENCRYPTED_SECRET secret; } MakeCredential_Out; -TPM_RC -TPM2_MakeCredential( - MakeCredential_In *in, // IN: input parameter list - MakeCredential_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_MakeCredential_handle (TPM_RC_H + TPM_RC_1) +# define RC_MakeCredential_credential (TPM_RC_P + TPM_RC_1) +# define RC_MakeCredential_objectName (TPM_RC_P + TPM_RC_2) -#endif +// Function prototype +TPM_RC +TPM2_MakeCredential(MakeCredential_In* in, MakeCredential_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_MAKECREDENTIAL_FP_H_ +#endif // CC_MakeCredential diff --git a/src/tpm2/Manufacture.c b/src/tpm2/Manufacture.c index 486fa097..1ff8bdf4 100644 --- a/src/tpm2/Manufacture.c +++ b/src/tpm2/Manufacture.c @@ -58,34 +58,38 @@ /* */ /********************************************************************************/ -/* 9.9 Manufacture.c */ -/* 9.9.1 Description */ -/* This file contains the function that performs the manufacturing of the TPM in a simulated - environment. These functions should not be used outside of a manufacturing or simulation - environment. */ -/* 9.9.2 Includes and Data Definitions */ +//** Description +// This file contains the function that performs the "manufacturing" of the TPM +// in a simulated environment. These functions should not be used outside of +// a manufacturing or simulation environment. + +//** Includes and Data Definitions #define MANUFACTURE_C #include "Tpm.h" #include "TpmSizeChecks_fp.h" #define TPM_HAVE_TPM2_DECLARATIONS #include "tpm_library_intern.h" // libtpms added -/* 9.9.3 Functions */ -/* 9.9.3.1 TPM_Manufacture() */ -/* This function initializes the TPM values in preparation for the TPMs first use. This function - will fail if previously called. The TPM can be re-manufactured by calling TPM_Teardown() first - and then calling this function again. */ -/* Return Values Meaning */ -/* -1 failure */ -/* 0 success */ -/* 1 manufacturing process previously performed */ -LIB_EXPORT int -TPM_Manufacture( - int firstTime, // IN: indicates if this is the first call from - // main() - const char * profile // libtpms: optional profile to use - ) + +//** Functions + +//*** TPM_Manufacture() +// This function initializes the TPM values in preparation for the TPM's first +// use. This function will fail if previously called. The TPM can be re-manufactured +// by calling TPM_Teardown() first and then calling this function again. +// NV must be enabled first (typically with NvPowerOn() via _TPM_Init) +// +// return type: int +// -2 NV System not available +// -1 FAILURE - System is incorrectly compiled. +// 0 success +// 1 manufacturing process previously performed +LIB_EXPORT int TPM_Manufacture( + int firstTime, // IN: indicates if this is the first call from + // main() + const char * profile // libtpms: optional profile to use +) { - TPM_SU orderlyShutdown; + TPM_SU orderlyShutdown; // Initialize the context slot mask for UINT16 s_ContextSlotMask = 0xffff; // libtpms added begin @@ -99,27 +103,29 @@ TPM_Manufacture( // Call the function to verify the sizes of values that result from different // compile options. if(!TpmSizeChecks()) - return MANUF_INVALID_CONFIG; + return MANUF_INVALID_CONFIG; #endif - #if LIBRARY_COMPATIBILITY_CHECK // Make sure that the attached library performs as expected. if(!ExtMath_Debug_CompatibilityCheck()) - return MANUF_INVALID_CONFIG; + return MANUF_INVALID_CONFIG; #endif // If TPM has been manufactured, return indication. if(!firstTime && g_manufactured) - return MANUF_ALREADY_DONE; - // trigger failure mode if called in error. + return MANUF_ALREADY_DONE; + // trigger failure mode if called in error. int nvReadyState = _plat__GetNvReadyState(); pAssert(nvReadyState == NV_READY); // else failure mode if(nvReadyState != NV_READY) - { - return MANUF_NV_NOT_READY; - } // Do power on initializations of the cryptographic libraries. + { + return MANUF_NV_NOT_READY; + } + + // Do power on initializations of the cryptographic libraries. CryptInit(); + s_DAPendingOnNV = FALSE; // initialize NV @@ -149,22 +155,26 @@ TPM_Manufacture( // This should happen after NV is initialized because hierarchy data is // stored in NV. HierarchyPreInstall_Init(); + // initialize dictionary attack parameters DAPreInstall_Init(); + // initialize PP list PhysicalPresencePreInstall_Init(); + // initialize command audit list CommandAuditPreInstall_Init(); + // first start up is required to be Startup(CLEAR) orderlyShutdown = TPM_SU_CLEAR; NV_WRITE_PERSISTENT(orderlyState, orderlyShutdown); + // initialize the firmware version gp.firmwareV1 = _plat__GetTpmFirmwareVersionHigh(); gp.firmwareV2 = _plat__GetTpmFirmwareVersionLow(); _plat__GetPlatformManufactureData(gp.platformReserved, - sizeof(gp.platformReserved)); - + sizeof(gp.platformReserved)); NV_SYNC_PERSISTENT(platformReserved); NV_SYNC_PERSISTENT(firmwareV1); @@ -173,56 +183,58 @@ TPM_Manufacture( // initialize the total reset counter to 0 gp.totalResetCount = 0; NV_SYNC_PERSISTENT(totalResetCount); + // initialize the clock stuff - go.clock = 0; + go.clock = 0; go.clockSafe = YES; + NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); + // Commit NV writes. Manufacture process is an artificial process existing // only in simulator environment and it is not defined in the specification // that what should be the expected behavior if the NV write fails at this // point. Therefore, it is assumed the NV write here is always success and // no return code of this function is checked. NvCommit(); + g_manufactured = TRUE; - return 0; + + return MANUF_OK; } -/* 9.9.3.2 TPM_TearDown() */ -/* This function prepares the TPM for re-manufacture. It should not be implemented in anything other - than a simulated TPM. */ -/* In this implementation, all that is needs is to stop the cryptographic units and set a flag to - indicate that the TPM can be re-manufactured. This should be all that is necessary to start the - manufacturing process again. */ -/* Return Values Meaning */ -/* 0 success */ -/* 1 TPM not previously manufactured */ -LIB_EXPORT int -TPM_TearDown( - void - ) + +//*** TPM_TearDown() +// This function prepares the TPM for re-manufacture. It should not be implemented +// in anything other than a simulated TPM. +// +// In this implementation, all that is needs is to stop the cryptographic units +// and set a flag to indicate that the TPM can be re-manufactured. This should +// be all that is necessary to start the manufacturing process again. +// Return Type: int +// 0 success +// 1 TPM not previously manufactured +LIB_EXPORT int TPM_TearDown(void) { RuntimeProfileFree(&g_RuntimeProfile); // libtpms added g_manufactured = FALSE; - return 0; + return TEARDOWN_OK; } + #if 0 /* libtpms added */ -/* 9.9.3.3 TpmEndSimulation() */ -/* This function is called at the end of the simulation run. It is used to provoke printing of any - statistics that might be needed. */ -LIB_EXPORT void -TpmEndSimulation( - void - ) +//*** TpmEndSimulation() +// This function is called at the end of the simulation run. It is used to provoke +// printing of any statistics that might be needed. +LIB_EXPORT void TpmEndSimulation(void) { #if SIMULATION HashLibSimulationEnd(); SymLibSimulationEnd(); MathLibSimulationEnd(); -#if ALG_RSA +# if ALG_RSA RsaSimulationEnd(); -#endif -#if ALG_ECC +# endif +# if ALG_ECC EccSimulationEnd(); -#endif -#endif // SIMULATION +# endif +#endif // SIMULATION } #endif /* libtpms added */ diff --git a/src/tpm2/Manufacture_fp.h b/src/tpm2/Manufacture_fp.h index f23324dc..43f53002 100644 --- a/src/tpm2/Manufacture_fp.h +++ b/src/tpm2/Manufacture_fp.h @@ -81,10 +81,10 @@ #define MANUF_FIRST_TIME 1 #define MANUF_REMANUFACTURE 0 LIB_EXPORT int TPM_Manufacture( - int firstTime, // IN: indicates if this is the first call from - // main() - const char *profile // libtpms added - ); + int firstTime, // IN: indicates if this is the first call from + // main() + const char *profile // libtpms added +); //*** TPM_TearDown() // This function prepares the TPM for re-manufacture. It should not be implemented @@ -106,4 +106,3 @@ LIB_EXPORT int TPM_TearDown(void); LIB_EXPORT void TpmEndSimulation(void); #endif // _MANUFACTURE_FP_H_ - diff --git a/src/tpm2/Marshal.c b/src/tpm2/Marshal.c index d95af381..6b57b693 100644 --- a/src/tpm2/Marshal.c +++ b/src/tpm2/Marshal.c @@ -58,6 +58,7 @@ /* */ /********************************************************************************/ + #include // libtpms added #include diff --git a/src/tpm2/Marshal.h b/src/tpm2/Marshal.h index c904e2b1..f08958b6 100644 --- a/src/tpm2/Marshal.h +++ b/src/tpm2/Marshal.h @@ -58,6 +58,7 @@ /* */ /********************************************************************************/ + //** Introduction // This file is used to provide the things needed by a module that uses the marshaling // functions. It handles the variations between the marshaling choices (procedural or diff --git a/src/tpm2/MathLibraryInterface.h b/src/tpm2/MathLibraryInterface.h index 636331fd..87cb0297 100644 --- a/src/tpm2/MathLibraryInterface.h +++ b/src/tpm2/MathLibraryInterface.h @@ -112,10 +112,10 @@ LIB_EXPORT Crypt_Int* ExtMath_Initialize_Int(Crypt_Int* buffer, NUMBYTES bits); // initialized with it's maximum size. Byte-based Initializers must be MSB first // (TPM external format). LIB_EXPORT Crypt_Int* ExtMath_IntFromBytes( - Crypt_Int* buffer, const BYTE* input, NUMBYTES byteCount); + Crypt_Int* buffer, const BYTE* input, NUMBYTES byteCount); // Convert Crypt_Int into external format as a byte array. LIB_EXPORT BOOL ExtMath_IntToBytes( - const Crypt_Int* value, BYTE* output, NUMBYTES* pByteCount); + const Crypt_Int* value, BYTE* output, NUMBYTES* pByteCount); // Set Crypt_Int to a given small value. Words are native format. LIB_EXPORT Crypt_Int* ExtMath_SetWord(Crypt_Int* buffer, crypt_uword_t word); @@ -135,45 +135,45 @@ LIB_EXPORT BOOL ExtMath_Copy(Crypt_Int* out, const Crypt_Int* in); //** ExtMath_Multiply() // Multiplies two numbers and returns the result LIB_EXPORT BOOL ExtMath_Multiply( - Crypt_Int* result, const Crypt_Int* multiplicand, const Crypt_Int* multiplier); + Crypt_Int* result, const Crypt_Int* multiplicand, const Crypt_Int* multiplier); //** ExtMath_Divide() // This function divides two Crypt_Int* values. The function returns FALSE if there is // an error in the operation. Quotient may be null, in which case this function returns // only the remainder. LIB_EXPORT BOOL ExtMath_Divide(Crypt_Int* quotient, - Crypt_Int* remainder, - const Crypt_Int* dividend, - const Crypt_Int* divisor); + Crypt_Int* remainder, + const Crypt_Int* dividend, + const Crypt_Int* divisor); //** ExtMath_GCD() // Get the greatest common divisor of two numbers. This function is only needed // when the TPM implements RSA. LIB_EXPORT BOOL ExtMath_GCD( - Crypt_Int* gcd, const Crypt_Int* number1, const Crypt_Int* number2); + Crypt_Int* gcd, const Crypt_Int* number1, const Crypt_Int* number2); //*** ExtMath_Add() // This function adds two Crypt_Int* values. This function always returns TRUE. LIB_EXPORT BOOL ExtMath_Add( - Crypt_Int* result, const Crypt_Int* op1, const Crypt_Int* op2); + Crypt_Int* result, const Crypt_Int* op1, const Crypt_Int* op2); //*** ExtMath_AddWord() // This function adds a word value to a Crypt_Int*. This function always returns TRUE. LIB_EXPORT BOOL ExtMath_AddWord( - Crypt_Int* result, const Crypt_Int* op, crypt_uword_t word); + Crypt_Int* result, const Crypt_Int* op, crypt_uword_t word); //*** ExtMath_Subtract() // This function does subtraction of two Crypt_Int* values and returns result = op1 - op2 // when op1 is greater than op2. If op2 is greater than op1, then a fault is // generated. This function always returns TRUE. LIB_EXPORT BOOL ExtMath_Subtract( - Crypt_Int* result, const Crypt_Int* op1, const Crypt_Int* op2); + Crypt_Int* result, const Crypt_Int* op1, const Crypt_Int* op2); //*** ExtMath_SubtractWord() // This function subtracts a word value from a Crypt_Int*. This function always // returns TRUE. LIB_EXPORT BOOL ExtMath_SubtractWord( - Crypt_Int* result, const Crypt_Int* op, crypt_uword_t word); + Crypt_Int* result, const Crypt_Int* op, crypt_uword_t word); // ############################### // Modular Arithmetic, writ large @@ -189,25 +189,25 @@ LIB_EXPORT BOOL ExtMath_Mod(Crypt_Int* valueAndResult, const Crypt_Int* modulus) //** ExtMath_ModMult() // Compute result = (op1 * op2) mod modulus LIB_EXPORT BOOL ExtMath_ModMult(Crypt_Int* result, - const Crypt_Int* op1, - const Crypt_Int* op2, - const Crypt_Int* modulus); + const Crypt_Int* op1, + const Crypt_Int* op2, + const Crypt_Int* modulus); //** ExtMath_ModExp() // Compute result = (number ^ exponent) mod modulus // where ^ indicates exponentiation. // This function is only needed when the TPM implements RSA. LIB_EXPORT BOOL ExtMath_ModExp(Crypt_Int* result, - const Crypt_Int* number, - const Crypt_Int* exponent, - const Crypt_Int* modulus); + const Crypt_Int* number, + const Crypt_Int* exponent, + const Crypt_Int* modulus); //** ExtMath_ModInverse() // Compute the modular multiplicative inverse. // result = (number ^ -1) mod modulus // This function is only needed when the TPM implements RSA. LIB_EXPORT BOOL ExtMath_ModInverse( - Crypt_Int* result, const Crypt_Int* number, const Crypt_Int* modulus); + Crypt_Int* result, const Crypt_Int* number, const Crypt_Int* modulus); //** ExtMath_ModInversePrime() // Compute the modular multiplicative inverse. This is an optimized function for @@ -218,14 +218,14 @@ LIB_EXPORT BOOL ExtMath_ModInverse( // modulus is prime via a timing side-channel. In many cases (e.g. ECC primes), // the prime is not sensitive and this optimized route can be used. LIB_EXPORT BOOL ExtMath_ModInversePrime( - Crypt_Int* result, const Crypt_Int* number, const Crypt_Int* primeModulus); + Crypt_Int* result, const Crypt_Int* number, const Crypt_Int* primeModulus); //*** ExtMath_ModWord() // compute numerator // This function does modular division of a big number when the modulus is a // word value. LIB_EXPORT crypt_word_t ExtMath_ModWord(const Crypt_Int* numerator, - crypt_word_t modulus); + crypt_word_t modulus); // ############################### // Queries @@ -296,8 +296,8 @@ LIB_EXPORT unsigned ExtMath_SizeInBits(const Crypt_Int* n); // should return FALSE, and the TPM will enter failure mode. // Return Type: BOOL LIB_EXPORT BOOL ExtMath_SetBit(Crypt_Int* bn, // IN/OUT: big number to modify - unsigned int bitNum // IN: Bit number to SET - ); + unsigned int bitNum // IN: Bit number to SET +); //*** ExtMath_TestBit() // This function is used to check to see if a bit is SET in a bignum_t. The 0th bit @@ -306,8 +306,8 @@ LIB_EXPORT BOOL ExtMath_SetBit(Crypt_Int* bn, // IN/OUT: big number to mod // TRUE(1) the bit is set // FALSE(0) the bit is not set or the number is out of range LIB_EXPORT BOOL ExtMath_TestBit(Crypt_Int* bn, // IN: number to check - unsigned int bitNum // IN: bit to test - ); + unsigned int bitNum // IN: bit to test +); //***ExtMath_MaskBits() // This function is used to mask off high order bits of a big number. @@ -318,15 +318,15 @@ LIB_EXPORT BOOL ExtMath_TestBit(Crypt_Int* bn, // IN: number to check // TRUE(1) result masked // FALSE(0) the input was not as large as the mask LIB_EXPORT BOOL ExtMath_MaskBits( - Crypt_Int* bn, // IN/OUT: number to mask - crypt_uword_t maskBit // IN: the bit number for the mask. - ); + Crypt_Int* bn, // IN/OUT: number to mask + crypt_uword_t maskBit // IN: the bit number for the mask. +); //*** ExtMath_ShiftRight() // This function will shift a Crypt_Int* to the right by the shiftAmount. // This function always returns TRUE. LIB_EXPORT BOOL ExtMath_ShiftRight( - Crypt_Int* result, const Crypt_Int* toShift, uint32_t shiftAmount); + Crypt_Int* result, const Crypt_Int* toShift, uint32_t shiftAmount); // *************************************************************************** // ECC Functions @@ -337,7 +337,7 @@ LIB_EXPORT BOOL ExtMath_ShiftRight( //** initialize point structure given memory size of each coordinate LIB_EXPORT Crypt_Point* ExtEcc_Initialize_Point(Crypt_Point* buffer, - NUMBYTES bitsPerCoord); + NUMBYTES bitsPerCoord); //** ExtEcc_CurveInitialize() // This function is used to initialize a Crypt_EccCurve structure. The @@ -345,7 +345,7 @@ LIB_EXPORT Crypt_Point* ExtEcc_Initialize_Point(Crypt_Point* buffer, // set by a different function. This function is only needed // if the TPM supports ECC. LIB_EXPORT const Crypt_EccCurve* ExtEcc_CurveInitialize(Crypt_EccCurve* E, - TPM_ECC_CURVE curveId); + TPM_ECC_CURVE curveId); // ################# // DESTRUCTOR - See Warning @@ -362,13 +362,13 @@ LIB_EXPORT void ExtEcc_CurveFree(const Crypt_EccCurve* E); // ################# //** point structure to/from raw coordinate buffers. LIB_EXPORT Crypt_Point* ExtEcc_PointFromBytes(Crypt_Point* buffer, - const BYTE* x, - NUMBYTES nBytesX, - const BYTE* y, - NUMBYTES nBytesY); + const BYTE* x, + NUMBYTES nBytesX, + const BYTE* y, + NUMBYTES nBytesY); LIB_EXPORT BOOL ExtEcc_PointToBytes( - const Crypt_Point* point, BYTE* x, NUMBYTES* nBytesX, BYTE* y, NUMBYTES* nBytesY); + const Crypt_Point* point, BYTE* x, NUMBYTES* nBytesX, BYTE* y, NUMBYTES* nBytesY); // #################### // ECC Point Operations @@ -379,29 +379,29 @@ LIB_EXPORT BOOL ExtEcc_PointToBytes( // indicates that the result was the point at infinity. This function is only needed // if the TPM supports ECC. LIB_EXPORT BOOL ExtEcc_PointMultiply(Crypt_Point* R, - const Crypt_Point* S, - const Crypt_Int* d, - const Crypt_EccCurve* E); + const Crypt_Point* S, + const Crypt_Int* d, + const Crypt_EccCurve* E); //** ExtEcc_PointMultiplyAndAdd() // This function does a point multiply of the form R = [d]S + [u]Q. A return of // FALSE indicates that the result was the point at infinity. This function is only // needed if the TPM supports ECC. LIB_EXPORT BOOL ExtEcc_PointMultiplyAndAdd(Crypt_Point* R, - const Crypt_Point* S, - const Crypt_Int* d, - const Crypt_Point* Q, - const Crypt_Int* u, - const Crypt_EccCurve* E); + const Crypt_Point* S, + const Crypt_Int* d, + const Crypt_Point* Q, + const Crypt_Int* u, + const Crypt_EccCurve* E); //** ExtEcc_PointAdd() // This function does a point add R = S + Q. A return of FALSE // indicates that the result was the point at infinity. This function is only needed // if the TPM supports ECC. LIB_EXPORT BOOL ExtEcc_PointAdd(Crypt_Point* R, - const Crypt_Point* S, - const Crypt_Point* Q, - const Crypt_EccCurve* E); + const Crypt_Point* S, + const Crypt_Point* Q, + const Crypt_EccCurve* E); // ##################### // ECC Point Information diff --git a/src/tpm2/MathLibraryInterfaceTypes.h b/src/tpm2/MathLibraryInterfaceTypes.h index 14899f6c..6534e6d2 100644 --- a/src/tpm2/MathLibraryInterfaceTypes.h +++ b/src/tpm2/MathLibraryInterfaceTypes.h @@ -86,60 +86,59 @@ typedef CRYPT_POINT_BUF(pointone, 1) Crypt_Point; typedef CRYPT_CURVE_BUF(curvebuft, MAX_ECC_KEY_BITS) Crypt_EccCurve; // produces bare typedef ci__t -#define CRYPT_INT_TYPE(typename, bits) \ +#define CRYPT_INT_TYPE(typename, bits) \ typedef CRYPT_INT_BUF(ci_##typename##_buf_t, bits) ci_##typename##_t // produces allocated `Crypt_Int* varname` backed by a // stack buffer named `_buf`. Initialization at the discretion of the // ExtMath library. -#define CRYPT_INT_VAR(varname, bits) \ - CRYPT_INT_BUF(ci_##varname##_buf_t, bits) varname##_buf; \ +#define CRYPT_INT_VAR(varname, bits) \ + CRYPT_INT_BUF(ci_##varname##_buf_t, bits) varname##_buf; \ Crypt_Int* varname = ExtMath_Initialize_Int((Crypt_Int*)&(varname##_buf), bits); // produces initialized `Crypt_Int* varname = (TPM2B) initializer` backed by a // stack buffer named `_buf` -#define CRYPT_INT_INITIALIZED(varname, bits, initializer) \ - CRYPT_INT_BUF(cibuf##varname, bits) varname##_buf; \ - Crypt_Int* varname = \ - TpmMath_IntFrom2B(ExtMath_Initialize_Int((Crypt_Int*)&(varname##_buf), bits), \ - (TPM2B*)initializer); +#define CRYPT_INT_INITIALIZED(varname, bits, initializer) \ + CRYPT_INT_BUF(cibuf##varname, bits) varname##_buf; \ + Crypt_Int* varname = TpmMath_IntFrom2B( \ + ExtMath_Initialize_Int((Crypt_Int*)&(varname##_buf), bits), \ + (TPM2B*)initializer); // convenience variants of above: // largest supported integer #define CRYPT_INT_MAX(varname) CRYPT_INT_VAR(varname, LARGEST_NUMBER_BITS) -#define CRYPT_INT_MAX_INITIALIZED(name, initializer) \ +#define CRYPT_INT_MAX_INITIALIZED(name, initializer) \ CRYPT_INT_INITIALIZED(name, LARGEST_NUMBER_BITS, initializer) // A single RADIX_BITS value. #define CRYPT_INT_WORD(name) CRYPT_INT_VAR(name, RADIX_BITS) -#define CRYPT_INT_WORD_INITIALIZED(varname, initializer) \ - CRYPT_INT_BUF(cibuf##varname, RADIX_BITS) varname##_buf; \ - Crypt_Int* varname = ExtMath_SetWord( \ - ExtMath_Initialize_Int((Crypt_Int*)&(varname##_buf), RADIX_BITS), \ - initializer); +#define CRYPT_INT_WORD_INITIALIZED(varname, initializer) \ + CRYPT_INT_BUF(cibuf##varname, RADIX_BITS) varname##_buf; \ + Crypt_Int* varname = ExtMath_SetWord( \ + ExtMath_Initialize_Int((Crypt_Int*)&(varname##_buf), RADIX_BITS), \ + initializer); // Crypt_EccCurve underlying types -#define CRYPT_CURVE_INITIALIZED(varname, initializer) \ - CRYPT_CURVE_BUF(cv##varname, MAX_ECC_KEY_BITS) varname##_buf; \ - const Crypt_EccCurve* varname = \ - ExtEcc_CurveInitialize(&(varname##_buf), initializer) +#define CRYPT_CURVE_INITIALIZED(varname, initializer) \ + CRYPT_CURVE_BUF(cv##varname, MAX_ECC_KEY_BITS) varname##_buf; \ + const Crypt_EccCurve* varname = \ + ExtEcc_CurveInitialize(&(varname##_buf), initializer) /* no guarantee free will be called in the presence of longjmp */ #define CRYPT_CURVE_FREE(varname) ExtEcc_CurveFree(varname) -#define CRYPT_POINT_VAR(varname) \ +// Crypt_Point underlying types +#define CRYPT_POINT_VAR(varname) \ CRYPT_POINT_BUF(cp_##varname##_buf_t, MAX_ECC_KEY_BITS) varname##_buf; \ - Crypt_Point* varname = \ - ExtEcc_Initialize_Point((Crypt_Point*)&(varname##_buf), MAX_ECC_KEY_BITS); + Crypt_Point* varname = \ + ExtEcc_Initialize_Point((Crypt_Point*)&(varname##_buf), MAX_ECC_KEY_BITS); - -#define CRYPT_POINT_INITIALIZED(varname, initValue) \ - CRYPT_POINT_BUF(cp_##varname##_buf_t, MAX_ECC_KEY_BITS) varname##_buf; \ - Crypt_Point* varname = TpmEcc_PointFrom2B( \ - ExtEcc_Initialize_Point((Crypt_Point*)&(varname##_buf), MAX_ECC_KEY_BITS), \ - initValue); +#define CRYPT_POINT_INITIALIZED(varname, initValue) \ + CRYPT_POINT_BUF(cp_##varname##_buf_t, MAX_ECC_KEY_BITS) varname##_buf; \ + Crypt_Point* varname = TpmEcc_PointFrom2B( \ + ExtEcc_Initialize_Point((Crypt_Point*)&(varname##_buf), MAX_ECC_KEY_BITS), \ + initValue); #endif //MATH_LIBRARY_INTERFACE_TYPES_H - diff --git a/src/tpm2/MathOnByteBuffers.c b/src/tpm2/MathOnByteBuffers.c index dda9b8b0..da7d0a9e 100644 --- a/src/tpm2/MathOnByteBuffers.c +++ b/src/tpm2/MathOnByteBuffers.c @@ -77,24 +77,24 @@ // 0 if (a = b) // -1 if (a < b) LIB_EXPORT int UnsignedCompareB(UINT32 aSize, // IN: size of a - const BYTE* a, // IN: a - UINT32 bSize, // IN: size of b - const BYTE* b // IN: b - ) + const BYTE* a, // IN: a + UINT32 bSize, // IN: size of b + const BYTE* b // IN: b +) { UINT32 i; if(aSize > bSize) - return 1; + return 1; else if(aSize < bSize) - return -1; + return -1; else - { - for(i = 0; i < aSize; i++) - { - if(a[i] != b[i]) - return (a[i] > b[i]) ? 1 : -1; - } - } + { + for(i = 0; i < aSize; i++) + { + if(a[i] != b[i]) + return (a[i] > b[i]) ? 1 : -1; + } + } // Will return == if sizes are both zero return 0; } @@ -106,18 +106,18 @@ LIB_EXPORT int UnsignedCompareB(UINT32 aSize, // IN: size of a // 0 if a = b // -1 if a < b int SignedCompareB(const UINT32 aSize, // IN: size of a - const BYTE* a, // IN: a buffer - const UINT32 bSize, // IN: size of b - const BYTE* b // IN: b buffer - ) + const BYTE* a, // IN: a buffer + const UINT32 bSize, // IN: size of b + const BYTE* b // IN: b buffer +) { // are the signs different ? if(((a[0] ^ b[0]) & 0x80) > 0) - // if the signs are different, then a is less than b if a is negative. - return a[0] & 0x80 ? -1 : 1; + // if the signs are different, then a is less than b if a is negative. + return a[0] & 0x80 ? -1 : 1; else - // do unsigned compare function - return UnsignedCompareB(aSize, a, bSize, b); + // do unsigned compare function + return UnsignedCompareB(aSize, a, bSize, b); } #if ALG_RSA @@ -141,17 +141,17 @@ int SignedCompareB(const UINT32 aSize, // IN: size of a // TPM_RC ModExpB(UINT32 cSize, // IN: the size of the output buffer. It will - // need to be the same size as the modulus - BYTE* c, // OUT: the buffer to receive the results - // (c->size must be set to the maximum size - // for the returned value) - const UINT32 mSize, - const BYTE* m, // IN: number to exponentiate - const UINT32 eSize, - const BYTE* e, // IN: power - const UINT32 nSize, - const BYTE* n // IN: modulus - ) + // need to be the same size as the modulus + BYTE* c, // OUT: the buffer to receive the results + // (c->size must be set to the maximum size + // for the returned value) + const UINT32 mSize, + const BYTE* m, // IN: number to exponentiate + const UINT32 eSize, + const BYTE* e, // IN: power + const UINT32 nSize, + const BYTE* n // IN: modulus +) { CRYPT_INT_MAX(bnC); CRYPT_INT_MAX(bnM); @@ -159,21 +159,21 @@ ModExpB(UINT32 cSize, // IN: the size of the output buffer. It will CRYPT_INT_MAX(bnN); NUMBYTES tSize = (NUMBYTES)nSize; TPM_RC retVal = TPM_RC_SUCCESS; - + // Convert input parameters ExtMath_IntFromBytes(bnM, m, (NUMBYTES)mSize); ExtMath_IntFromBytes(bnE, e, (NUMBYTES)eSize); ExtMath_IntFromBytes(bnN, n, (NUMBYTES)nSize); - + // Make sure that the output is big enough to hold the result // and that 'm' is less than 'n' (the modulus) if(cSize < nSize) - ERROR_EXIT(TPM_RC_NO_RESULT); + ERROR_EXIT(TPM_RC_NO_RESULT); if(ExtMath_UnsignedCmp(bnM, bnN) >= 0) - ERROR_EXIT(TPM_RC_SIZE); + ERROR_EXIT(TPM_RC_SIZE); ExtMath_ModExp(bnC, bnM, bnE, bnN); ExtMath_IntToBytes(bnC, c, &tSize); - Exit: +Exit: return retVal; } #endif // ALG_RSA @@ -187,10 +187,10 @@ ModExpB(UINT32 cSize, // IN: the size of the output buffer. It will // TPM_RC_NO_RESULT 'q' or 'r' is too small to receive the result // LIB_EXPORT TPM_RC DivideB(const TPM2B* n, // IN: numerator - const TPM2B* d, // IN: denominator - TPM2B* q, // OUT: quotient - TPM2B* r // OUT: remainder - ) + const TPM2B* d, // IN: denominator + TPM2B* q, // OUT: quotient + TPM2B* r // OUT: remainder +) { CRYPT_INT_MAX_INITIALIZED(bnN, n); CRYPT_INT_MAX_INITIALIZED(bnD, d); @@ -199,15 +199,15 @@ LIB_EXPORT TPM_RC DivideB(const TPM2B* n, // IN: numerator // // Do divide with converted values ExtMath_Divide(bnQ, bnR, bnN, bnD); - + // Convert the Crypt_Int* result back to 2B format using the size of the original // number if(q != NULL) - if(!TpmMath_IntTo2B(bnQ, q, q->size)) - return TPM_RC_NO_RESULT; + if(!TpmMath_IntTo2B(bnQ, q, q->size)) + return TPM_RC_NO_RESULT; if(r != NULL) - if(!TpmMath_IntTo2B(bnR, r, r->size)) - return TPM_RC_NO_RESULT; + if(!TpmMath_IntTo2B(bnR, r, r->size)) + return TPM_RC_NO_RESULT; return TPM_RC_SUCCESS; } @@ -223,29 +223,29 @@ AdjustNumberB(TPM2B* num, UINT16 requestedSize) UINT16 i; // See if number is already the requested size if(num->size == requestedSize) - return requestedSize; + return requestedSize; from = num->buffer; if(num->size > requestedSize) - { - // This is a request to shift the number to the left (remove leading zeros) - // Find the first non-zero byte. Don't look past the point where removing - // more zeros would make the number smaller than requested, and don't throw - // away any significant digits. - for(i = num->size; *from == 0 && i > requestedSize; from++, i--) - ; - if(i < num->size) - { - num->size = i; - MemoryCopy(num->buffer, from, i); - } - } + { + // This is a request to shift the number to the left (remove leading zeros) + // Find the first non-zero byte. Don't look past the point where removing + // more zeros would make the number smaller than requested, and don't throw + // away any significant digits. + for(i = num->size; *from == 0 && i > requestedSize; from++, i--) + ; + if(i < num->size) + { + num->size = i; + MemoryCopy(num->buffer, from, i); + } + } // This is a request to shift the number to the right (add leading zeros) else - { - MemoryCopy(&num->buffer[requestedSize - num->size], num->buffer, num->size); - MemorySet(num->buffer, 0, requestedSize - num->size); - num->size = requestedSize; - } + { + MemoryCopy(&num->buffer[requestedSize - num->size], num->buffer, num->size); + MemorySet(num->buffer, 0, requestedSize - num->size); + num->size = requestedSize; + } return num->size; } @@ -253,17 +253,17 @@ AdjustNumberB(TPM2B* num, UINT16 requestedSize) // This function shifts a byte buffer (a TPM2B) one byte to the left. That is, // the most significant bit of the most significant byte is lost. TPM2B* ShiftLeft(TPM2B* value // IN/OUT: value to shift and shifted value out - ) +) { UINT16 count = value->size; BYTE* buffer = value->buffer; if(count > 0) - { - for(count -= 1; count > 0; buffer++, count--) - { - buffer[0] = (buffer[0] << 1) + ((buffer[1] & 0x80) ? 1 : 0); - } - *buffer <<= 1; - } + { + for(count -= 1; count > 0; buffer++, count--) + { + buffer[0] = (buffer[0] << 1) + ((buffer[1] & 0x80) ? 1 : 0); + } + *buffer <<= 1; + } return value; } diff --git a/src/tpm2/MathOnByteBuffers_fp.h b/src/tpm2/MathOnByteBuffers_fp.h index b52b3927..b4a29f3f 100644 --- a/src/tpm2/MathOnByteBuffers_fp.h +++ b/src/tpm2/MathOnByteBuffers_fp.h @@ -74,10 +74,10 @@ // 0 if (a = b) // -1 if (a < b) LIB_EXPORT int UnsignedCompareB(UINT32 aSize, // IN: size of a - const BYTE* a, // IN: a - UINT32 bSize, // IN: size of b - const BYTE* b // IN: b - ); + const BYTE* a, // IN: a + UINT32 bSize, // IN: size of b + const BYTE* b // IN: b +); //***SignedCompareB() // Compare two signed integers: @@ -86,10 +86,10 @@ LIB_EXPORT int UnsignedCompareB(UINT32 aSize, // IN: size of a // 0 if a = b // -1 if a < b int SignedCompareB(const UINT32 aSize, // IN: size of a - const BYTE* a, // IN: a buffer - const UINT32 bSize, // IN: size of b - const BYTE* b // IN: b buffer - ); + const BYTE* a, // IN: a buffer + const UINT32 bSize, // IN: size of b + const BYTE* b // IN: b buffer +); //*** ModExpB // This function is used to do modular exponentiation in support of RSA. @@ -111,17 +111,17 @@ int SignedCompareB(const UINT32 aSize, // IN: size of a // TPM_RC ModExpB(UINT32 cSize, // IN: the size of the output buffer. It will - // need to be the same size as the modulus - BYTE* c, // OUT: the buffer to receive the results - // (c->size must be set to the maximum size - // for the returned value) - const UINT32 mSize, - const BYTE* m, // IN: number to exponentiate - const UINT32 eSize, - const BYTE* e, // IN: power - const UINT32 nSize, - const BYTE* n // IN: modulus - ); + // need to be the same size as the modulus + BYTE* c, // OUT: the buffer to receive the results + // (c->size must be set to the maximum size + // for the returned value) + const UINT32 mSize, + const BYTE* m, // IN: number to exponentiate + const UINT32 eSize, + const BYTE* e, // IN: power + const UINT32 nSize, + const BYTE* n // IN: modulus +); //*** DivideB() // Divide an integer ('n') by an integer ('d') producing a quotient ('q') and @@ -132,10 +132,10 @@ ModExpB(UINT32 cSize, // IN: the size of the output buffer. It will // TPM_RC_NO_RESULT 'q' or 'r' is too small to receive the result // LIB_EXPORT TPM_RC DivideB(const TPM2B* n, // IN: numerator - const TPM2B* d, // IN: denominator - TPM2B* q, // OUT: quotient - TPM2B* r // OUT: remainder - ); + const TPM2B* d, // IN: denominator + TPM2B* q, // OUT: quotient + TPM2B* r // OUT: remainder +); //*** AdjustNumberB() // Remove/add leading zeros from a number in a TPM2B. Will try to make the number @@ -149,6 +149,6 @@ AdjustNumberB(TPM2B* num, UINT16 requestedSize); // This function shifts a byte buffer (a TPM2B) one byte to the left. That is, // the most significant bit of the most significant byte is lost. TPM2B* ShiftLeft(TPM2B* value // IN/OUT: value to shift and shifted value out - ); +); #endif // _MATH_ON_BYTE_BUFFERS_FP_H_ diff --git a/src/tpm2/Memory.c b/src/tpm2/Memory.c index e9472dd2..7b15026a 100644 --- a/src/tpm2/Memory.c +++ b/src/tpm2/Memory.c @@ -59,229 +59,202 @@ /* */ /********************************************************************************/ -/* 9.12 Memory.c */ -/* 9.12.1 Description */ -/* This file contains a set of miscellaneous memory manipulation routines. Many of the functions - have the same semantics as functions defined in string.h. Those functions are not used directly - in the TPM because they are not safe */ -/* This version uses string.h after adding guards. This is because the math libraries invariably - use those functions so it is not practical to prevent those library functions from being pulled - into the build. */ -/* 9.12.2 Includes and Data Definitions */ +//** Description +// This file contains a set of miscellaneous memory manipulation routines. Many +// of the functions have the same semantics as functions defined in string.h. +// Those functions are not used directly in the TPM because they are not 'safe' +// +// This version uses string.h after adding guards. This is because the math +// libraries invariably use those functions so it is not practical to prevent +// those library functions from being pulled into the build. + +//** Includes and Data Definitions #include "Tpm.h" #include "Memory_fp.h" -/* 9.12.3 Functions */ -/* 9.12.3.1 MemoryCopy() */ -/* This is an alias for memmove. This is used in place of memcpy because some of the moves may - overlap and rather than try to make sure that memmove is used when necessary, it is always - used. */ -void -MemoryCopy( - void *dest, - const void *src, - int sSize - ) +//** Functions + +//*** MemoryCopy() +// This is an alias for memmove. This is used in place of memcpy because +// some of the moves may overlap and rather than try to make sure that +// memmove is used when necessary, it is always used. +void MemoryCopy(void* dest, const void* src, int sSize) { - if (dest != src) - memmove(dest, src, sSize); + if(dest != src) + memmove(dest, src, sSize); } -/* 9.12.3.2 MemoryEqual() */ -/* This function indicates if two buffers have the same values in the indicated number of bytes. */ -/* Return Values Meaning */ -/* TRUE all octets are the same */ -/* FALSE all octets are not the same */ -BOOL -MemoryEqual( - const void *buffer1, // IN: compare buffer1 - const void *buffer2, // IN: compare buffer2 - unsigned int size // IN: size of bytes being compared - ) +//*** MemoryEqual() +// This function indicates if two buffers have the same values in the indicated +// number of bytes. +// Return Type: BOOL +// TRUE(1) all octets are the same +// FALSE(0) all octets are not the same +BOOL MemoryEqual(const void* buffer1, // IN: compare buffer1 + const void* buffer2, // IN: compare buffer2 + unsigned int size // IN: size of bytes being compared +) { - BYTE equal = 0; - const BYTE *b1 = (BYTE *)buffer1; - const BYTE *b2 = (BYTE *)buffer2; + BYTE equal = 0; + const BYTE* b1 = (BYTE*)buffer1; + const BYTE* b2 = (BYTE*)buffer2; // // Compare all bytes so that there is no leakage of information // due to timing differences. for(; size > 0; size--) - equal |= (*b1++ ^ *b2++); + equal |= (*b1++ ^ *b2++); return (equal == 0); } -/* 9.12.3.3 MemoryCopy2B() */ -/* This function copies a TPM2B. This can be used when the TPM2B types are the same or different. */ -/* This function returns the number of octets in the data buffer of the TPM2B. */ -LIB_EXPORT INT16 -MemoryCopy2B( - TPM2B *dest, // OUT: receiving TPM2B - const TPM2B *source, // IN: source TPM2B - unsigned int dSize // IN: size of the receiving buffer - ) + +//*** MemoryCopy2B() +// This function copies a TPM2B. This can be used when the TPM2B types are +// the same or different. +// +// This function returns the number of octets in the data buffer of the TPM2B. +LIB_EXPORT INT16 MemoryCopy2B(TPM2B* dest, // OUT: receiving TPM2B + const TPM2B* source, // IN: source TPM2B + unsigned int dSize // IN: size of the receiving buffer +) { pAssert(dest != NULL); if(source == NULL) - dest->size = 0; + dest->size = 0; else - { - pAssert(source->size <= dSize); - MemoryCopy(dest->buffer, source->buffer, source->size); - dest->size = source->size; - } + { + pAssert(source->size <= dSize); + MemoryCopy(dest->buffer, source->buffer, source->size); + dest->size = source->size; + } return dest->size; } -/* 9.12.3.4 MemoryConcat2B() */ -/* This function will concatenate the buffer contents of a TPM2B to the buffer contents of - another TPM2B and adjust the size accordingly (a := (a | b)). */ -void -MemoryConcat2B( - TPM2B *aInOut, // IN/OUT: destination 2B - TPM2B *bIn, // IN: second 2B - unsigned int aMaxSize // IN: The size of aInOut.buffer (max values for - // aInOut.size) - ) + +//*** MemoryConcat2B() +// This function will concatenate the buffer contents of a TPM2B to +// the buffer contents of another TPM2B and adjust the size accordingly +// ('a' := ('a' | 'b')). +void MemoryConcat2B( + TPM2B* aInOut, // IN/OUT: destination 2B + TPM2B* bIn, // IN: second 2B + unsigned int aMaxSize // IN: The size of aInOut.buffer (max values for + // aInOut.size) +) { pAssert(bIn->size <= aMaxSize - aInOut->size); MemoryCopy(&aInOut->buffer[aInOut->size], &bIn->buffer, bIn->size); aInOut->size = aInOut->size + bIn->size; return; } -/* 9.12.3.5 MemoryEqual2B() */ -/* This function will compare two TPM2B structures. To be equal, they need to be the same size and - the buffer contexts need to be the same in all octets. */ -/* Return Values Meaning */ -/* TRUE size and buffer contents are the same */ -/* FALSE size or buffer contents are not the same */ -BOOL -MemoryEqual2B( - const TPM2B *aIn, // IN: compare value - const TPM2B *bIn // IN: compare value - ) + +//*** MemoryEqual2B() +// This function will compare two TPM2B structures. To be equal, they +// need to be the same size and the buffer contexts need to be the same +// in all octets. +// Return Type: BOOL +// TRUE(1) size and buffer contents are the same +// FALSE(0) size or buffer contents are not the same +BOOL MemoryEqual2B(const TPM2B* aIn, // IN: compare value + const TPM2B* bIn // IN: compare value +) { if(aIn->size != bIn->size) - return FALSE; + return FALSE; return MemoryEqual(aIn->buffer, bIn->buffer, aIn->size); } -/* 9.12.3.6 MemorySet() */ -/* This function will set all the octets in the specified memory range to the specified octet - value. */ -/* NOTE: A previous version had an additional parameter (dSize) that was intended to make sure that - the destination would not be overrun. The problem is that, in use, all that was happening was - that the value of size was used for dSize so there was no benefit in the extra parameter. */ -void -MemorySet( - void *dest, - int value, - size_t size - ) +//*** MemorySet() +// This function will set all the octets in the specified memory range to +// the specified octet value. +// Note: A previous version had an additional parameter (dSize) that was +// intended to make sure that the destination would not be overrun. The +// problem is that, in use, all that was happening was that the value of +// size was used for dSize so there was no benefit in the extra parameter. +void MemorySet(void* dest, int value, size_t size) { memset(dest, value, size); } -/* 9.12.3.7 MemoryPad2B() */ -/* Function to pad a TPM2B with zeros and adjust the size. */ - -void -MemoryPad2B( - TPM2B *b, - UINT16 newSize - ) +//*** MemoryPad2B() +// Function to pad a TPM2B with zeros and adjust the size. +void MemoryPad2B(TPM2B* b, UINT16 newSize) { MemorySet(&b->buffer[b->size], 0, newSize - b->size); b->size = newSize; } -/* 9.12.3.8 Uint16ToByteArray() */ -/* Function to write an integer to a byte array */ - -void -Uint16ToByteArray( - UINT16 i, - BYTE *a - ) +//*** Uint16ToByteArray() +// Function to write an integer to a byte array +void Uint16ToByteArray(UINT16 i, BYTE* a) { - a[1] = (BYTE)(i); i >>= 8; + a[1] = (BYTE)(i); + i >>= 8; a[0] = (BYTE)(i); } -/* 9.12.3.9 Uint32ToByteArray() */ -/* Function to write an integer to a byte array */ - -void -Uint32ToByteArray( - UINT32 i, - BYTE *a - ) +//*** Uint32ToByteArray() +// Function to write an integer to a byte array +void Uint32ToByteArray(UINT32 i, BYTE* a) { - a[3] = (BYTE)(i); i >>= 8; - a[2] = (BYTE)(i); i >>= 8; - a[1] = (BYTE)(i); i >>= 8; + a[3] = (BYTE)(i); + i >>= 8; + a[2] = (BYTE)(i); + i >>= 8; + a[1] = (BYTE)(i); + i >>= 8; a[0] = (BYTE)(i); } -/* 9.12.3.10 Uint64ToByteArray() */ -/* Function to write an integer to a byte array */ - -void -Uint64ToByteArray( - UINT64 i, - BYTE *a - ) +//*** Uint64ToByteArray() +// Function to write an integer to a byte array +void Uint64ToByteArray(UINT64 i, BYTE* a) { - a[7] = (BYTE)(i); i >>= 8; - a[6] = (BYTE)(i); i >>= 8; - a[5] = (BYTE)(i); i >>= 8; - a[4] = (BYTE)(i); i >>= 8; - a[3] = (BYTE)(i); i >>= 8; - a[2] = (BYTE)(i); i >>= 8; - a[1] = (BYTE)(i); i >>= 8; + a[7] = (BYTE)(i); + i >>= 8; + a[6] = (BYTE)(i); + i >>= 8; + a[5] = (BYTE)(i); + i >>= 8; + a[4] = (BYTE)(i); + i >>= 8; + a[3] = (BYTE)(i); + i >>= 8; + a[2] = (BYTE)(i); + i >>= 8; + a[1] = (BYTE)(i); + i >>= 8; a[0] = (BYTE)(i); } -/* 9.12.3.11 ByteArrayToUint8() */ -/* Function to write a UINT8 to a byte array. This is included for completeness and to allow certain - macro expansions */ #if 0 // libtpms added +//*** ByteArrayToUint8() +// Function to write a UINT8 to a byte array. This is included for completeness +// and to allow certain macro expansions UINT8 -ByteArrayToUint8( - BYTE *a - ) +ByteArrayToUint8(BYTE* a) { - return *a; + return *a; } #endif // libtpms added -/* 9.12.3.12 ByteArrayToUint16() */ -/* Function to write an integer to a byte array */ - +//*** ByteArrayToUint16() +// Function to write an integer to a byte array UINT16 -ByteArrayToUint16( - BYTE *a - ) +ByteArrayToUint16(BYTE* a) { return ((UINT16)a[0] << 8) + a[1]; } -/* 9.12.3.13 ByteArrayToUint32() */ -/* Function to write an integer to a byte array */ - +//*** ByteArrayToUint32() +// Function to write an integer to a byte array UINT32 -ByteArrayToUint32( - BYTE *a - ) +ByteArrayToUint32(BYTE* a) { return (UINT32)((((((UINT32)a[0] << 8) + a[1]) << 8) + (UINT32)a[2]) << 8) + a[3]; } -/* 9.12.3.14 ByteArrayToUint64() */ -/* Function to write an integer to a byte array */ - +//*** ByteArrayToUint64() +// Function to write an integer to a byte array UINT64 -ByteArrayToUint64( - BYTE *a - ) +ByteArrayToUint64(BYTE* a) { return (((UINT64)BYTE_ARRAY_TO_UINT32(a)) << 32) + BYTE_ARRAY_TO_UINT32(&a[4]); } - diff --git a/src/tpm2/Memory_fp.h b/src/tpm2/Memory_fp.h index 082e8db7..03aaebd4 100644 --- a/src/tpm2/Memory_fp.h +++ b/src/tpm2/Memory_fp.h @@ -59,81 +59,107 @@ /* */ /********************************************************************************/ -#ifndef MEMORY_FP_H -#define MEMORY_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 7, 2019 Time: 06:58:58PM + */ -void -MemoryCopy( - void *dest, - const void *src, - int sSize - ); -BOOL -MemoryEqual( - const void *buffer1, // IN: compare buffer1 - const void *buffer2, // IN: compare buffer2 - unsigned int size // IN: size of bytes being compared - ); -LIB_EXPORT INT16 -MemoryCopy2B( - TPM2B *dest, // OUT: receiving TPM2B - const TPM2B *source, // IN: source TPM2B - unsigned int dSize // IN: size of the receiving buffer - ); -void -MemoryConcat2B( - TPM2B *aInOut, // IN/OUT: destination 2B - TPM2B *bIn, // IN: second 2B - unsigned int aMaxSize // IN: The size of aInOut.buffer (max values for - // aInOut.size) - ); -BOOL -MemoryEqual2B( - const TPM2B *aIn, // IN: compare value - const TPM2B *bIn // IN: compare value - ); -void -MemorySet( - void *dest, - int value, - size_t size - ); -void -MemoryPad2B( - TPM2B *b, - UINT16 newSize - ); -void -Uint16ToByteArray( - UINT16 i, - BYTE *a - ); -void -Uint32ToByteArray( - UINT32 i, - BYTE *a - ); -void -Uint64ToByteArray( - UINT64 i, - BYTE *a - ); +#ifndef _MEMORY_FP_H_ +#define _MEMORY_FP_H_ + +//*** MemoryCopy() +// This is an alias for memmove. This is used in place of memcpy because +// some of the moves may overlap and rather than try to make sure that +// memmove is used when necessary, it is always used. +void MemoryCopy(void* dest, const void* src, int sSize); + +//*** MemoryEqual() +// This function indicates if two buffers have the same values in the indicated +// number of bytes. +// Return Type: BOOL +// TRUE(1) all octets are the same +// FALSE(0) all octets are not the same +BOOL MemoryEqual(const void* buffer1, // IN: compare buffer1 + const void* buffer2, // IN: compare buffer2 + unsigned int size // IN: size of bytes being compared +); + +//*** MemoryCopy2B() +// This function copies a TPM2B. This can be used when the TPM2B types are +// the same or different. +// +// This function returns the number of octets in the data buffer of the TPM2B. +LIB_EXPORT INT16 MemoryCopy2B(TPM2B* dest, // OUT: receiving TPM2B + const TPM2B* source, // IN: source TPM2B + unsigned int dSize // IN: size of the receiving buffer +); + +//*** MemoryConcat2B() +// This function will concatenate the buffer contents of a TPM2B to an +// the buffer contents of another TPM2B and adjust the size accordingly +// ('a' := ('a' | 'b')). +void MemoryConcat2B( + TPM2B* aInOut, // IN/OUT: destination 2B + TPM2B* bIn, // IN: second 2B + unsigned int aMaxSize // IN: The size of aInOut.buffer (max values for + // aInOut.size) +); + +//*** MemoryEqual2B() +// This function will compare two TPM2B structures. To be equal, they +// need to be the same size and the buffer contexts need to be the same +// in all octets. +// Return Type: BOOL +// TRUE(1) size and buffer contents are the same +// FALSE(0) size or buffer contents are not the same +BOOL MemoryEqual2B(const TPM2B* aIn, // IN: compare value + const TPM2B* bIn // IN: compare value +); + +//*** MemorySet() +// This function will set all the octets in the specified memory range to +// the specified octet value. +// Note: A previous version had an additional parameter (dSize) that was +// intended to make sure that the destination would not be overrun. The +// problem is that, in use, all that was happening was that the value of +// size was used for dSize so there was no benefit in the extra parameter. +void MemorySet(void* dest, int value, size_t size); + +//*** MemoryPad2B() +// Function to pad a TPM2B with zeros and adjust the size. +void MemoryPad2B(TPM2B* b, UINT16 newSize); + +//*** Uint16ToByteArray() +// Function to write an integer to a byte array +void Uint16ToByteArray(UINT16 i, BYTE* a); + +//*** Uint32ToByteArray() +// Function to write an integer to a byte array +void Uint32ToByteArray(UINT32 i, BYTE* a); + +//*** Uint64ToByteArray() +// Function to write an integer to a byte array +void Uint64ToByteArray(UINT64 i, BYTE* a); + +//*** ByteArrayToUint8() +// Function to write a UINT8 to a byte array. This is included for completeness +// and to allow certain macro expansions UINT8 -ByteArrayToUint8( - BYTE *a - ); +ByteArrayToUint8(BYTE* a); + +//*** ByteArrayToUint16() +// Function to write an integer to a byte array UINT16 -ByteArrayToUint16( - BYTE *a - ); +ByteArrayToUint16(BYTE* a); + +//*** ByteArrayToUint32() +// Function to write an integer to a byte array UINT32 -ByteArrayToUint32( - BYTE *a - ); +ByteArrayToUint32(BYTE* a); + +//*** ByteArrayToUint64() +// Function to write an integer to a byte array UINT64 -ByteArrayToUint64( - BYTE *a - ); +ByteArrayToUint64(BYTE* a); - -#endif +#endif // _MEMORY_FP_H_ diff --git a/src/tpm2/MinMax.h b/src/tpm2/MinMax.h index 5702f565..e7e693f7 100644 --- a/src/tpm2/MinMax.h +++ b/src/tpm2/MinMax.h @@ -74,4 +74,3 @@ #endif #endif // _MIN_MAX_H_ - diff --git a/src/tpm2/NV.h b/src/tpm2/NV.h index 26218c05..3eaa156a 100644 --- a/src/tpm2/NV.h +++ b/src/tpm2/NV.h @@ -59,104 +59,119 @@ /* */ /********************************************************************************/ -#ifndef NV_H -#define NV_H +//** Index Type Definitions -/* 5.14.1 Index Type Definitions */ -/* These definitions allow the same code to be used pre and post 1.21. The main action is to - redefine the index type values from the bit values. Use TPM_NT_ORDINARY to indicate if the TPM_NT - type is defined */ -#ifdef TPM_NT_ORDINARY -/* If TPM_NT_ORDINARY is defined, then the TPM_NT field is present in a TPMA_NV */ -# define GET_TPM_NT(attributes) GET_ATTRIBUTE(attributes, TPMA_NV, TPM_NT) +// These definitions allow the same code to be used pre and post 1.21. The main +// action is to redefine the index type values from the bit values. +// Use TPM_NT_ORDINARY to indicate if the TPM_NT type is defined + +#ifndef _NV_H_ +#define _NV_H_ + +#ifdef TPM_NT_ORDINARY +// If TPM_NT_ORDINARY is defined, then the TPM_NT field is present in a TPMA_NV +# define GET_TPM_NT(attributes) GET_ATTRIBUTE(attributes, TPMA_NV, TPM_NT) #else -/* If TPM_NT_ORDINARY is not defined, then need to synthesize it from the attributes */ -# define GetNv_TPM_NV(attributes) \ - ( IS_ATTRIBUTE(attributes, TPMA_NV, COUNTER) \ - + (IS_ATTRIBUTE(attributes, TPMA_NV, BITS) << 1) \ - + (IS_ATTRIBUTE(attributes, TPMA_NV, EXTEND) << 2) \ - ) -# define TPM_NT_ORDINARY (0) -# define TPM_NT_COUNTER (1) -# define TPM_NT_BITS (2) -# define TPM_NT_EXTEND (4) +// If TPM_NT_ORDINARY is not defined, then need to synthesize it from the +// attributes +# define GetNv_TPM_NV(attributes) \ + (IS_ATTRIBUTE(attributes, TPMA_NV, COUNTER) \ + + (IS_ATTRIBUTE(attributes, TPMA_NV, BITS) << 1) \ + + (IS_ATTRIBUTE(attributes, TPMA_NV, EXTEND) << 2)) +# define TPM_NT_ORDINARY (0) +# define TPM_NT_COUNTER (1) +# define TPM_NT_BITS (2) +# define TPM_NT_EXTEND (4) #endif -/* 5.14.2 Attribute Macros */ -/* These macros are used to isolate the differences in the way that the index type changed in - version 1.21 of the specification */ -# define IsNvOrdinaryIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_ORDINARY) -# define IsNvCounterIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_COUNTER) -# define IsNvBitsIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_BITS) -# define IsNvExtendIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_EXTEND) + +//** Attribute Macros +// These macros are used to isolate the differences in the way that the index type +// changed in version 1.21 of the specification +#define IsNvOrdinaryIndex(attributes) (GET_TPM_NT(attributes) == TPM_NT_ORDINARY) + +#define IsNvCounterIndex(attributes) (GET_TPM_NT(attributes) == TPM_NT_COUNTER) + +#define IsNvBitsIndex(attributes) (GET_TPM_NT(attributes) == TPM_NT_BITS) + +#define IsNvExtendIndex(attributes) (GET_TPM_NT(attributes) == TPM_NT_EXTEND) + #ifdef TPM_NT_PIN_PASS -# define IsNvPinPassIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_PIN_PASS) +# define IsNvPinPassIndex(attributes) (GET_TPM_NT(attributes) == TPM_NT_PIN_PASS) #endif + #ifdef TPM_NT_PIN_FAIL -# define IsNvPinFailIndex(attributes) \ - (GET_TPM_NT(attributes) == TPM_NT_PIN_FAIL) +# define IsNvPinFailIndex(attributes) (GET_TPM_NT(attributes) == TPM_NT_PIN_FAIL) #endif -typedef struct { - UINT32 size; - TPM_HANDLE handle; + +typedef struct +{ + UINT32 size; + TPM_HANDLE handle; } NV_ENTRY_HEADER; -#define NV_EVICT_OBJECT_SIZE \ - (sizeof(UINT32) + sizeof(TPM_HANDLE) + sizeof(OBJECT)) -#define NV_INDEX_COUNTER_SIZE \ - (sizeof(UINT32) + sizeof(NV_INDEX) + sizeof(UINT64)) -#define NV_RAM_INDEX_COUNTER_SIZE \ - (sizeof(NV_RAM_HEADER) + sizeof(UINT64)) -typedef struct { - UINT32 size; - TPM_HANDLE handle; - TPMA_NV attributes; + +#define NV_EVICT_OBJECT_SIZE (sizeof(UINT32) + sizeof(TPM_HANDLE) + sizeof(OBJECT)) + +#define NV_INDEX_COUNTER_SIZE (sizeof(UINT32) + sizeof(NV_INDEX) + sizeof(UINT64)) + +#define NV_RAM_INDEX_COUNTER_SIZE (sizeof(NV_RAM_HEADER) + sizeof(UINT64)) + +typedef struct +{ + UINT32 size; + TPM_HANDLE handle; + TPMA_NV attributes; } NV_RAM_HEADER; -/* Defines the end-of-list marker for NV. The list terminator is a UINT32 of zero, followed by the - current value of s_maxCounter which is a 64-bit value. The structure is defined as an array of 3 - UINT32 values so that there is no padding between the UINT32 list end marker and the UINT64 - maxCounter value. */ + +// Defines the end-of-list marker for NV. The list terminator is +// a UINT32 of zero, followed by the current value of s_maxCounter which is a +// 64-bit value. The structure is defined as an array of 3 UINT32 values so that +// there is no padding between the UINT32 list end marker and the UINT64 maxCounter +// value. typedef UINT32 NV_LIST_TERMINATOR[3]; -/* 5.14.3 Orderly RAM Values */ -/* The following defines are for accessing orderly RAM values. This is the initialize for the RAM - reference iterator. */ -#define NV_RAM_REF_INIT 0 -/* This is the starting address of the RAM space used for orderly data */ -#define RAM_ORDERLY_START \ - (&s_indexOrderlyRam[0]) -/* This is the offset within NV that is used to save the orderly data on an orderly shutdown. */ -#define NV_ORDERLY_START \ - (NV_INDEX_RAM_DATA) -/* This is the end of the orderly RAM space. It is actually the first byte after the last byte of - orderly RAM data */ -#define RAM_ORDERLY_END \ - (RAM_ORDERLY_START + sizeof(s_indexOrderlyRam)) -/* This is the end of the orderly space in NV memory. As with RAM_ORDERLY_END, it is actually the - offset of the first byte after the end of the NV orderly data. */ -#define NV_ORDERLY_END \ - (NV_ORDERLY_START + sizeof(s_indexOrderlyRam)) -/* Macro to check that an orderly RAM address is with range. */ -#define ORDERLY_RAM_ADDRESS_OK(start, offset) \ + +//** Orderly RAM Values +// The following defines are for accessing orderly RAM values. + +// This is the initialize for the RAM reference iterator. +#define NV_RAM_REF_INIT 0 +// This is the starting address of the RAM space used for orderly data +#define RAM_ORDERLY_START (&s_indexOrderlyRam[0]) +// This is the offset within NV that is used to save the orderly data on an +// orderly shutdown. +#define NV_ORDERLY_START (NV_INDEX_RAM_DATA) +// This is the end of the orderly RAM space. It is actually the first byte after the +// last byte of orderly RAM data +#define RAM_ORDERLY_END (RAM_ORDERLY_START + sizeof(s_indexOrderlyRam)) +// This is the end of the orderly space in NV memory. As with RAM_ORDERLY_END, it is +// actually the offset of the first byte after the end of the NV orderly data. +#define NV_ORDERLY_END (NV_ORDERLY_START + sizeof(s_indexOrderlyRam)) + +// Macro to check that an orderly RAM address is with range. +#define ORDERLY_RAM_ADDRESS_OK(start, offset) \ ((start >= RAM_ORDERLY_START) && ((start + offset - 1) < RAM_ORDERLY_END)) -#define RETURN_IF_NV_IS_NOT_AVAILABLE \ - { \ - if(g_NvStatus != TPM_RC_SUCCESS) \ - return g_NvStatus; \ + +#define RETURN_IF_NV_IS_NOT_AVAILABLE \ + { \ + if(g_NvStatus != TPM_RC_SUCCESS) \ + return g_NvStatus; \ } -/* Routinely have to clear the orderly flag and fail if the NV is not available so that it can be - cleared. */ -#define RETURN_IF_ORDERLY \ - { \ - if(NvClearOrderly() != TPM_RC_SUCCESS) \ - return g_NvStatus; \ + +// Routinely have to clear the orderly flag and fail if the +// NV is not available so that it can be cleared. +#define RETURN_IF_ORDERLY \ + { \ + if(NvClearOrderly() != TPM_RC_SUCCESS) \ + return g_NvStatus; \ } -#define NV_IS_AVAILABLE (g_NvStatus == TPM_RC_SUCCESS) -#define IS_ORDERLY(value) (value < SU_DA_USED_VALUE) -#define NV_IS_ORDERLY (IS_ORDERLY(gp.orderlyState)) -/* Macro to set the NV UPDATE_TYPE. This deals with the fact that the update is possibly a - combination of UT_NV and UT_ORDERLY. */ -#define SET_NV_UPDATE(type) g_updateNV |= (type) + +#define NV_IS_AVAILABLE (g_NvStatus == TPM_RC_SUCCESS) + +#define IS_ORDERLY(value) (value < SU_DA_USED_VALUE) + +#define NV_IS_ORDERLY (IS_ORDERLY(gp.orderlyState)) + +// Macro to set the NV UPDATE_TYPE. This deals with the fact that the update is +// possibly a combination of UT_NV and UT_ORDERLY. +#define SET_NV_UPDATE(type) g_updateNV |= (type) + #endif // _NV_H_ diff --git a/src/tpm2/NVDynamic_fp.h b/src/tpm2/NVDynamic_fp.h deleted file mode 100644 index c6128a82..00000000 --- a/src/tpm2/NVDynamic_fp.h +++ /dev/null @@ -1,256 +0,0 @@ -/********************************************************************************/ -/* */ -/* Dynamic space for user defined NV */ -/* Written by Ken Goldman */ -/* IBM Thomas J. Watson Research Center */ -/* */ -/* Licenses and Notices */ -/* */ -/* 1. Copyright Licenses: */ -/* */ -/* - Trusted Computing Group (TCG) grants to the user of the source code in */ -/* this specification (the "Source Code") a worldwide, irrevocable, */ -/* nonexclusive, royalty free, copyright license to reproduce, create */ -/* derivative works, distribute, display and perform the Source Code and */ -/* derivative works thereof, and to grant others the rights granted herein. */ -/* */ -/* - The TCG grants to the user of the other parts of the specification */ -/* (other than the Source Code) the rights to reproduce, distribute, */ -/* display, and perform the specification solely for the purpose of */ -/* developing products based on such documents. */ -/* */ -/* 2. Source Code Distribution Conditions: */ -/* */ -/* - Redistributions of Source Code must retain the above copyright licenses, */ -/* this list of conditions and the following disclaimers. */ -/* */ -/* - Redistributions in binary form must reproduce the above copyright */ -/* licenses, this list of conditions and the following disclaimers in the */ -/* documentation and/or other materials provided with the distribution. */ -/* */ -/* 3. Disclaimers: */ -/* */ -/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ -/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ -/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ -/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ -/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ -/* information on specification licensing rights available through TCG */ -/* membership agreements. */ -/* */ -/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ -/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ -/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ -/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ -/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ -/* */ -/* - Without limitation, TCG and its members and licensors disclaim all */ -/* liability, including liability for infringement of any proprietary */ -/* rights, relating to use of information in this specification and to the */ -/* implementation of this specification, and TCG disclaims all liability for */ -/* cost of procurement of substitute goods or services, lost profits, loss */ -/* of use, loss of data or any incidental, consequential, direct, indirect, */ -/* or special damages, whether under contract, tort, warranty or otherwise, */ -/* arising in any way out of use or reliance upon this specification or any */ -/* information herein. */ -/* */ -/* (c) Copyright IBM Corp. and others, 2016 - 2023 */ -/* */ -/********************************************************************************/ - -#ifndef NVDYNAMIC_FP_H -#define NVDYNAMIC_FP_H - -NV_REF -NvWriteNvListEnd( - NV_REF end - ); -void -NvUpdateIndexOrderlyData( - void - ); -void -NvReadNvIndexInfo( - NV_REF ref, // IN: points to NV where index is located - NV_INDEX *nvIndex // OUT: place to receive index data - ); -UINT32 // libtpms added begin -NvObjectToBuffer(OBJECT *object, BYTE *buffer, UINT32 size); // libtpms added end -void -NvReadObject( - NV_REF ref, // IN: points to NV where index is located - OBJECT *object // OUT: place to receive the object data - ); -BOOL -NvIndexIsDefined( - TPM_HANDLE nvHandle // IN: Index to look for - ); -BOOL -NvIsPlatformPersistentHandle( - TPM_HANDLE handle // IN: handle - ); -BOOL -NvIsOwnerPersistentHandle( - TPM_HANDLE handle // IN: handle - ); -TPM_RC -NvIndexIsAccessible( - TPMI_RH_NV_INDEX handle // IN: handle - ); -TPM_RC -NvGetEvictObject( - TPM_HANDLE handle, // IN: handle - OBJECT *object // OUT: object data - ); -void -NvIndexCacheInit( - void - ); -void -NvGetIndexData( - NV_INDEX *nvIndex, // IN: the in RAM index descriptor - NV_REF locator, // IN: where the data is located - UINT32 offset, // IN: offset of NV data - UINT16 size, // IN: size of NV data - void *data // OUT: data buffer - ); -void -NvHashIndexData( - HASH_STATE *hashState, // IN: Initialized hash state - NV_INDEX *nvIndex, // IN: Index - NV_REF locator, // IN: where the data is located - UINT32 offset, // IN: starting offset - UINT16 size // IN: amount to hash - ); -UINT64 -NvGetUINT64Data( - NV_INDEX *nvIndex, // IN: the in RAM index descriptor - NV_REF locator // IN: where index exists in NV - ); -TPM_RC -NvWriteIndexAttributes( - TPM_HANDLE handle, - NV_REF locator, // IN: location of the index - TPMA_NV attributes // IN: attributes to write - ); -TPM_RC -NvWriteIndexAuth( - NV_REF locator, // IN: location of the index - TPM2B_AUTH *authValue // IN: the authValue to write - ); -NV_INDEX * -NvGetIndexInfo( - TPM_HANDLE nvHandle, // IN: the index handle - NV_REF *locator // OUT: location of the index - ); -TPM_RC -NvWriteIndexData( - NV_INDEX *nvIndex, // IN: the description of the index - UINT32 offset, // IN: offset of NV data - UINT32 size, // IN: size of NV data - void *data // IN: data buffer - ); -TPM_RC -NvWriteUINT64Data( - NV_INDEX *nvIndex, // IN: the description of the index - UINT64 intValue // IN: the value to write - ); -TPM2B_NAME * -NvGetNameByIndexHandle( - TPMI_RH_NV_INDEX handle, // IN: handle of the index - TPM2B_NAME *name // OUT: name of the index - ); -TPM_RC -NvDefineIndex( - TPMS_NV_PUBLIC *publicArea, // IN: A template for an area to create. - TPM2B_AUTH *authValue // IN: The initial authorization value - ); -TPM_RC -NvAddEvictObject( - TPMI_DH_OBJECT evictHandle, // IN: new evict handle - OBJECT *object // IN: object to be added - ); -TPM_RC -NvDeleteIndex( - NV_INDEX *nvIndex, // IN: an in RAM index descriptor - NV_REF entityAddr // IN: location in NV - ); -TPM_RC -NvDeleteEvict( - TPM_HANDLE handle // IN: handle of entity to be deleted - ); -TPM_RC -NvFlushHierarchy( - TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. - ); -TPM_RC -NvSetGlobalLock( - void - ); -TPMI_YES_NO -NvCapGetPersistent( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: maximum number of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ); -//*** NvCapGetOnePersistent() -// This function returns whether a given persistent handle exists. -// -// 'Handle' must be in valid persistent object handle range. -BOOL NvCapGetOnePersistent(TPMI_DH_OBJECT handle // IN: handle - ); - -TPMI_YES_NO -NvCapGetIndex( - TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: max number of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ); -BOOL NvCapGetOneIndex(TPMI_DH_OBJECT handle); // IN: start handle -UINT32 -NvCapGetIndexNumber( - void - ); -UINT32 -NvCapGetPersistentNumber( - void - ); -UINT32 -NvCapGetPersistentAvail( - void - ); -UINT32 -NvCapGetCounterNumber( - void - ); -BOOL -NvEntityStartup( - STARTUP_TYPE type // IN: start up type - ); -UINT32 -NvCapGetCounterAvail( - void - ); -NV_REF -NvFindHandle( - TPM_HANDLE handle - ); -UINT64 -NvReadMaxCount( - void - ); -void -NvUpdateMaxCount( - UINT64 count - ); -void -NvSetMaxCount( - UINT64 value - ); -UINT64 -NvGetMaxCount( - void - ); - - -#endif diff --git a/src/tpm2/NVMem.c b/src/tpm2/NVMem.c index 2246c54d..dcefe3ce 100644 --- a/src/tpm2/NVMem.c +++ b/src/tpm2/NVMem.c @@ -99,9 +99,9 @@ static int NvFileOpen(const char* mode) // Try to open an exist NVChip file for read/write # if defined _MSC_VER && 1 if(fopen_s(&s_NvFile, s_NvFilePath, mode) != 0) - { - s_NvFile = NULL; - } + { + s_NvFile = NULL; + } # else s_NvFile = fopen(s_NvFilePath, mode); # endif @@ -118,7 +118,7 @@ static int NvFileCommit(void) int OK; // If NV file is not available, return failure if(s_NvFile == NULL) - return 1; + return 1; // Write RAM data to NV fseek(s_NvFile, 0, SEEK_SET); OK = (NV_MEMORY_SIZE == fwrite(s_NV, 1, NV_MEMORY_SIZE, s_NvFile)); @@ -149,20 +149,20 @@ static long NvFileSize(int leaveAt) fileSize = ftell(s_NvFile); assert(fileSize >= 0); switch(leaveAt) - { - case SEEK_SET: - filePos = 0; - /* fall through */ - case SEEK_CUR: - irc = fseek(s_NvFile, filePos, SEEK_SET); - assert(irc == 0); - break; - case SEEK_END: - break; - default: - assert(FALSE); - break; - } + { + case SEEK_SET: + filePos = 0; + /* fall through */ + case SEEK_CUR: + irc = fseek(s_NvFile, filePos, SEEK_SET); + assert(irc == 0); + break; + case SEEK_END: + break; + default: + assert(FALSE); + break; + } return fileSize; } #endif @@ -196,11 +196,11 @@ LIB_EXPORT void _plat__NvErrors(int recoverable, int unrecoverable) #define NV_ENABLE_SUCCESS 0 #define NV_ENABLE_FAILED (-1) LIB_EXPORT int _plat__NVEnable( - void* platParameter, // platform specific parameter - size_t paramSize // size of parameter. If size == 0, then - // parameter is a sizeof(void*) scalar and should - // be cast to an integer (intptr_t), not dereferenced. - ) + void* platParameter, // platform specific parameter + size_t paramSize // size of parameter. If size == 0, then + // parameter is a sizeof(void*) scalar and should + // be cast to an integer (intptr_t), not dereferenced. +) { NOT_REFERENCED(platParameter); // to keep compiler quiet NOT_REFERENCED(paramSize); // to keep compiler quiet @@ -232,46 +232,47 @@ _plat__NVEnable_NVChipFile( s_NV_recoverable = FALSE; #if FILE_BACKED_NV if(s_NvFile != NULL) - return NV_ENABLE_SUCCESS; + return NV_ENABLE_SUCCESS; // Initialize all the bytes in the ram copy of the NV _plat__NvMemoryClear(0, NV_MEMORY_SIZE); // If the file exists if(NvFileOpen("r+b") >= 0) - { - long fileSize = NvFileSize(SEEK_SET); // get the file size and leave the - // file pointer at the start - // - // If the size is right, read the data - if(NV_MEMORY_SIZE == fileSize) - { - s_NeedsManufacture = fread(s_NV, 1, NV_MEMORY_SIZE, s_NvFile) - != NV_MEMORY_SIZE; - if (s_NeedsManufacture) { // libtpms changes start: set s_NV_unrecoverable on error - s_NV_unrecoverable = TRUE; - TPMLIB_LogTPM2Error("Could not read NVChip file: %s\n", - strerror(errno)); // libtpms changes end - } - } - else - { - NvFileCommit(); // for any other size, initialize it - s_NeedsManufacture = TRUE; - } - } + { + long fileSize = NvFileSize(SEEK_SET); // get the file size and leave the + // file pointer at the start + // + // If the size is right, read the data + if(NV_MEMORY_SIZE == fileSize) + { + s_NeedsManufacture = fread(s_NV, 1, NV_MEMORY_SIZE, s_NvFile) + != NV_MEMORY_SIZE; + if (s_NeedsManufacture) // libtpms changes start: set s_NV_unrecoverable on error + { + s_NV_unrecoverable = TRUE; + TPMLIB_LogTPM2Error("Could not read NVChip file: %s\n", + strerror(errno)); // libtpms changes end + } + } + else + { + NvFileCommit(); // for any other size, initialize it + s_NeedsManufacture = TRUE; + } + } // If NVChip file does not exist, try to create it for read/write. else if(NvFileOpen("w+b") >= 0) - { - NvFileCommit(); // Initialize the file - s_NeedsManufacture = TRUE; - } + { + NvFileCommit(); // Initialize the file + s_NeedsManufacture = TRUE; + } assert(NULL != s_NvFile); // Just in case we are broken for some reason. #endif // NV contents have been initialized and the error checks have been performed. For // simulation purposes, use the signaling interface to indicate if an error is // to be simulated and the type of the error. if(s_NV_unrecoverable) - return NV_ENABLE_FAILED; + return NV_ENABLE_FAILED; s_NvIsAvailable = TRUE; return s_NV_recoverable; } @@ -279,16 +280,16 @@ _plat__NVEnable_NVChipFile( //***_plat__NVDisable() // Disable NV memory LIB_EXPORT void _plat__NVDisable( - void* platParameter, // platform specific parameter - size_t paramSize // size of parameter. If size == 0, then - // parameter is a sizeof(void*) scalar and should - // be cast to an integer (intptr_t), not dereferenced. - ) + void* platParameter, // platform specific parameter + size_t paramSize // size of parameter. If size == 0, then + // parameter is a sizeof(void*) scalar and should + // be cast to an integer (intptr_t), not dereferenced. +) { NOT_REFERENCED(paramSize); // to keep compiler quiet int delete = ((intptr_t)platParameter != 0) - ? TRUE - : FALSE; // IN: If TRUE (!=0), delete the NV contents. + ? TRUE + : FALSE; // IN: If TRUE (!=0), delete the NV contents. #ifdef TPM_LIBTPMS_CALLBACKS int ret = libtpms_plat__NVDisable(); @@ -298,20 +299,20 @@ LIB_EXPORT void _plat__NVDisable( #if FILE_BACKED_NV if(NULL != s_NvFile) - { - fclose(s_NvFile); // Close NV file - // Alternative to deleting the file is to set its size to 0. This will not - // match the NV size so the TPM will need to be remanufactured. - if(delete) - { - // Open for writing at the start. Sets the size to zero. - if(NvFileOpen("w") >= 0) - { - fflush(s_NvFile); - fclose(s_NvFile); - } - } - } + { + fclose(s_NvFile); // Close NV file + // Alternative to deleting the file is to set its size to 0. This will not + // match the NV size so the TPM will need to be remanufactured. + if(delete) + { + // Open for writing at the start. Sets the size to zero. + if(NvFileOpen("w") >= 0) + { + fflush(s_NvFile); + fclose(s_NvFile); + } + } + } s_NvFile = NULL; // Set file handle to NULL #endif s_NvIsAvailable = FALSE; @@ -334,10 +335,10 @@ LIB_EXPORT int _plat__GetNvReadyState(void) #endif /* TPM_LIBTPMS_CALLBACKS */ if(!s_NvIsAvailable) - retVal = NV_WRITEFAILURE; + retVal = NV_WRITEFAILURE; #if FILE_BACKED_NV else - retVal = (s_NvFile == NULL); + retVal = (s_NvFile == NULL); #endif return retVal; } @@ -348,16 +349,16 @@ LIB_EXPORT int _plat__GetNvReadyState(void) // TRUE(1) offset and size is within available NV size // FALSE(0) otherwise; also trigger failure mode LIB_EXPORT int _plat__NvMemoryRead(unsigned int startOffset, // IN: read start - unsigned int size, // IN: size of bytes to read - void* data // OUT: data buffer - ) + unsigned int size, // IN: size of bytes to read + void* data // OUT: data buffer +) { assert(startOffset + size <= NV_MEMORY_SIZE); if(startOffset + size <= NV_MEMORY_SIZE) - { - memcpy(data, &s_NV[startOffset], size); // Copy data from RAM - return TRUE; - } + { + memcpy(data, &s_NV[startOffset], size); // Copy data from RAM + return TRUE; + } return FALSE; } @@ -369,16 +370,16 @@ LIB_EXPORT int _plat__NvMemoryRead(unsigned int startOffset, // IN: read start // NV_IS_SAME(0) the NV location is the same as the test value // NV_INVALID_LOCATION(-1) the NV location is invalid; also triggers failure mode LIB_EXPORT int _plat__NvGetChangedStatus( - unsigned int startOffset, // IN: read start - unsigned int size, // IN: size of bytes to read - void* data // IN: data buffer - ) + unsigned int startOffset, // IN: read start + unsigned int size, // IN: size of bytes to read + void* data // IN: data buffer +) { assert(startOffset + size <= NV_MEMORY_SIZE); if(startOffset + size <= NV_MEMORY_SIZE) - { - return (memcmp(&s_NV[startOffset], data, size) != 0); - } + { + return (memcmp(&s_NV[startOffset], data, size) != 0); + } // the NV location is invalid; the assert above should have triggered failure // mode return NV_INVALID_LOCATION; @@ -395,16 +396,16 @@ LIB_EXPORT int _plat__NvGetChangedStatus( // TRUE(1) offset and size is within available NV size // FALSE(0) otherwise; also trigger failure mode LIB_EXPORT int _plat__NvMemoryWrite(unsigned int startOffset, // IN: write start - unsigned int size, // IN: size of bytes to write - void* data // OUT: data buffer - ) + unsigned int size, // IN: size of bytes to write + void* data // OUT: data buffer +) { assert(startOffset + size <= NV_MEMORY_SIZE); if(startOffset + size <= NV_MEMORY_SIZE) - { - memcpy(&s_NV[startOffset], data, size); // Copy the data to the NV image - return TRUE; - } + { + memcpy(&s_NV[startOffset], data, size); // Copy the data to the NV image + return TRUE; + } return FALSE; } @@ -412,16 +413,16 @@ LIB_EXPORT int _plat__NvMemoryWrite(unsigned int startOffset, // IN: write star // Function is used to set a range of NV memory bytes to an implementation-dependent // value. The value represents the erase state of the memory. LIB_EXPORT int _plat__NvMemoryClear(unsigned int startOffset, // IN: clear start - unsigned int size // IN: number of bytes to clear - ) + unsigned int size // IN: number of bytes to clear +) { assert(startOffset + size <= NV_MEMORY_SIZE); if(startOffset + size <= NV_MEMORY_SIZE) - { - // In this implementation, assume that the erase value for NV is all 1s - memset(&s_NV[startOffset], 0xff, size); - return TRUE; - } + { + // In this implementation, assume that the erase value for NV is all 1s + memset(&s_NV[startOffset], 0xff, size); + return TRUE; + } return FALSE; } @@ -430,23 +431,23 @@ LIB_EXPORT int _plat__NvMemoryClear(unsigned int startOffset, // IN: clear star // This function should ensure that if there overlap, the original data is // copied before it is written LIB_EXPORT int _plat__NvMemoryMove(unsigned int sourceOffset, // IN: source offset - unsigned int destOffset, // IN: destination offset - unsigned int size // IN: size of data being moved - ) + unsigned int destOffset, // IN: destination offset + unsigned int size // IN: size of data being moved +) { assert(sourceOffset + size <= NV_MEMORY_SIZE); assert(destOffset + size <= NV_MEMORY_SIZE); if(sourceOffset + size <= NV_MEMORY_SIZE && destOffset + size <= NV_MEMORY_SIZE) - { - memmove(&s_NV[destOffset], &s_NV[sourceOffset], size); // Move data in RAM -#if 1 /* libtpms added begin */ - if (destOffset > sourceOffset) - memset(&s_NV[sourceOffset], 0, destOffset-sourceOffset); - else - memset(&s_NV[destOffset+size], 0, sourceOffset-destOffset); -#endif /* libtpms added end */ - return TRUE; - } + { + memmove(&s_NV[destOffset], &s_NV[sourceOffset], size); // Move data in RAM +#if 1 // libtpms added begin + if (destOffset > sourceOffset) + memset(&s_NV[sourceOffset], 0, destOffset-sourceOffset); + else + memset(&s_NV[destOffset+size], 0, sourceOffset-destOffset); +#endif // libtpms added end + return TRUE; + } return FALSE; } diff --git a/src/tpm2/NV_Certify_fp.h b/src/tpm2/NV_Certify_fp.h index a58af301..99028f37 100644 --- a/src/tpm2/NV_Certify_fp.h +++ b/src/tpm2/NV_Certify_fp.h @@ -59,40 +59,45 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_CERTIFY_FP_H -#define NV_CERTIFY_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT signHandle; - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; - UINT16 size; - UINT16 offset; +#if CC_NV_Certify // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_CERTIFY_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_CERTIFY_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT signHandle; + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; + UINT16 size; + UINT16 offset; } NV_Certify_In; -#define RC_NV_Certify_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Certify_authHandle (TPM_RC_H + TPM_RC_2) -#define RC_NV_Certify_nvIndex (TPM_RC_H + TPM_RC_3) -#define RC_NV_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_NV_Certify_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_NV_Certify_size (TPM_RC_P + TPM_RC_3) -#define RC_NV_Certify_offset (TPM_RC_P + TPM_RC_4) - - -typedef struct { - TPM2B_ATTEST certifyInfo; - TPMT_SIGNATURE signature; +// Output structure definition +typedef struct +{ + TPM2B_ATTEST certifyInfo; + TPMT_SIGNATURE signature; } NV_Certify_Out; +// Response code modifiers +# define RC_NV_Certify_signHandle (TPM_RC_H + TPM_RC_1) +# define RC_NV_Certify_authHandle (TPM_RC_H + TPM_RC_2) +# define RC_NV_Certify_nvIndex (TPM_RC_H + TPM_RC_3) +# define RC_NV_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) +# define RC_NV_Certify_inScheme (TPM_RC_P + TPM_RC_2) +# define RC_NV_Certify_size (TPM_RC_P + TPM_RC_3) +# define RC_NV_Certify_offset (TPM_RC_P + TPM_RC_4) + +// Function prototype TPM_RC -TPM2_NV_Certify( - NV_Certify_In *in, // IN: input parameter list - NV_Certify_Out *out // OUT: output parameter list - ); +TPM2_NV_Certify(NV_Certify_In* in, NV_Certify_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_CERTIFY_FP_H_ +#endif // CC_NV_Certify diff --git a/src/tpm2/NV_ChangeAuth_fp.h b/src/tpm2/NV_ChangeAuth_fp.h index fb26a733..4b3bd7f7 100644 --- a/src/tpm2/NV_ChangeAuth_fp.h +++ b/src/tpm2/NV_ChangeAuth_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_CHANGEAUTH_FP_H -#define NV_CHANGEAUTH_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_NV_INDEX nvIndex; - TPM2B_AUTH newAuth; +#if CC_NV_ChangeAuth // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_CHANGEAUTH_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_CHANGEAUTH_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_NV_INDEX nvIndex; + TPM2B_AUTH newAuth; } NV_ChangeAuth_In; -#define RC_NV_ChangeAuth_nvIndex (TPM_RC_H + TPM_RC_1) -#define RC_NV_ChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_NV_ChangeAuth_nvIndex (TPM_RC_H + TPM_RC_1) +# define RC_NV_ChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_NV_ChangeAuth( - NV_ChangeAuth_In *in // IN: input parameter list - ); +TPM2_NV_ChangeAuth(NV_ChangeAuth_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_CHANGEAUTH_FP_H_ +#endif // CC_NV_ChangeAuth diff --git a/src/tpm2/NV_DefineSpace2_fp.h b/src/tpm2/NV_DefineSpace2_fp.h index 43559b9f..428313d9 100644 --- a/src/tpm2/NV_DefineSpace2_fp.h +++ b/src/tpm2/NV_DefineSpace2_fp.h @@ -58,11 +58,15 @@ /* */ /********************************************************************************/ + +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT + #if CC_NV_DefineSpace2 // Command must be enabled -#ifndef NV_DEFINESPACE2_FP_H -#define NV_DEFINESPACE2_FP_H +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_DEFINESPACE2_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_DEFINESPACE2_FP_H_ +// Input structure definition typedef struct { TPMI_RH_PROVISION authHandle; @@ -70,12 +74,14 @@ typedef struct TPM2B_NV_PUBLIC_2 publicInfo; } NV_DefineSpace2_In; -#define RC_NV_DefineSpace2_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_DefineSpace2_auth (TPM_RC_P + TPM_RC_1) -#define RC_NV_DefineSpace2_publicInfo (TPM_RC_P + TPM_RC_2) +// Response code modifiers +# define RC_NV_DefineSpace2_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_NV_DefineSpace2_auth (TPM_RC_P + TPM_RC_1) +# define RC_NV_DefineSpace2_publicInfo (TPM_RC_P + TPM_RC_2) +// Function prototype TPM_RC TPM2_NV_DefineSpace2(NV_DefineSpace2_In* in); -#endif // NV_DEFINESPACE2_FP_H +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_DEFINESPACE2_FP_H_ #endif // CC_NV_DefineSpace2 diff --git a/src/tpm2/NV_DefineSpace_fp.h b/src/tpm2/NV_DefineSpace_fp.h index 03d81c32..9c15f184 100644 --- a/src/tpm2/NV_DefineSpace_fp.h +++ b/src/tpm2/NV_DefineSpace_fp.h @@ -59,25 +59,30 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_DEFINESPACE_FP_H -#define NV_DEFINESPACE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_PROVISION authHandle; - TPM2B_AUTH auth; - TPM2B_NV_PUBLIC publicInfo; +#if CC_NV_DefineSpace // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_DEFINESPACE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_DEFINESPACE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PROVISION authHandle; + TPM2B_AUTH auth; + TPM2B_NV_PUBLIC publicInfo; } NV_DefineSpace_In; -#define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1) -#define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2) +// Response code modifiers +# define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1) +# define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2) +// Function prototype TPM_RC -TPM2_NV_DefineSpace( - NV_DefineSpace_In *in // IN: input parameter list - ); +TPM2_NV_DefineSpace(NV_DefineSpace_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_DEFINESPACE_FP_H_ +#endif // CC_NV_DefineSpace diff --git a/src/tpm2/NV_Extend_fp.h b/src/tpm2/NV_Extend_fp.h index 58d4c2fa..aadebaea 100644 --- a/src/tpm2/NV_Extend_fp.h +++ b/src/tpm2/NV_Extend_fp.h @@ -59,25 +59,30 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_EXTEND_FP_H -#define NV_EXTEND_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPM2B_MAX_NV_BUFFER data; +#if CC_NV_Extend // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_EXTEND_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_EXTEND_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPM2B_MAX_NV_BUFFER data; } NV_Extend_In; -#define RC_NV_Extend_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Extend_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_Extend_data (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_NV_Extend_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_NV_Extend_nvIndex (TPM_RC_H + TPM_RC_2) +# define RC_NV_Extend_data (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_NV_Extend( - NV_Extend_In *in // IN: input parameter list - ); +TPM2_NV_Extend(NV_Extend_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_EXTEND_FP_H_ +#endif // CC_NV_Extend diff --git a/src/tpm2/NV_GlobalWriteLock_fp.h b/src/tpm2/NV_GlobalWriteLock_fp.h index 4f6b26b2..0cb04bb5 100644 --- a/src/tpm2/NV_GlobalWriteLock_fp.h +++ b/src/tpm2/NV_GlobalWriteLock_fp.h @@ -59,21 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_GLOBALWRITELOCK_FP_H -#define NV_GLOBALWRITELOCK_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_PROVISION authHandle; +#if CC_NV_GlobalWriteLock // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_GLOBALWRITELOCK_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_GLOBALWRITELOCK_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PROVISION authHandle; } NV_GlobalWriteLock_In; -#define RC_NV_GlobalWriteLock_authHandle (TPM_RC_H + TPM_RC_1) +// Response code modifiers +# define RC_NV_GlobalWriteLock_authHandle (TPM_RC_H + TPM_RC_1) +// Function prototype TPM_RC -TPM2_NV_GlobalWriteLock( - NV_GlobalWriteLock_In *in // IN: input parameter list - ); +TPM2_NV_GlobalWriteLock(NV_GlobalWriteLock_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_GLOBALWRITELOCK_FP_H_ +#endif // CC_NV_GlobalWriteLock diff --git a/src/tpm2/NV_Increment_fp.h b/src/tpm2/NV_Increment_fp.h index 260e0cba..84414e01 100644 --- a/src/tpm2/NV_Increment_fp.h +++ b/src/tpm2/NV_Increment_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_INCREMENT_FP_H -#define NV_INCREMENT_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; -} NV_Increment_In;; +#if CC_NV_Increment // Command must be enabled -#define RC_NV_Increment_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Increment_nvIndex (TPM_RC_H + TPM_RC_2) +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_INCREMENT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_INCREMENT_FP_H_ +// Input structure definition +typedef struct +{ + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; +} NV_Increment_In; + +// Response code modifiers +# define RC_NV_Increment_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_NV_Increment_nvIndex (TPM_RC_H + TPM_RC_2) + +// Function prototype TPM_RC -TPM2_NV_Increment( - NV_Increment_In *in // IN: input parameter list - ); +TPM2_NV_Increment(NV_Increment_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_INCREMENT_FP_H_ +#endif // CC_NV_Increment diff --git a/src/tpm2/NV_ReadLock_fp.h b/src/tpm2/NV_ReadLock_fp.h index f50479bf..93df04f6 100644 --- a/src/tpm2/NV_ReadLock_fp.h +++ b/src/tpm2/NV_ReadLock_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_READLOCK_FP_H -#define NV_READLOCK_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; +#if CC_NV_ReadLock // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_READLOCK_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_READLOCK_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; } NV_ReadLock_In; -#define RC_NV_ReadLock_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_ReadLock_nvIndex (TPM_RC_H + TPM_RC_2) +// Response code modifiers +# define RC_NV_ReadLock_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_NV_ReadLock_nvIndex (TPM_RC_H + TPM_RC_2) +// Function prototype TPM_RC -TPM2_NV_ReadLock( - NV_ReadLock_In *in // IN: input parameter list - ); +TPM2_NV_ReadLock(NV_ReadLock_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_READLOCK_FP_H_ +#endif // CC_NV_ReadLock diff --git a/src/tpm2/NV_ReadPublic2_fp.h b/src/tpm2/NV_ReadPublic2_fp.h index c601c031..df1d43f4 100644 --- a/src/tpm2/NV_ReadPublic2_fp.h +++ b/src/tpm2/NV_ReadPublic2_fp.h @@ -58,25 +58,33 @@ /* */ /********************************************************************************/ -#ifndef NV_READPUBLIC2_FP_H -#define NV_READPUBLIC2_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT + +#if CC_NV_ReadPublic2 // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_READPUBLIC2_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_READPUBLIC2_FP_H_ + +// Input structure definition typedef struct { TPMI_RH_NV_INDEX nvIndex; } NV_ReadPublic2_In; +// Output structure definition typedef struct { TPM2B_NV_PUBLIC_2 nvPublic; TPM2B_NAME nvName; } NV_ReadPublic2_Out; +// Response code modifiers # define RC_NV_ReadPublic2_nvIndex (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_NV_ReadPublic2(NV_ReadPublic2_In* in, NV_ReadPublic2_Out* out); -# endif - +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_READPUBLIC2_FP_H_ +#endif // CC_NV_ReadPublic2 diff --git a/src/tpm2/NV_ReadPublic_fp.h b/src/tpm2/NV_ReadPublic_fp.h index bcad3062..7e42ea4a 100644 --- a/src/tpm2/NV_ReadPublic_fp.h +++ b/src/tpm2/NV_ReadPublic_fp.h @@ -59,27 +59,33 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_READPUBLIC_FP_H -#define NV_READPUBLIC_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_NV_INDEX nvIndex; +#if CC_NV_ReadPublic // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_READPUBLIC_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_READPUBLIC_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_NV_INDEX nvIndex; } NV_ReadPublic_In; -#define RC_NV_ReadPublic_nvIndex (TPM_RC_P + TPM_RC_1) - -typedef struct { - TPM2B_NV_PUBLIC nvPublic; - TPM2B_NAME nvName; +// Output structure definition +typedef struct +{ + TPM2B_NV_PUBLIC nvPublic; + TPM2B_NAME nvName; } NV_ReadPublic_Out; +// Response code modifiers +# define RC_NV_ReadPublic_nvIndex (TPM_RC_P + TPM_RC_1) + +// Function prototype TPM_RC -TPM2_NV_ReadPublic( - NV_ReadPublic_In *in, // IN: input parameter list - NV_ReadPublic_Out *out // OUT: output parameter list - ); +TPM2_NV_ReadPublic(NV_ReadPublic_In* in, NV_ReadPublic_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_READPUBLIC_FP_H_ +#endif // CC_NV_ReadPublic diff --git a/src/tpm2/NV_Read_fp.h b/src/tpm2/NV_Read_fp.h index 660fbd15..154ad83e 100644 --- a/src/tpm2/NV_Read_fp.h +++ b/src/tpm2/NV_Read_fp.h @@ -59,31 +59,38 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_READ_FP_H -#define NV_READ_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - UINT16 size; - UINT16 offset; +#if CC_NV_Read // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_READ_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_READ_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + UINT16 size; + UINT16 offset; } NV_Read_In; -#define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_Read_size (TPM_RC_P + TPM_RC_1) -#define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2) - -typedef struct { - TPM2B_MAX_NV_BUFFER data; +// Output structure definition +typedef struct +{ + TPM2B_MAX_NV_BUFFER data; } NV_Read_Out; -TPM_RC -TPM2_NV_Read( - NV_Read_In *in, // IN: input parameter list - NV_Read_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2) +# define RC_NV_Read_size (TPM_RC_P + TPM_RC_1) +# define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2) -#endif +// Function prototype +TPM_RC +TPM2_NV_Read(NV_Read_In* in, NV_Read_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_READ_FP_H_ +#endif // CC_NV_Read diff --git a/src/tpm2/NV_SetBits_fp.h b/src/tpm2/NV_SetBits_fp.h index b860d644..50263a45 100644 --- a/src/tpm2/NV_SetBits_fp.h +++ b/src/tpm2/NV_SetBits_fp.h @@ -59,25 +59,30 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_SETBITS_FP_H -#define NV_SETBITS_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - UINT64 bits; +#if CC_NV_SetBits // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_SETBITS_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_SETBITS_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + UINT64 bits; } NV_SetBits_In; -#define RC_NV_SetBits_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_SetBits_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_SetBits_bits (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_NV_SetBits_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_NV_SetBits_nvIndex (TPM_RC_H + TPM_RC_2) +# define RC_NV_SetBits_bits (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_NV_SetBits( - NV_SetBits_In *in // IN: input parameter list - ); +TPM2_NV_SetBits(NV_SetBits_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_SETBITS_FP_H_ +#endif // CC_NV_SetBits diff --git a/src/tpm2/NV_UndefineSpaceSpecial_fp.h b/src/tpm2/NV_UndefineSpaceSpecial_fp.h index d2016a42..5409f7cc 100644 --- a/src/tpm2/NV_UndefineSpaceSpecial_fp.h +++ b/src/tpm2/NV_UndefineSpaceSpecial_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_UNDEFINESPACESPECIAL_FP_H -#define NV_UNDEFINESPACESPECIAL_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_NV_INDEX nvIndex; - TPMI_RH_PLATFORM platform; +#if CC_NV_UndefineSpaceSpecial // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_UNDEFINESPACESPECIAL_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_UNDEFINESPACESPECIAL_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_NV_DEFINED_INDEX nvIndex; + TPMI_RH_PLATFORM platform; } NV_UndefineSpaceSpecial_In; -#define RC_NV_UndefineSpaceSpecial_nvIndex (TPM_RC_H + TPM_RC_1) -#define RC_NV_UndefineSpaceSpecial_platform (TPM_RC_H + TPM_RC_2) +// Response code modifiers +# define RC_NV_UndefineSpaceSpecial_nvIndex (TPM_RC_H + TPM_RC_1) +# define RC_NV_UndefineSpaceSpecial_platform (TPM_RC_H + TPM_RC_2) +// Function prototype TPM_RC -TPM2_NV_UndefineSpaceSpecial( - NV_UndefineSpaceSpecial_In *in // IN: input parameter list - ); +TPM2_NV_UndefineSpaceSpecial(NV_UndefineSpaceSpecial_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_UNDEFINESPACESPECIAL_FP_H_ +#endif // CC_NV_UndefineSpaceSpecial diff --git a/src/tpm2/NV_UndefineSpace_fp.h b/src/tpm2/NV_UndefineSpace_fp.h index fc6897e0..52d09b1c 100644 --- a/src/tpm2/NV_UndefineSpace_fp.h +++ b/src/tpm2/NV_UndefineSpace_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_UNDEFINESPACE_FP_H -#define NV_UNDEFINESPACE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_PROVISION authHandle; - TPMI_RH_NV_INDEX nvIndex; +#if CC_NV_UndefineSpace // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_UNDEFINESPACE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_UNDEFINESPACE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PROVISION authHandle; + TPMI_RH_NV_DEFINED_INDEX nvIndex; } NV_UndefineSpace_In; -#define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2) +// Response code modifiers +# define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2) +// Function prototype TPM_RC -TPM2_NV_UndefineSpace( - NV_UndefineSpace_In *in // IN: input parameter list - ); +TPM2_NV_UndefineSpace(NV_UndefineSpace_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_UNDEFINESPACE_FP_H_ +#endif // CC_NV_UndefineSpace diff --git a/src/tpm2/NV_WriteLock_fp.h b/src/tpm2/NV_WriteLock_fp.h index 77713435..68a8d344 100644 --- a/src/tpm2/NV_WriteLock_fp.h +++ b/src/tpm2/NV_WriteLock_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_WRITELOCK_FP_H -#define NV_WRITELOCK_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; +#if CC_NV_WriteLock // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_WRITELOCK_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_WRITELOCK_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; } NV_WriteLock_In; -#define RC_NV_WriteLock_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_WriteLock_nvIndex (TPM_RC_H + TPM_RC_2) +// Response code modifiers +# define RC_NV_WriteLock_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_NV_WriteLock_nvIndex (TPM_RC_H + TPM_RC_2) +// Function prototype TPM_RC -TPM2_NV_WriteLock( - NV_WriteLock_In *in // IN: input parameter list - ); +TPM2_NV_WriteLock(NV_WriteLock_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_WRITELOCK_FP_H_ +#endif // CC_NV_WriteLock diff --git a/src/tpm2/NV_Write_fp.h b/src/tpm2/NV_Write_fp.h index 2880c6ea..de0b76f3 100644 --- a/src/tpm2/NV_Write_fp.h +++ b/src/tpm2/NV_Write_fp.h @@ -59,27 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef NV_WRITE_FP_H -#define NV_WRITE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPM2B_MAX_NV_BUFFER data; - UINT16 offset; +#if CC_NV_Write // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_WRITE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_WRITE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPM2B_MAX_NV_BUFFER data; + UINT16 offset; } NV_Write_In; -#define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_NV_Write_data (TPM_RC_P + TPM_RC_1) -#define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2) +// Response code modifiers +# define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2) +# define RC_NV_Write_data (TPM_RC_P + TPM_RC_1) +# define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2) +// Function prototype TPM_RC -TPM2_NV_Write( - NV_Write_In *in // IN: input parameter list - ); +TPM2_NV_Write(NV_Write_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_NV_WRITE_FP_H_ +#endif // CC_NV_Write diff --git a/src/tpm2/NV_spt.c b/src/tpm2/NV_spt.c index 0fe787dd..ab217a49 100644 --- a/src/tpm2/NV_spt.c +++ b/src/tpm2/NV_spt.c @@ -75,40 +75,40 @@ // TPM_RC NvReadAccessChecks(TPM_HANDLE authHandle, // IN: the handle that provided the - // authorization - TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read - TPMA_NV attributes // IN: the attributes of 'nvHandle' - ) + // authorization + TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read + TPMA_NV attributes // IN: the attributes of 'nvHandle' +) { // If data is read locked, returns an error if(IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED)) - return TPM_RC_NV_LOCKED; + return TPM_RC_NV_LOCKED; // If the authorization was provided by the owner or platform, then check // that the attributes allow the read. If the authorization handle // is the same as the index, then the checks were made when the authorization // was checked.. if(authHandle == TPM_RH_OWNER) - { - // If Owner provided authorization then ONWERWRITE must be SET - if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD)) - return TPM_RC_NV_AUTHORIZATION; - } + { + // If Owner provided authorization then ONWERWRITE must be SET + if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD)) + return TPM_RC_NV_AUTHORIZATION; + } else if(authHandle == TPM_RH_PLATFORM) - { - // If Platform provided authorization then PPWRITE must be SET - if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD)) - return TPM_RC_NV_AUTHORIZATION; - } + { + // If Platform provided authorization then PPWRITE must be SET + if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD)) + return TPM_RC_NV_AUTHORIZATION; + } // If neither Owner nor Platform provided authorization, make sure that it was // provided by this index. else if(authHandle != nvHandle) - return TPM_RC_NV_AUTHORIZATION; + return TPM_RC_NV_AUTHORIZATION; // If the index has not been written, then the value cannot be read // NOTE: This has to come after other access checks to make sure that // the proper authorization is given to TPM2_NV_ReadLock() if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN)) - return TPM_RC_NV_UNINITIALIZED; + return TPM_RC_NV_UNINITIALIZED; return TPM_RC_SUCCESS; } @@ -122,35 +122,35 @@ NvReadAccessChecks(TPM_HANDLE authHandle, // IN: the handle that provided the // TPM_RC NvWriteAccessChecks( - TPM_HANDLE authHandle, // IN: the handle that provided the - // authorization - TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written - TPMA_NV attributes // IN: the attributes of 'nvHandle' - ) + TPM_HANDLE authHandle, // IN: the handle that provided the + // authorization + TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written + TPMA_NV attributes // IN: the attributes of 'nvHandle' +) { // If data is write locked, returns an error if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED)) - return TPM_RC_NV_LOCKED; + return TPM_RC_NV_LOCKED; // If the authorization was provided by the owner or platform, then check // that the attributes allow the write. If the authorization handle // is the same as the index, then the checks were made when the authorization // was checked.. if(authHandle == TPM_RH_OWNER) - { - // If Owner provided authorization then ONWERWRITE must be SET - if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE)) - return TPM_RC_NV_AUTHORIZATION; - } + { + // If Owner provided authorization then ONWERWRITE must be SET + if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE)) + return TPM_RC_NV_AUTHORIZATION; + } else if(authHandle == TPM_RH_PLATFORM) - { - // If Platform provided authorization then PPWRITE must be SET - if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE)) - return TPM_RC_NV_AUTHORIZATION; - } + { + // If Platform provided authorization then PPWRITE must be SET + if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE)) + return TPM_RC_NV_AUTHORIZATION; + } // If neither Owner nor Platform provided authorization, make sure that it was // provided by this index. else if(authHandle != nvHandle) - return TPM_RC_NV_AUTHORIZATION; + return TPM_RC_NV_AUTHORIZATION; return TPM_RC_SUCCESS; } @@ -161,7 +161,7 @@ TPM_RC NvClearOrderly(void) { if(gp.orderlyState < SU_DA_USED_VALUE) - RETURN_IF_NV_IS_NOT_AVAILABLE; + RETURN_IF_NV_IS_NOT_AVAILABLE; g_clearOrderly = TRUE; return TPM_RC_SUCCESS; } @@ -172,14 +172,14 @@ NvClearOrderly(void) // TRUE(1) is pin pass // FALSE(0) is not pin pass BOOL NvIsPinPassIndex(TPM_HANDLE index // IN: Handle to check - ) +) { if(HandleGetType(index) == TPM_HT_NV_INDEX) - { - NV_INDEX* nvIndex = NvGetIndexInfo(index, NULL); + { + NV_INDEX* nvIndex = NvGetIndexInfo(index, NULL); - return IsNvPinPassIndex(nvIndex->publicArea.attributes); - } + return IsNvPinPassIndex(nvIndex->publicArea.attributes); + } return FALSE; } @@ -190,10 +190,10 @@ BOOL NvIsPinPassIndex(TPM_HANDLE index // IN: Handle to check // // This function requires that the NV Index is defined. TPM2B_NAME* NvGetIndexName( - NV_INDEX* nvIndex, // IN: the index over which the name is to be - // computed - TPM2B_NAME* name // OUT: name of the index - ) + NV_INDEX* nvIndex, // IN: the index over which the name is to be + // computed + TPM2B_NAME* name // OUT: name of the index +) { UINT16 dataSize, digestSize; BYTE marshalBuffer[sizeof(TPMU_NV_PUBLIC_2)]; @@ -213,10 +213,10 @@ TPM2B_NAME* NvGetIndexName( // has a TPMS_NV_PUBLIC representation. buffer = marshalBuffer; dataSize = - TPMU_NV_PUBLIC_2_Marshal(&public2.nvPublic2, - &buffer, - &bufferSize, - (UINT32)HandleGetType(nvIndex->publicArea.nvIndex)); + TPMU_NV_PUBLIC_2_Marshal(&public2.nvPublic2, + &buffer, + &bufferSize, + (UINT32)HandleGetType(nvIndex->publicArea.nvIndex)); // hash public area digestSize = CryptHashStart(&hashState, nvIndex->publicArea.nameAlg); @@ -262,36 +262,36 @@ static TPMA_NV_EXP ExpandedAttributesFromLegacy(TPMA_NV attributes) // This function converts a legacy-form NV public (TPMS_NV_PUBLIC) into the // generalized TPMT_NV_PUBLIC_2 tagged-union representation. TPM_RC NvPublic2FromNvPublic( - TPMS_NV_PUBLIC* nvPublic, // IN: the source S-form NV public area - TPMT_NV_PUBLIC_2* nvPublic2 // OUT: the T-form NV public area to populate - ) + TPMS_NV_PUBLIC* nvPublic, // IN: the source S-form NV public area + TPMT_NV_PUBLIC_2* nvPublic2 // OUT: the T-form NV public area to populate +) { TPM_HT handleType = HandleGetType(nvPublic->nvIndex); switch(handleType) - { - case TPM_HT_NV_INDEX: - nvPublic2->nvPublic2.nvIndex = *nvPublic; - break; - case TPM_HT_PERMANENT_NV: - nvPublic2->nvPublic2.permanentNV = *nvPublic; - break; + { + case TPM_HT_NV_INDEX: + nvPublic2->nvPublic2.nvIndex = *nvPublic; + break; + case TPM_HT_PERMANENT_NV: + nvPublic2->nvPublic2.permanentNV = *nvPublic; + break; #if EXTERNAL_NV - case TPM_HT_EXTERNAL_NV: - { - TPMS_NV_PUBLIC_EXP_ATTR* pub = &nvPublic2->nvPublic2.externalNV; + case TPM_HT_EXTERNAL_NV: + { + TPMS_NV_PUBLIC_EXP_ATTR* pub = &nvPublic2->nvPublic2.externalNV; - pub->attributes = ExpandedAttributesFromLegacy(nvPublic->attributes); - pub->authPolicy = nvPublic->authPolicy; - pub->dataSize = nvPublic->dataSize; - pub->nameAlg = nvPublic->nameAlg; - pub->nvIndex = nvPublic->nvIndex; - break; - } + pub->attributes = ExpandedAttributesFromLegacy(nvPublic->attributes); + pub->authPolicy = nvPublic->authPolicy; + pub->dataSize = nvPublic->dataSize; + pub->nameAlg = nvPublic->nameAlg; + pub->nvIndex = nvPublic->nvIndex; + break; + } #endif - default: - return TPM_RCS_HANDLE; - } + default: + return TPM_RCS_HANDLE; + } nvPublic2->handleType = handleType; return TPM_RC_SUCCESS; @@ -304,33 +304,33 @@ TPM_RC NvPublic2FromNvPublic( // bits in the extended area of the attributes are lost, and the Name cannot be // computed based on it. TPM_RC NvPublicFromNvPublic2( - TPMT_NV_PUBLIC_2* nvPublic2, // IN: the source T-form NV public area - TPMS_NV_PUBLIC* nvPublic // OUT: the S-form NV public area to populate - ) + TPMT_NV_PUBLIC_2* nvPublic2, // IN: the source T-form NV public area + TPMS_NV_PUBLIC* nvPublic // OUT: the S-form NV public area to populate +) { switch(nvPublic2->handleType) - { - case TPM_HT_NV_INDEX: - *nvPublic = nvPublic2->nvPublic2.nvIndex; - break; - case TPM_HT_PERMANENT_NV: - *nvPublic = nvPublic2->nvPublic2.permanentNV; - break; + { + case TPM_HT_NV_INDEX: + *nvPublic = nvPublic2->nvPublic2.nvIndex; + break; + case TPM_HT_PERMANENT_NV: + *nvPublic = nvPublic2->nvPublic2.permanentNV; + break; #if EXTERNAL_NV - case TPM_HT_EXTERNAL_NV: - { - TPMS_NV_PUBLIC_EXP_ATTR* pub = &nvPublic2->nvPublic2.externalNV; + case TPM_HT_EXTERNAL_NV: + { + TPMS_NV_PUBLIC_EXP_ATTR* pub = &nvPublic2->nvPublic2.externalNV; - nvPublic->attributes = LegacyAttributesFromExpanded(pub->attributes); - nvPublic->authPolicy = pub->authPolicy; - nvPublic->dataSize = pub->dataSize; - nvPublic->nameAlg = pub->nameAlg; - break; - } + nvPublic->attributes = LegacyAttributesFromExpanded(pub->attributes); + nvPublic->authPolicy = pub->authPolicy; + nvPublic->dataSize = pub->dataSize; + nvPublic->nameAlg = pub->nameAlg; + break; + } #endif - default: - return TPM_RCS_HANDLE; - } + default: + return TPM_RCS_HANDLE; + } return TPM_RC_SUCCESS; } @@ -340,11 +340,11 @@ TPM_RC NvPublicFromNvPublic2( // This function combines the common functionality of TPM2_NV_DefineSpace and // TPM2_NV_DefineSpace2. TPM_RC NvDefineSpace(TPMI_RH_PROVISION authHandle, - TPM2B_AUTH* auth, - TPMS_NV_PUBLIC* publicInfo, - TPM_RC blameAuthHandle, - TPM_RC blameAuth, - TPM_RC blamePublic) + TPM2B_AUTH* auth, + TPMS_NV_PUBLIC* publicInfo, + TPM_RC blameAuthHandle, + TPM_RC blameAuth, + TPM_RC blamePublic) { TPMA_NV attributes = publicInfo->attributes; UINT16 nameSize; @@ -359,150 +359,150 @@ TPM_RC NvDefineSpace(TPMI_RH_PROVISION authHandle, // an index that can only be deleted with policy #if CC_NV_UndefineSpaceSpecial == NO if(IS_ATTRIBUTE(attributes, TPMA_NV, POLICY_DELETE)) - return TPM_RCS_ATTRIBUTES + blamePublic; + return TPM_RCS_ATTRIBUTES + blamePublic; #endif // check that the authPolicy consistent with hash algorithm if(publicInfo->authPolicy.t.size != 0 && publicInfo->authPolicy.t.size != nameSize) - return TPM_RCS_SIZE + blamePublic; + return TPM_RCS_SIZE + blamePublic; // make sure that the authValue is not too large if(MemoryRemoveTrailingZeros(auth) > CryptHashGetDigestSize(publicInfo->nameAlg)) - return TPM_RCS_SIZE + blameAuth; + return TPM_RCS_SIZE + blameAuth; // If an index is being created by the owner and shEnable is // clear, then we would not reach this point because ownerAuth // can't be given when shEnable is CLEAR. However, if phEnable // is SET but phEnableNV is CLEAR, we have to check here if(authHandle == TPM_RH_PLATFORM && gc.phEnableNV == CLEAR) - return TPM_RCS_HIERARCHY + blameAuthHandle; + return TPM_RCS_HIERARCHY + blameAuthHandle; // Attribute checks // Eliminate the unsupported types switch(GET_TPM_NT(attributes)) - { + { #if CC_NV_Increment == YES - case TPM_NT_COUNTER: + case TPM_NT_COUNTER: #endif #if CC_NV_SetBits == YES - case TPM_NT_BITS: + case TPM_NT_BITS: #endif #if CC_NV_Extend == YES - case TPM_NT_EXTEND: + case TPM_NT_EXTEND: #endif #if CC_PolicySecret == YES && defined TPM_NT_PIN_PASS - case TPM_NT_PIN_PASS: - case TPM_NT_PIN_FAIL: + case TPM_NT_PIN_PASS: + case TPM_NT_PIN_FAIL: #endif - case TPM_NT_ORDINARY: - break; - default: - return TPM_RCS_ATTRIBUTES + blamePublic; - break; - } + case TPM_NT_ORDINARY: + break; + default: + return TPM_RCS_ATTRIBUTES + blamePublic; + break; + } // Check that the sizes are OK based on the type switch(GET_TPM_NT(attributes)) - { - case TPM_NT_ORDINARY: - // Can't exceed the allowed size for the implementation - if(publicInfo->dataSize > MAX_NV_INDEX_SIZE) - return TPM_RCS_SIZE + blamePublic; - break; - case TPM_NT_EXTEND: - if(publicInfo->dataSize != nameSize) - return TPM_RCS_SIZE + blamePublic; - break; - default: - // Everything else needs a size of 8 - if(publicInfo->dataSize != 8) - return TPM_RCS_SIZE + blamePublic; - break; - } + { + case TPM_NT_ORDINARY: + // Can't exceed the allowed size for the implementation + if(publicInfo->dataSize > MAX_NV_INDEX_SIZE) + return TPM_RCS_SIZE + blamePublic; + break; + case TPM_NT_EXTEND: + if(publicInfo->dataSize != nameSize) + return TPM_RCS_SIZE + blamePublic; + break; + default: + // Everything else needs a size of 8 + if(publicInfo->dataSize != 8) + return TPM_RCS_SIZE + blamePublic; + break; + } // Handle other specifics switch(GET_TPM_NT(attributes)) - { - case TPM_NT_COUNTER: - // Counter can't have TPMA_NV_CLEAR_STCLEAR SET (don't clear counters) - if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR)) - return TPM_RCS_ATTRIBUTES + blamePublic; - break; + { + case TPM_NT_COUNTER: + // Counter can't have TPMA_NV_CLEAR_STCLEAR SET (don't clear counters) + if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR)) + return TPM_RCS_ATTRIBUTES + blamePublic; + break; #ifdef TPM_NT_PIN_FAIL - case TPM_NT_PIN_FAIL: - // NV_NO_DA must be SET and AUTHWRITE must be CLEAR - // NOTE: As with a PIN_PASS index, the authValue of the index is not - // available until the index is written. If AUTHWRITE is the only way to - // write then index, it could never be written. Rather than go through - // all of the other possible ways to write the Index, it is simply - // prohibited to write the index with the authValue. Other checks - // below will insure that there seems to be a way to write the index - // (i.e., with platform authorization , owner authorization, - // or with policyAuth.) - // It is not allowed to create a PIN Index that can't be modified. - if(!IS_ATTRIBUTE(attributes, TPMA_NV, NO_DA)) - return TPM_RCS_ATTRIBUTES + blamePublic; + case TPM_NT_PIN_FAIL: + // NV_NO_DA must be SET and AUTHWRITE must be CLEAR + // NOTE: As with a PIN_PASS index, the authValue of the index is not + // available until the index is written. If AUTHWRITE is the only way to + // write then index, it could never be written. Rather than go through + // all of the other possible ways to write the Index, it is simply + // prohibited to write the index with the authValue. Other checks + // below will insure that there seems to be a way to write the index + // (i.e., with platform authorization , owner authorization, + // or with policyAuth.) + // It is not allowed to create a PIN Index that can't be modified. + if(!IS_ATTRIBUTE(attributes, TPMA_NV, NO_DA)) + return TPM_RCS_ATTRIBUTES + blamePublic; #endif #ifdef TPM_NT_PIN_PASS - case TPM_NT_PIN_PASS: - // AUTHWRITE must be CLEAR (see note above to TPM_NT_PIN_FAIL) - if(IS_ATTRIBUTE(attributes, TPMA_NV, AUTHWRITE) - || IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK) - || IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) - return TPM_RCS_ATTRIBUTES + blamePublic; + case TPM_NT_PIN_PASS: + // AUTHWRITE must be CLEAR (see note above to TPM_NT_PIN_FAIL) + if(IS_ATTRIBUTE(attributes, TPMA_NV, AUTHWRITE) + || IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK) + || IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) + return TPM_RCS_ATTRIBUTES + blamePublic; #endif // this comes before break because PIN_FAIL falls through - break; - default: - break; - } + break; + default: + break; + } // Locks may not be SET and written cannot be SET if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN) || IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED) || IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED)) - return TPM_RCS_ATTRIBUTES + blamePublic; + return TPM_RCS_ATTRIBUTES + blamePublic; // There must be a way to read the index. if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD) && !IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD) && !IS_ATTRIBUTE(attributes, TPMA_NV, AUTHREAD) && !IS_ATTRIBUTE(attributes, TPMA_NV, POLICYREAD)) - return TPM_RCS_ATTRIBUTES + blamePublic; + return TPM_RCS_ATTRIBUTES + blamePublic; // There must be a way to write the index if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE) && !IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE) && !IS_ATTRIBUTE(attributes, TPMA_NV, AUTHWRITE) && !IS_ATTRIBUTE(attributes, TPMA_NV, POLICYWRITE)) - return TPM_RCS_ATTRIBUTES + blamePublic; + return TPM_RCS_ATTRIBUTES + blamePublic; // An index with TPMA_NV_CLEAR_STCLEAR can't have TPMA_NV_WRITEDEFINE SET if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR) && IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) - return TPM_RCS_ATTRIBUTES + blamePublic; + return TPM_RCS_ATTRIBUTES + blamePublic; // Make sure that the creator of the index can delete the index if((IS_ATTRIBUTE(attributes, TPMA_NV, PLATFORMCREATE) - && authHandle == TPM_RH_OWNER) + && authHandle == TPM_RH_OWNER) || (!IS_ATTRIBUTE(attributes, TPMA_NV, PLATFORMCREATE) - && authHandle == TPM_RH_PLATFORM)) - return TPM_RCS_ATTRIBUTES + blameAuthHandle; + && authHandle == TPM_RH_PLATFORM)) + return TPM_RCS_ATTRIBUTES + blameAuthHandle; // If TPMA_NV_POLICY_DELETE is SET, then the index must be defined by // the platform if(IS_ATTRIBUTE(attributes, TPMA_NV, POLICY_DELETE) && TPM_RH_PLATFORM != authHandle) - return TPM_RCS_ATTRIBUTES + blamePublic; + return TPM_RCS_ATTRIBUTES + blamePublic; // Make sure that the TPMA_NV_WRITEALL is not set if the index size is larger // than the allowed NV buffer size. if(publicInfo->dataSize > MAX_NV_BUFFER_SIZE && IS_ATTRIBUTE(attributes, TPMA_NV, WRITEALL)) - return TPM_RCS_SIZE + blamePublic; + return TPM_RCS_SIZE + blamePublic; // And finally, see if the index is already defined. if(NvIndexIsDefined(publicInfo->nvIndex)) - return TPM_RC_NV_DEFINED; + return TPM_RC_NV_DEFINED; // Internal Data Update // define the space. A TPM_RC_NV_SPACE error may be returned at this point diff --git a/src/tpm2/NV_spt_fp.h b/src/tpm2/NV_spt_fp.h index de57ba0a..bd134b58 100644 --- a/src/tpm2/NV_spt_fp.h +++ b/src/tpm2/NV_spt_fp.h @@ -58,48 +58,97 @@ /* */ /********************************************************************************/ -#ifndef NV_SPT_FP_H -#define NV_SPT_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ +#ifndef _NV_SPT_FP_H_ +#define _NV_SPT_FP_H_ + +//*** NvReadAccessChecks() +// Common routine for validating a read +// Used by TPM2_NV_Read, TPM2_NV_ReadLock and TPM2_PolicyNV +// Return Type: TPM_RC +// TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read +// of the index +// TPM_RC_NV_LOCKED Read locked +// TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index +// TPM_RC -NvReadAccessChecks( - TPM_HANDLE authHandle, // IN: the handle that provided the - // authorization - TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read - TPMA_NV attributes // IN: the attributes of 'nvHandle' - ); +NvReadAccessChecks(TPM_HANDLE authHandle, // IN: the handle that provided the + // authorization + TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read + TPMA_NV attributes // IN: the attributes of 'nvHandle' +); + +//*** NvWriteAccessChecks() +// Common routine for validating a write +// Used by TPM2_NV_Write, TPM2_NV_Increment, TPM2_SetBits, and TPM2_NV_WriteLock +// Return Type: TPM_RC +// TPM_RC_NV_AUTHORIZATION Authorization fails +// TPM_RC_NV_LOCKED Write locked +// TPM_RC NvWriteAccessChecks( - TPM_HANDLE authHandle, // IN: the handle that provided the - // authorization - TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written - TPMA_NV attributes // IN: the attributes of 'nvHandle' - ); + TPM_HANDLE authHandle, // IN: the handle that provided the + // authorization + TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written + TPMA_NV attributes // IN: the attributes of 'nvHandle' +); + +//*** NvClearOrderly() +// This function is used to cause gp.orderlyState to be cleared to the +// non-orderly state. TPM_RC -NvClearOrderly( - void - ); -BOOL -NvIsPinPassIndex( - TPM_HANDLE index // IN: Handle to check - ); +NvClearOrderly(void); + +//*** NvIsPinPassIndex() +// Function to check to see if an NV index is a PIN Pass Index +// Return Type: BOOL +// TRUE(1) is pin pass +// FALSE(0) is not pin pass +BOOL NvIsPinPassIndex(TPM_HANDLE index // IN: Handle to check +); + +//*** NvGetIndexName() +// This function computes the Name of an index +// The 'name' buffer receives the bytes of the Name and the return value +// is the number of octets in the Name. +// +// This function requires that the NV Index is defined. TPM2B_NAME* NvGetIndexName( - NV_INDEX* nvIndex, // IN: the index over which the name is to be - // computed - TPM2B_NAME* name // OUT: name of the index - ); + NV_INDEX* nvIndex, // IN: the index over which the name is to be + // computed + TPM2B_NAME* name // OUT: name of the index +); + +//*** NvPublic2FromNvPublic() +// This function converts a legacy-form NV public (TPMS_NV_PUBLIC) into the +// generalized TPMT_NV_PUBLIC_2 tagged-union representation. TPM_RC NvPublic2FromNvPublic( - TPMS_NV_PUBLIC* nvPublic, // IN: the source S-form NV public area - TPMT_NV_PUBLIC_2* nvPublic2 // OUT: the T-form NV public area to populate - ); + TPMS_NV_PUBLIC* nvPublic, // IN: the source S-form NV public area + TPMT_NV_PUBLIC_2* nvPublic2 // OUT: the T-form NV public area to populate +); + +//*** NvPublicFromNvPublic2() +// This function converts a tagged-union NV public (TPMT_NV_PUBLIC_2) into the +// legacy TPMS_NV_PUBLIC representation. This is a lossy conversion: any +// bits in the extended area of the attributes are lost, and the Name cannot be +// computed based on it. TPM_RC NvPublicFromNvPublic2( - TPMT_NV_PUBLIC_2* nvPublic2, // IN: the source T-form NV public area - TPMS_NV_PUBLIC* nvPublic // OUT: the S-form NV public area to populate - ); + TPMT_NV_PUBLIC_2* nvPublic2, // IN: the source T-form NV public area + TPMS_NV_PUBLIC* nvPublic // OUT: the S-form NV public area to populate +); + +//*** NvDefineSpace() +// This function combines the common functionality of TPM2_NV_DefineSpace and +// TPM2_NV_DefineSpace2. TPM_RC NvDefineSpace(TPMI_RH_PROVISION authHandle, - TPM2B_AUTH* auth, - TPMS_NV_PUBLIC* publicInfo, - TPM_RC blameAuthHandle, - TPM_RC blameAuth, - TPM_RC blamePublic); -#endif + TPM2B_AUTH* auth, + TPMS_NV_PUBLIC* publicInfo, + TPM_RC blameAuthHandle, + TPM_RC blameAuth, + TPM_RC blamePublic); + +#endif // _NV_SPT_FP_H_ diff --git a/src/tpm2/NVDynamic.c b/src/tpm2/NvDynamic.c similarity index 70% rename from src/tpm2/NVDynamic.c rename to src/tpm2/NvDynamic.c index aaf227be..3e10a521 100644 --- a/src/tpm2/NVDynamic.c +++ b/src/tpm2/NvDynamic.c @@ -117,18 +117,18 @@ // indicating the end of traversal. // static NV_REF NvNext(NV_REF* iter, // IN/OUT: the list iterator - TPM_HANDLE* handle // OUT: the handle of the next item. - ) + TPM_HANDLE* handle // OUT: the handle of the next item. +) { NV_REF currentAddr; NV_ENTRY_HEADER header; // // If iterator is at the beginning of list if(*iter == NV_REF_INIT) - { - // Initialize iterator - *iter = NV_USER_DYNAMIC; - } + { + // Initialize iterator + *iter = NV_USER_DYNAMIC; + } // Step over the size field and point to the handle currentAddr = *iter + sizeof(UINT32); @@ -137,13 +137,13 @@ static NV_REF NvNext(NV_REF* iter, // IN/OUT: the list iterator // if the size field is zero, then we have hit the end of the list if(header.size == 0) - // leave the *iter pointing at the end of the list - return 0; + // leave the *iter pointing at the end of the list + return 0; // advance the header by the size of the entry *iter += header.size; if(handle != NULL) - *handle = header.handle; + *handle = header.handle; return currentAddr; } @@ -153,23 +153,23 @@ static NV_REF NvNext(NV_REF* iter, // IN/OUT: the list iterator // 0 end of list // != 0 the next entry of the indicated type static NV_REF NvNextByType( - TPM_HANDLE* handle, // OUT: the handle of the found type or 0 - NV_REF* iter, // IN: the iterator - TPM_HT type // IN: the handle type to look for - ) + TPM_HANDLE* handle, // OUT: the handle of the found type or 0 + NV_REF* iter, // IN: the iterator + TPM_HT type // IN: the handle type to look for +) { NV_REF addr; TPM_HANDLE nvHandle = 0; // while((addr = NvNext(iter, &nvHandle)) != 0) - { - // addr: the address of the location containing the handle of the value - // iter: the next location. - if(HandleGetType(nvHandle) == type) - break; - } + { + // addr: the address of the location containing the handle of the value + // iter: the next location. + if(HandleGetType(nvHandle) == type) + break; + } if(handle != NULL) - *handle = nvHandle; + *handle = nvHandle; return addr; } @@ -195,7 +195,7 @@ static NV_REF NvGetEnd(void) // // Scan until the next address is 0 while((currentAddr = NvNext(&iter, NULL)) != 0) - ; + ; return iter; } @@ -216,15 +216,15 @@ static UINT32 NvGetFreeBytes(void) // TRUE(1) space available // FALSE(0) no enough space static BOOL NvTestSpace(UINT32 size, // IN: size of the entity to be added - BOOL isIndex, // IN: TRUE if the entity is an index - BOOL isCounter // IN: TRUE if the index is a counter - ) + BOOL isIndex, // IN: TRUE if the entity is an index + BOOL isCounter // IN: TRUE if the index is a counter +) { UINT32 remainBytes = NvGetFreeBytes(); UINT32 reserved = sizeof(UINT32) // size of the forward pointer - + sizeof(NV_LIST_TERMINATOR); - // - // Do a compile time sanity check on the setting for NV_MEMORY_SIZE + + sizeof(NV_LIST_TERMINATOR); +// +// Do a compile time sanity check on the setting for NV_MEMORY_SIZE #if NV_MEMORY_SIZE < 1024 # error "NV_MEMORY_SIZE probably isn't large enough" #endif @@ -233,34 +233,34 @@ static BOOL NvTestSpace(UINT32 size, // IN: size of the entity to be added // would mean that the TPM cannot allocate the minimum number of evict // objects. if(isIndex) - { - // Get the number of persistent objects allocated - UINT32 persistentNum = NvCapGetPersistentNumber(); + { + // Get the number of persistent objects allocated + UINT32 persistentNum = NvCapGetPersistentNumber(); - // If we have not allocated the requisite number of evict objects, then we - // need to reserve space for them. - // NOTE: some of this is not written as simply as it might seem because - // the values are all unsigned and subtracting needs to be done carefully - // so that an underflow doesn't cause problems. - if(persistentNum < MIN_EVICT_OBJECTS) - reserved += (MIN_EVICT_OBJECTS - persistentNum) * NV_EVICT_OBJECT_SIZE; - } + // If we have not allocated the requisite number of evict objects, then we + // need to reserve space for them. + // NOTE: some of this is not written as simply as it might seem because + // the values are all unsigned and subtracting needs to be done carefully + // so that an underflow doesn't cause problems. + if(persistentNum < MIN_EVICT_OBJECTS) + reserved += (MIN_EVICT_OBJECTS - persistentNum) * NV_EVICT_OBJECT_SIZE; + } // If this is not an index or is not a counter, reserve space for the // required number of counter indexes if(!isIndex || !isCounter) - { - // Get the number of counters - UINT32 counterNum = NvCapGetCounterNumber(); + { + // Get the number of counters + UINT32 counterNum = NvCapGetCounterNumber(); - // If the required number of counters have not been allocated, reserved - // space for the extra needed counters - if(counterNum < MIN_COUNTER_INDICES) - reserved += (MIN_COUNTER_INDICES - counterNum) * NV_INDEX_COUNTER_SIZE; - } + // If the required number of counters have not been allocated, reserved + // space for the extra needed counters + if(counterNum < MIN_COUNTER_INDICES) + reserved += (MIN_COUNTER_INDICES - counterNum) * NV_INDEX_COUNTER_SIZE; + } // Check that the requested allocation will fit after making sure that there // will be no chance of overflow return ((reserved < remainBytes) && (size <= remainBytes) - && (size + reserved <= remainBytes)); + && (size + reserved <= remainBytes)); } //*** NvWriteNvListEnd() @@ -294,13 +294,13 @@ NvWriteNvListEnd(NV_REF end) // The 'totalSize' will be the size of 'entity'. If a handle is added, this // function will increase the size accordingly. static TPM_RC NvAdd(UINT32 totalSize, // IN: total size needed for this entity For - // evict object, totalSize is the same as - // bufferSize. For NV Index, totalSize is - // bufferSize plus index data size - UINT32 bufferSize, // IN: size of initial buffer - TPM_HANDLE handle, // IN: optional handle - BYTE* entity // IN: initial buffer - ) + // evict object, totalSize is the same as + // bufferSize. For NV Index, totalSize is + // bufferSize plus index data size + UINT32 bufferSize, // IN: size of initial buffer + TPM_HANDLE handle, // IN: optional handle + BYTE* entity // IN: initial buffer +) { NV_REF newAddr; // IN: where the new entity will start NV_REF nextAddr; @@ -316,10 +316,10 @@ static TPM_RC NvAdd(UINT32 totalSize, // IN: total size needed for this entity // Optionally write the handle. For indexes, the handle is TPM_RH_UNASSIGNED // so that the handle in the nvIndex is used instead of writing this value if(handle != TPM_RH_UNASSIGNED) - { - NvWrite((UINT32)nextAddr, sizeof(TPM_HANDLE), &handle); - nextAddr += sizeof(TPM_HANDLE); - } + { + NvWrite((UINT32)nextAddr, sizeof(TPM_HANDLE), &handle); + nextAddr += sizeof(TPM_HANDLE); + } // Write entity data NvWrite((UINT32)nextAddr, bufferSize, entity); @@ -343,14 +343,14 @@ static TPM_RC NvAdd(UINT32 totalSize, // IN: total size needed for this entity //*** NvDelete() // This function is used to delete an NV Index or persistent object from NV memory. static TPM_RC NvDelete(NV_REF entityRef // IN: reference to entity to be deleted - ) +) { UINT32 entrySize; // adjust entityAddr to back up and point to the forward pointer NV_REF entryRef = entityRef - sizeof(UINT32); NV_REF endRef = NvGetEnd(); NV_REF nextAddr; // address of the next entry - // + // RETURN_IF_NV_IS_NOT_AVAILABLE; // Get the offset of the next entry. That is, back up and point to the size @@ -363,10 +363,10 @@ static TPM_RC NvDelete(NV_REF entityRef // IN: reference to entity to be delete // If this is not the last entry, move everything up if(nextAddr < endRef) - { - pAssert(nextAddr > entryRef); - _plat__NvMemoryMove(nextAddr, entryRef, (endRef - nextAddr)); - } + { + pAssert(nextAddr > entryRef); + _plat__NvMemoryMove(nextAddr, entryRef, (endRef - nextAddr)); + } // The end of the used space is now moved up by the amount of space we just // reclaimed endRef -= entrySize; @@ -399,18 +399,18 @@ static TPM_RC NvDelete(NV_REF entityRef // IN: reference to entity to be delete // This function is used to iterate trough the list of Ram Index values. *iter needs // to be initialized by calling static NV_RAM_REF NvRamNext(NV_RAM_REF* iter, // IN/OUT: the list iterator - TPM_HANDLE* handle // OUT: the handle of the next item. - ) + TPM_HANDLE* handle // OUT: the handle of the next item. +) { NV_RAM_REF currentAddr; NV_RAM_HEADER header; // // If iterator is at the beginning of list if(*iter == NV_RAM_REF_INIT) - { - // Initialize iterator - *iter = &s_indexOrderlyRam[0]; - } + { + // Initialize iterator + *iter = &s_indexOrderlyRam[0]; + } // if we are going to return what the iter is currently pointing to... currentAddr = *iter; @@ -418,19 +418,19 @@ static NV_RAM_REF NvRamNext(NV_RAM_REF* iter, // IN/OUT: the list iterator // that we are at the end of the list. The end of the list occurs when // we don't have space for a size and a handle if(currentAddr + sizeof(NV_RAM_HEADER) > RAM_ORDERLY_END) - return NULL; + return NULL; // read the header of the next entry memcpy(&header, currentAddr, sizeof(NV_RAM_HEADER)); // libtpms: do not use MemoryCopy to avoid gcc warning // if the size field is zero, then we have hit the end of the list if(header.size == 0) - // leave the *iter pointing at the end of the list - return NULL; + // leave the *iter pointing at the end of the list + return NULL; // advance the header by the size of the entry *iter = currentAddr + header.size; // pAssert(*iter <= RAM_ORDERLY_END); if(handle != NULL) - *handle = header.handle; + *handle = header.handle; return currentAddr; } @@ -443,7 +443,7 @@ static NV_RAM_REF NvRamGetEnd(void) // // Scan until the next address is 0 while((currentAddr = NvRamNext(&iter, NULL)) != 0) - ; + ; return iter; } @@ -454,8 +454,8 @@ static NV_RAM_REF NvRamGetEnd(void) // TRUE(1) space available // FALSE(0) no enough space static BOOL NvRamTestSpaceIndex( - UINT32 size // IN: size of the data to be added to RAM - ) + UINT32 size // IN: size of the data to be added to RAM +) { UINT32 remaining = (UINT32)(RAM_ORDERLY_END - NvRamGetEnd()); UINT32 needed = sizeof(NV_RAM_HEADER) + size; @@ -470,17 +470,17 @@ static BOOL NvRamTestSpaceIndex( // This function requires that NV Index is in RAM. That is, the // index must be known to exist. static NV_RAM_REF NvRamGetIndex(TPMI_RH_NV_INDEX handle // IN: NV handle - ) +) { NV_RAM_REF iter = NV_RAM_REF_INIT; NV_RAM_REF currentAddr; TPM_HANDLE foundHandle; // while((currentAddr = NvRamNext(&iter, &foundHandle)) != 0) - { - if(handle == foundHandle) - break; - } + { + if(handle == foundHandle) + break; + } return currentAddr; } @@ -503,7 +503,7 @@ void NvUpdateIndexOrderlyData(void) // and the index removed. This insures that NV is available so that checking // for NV availability is not required during this function. static void NvAddRAM(TPMS_NV_PUBLIC* index // IN: the index descriptor - ) +) { NV_RAM_HEADER header; NV_RAM_REF end = NvRamGetEnd(); @@ -525,7 +525,7 @@ static void NvAddRAM(TPMS_NV_PUBLIC* index // IN: the index descriptor // If the end marker will fit, add it if(end + sizeof(UINT32) < RAM_ORDERLY_END) - MemorySet(end, 0, sizeof(UINT32)); + MemorySet(end, 0, sizeof(UINT32)); // Write reserved RAM space to NV to reflect the newly added NV Index SET_NV_UPDATE(UT_ORDERLY); @@ -543,7 +543,7 @@ static void NvAddRAM(TPMS_NV_PUBLIC* index // IN: the index descriptor // and the index removed. This insures that NV is available so that checking // for NV availability is not required during this function. static void NvDeleteRAM(TPMI_RH_NV_INDEX handle // IN: NV handle - ) +) { NV_RAM_REF nodeAddress; NV_RAM_REF nextNode; @@ -578,8 +578,8 @@ static void NvDeleteRAM(TPMI_RH_NV_INDEX handle // IN: NV handle // to decompress it. Mostly, compression would only be able to save the space // needed by the policy. void NvReadNvIndexInfo(NV_REF ref, // IN: points to NV where index is located - NV_INDEX* nvIndex // OUT: place to receive index data - ) + NV_INDEX* nvIndex // OUT: place to receive index data +) { pAssert(nvIndex != NULL); NvRead(nvIndex, ref, sizeof(NV_INDEX)); @@ -647,8 +647,8 @@ static void NvObjectFromBuffer(OBJECT* object, BYTE* buf, UINT32 buf_size) // object information can be compressed and only this function would be needed // to uncompress it. void NvReadObject(NV_REF ref, // IN: points to NV where index is located - OBJECT* object // OUT: place to receive the object data - ) + OBJECT* object // OUT: place to receive the object data +) { #if 0 // libtpms changed begin NvRead(object, (ref + sizeof(TPM_HANDLE)), sizeof(OBJECT)); @@ -680,14 +680,14 @@ static NV_REF NvFindEvict(TPM_HANDLE nvHandle, OBJECT* object) // // If we found the handle and the request included an object pointer, fill it in if(found != 0 && object != NULL) - NvReadObject(found, object); + NvReadObject(found, object); return found; } //*** NvIndexIsDefined() // See if an index is already defined BOOL NvIndexIsDefined(TPM_HANDLE nvHandle // IN: Index to look for - ) +) { return (NvFindHandle(nvHandle) != 0); } @@ -699,30 +699,30 @@ BOOL NvIndexIsDefined(TPM_HANDLE nvHandle // IN: Index to look for // TPM_RC_NV_RATE NV is unavailable because of rate limit // TPM_RC_NV_UNAVAILABLE NV is inaccessible static TPM_RC NvConditionallyWrite(NV_REF entryAddr, // IN: stating address - UINT32 size, // IN: size of the data to write - void* data // IN: the data to write - ) + UINT32 size, // IN: size of the data to write + void* data // IN: the data to write +) { // If the index data is actually changed, then a write to NV is required int isDifferent = _plat__NvGetChangedStatus(entryAddr, size, data); if(isDifferent == NV_INVALID_LOCATION) - { - // invalid request, we should be in failure mode by now. - return TPM_RC_FAILURE; - } + { + // invalid request, we should be in failure mode by now. + return TPM_RC_FAILURE; + } else if(isDifferent == NV_HAS_CHANGED) - { - // Write the data if NV is available - if(g_NvStatus == TPM_RC_SUCCESS) - { - NvWrite(entryAddr, size, data); - } - return g_NvStatus; - } + { + // Write the data if NV is available + if(g_NvStatus == TPM_RC_SUCCESS) + { + NvWrite(entryAddr, size, data); + } + return g_NvStatus; + } else if(isDifferent == NV_IS_SAME) - { - return TPM_RC_SUCCESS; - } + { + return TPM_RC_SUCCESS; + } // the platform gave us an invalid response. FAIL_RC(FATAL_ERROR_PLATFORM); } @@ -730,13 +730,13 @@ static TPM_RC NvConditionallyWrite(NV_REF entryAddr, // IN: stating address //*** NvReadNvIndexAttributes() // This function returns the attributes of an NV Index. static TPMA_NV NvReadNvIndexAttributes(NV_REF locator // IN: reference to an NV index - ) +) { TPMA_NV attributes; // NvRead(&attributes, - locator + offsetof(NV_INDEX, publicArea.attributes), - sizeof(TPMA_NV)); + locator + offsetof(NV_INDEX, publicArea.attributes), + sizeof(TPMA_NV)); return attributes; } @@ -744,13 +744,13 @@ static TPMA_NV NvReadNvIndexAttributes(NV_REF locator // IN: reference to an NV // This function returns the attributes from the RAM header structure. This function // is used to deal with the fact that the header structure is only byte aligned. static TPMA_NV NvReadRamIndexAttributes( - NV_RAM_REF ref // IN: pointer to a NV_RAM_HEADER - ) + NV_RAM_REF ref // IN: pointer to a NV_RAM_HEADER +) { TPMA_NV attributes; // MemoryCopy( - &attributes, ref + offsetof(NV_RAM_HEADER, attributes), sizeof(TPMA_NV)); + &attributes, ref + offsetof(NV_RAM_HEADER, attributes), sizeof(TPMA_NV)); return attributes; } @@ -760,23 +760,23 @@ static TPMA_NV NvReadRamIndexAttributes( // TPM_RC_NV_RATE NV is rate limiting so retry // TPM_RC_NV_UNAVAILABLE NV is not available static TPM_RC NvWriteNvIndexAttributes(NV_REF locator, // IN: location of the index - TPMA_NV attributes // IN: attributes to write - ) + TPMA_NV attributes // IN: attributes to write +) { return NvConditionallyWrite(locator + offsetof(NV_INDEX, publicArea.attributes), - sizeof(TPMA_NV), - &attributes); + sizeof(TPMA_NV), + &attributes); } //*** NvWriteRamIndexAttributes() // This function is used to write the index attributes into an unaligned structure static void NvWriteRamIndexAttributes( - NV_RAM_REF ref, // IN: address of the header - TPMA_NV attributes // IN: the attributes to write - ) + NV_RAM_REF ref, // IN: address of the header + TPMA_NV attributes // IN: the attributes to write +) { MemoryCopy( - ref + offsetof(NV_RAM_HEADER, attributes), &attributes, sizeof(TPMA_NV)); + ref + offsetof(NV_RAM_HEADER, attributes), &attributes, sizeof(TPMA_NV)); return; } @@ -791,7 +791,7 @@ static void NvWriteRamIndexAttributes( // TRUE(1) handle references a platform persistent object // FALSE(0) handle does not reference platform persistent object BOOL NvIsPlatformPersistentHandle(TPM_HANDLE handle // IN: handle - ) +) { return (handle >= PLATFORM_PERSISTENT && handle <= PERSISTENT_LAST); } @@ -804,7 +804,7 @@ BOOL NvIsPlatformPersistentHandle(TPM_HANDLE handle // IN: handle // FALSE(0) handle is not owner persistent handle and may not be // a persistent handle at all BOOL NvIsOwnerPersistentHandle(TPM_HANDLE handle // IN: handle - ) +) { return (handle >= PERSISTENT_FIRST && handle < PLATFORM_PERSISTENT); } @@ -825,47 +825,47 @@ BOOL NvIsOwnerPersistentHandle(TPM_HANDLE handle // IN: handle // writes to the index TPM_RC NvIndexIsAccessible(TPMI_RH_NV_INDEX handle // IN: handle - ) +) { NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); // if(nvIndex == NULL) - // If index is not found, return TPM_RC_HANDLE - return TPM_RC_HANDLE; + // If index is not found, return TPM_RC_HANDLE + return TPM_RC_HANDLE; if(gc.shEnable == FALSE || gc.phEnableNV == FALSE) - { - // if shEnable is CLEAR, an ownerCreate NV Index should not be - // indicated as present - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) - { - if(gc.shEnable == FALSE) - return TPM_RC_HANDLE; - } - // if phEnableNV is CLEAR, a platform created Index should not - // be visible - else if(gc.phEnableNV == FALSE) - return TPM_RC_HANDLE; - } + { + // if shEnable is CLEAR, an ownerCreate NV Index should not be + // indicated as present + if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) + { + if(gc.shEnable == FALSE) + return TPM_RC_HANDLE; + } + // if phEnableNV is CLEAR, a platform created Index should not + // be visible + else if(gc.phEnableNV == FALSE) + return TPM_RC_HANDLE; + } #if 0 // Writelock test for debug // If the Index is write locked and this is an NV Write operation... if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITELOCKED) && IsWriteOperation(commandIndex)) - { - // then return a locked indication unless the command is TPM2_NV_WriteLock - if(GetCommandCode(commandIndex) != TPM_CC_NV_WriteLock) - return TPM_RC_NV_LOCKED; - return TPM_RC_SUCCESS; - } + { + // then return a locked indication unless the command is TPM2_NV_WriteLock + if(GetCommandCode(commandIndex) != TPM_CC_NV_WriteLock) + return TPM_RC_NV_LOCKED; + return TPM_RC_SUCCESS; + } #endif #if 0 // Readlock Test for debug // If the Index is read locked and this is an NV Read operation... if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, READLOCKED) && IsReadOperation(commandIndex)) - { - // then return a locked indication unless the command is TPM2_NV_ReadLock - if(GetCommandCode(commandIndex) != TPM_CC_NV_ReadLock) - return TPM_RC_NV_LOCKED; - } + { + // then return a locked indication unless the command is TPM2_NV_ReadLock + if(GetCommandCode(commandIndex) != TPM_CC_NV_ReadLock) + return TPM_RC_NV_LOCKED; + } #endif // NV Index is accessible return TPM_RC_SUCCESS; @@ -879,11 +879,11 @@ NvIndexIsAccessible(TPMI_RH_NV_INDEX handle // IN: handle // persistent object TPM_RC NvGetEvictObject(TPM_HANDLE handle, // IN: handle - OBJECT* object // OUT: object data - ) + OBJECT* object // OUT: object data +) { NV_REF entityAddr; // offset points to the entity - // + // // Find the address of evict object and copy to object entityAddr = NvFindEvict(handle, object); @@ -894,7 +894,7 @@ NvGetEvictObject(TPM_HANDLE handle, // IN: handle // If handle is not found, return an error if(entityAddr == 0) - return TPM_RC_HANDLE; + return TPM_RC_HANDLE; return TPM_RC_SUCCESS; } @@ -916,11 +916,11 @@ void NvIndexCacheInit(void) // required data is within the data range. It also requires that TPMA_NV_WRITTEN // of the Index is SET. void NvGetIndexData(NV_INDEX* nvIndex, // IN: the in RAM index descriptor - NV_REF locator, // IN: where the data is located - UINT32 offset, // IN: offset of NV data - UINT16 size, // IN: number of octets of NV data to read - void* data // OUT: data buffer - ) + NV_REF locator, // IN: where the data is located + UINT32 offset, // IN: offset of NV data + UINT16 size, // IN: number of octets of NV data to read + void* data // OUT: data buffer +) { TPMA_NV nvAttributes; // @@ -931,21 +931,21 @@ void NvGetIndexData(NV_INDEX* nvIndex, // IN: the in RAM index descriptor pAssert(IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)); if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, ORDERLY)) - { - // Get data from RAM buffer - NV_RAM_REF ramAddr = NvRamGetIndex(nvIndex->publicArea.nvIndex); - pAssert(ramAddr != 0 - && (size <= ((NV_RAM_HEADER*)ramAddr)->size - sizeof(NV_RAM_HEADER) - - offset)); - MemoryCopy(data, ramAddr + sizeof(NV_RAM_HEADER) + offset, size); - } + { + // Get data from RAM buffer + NV_RAM_REF ramAddr = NvRamGetIndex(nvIndex->publicArea.nvIndex); + pAssert(ramAddr != 0 + && (size <= ((NV_RAM_HEADER*)ramAddr)->size - sizeof(NV_RAM_HEADER) + - offset)); + MemoryCopy(data, ramAddr + sizeof(NV_RAM_HEADER) + offset, size); + } else - { - // Validate that read falls within range of the index - pAssert(offset <= nvIndex->publicArea.dataSize - && size <= (nvIndex->publicArea.dataSize - offset)); - NvRead(data, locator + sizeof(NV_INDEX) + offset, size); - } + { + // Validate that read falls within range of the index + pAssert(offset <= nvIndex->publicArea.dataSize + && size <= (nvIndex->publicArea.dataSize - offset)); + NvRead(data, locator + sizeof(NV_INDEX) + offset, size); + } return; } @@ -953,33 +953,33 @@ void NvGetIndexData(NV_INDEX* nvIndex, // IN: the in RAM index descriptor // This function adds Index data to a hash. It does this in parts to avoid large stack // buffers. void NvHashIndexData(HASH_STATE* hashState, // IN: Initialized hash state - NV_INDEX* nvIndex, // IN: Index - NV_REF locator, // IN: where the data is located - UINT32 offset, // IN: starting offset - UINT16 size // IN: amount to hash - ) + NV_INDEX* nvIndex, // IN: Index + NV_REF locator, // IN: where the data is located + UINT32 offset, // IN: starting offset + UINT16 size // IN: amount to hash +) { #define BUFFER_SIZE 64 BYTE buffer[BUFFER_SIZE]; if(offset > nvIndex->publicArea.dataSize) - return; + return; // Make sure that we don't try to read off the end. if((offset + size) > nvIndex->publicArea.dataSize) - size = nvIndex->publicArea.dataSize - (UINT16)offset; + size = nvIndex->publicArea.dataSize - (UINT16)offset; #if BUFFER_SIZE >= MAX_NV_INDEX_SIZE NvGetIndexData(nvIndex, locator, offset, size, buffer); CryptDigestUpdate(hashState, size, buffer); #else { - INT16 i; - UINT16 readSize; - // - for(i = size; i > 0; offset += readSize, i -= readSize) - { - readSize = (i < BUFFER_SIZE) ? i : BUFFER_SIZE; - NvGetIndexData(nvIndex, locator, offset, readSize, buffer); - CryptDigestUpdate(hashState, readSize, buffer); - } + INT16 i; + UINT16 readSize; + // + for(i = size; i > 0; offset += readSize, i -= readSize) + { + readSize = (i < BUFFER_SIZE) ? i : BUFFER_SIZE; + NvGetIndexData(nvIndex, locator, offset, readSize, buffer); + CryptDigestUpdate(hashState, readSize, buffer); + } } #endif // BUFFER_SIZE >= MAX_NV_INDEX_SIZE #undef BUFFER_SIZE @@ -992,8 +992,8 @@ void NvHashIndexData(HASH_STATE* hashState, // IN: Initialized hash state // previously has been written. UINT64 NvGetUINT64Data(NV_INDEX* nvIndex, // IN: the in RAM index descriptor - NV_REF locator // IN: where index exists in NV - ) + NV_REF locator // IN: where index exists in NV +) { UINT64 intVal; // @@ -1009,22 +1009,22 @@ NvGetUINT64Data(NV_INDEX* nvIndex, // IN: the in RAM index descriptor // TPM_RC_NV_UNAVAILABLE NV is not available TPM_RC NvWriteIndexAttributes(TPM_HANDLE handle, - NV_REF locator, // IN: location of the index - TPMA_NV attributes // IN: attributes to write - ) + NV_REF locator, // IN: location of the index + TPMA_NV attributes // IN: attributes to write +) { TPM_RC result; // if(IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY)) - { - NV_RAM_REF ram = NvRamGetIndex(handle); - NvWriteRamIndexAttributes(ram, attributes); - result = TPM_RC_SUCCESS; - } + { + NV_RAM_REF ram = NvRamGetIndex(handle); + NvWriteRamIndexAttributes(ram, attributes); + result = TPM_RC_SUCCESS; + } else - { - result = NvWriteNvIndexAttributes(locator, attributes); - } + { + result = NvWriteNvIndexAttributes(locator, attributes); + } return result; } @@ -1036,23 +1036,23 @@ NvWriteIndexAttributes(TPM_HANDLE handle, // TPM_RC_NV_UNAVAILABLE NV is not available TPM_RC NvWriteIndexAuth(NV_REF locator, // IN: location of the index - TPM2B_AUTH* authValue // IN: the authValue to write - ) + TPM2B_AUTH* authValue // IN: the authValue to write +) { TPM_RC result; // // If the locator is pointing to the cached index value... if(locator == s_cachedNvRef) - { - // copy the authValue to the cached index so it will be there if we - // look for it. This is a safety thing. - MemoryCopy2B(&s_cachedNvIndex.authValue.b, - &authValue->b, - sizeof(s_cachedNvIndex.authValue.t.buffer)); - } + { + // copy the authValue to the cached index so it will be there if we + // look for it. This is a safety thing. + MemoryCopy2B(&s_cachedNvIndex.authValue.b, + &authValue->b, + sizeof(s_cachedNvIndex.authValue.t.buffer)); + } result = NvConditionallyWrite(locator + offsetof(NV_INDEX, authValue), - sizeof(UINT16) + authValue->t.size, - authValue); + sizeof(UINT16) + authValue->t.size, + authValue); return result; } @@ -1065,26 +1065,26 @@ NvWriteIndexAuth(NV_REF locator, // IN: location of the index // This function will set the index cache. If the index is orderly, the attributes // from RAM are substituted for the attributes in the cached index NV_INDEX* NvGetIndexInfo(TPM_HANDLE nvHandle, // IN: the index handle - NV_REF* locator // OUT: location of the index - ) + NV_REF* locator // OUT: location of the index +) { if(s_cachedNvIndex.publicArea.nvIndex != nvHandle) - { - s_cachedNvIndex.publicArea.nvIndex = TPM_RH_UNASSIGNED; - s_cachedNvRamRef = 0; - s_cachedNvRef = NvFindHandle(nvHandle); - if(s_cachedNvRef == 0) - return NULL; - NvReadNvIndexInfo(s_cachedNvRef, &s_cachedNvIndex); - if(IS_ATTRIBUTE(s_cachedNvIndex.publicArea.attributes, TPMA_NV, ORDERLY)) - { - s_cachedNvRamRef = NvRamGetIndex(nvHandle); - s_cachedNvIndex.publicArea.attributes = - NvReadRamIndexAttributes(s_cachedNvRamRef); - } - } + { + s_cachedNvIndex.publicArea.nvIndex = TPM_RH_UNASSIGNED; + s_cachedNvRamRef = 0; + s_cachedNvRef = NvFindHandle(nvHandle); + if(s_cachedNvRef == 0) + return NULL; + NvReadNvIndexInfo(s_cachedNvRef, &s_cachedNvIndex); + if(IS_ATTRIBUTE(s_cachedNvIndex.publicArea.attributes, TPMA_NV, ORDERLY)) + { + s_cachedNvRamRef = NvRamGetIndex(nvHandle); + s_cachedNvIndex.publicArea.attributes = + NvReadRamIndexAttributes(s_cachedNvRamRef); + } + } if(locator != NULL) - *locator = s_cachedNvRef; + *locator = s_cachedNvRef; return &s_cachedNvIndex; } @@ -1105,10 +1105,10 @@ NV_INDEX* NvGetIndexInfo(TPM_HANDLE nvHandle, // IN: the index handle // TPM_RC_NV_UNAVAILABLE NV is not available TPM_RC NvWriteIndexData(NV_INDEX* nvIndex, // IN: the description of the index - UINT32 offset, // IN: offset of NV data - UINT32 size, // IN: size of NV data - void* data // IN: data buffer - ) + UINT32 offset, // IN: offset of NV data + UINT32 size, // IN: size of NV data + void* data // IN: data buffer +) { TPM_RC result = TPM_RC_SUCCESS; // @@ -1120,68 +1120,68 @@ NvWriteIndexData(NV_INDEX* nvIndex, // IN: the description of the index // Validate that write falls within range of the index pAssert(offset <= nvIndex->publicArea.dataSize - && size <= (nvIndex->publicArea.dataSize - offset)); + && size <= (nvIndex->publicArea.dataSize - offset)); // Update TPMA_NV_WRITTEN bit if necessary if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - { - // Update the in memory version of the attributes - SET_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN); + { + // Update the in memory version of the attributes + SET_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN); - // If this is not orderly, then update the NV version of - // the attributes - if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) - { - result = NvWriteNvIndexAttributes(s_cachedNvRef, - nvIndex->publicArea.attributes); - if(result != TPM_RC_SUCCESS) - return result; - // If this is a partial write of an ordinary index, clear the whole - // index. - if(IsNvOrdinaryIndex(nvIndex->publicArea.attributes) - && (nvIndex->publicArea.dataSize > size)) - _plat__NvMemoryClear(s_cachedNvRef + sizeof(NV_INDEX), - nvIndex->publicArea.dataSize); - } - else - { - // This is orderly so update the RAM version - MemoryCopy(s_cachedNvRamRef + offsetof(NV_RAM_HEADER, attributes), - &nvIndex->publicArea.attributes, - sizeof(TPMA_NV)); - // If setting WRITTEN for an orderly counter, make sure that the - // state saved version of the counter is saved - if(IsNvCounterIndex(nvIndex->publicArea.attributes)) - SET_NV_UPDATE(UT_ORDERLY); - // If setting the written attribute on an ordinary index, make sure that - // the data is all cleared out in case there is a partial write. This - // is only necessary for ordinary indexes because all of the other types - // are always written in total. - else if(IsNvOrdinaryIndex(nvIndex->publicArea.attributes)) - MemorySet(s_cachedNvRamRef + sizeof(NV_RAM_HEADER), - 0, - nvIndex->publicArea.dataSize); - } - } + // If this is not orderly, then update the NV version of + // the attributes + if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) + { + result = NvWriteNvIndexAttributes(s_cachedNvRef, + nvIndex->publicArea.attributes); + if(result != TPM_RC_SUCCESS) + return result; + // If this is a partial write of an ordinary index, clear the whole + // index. + if(IsNvOrdinaryIndex(nvIndex->publicArea.attributes) + && (nvIndex->publicArea.dataSize > size)) + _plat__NvMemoryClear(s_cachedNvRef + sizeof(NV_INDEX), + nvIndex->publicArea.dataSize); + } + else + { + // This is orderly so update the RAM version + MemoryCopy(s_cachedNvRamRef + offsetof(NV_RAM_HEADER, attributes), + &nvIndex->publicArea.attributes, + sizeof(TPMA_NV)); + // If setting WRITTEN for an orderly counter, make sure that the + // state saved version of the counter is saved + if(IsNvCounterIndex(nvIndex->publicArea.attributes)) + SET_NV_UPDATE(UT_ORDERLY); + // If setting the written attribute on an ordinary index, make sure that + // the data is all cleared out in case there is a partial write. This + // is only necessary for ordinary indexes because all of the other types + // are always written in total. + else if(IsNvOrdinaryIndex(nvIndex->publicArea.attributes)) + MemorySet(s_cachedNvRamRef + sizeof(NV_RAM_HEADER), + 0, + nvIndex->publicArea.dataSize); + } + } // If this is orderly data, write it to RAM if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) - { - // Note: if this is the first write to a counter, the code above will queue - // the write to NV of the RAM data in order to update TPMA_NV_WRITTEN. In - // process of doing that write, it will also write the initial counter value + { + // Note: if this is the first write to a counter, the code above will queue + // the write to NV of the RAM data in order to update TPMA_NV_WRITTEN. In + // process of doing that write, it will also write the initial counter value - // Update RAM - MemoryCopy(s_cachedNvRamRef + sizeof(NV_RAM_HEADER) + offset, data, size); + // Update RAM + MemoryCopy(s_cachedNvRamRef + sizeof(NV_RAM_HEADER) + offset, data, size); - // And indicate that the TPM is no longer orderly - g_clearOrderly = TRUE; - } + // And indicate that the TPM is no longer orderly + g_clearOrderly = TRUE; + } else - { - // Offset into the index to the first byte of the data to be written to NV - result = NvConditionallyWrite( - s_cachedNvRef + sizeof(NV_INDEX) + offset, size, data); - } + { + // Offset into the index to the first byte of the data to be written to NV + result = NvConditionallyWrite( + s_cachedNvRef + sizeof(NV_INDEX) + offset, size, data); + } return result; } @@ -1196,8 +1196,8 @@ NvWriteIndexData(NV_INDEX* nvIndex, // IN: the description of the index // TPM_RC NvWriteUINT64Data(NV_INDEX* nvIndex, // IN: the description of the index - UINT64 intValue // IN: the value to write - ) + UINT64 intValue // IN: the value to write +) { BYTE bytes[8]; UINT64_TO_BYTE_ARRAY(intValue, bytes); @@ -1213,9 +1213,9 @@ NvWriteUINT64Data(NV_INDEX* nvIndex, // IN: the description of the index // // This function requires that the NV Index is defined. TPM2B_NAME* NvGetNameByIndexHandle( - TPMI_RH_NV_INDEX handle, // IN: handle of the index - TPM2B_NAME* name // OUT: name of the index - ) + TPMI_RH_NV_INDEX handle, // IN: handle of the index + TPM2B_NAME* name // OUT: name of the index +) { NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); // @@ -1229,8 +1229,8 @@ TPM2B_NAME* NvGetNameByIndexHandle( // TPM_RC_NV_SPACE insufficient NV space TPM_RC NvDefineIndex(TPMS_NV_PUBLIC* publicArea, // IN: A template for an area to create. - TPM2B_AUTH* authValue // IN: The initial authorization value - ) + TPM2B_AUTH* authValue // IN: The initial authorization value +) { // The buffer to be written to NV memory NV_INDEX nvIndex; // the index data @@ -1242,19 +1242,19 @@ NvDefineIndex(TPMS_NV_PUBLIC* publicArea, // IN: A template for an area to crea // only allocate data space for indexes that are going to be written to NV. // Orderly indexes don't need space. if(!IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY)) - entrySize += publicArea->dataSize; + entrySize += publicArea->dataSize; // Check if we have enough space to create the NV Index // In this implementation, the only resource limitation is the available NV // space (and possibly RAM space.) Other implementation may have other // limitation on counter or on NV slots if(!NvTestSpace(entrySize, TRUE, IsNvCounterIndex(publicArea->attributes))) - return TPM_RC_NV_SPACE; + return TPM_RC_NV_SPACE; // if the index to be defined is RAM backed, check RAM space availability // as well if(IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY) && !NvRamTestSpaceIndex(publicArea->dataSize)) - return TPM_RC_NV_SPACE; + return TPM_RC_NV_SPACE; // Copy input value to nvBuffer nvIndex.publicArea = *publicArea; @@ -1264,11 +1264,11 @@ NvDefineIndex(TPMS_NV_PUBLIC* publicArea, // IN: A template for an area to crea // Add index to NV memory result = NvAdd(entrySize, sizeof(NV_INDEX), TPM_RH_UNASSIGNED, (BYTE*)&nvIndex); if(result == TPM_RC_SUCCESS) - { - // If the data of NV Index is RAM backed, add the data area in RAM as well - if(IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY)) - NvAddRAM(publicArea); - } + { + // If the data of NV Index is RAM backed, add the data area in RAM as well + if(IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY)) + NvAddRAM(publicArea); + } return result; } @@ -1294,8 +1294,8 @@ NvWriteObject(OBJECT* object) // TPM_RC_NV_SPACE insufficient NV space TPM_RC NvAddEvictObject(TPMI_DH_OBJECT evictHandle, // IN: new evict handle - OBJECT* object // IN: object to be added - ) + OBJECT* object // IN: object to be added +) { TPM_HANDLE temp = object->evictHandle; TPM_RC result; @@ -1307,7 +1307,7 @@ NvAddEvictObject(TPMI_DH_OBJECT evictHandle, // IN: new evict handle // space. Other implementation may have other limitation on evict object // handle space if(!NvTestSpace(sizeof(OBJECT) + sizeof(TPM_HANDLE), FALSE, FALSE)) - return TPM_RC_NV_SPACE; + return TPM_RC_NV_SPACE; #endif // libtpms added // Set evict attribute and handle @@ -1331,26 +1331,26 @@ NvAddEvictObject(TPMI_DH_OBJECT evictHandle, // IN: new evict handle // TPM_RC_NV_RATE NV is rate limiting TPM_RC NvDeleteIndex(NV_INDEX* nvIndex, // IN: an in RAM index descriptor - NV_REF entityAddr // IN: location in NV - ) + NV_REF entityAddr // IN: location in NV +) { TPM_RC result; // if(nvIndex != NULL) - { - // Whenever a counter is deleted, make sure that the MaxCounter value is - // updated to reflect the value - if(IsNvCounterIndex(nvIndex->publicArea.attributes) - && IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - NvUpdateMaxCount(NvGetUINT64Data(nvIndex, entityAddr)); - result = NvDelete(entityAddr); - if(result != TPM_RC_SUCCESS) - return result; - // If the NV Index is RAM backed, delete the RAM data as well - if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) - NvDeleteRAM(nvIndex->publicArea.nvIndex); - NvIndexCacheInit(); - } + { + // Whenever a counter is deleted, make sure that the MaxCounter value is + // updated to reflect the value + if(IsNvCounterIndex(nvIndex->publicArea.attributes) + && IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) + NvUpdateMaxCount(NvGetUINT64Data(nvIndex, entityAddr)); + result = NvDelete(entityAddr); + if(result != TPM_RC_SUCCESS) + return result; + // If the NV Index is RAM backed, delete the RAM data as well + if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) + NvDeleteRAM(nvIndex->publicArea.nvIndex); + NvIndexCacheInit(); + } return TPM_RC_SUCCESS; } @@ -1360,13 +1360,13 @@ NvDeleteIndex(NV_INDEX* nvIndex, // IN: an in RAM index descriptor TPM_RC NvDeleteEvict(TPM_HANDLE handle // IN: handle of entity to be deleted - ) +) { NV_REF entityAddr = NvFindEvict(handle, NULL); // pointer to entity TPM_RC result = TPM_RC_SUCCESS; // if(entityAddr != 0) - result = NvDelete(entityAddr); + result = NvDelete(entityAddr); return result; } @@ -1379,7 +1379,7 @@ NvDeleteEvict(TPM_HANDLE handle // IN: handle of entity to be deleted // TPM_RC_NV_UNAVAILABLE NV is inaccessible TPM_RC NvFlushHierarchy(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. - ) +) { NV_REF iter = NV_REF_INIT; NV_REF currentAddr; @@ -1387,55 +1387,55 @@ NvFlushHierarchy(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. TPM_RC result = TPM_RC_SUCCESS; // while((currentAddr = NvNext(&iter, &entityHandle)) != 0) - { - if(HandleGetType(entityHandle) == TPM_HT_NV_INDEX) - { - NV_INDEX nvIndex; - // - // If flush endorsement or platform hierarchy, no NV Index would be - // flushed - if(hierarchy == TPM_RH_ENDORSEMENT || hierarchy == TPM_RH_PLATFORM) - continue; - // Get the index information - NvReadNvIndexInfo(currentAddr, &nvIndex); + { + if(HandleGetType(entityHandle) == TPM_HT_NV_INDEX) + { + NV_INDEX nvIndex; + // + // If flush endorsement or platform hierarchy, no NV Index would be + // flushed + if(hierarchy == TPM_RH_ENDORSEMENT || hierarchy == TPM_RH_PLATFORM) + continue; + // Get the index information + NvReadNvIndexInfo(currentAddr, &nvIndex); - // For storage hierarchy, flush OwnerCreated index - if(!IS_ATTRIBUTE(nvIndex.publicArea.attributes, TPMA_NV, PLATFORMCREATE)) - { - // Delete the index (including RAM for orderly) - result = NvDeleteIndex(&nvIndex, currentAddr); - if(result != TPM_RC_SUCCESS) - break; - // Re-iterate from beginning after a delete - iter = NV_REF_INIT; - } - } - else if(HandleGetType(entityHandle) == TPM_HT_PERSISTENT) - { - OBJECT_ATTRIBUTES attributes; - // - NvRead(&attributes, - (UINT32)(currentAddr + sizeof(TPM_HANDLE) - + offsetof(OBJECT, attributes)), - sizeof(OBJECT_ATTRIBUTES)); - // If the evict object belongs to the hierarchy to be flushed... - if((hierarchy == TPM_RH_PLATFORM && attributes.ppsHierarchy == SET) - || (hierarchy == TPM_RH_OWNER && attributes.spsHierarchy == SET) - || (hierarchy == TPM_RH_ENDORSEMENT && attributes.epsHierarchy == SET)) - { - // ...then delete the evict object - result = NvDelete(currentAddr); - if(result != TPM_RC_SUCCESS) - break; - // Re-iterate from beginning after a delete - iter = NV_REF_INIT; - } - } - else - { - FAIL(FATAL_ERROR_INTERNAL); - } - } + // For storage hierarchy, flush OwnerCreated index + if(!IS_ATTRIBUTE(nvIndex.publicArea.attributes, TPMA_NV, PLATFORMCREATE)) + { + // Delete the index (including RAM for orderly) + result = NvDeleteIndex(&nvIndex, currentAddr); + if(result != TPM_RC_SUCCESS) + break; + // Re-iterate from beginning after a delete + iter = NV_REF_INIT; + } + } + else if(HandleGetType(entityHandle) == TPM_HT_PERSISTENT) + { + OBJECT_ATTRIBUTES attributes; + // + NvRead(&attributes, + (UINT32)(currentAddr + sizeof(TPM_HANDLE) + + offsetof(OBJECT, attributes)), + sizeof(OBJECT_ATTRIBUTES)); + // If the evict object belongs to the hierarchy to be flushed... + if((hierarchy == TPM_RH_PLATFORM && attributes.ppsHierarchy == SET) + || (hierarchy == TPM_RH_OWNER && attributes.spsHierarchy == SET) + || (hierarchy == TPM_RH_ENDORSEMENT && attributes.epsHierarchy == SET)) + { + // ...then delete the evict object + result = NvDelete(currentAddr); + if(result != TPM_RC_SUCCESS) + break; + // Re-iterate from beginning after a delete + iter = NV_REF_INIT; + } + } + else + { + FAIL(FATAL_ERROR_INTERNAL); + } + } return result; } @@ -1457,30 +1457,30 @@ NvSetGlobalLock(void) // // Check all normal indexes while((currentAddr = NvNextIndex(NULL, &iter)) != 0) - { - TPMA_NV attributes = NvReadNvIndexAttributes(currentAddr); - // - // See if it should be locked - if(!IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY) - && IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK)) - { - SET_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); - result = NvWriteNvIndexAttributes(currentAddr, attributes); - if(result != TPM_RC_SUCCESS) - return result; - } - } + { + TPMA_NV attributes = NvReadNvIndexAttributes(currentAddr); + // + // See if it should be locked + if(!IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY) + && IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK)) + { + SET_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); + result = NvWriteNvIndexAttributes(currentAddr, attributes); + if(result != TPM_RC_SUCCESS) + return result; + } + } // Now search all the orderly attributes while((currentRamAddr = NvRamNext(&ramIter, NULL)) != 0) - { - // See if it should be locked - TPMA_NV attributes = NvReadRamIndexAttributes(currentRamAddr); - if(IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK)) - { - SET_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); - NvWriteRamIndexAttributes(currentRamAddr, attributes); - } - } + { + // See if it should be locked + TPMA_NV attributes = NvReadRamIndexAttributes(currentRamAddr); + if(IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK)) + { + SET_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); + NvWriteRamIndexAttributes(currentRamAddr, attributes); + } + } return result; } @@ -1488,42 +1488,42 @@ NvSetGlobalLock(void) // Sort a handle into handle list in ascending order. The total handle number in // the list should not exceed MAX_CAP_HANDLES static void InsertSort(TPML_HANDLE* handleList, // IN/OUT: sorted handle list - UINT32 count, // IN: maximum count in the handle list - TPM_HANDLE entityHandle // IN: handle to be inserted - ) + UINT32 count, // IN: maximum count in the handle list + TPM_HANDLE entityHandle // IN: handle to be inserted +) { UINT32 i, j; UINT32 originalCount; // // For a corner case that the maximum count is 0, do nothing if(count == 0) - return; + return; // For empty list, add the handle at the beginning and return if(handleList->count == 0) - { - handleList->handle[0] = entityHandle; - handleList->count++; - return; - } + { + handleList->handle[0] = entityHandle; + handleList->count++; + return; + } // Check if the maximum of the list has been reached originalCount = handleList->count; if(originalCount < count) - handleList->count++; + handleList->count++; // Insert the handle to the list for(i = 0; i < originalCount; i++) - { - if(handleList->handle[i] > entityHandle) - { - for(j = handleList->count - 1; j > i; j--) - { - handleList->handle[j] = handleList->handle[j - 1]; - } - break; - } - } + { + if(handleList->handle[i] > entityHandle) + { + for(j = handleList->count - 1; j > i; j--) + { + handleList->handle[j] = handleList->handle[j - 1]; + } + break; + } + } // If a slot was found, insert the handle in this position if(i < originalCount || handleList->count > originalCount) - handleList->handle[i] = entityHandle; + handleList->handle[i] = entityHandle; return; } @@ -1538,9 +1538,9 @@ static void InsertSort(TPML_HANDLE* handleList, // IN/OUT: sorted handle list // NO all the available handles has been returned TPMI_YES_NO NvCapGetPersistent(TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: maximum number of returned handles - TPML_HANDLE* handleList // OUT: list of handle - ) + UINT32 count, // IN: maximum number of returned handles + TPML_HANDLE* handleList // OUT: list of handle +) { TPMI_YES_NO more = NO; NV_REF iter = NV_REF_INIT; @@ -1554,25 +1554,25 @@ NvCapGetPersistent(TPMI_DH_OBJECT handle, // IN: start handle // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) - count = MAX_CAP_HANDLES; + count = MAX_CAP_HANDLES; while((currentAddr = NvNextEvict(&entityHandle, &iter)) != 0) - { - // Ignore persistent handles that have values less than the input handle - if(entityHandle < handle) - continue; - // if the handles in the list have reached the requested count, and there - // are still handles need to be inserted, indicate that there are more. - if(handleList->count == count) - more = YES; - // A handle with a value larger than start handle is a candidate - // for return. Insert sort it to the return list. Insert sort algorithm - // is chosen here for simplicity based on the assumption that the total - // number of NV indexes is small. For an implementation that may allow - // large number of NV indexes, a more efficient sorting algorithm may be - // used here. - InsertSort(handleList, count, entityHandle); - } + { + // Ignore persistent handles that have values less than the input handle + if(entityHandle < handle) + continue; + // if the handles in the list have reached the requested count, and there + // are still handles need to be inserted, indicate that there are more. + if(handleList->count == count) + more = YES; + // A handle with a value larger than start handle is a candidate + // for return. Insert sort it to the return list. Insert sort algorithm + // is chosen here for simplicity based on the assumption that the total + // number of NV indexes is small. For an implementation that may allow + // large number of NV indexes, a more efficient sorting algorithm may be + // used here. + InsertSort(handleList, count, entityHandle); + } return more; } @@ -1589,12 +1589,12 @@ BOOL NvCapGetOnePersistent(TPMI_DH_OBJECT handle) // IN: handle pAssert(HandleGetType(handle) == TPM_HT_PERSISTENT); while((currentAddr = NvNextEvict(&entityHandle, &iter)) != 0) - { - if(entityHandle == handle) - { - return TRUE; - } - } + { + if(entityHandle == handle) + { + return TRUE; + } + } return FALSE; } @@ -1607,9 +1607,9 @@ BOOL NvCapGetOnePersistent(TPMI_DH_OBJECT handle) // IN: handle // NO all the available handles has been reported TPMI_YES_NO NvCapGetIndex(TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: max number of returned handles - TPML_HANDLE* handleList // OUT: list of handle - ) + UINT32 count, // IN: max number of returned handles + TPML_HANDLE* handleList // OUT: list of handle +) { TPMI_YES_NO more = NO; NV_REF iter = NV_REF_INIT; @@ -1623,25 +1623,25 @@ NvCapGetIndex(TPMI_DH_OBJECT handle, // IN: start handle // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) - count = MAX_CAP_HANDLES; + count = MAX_CAP_HANDLES; while((currentAddr = NvNextIndex(&nvHandle, &iter)) != 0) - { - // Ignore index handles that have values less than the 'handle' - if(nvHandle < handle) - continue; - // if the count of handles in the list has reached the requested count, - // and there are still handles to report, set more. - if(handleList->count == count) - more = YES; - // A handle with a value larger than start handle is a candidate - // for return. Insert sort it to the return list. Insert sort algorithm - // is chosen here for simplicity based on the assumption that the total - // number of NV indexes is small. For an implementation that may allow - // large number of NV indexes, a more efficient sorting algorithm may be - // used here. - InsertSort(handleList, count, nvHandle); - } + { + // Ignore index handles that have values less than the 'handle' + if(nvHandle < handle) + continue; + // if the count of handles in the list has reached the requested count, + // and there are still handles to report, set more. + if(handleList->count == count) + more = YES; + // A handle with a value larger than start handle is a candidate + // for return. Insert sort it to the return list. Insert sort algorithm + // is chosen here for simplicity based on the assumption that the total + // number of NV indexes is small. For an implementation that may allow + // large number of NV indexes, a more efficient sorting algorithm may be + // used here. + InsertSort(handleList, count, nvHandle); + } return more; } @@ -1656,12 +1656,12 @@ BOOL NvCapGetOneIndex(TPMI_DH_OBJECT handle) // IN: handle pAssert(HandleGetType(handle) == TPM_HT_NV_INDEX); while((currentAddr = NvNextIndex(&nvHandle, &iter)) != 0) - { - if(nvHandle == handle) - { - return TRUE; - } - } + { + if(nvHandle == handle) + { + return TRUE; + } + } return FALSE; } @@ -1674,7 +1674,7 @@ NvCapGetIndexNumber(void) NV_REF iter = NV_REF_INIT; // while(NvNextIndex(NULL, &iter) != 0) - num++; + num++; return num; } @@ -1688,7 +1688,7 @@ NvCapGetPersistentNumber(void) TPM_HANDLE handle; // while(NvNextEvict(&handle, &iter) != 0) - num++; + num++; return num; } @@ -1706,14 +1706,14 @@ NvCapGetPersistentAvail(void) availNVSpace = NvGetFreeBytes(); if(counterNum < MIN_COUNTER_INDICES) - { - // Some space has to be reserved for counter objects. - reserved += (MIN_COUNTER_INDICES - counterNum) * NV_INDEX_COUNTER_SIZE; - if(reserved > availNVSpace) - availNVSpace = 0; - else - availNVSpace -= reserved; - } + { + // Some space has to be reserved for counter objects. + reserved += (MIN_COUNTER_INDICES - counterNum) * NV_INDEX_COUNTER_SIZE; + if(reserved > availNVSpace) + availNVSpace = 0; + else + availNVSpace -= reserved; + } return availNVSpace / NV_EVICT_OBJECT_SIZE; } @@ -1727,19 +1727,19 @@ NvCapGetCounterNumber(void) UINT32 num = 0; // while((currentAddr = NvNextIndex(NULL, &iter)) != 0) - { - TPMA_NV attributes = NvReadNvIndexAttributes(currentAddr); - if(IsNvCounterIndex(attributes)) - num++; - } + { + TPMA_NV attributes = NvReadNvIndexAttributes(currentAddr); + if(IsNvCounterIndex(attributes)) + num++; + } return num; } //*** NvSetStartupAttributes() // Local function to set the attributes of an Index at TPM Reset and TPM Restart. static TPMA_NV NvSetStartupAttributes(TPMA_NV attributes, // IN: attributes to change - STARTUP_TYPE type // IN: start up type - ) + STARTUP_TYPE type // IN: start up type +) { // Clear read lock CLEAR_ATTRIBUTE(attributes, TPMA_NV, READLOCKED); @@ -1748,16 +1748,16 @@ static TPMA_NV NvSetStartupAttributes(TPMA_NV attributes, // IN: attributes to // a) TPMA_NV_CLEAR_STCLEAR is SET // b) orderly and TPM Reset if(!IsNvCounterIndex(attributes)) - { - if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR) - || (IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY) && (type == SU_RESET))) - CLEAR_ATTRIBUTE(attributes, TPMA_NV, WRITTEN); - } + { + if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR) + || (IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY) && (type == SU_RESET))) + CLEAR_ATTRIBUTE(attributes, TPMA_NV, WRITTEN); + } // Unlock any index that is not written or that does not have // TPMA_NV_WRITEDEFINE SET. if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN) || !IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) - CLEAR_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); + CLEAR_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); return attributes; } @@ -1772,7 +1772,7 @@ static TPMA_NV NvSetStartupAttributes(TPMA_NV attributes, // IN: attributes to // It is a prerequisite that NV be available for writing before this // function is called. BOOL NvEntityStartup(STARTUP_TYPE type // IN: start up type - ) +) { NV_REF iter = NV_REF_INIT; NV_RAM_REF ramIter = NV_RAM_REF_INIT; @@ -1789,46 +1789,46 @@ BOOL NvEntityStartup(STARTUP_TYPE type // IN: start up type // If recovering from state save, do nothing else if(type == SU_RESUME) - return TRUE; + return TRUE; // Iterate all the NV Index to clear the locks while((currentAddr = NvNextIndex(&nvHandle, &iter)) != 0) - { - attributes = NvReadNvIndexAttributes(currentAddr); + { + attributes = NvReadNvIndexAttributes(currentAddr); - // If this is an orderly index, defer processing until loop below - if(IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY)) - continue; - // Set the attributes appropriate for this startup type - attributes = NvSetStartupAttributes(attributes, type); - NvWriteNvIndexAttributes(currentAddr, attributes); - } + // If this is an orderly index, defer processing until loop below + if(IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY)) + continue; + // Set the attributes appropriate for this startup type + attributes = NvSetStartupAttributes(attributes, type); + NvWriteNvIndexAttributes(currentAddr, attributes); + } // Iterate all the orderly indexes to clear the locks and initialize counters while((currentRamAddr = NvRamNext(&ramIter, NULL)) != 0) - { - attributes = NvReadRamIndexAttributes(currentRamAddr); + { + attributes = NvReadRamIndexAttributes(currentRamAddr); - attributes = NvSetStartupAttributes(attributes, type); + attributes = NvSetStartupAttributes(attributes, type); - // update attributes in RAM - NvWriteRamIndexAttributes(currentRamAddr, attributes); + // update attributes in RAM + NvWriteRamIndexAttributes(currentRamAddr, attributes); - // Set the lower bits in an orderly counter to 1 for a non-orderly startup - if(IsNvCounterIndex(attributes) && (g_prevOrderlyState == SU_NONE_VALUE)) - { - UINT64 counter; - // - // Read the counter value last saved to NV. - counter = BYTE_ARRAY_TO_UINT64(currentRamAddr + sizeof(NV_RAM_HEADER)); + // Set the lower bits in an orderly counter to 1 for a non-orderly startup + if(IsNvCounterIndex(attributes) && (g_prevOrderlyState == SU_NONE_VALUE)) + { + UINT64 counter; + // + // Read the counter value last saved to NV. + counter = BYTE_ARRAY_TO_UINT64(currentRamAddr + sizeof(NV_RAM_HEADER)); - // Set the lower bits of counter to 1's - counter |= MAX_ORDERLY_COUNT; + // Set the lower bits of counter to 1's + counter |= MAX_ORDERLY_COUNT; - // Write back to RAM - // NOTE: Do not want to force a write to NV here. The counter value will - // stay in RAM until the next shutdown or rollover. - UINT64_TO_BYTE_ARRAY(counter, currentRamAddr + sizeof(NV_RAM_HEADER)); - } - } + // Write back to RAM + // NOTE: Do not want to force a write to NV here. The counter value will + // stay in RAM until the next shutdown or rollover. + UINT64_TO_BYTE_ARRAY(counter, currentRamAddr + sizeof(NV_RAM_HEADER)); + } + } return TRUE; } @@ -1847,23 +1847,23 @@ NvCapGetCounterAvail(void) availNVSpace = NvGetFreeBytes(); if(persistentNum < MIN_EVICT_OBJECTS) - { - // Some space has to be reserved for evict object. Adjust availNVSpace. - reserved += (MIN_EVICT_OBJECTS - persistentNum) * NV_EVICT_OBJECT_SIZE; - if(reserved > availNVSpace) - availNVSpace = 0; - else - availNVSpace -= reserved; - } + { + // Some space has to be reserved for evict object. Adjust availNVSpace. + reserved += (MIN_EVICT_OBJECTS - persistentNum) * NV_EVICT_OBJECT_SIZE; + if(reserved > availNVSpace) + availNVSpace = 0; + else + availNVSpace -= reserved; + } // Compute the available space in RAM availRAMSpace = (RAM_ORDERLY_END - NvRamGetEnd()); /* kgold - removed cast */ // Return the min of counter number in NV and in RAM if(availNVSpace / NV_INDEX_COUNTER_SIZE > availRAMSpace / NV_RAM_INDEX_COUNTER_SIZE) - return availRAMSpace / NV_RAM_INDEX_COUNTER_SIZE; + return availRAMSpace / NV_RAM_INDEX_COUNTER_SIZE; else - return availNVSpace / NV_INDEX_COUNTER_SIZE; + return availNVSpace / NV_INDEX_COUNTER_SIZE; } //*** NvFindHandle() @@ -1878,10 +1878,10 @@ NvFindHandle(TPM_HANDLE handle) TPM_HANDLE nextHandle; // while((addr = NvNext(&iter, &nextHandle)) != 0) - { - if(nextHandle == handle) - break; - } + { + if(nextHandle == handle) + break; + } return addr; } @@ -1916,7 +1916,7 @@ NvReadMaxCount(void) void NvUpdateMaxCount(UINT64 count) { if(count > s_maxCounter) - s_maxCounter = count; + s_maxCounter = count; } //*** NvSetMaxCount() @@ -1938,7 +1938,7 @@ NvGetMaxCount(void) // // Find the end of list marker and initialize the NV Max Counter value. while((currentAddr = NvNext(&iter, NULL)) != 0) - ; + ; // 'iter' should be pointing at the end of list marker so read in the current // value of the s_maxCounter. NvRead(&maxCount, iter + sizeof(UINT32), sizeof(maxCount)); diff --git a/src/tpm2/NvDynamic_fp.h b/src/tpm2/NvDynamic_fp.h new file mode 100644 index 00000000..e960f515 --- /dev/null +++ b/src/tpm2/NvDynamic_fp.h @@ -0,0 +1,436 @@ +/********************************************************************************/ +/* */ +/* Dynamic space for user defined NV */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2016 - 2023 */ +/* */ +/********************************************************************************/ + +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 7, 2020 Time: 07:15:54PM + */ + +#ifndef _NV_DYNAMIC_FP_H_ +#define _NV_DYNAMIC_FP_H_ + +//*** NvWriteNvListEnd() +// Function to write the list terminator. +NV_REF +NvWriteNvListEnd(NV_REF end); + +//*** NvUpdateIndexOrderlyData() +// This function is used to cause an update of the orderly data to the NV backing +// store. +void NvUpdateIndexOrderlyData(void); + +//*** NvReadIndex() +// This function is used to read the NV Index NV_INDEX. This is used so that the +// index information can be compressed and only this function would be needed +// to decompress it. Mostly, compression would only be able to save the space +// needed by the policy. +void NvReadNvIndexInfo(NV_REF ref, // IN: points to NV where index is located + NV_INDEX* nvIndex // OUT: place to receive index data +); + +UINT32 // libtpms added begin +NvObjectToBuffer(OBJECT *object, BYTE *buffer, UINT32 size); // libtpms added end + +//*** NvReadObject() +// This function is used to read a persistent object. This is used so that the +// object information can be compressed and only this function would be needed +// to uncompress it. +void NvReadObject(NV_REF ref, // IN: points to NV where index is located + OBJECT* object // OUT: place to receive the object data +); + +//*** NvIndexIsDefined() +// See if an index is already defined +BOOL NvIndexIsDefined(TPM_HANDLE nvHandle // IN: Index to look for +); + +//*** NvIsPlatformPersistentHandle() +// This function indicates if a handle references a persistent object in the +// range belonging to the platform. +// Return Type: BOOL +// TRUE(1) handle references a platform persistent object +// and may reference an owner persistent object either +// FALSE(0) handle does not reference platform persistent object +BOOL NvIsPlatformPersistentHandle(TPM_HANDLE handle // IN: handle +); + +//*** NvIsOwnerPersistentHandle() +// This function indicates if a handle references a persistent object in the +// range belonging to the owner. +// Return Type: BOOL +// TRUE(1) handle is owner persistent handle +// FALSE(0) handle is not owner persistent handle and may not be +// a persistent handle at all +BOOL NvIsOwnerPersistentHandle(TPM_HANDLE handle // IN: handle +); + +//*** NvIndexIsAccessible() +// +// This function validates that a handle references a defined NV Index and +// that the Index is currently accessible. +// Return Type: TPM_RC +// TPM_RC_HANDLE the handle points to an undefined NV Index +// If shEnable is CLEAR, this would include an index +// created using ownerAuth. If phEnableNV is CLEAR, +// this would include and index created using +// platformAuth +// TPM_RC_NV_READLOCKED Index is present but locked for reading and command +// does not write to the index +// TPM_RC_NV_WRITELOCKED Index is present but locked for writing and command +// writes to the index +TPM_RC +NvIndexIsAccessible(TPMI_RH_NV_INDEX handle // IN: handle +); + +//*** NvGetEvictObject() +// This function is used to dereference an evict object handle and get a pointer +// to the object. +// Return Type: TPM_RC +// TPM_RC_HANDLE the handle does not point to an existing +// persistent object +TPM_RC +NvGetEvictObject(TPM_HANDLE handle, // IN: handle + OBJECT* object // OUT: object data +); + +//*** NvIndexCacheInit() +// Function to initialize the Index cache +void NvIndexCacheInit(void); + +//*** NvGetIndexData() +// This function is used to access the data in an NV Index. The data is returned +// as a byte sequence. +// +// This function requires that the NV Index be defined, and that the +// required data is within the data range. It also requires that TPMA_NV_WRITTEN +// of the Index is SET. +void NvGetIndexData(NV_INDEX* nvIndex, // IN: the in RAM index descriptor + NV_REF locator, // IN: where the data is located + UINT32 offset, // IN: offset of NV data + UINT16 size, // IN: number of octets of NV data to read + void* data // OUT: data buffer +); + +//*** NvHashIndexData() +// This function adds Index data to a hash. It does this in parts to avoid large stack +// buffers. +void NvHashIndexData(HASH_STATE* hashState, // IN: Initialized hash state + NV_INDEX* nvIndex, // IN: Index + NV_REF locator, // IN: where the data is located + UINT32 offset, // IN: starting offset + UINT16 size // IN: amount to hash +); + +//*** NvGetUINT64Data() +// Get data in integer format of a bit or counter NV Index. +// +// This function requires that the NV Index is defined and that the NV Index +// previously has been written. +UINT64 +NvGetUINT64Data(NV_INDEX* nvIndex, // IN: the in RAM index descriptor + NV_REF locator // IN: where index exists in NV +); + +//*** NvWriteIndexAttributes() +// This function is used to write just the attributes of an index. +// Return type: TPM_RC +// TPM_RC_NV_RATE NV is rate limiting so retry +// TPM_RC_NV_UNAVAILABLE NV is not available +TPM_RC +NvWriteIndexAttributes(TPM_HANDLE handle, + NV_REF locator, // IN: location of the index + TPMA_NV attributes // IN: attributes to write +); + +//*** NvWriteIndexAuth() +// This function is used to write the authValue of an index. It is used by +// TPM2_NV_ChangeAuth() +// Return type: TPM_RC +// TPM_RC_NV_RATE NV is rate limiting so retry +// TPM_RC_NV_UNAVAILABLE NV is not available +TPM_RC +NvWriteIndexAuth(NV_REF locator, // IN: location of the index + TPM2B_AUTH* authValue // IN: the authValue to write +); + +//*** NvGetIndexInfo() +// This function loads the nvIndex Info into the NV cache and returns a pointer +// to the NV_INDEX. If the returned value is zero, the index was not found. +// The 'locator' parameter, if not NULL, will be set to the offset in NV of the +// Index (the location of the handle of the Index). +// +// This function will set the index cache. If the index is orderly, the attributes +// from RAM are substituted for the attributes in the cached index +NV_INDEX* NvGetIndexInfo(TPM_HANDLE nvHandle, // IN: the index handle + NV_REF* locator // OUT: location of the index +); + +//*** NvWriteIndexData() +// This function is used to write NV index data. It is intended to be used to +// update the data associated with the default index. +// +// This function requires that the NV Index is defined, and the data is +// within the defined data range for the index. +// +// Index data is only written due to a command that modifies the data in a single +// index. There is no case where changes are made to multiple indexes data at the +// same time. Multiple attributes may be change but not multiple index data. This +// is important because we will normally be handling the index for which we have +// the cached pointer values. +// Return type: TPM_RC +// TPM_RC_NV_RATE NV is rate limiting so retry +// TPM_RC_NV_UNAVAILABLE NV is not available +TPM_RC +NvWriteIndexData(NV_INDEX* nvIndex, // IN: the description of the index + UINT32 offset, // IN: offset of NV data + UINT32 size, // IN: size of NV data + void* data // IN: data buffer +); + +//*** NvWriteUINT64Data() +// This function to write back a UINT64 value. The various UINT64 values (bits, +// counters, and PINs) are kept in canonical format but manipulate in native +// format. This takes a native format value converts it and saves it back as +// in canonical format. +// +// This function will return the value from NV or RAM depending on the type of the +// index (orderly or not) +// +TPM_RC +NvWriteUINT64Data(NV_INDEX* nvIndex, // IN: the description of the index + UINT64 intValue // IN: the value to write +); + +//*** NvGetNameByIndexHandle() +// This function is used to compute the Name of an NV Index referenced by handle. +// +// The 'name' buffer receives the bytes of the Name and the return value +// is the number of octets in the Name. +// +// This function requires that the NV Index is defined. +TPM2B_NAME* NvGetNameByIndexHandle( + TPMI_RH_NV_INDEX handle, // IN: handle of the index + TPM2B_NAME* name // OUT: name of the index +); + +//*** NvDefineIndex() +// This function is used to assign NV memory to an NV Index. +// +// Return Type: TPM_RC +// TPM_RC_NV_SPACE insufficient NV space +TPM_RC +NvDefineIndex(TPMS_NV_PUBLIC* publicArea, // IN: A template for an area to create. + TPM2B_AUTH* authValue // IN: The initial authorization value +); + +//*** NvAddEvictObject() +// This function is used to assign NV memory to a persistent object. +// Return Type: TPM_RC +// TPM_RC_NV_HANDLE the requested handle is already in use +// TPM_RC_NV_SPACE insufficient NV space +TPM_RC +NvAddEvictObject(TPMI_DH_OBJECT evictHandle, // IN: new evict handle + OBJECT* object // IN: object to be added +); + +//*** NvDeleteIndex() +// This function is used to delete an NV Index. +// Return Type: TPM_RC +// TPM_RC_NV_UNAVAILABLE NV is not accessible +// TPM_RC_NV_RATE NV is rate limiting +TPM_RC +NvDeleteIndex(NV_INDEX* nvIndex, // IN: an in RAM index descriptor + NV_REF entityAddr // IN: location in NV +); + +TPM_RC +NvDeleteEvict(TPM_HANDLE handle // IN: handle of entity to be deleted +); + +//*** NvFlushHierarchy() +// This function will delete persistent objects belonging to the indicated hierarchy. +// If the storage hierarchy is selected, the function will also delete any +// NV Index defined using ownerAuth. +// Return Type: TPM_RC +// TPM_RC_NV_RATE NV is unavailable because of rate limit +// TPM_RC_NV_UNAVAILABLE NV is inaccessible +TPM_RC +NvFlushHierarchy(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. +); + +//*** NvSetGlobalLock() +// This function is used to SET the TPMA_NV_WRITELOCKED attribute for all +// NV indexes that have TPMA_NV_GLOBALLOCK SET. This function is use by +// TPM2_NV_GlobalWriteLock(). +// Return Type: TPM_RC +// TPM_RC_NV_RATE NV is unavailable because of rate limit +// TPM_RC_NV_UNAVAILABLE NV is inaccessible +TPM_RC +NvSetGlobalLock(void); + +//*** NvCapGetPersistent() +// This function is used to get a list of handles of the persistent objects, +// starting at 'handle'. +// +// 'Handle' must be in valid persistent object handle range, but does not +// have to reference an existing persistent object. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned +TPMI_YES_NO +NvCapGetPersistent(TPMI_DH_OBJECT handle, // IN: start handle + UINT32 count, // IN: maximum number of returned handles + TPML_HANDLE* handleList // OUT: list of handle +); + +//*** NvCapGetOnePersistent() +// This function returns whether a given persistent handle exists. +// +// 'Handle' must be in valid persistent object handle range. +BOOL NvCapGetOnePersistent(TPMI_DH_OBJECT handle // IN: handle +); + +//*** NvCapGetIndex() +// This function returns a list of handles of NV indexes, starting from 'handle'. +// 'Handle' must be in the range of NV indexes, but does not have to reference +// an existing NV Index. +// Return Type: TPMI_YES_NO +// YES if there are more handles to report +// NO all the available handles has been reported +TPMI_YES_NO +NvCapGetIndex(TPMI_DH_OBJECT handle, // IN: start handle + UINT32 count, // IN: max number of returned handles + TPML_HANDLE* handleList // OUT: list of handle +); + +//*** NvCapGetOneIndex() +// This function whether an NV index exists. +BOOL NvCapGetOneIndex(TPMI_DH_OBJECT handle); // IN: start handle + +//*** NvCapGetIndexNumber() +// This function returns the count of NV Indexes currently defined. +UINT32 +NvCapGetIndexNumber(void); + +//*** NvCapGetPersistentNumber() +// Function returns the count of persistent objects currently in NV memory. +UINT32 +NvCapGetPersistentNumber(void); + +//*** NvCapGetPersistentAvail() +// This function returns an estimate of the number of additional persistent +// objects that could be loaded into NV memory. +UINT32 +NvCapGetPersistentAvail(void); + +//*** NvCapGetCounterNumber() +// Get the number of defined NV Indexes that are counter indexes. +UINT32 +NvCapGetCounterNumber(void); + +//*** NvEntityStartup() +// This function is called at TPM_Startup(). If the startup completes +// a TPM Resume cycle, no action is taken. If the startup is a TPM Reset +// or a TPM Restart, then this function will: +// a) clear read/write lock; +// b) reset NV Index data that has TPMA_NV_CLEAR_STCLEAR SET; and +// c) set the lower bits in orderly counters to 1 for a non-orderly startup +// +// It is a prerequisite that NV be available for writing before this +// function is called. +BOOL NvEntityStartup(STARTUP_TYPE type // IN: start up type +); + +//*** NvCapGetCounterAvail() +// This function returns an estimate of the number of additional counter type +// NV indexes that can be defined. +UINT32 +NvCapGetCounterAvail(void); + +//*** NvFindHandle() +// this function returns the offset in NV memory of the entity associated +// with the input handle. A value of zero indicates that handle does not +// exist reference an existing persistent object or defined NV Index. +NV_REF +NvFindHandle(TPM_HANDLE handle); + +//*** NvReadMaxCount() +// This function returns the max NV counter value. +// +UINT64 +NvReadMaxCount(void); + +//*** NvUpdateMaxCount() +// This function updates the max counter value to NV memory. This is just staging +// for the actual write that will occur when the NV index memory is modified. +// +void NvUpdateMaxCount(UINT64 count); + +//*** NvSetMaxCount() +// This function is used at NV initialization time to set the initial value of +// the maximum counter. +void NvSetMaxCount(UINT64 value); + +//*** NvGetMaxCount() +// Function to get the NV max counter value from the end-of-list marker +UINT64 +NvGetMaxCount(void); + +#endif // _NV_DYNAMIC_FP_H_ diff --git a/src/tpm2/NVReserved.c b/src/tpm2/NvReserved.c similarity index 89% rename from src/tpm2/NVReserved.c rename to src/tpm2/NvReserved.c index 2b2f7129..5f1a8b95 100644 --- a/src/tpm2/NVReserved.c +++ b/src/tpm2/NvReserved.c @@ -134,20 +134,20 @@ void NvCheckState(void) // func_return = _plat__GetNvReadyState(); if(func_return == NV_READY) - { - g_NvStatus = TPM_RC_SUCCESS; - } + { + g_NvStatus = TPM_RC_SUCCESS; + } else if(func_return == NV_WRITEFAILURE) - { - g_NvStatus = TPM_RC_NV_UNAVAILABLE; - } + { + g_NvStatus = TPM_RC_NV_UNAVAILABLE; + } else - { - // if(func_return == NV_RATE_LIMIT) or anything else - // assume retry later might work - g_NvStatus = TPM_RC_NV_RATE; - } - + { + // if(func_return == NV_RATE_LIMIT) or anything else + // assume retry later might work + g_NvStatus = TPM_RC_NV_RATE; + } + return; } @@ -170,11 +170,11 @@ BOOL NvPowerOn(void) // If power was lost, need to re-establish the RAM data that is loaded from // NV and initialize the static variables if(g_powerWasLost) - { - if((nvError = _plat__NVEnable(NULL, 0)) < 0) - TpmLogFailure(FUNCTION_NAME, __LINE__, FATAL_ERROR_NV_UNRECOVERABLE); /* libtpms changed */ - NvInitStatic(); - } + { + if((nvError = _plat__NVEnable(NULL, 0)) < 0) + TpmLogFailure(FUNCTION_NAME, __LINE__, FATAL_ERROR_NV_UNRECOVERABLE); /* libtpms changed */ + NvInitStatic(); + } return nvError == 0; } @@ -209,9 +209,9 @@ void NvManufacture(void) //*** NvRead() // This function is used to move reserved data from NV memory to RAM. void NvRead(void* outBuffer, // OUT: buffer to receive data - UINT32 nvOffset, // IN: offset in NV of value - UINT32 size // IN: size of the value to read - ) + UINT32 nvOffset, // IN: offset in NV of value + UINT32 size // IN: size of the value to read +) { // Input type should be valid pAssert(nvOffset + size < NV_MEMORY_SIZE); @@ -223,17 +223,17 @@ void NvRead(void* outBuffer, // OUT: buffer to receive data // This function is used to post reserved data for writing to NV memory. Before // the TPM completes the operation, the value will be written. BOOL NvWrite(UINT32 nvOffset, // IN: location in NV to receive data - UINT32 size, // IN: size of the data to move - void* inBuffer // IN: location containing data to write - ) + UINT32 size, // IN: size of the data to move + void* inBuffer // IN: location containing data to write +) { // Input type should be valid if(nvOffset + size <= NV_MEMORY_SIZE) - { - // Set the flag that a NV write happened - SET_NV_UPDATE(UT_NV); - return _plat__NvMemoryWrite(nvOffset, size, inBuffer); - } + { + // Set the flag that a NV write happened + SET_NV_UPDATE(UT_NV); + return _plat__NvMemoryWrite(nvOffset, size, inBuffer); + } return FALSE; } @@ -242,10 +242,10 @@ BOOL NvWrite(UINT32 nvOffset, // IN: location in NV to receive data // This function is used to update a value in the PERSISTENT_DATA structure and // commits the value to NV. void NvUpdatePersistent( - UINT32 offset, // IN: location in PERMANENT_DATA to be updated - UINT32 size, // IN: size of the value - void* buffer // IN: the new data - ) + UINT32 offset, // IN: location in PERMANENT_DATA to be updated + UINT32 size, // IN: size of the value + void* buffer // IN: the new data +) { pAssert(offset + size <= sizeof(gp)); MemoryCopy(&gp + offset, buffer, size); @@ -255,9 +255,9 @@ void NvUpdatePersistent( //*** NvClearPersistent() // This function is used to clear a persistent data entry and commit it to NV void NvClearPersistent(UINT32 offset, // IN: the offset in the PERMANENT_DATA - // structure to be cleared (zeroed) - UINT32 size // IN: number of bytes to clear - ) + // structure to be cleared (zeroed) + UINT32 size // IN: number of bytes to clear +) { pAssert(offset + size <= sizeof(gp)); MemorySet((&gp) + offset, 0, size); diff --git a/src/tpm2/NVReserved_fp.h b/src/tpm2/NvReserved_fp.h similarity index 56% rename from src/tpm2/NVReserved_fp.h rename to src/tpm2/NvReserved_fp.h index 16bfb20a..e2e1cf31 100644 --- a/src/tpm2/NVReserved_fp.h +++ b/src/tpm2/NvReserved_fp.h @@ -59,55 +59,79 @@ /* */ /********************************************************************************/ -#ifndef NVRESERVED_FP_H -#define NVRESERVED_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 04:23:27PM + */ + +#ifndef _NV_RESERVED_FP_H_ +#define _NV_RESERVED_FP_H_ #include "NVMarshal.h" /* libtpms added */ -void -NvCheckState( - void - ); -BOOL -NvCommit( - void - ); -BOOL -NvPowerOn( - void - ); -void -NvManufacture( - void - ); -void -NvRead( - void *outBuffer, // OUT: buffer to receive data - UINT32 nvOffset, // IN: offset in NV of value - UINT32 size // IN: size of the value to read - ); -BOOL -NvWrite( - UINT32 nvOffset, // IN: location in NV to receive data - UINT32 size, // IN: size of the data to move - void *inBuffer // IN: location containing data to write - ); -void -NvUpdatePersistent( - UINT32 offset, // IN: location in PERMANENT_DATA to be updated - UINT32 size, // IN: size of the value - void *buffer // IN: the new data - ); -void -NvClearPersistent( - UINT32 offset, // IN: the offset in the PERMANENT_DATA - // structure to be cleared (zeroed) - UINT32 size // IN: number of bytes to clear - ); -void -NvReadPersistent( - void - ); +//*** NvCheckState() +// Function to check the NV state by accessing the platform-specific function +// to get the NV state. The result state is registered in s_NvIsAvailable +// that will be reported by NvIsAvailable. +// +// This function is called at the beginning of ExecuteCommand before any potential +// check of g_NvStatus. +void NvCheckState(void); +//*** NvCommit +// This is a wrapper for the platform function to commit pending NV writes. +BOOL NvCommit(void); -#endif +//*** NvPowerOn() +// This function is called at _TPM_Init to initialize the NV environment. +// Return Type: BOOL +// TRUE(1) all NV was initialized +// FALSE(0) the NV containing saved state had an error and +// TPM2_Startup(CLEAR) is required +BOOL NvPowerOn(void); + +//*** NvManufacture() +// This function initializes the NV system at pre-install time. +// +// This function should only be called in a manufacturing environment or in a +// simulation. +// +// The layout of NV memory space is an implementation choice. +void NvManufacture(void); + +//*** NvRead() +// This function is used to move reserved data from NV memory to RAM. +void NvRead(void* outBuffer, // OUT: buffer to receive data + UINT32 nvOffset, // IN: offset in NV of value + UINT32 size // IN: size of the value to read +); + +//*** NvWrite() +// This function is used to post reserved data for writing to NV memory. Before +// the TPM completes the operation, the value will be written. +BOOL NvWrite(UINT32 nvOffset, // IN: location in NV to receive data + UINT32 size, // IN: size of the data to move + void* inBuffer // IN: location containing data to write +); + +//*** NvUpdatePersistent() +// This function is used to update a value in the PERSISTENT_DATA structure and +// commits the value to NV. +void NvUpdatePersistent( + UINT32 offset, // IN: location in PERMANENT_DATA to be updated + UINT32 size, // IN: size of the value + void* buffer // IN: the new data +); + +//*** NvClearPersistent() +// This function is used to clear a persistent data entry and commit it to NV +void NvClearPersistent(UINT32 offset, // IN: the offset in the PERMANENT_DATA + // structure to be cleared (zeroed) + UINT32 size // IN: number of bytes to clear +); + +//*** NvReadPersistent() +// This function reads persistent data to the RAM copy of the 'gp' structure. +void NvReadPersistent(void); + +#endif // _NV_RESERVED_FP_H_ diff --git a/src/tpm2/OIDs.h b/src/tpm2/OIDs.h index 71475181..69257428 100644 --- a/src/tpm2/OIDs.h +++ b/src/tpm2/OIDs.h @@ -59,222 +59,256 @@ /* */ /********************************************************************************/ -// 10.1.16 OIDs.h - -#include "Tpm.h" #ifndef _OIDS_H_ #define _OIDS_H_ -// All the OIDs in this file are defined as DER-encoded values with a leading tag 0x06 -// (ASN1_OBJECT_IDENTIFIER), followed by a single length byte. This allows the OID size to be -// determined by looking at octet[1] of the OID (total size is OID[1] + 2). - -// These macros allow OIDs to be defined (or not) depending on whether the associated hash -// algorithm is implemented. - -// NOTE: When one of these macros is used, the NAME needs '_" on each side. The exception is when -// the macro is used for the hash OID when only a single _ is used. +// All the OIDs in this file are defined as DER-encoded values with a leading tag +// 0x06 (ASN1_OBJECT_IDENTIFIER), followed by a single length byte. This allows the +// OID size to be determined by looking at octet[1] of the OID (total size is +// OID[1] + 2). +// These macros allow OIDs to be defined (or not) depending on whether the associated +// hash algorithm is implemented. +// NOTE: When one of these macros is used, the NAME needs '_" on each side. The +// exception is when the macro is used for the hash OID when only a single '_' is +// used. #ifndef ALG_SHA1 -# define ALG_SHA1 NO +# define ALG_SHA1 NO #endif #if ALG_SHA1 -#define SHA1_OID(NAME) MAKE_OID(NAME##SHA1) +# define SHA1_OID(NAME) MAKE_OID(NAME##SHA1) #else -#define SHA1_OID(NAME) +# define SHA1_OID(NAME) #endif #ifndef ALG_SHA256 -# define ALG_SHA256 NO +# define ALG_SHA256 NO #endif #if ALG_SHA256 -#define SHA256_OID(NAME) MAKE_OID(NAME##SHA256) +# define SHA256_OID(NAME) MAKE_OID(NAME##SHA256) #else -#define SHA256_OID(NAME) +# define SHA256_OID(NAME) #endif #ifndef ALG_SHA384 -# define ALG_SHA384 NO +# define ALG_SHA384 NO #endif #if ALG_SHA384 -#define SHA384_OID(NAME) MAKE_OID(NAME##SHA384) +# define SHA384_OID(NAME) MAKE_OID(NAME##SHA384) #else -#define SHA384_OID(NAME) +# define SHA384_OID(NAME) #endif #ifndef ALG_SHA512 -# define ALG_SHA512 NO +# define ALG_SHA512 NO #endif #if ALG_SHA512 -#define SHA512_OID(NAME) MAKE_OID(NAME##SHA512) +# define SHA512_OID(NAME) MAKE_OID(NAME##SHA512) #else -#define SHA512_OID(NAME) +# define SHA512_OID(NAME) #endif #ifndef ALG_SM3_256 -# define ALG_SM3_256 NO +# define ALG_SM3_256 NO #endif #if ALG_SM3_256 -#define SM3_256_OID(NAME) MAKE_OID(NAME##SM3_256) +# define SM3_256_OID(NAME) MAKE_OID(NAME##SM3_256) #else -#define SM3_256_OID(NAME) +# define SM3_256_OID(NAME) #endif #ifndef ALG_SHA3_256 -# define ALG_SHA3_256 NO +# define ALG_SHA3_256 NO #endif #if ALG_SHA3_256 -#define SHA3_256_OID(NAME) MAKE_OID(NAME##SHA3_256) +# define SHA3_256_OID(NAME) MAKE_OID(NAME##SHA3_256) #else -#define SHA3_256_OID(NAME) +# define SHA3_256_OID(NAME) #endif #ifndef ALG_SHA3_384 -# define ALG_SHA3_384 NO +# define ALG_SHA3_384 NO #endif #if ALG_SHA3_384 -#define SHA3_384_OID(NAME) MAKE_OID(NAME##SHA3_384) +# define SHA3_384_OID(NAME) MAKE_OID(NAME##SHA3_384) #else -#define SHA3_384_OID(NAME) +# define SHA3_384_OID(NAME) #endif #ifndef ALG_SHA3_512 -# define ALG_SHA3_512 NO +# define ALG_SHA3_512 NO #endif #if ALG_SHA3_512 -#define SHA3_512_OID(NAME) MAKE_OID(NAME##SHA3_512) +# define SHA3_512_OID(NAME) MAKE_OID(NAME##SHA3_512) #else -#define SHA3_512_OID(NAME) +# define SHA3_512_OID(NAME) #endif + // These are encoded to take one additional byte of algorithm selector -#define NIST_HASH 0x06, 0x09, 0x60, 0x86, 0x48, 1, 101, 3, 4, 2 -#define NIST_SIG 0x06, 0x09, 0x60, 0x86, 0x48, 1, 101, 3, 4, 3 +#define NIST_HASH 0x06, 0x09, 0x60, 0x86, 0x48, 1, 101, 3, 4, 2 +#define NIST_SIG 0x06, 0x09, 0x60, 0x86, 0x48, 1, 101, 3, 4, 3 // These hash OIDs used in a lot of places. -#define OID_SHA1_VALUE 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A -SHA1_OID(_); // Expands to: -// MAKE_OID(_SHA1) -// which expands to: -// EXTERN const BYTE OID_SHA1[] INITIALIZER({OID_SHA1_VALUE}) -// which, depending on the setting of EXTERN and -// INITIALIZER, expands to either: -// extern const BYTE OID_SHA1[] -// or -// const BYTE OID_SHA1[] = {OID_SHA1_VALUE} -// which is: -// const BYTE OID_SHA1[] = {0x06, 0x05, 0x2B, 0x0E, -// 0x03, 0x02, 0x1A} -#define OID_SHA256_VALUE NIST_HASH, 1 +#define OID_SHA1_VALUE 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A +SHA1_OID(_); // Expands to: + // MAKE_OID(_SHA1) + // which expands to: + // EXTERN const BYTE OID_SHA1[] INITIALIZER({OID_SHA1_VALUE}) + // which, depending on the setting of EXTERN and + // INITIALIZER, expands to either: + // extern const BYTE OID_SHA1[] + // or + // const BYTE OID_SHA1[] = {OID_SHA1_VALUE} + // which is: + // const BYTE OID_SHA1[] = {0x06, 0x05, 0x2B, 0x0E, + // 0x03, 0x02, 0x1A} + +#define OID_SHA256_VALUE NIST_HASH, 1 SHA256_OID(_); -#define OID_SHA384_VALUE NIST_HASH, 2 + +#define OID_SHA384_VALUE NIST_HASH, 2 SHA384_OID(_); -#define OID_SHA512_VALUE NIST_HASH, 3 + +#define OID_SHA512_VALUE NIST_HASH, 3 SHA512_OID(_); -#define OID_SM3_256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, \ - 0x83, 0x11 -SM3_256_OID(_); // (1.2.156.10197.1.401) -#define OID_SHA3_256_VALUE NIST_HASH, 8 + +#define OID_SM3_256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x11 +SM3_256_OID(_); // (1.2.156.10197.1.401) + +#define OID_SHA3_256_VALUE NIST_HASH, 8 SHA3_256_OID(_); -#define OID_SHA3_384_VALUE NIST_HASH, 9 + +#define OID_SHA3_384_VALUE NIST_HASH, 9 SHA3_384_OID(_); -#define OID_SHA3_512_VALUE NIST_HASH, 10 + +#define OID_SHA3_512_VALUE NIST_HASH, 10 SHA3_512_OID(_); + // These are used for RSA-PSS #if ALG_RSA -#define OID_MGF1_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ - 0x01, 0x01, 0x08 + +# define OID_MGF1_VALUE \ + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08 MAKE_OID(_MGF1); -#define OID_RSAPSS_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ - 0x01, 0x01, 0x0A + +# define OID_RSAPSS_VALUE \ + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A MAKE_OID(_RSAPSS); + // This is the OID to designate the public part of an RSA key. -#define OID_PKCS1_PUB_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ - 0x01, 0x01, 0x01 +# define OID_PKCS1_PUB_VALUE \ + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 MAKE_OID(_PKCS1_PUB); + // These are used for RSA PKCS1 signature Algorithms -#define OID_PKCS1_SHA1_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ - 0x0D, 0x01, 0x01, 0x05 -SHA1_OID(_PKCS1_); // (1.2.840.113549.1.1.5) -#define OID_PKCS1_SHA256_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ - 0x0D, 0x01, 0x01, 0x0B -SHA256_OID(_PKCS1_); // (1.2.840.113549.1.1.11) -#define OID_PKCS1_SHA384_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ - 0x0D, 0x01, 0x01, 0x0C -SHA384_OID(_PKCS1_); // (1.2.840.113549.1.1.12) -#define OID_PKCS1_SHA512_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ - 0x0D, 0x01, 0x01, 0x0D -SHA512_OID(_PKCS1_); //(1.2.840.113549.1.1.13) -#define OID_PKCS1_SM3_256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, \ - 0x01, 0x83, 0x78 -SM3_256_OID(_PKCS1_); // 1.2.156.10197.1.504 -#define OID_PKCS1_SHA3_256_VALUE NIST_SIG, 14 +# define OID_PKCS1_SHA1_VALUE \ + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05 +SHA1_OID(_PKCS1_); // (1.2.840.113549.1.1.5) + +# define OID_PKCS1_SHA256_VALUE \ + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B +SHA256_OID(_PKCS1_); // (1.2.840.113549.1.1.11) + +# define OID_PKCS1_SHA384_VALUE \ + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C +SHA384_OID(_PKCS1_); // (1.2.840.113549.1.1.12) + +# define OID_PKCS1_SHA512_VALUE \ + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0D +SHA512_OID(_PKCS1_); //(1.2.840.113549.1.1.13) + +# define OID_PKCS1_SM3_256_VALUE \ + 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x78 +SM3_256_OID(_PKCS1_); // 1.2.156.10197.1.504 + +# define OID_PKCS1_SHA3_256_VALUE NIST_SIG, 14 SHA3_256_OID(_PKCS1_); -#define OID_PKCS1_SHA3_384_VALUE NIST_SIG, 15 +# define OID_PKCS1_SHA3_384_VALUE NIST_SIG, 15 SHA3_384_OID(_PKCS1_); -#define OID_PKCS1_SHA3_512_VALUE NIST_SIG, 16 +# define OID_PKCS1_SHA3_512_VALUE NIST_SIG, 16 SHA3_512_OID(_PKCS1_); -#endif // ALG_RSA + +#endif // ALG_RSA + #if ALG_ECDSA -#define OID_ECDSA_SHA1_VALUE 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ - 0x01 -SHA1_OID(_ECDSA_); // (1.2.840.10045.4.1) SHA1 digest signed by an ECDSA key. -#define OID_ECDSA_SHA256_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ - 0x03, 0x02 -SHA256_OID(_ECDSA_); // (1.2.840.10045.4.3.2) SHA256 digest signed by an ECDSA key. -#define OID_ECDSA_SHA384_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ - 0x03, 0x03 -SHA384_OID(_ECDSA_); // (1.2.840.10045.4.3.3) SHA384 digest signed by an ECDSA key. -#define OID_ECDSA_SHA512_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ - 0x03, 0x04 -SHA512_OID(_ECDSA_); // (1.2.840.10045.4.3.4) SHA512 digest signed by an ECDSA key. -#define OID_ECDSA_SM3_256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, \ - 0x83, 0x75 -SM3_256_OID(_ECDSA_); // 1.2.156.10197.1.501 -#define OID_ECDSA_SHA3_256_VALUE NIST_SIG, 10 + +# define OID_ECDSA_SHA1_VALUE 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x01 +SHA1_OID(_ECDSA_); // (1.2.840.10045.4.1) SHA1 digest signed by an ECDSA key. + +# define OID_ECDSA_SHA256_VALUE \ + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02 +SHA256_OID(_ECDSA_); // (1.2.840.10045.4.3.2) SHA256 digest signed by an ECDSA key. + +# define OID_ECDSA_SHA384_VALUE \ + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03 +SHA384_OID(_ECDSA_); // (1.2.840.10045.4.3.3) SHA384 digest signed by an ECDSA key. + +# define OID_ECDSA_SHA512_VALUE \ + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x04 +SHA512_OID(_ECDSA_); // (1.2.840.10045.4.3.4) SHA512 digest signed by an ECDSA key. + +# define OID_ECDSA_SM3_256_VALUE \ + 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75 +SM3_256_OID(_ECDSA_); // 1.2.156.10197.1.501 + +# define OID_ECDSA_SHA3_256_VALUE NIST_SIG, 10 SHA3_256_OID(_ECDSA_); -#define OID_ECDSA_SHA3_384_VALUE NIST_SIG, 11 +# define OID_ECDSA_SHA3_384_VALUE NIST_SIG, 11 SHA3_384_OID(_ECDSA_); -#define OID_ECDSA_SHA3_512_VALUE NIST_SIG, 12 +# define OID_ECDSA_SHA3_512_VALUE NIST_SIG, 12 SHA3_512_OID(_ECDSA_); -#endif // ALG_ECDSA + +#endif // ALG_ECDSA + #if ALG_ECC -#define OID_ECC_PUBLIC_VALUE 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, \ - 0x01 + +# define OID_ECC_PUBLIC_VALUE 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01 MAKE_OID(_ECC_PUBLIC); -#define OID_ECC_NIST_P192_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, \ - 0x01, 0x01 -#if ECC_NIST_P192 -MAKE_OID(_ECC_NIST_P192); // (1.2.840.10045.3.1.1) 'nistP192' -#endif // ECC_NIST_P192 -#define OID_ECC_NIST_P224_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 -#if ECC_NIST_P224 -MAKE_OID(_ECC_NIST_P224); // (1.3.132.0.33) 'nistP224' -#endif // ECC_NIST_P224 -#define OID_ECC_NIST_P256_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, \ - 0x01, 0x07 -#if ECC_NIST_P256 -MAKE_OID(_ECC_NIST_P256); // (1.2.840.10045.3.1.7) 'nistP256' -#endif // ECC_NIST_P256 -#define OID_ECC_NIST_P384_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 -#if ECC_NIST_P384 -MAKE_OID(_ECC_NIST_P384); // (1.3.132.0.34) 'nistP384' -#endif // ECC_NIST_P384 -#define OID_ECC_NIST_P521_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 -#if ECC_NIST_P521 -MAKE_OID(_ECC_NIST_P521); // (1.3.132.0.35) 'nistP521' -#endif // ECC_NIST_P521 + +# define OID_ECC_NIST_P192_VALUE \ + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01 +# if ECC_NIST_P192 +MAKE_OID(_ECC_NIST_P192); // (1.2.840.10045.3.1.1) 'nistP192' +# endif // ECC_NIST_P192 + +# define OID_ECC_NIST_P224_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 +# if ECC_NIST_P224 +MAKE_OID(_ECC_NIST_P224); // (1.3.132.0.33) 'nistP224' +# endif // ECC_NIST_P224 + +# define OID_ECC_NIST_P256_VALUE \ + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 +# if ECC_NIST_P256 +MAKE_OID(_ECC_NIST_P256); // (1.2.840.10045.3.1.7) 'nistP256' +# endif // ECC_NIST_P256 + +# define OID_ECC_NIST_P384_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 +# if ECC_NIST_P384 +MAKE_OID(_ECC_NIST_P384); // (1.3.132.0.34) 'nistP384' +# endif // ECC_NIST_P384 + +# define OID_ECC_NIST_P521_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 +# if ECC_NIST_P521 +MAKE_OID(_ECC_NIST_P521); // (1.3.132.0.35) 'nistP521' +# endif // ECC_NIST_P521 + // No OIDs defined for these anonymous curves -#define OID_ECC_BN_P256_VALUE 0x00 -#if ECC_BN_P256 +# define OID_ECC_BN_P256_VALUE 0x00 +# if ECC_BN_P256 MAKE_OID(_ECC_BN_P256); -#endif // ECC_BN_P256 -#define OID_ECC_BN_P638_VALUE 0x00 -#if ECC_BN_P638 +# endif // ECC_BN_P256 + +# define OID_ECC_BN_P638_VALUE 0x00 +# if ECC_BN_P638 MAKE_OID(_ECC_BN_P638); -#endif // ECC_BN_P638 -#define OID_ECC_SM2_P256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, \ - 0x82, 0x2D -#if ECC_SM2_P256 -MAKE_OID(_ECC_SM2_P256); // Don't know where I found this OID. It needs checking -#endif // ECC_SM2_P256 -#if ECC_BN_P256 -#define OID_ECC_BN_P256 NULL -#endif // ECC_BN_P256 -#endif // ALG_ECC -// #undef MAKE_OID -#define OID_SIZE(OID) (OID[1] + 2) -#endif // !_OIDS_H_ +# endif // ECC_BN_P638 + +# define OID_ECC_SM2_P256_VALUE \ + 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x2D +# if ECC_SM2_P256 +MAKE_OID(_ECC_SM2_P256); // Don't know where I found this OID. It needs checking +# endif // ECC_SM2_P256 + +# if ECC_BN_P256 +# define OID_ECC_BN_P256 NULL +# endif // ECC_BN_P256 + +#endif // ALG_ECC + +#define OID_SIZE(OID) (OID[1] + 2) + +#endif // !_OIDS_H_ diff --git a/src/tpm2/Object.c b/src/tpm2/Object.c index ee390661..bfe08e61 100644 --- a/src/tpm2/Object.c +++ b/src/tpm2/Object.c @@ -46,16 +46,16 @@ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ -/* rights, relating to use of information in this specification and to the */ -/* implementation of this specification, and TCG disclaims all liability for */ -/* cost of procurement of substitute goods or services, lost profits, loss */ -/* of use, loss of data or any incidental, consequential, direct, indirect, */ -/* or special damages, whether under contract, tort, warranty or otherwise, */ -/* arising in any way out of use or reliance upon this specification or any */ -/* information herein. */ -/* */ -/* (c) Copyright IBM Corp. and others, 2016 - 2023 */ -/* */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2016 - 2023 */ +/* */ /********************************************************************************/ //** Introduction @@ -96,10 +96,10 @@ BOOL ObjectStartup(void) // // object slots initialization for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - //Set the slot to not occupied - ObjectFlush(&s_objects[i]); - } + { + //Set the slot to not occupied + ObjectFlush(&s_objects[i]); + } return TRUE; } @@ -116,12 +116,12 @@ void ObjectCleanupEvict(void) // and they may both be persistent. // This could be made to be more efficient so that a search is not needed. for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - // If an object is a temporary evict object, flush it from slot - OBJECT* object = &s_objects[i]; - if(object->attributes.evict == SET) - ObjectFlush(object); - } + { + // If an object is a temporary evict object, flush it from slot + OBJECT* object = &s_objects[i]; + if(object->attributes.evict == SET) + ObjectFlush(object); + } return; } @@ -135,7 +135,7 @@ void ObjectCleanupEvict(void) // FALSE(0) handle is not an object handle, or it does not // reference to a loaded object BOOL IsObjectPresent(TPMI_DH_OBJECT handle // IN: handle to be checked - ) +) { UINT32 slotIndex = handle - TRANSIENT_FIRST; // Since the handle is just an index into the array that is zero based, any @@ -143,7 +143,7 @@ BOOL IsObjectPresent(TPMI_DH_OBJECT handle // IN: handle to be checked // TRANSIENT_FIRST -- (TRANSIENT_FIRST + MAX_LOADED_OBJECT - 1) // will now be greater than or equal to MAX_LOADED_OBJECTS if(slotIndex >= MAX_LOADED_OBJECTS) - return FALSE; + return FALSE; // Indicate if the slot is occupied return (s_objects[slotIndex].attributes.occupied == TRUE); } @@ -155,11 +155,11 @@ BOOL IsObjectPresent(TPMI_DH_OBJECT handle // IN: handle to be checked // TRUE(1) object is an HMAC, hash, or event sequence object // FALSE(0) object is not an HMAC, hash, or event sequence object BOOL ObjectIsSequence(OBJECT* object // IN: handle to be checked - ) +) { pAssert(object != NULL); return (object->attributes.hmacSeq == SET || object->attributes.hashSeq == SET - || object->attributes.eventSeq == SET); + || object->attributes.eventSeq == SET); } //*** HandleToObject() @@ -168,14 +168,14 @@ BOOL ObjectIsSequence(OBJECT* object // IN: handle to be checked // This function requires that 'handle' references a loaded object or a permanent // handle. OBJECT* HandleToObject(TPMI_DH_OBJECT handle // IN: handle of the object - ) +) { UINT32 index; // // Return NULL if the handle references a permanent handle because there is no // associated OBJECT. if(HandleGetType(handle) == TPM_HT_PERMANENT) - return NULL; + return NULL; // In this implementation, the handle is determined by the slot occupied by the // object. index = handle - TRANSIENT_FIRST; @@ -193,28 +193,28 @@ OBJECT* HandleToObject(TPMI_DH_OBJECT handle // IN: handle of the object // // This function requires that 'handle' references a loaded object. void GetQualifiedName(TPMI_DH_OBJECT handle, // IN: handle of the object - TPM2B_NAME* qualifiedName // OUT: qualified name of the object - ) + TPM2B_NAME* qualifiedName // OUT: qualified name of the object +) { OBJECT* object; // switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - qualifiedName->t.size = sizeof(TPM_HANDLE); - UINT32_TO_BYTE_ARRAY(handle, qualifiedName->t.name); - break; - case TPM_HT_TRANSIENT: - object = HandleToObject(handle); - if(object == NULL || object->publicArea.nameAlg == TPM_ALG_NULL) - qualifiedName->t.size = 0; - else - // Copy the name - *qualifiedName = object->qualifiedName; - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - } + { + case TPM_HT_PERMANENT: + qualifiedName->t.size = sizeof(TPM_HANDLE); + UINT32_TO_BYTE_ARRAY(handle, qualifiedName->t.name); + break; + case TPM_HT_TRANSIENT: + object = HandleToObject(handle); + if(object == NULL || object->publicArea.nameAlg == TPM_ALG_NULL) + qualifiedName->t.size = 0; + else + // Copy the name + *qualifiedName = object->qualifiedName; + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + } return; } @@ -224,7 +224,7 @@ void GetQualifiedName(TPMI_DH_OBJECT handle, // IN: handle of the object // This function requires that 'handle' references a loaded object. TPMI_RH_HIERARCHY GetHierarchy(TPMI_DH_OBJECT handle // IN :object handle - ) +) { return HandleToObject(handle)->hierarchy; } @@ -237,40 +237,40 @@ GetHierarchy(TPMI_DH_OBJECT handle // IN :object handle // NULL no open slot found // != NULL pointer to available slot OBJECT* FindEmptyObjectSlot(TPMI_DH_OBJECT* handle // OUT: (optional) - ) +) { UINT32 i; OBJECT* object; // for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - object = &s_objects[i]; - if(object->attributes.occupied == CLEAR) - { - if(handle) - *handle = i + TRANSIENT_FIRST; - // Initialize the object attributes - // MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES)); - MemorySet(object, 0, sizeof(*object)); // libtpms added: Initialize the whole object - object->hierarchy = TPM_RH_NULL; - return object; - } - } + { + object = &s_objects[i]; + if(object->attributes.occupied == CLEAR) + { + if(handle) + *handle = i + TRANSIENT_FIRST; + // Initialize the object attributes + // MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES)); + MemorySet(object, 0, sizeof(*object)); // libtpms added: Initialize the whole object + object->hierarchy = TPM_RH_NULL; + return object; + } + } return NULL; } //*** ObjectAllocateSlot() // This function is used to allocate a slot in internal object array. OBJECT* ObjectAllocateSlot(TPMI_DH_OBJECT* handle // OUT: handle of allocated object - ) +) { OBJECT* object = FindEmptyObjectSlot(handle); // if(object != NULL) - { - // if found, mark as occupied - ObjectSetInUse(object); - } + { + // if found, mark as occupied + ObjectSetInUse(object); + } return object; } @@ -279,9 +279,9 @@ OBJECT* ObjectAllocateSlot(TPMI_DH_OBJECT* handle // OUT: handle of allocated o // finalize the OBJECT attributes (not the TPMA_OBJECT attributes) for a loaded // object. void ObjectSetLoadedAttributes(OBJECT* object, // IN: object attributes to finalize - TPM_HANDLE parentHandle, // IN: the parent handle - SEED_COMPAT_LEVEL seedCompatLevel // IN: seed compat level to use for children - ) + TPM_HANDLE parentHandle, // IN: the parent handle + SEED_COMPAT_LEVEL seedCompatLevel // IN: seed compat level to use for children +) { OBJECT* parent = HandleToObject(parentHandle); TPMA_OBJECT objectAttributes = object->publicArea.objectAttributes; @@ -293,66 +293,66 @@ void ObjectSetLoadedAttributes(OBJECT* object, // IN: object attributes to fina object->attributes.stClear = IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, stClear); // If parent handle is a permanent handle, it is a primary (unless it is NULL if(parent == NULL) - { - object->hierarchy = parentHandle; - object->attributes.primary = SET; - switch(HierarchyNormalizeHandle(object->hierarchy)) - { - case TPM_RH_ENDORSEMENT: - object->attributes.epsHierarchy = SET; - break; - case TPM_RH_OWNER: - object->attributes.spsHierarchy = SET; - break; - case TPM_RH_PLATFORM: - object->attributes.ppsHierarchy = SET; - break; - default: - // Treat the temporary attribute as a hierarchy - object->attributes.temporary = SET; - object->attributes.primary = CLEAR; - break; - } - } + { + object->hierarchy = parentHandle; + object->attributes.primary = SET; + switch(HierarchyNormalizeHandle(object->hierarchy)) + { + case TPM_RH_ENDORSEMENT: + object->attributes.epsHierarchy = SET; + break; + case TPM_RH_OWNER: + object->attributes.spsHierarchy = SET; + break; + case TPM_RH_PLATFORM: + object->attributes.ppsHierarchy = SET; + break; + default: + // Treat the temporary attribute as a hierarchy + object->attributes.temporary = SET; + object->attributes.primary = CLEAR; + break; + } + } else - { - // is this a stClear object - object->attributes.stClear = - (IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, stClear) - || (parent->attributes.stClear == SET)); - object->attributes.epsHierarchy = parent->attributes.epsHierarchy; - object->attributes.spsHierarchy = parent->attributes.spsHierarchy; - object->attributes.ppsHierarchy = parent->attributes.ppsHierarchy; - // An object is temporary if its parent is temporary or if the object - // is external - object->attributes.temporary = parent->attributes.temporary - || object->attributes.external; - object->hierarchy = parent->hierarchy; - } + { + // is this a stClear object + object->attributes.stClear = + (IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, stClear) + || (parent->attributes.stClear == SET)); + object->attributes.epsHierarchy = parent->attributes.epsHierarchy; + object->attributes.spsHierarchy = parent->attributes.spsHierarchy; + object->attributes.ppsHierarchy = parent->attributes.ppsHierarchy; + // An object is temporary if its parent is temporary or if the object + // is external + object->attributes.temporary = parent->attributes.temporary + || object->attributes.external; + object->hierarchy = parent->hierarchy; + } // If this is an external object, set the QN == name but don't SET other // key properties ('parent' or 'derived') if(object->attributes.external) - object->qualifiedName = object->name; + object->qualifiedName = object->name; else - { - // check attributes for different types of parents - if(IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, restricted) - && !object->attributes.publicOnly - && IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, decrypt) - && object->publicArea.nameAlg != TPM_ALG_NULL) - { - // This is a parent. If it is not a KEYEDHASH, it is an ordinary parent. - // Otherwise, it is a derivation parent. - if(object->publicArea.type == TPM_ALG_KEYEDHASH) - object->attributes.derivation = SET; - else - object->attributes.isParent = SET; - } - ComputeQualifiedName(parentHandle, - object->publicArea.nameAlg, - &object->name, - &object->qualifiedName); - } + { + // check attributes for different types of parents + if(IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, restricted) + && !object->attributes.publicOnly + && IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, decrypt) + && object->publicArea.nameAlg != TPM_ALG_NULL) + { + // This is a parent. If it is not a KEYEDHASH, it is an ordinary parent. + // Otherwise, it is a derivation parent. + if(object->publicArea.type == TPM_ALG_KEYEDHASH) + object->attributes.derivation = SET; + else + object->attributes.isParent = SET; + } + ComputeQualifiedName(parentHandle, + object->publicArea.nameAlg, + &object->name, + &object->qualifiedName); + } // Set slot occupied ObjectSetInUse(object); return; @@ -367,17 +367,17 @@ void ObjectSetLoadedAttributes(OBJECT* object, // IN: object attributes to fina // not cause the allocated slot to be marked as in use. TPM_RC ObjectLoad(OBJECT* object, // IN: pointer to object slot - // object - OBJECT* parent, // IN: (optional) the parent object - TPMT_PUBLIC* publicArea, // IN: public area to be installed in the object - TPMT_SENSITIVE* sensitive, // IN: (optional) sensitive area to be - // installed in the object - TPM_RC blamePublic, // IN: parameter number to associate with the - // publicArea errors - TPM_RC blameSensitive, // IN: parameter number to associate with the - // sensitive area errors - TPM2B_NAME* name // IN: (optional) - ) + // object + OBJECT* parent, // IN: (optional) the parent object + TPMT_PUBLIC* publicArea, // IN: public area to be installed in the object + TPMT_SENSITIVE* sensitive, // IN: (optional) sensitive area to be + // installed in the object + TPM_RC blamePublic, // IN: parameter number to associate with the + // publicArea errors + TPM_RC blameSensitive, // IN: parameter number to associate with the + // sensitive area errors + TPM2B_NAME* name // IN: (optional) +) { TPM_RC result = TPM_RC_SUCCESS; // @@ -386,28 +386,28 @@ ObjectLoad(OBJECT* object, // IN: pointer to object slot // Is this public only or a no-name object? if(sensitive == NULL || publicArea->nameAlg == TPM_ALG_NULL) - { - // Need to have schemes checked so that we do the right thing with the - // public key. - result = SchemeChecks(NULL, publicArea); - } + { + // Need to have schemes checked so that we do the right thing with the + // public key. + result = SchemeChecks(NULL, publicArea); + } else - { - // For any sensitive area, make sure that the seedSize is no larger than the - // digest size of nameAlg - if(sensitive->seedValue.t.size > CryptHashGetDigestSize(publicArea->nameAlg)) - return TPM_RCS_KEY_SIZE + blameSensitive; - // Check attributes and schemes for consistency - // For the purposes of attributes validation on this non-primary object, - // either: - // - parent is not NULL and therefore its attributes are checked for - // consistency with the parent, OR - // - parent is NULL but the object is not a primary object, either - result = - PublicAttributesValidation(parent, /*primaryHierarchy = */ 0, publicArea); - } + { + // For any sensitive area, make sure that the seedSize is no larger than the + // digest size of nameAlg + if(sensitive->seedValue.t.size > CryptHashGetDigestSize(publicArea->nameAlg)) + return TPM_RCS_KEY_SIZE + blameSensitive; + // Check attributes and schemes for consistency + // For the purposes of attributes validation on this non-primary object, + // either: + // - parent is not NULL and therefore its attributes are checked for + // consistency with the parent, OR + // - parent is NULL but the object is not a primary object, either + result = + PublicAttributesValidation(parent, /*primaryHierarchy = */ 0, publicArea); + } if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, blamePublic); + return RcSafeAddToResult(result, blamePublic); // Sensitive area and binding checks @@ -421,43 +421,43 @@ ObjectLoad(OBJECT* object, // IN: pointer to object slot // For more information about this check, see PrivateToSensitive. if((parent == NULL) || ((parent != NULL) - && !IS_ATTRIBUTE( - parent->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM))) - { - // Do the cryptographic key validation - result = - CryptValidateKeys(publicArea, sensitive, blamePublic, blameSensitive); - if(result != TPM_RC_SUCCESS) - return result; - } + && !IS_ATTRIBUTE( + parent->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM))) + { + // Do the cryptographic key validation + result = + CryptValidateKeys(publicArea, sensitive, blamePublic, blameSensitive); + if(result != TPM_RC_SUCCESS) + return result; + } #if ALG_RSA // If this is an RSA key, then expand the private exponent. // Note: ObjectLoad() is only called by TPM2_Import() if the parent is fixedTPM. // For any key that does not have a fixedTPM parent, the exponent is computed // whenever it is loaded if((publicArea->type == TPM_ALG_RSA) && (sensitive != NULL)) - { - result = CryptRsaLoadPrivateExponent(publicArea, sensitive, object); // libtpms: Added object (may be NULL) - if(result != TPM_RC_SUCCESS) - return result; - } + { + result = CryptRsaLoadPrivateExponent(publicArea, sensitive, object); // libtpms: Added object (may be NULL) + if(result != TPM_RC_SUCCESS) + return result; + } #endif // ALG_RSA // See if there is an object to populate if((result == TPM_RC_SUCCESS) && (object != NULL)) - { - // Initialize public - object->publicArea = *publicArea; - // Copy sensitive if there is one - if(sensitive == NULL) - object->attributes.publicOnly = SET; - else - object->sensitive = *sensitive; - // Set the name, if one was provided - if(name != NULL) - object->name = *name; - else - object->name.t.size = 0; - } + { + // Initialize public + object->publicArea = *publicArea; + // Copy sensitive if there is one + if(sensitive == NULL) + object->attributes.publicOnly = SET; + else + object->sensitive = *sensitive; + // Set the name, if one was provided + if(name != NULL) + object->name = *name; + else + object->name.t.size = 0; + } return result; } @@ -467,9 +467,9 @@ ObjectLoad(OBJECT* object, // IN: pointer to object slot // used for an operation that is not appropriate for a sequence. // static HASH_OBJECT* AllocateSequenceSlot( - TPM_HANDLE* newHandle, // OUT: receives the allocated handle - TPM2B_AUTH* auth // IN: the authValue for the slot - ) + TPM_HANDLE* newHandle, // OUT: receives the allocated handle + TPM2B_AUTH* auth // IN: the authValue for the slot +) { HASH_OBJECT* object = (HASH_OBJECT*)ObjectAllocateSlot(newHandle); // @@ -479,31 +479,31 @@ static HASH_OBJECT* AllocateSequenceSlot( MUST_BE(offsetof(HASH_OBJECT, auth) == offsetof(OBJECT, publicArea.authPolicy)); if(object != NULL) - { + { - // Set the common values that a sequence object shares with an ordinary object - // First, clear all attributes - MemorySet(&object->objectAttributes, 0, sizeof(TPMA_OBJECT)); + // Set the common values that a sequence object shares with an ordinary object + // First, clear all attributes + MemorySet(&object->objectAttributes, 0, sizeof(TPMA_OBJECT)); - // The type is TPM_ALG_NULL - object->type = TPM_ALG_NULL; + // The type is TPM_ALG_NULL + object->type = TPM_ALG_NULL; - // This has no name algorithm and the name is the Empty Buffer - object->nameAlg = TPM_ALG_NULL; + // This has no name algorithm and the name is the Empty Buffer + object->nameAlg = TPM_ALG_NULL; - // A sequence object is considered to be in the NULL hierarchy so it should - // be marked as temporary so that it can't be persisted - object->attributes.temporary = SET; + // A sequence object is considered to be in the NULL hierarchy so it should + // be marked as temporary so that it can't be persisted + object->attributes.temporary = SET; - // A sequence object is DA exempt. - SET_ATTRIBUTE(object->objectAttributes, TPMA_OBJECT, noDA); + // A sequence object is DA exempt. + SET_ATTRIBUTE(object->objectAttributes, TPMA_OBJECT, noDA); - // Copy the authorization value - if(auth != NULL) - object->auth = *auth; - else - object->auth.t.size = 0; - } + // Copy the authorization value + if(auth != NULL) + object->auth = *auth; + else + object->auth.t.size = 0; + } return object; } @@ -514,11 +514,11 @@ static HASH_OBJECT* AllocateSequenceSlot( // TPM_RC_OBJECT_MEMORY if there is no free slot for an object TPM_RC ObjectCreateHMACSequence( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - OBJECT* keyObject, // IN: the object containing the HMAC key - TPM2B_AUTH* auth, // IN: authValue - TPMI_DH_OBJECT* newHandle // OUT: HMAC sequence object handle - ) + TPMI_ALG_HASH hashAlg, // IN: hash algorithm + OBJECT* keyObject, // IN: the object containing the HMAC key + TPM2B_AUTH* auth, // IN: authValue + TPMI_DH_OBJECT* newHandle // OUT: HMAC sequence object handle +) { HASH_OBJECT* hmacObject; // @@ -526,24 +526,24 @@ ObjectCreateHMACSequence( hmacObject = AllocateSequenceSlot(newHandle, auth); if(hmacObject == NULL) - return TPM_RC_OBJECT_MEMORY; + return TPM_RC_OBJECT_MEMORY; // Set HMAC sequence bit hmacObject->attributes.hmacSeq = SET; # if !SMAC_IMPLEMENTED if(CryptHmacStart(&hmacObject->state.hmacState, - hashAlg, - keyObject->sensitive.sensitive.bits.b.size, - keyObject->sensitive.sensitive.bits.b.buffer) + hashAlg, + keyObject->sensitive.sensitive.bits.b.size, + keyObject->sensitive.sensitive.bits.b.buffer) == 0) # else - if(CryptMacStart(&hmacObject->state.hmacState, - &keyObject->publicArea.parameters, - hashAlg, - &keyObject->sensitive.sensitive.any.b) - == 0) + if(CryptMacStart(&hmacObject->state.hmacState, + &keyObject->publicArea.parameters, + hashAlg, + &keyObject->sensitive.sensitive.any.b) + == 0) # endif // SMAC_IMPLEMENTED - return TPM_RC_FAILURE; + return TPM_RC_FAILURE; return TPM_RC_SUCCESS; } #endif @@ -554,15 +554,15 @@ ObjectCreateHMACSequence( // TPM_RC_OBJECT_MEMORY if there is no free slot for an object TPM_RC ObjectCreateHashSequence(TPMI_ALG_HASH hashAlg, // IN: hash algorithm - TPM2B_AUTH* auth, // IN: authValue - TPMI_DH_OBJECT* newHandle // OUT: sequence object handle - ) + TPM2B_AUTH* auth, // IN: authValue + TPMI_DH_OBJECT* newHandle // OUT: sequence object handle +) { HASH_OBJECT* hashObject = AllocateSequenceSlot(newHandle, auth); // // See if slot allocated if(hashObject == NULL) - return TPM_RC_OBJECT_MEMORY; + return TPM_RC_OBJECT_MEMORY; // Set hash sequence bit hashObject->attributes.hashSeq = SET; @@ -578,8 +578,8 @@ ObjectCreateHashSequence(TPMI_ALG_HASH hashAlg, // IN: hash algorithm // TPM_RC_OBJECT_MEMORY if there is no free slot for an object TPM_RC ObjectCreateEventSequence(TPM2B_AUTH* auth, // IN: authValue - TPMI_DH_OBJECT* newHandle // OUT: sequence object handle - ) + TPMI_DH_OBJECT* newHandle // OUT: sequence object handle +) { HASH_OBJECT* hashObject = AllocateSequenceSlot(newHandle, auth); UINT32 count; @@ -587,13 +587,13 @@ ObjectCreateEventSequence(TPM2B_AUTH* auth, // IN: authValue // // See if slot allocated if(hashObject == NULL) - return TPM_RC_OBJECT_MEMORY; + return TPM_RC_OBJECT_MEMORY; // Set the event sequence attribute hashObject->attributes.eventSeq = SET; // Initialize hash states for each implemented PCR algorithms for(count = 0; (hash = CryptHashGetAlgByIndex(count)) != TPM_ALG_NULL; count++) - CryptHashStart(&hashObject->state.hashState[count], hash); + CryptHashStart(&hashObject->state.hashState[count], hash); return TPM_RC_SUCCESS; } @@ -610,55 +610,55 @@ void ObjectTerminateEvent(void) // Don't assume that this is a proper sequence object if(hashObject->attributes.eventSeq) - { - // If it is, close any open hash contexts. This is done in case - // the cryptographic implementation has some context values that need to be - // cleaned up (hygiene). - // - for(count = 0; CryptHashGetAlgByIndex(count) != TPM_ALG_NULL; count++) - { - CryptHashEnd(&hashObject->state.hashState[count], 0, buffer); - } - // Flush sequence object - FlushObject(g_DRTMHandle); - } + { + // If it is, close any open hash contexts. This is done in case + // the cryptographic implementation has some context values that need to be + // cleaned up (hygiene). + // + for(count = 0; CryptHashGetAlgByIndex(count) != TPM_ALG_NULL; count++) + { + CryptHashEnd(&hashObject->state.hashState[count], 0, buffer); + } + // Flush sequence object + FlushObject(g_DRTMHandle); + } g_DRTMHandle = TPM_RH_UNASSIGNED; } -#if 0 // libtpms added +#if 0 // libtpms added //*** ObjectContextLoad() // This function loads an object from a saved object context. // Return Type: OBJECT * // NULL if there is no free slot for an object // != NULL points to the loaded object OBJECT* ObjectContextLoad( - ANY_OBJECT_BUFFER* object, // IN: pointer to object structure in saved - // context - TPMI_DH_OBJECT* handle // OUT: object handle - ) + ANY_OBJECT_BUFFER* object, // IN: pointer to object structure in saved + // context + TPMI_DH_OBJECT* handle // OUT: object handle +) { OBJECT* newObject = ObjectAllocateSlot(handle); // // Try to allocate a slot for new object if(newObject != NULL) - { - // Copy the first part of the object - MemoryCopy(newObject, object, offsetof(HASH_OBJECT, state)); - // See if this is a sequence object - if(ObjectIsSequence(newObject)) - { - // If this is a sequence object, import the data - SequenceDataImport((HASH_OBJECT*)newObject, (HASH_OBJECT_BUFFER*)object); - } - else - { - // Copy input object data to internal structure - MemoryCopy(newObject, object, sizeof(OBJECT)); - } - } + { + // Copy the first part of the object + MemoryCopy(newObject, object, offsetof(HASH_OBJECT, state)); + // See if this is a sequence object + if(ObjectIsSequence(newObject)) + { + // If this is a sequence object, import the data + SequenceDataImport((HASH_OBJECT*)newObject, (HASH_OBJECT_BUFFER*)object); + } + else + { + // Copy input object data to internal structure + MemoryCopy(newObject, object, sizeof(OBJECT)); + } + } return newObject; } -#endif // libtpms added begin +#endif // libtpms added begin OBJECT * ObjectContextLoadLibtpms(BYTE *buffer, @@ -675,28 +675,28 @@ ObjectContextLoadLibtpms(BYTE *buffer, // Try to allocate a slot for new object if(newObject != NULL) - { - rc = ANY_OBJECT_Unmarshal(newObject, &mybuf, &mysize, false); - if (rc) { - /* Attempt to load an old OBJECT that was copied out directly from - * an older version of OBJECT. - */ - rc = RSA2048_OBJECT_Buffer_To_OBJECT(newObject, buffer, size); - if (rc) { - FlushObject(*handle); - newObject = NULL; - } - } - } + { + rc = ANY_OBJECT_Unmarshal(newObject, &mybuf, &mysize, false); + if (rc) { + /* Attempt to load an old OBJECT that was copied out directly from + * an older version of OBJECT. + */ + rc = RSA2048_OBJECT_Buffer_To_OBJECT(newObject, buffer, size); + if (rc) { + FlushObject(*handle); + newObject = NULL; + } + } + } return newObject; -} // libtpms added end +} // libtpms added end //*** FlushObject() // This function frees an object slot. // // This function requires that the object is loaded. void FlushObject(TPMI_DH_OBJECT handle // IN: handle to be freed - ) +) { UINT32 index = handle - TRANSIENT_FIRST; // @@ -710,35 +710,35 @@ void FlushObject(TPMI_DH_OBJECT handle // IN: handle to be freed // This function is called to flush all the loaded transient objects associated // with a hierarchy when the hierarchy is disabled. void ObjectFlushHierarchy(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flush - ) +) { UINT16 i; // // iterate object slots for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - if(s_objects[i].attributes.occupied) // If found an occupied slot - { - switch(hierarchy) - { - case TPM_RH_PLATFORM: - if(s_objects[i].attributes.ppsHierarchy == SET) - s_objects[i].attributes.occupied = FALSE; - break; - case TPM_RH_OWNER: - if(s_objects[i].attributes.spsHierarchy == SET) - s_objects[i].attributes.occupied = FALSE; - break; - case TPM_RH_ENDORSEMENT: - if(s_objects[i].attributes.epsHierarchy == SET) - s_objects[i].attributes.occupied = FALSE; - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } - } - } + { + if(s_objects[i].attributes.occupied) // If found an occupied slot + { + switch(hierarchy) + { + case TPM_RH_PLATFORM: + if(s_objects[i].attributes.ppsHierarchy == SET) + s_objects[i].attributes.occupied = FALSE; + break; + case TPM_RH_OWNER: + if(s_objects[i].attributes.spsHierarchy == SET) + s_objects[i].attributes.occupied = FALSE; + break; + case TPM_RH_ENDORSEMENT: + if(s_objects[i].attributes.epsHierarchy == SET) + s_objects[i].attributes.occupied = FALSE; + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } + } + } return; } @@ -753,9 +753,9 @@ void ObjectFlushHierarchy(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be fl // TPM_RC_OBJECT_MEMORY no object slot TPM_RC ObjectLoadEvict(TPM_HANDLE* handle, // IN:OUT: evict object handle. If success, it - // will be replace by the loaded object handle - COMMAND_INDEX commandIndex // IN: the command being processed - ) + // will be replace by the loaded object handle + COMMAND_INDEX commandIndex // IN: the command being processed +) { TPM_RC result; TPM_HANDLE evictHandle = *handle; // Save the evict handle @@ -764,18 +764,18 @@ ObjectLoadEvict(TPM_HANDLE* handle, // IN:OUT: evict object handle. If success // If this is an index that references a persistent object created by // the platform, then return TPM_RH_HANDLE if the phEnable is FALSE if(*handle >= PLATFORM_PERSISTENT) - { - // belongs to platform - if(g_phEnable == CLEAR) - return TPM_RC_HANDLE; - } + { + // belongs to platform + if(g_phEnable == CLEAR) + return TPM_RC_HANDLE; + } // belongs to owner else if(gc.shEnable == CLEAR) - return TPM_RC_HANDLE; + return TPM_RC_HANDLE; // Try to allocate a slot for an object object = ObjectAllocateSlot(handle); if(object == NULL) - return TPM_RC_OBJECT_MEMORY; + return TPM_RC_OBJECT_MEMORY; // Copy persistent object to transient object slot. A TPM_RC_HANDLE // may be returned at this point. This will mark the slot as containing // a transient object so that it will be flushed at the end of the @@ -784,7 +784,7 @@ ObjectLoadEvict(TPM_HANDLE* handle, // IN:OUT: evict object handle. If success // Bail out if this failed if(result != TPM_RC_SUCCESS) - return result; + return result; // check the object to see if it is in the endorsement hierarchy // if it is and this is not a TPM2_EvictControl() command, indicate // that the hierarchy is disabled. @@ -792,7 +792,7 @@ ObjectLoadEvict(TPM_HANDLE* handle, // IN:OUT: evict object handle. If success // handle is not defined if(HierarchyNormalizeHandle(object->hierarchy) == TPM_RH_ENDORSEMENT && gc.ehEnable == CLEAR && GetCommandCode(commandIndex) != TPM_CC_EvictControl) - return TPM_RC_HANDLE; + return TPM_RC_HANDLE; return result; } @@ -800,14 +800,14 @@ ObjectLoadEvict(TPM_HANDLE* handle, // IN:OUT: evict object handle. If success //*** ObjectComputeName() // This does the name computation from a public area (can be marshaled or not). TPM2B_NAME* ObjectComputeName(UINT32 size, // IN: the size of the area to digest - BYTE* publicArea, // IN: the public area to digest - TPM_ALG_ID nameAlg, // IN: the hash algorithm to use - TPM2B_NAME* name // OUT: Computed name - ) + BYTE* publicArea, // IN: the public area to digest + TPM_ALG_ID nameAlg, // IN: the hash algorithm to use + TPM2B_NAME* name // OUT: Computed name +) { // Hash the publicArea into the name buffer leaving room for the nameAlg name->t.size = CryptHashBlock( - nameAlg, size, publicArea, sizeof(name->t.name) - 2, &name->t.name[2]); + nameAlg, size, publicArea, sizeof(name->t.name) - 2, &name->t.name[2]); // set the nameAlg UINT16_TO_BYTE_ARRAY(nameAlg, name->t.name); name->t.size += 2; @@ -817,67 +817,67 @@ TPM2B_NAME* ObjectComputeName(UINT32 size, // IN: the size of the area to d //*** PublicMarshalAndComputeName() // This function computes the Name of an object from its public area. TPM2B_NAME* PublicMarshalAndComputeName( - TPMT_PUBLIC* publicArea, // IN: public area of an object - TPM2B_NAME* name // OUT: name of the object - ) + TPMT_PUBLIC* publicArea, // IN: public area of an object + TPM2B_NAME* name // OUT: name of the object +) { // Will marshal a public area into a template. This is because the internal // format for a TPM2B_PUBLIC is a structure and not a simple BYTE buffer. TPM2B_TEMPLATE marshaled; // this is big enough to hold a - // marshaled TPMT_PUBLIC + // marshaled TPMT_PUBLIC BYTE* buffer = (BYTE*)&marshaled.t.buffer; // // if the nameAlg is NULL then there is no name. if(publicArea->nameAlg == TPM_ALG_NULL) - name->t.size = 0; + name->t.size = 0; else - { - // Marshal the public area into its canonical form - marshaled.t.size = TPMT_PUBLIC_Marshal(publicArea, &buffer, NULL); - // and compute the name - ObjectComputeName( - marshaled.t.size, marshaled.t.buffer, publicArea->nameAlg, name); - } + { + // Marshal the public area into its canonical form + marshaled.t.size = TPMT_PUBLIC_Marshal(publicArea, &buffer, NULL); + // and compute the name + ObjectComputeName( + marshaled.t.size, marshaled.t.buffer, publicArea->nameAlg, name); + } return name; } //*** ComputeQualifiedName() // This function computes the qualified name of an object. void ComputeQualifiedName( - TPM_HANDLE parentHandle, // IN: parent's handle - TPM_ALG_ID nameAlg, // IN: name hash - TPM2B_NAME* name, // IN: name of the object - TPM2B_NAME* qualifiedName // OUT: qualified name of the object - ) + TPM_HANDLE parentHandle, // IN: parent's handle + TPM_ALG_ID nameAlg, // IN: name hash + TPM2B_NAME* name, // IN: name of the object + TPM2B_NAME* qualifiedName // OUT: qualified name of the object +) { HASH_STATE hashState; // hash state TPM2B_NAME parentName; // if(parentHandle == TPM_RH_UNASSIGNED) - { - MemoryCopy2B(&qualifiedName->b, &name->b, sizeof(qualifiedName->t.name)); - *qualifiedName = *name; - } + { + MemoryCopy2B(&qualifiedName->b, &name->b, sizeof(qualifiedName->t.name)); + *qualifiedName = *name; + } else - { - GetQualifiedName(parentHandle, &parentName); + { + GetQualifiedName(parentHandle, &parentName); - // QN_A = hash_A (QN of parent || NAME_A) + // QN_A = hash_A (QN of parent || NAME_A) - // Start hash - qualifiedName->t.size = CryptHashStart(&hashState, nameAlg); + // Start hash + qualifiedName->t.size = CryptHashStart(&hashState, nameAlg); - // Add parent's qualified name - CryptDigestUpdate2B(&hashState, &parentName.b); + // Add parent's qualified name + CryptDigestUpdate2B(&hashState, &parentName.b); - // Add self name - CryptDigestUpdate2B(&hashState, &name->b); + // Add self name + CryptDigestUpdate2B(&hashState, &name->b); - // Complete hash leaving room for the name algorithm - CryptHashEnd(&hashState, qualifiedName->t.size, &qualifiedName->t.name[2]); - UINT16_TO_BYTE_ARRAY(nameAlg, qualifiedName->t.name); - qualifiedName->t.size += 2; - } + // Complete hash leaving room for the name algorithm + CryptHashEnd(&hashState, qualifiedName->t.size, &qualifiedName->t.name[2]); + UINT16_TO_BYTE_ARRAY(nameAlg, qualifiedName->t.name); + qualifiedName->t.size += 2; + } return; } @@ -889,17 +889,17 @@ void ComputeQualifiedName( // TRUE(1) object is a storage key // FALSE(0) object is not a storage key BOOL ObjectIsStorage(TPMI_DH_OBJECT handle // IN: object handle - ) +) { OBJECT* object = HandleToObject(handle); TPMT_PUBLIC* publicArea = ((object != NULL) ? &object->publicArea : NULL); // return (publicArea != NULL - && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) - && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) - && !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) - && (object->publicArea.type == TPM_ALG_RSA - || object->publicArea.type == TPM_ALG_ECC)); + && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) + && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) + && !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) + && (object->publicArea.type == TPM_ALG_RSA + || object->publicArea.type == TPM_ALG_ECC)); } //*** ObjectCapGetLoaded() @@ -911,9 +911,9 @@ BOOL ObjectIsStorage(TPMI_DH_OBJECT handle // IN: object handle // NO all the available handles has been returned TPMI_YES_NO ObjectCapGetLoaded(TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE* handleList // OUT: list of handle - ) + UINT32 count, // IN: count of returned handles + TPML_HANDLE* handleList // OUT: list of handle +) { TPMI_YES_NO more = NO; UINT32 i; @@ -925,32 +925,32 @@ ObjectCapGetLoaded(TPMI_DH_OBJECT handle, // IN: start handle // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) - count = MAX_CAP_HANDLES; + count = MAX_CAP_HANDLES; // Iterate object slots to get loaded object handles for(i = handle - TRANSIENT_FIRST; i < MAX_LOADED_OBJECTS; i++) - { - if(s_objects[i].attributes.occupied == TRUE) - { - // A valid transient object can not be the copy of a persistent object - pAssert(s_objects[i].attributes.evict == CLEAR); + { + if(s_objects[i].attributes.occupied == TRUE) + { + // A valid transient object can not be the copy of a persistent object + pAssert(s_objects[i].attributes.evict == CLEAR); - if(handleList->count < count) - { - // If we have not filled up the return list, add this object - // handle to it - handleList->handle[handleList->count] = i + TRANSIENT_FIRST; - handleList->count++; - } - else - { - // If the return list is full but we still have loaded object - // available, report this and stop iterating - more = YES; - break; - } - } - } + if(handleList->count < count) + { + // If we have not filled up the return list, add this object + // handle to it + handleList->handle[handleList->count] = i + TRANSIENT_FIRST; + handleList->count++; + } + else + { + // If the return list is full but we still have loaded object + // available, report this and stop iterating + more = YES; + break; + } + } + } return more; } @@ -965,15 +965,15 @@ BOOL ObjectCapGetOneLoaded(TPMI_DH_OBJECT handle) // IN: handle // Iterate object slots to get loaded object handles for(i = handle - TRANSIENT_FIRST; i < MAX_LOADED_OBJECTS; i++) - { - if(s_objects[i].attributes.occupied == TRUE) - { - // A valid transient object can not be the copy of a persistent object - pAssert(s_objects[i].attributes.evict == CLEAR); + { + if(s_objects[i].attributes.occupied == TRUE) + { + // A valid transient object can not be the copy of a persistent object + pAssert(s_objects[i].attributes.evict == CLEAR); - return TRUE; - } - } + return TRUE; + } + } return FALSE; } @@ -989,10 +989,10 @@ ObjectCapGetTransientAvail(void) // // Iterate object slot to get the number of unoccupied slots for(i = 0; i < MAX_LOADED_OBJECTS; i++) - { - if(s_objects[i].attributes.occupied == FALSE) - num++; - } + { + if(s_objects[i].attributes.occupied == FALSE) + num++; + } return num; } diff --git a/src/tpm2/ObjectChangeAuth_fp.h b/src/tpm2/ObjectChangeAuth_fp.h index 05a97c3c..f9deff38 100644 --- a/src/tpm2/ObjectChangeAuth_fp.h +++ b/src/tpm2/ObjectChangeAuth_fp.h @@ -59,31 +59,36 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef OBJECTCHANGEAUTH_FP_H -#define OBJECTCHANGEAUTH_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT objectHandle; - TPMI_DH_OBJECT parentHandle; - TPM2B_AUTH newAuth; +#if CC_ObjectChangeAuth // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_OBJECTCHANGEAUTH_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_OBJECTCHANGEAUTH_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT objectHandle; + TPMI_DH_OBJECT parentHandle; + TPM2B_AUTH newAuth; } ObjectChangeAuth_In; -#define RC_ObjectChangeAuth_objectHandle (TPM_RC_H + TPM_RC_1) -#define RC_ObjectChangeAuth_parentHandle (TPM_RC_H + TPM_RC_2) -#define RC_ObjectChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) - -typedef struct { - TPM2B_PRIVATE outPrivate; +// Output structure definition +typedef struct +{ + TPM2B_PRIVATE outPrivate; } ObjectChangeAuth_Out; +// Response code modifiers +# define RC_ObjectChangeAuth_objectHandle (TPM_RC_H + TPM_RC_1) +# define RC_ObjectChangeAuth_parentHandle (TPM_RC_H + TPM_RC_2) +# define RC_ObjectChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_ObjectChangeAuth( - ObjectChangeAuth_In *in, // IN: input parameter list - ObjectChangeAuth_Out *out // OUT: output parameter list - ); +TPM2_ObjectChangeAuth(ObjectChangeAuth_In* in, ObjectChangeAuth_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_OBJECTCHANGEAUTH_FP_H_ +#endif // CC_ObjectChangeAuth diff --git a/src/tpm2/ObjectCommands.c b/src/tpm2/ObjectCommands.c index fe80925b..f41a5796 100644 --- a/src/tpm2/ObjectCommands.c +++ b/src/tpm2/ObjectCommands.c @@ -194,6 +194,32 @@ TPM2_Create(Create_In* in, // IN: input parameter list #include "Load_fp.h" #if CC_Load // Conditional expansion of this file #include "Object_spt_fp.h" + +/*(See part 3 specification) +// Load an ordinary or temporary object +*/ +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'inPulblic' attributes are not allowed with selected +// parent +// TPM_RC_BINDING 'inPrivate' and 'inPublic' are not +// cryptographically bound +// TPM_RC_HASH incorrect hash selection for signing key or +// the 'nameAlg' for 'inPublic' is not valid +// TPM_RC_INTEGRITY HMAC on 'inPrivate' was not valid +// TPM_RC_KDF KDF selection not allowed +// TPM_RC_KEY the size of the object's 'unique' field is not +// consistent with the indicated size in the object's +// parameters +// TPM_RC_OBJECT_MEMORY no available object slot +// TPM_RC_SCHEME the signing scheme is not valid for the key +// TPM_RC_SENSITIVE the 'inPrivate' did not unmarshal correctly +// TPM_RC_SIZE 'inPrivate' missing, or 'authPolicy' size for +// 'inPublic' or is not valid +// TPM_RC_SYMMETRIC symmetric algorithm not provided when required +// TPM_RC_TYPE 'parentHandle' is not a storage key, or the object +// to load is a storage key but its parameters do not +// match the parameters of the parent. +// TPM_RC_VALUE decryption failure TPM_RC TPM2_Load( Load_In *in, // IN: input parameter list diff --git a/src/tpm2/Object_fp.h b/src/tpm2/Object_fp.h index 103c588c..52990cf5 100644 --- a/src/tpm2/Object_fp.h +++ b/src/tpm2/Object_fp.h @@ -98,7 +98,7 @@ void ObjectCleanupEvict(void); // FALSE(0) handle is not an object handle, or it does not // reference to a loaded object BOOL IsObjectPresent(TPMI_DH_OBJECT handle // IN: handle to be checked - ); +); //*** ObjectIsSequence() // This function is used to check if the object is a sequence object. This function @@ -107,7 +107,7 @@ BOOL IsObjectPresent(TPMI_DH_OBJECT handle // IN: handle to be checked // TRUE(1) object is an HMAC, hash, or event sequence object // FALSE(0) object is not an HMAC, hash, or event sequence object BOOL ObjectIsSequence(OBJECT* object // IN: handle to be checked - ); +); //*** HandleToObject() // This function is used to find the object structure associated with a handle. @@ -115,7 +115,7 @@ BOOL ObjectIsSequence(OBJECT* object // IN: handle to be checked // This function requires that 'handle' references a loaded object or a permanent // handle. OBJECT* HandleToObject(TPMI_DH_OBJECT handle // IN: handle of the object - ); +); //*** GetQualifiedName() // This function returns the Qualified Name of the object. In this implementation, @@ -126,8 +126,8 @@ OBJECT* HandleToObject(TPMI_DH_OBJECT handle // IN: handle of the object // // This function requires that 'handle' references a loaded object. void GetQualifiedName(TPMI_DH_OBJECT handle, // IN: handle of the object - TPM2B_NAME* qualifiedName // OUT: qualified name of the object - ); + TPM2B_NAME* qualifiedName // OUT: qualified name of the object +); TPMI_RH_HIERARCHY // libtpms added begin ObjectGetHierarchy( @@ -139,7 +139,7 @@ ObjectGetHierarchy( // This function requires that 'handle' references a loaded object. TPMI_RH_HIERARCHY GetHierarchy(TPMI_DH_OBJECT handle // IN :object handle - ); +); //*** FindEmptyObjectSlot() // This function finds an open object slot, if any. It will clear the attributes @@ -149,21 +149,21 @@ GetHierarchy(TPMI_DH_OBJECT handle // IN :object handle // NULL no open slot found // != NULL pointer to available slot OBJECT* FindEmptyObjectSlot(TPMI_DH_OBJECT* handle // OUT: (optional) - ); +); //*** ObjectAllocateSlot() // This function is used to allocate a slot in internal object array. OBJECT* ObjectAllocateSlot(TPMI_DH_OBJECT* handle // OUT: handle of allocated object - ); +); //*** ObjectSetLoadedAttributes() // This function sets the internal attributes for a loaded object. It is called to // finalize the OBJECT attributes (not the TPMA_OBJECT attributes) for a loaded // object. void ObjectSetLoadedAttributes(OBJECT* object, // IN: object attributes to finalize - TPM_HANDLE parentHandle, // IN: the parent handle - SEED_COMPAT_LEVEL seedCompatLevel // IN: seedCompatLevel to use for children - ); + TPM_HANDLE parentHandle, // IN: the parent handle + SEED_COMPAT_LEVEL seedCompatLevel // IN: seedCompatLevel to use for children +); //*** ObjectLoad() // Common function to load a non-primary object (i.e., either an Ordinary Object, @@ -174,17 +174,17 @@ void ObjectSetLoadedAttributes(OBJECT* object, // IN: object attributes to fina // not cause the allocated slot to be marked as in use. TPM_RC ObjectLoad(OBJECT* object, // IN: pointer to object slot - // object - OBJECT* parent, // IN: (optional) the parent object - TPMT_PUBLIC* publicArea, // IN: public area to be installed in the object - TPMT_SENSITIVE* sensitive, // IN: (optional) sensitive area to be - // installed in the object - TPM_RC blamePublic, // IN: parameter number to associate with the - // publicArea errors - TPM_RC blameSensitive, // IN: parameter number to associate with the - // sensitive area errors - TPM2B_NAME* name // IN: (optional) - ); + // object + OBJECT* parent, // IN: (optional) the parent object + TPMT_PUBLIC* publicArea, // IN: public area to be installed in the object + TPMT_SENSITIVE* sensitive, // IN: (optional) sensitive area to be + // installed in the object + TPM_RC blamePublic, // IN: parameter number to associate with the + // publicArea errors + TPM_RC blameSensitive, // IN: parameter number to associate with the + // sensitive area errors + TPM2B_NAME* name // IN: (optional) +); #if CC_HMAC_Start || CC_MAC_Start //*** ObjectCreateHMACSequence() @@ -193,11 +193,11 @@ ObjectLoad(OBJECT* object, // IN: pointer to object slot // TPM_RC_OBJECT_MEMORY if there is no free slot for an object TPM_RC ObjectCreateHMACSequence( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - OBJECT* keyObject, // IN: the object containing the HMAC key - TPM2B_AUTH* auth, // IN: authValue - TPMI_DH_OBJECT* newHandle // OUT: HMAC sequence object handle - ); + TPMI_ALG_HASH hashAlg, // IN: hash algorithm + OBJECT* keyObject, // IN: the object containing the HMAC key + TPM2B_AUTH* auth, // IN: authValue + TPMI_DH_OBJECT* newHandle // OUT: HMAC sequence object handle +); #endif //*** ObjectCreateHashSequence() @@ -206,9 +206,9 @@ ObjectCreateHMACSequence( // TPM_RC_OBJECT_MEMORY if there is no free slot for an object TPM_RC ObjectCreateHashSequence(TPMI_ALG_HASH hashAlg, // IN: hash algorithm - TPM2B_AUTH* auth, // IN: authValue - TPMI_DH_OBJECT* newHandle // OUT: sequence object handle - ); + TPM2B_AUTH* auth, // IN: authValue + TPMI_DH_OBJECT* newHandle // OUT: sequence object handle +); //*** ObjectCreateEventSequence() // This function creates an event sequence object. @@ -216,13 +216,14 @@ ObjectCreateHashSequence(TPMI_ALG_HASH hashAlg, // IN: hash algorithm // TPM_RC_OBJECT_MEMORY if there is no free slot for an object TPM_RC ObjectCreateEventSequence(TPM2B_AUTH* auth, // IN: authValue - TPMI_DH_OBJECT* newHandle // OUT: sequence object handle - ); + TPMI_DH_OBJECT* newHandle // OUT: sequence object handle +); //*** ObjectTerminateEvent() // This function is called to close out the event sequence and clean up the hash // context states. void ObjectTerminateEvent(void); + #if 0 // libtpms added //*** ObjectContextLoad() // This function loads an object from a saved object context. @@ -230,10 +231,10 @@ void ObjectTerminateEvent(void); // NULL if there is no free slot for an object // != NULL points to the loaded object OBJECT* ObjectContextLoad( - ANY_OBJECT_BUFFER* object, // IN: pointer to object structure in saved - // context - TPMI_DH_OBJECT* handle // OUT: object handle - ); + ANY_OBJECT_BUFFER* object, // IN: pointer to object structure in saved + // context + TPMI_DH_OBJECT* handle // OUT: object handle +); #endif // libtpms added begin OBJECT * ObjectContextLoadLibtpms(BYTE *buffer, // IN: buffer holding the marshaled object @@ -247,13 +248,13 @@ ObjectContextLoadLibtpms(BYTE *buffer, // IN: buffer holding the // // This function requires that the object is loaded. void FlushObject(TPMI_DH_OBJECT handle // IN: handle to be freed - ); +); //*** ObjectFlushHierarchy() // This function is called to flush all the loaded transient objects associated // with a hierarchy when the hierarchy is disabled. void ObjectFlushHierarchy(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flush - ); +); //*** ObjectLoadEvict() // This function loads a persistent object into a transient object slot. @@ -265,33 +266,33 @@ void ObjectFlushHierarchy(TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be fl // TPM_RC_OBJECT_MEMORY no object slot TPM_RC ObjectLoadEvict(TPM_HANDLE* handle, // IN:OUT: evict object handle. If success, it - // will be replace by the loaded object handle - COMMAND_INDEX commandIndex // IN: the command being processed - ); + // will be replace by the loaded object handle + COMMAND_INDEX commandIndex // IN: the command being processed +); //*** ObjectComputeName() // This does the name computation from a public area (can be marshaled or not). TPM2B_NAME* ObjectComputeName(UINT32 size, // IN: the size of the area to digest - BYTE* publicArea, // IN: the public area to digest - TPM_ALG_ID nameAlg, // IN: the hash algorithm to use - TPM2B_NAME* name // OUT: Computed name - ); + BYTE* publicArea, // IN: the public area to digest + TPM_ALG_ID nameAlg, // IN: the hash algorithm to use + TPM2B_NAME* name // OUT: Computed name +); //*** PublicMarshalAndComputeName() // This function computes the Name of an object from its public area. TPM2B_NAME* PublicMarshalAndComputeName( - TPMT_PUBLIC* publicArea, // IN: public area of an object - TPM2B_NAME* name // OUT: name of the object - ); + TPMT_PUBLIC* publicArea, // IN: public area of an object + TPM2B_NAME* name // OUT: name of the object +); //*** ComputeQualifiedName() // This function computes the qualified name of an object. void ComputeQualifiedName( - TPM_HANDLE parentHandle, // IN: parent's handle - TPM_ALG_ID nameAlg, // IN: name hash - TPM2B_NAME* name, // IN: name of the object - TPM2B_NAME* qualifiedName // OUT: qualified name of the object - ); + TPM_HANDLE parentHandle, // IN: parent's handle + TPM_ALG_ID nameAlg, // IN: name hash + TPM2B_NAME* name, // IN: name of the object + TPM2B_NAME* qualifiedName // OUT: qualified name of the object +); //*** ObjectIsStorage() // This function determines if an object has the attributes associated @@ -301,7 +302,7 @@ void ComputeQualifiedName( // TRUE(1) object is a storage key // FALSE(0) object is not a storage key BOOL ObjectIsStorage(TPMI_DH_OBJECT handle // IN: object handle - ); +); //*** ObjectCapGetLoaded() // This function returns a list of handles of loaded object, starting from @@ -312,14 +313,14 @@ BOOL ObjectIsStorage(TPMI_DH_OBJECT handle // IN: object handle // NO all the available handles has been returned TPMI_YES_NO ObjectCapGetLoaded(TPMI_DH_OBJECT handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE* handleList // OUT: list of handle - ); + UINT32 count, // IN: count of returned handles + TPML_HANDLE* handleList // OUT: list of handle +); //*** ObjectCapGetOneLoaded() // This function returns whether a handle is loaded. BOOL ObjectCapGetOneLoaded(TPMI_DH_OBJECT handle // IN: handle - ); +); //*** ObjectCapGetTransientAvail() // This function returns an estimate of the number of additional transient diff --git a/src/tpm2/Object_spt.c b/src/tpm2/Object_spt.c index 45a88f2d..6b6b6c36 100644 --- a/src/tpm2/Object_spt.c +++ b/src/tpm2/Object_spt.c @@ -70,23 +70,23 @@ // Get the size of TPM2B_IV in canonical form that will be append to the start of // the sensitive data. It includes both size of size field and size of iv data static UINT16 GetIV2BSize(OBJECT* protector // IN: the protector handle - ) +) { TPM_ALG_ID symAlg; UINT16 keyBits; // Determine the symmetric algorithm and size of key if(protector == NULL) - { - // Use the context encryption algorithm and key size - symAlg = CONTEXT_ENCRYPT_ALG; - keyBits = CONTEXT_ENCRYPT_KEY_BITS; - } + { + // Use the context encryption algorithm and key size + symAlg = CONTEXT_ENCRYPT_ALG; + keyBits = CONTEXT_ENCRYPT_KEY_BITS; + } else - { - symAlg = protector->publicArea.parameters.asymDetail.symmetric.algorithm; - keyBits = protector->publicArea.parameters.asymDetail.symmetric.keyBits.sym; - } + { + symAlg = protector->publicArea.parameters.asymDetail.symmetric.algorithm; + keyBits = protector->publicArea.parameters.asymDetail.symmetric.keyBits.sym; + } // The IV size is a UINT16 size field plus the block size of the symmetric // algorithm @@ -103,66 +103,66 @@ static UINT16 GetIV2BSize(OBJECT* protector // IN: the protector handle // the sensitive area of an object or a credential blob // /*(See part 1 specification) - KDF for generating the protection key material: - KDFa(hashAlg, seed, "STORAGE", Name, NULL , bits) - where - hashAlg for a Primary Object, an algorithm chosen by the TPM vendor - for derivations from Primary Seeds. For all other objects, - the nameAlg of the object's parent. - seed for a Primary Object in the Platform Hierarchy, the PPS. - For Primary Objects in either Storage or Endorsement Hierarchy, - the SPS. For Temporary Objects, the context encryption seed. - For all other objects, the symmetric seed value in the - sensitive area of the object's parent. - STORAGE label to differentiate use of KDFa() (see 4.7) - Name the Name of the object being encrypted - bits the number of bits required for a symmetric key and IV + KDF for generating the protection key material: + KDFa(hashAlg, seed, "STORAGE", Name, NULL , bits) +where + hashAlg for a Primary Object, an algorithm chosen by the TPM vendor + for derivations from Primary Seeds. For all other objects, + the nameAlg of the object's parent. + seed for a Primary Object in the Platform Hierarchy, the PPS. + For Primary Objects in either Storage or Endorsement Hierarchy, + the SPS. For Temporary Objects, the context encryption seed. + For all other objects, the symmetric seed value in the + sensitive area of the object's parent. + STORAGE label to differentiate use of KDFa() (see 4.7) + Name the Name of the object being encrypted + bits the number of bits required for a symmetric key and IV */ // Return Type: void static void ComputeProtectionKeyParms( - OBJECT* protector, // IN: the protector object - TPM_ALG_ID hashAlg, // IN: hash algorithm for KDFa - TPM2B* name, // IN: name of the object - TPM2B* seedIn, // IN: optional seed for duplication blob. - // For non duplication blob, this - // parameter should be NULL - TPM_ALG_ID* symAlg, // OUT: the symmetric algorithm - UINT16* keyBits, // OUT: the symmetric key size in bits - TPM2B_SYM_KEY* symKey // OUT: the symmetric key - ) + OBJECT* protector, // IN: the protector object + TPM_ALG_ID hashAlg, // IN: hash algorithm for KDFa + TPM2B* name, // IN: name of the object + TPM2B* seedIn, // IN: optional seed for duplication blob. + // For non duplication blob, this + // parameter should be NULL + TPM_ALG_ID* symAlg, // OUT: the symmetric algorithm + UINT16* keyBits, // OUT: the symmetric key size in bits + TPM2B_SYM_KEY* symKey // OUT: the symmetric key +) { const TPM2B* seed = seedIn; // Determine the algorithms for the KDF and the encryption/decryption // For TPM_RH_NULL, using context settings if(protector == NULL) - { - // Use the context encryption algorithm and key size - *symAlg = CONTEXT_ENCRYPT_ALG; - symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; - *keyBits = CONTEXT_ENCRYPT_KEY_BITS; - } + { + // Use the context encryption algorithm and key size + *symAlg = CONTEXT_ENCRYPT_ALG; + symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; + *keyBits = CONTEXT_ENCRYPT_KEY_BITS; + } else - { - TPMT_SYM_DEF_OBJECT* symDef; - symDef = &protector->publicArea.parameters.asymDetail.symmetric; - *symAlg = symDef->algorithm; - *keyBits = symDef->keyBits.sym; - symKey->t.size = (*keyBits + 7) / 8; - } + { + TPMT_SYM_DEF_OBJECT* symDef; + symDef = &protector->publicArea.parameters.asymDetail.symmetric; + *symAlg = symDef->algorithm; + *keyBits = symDef->keyBits.sym; + symKey->t.size = (*keyBits + 7) / 8; + } // Get seed for KDF if(seed == NULL) - seed = GetSeedForKDF(protector); + seed = GetSeedForKDF(protector); // KDFa to generate symmetric key and IV value CryptKDFa(hashAlg, - seed, - STORAGE_KEY, - name, - NULL, - symKey->t.size * 8, - symKey->t.buffer, - NULL, - FALSE); + seed, + STORAGE_KEY, + name, + NULL, + symKey->t.size * 8, + symKey->t.buffer, + NULL, + FALSE); return; } @@ -174,41 +174,41 @@ static void ComputeProtectionKeyParms( // The size field of sensitive is in unmarshaled form and the // sensitive area contents is an array of bytes. /*(See part 1 specification) - KDFa(hashAlg, seed, "INTEGRITY", NULL, NULL , bits) (38) - where - hashAlg for a Primary Object, the nameAlg of the object. For all other - objects the nameAlg of the object's parent. - seed for a Primary Object in the Platform Hierarchy, the PPS. For - Primary Objects in either Storage or Endorsement Hierarchy, - the SPS. For a Temporary Object, the context encryption key. - For all other objects, the symmetric seed value in the sensitive - area of the object's parent. - "INTEGRITY" a value used to differentiate the uses of the KDF. - bits the number of bits in the digest produced by hashAlg. - Key is then used in the integrity computation. - HMACnameAlg(HMACkey, encSensitive || Name ) - where - HMACnameAlg() the HMAC function using nameAlg of the object's parent - HMACkey value derived from the parent symmetric protection value - encSensitive symmetrically encrypted sensitive area - Name the Name of the object being protected + KDFa(hashAlg, seed, "INTEGRITY", NULL, NULL , bits) (38) +where + hashAlg for a Primary Object, the nameAlg of the object. For all other + objects the nameAlg of the object's parent. + seed for a Primary Object in the Platform Hierarchy, the PPS. For + Primary Objects in either Storage or Endorsement Hierarchy, + the SPS. For a Temporary Object, the context encryption key. + For all other objects, the symmetric seed value in the sensitive + area of the object's parent. + "INTEGRITY" a value used to differentiate the uses of the KDF. + bits the number of bits in the digest produced by hashAlg. +Key is then used in the integrity computation. + HMACnameAlg(HMACkey, encSensitive || Name ) +where + HMACnameAlg() the HMAC function using nameAlg of the object's parent + HMACkey value derived from the parent symmetric protection value + encSensitive symmetrically encrypted sensitive area + Name the Name of the object being protected */ // Return Type: void static void ComputeOuterIntegrity( - TPM2B* name, // IN: the name of the object - OBJECT* protector, // IN: the object that - // provides protection. For an object, - // it is a parent. For a credential, it - // is the encrypt object. For - // a Temporary Object, it is NULL - TPMI_ALG_HASH hashAlg, // IN: algorithm to use for integrity - TPM2B* seedIn, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL - UINT32 sensitiveSize, // IN: size of the marshaled sensitive data - BYTE* sensitiveData, // IN: sensitive area - TPM2B_DIGEST* integrity // OUT: integrity - ) + TPM2B* name, // IN: the name of the object + OBJECT* protector, // IN: the object that + // provides protection. For an object, + // it is a parent. For a credential, it + // is the encrypt object. For + // a Temporary Object, it is NULL + TPMI_ALG_HASH hashAlg, // IN: algorithm to use for integrity + TPM2B* seedIn, // IN: an external seed may be provided for + // duplication blob. For non duplication + // blob, this parameter should be NULL + UINT32 sensitiveSize, // IN: size of the marshaled sensitive data + BYTE* sensitiveData, // IN: sensitive area + TPM2B_DIGEST* integrity // OUT: integrity +) { HMAC_STATE hmacState; TPM2B_DIGEST hmacKey; @@ -216,20 +216,20 @@ static void ComputeOuterIntegrity( // // Get seed for KDF if(seed == NULL) - seed = GetSeedForKDF(protector); + seed = GetSeedForKDF(protector); // Determine the HMAC key bits hmacKey.t.size = CryptHashGetDigestSize(hashAlg); // KDFa to generate HMAC key CryptKDFa(hashAlg, - seed, - INTEGRITY_KEY, - NULL, - NULL, - hmacKey.t.size * 8, - hmacKey.t.buffer, - NULL, - FALSE); + seed, + INTEGRITY_KEY, + NULL, + NULL, + hmacKey.t.size * 8, + hmacKey.t.buffer, + NULL, + FALSE); // Start HMAC and get the size of the digest which will become the integrity integrity->t.size = CryptHmacStart2B(&hmacState, hashAlg, &hmacKey.b); @@ -248,12 +248,12 @@ static void ComputeOuterIntegrity( //*** ComputeInnerIntegrity() // This function computes the integrity of an inner wrap static void ComputeInnerIntegrity( - TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap - TPM2B* name, // IN: the name of the object - UINT16 dataSize, // IN: the size of sensitive data - BYTE* sensitiveData, // IN: sensitive data - TPM2B_DIGEST* integrity // OUT: inner integrity - ) + TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap + TPM2B* name, // IN: the name of the object + UINT16 dataSize, // IN: the size of sensitive data + BYTE* sensitiveData, // IN: sensitive data + TPM2B_DIGEST* integrity // OUT: inner integrity +) { HASH_STATE hashState; // @@ -281,20 +281,20 @@ static void ComputeInnerIntegrity( // This function integrity at the beginning of the inner buffer // It returns the total size of buffer with the inner wrap static UINT16 ProduceInnerIntegrity( - TPM2B* name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap - UINT16 dataSize, // IN: the size of sensitive data, excluding the - // leading integrity buffer size - BYTE* innerBuffer // IN/OUT: inner buffer with sensitive data in - // it. At input, the leading bytes of this - // buffer is reserved for integrity - ) + TPM2B* name, // IN: the name of the object + TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap + UINT16 dataSize, // IN: the size of sensitive data, excluding the + // leading integrity buffer size + BYTE* innerBuffer // IN/OUT: inner buffer with sensitive data in + // it. At input, the leading bytes of this + // buffer is reserved for integrity +) { BYTE* sensitiveData; // pointer to the sensitive data TPM2B_DIGEST integrity; UINT16 integritySize; BYTE* buffer; // Auxiliary buffer pointer - // + // // sensitiveData points to the beginning of sensitive data in innerBuffer integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); sensitiveData = innerBuffer + integritySize; @@ -314,13 +314,13 @@ static UINT16 ProduceInnerIntegrity( // TPM_RC_INTEGRITY if the outer blob integrity is bad // unmarshal errors unmarshal errors while unmarshaling integrity static TPM_RC CheckInnerIntegrity( - TPM2B* name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap - UINT16 dataSize, // IN: the size of sensitive data, including the - // leading integrity buffer size - BYTE* innerBuffer // IN/OUT: inner buffer with sensitive data in - // it - ) + TPM2B* name, // IN: the name of the object + TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap + UINT16 dataSize, // IN: the size of sensitive data, including the + // leading integrity buffer size + BYTE* innerBuffer // IN/OUT: inner buffer with sensitive data in + // it +) { TPM_RC result; TPM2B_DIGEST integrity; @@ -333,14 +333,14 @@ static TPM_RC CheckInnerIntegrity( size = (INT32)dataSize; result = TPM2B_DIGEST_Unmarshal(&integrity, &buffer, &size); if(result == TPM_RC_SUCCESS) - { - // Compute integrity to compare - ComputeInnerIntegrity( - hashAlg, name, (UINT16)size, buffer, &integrityToCompare); - // Compare outer blob integrity - if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) - result = TPM_RC_INTEGRITY; - } + { + // Compute integrity to compare + ComputeInnerIntegrity( + hashAlg, name, (UINT16)size, buffer, &integrityToCompare); + // Compare outer blob integrity + if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) + result = TPM_RC_INTEGRITY; + } return result; } @@ -351,19 +351,19 @@ static TPM_RC CheckInnerIntegrity( // digestSize for the nameAlg. It will then pad with zeros to the size of the // digest. BOOL AdjustAuthSize(TPM2B_AUTH* auth, // IN/OUT: value to adjust - TPMI_ALG_HASH nameAlg // IN: - ) + TPMI_ALG_HASH nameAlg // IN: +) { UINT16 digestSize; // // If there is no nameAlg, then this is a LoadExternal and the authVale can // be any size up to the maximum allowed by the implementation digestSize = (nameAlg == TPM_ALG_NULL) ? sizeof(TPMU_HA) - : CryptHashGetDigestSize(nameAlg); + : CryptHashGetDigestSize(nameAlg); if(digestSize < MemoryRemoveTrailingZeros(auth)) - return FALSE; + return FALSE; else if(digestSize > auth->t.size) - MemoryPad2B(&auth->b, digestSize); + MemoryPad2B(&auth->b, digestSize); auth->t.size = digestSize; return TRUE; @@ -378,7 +378,7 @@ BOOL AdjustAuthSize(TPM2B_AUTH* auth, // IN/OUT: value to adjust // TRUE(1) properties are those of a parent // FALSE(0) properties are not those of a parent BOOL ObjectIsParent(OBJECT* parentObject // IN: parent handle - ) +) { return parentObject->attributes.isParent; } @@ -397,9 +397,9 @@ BOOL ObjectIsParent(OBJECT* parentObject // IN: parent handle // other returns from PublicAttributesValidation() TPM_RC CreateChecks(OBJECT* parentObject, - TPMI_RH_HIERARCHY primaryHierarchy, - TPMT_PUBLIC* publicArea, - UINT16 sensitiveDataSize) + TPMI_RH_HIERARCHY primaryHierarchy, + TPMT_PUBLIC* publicArea, + UINT16 sensitiveDataSize) { TPMA_OBJECT attributes = publicArea->objectAttributes; TPM_RC result = TPM_RC_SUCCESS; @@ -408,46 +408,46 @@ CreateChecks(OBJECT* parentObject, // they have provided some data. if((!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) && (sensitiveDataSize == 0)) - return TPM_RCS_ATTRIBUTES; + return TPM_RCS_ATTRIBUTES; // For an ordinary object, data can only be provided when sensitiveDataOrigin // is CLEAR if((parentObject != NULL) && (IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) && (sensitiveDataSize != 0)) - return TPM_RCS_ATTRIBUTES; + return TPM_RCS_ATTRIBUTES; switch(publicArea->type) - { - case TPM_ALG_KEYEDHASH: - // if this is a data object (sign == decrypt == CLEAR) then the - // TPM cannot be the data source. - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt) - && IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - result = TPM_RC_ATTRIBUTES; - // comment out the next line in order to prevent a fixedTPM derivation - // parent - // break; - /* fallthrough */ // libtpms added - case TPM_ALG_SYMCIPHER: - // A restricted key symmetric key (SYMCIPHER and KEYEDHASH) - // must have sensitiveDataOrigin SET unless it has fixedParent and - // fixedTPM CLEAR. - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) - || IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) - result = TPM_RCS_ATTRIBUTES; - break; - default: // Asymmetric keys cannot have the sensitive portion provided - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) - result = TPM_RCS_ATTRIBUTES; - break; - } + { + case TPM_ALG_KEYEDHASH: + // if this is a data object (sign == decrypt == CLEAR) then the + // TPM cannot be the data source. + if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt) + && IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) + result = TPM_RC_ATTRIBUTES; + // comment out the next line in order to prevent a fixedTPM derivation + // parent + // break; + /* fallthrough */ // libtpms added + case TPM_ALG_SYMCIPHER: + // A restricted key symmetric key (SYMCIPHER and KEYEDHASH) + // must have sensitiveDataOrigin SET unless it has fixedParent and + // fixedTPM CLEAR. + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) + if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) + || IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) + result = TPM_RCS_ATTRIBUTES; + break; + default: // Asymmetric keys cannot have the sensitive portion provided + if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) + result = TPM_RCS_ATTRIBUTES; + break; + } if(TPM_RC_SUCCESS == result) - { - result = - PublicAttributesValidation(parentObject, primaryHierarchy, publicArea); - } + { + result = + PublicAttributesValidation(parentObject, primaryHierarchy, publicArea); + } return result; } @@ -467,8 +467,8 @@ CreateChecks(OBJECT* parentObject, // TPM_ALG_NULL TPM_RC SchemeChecks(OBJECT* parentObject, // IN: parent (null if primary seed) - TPMT_PUBLIC* publicArea // IN: public area of the object - ) + TPMT_PUBLIC* publicArea // IN: public area of the object +) { TPMT_SYM_DEF_OBJECT* symAlgs = NULL; TPM_ALG_ID scheme = TPM_ALG_NULL; @@ -476,170 +476,170 @@ SchemeChecks(OBJECT* parentObject, // IN: parent (null if primary seed) TPMU_PUBLIC_PARMS* parms = &publicArea->parameters; // switch(publicArea->type) - { - case TPM_ALG_SYMCIPHER: - symAlgs = &parms->symDetail.sym; - // If this is a decrypt key, then only the block cipher modes (not - // SMAC) are valid. TPM_ALG_NULL is OK too. If this is a 'sign' key, - // then any mode that got through the unmarshaling is OK. - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt) - && !CryptSymModeIsValid(symAlgs->mode.sym, TRUE)) - return TPM_RCS_SCHEME; - break; - case TPM_ALG_KEYEDHASH: - scheme = parms->keyedHashDetail.scheme.scheme; - // if both sign and decrypt - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - // if both sign and decrypt are set or clear, then need - // TPM_ALG_NULL as scheme - if(scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - else if( - IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) && scheme != TPM_ALG_HMAC) - return TPM_RCS_SCHEME; - else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - if(scheme != TPM_ALG_XOR) - return TPM_RCS_SCHEME; - // If this is a derivation parent, then the KDF needs to be - // SP800-108 for this implementation. This is the only derivation - // supported by this implementation. Other implementations could - // support additional schemes. There is no default. - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - { - if(parms->keyedHashDetail.scheme.details. - xorr.kdf != TPM_ALG_KDF1_SP800_108) - return TPM_RCS_SCHEME; - // Must select a digest. - if(CryptHashGetDigestSize( - parms->keyedHashDetail.scheme.details.xorr.hashAlg) - == 0) - return TPM_RCS_HASH; - } - } - break; - default: // handling for asymmetric - scheme = parms->asymDetail.scheme.scheme; - symAlgs = &parms->asymDetail.symmetric; - // if the key is both sign and decrypt, then the scheme must be - // TPM_ALG_NULL because there is no way to specify both a sign and a - // decrypt scheme in the key. - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) - == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - // scheme must be TPM_ALG_NULL - if(scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) - { - // If this is a signing key, see if it has a signing scheme - if(CryptIsAsymSignScheme(publicArea->type, scheme)) - { - // if proper signing scheme then it needs a proper hash - if(parms->asymDetail.scheme.details.anySig.hashAlg - == TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - else - { - // signing key that does not have a proper signing scheme. - // This is OK if the key is not restricted and its scheme - // is TPM_ALG_NULL - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) - || scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - } - else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - { - // for a restricted decryption key (a parent), scheme - // is required to be TPM_ALG_NULL - if(scheme != TPM_ALG_NULL) - return TPM_RCS_SCHEME; - } - else - { - // For an unrestricted decryption key, the scheme has to - // be a valid scheme or TPM_ALG_NULL - if(scheme != TPM_ALG_NULL - && !CryptIsAsymDecryptScheme(publicArea->type, scheme)) - return TPM_RCS_SCHEME; - } - } - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) - || !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - // For an asymmetric key that is not a parent, the symmetric - // algorithms must be TPM_ALG_NULL - if(symAlgs->algorithm != TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC; - } - // Special checks for an ECC key + { + case TPM_ALG_SYMCIPHER: + symAlgs = &parms->symDetail.sym; + // If this is a decrypt key, then only the block cipher modes (not + // SMAC) are valid. TPM_ALG_NULL is OK too. If this is a 'sign' key, + // then any mode that got through the unmarshaling is OK. + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt) + && !CryptSymModeIsValid(symAlgs->mode.sym, TRUE)) + return TPM_RCS_SCHEME; + break; + case TPM_ALG_KEYEDHASH: + scheme = parms->keyedHashDetail.scheme.scheme; + // if both sign and decrypt + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) + == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + { + // if both sign and decrypt are set or clear, then need + // TPM_ALG_NULL as scheme + if(scheme != TPM_ALG_NULL) + return TPM_RCS_SCHEME; + } + else if( + IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) && scheme != TPM_ALG_HMAC) + return TPM_RCS_SCHEME; + else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + { + if(scheme != TPM_ALG_XOR) + return TPM_RCS_SCHEME; + // If this is a derivation parent, then the KDF needs to be + // SP800-108 for this implementation. This is the only derivation + // supported by this implementation. Other implementations could + // support additional schemes. There is no default. + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) + { + if(parms->keyedHashDetail.scheme.details. + xorr.kdf != TPM_ALG_KDF1_SP800_108) + return TPM_RCS_SCHEME; + // Must select a digest. + if(CryptHashGetDigestSize( + parms->keyedHashDetail.scheme.details.xorr.hashAlg) + == 0) + return TPM_RCS_HASH; + } + } + break; + default: // handling for asymmetric + scheme = parms->asymDetail.scheme.scheme; + symAlgs = &parms->asymDetail.symmetric; + // if the key is both sign and decrypt, then the scheme must be + // TPM_ALG_NULL because there is no way to specify both a sign and a + // decrypt scheme in the key. + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) + == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + { + // scheme must be TPM_ALG_NULL + if(scheme != TPM_ALG_NULL) + return TPM_RCS_SCHEME; + } + else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) + { + // If this is a signing key, see if it has a signing scheme + if(CryptIsAsymSignScheme(publicArea->type, scheme)) + { + // if proper signing scheme then it needs a proper hash + if(parms->asymDetail.scheme.details.anySig.hashAlg + == TPM_ALG_NULL) + return TPM_RCS_SCHEME; + } + else + { + // signing key that does not have a proper signing scheme. + // This is OK if the key is not restricted and its scheme + // is TPM_ALG_NULL + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) + || scheme != TPM_ALG_NULL) + return TPM_RCS_SCHEME; + } + } + else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + { + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) + { + // for a restricted decryption key (a parent), scheme + // is required to be TPM_ALG_NULL + if(scheme != TPM_ALG_NULL) + return TPM_RCS_SCHEME; + } + else + { + // For an unrestricted decryption key, the scheme has to + // be a valid scheme or TPM_ALG_NULL + if(scheme != TPM_ALG_NULL + && !CryptIsAsymDecryptScheme(publicArea->type, scheme)) + return TPM_RCS_SCHEME; + } + } + if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) + || !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) + { + // For an asymmetric key that is not a parent, the symmetric + // algorithms must be TPM_ALG_NULL + if(symAlgs->algorithm != TPM_ALG_NULL) + return TPM_RCS_SYMMETRIC; + } + // Special checks for an ECC key #if ALG_ECC - if(publicArea->type == TPM_ALG_ECC) - { - TPM_ECC_CURVE curveID; - const TPMT_ECC_SCHEME* curveScheme; + if(publicArea->type == TPM_ALG_ECC) + { + TPM_ECC_CURVE curveID; + const TPMT_ECC_SCHEME* curveScheme; - curveID = publicArea->parameters.eccDetail.curveID; - curveScheme = CryptGetCurveSignScheme(curveID); - // The curveId must be valid or the unmarshaling is busted. - pAssert(curveScheme != NULL); + curveID = publicArea->parameters.eccDetail.curveID; + curveScheme = CryptGetCurveSignScheme(curveID); + // The curveId must be valid or the unmarshaling is busted. + pAssert(curveScheme != NULL); - // If the curveID requires a specific scheme, then the key must - // select the same scheme - if(curveScheme->scheme != TPM_ALG_NULL) - { - TPMS_ECC_PARMS* ecc = &publicArea->parameters.eccDetail; - if(scheme != curveScheme->scheme) - return TPM_RCS_SCHEME; - // The scheme can allow any hash, or not... - if(curveScheme->details.anySig.hashAlg != TPM_ALG_NULL - && (ecc->scheme.details.anySig.hashAlg - != curveScheme->details.anySig.hashAlg)) - return TPM_RCS_SCHEME; - } - // For now, the KDF must be TPM_ALG_NULL - if(publicArea->parameters.eccDetail.kdf.scheme != TPM_ALG_NULL) - return TPM_RCS_KDF; - } + // If the curveID requires a specific scheme, then the key must + // select the same scheme + if(curveScheme->scheme != TPM_ALG_NULL) + { + TPMS_ECC_PARMS* ecc = &publicArea->parameters.eccDetail; + if(scheme != curveScheme->scheme) + return TPM_RCS_SCHEME; + // The scheme can allow any hash, or not... + if(curveScheme->details.anySig.hashAlg != TPM_ALG_NULL + && (ecc->scheme.details.anySig.hashAlg + != curveScheme->details.anySig.hashAlg)) + return TPM_RCS_SCHEME; + } + // For now, the KDF must be TPM_ALG_NULL + if(publicArea->parameters.eccDetail.kdf.scheme != TPM_ALG_NULL) + return TPM_RCS_KDF; + } #endif - break; - } + break; + } // If this is a restricted decryption key with symmetric algorithms, then it // is an ordinary parent (not a derivation parent). It needs to specific // symmetric algorithms other than TPM_ALG_NULL if(symAlgs != NULL && IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) && IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - if(symAlgs->algorithm == TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC; + { + if(symAlgs->algorithm == TPM_ALG_NULL) + return TPM_RCS_SYMMETRIC; #if 0 //?? - // This next check is under investigation. Need to see if it will break Windows - // before it is enabled. If it does not, then it should be default because a - // the mode used with a parent is always CFB and Part 2 indicates as much. - if(symAlgs->mode.sym != TPM_ALG_CFB) - return TPM_RCS_MODE; +// This next check is under investigation. Need to see if it will break Windows +// before it is enabled. If it does not, then it should be default because a +// the mode used with a parent is always CFB and Part 2 indicates as much. + if(symAlgs->mode.sym != TPM_ALG_CFB) + return TPM_RCS_MODE; #endif - // If this parent is not duplicable, then the symmetric algorithms - // (encryption and hash) must match those of its parent - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) - && (parentObject != NULL)) - { - if(publicArea->nameAlg != parentObject->publicArea.nameAlg) - return TPM_RCS_HASH; - if(!MemoryEqual(symAlgs, - &parentObject->publicArea.parameters, - sizeof(TPMT_SYM_DEF_OBJECT))) - return TPM_RCS_SYMMETRIC; - } - } + // If this parent is not duplicable, then the symmetric algorithms + // (encryption and hash) must match those of its parent + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) + && (parentObject != NULL)) + { + if(publicArea->nameAlg != parentObject->publicArea.nameAlg) + return TPM_RCS_HASH; + if(!MemoryEqual(symAlgs, + &parentObject->publicArea.parameters, + sizeof(TPMT_SYM_DEF_OBJECT))) + return TPM_RCS_SYMMETRIC; + } + } return TPM_RC_SUCCESS; } @@ -664,144 +664,141 @@ SchemeChecks(OBJECT* parentObject, // IN: parent (null if primary seed) // other returns from SchemeChecks() TPM_RC PublicAttributesValidation( - // IN: input parent object (if ordinary or derived object; NULL otherwise) - OBJECT* parentObject, - // IN: hierarchy (if primary object; 0 otherwise) - TPMI_RH_HIERARCHY primaryHierarchy, - // IN: public area of the object - TPMT_PUBLIC* publicArea) + // IN: input parent object (if ordinary or derived object; NULL otherwise) + OBJECT* parentObject, + // IN: hierarchy (if primary object; 0 otherwise) + TPMI_RH_HIERARCHY primaryHierarchy, + // IN: public area of the object + TPMT_PUBLIC* publicArea) { TPMA_OBJECT attributes = publicArea->objectAttributes; TPMA_OBJECT parentAttributes = TPMA_ZERO_INITIALIZER(); if(parentObject != NULL) - parentAttributes = parentObject->publicArea.objectAttributes; + parentAttributes = parentObject->publicArea.objectAttributes; if(publicArea->nameAlg == TPM_ALG_NULL) - return TPM_RCS_HASH; + return TPM_RCS_HASH; // If there is an authPolicy, it needs to be the size of the digest produced // by the nameAlg of the object if((publicArea->authPolicy.t.size != 0 - && (publicArea->authPolicy.t.size - != CryptHashGetDigestSize(publicArea->nameAlg)))) - return TPM_RCS_SIZE; + && (publicArea->authPolicy.t.size + != CryptHashGetDigestSize(publicArea->nameAlg)))) + return TPM_RCS_SIZE; // If the parent is fixedTPM (including a Primary Object) the object must have // the same value for fixedTPM and fixedParent if(parentObject == NULL || IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) - { - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) - != IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) - return TPM_RCS_ATTRIBUTES; - } + { + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) + != IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) + return TPM_RCS_ATTRIBUTES; + } else - { - // The parent is not fixedTPM so the object can't be fixedTPM - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) - return TPM_RCS_ATTRIBUTES; - } + { + // The parent is not fixedTPM so the object can't be fixedTPM + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) + return TPM_RCS_ATTRIBUTES; + } // See if sign and decrypt are the same if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) - { - // a restricted key cannot have both SET or both CLEAR - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) - return TPM_RC_ATTRIBUTES; - // only a data object may have both sign and decrypt CLEAR - // BTW, since we know that decrypt==sign, no need to check both - if(publicArea->type != TPM_ALG_KEYEDHASH - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) - return TPM_RC_ATTRIBUTES; - } + { + // a restricted key cannot have both SET or both CLEAR + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) + return TPM_RC_ATTRIBUTES; + // only a data object may have both sign and decrypt CLEAR + // BTW, since we know that decrypt==sign, no need to check both + if(publicArea->type != TPM_ALG_KEYEDHASH + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) + return TPM_RC_ATTRIBUTES; + } // If the object can't be duplicated (directly or indirectly) then there // is no justification for having encryptedDuplication SET if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) && IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) - return TPM_RCS_ATTRIBUTES; + return TPM_RCS_ATTRIBUTES; // If a parent object has fixedTPM CLEAR, the child must have the // same encryptedDuplication value as its parent. // Primary objects are considered to have a fixedTPM parent (the seeds). if(parentObject != NULL && !IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) - { - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication) - != IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, encryptedDuplication)) - return TPM_RCS_ATTRIBUTES; - } -#define TPMA_OBJECT_firmwareLimited ((TPMA_OBJECT)(1 << 8)) -#define TPMA_OBJECT_svnLimited ((TPMA_OBJECT)(1 << 9)) - + { + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication) + != IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, encryptedDuplication)) + return TPM_RCS_ATTRIBUTES; + } // firmwareLimited/svnLimited can only be set if fixedTPM is also set. if((IS_ATTRIBUTE(attributes, TPMA_OBJECT, firmwareLimited) - || IS_ATTRIBUTE(attributes, TPMA_OBJECT, svnLimited)) + || IS_ATTRIBUTE(attributes, TPMA_OBJECT, svnLimited)) && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) - { - return TPM_RCS_ATTRIBUTES; - } + { + return TPM_RCS_ATTRIBUTES; + } // firmwareLimited/svnLimited also impose requirements on the parent key or // primary handle. if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, firmwareLimited)) - { -#if FW_LIMITED_SUPPORT // libtpms added - if(parentObject != NULL) - { - // For an ordinary object, firmwareLimited can only be set if its - // parent is also firmwareLimited. - if(!IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, firmwareLimited)) - return TPM_RCS_ATTRIBUTES; - } - else if(primaryHierarchy != 0) - { - // For a primary object, firmwareLimited can only be set if its - // hierarchy is a firmware-limited hierarchy. - if(!HierarchyIsFirmwareLimited(primaryHierarchy)) - return TPM_RCS_ATTRIBUTES; - } - else - { - return TPM_RCS_ATTRIBUTES; - } -#else // libtpms added begin + { +#if FW_LIMITED_SUPPORT // libtpms added + if(parentObject != NULL) + { + // For an ordinary object, firmwareLimited can only be set if its + // parent is also firmwareLimited. + if(!IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, firmwareLimited)) + return TPM_RCS_ATTRIBUTES; + } + else if(primaryHierarchy != 0) + { + // For a primary object, firmwareLimited can only be set if its + // hierarchy is a firmware-limited hierarchy. + if(!HierarchyIsFirmwareLimited(primaryHierarchy)) + return TPM_RCS_ATTRIBUTES; + } + else + { + return TPM_RCS_ATTRIBUTES; + } +#else // libtpms added begin (void)primaryHierarchy; - return TPM_RCS_ATTRIBUTES; -#endif // libtpms added end - } + return TPM_RCS_ATTRIBUTES; +#endif // libtpms added end + } if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, svnLimited)) - { -#if SVN_LIMITED_SUPPORT // libtpms added - if(parentObject != NULL) - { - // For an ordinary object, svnLimited can only be set if its - // parent is also svnLimited. - if(!IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, svnLimited)) - return TPM_RCS_ATTRIBUTES; - } - else if(primaryHierarchy != 0) - { - // For a primary object, svnLimited can only be set if its - // hierarchy is an svn-limited hierarchy. - if(!HierarchyIsSvnLimited(primaryHierarchy)) - return TPM_RCS_ATTRIBUTES; - } - else - { - return TPM_RCS_ATTRIBUTES; - } -#else // libtpms added begin + { +#if SVN_LIMITED_SUPPORT // libtpms added + if(parentObject != NULL) + { + // For an ordinary object, svnLimited can only be set if its + // parent is also svnLimited. + if(!IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, svnLimited)) + return TPM_RCS_ATTRIBUTES; + } + else if(primaryHierarchy != 0) + { + // For a primary object, svnLimited can only be set if its + // hierarchy is an svn-limited hierarchy. + if(!HierarchyIsSvnLimited(primaryHierarchy)) + return TPM_RCS_ATTRIBUTES; + } + else + { + return TPM_RCS_ATTRIBUTES; + } +#else // libtpms added begin (void)primaryHierarchy; - return TPM_RCS_ATTRIBUTES; -#endif // libtpms added end - } + return TPM_RCS_ATTRIBUTES; +#endif // libtpms added end + } // Special checks for derived objects if((parentObject != NULL) && (parentObject->attributes.derivation == SET)) - { - // A derived object has the same settings for fixedTPM as its parent - if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) - != IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) - return TPM_RCS_ATTRIBUTES; - // A derived object is required to be fixedParent - if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent)) - return TPM_RCS_ATTRIBUTES; - } + { + // A derived object has the same settings for fixedTPM as its parent + if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) + != IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) + return TPM_RCS_ATTRIBUTES; + // A derived object is required to be fixedParent + if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent)) + return TPM_RCS_ATTRIBUTES; + } return SchemeChecks(parentObject, publicArea); } @@ -809,13 +806,13 @@ PublicAttributesValidation( // Fill in creation data for an object. // Return Type: void void FillInCreationData( - TPMI_DH_OBJECT parentHandle, // IN: handle of parent - TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm - TPML_PCR_SELECTION* creationPCR, // IN: PCR selection - TPM2B_DATA* outsideData, // IN: outside data - TPM2B_CREATION_DATA* outCreation, // OUT: creation data for output - TPM2B_DIGEST* creationDigest // OUT: creation digest - ) + TPMI_DH_OBJECT parentHandle, // IN: handle of parent + TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm + TPML_PCR_SELECTION* creationPCR, // IN: PCR selection + TPM2B_DATA* outsideData, // IN: outside data + TPM2B_CREATION_DATA* outCreation, // OUT: creation data for output + TPM2B_DIGEST* creationDigest // OUT: creation digest +) { BYTE creationBuffer[sizeof(TPMS_CREATION_DATA)]; BYTE* buffer; @@ -825,7 +822,7 @@ void FillInCreationData( // Compute PCR digest PCRComputeCurrentDigest( - nameHashAlg, creationPCR, &outCreation->creationData.pcrDigest); + nameHashAlg, creationPCR, &outCreation->creationData.pcrDigest); // Put back PCR selection list outCreation->creationData.pcrSelect = *creationPCR; @@ -837,35 +834,35 @@ void FillInCreationData( // If the parent is either a primary seed or TPM_ALG_NULL, then the Name // and QN of the parent are the parent's handle. if(HandleGetType(parentHandle) == TPM_HT_PERMANENT) - { - buffer = &outCreation->creationData.parentName.t.name[0]; - outCreation->creationData.parentName.t.size = - TPM_HANDLE_Marshal(&parentHandle, &buffer, NULL); - // For a primary or temporary object, the parent name (a handle) and the - // parent's QN are the same - outCreation->creationData.parentQualifiedName = - outCreation->creationData.parentName; - } + { + buffer = &outCreation->creationData.parentName.t.name[0]; + outCreation->creationData.parentName.t.size = + TPM_HANDLE_Marshal(&parentHandle, &buffer, NULL); + // For a primary or temporary object, the parent name (a handle) and the + // parent's QN are the same + outCreation->creationData.parentQualifiedName = + outCreation->creationData.parentName; + } else // Regular object - { - OBJECT* parentObject = HandleToObject(parentHandle); - // - // Set name algorithm - outCreation->creationData.parentNameAlg = parentObject->publicArea.nameAlg; + { + OBJECT* parentObject = HandleToObject(parentHandle); + // + // Set name algorithm + outCreation->creationData.parentNameAlg = parentObject->publicArea.nameAlg; - // Copy parent name - outCreation->creationData.parentName = parentObject->name; + // Copy parent name + outCreation->creationData.parentName = parentObject->name; - // Copy parent qualified name - outCreation->creationData.parentQualifiedName = parentObject->qualifiedName; - } + // Copy parent qualified name + outCreation->creationData.parentQualifiedName = parentObject->qualifiedName; + } // Copy outside information outCreation->creationData.outsideInfo = *outsideData; // Marshal creation data to canonical form buffer = creationBuffer; outCreation->size = - TPMS_CREATION_DATA_Marshal(&outCreation->creationData, &buffer, NULL); + TPMS_CREATION_DATA_Marshal(&outCreation->creationData, &buffer, NULL); // Compute hash for creation field in public template creationDigest->t.size = CryptHashStart(&hashState, nameHashAlg); CryptDigestUpdate(&hashState, outCreation->size, creationBuffer); @@ -877,16 +874,16 @@ void FillInCreationData( //*** GetSeedForKDF() // Get a seed for KDF. The KDF for encryption and HMAC key use the same seed. const TPM2B* GetSeedForKDF(OBJECT* protector // IN: the protector handle - ) +) { // Get seed for encryption key. Use input seed if provided. // Otherwise, using protector object's seedValue. TPM_RH_NULL is the only // exception that we may not have a loaded object as protector. In such a // case, use nullProof as seed. if(protector == NULL) - return &gr.nullProof.b; + return &gr.nullProof.b; else - return &protector->sensitive.seedValue.b; + return &protector->sensitive.seedValue.b; } //*** ProduceOuterWrap() @@ -903,21 +900,21 @@ const TPM2B* GetSeedForKDF(OBJECT* protector // IN: the protector handle // It returns the total size of blob with outer wrap UINT16 ProduceOuterWrap(OBJECT* protector, // IN: The handle of the object that provides - // protection. For object, it is parent - // handle. For credential, it is the handle - // of encrypt object. - TPM2B* name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap - TPM2B* seed, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL - BOOL useIV, // IN: indicate if an IV is used - UINT16 dataSize, // IN: the size of sensitive data, excluding the - // leading integrity buffer size or the - // optional iv size - BYTE* outerBuffer // IN/OUT: outer buffer with sensitive data in - // it - ) + // protection. For object, it is parent + // handle. For credential, it is the handle + // of encrypt object. + TPM2B* name, // IN: the name of the object + TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap + TPM2B* seed, // IN: an external seed may be provided for + // duplication blob. For non duplication + // blob, this parameter should be NULL + BOOL useIV, // IN: indicate if an IV is used + UINT16 dataSize, // IN: the size of sensitive data, excluding the + // leading integrity buffer size or the + // optional iv size + BYTE* outerBuffer // IN/OUT: outer buffer with sensitive data in + // it +) { TPM_ALG_ID symAlg; UINT16 keyBits; @@ -929,7 +926,7 @@ ProduceOuterWrap(OBJECT* protector, // IN: The handle of the object that provi TPM2B_DIGEST integrity; UINT16 integritySize; BYTE* buffer; // Auxiliary buffer pointer - // + // // Compute the beginning of sensitive data. The outer integrity should // always exist if this function is called to make an outer wrap integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); @@ -937,45 +934,45 @@ ProduceOuterWrap(OBJECT* protector, // IN: The handle of the object that provi // If iv is used, adjust the pointer of sensitive data and add iv before it if(useIV) - { - ivSize = GetIV2BSize(protector); + { + ivSize = GetIV2BSize(protector); - // Generate IV from RNG. The iv data size should be the total IV area - // size minus the size of size field - ivRNG.t.size = ivSize - sizeof(UINT16); - CryptRandomGenerate(ivRNG.t.size, ivRNG.t.buffer); + // Generate IV from RNG. The iv data size should be the total IV area + // size minus the size of size field + ivRNG.t.size = ivSize - sizeof(UINT16); + CryptRandomGenerate(ivRNG.t.size, ivRNG.t.buffer); - // Marshal IV to buffer - buffer = sensitiveData; - TPM2B_IV_Marshal(&ivRNG, &buffer, NULL); + // Marshal IV to buffer + buffer = sensitiveData; + TPM2B_IV_Marshal(&ivRNG, &buffer, NULL); - // adjust sensitive data starting after IV area - sensitiveData += ivSize; + // adjust sensitive data starting after IV area + sensitiveData += ivSize; - // Use iv for encryption - iv = &ivRNG; - } + // Use iv for encryption + iv = &ivRNG; + } // Compute symmetric key parameters for outer buffer encryption ComputeProtectionKeyParms( - protector, hashAlg, name, seed, &symAlg, &keyBits, &symKey); + protector, hashAlg, name, seed, &symAlg, &keyBits, &symKey); // Encrypt inner buffer in place CryptSymmetricEncrypt(sensitiveData, - symAlg, - keyBits, - symKey.t.buffer, - iv, - TPM_ALG_CFB, - dataSize, - sensitiveData); + symAlg, + keyBits, + symKey.t.buffer, + iv, + TPM_ALG_CFB, + dataSize, + sensitiveData); // Compute outer integrity. Integrity computation includes the optional IV // area ComputeOuterIntegrity(name, - protector, - hashAlg, - seed, - dataSize + ivSize, - outerBuffer + integritySize, - &integrity); + protector, + hashAlg, + seed, + dataSize + ivSize, + outerBuffer + integritySize, + &integrity); // Add integrity at the beginning of outer buffer buffer = outerBuffer; TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); @@ -998,20 +995,20 @@ ProduceOuterWrap(OBJECT* protector, // IN: The handle of the object that provi // algorithm block size TPM_RC UnwrapOuter(OBJECT* protector, // IN: The object that provides - // protection. For object, it is parent - // handle. For credential, it is the - // encrypt object. - TPM2B* name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap - TPM2B* seed, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL. - BOOL useIV, // IN: indicates if an IV is used - UINT16 dataSize, // IN: size of sensitive data in outerBuffer, - // including the leading integrity buffer - // size, and an optional iv area - BYTE* outerBuffer // IN/OUT: sensitive data - ) + // protection. For object, it is parent + // handle. For credential, it is the + // encrypt object. + TPM2B* name, // IN: the name of the object + TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap + TPM2B* seed, // IN: an external seed may be provided for + // duplication blob. For non duplication + // blob, this parameter should be NULL. + BOOL useIV, // IN: indicates if an IV is used + UINT16 dataSize, // IN: size of sensitive data in outerBuffer, + // including the leading integrity buffer + // size, and an optional iv area + BYTE* outerBuffer // IN/OUT: sensitive data +) { TPM_RC result; TPM_ALG_ID symAlg = TPM_ALG_NULL; @@ -1029,48 +1026,48 @@ UnwrapOuter(OBJECT* protector, // IN: The object that provides size = (INT32)dataSize; result = TPM2B_DIGEST_Unmarshal(&integrity, &sensitiveData, &size); if(result == TPM_RC_SUCCESS) - { - // Compute integrity to compare - ComputeOuterIntegrity(name, - protector, - hashAlg, - seed, - (UINT16)size, - sensitiveData, - &integrityToCompare); - // Compare outer blob integrity - if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) - return TPM_RCS_INTEGRITY; - // Get the symmetric algorithm parameters used for encryption - ComputeProtectionKeyParms( - protector, hashAlg, name, seed, &symAlg, &keyBits, &symKey); - // Retrieve IV if it is used - if(useIV) - { - result = TPM2B_IV_Unmarshal(&ivIn, &sensitiveData, &size); - if(result == TPM_RC_SUCCESS) - { - // The input iv size for CFB must match the encryption algorithm - // block size - if(ivIn.t.size != CryptGetSymmetricBlockSize(symAlg, keyBits)) - result = TPM_RC_VALUE; - else - iv = &ivIn; - } - } - } + { + // Compute integrity to compare + ComputeOuterIntegrity(name, + protector, + hashAlg, + seed, + (UINT16)size, + sensitiveData, + &integrityToCompare); + // Compare outer blob integrity + if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) + return TPM_RCS_INTEGRITY; + // Get the symmetric algorithm parameters used for encryption + ComputeProtectionKeyParms( + protector, hashAlg, name, seed, &symAlg, &keyBits, &symKey); + // Retrieve IV if it is used + if(useIV) + { + result = TPM2B_IV_Unmarshal(&ivIn, &sensitiveData, &size); + if(result == TPM_RC_SUCCESS) + { + // The input iv size for CFB must match the encryption algorithm + // block size + if(ivIn.t.size != CryptGetSymmetricBlockSize(symAlg, keyBits)) + result = TPM_RC_VALUE; + else + iv = &ivIn; + } + } + } // If no errors, decrypt private in place. Since this function uses CFB, // CryptSymmetricDecrypt() will not return any errors. It may fail but it will // not return an error. if(result == TPM_RC_SUCCESS) - CryptSymmetricDecrypt(sensitiveData, - symAlg, - keyBits, - symKey.t.buffer, - iv, - TPM_ALG_CFB, - (UINT16)size, - sensitiveData); + CryptSymmetricDecrypt(sensitiveData, + symAlg, + keyBits, + symKey.t.buffer, + iv, + TPM_ALG_CFB, + (UINT16)size, + sensitiveData); return result; } @@ -1080,14 +1077,14 @@ UnwrapOuter(OBJECT* protector, // IN: The object that provides // 'nameAlg' // Returns the size of the marshaled area. static UINT16 MarshalSensitive( - OBJECT* parent LIBTPMS_ATTR_UNUSED, // IN: the object parent (optional) - BYTE* buffer, // OUT: receiving buffer - TPMT_SENSITIVE* sensitive, // IN: the sensitive area to marshal - TPMI_ALG_HASH nameAlg // IN: - ) + OBJECT* parent LIBTPMS_ATTR_UNUSED, // IN: the object parent (optional) + BYTE* buffer, // OUT: receiving buffer + TPMT_SENSITIVE* sensitive, // IN: the sensitive area to marshal + TPMI_ALG_HASH nameAlg // IN: +) { BYTE* sizeField = buffer; // saved so that size can be - // marshaled after it is known + // marshaled after it is known UINT16 retVal; // // Pad the authValue if needed @@ -1095,29 +1092,29 @@ static UINT16 MarshalSensitive( buffer += 2; // Marshal the structure -#if 0 /* ALG_RSA */ // libtpms changed: We never set the RSA_prime_flag! +#if 0 /* ALG_RSA */ // libtpms changed: We never set the RSA_prime_flag! // If the sensitive size is the special case for a prime in the type if((sensitive->sensitive.rsa.t.size & RSA_prime_flag) > 0) - { - UINT16 sizeSave = sensitive->sensitive.rsa.t.size; - // - // Turn off the flag that indicates that the sensitive->sensitive contains - // the CRT form of the exponent. - sensitive->sensitive.rsa.t.size &= ~(RSA_prime_flag); - // If the parent isn't fixedTPM, then truncate the sensitive data to be - // the size of the prime. Otherwise, leave it at the current size which - // is the full CRT size. - if(parent == NULL - || !IS_ATTRIBUTE( - parent->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM)) - sensitive->sensitive.rsa.t.size /= 5; - retVal = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); - // Restore the flag and the size. - sensitive->sensitive.rsa.t.size = sizeSave; - } + { + UINT16 sizeSave = sensitive->sensitive.rsa.t.size; + // + // Turn off the flag that indicates that the sensitive->sensitive contains + // the CRT form of the exponent. + sensitive->sensitive.rsa.t.size &= ~(RSA_prime_flag); + // If the parent isn't fixedTPM, then truncate the sensitive data to be + // the size of the prime. Otherwise, leave it at the current size which + // is the full CRT size. + if(parent == NULL + || !IS_ATTRIBUTE( + parent->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM)) + sensitive->sensitive.rsa.t.size /= 5; + retVal = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); + // Restore the flag and the size. + sensitive->sensitive.rsa.t.size = sizeSave; + } else #endif - retVal = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); + retVal = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); // Marshal the size retVal = (UINT16)(retVal + UINT16_Marshal(&retVal, &sizeField, NULL)); @@ -1132,15 +1129,15 @@ static UINT16 MarshalSensitive( // 2. apply encryption to the sensitive area. // 3. apply outer integrity computation. void SensitiveToPrivate( - TPMT_SENSITIVE* sensitive, // IN: sensitive structure - TPM2B_NAME* name, // IN: the name of the object - OBJECT* parent, // IN: The parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This - // parameter is used when parentHandle is - // NULL, in which case the object is - // temporary. - TPM2B_PRIVATE* outPrivate // OUT: output private structure - ) + TPMT_SENSITIVE* sensitive, // IN: sensitive structure + TPM2B_NAME* name, // IN: the name of the object + OBJECT* parent, // IN: The parent object + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This + // parameter is used when parentHandle is + // NULL, in which case the object is + // temporary. + TPM2B_PRIVATE* outPrivate // OUT: output private structure +) { BYTE* sensitiveData; // pointer to the sensitive data UINT16 dataSize; // data blob size @@ -1152,15 +1149,15 @@ void SensitiveToPrivate( // Find the hash algorithm for integrity computation if(parent == NULL) - { - // For Temporary Object, using self name algorithm - hashAlg = nameAlg; - } + { + // For Temporary Object, using self name algorithm + hashAlg = nameAlg; + } else - { - // Otherwise, using parent's name algorithm - hashAlg = parent->publicArea.nameAlg; - } + { + // Otherwise, using parent's name algorithm + hashAlg = parent->publicArea.nameAlg; + } // Starting of sensitive data without wrappers sensitiveData = outPrivate->t.buffer; @@ -1181,7 +1178,7 @@ void SensitiveToPrivate( //Produce outer wrap, including encryption and HMAC outPrivate->t.size = ProduceOuterWrap( - parent, &name->b, hashAlg, NULL, TRUE, dataSize, outPrivate->t.buffer); + parent, &name->b, hashAlg, NULL, TRUE, dataSize, outPrivate->t.buffer); return; } @@ -1202,18 +1199,18 @@ void SensitiveToPrivate( // size TPM_RC PrivateToSensitive(TPM2B* inPrivate, // IN: input private structure - TPM2B* name, // IN: the name of the object - OBJECT* parent, // IN: parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is - // passed separately because we only pass - // name, rather than the whole public area - // of the object. This parameter is used in - // the following two cases: 1. primary - // objects. 2. duplication blob with inner - // wrap. In other cases, this parameter - // will be ignored - TPMT_SENSITIVE* sensitive // OUT: sensitive structure - ) + TPM2B* name, // IN: the name of the object + OBJECT* parent, // IN: parent object + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is + // passed separately because we only pass + // name, rather than the whole public area + // of the object. This parameter is used in + // the following two cases: 1. primary + // objects. 2. duplication blob with inner + // wrap. In other cases, this parameter + // will be ignored + TPMT_SENSITIVE* sensitive // OUT: sensitive structure +) { TPM_RC result; BYTE* buffer; @@ -1235,9 +1232,9 @@ PrivateToSensitive(TPM2B* inPrivate, // IN: input private structure // unwrap outer result = UnwrapOuter( - parent, name, hashAlg, NULL, TRUE, inPrivate->size, inPrivate->buffer); + parent, name, hashAlg, NULL, TRUE, inPrivate->size, inPrivate->buffer); if(result != TPM_RC_SUCCESS) - return result; + return result; // Compute the inner integrity size. integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); @@ -1253,19 +1250,19 @@ PrivateToSensitive(TPM2B* inPrivate, // IN: input private structure size = (INT32)dataSize; result = UINT16_Unmarshal(&dataSizeInput, &buffer, &size); if(result == TPM_RC_SUCCESS) - { - if((dataSizeInput + sizeof(UINT16)) != dataSize) - result = TPM_RC_SENSITIVE; - else - { - // Unmarshal sensitive buffer to sensitive structure - result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); - if(result != TPM_RC_SUCCESS || size != 0) - { - result = TPM_RC_SENSITIVE; - } - } - } + { + if((dataSizeInput + sizeof(UINT16)) != dataSize) + result = TPM_RC_SENSITIVE; + else + { + // Unmarshal sensitive buffer to sensitive structure + result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); + if(result != TPM_RC_SUCCESS || size != 0) + { + result = TPM_RC_SENSITIVE; + } + } + } return result; } @@ -1276,26 +1273,26 @@ PrivateToSensitive(TPM2B* inPrivate, // IN: input private structure // 2. apply inner wrap to the sensitive area if required // 3. apply outer wrap if required void SensitiveToDuplicate( - TPMT_SENSITIVE* sensitive, // IN: sensitive structure - TPM2B* name, // IN: the name of the object - OBJECT* parent, // IN: The new parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It - // is passed separately because we - // only pass name, rather than the - // whole public area of the object. - TPM2B* seed, // IN: the external seed. If external - // seed is provided with size of 0, - // no outer wrap should be applied - // to duplication blob. - TPMT_SYM_DEF_OBJECT* symDef, // IN: Symmetric key definition. If the - // symmetric key algorithm is NULL, - // no inner wrap should be applied. - TPM2B_DATA* innerSymKey, // IN/OUT: a symmetric key may be - // provided to encrypt the inner - // wrap of a duplication blob. May - // be generated here if needed. - TPM2B_PRIVATE* outPrivate // OUT: output private structure - ) + TPMT_SENSITIVE* sensitive, // IN: sensitive structure + TPM2B* name, // IN: the name of the object + OBJECT* parent, // IN: The new parent object + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It + // is passed separately because we + // only pass name, rather than the + // whole public area of the object. + TPM2B* seed, // IN: the external seed. If external + // seed is provided with size of 0, + // no outer wrap should be applied + // to duplication blob. + TPMT_SYM_DEF_OBJECT* symDef, // IN: Symmetric key definition. If the + // symmetric key algorithm is NULL, + // no inner wrap should be applied. + TPM2B_DATA* innerSymKey, // IN/OUT: a symmetric key may be + // provided to encrypt the inner + // wrap of a duplication blob. May + // be generated here if needed. + TPM2B_PRIVATE* outPrivate // OUT: output private structure +) { BYTE* sensitiveData; // pointer to the sensitive data TPMI_ALG_HASH outerHash = TPM_ALG_NULL; // The hash algorithm for outer wrap @@ -1315,77 +1312,77 @@ void SensitiveToDuplicate( // Find out if inner wrap is required if(symDef->algorithm != TPM_ALG_NULL) - { - doInnerWrap = TRUE; + { + doInnerWrap = TRUE; - // Use self nameAlg as inner hash algorithm - innerHash = nameAlg; + // Use self nameAlg as inner hash algorithm + innerHash = nameAlg; - // Adjust sensitive data pointer - sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(innerHash); - } + // Adjust sensitive data pointer + sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(innerHash); + } // Find out if outer wrap is required if(seed->size != 0) - { - doOuterWrap = TRUE; + { + doOuterWrap = TRUE; - // Use parent nameAlg as outer hash algorithm - outerHash = parent->publicArea.nameAlg; + // Use parent nameAlg as outer hash algorithm + outerHash = parent->publicArea.nameAlg; - // Adjust sensitive data pointer - sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - } + // Adjust sensitive data pointer + sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); + } // Marshal sensitive area dataSize = MarshalSensitive(NULL, sensitiveData, sensitive, nameAlg); // Apply inner wrap for duplication blob. It includes both integrity and // encryption if(doInnerWrap) - { - BYTE* innerBuffer = NULL; - BOOL symKeyInput = TRUE; - innerBuffer = outPrivate->t.buffer; - // Skip outer integrity space - if(doOuterWrap) - innerBuffer += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - dataSize = ProduceInnerIntegrity(name, innerHash, dataSize, innerBuffer); - // Generate inner encryption key if needed - if(innerSymKey->t.size == 0) - { - innerSymKey->t.size = (symDef->keyBits.sym + 7) / 8; - CryptRandomGenerate(innerSymKey->t.size, innerSymKey->t.buffer); + { + BYTE* innerBuffer = NULL; + BOOL symKeyInput = TRUE; + innerBuffer = outPrivate->t.buffer; + // Skip outer integrity space + if(doOuterWrap) + innerBuffer += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); + dataSize = ProduceInnerIntegrity(name, innerHash, dataSize, innerBuffer); + // Generate inner encryption key if needed + if(innerSymKey->t.size == 0) + { + innerSymKey->t.size = (symDef->keyBits.sym + 7) / 8; + CryptRandomGenerate(innerSymKey->t.size, innerSymKey->t.buffer); - // TPM generates symmetric encryption. Set the flag to FALSE - symKeyInput = FALSE; - } - else - { - // assume the input key size should matches the symmetric definition - pAssert(innerSymKey->t.size == (symDef->keyBits.sym + 7) / 8); - } + // TPM generates symmetric encryption. Set the flag to FALSE + symKeyInput = FALSE; + } + else + { + // assume the input key size should matches the symmetric definition + pAssert(innerSymKey->t.size == (symDef->keyBits.sym + 7) / 8); + } - // Encrypt inner buffer in place - CryptSymmetricEncrypt(innerBuffer, - symDef->algorithm, - symDef->keyBits.sym, - innerSymKey->t.buffer, - NULL, - TPM_ALG_CFB, - dataSize, - innerBuffer); + // Encrypt inner buffer in place + CryptSymmetricEncrypt(innerBuffer, + symDef->algorithm, + symDef->keyBits.sym, + innerSymKey->t.buffer, + NULL, + TPM_ALG_CFB, + dataSize, + innerBuffer); - // If the symmetric encryption key is imported, clear the buffer for - // output - if(symKeyInput) - innerSymKey->t.size = 0; - } + // If the symmetric encryption key is imported, clear the buffer for + // output + if(symKeyInput) + innerSymKey->t.size = 0; + } // Apply outer wrap for duplication blob. It includes both integrity and // encryption if(doOuterWrap) - { - dataSize = ProduceOuterWrap( - parent, name, outerHash, seed, FALSE, dataSize, outPrivate->t.buffer); - } + { + dataSize = ProduceOuterWrap( + parent, name, outerHash, seed, FALSE, dataSize, outPrivate->t.buffer); + } // Data size for output outPrivate->t.size = dataSize; @@ -1406,22 +1403,22 @@ void SensitiveToDuplicate( // TPM_RC_SIZE unmarshaling sensitive data from 'inPrivate' failed TPM_RC DuplicateToSensitive( - TPM2B* inPrivate, // IN: input private structure - TPM2B* name, // IN: the name of the object - OBJECT* parent, // IN: the parent - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. - TPM2B* seed, // IN: an external seed may be provided. - // If external seed is provided with - // size of 0, no outer wrap is - // applied - TPMT_SYM_DEF_OBJECT* symDef, // IN: Symmetric key definition. If the - // symmetric key algorithm is NULL, - // no inner wrap is applied - TPM2B* innerSymKey, // IN: a symmetric key may be provided - // to decrypt the inner wrap of a - // duplication blob. - TPMT_SENSITIVE* sensitive // OUT: sensitive structure - ) + TPM2B* inPrivate, // IN: input private structure + TPM2B* name, // IN: the name of the object + OBJECT* parent, // IN: the parent + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. + TPM2B* seed, // IN: an external seed may be provided. + // If external seed is provided with + // size of 0, no outer wrap is + // applied + TPMT_SYM_DEF_OBJECT* symDef, // IN: Symmetric key definition. If the + // symmetric key algorithm is NULL, + // no inner wrap is applied + TPM2B* innerSymKey, // IN: a symmetric key may be provided + // to decrypt the inner wrap of a + // duplication blob. + TPMT_SENSITIVE* sensitive // OUT: sensitive structure +) { TPM_RC result; BYTE* buffer; @@ -1442,59 +1439,59 @@ DuplicateToSensitive( // Find out if outer wrap is applied if(seed->size != 0) - { - // Use parent nameAlg as outer hash algorithm - TPMI_ALG_HASH outerHash = parent->publicArea.nameAlg; + { + // Use parent nameAlg as outer hash algorithm + TPMI_ALG_HASH outerHash = parent->publicArea.nameAlg; - result = UnwrapOuter( - parent, name, outerHash, seed, FALSE, dataSize, sensitiveData); - if(result != TPM_RC_SUCCESS) - return result; - // Adjust sensitive data pointer and size - sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - dataSize -= sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - } + result = UnwrapOuter( + parent, name, outerHash, seed, FALSE, dataSize, sensitiveData); + if(result != TPM_RC_SUCCESS) + return result; + // Adjust sensitive data pointer and size + sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); + dataSize -= sizeof(UINT16) + CryptHashGetDigestSize(outerHash); + } // Find out if inner wrap is applied if(symDef->algorithm != TPM_ALG_NULL) - { - // assume the input key size matches the symmetric definition - pAssert(innerSymKey->size == (symDef->keyBits.sym + 7) / 8); + { + // assume the input key size matches the symmetric definition + pAssert(innerSymKey->size == (symDef->keyBits.sym + 7) / 8); - // Decrypt inner buffer in place - CryptSymmetricDecrypt(sensitiveData, - symDef->algorithm, - symDef->keyBits.sym, - innerSymKey->buffer, - NULL, - TPM_ALG_CFB, - dataSize, - sensitiveData); - // Check inner integrity - result = CheckInnerIntegrity(name, nameAlg, dataSize, sensitiveData); - if(result != TPM_RC_SUCCESS) - return result; - // Adjust sensitive data pointer and size - sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(nameAlg); - dataSize -= sizeof(UINT16) + CryptHashGetDigestSize(nameAlg); - } + // Decrypt inner buffer in place + CryptSymmetricDecrypt(sensitiveData, + symDef->algorithm, + symDef->keyBits.sym, + innerSymKey->buffer, + NULL, + TPM_ALG_CFB, + dataSize, + sensitiveData); + // Check inner integrity + result = CheckInnerIntegrity(name, nameAlg, dataSize, sensitiveData); + if(result != TPM_RC_SUCCESS) + return result; + // Adjust sensitive data pointer and size + sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(nameAlg); + dataSize -= sizeof(UINT16) + CryptHashGetDigestSize(nameAlg); + } // Unmarshal input data size buffer = sensitiveData; size = (INT32)dataSize; result = UINT16_Unmarshal(&dataSizeInput, &buffer, &size); if(result == TPM_RC_SUCCESS) - { - if((dataSizeInput + sizeof(UINT16)) != dataSize) - result = TPM_RC_SIZE; - else - { - // Unmarshal sensitive buffer to sensitive structure - result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); + { + if((dataSizeInput + sizeof(UINT16)) != dataSize) + result = TPM_RC_SIZE; + else + { + // Unmarshal sensitive buffer to sensitive structure + result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); - // if the results is OK make sure that all the data was unmarshaled - if(result == TPM_RC_SUCCESS && size != 0) - result = TPM_RC_SIZE; - } - } + // if the results is OK make sure that all the data was unmarshaled + if(result == TPM_RC_SUCCESS && size != 0) + result = TPM_RC_SIZE; + } + } return result; } @@ -1506,17 +1503,17 @@ DuplicateToSensitive( // 3. compute integrity HMAC and append to the beginning of the buffer. // 4. Set the total size of TPM2B_ID_OBJECT buffer void SecretToCredential(TPM2B_DIGEST* secret, // IN: secret information - TPM2B* name, // IN: the name of the object - TPM2B* seed, // IN: an external seed. - OBJECT* protector, // IN: the protector - TPM2B_ID_OBJECT* outIDObject // OUT: output credential - ) + TPM2B* name, // IN: the name of the object + TPM2B* seed, // IN: an external seed. + OBJECT* protector, // IN: the protector + TPM2B_ID_OBJECT* outIDObject // OUT: output credential +) { BYTE* buffer; // Auxiliary buffer pointer BYTE* sensitiveData; // pointer to the sensitive data TPMI_ALG_HASH outerHash; // The hash algorithm for outer wrap UINT16 dataSize; // data blob size - // + // pAssert(secret != NULL && outIDObject != NULL); // use protector's name algorithm as outer hash ???? @@ -1524,14 +1521,14 @@ void SecretToCredential(TPM2B_DIGEST* secret, // IN: secret information // Marshal secret area to credential buffer, leave space for integrity sensitiveData = outIDObject->t.credential + sizeof(UINT16) - + CryptHashGetDigestSize(outerHash); + + CryptHashGetDigestSize(outerHash); // Marshal secret area buffer = sensitiveData; dataSize = TPM2B_DIGEST_Marshal(secret, &buffer, NULL); // Apply outer wrap outIDObject->t.size = ProduceOuterWrap( - protector, name, outerHash, seed, FALSE, dataSize, outIDObject->t.credential); + protector, name, outerHash, seed, FALSE, dataSize, outIDObject->t.credential); return; } @@ -1551,11 +1548,11 @@ void SecretToCredential(TPM2B_DIGEST* secret, // IN: secret information // block size TPM_RC CredentialToSecret(TPM2B* inIDObject, // IN: input credential blob - TPM2B* name, // IN: the name of the object - TPM2B* seed, // IN: an external seed. - OBJECT* protector, // IN: the protector - TPM2B_DIGEST* secret // OUT: secret information - ) + TPM2B* name, // IN: the name of the object + TPM2B* seed, // IN: an external seed. + OBJECT* protector, // IN: the protector + TPM2B_DIGEST* secret // OUT: secret information +) { TPM_RC result; BYTE* buffer; @@ -1569,29 +1566,29 @@ CredentialToSecret(TPM2B* inIDObject, // IN: input credential blob // Unwrap outer, a TPM_RC_INTEGRITY error may be returned at this point result = UnwrapOuter(protector, - name, - outerHash, - seed, - FALSE, - inIDObject->size, - inIDObject->buffer); + name, + outerHash, + seed, + FALSE, + inIDObject->size, + inIDObject->buffer); if(result == TPM_RC_SUCCESS) - { - // Compute the beginning of sensitive data - sensitiveData = - inIDObject->buffer + sizeof(UINT16) + CryptHashGetDigestSize(outerHash); - dataSize = - inIDObject->size - (sizeof(UINT16) + CryptHashGetDigestSize(outerHash)); - // Unmarshal secret buffer to TPM2B_DIGEST structure - buffer = sensitiveData; - size = (INT32)dataSize; - result = TPM2B_DIGEST_Unmarshal(secret, &buffer, &size); + { + // Compute the beginning of sensitive data + sensitiveData = + inIDObject->buffer + sizeof(UINT16) + CryptHashGetDigestSize(outerHash); + dataSize = + inIDObject->size - (sizeof(UINT16) + CryptHashGetDigestSize(outerHash)); + // Unmarshal secret buffer to TPM2B_DIGEST structure + buffer = sensitiveData; + size = (INT32)dataSize; + result = TPM2B_DIGEST_Unmarshal(secret, &buffer, &size); - // If there were no other unmarshaling errors, make sure that the - // expected amount of data was recovered - if(result == TPM_RC_SUCCESS && size != 0) - return TPM_RC_SIZE; - } + // If there were no other unmarshaling errors, make sure that the + // expected amount of data was recovered + if(result == TPM_RC_SUCCESS && size != 0) + return TPM_RC_SIZE; + } return result; } @@ -1602,10 +1599,10 @@ CredentialToSecret(TPM2B* inIDObject, // IN: input credential blob // The function returns the number of non-zero octets in the buffer. UINT16 MemoryRemoveTrailingZeros(TPM2B_AUTH* auth // IN/OUT: value to adjust - ) +) { while((auth->t.size > 0) && (auth->t.buffer[auth->t.size - 1] == 0)) - auth->t.size--; + auth->t.size--; return auth->t.size; } @@ -1614,9 +1611,9 @@ MemoryRemoveTrailingZeros(TPM2B_AUTH* auth // IN/OUT: value to adjust // that 'label' or 'context' can end up being an Empty Buffer. TPM_RC SetLabelAndContext(TPMS_DERIVE* labelContext, // IN/OUT: the recovered label and - // context - TPM2B_SENSITIVE_DATA* sensitive // IN: the sensitive data - ) + // context + TPM2B_SENSITIVE_DATA* sensitive // IN: the sensitive data +) { TPMS_DERIVE sensitiveValue; TPM_RC result; @@ -1626,24 +1623,24 @@ SetLabelAndContext(TPMS_DERIVE* labelContext, // IN/OUT: the recovered lab // Unmarshal a TPMS_DERIVE from the TPM2B_SENSITIVE_DATA buffer // If there is something to unmarshal... if(sensitive->t.size != 0) - { - size = sensitive->t.size; - buff = sensitive->t.buffer; - result = TPMS_DERIVE_Unmarshal(&sensitiveValue, &buff, &size); - if(result != TPM_RC_SUCCESS) - return result; - // If there was a label in the public area leave it there, otherwise, copy - // the new value - if(labelContext->label.t.size == 0) - MemoryCopy2B(&labelContext->label.b, - &sensitiveValue.label.b, - sizeof(labelContext->label.t.buffer)); - // if there was a context string in publicArea, it overrides - if(labelContext->context.t.size == 0) - MemoryCopy2B(&labelContext->context.b, - &sensitiveValue.context.b, - sizeof(labelContext->label.t.buffer)); - } + { + size = sensitive->t.size; + buff = sensitive->t.buffer; + result = TPMS_DERIVE_Unmarshal(&sensitiveValue, &buff, &size); + if(result != TPM_RC_SUCCESS) + return result; + // If there was a label in the public area leave it there, otherwise, copy + // the new value + if(labelContext->label.t.size == 0) + MemoryCopy2B(&labelContext->label.b, + &sensitiveValue.label.b, + sizeof(labelContext->label.t.buffer)); + // if there was a context string in publicArea, it overrides + if(labelContext->context.t.size == 0) + MemoryCopy2B(&labelContext->context.b, + &sensitiveValue.context.b, + sizeof(labelContext->label.t.buffer)); + } return TPM_RC_SUCCESS; } @@ -1656,10 +1653,10 @@ SetLabelAndContext(TPMS_DERIVE* labelContext, // IN/OUT: the recovered lab // a 'label' and 'context' that are unmarshaled into 'derive'. TPM_RC UnmarshalToPublic(TPMT_PUBLIC* tOut, // OUT: output - TPM2B_TEMPLATE* tIn, // IN: - BOOL derivation, // IN: indicates if this is for a derivation - TPMS_DERIVE* labelContext // OUT: label and context if derivation - ) + TPM2B_TEMPLATE* tIn, // IN: + BOOL derivation, // IN: indicates if this is for a derivation + TPMS_DERIVE* labelContext // OUT: label and context if derivation +) { BYTE* buffer = tIn->t.buffer; INT32 size = tIn->t.size; @@ -1671,29 +1668,29 @@ UnmarshalToPublic(TPMT_PUBLIC* tOut, // OUT: output // Unmarshal the components of the TPMT_PUBLIC up to the unique field result = TPMI_ALG_PUBLIC_Unmarshal(&tOut->type, &buffer, &size); if(result != TPM_RC_SUCCESS) - return result; + return result; result = TPMI_ALG_HASH_Unmarshal(&tOut->nameAlg, &buffer, &size, FALSE); if(result != TPM_RC_SUCCESS) - return result; + return result; result = TPMA_OBJECT_Unmarshal(&tOut->objectAttributes, &buffer, &size); if(result != TPM_RC_SUCCESS) - return result; + return result; result = TPM2B_DIGEST_Unmarshal(&tOut->authPolicy, &buffer, &size); if(result != TPM_RC_SUCCESS) - return result; + return result; result = - TPMU_PUBLIC_PARMS_Unmarshal(&tOut->parameters, &buffer, &size, tOut->type); + TPMU_PUBLIC_PARMS_Unmarshal(&tOut->parameters, &buffer, &size, tOut->type); if(result != TPM_RC_SUCCESS) - return result; + return result; // Now unmarshal a TPMS_DERIVE if this is for derivation if(derivation) - result = TPMS_DERIVE_Unmarshal(labelContext, &buffer, &size); + result = TPMS_DERIVE_Unmarshal(labelContext, &buffer, &size); else - // otherwise, unmarshal a TPMU_PUBLIC_ID - result = TPMU_PUBLIC_ID_Unmarshal(&tOut->unique, &buffer, &size, tOut->type); + // otherwise, unmarshal a TPMU_PUBLIC_ID + result = TPMU_PUBLIC_ID_Unmarshal(&tOut->unique, &buffer, &size, tOut->type); // Make sure the template was used up if((result == TPM_RC_SUCCESS) && (size != 0)) - result = TPM_RC_SIZE; + result = TPM_RC_SIZE; return result; } diff --git a/src/tpm2/Object_spt_fp.h b/src/tpm2/Object_spt_fp.h index a8fdcf96..780d2c73 100644 --- a/src/tpm2/Object_spt_fp.h +++ b/src/tpm2/Object_spt_fp.h @@ -71,8 +71,8 @@ // digestSize for the nameAlg. It will then pad with zeros to the size of the // digest. BOOL AdjustAuthSize(TPM2B_AUTH* auth, // IN/OUT: value to adjust - TPMI_ALG_HASH nameAlg // IN: - ); + TPMI_ALG_HASH nameAlg // IN: +); //*** AreAttributesForParent() // This function is called by create, load, and import functions. @@ -83,7 +83,7 @@ BOOL AdjustAuthSize(TPM2B_AUTH* auth, // IN/OUT: value to adjust // TRUE(1) properties are those of a parent // FALSE(0) properties are not those of a parent BOOL ObjectIsParent(OBJECT* parentObject // IN: parent handle - ); +); //*** CreateChecks() // Attribute checks that are unique to creation. @@ -99,9 +99,9 @@ BOOL ObjectIsParent(OBJECT* parentObject // IN: parent handle // other returns from PublicAttributesValidation() TPM_RC CreateChecks(OBJECT* parentObject, - TPMI_RH_HIERARCHY primaryHierarchy, - TPMT_PUBLIC* publicArea, - UINT16 sensitiveDataSize); + TPMI_RH_HIERARCHY primaryHierarchy, + TPMT_PUBLIC* publicArea, + UINT16 sensitiveDataSize); //*** SchemeChecks // This function is called by TPM2_LoadExternal() and PublicAttributesValidation(). @@ -119,8 +119,8 @@ CreateChecks(OBJECT* parentObject, // TPM_ALG_NULL TPM_RC SchemeChecks(OBJECT* parentObject, // IN: parent (null if primary seed) - TPMT_PUBLIC* publicArea // IN: public area of the object - ); + TPMT_PUBLIC* publicArea // IN: public area of the object +); //*** PublicAttributesValidation() // This function validates the values in the public area of an object. @@ -144,29 +144,29 @@ SchemeChecks(OBJECT* parentObject, // IN: parent (null if primary seed) // other returns from SchemeChecks() TPM_RC PublicAttributesValidation( - // IN: input parent object (if ordinary or derived object; NULL otherwise) - OBJECT* parentObject, - // IN: hierarchy (if primary object; 0 otherwise) - TPMI_RH_HIERARCHY primaryHierarchy, - // IN: public area of the object - TPMT_PUBLIC* publicArea); + // IN: input parent object (if ordinary or derived object; NULL otherwise) + OBJECT* parentObject, + // IN: hierarchy (if primary object; 0 otherwise) + TPMI_RH_HIERARCHY primaryHierarchy, + // IN: public area of the object + TPMT_PUBLIC* publicArea); //*** FillInCreationData() // Fill in creation data for an object. // Return Type: void void FillInCreationData( - TPMI_DH_OBJECT parentHandle, // IN: handle of parent - TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm - TPML_PCR_SELECTION* creationPCR, // IN: PCR selection - TPM2B_DATA* outsideData, // IN: outside data - TPM2B_CREATION_DATA* outCreation, // OUT: creation data for output - TPM2B_DIGEST* creationDigest // OUT: creation digest - ); + TPMI_DH_OBJECT parentHandle, // IN: handle of parent + TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm + TPML_PCR_SELECTION* creationPCR, // IN: PCR selection + TPM2B_DATA* outsideData, // IN: outside data + TPM2B_CREATION_DATA* outCreation, // OUT: creation data for output + TPM2B_DIGEST* creationDigest // OUT: creation digest +); //*** GetSeedForKDF() // Get a seed for KDF. The KDF for encryption and HMAC key use the same seed. const TPM2B* GetSeedForKDF(OBJECT* protector // IN: the protector handle - ); +); //*** ProduceOuterWrap() // This function produce outer wrap for a buffer containing the sensitive data. @@ -181,21 +181,21 @@ const TPM2B* GetSeedForKDF(OBJECT* protector // IN: the protector handle // d) returns the total size of blob with outer wrap. UINT16 ProduceOuterWrap(OBJECT* protector, // IN: The handle of the object that provides - // protection. For object, it is parent - // handle. For credential, it is the handle - // of encrypt object. - TPM2B* name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap - TPM2B* seed, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL - BOOL useIV, // IN: indicate if an IV is used - UINT16 dataSize, // IN: the size of sensitive data, excluding the - // leading integrity buffer size or the - // optional iv size - BYTE* outerBuffer // IN/OUT: outer buffer with sensitive data in - // it - ); + // protection. For object, it is parent + // handle. For credential, it is the handle + // of encrypt object. + TPM2B* name, // IN: the name of the object + TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap + TPM2B* seed, // IN: an external seed may be provided for + // duplication blob. For non duplication + // blob, this parameter should be NULL + BOOL useIV, // IN: indicate if an IV is used + UINT16 dataSize, // IN: the size of sensitive data, excluding the + // leading integrity buffer size or the + // optional iv size + BYTE* outerBuffer // IN/OUT: outer buffer with sensitive data in + // it +); //*** UnwrapOuter() // This function remove the outer wrap of a blob containing sensitive data @@ -211,20 +211,20 @@ ProduceOuterWrap(OBJECT* protector, // IN: The handle of the object that provi // algorithm block size TPM_RC UnwrapOuter(OBJECT* protector, // IN: The object that provides - // protection. For object, it is parent - // handle. For credential, it is the - // encrypt object. - TPM2B* name, // IN: the name of the object - TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap - TPM2B* seed, // IN: an external seed may be provided for - // duplication blob. For non duplication - // blob, this parameter should be NULL. - BOOL useIV, // IN: indicates if an IV is used - UINT16 dataSize, // IN: size of sensitive data in outerBuffer, - // including the leading integrity buffer - // size, and an optional iv area - BYTE* outerBuffer // IN/OUT: sensitive data - ); + // protection. For object, it is parent + // handle. For credential, it is the + // encrypt object. + TPM2B* name, // IN: the name of the object + TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap + TPM2B* seed, // IN: an external seed may be provided for + // duplication blob. For non duplication + // blob, this parameter should be NULL. + BOOL useIV, // IN: indicates if an IV is used + UINT16 dataSize, // IN: size of sensitive data in outerBuffer, + // including the leading integrity buffer + // size, and an optional iv area + BYTE* outerBuffer // IN/OUT: sensitive data +); //*** SensitiveToPrivate() // This function prepare the private blob for off the chip storage @@ -233,15 +233,15 @@ UnwrapOuter(OBJECT* protector, // IN: The object that provides // b) applies encryption to the sensitive area; and // c) applies outer integrity computation. void SensitiveToPrivate( - TPMT_SENSITIVE* sensitive, // IN: sensitive structure - TPM2B_NAME* name, // IN: the name of the object - OBJECT* parent, // IN: The parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This - // parameter is used when parentHandle is - // NULL, in which case the object is - // temporary. - TPM2B_PRIVATE* outPrivate // OUT: output private structure - ); + TPMT_SENSITIVE* sensitive, // IN: sensitive structure + TPM2B_NAME* name, // IN: the name of the object + OBJECT* parent, // IN: The parent object + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This + // parameter is used when parentHandle is + // NULL, in which case the object is + // temporary. + TPM2B_PRIVATE* outPrivate // OUT: output private structure +); //*** PrivateToSensitive() // Unwrap a input private area. Check the integrity, decrypt and retrieve data @@ -259,18 +259,18 @@ void SensitiveToPrivate( // size TPM_RC PrivateToSensitive(TPM2B* inPrivate, // IN: input private structure - TPM2B* name, // IN: the name of the object - OBJECT* parent, // IN: parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is - // passed separately because we only pass - // name, rather than the whole public area - // of the object. This parameter is used in - // the following two cases: 1. primary - // objects. 2. duplication blob with inner - // wrap. In other cases, this parameter - // will be ignored - TPMT_SENSITIVE* sensitive // OUT: sensitive structure - ); + TPM2B* name, // IN: the name of the object + OBJECT* parent, // IN: parent object + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is + // passed separately because we only pass + // name, rather than the whole public area + // of the object. This parameter is used in + // the following two cases: 1. primary + // objects. 2. duplication blob with inner + // wrap. In other cases, this parameter + // will be ignored + TPMT_SENSITIVE* sensitive // OUT: sensitive structure +); //*** SensitiveToDuplicate() // This function prepare the duplication blob from the sensitive area. @@ -279,26 +279,26 @@ PrivateToSensitive(TPM2B* inPrivate, // IN: input private structure // b) applies inner wrap to the sensitive area if required; and // c) applies outer wrap if required. void SensitiveToDuplicate( - TPMT_SENSITIVE* sensitive, // IN: sensitive structure - TPM2B* name, // IN: the name of the object - OBJECT* parent, // IN: The new parent object - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It - // is passed separately because we - // only pass name, rather than the - // whole public area of the object. - TPM2B* seed, // IN: the external seed. If external - // seed is provided with size of 0, - // no outer wrap should be applied - // to duplication blob. - TPMT_SYM_DEF_OBJECT* symDef, // IN: Symmetric key definition. If the - // symmetric key algorithm is NULL, - // no inner wrap should be applied. - TPM2B_DATA* innerSymKey, // IN/OUT: a symmetric key may be - // provided to encrypt the inner - // wrap of a duplication blob. May - // be generated here if needed. - TPM2B_PRIVATE* outPrivate // OUT: output private structure - ); + TPMT_SENSITIVE* sensitive, // IN: sensitive structure + TPM2B* name, // IN: the name of the object + OBJECT* parent, // IN: The new parent object + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It + // is passed separately because we + // only pass name, rather than the + // whole public area of the object. + TPM2B* seed, // IN: the external seed. If external + // seed is provided with size of 0, + // no outer wrap should be applied + // to duplication blob. + TPMT_SYM_DEF_OBJECT* symDef, // IN: Symmetric key definition. If the + // symmetric key algorithm is NULL, + // no inner wrap should be applied. + TPM2B_DATA* innerSymKey, // IN/OUT: a symmetric key may be + // provided to encrypt the inner + // wrap of a duplication blob. May + // be generated here if needed. + TPM2B_PRIVATE* outPrivate // OUT: output private structure +); //*** DuplicateToSensitive() // Unwrap a duplication blob. Check the integrity, decrypt and retrieve data @@ -314,22 +314,22 @@ void SensitiveToDuplicate( // TPM_RC_SIZE unmarshaling sensitive data from 'inPrivate' failed TPM_RC DuplicateToSensitive( - TPM2B* inPrivate, // IN: input private structure - TPM2B* name, // IN: the name of the object - OBJECT* parent, // IN: the parent - TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. - TPM2B* seed, // IN: an external seed may be provided. - // If external seed is provided with - // size of 0, no outer wrap is - // applied - TPMT_SYM_DEF_OBJECT* symDef, // IN: Symmetric key definition. If the - // symmetric key algorithm is NULL, - // no inner wrap is applied - TPM2B* innerSymKey, // IN: a symmetric key may be provided - // to decrypt the inner wrap of a - // duplication blob. - TPMT_SENSITIVE* sensitive // OUT: sensitive structure - ); + TPM2B* inPrivate, // IN: input private structure + TPM2B* name, // IN: the name of the object + OBJECT* parent, // IN: the parent + TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. + TPM2B* seed, // IN: an external seed may be provided. + // If external seed is provided with + // size of 0, no outer wrap is + // applied + TPMT_SYM_DEF_OBJECT* symDef, // IN: Symmetric key definition. If the + // symmetric key algorithm is NULL, + // no inner wrap is applied + TPM2B* innerSymKey, // IN: a symmetric key may be provided + // to decrypt the inner wrap of a + // duplication blob. + TPMT_SENSITIVE* sensitive // OUT: sensitive structure +); //*** SecretToCredential() // This function prepare the credential blob from a secret (a TPM2B_DIGEST) @@ -339,11 +339,11 @@ DuplicateToSensitive( // c) computes integrity HMAC and append to the beginning of the buffer; and // d) sets the total size of TPM2B_ID_OBJECT buffer. void SecretToCredential(TPM2B_DIGEST* secret, // IN: secret information - TPM2B* name, // IN: the name of the object - TPM2B* seed, // IN: an external seed. - OBJECT* protector, // IN: the protector - TPM2B_ID_OBJECT* outIDObject // OUT: output credential - ); + TPM2B* name, // IN: the name of the object + TPM2B* seed, // IN: an external seed. + OBJECT* protector, // IN: the protector + TPM2B_ID_OBJECT* outIDObject // OUT: output credential +); //*** CredentialToSecret() // Unwrap a credential. Check the integrity, decrypt and retrieve data @@ -361,11 +361,11 @@ void SecretToCredential(TPM2B_DIGEST* secret, // IN: secret information // block size TPM_RC CredentialToSecret(TPM2B* inIDObject, // IN: input credential blob - TPM2B* name, // IN: the name of the object - TPM2B* seed, // IN: an external seed. - OBJECT* protector, // IN: the protector - TPM2B_DIGEST* secret // OUT: secret information - ); + TPM2B* name, // IN: the name of the object + TPM2B* seed, // IN: an external seed. + OBJECT* protector, // IN: the protector + TPM2B_DIGEST* secret // OUT: secret information +); //*** MemoryRemoveTrailingZeros() // This function is used to adjust the length of an authorization value. @@ -375,16 +375,16 @@ CredentialToSecret(TPM2B* inIDObject, // IN: input credential blob // This function returns the number of non-zero octets in the buffer. UINT16 MemoryRemoveTrailingZeros(TPM2B_AUTH* auth // IN/OUT: value to adjust - ); +); //*** SetLabelAndContext() // This function sets the label and context for a derived key. It is possible // that 'label' or 'context' can end up being an Empty Buffer. TPM_RC SetLabelAndContext(TPMS_DERIVE* labelContext, // IN/OUT: the recovered label and - // context - TPM2B_SENSITIVE_DATA* sensitive // IN: the sensitive data - ); + // context + TPM2B_SENSITIVE_DATA* sensitive // IN: the sensitive data +); //*** UnmarshalToPublic() // Support function to unmarshal the template. This is used because the @@ -396,10 +396,10 @@ SetLabelAndContext(TPMS_DERIVE* labelContext, // IN/OUT: the recovered lab // a 'label' and 'context' that are unmarshaled into 'derive'. TPM_RC UnmarshalToPublic(TPMT_PUBLIC* tOut, // OUT: output - TPM2B_TEMPLATE* tIn, // IN: - BOOL derivation, // IN: indicates if this is for a derivation - TPMS_DERIVE* labelContext // OUT: label and context if derivation - ); + TPM2B_TEMPLATE* tIn, // IN: + BOOL derivation, // IN: indicates if this is for a derivation + TPMS_DERIVE* labelContext // OUT: label and context if derivation +); #if 0 /* libtpms added */ //*** ObjectSetExternal() diff --git a/src/tpm2/PCR.c b/src/tpm2/PCR.c index 51a62021..d0bba177 100644 --- a/src/tpm2/PCR.c +++ b/src/tpm2/PCR.c @@ -92,11 +92,11 @@ TPM_STATIC_ASSERT(NUM_POLICY_PCR_GROUP < (1 << MAX_PCR_GROUP_BITS)); // TRUE(1) PCR belongs an authorization group // FALSE(0) PCR does not belong an authorization group BOOL PCRBelongsAuthGroup(TPMI_DH_PCR handle, // IN: handle of PCR - UINT32* groupIndex // OUT: group array index if PCR - // belongs to a group that allows authValue. If PCR - // does not belong to an authorization - // group, the value in this parameter is zero - ) + UINT32* groupIndex // OUT: group array index if PCR + // belongs to a group that allows authValue. If PCR + // does not belong to an authorization + // group, the value in this parameter is zero +) { *groupIndex = 0; @@ -108,15 +108,15 @@ BOOL PCRBelongsAuthGroup(TPMI_DH_PCR handle, // IN: handle of PCR // accordingly UINT32 pcr = handle - PCR_FIRST; PCR_Attributes currentPcrAttributes = - _platPcr__GetPcrInitializationAttributes(pcr); + _platPcr__GetPcrInitializationAttributes(pcr); if(currentPcrAttributes.authValuesGroup != 0) - { - // turn 1-based group number into actual array index expected by callers - *groupIndex = currentPcrAttributes.authValuesGroup - 1; - pAssert_BOOL(*groupIndex < NUM_AUTHVALUE_PCR_GROUP); - return TRUE; - } + { + // turn 1-based group number into actual array index expected by callers + *groupIndex = currentPcrAttributes.authValuesGroup - 1; + pAssert_BOOL(*groupIndex < NUM_AUTHVALUE_PCR_GROUP); + return TRUE; + } #endif return FALSE; @@ -131,12 +131,12 @@ BOOL PCRBelongsAuthGroup(TPMI_DH_PCR handle, // IN: handle of PCR // TRUE: PCR belongs a policy group // FALSE: PCR does not belong a policy group BOOL PCRBelongsPolicyGroup( - TPMI_DH_PCR handle, // IN: handle of PCR - UINT32* groupIndex // OUT: group index if PCR belongs a group that - // allows policy. If PCR does not belong to - // a policy group, the value in this - // parameter is zero - ) + TPMI_DH_PCR handle, // IN: handle of PCR + UINT32* groupIndex // OUT: group index if PCR belongs a group that + // allows policy. If PCR does not belong to + // a policy group, the value in this + // parameter is zero +) { *groupIndex = 0; @@ -145,14 +145,14 @@ BOOL PCRBelongsPolicyGroup( // belongs to which group. UINT32 pcr = handle - PCR_FIRST; PCR_Attributes currentPcrAttributes = - _platPcr__GetPcrInitializationAttributes(pcr); + _platPcr__GetPcrInitializationAttributes(pcr); if(currentPcrAttributes.policyAuthGroup != 0) - { - // turn 1-based group number into actual array index expected by callers - *groupIndex = currentPcrAttributes.policyAuthGroup - 1; - pAssert_BOOL(*groupIndex < NUM_POLICY_PCR_GROUP); - return TRUE; - } + { + // turn 1-based group number into actual array index expected by callers + *groupIndex = currentPcrAttributes.policyAuthGroup - 1; + pAssert_BOOL(*groupIndex < NUM_POLICY_PCR_GROUP); + return TRUE; + } #endif return FALSE; } @@ -163,13 +163,13 @@ BOOL PCRBelongsPolicyGroup( // TRUE: PCR belongs to TCB group // FALSE: PCR does not belong to TCB group static BOOL PCRBelongsTCBGroup(TPMI_DH_PCR handle // IN: handle of PCR - ) +) { #if ENABLE_PCR_NO_INCREMENT == YES // Platform specification decides if a PCR belongs to a TCB group. UINT32 pcr = handle - PCR_FIRST; PCR_Attributes currentPcrAttributes = - _platPcr__GetPcrInitializationAttributes(pcr); + _platPcr__GetPcrInitializationAttributes(pcr); return currentPcrAttributes.doNotIncrementPcrCounter; #else return FALSE; @@ -182,7 +182,7 @@ static BOOL PCRBelongsTCBGroup(TPMI_DH_PCR handle // IN: handle of PCR // TRUE the PCR may be authorized by policy // FALSE the PCR does not allow policy BOOL PCRPolicyIsAvailable(TPMI_DH_PCR handle // IN: PCR handle - ) +) { UINT32 groupIndex; @@ -193,18 +193,18 @@ BOOL PCRPolicyIsAvailable(TPMI_DH_PCR handle // IN: PCR handle // This function is used to access the authValue of a PCR. If PCR does not // belong to an authValue group, an EmptyAuth will be returned. TPM2B_AUTH* PCRGetAuthValue(TPMI_DH_PCR handle // IN: PCR handle - ) +) { UINT32 groupIndex; if(PCRBelongsAuthGroup(handle, &groupIndex)) - { - return &gc.pcrAuthValues.auth[groupIndex]; - } + { + return &gc.pcrAuthValues.auth[groupIndex]; + } else - { - return NULL; - } + { + return NULL; + } } //*** PCRGetAuthPolicy() @@ -213,21 +213,21 @@ TPM2B_AUTH* PCRGetAuthValue(TPMI_DH_PCR handle // IN: PCR handle // If the PCR does not allow a policy, TPM_ALG_NULL is returned. TPMI_ALG_HASH PCRGetAuthPolicy(TPMI_DH_PCR handle, // IN: PCR handle - TPM2B_DIGEST* policy // OUT: policy of PCR - ) + TPM2B_DIGEST* policy // OUT: policy of PCR +) { UINT32 groupIndex; if(PCRBelongsPolicyGroup(handle, &groupIndex)) - { - *policy = gp.pcrPolicies.policy[groupIndex]; - return gp.pcrPolicies.hashAlg[groupIndex]; - } + { + *policy = gp.pcrPolicies.policy[groupIndex]; + return gp.pcrPolicies.hashAlg[groupIndex]; + } else - { - policy->t.size = 0; - return TPM_ALG_NULL; - } + { + policy->t.size = 0; + return TPM_ALG_NULL; + } } //*** PCRManufacture() @@ -239,36 +239,36 @@ void PCRManufacture(void) UINT32 i; #if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 for(i = 0; i < NUM_POLICY_PCR_GROUP; i++) - { - gp.pcrPolicies.hashAlg[i] = TPM_ALG_NULL; - gp.pcrPolicies.policy[i].t.size = 0; - } + { + gp.pcrPolicies.hashAlg[i] = TPM_ALG_NULL; + gp.pcrPolicies.policy[i].t.size = 0; + } #endif #if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 for(i = 0; i < NUM_AUTHVALUE_PCR_GROUP; i++) - { - gc.pcrAuthValues.auth[i].t.size = 0; - } + { + gc.pcrAuthValues.auth[i].t.size = 0; + } #endif // We need to give an initial configuration on allocated PCR before // receiving any TPM2_PCR_Allocate command to change this configuration // When the simulation environment starts, we allocate all the PCRs for(gp.pcrAllocated.count = 0; gp.pcrAllocated.count < HASH_COUNT; - gp.pcrAllocated.count++) - { - TPM_ALG_ID currentBank = CryptHashGetAlgByIndex(gp.pcrAllocated.count); - BOOL isBankActive = _platPcr_IsPcrBankDefaultActive(currentBank); + gp.pcrAllocated.count++) + { + TPM_ALG_ID currentBank = CryptHashGetAlgByIndex(gp.pcrAllocated.count); + BOOL isBankActive = _platPcr_IsPcrBankDefaultActive(currentBank); - gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].hash = currentBank; + gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].hash = currentBank; - gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].sizeofSelect = - PCR_SELECT_MAX; - for(i = 0; i < PCR_SELECT_MAX; i++) - { - gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].pcrSelect[i] = - isBankActive ? 0xFF : 0; - } - } + gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].sizeofSelect = + PCR_SELECT_MAX; + for(i = 0; i < PCR_SELECT_MAX; i++) + { + gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].pcrSelect[i] = + isBankActive ? 0xFF : 0; + } + } // Store the initial configuration to NV NV_SYNC_PERSISTENT(pcrPolicies); @@ -285,23 +285,23 @@ void PCRManufacture(void) // NULL no such algorithm // != NULL pointer to the 0th byte of the 0th PCR static BYTE* GetSavedPcrPointer(TPM_ALG_ID alg, // IN: algorithm for bank - UINT32 pcrIndex // IN: PCR index in PCR_SAVE - ) + UINT32 pcrIndex // IN: PCR index in PCR_SAVE +) { BYTE* retVal = NULL; switch(alg) - { -#define HASH_CASE(HASH, Hash) \ - case TPM_ALG_##HASH: \ - retVal = gc.pcrSave.Hash[pcrIndex]; \ - break; + { +#define HASH_CASE(HASH, Hash) \ + case TPM_ALG_##HASH: \ + retVal = gc.pcrSave.Hash[pcrIndex]; \ + break; - FOR_EACH_HASH(HASH_CASE) + FOR_EACH_HASH(HASH_CASE) #undef HASH_CASE - default: - FAIL_NULL(FATAL_ERROR_INTERNAL); - } + default: + FAIL_NULL(FATAL_ERROR_INTERNAL); + } return retVal; } @@ -312,28 +312,28 @@ static BYTE* GetSavedPcrPointer(TPM_ALG_ID alg, // IN: algorithm for bank // TRUE(1) PCR is allocated // FALSE(0) PCR is not allocated BOOL PcrIsAllocated(UINT32 pcr, // IN: The number of the PCR - TPMI_ALG_HASH hashAlg // IN: The PCR algorithm - ) + TPMI_ALG_HASH hashAlg // IN: The PCR algorithm +) { UINT32 i; BOOL allocated = FALSE; if(pcr < IMPLEMENTATION_PCR) - { - for(i = 0; i < gp.pcrAllocated.count; i++) - { - if(gp.pcrAllocated.pcrSelections[i].hash == hashAlg) - { - if(((gp.pcrAllocated.pcrSelections[i].pcrSelect[pcr / 8]) - & (1 << (pcr % 8))) - != 0) - allocated = TRUE; - else - allocated = FALSE; - break; - } - } - } + { + for(i = 0; i < gp.pcrAllocated.count; i++) + { + if(gp.pcrAllocated.pcrSelections[i].hash == hashAlg) + { + if(((gp.pcrAllocated.pcrSelections[i].pcrSelect[pcr / 8]) + & (1 << (pcr % 8))) + != 0) + allocated = TRUE; + else + allocated = FALSE; + break; + } + } + } return allocated; } @@ -342,64 +342,64 @@ BOOL PcrIsAllocated(UINT32 pcr, // IN: The number of the PCR // vs the size of the array. // See Also: GetPcrPointerIfAllocated static BYTE* GetPcrPointerFromPcrArray(PCR* pPcrArray, - TPM_ALG_ID alg, // IN: algorithm for bank - UINT32 pcrNumber // IN: PCR number - ) + TPM_ALG_ID alg, // IN: algorithm for bank + UINT32 pcrNumber // IN: PCR number +) { switch(alg) - { + { #if ALG_SHA1 - case TPM_ALG_SHA1: - return pPcrArray[pcrNumber].Sha1Pcr; + case TPM_ALG_SHA1: + return pPcrArray[pcrNumber].Sha1Pcr; #endif #if ALG_SHA256 - case TPM_ALG_SHA256: - return pPcrArray[pcrNumber].Sha256Pcr; + case TPM_ALG_SHA256: + return pPcrArray[pcrNumber].Sha256Pcr; #endif #if ALG_SHA384 - case TPM_ALG_SHA384: - return pPcrArray[pcrNumber].Sha384Pcr; // libtpms: appended 'Pcr' + case TPM_ALG_SHA384: + return pPcrArray[pcrNumber].Sha384Pcr; // libtpms: appended 'Pcr' #endif #if ALG_SHA512 - case TPM_ALG_SHA512: - return pPcrArray[pcrNumber].Sha512Pcr; // libtpms: appended 'Pcr' + case TPM_ALG_SHA512: + return pPcrArray[pcrNumber].Sha512Pcr; // libtpms: appended 'Pcr' #endif #if ALG_SM3_256 - case TPM_ALG_SM3_256: - return pPcrArray[pcrNumber].Sm3_256; + case TPM_ALG_SM3_256: + return pPcrArray[pcrNumber].Sm3_256; #endif #if ALG_SHA3_256 - case TPM_ALG_SHA3_256: - return pPcrArray[pcrNumber].Sha3_256; + case TPM_ALG_SHA3_256: + return pPcrArray[pcrNumber].Sha3_256; #endif #if ALG_SHA3_384 - case TPM_ALG_SHA3_384: - return pPcrArray[pcrNumber].Sha3_384; + case TPM_ALG_SHA3_384: + return pPcrArray[pcrNumber].Sha3_384; #endif #if ALG_SHA3_512 - case TPM_ALG_SHA3_512: - return pPcrArray[pcrNumber].Sha3_512; + case TPM_ALG_SHA3_512: + return pPcrArray[pcrNumber].Sha3_512; #endif - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } return NULL; } BYTE* GetPcrPointerIfAllocated(PCR* pPcrArray, - TPM_ALG_ID alg, // IN: algorithm for bank - UINT32 pcrNumber // IN: PCR number - ) + TPM_ALG_ID alg, // IN: algorithm for bank + UINT32 pcrNumber // IN: PCR number +) { // if(!PcrIsAllocated(pcrNumber, alg)) - return NULL; + return NULL; return GetPcrPointerFromPcrArray(pPcrArray, - alg, // IN: algorithm for bank - pcrNumber // IN: PCR number - ); + alg, // IN: algorithm for bank + pcrNumber // IN: PCR number + ); } //*** GetPcrPointer() @@ -410,8 +410,8 @@ BYTE* GetPcrPointerIfAllocated(PCR* pPcrArray, // NULL no such algorithm // != NULL pointer to the 0th byte of the requested PCR BYTE* GetPcrPointer(TPM_ALG_ID alg, // IN: algorithm for bank - UINT32 pcrNumber // IN: PCR number - ) + UINT32 pcrNumber // IN: PCR number +) { return GetPcrPointerIfAllocated(s_pcrs, alg, pcrNumber); } @@ -424,13 +424,13 @@ BYTE* GetPcrPointer(TPM_ALG_ID alg, // IN: algorithm for bank // TRUE(1) PCR is selected // FALSE(0) PCR is not selected static BOOL IsPcrSelected( - UINT32 pcr, // IN: The number of the PCR - TPMS_PCR_SELECTION* selection // IN: The selection structure - ) + UINT32 pcr, // IN: The number of the PCR + TPMS_PCR_SELECTION* selection // IN: The selection structure +) { BOOL selected; selected = (pcr < IMPLEMENTATION_PCR - && ((selection->pcrSelect[pcr / 8]) & (1 << (pcr % 8))) != 0); + && ((selection->pcrSelect[pcr / 8]) & (1 << (pcr % 8))) != 0); return selected; } @@ -438,35 +438,35 @@ static BOOL IsPcrSelected( // This function modifies a PCR selection array based on the implemented // PCR. static void FilterPcr(TPMS_PCR_SELECTION* selection // IN: input PCR selection - ) +) { UINT32 i; TPMS_PCR_SELECTION* allocated = NULL; // If size of select is less than PCR_SELECT_MAX, zero the unspecified PCR for(i = selection->sizeofSelect; i < PCR_SELECT_MAX; i++) - selection->pcrSelect[i] = 0; + selection->pcrSelect[i] = 0; // Find the internal configuration for the bank for(i = 0; i < gp.pcrAllocated.count; i++) - { - if(gp.pcrAllocated.pcrSelections[i].hash == selection->hash) - { - allocated = &gp.pcrAllocated.pcrSelections[i]; - break; - } - } + { + if(gp.pcrAllocated.pcrSelections[i].hash == selection->hash) + { + allocated = &gp.pcrAllocated.pcrSelections[i]; + break; + } + } for(i = 0; i < selection->sizeofSelect; i++) - { - if(allocated == NULL) - { - // If the required bank does not exist, clear input selection - selection->pcrSelect[i] = 0; - } - else - selection->pcrSelect[i] &= allocated->pcrSelect[i]; - } + { + if(allocated == NULL) + { + // If the required bank does not exist, clear input selection + selection->pcrSelect[i] = 0; + } + else + selection->pcrSelect[i] &= allocated->pcrSelect[i]; + } return; } @@ -475,26 +475,26 @@ static void FilterPcr(TPMS_PCR_SELECTION* selection // IN: input PCR selection // This function does the DRTM and H-CRTM processing it is called from // _TPM_Hash_End. void PcrDrtm(const TPMI_DH_PCR pcrHandle, // IN: the index of the PCR to be - // modified - const TPMI_ALG_HASH hash, // IN: the bank identifier - const TPM2B_DIGEST* digest // IN: the digest to modify the PCR - ) + // modified + const TPMI_ALG_HASH hash, // IN: the bank identifier + const TPM2B_DIGEST* digest // IN: the digest to modify the PCR +) { BYTE* pcrData = GetPcrPointer(hash, pcrHandle); if(pcrData != NULL) - { - // Rest the PCR to zeros - MemorySet(pcrData, 0, digest->t.size); + { + // Rest the PCR to zeros + MemorySet(pcrData, 0, digest->t.size); - // if the TPM has not started, then set the PCR to 0...04 and then extend - if(!TPMIsStarted()) - { - pcrData[digest->t.size - 1] = 4; - } - // Now, extend the value - PCRExtend(pcrHandle, hash, digest->t.size, (BYTE*)digest->t.buffer); - } + // if the TPM has not started, then set the PCR to 0...04 and then extend + if(!TPMIsStarted()) + { + pcrData[digest->t.size - 1] = 4; + } + // Now, extend the value + PCRExtend(pcrHandle, hash, digest->t.size, (BYTE*)digest->t.buffer); + } } //*** PCR_ClearAuth() @@ -505,17 +505,17 @@ void PCR_ClearAuth(void) #if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 int j; for(j = 0; j < NUM_AUTHVALUE_PCR_GROUP; j++) - { - gc.pcrAuthValues.auth[j].t.size = 0; - } + { + gc.pcrAuthValues.auth[j].t.size = 0; + } #endif } //*** PCRStartup() // This function initializes the PCR subsystem at TPM2_Startup(). BOOL PCRStartup(STARTUP_TYPE type, // IN: startup type - BYTE locality // IN: startup locality - ) + BYTE locality // IN: startup locality +) { UINT32 pcr, j; UINT32 saveIndex = 0; @@ -525,10 +525,10 @@ BOOL PCRStartup(STARTUP_TYPE type, // IN: startup type // Don't test for SU_RESET because that should be the default when nothing // else is selected if(type != SU_RESUME && type != SU_RESTART) - { - // PCR generation counter is cleared at TPM_RESET - gr.pcrCounter = 0; - } + { + // PCR generation counter is cleared at TPM_RESET + gr.pcrCounter = 0; + } // check the TPM library and platform are properly paired. // if this fails the platform and library are compiled with different @@ -538,140 +538,140 @@ BOOL PCRStartup(STARTUP_TYPE type, // IN: startup type // Initialize/Restore PCR values for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - // On resume, need to know if this PCR had its state saved or not - UINT32 stateSaved; - // note structure is a bitfield and returned by value. - PCR_Attributes currentPcrAttributes = - _platPcr__GetPcrInitializationAttributes(pcr); + { + // On resume, need to know if this PCR had its state saved or not + UINT32 stateSaved; + // note structure is a bitfield and returned by value. + PCR_Attributes currentPcrAttributes = + _platPcr__GetPcrInitializationAttributes(pcr); - if(type == SU_RESUME && currentPcrAttributes.stateSave == SET) - { - stateSaved = 1; - } - else - { - stateSaved = 0; - PCRChanged(pcr); - } + if(type == SU_RESUME && currentPcrAttributes.stateSave == SET) + { + stateSaved = 1; + } + else + { + stateSaved = 0; + PCRChanged(pcr); + } - // If this is the H-CRTM PCR and we are not doing a resume and we - // had an H-CRTM event, then we don't change this PCR - if(pcr == HCRTM_PCR && type != SU_RESUME && g_DrtmPreStartup == TRUE) - continue; + // If this is the H-CRTM PCR and we are not doing a resume and we + // had an H-CRTM event, then we don't change this PCR + if(pcr == HCRTM_PCR && type != SU_RESUME && g_DrtmPreStartup == TRUE) + continue; - // Iterate each hash algorithm bank - for(j = 0; j < gp.pcrAllocated.count; j++) - { - TPMI_ALG_HASH hash = gp.pcrAllocated.pcrSelections[j].hash; - BYTE* pcrData = GetPcrPointer(hash, pcr); - UINT16 pcrSize = CryptHashGetDigestSize(hash); + // Iterate each hash algorithm bank + for(j = 0; j < gp.pcrAllocated.count; j++) + { + TPMI_ALG_HASH hash = gp.pcrAllocated.pcrSelections[j].hash; + BYTE* pcrData = GetPcrPointer(hash, pcr); + UINT16 pcrSize = CryptHashGetDigestSize(hash); - if(pcrData != NULL) - { - // if state was saved - if(stateSaved == 1) - { - // Restore saved PCR value - BYTE* pcrSavedData; - pcrSavedData = GetSavedPcrPointer(hash, saveIndex); - if(pcrSavedData == NULL) - return FALSE; - MemoryCopy(pcrData, pcrSavedData, pcrSize); - } - else // PCR was not restored by state save - { - // give platform opportunity to provide the PCR initialization - // value and it's length. this provides a platform specification - // the ability to change the default values without affecting the - // core library. if the platform doesn't have a value, then the - // result is expected to be TPM_RC_PCR and the size to be 0 and we - // provide the original defaults. - uint16_t pcrLength = 0; - TPM_RC pcrInitialResult = _platPcr__GetInitialValueForPcr( - pcr, hash, locality, pcrData, pcrSize, &pcrLength); + if(pcrData != NULL) + { + // if state was saved + if(stateSaved == 1) + { + // Restore saved PCR value + BYTE* pcrSavedData; + pcrSavedData = GetSavedPcrPointer(hash, saveIndex); + if(pcrSavedData == NULL) + return FALSE; + MemoryCopy(pcrData, pcrSavedData, pcrSize); + } + else // PCR was not restored by state save + { + // give platform opportunity to provide the PCR initialization + // value and it's length. this provides a platform specification + // the ability to change the default values without affecting the + // core library. if the platform doesn't have a value, then the + // result is expected to be TPM_RC_PCR and the size to be 0 and we + // provide the original defaults. + uint16_t pcrLength = 0; + TPM_RC pcrInitialResult = _platPcr__GetInitialValueForPcr( + pcr, hash, locality, pcrData, pcrSize, &pcrLength); - // any other result is a fatal error - pAssert_BOOL(pcrInitialResult == TPM_RC_SUCCESS - || pcrInitialResult == TPM_RC_PCR); - if(pcrInitialResult == TPM_RC_SUCCESS && pcrLength == pcrSize) - { - // just use the PCR initialized by platform - } - else - { - // If the reset locality contains locality 4, then this - // indicates a DRTM PCR where the reset value is all ones, - // otherwise it is all zero. Don't check with equal because - // resetLocality is a bitfield of multiple values and does - // not support extended localities. - BYTE defaultValue = 0; - if((currentPcrAttributes.resetLocality & 0x10) != 0) - { - defaultValue = 0xFF; - } - MemorySet(pcrData, defaultValue, pcrSize); - if(pcr == HCRTM_PCR) - { - pcrData[pcrSize - 1] = locality; - } - } - } - } - } - saveIndex += stateSaved; - } + // any other result is a fatal error + pAssert_BOOL(pcrInitialResult == TPM_RC_SUCCESS + || pcrInitialResult == TPM_RC_PCR); + if(pcrInitialResult == TPM_RC_SUCCESS && pcrLength == pcrSize) + { + // just use the PCR initialized by platform + } + else + { + // If the reset locality contains locality 4, then this + // indicates a DRTM PCR where the reset value is all ones, + // otherwise it is all zero. Don't check with equal because + // resetLocality is a bitfield of multiple values and does + // not support extended localities. + BYTE defaultValue = 0; + if((currentPcrAttributes.resetLocality & 0x10) != 0) + { + defaultValue = 0xFF; + } + MemorySet(pcrData, defaultValue, pcrSize); + if(pcr == HCRTM_PCR) + { + pcrData[pcrSize - 1] = locality; + } + } + } + } + } + saveIndex += stateSaved; + } // Reset authValues on TPM2_Startup(CLEAR) if(type != SU_RESUME) - PCR_ClearAuth(); + PCR_ClearAuth(); return TRUE; } //*** PCRStateSave() // This function is used to save the PCR values that will be restored on TPM Resume. void PCRStateSave(TPM_SU type // IN: startup type - ) +) { UINT32 pcr, j; UINT32 saveIndex = 0; // if state save CLEAR, nothing to be done. Return here if(type == TPM_SU_CLEAR) - return; + return; // Copy PCR values to the structure that should be saved to NV for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - PCR_Attributes currentPcrAttributes = - _platPcr__GetPcrInitializationAttributes(pcr); + { + PCR_Attributes currentPcrAttributes = + _platPcr__GetPcrInitializationAttributes(pcr); - UINT32 stateSaved = (currentPcrAttributes.stateSave == SET) ? 1 : 0; + UINT32 stateSaved = (currentPcrAttributes.stateSave == SET) ? 1 : 0; - // Iterate each hash algorithm bank - for(j = 0; j < gp.pcrAllocated.count; j++) - { - BYTE* pcrData; - UINT32 pcrSize; + // Iterate each hash algorithm bank + for(j = 0; j < gp.pcrAllocated.count; j++) + { + BYTE* pcrData; + UINT32 pcrSize; - pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[j].hash, pcr); + pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[j].hash, pcr); - if(pcrData != NULL) - { - pcrSize = - CryptHashGetDigestSize(gp.pcrAllocated.pcrSelections[j].hash); + if(pcrData != NULL) + { + pcrSize = + CryptHashGetDigestSize(gp.pcrAllocated.pcrSelections[j].hash); - if(stateSaved == 1) - { - // Restore saved PCR value - BYTE* pcrSavedData; - pcrSavedData = GetSavedPcrPointer( - gp.pcrAllocated.pcrSelections[j].hash, saveIndex); - MemoryCopy(pcrSavedData, pcrData, pcrSize); - } - } - } - saveIndex += stateSaved; - } + if(stateSaved == 1) + { + // Restore saved PCR value + BYTE* pcrSavedData; + pcrSavedData = GetSavedPcrPointer( + gp.pcrAllocated.pcrSelections[j].hash, saveIndex); + MemoryCopy(pcrSavedData, pcrData, pcrSize); + } + } + } + saveIndex += stateSaved; + } return; } @@ -683,16 +683,16 @@ void PCRStateSave(TPM_SU type // IN: startup type // TRUE(1) PCR is state saved // FALSE(0) PCR is not state saved BOOL PCRIsStateSaved(TPMI_DH_PCR handle // IN: PCR handle to be extended - ) +) { UINT32 pcr = handle - PCR_FIRST; PCR_Attributes currentPcrAttributes = - _platPcr__GetPcrInitializationAttributes(pcr); + _platPcr__GetPcrInitializationAttributes(pcr); if(currentPcrAttributes.stateSave == SET) - return TRUE; + return TRUE; else - return FALSE; + return FALSE; } //*** PCRIsResetAllowed() @@ -702,13 +702,13 @@ BOOL PCRIsStateSaved(TPMI_DH_PCR handle // IN: PCR handle to be extended // TRUE(1) TPM2_PCR_Reset is allowed // FALSE(0) TPM2_PCR_Reset is not allowed BOOL PCRIsResetAllowed(TPMI_DH_PCR handle // IN: PCR handle to be extended - ) +) { UINT8 commandLocality; UINT8 localityBits = 1; UINT32 pcr = handle - PCR_FIRST; PCR_Attributes currentPcrAttributes = - _platPcr__GetPcrInitializationAttributes(pcr); + _platPcr__GetPcrInitializationAttributes(pcr); // Check for the locality commandLocality = _plat__LocalityGet(); @@ -716,14 +716,14 @@ BOOL PCRIsResetAllowed(TPMI_DH_PCR handle // IN: PCR handle to be extended #ifdef DRTM_PCR // For a TPM that does DRTM, Reset is not allowed at locality 4 if(commandLocality == 4) - return FALSE; + return FALSE; #endif localityBits = localityBits << commandLocality; if((localityBits & currentPcrAttributes.resetLocality) == 0) - return FALSE; + return FALSE; else - return TRUE; + return TRUE; } //*** PCRChanged() @@ -733,16 +733,16 @@ BOOL PCRIsResetAllowed(TPMI_DH_PCR handle // IN: PCR handle to be extended // handle is zero which means that PCR 0 can not be in the TCB group. Bump on zero // is used by TPM2_Clear(). void PCRChanged(TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. - ) +) { // For the reference implementation, the only change that does not cause // increment is a change to a PCR in the TCB group. if((pcrHandle == 0) || !PCRBelongsTCBGroup(pcrHandle)) - { - gr.pcrCounter++; - if(gr.pcrCounter == 0) - FAIL(FATAL_ERROR_COUNTER_OVERFLOW); - } + { + gr.pcrCounter++; + if(gr.pcrCounter == 0) + FAIL(FATAL_ERROR_COUNTER_OVERFLOW); + } } //*** PCRIsExtendAllowed() @@ -752,30 +752,30 @@ void PCRChanged(TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. // TRUE(1) extend is allowed // FALSE(0) extend is not allowed BOOL PCRIsExtendAllowed(TPMI_DH_PCR handle // IN: PCR handle to be extended - ) +) { UINT8 commandLocality; UINT8 localityBits = 1; UINT32 pcr = handle - PCR_FIRST; PCR_Attributes currentPcrAttributes = - _platPcr__GetPcrInitializationAttributes(pcr); + _platPcr__GetPcrInitializationAttributes(pcr); // Check for the locality commandLocality = _plat__LocalityGet(); localityBits = localityBits << commandLocality; if((localityBits & currentPcrAttributes.extendLocality) == 0) - return FALSE; + return FALSE; else - return TRUE; + return TRUE; } //*** PCRExtend() // This function is used to extend a PCR in a specific bank. void PCRExtend(TPMI_DH_PCR handle, // IN: PCR handle to be extended - TPMI_ALG_HASH hash, // IN: hash algorithm of PCR - UINT32 size, // IN: size of data to be extended - BYTE* data // IN: data to be extended - ) + TPMI_ALG_HASH hash, // IN: hash algorithm of PCR + UINT32 size, // IN: size of data to be extended + BYTE* data // IN: data to be extended +) { BYTE* pcrData; HASH_STATE hashState; @@ -785,16 +785,16 @@ void PCRExtend(TPMI_DH_PCR handle, // IN: PCR handle to be extended // Extend PCR if it is allocated if(pcrData != NULL) - { - pcrSize = CryptHashGetDigestSize(hash); - CryptHashStart(&hashState, hash); - CryptDigestUpdate(&hashState, pcrSize, pcrData); - CryptDigestUpdate(&hashState, size, data); - CryptHashEnd(&hashState, pcrSize, pcrData); + { + pcrSize = CryptHashGetDigestSize(hash); + CryptHashStart(&hashState, hash); + CryptDigestUpdate(&hashState, pcrSize, pcrData); + CryptDigestUpdate(&hashState, size, data); + CryptHashEnd(&hashState, pcrSize, pcrData); - // PCR has changed so update the pcrCounter if necessary - PCRChanged(handle); - } + // PCR has changed so update the pcrCounter if necessary + PCRChanged(handle); + } return; } @@ -805,11 +805,11 @@ void PCRExtend(TPMI_DH_PCR handle, // IN: PCR handle to be extended // As a side-effect, 'selection' is modified so that only the implemented PCR // will have their bits still set. void PCRComputeCurrentDigest( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest - TPML_PCR_SELECTION* selection, // IN/OUT: PCR selection (filtered on - // output) - TPM2B_DIGEST* digest // OUT: digest - ) + TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest + TPML_PCR_SELECTION* selection, // IN/OUT: PCR selection (filtered on + // output) + TPM2B_DIGEST* digest // OUT: digest +) { HASH_STATE hashState; TPMS_PCR_SELECTION* select; @@ -824,26 +824,26 @@ void PCRComputeCurrentDigest( // Iterate through the list of PCR selection structures for(i = 0; i < selection->count; i++) - { - // Point to the current selection - select = &selection->pcrSelections[i]; // Point to the current selection - FilterPcr(select); // Clear out the bits for unimplemented PCR + { + // Point to the current selection + select = &selection->pcrSelections[i]; // Point to the current selection + FilterPcr(select); // Clear out the bits for unimplemented PCR - // Need the size of each digest - pcrSize = CryptHashGetDigestSize(selection->pcrSelections[i].hash); + // Need the size of each digest + pcrSize = CryptHashGetDigestSize(selection->pcrSelections[i].hash); - // Iterate through the selection - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - if(IsPcrSelected(pcr, select)) // Is this PCR selected - { - // Get pointer to the digest data for the bank - pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); - pAssert(pcrData != NULL); - CryptDigestUpdate(&hashState, pcrSize, pcrData); // add to digest - } - } - } + // Iterate through the selection + for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) + { + if(IsPcrSelected(pcr, select)) // Is this PCR selected + { + // Get pointer to the digest data for the bank + pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); + pAssert(pcrData != NULL); + CryptDigestUpdate(&hashState, pcrSize, pcrData); // add to digest + } + } + } // Complete hash stack CryptHashEnd2B(&hashState, &digest->b); @@ -855,11 +855,11 @@ void PCRComputeCurrentDigest( // number exceeds the maximum number that can be output, the 'selection' is // adjusted to reflect the actual output PCR. void PCRRead(TPML_PCR_SELECTION* selection, // IN/OUT: PCR selection (filtered on - // output) - TPML_DIGEST* digest, // OUT: digest - UINT32* pcrCounter // OUT: the current value of PCR generation - // number - ) + // output) + TPML_DIGEST* digest, // OUT: digest + UINT32* pcrCounter // OUT: the current value of PCR generation + // number +) { TPMS_PCR_SELECTION* select; BYTE* pcrData; // will point to a digest @@ -870,60 +870,60 @@ void PCRRead(TPML_PCR_SELECTION* selection, // IN/OUT: PCR selection (filtered // Iterate through the list of PCR selection structures for(i = 0; i < selection->count; i++) - { - // Point to the current selection - select = &selection->pcrSelections[i]; // Point to the current selection - FilterPcr(select); // Clear out the bits for unimplemented PCR + { + // Point to the current selection + select = &selection->pcrSelections[i]; // Point to the current selection + FilterPcr(select); // Clear out the bits for unimplemented PCR - // Iterate through the selection - for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - if(IsPcrSelected(pcr, select)) // Is this PCR selected - { - // Check if number of digest exceed upper bound - if(digest->count > 7) - { - // Clear rest of the current select bitmap - while(pcr < IMPLEMENTATION_PCR - // do not round up! - && (pcr / 8) < select->sizeofSelect) - { - // do not round up! - select->pcrSelect[pcr / 8] &= (BYTE) ~(1 << (pcr % 8)); - pcr++; - } - // Exit inner loop - break; - } - // Need the size of each digest - digest->digests[digest->count].t.size = - CryptHashGetDigestSize(selection->pcrSelections[i].hash); + // Iterate through the selection + for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) + { + if(IsPcrSelected(pcr, select)) // Is this PCR selected + { + // Check if number of digest exceed upper bound + if(digest->count > 7) + { + // Clear rest of the current select bitmap + while(pcr < IMPLEMENTATION_PCR + // do not round up! + && (pcr / 8) < select->sizeofSelect) + { + // do not round up! + select->pcrSelect[pcr / 8] &= (BYTE) ~(1 << (pcr % 8)); + pcr++; + } + // Exit inner loop + break; + } + // Need the size of each digest + digest->digests[digest->count].t.size = + CryptHashGetDigestSize(selection->pcrSelections[i].hash); - // Get pointer to the digest data for the bank - pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); - pAssert(pcrData != NULL); - // Add to the data to digest - MemoryCopy(digest->digests[digest->count].t.buffer, - pcrData, - digest->digests[digest->count].t.size); - digest->count++; - } - } - // If we exit inner loop because we have exceed the output upper bound - if(digest->count > 7 && pcr < IMPLEMENTATION_PCR) - { - // Clear rest of the selection - while(i < selection->count) - { - MemorySet(selection->pcrSelections[i].pcrSelect, - 0, - selection->pcrSelections[i].sizeofSelect); - i++; - } - // exit outer loop - break; - } - } + // Get pointer to the digest data for the bank + pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); + pAssert(pcrData != NULL); + // Add to the data to digest + MemoryCopy(digest->digests[digest->count].t.buffer, + pcrData, + digest->digests[digest->count].t.size); + digest->count++; + } + } + // If we exit inner loop because we have exceed the output upper bound + if(digest->count > 7 && pcr < IMPLEMENTATION_PCR) + { + // Clear rest of the selection + while(i < selection->count) + { + MemorySet(selection->pcrSelections[i].pcrSelect, + 0, + selection->pcrSelections[i].sizeofSelect); + i++; + } + // exit outer loop + break; + } + } *pcrCounter = gr.pcrCounter; @@ -937,10 +937,10 @@ void PCRRead(TPML_PCR_SELECTION* selection, // IN/OUT: PCR selection (filtered // TPM_RC_PCR improper allocation TPM_RC PCRAllocate(TPML_PCR_SELECTION* allocate, // IN: required allocation - UINT32* maxPCR, // OUT: Maximum number of PCR - UINT32* sizeNeeded, // OUT: required space - UINT32* sizeAvailable // OUT: available space - ) + UINT32* maxPCR, // OUT: Maximum number of PCR + UINT32* sizeNeeded, // OUT: required space + UINT32* sizeAvailable // OUT: available space +) { UINT32 i, j, k; TPML_PCR_SELECTION newAllocate; @@ -956,69 +956,69 @@ PCRAllocate(TPML_PCR_SELECTION* allocate, // IN: required allocation // last one will be in effect. newAllocate = gp.pcrAllocated; for(i = 0; i < allocate->count; i++) - { - for(j = 0; j < newAllocate.count; j++) - { - // If hash matches, the new allocation covers the old allocation - // for this particular bank. - // The assumption is the initial PCR allocation (from manufacture) - // has all the supported hash algorithms with an assigned bank - // (possibly empty). So there must be a match for any new bank - // allocation from the input. - if(newAllocate.pcrSelections[j].hash == allocate->pcrSelections[i].hash) - { - newAllocate.pcrSelections[j] = allocate->pcrSelections[i]; - break; - } - } - // The j loop must exit with a match. - pAssert(j < newAllocate.count); - } + { + for(j = 0; j < newAllocate.count; j++) + { + // If hash matches, the new allocation covers the old allocation + // for this particular bank. + // The assumption is the initial PCR allocation (from manufacture) + // has all the supported hash algorithms with an assigned bank + // (possibly empty). So there must be a match for any new bank + // allocation from the input. + if(newAllocate.pcrSelections[j].hash == allocate->pcrSelections[i].hash) + { + newAllocate.pcrSelections[j] = allocate->pcrSelections[i]; + break; + } + } + // The j loop must exit with a match. + pAssert(j < newAllocate.count); + } // Max PCR in a bank is MIN(implemented PCR, PCR with attributes defined) *maxPCR = _platPcr__NumberOfPcrs(); if(*maxPCR > IMPLEMENTATION_PCR) - *maxPCR = IMPLEMENTATION_PCR; + *maxPCR = IMPLEMENTATION_PCR; // Compute required size for allocation *sizeNeeded = 0; for(i = 0; i < newAllocate.count; i++) - { - UINT32 digestSize = CryptHashGetDigestSize(newAllocate.pcrSelections[i].hash); + { + UINT32 digestSize = CryptHashGetDigestSize(newAllocate.pcrSelections[i].hash); #if defined(DRTM_PCR) - // Make sure that we end up with at least one DRTM PCR - pcrDrtm = pcrDrtm - || TestBit(DRTM_PCR, - newAllocate.pcrSelections[i].pcrSelect, - newAllocate.pcrSelections[i].sizeofSelect); + // Make sure that we end up with at least one DRTM PCR + pcrDrtm = pcrDrtm + || TestBit(DRTM_PCR, + newAllocate.pcrSelections[i].pcrSelect, + newAllocate.pcrSelections[i].sizeofSelect); #else // if DRTM PCR is not required, indicate that the allocation is OK - pcrDrtm = TRUE; + pcrDrtm = TRUE; #endif #if defined(HCRTM_PCR) - // and one HCRTM PCR (since this is usually PCR 0...) - pcrHcrtm = pcrHcrtm - || TestBit(HCRTM_PCR, - newAllocate.pcrSelections[i].pcrSelect, - newAllocate.pcrSelections[i].sizeofSelect); + // and one HCRTM PCR (since this is usually PCR 0...) + pcrHcrtm = pcrHcrtm + || TestBit(HCRTM_PCR, + newAllocate.pcrSelections[i].pcrSelect, + newAllocate.pcrSelections[i].sizeofSelect); #else - pcrHcrtm = TRUE; + pcrHcrtm = TRUE; #endif - for(j = 0; j < newAllocate.pcrSelections[i].sizeofSelect; j++) - { - BYTE mask = 1; - for(k = 0; k < 8; k++) - { - if((newAllocate.pcrSelections[i].pcrSelect[j] & mask) != 0) - *sizeNeeded += digestSize; - mask = mask << 1; - } - } - } + for(j = 0; j < newAllocate.pcrSelections[i].sizeofSelect; j++) + { + BYTE mask = 1; + for(k = 0; k < 8; k++) + { + if((newAllocate.pcrSelections[i].pcrSelect[j] & mask) != 0) + *sizeNeeded += digestSize; + mask = mask << 1; + } + } + } if(!pcrDrtm || !pcrHcrtm) - return TPM_RC_PCR; + return TPM_RC_PCR; // In this particular implementation, we always have enough space to // allocate PCR. Different implementation may return a sizeAvailable less @@ -1039,8 +1039,8 @@ PCRAllocate(TPML_PCR_SELECTION* allocate, // IN: required allocation // The initial value is signed and will be sign extended into the entire PCR. // void PCRSetValue(TPM_HANDLE handle, // IN: the handle of the PCR to set - INT8 initialValue // IN: the value to set - ) + INT8 initialValue // IN: the value to set +) { int i; UINT32 pcr = handle - PCR_FIRST; @@ -1050,31 +1050,31 @@ void PCRSetValue(TPM_HANDLE handle, // IN: the handle of the PCR to set // Iterate supported PCR bank algorithms to reset for(i = 0; i < HASH_COUNT; i++) - { - hash = CryptHashGetAlgByIndex(i); - // Prevent runaway - if(hash == TPM_ALG_NULL) - break; + { + hash = CryptHashGetAlgByIndex(i); + // Prevent runaway + if(hash == TPM_ALG_NULL) + break; - // Get a pointer to the data - pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); + // Get a pointer to the data + pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); - // If the PCR is allocated - if(pcrData != NULL) - { - // And the size of the digest - digestSize = CryptHashGetDigestSize(hash); + // If the PCR is allocated + if(pcrData != NULL) + { + // And the size of the digest + digestSize = CryptHashGetDigestSize(hash); - // Set the LSO to the input value - pcrData[digestSize - 1] = initialValue; + // Set the LSO to the input value + pcrData[digestSize - 1] = initialValue; - // Sign extend - if(initialValue >= 0) - MemorySet(pcrData, 0, digestSize - 1); - else - MemorySet(pcrData, -1, digestSize - 1); - } - } + // Sign extend + if(initialValue >= 0) + MemorySet(pcrData, 0, digestSize - 1); + else + MemorySet(pcrData, -1, digestSize - 1); + } + } } //*** PCRResetDynamics @@ -1086,29 +1086,29 @@ void PCRResetDynamics(void) // Initialize PCR values for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - // Iterate each hash algorithm bank - for(i = 0; i < gp.pcrAllocated.count; i++) - { - BYTE* pcrData; - UINT32 pcrSize; - PCR_Attributes currentPcrAttributes = - _platPcr__GetPcrInitializationAttributes(pcr); + { + // Iterate each hash algorithm bank + for(i = 0; i < gp.pcrAllocated.count; i++) + { + BYTE* pcrData; + UINT32 pcrSize; + PCR_Attributes currentPcrAttributes = + _platPcr__GetPcrInitializationAttributes(pcr); - pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); + pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); - if(pcrData != NULL) - { - pcrSize = - CryptHashGetDigestSize(gp.pcrAllocated.pcrSelections[i].hash); + if(pcrData != NULL) + { + pcrSize = + CryptHashGetDigestSize(gp.pcrAllocated.pcrSelections[i].hash); - // Reset PCR - // Any PCR can be reset by locality 4 should be reset to 0 - if((currentPcrAttributes.resetLocality & 0x10) != 0) - MemorySet(pcrData, 0, pcrSize); - } - } - } + // Reset PCR + // Any PCR can be reset by locality 4 should be reset to 0 + if((currentPcrAttributes.resetLocality & 0x10) != 0) + MemorySet(pcrData, 0, pcrSize); + } + } + } return; } @@ -1119,27 +1119,27 @@ void PCRResetDynamics(void) // NO if the return count is not 0 TPMI_YES_NO PCRCapGetAllocation(UINT32 count, // IN: count of return - TPML_PCR_SELECTION* pcrSelection // OUT: PCR allocation list - ) + TPML_PCR_SELECTION* pcrSelection // OUT: PCR allocation list +) { if(count == 0) - { - pcrSelection->count = 0; - return YES; - } + { + pcrSelection->count = 0; + return YES; + } else - { - *pcrSelection = gp.pcrAllocated; - RuntimeAlgorithmsFilterPCRSelection(pcrSelection); // libtpms added - return NO; - } + { + *pcrSelection = gp.pcrAllocated; + RuntimeAlgorithmsFilterPCRSelection(pcrSelection); // libtpms added + return NO; + } } //*** PCRSetSelectBit() // This function sets a bit in a bitmap array. static void PCRSetSelectBit(UINT32 pcr, // IN: PCR number - BYTE* bitmap // OUT: bit map to be set - ) + BYTE* bitmap // OUT: bit map to be set +) { bitmap[pcr / 8] |= (1 << (pcr % 8)); return; @@ -1164,86 +1164,86 @@ BOOL PCRGetProperty(TPM_PT_PCR property, TPMS_TAGGED_PCR_SELECT* select) // Collecting properties for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) - { - PCR_Attributes currentPcrAttributes = - _platPcr__GetPcrInitializationAttributes(pcr); + { + PCR_Attributes currentPcrAttributes = + _platPcr__GetPcrInitializationAttributes(pcr); - switch(property) - { - case TPM_PT_PCR_SAVE: - if(currentPcrAttributes.stateSave == SET) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L0: - if((currentPcrAttributes.extendLocality & 0x01) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L0: - if((currentPcrAttributes.resetLocality & 0x01) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L1: - if((currentPcrAttributes.extendLocality & 0x02) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L1: - if((currentPcrAttributes.resetLocality & 0x02) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L2: - if((currentPcrAttributes.extendLocality & 0x04) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L2: - if((currentPcrAttributes.resetLocality & 0x04) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L3: - if((currentPcrAttributes.extendLocality & 0x08) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L3: - if((currentPcrAttributes.resetLocality & 0x08) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_EXTEND_L4: - if((currentPcrAttributes.extendLocality & 0x10) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_RESET_L4: - if((currentPcrAttributes.resetLocality & 0x10) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; - case TPM_PT_PCR_DRTM_RESET: - // DRTM reset PCRs are the PCR reset by locality 4 - if((currentPcrAttributes.resetLocality & 0x10) != 0) - PCRSetSelectBit(pcr, select->pcrSelect); - break; + switch(property) + { + case TPM_PT_PCR_SAVE: + if(currentPcrAttributes.stateSave == SET) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_EXTEND_L0: + if((currentPcrAttributes.extendLocality & 0x01) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_RESET_L0: + if((currentPcrAttributes.resetLocality & 0x01) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_EXTEND_L1: + if((currentPcrAttributes.extendLocality & 0x02) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_RESET_L1: + if((currentPcrAttributes.resetLocality & 0x02) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_EXTEND_L2: + if((currentPcrAttributes.extendLocality & 0x04) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_RESET_L2: + if((currentPcrAttributes.resetLocality & 0x04) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_EXTEND_L3: + if((currentPcrAttributes.extendLocality & 0x08) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_RESET_L3: + if((currentPcrAttributes.resetLocality & 0x08) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_EXTEND_L4: + if((currentPcrAttributes.extendLocality & 0x10) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_RESET_L4: + if((currentPcrAttributes.resetLocality & 0x10) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; + case TPM_PT_PCR_DRTM_RESET: + // DRTM reset PCRs are the PCR reset by locality 4 + if((currentPcrAttributes.resetLocality & 0x10) != 0) + PCRSetSelectBit(pcr, select->pcrSelect); + break; #if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 - case TPM_PT_PCR_POLICY: - if(PCRBelongsPolicyGroup(pcr + PCR_FIRST, &groupIndex)) - PCRSetSelectBit(pcr, select->pcrSelect); - break; + case TPM_PT_PCR_POLICY: + if(PCRBelongsPolicyGroup(pcr + PCR_FIRST, &groupIndex)) + PCRSetSelectBit(pcr, select->pcrSelect); + break; #endif #if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 - case TPM_PT_PCR_AUTH: - if(PCRBelongsAuthGroup(pcr + PCR_FIRST, &groupIndex)) - PCRSetSelectBit(pcr, select->pcrSelect); - break; + case TPM_PT_PCR_AUTH: + if(PCRBelongsAuthGroup(pcr + PCR_FIRST, &groupIndex)) + PCRSetSelectBit(pcr, select->pcrSelect); + break; #endif #if ENABLE_PCR_NO_INCREMENT == YES - case TPM_PT_PCR_NO_INCREMENT: - if(PCRBelongsTCBGroup(pcr + PCR_FIRST)) - PCRSetSelectBit(pcr, select->pcrSelect); - break; + case TPM_PT_PCR_NO_INCREMENT: + if(PCRBelongsTCBGroup(pcr + PCR_FIRST)) + PCRSetSelectBit(pcr, select->pcrSelect); + break; #endif - default: - // If property is not supported, stop scanning PCR attributes - // and return. - return FALSE; - break; - } - } + default: + // If property is not supported, stop scanning PCR attributes + // and return. + return FALSE; + break; + } + } return TRUE; } @@ -1254,9 +1254,9 @@ BOOL PCRGetProperty(TPM_PT_PCR property, TPMS_TAGGED_PCR_SELECT* select) // NO if there are more properties not reported TPMI_YES_NO PCRCapGetProperties(TPM_PT_PCR property, // IN: the starting PCR property - UINT32 count, // IN: count of returned properties - TPML_TAGGED_PCR_PROPERTY* select // OUT: PCR select - ) + UINT32 count, // IN: count of returned properties + TPML_TAGGED_PCR_PROPERTY* select // OUT: PCR select +) { TPMI_YES_NO more = NO; UINT32 i; @@ -1266,7 +1266,7 @@ PCRCapGetProperties(TPM_PT_PCR property, // IN: the starting PCR property // The maximum count of properties we may return is MAX_PCR_PROPERTIES if(count > MAX_PCR_PROPERTIES) - count = MAX_PCR_PROPERTIES; + count = MAX_PCR_PROPERTIES; // TPM_PT_PCR_FIRST is defined as 0 in spec. It ensures that property // value would never be less than TPM_PT_PCR_FIRST @@ -1275,22 +1275,22 @@ PCRCapGetProperties(TPM_PT_PCR property, // IN: the starting PCR property // Iterate PCR properties. TPM_PT_PCR_LAST is the index of the last property // implemented on the TPM. for(i = property; i <= TPM_PT_PCR_LAST; i++) - { - if(select->count < count) - { - // If we have not filled up the return list, add more properties to it - if(PCRGetProperty(i, &select->pcrProperty[select->count])) - // only increment if the property is implemented - select->count++; - } - else - { - // If the return list is full but we still have properties - // available, report this and stop iterating. - more = YES; - break; - } - } + { + if(select->count < count) + { + // If we have not filled up the return list, add more properties to it + if(PCRGetProperty(i, &select->pcrProperty[select->count])) + // only increment if the property is implemented + select->count++; + } + else + { + // If the return list is full but we still have properties + // available, report this and stop iterating. + more = YES; + break; + } + } return more; } @@ -1303,9 +1303,9 @@ PCRCapGetProperties(TPM_PT_PCR property, // IN: the starting PCR property // NO all the available handles has been returned TPMI_YES_NO PCRCapGetHandles(TPMI_DH_PCR handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE* handleList // OUT: list of handle - ) + UINT32 count, // IN: count of returned handles + TPML_HANDLE* handleList // OUT: list of handle +) { TPMI_YES_NO more = NO; UINT32 i; @@ -1317,26 +1317,26 @@ PCRCapGetHandles(TPMI_DH_PCR handle, // IN: start handle // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) - count = MAX_CAP_HANDLES; + count = MAX_CAP_HANDLES; // Iterate PCR handle range for(i = handle & HR_HANDLE_MASK; i <= PCR_LAST; i++) - { - if(handleList->count < count) - { - // If we have not filled up the return list, add this PCR - // handle to it - handleList->handle[handleList->count] = i + PCR_FIRST; - handleList->count++; - } - else - { - // If the return list is full but we still have PCR handle - // available, report this and stop iterating - more = YES; - break; - } - } + { + if(handleList->count < count) + { + // If we have not filled up the return list, add this PCR + // handle to it + handleList->handle[handleList->count] = i + PCR_FIRST; + handleList->count++; + } + else + { + // If the return list is full but we still have PCR handle + // available, report this and stop iterating + more = YES; + break; + } + } return more; } @@ -1347,8 +1347,8 @@ BOOL PCRCapGetOneHandle(TPMI_DH_PCR handle) // IN: handle pAssert(HandleGetType(handle) == TPM_HT_PCR); if((handle & HR_HANDLE_MASK) <= PCR_LAST) - { - return TRUE; - } + { + return TRUE; + } return FALSE; } diff --git a/src/tpm2/PCR_Allocate_fp.h b/src/tpm2/PCR_Allocate_fp.h index 30f92998..dab75c6e 100644 --- a/src/tpm2/PCR_Allocate_fp.h +++ b/src/tpm2/PCR_Allocate_fp.h @@ -59,31 +59,37 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef PCR_ALLOCATE_FP_H -#define PCR_ALLOCATE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_PLATFORM authHandle; - TPML_PCR_SELECTION pcrAllocation; +#if CC_PCR_Allocate // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_ALLOCATE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_ALLOCATE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PLATFORM authHandle; + TPML_PCR_SELECTION pcrAllocation; } PCR_Allocate_In; -#define RC_PCR_Allocate_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_Allocate_pcrAllocation (TPM_RC_P + TPM_RC_1) - -typedef struct { - TPMI_YES_NO allocationSuccess; - UINT32 maxPCR; - UINT32 sizeNeeded; - UINT32 sizeAvailable; +// Output structure definition +typedef struct +{ + TPMI_YES_NO allocationSuccess; + UINT32 maxPCR; + UINT32 sizeNeeded; + UINT32 sizeAvailable; } PCR_Allocate_Out; +// Response code modifiers +# define RC_PCR_Allocate_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_PCR_Allocate_pcrAllocation (TPM_RC_P + TPM_RC_1) + +// Function prototype TPM_RC -TPM2_PCR_Allocate( - PCR_Allocate_In *in, // IN: input parameter list - PCR_Allocate_Out *out // OUT: output parameter list - ); +TPM2_PCR_Allocate(PCR_Allocate_In* in, PCR_Allocate_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_ALLOCATE_FP_H_ +#endif // CC_PCR_Allocate diff --git a/src/tpm2/PCR_Event_fp.h b/src/tpm2/PCR_Event_fp.h index 3c36851f..130fbb8c 100644 --- a/src/tpm2/PCR_Event_fp.h +++ b/src/tpm2/PCR_Event_fp.h @@ -59,27 +59,34 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef PCR_EVENT_FP_H -#define PCR_EVENT_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_PCR pcrHandle; - TPM2B_EVENT eventData; +#if CC_PCR_Event // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_EVENT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_EVENT_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_PCR pcrHandle; + TPM2B_EVENT eventData; } PCR_Event_In; -#define RC_PCR_Event_pcrHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_Event_eventData (TPM_RC_P + TPM_RC_1) - -typedef struct { - TPML_DIGEST_VALUES digests; +// Output structure definition +typedef struct +{ + TPML_DIGEST_VALUES digests; } PCR_Event_Out; -TPM_RC -TPM2_PCR_Event( - PCR_Event_In *in, // IN: input parameter list - PCR_Event_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_PCR_Event_pcrHandle (TPM_RC_H + TPM_RC_1) +# define RC_PCR_Event_eventData (TPM_RC_P + TPM_RC_1) -#endif +// Function prototype +TPM_RC +TPM2_PCR_Event(PCR_Event_In* in, PCR_Event_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_EVENT_FP_H_ +#endif // CC_PCR_Event diff --git a/src/tpm2/PCR_Extend_fp.h b/src/tpm2/PCR_Extend_fp.h index 37ca3f94..0b38058c 100644 --- a/src/tpm2/PCR_Extend_fp.h +++ b/src/tpm2/PCR_Extend_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef PCR_EXTEND_FP_H -#define PCR_EXTEND_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_PCR pcrHandle; - TPML_DIGEST_VALUES digests; +#if CC_PCR_Extend // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_EXTEND_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_EXTEND_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_PCR pcrHandle; + TPML_DIGEST_VALUES digests; } PCR_Extend_In; -#define RC_PCR_Extend_pcrHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_Extend_digests (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_PCR_Extend_pcrHandle (TPM_RC_H + TPM_RC_1) +# define RC_PCR_Extend_digests (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PCR_Extend( - PCR_Extend_In *in // IN: input parameter list - ); +TPM2_PCR_Extend(PCR_Extend_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_EXTEND_FP_H_ +#endif // CC_PCR_Extend diff --git a/src/tpm2/PCR_Read_fp.h b/src/tpm2/PCR_Read_fp.h index ec3ef404..ac94cc9f 100644 --- a/src/tpm2/PCR_Read_fp.h +++ b/src/tpm2/PCR_Read_fp.h @@ -59,27 +59,34 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef PCR_READ_FP_H -#define PCR_READ_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPML_PCR_SELECTION pcrSelectionIn; +#if CC_PCR_Read // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_READ_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_READ_FP_H_ + +// Input structure definition +typedef struct +{ + TPML_PCR_SELECTION pcrSelectionIn; } PCR_Read_In; -#define RC_PCR_Read_pcrSelectionIn (TPM_RC_P + TPM_RC_1) - -typedef struct { - UINT32 pcrUpdateCounter; - TPML_PCR_SELECTION pcrSelectionOut; - TPML_DIGEST pcrValues; +// Output structure definition +typedef struct +{ + UINT32 pcrUpdateCounter; + TPML_PCR_SELECTION pcrSelectionOut; + TPML_DIGEST pcrValues; } PCR_Read_Out; -TPM_RC -TPM2_PCR_Read( - PCR_Read_In *in, // IN: input parameter list - PCR_Read_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_PCR_Read_pcrSelectionIn (TPM_RC_P + TPM_RC_1) -#endif +// Function prototype +TPM_RC +TPM2_PCR_Read(PCR_Read_In* in, PCR_Read_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_READ_FP_H_ +#endif // CC_PCR_Read diff --git a/src/tpm2/PCR_Reset_fp.h b/src/tpm2/PCR_Reset_fp.h index 835d2a02..e7c581ea 100644 --- a/src/tpm2/PCR_Reset_fp.h +++ b/src/tpm2/PCR_Reset_fp.h @@ -59,20 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef PCR_RESET_FP_H -#define PCR_RESET_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_PCR pcrHandle; +#if CC_PCR_Reset // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_RESET_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_RESET_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_PCR pcrHandle; } PCR_Reset_In; -#define RC_PCR_Reset__pcrHandle (TPM_RC_H + TPM_RC_1) +// Response code modifiers +# define RC_PCR_Reset_pcrHandle (TPM_RC_H + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PCR_Reset( - PCR_Reset_In *in // IN: input parameter list - ); +TPM2_PCR_Reset(PCR_Reset_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_RESET_FP_H_ +#endif // CC_PCR_Reset diff --git a/src/tpm2/PCR_SetAuthPolicy_fp.h b/src/tpm2/PCR_SetAuthPolicy_fp.h index 3d8a02b3..8c1b43bb 100644 --- a/src/tpm2/PCR_SetAuthPolicy_fp.h +++ b/src/tpm2/PCR_SetAuthPolicy_fp.h @@ -59,27 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef PCR_SETAUTHPOLICY_FP_H -#define PCR_SETAUTHPOLICY_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_PLATFORM authHandle; - TPM2B_DIGEST authPolicy; - TPMI_ALG_HASH hashAlg; - TPMI_DH_PCR pcrNum; +#if CC_PCR_SetAuthPolicy // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_SETAUTHPOLICY_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_SETAUTHPOLICY_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PLATFORM authHandle; + TPM2B_DIGEST authPolicy; + TPMI_ALG_HASH hashAlg; + TPMI_DH_PCR pcrNum; } PCR_SetAuthPolicy_In; -#define RC_PCR_SetAuthPolicy_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_SetAuthPolicy_authPolicy (TPM_RC_P + TPM_RC_1) -#define RC_PCR_SetAuthPolicy_hashAlg (TPM_RC_P + TPM_RC_2) -#define RC_PCR_SetAuthPolicy_pcrNum (TPM_RC_P + TPM_RC_3) +// Response code modifiers +# define RC_PCR_SetAuthPolicy_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_PCR_SetAuthPolicy_authPolicy (TPM_RC_P + TPM_RC_1) +# define RC_PCR_SetAuthPolicy_hashAlg (TPM_RC_P + TPM_RC_2) +# define RC_PCR_SetAuthPolicy_pcrNum (TPM_RC_P + TPM_RC_3) +// Function prototype TPM_RC -TPM2_PCR_SetAuthPolicy( - PCR_SetAuthPolicy_In *in // IN: input parameter list - ); +TPM2_PCR_SetAuthPolicy(PCR_SetAuthPolicy_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_SETAUTHPOLICY_FP_H_ +#endif // CC_PCR_SetAuthPolicy diff --git a/src/tpm2/PCR_SetAuthValue_fp.h b/src/tpm2/PCR_SetAuthValue_fp.h index a06c3f6a..00073ad3 100644 --- a/src/tpm2/PCR_SetAuthValue_fp.h +++ b/src/tpm2/PCR_SetAuthValue_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef PCR_SETAUTHVALUE_FP_H -#define PCR_SETAUTHVALUE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_PCR pcrHandle; - TPM2B_DIGEST auth; +#if CC_PCR_SetAuthValue // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_SETAUTHVALUE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_SETAUTHVALUE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_PCR pcrHandle; + TPM2B_DIGEST auth; } PCR_SetAuthValue_In; -#define RC_PCR_SetAuthValue_pcrHandle (TPM_RC_H + TPM_RC_1) -#define RC_PCR_SetAuthValue_auth (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_PCR_SetAuthValue_pcrHandle (TPM_RC_H + TPM_RC_1) +# define RC_PCR_SetAuthValue_auth (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PCR_SetAuthValue( - PCR_SetAuthValue_In *in // IN: input parameter list - ); +TPM2_PCR_SetAuthValue(PCR_SetAuthValue_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_PCR_SETAUTHVALUE_FP_H_ +#endif // CC_PCR_SetAuthValue diff --git a/src/tpm2/PCR_fp.h b/src/tpm2/PCR_fp.h index 61ed6776..f1d853b2 100644 --- a/src/tpm2/PCR_fp.h +++ b/src/tpm2/PCR_fp.h @@ -75,12 +75,12 @@ // TRUE(1) PCR belongs an authorization group // FALSE(0) PCR does not belong an authorization group BOOL PCRBelongsAuthGroup(TPMI_DH_PCR handle, // IN: handle of PCR - UINT32* groupIndex // OUT: group index if PCR belongs a - // group that allows authValue. If PCR - // does not belong to an authorization - // group, the value in this parameter is - // invalid - ); + UINT32* groupIndex // OUT: group index if PCR belongs a + // group that allows authValue. If PCR + // does not belong to an authorization + // group, the value in this parameter is + // invalid +); //*** PCRBelongsPolicyGroup() // This function indicates if a PCR belongs to a group that requires a policy @@ -92,12 +92,12 @@ BOOL PCRBelongsAuthGroup(TPMI_DH_PCR handle, // IN: handle of PCR // TRUE(1) PCR belongs to a policy group // FALSE(0) PCR does not belong to a policy group BOOL PCRBelongsPolicyGroup( - TPMI_DH_PCR handle, // IN: handle of PCR - UINT32* groupIndex // OUT: group index if PCR belongs a group that - // allows policy. If PCR does not belong to - // a policy group, the value in this - // parameter is invalid - ); + TPMI_DH_PCR handle, // IN: handle of PCR + UINT32* groupIndex // OUT: group index if PCR belongs a group that + // allows policy. If PCR does not belong to + // a policy group, the value in this + // parameter is invalid +); //*** PCRPolicyIsAvailable() // This function indicates if a policy is available for a PCR. @@ -106,13 +106,13 @@ BOOL PCRBelongsPolicyGroup( // TRUE(1) the PCR may be authorized by policy // FALSE(0) the PCR does not allow policy BOOL PCRPolicyIsAvailable(TPMI_DH_PCR handle // IN: PCR handle - ); +); //*** PCRGetAuthValue() // This function is used to access the authValue of a PCR. If PCR does not // belong to an authValue group, an EmptyAuth will be returned. TPM2B_AUTH* PCRGetAuthValue(TPMI_DH_PCR handle // IN: PCR handle - ); +); //*** PCRGetAuthPolicy() // This function is used to access the authorization policy of a PCR. It sets @@ -120,8 +120,8 @@ TPM2B_AUTH* PCRGetAuthValue(TPMI_DH_PCR handle // IN: PCR handle // If the PCR does not allow a policy, TPM_ALG_NULL is returned. TPMI_ALG_HASH PCRGetAuthPolicy(TPMI_DH_PCR handle, // IN: PCR handle - TPM2B_DIGEST* policy // OUT: policy of PCR - ); + TPM2B_DIGEST* policy // OUT: policy of PCR +); //*** PCRManufacture() // This function is used to initialize the policies when a TPM is manufactured. @@ -136,17 +136,17 @@ void PCRManufacture(void); // TRUE(1) PCR is allocated // FALSE(0) PCR is not allocated BOOL PcrIsAllocated(UINT32 pcr, // IN: The number of the PCR - TPMI_ALG_HASH hashAlg // IN: The PCR algorithm - ); + TPMI_ALG_HASH hashAlg // IN: The PCR algorithm +); //*** PcrDrtm() // This function does the DRTM and H-CRTM processing it is called from // _TPM_Hash_End. void PcrDrtm(const TPMI_DH_PCR pcrHandle, // IN: the index of the PCR to be - // modified - const TPMI_ALG_HASH hash, // IN: the bank identifier - const TPM2B_DIGEST* digest // IN: the digest to modify the PCR - ); + // modified + const TPMI_ALG_HASH hash, // IN: the bank identifier + const TPM2B_DIGEST* digest // IN: the digest to modify the PCR +); //*** PCR_ClearAuth() // This function is used to reset the PCR authorization values. It is called @@ -156,13 +156,13 @@ void PCR_ClearAuth(void); //*** PCRStartup() // This function initializes the PCR subsystem at TPM2_Startup(). BOOL PCRStartup(STARTUP_TYPE type, // IN: startup type - BYTE locality // IN: startup locality - ); + BYTE locality // IN: startup locality +); //*** PCRStateSave() // This function is used to save the PCR values that will be restored on TPM Resume. void PCRStateSave(TPM_SU type // IN: startup type - ); +); //*** PCRIsStateSaved() // This function indicates if the selected PCR is a PCR that is state saved @@ -171,7 +171,7 @@ void PCRStateSave(TPM_SU type // IN: startup type // TRUE(1) PCR is state saved // FALSE(0) PCR is not state saved BOOL PCRIsStateSaved(TPMI_DH_PCR handle // IN: PCR handle to be extended - ); +); //*** PCRIsResetAllowed() // This function indicates if a PCR may be reset by the current command locality. @@ -180,7 +180,7 @@ BOOL PCRIsStateSaved(TPMI_DH_PCR handle // IN: PCR handle to be extended // TRUE(1) TPM2_PCR_Reset is allowed // FALSE(0) TPM2_PCR_Reset is not allowed BOOL PCRIsResetAllowed(TPMI_DH_PCR handle // IN: PCR handle to be extended - ); +); //*** PCRChanged() // This function checks a PCR handle to see if the attributes for the PCR are set @@ -189,7 +189,7 @@ BOOL PCRIsResetAllowed(TPMI_DH_PCR handle // IN: PCR handle to be extended // handle is zero which means that PCR 0 can not be in the TCB group. Bump on zero // is used by TPM2_Clear(). void PCRChanged(TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. - ); +); //*** PCRIsExtendAllowed() // This function indicates a PCR may be extended at the current command locality. @@ -198,15 +198,15 @@ void PCRChanged(TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. // TRUE(1) extend is allowed // FALSE(0) extend is not allowed BOOL PCRIsExtendAllowed(TPMI_DH_PCR handle // IN: PCR handle to be extended - ); +); //*** PCRExtend() // This function is used to extend a PCR in a specific bank. void PCRExtend(TPMI_DH_PCR handle, // IN: PCR handle to be extended - TPMI_ALG_HASH hash, // IN: hash algorithm of PCR - UINT32 size, // IN: size of data to be extended - BYTE* data // IN: data to be extended - ); + TPMI_ALG_HASH hash, // IN: hash algorithm of PCR + UINT32 size, // IN: size of data to be extended + BYTE* data // IN: data to be extended +); //*** PCRComputeCurrentDigest() // This function computes the digest of the selected PCR. @@ -214,22 +214,22 @@ void PCRExtend(TPMI_DH_PCR handle, // IN: PCR handle to be extended // As a side-effect, 'selection' is modified so that only the implemented PCR // will have their bits still set. void PCRComputeCurrentDigest( - TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest - TPML_PCR_SELECTION* selection, // IN/OUT: PCR selection (filtered on - // output) - TPM2B_DIGEST* digest // OUT: digest - ); + TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest + TPML_PCR_SELECTION* selection, // IN/OUT: PCR selection (filtered on + // output) + TPM2B_DIGEST* digest // OUT: digest +); //*** PCRRead() // This function is used to read a list of selected PCR. If the requested PCR // number exceeds the maximum number that can be output, the 'selection' is // adjusted to reflect the actual output PCR. void PCRRead(TPML_PCR_SELECTION* selection, // IN/OUT: PCR selection (filtered on - // output) - TPML_DIGEST* digest, // OUT: digest - UINT32* pcrCounter // OUT: the current value of PCR generation - // number - ); + // output) + TPML_DIGEST* digest, // OUT: digest + UINT32* pcrCounter // OUT: the current value of PCR generation + // number +); //*** PCRAllocate() // This function is used to change the PCR allocation. @@ -238,18 +238,18 @@ void PCRRead(TPML_PCR_SELECTION* selection, // IN/OUT: PCR selection (filtered // TPM_RC_PCR improper allocation TPM_RC PCRAllocate(TPML_PCR_SELECTION* allocate, // IN: required allocation - UINT32* maxPCR, // OUT: Maximum number of PCR - UINT32* sizeNeeded, // OUT: required space - UINT32* sizeAvailable // OUT: available space - ); + UINT32* maxPCR, // OUT: Maximum number of PCR + UINT32* sizeNeeded, // OUT: required space + UINT32* sizeAvailable // OUT: available space +); //*** PCRSetValue() // This function is used to set the designated PCR in all banks to an initial value. // The initial value is signed and will be sign extended into the entire PCR. // void PCRSetValue(TPM_HANDLE handle, // IN: the handle of the PCR to set - INT8 initialValue // IN: the value to set - ); + INT8 initialValue // IN: the value to set +); //*** PCRResetDynamics // This function is used to reset a dynamic PCR to 0. This function is used in @@ -263,8 +263,8 @@ void PCRResetDynamics(void); // NO if the return count is not 0 TPMI_YES_NO PCRCapGetAllocation(UINT32 count, // IN: count of return - TPML_PCR_SELECTION* pcrSelection // OUT: PCR allocation list - ); + TPML_PCR_SELECTION* pcrSelection // OUT: PCR allocation list +); //*** PCRCapGetProperties() // This function returns a list of PCR properties starting at 'property'. @@ -273,9 +273,9 @@ PCRCapGetAllocation(UINT32 count, // IN: count of return // NO if there are more properties not reported TPMI_YES_NO PCRCapGetProperties(TPM_PT_PCR property, // IN: the starting PCR property - UINT32 count, // IN: count of returned properties - TPML_TAGGED_PCR_PROPERTY* select // OUT: PCR select - ); + UINT32 count, // IN: count of returned properties + TPML_TAGGED_PCR_PROPERTY* select // OUT: PCR select +); //*** PCRGetProperty() // This function returns the selected PCR property. @@ -293,13 +293,13 @@ BOOL PCRGetProperty(TPM_PT_PCR property, TPMS_TAGGED_PCR_SELECT* select); // NO all the available handles has been returned TPMI_YES_NO PCRCapGetHandles(TPMI_DH_PCR handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE* handleList // OUT: list of handle - ); + UINT32 count, // IN: count of returned handles + TPML_HANDLE* handleList // OUT: list of handle +); //*** PCRCapGetOneHandle() // This function is used to check whether a PCR handle exists. BOOL PCRCapGetOneHandle(TPMI_DH_PCR handle // IN: handle - ); +); #endif // _PCR_FP_H_ diff --git a/src/tpm2/PP.c b/src/tpm2/PP.c index 5c6e65a7..facdcfbb 100644 --- a/src/tpm2/PP.c +++ b/src/tpm2/PP.c @@ -58,125 +58,140 @@ /* */ /********************************************************************************/ -/* 8.8 PP.c */ -/* 8.8.1 Introduction */ -/* This file contains the functions that support the physical presence operations of the TPM. */ -/* 8.8.2 Includes */ +//** Introduction +// This file contains the functions that support the physical presence operations +// of the TPM. + +//** Includes + #include "Tpm.h" -/* 8.8.3 Functions */ -/* 8.8.3.1 PhysicalPresencePreInstall_Init() */ -/* This function is used to initialize the array of commands that always require confirmation with - physical presence. The array is an array of bits that has a correspondence with the command - code. */ -/* This command should only ever be executable in a manufacturing setting or in a simulation. */ -/* When set, these cannot be cleared. */ -void -PhysicalPresencePreInstall_Init( - void - ) + +//** Functions + +//*** PhysicalPresencePreInstall_Init() +// This function is used to initialize the array of commands that always require +// confirmation with physical presence. The array is an array of bits that +// has a correspondence with the command code. +// +// This command should only ever be executable in a manufacturing setting or in +// a simulation. +// +// When set, these cannot be cleared. +// +void PhysicalPresencePreInstall_Init(void) { - COMMAND_INDEX commandIndex; + COMMAND_INDEX commandIndex; // Clear all the PP commands MemorySet(&gp.ppList, 0, sizeof(gp.ppList)); + // Any command that is PP_REQUIRED should be SET for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++) - { - if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED - && s_commandAttributes[commandIndex] & PP_REQUIRED) - SET_BIT(commandIndex, gp.ppList); - } + { + if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED + && s_commandAttributes[commandIndex] & PP_REQUIRED) + SET_BIT(commandIndex, gp.ppList); + } // Write PP list to NV NV_SYNC_PERSISTENT(ppList); return; } -/* 8.8.3.2 PhysicalPresenceCommandSet() */ -/* This function is used to set the indicator that a command requires PP confirmation. */ -void -PhysicalPresenceCommandSet( - TPM_CC commandCode // IN: command code - ) + +//*** PhysicalPresenceCommandSet() +// This function is used to set the indicator that a command requires +// PP confirmation. +void PhysicalPresenceCommandSet(TPM_CC commandCode // IN: command code +) { - COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); + COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); + // if the command isn't implemented, the do nothing if(commandIndex == UNIMPLEMENTED_COMMAND_INDEX) - return; + return; + // only set the bit if this is a command for which PP is allowed if(s_commandAttributes[commandIndex] & PP_COMMAND) - SET_BIT(commandIndex, gp.ppList); + SET_BIT(commandIndex, gp.ppList); return; } -/* 8.8.3.3 PhysicalPresenceCommandClear() */ -/* This function is used to clear the indicator that a command requires PP confirmation. */ -void -PhysicalPresenceCommandClear( - TPM_CC commandCode // IN: command code - ) + +//*** PhysicalPresenceCommandClear() +// This function is used to clear the indicator that a command requires PP +// confirmation. +void PhysicalPresenceCommandClear(TPM_CC commandCode // IN: command code +) { - COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); + COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); + // If the command isn't implemented, then don't do anything if(commandIndex == UNIMPLEMENTED_COMMAND_INDEX) - return; + return; + // Only clear the bit if the command does not require PP if((s_commandAttributes[commandIndex] & PP_REQUIRED) == 0) - CLEAR_BIT(commandIndex, gp.ppList); + CLEAR_BIT(commandIndex, gp.ppList); + return; } -/* 8.8.3.4 PhysicalPresenceIsRequired() */ -/* This function indicates if PP confirmation is required for a command. */ -/* Return Values Meaning */ -/* TRUE if physical presence is required */ -/* FALSE if physical presence is not required */ -BOOL -PhysicalPresenceIsRequired( - COMMAND_INDEX commandIndex // IN: command index - ) + +//*** PhysicalPresenceIsRequired() +// This function indicates if PP confirmation is required for a command. +// Return Type: BOOL +// TRUE(1) physical presence is required +// FALSE(0) physical presence is not required +BOOL PhysicalPresenceIsRequired(COMMAND_INDEX commandIndex // IN: command index +) { // Check the bit map. If the bit is SET, PP authorization is required return (TEST_BIT(commandIndex, gp.ppList)); } -/* 8.8.3.5 PhysicalPresenceCapGetCCList() */ -/* This function returns a list of commands that require PP confirmation. The list starts from the - first implemented command that has a command code that the same or greater than commandCode. */ -/* Return Values Meaning */ -/* YES if there are more command codes available */ -/* NO all the available command codes have been returned */ + +//*** PhysicalPresenceCapGetCCList() +// This function returns a list of commands that require PP confirmation. The +// list starts from the first implemented command that has a command code that +// the same or greater than 'commandCode'. +// Return Type: TPMI_YES_NO +// YES if there are more command codes available +// NO all the available command codes have been returned TPMI_YES_NO -PhysicalPresenceCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: count of returned TPM_CC - TPML_CC *commandList // OUT: list of TPM_CC - ) +PhysicalPresenceCapGetCCList(TPM_CC commandCode, // IN: start command code + UINT32 count, // IN: count of returned TPM_CC + TPML_CC* commandList // OUT: list of TPM_CC +) { - TPMI_YES_NO more = NO; - COMMAND_INDEX commandIndex; + TPMI_YES_NO more = NO; + COMMAND_INDEX commandIndex; + // Initialize output handle list commandList->count = 0; + // The maximum count of command we may return is MAX_CAP_CC - if(count > MAX_CAP_CC) count = MAX_CAP_CC; + if(count > MAX_CAP_CC) + count = MAX_CAP_CC; + // Collect PP commands for(commandIndex = GetClosestCommandIndex(commandCode); - commandIndex != UNIMPLEMENTED_COMMAND_INDEX; - commandIndex = GetNextCommandIndex(commandIndex)) - { - if(PhysicalPresenceIsRequired(commandIndex)) - { - if(commandList->count < count) - { - // If we have not filled up the return list, add this command - // code to it - commandList->commandCodes[commandList->count] - = GetCommandCode(commandIndex); - commandList->count++; - } - else - { - // If the return list is full but we still have PP command - // available, report this and stop iterating - more = YES; - break; - } - } - } + commandIndex != UNIMPLEMENTED_COMMAND_INDEX; + commandIndex = GetNextCommandIndex(commandIndex)) + { + if(PhysicalPresenceIsRequired(commandIndex)) + { + if(commandList->count < count) + { + // If we have not filled up the return list, add this command + // code to it + commandList->commandCodes[commandList->count] = + GetCommandCode(commandIndex); + commandList->count++; + } + else + { + // If the return list is full but we still have PP command + // available, report this and stop iterating + more = YES; + break; + } + } + } return more; } @@ -186,8 +201,8 @@ BOOL PhysicalPresenceCapGetOneCC(TPM_CC commandCode) // IN: command code { COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) - { - return PhysicalPresenceIsRequired(commandIndex); - } + { + return PhysicalPresenceIsRequired(commandIndex); + } return FALSE; } diff --git a/src/tpm2/PPPlat.c b/src/tpm2/PPPlat.c index edb00077..3354cbfd 100644 --- a/src/tpm2/PPPlat.c +++ b/src/tpm2/PPPlat.c @@ -59,22 +59,22 @@ /* */ /********************************************************************************/ -/* C.10 PPPlat.c */ -/* C.10.1. Description */ -/* This module simulates the physical presence interface pins on the TPM. */ -/* C.10.2. Includes */ +//** Description + +// This module simulates the physical presence interface pins on the TPM. + +//** Includes #include "Platform.h" #include "LibtpmsCallbacks.h" /* libtpms added */ -/* C.10.3. Functions */ -/* C.10.3.1. _plat__PhysicalPresenceAsserted() */ -/* Check if physical presence is signaled */ -/* Return Values Meaning */ -/* TRUE(1) if physical presence is signaled */ -/* FALSE(0) if physical presence is not signaled */ -LIB_EXPORT int -_plat__PhysicalPresenceAsserted( - void - ) + +//** Functions + +//***_plat__PhysicalPresenceAsserted() +// Check if physical presence is signaled +// Return Type: int +// TRUE(1) if physical presence is signaled +// FALSE(0) if physical presence is not signaled +LIB_EXPORT int _plat__PhysicalPresenceAsserted(void) { #ifdef TPM_LIBTPMS_CALLBACKS BOOL pp; @@ -83,28 +83,23 @@ _plat__PhysicalPresenceAsserted( if (ret != LIBTPMS_CALLBACK_FALLTHROUGH) return pp; #endif /* TPM_LIBTPMS_CALLBACKS */ - // Do not know how to check physical presence without real hardware. // so always return TRUE; return s_physicalPresence; } + #if 0 /* libtpms added */ -/* C.10.3.2. _plat__Signal_PhysicalPresenceOn() */ -/* Signal physical presence on */ -LIB_EXPORT void -_plat__Signal_PhysicalPresenceOn( - void - ) +//***_plat__Signal_PhysicalPresenceOn() +// Signal physical presence on +LIB_EXPORT void _plat__Signal_PhysicalPresenceOn(void) { s_physicalPresence = TRUE; return; } -/* C.10.3.3. _plat__Signal_PhysicalPresenceOff() */ -/* Signal physical presence off */ -LIB_EXPORT void -_plat__Signal_PhysicalPresenceOff( - void - ) + +//***_plat__Signal_PhysicalPresenceOff() +// Signal physical presence off +LIB_EXPORT void _plat__Signal_PhysicalPresenceOff(void) { s_physicalPresence = FALSE; return; diff --git a/src/tpm2/PP_Commands_fp.h b/src/tpm2/PP_Commands_fp.h index 7f858c62..1af15abc 100644 --- a/src/tpm2/PP_Commands_fp.h +++ b/src/tpm2/PP_Commands_fp.h @@ -59,22 +59,30 @@ /* */ /********************************************************************************/ -#ifndef PP_COMMANDS_FP_H -#define PP_COMMANDS_FP_H -typedef struct { - TPMI_RH_PLATFORM auth; - TPML_CC setList; - TPML_CC clearList; +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT + +#if CC_PP_Commands // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_PP_COMMANDS_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_PP_COMMANDS_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PLATFORM auth; + TPML_CC setList; + TPML_CC clearList; } PP_Commands_In; -#define RC_PP_Commands_auth (TPM_RC_H + TPM_RC_1) -#define RC_PP_Commands_setList (TPM_RC_P + TPM_RC_1) -#define RC_PP_Commands_clearList (TPM_RC_P + TPM_RC_2) +// Response code modifiers +# define RC_PP_Commands_auth (TPM_RC_H + TPM_RC_1) +# define RC_PP_Commands_setList (TPM_RC_P + TPM_RC_1) +# define RC_PP_Commands_clearList (TPM_RC_P + TPM_RC_2) +// Function prototype TPM_RC -TPM2_PP_Commands( - PP_Commands_In *in // IN: input parameter list - ); +TPM2_PP_Commands(PP_Commands_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_PP_COMMANDS_FP_H_ +#endif // CC_PP_Commands diff --git a/src/tpm2/PP_fp.h b/src/tpm2/PP_fp.h index ba46ad96..df7daf54 100644 --- a/src/tpm2/PP_fp.h +++ b/src/tpm2/PP_fp.h @@ -58,33 +58,62 @@ /* */ /********************************************************************************/ -#ifndef PP_FP_H -#define PP_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ -void -PhysicalPresencePreInstall_Init( - void - ); -void -PhysicalPresenceCommandSet( - TPM_CC commandCode // IN: command code - ); -void -PhysicalPresenceCommandClear( - TPM_CC commandCode // IN: command code - ); -BOOL -PhysicalPresenceIsRequired( - COMMAND_INDEX commandIndex // IN: command index - ); +#ifndef _PP_FP_H_ +#define _PP_FP_H_ + +//*** PhysicalPresencePreInstall_Init() +// This function is used to initialize the array of commands that always require +// confirmation with physical presence. The array is an array of bits that +// has a correspondence with the command code. +// +// This command should only ever be executable in a manufacturing setting or in +// a simulation. +// +// When set, these cannot be cleared. +// +void PhysicalPresencePreInstall_Init(void); + +//*** PhysicalPresenceCommandSet() +// This function is used to set the indicator that a command requires +// PP confirmation. +void PhysicalPresenceCommandSet(TPM_CC commandCode // IN: command code +); + +//*** PhysicalPresenceCommandClear() +// This function is used to clear the indicator that a command requires PP +// confirmation. +void PhysicalPresenceCommandClear(TPM_CC commandCode // IN: command code +); + +//*** PhysicalPresenceIsRequired() +// This function indicates if PP confirmation is required for a command. +// Return Type: BOOL +// TRUE(1) physical presence is required +// FALSE(0) physical presence is not required +BOOL PhysicalPresenceIsRequired(COMMAND_INDEX commandIndex // IN: command index +); + +//*** PhysicalPresenceCapGetCCList() +// This function returns a list of commands that require PP confirmation. The +// list starts from the first implemented command that has a command code that +// the same or greater than 'commandCode'. +// Return Type: TPMI_YES_NO +// YES if there are more command codes available +// NO all the available command codes have been returned TPMI_YES_NO -PhysicalPresenceCapGetCCList( - TPM_CC commandCode, // IN: start command code - UINT32 count, // IN: count of returned TPM_CC - TPML_CC *commandList // OUT: list of TPM_CC - ); +PhysicalPresenceCapGetCCList(TPM_CC commandCode, // IN: start command code + UINT32 count, // IN: count of returned TPM_CC + TPML_CC* commandList // OUT: list of TPM_CC +); + +//*** PhysicalPresenceCapGetOneCC() +// This function returns true if the command requires Physical Presence. BOOL PhysicalPresenceCapGetOneCC(TPM_CC commandCode // IN: command code - ); +); - -#endif +#endif // _PP_FP_H_ diff --git a/src/tpm2/PRNG_TestVectors.h b/src/tpm2/PRNG_TestVectors.h index eca09b1b..72e3bc78 100644 --- a/src/tpm2/PRNG_TestVectors.h +++ b/src/tpm2/PRNG_TestVectors.h @@ -59,52 +59,100 @@ /* */ /********************************************************************************/ -/* 10.1.17 PRNG_TestVectors.h */ +#ifndef _MSBN_DRBG_TEST_VECTORS_H +#define _MSBN_DRBG_TEST_VECTORS_H -#ifndef _MSBN_DRBG_TEST_VECTORS_H -#define _MSBN_DRBG_TEST_VECTORS_H //#if DRBG_ALGORITHM == TPM_ALG_AES && DRBG_KEY_BITS == 256 #if DRBG_KEY_SIZE_BITS == 256 -/* Entropy is the size of the state. The state is the size of the key plus the IV. The IV is a - block. If Key = 256 and Block = 128 then State = 384 */ +/*(NIST test vector) +[AES-256 no df] +[PredictionResistance = False] +[EntropyInputLen = 384] +[NonceLen = 128] +[PersonalizationStringLen = 0] +[AdditionalInputLen = 0] -#define DRBG_TEST_INITIATE_ENTROPY \ - 0x0d, 0x15, 0xaa, 0x80, 0xb1, 0x6c, 0x3a, 0x10, \ - 0x90, 0x6c, 0xfe, 0xdb, 0x79, 0x5d, 0xae, 0x0b, \ - 0x5b, 0x81, 0x04, 0x1c, 0x5c, 0x5b, 0xfa, 0xcb, \ - 0x37, 0x3d, 0x44, 0x40, 0xd9, 0x12, 0x0f, 0x7e, \ - 0x3d, 0x6c, 0xf9, 0x09, 0x86, 0xcf, 0x52, 0xd8, \ - 0x5d, 0x3e, 0x94, 0x7d, 0x8c, 0x06, 0x1f, 0x91 -#define DRBG_TEST_RESEED_ENTROPY \ - 0x6e, 0xe7, 0x93, 0xa3, 0x39, 0x55, 0xd7, 0x2a, \ - 0xd1, 0x2f, 0xd8, 0x0a, 0x8a, 0x3f, 0xcf, 0x95, \ - 0xed, 0x3b, 0x4d, 0xac, 0x57, 0x95, 0xfe, 0x25, \ - 0xcf, 0x86, 0x9f, 0x7c, 0x27, 0x57, 0x3b, 0xbc, \ - 0x56, 0xf1, 0xac, 0xae, 0x13, 0xa6, 0x50, 0x42, \ - 0xb3, 0x40, 0x09, 0x3c, 0x46, 0x4a, 0x7a, 0x22 -#define DRBG_TEST_GENERATED_INTERM \ - 0x28, 0xe0, 0xeb, 0xb8, 0x21, 0x01, 0x66, 0x50, \ - 0x8c, 0x8f, 0x65, 0xf2, 0x20, 0x7b, 0xd0, 0xa3 -#define DRBG_TEST_GENERATED \ - 0x94, 0x6f, 0x51, 0x82, 0xd5, 0x45, 0x10, 0xb9, \ - 0x46, 0x12, 0x48, 0xf5, 0x71, 0xca, 0x06, 0xc9 +COUNT = 0 +EntropyInput = 0d15aa80 b16c3a10 906cfedb 795dae0b 5b81041c 5c5bfacb + 373d4440 d9120f7e 3d6cf909 86cf52d8 5d3e947d 8c061f91 +Nonce = 06caef5f b538e08e 1f3b0452 03f8f4b2 +PersonalizationString = +AdditionalInput = + INTERMEDIATE Key = be5df629 34cc1230 166a6773 345bbd6b + 4c8869cf 8aec1c3b 1aa98bca 37cacf61 + INTERMEDIATE V = 3182dd1e 7638ec70 014e93bd 813e524c + INTERMEDIATE ReturnedBits = 28e0ebb8 21016650 8c8f65f2 207bd0a3 +EntropyInputReseed = 6ee793a3 3955d72a d12fd80a 8a3fcf95 ed3b4dac 5795fe25 + cf869f7c 27573bbc 56f1acae 13a65042 b340093c 464a7a22 +AdditionalInputReseed = +AdditionalInput = +ReturnedBits = 946f5182 d54510b9 461248f5 71ca06c9 +*/ + +// Entropy is the size of the state. The state is the size of the key +// plus the IV. The IV is a block. If Key = 256 and Block = 128 then State = 384 +# define DRBG_TEST_INITIATE_ENTROPY \ + 0x0d, 0x15, 0xaa, 0x80, 0xb1, 0x6c, 0x3a, 0x10, 0x90, 0x6c, 0xfe, 0xdb, 0x79, \ + 0x5d, 0xae, 0x0b, 0x5b, 0x81, 0x04, 0x1c, 0x5c, 0x5b, 0xfa, 0xcb, 0x37, \ + 0x3d, 0x44, 0x40, 0xd9, 0x12, 0x0f, 0x7e, 0x3d, 0x6c, 0xf9, 0x09, 0x86, \ + 0xcf, 0x52, 0xd8, 0x5d, 0x3e, 0x94, 0x7d, 0x8c, 0x06, 0x1f, 0x91 + +# define DRBG_TEST_RESEED_ENTROPY \ + 0x6e, 0xe7, 0x93, 0xa3, 0x39, 0x55, 0xd7, 0x2a, 0xd1, 0x2f, 0xd8, 0x0a, 0x8a, \ + 0x3f, 0xcf, 0x95, 0xed, 0x3b, 0x4d, 0xac, 0x57, 0x95, 0xfe, 0x25, 0xcf, \ + 0x86, 0x9f, 0x7c, 0x27, 0x57, 0x3b, 0xbc, 0x56, 0xf1, 0xac, 0xae, 0x13, \ + 0xa6, 0x50, 0x42, 0xb3, 0x40, 0x09, 0x3c, 0x46, 0x4a, 0x7a, 0x22 + +# define DRBG_TEST_GENERATED_INTERM \ + 0x28, 0xe0, 0xeb, 0xb8, 0x21, 0x01, 0x66, 0x50, 0x8c, 0x8f, 0x65, 0xf2, 0x20, \ + 0x7b, 0xd0, 0xa3 + +# define DRBG_TEST_GENERATED \ + 0x94, 0x6f, 0x51, 0x82, 0xd5, 0x45, 0x10, 0xb9, 0x46, 0x12, 0x48, 0xf5, 0x71, \ + 0xca, 0x06, 0xc9 #elif DRBG_KEY_SIZE_BITS == 128 -#define DRBG_TEST_INITIATE_ENTROPY \ - 0x8f, 0xc1, 0x1b, 0xdb, 0x5a, 0xab, 0xb7, 0xe0, \ - 0x93, 0xb6, 0x14, 0x28, 0xe0, 0x90, 0x73, 0x03, \ - 0xcb, 0x45, 0x9f, 0x3b, 0x60, 0x0d, 0xad, 0x87, \ - 0x09, 0x55, 0xf2, 0x2d, 0xa8, 0x0a, 0x44, 0xf8 -#define DRBG_TEST_RESEED_ENTROPY \ - 0x0c, 0xd5, 0x3c, 0xd5, 0xec, 0xcd, 0x5a, 0x10, \ - 0xd7, 0xea, 0x26, 0x61, 0x11, 0x25, 0x9b, 0x05, \ - 0x57, 0x4f, 0xc6, 0xdd, 0xd8, 0xbe, 0xd8, 0xbd, \ - 0x72, 0x37, 0x8c, 0xf8, 0x2f, 0x1d, 0xba, 0x2a -#define DRBG_TEST_GENERATED_INTERM \ - 0xdc, 0x3c, 0xf6, 0xbf, 0x5b, 0xd3, 0x41, 0x13, \ - 0x5f, 0x2c, 0x68, 0x11, 0xa1, 0x07, 0x1c, 0x87 -#define DRBG_TEST_GENERATED \ - 0xb6, 0x18, 0x50, 0xde, 0xcf, 0xd7, 0x10, 0x6d, \ - 0x44, 0x76, 0x9a, 0x8e, 0x6e, 0x8c, 0x1a, 0xd4 +/*(NIST test vector) +[AES-128 no df] +[PredictionResistance = False] +[EntropyInputLen = 256] +[NonceLen = 64] +[PersonalizationStringLen = 0] +[AdditionalInputLen = 0] + +COUNT = 0 +EntropyInput = 8fc11bdb5aabb7e093b61428e0907303cb459f3b600dad870955f22da80a44f8 +Nonce = be1f73885ddd15aa +PersonalizationString = +AdditionalInput = + INTERMEDIATE Key = b134ecc836df6dbd624900af118dd7e6 + INTERMEDIATE V = 01bb09e86dabd75c9f26dbf6f9531368 + INTERMEDIATE ReturnedBits = dc3cf6bf5bd341135f2c6811a1071c87 +EntropyInputReseed = + 0cd53cd5eccd5a10d7ea266111259b05574fc6ddd8bed8bd72378cf82f1dba2a +AdditionalInputReseed = +AdditionalInput = +ReturnedBits = b61850decfd7106d44769a8e6e8c1ad4 +*/ + +# define DRBG_TEST_INITIATE_ENTROPY \ + 0x8f, 0xc1, 0x1b, 0xdb, 0x5a, 0xab, 0xb7, 0xe0, 0x93, 0xb6, 0x14, 0x28, 0xe0, \ + 0x90, 0x73, 0x03, 0xcb, 0x45, 0x9f, 0x3b, 0x60, 0x0d, 0xad, 0x87, 0x09, \ + 0x55, 0xf2, 0x2d, 0xa8, 0x0a, 0x44, 0xf8 + +# define DRBG_TEST_RESEED_ENTROPY \ + 0x0c, 0xd5, 0x3c, 0xd5, 0xec, 0xcd, 0x5a, 0x10, 0xd7, 0xea, 0x26, 0x61, 0x11, \ + 0x25, 0x9b, 0x05, 0x57, 0x4f, 0xc6, 0xdd, 0xd8, 0xbe, 0xd8, 0xbd, 0x72, \ + 0x37, 0x8c, 0xf8, 0x2f, 0x1d, 0xba, 0x2a + +# define DRBG_TEST_GENERATED_INTERM \ + 0xdc, 0x3c, 0xf6, 0xbf, 0x5b, 0xd3, 0x41, 0x13, 0x5f, 0x2c, 0x68, 0x11, 0xa1, \ + 0x07, 0x1c, 0x87 + +# define DRBG_TEST_GENERATED \ + 0xb6, 0x18, 0x50, 0xde, 0xcf, 0xd7, 0x10, 0x6d, 0x44, 0x76, 0x9a, 0x8e, 0x6e, \ + 0x8c, 0x1a, 0xd4 + #endif -#endif // _MSBN_DRBG_TEST_VECTORS_H + +#endif // _MSBN_DRBG_TEST_VECTORS_H diff --git a/src/tpm2/Platform.h b/src/tpm2/Platform.h index 684e08d7..cffc4ff2 100644 --- a/src/tpm2/Platform.h +++ b/src/tpm2/Platform.h @@ -58,10 +58,10 @@ /* */ /********************************************************************************/ -/* C.14 Platform.h */ -#ifndef _PLATFORM_H_ -#define _PLATFORM_H_ +#ifndef _PLATFORM_H_ +#define _PLATFORM_H_ + #include "TpmBuildSwitches.h" #include "TpmProfile.h" #include "BaseTypes.h" diff --git a/src/tpm2/PlatformACT.c b/src/tpm2/PlatformACT.c index 8b6d7804..dde2026f 100644 --- a/src/tpm2/PlatformACT.c +++ b/src/tpm2/PlatformACT.c @@ -58,296 +58,282 @@ /* (c) Copyright IBM Corp. and others, 2019 - 2020 */ /* */ /********************************************************************************/ -/* C.16 PlatformACT.c */ -/* C.16.1. Includes */ + +//** Includes #include "Platform.h" -#include "PlatformACT_fp.h" -/* C.16.2. Functions */ -/* C.16.2.1. ActSignal() */ -/* Function called when there is an ACT event to signal or unsignal */ + +//** Functions + +#if ACT_SUPPORT + +//*** ActSignal() +// Function called when there is an ACT event to signal or unsignal #ifndef __ACT_DISABLED // libtpms added -static void -ActSignal( - P_ACT_DATA actData, - int on - ) +static void ActSignal(P_ACT_DATA actData, int on) { if(actData == NULL) - return; + return; // If this is to turn a signal on, don't do anything if it is already on. If this // is to turn the signal off, do it anyway because this might be for // initialization. if(on && (actData->signaled == TRUE)) - return; + return; actData->signaled = (uint8_t)on; - + // If there is an action, then replace the "Do something" with the correct action. // It should test 'on' to see if it is turning the signal on or off. switch(actData->number) - { -#if RH_ACT_0 - case 0: // Do something - return; -#endif -#if RH_ACT_1 - case 1: // Do something - return; -#endif -#if RH_ACT_2 - case 2: // Do something - return; -#endif -#if RH_ACT_3 - case 3: // Do something - return; -#endif -#if RH_ACT_4 - case 4: // Do something - return; -#endif -#if RH_ACT_5 - case 5: // Do something - return; -#endif -#if RH_ACT_6 - case 6: // Do something - return; -#endif -#if RH_ACT_7 - case 7: // Do something - return; -#endif -#if RH_ACT_8 - case 8: // Do something - return; -#endif -#if RH_ACT_9 - case 9: // Do something - return; -#endif -#if RH_ACT_A - case 0xA: // Do something - return; -#endif -#if RH_ACT_B - case 0xB: - // Do something - return; -#endif -#if RH_ACT_C - case 0xC: // Do something - return; -#endif -#if RH_ACT_D - case 0xD: // Do something - return; -#endif -#if RH_ACT_E - case 0xE: // Do something - return; -#endif -#if RH_ACT_F - case 0xF: // Do something - return; -#endif - default: - return; - } + { +# if RH_ACT_0 + case 0: // Do something + return; +# endif +# if RH_ACT_1 + case 1: // Do something + return; +# endif +# if RH_ACT_2 + case 2: // Do something + return; +# endif +# if RH_ACT_3 + case 3: // Do something + return; +# endif +# if RH_ACT_4 + case 4: // Do something + return; +# endif +# if RH_ACT_5 + case 5: // Do something + return; +# endif +# if RH_ACT_6 + case 6: // Do something + return; +# endif +# if RH_ACT_7 + case 7: // Do something + return; +# endif +# if RH_ACT_8 + case 8: // Do something + return; +# endif +# if RH_ACT_9 + case 9: // Do something + return; +# endif +# if RH_ACT_A + case 0xA: // Do something + return; +# endif +# if RH_ACT_B + case 0xB: + // Do something + return; +# endif +# if RH_ACT_C + case 0xC: // Do something + return; +# endif +# if RH_ACT_D + case 0xD: // Do something + return; +# endif +# if RH_ACT_E + case 0xE: // Do something + return; +# endif +# if RH_ACT_F + case 0xF: // Do something + return; +# endif + default: + return; + } } #endif // libtpms added -/* C.16.2.2. ActGetDataPointer() */ -static P_ACT_DATA -ActGetDataPointer( - uint32_t act __attribute__((unused)) - ) + +//*** ActGetDataPointer() +static P_ACT_DATA ActGetDataPointer(uint32_t act) { - -#define RETURN_ACT_POINTER(N) if(0x##N == act) return &ACT_##N; - + +# define RETURN_ACT_POINTER(N) \ + if(0x##N == act) \ + return &ACT_##N; + FOR_EACH_ACT(RETURN_ACT_POINTER) - - return (P_ACT_DATA)NULL; + + return (P_ACT_DATA)NULL; } -/* C.16.2.3. _plat__ACT_GetImplemented() */ -/* This function tests to see if an ACT is implemented. It is a belt and suspenders function because - the TPM should not be calling to manipulate an ACT that is not implemented. However, this - could help the simulator code which doesn't necessarily know if an ACT is implemented or not. */ -LIB_EXPORT int -_plat__ACT_GetImplemented( - uint32_t act - ) + +//*** _plat__ACT_GetImplemented() +// This function tests to see if an ACT is implemented. It is a belt and suspenders +// function because the TPM should not be calling to manipulate an ACT that is not +// implemented. However, this could help the simulator code which doesn't necessarily +// know if an ACT is implemented or not. +LIB_EXPORT int _plat__ACT_GetImplemented(uint32_t act) { return (ActGetDataPointer(act) != NULL); } -/* C.16.2.4. _plat__ACT_GetRemaining() */ -/* This function returns the remaining time. If an update is pending, newValue is - returned. Otherwise, the current counter value is returned. Note that since the timers keep - running, the returned value can get stale immediately. The actual count value will be no greater - than the returned value. */ -LIB_EXPORT uint32_t -_plat__ACT_GetRemaining( - uint32_t act //IN: the ACT selector - ) + +//*** _plat__ACT_GetRemaining() +// This function returns the remaining time. If an update is pending, 'newValue' is +// returned. Otherwise, the current counter value is returned. Note that since the +// timers keep running, the returned value can get stale immediately. The actual count +// value will be no greater than the returned value. +LIB_EXPORT uint32_t _plat__ACT_GetRemaining(uint32_t act //IN: the ACT selector +) { - P_ACT_DATA actData = ActGetDataPointer(act); - uint32_t remain; + P_ACT_DATA actData = ActGetDataPointer(act); + uint32_t remain; // if(actData == NULL) - return 0; + return 0; remain = actData->remaining; if(actData->pending) - remain = actData->newValue; + remain = actData->newValue; return remain; } -/* C.16.2.5. _plat__ACT_GetSignaled() */ -LIB_EXPORT int -_plat__ACT_GetSignaled( - uint32_t act //IN: number of ACT to check - ) + +//*** _plat__ACT_GetSignaled() +LIB_EXPORT int _plat__ACT_GetSignaled(uint32_t act //IN: number of ACT to check +) { - P_ACT_DATA actData = ActGetDataPointer(act); + P_ACT_DATA actData = ActGetDataPointer(act); // if(actData == NULL) - return 0; + return 0; return (int)actData->signaled; } -/* C.16.2.6. _plat__ACT_SetSignaled() */ + #ifndef __ACT_DISABLED // libtpms added -LIB_EXPORT void -_plat__ACT_SetSignaled( - uint32_t act, - int on - ) +//*** _plat__ACT_SetSignaled() +LIB_EXPORT void _plat__ACT_SetSignaled(uint32_t act, int on) { ActSignal(ActGetDataPointer(act), on); } -/* C.16.2.7. _plat__ACT_GetPending() */ -LIB_EXPORT int -_plat__ACT_GetPending( - uint32_t act //IN: number of ACT to check - ) + +//*** _plat__ACT_GetPending() +LIB_EXPORT int _plat__ACT_GetPending(uint32_t act //IN: number of ACT to check +) { - P_ACT_DATA actData = ActGetDataPointer(act); + P_ACT_DATA actData = ActGetDataPointer(act); // if(actData == NULL) - return 0; + return 0; return (int)actData->pending; } -/* C.16.2.8. _plat__ACT_UpdateCounter() */ -/* This function is used to write the newValue for the counter. If an update is pending, then no - update occurs and the function returns FALSE. If setSignaled is TRUE, then the ACT signaled state - is SET and if newValue is 0, nothing is posted. */ -LIB_EXPORT int -_plat__ACT_UpdateCounter( - uint32_t act, // IN: ACT to update - uint32_t newValue // IN: the value to post - ) + +//*** _plat__ACT_UpdateCounter() +// This function is used to write the newValue for the counter. If an update is +// pending, then no update occurs and the function returns FALSE. If 'setSignaled' +// is TRUE, then the ACT signaled state is SET and if 'newValue' is 0, nothing +// is posted. +LIB_EXPORT int _plat__ACT_UpdateCounter(uint32_t act, // IN: ACT to update + uint32_t newValue // IN: the value to post +) { - P_ACT_DATA actData = ActGetDataPointer(act); + P_ACT_DATA actData = ActGetDataPointer(act); // if(actData == NULL) - // actData doesn't exist but pretend update is pending rather than indicate - // that a retry is necessary. - return TRUE; + // actData doesn't exist but pretend update is pending rather than indicate + // that a retry is necessary. + return TRUE; // if an update is pending then return FALSE so that there will be a retry if(actData->pending != 0) - return FALSE; + return FALSE; actData->newValue = newValue; - actData->pending = TRUE; - + actData->pending = TRUE; + return TRUE; } #endif // libtpms added -/* C.16.2.9. _plat__ACT_EnableTicks() */ -/* This enables and disables the processing of the once-per-second ticks. This should be turned off - (enable = FALSE) by _TPM_Init() and turned on (enable = TRUE) by TPM2_Startup() after all the - initializations have completed. */ -LIB_EXPORT void -_plat__ACT_EnableTicks( - int enable - ) + +//***_plat__ACT_EnableTicks() +// This enables and disables the processing of the once-per-second ticks. This should +// be turned off ('enable' = FALSE) by _TPM_Init and turned on ('enable' = TRUE) by +// TPM2_Startup() after all the initializations have completed. +LIB_EXPORT void _plat__ACT_EnableTicks(int enable) { actTicksAllowed = enable; } -/* C.16.2.10. ActDecrement() */ -/* If newValue is non-zero it is copied to remaining and then newValue is set to zero. Then - remaining is decremented by one if it is not already zero. If the value is decremented to zero, - then the associated event is signaled. If setting remaining causes it to be greater than 1, then - the signal associated with the ACT is turned off. */ + #ifndef __ACT_DISABLED // libtpms added -static void -ActDecrement( - P_ACT_DATA actData - ) +//*** ActDecrement() +// If 'newValue' is non-zero it is copied to 'remaining' and then 'newValue' is +// set to zero. Then 'remaining' is decremented by one if it is not already zero. If +// the value is decremented to zero, then the associated event is signaled. If setting +// 'remaining' causes it to be greater than 1, then the signal associated with the ACT +// is turned off. +static void ActDecrement(P_ACT_DATA actData) { // Check to see if there is an update pending if(actData->pending) - { - // If this update will cause the count to go from non-zero to zero, set - // the newValue to 1 so that it will timeout when decremented below. - if((actData->newValue == 0) && (actData->remaining != 0)) - actData->newValue = 1; - actData->remaining = actData->newValue; - - // Update processed - actData->pending = 0; - } + { + // If this update will cause the count to go from non-zero to zero, set + // the newValue to 1 so that it will timeout when decremented below. + if((actData->newValue == 0) && (actData->remaining != 0)) + actData->newValue = 1; + actData->remaining = actData->newValue; + + // Update processed + actData->pending = 0; + } // no update so countdown if the count is non-zero but not max if((actData->remaining != 0) && (actData->remaining != UINT32_MAX)) - { - // If this countdown causes the count to go to zero, then turn the signal for - // the ACT on. - if((actData->remaining -= 1) == 0) - ActSignal(actData, TRUE); - } + { + // If this countdown causes the count to go to zero, then turn the signal for + // the ACT on. + if((actData->remaining -= 1) == 0) + ActSignal(actData, TRUE); + } // If the current value of the counter is non-zero, then the signal should be // off. if(actData->signaled && (actData->remaining > 0)) - ActSignal(actData, FALSE); + ActSignal(actData, FALSE); } -/* C.16.2.11. _plat__ACT_Tick() */ -/* This processes the once-per-second clock tick from the hardware. This is set up for the simulator to use the control interface to send ticks to the TPM. These ticks do not have to be on a per second basis. They can be as slow or as fast as desired so that the simulation can be tested. */ -LIB_EXPORT void -_plat__ACT_Tick( - void - ) + +//*** _plat__ACT_Tick() +// This processes the once-per-second clock tick from the hardware. This is set up +// for the simulator to use the control interface to send ticks to the TPM. These +// ticks do not have to be on a per second basis. They can be as slow or as fast as +// desired so that the simulation can be tested. +LIB_EXPORT void _plat__ACT_Tick(void) { // Ticks processing is turned off at certain times just to make sure that nothing // strange is happening before pointers and things are if(actTicksAllowed) - { - // Handle the update for each counter. -#define DECREMENT_COUNT(N) ActDecrement(&ACT_##N); - - FOR_EACH_ACT(DECREMENT_COUNT) - } + { + // Handle the update for each counter. +# define DECREMENT_COUNT(N) ActDecrement(&ACT_##N); + + FOR_EACH_ACT(DECREMENT_COUNT) + } } -/* C.16.2.12. ActZero() */ -/* This function initializes a single ACT */ -static void -ActZero( - uint32_t act, - P_ACT_DATA actData - ) + +//*** ActZero() +// This function initializes a single ACT +static void ActZero(uint32_t act, P_ACT_DATA actData) { actData->remaining = 0; - actData->newValue = 0; - actData->pending = 0; - actData->number = (uint8_t)act; + actData->newValue = 0; + actData->pending = 0; + actData->number = (uint8_t)act; ActSignal(actData, FALSE); } #endif // libtpms added -/* C.16.2.13. _plat__ACT_Initialize() */ -/* This function initializes the ACT hardware and data structures */ -LIB_EXPORT int -_plat__ACT_Initialize( - void - ) + +//***_plat__ACT_Initialize() +// This function initializes the ACT hardware and data structures +LIB_EXPORT int _plat__ACT_Initialize(void) { actTicksAllowed = 0; -#define ZERO_ACT(N) ActZero(0x##N, &ACT_##N); +# define ZERO_ACT(N) ActZero(0x##N, &ACT_##N); FOR_EACH_ACT(ZERO_ACT) - - return TRUE; + + return TRUE; } +#endif // ACT_SUPPORT diff --git a/src/tpm2/PlatformACT.h b/src/tpm2/PlatformACT.h index e57b4454..03596082 100644 --- a/src/tpm2/PlatformACT.h +++ b/src/tpm2/PlatformACT.h @@ -59,152 +59,150 @@ /* */ /********************************************************************************/ -/* C.15 PlatformACT.h */ +// This file contains the definitions for the ACT macros and data types used in the +// ACT implementation. -// This file contains the definitions for the ACT macros and data types used in the ACT -// implementation. - -#ifndef PLATFORMACT_H -#define PLATFORMACT_H +#ifndef _PLATFORM_ACT_H_ +#define _PLATFORM_ACT_H_ typedef struct ACT_DATA { - uint32_t remaining; - uint32_t newValue; - uint8_t signaled; - uint8_t pending; - uint8_t number; + uint32_t remaining; + uint32_t newValue; + uint8_t signaled; + uint8_t pending; + uint8_t number; } ACT_DATA, *P_ACT_DATA; #if !(defined RH_ACT_0) || (RH_ACT_0 != YES) -# undef RH_ACT_0 -# define RH_ACT_0 NO -# define IF_ACT_0_IMPLEMENTED(op) +# undef RH_ACT_0 +# define RH_ACT_0 NO +# define IF_ACT_0_IMPLEMENTED(op) #else -# define IF_ACT_0_IMPLEMENTED(op) op(0) -#endif +# define IF_ACT_0_IMPLEMENTED(op) op(0) +#endif #if !(defined RH_ACT_1) || (RH_ACT_1 != YES) -# undef RH_ACT_1 -# define RH_ACT_1 NO -# define IF_ACT_1_IMPLEMENTED(op) +# undef RH_ACT_1 +# define RH_ACT_1 NO +# define IF_ACT_1_IMPLEMENTED(op) #else -# define IF_ACT_1_IMPLEMENTED(op) op(1) -#endif +# define IF_ACT_1_IMPLEMENTED(op) op(1) +#endif #if !(defined RH_ACT_2) || (RH_ACT_2 != YES) -# undef RH_ACT_2 -# define RH_ACT_2 NO -# define IF_ACT_2_IMPLEMENTED(op) +# undef RH_ACT_2 +# define RH_ACT_2 NO +# define IF_ACT_2_IMPLEMENTED(op) #else -# define IF_ACT_2_IMPLEMENTED(op) op(2) -#endif +# define IF_ACT_2_IMPLEMENTED(op) op(2) +#endif #if !(defined RH_ACT_3) || (RH_ACT_3 != YES) -# undef RH_ACT_3 -# define RH_ACT_3 NO -# define IF_ACT_3_IMPLEMENTED(op) +# undef RH_ACT_3 +# define RH_ACT_3 NO +# define IF_ACT_3_IMPLEMENTED(op) #else -# define IF_ACT_3_IMPLEMENTED(op) op(3) -#endif +# define IF_ACT_3_IMPLEMENTED(op) op(3) +#endif #if !(defined RH_ACT_4) || (RH_ACT_4 != YES) -# undef RH_ACT_4 -# define RH_ACT_4 NO -# define IF_ACT_4_IMPLEMENTED(op) +# undef RH_ACT_4 +# define RH_ACT_4 NO +# define IF_ACT_4_IMPLEMENTED(op) #else -# define IF_ACT_4_IMPLEMENTED(op) op(4) -#endif +# define IF_ACT_4_IMPLEMENTED(op) op(4) +#endif #if !(defined RH_ACT_5) || (RH_ACT_5 != YES) -# undef RH_ACT_5 -# define RH_ACT_5 NO -# define IF_ACT_5_IMPLEMENTED(op) +# undef RH_ACT_5 +# define RH_ACT_5 NO +# define IF_ACT_5_IMPLEMENTED(op) #else -# define IF_ACT_5_IMPLEMENTED(op) op(5) -#endif +# define IF_ACT_5_IMPLEMENTED(op) op(5) +#endif #if !(defined RH_ACT_6) || (RH_ACT_6 != YES) -# undef RH_ACT_6 -# define RH_ACT_6 NO -# define IF_ACT_6_IMPLEMENTED(op) +# undef RH_ACT_6 +# define RH_ACT_6 NO +# define IF_ACT_6_IMPLEMENTED(op) #else -# define IF_ACT_6_IMPLEMENTED(op) op(6) -#endif +# define IF_ACT_6_IMPLEMENTED(op) op(6) +#endif #if !(defined RH_ACT_7) || (RH_ACT_7 != YES) -# undef RH_ACT_7 -# define RH_ACT_7 NO -# define IF_ACT_7_IMPLEMENTED(op) +# undef RH_ACT_7 +# define RH_ACT_7 NO +# define IF_ACT_7_IMPLEMENTED(op) #else -# define IF_ACT_7_IMPLEMENTED(op) op(7) -#endif +# define IF_ACT_7_IMPLEMENTED(op) op(7) +#endif #if !(defined RH_ACT_8) || (RH_ACT_8 != YES) -# undef RH_ACT_8 -# define RH_ACT_8 NO -# define IF_ACT_8_IMPLEMENTED(op) +# undef RH_ACT_8 +# define RH_ACT_8 NO +# define IF_ACT_8_IMPLEMENTED(op) #else -# define IF_ACT_8_IMPLEMENTED(op) op(8) -#endif +# define IF_ACT_8_IMPLEMENTED(op) op(8) +#endif #if !(defined RH_ACT_9) || (RH_ACT_9 != YES) -# undef RH_ACT_9 -# define RH_ACT_9 NO -# define IF_ACT_9_IMPLEMENTED(op) +# undef RH_ACT_9 +# define RH_ACT_9 NO +# define IF_ACT_9_IMPLEMENTED(op) #else -# define IF_ACT_9_IMPLEMENTED(op) op(9) -#endif +# define IF_ACT_9_IMPLEMENTED(op) op(9) +#endif #if !(defined RH_ACT_A) || (RH_ACT_A != YES) -# undef RH_ACT_A -# define RH_ACT_A NO -# define IF_ACT_A_IMPLEMENTED(op) +# undef RH_ACT_A +# define RH_ACT_A NO +# define IF_ACT_A_IMPLEMENTED(op) #else -# define IF_ACT_A_IMPLEMENTED(op) op(A) -#endif +# define IF_ACT_A_IMPLEMENTED(op) op(A) +#endif #if !(defined RH_ACT_B) || (RH_ACT_B != YES) -# undef RH_ACT_B -# define RH_ACT_B NO -# define IF_ACT_B_IMPLEMENTED(op) +# undef RH_ACT_B +# define RH_ACT_B NO +# define IF_ACT_B_IMPLEMENTED(op) #else -# define IF_ACT_B_IMPLEMENTED(op) op(B) -#endif +# define IF_ACT_B_IMPLEMENTED(op) op(B) +#endif #if !(defined RH_ACT_C) || (RH_ACT_C != YES) -# undef RH_ACT_C -# define RH_ACT_C NO -# define IF_ACT_C_IMPLEMENTED(op) +# undef RH_ACT_C +# define RH_ACT_C NO +# define IF_ACT_C_IMPLEMENTED(op) #else -# define IF_ACT_C_IMPLEMENTED(op) op(C) -#endif +# define IF_ACT_C_IMPLEMENTED(op) op(C) +#endif #if !(defined RH_ACT_D) || (RH_ACT_D != YES) -# undef RH_ACT_D -# define RH_ACT_D NO -# define IF_ACT_D_IMPLEMENTED(op) +# undef RH_ACT_D +# define RH_ACT_D NO +# define IF_ACT_D_IMPLEMENTED(op) #else -# define IF_ACT_D_IMPLEMENTED(op) op(D) -#endif +# define IF_ACT_D_IMPLEMENTED(op) op(D) +#endif #if !(defined RH_ACT_E) || (RH_ACT_E != YES) -# undef RH_ACT_E -# define RH_ACT_E NO -# define IF_ACT_E_IMPLEMENTED(op) +# undef RH_ACT_E +# define RH_ACT_E NO +# define IF_ACT_E_IMPLEMENTED(op) #else -# define IF_ACT_E_IMPLEMENTED(op) op(E) -#endif +# define IF_ACT_E_IMPLEMENTED(op) op(E) +#endif #if !(defined RH_ACT_F) || (RH_ACT_F != YES) -# undef RH_ACT_F -# define RH_ACT_F NO -# define IF_ACT_F_IMPLEMENTED(op) +# undef RH_ACT_F +# define RH_ACT_F NO +# define IF_ACT_F_IMPLEMENTED(op) #else -# define IF_ACT_F_IMPLEMENTED(op) op(F) +# define IF_ACT_F_IMPLEMENTED(op) op(F) #endif -#define FOR_EACH_ACT(op) \ - IF_ACT_0_IMPLEMENTED(op) \ - IF_ACT_1_IMPLEMENTED(op) \ - IF_ACT_2_IMPLEMENTED(op) \ - IF_ACT_3_IMPLEMENTED(op) \ - IF_ACT_4_IMPLEMENTED(op) \ - IF_ACT_5_IMPLEMENTED(op) \ - IF_ACT_6_IMPLEMENTED(op) \ - IF_ACT_7_IMPLEMENTED(op) \ - IF_ACT_8_IMPLEMENTED(op) \ - IF_ACT_9_IMPLEMENTED(op) \ - IF_ACT_A_IMPLEMENTED(op) \ - IF_ACT_B_IMPLEMENTED(op) \ - IF_ACT_C_IMPLEMENTED(op) \ - IF_ACT_D_IMPLEMENTED(op) \ - IF_ACT_E_IMPLEMENTED(op) \ +#define FOR_EACH_ACT(op) \ + IF_ACT_0_IMPLEMENTED(op) \ + IF_ACT_1_IMPLEMENTED(op) \ + IF_ACT_2_IMPLEMENTED(op) \ + IF_ACT_3_IMPLEMENTED(op) \ + IF_ACT_4_IMPLEMENTED(op) \ + IF_ACT_5_IMPLEMENTED(op) \ + IF_ACT_6_IMPLEMENTED(op) \ + IF_ACT_7_IMPLEMENTED(op) \ + IF_ACT_8_IMPLEMENTED(op) \ + IF_ACT_9_IMPLEMENTED(op) \ + IF_ACT_A_IMPLEMENTED(op) \ + IF_ACT_B_IMPLEMENTED(op) \ + IF_ACT_C_IMPLEMENTED(op) \ + IF_ACT_D_IMPLEMENTED(op) \ + IF_ACT_E_IMPLEMENTED(op) \ IF_ACT_F_IMPLEMENTED(op) -#endif // _PLATFORM_ACT_H_ +#endif // _PLATFORM_ACT_H_ diff --git a/src/tpm2/PlatformClock.h b/src/tpm2/PlatformClock.h index 8f6ebb95..cece9e3f 100644 --- a/src/tpm2/PlatformClock.h +++ b/src/tpm2/PlatformClock.h @@ -59,17 +59,22 @@ /* */ /********************************************************************************/ -// C.16 PlatformClock.h This file contains the instance data for the Platform module. It is -// collected in this file so that the state of the module is easier to manage. +// This file contains the instance data for the Platform module. It is collected +// in this file so that the state of the module is easier to manage. + #ifndef _PLATFORM_CLOCK_H_ #define _PLATFORM_CLOCK_H_ -#ifdef _MSC_VER -#include -#include -#else -#include -#include + +#ifndef _ARM_ +# ifdef _MSC_VER +# include +# include +# else +# include +# endif #endif +#include + // CLOCK_NOMINAL is the number of hardware ticks per mS. A value of 300000 means that the nominal // clock rate used to drive the hardware clock is 30 MHz. The adjustment rates are used to determine // the conversion of the hardware ticks to internal hardware clock value. In practice, we would @@ -86,4 +91,4 @@ #define CLOCK_ADJUST_FINE 1 // The clock tolerance is +/-15% (4500 counts) Allow some guard band (16.7%) #define CLOCK_ADJUST_LIMIT 5000 -#endif // _PLATFORM_CLOCK_H_ +#endif // _PLATFORM_CLOCK_H_ diff --git a/src/tpm2/PlatformData.c b/src/tpm2/PlatformData.c index d6fb0c56..f02a5367 100644 --- a/src/tpm2/PlatformData.c +++ b/src/tpm2/PlatformData.c @@ -59,12 +59,10 @@ /* */ /********************************************************************************/ -/* C.9 PlatformData.c */ -/* C.9.1. Description */ -/* This file will instance the TPM variables that are not stack allocated. The descriptions for - these variables are in Global.h for this project. */ -/* C.9.2. Includes */ +//** Description +// This file will instance the TPM variables that are not stack allocated. The +// descriptions for these variables are in Global.h for this project. +//** Includes #define _PLATFORM_DATA_C_ -#include "Platform.h" - +#include "Platform.h" diff --git a/src/tpm2/PlatformData.h b/src/tpm2/PlatformData.h index e2a45e91..a53d7901 100644 --- a/src/tpm2/PlatformData.h +++ b/src/tpm2/PlatformData.h @@ -59,89 +59,101 @@ /* */ /********************************************************************************/ -/* c.8 PlatformData.h */ -/* This file contains the instance data for the Platform module. It is collected in this file so - that the state of the module is easier to manage. */ +// This file contains the instance data for the Platform module. It is collected +// in this file so that the state of the module is easier to manage. #ifndef _PLATFORM_DATA_H_ #define _PLATFORM_DATA_H_ -#ifdef _PLATFORM_DATA_C_ -#define EXTERN -#else -#define EXTERN extern -#endif -/* From Cancel.c Cancel flag. It is initialized as FALSE, which indicate the command is not being - canceled */ -EXTERN int s_isCanceled; +#ifndef EXTERN +# ifdef _PLATFORM_DATA_C_ +# define EXTERN +# else +# define EXTERN extern +# endif // _PLATFORM_DATA_C_ +#endif // EXTERN + +// From Cancel.c +// Cancel flag. It is initialized as FALSE, which indicate the command is not +// being canceled +EXTERN int s_isCanceled; #ifndef HARDWARE_CLOCK -typedef uint64_t clock64_t; -// This is the value returned the last time that the system clock was read. This is only relevant -// for a simulator or virtual TPM. -EXTERN clock64_t s_realTimePrevious; -// These values are used to try to synthesize a long lived version of clock(). -EXTERN clock64_t s_lastSystemTime; -EXTERN clock64_t s_lastReportedTime; -// This is the rate adjusted value that is the equivalent of what would be read from a hardware -// register that produced rate adjusted time. -EXTERN clock64_t s_tpmTime; -/* libtpms added begin */ -EXTERN int64_t s_hostMonotonicAdjustTime; -EXTERN uint64_t s_suspendedElapsedTime; -/* libtpms added end */ -#endif // HARDWARE_CLOCK +typedef uint64_t clock64_t; +// This is the value returned the last time that the system clock was read. This +// is only relevant for a simulator or virtual TPM. +EXTERN clock64_t s_realTimePrevious; -/* This value indicates that the timer was reset */ -EXTERN int s_timerReset; -/* This value indicates that the timer was stopped. It causes a clock discontinuity. */ -EXTERN int s_timerStopped; -/* This variable records the time when _plat__TimerReset() is called. This mechanism allow us to - subtract the time when TPM is power off from the total time reported by clock() function */ -EXTERN uint64_t s_initClock; -/* This variable records the timer adjustment factor. */ -EXTERN unsigned int s_adjustRate; -/* From LocalityPlat.c Locality of current command */ +// These values are used to try to synthesize a long lived version of clock(). +EXTERN clock64_t s_lastSystemTime; +EXTERN clock64_t s_lastReportedTime; + +// This is the rate adjusted value that is the equivalent of what would be read from +// a hardware register that produced rate adjusted time. +EXTERN clock64_t s_tpmTime; +/* libtpms added begin */ +EXTERN int64_t s_hostMonotonicAdjustTime; +EXTERN uint64_t s_suspendedElapsedTime; +/* libtpms added end */ +#endif // HARDWARE_CLOCK + +// This value indicates that the timer was reset +EXTERN int s_timerReset; +// This value indicates that the timer was stopped. It causes a clock discontinuity. +EXTERN int s_timerStopped; + +// This variable records the time when _plat__TimerReset is called. This mechanism +// allow us to subtract the time when TPM is power off from the total +// time reported by clock() function +EXTERN uint64_t s_initClock; + +// This variable records the timer adjustment factor. +EXTERN unsigned int s_adjustRate; + +// For LocalityPlat.c +// Locality of current command EXTERN unsigned char s_locality; -/* From NVMem.c Choose if the NV memory should be backed by RAM or by file. If this macro is - defined, then a file is used as NV. If it is not defined, then RAM is used to back NV - memory. Comment out to use RAM. */ -#if (!defined VTPM) || ((VTPM != NO) && (VTPM != YES)) -# undef VTPM -# define VTPM NO // Default: Either YES or NO libtpms: NO + +// For NVMem.c +// Choose if the NV memory should be backed by RAM or by file. +// If this macro is defined, then a file is used as NV. If it is not defined, +// then RAM is used to back NV memory. Comment out to use RAM. + +#if(!defined VTPM) || ((VTPM != NO) && (VTPM != YES)) +# undef VTPM +# define VTPM NO // Default: Either YES or NO libtpms: NO #endif // For a simulation, use a file to back up the NV - -#if (!defined FILE_BACKED_NV) || ((FILE_BACKED_NV != NO) && (FILE_BACKED_NV != YES)) -# undef FILE_BACKED_NV -# define FILE_BACKED_NV (VTPM && YES) // Default: Either YES or NO +#if(!defined FILE_BACKED_NV) || ((FILE_BACKED_NV != NO) && (FILE_BACKED_NV != YES)) +# undef FILE_BACKED_NV +# define FILE_BACKED_NV (VTPM && YES) // Default: Either YES or NO #endif #if !SIMULATION -# undef FILE_BACKED_NV -# define FILE_BACKED_NV YES // libtpms: write NvChip file if no callbacks are set +# undef FILE_BACKED_NV +# define FILE_BACKED_NV YES // libtpms: write NvChip file if no callbacks are set #else #error Do not define SIMULATION for libtpms! -#endif // SIMULATION +#endif // SIMULATION -EXTERN unsigned char s_NV[NV_MEMORY_SIZE]; -EXTERN int s_NvIsAvailable; -EXTERN int s_NV_unrecoverable; -EXTERN int s_NV_recoverable; +EXTERN unsigned char s_NV[NV_MEMORY_SIZE]; +EXTERN int s_NvIsAvailable; +EXTERN int s_NV_unrecoverable; +EXTERN int s_NV_recoverable; -/* From PPPlat.c Physical presence. */ -/* It is initialized to FALSE */ +// For PPPlat.c +// Physical presence. It is initialized to FALSE +EXTERN int s_physicalPresence; -EXTERN int s_physicalPresence; +// From Power +EXTERN int s_powerLost; -/* From Power */ -EXTERN int s_powerLost; +// For Entropy.c +EXTERN uint32_t lastEntropy; -/* From Entropy.c */ -EXTERN uint32_t lastEntropy; - -#define DEFINE_ACT(N) EXTERN ACT_DATA ACT_##N; +#define DEFINE_ACT(N) EXTERN ACT_DATA ACT_##N; FOR_EACH_ACT(DEFINE_ACT) -EXTERN int actTicksAllowed; -#endif // _PLATFORM_DATA_H_ +EXTERN int actTicksAllowed; + +#endif // _PLATFORM_DATA_H_ diff --git a/src/tpm2/PolicyAuthValue_fp.h b/src/tpm2/PolicyAuthValue_fp.h index 836cea0a..81993b36 100644 --- a/src/tpm2/PolicyAuthValue_fp.h +++ b/src/tpm2/PolicyAuthValue_fp.h @@ -59,21 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYAUTHVALUE_FP_H -#define POLICYAUTHVALUE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; +#if CC_PolicyAuthValue // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYAUTHVALUE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYAUTHVALUE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; } PolicyAuthValue_In; -#define RC_PolicyAuthValue_policySession (TPM_RC_H + TPM_RC_1) +// Response code modifiers +# define RC_PolicyAuthValue_policySession (TPM_RC_H + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PolicyAuthValue( - PolicyAuthValue_In *in // IN: input parameter list - ); +TPM2_PolicyAuthValue(PolicyAuthValue_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYAUTHVALUE_FP_H_ +#endif // CC_PolicyAuthValue diff --git a/src/tpm2/PolicyAuthorizeNV_fp.h b/src/tpm2/PolicyAuthorizeNV_fp.h index 03ebe52b..f1b71629 100644 --- a/src/tpm2/PolicyAuthorizeNV_fp.h +++ b/src/tpm2/PolicyAuthorizeNV_fp.h @@ -59,24 +59,30 @@ /* */ /********************************************************************************/ -/* rev 136 */ -#ifndef POLICYAUTHORIZENV_FP_H -#define POLICYAUTHORIZENV_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPMI_SH_POLICY policySession; +#if CC_PolicyAuthorizeNV // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYAUTHORIZENV_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYAUTHORIZENV_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPMI_SH_POLICY policySession; } PolicyAuthorizeNV_In; -#define RC_PolicyAuthorizeNV_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PolicyAuthorizeNV_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_PolicyAuthorizeNV_policySession (TPM_RC_H + TPM_RC_3) +// Response code modifiers +# define RC_PolicyAuthorizeNV_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_PolicyAuthorizeNV_nvIndex (TPM_RC_H + TPM_RC_2) +# define RC_PolicyAuthorizeNV_policySession (TPM_RC_H + TPM_RC_3) +// Function prototype TPM_RC -TPM2_PolicyAuthorizeNV( - PolicyAuthorizeNV_In *in // IN: input parameter list - ); +TPM2_PolicyAuthorizeNV(PolicyAuthorizeNV_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYAUTHORIZENV_FP_H_ +#endif // CC_PolicyAuthorizeNV diff --git a/src/tpm2/PolicyAuthorize_fp.h b/src/tpm2/PolicyAuthorize_fp.h index 42b67043..ed8fd452 100644 --- a/src/tpm2/PolicyAuthorize_fp.h +++ b/src/tpm2/PolicyAuthorize_fp.h @@ -59,28 +59,34 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYAUTHORIZE_FP_H -#define POLICYAUTHORIZE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST approvedPolicy; - TPM2B_NONCE policyRef; - TPM2B_NAME keySign; - TPMT_TK_VERIFIED checkTicket; +#if CC_PolicyAuthorize // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYAUTHORIZE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYAUTHORIZE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; + TPM2B_DIGEST approvedPolicy; + TPM2B_NONCE policyRef; + TPM2B_NAME keySign; + TPMT_TK_VERIFIED checkTicket; } PolicyAuthorize_In; -#define RC_PolicyAuthorize_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyAuthorize_approvedPolicy (TPM_RC_P + TPM_RC_1) -#define RC_PolicyAuthorize_policyRef (TPM_RC_P + TPM_RC_2) -#define RC_PolicyAuthorize_keySign (TPM_RC_P + TPM_RC_3) -#define RC_PolicyAuthorize_checkTicket (TPM_RC_P + TPM_RC_4) +// Response code modifiers +# define RC_PolicyAuthorize_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyAuthorize_approvedPolicy (TPM_RC_P + TPM_RC_1) +# define RC_PolicyAuthorize_policyRef (TPM_RC_P + TPM_RC_2) +# define RC_PolicyAuthorize_keySign (TPM_RC_P + TPM_RC_3) +# define RC_PolicyAuthorize_checkTicket (TPM_RC_P + TPM_RC_4) +// Function prototype TPM_RC -TPM2_PolicyAuthorize( - PolicyAuthorize_In *in // IN: input parameter list - ); +TPM2_PolicyAuthorize(PolicyAuthorize_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYAUTHORIZE_FP_H_ +#endif // CC_PolicyAuthorize diff --git a/src/tpm2/PolicyCapability_fp.h b/src/tpm2/PolicyCapability_fp.h index 12a68ea2..a1581568 100644 --- a/src/tpm2/PolicyCapability_fp.h +++ b/src/tpm2/PolicyCapability_fp.h @@ -58,11 +58,15 @@ /* */ /********************************************************************************/ + +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT + #if CC_PolicyCapability // Command must be enabled -#ifndef POLICYCAPABILITY_FP_H -#define POLICYCAPABILITY_FP_H +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYCAPABILITY_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYCAPABILITY_FP_H_ +// Input structure definition typedef struct { TPMI_SH_POLICY policySession; @@ -73,15 +77,17 @@ typedef struct UINT32 property; } PolicyCapability_In; -#define RC_PolicyCapability_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyCapability_operandB (TPM_RC_P + TPM_RC_1) -#define RC_PolicyCapability_offset (TPM_RC_P + TPM_RC_2) -#define RC_PolicyCapability_operation (TPM_RC_P + TPM_RC_3) -#define RC_PolicyCapability_capability (TPM_RC_P + TPM_RC_4) -#define RC_PolicyCapability_property (TPM_RC_P + TPM_RC_5) +// Response code modifiers +# define RC_PolicyCapability_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyCapability_operandB (TPM_RC_P + TPM_RC_1) +# define RC_PolicyCapability_offset (TPM_RC_P + TPM_RC_2) +# define RC_PolicyCapability_operation (TPM_RC_P + TPM_RC_3) +# define RC_PolicyCapability_capability (TPM_RC_P + TPM_RC_4) +# define RC_PolicyCapability_property (TPM_RC_P + TPM_RC_5) +// Function prototype TPM_RC TPM2_PolicyCapability(PolicyCapability_In* in); -#endif // POLICYCAPABILITY_FP_H -#endif // CC_PolicyCapability +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYCAPABILITY_FP_H_ +#endif // CC_PolicyCapability diff --git a/src/tpm2/PolicyCommandCode_fp.h b/src/tpm2/PolicyCommandCode_fp.h index 698c5a58..b83057a1 100644 --- a/src/tpm2/PolicyCommandCode_fp.h +++ b/src/tpm2/PolicyCommandCode_fp.h @@ -59,22 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYCOMMANDCODE_FP_H -#define POLICYCOMMANDCODE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; - TPM_CC code; +#if CC_PolicyCommandCode // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYCOMMANDCODE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYCOMMANDCODE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; + TPM_CC code; } PolicyCommandCode_In; -#define RC_PolicyCommandCode_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyCommandCode_code (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_PolicyCommandCode_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyCommandCode_code (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PolicyCommandCode( - PolicyCommandCode_In *in // IN: input parameter list - ); +TPM2_PolicyCommandCode(PolicyCommandCode_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYCOMMANDCODE_FP_H_ +#endif // CC_PolicyCommandCode diff --git a/src/tpm2/PolicyCounterTimer_fp.h b/src/tpm2/PolicyCounterTimer_fp.h index 2302b652..8f1b0fcd 100644 --- a/src/tpm2/PolicyCounterTimer_fp.h +++ b/src/tpm2/PolicyCounterTimer_fp.h @@ -59,27 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYCOUNTERTIMER_FP_H -#define POLICYCOUNTERTIMER_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_OPERAND operandB; - UINT16 offset; - TPM_EO operation; +#if CC_PolicyCounterTimer // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYCOUNTERTIMER_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYCOUNTERTIMER_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; + TPM2B_OPERAND operandB; + UINT16 offset; + TPM_EO operation; } PolicyCounterTimer_In; -#define RC_PolicyCounterTimer_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyCounterTimer_operandB (TPM_RC_P + TPM_RC_1) -#define RC_PolicyCounterTimer_offset (TPM_RC_P + TPM_RC_2) -#define RC_PolicyCounterTimer_operation (TPM_RC_P + TPM_RC_3) +// Response code modifiers +# define RC_PolicyCounterTimer_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyCounterTimer_operandB (TPM_RC_P + TPM_RC_1) +# define RC_PolicyCounterTimer_offset (TPM_RC_P + TPM_RC_2) +# define RC_PolicyCounterTimer_operation (TPM_RC_P + TPM_RC_3) +// Function prototype TPM_RC -TPM2_PolicyCounterTimer( - PolicyCounterTimer_In *in // IN: input parameter list - ); +TPM2_PolicyCounterTimer(PolicyCounterTimer_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYCOUNTERTIMER_FP_H_ +#endif // CC_PolicyCounterTimer diff --git a/src/tpm2/PolicyCpHash_fp.h b/src/tpm2/PolicyCpHash_fp.h index 0ee1ea2f..4ae2a1ae 100644 --- a/src/tpm2/PolicyCpHash_fp.h +++ b/src/tpm2/PolicyCpHash_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYCPHASH_FP_H -#define POLICYCPHASH_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST cpHashA; +#if CC_PolicyCpHash // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYCPHASH_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYCPHASH_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; + TPM2B_DIGEST cpHashA; } PolicyCpHash_In; -#define RC_PolicyCpHash_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyCpHash_cpHashA (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_PolicyCpHash_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyCpHash_cpHashA (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PolicyCpHash( - PolicyCpHash_In *in // IN: input parameter list - ); +TPM2_PolicyCpHash(PolicyCpHash_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYCPHASH_FP_H_ +#endif // CC_PolicyCpHash diff --git a/src/tpm2/PolicyDuplicationSelect_fp.h b/src/tpm2/PolicyDuplicationSelect_fp.h index c1010daf..5dd4a9e3 100644 --- a/src/tpm2/PolicyDuplicationSelect_fp.h +++ b/src/tpm2/PolicyDuplicationSelect_fp.h @@ -59,27 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYDUPLICATIONSELECT_FP_H -#define POLICYDUPLICATIONSELECT_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_NAME objectName; - TPM2B_NAME newParentName; - TPMI_YES_NO includeObject; +#if CC_PolicyDuplicationSelect // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYDUPLICATIONSELECT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYDUPLICATIONSELECT_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; + TPM2B_NAME objectName; + TPM2B_NAME newParentName; + TPMI_YES_NO includeObject; } PolicyDuplicationSelect_In; -#define RC_PolicyDuplicationSelect_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyDuplicationSelect_objectName (TPM_RC_P + TPM_RC_1) -#define RC_PolicyDuplicationSelect_newParentName (TPM_RC_P + TPM_RC_2) -#define RC_PolicyDuplicationSelect_includeObject (TPM_RC_P + TPM_RC_3) +// Response code modifiers +# define RC_PolicyDuplicationSelect_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyDuplicationSelect_objectName (TPM_RC_P + TPM_RC_1) +# define RC_PolicyDuplicationSelect_newParentName (TPM_RC_P + TPM_RC_2) +# define RC_PolicyDuplicationSelect_includeObject (TPM_RC_P + TPM_RC_3) +// Function prototype TPM_RC -TPM2_PolicyDuplicationSelect( - PolicyDuplicationSelect_In *in // IN: input parameter list - ); +TPM2_PolicyDuplicationSelect(PolicyDuplicationSelect_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYDUPLICATIONSELECT_FP_H_ +#endif // CC_PolicyDuplicationSelect diff --git a/src/tpm2/PolicyGetDigest_fp.h b/src/tpm2/PolicyGetDigest_fp.h index 921d55eb..341d7e25 100644 --- a/src/tpm2/PolicyGetDigest_fp.h +++ b/src/tpm2/PolicyGetDigest_fp.h @@ -59,26 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYGETDIGEST_FP_H -#define POLICYGETDIGEST_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; +#if CC_PolicyGetDigest // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYGETDIGEST_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYGETDIGEST_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; } PolicyGetDigest_In; -#define RC_PolicyGetDigest_policySession (TPM_RC_P + TPM_RC_1) - -typedef struct { - TPM2B_DIGEST policyDigest; +// Output structure definition +typedef struct +{ + TPM2B_DIGEST policyDigest; } PolicyGetDigest_Out; +// Response code modifiers +# define RC_PolicyGetDigest_policySession (TPM_RC_H + TPM_RC_1) + +// Function prototype TPM_RC -TPM2_PolicyGetDigest( - PolicyGetDigest_In *in, // IN: input parameter list - PolicyGetDigest_Out *out // OUT: output parameter list - ); +TPM2_PolicyGetDigest(PolicyGetDigest_In* in, PolicyGetDigest_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYGETDIGEST_FP_H_ +#endif // CC_PolicyGetDigest diff --git a/src/tpm2/PolicyLocality_fp.h b/src/tpm2/PolicyLocality_fp.h index c9f0cc4d..20426c3a 100644 --- a/src/tpm2/PolicyLocality_fp.h +++ b/src/tpm2/PolicyLocality_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYLOCALITY_FP_H -#define POLICYLOCALITY_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; - TPMA_LOCALITY locality; +#if CC_PolicyLocality // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYLOCALITY_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYLOCALITY_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; + TPMA_LOCALITY locality; } PolicyLocality_In; -#define RC_PolicyLocality_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyLocality_locality (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_PolicyLocality_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyLocality_locality (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PolicyLocality( - PolicyLocality_In *in // IN: input parameter list - ); +TPM2_PolicyLocality(PolicyLocality_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYLOCALITY_FP_H_ +#endif // CC_PolicyLocality diff --git a/src/tpm2/PolicyNV_fp.h b/src/tpm2/PolicyNV_fp.h index 4666e950..ad3f5635 100644 --- a/src/tpm2/PolicyNV_fp.h +++ b/src/tpm2/PolicyNV_fp.h @@ -59,30 +59,36 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYNV_FP_H -#define POLICYNV_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_NV_AUTH authHandle; - TPMI_RH_NV_INDEX nvIndex; - TPMI_SH_POLICY policySession; - TPM2B_OPERAND operandB; - UINT16 offset; - TPM_EO operation; +#if CC_PolicyNV // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYNV_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYNV_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_NV_AUTH authHandle; + TPMI_RH_NV_INDEX nvIndex; + TPMI_SH_POLICY policySession; + TPM2B_OPERAND operandB; + UINT16 offset; + TPM_EO operation; } PolicyNV_In; -#define RC_PolicyNV_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PolicyNV_nvIndex (TPM_RC_H + TPM_RC_2) -#define RC_PolicyNV_policySession (TPM_RC_H + TPM_RC_3) -#define RC_PolicyNV_operandB (TPM_RC_P + TPM_RC_1) -#define RC_PolicyNV_offset (TPM_RC_P + TPM_RC_2) -#define RC_PolicyNV_operation (TPM_RC_P + TPM_RC_3) +// Response code modifiers +# define RC_PolicyNV_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_PolicyNV_nvIndex (TPM_RC_H + TPM_RC_2) +# define RC_PolicyNV_policySession (TPM_RC_H + TPM_RC_3) +# define RC_PolicyNV_operandB (TPM_RC_P + TPM_RC_1) +# define RC_PolicyNV_offset (TPM_RC_P + TPM_RC_2) +# define RC_PolicyNV_operation (TPM_RC_P + TPM_RC_3) +// Function prototype TPM_RC -TPM2_PolicyNV( - PolicyNV_In *in // IN: input parameter list - ); +TPM2_PolicyNV(PolicyNV_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYNV_FP_H_ +#endif // CC_PolicyNV diff --git a/src/tpm2/PolicyNameHash_fp.h b/src/tpm2/PolicyNameHash_fp.h index 89945b1f..e12be208 100644 --- a/src/tpm2/PolicyNameHash_fp.h +++ b/src/tpm2/PolicyNameHash_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYNAMEHASH_FP_H -#define POLICYNAMEHASH_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST nameHash; +#if CC_PolicyNameHash // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYNAMEHASH_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYNAMEHASH_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; + TPM2B_DIGEST nameHash; } PolicyNameHash_In; -#define RC_PolicyNameHash_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyNameHash_nameHash (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_PolicyNameHash_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyNameHash_nameHash (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PolicyNameHash( - PolicyNameHash_In *in // IN: input parameter list - ); +TPM2_PolicyNameHash(PolicyNameHash_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYNAMEHASH_FP_H_ +#endif // CC_PolicyNameHash diff --git a/src/tpm2/PolicyNvWritten_fp.h b/src/tpm2/PolicyNvWritten_fp.h index 2e78a147..d0d54e55 100644 --- a/src/tpm2/PolicyNvWritten_fp.h +++ b/src/tpm2/PolicyNvWritten_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYNVWRITTEN_FP_H -#define POLICYNVWRITTEN_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; - TPMI_YES_NO writtenSet; +#if CC_PolicyNvWritten // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYNVWRITTEN_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYNVWRITTEN_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; + TPMI_YES_NO writtenSet; } PolicyNvWritten_In; -#define RC_PolicyNvWritten_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyNvWritten_writtenSet (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_PolicyNvWritten_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyNvWritten_writtenSet (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PolicyNvWritten( - PolicyNvWritten_In *in // IN: input parameter list - ); +TPM2_PolicyNvWritten(PolicyNvWritten_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYNVWRITTEN_FP_H_ +#endif // CC_PolicyNvWritten diff --git a/src/tpm2/PolicyOR_fp.h b/src/tpm2/PolicyOR_fp.h index 5af84b9e..1eb6dc7b 100644 --- a/src/tpm2/PolicyOR_fp.h +++ b/src/tpm2/PolicyOR_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYOR_FP_H -#define POLICYOR_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; - TPML_DIGEST pHashList; +#if CC_PolicyOR // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYOR_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYOR_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; + TPML_DIGEST pHashList; } PolicyOR_In; -#define RC_PolicyOR_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyOR_pHashList (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_PolicyOR_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyOR_pHashList (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PolicyOR( - PolicyOR_In *in // IN: input parameter list - ); +TPM2_PolicyOR(PolicyOR_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYOR_FP_H_ +#endif // CC_PolicyOR diff --git a/src/tpm2/PolicyPCR_fp.h b/src/tpm2/PolicyPCR_fp.h index cc53313e..ab6f14df 100644 --- a/src/tpm2/PolicyPCR_fp.h +++ b/src/tpm2/PolicyPCR_fp.h @@ -59,24 +59,30 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYPCR_FP_H -#define POLICYPCR_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST pcrDigest; - TPML_PCR_SELECTION pcrs; +#if CC_PolicyPCR // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYPCR_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYPCR_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; + TPM2B_DIGEST pcrDigest; + TPML_PCR_SELECTION pcrs; } PolicyPCR_In; -#define RC_PolicyPCR_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyPCR_pcrDigest (TPM_RC_P + TPM_RC_1) -#define RC_PolicyPCR_pcrs (TPM_RC_P + TPM_RC_2) +// Response code modifiers +# define RC_PolicyPCR_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyPCR_pcrDigest (TPM_RC_P + TPM_RC_1) +# define RC_PolicyPCR_pcrs (TPM_RC_P + TPM_RC_2) +// Function prototype TPM_RC -TPM2_PolicyPCR( - PolicyPCR_In *in // IN: input parameter list - ); +TPM2_PolicyPCR(PolicyPCR_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYPCR_FP_H_ +#endif // CC_PolicyPCR diff --git a/src/tpm2/PolicyParameters_fp.h b/src/tpm2/PolicyParameters_fp.h index 7eb8ae68..0fc77e5a 100644 --- a/src/tpm2/PolicyParameters_fp.h +++ b/src/tpm2/PolicyParameters_fp.h @@ -58,22 +58,28 @@ /* */ /********************************************************************************/ + +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT + #if CC_PolicyParameters // Command must be enabled -#ifndef POLICYPARAMETERS_FP_H_ -#define POLICYPARAMETERS_FP_H_ +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYPARAMETERS_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYPARAMETERS_FP_H_ +// Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPM2B_DIGEST pHash; } PolicyParameters_In; -#define RC_PolicyParameters_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyParameters_pHash (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_PolicyParameters_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyParameters_pHash (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC TPM2_PolicyParameters(PolicyParameters_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYPARAMETERS_FP_H_ #endif // CC_PolicyParameters diff --git a/src/tpm2/PolicyPassword_fp.h b/src/tpm2/PolicyPassword_fp.h index 7671a5ef..35f1e5ba 100644 --- a/src/tpm2/PolicyPassword_fp.h +++ b/src/tpm2/PolicyPassword_fp.h @@ -59,21 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYPASSWORD_FP_H -#define POLICYPASSWORD_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; +#if CC_PolicyPassword // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYPASSWORD_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYPASSWORD_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; } PolicyPassword_In; -#define RC_PolicyPassword_policySession (TPM_RC_H + TPM_RC_1) +// Response code modifiers +# define RC_PolicyPassword_policySession (TPM_RC_H + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PolicyPassword( - PolicyPassword_In *in // IN: input parameter list - ); +TPM2_PolicyPassword(PolicyPassword_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYPASSWORD_FP_H_ +#endif // CC_PolicyPassword diff --git a/src/tpm2/PolicyPhysicalPresence_fp.h b/src/tpm2/PolicyPhysicalPresence_fp.h index aa59a6a2..57973f26 100644 --- a/src/tpm2/PolicyPhysicalPresence_fp.h +++ b/src/tpm2/PolicyPhysicalPresence_fp.h @@ -59,20 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYPHYSICALPRESENCE_FP_H -#define POLICYPHYSICALPRESENCE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; +#if CC_PolicyPhysicalPresence // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYPHYSICALPRESENCE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYPHYSICALPRESENCE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; } PolicyPhysicalPresence_In; -#define RC_PolicyPhysicalPresence_policySession (TPM_RC_H + TPM_RC_1) +// Response code modifiers +# define RC_PolicyPhysicalPresence_policySession (TPM_RC_H + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PolicyPhysicalPresence( - PolicyPhysicalPresence_In *in // IN: input parameter list - ); +TPM2_PolicyPhysicalPresence(PolicyPhysicalPresence_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYPHYSICALPRESENCE_FP_H_ +#endif // CC_PolicyPhysicalPresence diff --git a/src/tpm2/PolicyRestart_fp.h b/src/tpm2/PolicyRestart_fp.h index 279b7ce0..0bf8ae81 100644 --- a/src/tpm2/PolicyRestart_fp.h +++ b/src/tpm2/PolicyRestart_fp.h @@ -59,21 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYRESTART_FP_H -#define POLICYRESTART_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY sessionHandle; +#if CC_PolicyRestart // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYRESTART_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYRESTART_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY sessionHandle; } PolicyRestart_In; -#define RC_PolicyRestart_sessionHandle (TPM_RC_H + TPM_RC_1) +// Response code modifiers +# define RC_PolicyRestart_sessionHandle (TPM_RC_H + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PolicyRestart( - PolicyRestart_In *in // IN: input parameter list - ); +TPM2_PolicyRestart(PolicyRestart_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYRESTART_FP_H_ +#endif // CC_PolicyRestart diff --git a/src/tpm2/PolicySecret_fp.h b/src/tpm2/PolicySecret_fp.h index ff89a6ce..87bde53c 100644 --- a/src/tpm2/PolicySecret_fp.h +++ b/src/tpm2/PolicySecret_fp.h @@ -59,37 +59,43 @@ /* */ /********************************************************************************/ -/* rev 124 */ -#ifndef POLICYSECRET_FP_H -#define POLICYSECRET_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_ENTITY authHandle; - TPMI_SH_POLICY policySession; - TPM2B_NONCE nonceTPM; - TPM2B_DIGEST cpHashA; - TPM2B_NONCE policyRef; - INT32 expiration; +#if CC_PolicySecret // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYSECRET_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYSECRET_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_ENTITY authHandle; + TPMI_SH_POLICY policySession; + TPM2B_NONCE nonceTPM; + TPM2B_DIGEST cpHashA; + TPM2B_NONCE policyRef; + INT32 expiration; } PolicySecret_In; -#define RC_PolicySecret_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_PolicySecret_policySession (TPM_RC_H + TPM_RC_2) -#define RC_PolicySecret_nonceTPM (TPM_RC_P + TPM_RC_1) -#define RC_PolicySecret_cpHashA (TPM_RC_P + TPM_RC_2) -#define RC_PolicySecret_policyRef (TPM_RC_P + TPM_RC_3) -#define RC_PolicySecret_expiration (TPM_RC_P + TPM_RC_4) - -typedef struct { - TPM2B_TIMEOUT timeout; - TPMT_TK_AUTH policyTicket; +// Output structure definition +typedef struct +{ + TPM2B_TIMEOUT timeout; + TPMT_TK_AUTH policyTicket; } PolicySecret_Out; +// Response code modifiers +# define RC_PolicySecret_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_PolicySecret_policySession (TPM_RC_H + TPM_RC_2) +# define RC_PolicySecret_nonceTPM (TPM_RC_P + TPM_RC_1) +# define RC_PolicySecret_cpHashA (TPM_RC_P + TPM_RC_2) +# define RC_PolicySecret_policyRef (TPM_RC_P + TPM_RC_3) +# define RC_PolicySecret_expiration (TPM_RC_P + TPM_RC_4) + +// Function prototype TPM_RC -TPM2_PolicySecret( - PolicySecret_In *in, // IN: input parameter list - PolicySecret_Out *out // OUT: output parameter list - ); +TPM2_PolicySecret(PolicySecret_In* in, PolicySecret_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYSECRET_FP_H_ +#endif // CC_PolicySecret diff --git a/src/tpm2/PolicySigned_fp.h b/src/tpm2/PolicySigned_fp.h index 3c75b422..faae23db 100644 --- a/src/tpm2/PolicySigned_fp.h +++ b/src/tpm2/PolicySigned_fp.h @@ -59,38 +59,45 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYSIGNED_FP_H -#define POLICYSIGNED_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT authObject; - TPMI_SH_POLICY policySession; - TPM2B_NONCE nonceTPM; - TPM2B_DIGEST cpHashA; - TPM2B_NONCE policyRef; - INT32 expiration; - TPMT_SIGNATURE auth; +#if CC_PolicySigned // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYSIGNED_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYSIGNED_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT authObject; + TPMI_SH_POLICY policySession; + TPM2B_NONCE nonceTPM; + TPM2B_DIGEST cpHashA; + TPM2B_NONCE policyRef; + INT32 expiration; + TPMT_SIGNATURE auth; } PolicySigned_In; -#define RC_PolicySigned_authObject (TPM_RC_H + TPM_RC_1) -#define RC_PolicySigned_policySession (TPM_RC_H + TPM_RC_2) -#define RC_PolicySigned_nonceTPM (TPM_RC_P + TPM_RC_1) -#define RC_PolicySigned_cpHashA (TPM_RC_P + TPM_RC_2) -#define RC_PolicySigned_policyRef (TPM_RC_P + TPM_RC_3) -#define RC_PolicySigned_expiration (TPM_RC_P + TPM_RC_4) -#define RC_PolicySigned_auth (TPM_RC_P + TPM_RC_5) - -typedef struct { - TPM2B_TIMEOUT timeout; - TPMT_TK_AUTH policyTicket; +// Output structure definition +typedef struct +{ + TPM2B_TIMEOUT timeout; + TPMT_TK_AUTH policyTicket; } PolicySigned_Out; -TPM_RC -TPM2_PolicySigned( - PolicySigned_In *in, // IN: input parameter list - PolicySigned_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_PolicySigned_authObject (TPM_RC_H + TPM_RC_1) +# define RC_PolicySigned_policySession (TPM_RC_H + TPM_RC_2) +# define RC_PolicySigned_nonceTPM (TPM_RC_P + TPM_RC_1) +# define RC_PolicySigned_cpHashA (TPM_RC_P + TPM_RC_2) +# define RC_PolicySigned_policyRef (TPM_RC_P + TPM_RC_3) +# define RC_PolicySigned_expiration (TPM_RC_P + TPM_RC_4) +# define RC_PolicySigned_auth (TPM_RC_P + TPM_RC_5) -#endif +// Function prototype +TPM_RC +TPM2_PolicySigned(PolicySigned_In* in, PolicySigned_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYSIGNED_FP_H_ +#endif // CC_PolicySigned diff --git a/src/tpm2/PolicyTemplate_fp.h b/src/tpm2/PolicyTemplate_fp.h index d56825b7..372cc43f 100644 --- a/src/tpm2/PolicyTemplate_fp.h +++ b/src/tpm2/PolicyTemplate_fp.h @@ -59,23 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYTEMPLATE_FP_H -#define POLICYTEMPLATE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_DIGEST templateHash; +#if CC_PolicyTemplate // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYTEMPLATE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYTEMPLATE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; + TPM2B_DIGEST templateHash; } PolicyTemplate_In; -#define RC_PolicyTemplate_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyTemplate_templateHash (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_PolicyTemplate_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyTemplate_templateHash (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_PolicyTemplate( - PolicyTemplate_In *in // IN: input parameter list - ); +TPM2_PolicyTemplate(PolicyTemplate_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYTEMPLATE_FP_H_ +#endif // CC_PolicyTemplate diff --git a/src/tpm2/PolicyTicket_fp.h b/src/tpm2/PolicyTicket_fp.h index 8d78c87f..d591ca1b 100644 --- a/src/tpm2/PolicyTicket_fp.h +++ b/src/tpm2/PolicyTicket_fp.h @@ -59,31 +59,36 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef POLICYTICKET_FP_H -#define POLICYTICKET_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_SH_POLICY policySession; - TPM2B_TIMEOUT timeout; - TPM2B_DIGEST cpHashA; - TPM2B_NONCE policyRef; - TPM2B_NAME authName; - TPMT_TK_AUTH ticket; +#if CC_PolicyTicket // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYTICKET_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYTICKET_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_SH_POLICY policySession; + TPM2B_TIMEOUT timeout; + TPM2B_DIGEST cpHashA; + TPM2B_NONCE policyRef; + TPM2B_NAME authName; + TPMT_TK_AUTH ticket; } PolicyTicket_In; -#define RC_PolicyTicket_policySession (TPM_RC_H + TPM_RC_1) -#define RC_PolicyTicket_timeout (TPM_RC_P + TPM_RC_1) -#define RC_PolicyTicket_cpHashA (TPM_RC_P + TPM_RC_2) -#define RC_PolicyTicket_policyRef (TPM_RC_P + TPM_RC_3) -#define RC_PolicyTicket_authName (TPM_RC_P + TPM_RC_4) -#define RC_PolicyTicket_ticket (TPM_RC_P + TPM_RC_5) +// Response code modifiers +# define RC_PolicyTicket_policySession (TPM_RC_H + TPM_RC_1) +# define RC_PolicyTicket_timeout (TPM_RC_P + TPM_RC_1) +# define RC_PolicyTicket_cpHashA (TPM_RC_P + TPM_RC_2) +# define RC_PolicyTicket_policyRef (TPM_RC_P + TPM_RC_3) +# define RC_PolicyTicket_authName (TPM_RC_P + TPM_RC_4) +# define RC_PolicyTicket_ticket (TPM_RC_P + TPM_RC_5) +// Function prototype TPM_RC -TPM2_PolicyTicket( - PolicyTicket_In *in // IN: input parameter list - ); +TPM2_PolicyTicket(PolicyTicket_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_POLICYTICKET_FP_H_ +#endif // CC_PolicyTicket diff --git a/src/tpm2/Policy_spt.c b/src/tpm2/Policy_spt.c index 4c2de20b..30e62724 100644 --- a/src/tpm2/Policy_spt.c +++ b/src/tpm2/Policy_spt.c @@ -59,242 +59,248 @@ /* */ /********************************************************************************/ -/* 7.4 Policy Command Support (Policy_spt.c) */ +//** Includes #include "Tpm.h" #include "Policy_spt_fp.h" #include "PolicySigned_fp.h" #include "PolicySecret_fp.h" #include "PolicyTicket_fp.h" -/* 7.4.1 PolicyParameterChecks() */ -/* This function validates the common parameters of TPM2_PolicySiged() and TPM2_PolicySecret(). The - common parameters are nonceTPM, expiration, and cpHashA. */ + +//** Functions +//*** PolicyParameterChecks() +// This function validates the common parameters of TPM2_PolicySiged() +// and TPM2_PolicySecret(). The common parameters are 'nonceTPM', +// 'expiration', and 'cpHashA'. TPM_RC -PolicyParameterChecks( - SESSION *session, - UINT64 authTimeout, - TPM2B_DIGEST *cpHashA, - TPM2B_NONCE *nonce, - TPM_RC blameNonce, - TPM_RC blameCpHash, - TPM_RC blameExpiration - ) +PolicyParameterChecks(SESSION* session, + UINT64 authTimeout, + TPM2B_DIGEST* cpHashA, + TPM2B_NONCE* nonce, + TPM_RC blameNonce, + TPM_RC blameCpHash, + TPM_RC blameExpiration) { // Validate that input nonceTPM is correct if present if(nonce != NULL && nonce->t.size != 0) - { - if(!MemoryEqual2B(&nonce->b, &session->nonceTPM.b)) - return TPM_RCS_NONCE + blameNonce; - } + { + if(!MemoryEqual2B(&nonce->b, &session->nonceTPM.b)) + return TPM_RCS_NONCE + blameNonce; + } // If authTimeout is set (expiration != 0... if(authTimeout != 0) - { - // Validate input expiration. - // Cannot compare time if clock stop advancing. A TPM_RC_NV_UNAVAILABLE - // or TPM_RC_NV_RATE error may be returned here. - RETURN_IF_NV_IS_NOT_AVAILABLE; - // if the time has already passed or the time epoch has changed then the - // time value is no longer good. - if((authTimeout < g_time) - || (session->epoch != g_timeEpoch)) - return TPM_RCS_EXPIRED + blameExpiration; - } + { + // Validate input expiration. + // Cannot compare time if clock stop advancing. A TPM_RC_NV_UNAVAILABLE + // or TPM_RC_NV_RATE error may be returned here. + RETURN_IF_NV_IS_NOT_AVAILABLE; + + // if the time has already passed or the time epoch has changed then the + // time value is no longer good. + if((authTimeout < g_time) || (session->epoch != g_timeEpoch)) + return TPM_RCS_EXPIRED + blameExpiration; + } // If the cpHash is present, then check it if(cpHashA != NULL && cpHashA->t.size != 0) - { - // The cpHash input has to have the correct size - if(cpHashA->t.size != session->u2.policyDigest.t.size) - return TPM_RCS_SIZE + blameCpHash; - // If the cpHash has already been set, then this input value - // must match the current value. - if(session->u1.cpHash.b.size != 0 - && !MemoryEqual2B(&cpHashA->b, &session->u1.cpHash.b)) - return TPM_RC_CPHASH; - } + { + // The cpHash input has to have the correct size + if(cpHashA->t.size != session->u2.policyDigest.t.size) + return TPM_RCS_SIZE + blameCpHash; + + // If the cpHash has already been set, then this input value + // must match the current value. + if(session->u1.cpHash.b.size != 0 + && !MemoryEqual2B(&cpHashA->b, &session->u1.cpHash.b)) + return TPM_RC_CPHASH; + } return TPM_RC_SUCCESS; } -/* 7.4.2 PolicyContextUpdate() */ -/* Update policy hash Update the policyDigest in policy session by extending policyRef and - objectName to it. This will also update the cpHash if it is present. */ -void -PolicyContextUpdate( - TPM_CC commandCode, // IN: command code - TPM2B_NAME *name, // IN: name of entity - TPM2B_NONCE *ref, // IN: the reference data - TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) - UINT64 policyTimeout, // IN: the timeout value for the policy - SESSION *session // IN/OUT: policy session to be updated - ) + +//*** PolicyContextUpdate() +// Update policy hash +// Update the policyDigest in policy session by extending policyRef and +// objectName to it. This will also update the cpHash if it is present. +// +// Return Type: void +void PolicyContextUpdate( + TPM_CC commandCode, // IN: command code + TPM2B_NAME* name, // IN: name of entity + TPM2B_NONCE* ref, // IN: the reference data + TPM2B_DIGEST* cpHash, // IN: the cpHash (optional) + UINT64 policyTimeout, // IN: the timeout value for the policy + SESSION* session // IN/OUT: policy session to be updated +) { - HASH_STATE hashState; + HASH_STATE hashState; + // Start hash CryptHashStart(&hashState, session->authHashAlg); + // policyDigest size should always be the digest size of session hash algorithm. pAssert(session->u2.policyDigest.t.size - == CryptHashGetDigestSize(session->authHashAlg)); + == CryptHashGetDigestSize(session->authHashAlg)); + // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + // add commandCode CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); + // add name if applicable if(name != NULL) - CryptDigestUpdate2B(&hashState, &name->b); + CryptDigestUpdate2B(&hashState, &name->b); + // Complete the digest and get the results CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + // If the policy reference is not null, do a second update to the digest. if(ref != NULL) - { - // Start second hash computation - CryptHashStart(&hashState, session->authHashAlg); - // add policyDigest - CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); - // add policyRef - CryptDigestUpdate2B(&hashState, &ref->b); - // Complete second digest - CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); - } + { + + // Start second hash computation + CryptHashStart(&hashState, session->authHashAlg); + + // add policyDigest + CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); + + // add policyRef + CryptDigestUpdate2B(&hashState, &ref->b); + + // Complete second digest + CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); + } // Deal with the cpHash. If the cpHash value is present // then it would have already been checked to make sure that // it is compatible with the current value so all we need // to do here is copy it and set the isCpHashDefined attribute if(cpHash != NULL && cpHash->t.size != 0) - { - session->u1.cpHash = *cpHash; - session->attributes.isCpHashDefined = SET; - } + { + session->u1.cpHash = *cpHash; + session->attributes.isCpHashDefined = SET; + } + // update the timeout if it is specified if(policyTimeout != 0) - { - // If the timeout has not been set, then set it to the new value - // than the current timeout then set it to the new value - if(session->timeout == 0 || session->timeout > policyTimeout) - session->timeout = policyTimeout; - } + { + // If the timeout has not been set, then set it to the new value + // than the current timeout then set it to the new value + if(session->timeout == 0 || session->timeout > policyTimeout) + session->timeout = policyTimeout; + } return; } -/* 7.4.2.1 ComputeAuthTimeout() */ -/* This function is used to determine what the authorization timeout value for the session should - be. */ +//*** ComputeAuthTimeout() +// This function is used to determine what the authorization timeout value for +// the session should be. UINT64 -ComputeAuthTimeout( - SESSION *session, // IN: the session containing the time - // values - INT32 expiration, // IN: either the number of seconds from - // the start of the session or the - // time in g_timer; - TPM2B_NONCE *nonce // IN: indicator of the time base - ) +ComputeAuthTimeout(SESSION* session, // IN: the session containing the time + // values + INT32 expiration, // IN: either the number of seconds from + // the start of the session or the + // time in g_timer; + TPM2B_NONCE* nonce // IN: indicator of the time base +) { - UINT64 policyTime; + UINT64 policyTime; // If no expiration, policy time is 0 if(expiration == 0) - policyTime = 0; + policyTime = 0; else - { - if(expiration < 0) { - if (expiration == (INT32)0x80000000) /* libtpms changed begin; ubsan */ - expiration++; /* libtpms changed end */ - expiration = -expiration; - } - if(nonce->t.size == 0) - // The input time is absolute Time (not Clock), but it is expressed - // in seconds. To make sure that we don't time out too early, take the - // current value of milliseconds in g_time and add that to the input - // seconds value. - policyTime = (((UINT64)expiration) * 1000) + g_time % 1000; - else - // The policy timeout is the absolute value of the expiration in seconds - // added to the start time of the policy. - policyTime = session->startTime + (((UINT64)expiration) * 1000); - } + { + if(expiration < 0) { // libtpms changed + if (expiration == (INT32)0x80000000) /* libtpms changed begin; ubsan */ + expiration++; /* libtpms changed end */ + expiration = -expiration; + } // libtpms changed + if(nonce->t.size == 0) + // The input time is absolute Time (not Clock), but it is expressed + // in seconds. To make sure that we don't time out too early, take the + // current value of milliseconds in g_time and add that to the input + // seconds value. + policyTime = (((UINT64)expiration) * 1000) + g_time % 1000; + else + // The policy timeout is the absolute value of the expiration in seconds + // added to the start time of the policy. + policyTime = session->startTime + (((UINT64)expiration) * 1000); + } return policyTime; } -/* 7.4.2.2 PolicyDigestClear() */ -/* Function to reset the policyDigest of a session */ -void -PolicyDigestClear( - SESSION *session - ) + +//*** PolicyDigestClear() +// Function to reset the policyDigest of a session +void PolicyDigestClear(SESSION* session) { session->u2.policyDigest.t.size = CryptHashGetDigestSize(session->authHashAlg); - MemorySet(session->u2.policyDigest.t.buffer, 0, - session->u2.policyDigest.t.size); + MemorySet(session->u2.policyDigest.t.buffer, 0, session->u2.policyDigest.t.size); } -/* 7.4.2.5 PolicySptCheckCondition() */ -/* Checks to see if the condition in the policy is satisfied. */ - -BOOL -PolicySptCheckCondition( - TPM_EO operation, - BYTE *opA, - BYTE *opB, - UINT16 size - ) +//*** PolicySptCheckCondition() +// Checks to see if the condition in the policy is satisfied. +BOOL PolicySptCheckCondition(TPM_EO operation, BYTE* opA, BYTE* opB, UINT16 size) { // Arithmetic Comparison switch(operation) - { - case TPM_EO_EQ: - // compare A = B - return (UnsignedCompareB(size, opA, size, opB) == 0); - break; - case TPM_EO_NEQ: - // compare A != B - return (UnsignedCompareB(size, opA, size, opB) != 0); - break; - case TPM_EO_SIGNED_GT: - // compare A > B signed - return (SignedCompareB(size, opA, size, opB) > 0); - break; - case TPM_EO_UNSIGNED_GT: - // compare A > B unsigned - return (UnsignedCompareB(size, opA, size, opB) > 0); - break; - case TPM_EO_SIGNED_LT: - // compare A < B signed - return (SignedCompareB(size, opA, size, opB) < 0); - break; - case TPM_EO_UNSIGNED_LT: - // compare A < B unsigned - return (UnsignedCompareB(size, opA, size, opB) < 0); - break; - case TPM_EO_SIGNED_GE: - // compare A >= B signed - return (SignedCompareB(size, opA, size, opB) >= 0); - break; - case TPM_EO_UNSIGNED_GE: - // compare A >= B unsigned - return (UnsignedCompareB(size, opA, size, opB) >= 0); - break; - case TPM_EO_SIGNED_LE: - // compare A <= B signed - return (SignedCompareB(size, opA, size, opB) <= 0); - break; - case TPM_EO_UNSIGNED_LE: - // compare A <= B unsigned - return (UnsignedCompareB(size, opA, size, opB) <= 0); - break; - case TPM_EO_BITSET: - // All bits SET in B are SET in A. ((A&B)=B) - { - UINT32 i; - for(i = 0; i < size; i++) - if((opA[i] & opB[i]) != opB[i]) - return FALSE; - } - break; - case TPM_EO_BITCLEAR: - // All bits SET in B are CLEAR in A. ((A&B)=0) - { - UINT32 i; - for(i = 0; i < size; i++) - if((opA[i] & opB[i]) != 0) - return FALSE; - } - break; - default: - FAIL(FATAL_ERROR_INTERNAL); - break; - } + { + case TPM_EO_EQ: + // compare A = B + return (UnsignedCompareB(size, opA, size, opB) == 0); + break; + case TPM_EO_NEQ: + // compare A != B + return (UnsignedCompareB(size, opA, size, opB) != 0); + break; + case TPM_EO_SIGNED_GT: + // compare A > B signed + return (SignedCompareB(size, opA, size, opB) > 0); + break; + case TPM_EO_UNSIGNED_GT: + // compare A > B unsigned + return (UnsignedCompareB(size, opA, size, opB) > 0); + break; + case TPM_EO_SIGNED_LT: + // compare A < B signed + return (SignedCompareB(size, opA, size, opB) < 0); + break; + case TPM_EO_UNSIGNED_LT: + // compare A < B unsigned + return (UnsignedCompareB(size, opA, size, opB) < 0); + break; + case TPM_EO_SIGNED_GE: + // compare A >= B signed + return (SignedCompareB(size, opA, size, opB) >= 0); + break; + case TPM_EO_UNSIGNED_GE: + // compare A >= B unsigned + return (UnsignedCompareB(size, opA, size, opB) >= 0); + break; + case TPM_EO_SIGNED_LE: + // compare A <= B signed + return (SignedCompareB(size, opA, size, opB) <= 0); + break; + case TPM_EO_UNSIGNED_LE: + // compare A <= B unsigned + return (UnsignedCompareB(size, opA, size, opB) <= 0); + break; + case TPM_EO_BITSET: + // All bits SET in B are SET in A. ((A&B)=B) + { + UINT32 i; + for(i = 0; i < size; i++) + if((opA[i] & opB[i]) != opB[i]) + return FALSE; + } + break; + case TPM_EO_BITCLEAR: + // All bits SET in B are CLEAR in A. ((A&B)=0) + { + UINT32 i; + for(i = 0; i < size; i++) + if((opA[i] & opB[i]) != 0) + return FALSE; + } + break; + default: + FAIL(FATAL_ERROR_INTERNAL); + break; + } return TRUE; } diff --git a/src/tpm2/Policy_spt_fp.h b/src/tpm2/Policy_spt_fp.h index 86bd43e1..7ae827ab 100644 --- a/src/tpm2/Policy_spt_fp.h +++ b/src/tpm2/Policy_spt_fp.h @@ -59,52 +59,61 @@ /* */ /********************************************************************************/ -#ifndef POLICY_SPT_FP_H -#define POLICY_SPT_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 4, 2020 Time: 02:36:44PM + */ +#ifndef _POLICY_SPT_FP_H_ +#define _POLICY_SPT_FP_H_ + +//** Functions +//*** PolicyParameterChecks() +// This function validates the common parameters of TPM2_PolicySiged() +// and TPM2_PolicySecret(). The common parameters are 'nonceTPM', +// 'expiration', and 'cpHashA'. TPM_RC -PolicyParameterChecks( - SESSION *session, - UINT64 authTimeout, - TPM2B_DIGEST *cpHashA, - TPM2B_NONCE *nonce, - TPM_RC blameNonce, - TPM_RC blameCpHash, - TPM_RC blameExpiration - ); -void -PolicyContextUpdate( - TPM_CC commandCode, // IN: command code - TPM2B_NAME *name, // IN: name of entity - TPM2B_NONCE *ref, // IN: the reference data - TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) - UINT64 policyTimeout, // IN: the timeout value for the policy - SESSION *session // IN/OUT: policy session to be updated - ); +PolicyParameterChecks(SESSION* session, + UINT64 authTimeout, + TPM2B_DIGEST* cpHashA, + TPM2B_NONCE* nonce, + TPM_RC blameNonce, + TPM_RC blameCpHash, + TPM_RC blameExpiration); + +//*** PolicyContextUpdate() +// Update policy hash +// Update the policyDigest in policy session by extending policyRef and +// objectName to it. This will also update the cpHash if it is present. +// +// Return Type: void +void PolicyContextUpdate( + TPM_CC commandCode, // IN: command code + TPM2B_NAME* name, // IN: name of entity + TPM2B_NONCE* ref, // IN: the reference data + TPM2B_DIGEST* cpHash, // IN: the cpHash (optional) + UINT64 policyTimeout, // IN: the timeout value for the policy + SESSION* session // IN/OUT: policy session to be updated +); + +//*** ComputeAuthTimeout() +// This function is used to determine what the authorization timeout value for +// the session should be. UINT64 -ComputeAuthTimeout( - SESSION *session, // IN: the session containing the time - // values - INT32 expiration, // IN: either the number of seconds from - // the start of the session or the - // time in g_timer; - TPM2B_NONCE *nonce // IN: indicator of the time base - ); -void -PolicyDigestClear( - SESSION *session - ); -BOOL -PolicySptCheckCondition( - TPM_EO operation, - BYTE *opA, - BYTE *opB, - UINT16 size - ); +ComputeAuthTimeout(SESSION* session, // IN: the session containing the time + // values + INT32 expiration, // IN: either the number of seconds from + // the start of the session or the + // time in g_timer; + TPM2B_NONCE* nonce // IN: indicator of the time base +); +//*** PolicyDigestClear() +// Function to reset the policyDigest of a session +void PolicyDigestClear(SESSION* session); +//*** PolicySptCheckCondition() +// Checks to see if the condition in the policy is satisfied. +BOOL PolicySptCheckCondition(TPM_EO operation, BYTE* opA, BYTE* opB, UINT16 size); - - - -#endif +#endif // _POLICY_SPT_FP_H_ diff --git a/src/tpm2/Power.c b/src/tpm2/Power.c index 30363b50..5c313ea8 100644 --- a/src/tpm2/Power.c +++ b/src/tpm2/Power.c @@ -59,51 +59,42 @@ /* */ /********************************************************************************/ -/* 9.13 Power.c */ -/* 9.13.1 Description */ -/* This file contains functions that receive the simulated power state transitions of the TPM. */ -/* 9.13.2 Includes and Data Definitions */ +//** Description + +// This file contains functions that receive the simulated power state +// transitions of the TPM. + +//** Includes and Data Definitions #define POWER_C #include "Tpm.h" -/* 9.13.3 Functions */ -/* 9.13.3.1 TPMInit() */ -/* This function is used to process a power on event. */ -void -TPMInit( - void - ) +//** Functions + +//*** TPMInit() +// This function is used to process a power on event. +void TPMInit(void) { // Set state as not initialized. This means that Startup is required g_initialized = FALSE; return; } -/* 9.13.3.2 TPMRegisterStartup() */ -/* This function registers the fact that the TPM has been initialized (a TPM2_Startup() has - completed successfully). */ - -BOOL -TPMRegisterStartup( - void - ) +//*** TPMRegisterStartup() +// This function registers the fact that the TPM has been initialized +// (a TPM2_Startup() has completed successfully). +BOOL TPMRegisterStartup(void) { g_initialized = TRUE; return TRUE; } -/* 9.13.3.3 TPMIsStarted() */ -/* Indicates if the TPM has been initialized (a TPM2_Startup() has completed successfully after a - _TPM_Init()). */ -/* Return Values Meaning */ -/* TRUE TPM has been initialized */ -/* FALSE TPM has not been initialized */ - -BOOL -TPMIsStarted( - void - ) +//*** TPMIsStarted() +// Indicates if the TPM has been initialized (a TPM2_Startup() has completed +// successfully after a _TPM_Init). +// Return Type: BOOL +// TRUE(1) TPM has been initialized +// FALSE(0) TPM has not been initialized +BOOL TPMIsStarted(void) { return g_initialized; } - diff --git a/src/tpm2/PowerPlat.c b/src/tpm2/PowerPlat.c index 94e89454..c9b4a098 100644 --- a/src/tpm2/PowerPlat.c +++ b/src/tpm2/PowerPlat.c @@ -59,72 +59,73 @@ /* */ /********************************************************************************/ -/* C.7 PowerPlat.c */ -/* C.7.1. Includes and Function Prototypes */ -#include "Platform.h" -#include "PlatformACT_fp.h" /* added kgold */ -#include "_TPM_Init_fp.h" -/* C.7.2. Functions */ -/* C.7.2.1. _plat__Signal_PowerOn() */ -/* Signal platform power on */ -LIB_EXPORT int -_plat__Signal_PowerOn( - void - ) +//** Includes and Function Prototypes + +#include "Platform.h" + +//** Functions + +//***_plat__Signal_PowerOn() +// Signal platform power on +LIB_EXPORT int _plat__Signal_PowerOn(void) { // Reset the timer _plat__TimerReset(); + // Need to indicate that we lost power s_powerLost = TRUE; + return 0; } -/* C.7.2.2. _plat__WasPowerLost() */ -/* Test whether power was lost before a _TPM_Init(). */ -/* This function will clear the hardware indication of power loss before return. This means that - there can only be one spot in the TPM code where this value gets read. This method is used here - as it is the most difficult to manage in the TPM code and, if the hardware actually works this - way, it is hard to make it look like anything else. So, the burden is placed on the TPM code - rather than the platform code */ -/* Return Values Meaning */ -/* TRUE(1) power was lost */ -/* FALSE(0) power was not lost */ -LIB_EXPORT int -_plat__WasPowerLost( - void - ) + +//*** _plat__WasPowerLost() +// Test whether power was lost before a _TPM_Init. +// +// This function will clear the "hardware" indication of power loss before return. +// This means that there can only be one spot in the TPM code where this value +// gets read. This method is used here as it is the most difficult to manage in the +// TPM code and, if the hardware actually works this way, it is hard to make it +// look like anything else. So, the burden is placed on the TPM code rather than the +// platform code +// Return Type: int +// TRUE(1) power was lost +// FALSE(0) power was not lost +LIB_EXPORT int _plat__WasPowerLost(void) { - int retVal = s_powerLost; + int retVal = s_powerLost; s_powerLost = FALSE; return retVal; } -/* C.7.2.3. _plat_Signal_Reset() */ -/* This a TPM reset without a power loss. */ -LIB_EXPORT int -_plat__Signal_Reset( - void - ) + +//*** _plat_Signal_Reset() +// This a TPM reset without a power loss. +LIB_EXPORT int _plat__Signal_Reset(void) { // Initialize locality s_locality = 0; + // Command cancel s_isCanceled = FALSE; + _TPM_Init(); + // if we are doing reset but did not have a power failure, then we should // not need to reload NV ... + return 0; } -/* C.7.2.4. _plat__Signal_PowerOff() */ -/* Signal platform power off */ -LIB_EXPORT void -_plat__Signal_PowerOff( - void - ) + +//***_plat__Signal_PowerOff() +// Signal platform power off +LIB_EXPORT void _plat__Signal_PowerOff(void) { // Prepare NV memory for power off _plat__NVDisable((void*)FALSE, 0); + #if ACT_SUPPORT // Disable tick ACT tick processing _plat__ACT_EnableTicks(FALSE); -#endif // Disable tick ACT tick processing +#endif + return; } diff --git a/src/tpm2/Power_fp.h b/src/tpm2/Power_fp.h index 7c995435..e19a5f2c 100644 --- a/src/tpm2/Power_fp.h +++ b/src/tpm2/Power_fp.h @@ -59,21 +59,29 @@ /* */ /********************************************************************************/ -#ifndef POWER_FP_H -#define POWER_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 11:00:49AM + */ -void -TPMInit( - void - ); -BOOL -TPMRegisterStartup( - void - ); -BOOL -TPMIsStarted( - void - ); +#ifndef _POWER_FP_H_ +#define _POWER_FP_H_ +//*** TPMInit() +// This function is used to process a power on event. +void TPMInit(void); -#endif +//*** TPMRegisterStartup() +// This function registers the fact that the TPM has been initialized +// (a TPM2_Startup() has completed successfully). +BOOL TPMRegisterStartup(void); + +//*** TPMIsStarted() +// Indicates if the TPM has been initialized (a TPM2_Startup() has completed +// successfully after a _TPM_Init). +// Return Type: BOOL +// TRUE(1) TPM has been initialized +// FALSE(0) TPM has not been initialized +BOOL TPMIsStarted(void); + +#endif // _POWER_FP_H_ diff --git a/src/tpm2/PrimeData.c b/src/tpm2/PrimeData.c index ecb1ebf0..0b5f5ca2 100644 --- a/src/tpm2/PrimeData.c +++ b/src/tpm2/PrimeData.c @@ -67,13 +67,13 @@ const CRYPT_INT_BUF(smallprimecomp, 43 * RADIX_BITS) s_CompositeOfSmallPrimes_ = {44, 44, {0x2ED42696, 0x2BBFA177, 0x4820594F, 0xF73F4841, 0xBFAC313A, 0xCAC3EB81, - 0xF6F26BF8, 0x7FAB5061, 0x59746FB7, 0xF71377F6, 0x3B19855B, 0xCBD03132, - 0xBB92EF1B, 0x3AC3152C, 0xE87C8273, 0xC0AE0E69, 0x74A9E295, 0x448CCE86, - 0x63CA1907, 0x8A0BF944, 0xF8CC3BE0, 0xC26F0AF5, 0xC501C02F, 0x6579441A, - 0xD1099CDA, 0x6BC76A00, 0xC81A3228, 0xBFB1AB25, 0x70FA3841, 0x51B3D076, - 0xCC2359ED, 0xD9EE0769, 0x75E47AF0, 0xD45FF31E, 0x52CCE4F6, 0x04DBC891, - 0x96658ED2, 0x1753EFE5, 0x3AE4A5A6, 0x8FD4A97F, 0x8B15E7EB, 0x0243C3E1, - 0xE0F0C31D, 0x0000000B}}; + 0xF6F26BF8, 0x7FAB5061, 0x59746FB7, 0xF71377F6, 0x3B19855B, 0xCBD03132, + 0xBB92EF1B, 0x3AC3152C, 0xE87C8273, 0xC0AE0E69, 0x74A9E295, 0x448CCE86, + 0x63CA1907, 0x8A0BF944, 0xF8CC3BE0, 0xC26F0AF5, 0xC501C02F, 0x6579441A, + 0xD1099CDA, 0x6BC76A00, 0xC81A3228, 0xBFB1AB25, 0x70FA3841, 0x51B3D076, + 0xCC2359ED, 0xD9EE0769, 0x75E47AF0, 0xD45FF31E, 0x52CCE4F6, 0x04DBC891, + 0x96658ED2, 0x1753EFE5, 0x3AE4A5A6, 0x8FD4A97F, 0x8B15E7EB, 0x0243C3E1, + 0xE0F0C31D, 0x0000000B}}; const Crypt_Int* s_CompositeOfSmallPrimes = (const Crypt_Int*)&s_CompositeOfSmallPrimes_; diff --git a/src/tpm2/PropertyCap.c b/src/tpm2/PropertyCap.c index 4d576019..585a40ce 100644 --- a/src/tpm2/PropertyCap.c +++ b/src/tpm2/PropertyCap.c @@ -54,560 +54,587 @@ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ -/* (c) Copyright IBM Corp. and others, 2016 - 2023 */ +/* (c) Copyright IBM Corp. and others, 2016 - 2025 */ /* */ /********************************************************************************/ +//** Description +// This file contains the functions that are used for accessing the +// TPM_CAP_TPM_PROPERTY values. + +//** Includes -/* 9.14 PropertyCap.c */ -/* 9.14.1 Description */ -/* This file contains the functions that are used for accessing the TPM_CAP_TPM_PROPERTY values. */ -/* 9.14.2 Includes */ #include "Tpm.h" #define TPM_HAVE_TPM2_DECLARATIONS #include "tpm_library_intern.h" // libtpms added -/* 9.14.3 Functions */ -/* 9.14.3.1 TPMPropertyIsDefined() */ -/* This function accepts a property selection and, if so, sets value to the value of the - property. */ -/* All the fixed values are vendor dependent or determined by a platform-specific specification. The - values in the table below are examples and should be changed by the vendor. */ -/* Return Values Meaning */ -/* TRUE referenced property exists and value set */ -/* FALSE referenced property does not exist */ -static BOOL -TPMPropertyIsDefined( - TPM_PT property, // IN: property - UINT32 *value // OUT: property value - ) +//** Functions + +//*** TPMPropertyIsDefined() +// This function accepts a property selection and, if so, sets 'value' +// to the value of the property. +// +// All the fixed values are vendor dependent or determined by a +// platform-specific specification. The values in the table below +// are examples and should be changed by the vendor. +// Return Type: BOOL +// TRUE(1) referenced property exists and 'value' set +// FALSE(0) referenced property does not exist +static BOOL TPMPropertyIsDefined(TPM_PT property, // IN: property + UINT32* value // OUT: property value +) { switch(property) - { - case TPM_PT_FAMILY_INDICATOR: - // from the title page of the specification - // For this specification, the value is "2.0". - *value = TPM_SPEC_FAMILY; - break; - case TPM_PT_LEVEL: - // from the title page of the specification - *value = TPM_SPEC_LEVEL; - break; - case TPM_PT_REVISION: - // from the title page of the specification - *value = TPM_SPEC_VERSION; - break; - case TPM_PT_DAY_OF_YEAR: - // computed from the date value on the title page of the specification - *value = TPM_SPEC_DAY_OF_YEAR; - break; - case TPM_PT_YEAR: - // from the title page of the specification - *value = TPM_SPEC_YEAR; - break; - case TPM_PT_MANUFACTURER: - *value = _plat__GetManufacturerCapabilityCode(); - // vendor ID unique to each TPM manufacturer - break; - case TPM_PT_VENDOR_STRING_1: - // first four characters of the vendor ID string - *value = _plat__GetVendorCapabilityCode(1); - break; - case TPM_PT_VENDOR_STRING_2: - *value = _plat__GetVendorCapabilityCode(2); - break; - case TPM_PT_VENDOR_STRING_3: - // third four characters of the vendor ID string - *value = _plat__GetVendorCapabilityCode(3); - break; - case TPM_PT_VENDOR_STRING_4: - // fourth four characters of the vendor ID string - *value = _plat__GetVendorCapabilityCode(4); - break; - case TPM_PT_VENDOR_TPM_TYPE: - *value = _plat__GetTpmType(); - break; - case TPM_PT_FIRMWARE_VERSION_1: - // more significant 32-bits of a vendor-specific value - *value = gp.firmwareV1; - break; - case TPM_PT_FIRMWARE_VERSION_2: - // less significant 32-bits of a vendor-specific value - *value = gp.firmwareV2; - break; - case TPM_PT_INPUT_BUFFER: - // maximum size of TPM2B_MAX_BUFFER - *value = MAX_DIGEST_BUFFER; - break; - case TPM_PT_HR_TRANSIENT_MIN: - // minimum number of transient objects that can be held in TPM - // RAM - *value = MAX_LOADED_OBJECTS; - break; - case TPM_PT_HR_PERSISTENT_MIN: - // minimum number of persistent objects that can be held in - // TPM NV memory - // In this implementation, there is no minimum number of - // persistent objects. - *value = MIN_EVICT_OBJECTS; - break; - case TPM_PT_HR_LOADED_MIN: - // minimum number of authorization sessions that can be held in - // TPM RAM - *value = MAX_LOADED_SESSIONS; - break; - case TPM_PT_ACTIVE_SESSIONS_MAX: - // number of authorization sessions that may be active at a time - *value = MAX_ACTIVE_SESSIONS; - break; - case TPM_PT_PCR_COUNT: - // number of PCR implemented - *value = IMPLEMENTATION_PCR; - break; - case TPM_PT_PCR_SELECT_MIN: - // minimum number of bytes in a TPMS_PCR_SELECT.sizeOfSelect - *value = PCR_SELECT_MIN; - break; - case TPM_PT_CONTEXT_GAP_MAX: - // maximum allowed difference (unsigned) between the contextID - // values of two saved session contexts -#if 0 - *value = ((UINT32)1 << (sizeof(CONTEXT_SLOT) * 8)) - 1; -#endif - *value = s_ContextSlotMask; // libtpms added; the mask is either 0xff (old state) or 0xffff - break; - case TPM_PT_NV_COUNTERS_MAX: - // maximum number of NV indexes that are allowed to have the - // TPMA_NV_COUNTER attribute SET - // In this implementation, there is no limitation on the number - // of counters, except for the size of the NV Index memory. - *value = 0; - break; - case TPM_PT_NV_INDEX_MAX: - // maximum size of an NV index data area - *value = MAX_NV_INDEX_SIZE; - break; - case TPM_PT_MEMORY: - // a TPMA_MEMORY indicating the memory management method for the TPM - { - union - { - TPMA_MEMORY att; - UINT32 u32; - } attributes = { TPMA_ZERO_INITIALIZER() }; - SET_ATTRIBUTE(attributes.att, TPMA_MEMORY, sharedNV); - SET_ATTRIBUTE(attributes.att, TPMA_MEMORY, objectCopiedToRam); - // Note: For a LSb0 machine, the bits in a bit field are in the correct - // order even if the machine is MSB0. For a MSb0 machine, a TPMA will - // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will - // NO) so the bits are manipulated correctly. - *value = attributes.u32; - break; - } - case TPM_PT_CLOCK_UPDATE: - // interval, in seconds, between updates to the copy of - // TPMS_TIME_INFO .clock in NV - *value = (1 << NV_CLOCK_UPDATE_INTERVAL); - break; - case TPM_PT_CONTEXT_HASH: - // algorithm used for the integrity hash on saved contexts and - // for digesting the fuData of TPM2_FirmwareRead() - *value = CONTEXT_INTEGRITY_HASH_ALG; - break; - case TPM_PT_CONTEXT_SYM: - // algorithm used for encryption of saved contexts - *value = CONTEXT_ENCRYPT_ALG; - break; - case TPM_PT_CONTEXT_SYM_SIZE: - // size of the key used for encryption of saved contexts - *value = CONTEXT_ENCRYPT_KEY_BITS; - break; - case TPM_PT_ORDERLY_COUNT: - // maximum difference between the volatile and non-volatile - // versions of TPMA_NV_COUNTER that have TPMA_NV_ORDERLY SET - *value = MAX_ORDERLY_COUNT; - break; - case TPM_PT_MAX_COMMAND_SIZE: - // maximum value for 'commandSize' - *value = MAX_COMMAND_SIZE; - break; - case TPM_PT_MAX_RESPONSE_SIZE: - // maximum value for 'responseSize' - *value = MAX_RESPONSE_SIZE; - break; - case TPM_PT_MAX_DIGEST: - // maximum size of a digest that can be produced by the TPM - *value = sizeof(TPMU_HA); - break; - case TPM_PT_MAX_OBJECT_CONTEXT: - // Header has 'sequence', 'handle' and 'hierarchy' -#define SIZE_OF_CONTEXT_HEADER \ - sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + sizeof(TPMI_RH_HIERARCHY) + { + case TPM_PT_FAMILY_INDICATOR: + // from the title page of the specification + // For this specification, the value is "2.0". + *value = TPM_SPEC_FAMILY; + break; + case TPM_PT_LEVEL: + // from the title page of the specification + *value = TPM_SPEC_LEVEL; + break; + case TPM_PT_REVISION: + // from the title page of the specification + *value = TPM_SPEC_VERSION; + break; + case TPM_PT_DAY_OF_YEAR: + // computed from the date value on the title page of the specification + *value = TPM_SPEC_DAY_OF_YEAR; + break; + case TPM_PT_YEAR: + // from the title page of the specification + *value = TPM_SPEC_YEAR; + break; + + case TPM_PT_MANUFACTURER: + // the vendor ID unique to each TPM manufacturer + *value = _plat__GetManufacturerCapabilityCode(); + break; + + case TPM_PT_VENDOR_STRING_1: + // the first four characters of the vendor ID string + *value = _plat__GetVendorCapabilityCode(1); + break; + + case TPM_PT_VENDOR_STRING_2: + // the second four characters of the vendor ID string + *value = _plat__GetVendorCapabilityCode(2); + break; + + case TPM_PT_VENDOR_STRING_3: + // the third four characters of the vendor ID string + *value = _plat__GetVendorCapabilityCode(3); + break; + + case TPM_PT_VENDOR_STRING_4: + // the fourth four characters of the vendor ID string + *value = _plat__GetVendorCapabilityCode(4); + break; + + case TPM_PT_VENDOR_TPM_TYPE: + // vendor-defined value indicating the TPM model + // We just make up a number here + *value = _plat__GetTpmType(); + break; + + case TPM_PT_FIRMWARE_VERSION_1: + // more significant 32-bits of a vendor-specific value + *value = gp.firmwareV1; + break; + case TPM_PT_FIRMWARE_VERSION_2: + // less significant 32-bits of a vendor-specific value + *value = gp.firmwareV2; + break; + case TPM_PT_INPUT_BUFFER: + // maximum size of TPM2B_MAX_BUFFER + *value = MAX_DIGEST_BUFFER; + break; + case TPM_PT_HR_TRANSIENT_MIN: + // minimum number of transient objects that can be held in TPM + // RAM + *value = MAX_LOADED_OBJECTS; + break; + case TPM_PT_HR_PERSISTENT_MIN: + // minimum number of persistent objects that can be held in + // TPM NV memory + // In this implementation, there is no minimum number of + // persistent objects. + *value = MIN_EVICT_OBJECTS; + break; + case TPM_PT_HR_LOADED_MIN: + // minimum number of authorization sessions that can be held in + // TPM RAM + *value = MAX_LOADED_SESSIONS; + break; + case TPM_PT_ACTIVE_SESSIONS_MAX: + // number of authorization sessions that may be active at a time + *value = MAX_ACTIVE_SESSIONS; + break; + case TPM_PT_PCR_COUNT: + // number of PCR implemented + *value = IMPLEMENTATION_PCR; + break; + case TPM_PT_PCR_SELECT_MIN: + // minimum number of bytes in a TPMS_PCR_SELECT.sizeOfSelect + *value = PCR_SELECT_MIN; + break; + case TPM_PT_CONTEXT_GAP_MAX: + // maximum allowed difference (unsigned) between the contextID + // values of two saved session contexts +#if 0 // libtpms added + *value = ((UINT32)1 << (sizeof(CONTEXT_SLOT) * 8)) - 1; +#endif // libtpms added + *value = s_ContextSlotMask; // libtpms added; the mask is either 0xff (old state) or 0xffff + break; + case TPM_PT_NV_COUNTERS_MAX: + // maximum number of NV indexes that are allowed to have the + // TPMA_NV_COUNTER attribute SET + // In this implementation, there is no limitation on the number + // of counters, except for the size of the NV Index memory. + *value = 0; + break; + case TPM_PT_NV_INDEX_MAX: + // maximum size of an NV index data area + *value = MAX_NV_INDEX_SIZE; + break; + case TPM_PT_MEMORY: + // a TPMA_MEMORY indicating the memory management method for the TPM + { + union + { + TPMA_MEMORY att; + UINT32 u32; + } attributes = {TPMA_ZERO_INITIALIZER()}; + SET_ATTRIBUTE(attributes.att, TPMA_MEMORY, sharedNV); + SET_ATTRIBUTE(attributes.att, TPMA_MEMORY, objectCopiedToRam); + + // Note: For a LSb0 machine, the bits in a bit field are in the correct + // order even if the machine is MSB0. For a MSb0 machine, a TPMA will + // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will + // be NO) so the bits are manipulate correctly. + *value = attributes.u32; + break; + } + case TPM_PT_CLOCK_UPDATE: + // interval, in seconds, between updates to the copy of + // TPMS_TIME_INFO .clock in NV + *value = (1 << NV_CLOCK_UPDATE_INTERVAL); + break; + case TPM_PT_CONTEXT_HASH: + // algorithm used for the integrity hash on saved contexts and + // for digesting the fuData of TPM2_FirmwareRead() + *value = CONTEXT_INTEGRITY_HASH_ALG; + break; + case TPM_PT_CONTEXT_SYM: + // algorithm used for encryption of saved contexts + *value = CONTEXT_ENCRYPT_ALG; + break; + case TPM_PT_CONTEXT_SYM_SIZE: + // size of the key used for encryption of saved contexts + *value = CONTEXT_ENCRYPT_KEY_BITS; + break; + case TPM_PT_ORDERLY_COUNT: + // maximum difference between the volatile and non-volatile + // versions of TPMA_NV_COUNTER that have TPMA_NV_ORDERLY SET + *value = MAX_ORDERLY_COUNT; + break; + case TPM_PT_MAX_COMMAND_SIZE: + // maximum value for 'commandSize' + *value = MAX_COMMAND_SIZE; + break; + case TPM_PT_MAX_RESPONSE_SIZE: + // maximum value for 'responseSize' + *value = MAX_RESPONSE_SIZE; + break; + case TPM_PT_MAX_DIGEST: + // maximum size of a digest that can be produced by the TPM + *value = sizeof(TPMU_HA); + break; + case TPM_PT_MAX_OBJECT_CONTEXT: +// Header has 'sequence', 'handle' and 'hierarchy' +#define SIZE_OF_CONTEXT_HEADER \ + sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + sizeof(TPMI_RH_HIERARCHY) #define SIZE_OF_CONTEXT_INTEGRITY (sizeof(UINT16) + CONTEXT_INTEGRITY_HASH_SIZE) -#define SIZE_OF_FINGERPRINT sizeof(UINT64) -#define SIZE_OF_CONTEXT_BLOB_OVERHEAD \ - (sizeof(UINT16) + SIZE_OF_CONTEXT_INTEGRITY + SIZE_OF_FINGERPRINT) -#define SIZE_OF_CONTEXT_OVERHEAD \ - (SIZE_OF_CONTEXT_HEADER + SIZE_OF_CONTEXT_BLOB_OVERHEAD) +#define SIZE_OF_FINGERPRINT sizeof(UINT64) +#define SIZE_OF_CONTEXT_BLOB_OVERHEAD \ + (sizeof(UINT16) + SIZE_OF_CONTEXT_INTEGRITY + SIZE_OF_FINGERPRINT) +#define SIZE_OF_CONTEXT_OVERHEAD \ + (SIZE_OF_CONTEXT_HEADER + SIZE_OF_CONTEXT_BLOB_OVERHEAD) #if 0 - // maximum size of a TPMS_CONTEXT that will be returned by - // TPM2_ContextSave for object context - *value = 0; - // adding sequence, saved handle and hierarchy - *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + - sizeof(TPMI_RH_HIERARCHY); - // add size field in TPM2B_CONTEXT - *value += sizeof(UINT16); - // add integrity hash size - *value += sizeof(UINT16) + - CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); - // Add fingerprint size, which is the same as sequence size - *value += sizeof(UINT64); - // Add OBJECT structure size - *value += sizeof(OBJECT); + // maximum size of a TPMS_CONTEXT that will be returned by + // TPM2_ContextSave for object context + *value = 0; + // adding sequence, saved handle and hierarchy + *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + + sizeof(TPMI_RH_HIERARCHY); + // add size field in TPM2B_CONTEXT + *value += sizeof(UINT16); + // add integrity hash size + *value += sizeof(UINT16) + + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); + // Add fingerprint size, which is the same as sequence size + *value += sizeof(UINT64); + // Add OBJECT structure size + *value += sizeof(OBJECT); #else - // the maximum size of a TPMS_CONTEXT that will be returned by - // TPM2_ContextSave for object context - *value = SIZE_OF_CONTEXT_OVERHEAD + sizeof(OBJECT); + // the maximum size of a TPMS_CONTEXT that will be returned by + // TPM2_ContextSave for object context + *value = SIZE_OF_CONTEXT_OVERHEAD + sizeof(OBJECT); #endif - break; - case TPM_PT_MAX_SESSION_CONTEXT: + break; + case TPM_PT_MAX_SESSION_CONTEXT: #if 0 - // the maximum size of a TPMS_CONTEXT that will be returned by - // TPM2_ContextSave for object context - *value = 0; - // adding sequence, saved handle and hierarchy - *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + - sizeof(TPMI_RH_HIERARCHY); - // Add size field in TPM2B_CONTEXT - *value += sizeof(UINT16); - // Add integrity hash size - *value += sizeof(UINT16) + - CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); - // Add fingerprint size, which is the same as sequence size - *value += sizeof(UINT64); - // Add SESSION structure size - *value += sizeof(SESSION); + + // the maximum size of a TPMS_CONTEXT that will be returned by + // TPM2_ContextSave for object context + *value = 0; + // adding sequence, saved handle and hierarchy + *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + + sizeof(TPMI_RH_HIERARCHY); + // Add size field in TPM2B_CONTEXT + *value += sizeof(UINT16); +// Add integrity hash size + *value += sizeof(UINT16) + + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); + // Add fingerprint size, which is the same as sequence size + *value += sizeof(UINT64); + // Add SESSION structure size + *value += sizeof(SESSION); #else - // the maximum size of a TPMS_CONTEXT that will be returned by - // TPM2_ContextSave for object context - *value = SIZE_OF_CONTEXT_OVERHEAD + sizeof(SESSION); + // the maximum size of a TPMS_CONTEXT that will be returned by + // TPM2_ContextSave for object context + *value = SIZE_OF_CONTEXT_OVERHEAD + sizeof(SESSION); #endif - break; - case TPM_PT_PS_FAMILY_INDICATOR: - // platform specific values for the TPM_PT_PS parameters from - // the relevant platform-specific specification - // In this reference implementation, all of these values are 0. - *value = PLATFORM_FAMILY; - break; - case TPM_PT_PS_LEVEL: - // level of the platform-specific specification - *value = PLATFORM_LEVEL; - break; - case TPM_PT_PS_REVISION: - // specification Revision times 100 for the platform-specific - // specification - *value = PLATFORM_VERSION; - break; - case TPM_PT_PS_DAY_OF_YEAR: - // platform-specific specification day of year using TCG calendar - *value = PLATFORM_DAY_OF_YEAR; - break; - case TPM_PT_PS_YEAR: - // platform-specific specification year using the CE - *value = PLATFORM_YEAR; - break; - case TPM_PT_SPLIT_MAX: - // number of split signing operations supported by the TPM - *value = 0; + break; + case TPM_PT_PS_FAMILY_INDICATOR: + // platform specific values for the TPM_PT_PS parameters from + // the relevant platform-specific specification + // In this reference implementation, all of these values are 0. + *value = PLATFORM_FAMILY; + break; + case TPM_PT_PS_LEVEL: + // level of the platform-specific specification + *value = PLATFORM_LEVEL; + break; + case TPM_PT_PS_REVISION: + // specification Revision times 100 for the platform-specific + // specification + *value = PLATFORM_VERSION; + break; + case TPM_PT_PS_DAY_OF_YEAR: + // platform-specific specification day of year using TCG calendar + *value = PLATFORM_DAY_OF_YEAR; + break; + case TPM_PT_PS_YEAR: + // platform-specific specification year using the CE + *value = PLATFORM_YEAR; + break; + case TPM_PT_SPLIT_MAX: + // number of split signing operations supported by the TPM + *value = 0; #if ALG_ECC - *value = sizeof(gr.commitArray) * 8; + *value = sizeof(gr.commitArray) * 8; #endif - break; - case TPM_PT_TOTAL_COMMANDS: - // total number of commands implemented in the TPM - // Since the reference implementation does not have any - // vendor-defined commands, this will be the same as the - // number of library commands. - { + break; + case TPM_PT_TOTAL_COMMANDS: + // total number of commands implemented in the TPM + // Since the reference implementation does not have any + // vendor-defined commands, this will be the same as the + // number of library commands. + { #if COMPRESSED_LISTS - (*value) = RuntimeCommandsCountEnabled(&g_RuntimeProfile.RuntimeCommands); // libtpms changed: was COMMAND_COUNT + (*value) = RuntimeCommandsCountEnabled(&g_RuntimeProfile.RuntimeCommands); // libtpms changed: was COMMAND_COUNT #else - COMMAND_INDEX commandIndex; - *value = 0; - // scan all implemented commands - for(commandIndex = GetClosestCommandIndex(0); - commandIndex != UNIMPLEMENTED_COMMAND_INDEX; - commandIndex = GetNextCommandIndex(commandIndex)) - { - (*value)++; // count of all implemented - } + COMMAND_INDEX commandIndex; + *value = 0; + + // scan all implemented commands + for(commandIndex = GetClosestCommandIndex(0); + commandIndex != UNIMPLEMENTED_COMMAND_INDEX; + commandIndex = GetNextCommandIndex(commandIndex)) + { + (*value)++; // count of all implemented + } #endif - break; - } - case TPM_PT_LIBRARY_COMMANDS: - // number of commands from the TPM library that are implemented - { + break; + } + case TPM_PT_LIBRARY_COMMANDS: + // number of commands from the TPM library that are implemented + { #if COMPRESSED_LISTS - *value = RuntimeCommandsCountEnabled(&g_RuntimeProfile.RuntimeCommands); // libtpms changed: was LIBRARY_COMMAND_ARRAY_SIZE + *value = RuntimeCommandsCountEnabled(&g_RuntimeProfile.RuntimeCommands); // libtpms changed: was LIBRARY_COMMAND_ARRAY_SIZE #else - COMMAND_INDEX commandIndex; - *value = 0; - // scan all implemented commands - for(commandIndex = GetClosestCommandIndex(0); - commandIndex < LIBRARY_COMMAND_ARRAY_SIZE; - commandIndex = GetNextCommandIndex(commandIndex)) - { - (*value)++; - } + COMMAND_INDEX commandIndex; + *value = 0; + + // scan all implemented commands + for(commandIndex = GetClosestCommandIndex(0); + commandIndex < LIBRARY_COMMAND_ARRAY_SIZE; + commandIndex = GetNextCommandIndex(commandIndex)) + { + (*value)++; + } #endif - break; - } - case TPM_PT_VENDOR_COMMANDS: - // number of vendor commands that are implemented - *value = VENDOR_COMMAND_ARRAY_SIZE; - break; - case TPM_PT_NV_BUFFER_MAX: - // Maximum data size in an NV write command - *value = MAX_NV_BUFFER_SIZE; - break; - case TPM_PT_MODES: + break; + } + case TPM_PT_VENDOR_COMMANDS: + // number of vendor commands that are implemented + *value = VENDOR_COMMAND_ARRAY_SIZE; + break; + case TPM_PT_NV_BUFFER_MAX: + // Maximum data size in an NV write command + *value = MAX_NV_BUFFER_SIZE; + break; + case TPM_PT_MODES: #if FIPS_COMPLIANT - *value = 1; + *value = 1; #else - *value = 0; + *value = 0; #endif - break; - case TPM_PT_MAX_CAP_BUFFER: - *value = MAX_CAP_BUFFER; - break; - // Start of variable commands - case TPM_PT_PERMANENT: - // TPMA_PERMANENT - { - union { - TPMA_PERMANENT attr; - UINT32 u32; - } flags = { TPMA_ZERO_INITIALIZER() }; - if(gp.ownerAuth.t.size != 0) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, ownerAuthSet); - if(gp.endorsementAuth.t.size != 0) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, endorsementAuthSet); - if(gp.lockoutAuth.t.size != 0) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, lockoutAuthSet); - if(gp.disableClear) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, disableClear); - if(gp.failedTries >= gp.maxTries) - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, inLockout); - // In this implementation, EPS is always generated by TPM - SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, tpmGeneratedEPS); - // Note: For a LSb0 machine, the bits in a bit field are in the correct - // order even if the machine is MSB0. For a MSb0 machine, a TPMA will - // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will - // be NO ) so the bits are manipulate correctly. - *value = flags.u32; - break; - } - case TPM_PT_STARTUP_CLEAR: - // TPMA_STARTUP_CLEAR - { - union { - TPMA_STARTUP_CLEAR attr; - UINT32 u32; - } flags = { TPMA_ZERO_INITIALIZER() }; - // - if(g_phEnable) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, phEnable); - if(gc.shEnable) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, shEnable); - if(gc.ehEnable) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, ehEnable); - if(gc.phEnableNV) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, phEnableNV); - if(g_prevOrderlyState != SU_NONE_VALUE) - SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, orderly); - // Note: For a LSb0 machine, the bits in a bit field are in the correct - // order even if the machine is MSB0. For a MSb0 machine, a TPMA will - // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will - // be NO) so the bits are manipulate correctly. - *value = flags.u32; - break; - } - case TPM_PT_HR_NV_INDEX: - // number of NV indexes currently defined - *value = NvCapGetIndexNumber(); - break; - case TPM_PT_HR_LOADED: - // number of authorization sessions currently loaded into TPM - // RAM - *value = SessionCapGetLoadedNumber(); - break; - case TPM_PT_HR_LOADED_AVAIL: - // number of additional authorization sessions, of any type, - // that could be loaded into TPM RAM - *value = SessionCapGetLoadedAvail(); - break; - case TPM_PT_HR_ACTIVE: - // number of active authorization sessions currently being - // tracked by the TPM - *value = SessionCapGetActiveNumber(); - break; - case TPM_PT_HR_ACTIVE_AVAIL: - // number of additional authorization sessions, of any type, - // that could be created - *value = SessionCapGetActiveAvail(); - break; - case TPM_PT_HR_TRANSIENT_AVAIL: - // estimate of the number of additional transient objects that - // could be loaded into TPM RAM - *value = ObjectCapGetTransientAvail(); - break; - case TPM_PT_HR_PERSISTENT: - // number of persistent objects currently loaded into TPM - // NV memory - *value = NvCapGetPersistentNumber(); - break; - case TPM_PT_HR_PERSISTENT_AVAIL: - // number of additional persistent objects that could be loaded - // into NV memory - *value = NvCapGetPersistentAvail(); - break; - case TPM_PT_NV_COUNTERS: - // number of defined NV indexes that have NV TPMA_NV_COUNTER - // attribute SET - *value = NvCapGetCounterNumber(); - break; - case TPM_PT_NV_COUNTERS_AVAIL: - // number of additional NV indexes that can be defined with their - // TPMA_NV_COUNTER attribute SET - *value = NvCapGetCounterAvail(); - break; - case TPM_PT_ALGORITHM_SET: - // region code for the TPM - *value = gp.algorithmSet; - break; - case TPM_PT_LOADED_CURVES: + break; + case TPM_PT_MAX_CAP_BUFFER: + *value = MAX_CAP_BUFFER; + break; + + // Start of variable commands + case TPM_PT_PERMANENT: + // TPMA_PERMANENT + { + union + { + TPMA_PERMANENT attr; + UINT32 u32; + } flags = {TPMA_ZERO_INITIALIZER()}; + if(gp.ownerAuth.t.size != 0) + SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, ownerAuthSet); + if(gp.endorsementAuth.t.size != 0) + SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, endorsementAuthSet); + if(gp.lockoutAuth.t.size != 0) + SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, lockoutAuthSet); + if(gp.disableClear) + SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, disableClear); + if(gp.failedTries >= gp.maxTries) + SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, inLockout); + // In this implementation, EPS is always generated by TPM + SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, tpmGeneratedEPS); + + // Note: For a LSb0 machine, the bits in a bit field are in the correct + // order even if the machine is MSB0. For a MSb0 machine, a TPMA will + // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will + // be NO) so the bits are manipulate correctly. + *value = flags.u32; + break; + } + case TPM_PT_STARTUP_CLEAR: + // TPMA_STARTUP_CLEAR + { + union + { + TPMA_STARTUP_CLEAR attr; + UINT32 u32; + } flags = {TPMA_ZERO_INITIALIZER()}; + // + if(g_phEnable) + SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, phEnable); + if(gc.shEnable) + SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, shEnable); + if(gc.ehEnable) + SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, ehEnable); + if(gc.phEnableNV) + SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, phEnableNV); + if(g_prevOrderlyState != SU_NONE_VALUE) + SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, orderly); + + // Note: For a LSb0 machine, the bits in a bit field are in the correct + // order even if the machine is MSB0. For a MSb0 machine, a TPMA will + // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will + // be NO) so the bits are manipulate correctly. + *value = flags.u32; + break; + } + case TPM_PT_HR_NV_INDEX: + // number of NV indexes currently defined + *value = NvCapGetIndexNumber(); + break; + case TPM_PT_HR_LOADED: + // number of authorization sessions currently loaded into TPM + // RAM + *value = SessionCapGetLoadedNumber(); + break; + case TPM_PT_HR_LOADED_AVAIL: + // number of additional authorization sessions, of any type, + // that could be loaded into TPM RAM + *value = SessionCapGetLoadedAvail(); + break; + case TPM_PT_HR_ACTIVE: + // number of active authorization sessions currently being + // tracked by the TPM + *value = SessionCapGetActiveNumber(); + break; + case TPM_PT_HR_ACTIVE_AVAIL: + // number of additional authorization sessions, of any type, + // that could be created + *value = SessionCapGetActiveAvail(); + break; + case TPM_PT_HR_TRANSIENT_AVAIL: + // estimate of the number of additional transient objects that + // could be loaded into TPM RAM + *value = ObjectCapGetTransientAvail(); + break; + case TPM_PT_HR_PERSISTENT: + // number of persistent objects currently loaded into TPM + // NV memory + *value = NvCapGetPersistentNumber(); + break; + case TPM_PT_HR_PERSISTENT_AVAIL: + // number of additional persistent objects that could be loaded + // into NV memory + *value = NvCapGetPersistentAvail(); + break; + case TPM_PT_NV_COUNTERS: + // number of defined NV indexes that have NV TPMA_NV_COUNTER + // attribute SET + *value = NvCapGetCounterNumber(); + break; + case TPM_PT_NV_COUNTERS_AVAIL: + // number of additional NV indexes that can be defined with their + // TPMA_NV_COUNTER attribute SET + *value = NvCapGetCounterAvail(); + break; + case TPM_PT_ALGORITHM_SET: + // region code for the TPM + *value = gp.algorithmSet; + break; + case TPM_PT_LOADED_CURVES: #if ALG_ECC - // number of loaded ECC curves - *value = ECC_CURVE_COUNT; -#else // ALG_ECC - *value = 0; -#endif // ALG_ECC - break; - case TPM_PT_LOCKOUT_COUNTER: - // current value of the lockout counter - *value = gp.failedTries; - break; - case TPM_PT_MAX_AUTH_FAIL: - // number of authorization failures before DA lockout is invoked - *value = gp.maxTries; - break; - case TPM_PT_LOCKOUT_INTERVAL: - // number of seconds before the value reported by - // TPM_PT_LOCKOUT_COUNTER is decremented - *value = gp.recoveryTime; - break; - case TPM_PT_LOCKOUT_RECOVERY: - // number of seconds after a lockoutAuth failure before use of - // lockoutAuth may be attempted again - *value = gp.lockoutRecovery; - break; - case TPM_PT_NV_WRITE_RECOVERY: - // number of milliseconds before the TPM will accept another command - // that will modify NV. - // This should make a call to the platform code that is doing rate - // limiting of NV. Rate limiting is not implemented in the reference - // code so no call is made. - *value = 0; - break; - case TPM_PT_AUDIT_COUNTER_0: - // high-order 32 bits of the command audit counter - *value = (UINT32)(gp.auditCounter >> 32); - break; - case TPM_PT_AUDIT_COUNTER_1: - // low-order 32 bits of the command audit counter - *value = (UINT32)(gp.auditCounter); - break; - default: - // property is not defined - return FALSE; - break; - } + // number of loaded ECC curves + *value = ECC_CURVE_COUNT; +#else // ALG_ECC + *value = 0; +#endif // ALG_ECC + break; + case TPM_PT_LOCKOUT_COUNTER: + // current value of the lockout counter + *value = gp.failedTries; + break; + case TPM_PT_MAX_AUTH_FAIL: + // number of authorization failures before DA lockout is invoked + *value = gp.maxTries; + break; + case TPM_PT_LOCKOUT_INTERVAL: + // number of seconds before the value reported by + // TPM_PT_LOCKOUT_COUNTER is decremented + *value = gp.recoveryTime; + break; + case TPM_PT_LOCKOUT_RECOVERY: + // number of seconds after a lockoutAuth failure before use of + // lockoutAuth may be attempted again + *value = gp.lockoutRecovery; + break; + case TPM_PT_NV_WRITE_RECOVERY: + // number of milliseconds before the TPM will accept another command + // that will modify NV. + // This should make a call to the platform code that is doing rate + // limiting of NV. Rate limiting is not implemented in the reference + // code so no call is made. + *value = 0; + break; + case TPM_PT_AUDIT_COUNTER_0: + // high-order 32 bits of the command audit counter + *value = (UINT32)(gp.auditCounter >> 32); + break; + case TPM_PT_AUDIT_COUNTER_1: + // low-order 32 bits of the command audit counter + *value = (UINT32)(gp.auditCounter); + break; + default: + // property is not defined + return FALSE; + break; + } return TRUE; } -/* 9.14.3.2 TPMCapGetProperties() */ -/* This function is used to get the TPM_PT values. The search of properties will start at property - and continue until propertyList has as many values as will fit, or the last property has been - reported, or the list has as many values as requested in count. */ -/* Return Values Meaning */ -/* YES more properties are available */ -/* NO no more properties to be reported */ + +//*** TPMCapGetProperties() +// This function is used to get the TPM_PT values. The search of properties will +// start at 'property' and continue until 'propertyList' has as many values as +// will fit, or the last property has been reported, or the list has as many +// values as requested in 'count'. +// Return Type: TPMI_YES_NO +// YES more properties are available +// NO no more properties to be reported TPMI_YES_NO -TPMCapGetProperties( - TPM_PT property, // IN: the starting TPM property - UINT32 count, // IN: maximum number of returned - // properties - TPML_TAGGED_TPM_PROPERTY *propertyList // OUT: property list - ) +TPMCapGetProperties(TPM_PT property, // IN: the starting TPM property + UINT32 count, // IN: maximum number of returned + // properties + TPML_TAGGED_TPM_PROPERTY* propertyList // OUT: property list +) { - TPMI_YES_NO more = NO; - UINT32 i; - UINT32 nextGroup; + TPMI_YES_NO more = NO; + UINT32 i; + UINT32 nextGroup; + // initialize output property list propertyList->count = 0; + // maximum count of properties we may return is MAX_PCR_PROPERTIES - if(count > MAX_TPM_PROPERTIES) count = MAX_TPM_PROPERTIES; + if(count > MAX_TPM_PROPERTIES) + count = MAX_TPM_PROPERTIES; + // if property is less than PT_FIXED, start from PT_FIXED if(property < PT_FIXED) - property = PT_FIXED; + property = PT_FIXED; // There is only the fixed and variable groups with the variable group coming // last if(property >= (PT_VAR + PT_GROUP)) - return more; + return more; + // Don't read past the end of the selected group nextGroup = ((property / PT_GROUP) * PT_GROUP) + PT_GROUP; + // Scan through the TPM properties of the requested group. for(i = property; i < nextGroup; i++) - { - UINT32 value; - // if we have hit the end of the group, quit - if(i != property && ((i % PT_GROUP) == 0)) - break; - if(TPMPropertyIsDefined((TPM_PT)i, &value)) - { - if(propertyList->count < count) - { - // If the list is not full, add this property - propertyList->tpmProperty[propertyList->count].property = - (TPM_PT)i; - propertyList->tpmProperty[propertyList->count].value = value; - propertyList->count++; - } - else - { - // If the return list is full but there are more properties - // available, set the indication and exit the loop. - more = YES; - break; - } - } - } + { + UINT32 value; + // if we have hit the end of the group, quit + if(i != property && ((i % PT_GROUP) == 0)) + break; + if(TPMPropertyIsDefined((TPM_PT)i, &value)) + { + if(propertyList->count < count) + { + // If the list is not full, add this property + propertyList->tpmProperty[propertyList->count].property = (TPM_PT)i; + propertyList->tpmProperty[propertyList->count].value = value; + propertyList->count++; + } + else + { + // If the return list is full but there are more properties + // available, set the indication and exit the loop. + more = YES; + break; + } + } + } return more; } //*** TPMCapGetOneProperty() // This function returns a single TPM property, if present. BOOL TPMCapGetOneProperty(TPM_PT pt, // IN: the TPM property - TPMS_TAGGED_PROPERTY* property // OUT: tagged property - ) + TPMS_TAGGED_PROPERTY* property // OUT: tagged property +) { UINT32 value; if(TPMPropertyIsDefined((TPM_PT)pt, &value)) - { - property->property = (TPM_PT)pt; - property->value = value; - return TRUE; - } + { + property->property = (TPM_PT)pt; + property->value = value; + return TRUE; + } return FALSE; } diff --git a/src/tpm2/PropertyCap_fp.h b/src/tpm2/PropertyCap_fp.h index fec3583d..7a012f6c 100644 --- a/src/tpm2/PropertyCap_fp.h +++ b/src/tpm2/PropertyCap_fp.h @@ -58,19 +58,33 @@ /* */ /********************************************************************************/ -#ifndef PROPERTYCAP_FP_H -#define PROPERTYCAP_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ +#ifndef _PROPERTY_CAP_FP_H_ +#define _PROPERTY_CAP_FP_H_ + +//*** TPMCapGetProperties() +// This function is used to get the TPM_PT values. The search of properties will +// start at 'property' and continue until 'propertyList' has as many values as +// will fit, or the last property has been reported, or the list has as many +// values as requested in 'count'. +// Return Type: TPMI_YES_NO +// YES more properties are available +// NO no more properties to be reported TPMI_YES_NO -TPMCapGetProperties( - TPM_PT property, // IN: the starting TPM property - UINT32 count, // IN: maximum number of returned - // properties - TPML_TAGGED_TPM_PROPERTY *propertyList // OUT: property list - ); +TPMCapGetProperties(TPM_PT property, // IN: the starting TPM property + UINT32 count, // IN: maximum number of returned + // properties + TPML_TAGGED_TPM_PROPERTY* propertyList // OUT: property list +); + +//*** TPMCapGetOneProperty() +// This function returns a single TPM property, if present. BOOL TPMCapGetOneProperty(TPM_PT pt, // IN: the TPM property - TPMS_TAGGED_PROPERTY* property // OUT: tagged property - ); + TPMS_TAGGED_PROPERTY* property // OUT: tagged property +); - -#endif +#endif // _PROPERTY_CAP_FP_H_ diff --git a/src/tpm2/Quote_fp.h b/src/tpm2/Quote_fp.h index b347f2fa..991a529d 100644 --- a/src/tpm2/Quote_fp.h +++ b/src/tpm2/Quote_fp.h @@ -59,33 +59,39 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef QUOTE_FP_H -#define QUOTE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT signHandle; - TPM2B_DATA qualifyingData; - TPMT_SIG_SCHEME inScheme; - TPML_PCR_SELECTION PCRselect; +#if CC_Quote // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_QUOTE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_QUOTE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT signHandle; + TPM2B_DATA qualifyingData; + TPMT_SIG_SCHEME inScheme; + TPML_PCR_SELECTION PCRselect; } Quote_In; -#define RC_Quote_signHandle (TPM_RC_H + TPM_RC_1) -#define RC_Quote_qualifyingData (TPM_RC_P + TPM_RC_1) -#define RC_Quote_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_Quote_PCRselect (TPM_RC_P + TPM_RC_3) - -typedef struct { - TPM2B_ATTEST quoted; - TPMT_SIGNATURE signature; +// Output structure definition +typedef struct +{ + TPM2B_ATTEST quoted; + TPMT_SIGNATURE signature; } Quote_Out; +// Response code modifiers +# define RC_Quote_signHandle (TPM_RC_H + TPM_RC_1) +# define RC_Quote_qualifyingData (TPM_RC_P + TPM_RC_1) +# define RC_Quote_inScheme (TPM_RC_P + TPM_RC_2) +# define RC_Quote_PCRselect (TPM_RC_P + TPM_RC_3) + +// Function prototype TPM_RC -TPM2_Quote( - Quote_In *in, // IN: input parameter list - Quote_Out *out // OUT: output parameter list - ); +TPM2_Quote(Quote_In* in, Quote_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_QUOTE_FP_H_ +#endif // CC_Quote diff --git a/src/tpm2/RSA_Decrypt_fp.h b/src/tpm2/RSA_Decrypt_fp.h index 1f583956..52bd5b7e 100644 --- a/src/tpm2/RSA_Decrypt_fp.h +++ b/src/tpm2/RSA_Decrypt_fp.h @@ -59,32 +59,38 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef RSA_DECRYPT_FP_H -#define RSA_DECRYPT_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_PUBLIC_KEY_RSA cipherText; - TPMT_RSA_DECRYPT inScheme; - TPM2B_DATA label; +#if CC_RSA_Decrypt // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_RSA_DECRYPT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_RSA_DECRYPT_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT keyHandle; + TPM2B_PUBLIC_KEY_RSA cipherText; + TPMT_RSA_DECRYPT inScheme; + TPM2B_DATA label; } RSA_Decrypt_In; -#define RC_RSA_Decrypt_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_RSA_Decrypt_cipherText (TPM_RC_P + TPM_RC_1) -#define RC_RSA_Decrypt_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_RSA_Decrypt_label (TPM_RC_P + TPM_RC_3) - -typedef struct { - TPM2B_PUBLIC_KEY_RSA message; +// Output structure definition +typedef struct +{ + TPM2B_PUBLIC_KEY_RSA message; } RSA_Decrypt_Out; +// Response code modifiers +# define RC_RSA_Decrypt_keyHandle (TPM_RC_H + TPM_RC_1) +# define RC_RSA_Decrypt_cipherText (TPM_RC_P + TPM_RC_1) +# define RC_RSA_Decrypt_inScheme (TPM_RC_P + TPM_RC_2) +# define RC_RSA_Decrypt_label (TPM_RC_P + TPM_RC_3) + +// Function prototype TPM_RC -TPM2_RSA_Decrypt( - RSA_Decrypt_In *in, // IN: input parameter list - RSA_Decrypt_Out *out // OUT: output parameter list - ); +TPM2_RSA_Decrypt(RSA_Decrypt_In* in, RSA_Decrypt_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_RSA_DECRYPT_FP_H_ +#endif // CC_RSA_Decrypt diff --git a/src/tpm2/RSA_Encrypt_fp.h b/src/tpm2/RSA_Encrypt_fp.h index a1f03737..ace0c11c 100644 --- a/src/tpm2/RSA_Encrypt_fp.h +++ b/src/tpm2/RSA_Encrypt_fp.h @@ -59,31 +59,38 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef RSA_ENCRYPT_FP_H -#define RSA_ENCRYPT_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_PUBLIC_KEY_RSA message; - TPMT_RSA_DECRYPT inScheme; - TPM2B_DATA label; +#if CC_RSA_Encrypt // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_RSA_ENCRYPT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_RSA_ENCRYPT_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT keyHandle; + TPM2B_PUBLIC_KEY_RSA message; + TPMT_RSA_DECRYPT inScheme; + TPM2B_DATA label; } RSA_Encrypt_In; -#define RC_RSA_Encrypt_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_RSA_Encrypt_message (TPM_RC_P + TPM_RC_1) -#define RC_RSA_Encrypt_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_RSA_Encrypt_label (TPM_RC_P + TPM_RC_3) - -typedef struct { - TPM2B_PUBLIC_KEY_RSA outData; +// Output structure definition +typedef struct +{ + TPM2B_PUBLIC_KEY_RSA outData; } RSA_Encrypt_Out; -TPM_RC -TPM2_RSA_Encrypt( - RSA_Encrypt_In *in, // IN: input parameter list - RSA_Encrypt_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_RSA_Encrypt_keyHandle (TPM_RC_H + TPM_RC_1) +# define RC_RSA_Encrypt_message (TPM_RC_P + TPM_RC_1) +# define RC_RSA_Encrypt_inScheme (TPM_RC_P + TPM_RC_2) +# define RC_RSA_Encrypt_label (TPM_RC_P + TPM_RC_3) -#endif +// Function prototype +TPM_RC +TPM2_RSA_Encrypt(RSA_Encrypt_In* in, RSA_Encrypt_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_RSA_ENCRYPT_FP_H_ +#endif // CC_RSA_Encrypt diff --git a/src/tpm2/ReadClock_fp.h b/src/tpm2/ReadClock_fp.h index 3d01b54b..a6c6f0af 100644 --- a/src/tpm2/ReadClock_fp.h +++ b/src/tpm2/ReadClock_fp.h @@ -59,19 +59,23 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef READCLOCK_FP_H -#define READCLOCK_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMS_TIME_INFO currentTime; +#if CC_ReadClock // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_READCLOCK_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_READCLOCK_FP_H_ + +// Output structure definition +typedef struct +{ + TPMS_TIME_INFO currentTime; } ReadClock_Out; +// Function prototype TPM_RC -TPM2_ReadClock( - ReadClock_Out *out // OUT: output parameter list - ); +TPM2_ReadClock(ReadClock_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_READCLOCK_FP_H_ +#endif // CC_ReadClock diff --git a/src/tpm2/ReadPublic_fp.h b/src/tpm2/ReadPublic_fp.h index 1365f87b..4b95ebdf 100644 --- a/src/tpm2/ReadPublic_fp.h +++ b/src/tpm2/ReadPublic_fp.h @@ -59,26 +59,34 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef READPUBLIC_FP_H -#define READPUBLIC_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT objectHandle; +#if CC_ReadPublic // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_READPUBLIC_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_READPUBLIC_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT objectHandle; } ReadPublic_In; -#define RC_ReadPublic_objectHandle (TPM_RC_H + TPM_RC_1) - -typedef struct { - TPM2B_PUBLIC outPublic; - TPM2B_NAME name; - TPM2B_NAME qualifiedName; +// Output structure definition +typedef struct +{ + TPM2B_PUBLIC outPublic; + TPM2B_NAME name; + TPM2B_NAME qualifiedName; } ReadPublic_Out; +// Response code modifiers +# define RC_ReadPublic_objectHandle (TPM_RC_H + TPM_RC_1) + +// Function prototype TPM_RC -TPM2_ReadPublic( - ReadPublic_In *in, // IN: input parameter list - ReadPublic_Out *out // OUT: output parameter list - ); -#endif +TPM2_ReadPublic(ReadPublic_In* in, ReadPublic_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_READPUBLIC_FP_H_ +#endif // CC_ReadPublic diff --git a/src/tpm2/Response.c b/src/tpm2/Response.c index 40d62ce6..a7f67ba4 100644 --- a/src/tpm2/Response.c +++ b/src/tpm2/Response.c @@ -59,47 +59,49 @@ /* */ /********************************************************************************/ -/* 9.15 Response.c */ -/* 9.15.1 Description */ -/* This file contains the common code for building a response header, including setting the size of - the structure. command may be NULL if result is not TPM_RC_SUCCESS. */ -/* 9.15.2 Includes and Defines */ +//** Description +// This file contains the common code for building a response header, including +// setting the size of the structure. 'command' may be NULL if result is +// not TPM_RC_SUCCESS. + +//** Includes and Defines #include "Tpm.h" -/* 9.15.3 BuildResponseHeader() */ -/* Adds the response header to the response. It will update command->parameterSize to indicate the - total size of the response. */ -void -BuildResponseHeader( - COMMAND *command, // IN: main control structure - BYTE *buffer, // OUT: the output buffer - TPM_RC result // IN: the response code - ) +#include "Marshal.h" + +//** BuildResponseHeader() +// Adds the response header to the response. It will update command->parameterSize +// to indicate the total size of the response. +void BuildResponseHeader(COMMAND* command, // IN: main control structure + BYTE* buffer, // OUT: the output buffer + TPM_RC result // IN: the response code +) { - TPM_ST tag; - UINT32 size; + TPM_ST tag; + UINT32 size; + if(result != TPM_RC_SUCCESS) - { - tag = TPM_ST_NO_SESSIONS; - size = 10; - } + { + tag = TPM_ST_NO_SESSIONS; + size = 10; + } else - { - tag = command->tag; - // Compute the overall size of the response - size = STD_RESPONSE_HEADER + command->handleNum * sizeof(TPM_HANDLE); - size += command->parameterSize; - size += (command->tag == TPM_ST_SESSIONS) ? - command->authSize + sizeof(UINT32) : 0; - } + { + tag = command->tag; + // Compute the overall size of the response + size = STD_RESPONSE_HEADER + command->handleNum * sizeof(TPM_HANDLE); + size += command->parameterSize; + size += (command->tag == TPM_ST_SESSIONS) ? command->authSize + sizeof(UINT32) + : 0; + } TPM_ST_Marshal(&tag, &buffer, NULL); UINT32_Marshal(&size, &buffer, NULL); TPM_RC_Marshal(&result, &buffer, NULL); if(result == TPM_RC_SUCCESS) - { - if(command->handleNum > 0) - TPM_HANDLE_Marshal(&command->handles[0], &buffer, NULL); - if(tag == TPM_ST_SESSIONS) - UINT32_Marshal((UINT32 *)&command->parameterSize, &buffer, NULL); - } + { + if(command->handleNum > 0) + TPM_HANDLE_Marshal(&command->handles[0], &buffer, NULL); + if(tag == TPM_ST_SESSIONS) + UINT32_Marshal((UINT32*)&command->parameterSize, &buffer, NULL); + } command->parameterSize = size; } diff --git a/src/tpm2/ResponseCodeProcessing.c b/src/tpm2/ResponseCodeProcessing.c index 3fa00efe..c8a70405 100644 --- a/src/tpm2/ResponseCodeProcessing.c +++ b/src/tpm2/ResponseCodeProcessing.c @@ -59,23 +59,21 @@ /* */ /********************************************************************************/ -/* 9.16 ResponseCodeProcessing.c */ -/* 9.16.1 Description */ -/* This file contains the miscellaneous functions for processing response codes. */ -/* NOTE: Currently, there is only one. */ -/* 9.16.2 Includes and Defines */ +//** Description +// This file contains the miscellaneous functions for processing response codes. +// NOTE: Currently, there is only one. + +//** Includes and Defines #include "Tpm.h" -/* 9.16.3 RcSafeAddToResult() */ -/* Adds a modifier to a response code as long as the response code allows a modifier and no modifier - has already been added. */ + +//** RcSafeAddToResult() +// Adds a modifier to a response code as long as the response code allows a modifier +// and no modifier has already been added. TPM_RC -RcSafeAddToResult( - TPM_RC responseCode, - TPM_RC modifier - ) +RcSafeAddToResult(TPM_RC responseCode, TPM_RC modifier) { if((responseCode & RC_FMT1) && !(responseCode & 0xf40)) - return responseCode + modifier; + return responseCode + modifier; else - return responseCode; + return responseCode; } diff --git a/src/tpm2/ResponseCodeProcessing_fp.h b/src/tpm2/ResponseCodeProcessing_fp.h index da50c52f..1f97c20b 100644 --- a/src/tpm2/ResponseCodeProcessing_fp.h +++ b/src/tpm2/ResponseCodeProcessing_fp.h @@ -59,13 +59,18 @@ /* */ /********************************************************************************/ -#ifndef RESPONSECODEPROCESSING_FP_H -#define RESPONSECODEPROCESSING_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ +#ifndef _RESPONSE_CODE_PROCESSING_FP_H_ +#define _RESPONSE_CODE_PROCESSING_FP_H_ + +//** RcSafeAddToResult() +// Adds a modifier to a response code as long as the response code allows a modifier +// and no modifier has already been added. TPM_RC -RcSafeAddToResult( - TPM_RC responseCode, - TPM_RC modifier - ); +RcSafeAddToResult(TPM_RC responseCode, TPM_RC modifier); -#endif +#endif // _RESPONSE_CODE_PROCESSING_FP_H_ diff --git a/src/tpm2/Response_fp.h b/src/tpm2/Response_fp.h index 54605317..77e75a79 100644 --- a/src/tpm2/Response_fp.h +++ b/src/tpm2/Response_fp.h @@ -59,15 +59,20 @@ /* */ /********************************************************************************/ -#ifndef RESPONSE_FP_H -#define RESPONSE_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ -void -BuildResponseHeader( - COMMAND *command, // IN: main control structure - BYTE *buffer, // OUT: the output buffer - TPM_RC result // IN: the response code - ); +#ifndef _RESPONSE_FP_H_ +#define _RESPONSE_FP_H_ +//** BuildResponseHeader() +// Adds the response header to the response. It will update command->parameterSize +// to indicate the total size of the response. +void BuildResponseHeader(COMMAND* command, // IN: main control structure + BYTE* buffer, // OUT: the output buffer + TPM_RC result // IN: the response code +); -#endif +#endif // _RESPONSE_FP_H_ diff --git a/src/tpm2/Rewrap_fp.h b/src/tpm2/Rewrap_fp.h index 6a29a5c9..201e6785 100644 --- a/src/tpm2/Rewrap_fp.h +++ b/src/tpm2/Rewrap_fp.h @@ -59,34 +59,41 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef REWRAP_FP_H -#define REWRAP_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT oldParent; - TPMI_DH_OBJECT newParent; - TPM2B_PRIVATE inDuplicate; - TPM2B_NAME name; - TPM2B_ENCRYPTED_SECRET inSymSeed; +#if CC_Rewrap // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_REWRAP_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_REWRAP_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT oldParent; + TPMI_DH_OBJECT newParent; + TPM2B_PRIVATE inDuplicate; + TPM2B_NAME name; + TPM2B_ENCRYPTED_SECRET inSymSeed; } Rewrap_In; -#define RC_Rewrap_oldParent (TPM_RC_H + TPM_RC_1) -#define RC_Rewrap_newParent (TPM_RC_H + TPM_RC_2) -#define RC_Rewrap_inDuplicate (TPM_RC_P + TPM_RC_1) -#define RC_Rewrap_name (TPM_RC_P + TPM_RC_2) -#define RC_Rewrap_inSymSeed (TPM_RC_P + TPM_RC_3) - -typedef struct { - TPM2B_PRIVATE outDuplicate; - TPM2B_ENCRYPTED_SECRET outSymSeed; +// Output structure definition +typedef struct +{ + TPM2B_PRIVATE outDuplicate; + TPM2B_ENCRYPTED_SECRET outSymSeed; } Rewrap_Out; -TPM_RC -TPM2_Rewrap( - Rewrap_In *in, // IN: input parameter list - Rewrap_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_Rewrap_oldParent (TPM_RC_H + TPM_RC_1) +# define RC_Rewrap_newParent (TPM_RC_H + TPM_RC_2) +# define RC_Rewrap_inDuplicate (TPM_RC_P + TPM_RC_1) +# define RC_Rewrap_name (TPM_RC_P + TPM_RC_2) +# define RC_Rewrap_inSymSeed (TPM_RC_P + TPM_RC_3) -#endif +// Function prototype +TPM_RC +TPM2_Rewrap(Rewrap_In* in, Rewrap_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_REWRAP_FP_H_ +#endif // CC_Rewrap diff --git a/src/tpm2/RsaTestData.h b/src/tpm2/RsaTestData.h index abbaa8d6..27cb5c62 100644 --- a/src/tpm2/RsaTestData.h +++ b/src/tpm2/RsaTestData.h @@ -59,367 +59,488 @@ /* */ /********************************************************************************/ -#ifndef RSATESTDATA_H -#define RSATESTDATA_H +// +// RSA Test Vectors +#define RSA_TEST_KEY_SIZE 256 -/* 10.1.9 RsaTestData.h */ -/* RSA Test Vectors */ -#define RSA_TEST_KEY_SIZE 256 typedef struct { - UINT16 size; - BYTE buffer[RSA_TEST_KEY_SIZE]; + UINT16 size; + BYTE buffer[RSA_TEST_KEY_SIZE]; } TPM2B_RSA_TEST_KEY; -typedef TPM2B_RSA_TEST_KEY TPM2B_RSA_TEST_VALUE; + +typedef TPM2B_RSA_TEST_KEY TPM2B_RSA_TEST_VALUE; + typedef struct { - UINT16 size; - BYTE buffer[RSA_TEST_KEY_SIZE / 2]; + UINT16 size; + BYTE buffer[RSA_TEST_KEY_SIZE / 2]; } TPM2B_RSA_TEST_PRIME; -const TPM2B_RSA_TEST_KEY c_rsaPublicModulus = {256, { - 0x91,0x12,0xf5,0x07,0x9d,0x5f,0x6b,0x1c,0x90,0xf6,0xcc,0x87,0xde,0x3a,0x7a,0x15, - 0xdc,0x54,0x07,0x6c,0x26,0x8f,0x25,0xef,0x7e,0x66,0xc0,0xe3,0x82,0x12,0x2f,0xab, - 0x52,0x82,0x1e,0x85,0xbc,0x53,0xba,0x2b,0x01,0xad,0x01,0xc7,0x8d,0x46,0x4f,0x7d, - 0xdd,0x7e,0xdc,0xb0,0xad,0xf6,0x0c,0xa1,0x62,0x92,0x97,0x8a,0x3e,0x6f,0x7e,0x3e, - 0xf6,0x9a,0xcc,0xf9,0xa9,0x86,0x77,0xb6,0x85,0x43,0x42,0x04,0x13,0x65,0xe2,0xad, - 0x36,0xc9,0xbf,0xc1,0x97,0x84,0x6f,0xee,0x7c,0xda,0x58,0xd2,0xae,0x07,0x00,0xaf, - 0xc5,0x5f,0x4d,0x3a,0x98,0xb0,0xed,0x27,0x7c,0xc2,0xce,0x26,0x5d,0x87,0xe1,0xe3, - 0xa9,0x69,0x88,0x4f,0x8c,0x08,0x31,0x18,0xae,0x93,0x16,0xe3,0x74,0xde,0xd3,0xf6, - 0x16,0xaf,0xa3,0xac,0x37,0x91,0x8d,0x10,0xc6,0x6b,0x64,0x14,0x3a,0xd9,0xfc,0xe4, - 0xa0,0xf2,0xd1,0x01,0x37,0x4f,0x4a,0xeb,0xe5,0xec,0x98,0xc5,0xd9,0x4b,0x30,0xd2, - 0x80,0x2a,0x5a,0x18,0x5a,0x7d,0xd4,0x3d,0xb7,0x62,0x98,0xce,0x6d,0xa2,0x02,0x6e, - 0x45,0xaa,0x95,0x73,0xe0,0xaa,0x75,0x57,0xb1,0x3d,0x1b,0x05,0x75,0x23,0x6b,0x20, - 0x69,0x9e,0x14,0xb0,0x7f,0xac,0xae,0xd2,0xc7,0x48,0x3b,0xe4,0x56,0x11,0x34,0x1e, - 0x05,0x1a,0x30,0x20,0xef,0x68,0x93,0x6b,0x9d,0x7e,0xdd,0xba,0x96,0x50,0xcc,0x1c, - 0x81,0xb4,0x59,0xb9,0x74,0x36,0xd9,0x97,0xdc,0x8f,0x17,0x82,0x72,0xb3,0x59,0xf6, - 0x23,0xfa,0x84,0xf7,0x6d,0xf2,0x05,0xff,0xf1,0xb9,0xcc,0xe9,0xa2,0x82,0x01,0xfb}}; -const TPM2B_RSA_TEST_PRIME c_rsaPrivatePrime = {RSA_TEST_KEY_SIZE / 2, { - 0xb7,0xa0,0x90,0xc7,0x92,0x09,0xde,0x71,0x03,0x37,0x4a,0xb5,0x2f,0xda,0x61,0xb8, - 0x09,0x1b,0xba,0x99,0x70,0x45,0xc1,0x0b,0x15,0x12,0x71,0x8a,0xb3,0x2a,0x4d,0x5a, - 0x41,0x9b,0x73,0x89,0x80,0x0a,0x8f,0x18,0x4c,0x8b,0xa2,0x5b,0xda,0xbd,0x43,0xbe, - 0xdc,0x76,0x4d,0x71,0x0f,0xb9,0xfc,0x7a,0x09,0xfe,0x4f,0xac,0x63,0xd9,0x2e,0x50, - 0x3a,0xa1,0x37,0xc6,0xf2,0xa1,0x89,0x12,0xe7,0x72,0x64,0x2b,0xba,0xc1,0x1f,0xca, - 0x9d,0xb7,0xaa,0x3a,0xa9,0xd3,0xa6,0x6f,0x73,0x02,0xbb,0x85,0x5d,0x9a,0xb9,0x5c, - 0x08,0x83,0x22,0x20,0x49,0x91,0x5f,0x4b,0x86,0xbc,0x3f,0x76,0x43,0x08,0x97,0xbf, - 0x82,0x55,0x36,0x2d,0x8b,0x6e,0x9e,0xfb,0xc1,0x67,0x6a,0x43,0xa2,0x46,0x81,0x71}}; -const BYTE c_RsaTestValue[RSA_TEST_KEY_SIZE] = { - 0x2a,0x24,0x3a,0xbb,0x50,0x1d,0xd4,0x2a,0xf9,0x18,0x32,0x34,0xa2,0x0f,0xea,0x5c, - 0x91,0x77,0xe9,0xe1,0x09,0x83,0xdc,0x5f,0x71,0x64,0x5b,0xeb,0x57,0x79,0xa0,0x41, - 0xc9,0xe4,0x5a,0x0b,0xf4,0x9f,0xdb,0x84,0x04,0xa6,0x48,0x24,0xf6,0x3f,0x66,0x1f, - 0xa8,0x04,0x5c,0xf0,0x7a,0x6b,0x4a,0x9c,0x7e,0x21,0xb6,0xda,0x6b,0x65,0x9c,0x3a, - 0x68,0x50,0x13,0x1e,0xa4,0xb7,0xca,0xec,0xd3,0xcc,0xb2,0x9b,0x8c,0x87,0xa4,0x6a, - 0xba,0xc2,0x06,0x3f,0x40,0x48,0x7b,0xa8,0xb8,0x2c,0x03,0x14,0x33,0xf3,0x1d,0xe9, - 0xbd,0x6f,0x54,0x66,0xb4,0x69,0x5e,0xbc,0x80,0x7c,0xe9,0x6a,0x43,0x7f,0xb8,0x6a, - 0xa0,0x5f,0x5d,0x7a,0x20,0xfd,0x7a,0x39,0xe1,0xea,0x0e,0x94,0x91,0x28,0x63,0x7a, - 0xac,0xc9,0xa5,0x3a,0x6d,0x31,0x7b,0x7c,0x54,0x56,0x99,0x56,0xbb,0xb7,0xa1,0x2d, - 0xd2,0x5c,0x91,0x5f,0x1c,0xd3,0x06,0x7f,0x34,0x53,0x2f,0x4c,0xd1,0x8b,0xd2,0x9e, - 0xdc,0xc3,0x94,0x0a,0xe1,0x0f,0xa5,0x15,0x46,0x2a,0x8e,0x10,0xc2,0xfe,0xb7,0x5e, - 0x2d,0x0d,0xd1,0x25,0xfc,0xe4,0xf7,0x02,0x19,0xfe,0xb6,0xe4,0x95,0x9c,0x17,0x4a, - 0x9b,0xdb,0xab,0xc7,0x79,0xe3,0x5e,0x40,0xd0,0x56,0x6d,0x25,0x0a,0x72,0x65,0x80, - 0x92,0x9a,0xa8,0x07,0x70,0x32,0x14,0xfb,0xfe,0x08,0xeb,0x13,0xb4,0x07,0x68,0xb4, - 0x58,0x39,0xbe,0x8e,0x78,0x3a,0x59,0x3f,0x9c,0x4c,0xe9,0xa8,0x64,0x68,0xf7,0xb9, - 0x6e,0x20,0xf5,0xcb,0xca,0x47,0xf2,0x17,0xaa,0x8b,0xbc,0x13,0x14,0x84,0xf6,0xab}; -const TPM2B_RSA_TEST_VALUE c_RsaepKvt = {RSA_TEST_KEY_SIZE, { - 0x73,0xbd,0x65,0x49,0xda,0x7b,0xb8,0x50,0x9e,0x87,0xf0,0x0a,0x8a,0x9a,0x07,0xb6, - 0x00,0x82,0x10,0x14,0x60,0xd8,0x01,0xfc,0xc5,0x18,0xea,0x49,0x5f,0x13,0xcf,0x65, - 0x66,0x30,0x6c,0x60,0x3f,0x24,0x3c,0xfb,0xe2,0x31,0x16,0x99,0x7e,0x31,0x98,0xab, - 0x93,0xb8,0x07,0x53,0xcc,0xdb,0x7f,0x44,0xd9,0xee,0x5d,0xe8,0x5f,0x97,0x5f,0xe8, - 0x1f,0x88,0x52,0x24,0x7b,0xac,0x62,0x95,0xb7,0x7d,0xf5,0xf8,0x9f,0x5a,0xa8,0x24, - 0x9a,0x76,0x71,0x2a,0x35,0x2a,0xa1,0x08,0xbb,0x95,0xe3,0x64,0xdc,0xdb,0xc2,0x33, - 0xa9,0x5f,0xbe,0x4c,0xc4,0xcc,0x28,0xc9,0x25,0xff,0xee,0x17,0x15,0x9a,0x50,0x90, - 0x0e,0x15,0xb4,0xea,0x6a,0x09,0xe6,0xff,0xa4,0xee,0xc7,0x7e,0xce,0xa9,0x73,0xe4, - 0xa0,0x56,0xbd,0x53,0x2a,0xe4,0xc0,0x2b,0xa8,0x9b,0x09,0x30,0x72,0x62,0x0f,0xf9, - 0xf6,0xa1,0x52,0xd2,0x8a,0x37,0xee,0xa5,0xc8,0x47,0xe1,0x99,0x21,0x47,0xeb,0xdd, - 0x37,0xaa,0xe4,0xbd,0x55,0x46,0x5a,0x5a,0x5d,0xfb,0x7b,0xfc,0xff,0xbf,0x26,0x71, - 0xf6,0x1e,0xad,0xbc,0xbf,0x33,0xca,0xe1,0x92,0x8f,0x2a,0x89,0x6c,0x45,0x24,0xd1, - 0xa6,0x52,0x56,0x24,0x5e,0x90,0x47,0xe5,0xcb,0x12,0xb0,0x32,0xf9,0xa6,0xbb,0xea, - 0x37,0xa9,0xbd,0xef,0x23,0xef,0x63,0x07,0x6c,0xc4,0x4e,0x64,0x3c,0xc6,0x11,0x84, - 0x7d,0x65,0xd6,0x5d,0x7a,0x17,0x58,0xa5,0xf7,0x74,0x3b,0x42,0xe3,0xd2,0xda,0x5f, - 0x6f,0xe0,0x1e,0x4b,0xcf,0x46,0xe2,0xdf,0x3e,0x41,0x8e,0x0e,0xb0,0x3f,0x8b,0x65}}; -#define OAEP_TEST_LABEL "OAEP Test Value" +const TPM2B_RSA_TEST_KEY c_rsaPublicModulus = + {256, + {0x91, 0x12, 0xf5, 0x07, 0x9d, 0x5f, 0x6b, 0x1c, 0x90, 0xf6, 0xcc, 0x87, 0xde, + 0x3a, 0x7a, 0x15, 0xdc, 0x54, 0x07, 0x6c, 0x26, 0x8f, 0x25, 0xef, 0x7e, 0x66, + 0xc0, 0xe3, 0x82, 0x12, 0x2f, 0xab, 0x52, 0x82, 0x1e, 0x85, 0xbc, 0x53, 0xba, + 0x2b, 0x01, 0xad, 0x01, 0xc7, 0x8d, 0x46, 0x4f, 0x7d, 0xdd, 0x7e, 0xdc, 0xb0, + 0xad, 0xf6, 0x0c, 0xa1, 0x62, 0x92, 0x97, 0x8a, 0x3e, 0x6f, 0x7e, 0x3e, 0xf6, + 0x9a, 0xcc, 0xf9, 0xa9, 0x86, 0x77, 0xb6, 0x85, 0x43, 0x42, 0x04, 0x13, 0x65, + 0xe2, 0xad, 0x36, 0xc9, 0xbf, 0xc1, 0x97, 0x84, 0x6f, 0xee, 0x7c, 0xda, 0x58, + 0xd2, 0xae, 0x07, 0x00, 0xaf, 0xc5, 0x5f, 0x4d, 0x3a, 0x98, 0xb0, 0xed, 0x27, + 0x7c, 0xc2, 0xce, 0x26, 0x5d, 0x87, 0xe1, 0xe3, 0xa9, 0x69, 0x88, 0x4f, 0x8c, + 0x08, 0x31, 0x18, 0xae, 0x93, 0x16, 0xe3, 0x74, 0xde, 0xd3, 0xf6, 0x16, 0xaf, + 0xa3, 0xac, 0x37, 0x91, 0x8d, 0x10, 0xc6, 0x6b, 0x64, 0x14, 0x3a, 0xd9, 0xfc, + 0xe4, 0xa0, 0xf2, 0xd1, 0x01, 0x37, 0x4f, 0x4a, 0xeb, 0xe5, 0xec, 0x98, 0xc5, + 0xd9, 0x4b, 0x30, 0xd2, 0x80, 0x2a, 0x5a, 0x18, 0x5a, 0x7d, 0xd4, 0x3d, 0xb7, + 0x62, 0x98, 0xce, 0x6d, 0xa2, 0x02, 0x6e, 0x45, 0xaa, 0x95, 0x73, 0xe0, 0xaa, + 0x75, 0x57, 0xb1, 0x3d, 0x1b, 0x05, 0x75, 0x23, 0x6b, 0x20, 0x69, 0x9e, 0x14, + 0xb0, 0x7f, 0xac, 0xae, 0xd2, 0xc7, 0x48, 0x3b, 0xe4, 0x56, 0x11, 0x34, 0x1e, + 0x05, 0x1a, 0x30, 0x20, 0xef, 0x68, 0x93, 0x6b, 0x9d, 0x7e, 0xdd, 0xba, 0x96, + 0x50, 0xcc, 0x1c, 0x81, 0xb4, 0x59, 0xb9, 0x74, 0x36, 0xd9, 0x97, 0xdc, 0x8f, + 0x17, 0x82, 0x72, 0xb3, 0x59, 0xf6, 0x23, 0xfa, 0x84, 0xf7, 0x6d, 0xf2, 0x05, + 0xff, 0xf1, 0xb9, 0xcc, 0xe9, 0xa2, 0x82, 0x01, 0xfb}}; + +const TPM2B_RSA_TEST_PRIME c_rsaPrivatePrime = + {RSA_TEST_KEY_SIZE / 2, + {0xb7, 0xa0, 0x90, 0xc7, 0x92, 0x09, 0xde, 0x71, 0x03, 0x37, 0x4a, 0xb5, 0x2f, + 0xda, 0x61, 0xb8, 0x09, 0x1b, 0xba, 0x99, 0x70, 0x45, 0xc1, 0x0b, 0x15, 0x12, + 0x71, 0x8a, 0xb3, 0x2a, 0x4d, 0x5a, 0x41, 0x9b, 0x73, 0x89, 0x80, 0x0a, 0x8f, + 0x18, 0x4c, 0x8b, 0xa2, 0x5b, 0xda, 0xbd, 0x43, 0xbe, 0xdc, 0x76, 0x4d, 0x71, + 0x0f, 0xb9, 0xfc, 0x7a, 0x09, 0xfe, 0x4f, 0xac, 0x63, 0xd9, 0x2e, 0x50, 0x3a, + 0xa1, 0x37, 0xc6, 0xf2, 0xa1, 0x89, 0x12, 0xe7, 0x72, 0x64, 0x2b, 0xba, 0xc1, + 0x1f, 0xca, 0x9d, 0xb7, 0xaa, 0x3a, 0xa9, 0xd3, 0xa6, 0x6f, 0x73, 0x02, 0xbb, + 0x85, 0x5d, 0x9a, 0xb9, 0x5c, 0x08, 0x83, 0x22, 0x20, 0x49, 0x91, 0x5f, 0x4b, + 0x86, 0xbc, 0x3f, 0x76, 0x43, 0x08, 0x97, 0xbf, 0x82, 0x55, 0x36, 0x2d, 0x8b, + 0x6e, 0x9e, 0xfb, 0xc1, 0x67, 0x6a, 0x43, 0xa2, 0x46, 0x81, 0x71}}; + +const BYTE c_RsaTestValue[RSA_TEST_KEY_SIZE] = + {0x2a, 0x24, 0x3a, 0xbb, 0x50, 0x1d, 0xd4, 0x2a, 0xf9, 0x18, 0x32, 0x34, 0xa2, + 0x0f, 0xea, 0x5c, 0x91, 0x77, 0xe9, 0xe1, 0x09, 0x83, 0xdc, 0x5f, 0x71, 0x64, + 0x5b, 0xeb, 0x57, 0x79, 0xa0, 0x41, 0xc9, 0xe4, 0x5a, 0x0b, 0xf4, 0x9f, 0xdb, + 0x84, 0x04, 0xa6, 0x48, 0x24, 0xf6, 0x3f, 0x66, 0x1f, 0xa8, 0x04, 0x5c, 0xf0, + 0x7a, 0x6b, 0x4a, 0x9c, 0x7e, 0x21, 0xb6, 0xda, 0x6b, 0x65, 0x9c, 0x3a, 0x68, + 0x50, 0x13, 0x1e, 0xa4, 0xb7, 0xca, 0xec, 0xd3, 0xcc, 0xb2, 0x9b, 0x8c, 0x87, + 0xa4, 0x6a, 0xba, 0xc2, 0x06, 0x3f, 0x40, 0x48, 0x7b, 0xa8, 0xb8, 0x2c, 0x03, + 0x14, 0x33, 0xf3, 0x1d, 0xe9, 0xbd, 0x6f, 0x54, 0x66, 0xb4, 0x69, 0x5e, 0xbc, + 0x80, 0x7c, 0xe9, 0x6a, 0x43, 0x7f, 0xb8, 0x6a, 0xa0, 0x5f, 0x5d, 0x7a, 0x20, + 0xfd, 0x7a, 0x39, 0xe1, 0xea, 0x0e, 0x94, 0x91, 0x28, 0x63, 0x7a, 0xac, 0xc9, + 0xa5, 0x3a, 0x6d, 0x31, 0x7b, 0x7c, 0x54, 0x56, 0x99, 0x56, 0xbb, 0xb7, 0xa1, + 0x2d, 0xd2, 0x5c, 0x91, 0x5f, 0x1c, 0xd3, 0x06, 0x7f, 0x34, 0x53, 0x2f, 0x4c, + 0xd1, 0x8b, 0xd2, 0x9e, 0xdc, 0xc3, 0x94, 0x0a, 0xe1, 0x0f, 0xa5, 0x15, 0x46, + 0x2a, 0x8e, 0x10, 0xc2, 0xfe, 0xb7, 0x5e, 0x2d, 0x0d, 0xd1, 0x25, 0xfc, 0xe4, + 0xf7, 0x02, 0x19, 0xfe, 0xb6, 0xe4, 0x95, 0x9c, 0x17, 0x4a, 0x9b, 0xdb, 0xab, + 0xc7, 0x79, 0xe3, 0x5e, 0x40, 0xd0, 0x56, 0x6d, 0x25, 0x0a, 0x72, 0x65, 0x80, + 0x92, 0x9a, 0xa8, 0x07, 0x70, 0x32, 0x14, 0xfb, 0xfe, 0x08, 0xeb, 0x13, 0xb4, + 0x07, 0x68, 0xb4, 0x58, 0x39, 0xbe, 0x8e, 0x78, 0x3a, 0x59, 0x3f, 0x9c, 0x4c, + 0xe9, 0xa8, 0x64, 0x68, 0xf7, 0xb9, 0x6e, 0x20, 0xf5, 0xcb, 0xca, 0x47, 0xf2, + 0x17, 0xaa, 0x8b, 0xbc, 0x13, 0x14, 0x84, 0xf6, 0xab}; + +const TPM2B_RSA_TEST_VALUE c_RsaepKvt = + {RSA_TEST_KEY_SIZE, + {0x73, 0xbd, 0x65, 0x49, 0xda, 0x7b, 0xb8, 0x50, 0x9e, 0x87, 0xf0, 0x0a, 0x8a, + 0x9a, 0x07, 0xb6, 0x00, 0x82, 0x10, 0x14, 0x60, 0xd8, 0x01, 0xfc, 0xc5, 0x18, + 0xea, 0x49, 0x5f, 0x13, 0xcf, 0x65, 0x66, 0x30, 0x6c, 0x60, 0x3f, 0x24, 0x3c, + 0xfb, 0xe2, 0x31, 0x16, 0x99, 0x7e, 0x31, 0x98, 0xab, 0x93, 0xb8, 0x07, 0x53, + 0xcc, 0xdb, 0x7f, 0x44, 0xd9, 0xee, 0x5d, 0xe8, 0x5f, 0x97, 0x5f, 0xe8, 0x1f, + 0x88, 0x52, 0x24, 0x7b, 0xac, 0x62, 0x95, 0xb7, 0x7d, 0xf5, 0xf8, 0x9f, 0x5a, + 0xa8, 0x24, 0x9a, 0x76, 0x71, 0x2a, 0x35, 0x2a, 0xa1, 0x08, 0xbb, 0x95, 0xe3, + 0x64, 0xdc, 0xdb, 0xc2, 0x33, 0xa9, 0x5f, 0xbe, 0x4c, 0xc4, 0xcc, 0x28, 0xc9, + 0x25, 0xff, 0xee, 0x17, 0x15, 0x9a, 0x50, 0x90, 0x0e, 0x15, 0xb4, 0xea, 0x6a, + 0x09, 0xe6, 0xff, 0xa4, 0xee, 0xc7, 0x7e, 0xce, 0xa9, 0x73, 0xe4, 0xa0, 0x56, + 0xbd, 0x53, 0x2a, 0xe4, 0xc0, 0x2b, 0xa8, 0x9b, 0x09, 0x30, 0x72, 0x62, 0x0f, + 0xf9, 0xf6, 0xa1, 0x52, 0xd2, 0x8a, 0x37, 0xee, 0xa5, 0xc8, 0x47, 0xe1, 0x99, + 0x21, 0x47, 0xeb, 0xdd, 0x37, 0xaa, 0xe4, 0xbd, 0x55, 0x46, 0x5a, 0x5a, 0x5d, + 0xfb, 0x7b, 0xfc, 0xff, 0xbf, 0x26, 0x71, 0xf6, 0x1e, 0xad, 0xbc, 0xbf, 0x33, + 0xca, 0xe1, 0x92, 0x8f, 0x2a, 0x89, 0x6c, 0x45, 0x24, 0xd1, 0xa6, 0x52, 0x56, + 0x24, 0x5e, 0x90, 0x47, 0xe5, 0xcb, 0x12, 0xb0, 0x32, 0xf9, 0xa6, 0xbb, 0xea, + 0x37, 0xa9, 0xbd, 0xef, 0x23, 0xef, 0x63, 0x07, 0x6c, 0xc4, 0x4e, 0x64, 0x3c, + 0xc6, 0x11, 0x84, 0x7d, 0x65, 0xd6, 0x5d, 0x7a, 0x17, 0x58, 0xa5, 0xf7, 0x74, + 0x3b, 0x42, 0xe3, 0xd2, 0xda, 0x5f, 0x6f, 0xe0, 0x1e, 0x4b, 0xcf, 0x46, 0xe2, + 0xdf, 0x3e, 0x41, 0x8e, 0x0e, 0xb0, 0x3f, 0x8b, 0x65}}; + +#define OAEP_TEST_LABEL "OAEP Test Value" #if ALG_SHA1_VALUE == DEFAULT_TEST_HASH -const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { - 0x32,0x68,0x84,0x0b,0x9c,0xc9,0x25,0x26,0xd9,0xc0,0xd0,0xb1,0xde,0x60,0x55,0xae, - 0x33,0xe5,0xcf,0x6c,0x85,0xbe,0x0d,0x71,0x11,0xe1,0x45,0x60,0xbb,0x42,0x3d,0xf3, - 0xb1,0x18,0x84,0x7b,0xc6,0x5d,0xce,0x1d,0x5f,0x9a,0x97,0xcf,0xb1,0x97,0x9a,0x85, - 0x7c,0xa7,0xa1,0x63,0x23,0xb6,0x74,0x0f,0x1a,0xee,0x29,0x51,0xeb,0x50,0x8f,0x3c, - 0x8e,0x4e,0x31,0x38,0xdc,0x11,0xfc,0x9a,0x4e,0xaf,0x93,0xc9,0x7f,0x6e,0x35,0xf3, - 0xc9,0xe4,0x89,0x14,0x53,0xe2,0xc2,0x1a,0xf7,0x6b,0x9b,0xf0,0x7a,0xa4,0x69,0x52, - 0xe0,0x24,0x8f,0xea,0x31,0xa7,0x5c,0x43,0xb0,0x65,0xc9,0xfe,0xba,0xfe,0x80,0x9e, - 0xa5,0xc0,0xf5,0x8d,0xce,0x41,0xf9,0x83,0x0d,0x8e,0x0f,0xef,0x3d,0x1f,0x6a,0xcc, - 0x8a,0x3d,0x3b,0xdf,0x22,0x38,0xd7,0x34,0x58,0x7b,0x55,0xc9,0xf6,0xbc,0x7c,0x4c, - 0x3f,0xd7,0xde,0x4e,0x30,0xa9,0x69,0xf3,0x5f,0x56,0x8f,0xc2,0xe7,0x75,0x79,0xb8, - 0xa5,0xc8,0x0d,0xc0,0xcd,0xb6,0xc9,0x63,0xad,0x7c,0xe4,0x8f,0x39,0x60,0x4d,0x7d, - 0xdb,0x34,0x49,0x2a,0x47,0xde,0xc0,0x42,0x4a,0x19,0x94,0x2e,0x50,0x21,0x03,0x47, - 0xff,0x73,0xb3,0xb7,0x89,0xcc,0x7b,0x2c,0xeb,0x03,0xa7,0x9a,0x06,0xfd,0xed,0x19, - 0xbb,0x82,0xa0,0x13,0xe9,0xfa,0xac,0x06,0x5f,0xc5,0xa9,0x2b,0xda,0x88,0x23,0xa2, - 0x5d,0xc2,0x7f,0xda,0xc8,0x5a,0x94,0x31,0xc1,0x21,0xd7,0x1e,0x6b,0xd7,0x89,0xb1, - 0x93,0x80,0xab,0xd1,0x37,0xf2,0x6f,0x50,0xcd,0x2a,0xea,0xb1,0xc4,0xcd,0xcb,0xb5}}; -const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { - 0x29,0xa4,0x2f,0xbb,0x8a,0x14,0x05,0x1e,0x3c,0x72,0x76,0x77,0x38,0xe7,0x73,0xe3, - 0x6e,0x24,0x4b,0x38,0xd2,0x1a,0xcf,0x23,0x58,0x78,0x36,0x82,0x23,0x6e,0x6b,0xef, - 0x2c,0x3d,0xf2,0xe8,0xd6,0xc6,0x87,0x8e,0x78,0x9b,0x27,0x39,0xc0,0xd6,0xef,0x4d, - 0x0b,0xfc,0x51,0x27,0x18,0xf3,0x51,0x5e,0x4d,0x96,0x3a,0xe2,0x15,0xe2,0x7e,0x42, - 0xf4,0x16,0xd5,0xc6,0x52,0x5d,0x17,0x44,0x76,0x09,0x7a,0xcf,0xe3,0x30,0xe3,0x84, - 0xf6,0x6f,0x3a,0x33,0xfb,0x32,0x0d,0x1d,0xe7,0x7c,0x80,0x82,0x4f,0xed,0xda,0x87, - 0x11,0x9c,0xc3,0x7e,0x85,0xbd,0x18,0x58,0x08,0x2b,0x23,0x37,0xe7,0x9d,0xd0,0xd1, - 0x79,0xe2,0x05,0xbd,0xf5,0x4f,0x0e,0x0f,0xdb,0x4a,0x74,0xeb,0x09,0x01,0xb3,0xca, - 0xbd,0xa6,0x7b,0x09,0xb1,0x13,0x77,0x30,0x4d,0x87,0x41,0x06,0x57,0x2e,0x5f,0x36, - 0x6e,0xfc,0x35,0x69,0xfe,0x0a,0x24,0x6c,0x98,0x8c,0xda,0x97,0xf4,0xfb,0xc7,0x83, - 0x2d,0x3e,0x7d,0xc0,0x5c,0x34,0xfd,0x11,0x2a,0x12,0xa7,0xae,0x4a,0xde,0xc8,0x4e, - 0xcf,0xf4,0x85,0x63,0x77,0xc6,0x33,0x34,0xe0,0x27,0xe4,0x9e,0x91,0x0b,0x4b,0x85, - 0xf0,0xb0,0x79,0xaa,0x7c,0xc6,0xff,0x3b,0xbc,0x04,0x73,0xb8,0x95,0xd7,0x31,0x54, - 0x3b,0x56,0xec,0x52,0x15,0xd7,0x3e,0x62,0xf5,0x82,0x99,0x3e,0x2a,0xc0,0x4b,0x2e, - 0x06,0x57,0x6d,0x3f,0x3e,0x77,0x1f,0x2b,0x2d,0xc5,0xb9,0x3b,0x68,0x56,0x73,0x70, - 0x32,0x6b,0x6b,0x65,0x25,0x76,0x45,0x6c,0x45,0xf1,0x6c,0x59,0xfc,0x94,0xa7,0x15}}; -const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { - 0x01,0xfe,0xd5,0x83,0x0b,0x15,0xba,0x90,0x2c,0xdf,0xf7,0x26,0xb7,0x8f,0xb1,0xd7, - 0x0b,0xfd,0x83,0xf9,0x95,0xd5,0xd7,0xb5,0xc5,0xc5,0x4a,0xde,0xd5,0xe6,0x20,0x78, - 0xca,0x73,0x77,0x3d,0x61,0x36,0x48,0xae,0x3e,0x8f,0xee,0x43,0x29,0x96,0xdf,0x3f, - 0x1c,0x97,0x5a,0xbe,0xe5,0xa2,0x7e,0x5b,0xd0,0xc0,0x29,0x39,0x83,0x81,0x77,0x24, - 0x43,0xdb,0x3c,0x64,0x4d,0xf0,0x23,0xe4,0xae,0x0f,0x78,0x31,0x8c,0xda,0x0c,0xec, - 0xf1,0xdf,0x09,0xf2,0x14,0x6a,0x4d,0xaf,0x36,0x81,0x6e,0xbd,0xbe,0x36,0x79,0x88, - 0x98,0xb6,0x6f,0x5a,0xad,0xcf,0x7c,0xee,0xe0,0xdd,0x00,0xbe,0x59,0x97,0x88,0x00, - 0x34,0xc0,0x8b,0x48,0x42,0x05,0x04,0x5a,0xb7,0x85,0x38,0xa0,0x35,0xd7,0x3b,0x51, - 0xb8,0x7b,0x81,0x83,0xee,0xff,0x76,0x6f,0x50,0x39,0x4d,0xab,0x89,0x63,0x07,0x6d, - 0xf5,0xe5,0x01,0x10,0x56,0xfe,0x93,0x06,0x8f,0xd3,0xc9,0x41,0xab,0xc9,0xdf,0x6e, - 0x59,0xa8,0xc3,0x1d,0xbf,0x96,0x4a,0x59,0x80,0x3c,0x90,0x3a,0x59,0x56,0x4c,0x6d, - 0x44,0x6d,0xeb,0xdc,0x73,0xcd,0xc1,0xec,0xb8,0x41,0xbf,0x89,0x8c,0x03,0x69,0x4c, - 0xaf,0x3f,0xc1,0xc5,0xc7,0xe7,0x7d,0xa7,0x83,0x39,0x70,0xa2,0x6b,0x83,0xbc,0xbe, - 0xf5,0xbf,0x1c,0xee,0x6e,0xa3,0x22,0x1e,0x25,0x2f,0x16,0x68,0x69,0x5a,0x1d,0xfa, - 0x2c,0x3a,0x0f,0x67,0xe1,0x77,0x12,0xe8,0x3d,0xba,0xaa,0xef,0x96,0x9c,0x1f,0x64, - 0x32,0xf4,0xa7,0xb3,0x3f,0x7d,0x61,0xbb,0x9a,0x27,0xad,0xfb,0x2f,0x33,0xc4,0x70}}; -const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { - 0x67,0x4e,0xdd,0xc2,0xd2,0x6d,0xe0,0x03,0xc4,0xc2,0x41,0xd3,0xd4,0x61,0x30,0xd0, - 0xe1,0x68,0x31,0x4a,0xda,0xd9,0xc2,0x5d,0xaa,0xa2,0x7b,0xfb,0x44,0x02,0xf5,0xd6, - 0xd8,0x2e,0xcd,0x13,0x36,0xc9,0x4b,0xdb,0x1a,0x4b,0x66,0x1b,0x4f,0x9c,0xb7,0x17, - 0xac,0x53,0x37,0x4f,0x21,0xbd,0x0c,0x66,0xac,0x06,0x65,0x52,0x9f,0x04,0xf6,0xa5, - 0x22,0x5b,0xf7,0xe6,0x0d,0x3c,0x9f,0x41,0x19,0x09,0x88,0x7c,0x41,0x4c,0x2f,0x9c, - 0x8b,0x3c,0xdd,0x7c,0x28,0x78,0x24,0xd2,0x09,0xa6,0x5b,0xf7,0x3c,0x88,0x7e,0x73, - 0x5a,0x2d,0x36,0x02,0x4f,0x65,0xb0,0xcb,0xc8,0xdc,0xac,0xa2,0xda,0x8b,0x84,0x91, - 0x71,0xe4,0x30,0x8b,0xb6,0x12,0xf2,0xf0,0xd0,0xa0,0x38,0xcf,0x75,0xb7,0x20,0xcb, - 0x35,0x51,0x52,0x6b,0xc4,0xf4,0x21,0x95,0xc2,0xf7,0x9a,0x13,0xc1,0x1a,0x7b,0x8f, - 0x77,0xda,0x19,0x48,0xbb,0x6d,0x14,0x5d,0xba,0x65,0xb4,0x9e,0x43,0x42,0x58,0x98, - 0x0b,0x91,0x46,0xd8,0x4c,0xf3,0x4c,0xaf,0x2e,0x02,0xa6,0xb2,0x49,0x12,0x62,0x43, - 0x4e,0xa8,0xac,0xbf,0xfd,0xfa,0x37,0x24,0xea,0x69,0x1c,0xf5,0xae,0xfa,0x08,0x82, - 0x30,0xc3,0xc0,0xf8,0x9a,0x89,0x33,0xe1,0x40,0x6d,0x18,0x5c,0x7b,0x90,0x48,0xbf, - 0x37,0xdb,0xea,0xfb,0x0e,0xd4,0x2e,0x11,0xfa,0xa9,0x86,0xff,0x00,0x0b,0x7b,0xca, - 0x09,0x64,0x6a,0x8f,0x0c,0x0e,0x09,0x14,0x36,0x4a,0x74,0x31,0x18,0x5b,0x18,0xeb, - 0xea,0x83,0xc3,0x66,0x68,0xa6,0x7d,0x43,0x06,0x0f,0x99,0x60,0xce,0x65,0x08,0xf6}}; -#endif // SHA1 -#if ALG_SHA256_VALUE == DEFAULT_TEST_HASH -const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { - 0x33,0x20,0x6e,0x21,0xc3,0xf6,0xcd,0xf8,0xd7,0x5d,0x9f,0xe9,0x05,0x14,0x8c,0x7c, - 0xbb,0x69,0x24,0x9e,0x52,0x8f,0xaf,0x84,0x73,0x21,0x2c,0x85,0xa5,0x30,0x4d,0xb6, - 0xb8,0xfa,0x15,0x9b,0xc7,0x8f,0xc9,0x7a,0x72,0x4b,0x85,0xa4,0x1c,0xc5,0xd8,0xe4, - 0x92,0xb3,0xec,0xd9,0xa8,0xca,0x5e,0x74,0x73,0x89,0x7f,0xb4,0xac,0x7e,0x68,0x12, - 0xb2,0x53,0x27,0x4b,0xbf,0xd0,0x71,0x69,0x46,0x9f,0xef,0xf4,0x70,0x60,0xf8,0xd7, - 0xae,0xc7,0x5a,0x27,0x38,0x25,0x2d,0x25,0xab,0x96,0x56,0x66,0x3a,0x23,0x40,0xa8, - 0xdb,0xbc,0x86,0xe8,0xf3,0xd2,0x58,0x0b,0x44,0xfc,0x94,0x1e,0xb7,0x5d,0xb4,0x57, - 0xb5,0xf3,0x56,0xee,0x9b,0xcf,0x97,0x91,0x29,0x36,0xe3,0x06,0x13,0xa2,0xea,0xd6, - 0xd6,0x0b,0x86,0x0b,0x1a,0x27,0xe6,0x22,0xc4,0x7b,0xff,0xde,0x0f,0xbf,0x79,0xc8, - 0x1b,0xed,0xf1,0x27,0x62,0xb5,0x8b,0xf9,0xd9,0x76,0x90,0xf6,0xcc,0x83,0x0f,0xce, - 0xce,0x2e,0x63,0x7a,0x9b,0xf4,0x48,0x5b,0xd7,0x81,0x2c,0x3a,0xdb,0x59,0x0d,0x4d, - 0x9e,0x46,0xe9,0x9e,0x92,0x22,0x27,0x1c,0xb0,0x67,0x8a,0xe6,0x8a,0x16,0x8a,0xdf, - 0x95,0x76,0x24,0x82,0xad,0xf1,0xbc,0x97,0xbf,0xd3,0x5e,0x6e,0x14,0x0c,0x5b,0x25, - 0xfe,0x58,0xfa,0x64,0xe5,0x14,0x46,0xb7,0x58,0xc6,0x3f,0x7f,0x42,0xd2,0x8e,0x45, - 0x13,0x41,0x85,0x12,0x2e,0x96,0x19,0xd0,0x5e,0x7d,0x34,0x06,0x32,0x2b,0xc8,0xd9, - 0x0d,0x6c,0x06,0x36,0xa0,0xff,0x47,0x57,0x2c,0x25,0xbc,0x8a,0xa5,0xe2,0xc7,0xe3}}; -const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { - 0x39,0xfc,0x10,0x5d,0xf4,0x45,0x3d,0x94,0x53,0x06,0x89,0x24,0xe7,0xe8,0xfd,0x03, - 0xac,0xfd,0xbd,0xb2,0x28,0xd3,0x4a,0x52,0xc5,0xd4,0xdb,0x17,0xd4,0x24,0x05,0xc4, - 0xeb,0x6a,0xce,0x1d,0xbb,0x37,0xcb,0x09,0xd8,0x6c,0x83,0x19,0x93,0xd4,0xe2,0x88, - 0x88,0x9b,0xaf,0x92,0x16,0xc4,0x15,0xbd,0x49,0x13,0x22,0xb7,0x84,0xcf,0x23,0xf2, - 0x6f,0x0c,0x3e,0x8f,0xde,0x04,0x09,0x31,0x2d,0x99,0xdf,0xe6,0x74,0x70,0x30,0xde, - 0x8c,0xad,0x32,0x86,0xe2,0x7c,0x12,0x90,0x21,0xf3,0x86,0xb7,0xe2,0x64,0xca,0x98, - 0xcc,0x64,0x4b,0xef,0x57,0x4f,0x5a,0x16,0x6e,0xd7,0x2f,0x5b,0xf6,0x07,0xad,0x33, - 0xb4,0x8f,0x3b,0x3a,0x8b,0xd9,0x06,0x2b,0xed,0x3c,0x3c,0x76,0xf6,0x21,0x31,0xe3, - 0xfb,0x2c,0x45,0x61,0x42,0xba,0xe0,0xc3,0x72,0x63,0xd0,0x6b,0x8f,0x36,0x26,0xfb, - 0x9e,0x89,0x0e,0x44,0x9a,0xc1,0x84,0x5e,0x84,0x8d,0xb6,0xea,0xf1,0x0d,0x66,0xc7, - 0xdb,0x44,0xbd,0x19,0x7c,0x05,0xbe,0xc4,0xab,0x88,0x32,0xbe,0xc7,0x63,0x31,0xe6, - 0x38,0xd4,0xe5,0xb8,0x4b,0xf5,0x0e,0x55,0x9a,0x3a,0xe6,0x0a,0xec,0xee,0xe2,0xa8, - 0x88,0x04,0xf2,0xb8,0xaa,0x5a,0xd8,0x97,0x5d,0xa0,0xa8,0x42,0xfb,0xd9,0xde,0x80, - 0xae,0x4c,0xb3,0xa1,0x90,0x47,0x57,0x03,0x10,0x78,0xa6,0x8f,0x11,0xba,0x4b,0xce, - 0x2d,0x56,0xa4,0xe1,0xbd,0xf8,0xa0,0xa4,0xd5,0x48,0x3c,0x63,0x20,0x00,0x38,0xa0, - 0xd1,0xe6,0x12,0xe9,0x1d,0xd8,0x49,0xe3,0xd5,0x24,0xb5,0xc5,0x3a,0x1f,0xb0,0xd4}}; -const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { - 0x74,0x89,0x29,0x3e,0x1b,0xac,0xc6,0x85,0xca,0xf0,0x63,0x43,0x30,0x7d,0x1c,0x9b, - 0x2f,0xbd,0x4d,0x69,0x39,0x5e,0x85,0xe2,0xef,0x86,0x0a,0xc6,0x6b,0xa6,0x08,0x19, - 0x6c,0x56,0x38,0x24,0x55,0x92,0x84,0x9b,0x1b,0x8b,0x04,0xcf,0x24,0x14,0x24,0x13, - 0x0e,0x8b,0x82,0x6f,0x96,0xc8,0x9a,0x68,0xfc,0x4c,0x02,0xf0,0xdc,0xcd,0x36,0x25, - 0x31,0xd5,0x82,0xcf,0xc9,0x69,0x72,0xf6,0x1d,0xab,0x68,0x20,0x2e,0x2d,0x19,0x49, - 0xf0,0x2e,0xad,0xd2,0xda,0xaf,0xff,0xb6,0x92,0x83,0x5b,0x8a,0x06,0x2d,0x0c,0x32, - 0x11,0x32,0x3b,0x77,0x17,0xf6,0x50,0xfb,0xf8,0x57,0xc9,0xc7,0x9b,0x9e,0xc6,0xd1, - 0xa9,0x55,0xf0,0x22,0x35,0xda,0xca,0x3c,0x8e,0xc6,0x9a,0xd8,0x25,0xc8,0x5e,0x93, - 0x0d,0xaa,0xa7,0x06,0xaf,0x11,0x29,0x99,0xe7,0x7c,0xee,0x49,0x82,0x30,0xba,0x2c, - 0xe2,0x40,0x8f,0x0a,0xa6,0x7b,0x24,0x75,0xc5,0xcd,0x03,0x12,0xf4,0xb2,0x4b,0x3a, - 0xd1,0x91,0x3c,0x20,0x0e,0x58,0x2b,0x31,0xf8,0x8b,0xee,0xbc,0x1f,0x95,0x35,0x58, - 0x6a,0x73,0xee,0x99,0xb0,0x01,0x42,0x4f,0x66,0xc0,0x66,0xbb,0x35,0x86,0xeb,0xd9, - 0x7b,0x55,0x77,0x2d,0x54,0x78,0x19,0x49,0xe8,0xcc,0xfd,0xb1,0xcb,0x49,0xc9,0xea, - 0x20,0xab,0xed,0xb5,0xed,0xfe,0xb2,0xb5,0xa8,0xcf,0x05,0x06,0xd5,0x7d,0x2b,0xbb, - 0x0b,0x65,0x6b,0x2b,0x6d,0x55,0x95,0x85,0x44,0x8b,0x12,0x05,0xf3,0x4b,0xd4,0x8e, - 0x3d,0x68,0x2d,0x29,0x9c,0x05,0x79,0xd6,0xfc,0x72,0x90,0x6a,0xab,0x46,0x38,0x81}}; -const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { - 0x8a,0xb1,0x0a,0xb5,0xe4,0x02,0xf7,0xdd,0x45,0x2a,0xcc,0x2b,0x6b,0x8c,0x0e,0x9a, - 0x92,0x4f,0x9b,0xc5,0xe4,0x8b,0x82,0xb9,0xb0,0xd9,0x87,0x8c,0xcb,0xf0,0xb0,0x59, - 0xa5,0x92,0x21,0xa0,0xa7,0x61,0x5c,0xed,0xa8,0x6e,0x22,0x29,0x46,0xc7,0x86,0x37, - 0x4b,0x1b,0x1e,0x94,0x93,0xc8,0x4c,0x17,0x7a,0xae,0x59,0x91,0xf8,0x83,0x84,0xc4, - 0x8c,0x38,0xc2,0x35,0x0e,0x7e,0x50,0x67,0x76,0xe7,0xd3,0xec,0x6f,0x0d,0xa0,0x5c, - 0x2f,0x0a,0x80,0x28,0xd3,0xc5,0x7d,0x2d,0x1a,0x0b,0x96,0xd6,0xe5,0x98,0x05,0x8c, - 0x4d,0xa0,0x1f,0x8c,0xb6,0xfb,0xb1,0xcf,0xe9,0xcb,0x38,0x27,0x60,0x64,0x17,0xca, - 0xf4,0x8b,0x61,0xb7,0x1d,0xb6,0x20,0x9d,0x40,0x2a,0x1c,0xfd,0x55,0x40,0x4b,0x95, - 0x39,0x52,0x18,0x3b,0xab,0x44,0xe8,0x83,0x4b,0x7c,0x47,0xfb,0xed,0x06,0x9c,0xcd, - 0x4f,0xba,0x81,0xd6,0xb7,0x31,0xcf,0x5c,0x23,0xf8,0x25,0xab,0x95,0x77,0x0a,0x8f, - 0x46,0xef,0xfb,0x59,0xb8,0x04,0xd7,0x1e,0xf5,0xaf,0x6a,0x1a,0x26,0x9b,0xae,0xf4, - 0xf5,0x7f,0x84,0x6f,0x3c,0xed,0xf8,0x24,0x0b,0x43,0xd1,0xba,0x74,0x89,0x4e,0x39, - 0xfe,0xab,0xa5,0x16,0xa5,0x28,0xee,0x96,0x84,0x3e,0x16,0x6d,0x5f,0x4e,0x0b,0x7d, - 0x94,0x16,0x1b,0x8c,0xf9,0xaa,0x9b,0xc0,0x49,0x02,0x4c,0x3e,0x62,0xff,0xfe,0xa2, - 0x20,0x33,0x5e,0xa6,0xdd,0xda,0x15,0x2d,0xb7,0xcd,0xda,0xff,0xb1,0x0b,0x45,0x7b, - 0xd3,0xa0,0x42,0x29,0xab,0xa9,0x73,0xe9,0xa4,0xd9,0x8d,0xac,0xa1,0x88,0x2c,0x2d}}; -#endif // SHA256 -#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH -const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { - 0x0f,0x3c,0x42,0x4d,0x8c,0x91,0x96,0x05,0x3c,0xfd,0x59,0x3b,0x7f,0x29,0xbc,0x03, - 0x67,0xc1,0xff,0x74,0xe7,0x09,0xf4,0x13,0x45,0xbe,0x13,0x1d,0xc9,0x86,0x94,0xfe, - 0xed,0xa6,0xe8,0x3a,0xcb,0x89,0x4d,0xec,0x86,0x63,0x4c,0xdb,0xf1,0x95,0xee,0xc1, - 0x46,0xc5,0x3b,0xd8,0xf8,0xa2,0x41,0x6a,0x60,0x8b,0x9e,0x5e,0x7f,0x20,0x16,0xe3, - 0x69,0xb6,0x2d,0x92,0xfc,0x60,0xa2,0x74,0x88,0xd5,0xc7,0xa6,0xd1,0xff,0xe3,0x45, - 0x02,0x51,0x39,0xd9,0xf3,0x56,0x0b,0x91,0x80,0xe0,0x6c,0xa8,0xc3,0x78,0xef,0x34, - 0x22,0x8c,0xf5,0xfb,0x47,0x98,0x5d,0x57,0x8e,0x3a,0xb9,0xff,0x92,0x04,0xc7,0xc2, - 0x6e,0xfa,0x14,0xc1,0xb9,0x68,0x15,0x5c,0x12,0xe8,0xa8,0xbe,0xea,0xe8,0x8d,0x9b, - 0x48,0x28,0x35,0xdb,0x4b,0x52,0xc1,0x2d,0x85,0x47,0x83,0xd0,0xe9,0xae,0x90,0x6e, - 0x65,0xd4,0x34,0x7f,0x81,0xce,0x69,0xf0,0x96,0x62,0xf7,0xec,0x41,0xd5,0xc2,0xe3, - 0x4b,0xba,0x9c,0x8a,0x02,0xce,0xf0,0x5d,0x14,0xf7,0x09,0x42,0x8e,0x4a,0x27,0xfe, - 0x3e,0x66,0x42,0x99,0x03,0xe1,0x69,0xbd,0xdb,0x7f,0x9b,0x70,0xeb,0x4e,0x9c,0xac, - 0x45,0x67,0x91,0x9f,0x75,0x10,0xc6,0xfc,0x14,0xe1,0x28,0xc1,0x0e,0xe0,0x7e,0xc0, - 0x5c,0x1d,0xee,0xe8,0xff,0x45,0x79,0x51,0x86,0x08,0xe6,0x39,0xac,0xb5,0xfd,0xb8, - 0xf1,0xdd,0x2e,0xf4,0xb2,0x1a,0x69,0x0d,0xd9,0x98,0x8e,0xdb,0x85,0x61,0x70,0x20, - 0x82,0x91,0x26,0x87,0x80,0xc4,0x6a,0xd8,0x3b,0x91,0x4d,0xd3,0x33,0x84,0xad,0xb7}}; -const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { - 0x44,0xd5,0x9f,0xbc,0x48,0x03,0x3d,0x9f,0x22,0x91,0x2a,0xab,0x3c,0x31,0x71,0xab, - 0x86,0x3f,0x0f,0x6f,0x59,0x5b,0x93,0x27,0xbc,0xbc,0xcd,0x29,0x38,0x43,0x2a,0x3b, - 0x3b,0xd2,0xb3,0x45,0x40,0xba,0x15,0xb4,0x45,0xe3,0x56,0xab,0xff,0xb3,0x20,0x26, - 0x39,0xcc,0x48,0xc5,0x5d,0x41,0x0d,0x2f,0x57,0x7f,0x9d,0x16,0x2e,0x26,0x57,0xc7, - 0x6b,0xf3,0x36,0x54,0xbd,0xb6,0x1d,0x46,0x4e,0x13,0x50,0xd7,0x61,0x9d,0x8d,0x7b, - 0xeb,0x21,0x9f,0x79,0xf3,0xfd,0xe0,0x1b,0xa8,0xed,0x6d,0x29,0x33,0x0d,0x65,0x94, - 0x24,0x1e,0x62,0x88,0x6b,0x2b,0x4e,0x39,0xf5,0x80,0x39,0xca,0x76,0x95,0xbc,0x7c, - 0x27,0x1d,0xdd,0x3a,0x11,0xf1,0x3e,0x54,0x03,0xb7,0x43,0x91,0x99,0x33,0xfe,0x9d, - 0x14,0x2c,0x87,0x9a,0x95,0x18,0x1f,0x02,0x04,0x6a,0xe2,0xb7,0x81,0x14,0x13,0x45, - 0x16,0xfb,0xe4,0xb7,0x8f,0xab,0x2b,0xd7,0x60,0x34,0x8a,0x55,0xbc,0x01,0x8c,0x49, - 0x02,0x29,0xf1,0x9c,0x94,0x98,0x44,0xd0,0x94,0xcb,0xd4,0x85,0x4c,0x3b,0x77,0x72, - 0x99,0xd5,0x4b,0xc6,0x3b,0xe4,0xd2,0xc8,0xe9,0x6a,0x23,0x18,0x3b,0x3b,0x5e,0x32, - 0xec,0x70,0x84,0x5d,0xbb,0x6a,0x8f,0x0c,0x5f,0x55,0xa5,0x30,0x34,0x48,0xbb,0xc2, - 0xdf,0x12,0xb9,0x81,0xad,0x36,0x3f,0xf0,0x24,0x16,0x48,0x04,0x4a,0x7f,0xfd,0x9f, - 0x4c,0xea,0xfe,0x1d,0x83,0xd0,0x81,0xad,0x25,0x6c,0x5f,0x45,0x36,0x91,0xf0,0xd5, - 0x8b,0x53,0x0a,0xdf,0xec,0x9f,0x04,0x58,0xc4,0x35,0xa0,0x78,0x1f,0x68,0xe0,0x22}}; -const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { - 0x3f,0x3a,0x82,0x6d,0x42,0xe3,0x8b,0x4f,0x45,0x9c,0xda,0x6c,0xbe,0xbe,0xcd,0x00, - 0x98,0xfb,0xbe,0x59,0x30,0xc6,0x3c,0xaa,0xb3,0x06,0x27,0xb5,0xda,0xfa,0xb2,0xc3, - 0x43,0xb7,0xbd,0xe9,0xd3,0x23,0xed,0x80,0xce,0x74,0xb3,0xb8,0x77,0x8d,0xe6,0x8d, - 0x3c,0xe5,0xf5,0xd7,0x80,0xcf,0x38,0x55,0x76,0xd7,0x87,0xa8,0xd6,0x3a,0xcf,0xfd, - 0xd8,0x91,0x65,0xab,0x43,0x66,0x50,0xb7,0x9a,0x13,0x6b,0x45,0x80,0x76,0x86,0x22, - 0x27,0x72,0xf7,0xbb,0x65,0x22,0x5c,0x55,0x60,0xd8,0x84,0x9f,0xf2,0x61,0x52,0xac, - 0xf2,0x4f,0x5b,0x7b,0x21,0xe1,0xf5,0x4b,0x8f,0x01,0xf2,0x4b,0xcf,0xd3,0xfb,0x74, - 0x5e,0x6e,0x96,0xb4,0xa8,0x0f,0x01,0x9b,0x26,0x54,0x0a,0x70,0x55,0x26,0xb7,0x0b, - 0xe8,0x01,0x68,0x66,0x0d,0x6f,0xb5,0xfc,0x66,0xbd,0x9e,0x44,0xed,0x6a,0x1e,0x3c, - 0x3b,0x61,0x5d,0xe8,0xdb,0x99,0x5b,0x67,0xbf,0x94,0xfb,0xe6,0x8c,0x4b,0x07,0xcb, - 0x43,0x3a,0x0d,0xb1,0x1b,0x10,0x66,0x81,0xe2,0x0d,0xe7,0xd1,0xca,0x85,0xa7,0x50, - 0x82,0x2d,0xbf,0xed,0xcf,0x43,0x6d,0xdb,0x2c,0x7b,0x73,0x20,0xfe,0x73,0x3f,0x19, - 0xc6,0xdb,0x69,0xb8,0xc3,0xd3,0xf4,0xe5,0x64,0xf8,0x36,0x8e,0xd5,0xd8,0x09,0x2a, - 0x5f,0x26,0x70,0xa1,0xd9,0x5b,0x14,0xf8,0x22,0xe9,0x9d,0x22,0x51,0xf4,0x52,0xc1, - 0x6f,0x53,0xf5,0xca,0x0d,0xda,0x39,0x8c,0x29,0x42,0xe8,0x58,0x89,0xbb,0xd1,0x2e, - 0xc5,0xdb,0x86,0x8d,0xaf,0xec,0x58,0x36,0x8d,0x8d,0x57,0x23,0xd5,0xdd,0xb9,0x24}}; -const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { - 0x39,0x10,0x58,0x7d,0x6d,0xa8,0xd5,0x90,0x07,0xd6,0x2b,0x13,0xe9,0xd8,0x93,0x7e, - 0xf3,0x5d,0x71,0xe0,0xf0,0x33,0x3a,0x4a,0x22,0xf3,0xe6,0x95,0xd3,0x8e,0x8c,0x41, - 0xe7,0xb3,0x13,0xde,0x4a,0x45,0xd3,0xd1,0xfb,0xb1,0x3f,0x9b,0x39,0xa5,0x50,0x58, - 0xef,0xb6,0x3a,0x43,0xdd,0x54,0xab,0xda,0x9d,0x32,0x49,0xe4,0x57,0x96,0xe5,0x1b, - 0x1d,0x8f,0x33,0x8e,0x07,0x67,0x56,0x14,0xc1,0x18,0x78,0xa2,0x52,0xe6,0x2e,0x07, - 0x81,0xbe,0xd8,0xca,0x76,0x63,0x68,0xc5,0x47,0xa2,0x92,0x5e,0x4c,0xfd,0x14,0xc7, - 0x46,0x14,0xbe,0xc7,0x85,0xef,0xe6,0xb8,0x46,0xcb,0x3a,0x67,0x66,0x89,0xc6,0xee, - 0x9d,0x64,0xf5,0x0d,0x09,0x80,0x9a,0x6f,0x0e,0xeb,0xe4,0xb9,0xe9,0xab,0x90,0x4f, - 0xe7,0x5a,0xc8,0xca,0xf6,0x16,0x0a,0x82,0xbd,0xb7,0x76,0x59,0x08,0x2d,0xd9,0x40, - 0x5d,0xaa,0xa5,0xef,0xfb,0xe3,0x81,0x2c,0x2c,0x5c,0xa8,0x16,0xbd,0x63,0x20,0xc2, - 0x4d,0x3b,0x51,0xaa,0x62,0x1f,0x06,0xe5,0xbb,0x78,0x44,0x04,0x0c,0x5c,0xe1,0x1b, - 0x6b,0x9d,0x21,0x10,0xaf,0x48,0x48,0x98,0x97,0x77,0xc2,0x73,0xb4,0x98,0x64,0xcc, - 0x94,0x2c,0x29,0x28,0x45,0x36,0xd1,0xc5,0xd0,0x2f,0x97,0x27,0x92,0x65,0x22,0xbb, - 0x63,0x79,0xea,0xf5,0xff,0x77,0x0f,0x4b,0x56,0x8a,0x9f,0xad,0x1a,0x97,0x67,0x39, - 0x69,0xb8,0x4c,0x6c,0xc2,0x56,0xc5,0x7a,0xa8,0x14,0x5a,0x24,0x7a,0xa4,0x6e,0x55, - 0xb2,0x86,0x1d,0xf4,0x62,0x5a,0x2d,0x87,0x6d,0xde,0x99,0x78,0x2d,0xef,0xd7,0xdc}}; -#endif // SHA384 -#if ALG_SHA512_VALUE == DEFAULT_TEST_HASH -const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { - 0x48,0x45,0xa7,0x70,0xb2,0x41,0xb7,0x48,0x5e,0x79,0x8c,0xdf,0x1c,0xc6,0x7e,0xbb, - 0x11,0x80,0x82,0x52,0xbf,0x40,0x3d,0x90,0x03,0x6e,0x20,0x3a,0xb9,0x65,0xc8,0x51, - 0x4c,0xbd,0x9c,0xa9,0x43,0x89,0xd0,0x57,0x0c,0xa3,0x69,0x22,0x7e,0x82,0x2a,0x1c, - 0x1d,0x5a,0x80,0x84,0x81,0xbb,0x5e,0x5e,0xd0,0xc1,0x66,0x9a,0xac,0x00,0xba,0x14, - 0xa2,0xe9,0xd0,0x3a,0x89,0x5a,0x63,0xe2,0xec,0x92,0x05,0xf4,0x47,0x66,0x12,0x7f, - 0xdb,0xa7,0x3c,0x5b,0x67,0xe1,0x55,0xca,0x0a,0x27,0xbf,0x39,0x89,0x11,0x05,0xba, - 0x9b,0x5a,0x9b,0x65,0x44,0xad,0x78,0xcf,0x8f,0x94,0xf6,0x9a,0xb4,0x52,0x39,0x0e, - 0x00,0xba,0xbc,0xe0,0xbd,0x6f,0x81,0x2d,0x76,0x42,0x66,0x70,0x07,0x77,0xbf,0x09, - 0x88,0x2a,0x0c,0xb1,0x56,0x3e,0xee,0xfd,0xdc,0xb6,0x3c,0x0d,0xc5,0xa4,0x0d,0x10, - 0x32,0x80,0x3e,0x1e,0xfe,0x36,0x8f,0xb5,0x42,0xc1,0x21,0x7b,0xdf,0xdf,0x4a,0xd2, - 0x68,0x0c,0x01,0x9f,0x4a,0xfd,0xd4,0xec,0xf7,0x49,0x06,0xab,0xed,0xc6,0xd5,0x1b, - 0x63,0x76,0x38,0xc8,0x6c,0xc7,0x4f,0xcb,0x29,0x8a,0x0e,0x6f,0x33,0xaf,0x69,0x31, - 0x8e,0xa7,0xdd,0x9a,0x36,0xde,0x9b,0xf1,0x0b,0xfb,0x20,0xa0,0x6d,0x33,0x31,0xc9, - 0x9e,0xb4,0x2e,0xc5,0x40,0x0e,0x60,0x71,0x36,0x75,0x05,0xf9,0x37,0xe0,0xca,0x8e, - 0x8f,0x56,0xe0,0xea,0x9b,0xeb,0x17,0xf3,0xca,0x40,0xc3,0x48,0x01,0xba,0xdc,0xc6, - 0x4b,0x2b,0x5b,0x7b,0x5c,0x81,0xa6,0xbb,0xc7,0x43,0xc0,0xbe,0xc0,0x30,0x7b,0x55}}; -const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { - 0x74,0x83,0xfa,0x52,0x65,0x50,0x68,0xd0,0x82,0x05,0x72,0x70,0x78,0x1c,0xac,0x10, - 0x23,0xc5,0x07,0xf8,0x93,0xd2,0xeb,0x65,0x87,0xbb,0x47,0xc2,0xfb,0x30,0x9e,0x61, - 0x4c,0xac,0x04,0x57,0x5a,0x7c,0xeb,0x29,0x08,0x84,0x86,0x89,0x1e,0x8f,0x07,0x32, - 0xa3,0x8b,0x70,0xe7,0xa2,0x9f,0x9c,0x42,0x71,0x3d,0x23,0x59,0x82,0x5e,0x8a,0xde, - 0xd6,0xfb,0xd8,0xc5,0x8b,0xc0,0xdb,0x10,0x38,0x87,0xd3,0xbf,0x04,0xb0,0x66,0xb9, - 0x85,0x81,0x54,0x4c,0x69,0xdc,0xba,0x78,0xf3,0x4a,0xdb,0x25,0xa2,0xf2,0x34,0x55, - 0xdd,0xaa,0xa5,0xc4,0xed,0x55,0x06,0x0e,0x2a,0x30,0x77,0xab,0x82,0x79,0xf0,0xcd, - 0x9d,0x6f,0x09,0xa0,0xc8,0x82,0xc9,0xe0,0x61,0xda,0x40,0xcd,0x17,0x59,0xc0,0xef, - 0x95,0x6d,0xa3,0x6d,0x1c,0x2b,0xee,0x24,0xef,0xd8,0x4a,0x55,0x6c,0xd6,0x26,0x42, - 0x32,0x17,0xfd,0x6a,0xb3,0x4f,0xde,0x07,0x2f,0x10,0xd4,0xac,0x14,0xea,0x89,0x68, - 0xcc,0xd3,0x07,0xb7,0xcf,0xba,0x39,0x20,0x63,0x20,0x7b,0x44,0x8b,0x48,0x60,0x5d, - 0x3a,0x2a,0x0a,0xe9,0x68,0xab,0x15,0x46,0x27,0x64,0xb5,0x82,0x06,0x29,0xe7,0x25, - 0xca,0x46,0x48,0x6e,0x2a,0x34,0x57,0x4b,0x81,0x75,0xae,0xb6,0xfd,0x6f,0x51,0x5f, - 0x04,0x59,0xc7,0x15,0x1f,0xe0,0x68,0xf7,0x36,0x2d,0xdf,0xc8,0x9d,0x05,0x27,0x2d, - 0x3f,0x2b,0x59,0x5d,0xcb,0xf3,0xc4,0x92,0x6e,0x00,0xa8,0x8d,0xd0,0x69,0xe5,0x59, - 0xda,0xba,0x4f,0x38,0xf5,0xa0,0x8b,0xf1,0x73,0xe9,0x0d,0xee,0x64,0xe5,0xa2,0xd8}}; -const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { - 0x1b,0xca,0x8b,0x18,0x15,0x3b,0x95,0x5b,0x0a,0x89,0x10,0x03,0x7f,0x7c,0xa0,0xc9, - 0x66,0x57,0x86,0x6a,0xc9,0xeb,0x82,0x71,0xf3,0x8d,0x6f,0xa9,0xa4,0x2d,0xd0,0x22, - 0xdf,0xe9,0xc6,0x71,0x5b,0xf4,0x27,0x38,0x5b,0x2c,0x8a,0x54,0xcc,0x85,0x11,0x69, - 0x6d,0x6f,0x42,0xe7,0x22,0xcb,0xd6,0xad,0x1a,0xc5,0xab,0x6a,0xa5,0xfc,0xa5,0x70, - 0x72,0x4a,0x62,0x25,0xd0,0xa2,0x16,0x61,0xab,0xac,0x31,0xa0,0x46,0x24,0x4f,0xdd, - 0x9a,0x36,0x55,0xb6,0x00,0x9e,0x23,0x50,0x0d,0x53,0x01,0xb3,0x46,0x56,0xb2,0x1d, - 0x33,0x5b,0xca,0x41,0x7f,0x65,0x7e,0x00,0x5c,0x12,0xff,0x0a,0x70,0x5d,0x8c,0x69, - 0x4a,0x02,0xee,0x72,0x30,0xa7,0x5c,0xa4,0xbb,0xbe,0x03,0x0c,0xe4,0x5f,0x33,0xb6, - 0x78,0x91,0x9d,0xd8,0xec,0x34,0x03,0x2e,0x63,0x32,0xc7,0x2a,0x36,0x50,0xd5,0x8b, - 0x0e,0x7f,0x54,0x4e,0xf4,0x29,0x11,0x1b,0xcd,0x0f,0x37,0xa5,0xbc,0x61,0x83,0x50, - 0xfa,0x18,0x75,0xd9,0xfe,0xa7,0xe8,0x9b,0xc1,0x4f,0x96,0x37,0x81,0x71,0xdf,0x71, - 0x8b,0x89,0x81,0xf4,0x95,0xb5,0x29,0x66,0x41,0x0c,0x73,0xd7,0x0b,0x21,0xb4,0xfb, - 0xf9,0x63,0x2f,0xe9,0x7b,0x38,0xaa,0x20,0xc3,0x96,0xcc,0xb7,0xb2,0x24,0xa1,0xe0, - 0x59,0x9c,0x10,0x9e,0x5a,0xf7,0xe3,0x02,0xe6,0x23,0xe2,0x44,0x21,0x3f,0x6e,0x5e, - 0x79,0xb2,0x93,0x7d,0xce,0xed,0xe2,0xe1,0xab,0x98,0x07,0xa7,0xbd,0xbc,0xd8,0xf7, - 0x06,0xeb,0xc5,0xa6,0x37,0x18,0x11,0x88,0xf7,0x63,0x39,0xb9,0x57,0x29,0xdc,0x03}}; -const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { - 0x05,0x55,0x00,0x62,0x01,0xc6,0x04,0x31,0x55,0x73,0x3f,0x2a,0xf9,0xd4,0x0f,0xc1, - 0x2b,0xeb,0xd8,0xc8,0xdb,0xb2,0xab,0x6c,0x26,0xde,0x2d,0x89,0xc2,0x2d,0x36,0x62, - 0xc8,0x22,0x5d,0x58,0x03,0xb1,0x46,0x14,0xa5,0xd4,0xbc,0x25,0x6b,0x7f,0x8f,0x14, - 0x7e,0x03,0x2f,0x3d,0xb8,0x39,0xa5,0x79,0x13,0x7e,0x22,0x2a,0xb9,0x3e,0x8f,0xaa, - 0x01,0x7c,0x03,0x12,0x21,0x6c,0x2a,0xb4,0x39,0x98,0x6d,0xff,0x08,0x6c,0x59,0x2d, - 0xdc,0xc6,0xf1,0x77,0x62,0x10,0xa6,0xcc,0xe2,0x71,0x8e,0x97,0x00,0x87,0x5b,0x0e, - 0x20,0x00,0x3f,0x18,0x63,0x83,0xf0,0xe4,0x0a,0x64,0x8c,0xe9,0x8c,0x91,0xe7,0x89, - 0x04,0x64,0x2c,0x8b,0x41,0xc8,0xac,0xf6,0x5a,0x75,0xe6,0xa5,0x76,0x43,0xcb,0xa5, - 0x33,0x8b,0x07,0xc9,0x73,0x0f,0x45,0xa4,0xc3,0xac,0xc1,0xc3,0xe6,0xe7,0x21,0x66, - 0x1c,0xba,0xbf,0xea,0x3e,0x39,0xfa,0xb2,0xe2,0x8f,0xfe,0x9c,0xb4,0x85,0x89,0x33, - 0x2a,0x0c,0xc8,0x5d,0x58,0xe1,0x89,0x12,0xe9,0x4d,0x42,0xb3,0x1f,0x99,0x0c,0x3e, - 0xd8,0xb2,0xeb,0xf5,0x88,0xfb,0xe1,0x4b,0x8e,0xdc,0xd3,0xa8,0xda,0xbe,0x04,0x45, - 0xbf,0x56,0xc6,0x54,0x70,0x00,0xb8,0x66,0x46,0x3a,0xa3,0x1e,0xb6,0xeb,0x1a,0xa0, - 0x0b,0xd3,0x9a,0x9a,0x52,0xda,0x60,0x69,0xb7,0xef,0x93,0x47,0x38,0xab,0x1a,0xa0, - 0x22,0x6e,0x76,0x06,0xb6,0x74,0xaf,0x74,0x8f,0x51,0xc0,0x89,0x5a,0x4b,0xbe,0x6a, - 0x91,0x18,0x25,0x7d,0xa6,0x77,0xe6,0xfd,0xc2,0x62,0x36,0x07,0xc6,0xef,0x79,0xc9}}; -#endif // SHA512 +const TPM2B_RSA_TEST_VALUE c_OaepKvt = + {RSA_TEST_KEY_SIZE, + {0x32, 0x68, 0x84, 0x0b, 0x9c, 0xc9, 0x25, 0x26, 0xd9, 0xc0, 0xd0, 0xb1, 0xde, + 0x60, 0x55, 0xae, 0x33, 0xe5, 0xcf, 0x6c, 0x85, 0xbe, 0x0d, 0x71, 0x11, 0xe1, + 0x45, 0x60, 0xbb, 0x42, 0x3d, 0xf3, 0xb1, 0x18, 0x84, 0x7b, 0xc6, 0x5d, 0xce, + 0x1d, 0x5f, 0x9a, 0x97, 0xcf, 0xb1, 0x97, 0x9a, 0x85, 0x7c, 0xa7, 0xa1, 0x63, + 0x23, 0xb6, 0x74, 0x0f, 0x1a, 0xee, 0x29, 0x51, 0xeb, 0x50, 0x8f, 0x3c, 0x8e, + 0x4e, 0x31, 0x38, 0xdc, 0x11, 0xfc, 0x9a, 0x4e, 0xaf, 0x93, 0xc9, 0x7f, 0x6e, + 0x35, 0xf3, 0xc9, 0xe4, 0x89, 0x14, 0x53, 0xe2, 0xc2, 0x1a, 0xf7, 0x6b, 0x9b, + 0xf0, 0x7a, 0xa4, 0x69, 0x52, 0xe0, 0x24, 0x8f, 0xea, 0x31, 0xa7, 0x5c, 0x43, + 0xb0, 0x65, 0xc9, 0xfe, 0xba, 0xfe, 0x80, 0x9e, 0xa5, 0xc0, 0xf5, 0x8d, 0xce, + 0x41, 0xf9, 0x83, 0x0d, 0x8e, 0x0f, 0xef, 0x3d, 0x1f, 0x6a, 0xcc, 0x8a, 0x3d, + 0x3b, 0xdf, 0x22, 0x38, 0xd7, 0x34, 0x58, 0x7b, 0x55, 0xc9, 0xf6, 0xbc, 0x7c, + 0x4c, 0x3f, 0xd7, 0xde, 0x4e, 0x30, 0xa9, 0x69, 0xf3, 0x5f, 0x56, 0x8f, 0xc2, + 0xe7, 0x75, 0x79, 0xb8, 0xa5, 0xc8, 0x0d, 0xc0, 0xcd, 0xb6, 0xc9, 0x63, 0xad, + 0x7c, 0xe4, 0x8f, 0x39, 0x60, 0x4d, 0x7d, 0xdb, 0x34, 0x49, 0x2a, 0x47, 0xde, + 0xc0, 0x42, 0x4a, 0x19, 0x94, 0x2e, 0x50, 0x21, 0x03, 0x47, 0xff, 0x73, 0xb3, + 0xb7, 0x89, 0xcc, 0x7b, 0x2c, 0xeb, 0x03, 0xa7, 0x9a, 0x06, 0xfd, 0xed, 0x19, + 0xbb, 0x82, 0xa0, 0x13, 0xe9, 0xfa, 0xac, 0x06, 0x5f, 0xc5, 0xa9, 0x2b, 0xda, + 0x88, 0x23, 0xa2, 0x5d, 0xc2, 0x7f, 0xda, 0xc8, 0x5a, 0x94, 0x31, 0xc1, 0x21, + 0xd7, 0x1e, 0x6b, 0xd7, 0x89, 0xb1, 0x93, 0x80, 0xab, 0xd1, 0x37, 0xf2, 0x6f, + 0x50, 0xcd, 0x2a, 0xea, 0xb1, 0xc4, 0xcd, 0xcb, 0xb5}}; -#endif +const TPM2B_RSA_TEST_VALUE c_RsaesKvt = + {RSA_TEST_KEY_SIZE, + {0x29, 0xa4, 0x2f, 0xbb, 0x8a, 0x14, 0x05, 0x1e, 0x3c, 0x72, 0x76, 0x77, 0x38, + 0xe7, 0x73, 0xe3, 0x6e, 0x24, 0x4b, 0x38, 0xd2, 0x1a, 0xcf, 0x23, 0x58, 0x78, + 0x36, 0x82, 0x23, 0x6e, 0x6b, 0xef, 0x2c, 0x3d, 0xf2, 0xe8, 0xd6, 0xc6, 0x87, + 0x8e, 0x78, 0x9b, 0x27, 0x39, 0xc0, 0xd6, 0xef, 0x4d, 0x0b, 0xfc, 0x51, 0x27, + 0x18, 0xf3, 0x51, 0x5e, 0x4d, 0x96, 0x3a, 0xe2, 0x15, 0xe2, 0x7e, 0x42, 0xf4, + 0x16, 0xd5, 0xc6, 0x52, 0x5d, 0x17, 0x44, 0x76, 0x09, 0x7a, 0xcf, 0xe3, 0x30, + 0xe3, 0x84, 0xf6, 0x6f, 0x3a, 0x33, 0xfb, 0x32, 0x0d, 0x1d, 0xe7, 0x7c, 0x80, + 0x82, 0x4f, 0xed, 0xda, 0x87, 0x11, 0x9c, 0xc3, 0x7e, 0x85, 0xbd, 0x18, 0x58, + 0x08, 0x2b, 0x23, 0x37, 0xe7, 0x9d, 0xd0, 0xd1, 0x79, 0xe2, 0x05, 0xbd, 0xf5, + 0x4f, 0x0e, 0x0f, 0xdb, 0x4a, 0x74, 0xeb, 0x09, 0x01, 0xb3, 0xca, 0xbd, 0xa6, + 0x7b, 0x09, 0xb1, 0x13, 0x77, 0x30, 0x4d, 0x87, 0x41, 0x06, 0x57, 0x2e, 0x5f, + 0x36, 0x6e, 0xfc, 0x35, 0x69, 0xfe, 0x0a, 0x24, 0x6c, 0x98, 0x8c, 0xda, 0x97, + 0xf4, 0xfb, 0xc7, 0x83, 0x2d, 0x3e, 0x7d, 0xc0, 0x5c, 0x34, 0xfd, 0x11, 0x2a, + 0x12, 0xa7, 0xae, 0x4a, 0xde, 0xc8, 0x4e, 0xcf, 0xf4, 0x85, 0x63, 0x77, 0xc6, + 0x33, 0x34, 0xe0, 0x27, 0xe4, 0x9e, 0x91, 0x0b, 0x4b, 0x85, 0xf0, 0xb0, 0x79, + 0xaa, 0x7c, 0xc6, 0xff, 0x3b, 0xbc, 0x04, 0x73, 0xb8, 0x95, 0xd7, 0x31, 0x54, + 0x3b, 0x56, 0xec, 0x52, 0x15, 0xd7, 0x3e, 0x62, 0xf5, 0x82, 0x99, 0x3e, 0x2a, + 0xc0, 0x4b, 0x2e, 0x06, 0x57, 0x6d, 0x3f, 0x3e, 0x77, 0x1f, 0x2b, 0x2d, 0xc5, + 0xb9, 0x3b, 0x68, 0x56, 0x73, 0x70, 0x32, 0x6b, 0x6b, 0x65, 0x25, 0x76, 0x45, + 0x6c, 0x45, 0xf1, 0x6c, 0x59, 0xfc, 0x94, 0xa7, 0x15}}; + +const TPM2B_RSA_TEST_VALUE c_RsapssKvt = + {RSA_TEST_KEY_SIZE, + {0x01, 0xfe, 0xd5, 0x83, 0x0b, 0x15, 0xba, 0x90, 0x2c, 0xdf, 0xf7, 0x26, 0xb7, + 0x8f, 0xb1, 0xd7, 0x0b, 0xfd, 0x83, 0xf9, 0x95, 0xd5, 0xd7, 0xb5, 0xc5, 0xc5, + 0x4a, 0xde, 0xd5, 0xe6, 0x20, 0x78, 0xca, 0x73, 0x77, 0x3d, 0x61, 0x36, 0x48, + 0xae, 0x3e, 0x8f, 0xee, 0x43, 0x29, 0x96, 0xdf, 0x3f, 0x1c, 0x97, 0x5a, 0xbe, + 0xe5, 0xa2, 0x7e, 0x5b, 0xd0, 0xc0, 0x29, 0x39, 0x83, 0x81, 0x77, 0x24, 0x43, + 0xdb, 0x3c, 0x64, 0x4d, 0xf0, 0x23, 0xe4, 0xae, 0x0f, 0x78, 0x31, 0x8c, 0xda, + 0x0c, 0xec, 0xf1, 0xdf, 0x09, 0xf2, 0x14, 0x6a, 0x4d, 0xaf, 0x36, 0x81, 0x6e, + 0xbd, 0xbe, 0x36, 0x79, 0x88, 0x98, 0xb6, 0x6f, 0x5a, 0xad, 0xcf, 0x7c, 0xee, + 0xe0, 0xdd, 0x00, 0xbe, 0x59, 0x97, 0x88, 0x00, 0x34, 0xc0, 0x8b, 0x48, 0x42, + 0x05, 0x04, 0x5a, 0xb7, 0x85, 0x38, 0xa0, 0x35, 0xd7, 0x3b, 0x51, 0xb8, 0x7b, + 0x81, 0x83, 0xee, 0xff, 0x76, 0x6f, 0x50, 0x39, 0x4d, 0xab, 0x89, 0x63, 0x07, + 0x6d, 0xf5, 0xe5, 0x01, 0x10, 0x56, 0xfe, 0x93, 0x06, 0x8f, 0xd3, 0xc9, 0x41, + 0xab, 0xc9, 0xdf, 0x6e, 0x59, 0xa8, 0xc3, 0x1d, 0xbf, 0x96, 0x4a, 0x59, 0x80, + 0x3c, 0x90, 0x3a, 0x59, 0x56, 0x4c, 0x6d, 0x44, 0x6d, 0xeb, 0xdc, 0x73, 0xcd, + 0xc1, 0xec, 0xb8, 0x41, 0xbf, 0x89, 0x8c, 0x03, 0x69, 0x4c, 0xaf, 0x3f, 0xc1, + 0xc5, 0xc7, 0xe7, 0x7d, 0xa7, 0x83, 0x39, 0x70, 0xa2, 0x6b, 0x83, 0xbc, 0xbe, + 0xf5, 0xbf, 0x1c, 0xee, 0x6e, 0xa3, 0x22, 0x1e, 0x25, 0x2f, 0x16, 0x68, 0x69, + 0x5a, 0x1d, 0xfa, 0x2c, 0x3a, 0x0f, 0x67, 0xe1, 0x77, 0x12, 0xe8, 0x3d, 0xba, + 0xaa, 0xef, 0x96, 0x9c, 0x1f, 0x64, 0x32, 0xf4, 0xa7, 0xb3, 0x3f, 0x7d, 0x61, + 0xbb, 0x9a, 0x27, 0xad, 0xfb, 0x2f, 0x33, 0xc4, 0x70}}; + +const TPM2B_RSA_TEST_VALUE c_RsassaKvt = + {RSA_TEST_KEY_SIZE, + {0x67, 0x4e, 0xdd, 0xc2, 0xd2, 0x6d, 0xe0, 0x03, 0xc4, 0xc2, 0x41, 0xd3, 0xd4, + 0x61, 0x30, 0xd0, 0xe1, 0x68, 0x31, 0x4a, 0xda, 0xd9, 0xc2, 0x5d, 0xaa, 0xa2, + 0x7b, 0xfb, 0x44, 0x02, 0xf5, 0xd6, 0xd8, 0x2e, 0xcd, 0x13, 0x36, 0xc9, 0x4b, + 0xdb, 0x1a, 0x4b, 0x66, 0x1b, 0x4f, 0x9c, 0xb7, 0x17, 0xac, 0x53, 0x37, 0x4f, + 0x21, 0xbd, 0x0c, 0x66, 0xac, 0x06, 0x65, 0x52, 0x9f, 0x04, 0xf6, 0xa5, 0x22, + 0x5b, 0xf7, 0xe6, 0x0d, 0x3c, 0x9f, 0x41, 0x19, 0x09, 0x88, 0x7c, 0x41, 0x4c, + 0x2f, 0x9c, 0x8b, 0x3c, 0xdd, 0x7c, 0x28, 0x78, 0x24, 0xd2, 0x09, 0xa6, 0x5b, + 0xf7, 0x3c, 0x88, 0x7e, 0x73, 0x5a, 0x2d, 0x36, 0x02, 0x4f, 0x65, 0xb0, 0xcb, + 0xc8, 0xdc, 0xac, 0xa2, 0xda, 0x8b, 0x84, 0x91, 0x71, 0xe4, 0x30, 0x8b, 0xb6, + 0x12, 0xf2, 0xf0, 0xd0, 0xa0, 0x38, 0xcf, 0x75, 0xb7, 0x20, 0xcb, 0x35, 0x51, + 0x52, 0x6b, 0xc4, 0xf4, 0x21, 0x95, 0xc2, 0xf7, 0x9a, 0x13, 0xc1, 0x1a, 0x7b, + 0x8f, 0x77, 0xda, 0x19, 0x48, 0xbb, 0x6d, 0x14, 0x5d, 0xba, 0x65, 0xb4, 0x9e, + 0x43, 0x42, 0x58, 0x98, 0x0b, 0x91, 0x46, 0xd8, 0x4c, 0xf3, 0x4c, 0xaf, 0x2e, + 0x02, 0xa6, 0xb2, 0x49, 0x12, 0x62, 0x43, 0x4e, 0xa8, 0xac, 0xbf, 0xfd, 0xfa, + 0x37, 0x24, 0xea, 0x69, 0x1c, 0xf5, 0xae, 0xfa, 0x08, 0x82, 0x30, 0xc3, 0xc0, + 0xf8, 0x9a, 0x89, 0x33, 0xe1, 0x40, 0x6d, 0x18, 0x5c, 0x7b, 0x90, 0x48, 0xbf, + 0x37, 0xdb, 0xea, 0xfb, 0x0e, 0xd4, 0x2e, 0x11, 0xfa, 0xa9, 0x86, 0xff, 0x00, + 0x0b, 0x7b, 0xca, 0x09, 0x64, 0x6a, 0x8f, 0x0c, 0x0e, 0x09, 0x14, 0x36, 0x4a, + 0x74, 0x31, 0x18, 0x5b, 0x18, 0xeb, 0xea, 0x83, 0xc3, 0x66, 0x68, 0xa6, 0x7d, + 0x43, 0x06, 0x0f, 0x99, 0x60, 0xce, 0x65, 0x08, 0xf6}}; + +#endif // SHA1 + +#if ALG_SHA256_VALUE == DEFAULT_TEST_HASH + +const TPM2B_RSA_TEST_VALUE c_OaepKvt = + {RSA_TEST_KEY_SIZE, + {0x33, 0x20, 0x6e, 0x21, 0xc3, 0xf6, 0xcd, 0xf8, 0xd7, 0x5d, 0x9f, 0xe9, 0x05, + 0x14, 0x8c, 0x7c, 0xbb, 0x69, 0x24, 0x9e, 0x52, 0x8f, 0xaf, 0x84, 0x73, 0x21, + 0x2c, 0x85, 0xa5, 0x30, 0x4d, 0xb6, 0xb8, 0xfa, 0x15, 0x9b, 0xc7, 0x8f, 0xc9, + 0x7a, 0x72, 0x4b, 0x85, 0xa4, 0x1c, 0xc5, 0xd8, 0xe4, 0x92, 0xb3, 0xec, 0xd9, + 0xa8, 0xca, 0x5e, 0x74, 0x73, 0x89, 0x7f, 0xb4, 0xac, 0x7e, 0x68, 0x12, 0xb2, + 0x53, 0x27, 0x4b, 0xbf, 0xd0, 0x71, 0x69, 0x46, 0x9f, 0xef, 0xf4, 0x70, 0x60, + 0xf8, 0xd7, 0xae, 0xc7, 0x5a, 0x27, 0x38, 0x25, 0x2d, 0x25, 0xab, 0x96, 0x56, + 0x66, 0x3a, 0x23, 0x40, 0xa8, 0xdb, 0xbc, 0x86, 0xe8, 0xf3, 0xd2, 0x58, 0x0b, + 0x44, 0xfc, 0x94, 0x1e, 0xb7, 0x5d, 0xb4, 0x57, 0xb5, 0xf3, 0x56, 0xee, 0x9b, + 0xcf, 0x97, 0x91, 0x29, 0x36, 0xe3, 0x06, 0x13, 0xa2, 0xea, 0xd6, 0xd6, 0x0b, + 0x86, 0x0b, 0x1a, 0x27, 0xe6, 0x22, 0xc4, 0x7b, 0xff, 0xde, 0x0f, 0xbf, 0x79, + 0xc8, 0x1b, 0xed, 0xf1, 0x27, 0x62, 0xb5, 0x8b, 0xf9, 0xd9, 0x76, 0x90, 0xf6, + 0xcc, 0x83, 0x0f, 0xce, 0xce, 0x2e, 0x63, 0x7a, 0x9b, 0xf4, 0x48, 0x5b, 0xd7, + 0x81, 0x2c, 0x3a, 0xdb, 0x59, 0x0d, 0x4d, 0x9e, 0x46, 0xe9, 0x9e, 0x92, 0x22, + 0x27, 0x1c, 0xb0, 0x67, 0x8a, 0xe6, 0x8a, 0x16, 0x8a, 0xdf, 0x95, 0x76, 0x24, + 0x82, 0xad, 0xf1, 0xbc, 0x97, 0xbf, 0xd3, 0x5e, 0x6e, 0x14, 0x0c, 0x5b, 0x25, + 0xfe, 0x58, 0xfa, 0x64, 0xe5, 0x14, 0x46, 0xb7, 0x58, 0xc6, 0x3f, 0x7f, 0x42, + 0xd2, 0x8e, 0x45, 0x13, 0x41, 0x85, 0x12, 0x2e, 0x96, 0x19, 0xd0, 0x5e, 0x7d, + 0x34, 0x06, 0x32, 0x2b, 0xc8, 0xd9, 0x0d, 0x6c, 0x06, 0x36, 0xa0, 0xff, 0x47, + 0x57, 0x2c, 0x25, 0xbc, 0x8a, 0xa5, 0xe2, 0xc7, 0xe3}}; + +const TPM2B_RSA_TEST_VALUE c_RsaesKvt = + {RSA_TEST_KEY_SIZE, + {0x39, 0xfc, 0x10, 0x5d, 0xf4, 0x45, 0x3d, 0x94, 0x53, 0x06, 0x89, 0x24, 0xe7, + 0xe8, 0xfd, 0x03, 0xac, 0xfd, 0xbd, 0xb2, 0x28, 0xd3, 0x4a, 0x52, 0xc5, 0xd4, + 0xdb, 0x17, 0xd4, 0x24, 0x05, 0xc4, 0xeb, 0x6a, 0xce, 0x1d, 0xbb, 0x37, 0xcb, + 0x09, 0xd8, 0x6c, 0x83, 0x19, 0x93, 0xd4, 0xe2, 0x88, 0x88, 0x9b, 0xaf, 0x92, + 0x16, 0xc4, 0x15, 0xbd, 0x49, 0x13, 0x22, 0xb7, 0x84, 0xcf, 0x23, 0xf2, 0x6f, + 0x0c, 0x3e, 0x8f, 0xde, 0x04, 0x09, 0x31, 0x2d, 0x99, 0xdf, 0xe6, 0x74, 0x70, + 0x30, 0xde, 0x8c, 0xad, 0x32, 0x86, 0xe2, 0x7c, 0x12, 0x90, 0x21, 0xf3, 0x86, + 0xb7, 0xe2, 0x64, 0xca, 0x98, 0xcc, 0x64, 0x4b, 0xef, 0x57, 0x4f, 0x5a, 0x16, + 0x6e, 0xd7, 0x2f, 0x5b, 0xf6, 0x07, 0xad, 0x33, 0xb4, 0x8f, 0x3b, 0x3a, 0x8b, + 0xd9, 0x06, 0x2b, 0xed, 0x3c, 0x3c, 0x76, 0xf6, 0x21, 0x31, 0xe3, 0xfb, 0x2c, + 0x45, 0x61, 0x42, 0xba, 0xe0, 0xc3, 0x72, 0x63, 0xd0, 0x6b, 0x8f, 0x36, 0x26, + 0xfb, 0x9e, 0x89, 0x0e, 0x44, 0x9a, 0xc1, 0x84, 0x5e, 0x84, 0x8d, 0xb6, 0xea, + 0xf1, 0x0d, 0x66, 0xc7, 0xdb, 0x44, 0xbd, 0x19, 0x7c, 0x05, 0xbe, 0xc4, 0xab, + 0x88, 0x32, 0xbe, 0xc7, 0x63, 0x31, 0xe6, 0x38, 0xd4, 0xe5, 0xb8, 0x4b, 0xf5, + 0x0e, 0x55, 0x9a, 0x3a, 0xe6, 0x0a, 0xec, 0xee, 0xe2, 0xa8, 0x88, 0x04, 0xf2, + 0xb8, 0xaa, 0x5a, 0xd8, 0x97, 0x5d, 0xa0, 0xa8, 0x42, 0xfb, 0xd9, 0xde, 0x80, + 0xae, 0x4c, 0xb3, 0xa1, 0x90, 0x47, 0x57, 0x03, 0x10, 0x78, 0xa6, 0x8f, 0x11, + 0xba, 0x4b, 0xce, 0x2d, 0x56, 0xa4, 0xe1, 0xbd, 0xf8, 0xa0, 0xa4, 0xd5, 0x48, + 0x3c, 0x63, 0x20, 0x00, 0x38, 0xa0, 0xd1, 0xe6, 0x12, 0xe9, 0x1d, 0xd8, 0x49, + 0xe3, 0xd5, 0x24, 0xb5, 0xc5, 0x3a, 0x1f, 0xb0, 0xd4}}; + +const TPM2B_RSA_TEST_VALUE c_RsapssKvt = + {RSA_TEST_KEY_SIZE, + {0x74, 0x89, 0x29, 0x3e, 0x1b, 0xac, 0xc6, 0x85, 0xca, 0xf0, 0x63, 0x43, 0x30, + 0x7d, 0x1c, 0x9b, 0x2f, 0xbd, 0x4d, 0x69, 0x39, 0x5e, 0x85, 0xe2, 0xef, 0x86, + 0x0a, 0xc6, 0x6b, 0xa6, 0x08, 0x19, 0x6c, 0x56, 0x38, 0x24, 0x55, 0x92, 0x84, + 0x9b, 0x1b, 0x8b, 0x04, 0xcf, 0x24, 0x14, 0x24, 0x13, 0x0e, 0x8b, 0x82, 0x6f, + 0x96, 0xc8, 0x9a, 0x68, 0xfc, 0x4c, 0x02, 0xf0, 0xdc, 0xcd, 0x36, 0x25, 0x31, + 0xd5, 0x82, 0xcf, 0xc9, 0x69, 0x72, 0xf6, 0x1d, 0xab, 0x68, 0x20, 0x2e, 0x2d, + 0x19, 0x49, 0xf0, 0x2e, 0xad, 0xd2, 0xda, 0xaf, 0xff, 0xb6, 0x92, 0x83, 0x5b, + 0x8a, 0x06, 0x2d, 0x0c, 0x32, 0x11, 0x32, 0x3b, 0x77, 0x17, 0xf6, 0x50, 0xfb, + 0xf8, 0x57, 0xc9, 0xc7, 0x9b, 0x9e, 0xc6, 0xd1, 0xa9, 0x55, 0xf0, 0x22, 0x35, + 0xda, 0xca, 0x3c, 0x8e, 0xc6, 0x9a, 0xd8, 0x25, 0xc8, 0x5e, 0x93, 0x0d, 0xaa, + 0xa7, 0x06, 0xaf, 0x11, 0x29, 0x99, 0xe7, 0x7c, 0xee, 0x49, 0x82, 0x30, 0xba, + 0x2c, 0xe2, 0x40, 0x8f, 0x0a, 0xa6, 0x7b, 0x24, 0x75, 0xc5, 0xcd, 0x03, 0x12, + 0xf4, 0xb2, 0x4b, 0x3a, 0xd1, 0x91, 0x3c, 0x20, 0x0e, 0x58, 0x2b, 0x31, 0xf8, + 0x8b, 0xee, 0xbc, 0x1f, 0x95, 0x35, 0x58, 0x6a, 0x73, 0xee, 0x99, 0xb0, 0x01, + 0x42, 0x4f, 0x66, 0xc0, 0x66, 0xbb, 0x35, 0x86, 0xeb, 0xd9, 0x7b, 0x55, 0x77, + 0x2d, 0x54, 0x78, 0x19, 0x49, 0xe8, 0xcc, 0xfd, 0xb1, 0xcb, 0x49, 0xc9, 0xea, + 0x20, 0xab, 0xed, 0xb5, 0xed, 0xfe, 0xb2, 0xb5, 0xa8, 0xcf, 0x05, 0x06, 0xd5, + 0x7d, 0x2b, 0xbb, 0x0b, 0x65, 0x6b, 0x2b, 0x6d, 0x55, 0x95, 0x85, 0x44, 0x8b, + 0x12, 0x05, 0xf3, 0x4b, 0xd4, 0x8e, 0x3d, 0x68, 0x2d, 0x29, 0x9c, 0x05, 0x79, + 0xd6, 0xfc, 0x72, 0x90, 0x6a, 0xab, 0x46, 0x38, 0x81}}; + +const TPM2B_RSA_TEST_VALUE c_RsassaKvt = + {RSA_TEST_KEY_SIZE, + {0x8a, 0xb1, 0x0a, 0xb5, 0xe4, 0x02, 0xf7, 0xdd, 0x45, 0x2a, 0xcc, 0x2b, 0x6b, + 0x8c, 0x0e, 0x9a, 0x92, 0x4f, 0x9b, 0xc5, 0xe4, 0x8b, 0x82, 0xb9, 0xb0, 0xd9, + 0x87, 0x8c, 0xcb, 0xf0, 0xb0, 0x59, 0xa5, 0x92, 0x21, 0xa0, 0xa7, 0x61, 0x5c, + 0xed, 0xa8, 0x6e, 0x22, 0x29, 0x46, 0xc7, 0x86, 0x37, 0x4b, 0x1b, 0x1e, 0x94, + 0x93, 0xc8, 0x4c, 0x17, 0x7a, 0xae, 0x59, 0x91, 0xf8, 0x83, 0x84, 0xc4, 0x8c, + 0x38, 0xc2, 0x35, 0x0e, 0x7e, 0x50, 0x67, 0x76, 0xe7, 0xd3, 0xec, 0x6f, 0x0d, + 0xa0, 0x5c, 0x2f, 0x0a, 0x80, 0x28, 0xd3, 0xc5, 0x7d, 0x2d, 0x1a, 0x0b, 0x96, + 0xd6, 0xe5, 0x98, 0x05, 0x8c, 0x4d, 0xa0, 0x1f, 0x8c, 0xb6, 0xfb, 0xb1, 0xcf, + 0xe9, 0xcb, 0x38, 0x27, 0x60, 0x64, 0x17, 0xca, 0xf4, 0x8b, 0x61, 0xb7, 0x1d, + 0xb6, 0x20, 0x9d, 0x40, 0x2a, 0x1c, 0xfd, 0x55, 0x40, 0x4b, 0x95, 0x39, 0x52, + 0x18, 0x3b, 0xab, 0x44, 0xe8, 0x83, 0x4b, 0x7c, 0x47, 0xfb, 0xed, 0x06, 0x9c, + 0xcd, 0x4f, 0xba, 0x81, 0xd6, 0xb7, 0x31, 0xcf, 0x5c, 0x23, 0xf8, 0x25, 0xab, + 0x95, 0x77, 0x0a, 0x8f, 0x46, 0xef, 0xfb, 0x59, 0xb8, 0x04, 0xd7, 0x1e, 0xf5, + 0xaf, 0x6a, 0x1a, 0x26, 0x9b, 0xae, 0xf4, 0xf5, 0x7f, 0x84, 0x6f, 0x3c, 0xed, + 0xf8, 0x24, 0x0b, 0x43, 0xd1, 0xba, 0x74, 0x89, 0x4e, 0x39, 0xfe, 0xab, 0xa5, + 0x16, 0xa5, 0x28, 0xee, 0x96, 0x84, 0x3e, 0x16, 0x6d, 0x5f, 0x4e, 0x0b, 0x7d, + 0x94, 0x16, 0x1b, 0x8c, 0xf9, 0xaa, 0x9b, 0xc0, 0x49, 0x02, 0x4c, 0x3e, 0x62, + 0xff, 0xfe, 0xa2, 0x20, 0x33, 0x5e, 0xa6, 0xdd, 0xda, 0x15, 0x2d, 0xb7, 0xcd, + 0xda, 0xff, 0xb1, 0x0b, 0x45, 0x7b, 0xd3, 0xa0, 0x42, 0x29, 0xab, 0xa9, 0x73, + 0xe9, 0xa4, 0xd9, 0x8d, 0xac, 0xa1, 0x88, 0x2c, 0x2d}}; + +#endif // SHA256 + +#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH + +const TPM2B_RSA_TEST_VALUE c_OaepKvt = + {RSA_TEST_KEY_SIZE, + {0x0f, 0x3c, 0x42, 0x4d, 0x8c, 0x91, 0x96, 0x05, 0x3c, 0xfd, 0x59, 0x3b, 0x7f, + 0x29, 0xbc, 0x03, 0x67, 0xc1, 0xff, 0x74, 0xe7, 0x09, 0xf4, 0x13, 0x45, 0xbe, + 0x13, 0x1d, 0xc9, 0x86, 0x94, 0xfe, 0xed, 0xa6, 0xe8, 0x3a, 0xcb, 0x89, 0x4d, + 0xec, 0x86, 0x63, 0x4c, 0xdb, 0xf1, 0x95, 0xee, 0xc1, 0x46, 0xc5, 0x3b, 0xd8, + 0xf8, 0xa2, 0x41, 0x6a, 0x60, 0x8b, 0x9e, 0x5e, 0x7f, 0x20, 0x16, 0xe3, 0x69, + 0xb6, 0x2d, 0x92, 0xfc, 0x60, 0xa2, 0x74, 0x88, 0xd5, 0xc7, 0xa6, 0xd1, 0xff, + 0xe3, 0x45, 0x02, 0x51, 0x39, 0xd9, 0xf3, 0x56, 0x0b, 0x91, 0x80, 0xe0, 0x6c, + 0xa8, 0xc3, 0x78, 0xef, 0x34, 0x22, 0x8c, 0xf5, 0xfb, 0x47, 0x98, 0x5d, 0x57, + 0x8e, 0x3a, 0xb9, 0xff, 0x92, 0x04, 0xc7, 0xc2, 0x6e, 0xfa, 0x14, 0xc1, 0xb9, + 0x68, 0x15, 0x5c, 0x12, 0xe8, 0xa8, 0xbe, 0xea, 0xe8, 0x8d, 0x9b, 0x48, 0x28, + 0x35, 0xdb, 0x4b, 0x52, 0xc1, 0x2d, 0x85, 0x47, 0x83, 0xd0, 0xe9, 0xae, 0x90, + 0x6e, 0x65, 0xd4, 0x34, 0x7f, 0x81, 0xce, 0x69, 0xf0, 0x96, 0x62, 0xf7, 0xec, + 0x41, 0xd5, 0xc2, 0xe3, 0x4b, 0xba, 0x9c, 0x8a, 0x02, 0xce, 0xf0, 0x5d, 0x14, + 0xf7, 0x09, 0x42, 0x8e, 0x4a, 0x27, 0xfe, 0x3e, 0x66, 0x42, 0x99, 0x03, 0xe1, + 0x69, 0xbd, 0xdb, 0x7f, 0x9b, 0x70, 0xeb, 0x4e, 0x9c, 0xac, 0x45, 0x67, 0x91, + 0x9f, 0x75, 0x10, 0xc6, 0xfc, 0x14, 0xe1, 0x28, 0xc1, 0x0e, 0xe0, 0x7e, 0xc0, + 0x5c, 0x1d, 0xee, 0xe8, 0xff, 0x45, 0x79, 0x51, 0x86, 0x08, 0xe6, 0x39, 0xac, + 0xb5, 0xfd, 0xb8, 0xf1, 0xdd, 0x2e, 0xf4, 0xb2, 0x1a, 0x69, 0x0d, 0xd9, 0x98, + 0x8e, 0xdb, 0x85, 0x61, 0x70, 0x20, 0x82, 0x91, 0x26, 0x87, 0x80, 0xc4, 0x6a, + 0xd8, 0x3b, 0x91, 0x4d, 0xd3, 0x33, 0x84, 0xad, 0xb7}}; + +const TPM2B_RSA_TEST_VALUE c_RsaesKvt = + {RSA_TEST_KEY_SIZE, + {0x44, 0xd5, 0x9f, 0xbc, 0x48, 0x03, 0x3d, 0x9f, 0x22, 0x91, 0x2a, 0xab, 0x3c, + 0x31, 0x71, 0xab, 0x86, 0x3f, 0x0f, 0x6f, 0x59, 0x5b, 0x93, 0x27, 0xbc, 0xbc, + 0xcd, 0x29, 0x38, 0x43, 0x2a, 0x3b, 0x3b, 0xd2, 0xb3, 0x45, 0x40, 0xba, 0x15, + 0xb4, 0x45, 0xe3, 0x56, 0xab, 0xff, 0xb3, 0x20, 0x26, 0x39, 0xcc, 0x48, 0xc5, + 0x5d, 0x41, 0x0d, 0x2f, 0x57, 0x7f, 0x9d, 0x16, 0x2e, 0x26, 0x57, 0xc7, 0x6b, + 0xf3, 0x36, 0x54, 0xbd, 0xb6, 0x1d, 0x46, 0x4e, 0x13, 0x50, 0xd7, 0x61, 0x9d, + 0x8d, 0x7b, 0xeb, 0x21, 0x9f, 0x79, 0xf3, 0xfd, 0xe0, 0x1b, 0xa8, 0xed, 0x6d, + 0x29, 0x33, 0x0d, 0x65, 0x94, 0x24, 0x1e, 0x62, 0x88, 0x6b, 0x2b, 0x4e, 0x39, + 0xf5, 0x80, 0x39, 0xca, 0x76, 0x95, 0xbc, 0x7c, 0x27, 0x1d, 0xdd, 0x3a, 0x11, + 0xf1, 0x3e, 0x54, 0x03, 0xb7, 0x43, 0x91, 0x99, 0x33, 0xfe, 0x9d, 0x14, 0x2c, + 0x87, 0x9a, 0x95, 0x18, 0x1f, 0x02, 0x04, 0x6a, 0xe2, 0xb7, 0x81, 0x14, 0x13, + 0x45, 0x16, 0xfb, 0xe4, 0xb7, 0x8f, 0xab, 0x2b, 0xd7, 0x60, 0x34, 0x8a, 0x55, + 0xbc, 0x01, 0x8c, 0x49, 0x02, 0x29, 0xf1, 0x9c, 0x94, 0x98, 0x44, 0xd0, 0x94, + 0xcb, 0xd4, 0x85, 0x4c, 0x3b, 0x77, 0x72, 0x99, 0xd5, 0x4b, 0xc6, 0x3b, 0xe4, + 0xd2, 0xc8, 0xe9, 0x6a, 0x23, 0x18, 0x3b, 0x3b, 0x5e, 0x32, 0xec, 0x70, 0x84, + 0x5d, 0xbb, 0x6a, 0x8f, 0x0c, 0x5f, 0x55, 0xa5, 0x30, 0x34, 0x48, 0xbb, 0xc2, + 0xdf, 0x12, 0xb9, 0x81, 0xad, 0x36, 0x3f, 0xf0, 0x24, 0x16, 0x48, 0x04, 0x4a, + 0x7f, 0xfd, 0x9f, 0x4c, 0xea, 0xfe, 0x1d, 0x83, 0xd0, 0x81, 0xad, 0x25, 0x6c, + 0x5f, 0x45, 0x36, 0x91, 0xf0, 0xd5, 0x8b, 0x53, 0x0a, 0xdf, 0xec, 0x9f, 0x04, + 0x58, 0xc4, 0x35, 0xa0, 0x78, 0x1f, 0x68, 0xe0, 0x22}}; + +const TPM2B_RSA_TEST_VALUE c_RsapssKvt = + {RSA_TEST_KEY_SIZE, + {0x3f, 0x3a, 0x82, 0x6d, 0x42, 0xe3, 0x8b, 0x4f, 0x45, 0x9c, 0xda, 0x6c, 0xbe, + 0xbe, 0xcd, 0x00, 0x98, 0xfb, 0xbe, 0x59, 0x30, 0xc6, 0x3c, 0xaa, 0xb3, 0x06, + 0x27, 0xb5, 0xda, 0xfa, 0xb2, 0xc3, 0x43, 0xb7, 0xbd, 0xe9, 0xd3, 0x23, 0xed, + 0x80, 0xce, 0x74, 0xb3, 0xb8, 0x77, 0x8d, 0xe6, 0x8d, 0x3c, 0xe5, 0xf5, 0xd7, + 0x80, 0xcf, 0x38, 0x55, 0x76, 0xd7, 0x87, 0xa8, 0xd6, 0x3a, 0xcf, 0xfd, 0xd8, + 0x91, 0x65, 0xab, 0x43, 0x66, 0x50, 0xb7, 0x9a, 0x13, 0x6b, 0x45, 0x80, 0x76, + 0x86, 0x22, 0x27, 0x72, 0xf7, 0xbb, 0x65, 0x22, 0x5c, 0x55, 0x60, 0xd8, 0x84, + 0x9f, 0xf2, 0x61, 0x52, 0xac, 0xf2, 0x4f, 0x5b, 0x7b, 0x21, 0xe1, 0xf5, 0x4b, + 0x8f, 0x01, 0xf2, 0x4b, 0xcf, 0xd3, 0xfb, 0x74, 0x5e, 0x6e, 0x96, 0xb4, 0xa8, + 0x0f, 0x01, 0x9b, 0x26, 0x54, 0x0a, 0x70, 0x55, 0x26, 0xb7, 0x0b, 0xe8, 0x01, + 0x68, 0x66, 0x0d, 0x6f, 0xb5, 0xfc, 0x66, 0xbd, 0x9e, 0x44, 0xed, 0x6a, 0x1e, + 0x3c, 0x3b, 0x61, 0x5d, 0xe8, 0xdb, 0x99, 0x5b, 0x67, 0xbf, 0x94, 0xfb, 0xe6, + 0x8c, 0x4b, 0x07, 0xcb, 0x43, 0x3a, 0x0d, 0xb1, 0x1b, 0x10, 0x66, 0x81, 0xe2, + 0x0d, 0xe7, 0xd1, 0xca, 0x85, 0xa7, 0x50, 0x82, 0x2d, 0xbf, 0xed, 0xcf, 0x43, + 0x6d, 0xdb, 0x2c, 0x7b, 0x73, 0x20, 0xfe, 0x73, 0x3f, 0x19, 0xc6, 0xdb, 0x69, + 0xb8, 0xc3, 0xd3, 0xf4, 0xe5, 0x64, 0xf8, 0x36, 0x8e, 0xd5, 0xd8, 0x09, 0x2a, + 0x5f, 0x26, 0x70, 0xa1, 0xd9, 0x5b, 0x14, 0xf8, 0x22, 0xe9, 0x9d, 0x22, 0x51, + 0xf4, 0x52, 0xc1, 0x6f, 0x53, 0xf5, 0xca, 0x0d, 0xda, 0x39, 0x8c, 0x29, 0x42, + 0xe8, 0x58, 0x89, 0xbb, 0xd1, 0x2e, 0xc5, 0xdb, 0x86, 0x8d, 0xaf, 0xec, 0x58, + 0x36, 0x8d, 0x8d, 0x57, 0x23, 0xd5, 0xdd, 0xb9, 0x24}}; + +const TPM2B_RSA_TEST_VALUE c_RsassaKvt = + {RSA_TEST_KEY_SIZE, + {0x39, 0x10, 0x58, 0x7d, 0x6d, 0xa8, 0xd5, 0x90, 0x07, 0xd6, 0x2b, 0x13, 0xe9, + 0xd8, 0x93, 0x7e, 0xf3, 0x5d, 0x71, 0xe0, 0xf0, 0x33, 0x3a, 0x4a, 0x22, 0xf3, + 0xe6, 0x95, 0xd3, 0x8e, 0x8c, 0x41, 0xe7, 0xb3, 0x13, 0xde, 0x4a, 0x45, 0xd3, + 0xd1, 0xfb, 0xb1, 0x3f, 0x9b, 0x39, 0xa5, 0x50, 0x58, 0xef, 0xb6, 0x3a, 0x43, + 0xdd, 0x54, 0xab, 0xda, 0x9d, 0x32, 0x49, 0xe4, 0x57, 0x96, 0xe5, 0x1b, 0x1d, + 0x8f, 0x33, 0x8e, 0x07, 0x67, 0x56, 0x14, 0xc1, 0x18, 0x78, 0xa2, 0x52, 0xe6, + 0x2e, 0x07, 0x81, 0xbe, 0xd8, 0xca, 0x76, 0x63, 0x68, 0xc5, 0x47, 0xa2, 0x92, + 0x5e, 0x4c, 0xfd, 0x14, 0xc7, 0x46, 0x14, 0xbe, 0xc7, 0x85, 0xef, 0xe6, 0xb8, + 0x46, 0xcb, 0x3a, 0x67, 0x66, 0x89, 0xc6, 0xee, 0x9d, 0x64, 0xf5, 0x0d, 0x09, + 0x80, 0x9a, 0x6f, 0x0e, 0xeb, 0xe4, 0xb9, 0xe9, 0xab, 0x90, 0x4f, 0xe7, 0x5a, + 0xc8, 0xca, 0xf6, 0x16, 0x0a, 0x82, 0xbd, 0xb7, 0x76, 0x59, 0x08, 0x2d, 0xd9, + 0x40, 0x5d, 0xaa, 0xa5, 0xef, 0xfb, 0xe3, 0x81, 0x2c, 0x2c, 0x5c, 0xa8, 0x16, + 0xbd, 0x63, 0x20, 0xc2, 0x4d, 0x3b, 0x51, 0xaa, 0x62, 0x1f, 0x06, 0xe5, 0xbb, + 0x78, 0x44, 0x04, 0x0c, 0x5c, 0xe1, 0x1b, 0x6b, 0x9d, 0x21, 0x10, 0xaf, 0x48, + 0x48, 0x98, 0x97, 0x77, 0xc2, 0x73, 0xb4, 0x98, 0x64, 0xcc, 0x94, 0x2c, 0x29, + 0x28, 0x45, 0x36, 0xd1, 0xc5, 0xd0, 0x2f, 0x97, 0x27, 0x92, 0x65, 0x22, 0xbb, + 0x63, 0x79, 0xea, 0xf5, 0xff, 0x77, 0x0f, 0x4b, 0x56, 0x8a, 0x9f, 0xad, 0x1a, + 0x97, 0x67, 0x39, 0x69, 0xb8, 0x4c, 0x6c, 0xc2, 0x56, 0xc5, 0x7a, 0xa8, 0x14, + 0x5a, 0x24, 0x7a, 0xa4, 0x6e, 0x55, 0xb2, 0x86, 0x1d, 0xf4, 0x62, 0x5a, 0x2d, + 0x87, 0x6d, 0xde, 0x99, 0x78, 0x2d, 0xef, 0xd7, 0xdc}}; + +#endif // SHA384 + +#if ALG_SHA512_VALUE == DEFAULT_TEST_HASH + +const TPM2B_RSA_TEST_VALUE c_OaepKvt = + {RSA_TEST_KEY_SIZE, + {0x48, 0x45, 0xa7, 0x70, 0xb2, 0x41, 0xb7, 0x48, 0x5e, 0x79, 0x8c, 0xdf, 0x1c, + 0xc6, 0x7e, 0xbb, 0x11, 0x80, 0x82, 0x52, 0xbf, 0x40, 0x3d, 0x90, 0x03, 0x6e, + 0x20, 0x3a, 0xb9, 0x65, 0xc8, 0x51, 0x4c, 0xbd, 0x9c, 0xa9, 0x43, 0x89, 0xd0, + 0x57, 0x0c, 0xa3, 0x69, 0x22, 0x7e, 0x82, 0x2a, 0x1c, 0x1d, 0x5a, 0x80, 0x84, + 0x81, 0xbb, 0x5e, 0x5e, 0xd0, 0xc1, 0x66, 0x9a, 0xac, 0x00, 0xba, 0x14, 0xa2, + 0xe9, 0xd0, 0x3a, 0x89, 0x5a, 0x63, 0xe2, 0xec, 0x92, 0x05, 0xf4, 0x47, 0x66, + 0x12, 0x7f, 0xdb, 0xa7, 0x3c, 0x5b, 0x67, 0xe1, 0x55, 0xca, 0x0a, 0x27, 0xbf, + 0x39, 0x89, 0x11, 0x05, 0xba, 0x9b, 0x5a, 0x9b, 0x65, 0x44, 0xad, 0x78, 0xcf, + 0x8f, 0x94, 0xf6, 0x9a, 0xb4, 0x52, 0x39, 0x0e, 0x00, 0xba, 0xbc, 0xe0, 0xbd, + 0x6f, 0x81, 0x2d, 0x76, 0x42, 0x66, 0x70, 0x07, 0x77, 0xbf, 0x09, 0x88, 0x2a, + 0x0c, 0xb1, 0x56, 0x3e, 0xee, 0xfd, 0xdc, 0xb6, 0x3c, 0x0d, 0xc5, 0xa4, 0x0d, + 0x10, 0x32, 0x80, 0x3e, 0x1e, 0xfe, 0x36, 0x8f, 0xb5, 0x42, 0xc1, 0x21, 0x7b, + 0xdf, 0xdf, 0x4a, 0xd2, 0x68, 0x0c, 0x01, 0x9f, 0x4a, 0xfd, 0xd4, 0xec, 0xf7, + 0x49, 0x06, 0xab, 0xed, 0xc6, 0xd5, 0x1b, 0x63, 0x76, 0x38, 0xc8, 0x6c, 0xc7, + 0x4f, 0xcb, 0x29, 0x8a, 0x0e, 0x6f, 0x33, 0xaf, 0x69, 0x31, 0x8e, 0xa7, 0xdd, + 0x9a, 0x36, 0xde, 0x9b, 0xf1, 0x0b, 0xfb, 0x20, 0xa0, 0x6d, 0x33, 0x31, 0xc9, + 0x9e, 0xb4, 0x2e, 0xc5, 0x40, 0x0e, 0x60, 0x71, 0x36, 0x75, 0x05, 0xf9, 0x37, + 0xe0, 0xca, 0x8e, 0x8f, 0x56, 0xe0, 0xea, 0x9b, 0xeb, 0x17, 0xf3, 0xca, 0x40, + 0xc3, 0x48, 0x01, 0xba, 0xdc, 0xc6, 0x4b, 0x2b, 0x5b, 0x7b, 0x5c, 0x81, 0xa6, + 0xbb, 0xc7, 0x43, 0xc0, 0xbe, 0xc0, 0x30, 0x7b, 0x55}}; + +const TPM2B_RSA_TEST_VALUE c_RsaesKvt = + {RSA_TEST_KEY_SIZE, + {0x74, 0x83, 0xfa, 0x52, 0x65, 0x50, 0x68, 0xd0, 0x82, 0x05, 0x72, 0x70, 0x78, + 0x1c, 0xac, 0x10, 0x23, 0xc5, 0x07, 0xf8, 0x93, 0xd2, 0xeb, 0x65, 0x87, 0xbb, + 0x47, 0xc2, 0xfb, 0x30, 0x9e, 0x61, 0x4c, 0xac, 0x04, 0x57, 0x5a, 0x7c, 0xeb, + 0x29, 0x08, 0x84, 0x86, 0x89, 0x1e, 0x8f, 0x07, 0x32, 0xa3, 0x8b, 0x70, 0xe7, + 0xa2, 0x9f, 0x9c, 0x42, 0x71, 0x3d, 0x23, 0x59, 0x82, 0x5e, 0x8a, 0xde, 0xd6, + 0xfb, 0xd8, 0xc5, 0x8b, 0xc0, 0xdb, 0x10, 0x38, 0x87, 0xd3, 0xbf, 0x04, 0xb0, + 0x66, 0xb9, 0x85, 0x81, 0x54, 0x4c, 0x69, 0xdc, 0xba, 0x78, 0xf3, 0x4a, 0xdb, + 0x25, 0xa2, 0xf2, 0x34, 0x55, 0xdd, 0xaa, 0xa5, 0xc4, 0xed, 0x55, 0x06, 0x0e, + 0x2a, 0x30, 0x77, 0xab, 0x82, 0x79, 0xf0, 0xcd, 0x9d, 0x6f, 0x09, 0xa0, 0xc8, + 0x82, 0xc9, 0xe0, 0x61, 0xda, 0x40, 0xcd, 0x17, 0x59, 0xc0, 0xef, 0x95, 0x6d, + 0xa3, 0x6d, 0x1c, 0x2b, 0xee, 0x24, 0xef, 0xd8, 0x4a, 0x55, 0x6c, 0xd6, 0x26, + 0x42, 0x32, 0x17, 0xfd, 0x6a, 0xb3, 0x4f, 0xde, 0x07, 0x2f, 0x10, 0xd4, 0xac, + 0x14, 0xea, 0x89, 0x68, 0xcc, 0xd3, 0x07, 0xb7, 0xcf, 0xba, 0x39, 0x20, 0x63, + 0x20, 0x7b, 0x44, 0x8b, 0x48, 0x60, 0x5d, 0x3a, 0x2a, 0x0a, 0xe9, 0x68, 0xab, + 0x15, 0x46, 0x27, 0x64, 0xb5, 0x82, 0x06, 0x29, 0xe7, 0x25, 0xca, 0x46, 0x48, + 0x6e, 0x2a, 0x34, 0x57, 0x4b, 0x81, 0x75, 0xae, 0xb6, 0xfd, 0x6f, 0x51, 0x5f, + 0x04, 0x59, 0xc7, 0x15, 0x1f, 0xe0, 0x68, 0xf7, 0x36, 0x2d, 0xdf, 0xc8, 0x9d, + 0x05, 0x27, 0x2d, 0x3f, 0x2b, 0x59, 0x5d, 0xcb, 0xf3, 0xc4, 0x92, 0x6e, 0x00, + 0xa8, 0x8d, 0xd0, 0x69, 0xe5, 0x59, 0xda, 0xba, 0x4f, 0x38, 0xf5, 0xa0, 0x8b, + 0xf1, 0x73, 0xe9, 0x0d, 0xee, 0x64, 0xe5, 0xa2, 0xd8}}; + +const TPM2B_RSA_TEST_VALUE c_RsapssKvt = + {RSA_TEST_KEY_SIZE, + {0x1b, 0xca, 0x8b, 0x18, 0x15, 0x3b, 0x95, 0x5b, 0x0a, 0x89, 0x10, 0x03, 0x7f, + 0x7c, 0xa0, 0xc9, 0x66, 0x57, 0x86, 0x6a, 0xc9, 0xeb, 0x82, 0x71, 0xf3, 0x8d, + 0x6f, 0xa9, 0xa4, 0x2d, 0xd0, 0x22, 0xdf, 0xe9, 0xc6, 0x71, 0x5b, 0xf4, 0x27, + 0x38, 0x5b, 0x2c, 0x8a, 0x54, 0xcc, 0x85, 0x11, 0x69, 0x6d, 0x6f, 0x42, 0xe7, + 0x22, 0xcb, 0xd6, 0xad, 0x1a, 0xc5, 0xab, 0x6a, 0xa5, 0xfc, 0xa5, 0x70, 0x72, + 0x4a, 0x62, 0x25, 0xd0, 0xa2, 0x16, 0x61, 0xab, 0xac, 0x31, 0xa0, 0x46, 0x24, + 0x4f, 0xdd, 0x9a, 0x36, 0x55, 0xb6, 0x00, 0x9e, 0x23, 0x50, 0x0d, 0x53, 0x01, + 0xb3, 0x46, 0x56, 0xb2, 0x1d, 0x33, 0x5b, 0xca, 0x41, 0x7f, 0x65, 0x7e, 0x00, + 0x5c, 0x12, 0xff, 0x0a, 0x70, 0x5d, 0x8c, 0x69, 0x4a, 0x02, 0xee, 0x72, 0x30, + 0xa7, 0x5c, 0xa4, 0xbb, 0xbe, 0x03, 0x0c, 0xe4, 0x5f, 0x33, 0xb6, 0x78, 0x91, + 0x9d, 0xd8, 0xec, 0x34, 0x03, 0x2e, 0x63, 0x32, 0xc7, 0x2a, 0x36, 0x50, 0xd5, + 0x8b, 0x0e, 0x7f, 0x54, 0x4e, 0xf4, 0x29, 0x11, 0x1b, 0xcd, 0x0f, 0x37, 0xa5, + 0xbc, 0x61, 0x83, 0x50, 0xfa, 0x18, 0x75, 0xd9, 0xfe, 0xa7, 0xe8, 0x9b, 0xc1, + 0x4f, 0x96, 0x37, 0x81, 0x71, 0xdf, 0x71, 0x8b, 0x89, 0x81, 0xf4, 0x95, 0xb5, + 0x29, 0x66, 0x41, 0x0c, 0x73, 0xd7, 0x0b, 0x21, 0xb4, 0xfb, 0xf9, 0x63, 0x2f, + 0xe9, 0x7b, 0x38, 0xaa, 0x20, 0xc3, 0x96, 0xcc, 0xb7, 0xb2, 0x24, 0xa1, 0xe0, + 0x59, 0x9c, 0x10, 0x9e, 0x5a, 0xf7, 0xe3, 0x02, 0xe6, 0x23, 0xe2, 0x44, 0x21, + 0x3f, 0x6e, 0x5e, 0x79, 0xb2, 0x93, 0x7d, 0xce, 0xed, 0xe2, 0xe1, 0xab, 0x98, + 0x07, 0xa7, 0xbd, 0xbc, 0xd8, 0xf7, 0x06, 0xeb, 0xc5, 0xa6, 0x37, 0x18, 0x11, + 0x88, 0xf7, 0x63, 0x39, 0xb9, 0x57, 0x29, 0xdc, 0x03}}; + +const TPM2B_RSA_TEST_VALUE c_RsassaKvt = + {RSA_TEST_KEY_SIZE, + {0x05, 0x55, 0x00, 0x62, 0x01, 0xc6, 0x04, 0x31, 0x55, 0x73, 0x3f, 0x2a, 0xf9, + 0xd4, 0x0f, 0xc1, 0x2b, 0xeb, 0xd8, 0xc8, 0xdb, 0xb2, 0xab, 0x6c, 0x26, 0xde, + 0x2d, 0x89, 0xc2, 0x2d, 0x36, 0x62, 0xc8, 0x22, 0x5d, 0x58, 0x03, 0xb1, 0x46, + 0x14, 0xa5, 0xd4, 0xbc, 0x25, 0x6b, 0x7f, 0x8f, 0x14, 0x7e, 0x03, 0x2f, 0x3d, + 0xb8, 0x39, 0xa5, 0x79, 0x13, 0x7e, 0x22, 0x2a, 0xb9, 0x3e, 0x8f, 0xaa, 0x01, + 0x7c, 0x03, 0x12, 0x21, 0x6c, 0x2a, 0xb4, 0x39, 0x98, 0x6d, 0xff, 0x08, 0x6c, + 0x59, 0x2d, 0xdc, 0xc6, 0xf1, 0x77, 0x62, 0x10, 0xa6, 0xcc, 0xe2, 0x71, 0x8e, + 0x97, 0x00, 0x87, 0x5b, 0x0e, 0x20, 0x00, 0x3f, 0x18, 0x63, 0x83, 0xf0, 0xe4, + 0x0a, 0x64, 0x8c, 0xe9, 0x8c, 0x91, 0xe7, 0x89, 0x04, 0x64, 0x2c, 0x8b, 0x41, + 0xc8, 0xac, 0xf6, 0x5a, 0x75, 0xe6, 0xa5, 0x76, 0x43, 0xcb, 0xa5, 0x33, 0x8b, + 0x07, 0xc9, 0x73, 0x0f, 0x45, 0xa4, 0xc3, 0xac, 0xc1, 0xc3, 0xe6, 0xe7, 0x21, + 0x66, 0x1c, 0xba, 0xbf, 0xea, 0x3e, 0x39, 0xfa, 0xb2, 0xe2, 0x8f, 0xfe, 0x9c, + 0xb4, 0x85, 0x89, 0x33, 0x2a, 0x0c, 0xc8, 0x5d, 0x58, 0xe1, 0x89, 0x12, 0xe9, + 0x4d, 0x42, 0xb3, 0x1f, 0x99, 0x0c, 0x3e, 0xd8, 0xb2, 0xeb, 0xf5, 0x88, 0xfb, + 0xe1, 0x4b, 0x8e, 0xdc, 0xd3, 0xa8, 0xda, 0xbe, 0x04, 0x45, 0xbf, 0x56, 0xc6, + 0x54, 0x70, 0x00, 0xb8, 0x66, 0x46, 0x3a, 0xa3, 0x1e, 0xb6, 0xeb, 0x1a, 0xa0, + 0x0b, 0xd3, 0x9a, 0x9a, 0x52, 0xda, 0x60, 0x69, 0xb7, 0xef, 0x93, 0x47, 0x38, + 0xab, 0x1a, 0xa0, 0x22, 0x6e, 0x76, 0x06, 0xb6, 0x74, 0xaf, 0x74, 0x8f, 0x51, + 0xc0, 0x89, 0x5a, 0x4b, 0xbe, 0x6a, 0x91, 0x18, 0x25, 0x7d, 0xa6, 0x77, 0xe6, + 0xfd, 0xc2, 0x62, 0x36, 0x07, 0xc6, 0xef, 0x79, 0xc9}}; + +#endif // SHA512 diff --git a/src/tpm2/RunCommand.c b/src/tpm2/RunCommand.c index 37c51a41..7e3d515d 100644 --- a/src/tpm2/RunCommand.c +++ b/src/tpm2/RunCommand.c @@ -59,47 +59,49 @@ /* */ /********************************************************************************/ -/* C.11 RunCommand.c */ -/* C.11.1. Introduction */ -/* This module provides the platform specific entry and fail processing. The _plat__RunCommand() - function is used to call to ExecuteCommand() in the TPM code. This function does whatever - processing is necessary to set up the platform in anticipation of the call to the TPM including - settup for error processing. */ -/* The _plat__Fail() function is called when there is a failure in the TPM. The TPM code will have - set the flag to indicate that the TPM is in failure mode. This call will then recursively call - ExecuteCommand() in order to build the failure mode response. When ExecuteCommand() returns to - _plat__Fail(), the platform will do some platform specific operation to return to the environment - in which the TPM is executing. For a simulator, setjmp/longjmp is used. For an OS, a system exit - to the OS would be appropriate. */ -/* C.11.2. Includes and locals */ +//**Introduction +// This module provides the platform specific entry and fail processing. The +// _plat__RunCommand() function is used to call to ExecuteCommand() in the TPM code. +// This function does whatever processing is necessary to set up the platform +// in anticipation of the call to the TPM including settup for error processing. +// +// The _plat__Fail() function is called when there is a failure in the TPM. The TPM +// code will have set the flag to indicate that the TPM is in failure mode. +// This call will then recursively call ExecuteCommand in order to build the +// failure mode response. When ExecuteCommand() returns to _plat__Fail(), the +// platform will do some platform specific operation to return to the environment in +// which the TPM is executing. For a simulator, setjmp/longjmp is used. For an OS, +// a system exit to the OS would be appropriate. + +//** Includes and locals #include "Platform.h" #include #include "ExecCommand_fp.h" -jmp_buf s_jumpBuffer; -/* C.11.3. Functions */ -/* C.11.3.1. _plat__RunCommand() */ -/* This version of RunCommand() will set up a jum_buf and call ExecuteCommand(). If the command - executes without failing, it will return and RunCommand() will return. If there is a failure in - the command, then _plat__Fail() is called and it will longjump back to RunCommand() which will - call ExecuteCommand() again. However, this time, the TPM will be in failure mode so - ExecuteCommand() will simply build a failure response and return. */ -LIB_EXPORT void -_plat__RunCommand( - uint32_t requestSize, // IN: command buffer size - unsigned char *request, // IN: command buffer - uint32_t *responseSize, // IN/OUT: response buffer size - unsigned char **response // IN/OUT: response buffer - ) + +jmp_buf s_jumpBuffer; +//** Functions + +//***_plat__RunCommand() +// This version of RunCommand will set up a jum_buf and call ExecuteCommand(). If +// the command executes without failing, it will return and RunCommand will return. +// If there is a failure in the command, then _plat__Fail() is called and it will +// longjump back to RunCommand which will call ExecuteCommand again. However, this +// time, the TPM will be in failure mode so ExecuteCommand will simply build +// a failure response and return. +LIB_EXPORT void _plat__RunCommand( + uint32_t requestSize, // IN: command buffer size + unsigned char* request, // IN: command buffer + uint32_t* responseSize, // IN/OUT: response buffer size + unsigned char** response // IN/OUT: response buffer +) { setjmp(s_jumpBuffer); ExecuteCommand(requestSize, request, responseSize, response); } -/* C.11.3.2. _plat__Fail() */ -/* This is the platform depended failure exit for the TPM. */ -LIB_EXPORT NORETURN void -_plat__Fail( - void - ) + +//***_plat__Fail() +// This is the platform depended failure exit for the TPM. +LIB_EXPORT NORETURN void _plat__Fail(void) { longjmp(&s_jumpBuffer[0], 1); } diff --git a/src/tpm2/RuntimeProfile_fp.h b/src/tpm2/RuntimeProfile_fp.h index 37d6cae9..ae3ac28c 100644 --- a/src/tpm2/RuntimeProfile_fp.h +++ b/src/tpm2/RuntimeProfile_fp.h @@ -42,6 +42,8 @@ #ifndef RUNTIME_PROFILE_H #define RUNTIME_PROFILE_H +#include + #include "RuntimeAlgorithm_fp.h" #include "RuntimeCommands_fp.h" #include "RuntimeAttributes_fp.h" diff --git a/src/tpm2/SelfTest.h b/src/tpm2/SelfTest.h index 7283d42e..2a833b00 100644 --- a/src/tpm2/SelfTest.h +++ b/src/tpm2/SelfTest.h @@ -75,7 +75,7 @@ #define CAMELLIA_ENTRIES (CAMELLIA_128 + CAMELLIA_192 + CAMELLIA_256) #define TDES_ENTRIES (TDES_128 * 2 + TDES_192 * 2) /* libtpms changed */ -#define NUM_SYMS (AES_ENTRIES + SM4_ENTRIES + CAMELLIA_ENTRIES + TDES_ENTRIES) +#define NUM_SYMS (AES_ENTRIES + SM4_ENTRIES + CAMELLIA_ENTRIES + TDES_ENTRIES) // libtpmss added TDES_ENTRIES typedef UINT32 SYM_INDEX; diff --git a/src/tpm2/SelfTest_fp.h b/src/tpm2/SelfTest_fp.h index 63ecb2c1..e1ba1a5a 100644 --- a/src/tpm2/SelfTest_fp.h +++ b/src/tpm2/SelfTest_fp.h @@ -59,20 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef SELFTEST_FP_H -#define SELFTEST_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct{ - TPMI_YES_NO fullTest; -} SelfTest_In; +#if CC_SelfTest // Command must be enabled -#define RC_SelfTest_fullTest (TPM_RC_P + TPM_RC_1) +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_SELFTEST_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_SELFTEST_FP_H_ +// Input structure definition +typedef struct +{ + TPMI_YES_NO fullTest; +} SelfTest_In; + +// Response code modifiers +# define RC_SelfTest_fullTest (TPM_RC_P + TPM_RC_1) + +// Function prototype TPM_RC -TPM2_SelfTest( - SelfTest_In *in // IN: input parameter list - ); +TPM2_SelfTest(SelfTest_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_SELFTEST_FP_H_ +#endif // CC_SelfTest diff --git a/src/tpm2/SequenceComplete_fp.h b/src/tpm2/SequenceComplete_fp.h index efe59656..574db088 100644 --- a/src/tpm2/SequenceComplete_fp.h +++ b/src/tpm2/SequenceComplete_fp.h @@ -59,34 +59,37 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef SEQUENCECOMPLETE_FP_H -#define SEQUENCECOMPLETE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT sequenceHandle; - TPM2B_MAX_BUFFER buffer; - TPMI_RH_HIERARCHY hierarchy; +#if CC_SequenceComplete // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_SEQUENCECOMPLETE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_SEQUENCECOMPLETE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT sequenceHandle; + TPM2B_MAX_BUFFER buffer; + TPMI_RH_HIERARCHY hierarchy; } SequenceComplete_In; -#define RC_SequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_1) -#define RC_SequenceComplete_buffer (TPM_RC_P + TPM_RC_1) -#define RC_SequenceComplete_hierarchy (TPM_RC_P + TPM_RC_2) - - -typedef struct { - TPM2B_DIGEST result; - TPMT_TK_HASHCHECK validation; +// Output structure definition +typedef struct +{ + TPM2B_DIGEST result; + TPMT_TK_HASHCHECK validation; } SequenceComplete_Out; +// Response code modifiers +# define RC_SequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_1) +# define RC_SequenceComplete_buffer (TPM_RC_P + TPM_RC_1) +# define RC_SequenceComplete_hierarchy (TPM_RC_P + TPM_RC_2) - +// Function prototype TPM_RC -TPM2_SequenceComplete( - SequenceComplete_In *in, // IN: input parameter list - SequenceComplete_Out *out // OUT: output parameter list - ); +TPM2_SequenceComplete(SequenceComplete_In* in, SequenceComplete_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_SEQUENCECOMPLETE_FP_H_ +#endif // CC_SequenceComplete diff --git a/src/tpm2/SequenceUpdate_fp.h b/src/tpm2/SequenceUpdate_fp.h index bedff796..9cce2f1e 100644 --- a/src/tpm2/SequenceUpdate_fp.h +++ b/src/tpm2/SequenceUpdate_fp.h @@ -59,24 +59,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef SEQUENCEUPDATE_FP_H -#define SEQUENCEUPDATE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT +#if CC_SequenceUpdate // Command must be enabled -typedef struct { - TPMI_DH_OBJECT sequenceHandle; - TPM2B_MAX_BUFFER buffer; +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_SEQUENCEUPDATE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_SEQUENCEUPDATE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT sequenceHandle; + TPM2B_MAX_BUFFER buffer; } SequenceUpdate_In; -#define RC_SequenceUpdate_sequenceHandle (TPM_RC_P + TPM_RC_1) -#define RC_SequenceUpdate_buffer (TPM_RC_P + TPM_RC_2) +// Response code modifiers +# define RC_SequenceUpdate_sequenceHandle (TPM_RC_P + TPM_RC_1) +# define RC_SequenceUpdate_buffer (TPM_RC_P + TPM_RC_2) +// Function prototype TPM_RC -TPM2_SequenceUpdate( - SequenceUpdate_In *in // IN: input parameter list - ); +TPM2_SequenceUpdate(SequenceUpdate_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_SEQUENCEUPDATE_FP_H_ +#endif // CC_SequenceUpdate diff --git a/src/tpm2/Session.c b/src/tpm2/Session.c index ca1a203a..72ba096f 100644 --- a/src/tpm2/Session.c +++ b/src/tpm2/Session.c @@ -60,85 +60,85 @@ //**Introduction /* - The code in this file is used to manage the session context counter. - The scheme implemented here is a "truncated counter". - This scheme allows the TPM to not need TPM_SU_CLEAR for a - very long period of time and still not have the context - count for a session repeated. + The code in this file is used to manage the session context counter. + The scheme implemented here is a "truncated counter". + This scheme allows the TPM to not need TPM_SU_CLEAR for a + very long period of time and still not have the context + count for a session repeated. - The counter (contextCounter)in this implementation is a UINT64 but - can be smaller. The "tracking array" (contextArray) only - has 16-bits per context. The tracking array is the data - that needs to be saved and restored across TPM_SU_STATE so that - sessions are not lost when the system enters the sleep state. - Also, when the TPM is active, the tracking array is kept in - RAM making it important that the number of bytes for each - entry be kept as small as possible. + The counter (contextCounter)in this implementation is a UINT64 but + can be smaller. The "tracking array" (contextArray) only + has 16-bits per context. The tracking array is the data + that needs to be saved and restored across TPM_SU_STATE so that + sessions are not lost when the system enters the sleep state. + Also, when the TPM is active, the tracking array is kept in + RAM making it important that the number of bytes for each + entry be kept as small as possible. - The TPM prevents "collisions" of these truncated values by - not allowing a contextID to be assigned if it would be the - same as an existing value. Since the array holds 16 bits, - after a context has been saved, an additional 2^16-1 contexts - may be saved before the count would again match. The normal - expectation is that the context will be flushed before its count - value is needed again but it is always possible to have long-lived - sessions. + The TPM prevents "collisions" of these truncated values by + not allowing a contextID to be assigned if it would be the + same as an existing value. Since the array holds 16 bits, + after a context has been saved, an additional 2^16-1 contexts + may be saved before the count would again match. The normal + expectation is that the context will be flushed before its count + value is needed again but it is always possible to have long-lived + sessions. - The contextID is assigned when the context is saved (TPM2_ContextSave()). - At that time, the TPM will compare the low-order 16 bits of - contextCounter to the existing values in contextArray and if one - matches, the TPM will return TPM_RC_CONTEXT_GAP (by construction, - the entry that contains the matching value is the oldest - context). + The contextID is assigned when the context is saved (TPM2_ContextSave()). + At that time, the TPM will compare the low-order 16 bits of + contextCounter to the existing values in contextArray and if one + matches, the TPM will return TPM_RC_CONTEXT_GAP (by construction, + the entry that contains the matching value is the oldest + context). - The expected remediation by the TRM is to load the oldest saved - session context (the one found by the TPM), and save it. Since loading - the oldest session also eliminates its contextID value from - contextArray, there TPM will always be able to load and save the oldest - existing context. + The expected remediation by the TRM is to load the oldest saved + session context (the one found by the TPM), and save it. Since loading + the oldest session also eliminates its contextID value from + contextArray, there TPM will always be able to load and save the oldest + existing context. - In the worst case, software may have to load and save several contexts - in order to save an additional one. This should happen very infrequently. + In the worst case, software may have to load and save several contexts + in order to save an additional one. This should happen very infrequently. - When the TPM searches contextArray and finds that none of the contextIDs - match the low-order 16-bits of contextCount, the TPM can copy the low bits - to the contextArray associated with the session, and increment contextCount. + When the TPM searches contextArray and finds that none of the contextIDs + match the low-order 16-bits of contextCount, the TPM can copy the low bits + to the contextArray associated with the session, and increment contextCount. - There is one entry in contextArray for each of the active sessions - allowed by the TPM implementation. This array contains either a - context count, an index, or a value indicating the slot is available (0). + There is one entry in contextArray for each of the active sessions + allowed by the TPM implementation. This array contains either a + context count, an index, or a value indicating the slot is available (0). - The index into the contextArray is the handle for the session with the region - selector byte of the session set to zero. If an entry in contextArray contains - 0, then the corresponding handle may be assigned to a session. If the entry - contains a value that is less than or equal to the number of loaded sessions - for the TPM, then the array entry is the slot in which the context is loaded. + The index into the contextArray is the handle for the session with the region + selector byte of the session set to zero. If an entry in contextArray contains + 0, then the corresponding handle may be assigned to a session. If the entry + contains a value that is less than or equal to the number of loaded sessions + for the TPM, then the array entry is the slot in which the context is loaded. - EXAMPLE: If the TPM allows 8 loaded sessions, then the slot numbers would - be 1-8 and a contextArrary value in that range would represent the loaded - session. + EXAMPLE: If the TPM allows 8 loaded sessions, then the slot numbers would + be 1-8 and a contextArrary value in that range would represent the loaded + session. - NOTE: When the TPM firmware determines that the array entry is for a loaded - session, it will subtract 1 to create the zero-based slot number. + NOTE: When the TPM firmware determines that the array entry is for a loaded + session, it will subtract 1 to create the zero-based slot number. - There is one significant corner case in this scheme. When the contextCount - is equal to a value in the contextArray, the oldest session needs to be - recycled or flushed. In order to recycle the session, it must be loaded. - To be loaded, there must be an available slot. Rather than require that a - spare slot be available all the time, the TPM will check to see if the - contextCount is equal to some value in the contextArray when a session is - created. This prevents the last session slot from being used when it - is likely that a session will need to be recycled. + There is one significant corner case in this scheme. When the contextCount + is equal to a value in the contextArray, the oldest session needs to be + recycled or flushed. In order to recycle the session, it must be loaded. + To be loaded, there must be an available slot. Rather than require that a + spare slot be available all the time, the TPM will check to see if the + contextCount is equal to some value in the contextArray when a session is + created. This prevents the last session slot from being used when it + is likely that a session will need to be recycled. - If a TPM with both 1.2 and 2.0 functionality uses this scheme for both - 1.2 and 2.0 sessions, and the list of active contexts is read with - TPM_GetCapabiltiy(), the TPM will create 32-bit representations of the - list that contains 16-bit values (the TPM2_GetCapability() returns a list - of handles for active sessions rather than a list of contextID). The full - contextID has high-order bits that are either the same as the current - contextCount or one less. It is one less if the 16-bits - of the contextArray has a value that is larger than the low-order 16 bits - of contextCount. + If a TPM with both 1.2 and 2.0 functionality uses this scheme for both + 1.2 and 2.0 sessions, and the list of active contexts is read with + TPM_GetCapabiltiy(), the TPM will create 32-bit representations of the + list that contains 16-bit values (the TPM2_GetCapability() returns a list + of handles for active sessions rather than a list of contextID). The full + contextID has high-order bits that are either the same as the current + contextCount or one less. It is one less if the 16-bits + of the contextArray has a value that is larger than the low-order 16 bits + of contextCount. */ //** Includes, Defines, and Local Variables @@ -147,22 +147,22 @@ //** File Scope Function -- ContextIdSetOldest() /* - This function is called when the oldest contextID is being loaded or deleted. - Once a saved context becomes the oldest, it stays the oldest until it is - deleted. + This function is called when the oldest contextID is being loaded or deleted. + Once a saved context becomes the oldest, it stays the oldest until it is + deleted. - Finding the oldest is a bit tricky. It is not just the numeric comparison of - values but is dependent on the value of contextCounter. + Finding the oldest is a bit tricky. It is not just the numeric comparison of + values but is dependent on the value of contextCounter. - Assume we have a small contextArray with 8, 4-bit values with values 1 and 2 - used to indicate the loaded context slot number. Also assume that the array - contains hex values of (0 0 1 0 3 0 9 F) and that the contextCounter is an - 8-bit counter with a value of 0x37. Since the low nibble is 7, that means - that values above 7 are older than values below it and, in this example, - 9 is the oldest value. + Assume we have a small contextArray with 8, 4-bit values with values 1 and 2 + used to indicate the loaded context slot number. Also assume that the array + contains hex values of (0 0 1 0 3 0 9 F) and that the contextCounter is an + 8-bit counter with a value of 0x37. Since the low nibble is 7, that means + that values above 7 are older than values below it and, in this example, + 9 is the oldest value. - Note if we subtract the counter value, from each slot that contains a saved - contextID we get (- - - - B - 2 - 8) and the oldest entry is now easy to find. + Note if we subtract the counter value, from each slot that contains a saved + contextID we get (- - - - B - 2 - 8) and the oldest entry is now easy to find. */ static void ContextIdSetOldest(void) { @@ -171,26 +171,27 @@ static void ContextIdSetOldest(void) CONTEXT_SLOT smallest = CONTEXT_SLOT_MASKED(~0); // libtpms changed UINT32 i; pAssert(s_ContextSlotMask == 0xff || s_ContextSlotMask == 0xffff); // libtpms added + // Set oldestSaveContext to a value indicating none assigned s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; lowBits = CONTEXT_SLOT_MASKED(gr.contextCounter); // libtpms changed for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - { - entry = gr.contextArray[i]; + { + entry = gr.contextArray[i]; - // only look at entries that are saved contexts - if(entry > MAX_LOADED_SESSIONS) - { - // Use a less than or equal in case the oldest - // is brand new (= lowBits-1) and equal to our initial - // value for smallest. - if(CONTEXT_SLOT_MASKED(entry - lowBits) <= smallest) // libtpms changed - { - smallest = CONTEXT_SLOT_MASKED(entry - lowBits); // libtpms changed - s_oldestSavedSession = i; - } - } - } + // only look at entries that are saved contexts + if(entry > MAX_LOADED_SESSIONS) + { + // Use a less than or equal in case the oldest + // is brand new (= lowBits-1) and equal to our initial + // value for smallest. + if(CONTEXT_SLOT_MASKED(entry - lowBits) <= smallest) // libtpms changed + { + smallest = CONTEXT_SLOT_MASKED(entry - lowBits); // libtpms changed + s_oldestSavedSession = i; + } + } + } // When we finish, either the s_oldestSavedSession still has its initial // value, or it has the index of the oldest saved context. } @@ -204,7 +205,7 @@ BOOL SessionStartup(STARTUP_TYPE type) // Initialize session slots. At startup, all the in-memory session slots // are cleared and marked as not occupied for(i = 0; i < MAX_LOADED_SESSIONS; i++) - s_sessions[i].occupied = FALSE; // session slot is not occupied + s_sessions[i].occupied = FALSE; // session slot is not occupied // The free session slots the number of maximum allowed loaded sessions s_freeSessionSlots = MAX_LOADED_SESSIONS; @@ -214,36 +215,36 @@ BOOL SessionStartup(STARTUP_TYPE type) // references a session that was in memory during the state save since that // memory was not preserved over the ST_SAVE. if(type == SU_RESUME || type == SU_RESTART) - { - // On ST_SAVE we preserve the contexts that were saved but not the ones - // in memory - for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - { - // If the array value is unused or references a loaded session then - // that loaded session context is lost and the array entry is - // reclaimed. - if(gr.contextArray[i] <= MAX_LOADED_SESSIONS) - gr.contextArray[i] = 0; - } - // Find the oldest session in context ID data and set it in - // s_oldestSavedSession - ContextIdSetOldest(); - } + { + // On ST_SAVE we preserve the contexts that were saved but not the ones + // in memory + for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) + { + // If the array value is unused or references a loaded session then + // that loaded session context is lost and the array entry is + // reclaimed. + if(gr.contextArray[i] <= MAX_LOADED_SESSIONS) + gr.contextArray[i] = 0; + } + // Find the oldest session in context ID data and set it in + // s_oldestSavedSession + ContextIdSetOldest(); + } else - { - // For STARTUP_CLEAR, clear out the contextArray - for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - gr.contextArray[i] = 0; + { + // For STARTUP_CLEAR, clear out the contextArray + for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) + gr.contextArray[i] = 0; - // reset the context counter - gr.contextCounter = MAX_LOADED_SESSIONS + 1; + // reset the context counter + gr.contextCounter = MAX_LOADED_SESSIONS + 1; - // Initialize oldest saved session - s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; + // Initialize oldest saved session + s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; - // Initialize the context slot mask for UINT16 - s_ContextSlotMask = 0xffff; // libtpms added - } + // Initialize the context slot mask for UINT16 + s_ContextSlotMask = 0xffff; // libtpms added + } return TRUE; } @@ -262,10 +263,10 @@ BOOL SessionStartup(STARTUP_TYPE type) // FALSE(0) session is not loaded // BOOL SessionIsLoaded(TPM_HANDLE handle // IN: session handle - ) +) { pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION - || HandleGetType(handle) == TPM_HT_HMAC_SESSION); + || HandleGetType(handle) == TPM_HT_HMAC_SESSION); handle = handle & HR_HANDLE_MASK; @@ -273,7 +274,7 @@ BOOL SessionIsLoaded(TPM_HANDLE handle // IN: session handle // session return false if(handle >= MAX_ACTIVE_SESSIONS || gr.contextArray[handle] == 0 || gr.contextArray[handle] > MAX_LOADED_SESSIONS) - return FALSE; + return FALSE; return TRUE; } @@ -291,17 +292,17 @@ BOOL SessionIsLoaded(TPM_HANDLE handle // IN: session handle // FALSE(0) session is not saved // BOOL SessionIsSaved(TPM_HANDLE handle // IN: session handle - ) +) { pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION - || HandleGetType(handle) == TPM_HT_HMAC_SESSION); + || HandleGetType(handle) == TPM_HT_HMAC_SESSION); handle = handle & HR_HANDLE_MASK; // if out of range of possible active session, or not assigned, or // assigned to a loaded session, return false if(handle >= MAX_ACTIVE_SESSIONS || gr.contextArray[handle] == 0 || gr.contextArray[handle] <= MAX_LOADED_SESSIONS) - return FALSE; + return FALSE; return TRUE; } @@ -310,9 +311,9 @@ BOOL SessionIsSaved(TPM_HANDLE handle // IN: session handle // This function validates that the sequence number and handle value within a // saved context are valid. BOOL SequenceNumberForSavedContextIsValid( - TPMS_CONTEXT* context // IN: pointer to a context structure to be - // validated - ) + TPMS_CONTEXT* context // IN: pointer to a context structure to be + // validated +) { #define MAX_CONTEXT_GAP ((UINT64)(CONTEXT_SLOT_MASKED(~0) + 1)) /* libtpms changed */ pAssert(s_ContextSlotMask == 0xff || s_ContextSlotMask == 0xffff); // libtpms added @@ -320,16 +321,16 @@ BOOL SequenceNumberForSavedContextIsValid( TPM_HANDLE handle = context->savedHandle & HR_HANDLE_MASK; if( // Handle must be with the range of active sessions - handle >= MAX_ACTIVE_SESSIONS - // the array entry must be for a saved context - || gr.contextArray[handle] <= MAX_LOADED_SESSIONS - // the array entry must agree with the sequence number - || gr.contextArray[handle] != CONTEXT_SLOT_MASKED(context->sequence) // libtpms changed - // the provided sequence number has to be less than the current counter - || context->sequence > gr.contextCounter - // but not so much that it could not be a valid sequence number - || gr.contextCounter - context->sequence > MAX_CONTEXT_GAP) - return FALSE; + handle >= MAX_ACTIVE_SESSIONS + // the array entry must be for a saved context + || gr.contextArray[handle] <= MAX_LOADED_SESSIONS + // the array entry must agree with the sequence number + || gr.contextArray[handle] != CONTEXT_SLOT_MASKED(context->sequence) // libtpms changed + // the provided sequence number has to be less than the current counter + || context->sequence > gr.contextCounter + // but not so much that it could not be a valid sequence number + || gr.contextCounter - context->sequence > MAX_CONTEXT_GAP) + return FALSE; return TRUE; } @@ -344,12 +345,12 @@ BOOL SequenceNumberForSavedContextIsValid( // TRUE(1) PCR value is current // FALSE(0) PCR value is not current BOOL SessionPCRValueIsCurrent(SESSION* session // IN: session structure - ) +) { if(session->pcrCounter != 0 && session->pcrCounter != gr.pcrCounter) - return FALSE; + return FALSE; else - return TRUE; + return TRUE; } //*** SessionGet() @@ -358,13 +359,13 @@ BOOL SessionPCRValueIsCurrent(SESSION* session // IN: session structure // // The function requires that the session is loaded. SESSION* SessionGet(TPM_HANDLE handle // IN: session handle - ) +) { size_t slotIndex; CONTEXT_SLOT sessionIndex; pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION - || HandleGetType(handle) == TPM_HT_HMAC_SESSION); + || HandleGetType(handle) == TPM_HT_HMAC_SESSION); slotIndex = handle & HR_HANDLE_MASK; @@ -399,13 +400,13 @@ SESSION* SessionGet(TPM_HANDLE handle // IN: session handle // TPM_RC_SESSION_HANDLE there is no slot available in the context array // for tracking of this session context static TPM_RC ContextIdSessionCreate( - TPM_HANDLE* handle, // OUT: receives the assigned handle. This will - // be an index that must be adjusted by the - // caller according to the type of the - // session created - UINT32 sessionIndex // IN: The session context array entry that will - // be occupied by the created session - ) + TPM_HANDLE* handle, // OUT: receives the assigned handle. This will + // be an index that must be adjusted by the + // caller according to the type of the + // session created + UINT32 sessionIndex // IN: The session context array entry that will + // be occupied by the created session +) { pAssert(sessionIndex < MAX_LOADED_SESSIONS); @@ -415,28 +416,28 @@ static TPM_RC ContextIdSessionCreate( // oldest context if needed. If the gap is not at maximum, then // it will be possible to save a context if it becomes necessary. if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS && s_freeSessionSlots == 1) - { - // See if the gap is at maximum - // The current value of the contextCounter will be assigned to the next - // saved context. If the value to be assigned would make the same as an - // existing context, then we can't use it because of the ambiguity it would - // create. - if(CONTEXT_SLOT_MASKED(gr.contextCounter) // libtpms changed - == gr.contextArray[s_oldestSavedSession]) - return TPM_RC_CONTEXT_GAP; - } + { + // See if the gap is at maximum + // The current value of the contextCounter will be assigned to the next + // saved context. If the value to be assigned would make the same as an + // existing context, then we can't use it because of the ambiguity it would + // create. + if(CONTEXT_SLOT_MASKED(gr.contextCounter) // libtpms changed + == gr.contextArray[s_oldestSavedSession]) + return TPM_RC_CONTEXT_GAP; + } // Find an unoccupied entry in the contextArray for(*handle = 0; *handle < MAX_ACTIVE_SESSIONS; (*handle)++) - { - if(gr.contextArray[*handle] == 0) - { - // indicate that the session associated with this handle - // references a loaded session - gr.contextArray[*handle] = CONTEXT_SLOT_MASKED(sessionIndex + 1); // libtpms changed - return TPM_RC_SUCCESS; - } - } + { + if(gr.contextArray[*handle] == 0) + { + // indicate that the session associated with this handle + // references a loaded session + gr.contextArray[*handle] = CONTEXT_SLOT_MASKED(sessionIndex + 1); // libtpms changed + return TPM_RC_SUCCESS; + } + } return TPM_RC_SESSION_HANDLES; } @@ -454,47 +455,47 @@ static TPM_RC ContextIdSessionCreate( // TPM_RC_SESSION_MEMORY loaded session space is full TPM_RC SessionCreate(TPM_SE sessionType, // IN: the session type - TPMI_ALG_HASH authHash, // IN: the hash algorithm - TPM2B_NONCE* nonceCaller, // IN: initial nonceCaller - TPMT_SYM_DEF* symmetric, // IN: the symmetric algorithm - TPMI_DH_ENTITY bind, // IN: the bind object - TPM2B_DATA* seed, // IN: seed data - TPM_HANDLE* sessionHandle, // OUT: the session handle - TPM2B_NONCE* nonceTpm // OUT: the session nonce - ) + TPMI_ALG_HASH authHash, // IN: the hash algorithm + TPM2B_NONCE* nonceCaller, // IN: initial nonceCaller + TPMT_SYM_DEF* symmetric, // IN: the symmetric algorithm + TPMI_DH_ENTITY bind, // IN: the bind object + TPM2B_DATA* seed, // IN: seed data + TPM_HANDLE* sessionHandle, // OUT: the session handle + TPM2B_NONCE* nonceTpm // OUT: the session nonce +) { TPM_RC result = TPM_RC_SUCCESS; CONTEXT_SLOT slotIndex; SESSION* session = NULL; pAssert(sessionType == TPM_SE_HMAC || sessionType == TPM_SE_POLICY - || sessionType == TPM_SE_TRIAL); + || sessionType == TPM_SE_TRIAL); // If there are no open spots in the session array, then no point in searching if(s_freeSessionSlots == 0) - return TPM_RC_SESSION_MEMORY; + return TPM_RC_SESSION_MEMORY; // Find a space for loading a session for(slotIndex = 0; slotIndex < MAX_LOADED_SESSIONS; slotIndex++) - { - // Is this available? - if(s_sessions[slotIndex].occupied == FALSE) - { - session = &s_sessions[slotIndex].session; - break; - } - } + { + // Is this available? + if(s_sessions[slotIndex].occupied == FALSE) + { + session = &s_sessions[slotIndex].session; + break; + } + } // if no spot found, then this is an internal error if(slotIndex >= MAX_LOADED_SESSIONS) { // libtpms changed - FAIL(FATAL_ERROR_INTERNAL); - // should never get here due to longjmp in FAIL() libtpms added begin; cppcheck - return TPM_RC_FAILURE; + FAIL(FATAL_ERROR_INTERNAL); + // should never get here due to longjmp in FAIL() libtpms added begin; cppcheck + return TPM_RC_FAILURE; } // libtpms added end // Call context ID function to get a handle. TPM_RC_SESSION_HANDLE may be // returned from ContextIdHandelAssign() result = ContextIdSessionCreate(sessionHandle, slotIndex); if(result != TPM_RC_SUCCESS) - return result; + return result; //*** Only return from this point on is TPM_RC_SUCCESS @@ -509,26 +510,26 @@ SessionCreate(TPM_SE sessionType, // IN: the session type session->authHashAlg = authHash; // Initialize session type if(sessionType == TPM_SE_HMAC) - { - *sessionHandle += HMAC_SESSION_FIRST; - } + { + *sessionHandle += HMAC_SESSION_FIRST; + } else - { - *sessionHandle += POLICY_SESSION_FIRST; + { + *sessionHandle += POLICY_SESSION_FIRST; - // For TPM_SE_POLICY or TPM_SE_TRIAL - session->attributes.isPolicy = SET; - if(sessionType == TPM_SE_TRIAL) - session->attributes.isTrialPolicy = SET; + // For TPM_SE_POLICY or TPM_SE_TRIAL + session->attributes.isPolicy = SET; + if(sessionType == TPM_SE_TRIAL) + session->attributes.isTrialPolicy = SET; - SessionSetStartTime(session); + SessionSetStartTime(session); - // Initialize policyDigest. policyDigest is initialized with a string of 0 - // of session algorithm digest size. Since the session is already clear. - // Just need to set the size - session->u2.policyDigest.t.size = - CryptHashGetDigestSize(session->authHashAlg); - } + // Initialize policyDigest. policyDigest is initialized with a string of 0 + // of session algorithm digest size. Since the session is already clear. + // Just need to set the size + session->u2.policyDigest.t.size = + CryptHashGetDigestSize(session->authHashAlg); + } // Create initial session nonce session->nonceTPM.t.size = nonceCaller->t.size; CryptRandomGenerate(session->nonceTPM.t.size, session->nonceTPM.t.buffer); @@ -540,51 +541,51 @@ SessionCreate(TPM_SE sessionType, // IN: the session type // If there is a bind object or a session secret, then need to compute // a sessionKey. if(bind != TPM_RH_NULL || seed->t.size != 0) - { - // sessionKey = KDFa(hash, (authValue || seed), "ATH", nonceTPM, - // nonceCaller, bits) - // The HMAC key for generating the sessionSecret can be the concatenation - // of an authorization value and a seed value - TPM2B_TYPE(KEY, (sizeof(TPMT_HA) + sizeof(seed->t.buffer))); - TPM2B_KEY key; + { + // sessionKey = KDFa(hash, (authValue || seed), "ATH", nonceTPM, + // nonceCaller, bits) + // The HMAC key for generating the sessionSecret can be the concatenation + // of an authorization value and a seed value + TPM2B_TYPE(KEY, (sizeof(TPMT_HA) + sizeof(seed->t.buffer))); + TPM2B_KEY key; - // Get hash size, which is also the length of sessionKey - session->sessionKey.t.size = CryptHashGetDigestSize(session->authHashAlg); + // Get hash size, which is also the length of sessionKey + session->sessionKey.t.size = CryptHashGetDigestSize(session->authHashAlg); - // Get authValue of associated entity - EntityGetAuthValue(bind, (TPM2B_AUTH*)&key); - pAssert(key.t.size + seed->t.size <= sizeof(key.t.buffer)); + // Get authValue of associated entity + EntityGetAuthValue(bind, (TPM2B_AUTH*)&key); + pAssert(key.t.size + seed->t.size <= sizeof(key.t.buffer)); - // Concatenate authValue and seed - MemoryConcat2B(&key.b, &seed->b, sizeof(key.t.buffer)); + // Concatenate authValue and seed + MemoryConcat2B(&key.b, &seed->b, sizeof(key.t.buffer)); - // Compute the session key - CryptKDFa(session->authHashAlg, - &key.b, - SESSION_KEY, - &session->nonceTPM.b, - &nonceCaller->b, - session->sessionKey.t.size * 8, - session->sessionKey.t.buffer, - NULL, - FALSE); - } + // Compute the session key + CryptKDFa(session->authHashAlg, + &key.b, + SESSION_KEY, + &session->nonceTPM.b, + &nonceCaller->b, + session->sessionKey.t.size * 8, + session->sessionKey.t.buffer, + NULL, + FALSE); + } // Copy the name of the entity that the HMAC session is bound to // Policy session is not bound to an entity if(bind != TPM_RH_NULL && sessionType == TPM_SE_HMAC) - { - session->attributes.isBound = SET; - SessionComputeBoundEntity(bind, &session->u1.boundEntity); - } + { + session->attributes.isBound = SET; + SessionComputeBoundEntity(bind, &session->u1.boundEntity); + } // If there is a bind object and it is subject to DA, then use of this session // is subject to DA regardless of how it is used. session->attributes.isDaBound = (bind != TPM_RH_NULL) - && (IsDAExempted(bind) == FALSE); + && (IsDAExempted(bind) == FALSE); // If the session is bound, then check to see if it is bound to lockoutAuth session->attributes.isLockoutBound = (session->attributes.isDaBound == SET) - && (bind == TPM_RH_LOCKOUT); + && (bind == TPM_RH_LOCKOUT); return TPM_RC_SUCCESS; } @@ -603,8 +604,8 @@ SessionCreate(TPM_SE sessionType, // IN: the session type // TPM_RC SessionContextSave(TPM_HANDLE handle, // IN: session handle - CONTEXT_COUNTER* contextID // OUT: assigned contextID - ) + CONTEXT_COUNTER* contextID // OUT: assigned contextID +) { UINT32 contextIndex; CONTEXT_SLOT slotIndex; @@ -618,11 +619,11 @@ SessionContextSave(TPM_HANDLE handle, // IN: session handle // if the oldest saved session has the same value as the low bits // of the contextCounter, then the GAP is maxed out. && gr.contextArray[s_oldestSavedSession] == CONTEXT_SLOT_MASKED(gr.contextCounter)) // libtpms changed - return TPM_RC_CONTEXT_GAP; + return TPM_RC_CONTEXT_GAP; // if the caller wants the context counter, set it if(contextID != NULL) - *contextID = gr.contextCounter; + *contextID = gr.contextCounter; contextIndex = handle & HR_HANDLE_MASK; pAssert(contextIndex < MAX_ACTIVE_SESSIONS); @@ -634,25 +635,26 @@ SessionContextSave(TPM_HANDLE handle, // IN: session handle // Set the contextID for the contextArray gr.contextArray[contextIndex] = CONTEXT_SLOT_MASKED(gr.contextCounter); // libtpms changed + // Increment the counter gr.contextCounter++; // In the unlikely event that the 64-bit context counter rolls over... if(gr.contextCounter == 0) - { - // back it up - gr.contextCounter--; - // return an error - return TPM_RC_TOO_MANY_CONTEXTS; - } + { + // back it up + gr.contextCounter--; + // return an error + return TPM_RC_TOO_MANY_CONTEXTS; + } // if the low-order bits wrapped, need to advance the value to skip over // the values used to indicate that a session is loaded if(CONTEXT_SLOT_MASKED(gr.contextCounter) == 0) // libtpms changed - gr.contextCounter += MAX_LOADED_SESSIONS + 1; + gr.contextCounter += MAX_LOADED_SESSIONS + 1; // If no other sessions are saved, this is now the oldest. if(s_oldestSavedSession >= MAX_ACTIVE_SESSIONS) - s_oldestSavedSession = contextIndex; + s_oldestSavedSession = contextIndex; // Mark the session slot as unoccupied s_sessions[slotIndex].occupied = FALSE; @@ -679,27 +681,28 @@ SessionContextSave(TPM_HANDLE handle, // IN: session handle // TPM_RC SessionContextLoad(SESSION_BUF* session, // IN: session structure from saved context - TPM_HANDLE* handle // IN/OUT: session handle - ) + TPM_HANDLE* handle // IN/OUT: session handle +) { UINT32 contextIndex; CONTEXT_SLOT slotIndex; pAssert(s_ContextSlotMask == 0xff || s_ContextSlotMask == 0xffff); // libtpms added pAssert(HandleGetType(*handle) == TPM_HT_POLICY_SESSION - || HandleGetType(*handle) == TPM_HT_HMAC_SESSION); + || HandleGetType(*handle) == TPM_HT_HMAC_SESSION); // Don't bother looking if no openings if(s_freeSessionSlots == 0) - return TPM_RC_SESSION_MEMORY; + return TPM_RC_SESSION_MEMORY; // Find a free session slot to load the session for(slotIndex = 0; slotIndex < MAX_LOADED_SESSIONS; slotIndex++) - if(s_sessions[slotIndex].occupied == FALSE) - break; + if(s_sessions[slotIndex].occupied == FALSE) + break; // if no spot found, then this is an internal error pAssert(slotIndex < MAX_LOADED_SESSIONS); + // libtpms: besides the s_freeSessionSlots guard add another array index guard if (slotIndex >= MAX_LOADED_SESSIONS) { // libtpms added begin; cppcheck FAIL(FATAL_ERROR_INTERNAL); @@ -713,7 +716,7 @@ SessionContextLoad(SESSION_BUF* session, // IN: session structure from saved co if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS && s_freeSessionSlots == 1 && CONTEXT_SLOT_MASKED(gr.contextCounter) == gr.contextArray[s_oldestSavedSession] // libtpms changed && contextIndex != s_oldestSavedSession) - return TPM_RC_CONTEXT_GAP; + return TPM_RC_CONTEXT_GAP; pAssert(contextIndex < MAX_ACTIVE_SESSIONS); @@ -723,7 +726,7 @@ SessionContextLoad(SESSION_BUF* session, // IN: session structure from saved co // if this was the oldest context, find the new oldest if(contextIndex == s_oldestSavedSession) - ContextIdSetOldest(); + ContextIdSetOldest(); // Copy session data to session slot MemoryCopy(&s_sessions[slotIndex].session, session, sizeof(SESSION)); @@ -745,14 +748,14 @@ SessionContextLoad(SESSION_BUF* session, // IN: session structure from saved co // This function requires that 'handle' be a valid active session. // void SessionFlush(TPM_HANDLE handle // IN: loaded or saved session handle - ) +) { CONTEXT_SLOT slotIndex; UINT32 contextIndex; // Index into contextArray pAssert((HandleGetType(handle) == TPM_HT_POLICY_SESSION - || HandleGetType(handle) == TPM_HT_HMAC_SESSION) - && (SessionIsLoaded(handle) || SessionIsSaved(handle))); + || HandleGetType(handle) == TPM_HT_HMAC_SESSION) + && (SessionIsLoaded(handle) || SessionIsSaved(handle))); // Flush context ID of this session // Convert handle to an index into the contextArray @@ -768,21 +771,21 @@ void SessionFlush(TPM_HANDLE handle // IN: loaded or saved session handle // Is this a saved session being flushed if(slotIndex > MAX_LOADED_SESSIONS) - { - // Flushing the oldest session? - if(contextIndex == s_oldestSavedSession) - // If so, find a new value for oldest. - ContextIdSetOldest(); - } + { + // Flushing the oldest session? + if(contextIndex == s_oldestSavedSession) + // If so, find a new value for oldest. + ContextIdSetOldest(); + } else - { - // Adjust slot index to point to session array index - slotIndex -= 1; + { + // Adjust slot index to point to session array index + slotIndex -= 1; - // Free session array index - s_sessions[slotIndex].occupied = FALSE; - s_freeSessionSlots++; - } + // Free session array index + s_sessions[slotIndex].occupied = FALSE; + s_freeSessionSlots++; + } return; } @@ -795,8 +798,8 @@ void SessionFlush(TPM_HANDLE handle // IN: loaded or saved session handle // into the bind buffer. If they will not both fit, the will be overlapped // by XORing bytes. If XOR is required, the bind value will be full. void SessionComputeBoundEntity(TPMI_DH_ENTITY entityHandle, // IN: handle of entity - TPM2B_NAME* bind // OUT: binding value - ) + TPM2B_NAME* bind // OUT: binding value +) { TPM2B_AUTH auth; BYTE* pAuth = auth.t.buffer; @@ -817,7 +820,7 @@ void SessionComputeBoundEntity(TPMI_DH_ENTITY entityHandle, // IN: handle of en MemorySet(&bind->t.name[bind->t.size], 0, sizeof(bind->t.name) - bind->t.size); // XOR the authValue at the end of the name for(i = sizeof(bind->t.name) - auth.t.size; i < sizeof(bind->t.name); i++) - bind->t.name[i] ^= *pAuth++; + bind->t.name[i] ^= *pAuth++; // Set the bind value to the maximum size bind->t.size = sizeof(bind->t.name); @@ -828,7 +831,7 @@ void SessionComputeBoundEntity(TPMI_DH_ENTITY entityHandle, // IN: handle of en //*** SessionSetStartTime() // This function is used to initialize the session timing void SessionSetStartTime(SESSION* session // IN: the session to update - ) +) { session->startTime = g_time; session->epoch = g_timeEpoch; @@ -839,7 +842,7 @@ void SessionSetStartTime(SESSION* session // IN: the session to update // This function is used to reset the policy data without changing the nonce // or the start time of the session. void SessionResetPolicyData(SESSION* session // IN: the session to reset - ) +) { SESSION_ATTRIBUTES oldAttributes; pAssert(session != NULL); @@ -888,9 +891,9 @@ void SessionResetPolicyData(SESSION* session // IN: the session to reset // NO all the available handles has been returned TPMI_YES_NO SessionCapGetLoaded(TPMI_SH_POLICY handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE* handleList // OUT: list of handle - ) + UINT32 count, // IN: count of returned handles + TPML_HANDLE* handleList // OUT: list of handle +) { TPMI_YES_NO more = NO; UINT32 i; @@ -902,41 +905,41 @@ SessionCapGetLoaded(TPMI_SH_POLICY handle, // IN: start handle // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) - count = MAX_CAP_HANDLES; + count = MAX_CAP_HANDLES; // Iterate session context ID slots to get loaded session handles for(i = handle & HR_HANDLE_MASK; i < MAX_ACTIVE_SESSIONS; i++) - { - // If session is active - if(gr.contextArray[i] != 0) - { - // If session is loaded - if(gr.contextArray[i] <= MAX_LOADED_SESSIONS) - { - if(handleList->count < count) - { - SESSION* session; + { + // If session is active + if(gr.contextArray[i] != 0) + { + // If session is loaded + if(gr.contextArray[i] <= MAX_LOADED_SESSIONS) + { + if(handleList->count < count) + { + SESSION* session; - // If we have not filled up the return list, add this - // session handle to it - // assume that this is going to be an HMAC session - handle = i + HMAC_SESSION_FIRST; - session = SessionGet(handle); - if(session->attributes.isPolicy) - handle = i + POLICY_SESSION_FIRST; - handleList->handle[handleList->count] = handle; - handleList->count++; - } - else - { - // If the return list is full but we still have loaded object - // available, report this and stop iterating - more = YES; - break; - } - } - } - } + // If we have not filled up the return list, add this + // session handle to it + // assume that this is going to be an HMAC session + handle = i + HMAC_SESSION_FIRST; + session = SessionGet(handle); + if(session->attributes.isPolicy) + handle = i + POLICY_SESSION_FIRST; + handleList->handle[handleList->count] = handle; + handleList->count++; + } + else + { + // If the return list is full but we still have loaded object + // available, report this and stop iterating + more = YES; + break; + } + } + } + } return more; } @@ -949,9 +952,9 @@ BOOL SessionCapGetOneLoaded(TPMI_SH_POLICY handle) // IN: handle if((handle & HR_HANDLE_MASK) < MAX_ACTIVE_SESSIONS && gr.contextArray[(handle & HR_HANDLE_MASK)]) - { - return TRUE; - } + { + return TRUE; + } return FALSE; } @@ -968,9 +971,9 @@ BOOL SessionCapGetOneLoaded(TPMI_SH_POLICY handle) // IN: handle // NO all the available handles has been returned TPMI_YES_NO SessionCapGetSaved(TPMI_SH_HMAC handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE* handleList // OUT: list of handle - ) + UINT32 count, // IN: count of returned handles + TPML_HANDLE* handleList // OUT: list of handle +) { TPMI_YES_NO more = NO; UINT32 i; @@ -982,34 +985,34 @@ SessionCapGetSaved(TPMI_SH_HMAC handle, // IN: start handle // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) - count = MAX_CAP_HANDLES; + count = MAX_CAP_HANDLES; // Iterate session context ID slots to get loaded session handles for(i = handle & HR_HANDLE_MASK; i < MAX_ACTIVE_SESSIONS; i++) - { - // If session is active - if(gr.contextArray[i] != 0) - { - // If session is saved - if(gr.contextArray[i] > MAX_LOADED_SESSIONS) - { - if(handleList->count < count) - { - // If we have not filled up the return list, add this - // session handle to it - handleList->handle[handleList->count] = i + HMAC_SESSION_FIRST; - handleList->count++; - } - else - { - // If the return list is full but we still have loaded object - // available, report this and stop iterating - more = YES; - break; - } - } - } - } + { + // If session is active + if(gr.contextArray[i] != 0) + { + // If session is saved + if(gr.contextArray[i] > MAX_LOADED_SESSIONS) + { + if(handleList->count < count) + { + // If we have not filled up the return list, add this + // session handle to it + handleList->handle[handleList->count] = i + HMAC_SESSION_FIRST; + handleList->count++; + } + else + { + // If the return list is full but we still have loaded object + // available, report this and stop iterating + more = YES; + break; + } + } + } + } return more; } @@ -1022,9 +1025,9 @@ BOOL SessionCapGetOneSaved(TPMI_SH_HMAC handle) // IN: handle if((handle & HR_HANDLE_MASK) < MAX_ACTIVE_SESSIONS && gr.contextArray[(handle & HR_HANDLE_MASK)]) - { - return TRUE; - } + { + return TRUE; + } return FALSE; } @@ -1061,10 +1064,10 @@ SessionCapGetActiveNumber(void) // Iterate the context array to find the number of non-zero slots for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - { - if(gr.contextArray[i] != 0) - num++; - } + { + if(gr.contextArray[i] != 0) + num++; + } return num; } @@ -1081,10 +1084,10 @@ SessionCapGetActiveAvail(void) // Iterate the context array to find the number of zero slots for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) - { - if(gr.contextArray[i] == 0) - num++; - } + { + if(gr.contextArray[i] == 0) + num++; + } return num; } diff --git a/src/tpm2/SessionProcess.c b/src/tpm2/SessionProcess.c index a0693303..b0ffeb3a 100644 --- a/src/tpm2/SessionProcess.c +++ b/src/tpm2/SessionProcess.c @@ -88,38 +88,38 @@ // TRUE(1) handle is exempted from DA logic // FALSE(0) handle is not exempted from DA logic BOOL IsDAExempted(TPM_HANDLE handle // IN: entity handle - ) +) { BOOL result = FALSE; // switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - // All permanent handles, other than TPM_RH_LOCKOUT, are exempt from - // DA protection. - result = (handle != TPM_RH_LOCKOUT); - break; - // When this function is called, a persistent object will have been loaded - // into an object slot and assigned a transient handle. - case TPM_HT_TRANSIENT: - { - TPMA_OBJECT attributes = ObjectGetPublicAttributes(handle); - result = IS_ATTRIBUTE(attributes, TPMA_OBJECT, noDA); - break; - } - case TPM_HT_NV_INDEX: - { - NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); - result = IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, NO_DA); - break; - } - case TPM_HT_PCR: - // PCRs are always exempted from DA. - result = TRUE; - break; - default: - break; - } + { + case TPM_HT_PERMANENT: + // All permanent handles, other than TPM_RH_LOCKOUT, are exempt from + // DA protection. + result = (handle != TPM_RH_LOCKOUT); + break; + // When this function is called, a persistent object will have been loaded + // into an object slot and assigned a transient handle. + case TPM_HT_TRANSIENT: + { + TPMA_OBJECT attributes = ObjectGetPublicAttributes(handle); + result = IS_ATTRIBUTE(attributes, TPMA_OBJECT, noDA); + break; + } + case TPM_HT_NV_INDEX: + { + NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); + result = IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, NO_DA); + break; + } + case TPM_HT_PCR: + // PCRs are always exempted from DA. + result = TRUE; + break; + default: + break; + } return result; } @@ -141,57 +141,57 @@ static TPM_RC IncrementLockout(UINT32 sessionIndex) // Don't increment lockout unless the handle associated with the session // is DA protected or the session is bound to a DA protected entity. if(sessionHandle == TPM_RS_PW) - { - if(IsDAExempted(handle)) - return TPM_RC_BAD_AUTH; - } + { + if(IsDAExempted(handle)) + return TPM_RC_BAD_AUTH; + } else - { - session = SessionGet(sessionHandle); - // If the session is bound to lockout, then use that as the relevant - // handle. This means that an authorization failure with a bound session - // bound to lockoutAuth will take precedence over any other - // lockout check - if(session->attributes.isLockoutBound == SET) - handle = TPM_RH_LOCKOUT; - if(session->attributes.isDaBound == CLEAR - && (IsDAExempted(handle) || session->attributes.includeAuth == CLEAR)) - // If the handle was changed to TPM_RH_LOCKOUT, this will not return - // TPM_RC_BAD_AUTH - return TPM_RC_BAD_AUTH; - } + { + session = SessionGet(sessionHandle); + // If the session is bound to lockout, then use that as the relevant + // handle. This means that an authorization failure with a bound session + // bound to lockoutAuth will take precedence over any other + // lockout check + if(session->attributes.isLockoutBound == SET) + handle = TPM_RH_LOCKOUT; + if(session->attributes.isDaBound == CLEAR + && (IsDAExempted(handle) || session->attributes.includeAuth == CLEAR)) + // If the handle was changed to TPM_RH_LOCKOUT, this will not return + // TPM_RC_BAD_AUTH + return TPM_RC_BAD_AUTH; + } if(handle == TPM_RH_LOCKOUT) - { - pAssert(gp.lockOutAuthEnabled == TRUE); + { + pAssert(gp.lockOutAuthEnabled == TRUE); - // lockout is no longer enabled - gp.lockOutAuthEnabled = FALSE; + // lockout is no longer enabled + gp.lockOutAuthEnabled = FALSE; - // For TPM_RH_LOCKOUT, if lockoutRecovery is 0, no need to update NV since - // the lockout authorization will be reset at startup. - if(gp.lockoutRecovery != 0) - { - if(NV_IS_AVAILABLE) - // Update NV. - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - else - // No NV access for now. Put the TPM in pending mode. - s_DAPendingOnNV = TRUE; - } - } + // For TPM_RH_LOCKOUT, if lockoutRecovery is 0, no need to update NV since + // the lockout authorization will be reset at startup. + if(gp.lockoutRecovery != 0) + { + if(NV_IS_AVAILABLE) + // Update NV. + NV_SYNC_PERSISTENT(lockOutAuthEnabled); + else + // No NV access for now. Put the TPM in pending mode. + s_DAPendingOnNV = TRUE; + } + } else - { - if(gp.recoveryTime != 0) - { - gp.failedTries++; - if(NV_IS_AVAILABLE) - // Record changes to NV. NvWrite will SET g_updateNV - NV_SYNC_PERSISTENT(failedTries); - else - // No NV access for now. Put the TPM in pending mode. - s_DAPendingOnNV = TRUE; - } - } + { + if(gp.recoveryTime != 0) + { + gp.failedTries++; + if(NV_IS_AVAILABLE) + // Record changes to NV. NvWrite will SET g_updateNV + NV_SYNC_PERSISTENT(failedTries); + else + // No NV access for now. Put the TPM in pending mode. + s_DAPendingOnNV = TRUE; + } + } // Register a DA failure and reset the timers. DARegisterFailure(handle); @@ -209,21 +209,21 @@ static TPM_RC IncrementLockout(UINT32 sessionIndex) // TRUE(1) handle points to the session start entity // FALSE(0) handle does not point to the session start entity static BOOL IsSessionBindEntity( - TPM_HANDLE associatedHandle, // IN: handle to be authorized - SESSION* session // IN: associated session - ) + TPM_HANDLE associatedHandle, // IN: handle to be authorized + SESSION* session // IN: associated session +) { TPM2B_NAME entity; // The bind value for the entity - // + // // If the session is not bound, return FALSE. if(session->attributes.isBound) - { - // Compute the bind value for the entity. - SessionComputeBoundEntity(associatedHandle, &entity); + { + // Compute the bind value for the entity. + SessionComputeBoundEntity(associatedHandle, &entity); - // Compare to the bind value in the session. - return MemoryEqual2B(&entity.b, &session->u1.boundEntity.b); - } + // Compare to the bind value in the session. + return MemoryEqual2B(&entity.b, &session->u1.boundEntity.b); + } return FALSE; } @@ -245,41 +245,42 @@ static BOOL IsSessionBindEntity( // TRUE(1) policy session is required // FALSE(0) policy session is not required static BOOL IsPolicySessionRequired(COMMAND_INDEX commandIndex, // IN: command index - UINT32 sessionIndex // IN: session index - ) + UINT32 sessionIndex // IN: session index +) { AUTH_ROLE role = CommandAuthRole(commandIndex, sessionIndex); TPM_HT type = HandleGetType(s_associatedHandles[sessionIndex]); // if(role == AUTH_DUP) - return TRUE; + return TRUE; if(role == AUTH_ADMIN) - { - // We allow an exception for ADMIN role in a transient object. If the object - // allows ADMIN role actions with authorization, then policy is not - // required. For all other cases, there is no way to override the command - // requirement that a policy be used - if(type == TPM_HT_TRANSIENT) - { - OBJECT* object = HandleToObject(s_associatedHandles[sessionIndex]); + { + // We allow an exception for ADMIN role in a transient object. If the object + // allows ADMIN role actions with authorization, then policy is not + // required. For all other cases, there is no way to override the command + // requirement that a policy be used + if(type == TPM_HT_TRANSIENT) + { + OBJECT* object = HandleToObject(s_associatedHandles[sessionIndex]); - if(!IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, adminWithPolicy)) - return FALSE; - } - return TRUE; - } + if(!IS_ATTRIBUTE( + object->publicArea.objectAttributes, TPMA_OBJECT, adminWithPolicy)) + return FALSE; + } + return TRUE; + } if(type == TPM_HT_PCR) - { - if(PCRPolicyIsAvailable(s_associatedHandles[sessionIndex])) - { - TPM2B_DIGEST policy; - TPMI_ALG_HASH policyAlg; - policyAlg = PCRGetAuthPolicy(s_associatedHandles[sessionIndex], &policy); - if(policyAlg != TPM_ALG_NULL) - return TRUE; - } - } + { + if(PCRPolicyIsAvailable(s_associatedHandles[sessionIndex])) + { + TPM2B_DIGEST policy; + TPMI_ALG_HASH policyAlg; + policyAlg = PCRGetAuthPolicy(s_associatedHandles[sessionIndex], &policy); + if(policyAlg != TPM_ALG_NULL) + return TRUE; + } + } return FALSE; } @@ -299,130 +300,130 @@ static BOOL IsPolicySessionRequired(COMMAND_INDEX commandIndex, // IN: command // TRUE(1) authValue is available // FALSE(0) authValue is not available static BOOL IsAuthValueAvailable(TPM_HANDLE handle, // IN: handle of entity - COMMAND_INDEX commandIndex, // IN: command index - UINT32 sessionIndex // IN: session index - ) + COMMAND_INDEX commandIndex, // IN: command index + UINT32 sessionIndex // IN: session index +) { BOOL result = FALSE; // switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - switch(handle) - { - // At this point hierarchy availability has already been - // checked so primary seed handles are always available here - case TPM_RH_OWNER: - case TPM_RH_ENDORSEMENT: - case TPM_RH_PLATFORM: + { + case TPM_HT_PERMANENT: + switch(handle) + { + // At this point hierarchy availability has already been + // checked so primary seed handles are always available here + case TPM_RH_OWNER: + case TPM_RH_ENDORSEMENT: + case TPM_RH_PLATFORM: #if VENDOR_PERMANENT_AUTH_ENABLED == YES - // This vendor defined handle associated with the - // manufacturer's shared secret - case VENDOR_PERMANENT_AUTH_HANDLE: + // This vendor defined handle associated with the + // manufacturer's shared secret + case VENDOR_PERMANENT_AUTH_HANDLE: #endif - // The DA checking has been performed on LockoutAuth but we - // bypass the DA logic if we are using lockout policy. The - // policy would allow execution to continue an lockoutAuth - // could be used, even if direct use of lockoutAuth is disabled - case TPM_RH_LOCKOUT: - // NullAuth is always available. - case TPM_RH_NULL: - result = TRUE; - break; + // The DA checking has been performed on LockoutAuth but we + // bypass the DA logic if we are using lockout policy. The + // policy would allow execution to continue an lockoutAuth + // could be used, even if direct use of lockoutAuth is disabled + case TPM_RH_LOCKOUT: + // NullAuth is always available. + case TPM_RH_NULL: + result = TRUE; + break; #ifndef __ACT_DISABLED // libtpms changed - FOR_EACH_ACT(CASE_ACT_HANDLE) - { - // The ACT auth value is not available if the platform is disabled - result = g_phEnable == SET; - break; - } + FOR_EACH_ACT(CASE_ACT_HANDLE) + { + // The ACT auth value is not available if the platform is disabled + result = g_phEnable == SET; + break; + } #endif // ACT_SUPPORT - default: - // Otherwise authValue is not available. - break; - } - break; - case TPM_HT_TRANSIENT: - // A persistent object has already been loaded and the internal - // handle changed. - { - OBJECT* object; - TPMA_OBJECT attributes; - // - object = HandleToObject(handle); - attributes = object->publicArea.objectAttributes; + default: + // Otherwise authValue is not available. + break; + } + break; + case TPM_HT_TRANSIENT: + // A persistent object has already been loaded and the internal + // handle changed. + { + OBJECT* object; + TPMA_OBJECT attributes; + // + object = HandleToObject(handle); + attributes = object->publicArea.objectAttributes; - // authValue is always available for a sequence object. - // An alternative for this is to - // SET_ATTRIBUTE(object->publicArea, TPMA_OBJECT, userWithAuth) when the - // sequence is started. - if(ObjectIsSequence(object)) - { - result = TRUE; - break; - } - // authValue is available for an object if it has its sensitive - // portion loaded and - // a) userWithAuth bit is SET, or - // b) ADMIN role is required - if(object->attributes.publicOnly == CLEAR - && (IS_ATTRIBUTE(attributes, TPMA_OBJECT, userWithAuth) - || (CommandAuthRole(commandIndex, sessionIndex) == AUTH_ADMIN - && !IS_ATTRIBUTE( - attributes, TPMA_OBJECT, adminWithPolicy)))) - result = TRUE; - } - break; - case TPM_HT_NV_INDEX: - // NV Index. - { - NV_REF locator; - NV_INDEX* nvIndex = NvGetIndexInfo(handle, &locator); - TPMA_NV nvAttributes; - // - pAssert(nvIndex != 0); + // authValue is always available for a sequence object. + // An alternative for this is to + // SET_ATTRIBUTE(object->publicArea, TPMA_OBJECT, userWithAuth) when the + // sequence is started. + if(ObjectIsSequence(object)) + { + result = TRUE; + break; + } + // authValue is available for an object if it has its sensitive + // portion loaded and + // a) userWithAuth bit is SET, or + // b) ADMIN role is required + if(object->attributes.publicOnly == CLEAR + && (IS_ATTRIBUTE(attributes, TPMA_OBJECT, userWithAuth) + || (CommandAuthRole(commandIndex, sessionIndex) == AUTH_ADMIN + && !IS_ATTRIBUTE( + attributes, TPMA_OBJECT, adminWithPolicy)))) + result = TRUE; + } + break; + case TPM_HT_NV_INDEX: + // NV Index. + { + NV_REF locator; + NV_INDEX* nvIndex = NvGetIndexInfo(handle, &locator); + TPMA_NV nvAttributes; + // + pAssert(nvIndex != 0); - nvAttributes = nvIndex->publicArea.attributes; + nvAttributes = nvIndex->publicArea.attributes; - if(IsWriteOperation(commandIndex)) - { - // AuthWrite can't be set for a PIN index - if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHWRITE)) - result = TRUE; - } - else - { - // A "read" operation - // For a PIN Index, the authValue is available as long as the - // Index has been written and the pinCount is less than pinLimit - if(IsNvPinFailIndex(nvAttributes) - || IsNvPinPassIndex(nvAttributes)) - { - NV_PIN pin; - if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)) - break; // return false - // get the index values - pin.intVal = NvGetUINT64Data(nvIndex, locator); - if(pin.pin.pinCount < pin.pin.pinLimit) - result = TRUE; - } - // For non-PIN Indexes, need to allow use of the authValue - else if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHREAD)) - result = TRUE; - } - } - break; - case TPM_HT_PCR: - // PCR handle. - // authValue is always allowed for PCR - result = TRUE; - break; - default: - // Otherwise, authValue is not available - break; - } + if(IsWriteOperation(commandIndex)) + { + // AuthWrite can't be set for a PIN index + if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHWRITE)) + result = TRUE; + } + else + { + // A "read" operation + // For a PIN Index, the authValue is available as long as the + // Index has been written and the pinCount is less than pinLimit + if(IsNvPinFailIndex(nvAttributes) + || IsNvPinPassIndex(nvAttributes)) + { + NV_PIN pin; + if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)) + break; // return false + // get the index values + pin.intVal = NvGetUINT64Data(nvIndex, locator); + if(pin.pin.pinCount < pin.pin.pinLimit) + result = TRUE; + } + // For non-PIN Indexes, need to allow use of the authValue + else if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHREAD)) + result = TRUE; + } + } + break; + case TPM_HT_PCR: + // PCR handle. + // authValue is always allowed for PCR + result = TRUE; + break; + default: + // Otherwise, authValue is not available + break; + } return result; } @@ -437,102 +438,102 @@ static BOOL IsAuthValueAvailable(TPM_HANDLE handle, // IN: handle of e // TRUE(1) authPolicy is available // FALSE(0) authPolicy is not available static BOOL IsAuthPolicyAvailable(TPM_HANDLE handle, // IN: handle of entity - COMMAND_INDEX commandIndex, // IN: command index - UINT32 sessionIndex // IN: session index - ) + COMMAND_INDEX commandIndex, // IN: command index + UINT32 sessionIndex // IN: session index +) { BOOL result = FALSE; // switch(HandleGetType(handle)) - { - case TPM_HT_PERMANENT: - switch(handle) - { - // At this point hierarchy availability has already been checked. - case TPM_RH_OWNER: - if(gp.ownerPolicy.t.size != 0) - result = TRUE; - break; - case TPM_RH_ENDORSEMENT: - if(gp.endorsementPolicy.t.size != 0) - result = TRUE; - break; - case TPM_RH_PLATFORM: - if(gc.platformPolicy.t.size != 0) - result = TRUE; - break; + { + case TPM_HT_PERMANENT: + switch(handle) + { + // At this point hierarchy availability has already been checked. + case TPM_RH_OWNER: + if(gp.ownerPolicy.t.size != 0) + result = TRUE; + break; + case TPM_RH_ENDORSEMENT: + if(gp.endorsementPolicy.t.size != 0) + result = TRUE; + break; + case TPM_RH_PLATFORM: + if(gc.platformPolicy.t.size != 0) + result = TRUE; + break; #if ACT_SUPPORT || 1 // libtpms changed -# define ACT_GET_POLICY(N) \ - case TPM_RH_ACT_##N: \ - if(go.ACT_##N.authPolicy.t.size != 0) \ - result = TRUE; \ - break; +# define ACT_GET_POLICY(N) \ + case TPM_RH_ACT_##N: \ + if(go.ACT_##N.authPolicy.t.size != 0) \ + result = TRUE; \ + break; - FOR_EACH_ACT(ACT_GET_POLICY) + FOR_EACH_ACT(ACT_GET_POLICY) #endif // ACT_SUPPORT - case TPM_RH_LOCKOUT: - if(gp.lockoutPolicy.t.size != 0) - result = TRUE; - break; - default: - break; - } - break; - case TPM_HT_TRANSIENT: - { - // Object handle. - // An evict object would already have been loaded and given a - // transient object handle by this point. - OBJECT* object = HandleToObject(handle); - // Policy authorization is not available for an object with only - // public portion loaded. - if(object->attributes.publicOnly == CLEAR) - { - // Policy authorization is always available for an object but - // is never available for a sequence. - if(!ObjectIsSequence(object)) - result = TRUE; - } - break; - } - case TPM_HT_NV_INDEX: - // An NV Index. - { - NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); - TPMA_NV nvAttributes = nvIndex->publicArea.attributes; - // - // If the policy size is not zero, check if policy can be used. - if(nvIndex->publicArea.authPolicy.t.size != 0) - { - // If policy session is required for this handle, always - // uses policy regardless of the attributes bit setting - if(IsPolicySessionRequired(commandIndex, sessionIndex)) - result = TRUE; - // Otherwise, the presence of the policy depends on the NV - // attributes. - else if(IsWriteOperation(commandIndex)) - { - if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYWRITE)) - result = TRUE; - } - else - { - if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYREAD)) - result = TRUE; - } - } - } - break; - case TPM_HT_PCR: - // PCR handle. - if(PCRPolicyIsAvailable(handle)) - result = TRUE; - break; - default: - break; - } + case TPM_RH_LOCKOUT: + if(gp.lockoutPolicy.t.size != 0) + result = TRUE; + break; + default: + break; + } + break; + case TPM_HT_TRANSIENT: + { + // Object handle. + // An evict object would already have been loaded and given a + // transient object handle by this point. + OBJECT* object = HandleToObject(handle); + // Policy authorization is not available for an object with only + // public portion loaded. + if(object->attributes.publicOnly == CLEAR) + { + // Policy authorization is always available for an object but + // is never available for a sequence. + if(!ObjectIsSequence(object)) + result = TRUE; + } + break; + } + case TPM_HT_NV_INDEX: + // An NV Index. + { + NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); + TPMA_NV nvAttributes = nvIndex->publicArea.attributes; + // + // If the policy size is not zero, check if policy can be used. + if(nvIndex->publicArea.authPolicy.t.size != 0) + { + // If policy session is required for this handle, always + // uses policy regardless of the attributes bit setting + if(IsPolicySessionRequired(commandIndex, sessionIndex)) + result = TRUE; + // Otherwise, the presence of the policy depends on the NV + // attributes. + else if(IsWriteOperation(commandIndex)) + { + if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYWRITE)) + result = TRUE; + } + else + { + if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYREAD)) + result = TRUE; + } + } + } + break; + case TPM_HT_PCR: + // PCR handle. + if(PCRPolicyIsAvailable(handle)) + result = TRUE; + break; + default: + break; + } return result; } @@ -548,33 +549,33 @@ void ClearCpRpHashes(COMMAND* command) #define CLEAR_CP_HASH(HASH, Hash) command->Hash##CpHash.b.size = 0; FOR_EACH_HASH(CLEAR_CP_HASH) #define CLEAR_RP_HASH(HASH, Hash) command->Hash##RpHash.b.size = 0; - FOR_EACH_HASH(CLEAR_RP_HASH) - } + FOR_EACH_HASH(CLEAR_RP_HASH) +} //*** GetCpHashPointer() // Function to get a pointer to the cpHash of the command static TPM2B_DIGEST* GetCpHashPointer(COMMAND* command, TPMI_ALG_HASH hashAlg) { TPM2B_DIGEST* retVal; - // - // Define the macro that will expand for each implemented algorithm in the switch - // statement below. -#define GET_CP_HASH_POINTER(HASH, Hash) \ - case ALG_##HASH##_VALUE: \ - retVal = (TPM2B_DIGEST*)&command->Hash##CpHash; \ - break; +// +// Define the macro that will expand for each implemented algorithm in the switch +// statement below. +#define GET_CP_HASH_POINTER(HASH, Hash) \ + case ALG_##HASH##_VALUE: \ + retVal = (TPM2B_DIGEST*)&command->Hash##CpHash; \ + break; switch(hashAlg) - { - // For each implemented hash, this will expand as defined above - // by GET_CP_HASH_POINTER. Your IDE may complain that - // 'struct "COMMAND" has no field "SHA1CpHash"' but the compiler says - // it does, so... - FOR_EACH_HASH(GET_CP_HASH_POINTER) - default: - retVal = NULL; - break; - } + { + // For each implemented hash, this will expand as defined above + // by GET_CP_HASH_POINTER. Your IDE may complain that + // 'struct "COMMAND" has no field "SHA1CpHash"' but the compiler says + // it does, so... + FOR_EACH_HASH(GET_CP_HASH_POINTER) + default: + retVal = NULL; + break; + } return retVal; } @@ -583,33 +584,33 @@ static TPM2B_DIGEST* GetCpHashPointer(COMMAND* command, TPMI_ALG_HASH hashAlg) static TPM2B_DIGEST* GetRpHashPointer(COMMAND* command, TPMI_ALG_HASH hashAlg) { TPM2B_DIGEST* retVal; - // - // Define the macro that will expand for each implemented algorithm in the switch - // statement below. -#define GET_RP_HASH_POINTER(HASH, Hash) \ - case ALG_##HASH##_VALUE: \ - retVal = (TPM2B_DIGEST*)&command->Hash##RpHash; \ - break; +// +// Define the macro that will expand for each implemented algorithm in the switch +// statement below. +#define GET_RP_HASH_POINTER(HASH, Hash) \ + case ALG_##HASH##_VALUE: \ + retVal = (TPM2B_DIGEST*)&command->Hash##RpHash; \ + break; switch(hashAlg) - { - // For each implemented hash, this will expand as defined above - // by GET_RP_HASH_POINTER. Your IDE may complain that - // 'struct "COMMAND" has no field 'SHA1RpHash'" but the compiler says - // it does, so... - FOR_EACH_HASH(GET_RP_HASH_POINTER) - default: - retVal = NULL; - break; - } + { + // For each implemented hash, this will expand as defined above + // by GET_RP_HASH_POINTER. Your IDE may complain that + // 'struct "COMMAND" has no field 'SHA1RpHash'" but the compiler says + // it does, so... + FOR_EACH_HASH(GET_RP_HASH_POINTER) + default: + retVal = NULL; + break; + } return retVal; } //*** ComputeCpHash() // This function computes the cpHash as defined in Part 2 and described in Part 1. static TPM2B_DIGEST* ComputeCpHash(COMMAND* command, // IN: command parsing structure - TPMI_ALG_HASH hashAlg // IN: hash algorithm - ) + TPMI_ALG_HASH hashAlg // IN: hash algorithm +) { UINT32 i; HASH_STATE hashState; @@ -625,20 +626,20 @@ static TPM2B_DIGEST* ComputeCpHash(COMMAND* command, // IN: command parsing str // Get pointer to the hash value cpHash = GetCpHashPointer(command, hashAlg); if(cpHash->t.size == 0) - { - cpHash->t.size = CryptHashStart(&hashState, hashAlg); - // Add commandCode. - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code); - // Add authNames for each of the handles. - for(i = 0; i < command->handleNum; i++) - CryptDigestUpdate2B(&hashState, - &EntityGetName(command->handles[i], &name)->b); - // Add the parameters. - CryptDigestUpdate( - &hashState, command->parameterSize, command->parameterBuffer); - // Complete the hash. - CryptHashEnd2B(&hashState, &cpHash->b); - } + { + cpHash->t.size = CryptHashStart(&hashState, hashAlg); + // Add commandCode. + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code); + // Add authNames for each of the handles. + for(i = 0; i < command->handleNum; i++) + CryptDigestUpdate2B(&hashState, + &EntityGetName(command->handles[i], &name)->b); + // Add the parameters. + CryptDigestUpdate( + &hashState, command->parameterSize, command->parameterBuffer); + // Complete the hash. + CryptHashEnd2B(&hashState, &cpHash->b); + } return cpHash; } @@ -661,8 +662,8 @@ static TPM2B_DIGEST* GetCpHash(COMMAND* command, TPMI_ALG_HASH hashAlg) // TRUE(1) template hash equal to session->templateHash // FALSE(0) template hash not equal to session->templateHash static BOOL CompareTemplateHash(COMMAND* command, // IN: parsing structure - SESSION* session // IN: session data - ) + SESSION* session // IN: session data +) { BYTE* pBuffer = command->parameterBuffer; INT32 pSize = command->parameterSize; @@ -674,13 +675,13 @@ static BOOL CompareTemplateHash(COMMAND* command, // IN: parsing structure #if CC_CreateLoaded && command->code != TPM_CC_CreateLoaded #endif - ) - return FALSE; + ) + return FALSE; // Assume that the first parameter is a TPM2B and unmarshal the size field // Note: this will not affect the parameter buffer and size in the calling // function. if(UINT16_Unmarshal(&size, &pBuffer, &pSize) != TPM_RC_SUCCESS) - return FALSE; + return FALSE; // reduce the space in the buffer. // NOTE: this could make pSize go negative if the parameters are not correct but // the unmarshaling code does not try to unmarshal if the remaining size is @@ -692,13 +693,13 @@ static BOOL CompareTemplateHash(COMMAND* command, // IN: parsing structure // Get the size of what should be the template if(UINT16_Unmarshal(&size, &pBuffer, &pSize) != TPM_RC_SUCCESS) - return FALSE; + return FALSE; // See if this is reasonable if(size > pSize) - return FALSE; + return FALSE; // Hash the template data tHash.t.size = CryptHashBlock( - session->authHashAlg, size, pBuffer, sizeof(tHash.t.buffer), tHash.t.buffer); + session->authHashAlg, size, pBuffer, sizeof(tHash.t.buffer), tHash.t.buffer); return (MemoryEqual2B(&session->u1.templateHash.b, &tHash.b)); } @@ -706,8 +707,8 @@ static BOOL CompareTemplateHash(COMMAND* command, // IN: parsing structure // This function computes the name hash and compares it to the nameHash in the // session data, returning true if they are equal. BOOL CompareNameHash(COMMAND* command, // IN: main parsing structure - SESSION* session // IN: session structure with nameHash - ) + SESSION* session // IN: session structure with nameHash +) { HASH_STATE hashState; TPM2B_DIGEST nameHash; @@ -717,21 +718,21 @@ BOOL CompareNameHash(COMMAND* command, // IN: main parsing structure nameHash.t.size = CryptHashStart(&hashState, session->authHashAlg); // Add names. for(i = 0; i < command->handleNum; i++) - CryptDigestUpdate2B(&hashState, - &EntityGetName(command->handles[i], &name)->b); + CryptDigestUpdate2B(&hashState, + &EntityGetName(command->handles[i], &name)->b); // Complete hash. CryptHashEnd2B(&hashState, &nameHash.b); // and compare return MemoryEqual( - session->u1.nameHash.t.buffer, nameHash.t.buffer, nameHash.t.size); + session->u1.nameHash.t.buffer, nameHash.t.buffer, nameHash.t.size); } //*** CompareParametersHash() // This function computes the parameters hash and compares it to the pHash in // the session data, returning true if they are equal. BOOL CompareParametersHash(COMMAND* command, // IN: main parsing structure - SESSION* session // IN: session structure with pHash - ) + SESSION* session // IN: session structure with pHash +) { HASH_STATE hashState; TPM2B_DIGEST pHash; @@ -759,8 +760,8 @@ BOOL CompareParametersHash(COMMAND* command, // IN: main parsing structure // TPM_RC_BAD_AUTH authorization fails but DA does not apply // static TPM_RC CheckPWAuthSession( - UINT32 sessionIndex // IN: index of session to be processed - ) + UINT32 sessionIndex // IN: index of session to be processed +) { TPM2B_AUTH authValue; TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex]; @@ -773,14 +774,14 @@ static TPM_RC CheckPWAuthSession( // Success if the values are identical. if(MemoryEqual2B(&s_inputAuthValues[sessionIndex].b, &authValue.b)) - { - return TPM_RC_SUCCESS; - } + { + return TPM_RC_SUCCESS; + } else // if the digests are not identical - { - // Invoke DA protection if applicable. - return IncrementLockout(sessionIndex); - } + { + // Invoke DA protection if applicable. + return IncrementLockout(sessionIndex); + } } //*** ComputeCommandHMAC() @@ -826,10 +827,10 @@ static TPM_RC CheckPWAuthSession( // particular use of the session. */ static TPM2B_DIGEST* ComputeCommandHMAC( - COMMAND* command, // IN: primary control structure - UINT32 sessionIndex, // IN: index of session to be processed - TPM2B_DIGEST* hmac // OUT: authorization HMAC - ) + COMMAND* command, // IN: primary control structure + UINT32 sessionIndex, // IN: index of session to be processed + TPM2B_DIGEST* hmac // OUT: authorization HMAC +) { TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2)); TPM2B_KEY key; @@ -849,28 +850,28 @@ static TPM2B_DIGEST* ComputeCommandHMAC( // session that uses an HMAC, then check if additional session nonces are to be // included. if(sessionIndex == 0 && s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) - { - // If there is a decrypt session and if this is not the decrypt session, - // then an extra nonce may be needed. - if(s_decryptSessionIndex != UNDEFINED_INDEX - && s_decryptSessionIndex != sessionIndex) - { - // Will add the nonce for the decrypt session. - SESSION* decryptSession = - SessionGet(s_sessionHandles[s_decryptSessionIndex]); - nonceDecrypt = &decryptSession->nonceTPM; - } - // Now repeat for the encrypt session. - if(s_encryptSessionIndex != UNDEFINED_INDEX - && s_encryptSessionIndex != sessionIndex - && s_encryptSessionIndex != s_decryptSessionIndex) - { - // Have to have the nonce for the encrypt session. - SESSION* encryptSession = - SessionGet(s_sessionHandles[s_encryptSessionIndex]); - nonceEncrypt = &encryptSession->nonceTPM; - } - } + { + // If there is a decrypt session and if this is not the decrypt session, + // then an extra nonce may be needed. + if(s_decryptSessionIndex != UNDEFINED_INDEX + && s_decryptSessionIndex != sessionIndex) + { + // Will add the nonce for the decrypt session. + SESSION* decryptSession = + SessionGet(s_sessionHandles[s_decryptSessionIndex]); + nonceDecrypt = &decryptSession->nonceTPM; + } + // Now repeat for the encrypt session. + if(s_encryptSessionIndex != UNDEFINED_INDEX + && s_encryptSessionIndex != sessionIndex + && s_encryptSessionIndex != s_decryptSessionIndex) + { + // Have to have the nonce for the encrypt session. + SESSION* encryptSession = + SessionGet(s_sessionHandles[s_encryptSessionIndex]); + nonceEncrypt = &encryptSession->nonceTPM; + } + } // Continue with the HMAC processing. session = SessionGet(s_sessionHandles[sessionIndex]); @@ -887,32 +888,32 @@ static TPM2B_DIGEST* ComputeCommandHMAC( // // Include the entity authValue if it is needed if(session->attributes.includeAuth == SET) - { - TPM2B_AUTH authValue; - // Get the entity authValue with trailing zeros removed - EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue); - // add the authValue to the HMAC key - MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer)); - } + { + TPM2B_AUTH authValue; + // Get the entity authValue with trailing zeros removed + EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue); + // add the authValue to the HMAC key + MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer)); + } // if the HMAC key size is 0, a NULL string HMAC is allowed if(key.t.size == 0 && s_inputAuthValues[sessionIndex].t.size == 0) - { - hmac->t.size = 0; - return hmac; - } + { + hmac->t.size = 0; + return hmac; + } // Start HMAC hmac->t.size = CryptHmacStart2B(&hmacState, session->authHashAlg, &key.b); // Add cpHash CryptDigestUpdate2B(&hmacState.hashState, - &ComputeCpHash(command, session->authHashAlg)->b); + &ComputeCpHash(command, session->authHashAlg)->b); // Add nonces as required CryptDigestUpdate2B(&hmacState.hashState, &s_nonceCaller[sessionIndex].b); CryptDigestUpdate2B(&hmacState.hashState, &session->nonceTPM.b); if(nonceDecrypt != NULL) - CryptDigestUpdate2B(&hmacState.hashState, &nonceDecrypt->b); + CryptDigestUpdate2B(&hmacState.hashState, &nonceDecrypt->b); if(nonceEncrypt != NULL) - CryptDigestUpdate2B(&hmacState.hashState, &nonceEncrypt->b); + CryptDigestUpdate2B(&hmacState.hashState, &nonceEncrypt->b); // Add sessionAttributes buffer = marshalBuffer; marshalSize = TPMA_SESSION_Marshal(&(s_attributes[sessionIndex]), &buffer, NULL); @@ -939,23 +940,23 @@ static TPM2B_DIGEST* ComputeCommandHMAC( // increment // static TPM_RC CheckSessionHMAC( - COMMAND* command, // IN: primary control structure - UINT32 sessionIndex // IN: index of session to be processed - ) + COMMAND* command, // IN: primary control structure + UINT32 sessionIndex // IN: index of session to be processed +) { TPM2B_DIGEST hmac; // authHMAC for comparing - // + // // Compute authHMAC ComputeCommandHMAC(command, sessionIndex, &hmac); // Compare the input HMAC with the authHMAC computed above. if(!MemoryEqual2B(&s_inputAuthValues[sessionIndex].b, &hmac.b)) - { - // If an HMAC session has a failure, invoke the anti-hammering - // if it applies to the authorized entity or the session. - // Otherwise, just indicate that the authorization is bad. - return IncrementLockout(sessionIndex); - } + { + // If an HMAC session has a failure, invoke the anti-hammering + // if it applies to the authorized entity or the session. + // Otherwise, just indicate that the authorization is bad. + return IncrementLockout(sessionIndex); + } return TPM_RC_SUCCESS; } @@ -984,9 +985,9 @@ static TPM_RC CheckSessionHMAC( // TPM_RC_NV_UNAVAILABLE NV is not available for write // TPM_RC_NV_RATE NV is rate limiting static TPM_RC CheckPolicyAuthSession( - COMMAND* command, // IN: primary parsing structure - UINT32 sessionIndex // IN: index of session to be processed - ) + COMMAND* command, // IN: primary parsing structure + UINT32 sessionIndex // IN: index of session to be processed +) { SESSION* session; TPM2B_DIGEST authPolicy; @@ -1001,120 +1002,120 @@ static TPM_RC CheckPolicyAuthSession( if(command->code == TPM_CC_PolicySecret && session->attributes.isPasswordNeeded == CLEAR && session->attributes.isAuthValueNeeded == CLEAR) - return TPM_RC_MODE; + return TPM_RC_MODE; // See if the PCR counter for the session is still valid. if(!SessionPCRValueIsCurrent(session)) - return TPM_RC_PCR_CHANGED; + return TPM_RC_PCR_CHANGED; // Get authPolicy. policyAlg = EntityGetAuthPolicy(s_associatedHandles[sessionIndex], &authPolicy); // Compare authPolicy. if(!MemoryEqual2B(&session->u2.policyDigest.b, &authPolicy.b)) - return TPM_RC_POLICY_FAIL; + return TPM_RC_POLICY_FAIL; // Policy is OK so check if the other factors are correct // Compare policy hash algorithm. if(policyAlg != session->authHashAlg) - return TPM_RC_POLICY_FAIL; + return TPM_RC_POLICY_FAIL; // Compare timeout. if(session->timeout != 0) - { - // Cannot compare time if clock stop advancing. An TPM_RC_NV_UNAVAILABLE - // or TPM_RC_NV_RATE error may be returned here. This doesn't mean that - // a new nonce will be created just that, because TPM time can't advance - // we can't do time-based operations. - RETURN_IF_NV_IS_NOT_AVAILABLE; + { + // Cannot compare time if clock stop advancing. An TPM_RC_NV_UNAVAILABLE + // or TPM_RC_NV_RATE error may be returned here. This doesn't mean that + // a new nonce will be created just that, because TPM time can't advance + // we can't do time-based operations. + RETURN_IF_NV_IS_NOT_AVAILABLE; - if((session->timeout < g_time) || (session->epoch != g_timeEpoch)) - return TPM_RC_EXPIRED; - } + if((session->timeout < g_time) || (session->epoch != g_timeEpoch)) + return TPM_RC_EXPIRED; + } // If command code is provided it must match if(session->commandCode != 0) - { - if(session->commandCode != command->code) - return TPM_RC_POLICY_CC; - } + { + if(session->commandCode != command->code) + return TPM_RC_POLICY_CC; + } else - { - // If command requires a DUP or ADMIN authorization, the session must have - // command code set. - AUTH_ROLE role = CommandAuthRole(command->index, sessionIndex); - if(role == AUTH_ADMIN || role == AUTH_DUP) - return TPM_RC_POLICY_FAIL; - } + { + // If command requires a DUP or ADMIN authorization, the session must have + // command code set. + AUTH_ROLE role = CommandAuthRole(command->index, sessionIndex); + if(role == AUTH_ADMIN || role == AUTH_DUP) + return TPM_RC_POLICY_FAIL; + } // Check command locality. { - BYTE sessionLocality[sizeof(TPMA_LOCALITY)]; - BYTE* buffer = sessionLocality; + BYTE sessionLocality[sizeof(TPMA_LOCALITY)]; + BYTE* buffer = sessionLocality; - // Get existing locality setting in canonical form - sessionLocality[0] = 0; - TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL); + // Get existing locality setting in canonical form + sessionLocality[0] = 0; + TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL); - // See if the locality has been set - if(sessionLocality[0] != 0) - { - // If so, get the current locality - locality = _plat__LocalityGet(); - if(locality < 5) - { - if(((sessionLocality[0] & (1 << locality)) == 0) - || sessionLocality[0] > 31) - return TPM_RC_LOCALITY; - } - else if(locality > 31) - { - if(sessionLocality[0] != locality) - return TPM_RC_LOCALITY; - } - else - { - // Could throw an assert here but a locality error is just - // as good. It just means that, whatever the locality is, it isn't - // the locality requested so... - return TPM_RC_LOCALITY; - } - } + // See if the locality has been set + if(sessionLocality[0] != 0) + { + // If so, get the current locality + locality = _plat__LocalityGet(); + if(locality < 5) + { + if(((sessionLocality[0] & (1 << locality)) == 0) + || sessionLocality[0] > 31) + return TPM_RC_LOCALITY; + } + else if(locality > 31) + { + if(sessionLocality[0] != locality) + return TPM_RC_LOCALITY; + } + else + { + // Could throw an assert here but a locality error is just + // as good. It just means that, whatever the locality is, it isn't + // the locality requested so... + return TPM_RC_LOCALITY; + } + } } // end of locality check // Check physical presence. if(session->attributes.isPPRequired == SET && !_plat__PhysicalPresenceAsserted()) - return TPM_RC_PP; + return TPM_RC_PP; // Compare cpHash/nameHash/pHash/templateHash if defined. if(session->u1.cpHash.b.size != 0) - { - BOOL OK = FALSE; - if(session->attributes.isCpHashDefined) - // Compare cpHash. - OK = MemoryEqual2B(&session->u1.cpHash.b, - &ComputeCpHash(command, session->authHashAlg)->b); - else if(g_RuntimeProfile.stateFormatLevel >= 4 // libtpms added - && session->attributes.isNameHashDefined) - OK = CompareNameHash(command, session); - else if(session->attributes.isParametersHashDefined) - OK = CompareParametersHash(command, session); - else if(session->attributes.isTemplateHashDefined) - OK = CompareTemplateHash(command, session); - else if (g_RuntimeProfile.stateFormatLevel < 4) // libtpms added: backwards compatibility - OK = CompareNameHash(command, session); // libtpms added: backwards compatibility - if(!OK) - return TPM_RCS_POLICY_FAIL; - } + { + BOOL OK = FALSE; + if(session->attributes.isCpHashDefined) + // Compare cpHash. + OK = MemoryEqual2B(&session->u1.cpHash.b, + &ComputeCpHash(command, session->authHashAlg)->b); + else if(g_RuntimeProfile.stateFormatLevel >= 4 // libtpms added + && session->attributes.isNameHashDefined) + OK = CompareNameHash(command, session); + else if(session->attributes.isParametersHashDefined) + OK = CompareParametersHash(command, session); + else if(session->attributes.isTemplateHashDefined) + OK = CompareTemplateHash(command, session); + else if (g_RuntimeProfile.stateFormatLevel < 4) // libtpms added: backwards compatibility + OK = CompareNameHash(command, session); // libtpms added: backwards compatibility + if(!OK) + return TPM_RCS_POLICY_FAIL; + } if(session->attributes.checkNvWritten) - { - NV_REF locator; - NV_INDEX* nvIndex; - // - // If this is not an NV index, the policy makes no sense so fail it. - if(HandleGetType(s_associatedHandles[sessionIndex]) != TPM_HT_NV_INDEX) - return TPM_RC_POLICY_FAIL; - // Get the index data - nvIndex = NvGetIndexInfo(s_associatedHandles[sessionIndex], &locator); + { + NV_REF locator; + NV_INDEX* nvIndex; + // + // If this is not an NV index, the policy makes no sense so fail it. + if(HandleGetType(s_associatedHandles[sessionIndex]) != TPM_HT_NV_INDEX) + return TPM_RC_POLICY_FAIL; + // Get the index data + nvIndex = NvGetIndexInfo(s_associatedHandles[sessionIndex], &locator); - // Make sure that the TPMA_WRITTEN_ATTRIBUTE has the desired state - if((IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) - != (session->attributes.nvWrittenState == SET)) - return TPM_RC_POLICY_FAIL; - } + // Make sure that the TPMA_WRITTEN_ATTRIBUTE has the desired state + if((IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) + != (session->attributes.nvWrittenState == SET)) + return TPM_RC_POLICY_FAIL; + } return TPM_RC_SUCCESS; } @@ -1129,8 +1130,8 @@ static TPM_RC CheckPolicyAuthSession( // as the value for authorizationSize in the command // static TPM_RC RetrieveSessionData( - COMMAND* command // IN: main parsing structure for command - ) + COMMAND* command // IN: main parsing structure for command +) { int i; TPM_RC result; @@ -1145,140 +1146,140 @@ static TPM_RC RetrieveSessionData( s_auditSessionIndex = UNDEFINED_INDEX; for(sessionIndex = 0; command->authSize > 0; sessionIndex++) - { - errorIndex = TPM_RC_S + g_rcIndex[sessionIndex]; + { + errorIndex = TPM_RC_S + g_rcIndex[sessionIndex]; - // If maximum allowed number of sessions has been parsed, return a size - // error with a session number that is larger than the number of allowed - // sessions - if(sessionIndex == MAX_SESSION_NUM) - return TPM_RCS_SIZE + errorIndex; - // make sure that the associated handle for each session starts out - // unassigned - s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; + // If maximum allowed number of sessions has been parsed, return a size + // error with a session number that is larger than the number of allowed + // sessions + if(sessionIndex == MAX_SESSION_NUM) + return TPM_RCS_SIZE + errorIndex; + // make sure that the associated handle for each session starts out + // unassigned + s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; - // First parameter: Session handle. - result = TPMI_SH_AUTH_SESSION_Unmarshal(&s_sessionHandles[sessionIndex], - &command->parameterBuffer, - &command->authSize, - TRUE); - if(result != TPM_RC_SUCCESS) - return result + TPM_RC_S + g_rcIndex[sessionIndex]; - // Second parameter: Nonce. - result = TPM2B_NONCE_Unmarshal(&s_nonceCaller[sessionIndex], - &command->parameterBuffer, - &command->authSize); - if(result != TPM_RC_SUCCESS) - return result + TPM_RC_S + g_rcIndex[sessionIndex]; - // Third parameter: sessionAttributes. - result = TPMA_SESSION_Unmarshal(&s_attributes[sessionIndex], - &command->parameterBuffer, - &command->authSize); - if(result != TPM_RC_SUCCESS) - return result + TPM_RC_S + g_rcIndex[sessionIndex]; - // Fourth parameter: authValue (PW or HMAC). - result = TPM2B_AUTH_Unmarshal(&s_inputAuthValues[sessionIndex], - &command->parameterBuffer, - &command->authSize); - if(result != TPM_RC_SUCCESS) - return result + errorIndex; + // First parameter: Session handle. + result = TPMI_SH_AUTH_SESSION_Unmarshal(&s_sessionHandles[sessionIndex], + &command->parameterBuffer, + &command->authSize, + TRUE); + if(result != TPM_RC_SUCCESS) + return result + TPM_RC_S + g_rcIndex[sessionIndex]; + // Second parameter: Nonce. + result = TPM2B_NONCE_Unmarshal(&s_nonceCaller[sessionIndex], + &command->parameterBuffer, + &command->authSize); + if(result != TPM_RC_SUCCESS) + return result + TPM_RC_S + g_rcIndex[sessionIndex]; + // Third parameter: sessionAttributes. + result = TPMA_SESSION_Unmarshal(&s_attributes[sessionIndex], + &command->parameterBuffer, + &command->authSize); + if(result != TPM_RC_SUCCESS) + return result + TPM_RC_S + g_rcIndex[sessionIndex]; + // Fourth parameter: authValue (PW or HMAC). + result = TPM2B_AUTH_Unmarshal(&s_inputAuthValues[sessionIndex], + &command->parameterBuffer, + &command->authSize); + if(result != TPM_RC_SUCCESS) + return result + errorIndex; - sessionAttributes = s_attributes[sessionIndex]; - if(s_sessionHandles[sessionIndex] == TPM_RS_PW) - { - // A PWAP session needs additional processing. - // Can't have any attributes set other than continueSession bit - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt) - || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt) - || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit) - || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive) - || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset)) - return TPM_RCS_ATTRIBUTES + errorIndex; - // The nonce size must be zero. - if(s_nonceCaller[sessionIndex].t.size != 0) - return TPM_RCS_NONCE + errorIndex; - continue; - } - // For not password sessions... - // Find out if the session is loaded. - if(!SessionIsLoaded(s_sessionHandles[sessionIndex])) - return TPM_RC_REFERENCE_S0 + sessionIndex; - sessionType = HandleGetType(s_sessionHandles[sessionIndex]); - session = SessionGet(s_sessionHandles[sessionIndex]); + sessionAttributes = s_attributes[sessionIndex]; + if(s_sessionHandles[sessionIndex] == TPM_RS_PW) + { + // A PWAP session needs additional processing. + // Can't have any attributes set other than continueSession bit + if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt) + || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt) + || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit) + || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive) + || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset)) + return TPM_RCS_ATTRIBUTES + errorIndex; + // The nonce size must be zero. + if(s_nonceCaller[sessionIndex].t.size != 0) + return TPM_RCS_NONCE + errorIndex; + continue; + } + // For not password sessions... + // Find out if the session is loaded. + if(!SessionIsLoaded(s_sessionHandles[sessionIndex])) + return TPM_RC_REFERENCE_S0 + sessionIndex; + sessionType = HandleGetType(s_sessionHandles[sessionIndex]); + session = SessionGet(s_sessionHandles[sessionIndex]); - // Check if the session is an HMAC/policy session. - if((session->attributes.isPolicy == SET && sessionType == TPM_HT_HMAC_SESSION) - || (session->attributes.isPolicy == CLEAR - && sessionType == TPM_HT_POLICY_SESSION)) - return TPM_RCS_HANDLE + errorIndex; - // Check that this handle has not previously been used. - for(i = 0; i < sessionIndex; i++) - { - if(s_sessionHandles[i] == s_sessionHandles[sessionIndex]) - return TPM_RCS_HANDLE + errorIndex; - } - // If the session is used for parameter encryption or audit as well, set - // the corresponding Indexes. + // Check if the session is an HMAC/policy session. + if((session->attributes.isPolicy == SET && sessionType == TPM_HT_HMAC_SESSION) + || (session->attributes.isPolicy == CLEAR + && sessionType == TPM_HT_POLICY_SESSION)) + return TPM_RCS_HANDLE + errorIndex; + // Check that this handle has not previously been used. + for(i = 0; i < sessionIndex; i++) + { + if(s_sessionHandles[i] == s_sessionHandles[sessionIndex]) + return TPM_RCS_HANDLE + errorIndex; + } + // If the session is used for parameter encryption or audit as well, set + // the corresponding Indexes. - // First process decrypt. - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt)) - { - // Check if the commandCode allows command parameter encryption. - if(DecryptSize(command->index) == 0) - return TPM_RCS_ATTRIBUTES + errorIndex; - // Encrypt attribute can only appear in one session - if(s_decryptSessionIndex != UNDEFINED_INDEX) - return TPM_RCS_ATTRIBUTES + errorIndex; - // Can't decrypt if the session's symmetric algorithm is TPM_ALG_NULL - if(session->symmetric.algorithm == TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC + errorIndex; - // All checks passed, so set the index for the session used to decrypt - // a command parameter. - s_decryptSessionIndex = sessionIndex; - } - // Now process encrypt. - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt)) - { - // Check if the commandCode allows response parameter encryption. - if(EncryptSize(command->index) == 0) - return TPM_RCS_ATTRIBUTES + errorIndex; - // Encrypt attribute can only appear in one session. - if(s_encryptSessionIndex != UNDEFINED_INDEX) - return TPM_RCS_ATTRIBUTES + errorIndex; - // Can't encrypt if the session's symmetric algorithm is TPM_ALG_NULL - if(session->symmetric.algorithm == TPM_ALG_NULL) - return TPM_RCS_SYMMETRIC + errorIndex; - // All checks passed, so set the index for the session used to encrypt - // a response parameter. - s_encryptSessionIndex = sessionIndex; - } - // At last process audit. - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit)) - { - // Audit attribute can only appear in one session. - if(s_auditSessionIndex != UNDEFINED_INDEX) - return TPM_RCS_ATTRIBUTES + errorIndex; - // An audit session can not be policy session. - if(HandleGetType(s_sessionHandles[sessionIndex]) == TPM_HT_POLICY_SESSION) - return TPM_RCS_ATTRIBUTES + errorIndex; - // If this is a reset of the audit session, or the first use - // of the session as an audit session, it doesn't matter what - // the exclusive state is. The session will become exclusive. - if(!IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset) - && session->attributes.isAudit == SET) - { - // Not first use or reset. If auditExlusive is SET, then this - // session must be the current exclusive session. - if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive) - && g_exclusiveAuditSession != s_sessionHandles[sessionIndex]) - return TPM_RC_EXCLUSIVE; - } - s_auditSessionIndex = sessionIndex; - } - // Initialize associated handle as undefined. This will be changed when - // the handles are processed. - s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; - } + // First process decrypt. + if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt)) + { + // Check if the commandCode allows command parameter encryption. + if(DecryptSize(command->index) == 0) + return TPM_RCS_ATTRIBUTES + errorIndex; + // Encrypt attribute can only appear in one session + if(s_decryptSessionIndex != UNDEFINED_INDEX) + return TPM_RCS_ATTRIBUTES + errorIndex; + // Can't decrypt if the session's symmetric algorithm is TPM_ALG_NULL + if(session->symmetric.algorithm == TPM_ALG_NULL) + return TPM_RCS_SYMMETRIC + errorIndex; + // All checks passed, so set the index for the session used to decrypt + // a command parameter. + s_decryptSessionIndex = sessionIndex; + } + // Now process encrypt. + if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt)) + { + // Check if the commandCode allows response parameter encryption. + if(EncryptSize(command->index) == 0) + return TPM_RCS_ATTRIBUTES + errorIndex; + // Encrypt attribute can only appear in one session. + if(s_encryptSessionIndex != UNDEFINED_INDEX) + return TPM_RCS_ATTRIBUTES + errorIndex; + // Can't encrypt if the session's symmetric algorithm is TPM_ALG_NULL + if(session->symmetric.algorithm == TPM_ALG_NULL) + return TPM_RCS_SYMMETRIC + errorIndex; + // All checks passed, so set the index for the session used to encrypt + // a response parameter. + s_encryptSessionIndex = sessionIndex; + } + // At last process audit. + if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit)) + { + // Audit attribute can only appear in one session. + if(s_auditSessionIndex != UNDEFINED_INDEX) + return TPM_RCS_ATTRIBUTES + errorIndex; + // An audit session can not be policy session. + if(HandleGetType(s_sessionHandles[sessionIndex]) == TPM_HT_POLICY_SESSION) + return TPM_RCS_ATTRIBUTES + errorIndex; + // If this is a reset of the audit session, or the first use + // of the session as an audit session, it doesn't matter what + // the exclusive state is. The session will become exclusive. + if(!IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset) + && session->attributes.isAudit == SET) + { + // Not first use or reset. If auditExlusive is SET, then this + // session must be the current exclusive session. + if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive) + && g_exclusiveAuditSession != s_sessionHandles[sessionIndex]) + return TPM_RC_EXCLUSIVE; + } + s_auditSessionIndex = sessionIndex; + } + // Initialize associated handle as undefined. This will be changed when + // the handles are processed. + s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; + } command->sessionNum = sessionIndex; return TPM_RC_SUCCESS; } @@ -1294,50 +1295,50 @@ static TPM_RC RetrieveSessionData( // TPM_RC_NV_UNAVAILABLE NV is not available at this time // TPM_RC_LOCKOUT TPM is in lockout static TPM_RC CheckLockedOut( - BOOL lockoutAuthCheck // IN: TRUE if checking is for lockoutAuth - ) + BOOL lockoutAuthCheck // IN: TRUE if checking is for lockoutAuth +) { // If NV is unavailable, and current cycle state recorded in NV is not // SU_NONE_VALUE, refuse to check any authorization because we would // not be able to handle a DA failure. if(!NV_IS_AVAILABLE && NV_IS_ORDERLY) - return g_NvStatus; + return g_NvStatus; // Check if DA info needs to be updated in NV. if(s_DAPendingOnNV) - { - // If NV is accessible, - RETURN_IF_NV_IS_NOT_AVAILABLE; + { + // If NV is accessible, + RETURN_IF_NV_IS_NOT_AVAILABLE; - // ... write the pending DA data and proceed. - NV_SYNC_PERSISTENT(lockOutAuthEnabled); - NV_SYNC_PERSISTENT(failedTries); - s_DAPendingOnNV = FALSE; - } + // ... write the pending DA data and proceed. + NV_SYNC_PERSISTENT(lockOutAuthEnabled); + NV_SYNC_PERSISTENT(failedTries); + s_DAPendingOnNV = FALSE; + } // Lockout is in effect if checking for lockoutAuth and use of lockoutAuth // is disabled... if(lockoutAuthCheck) - { - if(gp.lockOutAuthEnabled == FALSE) - return TPM_RC_LOCKOUT; - } + { + if(gp.lockOutAuthEnabled == FALSE) + return TPM_RC_LOCKOUT; + } else - { - // ... or if the number of failed tries has been maxed out. - if(gp.failedTries >= gp.maxTries) - return TPM_RC_LOCKOUT; + { + // ... or if the number of failed tries has been maxed out. + if(gp.failedTries >= gp.maxTries) + return TPM_RC_LOCKOUT; #if USE_DA_USED - // If the daUsed flag is not SET, then no DA validation until the - // daUsed state is written to NV - if(!g_daUsed) - { - RETURN_IF_NV_IS_NOT_AVAILABLE; - g_daUsed = TRUE; - gp.orderlyState = SU_DA_USED_VALUE; - NV_SYNC_PERSISTENT(orderlyState); - return TPM_RC_SUCCESS; // libtpms changed: was TPM_RC_RETRY; - } + // If the daUsed flag is not SET, then no DA validation until the + // daUsed state is written to NV + if(!g_daUsed) + { + RETURN_IF_NV_IS_NOT_AVAILABLE; + g_daUsed = TRUE; + gp.orderlyState = SU_DA_USED_VALUE; + NV_SYNC_PERSISTENT(orderlyState); + return TPM_RC_SUCCESS; // libtpms changed: was TPM_RC_RETRY; + } #endif - } + } return TPM_RC_SUCCESS; } @@ -1363,9 +1364,9 @@ static TPM_RC CheckLockedOut( // TPM_RC_PCR // TPM_RC_AUTH_UNAVAILABLE authValue or authPolicy unavailable static TPM_RC CheckAuthSession( - COMMAND* command, // IN: primary parsing structure - UINT32 sessionIndex // IN: index of session to be processed - ) + COMMAND* command, // IN: primary parsing structure + UINT32 sessionIndex // IN: index of session to be processed +) { TPM_RC result = TPM_RC_SUCCESS; SESSION* session = NULL; @@ -1378,120 +1379,120 @@ static TPM_RC CheckAuthSession( // Take care of physical presence if(associatedHandle == TPM_RH_PLATFORM) - { - // If the physical presence is required for this command, check for PP - // assertion. If it isn't asserted, no point going any further. - if(PhysicalPresenceIsRequired(command->index) - && !_plat__PhysicalPresenceAsserted()) - return TPM_RC_PP; - } + { + // If the physical presence is required for this command, check for PP + // assertion. If it isn't asserted, no point going any further. + if(PhysicalPresenceIsRequired(command->index) + && !_plat__PhysicalPresenceAsserted()) + return TPM_RC_PP; + } if(sessionHandle != TPM_RS_PW) - { - session = SessionGet(sessionHandle); + { + session = SessionGet(sessionHandle); - // Set includeAuth to indicate if DA checking will be required and if the - // authValue will be included in any HMAC. - if(sessionHandleType == TPM_HT_POLICY_SESSION) - { - // For a policy session, will check the DA status of the entity if either - // isAuthValueNeeded or isPasswordNeeded is SET. - session->attributes.includeAuth = session->attributes.isAuthValueNeeded - || session->attributes.isPasswordNeeded; - } - else - { - // For an HMAC session, need to check unless the session - // is bound. - session->attributes.includeAuth = - !IsSessionBindEntity(s_associatedHandles[sessionIndex], session); - } - authUsed = session->attributes.includeAuth; - } + // Set includeAuth to indicate if DA checking will be required and if the + // authValue will be included in any HMAC. + if(sessionHandleType == TPM_HT_POLICY_SESSION) + { + // For a policy session, will check the DA status of the entity if either + // isAuthValueNeeded or isPasswordNeeded is SET. + session->attributes.includeAuth = session->attributes.isAuthValueNeeded + || session->attributes.isPasswordNeeded; + } + else + { + // For an HMAC session, need to check unless the session + // is bound. + session->attributes.includeAuth = + !IsSessionBindEntity(s_associatedHandles[sessionIndex], session); + } + authUsed = session->attributes.includeAuth; + } else - // Password session - authUsed = TRUE; + // Password session + authUsed = TRUE; // If the authorization session is going to use an authValue, then make sure // that access to that authValue isn't locked out. if(authUsed) - { - // See if entity is subject to lockout. - if(!IsDAExempted(associatedHandle)) - { - // See if in lockout - result = CheckLockedOut(associatedHandle == TPM_RH_LOCKOUT); - if(result != TPM_RC_SUCCESS) - return result; - } - } + { + // See if entity is subject to lockout. + if(!IsDAExempted(associatedHandle)) + { + // See if in lockout + result = CheckLockedOut(associatedHandle == TPM_RH_LOCKOUT); + if(result != TPM_RC_SUCCESS) + return result; + } + } // Policy or HMAC+PW? if(sessionHandleType != TPM_HT_POLICY_SESSION) - { - // for non-policy session make sure that a policy session is not required - if(IsPolicySessionRequired(command->index, sessionIndex)) - return TPM_RC_AUTH_TYPE; - // The authValue must be available. - // Note: The authValue is going to be "used" even if it is an EmptyAuth. - // and the session is bound. - if(!IsAuthValueAvailable(associatedHandle, command->index, sessionIndex)) - return TPM_RC_AUTH_UNAVAILABLE; - } + { + // for non-policy session make sure that a policy session is not required + if(IsPolicySessionRequired(command->index, sessionIndex)) + return TPM_RC_AUTH_TYPE; + // The authValue must be available. + // Note: The authValue is going to be "used" even if it is an EmptyAuth. + // and the session is bound. + if(!IsAuthValueAvailable(associatedHandle, command->index, sessionIndex)) + return TPM_RC_AUTH_UNAVAILABLE; + } else - { - // ... see if the entity has a policy, ... - // Note: IsAuthPolicyAvalable will return FALSE if the sensitive area of the - // object is not loaded - if(!IsAuthPolicyAvailable(associatedHandle, command->index, sessionIndex)) - return TPM_RC_AUTH_UNAVAILABLE; - // ... and check the policy session. - result = CheckPolicyAuthSession(command, sessionIndex); - if(result != TPM_RC_SUCCESS) - return result; - } + { + // ... see if the entity has a policy, ... + // Note: IsAuthPolicyAvalable will return FALSE if the sensitive area of the + // object is not loaded + if(!IsAuthPolicyAvailable(associatedHandle, command->index, sessionIndex)) + return TPM_RC_AUTH_UNAVAILABLE; + // ... and check the policy session. + result = CheckPolicyAuthSession(command, sessionIndex); + if(result != TPM_RC_SUCCESS) + return result; + } // Check authorization according to the type if((TPM_RS_PW == sessionHandle) || (session->attributes.isPasswordNeeded == SET)) - result = CheckPWAuthSession(sessionIndex); + result = CheckPWAuthSession(sessionIndex); else - result = CheckSessionHMAC(command, sessionIndex); + result = CheckSessionHMAC(command, sessionIndex); // Do processing for PIN Indexes are only three possibilities for 'result' at // this point: TPM_RC_SUCCESS, TPM_RC_AUTH_FAIL, and TPM_RC_BAD_AUTH. // For all these cases, we would have to process a PIN index if the // authValue of the index was used for authorization. if((TPM_HT_NV_INDEX == HandleGetType(associatedHandle)) && authUsed) - { - NV_REF locator; - NV_INDEX* nvIndex = NvGetIndexInfo(associatedHandle, &locator); - NV_PIN pinData; - TPMA_NV nvAttributes; - // - pAssert(nvIndex != NULL); - nvAttributes = nvIndex->publicArea.attributes; - // If this is a PIN FAIL index and the value has been written - // then we can update the counter (increment or clear) - if(IsNvPinFailIndex(nvAttributes) - && IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)) - { - pinData.intVal = NvGetUINT64Data(nvIndex, locator); - if(result != TPM_RC_SUCCESS) - pinData.pin.pinCount++; - else - pinData.pin.pinCount = 0; - NvWriteUINT64Data(nvIndex, pinData.intVal); - } - // If this is a PIN PASS Index, increment if we have used the - // authorization value. - // NOTE: If the counter has already hit the limit, then we - // would not get here because the authorization value would not - // be available and the TPM would have returned before it gets here - else if(IsNvPinPassIndex(nvAttributes) - && IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN) - && result == TPM_RC_SUCCESS) - { - // If the access is valid, then increment the use counter - pinData.intVal = NvGetUINT64Data(nvIndex, locator); - pinData.pin.pinCount++; - NvWriteUINT64Data(nvIndex, pinData.intVal); - } - } + { + NV_REF locator; + NV_INDEX* nvIndex = NvGetIndexInfo(associatedHandle, &locator); + NV_PIN pinData; + TPMA_NV nvAttributes; + // + pAssert(nvIndex != NULL); + nvAttributes = nvIndex->publicArea.attributes; + // If this is a PIN FAIL index and the value has been written + // then we can update the counter (increment or clear) + if(IsNvPinFailIndex(nvAttributes) + && IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)) + { + pinData.intVal = NvGetUINT64Data(nvIndex, locator); + if(result != TPM_RC_SUCCESS) + pinData.pin.pinCount++; + else + pinData.pin.pinCount = 0; + NvWriteUINT64Data(nvIndex, pinData.intVal); + } + // If this is a PIN PASS Index, increment if we have used the + // authorization value. + // NOTE: If the counter has already hit the limit, then we + // would not get here because the authorization value would not + // be available and the TPM would have returned before it gets here + else if(IsNvPinPassIndex(nvAttributes) + && IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN) + && result == TPM_RC_SUCCESS) + { + // If the access is valid, then increment the use counter + pinData.intVal = NvGetUINT64Data(nvIndex, locator); + pinData.pin.pinCount++; + NvWriteUINT64Data(nvIndex, pinData.intVal); + } + } return result; } @@ -1511,9 +1512,9 @@ static TPM_RC CheckCommandAudit(COMMAND* command) // the TPM from attempting an operation that would fail anyway. if(gr.commandAuditDigest.t.size == 0 || GetCommandCode(command->index) == TPM_CC_GetCommandAuditDigest) - { - RETURN_IF_NV_IS_NOT_AVAILABLE; - } + { + RETURN_IF_NV_IS_NOT_AVAILABLE; + } // Make sure that the cpHash is computed for the algorithm ComputeCpHash(command, gp.auditHashAlg); return TPM_RC_SUCCESS; @@ -1531,7 +1532,7 @@ static TPM_RC CheckCommandAudit(COMMAND* command) // TPM_RC ParseSessionBuffer(COMMAND* command // IN: the structure that contains - ) +) { TPM_RC result; UINT32 i; @@ -1543,111 +1544,111 @@ ParseSessionBuffer(COMMAND* command // IN: the structure that contains // // Check if a command allows any session in its session area. if(!IsSessionAllowed(command->index)) - return TPM_RC_AUTH_CONTEXT; + return TPM_RC_AUTH_CONTEXT; // Default-initialization. command->sessionNum = 0; result = RetrieveSessionData(command); if(result != TPM_RC_SUCCESS) - return result; + return result; // There is no command in the TPM spec that has more handles than // MAX_SESSION_NUM. pAssert(command->handleNum <= MAX_SESSION_NUM); // Associate the session with an authorization handle. for(i = 0; i < command->handleNum; i++) - { - if(CommandAuthRole(command->index, i) != AUTH_NONE) - { - // If the received session number is less than the number of handles - // that requires authorization, an error should be returned. - // Note: for all the TPM 2.0 commands, handles requiring - // authorization come first in a command input and there are only ever - // two values requiring authorization - if(command->sessionNum == 0) // libtpms added begin (Coverity 1550499) - return TPM_RC_AUTH_MISSING; // libtpms added end - if(i > (command->sessionNum - 1)) - return TPM_RC_AUTH_MISSING; - // Record the handle associated with the authorization session - s_associatedHandles[i] = HierarchyNormalizeHandle(command->handles[i]); - } - } + { + if(CommandAuthRole(command->index, i) != AUTH_NONE) + { + // If the received session number is less than the number of handles + // that requires authorization, an error should be returned. + // Note: for all the TPM 2.0 commands, handles requiring + // authorization come first in a command input and there are only ever + // two values requiring authorization + if(command->sessionNum == 0) // libtpms added begin (Coverity 1550499) + return TPM_RC_AUTH_MISSING; // libtpms added end + if(i > (command->sessionNum - 1)) + return TPM_RC_AUTH_MISSING; + // Record the handle associated with the authorization session + s_associatedHandles[i] = HierarchyNormalizeHandle(command->handles[i]); + } + } // Consistency checks are done first to avoid authorization failure when the // command will not be executed anyway. for(sessionIndex = 0; sessionIndex < command->sessionNum; sessionIndex++) - { - errorIndex = TPM_RC_S + g_rcIndex[sessionIndex]; - // PW session must be an authorization session - if(s_sessionHandles[sessionIndex] == TPM_RS_PW) - { - if(s_associatedHandles[sessionIndex] == TPM_RH_UNASSIGNED) - return TPM_RCS_HANDLE + errorIndex; - // a password session can't be audit, encrypt or decrypt - if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit) - || IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt) - || IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt)) - return TPM_RCS_ATTRIBUTES + errorIndex; - session = NULL; - } - else - { - session = SessionGet(s_sessionHandles[sessionIndex]); + { + errorIndex = TPM_RC_S + g_rcIndex[sessionIndex]; + // PW session must be an authorization session + if(s_sessionHandles[sessionIndex] == TPM_RS_PW) + { + if(s_associatedHandles[sessionIndex] == TPM_RH_UNASSIGNED) + return TPM_RCS_HANDLE + errorIndex; + // a password session can't be audit, encrypt or decrypt + if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit) + || IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt) + || IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt)) + return TPM_RCS_ATTRIBUTES + errorIndex; + session = NULL; + } + else + { + session = SessionGet(s_sessionHandles[sessionIndex]); - // A trial session can not appear in session area, because it cannot - // be used for authorization, audit or encrypt/decrypt. - if(session->attributes.isTrialPolicy == SET) - return TPM_RCS_ATTRIBUTES + errorIndex; + // A trial session can not appear in session area, because it cannot + // be used for authorization, audit or encrypt/decrypt. + if(session->attributes.isTrialPolicy == SET) + return TPM_RCS_ATTRIBUTES + errorIndex; - // See if the session is bound to a DA protected entity - // NOTE: Since a policy session is never bound, a policy is still - // usable even if the object is DA protected and the TPM is in - // lockout. - if(session->attributes.isDaBound == SET) - { - result = CheckLockedOut(session->attributes.isLockoutBound == SET); - if(result != TPM_RC_SUCCESS) - return result; - } - // If this session is for auditing, make sure the cpHash is computed. - if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit)) - ComputeCpHash(command, session->authHashAlg); - } + // See if the session is bound to a DA protected entity + // NOTE: Since a policy session is never bound, a policy is still + // usable even if the object is DA protected and the TPM is in + // lockout. + if(session->attributes.isDaBound == SET) + { + result = CheckLockedOut(session->attributes.isLockoutBound == SET); + if(result != TPM_RC_SUCCESS) + return result; + } + // If this session is for auditing, make sure the cpHash is computed. + if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit)) + ComputeCpHash(command, session->authHashAlg); + } - // if the session has an associated handle, check the authorization - if(s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) - { - result = CheckAuthSession(command, sessionIndex); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, errorIndex); - } - else - { - // a session that is not for authorization must either be encrypt, - // decrypt, or audit - if(!IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit) - && !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt) - && !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt)) - return TPM_RCS_ATTRIBUTES + errorIndex; + // if the session has an associated handle, check the authorization + if(s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) + { + result = CheckAuthSession(command, sessionIndex); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, errorIndex); + } + else + { + // a session that is not for authorization must either be encrypt, + // decrypt, or audit + if(!IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit) + && !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt) + && !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt)) + return TPM_RCS_ATTRIBUTES + errorIndex; - // no authValue included in any of the HMAC computations - pAssert(session != NULL); - session->attributes.includeAuth = CLEAR; + // no authValue included in any of the HMAC computations + pAssert(session != NULL); + session->attributes.includeAuth = CLEAR; - // check HMAC for encrypt/decrypt/audit only sessions - result = CheckSessionHMAC(command, sessionIndex); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, errorIndex); - } - } + // check HMAC for encrypt/decrypt/audit only sessions + result = CheckSessionHMAC(command, sessionIndex); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, errorIndex); + } + } #if CC_GetCommandAuditDigest // Check if the command should be audited. Need to do this before any parameter // encryption so that the cpHash for the audit is correct if(CommandAuditIsRequired(command->index)) - { - result = CheckCommandAudit(command); - if(result != TPM_RC_SUCCESS) - return result; // No session number to reference - } + { + result = CheckCommandAudit(command); + if(result != TPM_RC_SUCCESS) + return result; // No session number to reference + } #endif // Decrypt the first parameter if applicable. This should be the last operation // in session processing. @@ -1656,28 +1657,28 @@ ParseSessionBuffer(COMMAND* command // IN: the structure that contains // generate encryption key, no matter if the handle is the session bound entity // or not. if(s_decryptSessionIndex != UNDEFINED_INDEX) - { - // If this is an authorization session, include the authValue in the - // generation of the decryption key - if(s_associatedHandles[s_decryptSessionIndex] != TPM_RH_UNASSIGNED) - { - EntityGetAuthValue(s_associatedHandles[s_decryptSessionIndex], &extraKey); - } - else - { - extraKey.b.size = 0; - } - size = DecryptSize(command->index); - result = CryptParameterDecryption(s_sessionHandles[s_decryptSessionIndex], - &s_nonceCaller[s_decryptSessionIndex].b, - command->parameterSize, - (UINT16)size, - &extraKey, - command->parameterBuffer); - if(result != TPM_RC_SUCCESS) - return RcSafeAddToResult(result, - TPM_RC_S + g_rcIndex[s_decryptSessionIndex]); - } + { + // If this is an authorization session, include the authValue in the + // generation of the decryption key + if(s_associatedHandles[s_decryptSessionIndex] != TPM_RH_UNASSIGNED) + { + EntityGetAuthValue(s_associatedHandles[s_decryptSessionIndex], &extraKey); + } + else + { + extraKey.b.size = 0; + } + size = DecryptSize(command->index); + result = CryptParameterDecryption(s_sessionHandles[s_decryptSessionIndex], + &s_nonceCaller[s_decryptSessionIndex].b, + command->parameterSize, + (UINT16)size, + &extraKey, + command->parameterBuffer); + if(result != TPM_RC_SUCCESS) + return RcSafeAddToResult(result, + TPM_RC_S + g_rcIndex[s_decryptSessionIndex]); + } return TPM_RC_SUCCESS; } @@ -1691,7 +1692,7 @@ ParseSessionBuffer(COMMAND* command // IN: the structure that contains // authorization TPM_RC CheckAuthNoSession(COMMAND* command // IN: command parsing structure - ) +) { UINT32 i; #if CC_GetCommandAuditDigest @@ -1700,18 +1701,18 @@ CheckAuthNoSession(COMMAND* command // IN: command parsing structure // // Check if the command requires authorization for(i = 0; i < command->handleNum; i++) - { - if(CommandAuthRole(command->index, i) != AUTH_NONE) - return TPM_RC_AUTH_MISSING; - } + { + if(CommandAuthRole(command->index, i) != AUTH_NONE) + return TPM_RC_AUTH_MISSING; + } #if CC_GetCommandAuditDigest // Check if the command should be audited. if(CommandAuditIsRequired(command->index)) - { - result = CheckCommandAudit(command); - if(result != TPM_RC_SUCCESS) - return result; - } + { + result = CheckCommandAudit(command); + if(result != TPM_RC_SUCCESS) + return result; + } #endif // Initialize number of sessions to be 0 command->sessionNum = 0; @@ -1731,35 +1732,35 @@ CheckAuthNoSession(COMMAND* command // IN: command parsing structure // computed if there is an HMAC authorization session and the return code is // TPM_RC_SUCCESS. static TPM2B_DIGEST* ComputeRpHash( - COMMAND* command, // IN: command structure - TPM_ALG_ID hashAlg // IN: hash algorithm to compute rpHash - ) + COMMAND* command, // IN: command structure + TPM_ALG_ID hashAlg // IN: hash algorithm to compute rpHash +) { TPM2B_DIGEST* rpHash = GetRpHashPointer(command, hashAlg); HASH_STATE hashState; // if(rpHash->t.size == 0) - { - // rpHash := hash(responseCode || commandCode || parameters) + { + // rpHash := hash(responseCode || commandCode || parameters) - // Initiate hash creation. - rpHash->t.size = CryptHashStart(&hashState, hashAlg); + // Initiate hash creation. + rpHash->t.size = CryptHashStart(&hashState, hashAlg); - // Add hash constituents. - CryptDigestUpdateInt(&hashState, sizeof(TPM_RC), TPM_RC_SUCCESS); - CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code); - CryptDigestUpdate( - &hashState, command->parameterSize, command->parameterBuffer); - // Complete hash computation. - CryptHashEnd2B(&hashState, &rpHash->b); - } + // Add hash constituents. + CryptDigestUpdateInt(&hashState, sizeof(TPM_RC), TPM_RC_SUCCESS); + CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code); + CryptDigestUpdate( + &hashState, command->parameterSize, command->parameterBuffer); + // Complete hash computation. + CryptHashEnd2B(&hashState, &rpHash->b); + } return rpHash; } //*** InitAuditSession() // This function initializes the audit data in an audit session. static void InitAuditSession(SESSION* session // session to be initialized - ) +) { // Mark session as an audit session. session->attributes.isAudit = SET; @@ -1778,7 +1779,7 @@ static void InitAuditSession(SESSION* session // session to be initialized //*** UpdateAuditDigest // Function to update an audit digest static void UpdateAuditDigest( - COMMAND* command, TPMI_ALG_HASH hashAlg, TPM2B_DIGEST* digest) + COMMAND* command, TPMI_ALG_HASH hashAlg, TPM2B_DIGEST* digest) { HASH_STATE hashState; TPM2B_DIGEST* cpHash = GetCpHash(command, hashAlg); @@ -1802,11 +1803,11 @@ static void UpdateAuditDigest( //*** Audit() //This function updates the audit digest in an audit session. static void Audit(COMMAND* command, // IN: primary control structure - SESSION* auditSession // IN: loaded audit session - ) + SESSION* auditSession // IN: loaded audit session +) { UpdateAuditDigest( - command, auditSession->authHashAlg, &auditSession->u2.auditDigest); + command, auditSession->authHashAlg, &auditSession->u2.auditDigest); return; } @@ -1814,7 +1815,7 @@ static void Audit(COMMAND* command, // IN: primary control structure //*** CommandAudit() // This function updates the command audit digest. static void CommandAudit(COMMAND* command // IN: - ) +) { // If the digest.size is one, it indicates the special case of changing // the audit hash algorithm. For this case, no audit is done on exit. @@ -1823,21 +1824,21 @@ static void CommandAudit(COMMAND* command // IN: // be recorded. So, it is safe to exit here without setting any flags // because the digest change will be written to NV when this code exits. if(gr.commandAuditDigest.t.size == 1) - { - gr.commandAuditDigest.t.size = 0; - return; - } + { + gr.commandAuditDigest.t.size = 0; + return; + } // If the digest size is zero, need to start a new digest and increment // the audit counter. if(gr.commandAuditDigest.t.size == 0) - { - gr.commandAuditDigest.t.size = CryptHashGetDigestSize(gp.auditHashAlg); - MemorySet(gr.commandAuditDigest.t.buffer, 0, gr.commandAuditDigest.t.size); + { + gr.commandAuditDigest.t.size = CryptHashGetDigestSize(gp.auditHashAlg); + MemorySet(gr.commandAuditDigest.t.buffer, 0, gr.commandAuditDigest.t.size); - // Bump the counter and save its value to NV. - gp.auditCounter++; - NV_SYNC_PERSISTENT(auditCounter); - } + // Bump the counter and save its value to NV. + gp.auditCounter++; + NV_SYNC_PERSISTENT(auditCounter); + } UpdateAuditDigest(command, gp.auditHashAlg, &gr.commandAuditDigest); return; } @@ -1851,65 +1852,65 @@ static void CommandAudit(COMMAND* command // IN: // c) extend audit log; and // d) clear exclusive audit session if no audit session found in the command. static void UpdateAuditSessionStatus( - COMMAND* command // IN: primary control structure - ) + COMMAND* command // IN: primary control structure +) { UINT32 i; TPM_HANDLE auditSession = TPM_RH_UNASSIGNED; // // Iterate through sessions for(i = 0; i < command->sessionNum; i++) - { - SESSION* session; - // - // PW session do not have a loaded session and can not be an audit - // session either. Skip it. - if(s_sessionHandles[i] == TPM_RS_PW) - continue; - session = SessionGet(s_sessionHandles[i]); + { + SESSION* session; + // + // PW session do not have a loaded session and can not be an audit + // session either. Skip it. + if(s_sessionHandles[i] == TPM_RS_PW) + continue; + session = SessionGet(s_sessionHandles[i]); - // If a session is used for audit - if(IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, audit)) - { - // An audit session has been found - auditSession = s_sessionHandles[i]; + // If a session is used for audit + if(IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, audit)) + { + // An audit session has been found + auditSession = s_sessionHandles[i]; - // If the session has not been an audit session yet, or - // the auditSetting bits indicate a reset, initialize it and set - // it to be the exclusive session - if(session->attributes.isAudit == CLEAR - || IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditReset)) - { - InitAuditSession(session); - g_exclusiveAuditSession = auditSession; - } - else - { - // Check if the audit session is the current exclusive audit - // session and, if not, clear previous exclusive audit session. - if(g_exclusiveAuditSession != auditSession) - g_exclusiveAuditSession = TPM_RH_UNASSIGNED; - } - // Report audit session exclusivity. - if(g_exclusiveAuditSession == auditSession) - { - SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive); - } - else - { - CLEAR_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive); - } - // Extend audit log. - Audit(command, session); - } - } + // If the session has not been an audit session yet, or + // the auditSetting bits indicate a reset, initialize it and set + // it to be the exclusive session + if(session->attributes.isAudit == CLEAR + || IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditReset)) + { + InitAuditSession(session); + g_exclusiveAuditSession = auditSession; + } + else + { + // Check if the audit session is the current exclusive audit + // session and, if not, clear previous exclusive audit session. + if(g_exclusiveAuditSession != auditSession) + g_exclusiveAuditSession = TPM_RH_UNASSIGNED; + } + // Report audit session exclusivity. + if(g_exclusiveAuditSession == auditSession) + { + SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive); + } + else + { + CLEAR_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive); + } + // Extend audit log. + Audit(command, session); + } + } // If no audit session is found in the command, and the command allows // a session then, clear the current exclusive // audit session. if(auditSession == TPM_RH_UNASSIGNED && IsSessionAllowed(command->index)) - { - g_exclusiveAuditSession = TPM_RH_UNASSIGNED; - } + { + g_exclusiveAuditSession = TPM_RH_UNASSIGNED; + } return; } @@ -1946,11 +1947,11 @@ static void UpdateAuditSessionStatus( // with a particular use of the session. */ static void ComputeResponseHMAC( - COMMAND* command, // IN: command structure - UINT32 sessionIndex, // IN: session index to be processed - SESSION* session, // IN: loaded session - TPM2B_DIGEST* hmac // OUT: authHMAC - ) + COMMAND* command, // IN: command structure + UINT32 sessionIndex, // IN: session index to be processed + SESSION* session, // IN: loaded session + TPM2B_DIGEST* hmac // OUT: authHMAC +) { TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2)); TPM2B_KEY key; // HMAC key @@ -1965,29 +1966,29 @@ static void ComputeResponseHMAC( // Add the object authValue if required if(session->attributes.includeAuth == SET) - { - // Note: includeAuth may be SET for a policy that is used in - // UndefineSpaceSpecial(). At this point, the Index has been deleted - // so the includeAuth will have no meaning. However, the - // s_associatedHandles[] value for the session is now set to TPM_RH_NULL so - // this will return the authValue associated with TPM_RH_NULL and that is - // and empty buffer. - TPM2B_AUTH authValue; - // - // Get the authValue with trailing zeros removed - EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue); + { + // Note: includeAuth may be SET for a policy that is used in + // UndefineSpaceSpecial(). At this point, the Index has been deleted + // so the includeAuth will have no meaning. However, the + // s_associatedHandles[] value for the session is now set to TPM_RH_NULL so + // this will return the authValue associated with TPM_RH_NULL and that is + // and empty buffer. + TPM2B_AUTH authValue; + // + // Get the authValue with trailing zeros removed + EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue); - // Add it to the key - MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer)); - } + // Add it to the key + MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer)); + } // if the HMAC key size is 0, the response HMAC is computed according to the // input HMAC if(key.t.size == 0 && s_inputAuthValues[sessionIndex].t.size == 0) - { - hmac->t.size = 0; - return; - } + { + hmac->t.size = 0; + return; + } // Start HMAC computation. hmac->t.size = CryptHmacStart2B(&hmacState, session->authHashAlg, &key.b); @@ -2012,29 +2013,29 @@ static void ComputeResponseHMAC( // a) restarting session time; and // b) clearing a policy session since nonce is rolling. static void UpdateInternalSession(SESSION* session, // IN: the session structure - UINT32 i // IN: session number - ) + UINT32 i // IN: session number +) { // If nonce is rolling in a policy session, the policy related data // will be re-initialized. if(HandleGetType(s_sessionHandles[i]) == TPM_HT_POLICY_SESSION && IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession)) - { - // When the nonce rolls it starts a new timing interval for the - // policy session. - SessionResetPolicyData(session); - SessionSetStartTime(session); - } + { + // When the nonce rolls it starts a new timing interval for the + // policy session. + SessionResetPolicyData(session); + SessionSetStartTime(session); + } return; } //*** BuildSingleResponseAuth() // Function to compute response HMAC value for a policy or HMAC session. static TPM2B_NONCE* BuildSingleResponseAuth( - COMMAND* command, // IN: command structure - UINT32 sessionIndex, // IN: session index to be processed - TPM2B_AUTH* auth // OUT: authHMAC - ) + COMMAND* command, // IN: command structure + UINT32 sessionIndex, // IN: session index to be processed + TPM2B_AUTH* auth // OUT: authHMAC +) { // Fill in policy/HMAC based session response. SESSION* session = SessionGet(s_sessionHandles[sessionIndex]); @@ -2043,10 +2044,10 @@ static TPM2B_NONCE* BuildSingleResponseAuth( // authorization field is empty. if(HandleGetType(s_sessionHandles[sessionIndex]) == TPM_HT_POLICY_SESSION && session->attributes.isPasswordNeeded == SET) - auth->t.size = 0; + auth->t.size = 0; else - // Compute response HMAC. - ComputeResponseHMAC(command, sessionIndex, session, auth); + // Compute response HMAC. + ComputeResponseHMAC(command, sessionIndex, session, auth); UpdateInternalSession(session, sessionIndex); return &session->nonceTPM; @@ -2055,21 +2056,21 @@ static TPM2B_NONCE* BuildSingleResponseAuth( //*** UpdateAllNonceTPM() // Updates TPM nonce for all sessions in command. static void UpdateAllNonceTPM(COMMAND* command // IN: controlling structure - ) +) { UINT32 i; SESSION* session; // for(i = 0; i < command->sessionNum; i++) - { - // If not a PW session, compute the new nonceTPM. - if(s_sessionHandles[i] != TPM_RS_PW) - { - session = SessionGet(s_sessionHandles[i]); - // Update nonceTPM in both internal session and response. - CryptRandomGenerate(session->nonceTPM.t.size, session->nonceTPM.t.buffer); - } - } + { + // If not a PW session, compute the new nonceTPM. + if(s_sessionHandles[i] != TPM_RS_PW) + { + session = SessionGet(s_sessionHandles[i]); + // Update nonceTPM in both internal session and response. + CryptRandomGenerate(session->nonceTPM.t.size, session->nonceTPM.t.buffer); + } + } return; } @@ -2083,8 +2084,8 @@ static void UpdateAllNonceTPM(COMMAND* command // IN: controlling structure // marshaled as parameters in the output buffer. TPM_RC BuildResponseSession(COMMAND* command // IN: structure that has relevant command - // information - ) + // information +) { TPM_RC result = TPM_RC_SUCCESS; @@ -2097,97 +2098,97 @@ BuildResponseSession(COMMAND* command // IN: structure that has relevant comman // Session nonces should be updated before parameter encryption if(command->tag == TPM_ST_SESSIONS) - { - UpdateAllNonceTPM(command); + { + UpdateAllNonceTPM(command); - // Encrypt first parameter if applicable. Parameter encryption should - // happen after nonce update and before any rpHash is computed. - // If the encrypt session is associated with a handle, the authValue of - // this handle will be concatenated with sessionKey to generate - // encryption key, no matter if the handle is the session bound entity - // or not. The authValue is added to sessionKey only when the authValue - // is available. - if(s_encryptSessionIndex != UNDEFINED_INDEX) - { - UINT32 size; - TPM2B_AUTH extraKey; - // - extraKey.b.size = 0; - // If this is an authorization session, include the authValue in the - // generation of the encryption key - if(s_associatedHandles[s_encryptSessionIndex] != TPM_RH_UNASSIGNED) - { - EntityGetAuthValue(s_associatedHandles[s_encryptSessionIndex], - &extraKey); - } - size = EncryptSize(command->index); - // This function operates on internally-generated data that is - // expected to be well-formed for parameter encryption. - // In the event that there is a bug elsewhere in the code and the - // input data is not well-formed, CryptParameterEncryption will - // put the TPM into failure mode instead of allowing the out-of- - // band write. - CryptParameterEncryption(s_sessionHandles[s_encryptSessionIndex], - &s_nonceCaller[s_encryptSessionIndex].b, - command->parameterSize, - (UINT16)size, - &extraKey, - command->parameterBuffer); - if(g_inFailureMode) - { - result = TPM_RC_FAILURE; - goto Cleanup; - } - } - } + // Encrypt first parameter if applicable. Parameter encryption should + // happen after nonce update and before any rpHash is computed. + // If the encrypt session is associated with a handle, the authValue of + // this handle will be concatenated with sessionKey to generate + // encryption key, no matter if the handle is the session bound entity + // or not. The authValue is added to sessionKey only when the authValue + // is available. + if(s_encryptSessionIndex != UNDEFINED_INDEX) + { + UINT32 size; + TPM2B_AUTH extraKey; + // + extraKey.b.size = 0; + // If this is an authorization session, include the authValue in the + // generation of the encryption key + if(s_associatedHandles[s_encryptSessionIndex] != TPM_RH_UNASSIGNED) + { + EntityGetAuthValue(s_associatedHandles[s_encryptSessionIndex], + &extraKey); + } + size = EncryptSize(command->index); + // This function operates on internally-generated data that is + // expected to be well-formed for parameter encryption. + // In the event that there is a bug elsewhere in the code and the + // input data is not well-formed, CryptParameterEncryption will + // put the TPM into failure mode instead of allowing the out-of- + // band write. + CryptParameterEncryption(s_sessionHandles[s_encryptSessionIndex], + &s_nonceCaller[s_encryptSessionIndex].b, + command->parameterSize, + (UINT16)size, + &extraKey, + command->parameterBuffer); + if(g_inFailureMode) + { + result = TPM_RC_FAILURE; + goto Cleanup; + } + } + } // Audit sessions should be processed regardless of the tag because // a command with no session may cause a change of the exclusivity state. UpdateAuditSessionStatus(command); #if CC_GetCommandAuditDigest // Command Audit if(CommandAuditIsRequired(command->index)) - CommandAudit(command); + CommandAudit(command); #endif // Process command with sessions. if(command->tag == TPM_ST_SESSIONS) - { - UINT32 i; - // - pAssert(command->sessionNum > 0); + { + UINT32 i; + // + pAssert(command->sessionNum > 0); - // Iterate over each session in the command session area, and create - // corresponding sessions for response. - for(i = 0; i < command->sessionNum; i++) - { - TPM2B_NONCE* nonceTPM; - TPM2B_DIGEST responseAuth; - // Make sure that continueSession is SET on any Password session. - // This makes it marginally easier for the management software - // to keep track of the closed sessions. - if(s_sessionHandles[i] == TPM_RS_PW) - { - SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession); - responseAuth.t.size = 0; - nonceTPM = (TPM2B_NONCE*)&responseAuth; - } - else - { - // Compute the response HMAC and get a pointer to the nonce used. - // This function will also update the values if needed. Note, the - nonceTPM = BuildSingleResponseAuth(command, i, &responseAuth); - } - command->authSize += - TPM2B_NONCE_Marshal(nonceTPM, &command->responseBuffer, NULL); - command->authSize += TPMA_SESSION_Marshal( - &s_attributes[i], &command->responseBuffer, NULL); - command->authSize += - TPM2B_DIGEST_Marshal(&responseAuth, &command->responseBuffer, NULL); - if(!IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession)) - SessionFlush(s_sessionHandles[i]); - } - } + // Iterate over each session in the command session area, and create + // corresponding sessions for response. + for(i = 0; i < command->sessionNum; i++) + { + TPM2B_NONCE* nonceTPM; + TPM2B_DIGEST responseAuth; + // Make sure that continueSession is SET on any Password session. + // This makes it marginally easier for the management software + // to keep track of the closed sessions. + if(s_sessionHandles[i] == TPM_RS_PW) + { + SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession); + responseAuth.t.size = 0; + nonceTPM = (TPM2B_NONCE*)&responseAuth; + } + else + { + // Compute the response HMAC and get a pointer to the nonce used. + // This function will also update the values if needed. Note, the + nonceTPM = BuildSingleResponseAuth(command, i, &responseAuth); + } + command->authSize += + TPM2B_NONCE_Marshal(nonceTPM, &command->responseBuffer, NULL); + command->authSize += TPMA_SESSION_Marshal( + &s_attributes[i], &command->responseBuffer, NULL); + command->authSize += + TPM2B_DIGEST_Marshal(&responseAuth, &command->responseBuffer, NULL); + if(!IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession)) + SessionFlush(s_sessionHandles[i]); + } + } - Cleanup: +Cleanup: return result; } @@ -2200,10 +2201,10 @@ void SessionRemoveAssociationToHandle(TPM_HANDLE handle) UINT32 i; // for(i = 0; i < MAX_SESSION_NUM; i++) - { - if(s_associatedHandles[i] == HierarchyNormalizeHandle(handle)) - { - s_associatedHandles[i] = TPM_RH_NULL; - } - } + { + if(s_associatedHandles[i] == HierarchyNormalizeHandle(handle)) + { + s_associatedHandles[i] = TPM_RH_NULL; + } + } } diff --git a/src/tpm2/SessionProcess_fp.h b/src/tpm2/SessionProcess_fp.h index 5ca56a17..398adb6d 100644 --- a/src/tpm2/SessionProcess_fp.h +++ b/src/tpm2/SessionProcess_fp.h @@ -58,42 +58,86 @@ /* */ /********************************************************************************/ -#ifndef SESSIONPROCESS_FP_H -#define SESSIONPROCESS_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 7, 2020 Time: 07:17:48PM + */ -BOOL -IsDAExempted( - TPM_HANDLE handle // IN: entity handle - ); -void -ClearCpRpHashes( - COMMAND *command - ); -BOOL -CompareNameHash( - COMMAND *command, // IN: main parsing structure - SESSION *session // IN: session structure with nameHash - ); +#ifndef _SESSION_PROCESS_FP_H_ +#define _SESSION_PROCESS_FP_H_ + +//*** IsDAExempted() +// This function indicates if a handle is exempted from DA logic. +// A handle is exempted if it is: +// a) a primary seed handle; +// b) an object with noDA bit SET; +// c) an NV Index with TPMA_NV_NO_DA bit SET; or +// d) a PCR handle. +// +// Return Type: BOOL +// TRUE(1) handle is exempted from DA logic +// FALSE(0) handle is not exempted from DA logic +BOOL IsDAExempted(TPM_HANDLE handle // IN: entity handle +); + +//*** ClearCpRpHashes() +void ClearCpRpHashes(COMMAND* command); + +//*** CompareNameHash() +// This function computes the name hash and compares it to the nameHash in the +// session data, returning true if they are equal. +BOOL CompareNameHash(COMMAND* command, // IN: main parsing structure + SESSION* session // IN: session structure with nameHash +); + +//*** CompareParametersHash() +// This function computes the parameters hash and compares it to the pHash in +// the session data, returning true if they are equal. BOOL CompareParametersHash(COMMAND* command, // IN: main parsing structure - SESSION* session // IN: session structure with pHash - ); -TPM_RC -ParseSessionBuffer( - COMMAND *command // IN: the structure that contains - ); -TPM_RC -CheckAuthNoSession( - COMMAND *command // IN: command parsing structure - ); -TPM_RC -BuildResponseSession( - COMMAND *command // IN: structure that has relevant command - // information - ); -void -SessionRemoveAssociationToHandle( - TPM_HANDLE handle - ); + SESSION* session // IN: session structure with pHash +); +//*** ParseSessionBuffer() +// This function is the entry function for command session processing. +// It iterates sessions in session area and reports if the required authorization +// has been properly provided. It also processes audit session and passes the +// information of encryption sessions to parameter encryption module. +// +// Return Type: TPM_RC +// various parsing failure or authorization failure +// +TPM_RC +ParseSessionBuffer(COMMAND* command // IN: the structure that contains +); -#endif +//*** CheckAuthNoSession() +// Function to process a command with no session associated. +// The function makes sure all the handles in the command require no authorization. +// +// Return Type: TPM_RC +// TPM_RC_AUTH_MISSING failure - one or more handles require +// authorization +TPM_RC +CheckAuthNoSession(COMMAND* command // IN: command parsing structure +); + +//*** BuildResponseSession() +// Function to build Session buffer in a response. The authorization data is added +// to the end of command->responseBuffer. The size of the authorization area is +// accumulated in command->authSize. +// When this is called, command->responseBuffer is pointing at the next location +// in the response buffer to be filled. This is where the authorization sessions +// will go, if any. command->parameterSize is the number of bytes that have been +// marshaled as parameters in the output buffer. +TPM_RC +BuildResponseSession(COMMAND* command // IN: structure that has relevant command + // information +); + +//*** SessionRemoveAssociationToHandle() +// This function deals with the case where an entity associated with an authorization +// is deleted during command processing. The primary use of this is to support +// UndefineSpaceSpecial(). +void SessionRemoveAssociationToHandle(TPM_HANDLE handle); + +#endif // _SESSION_PROCESS_FP_H_ diff --git a/src/tpm2/Session_fp.h b/src/tpm2/Session_fp.h index 94825583..ba3e9050 100644 --- a/src/tpm2/Session_fp.h +++ b/src/tpm2/Session_fp.h @@ -58,105 +58,233 @@ /* */ /********************************************************************************/ -#ifndef SESSION_FP_H -#define SESSION_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 4, 2020 Time: 02:36:44PM + */ -BOOL -SessionStartup( - STARTUP_TYPE type - ); -BOOL -SessionIsLoaded( - TPM_HANDLE handle // IN: session handle - ); -BOOL -SessionIsSaved( - TPM_HANDLE handle // IN: session handle - ); -BOOL -SequenceNumberForSavedContextIsValid( - TPMS_CONTEXT *context // IN: pointer to a context structure to be - // validated - ); -BOOL -SessionPCRValueIsCurrent( - SESSION *session // IN: session structure - ); -SESSION * -SessionGet( - TPM_HANDLE handle // IN: session handle - ); +#ifndef _SESSION_FP_H_ +#define _SESSION_FP_H_ + +//** Startup Function -- SessionStartup() +// This function initializes the session subsystem on TPM2_Startup(). +BOOL SessionStartup(STARTUP_TYPE type); + +//*** SessionIsLoaded() +// This function test a session handle references a loaded session. The handle +// must have previously been checked to make sure that it is a valid handle for +// an authorization session. +// NOTE: A PWAP authorization does not have a session. +// +// Return Type: BOOL +// TRUE(1) session is loaded +// FALSE(0) session is not loaded +// +BOOL SessionIsLoaded(TPM_HANDLE handle // IN: session handle +); + +//*** SessionIsSaved() +// This function test a session handle references a saved session. The handle +// must have previously been checked to make sure that it is a valid handle for +// an authorization session. +// NOTE: An password authorization does not have a session. +// +// This function requires that the handle be a valid session handle. +// +// Return Type: BOOL +// TRUE(1) session is saved +// FALSE(0) session is not saved +// +BOOL SessionIsSaved(TPM_HANDLE handle // IN: session handle +); + +//*** SequenceNumberForSavedContextIsValid() +// This function validates that the sequence number and handle value within a +// saved context are valid. +BOOL SequenceNumberForSavedContextIsValid( + TPMS_CONTEXT* context // IN: pointer to a context structure to be + // validated +); + +//*** SessionPCRValueIsCurrent() +// +// This function is used to check if PCR values have been updated since the +// last time they were checked in a policy session. +// +// This function requires the session is loaded. +// Return Type: BOOL +// TRUE(1) PCR value is current +// FALSE(0) PCR value is not current +BOOL SessionPCRValueIsCurrent(SESSION* session // IN: session structure +); + +//*** SessionGet() +// This function returns a pointer to the session object associated with a +// session handle. +// +// The function requires that the session is loaded. +SESSION* SessionGet(TPM_HANDLE handle // IN: session handle +); + +//*** SessionCreate() +// +// This function does the detailed work for starting an authorization session. +// This is done in a support routine rather than in the action code because +// the session management may differ in implementations. This implementation +// uses a fixed memory allocation to hold sessions and a fixed allocation +// to hold the contextID for the saved contexts. +// +// Return Type: TPM_RC +// TPM_RC_CONTEXT_GAP need to recycle sessions +// TPM_RC_SESSION_HANDLE active session space is full +// TPM_RC_SESSION_MEMORY loaded session space is full TPM_RC -SessionCreate( - TPM_SE sessionType, // IN: the session type - TPMI_ALG_HASH authHash, // IN: the hash algorithm - TPM2B_NONCE *nonceCaller, // IN: initial nonceCaller - TPMT_SYM_DEF *symmetric, // IN: the symmetric algorithm - TPMI_DH_ENTITY bind, // IN: the bind object - TPM2B_DATA *seed, // IN: seed data - TPM_HANDLE *sessionHandle, // OUT: the session handle - TPM2B_NONCE *nonceTpm // OUT: the session nonce - ); +SessionCreate(TPM_SE sessionType, // IN: the session type + TPMI_ALG_HASH authHash, // IN: the hash algorithm + TPM2B_NONCE* nonceCaller, // IN: initial nonceCaller + TPMT_SYM_DEF* symmetric, // IN: the symmetric algorithm + TPMI_DH_ENTITY bind, // IN: the bind object + TPM2B_DATA* seed, // IN: seed data + TPM_HANDLE* sessionHandle, // OUT: the session handle + TPM2B_NONCE* nonceTpm // OUT: the session nonce +); + +//*** SessionContextSave() +// This function is called when a session context is to be saved. The +// contextID of the saved session is returned. If no contextID can be +// assigned, then the routine returns TPM_RC_CONTEXT_GAP. +// If the function completes normally, the session slot will be freed. +// +// This function requires that 'handle' references a loaded session. +// Otherwise, it should not be called at the first place. +// +// Return Type: TPM_RC +// TPM_RC_CONTEXT_GAP a contextID could not be assigned +// TPM_RC_TOO_MANY_CONTEXTS the counter maxed out +// TPM_RC -SessionContextSave( - TPM_HANDLE handle, // IN: session handle - CONTEXT_COUNTER *contextID // OUT: assigned contextID - ); +SessionContextSave(TPM_HANDLE handle, // IN: session handle + CONTEXT_COUNTER* contextID // OUT: assigned contextID +); + +//*** SessionContextLoad() +// This function is used to load a session from saved context. The session +// handle must be for a saved context. +// +// If the gap is at a maximum, then the only session that can be loaded is +// the oldest session, otherwise TPM_RC_CONTEXT_GAP is returned. +// +// This function requires that 'handle' references a valid saved session. +// +// Return Type: TPM_RC +// TPM_RC_SESSION_MEMORY no free session slots +// TPM_RC_CONTEXT_GAP the gap count is maximum and this +// is not the oldest saved context +// TPM_RC -SessionContextLoad( - SESSION_BUF *session, // IN: session structure from saved context - TPM_HANDLE *handle // IN/OUT: session handle - ); -void -SessionFlush( - TPM_HANDLE handle // IN: loaded or saved session handle - ); -void -SessionComputeBoundEntity( - TPMI_DH_ENTITY entityHandle, // IN: handle of entity - TPM2B_NAME *bind // OUT: binding value - ); -void -SessionSetStartTime( - SESSION *session // IN: the session to update - ); -void -SessionResetPolicyData( - SESSION *session // IN: the session to reset - ); +SessionContextLoad(SESSION_BUF* session, // IN: session structure from saved context + TPM_HANDLE* handle // IN/OUT: session handle +); + +//*** SessionFlush() +// This function is used to flush a session referenced by its handle. If the +// session associated with 'handle' is loaded, the session array entry is +// marked as available. +// +// This function requires that 'handle' be a valid active session. +// +void SessionFlush(TPM_HANDLE handle // IN: loaded or saved session handle +); + +//*** SessionComputeBoundEntity() +// This function computes the binding value for a session. The binding value +// for a reserved handle is the handle itself. For all the other entities, +// the authValue at the time of binding is included to prevent squatting. +// For those values, the Name and the authValue are concatenated +// into the bind buffer. If they will not both fit, the will be overlapped +// by XORing bytes. If XOR is required, the bind value will be full. +void SessionComputeBoundEntity(TPMI_DH_ENTITY entityHandle, // IN: handle of entity + TPM2B_NAME* bind // OUT: binding value +); + +//*** SessionSetStartTime() +// This function is used to initialize the session timing +void SessionSetStartTime(SESSION* session // IN: the session to update +); + +//*** SessionResetPolicyData() +// This function is used to reset the policy data without changing the nonce +// or the start time of the session. +void SessionResetPolicyData(SESSION* session // IN: the session to reset +); + +//*** SessionCapGetLoaded() +// This function returns a list of handles of loaded session, started +// from input 'handle' +// +// 'Handle' must be in valid loaded session handle range, but does not +// have to point to a loaded session. +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned TPMI_YES_NO -SessionCapGetLoaded( - TPMI_SH_POLICY handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ); +SessionCapGetLoaded(TPMI_SH_POLICY handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE* handleList // OUT: list of handle +); + +//*** SessionCapGetOneLoaded() +// This function returns whether a session handle exists and is loaded. BOOL SessionCapGetOneLoaded(TPMI_SH_POLICY handle // IN: handle - ); +); + +//*** SessionCapGetSaved() +// This function returns a list of handles for saved session, starting at +// 'handle'. +// +// 'Handle' must be in a valid handle range, but does not have to point to a +// saved session +// +// Return Type: TPMI_YES_NO +// YES if there are more handles available +// NO all the available handles has been returned TPMI_YES_NO -SessionCapGetSaved( - TPMI_SH_HMAC handle, // IN: start handle - UINT32 count, // IN: count of returned handles - TPML_HANDLE *handleList // OUT: list of handle - ); +SessionCapGetSaved(TPMI_SH_HMAC handle, // IN: start handle + UINT32 count, // IN: count of returned handles + TPML_HANDLE* handleList // OUT: list of handle +); + +//*** SessionCapGetOneSaved() +// This function returns whether a session handle exists and is saved. BOOL SessionCapGetOneSaved(TPMI_SH_HMAC handle // IN: handle - ); +); +//*** SessionCapGetLoadedNumber() +// This function return the number of authorization sessions currently +// loaded into TPM RAM. UINT32 -SessionCapGetLoadedNumber( - void - ); -UINT32 -SessionCapGetLoadedAvail( - void - ); -UINT32 -SessionCapGetActiveNumber( - void - ); -UINT32 -SessionCapGetActiveAvail( - void - ); +SessionCapGetLoadedNumber(void); +//*** SessionCapGetLoadedAvail() +// This function returns the number of additional authorization sessions, of +// any type, that could be loaded into TPM RAM. +// NOTE: In other implementations, this number may just be an estimate. The only +// requirement for the estimate is, if it is one or more, then at least one +// session must be loadable. +UINT32 +SessionCapGetLoadedAvail(void); -#endif +//*** SessionCapGetActiveNumber() +// This function returns the number of active authorization sessions currently +// being tracked by the TPM. +UINT32 +SessionCapGetActiveNumber(void); + +//*** SessionCapGetActiveAvail() +// This function returns the number of additional authorization sessions, of any +// type, that could be created. This not the number of slots for sessions, but +// the number of additional sessions that the TPM is capable of tracking. +UINT32 +SessionCapGetActiveAvail(void); + +#endif // _SESSION_FP_H_ diff --git a/src/tpm2/SetAlgorithmSet_fp.h b/src/tpm2/SetAlgorithmSet_fp.h index dab38ffa..a11b8a43 100644 --- a/src/tpm2/SetAlgorithmSet_fp.h +++ b/src/tpm2/SetAlgorithmSet_fp.h @@ -41,7 +41,8 @@ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ -/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* FITNESS FOR A PARTICULAR PURPO +SE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ @@ -59,23 +60,28 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef SETALGORITHMSET_FP_H -#define SETALGORITHMSET_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_PLATFORM authHandle; - UINT32 algorithmSet; +#if CC_SetAlgorithmSet // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_SETALGORITHMSET_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_SETALGORITHMSET_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PLATFORM authHandle; + UINT32 algorithmSet; } SetAlgorithmSet_In; -#define RC_SetAlgorithmSet_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_SetAlgorithmSet_algorithmSet (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_SetAlgorithmSet_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_SetAlgorithmSet_algorithmSet (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_SetAlgorithmSet( - SetAlgorithmSet_In *in // IN: input parameter list - ); +TPM2_SetAlgorithmSet(SetAlgorithmSet_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_SETALGORITHMSET_FP_H_ +#endif // CC_SetAlgorithmSet diff --git a/src/tpm2/SetCapability_fp.h b/src/tpm2/SetCapability_fp.h index 2ede14da..8821053b 100644 --- a/src/tpm2/SetCapability_fp.h +++ b/src/tpm2/SetCapability_fp.h @@ -58,25 +58,25 @@ /* */ /********************************************************************************/ + #if CC_SetCapability // Command must be enabled -# ifndef SETCAPABILITY_FP_H -# define SETCAPABILITY_FP_H +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_SETCAPABILITY_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_SETCAPABILITY_FP_H_ // Input structure definition typedef struct { - TPMI_RH_HIERARCHY authHandle; + TPMI_RH_HIERARCHY authHandle; TPM2B_SET_CAPABILITY_DATA setCapabilityData; } SetCapability_In; // Response code modifiers -# define SetCapability_authHandle (TPM_RC_H + TPM_RC_1) +# define SetCapability_authHandle (TPM_RC_H + TPM_RC_1) # define SetCapability_setCapabilityData (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_SetCapability(SetCapability_In* in); -# endif // SETCAPABILITY_FP_H +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_SETCAPABILITY_FP_H_ #endif // CC_SetCapability - diff --git a/src/tpm2/SetCommandCodeAuditStatus_fp.h b/src/tpm2/SetCommandCodeAuditStatus_fp.h index af6cfc3c..aaa94c46 100644 --- a/src/tpm2/SetCommandCodeAuditStatus_fp.h +++ b/src/tpm2/SetCommandCodeAuditStatus_fp.h @@ -59,26 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef SETCOMMANDCODEAUDITSTATUS_FP_H -#define SETCOMMANDCODEAUDITSTATUS_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_RH_PROVISION auth; - TPMI_ALG_HASH auditAlg; - TPML_CC setList; - TPML_CC clearList; +#if CC_SetCommandCodeAuditStatus // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_SETCOMMANDCODEAUDITSTATUS_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_SETCOMMANDCODEAUDITSTATUS_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_PROVISION auth; + TPMI_ALG_HASH auditAlg; + TPML_CC setList; + TPML_CC clearList; } SetCommandCodeAuditStatus_In; -#define RC_SetCommandCodeAuditStatus_auth (TPM_RC_H + TPM_RC_1) -#define RC_SetCommandCodeAuditStatus_auditAlg (TPM_RC_P + TPM_RC_1) -#define RC_SetCommandCodeAuditStatus_setList (TPM_RC_P + TPM_RC_2) -#define RC_SetCommandCodeAuditStatus_clearList (TPM_RC_P + TPM_RC_3) +// Response code modifiers +# define RC_SetCommandCodeAuditStatus_auth (TPM_RC_H + TPM_RC_1) +# define RC_SetCommandCodeAuditStatus_auditAlg (TPM_RC_P + TPM_RC_1) +# define RC_SetCommandCodeAuditStatus_setList (TPM_RC_P + TPM_RC_2) +# define RC_SetCommandCodeAuditStatus_clearList (TPM_RC_P + TPM_RC_3) +// Function prototype TPM_RC -TPM2_SetCommandCodeAuditStatus( - SetCommandCodeAuditStatus_In *in // IN: input parameter list - ); +TPM2_SetCommandCodeAuditStatus(SetCommandCodeAuditStatus_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_SETCOMMANDCODEAUDITSTATUS_FP_H_ +#endif // CC_SetCommandCodeAuditStatus diff --git a/src/tpm2/SetPrimaryPolicy_fp.h b/src/tpm2/SetPrimaryPolicy_fp.h index 3c4d3746..05ec3331 100644 --- a/src/tpm2/SetPrimaryPolicy_fp.h +++ b/src/tpm2/SetPrimaryPolicy_fp.h @@ -59,22 +59,30 @@ /* */ /********************************************************************************/ -#ifndef SETPRIMARYPOLICY_FP_H -#define SETPRIMARYPOLICY_FP_H -typedef struct { - TPMI_RH_HIERARCHY_POLICY authHandle; - TPM2B_DIGEST authPolicy; - TPMI_ALG_HASH hashAlg; +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT + +#if CC_SetPrimaryPolicy // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_SETPRIMARYPOLICY_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_SETPRIMARYPOLICY_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_RH_HIERARCHY_POLICY authHandle; + TPM2B_DIGEST authPolicy; + TPMI_ALG_HASH hashAlg; } SetPrimaryPolicy_In; -#define RC_SetPrimaryPolicy_authHandle (TPM_RC_H + TPM_RC_1) -#define RC_SetPrimaryPolicy_authPolicy (TPM_RC_P + TPM_RC_1) -#define RC_SetPrimaryPolicy_hashAlg (TPM_RC_P + TPM_RC_2) +// Response code modifiers +# define RC_SetPrimaryPolicy_authHandle (TPM_RC_H + TPM_RC_1) +# define RC_SetPrimaryPolicy_authPolicy (TPM_RC_P + TPM_RC_1) +# define RC_SetPrimaryPolicy_hashAlg (TPM_RC_P + TPM_RC_2) +// Function prototype TPM_RC -TPM2_SetPrimaryPolicy( - SetPrimaryPolicy_In *in // IN: input parameter list - ); +TPM2_SetPrimaryPolicy(SetPrimaryPolicy_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_SETPRIMARYPOLICY_FP_H_ +#endif // CC_SetPrimaryPolicy diff --git a/src/tpm2/Shutdown_fp.h b/src/tpm2/Shutdown_fp.h index ceb6a8e8..ed04e5ce 100644 --- a/src/tpm2/Shutdown_fp.h +++ b/src/tpm2/Shutdown_fp.h @@ -59,21 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef SHUTDOWN_FP_H -#define SHUTDOWN_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct{ +#if CC_Shutdown // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_SHUTDOWN_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_SHUTDOWN_FP_H_ + +// Input structure definition +typedef struct +{ TPM_SU shutdownType; } Shutdown_In; -#define RC_Shutdown_shutdownType (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_Shutdown_shutdownType (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_Shutdown( - Shutdown_In *in // IN: input parameter list - ); +TPM2_Shutdown(Shutdown_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_SHUTDOWN_FP_H_ +#endif // CC_Shutdown diff --git a/src/tpm2/Sign_fp.h b/src/tpm2/Sign_fp.h index 16a8ba74..35fc8c90 100644 --- a/src/tpm2/Sign_fp.h +++ b/src/tpm2/Sign_fp.h @@ -59,31 +59,38 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef SIGN_FP_H -#define SIGN_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_DIGEST digest; - TPMT_SIG_SCHEME inScheme; - TPMT_TK_HASHCHECK validation; +#if CC_Sign // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_SIGN_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_SIGN_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT keyHandle; + TPM2B_DIGEST digest; + TPMT_SIG_SCHEME inScheme; + TPMT_TK_HASHCHECK validation; } Sign_In; -#define RC_Sign_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_Sign_digest (TPM_RC_P + TPM_RC_1) -#define RC_Sign_inScheme (TPM_RC_P + TPM_RC_2) -#define RC_Sign_validation (TPM_RC_P + TPM_RC_3) - -typedef struct { - TPMT_SIGNATURE signature; +// Output structure definition +typedef struct +{ + TPMT_SIGNATURE signature; } Sign_Out; -TPM_RC -TPM2_Sign( - Sign_In *in, // IN: input parameter list - Sign_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_Sign_keyHandle (TPM_RC_H + TPM_RC_1) +# define RC_Sign_digest (TPM_RC_P + TPM_RC_1) +# define RC_Sign_inScheme (TPM_RC_P + TPM_RC_2) +# define RC_Sign_validation (TPM_RC_P + TPM_RC_3) -#endif +// Function prototype +TPM_RC +TPM2_Sign(Sign_In* in, Sign_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_SIGN_FP_H_ +#endif // CC_Sign diff --git a/src/tpm2/Simulator_fp.h b/src/tpm2/Simulator_fp.h index 1a371b2a..f4819158 100644 --- a/src/tpm2/Simulator_fp.h +++ b/src/tpm2/Simulator_fp.h @@ -195,7 +195,7 @@ void _rpc__Signal_HashEnd(void); // This is the interface to the TPM code. // Return Type: void void _rpc__Send_Command( - unsigned char locality, _IN_BUFFER request, _OUT_BUFFER* response); + unsigned char locality, _IN_BUFFER request, _OUT_BUFFER* response); //*** _rpc__Signal_CancelOn() // This function is used to turn on the indication to cancel a command in process. diff --git a/src/tpm2/StartAuthSession_fp.h b/src/tpm2/StartAuthSession_fp.h index c2848647..bcf53078 100644 --- a/src/tpm2/StartAuthSession_fp.h +++ b/src/tpm2/StartAuthSession_fp.h @@ -59,39 +59,45 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef STARTAUTHSESSION_FP_H -#define STARTAUTHSESSION_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT tpmKey; - TPMI_DH_ENTITY bind; - TPM2B_NONCE nonceCaller; - TPM2B_ENCRYPTED_SECRET encryptedSalt; - TPM_SE sessionType; - TPMT_SYM_DEF symmetric; - TPMI_ALG_HASH authHash; +#if CC_StartAuthSession // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_STARTAUTHSESSION_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_STARTAUTHSESSION_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT tpmKey; + TPMI_DH_ENTITY bind; + TPM2B_NONCE nonceCaller; + TPM2B_ENCRYPTED_SECRET encryptedSalt; + TPM_SE sessionType; + TPMT_SYM_DEF symmetric; + TPMI_ALG_HASH authHash; } StartAuthSession_In; -typedef struct { - TPMI_SH_AUTH_SESSION sessionHandle; - TPM2B_NONCE nonceTPM; -} StartAuthSession_Out; +// Output structure definition +typedef struct +{ + TPMI_SH_AUTH_SESSION sessionHandle; + TPM2B_NONCE nonceTPM; +} StartAuthSession_Out; -#define RC_StartAuthSession_tpmKey (TPM_RC_H + TPM_RC_1) -#define RC_StartAuthSession_bind (TPM_RC_H + TPM_RC_2) -#define RC_StartAuthSession_nonceCaller (TPM_RC_P + TPM_RC_1) -#define RC_StartAuthSession_encryptedSalt (TPM_RC_P + TPM_RC_2) -#define RC_StartAuthSession_sessionType (TPM_RC_P + TPM_RC_3) -#define RC_StartAuthSession_symmetric (TPM_RC_P + TPM_RC_4) -#define RC_StartAuthSession_authHash (TPM_RC_P + TPM_RC_5) +// Response code modifiers +# define RC_StartAuthSession_tpmKey (TPM_RC_H + TPM_RC_1) +# define RC_StartAuthSession_bind (TPM_RC_H + TPM_RC_2) +# define RC_StartAuthSession_nonceCaller (TPM_RC_P + TPM_RC_1) +# define RC_StartAuthSession_encryptedSalt (TPM_RC_P + TPM_RC_2) +# define RC_StartAuthSession_sessionType (TPM_RC_P + TPM_RC_3) +# define RC_StartAuthSession_symmetric (TPM_RC_P + TPM_RC_4) +# define RC_StartAuthSession_authHash (TPM_RC_P + TPM_RC_5) +// Function prototype TPM_RC -TPM2_StartAuthSession( - StartAuthSession_In *in, // IN: input parameter buffer - StartAuthSession_Out *out // OUT: output parameter buffer - ); +TPM2_StartAuthSession(StartAuthSession_In* in, StartAuthSession_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_STARTAUTHSESSION_FP_H_ +#endif // CC_StartAuthSession diff --git a/src/tpm2/Startup_fp.h b/src/tpm2/Startup_fp.h index 1aaad542..0699022d 100644 --- a/src/tpm2/Startup_fp.h +++ b/src/tpm2/Startup_fp.h @@ -59,26 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef STARTUP_FP_H -#define STARTUP_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -void -_TPM_Init( - void - ); +#if CC_Startup // Command must be enabled +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_STARTUP_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_STARTUP_FP_H_ -typedef struct { - TPM_SU startupType; +// Input structure definition +typedef struct +{ + TPM_SU startupType; } Startup_In; -#define RC_Startup_startupType (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_Startup_startupType (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_Startup( - Startup_In *in // IN: input parameter list - ); +TPM2_Startup(Startup_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_STARTUP_FP_H_ +#endif // CC_Startup diff --git a/src/tpm2/StirRandom_fp.h b/src/tpm2/StirRandom_fp.h index 40ee129b..a05139d8 100644 --- a/src/tpm2/StirRandom_fp.h +++ b/src/tpm2/StirRandom_fp.h @@ -59,20 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef STIRRANDOM_FP_H -#define STIRRANDOM_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPM2B_SENSITIVE_DATA inData; +#if CC_StirRandom // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_STIRRANDOM_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_STIRRANDOM_FP_H_ + +// Input structure definition +typedef struct +{ + TPM2B_SENSITIVE_DATA inData; } StirRandom_In; -#define RC_StirRandom_inData (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_StirRandom_inData (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_StirRandom( - StirRandom_In *in // IN: input parameter list - ); +TPM2_StirRandom(StirRandom_In* in); -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_STIRRANDOM_FP_H_ +#endif // CC_StirRandom diff --git a/src/tpm2/SymmetricTestData.h b/src/tpm2/SymmetricTestData.h index fa7258da..2a1942dd 100644 --- a/src/tpm2/SymmetricTestData.h +++ b/src/tpm2/SymmetricTestData.h @@ -68,126 +68,126 @@ #if AES_128 const BYTE key_AES128[] = {0x2b, - 0x7e, - 0x15, - 0x16, - 0x28, - 0xae, - 0xd2, - 0xa6, - 0xab, - 0xf7, - 0x15, - 0x88, - 0x09, - 0xcf, - 0x4f, - 0x3c}; + 0x7e, + 0x15, + 0x16, + 0x28, + 0xae, + 0xd2, + 0xa6, + 0xab, + 0xf7, + 0x15, + 0x88, + 0x09, + 0xcf, + 0x4f, + 0x3c}; const BYTE dataIn_AES128[] = {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; const BYTE dataOut_AES128_ECB[] = {0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60, - 0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97, - 0xf5, 0xd3, 0xd5, 0x85, 0x03, 0xb9, 0x69, 0x9d, - 0xe7, 0x85, 0x89, 0x5a, 0x96, 0xfd, 0xba, 0xaf}; + 0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97, + 0xf5, 0xd3, 0xd5, 0x85, 0x03, 0xb9, 0x69, 0x9d, + 0xe7, 0x85, 0x89, 0x5a, 0x96, 0xfd, 0xba, 0xaf}; const BYTE dataOut_AES128_CBC[] = {0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, - 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, - 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, - 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2}; + 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, + 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, + 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2}; const BYTE dataOut_AES128_CFB[] = {0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20, - 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a, - 0xc8, 0xa6, 0x45, 0x37, 0xa0, 0xb3, 0xa9, 0x3f, - 0xcd, 0xe3, 0xcd, 0xad, 0x9f, 0x1c, 0xe5, 0x8b}; + 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a, + 0xc8, 0xa6, 0x45, 0x37, 0xa0, 0xb3, 0xa9, 0x3f, + 0xcd, 0xe3, 0xcd, 0xad, 0x9f, 0x1c, 0xe5, 0x8b}; const BYTE dataOut_AES128_OFB[] = {0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20, - 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a, - 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03, - 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25}; + 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a, + 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03, + 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25}; const BYTE dataOut_AES128_CTR[] = {0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, - 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, - 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, - 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff}; + 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, + 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, + 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff}; #endif #if AES_192 const BYTE key_AES192[] = {0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b}; + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b}; const BYTE dataIn_AES192[] = {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; const BYTE dataOut_AES192_ECB[] = {0xbd, 0x33, 0x4f, 0x1d, 0x6e, 0x45, 0xf2, 0x5f, - 0xf7, 0x12, 0xa2, 0x14, 0x57, 0x1f, 0xa5, 0xcc, - 0x97, 0x41, 0x04, 0x84, 0x6d, 0x0a, 0xd3, 0xad, - 0x77, 0x34, 0xec, 0xb3, 0xec, 0xee, 0x4e, 0xef}; + 0xf7, 0x12, 0xa2, 0x14, 0x57, 0x1f, 0xa5, 0xcc, + 0x97, 0x41, 0x04, 0x84, 0x6d, 0x0a, 0xd3, 0xad, + 0x77, 0x34, 0xec, 0xb3, 0xec, 0xee, 0x4e, 0xef}; const BYTE dataOut_AES192_CBC[] = {0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d, - 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8, - 0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4, - 0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a}; + 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8, + 0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4, + 0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a}; const BYTE dataOut_AES192_CFB[] = {0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab, - 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74, - 0x67, 0xce, 0x7f, 0x7f, 0x81, 0x17, 0x36, 0x21, - 0x96, 0x1a, 0x2b, 0x70, 0x17, 0x1d, 0x3d, 0x7a}; + 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74, + 0x67, 0xce, 0x7f, 0x7f, 0x81, 0x17, 0x36, 0x21, + 0x96, 0x1a, 0x2b, 0x70, 0x17, 0x1d, 0x3d, 0x7a}; const BYTE dataOut_AES192_OFB[] = {0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab, - 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74, - 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c, - 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01}; + 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74, + 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c, + 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01}; const BYTE dataOut_AES192_CTR[] = {0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2, - 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b, - 0x09, 0x03, 0x39, 0xec, 0x0a, 0xa6, 0xfa, 0xef, - 0xd5, 0xcc, 0xc2, 0xc6, 0xf4, 0xce, 0x8e, 0x94}; + 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b, + 0x09, 0x03, 0x39, 0xec, 0x0a, 0xa6, 0xfa, 0xef, + 0xd5, 0xcc, 0xc2, 0xc6, 0xf4, 0xce, 0x8e, 0x94}; #endif #if AES_256 const BYTE key_AES256[] = {0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4}; + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4}; const BYTE dataIn_AES256[] = {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; const BYTE dataOut_AES256_ECB[] = {0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c, - 0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8, - 0x59, 0x1c, 0xcb, 0x10, 0xd4, 0x10, 0xed, 0x26, - 0xdc, 0x5b, 0xa7, 0x4a, 0x31, 0x36, 0x28, 0x70}; + 0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8, + 0x59, 0x1c, 0xcb, 0x10, 0xd4, 0x10, 0xed, 0x26, + 0xdc, 0x5b, 0xa7, 0x4a, 0x31, 0x36, 0x28, 0x70}; const BYTE dataOut_AES256_CBC[] = {0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba, - 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6, - 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d, - 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d}; + 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6, + 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d, + 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d}; const BYTE dataOut_AES256_CFB[] = {0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b, - 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60, - 0x39, 0xff, 0xed, 0x14, 0x3b, 0x28, 0xb1, 0xc8, - 0x32, 0x11, 0x3c, 0x63, 0x31, 0xe5, 0x40, 0x7b}; + 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60, + 0x39, 0xff, 0xed, 0x14, 0x3b, 0x28, 0xb1, 0xc8, + 0x32, 0x11, 0x3c, 0x63, 0x31, 0xe5, 0x40, 0x7b}; const BYTE dataOut_AES256_OFB[] = {0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b, - 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60, - 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a, - 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d}; + 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60, + 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a, + 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d}; const BYTE dataOut_AES256_CTR[] = {0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, - 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28, - 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, - 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5}; + 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28, + 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, + 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5}; #endif // libtpms added begin diff --git a/src/tpm2/TPMB.h b/src/tpm2/TPMB.h index b204a1e9..05e1f607 100644 --- a/src/tpm2/TPMB.h +++ b/src/tpm2/TPMB.h @@ -81,15 +81,15 @@ typedef const TPM2B* PC2B; // This macro helps avoid having to type in the structure in order to create // a new TPM2B type that is used in a function. -#define TPM2B_TYPE(name, bytes) \ - typedef union \ - { \ - struct \ - { \ - NUMBYTES size; \ - BYTE buffer[(bytes)]; \ - } t; \ - TPM2B b; \ +#define TPM2B_TYPE(name, bytes) \ + typedef union \ + { \ + struct \ + { \ + NUMBYTES size; \ + BYTE buffer[(bytes)]; \ + } t; \ + TPM2B b; \ } TPM2B_##name // This macro defines a TPM2B with a constant character value. This macro diff --git a/src/tpm2/TPMCmdp.c b/src/tpm2/TPMCmdp.c index 36a9cca8..63957290 100644 --- a/src/tpm2/TPMCmdp.c +++ b/src/tpm2/TPMCmdp.c @@ -79,13 +79,13 @@ void _rpc__Signal_PowerOn(bool isReset) { // if power is on and this is not a call to do TPM reset then return if(s_isPowerOn && !isReset) - return; + return; // If this is a reset but power is not on, then return if(isReset && !s_isPowerOn) - return; + return; // Unless this is just a reset, pass power on signal to platform if(!isReset) - _plat__Signal_PowerOn(); + _plat__Signal_PowerOn(); // Power on and reset both lead to _TPM_Init() _plat__Signal_Reset(); @@ -110,8 +110,8 @@ void _rpc__Signal_Restart(void) void _rpc__Signal_PowerOff(void) { if(s_isPowerOn) - // Pass power off signal to platform - _plat__Signal_PowerOff(); + // Pass power off signal to platform + _plat__Signal_PowerOff(); // This could be redundant, but... s_isPowerOn = false; @@ -137,8 +137,8 @@ void _rpc__Signal_PhysicalPresenceOn(void) { // If TPM power is on... if(s_isPowerOn) - // ... pass physical presence on to platform - _plat__Signal_PhysicalPresenceOn(); + // ... pass physical presence on to platform + _plat__Signal_PhysicalPresenceOn(); return; } @@ -148,8 +148,8 @@ void _rpc__Signal_PhysicalPresenceOff(void) { // If TPM is power on... if(s_isPowerOn) - // ... pass physical presence off to platform - _plat__Signal_PhysicalPresenceOff(); + // ... pass physical presence off to platform + _plat__Signal_PhysicalPresenceOff(); return; } @@ -160,8 +160,8 @@ void _rpc__Signal_Hash_Start(void) { // If TPM power is on... if(s_isPowerOn) - // ... pass _TPM_Hash_Start signal to TPM - _TPM_Hash_Start(); + // ... pass _TPM_Hash_Start signal to TPM + _TPM_Hash_Start(); return; } @@ -171,8 +171,8 @@ void _rpc__Signal_Hash_Data(_IN_BUFFER input) { // If TPM power is on... if(s_isPowerOn) - // ... pass _TPM_Hash_Data signal to TPM - _TPM_Hash_Data(input.BufferSize, input.Buffer); + // ... pass _TPM_Hash_Data signal to TPM + _TPM_Hash_Data(input.BufferSize, input.Buffer); return; } @@ -182,8 +182,8 @@ void _rpc__Signal_HashEnd(void) { // If TPM power is on... if(s_isPowerOn) - // ... pass _TPM_HashEnd signal to TPM - _TPM_Hash_End(); + // ... pass _TPM_HashEnd signal to TPM + _TPM_Hash_End(); return; } #endif /* libtpms added */ @@ -192,19 +192,19 @@ void _rpc__Signal_HashEnd(void) // This is the interface to the TPM code. // Return Type: void void _rpc__Send_Command( - unsigned char locality, _IN_BUFFER request, _OUT_BUFFER* response) + unsigned char locality, _IN_BUFFER request, _OUT_BUFFER* response) { // If TPM is power off, reject any commands. if(!s_isPowerOn) - { - response->BufferSize = 0; - return; - } + { + response->BufferSize = 0; + return; + } // Set the locality of the command so that it doesn't change during the command _plat__LocalitySet(locality); // Do implementation-specific command dispatch _plat__RunCommand( - request.BufferSize, request.Buffer, &response->BufferSize, &response->Buffer); + request.BufferSize, request.Buffer, &response->BufferSize, &response->Buffer); return; } @@ -217,8 +217,8 @@ void _rpc__Signal_CancelOn(void) { // If TPM power is on... if(s_isPowerOn) - // ... set the platform canceling flag. - _plat__SetCancel(); + // ... set the platform canceling flag. + _plat__SetCancel(); return; } @@ -228,8 +228,8 @@ void _rpc__Signal_CancelOff(void) { // If TPM power is on... if(s_isPowerOn) - // ... set the platform canceling flag. - _plat__ClearCancel(); + // ... set the platform canceling flag. + _plat__ClearCancel(); return; } @@ -241,8 +241,8 @@ void _rpc__Signal_NvOn(void) { // If TPM power is on... if(s_isPowerOn) - // ... make the NV available - _plat__SetNvAvail(); + // ... make the NV available + _plat__SetNvAvail(); return; } #if 0 /* libtpms added */ @@ -254,8 +254,8 @@ void _rpc__Signal_NvOff(void) { // If TPM power is on... if(s_isPowerOn) - // ... make NV not available - _plat__ClearNvAvail(); + // ... make NV not available + _plat__ClearNvAvail(); return; } @@ -281,8 +281,8 @@ bool _rpc__ACT_GetSignaled(uint32_t actHandle) #if ACT_SUPPORT // If TPM power is on... if(s_isPowerOn) - // ... query the platform - return _plat__ACT_GetSignaled(actHandle - TPM_RH_ACT_0); + // ... query the platform + return _plat__ACT_GetSignaled(actHandle - TPM_RH_ACT_0); #else // ACT_SUPPORT NOT_REFERENCED(actHandle); #endif // ACT_SUPPORT diff --git a/src/tpm2/TestParms_fp.h b/src/tpm2/TestParms_fp.h index c71f67e5..f744f80c 100644 --- a/src/tpm2/TestParms_fp.h +++ b/src/tpm2/TestParms_fp.h @@ -59,21 +59,26 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef TESTPARMS_FP_H -#define TESTPARMS_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMT_PUBLIC_PARMS parameters; +#if CC_TestParms // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_TESTPARMS_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_TESTPARMS_FP_H_ + +// Input structure definition +typedef struct +{ + TPMT_PUBLIC_PARMS parameters; } TestParms_In; -#define RC_TestParms_parameters (TPM_RC_P + TPM_RC_1) +// Response code modifiers +# define RC_TestParms_parameters (TPM_RC_P + TPM_RC_1) +// Function prototype TPM_RC -TPM2_TestParms( - TestParms_In *in // IN: input parameter list - ); +TPM2_TestParms(TestParms_In* in); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_TESTPARMS_FP_H_ +#endif // CC_TestParms diff --git a/src/tpm2/Ticket.c b/src/tpm2/Ticket.c index 25a3d84a..6776841f 100644 --- a/src/tpm2/Ticket.c +++ b/src/tpm2/Ticket.c @@ -60,7 +60,7 @@ //** Introduction /* - This clause contains the functions used for ticket computations. + This clause contains the functions used for ticket computations. */ //** Includes @@ -86,13 +86,13 @@ BOOL TicketIsSafe(TPM2B* buffer) // If the buffer size is less than the size of TPM_GENERATED_VALUE, assume // it is not safe to generate a ticket if(buffer->size < sizeof(valueToCompare)) - return FALSE; + return FALSE; marshalBuffer = bufferToCompare; TPM_CONSTANTS32_Marshal(&valueToCompare, &marshalBuffer, NULL); if(MemoryEqual(buffer->buffer, bufferToCompare, sizeof(valueToCompare))) - return FALSE; + return FALSE; else - return TRUE; + return TRUE; } //*** TicketComputeVerified() @@ -109,11 +109,11 @@ BOOL TicketIsSafe(TPM2B* buffer) // keyName the Name of the key that signed digest */ TPM_RC TicketComputeVerified( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - TPM2B_DIGEST* digest, // IN: digest - TPM2B_NAME* keyName, // IN: name of key that signed the values - TPMT_TK_VERIFIED* ticket // OUT: verified ticket - ) + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket + TPM2B_DIGEST* digest, // IN: digest + TPM2B_NAME* keyName, // IN: name of key that signed the values + TPMT_TK_VERIFIED* ticket // OUT: verified ticket +) { TPM_RC result = TPM_RC_SUCCESS; TPM2B_PROOF proof; @@ -124,11 +124,11 @@ TPM_RC TicketComputeVerified( ticket->hierarchy = hierarchy; result = HierarchyGetProof(hierarchy, &proof); if(result != TPM_RC_SUCCESS) - return result; + return result; // Start HMAC using the proof value of the hierarchy as the HMAC key ticket->digest.t.size = - CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof.b); + CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof.b); MemorySet(proof.b.buffer, 0, proof.b.size); // TPM_ST_VERIFIED @@ -162,16 +162,16 @@ TPM_RC TicketComputeVerified( // keyName name of the key that signed the authorization */ TPM_RC TicketComputeAuth( - TPM_ST type, // IN: the type of ticket. - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - UINT64 timeout, // IN: timeout - BOOL expiresOnReset, // IN: flag to indicate if ticket expires on - // TPM Reset - TPM2B_DIGEST* cpHashA, // IN: input cpHashA - TPM2B_NONCE* policyRef, // IN: input policyRef - TPM2B_NAME* entityName, // IN: name of entity - TPMT_TK_AUTH* ticket // OUT: Created ticket - ) + TPM_ST type, // IN: the type of ticket. + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket + UINT64 timeout, // IN: timeout + BOOL expiresOnReset, // IN: flag to indicate if ticket expires on + // TPM Reset + TPM2B_DIGEST* cpHashA, // IN: input cpHashA + TPM2B_NONCE* policyRef, // IN: input policyRef + TPM2B_NAME* entityName, // IN: name of entity + TPMT_TK_AUTH* ticket // OUT: Created ticket +) { TPM_RC result = TPM_RC_SUCCESS; TPM2B_PROOF proof; @@ -180,7 +180,7 @@ TPM_RC TicketComputeAuth( // Get proper proof result = HierarchyGetProof(hierarchy, &proof); if(result != TPM_RC_SUCCESS) - return result; + return result; // Fill in ticket fields ticket->tag = type; @@ -188,7 +188,7 @@ TPM_RC TicketComputeAuth( // Start HMAC with hierarchy proof as the HMAC key ticket->digest.t.size = - CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof.b); + CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof.b); MemorySet(proof.b.buffer, 0, proof.b.size); // TPM_ST_AUTH_SECRET or TPM_ST_AUTH_SIGNED, @@ -202,14 +202,14 @@ TPM_RC TicketComputeAuth( // timeout CryptDigestUpdateInt(&hmacState, sizeof(timeout), timeout); if(timeout != 0) - { - // epoch - CryptDigestUpdateInt(&hmacState.hashState, sizeof(CLOCK_NONCE), g_timeEpoch); - // reset count - if(expiresOnReset) - CryptDigestUpdateInt( - &hmacState.hashState, sizeof(gp.totalResetCount), gp.totalResetCount); - } + { + // epoch + CryptDigestUpdateInt(&hmacState.hashState, sizeof(CLOCK_NONCE), g_timeEpoch); + // reset count + if(expiresOnReset) + CryptDigestUpdateInt( + &hmacState.hashState, sizeof(gp.totalResetCount), gp.totalResetCount); + } // done CryptHmacEnd2B(&hmacState, &ticket->digest.b); @@ -229,11 +229,11 @@ TPM_RC TicketComputeAuth( // digest the digest of the data */ TPM_RC TicketComputeHashCheck( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - TPM_ALG_ID hashAlg, // IN: the hash algorithm for 'digest' - TPM2B_DIGEST* digest, // IN: input digest - TPMT_TK_HASHCHECK* ticket // OUT: Created ticket - ) + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket + TPM_ALG_ID hashAlg, // IN: the hash algorithm for 'digest' + TPM2B_DIGEST* digest, // IN: input digest + TPMT_TK_HASHCHECK* ticket // OUT: Created ticket +) { TPM_RC result = TPM_RC_SUCCESS; TPM2B_PROOF proof; @@ -242,7 +242,7 @@ TPM_RC TicketComputeHashCheck( // Get proper proof result = HierarchyGetProof(hierarchy, &proof); if(result != TPM_RC_SUCCESS) - return result; + return result; // Fill in ticket fields ticket->tag = TPM_ST_HASHCHECK; @@ -250,7 +250,7 @@ TPM_RC TicketComputeHashCheck( // Start HMAC using hierarchy proof as HMAC key ticket->digest.t.size = - CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof.b); + CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof.b); MemorySet(proof.b.buffer, 0, proof.b.size); // TPM_ST_HASHCHECK @@ -278,10 +278,10 @@ TPM_RC TicketComputeHashCheck( // TPMS_CREATION_DATA the creation data structure associated with Name */ TPM_RC TicketComputeCreation(TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket - TPM2B_NAME* name, // IN: object name - TPM2B_DIGEST* creation, // IN: creation hash - TPMT_TK_CREATION* ticket // OUT: created ticket - ) + TPM2B_NAME* name, // IN: object name + TPM2B_DIGEST* creation, // IN: creation hash + TPMT_TK_CREATION* ticket // OUT: created ticket +) { TPM_RC result = TPM_RC_SUCCESS; TPM2B_PROOF proof; @@ -290,7 +290,7 @@ TPM_RC TicketComputeCreation(TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for // Get proper proof result = HierarchyGetProof(hierarchy, &proof); if(result != TPM_RC_SUCCESS) - return result; + return result; // Fill in ticket fields ticket->tag = TPM_ST_CREATION; @@ -298,14 +298,14 @@ TPM_RC TicketComputeCreation(TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for // Start HMAC using hierarchy proof as HMAC key ticket->digest.t.size = - CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof.b); + CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof.b); MemorySet(proof.b.buffer, 0, proof.b.size); // TPM_ST_CREATION CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); // name if provided if(name != NULL) - CryptDigestUpdate2B(&hmacState.hashState, &name->b); + CryptDigestUpdate2B(&hmacState.hashState, &name->b); // creation hash CryptDigestUpdate2B(&hmacState.hashState, &creation->b); // Done diff --git a/src/tpm2/Ticket_fp.h b/src/tpm2/Ticket_fp.h index e291ac36..2cc80b45 100644 --- a/src/tpm2/Ticket_fp.h +++ b/src/tpm2/Ticket_fp.h @@ -58,46 +58,62 @@ /* */ /********************************************************************************/ -#ifndef TICKET_FP_H -#define TICKET_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ -BOOL -TicketIsSafe( - TPM2B *buffer - ); -TPM_RC -TicketComputeVerified( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - TPM2B_DIGEST *digest, // IN: digest - TPM2B_NAME *keyName, // IN: name of key that signed the values - TPMT_TK_VERIFIED *ticket // OUT: verified ticket - ); -TPM_RC -TicketComputeAuth( - TPM_ST type, // IN: the type of ticket. - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - UINT64 timeout, // IN: timeout - BOOL expiresOnReset,// IN: flag to indicate if ticket expires on - // TPM Reset - TPM2B_DIGEST *cpHashA, // IN: input cpHashA - TPM2B_NONCE *policyRef, // IN: input policyRef - TPM2B_NAME *entityName, // IN: name of entity - TPMT_TK_AUTH *ticket // OUT: Created ticket - ); -TPM_RC -TicketComputeHashCheck( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket - TPM_ALG_ID hashAlg, // IN: the hash algorithm for 'digest' - TPM2B_DIGEST *digest, // IN: input digest - TPMT_TK_HASHCHECK *ticket // OUT: Created ticket - ); -TPM_RC -TicketComputeCreation( - TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket - TPM2B_NAME *name, // IN: object name - TPM2B_DIGEST *creation, // IN: creation hash - TPMT_TK_CREATION *ticket // OUT: created ticket - ); +#ifndef _TICKET_FP_H_ +#define _TICKET_FP_H_ +//*** TicketIsSafe() +// This function indicates if producing a ticket is safe. +// It checks if the leading bytes of an input buffer is TPM_GENERATED_VALUE +// or its substring of canonical form. If so, it is not safe to produce ticket +// for an input buffer claiming to be TPM generated buffer +// Return Type: BOOL +// TRUE(1) safe to produce ticket +// FALSE(0) not safe to produce ticket +BOOL TicketIsSafe(TPM2B* buffer); -#endif +//*** TicketComputeVerified() +// This function creates a TPMT_TK_VERIFIED ticket. +TPM_RC TicketComputeVerified( + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket + TPM2B_DIGEST* digest, // IN: digest + TPM2B_NAME* keyName, // IN: name of key that signed the values + TPMT_TK_VERIFIED* ticket // OUT: verified ticket +); + +//*** TicketComputeAuth() +// This function creates a TPMT_TK_AUTH ticket. +TPM_RC TicketComputeAuth( + TPM_ST type, // IN: the type of ticket. + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket + UINT64 timeout, // IN: timeout + BOOL expiresOnReset, // IN: flag to indicate if ticket expires on + // TPM Reset + TPM2B_DIGEST* cpHashA, // IN: input cpHashA + TPM2B_NONCE* policyRef, // IN: input policyRef + TPM2B_NAME* entityName, // IN: name of entity + TPMT_TK_AUTH* ticket // OUT: Created ticket +); + +//*** TicketComputeHashCheck() +// This function creates a TPMT_TK_HASHCHECK ticket. +TPM_RC TicketComputeHashCheck( + TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket + TPM_ALG_ID hashAlg, // IN: the hash algorithm for 'digest' + TPM2B_DIGEST* digest, // IN: input digest + TPMT_TK_HASHCHECK* ticket // OUT: Created ticket +); + +//*** TicketComputeCreation() +// This function creates a TPMT_TK_CREATION ticket. +TPM_RC TicketComputeCreation(TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket + TPM2B_NAME* name, // IN: object name + TPM2B_DIGEST* creation, // IN: creation hash + TPMT_TK_CREATION* ticket // OUT: created ticket +); + +#endif // _TICKET_FP_H_ diff --git a/src/tpm2/Time.c b/src/tpm2/Time.c index e700e755..a80a8596 100644 --- a/src/tpm2/Time.c +++ b/src/tpm2/Time.c @@ -109,13 +109,13 @@ static void TimeNewEpoch(void) // until startup completes. When Startup is done, then it will create the epoch // nonce to complete the initializations by calling this function. BOOL TimeStartup(STARTUP_TYPE type // IN: start up type - ) +) { NOT_REFERENCED(type); // If the previous cycle is orderly shut down, the value of the safe bit // the same as previously saved. Otherwise, it is not safe. if(!NV_IS_ORDERLY) - go.clockSafe = NO; + go.clockSafe = NO; return TRUE; } @@ -126,34 +126,34 @@ BOOL TimeStartup(STARTUP_TYPE type // IN: start up type // not cause an NV write, then go.clock is updated. If an NV write occurs, then // go.safe is SET. void TimeClockUpdate(UINT64 newTime // IN: New time value in mS. - ) +) { #define CLOCK_UPDATE_MASK ((1ULL << NV_CLOCK_UPDATE_INTERVAL) - 1) // Check to see if the update will cause a need for an nvClock update if((newTime | CLOCK_UPDATE_MASK) > (go.clock | CLOCK_UPDATE_MASK)) - { - pAssert(g_NvStatus == TPM_RC_SUCCESS); + { + pAssert(g_NvStatus == TPM_RC_SUCCESS); - // Going to update the NV time state so SET the safe flag - go.clockSafe = YES; + // Going to update the NV time state so SET the safe flag + go.clockSafe = YES; - // update the time - go.clock = newTime; + // update the time + go.clock = newTime; - /* libtpms: Changing the clock alone does not cause the permanent - * state to be written to storage, there must be other - * reasons as well. - */ - UPDATE_TYPE old_g_updateNV = g_updateNV; // libtpms added + /* libtpms: Changing the clock alone does not cause the permanent + * state to be written to storage, there must be other + * reasons as well. + */ + UPDATE_TYPE old_g_updateNV = g_updateNV; // libtpms added - NvWrite(NV_ORDERLY_DATA, sizeof(go), &go); + NvWrite(NV_ORDERLY_DATA, sizeof(go), &go); - g_updateNV = old_g_updateNV; // libtpms added - } + g_updateNV = old_g_updateNV; // libtpms added + } else - // No NV update needed so just update - go.clock = newTime; + // No NV update needed so just update + go.clock = newTime; } //*** TimeUpdate() @@ -170,9 +170,9 @@ void TimeUpdate(void) // // Make sure that we consume the current _plat__TimerWasStopped() state. if(_plat__TimerWasStopped()) - { - TimeNewEpoch(); - } + { + TimeNewEpoch(); + } // Get the difference between this call and the last time we updated the tick // timer. elapsed = _plat__TimerRead() - g_time; @@ -209,7 +209,7 @@ void TimeUpdateToCurrent(void) // make any modifications to the internal clock value. Also, defer any clock // processing until TPM has run TPM2_Startup() if(!NV_IS_AVAILABLE || !TPMIsStarted()) - return; + return; TimeUpdate(); } @@ -217,35 +217,35 @@ void TimeUpdateToCurrent(void) //*** TimeSetAdjustRate() // This function is used to perform rate adjustment on 'Time' and 'Clock'. void TimeSetAdjustRate(TPM_CLOCK_ADJUST adjust // IN: adjust constant - ) +) { switch(adjust) - { - case TPM_CLOCK_COARSE_SLOWER: - _plat__ClockRateAdjust(PLAT_TPM_CLOCK_ADJUST_COARSE_SLOWER); - break; - case TPM_CLOCK_COARSE_FASTER: - _plat__ClockRateAdjust(PLAT_TPM_CLOCK_ADJUST_COARSE_FASTER); - break; - case TPM_CLOCK_MEDIUM_SLOWER: - _plat__ClockRateAdjust(PLAT_TPM_CLOCK_ADJUST_MEDIUM_SLOWER); - break; - case TPM_CLOCK_MEDIUM_FASTER: - _plat__ClockRateAdjust(PLAT_TPM_CLOCK_ADJUST_MEDIUM_FASTER); - break; - case TPM_CLOCK_FINE_SLOWER: - _plat__ClockRateAdjust(PLAT_TPM_CLOCK_ADJUST_FINE_SLOWER); - break; - case TPM_CLOCK_FINE_FASTER: - _plat__ClockRateAdjust(PLAT_TPM_CLOCK_ADJUST_FINE_FASTER); - break; - case TPM_CLOCK_NO_CHANGE: - break; - default: - // should have been blocked sooner - FAIL(FATAL_ERROR_INTERNAL); - break; - } + { + case TPM_CLOCK_COARSE_SLOWER: + _plat__ClockRateAdjust(PLAT_TPM_CLOCK_ADJUST_COARSE_SLOWER); + break; + case TPM_CLOCK_COARSE_FASTER: + _plat__ClockRateAdjust(PLAT_TPM_CLOCK_ADJUST_COARSE_FASTER); + break; + case TPM_CLOCK_MEDIUM_SLOWER: + _plat__ClockRateAdjust(PLAT_TPM_CLOCK_ADJUST_MEDIUM_SLOWER); + break; + case TPM_CLOCK_MEDIUM_FASTER: + _plat__ClockRateAdjust(PLAT_TPM_CLOCK_ADJUST_MEDIUM_FASTER); + break; + case TPM_CLOCK_FINE_SLOWER: + _plat__ClockRateAdjust(PLAT_TPM_CLOCK_ADJUST_FINE_SLOWER); + break; + case TPM_CLOCK_FINE_FASTER: + _plat__ClockRateAdjust(PLAT_TPM_CLOCK_ADJUST_FINE_FASTER); + break; + case TPM_CLOCK_NO_CHANGE: + break; + default: + // should have been blocked sooner + FAIL(FATAL_ERROR_INTERNAL); + break; + } return; } @@ -256,7 +256,7 @@ void TimeSetAdjustRate(TPM_CLOCK_ADJUST adjust // IN: adjust constant // and returns the marshaled size UINT16 TimeGetMarshaled(TIME_INFO* dataBuffer // OUT: result buffer - ) +) { TPMS_TIME_INFO timeInfo; @@ -279,9 +279,9 @@ void TimeFillInfo(TPMS_CLOCK_INFO* clockInfo) // If NV is not available, clock stopped advancing and the value reported is // not "safe". if(NV_IS_AVAILABLE) - clockInfo->safe = go.clockSafe; + clockInfo->safe = go.clockSafe; else - clockInfo->safe = NO; + clockInfo->safe = NO; return; } diff --git a/src/tpm2/Time_fp.h b/src/tpm2/Time_fp.h index a18ab54a..56f74a27 100644 --- a/src/tpm2/Time_fp.h +++ b/src/tpm2/Time_fp.h @@ -87,7 +87,7 @@ void TimePowerOn(void); // until startup completes. When Startup is done, then it will create the epoch // nonce to complete the initializations by calling this function. BOOL TimeStartup(STARTUP_TYPE type // IN: start up type - ); +); //*** TimeClockUpdate() // This function updates go.clock. If 'newTime' requires an update of NV, then @@ -96,7 +96,7 @@ BOOL TimeStartup(STARTUP_TYPE type // IN: start up type // not cause an NV write, then go.clock is updated. If an NV write occurs, then // go.safe is SET. void TimeClockUpdate(UINT64 newTime // IN: New time value in mS. - ); +); //*** TimeUpdate() // This function is used to update the time and clock values. If the TPM @@ -129,7 +129,7 @@ void TimeUpdateToCurrent(void); //*** TimeSetAdjustRate() // This function is used to perform rate adjustment on 'Time' and 'Clock'. void TimeSetAdjustRate(TPM_CLOCK_ADJUST adjust // IN: adjust constant - ); +); //*** TimeGetMarshaled() // This function is used to access TPMS_TIME_INFO in canonical form. @@ -137,7 +137,7 @@ void TimeSetAdjustRate(TPM_CLOCK_ADJUST adjust // IN: adjust constant // and returns the marshaled size UINT16 TimeGetMarshaled(TIME_INFO* dataBuffer // OUT: result buffer - ); +); //*** TimeFillInfo // This function gathers information to fill in a TPMS_CLOCK_INFO structure. diff --git a/src/tpm2/Tpm.h b/src/tpm2/Tpm.h index 819f8a3b..7dbe8ac7 100644 --- a/src/tpm2/Tpm.h +++ b/src/tpm2/Tpm.h @@ -67,9 +67,9 @@ #include "TpmAlgorithmDefines.h" #include "LibSupport.h" // Types from the library. These need to come before -// Global.h because some of the structures in -// that file depend on the structures used by the -// cryptographic libraries. + // Global.h because some of the structures in + // that file depend on the structures used by the + // cryptographic libraries. #include "GpMacros.h" // Define additional macros #include "Global.h" // Define other TPM types #include "InternalRoutines.h" // Function prototypes diff --git a/src/tpm2/TpmAsn1.c b/src/tpm2/TpmASN1.c similarity index 86% rename from src/tpm2/TpmAsn1.c rename to src/tpm2/TpmASN1.c index a810e1ca..bc150138 100644 --- a/src/tpm2/TpmAsn1.c +++ b/src/tpm2/TpmASN1.c @@ -75,7 +75,7 @@ // TRUE(1) success // FALSE(0) failure BOOL ASN1UnmarshalContextInitialize( - ASN1UnmarshalContext* ctx, INT16 size, BYTE* buffer) + ASN1UnmarshalContext* ctx, INT16 size, BYTE* buffer) { GOTO_ERROR_UNLESS(buffer != NULL); GOTO_ERROR_UNLESS(size > 0); @@ -84,7 +84,7 @@ BOOL ASN1UnmarshalContextInitialize( ctx->offset = 0; ctx->tag = 0xFF; return TRUE; - Error: +Error: return FALSE; } @@ -104,32 +104,32 @@ ASN1DecodeLength(ASN1UnmarshalContext* ctx) // If the number of octets of the entity is larger than 127, then the first octet // is the number of octets in the length specifier. if(first >= 0x80) - { - // Make sure that this length field is contained with the structure being - // parsed - CHECK_SIZE(ctx, (first & 0x7F)); - if(first == 0x82) - { - // Two octets of size - // get the next value - value = (INT16)NEXT_OCTET(ctx); - // Make sure that the result will fit in an INT16 - GOTO_ERROR_UNLESS(value < 0x0080); - // Shift up and add next octet - value = (value << 8) + NEXT_OCTET(ctx); - } - else if(first == 0x81) - value = NEXT_OCTET(ctx); - // Sizes larger than will fit in a INT16 are an error - else - goto Error; - } + { + // Make sure that this length field is contained with the structure being + // parsed + CHECK_SIZE(ctx, (first & 0x7F)); + if(first == 0x82) + { + // Two octets of size + // get the next value + value = (INT16)NEXT_OCTET(ctx); + // Make sure that the result will fit in an INT16 + GOTO_ERROR_UNLESS(value < 0x0080); + // Shift up and add next octet + value = (value << 8) + NEXT_OCTET(ctx); + } + else if(first == 0x81) + value = NEXT_OCTET(ctx); + // Sizes larger than will fit in a INT16 are an error + else + goto Error; + } else - value = first; + value = first; // Make sure that the size defined something within the current context CHECK_SIZE(ctx, value); return value; - Error: +Error: ctx->size = -1; // Makes everything fail from now on. return -1; } @@ -154,7 +154,7 @@ ASN1NextTag(ASN1UnmarshalContext* ctx) // Get the length field and return that return ASN1DecodeLength(ctx); - Error: +Error: // Attempt to read beyond the end of the context or an illegal tag ctx->size = -1; // Persistent failure ctx->tag = 0xFF; @@ -188,26 +188,26 @@ BOOL ASN1GetBitStringValue(ASN1UnmarshalContext* ctx, UINT32* val) GOTO_ERROR_UNLESS((shift < 8) && ((length > 0) || (shift == 0))); // if there are any bytes left for(; length > 1; length--) - { + { - // for all but the last octet, just shift and add the new octet - GOTO_ERROR_UNLESS((value & 0xFF000000) == 0); // can't loose significant bits - value = (value << 8) + NEXT_OCTET(ctx); - } + // for all but the last octet, just shift and add the new octet + GOTO_ERROR_UNLESS((value & 0xFF000000) == 0); // can't loose significant bits + value = (value << 8) + NEXT_OCTET(ctx); + } if(length == 1) - { - // for the last octet, just shift the accumulated value enough to - // accept the significant bits in the last octet and shift the last - // octet down - GOTO_ERROR_UNLESS(((value & (0xFF000000 << (8 - shift)))) == 0); - value = (value << (8 - shift)) + (NEXT_OCTET(ctx) >> shift); - } + { + // for the last octet, just shift the accumulated value enough to + // accept the significant bits in the last octet and shift the last + // octet down + GOTO_ERROR_UNLESS(((value & (0xFF000000 << (8 - shift)))) == 0); + value = (value << (8 - shift)) + (NEXT_OCTET(ctx) >> shift); + } // 'Left justify' the result if(inputBits > 0) - value <<= (32 - inputBits); + value <<= (32 - inputBits); *val = value; return TRUE; - Error: +Error: ctx->size = -1; return FALSE; } @@ -259,13 +259,13 @@ BOOL ASN1GetBitStringValue(ASN1UnmarshalContext* ctx, UINT32* val) // This creates a structure for handling marshaling of an ASN.1 formatted data // structure. void ASN1InitialializeMarshalContext( - ASN1MarshalContext* ctx, INT16 length, BYTE* buffer) + ASN1MarshalContext* ctx, INT16 length, BYTE* buffer) { ctx->buffer = buffer; if(buffer) - ctx->offset = length; + ctx->offset = length; else - ctx->offset = INT16_MAX; + ctx->offset = INT16_MAX; ctx->end = ctx->offset; ctx->depth = -1; } @@ -309,7 +309,7 @@ ASN1EndEncapsulation(ASN1MarshalContext* ctx, BYTE tag) { // only add a leading zero for an encapsulated BIT STRING if(tag == ASN1_BITSTRING) - ASN1PushByte(ctx, 0); + ASN1PushByte(ctx, 0); ASN1PushTagAndLength(ctx, tag, ctx->end - ctx->offset); return ASN1EndMarshalContext(ctx); } @@ -318,12 +318,12 @@ ASN1EndEncapsulation(ASN1MarshalContext* ctx, BYTE tag) BOOL ASN1PushByte(ASN1MarshalContext* ctx, BYTE b) { if(ctx->offset > 0) - { - ctx->offset -= 1; - if(ctx->buffer) - ctx->buffer[ctx->offset] = b; - return TRUE; - } + { + ctx->offset -= 1; + if(ctx->buffer) + ctx->buffer[ctx->offset] = b; + return TRUE; + } ctx->offset = -1; return FALSE; } @@ -346,9 +346,9 @@ ASN1PushBytes(ASN1MarshalContext* ctx, INT16 count, const BYTE* buffer) // if there are buffers, move the data, otherwise, assume that this is just a // test. if(count && buffer && ctx->buffer) - MemoryCopy(&ctx->buffer[ctx->offset], buffer, count); + MemoryCopy(&ctx->buffer[ctx->offset], buffer, count); return count; - Error: +Error: ctx->offset = -1; return 0; } @@ -376,23 +376,23 @@ ASN1PushLength(ASN1MarshalContext* ctx, INT16 len) UINT16 start = ctx->offset; GOTO_ERROR_UNLESS(len >= 0); if(len <= 127) - ASN1PushByte(ctx, (BYTE)len); + ASN1PushByte(ctx, (BYTE)len); else - { - ASN1PushByte(ctx, (BYTE)(len & 0xFF)); - len >>= 8; - if(len == 0) - ASN1PushByte(ctx, 0x81); - else - { - ASN1PushByte(ctx, (BYTE)(len)); - ASN1PushByte(ctx, 0x82); - } - } + { + ASN1PushByte(ctx, (BYTE)(len & 0xFF)); + len >>= 8; + if(len == 0) + ASN1PushByte(ctx, 0x81); + else + { + ASN1PushByte(ctx, (BYTE)(len)); + ASN1PushByte(ctx, 0x82); + } + } goto Exit; - Error: +Error: ctx->offset = -1; - Exit: +Exit: return (ctx->offset > 0) ? start - ctx->offset : 0; } @@ -416,7 +416,7 @@ ASN1PushTagAndLength(ASN1MarshalContext* ctx, BYTE tag, INT16 length) // == 0 failure INT16 ASN1PushTaggedOctetString( - ASN1MarshalContext* ctx, INT16 size, const BYTE* string, BYTE tag) + ASN1MarshalContext* ctx, INT16 size, const BYTE* string, BYTE tag) { ASN1PushBytes(ctx, size, string); // PushTagAndLenght just tells how many octets it added so the total size of this @@ -447,18 +447,18 @@ ASN1PushUINT(ASN1MarshalContext* ctx, UINT32 integer) // == 0 failure INT16 ASN1PushInteger(ASN1MarshalContext* ctx, // IN/OUT: buffer context - INT16 iLen, // IN: octets of the integer - BYTE* integer // IN: big-endian integer - ) + INT16 iLen, // IN: octets of the integer + BYTE* integer // IN: big-endian integer +) { // no leading 0's while((*integer == 0) && (--iLen > 0)) - integer++; + integer++; // Move the bytes to the buffer ASN1PushBytes(ctx, iLen, integer); // if needed, add a leading byte of 0 to make the number positive if(*integer & 0x80) - iLen += (INT16)ASN1PushByte(ctx, 0); + iLen += (INT16)ASN1PushByte(ctx, 0); // PushTagAndLenght just tells how many octets it added so the total size of this // element is the sum of those octets and the adjusted input size. iLen += ASN1PushTagAndLength(ctx, ASN1_INTEGER, iLen); @@ -476,9 +476,9 @@ INT16 ASN1PushOID(ASN1MarshalContext* ctx, const BYTE* OID) { if((*OID == ASN1_OBJECT_IDENTIFIER) && ((OID[1] & 0x80) == 0)) - { - return ASN1PushBytes(ctx, OID[1] + 2, OID); - } + { + return ASN1PushBytes(ctx, OID[1] + 2, OID); + } ctx->offset = -1; return 0; } diff --git a/src/tpm2/TpmASN1.h b/src/tpm2/TpmASN1.h index da6583ac..c62799c9 100644 --- a/src/tpm2/TpmASN1.h +++ b/src/tpm2/TpmASN1.h @@ -116,9 +116,9 @@ #endif // Checks the validity of the size making sure that there is no wrap around -#define CHECK_SIZE(context, length) \ +#define CHECK_SIZE(context, length) \ GOTO_ERROR_UNLESS((((length) + (context)->offset) >= (context)->offset) \ - && (((length) + (context)->offset) <= (context)->size)) + && (((length) + (context)->offset) <= (context)->size)) #define NEXT_OCTET(context) ((context)->buffer[(context)->offset++]) #define PEEK_NEXT(context) ((context)->buffer[(context)->offset]) @@ -137,9 +137,9 @@ typedef struct ASN1UnmarshalContext { BYTE* buffer; // pointer to the buffer INT16 size; // size of the buffer (a negative number indicates - // a parsing failure). + // a parsing failure). INT16 offset; // current offset into the buffer (a negative number - // indicates a parsing failure). Not used + // indicates a parsing failure). Not used BYTE tag; // The last unmarshaled tag } ASN1UnmarshalContext; @@ -147,7 +147,7 @@ typedef struct ASN1MarshalContext { BYTE* buffer; // pointer to the start of the buffer INT16 offset; // place on the top where the last entry was added - // items are added from the bottom up. + // items are added from the bottom up. INT16 end; // the end offset of the current value INT16 depth; // how many pushed end values. INT16 ends[MAX_DEPTH]; diff --git a/src/tpm2/TpmASN1_fp.h b/src/tpm2/TpmASN1_fp.h index a1b2e535..0d1f2ae9 100644 --- a/src/tpm2/TpmASN1_fp.h +++ b/src/tpm2/TpmASN1_fp.h @@ -72,7 +72,7 @@ // TRUE(1) success // FALSE(0) failure BOOL ASN1UnmarshalContextInitialize( - ASN1UnmarshalContext* ctx, INT16 size, BYTE* buffer); + ASN1UnmarshalContext* ctx, INT16 size, BYTE* buffer); //***ASN1DecodeLength() // This function extracts the length of an element from 'buffer' starting at 'offset'. @@ -107,7 +107,7 @@ BOOL ASN1GetBitStringValue(ASN1UnmarshalContext* ctx, UINT32* val); // This creates a structure for handling marshaling of an ASN.1 formatted data // structure. void ASN1InitialializeMarshalContext( - ASN1MarshalContext* ctx, INT16 length, BYTE* buffer); + ASN1MarshalContext* ctx, INT16 length, BYTE* buffer); //*** ASN1StartMarshalContext() // This starts a new constructed element. It is constructed on 'top' of the value @@ -173,7 +173,7 @@ ASN1PushTagAndLength(ASN1MarshalContext* ctx, BYTE tag, INT16 length); // == 0 failure INT16 ASN1PushTaggedOctetString( - ASN1MarshalContext* ctx, INT16 size, const BYTE* string, BYTE tag); + ASN1MarshalContext* ctx, INT16 size, const BYTE* string, BYTE tag); //*** ASN1PushUINT() // This function pushes an native-endian integer value. This just changes a @@ -192,9 +192,9 @@ ASN1PushUINT(ASN1MarshalContext* ctx, UINT32 integer); // == 0 failure INT16 ASN1PushInteger(ASN1MarshalContext* ctx, // IN/OUT: buffer context - INT16 iLen, // IN: octets of the integer - BYTE* integer // IN: big-endian integer - ); + INT16 iLen, // IN: octets of the integer + BYTE* integer // IN: big-endian integer +); //*** ASN1PushOID() // This function is used to add an OID. An OID is 0x06 followed by a byte of size @@ -207,4 +207,3 @@ INT16 ASN1PushOID(ASN1MarshalContext* ctx, const BYTE* OID); #endif // _TPM_ASN1_FP_H_ - diff --git a/src/tpm2/TpmAlgorithmDefines.h b/src/tpm2/TpmAlgorithmDefines.h index 41c35cf2..f44232cd 100644 --- a/src/tpm2/TpmAlgorithmDefines.h +++ b/src/tpm2/TpmAlgorithmDefines.h @@ -58,18 +58,27 @@ /* */ /********************************************************************************/ -// 10.1.18 TpmAlgorithmDefines.h -// This file contains the algorithm values from the TCG Algorithm Registry. -#ifndef _TPM_ALGORITHM_DEFINES_H_ -#define _TPM_ALGORITHM_DEFINES_H_ -// Table 2:3 - Definition of Base Types -#define ECC_CURVES \ - {TPM_ECC_BN_P256, TPM_ECC_BN_P638, TPM_ECC_NIST_P192, \ - TPM_ECC_NIST_P224, TPM_ECC_NIST_P256, TPM_ECC_NIST_P384, \ - TPM_ECC_NIST_P521, TPM_ECC_SM2_P256} -#define ECC_CURVE_COUNT \ - (ECC_BN_P256 + ECC_BN_P638 + ECC_NIST_P192 + ECC_NIST_P224 + \ - ECC_NIST_P256 + ECC_NIST_P384 + ECC_NIST_P521 + ECC_SM2_P256) +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT + +#ifndef _TPM_INCLUDE_PRIVATE_TPMALGORITHMDEFINES_H_ +#define _TPM_INCLUDE_PRIVATE_TPMALGORITHMDEFINES_H_ + +#if ALG_ECC + +// Derived ECC Value +# define ECC_CURVES \ + { \ + TPM_ECC_NIST_P192, TPM_ECC_NIST_P224, TPM_ECC_NIST_P256, \ + TPM_ECC_NIST_P384, TPM_ECC_NIST_P521, TPM_ECC_BN_P256, \ + TPM_ECC_BN_P638, TPM_ECC_SM2_P256} + +# define ECC_CURVE_COUNT \ + (ECC_NIST_P192 + ECC_NIST_P224 + ECC_NIST_P256 + ECC_NIST_P384 + ECC_NIST_P521 \ + + ECC_BN_P256 + ECC_BN_P638 + ECC_SM2_P256) + +// Avoid expanding MAX_ECC_KEY_BITS into a long expression, the compiler slows down +// and on some compilers runs out of heap space. + #define MAX_ECC_KEY_BITS \ MAX(ECC_BN_P256 * 256, MAX(ECC_BN_P638 * 638, \ MAX(ECC_NIST_P192 * 192, MAX(ECC_NIST_P224 * 224, \ @@ -78,139 +87,9 @@ 0)))))))) #define MAX_ECC_KEY_BYTES BITS_TO_BYTES(MAX_ECC_KEY_BITS) -// Table 1:12 - Defines for SHA1 Hash Values -#define SHA1_DIGEST_SIZE 20 -#define SHA1_BLOCK_SIZE 64 -// Table 1:13 - Defines for SHA256 Hash Values -#define SHA256_DIGEST_SIZE 32 -#define SHA256_BLOCK_SIZE 64 -// Table 1:14 - Defines for SHA384 Hash Values -#define SHA384_DIGEST_SIZE 48 -#define SHA384_BLOCK_SIZE 128 -// Table 1:15 - Defines for SHA512 Hash Values -#define SHA512_DIGEST_SIZE 64 -#define SHA512_BLOCK_SIZE 128 -// Table 1:16 - Defines for SM3_256 Hash Values -#define SM3_256_DIGEST_SIZE 32 -#define SM3_256_BLOCK_SIZE 64 -// Table 1:16 - Defines for SHA3_256 Hash Values -#define SHA3_256_DIGEST_SIZE 32 -#define SHA3_256_BLOCK_SIZE 136 -// Table 1:16 - Defines for SHA3_384 Hash Values -#define SHA3_384_DIGEST_SIZE 48 -#define SHA3_384_BLOCK_SIZE 104 -// Table 1:16 - Defines for SHA3_512 Hash Values -#define SHA3_512_DIGEST_SIZE 64 -#define SHA3_512_BLOCK_SIZE 72 -// Table 1:00 - Defines for RSA Asymmetric Cipher Algorithm Constants -#define RSA_KEY_SIZES_BITS \ - (1024 * RSA_1024), (2048 * RSA_2048), (3072 * RSA_3072), \ - (4096 * RSA_4096), (16384 * RSA_16384) -#if RSA_16384 -# define RSA_MAX_KEY_SIZE_BITS 16384 -#elif RSA_4096 -# define RSA_MAX_KEY_SIZE_BITS 4096 -#elif RSA_3072 -# define RSA_MAX_KEY_SIZE_BITS 3072 -#elif RSA_2048 -# define RSA_MAX_KEY_SIZE_BITS 2048 -#elif RSA_1024 -# define RSA_MAX_KEY_SIZE_BITS 1024 -#else -# define RSA_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_RSA_KEY_BITS RSA_MAX_KEY_SIZE_BITS -#define MAX_RSA_KEY_BYTES ((RSA_MAX_KEY_SIZE_BITS + 7) / 8) -// Table 1:17 - Defines for AES Symmetric Cipher Algorithm Constants -#define AES_KEY_SIZES_BITS \ - (128 * AES_128), (192 * AES_192), (256 * AES_256) -#if AES_256 -# define AES_MAX_KEY_SIZE_BITS 256 -#elif AES_192 -# define AES_MAX_KEY_SIZE_BITS 192 -#elif AES_128 -# define AES_MAX_KEY_SIZE_BITS 128 -#else -# define AES_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_AES_KEY_BITS AES_MAX_KEY_SIZE_BITS -#define MAX_AES_KEY_BYTES ((AES_MAX_KEY_SIZE_BITS + 7) / 8) -#define AES_128_BLOCK_SIZE_BYTES (AES_128 * 16) -#define AES_192_BLOCK_SIZE_BYTES (AES_192 * 16) -#define AES_256_BLOCK_SIZE_BYTES (AES_256 * 16) -#define AES_BLOCK_SIZES \ - AES_128_BLOCK_SIZE_BYTES, AES_192_BLOCK_SIZE_BYTES, \ - AES_256_BLOCK_SIZE_BYTES -#if ALG_AES -# define AES_MAX_BLOCK_SIZE 16 -#else -# define AES_MAX_BLOCK_SIZE 0 -#endif -#define MAX_AES_BLOCK_SIZE_BYTES AES_MAX_BLOCK_SIZE -// 1:18 - Defines for SM4 Symmetric Cipher Algorithm Constants -#define SM4_KEY_SIZES_BITS (128 * SM4_128) -#if SM4_128 -# define SM4_MAX_KEY_SIZE_BITS 128 -#else -# define SM4_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_SM4_KEY_BITS SM4_MAX_KEY_SIZE_BITS -#define MAX_SM4_KEY_BYTES ((SM4_MAX_KEY_SIZE_BITS + 7) / 8) -#define SM4_128_BLOCK_SIZE_BYTES (SM4_128 * 16) -#define SM4_BLOCK_SIZES SM4_128_BLOCK_SIZE_BYTES -#if ALG_SM4 -# define SM4_MAX_BLOCK_SIZE 16 -#else -# define SM4_MAX_BLOCK_SIZE 0 -#endif -#define MAX_SM4_BLOCK_SIZE_BYTES SM4_MAX_BLOCK_SIZE -// 1:19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants -#define CAMELLIA_KEY_SIZES_BITS \ - (128 * CAMELLIA_128), (192 * CAMELLIA_192), (256 * CAMELLIA_256) -#if CAMELLIA_256 -# define CAMELLIA_MAX_KEY_SIZE_BITS 256 -#elif CAMELLIA_192 -# define CAMELLIA_MAX_KEY_SIZE_BITS 192 -#elif CAMELLIA_128 -# define CAMELLIA_MAX_KEY_SIZE_BITS 128 -#else -# define CAMELLIA_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_CAMELLIA_KEY_BITS CAMELLIA_MAX_KEY_SIZE_BITS -#define MAX_CAMELLIA_KEY_BYTES ((CAMELLIA_MAX_KEY_SIZE_BITS + 7) / 8) -#define CAMELLIA_128_BLOCK_SIZE_BYTES (CAMELLIA_128 * 16) -#define CAMELLIA_192_BLOCK_SIZE_BYTES (CAMELLIA_192 * 16) -#define CAMELLIA_256_BLOCK_SIZE_BYTES (CAMELLIA_256 * 16) -#define CAMELLIA_BLOCK_SIZES \ - CAMELLIA_128_BLOCK_SIZE_BYTES, CAMELLIA_192_BLOCK_SIZE_BYTES, \ - CAMELLIA_256_BLOCK_SIZE_BYTES -#if ALG_CAMELLIA -# define CAMELLIA_MAX_BLOCK_SIZE 16 -#else -# define CAMELLIA_MAX_BLOCK_SIZE 0 -#endif -#define MAX_CAMELLIA_BLOCK_SIZE_BYTES CAMELLIA_MAX_BLOCK_SIZE -// 1:17 - Defines for TDES Symmetric Cipher Algorithm Constants -#define TDES_KEY_SIZES_BITS (128 * TDES_128), (192 * TDES_192) -#if TDES_192 -# define TDES_MAX_KEY_SIZE_BITS 192 -#elif TDES_128 -# define TDES_MAX_KEY_SIZE_BITS 128 -#else -# define TDES_MAX_KEY_SIZE_BITS 0 -#endif -#define MAX_TDES_KEY_BITS TDES_MAX_KEY_SIZE_BITS -#define MAX_TDES_KEY_BYTES ((TDES_MAX_KEY_SIZE_BITS + 7) / 8) -#define TDES_128_BLOCK_SIZE_BYTES (TDES_128 * 8) -#define TDES_192_BLOCK_SIZE_BYTES (TDES_192 * 8) -#define TDES_BLOCK_SIZES \ - TDES_128_BLOCK_SIZE_BYTES, TDES_192_BLOCK_SIZE_BYTES -#if ALG_TDES -# define TDES_MAX_BLOCK_SIZE 8 -#else -# define TDES_MAX_BLOCK_SIZE 0 -#endif -#define MAX_TDES_BLOCK_SIZE_BYTES TDES_MAX_BLOCK_SIZE +#endif // ALG_ECC + + // Additional values for benefit of code #if COMPRESSED_LISTS #define ADD_FILL 0 @@ -354,47 +233,211 @@ #define VENDOR_COMMAND_ARRAY_SIZE (0 + CC_Vendor_TCG_Test) #define COMMAND_COUNT (LIBRARY_COMMAND_ARRAY_SIZE + VENDOR_COMMAND_ARRAY_SIZE) -#define HASH_COUNT \ - (ALG_SHA1 + ALG_SHA256 + ALG_SHA384 + ALG_SHA3_256 + \ - ALG_SHA3_384 + ALG_SHA3_512 + ALG_SHA512 + ALG_SM3_256) -#define MAX_HASH_BLOCK_SIZE \ - (MAX(ALG_SHA1 * SHA1_BLOCK_SIZE, \ - MAX(ALG_SHA256 * SHA256_BLOCK_SIZE, \ - MAX(ALG_SHA384 * SHA384_BLOCK_SIZE, \ - MAX(ALG_SHA3_256 * SHA3_256_BLOCK_SIZE, \ - MAX(ALG_SHA3_384 * SHA3_384_BLOCK_SIZE, \ - MAX(ALG_SHA3_512 * SHA3_512_BLOCK_SIZE, \ - MAX(ALG_SHA512 * SHA512_BLOCK_SIZE, \ - MAX(ALG_SM3_256 * SM3_256_BLOCK_SIZE, \ - 0))))))))) -#define MAX_DIGEST_SIZE \ - (MAX(ALG_SHA1 * SHA1_DIGEST_SIZE, \ - MAX(ALG_SHA256 * SHA256_DIGEST_SIZE, \ - MAX(ALG_SHA384 * SHA384_DIGEST_SIZE, \ - MAX(ALG_SHA3_256 * SHA3_256_DIGEST_SIZE, \ - MAX(ALG_SHA3_384 * SHA3_384_DIGEST_SIZE, \ - MAX(ALG_SHA3_512 * SHA3_512_DIGEST_SIZE, \ - MAX(ALG_SHA512 * SHA512_DIGEST_SIZE, \ - MAX(ALG_SM3_256 * SM3_256_DIGEST_SIZE, \ - 0))))))))) -#if MAX_DIGEST_SIZE == 0 || MAX_HASH_BLOCK_SIZE == 0 -#error "Hash data not valid" -#endif -// Define the 2B structure that would hold any hash block -TPM2B_TYPE(MAX_HASH_BLOCK, MAX_HASH_BLOCK_SIZE); -// Following typedef is for some old code -typedef TPM2B_MAX_HASH_BLOCK TPM2B_HASH_BLOCK; +#if ALG_RSA +// Table "Defines for RSA Asymmetric Cipher Algorithm Constants" (TCG Algorithm Registry) +# define RSA_KEY_SIZES_BITS \ + (RSA_1024 * 1024), (RSA_2048 * 2048), (RSA_3072 * 3072), (RSA_4096 * 4096), \ + (RSA_16384 * 16384) + +# if RSA_16384 +# define RSA_MAX_KEY_SIZE_BITS 16384 +# elif RSA_4096 +# define RSA_MAX_KEY_SIZE_BITS 4096 +# elif RSA_3072 +# define RSA_MAX_KEY_SIZE_BITS 3072 +# elif RSA_2048 +# define RSA_MAX_KEY_SIZE_BITS 2048 +# elif RSA_1024 +# define RSA_MAX_KEY_SIZE_BITS 1024 +# else +# error RSA Enabled, but no RSA key sizes enabled. +# endif + +# define MAX_RSA_KEY_BITS RSA_MAX_KEY_SIZE_BITS +# define MAX_RSA_KEY_BYTES BITS_TO_BYTES(RSA_MAX_KEY_SIZE_BITS) +#endif // ALG_RSA + +// Table "Defines for AES Symmetric Cipher Algorithm Constants" (TCG Algorithm Registry) +#define AES_KEY_SIZES_BITS (128 * AES_128), (192 * AES_192), (256 * AES_256) +#define MAX_AES_KEY_BITS AES_MAX_KEY_SIZE_BITS +#define MAX_AES_KEY_BYTES ((AES_MAX_KEY_SIZE_BITS + 7) / 8) +#define AES_128_BLOCK_SIZE_BYTES (AES_128 * 16) +#define AES_192_BLOCK_SIZE_BYTES (AES_192 * 16) +#define AES_256_BLOCK_SIZE_BYTES (AES_256 * 16) +#define AES_BLOCK_SIZES \ + AES_128_BLOCK_SIZE_BYTES, AES_192_BLOCK_SIZE_BYTES, \ + AES_256_BLOCK_SIZE_BYTES +#if ALG_AES +# define AES_MAX_BLOCK_SIZE 16 +#else +# define AES_MAX_BLOCK_SIZE 0 +#endif +#define MAX_AES_BLOCK_SIZE_BYTES AES_MAX_BLOCK_SIZE +#if AES_256 +# define AES_MAX_KEY_SIZE_BITS 256 +#elif AES_192 +# define AES_MAX_KEY_SIZE_BITS 192 +#elif AES_128 +# define AES_MAX_KEY_SIZE_BITS 128 +#else +# define AES_MAX_KEY_SIZE_BITS 0 +#endif + +// Table "Defines for SM4 Symmetric Cipher Algorithm Constants" (TCG Algorithm Registry) +#define SM4_KEY_SIZES_BITS (SM4_128 * 128) +#if SM4_128 +# define SM4_MAX_KEY_SIZE_BITS 128 +#else +# define SM4_MAX_KEY_SIZE_BITS 0 +#endif +#define MAX_SM4_KEY_BITS SM4_MAX_KEY_SIZE_BITS +#define MAX_SM4_KEY_BYTES BITS_TO_BYTES(SM4_MAX_KEY_SIZE_BITS) +#define SM4_128_BLOCK_SIZE_BYTES (SM4_128 * 16) +#define SM4_BLOCK_SIZES SM4_128_BLOCK_SIZE_BYTES +#if ALG_SM4 +# define SM4_MAX_BLOCK_SIZE 16 +#else +# define SM4_MAX_BLOCK_SIZE 0 +#endif +#define MAX_SM4_BLOCK_SIZE_BYTES SM4_MAX_BLOCK_SIZE + +// Table "Defines for CAMELLIA Symmetric Cipher Algorithm Constants" (TCG Algorithm Registry) +#define CAMELLIA_KEY_SIZES_BITS \ + (CAMELLIA_128 * 128), (CAMELLIA_192 * 192), (CAMELLIA_256 * 256) +#if CAMELLIA_256 +# define CAMELLIA_MAX_KEY_SIZE_BITS 256 +#elif CAMELLIA_192 +# define CAMELLIA_MAX_KEY_SIZE_BITS 192 +#elif CAMELLIA_128 +# define CAMELLIA_MAX_KEY_SIZE_BITS 128 +#else +# define CAMELLIA_MAX_KEY_SIZE_BITS 0 +#endif +#define MAX_CAMELLIA_KEY_BITS CAMELLIA_MAX_KEY_SIZE_BITS +#define MAX_CAMELLIA_KEY_BYTES ((CAMELLIA_MAX_KEY_SIZE_BITS + 7) / 8) +#define CAMELLIA_128_BLOCK_SIZE_BYTES (CAMELLIA_128 * 16) +#define CAMELLIA_192_BLOCK_SIZE_BYTES (CAMELLIA_192 * 16) +#define CAMELLIA_256_BLOCK_SIZE_BYTES (CAMELLIA_256 * 16) +#define CAMELLIA_BLOCK_SIZES \ + CAMELLIA_128_BLOCK_SIZE_BYTES, CAMELLIA_192_BLOCK_SIZE_BYTES, \ + CAMELLIA_256_BLOCK_SIZE_BYTES +#if ALG_CAMELLIA +# define CAMELLIA_MAX_BLOCK_SIZE 16 +#else +# define CAMELLIA_MAX_BLOCK_SIZE 0 +#endif +#define MAX_CAMELLIA_BLOCK_SIZE_BYTES CAMELLIA_MAX_BLOCK_SIZE + +// libtpms added begin +#define TDES_KEY_SIZES_BITS (128 * TDES_128), (192 * TDES_192) +#if TDES_192 +# define TDES_MAX_KEY_SIZE_BITS 192 +#elif TDES_128 +# define TDES_MAX_KEY_SIZE_BITS 128 +#else +# define TDES_MAX_KEY_SIZE_BITS 0 +#endif +#define MAX_TDES_KEY_BITS TDES_MAX_KEY_SIZE_BITS +#define MAX_TDES_KEY_BYTES ((TDES_MAX_KEY_SIZE_BITS + 7) / 8) +#define TDES_128_BLOCK_SIZE_BYTES (TDES_128 * 8) +#define TDES_192_BLOCK_SIZE_BYTES (TDES_192 * 8) +#define TDES_BLOCK_SIZES \ + TDES_128_BLOCK_SIZE_BYTES, TDES_192_BLOCK_SIZE_BYTES +#if ALG_TDES +# define TDES_MAX_BLOCK_SIZE 8 +#else +# define TDES_MAX_BLOCK_SIZE 0 +#endif +#define MAX_TDES_BLOCK_SIZE_BYTES TDES_MAX_BLOCK_SIZE +// libtpms added end + +// Derived Symmetric Values +#define MAX_SYM_BLOCK_SIZE \ + (MAX(AES_MAX_BLOCK_SIZE, MAX(CAMELLIA_MAX_BLOCK_SIZE, \ + MAX(SM4_MAX_BLOCK_SIZE, MAX(TDES_MAX_BLOCK_SIZE, \ + 0))))) #define MAX_SYM_KEY_BITS \ (MAX(AES_MAX_KEY_SIZE_BITS, MAX(CAMELLIA_MAX_KEY_SIZE_BITS, \ MAX(SM4_MAX_KEY_SIZE_BITS, MAX(TDES_MAX_KEY_SIZE_BITS, \ 0))))) -#define MAX_SYM_KEY_BYTES ((MAX_SYM_KEY_BITS + 7) / 8) -#define MAX_SYM_BLOCK_SIZE \ - (MAX(AES_MAX_BLOCK_SIZE, MAX(CAMELLIA_MAX_BLOCK_SIZE, \ - MAX(SM4_MAX_BLOCK_SIZE, MAX(TDES_MAX_BLOCK_SIZE, \ - 0))))) +#define MAX_SYM_KEY_BYTES ((MAX_SYM_KEY_BITS + 7) / 8) #if MAX_SYM_KEY_BITS == 0 || MAX_SYM_BLOCK_SIZE == 0 # error Bad size for MAX_SYM_KEY_BITS or MAX_SYM_BLOCK #endif -#endif // _TPM_ALGORITHM_DEFINES_H_ + + + +// Table "Defines for SHA1 Hash Values" (TCG Algorithm Registry) +#define SHA1_DIGEST_SIZE 20 +#define SHA1_BLOCK_SIZE 64 + +// Table "Defines for SHA256 Hash Values" (TCG Algorithm Registry) +#define SHA256_DIGEST_SIZE 32 +#define SHA256_BLOCK_SIZE 64 + +// Table "Defines for SHA384 Hash Values" (TCG Algorithm Registry) +#define SHA384_DIGEST_SIZE 48 +#define SHA384_BLOCK_SIZE 128 + +// Table "Defines for SHA512 Hash Values" (TCG Algorithm Registry) +#define SHA512_DIGEST_SIZE 64 +#define SHA512_BLOCK_SIZE 128 + +// Table "Defines for SM3_256 Hash Values" (TCG Algorithm Registry) +#define SM3_256_DIGEST_SIZE 32 +#define SM3_256_BLOCK_SIZE 64 + +// Table "Defines for SHA3_256 Hash Values" (TCG Algorithm Registry) +#define SHA3_256_DIGEST_SIZE 32 +#define SHA3_256_BLOCK_SIZE 136 + +// Table "Defines for SHA3_384 Hash Values" (TCG Algorithm Registry) +#define SHA3_384_DIGEST_SIZE 48 +#define SHA3_384_BLOCK_SIZE 104 + +// Table "Defines for SHA3_512 Hash Values" (TCG Algorithm Registry) +#define SHA3_512_DIGEST_SIZE 64 +#define SHA3_512_BLOCK_SIZE 72 + +// Derived Hash Values +#define HASH_COUNT \ + (ALG_SHA1 + ALG_SHA256 + ALG_SHA384 + ALG_SHA512 + ALG_SM3_256 + ALG_SHA3_256 \ + + ALG_SHA3_384 + ALG_SHA3_512) + +// Leaving these as MAX-based calculations because (a) they don't slow down the +// build noticably, and (b) hash block and digest sizes vary, so the #if +// cascades for these are significantly more error prone to maintain. +#define MAX_HASH_BLOCK_SIZE \ + MAX((ALG_SHA3_512 * SHA3_512_BLOCK_SIZE), \ + MAX((ALG_SHA3_384 * SHA3_384_BLOCK_SIZE), \ + MAX((ALG_SHA3_256 * SHA3_256_BLOCK_SIZE), \ + MAX((ALG_SM3_256 * SM3_256_BLOCK_SIZE), \ + MAX((ALG_SHA512 * SHA512_BLOCK_SIZE), \ + MAX((ALG_SHA384 * SHA384_BLOCK_SIZE), \ + MAX((ALG_SHA256 * SHA256_BLOCK_SIZE), \ + (ALG_SHA1 * SHA1_BLOCK_SIZE)))))))) + +#define MAX_HASH_DIGEST_SIZE \ + MAX((ALG_SHA3_512 * SHA3_512_DIGEST_SIZE), \ + MAX((ALG_SHA3_384 * SHA3_384_DIGEST_SIZE), \ + MAX((ALG_SHA3_256 * SHA3_256_DIGEST_SIZE), \ + MAX((ALG_SM3_256 * SM3_256_DIGEST_SIZE), \ + MAX((ALG_SHA512 * SHA512_DIGEST_SIZE), \ + MAX((ALG_SHA384 * SHA384_DIGEST_SIZE), \ + MAX((ALG_SHA256 * SHA256_DIGEST_SIZE), \ + (ALG_SHA1 * SHA1_DIGEST_SIZE)))))))) + +#define MAX_DIGEST_SIZE MAX_HASH_DIGEST_SIZE + +#if MAX_HASH_DIGEST_SIZE == 0 || MAX_HASH_BLOCK_SIZE == 0 +# error "Hash data not valid" +#endif + +// Define the 2B structure that would hold any hash block +TPM2B_TYPE(MAX_HASH_BLOCK, MAX_HASH_BLOCK_SIZE); + +// Following typedef is for some old code +typedef TPM2B_MAX_HASH_BLOCK TPM2B_HASH_BLOCK; + +#endif // _TPM_INCLUDE_PRIVATE_TPMALGORITHMDEFINES_H_ diff --git a/src/tpm2/TpmBigNumThunks.c b/src/tpm2/TpmBigNumThunks.c index 560d7b4f..f27254e3 100644 --- a/src/tpm2/TpmBigNumThunks.c +++ b/src/tpm2/TpmBigNumThunks.c @@ -102,13 +102,13 @@ LIB_EXPORT Crypt_Int* ExtMath_Initialize_Int(Crypt_Int* var, NUMBYTES bitCount) // Buffer Converters // ################# LIB_EXPORT Crypt_Int* ExtMath_IntFromBytes( - Crypt_Int* buffer, const BYTE* input, NUMBYTES byteCount) + Crypt_Int* buffer, const BYTE* input, NUMBYTES byteCount) { return (Crypt_Int*)BnFromBytes((bigNum)buffer, input, byteCount); } LIB_EXPORT BOOL ExtMath_IntToBytes( - const Crypt_Int* value, BYTE* output, NUMBYTES* pByteCount) + const Crypt_Int* value, BYTE* output, NUMBYTES* pByteCount) { return BnToBytes((bigConst)value, output, pByteCount); } @@ -132,7 +132,7 @@ LIB_EXPORT BOOL ExtMath_Copy(Crypt_Int* out, const Crypt_Int* in) //** ExtMath_Multiply() // Multiplies two numbers and returns the result LIB_EXPORT BOOL ExtMath_Multiply( - Crypt_Int* result, const Crypt_Int* multiplicand, const Crypt_Int* multiplier) + Crypt_Int* result, const Crypt_Int* multiplicand, const Crypt_Int* multiplier) { return BnMult((bigNum)result, (bigConst)multiplicand, (bigConst)multiplier); } @@ -142,12 +142,12 @@ LIB_EXPORT BOOL ExtMath_Multiply( // an error in the operation. Quotient may be null, in which case this function returns // only the remainder. LIB_EXPORT BOOL ExtMath_Divide(Crypt_Int* quotient, - Crypt_Int* remainder, - const Crypt_Int* dividend, - const Crypt_Int* divisor) + Crypt_Int* remainder, + const Crypt_Int* dividend, + const Crypt_Int* divisor) { return BnDiv( - (bigNum)quotient, (bigNum)remainder, (bigConst)dividend, (bigConst)divisor); + (bigNum)quotient, (bigNum)remainder, (bigConst)dividend, (bigConst)divisor); } #if ALG_RSA && !RSA_KEY_SIEVE // libtpms: changed @@ -155,16 +155,16 @@ LIB_EXPORT BOOL ExtMath_Divide(Crypt_Int* quotient, // Get the greatest common divisor of two numbers. This function is only needed // when the TPM implements RSA. LIB_EXPORT BOOL ExtMath_GCD( - Crypt_Int* gcd, const Crypt_Int* number1, const Crypt_Int* number2) + Crypt_Int* gcd, const Crypt_Int* number1, const Crypt_Int* number2) { return BnGcd((bigNum)gcd, (bigConst)number1, (bigConst)number2); } #endif // ALG_RSA - //*** ExtMath_Add() - // This function adds two Crypt_Int* values. This function always returns TRUE. +//*** ExtMath_Add() +// This function adds two Crypt_Int* values. This function always returns TRUE. LIB_EXPORT BOOL ExtMath_Add( - Crypt_Int* result, const Crypt_Int* op1, const Crypt_Int* op2) + Crypt_Int* result, const Crypt_Int* op1, const Crypt_Int* op2) { return BnAdd((bigNum)result, (bigConst)op1, (bigConst)op2); } @@ -172,7 +172,7 @@ LIB_EXPORT BOOL ExtMath_Add( //*** ExtMath_AddWord() // This function adds a word value to a Crypt_Int*. This function always returns TRUE. LIB_EXPORT BOOL ExtMath_AddWord( - Crypt_Int* result, const Crypt_Int* op, crypt_uword_t word) + Crypt_Int* result, const Crypt_Int* op, crypt_uword_t word) { return BnAddWord((bigNum)result, (bigConst)op, word); } @@ -182,7 +182,7 @@ LIB_EXPORT BOOL ExtMath_AddWord( // when op1 is greater than op2. If op2 is greater than op1, then a fault is // generated. This function always returns TRUE. LIB_EXPORT BOOL ExtMath_Subtract( - Crypt_Int* result, const Crypt_Int* op1, const Crypt_Int* op2) + Crypt_Int* result, const Crypt_Int* op1, const Crypt_Int* op2) { return BnSub((bigNum)result, (bigConst)op1, (bigConst)op2); } @@ -191,7 +191,7 @@ LIB_EXPORT BOOL ExtMath_Subtract( // This function subtracts a word value from a Crypt_Int*. This function always // returns TRUE. LIB_EXPORT BOOL ExtMath_SubtractWord( - Crypt_Int* result, const Crypt_Int* op, crypt_uword_t word) + Crypt_Int* result, const Crypt_Int* op, crypt_uword_t word) { return BnSubWord((bigNum)result, (bigConst)op, word); } @@ -208,9 +208,9 @@ LIB_EXPORT BOOL ExtMath_Mod(Crypt_Int* valueAndResult, const Crypt_Int* modulus) //** ExtMath_ModMult() // Does 'op1' * 'op2' and divide by 'modulus' returning the remainder of the divide. LIB_EXPORT BOOL ExtMath_ModMult(Crypt_Int* result, - const Crypt_Int* op1, - const Crypt_Int* op2, - const Crypt_Int* modulus) + const Crypt_Int* op1, + const Crypt_Int* op2, + const Crypt_Int* modulus) { return BnModMult((bigNum)result, (bigConst)op1, (bigConst)op2, (bigConst)modulus); } @@ -220,19 +220,19 @@ LIB_EXPORT BOOL ExtMath_ModMult(Crypt_Int* result, // Do modular exponentiation using Crypt_Int* values. This function is only needed // when the TPM implements RSA. LIB_EXPORT BOOL ExtMath_ModExp(Crypt_Int* result, - const Crypt_Int* number, - const Crypt_Int* exponent, - const Crypt_Int* modulus) + const Crypt_Int* number, + const Crypt_Int* exponent, + const Crypt_Int* modulus) { return BnModExp( - (bigNum)result, (bigConst)number, (bigConst)exponent, (bigConst)modulus); + (bigNum)result, (bigConst)number, (bigConst)exponent, (bigConst)modulus); } #endif // ALG_RSA - //** ExtMath_ModInverse() - // Modular multiplicative inverse. +//** ExtMath_ModInverse() +// Modular multiplicative inverse. LIB_EXPORT BOOL ExtMath_ModInverse( - Crypt_Int* result, const Crypt_Int* number, const Crypt_Int* modulus) + Crypt_Int* result, const Crypt_Int* number, const Crypt_Int* modulus) { return BnModInverse((bigNum)result, (bigConst)number, (bigConst)modulus); } @@ -241,7 +241,7 @@ LIB_EXPORT BOOL ExtMath_ModInverse( // This function does modular division of a big number when the modulus is a // word value. LIB_EXPORT crypt_word_t ExtMath_ModWord(const Crypt_Int* numerator, - crypt_word_t modulus) + crypt_word_t modulus) { return BnModWord((bigConst)numerator, modulus); } @@ -329,8 +329,8 @@ LIB_EXPORT BOOL ExtMath_SetBit(Crypt_Int* bn, unsigned int bitNum) // TRUE(1) the bit is set // FALSE(0) the bit is not set or the number is out of range LIB_EXPORT BOOL ExtMath_TestBit(Crypt_Int* bn, // IN: number to check - unsigned int bitNum // IN: bit to test - ) + unsigned int bitNum // IN: bit to test +) { return BnTestBit((bigNum)bn, bitNum); } @@ -344,9 +344,9 @@ LIB_EXPORT BOOL ExtMath_TestBit(Crypt_Int* bn, // IN: number to check // TRUE(1) result masked // FALSE(0) the input was not as large as the mask LIB_EXPORT BOOL ExtMath_MaskBits( - Crypt_Int* bn, // IN/OUT: number to mask - crypt_uword_t maskBit // IN: the bit number for the mask. - ) + Crypt_Int* bn, // IN/OUT: number to mask + crypt_uword_t maskBit // IN: the bit number for the mask. +) { return BnMaskBits((bigNum)bn, maskBit); } @@ -355,7 +355,7 @@ LIB_EXPORT BOOL ExtMath_MaskBits( // This function will shift a Crypt_Int* to the right by the shiftAmount. // This function always returns TRUE. LIB_EXPORT BOOL ExtMath_ShiftRight( - Crypt_Int* result, const Crypt_Int* toShift, uint32_t shiftAmount) + Crypt_Int* result, const Crypt_Int* toShift, uint32_t shiftAmount) { return BnShiftRight((bigNum)result, (bigConst)toShift, shiftAmount); } @@ -375,11 +375,11 @@ LIB_EXPORT Crypt_Point* ExtEcc_Initialize_Point(Crypt_Point* point, NUMBYTES bit BnInit((bigNum) & (pBuf->x), BN_STRUCT_ALLOCATION(bitCount)); BnInit((bigNum) & (pBuf->y), BN_STRUCT_ALLOCATION(bitCount)); BnInit((bigNum) & (pBuf->z), BN_STRUCT_ALLOCATION(bitCount)); - + // now feed the addresses of those coordinates to the bn_point_t structure bn_point_t* bnPoint = (bn_point_t*)point; BnInitializePoint( - bnPoint, (bigNum) & (pBuf->x), (bigNum) & (pBuf->y), (bigNum) & (pBuf->z)); + bnPoint, (bigNum) & (pBuf->x), (bigNum) & (pBuf->y), (bigNum) & (pBuf->z)); return point; } @@ -387,7 +387,7 @@ LIB_EXPORT Crypt_Point* ExtEcc_Initialize_Point(Crypt_Point* point, NUMBYTES bit // Curve initializers // ################## LIB_EXPORT const Crypt_EccCurve* ExtEcc_CurveInitialize(Crypt_EccCurve* E, - TPM_ECC_CURVE curveId) + TPM_ECC_CURVE curveId) { return BnCurveInitialize((bigCurveData*)E, curveId); } @@ -409,17 +409,16 @@ LIB_EXPORT void ExtEcc_CurveFree(const Crypt_EccCurve* E) // A point is going to be two ECC values in the same buffer. The values are going // to be the size of the modulus. They are in modular form. LIB_EXPORT Crypt_Point* ExtEcc_PointFromBytes(Crypt_Point* point, - const BYTE* x, - NUMBYTES nBytesX, - const BYTE* y, - NUMBYTES nBytesY) + const BYTE* x, + NUMBYTES nBytesX, + const BYTE* y, + NUMBYTES nBytesY) { return (Crypt_Point*)BnPointFromBytes((bigPoint)point, x, nBytesX, y, nBytesY); } -LIB_EXPORT BOOL ExtEcc_PointToBytes(const Crypt_Point* point, - BYTE* x, NUMBYTES* pBytesX, - BYTE* y, NUMBYTES* pBytesY) +LIB_EXPORT BOOL ExtEcc_PointToBytes( + const Crypt_Point* point, BYTE* x, NUMBYTES* pBytesX, BYTE* y, NUMBYTES* pBytesY) { return BnPointToBytes((pointConst)point, x, pBytesX, y, pBytesY); } @@ -432,7 +431,7 @@ LIB_EXPORT BOOL ExtEcc_PointToBytes(const Crypt_Point* point, // indicates that the result was the point at infinity. This function is only needed // if the TPM supports ECC. LIB_EXPORT BOOL ExtEcc_PointMultiply( - Crypt_Point* R, const Crypt_Point* S, const Crypt_Int* d, const Crypt_EccCurve* E) + Crypt_Point* R, const Crypt_Point* S, const Crypt_Int* d, const Crypt_EccCurve* E) { return BnEccModMult((bigPoint)R, (pointConst)S, (bigConst)d, (bigCurveData*)E); } @@ -442,24 +441,24 @@ LIB_EXPORT BOOL ExtEcc_PointMultiply( // FALSE indicates that the result was the point at infinity. This function is only // needed if the TPM supports ECC. LIB_EXPORT BOOL ExtEcc_PointMultiplyAndAdd(Crypt_Point* R, - const Crypt_Point* S, - const Crypt_Int* d, - const Crypt_Point* Q, - const Crypt_Int* u, - const Crypt_EccCurve* E) + const Crypt_Point* S, + const Crypt_Int* d, + const Crypt_Point* Q, + const Crypt_Int* u, + const Crypt_EccCurve* E) { return BnEccModMult2((bigPoint)R, - (pointConst)S, - (bigConst)d, - (pointConst)Q, - (bigConst)u, - (bigCurveData*)E); + (pointConst)S, + (bigConst)d, + (pointConst)Q, + (bigConst)u, + (bigCurveData*)E); } LIB_EXPORT BOOL ExtEcc_PointAdd(Crypt_Point* R, - const Crypt_Point* S, - const Crypt_Point* Q, - const Crypt_EccCurve* E) + const Crypt_Point* S, + const Crypt_Point* Q, + const Crypt_EccCurve* E) { return BnEccAdd((bigPoint)R, (pointConst)S, (pointConst)Q, (bigCurveData*)E); } diff --git a/src/tpm2/TpmBuildSwitches.h b/src/tpm2/TpmBuildSwitches.h index 789b13dc..49f7630e 100644 --- a/src/tpm2/TpmBuildSwitches.h +++ b/src/tpm2/TpmBuildSwitches.h @@ -244,7 +244,7 @@ #define USE_DA_USED YES // libtpms: YES // This switch is used to enable the self-test capability in AlgorithmTests.c -#define ENABLE_SELF_TESTS YES +#define ENABLE_SELF_TESTS YES // This switch indicates where clock epoch value should be stored. If this value // defined, then it is assumed that the timer will change at any time so the diff --git a/src/tpm2/TpmCalculatedAttributes.h b/src/tpm2/TpmCalculatedAttributes.h index 6b261d4a..e50336d7 100644 --- a/src/tpm2/TpmCalculatedAttributes.h +++ b/src/tpm2/TpmCalculatedAttributes.h @@ -104,26 +104,31 @@ #ifndef CONTEXT_INTEGRITY_HASH_SIZE # define CONTEXT_INTEGRITY_HASH_SIZE CONCAT(CONTEXT_HASH_ALGORITHM, _DIGEST_SIZE) #endif + #if ALG_RSA -# define RSA_SECURITY_STRENGTH \ - (MAX_RSA_KEY_BITS >= 15360 \ - ? 256 \ - : (MAX_RSA_KEY_BITS >= 7680 \ - ? 192 \ - : (MAX_RSA_KEY_BITS >= 3072 \ - ? 128 \ - : (MAX_RSA_KEY_BITS >= 2048 \ - ? 112 \ - : (MAX_RSA_KEY_BITS >= 1024 ? 80 : 0))))) +// This table taken from SP800-57 part 1, Table 2. +// for other key lengths, https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf +// provides the following formula for RSA for a key of modulus length L. +// $$x = \frac{1.923 * \sqrt[3]{L * \ln(2)} * \sqrt[3]{(\ln(L*\ln(2)))^2} - 4.69}{\ln(2)}$$ +# define RSA_SECURITY_STRENGTH \ + (MAX_RSA_KEY_BITS >= 15360 \ + ? 256 \ + : (MAX_RSA_KEY_BITS >= 7680 \ + ? 192 \ + : (MAX_RSA_KEY_BITS >= 3072 \ + ? 128 \ + : (MAX_RSA_KEY_BITS >= 2048 \ + ? 112 \ + : (MAX_RSA_KEY_BITS >= 1024 ? 80 : 0))))) #else # define RSA_SECURITY_STRENGTH 0 #endif // ALG_RSA #if ALG_ECC -# define ECC_SECURITY_STRENGTH \ - (MAX_ECC_KEY_BITS >= 521 \ - ? 256 \ - : (MAX_ECC_KEY_BITS >= 384 ? 192 : (MAX_ECC_KEY_BITS >= 256 ? 128 : 0))) +# define ECC_SECURITY_STRENGTH \ + (MAX_ECC_KEY_BITS >= 521 \ + ? 256 \ + : (MAX_ECC_KEY_BITS >= 384 ? 192 : (MAX_ECC_KEY_BITS >= 256 ? 128 : 0))) #else # define ECC_SECURITY_STRENGTH 0 #endif // ALG_ECC @@ -135,16 +140,16 @@ // Unless some algorithm is broken... #define MAX_SYM_SECURITY_STRENGTH MAX_SYM_KEY_BITS -#define MAX_SECURITY_STRENGTH_BITS \ - MAX(MAX_ASYM_SECURITY_STRENGTH, \ - MAX(MAX_SYM_SECURITY_STRENGTH, MAX_HASH_SECURITY_STRENGTH)) +#define MAX_SECURITY_STRENGTH_BITS \ + MAX(MAX_ASYM_SECURITY_STRENGTH, \ + MAX(MAX_SYM_SECURITY_STRENGTH, MAX_HASH_SECURITY_STRENGTH)) // This is the size that was used before the 1.38 errata requiring that P1.14.4 be // followed #define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE // As required by P1.14.4 -#define COMPLIANT_PROOF_SIZE \ +#define COMPLIANT_PROOF_SIZE \ (MAX(CONTEXT_INTEGRITY_HASH_SIZE, (2 * MAX_SYM_KEY_BYTES))) // As required by P1.14.3.1 diff --git a/src/tpm2/TpmEcc_Signature_ECDAA.c b/src/tpm2/TpmEcc_Signature_ECDAA.c index 4ad44a1f..7e6fadfc 100644 --- a/src/tpm2/TpmEcc_Signature_ECDAA.c +++ b/src/tpm2/TpmEcc_Signature_ECDAA.c @@ -82,16 +82,16 @@ // TPM_RC_SCHEME unsupported hash algorithm // TPM_RC_NO_RESULT cannot get values from random number generator TPM_RC TpmEcc_SignEcdaa( - TPM2B_ECC_PARAMETER* nonceK, // OUT: 'nonce' component of the signature - Crypt_Int* bnS, // OUT: 's' component of the signature - const Crypt_EccCurve* E, // IN: the curve used in signing - Crypt_Int* bnD, // IN: the private key - const TPM2B_DIGEST* digest, // IN: the value to sign (mod 'q') - TPMT_ECC_SCHEME* scheme, // IN: signing scheme (contains the - // commit count value). - OBJECT* eccKey, // IN: The signing key - RAND_STATE* rand // IN: a random number state - ) + TPM2B_ECC_PARAMETER* nonceK, // OUT: 'nonce' component of the signature + Crypt_Int* bnS, // OUT: 's' component of the signature + const Crypt_EccCurve* E, // IN: the curve used in signing + Crypt_Int* bnD, // IN: the private key + const TPM2B_DIGEST* digest, // IN: the value to sign (mod 'q') + TPMT_ECC_SCHEME* scheme, // IN: signing scheme (contains the + // commit count value). + OBJECT* eccKey, // IN: The signing key + RAND_STATE* rand // IN: a random number state +) { TPM_RC retVal; TPM2B_ECC_PARAMETER r; @@ -101,60 +101,60 @@ TPM_RC TpmEcc_SignEcdaa( // NOT_REFERENCED(rand); if(!CryptGenerateR(&r, - &scheme->details.ecdaa.count, - eccKey->publicArea.parameters.eccDetail.curveID, - &eccKey->name)) - retVal = TPM_RC_VALUE; + &scheme->details.ecdaa.count, + eccKey->publicArea.parameters.eccDetail.curveID, + &eccKey->name)) + retVal = TPM_RC_VALUE; else - { - // This allocation is here because 'r' doesn't have a value until - // CrypGenerateR() is done. - CRYPT_ECC_INITIALIZED(bnR, &r); - do - { - // generate nonceK such that 0 < nonceK < n - // use bnT as a temp. -#if USE_OPENSSL_FUNCTIONS_EC // libtpms added begin - if(!TpmEcc_GenPrivateScalar(bnT, E, E->G, false, rand)) -#else // libtpms added end - if(!TpmEcc_GenPrivateScalar(bnT, E, rand)) -#endif // libtpms added - { - retVal = TPM_RC_NO_RESULT; - break; - } - TpmMath_IntTo2B(bnT, &nonceK->b, 0); + { + // This allocation is here because 'r' doesn't have a value until + // CrypGenerateR() is done. + CRYPT_ECC_INITIALIZED(bnR, &r); + do + { + // generate nonceK such that 0 < nonceK < n + // use bnT as a temp. +#if USE_OPENSSL_FUNCTIONS_EC // libtpms added begin + if(!TpmEcc_GenPrivateScalar(bnT, E, E->G, false, rand)) +#else // libtpms added end + if(!TpmEcc_GenPrivateScalar(bnT, E, rand)) +#endif // libtpms added + { + retVal = TPM_RC_NO_RESULT; + break; + } + TpmMath_IntTo2B(bnT, &nonceK->b, 0); - T.t.size = CryptHashStart(&state, scheme->details.ecdaa.hashAlg); - if(T.t.size == 0) - { - retVal = TPM_RC_SCHEME; - } - else - { - CryptDigestUpdate2B(&state, &nonceK->b); - CryptDigestUpdate2B(&state, &digest->b); - CryptHashEnd2B(&state, &T.b); - TpmMath_IntFrom2B(bnT, &T.b); - // libtpms: Note: T is NOT a concern for constant-timeness - // Watch out for the name collisions in this call!! - retVal = TpmEcc_SchnorrCalculateS( - bnS, - bnR, - bnT, - bnD, - ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E))); - } - } while(retVal == TPM_RC_NO_RESULT); - // Because the rule is that internal state is not modified if the command - // fails, only end the commit if the command succeeds. - // NOTE that if the result of the Schnorr computation was zero - // it will probably not be worthwhile to run the same command again because - // the result will still be zero. This means that the Commit command will - // need to be run again to get a new commit value for the signature. - if(retVal == TPM_RC_SUCCESS) - CryptEndCommit(scheme->details.ecdaa.count); - } + T.t.size = CryptHashStart(&state, scheme->details.ecdaa.hashAlg); + if(T.t.size == 0) + { + retVal = TPM_RC_SCHEME; + } + else + { + CryptDigestUpdate2B(&state, &nonceK->b); + CryptDigestUpdate2B(&state, &digest->b); + CryptHashEnd2B(&state, &T.b); + TpmMath_IntFrom2B(bnT, &T.b); + // libtpms: Note: T is NOT a concern for constant-timeness + // Watch out for the name collisions in this call!! + retVal = TpmEcc_SchnorrCalculateS( + bnS, + bnR, + bnT, + bnD, + ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E))); + } + } while(retVal == TPM_RC_NO_RESULT); + // Because the rule is that internal state is not modified if the command + // fails, only end the commit if the command succeeds. + // NOTE that if the result of the Schnorr computation was zero + // it will probably not be worthwhile to run the same command again because + // the result will still be zero. This means that the Commit command will + // need to be run again to get a new commit value for the signature. + if(retVal == TPM_RC_SUCCESS) + CryptEndCommit(scheme->details.ecdaa.count); + } return retVal; } diff --git a/src/tpm2/TpmEcc_Signature_ECDAA_fp.h b/src/tpm2/TpmEcc_Signature_ECDAA_fp.h index a5aedef8..4be2058d 100644 --- a/src/tpm2/TpmEcc_Signature_ECDAA_fp.h +++ b/src/tpm2/TpmEcc_Signature_ECDAA_fp.h @@ -78,16 +78,16 @@ // TPM_RC_SCHEME unsupported hash algorithm // TPM_RC_NO_RESULT cannot get values from random number generator TPM_RC TpmEcc_SignEcdaa( - TPM2B_ECC_PARAMETER* nonceK, // OUT: 'nonce' component of the signature - Crypt_Int* bnS, // OUT: 's' component of the signature - const Crypt_EccCurve* E, // IN: the curve used in signing - Crypt_Int* bnD, // IN: the private key - const TPM2B_DIGEST* digest, // IN: the value to sign (mod 'q') - TPMT_ECC_SCHEME* scheme, // IN: signing scheme (contains the - // commit count value). - OBJECT* eccKey, // IN: The signing key - RAND_STATE* rand // IN: a random number state - ); + TPM2B_ECC_PARAMETER* nonceK, // OUT: 'nonce' component of the signature + Crypt_Int* bnS, // OUT: 's' component of the signature + const Crypt_EccCurve* E, // IN: the curve used in signing + Crypt_Int* bnD, // IN: the private key + const TPM2B_DIGEST* digest, // IN: the value to sign (mod 'q') + TPMT_ECC_SCHEME* scheme, // IN: signing scheme (contains the + // commit count value). + OBJECT* eccKey, // IN: The signing key + RAND_STATE* rand // IN: a random number state +); #endif // ALG_ECC && ALG_ECDAA #endif // _TPMECC_SIGNATURE_ECDAA_FP_H_ diff --git a/src/tpm2/TpmEcc_Signature_ECDSA.c b/src/tpm2/TpmEcc_Signature_ECDSA.c index b8aaed5b..5a6fe14d 100644 --- a/src/tpm2/TpmEcc_Signature_ECDSA.c +++ b/src/tpm2/TpmEcc_Signature_ECDSA.c @@ -70,26 +70,26 @@ // curve. This is used for ECDSA sign and verification. #if !USE_OPENSSL_FUNCTIONS_ECDSA // libtpms added static Crypt_Int* TpmEcc_AdjustEcdsaDigest( - Crypt_Int* bnD, // OUT: the adjusted digest - const TPM2B_DIGEST* digest, // IN: digest to adjust - const Crypt_Int* max // IN: value that indicates the maximum - // number of bits in the results - ) + Crypt_Int* bnD, // OUT: the adjusted digest + const TPM2B_DIGEST* digest, // IN: digest to adjust + const Crypt_Int* max // IN: value that indicates the maximum + // number of bits in the results +) { int bitsInMax = ExtMath_SizeInBits(max); int shift; // if(digest == NULL) - ExtMath_SetWord(bnD, 0); + ExtMath_SetWord(bnD, 0); else - { - ExtMath_IntFromBytes(bnD, - digest->t.buffer, - (NUMBYTES)MIN(digest->t.size, BITS_TO_BYTES(bitsInMax))); - shift = ExtMath_SizeInBits(bnD) - bitsInMax; - if(shift > 0) - ExtMath_ShiftRight(bnD, bnD, shift); - } + { + ExtMath_IntFromBytes(bnD, + digest->t.buffer, + (NUMBYTES)MIN(digest->t.size, BITS_TO_BYTES(bitsInMax))); + shift = ExtMath_SizeInBits(bnD) - bitsInMax; + if(shift > 0) + ExtMath_ShiftRight(bnD, bnD, shift); + } return bnD; } #endif // libtpms added @@ -100,13 +100,13 @@ static Crypt_Int* TpmEcc_AdjustEcdsaDigest( #if !USE_OPENSSL_FUNCTIONS_ECDSA // libtpms added TPM_RC TpmEcc_SignEcdsa(Crypt_Int* bnR, // OUT: 'r' component of the signature - Crypt_Int* bnS, // OUT: 's' component of the signature - const Crypt_EccCurve* E, // IN: the curve used in the signature - // process - Crypt_Int* bnD, // IN: private signing key - const TPM2B_DIGEST* digest, // IN: the digest to sign - RAND_STATE* rand // IN: used in debug of signing - ) + Crypt_Int* bnS, // OUT: 's' component of the signature + const Crypt_EccCurve* E, // IN: the curve used in the signature + // process + Crypt_Int* bnD, // IN: private signing key + const TPM2B_DIGEST* digest, // IN: the digest to sign + RAND_STATE* rand // IN: used in debug of signing +) { CRYPT_ECC_NUM(bnK); CRYPT_ECC_NUM(bnIk); @@ -135,48 +135,48 @@ TpmEcc_SignEcdsa(Crypt_Int* bnR, // OUT: 'r' component of the signa // In the code below, q is n (that it, the order of the curve is p) do // This implements the loop at step 6. If s is zero, start over. - { - for(; tries > 0; tries--) - { - // Step 1 and 2 -- generate an ephemeral key and the modular inverse - // of the private key. - if(!TpmEcc_GenerateKeyPair(bnK, ecR, E, rand)) - continue; - // get mutable copy of X coordinate - ExtMath_Copy(bnX, ExtEcc_PointX(ecR)); - // x coordinate is mod p. Make it mod q - ExtMath_Mod(bnX, order); - // Make sure that it is not zero; - if(ExtMath_IsZero(bnX)) - continue; - // write the modular reduced version of r as part of the signature - ExtMath_Copy(bnR, bnX); - // Make sure that a modular inverse exists and try again if not - OK = (ExtMath_ModInverse(bnIk, bnK, order)); - if(OK) - break; - } - if(!OK) - goto Exit; + { + for(; tries > 0; tries--) + { + // Step 1 and 2 -- generate an ephemeral key and the modular inverse + // of the private key. + if(!TpmEcc_GenerateKeyPair(bnK, ecR, E, rand)) + continue; + // get mutable copy of X coordinate + ExtMath_Copy(bnX, ExtEcc_PointX(ecR)); + // x coordinate is mod p. Make it mod q + ExtMath_Mod(bnX, order); + // Make sure that it is not zero; + if(ExtMath_IsZero(bnX)) + continue; + // write the modular reduced version of r as part of the signature + ExtMath_Copy(bnR, bnX); + // Make sure that a modular inverse exists and try again if not + OK = (ExtMath_ModInverse(bnIk, bnK, order)); + if(OK) + break; + } + if(!OK) + goto Exit; - TpmEcc_AdjustEcdsaDigest(bnE, digest, order); + TpmEcc_AdjustEcdsaDigest(bnE, digest, order); - // now have inverse of K (bnIk), e (bnE), r (bnR), d (bnD) and - // ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E)) - // Compute s = k^-1 (e + r*d)(mod q) - // first do s = r*d mod q - ExtMath_ModMult(bnS, bnR, bnD, order); - // s = e + s = e + r * d - ExtMath_Add(bnS, bnE, bnS); - // s = k^(-1)s (mod n) = k^(-1)(e + r * d)(mod n) - ExtMath_ModMult(bnS, bnIk, bnS, order); + // now have inverse of K (bnIk), e (bnE), r (bnR), d (bnD) and + // ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E)) + // Compute s = k^-1 (e + r*d)(mod q) + // first do s = r*d mod q + ExtMath_ModMult(bnS, bnR, bnD, order); + // s = e + s = e + r * d + ExtMath_Add(bnS, bnE, bnS); + // s = k^(-1)s (mod n) = k^(-1)(e + r * d)(mod n) + ExtMath_ModMult(bnS, bnIk, bnS, order); - // If S is zero, try again - } while(ExtMath_IsZero(bnS)); - Exit: + // If S is zero, try again + } while(ExtMath_IsZero(bnS)); +Exit: return retVal; } -#else // !USE_OPENSSL_FUNCTIONS_ECDSA libtpms added begin +#else // !USE_OPENSSL_FUNCTIONS_ECDSA libtpms added begin TPM_RC TpmEcc_SignEcdsa(Crypt_Int* bnR, // OUT: 'r' component of the signature Crypt_Int* bnS, // OUT: 's' component of the signature @@ -227,23 +227,23 @@ TpmEcc_SignEcdsa(Crypt_Int* bnR, // OUT: 'r' component of the signa return retVal; } -#endif // USE_OPENSSL_FUNCTIONS_ECDSA libtpms added end +#endif // USE_OPENSSL_FUNCTIONS_ECDSA libtpms added end //*** TpmEcc_ValidateSignatureEcdsa() // This function validates an ECDSA signature. rIn and sIn should have been checked // to make sure that they are in the range 0 < 'v' < 'n' // Return Type: TPM_RC // TPM_RC_SIGNATURE signature not valid -#if !USE_OPENSSL_FUNCTIONS_ECDSA // libtpms added +#if !USE_OPENSSL_FUNCTIONS_ECDSA // libtpms added TPM_RC TpmEcc_ValidateSignatureEcdsa( - Crypt_Int* bnR, // IN: 'r' component of the signature - Crypt_Int* bnS, // IN: 's' component of the signature - const Crypt_EccCurve* E, // IN: the curve used in the signature - // process - const Crypt_Point* ecQ, // IN: the public point of the key - const TPM2B_DIGEST* digest // IN: the digest that was signed - ) + Crypt_Int* bnR, // IN: 'r' component of the signature + Crypt_Int* bnS, // IN: 's' component of the signature + const Crypt_EccCurve* E, // IN: the curve used in the signature + // process + const Crypt_Point* ecQ, // IN: the public point of the key + const TPM2B_DIGEST* digest // IN: the digest that was signed +) { // Make sure that the allocation for the digest is big enough for a maximum // digest @@ -272,7 +272,7 @@ TpmEcc_ValidateSignatureEcdsa( // Done at entry // 4. Compute w = (s')^-1 mod n, using the routine in Appendix B.1. if(!ExtMath_ModInverse(bnW, bnS, order)) - goto Exit; + goto Exit; // 5. Compute u1 = (e' * w) mod n, and compute u2 = (r' * w) mod n. ExtMath_ModMult(bnU1, bnE, bnW, order); ExtMath_ModMult(bnU2, bnR, bnW, order); @@ -280,18 +280,18 @@ TpmEcc_ValidateSignatureEcdsa( // scalar multiplication and EC addition (see [Routines]). If R is equal to // the point at infinity O, output INVALID. if(TpmEcc_PointMult( - ecR, ExtEcc_CurveGetG(ExtEcc_CurveGetCurveId(E)), bnU1, ecQ, bnU2, E) + ecR, ExtEcc_CurveGetG(ExtEcc_CurveGetCurveId(E)), bnU1, ecQ, bnU2, E) != TPM_RC_SUCCESS) - goto Exit; + goto Exit; // 7. Compute v = Rx mod n. ExtMath_Copy(bnV, ExtEcc_PointX(ecR)); ExtMath_Mod(bnV, order); // 8. Compare v and r0. If v = r0, output VALID; otherwise, output INVALID if(ExtMath_UnsignedCmp(bnV, bnR) != 0) - goto Exit; + goto Exit; retVal = TPM_RC_SUCCESS; - Exit: +Exit: return retVal; } #else // USE_OPENSSL_FUNCTIONS_ECDSA libtpms added begin diff --git a/src/tpm2/TpmEcc_Signature_ECDSA_fp.h b/src/tpm2/TpmEcc_Signature_ECDSA_fp.h index 209b7f7e..3283bb89 100644 --- a/src/tpm2/TpmEcc_Signature_ECDSA_fp.h +++ b/src/tpm2/TpmEcc_Signature_ECDSA_fp.h @@ -67,13 +67,13 @@ // in the comments below. TPM_RC TpmEcc_SignEcdsa(Crypt_Int* bnR, // OUT: 'r' component of the signature - Crypt_Int* bnS, // OUT: 's' component of the signature - const Crypt_EccCurve* E, // IN: the curve used in the signature - // process - Crypt_Int* bnD, // IN: private signing key - const TPM2B_DIGEST* digest, // IN: the digest to sign - RAND_STATE* rand // IN: used in debug of signing - ); + Crypt_Int* bnS, // OUT: 's' component of the signature + const Crypt_EccCurve* E, // IN: the curve used in the signature + // process + Crypt_Int* bnD, // IN: private signing key + const TPM2B_DIGEST* digest, // IN: the digest to sign + RAND_STATE* rand // IN: used in debug of signing +); //*** TpmEcc_ValidateSignatureEcdsa() // This function validates an ECDSA signature. rIn and sIn should have been checked @@ -82,13 +82,13 @@ TpmEcc_SignEcdsa(Crypt_Int* bnR, // OUT: 'r' component of the signa // TPM_RC_SIGNATURE signature not valid TPM_RC TpmEcc_ValidateSignatureEcdsa( - Crypt_Int* bnR, // IN: 'r' component of the signature - Crypt_Int* bnS, // IN: 's' component of the signature - const Crypt_EccCurve* E, // IN: the curve used in the signature - // process - const Crypt_Point* ecQ, // IN: the public point of the key - const TPM2B_DIGEST* digest // IN: the digest that was signed - ); + Crypt_Int* bnR, // IN: 'r' component of the signature + Crypt_Int* bnS, // IN: 's' component of the signature + const Crypt_EccCurve* E, // IN: the curve used in the signature + // process + const Crypt_Point* ecQ, // IN: the public point of the key + const TPM2B_DIGEST* digest // IN: the digest that was signed +); #endif // ALG_ECC && ALG_ECDSA #endif // _TPMECC_SIGNATURE_ECDSA_FP_H_ diff --git a/src/tpm2/TpmEcc_Signature_SM2.c b/src/tpm2/TpmEcc_Signature_SM2.c index 3cab79c8..d3ea93d7 100644 --- a/src/tpm2/TpmEcc_Signature_SM2.c +++ b/src/tpm2/TpmEcc_Signature_SM2.c @@ -73,13 +73,13 @@ // Return Type: TPM_RC // TPM_RC_VALUE bad curve TPM_RC TpmEcc_SignEcSm2(Crypt_Int* bnR, // OUT: 'r' component of the signature - Crypt_Int* bnS, // OUT: 's' component of the signature - const Crypt_EccCurve* E, // IN: the curve used in signing - Crypt_Int* bnD, // IN: the private key - const TPM2B_DIGEST* digest, // IN: the digest to sign - RAND_STATE* rand // IN: random number generator (mostly for - // debug) - ) + Crypt_Int* bnS, // OUT: 's' component of the signature + const Crypt_EccCurve* E, // IN: the curve used in signing + Crypt_Int* bnD, // IN: the private key + const TPM2B_DIGEST* digest, // IN: the digest to sign + RAND_STATE* rand // IN: random number generator (mostly for + // debug) +) { CRYPT_INT_MAX_INITIALIZED(bnE, digest); // Don't know how big digest might be CRYPT_ECC_NUM(bnN); @@ -87,7 +87,8 @@ TPM_RC TpmEcc_SignEcSm2(Crypt_Int* bnR, // OUT: 'r' component of the signature CRYPT_ECC_NUM(bnT); // temp CRYPT_POINT_VAR(Q1); const Crypt_Int* order = - (E != NULL) ? ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E)) : NULL; + (E != NULL) ? ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E)) : NULL; + // libtpms added begin UINT32 orderBits = ExtMath_SizeInBits(order); BOOL atByteBoundary = (orderBits & 7) == 0; @@ -96,105 +97,105 @@ TPM_RC TpmEcc_SignEcSm2(Crypt_Int* bnR, // OUT: 'r' component of the signature return TPM_RC_VALUE; // libtpms added end - // +// # ifdef _SM2_SIGN_DEBUG TpmEccDebug_FromHex(bnE, - "B524F552CD82B8B028476E005C377FB1" - "9A87E6FC682D48BB5D42E3D9B9EFFE76", - MAX_ECC_KEY_BYTES); + "B524F552CD82B8B028476E005C377FB1" + "9A87E6FC682D48BB5D42E3D9B9EFFE76", + MAX_ECC_KEY_BYTES); TpmEccDebug_FromHex(bnD, - "128B2FA8BD433C6C068C8D803DFF7979" - "2A519A55171B1B650C23661D15897263", - MAX_ECC_KEY_BYTES); + "128B2FA8BD433C6C068C8D803DFF7979" + "2A519A55171B1B650C23661D15897263", + MAX_ECC_KEY_BYTES); # endif // A3: Use random number generator to generate random number 1 <= k <= n-1; // NOTE: Ax: numbers are from the SM2 standard - loop: - { - // Get a random number 0 < k < n - // libtpms modified begin - // - // We take a dual approach here. One for curves whose order is not at - // the byte boundary, e.g. NIST P521, we get a random number bnK and add - // the order to that number to have bnK1. This will not spill over into - // a new byte and we can then use bnK1 to do the do the BnEccModMult - // with a constant number of bytes. For curves whose order is at the - // byte boundary we require that the random number bnK comes back with - // a requested number of bytes. - if (!atByteBoundary) { - TpmMath_GetRandomInRange(bnK, order, rand); - ExtMath_Add(bnK1, bnK, order); +loop: +{ + // Get a random number 0 < k < n + // libtpms modified begin + // + // We take a dual approach here. One for curves whose order is not at + // the byte boundary, e.g. NIST P521, we get a random number bnK and add + // the order to that number to have bnK1. This will not spill over into + // a new byte and we can then use bnK1 to do the do the BnEccModMult + // with a constant number of bytes. For curves whose order is at the + // byte boundary we require that the random number bnK comes back with + // a requested number of bytes. + if (!atByteBoundary) { + TpmMath_GetRandomInRange(bnK, order, rand); + ExtMath_Add(bnK1, bnK, order); # ifdef _SM2_SIGN_DEBUG - TpmEccDebug_FromHex(bnK, - "6CB28D99385C175C94F94E934817663F" - "C176D925DD72B727260DBAAE1FB2F96F", - MAX_ECC_KEY_BYTES); + TpmEccDebug_FromHex(bnK, + "6CB28D99385C175C94F94E934817663F" + "C176D925DD72B727260DBAAE1FB2F96F", + MAX_ECC_KEY_BYTES); # endif - // A4: Figure out the point of elliptic curve (x1, y1)=[k]G, and according - // to details specified in 4.2.7 in Part 1 of this document, transform the - // data type of x1 into an integer; - if(!ExtEcc_PointMultiply(Q1, NULL, bnK1, E)) - goto loop; - } else { - BnGenerateRandomInRangeAllBytes((bigNum)bnK, (bigNum)order, rand); + // A4: Figure out the point of elliptic curve (x1, y1)=[k]G, and according + // to details specified in 4.2.7 in Part 1 of this document, transform the + // data type of x1 into an integer; + if(!ExtEcc_PointMultiply(Q1, NULL, bnK1, E)) + goto loop; + } else { + BnGenerateRandomInRangeAllBytes((bigNum)bnK, (bigNum)order, rand); # ifdef _SM2_SIGN_DEBUG - TpmEccDebug_FromHex(bnK, - "6CB28D99385C175C94F94E934817663F" - "C176D925DD72B727260DBAAE1FB2F96F", - MAX_ECC_KEY_BYTES); + TpmEccDebug_FromHex(bnK, + "6CB28D99385C175C94F94E934817663F" + "C176D925DD72B727260DBAAE1FB2F96F", + MAX_ECC_KEY_BYTES); # endif - if(!ExtEcc_PointMultiply(Q1, NULL, bnK, E)) - goto loop; - } // libtpms modified end - // A5: Figure out 'r' = ('e' + 'x1') mod 'n', - ExtMath_Add(bnR, bnE, ExtEcc_PointX(Q1)); - ExtMath_Mod(bnR, order); -# ifdef _SM2_SIGN_DEBUG - pAssert(TpmEccDebug_HexEqual(bnR, - "40F1EC59F793D9F49E09DCEF49130D41" - "94F79FB1EED2CAA55BACDB49C4E755D1")); -# endif - // if r=0 or r+k=n, return to A3; - if(ExtMath_IsZero(bnR)) - goto loop; - ExtMath_Add(bnT, bnK, bnR); - if(ExtMath_UnsignedCmp(bnT, bnN) == 0) - goto loop; - // A6: Figure out s = ((1 + dA)^-1 (k - r dA)) mod n, - // if s=0, return to A3; - // compute t = (1+dA)^-1 - ExtMath_AddWord(bnT, bnD, 1); - ExtMath_ModInverse(bnT, bnT, order); -# ifdef _SM2_SIGN_DEBUG - pAssert(TpmEccDebug_HexEqual(bnT, - "79BFCF3052C80DA7B939E0C6914A18CB" - "B2D96D8555256E83122743A7D4F5F956")); -# endif - // compute s = t * (k - r * dA) mod n - ExtMath_ModMult(bnS, bnR, bnD, order); - // k - r * dA mod n = k + n - ((r * dA) mod n) - ExtMath_Subtract(bnS, order, bnS); - ExtMath_Add(bnS, bnK, bnS); - ExtMath_ModMult(bnS, bnS, bnT, order); -# ifdef _SM2_SIGN_DEBUG - pAssert(TpmEccDebug_HexEqual(bnS, - "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" - "67A457872FB09EC56327A67EC7DEEBE7")); -# endif - if(ExtMath_IsZero(bnS)) - goto loop; - } - // A7: According to details specified in 4.2.1 in Part 1 of this document, - // transform the data type of r, s into bit strings, signature of message M - // is (r, s). - // This is handled by the common return code + if(!ExtEcc_PointMultiply(Q1, NULL, bnK, E)) + goto loop; + } // libtpms modified end + // A5: Figure out 'r' = ('e' + 'x1') mod 'n', + ExtMath_Add(bnR, bnE, ExtEcc_PointX(Q1)); + ExtMath_Mod(bnR, order); # ifdef _SM2_SIGN_DEBUG pAssert(TpmEccDebug_HexEqual(bnR, - "40F1EC59F793D9F49E09DCEF49130D41" - "94F79FB1EED2CAA55BACDB49C4E755D1")); + "40F1EC59F793D9F49E09DCEF49130D41" + "94F79FB1EED2CAA55BACDB49C4E755D1")); +# endif + // if r=0 or r+k=n, return to A3; + if(ExtMath_IsZero(bnR)) + goto loop; + ExtMath_Add(bnT, bnK, bnR); + if(ExtMath_UnsignedCmp(bnT, bnN) == 0) + goto loop; + // A6: Figure out s = ((1 + dA)^-1 (k - r dA)) mod n, + // if s=0, return to A3; + // compute t = (1+dA)^-1 + ExtMath_AddWord(bnT, bnD, 1); + ExtMath_ModInverse(bnT, bnT, order); +# ifdef _SM2_SIGN_DEBUG + pAssert(TpmEccDebug_HexEqual(bnT, + "79BFCF3052C80DA7B939E0C6914A18CB" + "B2D96D8555256E83122743A7D4F5F956")); +# endif + // compute s = t * (k - r * dA) mod n + ExtMath_ModMult(bnS, bnR, bnD, order); + // k - r * dA mod n = k + n - ((r * dA) mod n) + ExtMath_Subtract(bnS, order, bnS); + ExtMath_Add(bnS, bnK, bnS); + ExtMath_ModMult(bnS, bnS, bnT, order); +# ifdef _SM2_SIGN_DEBUG pAssert(TpmEccDebug_HexEqual(bnS, - "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" - "67A457872FB09EC56327A67EC7DEEBE7")); + "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" + "67A457872FB09EC56327A67EC7DEEBE7")); +# endif + if(ExtMath_IsZero(bnS)) + goto loop; +} +// A7: According to details specified in 4.2.1 in Part 1 of this document, +// transform the data type of r, s into bit strings, signature of message M +// is (r, s). +// This is handled by the common return code +# ifdef _SM2_SIGN_DEBUG + pAssert(TpmEccDebug_HexEqual(bnR, + "40F1EC59F793D9F49E09DCEF49130D41" + "94F79FB1EED2CAA55BACDB49C4E755D1")); + pAssert(TpmEccDebug_HexEqual(bnS, + "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" + "67A457872FB09EC56327A67EC7DEEBE7")); # endif return TPM_RC_SUCCESS; } @@ -204,13 +205,13 @@ TPM_RC TpmEcc_SignEcSm2(Crypt_Int* bnR, // OUT: 'r' component of the signature // Return Type: TPM_RC // TPM_RC_SIGNATURE signature not valid TPM_RC TpmEcc_ValidateSignatureEcSm2( - Crypt_Int* bnR, // IN: 'r' component of the signature - Crypt_Int* bnS, // IN: 's' component of the signature - const Crypt_EccCurve* E, // IN: the curve used in the signature - // process - Crypt_Point* ecQ, // IN: the public point of the key - const TPM2B_DIGEST* digest // IN: the digest that was signed - ) + Crypt_Int* bnR, // IN: 'r' component of the signature + Crypt_Int* bnS, // IN: 's' component of the signature + const Crypt_EccCurve* E, // IN: the curve used in the signature + // process + Crypt_Point* ecQ, // IN: the public point of the key + const TPM2B_DIGEST* digest // IN: the digest that was signed +) { CRYPT_POINT_VAR(P); CRYPT_ECC_NUM(bnRp); @@ -227,33 +228,33 @@ TPM_RC TpmEcc_ValidateSignatureEcSm2( # ifdef _SM2_SIGN_DEBUG // Make sure that the input signature is the test signature pAssert(TpmEccDebug_HexEqual(bnR, - "40F1EC59F793D9F49E09DCEF49130D41" - "94F79FB1EED2CAA55BACDB49C4E755D1")); + "40F1EC59F793D9F49E09DCEF49130D41" + "94F79FB1EED2CAA55BACDB49C4E755D1")); pAssert(TpmEccDebug_HexEqual(bnS, - "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" - "67A457872FB09EC56327A67EC7DEEBE7")); + "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" + "67A457872FB09EC56327A67EC7DEEBE7")); # endif // b) compute t := (r + s) mod n ExtMath_Add(bnT, bnR, bnS); ExtMath_Mod(bnT, order); # ifdef _SM2_SIGN_DEBUG pAssert(TpmEccDebug_HexEqual(bnT, - "2B75F07ED7ECE7CCC1C8986B991F441A" - "D324D6D619FE06DD63ED32E0C997C801")); + "2B75F07ED7ECE7CCC1C8986B991F441A" + "D324D6D619FE06DD63ED32E0C997C801")); # endif // c) verify that t > 0 OK = !ExtMath_IsZero(bnT); if(!OK) - // set T to a value that should allow rest of the computations to run - // without trouble - ExtMath_Copy(bnT, bnS); + // set T to a value that should allow rest of the computations to run + // without trouble + ExtMath_Copy(bnT, bnS); // d) compute (x, y) := [s]G + [t]Q OK = ExtEcc_PointMultiplyAndAdd(P, NULL, bnS, ecQ, bnT, E); # ifdef _SM2_SIGN_DEBUG pAssert(OK - && TpmEccDebug_HexEqual(ExtEcc_PointX(P), - "110FCDA57615705D5E7B9324AC4B856D" - "23E6D9188B2AE47759514657CE25D112")); + && TpmEccDebug_HexEqual(ExtEcc_PointX(P), + "110FCDA57615705D5E7B9324AC4B856D" + "23E6D9188B2AE47759514657CE25D112")); # endif // e) compute r' := (e + x) mod n (the x coordinate is in bnT) OK = OK && ExtMath_Add(bnRp, bnE, ExtEcc_PointX(P)); @@ -263,9 +264,9 @@ TPM_RC TpmEcc_ValidateSignatureEcSm2( OK = OK && (ExtMath_UnsignedCmp(bnR, bnRp) == 0); if(!OK) - return TPM_RC_SIGNATURE; + return TPM_RC_SIGNATURE; else - return TPM_RC_SUCCESS; + return TPM_RC_SUCCESS; } #endif // ALG_ECC && ALG_SM2 diff --git a/src/tpm2/TpmEcc_Signature_SM2_fp.h b/src/tpm2/TpmEcc_Signature_SM2_fp.h index 4878c842..303c3a99 100644 --- a/src/tpm2/TpmEcc_Signature_SM2_fp.h +++ b/src/tpm2/TpmEcc_Signature_SM2_fp.h @@ -70,26 +70,26 @@ // Return Type: TPM_RC // TPM_RC_VALUE bad curve TPM_RC TpmEcc_SignEcSm2(Crypt_Int* bnR, // OUT: 'r' component of the signature - Crypt_Int* bnS, // OUT: 's' component of the signature - const Crypt_EccCurve* E, // IN: the curve used in signing - Crypt_Int* bnD, // IN: the private key - const TPM2B_DIGEST* digest, // IN: the digest to sign - RAND_STATE* rand // IN: random number generator (mostly for - // debug) - ); + Crypt_Int* bnS, // OUT: 's' component of the signature + const Crypt_EccCurve* E, // IN: the curve used in signing + Crypt_Int* bnD, // IN: the private key + const TPM2B_DIGEST* digest, // IN: the digest to sign + RAND_STATE* rand // IN: random number generator (mostly for + // debug) +); //*** TpmEcc_ValidateSignatureEcSm2() // This function is used to validate an SM2 signature. // Return Type: TPM_RC // TPM_RC_SIGNATURE signature not valid TPM_RC TpmEcc_ValidateSignatureEcSm2( - Crypt_Int* bnR, // IN: 'r' component of the signature - Crypt_Int* bnS, // IN: 's' component of the signature - const Crypt_EccCurve* E, // IN: the curve used in the signature - // process - Crypt_Point* ecQ, // IN: the public point of the key - const TPM2B_DIGEST* digest // IN: the digest that was signed - ); + Crypt_Int* bnR, // IN: 'r' component of the signature + Crypt_Int* bnS, // IN: 's' component of the signature + const Crypt_EccCurve* E, // IN: the curve used in the signature + // process + Crypt_Point* ecQ, // IN: the public point of the key + const TPM2B_DIGEST* digest // IN: the digest that was signed +); #endif // ALG_ECC && ALG_SM2 #endif // _TPMECC_SIGNATURE_SM2_FP_H_ diff --git a/src/tpm2/TpmEcc_Signature_Schnorr.c b/src/tpm2/TpmEcc_Signature_Schnorr.c index 4de41ce2..9c673326 100644 --- a/src/tpm2/TpmEcc_Signature_Schnorr.c +++ b/src/tpm2/TpmEcc_Signature_Schnorr.c @@ -72,12 +72,12 @@ // value. If the resulting number can have more bits of significance than // 'reference'. static void SchnorrReduce(TPM2B* number, // IN/OUT: Value to reduce - const Crypt_Int* reference // IN: the reference value - ) + const Crypt_Int* reference // IN: the reference value +) { UINT16 maxBytes = (UINT16)BITS_TO_BYTES(ExtMath_SizeInBits(reference)); if(number->size > maxBytes) - number->size = maxBytes; + number->size = maxBytes; } //*** SchnorrEcc() @@ -94,14 +94,14 @@ static void SchnorrReduce(TPM2B* number, // IN/OUT: Value to reduce // TPM_RC_NO_RESULT failure in the Schnorr sign process // TPM_RC_SCHEME hashAlg can't produce zero-length digest TPM_RC TpmEcc_SignEcSchnorr( - Crypt_Int* bnR, // OUT: 'r' component of the signature - Crypt_Int* bnS, // OUT: 's' component of the signature - const Crypt_EccCurve* E, // IN: the curve used in signing - Crypt_Int* bnD, // IN: the signing key - const TPM2B_DIGEST* digest, // IN: the digest to sign - TPM_ALG_ID hashAlg, // IN: signing scheme (contains a hash) - RAND_STATE* rand // IN: non-NULL when testing - ) + Crypt_Int* bnR, // OUT: 'r' component of the signature + Crypt_Int* bnS, // OUT: 's' component of the signature + const Crypt_EccCurve* E, // IN: the curve used in signing + Crypt_Int* bnD, // IN: the signing key + const TPM2B_DIGEST* digest, // IN: the digest to sign + TPM_ALG_ID hashAlg, // IN: signing scheme (contains a hash) + RAND_STATE* rand // IN: non-NULL when testing +) { HASH_STATE hashState; UINT16 digestSize = CryptHashGetDigestSize(hashAlg); @@ -116,7 +116,7 @@ TPM_RC TpmEcc_SignEcSchnorr( // // Parameter checks if(E == NULL) - ERROR_EXIT(TPM_RC_VALUE); + ERROR_EXIT(TPM_RC_VALUE); order = ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E)); prime = ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E)); @@ -124,36 +124,36 @@ TPM_RC TpmEcc_SignEcSchnorr( // If the digest does not produce a hash, then null the signature and return // a failure. if(digestSize == 0) - { - ExtMath_SetWord(bnR, 0); - ExtMath_SetWord(bnS, 0); - ERROR_EXIT(TPM_RC_SCHEME); - } + { + ExtMath_SetWord(bnR, 0); + ExtMath_SetWord(bnS, 0); + ERROR_EXIT(TPM_RC_SCHEME); + } do - { - // Generate a random key pair - if(!TpmEcc_GenerateKeyPair(bnK, ecR, E, rand)) - break; - // Convert R.x to a string - TpmMath_IntTo2B(ExtEcc_PointX(ecR), - e, - (NUMBYTES)BITS_TO_BYTES(ExtMath_SizeInBits(prime))); + { + // Generate a random key pair + if(!TpmEcc_GenerateKeyPair(bnK, ecR, E, rand)) + break; + // Convert R.x to a string + TpmMath_IntTo2B(ExtEcc_PointX(ecR), + e, + (NUMBYTES)BITS_TO_BYTES(ExtMath_SizeInBits(prime))); - // f) compute r = Hash(e || P) (mod n) - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate2B(&hashState, e); - CryptDigestUpdate2B(&hashState, &digest->b); - e->size = CryptHashEnd(&hashState, digestSize, e->buffer); - // Reduce the hash size if it is larger than the curve order - SchnorrReduce(e, order); - // Convert hash to number - TpmMath_IntFrom2B(bnR, e); - // libtpms: Note: e is NOT a concern for constant-timeness - // Do the Schnorr computation - retVal = TpmEcc_SchnorrCalculateS( - bnS, bnK, bnR, bnD, ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E))); - } while(retVal == TPM_RC_NO_RESULT); - Exit: + // f) compute r = Hash(e || P) (mod n) + CryptHashStart(&hashState, hashAlg); + CryptDigestUpdate2B(&hashState, e); + CryptDigestUpdate2B(&hashState, &digest->b); + e->size = CryptHashEnd(&hashState, digestSize, e->buffer); + // Reduce the hash size if it is larger than the curve order + SchnorrReduce(e, order); + // Convert hash to number + TpmMath_IntFrom2B(bnR, e); + // libtpms: Note: e is NOT a concern for constant-timeness + // Do the Schnorr computation + retVal = TpmEcc_SchnorrCalculateS( + bnS, bnK, bnR, bnD, ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E))); + } while(retVal == TPM_RC_NO_RESULT); +Exit: return retVal; } @@ -162,14 +162,14 @@ TPM_RC TpmEcc_SignEcSchnorr( // Return Type: TPM_RC // TPM_RC_SIGNATURE signature not valid TPM_RC TpmEcc_ValidateSignatureEcSchnorr( - Crypt_Int* bnR, // IN: 'r' component of the signature - Crypt_Int* bnS, // IN: 's' component of the signature - TPM_ALG_ID hashAlg, // IN: hash algorithm of the signature - const Crypt_EccCurve* E, // IN: the curve used in the signature - // process - Crypt_Point* ecQ, // IN: the public point of the key - const TPM2B_DIGEST* digest // IN: the digest that was signed - ) + Crypt_Int* bnR, // IN: 'r' component of the signature + Crypt_Int* bnS, // IN: 's' component of the signature + TPM_ALG_ID hashAlg, // IN: hash algorithm of the signature + const Crypt_EccCurve* E, // IN: the curve used in the signature + // process + Crypt_Point* ecQ, // IN: the public point of the key + const TPM2B_DIGEST* digest // IN: the digest that was signed +) { CRYPT_INT_MAX(bnRn); CRYPT_POINT_VAR(ecE); @@ -192,27 +192,27 @@ TPM_RC TpmEcc_ValidateSignatureEcSchnorr( ExtMath_Subtract(bnRn, order, bnR); // E = [s]G + [-r]Q OK = TpmEcc_PointMult( - ecE, ExtEcc_CurveGetG(ExtEcc_CurveGetCurveId(E)), bnS, ecQ, bnRn, E) - == TPM_RC_SUCCESS; + ecE, ExtEcc_CurveGetG(ExtEcc_CurveGetCurveId(E)), bnS, ecQ, bnRn, E) + == TPM_RC_SUCCESS; // // reduce the x portion of E mod q // OK = OK && ExtMath_Mod(ecE->x, order); // Convert to byte string OK = OK - && TpmMath_IntTo2B(ExtEcc_PointX(ecE), - &Ex2.b, - (NUMBYTES)(BITS_TO_BYTES(ExtMath_SizeInBits(order)))); + && TpmMath_IntTo2B(ExtEcc_PointX(ecE), + &Ex2.b, + (NUMBYTES)(BITS_TO_BYTES(ExtMath_SizeInBits(order)))); if(OK) - { - // Ex = h(pE.x || digest) - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate(&hashState, Ex2.t.size, Ex2.t.buffer); - CryptDigestUpdate(&hashState, digest->t.size, digest->t.buffer); - Ex2.t.size = CryptHashEnd(&hashState, digestSize, Ex2.t.buffer); - SchnorrReduce(&Ex2.b, order); - TpmMath_IntFrom2B(bnEx, &Ex2.b); - // see if Ex matches R - OK = ExtMath_UnsignedCmp(bnEx, bnR) == 0; - } + { + // Ex = h(pE.x || digest) + CryptHashStart(&hashState, hashAlg); + CryptDigestUpdate(&hashState, Ex2.t.size, Ex2.t.buffer); + CryptDigestUpdate(&hashState, digest->t.size, digest->t.buffer); + Ex2.t.size = CryptHashEnd(&hashState, digestSize, Ex2.t.buffer); + SchnorrReduce(&Ex2.b, order); + TpmMath_IntFrom2B(bnEx, &Ex2.b); + // see if Ex matches R + OK = ExtMath_UnsignedCmp(bnEx, bnR) == 0; + } return (OK) ? TPM_RC_SUCCESS : TPM_RC_SIGNATURE; } diff --git a/src/tpm2/TpmEcc_Signature_Schnorr_fp.h b/src/tpm2/TpmEcc_Signature_Schnorr_fp.h index ed7a822c..c7c4b46a 100644 --- a/src/tpm2/TpmEcc_Signature_Schnorr_fp.h +++ b/src/tpm2/TpmEcc_Signature_Schnorr_fp.h @@ -63,28 +63,28 @@ #if ALG_ECC && ALG_ECSCHNORR TPM_RC TpmEcc_SignEcSchnorr( - Crypt_Int* bnR, // OUT: 'r' component of the signature - Crypt_Int* bnS, // OUT: 's' component of the signature - const Crypt_EccCurve* E, // IN: the curve used in signing - Crypt_Int* bnD, // IN: the signing key - const TPM2B_DIGEST* digest, // IN: the digest to sign - TPM_ALG_ID hashAlg, // IN: signing scheme (contains a hash) - RAND_STATE* rand // IN: non-NULL when testing - ); + Crypt_Int* bnR, // OUT: 'r' component of the signature + Crypt_Int* bnS, // OUT: 's' component of the signature + const Crypt_EccCurve* E, // IN: the curve used in signing + Crypt_Int* bnD, // IN: the signing key + const TPM2B_DIGEST* digest, // IN: the digest to sign + TPM_ALG_ID hashAlg, // IN: signing scheme (contains a hash) + RAND_STATE* rand // IN: non-NULL when testing +); //*** TpmEcc_ValidateSignatureEcSchnorr() // This function is used to validate an EC Schnorr signature. // Return Type: TPM_RC // TPM_RC_SIGNATURE signature not valid TPM_RC TpmEcc_ValidateSignatureEcSchnorr( - Crypt_Int* bnR, // IN: 'r' component of the signature - Crypt_Int* bnS, // IN: 's' component of the signature - TPM_ALG_ID hashAlg, // IN: hash algorithm of the signature - const Crypt_EccCurve* E, // IN: the curve used in the signature - // process - Crypt_Point* ecQ, // IN: the public point of the key - const TPM2B_DIGEST* digest // IN: the digest that was signed - ); + Crypt_Int* bnR, // IN: 'r' component of the signature + Crypt_Int* bnS, // IN: 's' component of the signature + TPM_ALG_ID hashAlg, // IN: hash algorithm of the signature + const Crypt_EccCurve* E, // IN: the curve used in the signature + // process + Crypt_Point* ecQ, // IN: the public point of the key + const TPM2B_DIGEST* digest // IN: the digest that was signed +); #endif // ALG_ECC && ALG_ECSCHNORR #endif // _TPMECC_SIGNATURE_SCHNORR_FP_H_ diff --git a/src/tpm2/TpmEcc_Signature_Util.c b/src/tpm2/TpmEcc_Signature_Util.c index 453f1925..b599d406 100644 --- a/src/tpm2/TpmEcc_Signature_Util.c +++ b/src/tpm2/TpmEcc_Signature_Util.c @@ -79,12 +79,12 @@ // TPM_RC_NO_RESULT the result of the operation was zero or 'r' (mod 'n') // is zero TPM_RC TpmEcc_SchnorrCalculateS( - Crypt_Int* bnS, // OUT: 's' component of the signature - const Crypt_Int* bnK, // IN: a random value - Crypt_Int* bnR, // IN: the signature 'r' value - const Crypt_Int* bnD, // IN: the private key - const Crypt_Int* bnN // IN: the order of the curve - ) + Crypt_Int* bnS, // OUT: 's' component of the signature + const Crypt_Int* bnK, // IN: a random value + Crypt_Int* bnR, // IN: the signature 'r' value + const Crypt_Int* bnD, // IN: the private key + const Crypt_Int* bnN // IN: the order of the curve +) { // Need a local temp value to store the intermediate computation because product // size can be larger than will fit in bnS. @@ -93,7 +93,7 @@ TPM_RC TpmEcc_SchnorrCalculateS( // Reduce bnR without changing the input value ExtMath_Divide(NULL, bnT1, bnR, bnN); if(ExtMath_IsZero(bnT1)) - return TPM_RC_NO_RESULT; + return TPM_RC_NO_RESULT; // compute s = (k + r * d)(mod n) // r * d ExtMath_Multiply(bnT1, bnT1, bnD); diff --git a/src/tpm2/TpmEcc_Signature_Util_fp.h b/src/tpm2/TpmEcc_Signature_Util_fp.h index 74c9a63e..f3624924 100644 --- a/src/tpm2/TpmEcc_Signature_Util_fp.h +++ b/src/tpm2/TpmEcc_Signature_Util_fp.h @@ -76,12 +76,12 @@ // TPM_RC_NO_RESULT the result of the operation was zero or 'r' (mod 'n') // is zero TPM_RC TpmEcc_SchnorrCalculateS( - Crypt_Int* bnS, // OUT: 's' component of the signature - const Crypt_Int* bnK, // IN: a random value - Crypt_Int* bnR, // IN: the signature 'r' value - const Crypt_Int* bnD, // IN: the private key - const Crypt_Int* bnN // IN: the order of the curve - ); + Crypt_Int* bnS, // OUT: 's' component of the signature + const Crypt_Int* bnK, // IN: a random value + Crypt_Int* bnR, // IN: the signature 'r' value + const Crypt_Int* bnD, // IN: the private key + const Crypt_Int* bnN // IN: the order of the curve +); #endif // ALG_ECC #endif // _TPMECC_SIGNATURE_UTIL_FP_H_ diff --git a/src/tpm2/TpmEcc_Util.c b/src/tpm2/TpmEcc_Util.c index 609ebece..d60f3c7a 100644 --- a/src/tpm2/TpmEcc_Util.c +++ b/src/tpm2/TpmEcc_Util.c @@ -63,7 +63,7 @@ // for Ecc functions. #include "Tpm.h" #include "TpmMath_Util_fp.h" -#include "TpmEcc_Util_fp.h" +#include "TpmEcc_Util_fp.h" // libtpms added #if ALG_ECC @@ -82,18 +82,18 @@ // differently, then the caller must perform the correct validation before/after // this function. LIB_EXPORT Crypt_Point* TpmEcc_PointFrom2B( - Crypt_Point* ecP, // OUT: the preallocated point structure - TPMS_ECC_POINT* p // IN: the number to convert - ) + Crypt_Point* ecP, // OUT: the preallocated point structure + TPMS_ECC_POINT* p // IN: the number to convert +) { - if(p == NULL) - return NULL; + if(p == NULL) + return NULL; if(ecP != NULL) - { - return ExtEcc_PointFromBytes( - ecP, p->x.t.buffer, p->x.t.size, p->y.t.buffer, p->y.t.size); - } + { + return ExtEcc_PointFromBytes( + ecP, p->x.t.buffer, p->x.t.size, p->y.t.buffer, p->y.t.size); + } return ecP; // will return NULL if ecP is NULL. } @@ -104,10 +104,10 @@ LIB_EXPORT Crypt_Point* TpmEcc_PointFrom2B( // The presumption is that the TPMS_ECC_POINT is large enough to hold 2 TPM2B // values, each as large as a MAX_ECC_PARAMETER_BYTES LIB_EXPORT BOOL TpmEcc_PointTo2B( - TPMS_ECC_POINT* p, // OUT: the converted 2B structure - const Crypt_Point* ecP, // IN: the values to be converted - const Crypt_EccCurve* E // IN: curve descriptor for the point - ) + TPMS_ECC_POINT* p, // OUT: the converted 2B structure + const Crypt_Point* ecP, // IN: the values to be converted + const Crypt_EccCurve* E // IN: curve descriptor for the point +) { pAssert(p && ecP && E); TPM_ECC_CURVE curveId = ExtEcc_CurveGetCurveId(E); @@ -117,7 +117,7 @@ LIB_EXPORT BOOL TpmEcc_PointTo2B( p->x.t.size = size; p->y.t.size = size; return ExtEcc_PointToBytes( - ecP, p->x.t.buffer, &p->x.t.size, p->y.t.buffer, &p->y.t.size); + ecP, p->x.t.buffer, &p->x.t.size, p->y.t.buffer, &p->y.t.size); } #endif // ALG_ECC diff --git a/src/tpm2/TpmEcc_Util_fp.h b/src/tpm2/TpmEcc_Util_fp.h index 7de51836..a2ca3e09 100644 --- a/src/tpm2/TpmEcc_Util_fp.h +++ b/src/tpm2/TpmEcc_Util_fp.h @@ -69,9 +69,9 @@ // this should probably be changed. // returns NULL if the input value is invalid or doesn't fit. LIB_EXPORT Crypt_Point* TpmEcc_PointFrom2B( - Crypt_Point* ecP, // OUT: the preallocated point structure - TPMS_ECC_POINT* p // IN: the number to convert - ); + Crypt_Point* ecP, // OUT: the preallocated point structure + TPMS_ECC_POINT* p // IN: the number to convert +); //*** TpmEcc_PointTo2B() // This function converts a Crypt_Point into a TPMS_ECC_POINT. A TPMS_ECC_POINT @@ -80,10 +80,10 @@ LIB_EXPORT Crypt_Point* TpmEcc_PointFrom2B( // The presumption is that the TPMS_ECC_POINT is large enough to hold 2 TPM2B // values, each as large as a MAX_ECC_PARAMETER_BYTES LIB_EXPORT BOOL TpmEcc_PointTo2B( - TPMS_ECC_POINT* p, // OUT: the converted 2B structure - const Crypt_Point* ecP, // IN: the values to be converted - const Crypt_EccCurve* E // IN: curve descriptor for the point - ); + TPMS_ECC_POINT* p, // OUT: the converted 2B structure + const Crypt_Point* ecP, // IN: the values to be converted + const Crypt_EccCurve* E // IN: curve descriptor for the point +); #endif // ALG_ECC #endif // _TPMECC_UTIL_FP_H_ diff --git a/src/tpm2/TpmFail.c b/src/tpm2/TpmFail.c index 04b4b0be..7c69dcca 100644 --- a/src/tpm2/TpmFail.c +++ b/src/tpm2/TpmFail.c @@ -94,9 +94,9 @@ typedef struct BYTE size[sizeof(UINT16)]; struct { - BYTE function[sizeof(UINT32)]; - BYTE line[sizeof(UINT32)]; - BYTE code[sizeof(UINT32)]; + BYTE function[sizeof(UINT32)]; + BYTE line[sizeof(UINT32)]; + BYTE code[sizeof(UINT32)]; } values; BYTE returnCode[sizeof(TPM_RC)]; } GET_TEST_RESULT_PARAMETERS; @@ -161,7 +161,7 @@ static INT32 MarshalUint32(UINT32 integer, BYTE** buffer) static BOOL Unmarshal32(UINT32* target, BYTE** buffer, INT32* size) { if((*size -= 4) < 0) - return FALSE; + return FALSE; *target = BYTE_ARRAY_TO_UINT32(*buffer); *buffer += 4; return TRUE; @@ -171,7 +171,7 @@ static BOOL Unmarshal32(UINT32* target, BYTE** buffer, INT32* size) static BOOL Unmarshal16(UINT16* target, BYTE** buffer, INT32* size) { if((*size -= 2) < 0) - return FALSE; + return FALSE; *target = BYTE_ARRAY_TO_UINT16(*buffer); *buffer += 2; return TRUE; @@ -271,19 +271,19 @@ TpmLogFailure( // failure values to be returned on TPM2_GetTestResult(). NORETURN void TpmFail( #if FAIL_TRACE - const char* function, - int line, + const char* function, + int line, #else - uint64_t locationCode, + uint64_t locationCode, #endif - int failureCode) + int failureCode) { #if 0 /* libtpms added */ // Save the values that indicate where the error occurred. // On a 64-bit machine, this may truncate the address of the string // of the function name where the error occurred. #if FAIL_TRACE - memcpy(&s_failFunction, function, sizeof(uint32_t)); + memcpy(&s_failFunction, function, sizeof(uint32_t)); // libtpms changed s_failLine = line; #else s_failFunction = (UINT32)(locationCode >> 32); @@ -329,10 +329,10 @@ NORETURN void TpmFail( // This function is called by the interface code when the platform is in failure // mode. void TpmFailureMode(uint32_t inRequestSize, // IN: command buffer size - unsigned char* inRequest, // IN: command buffer - uint32_t* outResponseSize, // OUT: response buffer size - unsigned char** outResponse // OUT: response buffer - ) + unsigned char* inRequest, // IN: command buffer + uint32_t* outResponseSize, // OUT: response buffer size + unsigned char** outResponse // OUT: response buffer +) { UINT32 marshalSize; UINT32 capability; @@ -344,120 +344,120 @@ void TpmFailureMode(uint32_t inRequestSize, // IN: command buffer size // If there is no command buffer, then just return TPM_RC_FAILURE if(inRequestSize == 0 || inRequest == NULL) - goto FailureModeReturn; + goto FailureModeReturn; // If the header is not correct for TPM2_GetCapability() or // TPM2_GetTestResult() then just return the in failure mode response; if(!(Unmarshal16(&header.tag, &buffer, &size) - && Unmarshal32(&header.size, &buffer, &size) - && Unmarshal32(&header.code, &buffer, &size))) - goto FailureModeReturn; + && Unmarshal32(&header.size, &buffer, &size) + && Unmarshal32(&header.code, &buffer, &size))) + goto FailureModeReturn; if(header.tag != TPM_ST_NO_SESSIONS || header.size < 10) - goto FailureModeReturn; + goto FailureModeReturn; switch(header.code) - { - case TPM_CC_GetTestResult: - // make sure that the command size is correct - if(header.size != 10) - goto FailureModeReturn; - buffer = &response[10]; - marshalSize = MarshalUint16(3 * sizeof(UINT32), &buffer); - marshalSize += MarshalUint32(s_failFunction, &buffer); - marshalSize += MarshalUint32(s_failLine, &buffer); - marshalSize += MarshalUint32(s_failCode, &buffer); - if(s_failCode == FATAL_ERROR_NV_UNRECOVERABLE) - marshalSize += MarshalUint32(TPM_RC_NV_UNINITIALIZED, &buffer); - else - marshalSize += MarshalUint32(TPM_RC_FAILURE, &buffer); - break; - case TPM_CC_GetCapability: - // make sure that the size of the command is exactly the size - // returned for the capability, property, and count - if(header.size != (10 + (3 * sizeof(UINT32))) - // also verify that this is requesting TPM properties - || !Unmarshal32(&capability, &buffer, &size) - || capability != TPM_CAP_TPM_PROPERTIES - || !Unmarshal32(&pt, &buffer, &size) - || !Unmarshal32(&count, &buffer, &size)) - goto FailureModeReturn; + { + case TPM_CC_GetTestResult: + // make sure that the command size is correct + if(header.size != 10) + goto FailureModeReturn; + buffer = &response[10]; + marshalSize = MarshalUint16(3 * sizeof(UINT32), &buffer); + marshalSize += MarshalUint32(s_failFunction, &buffer); + marshalSize += MarshalUint32(s_failLine, &buffer); + marshalSize += MarshalUint32(s_failCode, &buffer); + if(s_failCode == FATAL_ERROR_NV_UNRECOVERABLE) + marshalSize += MarshalUint32(TPM_RC_NV_UNINITIALIZED, &buffer); + else + marshalSize += MarshalUint32(TPM_RC_FAILURE, &buffer); + break; + case TPM_CC_GetCapability: + // make sure that the size of the command is exactly the size + // returned for the capability, property, and count + if(header.size != (10 + (3 * sizeof(UINT32))) + // also verify that this is requesting TPM properties + || !Unmarshal32(&capability, &buffer, &size) + || capability != TPM_CAP_TPM_PROPERTIES + || !Unmarshal32(&pt, &buffer, &size) + || !Unmarshal32(&count, &buffer, &size)) + goto FailureModeReturn; - if(count > 0) - count = 1; - else if(pt > TPM_PT_FIRMWARE_VERSION_2) - count = 0; - if(pt < TPM_PT_MANUFACTURER) - pt = TPM_PT_MANUFACTURER; - // set up for return - buffer = &response[10]; - // if the request was for a PT less than the last one - // then we indicate more, otherwise, not. - if(pt < TPM_PT_FIRMWARE_VERSION_2) - *buffer++ = YES; - else - *buffer++ = NO; - marshalSize = 1; + if(count > 0) + count = 1; + else if(pt > TPM_PT_FIRMWARE_VERSION_2) + count = 0; + if(pt < TPM_PT_MANUFACTURER) + pt = TPM_PT_MANUFACTURER; + // set up for return + buffer = &response[10]; + // if the request was for a PT less than the last one + // then we indicate more, otherwise, not. + if(pt < TPM_PT_FIRMWARE_VERSION_2) + *buffer++ = YES; + else + *buffer++ = NO; + marshalSize = 1; - // indicate the capability type - marshalSize += MarshalUint32(capability, &buffer); - // indicate the number of values that are being returned (0 or 1) - marshalSize += MarshalUint32(count, &buffer); - // indicate the property - marshalSize += MarshalUint32(pt, &buffer); + // indicate the capability type + marshalSize += MarshalUint32(capability, &buffer); + // indicate the number of values that are being returned (0 or 1) + marshalSize += MarshalUint32(count, &buffer); + // indicate the property + marshalSize += MarshalUint32(pt, &buffer); - if(count > 0) - switch(pt) - { - case TPM_PT_MANUFACTURER: - // the vendor ID unique to each TPM manufacturer - pt = _plat__GetManufacturerCapabilityCode(); - break; + if(count > 0) + switch(pt) + { + case TPM_PT_MANUFACTURER: + // the vendor ID unique to each TPM manufacturer + pt = _plat__GetManufacturerCapabilityCode(); + break; - case TPM_PT_VENDOR_STRING_1: - // the first four characters of the vendor ID string - pt = _plat__GetVendorCapabilityCode(1); - break; + case TPM_PT_VENDOR_STRING_1: + // the first four characters of the vendor ID string + pt = _plat__GetVendorCapabilityCode(1); + break; - case TPM_PT_VENDOR_STRING_2: - // the second four characters of the vendor ID string - pt = _plat__GetVendorCapabilityCode(2); - break; + case TPM_PT_VENDOR_STRING_2: + // the second four characters of the vendor ID string + pt = _plat__GetVendorCapabilityCode(2); + break; - case TPM_PT_VENDOR_STRING_3: - // the third four characters of the vendor ID string - pt = _plat__GetVendorCapabilityCode(3); - break; + case TPM_PT_VENDOR_STRING_3: + // the third four characters of the vendor ID string + pt = _plat__GetVendorCapabilityCode(3); + break; - case TPM_PT_VENDOR_STRING_4: - // the fourth four characters of the vendor ID string - pt = _plat__GetVendorCapabilityCode(4); - break; + case TPM_PT_VENDOR_STRING_4: + // the fourth four characters of the vendor ID string + pt = _plat__GetVendorCapabilityCode(4); + break; - case TPM_PT_VENDOR_TPM_TYPE: - // vendor-defined value indicating the TPM model - // We just make up a number here - pt = _plat__GetTpmType(); - break; + case TPM_PT_VENDOR_TPM_TYPE: + // vendor-defined value indicating the TPM model + // We just make up a number here + pt = _plat__GetTpmType(); + break; - case TPM_PT_FIRMWARE_VERSION_1: - // the more significant 32-bits of a vendor-specific value - // indicating the version of the firmware - pt = _plat__GetTpmFirmwareVersionHigh(); - break; + case TPM_PT_FIRMWARE_VERSION_1: + // the more significant 32-bits of a vendor-specific value + // indicating the version of the firmware + pt = _plat__GetTpmFirmwareVersionHigh(); + break; - default: // TPM_PT_FIRMWARE_VERSION_2: - // the less significant 32-bits of a vendor-specific value - // indicating the version of the firmware - pt = _plat__GetTpmFirmwareVersionLow(); - break; - } - marshalSize += MarshalUint32(pt, &buffer); - break; - default: // default for switch (cc) - goto FailureModeReturn; - } + default: // TPM_PT_FIRMWARE_VERSION_2: + // the less significant 32-bits of a vendor-specific value + // indicating the version of the firmware + pt = _plat__GetTpmFirmwareVersionLow(); + break; + } + marshalSize += MarshalUint32(pt, &buffer); + break; + default: // default for switch (cc) + goto FailureModeReturn; + } // Now do the header buffer = response; marshalSize = marshalSize + 10; // Add the header size to the - // stuff already marshaled + // stuff already marshaled MarshalUint16(TPM_ST_NO_SESSIONS, &buffer); // structure tag MarshalUint32(marshalSize, &buffer); // responseSize MarshalUint32(TPM_RC_SUCCESS, &buffer); // response code @@ -465,7 +465,7 @@ void TpmFailureMode(uint32_t inRequestSize, // IN: command buffer size *outResponseSize = marshalSize; *outResponse = (unsigned char*)&response; return; - FailureModeReturn: +FailureModeReturn: buffer = response; marshalSize = MarshalUint16(TPM_ST_NO_SESSIONS, &buffer); marshalSize += MarshalUint32(10, &buffer); diff --git a/src/tpm2/TpmFail_fp.h b/src/tpm2/TpmFail_fp.h index 7b62107b..eb73f3e8 100644 --- a/src/tpm2/TpmFail_fp.h +++ b/src/tpm2/TpmFail_fp.h @@ -87,22 +87,22 @@ TpmLogFailure( // This function is called by TPM.lib when a failure occurs. It will set up the // failure values to be returned on TPM2_GetTestResult(). NORETURN void TpmFail( -#if FAIL_TRACE /* libtpms added begin */ - const char* function, - int line, +#if FAIL_TRACE + const char* function, + int line, #else - uint64_t locationCode, + uint64_t locationCode, #endif - int failureCode); + int failureCode); //*** TpmFailureMode( // This function is called by the interface code when the platform is in failure // mode. void TpmFailureMode(uint32_t inRequestSize, // IN: command buffer size - unsigned char* inRequest, // IN: command buffer - uint32_t* outResponseSize, // OUT: response buffer size - unsigned char** outResponse // OUT: response buffer - ); + unsigned char* inRequest, // IN: command buffer + uint32_t* outResponseSize, // OUT: response buffer size + unsigned char** outResponse // OUT: response buffer +); #if 0 /* libtpms added */ //*** UnmarshalFail() diff --git a/src/tpm2/TpmMath_Debug.c b/src/tpm2/TpmMath_Debug.c index 2fa1dff9..84784a1e 100644 --- a/src/tpm2/TpmMath_Debug.c +++ b/src/tpm2/TpmMath_Debug.c @@ -77,16 +77,16 @@ static size_t SafeGetStringLength(const char* string, size_t maxsize) // return 0 if pointer is nullptr, or // maxsize if no null character is found. if(string == NULL) - return 0; - + return 0; + const char* pos = string; size_t size = 0; - + while(*pos != '\0' && size < maxsize) - { - pos++; - size++; - } + { + pos++; + size++; + } return size; } @@ -96,58 +96,58 @@ static LIB_EXPORT BYTE FromHex(unsigned char c) // hack for the ASCII characters we care about BYTE upper = (c & (~0x20)); if(c >= '0' && c <= '9') - return c - '0'; + return c - '0'; else if(c >= 'A' && c <= 'F') - return c - 'A'; - + return c - 'A'; + return 255; } //*** TpmEccDebug_FromHex() // Convert a hex string into a Crypt_Int*. This is primarily used in debugging. LIB_EXPORT Crypt_Int* TpmEccDebug_FromHex( - Crypt_Int* bn, // OUT: - const unsigned char* hex, // IN: - size_t maxsizeHex // IN: maximum size of hex - ) + Crypt_Int* bn, // OUT: + const unsigned char* hex, // IN: + size_t maxsizeHex // IN: maximum size of hex +) { // if value is larger than this, then fail BYTE tempBuf[MAX_ECC_KEY_BYTES]; MemorySet(tempBuf, 0, sizeof(tempBuf)); ExtMath_SetWord(bn, 0); - + size_t len = SafeGetStringLength(hex, maxsizeHex); BOOL OK = FALSE; if((len % 2) == 0) - { - OK = TRUE; - for(size_t i = 0; i < len; i += 2) - { - BYTE highNibble = FromHex(*hex); - hex++; - BYTE lowNibble = FromHex(*hex); - hex++; - // unsigned, no need to check zero - if(highNibble > 15 || lowNibble > 15) - { - OK = FALSE; - break; - } - BYTE b = ((highNibble << 4) | lowNibble); - tempBuf[i / 2] = b; - } - if(OK) - { - ExtMath_IntFromBytes(bn, tempBuf, (NUMBYTES)(len / 2)); - } - } - + { + OK = TRUE; + for(size_t i = 0; i < len; i += 2) + { + BYTE highNibble = FromHex(*hex); + hex++; + BYTE lowNibble = FromHex(*hex); + hex++; + // unsigned, no need to check zero + if(highNibble > 15 || lowNibble > 15) + { + OK = FALSE; + break; + } + BYTE b = ((highNibble << 4) | lowNibble); + tempBuf[i / 2] = b; + } + if(OK) + { + ExtMath_IntFromBytes(bn, tempBuf, (NUMBYTES)(len / 2)); + } + } + if(!OK) - { - // this should only be called in testing, so any - // errors are fatal. - FAIL(FATAL_ERROR_INTERNAL); - } + { + // this should only be called in testing, so any + // errors are fatal. + FAIL(FATAL_ERROR_INTERNAL); + } return bn; } @@ -159,8 +159,8 @@ LIB_EXPORT Crypt_Int* TpmEccDebug_FromHex( // TRUE(1) values equal // FALSE(0) values not equal BOOL TpmEccDebug_HexEqual(const Crypt_Int* bn, //IN: big number value - const char* c //IN: character string number - ) + const char* c //IN: character string number +) { CRYPT_ECC_NUM(bnC); TpmEccDebug_FromHex(bnC, c, MAX_ECC_KEY_BYTES * 2 + 1); diff --git a/src/tpm2/TpmMath_Debug_fp.h b/src/tpm2/TpmMath_Debug_fp.h index ea7fdab8..14314de4 100644 --- a/src/tpm2/TpmMath_Debug_fp.h +++ b/src/tpm2/TpmMath_Debug_fp.h @@ -73,14 +73,14 @@ // TRUE(1) values equal // FALSE(0) values not equal BOOL TpmMath_Debug_HexEqual(const Crypt_Int* bn, //IN: big number value - const char* c //IN: character string number - ); + const char* c //IN: character string number +); LIB_EXPORT Crypt_Int* TpmMath_Debug_FromHex( - Crypt_Int* bn, // OUT: - const unsigned char* hex, // IN: - size_t maxsizeHex // IN: maximum size of hex - ); + Crypt_Int* bn, // OUT: + const unsigned char* hex, // IN: + size_t maxsizeHex // IN: maximum size of hex +); #endif // ALG_ECC or ALG_RSA -#endif //_TPMMATH_DEBUG_FP_H_ \ No newline at end of file +#endif //_TPMMATH_DEBUG_FP_H_ diff --git a/src/tpm2/TpmMath_Util.c b/src/tpm2/TpmMath_Util.c index 47e84436..6be39d2b 100644 --- a/src/tpm2/TpmMath_Util.c +++ b/src/tpm2/TpmMath_Util.c @@ -68,11 +68,11 @@ // If the input value does not exist, or the output does not exist, or the input // will not fit into the output the function returns NULL LIB_EXPORT Crypt_Int* TpmMath_IntFrom2B(Crypt_Int* value, // OUT: - const TPM2B* a2B // IN: number to convert - ) + const TPM2B* a2B // IN: number to convert +) { if(value != NULL && a2B != NULL) - return ExtMath_IntFromBytes(value, a2B->buffer, a2B->size); + return ExtMath_IntFromBytes(value, a2B->buffer, a2B->size); return NULL; } @@ -85,17 +85,17 @@ LIB_EXPORT Crypt_Int* TpmMath_IntFrom2B(Crypt_Int* value, // OUT: // with zeros. If `size` is zero, then the TPM2B is assumed to be large enough // for the data and a2b->size will be adjusted accordingly. LIB_EXPORT BOOL TpmMath_IntTo2B( - const Crypt_Int* value, // IN: value to convert - TPM2B* a2B, // OUT: buffer for output - NUMBYTES size // IN: Size of output buffer - see comments. - ) + const Crypt_Int* value, // IN: value to convert + TPM2B* a2B, // OUT: buffer for output + NUMBYTES size // IN: Size of output buffer - see comments. +) { // Set the output size if(value && a2B) - { - a2B->size = size; - return ExtMath_IntToBytes(value, a2B->buffer, &a2B->size); - } + { + a2B->size = size; + return ExtMath_IntToBytes(value, a2B->buffer, &a2B->size); + } return FALSE; } @@ -110,67 +110,67 @@ LIB_EXPORT BOOL TpmMath_IntTo2B( // Return Type: BOOL // TRUE(1) success // FALSE(0) failure -#if 0 +#if 0 // libtpms added LIB_EXPORT BOOL TpmMath_GetRandomBits(BYTE* pBuffer, size_t bits, RAND_STATE* rand) { // buffer is assumed to be large enough for the number of bits rounded up to // bytes. NUMBYTES byteCount = (NUMBYTES)BITS_TO_BYTES(bits); if(DRBG_Generate(rand, pBuffer, byteCount) == byteCount) - { - // now flip the buffer order - this exists only to maintain - // compatibility with existing Known-value tests that expect the - // GetRandomInteger behavior of generating the value in little-endian - // order. - BYTE* pFrom = pBuffer + byteCount - 1; - BYTE* pTo = pBuffer; - while(pTo < pFrom) - { - BYTE t = *pTo; - *pTo = *pFrom; - *pFrom = t; - pTo++; - pFrom--; - } - // For a little-endian machine, the conversion is a straight byte - // reversal, done above. For a big-endian machine, we have to put the - // words in big-endian byte order. COMPATIBILITY NOTE: This code does - // not exactly reproduce the original code, because the original big-num - // code always generated data in units of crypt_word_t sizes. I.e. you - // couldn't generate just 9 bits for example. This revised version of - // the function could; and would generate 2 bytes with the first byte - // masked to 1 bit. In order to avoid running over the buffer when - // swapping crypt_uword_t blocks, this loop intentionally doesn't swap - // the last word if it is smaller than crypt_word_t size (which is the - // same as saying the buffer isn't an integral number of crypt_word_t - // units.) This is okay in this particular case _because_ this whole - // block of swapping code is to maintain compatibilty with existing - // KNOWN ANSWER TESTS, and said existing tests use sizes that this - // assumption is true for. Any new code with a different size where - // this last partial value isn't swapped will be creating a new KAT, and - // thus any (cryptographically valid) value is still random; swapping - // doesn't make a cryptographic random buffer more or less random, so - // the failure to swap is fine. + { + // now flip the buffer order - this exists only to maintain + // compatibility with existing Known-value tests that expect the + // GetRandomInteger behavior of generating the value in little-endian + // order. + BYTE* pFrom = pBuffer + byteCount - 1; + BYTE* pTo = pBuffer; + while(pTo < pFrom) + { + BYTE t = *pTo; + *pTo = *pFrom; + *pFrom = t; + pTo++; + pFrom--; + } + // For a little-endian machine, the conversion is a straight byte + // reversal, done above. For a big-endian machine, we have to put the + // words in big-endian byte order. COMPATIBILITY NOTE: This code does + // not exactly reproduce the original code, because the original big-num + // code always generated data in units of crypt_word_t sizes. I.e. you + // couldn't generate just 9 bits for example. This revised version of + // the function could; and would generate 2 bytes with the first byte + // masked to 1 bit. In order to avoid running over the buffer when + // swapping crypt_uword_t blocks, this loop intentionally doesn't swap + // the last word if it is smaller than crypt_word_t size (which is the + // same as saying the buffer isn't an integral number of crypt_word_t + // units.) This is okay in this particular case _because_ this whole + // block of swapping code is to maintain compatibilty with existing + // KNOWN ANSWER TESTS, and said existing tests use sizes that this + // assumption is true for. Any new code with a different size where + // this last partial value isn't swapped will be creating a new KAT, and + // thus any (cryptographically valid) value is still random; swapping + // doesn't make a cryptographic random buffer more or less random, so + // the failure to swap is fine. #if BIG_ENDIAN_TPM - crypt_uword_t* pTemp = (crypt_uword_t*)pBuffer; - for(size_t t = 0; t < (byteCount / sizeof(crypt_uword_t)); t++) - *pTemp = SWAP_CRYPT_WORD(*pTemp); + crypt_uword_t* pTemp = (crypt_uword_t*)pBuffer; + for(size_t t = 0; t < (byteCount / sizeof(crypt_uword_t)); t++) + *pTemp = SWAP_CRYPT_WORD(*pTemp); #endif - // if the number of bits % 8 != 0, mask the high order (first) byte to the relevant number of bits - // bits % 8 desired mask right-shift of 0xFF - // 0 0xFF 0 = (8 - 0) % 8 - // 1 0x01 7 = (8 - 1) % 8 - // 2 0x03 6 = (8 - 2) % 8 - // ... etc ... - // 7 0x7F 1 = (8 - 7) % 8 - int excessBits = bits % 8; - static const BYTE mask[8] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; // libtpms changed: fix - pBuffer[0] &= mask[excessBits]; // libtpms changed: fix - return TRUE; - } + // if the number of bits % 8 != 0, mask the high order (first) byte to the relevant number of bits + // bits % 8 desired mask right-shift of 0xFF + // 0 0xFF 0 = (8 - 0) % 8 + // 1 0x01 7 = (8 - 1) % 8 + // 2 0x03 6 = (8 - 2) % 8 + // ... etc ... + // 7 0x7F 1 = (8 - 7) % 8 + int excessBits = bits % 8; + static const BYTE mask[8] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; // libtpms changed: fix + pBuffer[0] &= mask[excessBits]; // libtpms changed: fix + return TRUE; + } return FALSE; } -#endif +#endif // libtpms added //*** TpmMath_GetRandomInteger() // This function gets random bits for use in various places. To make sure that the @@ -193,13 +193,13 @@ LIB_EXPORT BOOL TpmMath_GetRandomInteger(Crypt_Int* n, size_t bits, RAND_STATE* // large.b.size = (UINT16)BITS_TO_BYTES(bits); if(DRBG_Generate(rand, large.t.buffer, large.t.size) == large.t.size) - { - if(TpmMath_IntFrom2B(n, &large.b) != NULL) - { - if(ExtMath_MaskBits(n, (crypt_uword_t)bits)) - return TRUE; - } - } + { + if(TpmMath_IntFrom2B(n, &large.b) != NULL) + { + if(ExtMath_MaskBits(n, (crypt_uword_t)bits)) + return TRUE; + } + } return FALSE; } @@ -215,20 +215,20 @@ LIB_EXPORT BOOL TpmMath_GetRandomInteger(Crypt_Int* n, size_t bits, RAND_STATE* // TRUE(1) success // FALSE(0) failure ('limit' is too small) LIB_EXPORT BOOL TpmMath_GetRandomInRange( - Crypt_Int* dest, const Crypt_Int* limit, RAND_STATE* rand) + Crypt_Int* dest, const Crypt_Int* limit, RAND_STATE* rand) { size_t bits = ExtMath_SizeInBits(limit); // if(bits < 2) - { - ExtMath_SetWord(dest, 0); - return FALSE; - } + { + ExtMath_SetWord(dest, 0); + return FALSE; + } else - { - while(TpmMath_GetRandomInteger(dest, bits, rand) - && (ExtMath_IsZero(dest) || (ExtMath_UnsignedCmp(dest, limit) >= 0))) - ; - } + { + while(TpmMath_GetRandomInteger(dest, bits, rand) + && (ExtMath_IsZero(dest) || (ExtMath_UnsignedCmp(dest, limit) >= 0))) + ; + } return !g_inFailureMode; } diff --git a/src/tpm2/TpmMath_Util_fp.h b/src/tpm2/TpmMath_Util_fp.h index 8eaa9099..7072816f 100644 --- a/src/tpm2/TpmMath_Util_fp.h +++ b/src/tpm2/TpmMath_Util_fp.h @@ -66,8 +66,8 @@ // If the input value does not exist, or the output does not exist, or the input // will not fit into the output the function returns NULL LIB_EXPORT Crypt_Int* TpmMath_IntFrom2B(Crypt_Int* value, // OUT: - const TPM2B* a2B // IN: number to convert - ); + const TPM2B* a2B // IN: number to convert +); //*** TpmMath_IntTo2B() // @@ -78,10 +78,10 @@ LIB_EXPORT Crypt_Int* TpmMath_IntFrom2B(Crypt_Int* value, // OUT: // with zeros. If `size` is zero, then the TPM2B is assumed to be large enough // for the data and a2b->size will be adjusted accordingly. LIB_EXPORT BOOL TpmMath_IntTo2B( - const Crypt_Int* value, // IN: value to convert - TPM2B* a2B, // OUT: buffer for output - NUMBYTES size // IN: Size of output buffer - see comments. - ); + const Crypt_Int* value, // IN: value to convert + TPM2B* a2B, // OUT: buffer for output + NUMBYTES size // IN: Size of output buffer - see comments. +); //*** TpmMath_GetRandomBits() // This function gets random bits for use in various places. @@ -95,10 +95,10 @@ LIB_EXPORT BOOL TpmMath_IntTo2B( // TRUE(1) success // FALSE(0) failure LIB_EXPORT BOOL TpmMath_GetRandomBits( - BYTE* pBuffer, // OUT: buffer to set - size_t bits, // IN: number of bits to generate (see remarks) - RAND_STATE* rand // IN: random engine - ); + BYTE* pBuffer, // OUT: buffer to set + size_t bits, // IN: number of bits to generate (see remarks) + RAND_STATE* rand // IN: random engine +); //*** TpmMath_GetRandomInteger // This function generates a random integer with the requested number of bits. @@ -107,9 +107,9 @@ LIB_EXPORT BOOL TpmMath_GetRandomBits( // if either more bits, or the Crypt_Int* is too small to contain the requested bits // the TPM enters failure mode and this function returns FALSE. LIB_EXPORT BOOL TpmMath_GetRandomInteger(Crypt_Int* bn, // OUT: integer buffer to set - size_t bits, // IN: size of output, - RAND_STATE* rand // IN: random engine - ); + size_t bits, // IN: size of output, + RAND_STATE* rand // IN: random engine +); //*** TpmMath_GetRandomInRange() // This function is used to generate a random number r in the range 1 <= r < limit. @@ -123,10 +123,10 @@ LIB_EXPORT BOOL TpmMath_GetRandomInteger(Crypt_Int* bn, // OUT: integer buffer // TRUE(1) success // FALSE(0) failure ('limit' is too small) LIB_EXPORT BOOL TpmMath_GetRandomInRange( - Crypt_Int* dest, // OUT: integer buffer to set - const Crypt_Int* limit, // IN: limit (see remarks) - RAND_STATE* rand // IN: random engine - ); + Crypt_Int* dest, // OUT: integer buffer to set + const Crypt_Int* limit, // IN: limit (see remarks) + RAND_STATE* rand // IN: random engine +); // BnMath.c // libtpms added begin BOOL BnGenerateRandomInRangeAllBytes(bigNum dest, diff --git a/src/tpm2/TpmSizeChecks.c b/src/tpm2/TpmSizeChecks.c index 7785ec1b..6be1e0a9 100644 --- a/src/tpm2/TpmSizeChecks.c +++ b/src/tpm2/TpmSizeChecks.c @@ -60,51 +60,53 @@ /********************************************************************************/ //** Includes, Defines, and Types -#include "Tpm.h" -#include "PlatformACT_fp.h" /* kgold */ -#include "TpmSizeChecks_fp.h" -#include -#include +#include "Tpm.h" +#include +#include +#include "Marshal.h" #if RUNTIME_SIZE_CHECKS -#if TABLE_DRIVEN_MARSHAL -extern uint32_t MarshalDataSize; -#endif - -#if DEBUG -static int once = 0; -#endif +# if DEBUG +static int once = 0; +# endif //** TpmSizeChecks() // This function is used during the development process to make sure that the // vendor-specific values result in a consistent implementation. When possible, // the code contains #if to do compile-time checks. However, in some cases, the // values require the use of "sizeof()" and that can't be used in an #if. -BOOL -TpmSizeChecks( - void - ) +BOOL TpmSizeChecks(void) { - BOOL PASS = TRUE; -#if DEBUG + BOOL PASS = TRUE; + +# if DEBUG // if(once++ != 0) return 1; - { - UINT32 maxAsymSecurityStrength = MAX_ASYM_SECURITY_STRENGTH; - UINT32 maxHashSecurityStrength = MAX_HASH_SECURITY_STRENGTH; - UINT32 maxSymSecurityStrength = MAX_SYM_SECURITY_STRENGTH; - UINT32 maxSecurityStrengthBits = MAX_SECURITY_STRENGTH_BITS; - UINT32 proofSize = PROOF_SIZE; - UINT32 compliantProofSize = COMPLIANT_PROOF_SIZE; - UINT32 compliantPrimarySeedSize = COMPLIANT_PRIMARY_SEED_SIZE; - UINT32 primarySeedSize = PRIMARY_SEED_SIZE; - UINT32 cmacState = sizeof(tpmCmacState_t); - UINT32 hashState = sizeof(HASH_STATE); - UINT32 keyScheduleSize = sizeof(tpmCryptKeySchedule_t); - // +# if ALG_ECC + { + // This is just to allow simple access to the ecc curve data during debug + const TPM_ECC_CURVE_METADATA* ecc = CryptEccGetParametersByCurveId(3); + if(ecc == NULL) + ecc = NULL; + } +# endif // ALG_ECC + { + UINT32 maxAsymSecurityStrength = MAX_ASYM_SECURITY_STRENGTH; + UINT32 maxHashSecurityStrength = MAX_HASH_SECURITY_STRENGTH; + UINT32 maxSymSecurityStrength = MAX_SYM_SECURITY_STRENGTH; + UINT32 maxSecurityStrengthBits = MAX_SECURITY_STRENGTH_BITS; + UINT32 proofSize = PROOF_SIZE; + UINT32 compliantProofSize = COMPLIANT_PROOF_SIZE; + UINT32 compliantPrimarySeedSize = COMPLIANT_PRIMARY_SEED_SIZE; + UINT32 primarySeedSize = PRIMARY_SEED_SIZE; + + UINT32 cmacState = sizeof(tpmCmacState_t); + UINT32 hashState = sizeof(HASH_STATE); + UINT32 keyScheduleSize = sizeof(tpmCryptKeySchedule_t); + // NOT_REFERENCED(cmacState); NOT_REFERENCED(hashState); NOT_REFERENCED(keyScheduleSize); @@ -117,25 +119,28 @@ TpmSizeChecks( NOT_REFERENCED(compliantPrimarySeedSize); NOT_REFERENCED(primarySeedSize); - +# if ALG_RSA { - TPMT_SENSITIVE *p; + TPMT_SENSITIVE* p; // This assignment keeps compiler from complaining about a conditional // comparison being between two constants - UINT16 max_rsa_key_bytes = MAX_RSA_KEY_BYTES; + UINT16 max_rsa_key_bytes = MAX_RSA_KEY_BYTES; if((max_rsa_key_bytes / 2) != (sizeof(p->sensitive.rsa.t.buffer) / 5)) - { - printf("Sensitive part of TPMT_SENSITIVE is undersized. May be caused" - " by use of wrong version of Part 2.\n"); - PASS = FALSE; - } + { + printf("Sensitive part of TPMT_SENSITIVE is undersized. May be " + "caused" + " by use of wrong version of Part 2.\n"); + PASS = FALSE; + } } -#if TABLE_DRIVEN_MARSHAL +# endif // ALG_RSA +# if TABLE_DRIVEN_MARSHAL printf("sizeof(MarshalData) = %zu\n", sizeof(MarshalData_st)); -#endif +# endif printf("Size of OBJECT = %zu\n", sizeof(OBJECT)); - printf("Size of components in TPMT_SENSITIVE = %zu\n", sizeof(TPMT_SENSITIVE)); + printf("Size of components in TPMT_SENSITIVE = %zu\n", + sizeof(TPMT_SENSITIVE)); printf(" TPMI_ALG_PUBLIC %zu\n", sizeof(TPMI_ALG_PUBLIC)); printf(" TPM2B_AUTH %zu\n", sizeof(TPM2B_AUTH)); printf(" TPM2B_DIGEST %zu\n", sizeof(TPM2B_DIGEST)); @@ -158,74 +163,86 @@ TpmSizeChecks( // Get the size of fingerprint in context blob. The sequence value in // TPMS_CONTEXT structure is used as the fingerprint { - UINT32 fingerprintSize = sizeof(UINT64); - UINT32 integritySize = sizeof(UINT16) - + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); - UINT32 biggestObject = MAX(MAX(sizeof(HASH_OBJECT), sizeof(OBJECT)), - sizeof(SESSION)); - UINT32 biggestContext = fingerprintSize + integritySize + biggestObject; + UINT32 fingerprintSize = sizeof(UINT64); + UINT32 integritySize = + sizeof(UINT16) + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); + UINT32 biggestObject = + MAX(MAX(sizeof(HASH_OBJECT), sizeof(OBJECT)), sizeof(SESSION)); + UINT32 biggestContext = fingerprintSize + integritySize + biggestObject; // round required size up to nearest 8 byte boundary. biggestContext = 8 * ((biggestContext + 7) / 8); if(MAX_CONTEXT_SIZE < biggestContext) - { - printf("MAX_CONTEXT_SIZE needs to be increased to at least to %d (%d)\n", - biggestContext, MAX_CONTEXT_SIZE); - PASS = FALSE; - } - else if (MAX_CONTEXT_SIZE > biggestContext) - { - printf("MAX_CONTEXT_SIZE can be reduced to %d (%d)\n", - biggestContext, MAX_CONTEXT_SIZE); - } + { + printf("MAX_CONTEXT_SIZE needs to be increased to at least %d (%d)\n", + biggestContext, + MAX_CONTEXT_SIZE); + PASS = FALSE; + } + else if(MAX_CONTEXT_SIZE > biggestContext) + { + printf("MAX_CONTEXT_SIZE can be reduced to %d (%d)\n", + biggestContext, + MAX_CONTEXT_SIZE); + } } { union u { - TPMA_OBJECT attributes; - UINT32 uint32Value; + TPMA_OBJECT attributes; + UINT32 uint32Value; } u; // these are defined so that compiler doesn't complain about conditional // expressions comparing two constants. - int aSize = sizeof(u.attributes); - int uSize = sizeof(u.uint32Value); + int aSize = sizeof(u.attributes); + int uSize = sizeof(u.uint32Value); u.uint32Value = 0; SET_ATTRIBUTE(u.attributes, TPMA_OBJECT, fixedTPM); if(u.uint32Value != 2) - { - printf("The bit allocation in a TPMA_OBJECT is not as expected"); - PASS = FALSE; - } + { + printf("The bit allocation in a TPMA_OBJECT is not as expected"); + PASS = FALSE; + } if(aSize != uSize) // comparison of two sizeof() values annoys compiler - { - printf("A TPMA_OBJECT is not the expected size."); - PASS = FALSE; - } + { + printf("A TPMA_OBJECT is not the expected size."); + PASS = FALSE; + } } - // Check that the platform implements each of the ACT that the TPM thinks are present +# if ACT_SUPPORT + // Check that the platorm implementes each of the ACT that the TPM thinks are + // present { - uint32_t act; + uint32_t act; for(act = 0; act < 16; act++) - { - switch(act) - { - FOR_EACH_ACT(CASE_ACT_NUMBER) - if(!_plat__ACT_GetImplemented(act)) - { - printf("TPM_RH_ACT_%1X is not implemented by platform\n", - act); - PASS = FALSE; - } - default: - break; - } - } + { + switch(act) + { + FOR_EACH_ACT(CASE_ACT_NUMBER) + if(!_plat__ACT_GetImplemented(act)) + { + printf("TPM_RH_ACT_%1X is not implemented by platform\n", act); + PASS = FALSE; + } + default: + break; + } + } } -#endif // DEBUG +# endif // ACT_SUPPORT + { + // Had a problem with the macros coming up with some bad values. Make sure + // the size is rational + int t = MAX_DIGEST_SIZE; + if(t < 20) + { + printf("Check the MAX_DIGEST_SIZE computation (%d)", MAX_DIGEST_SIZE); + PASS = FALSE; + } + } +# endif // DEBUG return (PASS); } -#endif // RUNTIME_SIZE_CHECKS - - +#endif // RUNTIME_SIZE_CHECKS diff --git a/src/tpm2/TpmSizeChecks_fp.h b/src/tpm2/TpmSizeChecks_fp.h index 12f27149..695a63be 100644 --- a/src/tpm2/TpmSizeChecks_fp.h +++ b/src/tpm2/TpmSizeChecks_fp.h @@ -59,9 +59,22 @@ /* */ /********************************************************************************/ -#ifndef TPMSIZECHECKS_FP_H -#define TPMSIZECHECKS_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Oct 24, 2019 Time: 11:37:07AM + */ +#ifndef _TPM_SIZE_CHECKS_FP_H_ +#define _TPM_SIZE_CHECKS_FP_H_ + +#if RUNTIME_SIZE_CHECKS + +//** TpmSizeChecks() +// This function is used during the development process to make sure that the +// vendor-specific values result in a consistent implementation. When possible, +// the code contains "#if" to do compile-time checks. However, in some cases, the +// values require the use of "sizeof()" and that can't be used in an #if. BOOL TpmSizeChecks(void); +#endif // RUNTIME_SIZE_CHECKS -#endif +#endif // _TPM_SIZE_CHECKS_FP_H_ diff --git a/src/tpm2/TpmTcpProtocol.h b/src/tpm2/TpmTcpProtocol.h index 1fe8f662..411a3a3a 100644 --- a/src/tpm2/TpmTcpProtocol.h +++ b/src/tpm2/TpmTcpProtocol.h @@ -59,82 +59,95 @@ /* */ /********************************************************************************/ -/* D.3 TpmTcpProtocol.h */ -/* D.3.1. Introduction */ -/* TPM commands are communicated as uint8_t streams on a TCP connection. The TPM command protocol is - enveloped with the interface protocol described in this file. The command is indicated by a - uint32_t with one of the values below. Most commands take no parameters and return no TPM errors. In - these cases the TPM interface protocol acknowledges that command processing is completed by - returning a uint32_t = 0. The command TPM_SIGNAL_HASH_DATA takes a uint32_t-prepended variable length - byte array and the interface protocol acknowledges command completion with a uint32_t = 0. Most TPM - commands are enveloped using the TPM_SEND_COMMAND interface command. The parameters are as - indicated below. The interface layer also appends a uin32_t = 0 to the TPM response for - regularity. */ -/* D.3.2. Typedefs and Defines */ -#ifndef TCP_TPM_PROTOCOL_H -#define TCP_TPM_PROTOCOL_H -/* D.3.3. TPM Commands All commands acknowledge processing by returning a uint32_t = 0 except where - noted */ -#define TPM_SIGNAL_POWER_ON 1 -#define TPM_SIGNAL_POWER_OFF 2 -#define TPM_SIGNAL_PHYS_PRES_ON 3 -#define TPM_SIGNAL_PHYS_PRES_OFF 4 -#define TPM_SIGNAL_HASH_START 5 -#define TPM_SIGNAL_HASH_DATA 6 - // {uint32_t BufferSize, uint8_t[BufferSize] Buffer} -#define TPM_SIGNAL_HASH_END 7 -#define TPM_SEND_COMMAND 8 +//** Introduction + +// TPM commands are communicated as uint8_t streams on a TCP connection. The TPM +// command protocol is enveloped with the interface protocol described in this +// file. The command is indicated by a uint32 with one of the values below. Most +// commands take no parameters return no TPM errors. In these cases the TPM +// interface protocol acknowledges that command processing is completed by returning +// a uint32=0. The command TPM_SIGNAL_HASH_DATA takes a uint32-prepended variable +// length byte array and the interface protocol acknowledges command completion +// with a uint32=0. Most TPM commands are enveloped using the TPM_SEND_COMMAND +// interface command. The parameters are as indicated below. The interface layer +// also appends a UIN32=0 to the TPM response for regularity. + +//** Typedefs and Defines +#ifndef TCP_TPM_PROTOCOL_H +#define TCP_TPM_PROTOCOL_H + +//** TPM Commands. +// All commands acknowledge processing by returning a uint32 == 0 except where noted +#define TPM_SIGNAL_POWER_ON 1 +#define TPM_SIGNAL_POWER_OFF 2 +#define TPM_SIGNAL_PHYS_PRES_ON 3 +#define TPM_SIGNAL_PHYS_PRES_OFF 4 +#define TPM_SIGNAL_HASH_START 5 +#define TPM_SIGNAL_HASH_DATA 6 +// {uint32_t BufferSize, uint8_t[BufferSize] Buffer} +#define TPM_SIGNAL_HASH_END 7 +#define TPM_SEND_COMMAND 8 // {uint8_t Locality, uint32_t InBufferSize, uint8_t[InBufferSize] InBuffer} -> // {uint32_t OutBufferSize, uint8_t[OutBufferSize] OutBuffer} -#define TPM_SIGNAL_CANCEL_ON 9 -#define TPM_SIGNAL_CANCEL_OFF 10 -#define TPM_SIGNAL_NV_ON 11 -#define TPM_SIGNAL_NV_OFF 12 -#define TPM_SIGNAL_KEY_CACHE_ON 13 -#define TPM_SIGNAL_KEY_CACHE_OFF 14 -#define TPM_REMOTE_HANDSHAKE 15 -#define TPM_SET_ALTERNATIVE_RESULT 16 -#define TPM_SIGNAL_RESET 17 -#define TPM_SIGNAL_RESTART 18 -#define TPM_SESSION_END 20 -#define TPM_STOP 21 -#define TPM_GET_COMMAND_RESPONSE_SIZES 25 -#define TPM_ACT_GET_SIGNALED 26 -#define TPM_TEST_FAILURE_MODE 30 -// D.3.4. Enumerations and Structures +#define TPM_SIGNAL_CANCEL_ON 9 +#define TPM_SIGNAL_CANCEL_OFF 10 +#define TPM_SIGNAL_NV_ON 11 +#define TPM_SIGNAL_NV_OFF 12 +#define TPM_SIGNAL_KEY_CACHE_ON 13 +#define TPM_SIGNAL_KEY_CACHE_OFF 14 +#define TPM_REMOTE_HANDSHAKE 15 +#define TPM_SET_ALTERNATIVE_RESULT 16 + +#define TPM_SIGNAL_RESET 17 +#define TPM_SIGNAL_RESTART 18 + +#define TPM_SESSION_END 20 +#define TPM_STOP 21 + +#define TPM_GET_COMMAND_RESPONSE_SIZES 25 + +#define TPM_ACT_GET_SIGNALED 26 + +#define TPM_TEST_FAILURE_MODE 30 + +//** Enumerations and Structures enum TpmEndPointInfo - { - tpmPlatformAvailable = 0x01, - tpmUsesTbs = 0x02, - tpmInRawMode = 0x04, - tpmSupportsPP = 0x08 - }; +{ + tpmPlatformAvailable = 0x01, + tpmUsesTbs = 0x02, + tpmInRawMode = 0x04, + tpmSupportsPP = 0x08 +}; #ifdef _MSC_VER -# pragma warning(push, 3) +# pragma warning(push, 3) #endif // Existing RPC interface type definitions retained so that the implementation // can be re-used typedef struct in_buffer { - unsigned long BufferSize; - unsigned char *Buffer; + unsigned long BufferSize; + unsigned char* Buffer; } _IN_BUFFER; -typedef unsigned char *_OUTPUT_BUFFER; + +typedef unsigned char* _OUTPUT_BUFFER; + typedef struct out_buffer { - uint32_t BufferSize; - _OUTPUT_BUFFER Buffer; + uint32_t BufferSize; + _OUTPUT_BUFFER Buffer; } _OUT_BUFFER; + #ifdef _MSC_VER -# pragma warning(pop) +# pragma warning(pop) #endif + #ifndef WIN32 -typedef unsigned long DWORD; -typedef void *LPVOID; -#undef WINAPI +typedef unsigned long DWORD; +typedef void* LPVOID; #endif + #endif diff --git a/src/tpm2/TpmTypes.h b/src/tpm2/TpmTypes.h index 734d6c41..95a69aff 100644 --- a/src/tpm2/TpmTypes.h +++ b/src/tpm2/TpmTypes.h @@ -58,10 +58,10 @@ /* */ /********************************************************************************/ -/* 5.21 TpmTypes.h */ +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -#ifndef TPMTYPES_H -#define TPMTYPES_H +#ifndef _TPM_INCLUDE_PRIVATE_TPMTYPES_H_ +#define _TPM_INCLUDE_PRIVATE_TPMTYPES_H_ #ifndef MAX_CAP_BUFFER # error MAX_CAP_BUFFER must be defined before this file so it can calculate maximum capability sizes @@ -71,665 +71,665 @@ #include "TpmCalculatedAttributes.h" #include "GpMacros.h" -/* TCG Algorithm Registry: Table 1:2 - Definition of TPM_ALG_ID Constants */ +// Table "Definition of Types for Documentation Clarity" (Part 2: Structures) +typedef UINT32 TPM_ALGORITHM_ID; +#define TYPE_OF_TPM_ALGORITHM_ID UINT32 +typedef UINT32 TPM_MODIFIER_INDICATOR; +#define TYPE_OF_TPM_MODIFIER_INDICATOR UINT32 +typedef UINT32 TPM_AUTHORIZATION_SIZE; +#define TYPE_OF_TPM_AUTHORIZATION_SIZE UINT32 +typedef UINT32 TPM_PARAMETER_SIZE; +#define TYPE_OF_TPM_PARAMETER_SIZE UINT32 +typedef UINT16 TPM_KEY_SIZE; +#define TYPE_OF_TPM_KEY_SIZE UINT16 +typedef UINT16 TPM_KEY_BITS; +#define TYPE_OF_TPM_KEY_BITS UINT16 -typedef UINT16 TPM_ALG_ID; -#define TYPE_OF_TPM_ALG_ID UINT16 -#define ALG_ERROR_VALUE 0x0000 -#define TPM_ALG_ERROR (TPM_ALG_ID)(ALG_ERROR_VALUE) -#define ALG_RSA_VALUE 0x0001 -#define TPM_ALG_RSA (TPM_ALG_ID)(ALG_RSA_VALUE) -#define ALG_TDES_VALUE 0x0003 -#define TPM_ALG_TDES (TPM_ALG_ID)(ALG_TDES_VALUE) -#define ALG_SHA_VALUE 0x0004 -#define TPM_ALG_SHA (TPM_ALG_ID)(ALG_SHA_VALUE) -#define ALG_SHA1_VALUE 0x0004 -#define TPM_ALG_SHA1 (TPM_ALG_ID)(ALG_SHA1_VALUE) -#define ALG_HMAC_VALUE 0x0005 -#define TPM_ALG_HMAC (TPM_ALG_ID)(ALG_HMAC_VALUE) -#define ALG_AES_VALUE 0x0006 -#define TPM_ALG_AES (TPM_ALG_ID)(ALG_AES_VALUE) -#define ALG_MGF1_VALUE 0x0007 -#define TPM_ALG_MGF1 (TPM_ALG_ID)(ALG_MGF1_VALUE) -#define ALG_KEYEDHASH_VALUE 0x0008 -#define TPM_ALG_KEYEDHASH (TPM_ALG_ID)(ALG_KEYEDHASH_VALUE) -#define ALG_XOR_VALUE 0x000A -#define TPM_ALG_XOR (TPM_ALG_ID)(ALG_XOR_VALUE) -#define ALG_SHA256_VALUE 0x000B -#define TPM_ALG_SHA256 (TPM_ALG_ID)(ALG_SHA256_VALUE) -#define ALG_SHA384_VALUE 0x000C -#define TPM_ALG_SHA384 (TPM_ALG_ID)(ALG_SHA384_VALUE) -#define ALG_SHA512_VALUE 0x000D -#define TPM_ALG_SHA512 (TPM_ALG_ID)(ALG_SHA512_VALUE) -#define ALG_NULL_VALUE 0x0010 -#define TPM_ALG_NULL (TPM_ALG_ID)(ALG_NULL_VALUE) -#define ALG_SM3_256_VALUE 0x0012 -#define TPM_ALG_SM3_256 (TPM_ALG_ID)(ALG_SM3_256_VALUE) -#define ALG_SM4_VALUE 0x0013 -#define TPM_ALG_SM4 (TPM_ALG_ID)(ALG_SM4_VALUE) -#define ALG_RSASSA_VALUE 0x0014 -#define TPM_ALG_RSASSA (TPM_ALG_ID)(ALG_RSASSA_VALUE) -#define ALG_RSAES_VALUE 0x0015 -#define TPM_ALG_RSAES (TPM_ALG_ID)(ALG_RSAES_VALUE) -#define ALG_RSAPSS_VALUE 0x0016 -#define TPM_ALG_RSAPSS (TPM_ALG_ID)(ALG_RSAPSS_VALUE) -#define ALG_OAEP_VALUE 0x0017 -#define TPM_ALG_OAEP (TPM_ALG_ID)(ALG_OAEP_VALUE) -#define ALG_ECDSA_VALUE 0x0018 -#define TPM_ALG_ECDSA (TPM_ALG_ID)(ALG_ECDSA_VALUE) -#define ALG_ECDH_VALUE 0x0019 -#define TPM_ALG_ECDH (TPM_ALG_ID)(ALG_ECDH_VALUE) -#define ALG_ECDAA_VALUE 0x001A -#define TPM_ALG_ECDAA (TPM_ALG_ID)(ALG_ECDAA_VALUE) -#define ALG_SM2_VALUE 0x001B -#define TPM_ALG_SM2 (TPM_ALG_ID)(ALG_SM2_VALUE) -#define ALG_ECSCHNORR_VALUE 0x001C -#define TPM_ALG_ECSCHNORR (TPM_ALG_ID)(ALG_ECSCHNORR_VALUE) -#define ALG_ECMQV_VALUE 0x001D -#define TPM_ALG_ECMQV (TPM_ALG_ID)(ALG_ECMQV_VALUE) -#define ALG_KDF1_SP800_56A_VALUE 0x0020 -#define TPM_ALG_KDF1_SP800_56A (TPM_ALG_ID)(ALG_KDF1_SP800_56A_VALUE) -#define ALG_KDF2_VALUE 0x0021 -#define TPM_ALG_KDF2 (TPM_ALG_ID)(ALG_KDF2_VALUE) -#define ALG_KDF1_SP800_108_VALUE 0x0022 -#define TPM_ALG_KDF1_SP800_108 (TPM_ALG_ID)(ALG_KDF1_SP800_108_VALUE) -#define ALG_ECC_VALUE 0x0023 -#define TPM_ALG_ECC (TPM_ALG_ID)(ALG_ECC_VALUE) -#define ALG_SYMCIPHER_VALUE 0x0025 -#define TPM_ALG_SYMCIPHER (TPM_ALG_ID)(ALG_SYMCIPHER_VALUE) -#define ALG_CAMELLIA_VALUE 0x0026 -#define TPM_ALG_CAMELLIA (TPM_ALG_ID)(ALG_CAMELLIA_VALUE) -#define ALG_SHA3_256_VALUE 0x0027 -#define TPM_ALG_SHA3_256 (TPM_ALG_ID)(ALG_SHA3_256_VALUE) -#define ALG_SHA3_384_VALUE 0x0028 -#define TPM_ALG_SHA3_384 (TPM_ALG_ID)(ALG_SHA3_384_VALUE) -#define ALG_SHA3_512_VALUE 0x0029 -#define TPM_ALG_SHA3_512 (TPM_ALG_ID)(ALG_SHA3_512_VALUE) -#define ALG_CMAC_VALUE 0x003F -#define TPM_ALG_CMAC (TPM_ALG_ID)(ALG_CMAC_VALUE) -#define ALG_CTR_VALUE 0x0040 -#define TPM_ALG_CTR (TPM_ALG_ID)(ALG_CTR_VALUE) -#define ALG_OFB_VALUE 0x0041 -#define TPM_ALG_OFB (TPM_ALG_ID)(ALG_OFB_VALUE) -#define ALG_CBC_VALUE 0x0042 -#define TPM_ALG_CBC (TPM_ALG_ID)(ALG_CBC_VALUE) -#define ALG_CFB_VALUE 0x0043 -#define TPM_ALG_CFB (TPM_ALG_ID)(ALG_CFB_VALUE) -#define ALG_ECB_VALUE 0x0044 -#define TPM_ALG_ECB (TPM_ALG_ID)(ALG_ECB_VALUE) - -/* Values derived from Table 1:2 */ -#define ALG_FIRST_VALUE 0x0001 -#define TPM_ALG_FIRST (TPM_ALG_ID)(ALG_FIRST_VALUE) -#define ALG_LAST_VALUE 0x0044 -#define TPM_ALG_LAST (TPM_ALG_ID)(ALG_LAST_VALUE) - -/* TCG Algorithm Registry: Table 1:3 - Definition of TPM_ECC_CURVE Constants */ -typedef UINT16 TPM_ECC_CURVE; -#define TYPE_OF_TPM_ECC_CURVE UINT16 -#define TPM_ECC_NONE (TPM_ECC_CURVE)(0x0000) -#define TPM_ECC_NIST_P192 (TPM_ECC_CURVE)(0x0001) -#define TPM_ECC_NIST_P224 (TPM_ECC_CURVE)(0x0002) -#define TPM_ECC_NIST_P256 (TPM_ECC_CURVE)(0x0003) -#define TPM_ECC_NIST_P384 (TPM_ECC_CURVE)(0x0004) -#define TPM_ECC_NIST_P521 (TPM_ECC_CURVE)(0x0005) -#define TPM_ECC_BN_P256 (TPM_ECC_CURVE)(0x0010) -#define TPM_ECC_BN_P638 (TPM_ECC_CURVE)(0x0011) -#define TPM_ECC_SM2_P256 (TPM_ECC_CURVE)(0x0020) - -/* TPM 2.0 Part 2: Table 2:12 - Definition of TPM_CC Constants */ -typedef UINT32 TPM_CC; -#define TYPE_OF_TPM_CC UINT32 -#define TPM_CC_FIRST (TPM_CC)(0x0000011F) -#define TPM_CC_NV_UndefineSpaceSpecial (TPM_CC)(0x0000011F) -#define TPM_CC_EvictControl (TPM_CC)(0x00000120) -#define TPM_CC_HierarchyControl (TPM_CC)(0x00000121) -#define TPM_CC_NV_UndefineSpace (TPM_CC)(0x00000122) -#define TPM_CC_ChangeEPS (TPM_CC)(0x00000124) -#define TPM_CC_ChangePPS (TPM_CC)(0x00000125) -#define TPM_CC_Clear (TPM_CC)(0x00000126) -#define TPM_CC_ClearControl (TPM_CC)(0x00000127) -#define TPM_CC_ClockSet (TPM_CC)(0x00000128) -#define TPM_CC_HierarchyChangeAuth (TPM_CC)(0x00000129) -#define TPM_CC_NV_DefineSpace (TPM_CC)(0x0000012A) -#define TPM_CC_PCR_Allocate (TPM_CC)(0x0000012B) -#define TPM_CC_PCR_SetAuthPolicy (TPM_CC)(0x0000012C) -#define TPM_CC_PP_Commands (TPM_CC)(0x0000012D) -#define TPM_CC_SetPrimaryPolicy (TPM_CC)(0x0000012E) -#define TPM_CC_FieldUpgradeStart (TPM_CC)(0x0000012F) -#define TPM_CC_ClockRateAdjust (TPM_CC)(0x00000130) -#define TPM_CC_CreatePrimary (TPM_CC)(0x00000131) -#define TPM_CC_NV_GlobalWriteLock (TPM_CC)(0x00000132) -#define TPM_CC_GetCommandAuditDigest (TPM_CC)(0x00000133) -#define TPM_CC_NV_Increment (TPM_CC)(0x00000134) -#define TPM_CC_NV_SetBits (TPM_CC)(0x00000135) -#define TPM_CC_NV_Extend (TPM_CC)(0x00000136) -#define TPM_CC_NV_Write (TPM_CC)(0x00000137) -#define TPM_CC_NV_WriteLock (TPM_CC)(0x00000138) -#define TPM_CC_DictionaryAttackLockReset (TPM_CC)(0x00000139) -#define TPM_CC_DictionaryAttackParameters (TPM_CC)(0x0000013A) -#define TPM_CC_NV_ChangeAuth (TPM_CC)(0x0000013B) -#define TPM_CC_PCR_Event (TPM_CC)(0x0000013C) -#define TPM_CC_PCR_Reset (TPM_CC)(0x0000013D) -#define TPM_CC_SequenceComplete (TPM_CC)(0x0000013E) -#define TPM_CC_SetAlgorithmSet (TPM_CC)(0x0000013F) -#define TPM_CC_SetCommandCodeAuditStatus (TPM_CC)(0x00000140) -#define TPM_CC_FieldUpgradeData (TPM_CC)(0x00000141) -#define TPM_CC_IncrementalSelfTest (TPM_CC)(0x00000142) -#define TPM_CC_SelfTest (TPM_CC)(0x00000143) -#define TPM_CC_Startup (TPM_CC)(0x00000144) -#define TPM_CC_Shutdown (TPM_CC)(0x00000145) -#define TPM_CC_StirRandom (TPM_CC)(0x00000146) -#define TPM_CC_ActivateCredential (TPM_CC)(0x00000147) -#define TPM_CC_Certify (TPM_CC)(0x00000148) -#define TPM_CC_PolicyNV (TPM_CC)(0x00000149) -#define TPM_CC_CertifyCreation (TPM_CC)(0x0000014A) -#define TPM_CC_Duplicate (TPM_CC)(0x0000014B) -#define TPM_CC_GetTime (TPM_CC)(0x0000014C) -#define TPM_CC_GetSessionAuditDigest (TPM_CC)(0x0000014D) -#define TPM_CC_NV_Read (TPM_CC)(0x0000014E) -#define TPM_CC_NV_ReadLock (TPM_CC)(0x0000014F) -#define TPM_CC_ObjectChangeAuth (TPM_CC)(0x00000150) -#define TPM_CC_PolicySecret (TPM_CC)(0x00000151) -#define TPM_CC_Rewrap (TPM_CC)(0x00000152) -#define TPM_CC_Create (TPM_CC)(0x00000153) -#define TPM_CC_ECDH_ZGen (TPM_CC)(0x00000154) -#define TPM_CC_HMAC (TPM_CC)(0x00000155) -#define TPM_CC_MAC (TPM_CC)(0x00000155) -#define TPM_CC_Import (TPM_CC)(0x00000156) -#define TPM_CC_Load (TPM_CC)(0x00000157) -#define TPM_CC_Quote (TPM_CC)(0x00000158) -#define TPM_CC_RSA_Decrypt (TPM_CC)(0x00000159) -#define TPM_CC_HMAC_Start (TPM_CC)(0x0000015B) -#define TPM_CC_MAC_Start (TPM_CC)(0x0000015B) -#define TPM_CC_SequenceUpdate (TPM_CC)(0x0000015C) -#define TPM_CC_Sign (TPM_CC)(0x0000015D) -#define TPM_CC_Unseal (TPM_CC)(0x0000015E) -#define TPM_CC_PolicySigned (TPM_CC)(0x00000160) -#define TPM_CC_ContextLoad (TPM_CC)(0x00000161) -#define TPM_CC_ContextSave (TPM_CC)(0x00000162) -#define TPM_CC_ECDH_KeyGen (TPM_CC)(0x00000163) -#define TPM_CC_EncryptDecrypt (TPM_CC)(0x00000164) -#define TPM_CC_FlushContext (TPM_CC)(0x00000165) -#define TPM_CC_LoadExternal (TPM_CC)(0x00000167) -#define TPM_CC_MakeCredential (TPM_CC)(0x00000168) -#define TPM_CC_NV_ReadPublic (TPM_CC)(0x00000169) -#define TPM_CC_PolicyAuthorize (TPM_CC)(0x0000016A) -#define TPM_CC_PolicyAuthValue (TPM_CC)(0x0000016B) -#define TPM_CC_PolicyCommandCode (TPM_CC)(0x0000016C) -#define TPM_CC_PolicyCounterTimer (TPM_CC)(0x0000016D) -#define TPM_CC_PolicyCpHash (TPM_CC)(0x0000016E) -#define TPM_CC_PolicyLocality (TPM_CC)(0x0000016F) -#define TPM_CC_PolicyNameHash (TPM_CC)(0x00000170) -#define TPM_CC_PolicyOR (TPM_CC)(0x00000171) -#define TPM_CC_PolicyTicket (TPM_CC)(0x00000172) -#define TPM_CC_ReadPublic (TPM_CC)(0x00000173) -#define TPM_CC_RSA_Encrypt (TPM_CC)(0x00000174) -#define TPM_CC_StartAuthSession (TPM_CC)(0x00000176) -#define TPM_CC_VerifySignature (TPM_CC)(0x00000177) -#define TPM_CC_ECC_Parameters (TPM_CC)(0x00000178) -#define TPM_CC_FirmwareRead (TPM_CC)(0x00000179) -#define TPM_CC_GetCapability (TPM_CC)(0x0000017A) -#define TPM_CC_GetRandom (TPM_CC)(0x0000017B) -#define TPM_CC_GetTestResult (TPM_CC)(0x0000017C) -#define TPM_CC_Hash (TPM_CC)(0x0000017D) -#define TPM_CC_PCR_Read (TPM_CC)(0x0000017E) -#define TPM_CC_PolicyPCR (TPM_CC)(0x0000017F) -#define TPM_CC_PolicyRestart (TPM_CC)(0x00000180) -#define TPM_CC_ReadClock (TPM_CC)(0x00000181) -#define TPM_CC_PCR_Extend (TPM_CC)(0x00000182) -#define TPM_CC_PCR_SetAuthValue (TPM_CC)(0x00000183) -#define TPM_CC_NV_Certify (TPM_CC)(0x00000184) -#define TPM_CC_EventSequenceComplete (TPM_CC)(0x00000185) -#define TPM_CC_HashSequenceStart (TPM_CC)(0x00000186) -#define TPM_CC_PolicyPhysicalPresence (TPM_CC)(0x00000187) -#define TPM_CC_PolicyDuplicationSelect (TPM_CC)(0x00000188) -#define TPM_CC_PolicyGetDigest (TPM_CC)(0x00000189) -#define TPM_CC_TestParms (TPM_CC)(0x0000018A) -#define TPM_CC_Commit (TPM_CC)(0x0000018B) -#define TPM_CC_PolicyPassword (TPM_CC)(0x0000018C) -#define TPM_CC_ZGen_2Phase (TPM_CC)(0x0000018D) -#define TPM_CC_EC_Ephemeral (TPM_CC)(0x0000018E) -#define TPM_CC_PolicyNvWritten (TPM_CC)(0x0000018F) -#define TPM_CC_PolicyTemplate (TPM_CC)(0x00000190) -#define TPM_CC_CreateLoaded (TPM_CC)(0x00000191) -#define TPM_CC_PolicyAuthorizeNV (TPM_CC)(0x00000192) -#define TPM_CC_EncryptDecrypt2 (TPM_CC)(0x00000193) -#define TPM_CC_AC_GetCapability (TPM_CC)(0x00000194) -#define TPM_CC_AC_Send (TPM_CC)(0x00000195) -#define TPM_CC_Policy_AC_SendSelect (TPM_CC)(0x00000196) -#define TPM_CC_CertifyX509 (TPM_CC)(0x00000197) -#define TPM_CC_ACT_SetTimeout (TPM_CC)(0x00000198) -#define TPM_CC_ECC_Encrypt (TPM_CC)(0x00000199) -#define TPM_CC_ECC_Decrypt (TPM_CC)(0x0000019A) -#define TPM_CC_PolicyCapability (TPM_CC)(0x0000019B) -#define TPM_CC_PolicyParameters (TPM_CC)(0x0000019C) -#define TPM_CC_NV_DefineSpace2 (TPM_CC)(0x0000019D) -#define TPM_CC_NV_ReadPublic2 (TPM_CC)(0x0000019E) -#define TPM_CC_SetCapability (TPM_CC)(0x0000019F) -#define TPM_CC_LAST (TPM_CC)(0x0000019F) -#define CC_VEND 0x20000000 -#define TPM_CC_Vendor_TCG_Test (TPM_CC)(0x20000000) - -/* Table 2:5 - Definition of Types for Documentation Clarity */ -typedef UINT32 TPM_ALGORITHM_ID; -#define TYPE_OF_TPM_ALGORITHM_ID UINT32 -typedef UINT32 TPM_MODIFIER_INDICATOR; -#define TYPE_OF_TPM_MODIFIER_INDICATOR UINT32 -typedef UINT32 TPM_AUTHORIZATION_SIZE; -#define TYPE_OF_TPM_AUTHORIZATION_SIZE UINT32 -typedef UINT32 TPM_PARAMETER_SIZE; -#define TYPE_OF_TPM_PARAMETER_SIZE UINT32 -typedef UINT16 TPM_KEY_SIZE; -#define TYPE_OF_TPM_KEY_SIZE UINT16 -typedef UINT16 TPM_KEY_BITS; -#define TYPE_OF_TPM_KEY_BITS UINT16 - -/* Table 2:7 - Definition of TPM_CONSTANTS32 Constants */ - -typedef UINT32 TPM_CONSTANTS32; +// Table "Definition of TPM_CONSTANTS32 Constants" (Part 2: Structures) +typedef UINT32 TPM_CONSTANTS32; #define TYPE_OF_TPM_CONSTANTS32 UINT32 #define TPM_GENERATED_VALUE (TPM_CONSTANTS32)(0xFF544347) -#define TPM_MAX_DERIVATION_BITS (TPM_CONSTANTS32)8192 +#define TPM_MAX_DERIVATION_BITS (TPM_CONSTANTS32)(8192) -/* Table 2:16 - Definition of TPM_RC Constants */ -typedef UINT32 TPM_RC; -#define TYPE_OF_TPM_RC UINT32 -#define TPM_RC_SUCCESS (TPM_RC)(0x000) -#define TPM_RC_BAD_TAG (TPM_RC)(0x01E) -#define RC_VER1 (TPM_RC)(0x100) -#define TPM_RC_INITIALIZE (TPM_RC)(RC_VER1+0x000) -#define TPM_RC_FAILURE (TPM_RC)(RC_VER1+0x001) -#define TPM_RC_SEQUENCE (TPM_RC)(RC_VER1+0x003) -#define TPM_RC_PRIVATE (TPM_RC)(RC_VER1+0x00B) -#define TPM_RC_HMAC (TPM_RC)(RC_VER1+0x019) -#define TPM_RC_DISABLED (TPM_RC)(RC_VER1+0x020) -#define TPM_RC_EXCLUSIVE (TPM_RC)(RC_VER1+0x021) -#define TPM_RC_AUTH_TYPE (TPM_RC)(RC_VER1+0x024) -#define TPM_RC_AUTH_MISSING (TPM_RC)(RC_VER1+0x025) -#define TPM_RC_POLICY (TPM_RC)(RC_VER1+0x026) -#define TPM_RC_PCR (TPM_RC)(RC_VER1+0x027) -#define TPM_RC_PCR_CHANGED (TPM_RC)(RC_VER1+0x028) -#define TPM_RC_UPGRADE (TPM_RC)(RC_VER1+0x02D) -#define TPM_RC_TOO_MANY_CONTEXTS (TPM_RC)(RC_VER1+0x02E) -#define TPM_RC_AUTH_UNAVAILABLE (TPM_RC)(RC_VER1+0x02F) -#define TPM_RC_REBOOT (TPM_RC)(RC_VER1+0x030) -#define TPM_RC_UNBALANCED (TPM_RC)(RC_VER1+0x031) -#define TPM_RC_COMMAND_SIZE (TPM_RC)(RC_VER1+0x042) -#define TPM_RC_COMMAND_CODE (TPM_RC)(RC_VER1+0x043) -#define TPM_RC_AUTHSIZE (TPM_RC)(RC_VER1+0x044) -#define TPM_RC_AUTH_CONTEXT (TPM_RC)(RC_VER1+0x045) -#define TPM_RC_NV_RANGE (TPM_RC)(RC_VER1+0x046) -#define TPM_RC_NV_SIZE (TPM_RC)(RC_VER1+0x047) -#define TPM_RC_NV_LOCKED (TPM_RC)(RC_VER1+0x048) -#define TPM_RC_NV_AUTHORIZATION (TPM_RC)(RC_VER1+0x049) -#define TPM_RC_NV_UNINITIALIZED (TPM_RC)(RC_VER1+0x04A) -#define TPM_RC_NV_SPACE (TPM_RC)(RC_VER1+0x04B) -#define TPM_RC_NV_DEFINED (TPM_RC)(RC_VER1+0x04C) -#define TPM_RC_BAD_CONTEXT (TPM_RC)(RC_VER1+0x050) -#define TPM_RC_CPHASH (TPM_RC)(RC_VER1+0x051) -#define TPM_RC_PARENT (TPM_RC)(RC_VER1+0x052) -#define TPM_RC_NEEDS_TEST (TPM_RC)(RC_VER1+0x053) -#define TPM_RC_NO_RESULT (TPM_RC)(RC_VER1+0x054) -#define TPM_RC_SENSITIVE (TPM_RC)(RC_VER1+0x055) -#define RC_MAX_FM0 (TPM_RC)(RC_VER1+0x07F) -#define RC_FMT1 (TPM_RC)(0x080) -#define TPM_RC_ASYMMETRIC (TPM_RC)(RC_FMT1+0x001) -#define TPM_RCS_ASYMMETRIC (TPM_RC)(RC_FMT1+0x001) -#define TPM_RC_ATTRIBUTES (TPM_RC)(RC_FMT1+0x002) -#define TPM_RCS_ATTRIBUTES (TPM_RC)(RC_FMT1+0x002) -#define TPM_RC_HASH (TPM_RC)(RC_FMT1+0x003) -#define TPM_RCS_HASH (TPM_RC)(RC_FMT1+0x003) -#define TPM_RC_VALUE (TPM_RC)(RC_FMT1+0x004) -#define TPM_RCS_VALUE (TPM_RC)(RC_FMT1+0x004) -#define TPM_RC_HIERARCHY (TPM_RC)(RC_FMT1+0x005) -#define TPM_RCS_HIERARCHY (TPM_RC)(RC_FMT1+0x005) -#define TPM_RC_KEY_SIZE (TPM_RC)(RC_FMT1+0x007) -#define TPM_RCS_KEY_SIZE (TPM_RC)(RC_FMT1+0x007) -#define TPM_RC_MGF (TPM_RC)(RC_FMT1+0x008) -#define TPM_RCS_MGF (TPM_RC)(RC_FMT1+0x008) -#define TPM_RC_MODE (TPM_RC)(RC_FMT1+0x009) -#define TPM_RCS_MODE (TPM_RC)(RC_FMT1+0x009) -#define TPM_RC_TYPE (TPM_RC)(RC_FMT1+0x00A) -#define TPM_RCS_TYPE (TPM_RC)(RC_FMT1+0x00A) -#define TPM_RC_HANDLE (TPM_RC)(RC_FMT1+0x00B) -#define TPM_RCS_HANDLE (TPM_RC)(RC_FMT1+0x00B) -#define TPM_RC_KDF (TPM_RC)(RC_FMT1+0x00C) -#define TPM_RCS_KDF (TPM_RC)(RC_FMT1+0x00C) -#define TPM_RC_RANGE (TPM_RC)(RC_FMT1+0x00D) -#define TPM_RCS_RANGE (TPM_RC)(RC_FMT1+0x00D) -#define TPM_RC_AUTH_FAIL (TPM_RC)(RC_FMT1+0x00E) -#define TPM_RCS_AUTH_FAIL (TPM_RC)(RC_FMT1+0x00E) -#define TPM_RC_NONCE (TPM_RC)(RC_FMT1+0x00F) -#define TPM_RCS_NONCE (TPM_RC)(RC_FMT1+0x00F) -#define TPM_RC_PP (TPM_RC)(RC_FMT1+0x010) -#define TPM_RCS_PP (TPM_RC)(RC_FMT1+0x010) -#define TPM_RC_SCHEME (TPM_RC)(RC_FMT1+0x012) -#define TPM_RCS_SCHEME (TPM_RC)(RC_FMT1+0x012) -#define TPM_RC_SIZE (TPM_RC)(RC_FMT1+0x015) -#define TPM_RCS_SIZE (TPM_RC)(RC_FMT1+0x015) -#define TPM_RC_SYMMETRIC (TPM_RC)(RC_FMT1+0x016) -#define TPM_RCS_SYMMETRIC (TPM_RC)(RC_FMT1+0x016) -#define TPM_RC_TAG (TPM_RC)(RC_FMT1+0x017) -#define TPM_RCS_TAG (TPM_RC)(RC_FMT1+0x017) -#define TPM_RC_SELECTOR (TPM_RC)(RC_FMT1+0x018) -#define TPM_RCS_SELECTOR (TPM_RC)(RC_FMT1+0x018) -#define TPM_RC_INSUFFICIENT (TPM_RC)(RC_FMT1+0x01A) -#define TPM_RCS_INSUFFICIENT (TPM_RC)(RC_FMT1+0x01A) -#define TPM_RC_SIGNATURE (TPM_RC)(RC_FMT1+0x01B) -#define TPM_RCS_SIGNATURE (TPM_RC)(RC_FMT1+0x01B) -#define TPM_RC_KEY (TPM_RC)(RC_FMT1+0x01C) -#define TPM_RCS_KEY (TPM_RC)(RC_FMT1+0x01C) -#define TPM_RC_POLICY_FAIL (TPM_RC)(RC_FMT1+0x01D) -#define TPM_RCS_POLICY_FAIL (TPM_RC)(RC_FMT1+0x01D) -#define TPM_RC_INTEGRITY (TPM_RC)(RC_FMT1+0x01F) -#define TPM_RCS_INTEGRITY (TPM_RC)(RC_FMT1+0x01F) -#define TPM_RC_TICKET (TPM_RC)(RC_FMT1+0x020) -#define TPM_RCS_TICKET (TPM_RC)(RC_FMT1+0x020) -#define TPM_RC_RESERVED_BITS (TPM_RC)(RC_FMT1+0x021) -#define TPM_RCS_RESERVED_BITS (TPM_RC)(RC_FMT1+0x021) -#define TPM_RC_BAD_AUTH (TPM_RC)(RC_FMT1+0x022) -#define TPM_RCS_BAD_AUTH (TPM_RC)(RC_FMT1+0x022) -#define TPM_RC_EXPIRED (TPM_RC)(RC_FMT1+0x023) -#define TPM_RCS_EXPIRED (TPM_RC)(RC_FMT1+0x023) -#define TPM_RC_POLICY_CC (TPM_RC)(RC_FMT1+0x024) -#define TPM_RCS_POLICY_CC (TPM_RC)(RC_FMT1+0x024) -#define TPM_RC_BINDING (TPM_RC)(RC_FMT1+0x025) -#define TPM_RCS_BINDING (TPM_RC)(RC_FMT1+0x025) -#define TPM_RC_CURVE (TPM_RC)(RC_FMT1+0x026) -#define TPM_RCS_CURVE (TPM_RC)(RC_FMT1+0x026) -#define TPM_RC_ECC_POINT (TPM_RC)(RC_FMT1+0x027) -#define TPM_RCS_ECC_POINT (TPM_RC)(RC_FMT1+0x027) -#define TPM_RC_FW_LIMITED (TPM_RC)(RC_FMT1 + 0x028) -#define TPM_RC_SVN_LIMITED (TPM_RC)(RC_FMT1 + 0x029) -#define RC_WARN (TPM_RC)(0x900) -#define TPM_RC_CONTEXT_GAP (TPM_RC)(RC_WARN+0x001) -#define TPM_RC_OBJECT_MEMORY (TPM_RC)(RC_WARN+0x002) -#define TPM_RC_SESSION_MEMORY (TPM_RC)(RC_WARN+0x003) -#define TPM_RC_MEMORY (TPM_RC)(RC_WARN+0x004) -#define TPM_RC_SESSION_HANDLES (TPM_RC)(RC_WARN+0x005) -#define TPM_RC_OBJECT_HANDLES (TPM_RC)(RC_WARN+0x006) -#define TPM_RC_LOCALITY (TPM_RC)(RC_WARN+0x007) -#define TPM_RC_YIELDED (TPM_RC)(RC_WARN+0x008) -#define TPM_RC_CANCELED (TPM_RC)(RC_WARN+0x009) -#define TPM_RC_TESTING (TPM_RC)(RC_WARN+0x00A) -#define TPM_RC_REFERENCE_H0 (TPM_RC)(RC_WARN+0x010) -#define TPM_RC_REFERENCE_H1 (TPM_RC)(RC_WARN+0x011) -#define TPM_RC_REFERENCE_H2 (TPM_RC)(RC_WARN+0x012) -#define TPM_RC_REFERENCE_H3 (TPM_RC)(RC_WARN+0x013) -#define TPM_RC_REFERENCE_H4 (TPM_RC)(RC_WARN+0x014) -#define TPM_RC_REFERENCE_H5 (TPM_RC)(RC_WARN+0x015) -#define TPM_RC_REFERENCE_H6 (TPM_RC)(RC_WARN+0x016) -#define TPM_RC_REFERENCE_S0 (TPM_RC)(RC_WARN+0x018) -#define TPM_RC_REFERENCE_S1 (TPM_RC)(RC_WARN+0x019) -#define TPM_RC_REFERENCE_S2 (TPM_RC)(RC_WARN+0x01A) -#define TPM_RC_REFERENCE_S3 (TPM_RC)(RC_WARN+0x01B) -#define TPM_RC_REFERENCE_S4 (TPM_RC)(RC_WARN+0x01C) -#define TPM_RC_REFERENCE_S5 (TPM_RC)(RC_WARN+0x01D) -#define TPM_RC_REFERENCE_S6 (TPM_RC)(RC_WARN+0x01E) -#define TPM_RC_NV_RATE (TPM_RC)(RC_WARN+0x020) -#define TPM_RC_LOCKOUT (TPM_RC)(RC_WARN+0x021) -#define TPM_RC_RETRY (TPM_RC)(RC_WARN+0x022) -#define TPM_RC_NV_UNAVAILABLE (TPM_RC)(RC_WARN+0x023) -#define TPM_RC_NOT_USED (TPM_RC)(RC_WARN+0x7F) -#define TPM_RC_H (TPM_RC)(0x000) -#define TPM_RC_P (TPM_RC)(0x040) -#define TPM_RC_S (TPM_RC)(0x800) -#define TPM_RC_1 (TPM_RC)(0x100) -#define TPM_RC_2 (TPM_RC)(0x200) -#define TPM_RC_3 (TPM_RC)(0x300) -#define TPM_RC_4 (TPM_RC)(0x400) -#define TPM_RC_5 (TPM_RC)(0x500) -#define TPM_RC_6 (TPM_RC)(0x600) -#define TPM_RC_7 (TPM_RC)(0x700) -#define TPM_RC_8 (TPM_RC)(0x800) -#define TPM_RC_9 (TPM_RC)(0x900) -#define TPM_RC_A (TPM_RC)(0xA00) -#define TPM_RC_B (TPM_RC)(0xB00) -#define TPM_RC_C (TPM_RC)(0xC00) -#define TPM_RC_D (TPM_RC)(0xD00) -#define TPM_RC_E (TPM_RC)(0xE00) -#define TPM_RC_F (TPM_RC)(0xF00) -#define TPM_RC_N_MASK (TPM_RC)(0xF00) +// Table "Definition of TPM_ALG_ID Constants" (Part 2: Structures) +typedef UINT16 TPM_ALG_ID; +#define TYPE_OF_TPM_ALG_ID UINT16 +#define ALG_ERROR_VALUE 0x0000 +#define TPM_ALG_ERROR (TPM_ALG_ID)(ALG_ERROR_VALUE) +#define ALG_RSA_VALUE 0x0001 +#define TPM_ALG_RSA (TPM_ALG_ID)(ALG_RSA_VALUE) +#define ALG_TDES_VALUE 0x0003 +#define TPM_ALG_TDES (TPM_ALG_ID)(ALG_TDES_VALUE) +#define ALG_SHA_VALUE 0x0004 +#define TPM_ALG_SHA (TPM_ALG_ID)(ALG_SHA_VALUE) +#define ALG_SHA1_VALUE 0x0004 +#define TPM_ALG_SHA1 (TPM_ALG_ID)(ALG_SHA1_VALUE) +#define ALG_HMAC_VALUE 0x0005 +#define TPM_ALG_HMAC (TPM_ALG_ID)(ALG_HMAC_VALUE) +#define ALG_AES_VALUE 0x0006 +#define TPM_ALG_AES (TPM_ALG_ID)(ALG_AES_VALUE) +#define ALG_MGF1_VALUE 0x0007 +#define TPM_ALG_MGF1 (TPM_ALG_ID)(ALG_MGF1_VALUE) +#define ALG_KEYEDHASH_VALUE 0x0008 +#define TPM_ALG_KEYEDHASH (TPM_ALG_ID)(ALG_KEYEDHASH_VALUE) +#define ALG_XOR_VALUE 0x000A +#define TPM_ALG_XOR (TPM_ALG_ID)(ALG_XOR_VALUE) +#define ALG_SHA256_VALUE 0x000B +#define TPM_ALG_SHA256 (TPM_ALG_ID)(ALG_SHA256_VALUE) +#define ALG_SHA384_VALUE 0x000C +#define TPM_ALG_SHA384 (TPM_ALG_ID)(ALG_SHA384_VALUE) +#define ALG_SHA512_VALUE 0x000D +#define TPM_ALG_SHA512 (TPM_ALG_ID)(ALG_SHA512_VALUE) +#define ALG_NULL_VALUE 0x0010 +#define TPM_ALG_NULL (TPM_ALG_ID)(ALG_NULL_VALUE) +#define ALG_SM3_256_VALUE 0x0012 +#define TPM_ALG_SM3_256 (TPM_ALG_ID)(ALG_SM3_256_VALUE) +#define ALG_SM4_VALUE 0x0013 +#define TPM_ALG_SM4 (TPM_ALG_ID)(ALG_SM4_VALUE) +#define ALG_RSASSA_VALUE 0x0014 +#define TPM_ALG_RSASSA (TPM_ALG_ID)(ALG_RSASSA_VALUE) +#define ALG_RSAES_VALUE 0x0015 +#define TPM_ALG_RSAES (TPM_ALG_ID)(ALG_RSAES_VALUE) +#define ALG_RSAPSS_VALUE 0x0016 +#define TPM_ALG_RSAPSS (TPM_ALG_ID)(ALG_RSAPSS_VALUE) +#define ALG_OAEP_VALUE 0x0017 +#define TPM_ALG_OAEP (TPM_ALG_ID)(ALG_OAEP_VALUE) +#define ALG_ECDSA_VALUE 0x0018 +#define TPM_ALG_ECDSA (TPM_ALG_ID)(ALG_ECDSA_VALUE) +#define ALG_ECDH_VALUE 0x0019 +#define TPM_ALG_ECDH (TPM_ALG_ID)(ALG_ECDH_VALUE) +#define ALG_ECDAA_VALUE 0x001A +#define TPM_ALG_ECDAA (TPM_ALG_ID)(ALG_ECDAA_VALUE) +#define ALG_SM2_VALUE 0x001B +#define TPM_ALG_SM2 (TPM_ALG_ID)(ALG_SM2_VALUE) +#define ALG_ECSCHNORR_VALUE 0x001C +#define TPM_ALG_ECSCHNORR (TPM_ALG_ID)(ALG_ECSCHNORR_VALUE) +#define ALG_ECMQV_VALUE 0x001D +#define TPM_ALG_ECMQV (TPM_ALG_ID)(ALG_ECMQV_VALUE) +#define ALG_KDF1_SP800_56A_VALUE 0x0020 +#define TPM_ALG_KDF1_SP800_56A (TPM_ALG_ID)(ALG_KDF1_SP800_56A_VALUE) +#define ALG_KDF2_VALUE 0x0021 +#define TPM_ALG_KDF2 (TPM_ALG_ID)(ALG_KDF2_VALUE) +#define ALG_KDF1_SP800_108_VALUE 0x0022 +#define TPM_ALG_KDF1_SP800_108 (TPM_ALG_ID)(ALG_KDF1_SP800_108_VALUE) +#define ALG_ECC_VALUE 0x0023 +#define TPM_ALG_ECC (TPM_ALG_ID)(ALG_ECC_VALUE) +#define ALG_SYMCIPHER_VALUE 0x0025 +#define TPM_ALG_SYMCIPHER (TPM_ALG_ID)(ALG_SYMCIPHER_VALUE) +#define ALG_CAMELLIA_VALUE 0x0026 +#define TPM_ALG_CAMELLIA (TPM_ALG_ID)(ALG_CAMELLIA_VALUE) +#define ALG_SHA3_256_VALUE 0x0027 +#define TPM_ALG_SHA3_256 (TPM_ALG_ID)(ALG_SHA3_256_VALUE) +#define ALG_SHA3_384_VALUE 0x0028 +#define TPM_ALG_SHA3_384 (TPM_ALG_ID)(ALG_SHA3_384_VALUE) +#define ALG_SHA3_512_VALUE 0x0029 +#define TPM_ALG_SHA3_512 (TPM_ALG_ID)(ALG_SHA3_512_VALUE) +#define ALG_CMAC_VALUE 0x003F +#define TPM_ALG_CMAC (TPM_ALG_ID)(ALG_CMAC_VALUE) +#define ALG_CTR_VALUE 0x0040 +#define TPM_ALG_CTR (TPM_ALG_ID)(ALG_CTR_VALUE) +#define ALG_OFB_VALUE 0x0041 +#define TPM_ALG_OFB (TPM_ALG_ID)(ALG_OFB_VALUE) +#define ALG_CBC_VALUE 0x0042 +#define TPM_ALG_CBC (TPM_ALG_ID)(ALG_CBC_VALUE) +#define ALG_CFB_VALUE 0x0043 +#define TPM_ALG_CFB (TPM_ALG_ID)(ALG_CFB_VALUE) +#define ALG_ECB_VALUE 0x0044 +#define TPM_ALG_ECB (TPM_ALG_ID)(ALG_ECB_VALUE) +// Values derived from Table "Definition of TPM_ALG_ID Constants" (Part 2: Structures) +#define ALG_FIRST_VALUE 0x0001 +#define TPM_ALG_FIRST (TPM_ALG_ID)(ALG_FIRST_VALUE) +#define ALG_LAST_VALUE 0x0044 +#define TPM_ALG_LAST (TPM_ALG_ID)(ALG_LAST_VALUE) -/* Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants */ -typedef INT8 TPM_CLOCK_ADJUST; -#define TYPE_OF_TPM_CLOCK_ADJUST UINT8 -#define TPM_CLOCK_COARSE_SLOWER (TPM_CLOCK_ADJUST)(-3) -#define TPM_CLOCK_MEDIUM_SLOWER (TPM_CLOCK_ADJUST)(-2) -#define TPM_CLOCK_FINE_SLOWER (TPM_CLOCK_ADJUST)(-1) -#define TPM_CLOCK_NO_CHANGE (TPM_CLOCK_ADJUST)(0) -#define TPM_CLOCK_FINE_FASTER (TPM_CLOCK_ADJUST)(1) -#define TPM_CLOCK_MEDIUM_FASTER (TPM_CLOCK_ADJUST)(2) -#define TPM_CLOCK_COARSE_FASTER (TPM_CLOCK_ADJUST)(3) +// Table "Definition of TPM_ECC_CURVE Constants" (Part 2: Structures) +typedef UINT16 TPM_ECC_CURVE; -/* Table 2:18 - Definition of TPM_EO Constants */ -typedef UINT16 TPM_EO; -#define TYPE_OF_TPM_EO UINT16 -#define TPM_EO_EQ (TPM_EO)(0x0000) -#define TPM_EO_NEQ (TPM_EO)(0x0001) -#define TPM_EO_SIGNED_GT (TPM_EO)(0x0002) -#define TPM_EO_UNSIGNED_GT (TPM_EO)(0x0003) -#define TPM_EO_SIGNED_LT (TPM_EO)(0x0004) -#define TPM_EO_UNSIGNED_LT (TPM_EO)(0x0005) -#define TPM_EO_SIGNED_GE (TPM_EO)(0x0006) -#define TPM_EO_UNSIGNED_GE (TPM_EO)(0x0007) -#define TPM_EO_SIGNED_LE (TPM_EO)(0x0008) -#define TPM_EO_UNSIGNED_LE (TPM_EO)(0x0009) -#define TPM_EO_BITSET (TPM_EO)(0x000A) -#define TPM_EO_BITCLEAR (TPM_EO)(0x000B) -/* Table 2:19 - Definition of TPM_ST Constants */ +#define TYPE_OF_TPM_ECC_CURVE UINT16 +#define TPM_ECC_NONE (TPM_ECC_CURVE)(0x0000) +#define TPM_ECC_NIST_P192 (TPM_ECC_CURVE)(0x0001) +#define TPM_ECC_NIST_P224 (TPM_ECC_CURVE)(0x0002) +#define TPM_ECC_NIST_P256 (TPM_ECC_CURVE)(0x0003) +#define TPM_ECC_NIST_P384 (TPM_ECC_CURVE)(0x0004) +#define TPM_ECC_NIST_P521 (TPM_ECC_CURVE)(0x0005) +#define TPM_ECC_BN_P256 (TPM_ECC_CURVE)(0x0010) +#define TPM_ECC_BN_P638 (TPM_ECC_CURVE)(0x0011) +#define TPM_ECC_SM2_P256 (TPM_ECC_CURVE)(0x0020) -typedef UINT16 TPM_ST; -#define TYPE_OF_TPM_ST UINT16 -#define TPM_ST_RSP_COMMAND (TPM_ST)(0x00C4) -#define TPM_ST_NULL (TPM_ST)(0x8000) -#define TPM_ST_NO_SESSIONS (TPM_ST)(0x8001) -#define TPM_ST_SESSIONS (TPM_ST)(0x8002) -#define TPM_ST_ATTEST_NV (TPM_ST)(0x8014) -#define TPM_ST_ATTEST_COMMAND_AUDIT (TPM_ST)(0x8015) -#define TPM_ST_ATTEST_SESSION_AUDIT (TPM_ST)(0x8016) -#define TPM_ST_ATTEST_CERTIFY (TPM_ST)(0x8017) -#define TPM_ST_ATTEST_QUOTE (TPM_ST)(0x8018) -#define TPM_ST_ATTEST_TIME (TPM_ST)(0x8019) -#define TPM_ST_ATTEST_CREATION (TPM_ST)(0x801A) -#define TPM_ST_ATTEST_NV_DIGEST (TPM_ST)(0x801C) -#define TPM_ST_CREATION (TPM_ST)(0x8021) -#define TPM_ST_VERIFIED (TPM_ST)(0x8022) -#define TPM_ST_AUTH_SECRET (TPM_ST)(0x8023) -#define TPM_ST_HASHCHECK (TPM_ST)(0x8024) -#define TPM_ST_AUTH_SIGNED (TPM_ST)(0x8025) -#define TPM_ST_FU_MANIFEST (TPM_ST)(0x8029) +// Table "Definition of TPM_CC Constants" (Part 2: Structures) +typedef UINT32 TPM_CC; -/* Table 2:20 - Definition of TPM_SU Constants */ -typedef UINT16 TPM_SU; -#define TYPE_OF_TPM_SU UINT16 -#define TPM_SU_CLEAR (TPM_SU)(0x0000) -#define TPM_SU_STATE (TPM_SU)(0x0001) +#define TYPE_OF_TPM_CC UINT32 +#define TPM_CC_FIRST (TPM_CC)(0x0000011F) +#define TPM_CC_NV_UndefineSpaceSpecial (TPM_CC)(0x0000011F) +#define TPM_CC_EvictControl (TPM_CC)(0x00000120) +#define TPM_CC_HierarchyControl (TPM_CC)(0x00000121) +#define TPM_CC_NV_UndefineSpace (TPM_CC)(0x00000122) +#define TPM_CC_ChangeEPS (TPM_CC)(0x00000124) +#define TPM_CC_ChangePPS (TPM_CC)(0x00000125) +#define TPM_CC_Clear (TPM_CC)(0x00000126) +#define TPM_CC_ClearControl (TPM_CC)(0x00000127) +#define TPM_CC_ClockSet (TPM_CC)(0x00000128) +#define TPM_CC_HierarchyChangeAuth (TPM_CC)(0x00000129) +#define TPM_CC_NV_DefineSpace (TPM_CC)(0x0000012A) +#define TPM_CC_PCR_Allocate (TPM_CC)(0x0000012B) +#define TPM_CC_PCR_SetAuthPolicy (TPM_CC)(0x0000012C) +#define TPM_CC_PP_Commands (TPM_CC)(0x0000012D) +#define TPM_CC_SetPrimaryPolicy (TPM_CC)(0x0000012E) +#define TPM_CC_FieldUpgradeStart (TPM_CC)(0x0000012F) +#define TPM_CC_ClockRateAdjust (TPM_CC)(0x00000130) +#define TPM_CC_CreatePrimary (TPM_CC)(0x00000131) +#define TPM_CC_NV_GlobalWriteLock (TPM_CC)(0x00000132) +#define TPM_CC_GetCommandAuditDigest (TPM_CC)(0x00000133) +#define TPM_CC_NV_Increment (TPM_CC)(0x00000134) +#define TPM_CC_NV_SetBits (TPM_CC)(0x00000135) +#define TPM_CC_NV_Extend (TPM_CC)(0x00000136) +#define TPM_CC_NV_Write (TPM_CC)(0x00000137) +#define TPM_CC_NV_WriteLock (TPM_CC)(0x00000138) +#define TPM_CC_DictionaryAttackLockReset (TPM_CC)(0x00000139) +#define TPM_CC_DictionaryAttackParameters (TPM_CC)(0x0000013A) +#define TPM_CC_NV_ChangeAuth (TPM_CC)(0x0000013B) +#define TPM_CC_PCR_Event (TPM_CC)(0x0000013C) +#define TPM_CC_PCR_Reset (TPM_CC)(0x0000013D) +#define TPM_CC_SequenceComplete (TPM_CC)(0x0000013E) +#define TPM_CC_SetAlgorithmSet (TPM_CC)(0x0000013F) +#define TPM_CC_SetCommandCodeAuditStatus (TPM_CC)(0x00000140) +#define TPM_CC_FieldUpgradeData (TPM_CC)(0x00000141) +#define TPM_CC_IncrementalSelfTest (TPM_CC)(0x00000142) +#define TPM_CC_SelfTest (TPM_CC)(0x00000143) +#define TPM_CC_Startup (TPM_CC)(0x00000144) +#define TPM_CC_Shutdown (TPM_CC)(0x00000145) +#define TPM_CC_StirRandom (TPM_CC)(0x00000146) +#define TPM_CC_ActivateCredential (TPM_CC)(0x00000147) +#define TPM_CC_Certify (TPM_CC)(0x00000148) +#define TPM_CC_PolicyNV (TPM_CC)(0x00000149) +#define TPM_CC_CertifyCreation (TPM_CC)(0x0000014A) +#define TPM_CC_Duplicate (TPM_CC)(0x0000014B) +#define TPM_CC_GetTime (TPM_CC)(0x0000014C) +#define TPM_CC_GetSessionAuditDigest (TPM_CC)(0x0000014D) +#define TPM_CC_NV_Read (TPM_CC)(0x0000014E) +#define TPM_CC_NV_ReadLock (TPM_CC)(0x0000014F) +#define TPM_CC_ObjectChangeAuth (TPM_CC)(0x00000150) +#define TPM_CC_PolicySecret (TPM_CC)(0x00000151) +#define TPM_CC_Rewrap (TPM_CC)(0x00000152) +#define TPM_CC_Create (TPM_CC)(0x00000153) +#define TPM_CC_ECDH_ZGen (TPM_CC)(0x00000154) +#define TPM_CC_HMAC (TPM_CC)(0x00000155) +#define TPM_CC_MAC (TPM_CC)(0x00000155) +#define TPM_CC_Import (TPM_CC)(0x00000156) +#define TPM_CC_Load (TPM_CC)(0x00000157) +#define TPM_CC_Quote (TPM_CC)(0x00000158) +#define TPM_CC_RSA_Decrypt (TPM_CC)(0x00000159) +#define TPM_CC_HMAC_Start (TPM_CC)(0x0000015B) +#define TPM_CC_MAC_Start (TPM_CC)(0x0000015B) +#define TPM_CC_SequenceUpdate (TPM_CC)(0x0000015C) +#define TPM_CC_Sign (TPM_CC)(0x0000015D) +#define TPM_CC_Unseal (TPM_CC)(0x0000015E) +#define TPM_CC_PolicySigned (TPM_CC)(0x00000160) +#define TPM_CC_ContextLoad (TPM_CC)(0x00000161) +#define TPM_CC_ContextSave (TPM_CC)(0x00000162) +#define TPM_CC_ECDH_KeyGen (TPM_CC)(0x00000163) +#define TPM_CC_EncryptDecrypt (TPM_CC)(0x00000164) +#define TPM_CC_FlushContext (TPM_CC)(0x00000165) +#define TPM_CC_LoadExternal (TPM_CC)(0x00000167) +#define TPM_CC_MakeCredential (TPM_CC)(0x00000168) +#define TPM_CC_NV_ReadPublic (TPM_CC)(0x00000169) +#define TPM_CC_PolicyAuthorize (TPM_CC)(0x0000016A) +#define TPM_CC_PolicyAuthValue (TPM_CC)(0x0000016B) +#define TPM_CC_PolicyCommandCode (TPM_CC)(0x0000016C) +#define TPM_CC_PolicyCounterTimer (TPM_CC)(0x0000016D) +#define TPM_CC_PolicyCpHash (TPM_CC)(0x0000016E) +#define TPM_CC_PolicyLocality (TPM_CC)(0x0000016F) +#define TPM_CC_PolicyNameHash (TPM_CC)(0x00000170) +#define TPM_CC_PolicyOR (TPM_CC)(0x00000171) +#define TPM_CC_PolicyTicket (TPM_CC)(0x00000172) +#define TPM_CC_ReadPublic (TPM_CC)(0x00000173) +#define TPM_CC_RSA_Encrypt (TPM_CC)(0x00000174) +#define TPM_CC_StartAuthSession (TPM_CC)(0x00000176) +#define TPM_CC_VerifySignature (TPM_CC)(0x00000177) +#define TPM_CC_ECC_Parameters (TPM_CC)(0x00000178) +#define TPM_CC_FirmwareRead (TPM_CC)(0x00000179) +#define TPM_CC_GetCapability (TPM_CC)(0x0000017A) +#define TPM_CC_GetRandom (TPM_CC)(0x0000017B) +#define TPM_CC_GetTestResult (TPM_CC)(0x0000017C) +#define TPM_CC_Hash (TPM_CC)(0x0000017D) +#define TPM_CC_PCR_Read (TPM_CC)(0x0000017E) +#define TPM_CC_PolicyPCR (TPM_CC)(0x0000017F) +#define TPM_CC_PolicyRestart (TPM_CC)(0x00000180) +#define TPM_CC_ReadClock (TPM_CC)(0x00000181) +#define TPM_CC_PCR_Extend (TPM_CC)(0x00000182) +#define TPM_CC_PCR_SetAuthValue (TPM_CC)(0x00000183) +#define TPM_CC_NV_Certify (TPM_CC)(0x00000184) +#define TPM_CC_EventSequenceComplete (TPM_CC)(0x00000185) +#define TPM_CC_HashSequenceStart (TPM_CC)(0x00000186) +#define TPM_CC_PolicyPhysicalPresence (TPM_CC)(0x00000187) +#define TPM_CC_PolicyDuplicationSelect (TPM_CC)(0x00000188) +#define TPM_CC_PolicyGetDigest (TPM_CC)(0x00000189) +#define TPM_CC_TestParms (TPM_CC)(0x0000018A) +#define TPM_CC_Commit (TPM_CC)(0x0000018B) +#define TPM_CC_PolicyPassword (TPM_CC)(0x0000018C) +#define TPM_CC_ZGen_2Phase (TPM_CC)(0x0000018D) +#define TPM_CC_EC_Ephemeral (TPM_CC)(0x0000018E) +#define TPM_CC_PolicyNvWritten (TPM_CC)(0x0000018F) +#define TPM_CC_PolicyTemplate (TPM_CC)(0x00000190) +#define TPM_CC_CreateLoaded (TPM_CC)(0x00000191) +#define TPM_CC_PolicyAuthorizeNV (TPM_CC)(0x00000192) +#define TPM_CC_EncryptDecrypt2 (TPM_CC)(0x00000193) +#define TPM_CC_AC_GetCapability (TPM_CC)(0x00000194) +#define TPM_CC_AC_Send (TPM_CC)(0x00000195) +#define TPM_CC_Policy_AC_SendSelect (TPM_CC)(0x00000196) +#define TPM_CC_CertifyX509 (TPM_CC)(0x00000197) +#define TPM_CC_ACT_SetTimeout (TPM_CC)(0x00000198) +#define TPM_CC_ECC_Encrypt (TPM_CC)(0x00000199) +#define TPM_CC_ECC_Decrypt (TPM_CC)(0x0000019A) +#define TPM_CC_PolicyCapability (TPM_CC)(0x0000019B) +#define TPM_CC_PolicyParameters (TPM_CC)(0x0000019C) +#define TPM_CC_NV_DefineSpace2 (TPM_CC)(0x0000019D) +#define TPM_CC_NV_ReadPublic2 (TPM_CC)(0x0000019E) +#define TPM_CC_SetCapability (TPM_CC)(0x0000019F) +#define TPM_CC_LAST (TPM_CC)(0x0000019F) +#define CC_VEND (TPM_CC)(0x20000000) +#define TPM_CC_Vendor_TCG_Test (TPM_CC)(0x20000000) -/* Table 2:21 - Definition of TPM_SE Constants */ -typedef UINT8 TPM_SE; -#define TYPE_OF_TPM_SE UINT8 -#define TPM_SE_HMAC (TPM_SE)(0x00) -#define TPM_SE_POLICY (TPM_SE)(0x01) -#define TPM_SE_TRIAL (TPM_SE)(0x03) -/* Table 2:22 - Definition of TPM_CAP Constants */ -typedef UINT32 TPM_CAP; -#define TYPE_OF_TPM_CAP UINT32 -#define TPM_CAP_FIRST (TPM_CAP)(0x00000000) -#define TPM_CAP_ALGS (TPM_CAP)(0x00000000) -#define TPM_CAP_HANDLES (TPM_CAP)(0x00000001) -#define TPM_CAP_COMMANDS (TPM_CAP)(0x00000002) -#define TPM_CAP_PP_COMMANDS (TPM_CAP)(0x00000003) -#define TPM_CAP_AUDIT_COMMANDS (TPM_CAP)(0x00000004) -#define TPM_CAP_PCRS (TPM_CAP)(0x00000005) -#define TPM_CAP_TPM_PROPERTIES (TPM_CAP)(0x00000006) -#define TPM_CAP_PCR_PROPERTIES (TPM_CAP)(0x00000007) -#define TPM_CAP_ECC_CURVES (TPM_CAP)(0x00000008) -#define TPM_CAP_AUTH_POLICIES (TPM_CAP)(0x00000009) -#define TPM_CAP_ACT (TPM_CAP)(0x0000000a) -#define TPM_CAP_LAST (TPM_CAP)(0x0000000a) -#define TPM_CAP_VENDOR_PROPERTY (TPM_CAP)(0x00000100) +// Table "Definition of TPM_RC Constants" (Part 2: Structures) +typedef UINT32 TPM_RC; +#define TYPE_OF_TPM_RC UINT32 +#define TPM_RC_SUCCESS (TPM_RC)(0x000) +#define TPM_RC_BAD_TAG (TPM_RC)(0x01E) +#define RC_VER1 (TPM_RC)(0x100) +#define TPM_RC_INITIALIZE (TPM_RC)(RC_VER1 + 0x000) +#define TPM_RC_FAILURE (TPM_RC)(RC_VER1 + 0x001) +#define TPM_RC_SEQUENCE (TPM_RC)(RC_VER1 + 0x003) +#define TPM_RC_PRIVATE (TPM_RC)(RC_VER1 + 0x00B) +#define TPM_RC_HMAC (TPM_RC)(RC_VER1 + 0x019) +#define TPM_RC_DISABLED (TPM_RC)(RC_VER1 + 0x020) +#define TPM_RC_EXCLUSIVE (TPM_RC)(RC_VER1 + 0x021) +#define TPM_RC_AUTH_TYPE (TPM_RC)(RC_VER1 + 0x024) +#define TPM_RC_AUTH_MISSING (TPM_RC)(RC_VER1 + 0x025) +#define TPM_RC_POLICY (TPM_RC)(RC_VER1 + 0x026) +#define TPM_RC_PCR (TPM_RC)(RC_VER1 + 0x027) +#define TPM_RC_PCR_CHANGED (TPM_RC)(RC_VER1 + 0x028) +#define TPM_RC_UPGRADE (TPM_RC)(RC_VER1 + 0x02D) +#define TPM_RC_TOO_MANY_CONTEXTS (TPM_RC)(RC_VER1 + 0x02E) +#define TPM_RC_AUTH_UNAVAILABLE (TPM_RC)(RC_VER1 + 0x02F) +#define TPM_RC_REBOOT (TPM_RC)(RC_VER1 + 0x030) +#define TPM_RC_UNBALANCED (TPM_RC)(RC_VER1 + 0x031) +#define TPM_RC_COMMAND_SIZE (TPM_RC)(RC_VER1 + 0x042) +#define TPM_RC_COMMAND_CODE (TPM_RC)(RC_VER1 + 0x043) +#define TPM_RC_AUTHSIZE (TPM_RC)(RC_VER1 + 0x044) +#define TPM_RC_AUTH_CONTEXT (TPM_RC)(RC_VER1 + 0x045) +#define TPM_RC_NV_RANGE (TPM_RC)(RC_VER1 + 0x046) +#define TPM_RC_NV_SIZE (TPM_RC)(RC_VER1 + 0x047) +#define TPM_RC_NV_LOCKED (TPM_RC)(RC_VER1 + 0x048) +#define TPM_RC_NV_AUTHORIZATION (TPM_RC)(RC_VER1 + 0x049) +#define TPM_RC_NV_UNINITIALIZED (TPM_RC)(RC_VER1 + 0x04A) +#define TPM_RC_NV_SPACE (TPM_RC)(RC_VER1 + 0x04B) +#define TPM_RC_NV_DEFINED (TPM_RC)(RC_VER1 + 0x04C) +#define TPM_RC_BAD_CONTEXT (TPM_RC)(RC_VER1 + 0x050) +#define TPM_RC_CPHASH (TPM_RC)(RC_VER1 + 0x051) +#define TPM_RC_PARENT (TPM_RC)(RC_VER1 + 0x052) +#define TPM_RC_NEEDS_TEST (TPM_RC)(RC_VER1 + 0x053) +#define TPM_RC_NO_RESULT (TPM_RC)(RC_VER1 + 0x054) +#define TPM_RC_SENSITIVE (TPM_RC)(RC_VER1 + 0x055) +#define RC_MAX_FM0 (TPM_RC)(RC_VER1 + 0x07F) +#define RC_FMT1 (TPM_RC)(0x080) +#define TPM_RC_ASYMMETRIC (TPM_RC)(RC_FMT1 + 0x001) +#define TPM_RCS_ASYMMETRIC (TPM_RC)(RC_FMT1 + 0x001) +#define TPM_RC_ATTRIBUTES (TPM_RC)(RC_FMT1 + 0x002) +#define TPM_RCS_ATTRIBUTES (TPM_RC)(RC_FMT1 + 0x002) +#define TPM_RC_HASH (TPM_RC)(RC_FMT1 + 0x003) +#define TPM_RCS_HASH (TPM_RC)(RC_FMT1 + 0x003) +#define TPM_RC_VALUE (TPM_RC)(RC_FMT1 + 0x004) +#define TPM_RCS_VALUE (TPM_RC)(RC_FMT1 + 0x004) +#define TPM_RC_HIERARCHY (TPM_RC)(RC_FMT1 + 0x005) +#define TPM_RCS_HIERARCHY (TPM_RC)(RC_FMT1 + 0x005) +#define TPM_RC_KEY_SIZE (TPM_RC)(RC_FMT1 + 0x007) +#define TPM_RCS_KEY_SIZE (TPM_RC)(RC_FMT1 + 0x007) +#define TPM_RC_MGF (TPM_RC)(RC_FMT1 + 0x008) +#define TPM_RCS_MGF (TPM_RC)(RC_FMT1 + 0x008) +#define TPM_RC_MODE (TPM_RC)(RC_FMT1 + 0x009) +#define TPM_RCS_MODE (TPM_RC)(RC_FMT1 + 0x009) +#define TPM_RC_TYPE (TPM_RC)(RC_FMT1 + 0x00A) +#define TPM_RCS_TYPE (TPM_RC)(RC_FMT1 + 0x00A) +#define TPM_RC_HANDLE (TPM_RC)(RC_FMT1 + 0x00B) +#define TPM_RCS_HANDLE (TPM_RC)(RC_FMT1 + 0x00B) +#define TPM_RC_KDF (TPM_RC)(RC_FMT1 + 0x00C) +#define TPM_RCS_KDF (TPM_RC)(RC_FMT1 + 0x00C) +#define TPM_RC_RANGE (TPM_RC)(RC_FMT1 + 0x00D) +#define TPM_RCS_RANGE (TPM_RC)(RC_FMT1 + 0x00D) +#define TPM_RC_AUTH_FAIL (TPM_RC)(RC_FMT1 + 0x00E) +#define TPM_RCS_AUTH_FAIL (TPM_RC)(RC_FMT1 + 0x00E) +#define TPM_RC_NONCE (TPM_RC)(RC_FMT1 + 0x00F) +#define TPM_RCS_NONCE (TPM_RC)(RC_FMT1 + 0x00F) +#define TPM_RC_PP (TPM_RC)(RC_FMT1 + 0x010) +#define TPM_RCS_PP (TPM_RC)(RC_FMT1 + 0x010) +#define TPM_RC_SCHEME (TPM_RC)(RC_FMT1 + 0x012) +#define TPM_RCS_SCHEME (TPM_RC)(RC_FMT1 + 0x012) +#define TPM_RC_SIZE (TPM_RC)(RC_FMT1 + 0x015) +#define TPM_RCS_SIZE (TPM_RC)(RC_FMT1 + 0x015) +#define TPM_RC_SYMMETRIC (TPM_RC)(RC_FMT1 + 0x016) +#define TPM_RCS_SYMMETRIC (TPM_RC)(RC_FMT1 + 0x016) +#define TPM_RC_TAG (TPM_RC)(RC_FMT1 + 0x017) +#define TPM_RCS_TAG (TPM_RC)(RC_FMT1 + 0x017) +#define TPM_RC_SELECTOR (TPM_RC)(RC_FMT1 + 0x018) +#define TPM_RCS_SELECTOR (TPM_RC)(RC_FMT1 + 0x018) +#define TPM_RC_INSUFFICIENT (TPM_RC)(RC_FMT1 + 0x01A) +#define TPM_RCS_INSUFFICIENT (TPM_RC)(RC_FMT1 + 0x01A) +#define TPM_RC_SIGNATURE (TPM_RC)(RC_FMT1 + 0x01B) +#define TPM_RCS_SIGNATURE (TPM_RC)(RC_FMT1 + 0x01B) +#define TPM_RC_KEY (TPM_RC)(RC_FMT1 + 0x01C) +#define TPM_RCS_KEY (TPM_RC)(RC_FMT1 + 0x01C) +#define TPM_RC_POLICY_FAIL (TPM_RC)(RC_FMT1 + 0x01D) +#define TPM_RCS_POLICY_FAIL (TPM_RC)(RC_FMT1 + 0x01D) +#define TPM_RC_INTEGRITY (TPM_RC)(RC_FMT1 + 0x01F) +#define TPM_RCS_INTEGRITY (TPM_RC)(RC_FMT1 + 0x01F) +#define TPM_RC_TICKET (TPM_RC)(RC_FMT1 + 0x020) +#define TPM_RCS_TICKET (TPM_RC)(RC_FMT1 + 0x020) +#define TPM_RC_RESERVED_BITS (TPM_RC)(RC_FMT1 + 0x021) +#define TPM_RCS_RESERVED_BITS (TPM_RC)(RC_FMT1 + 0x021) +#define TPM_RC_BAD_AUTH (TPM_RC)(RC_FMT1 + 0x022) +#define TPM_RCS_BAD_AUTH (TPM_RC)(RC_FMT1 + 0x022) +#define TPM_RC_EXPIRED (TPM_RC)(RC_FMT1 + 0x023) +#define TPM_RCS_EXPIRED (TPM_RC)(RC_FMT1 + 0x023) +#define TPM_RC_POLICY_CC (TPM_RC)(RC_FMT1 + 0x024) +#define TPM_RCS_POLICY_CC (TPM_RC)(RC_FMT1 + 0x024) +#define TPM_RC_BINDING (TPM_RC)(RC_FMT1 + 0x025) +#define TPM_RCS_BINDING (TPM_RC)(RC_FMT1 + 0x025) +#define TPM_RC_CURVE (TPM_RC)(RC_FMT1 + 0x026) +#define TPM_RCS_CURVE (TPM_RC)(RC_FMT1 + 0x026) +#define TPM_RC_ECC_POINT (TPM_RC)(RC_FMT1 + 0x027) +#define TPM_RCS_ECC_POINT (TPM_RC)(RC_FMT1 + 0x027) +#define TPM_RC_FW_LIMITED (TPM_RC)(RC_FMT1 + 0x028) +#define TPM_RC_SVN_LIMITED (TPM_RC)(RC_FMT1 + 0x029) +#define RC_WARN (TPM_RC)(0x900) +#define TPM_RC_CONTEXT_GAP (TPM_RC)(RC_WARN + 0x001) +#define TPM_RC_OBJECT_MEMORY (TPM_RC)(RC_WARN + 0x002) +#define TPM_RC_SESSION_MEMORY (TPM_RC)(RC_WARN + 0x003) +#define TPM_RC_MEMORY (TPM_RC)(RC_WARN + 0x004) +#define TPM_RC_SESSION_HANDLES (TPM_RC)(RC_WARN + 0x005) +#define TPM_RC_OBJECT_HANDLES (TPM_RC)(RC_WARN + 0x006) +#define TPM_RC_LOCALITY (TPM_RC)(RC_WARN + 0x007) +#define TPM_RC_YIELDED (TPM_RC)(RC_WARN + 0x008) +#define TPM_RC_CANCELED (TPM_RC)(RC_WARN + 0x009) +#define TPM_RC_TESTING (TPM_RC)(RC_WARN + 0x00A) +#define TPM_RC_REFERENCE_H0 (TPM_RC)(RC_WARN + 0x010) +#define TPM_RC_REFERENCE_H1 (TPM_RC)(RC_WARN + 0x011) +#define TPM_RC_REFERENCE_H2 (TPM_RC)(RC_WARN + 0x012) +#define TPM_RC_REFERENCE_H3 (TPM_RC)(RC_WARN + 0x013) +#define TPM_RC_REFERENCE_H4 (TPM_RC)(RC_WARN + 0x014) +#define TPM_RC_REFERENCE_H5 (TPM_RC)(RC_WARN + 0x015) +#define TPM_RC_REFERENCE_H6 (TPM_RC)(RC_WARN + 0x016) +#define TPM_RC_REFERENCE_S0 (TPM_RC)(RC_WARN + 0x018) +#define TPM_RC_REFERENCE_S1 (TPM_RC)(RC_WARN + 0x019) +#define TPM_RC_REFERENCE_S2 (TPM_RC)(RC_WARN + 0x01A) +#define TPM_RC_REFERENCE_S3 (TPM_RC)(RC_WARN + 0x01B) +#define TPM_RC_REFERENCE_S4 (TPM_RC)(RC_WARN + 0x01C) +#define TPM_RC_REFERENCE_S5 (TPM_RC)(RC_WARN + 0x01D) +#define TPM_RC_REFERENCE_S6 (TPM_RC)(RC_WARN + 0x01E) +#define TPM_RC_NV_RATE (TPM_RC)(RC_WARN + 0x020) +#define TPM_RC_LOCKOUT (TPM_RC)(RC_WARN + 0x021) +#define TPM_RC_RETRY (TPM_RC)(RC_WARN + 0x022) +#define TPM_RC_NV_UNAVAILABLE (TPM_RC)(RC_WARN + 0x023) +#define TPM_RC_NOT_USED (TPM_RC)(RC_WARN + 0x7F) +#define TPM_RC_H (TPM_RC)(0x000) +#define TPM_RC_P (TPM_RC)(0x040) +#define TPM_RC_S (TPM_RC)(0x800) +#define TPM_RC_1 (TPM_RC)(0x100) +#define TPM_RC_2 (TPM_RC)(0x200) +#define TPM_RC_3 (TPM_RC)(0x300) +#define TPM_RC_4 (TPM_RC)(0x400) +#define TPM_RC_5 (TPM_RC)(0x500) +#define TPM_RC_6 (TPM_RC)(0x600) +#define TPM_RC_7 (TPM_RC)(0x700) +#define TPM_RC_8 (TPM_RC)(0x800) +#define TPM_RC_9 (TPM_RC)(0x900) +#define TPM_RC_A (TPM_RC)(0xA00) +#define TPM_RC_B (TPM_RC)(0xB00) +#define TPM_RC_C (TPM_RC)(0xC00) +#define TPM_RC_D (TPM_RC)(0xD00) +#define TPM_RC_E (TPM_RC)(0xE00) +#define TPM_RC_F (TPM_RC)(0xF00) +#define TPM_RC_N_MASK (TPM_RC)(0xF00) -/* Table 2:23 - Definition of TPM_PT Constants */ -typedef UINT32 TPM_PT; -#define TYPE_OF_TPM_PT UINT32 -#define TPM_PT_NONE (TPM_PT)(0x00000000) -#define PT_GROUP (TPM_PT)(0x00000100) -#define PT_FIXED (TPM_PT)(PT_GROUP*1) -#define TPM_PT_FAMILY_INDICATOR (TPM_PT)(PT_FIXED+0) -#define TPM_PT_LEVEL (TPM_PT)(PT_FIXED+1) -#define TPM_PT_REVISION (TPM_PT)(PT_FIXED+2) -#define TPM_PT_DAY_OF_YEAR (TPM_PT)(PT_FIXED+3) -#define TPM_PT_YEAR (TPM_PT)(PT_FIXED+4) -#define TPM_PT_MANUFACTURER (TPM_PT)(PT_FIXED+5) -#define TPM_PT_VENDOR_STRING_1 (TPM_PT)(PT_FIXED+6) -#define TPM_PT_VENDOR_STRING_2 (TPM_PT)(PT_FIXED+7) -#define TPM_PT_VENDOR_STRING_3 (TPM_PT)(PT_FIXED+8) -#define TPM_PT_VENDOR_STRING_4 (TPM_PT)(PT_FIXED+9) -#define TPM_PT_VENDOR_TPM_TYPE (TPM_PT)(PT_FIXED+10) -#define TPM_PT_FIRMWARE_VERSION_1 (TPM_PT)(PT_FIXED+11) -#define TPM_PT_FIRMWARE_VERSION_2 (TPM_PT)(PT_FIXED+12) -#define TPM_PT_INPUT_BUFFER (TPM_PT)(PT_FIXED+13) -#define TPM_PT_HR_TRANSIENT_MIN (TPM_PT)(PT_FIXED+14) -#define TPM_PT_HR_PERSISTENT_MIN (TPM_PT)(PT_FIXED+15) -#define TPM_PT_HR_LOADED_MIN (TPM_PT)(PT_FIXED+16) -#define TPM_PT_ACTIVE_SESSIONS_MAX (TPM_PT)(PT_FIXED+17) -#define TPM_PT_PCR_COUNT (TPM_PT)(PT_FIXED+18) -#define TPM_PT_PCR_SELECT_MIN (TPM_PT)(PT_FIXED+19) -#define TPM_PT_CONTEXT_GAP_MAX (TPM_PT)(PT_FIXED+20) -#define TPM_PT_NV_COUNTERS_MAX (TPM_PT)(PT_FIXED+22) -#define TPM_PT_NV_INDEX_MAX (TPM_PT)(PT_FIXED+23) -#define TPM_PT_MEMORY (TPM_PT)(PT_FIXED+24) -#define TPM_PT_CLOCK_UPDATE (TPM_PT)(PT_FIXED+25) -#define TPM_PT_CONTEXT_HASH (TPM_PT)(PT_FIXED+26) -#define TPM_PT_CONTEXT_SYM (TPM_PT)(PT_FIXED+27) -#define TPM_PT_CONTEXT_SYM_SIZE (TPM_PT)(PT_FIXED+28) -#define TPM_PT_ORDERLY_COUNT (TPM_PT)(PT_FIXED+29) -#define TPM_PT_MAX_COMMAND_SIZE (TPM_PT)(PT_FIXED+30) -#define TPM_PT_MAX_RESPONSE_SIZE (TPM_PT)(PT_FIXED+31) -#define TPM_PT_MAX_DIGEST (TPM_PT)(PT_FIXED+32) -#define TPM_PT_MAX_OBJECT_CONTEXT (TPM_PT)(PT_FIXED+33) -#define TPM_PT_MAX_SESSION_CONTEXT (TPM_PT)(PT_FIXED+34) -#define TPM_PT_PS_FAMILY_INDICATOR (TPM_PT)(PT_FIXED+35) -#define TPM_PT_PS_LEVEL (TPM_PT)(PT_FIXED+36) -#define TPM_PT_PS_REVISION (TPM_PT)(PT_FIXED+37) -#define TPM_PT_PS_DAY_OF_YEAR (TPM_PT)(PT_FIXED+38) -#define TPM_PT_PS_YEAR (TPM_PT)(PT_FIXED+39) -#define TPM_PT_SPLIT_MAX (TPM_PT)(PT_FIXED+40) -#define TPM_PT_TOTAL_COMMANDS (TPM_PT)(PT_FIXED+41) -#define TPM_PT_LIBRARY_COMMANDS (TPM_PT)(PT_FIXED+42) -#define TPM_PT_VENDOR_COMMANDS (TPM_PT)(PT_FIXED+43) -#define TPM_PT_NV_BUFFER_MAX (TPM_PT)(PT_FIXED+44) -#define TPM_PT_MODES (TPM_PT)(PT_FIXED+45) -#define TPM_PT_MAX_CAP_BUFFER (TPM_PT)(PT_FIXED+46) -#define PT_VAR (TPM_PT)(PT_GROUP*2) -#define TPM_PT_PERMANENT (TPM_PT)(PT_VAR+0) -#define TPM_PT_STARTUP_CLEAR (TPM_PT)(PT_VAR+1) -#define TPM_PT_HR_NV_INDEX (TPM_PT)(PT_VAR+2) -#define TPM_PT_HR_LOADED (TPM_PT)(PT_VAR+3) -#define TPM_PT_HR_LOADED_AVAIL (TPM_PT)(PT_VAR+4) -#define TPM_PT_HR_ACTIVE (TPM_PT)(PT_VAR+5) -#define TPM_PT_HR_ACTIVE_AVAIL (TPM_PT)(PT_VAR+6) -#define TPM_PT_HR_TRANSIENT_AVAIL (TPM_PT)(PT_VAR+7) -#define TPM_PT_HR_PERSISTENT (TPM_PT)(PT_VAR+8) -#define TPM_PT_HR_PERSISTENT_AVAIL (TPM_PT)(PT_VAR+9) -#define TPM_PT_NV_COUNTERS (TPM_PT)(PT_VAR+10) -#define TPM_PT_NV_COUNTERS_AVAIL (TPM_PT)(PT_VAR+11) -#define TPM_PT_ALGORITHM_SET (TPM_PT)(PT_VAR+12) -#define TPM_PT_LOADED_CURVES (TPM_PT)(PT_VAR+13) -#define TPM_PT_LOCKOUT_COUNTER (TPM_PT)(PT_VAR+14) -#define TPM_PT_MAX_AUTH_FAIL (TPM_PT)(PT_VAR+15) -#define TPM_PT_LOCKOUT_INTERVAL (TPM_PT)(PT_VAR+16) -#define TPM_PT_LOCKOUT_RECOVERY (TPM_PT)(PT_VAR+17) -#define TPM_PT_NV_WRITE_RECOVERY (TPM_PT)(PT_VAR+18) -#define TPM_PT_AUDIT_COUNTER_0 (TPM_PT)(PT_VAR+19) -#define TPM_PT_AUDIT_COUNTER_1 (TPM_PT)(PT_VAR+20) +// Table "Definition of TPM_CLOCK_ADJUST Constants" (Part 2: Structures) +typedef INT8 TPM_CLOCK_ADJUST; +#define TYPE_OF_TPM_CLOCK_ADJUST INT8 +#define TPM_CLOCK_COARSE_SLOWER (TPM_CLOCK_ADJUST)(-3) +#define TPM_CLOCK_MEDIUM_SLOWER (TPM_CLOCK_ADJUST)(-2) +#define TPM_CLOCK_FINE_SLOWER (TPM_CLOCK_ADJUST)(-1) +#define TPM_CLOCK_NO_CHANGE (TPM_CLOCK_ADJUST)(0) +#define TPM_CLOCK_FINE_FASTER (TPM_CLOCK_ADJUST)(1) +#define TPM_CLOCK_MEDIUM_FASTER (TPM_CLOCK_ADJUST)(2) +#define TPM_CLOCK_COARSE_FASTER (TPM_CLOCK_ADJUST)(3) -/* Table 2:24 - Definition of TPM_PT_PCR Constants */ -typedef UINT32 TPM_PT_PCR; -#define TYPE_OF_TPM_PT_PCR UINT32 -#define TPM_PT_PCR_FIRST (TPM_PT_PCR)(0x00000000) -#define TPM_PT_PCR_SAVE (TPM_PT_PCR)(0x00000000) -#define TPM_PT_PCR_EXTEND_L0 (TPM_PT_PCR)(0x00000001) -#define TPM_PT_PCR_RESET_L0 (TPM_PT_PCR)(0x00000002) -#define TPM_PT_PCR_EXTEND_L1 (TPM_PT_PCR)(0x00000003) -#define TPM_PT_PCR_RESET_L1 (TPM_PT_PCR)(0x00000004) -#define TPM_PT_PCR_EXTEND_L2 (TPM_PT_PCR)(0x00000005) -#define TPM_PT_PCR_RESET_L2 (TPM_PT_PCR)(0x00000006) -#define TPM_PT_PCR_EXTEND_L3 (TPM_PT_PCR)(0x00000007) -#define TPM_PT_PCR_RESET_L3 (TPM_PT_PCR)(0x00000008) -#define TPM_PT_PCR_EXTEND_L4 (TPM_PT_PCR)(0x00000009) -#define TPM_PT_PCR_RESET_L4 (TPM_PT_PCR)(0x0000000A) -#define TPM_PT_PCR_NO_INCREMENT (TPM_PT_PCR)(0x00000011) -#define TPM_PT_PCR_DRTM_RESET (TPM_PT_PCR)(0x00000012) -#define TPM_PT_PCR_POLICY (TPM_PT_PCR)(0x00000013) -#define TPM_PT_PCR_AUTH (TPM_PT_PCR)(0x00000014) -#define TPM_PT_PCR_LAST (TPM_PT_PCR)(0x00000014) +// Table "Definition of TPM_EO Constants" (Part 2: Structures) +typedef UINT16 TPM_EO; +#define TYPE_OF_TPM_EO UINT16 +#define TPM_EO_EQ (TPM_EO)(0x0000) +#define TPM_EO_NEQ (TPM_EO)(0x0001) +#define TPM_EO_SIGNED_GT (TPM_EO)(0x0002) +#define TPM_EO_UNSIGNED_GT (TPM_EO)(0x0003) +#define TPM_EO_SIGNED_LT (TPM_EO)(0x0004) +#define TPM_EO_UNSIGNED_LT (TPM_EO)(0x0005) +#define TPM_EO_SIGNED_GE (TPM_EO)(0x0006) +#define TPM_EO_UNSIGNED_GE (TPM_EO)(0x0007) +#define TPM_EO_SIGNED_LE (TPM_EO)(0x0008) +#define TPM_EO_UNSIGNED_LE (TPM_EO)(0x0009) +#define TPM_EO_BITSET (TPM_EO)(0x000A) +#define TPM_EO_BITCLEAR (TPM_EO)(0x000B) -/* Table 2:25 - Definition of TPM_PS Constants */ -typedef UINT32 TPM_PS; -#define TYPE_OF_TPM_PS UINT32 -#define TPM_PS_MAIN (TPM_PS)(0x00000000) -#define TPM_PS_PC (TPM_PS)(0x00000001) -#define TPM_PS_PDA (TPM_PS)(0x00000002) -#define TPM_PS_CELL_PHONE (TPM_PS)(0x00000003) -#define TPM_PS_SERVER (TPM_PS)(0x00000004) -#define TPM_PS_PERIPHERAL (TPM_PS)(0x00000005) -#define TPM_PS_TSS (TPM_PS)(0x00000006) -#define TPM_PS_STORAGE (TPM_PS)(0x00000007) -#define TPM_PS_AUTHENTICATION (TPM_PS)(0x00000008) -#define TPM_PS_EMBEDDED (TPM_PS)(0x00000009) -#define TPM_PS_HARDCOPY (TPM_PS)(0x0000000A) -#define TPM_PS_INFRASTRUCTURE (TPM_PS)(0x0000000B) -#define TPM_PS_VIRTUALIZATION (TPM_PS)(0x0000000C) -#define TPM_PS_TNC (TPM_PS)(0x0000000D) -#define TPM_PS_MULTI_TENANT (TPM_PS)(0x0000000E) -#define TPM_PS_TC (TPM_PS)(0x0000000F) +// Table "Definition of TPM_ST Constants" (Part 2: Structures) +typedef UINT16 TPM_ST; +#define TYPE_OF_TPM_ST UINT16 +#define TPM_ST_RSP_COMMAND (TPM_ST)(0x00C4) +#define TPM_ST_NULL (TPM_ST)(0x8000) +#define TPM_ST_NO_SESSIONS (TPM_ST)(0x8001) +#define TPM_ST_SESSIONS (TPM_ST)(0x8002) +#define TPM_ST_ATTEST_NV (TPM_ST)(0x8014) +#define TPM_ST_ATTEST_COMMAND_AUDIT (TPM_ST)(0x8015) +#define TPM_ST_ATTEST_SESSION_AUDIT (TPM_ST)(0x8016) +#define TPM_ST_ATTEST_CERTIFY (TPM_ST)(0x8017) +#define TPM_ST_ATTEST_QUOTE (TPM_ST)(0x8018) +#define TPM_ST_ATTEST_TIME (TPM_ST)(0x8019) +#define TPM_ST_ATTEST_CREATION (TPM_ST)(0x801A) +#define TPM_ST_ATTEST_NV_DIGEST (TPM_ST)(0x801C) +#define TPM_ST_CREATION (TPM_ST)(0x8021) +#define TPM_ST_VERIFIED (TPM_ST)(0x8022) +#define TPM_ST_AUTH_SECRET (TPM_ST)(0x8023) +#define TPM_ST_HASHCHECK (TPM_ST)(0x8024) +#define TPM_ST_AUTH_SIGNED (TPM_ST)(0x8025) +#define TPM_ST_FU_MANIFEST (TPM_ST)(0x8029) -/* Table 2:26 - Definition of Types for Handles */ -typedef UINT32 TPM_HANDLE; -#define TYPE_OF_TPM_HANDLE UINT32 +// Table "Definition of TPM_SU Constants" (Part 2: Structures) +typedef UINT16 TPM_SU; +#define TYPE_OF_TPM_SU UINT16 +#define TPM_SU_CLEAR (TPM_SU)(0x0000) +#define TPM_SU_STATE (TPM_SU)(0x0001) -/* Table 2:27 - Definition of TPM_HT Constants */ -typedef UINT8 TPM_HT; -#define TYPE_OF_TPM_HT UINT8 -#define TPM_HT_PCR (TPM_HT)(0x00) -#define TPM_HT_NV_INDEX (TPM_HT)(0x01) -#define TPM_HT_HMAC_SESSION (TPM_HT)(0x02) -#define TPM_HT_LOADED_SESSION (TPM_HT)(0x02) -#define TPM_HT_POLICY_SESSION (TPM_HT)(0x03) -#define TPM_HT_SAVED_SESSION (TPM_HT)(0x03) -#define TPM_HT_EXTERNAL_NV (TPM_HT)(0x11) -#define TPM_HT_PERMANENT_NV (TPM_HT)(0x12) -#define TPM_HT_PERMANENT (TPM_HT)(0x40) -#define TPM_HT_TRANSIENT (TPM_HT)(0x80) -#define TPM_HT_PERSISTENT (TPM_HT)(0x81) -#define TPM_HT_AC (TPM_HT)(0x90) +// Table "Definition of TPM_SE Constants" (Part 2: Structures) +typedef UINT8 TPM_SE; +#define TYPE_OF_TPM_SE UINT8 +#define TPM_SE_HMAC (TPM_SE)(0x00) +#define TPM_SE_POLICY (TPM_SE)(0x01) +#define TPM_SE_TRIAL (TPM_SE)(0x03) -/* Table 2:28 - Definition of TPM_RH Constants */ -typedef TPM_HANDLE TPM_RH; -#define TYPE_OF_TPM_RH TPM_HANDLE -#define TPM_RH_FIRST (TPM_RH)(0x40000000) -#define TPM_RH_SRK (TPM_RH)(0x40000000) -#define TPM_RH_OWNER (TPM_RH)(0x40000001) -#define TPM_RH_REVOKE (TPM_RH)(0x40000002) -#define TPM_RH_TRANSPORT (TPM_RH)(0x40000003) -#define TPM_RH_OPERATOR (TPM_RH)(0x40000004) -#define TPM_RH_ADMIN (TPM_RH)(0x40000005) -#define TPM_RH_EK (TPM_RH)(0x40000006) -#define TPM_RH_NULL (TPM_RH)(0x40000007) -#define TPM_RH_UNASSIGNED (TPM_RH)(0x40000008) -#define TPM_RS_PW (TPM_RH)(0x40000009) -#define TPM_RH_LOCKOUT (TPM_RH)(0x4000000A) -#define TPM_RH_ENDORSEMENT (TPM_RH)(0x4000000B) -#define TPM_RH_PLATFORM (TPM_RH)(0x4000000C) -#define TPM_RH_PLATFORM_NV (TPM_RH)(0x4000000D) -#define TPM_RH_AUTH_00 (TPM_RH)(0x40000010) -#define TPM_RH_AUTH_FF (TPM_RH)(0x4000010F) -#define TPM_RH_ACT_0 (TPM_RH)(0x40000110) -#define TPM_RH_ACT_F (TPM_RH)(0x4000011F) +// Table "Definition of TPM_CAP Constants" (Part 2: Structures) +typedef UINT32 TPM_CAP; +#define TYPE_OF_TPM_CAP UINT32 +#define TPM_CAP_FIRST (TPM_CAP)(0x00000000) +#define TPM_CAP_ALGS (TPM_CAP)(0x00000000) +#define TPM_CAP_HANDLES (TPM_CAP)(0x00000001) +#define TPM_CAP_COMMANDS (TPM_CAP)(0x00000002) +#define TPM_CAP_PP_COMMANDS (TPM_CAP)(0x00000003) +#define TPM_CAP_AUDIT_COMMANDS (TPM_CAP)(0x00000004) +#define TPM_CAP_PCRS (TPM_CAP)(0x00000005) +#define TPM_CAP_TPM_PROPERTIES (TPM_CAP)(0x00000006) +#define TPM_CAP_PCR_PROPERTIES (TPM_CAP)(0x00000007) +#define TPM_CAP_ECC_CURVES (TPM_CAP)(0x00000008) +#define TPM_CAP_AUTH_POLICIES (TPM_CAP)(0x00000009) +#define TPM_CAP_ACT (TPM_CAP)(0x0000000A) +#define TPM_CAP_LAST (TPM_CAP)(0x0000000A) +#define TPM_CAP_VENDOR_PROPERTY (TPM_CAP)(0x00000100) + +// Table "Definition of TPM_PT Constants" (Part 2: Structures) +typedef UINT32 TPM_PT; +#define TYPE_OF_TPM_PT UINT32 +#define TPM_PT_NONE (TPM_PT)(0x00000000) +#define PT_GROUP (TPM_PT)(0x00000100) +#define PT_FIXED (TPM_PT)(PT_GROUP * 1) +#define TPM_PT_FAMILY_INDICATOR (TPM_PT)(PT_FIXED + 0) +#define TPM_PT_LEVEL (TPM_PT)(PT_FIXED + 1) +#define TPM_PT_REVISION (TPM_PT)(PT_FIXED + 2) +#define TPM_PT_DAY_OF_YEAR (TPM_PT)(PT_FIXED + 3) +#define TPM_PT_YEAR (TPM_PT)(PT_FIXED + 4) +#define TPM_PT_MANUFACTURER (TPM_PT)(PT_FIXED + 5) +#define TPM_PT_VENDOR_STRING_1 (TPM_PT)(PT_FIXED + 6) +#define TPM_PT_VENDOR_STRING_2 (TPM_PT)(PT_FIXED + 7) +#define TPM_PT_VENDOR_STRING_3 (TPM_PT)(PT_FIXED + 8) +#define TPM_PT_VENDOR_STRING_4 (TPM_PT)(PT_FIXED + 9) +#define TPM_PT_VENDOR_TPM_TYPE (TPM_PT)(PT_FIXED + 10) +#define TPM_PT_FIRMWARE_VERSION_1 (TPM_PT)(PT_FIXED + 11) +#define TPM_PT_FIRMWARE_VERSION_2 (TPM_PT)(PT_FIXED + 12) +#define TPM_PT_INPUT_BUFFER (TPM_PT)(PT_FIXED + 13) +#define TPM_PT_HR_TRANSIENT_MIN (TPM_PT)(PT_FIXED + 14) +#define TPM_PT_HR_PERSISTENT_MIN (TPM_PT)(PT_FIXED + 15) +#define TPM_PT_HR_LOADED_MIN (TPM_PT)(PT_FIXED + 16) +#define TPM_PT_ACTIVE_SESSIONS_MAX (TPM_PT)(PT_FIXED + 17) +#define TPM_PT_PCR_COUNT (TPM_PT)(PT_FIXED + 18) +#define TPM_PT_PCR_SELECT_MIN (TPM_PT)(PT_FIXED + 19) +#define TPM_PT_CONTEXT_GAP_MAX (TPM_PT)(PT_FIXED + 20) +#define TPM_PT_NV_COUNTERS_MAX (TPM_PT)(PT_FIXED + 22) +#define TPM_PT_NV_INDEX_MAX (TPM_PT)(PT_FIXED + 23) +#define TPM_PT_MEMORY (TPM_PT)(PT_FIXED + 24) +#define TPM_PT_CLOCK_UPDATE (TPM_PT)(PT_FIXED + 25) +#define TPM_PT_CONTEXT_HASH (TPM_PT)(PT_FIXED + 26) +#define TPM_PT_CONTEXT_SYM (TPM_PT)(PT_FIXED + 27) +#define TPM_PT_CONTEXT_SYM_SIZE (TPM_PT)(PT_FIXED + 28) +#define TPM_PT_ORDERLY_COUNT (TPM_PT)(PT_FIXED + 29) +#define TPM_PT_MAX_COMMAND_SIZE (TPM_PT)(PT_FIXED + 30) +#define TPM_PT_MAX_RESPONSE_SIZE (TPM_PT)(PT_FIXED + 31) +#define TPM_PT_MAX_DIGEST (TPM_PT)(PT_FIXED + 32) +#define TPM_PT_MAX_OBJECT_CONTEXT (TPM_PT)(PT_FIXED + 33) +#define TPM_PT_MAX_SESSION_CONTEXT (TPM_PT)(PT_FIXED + 34) +#define TPM_PT_PS_FAMILY_INDICATOR (TPM_PT)(PT_FIXED + 35) +#define TPM_PT_PS_LEVEL (TPM_PT)(PT_FIXED + 36) +#define TPM_PT_PS_REVISION (TPM_PT)(PT_FIXED + 37) +#define TPM_PT_PS_DAY_OF_YEAR (TPM_PT)(PT_FIXED + 38) +#define TPM_PT_PS_YEAR (TPM_PT)(PT_FIXED + 39) +#define TPM_PT_SPLIT_MAX (TPM_PT)(PT_FIXED + 40) +#define TPM_PT_TOTAL_COMMANDS (TPM_PT)(PT_FIXED + 41) +#define TPM_PT_LIBRARY_COMMANDS (TPM_PT)(PT_FIXED + 42) +#define TPM_PT_VENDOR_COMMANDS (TPM_PT)(PT_FIXED + 43) +#define TPM_PT_NV_BUFFER_MAX (TPM_PT)(PT_FIXED + 44) +#define TPM_PT_MODES (TPM_PT)(PT_FIXED + 45) +#define TPM_PT_MAX_CAP_BUFFER (TPM_PT)(PT_FIXED + 46) +#define PT_VAR (TPM_PT)(PT_GROUP * 2) +#define TPM_PT_PERMANENT (TPM_PT)(PT_VAR + 0) +#define TPM_PT_STARTUP_CLEAR (TPM_PT)(PT_VAR + 1) +#define TPM_PT_HR_NV_INDEX (TPM_PT)(PT_VAR + 2) +#define TPM_PT_HR_LOADED (TPM_PT)(PT_VAR + 3) +#define TPM_PT_HR_LOADED_AVAIL (TPM_PT)(PT_VAR + 4) +#define TPM_PT_HR_ACTIVE (TPM_PT)(PT_VAR + 5) +#define TPM_PT_HR_ACTIVE_AVAIL (TPM_PT)(PT_VAR + 6) +#define TPM_PT_HR_TRANSIENT_AVAIL (TPM_PT)(PT_VAR + 7) +#define TPM_PT_HR_PERSISTENT (TPM_PT)(PT_VAR + 8) +#define TPM_PT_HR_PERSISTENT_AVAIL (TPM_PT)(PT_VAR + 9) +#define TPM_PT_NV_COUNTERS (TPM_PT)(PT_VAR + 10) +#define TPM_PT_NV_COUNTERS_AVAIL (TPM_PT)(PT_VAR + 11) +#define TPM_PT_ALGORITHM_SET (TPM_PT)(PT_VAR + 12) +#define TPM_PT_LOADED_CURVES (TPM_PT)(PT_VAR + 13) +#define TPM_PT_LOCKOUT_COUNTER (TPM_PT)(PT_VAR + 14) +#define TPM_PT_MAX_AUTH_FAIL (TPM_PT)(PT_VAR + 15) +#define TPM_PT_LOCKOUT_INTERVAL (TPM_PT)(PT_VAR + 16) +#define TPM_PT_LOCKOUT_RECOVERY (TPM_PT)(PT_VAR + 17) +#define TPM_PT_NV_WRITE_RECOVERY (TPM_PT)(PT_VAR + 18) +#define TPM_PT_AUDIT_COUNTER_0 (TPM_PT)(PT_VAR + 19) +#define TPM_PT_AUDIT_COUNTER_1 (TPM_PT)(PT_VAR + 20) + +// Table "Definition of TPM_PT_PCR Constants" (Part 2: Structures) +typedef UINT32 TPM_PT_PCR; +#define TYPE_OF_TPM_PT_PCR UINT32 +#define TPM_PT_PCR_FIRST (TPM_PT_PCR)(0x00000000) +#define TPM_PT_PCR_SAVE (TPM_PT_PCR)(0x00000000) +#define TPM_PT_PCR_EXTEND_L0 (TPM_PT_PCR)(0x00000001) +#define TPM_PT_PCR_RESET_L0 (TPM_PT_PCR)(0x00000002) +#define TPM_PT_PCR_EXTEND_L1 (TPM_PT_PCR)(0x00000003) +#define TPM_PT_PCR_RESET_L1 (TPM_PT_PCR)(0x00000004) +#define TPM_PT_PCR_EXTEND_L2 (TPM_PT_PCR)(0x00000005) +#define TPM_PT_PCR_RESET_L2 (TPM_PT_PCR)(0x00000006) +#define TPM_PT_PCR_EXTEND_L3 (TPM_PT_PCR)(0x00000007) +#define TPM_PT_PCR_RESET_L3 (TPM_PT_PCR)(0x00000008) +#define TPM_PT_PCR_EXTEND_L4 (TPM_PT_PCR)(0x00000009) +#define TPM_PT_PCR_RESET_L4 (TPM_PT_PCR)(0x0000000A) +#define TPM_PT_PCR_NO_INCREMENT (TPM_PT_PCR)(0x00000011) +#define TPM_PT_PCR_DRTM_RESET (TPM_PT_PCR)(0x00000012) +#define TPM_PT_PCR_POLICY (TPM_PT_PCR)(0x00000013) +#define TPM_PT_PCR_AUTH (TPM_PT_PCR)(0x00000014) +#define TPM_PT_PCR_LAST (TPM_PT_PCR)(0x00000014) + +// Table "Definition of TPM_PS Constants" (Part 2: Structures) +typedef UINT32 TPM_PS; +#define TYPE_OF_TPM_PS UINT32 +#define TPM_PS_MAIN (TPM_PS)(0x00000000) +#define TPM_PS_PC (TPM_PS)(0x00000001) +#define TPM_PS_PDA (TPM_PS)(0x00000002) +#define TPM_PS_CELL_PHONE (TPM_PS)(0x00000003) +#define TPM_PS_SERVER (TPM_PS)(0x00000004) +#define TPM_PS_PERIPHERAL (TPM_PS)(0x00000005) +#define TPM_PS_TSS (TPM_PS)(0x00000006) +#define TPM_PS_STORAGE (TPM_PS)(0x00000007) +#define TPM_PS_AUTHENTICATION (TPM_PS)(0x00000008) +#define TPM_PS_EMBEDDED (TPM_PS)(0x00000009) +#define TPM_PS_HARDCOPY (TPM_PS)(0x0000000A) +#define TPM_PS_INFRASTRUCTURE (TPM_PS)(0x0000000B) +#define TPM_PS_VIRTUALIZATION (TPM_PS)(0x0000000C) +#define TPM_PS_TNC (TPM_PS)(0x0000000D) +#define TPM_PS_MULTI_TENANT (TPM_PS)(0x0000000E) +#define TPM_PS_TC (TPM_PS)(0x0000000F) + +// Table "Definition of Types for Handles" (Part 2: Structures) +typedef UINT32 TPM_HANDLE; +#define TYPE_OF_TPM_HANDLE UINT32 + +// Table "Definition of TPM_HT Constants" (Part 2: Structures) +typedef UINT8 TPM_HT; +#define TYPE_OF_TPM_HT UINT8 +#define TPM_HT_PCR (TPM_HT)(0x00) +#define TPM_HT_NV_INDEX (TPM_HT)(0x01) +#define TPM_HT_HMAC_SESSION (TPM_HT)(0x02) +#define TPM_HT_LOADED_SESSION (TPM_HT)(0x02) +#define TPM_HT_POLICY_SESSION (TPM_HT)(0x03) +#define TPM_HT_SAVED_SESSION (TPM_HT)(0x03) +#define TPM_HT_EXTERNAL_NV (TPM_HT)(0x11) +#define TPM_HT_PERMANENT_NV (TPM_HT)(0x12) +#define TPM_HT_PERMANENT (TPM_HT)(0x40) +#define TPM_HT_TRANSIENT (TPM_HT)(0x80) +#define TPM_HT_PERSISTENT (TPM_HT)(0x81) +#define TPM_HT_AC (TPM_HT)(0x90) + +// Table "Definition of TPM_RH Constants" (Part 2: Structures) +typedef TPM_HANDLE TPM_RH; +#define TYPE_OF_TPM_RH TPM_HANDLE +#define TPM_RH_FIRST (TPM_RH)(0x40000000) +#define TPM_RH_SRK (TPM_RH)(0x40000000) +#define TPM_RH_OWNER (TPM_RH)(0x40000001) +#define TPM_RH_REVOKE (TPM_RH)(0x40000002) +#define TPM_RH_TRANSPORT (TPM_RH)(0x40000003) +#define TPM_RH_OPERATOR (TPM_RH)(0x40000004) +#define TPM_RH_ADMIN (TPM_RH)(0x40000005) +#define TPM_RH_EK (TPM_RH)(0x40000006) +#define TPM_RH_NULL (TPM_RH)(0x40000007) +#define TPM_RH_UNASSIGNED (TPM_RH)(0x40000008) +#define TPM_RS_PW (TPM_RH)(0x40000009) +#define TPM_RH_LOCKOUT (TPM_RH)(0x4000000A) +#define TPM_RH_ENDORSEMENT (TPM_RH)(0x4000000B) +#define TPM_RH_PLATFORM (TPM_RH)(0x4000000C) +#define TPM_RH_PLATFORM_NV (TPM_RH)(0x4000000D) +#define TPM_RH_AUTH_00 (TPM_RH)(0x40000010) +#define TPM_RH_AUTH_FF (TPM_RH)(0x4000010F) +#define TPM_RH_ACT_0 (TPM_RH)(0x40000110) +#define TPM_RH_ACT_F (TPM_RH)(0x4000011F) #define TPM_RH_FW_OWNER (TPM_RH)(0x40000140) #define TPM_RH_FW_ENDORSEMENT (TPM_RH)(0x40000141) #define TPM_RH_FW_PLATFORM (TPM_RH)(0x40000142) @@ -739,1716 +739,1966 @@ typedef TPM_HANDLE TPM_RH; #define TPM_RH_SVN_PLATFORM_BASE (TPM_RH)(0x40030000) #define TPM_RH_SVN_NULL_BASE (TPM_RH)(0x40040000) #define TPM_RH_LAST (TPM_RH)(0x4004FFFF) +// Note: 0x40010001-0x4001FFFF, 0x40020001-0x4002FFFF, +// 0x40030001-0x4003FFFF, and 0x40040001-0x4004FFFF are +// valid reserved handles, but are not returned from +// TPM2_GetCapability(). -/* Table 2:29 - Definition of TPM_HC Constants */ -typedef TPM_HANDLE TPM_HC; -#define HR_HANDLE_MASK (TPM_HC)(0x00FFFFFF) -#define HR_RANGE_MASK (TPM_HC)(0xFF000000) -#define HR_SHIFT (TPM_HC)(24) -#define HR_PCR (TPM_HC)((TPM_HT_PCR< */ -typedef struct { - TPM_HANDLE handle; - UINT32 timeout; - TPMA_ACT attributes; + +typedef struct +{ // (Part 2: Structures) + TPM_HANDLE handle; + UINT32 timeout; + TPMA_ACT attributes; } TPMS_ACT_DATA; -/* Table 2:97 - Definition of TPML_CC Structure */ -typedef struct { - UINT32 count; - TPM_CC commandCodes[MAX_CAP_CC]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPM_CC commandCodes[MAX_CAP_CC]; } TPML_CC; -/* Table 2:98 - Definition of TPML_CCA Structure */ -typedef struct { - UINT32 count; - TPMA_CC commandAttributes[MAX_CAP_CC]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPMA_CC commandAttributes[MAX_CAP_CC]; } TPML_CCA; -/* Table 2:99 - Definition of TPML_ALG Structure */ -typedef struct { - UINT32 count; - TPM_ALG_ID algorithms[MAX_ALG_LIST_SIZE]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPM_ALG_ID algorithms[MAX_ALG_LIST_SIZE]; } TPML_ALG; -/* Table 2:100 - Definition of TPML_HANDLE Structure */ -typedef struct { - UINT32 count; - TPM_HANDLE handle[MAX_CAP_HANDLES]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPM_HANDLE handle[MAX_CAP_HANDLES]; } TPML_HANDLE; -/* Table 2:101 - Definition of TPML_DIGEST Structure */ -typedef struct { - UINT32 count; - TPM2B_DIGEST digests[8]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPM2B_DIGEST digests[8]; } TPML_DIGEST; -/* Table 2:102 - Definition of TPML_DIGEST_VALUES Structure */ -typedef struct { - UINT32 count; - TPMT_HA digests[HASH_COUNT]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPMT_HA digests[HASH_COUNT]; } TPML_DIGEST_VALUES; -/* Table 2:104 - Definition of TPML_PCR_SELECTION Structure */ -typedef struct { - UINT32 count; - TPMS_PCR_SELECTION pcrSelections[HASH_COUNT]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPMS_PCR_SELECTION pcrSelections[HASH_COUNT]; } TPML_PCR_SELECTION; -/* Table 2:105 - Definition of TPML_ALG_PROPERTY Structure */ -typedef struct { - UINT32 count; - TPMS_ALG_PROPERTY algProperties[MAX_CAP_ALGS]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPMS_ALG_PROPERTY algProperties[MAX_CAP_ALGS]; } TPML_ALG_PROPERTY; -/* Table 2:106 - Definition of TPML_TAGGED_TPM_PROPERTY Structure */ -typedef struct { - UINT32 count; - TPMS_TAGGED_PROPERTY tpmProperty[MAX_TPM_PROPERTIES]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPMS_TAGGED_PROPERTY tpmProperty[MAX_TPM_PROPERTIES]; } TPML_TAGGED_TPM_PROPERTY; -/* Table 2:107 - Definition of TPML_TAGGED_PCR_PROPERTY Structure */ -typedef struct { - UINT32 count; - TPMS_TAGGED_PCR_SELECT pcrProperty[MAX_PCR_PROPERTIES]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPMS_TAGGED_PCR_SELECT pcrProperty[MAX_PCR_PROPERTIES]; } TPML_TAGGED_PCR_PROPERTY; -/* Table 2:108 - Definition of TPML_ECC_CURVE Structure */ -typedef struct { - UINT32 count; - TPM_ECC_CURVE eccCurves[MAX_ECC_CURVES]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPM_ECC_CURVE eccCurves[MAX_ECC_CURVES]; } TPML_ECC_CURVE; -/* Table 2:109 - Definition of TPML_TAGGED_POLICY Structure */ -typedef struct { - UINT32 count; - TPMS_TAGGED_POLICY policies[MAX_TAGGED_POLICIES]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPMS_TAGGED_POLICY policies[MAX_TAGGED_POLICIES]; } TPML_TAGGED_POLICY; -/* Table 2:118 - Definition of TPML_ACT_DATA Structure */ -typedef struct { - UINT32 count; - TPMS_ACT_DATA actData[MAX_ACT_DATA]; + +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPMS_ACT_DATA actData[MAX_ACT_DATA]; } TPML_ACT_DATA; -/* Table 2:110 - Definition of TPMU_CAPABILITIES Union */ -typedef union { - TPML_ALG_PROPERTY algorithms; - TPML_HANDLE handles; - TPML_CCA command; - TPML_CC ppCommands; - TPML_CC auditCommands; - TPML_PCR_SELECTION assignedPCR; - TPML_TAGGED_TPM_PROPERTY tpmProperties; - TPML_TAGGED_PCR_PROPERTY pcrProperties; -#if ALG_ECC - TPML_ECC_CURVE eccCurves; -#endif // ALG_ECC - TPML_TAGGED_POLICY authPolicies; - TPML_ACT_DATA actData; + +typedef union +{ // (Part 2: Structures) + TPML_ALG_PROPERTY algorithms; + TPML_HANDLE handles; + TPML_CCA command; + TPML_CC ppCommands; + TPML_CC auditCommands; + TPML_PCR_SELECTION assignedPCR; + TPML_TAGGED_TPM_PROPERTY tpmProperties; + TPML_TAGGED_PCR_PROPERTY pcrProperties; +#if ALG_ECC + TPML_ECC_CURVE eccCurves; +#endif // ALG_ECC + TPML_TAGGED_POLICY authPolicies; + TPML_ACT_DATA actData; } TPMU_CAPABILITIES; -/* NOTE The TPMU_SET_CAPABILITIES structure may be defined by a TCG Registry. */ -typedef struct { - UINT32 platformSpecific; -} TPMU_SET_CAPABILITIES; -/* Table 2:111 - Definition of TPMS_CAPABILITY_DATA Structure */ -typedef struct { - TPM_CAP capability; - TPMU_CAPABILITIES data; + +typedef struct +{ // (Part 2: Structures) + TPM_CAP capability; + TPMU_CAPABILITIES data; } TPMS_CAPABILITY_DATA; -/* Table 129 - Definition of TPMS_SET_CAPABILITY_DATA Structure */ -typedef struct { - TPM_CAP setCapability; - TPMU_SET_CAPABILITIES data; + +typedef union +{ // (Part 2: Structures) + // NOTE: No settable capabilities are implemented in this reference code. + UINT32 reserved; // some compilers don't support empty unions in C +} TPMU_SET_CAPABILITIES; + +typedef struct +{ // (Part 2: Structures) + TPM_CAP setCapability; + TPMU_SET_CAPABILITIES data; } TPMS_SET_CAPABILITY_DATA; -/* Table 130 - Definition of TPM2B_SET_CAPABILITY_DATA Structure */ -typedef struct { - UINT16 size; - TPMS_SET_CAPABILITY_DATA setCapabilityData; -} TPM2B_SET_CAPABILITY_DATA; -/* Table 2:112 - Definition of TPMS_CLOCK_INFO Structure */ -typedef struct { - UINT64 clock; - UINT32 resetCount; - UINT32 restartCount; - TPMI_YES_NO safe; -} TPMS_CLOCK_INFO; -/* Table 2:113 - Definition of TPMS_TIME_INFO Structure */ -typedef struct { - UINT64 time; - TPMS_CLOCK_INFO clockInfo; -} TPMS_TIME_INFO; -/* Table 2:114 - Definition of TPMS_TIME_ATTEST_INFO Structure */ -typedef struct { - TPMS_TIME_INFO time; - UINT64 firmwareVersion; -} TPMS_TIME_ATTEST_INFO; -/* Table 2:115 - Definition of TPMS_CERTIFY_INFO Structure */ -typedef struct { - TPM2B_NAME name; - TPM2B_NAME qualifiedName; -} TPMS_CERTIFY_INFO; -/* Table 2:116 - Definition of TPMS_QUOTE_INFO Structure */ -typedef struct { - TPML_PCR_SELECTION pcrSelect; - TPM2B_DIGEST pcrDigest; -} TPMS_QUOTE_INFO; -/* Table 2:117 - Definition of TPMS_COMMAND_AUDIT_INFO Structure */ -typedef struct { - UINT64 auditCounter; - TPM_ALG_ID digestAlg; - TPM2B_DIGEST auditDigest; - TPM2B_DIGEST commandDigest; -} TPMS_COMMAND_AUDIT_INFO; -/* Table 2:118 - Definition of TPMS_SESSION_AUDIT_INFO Structure */ -typedef struct { - TPMI_YES_NO exclusiveSession; - TPM2B_DIGEST sessionDigest; -} TPMS_SESSION_AUDIT_INFO; -/* Table 2:119 - Definition of TPMS_CREATION_INFO Structure */ -typedef struct { - TPM2B_NAME objectName; - TPM2B_DIGEST creationHash; -} TPMS_CREATION_INFO; -/* Table 2:120 - Definition of TPMS_NV_CERTIFY_INFO Structure */ -typedef struct { - TPM2B_NAME indexName; - UINT16 offset; - TPM2B_MAX_NV_BUFFER nvContents; -} TPMS_NV_CERTIFY_INFO; -/* Table 125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure */ -typedef struct { - TPM2B_NAME indexName; - TPM2B_DIGEST nvDigest; -} TPMS_NV_DIGEST_CERTIFY_INFO; -/* Table 2:121 - Definition of TPMI_ST_ATTEST Type */ -typedef TPM_ST TPMI_ST_ATTEST; -/* Table 2:122 - Definition of TPMU_ATTEST Union */ -typedef union { - TPMS_CERTIFY_INFO certify; - TPMS_CREATION_INFO creation; - TPMS_QUOTE_INFO quote; - TPMS_COMMAND_AUDIT_INFO commandAudit; - TPMS_SESSION_AUDIT_INFO sessionAudit; - TPMS_TIME_ATTEST_INFO time; - TPMS_NV_CERTIFY_INFO nv; - TPMS_NV_DIGEST_CERTIFY_INFO nvDigest; -} TPMU_ATTEST; -/* Table 2:123 - Definition of TPMS_ATTEST Structure */ -typedef struct { - TPM_CONSTANTS32 magic; - TPMI_ST_ATTEST type; - TPM2B_NAME qualifiedSigner; - TPM2B_DATA extraData; - TPMS_CLOCK_INFO clockInfo; - UINT64 firmwareVersion; - TPMU_ATTEST attested; -} TPMS_ATTEST; -/* Table 2:124 - Definition of TPM2B_ATTEST Structure */ -typedef union { - struct { - UINT16 size; - BYTE attestationData[sizeof(TPMS_ATTEST)]; - } t; - TPM2B b; -} TPM2B_ATTEST; -/* Table 2:125 - Definition of TPMS_AUTH_COMMAND Structure */ -typedef struct { - TPMI_SH_AUTH_SESSION sessionHandle; - TPM2B_NONCE nonce; - TPMA_SESSION sessionAttributes; - TPM2B_AUTH hmac; -} TPMS_AUTH_COMMAND; -/* Table 2:126 - Definition of TPMS_AUTH_RESPONSE Structure */ -typedef struct { - TPM2B_NONCE nonce; - TPMA_SESSION sessionAttributes; - TPM2B_AUTH hmac; -} TPMS_AUTH_RESPONSE; -/* Table 2:127 - Definition of TPMI_TDES_KEY_BITS Type */ -typedef TPM_KEY_BITS TPMI_TDES_KEY_BITS; -/* Table 2:127 - Definition of TPMI_AES_KEY_BITS Type */ -typedef TPM_KEY_BITS TPMI_AES_KEY_BITS; -/* Table 2:127 - Definition of TPMI_SM4_KEY_BITS Type */ -typedef TPM_KEY_BITS TPMI_SM4_KEY_BITS; -/* Table 2:127 - Definition of TPMI_CAMELLIA_KEY_BITS Type */ -typedef TPM_KEY_BITS TPMI_CAMELLIA_KEY_BITS; -/* Table 2:128 - Definition of TPMU_SYM_KEY_BITS Union */ -typedef union { -#if ALG_TDES - TPMI_TDES_KEY_BITS tdes; -#endif // ALG_TDES -#if ALG_AES - TPMI_AES_KEY_BITS aes; -#endif // ALG_AES -#if ALG_SM4 - TPMI_SM4_KEY_BITS sm4; -#endif // ALG_SM4 -#if ALG_CAMELLIA - TPMI_CAMELLIA_KEY_BITS camellia; -#endif // ALG_CAMELLIA - TPM_KEY_BITS sym; -#if ALG_XOR - TPMI_ALG_HASH xorr; -#endif // ALG_XOR -} TPMU_SYM_KEY_BITS; -/* Table 2:129 - Definition of TPMU_SYM_MODE Union */ -typedef union { -#if ALG_TDES - TPMI_ALG_SYM_MODE tdes; -#endif // ALG_TDES -#if ALG_AES - TPMI_ALG_SYM_MODE aes; -#endif // ALG_AES -#if ALG_SM4 - TPMI_ALG_SYM_MODE sm4; -#endif // ALG_SM4 -#if ALG_CAMELLIA - TPMI_ALG_SYM_MODE camellia; -#endif // ALG_CAMELLIA - TPMI_ALG_SYM_MODE sym; -} TPMU_SYM_MODE; -/* Table 2:131 - Definition of TPMT_SYM_DEF Structure */ -typedef struct { - TPMI_ALG_SYM algorithm; - TPMU_SYM_KEY_BITS keyBits; - TPMU_SYM_MODE mode; -} TPMT_SYM_DEF; -/* Table 2:132 - Definition of TPMT_SYM_DEF_OBJECT Structure */ -typedef struct { - TPMI_ALG_SYM_OBJECT algorithm; - TPMU_SYM_KEY_BITS keyBits; - TPMU_SYM_MODE mode; -} TPMT_SYM_DEF_OBJECT; -/* Table 2:133 - Definition of TPM2B_SYM_KEY Structure */ -typedef union { - struct { - UINT16 size; - BYTE buffer[MAX_SYM_KEY_BYTES]; - } t; - TPM2B b; -} TPM2B_SYM_KEY; -/* Table 2:134 - Definition of TPMS_SYMCIPHER_PARMS Structure */ -typedef struct { - TPMT_SYM_DEF_OBJECT sym; -} TPMS_SYMCIPHER_PARMS; -/* Table 2:135 - Definition of TPM2B_LABEL Structure */ -typedef union { - struct { - UINT16 size; - BYTE buffer[LABEL_MAX_BUFFER]; - } t; - TPM2B b; -} TPM2B_LABEL; -/* Table 2:136 - Definition of TPMS_DERIVE Structure */ -typedef struct { - TPM2B_LABEL label; - TPM2B_LABEL context; -} TPMS_DERIVE; -/* Table 2:137 - Definition of TPM2B_DERIVE Structure */ -typedef union { - struct { - UINT16 size; - BYTE buffer[sizeof(TPMS_DERIVE)]; - } t; - TPM2B b; -} TPM2B_DERIVE; -/* Table 2:138 - Definition of TPMU_SENSITIVE_CREATE Union */ -typedef union { - BYTE create[MAX_SYM_DATA]; - TPMS_DERIVE derive; -} TPMU_SENSITIVE_CREATE; -/* Table 2:139 - Definition of TPM2B_SENSITIVE_DATA Structure */ -typedef union { - struct { - UINT16 size; - BYTE buffer[sizeof(TPMU_SENSITIVE_CREATE)]; - } t; - TPM2B b; -} TPM2B_SENSITIVE_DATA; -/* Table 2:140 - Definition of TPMS_SENSITIVE_CREATE Structure */ -typedef struct { - TPM2B_AUTH userAuth; - TPM2B_SENSITIVE_DATA data; -} TPMS_SENSITIVE_CREATE; -/* Table 2:141 - Definition of TPM2B_SENSITIVE_CREATE Structure */ -typedef struct { + +typedef struct +{ // (Part 2: Structures) UINT16 size; - TPMS_SENSITIVE_CREATE sensitive; + TPMS_SET_CAPABILITY_DATA setCapabilityData; +} TPM2B_SET_CAPABILITY_DATA; + +typedef struct +{ // (Part 2: Structures) + UINT64 clock; + UINT32 resetCount; + UINT32 restartCount; + TPMI_YES_NO safe; +} TPMS_CLOCK_INFO; + +typedef struct +{ // (Part 2: Structures) + UINT64 time; + TPMS_CLOCK_INFO clockInfo; +} TPMS_TIME_INFO; + +typedef struct +{ // (Part 2: Structures) + TPMS_TIME_INFO time; + UINT64 firmwareVersion; +} TPMS_TIME_ATTEST_INFO; + +typedef struct +{ // (Part 2: Structures) + TPM2B_NAME name; + TPM2B_NAME qualifiedName; +} TPMS_CERTIFY_INFO; + +typedef struct +{ // (Part 2: Structures) + TPML_PCR_SELECTION pcrSelect; + TPM2B_DIGEST pcrDigest; +} TPMS_QUOTE_INFO; + +typedef struct +{ // (Part 2: Structures) + UINT64 auditCounter; + TPM_ALG_ID digestAlg; + TPM2B_DIGEST auditDigest; + TPM2B_DIGEST commandDigest; +} TPMS_COMMAND_AUDIT_INFO; + +typedef struct +{ // (Part 2: Structures) + TPMI_YES_NO exclusiveSession; + TPM2B_DIGEST sessionDigest; +} TPMS_SESSION_AUDIT_INFO; + +typedef struct +{ // (Part 2: Structures) + TPM2B_NAME objectName; + TPM2B_DIGEST creationHash; +} TPMS_CREATION_INFO; + +typedef struct +{ // (Part 2: Structures) + TPM2B_NAME indexName; + UINT16 offset; + TPM2B_MAX_NV_BUFFER nvContents; +} TPMS_NV_CERTIFY_INFO; + +typedef struct +{ // (Part 2: Structures) + TPM2B_NAME indexName; + TPM2B_DIGEST nvDigest; +} TPMS_NV_DIGEST_CERTIFY_INFO; + +typedef TPM_ST TPMI_ST_ATTEST; // (Part 2: Structures) +typedef union +{ // (Part 2: Structures) + TPMS_CERTIFY_INFO certify; + TPMS_CREATION_INFO creation; + TPMS_QUOTE_INFO quote; + TPMS_COMMAND_AUDIT_INFO commandAudit; + TPMS_SESSION_AUDIT_INFO sessionAudit; + TPMS_TIME_ATTEST_INFO time; + TPMS_NV_CERTIFY_INFO nv; + TPMS_NV_DIGEST_CERTIFY_INFO nvDigest; +} TPMU_ATTEST; + +typedef struct +{ // (Part 2: Structures) + TPM_CONSTANTS32 magic; + TPMI_ST_ATTEST type; + TPM2B_NAME qualifiedSigner; + TPM2B_DATA extraData; + TPMS_CLOCK_INFO clockInfo; + UINT64 firmwareVersion; + TPMU_ATTEST attested; +} TPMS_ATTEST; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE attestationData[sizeof(TPMS_ATTEST)]; + } t; + TPM2B b; +} TPM2B_ATTEST; + +typedef struct +{ // (Part 2: Structures) + TPMI_SH_AUTH_SESSION sessionHandle; + TPM2B_NONCE nonce; + TPMA_SESSION sessionAttributes; + TPM2B_AUTH hmac; +} TPMS_AUTH_COMMAND; + +typedef struct +{ // (Part 2: Structures) + TPM2B_NONCE nonce; + TPMA_SESSION sessionAttributes; + TPM2B_AUTH hmac; +} TPMS_AUTH_RESPONSE; + +typedef TPM_KEY_BITS TPMI_TDES_KEY_BITS; +typedef TPM_KEY_BITS TPMI_AES_KEY_BITS; // (Part 2: Structures) +typedef TPM_KEY_BITS TPMI_SM4_KEY_BITS; // (Part 2: Structures) +typedef TPM_KEY_BITS TPMI_CAMELLIA_KEY_BITS; // (Part 2: Structures) +typedef union +{ // (Part 2: Structures) +#if ALG_TDES // libtpms added begin + TPMI_TDES_KEY_BITS tdes; +#endif // ALG_TDES // libtpms added end +#if ALG_AES + TPMI_AES_KEY_BITS aes; +#endif // ALG_AES +#if ALG_SM4 + TPMI_SM4_KEY_BITS sm4; +#endif // ALG_SM4 +#if ALG_CAMELLIA + TPMI_CAMELLIA_KEY_BITS camellia; +#endif // ALG_CAMELLIA + TPM_KEY_BITS sym; +#if ALG_XOR + TPMI_ALG_HASH xorr; +#endif // ALG_XOR +} TPMU_SYM_KEY_BITS; + +typedef union +{ // (Part 2: Structures) +#if ALG_TDES // libtpms added begin + TPMI_ALG_SYM_MODE tdes; +#endif // ALG_TDES // libtpms added end +#if ALG_AES + TPMI_ALG_SYM_MODE aes; +#endif // ALG_AES +#if ALG_SM4 + TPMI_ALG_SYM_MODE sm4; +#endif // ALG_SM4 +#if ALG_CAMELLIA + TPMI_ALG_SYM_MODE camellia; +#endif // ALG_CAMELLIA + TPMI_ALG_SYM_MODE sym; +} TPMU_SYM_MODE; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_SYM algorithm; + TPMU_SYM_KEY_BITS keyBits; + TPMU_SYM_MODE mode; +} TPMT_SYM_DEF; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_SYM_OBJECT algorithm; + TPMU_SYM_KEY_BITS keyBits; + TPMU_SYM_MODE mode; +} TPMT_SYM_DEF_OBJECT; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE buffer[MAX_SYM_KEY_BYTES]; + } t; + TPM2B b; +} TPM2B_SYM_KEY; + +typedef struct +{ // (Part 2: Structures) + TPMT_SYM_DEF_OBJECT sym; +} TPMS_SYMCIPHER_PARMS; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE buffer[LABEL_MAX_BUFFER]; + } t; + TPM2B b; +} TPM2B_LABEL; + +typedef struct +{ // (Part 2: Structures) + TPM2B_LABEL label; + TPM2B_LABEL context; +} TPMS_DERIVE; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE buffer[sizeof(TPMS_DERIVE)]; + } t; + TPM2B b; +} TPM2B_DERIVE; + +typedef union +{ // (Part 2: Structures) + BYTE create[MAX_SYM_DATA]; + TPMS_DERIVE derive; +} TPMU_SENSITIVE_CREATE; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE buffer[sizeof(TPMU_SENSITIVE_CREATE)]; + } t; + TPM2B b; +} TPM2B_SENSITIVE_DATA; + +typedef struct +{ // (Part 2: Structures) + TPM2B_AUTH userAuth; + TPM2B_SENSITIVE_DATA data; +} TPMS_SENSITIVE_CREATE; + +typedef struct +{ // (Part 2: Structures) + UINT16 size; + TPMS_SENSITIVE_CREATE sensitive; } TPM2B_SENSITIVE_CREATE; -/* Table 2:142 - Definition of TPMS_SCHEME_HASH Structure */ -typedef struct { - TPMI_ALG_HASH hashAlg; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_HASH hashAlg; } TPMS_SCHEME_HASH; -/* Table 2:143 - Definition of TPMS_SCHEME_ECDAA Structure */ -typedef struct { - TPMI_ALG_HASH hashAlg; - UINT16 count; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_HASH hashAlg; + UINT16 count; } TPMS_SCHEME_ECDAA; -/* Table 2:144 - Definition of TPMI_ALG_KEYEDHASH_SCHEME Type */ -typedef TPM_ALG_ID TPMI_ALG_KEYEDHASH_SCHEME; -/* Table 2:145 - Definition of Types for HMAC_SIG_SCHEME */ -typedef TPMS_SCHEME_HASH TPMS_SCHEME_HMAC; -/* Table 2:146 - Definition of TPMS_SCHEME_XOR Structure */ -typedef struct { - TPMI_ALG_HASH hashAlg; - TPMI_ALG_KDF kdf; + +typedef TPM_ALG_ID TPMI_ALG_KEYEDHASH_SCHEME; // (Part 2: Structures) + +// Table "Definition of Types for HMAC_SIG_SCHEME" (Part 2: Structures) +typedef TPMS_SCHEME_HASH TPMS_SCHEME_HMAC; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_HASH hashAlg; + TPMI_ALG_KDF kdf; } TPMS_SCHEME_XOR; -/* Table 2:147 - Definition of TPMU_SCHEME_KEYEDHASH Union */ -typedef union { -#if ALG_HMAC - TPMS_SCHEME_HMAC hmac; -#endif // ALG_HMAC -#if ALG_XOR - TPMS_SCHEME_XOR xorr; -#endif // ALG_XOR + +typedef union +{ // (Part 2: Structures) +#if ALG_HMAC + TPMS_SCHEME_HMAC hmac; +#endif // ALG_HMAC +#if ALG_XOR + TPMS_SCHEME_XOR xorr; +#endif // ALG_XOR } TPMU_SCHEME_KEYEDHASH; -/* Table 2:148 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ -typedef struct { - TPMI_ALG_KEYEDHASH_SCHEME scheme; - TPMU_SCHEME_KEYEDHASH details; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_KEYEDHASH_SCHEME scheme; + TPMU_SCHEME_KEYEDHASH details; } TPMT_KEYEDHASH_SCHEME; -/* Table 2:149 - Definition of Types for RSA Signature Schemes */ -typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_RSASSA; -typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_RSAPSS; -/* Table 2:150 - Definition of Types for ECC Signature Schemes */ -typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_ECDSA; -typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_SM2; -typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_ECSCHNORR; -typedef TPMS_SCHEME_ECDAA TPMS_SIG_SCHEME_ECDAA; -/* Table 2:151 - Definition of TPMU_SIG_SCHEME Union */ -typedef union { -#if ALG_ECC - TPMS_SIG_SCHEME_ECDAA ecdaa; -#endif // ALG_ECC -#if ALG_RSASSA - TPMS_SIG_SCHEME_RSASSA rsassa; -#endif // ALG_RSASSA -#if ALG_RSAPSS - TPMS_SIG_SCHEME_RSAPSS rsapss; -#endif // ALG_RSAPSS -#if ALG_ECDSA - TPMS_SIG_SCHEME_ECDSA ecdsa; -#endif // ALG_ECDSA -#if ALG_SM2 - TPMS_SIG_SCHEME_SM2 sm2; -#endif // ALG_SM2 -#if ALG_ECSCHNORR - TPMS_SIG_SCHEME_ECSCHNORR ecschnorr; -#endif // ALG_ECSCHNORR -#if ALG_HMAC - TPMS_SCHEME_HMAC hmac; -#endif // ALG_HMAC - TPMS_SCHEME_HASH any; + +// Table "Definition of Types for RSA Signature Schemes" (Part 2: Structures) +typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_RSAPSS; +typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_RSASSA; + +// Table "Definition of Types for ECC Signature Schemes" (Part 2: Structures) +typedef TPMS_SCHEME_ECDAA TPMS_SIG_SCHEME_ECDAA; +typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_ECDSA; +typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_ECSCHNORR; +typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_SM2; + +typedef union +{ // (Part 2: Structures) +#if ALG_HMAC + TPMS_SCHEME_HMAC hmac; +#endif // ALG_HMAC +#if ALG_RSASSA + TPMS_SIG_SCHEME_RSASSA rsassa; +#endif // ALG_RSASSA +#if ALG_RSAPSS + TPMS_SIG_SCHEME_RSAPSS rsapss; +#endif // ALG_RSAPSS +#if ALG_ECDSA + TPMS_SIG_SCHEME_ECDSA ecdsa; +#endif // ALG_ECDSA +#if ALG_ECDAA + TPMS_SIG_SCHEME_ECDAA ecdaa; +#endif // ALG_ECDAA +#if ALG_SM2 + TPMS_SIG_SCHEME_SM2 sm2; +#endif // ALG_SM2 +#if ALG_ECSCHNORR + TPMS_SIG_SCHEME_ECSCHNORR ecschnorr; +#endif // ALG_ECSCHNORR + TPMS_SCHEME_HASH any; } TPMU_SIG_SCHEME; -/* Table 2:152 - Definition of TPMT_SIG_SCHEME Structure */ -typedef struct { - TPMI_ALG_SIG_SCHEME scheme; - TPMU_SIG_SCHEME details; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_SIG_SCHEME scheme; + TPMU_SIG_SCHEME details; } TPMT_SIG_SCHEME; -/* Table 2:153 - Definition of Types for Encryption Schemes */ -typedef TPMS_SCHEME_HASH TPMS_ENC_SCHEME_OAEP; -typedef TPMS_EMPTY TPMS_ENC_SCHEME_RSAES; -/* Table 2:154 - Definition of Types for ECC Key Exchange */ -typedef TPMS_SCHEME_HASH TPMS_KEY_SCHEME_ECDH; -typedef TPMS_SCHEME_HASH TPMS_KEY_SCHEME_ECMQV; -/* Table 2:155 - Definition of Types for KDF Schemes */ -typedef TPMS_SCHEME_HASH TPMS_KDF_SCHEME_MGF1; -typedef TPMS_SCHEME_HASH TPMS_KDF_SCHEME_KDF1_SP800_56A; -typedef TPMS_SCHEME_HASH TPMS_KDF_SCHEME_KDF2; -typedef TPMS_SCHEME_HASH TPMS_KDF_SCHEME_KDF1_SP800_108; -/* Table 2:156 - Definition of TPMU_KDF_SCHEME Union */ -typedef union { -#if ALG_MGF1 - TPMS_KDF_SCHEME_MGF1 mgf1; -#endif // ALG_MGF1 -#if ALG_KDF1_SP800_56A - TPMS_KDF_SCHEME_KDF1_SP800_56A kdf1_sp800_56a; -#endif // ALG_KDF1_SP800_56A -#if ALG_KDF2 - TPMS_KDF_SCHEME_KDF2 kdf2; -#endif // ALG_KDF2 -#if ALG_KDF1_SP800_108 - TPMS_KDF_SCHEME_KDF1_SP800_108 kdf1_sp800_108; -#endif // ALG_KDF1_SP800_108 - TPMS_SCHEME_HASH anyKdf; + +// Table "Definition of Types for Encryption Schemes" (Part 2: Structures) +typedef TPMS_EMPTY TPMS_ENC_SCHEME_RSAES; +typedef TPMS_SCHEME_HASH TPMS_ENC_SCHEME_OAEP; + +// Table "Definition of Types for ECC Key Exchange" (Part 2: Structures) +typedef TPMS_SCHEME_HASH TPMS_KEY_SCHEME_ECDH; +typedef TPMS_SCHEME_HASH TPMS_KEY_SCHEME_ECMQV; + +// Table "Definition of Types for KDF Schemes" (Part 2: Structures) +typedef TPMS_SCHEME_HASH TPMS_KDF_SCHEME_KDF1_SP800_108; +typedef TPMS_SCHEME_HASH TPMS_KDF_SCHEME_KDF1_SP800_56A; +typedef TPMS_SCHEME_HASH TPMS_KDF_SCHEME_KDF2; +typedef TPMS_SCHEME_HASH TPMS_KDF_SCHEME_MGF1; + +typedef union +{ // (Part 2: Structures) + TPMS_SCHEME_HASH anyKdf; +#if ALG_MGF1 + TPMS_KDF_SCHEME_MGF1 mgf1; +#endif // ALG_MGF1 +#if ALG_KDF1_SP800_56A + TPMS_KDF_SCHEME_KDF1_SP800_56A kdf1_sp800_56a; +#endif // ALG_KDF1_SP800_56A +#if ALG_KDF2 + TPMS_KDF_SCHEME_KDF2 kdf2; +#endif // ALG_KDF2 +#if ALG_KDF1_SP800_108 + TPMS_KDF_SCHEME_KDF1_SP800_108 kdf1_sp800_108; +#endif // ALG_KDF1_SP800_108 } TPMU_KDF_SCHEME; -/* Table 2:157 - Definition of TPMT_KDF_SCHEME Structure */ -typedef struct { - TPMI_ALG_KDF scheme; - TPMU_KDF_SCHEME details; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_KDF scheme; + TPMU_KDF_SCHEME details; } TPMT_KDF_SCHEME; -/* Table 2:158 - Definition of TPMI_ALG_ASYM_SCHEME Type */ -typedef TPM_ALG_ID TPMI_ALG_ASYM_SCHEME; -/* Table 2:159 - Definition of TPMU_ASYM_SCHEME Union */ -typedef union { -#if ALG_ECDH - TPMS_KEY_SCHEME_ECDH ecdh; -#endif // ALG_ECDH -#if ALG_ECMQV - TPMS_KEY_SCHEME_ECMQV ecmqv; -#endif // ALG_ECMQV -#if ALG_ECC - TPMS_SIG_SCHEME_ECDAA ecdaa; -#endif // ALG_ECC -#if ALG_RSASSA - TPMS_SIG_SCHEME_RSASSA rsassa; -#endif // ALG_RSASSA -#if ALG_RSAPSS - TPMS_SIG_SCHEME_RSAPSS rsapss; -#endif // ALG_RSAPSS -#if ALG_ECDSA - TPMS_SIG_SCHEME_ECDSA ecdsa; -#endif // ALG_ECDSA -#if ALG_SM2 - TPMS_SIG_SCHEME_SM2 sm2; -#endif // ALG_SM2 -#if ALG_ECSCHNORR - TPMS_SIG_SCHEME_ECSCHNORR ecschnorr; -#endif // ALG_ECSCHNORR -#if ALG_RSAES - TPMS_ENC_SCHEME_RSAES rsaes; -#endif // ALG_RSAES -#if ALG_OAEP - TPMS_ENC_SCHEME_OAEP oaep; -#endif // ALG_OAEP - TPMS_SCHEME_HASH anySig; + +typedef TPM_ALG_ID TPMI_ALG_ASYM_SCHEME; // (Part 2: Structures) +typedef union +{ // (Part 2: Structures) + TPMS_SCHEME_HASH anySig; +#if ALG_RSASSA + TPMS_SIG_SCHEME_RSASSA rsassa; +#endif // ALG_RSASSA +#if ALG_RSAES + TPMS_ENC_SCHEME_RSAES rsaes; +#endif // ALG_RSAES +#if ALG_RSAPSS + TPMS_SIG_SCHEME_RSAPSS rsapss; +#endif // ALG_RSAPSS +#if ALG_OAEP + TPMS_ENC_SCHEME_OAEP oaep; +#endif // ALG_OAEP +#if ALG_ECDSA + TPMS_SIG_SCHEME_ECDSA ecdsa; +#endif // ALG_ECDSA +#if ALG_ECDH + TPMS_KEY_SCHEME_ECDH ecdh; +#endif // ALG_ECDH +#if ALG_ECDAA + TPMS_SIG_SCHEME_ECDAA ecdaa; +#endif // ALG_ECDAA +#if ALG_SM2 + TPMS_SIG_SCHEME_SM2 sm2; +#endif // ALG_SM2 +#if ALG_ECSCHNORR + TPMS_SIG_SCHEME_ECSCHNORR ecschnorr; +#endif // ALG_ECSCHNORR +#if ALG_ECMQV + TPMS_KEY_SCHEME_ECMQV ecmqv; +#endif // ALG_ECMQV } TPMU_ASYM_SCHEME; -/* Table 2:160 - Definition of TPMT_ASYM_SCHEME Structure */ -typedef struct { - TPMI_ALG_ASYM_SCHEME scheme; - TPMU_ASYM_SCHEME details; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_ASYM_SCHEME scheme; + TPMU_ASYM_SCHEME details; } TPMT_ASYM_SCHEME; -/* Table 2:161 - Definition of TPMI_ALG_RSA_SCHEME Type */ -typedef TPM_ALG_ID TPMI_ALG_RSA_SCHEME; -/* Table 2:162 - Definition of TPMT_RSA_SCHEME Structure */ -typedef struct { - TPMI_ALG_RSA_SCHEME scheme; - TPMU_ASYM_SCHEME details; + +typedef TPM_ALG_ID TPMI_ALG_RSA_SCHEME; // (Part 2: Structures) +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_RSA_SCHEME scheme; + TPMU_ASYM_SCHEME details; } TPMT_RSA_SCHEME; -/* Table 2:163 - Definition of TPMI_ALG_RSA_DECRYPT Type */ -typedef TPM_ALG_ID TPMI_ALG_RSA_DECRYPT; -/* Table 2:164 - Definition of TPMT_RSA_DECRYPT Structure */ -typedef struct { - TPMI_ALG_RSA_DECRYPT scheme; - TPMU_ASYM_SCHEME details; + +typedef TPM_ALG_ID TPMI_ALG_RSA_DECRYPT; // (Part 2: Structures) +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_RSA_DECRYPT scheme; + TPMU_ASYM_SCHEME details; } TPMT_RSA_DECRYPT; -/* Table 2:165 - Definition of TPM2B_PUBLIC_KEY_RSA Structure */ -typedef union { - struct { - UINT16 size; - BYTE buffer[MAX_RSA_KEY_BYTES]; - } t; - TPM2B b; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE buffer[MAX_RSA_KEY_BYTES]; + } t; + TPM2B b; } TPM2B_PUBLIC_KEY_RSA; -/* Table 2:166 - Definition of TPMI_RSA_KEY_BITS Type */ -typedef TPM_KEY_BITS TPMI_RSA_KEY_BITS; -/* Table 2:167 - Definition of TPM2B_PRIVATE_KEY_RSA Structure */ -typedef union { - struct { - UINT16 size; - BYTE buffer[RSA_PRIVATE_SIZE]; - } t; - TPM2B b; + +typedef TPM_KEY_BITS TPMI_RSA_KEY_BITS; // (Part 2: Structures) +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE buffer[RSA_PRIVATE_SIZE]; + } t; + TPM2B b; } TPM2B_PRIVATE_KEY_RSA; -/* Table 2:168 - Definition of TPM2B_ECC_PARAMETER Structure */ -typedef union { - struct { - UINT16 size; - BYTE buffer[MAX_ECC_KEY_BYTES]; - } t; - TPM2B b; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE buffer[MAX_ECC_KEY_BYTES]; + } t; + TPM2B b; } TPM2B_ECC_PARAMETER; -/* Table 2:169 - Definition of TPMS_ECC_POINT Structure */ -typedef struct { - TPM2B_ECC_PARAMETER x; - TPM2B_ECC_PARAMETER y; + +typedef struct +{ // (Part 2: Structures) + TPM2B_ECC_PARAMETER x; + TPM2B_ECC_PARAMETER y; } TPMS_ECC_POINT; -/* Table 2:170 - Definition of TPM2B_ECC_POINT Structure */ -typedef struct { - UINT16 size; - TPMS_ECC_POINT point; + +typedef struct +{ // (Part 2: Structures) + UINT16 size; + TPMS_ECC_POINT point; } TPM2B_ECC_POINT; -/* Table 2:171 - Definition of TPMI_ALG_ECC_SCHEME Type */ -typedef TPM_ALG_ID TPMI_ALG_ECC_SCHEME; -/* Table 2:172 - Definition of TPMI_ECC_CURVE Type */ -typedef TPM_ECC_CURVE TPMI_ECC_CURVE; -/* Table 2:173 - Definition of TPMT_ECC_SCHEME Structure */ -typedef struct { - TPMI_ALG_ECC_SCHEME scheme; - TPMU_ASYM_SCHEME details; + +typedef TPM_ALG_ID TPMI_ALG_ECC_SCHEME; // (Part 2: Structures) +typedef TPM_ECC_CURVE TPMI_ECC_CURVE; // (Part 2: Structures) +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_ECC_SCHEME scheme; + TPMU_ASYM_SCHEME details; } TPMT_ECC_SCHEME; -/* Table 2:174 - Definition of TPMS_ALGORITHM_DETAIL_ECC Structure */ -typedef struct { - TPM_ECC_CURVE curveID; - UINT16 keySize; - TPMT_KDF_SCHEME kdf; - TPMT_ECC_SCHEME sign; - TPM2B_ECC_PARAMETER p; - TPM2B_ECC_PARAMETER a; - TPM2B_ECC_PARAMETER b; - TPM2B_ECC_PARAMETER gX; - TPM2B_ECC_PARAMETER gY; - TPM2B_ECC_PARAMETER n; - TPM2B_ECC_PARAMETER h; + +typedef struct +{ // (Part 2: Structures) + TPM_ECC_CURVE curveID; + UINT16 keySize; + TPMT_KDF_SCHEME kdf; + TPMT_ECC_SCHEME sign; + TPM2B_ECC_PARAMETER p; + TPM2B_ECC_PARAMETER a; + TPM2B_ECC_PARAMETER b; + TPM2B_ECC_PARAMETER gX; + TPM2B_ECC_PARAMETER gY; + TPM2B_ECC_PARAMETER n; + TPM2B_ECC_PARAMETER h; } TPMS_ALGORITHM_DETAIL_ECC; -/* Table 2:175 - Definition of TPMS_SIGNATURE_RSA Structure */ -typedef struct { - TPMI_ALG_HASH hash; - TPM2B_PUBLIC_KEY_RSA sig; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_HASH hash; + TPM2B_PUBLIC_KEY_RSA sig; } TPMS_SIGNATURE_RSA; -/* Table 2:176 - Definition of Types for Signature */ -typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSASSA; -typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSAPSS; -/* Table 2:177 - Definition of TPMS_SIGNATURE_ECC Structure */ -typedef struct { - TPMI_ALG_HASH hash; - TPM2B_ECC_PARAMETER signatureR; - TPM2B_ECC_PARAMETER signatureS; + +// Table "Definition of Types for Signature" (Part 2: Structures) +typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSAPSS; +typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSASSA; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_HASH hash; + TPM2B_ECC_PARAMETER signatureR; + TPM2B_ECC_PARAMETER signatureS; } TPMS_SIGNATURE_ECC; -/* Table 2:178 - Definition of Types for TPMS_SIGNATURE_ECC */ -typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDAA; -typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDSA; -typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_SM2; -typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECSCHNORR; -/* Table 2:179 - Definition of TPMU_SIGNATURE Union */ -typedef union { -#if ALG_ECC - TPMS_SIGNATURE_ECDAA ecdaa; -#endif // ALG_ECC -#if ALG_RSA - TPMS_SIGNATURE_RSASSA rsassa; -#endif // ALG_RSA -#if ALG_RSA - TPMS_SIGNATURE_RSAPSS rsapss; -#endif // ALG_RSA -#if ALG_ECC - TPMS_SIGNATURE_ECDSA ecdsa; -#endif // ALG_ECC -#if ALG_ECC - TPMS_SIGNATURE_SM2 sm2; -#endif // ALG_ECC -#if ALG_ECC - TPMS_SIGNATURE_ECSCHNORR ecschnorr; -#endif // ALG_ECC -#if ALG_HMAC - TPMT_HA hmac; -#endif // ALG_HMAC - TPMS_SCHEME_HASH any; + +// Table "Definition of Types for TPMS_SIGNATURE_ECC" (Part 2: Structures) +typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDAA; +typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDSA; +typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECSCHNORR; +typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_SM2; +#define TYPE_OF_TPMS_SIGNATURE_SM2 TPMS_SIGNATURE_ECC + +typedef union +{ // (Part 2: Structures) +#if ALG_HMAC + TPMT_HA hmac; +#endif // ALG_HMAC +#if ALG_RSASSA + TPMS_SIGNATURE_RSASSA rsassa; +#endif // ALG_RSASSA +#if ALG_RSAPSS + TPMS_SIGNATURE_RSAPSS rsapss; +#endif // ALG_RSAPSS +#if ALG_ECDSA + TPMS_SIGNATURE_ECDSA ecdsa; +#endif // ALG_ECDSA +#if ALG_ECDAA + TPMS_SIGNATURE_ECDAA ecdaa; +#endif // ALG_ECDAA +#if ALG_SM2 + TPMS_SIGNATURE_SM2 sm2; +#endif // ALG_SM2 +#if ALG_ECSCHNORR + TPMS_SIGNATURE_ECSCHNORR ecschnorr; +#endif // ALG_ECSCHNORR + TPMS_SCHEME_HASH any; } TPMU_SIGNATURE; -/* Table 2:180 - Definition of TPMT_SIGNATURE Structure */ -typedef struct { - TPMI_ALG_SIG_SCHEME sigAlg; - TPMU_SIGNATURE signature; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_SIG_SCHEME sigAlg; + TPMU_SIGNATURE signature; } TPMT_SIGNATURE; -/* Table 2:181 - Definition of TPMU_ENCRYPTED_SECRET Union */ -typedef union { -#if ALG_ECC - BYTE ecc[sizeof(TPMS_ECC_POINT)]; -#endif // ALG_ECC -#if ALG_RSA - BYTE rsa[MAX_RSA_KEY_BYTES]; -#endif // ALG_RSA -#if ALG_SYMCIPHER - BYTE symmetric[sizeof(TPM2B_DIGEST)]; -#endif // ALG_SYMCIPHER -#if ALG_KEYEDHASH - BYTE keyedHash[sizeof(TPM2B_DIGEST)]; -#endif // ALG_KEYEDHASH + +typedef union +{ // (Part 2: Structures) +#if ALG_ECC + BYTE ecc[sizeof(TPMS_ECC_POINT)]; +#endif // ALG_ECC +#if ALG_RSA + BYTE rsa[MAX_RSA_KEY_BYTES]; +#endif // ALG_RSA +#if ALG_SYMCIPHER + BYTE symmetric[sizeof(TPM2B_DIGEST)]; +#endif // ALG_SYMCIPHER +#if ALG_KEYEDHASH + BYTE keyedHash[sizeof(TPM2B_DIGEST)]; +#endif // ALG_KEYEDHASH } TPMU_ENCRYPTED_SECRET; -/* Table 2:182 - Definition of TPM2B_ENCRYPTED_SECRET Structure */ -typedef union { - struct { - UINT16 size; - BYTE secret[sizeof(TPMU_ENCRYPTED_SECRET)]; - } t; - TPM2B b; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE secret[sizeof(TPMU_ENCRYPTED_SECRET)]; + } t; + TPM2B b; } TPM2B_ENCRYPTED_SECRET; -/* Table 2:183 - Definition of TPMI_ALG_PUBLIC Type */ -typedef TPM_ALG_ID TPMI_ALG_PUBLIC; -/* Table 2:184 - Definition of TPMU_PUBLIC_ID Union */ -typedef union { -#if ALG_KEYEDHASH - TPM2B_DIGEST keyedHash; -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - TPM2B_DIGEST sym; -#endif // ALG_SYMCIPHER -#if ALG_RSA - TPM2B_PUBLIC_KEY_RSA rsa; -#endif // ALG_RSA -#if ALG_ECC - TPMS_ECC_POINT ecc; -#endif // ALG_ECC - TPMS_DERIVE derive; + +typedef TPM_ALG_ID TPMI_ALG_PUBLIC; // (Part 2: Structures) +typedef union +{ // (Part 2: Structures) +#if ALG_KEYEDHASH + TPM2B_DIGEST keyedHash; +#endif // ALG_KEYEDHASH +#if ALG_SYMCIPHER + TPM2B_DIGEST sym; +#endif // ALG_SYMCIPHER +#if ALG_RSA + TPM2B_PUBLIC_KEY_RSA rsa; +#endif // ALG_RSA +#if ALG_ECC + TPMS_ECC_POINT ecc; +#endif // ALG_ECC + TPMS_DERIVE derive; } TPMU_PUBLIC_ID; -/* Table 2:185 - Definition of TPMS_KEYEDHASH_PARMS Structure */ -typedef struct { - TPMT_KEYEDHASH_SCHEME scheme; + +typedef struct +{ // (Part 2: Structures) + TPMT_KEYEDHASH_SCHEME scheme; } TPMS_KEYEDHASH_PARMS; -/* Table 2:186 - Definition of TPMS_ASYM_PARMS Structure */ -typedef struct { - TPMT_SYM_DEF_OBJECT symmetric; - TPMT_ASYM_SCHEME scheme; + +typedef struct +{ // (Part 2: Structures) + TPMT_SYM_DEF_OBJECT symmetric; + TPMT_ASYM_SCHEME scheme; } TPMS_ASYM_PARMS; -/* Table 2:187 - Definition of TPMS_RSA_PARMS Structure */ -typedef struct { - TPMT_SYM_DEF_OBJECT symmetric; - TPMT_RSA_SCHEME scheme; - TPMI_RSA_KEY_BITS keyBits; - UINT32 exponent; + +typedef struct +{ // (Part 2: Structures) + TPMT_SYM_DEF_OBJECT symmetric; + TPMT_RSA_SCHEME scheme; + TPMI_RSA_KEY_BITS keyBits; + UINT32 exponent; } TPMS_RSA_PARMS; -/* Table 2:188 - Definition of TPMS_ECC_PARMS Structure */ -typedef struct { - TPMT_SYM_DEF_OBJECT symmetric; - TPMT_ECC_SCHEME scheme; - TPMI_ECC_CURVE curveID; - TPMT_KDF_SCHEME kdf; + +typedef struct +{ // (Part 2: Structures) + TPMT_SYM_DEF_OBJECT symmetric; + TPMT_ECC_SCHEME scheme; + TPMI_ECC_CURVE curveID; + TPMT_KDF_SCHEME kdf; } TPMS_ECC_PARMS; -/* Table 2:189 - Definition of TPMU_PUBLIC_PARMS Union */ -typedef union { -#if ALG_KEYEDHASH - TPMS_KEYEDHASH_PARMS keyedHashDetail; -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - TPMS_SYMCIPHER_PARMS symDetail; -#endif // ALG_SYMCIPHER -#if ALG_RSA - TPMS_RSA_PARMS rsaDetail; -#endif // ALG_RSA -#if ALG_ECC - TPMS_ECC_PARMS eccDetail; -#endif // ALG_ECC - TPMS_ASYM_PARMS asymDetail; + +typedef union +{ // (Part 2: Structures) +#if ALG_KEYEDHASH + TPMS_KEYEDHASH_PARMS keyedHashDetail; +#endif // ALG_KEYEDHASH +#if ALG_SYMCIPHER + TPMS_SYMCIPHER_PARMS symDetail; +#endif // ALG_SYMCIPHER +#if ALG_RSA + TPMS_RSA_PARMS rsaDetail; +#endif // ALG_RSA +#if ALG_ECC + TPMS_ECC_PARMS eccDetail; +#endif // ALG_ECC + TPMS_ASYM_PARMS asymDetail; } TPMU_PUBLIC_PARMS; -/* Table 2:190 - Definition of TPMT_PUBLIC_PARMS Structure */ -typedef struct { - TPMI_ALG_PUBLIC type; - TPMU_PUBLIC_PARMS parameters; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_PUBLIC type; + TPMU_PUBLIC_PARMS parameters; } TPMT_PUBLIC_PARMS; -/* Table 2:191 - Definition of TPMT_PUBLIC Structure */ -typedef struct { - TPMI_ALG_PUBLIC type; - TPMI_ALG_HASH nameAlg; - TPMA_OBJECT objectAttributes; - TPM2B_DIGEST authPolicy; - TPMU_PUBLIC_PARMS parameters; - TPMU_PUBLIC_ID unique; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_PUBLIC type; + TPMI_ALG_HASH nameAlg; + TPMA_OBJECT objectAttributes; + TPM2B_DIGEST authPolicy; + TPMU_PUBLIC_PARMS parameters; + TPMU_PUBLIC_ID unique; } TPMT_PUBLIC; -/* Table 2:192 - Definition of TPM2B_PUBLIC Structure */ -typedef struct { - UINT16 size; - TPMT_PUBLIC publicArea; + +typedef struct +{ // (Part 2: Structures) + UINT16 size; + TPMT_PUBLIC publicArea; } TPM2B_PUBLIC; -/* Table 2:193 - Definition of TPM2B_TEMPLATE Structure */ -typedef union { - struct { - UINT16 size; - BYTE buffer[sizeof(TPMT_PUBLIC)]; - } t; - TPM2B b; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE buffer[sizeof(TPMT_PUBLIC)]; + } t; + TPM2B b; } TPM2B_TEMPLATE; -/* Table 2:194 - Definition of TPM2B_PRIVATE_VENDOR_SPECIFIC Structure */ -typedef union { - struct { - UINT16 size; - BYTE buffer[PRIVATE_VENDOR_SPECIFIC_BYTES]; - } t; - TPM2B b; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE buffer[PRIVATE_VENDOR_SPECIFIC_BYTES]; + } t; + TPM2B b; } TPM2B_PRIVATE_VENDOR_SPECIFIC; -/* Table 2:195 - Definition of TPMU_SENSITIVE_COMPOSITE Union */ -typedef union { -#if ALG_RSA - TPM2B_PRIVATE_KEY_RSA rsa; -#endif // ALG_RSA -#if ALG_ECC - TPM2B_ECC_PARAMETER ecc; -#endif // ALG_ECC -#if ALG_KEYEDHASH - TPM2B_SENSITIVE_DATA bits; -#endif // ALG_KEYEDHASH -#if ALG_SYMCIPHER - TPM2B_SYM_KEY sym; -#endif // ALG_SYMCIPHER - TPM2B_PRIVATE_VENDOR_SPECIFIC any; + +typedef union +{ // (Part 2: Structures) +#if ALG_RSA + TPM2B_PRIVATE_KEY_RSA rsa; +#endif // ALG_RSA +#if ALG_ECC + TPM2B_ECC_PARAMETER ecc; +#endif // ALG_ECC +#if ALG_KEYEDHASH + TPM2B_SENSITIVE_DATA bits; +#endif // ALG_KEYEDHASH +#if ALG_SYMCIPHER + TPM2B_SYM_KEY sym; +#endif // ALG_SYMCIPHER + TPM2B_PRIVATE_VENDOR_SPECIFIC any; } TPMU_SENSITIVE_COMPOSITE; -/* Table 2:196 - Definition of TPMT_SENSITIVE Structure */ -typedef struct { - TPMI_ALG_PUBLIC sensitiveType; - TPM2B_AUTH authValue; - TPM2B_DIGEST seedValue; - TPMU_SENSITIVE_COMPOSITE sensitive; + +typedef struct +{ // (Part 2: Structures) + TPMI_ALG_PUBLIC sensitiveType; + TPM2B_AUTH authValue; + TPM2B_DIGEST seedValue; + TPMU_SENSITIVE_COMPOSITE sensitive; } TPMT_SENSITIVE; -/* Table 2:197 - Definition of TPM2B_SENSITIVE Structure */ -typedef struct { - UINT16 size; - TPMT_SENSITIVE sensitiveArea; + +typedef struct +{ // (Part 2: Structures) + UINT16 size; + TPMT_SENSITIVE sensitiveArea; } TPM2B_SENSITIVE; -/* Table 2:198 - Definition of _PRIVATE Structure */ -typedef struct { - TPM2B_DIGEST integrityOuter; - TPM2B_DIGEST integrityInner; - TPM2B_SENSITIVE sensitive; + +typedef struct +{ // (Part 2: Structures) + TPM2B_DIGEST integrityOuter; + TPM2B_DIGEST integrityInner; + TPM2B_SENSITIVE sensitive; } _PRIVATE; -/* Table 2:199 - Definition of TPM2B_PRIVATE Structure */ -typedef union { - struct { - UINT16 size; - BYTE buffer[sizeof(_PRIVATE)]; - } t; - TPM2B b; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE buffer[sizeof(_PRIVATE)]; + } t; + TPM2B b; } TPM2B_PRIVATE; -/* Table 2:203 - Definition of TPMS_ID_OBJECT Structure */ -typedef struct { - TPM2B_DIGEST integrityHMAC; - TPM2B_DIGEST encIdentity; + +typedef struct +{ // (Part 2: Structures) + TPM2B_DIGEST integrityHMAC; + TPM2B_DIGEST encIdentity; } TPMS_ID_OBJECT; -/* Table 204 - Definition of TPM2B_ID_OBJECT Structure */ -typedef union { - struct { - UINT16 size; - BYTE credential[sizeof(TPMS_ID_OBJECT)]; - } t; - TPM2B b; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE credential[sizeof(TPMS_ID_OBJECT)]; + } t; + TPM2B b; } TPM2B_ID_OBJECT; -#define TYPE_OF_TPM_NV_INDEX UINT32 -#define TPM_NV_INDEX_TO_UINT32(a) (*((UINT32 *)&(a))) -#define UINT32_TO_TPM_NV_INDEX(a) (*((TPM_NV_INDEX *)&(a))) -#define TPM_NV_INDEX_TO_BYTE_ARRAY(i, a) \ - UINT32_TO_BYTE_ARRAY((TPM_NV_INDEX_TO_UINT32(i)), (a)) -#define BYTE_ARRAY_TO_TPM_NV_INDEX(i, a) \ - { UINT32 x = BYTE_ARRAY_TO_UINT32(a); i = UINT32_TO_TPM_NV_INDEX(x); } +// Table "Definition of TPM_NV_INDEX Bits" (Part 2: Structures) +#define TYPE_OF_TPM_NV_INDEX UINT32 +#define TPM_NV_INDEX_TO_UINT32(a) (*((UINT32*)&(a))) +#define UINT32_TO_TPM_NV_INDEX(a) (*((TPM_NV_INDEX*)&(a))) +#define TPM_NV_INDEX_TO_BYTE_ARRAY(i, a) \ + UINT32_TO_BYTE_ARRAY((TPM_NV_INDEX_TO_UINT32(i)), (a)) +#define BYTE_ARRAY_TO_TPM_NV_INDEX(i, a) \ + { \ + UINT32 x = BYTE_ARRAY_TO_UINT32(a); \ + i = UINT32_TO_TPM_NV_INDEX(x); \ + } #if USE_BIT_FIELD_STRUCTURES -typedef struct TPM_NV_INDEX { // Table 2:205 - unsigned index : 24; - unsigned RH_NV : 8; +typedef struct +{ + unsigned index : 24; + unsigned RH_NV : 8; } TPM_NV_INDEX; -// This is the initializer for a TPM_NV_INDEX structure -#define TPM_NV_INDEX_INITIALIZER(index, rh_nv) {index, rh_nv} -#else // USE_BIT_FIELD_STRUCTURES -// This implements Table 2:205 TPM_NV_INDEX using bit masking -typedef UINT32 TPM_NV_INDEX; -#define TPM_NV_INDEX_index_SHIFT 0 -#define TPM_NV_INDEX_index ((TPM_NV_INDEX)0xffffff << 0) -#define TPM_NV_INDEX_RH_NV_SHIFT 24 -#define TPM_NV_INDEX_RH_NV ((TPM_NV_INDEX)0xff << 24) -// This is the initializer for a TPM_NV_INDEX bit array. -#define TPM_NV_INDEX_INITIALIZER(index, rh_nv) \ - (TPM_NV_INDEX)( \ - (index << 0) + (rh_nv << 24)) -#endif // USE_BIT_FIELD_STRUCTURES -// Table 2:206 - Definition of TPM_NT Constants -typedef UINT32 TPM_NT; -#define TYPE_OF_TPM_NT UINT32 -#define TPM_NT_ORDINARY (TPM_NT)(0x0) -#define TPM_NT_COUNTER (TPM_NT)(0x1) -#define TPM_NT_BITS (TPM_NT)(0x2) -#define TPM_NT_EXTEND (TPM_NT)(0x4) -#define TPM_NT_PIN_FAIL (TPM_NT)(0x8) -#define TPM_NT_PIN_PASS (TPM_NT)(0x9) -// Table 2:207 -typedef struct { - UINT32 pinCount; - UINT32 pinLimit; +// Initializer for the bit-field structure +# define TPM_NV_INDEX_INITIALIZER(index, rh_nv) \ + { \ + index, rh_nv \ + } +#else // USE_BIT_FIELD_STRUCTURES + +// This implements Table "Definition of TPM_NV_INDEX Bits" (Part 2: Structures) using bit masking +typedef UINT32 TPM_NV_INDEX; +# define TPM_NV_INDEX_index (TPM_NV_INDEX)(0xFFFFFF << 0) +# define TPM_NV_INDEX_index_SHIFT 0 +# define TPM_NV_INDEX_RH_NV (TPM_NV_INDEX)(0xFF << 24) +# define TPM_NV_INDEX_RH_NV_SHIFT 24 + +// This is the initializer for a TPM_NV_INDEX bit array. +# define TPM_NV_INDEX_INITIALIZER(index, rh_nv) \ + (TPM_NV_INDEX)((index << 0) + (rh_nv << 24)) + +#endif // USE_BIT_FIELD_STRUCTURES + +// Table "Definition of TPM_NT Constants" (Part 2: Structures) +typedef UINT32 TPM_NT; +#define TYPE_OF_TPM_NT UINT32 +#define TPM_NT_ORDINARY (TPM_NT)(0x0) +#define TPM_NT_COUNTER (TPM_NT)(0x1) +#define TPM_NT_BITS (TPM_NT)(0x2) +#define TPM_NT_EXTEND (TPM_NT)(0x4) +#define TPM_NT_PIN_FAIL (TPM_NT)(0x8) +#define TPM_NT_PIN_PASS (TPM_NT)(0x9) + +typedef struct +{ // (Part 2: Structures) + UINT32 pinCount; + UINT32 pinLimit; } TPMS_NV_PIN_COUNTER_PARAMETERS; -#define TYPE_OF_TPMA_NV UINT32 -#define TPMA_NV_TO_UINT32(a) (*((UINT32 *)&(a))) -#define UINT32_TO_TPMA_NV(a) (*((TPMA_NV *)&(a))) -#define TPMA_NV_TO_BYTE_ARRAY(i, a) \ - UINT32_TO_BYTE_ARRAY((TPMA_NV_TO_UINT32(i)), (a)) -#define BYTE_ARRAY_TO_TPMA_NV(i, a) \ - { UINT32 x = BYTE_ARRAY_TO_UINT32(a); i = UINT32_TO_TPMA_NV(x); } +// Table "Definition of TPMA_NV Bits" (Part 2: Structures) +#define TYPE_OF_TPMA_NV UINT32 +#define TPMA_NV_TO_UINT32(a) (*((UINT32*)&(a))) +#define UINT32_TO_TPMA_NV(a) (*((TPMA_NV*)&(a))) +#define TPMA_NV_TO_BYTE_ARRAY(i, a) UINT32_TO_BYTE_ARRAY((TPMA_NV_TO_UINT32(i)), (a)) +#define BYTE_ARRAY_TO_TPMA_NV(i, a) \ + { \ + UINT32 x = BYTE_ARRAY_TO_UINT32(a); \ + i = UINT32_TO_TPMA_NV(x); \ + } #if USE_BIT_FIELD_STRUCTURES -typedef struct TPMA_NV { // Table 2:208 - unsigned PPWRITE : 1; - unsigned OWNERWRITE : 1; - unsigned AUTHWRITE : 1; - unsigned POLICYWRITE : 1; - unsigned TPM_NT : 4; - unsigned Reserved_bits_at_8 : 2; - unsigned POLICY_DELETE : 1; - unsigned WRITELOCKED : 1; - unsigned WRITEALL : 1; - unsigned WRITEDEFINE : 1; - unsigned WRITE_STCLEAR : 1; - unsigned GLOBALLOCK : 1; - unsigned PPREAD : 1; - unsigned OWNERREAD : 1; - unsigned AUTHREAD : 1; - unsigned POLICYREAD : 1; - unsigned Reserved_bits_at_20 : 5; - unsigned NO_DA : 1; - unsigned ORDERLY : 1; - unsigned CLEAR_STCLEAR : 1; - unsigned READLOCKED : 1; - unsigned WRITTEN : 1; - unsigned PLATFORMCREATE : 1; - unsigned READ_STCLEAR : 1; +typedef struct +{ + unsigned PPWRITE : 1; + unsigned OWNERWRITE : 1; + unsigned AUTHWRITE : 1; + unsigned POLICYWRITE : 1; + unsigned TPM_NT : 4; + unsigned Reserved_bits_at_8 : 2; + unsigned POLICY_DELETE : 1; + unsigned WRITELOCKED : 1; + unsigned WRITEALL : 1; + unsigned WRITEDEFINE : 1; + unsigned WRITE_STCLEAR : 1; + unsigned GLOBALLOCK : 1; + unsigned PPREAD : 1; + unsigned OWNERREAD : 1; + unsigned AUTHREAD : 1; + unsigned POLICYREAD : 1; + unsigned Reserved_bits_at_20 : 5; + unsigned NO_DA : 1; + unsigned ORDERLY : 1; + unsigned CLEAR_STCLEAR : 1; + unsigned READLOCKED : 1; + unsigned WRITTEN : 1; + unsigned PLATFORMCREATE : 1; + unsigned READ_STCLEAR : 1; } TPMA_NV; -// This is the initializer for a TPMA_NV structure -#define TPMA_NV_INITIALIZER( \ - ppwrite, ownerwrite, authwrite, policywrite, \ - tpm_nt, bits_at_8, policy_delete, writelocked, \ - writeall, writedefine, write_stclear, globallock, \ - ppread, ownerread, authread, policyread, \ - bits_at_20, no_da, orderly, clear_stclear, \ - readlocked, written, platformcreate, read_stclear) \ - {ppwrite, ownerwrite, authwrite, policywrite, \ - tpm_nt, bits_at_8, policy_delete, writelocked, \ - writeall, writedefine, write_stclear, globallock, \ - ppread, ownerread, authread, policyread, \ - bits_at_20, no_da, orderly, clear_stclear, \ - readlocked, written, platformcreate, read_stclear} -#else // USE_BIT_FIELD_STRUCTURES -// This implements Table 2:208 TPMA_NV using bit masking -typedef UINT32 TPMA_NV; + +// Initializer for the bit-field structure +# define TPMA_NV_INITIALIZER(ppwrite, \ + ownerwrite, \ + authwrite, \ + policywrite, \ + tpm_nt, \ + bits_at_8, \ + policy_delete, \ + writelocked, \ + writeall, \ + writedefine, \ + write_stclear, \ + globallock, \ + ppread, \ + ownerread, \ + authread, \ + policyread, \ + bits_at_20, \ + no_da, \ + orderly, \ + clear_stclear, \ + readlocked, \ + written, \ + platformcreate, \ + read_stclear) \ + { \ + ppwrite, ownerwrite, authwrite, policywrite, tpm_nt, bits_at_8, \ + policy_delete, writelocked, writeall, writedefine, write_stclear, \ + globallock, ppread, ownerread, authread, policyread, bits_at_20, \ + no_da, orderly, clear_stclear, readlocked, written, platformcreate, \ + read_stclear \ + } +#else // USE_BIT_FIELD_STRUCTURES + +// This implements Table "Definition of TPMA_NV Bits" (Part 2: Structures) using bit masking +typedef UINT32 TPMA_NV; #define TYPE_OF_TPMA_NV UINT32 -#define TPMA_NV_PPWRITE ((TPMA_NV)1 << 0) -#define TPMA_NV_OWNERWRITE ((TPMA_NV)1 << 1) -#define TPMA_NV_AUTHWRITE ((TPMA_NV)1 << 2) -#define TPMA_NV_POLICYWRITE ((TPMA_NV)1 << 3) -#define TPMA_NV_TPM_NT_SHIFT 4 -#define TPMA_NV_TPM_NT ((TPMA_NV)0xf << 4) -#define TPMA_NV_POLICY_DELETE ((TPMA_NV)1 << 10) -#define TPMA_NV_WRITELOCKED ((TPMA_NV)1 << 11) -#define TPMA_NV_WRITEALL ((TPMA_NV)1 << 12) -#define TPMA_NV_WRITEDEFINE ((TPMA_NV)1 << 13) -#define TPMA_NV_WRITE_STCLEAR ((TPMA_NV)1 << 14) -#define TPMA_NV_GLOBALLOCK ((TPMA_NV)1 << 15) -#define TPMA_NV_PPREAD ((TPMA_NV)1 << 16) -#define TPMA_NV_OWNERREAD ((TPMA_NV)1 << 17) -#define TPMA_NV_AUTHREAD ((TPMA_NV)1 << 18) -#define TPMA_NV_POLICYREAD ((TPMA_NV)1 << 19) -#define TPMA_NV_NO_DA ((TPMA_NV)1 << 25) -#define TPMA_NV_ORDERLY ((TPMA_NV)1 << 26) -#define TPMA_NV_CLEAR_STCLEAR ((TPMA_NV)1 << 27) -#define TPMA_NV_READLOCKED ((TPMA_NV)1 << 28) -#define TPMA_NV_WRITTEN ((TPMA_NV)1 << 29) -#define TPMA_NV_PLATFORMCREATE ((TPMA_NV)1 << 30) -#define TPMA_NV_READ_STCLEAR ((TPMA_NV)1 << 31) +# define TPMA_NV_PPWRITE (TPMA_NV)(1 << 0) +# define TPMA_NV_OWNERWRITE (TPMA_NV)(1 << 1) +# define TPMA_NV_AUTHWRITE (TPMA_NV)(1 << 2) +# define TPMA_NV_POLICYWRITE (TPMA_NV)(1 << 3) +# define TPMA_NV_TPM_NT (TPMA_NV)(0xF << 4) +# define TPMA_NV_TPM_NT_SHIFT 4 +# define TPMA_NV_POLICY_DELETE (TPMA_NV)(1 << 10) +# define TPMA_NV_WRITELOCKED (TPMA_NV)(1 << 11) +# define TPMA_NV_WRITEALL (TPMA_NV)(1 << 12) +# define TPMA_NV_WRITEDEFINE (TPMA_NV)(1 << 13) +# define TPMA_NV_WRITE_STCLEAR (TPMA_NV)(1 << 14) +# define TPMA_NV_GLOBALLOCK (TPMA_NV)(1 << 15) +# define TPMA_NV_PPREAD (TPMA_NV)(1 << 16) +# define TPMA_NV_OWNERREAD (TPMA_NV)(1 << 17) +# define TPMA_NV_AUTHREAD (TPMA_NV)(1 << 18) +# define TPMA_NV_POLICYREAD (TPMA_NV)(1 << 19) +# define TPMA_NV_NO_DA (TPMA_NV)(1 << 25) +# define TPMA_NV_ORDERLY (TPMA_NV)(1 << 26) +# define TPMA_NV_CLEAR_STCLEAR (TPMA_NV)(1 << 27) +# define TPMA_NV_READLOCKED (TPMA_NV)(1 << 28) +# define TPMA_NV_WRITTEN (TPMA_NV)(1 << 29) +# define TPMA_NV_PLATFORMCREATE (TPMA_NV)(1 << 30) +# define TPMA_NV_READ_STCLEAR (TPMA_NV)(1 << 31) #define TPMA_NV_RESERVED (0x00000300 | 0x01f00000) -// This is the initializer for a TPMA_NV bit array. -#define TPMA_NV_INITIALIZER( \ - ppwrite, ownerwrite, authwrite, policywrite, \ - tpm_nt, bits_at_8, policy_delete, writelocked, \ - writeall, writedefine, write_stclear, globallock, \ - ppread, ownerread, authread, policyread, \ - bits_at_20, no_da, orderly, clear_stclear, \ - readlocked, written, platformcreate, read_stclear) \ - (TPMA_NV)( \ - (ppwrite << 0) + (ownerwrite << 1) + \ - (authwrite << 2) + (policywrite << 3) + \ - (tpm_nt << 4) + (policy_delete << 10) + \ - (writelocked << 11) + (writeall << 12) + \ - (writedefine << 13) + (write_stclear << 14) + \ - (globallock << 15) + (ppread << 16) + \ - (ownerread << 17) + (authread << 18) + \ - (policyread << 19) + (no_da << 25) + \ - (orderly << 26) + (clear_stclear << 27) + \ - (readlocked << 28) + (written << 29) + \ - (platformcreate << 30) + (read_stclear << 31)) -#endif // USE_BIT_FIELD_STRUCTURES + +// This is the initializer for a TPMA_NV bit array. +# define TPMA_NV_INITIALIZER(ppwrite, \ + ownerwrite, \ + authwrite, \ + policywrite, \ + tpm_nt, \ + bits_at_8, \ + policy_delete, \ + writelocked, \ + writeall, \ + writedefine, \ + write_stclear, \ + globallock, \ + ppread, \ + ownerread, \ + authread, \ + policyread, \ + bits_at_20, \ + no_da, \ + orderly, \ + clear_stclear, \ + readlocked, \ + written, \ + platformcreate, \ + read_stclear) \ + (TPMA_NV)((ppwrite << 0) + (ownerwrite << 1) + (authwrite << 2) \ + + (policywrite << 3) + (tpm_nt << 4) + (policy_delete << 10) \ + + (writelocked << 11) + (writeall << 12) + (writedefine << 13) \ + + (write_stclear << 14) + (globallock << 15) + (ppread << 16) \ + + (ownerread << 17) + (authread << 18) + (policyread << 19) \ + + (no_da << 25) + (orderly << 26) + (clear_stclear << 27) \ + + (readlocked << 28) + (written << 29) + (platformcreate << 30) \ + + (read_stclear << 31)) + +#endif // USE_BIT_FIELD_STRUCTURES // Table "Definition of TPMA_NV_EXP Bits" (Part 2: Structures) #define TYPE_OF_TPMA_NV_EXP UINT64 #define TPMA_NV_EXP_TO_UINT64(a) (*((UINT64*)&(a))) #define UINT64_TO_TPMA_NV_EXP(a) (*((TPMA_NV_EXP*)&(a))) -#define TPMA_NV_EXP_TO_BYTE_ARRAY(i, a) \ +#define TPMA_NV_EXP_TO_BYTE_ARRAY(i, a) \ UINT64_TO_BYTE_ARRAY((TPMA_NV_EXP_TO_UINT64(i)), (a)) -#define BYTE_ARRAY_TO_TPMA_NV_EXP(i, a) \ - { \ - UINT64 x = BYTE_ARRAY_TO_UINT64(a); \ - i = UINT64_TO_TPMA_NV_EXP(x); \ +#define BYTE_ARRAY_TO_TPMA_NV_EXP(i, a) \ + { \ + UINT64 x = BYTE_ARRAY_TO_UINT64(a); \ + i = UINT64_TO_TPMA_NV_EXP(x); \ } #if USE_BIT_FIELD_STRUCTURES typedef struct @@ -2484,45 +2734,45 @@ typedef struct } TPMA_NV_EXP; // Initializer for the bit-field structure -# define TPMA_NV_EXP_INITIALIZER(tpma_nv_ppwrite, \ - tpma_nv_ownerwrite, \ - tpma_nv_authwrite, \ - tpma_nv_policywrite, \ - tpm_nt, \ - bits_at_8, \ - tpma_nv_policy_delete, \ - tpma_nv_writelocked, \ - tpma_nv_writeall, \ - tpma_nv_writedefine, \ - tpma_nv_write_stclear, \ - tpma_nv_globallock, \ - tpma_nv_ppread, \ - tpma_nv_ownerread, \ - tpma_nv_authread, \ - tpma_nv_policyread, \ - bits_at_20, \ - tpma_nv_no_da, \ - tpma_nv_orderly, \ - tpma_nv_clear_stclear, \ - tpma_nv_readlocked, \ - tpma_nv_written, \ - tpma_nv_platformcreate, \ - tpma_nv_read_stclear, \ - tpma_external_nv_encryption, \ - tpma_external_nv_integrity, \ - tpma_external_nv_antirollback, \ - bits_at_35) \ - { \ - tpma_nv_ppwrite, tpma_nv_ownerwrite, tpma_nv_authwrite, \ - tpma_nv_policywrite, tpm_nt, bits_at_8, tpma_nv_policy_delete, \ - tpma_nv_writelocked, tpma_nv_writeall, tpma_nv_writedefine, \ - tpma_nv_write_stclear, tpma_nv_globallock, tpma_nv_ppread, \ - tpma_nv_ownerread, tpma_nv_authread, tpma_nv_policyread, bits_at_20, \ - tpma_nv_no_da, tpma_nv_orderly, tpma_nv_clear_stclear, \ - tpma_nv_readlocked, tpma_nv_written, tpma_nv_platformcreate, \ - tpma_nv_read_stclear, tpma_external_nv_encryption, \ - tpma_external_nv_integrity, tpma_external_nv_antirollback, bits_at_35 \ - } +# define TPMA_NV_EXP_INITIALIZER(tpma_nv_ppwrite, \ + tpma_nv_ownerwrite, \ + tpma_nv_authwrite, \ + tpma_nv_policywrite, \ + tpm_nt, \ + bits_at_8, \ + tpma_nv_policy_delete, \ + tpma_nv_writelocked, \ + tpma_nv_writeall, \ + tpma_nv_writedefine, \ + tpma_nv_write_stclear, \ + tpma_nv_globallock, \ + tpma_nv_ppread, \ + tpma_nv_ownerread, \ + tpma_nv_authread, \ + tpma_nv_policyread, \ + bits_at_20, \ + tpma_nv_no_da, \ + tpma_nv_orderly, \ + tpma_nv_clear_stclear, \ + tpma_nv_readlocked, \ + tpma_nv_written, \ + tpma_nv_platformcreate, \ + tpma_nv_read_stclear, \ + tpma_external_nv_encryption, \ + tpma_external_nv_integrity, \ + tpma_external_nv_antirollback, \ + bits_at_35) \ + { \ + tpma_nv_ppwrite, tpma_nv_ownerwrite, tpma_nv_authwrite, \ + tpma_nv_policywrite, tpm_nt, bits_at_8, tpma_nv_policy_delete, \ + tpma_nv_writelocked, tpma_nv_writeall, tpma_nv_writedefine, \ + tpma_nv_write_stclear, tpma_nv_globallock, tpma_nv_ppread, \ + tpma_nv_ownerread, tpma_nv_authread, tpma_nv_policyread, bits_at_20, \ + tpma_nv_no_da, tpma_nv_orderly, tpma_nv_clear_stclear, \ + tpma_nv_readlocked, tpma_nv_written, tpma_nv_platformcreate, \ + tpma_nv_read_stclear, tpma_external_nv_encryption, \ + tpma_external_nv_integrity, tpma_external_nv_antirollback, bits_at_35 \ + } #else // USE_BIT_FIELD_STRUCTURES // This implements Table "Definition of TPMA_NV_EXP Bits" (Part 2: Structures) using bit masking @@ -2556,155 +2806,168 @@ typedef UINT64 TPMA_NV_EXP; # define TPMA_NV_EXP_reserved 0xfffffff800000000L // This is the initializer for a TPMA_NV_EXP bit array. -# define TPMA_NV_EXP_INITIALIZER(tpma_nv_ppwrite, \ - tpma_nv_ownerwrite, \ - tpma_nv_authwrite, \ - tpma_nv_policywrite, \ - tpm_nt, \ - bits_at_8, \ - tpma_nv_policy_delete, \ - tpma_nv_writelocked, \ - tpma_nv_writeall, \ - tpma_nv_writedefine, \ - tpma_nv_write_stclear, \ - tpma_nv_globallock, \ - tpma_nv_ppread, \ - tpma_nv_ownerread, \ - tpma_nv_authread, \ - tpma_nv_policyread, \ - bits_at_20, \ - tpma_nv_no_da, \ - tpma_nv_orderly, \ - tpma_nv_clear_stclear, \ - tpma_nv_readlocked, \ - tpma_nv_written, \ - tpma_nv_platformcreate, \ - tpma_nv_read_stclear, \ - tpma_external_nv_encryption, \ - tpma_external_nv_integrity, \ - tpma_external_nv_antirollback, \ - bits_at_35) \ - (TPMA_NV_EXP)((tpma_nv_ppwrite << 0) + (tpma_nv_ownerwrite << 1) \ - + (tpma_nv_authwrite << 2) + (tpma_nv_policywrite << 3) \ - + (tpm_nt << 4) + (tpma_nv_policy_delete << 10) \ - + (tpma_nv_writelocked << 11) + (tpma_nv_writeall << 12) \ - + (tpma_nv_writedefine << 13) + (tpma_nv_write_stclear << 14) \ - + (tpma_nv_globallock << 15) + (tpma_nv_ppread << 16) \ - + (tpma_nv_ownerread << 17) + (tpma_nv_authread << 18) \ - + (tpma_nv_policyread << 19) + (tpma_nv_no_da << 25) \ - + (tpma_nv_orderly << 26) + (tpma_nv_clear_stclear << 27) \ - + (tpma_nv_readlocked << 28) + (tpma_nv_written << 29) \ - + (tpma_nv_platformcreate << 30) + (tpma_nv_read_stclear << 31) \ - + (tpma_external_nv_encryption << 32) \ - + (tpma_external_nv_integrity << 33) \ - + (tpma_external_nv_antirollback << 34)) +# define TPMA_NV_EXP_INITIALIZER(tpma_nv_ppwrite, \ + tpma_nv_ownerwrite, \ + tpma_nv_authwrite, \ + tpma_nv_policywrite, \ + tpm_nt, \ + bits_at_8, \ + tpma_nv_policy_delete, \ + tpma_nv_writelocked, \ + tpma_nv_writeall, \ + tpma_nv_writedefine, \ + tpma_nv_write_stclear, \ + tpma_nv_globallock, \ + tpma_nv_ppread, \ + tpma_nv_ownerread, \ + tpma_nv_authread, \ + tpma_nv_policyread, \ + bits_at_20, \ + tpma_nv_no_da, \ + tpma_nv_orderly, \ + tpma_nv_clear_stclear, \ + tpma_nv_readlocked, \ + tpma_nv_written, \ + tpma_nv_platformcreate, \ + tpma_nv_read_stclear, \ + tpma_external_nv_encryption, \ + tpma_external_nv_integrity, \ + tpma_external_nv_antirollback, \ + bits_at_35) \ + (TPMA_NV_EXP)((tpma_nv_ppwrite << 0) + (tpma_nv_ownerwrite << 1) \ + + (tpma_nv_authwrite << 2) + (tpma_nv_policywrite << 3) \ + + (tpm_nt << 4) + (tpma_nv_policy_delete << 10) \ + + (tpma_nv_writelocked << 11) + (tpma_nv_writeall << 12) \ + + (tpma_nv_writedefine << 13) + (tpma_nv_write_stclear << 14) \ + + (tpma_nv_globallock << 15) + (tpma_nv_ppread << 16) \ + + (tpma_nv_ownerread << 17) + (tpma_nv_authread << 18) \ + + (tpma_nv_policyread << 19) + (tpma_nv_no_da << 25) \ + + (tpma_nv_orderly << 26) + (tpma_nv_clear_stclear << 27) \ + + (tpma_nv_readlocked << 28) + (tpma_nv_written << 29) \ + + (tpma_nv_platformcreate << 30) + (tpma_nv_read_stclear << 31) \ + + (tpma_external_nv_encryption << 32) \ + + (tpma_external_nv_integrity << 33) \ + + (tpma_external_nv_antirollback << 34)) #endif // USE_BIT_FIELD_STRUCTURES -/* Table 2:209 - Definition of TPMS_NV_PUBLIC Structure */ -typedef struct { +typedef struct +{ // (Part 2: Structures) TPMI_RH_NV_INDEX nvIndex; TPMI_ALG_HASH nameAlg; TPMA_NV attributes; TPM2B_DIGEST authPolicy; UINT16 dataSize; } TPMS_NV_PUBLIC; -/* Table 2:207 - Definition of TPM2B_NV_PUBLIC Structure */ -typedef struct { - UINT16 size; - TPMS_NV_PUBLIC nvPublic; -} TPM2B_NV_PUBLIC; + typedef struct -{ +{ // (Part 2: Structures) + UINT16 size; + TPMS_NV_PUBLIC nvPublic; +} TPM2B_NV_PUBLIC; + +typedef struct +{ // (Part 2: Structures) TPMI_RH_NV_EXP_INDEX nvIndex; TPMI_ALG_HASH nameAlg; TPMA_NV_EXP attributes; TPM2B_DIGEST authPolicy; UINT16 dataSize; } TPMS_NV_PUBLIC_EXP_ATTR; + typedef union -{ +{ // (Part 2: Structures) TPMS_NV_PUBLIC nvIndex; TPMS_NV_PUBLIC_EXP_ATTR externalNV; TPMS_NV_PUBLIC permanentNV; } TPMU_NV_PUBLIC_2; + typedef struct -{ +{ // (Part 2: Structures) TPM_HT handleType; TPMU_NV_PUBLIC_2 nvPublic2; } TPMT_NV_PUBLIC_2; + typedef struct -{ +{ // (Part 2: Structures) UINT16 size; TPMT_NV_PUBLIC_2 nvPublic2; } TPM2B_NV_PUBLIC_2; -/* Table 2:208 - Definition of TPM2B_CONTEXT_SENSITIVE Structure */ -typedef union { - struct { - UINT16 size; - BYTE buffer[MAX_CONTEXT_SIZE]; - } t; - TPM2B b; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE buffer[MAX_CONTEXT_SIZE]; + } t; + TPM2B b; } TPM2B_CONTEXT_SENSITIVE; -/* Table 2:209 - Definition of TPMS_CONTEXT_DATA Structure */ -typedef struct { - TPM2B_DIGEST integrity; - TPM2B_CONTEXT_SENSITIVE encrypted; + +typedef struct +{ // (Part 2: Structures) + TPM2B_DIGEST integrity; + TPM2B_CONTEXT_SENSITIVE encrypted; } TPMS_CONTEXT_DATA; -/* Table 2:210 - Definition of TPM2B_CONTEXT_DATA Structure */ -typedef union { - struct { - UINT16 size; - BYTE buffer[sizeof(TPMS_CONTEXT_DATA)]; - } t; - TPM2B b; + +typedef union +{ // (Part 2: Structures) + struct + { + UINT16 size; + BYTE buffer[sizeof(TPMS_CONTEXT_DATA)]; + } t; + TPM2B b; } TPM2B_CONTEXT_DATA; -/* Table 2:211 - Definition of TPMS_CONTEXT Structure */ -typedef struct { - UINT64 sequence; - TPMI_DH_SAVED savedHandle; - TPMI_RH_HIERARCHY hierarchy; - TPM2B_CONTEXT_DATA contextBlob; + +typedef struct +{ // (Part 2: Structures) + UINT64 sequence; + TPMI_DH_SAVED savedHandle; + TPMI_RH_HIERARCHY hierarchy; + TPM2B_CONTEXT_DATA contextBlob; } TPMS_CONTEXT; -/* Table 2:213 - Definition of TPMS_CREATION_DATA Structure */ -typedef struct { - TPML_PCR_SELECTION pcrSelect; - TPM2B_DIGEST pcrDigest; - TPMA_LOCALITY locality; - TPM_ALG_ID parentNameAlg; - TPM2B_NAME parentName; - TPM2B_NAME parentQualifiedName; - TPM2B_DATA outsideInfo; + +typedef struct +{ // (Part 2: Structures) + TPML_PCR_SELECTION pcrSelect; + TPM2B_DIGEST pcrDigest; + TPMA_LOCALITY locality; + TPM_ALG_ID parentNameAlg; + TPM2B_NAME parentName; + TPM2B_NAME parentQualifiedName; + TPM2B_DATA outsideInfo; } TPMS_CREATION_DATA; -/* Table 2:214 - Definition of TPM2B_CREATION_DATA Structure */ -typedef struct { - UINT16 size; - TPMS_CREATION_DATA creationData; -} TPM2B_CREATION_DATA; /* Structure */ -// Table 2:220 - Definition of TPM_AT Constants -typedef UINT32 TPM_AT; -#define TYPE_OF_TPM_AT UINT32 -#define TPM_AT_ANY (TPM_AT)(0x00000000) -#define TPM_AT_ERROR (TPM_AT)(0x00000001) -#define TPM_AT_PV1 (TPM_AT)(0x00000002) -#define TPM_AT_VEND (TPM_AT)(0x80000000) +typedef struct +{ // (Part 2: Structures) + UINT16 size; + TPMS_CREATION_DATA creationData; +} TPM2B_CREATION_DATA; -// Table 2:221 - Definition of TPM_AE Constants -typedef UINT32 TPM_AE; -#define TYPE_OF_TPM_AE UINT32 -#define TPM_AE_NONE (TPM_AE)(0x00000000) +// Table "Definition of TPM_AT Constants" (Part 2: Structures) +typedef UINT32 TPM_AT; +#define TYPE_OF_TPM_AT UINT32 +#define TPM_AT_ANY (TPM_AT)(0x00000000) +#define TPM_AT_ERROR (TPM_AT)(0x00000001) +#define TPM_AT_PV1 (TPM_AT)(0x00000002) +#define TPM_AT_VEND (TPM_AT)(0x80000000) -typedef struct { // Table 2:222 - TPM_AT tag; - UINT32 data; +// Table "Definition of TPM_AE Constants" (Part 2: Structures) +typedef UINT32 TPM_AE; +#define TYPE_OF_TPM_AE UINT32 +#define TPM_AE_NONE (TPM_AE)(0x00000000) + +typedef struct +{ // (Part 2: Structures) + TPM_AT tag; + UINT32 data; } TPMS_AC_OUTPUT; -/* Table 2:218 - Definition of TPML_AC_CAPABILITIES Structure */ -typedef struct { - UINT32 count; - TPMS_AC_OUTPUT acCapabilities[MAX_AC_CAPABILITIES]; +typedef struct +{ // (Part 2: Structures) + UINT32 count; + TPMS_AC_OUTPUT acCapabilities[MAX_AC_CAPABILITIES]; } TPML_AC_CAPABILITIES; - -#endif +#endif // _TPM_INCLUDE_PRIVATE_TPMTYPES_H_ diff --git a/src/tpm2/Unique.c b/src/tpm2/Unique.c index 3ff14abf..23d50b67 100644 --- a/src/tpm2/Unique.c +++ b/src/tpm2/Unique.c @@ -71,8 +71,8 @@ #if VENDOR_PERMANENT_AUTH_ENABLED == YES const char notReallyUnique[] = "This is not really a unique value. A real " - "unique value should" - " be generated by the platform."; + "unique value should" + " be generated by the platform."; //** _plat__GetUnique() // This function is used to access the platform-specific vendor unique values. @@ -87,19 +87,19 @@ const char notReallyUnique[] = "This is not really a unique value. A real " // 0 = RESERVED, do not use // 1 = the VENDOR_PERMANENT_AUTH_HANDLE authorization value for this device LIB_EXPORT uint32_t _plat__GetUnique(uint32_t which, // which vendor value to return? - uint32_t bSize, // size of the buffer - unsigned char* b // output buffer - ) + uint32_t bSize, // size of the buffer + unsigned char* b // output buffer +) { const char* from = notReallyUnique; uint32_t retVal = 0; if(which == 1) - { - const size_t uSize = - sizeof(notReallyUnique) <= bSize ? sizeof(notReallyUnique) : bSize; - MemoryCopy(b, notReallyUnique, uSize); - } + { + const size_t uSize = + sizeof(notReallyUnique) <= bSize ? sizeof(notReallyUnique) : bSize; + MemoryCopy(b, notReallyUnique, uSize); + } // else fall through to default 0 return retVal; diff --git a/src/tpm2/Unseal_fp.h b/src/tpm2/Unseal_fp.h index 84fa0a4a..83a3ad94 100644 --- a/src/tpm2/Unseal_fp.h +++ b/src/tpm2/Unseal_fp.h @@ -59,25 +59,32 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef UNSEAL_FP_H -#define UNSEAL_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT itemHandle; +#if CC_Unseal // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_UNSEAL_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_UNSEAL_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT itemHandle; } Unseal_In; -#define RC_Unseal_itemHandle (TPM_RC_H + TPM_RC_1) - -typedef struct { - TPM2B_SENSITIVE_DATA outData; +// Output structure definition +typedef struct +{ + TPM2B_SENSITIVE_DATA outData; } Unseal_Out; -TPM_RC -TPM2_Unseal( - Unseal_In *in, - Unseal_Out *out - ); +// Response code modifiers +# define RC_Unseal_itemHandle (TPM_RC_H + TPM_RC_1) -#endif +// Function prototype +TPM_RC +TPM2_Unseal(Unseal_In* in, Unseal_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_UNSEAL_FP_H_ +#endif // CC_Unseal diff --git a/src/tpm2/VendorInfo.c b/src/tpm2/VendorInfo.c index 5f416ac1..b73722b9 100644 --- a/src/tpm2/VendorInfo.c +++ b/src/tpm2/VendorInfo.c @@ -103,16 +103,16 @@ LIB_EXPORT uint32_t _plat__GetManufacturerCapabilityCode() LIB_EXPORT uint32_t _plat__GetVendorCapabilityCode(int index) { switch(index) - { - case 1: - return StringToUint32(VENDOR_STRING_1); - case 2: - return StringToUint32(VENDOR_STRING_2); - case 3: - return StringToUint32(VENDOR_STRING_3); - case 4: - return StringToUint32(VENDOR_STRING_4); - } + { + case 1: + return StringToUint32(VENDOR_STRING_1); + case 2: + return StringToUint32(VENDOR_STRING_2); + case 3: + return StringToUint32(VENDOR_STRING_3); + case 4: + return StringToUint32(VENDOR_STRING_4); + } return 0; } @@ -162,22 +162,22 @@ LIB_EXPORT void _plat__SetTpmFirmwareSvn(uint16_t svn) // Dummy implmenentation for obtaining a Firmware SVN Secret bound // to the given SVN. LIB_EXPORT int _plat__GetTpmFirmwareSvnSecret(uint16_t svn, - uint16_t secret_buf_size, - uint8_t* secret_buf, - uint16_t* secret_size) + uint16_t secret_buf_size, + uint8_t* secret_buf, + uint16_t* secret_size) { int i; if(svn > currentSvn) - { - return -1; - } + { + return -1; + } // INSECURE dummy implementation: repeat the SVN into the secret buffer. for(i = 0; i < secret_buf_size; ++i) - { - secret_buf[i] = ((uint8_t*)&svn)[i % sizeof(svn)]; - } + { + secret_buf[i] = ((uint8_t*)&svn)[i % sizeof(svn)]; + } *secret_size = secret_buf_size; @@ -188,17 +188,17 @@ LIB_EXPORT int _plat__GetTpmFirmwareSvnSecret(uint16_t svn, #if FW_LIMITED_SUPPORT // Dummy implmenentation for obtaining a Firmware Secret bound // to the current firmware image. -LIB_EXPORT int _plat__GetTpmFirmwareSecret - (uint16_t secret_buf_size, uint8_t* secret_buf, uint16_t* secret_size) +LIB_EXPORT int _plat__GetTpmFirmwareSecret( + uint16_t secret_buf_size, uint8_t* secret_buf, uint16_t* secret_size) { int i; // INSECURE dummy implementation: repeat the firmware hash into the // secret buffer. for(i = 0; i < secret_buf_size; ++i) - { - secret_buf[i] = ((uint8_t*)¤tHash)[i % sizeof(currentHash)]; - } + { + secret_buf[i] = ((uint8_t*)¤tHash)[i % sizeof(currentHash)]; + } *secret_size = secret_buf_size; @@ -206,9 +206,8 @@ LIB_EXPORT int _plat__GetTpmFirmwareSecret } #endif // FW_LIMITED_SUPPORT - // return the TPM Type returned by TPM_PT_VENDOR_TPM_TYPE +// return the TPM Type returned by TPM_PT_VENDOR_TPM_TYPE LIB_EXPORT uint32_t _plat__GetTpmType() { return 1; // just the value the reference code has returned in the past. } - diff --git a/src/tpm2/Vendor_TCG_Test.c b/src/tpm2/Vendor_TCG_Test.c index 74c2d115..b8f67464 100644 --- a/src/tpm2/Vendor_TCG_Test.c +++ b/src/tpm2/Vendor_TCG_Test.c @@ -1,9 +1,9 @@ /********************************************************************************/ /* */ -/* */ +/* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ -/* $Id: Vendor_TCG_Test.c 1548 2019-12-13 23:15:40Z kgoldman $ */ +/* $Id: Vendor_TCG_Test.c 1548 2019-12-13 23:15:40Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ @@ -60,17 +60,17 @@ /********************************************************************************/ #include "Tpm.h" -#include "Vendor_TCG_Test_fp.h" -#include "Marshal_fp.h" -#if CC_Vendor_TCG_Test -/* A dummy function for testing. */ + +#if CC_Vendor_TCG_Test // Conditional expansion of this file +# include "Vendor_TCG_Test_fp.h" + TPM_RC -TPM2_Vendor_TCG_Test( - Vendor_TCG_Test_In *in, // IN: input parameter list - Vendor_TCG_Test_Out *out // OUT: output parameter list - ) +TPM2_Vendor_TCG_Test(Vendor_TCG_Test_In* in, // IN: input parameter list + Vendor_TCG_Test_Out* out // OUT: output parameter list +) { out->outputData = in->inputData; return TPM_RC_SUCCESS; } -#endif // CC_Vendor_TCG_Test + +#endif // CC_Vendor_TCG_Test diff --git a/src/tpm2/Vendor_TCG_Test_fp.h b/src/tpm2/Vendor_TCG_Test_fp.h index 036ade00..7f314955 100644 --- a/src/tpm2/Vendor_TCG_Test_fp.h +++ b/src/tpm2/Vendor_TCG_Test_fp.h @@ -59,21 +59,32 @@ /* */ /********************************************************************************/ -#ifndef VENDOR_TCG_TEST_FP_H -#define VENDOR_TCG_TEST_FP_H -typedef struct { +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT + +#if CC_Vendor_TCG_Test // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_VENDOR_TCG_TEST_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_VENDOR_TCG_TEST_FP_H_ + +// Input structure definition +typedef struct +{ TPM2B_DATA inputData; } Vendor_TCG_Test_In; -typedef struct { +// Output structure definition +typedef struct +{ TPM2B_DATA outputData; } Vendor_TCG_Test_Out; -TPM_RC -TPM2_Vendor_TCG_Test( - Vendor_TCG_Test_In *in, // IN: input parameter list - Vendor_TCG_Test_Out *out // OUT: output parameter list - ); +// Response code modifiers +# define RC_Vendor_TCG_Test_inputData (TPM_RC_P + TPM_RC_1) -#endif +// Function prototype +TPM_RC +TPM2_Vendor_TCG_Test(Vendor_TCG_Test_In* in, Vendor_TCG_Test_Out* out); + +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_VENDOR_TCG_TEST_FP_H_ +#endif // CC_Vendor_TCG_Test diff --git a/src/tpm2/VerifyConfiguration.h b/src/tpm2/VerifyConfiguration.h index ebf95a6c..85b05553 100644 --- a/src/tpm2/VerifyConfiguration.h +++ b/src/tpm2/VerifyConfiguration.h @@ -114,9 +114,9 @@ MUST_BE_0_OR_1(FAIL_TRACE); MUST_BE_0_OR_1(VENDOR_PERMANENT_AUTH_ENABLED); #if VENDOR_PERMANENT_AUTH_ENABLED == YES -# if !defined(VENDOR_PERMANENT_AUTH_HANDLE) \ - || VENDOR_PERMANENT_AUTH_HANDLE < TPM_RH_AUTH_00 \ - || VENDOR_PERMANENT_AUTH_HANDLE > TPM_RH_AUTH_FF +# if !defined(VENDOR_PERMANENT_AUTH_HANDLE) \ + || VENDOR_PERMANENT_AUTH_HANDLE < TPM_RH_AUTH_00 \ + || VENDOR_PERMANENT_AUTH_HANDLE > TPM_RH_AUTH_FF # error VENDOR_PERMANENT_AUTH_ENABLED requires a valid definition for VENDOR_PERMANENT_AUTH_HANDLE, see Part2 # endif #else @@ -131,8 +131,8 @@ MUST_BE_0_OR_1(VENDOR_PERMANENT_AUTH_ENABLED); #endif #if !DEBUG -# if USE_KEY_CACHE_FILE || USE_RSA_KEY_CACHE || DRBG_DEBUG_PRINT \ - || CERTIFYX509_DEBUG || USE_DEBUG_RNG +# if USE_KEY_CACHE_FILE || USE_RSA_KEY_CACHE || DRBG_DEBUG_PRINT \ + || CERTIFYX509_DEBUG || USE_DEBUG_RNG # error using insecure options not in DEBUG mode. # endif #endif diff --git a/src/tpm2/VerifySignature_fp.h b/src/tpm2/VerifySignature_fp.h index d90c83a0..17719e1d 100644 --- a/src/tpm2/VerifySignature_fp.h +++ b/src/tpm2/VerifySignature_fp.h @@ -59,30 +59,36 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef VERIFYSIGNATURE_FP_H -#define VERIFYSIGNATURE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_DIGEST digest; - TPMT_SIGNATURE signature; +#if CC_VerifySignature // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_VERIFYSIGNATURE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_VERIFYSIGNATURE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT keyHandle; + TPM2B_DIGEST digest; + TPMT_SIGNATURE signature; } VerifySignature_In; -#define RC_VerifySignature_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_VerifySignature_digest (TPM_RC_P + TPM_RC_1) -#define RC_VerifySignature_signature (TPM_RC_P + TPM_RC_2) - -typedef struct { - TPMT_TK_VERIFIED validation; +// Output structure definition +typedef struct +{ + TPMT_TK_VERIFIED validation; } VerifySignature_Out; +// Response code modifiers +# define RC_VerifySignature_keyHandle (TPM_RC_H + TPM_RC_1) +# define RC_VerifySignature_digest (TPM_RC_P + TPM_RC_1) +# define RC_VerifySignature_signature (TPM_RC_P + TPM_RC_2) + +// Function prototype TPM_RC -TPM2_VerifySignature( - VerifySignature_In *in, // IN: input parameter list - VerifySignature_Out *out // OUT: output parameter list - ); +TPM2_VerifySignature(VerifySignature_In* in, VerifySignature_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_VERIFYSIGNATURE_FP_H_ +#endif // CC_VerifySignature diff --git a/src/tpm2/X509.h b/src/tpm2/X509.h index b35d1ba7..d5839a8e 100644 --- a/src/tpm2/X509.h +++ b/src/tpm2/X509.h @@ -59,84 +59,101 @@ /* */ /********************************************************************************/ -// 10.1.16 X509.h -// 10.1.16.1 Introduction -// This file contains the macro and structure definitions for the X509 commands and functions. +//** Introduction +// This file contains the macro and structure definitions for the X509 commands and +// functions. + #ifndef _X509_H_ #define _X509_H_ -// 10.1.16.2 Includes + +//** Includes + #include "Tpm.h" #include "TpmASN1.h" -// 10.1.16.3 Defined Constants -// 10.1.16.3.1 X509 Application-specific types -#define X509_SELECTION 0xA0 -#define X509_ISSUER_UNIQUE_ID 0xA1 -#define X509_SUBJECT_UNIQUE_ID 0xA2 -#define X509_EXTENSIONS 0xA3 -// These defines give the order in which values appear in the TBScertificate of an x.509 -// certificate. These values are used to index into an array of -#define ENCODED_SIZE_REF 0 -#define VERSION_REF (ENCODED_SIZE_REF + 1) -#define SERIAL_NUMBER_REF (VERSION_REF + 1) -#define SIGNATURE_REF (SERIAL_NUMBER_REF + 1) -#define ISSUER_REF (SIGNATURE_REF + 1) -#define VALIDITY_REF (ISSUER_REF + 1) -#define SUBJECT_KEY_REF (VALIDITY_REF + 1) -#define SUBJECT_PUBLIC_KEY_REF (SUBJECT_KEY_REF + 1) -#define EXTENSIONS_REF (SUBJECT_PUBLIC_KEY_REF + 1) -#define REF_COUNT (EXTENSIONS_REF + 1) -// 10.1.16.4 Structures Used to access the fields of a TBSsignature some of which are in the -// in_CertifyX509 structure and some of which are in the out_CertifyX509 structure. +//** Defined Constants + +//*** X509 Application-specific types +#define X509_SELECTION 0xA0 +#define X509_ISSUER_UNIQUE_ID 0xA1 +#define X509_SUBJECT_UNIQUE_ID 0xA2 +#define X509_EXTENSIONS 0xA3 + +// These defines give the order in which values appear in the TBScertificate +// of an x.509 certificate. These values are used to index into an array of +// +#define ENCODED_SIZE_REF 0 +#define VERSION_REF (ENCODED_SIZE_REF + 1) +#define SERIAL_NUMBER_REF (VERSION_REF + 1) +#define SIGNATURE_REF (SERIAL_NUMBER_REF + 1) +#define ISSUER_REF (SIGNATURE_REF + 1) +#define VALIDITY_REF (ISSUER_REF + 1) +#define SUBJECT_KEY_REF (VALIDITY_REF + 1) +#define SUBJECT_PUBLIC_KEY_REF (SUBJECT_KEY_REF + 1) +#define EXTENSIONS_REF (SUBJECT_PUBLIC_KEY_REF + 1) +#define REF_COUNT (EXTENSIONS_REF + 1) + +//** Structures + +// Used to access the fields of a TBSsignature some of which are in the in_CertifyX509 +// structure and some of which are in the out_CertifyX509 structure. typedef struct stringRef { - BYTE *buf; - INT16 len; + BYTE* buf; + INT16 len; } stringRef; + // This is defined to avoid bit by bit comparisons within a UINT32 -typedef union x509KeyUsageUnion { - TPMA_X509_KEY_USAGE x509; - UINT32 integer; +typedef union x509KeyUsageUnion +{ + TPMA_X509_KEY_USAGE x509; + UINT32 integer; } x509KeyUsageUnion; -// 10.1.16.5 Global X509 Constants +//** Global X509 Constants +// These values are instanced by X509_spt.c and referenced by other X509-related +// files. -// These values are instanced by X509_spt.c and referenced by other X509-related files. This is the -// DER-encoded value for the Key Usage OID (2.5.29.15). This is the full OID, not just the numeric -// value - -#define OID_KEY_USAGE_EXTENSION_VALUE 0x06, 0x03, 0x55, 0x1D, 0x0F +// This is the DER-encoded value for the Key Usage OID (2.5.29.15). This is the +// full OID, not just the numeric value +#define OID_KEY_USAGE_EXTENSION_VALUE 0x06, 0x03, 0x55, 0x1D, 0x0F MAKE_OID(_KEY_USAGE_EXTENSION); -// This is the DER-encoded value for the TCG-defined TPMA_OBJECT OID (2.23.133.10.1.1.1) - -#define OID_TCG_TPMA_OBJECT_VALUE 0x06, 0x07, 0x67, 0x81, 0x05, 0x0a, 0x01, \ - 0x01, 0x01 +// This is the DER-encoded value for the TCG-defined TPMA_OBJECT OID +// (2.23.133.10.1.1.1) +#define OID_TCG_TPMA_OBJECT_VALUE 0x06, 0x07, 0x67, 0x81, 0x05, 0x0a, 0x01, 0x01, 0x01 MAKE_OID(_TCG_TPMA_OBJECT); #ifdef _X509_SPT_ - -// If a bit is SET in KEY_USAGE_SIGN is also SET in keyUsage then the associated key has to have -// sign SET. - -const x509KeyUsageUnion KEY_USAGE_SIGN = - {TPMA_X509_KEY_USAGE_INITIALIZER( - /* bits_at_0 */ 0, /* decipheronly */ 0, /* encipheronly */ 0, - /* crlsign */ 1, /* keycertsign */ 1, /* keyagreement */ 0, - /* dataencipherment */ 0, /* keyencipherment */ 0, /* nonrepudiation */ 0, - /* digitalsignature */ 1)}; - -// If a bit is SET in KEY_USAGE_DECRYPT is also SET in keyUsage then the associated key has to have decrypt SET. - -const x509KeyUsageUnion KEY_USAGE_DECRYPT = - {TPMA_X509_KEY_USAGE_INITIALIZER( - /* bits_at_0 */ 0, /* decipheronly */ 1, /* encipheronly */ 1, - /* crlsign */ 0, /* keycertsign */ 0, /* keyagreement */ 1, - /* dataencipherment */ 1, /* keyencipherment */ 1, /* nonrepudiation */ 0, - /* digitalsignature */ 0)}; +// If a bit is SET in KEY_USAGE_SIGN is also SET in keyUsage then +// the associated key has to have 'sign' SET. +const x509KeyUsageUnion KEY_USAGE_SIGN = {TPMA_X509_KEY_USAGE_INITIALIZER( + /* bits_at_0 */ 0, + /* decipheronly */ 0, + /* encipheronly */ 0, + /* crlsign */ 1, + /* keycertsign */ 1, + /* keyagreement */ 0, + /* dataencipherment */ 0, + /* keyencipherment */ 0, + /* nonrepudiation */ 0, + /* digitalsignature */ 1)}; +// If a bit is SET in KEY_USAGE_DECRYPT is also SET in keyUsage then +// the associated key has to have 'decrypt' SET. +const x509KeyUsageUnion KEY_USAGE_DECRYPT = {TPMA_X509_KEY_USAGE_INITIALIZER( + /* bits_at_0 */ 0, + /* decipheronly */ 1, + /* encipheronly */ 1, + /* crlsign */ 0, + /* keycertsign */ 0, + /* keyagreement */ 1, + /* dataencipherment */ 1, + /* keyencipherment */ 1, + /* nonrepudiation */ 0, + /* digitalsignature */ 0)}; #else extern x509KeyUsageUnion KEY_USAGE_SIGN; extern x509KeyUsageUnion KEY_USAGE_DECRYPT; #endif -#endif // _X509_H_ +#endif // _X509_H_ diff --git a/src/tpm2/X509_ECC.c b/src/tpm2/X509_ECC.c index 43c244b7..2d73f9db 100644 --- a/src/tpm2/X509_ECC.c +++ b/src/tpm2/X509_ECC.c @@ -81,9 +81,9 @@ X509PushPoint(ASN1MarshalContext* ctx, TPMS_ECC_POINT* p) // coordinates of the public point, bottom up ASN1StartMarshalContext(ctx); // BIT STRING { - ASN1PushBytes(ctx, p->y.t.size, p->y.t.buffer); - ASN1PushBytes(ctx, p->x.t.size, p->x.t.buffer); - ASN1PushByte(ctx, 0x04); + ASN1PushBytes(ctx, p->y.t.size, p->y.t.buffer); + ASN1PushBytes(ctx, p->x.t.size, p->x.t.buffer); + ASN1PushByte(ctx, 0x04); } return ASN1EndEncapsulation(ctx, ASN1_BITSTRING); // Ends BIT STRING } @@ -95,33 +95,33 @@ X509PushPoint(ASN1MarshalContext* ctx, TPMS_ECC_POINT* p) // == 0 failure INT16 X509AddSigningAlgorithmECC( - OBJECT* signKey, TPMT_SIG_SCHEME* scheme, ASN1MarshalContext* ctx) + OBJECT* signKey, TPMT_SIG_SCHEME* scheme, ASN1MarshalContext* ctx) { PHASH_DEF hashDef = CryptGetHashDef(scheme->details.any.hashAlg); // NOT_REFERENCED(signKey); // If the desired hashAlg definition wasn't found... if(hashDef->hashAlg != scheme->details.any.hashAlg) - return 0; + return 0; switch(scheme->scheme) - { + { #if ALG_ECDSA - case TPM_ALG_ECDSA: - // Make sure that we have an OID for this hash and ECC - if((hashDef->ECDSA)[0] != ASN1_OBJECT_IDENTIFIER) - break; - // if this is just an implementation check, indicate that this - // combination is supported - if(!ctx) - return 1; - ASN1StartMarshalContext(ctx); - ASN1PushOID(ctx, hashDef->ECDSA); - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); + case TPM_ALG_ECDSA: + // Make sure that we have an OID for this hash and ECC + if((hashDef->ECDSA)[0] != ASN1_OBJECT_IDENTIFIER) + break; + // if this is just an implementation check, indicate that this + // combination is supported + if(!ctx) + return 1; + ASN1StartMarshalContext(ctx); + ASN1PushOID(ctx, hashDef->ECDSA); + return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); #endif // ALG_ECDSA - default: - break; - } + default: + break; + } return 0; } @@ -136,9 +136,9 @@ INT16 X509AddPublicECC(OBJECT* object, ASN1MarshalContext* ctx) { const BYTE* curveOid = - CryptEccGetOID(object->publicArea.parameters.eccDetail.curveID); + CryptEccGetOID(object->publicArea.parameters.eccDetail.curveID); if((curveOid == NULL) || (*curveOid != ASN1_OBJECT_IDENTIFIER)) - return 0; + return 0; // // // SEQUENCE (2 elem) 1st @@ -150,16 +150,16 @@ X509AddPublicECC(OBJECT* object, ASN1MarshalContext* ctx) // If this is a check to see if the key can be encoded, it can. // Need to mark the end sequence if(ctx == NULL) - return 1; + return 1; ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st { - X509PushPoint(ctx, &object->publicArea.unique.ecc); // BIT STRING - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 2nd - { - ASN1PushOID(ctx, curveOid); // curve dependent - ASN1PushOID(ctx, OID_ECC_PUBLIC); // (1.2.840.10045.2.1) - } - ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // Ends SEQUENCE 2nd + X509PushPoint(ctx, &object->publicArea.unique.ecc); // BIT STRING + ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 2nd + { + ASN1PushOID(ctx, curveOid); // curve dependent + ASN1PushOID(ctx, OID_ECC_PUBLIC); // (1.2.840.10045.2.1) + } + ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // Ends SEQUENCE 2nd } return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // Ends SEQUENCE 1st } diff --git a/src/tpm2/X509_ECC_fp.h b/src/tpm2/X509_ECC_fp.h index 95cf33c8..e570c3dc 100644 --- a/src/tpm2/X509_ECC_fp.h +++ b/src/tpm2/X509_ECC_fp.h @@ -59,25 +59,39 @@ /* */ /********************************************************************************/ -#ifndef X509_ECC_FP_H -#define X509_ECC_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 11:00:49AM + */ +#ifndef _X509_ECC_FP_H_ +#define _X509_ECC_FP_H_ + +//*** X509PushPoint() +// This seems like it might be used more than once so... +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure INT16 -X509PushPoint( - ASN1MarshalContext *ctx, - TPMS_ECC_POINT *p - ); +X509PushPoint(ASN1MarshalContext* ctx, TPMS_ECC_POINT* p); + +//*** X509AddSigningAlgorithmECC() +// This creates the singing algorithm data. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure INT16 X509AddSigningAlgorithmECC( - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme, - ASN1MarshalContext *ctx - ); + OBJECT* signKey, TPMT_SIG_SCHEME* scheme, ASN1MarshalContext* ctx); + +//*** X509AddPublicECC() +// This function will add the publicKey description to the DER data. If ctx is +// NULL, then no data is transferred and this function will indicate if the TPM +// has the values for DER-encoding of the public key. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure INT16 -X509AddPublicECC( - OBJECT *object, - ASN1MarshalContext *ctx - ); +X509AddPublicECC(OBJECT* object, ASN1MarshalContext* ctx); - -#endif +#endif // _X509_ECC_FP_H_ diff --git a/src/tpm2/X509_RSA.c b/src/tpm2/X509_RSA.c index fa932d14..651e9068 100644 --- a/src/tpm2/X509_RSA.c +++ b/src/tpm2/X509_RSA.c @@ -78,7 +78,7 @@ // == 0 failure INT16 X509AddSigningAlgorithmRSA( - OBJECT* signKey, TPMT_SIG_SCHEME* scheme, ASN1MarshalContext* ctx) + OBJECT* signKey, TPMT_SIG_SCHEME* scheme, ASN1MarshalContext* ctx) { TPM_ALG_ID hashAlg = scheme->details.any.hashAlg; PHASH_DEF hashDef = CryptGetHashDef(hashAlg); @@ -86,116 +86,116 @@ X509AddSigningAlgorithmRSA( NOT_REFERENCED(signKey); // return failure if hash isn't implemented if(hashDef->hashAlg != hashAlg) - return 0; + return 0; switch(scheme->scheme) - { - case TPM_ALG_RSASSA: - { - // if the hash is implemented but there is no PKCS1 OID defined - // then this is not a valid signing combination. - if(hashDef->PKCS1[0] != ASN1_OBJECT_IDENTIFIER) - break; - if(ctx == NULL) - return 1; - return X509PushAlgorithmIdentifierSequence(ctx, hashDef->PKCS1); - } - case TPM_ALG_RSAPSS: - // leave if this is just an implementation check - if(ctx == NULL) - return 1; - // In the case of SHA1, everything is default and RFC4055 says that - // implementations that do signature generation MUST omit the parameter - // when defaults are used. )-: - if(hashDef->hashAlg == TPM_ALG_SHA1) - { - return X509PushAlgorithmIdentifierSequence(ctx, OID_RSAPSS); - } - else - { - // Going to build something that looks like: - // SEQUENCE (2 elem) - // OBJECT IDENTIFIER 1.2.840.113549.1.1.10 rsaPSS (PKCS #1) - // SEQUENCE (3 elem) - // [0] (1 elem) - // SEQUENCE (2 elem) - // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 - // NULL - // [1] (1 elem) - // SEQUENCE (2 elem) - // OBJECT IDENTIFIER 1.2.840.113549.1.1.8 pkcs1-MGF - // SEQUENCE (2 elem) - // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 - // NULL - // [2] (1 elem) salt length - // INTEGER 32 + { + case TPM_ALG_RSASSA: + { + // if the hash is implemented but there is no PKCS1 OID defined + // then this is not a valid signing combination. + if(hashDef->PKCS1[0] != ASN1_OBJECT_IDENTIFIER) + break; + if(ctx == NULL) + return 1; + return X509PushAlgorithmIdentifierSequence(ctx, hashDef->PKCS1); + } + case TPM_ALG_RSAPSS: + // leave if this is just an implementation check + if(ctx == NULL) + return 1; + // In the case of SHA1, everything is default and RFC4055 says that + // implementations that do signature generation MUST omit the parameter + // when defaults are used. )-: + if(hashDef->hashAlg == TPM_ALG_SHA1) + { + return X509PushAlgorithmIdentifierSequence(ctx, OID_RSAPSS); + } + else + { + // Going to build something that looks like: + // SEQUENCE (2 elem) + // OBJECT IDENTIFIER 1.2.840.113549.1.1.10 rsaPSS (PKCS #1) + // SEQUENCE (3 elem) + // [0] (1 elem) + // SEQUENCE (2 elem) + // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 + // NULL + // [1] (1 elem) + // SEQUENCE (2 elem) + // OBJECT IDENTIFIER 1.2.840.113549.1.1.8 pkcs1-MGF + // SEQUENCE (2 elem) + // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 + // NULL + // [2] (1 elem) salt length + // INTEGER 32 - // The indentation is just to keep track of where we are in the - // structure - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elements) - { - ASN1StartMarshalContext(ctx); // SEQUENCE (3 elements) - { - // [2] (1 elem) salt length - // INTEGER 32 - ASN1StartMarshalContext(ctx); - { - INT16 saltSize = CryptRsaPssSaltSize( - (INT16)hashDef->digestSize, - (INT16)signKey->publicArea.unique.rsa.t.size); - ASN1PushUINT(ctx, saltSize); - } - ASN1EndEncapsulation(ctx, ASN1_APPLICAIION_SPECIFIC + 2); + // The indentation is just to keep track of where we are in the + // structure + ASN1StartMarshalContext(ctx); // SEQUENCE (2 elements) + { + ASN1StartMarshalContext(ctx); // SEQUENCE (3 elements) + { + // [2] (1 elem) salt length + // INTEGER 32 + ASN1StartMarshalContext(ctx); + { + INT16 saltSize = CryptRsaPssSaltSize( + (INT16)hashDef->digestSize, + (INT16)signKey->publicArea.unique.rsa.t.size); + ASN1PushUINT(ctx, saltSize); + } + ASN1EndEncapsulation(ctx, ASN1_APPLICAIION_SPECIFIC + 2); - // Add the mask generation algorithm - // [1] (1 elem) - // SEQUENCE (2 elem) 1st - // OBJECT IDENTIFIER 1.2.840.113549.1.1.8 pkcs1-MGF - // SEQUENCE (2 elem) 2nd - // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 - // NULL - ASN1StartMarshalContext(ctx); // mask context [1] (1 elem) - { - ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st - // Handle the 2nd Sequence (sequence (object, null)) - { - // This adds a NULL, then an OID and a SEQUENCE - // wrapper. - X509PushAlgorithmIdentifierSequence(ctx, - hashDef->OID); - // add the pkcs1-MGF OID - ASN1PushOID(ctx, OID_MGF1); - } - // End outer sequence - ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - } - // End the [1] - ASN1EndEncapsulation(ctx, ASN1_APPLICAIION_SPECIFIC + 1); + // Add the mask generation algorithm + // [1] (1 elem) + // SEQUENCE (2 elem) 1st + // OBJECT IDENTIFIER 1.2.840.113549.1.1.8 pkcs1-MGF + // SEQUENCE (2 elem) 2nd + // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 + // NULL + ASN1StartMarshalContext(ctx); // mask context [1] (1 elem) + { + ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st + // Handle the 2nd Sequence (sequence (object, null)) + { + // This adds a NULL, then an OID and a SEQUENCE + // wrapper. + X509PushAlgorithmIdentifierSequence(ctx, + hashDef->OID); + // add the pkcs1-MGF OID + ASN1PushOID(ctx, OID_MGF1); + } + // End outer sequence + ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); + } + // End the [1] + ASN1EndEncapsulation(ctx, ASN1_APPLICAIION_SPECIFIC + 1); - // Add the hash algorithm - // [0] (1 elem) - // SEQUENCE (2 elem) (done by - // X509PushAlgorithmIdentifierSequence) - // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 (NIST) - // NULL - ASN1StartMarshalContext(ctx); // [0] (1 elem) - { - X509PushAlgorithmIdentifierSequence(ctx, hashDef->OID); - } - ASN1EndEncapsulation(ctx, (ASN1_APPLICAIION_SPECIFIC + 0)); - } - // SEQUENCE (3 elements) end - ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); + // Add the hash algorithm + // [0] (1 elem) + // SEQUENCE (2 elem) (done by + // X509PushAlgorithmIdentifierSequence) + // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 (NIST) + // NULL + ASN1StartMarshalContext(ctx); // [0] (1 elem) + { + X509PushAlgorithmIdentifierSequence(ctx, hashDef->OID); + } + ASN1EndEncapsulation(ctx, (ASN1_APPLICAIION_SPECIFIC + 0)); + } + // SEQUENCE (3 elements) end + ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - // RSA PSS OID - // OBJECT IDENTIFIER 1.2.840.113549.1.1.10 rsaPSS (PKCS #1) - ASN1PushOID(ctx, OID_RSAPSS); - } - // End Sequence (2 elements) - return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); - } - default: - break; - } + // RSA PSS OID + // OBJECT IDENTIFIER 1.2.840.113549.1.1.10 rsaPSS (PKCS #1) + ASN1PushOID(ctx, OID_RSAPSS); + } + // End Sequence (2 elements) + return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); + } + default: + break; + } return 0; } @@ -212,34 +212,34 @@ X509AddPublicRSA(OBJECT* object, ASN1MarshalContext* ctx) UINT32 exp = object->publicArea.parameters.rsaDetail.exponent; // /* - SEQUENCE (2 elem) 1st + SEQUENCE (2 elem) 1st SEQUENCE (2 elem) 2nd - OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1) - NULL + OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1) + NULL BIT STRING (1 elem) - SEQUENCE (2 elem) 3rd - INTEGER (2048 bit) 2197304513741227955725834199357401 - INTEGER 65537 - */ + SEQUENCE (2 elem) 3rd + INTEGER (2048 bit) 2197304513741227955725834199357401 + INTEGER 65537 +*/ // If this is a check to see if the key can be encoded, it can. // Need to mark the end sequence if(ctx == NULL) - return 1; + return 1; ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st ASN1StartMarshalContext(ctx); // BIT STRING ASN1StartMarshalContext(ctx); // SEQUENCE *(2 elem) 3rd // Get public exponent in big-endian byte order. if(exp == 0) - exp = RSA_DEFAULT_PUBLIC_EXPONENT; + exp = RSA_DEFAULT_PUBLIC_EXPONENT; // Push a 4 byte integer. This might get reduced if there are leading zeros or // extended if the high order byte is negative. ASN1PushUINT(ctx, exp); // Push the public key as an integer ASN1PushInteger(ctx, - object->publicArea.unique.rsa.t.size, - object->publicArea.unique.rsa.t.buffer); + object->publicArea.unique.rsa.t.size, + object->publicArea.unique.rsa.t.buffer); // Embed this in a SEQUENCE tag and length in for the key, exponent sequence ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // SEQUENCE (3rd) diff --git a/src/tpm2/X509_RSA_fp.h b/src/tpm2/X509_RSA_fp.h index a660e9cb..6f4cd1ee 100644 --- a/src/tpm2/X509_RSA_fp.h +++ b/src/tpm2/X509_RSA_fp.h @@ -59,20 +59,34 @@ /* */ /********************************************************************************/ -#ifndef X509_RSA_FP_H -#define X509_RSA_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 11:00:49AM + */ +#ifndef _X509_RSA_FP_H_ +#define _X509_RSA_FP_H_ + +#if ALG_RSA + +//*** X509AddSigningAlgorithmRSA() +// This creates the singing algorithm data. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure INT16 X509AddSigningAlgorithmRSA( - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme, - ASN1MarshalContext *ctx - ); + OBJECT* signKey, TPMT_SIG_SCHEME* scheme, ASN1MarshalContext* ctx); + +//*** X509AddPublicRSA() +// This function will add the publicKey description to the DER data. If fillPtr is +// NULL, then no data is transferred and this function will indicate if the TPM +// has the values for DER-encoding of the public key. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure INT16 -X509AddPublicRSA( - OBJECT *object, - ASN1MarshalContext *ctx - ); +X509AddPublicRSA(OBJECT* object, ASN1MarshalContext* ctx); +#endif // ALG_RSA - -#endif +#endif // _X509_RSA_FP_H_ diff --git a/src/tpm2/X509_spt.c b/src/tpm2/X509_spt.c index 9d256f72..1db7eddd 100644 --- a/src/tpm2/X509_spt.c +++ b/src/tpm2/X509_spt.c @@ -87,9 +87,9 @@ // TRUE(1) success // FALSE(0) failure (could be catastrophic) BOOL X509FindExtensionByOID(ASN1UnmarshalContext* ctxIn, // IN: the context to search - ASN1UnmarshalContext* ctx, // OUT: the extension context - const BYTE* OID // IN: oid to search for - ) + ASN1UnmarshalContext* ctx, // OUT: the extension context + const BYTE* OID // IN: oid to search for +) { INT16 length; // @@ -97,36 +97,36 @@ BOOL X509FindExtensionByOID(ASN1UnmarshalContext* ctxIn, // IN: the context to // Make the search non-destructive of the input if ctx provided. Otherwise, use // the provided context. if(ctx == NULL) - ctx = ctxIn; + ctx = ctxIn; // if the provided search context is different from the context of the extension, // then copy the search context to the search context. else if(ctx != ctxIn) - *ctx = *ctxIn; + *ctx = *ctxIn; // Now, search in the extension context for(; ctx->size > ctx->offset; ctx->offset += length) - { - GOTO_ERROR_UNLESS((length = ASN1NextTag(ctx)) >= 0); - // If this is not a constructed sequence, then it doesn't belong - // in the extensions. - GOTO_ERROR_UNLESS(ctx->tag == ASN1_CONSTRUCTED_SEQUENCE); - // Make sure that this entry could hold the OID - if(length >= OID_SIZE(OID)) - { - // See if this is a match for the provided object identifier. - if(MemoryEqual(OID, &(ctx->buffer[ctx->offset]), OID_SIZE(OID))) - { - // Return with ' ctx' set to point to the start of the OID with the size - // set to be the size of the SEQUENCE - ctx->buffer += ctx->offset; - ctx->offset = 0; - ctx->size = length; - return TRUE; - } - } - } + { + GOTO_ERROR_UNLESS((length = ASN1NextTag(ctx)) >= 0); + // If this is not a constructed sequence, then it doesn't belong + // in the extensions. + GOTO_ERROR_UNLESS(ctx->tag == ASN1_CONSTRUCTED_SEQUENCE); + // Make sure that this entry could hold the OID + if(length >= OID_SIZE(OID)) + { + // See if this is a match for the provided object identifier. + if(MemoryEqual(OID, &(ctx->buffer[ctx->offset]), OID_SIZE(OID))) + { + // Return with ' ctx' set to point to the start of the OID with the size + // set to be the size of the SEQUENCE + ctx->buffer += ctx->offset; + ctx->offset = 0; + ctx->size = length; + return TRUE; + } + } + } GOTO_ERROR_UNLESS(ctx->offset == ctx->size); return FALSE; - Error: +Error: ctxIn->size = -1; ctx->size = -1; return FALSE; @@ -144,14 +144,14 @@ X509GetExtensionBits(ASN1UnmarshalContext* ctx, UINT32* value) INT16 length; // while(((length = ASN1NextTag(ctx)) > 0) && (ctx->size > ctx->offset)) - { - // Since this is an extension, the extension value will be in an OCTET STRING - if(ctx->tag == ASN1_OCTET_STRING) - { - return ASN1GetBitStringValue(ctx, value); - } - ctx->offset += length; - } + { + // Since this is an extension, the extension value will be in an OCTET STRING + if(ctx->tag == ASN1_OCTET_STRING) + { + return ASN1GetBitStringValue(ctx, value); + } + ctx->offset += length; + } ctx->size = -1; return FALSE; } @@ -165,10 +165,10 @@ X509GetExtensionBits(ASN1UnmarshalContext* ctx, UINT32* value) // TPM_RC_VALUE problem parsing the extensions TPM_RC X509ProcessExtensions( - OBJECT* object, // IN: The object with the attributes to - // check - stringRef* extension // IN: The start and length of the extensions - ) + OBJECT* object, // IN: The object with the attributes to + // check + stringRef* extension // IN: The start and length of the extensions +) { ASN1UnmarshalContext ctx; ASN1UnmarshalContext extensionCtx; @@ -178,59 +178,62 @@ X509ProcessExtensions( // if(!ASN1UnmarshalContextInitialize(&ctx, extension->len, extension->buf) || ((length = ASN1NextTag(&ctx)) < 0) || (ctx.tag != X509_EXTENSIONS)) - return TPM_RCS_VALUE; + return TPM_RCS_VALUE; if(((length = ASN1NextTag(&ctx)) < 0) || (ctx.tag != (ASN1_CONSTRUCTED_SEQUENCE))) - return TPM_RCS_VALUE; + return TPM_RCS_VALUE; // Get the extension for the TPMA_OBJECT if there is one if(X509FindExtensionByOID(&ctx, &extensionCtx, OID_TCG_TPMA_OBJECT) && X509GetExtensionBits(&extensionCtx, &value)) - { - // If an keyAttributes extension was found, it must be exactly the same as the - // attributes of the object. - // NOTE: MemoryEqual() is used rather than a simple UINT32 compare to avoid - // type-punned pointer warning/error. - if(!MemoryEqual(&value, &attributes, sizeof(value))) - return TPM_RCS_ATTRIBUTES; - } + { + // If an keyAttributes extension was found, it must be exactly the same as the + // attributes of the object. + // NOTE: MemoryEqual() is used rather than a simple UINT32 compare to avoid + // type-punned pointer warning/error. + if(!MemoryEqual(&value, &attributes, sizeof(value))) + return TPM_RCS_ATTRIBUTES; + } // Make sure the failure to find the value wasn't because of a fatal error else if(extensionCtx.size < 0) - return TPM_RCS_VALUE; + return TPM_RCS_VALUE; // Get the keyUsage extension. This one is required if(X509FindExtensionByOID(&ctx, &extensionCtx, OID_KEY_USAGE_EXTENSION) && X509GetExtensionBits(&extensionCtx, &value)) - { - x509KeyUsageUnion keyUsage; - BOOL badSign; - BOOL badDecrypt; - BOOL badFixedTPM; - BOOL badRestricted; + { + x509KeyUsageUnion keyUsage; + BOOL badSign; + BOOL badDecrypt; + BOOL badFixedTPM; + BOOL badRestricted; - // - keyUsage.integer = value; - // see if any reserved bits are set - if(keyUsage.integer & ~(TPMA_X509_KEY_USAGE_ALLOWED_BITS)) - return TPM_RCS_RESERVED_BITS; // For KeyUsage: - // 1) 'sign' is SET if Key Usage includes signing - badSign = ((KEY_USAGE_SIGN.integer & keyUsage.integer) != 0) - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign); - // 2) 'decrypt' is SET if Key Usage includes decryption uses - badDecrypt = ((KEY_USAGE_DECRYPT.integer & keyUsage.integer) != 0) - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt); - // 3) 'fixedTPM' is SET if Key Usage is non-repudiation - badFixedTPM = IS_ATTRIBUTE(keyUsage.x509, TPMA_X509_KEY_USAGE, nonrepudiation) - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM); - // 4)'restricted' is SET if Key Usage is for key encipherment. - badRestricted = - IS_ATTRIBUTE(keyUsage.x509, TPMA_X509_KEY_USAGE, keyEncipherment) - && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted); - if(badSign || badDecrypt || badFixedTPM || badRestricted) - return TPM_RCS_VALUE; - } + // + keyUsage.integer = value; + + // see if any reserved bits are set + if(keyUsage.integer & ~(TPMA_X509_KEY_USAGE_ALLOWED_BITS)) + return TPM_RCS_RESERVED_BITS; + + // For KeyUsage: + // 1) 'sign' is SET if Key Usage includes signing + badSign = ((KEY_USAGE_SIGN.integer & keyUsage.integer) != 0) + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign); + // 2) 'decrypt' is SET if Key Usage includes decryption uses + badDecrypt = ((KEY_USAGE_DECRYPT.integer & keyUsage.integer) != 0) + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt); + // 3) 'fixedTPM' is SET if Key Usage is non-repudiation + badFixedTPM = IS_ATTRIBUTE(keyUsage.x509, TPMA_X509_KEY_USAGE, nonrepudiation) + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM); + // 4)'restricted' is SET if Key Usage is for key encipherment. + badRestricted = + IS_ATTRIBUTE(keyUsage.x509, TPMA_X509_KEY_USAGE, keyEncipherment) + && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted); + if(badSign || badDecrypt || badFixedTPM || badRestricted) + return TPM_RCS_VALUE; + } else - // The KeyUsage extension is required - return TPM_RCS_VALUE; + // The KeyUsage extension is required + return TPM_RCS_VALUE; return TPM_RC_SUCCESS; } @@ -244,26 +247,26 @@ X509ProcessExtensions( // <= 0 failure INT16 X509AddSigningAlgorithm( - ASN1MarshalContext* ctx, OBJECT* signKey, TPMT_SIG_SCHEME* scheme) + ASN1MarshalContext* ctx, OBJECT* signKey, TPMT_SIG_SCHEME* scheme) { switch(signKey->publicArea.type) - { + { # if ALG_RSA - case TPM_ALG_RSA: - return X509AddSigningAlgorithmRSA(signKey, scheme, ctx); + case TPM_ALG_RSA: + return X509AddSigningAlgorithmRSA(signKey, scheme, ctx); # endif // ALG_RSA # if ALG_ECC - case TPM_ALG_ECC: - return X509AddSigningAlgorithmECC(signKey, scheme, ctx); + case TPM_ALG_ECC: + return X509AddSigningAlgorithmECC(signKey, scheme, ctx); # endif // ALG_ECC # if ALG_SM2 - case TPM_ALG_SM2: - break; // no signing algorithm for SM2 yet - // return X509AddSigningAlgorithmSM2(signKey, scheme, ctx); + case TPM_ALG_SM2: + break; // no signing algorithm for SM2 yet +// return X509AddSigningAlgorithmSM2(signKey, scheme, ctx); # endif // ALG_SM2 - default: - break; - } + default: + break; + } return 0; } @@ -278,22 +281,22 @@ INT16 X509AddPublicKey(ASN1MarshalContext* ctx, OBJECT* object) { switch(object->publicArea.type) - { + { # if ALG_RSA - case TPM_ALG_RSA: - return X509AddPublicRSA(object, ctx); + case TPM_ALG_RSA: + return X509AddPublicRSA(object, ctx); # endif # if ALG_ECC - case TPM_ALG_ECC: - return X509AddPublicECC(object, ctx); + case TPM_ALG_ECC: + return X509AddPublicECC(object, ctx); # endif # if ALG_SM2 - case TPM_ALG_SM2: - break; + case TPM_ALG_SM2: + break; # endif - default: - break; - } + default: + break; + } return FALSE; } diff --git a/src/tpm2/X509_spt_fp.h b/src/tpm2/X509_spt_fp.h index 96a15875..268feafc 100644 --- a/src/tpm2/X509_spt_fp.h +++ b/src/tpm2/X509_spt_fp.h @@ -1,98 +1,132 @@ -/********************************************************************************/ -/* */ -/* X509 Support */ -/* Written by Ken Goldman */ -/* IBM Thomas J. Watson Research Center */ -/* $Id: X509_spt_fp.h 1490 2019-07-26 21:13:22Z kgoldman $ */ -/* */ -/* Licenses and Notices */ -/* */ -/* 1. Copyright Licenses: */ -/* */ -/* - Trusted Computing Group (TCG) grants to the user of the source code in */ -/* this specification (the "Source Code") a worldwide, irrevocable, */ -/* nonexclusive, royalty free, copyright license to reproduce, create */ -/* derivative works, distribute, display and perform the Source Code and */ -/* derivative works thereof, and to grant others the rights granted herein. */ -/* */ -/* - The TCG grants to the user of the other parts of the specification */ -/* (other than the Source Code) the rights to reproduce, distribute, */ -/* display, and perform the specification solely for the purpose of */ -/* developing products based on such documents. */ -/* */ -/* 2. Source Code Distribution Conditions: */ -/* */ -/* - Redistributions of Source Code must retain the above copyright licenses, */ -/* this list of conditions and the following disclaimers. */ -/* */ -/* - Redistributions in binary form must reproduce the above copyright */ -/* licenses, this list of conditions and the following disclaimers in the */ -/* documentation and/or other materials provided with the distribution. */ -/* */ -/* 3. Disclaimers: */ -/* */ -/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ -/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ -/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ -/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ -/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ -/* information on specification licensing rights available through TCG */ -/* membership agreements. */ -/* */ -/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ -/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ -/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ -/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ -/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ -/* */ -/* - Without limitation, TCG and its members and licensors disclaim all */ -/* liability, including liability for infringement of any proprietary */ -/* rights, relating to use of information in this specification and to the */ -/* implementation of this specification, and TCG disclaims all liability for */ -/* cost of procurement of substitute goods or services, lost profits, loss */ -/* of use, loss of data or any incidental, consequential, direct, indirect, */ -/* or special damages, whether under contract, tort, warranty or otherwise, */ -/* arising in any way out of use or reliance upon this specification or any */ -/* information herein. */ -/* */ -/* (c) Copyright IBM Corp. and others, 2019. */ -/* */ -/********************************************************************************/ - -#ifndef X509_SPT_FP_H -#define X509_SPT_FP_H - -BOOL -X509FindExtensionByOID( - ASN1UnmarshalContext *ctxIn, // IN: the context to search - ASN1UnmarshalContext *ctx, // OUT: the extension context - const BYTE *OID // IN: oid to search for - ); -UINT32 -X509GetExtensionBits( - ASN1UnmarshalContext *ctx, - UINT32 *value - ); -TPM_RC -X509ProcessExtensions( - OBJECT *object, // IN: The object with the attributes to - // check - stringRef *extension // IN: The start and length of the extensions - ); -INT16 -X509AddSigningAlgorithm( - ASN1MarshalContext *ctx, - OBJECT *signKey, - TPMT_SIG_SCHEME *scheme - ); -INT16 -X509AddPublicKey( - ASN1MarshalContext *ctx, - OBJECT *object - ); -INT16 -X509PushAlgorithmIdentifierSequence( - ASN1MarshalContext *ctx, - const BYTE *OID - ); -#endif +/********************************************************************************/ +/* */ +/* X509 Support */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* $Id: X509_spt_fp.h 1490 2019-07-26 21:13:22Z kgoldman $ */ +/* */ +/* Licenses and Notices */ +/* */ +/* 1. Copyright Licenses: */ +/* */ +/* - Trusted Computing Group (TCG) grants to the user of the source code in */ +/* this specification (the "Source Code") a worldwide, irrevocable, */ +/* nonexclusive, royalty free, copyright license to reproduce, create */ +/* derivative works, distribute, display and perform the Source Code and */ +/* derivative works thereof, and to grant others the rights granted herein. */ +/* */ +/* - The TCG grants to the user of the other parts of the specification */ +/* (other than the Source Code) the rights to reproduce, distribute, */ +/* display, and perform the specification solely for the purpose of */ +/* developing products based on such documents. */ +/* */ +/* 2. Source Code Distribution Conditions: */ +/* */ +/* - Redistributions of Source Code must retain the above copyright licenses, */ +/* this list of conditions and the following disclaimers. */ +/* */ +/* - Redistributions in binary form must reproduce the above copyright */ +/* licenses, this list of conditions and the following disclaimers in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* 3. Disclaimers: */ +/* */ +/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ +/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ +/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ +/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ +/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ +/* information on specification licensing rights available through TCG */ +/* membership agreements. */ +/* */ +/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ +/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ +/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ +/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ +/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ +/* */ +/* - Without limitation, TCG and its members and licensors disclaim all */ +/* liability, including liability for infringement of any proprietary */ +/* rights, relating to use of information in this specification and to the */ +/* implementation of this specification, and TCG disclaims all liability for */ +/* cost of procurement of substitute goods or services, lost profits, loss */ +/* of use, loss of data or any incidental, consequential, direct, indirect, */ +/* or special damages, whether under contract, tort, warranty or otherwise, */ +/* arising in any way out of use or reliance upon this specification or any */ +/* information herein. */ +/* */ +/* (c) Copyright IBM Corp. and others, 2019. */ +/* */ +/********************************************************************************/ + +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Nov 14, 2019 Time: 05:57:02PM + */ + +#ifndef _X509_SPT_FP_H_ +#define _X509_SPT_FP_H_ + +//*** X509FindExtensionByOID() +// This will search a list of X509 extensions to find an extension with the +// requested OID. If the extension is found, the output context ('ctx') is set up +// to point to the OID in the extension. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure (could be catastrophic) +BOOL X509FindExtensionByOID(ASN1UnmarshalContext* ctxIn, // IN: the context to search + ASN1UnmarshalContext* ctx, // OUT: the extension context + const BYTE* OID // IN: oid to search for +); + +//*** X509GetExtensionBits() +// This function will extract a bit field from an extension. If the extension doesn't +// contain a bit string, it will fail. +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +UINT32 +X509GetExtensionBits(ASN1UnmarshalContext* ctx, UINT32* value); + +//***X509ProcessExtensions() +// This function is used to process the TPMA_OBJECT and KeyUsage extensions. It is not +// in the CertifyX509.c code because it makes the code harder to follow. +// Return Type: TPM_RC +// TPM_RCS_ATTRIBUTES the attributes of object are not consistent with +// the extension setting +// TPM_RC_VALUE problem parsing the extensions +TPM_RC +X509ProcessExtensions( + OBJECT* object, // IN: The object with the attributes to + // check + stringRef* extension // IN: The start and length of the extensions +); + +//*** X509AddSigningAlgorithm() +// This creates the singing algorithm data. +// Return Type: INT16 +// > 0 number of octets added +// <= 0 failure +INT16 +X509AddSigningAlgorithm( + ASN1MarshalContext* ctx, OBJECT* signKey, TPMT_SIG_SCHEME* scheme); + +//*** X509AddPublicKey() +// This function will add the publicKey description to the DER data. If fillPtr is +// NULL, then no data is transferred and this function will indicate if the TPM +// has the values for DER-encoding of the public key. +// Return Type: INT16 +// > 0 number of octets added +// == 0 failure +INT16 +X509AddPublicKey(ASN1MarshalContext* ctx, OBJECT* object); + +//*** X509PushAlgorithmIdentifierSequence() +// The function adds the algorithm identifier sequence. +// Return Type: INT16 +// > 0 number of bytes added +// == 0 failure +INT16 +X509PushAlgorithmIdentifierSequence(ASN1MarshalContext* ctx, const BYTE* OID); + +#endif // _X509_SPT_FP_H_ diff --git a/src/tpm2/ZGen_2Phase_fp.h b/src/tpm2/ZGen_2Phase_fp.h index 6bfb9746..252d2e8e 100644 --- a/src/tpm2/ZGen_2Phase_fp.h +++ b/src/tpm2/ZGen_2Phase_fp.h @@ -59,35 +59,41 @@ /* */ /********************************************************************************/ -/* rev 119 */ -#ifndef ZGEN_2PHASE_FP_H -#define ZGEN_2PHASE_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT keyA; - TPM2B_ECC_POINT inQsB; - TPM2B_ECC_POINT inQeB; - TPMI_ECC_KEY_EXCHANGE inScheme; - UINT16 counter; +#if CC_ZGen_2Phase // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ZGEN_2PHASE_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ZGEN_2PHASE_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT keyA; + TPM2B_ECC_POINT inQsB; + TPM2B_ECC_POINT inQeB; + TPMI_ECC_KEY_EXCHANGE inScheme; + UINT16 counter; } ZGen_2Phase_In; -#define RC_ZGen_2Phase_keyA (TPM_RC_H + TPM_RC_1) -#define RC_ZGen_2Phase_inQsB (TPM_RC_P + TPM_RC_1) -#define RC_ZGen_2Phase_inQeB (TPM_RC_P + TPM_RC_2) -#define RC_ZGen_2Phase_inScheme (TPM_RC_P + TPM_RC_3) -#define RC_ZGen_2Phase_counter (TPM_RC_P + TPM_RC_4) - -typedef struct { - TPM2B_ECC_POINT outZ1; - TPM2B_ECC_POINT outZ2; +// Output structure definition +typedef struct +{ + TPM2B_ECC_POINT outZ1; + TPM2B_ECC_POINT outZ2; } ZGen_2Phase_Out; +// Response code modifiers +# define RC_ZGen_2Phase_keyA (TPM_RC_H + TPM_RC_1) +# define RC_ZGen_2Phase_inQsB (TPM_RC_P + TPM_RC_1) +# define RC_ZGen_2Phase_inQeB (TPM_RC_P + TPM_RC_2) +# define RC_ZGen_2Phase_inScheme (TPM_RC_P + TPM_RC_3) +# define RC_ZGen_2Phase_counter (TPM_RC_P + TPM_RC_4) + +// Function prototype TPM_RC -TPM2_ZGen_2Phase( - ZGen_2Phase_In *in, // IN: input parameter list - ZGen_2Phase_Out *out // OUT: output parameter list - ); +TPM2_ZGen_2Phase(ZGen_2Phase_In* in, ZGen_2Phase_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ZGEN_2PHASE_FP_H_ +#endif // CC_ZGen_2Phase diff --git a/src/tpm2/_TPM_Hash_Data_fp.h b/src/tpm2/_TPM_Hash_Data_fp.h index 0da24c59..ee17c383 100644 --- a/src/tpm2/_TPM_Hash_Data_fp.h +++ b/src/tpm2/_TPM_Hash_Data_fp.h @@ -59,14 +59,17 @@ /* */ /********************************************************************************/ -#ifndef _TPM_HASH_DATA_FP_H -#define _TPM_HASH_DATA_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ -LIB_EXPORT void -_TPM_Hash_Data( - uint32_t dataSize, // IN: size of data to be extend - unsigned char *data // IN: data buffer - ); +#ifndef __TPM_HASH_DATA_FP_H_ +#define __TPM_HASH_DATA_FP_H_ +// This function is called to process a _TPM_Hash_Data indication. +LIB_EXPORT void _TPM_Hash_Data(uint32_t dataSize, // IN: size of data to be extend + unsigned char* data // IN: data buffer +); -#endif +#endif // __TPM_HASH_DATA_FP_H_ diff --git a/src/tpm2/_TPM_Hash_End_fp.h b/src/tpm2/_TPM_Hash_End_fp.h index c99c7f63..e1ab079c 100644 --- a/src/tpm2/_TPM_Hash_End_fp.h +++ b/src/tpm2/_TPM_Hash_End_fp.h @@ -59,13 +59,15 @@ /* */ /********************************************************************************/ -#ifndef _TPM_HASH_END_FP_H -#define _TPM_HASH_END_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ -LIB_EXPORT void -_TPM_Hash_End( - void - ); +#ifndef __TPM_HASH_END_FP_H_ +#define __TPM_HASH_END_FP_H_ +// This function is called to process a _TPM_Hash_End indication. +LIB_EXPORT void _TPM_Hash_End(void); -#endif +#endif // __TPM_HASH_END_FP_H_ diff --git a/src/tpm2/_TPM_Hash_Start_fp.h b/src/tpm2/_TPM_Hash_Start_fp.h index 99806532..e187105d 100644 --- a/src/tpm2/_TPM_Hash_Start_fp.h +++ b/src/tpm2/_TPM_Hash_Start_fp.h @@ -59,13 +59,15 @@ /* */ /********************************************************************************/ -#ifndef _TPM_HASH_START_FP_H -#define _TPM_HASH_START_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ -LIB_EXPORT void -_TPM_Hash_Start( - void - ); +#ifndef __TPM_HASH_START_FP_H_ +#define __TPM_HASH_START_FP_H_ +// This function is called to process a _TPM_Hash_Start indication. +LIB_EXPORT void _TPM_Hash_Start(void); -#endif +#endif // __TPM_HASH_START_FP_H_ diff --git a/src/tpm2/_TPM_Init_fp.h b/src/tpm2/_TPM_Init_fp.h index 29929fb4..944da553 100644 --- a/src/tpm2/_TPM_Init_fp.h +++ b/src/tpm2/_TPM_Init_fp.h @@ -59,15 +59,15 @@ /* */ /********************************************************************************/ -#ifndef _TPM_INIT_FP_H -#define _TPM_INIT_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ -LIB_EXPORT void -_TPM_Init( - void - ); +#ifndef __TPM_INIT_FP_H_ +#define __TPM_INIT_FP_H_ +// This function is used to process a _TPM_Init indication. +LIB_EXPORT void _TPM_Init(void); - - -#endif +#endif // __TPM_INIT_FP_H_ diff --git a/src/tpm2/crypto/CryptCmac_fp.h b/src/tpm2/crypto/CryptCmac_fp.h index e9e50f0f..f61b26ce 100644 --- a/src/tpm2/crypto/CryptCmac_fp.h +++ b/src/tpm2/crypto/CryptCmac_fp.h @@ -75,7 +75,7 @@ // and block cipher algorithm. UINT16 CryptCmacStart( - SMAC_STATE* state, TPMU_PUBLIC_PARMS* keyParms, TPM_ALG_ID macAlg, TPM2B* key); + SMAC_STATE* state, TPMU_PUBLIC_PARMS* keyParms, TPM_ALG_ID macAlg, TPM2B* key); //*** CryptCmacData() // This function is used to add data to the CMAC sequence computation. The function diff --git a/src/tpm2/crypto/CryptEcc.h b/src/tpm2/crypto/CryptEcc.h index 79e60cdf..a8271f7c 100644 --- a/src/tpm2/crypto/CryptEcc.h +++ b/src/tpm2/crypto/CryptEcc.h @@ -102,7 +102,7 @@ CRYPT_INT_TYPE(ecc, ECC_BITS); #define CRYPT_ECC_NUM(name) CRYPT_INT_VAR(name, ECC_BITS) -#define CRYPT_ECC_INITIALIZED(name, initializer) \ +#define CRYPT_ECC_INITIALIZED(name, initializer) \ CRYPT_INT_INITIALIZED(name, ECC_BITS, initializer) typedef struct TPM_ECC_CURVE_METADATA diff --git a/src/tpm2/crypto/CryptEccCrypt_fp.h b/src/tpm2/crypto/CryptEccCrypt_fp.h index 249b1738..872114f8 100644 --- a/src/tpm2/crypto/CryptEccCrypt_fp.h +++ b/src/tpm2/crypto/CryptEccCrypt_fp.h @@ -59,34 +59,63 @@ /* */ /********************************************************************************/ -#ifndef CRYPTECCCRYPT_FP_H -#define CRYPTECCCRYPT_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Feb 28, 2020 Time: 03:04:48PM + */ -BOOL -CryptEccSelectScheme( - OBJECT *key, //IN: key containing default scheme - TPMT_KDF_SCHEME *scheme // IN: a decrypt scheme - ); +#ifndef _CRYPT_ECC_CRYPT_FP_H_ +#define _CRYPT_ECC_CRYPT_FP_H_ -LIB_EXPORT TPM_RC -CryptEccEncrypt( - OBJECT *key, // IN: public key of recipient - TPMT_KDF_SCHEME *scheme, // IN: scheme to use. - TPM2B_MAX_BUFFER *plainText, // IN: the text to obfuscate - TPMS_ECC_POINT *c1, // OUT: public ephemeral key - TPM2B_MAX_BUFFER *c2, // OUT: obfuscated text - TPM2B_DIGEST *c3 // OUT: digest of ephemeral key - // and plainText - ); -LIB_EXPORT TPM_RC -CryptEccDecrypt( - OBJECT *key, // IN: key used for data recovery - TPMT_KDF_SCHEME *scheme, // IN: scheme to use. - TPM2B_MAX_BUFFER *plainText, // OUT: the recovered text - TPMS_ECC_POINT *c1, // IN: public ephemeral key - TPM2B_MAX_BUFFER *c2, // IN: obfuscated text - TPM2B_DIGEST *c3 // IN: digest of ephemeral key - // and plainText - ); +#if CC_ECC_Encrypt || CC_ECC_Encrypt -#endif +//*** CryptEccSelectScheme() +// This function is used by TPM2_ECC_Decrypt and TPM2_ECC_Encrypt. It sets scheme +// either the input scheme or the key scheme. If they key scheme is not TPM_ALG_NULL +// then the input scheme must be TPM_ALG_NULL or the same as the key scheme. If +// not, then the function returns FALSE. +// Return Type: BOOL +// TRUE 'scheme' is set +// FALSE 'scheme' is not valid (it may have been changed). +BOOL CryptEccSelectScheme(OBJECT* key, //IN: key containing default scheme + TPMT_KDF_SCHEME* scheme // IN: a decrypt scheme +); + +//*** CryptEccEncrypt() +//This function performs ECC-based data obfuscation. The only scheme that is currently +// supported is MGF1 based. See Part 1, Annex D for details. +// Return Type: TPM_RC +// TPM_RC_CURVE unsupported curve +// TPM_RC_HASH hash not allowed +// TPM_RC_SCHEME 'scheme' is not supported +// TPM_RC_NO_RESULT internal error in big number processing +LIB_EXPORT TPM_RC CryptEccEncrypt( + OBJECT* key, // IN: public key of recipient + TPMT_KDF_SCHEME* scheme, // IN: scheme to use. + TPM2B_MAX_BUFFER* plainText, // IN: the text to obfuscate + TPMS_ECC_POINT* c1, // OUT: public ephemeral key + TPM2B_MAX_BUFFER* c2, // OUT: obfuscated text + TPM2B_DIGEST* c3 // OUT: digest of ephemeral key + // and plainText +); + +//*** CryptEccDecrypt() +// This function performs ECC decryption and integrity check of the input data. +// Return Type: TPM_RC +// TPM_RC_CURVE unsupported curve +// TPM_RC_HASH hash not allowed +// TPM_RC_SCHEME 'scheme' is not supported +// TPM_RC_NO_RESULT internal error in big number processing +// TPM_RC_VALUE C3 did not match hash of recovered data +LIB_EXPORT TPM_RC CryptEccDecrypt( + OBJECT* key, // IN: key used for data recovery + TPMT_KDF_SCHEME* scheme, // IN: scheme to use. + TPM2B_MAX_BUFFER* plainText, // OUT: the recovered text + TPMS_ECC_POINT* c1, // IN: public ephemeral key + TPM2B_MAX_BUFFER* c2, // IN: obfuscated text + TPM2B_DIGEST* c3 // IN: digest of ephemeral key + // and plainText +); +#endif // CC_ECC_Encrypt || CC_ECC_Encrypt + +#endif // _CRYPT_ECC_CRYPT_FP_H_ diff --git a/src/tpm2/crypto/CryptEccKeyExchange_fp.h b/src/tpm2/crypto/CryptEccKeyExchange_fp.h index e60dbac4..2edfed2d 100644 --- a/src/tpm2/crypto/CryptEccKeyExchange_fp.h +++ b/src/tpm2/crypto/CryptEccKeyExchange_fp.h @@ -74,15 +74,15 @@ // Return Type: TPM_RC // TPM_RC_SCHEME scheme is not defined LIB_EXPORT TPM_RC CryptEcc2PhaseKeyExchange( - TPMS_ECC_POINT* outZ1, // OUT: a computed point - TPMS_ECC_POINT* outZ2, // OUT: and optional second point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM_ALG_ID scheme, // IN: the key exchange scheme - TPM2B_ECC_PARAMETER* dsA, // IN: static private TPM key - TPM2B_ECC_PARAMETER* deA, // IN: ephemeral private TPM key - TPMS_ECC_POINT* QsB, // IN: static public party B key - TPMS_ECC_POINT* QeB // IN: ephemeral public party B key - ); + TPMS_ECC_POINT* outZ1, // OUT: a computed point + TPMS_ECC_POINT* outZ2, // OUT: and optional second point + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPM_ALG_ID scheme, // IN: the key exchange scheme + TPM2B_ECC_PARAMETER* dsA, // IN: static private TPM key + TPM2B_ECC_PARAMETER* deA, // IN: ephemeral private TPM key + TPMS_ECC_POINT* QsB, // IN: static public party B key + TPMS_ECC_POINT* QeB // IN: ephemeral public party B key +); # if ALG_SM2 //*** SM2KeyExchange() @@ -99,13 +99,13 @@ LIB_EXPORT TPM_RC CryptEcc2PhaseKeyExchange( // TPM_RC_NO_RESULT the value for dsA does not give a valid point on the // curve LIB_EXPORT TPM_RC SM2KeyExchange( - TPMS_ECC_POINT* outZ, // OUT: the computed point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM2B_ECC_PARAMETER* dsAIn, // IN: static private TPM key - TPM2B_ECC_PARAMETER* deAIn, // IN: ephemeral private TPM key - TPMS_ECC_POINT* QsBIn, // IN: static public party B key - TPMS_ECC_POINT* QeBIn // IN: ephemeral public party B key - ); + TPMS_ECC_POINT* outZ, // OUT: the computed point + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPM2B_ECC_PARAMETER* dsAIn, // IN: static private TPM key + TPM2B_ECC_PARAMETER* deAIn, // IN: ephemeral private TPM key + TPMS_ECC_POINT* QsBIn, // IN: static public party B key + TPMS_ECC_POINT* QeBIn // IN: ephemeral public party B key +); # endif #endif // CC_ZGen_2Phase diff --git a/src/tpm2/crypto/CryptEccMain_fp.h b/src/tpm2/crypto/CryptEccMain_fp.h index 94f0015f..fea3c477 100644 --- a/src/tpm2/crypto/CryptEccMain_fp.h +++ b/src/tpm2/crypto/CryptEccMain_fp.h @@ -84,7 +84,7 @@ BOOL CryptEccStartup(void); //*** ClearPoint2B(generic) // Initialize the size values of a TPMS_ECC_POINT structure. void ClearPoint2B(TPMS_ECC_POINT* p // IN: the point - ); +); //*** CryptEccGetParametersByCurveId() // This function returns a pointer to the curve data that is associated with @@ -95,13 +95,13 @@ void ClearPoint2B(TPMS_ECC_POINT* p // IN: the point // NULL curve with the indicated TPM_ECC_CURVE is not implemented // != NULL pointer to the curve data LIB_EXPORT const TPM_ECC_CURVE_METADATA* CryptEccGetParametersByCurveId( - TPM_ECC_CURVE curveId // IN: the curveID - ); + TPM_ECC_CURVE curveId // IN: the curveID +); //*** CryptEccGetKeySizeForCurve() // This function returns the key size in bits of the indicated curve. LIB_EXPORT UINT16 CryptEccGetKeySizeForCurve(TPM_ECC_CURVE curveId // IN: the curve - ); +); //***CryptEccGetOID() const BYTE* CryptEccGetOID(TPM_ECC_CURVE curveId); @@ -119,20 +119,20 @@ LIB_EXPORT TPM_ECC_CURVE CryptEccGetCurveByIndex(UINT16 i); // NO if there are more ECC curves not reported TPMI_YES_NO CryptCapGetECCCurve(TPM_ECC_CURVE curveID, // IN: the starting ECC curve - UINT32 maxCount, // IN: count of returned curves - TPML_ECC_CURVE* curveList // OUT: ECC curve list - ); + UINT32 maxCount, // IN: count of returned curves + TPML_ECC_CURVE* curveList // OUT: ECC curve list +); //*** CryptCapGetOneECCCurve() // This function returns whether the ECC curve is implemented. BOOL CryptCapGetOneECCCurve(TPM_ECC_CURVE curveID // IN: the ECC curve - ); +); //*** CryptGetCurveSignScheme() // This function will return a pointer to the scheme of the curve. const TPMT_ECC_SCHEME* CryptGetCurveSignScheme( - TPM_ECC_CURVE curveId // IN: The curve selector - ); + TPM_ECC_CURVE curveId // IN: The curve selector +); //*** CryptGenerateR() // This function computes the commit random value for a split signing scheme. @@ -146,11 +146,11 @@ const TPMT_ECC_SCHEME* CryptGetCurveSignScheme( // TRUE(1) r value computed // FALSE(0) no r value computed BOOL CryptGenerateR(TPM2B_ECC_PARAMETER* r, // OUT: the generated random value - UINT16* c, // IN/OUT: count value. - TPMI_ECC_CURVE curveID, // IN: the curve for the value - TPM2B_NAME* name // IN: optional name of a key to - // associate with 'r' - ); + UINT16* c, // IN/OUT: count value. + TPMI_ECC_CURVE curveID, // IN: the curve for the value + TPM2B_NAME* name // IN: optional name of a key to + // associate with 'r' +); //*** CryptCommit() // This function is called when the count value is committed. The 'gr.commitArray' @@ -164,7 +164,7 @@ CryptCommit(void); // is completed. It clears the gr.commitArray bit associated with the count // value so that it can't be used again. void CryptEndCommit(UINT16 c // IN: the counter value of the commitment - ); +); //*** CryptEccGetParameters() // This function returns the ECC parameter details of the given curve. @@ -172,18 +172,18 @@ void CryptEndCommit(UINT16 c // IN: the counter value of the commitment // TRUE(1) success // FALSE(0) unsupported ECC curve ID BOOL CryptEccGetParameters( - TPM_ECC_CURVE curveId, // IN: ECC curve ID - TPMS_ALGORITHM_DETAIL_ECC* parameters // OUT: ECC parameters - ); + TPM_ECC_CURVE curveId, // IN: ECC curve ID + TPMS_ALGORITHM_DETAIL_ECC* parameters // OUT: ECC parameters +); //*** TpmEcc_IsValidPrivateEcc() // Checks that 0 < 'x' < 'q' BOOL TpmEcc_IsValidPrivateEcc(const Crypt_Int* x, // IN: private key to check - const Crypt_EccCurve* E // IN: the curve to check - ); + const Crypt_EccCurve* E // IN: the curve to check +); LIB_EXPORT BOOL CryptEccIsValidPrivateKey(TPM2B_ECC_PARAMETER* d, - TPM_ECC_CURVE curveId); + TPM_ECC_CURVE curveId); //*** TpmEcc_PointMult() // This function does a point multiply of the form 'R' = ['d']'S' + ['u']'Q' where the @@ -199,12 +199,12 @@ LIB_EXPORT BOOL CryptEccIsValidPrivateKey(TPM2B_ECC_PARAMETER* d, // TPM_RC_VALUE 'd' or 'u' is not < n TPM_RC TpmEcc_PointMult(Crypt_Point* R, // OUT: computed point - const Crypt_Point* S, // IN: optional point to multiply by 'd' - const Crypt_Int* d, // IN: scalar for [d]S or [d]G - const Crypt_Point* Q, // IN: optional second point - const Crypt_Int* u, // IN: optional second scalar - const Crypt_EccCurve* E // IN: curve parameters - ); + const Crypt_Point* S, // IN: optional point to multiply by 'd' + const Crypt_Int* d, // IN: scalar for [d]S or [d]G + const Crypt_Point* Q, // IN: optional second point + const Crypt_Int* u, // IN: optional second scalar + const Crypt_EccCurve* E // IN: curve parameters +); //***TpmEcc_GenPrivateScalar() // This function gets random values that are the size of the key plus 64 bits. The @@ -216,40 +216,40 @@ TpmEcc_PointMult(Crypt_Point* R, // OUT: computed point // FALSE(0) failure generating private key #if !USE_OPENSSL_FUNCTIONS_EC // libtpms: added BOOL TpmEcc_GenPrivateScalar( - Crypt_Int* dOut, // OUT: the qualified random value - const Crypt_EccCurve* E, // IN: curve for which the private key - // needs to be appropriate - RAND_STATE* rand // IN: state for DRBG - ); + Crypt_Int* dOut, // OUT: the qualified random value + const Crypt_EccCurve* E, // IN: curve for which the private key + // needs to be appropriate + RAND_STATE* rand // IN: state for DRBG +); #else // libtpms: added begin BOOL TpmEcc_GenPrivateScalar( - Crypt_Int* dOut, // OUT: the qualified random value - const Crypt_EccCurve* E, // IN: curve for which the private key - // needs to be appropriate - const EC_GROUP* G, // IN: the EC_GROUP to use; must be != NULL for rand == NULL - BOOL noLeadingZeros, // IN: require that all bytes in the private key be set + Crypt_Int* dOut, // OUT: the qualified random value + const Crypt_EccCurve* E, // IN: curve for which the private key + // needs to be appropriate + const EC_GROUP* G, // IN: the EC_GROUP to use; must be != NULL for rand == NULL + BOOL noLeadingZeros, // IN: require that all bytes in the private key be set // result may not have leading zero bytes - RAND_STATE* rand // IN: state for DRBG - ); + RAND_STATE* rand // IN: state for DRBG +); #endif // libtpms: added end //*** TpmEcc_GenerateKeyPair() // This function gets a private scalar from the source of random bits and does // the point multiply to get the public key. BOOL TpmEcc_GenerateKeyPair(Crypt_Int* bnD, // OUT: private scalar - Crypt_Point* ecQ, // OUT: public point - const Crypt_EccCurve* E, // IN: curve for the point - RAND_STATE* rand // IN: DRBG state to use - ); + Crypt_Point* ecQ, // OUT: public point + const Crypt_EccCurve* E, // IN: curve for the point + RAND_STATE* rand // IN: DRBG state to use +); //***CryptEccNewKeyPair(***) // This function creates an ephemeral ECC. It is ephemeral in that // is expected that the private part of the key will be discarded LIB_EXPORT TPM_RC CryptEccNewKeyPair( - TPMS_ECC_POINT* Qout, // OUT: the public point - TPM2B_ECC_PARAMETER* dOut, // OUT: the private scalar - TPM_ECC_CURVE curveId // IN: the curve for the key - ); + TPMS_ECC_POINT* Qout, // OUT: the public point + TPM2B_ECC_PARAMETER* dOut, // OUT: the private scalar + TPM_ECC_CURVE curveId // IN: the curve for the key +); //*** CryptEccPointMultiply() // This function computes 'R' := ['dIn']'G' + ['uIn']'QIn'. Where 'dIn' and @@ -278,15 +278,15 @@ LIB_EXPORT TPM_RC CryptEccNewKeyPair( // TPM_RC_VALUE 'dIn' or 'uIn' out of range // LIB_EXPORT TPM_RC CryptEccPointMultiply( - TPMS_ECC_POINT* Rout, // OUT: the product point R - TPM_ECC_CURVE curveId, // IN: the curve to use - TPMS_ECC_POINT* Pin, // IN: first point (can be null) - TPM2B_ECC_PARAMETER* dIn, // IN: scalar value for [dIn]Qin - // the Pin - TPMS_ECC_POINT* Qin, // IN: point Q - TPM2B_ECC_PARAMETER* uIn // IN: scalar value for the multiplier - // of Q - ); + TPMS_ECC_POINT* Rout, // OUT: the product point R + TPM_ECC_CURVE curveId, // IN: the curve to use + TPMS_ECC_POINT* Pin, // IN: first point (can be null) + TPM2B_ECC_PARAMETER* dIn, // IN: scalar value for [dIn]Qin + // the Pin + TPMS_ECC_POINT* Qin, // IN: point Q + TPM2B_ECC_PARAMETER* uIn // IN: scalar value for the multiplier + // of Q +); //*** CryptEccIsPointOnCurve() // This function is used to test if a point is on a defined curve. It does this @@ -297,9 +297,9 @@ LIB_EXPORT TPM_RC CryptEccPointMultiply( // TRUE(1) point is on curve // FALSE(0) point is not on curve or curve is not supported LIB_EXPORT BOOL CryptEccIsPointOnCurve( - TPM_ECC_CURVE curveId, // IN: the curve selector - TPMS_ECC_POINT* Qin // IN: the point. - ); + TPM_ECC_CURVE curveId, // IN: the curve selector + TPMS_ECC_POINT* Qin // IN: the point. +); //*** CryptEccGenerateKey() // This function generates an ECC key pair based on the input parameters. @@ -316,17 +316,17 @@ LIB_EXPORT BOOL CryptEccIsPointOnCurve( // TPM_RC_CURVE curve is not supported // TPM_RC_NO_RESULT could not verify key with signature (FIPS only) LIB_EXPORT TPM_RC CryptEccGenerateKey( - TPMT_PUBLIC* publicArea, // IN/OUT: The public area template for - // the new key. The public key - // area will be replaced computed - // ECC public key - TPMT_SENSITIVE* sensitive, // OUT: the sensitive area will be - // updated to contain the private - // ECC key and the symmetric - // encryption key - RAND_STATE* rand // IN: if not NULL, the deterministic - // RNG state - ); + TPMT_PUBLIC* publicArea, // IN/OUT: The public area template for + // the new key. The public key + // area will be replaced computed + // ECC public key + TPMT_SENSITIVE* sensitive, // OUT: the sensitive area will be + // updated to contain the private + // ECC key and the symmetric + // encryption key + RAND_STATE* rand // IN: if not NULL, the deterministic + // RNG state +); // libtpms: added begin LIB_EXPORT BOOL diff --git a/src/tpm2/crypto/CryptEccSignature_fp.h b/src/tpm2/crypto/CryptEccSignature_fp.h index dfa15b2f..3851f82c 100644 --- a/src/tpm2/crypto/CryptEccSignature_fp.h +++ b/src/tpm2/crypto/CryptEccSignature_fp.h @@ -82,10 +82,10 @@ // Return Type: TPM_RC // TPM_RC_SCHEME 'scheme' is not supported LIB_EXPORT TPM_RC CryptEccSign(TPMT_SIGNATURE* signature, // OUT: signature - OBJECT* signKey, // IN: ECC key to sign the hash - const TPM2B_DIGEST* digest, // IN: digest to sign - TPMT_ECC_SCHEME* scheme, // IN: signing scheme - RAND_STATE* rand); + OBJECT* signKey, // IN: ECC key to sign the hash + const TPM2B_DIGEST* digest, // IN: digest to sign + TPMT_ECC_SCHEME* scheme, // IN: signing scheme + RAND_STATE* rand); //*** CryptEccValidateSignature() // This function validates an EcDsa or EcSchnorr signature. @@ -93,10 +93,10 @@ LIB_EXPORT TPM_RC CryptEccSign(TPMT_SIGNATURE* signature, // OUT: signature // Return Type: TPM_RC // TPM_RC_SIGNATURE not a valid signature LIB_EXPORT TPM_RC CryptEccValidateSignature( - TPMT_SIGNATURE* signature, // IN: signature to be verified - OBJECT* signKey, // IN: ECC key signed the hash - const TPM2B_DIGEST* digest // IN: digest that was signed - ); + TPMT_SIGNATURE* signature, // IN: signature to be verified + OBJECT* signKey, // IN: ECC key signed the hash + const TPM2B_DIGEST* digest // IN: digest that was signed +); //***CryptEccCommitCompute() // This function performs the point multiply operations required by TPM2_Commit. @@ -115,15 +115,15 @@ LIB_EXPORT TPM_RC CryptEccValidateSignature( // TPM_RC_CANCELED a cancel indication was asserted during this // function LIB_EXPORT TPM_RC CryptEccCommitCompute( - TPMS_ECC_POINT* K, // OUT: [d]B or [r]Q - TPMS_ECC_POINT* L, // OUT: [r]B - TPMS_ECC_POINT* E, // OUT: [r]M - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPMS_ECC_POINT* M, // IN: M (optional) - TPMS_ECC_POINT* B, // IN: B (optional) - TPM2B_ECC_PARAMETER* d, // IN: d (optional) - TPM2B_ECC_PARAMETER* r // IN: the computed r value (required) - ); + TPMS_ECC_POINT* K, // OUT: [d]B or [r]Q + TPMS_ECC_POINT* L, // OUT: [r]B + TPMS_ECC_POINT* E, // OUT: [r]M + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPMS_ECC_POINT* M, // IN: M (optional) + TPMS_ECC_POINT* B, // IN: B (optional) + TPM2B_ECC_PARAMETER* d, // IN: d (optional) + TPM2B_ECC_PARAMETER* r // IN: the computed r value (required) +); #endif // ALG_ECC #endif // _CRYPT_ECC_SIGNATURE_FP_H_ diff --git a/src/tpm2/crypto/CryptHash.h b/src/tpm2/crypto/CryptHash.h index a140043f..80ab629e 100644 --- a/src/tpm2/crypto/CryptHash.h +++ b/src/tpm2/crypto/CryptHash.h @@ -59,288 +59,297 @@ /* */ /********************************************************************************/ -#ifndef CRYPTHASH_H -#define CRYPTHASH_H +//** Introduction +// This header contains the hash structure definitions used in the TPM code +// to define the amount of space to be reserved for the hash state. This allows +// the TPM code to not have to import all of the symbols used by the hash +// computations. This lets the build environment of the TPM code not to have +// include the header files associated with the CryptoEngine code. -/* 10.1.3.1 Introduction */ +#ifndef _CRYPT_HASH_H +#define _CRYPT_HASH_H -/* This header contains the hash structure definitions used in the TPM code to define the amount of - space to be reserved for the hash state. This allows the TPM code to not have to import all of - the symbols used by the hash computations. This lets the build environment of the TPM code not to - have include the header files associated with the CryptoEngine() code. */ - -/* 10.1.3.2 Hash-related Structures */ +//** Hash-related Structures union SMAC_STATES; -/* These definitions add the high-level methods for processing state that may be an SMAC */ -typedef void(* SMAC_DATA_METHOD)( - union SMAC_STATES *state, - UINT32 size, - const BYTE *buffer - ); -typedef UINT16(* SMAC_END_METHOD)( - union SMAC_STATES *state, - UINT32 size, - BYTE *buffer - ); -typedef struct sequenceMethods { - SMAC_DATA_METHOD data; - SMAC_END_METHOD end; +// These definitions add the high-level methods for processing state that may be +// an SMAC +typedef void (*SMAC_DATA_METHOD)( + union SMAC_STATES* state, UINT32 size, const BYTE* buffer); + +typedef UINT16 (*SMAC_END_METHOD)( + union SMAC_STATES* state, UINT32 size, BYTE* buffer); + +typedef struct sequenceMethods +{ + SMAC_DATA_METHOD data; + SMAC_END_METHOD end; } SMAC_METHODS; + #define SMAC_IMPLEMENTED (CC_MAC || CC_MAC_Start) -/* These definitions are here because the SMAC state is in the union of hash states. */ - -typedef struct tpmCmacState { - TPM_ALG_ID symAlg; - UINT16 keySizeBits; - INT16 bcount; // current count of bytes accumulated in IV - TPM2B_IV iv; // IV buffer - TPM2B_SYM_KEY symKey; +// These definitions are here because the SMAC state is in the union of hash states. +typedef struct tpmCmacState +{ + TPM_ALG_ID symAlg; + UINT16 keySizeBits; + INT16 bcount; // current count of bytes accumulated in IV + TPM2B_IV iv; // IV buffer + TPM2B_SYM_KEY symKey; } tpmCmacState_t; -typedef union SMAC_STATES { +typedef union SMAC_STATES +{ #if ALG_CMAC - tpmCmacState_t cmac; + tpmCmacState_t cmac; #endif - UINT64 pad; + UINT64 pad; } SMAC_STATES; -typedef struct SMAC_STATE { - SMAC_METHODS smacMethods; - SMAC_STATES state; +typedef struct SMAC_STATE +{ + SMAC_METHODS smacMethods; + SMAC_STATES state; } SMAC_STATE; #if ALG_SHA1 -# define IF_IMPLEMENTED_SHA1(op) op(SHA1, Sha1) +# define IF_IMPLEMENTED_SHA1(op) op(SHA1, Sha1) #else -# define IF_IMPLEMENTED_SHA1(op) +# define IF_IMPLEMENTED_SHA1(op) #endif #if ALG_SHA256 -# define IF_IMPLEMENTED_SHA256(op) op(SHA256, Sha256) +# define IF_IMPLEMENTED_SHA256(op) op(SHA256, Sha256) #else -# define IF_IMPLEMENTED_SHA256(op) +# define IF_IMPLEMENTED_SHA256(op) #endif #if ALG_SHA384 -# define IF_IMPLEMENTED_SHA384(op) op(SHA384, Sha384) +# define IF_IMPLEMENTED_SHA384(op) op(SHA384, Sha384) #else -# define IF_IMPLEMENTED_SHA384(op) +# define IF_IMPLEMENTED_SHA384(op) #endif #if ALG_SHA512 -# define IF_IMPLEMENTED_SHA512(op) op(SHA512, Sha512) +# define IF_IMPLEMENTED_SHA512(op) op(SHA512, Sha512) #else -# define IF_IMPLEMENTED_SHA512(op) +# define IF_IMPLEMENTED_SHA512(op) #endif #if ALG_SM3_256 -# define IF_IMPLEMENTED_SM3_256(op) op(SM3_256, Sm3_256) +# define IF_IMPLEMENTED_SM3_256(op) op(SM3_256, Sm3_256) #else -# define IF_IMPLEMENTED_SM3_256(op) +# define IF_IMPLEMENTED_SM3_256(op) #endif #if ALG_SHA3_256 -# define IF_IMPLEMENTED_SHA3_256(op) op(SHA3_256, Sha3_256) +# define IF_IMPLEMENTED_SHA3_256(op) op(SHA3_256, Sha3_256) #else -# define IF_IMPLEMENTED_SHA3_256(op) +# define IF_IMPLEMENTED_SHA3_256(op) #endif #if ALG_SHA3_384 -# define IF_IMPLEMENTED_SHA3_384(op) op(SHA3_384, Sha3_384) +# define IF_IMPLEMENTED_SHA3_384(op) op(SHA3_384, Sha3_384) #else -# define IF_IMPLEMENTED_SHA3_384(op) +# define IF_IMPLEMENTED_SHA3_384(op) #endif #if ALG_SHA3_512 -# define IF_IMPLEMENTED_SHA3_512(op) op(SHA3_512, Sha3_512) +# define IF_IMPLEMENTED_SHA3_512(op) op(SHA3_512, Sha3_512) #else -# define IF_IMPLEMENTED_SHA3_512(op) +# define IF_IMPLEMENTED_SHA3_512(op) #endif -/* SHA512 added kgold */ -#define FOR_EACH_HASH(op) \ - IF_IMPLEMENTED_SHA1(op) \ - IF_IMPLEMENTED_SHA256(op) \ - IF_IMPLEMENTED_SHA384(op) \ - IF_IMPLEMENTED_SHA512(op) \ - IF_IMPLEMENTED_SM3_256(op) \ - IF_IMPLEMENTED_SHA3_256(op) \ - IF_IMPLEMENTED_SHA3_384(op) \ +#define FOR_EACH_HASH(op) \ + IF_IMPLEMENTED_SHA1(op) \ + IF_IMPLEMENTED_SHA256(op) \ + IF_IMPLEMENTED_SHA384(op) \ + IF_IMPLEMENTED_SHA512(op) \ + IF_IMPLEMENTED_SM3_256(op) \ + IF_IMPLEMENTED_SHA3_256(op) \ + IF_IMPLEMENTED_SHA3_384(op) \ IF_IMPLEMENTED_SHA3_512(op) -#define HASH_TYPE(HASH, Hash) tpmHashState##HASH##_t Hash; - +#define HASH_TYPE(HASH, Hash) tpmHashState##HASH##_t Hash; typedef union { FOR_EACH_HASH(HASH_TYPE) - // Additions for symmetric block cipher MAC +// Additions for symmetric block cipher MAC #if SMAC_IMPLEMENTED - SMAC_STATE smac; + SMAC_STATE smac; #endif // to force structure alignment to be no worse than HASH_ALIGNMENT #if HASH_ALIGNMENT == 8 - uint64_t align; + uint64_t align; #else #if defined(__x86_64__) # error Wrong HASH_ALIGNMENT #endif - uint32_t align; + uint32_t align; #endif } ANY_HASH_STATE; -typedef ANY_HASH_STATE *PANY_HASH_STATE; -typedef const ANY_HASH_STATE *PCANY_HASH_STATE; -#define ALIGNED_SIZE(x, b) ((((x) + (b) - 1) / (b)) * (b)) -/* MAX_HASH_STATE_SIZE will change with each implementation. It is assumed that a hash state will - not be larger than twice the block size plus some overhead (in this case, 16 bytes). The overall - size needs to be as large as any of the hash contexts. The structure needs to start on an - alignment boundary and be an even multiple of the alignment */ -#define MAX_HASH_STATE_SIZE ((2 * MAX_HASH_BLOCK_SIZE) + 16) -#define MAX_HASH_STATE_SIZE_ALIGNED \ - ALIGNED_SIZE(MAX_HASH_STATE_SIZE, HASH_ALIGNMENT) -/* This is an aligned byte array that will hold any of the hash contexts. */ -typedef ANY_HASH_STATE ALIGNED_HASH_STATE; -/* The header associated with the hash library is expected to define the methods which include the - calling sequence. When not compiling CryptHash.c, the methods are not defined so we need - placeholder functions for the structures */ +typedef ANY_HASH_STATE* PANY_HASH_STATE; +typedef const ANY_HASH_STATE* PCANY_HASH_STATE; + +#define ALIGNED_SIZE(x, b) ((((x) + (b)-1) / (b)) * (b)) +// MAX_HASH_STATE_SIZE will change with each implementation. It is assumed that +// a hash state will not be larger than twice the block size plus some +// overhead (in this case, 16 bytes). The overall size needs to be as +// large as any of the hash contexts. The structure needs to start on an +// alignment boundary and be an even multiple of the alignment +#define MAX_HASH_STATE_SIZE ((2 * MAX_HASH_BLOCK_SIZE) + 16) +#define MAX_HASH_STATE_SIZE_ALIGNED ALIGNED_SIZE(MAX_HASH_STATE_SIZE, HASH_ALIGNMENT) + +// This is an aligned byte array that will hold any of the hash contexts. +typedef ANY_HASH_STATE ALIGNED_HASH_STATE; + +// The header associated with the hash library is expected to define the methods +// which include the calling sequence. When not compiling CryptHash.c, the methods +// are not defined so we need placeholder functions for the structures + #ifndef HASH_START_METHOD_DEF -# define HASH_START_METHOD_DEF void (HASH_START_METHOD)(void) +# define HASH_START_METHOD_DEF void(HASH_START_METHOD)(void) #endif #ifndef HASH_DATA_METHOD_DEF -# define HASH_DATA_METHOD_DEF void (HASH_DATA_METHOD)(void) +# define HASH_DATA_METHOD_DEF void(HASH_DATA_METHOD)(void) #endif #ifndef HASH_END_METHOD_DEF -# define HASH_END_METHOD_DEF void (HASH_END_METHOD)(void) +# define HASH_END_METHOD_DEF void(HASH_END_METHOD)(void) #endif #ifndef HASH_STATE_COPY_METHOD_DEF -# define HASH_STATE_COPY_METHOD_DEF void (HASH_STATE_COPY_METHOD)(void) +# define HASH_STATE_COPY_METHOD_DEF void(HASH_STATE_COPY_METHOD)(void) #endif -#ifndef HASH_STATE_EXPORT_METHOD_DEF -# define HASH_STATE_EXPORT_METHOD_DEF void (HASH_STATE_EXPORT_METHOD)(void) +#ifndef HASH_STATE_EXPORT_METHOD_DEF +# define HASH_STATE_EXPORT_METHOD_DEF void(HASH_STATE_EXPORT_METHOD)(void) #endif -#ifndef HASH_STATE_IMPORT_METHOD_DEF -# define HASH_STATE_IMPORT_METHOD_DEF void (HASH_STATE_IMPORT_METHOD)(void) +#ifndef HASH_STATE_IMPORT_METHOD_DEF +# define HASH_STATE_IMPORT_METHOD_DEF void(HASH_STATE_IMPORT_METHOD)(void) #endif -/* Define the prototypical function call for each of the methods. This defines the order in which - the parameters are passed to the underlying function. */ + +// Define the prototypical function call for each of the methods. This defines the +// order in which the parameters are passed to the underlying function. typedef HASH_START_METHOD_DEF; typedef HASH_DATA_METHOD_DEF; typedef HASH_END_METHOD_DEF; typedef HASH_STATE_COPY_METHOD_DEF; typedef HASH_STATE_EXPORT_METHOD_DEF; typedef HASH_STATE_IMPORT_METHOD_DEF; + typedef struct _HASH_METHODS { - HASH_START_METHOD *start; - HASH_DATA_METHOD *data; - HASH_END_METHOD *end; - HASH_STATE_COPY_METHOD *copy; // Copy a hash block - HASH_STATE_EXPORT_METHOD *copyOut; // Copy a hash block from a hash - // context - HASH_STATE_IMPORT_METHOD *copyIn; // Copy a hash block to a proper hash - // context + HASH_START_METHOD* start; + HASH_DATA_METHOD* data; + HASH_END_METHOD* end; + HASH_STATE_COPY_METHOD* copy; // Copy a hash block + HASH_STATE_EXPORT_METHOD* copyOut; // Copy a hash block from a hash + // context + HASH_STATE_IMPORT_METHOD* copyIn; // Copy a hash block to a proper hash + // context } HASH_METHODS, *PHASH_METHODS; -#define HASH_TPM2B(HASH, Hash) TPM2B_TYPE(HASH##_DIGEST, HASH##_DIGEST_SIZE); +#define HASH_TPM2B(HASH, Hash) TPM2B_TYPE(HASH##_DIGEST, HASH##_DIGEST_SIZE); FOR_EACH_HASH(HASH_TPM2B) -/* When the TPM implements RSA, the hash-dependent OID pointers are part of the HASH_DEF. These - macros conditionally add the OID reference to the HASH_DEF and the HASH_DEF_TEMPLATE. */ +// When the TPM implements RSA, the hash-dependent OID pointers are part of the +// HASH_DEF. These macros conditionally add the OID reference to the HASH_DEF and the +// HASH_DEF_TEMPLATE. #if ALG_RSA -#define PKCS1_HASH_REF const BYTE *PKCS1; -#define PKCS1_OID(NAME) , OID_PKCS1_##NAME +# define PKCS1_HASH_REF const BYTE* PKCS1; +# define PKCS1_OID(NAME) , OID_PKCS1_##NAME #else -#define PKCS1_HASH_REF -#define PKCS1_OID(NAME) +# define PKCS1_HASH_REF +# define PKCS1_OID(NAME) #endif -/* When the TPM implements ECC, the hash-dependent OID pointers are part of the HASH_DEF. These - macros conditionally add the OID reference to the HASH_DEF and the HASH_DEF_TEMPLATE. */ +// When the TPM implements ECC, the hash-dependent OID pointers are part of the +// HASH_DEF. These macros conditionally add the OID reference to the HASH_DEF and the +// HASH_DEF_TEMPLATE. #if ALG_ECDSA -#define ECDSA_HASH_REF const BYTE *ECDSA; -#define ECDSA_OID(NAME) , OID_ECDSA_##NAME +# define ECDSA_HASH_REF const BYTE* ECDSA; +# define ECDSA_OID(NAME) , OID_ECDSA_##NAME #else -#define ECDSA_HASH_REF -#define ECDSA_OID(NAME) +# define ECDSA_HASH_REF +# define ECDSA_OID(NAME) #endif -typedef const struct +typedef const struct HASH_DEF_STRUCT { - HASH_METHODS method; - uint16_t blockSize; - uint16_t digestSize; - uint16_t contextSize; - uint16_t hashAlg; - const BYTE *OID; + HASH_METHODS method; + uint16_t blockSize; + uint16_t digestSize; + uint16_t contextSize; + uint16_t hashAlg; + const BYTE* OID; PKCS1_HASH_REF // PKCS1 OID - ECDSA_HASH_REF // ECDSA OID + ECDSA_HASH_REF // ECDSA OID } HASH_DEF, *PHASH_DEF; -/* Macro to fill in the HASH_DEF for an algorithm. For SHA1, the instance would be: - HASH_DEF_TEMPLATE(Sha1, SHA1) This handles the difference in capitalization for the various - pieces. */ +// Macro to fill in the HASH_DEF for an algorithm. For SHA1, the instance would be: +// HASH_DEF_TEMPLATE(Sha1, SHA1) +// This handles the difference in capitalization for the various pieces. +#define HASH_DEF_TEMPLATE(HASH, Hash) \ + HASH_DEF Hash##_Def = \ + {{ \ + (HASH_START_METHOD*)&tpmHashStart_##HASH, \ + (HASH_DATA_METHOD*)&tpmHashData_##HASH, \ + (HASH_END_METHOD*)&tpmHashEnd_##HASH, \ + (HASH_STATE_COPY_METHOD*)&tpmHashStateCopy_##HASH, \ + (HASH_STATE_EXPORT_METHOD*)&tpmHashStateExport_##HASH, \ + (HASH_STATE_IMPORT_METHOD*)&tpmHashStateImport_##HASH, \ + }, \ + HASH##_BLOCK_SIZE, /*block size */ \ + HASH##_DIGEST_SIZE, /*data size */ \ + sizeof(tpmHashState##HASH##_t), \ + TPM_ALG_##HASH, \ + OID_##HASH PKCS1_OID(HASH) ECDSA_OID(HASH)}; -#define HASH_DEF_TEMPLATE(HASH, Hash) \ - HASH_DEF Hash##_Def= { \ - {(HASH_START_METHOD *)&tpmHashStart_##HASH, \ - (HASH_DATA_METHOD *)&tpmHashData_##HASH, \ - (HASH_END_METHOD *)&tpmHashEnd_##HASH, \ - (HASH_STATE_COPY_METHOD *)&tpmHashStateCopy_##HASH, \ - (HASH_STATE_EXPORT_METHOD *)&tpmHashStateExport_##HASH, \ - (HASH_STATE_IMPORT_METHOD *)&tpmHashStateImport_##HASH, \ - }, \ - HASH##_BLOCK_SIZE, /*block size */ \ - HASH##_DIGEST_SIZE, /*data size */ \ - sizeof(tpmHashState##HASH##_t), \ - TPM_ALG_##HASH, OID_##HASH \ - PKCS1_OID(HASH) ECDSA_OID(HASH)}; - -/* These definitions are for the types that can be in a hash state structure. These types are used - in the cryptographic utilities. This is a define rather than an enum so that the size of this - field can be explicit. */ -typedef BYTE HASH_STATE_TYPE; -#define HASH_STATE_EMPTY ((HASH_STATE_TYPE) 0) -#define HASH_STATE_HASH ((HASH_STATE_TYPE) 1) -#define HASH_STATE_HMAC ((HASH_STATE_TYPE) 2) +// These definitions are for the types that can be in a hash state structure. +// These types are used in the cryptographic utilities. This is a define rather than +// an enum so that the size of this field can be explicit. +typedef BYTE HASH_STATE_TYPE; +#define HASH_STATE_EMPTY ((HASH_STATE_TYPE)0) +#define HASH_STATE_HASH ((HASH_STATE_TYPE)1) +#define HASH_STATE_HMAC ((HASH_STATE_TYPE)2) #if CC_MAC || CC_MAC_Start -#define HASH_STATE_SMAC ((HASH_STATE_TYPE) 3) +# define HASH_STATE_SMAC ((HASH_STATE_TYPE)3) #endif -/* This is the structure that is used for passing a context into the hashing functions. It should be - the same size as the function context used within the hashing functions. This is checked when the - hash function is initialized. This version uses a new layout for the contexts and a different - definition. The state buffer is an array of HASH_UNIT values so that a decent compiler will put - the structure on a HASH_UNIT boundary. If the structure is not properly aligned, the code that - manipulates the structure will copy to a properly aligned structure before it is used and copy - the result back. This just makes things slower. */ -/* NOTE: This version of the state had the pointer to the update method in the state. This is to - allow the SMAC functions to use the same structure without having to replicate the entire - HASH_DEF structure. */ + +// This is the structure that is used for passing a context into the hashing +// functions. It should be the same size as the function context used within +// the hashing functions. This is checked when the hash function is initialized. +// This version uses a new layout for the contexts and a different definition. The +// state buffer is an array of HASH_UNIT values so that a decent compiler will put +// the structure on a HASH_UNIT boundary. If the structure is not properly aligned, +// the code that manipulates the structure will copy to a properly aligned +// structure before it is used and copy the result back. This just makes things +// slower. +// NOTE: This version of the state had the pointer to the update method in the +// state. This is to allow the SMAC functions to use the same structure without +// having to replicate the entire HASH_DEF structure. typedef struct _HASH_STATE { - HASH_STATE_TYPE type; // type of the context - TPM_ALG_ID hashAlg; - PHASH_DEF def; - ANY_HASH_STATE state; + HASH_STATE_TYPE type; // type of the context + TPM_ALG_ID hashAlg; + PHASH_DEF def; + ANY_HASH_STATE state; } HASH_STATE, *PHASH_STATE; -typedef const HASH_STATE *PCHASH_STATE; +typedef const HASH_STATE* PCHASH_STATE; -/* 10.1.3.3 HMAC State Structures */ -/* This header contains the hash structure definitions used in the TPM code to define the amount of - space to be reserved for the hash state. This allows the TPM code to not have to import all of - the symbols used by the hash computations. This lets the build environment of the TPM code not to - have include the header files associated with the CryptoEngine() code. */ +//** HMAC State Structures -/* An HMAC_STATE structure contains an opaque HMAC stack state. A caller would use this structure - when performing incremental HMAC operations. This structure contains a hash state and an HMAC key - and allows slightly better stack optimization than adding an HMAC key to each hash state. */ +// An HMAC_STATE structure contains an opaque HMAC stack state. A caller would +// use this structure when performing incremental HMAC operations. This structure +// contains a hash state and an HMAC key and allows slightly better stack +// optimization than adding an HMAC key to each hash state. typedef struct hmacState { - HASH_STATE hashState; // the hash state - TPM2B_HASH_BLOCK hmacKey; // the HMAC key + HASH_STATE hashState; // the hash state + TPM2B_HASH_BLOCK hmacKey; // the HMAC key } HMAC_STATE, *PHMAC_STATE; -/* This is for the external hash state. This implementation assumes that the size of the exported - hash state is no larger than the internal hash state. */ + +// This is for the external hash state. This implementation assumes that the size +// of the exported hash state is no larger than the internal hash state. typedef struct { - BYTE buffer[sizeof(HASH_STATE)]; + BYTE buffer[sizeof(HASH_STATE)]; } EXPORT_HASH_STATE, *PEXPORT_HASH_STATE; -typedef const EXPORT_HASH_STATE *PCEXPORT_HASH_STATE; -#endif // _CRYPT_HASH_H +typedef const EXPORT_HASH_STATE* PCEXPORT_HASH_STATE; + +#endif // _CRYPT_HASH_H diff --git a/src/tpm2/crypto/CryptHash_fp.h b/src/tpm2/crypto/CryptHash_fp.h index 8c789278..2a7f33ea 100644 --- a/src/tpm2/crypto/CryptHash_fp.h +++ b/src/tpm2/crypto/CryptHash_fp.h @@ -89,10 +89,10 @@ CryptGetHashDef(TPM_ALG_ID hashAlg); // Return Type: BOOL // TRUE(1) hashAlg is a valid, implemented hash on this TPM // FALSE(0) hashAlg is not valid for this TPM -BOOL CryptHashIsValidAlg(TPM_ALG_ID hashAlg, // IN: the algorithm to check - BOOL isAlgNullValid // IN: TRUE if TPM_ALG_NULL is to be treated - // as a valid hash - ); +BOOL CryptHashIsValidAlg(TPM_ALG_ID hashAlg, // IN: the algorithm to check + BOOL isAlgNullValid // IN: TRUE if TPM_ALG_NULL is to be treated + // as a valid hash +); //*** CryptHashGetAlgByIndex() // This function is used to iterate through the hashes. TPM_ALG_NULL @@ -105,7 +105,7 @@ BOOL CryptHashIsValidAlg(TPM_ALG_ID hashAlg, // IN: the algorithm to chec // TPM_ALG_xxx a hash algorithm // TPM_ALG_NULL this can be used as a stop value LIB_EXPORT TPM_ALG_ID CryptHashGetAlgByIndex(UINT32 index // IN: the index - ); +); //*** CryptHashGetDigestSize() // Returns the size of the digest produced by the hash. If 'hashAlg' is not a hash @@ -115,8 +115,8 @@ LIB_EXPORT TPM_ALG_ID CryptHashGetAlgByIndex(UINT32 index // IN: the index // > 0 the digest size // LIB_EXPORT UINT16 CryptHashGetDigestSize( - TPM_ALG_ID hashAlg // IN: hash algorithm to look up - ); + TPM_ALG_ID hashAlg // IN: hash algorithm to look up +); //*** CryptHashGetBlockSize() // Returns the size of the block used by the hash. If 'hashAlg' is not a hash @@ -126,8 +126,8 @@ LIB_EXPORT UINT16 CryptHashGetDigestSize( // > 0 the digest size // LIB_EXPORT UINT16 CryptHashGetBlockSize( - TPM_ALG_ID hashAlg // IN: hash algorithm to look up - ); + TPM_ALG_ID hashAlg // IN: hash algorithm to look up +); //*** CryptHashGetOid() // This function returns a pointer to DER=encoded OID for a hash algorithm. All OIDs @@ -138,32 +138,32 @@ LIB_EXPORT const BYTE* CryptHashGetOid(TPM_ALG_ID hashAlg); // This function returns the hash algorithm associated with a hash context. TPM_ALG_ID CryptHashGetContextAlg(PHASH_STATE state // IN: the context to check - ); +); //*** CryptHashCopyState // This function is used to clone a HASH_STATE. LIB_EXPORT void CryptHashCopyState(HASH_STATE* out, // OUT: destination of the state - const HASH_STATE* in // IN: source of the state - ); + const HASH_STATE* in // IN: source of the state +); //*** CryptHashExportState() // This function is used to export a hash or HMAC hash state. This function // would be called when preparing to context save a sequence object. void CryptHashExportState( - PCHASH_STATE internalFmt, // IN: the hash state formatted for use by - // library - PEXPORT_HASH_STATE externalFmt // OUT: the exported hash state - ); + PCHASH_STATE internalFmt, // IN: the hash state formatted for use by + // library + PEXPORT_HASH_STATE externalFmt // OUT: the exported hash state +); //*** CryptHashImportState() // This function is used to import the hash state. This function // would be called to import a hash state when the context of a sequence object // was being loaded. void CryptHashImportState( - PHASH_STATE internalFmt, // OUT: the hash state formatted for use by - // the library - PCEXPORT_HASH_STATE externalFmt // IN: the exported hash state - ); + PHASH_STATE internalFmt, // OUT: the hash state formatted for use by + // the library + PCEXPORT_HASH_STATE externalFmt // IN: the exported hash state +); //*** CryptHashStart() // Functions starts a hash stack @@ -181,17 +181,17 @@ void CryptHashImportState( // 0 hash is TPM_ALG_NULL // >0 digest size LIB_EXPORT UINT16 CryptHashStart( - PHASH_STATE hashState, // OUT: the running hash state - TPM_ALG_ID hashAlg // IN: hash algorithm - ); + PHASH_STATE hashState, // OUT: the running hash state + TPM_ALG_ID hashAlg // IN: hash algorithm +); //*** CryptDigestUpdate() // Add data to a hash or HMAC, SMAC stack. // void CryptDigestUpdate(PHASH_STATE hashState, // IN: the hash context information - UINT32 dataSize, // IN: the size of data to be added - const BYTE* data // IN: data to be hashed - ); + UINT32 dataSize, // IN: the size of data to be added + const BYTE* data // IN: data to be hashed +); //*** CryptHashEnd() // Complete a hash or HMAC computation. This function will place the smaller of @@ -202,9 +202,9 @@ void CryptDigestUpdate(PHASH_STATE hashState, // IN: the hash context informati // 0 no data returned // > 0 the number of bytes in the digest or dOutSize, whichever is smaller LIB_EXPORT UINT16 CryptHashEnd(PHASH_STATE hashState, // IN: the state of hash stack - UINT32 dOutSize, // IN: size of digest buffer - BYTE* dOut // OUT: hash digest - ); + UINT32 dOutSize, // IN: size of digest buffer + BYTE* dOut // OUT: hash digest +); //*** CryptHashBlock() // Start a hash, hash a single block, update 'digest' and return the size of @@ -215,11 +215,11 @@ LIB_EXPORT UINT16 CryptHashEnd(PHASH_STATE hashState, // IN: the state of hash // Return Type: UINT16 // >= 0 number of bytes placed in 'dOut' LIB_EXPORT UINT16 CryptHashBlock(TPM_ALG_ID hashAlg, // IN: The hash algorithm - UINT32 dataSize, // IN: size of buffer to hash - const BYTE* data, // IN: the buffer to hash - UINT32 dOutSize, // IN: size of the digest buffer - BYTE* dOut // OUT: digest buffer - ); + UINT32 dataSize, // IN: size of buffer to hash + const BYTE* data, // IN: the buffer to hash + UINT32 dOutSize, // IN: size of the digest buffer + BYTE* dOut // OUT: digest buffer +); //*** CryptDigestUpdate2B() // This function updates a digest (hash or HMAC) with a TPM2B. @@ -227,8 +227,8 @@ LIB_EXPORT UINT16 CryptHashBlock(TPM_ALG_ID hashAlg, // IN: The hash algorith // This function can be used for both HMAC and hash functions so the // 'digestState' is void so that either state type can be passed. LIB_EXPORT void CryptDigestUpdate2B(PHASH_STATE state, // IN: the digest state - const TPM2B* bIn // IN: 2B containing the data - ); + const TPM2B* bIn // IN: 2B containing the data +); //*** CryptHashEnd2B() // This function is the same as CryptCompleteHash() but the digest is @@ -238,19 +238,19 @@ LIB_EXPORT void CryptDigestUpdate2B(PHASH_STATE state, // IN: the digest state // Return Type: UINT16 // >=0 the number of bytes placed in 'digest.buffer' LIB_EXPORT UINT16 CryptHashEnd2B( - PHASH_STATE state, // IN: the hash state - P2B digest // IN: the size of the buffer Out: requested - // number of bytes - ); + PHASH_STATE state, // IN: the hash state + P2B digest // IN: the size of the buffer Out: requested + // number of bytes +); //*** CryptDigestUpdateInt() // This function is used to include an integer value to a hash stack. The function // marshals the integer into its canonical form before calling CryptDigestUpdate(). LIB_EXPORT void CryptDigestUpdateInt( - void* state, // IN: the state of hash stack - UINT32 intSize, // IN: the size of 'intValue' in bytes - UINT64 intValue // IN: integer value to be hashed - ); + void* state, // IN: the state of hash stack + UINT32 intSize, // IN: the size of 'intValue' in bytes + UINT64 intValue // IN: integer value to be hashed +); //*** CryptHmacStart() // This function is used to start an HMAC using a temp @@ -263,10 +263,10 @@ LIB_EXPORT void CryptDigestUpdateInt( // >= 0 number of bytes in digest produced by 'hashAlg' (may be zero) // LIB_EXPORT UINT16 CryptHmacStart(PHMAC_STATE state, // IN/OUT: the state buffer - TPM_ALG_ID hashAlg, // IN: the algorithm to use - UINT16 keySize, // IN: the size of the HMAC key - const BYTE* key // IN: the HMAC key - ); + TPM_ALG_ID hashAlg, // IN: the algorithm to use + UINT16 keySize, // IN: the size of the HMAC key + const BYTE* key // IN: the HMAC key +); //*** CryptHmacEnd() // This function is called to complete an HMAC. It will finish the current @@ -276,9 +276,9 @@ LIB_EXPORT UINT16 CryptHmacStart(PHMAC_STATE state, // IN/OUT: the state buff // Return Type: UINT16 // >= 0 number of bytes in 'dOut' (may be zero) LIB_EXPORT UINT16 CryptHmacEnd(PHMAC_STATE state, // IN: the hash state buffer - UINT32 dOutSize, // IN: size of digest buffer - BYTE* dOut // OUT: hash digest - ); + UINT32 dOutSize, // IN: size of digest buffer + BYTE* dOut // OUT: hash digest +); //*** CryptHmacStart2B() // This function starts an HMAC and returns the size of the digest @@ -295,11 +295,11 @@ LIB_EXPORT UINT16 CryptHmacEnd(PHMAC_STATE state, // IN: the hash state buff // > 0 the digest size of the algorithm // = 0 the hashAlg was TPM_ALG_NULL LIB_EXPORT UINT16 CryptHmacStart2B( - PHMAC_STATE hmacState, // OUT: the state of HMAC stack. It will be used - // in HMAC update and completion - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - P2B key // IN: HMAC key - ); + PHMAC_STATE hmacState, // OUT: the state of HMAC stack. It will be used + // in HMAC update and completion + TPMI_ALG_HASH hashAlg, // IN: hash algorithm + P2B key // IN: HMAC key +); //*** CryptHmacEnd2B() // This function is the same as CryptHmacEnd() but the HMAC result @@ -307,9 +307,9 @@ LIB_EXPORT UINT16 CryptHmacStart2B( // Return Type: UINT16 // >=0 the number of bytes placed in 'digest' LIB_EXPORT UINT16 CryptHmacEnd2B( - PHMAC_STATE hmacState, // IN: the state of HMAC stack - P2B digest // OUT: HMAC - ); + PHMAC_STATE hmacState, // IN: the state of HMAC stack + P2B digest // OUT: HMAC +); //** Mask and Key Generation Functions //*** CryptMGF_KDF() @@ -325,12 +325,12 @@ LIB_EXPORT UINT16 CryptHmacEnd2B( // 0 hash algorithm was TPM_ALG_NULL // > 0 should be the same as 'mSize' LIB_EXPORT UINT16 CryptMGF_KDF(UINT32 mSize, // IN: length of the mask to be produced - BYTE* mask, // OUT: buffer to receive the mask - TPM_ALG_ID hashAlg, // IN: hash to use - UINT32 seedSize, // IN: size of the seed - BYTE* seed, // IN: seed size - UINT32 counter // IN: counter initial value - ); + BYTE* mask, // OUT: buffer to receive the mask + TPM_ALG_ID hashAlg, // IN: hash to use + UINT32 seedSize, // IN: size of the seed + BYTE* seed, // IN: seed size + UINT32 counter // IN: counter initial value +); //*** CryptKDFa() // This function performs the key generation according to Part 1 of the @@ -355,20 +355,20 @@ LIB_EXPORT UINT16 CryptMGF_KDF(UINT32 mSize, // IN: length of the mask to be pr // 0 hash algorithm is not supported or is TPM_ALG_NULL // > 0 the number of bytes in the 'keyStream' buffer LIB_EXPORT UINT16 CryptKDFa( - TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC - const TPM2B* key, // IN: HMAC key - const TPM2B* label, // IN: a label for the KDF - const TPM2B* contextU, // IN: context U - const TPM2B* contextV, // IN: context V - UINT32 sizeInBits, // IN: size of generated key in bits - BYTE* keyStream, // OUT: key buffer - UINT32* counterInOut, // IN/OUT: caller may provide the iteration - // counter for incremental operations to - // avoid large intermediate buffers. - UINT16 blocks // IN: If non-zero, this is the maximum number - // of blocks to be returned, regardless - // of sizeInBits - ); + TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC + const TPM2B* key, // IN: HMAC key + const TPM2B* label, // IN: a label for the KDF + const TPM2B* contextU, // IN: context U + const TPM2B* contextV, // IN: context V + UINT32 sizeInBits, // IN: size of generated key in bits + BYTE* keyStream, // OUT: key buffer + UINT32* counterInOut, // IN/OUT: caller may provide the iteration + // counter for incremental operations to + // avoid large intermediate buffers. + UINT16 blocks // IN: If non-zero, this is the maximum number + // of blocks to be returned, regardless + // of sizeInBits +); //*** CryptKDFe() // This function implements KDFe() as defined in TPM specification part 1. @@ -384,12 +384,12 @@ LIB_EXPORT UINT16 CryptKDFa( // > 0 the number of bytes in the 'keyStream' buffer // LIB_EXPORT UINT16 CryptKDFe(TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC - TPM2B* Z, // IN: Z - const TPM2B* label, // IN: a label value for the KDF - TPM2B* partyUInfo, // IN: PartyUInfo - TPM2B* partyVInfo, // IN: PartyVInfo - UINT32 sizeInBits, // IN: size of generated key in bits - BYTE* keyStream // OUT: key buffer - ); + TPM2B* Z, // IN: Z + const TPM2B* label, // IN: a label value for the KDF + TPM2B* partyUInfo, // IN: PartyUInfo + TPM2B* partyVInfo, // IN: PartyVInfo + UINT32 sizeInBits, // IN: size of generated key in bits + BYTE* keyStream // OUT: key buffer +); #endif // _CRYPT_HASH_FP_H_ diff --git a/src/tpm2/crypto/CryptPrimeSieve_fp.h b/src/tpm2/crypto/CryptPrimeSieve_fp.h index f3741cdb..1cfee9cc 100644 --- a/src/tpm2/crypto/CryptPrimeSieve_fp.h +++ b/src/tpm2/crypto/CryptPrimeSieve_fp.h @@ -76,8 +76,8 @@ // process to stop when an appropriate number of primes have been // sieved. LIB_EXPORT void RsaAdjustPrimeLimit(uint32_t requestedPrimes, - RAND_STATE* rand // libtpms added - ); + RAND_STATE* rand // libtpms added +); //*** RsaNextPrime() // This the iterator used during the sieve process. The input is the @@ -94,10 +94,10 @@ LIB_EXPORT uint32_t RsaNextPrime(uint32_t lastPrime); // <0 no bit is set or no bit with the requested number is set // >=0 the number of the bit in the array that is the nth set LIB_EXPORT int FindNthSetBit( - const UINT16 aSize, // IN: the size of the array to check - const BYTE* a, // IN: the array to check - const UINT32 n // IN, the number of the SET bit - ); + const UINT16 aSize, // IN: the size of the array to check + const BYTE* a, // IN: the array to check + const UINT32 n // IN, the number of the SET bit +); //*** PrimeSieve() // This function does a prime sieve over the input 'field' which has as its @@ -114,9 +114,9 @@ LIB_EXPORT int FindNthSetBit( // divides and then use smaller divides to get to the final 16 bit (or smaller) // remainders. LIB_EXPORT UINT32 PrimeSieve(Crypt_Int* bnN, // IN/OUT: number to sieve - UINT32 fieldSize, // IN: size of the field area in bytes - BYTE* field // IN: field - ); + UINT32 fieldSize, // IN: size of the field area in bytes + BYTE* field // IN: field +); # ifdef SIEVE_DEBUG //***SetFieldSize() @@ -139,10 +139,10 @@ LIB_EXPORT uint32_t SetFieldSize(uint32_t newFieldSize); // TPM_RC_NO_RESULT candidate is not prime and couldn't find and alternative // in the field LIB_EXPORT TPM_RC PrimeSelectWithSieve( - Crypt_Int* candidate, // IN/OUT: The candidate to filter - UINT32 e, // IN: the exponent - RAND_STATE* rand // IN: the random number generator state - ); + Crypt_Int* candidate, // IN/OUT: The candidate to filter + UINT32 e, // IN: the exponent + RAND_STATE* rand // IN: the random number generator state +); # if RSA_INSTRUMENT //*** PrintTuple() @@ -153,7 +153,7 @@ void RsaSimulationEnd(void); //*** GetSieveStats() LIB_EXPORT void GetSieveStats( - uint32_t* trials, uint32_t* emptyFields, uint32_t* averageBits); + uint32_t* trials, uint32_t* emptyFields, uint32_t* averageBits); # endif #endif // RSA_KEY_SIEVE #if !RSA_INSTRUMENT diff --git a/src/tpm2/crypto/CryptPrime_fp.h b/src/tpm2/crypto/CryptPrime_fp.h index c9a43bb1..a2e31781 100644 --- a/src/tpm2/crypto/CryptPrime_fp.h +++ b/src/tpm2/crypto/CryptPrime_fp.h @@ -75,9 +75,9 @@ BOOL IsPrimeInt(uint32_t n); // Will try to eliminate some of the obvious things before going on // to perform MillerRabin as a final verification of primeness. BOOL TpmMath_IsProbablyPrime(Crypt_Int* prime, // IN: - RAND_STATE* rand // IN: the random state just - // in case Miller-Rabin is required - ); + RAND_STATE* rand // IN: the random state just + // in case Miller-Rabin is required +); //*** MillerRabinRounds() // Function returns the number of Miller-Rabin rounds necessary to give an @@ -85,7 +85,7 @@ BOOL TpmMath_IsProbablyPrime(Crypt_Int* prime, // IN: // are from FIPS 186-3. UINT32 MillerRabinRounds(UINT32 bits // IN: Number of bits in the RSA prime - ); +); //*** MillerRabin() // This function performs a Miller-Rabin test from FIPS 186-3. It does @@ -117,12 +117,12 @@ RsaCheckPrime(Crypt_Int* prime, UINT32 exponent, RAND_STATE* rand); // for an RSA prime. TPM_RC TpmRsa_GeneratePrimeForRSA( - Crypt_Int* prime, // IN/OUT: points to the BN that will get the - // random value - UINT32 bits, // IN: number of bits to get - UINT32 exponent, // IN: the exponent - RAND_STATE* rand // IN: the random state - ); + Crypt_Int* prime, // IN/OUT: points to the BN that will get the + // random value + UINT32 bits, // IN: number of bits to get + UINT32 exponent, // IN: the exponent + RAND_STATE* rand // IN: the random state +); #endif // ALG_RSA #endif // _CRYPT_PRIME_FP_H_ diff --git a/src/tpm2/crypto/CryptRand.h b/src/tpm2/crypto/CryptRand.h index 578d964b..4be383f9 100644 --- a/src/tpm2/crypto/CryptRand.h +++ b/src/tpm2/crypto/CryptRand.h @@ -82,9 +82,9 @@ #define DRBG_IV_SIZE_BITS (AES_MAX_BLOCK_SIZE * 8) #define DRBG_ALGORITHM TPM_ALG_AES -#define DRBG_ENCRYPT_SETUP(key, keySizeInBits, schedule) \ +#define DRBG_ENCRYPT_SETUP(key, keySizeInBits, schedule) \ TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) -#define DRBG_ENCRYPT(keySchedule, in, out) \ +#define DRBG_ENCRYPT(keySchedule, in, out) \ TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)) #if((DRBG_KEY_SIZE_BITS % RADIX_BITS) != 0) || ((DRBG_IV_SIZE_BITS % RADIX_BITS) != 0) @@ -162,7 +162,7 @@ typedef struct DRBG_SEED seed; // contains the key and IV for the counter mode DRBG SEED_COMPAT_LEVEL seedCompatLevel; // libtpms added: the compatibility level for keeping backwards compatibility UINT32 lastValue[4]; // used when the TPM does continuous self-test - // for FIPS compliance of DRBG + // for FIPS compliance of DRBG } DRBG_STATE, *pDRBG_STATE; #define DRBG_MAGIC ((UINT32)0x47425244) // "DRBG" backwards so that it displays diff --git a/src/tpm2/crypto/CryptRand_fp.h b/src/tpm2/crypto/CryptRand_fp.h index e5dee5b6..04ae9a63 100644 --- a/src/tpm2/crypto/CryptRand_fp.h +++ b/src/tpm2/crypto/CryptRand_fp.h @@ -59,100 +59,159 @@ /* */ /********************************************************************************/ -#ifndef CRYPTRAND_FP_H -#define CRYPTRAND_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 4, 2020 Time: 02:36:44PM + */ + +#ifndef _CRYPT_RAND_FP_H_ +#define _CRYPT_RAND_FP_H_ + +//*** DRBG_GetEntropy() +// Even though this implementation never fails, it may get blocked +// indefinitely long in the call to get entropy from the platform +// (DRBG_GetEntropy32()). +// This function is only used during instantiation of the DRBG for +// manufacturing and on each start-up after an non-orderly shutdown. +// +// Return Type: BOOL +// TRUE(1) requested entropy returned +// FALSE(0) entropy Failure +BOOL DRBG_GetEntropy(UINT32 requiredEntropy, // IN: requested number of bytes of full + // entropy + BYTE* entropy // OUT: buffer to return collected entropy +); + +//*** IncrementIv() +// This function increments the IV value by 1. It is used by EncryptDRBG(). +void IncrementIv(DRBG_IV* iv); + +//*** DRBG_Reseed() +// This function is used when reseeding of the DRBG is required. If +// entropy is provided, it is used in lieu of using hardware entropy. +// Note: the provided entropy must be the required size. +// +// Return Type: BOOL +// TRUE(1) reseed succeeded +// FALSE(0) reseed failed, probably due to the entropy generation +BOOL DRBG_Reseed(DRBG_STATE* drbgState, // IN: the state to update + DRBG_SEED* providedEntropy, // IN: entropy + DRBG_SEED* additionalData // IN: +); + +//*** DRBG_SelfTest() +// This is run when the DRBG is instantiated and at startup. +// +// Return Type: BOOL +// TRUE(1) test OK +// FALSE(0) test failed +BOOL DRBG_SelfTest(void); + +//*** CryptRandomStir() +// This function is used to cause a reseed. A DRBG_SEED amount of entropy is +// collected from the hardware and then additional data is added. +// +// Return Type: TPM_RC +// TPM_RC_NO_RESULT failure of the entropy generator +LIB_EXPORT TPM_RC CryptRandomStir(UINT16 additionalDataSize, BYTE* additionalData); + +//*** CryptRandomGenerate() +// Generate a 'randomSize' number or random bytes. +LIB_EXPORT UINT16 CryptRandomGenerate(UINT16 randomSize, BYTE* buffer); + +//*** DRBG_InstantiateSeededKdf() +// This function is used to instantiate a KDF-based RNG. This is used for derivations. +// This function always returns TRUE. +LIB_EXPORT BOOL DRBG_InstantiateSeededKdf( + KDF_STATE* state, // OUT: buffer to hold the state + TPM_ALG_ID hashAlg, // IN: hash algorithm + TPM_ALG_ID kdf, // IN: the KDF to use + TPM2B* seed, // IN: the seed to use + const TPM2B* label, // IN: a label for the generation process. + TPM2B* context, // IN: the context value + UINT32 limit // IN: Maximum number of bits from the KDF +); + +//*** DRBG_AdditionalData() +// Function to reseed the DRBG with additional entropy. This is normally called +// before computing the protection value of a primary key in the Endorsement +// hierarchy. +LIB_EXPORT void DRBG_AdditionalData(DRBG_STATE* drbgState, // IN:OUT state to update + TPM2B* additionalData // IN: value to incorporate +); + +//*** DRBG_InstantiateSeeded() +// This function is used to instantiate a random number generator from seed values. +// The nominal use of this generator is to create sequences of pseudo-random +// numbers from a seed value. +// +// Return Type: TPM_RC +// TPM_RC_FAILURE DRBG self-test failure +LIB_EXPORT TPM_RC DRBG_InstantiateSeeded( + DRBG_STATE* drbgState, // IN/OUT: buffer to hold the state + const TPM2B* seed, // IN: the seed to use + const TPM2B* purpose, // IN: a label for the generation process. + const TPM2B* name, // IN: name of the object + const TPM2B* additional, // IN: additional data + SEED_COMPAT_LEVEL seedCompatLevel// IN: compatibility level (associated with seed); libtpms added +); + +//*** CryptRandStartup() +// This function is called when TPM_Startup is executed. This function always returns +// TRUE. +LIB_EXPORT BOOL CryptRandStartup(void); + +//**** CryptRandInit() +// This function is called when _TPM_Init is being processed. +// +// Return Type: BOOL +// TRUE(1) success +// FALSE(0) failure +LIB_EXPORT BOOL CryptRandInit(void); + +//*** DRBG_Generate() +// This function generates a random sequence according SP800-90A. +// If 'random' is not NULL, then 'randomSize' bytes of random values are generated. +// If 'random' is NULL or 'randomSize' is zero, then the function returns +// zero without generating any bits or updating the reseed counter. +// This function returns the number of bytes produced which could be less than the +// number requested if the request is too large ("too large" is implementation +// dependent.) +LIB_EXPORT UINT16 DRBG_Generate( + RAND_STATE* state, + BYTE* random, // OUT: buffer to receive the random values + UINT16 randomSize // IN: the number of bytes to generate +); -BOOL -DRBG_GetEntropy( - UINT32 requiredEntropy, // IN: requested number of bytes of full - // entropy - BYTE *entropy // OUT: buffer to return collected entropy - ); -void -IncrementIv( - DRBG_IV *iv - ); -BOOL -DRBG_Reseed( - DRBG_STATE *drbgState, // IN: the state to update - DRBG_SEED *providedEntropy, // IN: entropy - DRBG_SEED *additionalData // IN: - ); -BOOL -DRBG_SelfTest( - void - ); -LIB_EXPORT TPM_RC -CryptRandomStir( - UINT16 additionalDataSize, - BYTE *additionalData - ); -LIB_EXPORT UINT16 -CryptRandomGenerate( - UINT16 randomSize, - BYTE *buffer - ); -LIB_EXPORT BOOL -DRBG_InstantiateSeededKdf( - KDF_STATE *state, // IN: buffer to hold the state - TPM_ALG_ID hashAlg, // IN: hash algorithm - TPM_ALG_ID kdf, // IN: the KDF to use - TPM2B *seed, // IN: the seed to use - const TPM2B *label, // IN: a label for the generation process. - TPM2B *context, // IN: the context value - UINT32 limit // IN: Maximum number of bits from the KDF - ); -LIB_EXPORT void -DRBG_AdditionalData( - DRBG_STATE *drbgState, // IN:OUT state to update - TPM2B *additionalData // IN: value to incorporate - ); -LIB_EXPORT TPM_RC -DRBG_InstantiateSeeded( - DRBG_STATE *drbgState, // IN: buffer to hold the state - const TPM2B *seed, // IN: the seed to use - const TPM2B *purpose, // IN: a label for the generation process. - const TPM2B *name, // IN: name of the object - const TPM2B *additional, // IN: additional data - SEED_COMPAT_LEVEL seedCompatLevel// IN: compatibility level (associated with seed); libtpms added - ); -LIB_EXPORT BOOL -CryptRandStartup( - void - ); -LIB_EXPORT BOOL -CryptRandInit( - void - ); -LIB_EXPORT UINT16 -DRBG_Generate( - RAND_STATE *state, - BYTE *random, // OUT: buffer to receive the random values - UINT16 randomSize // IN: the number of bytes to generate - ); // libtpms added begin LIB_EXPORT SEED_COMPAT_LEVEL DRBG_GetSeedCompatLevel( RAND_STATE *state // IN ); // libtpms added end -LIB_EXPORT BOOL -DRBG_Instantiate( - DRBG_STATE *drbgState, // OUT: the instantiated value - UINT16 pSize, // IN: Size of personalization string - BYTE *personalization // IN: The personalization string - ); -LIB_EXPORT TPM_RC -DRBG_Uninstantiate( - DRBG_STATE *drbgState // IN/OUT: working state to erase - ); -LIB_EXPORT NUMBYTES -CryptRandMinMax( - BYTE *out, - UINT32 max, - UINT32 min, - RAND_STATE *rand - ); +//*** DRBG_Instantiate() +// This is CTR_DRBG_Instantiate_algorithm() from [SP 800-90A 10.2.1.3.1]. +// This is called when a the TPM DRBG is to be instantiated. This is +// called to instantiate a DRBG used by the TPM for normal +// operations. +// +// Return Type: BOOL +// TRUE(1) instantiation succeeded +// FALSE(0) instantiation failed +LIB_EXPORT BOOL DRBG_Instantiate( + DRBG_STATE* drbgState, // OUT: the instantiated value + UINT16 pSize, // IN: Size of personalization string + BYTE* personalization // IN: The personalization string +); -#endif +//*** DRBG_Uninstantiate() +// This is Uninstantiate_function() from [SP 800-90A 9.4]. +// +// Return Type: TPM_RC +// TPM_RC_VALUE not a valid state +LIB_EXPORT TPM_RC DRBG_Uninstantiate( + DRBG_STATE* drbgState // IN/OUT: working state to erase +); + +#endif // _CRYPT_RAND_FP_H_ diff --git a/src/tpm2/crypto/CryptRsa.c b/src/tpm2/crypto/CryptRsa.c deleted file mode 100644 index e69de29b..00000000 diff --git a/src/tpm2/crypto/CryptRsa.h b/src/tpm2/crypto/CryptRsa.h index e4d26824..53b5fdcc 100644 --- a/src/tpm2/crypto/CryptRsa.h +++ b/src/tpm2/crypto/CryptRsa.h @@ -68,14 +68,14 @@ // (MAX_RSA_KEY_BITS) of actual data. CRYPT_INT_TYPE(rsa, MAX_RSA_KEY_BITS); #define CRYPT_RSA_VAR(name) CRYPT_INT_VAR(name, MAX_RSA_KEY_BITS) -#define CRYPT_RSA_INITIALIZED(name, initializer) \ +#define CRYPT_RSA_INITIALIZED(name, initializer) \ CRYPT_INT_INITIALIZED(name, MAX_RSA_KEY_BITS, initializer) #define CRYPT_PRIME_VAR(name) CRYPT_INT_VAR(name, (MAX_RSA_KEY_BITS / 2)) // define ci_prime_t as buffer containing a CRYPT_INT object with space for // (MAX_RSA_KEY_BITS/2) of actual data. CRYPT_INT_TYPE(prime, (MAX_RSA_KEY_BITS / 2)); -#define CRYPT_PRIME_INITIALIZED(name, initializer) \ +#define CRYPT_PRIME_INITIALIZED(name, initializer) \ CRYPT_INT_INITIALIZED(name, MAX_RSA_KEY_BITS / 2, initializer) #if !CRT_FORMAT_RSA @@ -92,8 +92,8 @@ typedef struct privateExponent ci_prime_t entries[5]; } privateExponent; -#define NEW_PRIVATE_EXPONENT(X) \ - privateExponent _##X; \ +#define NEW_PRIVATE_EXPONENT(X) \ + privateExponent _##X; \ privateExponent* X = RsaInitializeExponent(&(_##X)) // libtpms added begin: keep old privateExponent diff --git a/src/tpm2/crypto/CryptRsa_fp.h b/src/tpm2/crypto/CryptRsa_fp.h index cf1565f4..e9f59c26 100644 --- a/src/tpm2/crypto/CryptRsa_fp.h +++ b/src/tpm2/crypto/CryptRsa_fp.h @@ -58,78 +58,159 @@ /* */ /********************************************************************************/ -#ifndef CRYPTRSA_FP_H -#define CRYPTRSA_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 03:18:00PM + */ -BOOL -CryptRsaInit( - void - ); -BOOL -CryptRsaStartup( - void - ); +#ifndef _CRYPT_RSA_FP_H_ +#define _CRYPT_RSA_FP_H_ + +#if ALG_RSA + +//*** CryptRsaInit() +// Function called at _TPM_Init(). +BOOL CryptRsaInit(void); + +//*** CryptRsaStartup() +// Function called at TPM2_Startup() +BOOL CryptRsaStartup(void); + +//*** CryptRsaPssSaltSize() +// This function computes the salt size used in PSS. It is broken out so that +// the X509 code can get the same value that is used by the encoding function in this +// module. INT16 -CryptRsaPssSaltSize( - INT16 hashSize, - INT16 outSize - ); -TPMT_RSA_DECRYPT* -CryptRsaSelectScheme( - TPMI_DH_OBJECT rsaHandle, // IN: handle of an RSA key - TPMT_RSA_DECRYPT *scheme // IN: a sign or decrypt scheme - ); +CryptRsaPssSaltSize(INT16 hashSize, INT16 outSize); + +//*** MakeDerTag() +// Construct the DER value that is used in RSASSA +// Return Type: INT16 +// > 0 size of value +// <= 0 no hash exists +INT16 +MakeDerTag(TPM_ALG_ID hashAlg, INT16 sizeOfBuffer, BYTE* buffer); + +//*** CryptRsaSelectScheme() +// This function is used by TPM2_RSA_Decrypt and TPM2_RSA_Encrypt. It sets up +// the rules to select a scheme between input and object default. +// This function assume the RSA object is loaded. +// If a default scheme is defined in object, the default scheme should be chosen, +// otherwise, the input scheme should be chosen. +// In the case that both the object and 'scheme' are not TPM_ALG_NULL, then +// if the schemes are the same, the input scheme will be chosen. +// if the scheme are not compatible, a NULL pointer will be returned. +// +// The return pointer may point to a TPM_ALG_NULL scheme. +TPMT_RSA_DECRYPT* CryptRsaSelectScheme( + TPMI_DH_OBJECT rsaHandle, // IN: handle of an RSA key + TPMT_RSA_DECRYPT* scheme // IN: a sign or decrypt scheme +); + +//*** CryptRsaLoadPrivateExponent() +// This function is called to generate the private exponent of an RSA key. +// Return Type: TPM_RC +// TPM_RC_BINDING public and private parts of 'rsaKey' are not matched TPM_RC -CryptRsaLoadPrivateExponent(TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - OBJECT *rsaKey // libtpms added - ); -LIB_EXPORT TPM_RC -CryptRsaEncrypt( - TPM2B_PUBLIC_KEY_RSA *cOut, // OUT: the encrypted data - TPM2B *dIn, // IN: the data to encrypt - OBJECT *key, // IN: the key used for encryption - TPMT_RSA_DECRYPT *scheme, // IN: the type of padding and hash - // if needed - const TPM2B *label, // IN: in case it is needed - RAND_STATE *rand // IN: random number generator - // state (mostly for testing) - ); -LIB_EXPORT TPM_RC -CryptRsaDecrypt( - TPM2B *dOut, // OUT: the decrypted data - TPM2B *cIn, // IN: the data to decrypt - OBJECT *key, // IN: the key to use for decryption - TPMT_RSA_DECRYPT *scheme, // IN: the padding scheme - const TPM2B *label // IN: in case it is needed for the scheme - ); -LIB_EXPORT TPM_RC -CryptRsaSign( - TPMT_SIGNATURE *sigOut, - OBJECT *key, // IN: key to use - TPM2B_DIGEST *hIn, // IN: the digest to sign - RAND_STATE *rand // IN: the random number generator - // to use (mostly for testing) - ); -LIB_EXPORT TPM_RC -CryptRsaValidateSignature( - TPMT_SIGNATURE *sig, // IN: signature - OBJECT *key, // IN: public modulus - TPM2B_DIGEST *digest // IN: The digest being validated - ); -LIB_EXPORT TPM_RC -CryptRsaGenerateKey( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - OBJECT *rsaKey, // libtpms added: IN/OUT: The object structure in which the key is created. - RAND_STATE *rand // IN: if not NULL, the deterministic - ); -INT16 -MakeDerTag( - TPM_ALG_ID hashAlg, - INT16 sizeOfBuffer, - BYTE *buffer - ); +CryptRsaLoadPrivateExponent(TPMT_PUBLIC* publicArea, TPMT_SENSITIVE* sensitive, + OBJECT *rsaKey // libtpms added +); +//*** CryptRsaEncrypt() +// This is the entry point for encryption using RSA. Encryption is +// use of the public exponent. The padding parameter determines what +// padding will be used. +// +// The 'cOutSize' parameter must be at least as large as the size of the key. +// +// If the padding is RSA_PAD_NONE, 'dIn' is treated as a number. It must be +// lower in value than the key modulus. +// NOTE: If dIn has fewer bytes than cOut, then we don't add low-order zeros to +// dIn to make it the size of the RSA key for the call to RSAEP. This is +// because the high order bytes of dIn might have a numeric value that is +// greater than the value of the key modulus. If this had low-order zeros +// added, it would have a numeric value larger than the modulus even though +// it started out with a lower numeric value. +// +// Return Type: TPM_RC +// TPM_RC_VALUE 'cOutSize' is too small (must be the size +// of the modulus) +// TPM_RC_SCHEME 'padType' is not a supported scheme +// +LIB_EXPORT TPM_RC CryptRsaEncrypt( + TPM2B_PUBLIC_KEY_RSA* cOut, // OUT: the encrypted data + TPM2B* dIn, // IN: the data to encrypt + OBJECT* key, // IN: the key used for encryption + TPMT_RSA_DECRYPT* scheme, // IN: the type of padding and hash + // if needed + const TPM2B* label, // IN: in case it is needed + RAND_STATE* rand // IN: random number generator + // state (mostly for testing) +); -#endif +//*** CryptRsaDecrypt() +// This is the entry point for decryption using RSA. Decryption is +// use of the private exponent. The 'padType' parameter determines what +// padding was used. +// +// Return Type: TPM_RC +// TPM_RC_SIZE 'cInSize' is not the same as the size of the public +// modulus of 'key'; or numeric value of the encrypted +// data is greater than the modulus +// TPM_RC_VALUE 'dOutSize' is not large enough for the result +// TPM_RC_SCHEME 'padType' is not supported +// +LIB_EXPORT TPM_RC CryptRsaDecrypt( + TPM2B* dOut, // OUT: the decrypted data + TPM2B* cIn, // IN: the data to decrypt + OBJECT* key, // IN: the key to use for decryption + TPMT_RSA_DECRYPT* scheme, // IN: the padding scheme + const TPM2B* label // IN: in case it is needed for the scheme +); + +//*** CryptRsaSign() +// This function is used to generate an RSA signature of the type indicated in +// 'scheme'. +// +// Return Type: TPM_RC +// TPM_RC_SCHEME 'scheme' or 'hashAlg' are not supported +// TPM_RC_VALUE 'hInSize' does not match 'hashAlg' (for RSASSA) +// +LIB_EXPORT TPM_RC CryptRsaSign(TPMT_SIGNATURE* sigOut, + OBJECT* key, // IN: key to use + TPM2B_DIGEST* hIn, // IN: the digest to sign + RAND_STATE* rand // IN: the random number generator + // to use (mostly for testing) +); + +//*** CryptRsaValidateSignature() +// This function is used to validate an RSA signature. If the signature is valid +// TPM_RC_SUCCESS is returned. If the signature is not valid, TPM_RC_SIGNATURE is +// returned. Other return codes indicate either parameter problems or fatal errors. +// +// Return Type: TPM_RC +// TPM_RC_SIGNATURE the signature does not check +// TPM_RC_SCHEME unsupported scheme or hash algorithm +// +LIB_EXPORT TPM_RC CryptRsaValidateSignature( + TPMT_SIGNATURE* sig, // IN: signature + OBJECT* key, // IN: public modulus + TPM2B_DIGEST* digest // IN: The digest being validated +); + +//*** CryptRsaGenerateKey() +// Generate an RSA key from a provided seed +// Return Type: TPM_RC +// TPM_RC_CANCELED operation was canceled +// TPM_RC_RANGE public exponent is not supported +// TPM_RC_VALUE could not find a prime using the provided parameters +LIB_EXPORT TPM_RC CryptRsaGenerateKey( + TPMT_PUBLIC* publicArea, + TPMT_SENSITIVE* sensitive, + OBJECT* rsaKey, // libtpms added: IN/OUT: The object structure in which the key is created. + RAND_STATE* rand // IN: if not NULL, the deterministic + // RNG state +); +#endif // ALG_RSA + +#endif // _CRYPT_RSA_FP_H_ diff --git a/src/tpm2/crypto/CryptSelfTest_fp.h b/src/tpm2/crypto/CryptSelfTest_fp.h index 8dd3822c..e91df04b 100644 --- a/src/tpm2/crypto/CryptSelfTest_fp.h +++ b/src/tpm2/crypto/CryptSelfTest_fp.h @@ -59,29 +59,69 @@ /* */ /********************************************************************************/ -#ifndef CRYPTSELFTEST_FP_H -#define CRYPTSELFTEST_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 4, 2020 Time: 02:36:44PM + */ +#ifndef _CRYPT_SELF_TEST_FP_H_ +#define _CRYPT_SELF_TEST_FP_H_ + +//*** CryptSelfTest() +// This function is called to start/complete a full self-test. +// If 'fullTest' is NO, then only the untested algorithms will be run. If +// 'fullTest' is YES, then 'g_untestedDecryptionAlgorithms' is reinitialized and then +// all tests are run. +// This implementation of the reference design does not support processing outside +// the framework of a TPM command. As a consequence, this command does not +// complete until all tests are done. Since this can take a long time, the TPM +// will check after each test to see if the command is canceled. If so, then the +// TPM will returned TPM_RC_CANCELLED. To continue with the self-tests, call +// TPM2_SelfTest(fullTest == No) and the TPM will complete the testing. +// Return Type: TPM_RC +// TPM_RC_CANCELED if the command is canceled LIB_EXPORT TPM_RC -CryptSelfTest( - TPMI_YES_NO fullTest // IN: if full test is required - ); +CryptSelfTest(TPMI_YES_NO fullTest // IN: if full test is required +); + +//*** CryptIncrementalSelfTest() +// This function is used to perform an incremental self-test. This implementation +// will perform the toTest values before returning. That is, it assumes that the +// TPM cannot perform background tasks between commands. +// +// This command may be canceled. If it is, then there is no return result. +// However, this command can be run again and the incremental progress will not +// be lost. +// Return Type: TPM_RC +// TPM_RC_CANCELED processing of this command was canceled +// TPM_RC_TESTING if toTest list is not empty +// TPM_RC_VALUE an algorithm in the toTest list is not implemented TPM_RC -CryptIncrementalSelfTest( - TPML_ALG *toTest, // IN: list of algorithms to be tested - TPML_ALG *toDoList // OUT: list of algorithms needing test - ); -void -CryptInitializeToTest( - void - ); +CryptIncrementalSelfTest(TPML_ALG* toTest, // IN: list of algorithms to be tested + TPML_ALG* toDoList // OUT: list of algorithms needing test +); + +//*** CryptInitializeToTest() +// This function will initialize the data structures for testing all the +// algorithms. This should not be called unless CryptAlgsSetImplemented() has +// been called +void CryptInitializeToTest(void); + +//*** CryptTestAlgorithm() +// Only point of contact with the actual self tests. If a self-test fails, there +// is no return and the TPM goes into failure mode. +// The call to TestAlgorithm uses an algorithm selector and a bit vector. When the +// test is run, the corresponding bit in 'toTest' and in 'g_toTest' is CLEAR. If +// 'toTest' is NULL, then only the bit in 'g_toTest' is CLEAR. +// There is a special case for the call to TestAlgorithm(). When 'alg' is +// ALG_ERROR, TestAlgorithm() will CLEAR any bit in 'toTest' for which it has +// no test. This allows the knowledge about which algorithms have test to be +// accessed through the interface that provides the test. +// Return Type: TPM_RC +// TPM_RC_CANCELED test was canceled LIB_EXPORT TPM_RC -CryptTestAlgorithm( - TPM_ALG_ID alg, - ALGORITHM_VECTOR *toTest - ); +CryptTestAlgorithm(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest); - -#endif +#endif // _CRYPT_SELF_TEST_FP_H_ diff --git a/src/tpm2/crypto/CryptSmac_fp.h b/src/tpm2/crypto/CryptSmac_fp.h index b93e8ac0..de5e0df9 100644 --- a/src/tpm2/crypto/CryptSmac_fp.h +++ b/src/tpm2/crypto/CryptSmac_fp.h @@ -59,40 +59,42 @@ /* */ /********************************************************************************/ -#ifndef CRYPTSMAC_FP_H -#define CRYPTSMAC_FP_H -#include "Tpm.h" +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:19PM + */ -UINT16 -CryptSmacStart( - HASH_STATE *state, - TPMU_PUBLIC_PARMS *keyParameters, - TPM_ALG_ID macAlg, - TPM2B *key - ); -UINT16 -CryptMacStart( - HMAC_STATE *state, - TPMU_PUBLIC_PARMS *keyParameters, - TPM_ALG_ID macAlg, - TPM2B *key - ); -UINT16 -CryptMacEnd( - HMAC_STATE *state, - UINT32 size, - BYTE *buffer - ); -UINT16 -CryptMacEnd( - HMAC_STATE *state, - UINT32 size, - BYTE *buffer - ); -UINT16 -CryptMacEnd2B ( - HMAC_STATE *state, - TPM2B *data - ); +#ifndef _CRYPT_SMAC_FP_H_ +#define _CRYPT_SMAC_FP_H_ -#endif +#if SMAC_IMPLEMENTED + +//*** CryptSmacStart() +// Function to start an SMAC. +UINT16 +CryptSmacStart(HASH_STATE* state, + TPMU_PUBLIC_PARMS* keyParameters, + TPM_ALG_ID macAlg, // IN: the type of MAC + TPM2B* key); + +//*** CryptMacStart() +// Function to start either an HMAC or an SMAC. Cannot reuse the CryptHmacStart +// function because of the difference in number of parameters. +UINT16 +CryptMacStart(HMAC_STATE* state, + TPMU_PUBLIC_PARMS* keyParameters, + TPM_ALG_ID macAlg, // IN: the type of MAC + TPM2B* key); + +//*** CryptMacEnd() +// Dispatch to the MAC end function using a size and buffer pointer. +UINT16 +CryptMacEnd(HMAC_STATE* state, UINT32 size, BYTE* buffer); + +//*** CryptMacEnd2B() +// Dispatch to the MAC end function using a 2B. +UINT16 +CryptMacEnd2B(HMAC_STATE* state, TPM2B* data); +#endif // SMAC_IMPLEMENTED + +#endif // _CRYPT_SMAC_FP_H_ diff --git a/src/tpm2/crypto/CryptSym.h b/src/tpm2/crypto/CryptSym.h index 8514a3da..bbc5e8fe 100644 --- a/src/tpm2/crypto/CryptSym.h +++ b/src/tpm2/crypto/CryptSym.h @@ -89,27 +89,26 @@ # define IF_IMPLEMENTED_TDES(op) #endif -#define FOR_EACH_SYM(op) \ - IF_IMPLEMENTED_AES(op) \ - IF_IMPLEMENTED_SM4(op) \ - IF_IMPLEMENTED_CAMELLIA(op) \ +#define FOR_EACH_SYM(op) \ + IF_IMPLEMENTED_AES(op) \ + IF_IMPLEMENTED_SM4(op) \ + IF_IMPLEMENTED_CAMELLIA(op) \ IF_IMPLEMENTED_TDES(op) /* libtpms added begin */ -#define FOR_EACH_SYM_WITHOUT_TDES(op) \ - IF_IMPLEMENTED_AES(op) \ - IF_IMPLEMENTED_SM4(op) \ +#define FOR_EACH_SYM_WITHOUT_TDES(op) \ + IF_IMPLEMENTED_AES(op) \ + IF_IMPLEMENTED_SM4(op) \ IF_IMPLEMENTED_CAMELLIA(op) /* libtpms added end */ // Macros for creating the key schedule union #define KEY_SCHEDULE(SYM, sym) tpmKeySchedule##SYM sym; -//#define TDES DES[3] /* libtpms commented */ typedef union tpmCryptKeySchedule_t { FOR_EACH_SYM_WITHOUT_TDES(KEY_SCHEDULE) /* libtpms changed from FOR_EACH_SYM */ -#if ALG_TDES // libtpms added +#if ALG_TDES // libtpms added tpmKeyScheduleTDES tdes[3]; /* libtpms added */ -#endif // libtpms added +#endif // libtpms added #if SYMMETRIC_ALIGNMENT == 8 uint64_t alignment; @@ -142,17 +141,17 @@ typedef union tpmCryptKeySchedule_t { // functions that use these macros. Those parameters are set by the macro that // set the key schedule to be used for the call. -#define ENCRYPT_CASE(ALG, alg) \ - case TPM_ALG_##ALG: \ - TpmCryptSetEncryptKey##ALG(key, keySizeInBits, &keySchedule.alg); \ - encrypt = (TpmCryptSetSymKeyCall_t)TpmCryptEncrypt##ALG; \ - final = (TpmCryptSymFinal_t)TpmCryptFinal##ALG; \ - break; // libtpms changed -#define DECRYPT_CASE(ALG, alg) \ - case TPM_ALG_##ALG: \ - TpmCryptSetDecryptKey##ALG(key, keySizeInBits, &keySchedule.alg); \ - decrypt = (TpmCryptSetSymKeyCall_t)TpmCryptDecrypt##ALG; \ - final = (TpmCryptSymFinal_t)TpmCryptFinal##ALG; \ - break; // libtpms changed +#define ENCRYPT_CASE(ALG, alg) \ + case TPM_ALG_##ALG: \ + TpmCryptSetEncryptKey##ALG(key, keySizeInBits, &keySchedule.alg); \ + encrypt = (TpmCryptSetSymKeyCall_t)TpmCryptEncrypt##ALG; \ + final = (TpmCryptSymFinal_t)TpmCryptFinal##ALG; \ + break; // libtpms changed +#define DECRYPT_CASE(ALG, alg) \ + case TPM_ALG_##ALG: \ + TpmCryptSetDecryptKey##ALG(key, keySizeInBits, &keySchedule.alg); \ + decrypt = (TpmCryptSetSymKeyCall_t)TpmCryptDecrypt##ALG; \ + final = (TpmCryptSymFinal_t)TpmCryptFinal##ALG; \ + break; // libtpms changed #endif // CRYPT_SYM_H diff --git a/src/tpm2/crypto/CryptSym_fp.h b/src/tpm2/crypto/CryptSym_fp.h index e78215f1..fef3dd15 100644 --- a/src/tpm2/crypto/CryptSym_fp.h +++ b/src/tpm2/crypto/CryptSym_fp.h @@ -59,53 +59,83 @@ /* */ /********************************************************************************/ -#ifndef CRYPTSYM_FP_H -#define CRYPTSYM_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Apr 2, 2019 Time: 03:18:00PM + */ -BOOL -CryptSymInit( - void - ); -BOOL -CryptSymStartup( - void - ); -LIB_EXPORT INT16 -CryptGetSymmetricBlockSize( - TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm - UINT16 keySizeInBits // IN: the key size - ); -LIB_EXPORT TPM_RC -CryptSymmetricEncrypt( - BYTE *dOut, // OUT: - TPM_ALG_ID algorithm, // IN: the symmetric algorithm - UINT16 keySizeInBits, // IN: key size in bits - const BYTE *key, // IN: key buffer. The size of this buffer - // in bytes is (keySizeInBits + 7) / 8 - TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. - TPM_ALG_ID mode, // IN: Mode to use - INT32 dSize, // IN: data size (may need to be a - // multiple of the blockSize) - const BYTE *dIn // IN: data buffer - ); -LIB_EXPORT TPM_RC -CryptSymmetricDecrypt( - BYTE *dOut, // OUT: decrypted data - TPM_ALG_ID algorithm, // IN: the symmetric algorithm - UINT16 keySizeInBits, // IN: key size in bits - const BYTE *key, // IN: key buffer. The size of this buffer - // in bytes is (keySizeInBits + 7) / 8 - TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. - TPM_ALG_ID mode, // IN: Mode to use - INT32 dSize, // IN: data size (may need to be a - // multiple of the blockSize) - const BYTE *dIn // IN: data buffer - ); +#ifndef _CRYPT_SYM_FP_H_ +#define _CRYPT_SYM_FP_H_ + +//** Initialization and Data Access Functions +// +//*** CryptSymInit() +// This function is called to do _TPM_Init processing +BOOL CryptSymInit(void); + +//*** CryptSymStartup() +// This function is called to do TPM2_Startup() processing +BOOL CryptSymStartup(void); + +//*** CryptGetSymmetricBlockSize() +// This function returns the block size of the algorithm. The table of bit sizes has +// an entry for each allowed key size. The entry for a key size is 0 if the TPM does +// not implement that key size. The key size table is delimited with a negative number +// (-1). After the delimiter is a list of block sizes with each entry corresponding +// to the key bit size. For most symmetric algorithms, the block size is the same +// regardless of the key size but this arrangement allows them to be different. +// Return Type: INT16 +// <= 0 cipher not supported +// > 0 the cipher block size in bytes +LIB_EXPORT INT16 CryptGetSymmetricBlockSize( + TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm + UINT16 keySizeInBits // IN: the key size +); + +//** Symmetric Encryption +// This function performs symmetric encryption based on the mode. +// Return Type: TPM_RC +// TPM_RC_SIZE 'dSize' is not a multiple of the block size for an +// algorithm that requires it +// TPM_RC_FAILURE Fatal error +LIB_EXPORT TPM_RC CryptSymmetricEncrypt( + BYTE* dOut, // OUT: + TPM_ALG_ID algorithm, // IN: the symmetric algorithm + UINT16 keySizeInBits, // IN: key size in bits + const BYTE* key, // IN: key buffer. The size of this buffer + // in bytes is (keySizeInBits + 7) / 8 + TPM2B_IV* ivInOut, // IN/OUT: IV for decryption. + TPM_ALG_ID mode, // IN: Mode to use + INT32 dSize, // IN: data size (may need to be a + // multiple of the blockSize) + const BYTE* dIn // IN: data buffer +); + +//*** CryptSymmetricDecrypt() +// This function performs symmetric decryption based on the mode. +// Return Type: TPM_RC +// TPM_RC_FAILURE A fatal error +// TPM_RCS_SIZE 'dSize' is not a multiple of the block size for an +// algorithm that requires it +LIB_EXPORT TPM_RC CryptSymmetricDecrypt( + BYTE* dOut, // OUT: decrypted data + TPM_ALG_ID algorithm, // IN: the symmetric algorithm + UINT16 keySizeInBits, // IN: key size in bits + const BYTE* key, // IN: key buffer. The size of this buffer + // in bytes is (keySizeInBits + 7) / 8 + TPM2B_IV* ivInOut, // IN/OUT: IV for decryption. + TPM_ALG_ID mode, // IN: Mode to use + INT32 dSize, // IN: data size (may need to be a + // multiple of the blockSize) + const BYTE* dIn // IN: data buffer +); + +//*** CryptSymKeyValidate() +// Validate that a provided symmetric key meets the requirements of the TPM +// Return Type: TPM_RC +// TPM_RC_KEY_SIZE Key size specifiers do not match +// TPM_RC_KEY Key is not allowed TPM_RC -CryptSymKeyValidate( - TPMT_SYM_DEF_OBJECT *symDef, - TPM2B_SYM_KEY *key - ); +CryptSymKeyValidate(TPMT_SYM_DEF_OBJECT* symDef, TPM2B_SYM_KEY* key); - -#endif +#endif // _CRYPT_SYM_FP_H_ diff --git a/src/tpm2/crypto/CryptUtil_fp.h b/src/tpm2/crypto/CryptUtil_fp.h index 50bd2b1a..24063b81 100644 --- a/src/tpm2/crypto/CryptUtil_fp.h +++ b/src/tpm2/crypto/CryptUtil_fp.h @@ -58,175 +58,379 @@ /* */ /********************************************************************************/ -#ifndef CRYPTUTIL_FP_H -#define CRYPTUTIL_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Aug 30, 2019 Time: 02:11:54PM + */ -BOOL -CryptIsSchemeAnonymous( - TPM_ALG_ID scheme // IN: the scheme algorithm to test - ); -void -ParmDecryptSym( - TPM_ALG_ID symAlg, // IN: the symmetric algorithm - TPM_ALG_ID hash, // IN: hash algorithm for KDFa - UINT16 keySizeInBits, // IN: the key size in bits - TPM2B *key, // IN: KDF HMAC key - TPM2B *nonceCaller, // IN: nonce caller - TPM2B *nonceTpm, // IN: nonce TPM - UINT32 dataSize, // IN: size of parameter buffer - BYTE *data // OUT: buffer to be decrypted - ); -void -ParmEncryptSym( - TPM_ALG_ID symAlg, // IN: symmetric algorithm - TPM_ALG_ID hash, // IN: hash algorithm for KDFa - UINT16 keySizeInBits, // IN: AES key size in bits - TPM2B *key, // IN: KDF HMAC key - TPM2B *nonceCaller, // IN: nonce caller - TPM2B *nonceTpm, // IN: nonce TPM - UINT32 dataSize, // IN: size of parameter buffer - BYTE *data // OUT: buffer to be encrypted - ); -void -CryptXORObfuscation( - TPM_ALG_ID hash, // IN: hash algorithm for KDF - TPM2B *key, // IN: KDF key - TPM2B *contextU, // IN: contextU - TPM2B *contextV, // IN: contextV - UINT32 dataSize, // IN: size of data buffer - BYTE *data // IN/OUT: data to be XORed in place - ); -BOOL -CryptInit( - void - ); -BOOL -CryptStartup( - STARTUP_TYPE type // IN: the startup type - ); -BOOL -CryptIsAsymAlgorithm( - TPM_ALG_ID algID // IN: algorithm ID - ); +#ifndef _CRYPT_UTIL_FP_H_ +#define _CRYPT_UTIL_FP_H_ + +//*** CryptIsSchemeAnonymous() +// This function is used to test a scheme to see if it is an anonymous scheme +// The only anonymous scheme is ECDAA. ECDAA can be used to do things +// like U-Prove. +BOOL CryptIsSchemeAnonymous(TPM_ALG_ID scheme // IN: the scheme algorithm to test +); + +//*** ParmDecryptSym() +// This function performs parameter decryption using symmetric block cipher. +void ParmDecryptSym(TPM_ALG_ID symAlg, // IN: the symmetric algorithm + TPM_ALG_ID hash, // IN: hash algorithm for KDFa + UINT16 keySizeInBits, // IN: the key size in bits + TPM2B* key, // IN: KDF HMAC key + TPM2B* nonceCaller, // IN: nonce caller + TPM2B* nonceTpm, // IN: nonce TPM + UINT32 dataSize, // IN: size of parameter buffer + BYTE* data // OUT: buffer to be decrypted +); + +//*** ParmEncryptSym() +// This function performs parameter encryption using symmetric block cipher. +void ParmEncryptSym(TPM_ALG_ID symAlg, // IN: symmetric algorithm + TPM_ALG_ID hash, // IN: hash algorithm for KDFa + UINT16 keySizeInBits, // IN: symmetric key size in bits + TPM2B* key, // IN: KDF HMAC key + TPM2B* nonceCaller, // IN: nonce caller + TPM2B* nonceTpm, // IN: nonce TPM + UINT32 dataSize, // IN: size of parameter buffer + BYTE* data // OUT: buffer to be encrypted +); + +//*** CryptXORObfuscation() +// This function implements XOR obfuscation. It should not be called if the +// hash algorithm is not implemented. The only return value from this function +// is TPM_RC_SUCCESS. +void CryptXORObfuscation(TPM_ALG_ID hash, // IN: hash algorithm for KDF + TPM2B* key, // IN: KDF key + TPM2B* contextU, // IN: contextU + TPM2B* contextV, // IN: contextV + UINT32 dataSize, // IN: size of data buffer + BYTE* data // IN/OUT: data to be XORed in place +); + +//*** CryptInit() +// This function is called when the TPM receives a _TPM_Init indication. +// +// NOTE: The hash algorithms do not have to be tested, they just need to be +// available. They have to be tested before the TPM can accept HMAC authorization +// or return any result that relies on a hash algorithm. +// Return Type: BOOL +// TRUE(1) initializations succeeded +// FALSE(0) initialization failed and caller should place the TPM into +// Failure Mode +BOOL CryptInit(void); + +//*** CryptStartup() +// This function is called by TPM2_Startup() to initialize the functions in +// this cryptographic library and in the provided CryptoLibrary. This function +// and CryptUtilInit() are both provided so that the implementation may move the +// initialization around to get the best interaction. +// Return Type: BOOL +// TRUE(1) startup succeeded +// FALSE(0) startup failed and caller should place the TPM into +// Failure Mode +BOOL CryptStartup(STARTUP_TYPE type // IN: the startup type +); + +//**************************************************************************** +//** Algorithm-Independent Functions +//**************************************************************************** +//*** Introduction +// These functions are used generically when a function of a general type +// (e.g., symmetric encryption) is required. The functions will modify the +// parameters as required to interface to the indicated algorithms. +// +//*** CryptIsAsymAlgorithm() +// This function indicates if an algorithm is an asymmetric algorithm. +// Return Type: BOOL +// TRUE(1) if it is an asymmetric algorithm +// FALSE(0) if it is not an asymmetric algorithm +BOOL CryptIsAsymAlgorithm(TPM_ALG_ID algID // IN: algorithm ID +); + +//*** CryptSecretEncrypt() +// This function creates a secret value and its associated secret structure using +// an asymmetric algorithm. +// +// This function is used by TPM2_Rewrap() TPM2_MakeCredential(), +// and TPM2_Duplicate(). +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES 'keyHandle' does not reference a valid decryption key +// TPM_RC_KEY invalid ECC key (public point is not on the curve) +// TPM_RC_SCHEME RSA key with an unsupported padding scheme +// TPM_RC_VALUE numeric value of the data to be decrypted is greater +// than the RSA key modulus TPM_RC -CryptSecretEncrypt( - OBJECT *encryptKey, // IN: encryption key object - const TPM2B *label, // IN: a null-terminated string as L - TPM2B_DATA *data, // OUT: secret value - TPM2B_ENCRYPTED_SECRET *secret // OUT: secret structure - ); +CryptSecretEncrypt(OBJECT* encryptKey, // IN: encryption key object + const TPM2B* label, // IN: a null-terminated string as L + TPM2B_DATA* data, // OUT: secret value + TPM2B_ENCRYPTED_SECRET* secret // OUT: secret structure +); + +//*** CryptSecretDecrypt() +// Decrypt a secret value by asymmetric (or symmetric) algorithm +// This function is used for ActivateCredential and Import for asymmetric +// decryption, and StartAuthSession for both asymmetric and symmetric +// decryption process +// +// Return Type: TPM_RC +// TPM_RC_ATTRIBUTES RSA key is not a decryption key +// TPM_RC_BINDING Invalid RSA key (public and private parts are not +// cryptographically bound. +// TPM_RC_ECC_POINT ECC point in the secret is not on the curve +// TPM_RC_INSUFFICIENT failed to retrieve ECC point from the secret +// TPM_RC_NO_RESULT multiplication resulted in ECC point at infinity +// TPM_RC_SIZE data to decrypt is not of the same size as RSA key +// TPM_RC_VALUE For RSA key, numeric value of the encrypted data is +// greater than the modulus, or the recovered data is +// larger than the output buffer. +// For keyedHash or symmetric key, the secret is +// larger than the size of the digest produced by +// the name algorithm. +// TPM_RC_FAILURE internal error TPM_RC -CryptSecretDecrypt( - OBJECT *decryptKey, // IN: decrypt key - TPM2B_NONCE *nonceCaller, // IN: nonceCaller. It is needed for - // symmetric decryption. For - // asymmetric decryption, this - // parameter is NULL - const TPM2B *label, // IN: a value for L - TPM2B_ENCRYPTED_SECRET *secret, // IN: input secret - TPM2B_DATA *data // OUT: decrypted secret value - ); -void -CryptParameterEncryption( - TPM_HANDLE handle, // IN: encrypt session handle - TPM2B *nonceCaller, // IN: nonce caller - INT32 bufferSize, // IN: size of parameter buffer - UINT16 leadingSizeInByte, // IN: the size of the leading size field in - // bytes - TPM2B_AUTH *extraKey, // IN: additional key material other than - // sessionAuth - BYTE *buffer // IN/OUT: parameter buffer to be encrypted - ); +CryptSecretDecrypt(OBJECT* decryptKey, // IN: decrypt key + TPM2B_NONCE* nonceCaller, // IN: nonceCaller. It is needed for + // symmetric decryption. For + // asymmetric decryption, this + // parameter is NULL + const TPM2B* label, // IN: a value for L + TPM2B_ENCRYPTED_SECRET* secret, // IN: input secret + TPM2B_DATA* data // OUT: decrypted secret value +); + +//*** CryptParameterEncryption() +// This function does in-place encryption of a response parameter. +void CryptParameterEncryption( + TPM_HANDLE handle, // IN: encrypt session handle + TPM2B* nonceCaller, // IN: nonce caller + INT32 bufferSize, // IN: size of parameter buffer + UINT16 leadingSizeInByte, // IN: the size of the leading size field in + // bytes + TPM2B_AUTH* extraKey, // IN: additional key material other than + // sessionAuth + BYTE* buffer // IN/OUT: parameter buffer to be encrypted +); + +//*** CryptParameterDecryption() +// This function does in-place decryption of a command parameter. +// Return Type: TPM_RC +// TPM_RC_SIZE The number of bytes in the input buffer is less than +// the number of bytes to be decrypted. TPM_RC CryptParameterDecryption( - TPM_HANDLE handle, // IN: encrypted session handle - TPM2B *nonceCaller, // IN: nonce caller - INT32 bufferSize, // IN: size of parameter buffer - UINT16 leadingSizeInByte, // IN: the size of the leading size field in - // byte - TPM2B_AUTH *extraKey, // IN: the authValue - BYTE *buffer // IN/OUT: parameter buffer to be decrypted - ); -void -CryptComputeSymmetricUnique( - TPMT_PUBLIC *publicArea, // IN: the object's public area - TPMT_SENSITIVE *sensitive, // IN: the associated sensitive area - TPM2B_DIGEST *unique // OUT: unique buffer - ); -TPM_RC -CryptCreateObject( - OBJECT *object, // IN: new object structure pointer - TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation - RAND_STATE *rand // IN: the random number generator - // to use - ); -TPMI_ALG_HASH -CryptGetSignHashAlg( - TPMT_SIGNATURE *auth // IN: signature - ); -BOOL -CryptIsSplitSign( - TPM_ALG_ID scheme // IN: the algorithm selector - ); -BOOL -CryptIsAsymSignScheme( - TPMI_ALG_PUBLIC publicType, // IN: Type of the object - TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme - ); -BOOL -CryptIsAsymDecryptScheme( - TPMI_ALG_PUBLIC publicType, // IN: Type of the object - TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme - ); -BOOL -CryptSelectSignScheme( - OBJECT *signObject, // IN: signing key - TPMT_SIG_SCHEME *scheme // IN/OUT: signing scheme - ); -TPM_RC -CryptSign( - OBJECT *signKey, // IN: signing key - TPMT_SIG_SCHEME *signScheme, // IN: sign scheme. - TPM2B_DIGEST *digest, // IN: The digest being signed - TPMT_SIGNATURE *signature // OUT: signature - ); -TPM_RC -CryptValidateSignature( - TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key - TPM2B_DIGEST *digest, // IN: The digest being validated - TPMT_SIGNATURE *signature // IN: signature - ); -TPM_RC -CryptGetTestResult( - TPM2B_MAX_BUFFER *outData // OUT: test result data - ); -TPM_RC -CryptValidateKeys( - TPMT_PUBLIC *publicArea, - TPMT_SENSITIVE *sensitive, - TPM_RC blamePublic, - TPM_RC blameSensitive - ); -TPM_RC -CryptSelectMac( - TPMT_PUBLIC *publicArea, - TPMI_ALG_MAC_SCHEME *inMac - ); -BOOL -CryptMacIsValidForKey( - TPM_ALG_ID keyType, - TPM_ALG_ID macAlg, - BOOL flag - ); -BOOL -CryptSmacIsValidAlg( - TPM_ALG_ID alg, - BOOL FLAG // IN: Indicates if TPM_ALG_NULL is valid - ); -BOOL -CryptSymModeIsValid( - TPM_ALG_ID mode, - BOOL flag - ); + TPM_HANDLE handle, // IN: encrypted session handle + TPM2B* nonceCaller, // IN: nonce caller + INT32 bufferSize, // IN: size of parameter buffer + UINT16 leadingSizeInByte, // IN: the size of the leading size field in + // byte + TPM2B_AUTH* extraKey, // IN: the authValue + BYTE* buffer // IN/OUT: parameter buffer to be decrypted +); -#endif +//*** CryptComputeSymmetricUnique() +// This function computes the unique field in public area for symmetric objects. +void CryptComputeSymmetricUnique( + TPMT_PUBLIC* publicArea, // IN: the object's public area + TPMT_SENSITIVE* sensitive, // IN: the associated sensitive area + TPM2B_DIGEST* unique // OUT: unique buffer +); + +//*** CryptCreateObject() +// This function creates an object. +// For an asymmetric key, it will create a key pair and, for a parent key, a seed +// value for child protections. +// +// For an symmetric object, (TPM_ALG_SYMCIPHER or TPM_ALG_KEYEDHASH), it will +// create a secret key if the caller did not provide one. It will create a random +// secret seed value that is hashed with the secret value to create the public +// unique value. +// +// 'publicArea', 'sensitive', and 'sensitiveCreate' are the only required parameters +// and are the only ones that are used by TPM2_Create(). The other parameters +// are optional and are used when the generated Object needs to be deterministic. +// This is the case for both Primary Objects and Derived Objects. +// +// When a seed value is provided, a RAND_STATE will be populated and used for +// all operations in the object generation that require a random number. In the +// simplest case, TPM2_CreatePrimary() will use 'seed', 'label' and 'context' with +// context being the hash of the template. If the Primary Object is in +// the Endorsement hierarchy, it will also populate 'proof' with ehProof. +// +// For derived keys, 'seed' will be the secret value from the parent, 'label' and +// 'context' will be set according to the parameters of TPM2_CreateLoaded() and +// 'hashAlg' will be set which causes the RAND_STATE to be a KDF generator. +// +// Return Type: TPM_RC +// TPM_RC_KEY a provided key is not an allowed value +// TPM_RC_KEY_SIZE key size in the public area does not match the size +// in the sensitive creation area for a symmetric key +// TPM_RC_NO_RESULT unable to get random values (only in derivation) +// TPM_RC_RANGE for an RSA key, the exponent is not supported +// TPM_RC_SIZE sensitive data size is larger than allowed for the +// scheme for a keyed hash object +// TPM_RC_VALUE exponent is not prime or could not find a prime using +// the provided parameters for an RSA key; +// unsupported name algorithm for an ECC key +TPM_RC +CryptCreateObject(OBJECT* object, // IN: new object structure pointer + TPMS_SENSITIVE_CREATE* sensitiveCreate, // IN: sensitive creation + RAND_STATE* rand // IN: the random number generator + // to use +); + +//*** CryptGetSignHashAlg() +// Get the hash algorithm of signature from a TPMT_SIGNATURE structure. +// It assumes the signature is not NULL +// This is a function for easy access +TPMI_ALG_HASH +CryptGetSignHashAlg(TPMT_SIGNATURE* auth // IN: signature +); + +//*** CryptIsSplitSign() +// This function us used to determine if the signing operation is a split +// signing operation that required a TPM2_Commit(). +// +BOOL CryptIsSplitSign(TPM_ALG_ID scheme // IN: the algorithm selector +); + +//*** CryptIsAsymSignScheme() +// This function indicates if a scheme algorithm is a sign algorithm. +BOOL CryptIsAsymSignScheme(TPMI_ALG_PUBLIC publicType, // IN: Type of the object + TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme +); + +//*** CryptIsAsymDecryptScheme() +// This function indicate if a scheme algorithm is a decrypt algorithm. +BOOL CryptIsAsymDecryptScheme(TPMI_ALG_PUBLIC publicType, // IN: Type of the object + TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme +); + +//*** CryptSelectSignScheme() +// This function is used by the attestation and signing commands. It implements +// the rules for selecting the signature scheme to use in signing. This function +// requires that the signing key either be TPM_RH_NULL or be loaded. +// +// If a default scheme is defined in object, the default scheme should be chosen, +// otherwise, the input scheme should be chosen. +// In the case that both object and input scheme has a non-NULL scheme +// algorithm, if the schemes are compatible, the input scheme will be chosen. +// +// This function should not be called if 'signObject->publicArea.type' == +// ALG_SYMCIPHER. +// +// Return Type: BOOL +// TRUE(1) scheme selected +// FALSE(0) both 'scheme' and key's default scheme are empty; or +// 'scheme' is empty while key's default scheme requires +// explicit input scheme (split signing); or +// non-empty default key scheme differs from 'scheme' +BOOL CryptSelectSignScheme(OBJECT* signObject, // IN: signing key + TPMT_SIG_SCHEME* scheme // IN/OUT: signing scheme +); + +//*** CryptSign() +// Sign a digest with asymmetric key or HMAC. +// This function is called by attestation commands and the generic TPM2_Sign +// command. +// This function checks the key scheme and digest size. It does not +// check if the sign operation is allowed for restricted key. It should be +// checked before the function is called. +// The function will assert if the key is not a signing key. +// +// Return Type: TPM_RC +// TPM_RC_SCHEME 'signScheme' is not compatible with the signing key type +// TPM_RC_VALUE 'digest' value is greater than the modulus of +// 'signHandle' or size of 'hashData' does not match hash +// algorithm in'signScheme' (for an RSA key); +// invalid commit status or failed to generate "r" value +// (for an ECC key) +TPM_RC +CryptSign(OBJECT* signKey, // IN: signing key + TPMT_SIG_SCHEME* signScheme, // IN: sign scheme. + TPM2B_DIGEST* digest, // IN: The digest being signed + TPMT_SIGNATURE* signature // OUT: signature +); + +//*** CryptValidateSignature() +// This function is used to verify a signature. It is called by +// TPM2_VerifySignature() and TPM2_PolicySigned. +// +// Since this operation only requires use of a public key, no consistency +// checks are necessary for the key to signature type because a caller can load +// any public key that they like with any scheme that they like. This routine +// simply makes sure that the signature is correct, whatever the type. +// +// Return Type: TPM_RC +// TPM_RC_SIGNATURE the signature is not genuine +// TPM_RC_SCHEME the scheme is not supported +// TPM_RC_HANDLE an HMAC key was selected but the +// private part of the key is not loaded +TPM_RC +CryptValidateSignature(TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key + TPM2B_DIGEST* digest, // IN: The digest being validated + TPMT_SIGNATURE* signature // IN: signature +); + +//*** CryptGetTestResult +// This function returns the results of a self-test function. +// Note: the behavior in this function is NOT the correct behavior for a real +// TPM implementation. An artificial behavior is placed here due to the +// limitation of a software simulation environment. For the correct behavior, +// consult the part 3 specification for TPM2_GetTestResult(). +TPM_RC +CryptGetTestResult(TPM2B_MAX_BUFFER* outData // OUT: test result data +); + +//*** CryptValidateKeys() +// This function is used to verify that the key material of and object is valid. +// For a 'publicOnly' object, the key is verified for size and, if it is an ECC +// key, it is verified to be on the specified curve. For a key with a sensitive +// area, the binding between the public and private parts of the key are verified. +// If the nameAlg of the key is TPM_ALG_NULL, then the size of the sensitive area +// is verified but the public portion is not verified, unless the key is an RSA key. +// For an RSA key, the reason for loading the sensitive area is to use it. The +// only way to use a private RSA key is to compute the private exponent. To compute +// the private exponent, the public modulus is used. +// Return Type: TPM_RC +// TPM_RC_BINDING the public and private parts are not cryptographically +// bound +// TPM_RC_HASH cannot have a publicOnly key with nameAlg of TPM_ALG_NULL +// TPM_RC_KEY the public unique is not valid +// TPM_RC_KEY_SIZE the private area key is not valid +// TPM_RC_TYPE the types of the sensitive and private parts do not match +TPM_RC +CryptValidateKeys(TPMT_PUBLIC* publicArea, + TPMT_SENSITIVE* sensitive, + TPM_RC blamePublic, + TPM_RC blameSensitive); + +//*** CryptSelectMac() +// This function is used to set the MAC scheme based on the key parameters and +// the input scheme. +// Return Type: TPM_RC +// TPM_RC_SCHEME the scheme is not a valid mac scheme +// TPM_RC_TYPE the input key is not a type that supports a mac +// TPM_RC_VALUE the input scheme and the key scheme are not compatible +TPM_RC +CryptSelectMac(TPMT_PUBLIC* publicArea, TPMI_ALG_MAC_SCHEME* inMac); + +//*** CryptMacIsValidForKey() +// Check to see if the key type is compatible with the mac type +BOOL CryptMacIsValidForKey(TPM_ALG_ID keyType, TPM_ALG_ID macAlg, BOOL flag); + +//*** CryptSmacIsValidAlg() +// This function is used to test if an algorithm is a supported SMAC algorithm. It +// needs to be updated as new algorithms are added. +BOOL CryptSmacIsValidAlg(TPM_ALG_ID alg, + BOOL FLAG // IN: Indicates if TPM_ALG_NULL is valid +); + +//*** CryptSymModeIsValid() +// Function checks to see if an algorithm ID is a valid, symmetric block cipher +// mode for the TPM. If 'flag' is SET, them TPM_ALG_NULL is a valid mode. +// not include the modes used for SMAC +BOOL CryptSymModeIsValid(TPM_ALG_ID mode, BOOL flag); + +#endif // _CRYPT_UTIL_FP_H_ diff --git a/src/tpm2/crypto/ECC_Decrypt_fp.h b/src/tpm2/crypto/ECC_Decrypt_fp.h index c3940eea..0d5d3d1e 100644 --- a/src/tpm2/crypto/ECC_Decrypt_fp.h +++ b/src/tpm2/crypto/ECC_Decrypt_fp.h @@ -60,32 +60,39 @@ /********************************************************************************/ -#ifndef ECC_Decrypt_FP_H -#define ECC_Decrypt_FP_H +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_ECC_POINT C1; - TPM2B_MAX_BUFFER C2; - TPM2B_DIGEST C3; - TPMT_KDF_SCHEME inScheme; +#if CC_ECC_Decrypt // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECC_DECRYPT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECC_DECRYPT_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT keyHandle; + TPM2B_ECC_POINT C1; + TPM2B_MAX_BUFFER C2; + TPM2B_DIGEST C3; + TPMT_KDF_SCHEME inScheme; } ECC_Decrypt_In; -#define RC_ECC_Decrypt_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_ECC_Decrypt_C1 (TPM_RC_P + TPM_RC_1) -#define RC_ECC_Decrypt_C2 (TPM_RC_P + TPM_RC_2) -#define RC_ECC_Decrypt_C3 (TPM_RC_P + TPM_RC_3) -#define RC_ECC_Decrypt_inScheme (TPM_RC_P + TPM_RC_4) - -typedef struct { - TPM2B_MAX_BUFFER plainText; +// Output structure definition +typedef struct +{ + TPM2B_MAX_BUFFER plainText; } ECC_Decrypt_Out; +// Response code modifiers +# define RC_ECC_Decrypt_keyHandle (TPM_RC_H + TPM_RC_1) +# define RC_ECC_Decrypt_C1 (TPM_RC_P + TPM_RC_1) +# define RC_ECC_Decrypt_C2 (TPM_RC_P + TPM_RC_2) +# define RC_ECC_Decrypt_C3 (TPM_RC_P + TPM_RC_3) +# define RC_ECC_Decrypt_inScheme (TPM_RC_P + TPM_RC_4) + +// Function prototype TPM_RC -TPM2_ECC_Decrypt( - ECC_Decrypt_In *in, // IN: input parameter list - ECC_Decrypt_Out *out // OUT: output parameter list - ); +TPM2_ECC_Decrypt(ECC_Decrypt_In* in, ECC_Decrypt_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECC_DECRYPT_FP_H_ +#endif // CC_ECC_Decrypt diff --git a/src/tpm2/crypto/ECC_Encrypt_fp.h b/src/tpm2/crypto/ECC_Encrypt_fp.h index 5654b04c..8ad4fc71 100644 --- a/src/tpm2/crypto/ECC_Encrypt_fp.h +++ b/src/tpm2/crypto/ECC_Encrypt_fp.h @@ -59,30 +59,38 @@ /* */ /********************************************************************************/ -#ifndef ECC_ENCRYPT_FP_H -#define ECC_ENCRYPT_FP_H -typedef struct { - TPMI_DH_OBJECT keyHandle; - TPM2B_MAX_BUFFER plainText; - TPMT_KDF_SCHEME inScheme; +// FILE GENERATED BY TpmExtractCode: DO NOT EDIT + +#if CC_ECC_Encrypt // Command must be enabled + +# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECC_ENCRYPT_FP_H_ +# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECC_ENCRYPT_FP_H_ + +// Input structure definition +typedef struct +{ + TPMI_DH_OBJECT keyHandle; + TPM2B_MAX_BUFFER plainText; + TPMT_KDF_SCHEME inScheme; } ECC_Encrypt_In; -#define RC_ECC_Encrypt_keyHandle (TPM_RC_H + TPM_RC_1) -#define RC_ECC_Encrypt_plainText (TPM_RC_P + TPM_RC_1) -#define RC_ECC_Encrypt_inScheme (TPM_RC_P + TPM_RC_2) - -typedef struct { - TPM2B_ECC_POINT C1; - TPM2B_MAX_BUFFER C2; - TPM2B_DIGEST C3; +// Output structure definition +typedef struct +{ + TPM2B_ECC_POINT C1; + TPM2B_MAX_BUFFER C2; + TPM2B_DIGEST C3; } ECC_Encrypt_Out; +// Response code modifiers +# define RC_ECC_Encrypt_keyHandle (TPM_RC_H + TPM_RC_1) +# define RC_ECC_Encrypt_plainText (TPM_RC_P + TPM_RC_1) +# define RC_ECC_Encrypt_inScheme (TPM_RC_P + TPM_RC_2) + +// Function prototype TPM_RC -TPM2_ECC_Encrypt( - ECC_Encrypt_In *in, // IN: input parameter list - ECC_Encrypt_Out *out // OUT: output parameter list - ); +TPM2_ECC_Encrypt(ECC_Encrypt_In* in, ECC_Encrypt_Out* out); - -#endif +# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECC_ENCRYPT_FP_H_ +#endif // CC_ECC_Encrypt diff --git a/src/tpm2/crypto/openssl/BnConvert_fp.h b/src/tpm2/crypto/openssl/BnConvert_fp.h index a135e2c3..db810846 100644 --- a/src/tpm2/crypto/openssl/BnConvert_fp.h +++ b/src/tpm2/crypto/openssl/BnConvert_fp.h @@ -77,8 +77,8 @@ LIB_EXPORT bigNum BnFromBytes(bigNum bn, const BYTE* bytes, NUMBYTES nBytes); // If the input value does not exist, or the output does not exist, or the input // will not fit into the output the function returns NULL LIB_EXPORT bigNum BnFrom2B(bigNum bn, // OUT: - const TPM2B* a2B // IN: number to convert - ); + const TPM2B* a2B // IN: number to convert +); //*** BnToBytes() // This function converts a BIG_NUM to a byte array. It converts the bigNum to a @@ -92,11 +92,11 @@ LIB_EXPORT bigNum BnFrom2B(bigNum bn, // OUT: // unpack each word individually, the bigNum is converted to little-endian words, // copied, and then converted back to big-endian. LIB_EXPORT BOOL BnToBytes(bigConst bn, - BYTE* buffer, - NUMBYTES* size // This the number of bytes that are - // available in the buffer. The result - // should be this big. - ); + BYTE* buffer, + NUMBYTES* size // This the number of bytes that are + // available in the buffer. The result + // should be this big. +); //*** BnTo2B() // Function to convert a BIG_NUM to TPM2B. @@ -105,9 +105,9 @@ LIB_EXPORT BOOL BnToBytes(bigConst bn, // is returned. If 'size' is zero, then the TPM2B is assumed to be large enough // for the data and a2b->size will be adjusted accordingly. LIB_EXPORT BOOL BnTo2B(bigConst bn, // IN: - TPM2B* a2B, // OUT: - NUMBYTES size // IN: the desired size - ); + TPM2B* a2B, // OUT: + NUMBYTES size // IN: the desired size +); #if ALG_ECC //*** BnPointFromBytes() @@ -115,11 +115,11 @@ LIB_EXPORT BOOL BnTo2B(bigConst bn, // IN: // A point is going to be two ECC values in the same buffer. The values are going // to be the size of the modulus. They are in modular form. LIB_EXPORT bn_point_t* BnPointFromBytes( - bigPoint ecP, // OUT: the preallocated point structure - const BYTE* x, - NUMBYTES nBytesX, - const BYTE* y, - NUMBYTES nBytesY); + bigPoint ecP, // OUT: the preallocated point structure + const BYTE* x, + NUMBYTES nBytesX, + const BYTE* y, + NUMBYTES nBytesY); //*** BnPointToBytes() // This function converts a BIG_POINT into a TPMS_ECC_POINT. A TPMS_ECC_POINT @@ -128,11 +128,11 @@ LIB_EXPORT bn_point_t* BnPointFromBytes( // The presumption is that the TPMS_ECC_POINT is large enough to hold 2 TPM2B // values, each as large as a MAX_ECC_PARAMETER_BYTES LIB_EXPORT BOOL BnPointToBytes( - pointConst ecP, // OUT: the preallocated point structure - BYTE* x, - NUMBYTES* pBytesX, - BYTE* y, - NUMBYTES* pBytesY); + pointConst ecP, // OUT: the preallocated point structure + BYTE* x, + NUMBYTES* pBytesX, + BYTE* y, + NUMBYTES* pBytesY); #endif // ALG_ECC #endif // _BN_CONVERT_FP_H_ diff --git a/src/tpm2/crypto/openssl/BnMath_fp.h b/src/tpm2/crypto/openssl/BnMath_fp.h index d4759b81..0f6609af 100644 --- a/src/tpm2/crypto/openssl/BnMath_fp.h +++ b/src/tpm2/crypto/openssl/BnMath_fp.h @@ -129,8 +129,8 @@ LIB_EXPORT bigNum BnSetWord(bigNum n, crypt_uword_t w); // This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in // the 0th digit_t. The function always return TRUE LIB_EXPORT BOOL BnSetBit(bigNum bn, // IN/OUT: big number to modify - unsigned int bitNum // IN: Bit number to SET - ); + unsigned int bitNum // IN: Bit number to SET +); //*** BnTestBit() // This function is used to check to see if a bit is SET in a bignum_t. The 0th bit @@ -139,8 +139,8 @@ LIB_EXPORT BOOL BnSetBit(bigNum bn, // IN/OUT: big number to modify // TRUE(1) the bit is set // FALSE(0) the bit is not set or the number is out of range LIB_EXPORT BOOL BnTestBit(bigNum bn, // IN: number to check - unsigned int bitNum // IN: bit to test - ); + unsigned int bitNum // IN: bit to test +); //***BnMaskBits() // This function is used to mask off high order bits of a big number. @@ -151,8 +151,8 @@ LIB_EXPORT BOOL BnTestBit(bigNum bn, // IN: number to check // TRUE(1) result masked // FALSE(0) the input was not as large as the mask LIB_EXPORT BOOL BnMaskBits(bigNum bn, // IN/OUT: number to mask - crypt_uword_t maskBit // IN: the bit number for the mask. - ); + crypt_uword_t maskBit // IN: the bit number for the mask. +); //*** BnShiftRight() // This function will shift a bigNum to the right by the shiftAmount. diff --git a/src/tpm2/crypto/openssl/BnMemory_fp.h b/src/tpm2/crypto/openssl/BnMemory_fp.h index 8c846a83..4b8269ce 100644 --- a/src/tpm2/crypto/openssl/BnMemory_fp.h +++ b/src/tpm2/crypto/openssl/BnMemory_fp.h @@ -58,51 +58,63 @@ /* */ /********************************************************************************/ -#ifndef BNMEMORY_FP_H -#define BNMEMORY_FP_H +/*(Auto-generated) + * Created by TpmPrototypes; Version 3.0 July 18, 2017 + * Date: Mar 28, 2019 Time: 08:25:18PM + */ + +#ifndef _BN_MEMORY_FP_H_ +#define _BN_MEMORY_FP_H_ + +//*** BnSetTop() +// This function is used when the size of a bignum_t is changed. It +// makes sure that the unused words are set to zero and that any significant +// words of zeros are eliminated from the used size indicator. +LIB_EXPORT bigNum BnSetTop(bigNum bn, // IN/OUT: number to clean + crypt_uword_t top // IN: the new top +); -LIB_EXPORT bigNum -BnSetTop( - bigNum bn, // IN/OUT: number to clean - crypt_uword_t top // IN: the new top - ); #if 0 /* libtpms added */ -LIB_EXPORT bigNum -BnClearTop( - bigNum bn - ); +//*** BnClearTop() +// This function will make sure that all unused words are zero. +LIB_EXPORT bigNum BnClearTop(bigNum bn); #endif /* libtpms added */ -LIB_EXPORT bigNum -BnInitializeWord( - bigNum bn, // IN: - crypt_uword_t allocated, // IN: - crypt_uword_t word // IN: - ); -LIB_EXPORT bigNum -BnInit( - bigNum bn, - crypt_uword_t allocated - ); -LIB_EXPORT BOOL -BnCopy( - bigNum out, - bigConst in - ); -#if ALG_ECC -#if 0 /* libtpms added */ -LIB_EXPORT BOOL -BnPointCopy( - bigPoint pOut, - pointConst pIn - ); -#endif /* libtpms added */ -LIB_EXPORT bn_point_t * -BnInitializePoint( - bigPoint p, // OUT: structure to receive pointers - bigNum x, // IN: x coordinate - bigNum y, // IN: y coordinate - bigNum z // IN: x coordinate - ); +//*** BnInitializeWord() +// This function is used to initialize an allocated bigNum with a word value. The +// bigNum does not have to be allocated with a single word. +LIB_EXPORT bigNum BnInitializeWord(bigNum bn, // IN: + crypt_uword_t allocated, // IN: + crypt_uword_t word // IN: +); + +//*** BnInit() +// This function initializes a stack allocated bignum_t. It initializes +// 'allocated' and 'size' and zeros the words of 'd'. +LIB_EXPORT bigNum BnInit(bigNum bn, crypt_uword_t allocated); + +//*** BnCopy() +// Function to copy a bignum_t. If the output is NULL, then +// nothing happens. If the input is NULL, the output is set +// to zero. +LIB_EXPORT BOOL BnCopy(bigNum out, bigConst in); +#if ALG_ECC + +#if 0 /* libtpms added */ +//*** BnPointCopy() +// Function to copy a bn point. +LIB_EXPORT BOOL BnPointCopy(bigPoint pOut, pointConst pIn); +#endif /* libtpms added */ + +//*** BnInitializePoint() +// This function is used to initialize a point structure with the addresses +// of the coordinates. +LIB_EXPORT bn_point_t* BnInitializePoint( + bigPoint p, // OUT: structure to receive pointers + bigNum x, // IN: x coordinate + bigNum y, // IN: y coordinate + bigNum z // IN: x coordinate +); #endif // ALG_ECC -#endif + +#endif // _BN_MEMORY_FP_H_ diff --git a/src/tpm2/crypto/openssl/BnToOsslMath.c b/src/tpm2/crypto/openssl/BnToOsslMath.c index 546caf16..0c64cd8e 100644 --- a/src/tpm2/crypto/openssl/BnToOsslMath.c +++ b/src/tpm2/crypto/openssl/BnToOsslMath.c @@ -105,25 +105,25 @@ BOOL OsslToTpmBn(bigNum bn, const BIGNUM* osslBn) // libtpms: added 'const' int buffer_len; // libtpms added if(bn != NULL) - { + { #if 1 // libtpms: added begin - int num_bytes; + int num_bytes; - num_bytes = BN_num_bytes(osslBn); - GOTO_ERROR_UNLESS(num_bytes >= 0 && sizeof(buffer) >= (size_t)num_bytes); - buffer_len = BN_bn2bin(osslBn, buffer); /* ossl to bin */ - BnFromBytes(bn, buffer, buffer_len); /* bin to TPM */ + num_bytes = BN_num_bytes(osslBn); + GOTO_ERROR_UNLESS(num_bytes >= 0 && sizeof(buffer) >= (size_t)num_bytes); + buffer_len = BN_bn2bin(osslBn, buffer); /* ossl to bin */ + BnFromBytes(bn, buffer, buffer_len); /* bin to TPM */ #else // libtpms: added end - int i; - // - GOTO_ERROR_UNLESS((unsigned)osslBn->top <= BnGetAllocated(bn)); - for(i = 0; i < osslBn->top; i++) - bn->d[i] = osslBn->d[i]; - BnSetTop(bn, osslBn->top); -#endif // libtpms: added - } + int i; + // + GOTO_ERROR_UNLESS((unsigned)osslBn->top <= BnGetAllocated(bn)); + for(i = 0; i < osslBn->top; i++) + bn->d[i] = osslBn->d[i]; + BnSetTop(bn, osslBn->top); +#endif // libtpms: added + } return TRUE; - Error: +Error: return FALSE; } @@ -140,9 +140,9 @@ BIGNUM* BigInitialized(BIGNUM* toInit, bigConst initializer) #endif // libtpms: added end if(initializer == NULL) - FAIL(FATAL_ERROR_PARAMETER); + FAIL(FATAL_ERROR_PARAMETER); if(toInit == NULL || initializer == NULL) - return NULL; + return NULL; #if 1 // libtpms: added begin BnToBytes(initializer, buffer, &buffer_len); /* TPM to bin */ _toInit = BN_bin2bn(buffer, buffer_len, NULL); /* bin to ossl */ @@ -174,31 +174,31 @@ static void BIGNUM_print(const char* label, const BIGNUM* a, BOOL eol) int notZero = FALSE; if(label != NULL) - printf("%s", label); + printf("%s", label); if(a == NULL) - { - printf("NULL"); - goto done; - } + { + printf("NULL"); + goto done; + } if(a->neg) - printf("-"); + printf("-"); for(i = a->top, d = &a->d[i - 1]; i > 0; i--) - { - int j; - BN_ULONG l = *d--; - for(j = BN_BITS2 - 8; j >= 0; j -= 8) - { - BYTE b = (BYTE)((l >> j) & 0xFF); - notZero = notZero || (b != 0); - if(notZero) - printf("%02x", b); - } - if(!notZero) - printf("0"); - } - done: + { + int j; + BN_ULONG l = *d--; + for(j = BN_BITS2 - 8; j >= 0; j -= 8) + { + BYTE b = (BYTE)((l >> j) & 0xFF); + notZero = notZero || (b != 0); + if(notZero) + printf("%02x", b); + } + if(!notZero) + printf("0"); + } +done: if(eol) - printf("\n"); + printf("\n"); return; } # endif @@ -213,7 +213,7 @@ static BIGNUM* BnNewVariable(BN_CTX* CTX) // This check is intended to protect against calling this function without // having initialized the CTX. if((CTX == NULL) || ((new = BN_CTX_get(CTX)) == NULL)) - FAIL(FATAL_ERROR_ALLOCATION); + FAIL(FATAL_ERROR_ALLOCATION); return new; } @@ -228,10 +228,10 @@ BOOL BnMathLibraryCompatibilityCheck(void) crypt_uword_t i; #endif // libtpms: added BYTE test[] = {0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x17, 0x16, 0x15, - 0x14, 0x13, 0x12, 0x11, 0x10, 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, - 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00}; + 0x14, 0x13, 0x12, 0x11, 0x10, 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, + 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00}; BN_VAR(tpmTemp, sizeof(test) * 8); // allocate some space for a test value - // + // // Convert the test data to a bigNum BnFromBytes(tpmTemp, test, sizeof(test)); // Convert the test data to an OpenSSL BIGNUM @@ -240,12 +240,12 @@ BOOL BnMathLibraryCompatibilityCheck(void) #if 0 // libtpms: added GOTO_ERROR_UNLESS(osslTemp->top == (int)tpmTemp->size); for(i = 0; i < tpmTemp->size; i++) - GOTO_ERROR_UNLESS(osslTemp->d[i] == tpmTemp->d[i]); + GOTO_ERROR_UNLESS(osslTemp->d[i] == tpmTemp->d[i]); #endif // libtpms: added OSSL_LEAVE(); return 1; #if 0 // libtpms: added - Error: +Error: return 0; #endif // libtpms: added } @@ -271,9 +271,9 @@ LIB_EXPORT BOOL BnModMult(bigNum result, bigConst op1, bigConst op2, bigConst mo GOTO_ERROR_UNLESS(BN_div(NULL, bnResult, bnTemp, bnMod, CTX)); GOTO_ERROR_UNLESS(OsslToTpmBn(result, bnResult)); goto Exit; - Error: +Error: OK = FALSE; - Exit: +Exit: BN_clear_free(bnMod); // libtpms added BN_clear_free(bnOp2); // libtpms added BN_clear_free(bnOp1); // libtpms added @@ -297,9 +297,9 @@ LIB_EXPORT BOOL BnMult(bigNum result, bigConst multiplicand, bigConst multiplier GOTO_ERROR_UNLESS(BN_mul(bnTemp, bnA, bnB, CTX)); GOTO_ERROR_UNLESS(OsslToTpmBn(result, bnTemp)); goto Exit; - Error: +Error: OK = FALSE; - Exit: +Exit: BN_clear_free(bnB); // libtpms added BN_clear_free(bnA); // libtpms added OSSL_LEAVE(); @@ -313,7 +313,7 @@ LIB_EXPORT BOOL BnMult(bigNum result, bigConst multiplicand, bigConst multiplier // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnDiv( - bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor) + bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor) { OSSL_ENTER(); BIGNUM* bnQ = BN_NEW(); @@ -323,7 +323,7 @@ LIB_EXPORT BOOL BnDiv( BIG_INITIALIZED(bnSor, divisor); // if(BnEqualZero(divisor)) - FAIL(FATAL_ERROR_DIVIDE_ZERO); + FAIL(FATAL_ERROR_DIVIDE_ZERO); GOTO_ERROR_UNLESS(BN_div(bnQ, bnR, bnDend, bnSor, CTX)); GOTO_ERROR_UNLESS(OsslToTpmBn(quotient, bnQ)); GOTO_ERROR_UNLESS(OsslToTpmBn(remainder, bnR)); @@ -333,9 +333,9 @@ LIB_EXPORT BOOL BnDiv( BIGNUM_PRINT(" bnQuotient: ", bnQ, TRUE); BIGNUM_PRINT(" bnRemainder: ", bnR, TRUE); goto Exit; - Error: +Error: OK = FALSE; - Exit: +Exit: BN_clear_free(bnSor); // libtpms added BN_clear_free(bnDend); // libtpms added OSSL_LEAVE(); @@ -350,9 +350,9 @@ LIB_EXPORT BOOL BnDiv( // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnGcd(bigNum gcd, // OUT: the common divisor - bigConst number1, // IN: - bigConst number2 // IN: - ) + bigConst number1, // IN: + bigConst number2 // IN: +) { OSSL_ENTER(); BIGNUM* bnGcd = BN_NEW(); @@ -364,9 +364,9 @@ LIB_EXPORT BOOL BnGcd(bigNum gcd, // OUT: the common divisor GOTO_ERROR_UNLESS(BN_gcd(bnGcd, bn1, bn2, CTX)); GOTO_ERROR_UNLESS(OsslToTpmBn(gcd, bnGcd)); goto Exit; - Error: +Error: OK = FALSE; - Exit: +Exit: BN_clear_free(bn2); // libtpms added BN_clear_free(bn1); // libtpms added OSSL_LEAVE(); @@ -381,10 +381,10 @@ LIB_EXPORT BOOL BnGcd(bigNum gcd, // OUT: the common divisor // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnModExp(bigNum result, // OUT: the result - bigConst number, // IN: number to exponentiate - bigConst exponent, // IN: - bigConst modulus // IN: - ) + bigConst number, // IN: number to exponentiate + bigConst exponent, // IN: + bigConst modulus // IN: +) { OSSL_ENTER(); BIGNUM* bnResult = BN_NEW(); @@ -397,9 +397,9 @@ LIB_EXPORT BOOL BnModExp(bigNum result, // OUT: the result GOTO_ERROR_UNLESS(BN_mod_exp(bnResult, bnN, bnE, bnM, CTX)); GOTO_ERROR_UNLESS(OsslToTpmBn(result, bnResult)); goto Exit; - Error: +Error: OK = FALSE; - Exit: +Exit: BN_clear_free(bnM); // libtpms added BN_clear_free(bnE); // libtpms added BN_clear_free(bnN); // libtpms added @@ -425,9 +425,9 @@ LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, bigConst modulus) GOTO_ERROR_UNLESS(BN_mod_inverse(bnResult, bnN, bnM, CTX) != NULL); GOTO_ERROR_UNLESS(OsslToTpmBn(result, bnResult)); goto Exit; - Error: +Error: OK = FALSE; - Exit: +Exit: BN_clear_free(bnM); // libtpms added BN_clear_free(bnN); // libtpms added OSSL_LEAVE(); @@ -442,9 +442,9 @@ LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, bigConst modulus) // TRUE(1) success // FALSE(0) failure in operation static BOOL PointFromOssl(bigPoint pOut, // OUT: resulting point - EC_POINT* pIn, // IN: the point to return - const bigCurveData* E // IN: the curve - ) + EC_POINT* pIn, // IN: the point to return + const bigCurveData* E // IN: the curve +) { BIGNUM* x = NULL; BIGNUM* y = NULL; @@ -455,17 +455,17 @@ static BOOL PointFromOssl(bigPoint pOut, // OUT: resulting point y = BN_CTX_get(E->CTX); if(y == NULL) - FAIL(FATAL_ERROR_ALLOCATION); + FAIL(FATAL_ERROR_ALLOCATION); // If this returns false, then the point is at infinity OK = EC_POINT_get_affine_coordinates_GFp(E->G, pIn, x, y, E->CTX); if(OK) - { - OsslToTpmBn(pOut->x, x); - OsslToTpmBn(pOut->y, y); - BnSetWord(pOut->z, 1); - } + { + OsslToTpmBn(pOut->x, x); + OsslToTpmBn(pOut->y, y); + BnSetWord(pOut->z, 1); + } else - BnSetWord(pOut->z, 0); + BnSetWord(pOut->z, 0); BN_CTX_end(E->CTX); return OK; } @@ -477,18 +477,18 @@ LIB_EXPORT EC_POINT* EcPointInitialized(pointConst initializer, const bigCurveDa EC_POINT* P = NULL; if(initializer != NULL) - { - BIG_INITIALIZED(bnX, initializer->x); - BIG_INITIALIZED(bnY, initializer->y); - if(E == NULL) - FAIL(FATAL_ERROR_ALLOCATION); - P = EC_POINT_new(E->G); - if(P != NULL && // libtpms added - !EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, E->CTX)) - P = NULL; - BN_clear_free(bnX); // libtpms added - BN_clear_free(bnY); // libtpms added - } + { + BIG_INITIALIZED(bnX, initializer->x); + BIG_INITIALIZED(bnY, initializer->y); + if(E == NULL) + FAIL(FATAL_ERROR_ALLOCATION); + P = EC_POINT_new(E->G); + if(P != NULL && // libtpms added + !EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, E->CTX)) + P = NULL; + BN_clear_free(bnX); // libtpms added + BN_clear_free(bnY); // libtpms added + } return P; } @@ -501,63 +501,63 @@ LIB_EXPORT EC_POINT* EcPointInitialized(pointConst initializer, const bigCurveDa // in initializing the curve data // non-NULL points to 'E' LIB_EXPORT bigCurveData* BnCurveInitialize( - bigCurveData* E, // IN: curve structure to initialize - TPM_ECC_CURVE curveId // IN: curve identifier - ) + bigCurveData* E, // IN: curve structure to initialize + TPM_ECC_CURVE curveId // IN: curve identifier +) { const TPMBN_ECC_CURVE_CONSTANTS* C = BnGetCurveData(curveId); if(C == NULL) - E = NULL; + E = NULL; if(E != NULL) - { - // This creates the OpenSSL memory context that stays in effect as long as the - // curve (E) is defined. - OSSL_ENTER(); // if the allocation fails, the TPM fails - EC_POINT* P = NULL; - BIG_INITIALIZED(bnP, C->prime); - BIG_INITIALIZED(bnA, C->a); - BIG_INITIALIZED(bnB, C->b); - BIG_INITIALIZED(bnX, C->base.x); - BIG_INITIALIZED(bnY, C->base.y); - BIG_INITIALIZED(bnN, C->order); - BIG_INITIALIZED(bnH, C->h); - // - E->C = C; - E->CTX = CTX; + { + // This creates the OpenSSL memory context that stays in effect as long as the + // curve (E) is defined. + OSSL_ENTER(); // if the allocation fails, the TPM fails + EC_POINT* P = NULL; + BIG_INITIALIZED(bnP, C->prime); + BIG_INITIALIZED(bnA, C->a); + BIG_INITIALIZED(bnB, C->b); + BIG_INITIALIZED(bnX, C->base.x); + BIG_INITIALIZED(bnY, C->base.y); + BIG_INITIALIZED(bnN, C->order); + BIG_INITIALIZED(bnH, C->h); + // + E->C = C; + E->CTX = CTX; - // initialize EC group, associate a generator point and initialize the point - // from the parameter data - // Create a group structure - E->G = EC_GROUP_new_curve_GFp(bnP, bnA, bnB, CTX); - GOTO_ERROR_UNLESS(E->G != NULL); + // initialize EC group, associate a generator point and initialize the point + // from the parameter data + // Create a group structure + E->G = EC_GROUP_new_curve_GFp(bnP, bnA, bnB, CTX); + GOTO_ERROR_UNLESS(E->G != NULL); - // Allocate a point in the group that will be used in setting the - // generator. This is not needed after the generator is set. - P = EC_POINT_new(E->G); - GOTO_ERROR_UNLESS(P != NULL); + // Allocate a point in the group that will be used in setting the + // generator. This is not needed after the generator is set. + P = EC_POINT_new(E->G); + GOTO_ERROR_UNLESS(P != NULL); - // Need to use this in case Montgomery method is being used - GOTO_ERROR_UNLESS( - EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, CTX)); - // Now set the generator - GOTO_ERROR_UNLESS(EC_GROUP_set_generator(E->G, P, bnN, bnH)); + // Need to use this in case Montgomery method is being used + GOTO_ERROR_UNLESS( + EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, CTX)); + // Now set the generator + GOTO_ERROR_UNLESS(EC_GROUP_set_generator(E->G, P, bnN, bnH)); - EC_POINT_free(P); - goto Exit_free; // libtpms changed - Error: - EC_POINT_free(P); - BnCurveFree(E); - E = NULL; + EC_POINT_free(P); + goto Exit_free; // libtpms changed +Error: + EC_POINT_free(P); + BnCurveFree(E); + E = NULL; Exit_free: // libtpms added begin - BN_clear_free(bnH); - BN_clear_free(bnN); - BN_clear_free(bnY); - BN_clear_free(bnX); - BN_clear_free(bnB); - BN_clear_free(bnA); - BN_clear_free(bnP); // libtpms added end - } + BN_clear_free(bnH); + BN_clear_free(bnN); + BN_clear_free(bnY); + BN_clear_free(bnX); + BN_clear_free(bnB); + BN_clear_free(bnA); + BN_clear_free(bnP); // libtpms added end + } // Exit: return E; } @@ -568,10 +568,10 @@ LIB_EXPORT bigCurveData* BnCurveInitialize( LIB_EXPORT void BnCurveFree(bigCurveData* E) { if(E) - { - EC_GROUP_free(E->G); - OsslContextLeave(E->CTX); - } + { + EC_GROUP_free(E->G); + OsslContextLeave(E->CTX); + } } //*** BnEccModMult() @@ -580,18 +580,18 @@ LIB_EXPORT void BnCurveFree(bigCurveData* E) // TRUE(1) success // FALSE(0) failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult(bigPoint R, // OUT: computed point - pointConst S, // IN: point to multiply by 'd' (optional) - bigConst d, // IN: scalar for [d]S - const bigCurveData* E) + pointConst S, // IN: point to multiply by 'd' (optional) + bigConst d, // IN: scalar for [d]S + const bigCurveData* E) { EC_POINT* pR = EC_POINT_new(E->G); EC_POINT* pS = EcPointInitialized(S, E); BIG_INITIALIZED(bnD, d); if(S == NULL) - EC_POINT_mul(E->G, pR, bnD, NULL, NULL, E->CTX); + EC_POINT_mul(E->G, pR, bnD, NULL, NULL, E->CTX); else - EC_POINT_mul(E->G, pR, NULL, pS, bnD, E->CTX); + EC_POINT_mul(E->G, pR, NULL, pS, bnD, E->CTX); PointFromOssl(R, pR, E); EC_POINT_clear_free(pR); // libtpms changed EC_POINT_clear_free(pS); // libtpms changed @@ -605,12 +605,12 @@ LIB_EXPORT BOOL BnEccModMult(bigPoint R, // OUT: computed point // TRUE(1) success // FALSE(0) failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult2(bigPoint R, // OUT: computed point - pointConst S, // IN: optional point - bigConst d, // IN: scalar for [d]S or [d]G - pointConst Q, // IN: second point - bigConst u, // IN: second scalar - const bigCurveData* E // IN: curve - ) + pointConst S, // IN: optional point + bigConst d, // IN: scalar for [d]S or [d]G + pointConst Q, // IN: second point + bigConst u, // IN: second scalar + const bigCurveData* E // IN: curve +) { EC_POINT* pR = EC_POINT_new(E->G); EC_POINT* pS = EcPointInitialized(S, E); @@ -619,39 +619,38 @@ LIB_EXPORT BOOL BnEccModMult2(bigPoint R, // OUT: computed point BIG_INITIALIZED(bnU, u); if(S == NULL || S == (pointConst) & (AccessCurveConstants(E)->base)) - EC_POINT_mul(E->G, pR, bnD, pQ, bnU, E->CTX); + EC_POINT_mul(E->G, pR, bnD, pQ, bnU, E->CTX); else - { + { #if OPENSSL_VERSION_NUMBER >= 0x30000000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x4010000fL) - EC_POINT *pR1 = EC_POINT_new(E->G); - EC_POINT *pR2 = EC_POINT_new(E->G); - int OK; + EC_POINT *pR1 = EC_POINT_new(E->G); + EC_POINT *pR2 = EC_POINT_new(E->G); + int OK; - pAssert(pR1 && pR2); - OK = EC_POINT_mul(E->G, pR1, NULL, pS, bnD, E->CTX); - OK &= EC_POINT_mul(E->G, pR2, NULL, pQ, bnU, E->CTX); - OK &= EC_POINT_add(E->G, pR, pR1, pR2, E->CTX); - pAssert(OK); + pAssert(pR1 && pR2); + OK = EC_POINT_mul(E->G, pR1, NULL, pS, bnD, E->CTX); + OK &= EC_POINT_mul(E->G, pR2, NULL, pQ, bnU, E->CTX); + OK &= EC_POINT_add(E->G, pR, pR1, pR2, E->CTX); + pAssert(OK); - EC_POINT_clear_free(pR1); - EC_POINT_clear_free(pR2); + EC_POINT_clear_free(pR1); + EC_POINT_clear_free(pR2); #else - const EC_POINT* points[2]; - const BIGNUM* scalars[2]; - points[0] = pS; - points[1] = pQ; - scalars[0] = bnD; - scalars[1] = bnU; - EC_POINTs_mul(E->G, pR, NULL, 2, points, scalars, E->CTX); + const EC_POINT* points[2]; + const BIGNUM* scalars[2]; + points[0] = pS; + points[1] = pQ; + scalars[0] = bnD; + scalars[1] = bnU; + EC_POINTs_mul(E->G, pR, NULL, 2, points, scalars, E->CTX); #endif - } + } PointFromOssl(R, pR, E); EC_POINT_clear_free(pR); // libtpms changed EC_POINT_clear_free(pS); // libtpms changed EC_POINT_clear_free(pQ); // libtpms changed BN_clear_free(bnD); // libtpms added BN_clear_free(bnU); // libtpms added - return !BnEqualZero(R->z); } @@ -661,10 +660,10 @@ LIB_EXPORT BOOL BnEccModMult2(bigPoint R, // OUT: computed point // TRUE(1) success // FALSE(0) failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccAdd(bigPoint R, // OUT: computed point - pointConst S, // IN: first point to add - pointConst Q, // IN: second point - const bigCurveData* E // IN: curve - ) + pointConst S, // IN: first point to add + pointConst Q, // IN: second point + const bigCurveData* E // IN: curve +) { EC_POINT* pR = EC_POINT_new(E->G); EC_POINT* pS = EcPointInitialized(S, E); diff --git a/src/tpm2/crypto/openssl/BnToOsslMath.h b/src/tpm2/crypto/openssl/BnToOsslMath.h index 889cde34..20cd117d 100644 --- a/src/tpm2/crypto/openssl/BnToOsslMath.h +++ b/src/tpm2/crypto/openssl/BnToOsslMath.h @@ -87,9 +87,9 @@ struct bignum_st { BN_ULONG* d; /* Pointer to an array of 'BN_BITS2' bit - * chunks. */ + * chunks. */ int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ + /* The next are internal book keeping for bn_expand. */ int dmax; /* Size of the d array. */ int neg; /* one if the number is negative */ int flags; @@ -97,7 +97,7 @@ struct bignum_st #else # define EC_POINT_get_affine_coordinates EC_POINT_get_affine_coordinates_GFp # define EC_POINT_set_affine_coordinates EC_POINT_set_affine_coordinates_GFp -#endif // OPENSSL_VERSION_NUMBER +#endif // OPENSSL_VERSION_NUMBER #endif // libtpms added #if USE_OPENSSL_FUNCTIONS_ECDSA // libtpms added begin @@ -109,26 +109,26 @@ struct bignum_st # define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coordinates #endif // libtpms added end - //** Macros and Defines +//** Macros and Defines - // Make sure that the library is using the correct size for a crypt word -#if defined THIRTY_TWO_BIT && (RADIX_BITS != 32) \ - || ((defined SIXTY_FOUR_BIT_LONG || defined SIXTY_FOUR_BIT) \ - && (RADIX_BITS != 64)) +// Make sure that the library is using the correct size for a crypt word +#if defined THIRTY_TWO_BIT && (RADIX_BITS != 32) \ + || ((defined SIXTY_FOUR_BIT_LONG || defined SIXTY_FOUR_BIT) \ + && (RADIX_BITS != 64)) # error Ossl library is using different radix #endif // Allocate a local BIGNUM value. For the allocation, a bigNum structure is created // as is a local BIGNUM. The bigNum is initialized and then the BIGNUM is // set to reference the local value. -#define BIG_VAR(name, bits) \ - BN_VAR(name##Bn, (bits)); \ +#define BIG_VAR(name, bits) \ + BN_VAR(name##Bn, (bits)); \ BIGNUM* _##name = BN_new(); /* libtpms */ \ BIGNUM* name = BigInitialized(_##name /* libtpms */ \ - , BnInit(name##Bn, BYTES_TO_CRYPT_WORDS(sizeof(_##name##Bn.d)))) + , BnInit(name##Bn, BYTES_TO_CRYPT_WORDS(sizeof(_##name##Bn.d)))) // Allocate a BIGNUM and initialize with the values in a bigNum initializer -#define BIG_INITIALIZED(name, initializer) \ +#define BIG_INITIALIZED(name, initializer) \ BIGNUM* _##name = BN_new(); /* libtpms */ \ BIGNUM* name = BigInitialized(_##name, initializer) /* libtpms */ @@ -137,14 +137,14 @@ typedef struct const TPMBN_ECC_CURVE_CONSTANTS* C; // the TPM curve values EC_GROUP* G; // group parameters BN_CTX* CTX; // the context for the math (this might not be - // the context in which the curve was created>; + // the context in which the curve was created>; } OSSL_CURVE_DATA; // Define the curve data type expected by the TpmBigNum library: typedef OSSL_CURVE_DATA bigCurveData; TPM_INLINE const TPMBN_ECC_CURVE_CONSTANTS* AccessCurveConstants( - const bigCurveData* E) + const bigCurveData* E) { return E->C; } diff --git a/src/tpm2/crypto/openssl/BnToOsslMath_fp.h b/src/tpm2/crypto/openssl/BnToOsslMath_fp.h index edc61bee..64406e33 100644 --- a/src/tpm2/crypto/openssl/BnToOsslMath_fp.h +++ b/src/tpm2/crypto/openssl/BnToOsslMath_fp.h @@ -76,7 +76,7 @@ // TRUE(1) success // FALSE(0) failure because value will not fit or OpenSSL variable doesn't // exist -BOOL OsslToTpmBn(bigNum bn, const BIGNUM* osslBn); +BOOL OsslToTpmBn(bigNum bn, const BIGNUM* osslBn); // libtpms changed //*** BigInitialized() // This function initializes an OSSL BIGNUM from a TPM bigConst. Do not use this for @@ -91,4 +91,4 @@ EC_POINT *EcPointInitialized(pointConst initializer, ); // libtpms added end -#endif // _TPM_TO_OSSL_MATH_FP_H_ +#endif // _TPM_TO_OSSL_MATH_FP_H_ diff --git a/src/tpm2/crypto/openssl/BnValues.h b/src/tpm2/crypto/openssl/BnValues.h index 1cf2e599..ac9f34c3 100644 --- a/src/tpm2/crypto/openssl/BnValues.h +++ b/src/tpm2/crypto/openssl/BnValues.h @@ -92,12 +92,12 @@ // These are the basic big number formats. This is convertible to the library- // specific format without too much difficulty. For the math performed using // these numbers, the value is always positive. -#define BN_STRUCT_DEF(struct_type, count) \ - struct st_##struct_type##_t \ - { \ - crypt_uword_t allocated; \ - crypt_uword_t size; \ - crypt_uword_t d[count + BN_PAD + BN_PAD + BN_PAD]; /* libtpms changed */ \ +#define BN_STRUCT_DEF(struct_type, count) \ + struct st_##struct_type##_t \ + { \ + crypt_uword_t allocated; \ + crypt_uword_t size; \ + crypt_uword_t d[count + BN_PAD + BN_PAD + BN_PAD]; /* libtpms changed */ \ } typedef BN_STRUCT_DEF(bnroot, 1) bignum_t; @@ -128,7 +128,7 @@ extern const bignum_t BnConstZero; #define BnEqualZero(bn) (BnGetSize(bn) == 0) // Test to see if a bignum_t is equal to a word type -#define BnEqualWord(bn, word) \ +#define BnEqualWord(bn, word) \ ((BnGetSize(bn) == 1) && (BnGetWord(bn, 0) == (crypt_uword_t)word)) // Determine if a bigNum is even. A zero is even. Although the @@ -142,24 +142,24 @@ extern const bignum_t BnConstZero; // This will call the initialization function for a defined bignum_t. // This sets the allocated and used fields and clears the words of 'n'. -#define BN_INIT(name) \ +#define BN_INIT(name) \ (bigNum) BnInit((bigNum) & (name), BYTES_TO_CRYPT_WORDS(sizeof(name.d))) #define CRYPT_WORDS(bytes) BYTES_TO_CRYPT_WORDS(bytes) #define MIN_ALLOC(bytes) (CRYPT_WORDS(bytes) < 1 ? 1 : CRYPT_WORDS(bytes)) -#define BN_CONST(name, bytes, initializer) \ - typedef const struct name##_type \ - { \ - crypt_uword_t allocated; \ - crypt_uword_t size; \ - crypt_uword_t d[MIN_ALLOC(bytes)]; \ - } name##_type; \ +#define BN_CONST(name, bytes, initializer) \ + typedef const struct name##_type \ + { \ + crypt_uword_t allocated; \ + crypt_uword_t size; \ + crypt_uword_t d[MIN_ALLOC(bytes)]; \ + } name##_type; \ name##_type name = {MIN_ALLOC(bytes), CRYPT_WORDS(bytes), {initializer}}; #define BN_STRUCT_ALLOCATION(bits) (BITS_TO_CRYPT_WORDS(bits) + 1) // Create a structure of the correct size. -#define BN_STRUCT(struct_type, bits) \ +#define BN_STRUCT(struct_type, bits) \ BN_STRUCT_DEF(struct_type, BN_STRUCT_ALLOCATION(bits)) // Define a bigNum type with a specific allocation @@ -167,19 +167,19 @@ extern const bignum_t BnConstZero; // This creates a local bigNum variable of a specific size and // initializes it from a TPM2B input parameter. -#define BN_INITIALIZED(name, bits, initializer) \ - BN_STRUCT(name, bits) name##_; \ +#define BN_INITIALIZED(name, bits, initializer) \ + BN_STRUCT(name, bits) name##_; \ bigNum name = TpmMath_IntFrom2B(BN_INIT(name##_), (const TPM2B*)initializer) // Create a local variable that can hold a number with 'bits' -#define BN_VAR(name, bits) \ - BN_STRUCT(name, bits) _##name; \ +#define BN_VAR(name, bits) \ + BN_STRUCT(name, bits) _##name; \ bigNum name = BN_INIT(_##name) // Create a type that can hold the largest number defined by the // implementation. #define BN_MAX(name) BN_VAR(name, LARGEST_NUMBER_BITS) -#define BN_MAX_INITIALIZED(name, initializer) \ +#define BN_MAX_INITIALIZED(name, initializer) \ BN_INITIALIZED(name, LARGEST_NUMBER_BITS, initializer) // A word size value is useful @@ -187,10 +187,10 @@ extern const bignum_t BnConstZero; // This is used to create a word-size bigNum and initialize it with // an input parameter to a function. -#define BN_WORD_INITIALIZED(name, initial) \ - BN_STRUCT(RADIX_BITS) name##_; \ - bigNum name = \ - BnInitializeWord((bigNum)&name##_, BN_STRUCT_ALLOCATION(RADIX_BITS), initial) +#define BN_WORD_INITIALIZED(name, initial) \ + BN_STRUCT(RADIX_BITS) name##_; \ + bigNum name = BnInitializeWord( \ + (bigNum) & name##_, BN_STRUCT_ALLOCATION(RADIX_BITS), initial) // ECC-Specific Values @@ -223,13 +223,13 @@ typedef struct constant_point_t // therefore a pointer to bn_point_t (a coords). // so bigPoint->coords->x->size is the size of x, and // all 3 components are the same size. -#define BN_POINT_BUF(typename, bits) \ - struct bnpt_st_##typename##_t \ - { \ - bn_point_t coords; \ - BN_STRUCT(typename##_x, MAX_ECC_KEY_BITS) x; \ - BN_STRUCT(typename##_y, MAX_ECC_KEY_BITS) y; \ - BN_STRUCT(typename##_z, MAX_ECC_KEY_BITS) z; \ +#define BN_POINT_BUF(typename, bits) \ + struct bnpt_st_##typename##_t \ + { \ + bn_point_t coords; \ + BN_STRUCT(typename##_x, MAX_ECC_KEY_BITS) x; \ + BN_STRUCT(typename##_y, MAX_ECC_KEY_BITS) y; \ + BN_STRUCT(typename##_z, MAX_ECC_KEY_BITS) z; \ } typedef BN_POINT_BUF(fullpoint, MAX_ECC_KEY_BITS) bn_fullpoint_t; @@ -323,12 +323,12 @@ TPM_INLINE TPM_ECC_CURVE BnCurveGetCurveId(const TPMBN_ECC_CURVE_CONSTANTS* C) // Convert bytes in initializers // This is used for CryptEccData.c. -#define BIG_ENDIAN_BYTES_TO_UINT32(a, b, c, d) \ +#define BIG_ENDIAN_BYTES_TO_UINT32(a, b, c, d) \ (((UINT32)(a) << 24) + ((UINT32)(b) << 16) + ((UINT32)(c) << 8) + ((UINT32)(d))) -#define BIG_ENDIAN_BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \ - (((UINT64)(a) << 56) + ((UINT64)(b) << 48) + ((UINT64)(c) << 40) \ - + ((UINT64)(d) << 32) + ((UINT64)(e) << 24) + ((UINT64)(f) << 16) \ +#define BIG_ENDIAN_BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \ + (((UINT64)(a) << 56) + ((UINT64)(b) << 48) + ((UINT64)(c) << 40) \ + + ((UINT64)(d) << 32) + ((UINT64)(e) << 24) + ((UINT64)(f) << 16) \ + ((UINT64)(g) << 8) + ((UINT64)(h))) // These macros are used for data initialization of big number ECC constants @@ -344,17 +344,17 @@ TPM_INLINE TPM_ECC_CURVE BnCurveGetCurveId(const TPMBN_ECC_CURVE_CONSTANTS* C) #define MJOIN(a, b) a b #if RADIX_BYTES == 64 -# define B8_TO_BN(a, b, c, d, e, f, g, h) \ - ((((((((((((((((UINT64)a) << 8) | (UINT64)b) << 8) | (UINT64)c) << 8) \ - | (UINT64)d) \ - << 8) \ - | (UINT64)e) \ - << 8) \ - | (UINT64)f) \ - << 8) \ - | (UINT64)g) \ - << 8) \ - | (UINT64)h) +# define B8_TO_BN(a, b, c, d, e, f, g, h) \ + ((((((((((((((((UINT64)a) << 8) | (UINT64)b) << 8) | (UINT64)c) << 8) \ + | (UINT64)d) \ + << 8) \ + | (UINT64)e) \ + << 8) \ + | (UINT64)f) \ + << 8) \ + | (UINT64)g) \ + << 8) \ + | (UINT64)h) # define B1_TO_BN(a) B8_TO_BN(0, 0, 0, 0, 0, 0, 0, a) # define B2_TO_BN(a, b) B8_TO_BN(0, 0, 0, 0, 0, 0, a, b) # define B3_TO_BN(a, b, c) B8_TO_BN(0, 0, 0, 0, 0, a, b, c) @@ -366,8 +366,8 @@ TPM_INLINE TPM_ECC_CURVE BnCurveGetCurveId(const TPMBN_ECC_CURVE_CONSTANTS* C) # define B1_TO_BN(a) B4_TO_BN(0, 0, 0, a) # define B2_TO_BN(a, b) B4_TO_BN(0, 0, a, b) # define B3_TO_BN(a, b, c) B4_TO_BN(0, a, b, c) -# define B4_TO_BN(a, b, c, d) \ - (((((((UINT32)a << 8) | (UINT32)b) << 8) | (UINT32)c) << 8) | (UINT32)d) +# define B4_TO_BN(a, b, c, d) \ + (((((((UINT32)a << 8) | (UINT32)b) << 8) | (UINT32)c) << 8) | (UINT32)d) # define B5_TO_BN(a, b, c, d, e) B4_TO_BN(b, c, d, e), B1_TO_BN(a) # define B6_TO_BN(a, b, c, d, e, f) B4_TO_BN(c, d, e, f), B2_TO_BN(a, b) # define B7_TO_BN(a, b, c, d, e, f, g) B4_TO_BN(d, e, f, g), B3_TO_BN(a, b, c) diff --git a/src/tpm2/crypto/openssl/CryptCmac.c b/src/tpm2/crypto/openssl/CryptCmac.c index e442b05b..10bec057 100644 --- a/src/tpm2/crypto/openssl/CryptCmac.c +++ b/src/tpm2/crypto/openssl/CryptCmac.c @@ -80,13 +80,13 @@ // and block cipher algorithm. UINT16 CryptCmacStart( - SMAC_STATE* state, TPMU_PUBLIC_PARMS* keyParms, TPM_ALG_ID macAlg, TPM2B* key) + SMAC_STATE* state, TPMU_PUBLIC_PARMS* keyParms, TPM_ALG_ID macAlg, TPM2B* key) { tpmCmacState_t* cState = &state->state.cmac; TPMT_SYM_DEF_OBJECT* def = &keyParms->symDetail.sym; // if(macAlg != TPM_ALG_CMAC) - return 0; + return 0; MemorySet(cState, 0, sizeof(*cState)); // libtpms bugfix // set up the encryption algorithm and parameters cState->symAlg = def->algorithm; @@ -94,7 +94,7 @@ CryptCmacStart( cState->iv.t.size = CryptGetSymmetricBlockSize(def->algorithm, def->keyBits.sym); pAssert(cState->iv.t.size > 0 && cState->iv.t.size <= sizeof(cState->iv.t.buffer)); // libtpms added MemoryCopy2B(&cState->symKey.b, key, sizeof(cState->symKey.t.buffer)); - + // Set up the dispatch methods for the CMAC state->smacMethods.data = CryptCmacData; state->smacMethods.end = CryptCmacEnd; @@ -122,26 +122,26 @@ void CryptCmacData(SMAC_STATES* state, UINT32 size, const BYTE* buffer) memset(&keySchedule, 0, sizeof(keySchedule)); /* libtpms added: coverity */ // Set up the encryption values based on the algorithm switch(algorithm) - { - FOR_EACH_SYM(ENCRYPT_CASE) - default: - FAIL(FATAL_ERROR_INTERNAL); - } + { + FOR_EACH_SYM(ENCRYPT_CASE) + default: + FAIL(FATAL_ERROR_INTERNAL); + } while(size > 0) - { - if(cmacState->bcount == cmacState->iv.t.size) - { - ENCRYPT(&keySchedule, cmacState->iv.t.buffer, cmacState->iv.t.buffer); - cmacState->bcount = 0; - } - for(; (size > 0) && (cmacState->bcount < cmacState->iv.t.size); - size--, cmacState->bcount++) - { - cmacState->iv.t.buffer[cmacState->bcount] ^= *buffer++; - } - } + { + if(cmacState->bcount == cmacState->iv.t.size) + { + ENCRYPT(&keySchedule, cmacState->iv.t.buffer, cmacState->iv.t.buffer); + cmacState->bcount = 0; + } + for(; (size > 0) && (cmacState->bcount < cmacState->iv.t.size); + size--, cmacState->bcount++) + { + cmacState->iv.t.buffer[cmacState->bcount] ^= *buffer++; + } + } if (final) // libtpms added begin - FINAL(&keySchedule); // libtpms added end + FINAL(&keySchedule); // libtpms added end } //*** CryptCmacEnd() @@ -168,13 +168,13 @@ CryptCmacEnd(SMAC_STATES* state, UINT32 outSize, BYTE* outBuffer) // Encrypt a block of zero // Set up the encryption values based on the algorithm switch(algorithm) - { - FOR_EACH_SYM(ENCRYPT_CASE) - default: - return 0; - } + { + FOR_EACH_SYM(ENCRYPT_CASE) + default: + return 0; + } ENCRYPT(&keySchedule, subkey.t.buffer, subkey.t.buffer); - + // shift left by 1 and XOR with 0x0...87 if the MSb was 0 xorVal = ((subkey.t.buffer[0] & 0x80) == 0) ? 0 : 0x87; ShiftLeft(&subkey.b); @@ -184,22 +184,22 @@ CryptCmacEnd(SMAC_STATES* state, UINT32 outSize, BYTE* outBuffer) pAssert(cState->bcount <= cState->iv.t.size); // If the buffer is full then no need to compute subkey 2. if(cState->bcount < cState->iv.t.size) - { - //Pad the data - cState->iv.t.buffer[cState->bcount++] ^= 0x80; - // The rest of the data is a pad of zero which would simply be XORed - // with the iv value so nothing to do... - // Now compute K2 - xorVal = ((subkey.t.buffer[0] & 0x80) == 0) ? 0 : 0x87; - ShiftLeft(&subkey.b); + { + //Pad the data + cState->iv.t.buffer[cState->bcount++] ^= 0x80; + // The rest of the data is a pad of zero which would simply be XORed + // with the iv value so nothing to do... + // Now compute K2 + xorVal = ((subkey.t.buffer[0] & 0x80) == 0) ? 0 : 0x87; + ShiftLeft(&subkey.b); MUST_BE(MAX_SYM_BLOCK_SIZE == 16); // libtpms added begin: gcc -Wstringop-overflow= - pAssert(subkey.t.size > 0 && - subkey.t.size <= sizeof(subkey.t.buffer)); // libtpms added end - subkey.t.buffer[subkey.t.size - 1] ^= xorVal; - } + pAssert(subkey.t.size > 0 && + subkey.t.size <= sizeof(subkey.t.buffer)); // libtpms added end + subkey.t.buffer[subkey.t.size - 1] ^= xorVal; + } // XOR the subkey into the IV for(i = 0; i < subkey.t.size; i++) - cState->iv.t.buffer[i] ^= subkey.t.buffer[i]; + cState->iv.t.buffer[i] ^= subkey.t.buffer[i]; ENCRYPT(&keySchedule, cState->iv.t.buffer, cState->iv.t.buffer); i = (UINT16)MIN(cState->iv.t.size, outSize); MemoryCopy(outBuffer, cState->iv.t.buffer, i); diff --git a/src/tpm2/crypto/openssl/CryptEccCrypt.c b/src/tpm2/crypto/openssl/CryptEccCrypt.c index c417328e..6fa62aca 100644 --- a/src/tpm2/crypto/openssl/CryptEccCrypt.c +++ b/src/tpm2/crypto/openssl/CryptEccCrypt.c @@ -76,20 +76,20 @@ // TRUE 'scheme' is set // FALSE 'scheme' is not valid (it may have been changed). BOOL CryptEccSelectScheme(OBJECT* key, //IN: key containing default scheme - TPMT_KDF_SCHEME* scheme // IN: a decrypt scheme - ) + TPMT_KDF_SCHEME* scheme // IN: a decrypt scheme +) { TPMT_KDF_SCHEME* keyScheme = &key->publicArea.parameters.eccDetail.kdf; // Get sign object pointer if(scheme->scheme == TPM_ALG_NULL) - *scheme = *keyScheme; + *scheme = *keyScheme; if(keyScheme->scheme == TPM_ALG_NULL) - keyScheme = scheme; + keyScheme = scheme; return ( - scheme->scheme != TPM_ALG_NULL - && (keyScheme->scheme == scheme->scheme - && keyScheme->details.anyKdf.hashAlg == scheme->details.anyKdf.hashAlg)); + scheme->scheme != TPM_ALG_NULL + && (keyScheme->scheme == scheme->scheme + && keyScheme->details.anyKdf.hashAlg == scheme->details.anyKdf.hashAlg)); } //*** CryptEccEncrypt() @@ -101,14 +101,14 @@ BOOL CryptEccSelectScheme(OBJECT* key, //IN: key containing default // TPM_RC_SCHEME 'scheme' is not supported // TPM_RC_NO_RESULT internal error in big number processing LIB_EXPORT TPM_RC CryptEccEncrypt( - OBJECT* key, // IN: public key of recipient - TPMT_KDF_SCHEME* scheme, // IN: scheme to use. - TPM2B_MAX_BUFFER* plainText, // IN: the text to obfuscate - TPMS_ECC_POINT* c1, // OUT: public ephemeral key - TPM2B_MAX_BUFFER* c2, // OUT: obfuscated text - TPM2B_DIGEST* c3 // OUT: digest of ephemeral key - // and plainText - ) + OBJECT* key, // IN: public key of recipient + TPMT_KDF_SCHEME* scheme, // IN: scheme to use. + TPM2B_MAX_BUFFER* plainText, // IN: the text to obfuscate + TPMS_ECC_POINT* c1, // OUT: public ephemeral key + TPM2B_MAX_BUFFER* c2, // OUT: obfuscated text + TPM2B_DIGEST* c3 // OUT: digest of ephemeral key + // and plainText +) { CRYPT_CURVE_INITIALIZED(E, key->publicArea.parameters.eccDetail.curveID); CRYPT_POINT_INITIALIZED(PB, &key->publicArea.unique.ecc); @@ -126,8 +126,8 @@ LIB_EXPORT TPM_RC CryptEccEncrypt( // This value is one less than the value from the reference so that it // will become the correct value after having one added TPM2B_ECC_PARAMETER k = {24, {0x38, 0x4F, 0x30, 0x35, 0x30, 0x73, 0xAE, 0xEC, - 0xE7, 0xA1, 0x65, 0x43, 0x30, 0xA9, 0x62, 0x04, - 0xD3, 0x79, 0x82, 0xA3, 0xE1, 0x5B, 0x2C, 0xB4}}; + 0xE7, 0xA1, 0x65, 0x43, 0x30, 0xA9, 0x62, 0x04, + 0xD3, 0x79, 0x82, 0xA3, 0xE1, 0x5B, 0x2C, 0xB4}}; RND_DEBUG_Instantiate(&dbg, &k.b); # define RANDOM (RAND_STATE*)&dbg @@ -135,9 +135,9 @@ LIB_EXPORT TPM_RC CryptEccEncrypt( # define RANDOM NULL # endif if(E == NULL) - ERROR_EXIT(TPM_RC_CURVE); + ERROR_EXIT(TPM_RC_CURVE); if(TPM_ALG_KDF2 != scheme->scheme) - ERROR_EXIT(TPM_RC_SCHEME); + ERROR_EXIT(TPM_RC_SCHEME); // generate an ephemeral key from a random k if(!TpmEcc_GenerateKeyPair(D, Px, E, RANDOM) // C1 is the public part of the ephemeral key @@ -145,11 +145,11 @@ LIB_EXPORT TPM_RC CryptEccEncrypt( // Compute P2 || (TpmEcc_PointMult(Px, PB, D, NULL, NULL, E) != TPM_RC_SUCCESS) || !TpmEcc_PointTo2B(&p2, Px, E)) - ERROR_EXIT(TPM_RC_NO_RESULT); + ERROR_EXIT(TPM_RC_NO_RESULT); //Compute the C3 value hash(x2 || M || y2) if(0 == CryptHashStart(&hashState, scheme->details.mgf1.hashAlg)) - ERROR_EXIT(TPM_RC_HASH); + ERROR_EXIT(TPM_RC_HASH); CryptDigestUpdate2B(&hashState, &p2.x.b); CryptDigestUpdate2B(&hashState, &plainText->b); CryptDigestUpdate2B(&hashState, &p2.y.b); @@ -159,15 +159,15 @@ LIB_EXPORT TPM_RC CryptEccEncrypt( MemoryConcat2B(&z.b, &p2.y.b, sizeof(z.t.buffer)); // Generate the mask value from MGF1 and put it in the return buffer c2->t.size = CryptMGF_KDF(plainText->t.size, - c2->t.buffer, - scheme->details.mgf1.hashAlg, - z.t.size, - z.t.buffer, - 1); + c2->t.buffer, + scheme->details.mgf1.hashAlg, + z.t.size, + z.t.buffer, + 1); // XOR the plainText into the generated mask to create the obfuscated data for(i = 0; i < plainText->t.size; i++) - c2->t.buffer[i] ^= plainText->t.buffer[i]; - Exit: + c2->t.buffer[i] ^= plainText->t.buffer[i]; +Exit: CRYPT_CURVE_FREE(E); return retVal; } @@ -181,14 +181,14 @@ LIB_EXPORT TPM_RC CryptEccEncrypt( // TPM_RC_NO_RESULT internal error in big number processing // TPM_RC_VALUE C3 did not match hash of recovered data LIB_EXPORT TPM_RC CryptEccDecrypt( - OBJECT* key, // IN: key used for data recovery - TPMT_KDF_SCHEME* scheme, // IN: scheme to use. - TPM2B_MAX_BUFFER* plainText, // OUT: the recovered text - TPMS_ECC_POINT* c1, // IN: public ephemeral key - TPM2B_MAX_BUFFER* c2, // IN: obfuscated text - TPM2B_DIGEST* c3 // IN: digest of ephemeral key - // and plainText - ) + OBJECT* key, // IN: key used for data recovery + TPMT_KDF_SCHEME* scheme, // IN: scheme to use. + TPM2B_MAX_BUFFER* plainText, // OUT: the recovered text + TPMS_ECC_POINT* c1, // IN: public ephemeral key + TPM2B_MAX_BUFFER* c2, // IN: obfuscated text + TPM2B_DIGEST* c3 // IN: digest of ephemeral key + // and plainText +) { CRYPT_CURVE_INITIALIZED(E, key->publicArea.parameters.eccDetail.curveID); CRYPT_ECC_INITIALIZED(D, &key->sensitive.sensitive.ecc.b); @@ -202,16 +202,16 @@ LIB_EXPORT TPM_RC CryptEccDecrypt( TPM_RC retVal = TPM_RC_SUCCESS; // if(E == NULL) - ERROR_EXIT(TPM_RC_CURVE); + ERROR_EXIT(TPM_RC_CURVE); if(TPM_ALG_KDF2 != scheme->scheme) - ERROR_EXIT(TPM_RC_SCHEME); + ERROR_EXIT(TPM_RC_SCHEME); // Generate the Z value TpmEcc_PointMult(C1, C1, D, NULL, NULL, E); TpmEcc_PointTo2B(&p2, C1, E); // Start the hash to check the algorithm if(0 == CryptHashStart(&hashState, scheme->details.mgf1.hashAlg)) - ERROR_EXIT(TPM_RC_HASH); + ERROR_EXIT(TPM_RC_HASH); CryptDigestUpdate2B(&hashState, &p2.x.b); MemoryCopy2B(&z.b, &p2.x.b, sizeof(z.t.buffer)); @@ -219,22 +219,22 @@ LIB_EXPORT TPM_RC CryptEccDecrypt( // Generate the mask plainText->t.size = CryptMGF_KDF(c2->t.size, - plainText->t.buffer, - scheme->details.mgf1.hashAlg, - z.t.size, - z.t.buffer, - 1); + plainText->t.buffer, + scheme->details.mgf1.hashAlg, + z.t.size, + z.t.buffer, + 1); // XOR the obfuscated data into the generated mask to create the plainText data for(i = 0; i < plainText->t.size; i++) - plainText->t.buffer[i] ^= c2->t.buffer[i]; + plainText->t.buffer[i] ^= c2->t.buffer[i]; // Complete the hash and verify the data CryptDigestUpdate2B(&hashState, &plainText->b); CryptDigestUpdate2B(&hashState, &p2.y.b); check.t.size = CryptHashEnd(&hashState, sizeof(check.t.buffer), check.t.buffer); if(!MemoryEqual2B(&check.b, &c3->b)) - ERROR_EXIT(TPM_RC_VALUE); - Exit: + ERROR_EXIT(TPM_RC_VALUE); +Exit: CRYPT_CURVE_FREE(E); return retVal; } diff --git a/src/tpm2/crypto/openssl/CryptEccKeyExchange.c b/src/tpm2/crypto/openssl/CryptEccKeyExchange.c index 679ed026..3dbeba8b 100644 --- a/src/tpm2/crypto/openssl/CryptEccKeyExchange.c +++ b/src/tpm2/crypto/openssl/CryptEccKeyExchange.c @@ -83,18 +83,18 @@ // avf(Q) = xqm + 2ceil(f / 2) // Always returns TRUE(1). static BOOL avf1(Crypt_Int* bnX, // IN/OUT: the reduced value - Crypt_Int* bnN // IN: the order of the curve - ) + Crypt_Int* bnN // IN: the order of the curve +) { // compute f = 2^(ceil(ceil(log2(n)) / 2)) int f = (ExtMath_SizeInBits(bnN) + 1) / 2; // x' = 2^f + (x mod 2^f) ExtMath_MaskBits(bnX, f); // This is mod 2*2^f but it doesn't matter because - // the next operation will SET the extra bit anyway + // the next operation will SET the extra bit anyway if(!ExtMath_SetBit(bnX, f)) - { - FAIL(FATAL_ERROR_CRYPTO); - } + { + FAIL(FATAL_ERROR_CRYPTO); + } return TRUE; } @@ -111,12 +111,12 @@ static BOOL avf1(Crypt_Int* bnX, // IN/OUT: the reduced value // TPM_RC_NO_RESULT the value for dsA does not give a valid point on the // curve static TPM_RC C_2_2_MQV(TPMS_ECC_POINT* outZ, // OUT: the computed point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM2B_ECC_PARAMETER* dsA, // IN: static private TPM key - TPM2B_ECC_PARAMETER* deA, // IN: ephemeral private TPM key - TPMS_ECC_POINT* QsB, // IN: static public party B key - TPMS_ECC_POINT* QeB // IN: ephemeral public party B key - ) + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPM2B_ECC_PARAMETER* dsA, // IN: static private TPM key + TPM2B_ECC_PARAMETER* deA, // IN: ephemeral private TPM key + TPMS_ECC_POINT* QsB, // IN: static public party B key + TPMS_ECC_POINT* QeB // IN: ephemeral public party B key +) { CRYPT_CURVE_INITIALIZED(E, curveId); CRYPT_POINT_VAR(pQeA); @@ -131,9 +131,9 @@ static TPM_RC C_2_2_MQV(TPMS_ECC_POINT* outZ, // OUT: the computed point // // Parameter checks if(E == NULL) - ERROR_EXIT(TPM_RC_VALUE); + ERROR_EXIT(TPM_RC_VALUE); pAssert( - outZ != NULL && pQeB != NULL && pQsB != NULL && deA != NULL && dsA != NULL); + outZ != NULL && pQeB != NULL && pQsB != NULL && deA != NULL && dsA != NULL); // Process: // 1. implicitsigA = (de,A + avf(Qe,A)ds,A ) mod n. // 2. P = h(implicitsigA)(Qe,B + avf(Qe,B)Qs,B). @@ -142,9 +142,9 @@ static TPM_RC C_2_2_MQV(TPMS_ECC_POINT* outZ, // OUT: the computed point // Compute the public ephemeral key pQeA = [de,A]G if((retVal = - TpmEcc_PointMult(pQeA, ExtEcc_CurveGetG(curveId), bnDeA, NULL, NULL, E)) + TpmEcc_PointMult(pQeA, ExtEcc_CurveGetG(curveId), bnDeA, NULL, NULL, E)) != TPM_RC_SUCCESS) - goto Exit; + goto Exit; // 1. implicitsigA = (de,A + avf(Qe,A)ds,A ) mod n. // tA := (ds,A + de,A avf(Xe,A)) mod n (3) @@ -162,11 +162,11 @@ static TPM_RC C_2_2_MQV(TPMS_ECC_POINT* outZ, // OUT: the computed point // Put this in because almost every case of h is == 1 so skip the call when // not necessary. if(!ExtMath_IsEqualWord(ExtEcc_CurveGetCofactor(curveId), 1)) - // Cofactor is not 1 so compute Ta := Ta * h mod n - ExtMath_ModMult(bnTa, - bnTa, - ExtEcc_CurveGetCofactor(curveId), - ExtEcc_CurveGetOrder(curveId)); + // Cofactor is not 1 so compute Ta := Ta * h mod n + ExtMath_ModMult(bnTa, + bnTa, + ExtEcc_CurveGetCofactor(curveId), + ExtEcc_CurveGetOrder(curveId)); // Now that 'tA' is (h * 'tA' mod n) // 'outZ' = (tA)(Qe,B + avf(Qe,B)Qs,B). @@ -182,11 +182,11 @@ static TPM_RC C_2_2_MQV(TPMS_ECC_POINT* outZ, // OUT: the computed point // If the result is not the point at infinity, return QeB TpmEcc_PointMult(pQeB, pQeB, bnTa, NULL, NULL, E); if(ExtEcc_IsInfinityPoint(pQeB)) - ERROR_EXIT(TPM_RC_NO_RESULT); + ERROR_EXIT(TPM_RC_NO_RESULT); // Convert Crypt_Int* E to TPM2B E TpmEcc_PointTo2B(outZ, pQeB, E); - Exit: +Exit: CRYPT_CURVE_FREE(E); return retVal; } @@ -198,13 +198,13 @@ static TPM_RC C_2_2_MQV(TPMS_ECC_POINT* outZ, // OUT: the computed point // 6.1.1.2 Full Unified Model, C(2, 2, ECC CDH). // static TPM_RC C_2_2_ECDH(TPMS_ECC_POINT* outZs, // OUT: Zs - TPMS_ECC_POINT* outZe, // OUT: Ze - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM2B_ECC_PARAMETER* dsA, // IN: static private TPM key - TPM2B_ECC_PARAMETER* deA, // IN: ephemeral private TPM key - TPMS_ECC_POINT* QsB, // IN: static public party B key - TPMS_ECC_POINT* QeB // IN: ephemeral public party B key - ) + TPMS_ECC_POINT* outZe, // OUT: Ze + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPM2B_ECC_PARAMETER* dsA, // IN: static private TPM key + TPM2B_ECC_PARAMETER* deA, // IN: ephemeral private TPM key + TPMS_ECC_POINT* QsB, // IN: static public party B key + TPMS_ECC_POINT* QeB // IN: ephemeral public party B key +) { CRYPT_CURVE_INITIALIZED(E, curveId); CRYPT_ECC_INITIALIZED(bnAs, dsA); @@ -216,22 +216,22 @@ static TPM_RC C_2_2_ECDH(TPMS_ECC_POINT* outZs, // OUT: Zs // // Parameter checks if(E == NULL) - ERROR_EXIT(TPM_RC_CURVE); + ERROR_EXIT(TPM_RC_CURVE); pAssert( - outZs != NULL && dsA != NULL && deA != NULL && QsB != NULL && QeB != NULL); + outZs != NULL && dsA != NULL && deA != NULL && QsB != NULL && QeB != NULL); // Do the point multiply for the Zs value ([dsA]QsB) retVal = TpmEcc_PointMult(ecZ, ecBs, bnAs, NULL, NULL, E); if(retVal == TPM_RC_SUCCESS) - { - // Convert the Zs value. - TpmEcc_PointTo2B(outZs, ecZ, E); - // Do the point multiply for the Ze value ([deA]QeB) - retVal = TpmEcc_PointMult(ecZ, ecBe, bnAe, NULL, NULL, E); - if(retVal == TPM_RC_SUCCESS) - TpmEcc_PointTo2B(outZe, ecZ, E); - } - Exit: + { + // Convert the Zs value. + TpmEcc_PointTo2B(outZs, ecZ, E); + // Do the point multiply for the Ze value ([deA]QeB) + retVal = TpmEcc_PointMult(ecZ, ecBe, bnAe, NULL, NULL, E); + if(retVal == TPM_RC_SUCCESS) + TpmEcc_PointTo2B(outZe, ecZ, E); + } +Exit: CRYPT_CURVE_FREE(E); return retVal; } @@ -242,46 +242,46 @@ static TPM_RC C_2_2_ECDH(TPMS_ECC_POINT* outZs, // OUT: Zs // Return Type: TPM_RC // TPM_RC_SCHEME scheme is not defined LIB_EXPORT TPM_RC CryptEcc2PhaseKeyExchange( - TPMS_ECC_POINT* outZ1, // OUT: a computed point - TPMS_ECC_POINT* outZ2, // OUT: and optional second point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM_ALG_ID scheme, // IN: the key exchange scheme - TPM2B_ECC_PARAMETER* dsA, // IN: static private TPM key - TPM2B_ECC_PARAMETER* deA, // IN: ephemeral private TPM key - TPMS_ECC_POINT* QsB, // IN: static public party B key - TPMS_ECC_POINT* QeB // IN: ephemeral public party B key - ) + TPMS_ECC_POINT* outZ1, // OUT: a computed point + TPMS_ECC_POINT* outZ2, // OUT: and optional second point + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPM_ALG_ID scheme, // IN: the key exchange scheme + TPM2B_ECC_PARAMETER* dsA, // IN: static private TPM key + TPM2B_ECC_PARAMETER* deA, // IN: ephemeral private TPM key + TPMS_ECC_POINT* QsB, // IN: static public party B key + TPMS_ECC_POINT* QeB // IN: ephemeral public party B key +) { pAssert( - outZ1 != NULL && dsA != NULL && deA != NULL && QsB != NULL && QeB != NULL); + outZ1 != NULL && dsA != NULL && deA != NULL && QsB != NULL && QeB != NULL); // Initialize the output points so that they are empty until one of the // functions decides otherwise outZ1->x.b.size = 0; outZ1->y.b.size = 0; if(outZ2 != NULL) - { - outZ2->x.b.size = 0; - outZ2->y.b.size = 0; - } + { + outZ2->x.b.size = 0; + outZ2->y.b.size = 0; + } switch(scheme) - { - case TPM_ALG_ECDH: - return C_2_2_ECDH(outZ1, outZ2, curveId, dsA, deA, QsB, QeB); - break; + { + case TPM_ALG_ECDH: + return C_2_2_ECDH(outZ1, outZ2, curveId, dsA, deA, QsB, QeB); + break; # if ALG_ECMQV - case TPM_ALG_ECMQV: - return C_2_2_MQV(outZ1, curveId, dsA, deA, QsB, QeB); - break; + case TPM_ALG_ECMQV: + return C_2_2_MQV(outZ1, curveId, dsA, deA, QsB, QeB); + break; # endif # if ALG_SM2 - case TPM_ALG_SM2: - return SM2KeyExchange(outZ1, curveId, dsA, deA, QsB, QeB); - break; + case TPM_ALG_SM2: + return SM2KeyExchange(outZ1, curveId, dsA, deA, QsB, QeB); + break; # endif - default: - return TPM_RC_SCHEME; - } + default: + return TPM_RC_SCHEME; + } } # if ALG_SM2 @@ -302,20 +302,20 @@ static UINT32 ComputeWForSM2(TPM_ECC_CURVE curveId) // the 'W' here is 1. This means that an input value of 14 (1110b) would return a // value of 110b with the standard but 10b with the scheme in SM2. static Crypt_Int* avfSm2(Crypt_Int* bn, // IN/OUT: the reduced value - UINT32 w // IN: the value of w - ) + UINT32 w // IN: the value of w +) { // a) set w := ceil(ceil(log2(n)) / 2) - 1 // b) set x' := 2^w + ( x & (2^w - 1)) // This is just like the avf for MQV where x' = 2^w + (x mod 2^w) ExtMath_MaskBits(bn, w); // as with avf1, this is too big by a factor of 2 but - // it doesn't matter because we SET the extra bit - // anyway + // it doesn't matter because we SET the extra bit + // anyway if(!ExtMath_SetBit(bn, w)) - { - FAIL(FATAL_ERROR_CRYPTO); - } + { + FAIL(FATAL_ERROR_CRYPTO); + } return bn; } @@ -333,13 +333,13 @@ static Crypt_Int* avfSm2(Crypt_Int* bn, // IN/OUT: the reduced value // TPM_RC_NO_RESULT the value for dsA does not give a valid point on the // curve LIB_EXPORT TPM_RC SM2KeyExchange( - TPMS_ECC_POINT* outZ, // OUT: the computed point - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPM2B_ECC_PARAMETER* dsAIn, // IN: static private TPM key - TPM2B_ECC_PARAMETER* deAIn, // IN: ephemeral private TPM key - TPMS_ECC_POINT* QsBIn, // IN: static public party B key - TPMS_ECC_POINT* QeBIn // IN: ephemeral public party B key - ) + TPMS_ECC_POINT* outZ, // OUT: the computed point + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPM2B_ECC_PARAMETER* dsAIn, // IN: static private TPM key + TPM2B_ECC_PARAMETER* deAIn, // IN: ephemeral private TPM key + TPMS_ECC_POINT* QsBIn, // IN: static public party B key + TPMS_ECC_POINT* QeBIn // IN: ephemeral public party B key +) { CRYPT_CURVE_INITIALIZED(E, curveId); CRYPT_ECC_INITIALIZED(dsA, dsAIn); @@ -357,7 +357,7 @@ LIB_EXPORT TPM_RC SM2KeyExchange( // // Parameter checks if(E == NULL) - ERROR_EXIT(TPM_RC_CURVE); + ERROR_EXIT(TPM_RC_CURVE); pAssert(outZ != NULL && dsA != NULL && deA != NULL && QsB != NULL && QeB != NULL); // Compute the value for w @@ -365,7 +365,7 @@ LIB_EXPORT TPM_RC SM2KeyExchange( // Compute the public ephemeral key pQeA = [de,A]G if(!ExtEcc_PointMultiply(QeA, ExtEcc_CurveGetG(curveId), deA, E)) - goto Exit; + goto Exit; // tA := (ds,A + de,A avf(Xe,A)) mod n (3) // Compute 'tA' = ('dsA' + 'deA' avf('XeA')) mod n @@ -381,21 +381,21 @@ LIB_EXPORT TPM_RC SM2KeyExchange( // Put this in because almost every case of h is == 1 so skip the call when // not necessary. if(!ExtMath_IsEqualWord(ExtEcc_CurveGetCofactor(curveId), 1)) - // Cofactor is not 1 so compute Ta := Ta * h mod n - ExtMath_ModMult( - Ta, Ta, ExtEcc_CurveGetCofactor(curveId), ExtEcc_CurveGetOrder(curveId)); + // Cofactor is not 1 so compute Ta := Ta * h mod n + ExtMath_ModMult( + Ta, Ta, ExtEcc_CurveGetCofactor(curveId), ExtEcc_CurveGetOrder(curveId)); // Now that 'tA' is (h * 'tA' mod n) // 'outZ' = ['tA'](QsB + [avf(QeB.x)](QeB)). ExtMath_Copy(XeB, ExtEcc_PointX(QeB)); if(!ExtEcc_PointMultiplyAndAdd(Z, QsB, One, QeB, avfSm2(XeB, w), E)) - goto Exit; + goto Exit; // QeB := [tA]QeB = [tA](QsB + [Xe,B]QeB) and check for at infinity if(!ExtEcc_PointMultiply(Z, Z, Ta, E)) - goto Exit; + goto Exit; // Convert Crypt_Int* E to TPM2B E TpmEcc_PointTo2B(outZ, Z, E); retVal = TPM_RC_SUCCESS; - Exit: +Exit: CRYPT_CURVE_FREE(E); return retVal; } diff --git a/src/tpm2/crypto/openssl/CryptEccMain.c b/src/tpm2/crypto/openssl/CryptEccMain.c index 54a0ce7a..ef84d935 100644 --- a/src/tpm2/crypto/openssl/CryptEccMain.c +++ b/src/tpm2/crypto/openssl/CryptEccMain.c @@ -71,7 +71,7 @@ void EccSimulationEnd(void) { # if SIMULATION - // put things to be printed at the end of the simulation here +// put things to be printed at the end of the simulation here # endif } # endif // SIMULATION @@ -93,13 +93,13 @@ BOOL CryptEccStartup(void) //*** ClearPoint2B(generic) // Initialize the size values of a TPMS_ECC_POINT structure. void ClearPoint2B(TPMS_ECC_POINT* p // IN: the point - ) +) { if(p != NULL) - { - p->x.t.size = 0; - p->y.t.size = 0; - } + { + p->x.t.size = 0; + p->y.t.size = 0; + } } //*** CryptEccGetParametersByCurveId() @@ -111,22 +111,22 @@ void ClearPoint2B(TPMS_ECC_POINT* p // IN: the point // NULL curve with the indicated TPM_ECC_CURVE is not implemented // != NULL pointer to the curve data LIB_EXPORT const TPM_ECC_CURVE_METADATA* CryptEccGetParametersByCurveId( - TPM_ECC_CURVE curveId // IN: the curveID - ) + TPM_ECC_CURVE curveId // IN: the curveID +) { int i; for(i = 0; i < ECC_CURVE_COUNT; i++) - { - if(eccCurves[i].curveId == curveId) - return &eccCurves[i]; - } + { + if(eccCurves[i].curveId == curveId) + return &eccCurves[i]; + } return NULL; } //*** CryptEccGetKeySizeForCurve() // This function returns the key size in bits of the indicated curve. LIB_EXPORT UINT16 CryptEccGetKeySizeForCurve(TPM_ECC_CURVE curveId // IN: the curve - ) +) { const TPM_ECC_CURVE_METADATA* curve = CryptEccGetParametersByCurveId(curveId); UINT16 keySizeInBits; @@ -149,7 +149,7 @@ const BYTE* CryptEccGetOID(TPM_ECC_CURVE curveId) LIB_EXPORT TPM_ECC_CURVE CryptEccGetCurveByIndex(UINT16 i) { if(i >= ECC_CURVE_COUNT) - return TPM_ECC_NONE; + return TPM_ECC_NONE; return eccCurves[i].curveId; } @@ -160,9 +160,9 @@ LIB_EXPORT TPM_ECC_CURVE CryptEccGetCurveByIndex(UINT16 i) // NO if there are more ECC curves not reported TPMI_YES_NO CryptCapGetECCCurve(TPM_ECC_CURVE curveID, // IN: the starting ECC curve - UINT32 maxCount, // IN: count of returned curves - TPML_ECC_CURVE* curveList // OUT: ECC curve list - ) + UINT32 maxCount, // IN: count of returned curves + TPML_ECC_CURVE* curveList // OUT: ECC curve list +) { TPMI_YES_NO more = NO; UINT16 i; @@ -174,45 +174,45 @@ CryptCapGetECCCurve(TPM_ECC_CURVE curveID, // IN: the starting ECC curve // The maximum count of curves we may return is MAX_ECC_CURVES if(maxCount > MAX_ECC_CURVES) - maxCount = MAX_ECC_CURVES; + maxCount = MAX_ECC_CURVES; // Scan the eccCurveValues array for(i = 0; i < count; i++) - { - curve = CryptEccGetCurveByIndex(i); - // If curveID is less than the starting curveID, skip it - if(curve < curveID) - continue; - if (!CryptEccIsCurveRuntimeUsable(curve)) // libtpms added begin - continue; - if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, - TPM_ALG_ECC, - CryptEccGetKeySizeForCurve(curve), - curve, - g_RuntimeProfile.stateFormatLevel)) - continue; // libtpms added end - if(curveList->count < maxCount) - { - // If we have not filled up the return list, add more curves to - // it - curveList->eccCurves[curveList->count] = curve; - curveList->count++; - } - else - { - // If the return list is full but we still have curves - // available, report this and stop iterating - more = YES; - break; - } - } + { + curve = CryptEccGetCurveByIndex(i); + // If curveID is less than the starting curveID, skip it + if(curve < curveID) + continue; + if (!CryptEccIsCurveRuntimeUsable(curve)) // libtpms added begin + continue; + if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, + TPM_ALG_ECC, + CryptEccGetKeySizeForCurve(curve), + curve, + g_RuntimeProfile.stateFormatLevel)) + continue; // libtpms added end + if(curveList->count < maxCount) + { + // If we have not filled up the return list, add more curves to + // it + curveList->eccCurves[curveList->count] = curve; + curveList->count++; + } + else + { + // If the return list is full but we still have curves + // available, report this and stop iterating + more = YES; + break; + } + } return more; } //*** CryptCapGetOneECCCurve() // This function returns whether the ECC curve is implemented. BOOL CryptCapGetOneECCCurve(TPM_ECC_CURVE curveID // IN: the ECC curve - ) +) { UINT16 i; @@ -226,27 +226,27 @@ BOOL CryptCapGetOneECCCurve(TPM_ECC_CURVE curveID // IN: the ECC curve // Scan the eccCurveValues array for(i = 0; i < ECC_CURVE_COUNT; i++) - { - if(CryptEccGetCurveByIndex(i) == curveID) - { - return TRUE; - } - } + { + if(CryptEccGetCurveByIndex(i) == curveID) + { + return TRUE; + } + } return FALSE; } //*** CryptGetCurveSignScheme() // This function will return a pointer to the scheme of the curve. const TPMT_ECC_SCHEME* CryptGetCurveSignScheme( - TPM_ECC_CURVE curveId // IN: The curve selector - ) + TPM_ECC_CURVE curveId // IN: The curve selector +) { const TPM_ECC_CURVE_METADATA* curve = CryptEccGetParametersByCurveId(curveId); if(curve != NULL) - return &(curve->sign); + return &(curve->sign); else - return NULL; + return NULL; } //*** CryptGenerateR() @@ -261,11 +261,11 @@ const TPMT_ECC_SCHEME* CryptGetCurveSignScheme( // TRUE(1) r value computed // FALSE(0) no r value computed BOOL CryptGenerateR(TPM2B_ECC_PARAMETER* r, // OUT: the generated random value - UINT16* c, // IN/OUT: count value. - TPMI_ECC_CURVE curveID, // IN: the curve for the value - TPM2B_NAME* name // IN: optional name of a key to - // associate with 'r' - ) + UINT16* c, // IN/OUT: count value. + TPMI_ECC_CURVE curveID, // IN: the curve for the value + TPM2B_NAME* name // IN: optional name of a key to + // associate with 'r' +) { // This holds the marshaled g_commitCounter. TPM2B_TYPE(8B, 8); @@ -276,37 +276,37 @@ BOOL CryptGenerateR(TPM2B_ECC_PARAMETER* r, // OUT: the generated random UINT16 t1; // if(!TpmMath_IntTo2B(ExtEcc_CurveGetOrder(curveID), (TPM2B*)&n, 0)) - return FALSE; + return FALSE; // If this is the commit phase, use the current value of the commit counter if(c != NULL) - { - // if the array bit is not set, can't use the value. - if(!TEST_BIT((*c & COMMIT_INDEX_MASK), gr.commitArray)) - return FALSE; + { + // if the array bit is not set, can't use the value. + if(!TEST_BIT((*c & COMMIT_INDEX_MASK), gr.commitArray)) + return FALSE; - // If it is the sign phase, figure out what the counter value was - // when the commitment was made. - // - // When gr.commitArray has less than 64K bits, the extra - // bits of 'c' are used as a check to make sure that the - // signing operation is not using an out of range count value - t1 = (UINT16)currentCount; + // If it is the sign phase, figure out what the counter value was + // when the commitment was made. + // + // When gr.commitArray has less than 64K bits, the extra + // bits of 'c' are used as a check to make sure that the + // signing operation is not using an out of range count value + t1 = (UINT16)currentCount; - // If the lower bits of c are greater or equal to the lower bits of t1 - // then the upper bits of t1 must be one more than the upper bits - // of c - if((*c & COMMIT_INDEX_MASK) >= (t1 & COMMIT_INDEX_MASK)) - // Since the counter is behind, reduce the current count - currentCount = currentCount - (COMMIT_INDEX_MASK + 1); + // If the lower bits of c are greater or equal to the lower bits of t1 + // then the upper bits of t1 must be one more than the upper bits + // of c + if((*c & COMMIT_INDEX_MASK) >= (t1 & COMMIT_INDEX_MASK)) + // Since the counter is behind, reduce the current count + currentCount = currentCount - (COMMIT_INDEX_MASK + 1); - t1 = (UINT16)currentCount; - if((t1 & ~COMMIT_INDEX_MASK) != (*c & ~COMMIT_INDEX_MASK)) - return FALSE; - // set the counter to the value that was - // present when the commitment was made - currentCount = (currentCount & 0xffffffffffff0000ULL) | *c; /* libtpms changed */ - } + t1 = (UINT16)currentCount; + if((t1 & ~COMMIT_INDEX_MASK) != (*c & ~COMMIT_INDEX_MASK)) + return FALSE; + // set the counter to the value that was + // present when the commitment was made + currentCount = (currentCount & 0xffffffffffff0000ULL) | *c; /* libtpms changed */ + } // Marshal the count value to a TPM2B buffer for the KDF cntr.t.size = sizeof(currentCount); UINT64_TO_BYTE_ARRAY(currentCount, cntr.t.buffer); @@ -318,28 +318,28 @@ BOOL CryptGenerateR(TPM2B_ECC_PARAMETER* r, // OUT: the generated random r->t.size = n.t.size; for(iterations = 1; iterations < 1000000;) - { - int i; - CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, - &gr.commitNonce.b, - COMMIT_STRING, - (TPM2B *)name, // libtpms changed - &cntr.b, - n.t.size * 8, - r->t.buffer, - &iterations, - FALSE); + { + int i; + CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, + &gr.commitNonce.b, + COMMIT_STRING, + (TPM2B *)name, // libtpms changed + &cntr.b, + n.t.size * 8, + r->t.buffer, + &iterations, + FALSE); - // "random" value must be less than the prime - if(UnsignedCompareB(r->b.size, r->b.buffer, n.t.size, n.t.buffer) >= 0) - continue; + // "random" value must be less than the prime + if(UnsignedCompareB(r->b.size, r->b.buffer, n.t.size, n.t.buffer) >= 0) + continue; - // in this implementation it is required that at least bit - // in the upper half of the number be set - for(i = n.t.size / 2; i >= 0; i--) - if(r->b.buffer[i] != 0) - return TRUE; - } + // in this implementation it is required that at least bit + // in the upper half of the number be set + for(i = n.t.size / 2; i >= 0; i--) + if(r->b.buffer[i] != 0) + return TRUE; + } return FALSE; } @@ -361,7 +361,7 @@ CryptCommit(void) // is completed. It clears the gr.commitArray bit associated with the count // value so that it can't be used again. void CryptEndCommit(UINT16 c // IN: the counter value of the commitment - ) +) { ClearBit((c & COMMIT_INDEX_MASK), gr.commitArray, sizeof(gr.commitArray)); } @@ -372,76 +372,76 @@ void CryptEndCommit(UINT16 c // IN: the counter value of the commitment // TRUE(1) success // FALSE(0) unsupported ECC curve ID BOOL CryptEccGetParameters( - TPM_ECC_CURVE curveId, // IN: ECC curve ID - TPMS_ALGORITHM_DETAIL_ECC* parameters // OUT: ECC parameters - ) + TPM_ECC_CURVE curveId, // IN: ECC curve ID + TPMS_ALGORITHM_DETAIL_ECC* parameters // OUT: ECC parameters +) { const TPM_ECC_CURVE_METADATA* curve = CryptEccGetParametersByCurveId(curveId); BOOL found = curve != NULL; if(found) - { - parameters->curveID = curve->curveId; - parameters->keySize = curve->keySizeBits; - parameters->kdf = curve->kdf; - parameters->sign = curve->sign; - // BnTo2B(data->prime, ¶meters->p.b, 0); - found = found - && TpmMath_IntTo2B(ExtEcc_CurveGetPrime(curveId), - ¶meters->p.b, - parameters->p.t.size); - found = found - && TpmMath_IntTo2B(ExtEcc_CurveGet_a(curveId), ¶meters->a.b, - parameters->p.t.size /* libtpms changed for HLK */); - found = found - && TpmMath_IntTo2B(ExtEcc_CurveGet_b(curveId), ¶meters->b.b, - parameters->p.t.size /* libtpms changed for HLK */); - found = found - && TpmMath_IntTo2B(ExtEcc_CurveGetGx(curveId), - ¶meters->gX.b, - parameters->p.t.size); - found = found - && TpmMath_IntTo2B(ExtEcc_CurveGetGy(curveId), - ¶meters->gY.b, - parameters->p.t.size); - // BnTo2B(data->base.x, ¶meters->gX.b, 0); - // BnTo2B(data->base.y, ¶meters->gY.b, 0); - found = - found - && TpmMath_IntTo2B(ExtEcc_CurveGetOrder(curveId), ¶meters->n.b, 0); - found = - found - && TpmMath_IntTo2B(ExtEcc_CurveGetCofactor(curveId), ¶meters->h.b, 0); - // if we got into this IF but failed to get a parameter from the external - // library, our crypto systems are broken; enter failure mode. - if(!found) - { - FAIL(FATAL_ERROR_MATHLIBRARY); - } - } + { + parameters->curveID = curve->curveId; + parameters->keySize = curve->keySizeBits; + parameters->kdf = curve->kdf; + parameters->sign = curve->sign; + // BnTo2B(data->prime, ¶meters->p.b, 0); + found = found + && TpmMath_IntTo2B(ExtEcc_CurveGetPrime(curveId), + ¶meters->p.b, + parameters->p.t.size); + found = found + && TpmMath_IntTo2B(ExtEcc_CurveGet_a(curveId), ¶meters->a.b, + parameters->p.t.size /* libtpms changed for HLK */); + found = found + && TpmMath_IntTo2B(ExtEcc_CurveGet_b(curveId), ¶meters->b.b, + parameters->p.t.size /* libtpms changed for HLK */); + found = found + && TpmMath_IntTo2B(ExtEcc_CurveGetGx(curveId), + ¶meters->gX.b, + parameters->p.t.size); + found = found + && TpmMath_IntTo2B(ExtEcc_CurveGetGy(curveId), + ¶meters->gY.b, + parameters->p.t.size); + // BnTo2B(data->base.x, ¶meters->gX.b, 0); + // BnTo2B(data->base.y, ¶meters->gY.b, 0); + found = + found + && TpmMath_IntTo2B(ExtEcc_CurveGetOrder(curveId), ¶meters->n.b, 0); + found = + found + && TpmMath_IntTo2B(ExtEcc_CurveGetCofactor(curveId), ¶meters->h.b, 0); + // if we got into this IF but failed to get a parameter from the external + // library, our crypto systems are broken; enter failure mode. + if(!found) + { + FAIL(FATAL_ERROR_MATHLIBRARY); + } + } return found; } //*** TpmEcc_IsValidPrivateEcc() // Checks that 0 < 'x' < 'q' BOOL TpmEcc_IsValidPrivateEcc(const Crypt_Int* x, // IN: private key to check - const Crypt_EccCurve* E // IN: the curve to check - ) + const Crypt_EccCurve* E // IN: the curve to check +) { BOOL retVal; retVal = - (!ExtMath_IsZero(x) - && (ExtMath_UnsignedCmp(x, ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E))) - < 0)); + (!ExtMath_IsZero(x) + && (ExtMath_UnsignedCmp(x, ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E))) + < 0)); return retVal; } LIB_EXPORT BOOL CryptEccIsValidPrivateKey(TPM2B_ECC_PARAMETER* d, - TPM_ECC_CURVE curveId) + TPM_ECC_CURVE curveId) { CRYPT_INT_INITIALIZED(bnD, MAX_ECC_PARAMETER_BYTES * 8, d); return !ExtMath_IsZero(bnD) - && (ExtMath_UnsignedCmp(bnD, ExtEcc_CurveGetOrder(curveId)) < 0); + && (ExtMath_UnsignedCmp(bnD, ExtEcc_CurveGetOrder(curveId)) < 0); } //*** TpmEcc_PointMult() @@ -458,12 +458,12 @@ LIB_EXPORT BOOL CryptEccIsValidPrivateKey(TPM2B_ECC_PARAMETER* d, // TPM_RC_VALUE 'd' or 'u' is not < n TPM_RC TpmEcc_PointMult(Crypt_Point* R, // OUT: computed point - const Crypt_Point* S, // IN: optional point to multiply by 'd' - const Crypt_Int* d, // IN: scalar for [d]S or [d]G - const Crypt_Point* Q, // IN: optional second point - const Crypt_Int* u, // IN: optional second scalar - const Crypt_EccCurve* E // IN: curve parameters - ) + const Crypt_Point* S, // IN: optional point to multiply by 'd' + const Crypt_Int* d, // IN: scalar for [d]S or [d]G + const Crypt_Point* Q, // IN: optional second point + const Crypt_Int* u, // IN: optional second scalar + const Crypt_EccCurve* E // IN: curve parameters +) { BOOL OK; // @@ -482,27 +482,27 @@ TpmEcc_PointMult(Crypt_Point* R, // OUT: computed point OK = OK && (E != NULL); if(!OK) - return TPM_RC_VALUE; + return TPM_RC_VALUE; OK = (S == NULL) || ExtEcc_IsPointOnCurve(S, E); OK = OK && ((Q == NULL) || ExtEcc_IsPointOnCurve(Q, E)); if(!OK) - return TPM_RC_ECC_POINT; + return TPM_RC_ECC_POINT; if((d != NULL) && (S == NULL)) - S = ExtEcc_CurveGetG(ExtEcc_CurveGetCurveId(E)); + S = ExtEcc_CurveGetG(ExtEcc_CurveGetCurveId(E)); // If only one scalar, don't need Shamir's trick if((d == NULL) || (u == NULL)) - { - if(d == NULL) - OK = ExtEcc_PointMultiply(R, Q, u, E); - else - OK = ExtEcc_PointMultiply(R, S, d, E); - } + { + if(d == NULL) + OK = ExtEcc_PointMultiply(R, Q, u, E); + else + OK = ExtEcc_PointMultiply(R, S, d, E); + } else - { - OK = ExtEcc_PointMultiplyAndAdd(R, S, d, Q, u, E); - } + { + OK = ExtEcc_PointMultiplyAndAdd(R, S, d, Q, u, E); + } return (OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT); } @@ -516,11 +516,11 @@ TpmEcc_PointMult(Crypt_Point* R, // OUT: computed point // FALSE(0) failure generating private key #if !USE_OPENSSL_FUNCTIONS_EC // libtpms added BOOL TpmEcc_GenPrivateScalar( - Crypt_Int* dOut, // OUT: the qualified random value - const Crypt_EccCurve* E, // IN: curve for which the private key - // needs to be appropriate - RAND_STATE* rand // IN: state for DRBG - ) + Crypt_Int* dOut, // OUT: the qualified random value + const Crypt_EccCurve* E, // IN: curve for which the private key + // needs to be appropriate + RAND_STATE* rand // IN: state for DRBG +) { TPM_ECC_CURVE curveId = ExtEcc_CurveGetCurveId(E); const Crypt_Int* order = ExtEcc_CurveGetOrder(curveId); @@ -577,10 +577,10 @@ BOOL TpmEcc_GenPrivateScalar( // This function gets a private scalar from the source of random bits and does // the point multiply to get the public key. BOOL TpmEcc_GenerateKeyPair(Crypt_Int* bnD, // OUT: private scalar - Crypt_Point* ecQ, // OUT: public point - const Crypt_EccCurve* E, // IN: curve for the point - RAND_STATE* rand // IN: DRBG state to use - ) + Crypt_Point* ecQ, // OUT: public point + const Crypt_EccCurve* E, // IN: curve for the point + RAND_STATE* rand // IN: DRBG state to use +) { BOOL OK = FALSE; // Get a private scalar @@ -636,10 +636,10 @@ BOOL TpmEcc_GenerateKeyPair(Crypt_Int* bnD, // OUT: private scalar // This function creates an ephemeral ECC. It is ephemeral in that // is expected that the private part of the key will be discarded LIB_EXPORT TPM_RC CryptEccNewKeyPair( - TPMS_ECC_POINT* Qout, // OUT: the public point - TPM2B_ECC_PARAMETER* dOut, // OUT: the private scalar - TPM_ECC_CURVE curveId // IN: the curve for the key - ) + TPMS_ECC_POINT* Qout, // OUT: the public point + TPM2B_ECC_PARAMETER* dOut, // OUT: the private scalar + TPM_ECC_CURVE curveId // IN: the curve for the key +) { CRYPT_CURVE_INITIALIZED(E, curveId); CRYPT_POINT_VAR(ecQ); @@ -647,19 +647,19 @@ LIB_EXPORT TPM_RC CryptEccNewKeyPair( BOOL OK; if(E == NULL) - return TPM_RC_CURVE; + return TPM_RC_CURVE; TPM_DO_SELF_TEST(TPM_ALG_ECDH); OK = TpmEcc_GenerateKeyPair(bnD, ecQ, E, NULL); if(OK) - { - TpmEcc_PointTo2B(Qout, ecQ, E); - TpmMath_IntTo2B(bnD, &dOut->b, Qout->x.t.size); - } + { + TpmEcc_PointTo2B(Qout, ecQ, E); + TpmMath_IntTo2B(bnD, &dOut->b, Qout->x.t.size); + } else - { - Qout->x.t.size = Qout->y.t.size = dOut->t.size = 0; - } + { + Qout->x.t.size = Qout->y.t.size = dOut->t.size = 0; + } CRYPT_CURVE_FREE(E); return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; } @@ -691,15 +691,15 @@ LIB_EXPORT TPM_RC CryptEccNewKeyPair( // TPM_RC_VALUE 'dIn' or 'uIn' out of range // LIB_EXPORT TPM_RC CryptEccPointMultiply( - TPMS_ECC_POINT* Rout, // OUT: the product point R - TPM_ECC_CURVE curveId, // IN: the curve to use - TPMS_ECC_POINT* Pin, // IN: first point (can be null) - TPM2B_ECC_PARAMETER* dIn, // IN: scalar value for [dIn]Qin - // the Pin - TPMS_ECC_POINT* Qin, // IN: point Q - TPM2B_ECC_PARAMETER* uIn // IN: scalar value for the multiplier - // of Q - ) + TPMS_ECC_POINT* Rout, // OUT: the product point R + TPM_ECC_CURVE curveId, // IN: the curve to use + TPMS_ECC_POINT* Pin, // IN: first point (can be null) + TPM2B_ECC_PARAMETER* dIn, // IN: scalar value for [dIn]Qin + // the Pin + TPMS_ECC_POINT* Qin, // IN: point Q + TPM2B_ECC_PARAMETER* uIn // IN: scalar value for the multiplier + // of Q +) { CRYPT_CURVE_INITIALIZED(E, curveId); CRYPT_POINT_INITIALIZED(ecP, Pin); @@ -712,9 +712,9 @@ LIB_EXPORT TPM_RC CryptEccPointMultiply( retVal = TpmEcc_PointMult(ecR, ecP, bnD, ecQ, bnU, E); if(retVal == TPM_RC_SUCCESS) - TpmEcc_PointTo2B(Rout, ecR, E); + TpmEcc_PointTo2B(Rout, ecR, E); else - ClearPoint2B(Rout); + ClearPoint2B(Rout); CRYPT_CURVE_FREE(E); return retVal; } @@ -728,9 +728,9 @@ LIB_EXPORT TPM_RC CryptEccPointMultiply( // TRUE(1) point is on curve // FALSE(0) point is not on curve or curve is not supported LIB_EXPORT BOOL CryptEccIsPointOnCurve( - TPM_ECC_CURVE curveId, // IN: the curve selector - TPMS_ECC_POINT* Qin // IN: the point. - ) + TPM_ECC_CURVE curveId, // IN: the curve selector + TPMS_ECC_POINT* Qin // IN: the point. +) { CRYPT_CURVE_INITIALIZED(E, curveId); CRYPT_POINT_INITIALIZED(ecQ, Qin); @@ -757,17 +757,17 @@ LIB_EXPORT BOOL CryptEccIsPointOnCurve( // TPM_RC_CURVE curve is not supported // TPM_RC_NO_RESULT could not verify key with signature (FIPS only) LIB_EXPORT TPM_RC CryptEccGenerateKey( - TPMT_PUBLIC* publicArea, // IN/OUT: The public area template for - // the new key. The public key - // area will be replaced computed - // ECC public key - TPMT_SENSITIVE* sensitive, // OUT: the sensitive area will be - // updated to contain the private - // ECC key and the symmetric - // encryption key - RAND_STATE* rand // IN: if not NULL, the deterministic - // RNG state - ) + TPMT_PUBLIC* publicArea, // IN/OUT: The public area template for + // the new key. The public key + // area will be replaced computed + // ECC public key + TPMT_SENSITIVE* sensitive, // OUT: the sensitive area will be + // updated to contain the private + // ECC key and the symmetric + // encryption key + RAND_STATE* rand // IN: if not NULL, the deterministic + // RNG state +) { CRYPT_CURVE_INITIALIZED(E, publicArea->parameters.eccDetail.curveID); CRYPT_ECC_NUM(bnD); @@ -779,7 +779,7 @@ LIB_EXPORT TPM_RC CryptEccGenerateKey( // Validate parameters if(E == NULL) - ERROR_EXIT(TPM_RC_CURVE); + ERROR_EXIT(TPM_RC_CURVE); publicArea->unique.ecc.x.t.size = 0; publicArea->unique.ecc.y.t.size = 0; @@ -787,35 +787,35 @@ LIB_EXPORT TPM_RC CryptEccGenerateKey( OK = TpmEcc_GenerateKeyPair(bnD, ecQ, E, rand); if(OK) - { - TpmEcc_PointTo2B(&publicArea->unique.ecc, ecQ, E); - TpmMath_IntTo2B( - bnD, &sensitive->sensitive.ecc.b, publicArea->unique.ecc.x.t.size); - } -//# if FIPS_COMPLIANT // libtpms changed + { + TpmEcc_PointTo2B(&publicArea->unique.ecc, ecQ, E); + TpmMath_IntTo2B( + bnD, &sensitive->sensitive.ecc.b, publicArea->unique.ecc.x.t.size); + } +//# if FIPS_COMPLIANT // libtpms changed // See if PWCT is required - if(OK && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) && // libtpms changed begin + if(OK && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) && // libtpms changed begin RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, - RUNTIME_ATTRIBUTE_PAIRWISE_CONSISTENCY_TEST)) // libtpms changed end - { - CRYPT_ECC_NUM(bnT); - CRYPT_ECC_NUM(bnS); - TPM2B_DIGEST digest; - // - TPM_DO_SELF_TEST(TPM_ALG_ECDSA); - digest.t.size = MIN(sensitive->sensitive.ecc.t.size, sizeof(digest.t.buffer)); - // Get a random value to sign using the built in DRBG state - DRBG_Generate(NULL, digest.t.buffer, digest.t.size); - if(g_inFailureMode) - return TPM_RC_FAILURE; - TpmEcc_SignEcdsa(bnT, bnS, E, bnD, &digest, NULL); - // and make sure that we can validate the signature - OK = TpmEcc_ValidateSignatureEcdsa(bnT, bnS, E, ecQ, &digest) - == TPM_RC_SUCCESS; - } + RUNTIME_ATTRIBUTE_PAIRWISE_CONSISTENCY_TEST)) // libtpms changed end + { + CRYPT_ECC_NUM(bnT); + CRYPT_ECC_NUM(bnS); + TPM2B_DIGEST digest; + // + TPM_DO_SELF_TEST(TPM_ALG_ECDSA); + digest.t.size = MIN(sensitive->sensitive.ecc.t.size, sizeof(digest.t.buffer)); + // Get a random value to sign using the built in DRBG state + DRBG_Generate(NULL, digest.t.buffer, digest.t.size); + if(g_inFailureMode) + return TPM_RC_FAILURE; + TpmEcc_SignEcdsa(bnT, bnS, E, bnD, &digest, NULL); + // and make sure that we can validate the signature + OK = TpmEcc_ValidateSignatureEcdsa(bnT, bnS, E, ecQ, &digest) + == TPM_RC_SUCCESS; + } //# endif // libtpms changed retVal = (OK) ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; - Exit: +Exit: CRYPT_CURVE_FREE(E); return retVal; } diff --git a/src/tpm2/crypto/openssl/CryptEccSignature.c b/src/tpm2/crypto/openssl/CryptEccSignature.c index 6aea57b0..39509951 100644 --- a/src/tpm2/crypto/openssl/CryptEccSignature.c +++ b/src/tpm2/crypto/openssl/CryptEccSignature.c @@ -88,10 +88,10 @@ // Return Type: TPM_RC // TPM_RC_SCHEME 'scheme' is not supported LIB_EXPORT TPM_RC CryptEccSign(TPMT_SIGNATURE* signature, // OUT: signature - OBJECT* signKey, // IN: ECC key to sign the hash - const TPM2B_DIGEST* digest, // IN: digest to sign - TPMT_ECC_SCHEME* scheme, // IN: signing scheme - RAND_STATE* rand) + OBJECT* signKey, // IN: ECC key to sign the hash + const TPM2B_DIGEST* digest, // IN: digest to sign + TPMT_ECC_SCHEME* scheme, // IN: signing scheme + RAND_STATE* rand) { CRYPT_CURVE_INITIALIZED(E, signKey->publicArea.parameters.eccDetail.curveID); CRYPT_ECC_INITIALIZED(bnD, &signKey->sensitive.sensitive.ecc.b); @@ -101,57 +101,57 @@ LIB_EXPORT TPM_RC CryptEccSign(TPMT_SIGNATURE* signature, // OUT: signature // NOT_REFERENCED(scheme); if(E == NULL) - ERROR_EXIT(TPM_RC_VALUE); + ERROR_EXIT(TPM_RC_VALUE); signature->signature.ecdaa.signatureR.t.size = - sizeof(signature->signature.ecdaa.signatureR.t.buffer); + sizeof(signature->signature.ecdaa.signatureR.t.buffer); signature->signature.ecdaa.signatureS.t.size = - sizeof(signature->signature.ecdaa.signatureS.t.buffer); + sizeof(signature->signature.ecdaa.signatureS.t.buffer); TPM_DO_SELF_TEST(signature->sigAlg); switch(signature->sigAlg) - { - case TPM_ALG_ECDSA: - retVal = TpmEcc_SignEcdsa(bnR, bnS, E, bnD, digest, rand); - break; + { + case TPM_ALG_ECDSA: + retVal = TpmEcc_SignEcdsa(bnR, bnS, E, bnD, digest, rand); + break; # if ALG_ECDAA - case TPM_ALG_ECDAA: - retVal = TpmEcc_SignEcdaa(&signature->signature.ecdaa.signatureR, - bnS, - E, - bnD, - digest, - scheme, - signKey, - rand); - bnR = NULL; - break; + case TPM_ALG_ECDAA: + retVal = TpmEcc_SignEcdaa(&signature->signature.ecdaa.signatureR, + bnS, + E, + bnD, + digest, + scheme, + signKey, + rand); + bnR = NULL; + break; # endif # if ALG_ECSCHNORR - case TPM_ALG_ECSCHNORR: - retVal = TpmEcc_SignEcSchnorr( - bnR, bnS, E, bnD, digest, signature->signature.ecschnorr.hash, rand); - break; + case TPM_ALG_ECSCHNORR: + retVal = TpmEcc_SignEcSchnorr( + bnR, bnS, E, bnD, digest, signature->signature.ecschnorr.hash, rand); + break; # endif # if ALG_SM2 - case TPM_ALG_SM2: - retVal = TpmEcc_SignEcSm2(bnR, bnS, E, bnD, digest, rand); - break; + case TPM_ALG_SM2: + retVal = TpmEcc_SignEcSm2(bnR, bnS, E, bnD, digest, rand); + break; # endif - default: - break; - } + default: + break; + } // If signature generation worked, convert the results. if(retVal == TPM_RC_SUCCESS) - { - NUMBYTES orderBytes = (NUMBYTES)BITS_TO_BYTES( - ExtMath_SizeInBits(ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E)))); - if(bnR != NULL) - TpmMath_IntTo2B( - bnR, &signature->signature.ecdaa.signatureR.b, orderBytes); - if(bnS != NULL) - TpmMath_IntTo2B( - bnS, &signature->signature.ecdaa.signatureS.b, orderBytes); - } - Exit: + { + NUMBYTES orderBytes = (NUMBYTES)BITS_TO_BYTES( + ExtMath_SizeInBits(ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E)))); + if(bnR != NULL) + TpmMath_IntTo2B( + bnR, &signature->signature.ecdaa.signatureR.b, orderBytes); + if(bnS != NULL) + TpmMath_IntTo2B( + bnS, &signature->signature.ecdaa.signatureS.b, orderBytes); + } +Exit: CRYPT_CURVE_FREE(E); return retVal; } @@ -164,10 +164,10 @@ LIB_EXPORT TPM_RC CryptEccSign(TPMT_SIGNATURE* signature, // OUT: signature // Return Type: TPM_RC // TPM_RC_SIGNATURE not a valid signature LIB_EXPORT TPM_RC CryptEccValidateSignature( - TPMT_SIGNATURE* signature, // IN: signature to be verified - OBJECT* signKey, // IN: ECC key signed the hash - const TPM2B_DIGEST* digest // IN: digest that was signed - ) + TPMT_SIGNATURE* signature, // IN: signature to be verified + OBJECT* signKey, // IN: ECC key signed the hash + const TPM2B_DIGEST* digest // IN: digest that was signed +) { CRYPT_CURVE_INITIALIZED(E, signKey->publicArea.parameters.eccDetail.curveID); CRYPT_ECC_NUM(bnR); @@ -177,25 +177,25 @@ LIB_EXPORT TPM_RC CryptEccValidateSignature( TPM_RC retVal; if(E == NULL) - ERROR_EXIT(TPM_RC_VALUE); + ERROR_EXIT(TPM_RC_VALUE); order = ExtEcc_CurveGetOrder(ExtEcc_CurveGetCurveId(E)); // // Make sure that the scheme is valid switch(signature->sigAlg) - { - case TPM_ALG_ECDSA: + { + case TPM_ALG_ECDSA: # if ALG_ECSCHNORR - case TPM_ALG_ECSCHNORR: + case TPM_ALG_ECSCHNORR: # endif # if ALG_SM2 - case TPM_ALG_SM2: + case TPM_ALG_SM2: # endif - break; - default: - ERROR_EXIT(TPM_RC_SCHEME); - break; - } + break; + default: + ERROR_EXIT(TPM_RC_SCHEME); + break; + } // Can convert r and s after determining that the scheme is an ECC scheme. If // this conversion doesn't work, it means that the unmarshaling code for // an ECC signature is broken. @@ -204,32 +204,32 @@ LIB_EXPORT TPM_RC CryptEccValidateSignature( // r and s have to be greater than 0 but less than the curve order if(ExtMath_IsZero(bnR) || ExtMath_IsZero(bnS)) - ERROR_EXIT(TPM_RC_SIGNATURE); + ERROR_EXIT(TPM_RC_SIGNATURE); if((ExtMath_UnsignedCmp(bnS, order) >= 0) || (ExtMath_UnsignedCmp(bnR, order) >= 0)) - ERROR_EXIT(TPM_RC_SIGNATURE); + ERROR_EXIT(TPM_RC_SIGNATURE); switch(signature->sigAlg) - { - case TPM_ALG_ECDSA: - retVal = TpmEcc_ValidateSignatureEcdsa(bnR, bnS, E, ecQ, digest); - break; + { + case TPM_ALG_ECDSA: + retVal = TpmEcc_ValidateSignatureEcdsa(bnR, bnS, E, ecQ, digest); + break; # if ALG_ECSCHNORR - case TPM_ALG_ECSCHNORR: - retVal = TpmEcc_ValidateSignatureEcSchnorr( - bnR, bnS, signature->signature.any.hashAlg, E, ecQ, digest); - break; + case TPM_ALG_ECSCHNORR: + retVal = TpmEcc_ValidateSignatureEcSchnorr( + bnR, bnS, signature->signature.any.hashAlg, E, ecQ, digest); + break; # endif # if ALG_SM2 - case TPM_ALG_SM2: - retVal = TpmEcc_ValidateSignatureEcSm2(bnR, bnS, E, ecQ, digest); - break; + case TPM_ALG_SM2: + retVal = TpmEcc_ValidateSignatureEcSm2(bnR, bnS, E, ecQ, digest); + break; # endif - default: - FAIL(FATAL_ERROR_INTERNAL); - } - Exit: + default: + FAIL(FATAL_ERROR_INTERNAL); + } +Exit: CRYPT_CURVE_FREE(E); return retVal; } @@ -251,15 +251,15 @@ LIB_EXPORT TPM_RC CryptEccValidateSignature( // TPM_RC_CANCELED a cancel indication was asserted during this // function LIB_EXPORT TPM_RC CryptEccCommitCompute( - TPMS_ECC_POINT* K, // OUT: [d]B or [r]Q - TPMS_ECC_POINT* L, // OUT: [r]B - TPMS_ECC_POINT* E, // OUT: [r]M - TPM_ECC_CURVE curveId, // IN: the curve for the computations - TPMS_ECC_POINT* M, // IN: M (optional) - TPMS_ECC_POINT* B, // IN: B (optional) - TPM2B_ECC_PARAMETER* d, // IN: d (optional) - TPM2B_ECC_PARAMETER* r // IN: the computed r value (required) - ) + TPMS_ECC_POINT* K, // OUT: [d]B or [r]Q + TPMS_ECC_POINT* L, // OUT: [r]B + TPMS_ECC_POINT* E, // OUT: [r]M + TPM_ECC_CURVE curveId, // IN: the curve for the computations + TPMS_ECC_POINT* M, // IN: M (optional) + TPMS_ECC_POINT* B, // IN: B (optional) + TPM2B_ECC_PARAMETER* d, // IN: d (optional) + TPM2B_ECC_PARAMETER* r // IN: the computed r value (required) +) { // Normally initialize E as the curve, but // E means something else in this function @@ -282,59 +282,58 @@ LIB_EXPORT TPM_RC CryptEccCommitCompute( // If B is provided, compute K=[d]B and L=[r]B if(B != NULL) - { - CRYPT_ECC_INITIALIZED(bnD, d); - CRYPT_POINT_INITIALIZED(pB, B); - CRYPT_POINT_VAR(pK); - CRYPT_POINT_VAR(pL); - // - pAssert(d != NULL && K != NULL && L != NULL); + { + CRYPT_ECC_INITIALIZED(bnD, d); + CRYPT_POINT_INITIALIZED(pB, B); + CRYPT_POINT_VAR(pK); + CRYPT_POINT_VAR(pL); + // + pAssert(d != NULL && K != NULL && L != NULL); + if (!curve) // libtpms added + ERROR_EXIT(TPM_RC_NO_RESULT); // libtpms added - if (!curve) // libtpms added - ERROR_EXIT(TPM_RC_NO_RESULT); // libtpms added - - if(!ExtEcc_IsPointOnCurve(pB, curve)) - ERROR_EXIT(TPM_RC_VALUE); - // do the math for K = [d]B - if((retVal = TpmEcc_PointMult(pK, pB, bnD, NULL, NULL, curve)) - != TPM_RC_SUCCESS) - goto Exit; - // Convert BN K to TPM2B K - TpmEcc_PointTo2B(K, pK, curve); - // compute L= [r]B after checking for cancel - if(_plat__IsCanceled()) - ERROR_EXIT(TPM_RC_CANCELED); - // compute L = [r]B - if(!TpmEcc_IsValidPrivateEcc(bnR, curve)) - ERROR_EXIT(TPM_RC_VALUE); - if((retVal = TpmEcc_PointMult(pL, pB, bnR, NULL, NULL, curve)) - != TPM_RC_SUCCESS) - goto Exit; - // Convert BN L to TPM2B L - TpmEcc_PointTo2B(L, pL, curve); - } + if(!ExtEcc_IsPointOnCurve(pB, curve)) + ERROR_EXIT(TPM_RC_VALUE); + // do the math for K = [d]B + if((retVal = TpmEcc_PointMult(pK, pB, bnD, NULL, NULL, curve)) + != TPM_RC_SUCCESS) + goto Exit; + // Convert BN K to TPM2B K + TpmEcc_PointTo2B(K, pK, curve); + // compute L= [r]B after checking for cancel + if(_plat__IsCanceled()) + ERROR_EXIT(TPM_RC_CANCELED); + // compute L = [r]B + if(!TpmEcc_IsValidPrivateEcc(bnR, curve)) + ERROR_EXIT(TPM_RC_VALUE); + if((retVal = TpmEcc_PointMult(pL, pB, bnR, NULL, NULL, curve)) + != TPM_RC_SUCCESS) + goto Exit; + // Convert BN L to TPM2B L + TpmEcc_PointTo2B(L, pL, curve); + } if((M != NULL) || (B == NULL)) - { - CRYPT_POINT_INITIALIZED(pM, M); - CRYPT_POINT_VAR(pE); - // - // Make sure that a place was provided for the result - pAssert(E != NULL); + { + CRYPT_POINT_INITIALIZED(pM, M); + CRYPT_POINT_VAR(pE); + // + // Make sure that a place was provided for the result + pAssert(E != NULL); - // if this is the third point multiply, check for cancel first - if((B != NULL) && _plat__IsCanceled()) - ERROR_EXIT(TPM_RC_CANCELED); + // if this is the third point multiply, check for cancel first + if((B != NULL) && _plat__IsCanceled()) + ERROR_EXIT(TPM_RC_CANCELED); - // If M provided, then pM will not be NULL and will compute E = [r]M. - // However, if M was not provided, then pM will be NULL and E = [r]G - // will be computed - if((retVal = TpmEcc_PointMult(pE, pM, bnR, NULL, NULL, curve)) - != TPM_RC_SUCCESS) - goto Exit; - // Convert E to 2B format - TpmEcc_PointTo2B(E, pE, curve); - } - Exit: + // If M provided, then pM will not be NULL and will compute E = [r]M. + // However, if M was not provided, then pM will be NULL and E = [r]G + // will be computed + if((retVal = TpmEcc_PointMult(pE, pM, bnR, NULL, NULL, curve)) + != TPM_RC_SUCCESS) + goto Exit; + // Convert E to 2B format + TpmEcc_PointTo2B(E, pE, curve); + } +Exit: CRYPT_CURVE_FREE(curve); return retVal; } diff --git a/src/tpm2/crypto/openssl/CryptHash.c b/src/tpm2/crypto/openssl/CryptHash.c index aca21282..c8b5ee63 100644 --- a/src/tpm2/crypto/openssl/CryptHash.c +++ b/src/tpm2/crypto/openssl/CryptHash.c @@ -79,7 +79,7 @@ // Instance each of the hash descriptors based on the implemented algorithms FOR_EACH_HASH(HASH_DEF_TEMPLATE) // Instance a 'null' def. - HASH_DEF NULL_Def = {{0}}; +HASH_DEF NULL_Def = {{0}}; // Create a table of pointers to the defined hash definitions #define HASH_DEF_ENTRY(HASH, Hash) &Hash##_Def, @@ -119,15 +119,15 @@ BOOL CryptHashStartup(void) PHASH_DEF CryptGetHashDef(TPM_ALG_ID hashAlg) { -#define GET_DEF(HASH, Hash) \ - case ALG_##HASH##_VALUE: \ - return &Hash##_Def; +#define GET_DEF(HASH, Hash) \ + case ALG_##HASH##_VALUE: \ + return &Hash##_Def; switch(hashAlg) - { - FOR_EACH_HASH(GET_DEF) - default: - return &NULL_Def; - } + { + FOR_EACH_HASH(GET_DEF) + default: + return &NULL_Def; + } #undef GET_DEF } @@ -137,13 +137,13 @@ CryptGetHashDef(TPM_ALG_ID hashAlg) // Return Type: BOOL // TRUE(1) hashAlg is a valid, implemented hash on this TPM // FALSE(0) hashAlg is not valid for this TPM -BOOL CryptHashIsValidAlg(TPM_ALG_ID hashAlg, // IN: the algorithm to check - BOOL isAlgNullValid // IN: TRUE if TPM_ALG_NULL is to be treated - // as a valid hash - ) +BOOL CryptHashIsValidAlg(TPM_ALG_ID hashAlg, // IN: the algorithm to check + BOOL isAlgNullValid // IN: TRUE if TPM_ALG_NULL is to be treated + // as a valid hash +) { if(hashAlg == TPM_ALG_NULL) - return isAlgNullValid; + return isAlgNullValid; return CryptGetHashDef(hashAlg) != &NULL_Def; } @@ -158,13 +158,13 @@ BOOL CryptHashIsValidAlg(TPM_ALG_ID hashAlg, // IN: the algorithm to chec // TPM_ALG_xxx a hash algorithm // TPM_ALG_NULL this can be used as a stop value LIB_EXPORT TPM_ALG_ID CryptHashGetAlgByIndex(UINT32 index // IN: the index - ) +) { TPM_ALG_ID hashAlg; if(index >= HASH_COUNT) - hashAlg = TPM_ALG_NULL; + hashAlg = TPM_ALG_NULL; else - hashAlg = HashDefArray[index]->hashAlg; + hashAlg = HashDefArray[index]->hashAlg; return hashAlg; } @@ -176,8 +176,8 @@ LIB_EXPORT TPM_ALG_ID CryptHashGetAlgByIndex(UINT32 index // IN: the index // > 0 the digest size // LIB_EXPORT UINT16 CryptHashGetDigestSize( - TPM_ALG_ID hashAlg // IN: hash algorithm to look up - ) + TPM_ALG_ID hashAlg // IN: hash algorithm to look up +) { return CryptGetHashDef(hashAlg)->digestSize; } @@ -190,8 +190,8 @@ LIB_EXPORT UINT16 CryptHashGetDigestSize( // > 0 the digest size // LIB_EXPORT UINT16 CryptHashGetBlockSize( - TPM_ALG_ID hashAlg // IN: hash algorithm to look up - ) + TPM_ALG_ID hashAlg // IN: hash algorithm to look up +) { return CryptGetHashDef(hashAlg)->blockSize; } @@ -211,7 +211,7 @@ LIB_EXPORT const BYTE* CryptHashGetOid(TPM_ALG_ID hashAlg) // This function returns the hash algorithm associated with a hash context. TPM_ALG_ID CryptHashGetContextAlg(PHASH_STATE state // IN: the context to check - ) +) { return state->hashAlg; } @@ -223,22 +223,22 @@ CryptHashGetContextAlg(PHASH_STATE state // IN: the context to check //*** CryptHashCopyState // This function is used to clone a HASH_STATE. LIB_EXPORT void CryptHashCopyState(HASH_STATE* out, // OUT: destination of the state - const HASH_STATE* in // IN: source of the state - ) + const HASH_STATE* in // IN: source of the state +) { pAssert(out->type == in->type); out->hashAlg = in->hashAlg; out->def = in->def; if(in->hashAlg != TPM_ALG_NULL) - { - HASH_STATE_COPY(out, in); - } + { + HASH_STATE_COPY(out, in); + } if(in->type == HASH_STATE_HMAC) - { - const HMAC_STATE* hIn = (HMAC_STATE*)in; - HMAC_STATE* hOut = (HMAC_STATE*)out; - hOut->hmacKey = hIn->hmacKey; - } + { + const HMAC_STATE* hIn = (HMAC_STATE*)in; + HMAC_STATE* hOut = (HMAC_STATE*)out; + hOut->hmacKey = hIn->hmacKey; + } return; } #endif // libtpms added @@ -248,39 +248,39 @@ LIB_EXPORT void CryptHashCopyState(HASH_STATE* out, // OUT: destination of the // This function is used to export a hash or HMAC hash state. This function // would be called when preparing to context save a sequence object. void CryptHashExportState( - PCHASH_STATE internalFmt, // IN: the hash state formatted for use by - // library - PEXPORT_HASH_STATE externalFmt // OUT: the exported hash state - ) + PCHASH_STATE internalFmt, // IN: the hash state formatted for use by + // library + PEXPORT_HASH_STATE externalFmt // OUT: the exported hash state +) { BYTE* outBuf = (BYTE*)externalFmt; // MUST_BE(sizeof(HASH_STATE) <= sizeof(EXPORT_HASH_STATE)); // the following #define is used to move data from an aligned internal data // structure to a byte buffer (external format data. -#define CopyToOffset(value) \ - memcpy(&outBuf[offsetof(HASH_STATE, value)], \ - &internalFmt->value, \ - sizeof(internalFmt->value)) +#define CopyToOffset(value) \ + memcpy(&outBuf[offsetof(HASH_STATE, value)], \ + &internalFmt->value, \ + sizeof(internalFmt->value)) // Copy the hashAlg CopyToOffset(hashAlg); CopyToOffset(type); #ifdef HASH_STATE_SMAC if(internalFmt->type == HASH_STATE_SMAC) - { - memcpy(outBuf, internalFmt, sizeof(HASH_STATE)); - return; - } + { + memcpy(outBuf, internalFmt, sizeof(HASH_STATE)); + return; + } #endif if(internalFmt->type == HASH_STATE_HMAC) - { - HMAC_STATE* from = (HMAC_STATE*)internalFmt; - memcpy(&outBuf[offsetof(HMAC_STATE, hmacKey)], - &from->hmacKey, - sizeof(from->hmacKey)); - } + { + HMAC_STATE* from = (HMAC_STATE*)internalFmt; + memcpy(&outBuf[offsetof(HMAC_STATE, hmacKey)], + &from->hmacKey, + sizeof(from->hmacKey)); + } if(internalFmt->hashAlg != TPM_ALG_NULL) - HASH_STATE_EXPORT(externalFmt, internalFmt); + HASH_STATE_EXPORT(externalFmt, internalFmt); } //*** CryptHashImportState() @@ -288,41 +288,41 @@ void CryptHashExportState( // would be called to import a hash state when the context of a sequence object // was being loaded. void CryptHashImportState( - PHASH_STATE internalFmt, // OUT: the hash state formatted for use by - // the library - PCEXPORT_HASH_STATE externalFmt // IN: the exported hash state - ) + PHASH_STATE internalFmt, // OUT: the hash state formatted for use by + // the library + PCEXPORT_HASH_STATE externalFmt // IN: the exported hash state +) { BYTE* inBuf = (BYTE*)externalFmt; - // -#define CopyFromOffset(value) \ - memcpy(&internalFmt->value, \ - &inBuf[offsetof(HASH_STATE, value)], \ - sizeof(internalFmt->value)) +// +#define CopyFromOffset(value) \ + memcpy(&internalFmt->value, \ + &inBuf[offsetof(HASH_STATE, value)], \ + sizeof(internalFmt->value)) // Copy the hashAlg of the byte-aligned input structure to the structure-aligned // internal structure. CopyFromOffset(hashAlg); CopyFromOffset(type); if(internalFmt->hashAlg != TPM_ALG_NULL) - { + { #ifdef HASH_STATE_SMAC - if(internalFmt->type == HASH_STATE_SMAC) - { - memcpy(internalFmt, inBuf, sizeof(HASH_STATE)); - return; - } + if(internalFmt->type == HASH_STATE_SMAC) + { + memcpy(internalFmt, inBuf, sizeof(HASH_STATE)); + return; + } #endif - internalFmt->def = CryptGetHashDef(internalFmt->hashAlg); - HASH_STATE_IMPORT(internalFmt, inBuf); - if(internalFmt->type == HASH_STATE_HMAC) - { - HMAC_STATE* to = (HMAC_STATE*)internalFmt; - memcpy(&to->hmacKey, - &inBuf[offsetof(HMAC_STATE, hmacKey)], - sizeof(to->hmacKey)); - } - } + internalFmt->def = CryptGetHashDef(internalFmt->hashAlg); + HASH_STATE_IMPORT(internalFmt, inBuf); + if(internalFmt->type == HASH_STATE_HMAC) + { + HMAC_STATE* to = (HMAC_STATE*)internalFmt; + memcpy(&to->hmacKey, + &inBuf[offsetof(HMAC_STATE, hmacKey)], + sizeof(to->hmacKey)); + } + } } #endif // libtpms added @@ -333,25 +333,25 @@ void CryptHashImportState( // ID. This function is used to complete the hash and only return a partial digest. // The return value is the size of the data copied. static UINT16 HashEnd(PHASH_STATE hashState, // IN: the hash state - UINT32 dOutSize, // IN: the size of receive buffer - PBYTE dOut // OUT: the receive buffer - ) + UINT32 dOutSize, // IN: the size of receive buffer + PBYTE dOut // OUT: the receive buffer +) { BYTE temp[MAX_DIGEST_SIZE]; if((hashState->hashAlg == TPM_ALG_NULL) || (hashState->type != HASH_STATE_HASH)) - dOutSize = 0; + dOutSize = 0; if(dOutSize > 0) - { - hashState->def = CryptGetHashDef(hashState->hashAlg); - // Set the final size - dOutSize = MIN(dOutSize, hashState->def->digestSize); - // Complete into the temp buffer and then copy - HASH_END(hashState, temp); - // Don't want any other functions calling the HASH_END method - // directly. + { + hashState->def = CryptGetHashDef(hashState->hashAlg); + // Set the final size + dOutSize = MIN(dOutSize, hashState->def->digestSize); + // Complete into the temp buffer and then copy + HASH_END(hashState, temp); + // Don't want any other functions calling the HASH_END method + // directly. #undef HASH_END - memcpy(dOut, &temp, dOutSize); - } + memcpy(dOut, &temp, dOutSize); + } hashState->type = HASH_STATE_EMPTY; return (UINT16)dOutSize; } @@ -372,9 +372,9 @@ static UINT16 HashEnd(PHASH_STATE hashState, // IN: the hash state // 0 hash is TPM_ALG_NULL // >0 digest size LIB_EXPORT UINT16 CryptHashStart( - PHASH_STATE hashState, // OUT: the running hash state - TPM_ALG_ID hashAlg // IN: hash algorithm - ) + PHASH_STATE hashState, // OUT: the running hash state + TPM_ALG_ID hashAlg // IN: hash algorithm +) { UINT16 retVal; @@ -382,15 +382,15 @@ LIB_EXPORT UINT16 CryptHashStart( hashState->hashAlg = hashAlg; if(hashAlg == TPM_ALG_NULL) - { - retVal = 0; - } + { + retVal = 0; + } else - { - hashState->def = CryptGetHashDef(hashAlg); - HASH_START(hashState); - retVal = hashState->def->digestSize; - } + { + hashState->def = CryptGetHashDef(hashAlg); + HASH_START(hashState); + retVal = hashState->def->digestSize; + } #undef HASH_START hashState->type = HASH_STATE_HASH; return retVal; @@ -400,23 +400,23 @@ LIB_EXPORT UINT16 CryptHashStart( // Add data to a hash or HMAC, SMAC stack. // void CryptDigestUpdate(PHASH_STATE hashState, // IN: the hash context information - UINT32 dataSize, // IN: the size of data to be added - const BYTE* data // IN: data to be hashed - ) + UINT32 dataSize, // IN: the size of data to be added + const BYTE* data // IN: data to be hashed +) { if(hashState->hashAlg != TPM_ALG_NULL) - { - if((hashState->type == HASH_STATE_HASH) - || (hashState->type == HASH_STATE_HMAC)) - HASH_DATA(hashState, dataSize, (BYTE*)data); + { + if((hashState->type == HASH_STATE_HASH) + || (hashState->type == HASH_STATE_HMAC)) + HASH_DATA(hashState, dataSize, (BYTE*)data); #if SMAC_IMPLEMENTED - else if(hashState->type == HASH_STATE_SMAC) - (hashState->state.smac.smacMethods.data)( - &hashState->state.smac.state, dataSize, data); + else if(hashState->type == HASH_STATE_SMAC) + (hashState->state.smac.smacMethods.data)( + &hashState->state.smac.state, dataSize, data); #endif // SMAC_IMPLEMENTED - else - FAIL(FATAL_ERROR_INTERNAL); - } + else + FAIL(FATAL_ERROR_INTERNAL); + } return; } @@ -429,9 +429,9 @@ void CryptDigestUpdate(PHASH_STATE hashState, // IN: the hash context informati // 0 no data returned // > 0 the number of bytes in the digest or dOutSize, whichever is smaller LIB_EXPORT UINT16 CryptHashEnd(PHASH_STATE hashState, // IN: the state of hash stack - UINT32 dOutSize, // IN: size of digest buffer - BYTE* dOut // OUT: hash digest - ) + UINT32 dOutSize, // IN: size of digest buffer + BYTE* dOut // OUT: hash digest +) { pAssert(hashState->type == HASH_STATE_HASH); return HashEnd(hashState, dOutSize, dOut); @@ -446,11 +446,11 @@ LIB_EXPORT UINT16 CryptHashEnd(PHASH_STATE hashState, // IN: the state of hash // Return Type: UINT16 // >= 0 number of bytes placed in 'dOut' LIB_EXPORT UINT16 CryptHashBlock(TPM_ALG_ID hashAlg, // IN: The hash algorithm - UINT32 dataSize, // IN: size of buffer to hash - const BYTE* data, // IN: the buffer to hash - UINT32 dOutSize, // IN: size of the digest buffer - BYTE* dOut // OUT: digest buffer - ) + UINT32 dataSize, // IN: size of buffer to hash + const BYTE* data, // IN: the buffer to hash + UINT32 dOutSize, // IN: size of the digest buffer + BYTE* dOut // OUT: digest buffer +) { HASH_STATE state; CryptHashStart(&state, hashAlg); @@ -464,8 +464,8 @@ LIB_EXPORT UINT16 CryptHashBlock(TPM_ALG_ID hashAlg, // IN: The hash algorith // This function can be used for both HMAC and hash functions so the // 'digestState' is void so that either state type can be passed. LIB_EXPORT void CryptDigestUpdate2B(PHASH_STATE state, // IN: the digest state - const TPM2B* bIn // IN: 2B containing the data - ) + const TPM2B* bIn // IN: 2B containing the data +) { // Only compute the digest if a pointer to the 2B is provided. // In CryptDigestUpdate(), if size is zero or buffer is NULL, then no change @@ -484,10 +484,10 @@ LIB_EXPORT void CryptDigestUpdate2B(PHASH_STATE state, // IN: the digest state // Return Type: UINT16 // >=0 the number of bytes placed in 'digest.buffer' LIB_EXPORT UINT16 CryptHashEnd2B( - PHASH_STATE state, // IN: the hash state - P2B digest // IN: the size of the buffer Out: requested - // number of bytes - ) + PHASH_STATE state, // IN: the hash state + P2B digest // IN: the size of the buffer Out: requested + // number of bytes +) { return CryptHashEnd(state, digest->size, digest->buffer); } @@ -496,10 +496,10 @@ LIB_EXPORT UINT16 CryptHashEnd2B( // This function is used to include an integer value to a hash stack. The function // marshals the integer into its canonical form before calling CryptDigestUpdate(). LIB_EXPORT void CryptDigestUpdateInt( - void* state, // IN: the state of hash stack - UINT32 intSize, // IN: the size of 'intValue' in bytes - UINT64 intValue // IN: integer value to be hashed - ) + void* state, // IN: the state of hash stack + UINT32 intSize, // IN: the size of 'intValue' in bytes + UINT64 intValue // IN: integer value to be hashed +) { #if LITTLE_ENDIAN_TPM intValue = REVERSE_ENDIAN_64(intValue); @@ -520,10 +520,10 @@ LIB_EXPORT void CryptDigestUpdateInt( // >= 0 number of bytes in digest produced by 'hashAlg' (may be zero) // LIB_EXPORT UINT16 CryptHmacStart(PHMAC_STATE state, // IN/OUT: the state buffer - TPM_ALG_ID hashAlg, // IN: the algorithm to use - UINT16 keySize, // IN: the size of the HMAC key - const BYTE* key // IN: the HMAC key - ) + TPM_ALG_ID hashAlg, // IN: the algorithm to use + UINT16 keySize, // IN: the size of the HMAC key + const BYTE* key // IN: the HMAC key +) { PHASH_DEF hashDef; BYTE* pb; @@ -531,41 +531,41 @@ LIB_EXPORT UINT16 CryptHmacStart(PHMAC_STATE state, // IN/OUT: the state buff // hashDef = CryptGetHashDef(hashAlg); if(hashDef->digestSize != 0) - { - // If the HMAC key is larger than the hash block size, it has to be reduced - // to fit. The reduction is a digest of the hashKey. - if(keySize > hashDef->blockSize) - { - // if the key is too big, reduce it to a digest of itself - state->hmacKey.t.size = CryptHashBlock( - hashAlg, keySize, key, hashDef->digestSize, state->hmacKey.t.buffer); - } - else - { - memcpy(state->hmacKey.t.buffer, key, keySize); - state->hmacKey.t.size = keySize; - } - // XOR the key with iPad (0x36) - pb = state->hmacKey.t.buffer; - for(i = state->hmacKey.t.size; i > 0; i--) - *pb++ ^= 0x36; + { + // If the HMAC key is larger than the hash block size, it has to be reduced + // to fit. The reduction is a digest of the hashKey. + if(keySize > hashDef->blockSize) + { + // if the key is too big, reduce it to a digest of itself + state->hmacKey.t.size = CryptHashBlock( + hashAlg, keySize, key, hashDef->digestSize, state->hmacKey.t.buffer); + } + else + { + memcpy(state->hmacKey.t.buffer, key, keySize); + state->hmacKey.t.size = keySize; + } + // XOR the key with iPad (0x36) + pb = state->hmacKey.t.buffer; + for(i = state->hmacKey.t.size; i > 0; i--) + *pb++ ^= 0x36; - // if the keySize is smaller than a block, fill the rest with 0x36 - for(i = hashDef->blockSize - state->hmacKey.t.size; i > 0; i--) - *pb++ = 0x36; + // if the keySize is smaller than a block, fill the rest with 0x36 + for(i = hashDef->blockSize - state->hmacKey.t.size; i > 0; i--) + *pb++ = 0x36; - // Increase the oPadSize to a full block - state->hmacKey.t.size = hashDef->blockSize; + // Increase the oPadSize to a full block + state->hmacKey.t.size = hashDef->blockSize; - // Start a new hash with the HMAC key - // This will go in the caller's state structure and may be a sequence or not - CryptHashStart((PHASH_STATE)state, hashAlg); - CryptDigestUpdate( - (PHASH_STATE)state, state->hmacKey.t.size, state->hmacKey.t.buffer); - // XOR the key block with 0x5c ^ 0x36 - for(pb = state->hmacKey.t.buffer, i = hashDef->blockSize; i > 0; i--) - *pb++ ^= (0x5c ^ 0x36); - } + // Start a new hash with the HMAC key + // This will go in the caller's state structure and may be a sequence or not + CryptHashStart((PHASH_STATE)state, hashAlg); + CryptDigestUpdate( + (PHASH_STATE)state, state->hmacKey.t.size, state->hmacKey.t.buffer); + // XOR the key block with 0x5c ^ 0x36 + for(pb = state->hmacKey.t.buffer, i = hashDef->blockSize; i > 0; i--) + *pb++ ^= (0x5c ^ 0x36); + } // Set the hash algorithm state->hashState.hashAlg = hashAlg; // Set the hash state type @@ -582,33 +582,33 @@ LIB_EXPORT UINT16 CryptHmacStart(PHMAC_STATE state, // IN/OUT: the state buff // Return Type: UINT16 // >= 0 number of bytes in 'dOut' (may be zero) LIB_EXPORT UINT16 CryptHmacEnd(PHMAC_STATE state, // IN: the hash state buffer - UINT32 dOutSize, // IN: size of digest buffer - BYTE* dOut // OUT: hash digest - ) + UINT32 dOutSize, // IN: size of digest buffer + BYTE* dOut // OUT: hash digest +) { BYTE temp[MAX_DIGEST_SIZE]; PHASH_STATE hState = (PHASH_STATE)&state->hashState; #if SMAC_IMPLEMENTED if(hState->type == HASH_STATE_SMAC) - return (state->hashState.state.smac.smacMethods.end)( - &state->hashState.state.smac.state, dOutSize, dOut); + return (state->hashState.state.smac.smacMethods.end)( + &state->hashState.state.smac.state, dOutSize, dOut); #endif pAssert(hState->type == HASH_STATE_HMAC); hState->def = CryptGetHashDef(hState->hashAlg); // Change the state type for completion processing hState->type = HASH_STATE_HASH; if(hState->hashAlg == TPM_ALG_NULL) - dOutSize = 0; + dOutSize = 0; else - { - // Complete the current hash - HashEnd(hState, hState->def->digestSize, temp); - // Do another hash starting with the oPad - CryptHashStart(hState, hState->hashAlg); - CryptDigestUpdate(hState, state->hmacKey.t.size, state->hmacKey.t.buffer); - CryptDigestUpdate(hState, hState->def->digestSize, temp); - } + { + // Complete the current hash + HashEnd(hState, hState->def->digestSize, temp); + // Do another hash starting with the oPad + CryptHashStart(hState, hState->hashAlg); + CryptDigestUpdate(hState, state->hmacKey.t.size, state->hmacKey.t.buffer); + CryptDigestUpdate(hState, hState->def->digestSize, temp); + } return HashEnd(hState, dOutSize, dOut); } @@ -627,11 +627,11 @@ LIB_EXPORT UINT16 CryptHmacEnd(PHMAC_STATE state, // IN: the hash state buff // > 0 the digest size of the algorithm // = 0 the hashAlg was TPM_ALG_NULL LIB_EXPORT UINT16 CryptHmacStart2B( - PHMAC_STATE hmacState, // OUT: the state of HMAC stack. It will be used - // in HMAC update and completion - TPMI_ALG_HASH hashAlg, // IN: hash algorithm - P2B key // IN: HMAC key - ) + PHMAC_STATE hmacState, // OUT: the state of HMAC stack. It will be used + // in HMAC update and completion + TPMI_ALG_HASH hashAlg, // IN: hash algorithm + P2B key // IN: HMAC key +) { return CryptHmacStart(hmacState, hashAlg, key->size, key->buffer); } @@ -642,9 +642,9 @@ LIB_EXPORT UINT16 CryptHmacStart2B( // Return Type: UINT16 // >=0 the number of bytes placed in 'digest' LIB_EXPORT UINT16 CryptHmacEnd2B( - PHMAC_STATE hmacState, // IN: the state of HMAC stack - P2B digest // OUT: HMAC - ) + PHMAC_STATE hmacState, // IN: the state of HMAC stack + P2B digest // OUT: HMAC +) { return CryptHmacEnd(hmacState, digest->size, digest->buffer); } @@ -663,12 +663,12 @@ LIB_EXPORT UINT16 CryptHmacEnd2B( // 0 hash algorithm was TPM_ALG_NULL // > 0 should be the same as 'mSize' LIB_EXPORT UINT16 CryptMGF_KDF(UINT32 mSize, // IN: length of the mask to be produced - BYTE* mask, // OUT: buffer to receive the mask - TPM_ALG_ID hashAlg, // IN: hash to use - UINT32 seedSize, // IN: size of the seed - BYTE* seed, // IN: seed size - UINT32 counter // IN: counter initial value - ) + BYTE* mask, // OUT: buffer to receive the mask + TPM_ALG_ID hashAlg, // IN: hash to use + UINT32 seedSize, // IN: size of the seed + BYTE* seed, // IN: seed size + UINT32 counter // IN: counter initial value +) { HASH_STATE hashState; PHASH_DEF hDef = CryptGetHashDef(hashAlg); @@ -677,20 +677,20 @@ LIB_EXPORT UINT16 CryptMGF_KDF(UINT32 mSize, // IN: length of the mask to be pr // // If there is no digest to compute return if((hDef->digestSize == 0) || (mSize == 0)) - return 0; + return 0; if(counter != 0) - counter = 1; + counter = 1; hLen = hDef->digestSize; for(bytes = 0; bytes < mSize; bytes += hLen) - { - // Start the hash and include the seed and counter - CryptHashStart(&hashState, hashAlg); - CryptDigestUpdate(&hashState, seedSize, seed); - CryptDigestUpdateInt(&hashState, 4, counter); - // Get as much as will fit. - CryptHashEnd(&hashState, MIN((mSize - bytes), hLen), &mask[bytes]); - counter++; - } + { + // Start the hash and include the seed and counter + CryptHashStart(&hashState, hashAlg); + CryptDigestUpdate(&hashState, seedSize, seed); + CryptDigestUpdateInt(&hashState, 4, counter); + // Get as much as will fit. + CryptHashEnd(&hashState, MIN((mSize - bytes), hLen), &mask[bytes]); + counter++; + } return (UINT16)mSize; } @@ -717,20 +717,20 @@ LIB_EXPORT UINT16 CryptMGF_KDF(UINT32 mSize, // IN: length of the mask to be pr // 0 hash algorithm is not supported or is TPM_ALG_NULL // > 0 the number of bytes in the 'keyStream' buffer LIB_EXPORT UINT16 CryptKDFa( - TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC - const TPM2B* key, // IN: HMAC key - const TPM2B* label, // IN: a label for the KDF - const TPM2B* contextU, // IN: context U - const TPM2B* contextV, // IN: context V - UINT32 sizeInBits, // IN: size of generated key in bits - BYTE* keyStream, // OUT: key buffer - UINT32* counterInOut, // IN/OUT: caller may provide the iteration - // counter for incremental operations to - // avoid large intermediate buffers. - UINT16 blocks // IN: If non-zero, this is the maximum number - // of blocks to be returned, regardless - // of sizeInBits - ) + TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC + const TPM2B* key, // IN: HMAC key + const TPM2B* label, // IN: a label for the KDF + const TPM2B* contextU, // IN: context U + const TPM2B* contextV, // IN: context V + UINT32 sizeInBits, // IN: size of generated key in bits + BYTE* keyStream, // OUT: key buffer + UINT32* counterInOut, // IN/OUT: caller may provide the iteration + // counter for incremental operations to + // avoid large intermediate buffers. + UINT16 blocks // IN: If non-zero, this is the maximum number + // of blocks to be returned, regardless + // of sizeInBits +) { UINT32 counter = 0; // counter value INT16 bytes; // number of bytes to produce @@ -744,10 +744,10 @@ LIB_EXPORT UINT16 CryptKDFa( TPM_DO_SELF_TEST(TPM_ALG_KDF1_SP800_108); if(digestSize == 0) - return 0; + return 0; if(counterInOut != NULL) - counter = *counterInOut; + counter = *counterInOut; // If the size of the request is larger than the numbers will handle, // it is a fatal error. @@ -762,43 +762,43 @@ LIB_EXPORT UINT16 CryptKDFa( // Generate required bytes for(; bytes > 0; bytes -= digestSize) - { - counter++; - // Start HMAC - if(CryptHmacStart(&hState, hashAlg, key->size, key->buffer) == 0) - return 0; - // Adding counter - CryptDigestUpdateInt(&hState.hashState, 4, counter); + { + counter++; + // Start HMAC + if(CryptHmacStart(&hState, hashAlg, key->size, key->buffer) == 0) + return 0; + // Adding counter + CryptDigestUpdateInt(&hState.hashState, 4, counter); - // Adding label - if(label != NULL) - HASH_DATA(&hState.hashState, label->size, (BYTE*)label->buffer); - // Add a null. SP108 is not very clear about when the 0 is needed but to - // make this like the previous version that did not add an 0x00 after - // a null-terminated string, this version will only add a null byte - // if the label parameter did not end in a null byte, or if no label - // is present. - if((label == NULL) || (label->size == 0) - || (label->buffer[label->size - 1] != 0)) - CryptDigestUpdateInt(&hState.hashState, 1, 0); - // Adding contextU - if(contextU != NULL) - HASH_DATA(&hState.hashState, contextU->size, contextU->buffer); - // Adding contextV - if(contextV != NULL) - HASH_DATA(&hState.hashState, contextV->size, contextV->buffer); - // Adding size in bits - CryptDigestUpdateInt(&hState.hashState, 4, sizeInBits); + // Adding label + if(label != NULL) + HASH_DATA(&hState.hashState, label->size, (BYTE*)label->buffer); + // Add a null. SP108 is not very clear about when the 0 is needed but to + // make this like the previous version that did not add an 0x00 after + // a null-terminated string, this version will only add a null byte + // if the label parameter did not end in a null byte, or if no label + // is present. + if((label == NULL) || (label->size == 0) + || (label->buffer[label->size - 1] != 0)) + CryptDigestUpdateInt(&hState.hashState, 1, 0); + // Adding contextU + if(contextU != NULL) + HASH_DATA(&hState.hashState, contextU->size, contextU->buffer); + // Adding contextV + if(contextV != NULL) + HASH_DATA(&hState.hashState, contextV->size, contextV->buffer); + // Adding size in bits + CryptDigestUpdateInt(&hState.hashState, 4, sizeInBits); - // Complete and put the data in the buffer - CryptHmacEnd(&hState, bytes, stream); - stream = &stream[digestSize]; - } + // Complete and put the data in the buffer + CryptHmacEnd(&hState, bytes, stream); + stream = &stream[digestSize]; + } // Masking in the KDF is disabled. If the calling function wants something // less than even number of bytes, then the caller should do the masking // because there is no universal way to do it here if(counterInOut != NULL) - *counterInOut = counter; + *counterInOut = counter; return generated; } @@ -817,13 +817,13 @@ LIB_EXPORT UINT16 CryptKDFa( // #if ! USE_OPENSSL_FUNCTIONS_SSKDF // libtpms added LIB_EXPORT UINT16 CryptKDFe(TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC - TPM2B* Z, // IN: Z - const TPM2B* label, // IN: a label value for the KDF - TPM2B* partyUInfo, // IN: PartyUInfo - TPM2B* partyVInfo, // IN: PartyVInfo - UINT32 sizeInBits, // IN: size of generated key in bits - BYTE* keyStream // OUT: key buffer - ) + TPM2B* Z, // IN: Z + const TPM2B* label, // IN: a label value for the KDF + TPM2B* partyUInfo, // IN: PartyUInfo + TPM2B* partyVInfo, // IN: PartyVInfo + UINT32 sizeInBits, // IN: size of generated key in bits + BYTE* keyStream // OUT: key buffer +) { HASH_STATE hashState; PHASH_DEF hashDef = CryptGetHashDef(hashAlg); @@ -838,7 +838,7 @@ LIB_EXPORT UINT16 CryptKDFe(TPM_ALG_ID hashAlg, // IN: hash algorithm used in hLen = hashDef->digestSize; bytes = (INT16)((sizeInBits + 7) / 8); if(hashAlg == TPM_ALG_NULL || bytes == 0) - return 0; + return 0; // Generate required bytes //The inner loop of that KDF uses: @@ -854,44 +854,44 @@ LIB_EXPORT UINT16 CryptKDFe(TPM_ALG_ID hashAlg, // IN: hash algorithm used in // In this specification, OtherInfo will be constructed by: // OtherInfo := Use | PartyUInfo | PartyVInfo for(; bytes > 0; stream = &stream[hLen], bytes = bytes - hLen) - { - if(bytes < hLen) - hLen = bytes; - counter++; - // Do the hash - CryptHashStart(&hashState, hashAlg); - // Add counter - CryptDigestUpdateInt(&hashState, 4, counter); + { + if(bytes < hLen) + hLen = bytes; + counter++; + // Do the hash + CryptHashStart(&hashState, hashAlg); + // Add counter + CryptDigestUpdateInt(&hashState, 4, counter); - // Add Z - if(Z != NULL) - CryptDigestUpdate2B(&hashState, Z); - // Add label - if(label != NULL) - CryptDigestUpdate2B(&hashState, label); + // Add Z + if(Z != NULL) + CryptDigestUpdate2B(&hashState, Z); + // Add label + if(label != NULL) + CryptDigestUpdate2B(&hashState, label); - // NIST.SP.800-56Cr2.pdf section 4.1 states that no NULL - // character is required here. - // Note, this is different from KDFa which is specified in - // NIST.SP.800-108r1.pdf section 4 (a NULL character is required - // for that case). + // NIST.SP.800-56Cr2.pdf section 4.1 states that no NULL + // character is required here. + // Note, this is different from KDFa which is specified in + // NIST.SP.800-108r1.pdf section 4 (a NULL character is required + // for that case). - // Add PartyUInfo - if(partyUInfo != NULL) - CryptDigestUpdate2B(&hashState, partyUInfo); + // Add PartyUInfo + if(partyUInfo != NULL) + CryptDigestUpdate2B(&hashState, partyUInfo); - // Add PartyVInfo - if(partyVInfo != NULL) - CryptDigestUpdate2B(&hashState, partyVInfo); + // Add PartyVInfo + if(partyVInfo != NULL) + CryptDigestUpdate2B(&hashState, partyVInfo); - // Compute Hash. hLen was changed to be the smaller of bytes or hLen - // at the start of each iteration. - CryptHashEnd(&hashState, hLen, stream); - } + // Compute Hash. hLen was changed to be the smaller of bytes or hLen + // at the start of each iteration. + CryptHashEnd(&hashState, hLen, stream); + } // Mask off bits if the required bits is not a multiple of byte size if((sizeInBits % 8) != 0) - keyStream[0] &= ((1 << (sizeInBits % 8)) - 1); + keyStream[0] &= ((1 << (sizeInBits % 8)) - 1); return (UINT16)((sizeInBits + 7) / 8); } diff --git a/src/tpm2/crypto/openssl/CryptPrime.c b/src/tpm2/crypto/openssl/CryptPrime.c index 98aa6cc4..46dc39d9 100644 --- a/src/tpm2/crypto/openssl/CryptPrime.c +++ b/src/tpm2/crypto/openssl/CryptPrime.c @@ -90,18 +90,18 @@ static uint32_t Root2(uint32_t n) // // get a starting point for(; next != 0; last >>= 1, next >>= 2) - ; + ; last++; do - { - next = (last + (n / last)) >> 1; - diff = next - last; - last = next; - if(stop-- == 0) - FAIL(FATAL_ERROR_INTERNAL); - } while(diff < -1 || diff > 1); + { + next = (last + (n / last)) >> 1; + diff = next - last; + last = next; + if(stop-- == 0) + FAIL(FATAL_ERROR_INTERNAL); + } while(diff < -1 || diff > 1); if((n / next) > (unsigned)next) - next++; + next++; pAssert(next != 0); pAssert(((n / next) <= (unsigned)next) && (n / (next + 1) < (unsigned)next)); return next; @@ -114,22 +114,22 @@ BOOL IsPrimeInt(uint32_t n) uint32_t i; uint32_t stop; if(n < 3 || ((n & 1) == 0)) - return (n == 2); + return (n == 2); if(n <= s_LastPrimeInTable) - { - n >>= 1; - return ((s_PrimeTable[n >> 3] >> (n & 7)) & 1); - } + { + n >>= 1; + return ((s_PrimeTable[n >> 3] >> (n & 7)) & 1); + } // Need to search stop = Root2(n) >> 1; // starting at 1 is equivalent to staring at (1 << 1) + 1 = 3 for(i = 1; i < stop; i++) - { - if((s_PrimeTable[i >> 3] >> (i & 7)) & 1) - // see if this prime evenly divides the number - if((n % ((i << 1) + 1)) == 0) - return FALSE; - } + { + if((s_PrimeTable[i >> 3] >> (i & 7)) & 1) + // see if this prime evenly divides the number + if((n % ((i << 1) + 1)) == 0) + return FALSE; + } return TRUE; } @@ -139,17 +139,17 @@ BOOL IsPrimeInt(uint32_t n) // Will try to eliminate some of the obvious things before going on // to perform MillerRabin as a final verification of primeness. BOOL TpmMath_IsProbablyPrime(Crypt_Int* prime, // IN: - RAND_STATE* rand // IN: the random state just - // in case Miller-Rabin is required - ) + RAND_STATE* rand // IN: the random state just + // in case Miller-Rabin is required +) { uint32_t leastSignificant32 = ExtMath_GetLeastSignificant32bits(prime); // is even? if((leastSignificant32 & 0x1) == 0) - return FALSE; + return FALSE; if(ExtMath_SizeInBits(prime) <= 32) - return IsPrimeInt(leastSignificant32); + return IsPrimeInt(leastSignificant32); // this s_LastPrimeInTable check guarantees that the full prime table check // is incorporated in IsPrimeInt. If this fails then something like this @@ -164,10 +164,10 @@ BOOL TpmMath_IsProbablyPrime(Crypt_Int* prime, // IN: // check using GCD before doing a full Miller Rabin. { - CRYPT_INT_VAR(gcd, LARGEST_NUMBER_BITS); - ExtMath_GCD(gcd, prime, s_CompositeOfSmallPrimes); - if(!ExtMath_IsEqualWord(gcd, 1)) - return FALSE; + CRYPT_INT_VAR(gcd, LARGEST_NUMBER_BITS); + ExtMath_GCD(gcd, prime, s_CompositeOfSmallPrimes); + if(!ExtMath_IsEqualWord(gcd, 1)) + return FALSE; } return MillerRabin(prime, rand); } @@ -179,12 +179,12 @@ BOOL TpmMath_IsProbablyPrime(Crypt_Int* prime, // IN: // are from FIPS 186-3. UINT32 MillerRabinRounds(UINT32 bits // IN: Number of bits in the RSA prime - ) +) { if(bits < 511) - return 8; // don't really expect this + return 8; // don't really expect this if(bits < 1536) - return 5; // for 512 and 1K primes + return 5; // for 512 and 1K primes return 4; // for 3K public modulus and greater } @@ -221,58 +221,58 @@ BOOL MillerRabin(Crypt_Int* bnW, RAND_STATE* rand) i = (int)(bnWm1->size * RADIX_BITS); // Now find the largest power of 2 that divides w1 for(a = 1; (a < (bnWm1->size * RADIX_BITS)) && (ExtMath_TestBit(bnWm1, a) == 0); - a++) - { - } + a++) + { + } // 2. m = (w1) / 2^a ExtMath_ShiftRight(bnM, bnWm1, a); // 3. wlen = len (w). wLen = ExtMath_SizeInBits(bnW); // 4. For i = 1 to iterations do for(i = 0; i < iterations; i++) - { - // 4.1 Obtain a string b of wlen bits from an RBG. - // Ensure that 1 < b < w1. - // 4.2 If ((b <= 1) or (b >= w1)), then go to step 4.1. - while(TpmMath_GetRandomInteger(bnB, wLen, rand) - && ((ExtMath_UnsignedCmpWord(bnB, 1) <= 0) - || (ExtMath_UnsignedCmp(bnB, bnWm1) >= 0))) - ; - if(g_inFailureMode) - return FALSE; + { + // 4.1 Obtain a string b of wlen bits from an RBG. + // Ensure that 1 < b < w1. + // 4.2 If ((b <= 1) or (b >= w1)), then go to step 4.1. + while(TpmMath_GetRandomInteger(bnB, wLen, rand) + && ((ExtMath_UnsignedCmpWord(bnB, 1) <= 0) + || (ExtMath_UnsignedCmp(bnB, bnWm1) >= 0))) + ; + if(g_inFailureMode) + return FALSE; - // 4.3 z = b^m mod w. - // if ModExp fails, then say this is not - // prime and bail out. - ExtMath_ModExp(bnZ, bnB, bnM, bnW); + // 4.3 z = b^m mod w. + // if ModExp fails, then say this is not + // prime and bail out. + ExtMath_ModExp(bnZ, bnB, bnM, bnW); - // 4.4 If ((z == 1) or (z = w == 1)), then go to step 4.7. - if((ExtMath_UnsignedCmpWord(bnZ, 1) == 0) - || (ExtMath_UnsignedCmp(bnZ, bnWm1) == 0)) - goto step4point7; - // 4.5 For j = 1 to a 1 do. - for(j = 1; j < a; j++) - { - // 4.5.1 z = z^2 mod w. - ExtMath_ModMult(bnZ, bnZ, bnZ, bnW); - // 4.5.2 If (z = w1), then go to step 4.7. - if(ExtMath_UnsignedCmp(bnZ, bnWm1) == 0) - goto step4point7; - // 4.5.3 If (z = 1), then go to step 4.6. - if(ExtMath_IsEqualWord(bnZ, 1)) - goto step4point6; - } - // 4.6 Return COMPOSITE. - step4point6: - INSTRUMENT_INC(failedAtIteration[i]); - goto end; - // 4.7 Continue. Comment: Increment i for the do-loop in step 4. - step4point7: - continue; - } + // 4.4 If ((z == 1) or (z = w == 1)), then go to step 4.7. + if((ExtMath_UnsignedCmpWord(bnZ, 1) == 0) + || (ExtMath_UnsignedCmp(bnZ, bnWm1) == 0)) + goto step4point7; + // 4.5 For j = 1 to a 1 do. + for(j = 1; j < a; j++) + { + // 4.5.1 z = z^2 mod w. + ExtMath_ModMult(bnZ, bnZ, bnZ, bnW); + // 4.5.2 If (z = w1), then go to step 4.7. + if(ExtMath_UnsignedCmp(bnZ, bnWm1) == 0) + goto step4point7; + // 4.5.3 If (z = 1), then go to step 4.6. + if(ExtMath_IsEqualWord(bnZ, 1)) + goto step4point6; + } + // 4.6 Return COMPOSITE. +step4point6: + INSTRUMENT_INC(failedAtIteration[i]); + goto end; + // 4.7 Continue. Comment: Increment i for the do-loop in step 4. +step4point7: + continue; + } // 5. Return PROBABLY PRIME ret = TRUE; - end: +end: return ret; } @@ -300,18 +300,18 @@ RsaCheckPrime(Crypt_Int* prime, UINT32 exponent, RAND_STATE* rand) NOT_REFERENCED(rand); if(modE == 0) - // evenly divisible so add two keeping the number odd - ExtMath_AddWord(prime, prime, 2); + // evenly divisible so add two keeping the number odd + ExtMath_AddWord(prime, prime, 2); // want 0 != (p - 1) mod e // which is 1 != p mod e else if(modE == 1) - // subtract 2 keeping number odd and insuring that - // 0 != (p - 1) mod e - ExtMath_SubtractWord(prime, prime, 2); + // subtract 2 keeping number odd and insuring that + // 0 != (p - 1) mod e + ExtMath_SubtractWord(prime, prime, 2); if(TpmMath_IsProbablyPrime(prime, rand) == 0) - ERROR_EXIT(g_inFailureMode ? TPM_RC_FAILURE : TPM_RC_VALUE); - Exit: + ERROR_EXIT(g_inFailureMode ? TPM_RC_FAILURE : TPM_RC_VALUE); +Exit: return retVal; # else return PrimeSelectWithSieve(prime, exponent, rand); @@ -399,7 +399,7 @@ static void RsaAdjustPrimeCandidate_Rev169(BYTE* bigNumberBuffer, size_t bufSize // second, get the most significant 32 bits. uint32_t msw = (bigNumberBuffer[0] << 24) | (bigNumberBuffer[1] << 16) - | (bigNumberBuffer[2] << 8) | (bigNumberBuffer[3] << 0); + | (bigNumberBuffer[2] << 8) | (bigNumberBuffer[3] << 0); // Multiplying 0xff...f by 0x4AFB gives 0xff..f - 0xB5050...0 uint32_t adjusted = (msw >> 16) * 0x4AFB; @@ -418,12 +418,12 @@ static void RsaAdjustPrimeCandidate_Rev169(BYTE* bigNumberBuffer, size_t bufSize // for an RSA prime. // succeeds, or enters failure mode. static TPM_RC TpmRsa_GeneratePrimeForRSA_Rev169( // libtpms: renamed - Crypt_Int* prime, // IN/OUT: points to the BN that will get the - // random value - UINT32 bits, // IN: number of bits to get - UINT32 exponent, // IN: the exponent - RAND_STATE* rand // IN: the random state - ) + Crypt_Int* prime, // IN/OUT: points to the BN that will get the + // random value + UINT32 bits, // IN: number of bits to get + UINT32 exponent, // IN: the exponent + RAND_STATE* rand // IN: the random state +) { // Only try to handle specific sizes of keys. // this is necessary so the RsaAdjustPrimeCandidate function works correctly. @@ -437,20 +437,20 @@ static TPM_RC TpmRsa_GeneratePrimeForRSA_Rev169( // libtpms: renamed BOOL OK = (bytes <= sizeof(large.t.buffer)); BOOL found = FALSE; while(OK && !found) - { - OK = TpmMath_GetRandomBits(large.t.buffer, bits, rand); // new - large.t.size = bytes; - RsaAdjustPrimeCandidate_Rev169(large.t.buffer, bytes); // libtpms renamed - // convert from 2B to Integer for prime checks - OK = OK - && (ExtMath_IntFromBytes(prime, large.t.buffer, large.t.size) != NULL); - found = OK && (RsaCheckPrime(prime, exponent, rand) == TPM_RC_SUCCESS); - } + { + OK = TpmMath_GetRandomBits(large.t.buffer, bits, rand); // new + large.t.size = bytes; + RsaAdjustPrimeCandidate_Rev169(large.t.buffer, bytes); // libtpms renamed + // convert from 2B to Integer for prime checks + OK = OK + && (ExtMath_IntFromBytes(prime, large.t.buffer, large.t.size) != NULL); + found = OK && (RsaCheckPrime(prime, exponent, rand) == TPM_RC_SUCCESS); + } if(!OK) - { - FAIL(FATAL_ERROR_CRYPTO); - } + { + FAIL(FATAL_ERROR_CRYPTO); + } return (OK && found) ? TPM_RC_SUCCESS : TPM_RC_FAILURE; } diff --git a/src/tpm2/crypto/openssl/CryptPrimeSieve.c b/src/tpm2/crypto/openssl/CryptPrimeSieve.c index deee8708..9bfeccca 100644 --- a/src/tpm2/crypto/openssl/CryptPrimeSieve.c +++ b/src/tpm2/crypto/openssl/CryptPrimeSieve.c @@ -94,18 +94,18 @@ uint32_t primeLimit; // limit (primeLimit) set up by this function. This causes the sieve // process to stop when an appropriate number of primes have been // sieved. -LIB_EXPORT void RsaAdjustPrimeLimit(uint32_t requestedPrimes, - RAND_STATE* rand) +LIB_EXPORT void RsaAdjustPrimeLimit(uint32_t requestedPrimes, // libtpms changed + RAND_STATE* rand) // libtpms added { if(requestedPrimes == 0 || requestedPrimes > s_PrimesInTable) - requestedPrimes = s_PrimesInTable; + requestedPrimes = s_PrimesInTable; requestedPrimes = (requestedPrimes - 1) / 1024; if(requestedPrimes < s_PrimeMarkersCount) - primeLimit = s_PrimeMarkers[requestedPrimes]; + primeLimit = s_PrimeMarkers[requestedPrimes]; else { // libtpms changed begin - primeLimit = s_LastPrimeInTable; - if (DRBG_GetSeedCompatLevel(rand) <= SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX) - primeLimit = s_LastPrimeInTable - 2; // Previous 'fix' for 3072 bit keys to avoid mark=5 + primeLimit = s_LastPrimeInTable; + if (DRBG_GetSeedCompatLevel(rand) <= SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX) + primeLimit = s_LastPrimeInTable - 2; // Previous 'fix' for 3072 bit keys to avoid mark=5 } // libtpms changed end primeLimit >>= 1; } @@ -118,13 +118,13 @@ LIB_EXPORT void RsaAdjustPrimeLimit(uint32_t requestedPrimes, LIB_EXPORT uint32_t RsaNextPrime(uint32_t lastPrime) { if(lastPrime == 0) - return 0; + return 0; lastPrime >>= 1; for(lastPrime += 1; lastPrime <= primeLimit; lastPrime++) - { - if(((s_PrimeTable[lastPrime >> 3] >> (lastPrime & 0x7)) & 1) == 1) - return ((lastPrime << 1) + 1); - } + { + if(((s_PrimeTable[lastPrime >> 3] >> (lastPrime & 0x7)) & 1) == 1) + return ((lastPrime << 1) + 1); + } return 0; } @@ -133,16 +133,16 @@ LIB_EXPORT uint32_t RsaNextPrime(uint32_t lastPrime) // factors, it needs to be aligned to 105 and has // a repeat of 105. const BYTE seedValues[] = {0x16, 0x29, 0xcb, 0xa4, 0x65, 0xda, 0x30, 0x6c, 0x99, 0x96, - 0x4c, 0x53, 0xa2, 0x2d, 0x52, 0x96, 0x49, 0xcb, 0xb4, 0x61, - 0xd8, 0x32, 0x2d, 0x99, 0xa6, 0x44, 0x5b, 0xa4, 0x2c, 0x93, - 0x96, 0x69, 0xc3, 0xb0, 0x65, 0x5a, 0x32, 0x4d, 0x89, 0xb6, - 0x48, 0x59, 0x26, 0x2d, 0xd3, 0x86, 0x61, 0xcb, 0xb4, 0x64, - 0x9a, 0x12, 0x6d, 0x91, 0xb2, 0x4c, 0x5a, 0xa6, 0x0d, 0xc3, - 0x96, 0x69, 0xc9, 0x34, 0x25, 0xda, 0x22, 0x65, 0x99, 0xb4, - 0x4c, 0x1b, 0x86, 0x2d, 0xd3, 0x92, 0x69, 0x4a, 0xb4, 0x45, - 0xca, 0x32, 0x69, 0x99, 0x36, 0x0c, 0x5b, 0xa6, 0x25, 0xd3, - 0x94, 0x68, 0x8b, 0x94, 0x65, 0xd2, 0x32, 0x6d, 0x18, 0xb6, - 0x4c, 0x4b, 0xa6, 0x29, 0xd1}; + 0x4c, 0x53, 0xa2, 0x2d, 0x52, 0x96, 0x49, 0xcb, 0xb4, 0x61, + 0xd8, 0x32, 0x2d, 0x99, 0xa6, 0x44, 0x5b, 0xa4, 0x2c, 0x93, + 0x96, 0x69, 0xc3, 0xb0, 0x65, 0x5a, 0x32, 0x4d, 0x89, 0xb6, + 0x48, 0x59, 0x26, 0x2d, 0xd3, 0x86, 0x61, 0xcb, 0xb4, 0x64, + 0x9a, 0x12, 0x6d, 0x91, 0xb2, 0x4c, 0x5a, 0xa6, 0x0d, 0xc3, + 0x96, 0x69, 0xc9, 0x34, 0x25, 0xda, 0x22, 0x65, 0x99, 0xb4, + 0x4c, 0x1b, 0x86, 0x2d, 0xd3, 0x92, 0x69, 0x4a, 0xb4, 0x45, + 0xca, 0x32, 0x69, 0x99, 0x36, 0x0c, 0x5b, 0xa6, 0x25, 0xd3, + 0x94, 0x68, 0x8b, 0x94, 0x65, 0xd2, 0x32, 0x6d, 0x18, 0xb6, + 0x4c, 0x4b, 0xa6, 0x29, 0xd1}; # define USE_NIBBLE @@ -171,35 +171,35 @@ static const BYTE bitsInByte[256] = # define BitsInByte(x) bitsInByte[(unsigned char)x] # else const BYTE bitsInNibble[16] = {0x00, - 0x01, - 0x01, - 0x02, - 0x01, - 0x02, - 0x02, - 0x03, - 0x01, - 0x02, - 0x02, - 0x03, - 0x02, - 0x03, - 0x03, - 0x04}; -# define BitsInByte(x) \ - (bitsInNibble[(unsigned char)(x)&0xf] \ - + bitsInNibble[((unsigned char)(x) >> 4) & 0xf]) + 0x01, + 0x01, + 0x02, + 0x01, + 0x02, + 0x02, + 0x03, + 0x01, + 0x02, + 0x02, + 0x03, + 0x02, + 0x03, + 0x03, + 0x04}; +# define BitsInByte(x) \ + (bitsInNibble[(unsigned char)(x) & 0xf] \ + + bitsInNibble[((unsigned char)(x) >> 4) & 0xf]) # endif //*** BitsInArry() // This function counts the number of bits set in an array of bytes. static int BitsInArray(const unsigned char* a, // IN: A pointer to an array of bytes - unsigned int aSize // IN: the number of bytes to sum - ) + unsigned int aSize // IN: the number of bytes to sum +) { int j = 0; for(; aSize; a++, aSize--) - j += BitsInByte(*a); + j += BitsInByte(*a); return j; } @@ -211,10 +211,10 @@ static int BitsInArray(const unsigned char* a, // IN: A pointer to an array of // <0 no bit is set or no bit with the requested number is set // >=0 the number of the bit in the array that is the nth set LIB_EXPORT int FindNthSetBit( - const UINT16 aSize, // IN: the size of the array to check - const BYTE* a, // IN: the array to check - const UINT32 n // IN, the number of the SET bit - ) + const UINT16 aSize, // IN: the size of the array to check + const BYTE* a, // IN: the array to check + const UINT32 n // IN, the number of the SET bit +) { UINT16 i; int retValue; @@ -226,7 +226,7 @@ LIB_EXPORT int FindNthSetBit( //find the bit for(i = 0; (i < (int)aSize) && (sum < n); i++) - sum += BitsInByte(a[i]); + sum += BitsInByte(a[i]); i--; // The chosen bit is in the byte that was just accessed // Compute the offset to the start of that byte @@ -236,7 +236,7 @@ LIB_EXPORT int FindNthSetBit( sum -= BitsInByte(sel); // Now process the byte, one bit at a time. for(; (sel != 0) && (sum != n); retValue++, sel = sel >> 1) - sum += (sel & 1) != 0; + sum += (sel & 1) != 0; return (sum == n) ? retValue : -1; } @@ -246,14 +246,16 @@ typedef struct UINT16 count; } SIEVE_MARKS; +// clang-format off const SIEVE_MARKS sieveMarks[6] = {{31, 7}, - {73, 5}, - {241, 4}, - {1621, 3}, - {UINT16_MAX, 2}, - {UINT32_MAX, 1}}; + {73, 5}, + {241, 4}, + {1621, 3}, + {UINT16_MAX, 2}, + {UINT32_MAX, 1}}; const size_t MAX_SIEVE_MARKS = (sizeof(sieveMarks) / sizeof(sieveMarks[0])); +// clang-format on //*** PrimeSieve() // This function does a prime sieve over the input 'field' which has as its @@ -270,9 +272,9 @@ const size_t MAX_SIEVE_MARKS = (sizeof(sieveMarks) / sizeof(sieveMarks[0])); // divides and then use smaller divides to get to the final 16 bit (or smaller) // remainders. LIB_EXPORT UINT32 PrimeSieve(Crypt_Int* bnN, // IN/OUT: number to sieve - UINT32 fieldSize, // IN: size of the field area in bytes - BYTE* field // IN: field - ) + UINT32 fieldSize, // IN: size of the field area in bytes + BYTE* field // IN: field +) { UINT32 i; UINT32 j; @@ -295,7 +297,7 @@ LIB_EXPORT UINT32 PrimeSieve(Crypt_Int* bnN, // IN/OUT: number to sieve // the even remainder. adjust = (UINT32)ExtMath_ModWord(bnN, 105); if(adjust & 1) - adjust += 105; + adjust += 105; // Adjust the input number so that it points to the first number in a // aligned field. @@ -303,12 +305,12 @@ LIB_EXPORT UINT32 PrimeSieve(Crypt_Int* bnN, // IN/OUT: number to sieve // pAssert(ExtMath_ModWord(bnN, 105) == 0); pField = field; for(i = fieldSize; i >= sizeof(seedValues); - pField += sizeof(seedValues), i -= sizeof(seedValues)) - { - memcpy(pField, seedValues, sizeof(seedValues)); - } + pField += sizeof(seedValues), i -= sizeof(seedValues)) + { + memcpy(pField, seedValues, sizeof(seedValues)); + } if(i != 0) - memcpy(pField, seedValues, i); + memcpy(pField, seedValues, i); // Cycle through the primes, clearing bits // Have already done 3, 5, and 7 @@ -317,83 +319,83 @@ LIB_EXPORT UINT32 PrimeSieve(Crypt_Int* bnN, // IN/OUT: number to sieve # define NEXT_PRIME(iter) (iter = RsaNextPrime(iter)) // Get the next N primes where N is determined by the mark in the sieveMarks while((composite = NEXT_PRIME(iter)) != 0) - { - next = 0; - i = count; - pList[i--] = composite; - for(; i > 0; i--) - { - next = NEXT_PRIME(iter); - pList[i] = next; - if(next != 0) - composite *= next; - } - // Get the remainder when dividing the base field address - // by the composite - composite = (UINT32)ExtMath_ModWord(bnN, composite); - // 'composite' is divisible by the composite components. for each of the - // composite components, divide 'composite'. That remainder (r) is used to - // pick a starting point for clearing the array. The stride is equal to the - // composite component. Note, the field only contains odd numbers. If the - // field were expanded to contain all numbers, then half of the bits would - // have already been cleared. We can save the trouble of clearing them a - // second time by having a stride of 2*next. Or we can take all of the even - // numbers out of the field and use a stride of 'next' - for(i = count; i > 0; i--) - { - next = pList[i]; - if(next == 0) - goto done; - r = composite % next; - // these computations deal with the fact that we have picked a field-sized - // range that is aligned to a 105 count boundary. The problem is, this field - // only contains odd numbers. If we take our prime guess and walk through all - // the numbers using that prime as the 'stride', then every other 'stride' is - // going to be an even number. So, we are actually counting by 2 * the stride - // We want the count to start on an odd number at the start of our field. That - // is, we want to assume that we have counted up to the edge of the field by - // the 'stride' and now we are going to start flipping bits in the field as we - // continue to count up by 'stride'. If we take the base of our field and - // divide by the stride, we find out how much we find out how short the last - // count was from reaching the edge of the bit field. Say we get a quotient of - // 3 and remainder of 1. This means that after 3 strides, we are 1 short of - // the start of the field and the next stride will either land within the - // field or step completely over it. The confounding factor is that our field - // only contains odd numbers and our stride is actually 2 * stride. If the - // quoitent is even, then that means that when we add 2 * stride, we are going - // to hit another even number. So, we have to know if we need to back off - // by 1 stride before we start couting by 2 * stride. - // We can tell from the remainder whether we are on an even or odd - // stride when we hit the beginning of the table. If we are on an odd stride - // (r & 1), we would start half a stride in (next - r)/2. If we are on an - // even stride, we need 0.5 strides (next - r/2) because the table only has - // odd numbers. If the remainder happens to be zero, then the start of the - // table is on stride so no adjustment is necessary. - if(r & 1) - j = (next - r) / 2; - else if(r == 0) - j = 0; - else - j = next - (r / 2); - for(; j < fieldBits; j += next) - ClearBit(j, field, fieldSize); - } - if(next >= stop) - { - mark++; - if(mark >= MAX_SIEVE_MARKS) - { - // prime iteration should have broken out of the loop before this. - FAIL_EXIT(FATAL_ERROR_INTERNAL, i, 0); - } - count = sieveMarks[mark].count; - stop = sieveMarks[mark].prime; - } - } - done: + { + next = 0; + i = count; + pList[i--] = composite; + for(; i > 0; i--) + { + next = NEXT_PRIME(iter); + pList[i] = next; + if(next != 0) + composite *= next; + } + // Get the remainder when dividing the base field address + // by the composite + composite = (UINT32)ExtMath_ModWord(bnN, composite); + // 'composite' is divisible by the composite components. for each of the + // composite components, divide 'composite'. That remainder (r) is used to + // pick a starting point for clearing the array. The stride is equal to the + // composite component. Note, the field only contains odd numbers. If the + // field were expanded to contain all numbers, then half of the bits would + // have already been cleared. We can save the trouble of clearing them a + // second time by having a stride of 2*next. Or we can take all of the even + // numbers out of the field and use a stride of 'next' + for(i = count; i > 0; i--) + { + next = pList[i]; + if(next == 0) + goto done; + r = composite % next; + // these computations deal with the fact that we have picked a field-sized + // range that is aligned to a 105 count boundary. The problem is, this field + // only contains odd numbers. If we take our prime guess and walk through all + // the numbers using that prime as the 'stride', then every other 'stride' is + // going to be an even number. So, we are actually counting by 2 * the stride + // We want the count to start on an odd number at the start of our field. That + // is, we want to assume that we have counted up to the edge of the field by + // the 'stride' and now we are going to start flipping bits in the field as we + // continue to count up by 'stride'. If we take the base of our field and + // divide by the stride, we find out how much we find out how short the last + // count was from reaching the edge of the bit field. Say we get a quotient of + // 3 and remainder of 1. This means that after 3 strides, we are 1 short of + // the start of the field and the next stride will either land within the + // field or step completely over it. The confounding factor is that our field + // only contains odd numbers and our stride is actually 2 * stride. If the + // quoitent is even, then that means that when we add 2 * stride, we are going + // to hit another even number. So, we have to know if we need to back off + // by 1 stride before we start couting by 2 * stride. + // We can tell from the remainder whether we are on an even or odd + // stride when we hit the beginning of the table. If we are on an odd stride + // (r & 1), we would start half a stride in (next - r)/2. If we are on an + // even stride, we need 0.5 strides (next - r/2) because the table only has + // odd numbers. If the remainder happens to be zero, then the start of the + // table is on stride so no adjustment is necessary. + if(r & 1) + j = (next - r) / 2; + else if(r == 0) + j = 0; + else + j = next - (r / 2); + for(; j < fieldBits; j += next) + ClearBit(j, field, fieldSize); + } + if(next >= stop) + { + mark++; + if(mark >= MAX_SIEVE_MARKS) + { + // prime iteration should have broken out of the loop before this. + FAIL_EXIT(FATAL_ERROR_INTERNAL, i, 0); + } + count = sieveMarks[mark].count; + stop = sieveMarks[mark].prime; + } + } +done: i = BitsInArray(field, fieldSize); - Exit: +Exit: INSTRUMENT_INC(totalFieldsSieved[PrimeIndex]); INSTRUMENT_ADD(bitsInFieldAfterSieve[PrimeIndex], i); INSTRUMENT_ADD(emptyFieldsSieved[PrimeIndex], (i == 0)); @@ -408,9 +410,9 @@ static uint32_t fieldSize = 210; LIB_EXPORT uint32_t SetFieldSize(uint32_t newFieldSize) { if(newFieldSize == 0 || newFieldSize > MAX_FIELD_SIZE) - fieldSize = MAX_FIELD_SIZE; + fieldSize = MAX_FIELD_SIZE; else - fieldSize = newFieldSize; + fieldSize = newFieldSize; return fieldSize; } # endif // SIEVE_DEBUG @@ -430,10 +432,10 @@ LIB_EXPORT uint32_t SetFieldSize(uint32_t newFieldSize) // TPM_RC_NO_RESULT candidate is not prime and couldn't find and alternative // in the field LIB_EXPORT TPM_RC PrimeSelectWithSieve( - Crypt_Int* candidate, // IN/OUT: The candidate to filter - UINT32 e, // IN: the exponent - RAND_STATE* rand // IN: the random number generator state - ) + Crypt_Int* candidate, // IN/OUT: The candidate to filter + UINT32 e, // IN: the exponent + RAND_STATE* rand // IN: the random number generator state +) { BYTE field[MAX_FIELD_SIZE]; UINT32 ones; @@ -454,17 +456,17 @@ LIB_EXPORT TPM_RC PrimeSelectWithSieve( primeSize = ExtMath_SizeInBits(candidate); if(primeSize <= 512) - { - RsaAdjustPrimeLimit(1024, rand); // Use just the first 1024 primes // libtpms added rand - } + { + RsaAdjustPrimeLimit(1024, rand); // Use just the first 1024 primes // libtpms added rand + } else if(primeSize <= 1024) - { - RsaAdjustPrimeLimit(4096, rand); // Use just the first 4K primes // libtpms added rand - } + { + RsaAdjustPrimeLimit(4096, rand); // Use just the first 4K primes // libtpms added rand + } else - { - RsaAdjustPrimeLimit(0, rand); // Use all available // libtpms added rand - } + { + RsaAdjustPrimeLimit(0, rand); // Use all available // libtpms added rand + } // Save the low-order word to use as a search generator and make sure that // it has some interesting range to it @@ -476,34 +478,34 @@ LIB_EXPORT TPM_RC PrimeSelectWithSieve( // PrimeSieve shouldn't fail, but does call functions that may. if(!g_inFailureMode) - { - pAssert(ones > 0 && ones < (fieldSize * 8)); - for(; ones > 0; ones--) - { - // Decide which bit to look at and find its offset - chosen = FindNthSetBit((UINT16)fieldSize, field, ((first % ones) + 1)); + { + pAssert(ones > 0 && ones < (fieldSize * 8)); + for(; ones > 0; ones--) + { + // Decide which bit to look at and find its offset + chosen = FindNthSetBit((UINT16)fieldSize, field, ((first % ones) + 1)); - if((chosen < 0) || (chosen >= (INT32)(fieldSize * 8))) - FAIL(FATAL_ERROR_INTERNAL); + if((chosen < 0) || (chosen >= (INT32)(fieldSize * 8))) + FAIL(FATAL_ERROR_INTERNAL); - // Set this as the trial prime - ExtMath_AddWord(test, candidate, (crypt_uword_t)(chosen * 2)); + // Set this as the trial prime + ExtMath_AddWord(test, candidate, (crypt_uword_t)(chosen * 2)); - // The exponent might not have been one of the tested primes so - // make sure that it isn't divisible and make sure that 0 != (p-1) mod e - // Note: This is the same as 1 != p mod e - modE = (UINT32)ExtMath_ModWord(test, e); - if((modE != 0) && (modE != 1) && MillerRabin(test, rand)) - { - ExtMath_Copy(candidate, test); - return TPM_RC_SUCCESS; - } - // Clear the bit just tested - ClearBit(chosen, field, fieldSize); - } - // Ran out of bits and couldn't find a prime in this field - INSTRUMENT_INC(noPrimeFields[PrimeIndex]); - } + // The exponent might not have been one of the tested primes so + // make sure that it isn't divisible and make sure that 0 != (p-1) mod e + // Note: This is the same as 1 != p mod e + modE = (UINT32)ExtMath_ModWord(test, e); + if((modE != 0) && (modE != 1) && MillerRabin(test, rand)) + { + ExtMath_Copy(candidate, test); + return TPM_RC_SUCCESS; + } + // Clear the bit just tested + ClearBit(chosen, field, fieldSize); + } + // Ran out of bits and couldn't find a prime in this field + INSTRUMENT_INC(noPrimeFields[PrimeIndex]); + } return (g_inFailureMode ? TPM_RC_FAILURE : TPM_RC_NO_RESULT); } @@ -526,22 +528,22 @@ void RsaSimulationEnd(void) UINT32 averages[3]; UINT32 nonFirst = 0; if((PrimeCounts[0] + PrimeCounts[1] + PrimeCounts[2]) != 0) - { - printf("Primes generated = %s\n", PrintTuple(PrimeCounts)); - printf("Fields sieved = %s\n", PrintTuple(totalFieldsSieved)); - printf("Fields with no primes = %s\n", PrintTuple(noPrimeFields)); - printf("Primes checked with Miller-Rabin = %s\n", - PrintTuple(MillerRabinTrials)); - for(i = 0; i < 3; i++) - averages[i] = (totalFieldsSieved[i] != 0 - ? bitsInFieldAfterSieve[i] / totalFieldsSieved[i] - : 0); - printf("Average candidates in field %s\n", PrintTuple(averages)); - for(i = 1; i < (sizeof(failedAtIteration) / sizeof(failedAtIteration[0])); - i++) - nonFirst += failedAtIteration[i]; - printf("Miller-Rabin failures not in first round = %d\n", nonFirst); - } + { + printf("Primes generated = %s\n", PrintTuple(PrimeCounts)); + printf("Fields sieved = %s\n", PrintTuple(totalFieldsSieved)); + printf("Fields with no primes = %s\n", PrintTuple(noPrimeFields)); + printf("Primes checked with Miller-Rabin = %s\n", + PrintTuple(MillerRabinTrials)); + for(i = 0; i < 3; i++) + averages[i] = (totalFieldsSieved[i] != 0 + ? bitsInFieldAfterSieve[i] / totalFieldsSieved[i] + : 0); + printf("Average candidates in field %s\n", PrintTuple(averages)); + for(i = 1; i < (sizeof(failedAtIteration) / sizeof(failedAtIteration[0])); + i++) + nonFirst += failedAtIteration[i]; + printf("Miller-Rabin failures not in first round = %d\n", nonFirst); + } CLEAR_VALUE(PrimeCounts); CLEAR_VALUE(totalFieldsSieved); CLEAR_VALUE(noPrimeFields); @@ -551,7 +553,7 @@ void RsaSimulationEnd(void) //*** GetSieveStats() LIB_EXPORT void GetSieveStats( - uint32_t* trials, uint32_t* emptyFields, uint32_t* averageBits) + uint32_t* trials, uint32_t* emptyFields, uint32_t* averageBits) { uint32_t totalBits; uint32_t fields; @@ -559,11 +561,11 @@ LIB_EXPORT void GetSieveStats( *emptyFields = noPrimeFields[0] + noPrimeFields[1] + noPrimeFields[2]; fields = totalFieldsSieved[0] + totalFieldsSieved[1] + totalFieldsSieved[2]; totalBits = bitsInFieldAfterSieve[0] + bitsInFieldAfterSieve[1] - + bitsInFieldAfterSieve[2]; + + bitsInFieldAfterSieve[2]; if(fields != 0) - *averageBits = totalBits / fields; + *averageBits = totalBits / fields; else - *averageBits = 0; + *averageBits = 0; CLEAR_VALUE(PrimeCounts); CLEAR_VALUE(totalFieldsSieved); CLEAR_VALUE(noPrimeFields); diff --git a/src/tpm2/crypto/openssl/CryptRand.c b/src/tpm2/crypto/openssl/CryptRand.c index 95008445..d2fc789d 100644 --- a/src/tpm2/crypto/openssl/CryptRand.c +++ b/src/tpm2/crypto/openssl/CryptRand.c @@ -147,16 +147,16 @@ static void DfCompute(PDF_STATE dfState) crypt_uword_t temp[DRBG_IV_SIZE_WORDS] = {0}; // for(iv = 0; iv < DF_COUNT; iv++) - { - pIv = (crypt_uword_t*)&dfState->iv[iv].words[0]; - for(i = 0; i < DRBG_IV_SIZE_WORDS; i++) - { - temp[i] ^= pIv[i] ^ dfState->buf.words[i]; - } - DRBG_ENCRYPT(&dfState->keySchedule, &temp, pIv); - } + { + pIv = (crypt_uword_t*)&dfState->iv[iv].words[0]; + for(i = 0; i < DRBG_IV_SIZE_WORDS; i++) + { + temp[i] ^= pIv[i] ^ dfState->buf.words[i]; + } + DRBG_ENCRYPT(&dfState->keySchedule, &temp, pIv); + } for(i = 0; i < DRBG_IV_SIZE_WORDS; i++) - dfState->buf.words[i] = 0; + dfState->buf.words[i] = 0; dfState->contents = 0; } @@ -170,47 +170,47 @@ static void DfStart(PDF_STATE dfState, uint32_t inputLength) UINT32 drbgSeedSize = sizeof(DRBG_SEED); const BYTE dfKey[DRBG_KEY_SIZE_BYTES] = - { 0x00, - 0x01, - 0x02, - 0x03, - 0x04, - 0x05, - 0x06, - 0x07, - 0x08, - 0x09, - 0x0a, - 0x0b, - 0x0c, - 0x0d, - 0x0e, - 0x0f + { 0x00, + 0x01, + 0x02, + 0x03, + 0x04, + 0x05, + 0x06, + 0x07, + 0x08, + 0x09, + 0x0a, + 0x0b, + 0x0c, + 0x0d, + 0x0e, + 0x0f #if DRBG_KEY_SIZE_BYTES > 16 - , - 0x10, - 0x11, - 0x12, - 0x13, - 0x14, - 0x15, - 0x16, - 0x17, - 0x18, - 0x19, - 0x1a, - 0x1b, - 0x1c, - 0x1d, - 0x1e, - 0x1f + , + 0x10, + 0x11, + 0x12, + 0x13, + 0x14, + 0x15, + 0x16, + 0x17, + 0x18, + 0x19, + 0x1a, + 0x1b, + 0x1c, + 0x1d, + 0x1e, + 0x1f #endif - }; + }; memset(dfState, 0, sizeof(DF_STATE)); DRBG_ENCRYPT_SETUP(&dfKey[0], DRBG_KEY_SIZE_BITS, &dfState->keySchedule); // Create the first chaining values for(i = 0; i < DF_COUNT; i++) - ((BYTE*)&dfState->iv[i])[3] = (BYTE)i; + ((BYTE*)&dfState->iv[i])[3] = (BYTE)i; DfCompute(dfState); // initialize the first 64 bits of the IV in a way that doesn't depend // on the size of the words used. @@ -226,23 +226,23 @@ static void DfStart(PDF_STATE dfState, uint32_t inputLength) static void DfUpdate(PDF_STATE dfState, int size, const BYTE* data) { while(size > 0) - { - int toFill = DRBG_IV_SIZE_BYTES - dfState->contents; - if(size < toFill) - toFill = size; - // Copy as many bytes as there are or until the state buffer is full - memcpy(&dfState->buf.bytes[dfState->contents], data, toFill); - // Reduce the size left by the amount copied - size -= toFill; - // Advance the data pointer by the amount copied - data += toFill; - // increase the buffer contents count by the amount copied - dfState->contents += toFill; - pAssert(dfState->contents <= DRBG_IV_SIZE_BYTES); - // If we have a full buffer, do a computation pass. - if(dfState->contents == DRBG_IV_SIZE_BYTES) - DfCompute(dfState); - } + { + int toFill = DRBG_IV_SIZE_BYTES - dfState->contents; + if(size < toFill) + toFill = size; + // Copy as many bytes as there are or until the state buffer is full + memcpy(&dfState->buf.bytes[dfState->contents], data, toFill); + // Reduce the size left by the amount copied + size -= toFill; + // Advance the data pointer by the amount copied + data += toFill; + // increase the buffer contents count by the amount copied + dfState->contents += toFill; + pAssert(dfState->contents <= DRBG_IV_SIZE_BYTES); + // If we have a full buffer, do a computation pass. + if(dfState->contents == DRBG_IV_SIZE_BYTES) + DfCompute(dfState); + } } //*** DfEnd() @@ -257,7 +257,7 @@ static DRBG_SEED* DfEnd(PDF_STATE dfState) dfState->buf.bytes[dfState->contents++] = 0x80; // If the buffer is not full, pad with zeros while(dfState->contents < DRBG_IV_SIZE_BYTES) - dfState->buf.bytes[dfState->contents++] = 0; + dfState->buf.bytes[dfState->contents++] = 0; // Do a final state update DfCompute(dfState); return (DRBG_SEED*)&dfState->iv; @@ -267,13 +267,13 @@ static DRBG_SEED* DfEnd(PDF_STATE dfState) // Function to take an input buffer and do the derivation function to produce a // DRBG_SEED value that can be used in DRBG_Reseed(); static DRBG_SEED* DfBuffer(DRBG_SEED* output, // OUT: receives the result - int size, // IN: size of the buffer to add - BYTE* buf // IN: address of the buffer - ) + int size, // IN: size of the buffer to add + BYTE* buf // IN: address of the buffer +) { DF_STATE dfState; if(size == 0 || buf == NULL) - return NULL; + return NULL; // Initialize the derivation function DfStart(&dfState, size); DfUpdate(&dfState, size, buf); @@ -293,9 +293,9 @@ static DRBG_SEED* DfBuffer(DRBG_SEED* output, // OUT: receives the result // TRUE(1) requested entropy returned // FALSE(0) entropy Failure BOOL DRBG_GetEntropy(UINT32 requiredEntropy, // IN: requested number of bytes of full - // entropy - BYTE* entropy // OUT: buffer to return collected entropy - ) + // entropy + BYTE* entropy // OUT: buffer to return collected entropy +) { #if !USE_DEBUG_RNG @@ -304,36 +304,36 @@ BOOL DRBG_GetEntropy(UINT32 requiredEntropy, // IN: requested number of bytes o // If in debug mode, always use the self-test values for initialization if(IsSelfTest()) - { + { #endif - // If doing simulated DRBG, then check to see if the - // entropyFailure condition is being tested - if(!IsEntropyBad()) - { - // In self-test, the caller should be asking for exactly the seed - // size of entropy. - pAssert(requiredEntropy == sizeof(DRBG_NistTestVector_Entropy)); - memcpy(entropy, - DRBG_NistTestVector_Entropy, - sizeof(DRBG_NistTestVector_Entropy)); - } + // If doing simulated DRBG, then check to see if the + // entropyFailure condition is being tested + if(!IsEntropyBad()) + { + // In self-test, the caller should be asking for exactly the seed + // size of entropy. + pAssert(requiredEntropy == sizeof(DRBG_NistTestVector_Entropy)); + memcpy(entropy, + DRBG_NistTestVector_Entropy, + sizeof(DRBG_NistTestVector_Entropy)); + } #if !USE_DEBUG_RNG - } + } else if(!IsEntropyBad()) - { - // Collect entropy - // Note: In debug mode, the only "entropy" value ever returned - // is the value of the self-test vector. - for(returnedEntropy = 1, obtainedEntropy = 0; - obtainedEntropy < requiredEntropy && !IsEntropyBad(); - obtainedEntropy += returnedEntropy) - { - returnedEntropy = _plat__GetEntropy(&entropy[obtainedEntropy], - requiredEntropy - obtainedEntropy); - if(returnedEntropy <= 0) - SetEntropyBad(); - } - } + { + // Collect entropy + // Note: In debug mode, the only "entropy" value ever returned + // is the value of the self-test vector. + for(returnedEntropy = 1, obtainedEntropy = 0; + obtainedEntropy < requiredEntropy && !IsEntropyBad(); + obtainedEntropy += returnedEntropy) + { + returnedEntropy = _plat__GetEntropy(&entropy[obtainedEntropy], + requiredEntropy - obtainedEntropy); + if(returnedEntropy <= 0) + SetEntropyBad(); + } + } #endif return !IsEntropyBad(); } @@ -344,7 +344,7 @@ void IncrementIv(DRBG_IV* iv) { BYTE* ivP = ((BYTE*)iv) + DRBG_IV_SIZE_BYTES; while((--ivP >= (BYTE*)iv) && ((*ivP = ((*ivP + 1) & 0xFF)) == 0)) - ; + ; } //*** EncryptDRBG() @@ -353,15 +353,15 @@ void IncrementIv(DRBG_IV* iv) // buffer for as many times as it takes to generate the required // number of bytes. static BOOL EncryptDRBG(BYTE* dOut, - UINT32 dOutBytes, - DRBG_KEY_SCHEDULE* keySchedule, - DRBG_IV* iv, - UINT32* lastValue // Points to the last output value - ) + UINT32 dOutBytes, + DRBG_KEY_SCHEDULE* keySchedule, + DRBG_IV* iv, + UINT32* lastValue // Points to the last output value +) { //#if FIPS_COMPLIANT // libtpms changed if(RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, // libtpms added - RUNTIME_ATTRIBUTE_DRBG_CONTINOUS_TEST)) // libtpms added + RUNTIME_ATTRIBUTE_DRBG_CONTINOUS_TEST)) // libtpms added { // For FIPS compliance, the DRBG has to do a continuous self-test to make sure that // no two consecutive values are the same. This overhead is not incurred if the TPM @@ -372,49 +372,49 @@ if(RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, // libtpms added BYTE* p; for(; dOutBytes > 0;) - { - // Increment the IV before each encryption (this is what makes this - // different from normal counter-mode encryption - IncrementIv(iv); - DRBG_ENCRYPT(keySchedule, iv, temp); - // Expect a 16 byte block + { + // Increment the IV before each encryption (this is what makes this + // different from normal counter-mode encryption + IncrementIv(iv); + DRBG_ENCRYPT(keySchedule, iv, temp); +// Expect a 16 byte block # if DRBG_IV_SIZE_BITS != 128 # error "Unsuppored IV size in DRBG" # endif - if((lastValue[0] == temp[0]) && (lastValue[1] == temp[1]) - && (lastValue[2] == temp[2]) && (lastValue[3] == temp[3])) - { - FAIL_BOOL(FATAL_ERROR_ENTROPY); - } - lastValue[0] = temp[0]; - lastValue[1] = temp[1]; - lastValue[2] = temp[2]; - lastValue[3] = temp[3]; - i = MIN(dOutBytes, DRBG_IV_SIZE_BYTES); - dOutBytes -= i; - for(p = (BYTE*)temp; i > 0; i--) - *dOut++ = *p++; - } + if((lastValue[0] == temp[0]) && (lastValue[1] == temp[1]) + && (lastValue[2] == temp[2]) && (lastValue[3] == temp[3])) + { + FAIL_BOOL(FATAL_ERROR_ENTROPY); + } + lastValue[0] = temp[0]; + lastValue[1] = temp[1]; + lastValue[2] = temp[2]; + lastValue[3] = temp[3]; + i = MIN(dOutBytes, DRBG_IV_SIZE_BYTES); + dOutBytes -= i; + for(p = (BYTE*)temp; i > 0; i--) + *dOut++ = *p++; + } //#else // version without continuous self-test // libtpms changed } else { // libtpms added NOT_REFERENCED(lastValue); for(; dOutBytes >= DRBG_IV_SIZE_BYTES; - dOut = &dOut[DRBG_IV_SIZE_BYTES], dOutBytes -= DRBG_IV_SIZE_BYTES) - { - // Increment the IV - IncrementIv(iv); - DRBG_ENCRYPT(keySchedule, iv, dOut); - } + dOut = &dOut[DRBG_IV_SIZE_BYTES], dOutBytes -= DRBG_IV_SIZE_BYTES) + { + // Increment the IV + IncrementIv(iv); + DRBG_ENCRYPT(keySchedule, iv, dOut); + } // If there is a partial, generate into a block-sized // temp buffer and copy to the output. if(dOutBytes != 0) - { - BYTE temp[DRBG_IV_SIZE_BYTES]; - // Increment the IV - IncrementIv(iv); - DRBG_ENCRYPT(keySchedule, iv, temp); - memcpy(dOut, temp, dOutBytes); - } + { + BYTE temp[DRBG_IV_SIZE_BYTES]; + // Increment the IV + IncrementIv(iv); + DRBG_ENCRYPT(keySchedule, iv, temp); + memcpy(dOut, temp, dOutBytes); + } } // libtpms added //#endif // libtpms changed return TRUE; @@ -434,10 +434,10 @@ if(RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, // libtpms added // the IV is the last thing that gets encrypted. // static BOOL DRBG_Update( - DRBG_STATE* drbgState, // IN:OUT state to update - DRBG_KEY_SCHEDULE* keySchedule, // IN: the key schedule (optional) - DRBG_SEED* providedData // IN: additional data - ) + DRBG_STATE* drbgState, // IN:OUT state to update + DRBG_KEY_SCHEDULE* keySchedule, // IN: the key schedule (optional) + DRBG_SEED* providedData // IN: additional data +) { UINT32 i; BYTE* temp = (BYTE*)&drbgState->seed; @@ -451,22 +451,22 @@ static BOOL DRBG_Update( // If an key schedule was not provided, make one if(keySchedule == NULL) - { - if(DRBG_ENCRYPT_SETUP((BYTE*)key, DRBG_KEY_SIZE_BITS, &localKeySchedule) != 0) - { - FAIL_BOOL(FATAL_ERROR_INTERNAL); - } - keySchedule = &localKeySchedule; - } + { + if(DRBG_ENCRYPT_SETUP((BYTE*)key, DRBG_KEY_SIZE_BITS, &localKeySchedule) != 0) + { + FAIL_BOOL(FATAL_ERROR_INTERNAL); + } + keySchedule = &localKeySchedule; + } // Encrypt the temp value EncryptDRBG(temp, sizeof(DRBG_SEED), keySchedule, iv, drbgState->lastValue); if(providedData != NULL) - { - BYTE* pP = (BYTE*)providedData; - for(i = DRBG_SEED_SIZE_BYTES; i != 0; i--) - *temp++ ^= *pP++; - } + { + BYTE* pP = (BYTE*)providedData; + for(i = DRBG_SEED_SIZE_BYTES; i != 0; i--) + *temp++ ^= *pP++; + } // Since temp points to the input key and IV, we are done and // don't need to copy the resulting 'temp' to drbgState->seed return TRUE; @@ -481,28 +481,28 @@ static BOOL DRBG_Update( // TRUE(1) reseed succeeded // FALSE(0) reseed failed, probably due to the entropy generation BOOL DRBG_Reseed(DRBG_STATE* drbgState, // IN: the state to update - DRBG_SEED* providedEntropy, // IN: entropy - DRBG_SEED* additionalData // IN: - ) + DRBG_SEED* providedEntropy, // IN: entropy + DRBG_SEED* additionalData // IN: +) { DRBG_SEED seed; pAssert((drbgState != NULL) && (drbgState->magic == DRBG_MAGIC)); if(providedEntropy == NULL) - { - providedEntropy = &seed; - if(!DRBG_GetEntropy(sizeof(DRBG_SEED), (BYTE*)providedEntropy)) - return FALSE; - } + { + providedEntropy = &seed; + if(!DRBG_GetEntropy(sizeof(DRBG_SEED), (BYTE*)providedEntropy)) + return FALSE; + } if(additionalData != NULL) - { - unsigned int i; + { + unsigned int i; - // XOR the provided data into the provided entropy - for(i = 0; i < sizeof(DRBG_SEED); i++) - ((BYTE*)providedEntropy)[i] ^= ((BYTE*)additionalData)[i]; - } + // XOR the provided data into the provided entropy + for(i = 0; i < sizeof(DRBG_SEED); i++) + ((BYTE*)providedEntropy)[i] ^= ((BYTE*)additionalData)[i]; + } DRBG_Update(drbgState, NULL, providedEntropy); drbgState->reseedCounter = 1; @@ -530,51 +530,51 @@ BOOL DRBG_SelfTest(void) SetDrbgTested(); // Do an instantiate if(!DRBG_Instantiate(&testState, 0, NULL)) - return FALSE; + return FALSE; #if DRBG_DEBUG_PRINT dbgDumpMemBlock( - pDRBG_KEY(&testState), DRBG_KEY_SIZE_BYTES, "Key after Instantiate"); + pDRBG_KEY(&testState), DRBG_KEY_SIZE_BYTES, "Key after Instantiate"); dbgDumpMemBlock( - pDRBG_IV(&testState), DRBG_IV_SIZE_BYTES, "Value after Instantiate"); + pDRBG_IV(&testState), DRBG_IV_SIZE_BYTES, "Value after Instantiate"); #endif if(DRBG_Generate((RAND_STATE*)&testState, buf, sizeof(buf)) == 0) - return FALSE; + return FALSE; #if DRBG_DEBUG_PRINT dbgDumpMemBlock( - pDRBG_KEY(&testState.seed), DRBG_KEY_SIZE_BYTES, "Key after 1st Generate"); + pDRBG_KEY(&testState.seed), DRBG_KEY_SIZE_BYTES, "Key after 1st Generate"); dbgDumpMemBlock( - pDRBG_IV(&testState.seed), DRBG_IV_SIZE_BYTES, "Value after 1st Generate"); + pDRBG_IV(&testState.seed), DRBG_IV_SIZE_BYTES, "Value after 1st Generate"); #endif if(memcmp(buf, DRBG_NistTestVector_GeneratedInterm, sizeof(buf)) != 0) - return FALSE; + return FALSE; memcpy(seed.bytes, DRBG_NistTestVector_EntropyReseed, sizeof(seed)); DRBG_Reseed(&testState, &seed, NULL); #if DRBG_DEBUG_PRINT dbgDumpMemBlock((BYTE*)pDRBG_KEY(&testState.seed), - DRBG_KEY_SIZE_BYTES, - "Key after 2nd Generate"); + DRBG_KEY_SIZE_BYTES, + "Key after 2nd Generate"); dbgDumpMemBlock((BYTE*)pDRBG_IV(&testState.seed), - DRBG_IV_SIZE_BYTES, - "Value after 2nd Generate"); + DRBG_IV_SIZE_BYTES, + "Value after 2nd Generate"); dbgDumpMemBlock(buf, sizeof(buf), "2nd Generated"); #endif if(DRBG_Generate((RAND_STATE*)&testState, buf, sizeof(buf)) == 0) - return FALSE; + return FALSE; if(memcmp(buf, DRBG_NistTestVector_Generated, sizeof(buf)) != 0) - return FALSE; + return FALSE; ClearSelfTest(); DRBG_Uninstantiate(&testState); for(p = (BYTE*)&testState, i = 0; i < sizeof(DRBG_STATE); i++) - { - if(*p++) - return FALSE; - } + { + if(*p++) + return FALSE; + } // Simulate hardware failure to make sure that we get an error when // trying to instantiate SetEntropyBad(); if(DRBG_Instantiate(&testState, 0, NULL)) - return FALSE; + return FALSE; ClearEntropyBad(); return TRUE; @@ -599,11 +599,11 @@ LIB_EXPORT TPM_RC CryptRandomStir(UINT16 additionalDataSize, BYTE* additionalDat // // All reseed with outside data starts with a buffer full of entropy if(!DRBG_GetEntropy(sizeof(tmpBuf), (BYTE*)&tmpBuf)) - return TPM_RC_NO_RESULT; + return TPM_RC_NO_RESULT; DRBG_Reseed(&drbgDefault, - &tmpBuf, - DfBuffer(&dfResult, additionalDataSize, additionalData)); + &tmpBuf, + DfBuffer(&dfResult, additionalDataSize, additionalData)); drbgDefault.reseedCounter = 1; return TPM_RC_SUCCESS; @@ -619,12 +619,12 @@ LIB_EXPORT TPM_RC CryptRandomStir(UINT16 additionalDataSize, BYTE* additionalDat // parameters as meaning that there is no additionalData and only hardware // entropy is used. if((additionalDataSize > 0) && (additionalData != NULL)) - { - memset(drbgDefault.seed.bytes, 0, sizeof(drbgDefault.seed.bytes)); - memcpy(drbgDefault.seed.bytes, - additionalData, - MIN(additionalDataSize, sizeof(drbgDefault.seed.bytes))); - } + { + memset(drbgDefault.seed.bytes, 0, sizeof(drbgDefault.seed.bytes)); + memcpy(drbgDefault.seed.bytes, + additionalData, + MIN(additionalDataSize, sizeof(drbgDefault.seed.bytes))); + } drbgDefault.reseedCounter = 1; return TPM_RC_SUCCESS; @@ -642,14 +642,14 @@ LIB_EXPORT UINT16 CryptRandomGenerate(UINT16 randomSize, BYTE* buffer) // This function is used to instantiate a KDF-based RNG. This is used for derivations. // This function always returns TRUE. LIB_EXPORT BOOL DRBG_InstantiateSeededKdf( - KDF_STATE* state, // OUT: buffer to hold the state - TPM_ALG_ID hashAlg, // IN: hash algorithm - TPM_ALG_ID kdf, // IN: the KDF to use - TPM2B* seed, // IN: the seed to use - const TPM2B* label, // IN: a label for the generation process. - TPM2B* context, // IN: the context value - UINT32 limit // IN: Maximum number of bits from the KDF - ) + KDF_STATE* state, // OUT: buffer to hold the state + TPM_ALG_ID hashAlg, // IN: hash algorithm + TPM_ALG_ID kdf, // IN: the KDF to use + TPM2B* seed, // IN: the seed to use + const TPM2B* label, // IN: a label for the generation process. + TPM2B* context, // IN: the context value + UINT32 limit // IN: Maximum number of bits from the KDF +) { state->magic = KDF_MAGIC; state->limit = limit; @@ -669,15 +669,15 @@ LIB_EXPORT BOOL DRBG_InstantiateSeededKdf( // before computing the protection value of a primary key in the Endorsement // hierarchy. LIB_EXPORT void DRBG_AdditionalData(DRBG_STATE* drbgState, // IN:OUT state to update - TPM2B* additionalData // IN: value to incorporate - ) + TPM2B* additionalData // IN: value to incorporate +) { DRBG_SEED dfResult; if(drbgState->magic == DRBG_MAGIC) - { - DfBuffer(&dfResult, additionalData->size, additionalData->buffer); - DRBG_Reseed(drbgState, &dfResult, NULL); - } + { + DfBuffer(&dfResult, additionalData->size, additionalData->buffer); + DRBG_Reseed(drbgState, &dfResult, NULL); + } } //*** DRBG_InstantiateSeeded() @@ -688,21 +688,21 @@ LIB_EXPORT void DRBG_AdditionalData(DRBG_STATE* drbgState, // IN:OUT state to u // Return Type: TPM_RC // TPM_RC_FAILURE DRBG self-test failure LIB_EXPORT TPM_RC DRBG_InstantiateSeeded( - DRBG_STATE* drbgState, // IN/OUT: buffer to hold the state - const TPM2B* seed, // IN: the seed to use - const TPM2B* purpose, // IN: a label for the generation process. - const TPM2B* name, // IN: name of the object - const TPM2B* additional, // IN: additional data - SEED_COMPAT_LEVEL seedCompatLevel // IN: compatibility level; libtpms added ) - ) + DRBG_STATE* drbgState, // IN/OUT: buffer to hold the state + const TPM2B* seed, // IN: the seed to use + const TPM2B* purpose, // IN: a label for the generation process. + const TPM2B* name, // IN: name of the object + const TPM2B* additional, // IN: additional data + SEED_COMPAT_LEVEL seedCompatLevel // IN: compatibility level; libtpms added ) +) { DF_STATE dfState; int totalInputSize; // DRBG should have been tested, but... if(!IsDrbgTested() && !DRBG_SelfTest()) - { - FAIL_RC(FATAL_ERROR_SELF_TEST); - } + { + FAIL_RC(FATAL_ERROR_SELF_TEST); + } // Initialize the DRBG state memset(drbgState, 0, sizeof(DRBG_STATE)); drbgState->magic = DRBG_MAGIC; @@ -719,13 +719,13 @@ LIB_EXPORT TPM_RC DRBG_InstantiateSeeded( // Run all the input strings through the derivation function if(seed != NULL) - DfUpdate(&dfState, seed->size, seed->buffer); + DfUpdate(&dfState, seed->size, seed->buffer); if(purpose != NULL) - DfUpdate(&dfState, purpose->size, purpose->buffer); + DfUpdate(&dfState, purpose->size, purpose->buffer); if(name != NULL) - DfUpdate(&dfState, name->size, name->buffer); + DfUpdate(&dfState, name->size, name->buffer); if(additional != NULL) - DfUpdate(&dfState, additional->size, additional->buffer); + DfUpdate(&dfState, additional->size, additional->buffer); // Used the derivation function output as the "entropy" input. This is not // how it is described in SP800-90A but this is the equivalent function @@ -746,9 +746,9 @@ LIB_EXPORT BOOL CryptRandStartup(void) // If the running state is saved in NV, NV has to be loaded before it can // be updated if(go.drbgState.magic == DRBG_MAGIC) - return DRBG_Reseed(&go.drbgState, NULL, NULL); + return DRBG_Reseed(&go.drbgState, NULL, NULL); else - return DRBG_Instantiate(&go.drbgState, 0, NULL); + return DRBG_Instantiate(&go.drbgState, 0, NULL); #endif } @@ -797,148 +797,148 @@ DRBG_GetSeedCompatLevel( // number requested if the request is too large ("too large" is implementation // dependent.) LIB_EXPORT UINT16 DRBG_Generate( - RAND_STATE* state, - BYTE* random, // OUT: buffer to receive the random values - UINT16 randomSize // IN: the number of bytes to generate - ) + RAND_STATE* state, + BYTE* random, // OUT: buffer to receive the random values + UINT16 randomSize // IN: the number of bytes to generate +) { if(state == NULL) - state = (RAND_STATE*)&drbgDefault; + state = (RAND_STATE*)&drbgDefault; if(random == NULL) - return 0; + return 0; // If the caller used a KDF state, generate a sequence from the KDF not to // exceed the limit. if(state->kdf.magic == KDF_MAGIC) - { - KDF_STATE* kdf = (KDF_STATE*)state; - UINT32 counter = (UINT32)kdf->counter; - INT32 bytesLeft = randomSize; - // - // If the number of bytes to be returned would put the generator - // over the limit, then return 0 - if((((kdf->counter * kdf->digestSize) + randomSize) * 8) > kdf->limit) - return 0; - // Process partial and full blocks until all requested bytes provided - while(bytesLeft > 0) - { - // If there is any residual data in the buffer, copy it to the output - // buffer - if(kdf->residual.t.size > 0) - { - INT32 size; - // - // Don't use more of the residual than will fit or more than are - // available - size = MIN(kdf->residual.t.size, bytesLeft); + { + KDF_STATE* kdf = (KDF_STATE*)state; + UINT32 counter = (UINT32)kdf->counter; + INT32 bytesLeft = randomSize; + // + // If the number of bytes to be returned would put the generator + // over the limit, then return 0 + if((((kdf->counter * kdf->digestSize) + randomSize) * 8) > kdf->limit) + return 0; + // Process partial and full blocks until all requested bytes provided + while(bytesLeft > 0) + { + // If there is any residual data in the buffer, copy it to the output + // buffer + if(kdf->residual.t.size > 0) + { + INT32 size; + // + // Don't use more of the residual than will fit or more than are + // available + size = MIN(kdf->residual.t.size, bytesLeft); - // Copy some or all of the residual to the output. The residual is - // at the end of the buffer. The residual might be a full buffer. - MemoryCopy( - random, - &kdf->residual.t.buffer[kdf->digestSize - kdf->residual.t.size], - size); + // Copy some or all of the residual to the output. The residual is + // at the end of the buffer. The residual might be a full buffer. + MemoryCopy( + random, + &kdf->residual.t.buffer[kdf->digestSize - kdf->residual.t.size], + size); - // Advance the buffer pointer - random += size; + // Advance the buffer pointer + random += size; - // Reduce the number of bytes left to get - bytesLeft -= size; + // Reduce the number of bytes left to get + bytesLeft -= size; - // And reduce the residual size appropriately - kdf->residual.t.size -= (UINT16)size; - } - else - { - UINT16 blocks = (UINT16)(bytesLeft / kdf->digestSize); - // - // Get the number of required full blocks - if(blocks > 0) - { - UINT16 size = blocks * kdf->digestSize; - // Get some number of full blocks and put them in the return buffer - CryptKDFa(kdf->hash, - kdf->seed, - kdf->label, - kdf->context, - NULL, - kdf->limit, - random, - &counter, - blocks); + // And reduce the residual size appropriately + kdf->residual.t.size -= (UINT16)size; + } + else + { + UINT16 blocks = (UINT16)(bytesLeft / kdf->digestSize); + // + // Get the number of required full blocks + if(blocks > 0) + { + UINT16 size = blocks * kdf->digestSize; + // Get some number of full blocks and put them in the return buffer + CryptKDFa(kdf->hash, + kdf->seed, + kdf->label, + kdf->context, + NULL, + kdf->limit, + random, + &counter, + blocks); - // reduce the size remaining to be moved and advance the pointer - bytesLeft -= size; - random += size; - } - else - { - // Fill the residual buffer with a full block and then loop to - // top to get part of it copied to the output. - kdf->residual.t.size = CryptKDFa(kdf->hash, - kdf->seed, - kdf->label, - kdf->context, - NULL, - kdf->limit, - kdf->residual.t.buffer, - &counter, - 1); - } - } - } - kdf->counter = counter; - return randomSize; - } + // reduce the size remaining to be moved and advance the pointer + bytesLeft -= size; + random += size; + } + else + { + // Fill the residual buffer with a full block and then loop to + // top to get part of it copied to the output. + kdf->residual.t.size = CryptKDFa(kdf->hash, + kdf->seed, + kdf->label, + kdf->context, + NULL, + kdf->limit, + kdf->residual.t.buffer, + &counter, + 1); + } + } + } + kdf->counter = counter; + return randomSize; + } else if(state->drbg.magic == DRBG_MAGIC) - { - DRBG_STATE* drbgState = (DRBG_STATE*)state; - DRBG_KEY_SCHEDULE keySchedule; - DRBG_SEED* seed = &drbgState->seed; + { + DRBG_STATE* drbgState = (DRBG_STATE*)state; + DRBG_KEY_SCHEDULE keySchedule; + DRBG_SEED* seed = &drbgState->seed; - memset(&keySchedule, 0, sizeof(keySchedule)); /* libtpms added: coverity */ - if(drbgState->reseedCounter >= CTR_DRBG_MAX_REQUESTS_PER_RESEED) - { - if(drbgState == &drbgDefault) - { - DRBG_Reseed(drbgState, NULL, NULL); - if(IsEntropyBad() && !IsSelfTest()) - return 0; - } - else - { - // If this is a PRNG then the only way to get - // here is if the SW has run away. - FAIL_IMMEDIATE(FATAL_ERROR_INTERNAL, 0); - } - } - // if the allowed number of bytes in a request is larger than the - // less than the number of bytes that can be requested, then check + memset(&keySchedule, 0, sizeof(keySchedule)); /* libtpms added: coverity */ + if(drbgState->reseedCounter >= CTR_DRBG_MAX_REQUESTS_PER_RESEED) + { + if(drbgState == &drbgDefault) + { + DRBG_Reseed(drbgState, NULL, NULL); + if(IsEntropyBad() && !IsSelfTest()) + return 0; + } + else + { + // If this is a PRNG then the only way to get + // here is if the SW has run away. + FAIL_IMMEDIATE(FATAL_ERROR_INTERNAL, 0); + } + } + // if the allowed number of bytes in a request is larger than the + // less than the number of bytes that can be requested, then check #if UINT16_MAX >= CTR_DRBG_MAX_BYTES_PER_REQUEST - if(randomSize > CTR_DRBG_MAX_BYTES_PER_REQUEST) - randomSize = CTR_DRBG_MAX_BYTES_PER_REQUEST; + if(randomSize > CTR_DRBG_MAX_BYTES_PER_REQUEST) + randomSize = CTR_DRBG_MAX_BYTES_PER_REQUEST; #endif - // Create encryption schedule - if(DRBG_ENCRYPT_SETUP( - (BYTE*)pDRBG_KEY(seed), DRBG_KEY_SIZE_BITS, &keySchedule) - != 0) - { - FAIL_IMMEDIATE(FATAL_ERROR_INTERNAL, 0); - } - // Generate the random data - EncryptDRBG( - random, randomSize, &keySchedule, pDRBG_IV(seed), drbgState->lastValue); - // Do a key update - DRBG_Update(drbgState, &keySchedule, NULL); + // Create encryption schedule + if(DRBG_ENCRYPT_SETUP( + (BYTE*)pDRBG_KEY(seed), DRBG_KEY_SIZE_BITS, &keySchedule) + != 0) + { + FAIL_IMMEDIATE(FATAL_ERROR_INTERNAL, 0); + } + // Generate the random data + EncryptDRBG( + random, randomSize, &keySchedule, pDRBG_IV(seed), drbgState->lastValue); + // Do a key update + DRBG_Update(drbgState, &keySchedule, NULL); - // Increment the reseed counter - drbgState->reseedCounter += 1; - } + // Increment the reseed counter + drbgState->reseedCounter += 1; + } else - { - // invalid DRBG state structure - FAIL_IMMEDIATE(FATAL_ERROR_INTERNAL, 0); - } + { + // invalid DRBG state structure + FAIL_IMMEDIATE(FATAL_ERROR_INTERNAL, 0); + } return randomSize; } @@ -952,10 +952,10 @@ LIB_EXPORT UINT16 DRBG_Generate( // TRUE(1) instantiation succeeded // FALSE(0) instantiation failed LIB_EXPORT BOOL DRBG_Instantiate( - DRBG_STATE* drbgState, // OUT: the instantiated value - UINT16 pSize, // IN: Size of personalization string - BYTE* personalization // IN: The personalization string - ) + DRBG_STATE* drbgState, // OUT: the instantiated value + UINT16 pSize, // IN: Size of personalization string + BYTE* personalization // IN: The personalization string +) { DRBG_SEED seed; DRBG_SEED dfResult; @@ -965,11 +965,11 @@ LIB_EXPORT BOOL DRBG_Instantiate( // Instantiation is called during self test, make sure we don't get stuck in a // loop. if(!IsDrbgTested() && !IsSelfTest() && !DRBG_SelfTest()) - return FALSE; + return FALSE; // If doing a self test, DRBG_GetEntropy will return the NIST // test vector value. if(!DRBG_GetEntropy(sizeof(seed), (BYTE*)&seed)) - return FALSE; + return FALSE; // set everything to zero memset(drbgState, 0, sizeof(DRBG_STATE)); drbgState->magic = DRBG_MAGIC; @@ -988,11 +988,11 @@ LIB_EXPORT BOOL DRBG_Instantiate( // Return Type: TPM_RC // TPM_RC_VALUE not a valid state LIB_EXPORT TPM_RC DRBG_Uninstantiate( - DRBG_STATE* drbgState // IN/OUT: working state to erase - ) + DRBG_STATE* drbgState // IN/OUT: working state to erase +) { if((drbgState == NULL) || (drbgState->magic != DRBG_MAGIC)) - return TPM_RC_VALUE; + return TPM_RC_VALUE; memset(drbgState, 0, sizeof(DRBG_STATE)); return TPM_RC_SUCCESS; } diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c index 66dd8794..e52ff432 100644 --- a/src/tpm2/crypto/openssl/CryptRsa.c +++ b/src/tpm2/crypto/openssl/CryptRsa.c @@ -109,10 +109,10 @@ static privateExponent* RsaInitializeExponent(privateExponent* Z) int i; // for(i = 0; i < 5; i++) - { - bn[i] = (Crypt_Int*)&(Z->entries[i]); - ExtMath_Initialize_Int(bn[i], MAX_RSA_KEY_BITS / 2); - } + { + bn[i] = (Crypt_Int*)&(Z->entries[i]); + ExtMath_Initialize_Int(bn[i], MAX_RSA_KEY_BITS / 2); + } return Z; } @@ -121,11 +121,11 @@ static privateExponent* RsaInitializeExponent(privateExponent* Z) static void MakePgreaterThanQ(privateExponent* Z) { if(ExtMath_UnsignedCmp(Z->P, Z->Q) < 0) - { - Crypt_Int* bnT = Z->P; - Z->P = Z->Q; - Z->Q = bnT; - } + { + Crypt_Int* bnT = Z->P; + Z->P = Z->Q; + Z->Q = bnT; + } } #if 0 // libtpms added @@ -150,11 +150,11 @@ static BOOL PackExponent(TPM2B_PRIVATE_KEY_RSA* packed, privateExponent* Z) pAssert((primeSize * 5) <= sizeof(packed->t.buffer)); packed->t.size = (primeSize * 5) + RSA_prime_flag; for(i = 0; i < 5; i++) - if(!ExtMath_IntToBytes( - (Crypt_Int*)&Z->entries[i], &packed->t.buffer[primeSize * i], &pS)) - return FALSE; + if(!ExtMath_IntToBytes( + (Crypt_Int*)&Z->entries[i], &packed->t.buffer[primeSize * i], &pS)) + return FALSE; if(pS != primeSize) - return FALSE; + return FALSE; return TRUE; } @@ -175,12 +175,12 @@ static BOOL UnpackExponent(TPM2B_PRIVATE_KEY_RSA* b, privateExponent* Z) GOTO_ERROR_UNLESS((primeSize % 5) == 0); primeSize /= 5; for(i = 0; i < 5; i++) - GOTO_ERROR_UNLESS( - ExtMath_IntFromBytes(bn[i], &b->t.buffer[primeSize * i], primeSize) - != NULL); + GOTO_ERROR_UNLESS( + ExtMath_IntFromBytes(bn[i], &b->t.buffer[primeSize * i], primeSize) + != NULL); MakePgreaterThanQ(Z); return TRUE; - Error: +Error: return FALSE; } #endif // libtpms added @@ -191,10 +191,10 @@ static BOOL UnpackExponent(TPM2B_PRIVATE_KEY_RSA* b, privateExponent* Z) // TRUE(1) success // FALSE(0) failure static BOOL ComputePrivateExponent( - Crypt_Int* pubExp, // IN: the public exponent - privateExponent* Z // IN/OUT: on input, has primes P and Q. On - // output, has P, Q, dP, dQ, and pInv - ) + Crypt_Int* pubExp, // IN: the public exponent + privateExponent* Z // IN/OUT: on input, has primes P and Q. On + // output, has P, Q, dP, dQ, and pInv +) { BOOL pOK; BOOL qOK; @@ -211,11 +211,11 @@ static BOOL ComputePrivateExponent( qOK = qOK && ExtMath_ModInverse(Z->dQ, pubExp, pT); // qInv = (1/q) mod p if(pOK && qOK) - pOK = qOK = ExtMath_ModInverse(Z->qInv, Z->Q, Z->P); + pOK = qOK = ExtMath_ModInverse(Z->qInv, Z->Q, Z->P); if(!pOK) - ExtMath_SetWord(Z->P, 0); + ExtMath_SetWord(Z->P, 0); if(!qOK) - ExtMath_SetWord(Z->Q, 0); + ExtMath_SetWord(Z->Q, 0); return pOK && qOK; } @@ -227,7 +227,7 @@ static BOOL ComputePrivateExponent( // TRUE(1) success // FALSE(0) failure static BOOL RsaPrivateKeyOp(Crypt_Int* inOut, // IN/OUT: number to be exponentiated - privateExponent* Z) + privateExponent* Z) { CRYPT_RSA_VAR(M1); CRYPT_RSA_VAR(M2); @@ -248,7 +248,7 @@ static BOOL RsaPrivateKeyOp(Crypt_Int* inOut, // IN/OUT: number to be exponenti GOTO_ERROR_UNLESS(ExtMath_Multiply(M, H, Z->Q)); GOTO_ERROR_UNLESS(ExtMath_Add(inOut, M2, M)); return TRUE; - Error: +Error: return FALSE; } @@ -262,29 +262,29 @@ static BOOL RsaPrivateKeyOp(Crypt_Int* inOut, // IN/OUT: number to be exponenti // #if !USE_OPENSSL_FUNCTIONS_RSA // libtpms added static TPM_RC RSAEP(TPM2B* dInOut, // IN: size of the encrypted block and the size of - // the encrypted value. It must be the size of - // the modulus. - // OUT: the encrypted data. Will receive the - // decrypted value - OBJECT* key // IN: the key to use - ) + // the encrypted value. It must be the size of + // the modulus. + // OUT: the encrypted data. Will receive the + // decrypted value + OBJECT* key // IN: the key to use +) { TPM2B_TYPE(4BYTES, 4); TPM2B_4BYTES e2B; UINT32 e = key->publicArea.parameters.rsaDetail.exponent; // if(e == 0) - e = RSA_DEFAULT_PUBLIC_EXPONENT; + e = RSA_DEFAULT_PUBLIC_EXPONENT; UINT32_TO_BYTE_ARRAY(e, e2B.t.buffer); e2B.t.size = 4; return ModExpB(dInOut->size, - dInOut->buffer, - dInOut->size, - dInOut->buffer, - e2B.t.size, - e2B.t.buffer, - key->publicArea.unique.rsa.t.size, - key->publicArea.unique.rsa.t.buffer); + dInOut->buffer, + dInOut->size, + dInOut->buffer, + e2B.t.size, + e2B.t.buffer, + key->publicArea.unique.rsa.t.size, + key->publicArea.unique.rsa.t.buffer); } //*** RSADP() @@ -300,34 +300,34 @@ static TPM_RC RSAEP(TPM2B* dInOut, // IN: size of the encrypted block and the s // TPM_RC_SIZE the value to decrypt is larger than the modulus // static TPM_RC RSADP(TPM2B* inOut, // IN/OUT: the value to encrypt - OBJECT* key // IN: the key - ) + OBJECT* key // IN: the key +) { CRYPT_RSA_INITIALIZED(bnM, inOut); NEW_PRIVATE_EXPONENT(Z); if(UnsignedCompareB(inOut->size, - inOut->buffer, - key->publicArea.unique.rsa.t.size, - key->publicArea.unique.rsa.t.buffer) + inOut->buffer, + key->publicArea.unique.rsa.t.size, + key->publicArea.unique.rsa.t.buffer) >= 0) - return TPM_RC_SIZE; + return TPM_RC_SIZE; // private key operation requires that private exponent be loaded // During self-test, this might not be the case so load it up if it hasn't // already done // been done if(!key->attributes.privateExp) // libtpms changed begin: use older verions - { - if(CryptRsaLoadPrivateExponent(&key->publicArea, &key->sensitive, key) - != TPM_RC_SUCCESS) - return TPM_RC_BINDING; - } + { + if(CryptRsaLoadPrivateExponent(&key->publicArea, &key->sensitive, key) + != TPM_RC_SUCCESS) + return TPM_RC_BINDING; + } GOTO_ERROR_UNLESS(TpmMath_IntFrom2B(Z->P, &key->sensitive.sensitive.rsa.b) != NULL); RsaSetExponentFromOld(Z, &key->privateExponent); // GOTO_ERROR_UNLESS(UnpackExponent(&key->sensitive.sensitive.rsa, Z)); // libtpms changed end GOTO_ERROR_UNLESS(RsaPrivateKeyOp(bnM, Z)); GOTO_ERROR_UNLESS(TpmMath_IntTo2B(bnM, inOut, inOut->size)); return TPM_RC_SUCCESS; - Error: +Error: return TPM_RC_FAILURE; } @@ -339,12 +339,12 @@ static TPM_RC RSADP(TPM2B* inOut, // IN/OUT: the value to encrypt // TPM_RC_VALUE 'hashAlg' is not valid or message size is too large // static TPM_RC OaepEncode( - TPM2B* padded, // OUT: the pad data - TPM_ALG_ID hashAlg, // IN: algorithm to use for padding - const TPM2B* label, // IN: null-terminated string (may be NULL) - TPM2B* message, // IN: the message being padded - RAND_STATE* rand // IN: the random number generator to use - ) + TPM2B* padded, // OUT: the pad data + TPM_ALG_ID hashAlg, // IN: algorithm to use for padding + const TPM2B* label, // IN: null-terminated string (may be NULL) + TPM2B* message, // IN: the message being padded + RAND_STATE* rand // IN: the random number generator to use +) { INT32 padLen; INT32 dbSize; @@ -362,22 +362,22 @@ static TPM_RC OaepEncode( // A value of zero is not allowed because the KDF can't produce a result // if the digest size is zero. if(hLen == 0) - return TPM_RC_VALUE; + return TPM_RC_VALUE; // Basic size checks // make sure digest isn't too big for key size if(padded->size < (2 * hLen) + 2) - ERROR_EXIT(TPM_RC_HASH); + ERROR_EXIT(TPM_RC_HASH); // and that message will fit messageSize <= k - 2hLen - 2 if(message->size > (padded->size - (2 * hLen) - 2)) - ERROR_EXIT(TPM_RC_VALUE); + ERROR_EXIT(TPM_RC_VALUE); // Hash L even if it is null // Offset into padded leaving room for masked seed and byte of zero pp = &padded->buffer[hLen + 1]; if(CryptHashBlock(hashAlg, label->size, (BYTE*)label->buffer, hLen, pp) != hLen) - ERROR_EXIT(TPM_RC_FAILURE); + ERROR_EXIT(TPM_RC_FAILURE); // concatenate PS of k mLen 2hLen 2 padLen = padded->size - message->size - (2 * hLen) - 2; @@ -391,28 +391,28 @@ static TPM_RC OaepEncode( DRBG_Generate(rand, mySeed, (UINT16)hLen); if(g_inFailureMode) - ERROR_EXIT(TPM_RC_FAILURE); + ERROR_EXIT(TPM_RC_FAILURE); // mask = MGF1 (seed, nSize hLen 1) CryptMGF_KDF(dbSize, mask, hashAlg, hLen, seed, 0); // Create the masked db pm = mask; for(i = dbSize; i > 0; i--) - *pp++ ^= *pm++; + *pp++ ^= *pm++; pp = &padded->buffer[hLen + 1]; // Run the masked data through MGF1 if(CryptMGF_KDF(hLen, &padded->buffer[1], hashAlg, dbSize, pp, 0) != (unsigned)hLen) - ERROR_EXIT(TPM_RC_VALUE); + ERROR_EXIT(TPM_RC_VALUE); // Now XOR the seed to create masked seed pp = &padded->buffer[1]; pm = seed; for(i = hLen; i > 0; i--) - *pp++ ^= *pm++; + *pp++ ^= *pm++; // Set the first byte to zero padded->buffer[0] = 0x00; - Exit: +Exit: return retVal; } @@ -434,11 +434,11 @@ static TPM_RC OaepEncode( // // static TPM_RC OaepDecode( - TPM2B* dataOut, // OUT: the recovered data - TPM_ALG_ID hashAlg, // IN: algorithm to use for padding - const TPM2B* label, // IN: null-terminated string (may be NULL) - TPM2B* padded // IN: the padded data - ) + TPM2B* dataOut, // OUT: the recovered data + TPM_ALG_ID hashAlg, // IN: algorithm to use for padding + const TPM2B* label, // IN: null-terminated string (may be NULL) + TPM2B* padded // IN: the padded data +) { UINT32 i; BYTE seedMask[MAX_DIGEST_SIZE]; @@ -452,22 +452,22 @@ static TPM_RC OaepDecode( // Strange size (anything smaller can't be an OAEP padded block) // Also check for no leading 0 if((padded->size < (unsigned)((2 * hLen) + 2)) || (padded->buffer[0] != 0)) - ERROR_EXIT(TPM_RC_VALUE); + ERROR_EXIT(TPM_RC_VALUE); // Use the hash size to determine what to put through MGF1 in order // to recover the seedMask CryptMGF_KDF(hLen, - seedMask, - hashAlg, - padded->size - hLen - 1, - &padded->buffer[hLen + 1], - 0); + seedMask, + hashAlg, + padded->size - hLen - 1, + &padded->buffer[hLen + 1], + 0); // Recover the seed into seedMask pAssert(hLen <= sizeof(seedMask)); pp = &padded->buffer[1]; pm = seedMask; for(i = hLen; i > 0; i--) - *pm++ ^= *pp++; + *pm++ ^= *pp++; // Use the seed to generate the data mask CryptMGF_KDF(padded->size - hLen - 1, mask, hashAlg, hLen, seedMask, 0); @@ -476,38 +476,38 @@ static TPM_RC OaepDecode( pp = &padded->buffer[hLen + 1]; pm = mask; for(i = (padded->size - hLen - 1); i > 0; i--) - *pm++ ^= *pp++; + *pm++ ^= *pp++; // Make sure that the recovered data has the hash of the label // Put trial value in the seed mask if((CryptHashBlock(hashAlg, label->size, (BYTE*)label->buffer, hLen, seedMask)) != hLen) - FAIL(FATAL_ERROR_INTERNAL); + FAIL(FATAL_ERROR_INTERNAL); if(memcmp(seedMask, mask, hLen) != 0) - ERROR_EXIT(TPM_RC_VALUE); + ERROR_EXIT(TPM_RC_VALUE); // find the start of the data pm = &mask[hLen]; for(i = (UINT32)padded->size - (2 * hLen) - 1; i > 0; i--) - { - if(*pm++ != 0) - break; - } + { + if(*pm++ != 0) + break; + } // If we ran out of data or didn't end with 0x01, then return an error if(i == 0 || pm[-1] != 0x01) - ERROR_EXIT(TPM_RC_VALUE); + ERROR_EXIT(TPM_RC_VALUE); // pm should be pointing at the first part of the data // and i is one greater than the number of bytes to move i--; if(i > dataOut->size) - // Special exit to preserve the size of the output buffer - return TPM_RC_VALUE; + // Special exit to preserve the size of the output buffer + return TPM_RC_VALUE; memcpy(dataOut->buffer, pm, i); dataOut->size = (UINT16)i; - Exit: +Exit: if(retVal != TPM_RC_SUCCESS) - dataOut->size = 0; + dataOut->size = 0; return retVal; } @@ -518,17 +518,17 @@ static TPM_RC OaepDecode( // TPM_RC_VALUE message size is too large // static TPM_RC RSAES_PKCS1v1_5Encode(TPM2B* padded, // OUT: the pad data - TPM2B* message, // IN: the message being padded - RAND_STATE* rand) + TPM2B* message, // IN: the message being padded + RAND_STATE* rand) { UINT32 ps = padded->size - message->size - 3; // if(message->size > padded->size - 11) - return TPM_RC_VALUE; + return TPM_RC_VALUE; // move the message to the end of the buffer memcpy(&padded->buffer[padded->size - message->size], - message->buffer, - message->size); + message->buffer, + message->size); // Set the first byte to 0x00 and the second to 0x02 padded->buffer[0] = 0; padded->buffer[1] = 2; @@ -536,7 +536,7 @@ static TPM_RC RSAES_PKCS1v1_5Encode(TPM2B* padded, // OUT: the pad data // Fill with random bytes DRBG_Generate(rand, &padded->buffer[2], (UINT16)ps); if(g_inFailureMode) - return TPM_RC_FAILURE; + return TPM_RC_FAILURE; // Set the delimiter for the random field to 0 padded->buffer[2 + ps] = 0; @@ -544,12 +544,12 @@ static TPM_RC RSAES_PKCS1v1_5Encode(TPM2B* padded, // OUT: the pad data // Now, the only messy part. Make sure that all the 'ps' bytes are non-zero // In this implementation, use the value of the current index for(ps++; ps > 1; ps--) - { - if(padded->buffer[ps] == 0) - padded->buffer[ps] = 0x55; // In the < 0.5% of the cases that the - // random value is 0, just pick a value to - // put into the spot. - } + { + if(padded->buffer[ps] == 0) + padded->buffer[ps] = 0x55; // In the < 0.5% of the cases that the + // random value is 0, just pick a value to + // put into the spot. + } return TPM_RC_SUCCESS; } @@ -561,8 +561,8 @@ static TPM_RC RSAES_PKCS1v1_5Encode(TPM2B* padded, // OUT: the pad data // TPM_RC_FAIL decoding error or results would no fit into provided buffer // static TPM_RC RSAES_Decode(TPM2B* message, // OUT: the recovered message - TPM2B* coded // IN: the encoded message - ) + TPM2B* coded // IN: the encoded message +) { BOOL fail = FALSE; UINT16 pSize; @@ -571,10 +571,10 @@ static TPM_RC RSAES_Decode(TPM2B* message, // OUT: the recovered message fail = (coded->buffer[0] != 0x00) | fail; fail = (coded->buffer[1] != 0x02) | fail; for(pSize = 2; pSize < coded->size; pSize++) - { - if(coded->buffer[pSize] == 0) - break; - } + { + if(coded->buffer[pSize] == 0) + break; + } pSize++; // Make sure that pSize has not gone over the end and that there are at least 8 @@ -582,7 +582,7 @@ static TPM_RC RSAES_Decode(TPM2B* message, // OUT: the recovered message fail = (pSize > coded->size) | fail; fail = ((pSize - 2) <= 8) | fail; if((message->size < (UINT16)(coded->size - pSize)) || fail) - return TPM_RC_VALUE; + return TPM_RC_VALUE; message->size = coded->size - pSize; memcpy(message->buffer, &coded->buffer[pSize], coded->size - pSize); return TPM_RC_SUCCESS; @@ -603,9 +603,9 @@ CryptRsaPssSaltSize(INT16 hashSize, INT16 outSize) saltSize = (outSize - hashSize - 1) - 1; // Use the maximum salt size allowed by FIPS 186-4 if(saltSize > hashSize) - saltSize = hashSize; + saltSize = hashSize; else if(saltSize < 0) - saltSize = 0; + saltSize = 0; return saltSize; } @@ -616,10 +616,10 @@ CryptRsaPssSaltSize(INT16 hashSize, INT16 outSize) // // Returns TPM_RC_SUCCESS or goes into failure mode. static TPM_RC PssEncode(TPM2B* out, // OUT: the encoded buffer - TPM_ALG_ID hashAlg, // IN: hash algorithm for the encoding - TPM2B* digest, // IN: the digest - RAND_STATE* rand // IN: random number source - ) + TPM_ALG_ID hashAlg, // IN: hash algorithm for the encoding + TPM2B* digest, // IN: the digest + RAND_STATE* rand // IN: random number source +) { UINT32 hLen = CryptHashGetDigestSize(hashAlg); BYTE salt[MAX_RSA_KEY_BYTES - 1]; @@ -646,7 +646,7 @@ static TPM_RC PssEncode(TPM2B* out, // OUT: the encoded buffer // Get set the salt DRBG_Generate(rand, salt, saltSize); if(g_inFailureMode) - return TPM_RC_FAILURE; + return TPM_RC_FAILURE; // Create the hash of the pad || input hash || salt CryptHashStart(&hashState, hashAlg); @@ -657,7 +657,7 @@ static TPM_RC PssEncode(TPM2B* out, // OUT: the encoded buffer // Create a mask if(CryptMGF_KDF(mLen, pOut, hashAlg, hLen, &pOut[mLen], 0) != mLen) - FAIL(FATAL_ERROR_INTERNAL); + FAIL(FATAL_ERROR_INTERNAL); // Since this implementation uses key sizes that are all even multiples of // 8, just need to make sure that the most significant bit is CLEAR @@ -672,7 +672,7 @@ static TPM_RC PssEncode(TPM2B* out, // OUT: the encoded buffer // XOR the salt data into the buffer for(; saltSize > 0; saltSize--) - *pOut++ ^= *ps++; + *pOut++ ^= *ps++; // and we are done return TPM_RC_SUCCESS; @@ -695,10 +695,10 @@ static TPM_RC PssEncode(TPM2B* out, // OUT: the encoded buffer // TPM_RC_VALUE decode operation failed // static TPM_RC PssDecode( - TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding - TPM2B* dIn, // In: the digest to compare - TPM2B* eIn // IN: the encoded data - ) + TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding + TPM2B* dIn, // In: the digest to compare + TPM2B* eIn // IN: the encoded data +) { UINT32 hLen = CryptHashGetDigestSize(hashAlg); BYTE mask[MAX_RSA_KEY_BYTES]; @@ -717,7 +717,7 @@ static TPM_RC PssDecode( // check the hash scheme if(hLen == 0) - ERROR_EXIT(TPM_RC_SCHEME); + ERROR_EXIT(TPM_RC_SCHEME); // most significant bit must be zero fail = pe[0] & 0x80; @@ -738,16 +738,16 @@ static TPM_RC PssDecode( // advances eIn so that it will end up pointing to the seed data // which is the hash of the signature data for(i = mLen; i > 0; i--) - *pm++ ^= *pe++; + *pm++ ^= *pe++; // Find the first byte of 0x01 after a string of all 0x00 for(pm = mask, i = mLen; i > 0; i--) - { - if(*pm == 0x01) - break; - else - fail |= *pm++; - } + { + if(*pm == 0x01) + break; + else + fail |= *pm++; + } // i should not be zero fail |= (i == 0); @@ -756,15 +756,15 @@ static TPM_RC PssDecode( // is a problem for TPM applications but, usually, we don't fail so this // doesn't cost anything). if(fail) - { - i = mLen; - pm = mask; - } + { + i = mLen; + pm = mask; + } else - { - pm++; - i--; - } + { + pm++; + i--; + } // i contains the salt size and pm points to the salt. Going to use the input // hash and the seed to recreate the hash in the lower portion of eIn. CryptHashStart(&hashState, hashAlg); @@ -783,13 +783,13 @@ static TPM_RC PssDecode( // Compare all bytes for(pm = mask; hLen > 0; hLen--) - // don't use fail = because that could skip the increment and compare - // operations after the first failure and that gives away timing - // information. - fail |= *pm++ ^ *pe++; + // don't use fail = because that could skip the increment and compare + // operations after the first failure and that gives away timing + // information. + fail |= *pm++ ^ *pe++; retVal = (fail != 0) ? TPM_RC_VALUE : TPM_RC_SUCCESS; - Exit: +Exit: return retVal; } @@ -829,7 +829,7 @@ MakeDerTag(TPM_ALG_ID hashAlg, INT16 sizeOfBuffer, BYTE* buffer) *buffer++ = 0x04; *buffer++ = (BYTE)(info->digestSize); return oidSize + 8; - Error: +Error: return 0; } @@ -841,10 +841,10 @@ MakeDerTag(TPM_ALG_ID hashAlg, INT16 sizeOfBuffer, BYTE* buffer) // TPM_RC_SIZE 'eOutSize' is not large enough // TPM_RC_VALUE 'hInSize' does not match the digest size of hashAlg static TPM_RC RSASSA_Encode(TPM2B* pOut, // IN:OUT on in, the size of the public key - // on out, the encoded area - TPM_ALG_ID hashAlg, // IN: hash algorithm for PKCS1v1_5 - TPM2B* hIn // IN: digest value to encode - ) + // on out, the encoded area + TPM_ALG_ID hashAlg, // IN: hash algorithm for PKCS1v1_5 + TPM2B* hIn // IN: digest value to encode +) { BYTE DER[20]; BYTE* der = DER; @@ -855,31 +855,31 @@ static TPM_RC RSASSA_Encode(TPM2B* pOut, // IN:OUT on in, the size of the publi // Can't use this scheme if the algorithm doesn't have a DER string defined. if(derSize == 0) - ERROR_EXIT(TPM_RC_SCHEME); + ERROR_EXIT(TPM_RC_SCHEME); // If the digest size of 'hashAl' doesn't match the input digest size, then // the DER will misidentify the digest so return an error if(CryptHashGetDigestSize(hashAlg) != hIn->size) - ERROR_EXIT(TPM_RC_VALUE); + ERROR_EXIT(TPM_RC_VALUE); fillSize = pOut->size - derSize - hIn->size - 3; eOut = pOut->buffer; // Make sure that this combination will fit in the provided space if(fillSize < 8) - ERROR_EXIT(TPM_RC_SIZE); + ERROR_EXIT(TPM_RC_SIZE); // Start filling *eOut++ = 0; // initial byte of zero *eOut++ = 1; // byte of 0x01 for(; fillSize > 0; fillSize--) - *eOut++ = 0xff; // bunch of 0xff + *eOut++ = 0xff; // bunch of 0xff *eOut++ = 0; // another 0 for(; derSize > 0; derSize--) - *eOut++ = *der++; // copy the DER + *eOut++ = *der++; // copy the DER der = hIn->buffer; for(fillSize = hIn->size; fillSize > 0; fillSize--) - *eOut++ = *der++; // copy the hash - Exit: + *eOut++ = *der++; // copy the hash +Exit: return retVal; } @@ -891,10 +891,10 @@ static TPM_RC RSASSA_Encode(TPM2B* pOut, // IN:OUT on in, the size of the publi // TPM_RC_SCHEME 'haslAlg' is not supported // static TPM_RC RSASSA_Decode( - TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding - TPM2B* hIn, // In: the digest to compare - TPM2B* eIn // IN: the encoded data - ) + TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding + TPM2B* hIn, // In: the digest to compare + TPM2B* eIn // IN: the encoded data +) { BYTE fail; BYTE DER[20]; @@ -913,7 +913,7 @@ static TPM_RC RSASSA_Decode( // Can't use this scheme if the algorithm doesn't have a DER string // defined or if the provided hash isn't the right size if(derSize == 0 || (unsigned)hashSize != hIn->size) - ERROR_EXIT(TPM_RC_SCHEME); + ERROR_EXIT(TPM_RC_SCHEME); // Make sure that this combination will fit in the provided space // Since no data movement takes place, can just walk though this @@ -926,16 +926,16 @@ static TPM_RC RSASSA_Decode( fail = *pe++; // initial byte of zero fail |= *pe++ ^ 1; // byte of 0x01 for(; fillSize > 0; fillSize--) - fail |= *pe++ ^ 0xff; // bunch of 0xff + fail |= *pe++ ^ 0xff; // bunch of 0xff fail |= *pe++; // another 0 for(; derSize > 0; derSize--) - fail |= *pe++ ^ *der++; // match the DER + fail |= *pe++ ^ *der++; // match the DER digestSize = hIn->size; digest = hIn->buffer; for(; digestSize > 0; digestSize--) - fail |= *pe++ ^ *digest++; // match the hash + fail |= *pe++ ^ *digest++; // match the hash retVal = (fail != 0) ? TPM_RC_VALUE : TPM_RC_SUCCESS; - Exit: +Exit: return retVal; } #endif // libtpms added @@ -954,9 +954,9 @@ static TPM_RC RSASSA_Decode( // // The return pointer may point to a TPM_ALG_NULL scheme. TPMT_RSA_DECRYPT* CryptRsaSelectScheme( - TPMI_DH_OBJECT rsaHandle, // IN: handle of an RSA key - TPMT_RSA_DECRYPT* scheme // IN: a sign or decrypt scheme - ) + TPMI_DH_OBJECT rsaHandle, // IN: handle of an RSA key + TPMT_RSA_DECRYPT* scheme // IN: a sign or decrypt scheme +) { OBJECT* rsaObject; TPMT_ASYM_SCHEME* keyScheme; @@ -969,26 +969,26 @@ TPMT_RSA_DECRYPT* CryptRsaSelectScheme( // if the default scheme of the object is TPM_ALG_NULL, then select the // input scheme if(keyScheme->scheme == TPM_ALG_NULL) - { - retVal = scheme; - } + { + retVal = scheme; + } // if the object scheme is not TPM_ALG_NULL and the input scheme is // TPM_ALG_NULL, then select the default scheme of the object. else if(scheme->scheme == TPM_ALG_NULL) - { - // if input scheme is NULL - retVal = (TPMT_RSA_DECRYPT*)keyScheme; - } + { + // if input scheme is NULL + retVal = (TPMT_RSA_DECRYPT*)keyScheme; + } // get here if both the object scheme and the input scheme are // not TPM_ALG_NULL. Need to insure that they are the same. // IMPLEMENTATION NOTE: This could cause problems if future versions have // schemes that have more values than just a hash algorithm. A new function // (IsSchemeSame()) might be needed then. else if(keyScheme->scheme == scheme->scheme - && keyScheme->details.anySig.hashAlg == scheme->details.anySig.hashAlg) - { - retVal = scheme; - } + && keyScheme->details.anySig.hashAlg == scheme->details.anySig.hashAlg) + { + retVal = scheme; + } // two different, incompatible schemes specified will return NULL return retVal; } @@ -999,56 +999,56 @@ TPMT_RSA_DECRYPT* CryptRsaSelectScheme( // TPM_RC_BINDING public and private parts of 'rsaKey' are not matched TPM_RC CryptRsaLoadPrivateExponent(TPMT_PUBLIC* publicArea, TPMT_SENSITIVE* sensitive, - OBJECT *rsaKey // libtpms added: Should only be NULL - // in case this function is called for parameter 'testing', such as by - // TPM2_Import() -> ObjectLoad(). - ) + OBJECT *rsaKey // libtpms added: Should only be NULL + // in case this function is called for parameter 'testing', such as by + // TPM2_Import() -> ObjectLoad(). +) { if(!rsaKey || !rsaKey->attributes.privateExp) // libtpms changed: still keep rsaKey for privateExp flag - { - if((sensitive->sensitive.rsa.t.size * 2) == publicArea->unique.rsa.t.size) - { - NEW_PRIVATE_EXPONENT(Z); - CRYPT_RSA_INITIALIZED(bnN, &publicArea->unique.rsa); - CRYPT_RSA_VAR(bnQr); - CRYPT_INT_VAR(bnE, RADIX_BITS); + { + if((sensitive->sensitive.rsa.t.size * 2) == publicArea->unique.rsa.t.size) + { + NEW_PRIVATE_EXPONENT(Z); + CRYPT_RSA_INITIALIZED(bnN, &publicArea->unique.rsa); + CRYPT_RSA_VAR(bnQr); + CRYPT_INT_VAR(bnE, RADIX_BITS); - TPM_DO_SELF_TEST(TPM_ALG_NULL); + TPM_DO_SELF_TEST(TPM_ALG_NULL); - GOTO_ERROR_UNLESS((sensitive->sensitive.rsa.t.size * 2) - == publicArea->unique.rsa.t.size); - // Initialize the exponent - ExtMath_SetWord(bnE, publicArea->parameters.rsaDetail.exponent); - if(ExtMath_IsZero(bnE)) - ExtMath_SetWord(bnE, RSA_DEFAULT_PUBLIC_EXPONENT); - // Convert first prime to 2B - GOTO_ERROR_UNLESS( - TpmMath_IntFrom2B(Z->P, &sensitive->sensitive.rsa.b) != NULL); + GOTO_ERROR_UNLESS((sensitive->sensitive.rsa.t.size * 2) + == publicArea->unique.rsa.t.size); + // Initialize the exponent + ExtMath_SetWord(bnE, publicArea->parameters.rsaDetail.exponent); + if(ExtMath_IsZero(bnE)) + ExtMath_SetWord(bnE, RSA_DEFAULT_PUBLIC_EXPONENT); + // Convert first prime to 2B + GOTO_ERROR_UNLESS( + TpmMath_IntFrom2B(Z->P, &sensitive->sensitive.rsa.b) != NULL); - // Find the second prime by division. This uses 'bQ' rather than Z->Q - // because the division could make the quotient larger than a prime during - // some intermediate step. - GOTO_ERROR_UNLESS(ExtMath_Divide(Z->Q, bnQr, bnN, Z->P)); - GOTO_ERROR_UNLESS(ExtMath_IsZero(bnQr)); - // Compute the private exponent and return it if found - if (rsaKey) { // libtpms added begin - RsaInitializeExponentOld(&rsaKey->privateExponent); - ExtMath_Copy((Crypt_Int *)&rsaKey->privateExponent.Q, Z->Q); // preserve Q - } // libtpms added end - GOTO_ERROR_UNLESS(ComputePrivateExponent(bnE, Z)); - // GOTO_ERROR_UNLESS(PackExponent(&sensitive->sensitive.rsa, Z)); // libtpms: never pack/unpack + // Find the second prime by division. This uses 'bQ' rather than Z->Q + // because the division could make the quotient larger than a prime during + // some intermediate step. + GOTO_ERROR_UNLESS(ExtMath_Divide(Z->Q, bnQr, bnN, Z->P)); + GOTO_ERROR_UNLESS(ExtMath_IsZero(bnQr)); + // Compute the private exponent and return it if found + if (rsaKey) { // libtpms added begin + RsaInitializeExponentOld(&rsaKey->privateExponent); + ExtMath_Copy((Crypt_Int *)&rsaKey->privateExponent.Q, Z->Q); // preserve Q + } // libtpms added end + GOTO_ERROR_UNLESS(ComputePrivateExponent(bnE, Z)); + // GOTO_ERROR_UNLESS(PackExponent(&sensitive->sensitive.rsa, Z)); // libtpms: never pack/unpack - if (rsaKey) { // libtpms added begin - RsaSetExponentOld(&rsaKey->privateExponent, Z); // preserve dP, dQ, qInv - } // libtpms added end - } - else - assert(FALSE); // libtpms changed begin - if (rsaKey) - rsaKey->attributes.privateExp = TRUE; - } + if (rsaKey) { // libtpms added begin + RsaSetExponentOld(&rsaKey->privateExponent, Z); // preserve dP, dQ, qInv + } // libtpms added end + } + else + assert(FALSE); // libtpms changed begin + if (rsaKey) + rsaKey->attributes.privateExp = TRUE; + } return TPM_RC_SUCCESS; - Error: +Error: return TPM_RC_BINDING; } @@ -1127,15 +1127,15 @@ CryptRSAPairwiseConsistencyTest(OBJECT *key) // TPM_RC_SCHEME 'padType' is not a supported scheme // LIB_EXPORT TPM_RC CryptRsaEncrypt( - TPM2B_PUBLIC_KEY_RSA* cOut, // OUT: the encrypted data - TPM2B* dIn, // IN: the data to encrypt - OBJECT* key, // IN: the key used for encryption - TPMT_RSA_DECRYPT* scheme, // IN: the type of padding and hash - // if needed - const TPM2B* label, // IN: in case it is needed - RAND_STATE* rand // IN: random number generator - // state (mostly for testing) - ) + TPM2B_PUBLIC_KEY_RSA* cOut, // OUT: the encrypted data + TPM2B* dIn, // IN: the data to encrypt + OBJECT* key, // IN: the key used for encryption + TPMT_RSA_DECRYPT* scheme, // IN: the type of padding and hash + // if needed + const TPM2B* label, // IN: in case it is needed + RAND_STATE* rand // IN: random number generator + // state (mostly for testing) +) { TPM_RC retVal = TPM_RC_SUCCESS; TPM2B_PUBLIC_KEY_RSA dataIn; @@ -1143,57 +1143,57 @@ LIB_EXPORT TPM_RC CryptRsaEncrypt( // if the input and output buffers are the same, copy the input to a scratch // buffer so that things don't get messed up. if(dIn == &cOut->b) - { - MemoryCopy2B(&dataIn.b, dIn, sizeof(dataIn.t.buffer)); - dIn = &dataIn.b; - } + { + MemoryCopy2B(&dataIn.b, dIn, sizeof(dataIn.t.buffer)); + dIn = &dataIn.b; + } // All encryption schemes return the same size of data cOut->t.size = key->publicArea.unique.rsa.t.size; TPM_DO_SELF_TEST(scheme->scheme); switch(scheme->scheme) - { - case TPM_ALG_NULL: // 'raw' encryption - { - INT32 i; - INT32 dSize = dIn->size; - // dIn can have more bytes than cOut as long as the extra bytes - // are zero. Note: the more significant bytes of a number in a byte - // buffer are the bytes at the start of the array. - if (RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, // libtpms added begin - RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION)) - ERROR_EXIT(TPM_RC_SCHEME); // libtpms added end - for(i = 0; (i < dSize) && (dIn->buffer[i] == 0); i++) - ; - dSize -= i; - if(dSize > cOut->t.size) - ERROR_EXIT(TPM_RC_VALUE); - // Pad cOut with zeros if dIn is smaller - memset(cOut->t.buffer, 0, cOut->t.size - dSize); - // And copy the rest of the value - memcpy(&cOut->t.buffer[cOut->t.size - dSize], &dIn->buffer[i], dSize); + { + case TPM_ALG_NULL: // 'raw' encryption + { + INT32 i; + INT32 dSize = dIn->size; + // dIn can have more bytes than cOut as long as the extra bytes + // are zero. Note: the more significant bytes of a number in a byte + // buffer are the bytes at the start of the array. + if (RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, // libtpms added begin + RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION)) + ERROR_EXIT(TPM_RC_SCHEME); // libtpms added end + for(i = 0; (i < dSize) && (dIn->buffer[i] == 0); i++) + ; + dSize -= i; + if(dSize > cOut->t.size) + ERROR_EXIT(TPM_RC_VALUE); + // Pad cOut with zeros if dIn is smaller + memset(cOut->t.buffer, 0, cOut->t.size - dSize); + // And copy the rest of the value + memcpy(&cOut->t.buffer[cOut->t.size - dSize], &dIn->buffer[i], dSize); - // If the size of dIn is the same as cOut dIn could be larger than - // the modulus. If it is, then RSAEP() will catch it. - } - break; - case TPM_ALG_RSAES: - retVal = RSAES_PKCS1v1_5Encode(&cOut->b, dIn, rand); - break; - case TPM_ALG_OAEP: - retVal = - OaepEncode(&cOut->b, scheme->details.oaep.hashAlg, label, dIn, rand); - break; - default: - ERROR_EXIT(TPM_RC_SCHEME); - break; - } + // If the size of dIn is the same as cOut dIn could be larger than + // the modulus. If it is, then RSAEP() will catch it. + } + break; + case TPM_ALG_RSAES: + retVal = RSAES_PKCS1v1_5Encode(&cOut->b, dIn, rand); + break; + case TPM_ALG_OAEP: + retVal = + OaepEncode(&cOut->b, scheme->details.oaep.hashAlg, label, dIn, rand); + break; + default: + ERROR_EXIT(TPM_RC_SCHEME); + break; + } // All the schemes that do padding will come here for the encryption step // Check that the Encoding worked if(retVal == TPM_RC_SUCCESS) - // Padding OK so do the encryption - retVal = RSAEP(&cOut->b, key); - Exit: + // Padding OK so do the encryption + retVal = RSAEP(&cOut->b, key); +Exit: return retVal; } @@ -1210,12 +1210,12 @@ LIB_EXPORT TPM_RC CryptRsaEncrypt( // TPM_RC_SCHEME 'padType' is not supported // LIB_EXPORT TPM_RC CryptRsaDecrypt( - TPM2B* dOut, // OUT: the decrypted data - TPM2B* cIn, // IN: the data to decrypt - OBJECT* key, // IN: the key to use for decryption - TPMT_RSA_DECRYPT* scheme, // IN: the padding scheme - const TPM2B* label // IN: in case it is needed for the scheme - ) + TPM2B* dOut, // OUT: the decrypted data + TPM2B* cIn, // IN: the data to decrypt + OBJECT* key, // IN: the key to use for decryption + TPMT_RSA_DECRYPT* scheme, // IN: the padding scheme + const TPM2B* label // IN: in case it is needed for the scheme +) { TPM_RC retVal; @@ -1224,7 +1224,7 @@ LIB_EXPORT TPM_RC CryptRsaDecrypt( // Size is checked to make sure that the encrypted value is the right size if(cIn->size != key->publicArea.unique.rsa.t.size) - ERROR_EXIT(TPM_RC_SIZE); + ERROR_EXIT(TPM_RC_SIZE); TPM_DO_SELF_TEST(scheme->scheme); @@ -1232,30 +1232,30 @@ LIB_EXPORT TPM_RC CryptRsaDecrypt( // go handle the decoding. retVal = RSADP(cIn, key); if(retVal == TPM_RC_SUCCESS) - { - // Remove padding - switch(scheme->scheme) - { - case TPM_ALG_NULL: - if (RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, // libtpms added begin - RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION)) - return TPM_RC_SCHEME; // libtpms added end - if(dOut->size < cIn->size) - return TPM_RC_VALUE; - MemoryCopy2B(dOut, cIn, dOut->size); - break; - case TPM_ALG_RSAES: - retVal = RSAES_Decode(dOut, cIn); - break; - case TPM_ALG_OAEP: - retVal = OaepDecode(dOut, scheme->details.oaep.hashAlg, label, cIn); - break; - default: - retVal = TPM_RC_SCHEME; - break; - } - } - Exit: + { + // Remove padding + switch(scheme->scheme) + { + case TPM_ALG_NULL: + if (RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, // libtpms added begin + RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION)) + return TPM_RC_SCHEME; // libtpms added end + if(dOut->size < cIn->size) + return TPM_RC_VALUE; + MemoryCopy2B(dOut, cIn, dOut->size); + break; + case TPM_ALG_RSAES: + retVal = RSAES_Decode(dOut, cIn); + break; + case TPM_ALG_OAEP: + retVal = OaepDecode(dOut, scheme->details.oaep.hashAlg, label, cIn); + break; + default: + retVal = TPM_RC_SCHEME; + break; + } + } +Exit: return retVal; } @@ -1268,11 +1268,11 @@ LIB_EXPORT TPM_RC CryptRsaDecrypt( // TPM_RC_VALUE 'hInSize' does not match 'hashAlg' (for RSASSA) // LIB_EXPORT TPM_RC CryptRsaSign(TPMT_SIGNATURE* sigOut, - OBJECT* key, // IN: key to use - TPM2B_DIGEST* hIn, // IN: the digest to sign - RAND_STATE* rand // IN: the random number generator - // to use (mostly for testing) - ) + OBJECT* key, // IN: key to use + TPM2B_DIGEST* hIn, // IN: the digest to sign + RAND_STATE* rand // IN: the random number generator + // to use (mostly for testing) +) { TPM_RC retVal = TPM_RC_SUCCESS; UINT16 modSize; @@ -1288,29 +1288,29 @@ LIB_EXPORT TPM_RC CryptRsaSign(TPMT_SIGNATURE* sigOut, TPM_DO_SELF_TEST(sigOut->sigAlg); switch(sigOut->sigAlg) - { - case TPM_ALG_NULL: - sigOut->signature.rsapss.sig.t.size = 0; - return TPM_RC_SUCCESS; - case TPM_ALG_RSAPSS: - retVal = PssEncode(&sigOut->signature.rsapss.sig.b, - sigOut->signature.rsapss.hash, - &hIn->b, - rand); - break; - case TPM_ALG_RSASSA: - retVal = RSASSA_Encode(&sigOut->signature.rsassa.sig.b, - sigOut->signature.rsassa.hash, - &hIn->b); - break; - default: - retVal = TPM_RC_SCHEME; - } + { + case TPM_ALG_NULL: + sigOut->signature.rsapss.sig.t.size = 0; + return TPM_RC_SUCCESS; + case TPM_ALG_RSAPSS: + retVal = PssEncode(&sigOut->signature.rsapss.sig.b, + sigOut->signature.rsapss.hash, + &hIn->b, + rand); + break; + case TPM_ALG_RSASSA: + retVal = RSASSA_Encode(&sigOut->signature.rsassa.sig.b, + sigOut->signature.rsassa.hash, + &hIn->b); + break; + default: + retVal = TPM_RC_SCHEME; + } if(retVal == TPM_RC_SUCCESS) - { - // Do the encryption using the private key - retVal = RSADP(&sigOut->signature.rsapss.sig.b, key); - } + { + // Do the encryption using the private key + retVal = RSADP(&sigOut->signature.rsapss.sig.b, key); + } return retVal; } @@ -1324,51 +1324,51 @@ LIB_EXPORT TPM_RC CryptRsaSign(TPMT_SIGNATURE* sigOut, // TPM_RC_SCHEME unsupported scheme or hash algorithm // LIB_EXPORT TPM_RC CryptRsaValidateSignature( - TPMT_SIGNATURE* sig, // IN: signature - OBJECT* key, // IN: public modulus - TPM2B_DIGEST* digest // IN: The digest being validated - ) + TPMT_SIGNATURE* sig, // IN: signature + OBJECT* key, // IN: public modulus + TPM2B_DIGEST* digest // IN: The digest being validated +) { TPM_RC retVal; // // Fatal programming errors pAssert(key != NULL && sig != NULL && digest != NULL); switch(sig->sigAlg) - { - case TPM_ALG_RSAPSS: - case TPM_ALG_RSASSA: - break; - default: - return TPM_RC_SCHEME; - } + { + case TPM_ALG_RSAPSS: + case TPM_ALG_RSASSA: + break; + default: + return TPM_RC_SCHEME; + } // Errors that might be caused by calling parameters if(sig->signature.rsassa.sig.t.size != key->publicArea.unique.rsa.t.size) - ERROR_EXIT(TPM_RC_SIGNATURE); + ERROR_EXIT(TPM_RC_SIGNATURE); TPM_DO_SELF_TEST(sig->sigAlg); // Decrypt the block retVal = RSAEP(&sig->signature.rsassa.sig.b, key); if(retVal == TPM_RC_SUCCESS) - { - switch(sig->sigAlg) - { - case TPM_ALG_RSAPSS: - retVal = PssDecode(sig->signature.any.hashAlg, - &digest->b, - &sig->signature.rsassa.sig.b); - break; - case TPM_ALG_RSASSA: - retVal = RSASSA_Decode(sig->signature.any.hashAlg, - &digest->b, - &sig->signature.rsassa.sig.b); - break; - default: - return TPM_RC_SCHEME; - } - } - Exit: + { + switch(sig->sigAlg) + { + case TPM_ALG_RSAPSS: + retVal = PssDecode(sig->signature.any.hashAlg, + &digest->b, + &sig->signature.rsassa.sig.b); + break; + case TPM_ALG_RSASSA: + retVal = RSASSA_Decode(sig->signature.any.hashAlg, + &digest->b, + &sig->signature.rsassa.sig.b); + break; + default: + return TPM_RC_SCHEME; + } + } +Exit: return (retVal != TPM_RC_SUCCESS) ? TPM_RC_SIGNATURE : TPM_RC_SUCCESS; } #endif // libtpms added @@ -1376,9 +1376,9 @@ LIB_EXPORT TPM_RC CryptRsaValidateSignature( # if SIMULATION && USE_RSA_KEY_CACHE extern int s_rsaKeyCacheEnabled; int GetCachedRsaKey( - TPMT_PUBLIC* publicArea, TPMT_SENSITIVE* sensitive, RAND_STATE* rand); -# define GET_CACHED_KEY(publicArea, sensitive, rand) \ - (s_rsaKeyCacheEnabled && GetCachedRsaKey(publicArea, sensitive, rand)) + TPMT_PUBLIC* publicArea, TPMT_SENSITIVE* sensitive, RAND_STATE* rand); +# define GET_CACHED_KEY(publicArea, sensitive, rand) \ + (s_rsaKeyCacheEnabled && GetCachedRsaKey(publicArea, sensitive, rand)) # else # define GET_CACHED_KEY(key, rand) # endif @@ -1417,12 +1417,12 @@ int GetCachedRsaKey( // TPM_RC_RANGE public exponent is not supported // TPM_RC_VALUE could not find a prime using the provided parameters LIB_EXPORT TPM_RC CryptRsaGenerateKey( - TPMT_PUBLIC* publicArea, - TPMT_SENSITIVE* sensitive, - OBJECT* rsaKey, // libtpms added IN/OUT: The object structure in which the key is created. - RAND_STATE* rand // IN: if not NULL, the deterministic - // RNG state - ) + TPMT_PUBLIC* publicArea, + TPMT_SENSITIVE* sensitive, + OBJECT* rsaKey, // libtpms added IN/OUT: The object structure in which the key is created. + RAND_STATE* rand // IN: if not NULL, the deterministic + // RNG state +) { UINT32 i; CRYPT_RSA_VAR(bnD); @@ -1440,15 +1440,15 @@ LIB_EXPORT TPM_RC CryptRsaGenerateKey( // not supported e = publicArea->parameters.rsaDetail.exponent; if(e == 0) - e = RSA_DEFAULT_PUBLIC_EXPONENT; + e = RSA_DEFAULT_PUBLIC_EXPONENT; else - { - if(e < 65537) - ERROR_EXIT(TPM_RC_RANGE); - // Check that e is prime - if(!IsPrimeInt(e)) - ERROR_EXIT(TPM_RC_RANGE); - } + { + if(e < 65537) + ERROR_EXIT(TPM_RC_RANGE); + // Check that e is prime + if(!IsPrimeInt(e)) + ERROR_EXIT(TPM_RC_RANGE); + } ExtMath_SetWord(bnPubExp, e); // check for supported key size. @@ -1456,14 +1456,14 @@ LIB_EXPORT TPM_RC CryptRsaGenerateKey( if(((keySizeInBits % 1024) != 0) || (keySizeInBits > MAX_RSA_KEY_BITS) // this might be redundant, but... || (keySizeInBits == 0)) - ERROR_EXIT(TPM_RC_VALUE); + ERROR_EXIT(TPM_RC_VALUE); // Set the prime size for instrumentation purposes INSTRUMENT_SET(PrimeIndex, PRIME_INDEX(keySizeInBits / 2)); # if SIMULATION && USE_RSA_KEY_CACHE if(GET_CACHED_KEY(publicArea, sensitive, rand)) - return TPM_RC_SUCCESS; + return TPM_RC_SUCCESS; # endif // Make sure that key generation has been tested @@ -1486,93 +1486,93 @@ LIB_EXPORT TPM_RC CryptRsaGenerateKey( // over and find a new pair of primes. for(i = 1; (retVal == TPM_RC_NO_RESULT) && (i != 100); i++) - { - if(_plat__IsCanceled()) - ERROR_EXIT(TPM_RC_CANCELED); + { + if(_plat__IsCanceled()) + ERROR_EXIT(TPM_RC_CANCELED); - if(TpmRsa_GeneratePrimeForRSA(Z->P, keySizeInBits / 2, e, rand) - == TPM_RC_FAILURE) - { - retVal = TPM_RC_FAILURE; - goto Exit; - } + if(TpmRsa_GeneratePrimeForRSA(Z->P, keySizeInBits / 2, e, rand) + == TPM_RC_FAILURE) + { + retVal = TPM_RC_FAILURE; + goto Exit; + } - INSTRUMENT_INC(PrimeCounts[PrimeIndex]); + INSTRUMENT_INC(PrimeCounts[PrimeIndex]); - // If this is the second prime, make sure that it differs from the - // first prime by at least 2^100 - if(ExtMath_IsZero(Z->Q)) - { - // copy p to q and compute another prime in p - ExtMath_Copy(Z->Q, Z->P); - continue; - } - // Make sure that the difference is at least 100 bits. Need to do it this - // way because the big numbers are only positive values - if(ExtMath_UnsignedCmp(Z->P, Z->Q) < 0) - ExtMath_Subtract(bnD, Z->Q, Z->P); - else - ExtMath_Subtract(bnD, Z->P, Z->Q); - if(ExtMath_MostSigBitNum(bnD) < 100) - continue; + // If this is the second prime, make sure that it differs from the + // first prime by at least 2^100 + if(ExtMath_IsZero(Z->Q)) + { + // copy p to q and compute another prime in p + ExtMath_Copy(Z->Q, Z->P); + continue; + } + // Make sure that the difference is at least 100 bits. Need to do it this + // way because the big numbers are only positive values + if(ExtMath_UnsignedCmp(Z->P, Z->Q) < 0) + ExtMath_Subtract(bnD, Z->Q, Z->P); + else + ExtMath_Subtract(bnD, Z->P, Z->Q); + if(ExtMath_MostSigBitNum(bnD) < 100) + continue; - //Form the public modulus and set the unique value - ExtMath_Multiply(bnN, Z->P, Z->Q); - TpmMath_IntTo2B( - bnN, &publicArea->unique.rsa.b, (NUMBYTES)BITS_TO_BYTES(keySizeInBits)); - // Make sure everything came out right. The MSb of the values must be one - if(((publicArea->unique.rsa.t.buffer[0] & 0x80) == 0) - || (publicArea->unique.rsa.t.size - != (NUMBYTES)BITS_TO_BYTES(keySizeInBits))) - FAIL(FATAL_ERROR_INTERNAL); + //Form the public modulus and set the unique value + ExtMath_Multiply(bnN, Z->P, Z->Q); + TpmMath_IntTo2B( + bnN, &publicArea->unique.rsa.b, (NUMBYTES)BITS_TO_BYTES(keySizeInBits)); + // Make sure everything came out right. The MSb of the values must be one + if(((publicArea->unique.rsa.t.buffer[0] & 0x80) == 0) + || (publicArea->unique.rsa.t.size + != (NUMBYTES)BITS_TO_BYTES(keySizeInBits))) + FAIL(FATAL_ERROR_INTERNAL); - // Add the prime to the sensitive area // libtpms added begin - TpmMath_IntTo2B(Z->P, &sensitive->sensitive.rsa.b, - (NUMBYTES)BITS_TO_BYTES(keySizeInBits) / 2); // libtpms added end + // Add the prime to the sensitive area // libtpms added begin + TpmMath_IntTo2B(Z->P, &sensitive->sensitive.rsa.b, + (NUMBYTES)BITS_TO_BYTES(keySizeInBits) / 2); // libtpms added end + ExtMath_Copy((Crypt_Int*)&rsaKey->privateExponent.Q, Z->Q); // libtpms added: preserve Q - ExtMath_Copy((Crypt_Int*)&rsaKey->privateExponent.Q, Z->Q); // libtpms added: preserve Q - // Make sure that we can form the private exponent values - if(ComputePrivateExponent(bnPubExp, Z) != TRUE) - { - // If ComputePrivateExponent could not find an inverse for - // Q, then copy P and recompute P. This might - // cause both to be recomputed if P is also zero - if(ExtMath_IsZero(Z->Q)) - ExtMath_Copy(Z->Q, Z->P); - continue; - } - RsaSetExponentOld(&rsaKey->privateExponent, Z); // libtpms added: preserve dP, dQ, qInv + // Make sure that we can form the private exponent values + if(ComputePrivateExponent(bnPubExp, Z) != TRUE) + { + // If ComputePrivateExponent could not find an inverse for + // Q, then copy P and recompute P. This might + // cause both to be recomputed if P is also zero + if(ExtMath_IsZero(Z->Q)) + ExtMath_Copy(Z->Q, Z->P); + continue; + } + RsaSetExponentOld(&rsaKey->privateExponent, Z); // libtpms added: preserve dP, dQ, qInv - // Pack the private exponent into the sensitive area - // PackExponent(&sensitive->sensitive.rsa, Z); // libtpms changed: never pack - // Make sure everything came out right. The MSb of the values must be one - if(((publicArea->unique.rsa.t.buffer[0] & 0x80) == 0) - || ((sensitive->sensitive.rsa.t.buffer[0] & 0x80) == 0)) - FAIL(FATAL_ERROR_INTERNAL); + // Pack the private exponent into the sensitive area + // PackExponent(&sensitive->sensitive.rsa, Z); // libtpms changed: never pack + // Make sure everything came out right. The MSb of the values must be one + if(((publicArea->unique.rsa.t.buffer[0] & 0x80) == 0) + || ((sensitive->sensitive.rsa.t.buffer[0] & 0x80) == 0)) + FAIL(FATAL_ERROR_INTERNAL); - retVal = TPM_RC_SUCCESS; - // Do a trial encryption decryption if this is a signing key - if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) - { - CRYPT_RSA_VAR(temp1); - CRYPT_RSA_VAR(temp2); - TpmMath_GetRandomInRange(temp1, bnN, rand); + retVal = TPM_RC_SUCCESS; + // Do a trial encryption decryption if this is a signing key + if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) + { + CRYPT_RSA_VAR(temp1); + CRYPT_RSA_VAR(temp2); + TpmMath_GetRandomInRange(temp1, bnN, rand); - // Encrypt with public exponent... - ExtMath_ModExp(temp2, temp1, bnPubExp, bnN); - // ... then decrypt with private exponent - RsaPrivateKeyOp(temp2, Z); + // Encrypt with public exponent... + ExtMath_ModExp(temp2, temp1, bnPubExp, bnN); + // ... then decrypt with private exponent + RsaPrivateKeyOp(temp2, Z); - // If the starting and ending values are not the same, - // start over )-; - if(ExtMath_UnsignedCmp(temp2, temp1) != 0) - { - ExtMath_SetWord(Z->Q, 0); - retVal = TPM_RC_NO_RESULT; - } - } - } - Exit: + // If the starting and ending values are not the same, + // start over )-; + if(ExtMath_UnsignedCmp(temp2, temp1) != 0) + { + ExtMath_SetWord(Z->Q, 0); + retVal = TPM_RC_NO_RESULT; + } + } + } +Exit: if(retVal == TPM_RC_SUCCESS) rsaKey->attributes.privateExp = SET; @@ -1580,11 +1580,11 @@ LIB_EXPORT TPM_RC CryptRsaGenerateKey( pct: #endif if(retVal == TPM_RC_SUCCESS && - RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, - RUNTIME_ATTRIBUTE_PAIRWISE_CONSISTENCY_TEST)) { - retVal = CryptRSAPairwiseConsistencyTest(rsaKey); - if (retVal) - retVal = TPM_RC_FAILURE; + RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile, + RUNTIME_ATTRIBUTE_PAIRWISE_CONSISTENCY_TEST)) { + retVal = CryptRSAPairwiseConsistencyTest(rsaKey); + if (retVal) + retVal = TPM_RC_FAILURE; } // libtpms added end return retVal; } diff --git a/src/tpm2/crypto/openssl/CryptSmac.c b/src/tpm2/crypto/openssl/CryptSmac.c index c4b3515f..2c880993 100644 --- a/src/tpm2/crypto/openssl/CryptSmac.c +++ b/src/tpm2/crypto/openssl/CryptSmac.c @@ -59,98 +59,92 @@ /* */ /********************************************************************************/ -/* 10.2.20 CryptSmac.c */ -/* 10.2.20.1 Introduction */ -/* This file contains the implementation of the message authentication codes based on a symmetric - block cipher. These functions only use the single block encryption functions of the selected - symmetric cryptographic library. */ -/* 10.2.20.2 Includes, Defines, and Typedefs */ +//** Introduction +// +// This file contains the implementation of the message authentication codes based +// on a symmetric block cipher. These functions only use the single block +// encryption functions of the selected symmetric cryptographic library. + +//** Includes, Defines, and Typedefs #define _CRYPT_HASH_C_ #include "Tpm.h" + #if SMAC_IMPLEMENTED - /* 10.2.20.2.1 CryptSmacStart() */ - /* Function to start an SMAC. */ + +//*** CryptSmacStart() +// Function to start an SMAC. UINT16 -CryptSmacStart( - HASH_STATE *state, - TPMU_PUBLIC_PARMS *keyParameters, - TPM_ALG_ID macAlg, // IN: the type of MAC - TPM2B *key - ) +CryptSmacStart(HASH_STATE* state, + TPMU_PUBLIC_PARMS* keyParameters, + TPM_ALG_ID macAlg, // IN: the type of MAC + TPM2B* key) { - UINT16 retVal = 0; + UINT16 retVal = 0; // // Make sure that the key size is correct. This should have been checked // at key load, but... if(BITS_TO_BYTES(keyParameters->symDetail.sym.keyBits.sym) == key->size) - { - switch(macAlg) - { -#if ALG_CMAC - case TPM_ALG_CMAC: - retVal = CryptCmacStart(&state->state.smac, keyParameters, - macAlg, key); - break; -#endif - default: - break; - } - } + { + switch(macAlg) + { +# if ALG_CMAC + case TPM_ALG_CMAC: + retVal = + CryptCmacStart(&state->state.smac, keyParameters, macAlg, key); + break; +# endif + default: + break; + } + } state->type = (retVal != 0) ? HASH_STATE_SMAC : HASH_STATE_EMPTY; return retVal; } -/* 10.2.20.2.2 CryptMacStart() */ -/* Function to start either an HMAC or an SMAC. Cannot reuse the CryptHmacStart() function because - of the difference in number of parameters. */ + +//*** CryptMacStart() +// Function to start either an HMAC or an SMAC. Cannot reuse the CryptHmacStart +// function because of the difference in number of parameters. UINT16 -CryptMacStart( - HMAC_STATE *state, - TPMU_PUBLIC_PARMS *keyParameters, - TPM_ALG_ID macAlg, // IN: the type of MAC - TPM2B *key - ) +CryptMacStart(HMAC_STATE* state, + TPMU_PUBLIC_PARMS* keyParameters, + TPM_ALG_ID macAlg, // IN: the type of MAC + TPM2B* key) { MemorySet(state, 0, sizeof(HMAC_STATE)); if(CryptHashIsValidAlg(macAlg, FALSE)) - { - return CryptHmacStart(state, macAlg, key->size, key->buffer); - } + { + return CryptHmacStart(state, macAlg, key->size, key->buffer); + } else if(CryptSmacIsValidAlg(macAlg, FALSE)) - { - return CryptSmacStart(&state->hashState, keyParameters, macAlg, key); - } + { + return CryptSmacStart(&state->hashState, keyParameters, macAlg, key); + } else - return 0; + return 0; } -/* 10.2.20.2.3 CryptMacEnd() */ -/* Dispatch to the MAC end function using a size and buffer pointer. */ + +//*** CryptMacEnd() +// Dispatch to the MAC end function using a size and buffer pointer. UINT16 -CryptMacEnd( - HMAC_STATE *state, - UINT32 size, - BYTE *buffer - ) +CryptMacEnd(HMAC_STATE* state, UINT32 size, BYTE* buffer) { - UINT16 retVal = 0; + UINT16 retVal = 0; if(state->hashState.type == HASH_STATE_SMAC) - retVal = (state->hashState.state.smac.smacMethods.end)( - &state->hashState.state.smac.state, size, buffer); + retVal = (state->hashState.state.smac.smacMethods.end)( + &state->hashState.state.smac.state, size, buffer); else if(state->hashState.type == HASH_STATE_HMAC) - retVal = CryptHmacEnd(state, size, buffer); + retVal = CryptHmacEnd(state, size, buffer); state->hashState.type = HASH_STATE_EMPTY; return retVal; } + #if 0 /* libtpms added */ -/* 10.2.20.2.4 CryptMacEnd2B() */ -/* Dispatch to the MAC end function using a 2B. */ +//*** CryptMacEnd2B() +// Dispatch to the MAC end function using a 2B. UINT16 -CryptMacEnd2B ( - HMAC_STATE *state, - TPM2B *data - ) +CryptMacEnd2B(HMAC_STATE* state, TPM2B* data) { return CryptMacEnd(state, data->size, data->buffer); } #endif /* libtpms added */ -#endif // SMAC_IMPLEMENTED - +#endif // SMAC_IMPLEMENTED diff --git a/src/tpm2/crypto/openssl/CryptSym.c b/src/tpm2/crypto/openssl/CryptSym.c index a0540258..1abca386 100644 --- a/src/tpm2/crypto/openssl/CryptSym.c +++ b/src/tpm2/crypto/openssl/CryptSym.c @@ -58,281 +58,287 @@ /* */ /********************************************************************************/ -/* 10.2.19 CryptSym.c */ -/* 10.2.19.1 Introduction */ -/* This file contains the implementation of the symmetric block cipher modes allowed for a - TPM. These functions only use the single block encryption functions of the selected symmetric - crypto library. */ +//** Introduction +// +// This file contains the implementation of the symmetric block cipher modes +// allowed for a TPM. These functions only use the single block encryption functions +// of the selected symmetric crypto library. -/* 10.2.19.2 Includes, Defines, and Typedefs */ +//** Includes, Defines, and Typedefs #include "Tpm.h" + #include "CryptSym.h" #include "Helpers_fp.h" // libtpms changed - -#define KEY_BLOCK_SIZES(ALG, alg) \ - static const INT16 alg##KeyBlockSizes[] = { \ - ALG##_KEY_SIZES_BITS, -1, ALG##_BLOCK_SIZES }; +#define KEY_BLOCK_SIZES(ALG, alg) \ + static const INT16 alg##KeyBlockSizes[] = {ALG##_KEY_SIZES_BITS, \ + -1, \ + ALG##_BLOCK_SIZES}; FOR_EACH_SYM(KEY_BLOCK_SIZES) -/* 10.2.19.3 Initialization and Data Access Functions */ -/* 10.2.19.3.1 CryptSymInit() */ -/* This function is called to do _TPM_Init() processing */ -BOOL -CryptSymInit( - void - ) +//** Initialization and Data Access Functions +// +//*** CryptSymInit() +// This function is called to do _TPM_Init processing +BOOL CryptSymInit(void) { return TRUE; } -/* 10.2.19.3.2 CryptSymStartup() */ -/* This function is called to do TPM2_Startup() processing */ -BOOL -CryptSymStartup( - void - ) -{ - return TRUE; -} -/* 10.2.20.4 Data Access Functions */ -/* 10.2.20.4.1 CryptGetSymmetricBlockSize() */ -/* This function returns the block size of the algorithm. The table of bit sizes has an entry for - each allowed key size. The entry for a key size is 0 if the TPM does not implement that key - size. The key size table is delimited with a negative number (-1). After the delimiter is a list - of block sizes with each entry corresponding to the key bit size. For most symmetric algorithms, - the block size is the same regardless of the key size but this arrangement allows them to be - different. */ -/* Return Values Meaning */ -/* <= 0 cipher not supported */ -/* > 0 the cipher block size in bytes */ -LIB_EXPORT INT16 -CryptGetSymmetricBlockSize( - TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm - UINT16 keySizeInBits // IN: the key size - ) +//*** CryptSymStartup() +// This function is called to do TPM2_Startup() processing +BOOL CryptSymStartup(void) { - const INT16 *sizes; - INT16 i; + return TRUE; +} + +//*** CryptGetSymmetricBlockSize() +// This function returns the block size of the algorithm. The table of bit sizes has +// an entry for each allowed key size. The entry for a key size is 0 if the TPM does +// not implement that key size. The key size table is delimited with a negative number +// (-1). After the delimiter is a list of block sizes with each entry corresponding +// to the key bit size. For most symmetric algorithms, the block size is the same +// regardless of the key size but this arrangement allows them to be different. +// Return Type: INT16 +// <= 0 cipher not supported +// > 0 the cipher block size in bytes + +LIB_EXPORT INT16 CryptGetSymmetricBlockSize( + TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm + UINT16 keySizeInBits // IN: the key size +) +{ + const INT16* sizes; + INT16 i; #if 0 // libtpms added -#define ALG_CASE(SYM, sym) case TPM_ALG_##SYM: sizes = sym##KeyBlockSizes; break +#define ALG_CASE(SYM, sym) \ + case TPM_ALG_##SYM: \ + sizes = sym##KeyBlockSizes; \ + break #endif // libtpms added switch(symmetricAlg) - { -#define GET_KEY_BLOCK_POINTER(SYM, sym) \ - case TPM_ALG_##SYM: \ - sizes = sym##KeyBlockSizes; \ - break; - // Get the pointer to the block size array - FOR_EACH_SYM(GET_KEY_BLOCK_POINTER); + { +#define GET_KEY_BLOCK_POINTER(SYM, sym) \ + case TPM_ALG_##SYM: \ + sizes = sym##KeyBlockSizes; \ + break; + // Get the pointer to the block size array + FOR_EACH_SYM(GET_KEY_BLOCK_POINTER); - default: - return 0; - } + default: + return 0; + } // Find the index of the indicated keySizeInBits for(i = 0; *sizes >= 0; i++, sizes++) - { - if(*sizes == keySizeInBits) - break; - } + { + if(*sizes == keySizeInBits) + break; + } // If sizes is pointing at the end of the list of key sizes, then the desired // key size was not found so set the block size to zero. if(*sizes++ < 0) - return 0; + return 0; // Advance until the end of the list is found - while(*sizes++ >= 0); + while(*sizes++ >= 0) + ; // sizes is pointing to the first entry in the list of block sizes. Use the // ith index to find the block size for the corresponding key size. return sizes[i]; } #if !USE_OPENSSL_FUNCTIONS_SYMMETRIC // libtpms added -/* 10.2.20.5 Symmetric Encryption */ -/* This function performs symmetric encryption based on the mode. */ -/* Error Returns Meaning */ -/* TPM_RC_SIZE dSize is not a multiple of the block size for an algorithm that requires it */ -/* TPM_RC_FAILURE Fatal error */ -LIB_EXPORT TPM_RC -CryptSymmetricEncrypt( - BYTE *dOut, // OUT: - TPM_ALG_ID algorithm, // IN: the symmetric algorithm - UINT16 keySizeInBits, // IN: key size in bits - const BYTE *key, // IN: key buffer. The size of this buffer - // in bytes is (keySizeInBits + 7) / 8 - TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. - TPM_ALG_ID mode, // IN: Mode to use - INT32 dSize, // IN: data size (may need to be a - // multiple of the blockSize) - const BYTE *dIn // IN: data buffer - ) +//** Symmetric Encryption +// This function performs symmetric encryption based on the mode. +// Return Type: TPM_RC +// TPM_RC_SIZE 'dSize' is not a multiple of the block size for an +// algorithm that requires it +// TPM_RC_FAILURE Fatal error +LIB_EXPORT TPM_RC CryptSymmetricEncrypt( + BYTE* dOut, // OUT: + TPM_ALG_ID algorithm, // IN: the symmetric algorithm + UINT16 keySizeInBits, // IN: key size in bits + const BYTE* key, // IN: key buffer. The size of this buffer + // in bytes is (keySizeInBits + 7) / 8 + TPM2B_IV* ivInOut, // IN/OUT: IV for decryption. + TPM_ALG_ID mode, // IN: Mode to use + INT32 dSize, // IN: data size (may need to be a + // multiple of the blockSize) + const BYTE* dIn // IN: data buffer +) { - BYTE *pIv; - int i; - BYTE tmp[MAX_SYM_BLOCK_SIZE]; - BYTE *pT; - tpmCryptKeySchedule_t keySchedule; - INT16 blockSize; - TpmCryptSetSymKeyCall_t encrypt; - TpmCryptSymFinal_t final; // libtpms added - BYTE *iv; - BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; + BYTE* pIv; + int i; + BYTE tmp[MAX_SYM_BLOCK_SIZE]; + BYTE* pT; + tpmCryptKeySchedule_t keySchedule; + INT16 blockSize; + TpmCryptSetSymKeyCall_t encrypt; + BYTE* iv; + BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; + TpmCryptSymFinal_t final; // libtpms added // pAssert(dOut != NULL && key != NULL && dIn != NULL); memset((void *)&keySchedule, 0, sizeof(keySchedule)); /* silence false positive; coverity */ memset(tmp, 0, sizeof(tmp)); if(dSize == 0) - return TPM_RC_SUCCESS; + return TPM_RC_SUCCESS; + TPM_DO_SELF_TEST(algorithm); blockSize = CryptGetSymmetricBlockSize(algorithm, keySizeInBits); if(blockSize == 0) - return TPM_RC_FAILURE; + return TPM_RC_FAILURE; // If the iv is provided, then it is expected to be block sized. In some cases, // the caller is providing an array of 0's that is equal to [MAX_SYM_BLOCK_SIZE] // with no knowledge of the actual block size. This function will set it. if((ivInOut != NULL) && (mode != TPM_ALG_ECB)) - { - ivInOut->t.size = blockSize; - iv = ivInOut->t.buffer; - } + { + ivInOut->t.size = blockSize; + iv = ivInOut->t.buffer; + } else - iv = defaultIv; + iv = defaultIv; pIv = iv; - // Create encrypt key schedule and set the encryption function pointer. - switch (algorithm) - { - FOR_EACH_SYM(ENCRYPT_CASE) - default: - return TPM_RC_SYMMETRIC; - } + // Create encrypt key schedule and set the encryption function pointer. + switch(algorithm) + { + FOR_EACH_SYM(ENCRYPT_CASE) + + default: + return TPM_RC_SYMMETRIC; + } switch(mode) - { + { #if ALG_CTR - case TPM_ALG_CTR: - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the IV(counter) - ENCRYPT(&keySchedule, iv, tmp); - //increment the counter (counter is big-endian so start at end) - for(i = blockSize - 1; i >= 0; i--) - if((iv[i] += 1) != 0) - break; - // XOR the encrypted counter value with input and put into output - pT = tmp; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - *dOut++ = *dIn++ ^ *pT++; - } - break; + case TPM_ALG_CTR: + for(; dSize > 0; dSize -= blockSize) + { + // Encrypt the current value of the IV(counter) + ENCRYPT(&keySchedule, iv, tmp); + + //increment the counter (counter is big-endian so start at end) + for(i = blockSize - 1; i >= 0; i--) + if((iv[i] += 1) != 0) + break; + // XOR the encrypted counter value with input and put into output + pT = tmp; + for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) + *dOut++ = *dIn++ ^ *pT++; + } + break; #endif #if ALG_OFB - case TPM_ALG_OFB: - // This is written so that dIn and dOut may be the same - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the "IV" - ENCRYPT(&keySchedule, iv, iv); - // XOR the encrypted IV into dIn to create the cipher text (dOut) - pIv = iv; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - *dOut++ = (*pIv++ ^ *dIn++); - } - break; + case TPM_ALG_OFB: + // This is written so that dIn and dOut may be the same + for(; dSize > 0; dSize -= blockSize) + { + // Encrypt the current value of the "IV" + ENCRYPT(&keySchedule, iv, iv); + + // XOR the encrypted IV into dIn to create the cipher text (dOut) + pIv = iv; + for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) + *dOut++ = (*pIv++ ^ *dIn++); + } + break; #endif #if ALG_CBC - case TPM_ALG_CBC: - // For CBC the data size must be an even multiple of the - // cipher block size - if((dSize % blockSize) != 0) - return TPM_RC_SIZE; - // XOR the data block into the IV, encrypt the IV into the IV - // and then copy the IV to the output - for(; dSize > 0; dSize -= blockSize) - { - pIv = iv; - for(i = blockSize; i > 0; i--) - *pIv++ ^= *dIn++; - ENCRYPT(&keySchedule, iv, iv); - pIv = iv; - for(i = blockSize; i > 0; i--) - *dOut++ = *pIv++; - } - break; + case TPM_ALG_CBC: + // For CBC the data size must be an even multiple of the + // cipher block size + if((dSize % blockSize) != 0) + return TPM_RC_SIZE; + // XOR the data block into the IV, encrypt the IV into the IV + // and then copy the IV to the output + for(; dSize > 0; dSize -= blockSize) + { + pIv = iv; + for(i = blockSize; i > 0; i--) + *pIv++ ^= *dIn++; + ENCRYPT(&keySchedule, iv, iv); + pIv = iv; + for(i = blockSize; i > 0; i--) + *dOut++ = *pIv++; + } + break; #endif - // CFB is not optional - case TPM_ALG_CFB: - // Encrypt the IV into the IV, XOR in the data, and copy to output - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the IV - ENCRYPT(&keySchedule, iv, iv); - pIv = iv; - for(i = (int)(dSize < blockSize) ? dSize : blockSize; i > 0; i--) - // XOR the data into the IV to create the cipher text - // and put into the output - *dOut++ = *pIv++ ^= *dIn++; - } - // If the inner loop (i loop) was smaller than blockSize, then dSize - // would have been smaller than blockSize and it is now negative. If - // it is negative, then it indicates how many bytes are needed to pad - // out the IV for the next round. - for(; dSize < 0; dSize++) - *pIv++ = 0; - break; + // CFB is not optional + case TPM_ALG_CFB: + // Encrypt the IV into the IV, XOR in the data, and copy to output + for(; dSize > 0; dSize -= blockSize) + { + // Encrypt the current value of the IV + ENCRYPT(&keySchedule, iv, iv); + pIv = iv; + for(i = (int)(dSize < blockSize) ? dSize : blockSize; i > 0; i--) + // XOR the data into the IV to create the cipher text + // and put into the output + *dOut++ = *pIv++ ^= *dIn++; + } + // If the inner loop (i loop) was smaller than blockSize, then dSize + // would have been smaller than blockSize and it is now negative. If + // it is negative, then it indicates how many bytes are needed to pad + // out the IV for the next round. + for(; dSize < 0; dSize++) + *pIv++ = 0; + break; #if ALG_ECB - case TPM_ALG_ECB: - // For ECB the data size must be an even multiple of the - // cipher block size - if((dSize % blockSize) != 0) - return TPM_RC_SIZE; - // Encrypt the input block to the output block - for(; dSize > 0; dSize -= blockSize) - { - ENCRYPT(&keySchedule, dIn, dOut); - dIn = &dIn[blockSize]; - dOut = &dOut[blockSize]; - } - break; + case TPM_ALG_ECB: + // For ECB the data size must be an even multiple of the + // cipher block size + if((dSize % blockSize) != 0) + return TPM_RC_SIZE; + // Encrypt the input block to the output block + for(; dSize > 0; dSize -= blockSize) + { + ENCRYPT(&keySchedule, dIn, dOut); + dIn = &dIn[blockSize]; + dOut = &dOut[blockSize]; + } + break; #endif - default: - if (final) // libtpms added begin - FINAL(&keySchedule); // libtpms added end - return TPM_RC_FAILURE; - } + default: + if (final) // libtpms added begin + FINAL(&keySchedule); // libtpms added end + return TPM_RC_FAILURE; + } if (final) // libtpms added begin - FINAL(&keySchedule); // libtpms added end + FINAL(&keySchedule); // libtpms added end return TPM_RC_SUCCESS; } -/* 10.2.20.5.1 CryptSymmetricDecrypt() */ -/* This function performs symmetric decryption based on the mode. */ -/* Error Returns Meaning */ -/* TPM_RC_FAILURE A fatal error */ -/* TPM_RCS_SIZE dSize is not a multiple of the block size for an algorithm that requires it */ -LIB_EXPORT TPM_RC -CryptSymmetricDecrypt( - BYTE *dOut, // OUT: decrypted data - TPM_ALG_ID algorithm, // IN: the symmetric algorithm - UINT16 keySizeInBits, // IN: key size in bits - const BYTE *key, // IN: key buffer. The size of this buffer - // in bytes is (keySizeInBits + 7) / 8 - TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. - TPM_ALG_ID mode, // IN: Mode to use - INT32 dSize, // IN: data size (may need to be a - // multiple of the blockSize) - const BYTE *dIn // IN: data buffer - ) + +//*** CryptSymmetricDecrypt() +// This function performs symmetric decryption based on the mode. +// Return Type: TPM_RC +// TPM_RC_FAILURE A fatal error +// TPM_RCS_SIZE 'dSize' is not a multiple of the block size for an +// algorithm that requires it +LIB_EXPORT TPM_RC CryptSymmetricDecrypt( + BYTE* dOut, // OUT: decrypted data + TPM_ALG_ID algorithm, // IN: the symmetric algorithm + UINT16 keySizeInBits, // IN: key size in bits + const BYTE* key, // IN: key buffer. The size of this buffer + // in bytes is (keySizeInBits + 7) / 8 + TPM2B_IV* ivInOut, // IN/OUT: IV for decryption. + TPM_ALG_ID mode, // IN: Mode to use + INT32 dSize, // IN: data size (may need to be a + // multiple of the blockSize) + const BYTE* dIn // IN: data buffer +) { - BYTE *pIv; - int i; - BYTE tmp[MAX_SYM_BLOCK_SIZE]; - BYTE *pT; - tpmCryptKeySchedule_t keySchedule; - INT16 blockSize; - BYTE *iv; - TpmCryptSetSymKeyCall_t encrypt; - TpmCryptSetSymKeyCall_t decrypt; - TpmCryptSymFinal_t final; /* libtpms added */ - BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; + BYTE* pIv; + int i; + BYTE tmp[MAX_SYM_BLOCK_SIZE]; + BYTE* pT; + tpmCryptKeySchedule_t keySchedule; + INT16 blockSize; + BYTE* iv; + TpmCryptSetSymKeyCall_t encrypt; + TpmCryptSetSymKeyCall_t decrypt; + BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; + TpmCryptSymFinal_t final; /* libtpms added */ + memset((void *)&keySchedule, 0, sizeof(keySchedule)); /* silence false positive; coverity */ memset(tmp, 0, sizeof(tmp)); @@ -342,143 +348,149 @@ CryptSymmetricDecrypt( // care that these are initialized before use. encrypt = NULL; decrypt = NULL; + pAssert(dOut != NULL && key != NULL && dIn != NULL); if(dSize == 0) - return TPM_RC_SUCCESS; + return TPM_RC_SUCCESS; + TPM_DO_SELF_TEST(algorithm); blockSize = CryptGetSymmetricBlockSize(algorithm, keySizeInBits); if(blockSize == 0) - return TPM_RC_FAILURE; + return TPM_RC_FAILURE; // If the iv is provided, then it is expected to be block sized. In some cases, // the caller is providing an array of 0's that is equal to [MAX_SYM_BLOCK_SIZE] // with no knowledge of the actual block size. This function will set it. if((ivInOut != NULL) && (mode != TPM_ALG_ECB)) - { - ivInOut->t.size = blockSize; - iv = ivInOut->t.buffer; - } + { + ivInOut->t.size = blockSize; + iv = ivInOut->t.buffer; + } else - iv = defaultIv; + iv = defaultIv; + pIv = iv; // Use the mode to select the key schedule to create. Encrypt always uses the // encryption schedule. Depending on the mode, decryption might use either // the decryption or encryption schedule. switch(mode) - { + { #if ALG_CBC || ALG_ECB - case TPM_ALG_CBC: // decrypt = decrypt - case TPM_ALG_ECB: - // For ECB and CBC, the data size must be an even multiple of the - // cipher block size - if((dSize % blockSize) != 0) - return TPM_RC_SIZE; - switch (algorithm) - { - FOR_EACH_SYM(DECRYPT_CASE) - default: - return TPM_RC_SYMMETRIC; - } - break; + case TPM_ALG_CBC: // decrypt = decrypt + case TPM_ALG_ECB: + // For ECB and CBC, the data size must be an even multiple of the + // cipher block size + if((dSize % blockSize) != 0) + return TPM_RC_SIZE; + switch(algorithm) + { + FOR_EACH_SYM(DECRYPT_CASE) + default: + return TPM_RC_SYMMETRIC; + } + break; #endif - default: - // For the remaining stream ciphers, use encryption to decrypt - switch (algorithm) - { - FOR_EACH_SYM(ENCRYPT_CASE) - default: - return TPM_RC_SYMMETRIC; - } - } + default: + // For the remaining stream ciphers, use encryption to decrypt + switch(algorithm) + { + FOR_EACH_SYM(ENCRYPT_CASE) + default: + return TPM_RC_SYMMETRIC; + } + } // Now do the mode-dependent decryption switch(mode) - { + { #if ALG_CBC - case TPM_ALG_CBC: - // Copy the input data to a temp buffer, decrypt the buffer into the - // output, XOR in the IV, and copy the temp buffer to the IV and repeat. - for(; dSize > 0; dSize -= blockSize) - { - pT = tmp; - for(i = blockSize; i > 0; i--) - *pT++ = *dIn++; - DECRYPT(&keySchedule, tmp, dOut); - pIv = iv; - pT = tmp; - for(i = blockSize; i > 0; i--) - { - *dOut++ ^= *pIv; - *pIv++ = *pT++; - } - } - break; + case TPM_ALG_CBC: + // Copy the input data to a temp buffer, decrypt the buffer into the + // output, XOR in the IV, and copy the temp buffer to the IV and repeat. + for(; dSize > 0; dSize -= blockSize) + { + pT = tmp; + for(i = blockSize; i > 0; i--) + *pT++ = *dIn++; + DECRYPT(&keySchedule, tmp, dOut); + pIv = iv; + pT = tmp; + for(i = blockSize; i > 0; i--) + { + *dOut++ ^= *pIv; + *pIv++ = *pT++; + } + } + break; #endif - case TPM_ALG_CFB: - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the IV into the temp buffer - ENCRYPT(&keySchedule, iv, tmp); - pT = tmp; - pIv = iv; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - // Copy the current cipher text to IV, XOR - // with the temp buffer and put into the output - *dOut++ = *pT++ ^ (*pIv++ = *dIn++); - } - // If the inner loop (i loop) was smaller than blockSize, then dSize - // would have been smaller than blockSize and it is now negative - // If it is negative, then it indicates how may fill bytes - // are needed to pad out the IV for the next round. - for(; dSize < 0; dSize++) - *pIv++ = 0; - break; + case TPM_ALG_CFB: + for(; dSize > 0; dSize -= blockSize) + { + // Encrypt the IV into the temp buffer + ENCRYPT(&keySchedule, iv, tmp); + pT = tmp; + pIv = iv; + for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) + // Copy the current cipher text to IV, XOR + // with the temp buffer and put into the output + *dOut++ = *pT++ ^ (*pIv++ = *dIn++); + } + // If the inner loop (i loop) was smaller than blockSize, then dSize + // would have been smaller than blockSize and it is now negative + // If it is negative, then it indicates how may fill bytes + // are needed to pad out the IV for the next round. + for(; dSize < 0; dSize++) + *pIv++ = 0; + + break; #if ALG_CTR - case TPM_ALG_CTR: - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the IV(counter) - ENCRYPT(&keySchedule, iv, tmp); - //increment the counter (counter is big-endian so start at end) - for(i = blockSize - 1; i >= 0; i--) - if((iv[i] += 1) != 0) - break; - // XOR the encrypted counter value with input and put into output - pT = tmp; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - *dOut++ = *dIn++ ^ *pT++; - } - break; + case TPM_ALG_CTR: + for(; dSize > 0; dSize -= blockSize) + { + // Encrypt the current value of the IV(counter) + ENCRYPT(&keySchedule, iv, tmp); + + //increment the counter (counter is big-endian so start at end) + for(i = blockSize - 1; i >= 0; i--) + if((iv[i] += 1) != 0) + break; + // XOR the encrypted counter value with input and put into output + pT = tmp; + for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) + *dOut++ = *dIn++ ^ *pT++; + } + break; #endif #if ALG_ECB - case TPM_ALG_ECB: - for(; dSize > 0; dSize -= blockSize) - { - DECRYPT(&keySchedule, dIn, dOut); - dIn = &dIn[blockSize]; - dOut = &dOut[blockSize]; - } - break; + case TPM_ALG_ECB: + for(; dSize > 0; dSize -= blockSize) + { + DECRYPT(&keySchedule, dIn, dOut); + dIn = &dIn[blockSize]; + dOut = &dOut[blockSize]; + } + break; #endif #if ALG_OFB - case TPM_ALG_OFB: - // This is written so that dIn and dOut may be the same - for(; dSize > 0; dSize -= blockSize) - { - // Encrypt the current value of the "IV" - ENCRYPT(&keySchedule, iv, iv); - // XOR the encrypted IV into dIn to create the cipher text (dOut) - pIv = iv; - for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) - *dOut++ = (*pIv++ ^ *dIn++); - } - break; + case TPM_ALG_OFB: + // This is written so that dIn and dOut may be the same + for(; dSize > 0; dSize -= blockSize) + { + // Encrypt the current value of the "IV" + ENCRYPT(&keySchedule, iv, iv); + + // XOR the encrypted IV into dIn to create the cipher text (dOut) + pIv = iv; + for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) + *dOut++ = (*pIv++ ^ *dIn++); + } + break; #endif - default: - if (final) /* libtpms added begin */ - FINAL(&keySchedule); /* libtpms added end */ - return TPM_RC_FAILURE; - } + default: + if (final) /* libtpms added begin */ + FINAL(&keySchedule); /* libtpms added end */ + return TPM_RC_FAILURE; + } if (final) /* libtpms added begin */ - FINAL(&keySchedule); /* libtpms added end */ + FINAL(&keySchedule); /* libtpms added end */ return TPM_RC_SUCCESS; } @@ -763,22 +775,19 @@ CryptSymmetricDecrypt( #endif // libtpms added end -/* 10.2.20.5.2 CryptSymKeyValidate() */ -/* Validate that a provided symmetric key meets the requirements of the TPM */ -/* Error Returns Meaning */ -/* TPM_RC_KEY_SIZE Key size specifiers do not match */ -/* TPM_RC_KEY Key is not allowed */ +//*** CryptSymKeyValidate() +// Validate that a provided symmetric key meets the requirements of the TPM +// Return Type: TPM_RC +// TPM_RC_KEY_SIZE Key size specifiers do not match +// TPM_RC_KEY Key is not allowed TPM_RC -CryptSymKeyValidate( - TPMT_SYM_DEF_OBJECT *symDef, - TPM2B_SYM_KEY *key - ) +CryptSymKeyValidate(TPMT_SYM_DEF_OBJECT* symDef, TPM2B_SYM_KEY* key) { if(key->t.size != BITS_TO_BYTES(symDef->keyBits.sym)) - return TPM_RCS_KEY_SIZE; -#if ALG_TDES + return TPM_RCS_KEY_SIZE; +#if ALG_TDES // libtpms added begin if(symDef->algorithm == TPM_ALG_TDES && !CryptDesValidateKey(key)) - return TPM_RCS_KEY; -#endif // TPM_ALG_TDES + return TPM_RCS_KEY; +#endif // TPM_ALG_TDES // libtpms added end return TPM_RC_SUCCESS; } diff --git a/src/tpm2/crypto/openssl/TpmToOsslHash.h b/src/tpm2/crypto/openssl/TpmToOsslHash.h index 13a93858..ebac844c 100644 --- a/src/tpm2/crypto/openssl/TpmToOsslHash.h +++ b/src/tpm2/crypto/openssl/TpmToOsslHash.h @@ -138,47 +138,48 @@ typedef const BYTE* PCBYTE; # define HASH_START(hashState) ((hashState)->def->method.start)(&(hashState)->state); // Add data to the hash -# define HASH_DATA_METHOD_DEF \ - void(HASH_DATA_METHOD)(PANY_HASH_STATE state, PCBYTE buffer, size_t size) -# define HASH_DATA(hashState, dInSize, dIn) \ - ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) +# define HASH_DATA_METHOD_DEF \ + void(HASH_DATA_METHOD)(PANY_HASH_STATE state, PCBYTE buffer, size_t size) +# define HASH_DATA(hashState, dInSize, dIn) \ + ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) // Finalize the hash and get the digest -# define HASH_END_METHOD_DEF \ - void(HASH_END_METHOD)(BYTE * buffer, PANY_HASH_STATE state) -# define HASH_END(hashState, buffer) \ - ((hashState)->def->method.end)(buffer, &(hashState)->state) +# define HASH_END_METHOD_DEF \ + void(HASH_END_METHOD)(BYTE * buffer, PANY_HASH_STATE state) +# define HASH_END(hashState, buffer) \ + ((hashState)->def->method.end)(buffer, &(hashState)->state) // Copy the hash context // Note: For import, export, and copy, memcpy() is used since there is no // reformatting necessary between the internal and external forms. -# define HASH_STATE_COPY_METHOD_DEF \ - void(HASH_STATE_COPY_METHOD)( \ - PANY_HASH_STATE to, PCANY_HASH_STATE from, size_t size) -# define HASH_STATE_COPY(hashStateOut, hashStateIn) \ - ((hashStateIn)->def->method.copy)(&(hashStateOut)->state, \ - &(hashStateIn)->state, \ - (hashStateIn)->def->contextSize) +# define HASH_STATE_COPY_METHOD_DEF \ + void(HASH_STATE_COPY_METHOD)( \ + PANY_HASH_STATE to, PCANY_HASH_STATE from, size_t size) +# define HASH_STATE_COPY(hashStateOut, hashStateIn) \ + ((hashStateIn)->def->method.copy)(&(hashStateOut)->state, \ + &(hashStateIn)->state, \ + (hashStateIn)->def->contextSize) // Copy (with reformatting when necessary) an internal hash structure to an // external blob -# define HASH_STATE_EXPORT_METHOD_DEF \ - void(HASH_STATE_EXPORT_METHOD)(BYTE * to, PCANY_HASH_STATE from, size_t size) -# define HASH_STATE_EXPORT(to, hashStateFrom) \ - ((hashStateFrom)->def->method.copyOut)( \ - &(((BYTE*)(to))[offsetof(HASH_STATE, state)]), \ - &(hashStateFrom)->state, \ - (hashStateFrom)->def->contextSize) +# define HASH_STATE_EXPORT_METHOD_DEF \ + void(HASH_STATE_EXPORT_METHOD)(BYTE * to, PCANY_HASH_STATE from, size_t size) +# define HASH_STATE_EXPORT(to, hashStateFrom) \ + ((hashStateFrom)->def->method.copyOut)( \ + &(((BYTE*)(to))[offsetof(HASH_STATE, state)]), \ + &(hashStateFrom)->state, \ + (hashStateFrom)->def->contextSize) // Copy from an external blob to an internal formate (with reformatting when // necessary -# define HASH_STATE_IMPORT_METHOD_DEF \ - void(HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, const BYTE* from, size_t size) -# define HASH_STATE_IMPORT(hashStateTo, from) \ - ((hashStateTo)->def->method.copyIn)( \ - &(hashStateTo)->state, \ - &(((const BYTE*)(from))[offsetof(HASH_STATE, state)]), \ - (hashStateTo)->def->contextSize) +# define HASH_STATE_IMPORT_METHOD_DEF \ + void(HASH_STATE_IMPORT_METHOD)( \ + PANY_HASH_STATE to, const BYTE* from, size_t size) +# define HASH_STATE_IMPORT(hashStateTo, from) \ + ((hashStateTo)->def->method.copyIn)( \ + &(hashStateTo)->state, \ + &(((const BYTE*)(from))[offsetof(HASH_STATE, state)]), \ + (hashStateTo)->def->contextSize) // Function aliases. The code in CryptHash.c uses the internal designation for the // functions. These need to be translated to the function names of the library. diff --git a/src/tpm2/crypto/openssl/TpmToOsslSupport.c b/src/tpm2/crypto/openssl/TpmToOsslSupport.c index 7888fb40..1dfd64f6 100644 --- a/src/tpm2/crypto/openssl/TpmToOsslSupport.c +++ b/src/tpm2/crypto/openssl/TpmToOsslSupport.c @@ -103,7 +103,7 @@ void OsslContextLeave(BN_CTX* CTX) BN_CTX* OsslPushContext(BN_CTX* CTX) { if(CTX == NULL) - FAIL(FATAL_ERROR_ALLOCATION); + FAIL(FATAL_ERROR_ALLOCATION); BN_CTX_start(CTX); return CTX; } @@ -114,7 +114,7 @@ void OsslPopContext(BN_CTX* CTX) { // BN_CTX_end can't be called with NULL. It will blow up. if(CTX != NULL) - BN_CTX_end(CTX); + BN_CTX_end(CTX); } #endif // HASH_LIB_OSSL || MATH_LIB_OSSL || SYM_LIB_OSSL diff --git a/src/tpm2/crypto/openssl/TpmToOsslSym.h b/src/tpm2/crypto/openssl/TpmToOsslSym.h index 58b1826f..7d4df54f 100644 --- a/src/tpm2/crypto/openssl/TpmToOsslSym.h +++ b/src/tpm2/crypto/openssl/TpmToOsslSym.h @@ -114,7 +114,7 @@ void SM4_final(const SM4_KEY *ks); // libtpms added // 3) out buffer // Since open SSL uses the order in encryptoCall_t above, need to swizzle the // values to the order required by the library. -#define SWIZZLE(keySchedule, in, out) \ +#define SWIZZLE(keySchedule, in, out) \ (const BYTE*)(in), (BYTE*)(out), (void*)(keySchedule) // Define the order of parameters to the library functions that do block encryption @@ -130,9 +130,9 @@ typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */ // Macros to set up the encryption/decryption key schedules // // AES: -#define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ +#define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ AES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleAES*)(schedule)) -#define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ +#define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ AES_set_decrypt_key((key), (keySizeInBits), (tpmKeyScheduleAES*)(schedule)) // Macros to alias encryption calls to specific algorithms. This should be used @@ -164,9 +164,9 @@ typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */ //** Links to the OpenSSL SM4 code //*************************************************************** // Macros to set up the encryption/decryption key schedules -#define TpmCryptSetEncryptKeySM4(key, keySizeInBits, schedule) \ +#define TpmCryptSetEncryptKeySM4(key, keySizeInBits, schedule) \ SM4_set_encrypt_key((key), (tpmKeyScheduleSM4 *)(schedule)) /* libtpms changed */ -#define TpmCryptSetDecryptKeySM4(key, keySizeInBits, schedule) \ +#define TpmCryptSetDecryptKeySM4(key, keySizeInBits, schedule) \ SM4_set_decrypt_key((key), (tpmKeyScheduleSM4 *)(schedule)) /* libtpms changed */ // Macros to alias encryption calls to specific algorithms. This should be used @@ -180,9 +180,9 @@ typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */ //** Links to the OpenSSL CAMELLIA code //*************************************************************** // Macros to set up the encryption/decryption key schedules -#define TpmCryptSetEncryptKeyCAMELLIA(key, keySizeInBits, schedule) \ +#define TpmCryptSetEncryptKeyCAMELLIA(key, keySizeInBits, schedule) \ Camellia_set_key((key), (keySizeInBits), (tpmKeyScheduleCAMELLIA*)(schedule)) -#define TpmCryptSetDecryptKeyCAMELLIA(key, keySizeInBits, schedule) \ +#define TpmCryptSetDecryptKeyCAMELLIA(key, keySizeInBits, schedule) \ Camellia_set_key((key), (keySizeInBits), (tpmKeyScheduleCAMELLIA*)(schedule)) // Macros to alias encryption calls to specific algorithms. This should be used @@ -200,4 +200,3 @@ typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */ #define SymLibSimulationEnd() #endif // SYM_LIB_DEFINED - diff --git a/src/tpm2/crypto/openssl/tpm_radix.h b/src/tpm2/crypto/openssl/tpm_radix.h index 047a13a0..11076848 100644 --- a/src/tpm2/crypto/openssl/tpm_radix.h +++ b/src/tpm2/crypto/openssl/tpm_radix.h @@ -79,13 +79,13 @@ #endif // libtpms added end #ifndef RADIX_BITS -# if defined(__x86_64__) || defined(__x86_64) || defined(__amd64__) \ - || defined(__amd64) || defined(_WIN64) || defined(_M_X64) || defined(_M_ARM64) \ - || defined(__aarch64__) || defined(__PPC64__) || defined(__s390x__) \ - || defined(__powerpc64__) || defined(__ppc64__) +# if defined(__x86_64__) || defined(__x86_64) || defined(__amd64__) \ + || defined(__amd64) || defined(_WIN64) || defined(_M_X64) || defined(_M_ARM64) \ + || defined(__aarch64__) || defined(__PPC64__) || defined(__s390x__) \ + || defined(__powerpc64__) || defined(__ppc64__) # define RADIX_BITS 64 # elif defined(__i386__) || defined(__i386) || defined(i386) || defined(_WIN32) \ - || defined(_M_IX86) + || defined(_M_IX86) # define RADIX_BITS 32 # elif defined(_M_ARM) || defined(__arm__) || defined(__thumb__) # define RADIX_BITS 32 @@ -132,8 +132,8 @@ typedef int64_t crypt_word_t; # define SWAP_CRYPT_WORD(x) REVERSE_ENDIAN_32((x)) typedef uint32_t crypt_uword_t; typedef int32_t crypt_word_t; -# define TO_CRYPT_WORD_64(a, b, c, d, e, f, g, h) \ - BIG_ENDIAN_BYTES_TO_UINT32(e, f, g, h), BIG_ENDIAN_BYTES_TO_UINT32(a, b, c, d) +# define TO_CRYPT_WORD_64(a, b, c, d, e, f, g, h) \ + BIG_ENDIAN_BYTES_TO_UINT32(e, f, g, h), BIG_ENDIAN_BYTES_TO_UINT32(a, b, c, d) #define BN_PAD 1 /* libtpms added */ #endif diff --git a/src/tpm2/endian_swap.h b/src/tpm2/endian_swap.h index 595df95a..1fe4ad43 100644 --- a/src/tpm2/endian_swap.h +++ b/src/tpm2/endian_swap.h @@ -58,62 +58,98 @@ /* */ /********************************************************************************/ -#ifndef _ENDIAN_SWAP_H -#define _ENDIAN_SWAP_H +#ifndef _SWAP_H +#define _SWAP_H #if LITTLE_ENDIAN_TPM -#define TO_BIG_ENDIAN_UINT16(i) REVERSE_ENDIAN_16(i) -#define FROM_BIG_ENDIAN_UINT16(i) REVERSE_ENDIAN_16(i) -#define TO_BIG_ENDIAN_UINT32(i) REVERSE_ENDIAN_32(i) -#define FROM_BIG_ENDIAN_UINT32(i) REVERSE_ENDIAN_32(i) -#define TO_BIG_ENDIAN_UINT64(i) REVERSE_ENDIAN_64(i) -#define FROM_BIG_ENDIAN_UINT64(i) REVERSE_ENDIAN_64(i) +# define TO_BIG_ENDIAN_UINT16(i) REVERSE_ENDIAN_16(i) +# define FROM_BIG_ENDIAN_UINT16(i) REVERSE_ENDIAN_16(i) +# define TO_BIG_ENDIAN_UINT32(i) REVERSE_ENDIAN_32(i) +# define FROM_BIG_ENDIAN_UINT32(i) REVERSE_ENDIAN_32(i) +# define TO_BIG_ENDIAN_UINT64(i) REVERSE_ENDIAN_64(i) +# define FROM_BIG_ENDIAN_UINT64(i) REVERSE_ENDIAN_64(i) #else -#define TO_BIG_ENDIAN_UINT16(i) (i) -#define FROM_BIG_ENDIAN_UINT16(i) (i) -#define TO_BIG_ENDIAN_UINT32(i) (i) -#define FROM_BIG_ENDIAN_UINT32(i) (i) -#define TO_BIG_ENDIAN_UINT64(i) (i) -#define FROM_BIG_ENDIAN_UINT64(i) (i) +# define TO_BIG_ENDIAN_UINT16(i) (i) +# define FROM_BIG_ENDIAN_UINT16(i) (i) +# define TO_BIG_ENDIAN_UINT32(i) (i) +# define FROM_BIG_ENDIAN_UINT32(i) (i) +# define TO_BIG_ENDIAN_UINT64(i) (i) +# define FROM_BIG_ENDIAN_UINT64(i) (i) #endif -#if AUTO_ALIGN == NO -/* The aggregation macros for machines that do not allow unaligned access or for little-endian - machines. Aggregate bytes into an UINT */ -#define BYTE_ARRAY_TO_UINT8(b) (uint8_t)((b)[0]) -#define BYTE_ARRAY_TO_UINT16(b) ByteArrayToUint16((BYTE *)(b)) -#define BYTE_ARRAY_TO_UINT32(b) ByteArrayToUint32((BYTE *)(b)) -#define BYTE_ARRAY_TO_UINT64(b) ByteArrayToUint64((BYTE *)(b)) -#define UINT8_TO_BYTE_ARRAY(i, b) ((b)[0] = (uint8_t)(i)) -#define UINT16_TO_BYTE_ARRAY(i, b) Uint16ToByteArray((i), (BYTE *)(b)) -#define UINT32_TO_BYTE_ARRAY(i, b) Uint32ToByteArray((i), (BYTE *)(b)) -#define UINT64_TO_BYTE_ARRAY(i, b) Uint64ToByteArray((i), (BYTE *)(b)) -#else // AUTO_ALIGN -#if BIG_ENDIAN_TPM -/* The big-endian macros for machines that allow unaligned memory access Aggregate a byte - array into a UINT */ -#define BYTE_ARRAY_TO_UINT8(b) *((uint8_t *)(b)) -#define BYTE_ARRAY_TO_UINT16(b) *((uint16_t *)(b)) -#define BYTE_ARRAY_TO_UINT32(b) *((uint32_t *)(b)) -#define BYTE_ARRAY_TO_UINT64(b) *((uint64_t *)(b)) -/* Disaggregate a UINT into a byte array */ -#define UINT8_TO_BYTE_ARRAY(i, b) {*((uint8_t *)(b)) = (i);} -#define UINT16_TO_BYTE_ARRAY(i, b) {*((uint16_t *)(b)) = (i);} -#define UINT32_TO_BYTE_ARRAY(i, b) {*((uint32_t *)(b)) = (i);} -#define UINT64_TO_BYTE_ARRAY(i, b) {*((uint64_t *)(b)) = (i);} -#else -/* the little endian macros for machines that allow unaligned memory access the big-endian macros - for machines that allow unaligned memory access Aggregate a byte array into a UINT */ -#define BYTE_ARRAY_TO_UINT8(b) *((uint8_t *)(b)) -#define BYTE_ARRAY_TO_UINT16(b) REVERSE_ENDIAN_16(*((uint16_t *)(b))) -#define BYTE_ARRAY_TO_UINT32(b) REVERSE_ENDIAN_32(*((uint32_t *)(b))) -#define BYTE_ARRAY_TO_UINT64(b) REVERSE_ENDIAN_64(*((uint64_t *)(b))) -/* Disaggregate a UINT into a byte array */ -#define UINT8_TO_BYTE_ARRAY(i, b) {*((uint8_t *)(b)) = (i);} -#define UINT16_TO_BYTE_ARRAY(i, b) {*((uint16_t *)(b)) = REVERSE_ENDIAN_16(i);} -#define UINT32_TO_BYTE_ARRAY(i, b) {*((uint32_t *)(b)) = REVERSE_ENDIAN_32(i);} -#define UINT64_TO_BYTE_ARRAY(i, b) {*((uint64_t *)(b)) = REVERSE_ENDIAN_64(i);} -#endif // BIG_ENDIAN_TPM + +#if AUTO_ALIGN == NO + +// The aggregation macros for machines that do not allow unaligned access or for +// little-endian machines. + +// Aggregate bytes into an UINT + +# define BYTE_ARRAY_TO_UINT8(b) (uint8_t)((b)[0]) +# define BYTE_ARRAY_TO_UINT16(b) ByteArrayToUint16((BYTE*)(b)) +# define BYTE_ARRAY_TO_UINT32(b) ByteArrayToUint32((BYTE*)(b)) +# define BYTE_ARRAY_TO_UINT64(b) ByteArrayToUint64((BYTE*)(b)) +# define UINT8_TO_BYTE_ARRAY(i, b) ((b)[0] = (uint8_t)(i)) +# define UINT16_TO_BYTE_ARRAY(i, b) Uint16ToByteArray((i), (BYTE*)(b)) +# define UINT32_TO_BYTE_ARRAY(i, b) Uint32ToByteArray((i), (BYTE*)(b)) +# define UINT64_TO_BYTE_ARRAY(i, b) Uint64ToByteArray((i), (BYTE*)(b)) + +#else // AUTO_ALIGN + +# if BIG_ENDIAN_TPM +// the big-endian macros for machines that allow unaligned memory access +// Aggregate a byte array into a UINT +# define BYTE_ARRAY_TO_UINT8(b) *((uint8_t*)(b)) +# define BYTE_ARRAY_TO_UINT16(b) *((uint16_t*)(b)) +# define BYTE_ARRAY_TO_UINT32(b) *((uint32_t*)(b)) +# define BYTE_ARRAY_TO_UINT64(b) *((uint64_t*)(b)) + +// Disaggregate a UINT into a byte array + +# define UINT8_TO_BYTE_ARRAY(i, b) \ + { \ + *((uint8_t*)(b)) = (i); \ + } +# define UINT16_TO_BYTE_ARRAY(i, b) \ + { \ + *((uint16_t*)(b)) = (i); \ + } +# define UINT32_TO_BYTE_ARRAY(i, b) \ + { \ + *((uint32_t*)(b)) = (i); \ + } +# define UINT64_TO_BYTE_ARRAY(i, b) \ + { \ + *((uint64_t*)(b)) = (i); \ + } +# else +// the little endian macros for machines that allow unaligned memory access +// the big-endian macros for machines that allow unaligned memory access +// Aggregate a byte array into a UINT +# define BYTE_ARRAY_TO_UINT8(b) *((uint8_t*)(b)) +# define BYTE_ARRAY_TO_UINT16(b) REVERSE_ENDIAN_16(*((uint16_t*)(b))) +# define BYTE_ARRAY_TO_UINT32(b) REVERSE_ENDIAN_32(*((uint32_t*)(b))) +# define BYTE_ARRAY_TO_UINT64(b) REVERSE_ENDIAN_64(*((uint64_t*)(b))) + +// Disaggregate a UINT into a byte array + +# define UINT8_TO_BYTE_ARRAY(i, b) \ + { \ + *((uint8_t*)(b)) = (i); \ + } +# define UINT16_TO_BYTE_ARRAY(i, b) \ + { \ + *((uint16_t*)(b)) = REVERSE_ENDIAN_16(i); \ + } +# define UINT32_TO_BYTE_ARRAY(i, b) \ + { \ + *((uint32_t*)(b)) = REVERSE_ENDIAN_32(i); \ + } +# define UINT64_TO_BYTE_ARRAY(i, b) \ + { \ + *((uint64_t*)(b)) = REVERSE_ENDIAN_64(i); \ + } +# endif // BIG_ENDIAN_TPM + #endif // AUTO_ALIGN == NO - -#endif +#endif // _SWAP_H diff --git a/src/tpm2/pcrstruct.h b/src/tpm2/pcrstruct.h index 9e689a84..8025888d 100644 --- a/src/tpm2/pcrstruct.h +++ b/src/tpm2/pcrstruct.h @@ -144,14 +144,14 @@ typedef struct // Get pointer to particular PCR from array if that PCR is allocated. // otherwise returns NULL BYTE* GetPcrPointerIfAllocated(PCR* pPcrArray, - TPM_ALG_ID alg, // IN: algorithm for bank - UINT32 pcrNumber // IN: PCR number - ); + TPM_ALG_ID alg, // IN: algorithm for bank + UINT32 pcrNumber // IN: PCR number +); // get a PCR pointer from the TPM's internal list, if it's allocated // otherwise NULL BYTE* GetPcrPointer(TPM_ALG_ID alg, // IN: algorithm for bank - UINT32 pcrNumber // IN: PCR number - ); + UINT32 pcrNumber // IN: PCR number +); #endif diff --git a/src/tpm2/platform_pcr_fp.h b/src/tpm2/platform_pcr_fp.h index ffa92398..5d9f3924 100644 --- a/src/tpm2/platform_pcr_fp.h +++ b/src/tpm2/platform_pcr_fp.h @@ -58,6 +58,9 @@ /* */ /********************************************************************************/ + +// platform PCR functions called by the TPM library + #ifndef _PLATFORM_PCR_FP_H_ #define _PLATFORM_PCR_FP_H_ @@ -86,12 +89,12 @@ PCR_Attributes _platPcr__GetPcrInitializationAttributes(UINT32 pcrNumber); // If the buffer is not large enough for a pcr consistent with pcrAlg, then the // platform will return TPM_RC_FAILURE. TPM_RC _platPcr__GetInitialValueForPcr( - UINT32 pcrNumber, // IN: PCR to be initialized - TPM_ALG_ID pcrAlg, // IN: Algorithm of the PCR Bank being initialized - BYTE startupLocality, // IN: locality where startup is being called from - BYTE* pcrBuffer, // OUT: buffer to put PCR initialization value into - uint16_t bufferSize, // IN: maximum size of value buffer can hold - uint16_t* pcrLength); // OUT: size of initialization value returned in pcrBuffer + UINT32 pcrNumber, // IN: PCR to be initialized + TPM_ALG_ID pcrAlg, // IN: Algorithm of the PCR Bank being initialized + BYTE startupLocality, // IN: locality where startup is being called from + BYTE* pcrBuffer, // OUT: buffer to put PCR initialization value into + uint16_t bufferSize, // IN: maximum size of value buffer can hold + uint16_t* pcrLength); // OUT: size of initialization value returned in pcrBuffer // should the given PCR algorithm default to active in a new TPM? BOOL _platPcr_IsPcrBankDefaultActive(TPM_ALG_ID pcrAlg); diff --git a/src/tpm2/platform_public_interface.h b/src/tpm2/platform_public_interface.h index d0f12584..94fc5d44 100644 --- a/src/tpm2/platform_public_interface.h +++ b/src/tpm2/platform_public_interface.h @@ -58,6 +58,7 @@ /* */ /********************************************************************************/ + // This file contains the interface into the platform layer from external callers. // External callers are expected to be implementation specific, and may be a simulator // or some other implementation @@ -112,11 +113,11 @@ LIB_EXPORT void _plat__NvErrors(int recoverable, int unrecoverable); //***_plat__NVDisable() // Disable NV memory LIB_EXPORT void _plat__NVDisable( - void* platParameter, // platform specific parameter - size_t paramSize // size of parameter. If size == 0, then - // parameter is a sizeof(void*) scalar and should - // be cast to an integer (intptr_t), not dereferenced. - ); + void* platParameter, // platform specific parameter + size_t paramSize // size of parameter. If size == 0, then + // parameter is a sizeof(void*) scalar and should + // be cast to an integer (intptr_t), not dereferenced. +); //***_plat__SetNvAvail() // Set the current NV state to available. This function is for testing purpose @@ -137,7 +138,7 @@ LIB_EXPORT int _plat__NVNeedsManufacture(void); //*** _plat__ACT_GetPending() LIB_EXPORT int _plat__ACT_GetPending(uint32_t act //IN: number of ACT to check - ); +); //*** _plat__ACT_Tick() // This processes the once-per-second clock tick from the hardware. This is set up @@ -196,10 +197,10 @@ LIB_EXPORT void _plat__SetTpmFirmwareSvn(uint16_t svn); // time, the TPM will be in failure mode so ExecuteCommand will simply build // a failure response and return. LIB_EXPORT void _plat__RunCommand( - uint32_t requestSize, // IN: command buffer size - unsigned char* request, // IN: command buffer - uint32_t* responseSize, // IN/OUT: response buffer size - unsigned char** response // IN/OUT: response buffer - ); + uint32_t requestSize, // IN: command buffer size + unsigned char* request, // IN: command buffer + uint32_t* responseSize, // IN/OUT: response buffer size + unsigned char** response // IN/OUT: response buffer +); #endif // _PLATFORM_PUBLIC_INTERFACE_H_ diff --git a/src/tpm2/simulator_sysheaders.h b/src/tpm2/simulator_sysheaders.h index 1b2064cf..1dbbbc5d 100644 --- a/src/tpm2/simulator_sysheaders.h +++ b/src/tpm2/simulator_sysheaders.h @@ -70,7 +70,6 @@ #include #include -#ifdef TPM_WINDOWS #ifdef _MSC_VER # pragma warning(push, 3) // C4668 is supposed to be level 4, but this is still necessary to suppress the @@ -80,12 +79,9 @@ // // X is not defined as a preprocessor macro, assuming 0 for #if # pragma warning(disable : 4668) -#endif # include # include -#ifdef _MSC_VER # pragma warning(pop) -#endif typedef int socklen_t; #elif defined(__unix__) || defined(__APPLE__) # include diff --git a/src/tpm2/tpm_to_platform_interface.h b/src/tpm2/tpm_to_platform_interface.h index 481bb917..d6af5ade 100644 --- a/src/tpm2/tpm_to_platform_interface.h +++ b/src/tpm2/tpm_to_platform_interface.h @@ -126,14 +126,14 @@ LIB_EXPORT int _plat__TimerWasStopped(void); // values are defined here to insulate them from spec changes and to avoid // needing visibility to the doc-generated structure headers. typedef enum _plat__ClockAdjustStep - { - PLAT_TPM_CLOCK_ADJUST_COARSE_SLOWER = -3, - PLAT_TPM_CLOCK_ADJUST_MEDIUM_SLOWER = -2, - PLAT_TPM_CLOCK_ADJUST_FINE_SLOWER = -1, - PLAT_TPM_CLOCK_ADJUST_FINE_FASTER = 1, - PLAT_TPM_CLOCK_ADJUST_MEDIUM_FASTER = 2, - PLAT_TPM_CLOCK_ADJUST_COARSE_FASTER = 3 - } _plat__ClockAdjustStep; +{ + PLAT_TPM_CLOCK_ADJUST_COARSE_SLOWER = -3, + PLAT_TPM_CLOCK_ADJUST_MEDIUM_SLOWER = -2, + PLAT_TPM_CLOCK_ADJUST_FINE_SLOWER = -1, + PLAT_TPM_CLOCK_ADJUST_FINE_FASTER = 1, + PLAT_TPM_CLOCK_ADJUST_MEDIUM_FASTER = 2, + PLAT_TPM_CLOCK_ADJUST_COARSE_FASTER = 3 +} _plat__ClockAdjustStep; LIB_EXPORT void _plat__ClockRateAdjust(_plat__ClockAdjustStep adjustment); // libtpms: added begin @@ -159,19 +159,19 @@ void DebugDumpBuffer(int size, unsigned char* buf, const char* identifier); #endif // libtpms: added #endif // CERTIFYX509_DEBUG - //** From Entropy.c +//** From Entropy.c - //*** _plat__GetEntropy() - // This function is used to get available hardware entropy. In a hardware - // implementation of this function, there would be no call to the system - // to get entropy. - // Return Type: int32_t - // < 0 hardware failure of the entropy generator, this is sticky - // >= 0 the returned amount of entropy (bytes) - // +//*** _plat__GetEntropy() +// This function is used to get available hardware entropy. In a hardware +// implementation of this function, there would be no call to the system +// to get entropy. +// Return Type: int32_t +// < 0 hardware failure of the entropy generator, this is sticky +// >= 0 the returned amount of entropy (bytes) +// LIB_EXPORT int32_t _plat__GetEntropy(unsigned char* entropy, // output buffer - uint32_t amount // amount requested - ); + uint32_t amount // amount requested +); //** From LocalityPlat.c @@ -198,17 +198,17 @@ LIB_EXPORT unsigned char _plat__LocalityGet(void); // >0 if recoverable error // <0 if unrecoverable error LIB_EXPORT int _plat__NVEnable( - void* platParameter, // platform specific parameter - size_t paramSize // size of parameter. If size == 0, then - // parameter is a sizeof(void*) scalar and should - // be cast to an integer (intptr_t), not dereferenced. - ); + void* platParameter, // platform specific parameter + size_t paramSize // size of parameter. If size == 0, then + // parameter is a sizeof(void*) scalar and should + // be cast to an integer (intptr_t), not dereferenced. +); // libtpms: added begin LIB_EXPORT int _plat__NVEnable_NVChipFile( - void *platParameter // IN: platform specific parameters - ); + void *platParameter // IN: platform specific parameters +); // libtpms: added end //***_plat__GetNvReadyState() @@ -228,9 +228,9 @@ LIB_EXPORT int _plat__GetNvReadyState(void); // TRUE(1) offset and size is within available NV size // FALSE(0) otherwise; also trigger failure mode LIB_EXPORT int _plat__NvMemoryRead(unsigned int startOffset, // IN: read start - unsigned int size, // IN: size of bytes to read - void* data // OUT: data buffer - ); + unsigned int size, // IN: size of bytes to read + void* data // OUT: data buffer +); //*** _plat__NvGetChangedStatus() // This function checks to see if the NV is different from the test value. This is @@ -243,10 +243,10 @@ LIB_EXPORT int _plat__NvMemoryRead(unsigned int startOffset, // IN: read start #define NV_IS_SAME (0) #define NV_INVALID_LOCATION (-1) LIB_EXPORT int _plat__NvGetChangedStatus( - unsigned int startOffset, // IN: read start - unsigned int size, // IN: size of bytes to read - void* data // IN: data buffer - ); + unsigned int startOffset, // IN: read start + unsigned int size, // IN: size of bytes to read + void* data // IN: data buffer +); //***_plat__NvMemoryWrite() // This function is used to update NV memory. The "write" is to a memory copy of @@ -259,25 +259,25 @@ LIB_EXPORT int _plat__NvGetChangedStatus( // TRUE(1) offset and size is within available NV size // FALSE(0) otherwise; also trigger failure mode LIB_EXPORT int _plat__NvMemoryWrite(unsigned int startOffset, // IN: write start - unsigned int size, // IN: size of bytes to write - void* data // OUT: data buffer - ); + unsigned int size, // IN: size of bytes to write + void* data // OUT: data buffer +); //***_plat__NvMemoryClear() // Function is used to set a range of NV memory bytes to an implementation-dependent // value. The value represents the erase state of the memory. LIB_EXPORT int _plat__NvMemoryClear(unsigned int startOffset, // IN: clear start - unsigned int size // IN: number of bytes to clear - ); + unsigned int size // IN: number of bytes to clear +); //***_plat__NvMemoryMove() // Function: Move a chunk of NV memory from source to destination // This function should ensure that if there overlap, the original data is // copied before it is written LIB_EXPORT int _plat__NvMemoryMove(unsigned int sourceOffset, // IN: source offset - unsigned int destOffset, // IN: destination offset - unsigned int size // IN: size of data being moved - ); + unsigned int destOffset, // IN: destination offset + unsigned int size // IN: size of data being moved +); //***_plat__NvCommit() // This function writes the local copy of NV to NV for permanent store. It will write @@ -310,7 +310,7 @@ LIB_EXPORT int _plat__ACT_GetImplemented(uint32_t act); // timers keep running, the returned value can get stale immediately. The actual count // value will be no greater than the returned value. LIB_EXPORT uint32_t _plat__ACT_GetRemaining(uint32_t act //IN: the ACT selector - ); +); //*** _plat__ACT_GetSignaled() LIB_EXPORT int _plat__ACT_GetSignaled(uint32_t act //IN: number of ACT to check @@ -325,8 +325,8 @@ LIB_EXPORT void _plat__ACT_SetSignaled(uint32_t act, int on); // is TRUE, then the ACT signaled state is SET and if 'newValue' is 0, nothing // is posted. LIB_EXPORT int _plat__ACT_UpdateCounter(uint32_t act, // IN: ACT to update - uint32_t newValue // IN: the value to post - ); + uint32_t newValue // IN: the value to post +); //***_plat__ACT_EnableTicks() // This enables and disables the processing of the once-per-second ticks. This should @@ -340,20 +340,20 @@ LIB_EXPORT int _plat__ACT_Initialize(void); #endif // ACT_SUPPORT - //** From PowerPlat.c +//** From PowerPlat.c - //*** _plat__WasPowerLost() - // Test whether power was lost before a _TPM_Init. - // - // This function will clear the "hardware" indication of power loss before return. - // This means that there can only be one spot in the TPM code where this value - // gets read. This method is used here as it is the most difficult to manage in the - // TPM code and, if the hardware actually works this way, it is hard to make it - // look like anything else. So, the burden is placed on the TPM code rather than the - // platform code - // Return Type: int - // TRUE(1) power was lost - // FALSE(0) power was not lost +//*** _plat__WasPowerLost() +// Test whether power was lost before a _TPM_Init. +// +// This function will clear the "hardware" indication of power loss before return. +// This means that there can only be one spot in the TPM code where this value +// gets read. This method is used here as it is the most difficult to manage in the +// TPM code and, if the hardware actually works this way, it is hard to make it +// look like anything else. So, the burden is placed on the TPM code rather than the +// platform code +// Return Type: int +// TRUE(1) power was lost +// FALSE(0) power was not lost LIB_EXPORT int _plat__WasPowerLost(void); //** From PPPlat.c @@ -383,9 +383,9 @@ LIB_EXPORT NORETURN void _plat__Fail(void); // 0 = RESERVED, do not use // 1 = the VENDOR_PERMANENT_AUTH_HANDLE authorization value for this device LIB_EXPORT uint32_t _plat__GetUnique(uint32_t which, - uint32_t bSize, // size of the buffer - unsigned char* b // output buffer - ); + uint32_t bSize, // size of the buffer + unsigned char* b // output buffer +); #endif //** _plat__GetPlatformManufactureData @@ -397,11 +397,11 @@ LIB_EXPORT uint32_t _plat__GetUnique(uint32_t which, // manufacture and CLEAR. The buffer will contain the last value provided // to the Core library. LIB_EXPORT void _plat__GetPlatformManufactureData(uint8_t* pPlatformPersistentData, - uint32_t bufferSize); + uint32_t bufferSize); // return the 4 character Manufacturer Capability code. This // should come from the platform library since that is provided by the manufacturer -LIB_EXPORT uint32_t _plat__GetManufacturerCapabilityCode(void); +LIB_EXPORT uint32_t _plat__GetManufacturerCapabilityCode(void); // libtpms changed // return the 4 character VendorStrings for Capabilities. // Index is ONE-BASED, and may be in the range [1,4] inclusive. @@ -411,11 +411,11 @@ LIB_EXPORT uint32_t _plat__GetVendorCapabilityCode(int index); // return the most-significant 32-bits of the TPM Firmware Version reported by // getCapability. -LIB_EXPORT uint32_t _plat__GetTpmFirmwareVersionHigh(void); +LIB_EXPORT uint32_t _plat__GetTpmFirmwareVersionHigh(void); // libtpms changed // return the least-significant 32-bits of the TPM Firmware Version reported by // getCapability. -LIB_EXPORT uint32_t _plat__GetTpmFirmwareVersionLow(void); +LIB_EXPORT uint32_t _plat__GetTpmFirmwareVersionLow(void); // libtpms changed // return the TPM Firmware's current SVN. LIB_EXPORT uint16_t _plat__GetTpmFirmwareSvn(void); @@ -432,11 +432,11 @@ LIB_EXPORT uint16_t _plat__GetTpmFirmwareMaxSvn(void); // 0 success // != 0 error LIB_EXPORT int _plat__GetTpmFirmwareSvnSecret( - uint16_t svn, // IN: specified SVN - uint16_t secret_buf_size, // IN: size of secret buffer - uint8_t* secret_buf, // OUT: secret buffer - uint16_t* secret_size // OUT: secret buffer - ); + uint16_t svn, // IN: specified SVN + uint16_t secret_buf_size, // IN: size of secret buffer + uint8_t* secret_buf, // OUT: secret buffer + uint16_t* secret_size // OUT: secret buffer +); #endif // SVN_LIMITED_SUPPORT #if FW_LIMITED_SUPPORT @@ -446,14 +446,14 @@ LIB_EXPORT int _plat__GetTpmFirmwareSvnSecret( // 0 success // != 0 error LIB_EXPORT int _plat__GetTpmFirmwareSecret( - uint16_t secret_buf_size, // IN: size of secret buffer - uint8_t* secret_buf, // OUT: secret buffer - uint16_t* secret_size // OUT: secret buffer - ); + uint16_t secret_buf_size, // IN: size of secret buffer + uint8_t* secret_buf, // OUT: secret buffer + uint16_t* secret_size // OUT: secret buffer +); #endif // FW_LIMITED_SUPPORT - // return the TPM Type returned by TPM_PT_VENDOR_TPM_TYPE -LIB_EXPORT uint32_t _plat__GetTpmType(void); +// return the TPM Type returned by TPM_PT_VENDOR_TPM_TYPE +LIB_EXPORT uint32_t _plat__GetTpmType(void); // libtpms changed // platform PCR initialization functions #include "platform_pcr_fp.h"