Proxmox-Port/libtpms
1
0
Fork 0
mirror of https://github.com/stefanberger/libtpms synced 2026-01-08 12:24:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tpm2: Allow to runtime-disable TDES symmetric encryption algorithm

Browse Source 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This commit is contained in:
Stefan Berger 2023-06-26 08:06:11 -04:00 committed by Stefan Berger
parent ad7c4a9b8f
commit 5a02cd2ea3
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/tpm2/RuntimeAlgorithm.c
View File

@ -118,7 +118,7 @@ static const struct {
{ .name = ENABLED ? NAME : NULL, .canBeDisabled = CANDISABLE, .stateFormatLevel = SFL }
[TPM_ALG_RSA] = ASYMMETRIC(ALG_RSA, "rsa", s_KeySizesRSA, false, 1),
[TPM_ALG_TDES] = SYMMETRIC(ALG_TDES, "tdes", s_KeySizesTDES, false, 1),
[TPM_ALG_TDES] = SYMMETRIC(ALG_TDES, "tdes", s_KeySizesTDES, true, 1),
[TPM_ALG_SHA1] = HASH(ALG_SHA1, "sha1", false, 1),
[TPM_ALG_HMAC] = SIGNING(ALG_HMAC, "hmac", false, 1),
[TPM_ALG_AES] = SYMMETRIC(ALG_AES, "aes", s_KeySizesAES, false, 1), // never disable: context encryption

11
src/tpm2/Unmarshal.c
View File

@ -2757,12 +2757,21 @@ TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *si
switch (*target) {
case 128:
case 192:
if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,// libtpms added begin
TPM_ALG_TDES,
*target,
TPM_ECC_NONE,
g_RuntimeProfile.stateFormatLevel)) {
rc = TPM_RC_VALUE;
} // libtpms added end
break;
default:
rc = TPM_RC_VALUE;
*target = orig_target; // libtpms added
}
}
if (rc != TPM_RC_SUCCESS) { // libtpms added begin
*target = orig_target;
} // libtpms added end
return rc;
}
#endif // libtpms added end