Proxmox-Port/libtpms
1
0
Fork 0
mirror of https://github.com/stefanberger/libtpms synced 2025-12-26 14:24:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add TPM 2 code

Browse Source 
Add TPM 2 code.

This is rev. 142 code.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This commit is contained in:
Stefan Berger 2016-12-21 16:26:18 -05:00
parent 707a9046cd
commit ccce8b5f49
316 changed files with 77500 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
configure.ac
View File

@ -162,8 +162,9 @@ if $LD --help 2>&1 | $GREP '\-z now ' > /dev/null; then
fi
AC_SUBST([HARDENING_CFLAGS])
dnl FIXME: removed -Werror
if test "$test_CFLAGS" != set; then
CFLAGS="$CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare"
CFLAGS="$CFLAGS -Wall -Wreturn-type -Wsign-compare"
fi
AC_CONFIG_FILES(Makefile \

358
src/Makefile.am
View File

@ -6,6 +6,10 @@
lib_LTLIBRARIES=libtpms.la
common_CFLAGS = -include tpm_library_conf.h \
-I$(top_srcdir)/include/libtpms \
$(HARDENING_CFLAGS)
#
# TPM1.2
#
@ -16,9 +20,7 @@ libtpms_la_LIBADD = libtpms_tpm12.la
libtpms_tpm12_la_LIBADD =
libtpms_tpm12_la_CFLAGS = -include tpm_library_conf.h \
-I$(top_srcdir)/include/libtpms \
$(HARDENING_CFLAGS)
libtpms_tpm12_la_CFLAGS = $(common_CFLAGS)
#Build 1.2 TPM
libtpms_tpm12_la_CFLAGS += -DTPM_V12
@ -154,6 +156,353 @@ endif # LIBTPMS_USE_OPENSSL
endif # LIBTPMS_USE_FREEBL
# TPM2
#
noinst_LTLIBRARIES += libtpms_tpm2.la
libtpms_la_LIBADD += libtpms_tpm2.la
libtpms_tpm2_la_LIBADD =
libtpms_tpm2_la_LDFLAGS = -Wl,--version-script=./libtpms.syms \
-version-info $(LIBTPMS_VERSION_INFO) \
-no-undefined
libtpms_tpm2_la_CFLAGS = $(common_CFLAGS) \
-Wstrict-aliasing=3
libtpms_tpm2_la_CFLAGS += -D_POSIX_
libtpms_tpm2_la_CFLAGS += -DTPM_POSIX
libtpms_tpm2_la_SOURCES = \
tpm2/AlgorithmCap.c \
tpm2/AlgorithmTests.c \
tpm2/AsymmetricCommands.c \
tpm2/AttestationCommands.c \
tpm2/Attest_spt.c \
tpm2/AuditCommands.c \
tpm2/Bits.c \
tpm2/BnConvert.c \
tpm2/BnEccData.c \
tpm2/BnMath.c \
tpm2/BnMemory.c \
tpm2/Cancel.c \
tpm2/CapabilityCommands.c \
tpm2/Clock.c \
tpm2/ClockCommands.c \
tpm2/CommandAudit.c \
tpm2/CommandCodeAttributes.c \
tpm2/CommandDispatcher.c \
tpm2/ContextCommands.c \
tpm2/Context_spt.c \
tpm2/CryptSelfTest.c \
tpm2/CryptUtil.c \
tpm2/DA.c \
tpm2/DictionaryCommands.c \
tpm2/DuplicationCommands.c \
tpm2/EACommands.c \
tpm2/EncryptDecrypt_spt.c \
tpm2/Entity.c \
tpm2/Entropy.c \
tpm2/EphemeralCommands.c \
tpm2/ExecCommand.c \
tpm2/Global.c \
tpm2/Handle.c \
tpm2/HashCommands.c \
tpm2/Hierarchy.c \
tpm2/HierarchyCommands.c \
tpm2/IntegrityCommands.c \
tpm2/IoBuffers.c \
tpm2/Locality.c \
tpm2/LocalityPlat.c \
tpm2/ManagementCommands.c \
tpm2/Manufacture.c \
tpm2/Marshal.c \
tpm2/MathOnByteBuffers.c \
tpm2/Memory.c \
tpm2/NVCommands.c \
tpm2/NVDynamic.c \
tpm2/NVMem.c \
tpm2/NVReserved.c \
tpm2/NV_spt.c \
tpm2/Object.c \
tpm2/ObjectCommands.c \
tpm2/Object_spt.c \
tpm2/PCR.c \
tpm2/PlatformData.c \
tpm2/Policy_spt.c \
tpm2/Power.c \
tpm2/PowerPlat.c \
tpm2/PP.c \
tpm2/PPPlat.c \
tpm2/PrimeData.c \
tpm2/PropertyCap.c \
tpm2/RandomCommands.c \
tpm2/Response.c \
tpm2/ResponseCodeProcessing.c \
tpm2/RunCommand.c \
tpm2/Session.c \
tpm2/SessionCommands.c \
tpm2/SessionProcess.c \
tpm2/SigningCommands.c \
tpm2/StartupCommands.c \
tpm2/SymmetricCommands.c \
tpm2/TestingCommands.c \
tpm2/Ticket.c \
tpm2/Time.c \
tpm2/TpmSizeChecks.c \
tpm2/TPMCmdp.c \
tpm2/TpmFail.c \
tpm2/Unique.c \
tpm2/Unmarshal.c \
tpm2/Vendor_TCG_Test.c
noinst_HEADERS += \
tpm2/crypto/CryptDes_fp.h \
tpm2/crypto/CryptEcc.h \
tpm2/crypto/CryptEccKeyExchange_fp.h \
tpm2/crypto/CryptEccMain_fp.h \
tpm2/crypto/CryptEccSignature_fp.h \
tpm2/crypto/CryptHashData.h \
tpm2/crypto/CryptHash_fp.h \
tpm2/crypto/CryptHash.h \
tpm2/crypto/CryptPrime_fp.h \
tpm2/crypto/CryptPrimeSieve_fp.h \
tpm2/crypto/CryptRand_fp.h \
tpm2/crypto/CryptRand.h \
tpm2/crypto/CryptRsa_fp.h \
tpm2/crypto/CryptRsa.h \
tpm2/crypto/CryptSelfTest_fp.h \
tpm2/crypto/CryptSym_fp.h \
tpm2/crypto/CryptTest.h \
tpm2/crypto/CryptUtil_fp.h \
tpm2/ActivateCredential_fp.h \
tpm2/AlgorithmCap_fp.h \
tpm2/AlgorithmTests_fp.h \
tpm2/Attest_spt_fp.h \
tpm2/BaseTypes.h \
tpm2/Bits_fp.h \
tpm2/Capabilities.h \
tpm2/CertifyCreation_fp.h \
tpm2/Certify_fp.h \
tpm2/ChangeEPS_fp.h \
tpm2/ChangePPS_fp.h \
tpm2/ClearControl_fp.h \
tpm2/Clear_fp.h \
tpm2/ClockRateAdjust_fp.h \
tpm2/ClockSet_fp.h \
tpm2/CommandAttributeData.h \
tpm2/CommandAttributes.h \
tpm2/CommandAudit_fp.h \
tpm2/CommandCodeAttributes_fp.h \
tpm2/CommandDispatchData.h \
tpm2/CommandDispatcher_fp.h \
tpm2/Commit_fp.h \
tpm2/CompilerDependencies.h \
tpm2/ContextLoad_fp.h \
tpm2/ContextSave_fp.h \
tpm2/Context_spt_fp.h \
tpm2/Create_fp.h \
tpm2/CreateLoaded_fp.h \
tpm2/CreatePrimary_fp.h \
tpm2/CryptSelfTest_fp.h \
tpm2/CryptUtil_fp.h \
tpm2/DA_fp.h \
tpm2/DictionaryAttackLockReset_fp.h \
tpm2/DictionaryAttackParameters_fp.h \
tpm2/Duplicate_fp.h \
tpm2/EccTestData.h \
tpm2/ECC_Parameters_fp.h \
tpm2/ECDH_KeyGen_fp.h \
tpm2/ECDH_ZGen_fp.h \
tpm2/EC_Ephemeral_fp.h \
tpm2/EncryptDecrypt2_fp.h \
tpm2/EncryptDecrypt_fp.h \
tpm2/EncryptDecrypt_spt.h \
tpm2/EncryptDecrypt_spt_fp.h \
tpm2/Entity_fp.h \
tpm2/EventSequenceComplete_fp.h \
tpm2/EvictControl_fp.h \
tpm2/ExecCommand_fp.h \
tpm2/FlushContext_fp.h \
tpm2/GetCapability_fp.h \
tpm2/GetCommandAuditDigest_fp.h \
tpm2/GetRandom_fp.h \
tpm2/GetSessionAuditDigest_fp.h \
tpm2/GetTestResult_fp.h \
tpm2/GetTime_fp.h \
tpm2/Global.h \
tpm2/GpMacros.h \
tpm2/Handle_fp.h \
tpm2/Hash_fp.h \
tpm2/HashSequenceStart_fp.h \
tpm2/HashTestData.h \
tpm2/HierarchyChangeAuth_fp.h \
tpm2/HierarchyControl_fp.h \
tpm2/Hierarchy_fp.h \
tpm2/HMAC_fp.h \
tpm2/HMAC_Start_fp.h \
tpm2/Implementation.h \
tpm2/Import_fp.h \
tpm2/IncrementalSelfTest_fp.h \
tpm2/InternalRoutines.h \
tpm2/IoBuffers_fp.h \
tpm2/LoadExternal_fp.h \
tpm2/Load_fp.h \
tpm2/Locality_fp.h \
tpm2/MakeCredential_fp.h \
tpm2/Manufacture_fp.h \
tpm2/Marshal_fp.h \
tpm2/MathOnByteBuffers_fp.h \
tpm2/Memory_fp.h \
tpm2/NV_Certify_fp.h \
tpm2/NV_ChangeAuth_fp.h \
tpm2/NV_DefineSpace_fp.h \
tpm2/NVDynamic_fp.h \
tpm2/NV_Extend_fp.h \
tpm2/NV_GlobalWriteLock_fp.h \
tpm2/NV.h \
tpm2/NV_Increment_fp.h \
tpm2/NV_Read_fp.h \
tpm2/NV_ReadLock_fp.h \
tpm2/NV_ReadPublic_fp.h \
tpm2/NVReserved_fp.h \
tpm2/NV_SetBits_fp.h \
tpm2/NV_spt_fp.h \
tpm2/NV_UndefineSpace_fp.h \
tpm2/NV_UndefineSpaceSpecial_fp.h \
tpm2/NV_Write_fp.h \
tpm2/NV_WriteLock_fp.h \
tpm2/ObjectChangeAuth_fp.h \
tpm2/Object_fp.h \
tpm2/Object_spt_fp.h \
tpm2/PCR_Allocate_fp.h \
tpm2/PCR_Event_fp.h \
tpm2/PCR_Extend_fp.h \
tpm2/PCR_fp.h \
tpm2/PCR_Read_fp.h \
tpm2/PCR_Reset_fp.h \
tpm2/PCR_SetAuthPolicy_fp.h \
tpm2/PCR_SetAuthValue_fp.h \
tpm2/PlatformData.h \
tpm2/Platform_fp.h \
tpm2/PolicyAuthorize_fp.h \
tpm2/PolicyAuthorizeNV_fp.h \
tpm2/PolicyAuthValue_fp.h \
tpm2/PolicyCommandCode_fp.h \
tpm2/PolicyCounterTimer_fp.h \
tpm2/PolicyCpHash_fp.h \
tpm2/PolicyDuplicationSelect_fp.h \
tpm2/PolicyGetDigest_fp.h \
tpm2/PolicyLocality_fp.h \
tpm2/PolicyNameHash_fp.h \
tpm2/PolicyNV_fp.h \
tpm2/PolicyNvWritten_fp.h \
tpm2/PolicyOR_fp.h \
tpm2/PolicyPassword_fp.h \
tpm2/PolicyPCR_fp.h \
tpm2/PolicyPhysicalPresence_fp.h \
tpm2/PolicyRestart_fp.h \
tpm2/PolicySecret_fp.h \
tpm2/PolicySigned_fp.h \
tpm2/Policy_spt_fp.h \
tpm2/PolicyTemplate_fp.h \
tpm2/PolicyTicket_fp.h \
tpm2/Power_fp.h \
tpm2/PP_Commands_fp.h \
tpm2/PP_fp.h \
tpm2/PRNG_TestVectors.h \
tpm2/PropertyCap_fp.h \
tpm2/Quote_fp.h \
tpm2/ReadClock_fp.h \
tpm2/ReadPublic_fp.h \
tpm2/ResponseCodeProcessing_fp.h \
tpm2/Response_fp.h \
tpm2/Rewrap_fp.h \
tpm2/RsaTestData.h \
tpm2/RSA_Decrypt_fp.h \
tpm2/RSA_Encrypt_fp.h \
tpm2/SelfTest.h \
tpm2/SelfTest_fp.h \
tpm2/SequenceComplete_fp.h \
tpm2/SequenceUpdate_fp.h \
tpm2/Session_fp.h \
tpm2/SessionProcess_fp.h \
tpm2/SetAlgorithmSet_fp.h \
tpm2/SetCommandCodeAuditStatus_fp.h \
tpm2/SetPrimaryPolicy_fp.h \
tpm2/Shutdown_fp.h \
tpm2/Sign_fp.h \
tpm2/Simulator_fp.h \
tpm2/StartAuthSession_fp.h \
tpm2/Startup_fp.h \
tpm2/StirRandom_fp.h \
tpm2/SupportLibraryFunctionPrototypes_fp.h \
tpm2/SymmetricTest.h \
tpm2/SymmetricTestData.h \
tpm2/swap.h \
tpm2/TcpServerPosix_fp.h \
tpm2/TestParms_fp.h \
tpm2/Ticket_fp.h \
tpm2/Time_fp.h \
tpm2/TPMB.h \
tpm2/TpmBuildSwitches.h \
tpm2/TpmError.h \
tpm2/TpmFail_fp.h \
tpm2/Tpm.h \
tpm2/_TPM_Hash_Data_fp.h \
tpm2/_TPM_Hash_End_fp.h \
tpm2/_TPM_Hash_Start_fp.h \
tpm2/_TPM_Init_fp.h \
tpm2/TpmSizeChecks_fp.h \
tpm2/TpmTcpProtocol.h \
tpm2/TpmTypes.h \
tpm2/Unmarshal_fp.h \
tpm2/Unseal_fp.h \
tpm2/VendorString.h \
tpm2/Vendor_TCG_Test_fp.h \
tpm2/VerifySignature_fp.h \
tpm2/ZGen_2Phase_fp.h
if LIBTPMS_USE_OPENSSL
libtpms_tpm2_la_SOURCES += \
tpm2/crypto/openssl/CryptDes.c \
tpm2/crypto/openssl/CryptEccKeyExchange.c \
tpm2/crypto/openssl/CryptEccMain.c \
tpm2/crypto/openssl/CryptEccSignature.c \
tpm2/crypto/openssl/CryptHash.c \
tpm2/crypto/openssl/CryptHashData.c \
tpm2/crypto/openssl/CryptPrime.c \
tpm2/crypto/openssl/CryptPrimeSieve.c \
tpm2/crypto/openssl/CryptRand.c \
tpm2/crypto/openssl/CryptRsa.c \
tpm2/crypto/openssl/CryptSym.c \
tpm2/crypto/openssl/TpmToOsslDesSupport.c \
tpm2/crypto/openssl/TpmToOsslMath.c \
tpm2/crypto/openssl/TpmToOsslSupport.c
noinst_HEADERS += \
tpm2/crypto/openssl/BnConvert_fp.h \
tpm2/crypto/openssl/BnMath_fp.h \
tpm2/crypto/openssl/BnMemory_fp.h \
tpm2/crypto/openssl/BnValues.h \
tpm2/crypto/openssl/LibSupport.h \
tpm2/crypto/openssl/TpmToOsslDesSupport_fp.h \
tpm2/crypto/openssl/TpmToOsslHash.h \
tpm2/crypto/openssl/TpmToOsslMath_fp.h \
tpm2/crypto/openssl/TpmToOsslMath.h \
tpm2/crypto/openssl/TpmToOsslSupport_fp.h \
tpm2/crypto/openssl/TpmToOsslSym.h
libtpms_tpm2_la_CFLAGS += \
-I tpm2 \
-I tpm2/crypto \
-I tpm2/crypto/openssl
endif # LIBTPMS_USE_OPENSSL
#
# Library API layer
#
@ -161,8 +510,7 @@ endif # LIBTPMS_USE_FREEBL
libtpms_la_SOURCES = \
tpm_library.c
libtpms_la_CFLAGS = \
$(libtpms_tpm12_la_CFLAGS)
libtpms_la_CFLAGS = $(common_CFLAGS)
libtpms_la_LDFLAGS = -Wl,--version-script=$(srcdir)/libtpms.syms \
-version-info $(LIBTPMS_VERSION_INFO) \

88
src/tpm2/ActivateCredential_fp.h Normal file
View File

@ -0,0 +1,88 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ActivateCredential_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef ACTIVATECREDENTIAL_FP_H
#define ACTIVATECREDENTIAL_FP_H
typedef struct {
TPMI_DH_OBJECT activateHandle;
TPMI_DH_OBJECT keyHandle;
TPM2B_ID_OBJECT credentialBlob;
TPM2B_ENCRYPTED_SECRET secret;
} ActivateCredential_In;
#define RC_ActivateCredential_activateHandle (TPM_RC_H + TPM_RC_1)
#define RC_ActivateCredential_keyHandle (TPM_RC_H + TPM_RC_2)
#define RC_ActivateCredential_credentialBlob (TPM_RC_P + TPM_RC_1)
#define RC_ActivateCredential_secret (TPM_RC_P + TPM_RC_2)
typedef struct {
TPM2B_DIGEST certInfo;
} ActivateCredential_Out;
TPM_RC
TPM2_ActivateCredential(
ActivateCredential_In *in, // IN: input parameter list
ActivateCredential_Out *out // OUT: output parameter list
);
#endif

236
src/tpm2/AlgorithmCap.c Normal file
View File

@ -0,0 +1,236 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: AlgorithmCap.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* 9.1 AlgorithmCap.c */
/* 9.1.1 Description */
/* This file contains the algorithm property definitions for the algorithms and the code for the
TPM2_GetCapability() to return the algorithm properties. */
/* 9.1.2 Includes and Defines */
#include "Tpm.h"
typedef struct
{
TPM_ALG_ID algID;
TPMA_ALGORITHM attributes;
} ALGORITHM;
static const ALGORITHM s_algorithms[] =
{
// The entries in this table need to be in ascending order but the table doesn't
// need to be full (gaps are allowed). One day, a tool might exist to fill in the
// table from the TPM_ALG description
#ifdef TPM_ALG_RSA
{TPM_ALG_RSA, {1, 0, 0, 1, 0, 0, 0, 0, 0}},
#endif
#ifdef TPM_ALG_TDES
{TPM_ALG_TDES, {0, 1, 0, 0, 0, 0, 0, 0, 0}},
#endif
#ifdef TPM_ALG_SHA1
{TPM_ALG_SHA1, {0, 0, 1, 0, 0, 0, 0, 0, 0}},
#endif
{TPM_ALG_HMAC, {0, 0, 1, 0, 0, 1, 0, 0, 0}},
#ifdef TPM_ALG_AES
{TPM_ALG_AES, {0, 1, 0, 0, 0, 0, 0, 0, 0}},
#endif
#ifdef TPM_ALG_MGF1
{TPM_ALG_MGF1, {0, 0, 1, 0, 0, 0, 0, 1, 0}},
#endif
{TPM_ALG_KEYEDHASH, {0, 0, 1, 1, 0, 1, 1, 0, 0}},
#ifdef TPM_ALG_XOR
{TPM_ALG_XOR, {0, 1, 1, 0, 0, 0, 0, 0, 0}},
#endif
#ifdef TPM_ALG_SHA256
{TPM_ALG_SHA256, {0, 0, 1, 0, 0, 0, 0, 0, 0}},
#endif
#ifdef TPM_ALG_SHA384
{TPM_ALG_SHA384, {0, 0, 1, 0, 0, 0, 0, 0, 0}},
#endif
#ifdef TPM_ALG_SHA512
{TPM_ALG_SHA512, {0, 0, 1, 0, 0, 0, 0, 0, 0}},
#endif
#ifdef TPM_ALG_SM3_256
{TPM_ALG_SM3_256, {0, 0, 1, 0, 0, 0, 0, 0, 0}},
#endif
#ifdef TPM_ALG_SM4
{TPM_ALG_SM4, {0, 1, 0, 0, 0, 0, 0, 0, 0}},
#endif
#ifdef TPM_ALG_RSASSA
{TPM_ALG_RSASSA, {1, 0, 0, 0, 0, 1, 0, 0, 0}},
#endif
#ifdef TPM_ALG_RSAES
{TPM_ALG_RSAES, {1, 0, 0, 0, 0, 0, 1, 0, 0}},
#endif
#ifdef TPM_ALG_RSAPSS
{TPM_ALG_RSAPSS, {1, 0, 0, 0, 0, 1, 0, 0, 0}},
#endif
#ifdef TPM_ALG_OAEP
{TPM_ALG_OAEP, {1, 0, 0, 0, 0, 0, 1, 0, 0}},
#endif
#ifdef TPM_ALG_ECDSA
{TPM_ALG_ECDSA, {1, 0, 0, 0, 0, 1, 0, 1, 0}},
#endif
#ifdef TPM_ALG_ECDH
{TPM_ALG_ECDH, {1, 0, 0, 0, 0, 0, 0, 1, 0}},
#endif
#ifdef TPM_ALG_ECDAA
{TPM_ALG_ECDAA, {1, 0, 0, 0, 0, 1, 0, 0, 0}},
#endif
#ifdef TPM_ALG_SM2
{TPM_ALG_SM2, {1, 0, 0, 0, 0, 1, 0, 1, 0}},
#endif
#ifdef TPM_ALG_ECSCHNORR
{TPM_ALG_ECSCHNORR, {1, 0, 0, 0, 0, 1, 0, 0, 0}},
#endif
#ifdef TPM_ALG_ECMQV
{TPM_ALG_ECMQV, {1, 0, 0, 0, 0, 0, 0, 1, 0}},
#endif
#ifdef TPM_ALG_KDF1_SP800_56A
{TPM_ALG_KDF1_SP800_56A,{0, 0, 1, 0, 0, 0, 0, 1, 0}},
#endif
#ifdef TPM_ALG_KDF2
{TPM_ALG_KDF2, {0, 0, 1, 0, 0, 0, 0, 1, 0}},
#endif
#ifdef TPM_ALG_KDF1_SP800_108
{TPM_ALG_KDF1_SP800_108,{0, 0, 1, 0, 0, 0, 0, 1, 0}},
#endif
#ifdef TPM_ALG_ECC
{TPM_ALG_ECC, {1, 0, 0, 1, 0, 0, 0, 0, 0}},
#endif
{TPM_ALG_SYMCIPHER, {0, 0, 0, 1, 0, 0, 0, 0, 0}},
#ifdef TPM_ALG_CAMELLIA
{TPM_ALG_CAMELLIA, {0, 1, 0, 0, 0, 0, 0, 0, 0}},
#endif
#ifdef TPM_ALG_CTR
{TPM_ALG_CTR, {0, 1, 0, 0, 0, 0, 1, 0, 0}},
#endif
#ifdef TPM_ALG_OFB
{TPM_ALG_OFB, {0, 1, 0, 0, 0, 0, 1, 0, 0}},
#endif
#ifdef TPM_ALG_CBC
{TPM_ALG_CBC, {0, 1, 0, 0, 0, 0, 1, 0, 0}},
#endif
#ifdef TPM_ALG_CFB
{TPM_ALG_CFB, {0, 1, 0, 0, 0, 0, 1, 0, 0}},
#endif
#ifdef TPM_ALG_ECB
{TPM_ALG_ECB, {0, 1, 0, 0, 0, 0, 1, 0, 0}},
#endif
};
/* 9.1.3 AlgorithmCapGetImplemented() */
/* This function is used by TPM2_GetCapability() to return a list of the implemented algorithms. */
/* Return Values Meaning */
/* YES more algorithms to report */
/* NO no more algorithms to report */
TPMI_YES_NO
AlgorithmCapGetImplemented(
TPM_ALG_ID algID, // IN: the starting algorithm ID
UINT32 count, // IN: count of returned algorithms
TPML_ALG_PROPERTY *algList // OUT: algorithm list
)
{
TPMI_YES_NO more = NO;
UINT32 i;
UINT32 algNum;
// initialize output algorithm list
algList->count = 0;
// The maximum count of algorithms we may return is MAX_CAP_ALGS.
if(count > MAX_CAP_ALGS)
count = MAX_CAP_ALGS;
// Compute how many algorithms are defined in s_algorithms array.
algNum = sizeof(s_algorithms) / sizeof(s_algorithms[0]);
// Scan the implemented algorithm list to see if there is a match to 'algID'.
for(i = 0; i < algNum; i++)
{
// If algID is less than the starting algorithm ID, skip it
if(s_algorithms[i].algID < algID)
continue;
if(algList->count < count)
{
// If we have not filled up the return list, add more algorithms
// to it
algList->algProperties[algList->count].alg = s_algorithms[i].algID;
algList->algProperties[algList->count].algProperties =
s_algorithms[i].attributes;
algList->count++;
}
else
{
// If the return list is full but we still have algorithms
// available, report this and stop scanning.
more = YES;
break;
}
}
return more;
}
LIB_EXPORT
void
AlgorithmGetImplementedVector(
ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET
)
{
int index;
// Nothing implemented until we say it is
MemorySet(implemented, 0, sizeof(ALGORITHM_VECTOR));
for(index = (sizeof(s_algorithms) / sizeof(s_algorithms[0])) - 1;
index >= 0;
index--)
SET_BIT(s_algorithms[index].algID, *implemented);
return;
}

78
src/tpm2/AlgorithmCap_fp.h Normal file
View File

@ -0,0 +1,78 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: AlgorithmCap_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef ALGORITHMCAP_FP_H
#define ALGORITHMCAP_FP_H
TPMI_YES_NO
AlgorithmCapGetImplemented(
TPM_ALG_ID algID, // IN: the starting algorithm ID
UINT32 count, // IN: count of returned algorithms
TPML_ALG_PROPERTY *algList // OUT: algorithm list
);
LIB_EXPORT
void
AlgorithmGetImplementedVector(
ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET
);
#endif

930
src/tpm2/AlgorithmTests.c Normal file
View File

@ -0,0 +1,930 @@
/********************************************************************************/
/* */
/* Code to perform the various self-test functions. */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: AlgorithmTests.c 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
/* 10.2.1 AlgorithmTests.c */
/* 10.2.1.1 Introduction */
/* This file contains the code to perform the various self-test functions. */
/* 10.2.1.2 Includes and Defines */
#include "Tpm.h"
#define SELF_TEST_DATA
#ifdef SELF_TEST
/* These includes pull in the data structures. They contain data definitions for the various
tests. */
#include "SelfTest.h"
#include "SymmetricTest.h"
#include "RsaTestData.h"
#include "EccTestData.h"
#include "HashTestData.h"
#define TEST_DEFAULT_TEST_HASH(vector) \
if(TEST_BIT(DEFAULT_TEST_HASH, g_toTest)) \
TestHash(DEFAULT_TEST_HASH, vector);
/* Make sure that the algorithm has been tested */
#define CLEAR_BOTH(alg) { CLEAR_BIT(alg, *toTest); \
if(toTest != &g_toTest) \
CLEAR_BIT(alg, g_toTest); }
#define SET_BOTH(alg) { SET_BIT(alg, *toTest); \
if(toTest != &g_toTest) \
SET_BIT(alg, g_toTest); }
#define TEST_BOTH(alg) ((toTest != &g_toTest) \
? TEST_BIT(alg, *toTest) || TEST_BIT(alg, g_toTest) \
: TEST_BIT(alg, *toTest))
/* Can only cancel if doing a list. */
#define CHECK_CANCELED \
if(_plat__IsCanceled() && toTest != &g_toTest) \
return TPM_RC_CANCELED;
/* 10.2.1.3 Hash Tests */
/* 10.2.1.3.1 Description */
/* The hash test does a known-value HMAC using the specified hash algorithm. */
/* 10.2.1.3.2 TestHash() */
/* The hash test function. */
static TPM_RC
TestHash(
TPM_ALG_ID hashAlg,
ALGORITHM_VECTOR *toTest
)
{
TPM2B_DIGEST computed; // value computed
UINT16 digestSize;
const TPM2B *testDigest = NULL;
HMAC_STATE state;
// TPM2B_TYPE(HMAC_BLOCK, DEFAULT_TEST_HASH_BLOCK_SIZE);
pAssert(hashAlg != TPM_ALG_NULL);
switch(hashAlg)
{
#if ALG_SHA1
case ALG_SHA1_VALUE:
testDigest = &c_SHA1_digest.b;
break;
#endif
#if ALG_SHA256
case ALG_SHA256_VALUE:
testDigest = &c_SHA256_digest.b;
break;
#endif
#if ALG_SHA384
case ALG_SHA384_VALUE:
testDigest = &c_SHA384_digest.b;
break;
#endif
#if ALG_SHA512
case ALG_SHA512_VALUE:
testDigest = &c_SHA512_digest.b;
break;
#endif
#if ALG_SM3_256
case ALG_SM3_256_VALUE:
testDigest = &c_SM3_256_digest.b;
break;
#endif
default:
FAIL(FATAL_ERROR_INTERNAL);
}
// Clear the to-test bits
CLEAR_BOTH(hashAlg);
// Set the HMAC key to twice the digest size
digestSize = CryptHashGetDigestSize(hashAlg);
CryptHmacStart(&state, hashAlg, digestSize * 2,
(BYTE *)c_hashTestKey.t.buffer);
CryptDigestUpdate(&state.hashState, 2 * CryptHashGetBlockSize(hashAlg),
(BYTE *)c_hashTestData.t.buffer);
computed.t.size = digestSize;
CryptHmacEnd(&state, digestSize, computed.t.buffer);
if((testDigest->size != computed.t.size)
|| (memcmp(testDigest->buffer, computed.t.buffer, computed.b.size) != 0)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
return TPM_RC_SUCCESS;
}
/* 10.2.1.4 Symmetric Test Functions */
/* 10.2.1.4.1 MakeIv() */
/* Internal function to make the appropriate IV depending on the mode. */
static UINT32
MakeIv(
TPM_ALG_ID mode, // IN: symmetric mode
UINT32 size, // IN: block size of the algorithm
BYTE *iv // OUT: IV to fill in
)
{
BYTE i;
if(mode == ALG_ECB_VALUE)
return 0;
if(mode == ALG_CTR_VALUE)
{
// The test uses an IV that has 0xff in the last byte
for(i = 1; i <= size; i++)
*iv++ = 0xff - (BYTE)(size - i);
}
else
{
for(i = 0; i < size; i++)
*iv++ = i;
}
return size;
}
/* 10.2.1.4.2 TestSymmetricAlgorithm() */
/* Function to test a specific algorithm, key size, and mode. */
static void
TestSymmetricAlgorithm(
const SYMMETRIC_TEST_VECTOR *test, //
TPM_ALG_ID mode //
)
{
BYTE encrypted[MAX_SYM_BLOCK_SIZE * 2];
BYTE decrypted[MAX_SYM_BLOCK_SIZE * 2];
TPM2B_IV iv;
//
// Get the appropriate IV
iv.t.size = (UINT16)MakeIv(mode, test->ivSize, iv.t.buffer);
// Encrypt known data
CryptSymmetricEncrypt(encrypted, test->alg, test->keyBits, test->key, &iv,
mode, test->dataInOutSize, test->dataIn);
// Check that it matches the expected value
if(!MemoryEqual(encrypted, test->dataOut[mode - ALG_CTR_VALUE],
test->dataInOutSize)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
// Reinitialize the iv for decryption
MakeIv(mode, test->ivSize, iv.t.buffer);
CryptSymmetricDecrypt(decrypted, test->alg, test->keyBits, test->key, &iv,
mode, test->dataInOutSize,
test->dataOut[mode - ALG_CTR_VALUE]);
// Make sure that it matches what we started with
if(!MemoryEqual(decrypted, test->dataIn, test->dataInOutSize)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
}
/* 10.2.1.4.3 AllSymsAreDone() */
/* Checks if both symmetric algorithms have been tested. This is put here so that addition of a
symmetric algorithm will be relatively easy to handle */
static BOOL
AllSymsAreDone(
ALGORITHM_VECTOR *toTest
)
{
return (!TEST_BOTH(ALG_AES_VALUE) && !TEST_BOTH(ALG_SM4_VALUE));
}
/* 10.2.1.4.4 AllModesAreDone() */
/* Checks if all the modes have been tested */
static BOOL
AllModesAreDone(
ALGORITHM_VECTOR *toTest
)
{
TPM_ALG_ID alg;
for(alg = TPM_SYM_MODE_FIRST; alg <= TPM_SYM_MODE_LAST; alg++)
if(TEST_BOTH(alg))
return FALSE;
return TRUE;
}
/* 10.2.1.4.5 TestSymmetric() */
/* If alg is a symmetric block cipher, then all of the modes that are selected are tested. If alg is
a mode, then all algorithms of that mode are tested. */
static TPM_RC
TestSymmetric(
TPM_ALG_ID alg,
ALGORITHM_VECTOR *toTest
)
{
SYM_INDEX index;
TPM_ALG_ID mode;
//
if(!TEST_BIT(alg, *toTest))
return TPM_RC_SUCCESS;
if(alg == ALG_AES_VALUE || alg == ALG_SM4_VALUE || alg == ALG_CAMELLIA_VALUE)
{
// Will test the algorithm for all modes and key sizes
CLEAR_BOTH(alg);
// A test this algorithm for all modes
for(index = 0; index < NUM_SYMS; index++)
{
if(c_symTestValues[index].alg == alg)
{
for(mode = TPM_SYM_MODE_FIRST;
mode <= TPM_SYM_MODE_LAST;
mode++)
{
if(TEST_BIT(mode, *toTest))
TestSymmetricAlgorithm(&c_symTestValues[index], mode);
}
}
}
// if all the symmetric tests are done
if(AllSymsAreDone(toTest))
{
// all symmetric algorithms tested so no modes should be set
for(alg = TPM_SYM_MODE_FIRST; alg <= TPM_SYM_MODE_LAST; alg++)
CLEAR_BOTH(alg);
}
}
else if(TPM_SYM_MODE_FIRST <= alg && alg <= TPM_SYM_MODE_LAST)
{
// Test this mode for all key sizes and algorithms
for(index = 0; index < NUM_SYMS; index++)
{
// The mode testing only comes into play when doing self tests
// by command. When doing self tests by command, the block ciphers are
// tested first. That means that all of their modes would have been
// tested for all key sizes. If there is no block cipher left to
// test, then clear this mode bit.
if(!TEST_BIT(ALG_AES_VALUE, *toTest)
&& !TEST_BIT(ALG_SM4_VALUE, *toTest))
{
CLEAR_BOTH(alg);
}
else
{
for(index = 0; index < NUM_SYMS; index++)
{
if(TEST_BIT(c_symTestValues[index].alg, *toTest))
TestSymmetricAlgorithm(&c_symTestValues[index], alg);
}
// have tested this mode for all algorithms
CLEAR_BOTH(alg);
}
}
if(AllModesAreDone(toTest))
{
CLEAR_BOTH(ALG_AES_VALUE);
CLEAR_BOTH(ALG_SM4_VALUE);
}
}
else
pAssert(alg == 0 && alg != 0);
return TPM_RC_SUCCESS;
}
/* 10.2.1.5 RSA Tests */
#ifdef TPM_ALG_RSA
/* 10.2.1.5.1 Introduction */
/* The tests are for public key only operations and for private key operations. Signature
verification and encryption are public key operations. They are tested by using a KVT. For
signature verification, this means that a known good signature is checked by
_cpri_ValidateSignatureRSA(). If it fails, then the TPM enters failure mode. For encryption, the
TPM encrypts known values using the selected scheme and checks that the returned value matches
the expected value. */
/* For private key operations, a full scheme check is used. For a signing key, a known key is used
to sign a known message. Then that signature is verified. since the signature may involve use of
random values, the signature will be different each time and we can't always check that the
signature matches a known value. The same technique is used for decryption (RSADP/RSAEP). */
/* When an operation uses the public key and the verification has not been tested, the TPM will do a
KVT. */
/* The test for the signing algorithm is built into the call for the algorithm */
/* 10.2.1.5.2 RsaKeyInitialize() */
/* The test key is defined by a public modulus and a private prime. The TPM's RSA code computes the
second prime and the private exponent. */
static void
RsaKeyInitialize(
OBJECT *testObject
)
{
MemoryCopy2B(&testObject->publicArea.unique.rsa.b, (P2B)&c_rsaPublicModulus,
sizeof(c_rsaPublicModulus));
MemoryCopy2B(&testObject->sensitive.sensitive.rsa.b, (P2B)&c_rsaPrivatePrime,
sizeof(testObject->sensitive.sensitive.rsa.t.buffer));
testObject->publicArea.parameters.rsaDetail.keyBits = RSA_TEST_KEY_SIZE * 8;
// Use the default exponent
testObject->publicArea.parameters.rsaDetail.exponent = 0;
testObject->attributes.privateExp = 0;
}
/* 10.2.1.5.3 TestRsaEncryptDecrypt() */
/* These test are for an public key encryption that uses a random value */
static TPM_RC
TestRsaEncryptDecrypt(
TPM_ALG_ID scheme, // IN: the scheme
ALGORITHM_VECTOR *toTest //
)
{
TPM2B_PUBLIC_KEY_RSA testInput;
TPM2B_PUBLIC_KEY_RSA testOutput;
const TPM2B_RSA_TEST_KEY *kvtValue = &c_RsaesKvt;
TPM_RC result = TPM_RC_SUCCESS;
const TPM2B *testLabel = NULL;
OBJECT testObject;
TPMT_RSA_DECRYPT rsaScheme;
//
// Don't need to initialize much of the test object but do need to initialize
// the flag indicating that the private exponent has been computed.
testObject.attributes.privateExp = CLEAR;
RsaKeyInitialize(&testObject);
rsaScheme.scheme = scheme;
rsaScheme.details.anySig.hashAlg = DEFAULT_TEST_HASH;
CLEAR_BOTH(scheme);
CLEAR_BOTH(ALG_NULL_VALUE);
if(scheme == TPM_ALG_NULL)
{
// This is an encryption scheme using the private key without any encoding.
memcpy(testInput.t.buffer, c_RsaTestValue, sizeof(c_RsaTestValue));
testInput.t.size = sizeof(c_RsaTestValue);
if(TPM_RC_SUCCESS != CryptRsaEncrypt(&testOutput, &testInput.b,
&testObject, &rsaScheme, NULL, NULL)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
if(!MemoryEqual(testOutput.t.buffer, c_RsaepKvt.buffer, c_RsaepKvt.size)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer));
if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b,
&testObject, &rsaScheme, NULL)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
if(!MemoryEqual(testOutput.t.buffer, c_RsaTestValue,
sizeof(c_RsaTestValue))) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
}
else
{
// ALG_RSAES_VALUE:
// This is an decryption scheme using padding according to
// PKCS#1v2.1, 7.2. This padding uses random bits. To test a public
// key encryption that uses random data, encrypt a value and then
// decrypt the value and see that we get the encrypted data back.
// The hash is not used by this encryption so it can be TMP_ALG_NULL
// ALG_OAEP_VALUE:
// This is also an decryption scheme and it also uses a
// pseudo-random
// value. However, this also uses a hash algorithm. So, we may need
// to test that algorithm before use.
if(scheme == ALG_OAEP_VALUE)
{
TEST_DEFAULT_TEST_HASH(toTest);
kvtValue = &c_OaepKvt;
testLabel = OAEP_TEST_STRING;
}
else if(scheme == ALG_RSAES_VALUE)
{
kvtValue = &c_RsaesKvt;
testLabel = NULL;
}
else {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
// Only use a digest-size portion of the test value
memcpy(testInput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE);
testInput.t.size = DEFAULT_TEST_DIGEST_SIZE;
// See if the encryption works
if(TPM_RC_SUCCESS != CryptRsaEncrypt(&testOutput, &testInput.b,
&testObject, &rsaScheme, testLabel,
NULL)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer));
// see if we can decrypt this value and get the original data back
if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b,
&testObject, &rsaScheme, testLabel)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
// See if the results compare
if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE
|| !MemoryEqual(testOutput.t.buffer, c_RsaTestValue,
DEFAULT_TEST_DIGEST_SIZE)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
// Now check that the decryption works on a known value
MemoryCopy2B(&testInput.b, (P2B)kvtValue,
sizeof(testInput.t.buffer));
if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b,
&testObject, &rsaScheme, testLabel)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE
|| !MemoryEqual(testOutput.t.buffer, c_RsaTestValue,
DEFAULT_TEST_DIGEST_SIZE)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
}
return result;
}
/* 10.2.1.5.4 TestRsaSignAndVerify() */
/* This function does the testing of the RSA sign and verification functions. This test does a
KVT. */
static TPM_RC
TestRsaSignAndVerify(
TPM_ALG_ID scheme,
ALGORITHM_VECTOR *toTest
)
{
TPM_RC result = TPM_RC_SUCCESS;
OBJECT testObject;
TPM2B_DIGEST testDigest;
TPMT_SIGNATURE testSig;
// Do a sign and signature verification.
// RSASSA:
// This is a signing scheme according to PKCS#1-v2.1 8.2. It does not
// use random data so there is a KVT for the signing operation. On
// first use of the scheme for signing, use the TPM's RSA key to
// sign a portion of c_RsaTestData and compare the results to c_RsassaKvt. Then
// decrypt the data to see that it matches the starting value. This verifies
// the signature with a KVT
// Clear the bits indicating that the function has not been checked. This is to
// prevent looping
CLEAR_BOTH(scheme);
CLEAR_BOTH(ALG_NULL_VALUE);
CLEAR_BOTH(ALG_RSA_VALUE);
RsaKeyInitialize(&testObject);
memcpy(testDigest.t.buffer, (BYTE *)c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE);
testDigest.t.size = DEFAULT_TEST_DIGEST_SIZE;
testSig.sigAlg = scheme;
testSig.signature.rsapss.hash = DEFAULT_TEST_HASH;
// RSAPSS:
// This is a signing scheme a according to PKCS#1-v2.2 8.1 it uses
// random data in the signature so there is no KVT for the signing
// operation. To test signing, the TPM will use the TPM's RSA key
// to sign a portion of c_RsaTestValue and then it will verify the
// signature. For verification, c_RsapssKvt is verified before the
// user signature blob is verified. The worst case for testing of this
// algorithm is two private and one public key operation.
// The process is to sign known data. If RSASSA is being done, verify that the
// signature matches the precomputed value. For both, use the signed value and
// see that the verification says that it is a good signature. Then
// if testing RSAPSS, do a verify of a known good signature. This ensures that
// the validation function works.
if(TPM_RC_SUCCESS != CryptRsaSign(&testSig, &testObject, &testDigest, NULL)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
// For RSASSA, make sure the results is what we are looking for
if(testSig.sigAlg == ALG_RSASSA_VALUE)
{
if(testSig.signature.rsassa.sig.t.size != RSA_TEST_KEY_SIZE
|| !MemoryEqual(c_RsassaKvt.buffer,
testSig.signature.rsassa.sig.t.buffer,
RSA_TEST_KEY_SIZE)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
}
// See if the TPM will validate its own signatures
if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject,
&testDigest)) {
FAIL(FATAL_ERROR_SELF_TEST);
// SELF_TEST_FAILURE;
}
// If this is RSAPSS, check the verification with known signature
// Have to copy because CrytpRsaValidateSignature() eats the signature
if(ALG_RSAPSS_VALUE == scheme)
{
MemoryCopy2B(&testSig.signature.rsapss.sig.b, (P2B)&c_RsapssKvt,
sizeof(testSig.signature.rsapss.sig.t.buffer));
if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject,
&testDigest)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
}
return result;
}
/* 10.2.1.5.5 TestRSA() */
/* Function uses the provided vector to indicate which tests to run. It will clear the vector after
each test is run and also clear g_toTest */
static TPM_RC
TestRsa(
TPM_ALG_ID alg,
ALGORITHM_VECTOR *toTest
)
{
TPM_RC result = TPM_RC_SUCCESS;
//
switch(alg)
{
case ALG_NULL_VALUE:
// This is the RSAEP/RSADP function. If we are processing a list, don't
// need to test these now because any other test will validate
// RSAEP/RSADP. Can tell this is list of test by checking to see if
// 'toTest' is pointing at g_toTest. If so, this is an isolated test
// an need to go ahead and do the test;
if((toTest == &g_toTest)
|| (!TEST_BIT(ALG_RSASSA_VALUE, *toTest)
&& !TEST_BIT(ALG_RSAES_VALUE, *toTest)
&& !TEST_BIT(ALG_RSAPSS_VALUE, *toTest)
&& !TEST_BIT(ALG_OAEP_VALUE, *toTest)))
// Not running a list of tests or no other tests on the list
// so run the test now
result = TestRsaEncryptDecrypt(alg, toTest);
// if not running the test now, leave the bit on, just in case things
// get interrupted
break;
case ALG_OAEP_VALUE:
case ALG_RSAES_VALUE:
result = TestRsaEncryptDecrypt(alg, toTest);
break;
case ALG_RSAPSS_VALUE:
case ALG_RSASSA_VALUE:
result = TestRsaSignAndVerify(alg, toTest);
break;
default:
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
return result;
}
#endif // TPM_ALG_RSA
/* 10.2.1.6 ECC Tests */
#ifdef TPM_ALG_ECC
/* 10.2.1.6.1 LoadEccParameter() */
/* This function is mostly for readability and type checking */
static void
LoadEccParameter(
TPM2B_ECC_PARAMETER *to, // target
const TPM2B_EC_TEST *from // source
)
{
MemoryCopy2B(&to->b, &from->b, sizeof(to->t.buffer));
}
/* 10.2.1.6.2 LoadEccPoint() */
static void
LoadEccPoint(
TPMS_ECC_POINT *point, // target
const TPM2B_EC_TEST *x, // source
const TPM2B_EC_TEST *y
)
{
MemoryCopy2B(&point->x.b, (TPM2B *)x, sizeof(point->x.t.buffer));
MemoryCopy2B(&point->y.b, (TPM2B *)y, sizeof(point->y.t.buffer));
}
/* 10.2.1.6.3 TestECDH() */
/* This test does a KVT on a point multiply. */
static TPM_RC
TestECDH(
TPM_ALG_ID scheme, // IN: for consistency
ALGORITHM_VECTOR *toTest // IN/OUT: modified after test is run
)
{
TPMS_ECC_POINT Z;
TPMS_ECC_POINT Qe;
TPM2B_ECC_PARAMETER ds;
TPM_RC result = TPM_RC_SUCCESS;
//
NOT_REFERENCED(scheme);
CLEAR_BOTH(ALG_ECDH_VALUE);
LoadEccParameter(&ds, &c_ecTestKey_ds);
LoadEccPoint(&Qe, &c_ecTestKey_QeX, &c_ecTestKey_QeY);
if(TPM_RC_SUCCESS != CryptEccPointMultiply(&Z, c_testCurve, &Qe, &ds,
NULL, NULL)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
if(!MemoryEqual2B(&c_ecTestEcdh_X.b, &Z.x.b)
|| !MemoryEqual2B(&c_ecTestEcdh_Y.b, &Z.y.b)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
return result;
}
static TPM_RC
TestEccSignAndVerify(
TPM_ALG_ID scheme,
ALGORITHM_VECTOR *toTest
)
{
OBJECT testObject;
TPMT_SIGNATURE testSig;
TPMT_ECC_SCHEME eccScheme;
testSig.sigAlg = scheme;
testSig.signature.ecdsa.hash = DEFAULT_TEST_HASH;
eccScheme.scheme = scheme;
eccScheme.details.anySig.hashAlg = DEFAULT_TEST_HASH;
CLEAR_BOTH(scheme);
CLEAR_BOTH(ALG_ECDH_VALUE);
// ECC signature verification testing uses a KVT.
switch(scheme)
{
case ALG_ECDSA_VALUE:
LoadEccParameter(&testSig.signature.ecdaa.signatureR, &c_TestEcDsa_r);
LoadEccParameter(&testSig.signature.ecdaa.signatureS, &c_TestEcDsa_s);
break;
case ALG_ECSCHNORR_VALUE:
LoadEccParameter(&testSig.signature.ecdaa.signatureR,
&c_TestEcSchnorr_r);
LoadEccParameter(&testSig.signature.ecdaa.signatureS,
&c_TestEcSchnorr_s);
break;
case ALG_SM2_VALUE:
// don't have a test for SM2
return TPM_RC_SUCCESS;
default:
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
break;
}
TEST_DEFAULT_TEST_HASH(toTest);
// Have to copy the key. This is because the size used in the test vectors
// is the size of the ECC parameter for the test key while the size of a point
// is TPM dependent
MemoryCopy2B(&testObject.sensitive.sensitive.ecc.b, &c_ecTestKey_ds.b,
sizeof(testObject.sensitive.sensitive.ecc.t.buffer));
LoadEccPoint(&testObject.publicArea.unique.ecc, &c_ecTestKey_QsX,
&c_ecTestKey_QsY);
testObject.publicArea.parameters.eccDetail.curveID = c_testCurve;
if(TPM_RC_SUCCESS != CryptEccValidateSignature(&testSig, &testObject,
(TPM2B_DIGEST *)&c_ecTestValue.b))
{
//??? Don't have a valid test for ECSCORR right now because the algorithm has
//??? changed and the KVT has not been updated.
if(scheme != ALG_ECSCHNORR_VALUE) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
}
CHECK_CANCELED;
// Now sign and verify some data
if(TPM_RC_SUCCESS != CryptEccSign(&testSig, &testObject,
(TPM2B_DIGEST *)&c_ecTestValue,
&eccScheme, NULL)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
CHECK_CANCELED;
if(TPM_RC_SUCCESS != CryptEccValidateSignature(&testSig, &testObject,
(TPM2B_DIGEST *)&c_ecTestValue)) {
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
}
CHECK_CANCELED;
return TPM_RC_SUCCESS;
}
static TPM_RC
TestEcc(
TPM_ALG_ID alg,
ALGORITHM_VECTOR *toTest
)
{
TPM_RC result = TPM_RC_SUCCESS;
NOT_REFERENCED(toTest);
switch(alg)
{
case ALG_ECC_VALUE:
case ALG_ECDH_VALUE:
// If this is in a loop then see if another test is going to deal with
// this.
// If toTest is not a self-test list
if((toTest == &g_toTest)
// or this is the only ECC test in the list
|| !(TEST_BIT(ALG_ECDSA_VALUE, *toTest)
|| TEST_BIT(ALG_ECSCHNORR, *toTest)
|| TEST_BIT(ALG_SM2_VALUE, *toTest)))
{
result = TestECDH(alg, toTest);
}
break;
case ALG_ECDSA_VALUE:
case ALG_ECSCHNORR_VALUE:
case ALG_SM2_VALUE:
result = TestEccSignAndVerify(alg, toTest);
break;
default:
FAIL(FATAL_ERROR_SELF_TEST);
// kgold SELF_TEST_FAILURE;
break;
}
return result;
}
#endif // TPM_ALG_ECC
/* 10.2.1.6.4 TestAlgorithm() */
/* Dispatches to the correct test function for the algorithm. If algorithm is not If toTest is not
NULL, then the test decisions are based on the algorithm selections in toTest. Otherwise,
g_toTest is used. When bits are clear in g_toTest they will also be cleared toTest. If there
doesn't happen to be a test for the algorithm, its associated bit quietly cleared. If alg is zero
(TPM_ALG_ERROR), then the toTest vector is cleared of any bits for which there is a test (i.e. no
tests are actually run but the vector is cleared. */
/* NOTE: toTest will only ever have bits set for implemented algorithms but alg can be anything. */
/* Error Returns Meaning */
/* TPM_RC_SUCCESS test complete */
/* TPM_RC_CANCELED test was canceled */
LIB_EXPORT
TPM_RC
TestAlgorithm(
TPM_ALG_ID alg,
ALGORITHM_VECTOR *toTest
)
{
TPM_ALG_ID first = (alg == TPM_ALG_ERROR) ? TPM_ALG_FIRST : alg;
TPM_ALG_ID last = (alg == TPM_ALG_ERROR) ? TPM_ALG_LAST : alg;
BOOL doTest = (alg != TPM_ALG_ERROR);
TPM_RC result = TPM_RC_SUCCESS;
if(toTest == NULL)
toTest = &g_toTest;
// This is kind of strange. This function will either run a test of the selected
// algorithm or just clear a bit if there is no test for the algorithm. So,
// either this loop will be executed once for the selected algorithm or once for
// each of the possible algorithms. If it is executed more than once ('alg' ==
// TPM_ALG_ERROR), then no test will be run but bits will be cleared for
// unimplemented algorithms. This was done this way so that there is only one
// case statement with all of the algorithms. It was easier to have one case
// statement than to have multiple ones to manage whenever an algorithm ID is
// added.
for(alg = first; (alg <= last); alg++)
{
// if 'alg' was TPM_ALG_ERROR, then we will be cycling through
// values, some of which may not be implemented. If the bit in toTest
// happens to be set, then we could either generated an assert, or just
// silently CLEAR it. Decided to just clear.
if(!TEST_BIT(alg, g_implementedAlgorithms))
{
CLEAR_BIT(alg, *toTest);
continue;
}
// Process whatever is left.
// NOTE: since this switch will only be called if the algorithm is
// implemented, it is not necessary to modify this list except to comment
// out the algorithms for which there is no test
switch(alg)
{
// Symmetric block ciphers
#ifdef TPM_ALG_AES
case ALG_AES_VALUE:
#endif
#ifdef TPM_ALG_SM4
// if SM4 is implemented, its test is like other block ciphers but there
// aren't any test vectors for it yet
// case ALG_SM4_VALUE:
#endif
#ifdef TPM_ALG_CAMELLIA
// no test vectors for camellia
// case ALG_CAMELLIA_VALUE:
#endif
// Symmetric modes
#ifndef TPM_ALG_CFB
# error CFB is required in all TPM implementations
#endif // !TPM_ALG_CFB
case ALG_CFB_VALUE:
if(doTest)
result = TestSymmetric(alg, toTest);
break;
#ifdef TPM_ALG_CTR
case ALG_CTR_VALUE:
#endif // TPM_ALG_CRT
#ifdef TPM_ALG_OFB
case ALG_OFB_VALUE:
#endif // TPM_ALG_OFB
#ifdef TPM_ALG_CBC
case ALG_CBC_VALUE:
#endif // TPM_ALG_CBC
#ifdef TPM_ALG_ECB
case ALG_ECB_VALUE:
#endif
if(doTest)
result = TestSymmetric(alg, toTest);
else
// If doing the initialization of g_toTest vector, only need
// to test one of the modes for the symmetric algorithms. If
// initializing for a SelfTest(FULL_TEST), allow all the modes.
if(toTest == &g_toTest)
CLEAR_BIT(alg, *toTest);
break;
#ifndef TPM_ALG_HMAC
# error HMAC is required in all TPM implementations
#endif
case ALG_HMAC_VALUE:
// Clear the bit that indicates that HMAC is required because
// HMAC is used as the basic test for all hash algorithms.
CLEAR_BOTH(alg);
// Testing HMAC means test the default hash
if(doTest)
TestHash(DEFAULT_TEST_HASH, toTest);
else
// If not testing, then indicate that the hash needs to be
// tested because this uses HMAC
SET_BOTH(DEFAULT_TEST_HASH);
break;
#ifdef TPM_ALG_SHA1
case ALG_SHA1_VALUE:
#endif // TPM_ALG_SHA1
#ifdef TPM_ALG_SHA256
case ALG_SHA256_VALUE:
#endif // TPM_ALG_SHA256
#ifdef TPM_ALG_SHA384
case ALG_SHA384_VALUE:
#endif // TPM_ALG_SHA384
#ifdef TPM_ALG_SHA512
case ALG_SHA512_VALUE:
#endif // TPM_ALG_SHA512
// if SM3 is implemented its test is like any other hash, but there
// aren't any test vectors yet.
#ifdef TPM_ALG_SM3_256
// case ALG_SM3_256_VALUE:
#endif // TPM_ALG_SM3_256
if(doTest)
result = TestHash(alg, toTest);
break;
// RSA-dependent
#ifdef TPM_ALG_RSA
case ALG_RSA_VALUE:
CLEAR_BOTH(alg);
if(doTest)
result = TestRsa(TPM_ALG_NULL, toTest);
else
SET_BOTH(TPM_ALG_NULL);
break;
case ALG_RSASSA_VALUE:
case ALG_RSAES_VALUE:
case ALG_RSAPSS_VALUE:
case ALG_OAEP_VALUE:
case ALG_NULL_VALUE: // used or RSADP
if(doTest)
result = TestRsa(alg, toTest);
break;
#endif // TPM_ALG_RSA
#ifdef TPM_ALG_ECC
// ECC dependent but no tests
// case ALG_ECDAA_VALUE:
// case ALG_ECMQV_VALUE:
// case ALG_KDF1_SP800_56a_VALUE:
// case ALG_KDF2_VALUE:
// case ALG_KDF1_SP800_108_VALUE:
// case ALG_MGF1_VALUE:
case ALG_ECC_VALUE:
CLEAR_BOTH(alg);
if(doTest)
result = TestEcc(ALG_ECDH_VALUE, toTest);
else
SET_BOTH(ALG_ECDH_VALUE);
break;
case ALG_ECDSA_VALUE:
case ALG_ECDH_VALUE:
case ALG_ECSCHNORR_VALUE:
// case ALG_SM2_VALUE:
if(doTest)
result = TestEcc(alg, toTest);
break;
#endif // TPM_ALG_ECC
default:
CLEAR_BIT(alg, *toTest);
break;
}
if(result != TPM_RC_SUCCESS)
break;
}
return result;
}
#endif // SELF_TESTS

73
src/tpm2/AlgorithmTests_fp.h Normal file
View File

@ -0,0 +1,73 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: AlgorithmTests_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef ALGORITHMTESTS_FP_H
#define ALGORITHMTESTS_FP_H
LIB_EXPORT
TPM_RC
TestAlgorithm(
TPM_ALG_ID alg,
ALGORITHM_VECTOR *toTest
);
#endif

310
src/tpm2/AsymmetricCommands.c Normal file
View File

@ -0,0 +1,310 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: AsymmetricCommands.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#include "Tpm.h"
#include "RSA_Encrypt_fp.h"
#ifdef TPM_CC_RSA_Encrypt // Conditional expansion of this file
#ifdef TPM_ALG_RSA
TPM_RC
TPM2_RSA_Encrypt(
RSA_Encrypt_In *in, // IN: input parameter list
RSA_Encrypt_Out *out // OUT: output parameter list
)
{
TPM_RC result;
OBJECT *rsaKey;
TPMT_RSA_DECRYPT *scheme;
// Input Validation
rsaKey = HandleToObject(in->keyHandle);
// selected key must be an RSA key
if(rsaKey->publicArea.type != TPM_ALG_RSA)
return TPM_RCS_KEY + RC_RSA_Encrypt_keyHandle;
// selected key must have the decryption attribute
if(rsaKey->publicArea.objectAttributes.decrypt != SET)
return TPM_RCS_ATTRIBUTES + RC_RSA_Encrypt_keyHandle;
// Is there a label?
if(!IsLabelProperlyFormatted(&in->label.b))
return TPM_RCS_VALUE + RC_RSA_Encrypt_label;
// Command Output
// Select a scheme for encryption
scheme = CryptRsaSelectScheme(in->keyHandle, &in->inScheme);
if(scheme == NULL)
return TPM_RCS_SCHEME + RC_RSA_Encrypt_inScheme;
// Encryption. TPM_RC_VALUE, or TPM_RC_SCHEME errors my be returned buy
// CryptEncyptRSA.
out->outData.t.size = sizeof(out->outData.t.buffer);
result = CryptRsaEncrypt(&out->outData, &in->message.b, rsaKey, scheme,
&in->label.b, NULL);
return result;
}
#endif
#endif // CC_RSA_Encrypt
#include "Tpm.h"
#include "RSA_Decrypt_fp.h"
#ifdef TPM_CC_RSA_Decrypt // Conditional expansion of this file
#ifdef TPM_ALG_RSA
TPM_RC
TPM2_RSA_Decrypt(
RSA_Decrypt_In *in, // IN: input parameter list
RSA_Decrypt_Out *out // OUT: output parameter list
)
{
TPM_RC result;
OBJECT *rsaKey;
TPMT_RSA_DECRYPT *scheme;
// Input Validation
rsaKey = HandleToObject(in->keyHandle);
// The selected key must be an RSA key
if(rsaKey->publicArea.type != TPM_ALG_RSA)
return TPM_RCS_KEY + RC_RSA_Decrypt_keyHandle;
// The selected key must be an unrestricted decryption key
if(rsaKey->publicArea.objectAttributes.restricted == SET
|| rsaKey->publicArea.objectAttributes.decrypt == CLEAR)
return TPM_RCS_ATTRIBUTES + RC_RSA_Decrypt_keyHandle;
// NOTE: Proper operation of this command requires that the sensitive area
// of the key is loaded. This is assured because authorization is required
// to use the sensitive area of the key. In order to check the authorization,
// the sensitive area has to be loaded, even if authorization is with policy.
// If label is present, make sure that it is a NULL-terminated string
if(!IsLabelProperlyFormatted(&in->label.b))
return TPM_RCS_VALUE + RC_RSA_Decrypt_label;
// Command Output
// Select a scheme for decrypt.
scheme = CryptRsaSelectScheme(in->keyHandle, &in->inScheme);
if(scheme == NULL)
return TPM_RCS_SCHEME + RC_RSA_Decrypt_inScheme;
// Decryption. TPM_RC_VALUE, TPM_RC_SIZE, and TPM_RC_KEY error may be
// returned by CryptRsaDecrypt.
// NOTE: CryptRsaDecrypt can also return TPM_RC_ATTRIBUTES or TPM_RC_BINDING
// when the key is not a decryption key but that was checked above.
out->message.t.size = sizeof(out->message.t.buffer);
result = CryptRsaDecrypt(&out->message.b, &in->cipherText.b, rsaKey,
scheme, &in->label.b);
return result;
}
#endif
#endif // CC_RSA_Decrypt
#include "Tpm.h"
#include "ECDH_KeyGen_fp.h"
#ifdef TPM_CC_ECDH_KeyGen // Conditional expansion of this file
#ifdef TPM_ALG_ECC
TPM_RC
TPM2_ECDH_KeyGen(
ECDH_KeyGen_In *in, // IN: input parameter list
ECDH_KeyGen_Out *out // OUT: output parameter list
)
{
OBJECT *eccKey;
TPM2B_ECC_PARAMETER sensitive;
TPM_RC result;
// Input Validation
eccKey = HandleToObject(in->keyHandle);
// Referenced key must be an ECC key
if(eccKey->publicArea.type != TPM_ALG_ECC)
return TPM_RCS_KEY + RC_ECDH_KeyGen_keyHandle;
// Command Output
do
{
TPMT_PUBLIC *keyPublic = &eccKey->publicArea;
// Create ephemeral ECC key
result = CryptEccNewKeyPair(&out->pubPoint.point, &sensitive,
keyPublic->parameters.eccDetail.curveID);
if(result == TPM_RC_SUCCESS)
{
// Compute Z
result = CryptEccPointMultiply(&out->zPoint.point,
keyPublic->parameters.eccDetail.curveID,
&keyPublic->unique.ecc,
&sensitive,
NULL, NULL);
// The point in the key is not on the curve. Indicate
// that the key is bad.
if(result == TPM_RC_ECC_POINT)
return TPM_RCS_KEY + RC_ECDH_KeyGen_keyHandle;
// The other possible error from CryptEccPointMultiply is
// TPM_RC_NO_RESULT indicating that the multiplication resulted in
// the point at infinity, so get a new random key and start over
// BTW, this never happens.
}
} while(result == TPM_RC_NO_RESULT);
return result;
}
#endif // ALG_ECC
#endif // CC_ECDH_KeyGen
#include "Tpm.h"
#include "ECDH_ZGen_fp.h"
#ifdef TPM_CC_ECDH_ZGen // Conditional expansion of this file
#ifdef TPM_ALG_ECC
TPM_RC
TPM2_ECDH_ZGen(
ECDH_ZGen_In *in, // IN: input parameter list
ECDH_ZGen_Out *out // OUT: output parameter list
)
{
TPM_RC result;
OBJECT *eccKey;
// Input Validation
eccKey = HandleToObject(in->keyHandle);
// Selected key must be a non-restricted, decrypt ECC key
if(eccKey->publicArea.type != TPM_ALG_ECC)
return TPM_RCS_KEY + RC_ECDH_ZGen_keyHandle;
// Selected key needs to be unrestricted with the 'decrypt' attribute
if(eccKey->publicArea.objectAttributes.restricted == SET
|| eccKey->publicArea.objectAttributes.decrypt != SET)
return TPM_RCS_ATTRIBUTES + RC_ECDH_ZGen_keyHandle;
// Make sure the scheme allows this use
if(eccKey->publicArea.parameters.eccDetail.scheme.scheme != TPM_ALG_ECDH
&& eccKey->publicArea.parameters.eccDetail.scheme.scheme != TPM_ALG_NULL)
return TPM_RCS_SCHEME + RC_ECDH_ZGen_keyHandle;
// Command Output
// Compute Z. TPM_RC_ECC_POINT or TPM_RC_NO_RESULT may be returned here.
result = CryptEccPointMultiply(&out->outPoint.point,
eccKey->publicArea.parameters.eccDetail.curveID,
&in->inPoint.point,
&eccKey->sensitive.sensitive.ecc,
NULL, NULL);
if(result != TPM_RC_SUCCESS)
return RcSafeAddToResult(result, RC_ECDH_ZGen_inPoint);
return result;
}
#endif
#endif // CC_ECDH_ZGen
#include "Tpm.h"
#include "ECC_Parameters_fp.h"
#ifdef TPM_CC_ECC_Parameters // Conditional expansion of this file
#ifdef TPM_ALG_ECC
TPM_RC
TPM2_ECC_Parameters(
ECC_Parameters_In *in, // IN: input parameter list
ECC_Parameters_Out *out // OUT: output parameter list
)
{
// Command Output
// Get ECC curve parameters
if(CryptEccGetParameters(in->curveID, &out->parameters))
return TPM_RC_SUCCESS;
else
return TPM_RCS_VALUE + RC_ECC_Parameters_curveID;
}
#endif
#endif // CC_ECC_Parameters
#include "Tpm.h"
#include "ZGen_2Phase_fp.h"
#ifdef TPM_CC_ZGen_2Phase // Conditional expansion of this file
TPM_RC
TPM2_ZGen_2Phase(
ZGen_2Phase_In *in, // IN: input parameter list
ZGen_2Phase_Out *out // OUT: output parameter list
)
{
TPM_RC result;
OBJECT *eccKey;
TPM2B_ECC_PARAMETER r;
TPM_ALG_ID scheme;
// Input Validation
eccKey = HandleToObject(in->keyA);
// keyA must be an ECC key
if(eccKey->publicArea.type != TPM_ALG_ECC)
return TPM_RCS_KEY + RC_ZGen_2Phase_keyA;
// keyA must not be restricted and must be a decrypt key
if(eccKey->publicArea.objectAttributes.restricted == SET
|| eccKey->publicArea.objectAttributes.decrypt != SET
)
return TPM_RCS_ATTRIBUTES + RC_ZGen_2Phase_keyA;
// if the scheme of keyA is TPM_ALG_NULL, then use the input scheme; otherwise
// the input scheme must be the same as the scheme of keyA
scheme = eccKey->publicArea.parameters.asymDetail.scheme.scheme;
if(scheme != TPM_ALG_NULL)
{
if(scheme != in->inScheme)
return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme;
}
else
scheme = in->inScheme;
if(scheme == TPM_ALG_NULL)
return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme;
// Input points must be on the curve of keyA
if(!CryptEccIsPointOnCurve(eccKey->publicArea.parameters.eccDetail.curveID,
&in->inQsB.point))
return TPM_RCS_ECC_POINT + RC_ZGen_2Phase_inQsB;
if(!CryptEccIsPointOnCurve(eccKey->publicArea.parameters.eccDetail.curveID,
&in->inQeB.point))
return TPM_RCS_ECC_POINT + RC_ZGen_2Phase_inQeB;
if(!CryptGenerateR(&r, &in->counter,
eccKey->publicArea.parameters.eccDetail.curveID,
NULL))
return TPM_RCS_VALUE + RC_ZGen_2Phase_counter;
// Command Output
result = CryptEcc2PhaseKeyExchange(&out->outZ1.point,
&out->outZ2.point,
eccKey->publicArea.parameters.eccDetail.curveID,
scheme,
&eccKey->sensitive.sensitive.ecc,
&r,
&in->inQsB.point,
&in->inQeB.point);
if(result == TPM_RC_SCHEME)
return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme;
if(result == TPM_RC_SUCCESS)
CryptEndCommit(in->counter);
return result;
}
#endif

207
src/tpm2/Attest_spt.c Normal file
View File

@ -0,0 +1,207 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Attest_spt.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#include "Tpm.h"
#include "Attest_spt_fp.h"
/* 7.2.2 Functions */
/* 7.2.2.1 FillInAttestInfo() */
/* Fill in common fields of TPMS_ATTEST structure. */
void
FillInAttestInfo(
TPMI_DH_OBJECT signHandle, // IN: handle of signing object
TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing
TPM2B_DATA *data, // IN: qualifying data
TPMS_ATTEST *attest // OUT: attest structure
)
{
OBJECT *signObject = HandleToObject(signHandle);
// Magic number
attest->magic = TPM_GENERATED_VALUE;
if(signObject == NULL)
{
// The name for a null handle is TPM_RH_NULL
// This is defined because UINT32_TO_BYTE_ARRAY does a cast. If the
// size of the cast is smaller than a constant, the compiler warns
// about the truncation of a constant value.
TPM_HANDLE nullHandle = TPM_RH_NULL;
attest->qualifiedSigner.t.size = sizeof(TPM_HANDLE);
UINT32_TO_BYTE_ARRAY(nullHandle, attest->qualifiedSigner.t.name);
}
else
{
// Certifying object qualified name
// if the scheme is anonymous, this is an empty buffer
if(CryptIsSchemeAnonymous(scheme->scheme))
attest->qualifiedSigner.t.size = 0;
else
attest->qualifiedSigner = signObject->qualifiedName;
}
// current clock in plain text
TimeFillInfo(&attest->clockInfo);
// Firmware version in plain text
attest->firmwareVersion = ((UINT64)gp.firmwareV1 << (sizeof(UINT32) * 8));
attest->firmwareVersion += gp.firmwareV2;
// Check the hierarchy of sign object. For NULL sign handle, the hierarchy
// will be TPM_RH_NULL
if((signObject == NULL)
|| (!signObject->attributes.epsHierarchy
&& !signObject->attributes.ppsHierarchy))
{
// For signing key that is not in platform or endorsement hierarchy,
// obfuscate the reset, restart and firmware version information
UINT64 obfuscation[2];
CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &gp.shProof.b, OBFUSCATE_STRING,
&attest->qualifiedSigner.b, NULL, 128,
(BYTE *)&obfuscation[0], NULL, FALSE);
// Obfuscate data
attest->firmwareVersion += obfuscation[0];
attest->clockInfo.resetCount += (UINT32)(obfuscation[1] >> 32);
attest->clockInfo.restartCount += (UINT32)obfuscation[1];
}
// External data
if(CryptIsSchemeAnonymous(scheme->scheme))
attest->extraData.t.size = 0;
else
{
// If we move the data to the attestation structure, then it is not
// used in the signing operation except as part of the signed data
attest->extraData = *data;
data->t.size = 0;
}
}
/* 7.2.2.2 SignAttestInfo() */
/* Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature is returned. */
/* Error Returns Meaning */
/* TPM_RC_ATTRIBUTES signHandle references not a signing key */
/* TPM_RC_SCHEME scheme is not compatible with signHandle type */
/* TPM_RC_VALUE digest generated for the given scheme is greater than the modulus of signHandle (for
an RSA key); invalid commit status or failed to generate r value (for an ECC key) */
TPM_RC
SignAttestInfo(
OBJECT *signKey, // IN: sign object
TPMT_SIG_SCHEME *scheme, // IN: sign scheme
TPMS_ATTEST *certifyInfo, // IN: the data to be signed
TPM2B_DATA *qualifyingData, // IN: extra data for the signing
// process
TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be
// signed
TPMT_SIGNATURE *signature // OUT: signature
)
{
BYTE *buffer;
HASH_STATE hashState;
TPM2B_DIGEST digest;
TPM_RC result;
// Marshal TPMS_ATTEST structure for hash
buffer = attest->t.attestationData;
attest->t.size = TPMS_ATTEST_Marshal(certifyInfo, &buffer, NULL);
if(signKey == NULL)
{
signature->sigAlg = TPM_ALG_NULL;
result = TPM_RC_SUCCESS;
}
else
{
TPMI_ALG_HASH hashAlg;
// Compute hash
hashAlg = scheme->details.any.hashAlg;
// need to set the receive buffer to get something put in it
digest.t.size = sizeof(digest.t.buffer);
digest.t.size = CryptHashBlock(hashAlg, attest->t.size,
attest->t.attestationData,
digest.t.size, digest.t.buffer);
// If there is qualifying data, need to rehash the data
// hash(qualifyingData || hash(attestationData))
if(qualifyingData->t.size != 0)
{
CryptHashStart(&hashState, hashAlg);
CryptDigestUpdate2B(&hashState, &qualifyingData->b);
CryptDigestUpdate2B(&hashState, &digest.b);
CryptHashEnd2B(&hashState, &digest.b);
}
// Sign the hash. A TPM_RC_VALUE, TPM_RC_SCHEME, or
// TPM_RC_ATTRIBUTES error may be returned at this point
result = CryptSign(signKey, scheme, &digest, signature);
// Since the clock is used in an attestation, the state in NV is no longer
// "orderly" with respect to the data in RAM if the signature is valid
if(result == TPM_RC_SUCCESS)
{
// Command uses the clock so need to clear the orderly state if it is
// set.
result = NvClearOrderly();
}
}
return result;
}
/* 7.2.2.3 IsSigningObject() */
/* Checks to see if the object is OK for signing. This is here rather than in Object_spt.c because
all the attestation commands use this file but not Object_spt.c. */
/* Return Values Meaning */
/* TRUE object may sign */
/* FALSE object may not sign */
BOOL
IsSigningObject(
OBJECT *object // IN:
)
{
return ((object == NULL) || ((object->publicArea.objectAttributes.sign == SET)
&& object->publicArea.type != TPM_ALG_SYMCIPHER));
}

92
src/tpm2/Attest_spt_fp.h Normal file
View File

@ -0,0 +1,92 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Attest_spt_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef ATTEST_SPT_FP_H
#define ATTEST_SPT_FP_H
void
FillInAttestInfo(
TPMI_DH_OBJECT signHandle, // IN: handle of signing object
TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing
TPM2B_DATA *data, // IN: qualifying data
TPMS_ATTEST *attest // OUT: attest structure
);
TPM_RC
SignAttestInfo(
OBJECT *signKey, // IN: sign object
TPMT_SIG_SCHEME *scheme, // IN: sign scheme
TPMS_ATTEST *certifyInfo, // IN: the data to be signed
TPM2B_DATA *qualifyingData, // IN: extra data for the signing
// process
TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be
// signed
TPMT_SIGNATURE *signature // OUT: signature
);
BOOL
IsSigningObject(
OBJECT *object // IN:
);
#endif

301
src/tpm2/AttestationCommands.c Normal file
View File

@ -0,0 +1,301 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: AttestationCommands.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#include "Tpm.h"
#include "Attest_spt_fp.h"
#include "Certify_fp.h"
#ifdef TPM_CC_Certify // Conditional expansion of this file
TPM_RC
TPM2_Certify(
Certify_In *in, // IN: input parameter list
Certify_Out *out // OUT: output parameter list
)
{
TPMS_ATTEST certifyInfo;
OBJECT *signObject = HandleToObject(in->signHandle);
OBJECT *certifiedObject = HandleToObject(in->objectHandle);
// Input validation
if(!IsSigningObject(signObject))
return TPM_RCS_KEY + RC_Certify_signHandle;
if(!CryptSelectSignScheme(signObject, &in->inScheme))
return TPM_RCS_SCHEME + RC_Certify_inScheme;
// Command Output
// Filling in attest information
// Common fields
FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData,
&certifyInfo);
// Certify specific fields
certifyInfo.type = TPM_ST_ATTEST_CERTIFY;
// NOTE: the certified object is not allowed to be TPM_ALG_NULL so
// 'certifiedObject' will never be NULL
certifyInfo.attested.certify.name = certifiedObject->name;
certifyInfo.attested.certify.qualifiedName = certifiedObject->qualifiedName;
// Sign attestation structure. A NULL signature will be returned if
// signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE,
// TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned
// by SignAttestInfo()
return SignAttestInfo(signObject, &in->inScheme, &certifyInfo,
&in->qualifyingData, &out->certifyInfo, &out->signature);
}
#endif // CC_Certify
#include "Tpm.h"
#include "Attest_spt_fp.h"
#include "CertifyCreation_fp.h"
#ifdef TPM_CC_CertifyCreation // Conditional expansion of this file
TPM_RC
TPM2_CertifyCreation(
CertifyCreation_In *in, // IN: input parameter list
CertifyCreation_Out *out // OUT: output parameter list
)
{
TPMT_TK_CREATION ticket;
TPMS_ATTEST certifyInfo;
OBJECT *certified = HandleToObject(in->objectHandle);
OBJECT *signObject = HandleToObject(in->signHandle);
// Input Validation
if(!IsSigningObject(signObject))
return TPM_RCS_KEY + RC_CertifyCreation_signHandle;
if(!CryptSelectSignScheme(signObject, &in->inScheme))
return TPM_RCS_SCHEME + RC_CertifyCreation_inScheme;
// CertifyCreation specific input validation
// Re-compute ticket
TicketComputeCreation(in->creationTicket.hierarchy, &certified->name,
&in->creationHash, &ticket);
// Compare ticket
if(!MemoryEqual2B(&ticket.digest.b, &in->creationTicket.digest.b))
return TPM_RCS_TICKET + RC_CertifyCreation_creationTicket;
// Command Output
// Common fields
FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData,
&certifyInfo);
// CertifyCreation specific fields
// Attestation type
certifyInfo.type = TPM_ST_ATTEST_CREATION;
certifyInfo.attested.creation.objectName = certified->name;
// Copy the creationHash
certifyInfo.attested.creation.creationHash = in->creationHash;
// Sign attestation structure. A NULL signature will be returned if
// signObject is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE,
// TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at
// this point
return SignAttestInfo(signObject, &in->inScheme, &certifyInfo,
&in->qualifyingData, &out->certifyInfo,
&out->signature);
}
#endif // CC_CertifyCreation
#include "Tpm.h"
#include "Attest_spt_fp.h"
#include "Quote_fp.h"
#ifdef TPM_CC_Quote // Conditional expansion of this file
TPM_RC
TPM2_Quote(
Quote_In *in, // IN: input parameter list
Quote_Out *out // OUT: output parameter list
)
{
TPMI_ALG_HASH hashAlg;
TPMS_ATTEST quoted;
OBJECT *signObject = HandleToObject(in->signHandle);
// Input Validation
if(!IsSigningObject(signObject))
return TPM_RCS_KEY + RC_Quote_signHandle;
if(!CryptSelectSignScheme(signObject, &in->inScheme))
return TPM_RCS_SCHEME + RC_Quote_inScheme;
// Command Output
// Filling in attest information
// Common fields
// FillInAttestInfo may return TPM_RC_SCHEME or TPM_RC_KEY
FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, &quoted);
// Quote specific fields
// Attestation type
quoted.type = TPM_ST_ATTEST_QUOTE;
// Get hash algorithm in sign scheme. This hash algorithm is used to
// compute PCR digest. If there is no algorithm, then the PCR cannot
// be digested and this command returns TPM_RC_SCHEME
hashAlg = in->inScheme.details.any.hashAlg;
if(hashAlg == TPM_ALG_NULL)
return TPM_RCS_SCHEME + RC_Quote_inScheme;
// Compute PCR digest
PCRComputeCurrentDigest(hashAlg, &in->PCRselect,
&quoted.attested.quote.pcrDigest);
// Copy PCR select. "PCRselect" is modified in PCRComputeCurrentDigest
// function
quoted.attested.quote.pcrSelect = in->PCRselect;
// Sign attestation structure. A NULL signature will be returned if
// signObject is NULL.
return SignAttestInfo(signObject, &in->inScheme, &quoted, &in->qualifyingData,
&out->quoted, &out->signature);
}
#endif // CC_Quote
#include "Tpm.h"
#include "Attest_spt_fp.h"
#include "GetSessionAuditDigest_fp.h"
#ifdef TPM_CC_GetSessionAuditDigest // Conditional expansion of this file
TPM_RC
TPM2_GetSessionAuditDigest(
GetSessionAuditDigest_In *in, // IN: input parameter list
GetSessionAuditDigest_Out *out // OUT: output parameter list
)
{
SESSION *session = SessionGet(in->sessionHandle);
TPMS_ATTEST auditInfo;
OBJECT *signObject = HandleToObject(in->signHandle);
// Input Validation
if(!IsSigningObject(signObject))
return TPM_RCS_KEY + RC_GetSessionAuditDigest_signHandle;
if(!CryptSelectSignScheme(signObject, &in->inScheme))
return TPM_RCS_SCHEME + RC_GetSessionAuditDigest_inScheme;
// session must be an audit session
if(session->attributes.isAudit == CLEAR)
return TPM_RCS_TYPE + RC_GetSessionAuditDigest_sessionHandle;
// Command Output
// Fill in attest information common fields
FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData,
&auditInfo);
// SessionAuditDigest specific fields
auditInfo.type = TPM_ST_ATTEST_SESSION_AUDIT;
auditInfo.attested.sessionAudit.sessionDigest = session->u2.auditDigest;
// Exclusive audit session
auditInfo.attested.sessionAudit.exclusiveSession
= (g_exclusiveAuditSession == in->sessionHandle);
// Sign attestation structure. A NULL signature will be returned if
// signObject is NULL.
return SignAttestInfo(signObject, &in->inScheme, &auditInfo,
&in->qualifyingData, &out->auditInfo,
&out->signature);
}
#endif // CC_GetSessionAuditDigest
#include "Tpm.h"
#include "Attest_spt_fp.h"
#include "GetCommandAuditDigest_fp.h"
#ifdef TPM_CC_GetCommandAuditDigest // Conditional expansion of this file
TPM_RC
TPM2_GetCommandAuditDigest(
GetCommandAuditDigest_In *in, // IN: input parameter list
GetCommandAuditDigest_Out *out // OUT: output parameter list
)
{
TPM_RC result;
TPMS_ATTEST auditInfo;
OBJECT *signObject = HandleToObject(in->signHandle);
// Input validation
if(!IsSigningObject(signObject))
return TPM_RCS_KEY + RC_GetCommandAuditDigest_signHandle;
if(!CryptSelectSignScheme(signObject, &in->inScheme))
return TPM_RCS_SCHEME + RC_GetCommandAuditDigest_inScheme;
// Command Output
// Fill in attest information common fields
FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData,
&auditInfo);
// CommandAuditDigest specific fields
auditInfo.type = TPM_ST_ATTEST_COMMAND_AUDIT;
auditInfo.attested.commandAudit.digestAlg = gp.auditHashAlg;
auditInfo.attested.commandAudit.auditCounter = gp.auditCounter;
// Copy command audit log
auditInfo.attested.commandAudit.auditDigest = gr.commandAuditDigest;
CommandAuditGetDigest(&auditInfo.attested.commandAudit.commandDigest);
// Sign attestation structure. A NULL signature will be returned if
// signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE,
// TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at
// this point
result = SignAttestInfo(signObject, &in->inScheme, &auditInfo,
&in->qualifyingData, &out->auditInfo,
&out->signature);
// Internal Data Update
if(result == TPM_RC_SUCCESS && in->signHandle != TPM_RH_NULL)
// Reset log
gr.commandAuditDigest.t.size = 0;
return result;
}
#endif // CC_GetCommandAuditDigest
#include "Tpm.h"
#include "Attest_spt_fp.h"
#include "GetTime_fp.h"
#ifdef TPM_CC_GetTime // Conditional expansion of this file
TPM_RC
TPM2_GetTime(
GetTime_In *in, // IN: input parameter list
GetTime_Out *out // OUT: output parameter list
)
{
TPMS_ATTEST timeInfo;
OBJECT *signObject = HandleToObject(in->signHandle);
// Input Validation
if(!IsSigningObject(signObject))
return TPM_RCS_KEY + RC_GetTime_signHandle;
if(!CryptSelectSignScheme(signObject, &in->inScheme))
return TPM_RCS_SCHEME + RC_GetTime_inScheme;
// Command Output
// Fill in attest common fields
FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, &timeInfo);
// GetClock specific fields
timeInfo.type = TPM_ST_ATTEST_TIME;
timeInfo.attested.time.time.time = g_time;
TimeFillInfo(&timeInfo.attested.time.time.clockInfo);
// Firmware version in plain text
timeInfo.attested.time.firmwareVersion
= (((UINT64)gp.firmwareV1) << 32) + gp.firmwareV2;
// Sign attestation structure. A NULL signature will be returned if
// signObject is NULL.
return SignAttestInfo(signObject, &in->inScheme, &timeInfo, &in->qualifyingData,
&out->timeInfo, &out->signature);
}
#endif // CC_GetTime

112
src/tpm2/AuditCommands.c Normal file
View File

@ -0,0 +1,112 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: AuditCommands.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#include "Tpm.h"
#include "SetCommandCodeAuditStatus_fp.h"
#ifdef TPM_CC_SetCommandCodeAuditStatus // Conditional expansion of this file
TPM_RC
TPM2_SetCommandCodeAuditStatus(
SetCommandCodeAuditStatus_In *in // IN: input parameter list
)
{
// The command needs NV update. Check if NV is available.
// A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at
// this point
RETURN_IF_NV_IS_NOT_AVAILABLE;
// Internal Data Update
// Update hash algorithm
if(in->auditAlg != TPM_ALG_NULL && in->auditAlg != gp.auditHashAlg)
{
// Can't change the algorithm and command list at the same time
if(in->setList.count != 0 || in->clearList.count != 0)
return TPM_RCS_VALUE + RC_SetCommandCodeAuditStatus_auditAlg;
// Change the hash algorithm for audit
gp.auditHashAlg = in->auditAlg;
// Set the digest size to a unique value that indicates that the digest
// algorithm has been changed. The size will be cleared to zero in the
// command audit processing on exit.
gr.commandAuditDigest.t.size = 1;
// Save the change of command audit data (this sets g_updateNV so that NV
// will be updated on exit.)
NV_SYNC_PERSISTENT(auditHashAlg);
}
else
{
UINT32 i;
BOOL changed = FALSE;
// Process set list
for(i = 0; i < in->setList.count; i++)
// If change is made in CommandAuditSet, set changed flag
if(CommandAuditSet(in->setList.commandCodes[i]))
changed = TRUE;
// Process clear list
for(i = 0; i < in->clearList.count; i++)
// If change is made in CommandAuditClear, set changed flag
if(CommandAuditClear(in->clearList.commandCodes[i]))
changed = TRUE;
// if change was made to command list, update NV
if(changed)
// this sets g_updateNV so that NV will be updated on exit.
NV_SYNC_PERSISTENT(auditCommands);
}
return TPM_RC_SUCCESS;
}
#endif // CC_SetCommandCodeAuditStatus

85
src/tpm2/BaseTypes.h Normal file
View File

@ -0,0 +1,85 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: BaseTypes.h 827 2016-11-18 20:45:01Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* 5.2 BaseTypes.h */
#ifndef BASETYPES_H
#define BASETYPES_H
#include <stdint.h>
/* NULL definition */
#ifndef NULL
#define NULL (0)
#endif
typedef uint8_t UINT8;
typedef uint8_t BYTE;
typedef int8_t INT8;
typedef int BOOL;
typedef uint16_t UINT16;
typedef int16_t INT16;
typedef uint32_t UINT32;
typedef int32_t INT32;
typedef uint64_t UINT64;
typedef int64_t INT64;
#endif

115
src/tpm2/Bits.c Normal file
View File

@ -0,0 +1,115 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Bits.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* 9.2 Bits.c */
/* 9.2.1 Introduction */
/* This file contains bit manipulation routines. They operate on bit arrays. */
/* The 0th bit in the array is the right-most bit in the 0th octet in the array. */
/* NOTE: If pAssert() is defined, the functions will assert if the indicated bit number is outside
of the range of bArray. How the assert is handled is implementation dependent. */
/* 9.2.2 Includes */
#include "Tpm.h"
/* 9.2.3 Functions */
/* 9.2.3.1 TestBit() */
/* This function is used to check the setting of a bit in an array of bits. */
/* Return Values Meaning */
/* TRUE bit is set */
/* FALSE bit is not set */
#ifndef INLINE_FUNCTIONS
BOOL
TestBit(
unsigned int bitNum, // IN: number of the bit in 'bArray'
BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
)
{
pAssert(bytesInArray > (bitNum >> 3));
return((bArray[bitNum >> 3] & (1 << (bitNum & 7))) != 0);
}
#endif // INLINE_FUNCTIONS
/* 9.2.3.2 SetBit() */
/* This function will set the indicated bit in bArray. */
#ifndef INLINE_FUNCTIONS
void
SetBit(
unsigned int bitNum, // IN: number of the bit in 'bArray'
BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
)
{
pAssert(bytesInArray > (bitNum >> 3));
bArray[bitNum >> 3] |= (1 << (bitNum & 7));
}
#endif // INLINE_FUNCTIONS
/* 9.2.3.3 ClearBit() */
/* This function will clear the indicated bit in bArray. */
#ifndef INLINE_FUNCTIONS
void
ClearBit(
unsigned int bitNum, // IN: number of the bit in 'bArray'.
BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
)
{
pAssert(bytesInArray > (bitNum >> 3));
bArray[bitNum >> 3] &= ~(1 << (bitNum & 7));
}
#endif // INLINE_FUNCTIONS

133
src/tpm2/Bits_fp.h Normal file
View File

@ -0,0 +1,133 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Bits_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef BITS_FP_H
#define BITS_FP_H
/* 5.3.1 TestBit() */
/* This function is used to check the setting of a bit in an array of bits. */
/* Return Value Meaning */
/* TRUE bit is set */
/* FALSE bit is not set */
#ifndef INLINE_FUNCTIONS
BOOL
TestBit(
unsigned int bitNum, // IN: number of the bit in 'bArray'
BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
);
#else
INLINE BOOL
TestBit(
unsigned int bitNum, // IN: number of the bit in 'bArray'
BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
)
{
pAssert(bytesInArray > (bitNum >> 3));
return((bArray[bitNum >> 3] & (1 << (bitNum & 7))) != 0);
}
#endif // INLINE_FUNCTIONS
/* 5.3.2 SetBit() */
/* This function will set the indicated bit in bArray. */
#ifndef INLINE_FUNCTIONS
void
SetBit(
unsigned int bitNum, // IN: number of the bit in 'bArray'
BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
);
#else
INLINE void
SetBit(
unsigned int bitNum, // IN: number of the bit in 'bArray'
BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
)
{
pAssert(bytesInArray > (bitNum >> 3));
bArray[bitNum >> 3] |= (1 << (bitNum & 7));
}
#endif // INLINE_FUNCTIONS
/* 5.3.3 ClearBit() */
/* This function will clear the indicated bit in bArray. */
#ifndef INLINE_FUNCTIONS
void
ClearBit(
unsigned int bitNum, // IN: number of the bit in 'bArray'.
BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
);
#else
INLINE void
ClearBit(
unsigned int bitNum, // IN: number of the bit in 'bArray'.
BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
)
{
pAssert(bytesInArray > (bitNum >> 3));
bArray[bitNum >> 3] &= ~(1 << (bitNum & 7));
}
#endif // INLINE_FUNCTIONS
#endif

282
src/tpm2/BnConvert.c Normal file
View File

@ -0,0 +1,282 @@
/********************************************************************************/
/* */
/* conversion functions that will convert TPM2B to/from internal format */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: BnConvert.c 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
/* 10.2.2 BnConvert.c */
/* 10.2.2.1 Introduction */
/* This file contains the basic conversion functions that will convert TPM2B to/from the internal
format. The internal format is a bigNum, */
/* 10.2.2.2 Includes */
#include "Tpm.h"
/* 10.2.2.3 Functions */
/* 10.2.2.3.1 BnFromBytes() */
/* This function will convert a big-endian byte array to the internal number format. If bn is NULL,
then the output is NULL. If bytes is null or the required size is 0, then the output is set to
zero */
LIB_EXPORT bigNum
BnFromBytes(
bigNum bn,
const BYTE *bytes,
NUMBYTES nBytes
)
{
const BYTE *pFrom; // 'p' points to the least significant bytes of source
BYTE *pTo; // points to least significant bytes of destination
crypt_uword_t size;
//
size = (bytes != NULL) ? BYTES_TO_CRYPT_WORDS(nBytes) : 0;
// make sure things fit
pAssert(BnGetAllocated(bn) >= size);
// If nothing in, nothing out
if(bn == NULL)
return NULL;
if(size > 0)
{
// Clear the topmost word in case it is not filled with data
bn->d[size - 1] = 0;
// Moving the input bytes from the end of the list (LSB) end
pFrom = bytes + nBytes - 1;
// To the LS0 of the LSW of the bigNum.
pTo = (BYTE *)bn->d;
for(; nBytes != 0; nBytes--)
*pTo++ = *pFrom--;
// For a little-endian machine, the conversion is a straight byte
// reversal. For a big-endian machine, we have to put the words in
// big-endian byte order
#if BIG_ENDIAN_TPM
{
crypt_word_t t;
for(t = (crypt_word_t)size - 1; t >= 0; t--)
bn->d[t] = SWAP_CRYPT_WORD(bn->d[t]);
}
#endif
}
BnSetTop(bn, size);
return bn;
}
/* 10.2.2.3.2 BnFrom2B() */
/* Convert an TPM2B to a BIG_NUM. If the input value does not exist, or the output does not exist,
or the input will not fit into the output the function returns NULL */
LIB_EXPORT bigNum
BnFrom2B(
bigNum bn, // OUT:
const TPM2B *a2B // IN: number to convert
)
{
if(a2B != NULL)
return BnFromBytes(bn, a2B->buffer, a2B->size);
// Make sure that the number has an initialized value rather than whatever
// was there before
BnSetTop(bn, 0);
return NULL;
}
/* 10.2.2.3.3 BnFromHex() */
/* Convert a hex string into a bigNum. This is primarily used in debugging. */
LIB_EXPORT bigNum
BnFromHex(
bigNum bn, // OUT:
const char *hex // IN:
)
{
#define FromHex(a) ((a) - (((a) > 'a') ? ('a' + 10) \
: ((a) > 'A') ? ('A' - 10) : '0'))
unsigned i;
unsigned wordCount;
const char *p;
BYTE *d = (BYTE *)&(bn->d[0]);
i = strlen(hex);
wordCount = BYTES_TO_CRYPT_WORDS((i + 1) / 2);
if((i == 0) || (wordCount >= BnGetAllocated(bn)))
BnSetWord(bn, 0);
else
{
bn->d[wordCount - 1] = 0;
p = hex + i - 1;
for(;i > 1; i -= 2)
{
BYTE a;
a = FromHex(*p);
p--;
*d++ = a + (FromHex(*p) << 4);
p--;
}
if(i == 1)
*d = FromHex(*p);
}
#if BIG_ENDIAN_TPM == NO
for(i = 0; i < wordCount; i++)
bn->d[i] = SWAP_CRYPT_WORD(bn->d[i]);
#endif // BIG_ENDIAN_TPM
BnSetTop(bn, wordCount);
return bn;
}
/* 10.2.2.3.4 BnToBytes() */
/* This function converts a BIG_NUM to a byte array. If size is not large enough to hold the bigNum
value, then the function return FALSE. Otherwise, it converts the bigNum to a big-endian byte
string and sets size to the normalized value. If size is an input 0, then the receiving buffer is
guaranteed to be large enough for the result and the size will be set to the size required for
bigNum (leading zeros suppressed). */
LIB_EXPORT BOOL
BnToBytes(
bigConst bn,
BYTE *buffer,
NUMBYTES *size // This the number of bytes that are
// available in the buffer. The result
// should be this big.
)
{
crypt_uword_t requiredSize;
BYTE *pFrom;
BYTE *pTo;
crypt_uword_t count;
//
// validate inputs
pAssert(bn != NULL && buffer != NULL && size != NULL);
requiredSize = (BnSizeInBits(bn) + 7) / 8;
if(requiredSize == 0)
{
// If the input value is 0, return a byte of zero
*size = 1;
*buffer = 0;
}
else
{
if(*size == 0)
*size = (NUMBYTES)requiredSize;
pAssert(requiredSize <= *size);
#if BIG_ENDIAN_TPM
// byte swap the words to make them little-endian
for(count = 0; count < bn->size; count++)
bn->d[count] = SWAP_CRYPT_WORD(bn->d[count]);
#endif
// Byte swap the number (not words but the whole value)
count = *size;
pFrom = (BYTE *)(&bn->d[0]) + requiredSize - 1;
pTo = buffer;
for(count = *size; count > requiredSize; count--)
*pTo++ = 0;
for(; requiredSize > 0; requiredSize--)
*pTo++ = *pFrom--;
#if BIG_ENDIAN_TPM
// Put the input back into big-endian format
for(count = 0; count < bn->size; count++)
bn->d[count] = SWAP_CRYPT_WORD(bn->d[count]);
#endif
}
return TRUE;
}
/* 10.2.2.3.5 BnTo2B() */
/* Function to convert a BIG_NUM to TPM2B. The TPM2B size is set to the requested size which may
require padding. If size is non-zero and less than required by the value in bn then an error is
returned. If size is zero, then the TPM2B is assumed to be large enough for the data and
a2b->size will be adjusted accordingly. */
LIB_EXPORT BOOL
BnTo2B(
bigConst bn, // IN:
TPM2B *a2B, // OUT:
NUMBYTES size // IN: the desired size
)
{
// Set the output size
a2B->size = size;
return BnToBytes(bn, a2B->buffer, &a2B->size);
}
#ifdef TPM_ALG_ECC
/* 10.2.2.3.6 BnPointFrom2B() */
/* Function to create a BIG_POINT structure from a 2B point. A point is going to be two ECC values
in the same buffer. The values are going to be the size of the modulus. They are in modular
form. */
LIB_EXPORT bn_point_t *
BnPointFrom2B(
bigPoint ecP, // OUT: the preallocated point structure
TPMS_ECC_POINT *p // IN: the number to convert
)
{
if(p == NULL)
return NULL;
if(NULL != ecP)
{
BnFrom2B(ecP->x, &p->x.b);
BnFrom2B(ecP->y, &p->y.b);
BnSetWord(ecP->z, 1);
}
return ecP;
}
/* 10.2.2.3.7 BnPointTo2B() */
/* This function converts a BIG_POINT into a TPMS_ECC_POINT. A TPMS_ECC_POINT contains two
TPM2B_ECC_PARAMETER values. The maximum size of the parameters is dependent on the maximum EC key
size used in an implementation. The presumption is that the TPMS_ECC_POINT is large enough to
hold 2 TPM2B values, each as large as a MAX_ECC_PARAMETER_BYTES */
LIB_EXPORT BOOL
BnPointTo2B(
TPMS_ECC_POINT *p, // OUT: the converted 2B structure
bigPoint ecP, // IN: the values to be converted
bigCurve E // IN: curve descriptor for the point
)
{
UINT16 size = (UINT16)BITS_TO_BYTES(
BnMsb(CurveGetOrder(AccessCurveData(E))));
pAssert(p && ecP && E);
pAssert(BnEqualWord(ecP->z, 1));
BnTo2B(ecP->x, &p->x.b, size);
BnTo2B(ecP->y, &p->y.b, size);
return TRUE;
}
#endif // TPM_ALG_ECC

670
src/tpm2/BnEccData.c Normal file
View File

@ -0,0 +1,670 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: BnEccData.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* 10.2.3 BnEccData.c */
#include "Tpm.h"
/* both the new, refactored code and the old code (this is necessary so that errata can be
handled). Another script (BnEccData().pl) does the conversion and generates BnEccData.c for use
in the refactored code. */
#if defined TPM_ALG_ECC && !defined USE_2B_ECC_DATA
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(1)];
} BN_ZERO = {BYTES_TO_CRYPT_WORDS(4), BYTES_TO_CRYPT_WORDS(0), {0}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(1)];
} BN_ONE = {BYTES_TO_CRYPT_WORDS(1), BYTES_TO_CRYPT_WORDS(1), {1}};
/* Defines for the sizes of ECC parameters */
#if defined ECC_NIST_P192 && ECC_NIST_P192 == YES
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(24)];
} NIST_P192_p = {BYTES_TO_CRYPT_WORDS(24), BYTES_TO_CRYPT_WORDS(24),
{TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(24)];
} NIST_P192_a = {BYTES_TO_CRYPT_WORDS(24), BYTES_TO_CRYPT_WORDS(24),
{TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(24)];
} NIST_P192_b = {BYTES_TO_CRYPT_WORDS(24), BYTES_TO_CRYPT_WORDS(24),
{TO_CRYPT_WORD_64(0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1),
TO_CRYPT_WORD_64(0x0F, 0xA7, 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49),
TO_CRYPT_WORD_64(0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(24)];
} NIST_P192_gX = {BYTES_TO_CRYPT_WORDS(24), BYTES_TO_CRYPT_WORDS(24),
{TO_CRYPT_WORD_64(0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12),
TO_CRYPT_WORD_64(0x7C, 0xBF, 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00),
TO_CRYPT_WORD_64(0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(24)];
} NIST_P192_gY = {BYTES_TO_CRYPT_WORDS(24), BYTES_TO_CRYPT_WORDS(24),
{TO_CRYPT_WORD_64(0x73, 0xF9, 0x77, 0xA1, 0x1E, 0x79, 0x48, 0x11),
TO_CRYPT_WORD_64(0x63, 0x10, 0x11, 0xED, 0x6B, 0x24, 0xCD, 0xD5),
TO_CRYPT_WORD_64(0x07, 0x19, 0x2B, 0x95, 0xFF, 0xC8, 0xDA, 0x78)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(24)];
} NIST_P192_n = {BYTES_TO_CRYPT_WORDS(24), BYTES_TO_CRYPT_WORDS(24),
{TO_CRYPT_WORD_64(0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF)}};
#define NIST_P192_h BN_ONE
const ECC_CURVE_DATA NIST_P192 = {
(bigNum)&NIST_P192_p, (bigNum)&NIST_P192_n, (bigNum)&NIST_P192_h,
(bigNum)&NIST_P192_a, (bigNum)&NIST_P192_b,
{(bigNum)&NIST_P192_gX, (bigNum)&NIST_P192_gY, (bigNum)&BN_ONE}};
#endif // ECC_NIST_P192
#if defined ECC_NIST_P224 && ECC_NIST_P224 == YES
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(28)];
} NIST_P224_p = {BYTES_TO_CRYPT_WORDS(28), BYTES_TO_CRYPT_WORDS(28),
{TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_32(0xFF, 0xFF, 0xFF, 0xFF)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(28)];
} NIST_P224_a = {BYTES_TO_CRYPT_WORDS(28), BYTES_TO_CRYPT_WORDS(28),
{TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_32(0xFF, 0xFF, 0xFF, 0xFF)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(28)];
} NIST_P224_b = {BYTES_TO_CRYPT_WORDS(28), BYTES_TO_CRYPT_WORDS(28),
{TO_CRYPT_WORD_64(0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4),
TO_CRYPT_WORD_64(0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA),
TO_CRYPT_WORD_64(0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56),
TO_CRYPT_WORD_32(0xB4, 0x05, 0x0A, 0x85)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(28)];
} NIST_P224_gX = {BYTES_TO_CRYPT_WORDS(28), BYTES_TO_CRYPT_WORDS(28),
{TO_CRYPT_WORD_64(0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21),
TO_CRYPT_WORD_64(0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22),
TO_CRYPT_WORD_64(0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9),
TO_CRYPT_WORD_32(0xB7, 0x0E, 0x0C, 0xBD)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(28)];
} NIST_P224_gY = {BYTES_TO_CRYPT_WORDS(28), BYTES_TO_CRYPT_WORDS(28),
{TO_CRYPT_WORD_64(0x44, 0xD5, 0x81, 0x99, 0x85, 0x00, 0x7E, 0x34),
TO_CRYPT_WORD_64(0xCD, 0x43, 0x75, 0xA0, 0x5A, 0x07, 0x47, 0x64),
TO_CRYPT_WORD_64(0xB5, 0xF7, 0x23, 0xFB, 0x4C, 0x22, 0xDF, 0xE6),
TO_CRYPT_WORD_32(0xBD, 0x37, 0x63, 0x88)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(28)];
} NIST_P224_n = {BYTES_TO_CRYPT_WORDS(28), BYTES_TO_CRYPT_WORDS(28),
{TO_CRYPT_WORD_64(0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_32(0xFF, 0xFF, 0xFF, 0xFF)}};
#define NIST_P224_h BN_ONE
const ECC_CURVE_DATA NIST_P224 = {
(bigNum)&NIST_P224_p, (bigNum)&NIST_P224_n, (bigNum)&NIST_P224_h,
(bigNum)&NIST_P224_a, (bigNum)&NIST_P224_b,
{(bigNum)&NIST_P224_gX, (bigNum)&NIST_P224_gY, (bigNum)&BN_ONE}};
#endif // ECC_NIST_P224
#if defined ECC_NIST_P256 && ECC_NIST_P256 == YES
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} NIST_P256_p = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} NIST_P256_a = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC),
TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} NIST_P256_b = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B),
TO_CRYPT_WORD_64(0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6),
TO_CRYPT_WORD_64(0xB3, 0xEB, 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC),
TO_CRYPT_WORD_64(0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} NIST_P256_gX = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96),
TO_CRYPT_WORD_64(0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0),
TO_CRYPT_WORD_64(0xF8, 0xBC, 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2),
TO_CRYPT_WORD_64(0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} NIST_P256_gY = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0xCB, 0xB6, 0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5),
TO_CRYPT_WORD_64(0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE),
TO_CRYPT_WORD_64(0x8E, 0xE7, 0xEB, 0x4A, 0x7C, 0x0F, 0x9E, 0x16),
TO_CRYPT_WORD_64(0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} NIST_P256_n = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51),
TO_CRYPT_WORD_64(0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00)}};
#define NIST_P256_h BN_ONE
const ECC_CURVE_DATA NIST_P256 = {
(bigNum)&NIST_P256_p, (bigNum)&NIST_P256_n, (bigNum)&NIST_P256_h,
(bigNum)&NIST_P256_a, (bigNum)&NIST_P256_b,
{(bigNum)&NIST_P256_gX, (bigNum)&NIST_P256_gY, (bigNum)&BN_ONE}};
#endif // ECC_NIST_P256
#if defined ECC_NIST_P384 && ECC_NIST_P384 == YES
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(48)];
} NIST_P384_p = {BYTES_TO_CRYPT_WORDS(48), BYTES_TO_CRYPT_WORDS(48),
{TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(48)];
} NIST_P384_a = {BYTES_TO_CRYPT_WORDS(48), BYTES_TO_CRYPT_WORDS(48),
{TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(48)];
} NIST_P384_b = {BYTES_TO_CRYPT_WORDS(48), BYTES_TO_CRYPT_WORDS(48),
{TO_CRYPT_WORD_64(0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF),
TO_CRYPT_WORD_64(0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D),
TO_CRYPT_WORD_64(0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A),
TO_CRYPT_WORD_64(0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12),
TO_CRYPT_WORD_64(0x98, 0x8E, 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19),
TO_CRYPT_WORD_64(0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(48)];
} NIST_P384_gX = {BYTES_TO_CRYPT_WORDS(48), BYTES_TO_CRYPT_WORDS(48),
{TO_CRYPT_WORD_64(0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7),
TO_CRYPT_WORD_64(0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C),
TO_CRYPT_WORD_64(0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38),
TO_CRYPT_WORD_64(0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98),
TO_CRYPT_WORD_64(0x8E, 0xB1, 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74),
TO_CRYPT_WORD_64(0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(48)];
} NIST_P384_gY = {BYTES_TO_CRYPT_WORDS(48), BYTES_TO_CRYPT_WORDS(48),
{TO_CRYPT_WORD_64(0x7A, 0x43, 0x1D, 0x7C, 0x90, 0xEA, 0x0E, 0x5F),
TO_CRYPT_WORD_64(0x0A, 0x60, 0xB1, 0xCE, 0x1D, 0x7E, 0x81, 0x9D),
TO_CRYPT_WORD_64(0xE9, 0xDA, 0x31, 0x13, 0xB5, 0xF0, 0xB8, 0xC0),
TO_CRYPT_WORD_64(0xF8, 0xF4, 0x1D, 0xBD, 0x28, 0x9A, 0x14, 0x7C),
TO_CRYPT_WORD_64(0x5D, 0x9E, 0x98, 0xBF, 0x92, 0x92, 0xDC, 0x29),
TO_CRYPT_WORD_64(0x36, 0x17, 0xDE, 0x4A, 0x96, 0x26, 0x2C, 0x6F)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(48)];
} NIST_P384_n = {BYTES_TO_CRYPT_WORDS(48), BYTES_TO_CRYPT_WORDS(48),
{TO_CRYPT_WORD_64(0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73),
TO_CRYPT_WORD_64(0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A),
TO_CRYPT_WORD_64(0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF)}};
#define NIST_P384_h BN_ONE
const ECC_CURVE_DATA NIST_P384 = {
(bigNum)&NIST_P384_p, (bigNum)&NIST_P384_n, (bigNum)&NIST_P384_h,
(bigNum)&NIST_P384_a, (bigNum)&NIST_P384_b,
{(bigNum)&NIST_P384_gX, (bigNum)&NIST_P384_gY, (bigNum)&BN_ONE}};
#endif // ECC_NIST_P384
#if defined ECC_NIST_P521 && ECC_NIST_P521 == YES
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(66)];
} NIST_P521_p = {BYTES_TO_CRYPT_WORDS(66), BYTES_TO_CRYPT_WORDS(66),
{TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_32(0x00, 0x00, 0x01, 0xFF)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(66)];
} NIST_P521_a = {BYTES_TO_CRYPT_WORDS(66), BYTES_TO_CRYPT_WORDS(66),
{TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_32(0x00, 0x00, 0x01, 0xFF)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(66)];
} NIST_P521_b = {BYTES_TO_CRYPT_WORDS(66), BYTES_TO_CRYPT_WORDS(66),
{TO_CRYPT_WORD_64(0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00),
TO_CRYPT_WORD_64(0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1),
TO_CRYPT_WORD_64(0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, 0xBF, 0x07),
TO_CRYPT_WORD_64(0x56, 0x19, 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B),
TO_CRYPT_WORD_64(0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1),
TO_CRYPT_WORD_64(0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, 0x15, 0xF3),
TO_CRYPT_WORD_64(0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE),
TO_CRYPT_WORD_64(0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F),
TO_CRYPT_WORD_32(0x00, 0x00, 0x00, 0x51)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(66)];
} NIST_P521_gX = {BYTES_TO_CRYPT_WORDS(66), BYTES_TO_CRYPT_WORDS(66),
{TO_CRYPT_WORD_64(0xF9, 0x7E, 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66),
TO_CRYPT_WORD_64(0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B),
TO_CRYPT_WORD_64(0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, 0xA8, 0xDE),
TO_CRYPT_WORD_64(0xA1, 0x4B, 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28),
TO_CRYPT_WORD_64(0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA),
TO_CRYPT_WORD_64(0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, 0xB5, 0x21),
TO_CRYPT_WORD_64(0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42),
TO_CRYPT_WORD_64(0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD),
TO_CRYPT_WORD_32(0x00, 0x00, 0x00, 0xC6)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(66)];
} NIST_P521_gY = {BYTES_TO_CRYPT_WORDS(66), BYTES_TO_CRYPT_WORDS(66),
{TO_CRYPT_WORD_64(0x88, 0xBE, 0x94, 0x76, 0x9F, 0xD1, 0x66, 0x50),
TO_CRYPT_WORD_64(0x35, 0x3C, 0x70, 0x86, 0xA2, 0x72, 0xC2, 0x40),
TO_CRYPT_WORD_64(0xC5, 0x50, 0xB9, 0x01, 0x3F, 0xAD, 0x07, 0x61),
TO_CRYPT_WORD_64(0x97, 0xEE, 0x72, 0x99, 0x5E, 0xF4, 0x26, 0x40),
TO_CRYPT_WORD_64(0x17, 0xAF, 0xBD, 0x17, 0x27, 0x3E, 0x66, 0x2C),
TO_CRYPT_WORD_64(0x98, 0xF5, 0x44, 0x49, 0x57, 0x9B, 0x44, 0x68),
TO_CRYPT_WORD_64(0x5C, 0x8A, 0x5F, 0xB4, 0x2C, 0x7D, 0x1B, 0xD9),
TO_CRYPT_WORD_64(0x39, 0x29, 0x6A, 0x78, 0x9A, 0x3B, 0xC0, 0x04),
TO_CRYPT_WORD_32(0x00, 0x00, 0x01, 0x18)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(66)];
} NIST_P521_n = {BYTES_TO_CRYPT_WORDS(66), BYTES_TO_CRYPT_WORDS(66),
{TO_CRYPT_WORD_64(0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09),
TO_CRYPT_WORD_64(0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE),
TO_CRYPT_WORD_64(0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 0xA5, 0xD0),
TO_CRYPT_WORD_64(0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_32(0x00, 0x00, 0x01, 0xFF)}};
#define NIST_P521_h BN_ONE
const ECC_CURVE_DATA NIST_P521 = {
(bigNum)&NIST_P521_p, (bigNum)&NIST_P521_n, (bigNum)&NIST_P521_h,
(bigNum)&NIST_P521_a, (bigNum)&NIST_P521_b,
{(bigNum)&NIST_P521_gX, (bigNum)&NIST_P521_gY, (bigNum)&BN_ONE}};
#endif // ECC_NIST_P521
#if defined ECC_BN_P256 && ECC_BN_P256 == YES
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} BN_P256_p = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x13),
TO_CRYPT_WORD_64(0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98, 0x0A, 0x82),
TO_CRYPT_WORD_64(0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9F),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD)}};
#define BN_P256_a BN_ZERO
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(1)];
} BN_P256_b = {BYTES_TO_CRYPT_WORDS(1), BYTES_TO_CRYPT_WORDS(1),
{TO_CRYPT_WORD_32(0x00, 0x00, 0x00, 0x03)}};
#define BN_P256_gX BN_ONE
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(1)];
} BN_P256_gY = {BYTES_TO_CRYPT_WORDS(1), BYTES_TO_CRYPT_WORDS(1),
{TO_CRYPT_WORD_32(0x00, 0x00, 0x00, 0x02)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} BN_P256_n = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0xF6, 0x2D, 0x53, 0x6C, 0xD1, 0x0B, 0x50, 0x0D),
TO_CRYPT_WORD_64(0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x99, 0x92, 0x1A),
TO_CRYPT_WORD_64(0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9E),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD)}};
#define BN_P256_h BN_ONE
const ECC_CURVE_DATA BN_P256 = {
(bigNum)&BN_P256_p, (bigNum)&BN_P256_n, (bigNum)&BN_P256_h,
(bigNum)&BN_P256_a, (bigNum)&BN_P256_b,
{(bigNum)&BN_P256_gX, (bigNum)&BN_P256_gY, (bigNum)&BN_ONE}};
#endif // ECC_BN_P256
#if defined ECC_BN_P638 && ECC_BN_P638 == YES
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(80)];
} BN_P638_p = {BYTES_TO_CRYPT_WORDS(80), BYTES_TO_CRYPT_WORDS(80),
{TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x67),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEC, 0xE0),
TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x4C, 0x80, 0x01, 0x5A, 0xCD),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xF5, 0x1F, 0xFF, 0xF4, 0xEB, 0x80),
TO_CRYPT_WORD_64(0xC0, 0x00, 0x86, 0x52, 0x00, 0x21, 0xE5, 0x5B),
TO_CRYPT_WORD_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55),
TO_CRYPT_WORD_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E),
TO_CRYPT_WORD_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3),
TO_CRYPT_WORD_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D)}};
#define BN_P638_a BN_ZERO
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(2)];
} BN_P638_b = {BYTES_TO_CRYPT_WORDS(2), BYTES_TO_CRYPT_WORDS(2),
{TO_CRYPT_WORD_32(0x00, 0x00, 0x01, 0x01)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(80)];
} BN_P638_gX = {BYTES_TO_CRYPT_WORDS(80), BYTES_TO_CRYPT_WORDS(80),
{TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x66),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEC, 0xE0),
TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x4C, 0x80, 0x01, 0x5A, 0xCD),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xF5, 0x1F, 0xFF, 0xF4, 0xEB, 0x80),
TO_CRYPT_WORD_64(0xC0, 0x00, 0x86, 0x52, 0x00, 0x21, 0xE5, 0x5B),
TO_CRYPT_WORD_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55),
TO_CRYPT_WORD_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E),
TO_CRYPT_WORD_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3),
TO_CRYPT_WORD_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(1)];
} BN_P638_gY = {BYTES_TO_CRYPT_WORDS(1), BYTES_TO_CRYPT_WORDS(1),
{TO_CRYPT_WORD_32(0x00, 0x00, 0x00, 0x10)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(80)];
} BN_P638_n = {BYTES_TO_CRYPT_WORDS(80), BYTES_TO_CRYPT_WORDS(80),
{TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x61),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xED, 0xA0),
TO_CRYPT_WORD_64(0x00, 0x00, 0x00, 0x49, 0x80, 0x01, 0x54, 0xD9),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xF5, 0x4F, 0xFF, 0xF4, 0xEA, 0xC0),
TO_CRYPT_WORD_64(0x60, 0x00, 0x86, 0x55, 0x00, 0x21, 0xE5, 0x55),
TO_CRYPT_WORD_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55),
TO_CRYPT_WORD_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E),
TO_CRYPT_WORD_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3),
TO_CRYPT_WORD_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D)}};
#define BN_P638_h BN_ONE
const ECC_CURVE_DATA BN_P638 = {
(bigNum)&BN_P638_p, (bigNum)&BN_P638_n, (bigNum)&BN_P638_h,
(bigNum)&BN_P638_a, (bigNum)&BN_P638_b,
{(bigNum)&BN_P638_gX, (bigNum)&BN_P638_gY, (bigNum)&BN_ONE}};
#endif // ECC_BN_P638
#if defined ECC_SM2_P256 && ECC_SM2_P256 == YES
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} SM2_P256_p = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} SM2_P256_a = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} SM2_P256_b = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93),
TO_CRYPT_WORD_64(0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92),
TO_CRYPT_WORD_64(0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7),
TO_CRYPT_WORD_64(0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} SM2_P256_gX = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7),
TO_CRYPT_WORD_64(0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1),
TO_CRYPT_WORD_64(0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94),
TO_CRYPT_WORD_64(0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} SM2_P256_gY = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0),
TO_CRYPT_WORD_64(0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40),
TO_CRYPT_WORD_64(0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53),
TO_CRYPT_WORD_64(0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C)}};
const struct {
crypt_uword_t allocated;
crypt_uword_t size;
crypt_uword_t d[BYTES_TO_CRYPT_WORDS(32)];
} SM2_P256_n = {BYTES_TO_CRYPT_WORDS(32), BYTES_TO_CRYPT_WORDS(32),
{TO_CRYPT_WORD_64(0x53, 0xBB, 0xF4, 0x09, 0x39, 0xD5, 0x41, 0x23),
TO_CRYPT_WORD_64(0x72, 0x03, 0xDF, 0x6B, 0x21, 0xC6, 0x05, 0x2B),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF),
TO_CRYPT_WORD_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF)}};
#define SM2_P256_h BN_ONE
const ECC_CURVE_DATA SM2_P256 = {
(bigNum)&SM2_P256_p, (bigNum)&SM2_P256_n, (bigNum)&SM2_P256_h,
(bigNum)&SM2_P256_a, (bigNum)&SM2_P256_b,
{(bigNum)&SM2_P256_gX, (bigNum)&SM2_P256_gY, (bigNum)&BN_ONE}};
#endif // ECC_SM2_P256
#define comma
const ECC_CURVE eccCurves[] = {
#if defined ECC_NIST_P192 && ECC_NIST_P192 == YES
comma
{TPM_ECC_NIST_P192,
192,
{ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}},
{ALG_NULL_VALUE, {{ALG_NULL_VALUE}}},
&NIST_P192 CURVE_NAME("NIST_P192")}
# undef comma
# define comma ,
#endif // ECC_NIST_P192
#if defined ECC_NIST_P224 && ECC_NIST_P224 == YES
comma
{TPM_ECC_NIST_P224,
224,
{ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}},
{ALG_NULL_VALUE, {{ALG_NULL_VALUE}}},
&NIST_P224 CURVE_NAME("NIST_P224")}
# undef comma
# define comma ,
#endif // ECC_NIST_P224
#if defined ECC_NIST_P256 && ECC_NIST_P256 == YES
comma
{TPM_ECC_NIST_P256,
256,
{ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}},
{ALG_NULL_VALUE, {{ALG_NULL_VALUE}}},
&NIST_P256 CURVE_NAME("NIST_P256")}
# undef comma
# define comma ,
#endif // ECC_NIST_P256
#if defined ECC_NIST_P384 && ECC_NIST_P384 == YES
comma
{TPM_ECC_NIST_P384,
384,
{ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA384_VALUE}}},
{ALG_NULL_VALUE, {{ALG_NULL_VALUE}}},
&NIST_P384 CURVE_NAME("NIST_P384")}
# undef comma
# define comma ,
#endif // ECC_NIST_P384
#if defined ECC_NIST_P521 && ECC_NIST_P521 == YES
comma
{TPM_ECC_NIST_P521,
521,
{ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA512_VALUE}}},
{ALG_NULL_VALUE, {{ALG_NULL_VALUE}}},
&NIST_P521 CURVE_NAME("NIST_P521")}
# undef comma
# define comma ,
#endif // ECC_NIST_P521
#if defined ECC_BN_P256 && ECC_BN_P256 == YES
comma
{TPM_ECC_BN_P256,
256,
{ALG_NULL_VALUE, {{ALG_NULL_VALUE}}},
{ALG_NULL_VALUE, {{ALG_NULL_VALUE}}},
&BN_P256 CURVE_NAME("BN_P256")}
# undef comma
# define comma ,
#endif // ECC_BN_P256
#if defined ECC_BN_P638 && ECC_BN_P638 == YES
comma
{TPM_ECC_BN_P638,
638,
{ALG_NULL_VALUE, {{ALG_NULL_VALUE}}},
{ALG_NULL_VALUE, {{ALG_NULL_VALUE}}},
&BN_P638 CURVE_NAME("BN_P638")}
# undef comma
# define comma ,
#endif // ECC_BN_P638
#if defined ECC_SM2_P256 && ECC_SM2_P256 == YES
comma
{TPM_ECC_SM2_P256,
256,
{ALG_KDF1_SP800_56A_VALUE, {{ALG_SM3_256_VALUE}}},
{ALG_NULL_VALUE, {{ALG_NULL_VALUE}}},
&SM2_P256 CURVE_NAME("SM2_P256")}
# undef comma
# define comma ,
#endif // ECC_SM2_P256
};
#endif // TPM_ALG_ECC

530
src/tpm2/BnMath.c Normal file
View File

@ -0,0 +1,530 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: BnMath.c 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
/* 10.2.4 BnMath.c */
/* 10.2.4.2 Includes */
#include "Tpm.h"
/* A constant value of zero as a stand in for NULL bigNum values */
const bignum_t BnConstZero = {1, 0, {0}};
/* 10.2.4.3 Functions */
/* 10.2.4.3.1 AddSame() */
/* Adds two values that are the same size. This function allows result to be the same as either of
the addends. This is a nice function to put into assembly because handling the carry for
multi-precision stuff is not as easy in C (unless there is a REALLY smart compiler). It would be
nice if there were idioms in a language that a compiler could recognize what is going on and
optimize loops like this. */
/* Return Values Meaning */
/* 0 no carry out */
/* 1 carry out */
static BOOL
AddSame(
crypt_uword_t *result,
const crypt_uword_t *op1,
const crypt_uword_t *op2,
int count
)
{
int carry = 0;
int i;
for(i = 0; i < count; i++)
{
crypt_uword_t a = op1[i];
crypt_uword_t sum = a + op2[i];
result[i] = sum + carry;
// generate a carry if the sum is less than either of the inputs
// propagate a carry if there was a carry and the sum + carry is zero
// do this using bit operations rather than logical operations so that
// the time is about the same.
// propagate term | generate term
carry = ((result[i] == 0) & carry) | (sum < a);
}
return carry;
}
/* 10.2.4.3.2 CarryProp() */
/* Propagate a carry */
static int
CarryProp(
crypt_uword_t *result,
const crypt_uword_t *op,
int count,
int carry
)
{
for(; count; count--)
carry = ((*result++ = *op++ + carry) == 0) & carry;
return carry;
}
static void
CarryResolve(
bigNum result,
int stop,
int carry
)
{
if(carry)
{
pAssert((unsigned)stop < result->allocated);
result->d[stop++] = 1;
}
BnSetTop(result, stop);
}
/* 10.2.4.3.3 BnAdd() */
/* Function to add two bigNum values. Always returns TRUEF */
LIB_EXPORT BOOL
BnAdd(
bigNum result,
bigConst op1,
bigConst op2
)
{
crypt_uword_t stop;
int carry;
const bignum_t *n1 = op1;
const bignum_t *n2 = op2;
//
if(n2->size > n1->size)
{
n1 = op2;
n2 = op1;
}
pAssert(result->allocated >= n1->size);
stop = MIN(n1->size, n2->allocated);
carry = AddSame(result->d, n1->d, n2->d, stop);
if(n1->size > stop)
carry = CarryProp(&result->d[stop], &n1->d[stop], n1->size - stop, carry);
CarryResolve(result, n1->size, carry);
return TRUE;
}
/* 10.2.4.3.4 BnAddWord() */
/* Adds a word value to a bigNum. */
LIB_EXPORT BOOL
BnAddWord(
bigNum result,
bigConst op,
crypt_uword_t word
)
{
int carry;
//
carry = (result->d[0] = op->d[0] + word) < word;
carry = CarryProp(&result->d[1], &op->d[1], op->size - 1, carry);
CarryResolve(result, op->size, carry);
return TRUE;
}
/* 10.2.4.3.5 SubSame() */
/* Subtract two values that have the same size. */
static int
SubSame(
crypt_uword_t *result,
const crypt_uword_t *op1,
const crypt_uword_t *op2,
int count
)
{
int borrow = 0;
int i;
for(i = 0; i < count; i++)
{
crypt_uword_t a = op1[i];
crypt_uword_t diff = a - op2[i];
result[i] = diff - borrow;
// generate | propagate
borrow = (diff > a) | ((diff == 0) & borrow);
}
return borrow;
}
/* 10.2.4.3.6 BorrowProp() */
/* This propagates a borrow. If borrow is true when the end of the array is reached, then it means
that op2 was larger than op1 and we don't handle that case so an assert is generated. This design
choice was made because our only bigNum computations are on large positive numbers (primes) or on
fields. Propagate a borrow. */
static int
BorrowProp(
crypt_uword_t *result,
const crypt_uword_t *op,
int size,
int borrow
)
{
for(; size > 0; size--)
borrow = ((*result++ = *op++ - borrow) == MAX_CRYPT_UWORD) && borrow;
return borrow;
}
/* 10.2.4.3.7 BnSub() */
/* Function to do subtraction of result = op1 - op2 when op1 is greater than op2. If it isn't then a
fault is generated. */
LIB_EXPORT BOOL
BnSub(
bigNum result,
bigConst op1,
bigConst op2
)
{
int borrow;
crypt_uword_t stop = MIN(op1->size, op2->allocated);
//
// Make sure that op2 is not obviously larger than op1
pAssert(op1->size >= op2->size);
borrow = SubSame(result->d, op1->d, op2->d, stop);
if(op1->size > stop)
borrow = BorrowProp(&result->d[stop], &op1->d[stop], op1->size - stop,
borrow);
pAssert(!borrow);
BnSetTop(result, op1->size);
return TRUE;
}
/* 10.2.4.3.8 BnSubWord() */
/* Subtract a word value from a bigNum. */
LIB_EXPORT BOOL
BnSubWord(
bigNum result,
bigConst op,
crypt_uword_t word
)
{
int borrow;
//
pAssert(op->size > 1 || word <= op->d[0]);
borrow = word > op->d[0];
result->d[0] = op->d[0] - word;
borrow = BorrowProp(&result->d[1], &op->d[1], op->size - 1, borrow);
pAssert(!borrow);
BnSetTop(result, op->size);
return TRUE;
}
/* 10.2.4.3.9 BnUnsignedCmp() */
/* This function performs a comparison of op1 to op2. The compare is approximately constant time if
the size of the values used in the compare is consistent across calls (from the same line in the
calling code). */
/* Return Values Meaning */
/* < 0 op1 is less than op2 */
/* 0 op1 is equal to op2 */
/* > 0 op1 is greater than op2 */
LIB_EXPORT int
BnUnsignedCmp(
bigConst op1,
bigConst op2
)
{
int retVal;
int diff;
int i;
//
pAssert((op1 != NULL) && (op2 != NULL));
retVal = op1->size - op2->size;
if(retVal == 0)
{
for(i = (int)(op1->size - 1); i >= 0; i--)
{
diff = (op1->d[i] < op2->d[i]) ? -1 : (op1->d[i] != op2->d[i]);
retVal = retVal == 0 ? diff : retVal;
}
}
else
retVal = (retVal < 0) ? -1 : 1;
return retVal;
}
/* 10.2.4.3.10 BnUnsignedCmpWord() */
/* Compare a bigNum to a crypt_uword_t. -1 op1 is less that word 0 op1 is equal to word 1 op1 is
greater than word */
LIB_EXPORT int
BnUnsignedCmpWord(
bigConst op1,
crypt_uword_t word
)
{
if(op1->size > 1)
return 1;
else if(op1->size == 1)
return (op1->d[0] < word) ? -1 : (op1->d[0] > word);
else // op1 is zero
// equal if word is zero
return (word == 0) ? 0 : -1;
}
/* 10.2.4.3.11 BnModWord() */
/* Find the modulus of a big number when the modulus is a word value */
LIB_EXPORT crypt_word_t
BnModWord(
bigConst numerator,
crypt_word_t modulus
)
{
BN_MAX(remainder);
BN_VAR(mod, RADIX_BITS);
//
mod->d[0] = modulus;
mod->size = (modulus != 0);
BnDiv(NULL, remainder, numerator, mod);
return remainder->d[0];
}
/* 10.2.4.3.12 Msb() */
/* Returns the bit number of the most significant bit of a crypt_uword_t. The number for the least
significant bit of any bigNum value is 0. The maximum return value is RADIX_BITS - 1, */
/* Return Values Meaning */
/* -1 the word was zero */
/* n the bit number of the most significant bit in the word */
LIB_EXPORT int
Msb(
crypt_uword_t word
)
{
int retVal = -1;
//
#if RADIX_BITS == 64
if(word & 0xffffffff00000000) { retVal += 32; word >>= 32; }
#endif
if(word & 0xffff0000) { retVal += 16; word >>= 16; }
if(word & 0x0000ff00) { retVal += 8; word >>= 8; }
if(word & 0x000000f0) { retVal += 4; word >>= 4; }
if(word & 0x0000000c) { retVal += 2; word >>= 2; }
if(word & 0x00000002) { retVal += 1; word >>= 1; }
return retVal + (int)word;
}
/* 10.2.4.3.13 BnMsb() */
/* Returns the number of the MSb(). Returns a negative number if the value is zero or bn is NULL. */
LIB_EXPORT int
BnMsb(
bigConst bn
)
{
// If the value is NULL, or the size is zero then treat as zero and return -1
if(bn != NULL && bn->size > 0)
{
int retVal = Msb(bn->d[bn->size - 1]);
retVal += (bn->size - 1) * RADIX_BITS;
return retVal;
}
else
return -1;
}
/* 10.2.4.3.14 BnSizeInBits() */
/* Returns the number of bits required to hold a number. */
LIB_EXPORT unsigned
BnSizeInBits(
bigConst n
)
{
return BnMsb(n) + 1;
}
/* 10.2.4.3.15 BnSetWord() */
/* Change the value of a bignum_t to a word value. */
LIB_EXPORT bigNum
BnSetWord(
bigNum n,
crypt_uword_t w
)
{
if(n != NULL)
{
pAssert(n->allocated > 1);
n->d[0] = w;
BnSetTop(n, (w != 0) ? 1 : 0);
}
return n;
}
/* 10.2.4.3.16 BnSetBit() */
/* SET a bit in a bigNum. Bit 0 is the least-significant bit in the 0th digit_t. The function always
return TRUE */
LIB_EXPORT BOOL
BnSetBit(
bigNum bn, // IN/OUT: big number to modify
unsigned int bitNum // IN: Bit number to SET
)
{
crypt_uword_t offset = bitNum / RADIX_BITS;
pAssert(bn->allocated * RADIX_BITS >= bitNum);
// Grow the number if necessary to set the bit.
while(bn->size <= offset)
bn->d[bn->size++] = 0;
bn->d[offset] |= (1 << RADIX_MOD(bitNum));
return TRUE;
}
/* 10.2.4.3.17 BnTestBit() */
/* Check to see if a bit is SET in a bignum_t. The 0th bit is the LSb() of d[0] If a bit is outside
the range of the number, it returns FALSE */
/* Return Values Meaning */
/* TRUE the bit is set */
/* FALSE the bit is not set or the number is out of range */
LIB_EXPORT BOOL
BnTestBit(
bigNum bn, // IN: number to check
unsigned int bitNum // IN: bit to test
)
{
crypt_uword_t offset = RADIX_DIV(bitNum);
//
if(bn->size > offset)
return ((bn->d[offset] & (((crypt_uword_t)1) << RADIX_MOD(bitNum))) != 0);
else
return FALSE;
}
/* 10.2.4.3.18 BnMaskBits() */
/* Function to mask off high order bits of a big number. The returned value will have no more than
maskBit bits set. */
/* NOTE: There is a requirement that unused words of a bignum_t are set to zero. */
/* Return Values Meaning */
/* TRUE result masked */
/* FALSE the input was not as large as the mask */
LIB_EXPORT BOOL
BnMaskBits(
bigNum bn, // IN/OUT: number to mask
crypt_uword_t maskBit // IN: the bit number for the mask.
)
{
crypt_uword_t finalSize;
BOOL retVal;
finalSize = BITS_TO_CRYPT_WORDS(maskBit);
retVal = (finalSize <= bn->allocated);
if(retVal && (finalSize > 0))
{
crypt_uword_t mask;
mask = ~((crypt_uword_t)0) >> RADIX_MOD(maskBit);
bn->d[finalSize - 1] &= mask;
}
BnSetTop(bn, finalSize);
return retVal;
}
/* 10.2.4.3.19 BnShiftRight() */
/* Function will shift a bigNum to the right by the shiftAmount */
LIB_EXPORT BOOL
BnShiftRight(
bigNum result,
bigConst toShift,
uint32_t shiftAmount
)
{
uint32_t offset = (shiftAmount >> RADIX_LOG2);
uint32_t i;
uint32_t shiftIn;
crypt_uword_t finalSize;
//
shiftAmount = shiftAmount & RADIX_MASK;
shiftIn = RADIX_BITS - shiftAmount;
// The end size is toShift->size - offset less one additional
// word if the shiftAmount would make the upper word == 0
if(toShift->size > offset)
{
finalSize = toShift->size - offset;
finalSize -= (toShift->d[toShift->size - 1] >> shiftAmount) == 0 ? 1 : 0;
}
else
finalSize = 0;
pAssert(finalSize <= result->allocated);
if(finalSize != 0)
{
for(i = 0; i < finalSize; i++)
{
result->d[i] = (toShift->d[i + offset] >> shiftAmount)
| (toShift->d[i + offset + 1] << shiftIn);
}
if(offset == 0)
result->d[i] = toShift->d[i] >> shiftAmount;
}
BnSetTop(result, finalSize);
return TRUE;
}
/* 10.2.4.3.20 BnGetRandomBits() */
LIB_EXPORT BOOL
BnGetRandomBits(
bigNum n,
size_t bits,
RAND_STATE *rand
)
{
TPM2B_TYPE(LARGEST, LARGEST_NUMBER);
TPM2B_LARGEST large;
//
large.b.size = (UINT16)BITS_TO_BYTES(bits);
DRBG_Generate(rand, large.t.buffer, large.t.size);
BnFrom2B(n, &large.b);
BnMaskBits(n, bits);
return TRUE;
}
/* 10.2.4.3.21 BnGenerateRandomInRange() */
/* Function to generate a random number r in the range 1 <= r < limit. The function gets a random
number of bits that is the size of limit. There is some some probability that the returned number
is going to be greater than or equal to the limit. If it is, try again. There is no more than 50%
chance that the next number is also greater, so try again. We keep trying until we get a value
that meets the criteria. Since limit is very often a number with a LOT of high order ones, this
rarely would need a second try. */
LIB_EXPORT BOOL
BnGenerateRandomInRange(
bigNum dest,
bigConst limit,
RAND_STATE *rand
)
{
size_t bits = BnSizeInBits(limit);
//
if(bits < 2)
{
BnSetWord(dest, 0);
return FALSE;
}
else
{
do
{
BnGetRandomBits(dest, bits, rand);
} while(BnEqualZero(dest) || BnUnsignedCmp(dest, limit) >= 0);
}
return TRUE;
}

201
src/tpm2/BnMemory.c Normal file
View File

@ -0,0 +1,201 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: BnMemory.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* 10.2.5 BnMemory.c */
/* 10.2.5.1 Introduction */
/* This file contains the memory setup functions used by the bigNum functions in CryptoEngine() */
/* 10.2.5.2 Includes */
#include "Tpm.h"
/* 10.2.5.3 Functions */
/* 10.2.5.3.1 BnSetTop() */
/* This function is used when the size of a bignum_t is changed. It makes sure that the unused words
are set to zero and that any significant words of zeros are eliminated from the used size
indicator. */
LIB_EXPORT bigNum
BnSetTop(
bigNum bn, // IN/OUT: number to clean
crypt_uword_t top // IN: the new top
)
{
if(bn != NULL)
{
pAssert(top <= bn->allocated);
// If forcing the size to be decreased, make sure that the words being
// discarded are being set to 0
while(bn->size > top)
bn->d[--bn->size] = 0;
bn->size = top;
// Now make sure that the words that are left are 'normalized' (no high-order
// words of zero.
while((bn->size > 0) && (bn->d[bn->size - 1] == 0))
bn->size -= 1;
}
return bn;
}
/* 10.2.5.3.2 BnClearTop() */
/* This function will make sure that all unused words are zero. */
LIB_EXPORT bigNum
BnClearTop(
bigNum bn
)
{
crypt_uword_t i;
//
if(bn != NULL)
{
for(i = bn->size; i < bn->allocated; i++)
bn->d[i] = 0;
while((bn->size > 0) && (bn->d[bn->size] == 0))
bn->size -= 1;
}
return bn;
}
/* 10.2.5.3.3 BnInitializeWord() */
/* This function is used to initialize an allocated bigNum with a word value. The bigNum does not
have to be allocated with a single word. */
LIB_EXPORT bigNum
BnInitializeWord(
bigNum bn, // IN:
crypt_uword_t allocated, // IN:
crypt_uword_t word // IN:
)
{
bn->allocated = allocated;
bn->size = (word != 0);
bn->d[0] = word;
while(allocated > 1)
bn->d[--allocated] = 0;
return bn;
}
/* 10.2.5.3.4 BnInit() */
/* This function initializes a stack allocated bignum_t. It initializes allocated and size and zeros
the words of d. */
LIB_EXPORT bigNum
BnInit(
bigNum bn,
crypt_uword_t allocated
)
{
if(bn != NULL)
{
bn->allocated = allocated;
bn->size = 0;
while(allocated != 0)
bn->d[--allocated] = 0;
}
return bn;
}
/* 10.2.5.3.5 BnCopy() */
/* Function to copy a bignum_t. If the output is NULL, then nothing happens. If the input is NULL,
the output is set to zero. */
LIB_EXPORT BOOL
BnCopy(
bigNum out,
bigConst in
)
{
if(in == out)
BnSetTop(out, BnGetSize(out));
else if(out != NULL)
{
if(in != NULL)
{
unsigned int i;
pAssert(BnGetAllocated(out) >= BnGetSize(in));
for(i = 0; i < BnGetSize(in); i++)
out->d[i] = in->d[i];
BnSetTop(out, BnGetSize(in));
}
else
BnSetTop(out, 0);
}
return TRUE;
}
#ifdef TPM_ALG_ECC
/* 10.2.5.3.6 BnPointCopy() */
/* Function to copy a bn point. */
LIB_EXPORT BOOL
BnPointCopy(
bigPoint pOut,
pointConst pIn
)
{
return BnCopy(pOut->x, pIn->x)
&& BnCopy(pOut->y, pIn->y)
&& BnCopy(pOut->z, pIn->z);
}
/* 10.2.5.3.7 BnInitializePoint() */
/* This function is used to initialize a point structure with the addresses of the coordinates. */
LIB_EXPORT bn_point_t *
BnInitializePoint(
bigPoint p, // OUT: structure to receive pointers
bigNum x, // IN: x coordinate
bigNum y, // IN: y coordinate
bigNum z // IN: x coordinate
)
{
p->x = x;
p->y = y;
p->z = z;
BnSetWord(z, 1);
return p;
}
#endif // TPM_ALG_ECC

101
src/tpm2/Cancel.c Normal file
View File

@ -0,0 +1,101 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Cancel.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* C.2 Cancel.c */
/* C.2.1. Introduction */
/* This module simulates the cancel pins on the TPM. */
/* C.2.2. Includes, Typedefs, Structures, and Defines */
#include "PlatformData.h"
#include "Platform_fp.h"
/* C.2.3. Functions */
/* C.2.3.1. _plat__IsCanceled() */
/* Check if the cancel flag is set */
/* Return Values Meaning */
/* TRUE(1) if cancel flag is set */
/* FALSE(0) if cancel flag is not set */
LIB_EXPORT int
_plat__IsCanceled(
void
)
{
// return cancel flag
return s_isCanceled;
}
/* C.2.3.2. _plat__SetCancel() */
/* Set cancel flag. */
LIB_EXPORT void
_plat__SetCancel(
void
)
{
s_isCanceled = TRUE;
return;
}
/* C.2.3.3. _plat__ClearCancel() */
/* Clear cancel flag */
LIB_EXPORT void
_plat__ClearCancel(
void
)
{
s_isCanceled = FALSE;
return;
}

77
src/tpm2/Capabilities.h Normal file
View File

@ -0,0 +1,77 @@
/********************************************************************************/
/* */
/* Number of capability values that will fit into the largest data buffer */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Capabilities.h 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
#ifndef _CAPABILITIES_H
#define _CAPABILITIES_H
#define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP)-sizeof(UINT32))
#define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY))
#define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE))
#define MAX_CAP_CC (MAX_CAP_DATA / sizeof(TPM_CC))
#define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY))
#define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT))
#define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE))
#define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY))
#ifdef TPM_CC_AC_GetCapability
/* This is #defined because TPMA_AC_CAPABILITIES might not be defined */
# define MAX_AC_CAPABILITIES (MAX_CAP_DATA / sizeof(TPMS_AC_OUTPUT))
#endif
#endif

207
src/tpm2/CapabilityCommands.c Normal file
View File

@ -0,0 +1,207 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CapabilityCommands.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#include "Tpm.h"
#include "GetCapability_fp.h"
#ifdef TPM_CC_GetCapability // Conditional expansion of this file
TPM_RC
TPM2_GetCapability(
GetCapability_In *in, // IN: input parameter list
GetCapability_Out *out // OUT: output parameter list
)
{
TPMU_CAPABILITIES *data = &out->capabilityData.data;
// Command Output
// Set output capability type the same as input type
out->capabilityData.capability = in->capability;
switch(in->capability)
{
case TPM_CAP_ALGS:
out->moreData = AlgorithmCapGetImplemented((TPM_ALG_ID)in->property,
in->propertyCount,
&data->algorithms);
break;
case TPM_CAP_HANDLES:
switch(HandleGetType((TPM_HANDLE)in->property))
{
case TPM_HT_TRANSIENT:
// Get list of handles of loaded transient objects
out->moreData = ObjectCapGetLoaded((TPM_HANDLE)in->property,
in->propertyCount,
&data->handles);
break;
case TPM_HT_PERSISTENT:
// Get list of handles of persistent objects
out->moreData = NvCapGetPersistent((TPM_HANDLE)in->property,
in->propertyCount,
&data->handles);
break;
case TPM_HT_NV_INDEX:
// Get list of defined NV index
out->moreData = NvCapGetIndex((TPM_HANDLE)in->property,
in->propertyCount,
&data->handles);
break;
case TPM_HT_LOADED_SESSION:
// Get list of handles of loaded sessions
out->moreData = SessionCapGetLoaded((TPM_HANDLE)in->property,
in->propertyCount,
&data->handles);
break;
#ifdef TPM_HT_SAVED_SESSION
case TPM_HT_SAVED_SESSION:
#else
case TPM_HT_ACTIVE_SESSION:
#endif
// Get list of handles of
out->moreData = SessionCapGetSaved((TPM_HANDLE)in->property,
in->propertyCount,
&data->handles);
break;
case TPM_HT_PCR:
// Get list of handles of PCR
out->moreData = PCRCapGetHandles((TPM_HANDLE)in->property,
in->propertyCount,
&data->handles);
break;
case TPM_HT_PERMANENT:
// Get list of permanent handles
out->moreData = PermanentCapGetHandles((TPM_HANDLE)in->property,
in->propertyCount,
&data->handles);
break;
default:
// Unsupported input handle type
return TPM_RCS_HANDLE + RC_GetCapability_property;
break;
}
break;
case TPM_CAP_COMMANDS:
out->moreData = CommandCapGetCCList((TPM_CC)in->property,
in->propertyCount,
&data->command);
break;
case TPM_CAP_PP_COMMANDS:
out->moreData = PhysicalPresenceCapGetCCList((TPM_CC)in->property,
in->propertyCount,
&data->ppCommands);
break;
case TPM_CAP_AUDIT_COMMANDS:
out->moreData = CommandAuditCapGetCCList((TPM_CC)in->property,
in->propertyCount,
&data->auditCommands);
break;
case TPM_CAP_PCRS:
// Input property must be 0
if(in->property != 0)
return TPM_RCS_VALUE + RC_GetCapability_property;
out->moreData = PCRCapGetAllocation(in->propertyCount,
&data->assignedPCR);
break;
case TPM_CAP_PCR_PROPERTIES:
out->moreData = PCRCapGetProperties((TPM_PT_PCR)in->property,
in->propertyCount,
&data->pcrProperties);
break;
case TPM_CAP_TPM_PROPERTIES:
out->moreData = TPMCapGetProperties((TPM_PT)in->property,
in->propertyCount,
&data->tpmProperties);
break;
#ifdef TPM_ALG_ECC
case TPM_CAP_ECC_CURVES:
out->moreData = CryptCapGetECCCurve((TPM_ECC_CURVE)in->property,
in->propertyCount,
&data->eccCurves);
break;
#endif // TPM_ALG_ECC
case TPM_CAP_AUTH_POLICIES:
if(HandleGetType((TPM_HANDLE)in->property) != TPM_HT_PERMANENT)
return TPM_RCS_VALUE + RC_GetCapability_property;
out->moreData = PermanentHandleGetPolicy((TPM_HANDLE)in->property,
in->propertyCount,
&data->authPolicies);
break;
case TPM_CAP_VENDOR_PROPERTY:
// vendor property is not implemented
default:
// Unsupported TPM_CAP value
return TPM_RCS_VALUE + RC_GetCapability_capability;
break;
}
return TPM_RC_SUCCESS;
}
#endif // CC_GetCapability
#include "Tpm.h"
#include "TestParms_fp.h"
#ifdef TPM_CC_TestParms // Conditional expansion of this file
TPM_RC
TPM2_TestParms(
TestParms_In *in // IN: input parameter list
)
{
// Input parameter is not reference in command action
NOT_REFERENCED(in);
// The parameters are tested at unmarshal process. We do nothing in command
// action
return TPM_RC_SUCCESS;
}
#endif // CC_TestParms

95
src/tpm2/CertifyCreation_fp.h Normal file
View File

@ -0,0 +1,95 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CertifyCreation_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef CERTIFYCREATION_FP_H
#define CERTIFYCREATION_FP_H
typedef struct {
TPMI_DH_OBJECT signHandle;
TPMI_DH_OBJECT objectHandle;
TPM2B_DATA qualifyingData;
TPM2B_DIGEST creationHash;
TPMT_SIG_SCHEME inScheme;
TPMT_TK_CREATION creationTicket;
} CertifyCreation_In;
#define RC_CertifyCreation_signHandle (TPM_RC_H + TPM_RC_1)
#define RC_CertifyCreation_objectHandle (TPM_RC_H + TPM_RC_2)
#define RC_CertifyCreation_qualifyingData (TPM_RC_P + TPM_RC_1)
#define RC_CertifyCreation_creationHash (TPM_RC_P + TPM_RC_2)
#define RC_CertifyCreation_inScheme (TPM_RC_P + TPM_RC_3)
#define RC_CertifyCreation_creationTicket (TPM_RC_P + TPM_RC_4)
typedef struct {
TPM2B_ATTEST certifyInfo;
TPMT_SIGNATURE signature;
} CertifyCreation_Out;
TPM_RC
TPM2_CertifyCreation(
CertifyCreation_In *in, // IN: input parameter list
CertifyCreation_Out *out // OUT: output parameter list
);
#endif

93
src/tpm2/Certify_fp.h Normal file
View File

@ -0,0 +1,93 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Certify_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef CERTIFY_FP_H
#define CERTIFY_FP_H
typedef struct {
TPMI_DH_OBJECT objectHandle;
TPMI_DH_OBJECT signHandle;
TPM2B_DATA qualifyingData;
TPMT_SIG_SCHEME inScheme;
} Certify_In;
#define RC_Certify_objectHandle (TPM_RC_H + TPM_RC_1)
#define RC_Certify_signHandle (TPM_RC_H + TPM_RC_2)
#define RC_Certify_qualifyingData (TPM_RC_P + TPM_RC_1)
#define RC_Certify_inScheme (TPM_RC_P + TPM_RC_2)
typedef struct {
TPM2B_ATTEST certifyInfo;
TPMT_SIGNATURE signature;
} Certify_Out;
TPM_RC
TPM2_Certify(
Certify_In *in, // IN: input parameter list
Certify_Out *out // OUT: output parameter list
);
#endif

79
src/tpm2/ChangeEPS_fp.h Normal file
View File

@ -0,0 +1,79 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ChangeEPS_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef CHANGEEPS_FP_H
#define CHANGEEPS_FP_H
typedef struct {
TPMI_RH_PLATFORM authHandle;
} ChangeEPS_In;
#define RC_ChangeEPS_authHandle (TPM_RC_H + TPM_RC_1)
TPM_RC
TPM2_ChangeEPS(
ChangeEPS_In *in // IN: input parameter list
);
#endif

79
src/tpm2/ChangePPS_fp.h Normal file
View File

@ -0,0 +1,79 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ChangePPS_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef CHANGEPPS_FP_H
#define CHANGEPPS_FP_H
typedef struct {
TPMI_RH_PLATFORM authHandle;
} ChangePPS_In;
#define RC_ChangePPS_authHandle (TPM_RC_P + TPM_RC_1)
TPM_RC
TPM2_ChangePPS(
ChangePPS_In *in // IN: input parameter list
);
#endif

79
src/tpm2/ClearControl_fp.h Normal file
View File

@ -0,0 +1,79 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ClearControl_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef CLEARCONTROL_FP_H
#define CLEARCONTROL_FP_H
typedef struct {
TPMI_RH_CLEAR auth;
TPMI_YES_NO disable;
} ClearControl_In;
#define RC_ClearControl_auth (TPM_RC_H + TPM_RC_1)
#define RC_ClearControl_disable (TPM_RC_P + TPM_RC_1)
TPM_RC
TPM2_ClearControl(
ClearControl_In *in // IN: input parameter list
);
#endif

78
src/tpm2/Clear_fp.h Normal file
View File

@ -0,0 +1,78 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Clear_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef CLEAR_FP_H
#define CLEAR_FP_H
typedef struct {
TPMI_RH_CLEAR authHandle;
} Clear_In;
#define RC_Clear_authHandle (TPM_RC_H + TPM_RC_1)
TPM_RC
TPM2_Clear(
Clear_In *in // IN: input parameter list
);
#endif

287
src/tpm2/Clock.c Normal file
View File

@ -0,0 +1,287 @@
/********************************************************************************/
/* */
/* Used by the simulator to mimic a hardware clock */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Clock.c 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
/* added for portability because Linux clock is 32 bits */
#include <stdint.h>
#include <stdio.h>
#include <time.h>
static uint64_t tpmclock(void);
#ifdef TPM_WINDOWS
/* Windows returns result in units of CLOCKS_PER_SEC. seconds = clock() / CLOCKS_PER_SEC */
static uint64_t tpmclock(void)
{
clock_t clocktime = clock();
uint64_t tpmtime = ((uint64_t)clocktime * 1000) / (uint64_t)CLOCKS_PER_SEC;
return tpmtime;
}
#endif
#ifdef TPM_POSIX
#include <sys/time.h>
/* return time in milliseconds */
static uint64_t tpmclock(void)
{
struct timeval tval;
uint64_t tpmtime;
gettimeofday(&tval, NULL); /* get the time */
tpmtime = ((uint64_t)tval.tv_sec * 1000) + ((uint64_t)tval.tv_usec / 1000);
return tpmtime;
}
#endif
/* C.3 Clock.c */
/* C.3.1. Introduction */
/* This file contains the routines that are used by the simulator to mimic a hardware clock on a
TPM. In this implementation, all the time values are measured in millisecond. However, the
precision of the clock functions may be implementation dependent. */
/* C.3.2. Includes and Data Definitions */
#include "PlatformData.h"
#include "Platform_fp.h"
#include "TpmFail_fp.h"
#include <assert.h>
/* C.3.3. Simulator Functions */
/* C.3.3.1. Introduction */
/* This set of functions is intended to be called by the simulator environment in order to simulate
hardware events. */
/* C.3.3.2. _plat__TimerReset() */
/* This function sets current system clock time as t0 for counting TPM time. This function is called
at a power on event to reset the clock. */
LIB_EXPORT void
_plat__TimerReset(
void
)
{
s_realTimePrevious = (clock_t) tpmclock(); /* kgold, FIXME, something wrong here */
s_tpmTime = 0;
s_adjustRate = CLOCK_NOMINAL;
s_timerReset = TRUE;
s_timerStopped = TRUE;
return;
}
/* C.3.3.3. _plat__TimerRestart() */
/* This function should be called in order to simulate the restart of the timer should it be stopped
while power is still applied. */
LIB_EXPORT void
_plat__TimerRestart(
void
)
{
s_timerStopped = TRUE;
return;
}
/* C.3.4. Functions Used by TPM */
/* C.3.4.1. Introduction */
/* These functions are called by the TPM code. They should be replaced by appropriated hardware
functions. */
/* C.3.4.2. _plat__TimerRead() */
/* This function provides access to the tick timer of the platform. The TPM code uses this value to
drive the TPM Clock. */
/* The tick timer is supposed to run when power is applied to the device. This timer should not be
reset by time events including _TPM_Init(). It should only be reset when TPM power is
re-applied. */
/* If the TPM is run in a protected environment, that environment may provide the tick time to the
TPM as long as the time provided by the environment is not allowed to go backwards. If the time
provided by the system can go backwards during a power discontinuity, then the
_plat__Signal_PowerOn() should call _plat__TimerReset(). */
/* The code in this function should be replaced by a read of a hardware tick timer. */
LIB_EXPORT uint64_t
_plat__TimerRead(
void
)
{
#ifdef HARDWARE_CLOCK
#error "need a defintion for reading the hardware clock"
return HARDWARE_CLOCK
#else
#define BILLION 1000000000
#define MILLION 1000000
#define THOUSAND 1000
clock_t timeDiff;
uint64_t adjusted;
// Save the value previously read from the system clock
timeDiff = s_realTimePrevious;
// update with the current value of the system clock
s_realTimePrevious = tpmclock();
// In the place below when we "put back" the unused part of the timeDiff
// it is possible that we can put back more than we take out. That is, we could
// take out 1000 mSec, rate adjust it and put back 1001 mS. This means that
// on a subsequent call, time may not have caught up. Rather than trying
// to rate adjust this, just stop time. This only occurs in a simulation so
// time for more than one command being the same should not be an issue.
if(timeDiff >= s_realTimePrevious)
{
s_realTimePrevious = timeDiff;
return s_tpmTime;
}
// Compute the amount of time since the last call to the system clock
timeDiff = s_realTimePrevious - timeDiff;
// Do the time rate adjustment and conversion from CLOCKS_PER_SEC to mSec
#if 0
adjusted = (((uint64_t)timeDiff * (THOUSAND * CLOCK_NOMINAL))
/ ((uint64_t)s_adjustRate * CLOCKS_PER_SEC));
#endif
/* kgold */
adjusted = (timeDiff * (uint64_t)(s_adjustRate)) / (uint64_t)CLOCK_NOMINAL;
s_tpmTime += (clock_t)adjusted;
// Might have some rounding error that would loose CLOCKS. See what is not
// being used. As mentioned above, this could result in putting back more than
// is taken out
#if 0
adjusted = (adjusted * ((uint64_t)s_adjustRate * CLOCKS_PER_SEC))
/ (THOUSAND * CLOCK_NOMINAL);
#endif
// If adjusted is not the same as timeDiff, then there is some rounding
// error that needs to be pushed back into the previous sample.
// NOTE: the following is so that the fact that everything is signed will not
// matter.
s_realTimePrevious = (clock_t)((int64_t)s_realTimePrevious - adjusted);
s_realTimePrevious += timeDiff;
#ifdef DEBUGGING_TIME
// Put this in so that TPM time will pass much faster than real time when
// doing debug.
// A value of 1000 for DEBUG_TIME_MULTIPLER will make each ms into a second
// A good value might be 100
return (s_tpmTime * DEBUG_TIME_MULTIPLIER);
#endif
return s_tpmTime;
#endif
}
/* C.3.4.3. _plat__TimerWasReset() */
/* This function is used to interrogate the flag indicating if the tick timer has been reset. */
/* If the resetFlag parameter is SET, then the flag will be CLEAR before the function returns. */
LIB_EXPORT BOOL
_plat__TimerWasReset(
void
)
{
BOOL retVal = s_timerReset;
s_timerReset = FALSE;
return retVal;
}
/* C.3.4.4. _plat__TimerWasStopped() */
/* This function is used to interrogate the flag indicating if the tick timer has been stopped. If
so, this is typically a reason to roll the nonce. */
/* This function will CLEAR the s_timerStopped flag before returning. This provides functionality
that is similar to status register that is cleared when read. This is the model used here because
it is the one that has the most impact on the TPM code as the flag can only be accessed by one
entity in the TPM. Any other implementation of the hardware can be made to look like a read-once
register. */
LIB_EXPORT BOOL
_plat__TimerWasStopped(
void
)
{
BOOL retVal = s_timerStopped;
s_timerStopped = FALSE;
return retVal;
}
/* C.3.4.5. _plat__ClockAdjustRate() */
/* Adjust the clock rate */
LIB_EXPORT void
_plat__ClockAdjustRate(
int adjust // IN: the adjust number. It could be positive
// or negative
)
{
// We expect the caller should only use a fixed set of constant values to
// adjust the rate
switch(adjust)
{
case CLOCK_ADJUST_COARSE:
s_adjustRate += CLOCK_ADJUST_COARSE;
break;
case -CLOCK_ADJUST_COARSE:
s_adjustRate -= CLOCK_ADJUST_COARSE;
break;
case CLOCK_ADJUST_MEDIUM:
s_adjustRate += CLOCK_ADJUST_MEDIUM;
break;
case -CLOCK_ADJUST_MEDIUM:
s_adjustRate -= CLOCK_ADJUST_MEDIUM;
break;
case CLOCK_ADJUST_FINE:
s_adjustRate += CLOCK_ADJUST_FINE;
break;
case -CLOCK_ADJUST_FINE:
s_adjustRate -= CLOCK_ADJUST_FINE;
break;
default:
// ignore any other values;
break;
}
if(s_adjustRate > (CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT))
s_adjustRate = CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT;
if(s_adjustRate < (CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT))
s_adjustRate = CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT;
return;
}

110
src/tpm2/ClockCommands.c Normal file
View File

@ -0,0 +1,110 @@
/********************************************************************************/
/* */
/* Clocks and Timers */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ClockCommands.c 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
#include "Tpm.h"
#include "ReadClock_fp.h"
#ifdef TPM_CC_ReadClock // Conditional expansion of this file
TPM_RC
TPM2_ReadClock(
ReadClock_Out *out // OUT: output parameter list
)
{
// Command Output
out->currentTime.time = g_time;
TimeFillInfo(&out->currentTime.clockInfo);
return TPM_RC_SUCCESS;
}
#endif // CC_ReadClock
#include "Tpm.h"
#include "ClockSet_fp.h"
#ifdef TPM_CC_ClockSet // Conditional expansion of this file
TPM_RC
TPM2_ClockSet(
ClockSet_In *in // IN: input parameter list
)
{
#define CLOCK_UPDATE_MASK ~((1ULL << NV_CLOCK_UPDATE_INTERVAL)- 1)
// Input Validation
// new time can not be bigger than 0xFFFF000000000000 or smaller than
// current clock
if(in->newTime > 0xFFFF000000000000ULL
|| in->newTime < go.clock)
return TPM_RCS_VALUE + RC_ClockSet_newTime;
// Internal Data Update
// Can't modify the clock if NV is not available.
RETURN_IF_NV_IS_NOT_AVAILABLE;
TimeClockUpdate(in->newTime);
return TPM_RC_SUCCESS;
}
#endif // CC_ClockSet
#include "Tpm.h"
#include "ClockRateAdjust_fp.h"
#ifdef TPM_CC_ClockRateAdjust // Conditional expansion of this file
TPM_RC
TPM2_ClockRateAdjust(
ClockRateAdjust_In *in // IN: input parameter list
)
{
// Internal Data Update
TimeSetAdjustRate(in->rateAdjust);
return TPM_RC_SUCCESS;
}
#endif // CC_ClockRateAdjust

81
src/tpm2/ClockRateAdjust_fp.h Normal file
View File

@ -0,0 +1,81 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ClockRateAdjust_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef CLOCKRATEADJUST_FP_H
#define CLOCKRATEADJUST_FP_H
typedef struct {
TPMI_RH_PROVISION auth;
TPM_CLOCK_ADJUST rateAdjust;
} ClockRateAdjust_In;
#define RC_ClockRateAdjust_auth (TPM_RC_H + TPM_RC_1)
#define RC_ClockRateAdjust_rateAdjust (TPM_RC_P + TPM_RC_1)
TPM_RC
TPM2_ClockRateAdjust(
ClockRateAdjust_In *in // IN: input parameter list
);
#endif

81
src/tpm2/ClockSet_fp.h Normal file
View File

@ -0,0 +1,81 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ClockSet_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef CLOCKSET_FP_H
#define CLOCKSET_FP_H
typedef struct {
TPMI_RH_PROVISION auth;
UINT64 newTime;
} ClockSet_In;
#define RC_ClockSet_auth (TPM_RC_H + TPM_RC_1)
#define RC_ClockSet_newTime (TPM_RC_P + TPM_RC_1)
TPM_RC
TPM2_ClockSet(
ClockSet_In *in // IN: input parameter list
);
#endif

934
src/tpm2/CommandAttributeData.h Normal file
View File

@ -0,0 +1,934 @@
/********************************************************************************/
/* */
/* Command code attribute array for GetCapability */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CommandAttributeData.h 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
/* 5.6 CommandAttributeData.h */
/* This file should only be included by CommandCodeAttibutes.c */
#ifdef _COMMAND_CODE_ATTRIBUTES_
#include "CommandAttributes.h"
#if defined COMPRESSED_LISTS
# define PAD_LIST 0
#else
# define PAD_LIST 1
#endif
/* This is the command code attribute array for GetCapability(). Both this array and
s_commandAttributes provides command code attributes, but tuned for different purpose */
const TPMA_CC s_ccAttr [] = {
#if (PAD_LIST || CC_NV_UndefineSpaceSpecial)
{0x011f, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_UndefineSpaceSpecial
#endif
#if (PAD_LIST || CC_EvictControl)
{0x0120, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_EvictControl
#endif
#if (PAD_LIST || CC_HierarchyControl)
{0x0121, 0, 1, 1, 0, 1, 0, 0, 0}, // TPM_CC_HierarchyControl
#endif
#if (PAD_LIST || CC_NV_UndefineSpace)
{0x0122, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_UndefineSpace
#endif
#if (PAD_LIST)
{0x0123, 0, 0, 0, 0, 0, 0, 0, 0}, // No command
#endif
#if (PAD_LIST || CC_ChangeEPS)
{0x0124, 0, 1, 1, 0, 1, 0, 0, 0}, // TPM_CC_ChangeEPS
#endif
#if (PAD_LIST || CC_ChangePPS)
{0x0125, 0, 1, 1, 0, 1, 0, 0, 0}, // TPM_CC_ChangePPS
#endif
#if (PAD_LIST || CC_Clear)
{0x0126, 0, 1, 1, 0, 1, 0, 0, 0}, // TPM_CC_Clear
#endif
#if (PAD_LIST || CC_ClearControl)
{0x0127, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_ClearControl
#endif
#if (PAD_LIST || CC_ClockSet)
{0x0128, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_ClockSet
#endif
#if (PAD_LIST || CC_HierarchyChangeAuth)
{0x0129, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_HierarchyChangeAuth
#endif
#if (PAD_LIST || CC_NV_DefineSpace)
{0x012a, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_NV_DefineSpace
#endif
#if (PAD_LIST || CC_PCR_Allocate)
{0x012b, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_PCR_Allocate
#endif
#if (PAD_LIST || CC_PCR_SetAuthPolicy)
{0x012c, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_PCR_SetAuthPolicy
#endif
#if (PAD_LIST || CC_PP_Commands)
{0x012d, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_PP_Commands
#endif
#if (PAD_LIST || CC_SetPrimaryPolicy)
{0x012e, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_SetPrimaryPolicy
#endif
#if (PAD_LIST || CC_FieldUpgradeStart)
{0x012f, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_FieldUpgradeStart
#endif
#if (PAD_LIST || CC_ClockRateAdjust)
{0x0130, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_ClockRateAdjust
#endif
#if (PAD_LIST || CC_CreatePrimary)
{0x0131, 0, 0, 0, 0, 1, 1, 0, 0}, // TPM_CC_CreatePrimary
#endif
#if (PAD_LIST || CC_NV_GlobalWriteLock)
{0x0132, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_NV_GlobalWriteLock
#endif
#if (PAD_LIST || CC_GetCommandAuditDigest)
{0x0133, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_GetCommandAuditDigest
#endif
#if (PAD_LIST || CC_NV_Increment)
{0x0134, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_Increment
#endif
#if (PAD_LIST || CC_NV_SetBits)
{0x0135, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_SetBits
#endif
#if (PAD_LIST || CC_NV_Extend)
{0x0136, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_Extend
#endif
#if (PAD_LIST || CC_NV_Write)
{0x0137, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_Write
#endif
#if (PAD_LIST || CC_NV_WriteLock)
{0x0138, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_WriteLock
#endif
#if (PAD_LIST || CC_DictionaryAttackLockReset)
{0x0139, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_DictionaryAttackLockReset
#endif
#if (PAD_LIST || CC_DictionaryAttackParameters)
{0x013a, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_DictionaryAttackParameters
#endif
#if (PAD_LIST || CC_NV_ChangeAuth)
{0x013b, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_NV_ChangeAuth
#endif
#if (PAD_LIST || CC_PCR_Event)
{0x013c, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_PCR_Event
#endif
#if (PAD_LIST || CC_PCR_Reset)
{0x013d, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_PCR_Reset
#endif
#if (PAD_LIST || CC_SequenceComplete)
{0x013e, 0, 0, 0, 1, 1, 0, 0, 0}, // TPM_CC_SequenceComplete
#endif
#if (PAD_LIST || CC_SetAlgorithmSet)
{0x013f, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_SetAlgorithmSet
#endif
#if (PAD_LIST || CC_SetCommandCodeAuditStatus)
{0x0140, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_SetCommandCodeAuditStatus
#endif
#if (PAD_LIST || CC_FieldUpgradeData)
{0x0141, 0, 1, 0, 0, 0, 0, 0, 0}, // TPM_CC_FieldUpgradeData
#endif
#if (PAD_LIST || CC_IncrementalSelfTest)
{0x0142, 0, 1, 0, 0, 0, 0, 0, 0}, // TPM_CC_IncrementalSelfTest
#endif
#if (PAD_LIST || CC_SelfTest)
{0x0143, 0, 1, 0, 0, 0, 0, 0, 0}, // TPM_CC_SelfTest
#endif
#if (PAD_LIST || CC_Startup)
{0x0144, 0, 1, 0, 0, 0, 0, 0, 0}, // TPM_CC_Startup
#endif
#if (PAD_LIST || CC_Shutdown)
{0x0145, 0, 1, 0, 0, 0, 0, 0, 0}, // TPM_CC_Shutdown
#endif
#if (PAD_LIST || CC_StirRandom)
{0x0146, 0, 1, 0, 0, 0, 0, 0, 0}, // TPM_CC_StirRandom
#endif
#if (PAD_LIST || CC_ActivateCredential)
{0x0147, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_ActivateCredential
#endif
#if (PAD_LIST || CC_Certify)
{0x0148, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_Certify
#endif
#if (PAD_LIST || CC_PolicyNV)
{0x0149, 0, 0, 0, 0, 3, 0, 0, 0}, // TPM_CC_PolicyNV
#endif
#if (PAD_LIST || CC_CertifyCreation)
{0x014a, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_CertifyCreation
#endif
#if (PAD_LIST || CC_Duplicate)
{0x014b, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_Duplicate
#endif
#if (PAD_LIST || CC_GetTime)
{0x014c, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_GetTime
#endif
#if (PAD_LIST || CC_GetSessionAuditDigest)
{0x014d, 0, 0, 0, 0, 3, 0, 0, 0}, // TPM_CC_GetSessionAuditDigest
#endif
#if (PAD_LIST || CC_NV_Read)
{0x014e, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_Read
#endif
#if (PAD_LIST || CC_NV_ReadLock)
{0x014f, 0, 1, 0, 0, 2, 0, 0, 0}, // TPM_CC_NV_ReadLock
#endif
#if (PAD_LIST || CC_ObjectChangeAuth)
{0x0150, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_ObjectChangeAuth
#endif
#if (PAD_LIST || CC_PolicySecret)
{0x0151, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_PolicySecret
#endif
#if (PAD_LIST || CC_Rewrap)
{0x0152, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_Rewrap
#endif
#if (PAD_LIST || CC_Create)
{0x0153, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Create
#endif
#if (PAD_LIST || CC_ECDH_ZGen)
{0x0154, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_ECDH_ZGen
#endif
#if (PAD_LIST || CC_HMAC)
{0x0155, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_HMAC
#endif
#if (PAD_LIST || CC_Import)
{0x0156, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Import
#endif
#if (PAD_LIST || CC_Load)
{0x0157, 0, 0, 0, 0, 1, 1, 0, 0}, // TPM_CC_Load
#endif
#if (PAD_LIST || CC_Quote)
{0x0158, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Quote
#endif
#if (PAD_LIST || CC_RSA_Decrypt)
{0x0159, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_RSA_Decrypt
#endif
#if (PAD_LIST)
{0x015a, 0, 0, 0, 0, 0, 0, 0, 0}, // No command
#endif
#if (PAD_LIST || CC_HMAC_Start)
{0x015b, 0, 0, 0, 0, 1, 1, 0, 0}, // TPM_CC_HMAC_Start
#endif
#if (PAD_LIST || CC_SequenceUpdate)
{0x015c, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_SequenceUpdate
#endif
#if (PAD_LIST || CC_Sign)
{0x015d, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Sign
#endif
#if (PAD_LIST || CC_Unseal)
{0x015e, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Unseal
#endif
#if (PAD_LIST)
{0x015f, 0, 0, 0, 0, 0, 0, 0, 0}, // No command
#endif
#if (PAD_LIST || CC_PolicySigned)
{0x0160, 0, 0, 0, 0, 2, 0, 0, 0}, // TPM_CC_PolicySigned
#endif
#if (PAD_LIST || CC_ContextLoad)
{0x0161, 0, 0, 0, 0, 0, 1, 0, 0}, // TPM_CC_ContextLoad
#endif
#if (PAD_LIST || CC_ContextSave)
{0x0162, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_ContextSave
#endif
#if (PAD_LIST || CC_ECDH_KeyGen)
{0x0163, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_ECDH_KeyGen
#endif
#if (PAD_LIST || CC_EncryptDecrypt)
{0x0164, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_EncryptDecrypt
#endif
#if (PAD_LIST || CC_FlushContext)
{0x0165, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_FlushContext
#endif
#if (PAD_LIST)
{0x0166, 0, 0, 0, 0, 0, 0, 0, 0}, // No command
#endif
#if (PAD_LIST || CC_LoadExternal)
{0x0167, 0, 0, 0, 0, 0, 1, 0, 0}, // TPM_CC_LoadExternal
#endif
#if (PAD_LIST || CC_MakeCredential)
{0x0168, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_MakeCredential
#endif
#if (PAD_LIST || CC_NV_ReadPublic)
{0x0169, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_NV_ReadPublic
#endif
#if (PAD_LIST || CC_PolicyAuthorize)
{0x016a, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyAuthorize
#endif
#if (PAD_LIST || CC_PolicyAuthValue)
{0x016b, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyAuthValue
#endif
#if (PAD_LIST || CC_PolicyCommandCode)
{0x016c, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyCommandCode
#endif
#if (PAD_LIST || CC_PolicyCounterTimer)
{0x016d, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyCounterTimer
#endif
#if (PAD_LIST || CC_PolicyCpHash)
{0x016e, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyCpHash
#endif
#if (PAD_LIST || CC_PolicyLocality)
{0x016f, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyLocality
#endif
#if (PAD_LIST || CC_PolicyNameHash)
{0x0170, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyNameHash
#endif
#if (PAD_LIST || CC_PolicyOR)
{0x0171, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyOR
#endif
#if (PAD_LIST || CC_PolicyTicket)
{0x0172, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyTicket
#endif
#if (PAD_LIST || CC_ReadPublic)
{0x0173, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_ReadPublic
#endif
#if (PAD_LIST || CC_RSA_Encrypt)
{0x0174, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_RSA_Encrypt
#endif
#if (PAD_LIST)
{0x0175, 0, 0, 0, 0, 0, 0, 0, 0}, // No command
#endif
#if (PAD_LIST || CC_StartAuthSession)
{0x0176, 0, 0, 0, 0, 2, 1, 0, 0}, // TPM_CC_StartAuthSession
#endif
#if (PAD_LIST || CC_VerifySignature)
{0x0177, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_VerifySignature
#endif
#if (PAD_LIST || CC_ECC_Parameters)
{0x0178, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_ECC_Parameters
#endif
#if (PAD_LIST || CC_FirmwareRead)
{0x0179, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_FirmwareRead
#endif
#if (PAD_LIST || CC_GetCapability)
{0x017a, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_GetCapability
#endif
#if (PAD_LIST || CC_GetRandom)
{0x017b, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_GetRandom
#endif
#if (PAD_LIST || CC_GetTestResult)
{0x017c, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_GetTestResult
#endif
#if (PAD_LIST || CC_Hash)
{0x017d, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_Hash
#endif
#if (PAD_LIST || CC_PCR_Read)
{0x017e, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_PCR_Read
#endif
#if (PAD_LIST || CC_PolicyPCR)
{0x017f, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyPCR
#endif
#if (PAD_LIST || CC_PolicyRestart)
{0x0180, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyRestart
#endif
#if (PAD_LIST || CC_ReadClock)
{0x0181, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_ReadClock
#endif
#if (PAD_LIST || CC_PCR_Extend)
{0x0182, 0, 1, 0, 0, 1, 0, 0, 0}, // TPM_CC_PCR_Extend
#endif
#if (PAD_LIST || CC_PCR_SetAuthValue)
{0x0183, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PCR_SetAuthValue
#endif
#if (PAD_LIST || CC_NV_Certify)
{0x0184, 0, 0, 0, 0, 3, 0, 0, 0}, // TPM_CC_NV_Certify
#endif
#if (PAD_LIST || CC_EventSequenceComplete)
{0x0185, 0, 1, 0, 1, 2, 0, 0, 0}, // TPM_CC_EventSequenceComplete
#endif
#if (PAD_LIST || CC_HashSequenceStart)
{0x0186, 0, 0, 0, 0, 0, 1, 0, 0}, // TPM_CC_HashSequenceStart
#endif
#if (PAD_LIST || CC_PolicyPhysicalPresence)
{0x0187, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyPhysicalPresence
#endif
#if (PAD_LIST || CC_PolicyDuplicationSelect)
{0x0188, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyDuplicationSelect
#endif
#if (PAD_LIST || CC_PolicyGetDigest)
{0x0189, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyGetDigest
#endif
#if (PAD_LIST || CC_TestParms)
{0x018a, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_TestParms
#endif
#if (PAD_LIST || CC_Commit)
{0x018b, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Commit
#endif
#if (PAD_LIST || CC_PolicyPassword)
{0x018c, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyPassword
#endif
#if (PAD_LIST || CC_ZGen_2Phase)
{0x018d, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_ZGen_2Phase
#endif
#if (PAD_LIST || CC_EC_Ephemeral)
{0x018e, 0, 0, 0, 0, 0, 0, 0, 0}, // TPM_CC_EC_Ephemeral
#endif
#if (PAD_LIST || CC_PolicyNvWritten)
{0x018f, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyNvWritten
#endif
#if (PAD_LIST || CC_PolicyTemplate)
{0x0190, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_PolicyTemplate
#endif
#if (PAD_LIST || CC_CreateLoaded)
{0x0191, 0, 0, 0, 0, 1, 1, 0, 0}, // TPM_CC_CreateLoaded
#endif
#if (PAD_LIST || CC_PolicyAuthorizeNV)
{0x0192, 0, 0, 0, 0, 3, 0, 0, 0}, // TPM_CC_PolicyAuthorizeNV
#endif
#if (PAD_LIST || CC_EncryptDecrypt2)
{0x0193, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_EncryptDecrypt2
#endif
#if (PAD_LIST || CC_AC_GetCapability)
{0x0194, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_AC_GetCapability
#endif
#if (PAD_LIST || CC_AC_Send)
{0x0195, 0, 0, 0, 0, 3, 0, 0, 0}, // TPM_CC_AC_Send
#endif
#if (PAD_LIST || CC_Policy_AC_SendSelect)
{0x0196, 0, 0, 0, 0, 1, 0, 0, 0}, // TPM_CC_Policy_AC_SendSelect
#endif
#if (PAD_LIST)
{0x0197, 0, 0, 0, 0, 0, 0, 0, 0}, // No command
#endif
#if (PAD_LIST || CC_Vendor_TCG_Test)
{0x0000, 0, 0, 0, 0, 0, 0, 1, 0}, // TPM_CC_Vendor_TCG_Test
#endif
{0x0000, 0, 0, 0, 0, 0, 0, 0, 0}, // kg - terminator?
};
/* This is the command code attribute structure. */
const COMMAND_ATTRIBUTES s_commandAttributes [] = {
#if (PAD_LIST || CC_NV_UndefineSpaceSpecial)
(COMMAND_ATTRIBUTES)(CC_NV_UndefineSpaceSpecial * // 0x011f
(IS_IMPLEMENTED+HANDLE_1_ADMIN+HANDLE_2_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_EvictControl)
(COMMAND_ATTRIBUTES)(CC_EvictControl * // 0x0120
(IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_HierarchyControl)
(COMMAND_ATTRIBUTES)(CC_HierarchyControl * // 0x0121
(IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_NV_UndefineSpace)
(COMMAND_ATTRIBUTES)(CC_NV_UndefineSpace * // 0x0122
(IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST)
(COMMAND_ATTRIBUTES)(0), // 0x0123
#endif
#if (PAD_LIST || CC_ChangeEPS)
(COMMAND_ATTRIBUTES)(CC_ChangeEPS * // 0x0124
(IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_ChangePPS)
(COMMAND_ATTRIBUTES)(CC_ChangePPS * // 0x0125
(IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_Clear)
(COMMAND_ATTRIBUTES)(CC_Clear * // 0x0126
(IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_ClearControl)
(COMMAND_ATTRIBUTES)(CC_ClearControl * // 0x0127
(IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_ClockSet)
(COMMAND_ATTRIBUTES)(CC_ClockSet * // 0x0128
(IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_HierarchyChangeAuth)
(COMMAND_ATTRIBUTES)(CC_HierarchyChangeAuth * // 0x0129
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_NV_DefineSpace)
(COMMAND_ATTRIBUTES)(CC_NV_DefineSpace * // 0x012a
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_PCR_Allocate)
(COMMAND_ATTRIBUTES)(CC_PCR_Allocate * // 0x012b
(IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_PCR_SetAuthPolicy)
(COMMAND_ATTRIBUTES)(CC_PCR_SetAuthPolicy * // 0x012c
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_PP_Commands)
(COMMAND_ATTRIBUTES)(CC_PP_Commands * // 0x012d
(IS_IMPLEMENTED+HANDLE_1_USER+PP_REQUIRED)),
#endif
#if (PAD_LIST || CC_SetPrimaryPolicy)
(COMMAND_ATTRIBUTES)(CC_SetPrimaryPolicy * // 0x012e
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_FieldUpgradeStart)
(COMMAND_ATTRIBUTES)(CC_FieldUpgradeStart * // 0x012f
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_ClockRateAdjust)
(COMMAND_ATTRIBUTES)(CC_ClockRateAdjust * // 0x0130
(IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_CreatePrimary)
(COMMAND_ATTRIBUTES)(CC_CreatePrimary * // 0x0131
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)),
#endif
#if (PAD_LIST || CC_NV_GlobalWriteLock)
(COMMAND_ATTRIBUTES)(CC_NV_GlobalWriteLock * // 0x0132
(IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_GetCommandAuditDigest)
(COMMAND_ATTRIBUTES)(CC_GetCommandAuditDigest * // 0x0133
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_NV_Increment)
(COMMAND_ATTRIBUTES)(CC_NV_Increment * // 0x0134
(IS_IMPLEMENTED+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_NV_SetBits)
(COMMAND_ATTRIBUTES)(CC_NV_SetBits * // 0x0135
(IS_IMPLEMENTED+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_NV_Extend)
(COMMAND_ATTRIBUTES)(CC_NV_Extend * // 0x0136
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_NV_Write)
(COMMAND_ATTRIBUTES)(CC_NV_Write * // 0x0137
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_NV_WriteLock)
(COMMAND_ATTRIBUTES)(CC_NV_WriteLock * // 0x0138
(IS_IMPLEMENTED+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_DictionaryAttackLockReset)
(COMMAND_ATTRIBUTES)(CC_DictionaryAttackLockReset * // 0x0139
(IS_IMPLEMENTED+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_DictionaryAttackParameters)
(COMMAND_ATTRIBUTES)(CC_DictionaryAttackParameters * // 0x013a
(IS_IMPLEMENTED+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_NV_ChangeAuth)
(COMMAND_ATTRIBUTES)(CC_NV_ChangeAuth * // 0x013b
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN)),
#endif
#if (PAD_LIST || CC_PCR_Event)
(COMMAND_ATTRIBUTES)(CC_PCR_Event * // 0x013c
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_PCR_Reset)
(COMMAND_ATTRIBUTES)(CC_PCR_Reset * // 0x013d
(IS_IMPLEMENTED+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_SequenceComplete)
(COMMAND_ATTRIBUTES)(CC_SequenceComplete * // 0x013e
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_SetAlgorithmSet)
(COMMAND_ATTRIBUTES)(CC_SetAlgorithmSet * // 0x013f
(IS_IMPLEMENTED+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_SetCommandCodeAuditStatus)
(COMMAND_ATTRIBUTES)(CC_SetCommandCodeAuditStatus * // 0x0140
(IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)),
#endif
#if (PAD_LIST || CC_FieldUpgradeData)
(COMMAND_ATTRIBUTES)(CC_FieldUpgradeData * // 0x0141
(IS_IMPLEMENTED+DECRYPT_2)),
#endif
#if (PAD_LIST || CC_IncrementalSelfTest)
(COMMAND_ATTRIBUTES)(CC_IncrementalSelfTest * // 0x0142
(IS_IMPLEMENTED)),
#endif
#if (PAD_LIST || CC_SelfTest)
(COMMAND_ATTRIBUTES)(CC_SelfTest * // 0x0143
(IS_IMPLEMENTED)),
#endif
#if (PAD_LIST || CC_Startup)
(COMMAND_ATTRIBUTES)(CC_Startup * // 0x0144
(IS_IMPLEMENTED+NO_SESSIONS)),
#endif
#if (PAD_LIST || CC_Shutdown)
(COMMAND_ATTRIBUTES)(CC_Shutdown * // 0x0145
(IS_IMPLEMENTED)),
#endif
#if (PAD_LIST || CC_StirRandom)
(COMMAND_ATTRIBUTES)(CC_StirRandom * // 0x0146
(IS_IMPLEMENTED+DECRYPT_2)),
#endif
#if (PAD_LIST || CC_ActivateCredential)
(COMMAND_ATTRIBUTES)(CC_ActivateCredential * // 0x0147
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_Certify)
(COMMAND_ATTRIBUTES)(CC_Certify * // 0x0148
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_PolicyNV)
(COMMAND_ATTRIBUTES)(CC_PolicyNV * // 0x0149
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_CertifyCreation)
(COMMAND_ATTRIBUTES)(CC_CertifyCreation * // 0x014a
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_Duplicate)
(COMMAND_ATTRIBUTES)(CC_Duplicate * // 0x014b
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_GetTime)
(COMMAND_ATTRIBUTES)(CC_GetTime * // 0x014c
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_GetSessionAuditDigest)
(COMMAND_ATTRIBUTES)(CC_GetSessionAuditDigest * // 0x014d
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_NV_Read)
(COMMAND_ATTRIBUTES)(CC_NV_Read * // 0x014e
(IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_NV_ReadLock)
(COMMAND_ATTRIBUTES)(CC_NV_ReadLock * // 0x014f
(IS_IMPLEMENTED+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_ObjectChangeAuth)
(COMMAND_ATTRIBUTES)(CC_ObjectChangeAuth * // 0x0150
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_PolicySecret)
(COMMAND_ATTRIBUTES)(CC_PolicySecret * // 0x0151
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_Rewrap)
(COMMAND_ATTRIBUTES)(CC_Rewrap * // 0x0152
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_Create)
(COMMAND_ATTRIBUTES)(CC_Create * // 0x0153
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_ECDH_ZGen)
(COMMAND_ATTRIBUTES)(CC_ECDH_ZGen * // 0x0154
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_HMAC)
(COMMAND_ATTRIBUTES)(CC_HMAC * // 0x0155
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_Import)
(COMMAND_ATTRIBUTES)(CC_Import * // 0x0156
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_Load)
(COMMAND_ATTRIBUTES)(CC_Load * // 0x0157
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2+R_HANDLE)),
#endif
#if (PAD_LIST || CC_Quote)
(COMMAND_ATTRIBUTES)(CC_Quote * // 0x0158
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_RSA_Decrypt)
(COMMAND_ATTRIBUTES)(CC_RSA_Decrypt * // 0x0159
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST)
(COMMAND_ATTRIBUTES)(0), // 0x015a
#endif
#if (PAD_LIST || CC_HMAC_Start)
(COMMAND_ATTRIBUTES)(CC_HMAC_Start * // 0x015b
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+R_HANDLE)),
#endif
#if (PAD_LIST || CC_SequenceUpdate)
(COMMAND_ATTRIBUTES)(CC_SequenceUpdate * // 0x015c
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_Sign)
(COMMAND_ATTRIBUTES)(CC_Sign * // 0x015d
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_Unseal)
(COMMAND_ATTRIBUTES)(CC_Unseal * // 0x015e
(IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST)
(COMMAND_ATTRIBUTES)(0), // 0x015f
#endif
#if (PAD_LIST || CC_PolicySigned)
(COMMAND_ATTRIBUTES)(CC_PolicySigned * // 0x0160
(IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_ContextLoad)
(COMMAND_ATTRIBUTES)(CC_ContextLoad * // 0x0161
(IS_IMPLEMENTED+NO_SESSIONS+R_HANDLE)),
#endif
#if (PAD_LIST || CC_ContextSave)
(COMMAND_ATTRIBUTES)(CC_ContextSave * // 0x0162
(IS_IMPLEMENTED+NO_SESSIONS)),
#endif
#if (PAD_LIST || CC_ECDH_KeyGen)
(COMMAND_ATTRIBUTES)(CC_ECDH_KeyGen * // 0x0163
(IS_IMPLEMENTED+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_EncryptDecrypt)
(COMMAND_ATTRIBUTES)(CC_EncryptDecrypt * // 0x0164
(IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_FlushContext)
(COMMAND_ATTRIBUTES)(CC_FlushContext * // 0x0165
(IS_IMPLEMENTED+NO_SESSIONS)),
#endif
#if (PAD_LIST)
(COMMAND_ATTRIBUTES)(0), // 0x0166
#endif
#if (PAD_LIST || CC_LoadExternal)
(COMMAND_ATTRIBUTES)(CC_LoadExternal * // 0x0167
(IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)),
#endif
#if (PAD_LIST || CC_MakeCredential)
(COMMAND_ATTRIBUTES)(CC_MakeCredential * // 0x0168
(IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_NV_ReadPublic)
(COMMAND_ATTRIBUTES)(CC_NV_ReadPublic * // 0x0169
(IS_IMPLEMENTED+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_PolicyAuthorize)
(COMMAND_ATTRIBUTES)(CC_PolicyAuthorize * // 0x016a
(IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_PolicyAuthValue)
(COMMAND_ATTRIBUTES)(CC_PolicyAuthValue * // 0x016b
(IS_IMPLEMENTED+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_PolicyCommandCode)
(COMMAND_ATTRIBUTES)(CC_PolicyCommandCode * // 0x016c
(IS_IMPLEMENTED+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_PolicyCounterTimer)
(COMMAND_ATTRIBUTES)(CC_PolicyCounterTimer * // 0x016d
(IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_PolicyCpHash)
(COMMAND_ATTRIBUTES)(CC_PolicyCpHash * // 0x016e
(IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_PolicyLocality)
(COMMAND_ATTRIBUTES)(CC_PolicyLocality * // 0x016f
(IS_IMPLEMENTED+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_PolicyNameHash)
(COMMAND_ATTRIBUTES)(CC_PolicyNameHash * // 0x0170
(IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_PolicyOR)
(COMMAND_ATTRIBUTES)(CC_PolicyOR * // 0x0171
(IS_IMPLEMENTED+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_PolicyTicket)
(COMMAND_ATTRIBUTES)(CC_PolicyTicket * // 0x0172
(IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_ReadPublic)
(COMMAND_ATTRIBUTES)(CC_ReadPublic * // 0x0173
(IS_IMPLEMENTED+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_RSA_Encrypt)
(COMMAND_ATTRIBUTES)(CC_RSA_Encrypt * // 0x0174
(IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)),
#endif
#if (PAD_LIST)
(COMMAND_ATTRIBUTES)(0), // 0x0175
#endif
#if (PAD_LIST || CC_StartAuthSession)
(COMMAND_ATTRIBUTES)(CC_StartAuthSession * // 0x0176
(IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)),
#endif
#if (PAD_LIST || CC_VerifySignature)
(COMMAND_ATTRIBUTES)(CC_VerifySignature * // 0x0177
(IS_IMPLEMENTED+DECRYPT_2)),
#endif
#if (PAD_LIST || CC_ECC_Parameters)
(COMMAND_ATTRIBUTES)(CC_ECC_Parameters * // 0x0178
(IS_IMPLEMENTED)),
#endif
#if (PAD_LIST || CC_FirmwareRead)
(COMMAND_ATTRIBUTES)(CC_FirmwareRead * // 0x0179
(IS_IMPLEMENTED+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_GetCapability)
(COMMAND_ATTRIBUTES)(CC_GetCapability * // 0x017a
(IS_IMPLEMENTED)),
#endif
#if (PAD_LIST || CC_GetRandom)
(COMMAND_ATTRIBUTES)(CC_GetRandom * // 0x017b
(IS_IMPLEMENTED+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_GetTestResult)
(COMMAND_ATTRIBUTES)(CC_GetTestResult * // 0x017c
(IS_IMPLEMENTED+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_Hash)
(COMMAND_ATTRIBUTES)(CC_Hash * // 0x017d
(IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_PCR_Read)
(COMMAND_ATTRIBUTES)(CC_PCR_Read * // 0x017e
(IS_IMPLEMENTED)),
#endif
#if (PAD_LIST || CC_PolicyPCR)
(COMMAND_ATTRIBUTES)(CC_PolicyPCR * // 0x017f
(IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_PolicyRestart)
(COMMAND_ATTRIBUTES)(CC_PolicyRestart * // 0x0180
(IS_IMPLEMENTED+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_ReadClock)
(COMMAND_ATTRIBUTES)(CC_ReadClock * // 0x0181
(IS_IMPLEMENTED)),
#endif
#if (PAD_LIST || CC_PCR_Extend)
(COMMAND_ATTRIBUTES)(CC_PCR_Extend * // 0x0182
(IS_IMPLEMENTED+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_PCR_SetAuthValue)
(COMMAND_ATTRIBUTES)(CC_PCR_SetAuthValue * // 0x0183
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)),
#endif
#if (PAD_LIST || CC_NV_Certify)
(COMMAND_ATTRIBUTES)(CC_NV_Certify * // 0x0184
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_EventSequenceComplete)
(COMMAND_ATTRIBUTES)(CC_EventSequenceComplete * // 0x0185
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER)),
#endif
#if (PAD_LIST || CC_HashSequenceStart)
(COMMAND_ATTRIBUTES)(CC_HashSequenceStart * // 0x0186
(IS_IMPLEMENTED+DECRYPT_2+R_HANDLE)),
#endif
#if (PAD_LIST || CC_PolicyPhysicalPresence)
(COMMAND_ATTRIBUTES)(CC_PolicyPhysicalPresence * // 0x0187
(IS_IMPLEMENTED+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_PolicyDuplicationSelect)
(COMMAND_ATTRIBUTES)(CC_PolicyDuplicationSelect * // 0x0188
(IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_PolicyGetDigest)
(COMMAND_ATTRIBUTES)(CC_PolicyGetDigest * // 0x0189
(IS_IMPLEMENTED+ALLOW_TRIAL+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_TestParms)
(COMMAND_ATTRIBUTES)(CC_TestParms * // 0x018a
(IS_IMPLEMENTED)),
#endif
#if (PAD_LIST || CC_Commit)
(COMMAND_ATTRIBUTES)(CC_Commit * // 0x018b
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_PolicyPassword)
(COMMAND_ATTRIBUTES)(CC_PolicyPassword * // 0x018c
(IS_IMPLEMENTED+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_ZGen_2Phase)
(COMMAND_ATTRIBUTES)(CC_ZGen_2Phase * // 0x018d
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_EC_Ephemeral)
(COMMAND_ATTRIBUTES)(CC_EC_Ephemeral * // 0x018e
(IS_IMPLEMENTED+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_PolicyNvWritten)
(COMMAND_ATTRIBUTES)(CC_PolicyNvWritten * // 0x018f
(IS_IMPLEMENTED+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_PolicyTemplate)
(COMMAND_ATTRIBUTES)(CC_PolicyTemplate * // 0x0190
(IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_CreateLoaded)
(COMMAND_ATTRIBUTES)(CC_CreateLoaded * // 0x0191
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)),
#endif
#if (PAD_LIST || CC_PolicyAuthorizeNV)
(COMMAND_ATTRIBUTES)(CC_PolicyAuthorizeNV * // 0x0192
(IS_IMPLEMENTED+HANDLE_1_USER+ALLOW_TRIAL)),
#endif
#if (PAD_LIST || CC_EncryptDecrypt2)
(COMMAND_ATTRIBUTES)(CC_EncryptDecrypt2 * // 0x0193
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)),
#endif
#if (PAD_LIST || CC_AC_GetCapability)
(COMMAND_ATTRIBUTES)(CC_AC_GetCapability * // 0x0194
(IS_IMPLEMENTED)),
#endif
#if (PAD_LIST || CC_AC_Send)
(COMMAND_ATTRIBUTES)(CC_AC_Send * // 0x0195
(IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+HANDLE_2_USER)),
#endif
#if (PAD_LIST || CC_Policy_AC_SendSelect)
(COMMAND_ATTRIBUTES)(CC_Policy_AC_SendSelect * // 0x0196
(IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)),
#endif
#if (PAD_LIST)
(COMMAND_ATTRIBUTES)(0), // 0x0197
#endif
#if (PAD_LIST || CC_Vendor_TCG_Test)
(COMMAND_ATTRIBUTES)(CC_Vendor_TCG_Test * // 0x0000
(IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)),
#endif
0
};
#endif // _COMMAND_CODE_ATTRIBUTES_

89
src/tpm2/CommandAttributes.h Normal file
View File

@ -0,0 +1,89 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CommandAttributes.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef COMMANDATTRIBUTES_H
#define COMMANDATTRIBUTES_H
/* 5.7 CommandAttributes.h */
/* The attributes defined in this file are produced by the parser that creates the structure
definitions from Part 3. The attributes are defined in that parser and should track the
attributes being tested in CommandCodeAttributes.c. Generally, when an attribute is added to this
list, new code will be needed in CommandCodeAttributes.c to test it. */
typedef UINT16 COMMAND_ATTRIBUTES;
#define NOT_IMPLEMENTED (COMMAND_ATTRIBUTES)(0)
#define ENCRYPT_2 (COMMAND_ATTRIBUTES)(1 << 0)
#define ENCRYPT_4 (COMMAND_ATTRIBUTES)(1 << 1)
#define DECRYPT_2 (COMMAND_ATTRIBUTES)(1 << 2)
#define DECRYPT_4 (COMMAND_ATTRIBUTES)(1 << 3)
#define HANDLE_1_USER (COMMAND_ATTRIBUTES)(1 << 4)
#define HANDLE_1_ADMIN (COMMAND_ATTRIBUTES)(1 << 5)
#define HANDLE_1_DUP (COMMAND_ATTRIBUTES)(1 << 6)
#define HANDLE_2_USER (COMMAND_ATTRIBUTES)(1 << 7)
#define PP_COMMAND (COMMAND_ATTRIBUTES)(1 << 8)
#define IS_IMPLEMENTED (COMMAND_ATTRIBUTES)(1 << 9)
#define NO_SESSIONS (COMMAND_ATTRIBUTES)(1 << 10)
#define NV_COMMAND (COMMAND_ATTRIBUTES)(1 << 11)
#define PP_REQUIRED (COMMAND_ATTRIBUTES)(1 << 12)
#define R_HANDLE (COMMAND_ATTRIBUTES)(1 << 13)
#define ALLOW_TRIAL (COMMAND_ATTRIBUTES)(1 << 14)
#endif

260
src/tpm2/CommandAudit.c Normal file
View File

@ -0,0 +1,260 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CommandAudit.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* 8.1 CommandAudit.c */
/* 8.1.1 Introduction */
/* This file contains the functions that support command audit. */
/* 8.1.2 Includes */
#include "Tpm.h"
/* 8.1.3 Functions */
/* 8.1.3.1 CommandAuditPreInstall_Init() */
/* This function initializes the command audit list. This function is simulates the behavior of
manufacturing. A function is used instead of a structure definition because this is easier than
figuring out the initialization value for a bit array. */
/* This function would not be implemented outside of a manufacturing or simulation environment. */
void
CommandAuditPreInstall_Init(
void
)
{
// Clear all the audit commands
MemorySet(gp.auditCommands, 0x00, sizeof(gp.auditCommands));
// TPM_CC_SetCommandCodeAuditStatus always being audited
CommandAuditSet(TPM_CC_SetCommandCodeAuditStatus);
// Set initial command audit hash algorithm to be context integrity hash
// algorithm
gp.auditHashAlg = CONTEXT_INTEGRITY_HASH_ALG;
// Set up audit counter to be 0
gp.auditCounter = 0;
// Write command audit persistent data to NV
NV_SYNC_PERSISTENT(auditCommands);
NV_SYNC_PERSISTENT(auditHashAlg);
NV_SYNC_PERSISTENT(auditCounter);
return;
}
/* 8.1.3.2 CommandAuditStartup() */
/* This function clears the command audit digest on a TPM Reset. */
void
CommandAuditStartup(
STARTUP_TYPE type // IN: start up type
)
{
if((type != SU_RESTART) && (type != SU_RESUME))
{
// Reset the digest size to initialize the digest
gr.commandAuditDigest.t.size = 0;
}
}
/* 8.1.3.3 CommandAuditSet() */
/* This function will SET the audit flag for a command. This function will not SET the audit flag
for a command that is not implemented. This ensures that the audit status is not SET when
TPM2_GetCapability() is used to read the list of audited commands. */
/* This function is only used by TPM2_SetCommandCodeAuditStatus(). */
/* The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the changes to be saved to
NV after it is setting and clearing bits. */
/* Return Values Meaning */
/* TRUE the command code audit status was changed */
/* FALSE the command code audit status was not changed */
BOOL
CommandAuditSet(
TPM_CC commandCode // IN: command code
)
{
COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode);
// Only SET a bit if the corresponding command is implemented
if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX)
{
// Can't audit shutdown
if(commandCode != TPM_CC_Shutdown)
{
if(!TEST_BIT(commandIndex, gp.auditCommands))
{
// Set bit
SET_BIT(commandIndex, gp.auditCommands);
return TRUE;
}
}
}
// No change
return FALSE;
}
/* 8.1.3.4 CommandAuditClear() */
/* This function will CLEAR the audit flag for a command. It will not CLEAR the audit flag for
TPM_CC_SetCommandCodeAuditStatus(). */
/* This function is only used by TPM2_SetCommandCodeAuditStatus(). */
/* The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the changes to be saved to
NV after it is setting and clearing bits. */
/* Return Values Meaning */
/* TRUE the command code audit status was changed */
/* FALSE the command code audit status was not changed */
BOOL
CommandAuditClear(
TPM_CC commandCode // IN: command code
)
{
COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode);
// Do nothing if the command is not implemented
if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX)
{
// The bit associated with TPM_CC_SetCommandCodeAuditStatus() cannot be
// cleared
if(commandCode != TPM_CC_SetCommandCodeAuditStatus)
{
if(TEST_BIT(commandIndex, gp.auditCommands))
{
// Clear bit
CLEAR_BIT(commandIndex, gp.auditCommands);
return TRUE;
}
}
}
// No change
return FALSE;
}
/* 8.1.3.5 CommandAuditIsRequired() */
/* This function indicates if the audit flag is SET for a command. */
/* Return Values Meaning */
/* TRUE if command is audited */
/* FALSE if command is not audited */
BOOL
CommandAuditIsRequired(
COMMAND_INDEX commandIndex // IN: command index
)
{
// Check the bit map. If the bit is SET, command audit is required
return(TEST_BIT(commandIndex, gp.auditCommands));
}
/* 8.1.3.6 CommandAuditCapGetCCList() */
/* This function returns a list of commands that have their audit bit SET. */
/* The list starts at the input commandCode. */
/* Return Values Meaning */
/* YES if there are more command code available */
/* NO all the available command code has been returned */
TPMI_YES_NO
CommandAuditCapGetCCList(
TPM_CC commandCode, // IN: start command code
UINT32 count, // IN: count of returned TPM_CC
TPML_CC *commandList // OUT: list of TPM_CC
)
{
TPMI_YES_NO more = NO;
COMMAND_INDEX commandIndex;
// Initialize output handle list
commandList->count = 0;
// The maximum count of command we may return is MAX_CAP_CC
if(count > MAX_CAP_CC) count = MAX_CAP_CC;
// Find the implemented command that has a command code that is the same or
// higher than the input
// Collect audit commands
for(commandIndex = GetClosestCommandIndex(commandCode);
commandIndex != UNIMPLEMENTED_COMMAND_INDEX;
commandIndex = GetNextCommandIndex(commandIndex))
{
if(CommandAuditIsRequired(commandIndex))
{
if(commandList->count < count)
{
// If we have not filled up the return list, add this command
// code to its
TPM_CC cc = s_ccAttr[commandIndex].commandIndex;
if(s_ccAttr[commandIndex].V)
cc += (1 << 29);
commandList->commandCodes[commandList->count] = cc;
commandList->count++;
}
else
{
// If the return list is full but we still have command
// available, report this and stop iterating
more = YES;
break;
}
}
}
return more;
}
/* 8.1.3.7 CommandAuditGetDigest */
/* This command is used to create a digest of the commands being audited. The commands are processed
in ascending numeric order with a list of TPM_CC being added to a hash. This operates as if all
the audited command codes were concatenated and then hashed. */
void
CommandAuditGetDigest(
TPM2B_DIGEST *digest // OUT: command digest
)
{
TPM_CC commandCode;
COMMAND_INDEX commandIndex;
HASH_STATE hashState;
// Start hash
digest->t.size = CryptHashStart(&hashState, gp.auditHashAlg);
// Add command code
for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++)
{
if(CommandAuditIsRequired(commandIndex))
{
commandCode = GetCommandCode(commandIndex);
CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode);
}
}
// Complete hash
CryptHashEnd2B(&hashState, &digest->b);
return;
}

97
src/tpm2/CommandAudit_fp.h Normal file
View File

@ -0,0 +1,97 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CommandAudit_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef COMMANDAUDIT_FP_H
#define COMMANDAUDIT_FP_H
void
CommandAuditPreInstall_Init(
void
);
void
CommandAuditStartup(
STARTUP_TYPE type // IN: start up type
);
BOOL
CommandAuditSet(
TPM_CC commandCode // IN: command code
);
BOOL
CommandAuditClear(
TPM_CC commandCode // IN: command code
);
BOOL
CommandAuditIsRequired(
COMMAND_INDEX commandIndex // IN: command index
);
TPMI_YES_NO
CommandAuditCapGetCCList(
TPM_CC commandCode, // IN: start command code
UINT32 count, // IN: count of returned TPM_CC
TPML_CC *commandList // OUT: list of TPM_CC
);
void
CommandAuditGetDigest(
TPM2B_DIGEST *digest // OUT: command digest
);
#endif

542
src/tpm2/CommandCodeAttributes.c Normal file
View File

@ -0,0 +1,542 @@
/********************************************************************************/
/* */
/* Functions for testing various command properties */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CommandCodeAttributes.c 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
/* 9.3 CommandCodeAttributes.c */
/* 9.3.1 Introduction */
/* This file contains the functions for testing various command properties. */
/* 9.3.2 Includes and Defines */
#include "Tpm.h"
#include "CommandCodeAttributes_fp.h"
/* Set the default value for CC_VEND if not already set */
#ifndef CC_VEND
#define CC_VEND (TPM_CC)(0x20000000)
#endif
typedef UINT16 ATTRIBUTE_TYPE;
/* The following file is produced from the command tables in part 3 of the specification. It defines
the attributes for each of the commands. */
/* NOTE: This file is currently produced by an automated process. Files produced from Part 2 or Part
3 tables through automated processes are not included in the specification so that their is no
ambiguity about the table containing the information being the normative definition. */
#define _COMMAND_CODE_ATTRIBUTES_
#include "CommandAttributeData.h"
/* 9.3.3 Command Attribute Functions */
/* 9.3.3.1 NextImplementedIndex() */
/* This function is used when the lists are not compressed. In a compressed list, only the
implemented commands are present. So, a search might find a value but that value may not be
implemented. This function checks to see if the input commandIndex points to an implemented
command and, if not, it searches upwards until it finds one. When the list is compressed, this
function gets defined as a no-op. */
#ifndef COMPRESSED_LISTS
static COMMAND_INDEX
NextImplementedIndex(
COMMAND_INDEX commandIndex
)
{
for(;commandIndex < COMMAND_COUNT; commandIndex++)
{
if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED)
return commandIndex;
}
return UNIMPLEMENTED_COMMAND_INDEX;
}
#else
#define NextImplementedIndex(x) (x)
#endif
/* 9.3.3.2 GetClosestCommandIndex() */
/* This function returns the command index for the command with a value that is equal to or greater
than the input value */
COMMAND_INDEX
GetClosestCommandIndex(
TPM_CC commandCode // IN: the command code to start at
)
{
BOOL vendor = (commandCode & CC_VEND) != 0;
COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode;
// The commandCode is a UINT32 and the search index is UINT16. We are going to
// search for a match but need to make sure that the commandCode value is not
// out of range. To do this, need to clear the vendor bit of the commandCode
// (if set) and compare the result to the 16-bit searchIndex value. If it is
// out of range, indicate that the command is not implemented
if((commandCode & ~CC_VEND) != searchIndex)
return UNIMPLEMENTED_COMMAND_INDEX;
// if there is at least one vendor command, the last entry in the array will
// have the v bit set. If the input commandCode is larger than the last
// vendor-command, then it is out of range.
if(vendor)
{
#if VENDOR_COMMAND_ARRAY_SIZE > 0
COMMAND_INDEX commandIndex;
COMMAND_INDEX min;
COMMAND_INDEX max;
int diff;
#if LIBRARY_COMMAND_ARRAY_SIZE == COMMAND_COUNT
#error "Constants are not consistent."
#endif
// Check to see if the value is equal to or below the minimum
// entry.
// Note: Put this check first so that the typical case of only one vendor-
// specific command doesn't waste any more time.
if(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE].commandIndex >= searchIndex)
{
// the vendor array is always assumed to be packed so there is
// no need to check to see if the command is implemented
return LIBRARY_COMMAND_ARRAY_SIZE;
}
// See if this is out of range on the top
if(s_ccAttr[COMMAND_COUNT - 1].commandIndex < searchIndex)
{
return UNIMPLEMENTED_COMMAND_INDEX;
}
commandIndex = UNIMPLEMENTED_COMMAND_INDEX; // Needs initialization to keep
// compiler happy
min = LIBRARY_COMMAND_ARRAY_SIZE; // first vendor command
max = COMMAND_COUNT - 1; // last vendor command
diff = 1; // needs initialization to keep
// compiler happy
while(min <= max)
{
commandIndex = (min + max + 1) / 2;
diff = s_ccAttr[commandIndex].commandIndex - searchIndex;
if(diff == 0)
return commandIndex;
if(diff > 0)
max = commandIndex - 1;
else
min = commandIndex + 1;
}
// didn't find and exact match. commandIndex will be pointing at the last
// item tested. If diff is positive, then the last item tested was
// larger index of the command code so it is the smallest value
// larger than the requested value.
if(diff > 0)
return commandIndex;
// if diff is negative, then the value tested was smaller than
// the commandCode index and the next higher value is the correct one.
// Note: this will necessarily be in range because of the earlier check
// that the index was within range.
return commandIndex + 1;
#else
// If there are no vendor commands so anything with the vendor bit set is out
// of range
return UNIMPLEMENTED_COMMAND_INDEX;
#endif
}
// Get here if the V-Bit was not set in 'commandCode'
if(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE - 1].commandIndex < searchIndex)
{
// requested index is out of the range to the top
#if VENDOR_COMMAND_ARRAY_SIZE > 0
// If there are vendor commands, then the first vendor command
// is the next value greater than the commandCode.
// NOTE: we got here if the starting index did not have the V bit but we
// reached the end of the array of library commands (non-vendor). Since
// there is at least one vendor command, and vendor commands are always
// in a compressed list that starts after the library list, the next
// index value contains a valid vendor command.
return LIBRARY_COMMAND_ARRAY_SIZE;
#else
// if there are no vendor commands, then this is out of range
return UNIMPLEMENTED_COMMAND_INDEX;
#endif
}
// If the request is lower than any value in the array, then return
// the lowest value (needs to be an index for an implemented command
if(s_ccAttr[0].commandIndex >= searchIndex)
{
return NextImplementedIndex(0);
}
else
{
#ifdef COMPRESSED_LISTS
COMMAND_INDEX commandIndex = UNIMPLEMENTED_COMMAND_INDEX;
COMMAND_INDEX min = 0;
COMMAND_INDEX max = LIBRARY_COMMAND_ARRAY_SIZE - 1;
int diff = 1;
#if LIBRARY_COMMAND_ARRAY_SIZE == 0
#error "Something is terribly wrong"
#endif
// The s_ccAttr array contains an extra entry at the end (a zero value).
// Don't count this as an array entry. This means that max should start
// out pointing to the last valid entry in the array which is - 2
pAssert(max == (sizeof(s_ccAttr) / sizeof(TPMA_CC)
- VENDOR_COMMAND_ARRAY_SIZE - 2));
while(min <= max)
{
commandIndex = (min + max + 1) / 2;
diff = s_ccAttr[commandIndex].commandIndex - searchIndex;
if(diff == 0)
return commandIndex;
if(diff > 0)
max = commandIndex - 1;
else
min = commandIndex + 1;
}
// didn't find and exact match. commandIndex will be pointing at the
// last item tested. If diff is positive, then the last item tested was
// larger index of the command code so it is the smallest value
// larger than the requested value.
if(diff > 0)
return commandIndex;
// if diff is negative, then the value tested was smaller than
// the commandCode index and the next higher value is the correct one.
// Note: this will necessarily be in range because of the earlier check
// that the index was within range.
return commandIndex + 1;
#else
// The list is not compressed so offset into the array by the command
// code value of the first entry in the list. Then go find the first
// implemented command.
return NextImplementedIndex(searchIndex
- (COMMAND_INDEX)s_ccAttr[0].commandIndex);
#endif
}
}
/* 9.3.3.3 CommandCodeToComandIndex() */
/* This function returns the index in the various attributes arrays of the command. */
/* Return Values Meaning */
/* UNIMPLEMNED_COMMAND_INDEX command is not implemented */
/* other index of the command */
COMMAND_INDEX
CommandCodeToCommandIndex(
TPM_CC commandCode // IN: the command code to look up
)
{
COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode;
BOOL vendor = (commandCode & CC_VEND) != 0;
COMMAND_INDEX commandIndex;
#if !defined COMPRESSED_LISTS
if(!vendor)
{
commandIndex = searchIndex - (COMMAND_INDEX)s_ccAttr[0].commandIndex;
// Check for out of range or unimplemented.
// Note, since a COMMAND_INDEX is unsigned, if searchIndex is smaller than
// the lowest value of command, it will become a 'negative' number making
// it look like a large unsigned number, this will cause it to fail
// the unsigned check below.
if(commandIndex >= LIBRARY_COMMAND_ARRAY_SIZE
|| (s_commandAttributes[commandIndex] & IS_IMPLEMENTED) == 0)
return UNIMPLEMENTED_COMMAND_INDEX;
return commandIndex;
}
#endif
// Need this code for any vendor code lookup or for compressed lists
commandIndex = GetClosestCommandIndex(commandCode);
// Look at the returned value from get closest. If it isn't the one that was
// requested, then the command is not implemented.
if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX)
{
if((s_ccAttr[commandIndex].commandIndex != searchIndex)
|| ((s_ccAttr[commandIndex].V == SET) && !vendor)
|| ((s_ccAttr[commandIndex].V == CLEAR) && vendor))
commandIndex = UNIMPLEMENTED_COMMAND_INDEX;
}
return commandIndex;
}
/* 9.3.3.4 GetNextCommandIndex() */
/* This function returns the index of the next implemented command. */
/* Return Values Meaning */
/* UNIMPLEMENTED_COMMAND_INDEX no more implemented commands */
/* other the index of the next implemented command */
COMMAND_INDEX
GetNextCommandIndex(
COMMAND_INDEX commandIndex // IN: the starting index
)
{
while(++commandIndex < COMMAND_COUNT)
{
#if !defined COMPRESSED_LISTS
if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED)
#endif
return commandIndex;
}
return UNIMPLEMENTED_COMMAND_INDEX;
}
/* 9.3.3.5 GetCommandCode() */
/* This function returns the commandCode associated with the command index */
TPM_CC
GetCommandCode(
COMMAND_INDEX commandIndex // IN: the command index
)
{
TPM_CC commandCode = s_ccAttr[commandIndex].commandIndex;
if(s_ccAttr[commandIndex].V)
commandCode += CC_VEND;
return commandCode;
}
/* 9.3.3.6 CommandAuthRole() */
/* This function returns the authorization role required of a handle. */
/* Return Values Meaning */
/* AUTH_NONE no authorization is required */
/* AUTH_USER user role authorization is required */
/* AUTH_ADMIN admin role authorization is required */
/* AUTH_DUP duplication role authorization is required */
AUTH_ROLE
CommandAuthRole(
COMMAND_INDEX commandIndex, // IN: command index
UINT32 handleIndex // IN: handle index (zero based)
)
{
if(0 == handleIndex)
{
// Any authorization role set?
COMMAND_ATTRIBUTES properties = s_commandAttributes[commandIndex];
if(properties & HANDLE_1_USER)
return AUTH_USER;
if(properties & HANDLE_1_ADMIN)
return AUTH_ADMIN;
if(properties & HANDLE_1_DUP)
return AUTH_DUP;
}
else if(1 == handleIndex)
{
if(s_commandAttributes[commandIndex] & HANDLE_2_USER)
return AUTH_USER;
}
return AUTH_NONE;
}
/* 9.3.3.7 EncryptSize() */
/* This function returns the size of the decrypt size field. This function returns 0 if encryption
is not allowed */
/* Return Values Meaning */
/* 0 encryption not allowed */
/* 2 size field is two bytes */
/* 4 size field is four bytes */
#ifndef INLINE_FUNCTIONS
int
EncryptSize(
COMMAND_INDEX commandIndex // IN: command index
)
{
return ((s_commandAttributes[commandIndex] & ENCRYPT_2) ? 2 :
(s_commandAttributes[commandIndex] & ENCRYPT_4) ? 4 : 0);
}
#endif // INLINE_FUNCTIONS
/* 9.3.3.8 DecryptSize() */
/* This function returns the size of the decrypt size field. This function returns 0 if decryption
is not allowed */
/* Return Values Meaning */
/* 0 encryption not allowed */
/* 2 size field is two bytes */
/* 4 size field is four bytes */
#ifndef INLINE_FUNCTIONS
int
DecryptSize(
COMMAND_INDEX commandIndex // IN: command index
)
{
return ((s_commandAttributes[commandIndex] & DECRYPT_2) ? 2 :
(s_commandAttributes[commandIndex] & DECRYPT_4) ? 4 : 0);
}
#endif // INLINE_FUNCTIONS
/* 9.3.3.9 IsSessionAllowed() */
/* This function indicates if the command is allowed to have sessions. */
/* This function must not be called if the command is not known to be implemented. */
/* Return Values Meaning */
/* TRUE session is allowed with this command */
/* FALSE session is not allowed with this command */
#ifndef INLINE_FUNCTIONS
BOOL
IsSessionAllowed(
COMMAND_INDEX commandIndex // IN: the command to be checked
)
{
return ((s_commandAttributes[commandIndex] & NO_SESSIONS) == 0);
}
#endif // INLINE_FUNCTIONS
/* 9.3.3.10 IsHandleInResponse() */
/* This function determines if a command has a handle in the response */
#ifndef INLINE_FUNCTIONS
BOOL
IsHandleInResponse(
COMMAND_INDEX commandIndex
)
{
return ((s_commandAttributes[commandIndex] & R_HANDLE) != 0);
}
#endif // INLINE_FUNCTIONS
/* 9.3.3.11 IsWriteOperation() */
/* Checks to see if an operation will write to an NV Index and is subject to being blocked by
read-lock */
BOOL
IsWriteOperation(
COMMAND_INDEX commandIndex // IN: Command to check
)
{
#ifdef WRITE_LOCK
return ((s_commandAttributes[commandIndex] & WRITE_LOCK) != 0);
#else
if(!s_ccAttr[commandIndex].V)
{
switch(s_ccAttr[commandIndex].commandIndex)
{
case TPM_CC_NV_Write:
#if CC_NV_Increment
case TPM_CC_NV_Increment:
#endif
#if CC_NV_SetBits
case TPM_CC_NV_SetBits:
#endif
#if CC_NV_Extend
case TPM_CC_NV_Extend:
#endif
#if CC_AC_Send
case TPM_CC_AC_Send:
#endif
// NV write lock counts as a write operation for authorization purposes.
// We check to see if the NV is write locked before we do the
// authorization. If it is locked, we fail the command early.
case TPM_CC_NV_WriteLock:
return TRUE;
default:
break;
}
}
return FALSE;
#endif
}
/* 9.3.3.12 IsReadOperation() */
/* Checks to see if an operation will write to an NV Index and is subject to being blocked by
write-lock. */
BOOL
IsReadOperation(
COMMAND_INDEX commandIndex // IN: Command to check
)
{
#ifdef READ_LOCK
return ((s_commandAttributes[commandIndex] & READ_LOCK) != 0);
#else
if(!s_ccAttr[commandIndex].V)
{
switch(s_ccAttr[commandIndex].commandIndex)
{
case TPM_CC_NV_Read:
case TPM_CC_PolicyNV:
case TPM_CC_NV_Certify:
// NV read lock counts as a read operation for authorization purposes.
// We check to see if the NV is read locked before we do the
// authorization. If it is locked, we fail the command early.
case TPM_CC_NV_ReadLock:
return TRUE;
default:
break;
}
}
return FALSE;
#endif
}
/* 9.3.3.13 CommandCapGetCCList() */
/* This function returns a list of implemented commands and command attributes starting from the
command in commandCode. */
/* Return Values Meaning */
/* YES more command attributes are available */
/* NO no more command attributes are available */
TPMI_YES_NO
CommandCapGetCCList(
TPM_CC commandCode, // IN: start command code
UINT32 count, // IN: maximum count for number of entries in
// 'commandList'
TPML_CCA *commandList // OUT: list of TPMA_CC
)
{
TPMI_YES_NO more = NO;
COMMAND_INDEX commandIndex;
// initialize output handle list count
commandList->count = 0;
for(commandIndex = GetClosestCommandIndex(commandCode);
commandIndex != UNIMPLEMENTED_COMMAND_INDEX;
commandIndex = GetNextCommandIndex(commandIndex))
{
#ifndef COMPRESSED_LISTS
// this check isn't needed for compressed lists.
if(!(s_commandAttributes[commandIndex] & IS_IMPLEMENTED))
continue;
#endif
if(commandList->count < count)
{
// If the list is not full, add the attributes for this command.
commandList->commandAttributes[commandList->count]
= s_ccAttr[commandIndex];
commandList->count++;
}
else
{
// If the list is full but there are more commands to report,
// indicate this and return.
more = YES;
break;
}
}
return more;
}
/* 9.3.3.14 IsVendorCommand() */
/* Function indicates if a command index references a vendor command. */
/* Return Values Meaning */
/* TRUE command is a vendor command */
/* FALSE command is not a vendor command */
#ifndef INLINE_FUNCTIONS
BOOL
IsVendorCommand(
COMMAND_INDEX commandIndex // IN: command index to check
)
{
return (s_ccAttr[commandIndex].V == SET);
}
#endif // INLINE_FUNCTIONS

123
src/tpm2/CommandCodeAttributes_fp.h Normal file
View File

@ -0,0 +1,123 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CommandCodeAttributes_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef COMMANDCODEATTRIBUTES_FP_H
#define COMMANDCODEATTRIBUTES_FP_H
COMMAND_INDEX
GetClosestCommandIndex(
TPM_CC commandCode // IN: the command code to start at
);
COMMAND_INDEX
CommandCodeToCommandIndex(
TPM_CC commandCode // IN: the command code to look up
);
COMMAND_INDEX
GetNextCommandIndex(
COMMAND_INDEX commandIndex // IN: the starting index
);
TPM_CC
GetCommandCode(
COMMAND_INDEX commandIndex // IN: the command index
);
AUTH_ROLE
CommandAuthRole(
COMMAND_INDEX commandIndex, // IN: command index
UINT32 handleIndex // IN: handle index (zero based)
);
int
EncryptSize(
COMMAND_INDEX commandIndex // IN: command index
);
int
DecryptSize(
COMMAND_INDEX commandIndex // IN: command index
);
BOOL
IsSessionAllowed(
COMMAND_INDEX commandIndex // IN: the command to be checked
);
BOOL
IsHandleInResponse(
COMMAND_INDEX commandIndex
);
BOOL
IsWriteOperation(
COMMAND_INDEX commandIndex // IN: Command to check
);
BOOL
IsReadOperation(
COMMAND_INDEX commandIndex // IN: Command to check
);
TPMI_YES_NO
CommandCapGetCCList(
TPM_CC commandCode, // IN: start command code
UINT32 count, // IN: maximum count for number of entries in
// 'commandList'
TPML_CCA *commandList // OUT: list of TPMA_CC
);
BOOL
IsVendorCommand(
COMMAND_INDEX commandIndex // IN: command index to check
);
#endif

4191
src/tpm2/CommandDispatchData.h Normal file
View File

File diff suppressed because it is too large Load Diff

372
src/tpm2/CommandDispatcher.c Normal file
View File

@ -0,0 +1,372 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CommandDispatcher.c 828 2016-11-18 21:19:43Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* 6.3 CommandDispatcher.c */
/* CommandDispatcher() performs the following operations: */
/* * unmarshals command parameters from the input buffer; */
/* NOTE Unlike other unmarshaling functions, parmBufferStart does not advance. parmBufferSize Is
reduced. */
/* * invokes the function that performs the command actions; */
/* * marshals the returned handles, if any; and */
/* * marshals the returned parameters, if any, into the output buffer putting in the
* parameterSize field if authorization sessions are present. */
/* NOTE 1 The output buffer is the return from the MemoryGetResponseBuffer() function. It includes
the header, handles, response parameters, and authorization area. respParmSize is the response
parameter size, and does not include the header, handles, or authorization area. */
/* NOTE 2 The reference implementation is permitted to do compare operations over a union as a byte
array. Therefore, the command parameter in structure must be initialized (e.g., zeroed) before
unmarshaling so that the compare operation is valid in cases where some bytes are unused. */
/* 6.3.1.1 Includes */
#include "Tpm.h"
#ifdef TABLE_DRIVEN_DISPATCH //%
typedef TPM_RC(NoFlagFunction)(void *target, BYTE **buffer, INT32 *size);
typedef TPM_RC(FlagFunction)(void *target, BYTE **buffer, INT32 *size, BOOL flag);
typedef FlagFunction *UNMARSHAL_t;
typedef INT16(MarshalFunction)(void *source, BYTE **buffer, INT32 *size);
typedef MarshalFunction *MARSHAL_t;
typedef TPM_RC(COMMAND_NO_ARGS)(void);
typedef TPM_RC(COMMAND_IN_ARG)(void *in);
typedef TPM_RC(COMMAND_OUT_ARG)(void *out);
typedef TPM_RC(COMMAND_INOUT_ARG)(void *in, void *out);
typedef union
{
COMMAND_NO_ARGS *noArgs;
COMMAND_IN_ARG *inArg;
COMMAND_OUT_ARG *outArg;
COMMAND_INOUT_ARG *inOutArg;
} COMMAND_t;
typedef struct
{
COMMAND_t command; // Address of the command
UINT16 inSize; // Maximum size of the input structure
UINT16 outSize; // Maximum size of the output structure
UINT16 typesOffset; // address of the types field
UINT16 offsets[1];
} COMMAND_DESCRIPTOR_t;
#ifdef COMPRESSED_LISTS
# define PAD_LIST 0
#else
# define PAD_LIST 1
#endif
#define _COMMAND_TABLE_DISPATCH_
#include "CommandDispatchData.h"
#define TEST_COMMAND TPM_CC_Startup
#define NEW_CC
#else
#include "Commands.h"
#endif
/* 6.3.1.2 Marshal/Unmarshal Functions */
/* 6.3.1.2.1 ParseHandleBuffer() */
/* This is the table-driven version of the handle buffer unmarshaling code */
TPM_RC
ParseHandleBuffer(
COMMAND *command
)
{
TPM_RC result;
#if defined TABLE_DRIVEN_DISPATCH
COMMAND_DESCRIPTOR_t *desc;
BYTE *types;
BYTE type;
BYTE dtype;
// Make sure that nothing strange has happened
pAssert(command->index
< sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *));
// Get the address of the descriptor for this command
desc = s_CommandDataArray[command->index];
pAssert(desc != NULL);
// Get the associated list of unmarshaling data types.
types = &((BYTE *)desc)[desc->typesOffset];
// if(s_ccAttr[commandIndex].commandIndex == TEST_COMMAND)
// commandIndex = commandIndex;
// No handles yet
command->handleNum = 0;
// Get the first type value
for(type = *types++;
// check each byte to make sure that we have not hit the start
// of the parameters
(dtype = (type & 0x7F)) < PARAMETER_FIRST_TYPE;
// get the next type
type = *types++)
{
// See if unmarshaling of this handle type requires a flag
if(dtype < HANDLE_FIRST_FLAG_TYPE)
{
// Look up the function to do the unmarshaling
NoFlagFunction *f = (NoFlagFunction *)UnmarshalArray[dtype];
// call it
result = f(&(command->handles[command->handleNum]),
&command->parameterBuffer,
&command->parameterSize);
}
else
{
// Look up the function
FlagFunction *f = UnmarshalArray[dtype];
// Call it setting the flag to the appropriate value
result = f(&(command->handles[command->handleNum]),
&command->parameterBuffer,
&command->parameterSize, (type & 0x80) != 0);
}
// Got a handle
// We do this first so that the match for the handle offset of the
// response code works correctly.
command->handleNum += 1;
if(result != TPM_RC_SUCCESS)
// if the unmarshaling failed, return the response code with the
// handle indication set
return result + TPM_RC_H + (command->handleNum * TPM_RC_1);
}
#else
BYTE **handleBufferStart = &command->parameterBuffer;
INT32 *bufferRemainingSize = &command->parameterSize;
TPM_HANDLE *handles = &command->handles[0];
UINT32 *handleCount = &command->handleNum;
switch(command->code)
{
#include "HandleProcess.h"
#undef handles
default:
FAIL(FATAL_ERROR_INTERNAL);
break;
}
#endif
return TPM_RC_SUCCESS;
}
TPM_RC
CommandDispatcher(
COMMAND *command
)
{
#if !defined TABLE_DRIVEN_DISPATCH
TPM_RC result;
BYTE *parm_buffer = command->parameterBuffer;
INT32 *paramBufferSize = &command->parameterSize;
BYTE *responseBuffer = command->responseBuffer;
INT32 resHandleSize = 0;
INT32 *responseHandleSize = &resHandleSize;
INT32 *respParmSize = &command->parameterSize;
BYTE rHandle[4];
BYTE *responseHandle = &rHandle[0];
INT32 rSize = MAX_RESPONSE_SIZE; // used to make sure that the marshaling
// operation does not run away due to
// bad parameter in the function
// output.
TPM_HANDLE *handles = &command->handles[0];
switch(GetCommandCode(command->index))
{
#include "CommandDispatcher.h"
default:
FAIL(FATAL_ERROR_INTERNAL);
break;
}
command->responseBuffer = responseBuffer;
command->handleNum = 0;
// The response handle was marshaled into rHandle. 'Unmarshal' it into
// handles.
if(*responseHandleSize > 0)
{
command->handles[command->handleNum++] = BYTE_ARRAY_TO_UINT32(rHandle);
}
return TPM_RC_SUCCESS;
#else
COMMAND_DESCRIPTOR_t *desc;
BYTE *types;
BYTE type;
UINT16 *offsets;
UINT16 offset = 0;
UINT32 maxInSize;
BYTE *commandIn;
INT32 maxOutSize;
BYTE *commandOut;
COMMAND_t cmd;
TPM_HANDLE *handles;
UINT32 hasInParameters = 0;
BOOL hasOutParameters = FALSE;
UINT32 pNum = 0;
BYTE dType; // dispatch type
TPM_RC result;
// Get the address of the descriptor for this command
pAssert(command->index
< sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *));
desc = s_CommandDataArray[command->index];
// Get the list of parameter types for this command
pAssert(desc != NULL);
types = &((BYTE *)desc)[desc->typesOffset];
// Get a pointer to the list of parameter offsets
offsets = &desc->offsets[0];
// pointer to handles
handles = command->handles;
// Get the size required to hold all the unmarshaled parameters for this command
maxInSize = desc->inSize;
// and the size of the output parameter structure returned by this command
maxOutSize = desc->outSize;
// Get a buffer for the input parameters
commandIn = MemoryGetActionInputBuffer(maxInSize);
// And the output parameters
commandOut = (BYTE *)MemoryGetActionOutputBuffer((UINT32)maxOutSize);
// Get the address of the action code dispatch
cmd = desc->command;
// Copy any handles into the input buffer
for(type = *types++; (type & 0x7F) < PARAMETER_FIRST_TYPE; type = *types++)
{
// 'offset' was initialized to zero so the first unmarshaling will always
// be to the start of the data structure
*(TPM_HANDLE *)&(commandIn[offset]) = *handles++;
// This check is used so that we don't have to add an additional offset
// value to the offsets list to correspond to the stop value in the
// command parameter list.
if(*types != 0xFF)
offset = *offsets++;
maxInSize -= sizeof(TPM_HANDLE);
hasInParameters++;
}
// Exit loop with type containing the last value read from types
// maxInSize has the amount of space remaining in the command action input
// buffer. Make sure that we don't have more data to unmarshal than is going to
// fit.
// type contains the last value read from types so it is not necessary to
// reload it, which is good because *types now points to the next value
for(; (dType = (type & 0x7F)) <= PARAMETER_LAST_TYPE; type = *types++)
{
pNum++;
if(dType < PARAMETER_FIRST_FLAG_TYPE)
{
NoFlagFunction *f = (NoFlagFunction *)UnmarshalArray[dType];
result = f(&commandIn[offset], &command->parameterBuffer,
&command->parameterSize);
}
else
{
FlagFunction *f = UnmarshalArray[dType];
result = f(&commandIn[offset], &command->parameterBuffer,
&command->parameterSize,
(type & 0x80) != 0);
}
if(result != TPM_RC_SUCCESS)
return result + TPM_RC_P + (TPM_RC_1 * pNum);
// This check is used so that we don't have to add an additional offset
// value to the offsets list to correspond to the stop value in the
// command parameter list.
if(*types != 0xFF)
offset = *offsets++;
hasInParameters++;
}
// Should have used all the bytes in the input
if(command->parameterSize != 0)
return TPM_RC_SIZE;
// The command parameter unmarshaling stopped when it hit a value that was out
// of range for unmarshaling values and left *types pointing to the first
// marshaling type. If that type happens to be the STOP value, then there
// are no response parameters. So, set the flag to indicate if there are
// output parameters.
hasOutParameters = *types != 0xFF;
// There are four cases for calling, with and without input parameters and with
// and without output parameters.
if(hasInParameters > 0)
{
if(hasOutParameters)
result = cmd.inOutArg(commandIn, commandOut);
else
result = cmd.inArg(commandIn);
}
else
{
if(hasOutParameters)
result = cmd.outArg(commandOut);
else
result = cmd.noArgs();
}
if(result != TPM_RC_SUCCESS)
return result;
// Offset in the marshaled output structure
offset = 0;
// Process the return handles, if any
command->handleNum = 0;
// Could make this a loop to process output handles but there is only ever
// one handle in the outputs (for now).
type = *types++;
if((dType = (type & 0x7F)) < RESPONSE_PARAMETER_FIRST_TYPE)
{
// The out->handle value was referenced as TPM_HANDLE in the
// action code so it has to be properly aligned.
command->handles[command->handleNum++] =
*((TPM_HANDLE *)&(commandOut[offset]));
maxOutSize -= sizeof(UINT32);
type = *types++;
offset = *offsets++;
}
// Use the size of the command action output buffer as the maximum for the
// number of bytes that can get marshaled. Since the marshaling code has
// no pointers to data, all of the data being returned has to be in the
// command action output buffer. If we try to marshal more bytes than
// could fit into the output buffer, we need to fail.
for(;(dType = (type & 0x7F)) <= RESPONSE_PARAMETER_LAST_TYPE
&& !g_inFailureMode; type = *types++)
{
const MARSHAL_t f = MarshalArray[dType];
command->parameterSize += f(&commandOut[offset], &command->responseBuffer,
&maxOutSize);
offset = *offsets++;
}
return (maxOutSize < 0) ? TPM_RC_FAILURE : TPM_RC_SUCCESS;
#endif
}

75
src/tpm2/CommandDispatcher_fp.h Normal file
View File

@ -0,0 +1,75 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CommandDispatcher_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef COMMANDDISPATCHER_FP_H
#define COMMANDDISPATCHER_FP_H
TPM_RC
CommandDispatcher(
COMMAND *command
);
TPM_RC
ParseHandleBuffer(
COMMAND *command
);
#endif

94
src/tpm2/Commit_fp.h Normal file
View File

@ -0,0 +1,94 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Commit_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef COMMIT_FP_H
#define COMMIT_FP_H
typedef struct {
TPMI_DH_OBJECT signHandle;
TPM2B_ECC_POINT P1;
TPM2B_SENSITIVE_DATA s2;
TPM2B_ECC_PARAMETER y2;
} Commit_In;
#define RC_Commit_signHandle (TPM_RC_H + TPM_RC_1)
#define RC_Commit_P1 (TPM_RC_P + TPM_RC_1)
#define RC_Commit_s2 (TPM_RC_P + TPM_RC_2)
#define RC_Commit_y2 (TPM_RC_P + TPM_RC_3)
typedef struct {
TPM2B_ECC_POINT K;
TPM2B_ECC_POINT L;
TPM2B_ECC_POINT E;
UINT16 counter;
} Commit_Out;
TPM_RC
TPM2_Commit(
Commit_In *in, // IN: input parameter list
Commit_Out *out // OUT: output parameter list
);
#endif

152
src/tpm2/CompilerDependencies.h Normal file
View File

@ -0,0 +1,152 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CompilerDependencies.h 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2016 */
/* */
/********************************************************************************/
#ifndef COMPILERDEPEDENCIES_H
#define COMPILERDEPEDENCIES_H
/* 5.10 CompilerDependencies.h */
#ifdef GCC
# undef _MSC_VER
# undef WIN32
#endif
// If in-line functions are not being used, define INLINE as null. If INLINE_FUNCTIONS is defined,
// then need to define INLINE for each compiler.
#ifndef INLINE_FUNCTIONS
# define INLINE
#endif
#ifdef _MSC_VER
// These definitions are for the Microsoft compiler Endian conversion for aligned structures
# define REVERSE_ENDIAN_16(_Number) _byteswap_ushort(_Number)
# define REVERSE_ENDIAN_32(_Number) _byteswap_ulong(_Number)
# define REVERSE_ENDIAN_64(_Number) _byteswap_uint64(_Number)
// Handling of INLINE macro
# ifdef INLINE_FUNCTIONS
# define INLINE static __inline
# endif
// Avoid compiler warning for in line of stdio (or not)
// #define _NO_CRT_STDIO_INLINE
// This macro is used to handle LIB_EXPORT of function and variable names in lieu of a .def
// file. Visual Studio requires that functions be explicitly exported and imported.
# define LIB_EXPORT __declspec(dllexport) // VS compatible version
# define LIB_IMPORT __declspec(dllimport)
// This is defined to indicate a function that does not return. Microsoft compilers do not
// support the _Noretrun() function parameter.
# define NORETURN __declspec(noreturn)
# if _MSC_VER >= 1400 // SAL processing when needed
# include <sal.h>
# endif
# ifdef _WIN64
# define _INTPTR 2
# else
# define _INTPTR 1
# endif
# define NOT_REFERENCED(x) (x)
// Lower the compiler error warning for system include files. They tend not to be that clean and
// there is no reason to sort through all the spurious errors that they generate when the normal
// error level is set to /Wall
# define _REDUCE_WARNING_LEVEL_(n) \
__pragma(warning(push, n))
// Restore the compiler warning level
# define _NORMAL_WARNING_LEVEL_ \
__pragma(warning(pop))
# include <stdint.h>
#endif // _MSC_VER
#ifndef _MSC_VER
# define WINAPI
# define __pragma(x)
# define REVERSE_ENDIAN_16(_Number) __builtin_bswap16(_Number)
# define REVERSE_ENDIAN_32(_Number) __builtin_bswap32(_Number)
# define REVERSE_ENDIAN_64(_Number) __builtin_bswap64(_Number)
# ifdef INLINE_FUNCTIONS
# define INLINE static inline
# endif
# if defined(__GNUC__)
# define NORETURN __attribute__((noreturn))
# include <stdint.h>
# else
# define NORETURN
# endif
# define LIB_EXPORT
# define LIB_IMPORT
# define _REDUCE_WARNING_LEVEL_(n)
# define _NORMAL_WARNING_LEVEL_
# define NOT_REFERENCED(x) (x = x)
#endif // _MSC_VER
#ifdef TPM_POSIX
typedef int SOCKET;
#endif
#endif // COMPILERDEPEDENCIES_H

436
src/tpm2/ContextCommands.c Normal file
View File

@ -0,0 +1,436 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ContextCommands.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#include "Tpm.h"
#include "ContextSave_fp.h"
#ifdef TPM_CC_ContextSave // Conditional expansion of this file
#include "Context_spt_fp.h"
TPM_RC
TPM2_ContextSave(
ContextSave_In *in, // IN: input parameter list
ContextSave_Out *out // OUT: output parameter list
)
{
TPM_RC result = TPM_RC_SUCCESS;
UINT16 fingerprintSize; // The size of fingerprint in context
// blob.
UINT64 contextID = 0; // session context ID
TPM2B_SYM_KEY symKey;
TPM2B_IV iv;
TPM2B_DIGEST integrity;
UINT16 integritySize;
BYTE *buffer;
// This command may cause the orderlyState to be cleared due to
// the update of state reset data. If the state is orderly and
// cannot be changed, exit early.
RETURN_IF_ORDERLY;
// Internal Data Update
// Initialize output handle. At the end of command action, the output
// handle of an object will be replaced, while the output handle
// for a session will be the same as input
out->context.savedHandle = in->saveHandle;
// Get the size of fingerprint in context blob. The sequence value in
// TPMS_CONTEXT structure is used as the fingerprint
fingerprintSize = sizeof(out->context.sequence);
// Compute the integrity size at the beginning of context blob
integritySize = sizeof(integrity.t.size)
+ CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG);
// Perform object or session specific context save
switch(HandleGetType(in->saveHandle))
{
case TPM_HT_TRANSIENT:
{
OBJECT *object = HandleToObject(in->saveHandle);
ANY_OBJECT_BUFFER *outObject;
UINT16 objectSize = ObjectIsSequence(object)
? sizeof(HASH_OBJECT) : sizeof(OBJECT);
outObject = (ANY_OBJECT_BUFFER *)(out->context.contextBlob.t.buffer
+ integritySize + fingerprintSize);
// Set size of the context data. The contents of context blob is vendor
// defined. In this implementation, the size is size of integrity
// plus fingerprint plus the whole internal OBJECT structure
out->context.contextBlob.t.size = integritySize +
fingerprintSize + objectSize;
// Make sure things fit
pAssert(out->context.contextBlob.t.size
<= sizeof(out->context.contextBlob.t.buffer));
// Copy the whole internal OBJECT structure to context blob
MemoryCopy(outObject, object, objectSize);
// Increment object context ID
gr.objectContextID++;
// If object context ID overflows, TPM should be put in failure mode
if(gr.objectContextID == 0)
FAIL(FATAL_ERROR_INTERNAL);
// Fill in other return values for an object.
out->context.sequence = gr.objectContextID;
// For regular object, savedHandle is 0x80000000. For sequence object,
// savedHandle is 0x80000001. For object with stClear, savedHandle
// is 0x80000002
if(ObjectIsSequence(object))
{
out->context.savedHandle = 0x80000001;
SequenceDataExport((HASH_OBJECT *)object,
(HASH_OBJECT_BUFFER *)outObject);
}
else
out->context.savedHandle = (object->attributes.stClear == SET)
? 0x80000002 : 0x80000000;
// Get object hierarchy
out->context.hierarchy = ObjectGetHierarchy(object);
break;
}
case TPM_HT_HMAC_SESSION:
case TPM_HT_POLICY_SESSION:
{
SESSION *session = SessionGet(in->saveHandle);
// Set size of the context data. The contents of context blob is vendor
// defined. In this implementation, the size of context blob is the
// size of a internal session structure plus the size of
// fingerprint plus the size of integrity
out->context.contextBlob.t.size = integritySize +
fingerprintSize + sizeof(*session);
// Make sure things fit
pAssert(out->context.contextBlob.t.size
< sizeof(out->context.contextBlob.t.buffer));
// Copy the whole internal SESSION structure to context blob.
// Save space for fingerprint at the beginning of the buffer
// This is done before anything else so that the actual context
// can be reclaimed after this call
pAssert(sizeof(*session) <= sizeof(out->context.contextBlob.t.buffer)
- integritySize - fingerprintSize);
MemoryCopy(out->context.contextBlob.t.buffer + integritySize
+ fingerprintSize, session, sizeof(*session));
// Fill in the other return parameters for a session
// Get a context ID and set the session tracking values appropriately
// TPM_RC_CONTEXT_GAP is a possible error.
// SessionContextSave() will flush the in-memory context
// so no additional errors may occur after this call.
result = SessionContextSave(out->context.savedHandle, &contextID);
if(result != TPM_RC_SUCCESS)
return result;
// sequence number is the current session contextID
out->context.sequence = contextID;
// use TPM_RH_NULL as hierarchy for session context
out->context.hierarchy = TPM_RH_NULL;
break;
}
default:
// SaveContext may only take an object handle or a session handle.
// All the other handle type should be filtered out at unmarshal
FAIL(FATAL_ERROR_INTERNAL);
break;
}
// Save fingerprint at the beginning of encrypted area of context blob.
// Reserve the integrity space
pAssert(sizeof(out->context.sequence) <=
sizeof(out->context.contextBlob.t.buffer) - integritySize);
MemoryCopy(out->context.contextBlob.t.buffer + integritySize,
&out->context.sequence, sizeof(out->context.sequence));
// Compute context encryption key
ComputeContextProtectionKey(&out->context, &symKey, &iv);
// Encrypt context blob
CryptSymmetricEncrypt(out->context.contextBlob.t.buffer + integritySize,
CONTEXT_ENCRYPT_ALG, CONTEXT_ENCRYPT_KEY_BITS,
symKey.t.buffer, &iv, TPM_ALG_CFB,
out->context.contextBlob.t.size - integritySize,
out->context.contextBlob.t.buffer + integritySize);
// Compute integrity hash for the object
// In this implementation, the same routine is used for both sessions
// and objects.
ComputeContextIntegrity(&out->context, &integrity);
// add integrity at the beginning of context blob
buffer = out->context.contextBlob.t.buffer;
TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL);
// orderly state should be cleared because of the update of state reset and
// state clear data
g_clearOrderly = TRUE;
return result;
}
#endif // CC_ContextSave
#include "Tpm.h"
#include "ContextLoad_fp.h"
#ifdef TPM_CC_ContextLoad // Conditional expansion of this file
#include "Context_spt_fp.h"
TPM_RC
TPM2_ContextLoad(
ContextLoad_In *in, // IN: input parameter list
ContextLoad_Out *out // OUT: output parameter list
)
{
// Local Variables
TPM_RC result;
TPM2B_DIGEST integrityToCompare;
TPM2B_DIGEST integrity;
BYTE *buffer; // defined to save some typing
INT32 size; // defined to save some typing
TPM_HT handleType;
TPM2B_SYM_KEY symKey;
TPM2B_IV iv;
// Input Validation
// IF this is a session context, make sure that the sequence number is
// consistent with the version in the slot
// Check context blob size
handleType = HandleGetType(in->context.savedHandle);
// Get integrity from context blob
buffer = in->context.contextBlob.t.buffer;
size = (INT32)in->context.contextBlob.t.size;
result = TPM2B_DIGEST_Unmarshal(&integrity, &buffer, &size);
if(result != TPM_RC_SUCCESS)
return result;
// the size of the integrity value has to match the size of digest produced
// by the integrity hash
if(integrity.t.size != CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG))
return TPM_RCS_SIZE + RC_ContextLoad_context;
// Make sure that the context blob has enough space for the fingerprint. This
// is elastic pants to go with the belt and suspenders we already have to make
// sure that the context is complete and untampered.
if((unsigned)size < sizeof(in->context.sequence))
return TPM_RCS_SIZE + RC_ContextLoad_context;
// After unmarshaling the integrity value, 'buffer' is pointing at the first
// byte of the integrity protected and encrypted buffer and 'size' is the number
// of integrity protected and encrypted bytes.
// Compute context integrity
ComputeContextIntegrity(&in->context, &integrityToCompare);
// Compare integrity
if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b))
return TPM_RCS_INTEGRITY + RC_ContextLoad_context;
// Compute context encryption key
ComputeContextProtectionKey(&in->context, &symKey, &iv);
// Decrypt context data in place
CryptSymmetricDecrypt(buffer, CONTEXT_ENCRYPT_ALG, CONTEXT_ENCRYPT_KEY_BITS,
symKey.t.buffer, &iv, TPM_ALG_CFB, size, buffer);
// See if the fingerprint value matches. If not, it is symptomatic of either
// a broken TPM or that the TPM is under attack so go into failure mode.
if(!MemoryEqual(buffer, &in->context.sequence, sizeof(in->context.sequence)))
FAIL(FATAL_ERROR_INTERNAL);
// step over fingerprint
buffer += sizeof(in->context.sequence);
// set the remaining size of the context
size -= sizeof(in->context.sequence);
// Perform object or session specific input check
switch(handleType)
{
case TPM_HT_TRANSIENT:
{
OBJECT *outObject;
if(size > (INT32)sizeof(OBJECT))
FAIL(FATAL_ERROR_INTERNAL);
// Discard any changes to the handle that the TRM might have made
in->context.savedHandle = TRANSIENT_FIRST;
// If hierarchy is disabled, no object context can be loaded in this
// hierarchy
if(!HierarchyIsEnabled(in->context.hierarchy))
return TPM_RCS_HIERARCHY + RC_ContextLoad_context;
// Restore object. If there is no empty space, indicate as much
outObject = ObjectContextLoad((ANY_OBJECT_BUFFER *)buffer,
&out->loadedHandle);
if(outObject == NULL)
return TPM_RC_OBJECT_MEMORY;
break;
}
case TPM_HT_POLICY_SESSION:
case TPM_HT_HMAC_SESSION:
{
if(size != sizeof(SESSION))
FAIL(FATAL_ERROR_INTERNAL);
// This command may cause the orderlyState to be cleared due to
// the update of state reset data. If this is the case, check if NV is
// available first
RETURN_IF_ORDERLY;
// Check if input handle points to a valid saved session and that the
// sequence number makes sense
if(!SequenceNumbereForSavedContextIsValid(&in->context))
return TPM_RCS_HANDLE + RC_ContextLoad_context;
// Restore session. A TPM_RC_SESSION_MEMORY, TPM_RC_CONTEXT_GAP error
// may be returned at this point
result = SessionContextLoad((SESSION_BUF *)buffer,
&in->context.savedHandle);
if(result != TPM_RC_SUCCESS)
return result;
out->loadedHandle = in->context.savedHandle;
// orderly state should be cleared because of the update of state
// reset and state clear data
g_clearOrderly = TRUE;
break;
}
default:
// Context blob may only have an object handle or a session handle.
// All the other handle type should be filtered out at unmarshal
FAIL(FATAL_ERROR_INTERNAL);
break;
}
return TPM_RC_SUCCESS;
}
#endif // CC_ContextLoad
#include "Tpm.h"
#include "FlushContext_fp.h"
#ifdef TPM_CC_FlushContext // Conditional expansion of this file
TPM_RC
TPM2_FlushContext(
FlushContext_In *in // IN: input parameter list
)
{
// Internal Data Update
// Call object or session specific routine to flush
switch(HandleGetType(in->flushHandle))
{
case TPM_HT_TRANSIENT:
if(!IsObjectPresent(in->flushHandle))
return TPM_RCS_HANDLE + RC_FlushContext_flushHandle;
// Flush object
FlushObject(in->flushHandle);
break;
case TPM_HT_HMAC_SESSION:
case TPM_HT_POLICY_SESSION:
if(!SessionIsLoaded(in->flushHandle)
&& !SessionIsSaved(in->flushHandle)
)
return TPM_RCS_HANDLE + RC_FlushContext_flushHandle;
// If the session to be flushed is the exclusive audit session, then
// indicate that there is no exclusive audit session any longer.
if(in->flushHandle == g_exclusiveAuditSession)
g_exclusiveAuditSession = TPM_RH_UNASSIGNED;
// Flush session
SessionFlush(in->flushHandle);
break;
default:
// This command only takes object or session handle. Other handles
// should be filtered out at handle unmarshal
FAIL(FATAL_ERROR_INTERNAL);
break;
}
return TPM_RC_SUCCESS;
}
#endif // CC_FlushContext
#include "Tpm.h"
#include "EvictControl_fp.h"
#ifdef TPM_CC_EvictControl // Conditional expansion of this file
TPM_RC
TPM2_EvictControl(
EvictControl_In *in // IN: input parameter list
)
{
TPM_RC result;
OBJECT *evictObject;
// Input Validation
// Get internal object pointer
evictObject = HandleToObject(in->objectHandle);
// Temporary, stClear or public only objects can not be made persistent
if(evictObject->attributes.temporary == SET
|| evictObject->attributes.stClear == SET
|| evictObject->attributes.publicOnly == SET)
return TPM_RCS_ATTRIBUTES + RC_EvictControl_objectHandle;
// If objectHandle refers to a persistent object, it should be the same as
// input persistentHandle
if(evictObject->attributes.evict == SET
&& evictObject->evictHandle != in->persistentHandle)
return TPM_RCS_HANDLE + RC_EvictControl_objectHandle;
// Additional authorization validation
if(in->auth == TPM_RH_PLATFORM)
{
// To make persistent
if(evictObject->attributes.evict == CLEAR)
{
// PlatformAuth can not set evict object in storage or endorsement
// hierarchy
if(evictObject->attributes.ppsHierarchy == CLEAR)
return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle;
// Platform cannot use a handle outside of platform persistent range.
if(!NvIsPlatformPersistentHandle(in->persistentHandle))
return TPM_RCS_RANGE + RC_EvictControl_persistentHandle;
}
// PlatformAuth can delete any persistent object
}
else if(in->auth == TPM_RH_OWNER)
{
// OwnerAuth can not set or clear evict object in platform hierarchy
if(evictObject->attributes.ppsHierarchy == SET)
return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle;
// Owner cannot use a handle outside of owner persistent range.
if(evictObject->attributes.evict == CLEAR
&& !NvIsOwnerPersistentHandle(in->persistentHandle))
return TPM_RCS_RANGE + RC_EvictControl_persistentHandle;
}
else
{
// Other authorization is not allowed in this command and should have been
// filtered out in unmarshal process
FAIL(FATAL_ERROR_INTERNAL);
}
// Internal Data Update
// Change evict state
if(evictObject->attributes.evict == CLEAR)
{
// Make object persistent
if(NvFindHandle(in->persistentHandle) != 0)
return TPM_RC_NV_DEFINED;
// A TPM_RC_NV_HANDLE or TPM_RC_NV_SPACE error may be returned at this
// point
result = NvAddEvictObject(in->persistentHandle, evictObject);
}
else
{
// Delete the persistent object in NV
result = NvDeleteEvict(evictObject->evictHandle);
}
return result;
}
#endif // CC_EvictControl

84
src/tpm2/ContextLoad_fp.h Normal file
View File

@ -0,0 +1,84 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ContextLoad_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef CONTEXTLOAD_FP_H
#define CONTEXTLOAD_FP_H
typedef struct {
TPMS_CONTEXT context;
} ContextLoad_In;
#define RC_ContextLoad_context (TPM_RC_P + TPM_RC_1)
typedef struct {
TPMI_DH_CONTEXT loadedHandle;
} ContextLoad_Out;
TPM_RC
TPM2_ContextLoad(
ContextLoad_In *in, // IN: input parameter list
ContextLoad_Out *out // OUT: output parameter list
);
#endif

84
src/tpm2/ContextSave_fp.h Normal file
View File

@ -0,0 +1,84 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ContextSave_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef CONTEXTSAVE_FP_H
#define CONTEXTSAVE_FP_H
typedef struct {
TPMI_DH_CONTEXT saveHandle;
} ContextSave_In;
#define RC_ContextSave_saveHandle (TPM_RC_P + TPM_RC_1)
typedef struct {
TPMS_CONTEXT context;
} ContextSave_Out;
TPM_RC
TPM2_ContextSave(
ContextSave_In *in, // IN: input parameter list
ContextSave_Out *out // OUT: output parameter list
);
#endif

201
src/tpm2/Context_spt.c Normal file
View File

@ -0,0 +1,201 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Context_spt.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* 7.3.1 Includes */
#include "Tpm.h"
#include "Context_spt_fp.h"
/* 7.3.2 Functions */
/* 7.3.2.1 ComputeContextProtectionKey() */
/* This function retrieves the symmetric protection key for context encryption It is used by
TPM2_ConextSave() and TPM2_ContextLoad() to create the symmetric encryption key and iv */
void
ComputeContextProtectionKey(
TPMS_CONTEXT *contextBlob, // IN: context blob
TPM2B_SYM_KEY *symKey, // OUT: the symmetric key
TPM2B_IV *iv // OUT: the IV.
)
{
UINT16 symKeyBits; // number of bits in the parent's
// symmetric key
TPM2B_AUTH *proof = NULL; // the proof value to use. Is null for
// everything but a primary object in
// the Endorsement Hierarchy
BYTE kdfResult[sizeof(TPMU_HA) * 2];// Value produced by the KDF
TPM2B_DATA sequence2B, handle2B;
// Get proof value
proof = HierarchyGetProof(contextBlob->hierarchy);
// Get sequence value in 2B format
sequence2B.t.size = sizeof(contextBlob->sequence);
cAssert(sizeof(contextBlob->sequence) <= sizeof(sequence2B.t.buffer));
MemoryCopy(sequence2B.t.buffer, &contextBlob->sequence,
sizeof(contextBlob->sequence));
// Get handle value in 2B format
handle2B.t.size = sizeof(contextBlob->savedHandle);
cAssert(sizeof(contextBlob->savedHandle) <= sizeof(handle2B.t.buffer));
MemoryCopy(handle2B.t.buffer, &contextBlob->savedHandle,
sizeof(contextBlob->savedHandle));
// Get the symmetric encryption key size
symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES;
symKeyBits = CONTEXT_ENCRYPT_KEY_BITS;
// Get the size of the IV for the algorithm
iv->t.size = CryptGetSymmetricBlockSize(CONTEXT_ENCRYPT_ALG, symKeyBits);
// KDFa to generate symmetric key and IV value
CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &proof->b, CONTEXT_KEY, &sequence2B.b,
&handle2B.b, (symKey->t.size + iv->t.size) * 8, kdfResult, NULL,
FALSE);
// Copy part of the returned value as the key
pAssert(symKey->t.size <= sizeof(symKey->t.buffer));
MemoryCopy(symKey->t.buffer, kdfResult, symKey->t.size);
// Copy the rest as the IV
pAssert(iv->t.size <= sizeof(iv->t.buffer));
MemoryCopy(iv->t.buffer, &kdfResult[symKey->t.size], iv->t.size);
return;
}
/* 7.3.2.2 ComputeContextIntegrity() */
/* Generate the integrity hash for a context It is used by TPM2_ContextSave() to create an integrity
hash and by TPM2_ContextLoad() to compare an integrity hash */
void
ComputeContextIntegrity(
TPMS_CONTEXT *contextBlob, // IN: context blob
TPM2B_DIGEST *integrity // OUT: integrity
)
{
HMAC_STATE hmacState;
TPM2B_AUTH *proof;
UINT16 integritySize;
// Get proof value
proof = HierarchyGetProof(contextBlob->hierarchy);
// Start HMAC
integrity->t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG,
&proof->b);
// Compute integrity size at the beginning of context blob
integritySize = sizeof(integrity->t.size) + integrity->t.size;
// Adding total reset counter so that the context cannot be
// used after a TPM Reset
CryptDigestUpdateInt(&hmacState.hashState, sizeof(gp.totalResetCount),
gp.totalResetCount);
// If this is a ST_CLEAR object, add the clear count
// so that this contest cannot be loaded after a TPM Restart
if(contextBlob->savedHandle == 0x80000002)
CryptDigestUpdateInt(&hmacState.hashState, sizeof(gr.clearCount),
gr.clearCount);
// Adding sequence number to the HMAC to make sure that it doesn't
// get changed
CryptDigestUpdateInt(&hmacState.hashState, sizeof(contextBlob->sequence),
contextBlob->sequence);
// Protect the handle
CryptDigestUpdateInt(&hmacState.hashState, sizeof(contextBlob->savedHandle),
contextBlob->savedHandle);
// Adding sensitive contextData, skip the leading integrity area
CryptDigestUpdate(&hmacState.hashState,
contextBlob->contextBlob.t.size - integritySize,
contextBlob->contextBlob.t.buffer + integritySize);
// Complete HMAC
CryptHmacEnd2B(&hmacState, &integrity->b);
return;
}
/* 7.3.2.3 SequenceDataExport() */
/* This function is used scan through the sequence object and either modify the hash state data for
export (contextSave) or to import it into the internal format (contextLoad). This function should
only be called after the sequence object has been copied to the context buffer (contextSave) or
from the context buffer into the sequence object. The presumption is that the context buffer
version of the data is the same size as the internal representation so nothing outsize of the
hash context area gets modified. */
void
SequenceDataExport(
HASH_OBJECT *object, // IN: an internal hash object
HASH_OBJECT_BUFFER *exportObject // OUT: a sequence context in a buffer
)
{
// If the hash object is not an event, then only one hash context is needed
int count = (object->attributes.eventSeq) ? HASH_COUNT : 1;
for(count--; count >= 0; count--)
{
HASH_STATE *hash = &object->state.hashState[count];
size_t offset = (BYTE *)hash - (BYTE *)object;
BYTE *exportHash = &((BYTE *)exportObject)[offset];
CryptHashExportState(hash, (EXPORT_HASH_STATE *)exportHash);
}
}
/* 7.3.2.4 SequenceDataImport() */
/* This function is used scan through the sequence object and either modify the hash state data for
export (contextSave) or to import it into the internal format (contextLoad). This function should
only be called after the sequence object has been copied to the context buffer (contextSave) or
from the context buffer into the sequence object. The presumption is that the context buffer
version of the data is the same size as the internal representation so nothing outsize of the
hash context area gets modified. */
void
SequenceDataImport(
HASH_OBJECT *object, // IN/OUT: an internal hash object
HASH_OBJECT_BUFFER *exportObject // IN/OUT: a sequence context in a buffer
)
{
// If the hash object is not an event, then only one hash context is needed
int count = (object->attributes.eventSeq) ? HASH_COUNT : 1;
for(count--; count >= 0; count--)
{
HASH_STATE *hash = &object->state.hashState[count];
size_t offset = (BYTE *)hash - (BYTE *)object;
BYTE *importHash = &((BYTE *)exportObject)[offset];
//
CryptHashImportState(hash, (EXPORT_HASH_STATE *)importHash);
}
}

88
src/tpm2/Context_spt_fp.h Normal file
View File

@ -0,0 +1,88 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Context_spt_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef CONTEXT_SPT_H
#define CONTEXT_SPT_H
void
ComputeContextProtectionKey(
TPMS_CONTEXT *contextBlob, // IN: context blob
TPM2B_SYM_KEY *symKey, // OUT: the symmetric key
TPM2B_IV *iv // OUT: the IV.
);
void
ComputeContextIntegrity(
TPMS_CONTEXT *contextBlob, // IN: context blob
TPM2B_DIGEST *integrity // OUT: integrity
);
void
SequenceDataExport(
HASH_OBJECT *object, // IN: an internal hash object
HASH_OBJECT_BUFFER *exportObject // OUT: a sequence context in a buffer
);
void
SequenceDataImport(
HASH_OBJECT *object, // IN/OUT: an internal hash object
HASH_OBJECT_BUFFER *exportObject // IN/OUT: a sequence context in a buffer
);
#endif

90
src/tpm2/CreateLoaded_fp.h Normal file
View File

@ -0,0 +1,90 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CreateLoaded_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
#ifndef CREATELOADED_FP_H
#define CREATELOADED_FP_H
/* rev 136 */
typedef struct {
TPMI_DH_PARENT parentHandle;
TPM2B_SENSITIVE_CREATE inSensitive;
TPM2B_TEMPLATE inPublic;
} CreateLoaded_In;
#define RC_CreateLoaded_parentHandle (TPM_RC_H + TPM_RC_1)
#define RC_CreateLoaded_inSensitive (TPM_RC_P + TPM_RC_1)
#define RC_CreateLoaded_inPublic (TPM_RC_P + TPM_RC_2)
typedef struct {
TPM_HANDLE objectHandle;
TPM2B_PRIVATE outPrivate;
TPM2B_PUBLIC outPublic;
TPM2B_NAME name;
} CreateLoaded_Out;
TPM_RC
TPM2_CreateLoaded(
CreateLoaded_In *in, // IN: input parameter list
CreateLoaded_Out *out // OUT: output parameter list
);
#endif

96
src/tpm2/CreatePrimary_fp.h Normal file
View File

@ -0,0 +1,96 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CreatePrimary_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef CREATEPRIMARY_FP_H
#define CREATEPRIMARY_FP_H
typedef struct {
TPMI_RH_HIERARCHY primaryHandle;
TPM2B_SENSITIVE_CREATE inSensitive;
TPM2B_PUBLIC inPublic;
TPM2B_DATA outsideInfo;
TPML_PCR_SELECTION creationPCR;
} CreatePrimary_In;
#define RC_CreatePrimary_primaryHandle (TPM_RC_H + TPM_RC_1)
#define RC_CreatePrimary_inSensitive (TPM_RC_P + TPM_RC_1)
#define RC_CreatePrimary_inPublic (TPM_RC_P + TPM_RC_2)
#define RC_CreatePrimary_outsideInfo (TPM_RC_P + TPM_RC_3)
#define RC_CreatePrimary_creationPCR (TPM_RC_P + TPM_RC_4)
typedef struct {
TPM_HANDLE objectHandle;
TPM2B_PUBLIC outPublic;
TPM2B_CREATION_DATA creationData;
TPM2B_DIGEST creationHash;
TPMT_TK_CREATION creationTicket;
TPM2B_NAME name;
} CreatePrimary_Out;
TPM_RC
TPM2_CreatePrimary(
CreatePrimary_In *in, // IN: input parameter list
CreatePrimary_Out *out // OUT: output parameter list
);
#endif

96
src/tpm2/Create_fp.h Normal file
View File

@ -0,0 +1,96 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Create_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 137 */
#ifndef CREATE_FP_H
#define CREATE_FP_H
typedef struct {
TPMI_DH_OBJECT parentHandle;
TPM2B_SENSITIVE_CREATE inSensitive;
TPM2B_PUBLIC inPublic;
TPM2B_DATA outsideInfo;
TPML_PCR_SELECTION creationPCR;
} Create_In;
#define RC_Create_parentHandle (TPM_RC_H + TPM_RC_1)
#define RC_Create_inSensitive (TPM_RC_P + TPM_RC_1)
#define RC_Create_inPublic (TPM_RC_P + TPM_RC_2)
#define RC_Create_outsideInfo (TPM_RC_P + TPM_RC_3)
#define RC_Create_creationPCR (TPM_RC_P + TPM_RC_4)
typedef struct {
TPM2B_PRIVATE outPrivate;
TPM2B_PUBLIC outPublic;
TPM2B_CREATION_DATA creationData;
TPM2B_DIGEST creationHash;
TPMT_TK_CREATION creationTicket;
} Create_Out;
TPM_RC
TPM2_Create(
Create_In *in, // IN: input parameter list
Create_Out *out // OUT: output parameter list
);
#endif

226
src/tpm2/CryptSelfTest.c Normal file
View File

@ -0,0 +1,226 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CryptSelfTest.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* 10.2.7 CryptSelfTest.c */
/* 10.2.7.1 Introduction */
/* The functions in this file are designed to support self-test of cryptographic functions in the
TPM. The TPM allows the user to decide whether to run self-test on a demand basis or to run all
the self-tests before proceeding. */
/* The self-tests are controlled by a set of bit vectors. The g_untestedDecryptionAlgorithms vector
has a bit for each decryption algorithm that needs to be tested and
g_untestedEncryptionAlgorithms has a bit for each encryption algorithm that needs to be
tested. Before an algorithm is used, the appropriate vector is checked (indexed using the
algorithm ID). If the bit is 1, then the test function should be called. */
/* For more information, see TpmSelfTests().txt */
#include "Tpm.h"
/* 10.2.7.2 Functions */
/* 10.2.7.2.1 RunSelfTest() */
/* Local function to run self-test */
static TPM_RC
CryptRunSelfTests(
ALGORITHM_VECTOR *toTest // IN: the vector of the algorithms to test
)
{
TPM_ALG_ID alg;
// For each of the algorithms that are in the toTestVecor, need to run a
// test
for(alg = TPM_ALG_FIRST; alg <= TPM_ALG_LAST; alg++)
{
if(TEST_BIT(alg, *toTest))
{
TPM_RC result = CryptTestAlgorithm(alg, toTest);
if(result != TPM_RC_SUCCESS)
return result;
}
}
return TPM_RC_SUCCESS;
}
/* 10.2.7.2.2 CryptSelfTest() */
/* This function is called to start/complete a full self-test. If fullTest is NO, then only the
untested algorithms will be run. If fullTest is YES, then g_untestedDecryptionAlgorithms is
reinitialized and then all tests are run. This implementation of the reference design does not
support processing outside the framework of a TPM command. As a consequence, this command does
not complete until all tests are done. Since this can take a long time, the TPM will check after
each test to see if the command is canceled. If so, then the TPM will returned
TPM_RC_CANCELLED. To continue with the self-tests, call TPM2_SelfTest(fullTest == No) and the TPM
will complete the testing. */
/* Error Returns Meaning */
/* TPM_RC_CANCELED if the command is canceled */
LIB_EXPORT
TPM_RC
CryptSelfTest(
TPMI_YES_NO fullTest // IN: if full test is required
)
{
#ifdef SIMULATION
if(g_forceFailureMode)
FAIL(FATAL_ERROR_FORCED);
#endif
// If the caller requested a full test, then reset the to test vector so that
// all the tests will be run
if(fullTest == YES)
{
MemoryCopy(g_toTest,
g_implementedAlgorithms,
sizeof(g_toTest));
}
return CryptRunSelfTests(&g_toTest);
}
/* 10.2.7.2.3 CryptIncrementalSelfTest() */
/* This function is used to perform an incremental self-test. This implementation will perform the
toTest values before returning. That is, it assumes that the TPM cannot perform background tasks
between commands. */
/* This command may be canceled. If it is, then there is no return result. However, this command can
be run again and the incremental progress will not be lost. */
/* Error Returns Meaning */
/* TPM_RC_CANCELED processing of this command was canceled */
/* TPM_RC_TESTING if toTest list is not empty */
/* TPM_RC_VALUE an algorithm in the toTest list is not implemented */
TPM_RC
CryptIncrementalSelfTest(
TPML_ALG *toTest, // IN: list of algorithms to be tested
TPML_ALG *toDoList // OUT: list of algorithms needing test
)
{
ALGORITHM_VECTOR toTestVector = {0};
TPM_ALG_ID alg;
UINT32 i;
pAssert(toTest != NULL && toDoList != NULL);
if(toTest->count > 0)
{
// Transcribe the toTest list into the toTestVector
for(i = 0; i < toTest->count; i++)
{
alg = toTest->algorithms[i];
// make sure that the algorithm value is not out of range
if((alg > TPM_ALG_LAST) || !TEST_BIT(alg, g_implementedAlgorithms))
return TPM_RC_VALUE;
SET_BIT(alg, toTestVector);
}
// Run the test
if(CryptRunSelfTests(&toTestVector) == TPM_RC_CANCELED)
return TPM_RC_CANCELED;
}
// Fill in the toDoList with the algorithms that are still untested
toDoList->count = 0;
for(alg = TPM_ALG_FIRST;
toDoList->count < MAX_ALG_LIST_SIZE && alg <= TPM_ALG_LAST;
alg++)
{
if(TEST_BIT(alg, g_toTest))
toDoList->algorithms[toDoList->count++] = alg;
}
return TPM_RC_SUCCESS;
}
/* 10.2.7.2.4 CryptInitializeToTest() */
/* This function will initialize the data structures for testing all the algorithms. This should not
be called unless CryptAlgsSetImplemented() has been called */
void
CryptInitializeToTest(
void
)
{
// Indicate that nothing has been tested
memset(&g_cryptoSelfTestState, 0, sizeof(g_cryptoSelfTestState));
// Copy the implemented algorithm vector
MemoryCopy(g_toTest, g_implementedAlgorithms, sizeof(g_toTest));
// Setting the algorithm to null causes the test function to just clear
// out any algorithms for which there is no test.
CryptTestAlgorithm(TPM_ALG_ERROR, &g_toTest);
return;
}
/* 10.2.7.2.5 CryptTestAlgorithm() */
/* Only point of contact with the actual self tests. If a self-test fails, there is no return and
the TPM goes into failure mode. The call to TestAlgorithm() uses an algorithms selector and a bit
vector. When the test is run, the corresponding bit in toTest and in g_toTest is CLEAR. If toTest
is NULL, then only the bit in g_toTest is CLEAR. There is a special case for the call to
TestAlgorithm(). When alg is TPM_ALG_ERROR, TestAlgorithm() will CLEAR any bit in toTest for
which it has no test. This allows the knowledge about which algorithms have test to be accessed
through the interface that provides the test. */
/* Error Returns Meaning */
/* TPM_RC_SUCCESS test complete */
/* TPM_RC_CANCELED test was canceled */
LIB_EXPORT
TPM_RC
CryptTestAlgorithm(
TPM_ALG_ID alg,
ALGORITHM_VECTOR *toTest
)
{
TPM_RC result;
#if defined SELF_TEST
result = TestAlgorithm(alg, toTest);
#else
// If this is an attempt to determine the algorithms for which there is a
// self test, pretend that all of them do. We do that by not clearing any
// of the algorithm bits. When/if this function is called to run tests, it
// will over report. This can be changed so that any call to check on which
// algorithms have tests, 'toTest' can be cleared.
if(alg != TPM_ALG_ERROR)
{
CLEAR_BIT(alg, g_toTest);
if(toTest != NULL)
CLEAR_BIT(alg, *toTest);
}
result = TPM_RC_SUCCESS;
#endif
return result;
}

87
src/tpm2/CryptSelfTest_fp.h Normal file
View File

@ -0,0 +1,87 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CryptSelfTest_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef CRYPTSELFTEST_FP_H
#define CRYPTSELFTEST_FP_H
LIB_EXPORT
TPM_RC
CryptSelfTest(
TPMI_YES_NO fullTest // IN: if full test is required
);
TPM_RC
CryptIncrementalSelfTest(
TPML_ALG *toTest, // IN: list of algorithms to be tested
TPML_ALG *toDoList // OUT: list of algorithms needing test
);
void
CryptInitializeToTest(
void
);
LIB_EXPORT
TPM_RC
CryptTestAlgorithm(
TPM_ALG_ID alg,
ALGORITHM_VECTOR *toTest
);
#endif

1684
src/tpm2/CryptUtil.c Normal file
View File

File diff suppressed because it is too large Load Diff

225
src/tpm2/CryptUtil_fp.h Normal file
View File

@ -0,0 +1,225 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CryptUtil_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef CRYPTUTIL_FP_H
#define CRYPTUTIL_FP_H
BOOL
CryptIsSchemeAnonymous(
TPM_ALG_ID scheme // IN: the scheme algorithm to test
);
void
ParmDecryptSym(
TPM_ALG_ID symAlg, // IN: the symmetric algorithm
TPM_ALG_ID hash, // IN: hash algorithm for KDFa
UINT16 keySizeInBits, // IN: the key size in bits
TPM2B *key, // IN: KDF HMAC key
TPM2B *nonceCaller, // IN: nonce caller
TPM2B *nonceTpm, // IN: nonce TPM
UINT32 dataSize, // IN: size of parameter buffer
BYTE *data // OUT: buffer to be decrypted
);
void
ParmEncryptSym(
TPM_ALG_ID symAlg, // IN: symmetric algorithm
TPM_ALG_ID hash, // IN: hash algorithm for KDFa
UINT16 keySizeInBits, // IN: AES key size in bits
TPM2B *key, // IN: KDF HMAC key
TPM2B *nonceCaller, // IN: nonce caller
TPM2B *nonceTpm, // IN: nonce TPM
UINT32 dataSize, // IN: size of parameter buffer
BYTE *data // OUT: buffer to be encrypted
);
void
CryptXORObfuscation(
TPM_ALG_ID hash, // IN: hash algorithm for KDF
TPM2B *key, // IN: KDF key
TPM2B *contextU, // IN: contextU
TPM2B *contextV, // IN: contextV
UINT32 dataSize, // IN: size of data buffer
BYTE *data // IN/OUT: data to be XORed in place
);
BOOL
CryptInit(
void
);
BOOL
CryptStartup(
STARTUP_TYPE type // IN: the startup type
);
BOOL
CryptIsAsymAlgorithm(
TPM_ALG_ID algID // IN: algorithm ID
);
TPM_RC
CryptSecretEncrypt(
OBJECT *encryptKey, // IN: encryption key object
const TPM2B *label, // IN: a null-terminated string as L
TPM2B_DATA *data, // OUT: secret value
TPM2B_ENCRYPTED_SECRET *secret // OUT: secret structure
);
TPM_RC
CryptSecretDecrypt(
OBJECT *decryptKey, // IN: decrypt key
TPM2B_NONCE *nonceCaller, // IN: nonceCaller. It is needed for
// symmetric decryption. For
// asymmetric decryption, this
// parameter is NULL
const TPM2B *label, // IN: a value for L
TPM2B_ENCRYPTED_SECRET *secret, // IN: input secret
TPM2B_DATA *data // OUT: decrypted secret value
);
void
CryptParameterEncryption(
TPM_HANDLE handle, // IN: encrypt session handle
TPM2B *nonceCaller, // IN: nonce caller
UINT16 leadingSizeInByte, // IN: the size of the leading size field in
// bytes
TPM2B_AUTH *extraKey, // IN: additional key material other than
// sessionAuth
BYTE *buffer // IN/OUT: parameter buffer to be encrypted
);
TPM_RC
CryptParameterDecryption(
TPM_HANDLE handle, // IN: encrypted session handle
TPM2B *nonceCaller, // IN: nonce caller
UINT32 bufferSize, // IN: size of parameter buffer
UINT16 leadingSizeInByte, // IN: the size of the leading size field in
// byte
TPM2B_AUTH *extraKey, // IN: the authValue
BYTE *buffer // IN/OUT: parameter buffer to be decrypted
);
void
CryptComputeSymmetricUnique(
TPMT_PUBLIC *publicArea, // IN: the object's public area
TPMT_SENSITIVE *sensitive, // IN: the associated sensitive area
TPM2B_DIGEST *unique // OUT: unique buffer
);
TPM_RC
CryptCreateObject(
OBJECT *object, // IN: new object structure pointer
TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation
RAND_STATE *rand // IN: the random number generator
// to use
);
TPMI_ALG_HASH
CryptGetSignHashAlg(
TPMT_SIGNATURE *auth // IN: signature
);
BOOL
CryptIsSplitSign(
TPM_ALG_ID scheme // IN: the algorithm selector
);
BOOL
CryptIsAsymSignScheme(
TPMI_ALG_PUBLIC publicType, // IN: Type of the object
TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme
);
BOOL
CryptIsAsymDecryptScheme(
TPMI_ALG_PUBLIC publicType, // IN: Type of the object
TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme
);
BOOL
CryptSelectSignScheme(
OBJECT *signObject, // IN: signing key
TPMT_SIG_SCHEME *scheme // IN/OUT: signing scheme
);
TPM_RC
CryptSign(
OBJECT *signKey, // IN: signing key
TPMT_SIG_SCHEME *signScheme, // IN: sign scheme.
TPM2B_DIGEST *digest, // IN: The digest being signed
TPMT_SIGNATURE *signature // OUT: signature
);
TPM_RC
CryptValidateSignature(
TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key
TPM2B_DIGEST *digest, // IN: The digest being validated
TPMT_SIGNATURE *signature // IN: signature
);
TPM_RC
CryptGetTestResult(
TPM2B_MAX_BUFFER *outData // OUT: test result data
);
BOOL
CryptIsUniqueSizeValid(
TPMT_PUBLIC *publicArea // IN: the public area to check
);
BOOL
CryptIsSensitiveSizeValid(
TPMT_PUBLIC *publicArea, // IN: the object's public part
TPMT_SENSITIVE *sensitiveArea // IN: the object's sensitive part
);
TPM_RC
CryptValidateKeys(
TPMT_PUBLIC *publicArea,
TPMT_SENSITIVE *sensitive,
TPM_RC blamePublic,
TPM_RC blameSensitive
);
void
CryptAlgsSetImplemented(
void
);
#endif

240
src/tpm2/DA.c Normal file
View File

@ -0,0 +1,240 @@
/********************************************************************************/
/* */
/* Dictionary Attack Logic. */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: DA.c 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
/* 8.2 DA.c */
/* 8.2.1 Introduction */
/* This file contains the functions and data definitions relating to the dictionary attack logic. */
/* 8.2.2 Includes and Data Definitions */
#define DA_C
#include "Tpm.h"
/* 8.2.3 Functions */
/* 8.2.3.1 DAPreInstall_Init() */
/* This function initializes the DA parameters to their manufacturer-default values. The default
values are determined by a platform-specific specification. */
/* This function should not be called outside of a manufacturing or simulation environment. */
/* The DA parameters will be restored to these initial values by TPM2_Clear(). */
void
DAPreInstall_Init(
void
)
{
gp.failedTries = 0;
gp.maxTries = 3;
gp.recoveryTime = 1000; // in seconds (~16.67 minutes)
gp.lockoutRecovery = 1000; // in seconds
gp.lockOutAuthEnabled = TRUE; // Use of lockoutAuth is enabled
// Record persistent DA parameter changes to NV
NV_SYNC_PERSISTENT(failedTries);
NV_SYNC_PERSISTENT(maxTries);
NV_SYNC_PERSISTENT(recoveryTime);
NV_SYNC_PERSISTENT(lockoutRecovery);
NV_SYNC_PERSISTENT(lockOutAuthEnabled);
return;
}
/* 8.2.3.3 DAStartup() */
/* This function is called by TPM2_Startup() to initialize the DA parameters. In the case of
Startup(CLEAR), use of lockoutAuth will be enabled if the lockout recovery time is 0. Otherwise,
lockoutAuth will not be enabled until the TPM has been continuously powered for the
lockoutRecovery time. */
/* This function requires that NV be available and not rate limiting. */
void
DAStartup(
STARTUP_TYPE type // IN: startup type
)
{
NOT_REFERENCED(type);
#ifndef ACCUMULATE_SELF_HEAL_TIMER
_plat__TimerWasReset();
s_selfHealTimer = 0;
s_lockoutTimer = 0;
#else
if(_plat__TimerWasReset())
{
if(!NV_IS_ORDERLY)
{
// If shutdown was not orderly, then don't really know if go.time has
// any useful value so reset the timer to 0. This is what the tick
// was reset to
s_selfHealTimer = 0;
s_lockoutTimer = 0;
}
else
{
// If we know how much time was accumulated at the last orderly shutdown
// subtract that from the saved timer values so that they effectively
// have the accumulated values
s_selfHealTimer -= go.time;
s_lockoutTimer -= go.time;
}
}
#endif
// For any Startup(), if lockoutRecovery is 0, enable use of lockoutAuth.
if(gp.lockoutRecovery == 0)
{
gp.lockOutAuthEnabled = TRUE;
// Record the changes to NV
NV_SYNC_PERSISTENT(lockOutAuthEnabled);
}
// If DA has not been disabled and the previous shutdown is not orderly
// failedTries is not already at its maximum then increment 'failedTries'
if(gp.recoveryTime != 0
&& gp.failedTries < gp.maxTries
&& !IS_ORDERLY(g_prevOrderlyState))
{
#ifdef USE_DA_USED
gp.failedTries += g_daUsed;
g_daUsed = FALSE;
#else
gp.failedTries++;
#endif
// Record the change to NV
NV_SYNC_PERSISTENT(failedTries);
}
// Before Startup, the TPM will not do clock updates. At startup, need to
// do a time update which will do the DA update.
TimeUpdate();
return;
}
/* 8.2.3.4 DARegisterFailure() */
/* This function is called when a authorization failure occurs on an entity that is subject to
dictionary-attack protection. When a DA failure is triggered, register the failure by resetting
the relevant self-healing timer to the current time. */
void
DARegisterFailure(
TPM_HANDLE handle // IN: handle for failure
)
{
// Reset the timer associated with lockout if the handle is the lockoutAuth.
if(handle == TPM_RH_LOCKOUT)
s_lockoutTimer = g_time;
else
s_selfHealTimer = g_time;
return;
}
/* 8.2.3.5 DASelfHeal() */
/* This function is called to check if sufficient time has passed to allow decrement of failedTries
or to re-enable use of lockoutAuth. */
/* This function should be called when the time interval is updated. */
void
DASelfHeal(
void
)
{
// Regular authorization self healing logic
// If no failed authorization tries, do nothing. Otherwise, try to
// decrease failedTries
if(gp.failedTries != 0)
{
// if recovery time is 0, DA logic has been disabled. Clear failed tries
// immediately
if(gp.recoveryTime == 0)
{
gp.failedTries = 0;
// Update NV record
NV_SYNC_PERSISTENT(failedTries);
}
else
{
UINT64 decreaseCount;
#if 0 // Errata eliminates this code
// In the unlikely event that failedTries should become larger than
// maxTries
if(gp.failedTries > gp.maxTries)
gp.failedTries = gp.maxTries;
#endif
// How much can failedTries be decreased
// Cast s_selfHealTimer to an int in case it became negative at
// startup
decreaseCount = ((g_time - (INT64)s_selfHealTimer) / 1000)
/ gp.recoveryTime;
if(gp.failedTries <= (UINT32)decreaseCount)
// should not set failedTries below zero
gp.failedTries = 0;
else
gp.failedTries -= (UINT32)decreaseCount;
// the cast prevents overflow of the product
s_selfHealTimer += (decreaseCount * (UINT64)gp.recoveryTime) * 1000;
if(decreaseCount != 0)
// If there was a change to the failedTries, record the changes
// to NV
NV_SYNC_PERSISTENT(failedTries);
}
}
// LockoutAuth self healing logic
// If lockoutAuth is enabled, do nothing. Otherwise, try to see if we
// may enable it
if(!gp.lockOutAuthEnabled)
{
// if lockout authorization recovery time is 0, a reboot is required to
// re-enable use of lockout authorization. Self-healing would not
// apply in this case.
if(gp.lockoutRecovery != 0)
{
if(((g_time - (INT64)s_lockoutTimer) / 1000) >= gp.lockoutRecovery)
{
gp.lockOutAuthEnabled = TRUE;
// Record the changes to NV
NV_SYNC_PERSISTENT(lockOutAuthEnabled);
}
}
}
return;
}

87
src/tpm2/DA_fp.h Normal file
View File

@ -0,0 +1,87 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: DA_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef DA_FP_H
#define DA_FP_H
void
DAPreInstall_Init(
void
);
void
DAInit(
void
);
void
DAStartup(
STARTUP_TYPE type // IN: startup type
);
void
DARegisterFailure(
TPM_HANDLE handle // IN: handle for failure
);
void
DASelfHeal(
void
);
#endif

79
src/tpm2/DictionaryAttackLockReset_fp.h Normal file
View File

@ -0,0 +1,79 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: DictionaryAttackLockReset_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef DICTIONARYATTACKLOCKRESET_FP_H
#define DICTIONARYATTACKLOCKRESET_FP_H
typedef struct {
TPMI_RH_LOCKOUT lockHandle;
} DictionaryAttackLockReset_In;
#define RC_DictionaryAttackLockReset_lockHandle (TPM_RC_H + TPM_RC_1)
TPM_RC
TPM2_DictionaryAttackLockReset(
DictionaryAttackLockReset_In *in // IN: input parameter list
);
#endif

86
src/tpm2/DictionaryAttackParameters_fp.h Normal file
View File

@ -0,0 +1,86 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: DictionaryAttackParameters_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef DICTIONARYATTACKPARAMETERS_FP_H
#define DICTIONARYATTACKPARAMETERS_FP_H
typedef struct {
TPMI_RH_LOCKOUT lockHandle;
UINT32 newMaxTries;
UINT32 newRecoveryTime;
UINT32 lockoutRecovery;
} DictionaryAttackParameters_In;
#define RC_DictionaryAttackParameters_lockHandle (TPM_RC_H + TPM_RC_1)
#define RC_DictionaryAttackParameters_newMaxTries (TPM_RC_P + TPM_RC_1)
#define RC_DictionaryAttackParameters_newRecoveryTime (TPM_RC_P + TPM_RC_2)
#define RC_DictionaryAttackParameters_lockoutRecovery (TPM_RC_P + TPM_RC_3)
TPM_RC
TPM2_DictionaryAttackParameters(
DictionaryAttackParameters_In *in // IN: input parameter list
);
#endif

104
src/tpm2/DictionaryCommands.c Normal file
View File

@ -0,0 +1,104 @@
/********************************************************************************/
/* */
/* Dictionary Attack Functions */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: DictionaryCommands.c 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
#include "Tpm.h"
#include "DictionaryAttackLockReset_fp.h"
#ifdef TPM_CC_DictionaryAttackLockReset // Conditional expansion of this file
TPM_RC
TPM2_DictionaryAttackLockReset(
DictionaryAttackLockReset_In *in // IN: input parameter list
)
{
// Input parameter is not reference in command action
NOT_REFERENCED(in);
// The command needs NV update.
RETURN_IF_NV_IS_NOT_AVAILABLE;
// Internal Data Update
// Set failed tries to 0
gp.failedTries = 0;
// Record the changes to NV
NV_SYNC_PERSISTENT(failedTries);
return TPM_RC_SUCCESS;
}
#endif // CC_DictionaryAttackLockReset
#include "Tpm.h"
#include "DictionaryAttackParameters_fp.h"
#ifdef TPM_CC_DictionaryAttackParameters // Conditional expansion of this file
TPM_RC
TPM2_DictionaryAttackParameters(
DictionaryAttackParameters_In *in // IN: input parameter list
)
{
// The command needs NV update.
RETURN_IF_NV_IS_NOT_AVAILABLE;
// Internal Data Update
// Set dictionary attack parameters
gp.maxTries = in->newMaxTries;
gp.recoveryTime = in->newRecoveryTime;
gp.lockoutRecovery = in->lockoutRecovery;
// Record the changes to NV
NV_SYNC_PERSISTENT(failedTries);
NV_SYNC_PERSISTENT(maxTries);
NV_SYNC_PERSISTENT(recoveryTime);
NV_SYNC_PERSISTENT(lockoutRecovery);
return TPM_RC_SUCCESS;
}
#endif // CC_DictionaryAttackParameters

91
src/tpm2/Duplicate_fp.h Normal file
View File

@ -0,0 +1,91 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Duplicate_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef DUPLICATE_FP_H
#define DUPLICATE_FP_H
typedef struct {
TPMI_DH_OBJECT objectHandle;
TPMI_DH_OBJECT newParentHandle;
TPM2B_DATA encryptionKeyIn;
TPMT_SYM_DEF_OBJECT symmetricAlg;
} Duplicate_In;
typedef struct {
TPM2B_DATA encryptionKeyOut;
TPM2B_PRIVATE duplicate;
TPM2B_ENCRYPTED_SECRET outSymSeed;
} Duplicate_Out;
#define RC_Duplicate_objectHandle (TPM_RC_H + TPM_RC_1)
#define RC_Duplicate_newParentHandle (TPM_RC_H + TPM_RC_2)
#define RC_Duplicate_encryptionKeyIn (TPM_RC_P + TPM_RC_1)
#define RC_Duplicate_symmetricAlg (TPM_RC_P + TPM_RC_2)
TPM_RC
TPM2_Duplicate(
Duplicate_In *in, // IN: input parameter list
Duplicate_Out *out // OUT: output parameter list
);
#endif

348
src/tpm2/DuplicationCommands.c Normal file
View File

@ -0,0 +1,348 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: DuplicationCommands.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#include "Tpm.h"
#include "Duplicate_fp.h"
#ifdef TPM_CC_Duplicate // Conditional expansion of this file
#include "Object_spt_fp.h"
TPM_RC
TPM2_Duplicate(
Duplicate_In *in, // IN: input parameter list
Duplicate_Out *out // OUT: output parameter list
)
{
TPM_RC result = TPM_RC_SUCCESS;
TPMT_SENSITIVE sensitive;
UINT16 innerKeySize = 0; // encrypt key size for inner wrap
OBJECT *object;
OBJECT *newParent;
TPM2B_DATA data;
// Input Validation
// Get duplicate object pointer
object = HandleToObject(in->objectHandle);
// Get new parent
newParent = HandleToObject(in->newParentHandle);
// duplicate key must have fixParent bit CLEAR.
if(object->publicArea.objectAttributes.fixedParent == SET)
return TPM_RCS_ATTRIBUTES + RC_Duplicate_objectHandle;
// Do not duplicate object with NULL nameAlg
if(object->publicArea.nameAlg == TPM_ALG_NULL)
return TPM_RCS_TYPE + RC_Duplicate_objectHandle;
// new parent key must be a storage object or TPM_RH_NULL
if(in->newParentHandle != TPM_RH_NULL
&& !ObjectIsStorage(in->newParentHandle))
return TPM_RCS_TYPE + RC_Duplicate_newParentHandle;
// If the duplicated object has encryptedDuplication SET, then there must be
// an inner wrapper and the new parent may not be TPM_RH_NULL
if(object->publicArea.objectAttributes.encryptedDuplication == SET)
{
if(in->symmetricAlg.algorithm == TPM_ALG_NULL)
return TPM_RCS_SYMMETRIC + RC_Duplicate_symmetricAlg;
if(in->newParentHandle == TPM_RH_NULL)
return TPM_RCS_HIERARCHY + RC_Duplicate_newParentHandle;
}
if(in->symmetricAlg.algorithm == TPM_ALG_NULL)
{
// if algorithm is TPM_ALG_NULL, input key size must be 0
if(in->encryptionKeyIn.t.size != 0)
return TPM_RCS_SIZE + RC_Duplicate_encryptionKeyIn;
}
else
{
// Get inner wrap key size
innerKeySize = in->symmetricAlg.keyBits.sym;
// If provided the input symmetric key must match the size of the algorithm
if(in->encryptionKeyIn.t.size != 0
&& in->encryptionKeyIn.t.size != (innerKeySize + 7) / 8)
return TPM_RCS_SIZE + RC_Duplicate_encryptionKeyIn;
}
// Command Output
if(in->newParentHandle != TPM_RH_NULL)
{
// Make encrypt key and its associated secret structure. A TPM_RC_KEY
// error may be returned at this point
out->outSymSeed.t.size = sizeof(out->outSymSeed.t.secret);
result = CryptSecretEncrypt(newParent, DUPLICATE_STRING, &data,
&out->outSymSeed);
if(result != TPM_RC_SUCCESS)
return result;
}
else
{
// Do not apply outer wrapper
data.t.size = 0;
out->outSymSeed.t.size = 0;
}
// Copy sensitive area
sensitive = object->sensitive;
// Prepare output private data from sensitive.
// Note: If there is no encryption key, one will be provided by
// SensitiveToDuplicate(). This is why the assignment of encryptionKeyIn to
// encryptionKeyOut will work properly and is not conditional.
SensitiveToDuplicate(&sensitive, &object->name.b, newParent,
object->publicArea.nameAlg, &data.b,
&in->symmetricAlg, &in->encryptionKeyIn,
&out->duplicate);
out->encryptionKeyOut = in->encryptionKeyIn;
return TPM_RC_SUCCESS;
}
#endif // CC_Duplicate
#include "Tpm.h"
#include "Rewrap_fp.h"
#ifdef TPM_CC_Rewrap // Conditional expansion of this file
#include "Object_spt_fp.h"
TPM_RC
TPM2_Rewrap(
Rewrap_In *in, // IN: input parameter list
Rewrap_Out *out // OUT: output parameter list
)
{
TPM_RC result = TPM_RC_SUCCESS;
TPM2B_DATA data; // symmetric key
UINT16 hashSize = 0;
TPM2B_PRIVATE privateBlob; // A temporary private blob
// to transit between old
// and new wrappers
// Input Validation
if((in->inSymSeed.t.size == 0 && in->oldParent != TPM_RH_NULL)
|| (in->inSymSeed.t.size != 0 && in->oldParent == TPM_RH_NULL))
return TPM_RCS_HANDLE + RC_Rewrap_oldParent;
if(in->oldParent != TPM_RH_NULL)
{
OBJECT *oldParent = HandleToObject(in->oldParent);;
// old parent key must be a storage object
if(!ObjectIsStorage(in->oldParent))
return TPM_RCS_TYPE + RC_Rewrap_oldParent;
// Decrypt input secret data via asymmetric decryption. A
// TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this
// point
result = CryptSecretDecrypt(oldParent, NULL, DUPLICATE_STRING,
&in->inSymSeed, &data);
if(result != TPM_RC_SUCCESS)
return TPM_RCS_VALUE + RC_Rewrap_inSymSeed;
// Unwrap Outer
result = UnwrapOuter(oldParent, &in->name.b,
oldParent->publicArea.nameAlg, &data.b,
FALSE,
in->inDuplicate.t.size, in->inDuplicate.t.buffer);
if(result != TPM_RC_SUCCESS)
return RcSafeAddToResult(result, RC_Rewrap_inDuplicate);
// Copy unwrapped data to temporary variable, remove the integrity field
hashSize = sizeof(UINT16) +
CryptHashGetDigestSize(oldParent->publicArea.nameAlg);
privateBlob.t.size = in->inDuplicate.t.size - hashSize;
pAssert(privateBlob.t.size <= sizeof(privateBlob.t.buffer));
MemoryCopy(privateBlob.t.buffer, in->inDuplicate.t.buffer + hashSize,
privateBlob.t.size);
}
else
{
// No outer wrap from input blob. Direct copy.
privateBlob = in->inDuplicate;
}
if(in->newParent != TPM_RH_NULL)
{
OBJECT *newParent;
newParent = HandleToObject(in->newParent);
// New parent must be a storage object
if(!ObjectIsStorage(in->newParent))
return TPM_RCS_TYPE + RC_Rewrap_newParent;
// Make new encrypt key and its associated secret structure. A
// TPM_RC_VALUE error may be returned at this point if RSA algorithm is
// enabled in TPM
out->outSymSeed.t.size = sizeof(out->outSymSeed.t.secret);
result = CryptSecretEncrypt(newParent, DUPLICATE_STRING, &data,
&out->outSymSeed);
if(result != TPM_RC_SUCCESS)
return result;
// Copy temporary variable to output, reserve the space for integrity
hashSize = sizeof(UINT16) +
CryptHashGetDigestSize(newParent->publicArea.nameAlg);
// Make sure that everything fits into the output buffer
// Note: this is mostly only an issue if there was no outer wrapper on
// 'inDuplicate'. It could be as large as a TPM2B_PRIVATE buffer. If we add
// a digest for an outer wrapper, it won't fit anymore.
if((privateBlob.t.size + hashSize) > sizeof(out->outDuplicate.t.buffer))
return TPM_RCS_VALUE + RC_Rewrap_inDuplicate;
// Command output
out->outDuplicate.t.size = privateBlob.t.size;
pAssert(privateBlob.t.size
<= sizeof(out->outDuplicate.t.buffer) - hashSize);
MemoryCopy(out->outDuplicate.t.buffer + hashSize, privateBlob.t.buffer,
privateBlob.t.size);
// Produce outer wrapper for output
out->outDuplicate.t.size = ProduceOuterWrap(newParent, &in->name.b,
newParent->publicArea.nameAlg,
&data.b,
FALSE,
out->outDuplicate.t.size,
out->outDuplicate.t.buffer);
}
else // New parent is a null key so there is no seed
{
out->outSymSeed.t.size = 0;
// Copy privateBlob directly
out->outDuplicate = privateBlob;
}
return TPM_RC_SUCCESS;
}
#endif // CC_Rewrap
#include "Tpm.h"
#include "Import_fp.h"
#ifdef TPM_CC_Import // Conditional expansion of this file
#include "Object_spt_fp.h"
TPM_RC
TPM2_Import(
Import_In *in, // IN: input parameter list
Import_Out *out // OUT: output parameter list
)
{
TPM_RC result = TPM_RC_SUCCESS;
OBJECT *parentObject;
TPM2B_DATA data; // symmetric key
TPMT_SENSITIVE sensitive;
TPM2B_NAME name;
UINT16 innerKeySize = 0; // encrypt key size for inner
// wrapper
// Input Validation
// FixedTPM and fixedParent must be CLEAR
if(in->objectPublic.publicArea.objectAttributes.fixedTPM == SET
|| in->objectPublic.publicArea.objectAttributes.fixedParent == SET)
return TPM_RCS_ATTRIBUTES + RC_Import_objectPublic;
// Get parent pointer
parentObject = HandleToObject(in->parentHandle);
if(!ObjectIsParent(parentObject))
return TPM_RCS_TYPE + RC_Import_parentHandle;
if(in->symmetricAlg.algorithm != TPM_ALG_NULL)
{
// Get inner wrap key size
innerKeySize = in->symmetricAlg.keyBits.sym;
// Input symmetric key must match the size of algorithm.
if(in->encryptionKey.t.size != (innerKeySize + 7) / 8)
return TPM_RCS_SIZE + RC_Import_encryptionKey;
}
else
{
// If input symmetric algorithm is NULL, input symmetric key size must
// be 0 as well
if(in->encryptionKey.t.size != 0)
return TPM_RCS_SIZE + RC_Import_encryptionKey;
// If encryptedDuplication is SET, then the object must have an inner
// wrapper
if(in->objectPublic.publicArea.objectAttributes.encryptedDuplication)
return TPM_RCS_ATTRIBUTES + RC_Import_encryptionKey;
}
// See if there is an outer wrapper
if(in->inSymSeed.t.size != 0)
{
// in->inParentHandle is a parent, but in order to decrypt an outer wrapper,
// it must be able to do key exchange and a symmetric key can't do that.
if(parentObject->publicArea.type == TPM_ALG_SYMCIPHER)
return TPM_RCS_TYPE + RC_Import_parentHandle;
// Decrypt input secret data via asymmetric decryption. TPM_RC_ATTRIBUTES,
// TPM_RC_ECC_POINT, TPM_RC_INSUFFICIENT, TPM_RC_KEY, TPM_RC_NO_RESULT,
// TPM_RC_SIZE, TPM_RC_VALUE may be returned at this point
result = CryptSecretDecrypt(parentObject, NULL, DUPLICATE_STRING,
&in->inSymSeed, &data);
pAssert(result != TPM_RC_BINDING);
if(result != TPM_RC_SUCCESS)
return RcSafeAddToResult(result, RC_Import_inSymSeed);
}
else
{
// If encrytpedDuplication is set, then the object must have an outer
// wrapper
if(in->objectPublic.publicArea.objectAttributes.encryptedDuplication)
return TPM_RCS_ATTRIBUTES + RC_Import_inSymSeed;
data.t.size = 0;
}
// Compute name of object
PublicMarshalAndComputeName(&(in->objectPublic.publicArea), &name);
if(name.t.size == 0)
return TPM_RCS_HASH + RC_Import_objectPublic;
// Retrieve sensitive from private.
// TPM_RC_INSUFFICIENT, TPM_RC_INTEGRITY, TPM_RC_SIZE may be returned here.
result = DuplicateToSensitive(&in->duplicate.b, &name.b, parentObject,
in->objectPublic.publicArea.nameAlg,
&data.b, &in->symmetricAlg,
&in->encryptionKey.b, &sensitive);
if(result != TPM_RC_SUCCESS)
return RcSafeAddToResult(result, RC_Import_duplicate);
// If the parent of this object has fixedTPM SET, then validate this
// object as if it were being loaded so that validation can be skipped
// when it is actually loaded.
if(parentObject->publicArea.objectAttributes.fixedTPM == SET)
{
result = ObjectLoad(NULL, NULL, &in->objectPublic.publicArea,
&sensitive, RC_Import_objectPublic, RC_Import_duplicate,
NULL);
}
// Command output
if(result == TPM_RC_SUCCESS)
{
// Prepare output private data from sensitive
SensitiveToPrivate(&sensitive, &name.b, parentObject,
in->objectPublic.publicArea.nameAlg,
&out->outPrivate);
}
return result;
}
#endif // CC_Import

1168
src/tpm2/EACommands.c Normal file
View File

File diff suppressed because it is too large Load Diff

84
src/tpm2/ECC_Parameters_fp.h Normal file
View File

@ -0,0 +1,84 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ECC_Parameters_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef ECC_PARAMETERS_FP_H
#define ECC_PARAMETERS_FP_H
typedef struct {
TPMI_ECC_CURVE curveID;
} ECC_Parameters_In;
#define RC_ECC_Parameters_curveID (TPM_RC_P + TPM_RC_1)
typedef struct {
TPMS_ALGORITHM_DETAIL_ECC parameters;
} ECC_Parameters_Out;
TPM_RC
TPM2_ECC_Parameters(
ECC_Parameters_In *in, // IN: input parameter list
ECC_Parameters_Out *out // OUT: output parameter list
);
#endif

85
src/tpm2/ECDH_KeyGen_fp.h Normal file
View File

@ -0,0 +1,85 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ECDH_KeyGen_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef ECDH_KEYGEN_FP_H
#define ECDH_KEYGEN_FP_H
typedef struct {
TPMI_DH_OBJECT keyHandle;
} ECDH_KeyGen_In;
#define RC_ECDH_KeyGen_keyHandle (TPM_RC_H + TPM_RC_1)
typedef struct {
TPM2B_ECC_POINT zPoint;
TPM2B_ECC_POINT pubPoint;
} ECDH_KeyGen_Out;
TPM_RC
TPM2_ECDH_KeyGen(
ECDH_KeyGen_In *in, // IN: input parameter list
ECDH_KeyGen_Out *out // OUT: output parameter list
);
#endif

86
src/tpm2/ECDH_ZGen_fp.h Normal file
View File

@ -0,0 +1,86 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ECDH_ZGen_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef ECDH_ZGEN_FP_H
#define ECDH_ZGEN_FP_H
typedef struct {
TPMI_DH_OBJECT keyHandle;
TPM2B_ECC_POINT inPoint;
} ECDH_ZGen_In;
#define RC_ECDH_ZGen_keyHandle (TPM_RC_H + TPM_RC_1)
#define RC_ECDH_ZGen_inPoint (TPM_RC_P + TPM_RC_1)
typedef struct {
TPM2B_ECC_POINT outPoint;
} ECDH_ZGen_Out;
TPM_RC
TPM2_ECDH_ZGen(
ECDH_ZGen_In *in, // IN: input parameter list
ECDH_ZGen_Out *out // OUT: output parameter list
);
#endif

84
src/tpm2/EC_Ephemeral_fp.h Normal file
View File

@ -0,0 +1,84 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: EC_Ephemeral_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef EC_EPHEMERAL_FP_H
#define EC_EPHEMERAL_FP_H
typedef struct {
TPMI_ECC_CURVE curveID;
} EC_Ephemeral_In;
#define RC_EC_Ephemeral_curveID (TPM_RC_P + TPM_RC_1)
typedef struct {
TPM2B_ECC_POINT Q;
UINT16 counter;
} EC_Ephemeral_Out;
TPM_RC
TPM2_EC_Ephemeral(
EC_Ephemeral_In *in, // IN: input parameter list
EC_Ephemeral_Out *out // OUT: output parameter list
);
#endif

159
src/tpm2/EccTestData.h Normal file
View File

@ -0,0 +1,159 @@
/********************************************************************************/
/* */
/* Parameter data for ECC testing */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: EccTestData.h 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
#ifndef ECCTESTDATA_H
#define ECCTESTDATA_H
/* 10.1.12 EccTestData.h */
#ifdef SELF_TEST_DATA
TPM2B_TYPE(EC_TEST, 32);
const TPM_ECC_CURVE c_testCurve = 00003;
/* The static key */
const TPM2B_EC_TEST c_ecTestKey_ds = {{32, {
0xdf,0x8d,0xa4,0xa3,0x88,0xf6,0x76,0x96,0x89,0xfc,0x2f,0x2d,0xa1,0xb4,0x39,0x7a,
0x78,0xc4,0x7f,0x71,0x8c,0xa6,0x91,0x85,0xc0,0xbf,0xf3,0x54,0x20,0x91,0x2f,0x73}}};
const TPM2B_EC_TEST c_ecTestKey_QsX = {{32, {
0x17,0xad,0x2f,0xcb,0x18,0xd4,0xdb,0x3f,0x2c,0x53,0x13,0x82,0x42,0x97,0xff,0x8d,
0x99,0x50,0x16,0x02,0x35,0xa7,0x06,0xae,0x1f,0xda,0xe2,0x9c,0x12,0x77,0xc0,0xf9}}};
const TPM2B_EC_TEST c_ecTestKey_QsY = {{32, {
0xa6,0xca,0xf2,0x18,0x45,0x96,0x6e,0x58,0xe6,0x72,0x34,0x12,0x89,0xcd,0xaa,0xad,
0xcb,0x68,0xb2,0x51,0xdc,0x5e,0xd1,0x6d,0x38,0x20,0x35,0x57,0xb2,0xfd,0xc7,0x52}}};
/* The ephemeral key */
const TPM2B_EC_TEST c_ecTestKey_de = {{32, {
0xb6,0xb5,0x33,0x5c,0xd1,0xee,0x52,0x07,0x99,0xea,0x2e,0x8f,0x8b,0x19,0x18,0x07,
0xc1,0xf8,0xdf,0xdd,0xb8,0x77,0x00,0xc7,0xd6,0x53,0x21,0xed,0x02,0x53,0xee,0xac}}};
const TPM2B_EC_TEST c_ecTestKey_QeX = {{32, {
0xa5,0x1e,0x80,0xd1,0x76,0x3e,0x8b,0x96,0xce,0xcc,0x21,0x82,0xc9,0xa2,0xa2,0xed,
0x47,0x21,0x89,0x53,0x44,0xe9,0xc7,0x92,0xe7,0x31,0x48,0x38,0xe6,0xea,0x93,0x47}}};
const TPM2B_EC_TEST c_ecTestKey_QeY = {{32, {
0x30,0xe6,0x4f,0x97,0x03,0xa1,0xcb,0x3b,0x32,0x2a,0x70,0x39,0x94,0xeb,0x4e,0xea,
0x55,0x88,0x81,0x3f,0xb5,0x00,0xb8,0x54,0x25,0xab,0xd4,0xda,0xfd,0x53,0x7a,0x18}}};
/* ECDH test results */
const TPM2B_EC_TEST c_ecTestEcdh_X = {{32, {
0x64,0x02,0x68,0x92,0x78,0xdb,0x33,0x52,0xed,0x3b,0xfa,0x3b,0x74,0xa3,0x3d,0x2c,
0x2f,0x9c,0x59,0x03,0x07,0xf8,0x22,0x90,0xed,0xe3,0x45,0xf8,0x2a,0x0a,0xd8,0x1d}}};
const TPM2B_EC_TEST c_ecTestEcdh_Y = {{32, {
0x58,0x94,0x05,0x82,0xbe,0x5f,0x33,0x02,0x25,0x90,0x3a,0x33,0x90,0x89,0xe3,0xe5,
0x10,0x4a,0xbc,0x78,0xa5,0xc5,0x07,0x64,0xaf,0x91,0xbc,0xe6,0xff,0x85,0x11,0x40}}};
#if ALG_SHA1_VALUE == DEFAULT_TEST_HASH
TPM2B_TYPE(TEST_VALUE, 64);
const TPM2B_TEST_VALUE c_ecTestValue = {{64, {
0x78,0xd5,0xd4,0x56,0x43,0x61,0xdb,0x97,0xa4,0x32,0xc4,0x0b,0x06,0xa9,0xa8,0xa0,
0xf4,0x45,0x7f,0x13,0xd8,0x13,0x81,0x0b,0xe5,0x76,0xbe,0xaa,0xb6,0x3f,0x8d,0x4d,
0x23,0x65,0xcc,0xa7,0xc9,0x19,0x10,0xce,0x69,0xcb,0x0c,0xc7,0x11,0x8d,0xc3,0xff,
0x62,0x69,0xa2,0xbe,0x46,0x90,0xe7,0x7d,0x81,0x77,0x94,0x65,0x1c,0x3e,0xc1,0x3e}}};
const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
0x57,0xf3,0x36,0xb7,0xec,0xc2,0xdd,0x76,0x0e,0xe2,0x81,0x21,0x49,0xc5,0x66,0x11,
0x4b,0x8a,0x4f,0x17,0x62,0x82,0xcc,0x06,0xf6,0x64,0x78,0xef,0x6b,0x7c,0xf2,0x6c}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {{32, {
0x1b,0xed,0x23,0x72,0x8f,0x17,0x5f,0x47,0x2e,0xa7,0x97,0x2c,0x51,0x57,0x20,0x70,
0x6f,0x89,0x74,0x8a,0xa8,0xf4,0x26,0xf4,0x96,0xa1,0xb8,0x3e,0xe5,0x35,0xc5,0x94}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, {
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x42,0xc6,0x0d,0x2f,
0x86,0xa0,0x1c,0x93,0x5e,0x4a,0xad,0x0b,0x67,0xde,0x5d,0x2a,0xb1,0x08,0x4d,0xae}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32, {
0xb1,0x37,0x7b,0xff,0xf8,0xf7,0xcf,0x2f,0xa6,0xa9,0x5a,0xb1,0x03,0xc1,0x1e,0xa7,
0xf8,0x05,0x33,0xc0,0x0a,0x7b,0xda,0x7b,0x1a,0x00,0x47,0xe1,0x9e,0xbe,0x50,0xe4}}};
#endif // SHA1
#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH
TPM2B_TYPE(TEST_VALUE, 64);
const TPM2B_TEST_VALUE c_ecTestValue = {{64, {
0x78,0xd5,0xd4,0x56,0x43,0x61,0xdb,0x97,0xa4,0x32,0xc4,0x0b,0x06,0xa9,0xa8,0xa0,
0xf4,0x45,0x7f,0x13,0xd8,0x13,0x81,0x0b,0xe5,0x76,0xbe,0xaa,0xb6,0x3f,0x8d,0x4d,
0x23,0x65,0xcc,0xa7,0xc9,0x19,0x10,0xce,0x69,0xcb,0x0c,0xc7,0x11,0x8d,0xc3,0xff,
0x62,0x69,0xa2,0xbe,0x46,0x90,0xe7,0x7d,0x81,0x77,0x94,0x65,0x1c,0x3e,0xc1,0x3e}}};
const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
0xf5,0x74,0x6d,0xd6,0xc6,0x56,0x86,0xbb,0xba,0x1c,0xba,0x75,0x65,0xee,0x64,0x31,
0xce,0x04,0xe3,0x9f,0x24,0x3f,0xbd,0xfe,0x04,0xcd,0xab,0x7e,0xfe,0xad,0xcb,0x82}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {{32, {
0xc2,0x4f,0x32,0xa1,0x06,0xc0,0x85,0x4f,0xc6,0xd8,0x31,0x66,0x91,0x9f,0x79,0xcd,
0x5b,0xe5,0x7b,0x94,0xa1,0x91,0x38,0xac,0xd4,0x20,0xa2,0x10,0xf0,0xd5,0x9d,0xbf}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, {
0xad,0xe8,0xd2,0xda,0x57,0x6d,0x4a,0xe5,0xcc,0xcd,0x7c,0x14,0x1a,0x71,0x93,0xab,
0x6b,0x9d,0x0f,0x6a,0x97,0xb2,0x32,0x75,0x6c,0xb7,0x82,0x17,0x6b,0x17,0xca,0x1b}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32, {
0xd6,0xf1,0xe3,0x05,0xe5,0xdb,0x7c,0x8f,0x67,0x46,0x24,0x0f,0x5a,0x67,0xf8,0x2d,
0x5e,0xcb,0xa6,0x8b,0xd7,0x80,0x66,0x83,0x36,0x50,0xd7,0x73,0x7c,0xb8,0x63,0x41}}};
#endif // SHA384
#if ALG_SHA256_VALUE == DEFAULT_TEST_HASH
TPM2B_TYPE(TEST_VALUE, 64);
const TPM2B_TEST_VALUE c_ecTestValue = {{64, {
0x78,0xd5,0xd4,0x56,0x43,0x61,0xdb,0x97,0xa4,0x32,0xc4,0x0b,0x06,0xa9,0xa8,0xa0,
0xf4,0x45,0x7f,0x13,0xd8,0x13,0x81,0x0b,0xe5,0x76,0xbe,0xaa,0xb6,0x3f,0x8d,0x4d,
0x23,0x65,0xcc,0xa7,0xc9,0x19,0x10,0xce,0x69,0xcb,0x0c,0xc7,0x11,0x8d,0xc3,0xff,
0x62,0x69,0xa2,0xbe,0x46,0x90,0xe7,0x7d,0x81,0x77,0x94,0x65,0x1c,0x3e,0xc1,0x3e}}};
const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
0x04,0x7d,0x54,0xeb,0x04,0x6f,0x56,0xec,0xa2,0x6c,0x38,0x8c,0xeb,0x43,0x0b,0x71,
0xf8,0xf2,0xf4,0xa5,0xe0,0x1d,0x3c,0xa2,0x39,0x31,0xe4,0xe7,0x36,0x3b,0xb5,0x5f}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {{32, {
0x8f,0xd0,0x12,0xd9,0x24,0x75,0xf6,0xc4,0x3b,0xb5,0x46,0x75,0x3a,0x41,0x8d,0x80,
0x23,0x99,0x38,0xd7,0xe2,0x40,0xca,0x9a,0x19,0x2a,0xfc,0x54,0x75,0xd3,0x4a,0x6e}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, {
0x80,0xd5,0x77,0x52,0xf4,0x51,0x4a,0xe8,0xd0,0x28,0x91,0x98,0xbd,0x36,0x5d,0x89,
0x24,0x0b,0xcf,0x08,0x30,0x35,0xc2,0x19,0x9f,0xf9,0x49,0x4f,0x53,0xe5,0x1f,0xe8}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32, {
0xf7,0x47,0xda,0x09,0xc6,0xc3,0x28,0x28,0xc2,0xbd,0xbf,0xe6,0xa2,0xec,0x3f,0x44,
0xcf,0xee,0xa2,0x30,0x96,0xe7,0xa4,0xaf,0x1f,0x37,0xac,0x1f,0xc6,0xc1,0xb4,0x25}}};
#endif // SHA256
#endif // SELF_TEST_DATA
#endif

93
src/tpm2/EncryptDecrypt2_fp.h Normal file
View File

@ -0,0 +1,93 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: EncryptDecrypt2_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015, 2016 */
/* */
/********************************************************************************/
/* rev 134 */
#ifndef ENCRYPTDECRYPT2_FP_H
#define ENCRYPTDECRYPT2_FP_H
typedef struct {
TPMI_DH_OBJECT keyHandle;
TPM2B_MAX_BUFFER inData;
TPMI_YES_NO decrypt;
TPMI_ALG_SYM_MODE mode;
TPM2B_IV ivIn;
} EncryptDecrypt2_In;
#define RC_EncryptDecrypt2_keyHandle (TPM_RC_H + TPM_RC_1)
#define RC_EncryptDecrypt2_inData (TPM_RC_P + TPM_RC_1)
#define RC_EncryptDecrypt2_decrypt (TPM_RC_P + TPM_RC_2)
#define RC_EncryptDecrypt2_mode (TPM_RC_P + TPM_RC_3)
#define RC_EncryptDecrypt2_ivIn (TPM_RC_P + TPM_RC_4)
typedef struct {
TPM2B_MAX_BUFFER outData;
TPM2B_IV ivOut;
} EncryptDecrypt2_Out;
TPM_RC
TPM2_EncryptDecrypt2(
EncryptDecrypt2_In *in, // IN: input parameter list
EncryptDecrypt2_Out *out // OUT: output parameter list
);
#endif

93
src/tpm2/EncryptDecrypt_fp.h Normal file
View File

@ -0,0 +1,93 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: EncryptDecrypt_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef ENCRYPTDECRYPT_FP_H
#define ENCRYPTDECRYPT_FP_H
typedef struct {
TPMI_DH_OBJECT keyHandle;
TPMI_YES_NO decrypt;
TPMI_ALG_SYM_MODE mode;
TPM2B_IV ivIn;
TPM2B_MAX_BUFFER inData;
} EncryptDecrypt_In;
#define RC_EncryptDecrypt_keyHandle (TPM_RC_H + TPM_RC_1)
#define RC_EncryptDecrypt_decrypt (TPM_RC_P + TPM_RC_1)
#define RC_EncryptDecrypt_mode (TPM_RC_P + TPM_RC_2)
#define RC_EncryptDecrypt_ivIn (TPM_RC_P + TPM_RC_3)
#define RC_EncryptDecrypt_inData (TPM_RC_P + TPM_RC_4)
typedef struct {
TPM2B_MAX_BUFFER outData;
TPM2B_IV ivOut;
} EncryptDecrypt_Out;
TPM_RC
TPM2_EncryptDecrypt(
EncryptDecrypt_In *in, // IN: input parameter list
EncryptDecrypt_Out *out // OUT: output parameter list
);
#endif

165
src/tpm2/EncryptDecrypt_spt.c Normal file
View File

@ -0,0 +1,165 @@
/********************************************************************************/
/* */
/* Encrypt Decrypt Support */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: EncryptDecrypt_spt.c 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
/* 7.7 Encrypt Decrypt Support (EncryptDecrypt_spt.c) */
#include "Tpm.h"
#include "EncryptDecrypt_fp.h"
#include "EncryptDecrypt_spt.h"
#ifdef TPM_CC_EncryptDecrypt2
/* Error Returns Meaning */
/* TPM_RC_KEY is not a symmetric decryption key with both public and private portions loaded */
/* TPM_RC_SIZE IvIn size is incompatible with the block cipher mode; or inData size is not an even
multiple of the block size for CBC or ECB mode */
/* TPM_RC_VALUE keyHandle is restricted and the argument mode does not match the key's mode */
TPM_RC
EncryptDecryptShared(
TPMI_DH_OBJECT keyHandleIn,
TPMI_YES_NO decryptIn,
TPMI_ALG_SYM_MODE modeIn,
TPM2B_IV *ivIn,
TPM2B_MAX_BUFFER *inData,
EncryptDecrypt_Out *out
)
{
OBJECT *symKey;
UINT16 keySize;
UINT16 blockSize;
BYTE *key;
TPM_ALG_ID alg;
TPM_ALG_ID mode;
TPM_RC result;
BOOL OK;
// Input Validation
symKey = HandleToObject(keyHandleIn);
mode = symKey->publicArea.parameters.symDetail.sym.mode.sym;
// The input key should be a symmetric key
if(symKey->publicArea.type != TPM_ALG_SYMCIPHER)
return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle;
// The key must be unrestricted and allow the selected operation
OK = symKey->publicArea.objectAttributes.restricted != SET;
if(YES == decryptIn)
OK = OK && symKey->publicArea.objectAttributes.decrypt == SET;
else
OK = OK && symKey->publicArea.objectAttributes.sign == SET;
if(!OK)
return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle;
// If the key mode is not TPM_ALG_NULL...
// or TPM_ALG_NULL
if(mode != TPM_ALG_NULL)
{
// then the input mode has to be TPM_ALG_NULL or the same as the key
if((modeIn != TPM_ALG_NULL) && (modeIn != mode))
return TPM_RCS_MODE + RC_EncryptDecrypt_mode;
}
else
{
// if the key mode is null, then the input can't be null
if(modeIn == TPM_ALG_NULL)
return TPM_RCS_MODE + RC_EncryptDecrypt_mode;
mode = modeIn;
}
// The input iv for ECB mode should be an Empty Buffer. All the other modes
// should have an iv size same as encryption block size
keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym;
alg = symKey->publicArea.parameters.symDetail.sym.algorithm;
blockSize = CryptGetSymmetricBlockSize(alg, keySize);
// Note: When an algorithm is not supported by a TPM, the TPM_ALG_xxx for that
// algorithm is not defined. However, it is assumed that the ALG_xxx_VALUE for
// the algorithm is always defined. Both have the same numeric value.
// ALG_xxx_VALUE is used here so that the code does not get cluttered with
// #ifdef's. Having this check does not mean that the algorithm is supported.
// If it was not supported the unmarshaling code would have rejected it before
// this function were called. This means that, depending on the implementation,
// the check could be redundant but it doesn't hurt.
if(((mode == ALG_ECB_VALUE) && (ivIn->t.size != 0))
|| ((mode != ALG_ECB_VALUE) && (ivIn->t.size != blockSize)))
return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn;
// The input data size of CBC mode or ECB mode must be an even multiple of
// the symmetric algorithm's block size
if(((mode == ALG_CBC_VALUE) || (mode == ALG_ECB_VALUE))
&& ((inData->t.size % blockSize) != 0))
return TPM_RCS_SIZE + RC_EncryptDecrypt_inData;
// Copy IV
// Note: This is copied here so that the calls to the encrypt/decrypt functions
// will modify the output buffer, not the input buffer
out->ivOut = *ivIn;
// Command Output
key = symKey->sensitive.sensitive.sym.t.buffer;
// For symmetric encryption, the cipher data size is the same as plain data
// size.
out->outData.t.size = inData->t.size;
if(decryptIn == YES)
{
// Decrypt data to output
result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key,
&(out->ivOut), mode, inData->t.size,
inData->t.buffer);
}
else
{
// Encrypt data to output
result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key,
&(out->ivOut), mode, inData->t.size,
inData->t.buffer);
}
return result;
}
#endif // CC_EncryptDecrypt

78
src/tpm2/EncryptDecrypt_spt.h Normal file
View File

@ -0,0 +1,78 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: EncryptDecrypt_spt.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef ENCRYPTDECRYPT_SPT_H
#define ENCRYPTDECRYPT_SPT_H
#include "EncryptDecrypt_fp.h"
TPM_RC
EncryptDecryptShared(
TPMI_DH_OBJECT keyHandleIn,
TPMI_YES_NO decryptIn,
TPMI_ALG_SYM_MODE modeIn,
TPM2B_IV *ivIn,
TPM2B_MAX_BUFFER *inData,
EncryptDecrypt_Out *out
);
#endif

75
src/tpm2/EncryptDecrypt_spt_fp.h Normal file
View File

@ -0,0 +1,75 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: EncryptDecrypt_spt_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef ENCRYPTDECRYPT_SPT_FP_H
#define ENCRYPTDECRYPT_SPT_FP_H
TPM_RC
EncryptDecryptShared(
TPMI_DH_OBJECT keyHandleIn,
TPMI_YES_NO decryptIn,
TPMI_ALG_SYM_MODE modeIn,
TPM2B_IV *ivIn,
TPM2B_MAX_BUFFER *inData,
EncryptDecrypt_Out *out
);
#endif

486
src/tpm2/Entity.c Normal file
View File

@ -0,0 +1,486 @@
/********************************************************************************/
/* */
/* Accessing properties for handles of various types */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Entity.c 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
/* 9.4 Entity.c */
/* 9.4.1 Description */
/* The functions in this file are used for accessing properties for handles of various
types. Functions in other files require handles of a specific type but the functions in this file
allow use of any handle type. */
/* 9.4.2 Includes */
#include "Tpm.h"
/* 9.4.3 Functions */
/* 9.4.3.1 EntityGetLoadStatus() */
/* This function will check that all the handles access loaded entities. */
/* Error Returns Meaning */
/* TPM_RC_HANDLE handle type does not match */
/* TPM_RC_REFERENCE_Hx() entity is not present */
/* TPM_RC_HIERARCHY entity belongs to a disabled hierarchy */
/* TPM_RC_OBJECT_MEMORY handle is an evict object but there is no space to load it to RAM */
TPM_RC
EntityGetLoadStatus(
COMMAND *command // IN/OUT: command parsing structure
)
{
UINT32 i;
TPM_RC result = TPM_RC_SUCCESS;
//
for(i = 0; i < command->handleNum; i++)
{
TPM_HANDLE handle = command->handles[i];
switch(HandleGetType(handle))
{
// For handles associated with hierarchies, the entity is present
// only if the associated enable is SET.
case TPM_HT_PERMANENT:
switch(handle)
{
case TPM_RH_OWNER:
if(!gc.shEnable)
result = TPM_RC_HIERARCHY;
break;
#ifdef VENDOR_PERMANENT
case VENDOR_PERMANENT:
#endif
case TPM_RH_ENDORSEMENT:
if(!gc.ehEnable)
result = TPM_RC_HIERARCHY;
break;
case TPM_RH_PLATFORM:
if(!g_phEnable)
result = TPM_RC_HIERARCHY;
break;
// null handle, PW session handle and lockout
// handle are always available
case TPM_RH_NULL:
case TPM_RS_PW:
// Need to be careful for lockout. Lockout is always available
// for policy checks but not always available when authValue
// is being checked.
case TPM_RH_LOCKOUT:
break;
default:
// handling of the manufacture_specific handles
if(((TPM_RH)handle >= TPM_RH_AUTH_00)
&& ((TPM_RH)handle <= TPM_RH_AUTH_FF))
// use the value that would have been returned from
// unmarshaling if it did the handle filtering
result = TPM_RC_VALUE;
else
FAIL(FATAL_ERROR_INTERNAL);
break;
}
break;
case TPM_HT_TRANSIENT:
// For a transient object, check if the handle is associated
// with a loaded object.
if(!IsObjectPresent(handle))
result = TPM_RC_REFERENCE_H0;
break;
case TPM_HT_PERSISTENT:
// Persistent object
// Copy the persistent object to RAM and replace the handle with the
// handle of the assigned slot. A TPM_RC_OBJECT_MEMORY,
// TPM_RC_HIERARCHY or TPM_RC_REFERENCE_H0 error may be returned by
// ObjectLoadEvict()
result = ObjectLoadEvict(&command->handles[i], command->index);
break;
case TPM_HT_HMAC_SESSION:
// For an HMAC session, see if the session is loaded
// and if the session in the session slot is actually
// an HMAC session.
if(SessionIsLoaded(handle))
{
SESSION *session;
session = SessionGet(handle);
// Check if the session is a HMAC session
if(session->attributes.isPolicy == SET)
result = TPM_RC_HANDLE;
}
else
result = TPM_RC_REFERENCE_H0;
break;
case TPM_HT_POLICY_SESSION:
// For a policy session, see if the session is loaded
// and if the session in the session slot is actually
// a policy session.
if(SessionIsLoaded(handle))
{
SESSION *session;
session = SessionGet(handle);
// Check if the session is a policy session
if(session->attributes.isPolicy == CLEAR)
result = TPM_RC_HANDLE;
}
else
result = TPM_RC_REFERENCE_H0;
break;
case TPM_HT_NV_INDEX:
// For an NV Index, use the TPM-specific routine
// to search the IN Index space.
result = NvIndexIsAccessible(handle);
break;
case TPM_HT_PCR:
// Any PCR handle that is unmarshaled successfully referenced
// a PCR that is defined.
break;
#ifdef TPM_CC_AC_Send
case TPM_HT_AC:
// Use the TPM-specific routine to search for the AC
result = AcIsAccessible(handle);
break;
#endif
default:
// Any other handle type is a defect in the unmarshaling code.
FAIL(FATAL_ERROR_INTERNAL);
break;
}
if(result != TPM_RC_SUCCESS)
{
if(result == TPM_RC_REFERENCE_H0)
result = result + i;
else
result = RcSafeAddToResult(result, TPM_RC_H + g_rcIndex[i]);
break;
}
}
return result;
}
/* 9.4.3.2 EntityGetAuthValue() */
/* This function is used to access the authValue associated with a handle. This function assumes
that the handle references an entity that is accessible and the handle is not for a persistent
objects. That is EntityGetLoadStatus() should have been called. Also, the accessibility of the
authValue should have been verified by IsAuthValueAvailable(). */
/* This function copies the authorization value of the entity to auth. */
/* Return Values Meaning */
/* count number of bytes in the authValue with zeros stripped */
UINT16
EntityGetAuthValue(
TPMI_DH_ENTITY handle, // IN: handle of entity
TPM2B_AUTH *auth // OUT: authValue of the entity
)
{
TPM2B_AUTH *pAuth = NULL;
auth->t.size = 0;
switch(HandleGetType(handle))
{
case TPM_HT_PERMANENT:
{
switch(handle)
{
case TPM_RH_OWNER:
// ownerAuth for TPM_RH_OWNER
pAuth = &gp.ownerAuth;
break;
case TPM_RH_ENDORSEMENT:
// endorsementAuth for TPM_RH_ENDORSEMENT
pAuth = &gp.endorsementAuth;
break;
case TPM_RH_PLATFORM:
// platformAuth for TPM_RH_PLATFORM
pAuth = &gc.platformAuth;
break;
case TPM_RH_LOCKOUT:
// lockoutAuth for TPM_RH_LOCKOUT
pAuth = &gp.lockoutAuth;
break;
case TPM_RH_NULL:
// nullAuth for TPM_RH_NULL. Return 0 directly here
return 0;
break;
#ifdef VENDOR_PERMANENT
case VENDOR_PERMANENT:
// vendor authorization value
pAauth = &g_platformUniqueDetails;
#endif
default:
// If any other permanent handle is present it is
// a code defect.
FAIL(FATAL_ERROR_INTERNAL);
break;
}
break;
}
case TPM_HT_TRANSIENT:
// authValue for an object
// A persistent object would have been copied into RAM
// and would have an transient object handle here.
{
OBJECT *object;
object = HandleToObject(handle);
// special handling if this is a sequence object
if(ObjectIsSequence(object))
{
pAuth = &((HASH_OBJECT *)object)->auth;
}
else
{
// Authorization is available only when the private portion of
// the object is loaded. The check should be made before
// this function is called
pAssert(object->attributes.publicOnly == CLEAR);
pAuth = &object->sensitive.authValue;
}
}
break;
case TPM_HT_NV_INDEX:
// authValue for an NV index
{
NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL);
pAssert(nvIndex != NULL);
pAuth = &nvIndex->authValue;
}
break;
case TPM_HT_PCR:
// authValue for PCR
pAuth = PCRGetAuthValue(handle);
break;
default:
// If any other handle type is present here, then there is a defect
// in the unmarshaling code.
FAIL(FATAL_ERROR_INTERNAL);
break;
}
// Copy the authValue
MemoryCopy2B(&auth->b, &pAuth->b, sizeof(auth->t.buffer));
MemoryRemoveTrailingZeros(auth);
return auth->t.size;
}
/* 9.4.3.3 EntityGetAuthPolicy() */
/* This function is used to access the authPolicy associated with a handle. This function assumes
that the handle references an entity that is accessible and the handle is not for a persistent
objects. That is EntityGetLoadStatus() should have been called. Also, the accessibility of the
authPolicy should have been verified by IsAuthPolicyAvailable(). */
/* This function copies the authorization policy of the entity to authPolicy. */
/* The return value is the hash algorithm for the policy. */
TPMI_ALG_HASH
EntityGetAuthPolicy(
TPMI_DH_ENTITY handle, // IN: handle of entity
TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity
)
{
TPMI_ALG_HASH hashAlg = TPM_ALG_NULL;
authPolicy->t.size = 0;
switch(HandleGetType(handle))
{
case TPM_HT_PERMANENT:
switch(handle)
{
case TPM_RH_OWNER:
// ownerPolicy for TPM_RH_OWNER
*authPolicy = gp.ownerPolicy;
hashAlg = gp.ownerAlg;
break;
case TPM_RH_ENDORSEMENT:
// endorsementPolicy for TPM_RH_ENDORSEMENT
*authPolicy = gp.endorsementPolicy;
hashAlg = gp.endorsementAlg;
break;
case TPM_RH_PLATFORM:
// platformPolicy for TPM_RH_PLATFORM
*authPolicy = gc.platformPolicy;
hashAlg = gc.platformAlg;
break;
case TPM_RH_LOCKOUT:
// lockoutPolicy for TPM_RH_LOCKOUT
*authPolicy = gp.lockoutPolicy;
hashAlg = gp.lockoutAlg;
break;
default:
return TPM_ALG_ERROR;
break;
}
break;
case TPM_HT_TRANSIENT:
// authPolicy for an object
{
OBJECT *object = HandleToObject(handle);
*authPolicy = object->publicArea.authPolicy;
hashAlg = object->publicArea.nameAlg;
}
break;
case TPM_HT_NV_INDEX:
// authPolicy for a NV index
{
NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL);
pAssert(nvIndex != 0);
*authPolicy = nvIndex->publicArea.authPolicy;
hashAlg = nvIndex->publicArea.nameAlg;
}
break;
case TPM_HT_PCR:
// authPolicy for a PCR
hashAlg = PCRGetAuthPolicy(handle, authPolicy);
break;
default:
// If any other handle type is present it is a code defect.
FAIL(FATAL_ERROR_INTERNAL);
break;
}
return hashAlg;
}
/* 9.4.3.4 EntityGetName() */
/* This function returns the Name associated with a handle. */
TPM2B_NAME *
EntityGetName(
TPMI_DH_ENTITY handle, // IN: handle of entity
TPM2B_NAME *name // OUT: name of entity
)
{
switch(HandleGetType(handle))
{
case TPM_HT_TRANSIENT:
{
// Name for an object
OBJECT *object = HandleToObject(handle);
// an object with no nameAlg has no name
if(object->publicArea.nameAlg == TPM_ALG_NULL)
name->b.size = 0;
else
*name = object->name;
break;
}
case TPM_HT_NV_INDEX:
// Name for a NV index
NvGetNameByIndexHandle(handle, name);
break;
default:
// For all other types, the handle is the Name
name->t.size = sizeof(TPM_HANDLE);
UINT32_TO_BYTE_ARRAY(handle, name->t.name);
break;
}
return name;
}
/* 9.4.3.5 EntityGetHierarchy() */
/* This function returns the hierarchy handle associated with an entity. */
/* a) A handle that is a hierarchy handle is associated with itself. */
/* b) An NV index belongs to TPM_RH_PLATFORM if TPMA_NV_PLATFORMCREATE, is SET, otherwise it belongs
to TPM_RH_OWNER */
/* c) An object handle belongs to its hierarchy. All other handles belong to the platform
hierarchy. or an NV Index. */
TPMI_RH_HIERARCHY
EntityGetHierarchy(
TPMI_DH_ENTITY handle // IN :handle of entity
)
{
TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL;
switch(HandleGetType(handle))
{
case TPM_HT_PERMANENT:
// hierarchy for a permanent handle
switch(handle)
{
case TPM_RH_PLATFORM:
case TPM_RH_ENDORSEMENT:
case TPM_RH_NULL:
hierarchy = handle;
break;
// all other permanent handles are associated with the owner
// hierarchy. (should only be TPM_RH_OWNER and TPM_RH_LOCKOUT)
default:
hierarchy = TPM_RH_OWNER;
break;
}
break;
case TPM_HT_NV_INDEX:
// hierarchy for NV index
{
NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL);
pAssert(nvIndex != NULL);
// If only the platform can delete the index, then it is
// considered to be in the platform hierarchy, otherwise it
// is in the owner hierarchy.
if(IsNv_TPMA_NV_PLATFORMCREATE(nvIndex->publicArea.attributes))
hierarchy = TPM_RH_PLATFORM;
else
hierarchy = TPM_RH_OWNER;
}
break;
case TPM_HT_TRANSIENT:
// hierarchy for an object
{
OBJECT *object;
object = HandleToObject(handle);
if(object->attributes.ppsHierarchy)
{
hierarchy = TPM_RH_PLATFORM;
}
else if(object->attributes.epsHierarchy)
{
hierarchy = TPM_RH_ENDORSEMENT;
}
else if(object->attributes.spsHierarchy)
{
hierarchy = TPM_RH_OWNER;
}
}
break;
case TPM_HT_PCR:
hierarchy = TPM_RH_OWNER;
break;
default:
FAIL(FATAL_ERROR_INTERNAL);
break;
}
// this is unreachable but it provides a return value for the default
// case which makes the complier happy
return hierarchy;
}

90
src/tpm2/Entity_fp.h Normal file
View File

@ -0,0 +1,90 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Entity_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef ENTITY_FP_H
#define ENTITY_FP_H
TPM_RC
EntityGetLoadStatus(
COMMAND *command // IN/OUT: command parsing structure
);
UINT16
EntityGetAuthValue(
TPMI_DH_ENTITY handle, // IN: handle of entity
TPM2B_AUTH *auth // OUT: authValue of the entity
);
TPMI_ALG_HASH
EntityGetAuthPolicy(
TPMI_DH_ENTITY handle, // IN: handle of entity
TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity
);
TPM2B_NAME *
EntityGetName(
TPMI_DH_ENTITY handle, // IN: handle of entity
TPM2B_NAME *name // OUT: name of entity
);
TPMI_RH_HIERARCHY
EntityGetHierarchy(
TPMI_DH_ENTITY handle // IN :handle of entity
);
#endif

114
src/tpm2/Entropy.c Normal file
View File

@ -0,0 +1,114 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Entropy.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* C.4 Entropy.c */
/* C.4.1. Includes */
#define _CRT_RAND_S
#include <stdlib.h>
#include <memory.h>
#include "PlatformData.h"
#include "Platform_fp.h"
/* C.4.2. Local values */
/* This is the last 32-bits of hardware entropy produced. We have to check to see that two
consecutive 32-bit values are not the same because (according to FIPS 140-2, annex C */
/* "If each call to a RNG produces blocks of n bits (where n > 15), the first n-bit block generated
after power-up, initialization, or reset shall not be used, but shall be saved for comparison
with the next n-bit block to be generated. Each subsequent generation of an n-bit block shall be
compared with the previously generated block. The test shall fail if any two compared n-bit
blocks are equal." */
extern uint32_t lastEntropy;
extern int firstValue;
/* C.4.3. _plat__GetEntropy() */
/* This function is used to get available hardware entropy. In a hardware implementation of this
function, there would be no call to the system to get entropy. If the caller does not ask for any
entropy, then this is a startup indication and firstValue should be reset. */
/* Return Values Meaning */
/* < 0 hardware failure of the entropy generator, this is sticky */
/* >= 0 the returned amount of entropy (bytes) */
LIB_EXPORT int32_t
_plat__GetEntropy(
unsigned char *entropy, // output buffer
uint32_t amount // amount requested
)
{
uint32_t rndNum;
int OK = 1;
if(amount == 0)
{
firstValue = 1;
return 0;
}
// Only provide entropy 32 bits at a time to test the ability
// of the caller to deal with partial results.
rndNum = rand();
if(firstValue)
firstValue = 0;
else
OK = (rndNum != lastEntropy);
if(OK)
{
lastEntropy = rndNum;
if(amount > sizeof(rndNum))
amount = sizeof(rndNum);
memcpy(entropy, &rndNum, amount);
}
return (OK) ? (int32_t)amount : -1;
}

194
src/tpm2/EphemeralCommands.c Normal file
View File

@ -0,0 +1,194 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: EphemeralCommands.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#include "Tpm.h"
#include "Commit_fp.h"
#ifdef TPM_CC_Commit // Conditional expansion of this file
#ifdef TPM_ALG_ECC
TPM_RC
TPM2_Commit(
Commit_In *in, // IN: input parameter list
Commit_Out *out // OUT: output parameter list
)
{
OBJECT *eccKey;
TPMS_ECC_POINT P2;
TPMS_ECC_POINT *pP2 = NULL;
TPMS_ECC_POINT *pP1 = NULL;
TPM2B_ECC_PARAMETER r;
TPM2B_ECC_PARAMETER p;
TPM_RC result;
TPMS_ECC_PARMS *parms;
// Input Validation
eccKey = HandleToObject(in->signHandle);
parms = &eccKey->publicArea.parameters.eccDetail;
// Input key must be an ECC key
if(eccKey->publicArea.type != TPM_ALG_ECC)
return TPM_RCS_KEY + RC_Commit_signHandle;
// This command may only be used with a sign-only key using an anonymous
// scheme.
// NOTE: a sign + decrypt key has no scheme so it will not be an anonymous one
// and an unrestricted sign key might no have a signing scheme but it can't
// be use in Commit()
if(!CryptIsSchemeAnonymous(parms->scheme.scheme))
return TPM_RCS_SCHEME + RC_Commit_signHandle;
// Make sure that both parts of P2 are present if either is present
if((in->s2.t.size == 0) != (in->y2.t.size == 0))
return TPM_RCS_SIZE + RC_Commit_y2;
// Get prime modulus for the curve. This is needed later but getting this now
// allows confirmation that the curve exists.
if(!CryptEccGetParameter(&p, 'p', parms->curveID))
return TPM_RCS_KEY + RC_Commit_signHandle;
// Get the random value that will be used in the point multiplications
// Note: this does not commit the count.
if(!CryptGenerateR(&r, NULL, parms->curveID, &eccKey->name))
return TPM_RC_NO_RESULT;
// Set up P2 if s2 and Y2 are provided
if(in->s2.t.size != 0)
{
TPM2B_DIGEST x2;
pP2 = &P2;
// copy y2 for P2
P2.y = in->y2;
// Compute x2 HnameAlg(s2) mod p
// do the hash operation on s2 with the size of curve 'p'
x2.t.size = CryptHashBlock(eccKey->publicArea.nameAlg,
in->s2.t.size,
in->s2.t.buffer,
sizeof(x2.t.buffer),
x2.t.buffer);
// If there were error returns in the hash routine, indicate a problem
// with the hash algorithm selection
if(x2.t.size == 0)
return TPM_RCS_HASH + RC_Commit_signHandle;
// The size of the remainder will be same as the size of p. DivideB() will
// pad the results (leading zeros) if necessary to make the size the same
P2.x.t.size = p.t.size;
// set p2.x = hash(s2) mod p
if(DivideB(&x2.b, &p.b, NULL, &P2.x.b) != TPM_RC_SUCCESS)
return TPM_RC_NO_RESULT;
if(!CryptEccIsPointOnCurve(parms->curveID, pP2))
return TPM_RCS_ECC_POINT + RC_Commit_s2;
if(eccKey->attributes.publicOnly == SET)
return TPM_RCS_KEY + RC_Commit_signHandle;
}
// If there is a P1, make sure that it is on the curve
// NOTE: an "empty" point has two UINT16 values which are the size values
// for each of the coordinates.
if(in->P1.size > 4)
{
pP1 = &in->P1.point;
if(!CryptEccIsPointOnCurve(parms->curveID, pP1))
return TPM_RCS_ECC_POINT + RC_Commit_P1;
}
// Pass the parameters to CryptCommit.
// The work is not done in-line because it does several point multiplies
// with the same curve. It saves work by not having to reload the curve
// parameters multiple times.
result = CryptEccCommitCompute(&out->K.point,
&out->L.point,
&out->E.point,
parms->curveID,
pP1,
pP2,
&eccKey->sensitive.sensitive.ecc,
&r);
if(result != TPM_RC_SUCCESS)
return result;
// The commit computation was successful so complete the commit by setting
// the bit
out->counter = CryptCommit();
return TPM_RC_SUCCESS;
}
#endif
#endif // CC_Commit
#include "Tpm.h"
#include "EC_Ephemeral_fp.h"
#ifdef TPM_CC_EC_Ephemeral // Conditional expansion of this file
#ifdef TPM_ALG_ECC
TPM_RC
TPM2_EC_Ephemeral(
EC_Ephemeral_In *in, // IN: input parameter list
EC_Ephemeral_Out *out // OUT: output parameter list
)
{
TPM2B_ECC_PARAMETER r;
TPM_RC result;
//
do
{
// Get the random value that will be used in the point multiplications
// Note: this does not commit the count.
if(!CryptGenerateR(&r, NULL, in->curveID, NULL))
return TPM_RC_NO_RESULT;
// do a point multiply
result = CryptEccPointMultiply(&out->Q.point, in->curveID, NULL, &r,
NULL, NULL);
// commit the count value if either the r value results in the point at
// infinity or if the value is good. The commit on the r value for infinity
// is so that the r value will be skipped.
if((result == TPM_RC_SUCCESS) || (result == TPM_RC_NO_RESULT))
out->counter = CryptCommit();
} while(result == TPM_RC_NO_RESULT);
return TPM_RC_SUCCESS;
}
#endif
#endif // CC_EC_Ephemeral

88
src/tpm2/EventSequenceComplete_fp.h Normal file
View File

@ -0,0 +1,88 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: EventSequenceComplete_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef EVENTSEQUENCECOMPLETE_FP_H
#define EVENTSEQUENCECOMPLETE_FP_H
typedef struct {
TPMI_DH_PCR pcrHandle;
TPMI_DH_OBJECT sequenceHandle;
TPM2B_MAX_BUFFER buffer;
} EventSequenceComplete_In;
#define RC_EventSequenceComplete_pcrHandle (TPM_RC_H + TPM_RC_1)
#define RC_EventSequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_2)
#define RC_EventSequenceComplete_buffer (TPM_RC_P + TPM_RC_1)
typedef struct {
TPML_DIGEST_VALUES results;
} EventSequenceComplete_Out;
TPM_RC
TPM2_EventSequenceComplete(
EventSequenceComplete_In *in, // IN: input parameter list
EventSequenceComplete_Out *out // OUT: output parameter list
);
#endif

82
src/tpm2/EvictControl_fp.h Normal file
View File

@ -0,0 +1,82 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: EvictControl_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef EVICTCONTROL_FP_H
#define EVICTCONTROL_FP_H
typedef struct {
TPMI_RH_PROVISION auth;
TPMI_DH_OBJECT objectHandle;
TPMI_DH_PERSISTENT persistentHandle;
} EvictControl_In;
#define RC_EvictControl_auth (TPM_RC_H + TPM_RC_1)
#define RC_EvictControl_objectHandle (TPM_RC_H + TPM_RC_2)
#define RC_EvictControl_persistentHandle (TPM_RC_P + TPM_RC_1)
TPM_RC
TPM2_EvictControl(
EvictControl_In *in // IN: input parameter list
);
#endif

313
src/tpm2/ExecCommand.c Normal file
View File

@ -0,0 +1,313 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ExecCommand.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* 6.2 ExecCommand.c */
/* This file contains the entry function ExecuteCommand() which provides the main control flow for
TPM command execution. */
#include "Tpm.h"
#include "ExecCommand_fp.h"
/* Uncomment this next #include if doing static command/response buffer sizing */
// #include "CommandResponseSizes_fp.h"
// The function performs the following steps.
// a) Parses the command header from input buffer.
// b) Calls ParseHandleBuffer() to parse the handle area of the command.
// c) Validates that each of the handles references a loaded entity.
// d) Calls ParseSessionBuffer() () to:
// 1) unmarshal and parse the session area;
// 2) check the authorizations; and
// 3) when necessary, decrypt a parameter.
// e) Calls CommandDispatcher() to:
// 1) unmarshal the command parameters from the command buffer;
// 2) call the routine that performs the command actions; and
// 3) marshal the responses into the response buffer.
// f) If any error occurs in any of the steps above create the error response and return.
// g) Calls BuildResponseSessions() to:
// 1) when necessary, encrypt a parameter
// 2) build the response authorization sessions
// 3) update the audit sessions and nonces
// h) Calls BuildResponseHeader() to complete the construction of the response.
// responseSize is set by the caller to the maximum number of bytes available in the output
// buffer. ExecuteCommand() will adjust the value and return the number of bytes placed in
// the buffer.
// response is also set by the caller to indicate the buffer into which ExecuteCommand() is
// to place the response.
// request and response may point to the same buffer
// NOTE: As of February, 2016, the failure processing has been moved to the platform-specific
// code. When the TPM code encounters an unrecoverable failure, it will SET g_inFailureMode
// and call _plat__Fail(). That function should not return but may call ExecuteCommand().
LIB_EXPORT void
ExecuteCommand(
uint32_t requestSize, // IN: command buffer size
unsigned char *request, // IN: command buffer
uint32_t *responseSize, // IN/OUT: response buffer size
unsigned char **response // IN/OUT: response buffer
)
{
// Command local variables
UINT32 commandSize;
COMMAND command;
// Response local variables
UINT32 maxResponse = *responseSize;
TPM_RC result; // return code for the command
// This next function call is used in development to size the command and response
// buffers. The values printed are the sizes of the internal structures and
// not the sizes of the canonical forms of he command response structures. Also,
// the sizes do not include the tag, command.code, requestSize, or the authorization
// fields.
//CommandResponseSizes();
// Set flags for NV access state. This should happen before any other
// operation that may require a NV write. Note, that this needs to be done
// even when in failure mode. Otherwise, g_updateNV would stay SET while in
// Failure mode and the NV would be written on each call.
g_updateNV = UT_NONE;
g_clearOrderly = FALSE;
if(g_inFailureMode)
{
// Do failure mode processing
TpmFailureMode(requestSize, request, responseSize, response);
return;
}
// Query platform to get the NV state. The result state is saved internally
// and will be reported by NvIsAvailable(). The reference code requires that
// accessibility of NV does not change during the execution of a command.
// Specifically, if NV is available when the command execution starts and then
// is not available later when it is necessary to write to NV, then the TPM
// will go into failure mode.
NvCheckState();
// Due to the limitations of the simulation, TPM clock must be explicitly
// synchronized with the system clock whenever a command is received.
// This function call is not necessary in a hardware TPM. However, taking
// a snapshot of the hardware timer at the beginning of the command allows
// the time value to be consistent for the duration of the command execution.
TimeUpdateToCurrent();
// Any command through this function will unceremoniously end the
// _TPM_Hash_Data/_TPM_Hash_End sequence.
if(g_DRTMHandle != TPM_RH_UNASSIGNED)
ObjectTerminateEvent();
// Get command buffer size and command buffer.
command.parameterBuffer = request;
command.parameterSize = requestSize;
// Parse command header: tag, commandSize and command.code.
// First parse the tag. The unmarshaling routine will validate
// that it is either TPM_ST_SESSIONS or TPM_ST_NO_SESSIONS.
result = TPMI_ST_COMMAND_TAG_Unmarshal(&command.tag,
&command.parameterBuffer,
&command.parameterSize);
if(result != TPM_RC_SUCCESS)
goto Cleanup;
// Unmarshal the commandSize indicator.
result = UINT32_Unmarshal(&commandSize,
&command.parameterBuffer,
&command.parameterSize);
if(result != TPM_RC_SUCCESS)
goto Cleanup;
// On a TPM that receives bytes on a port, the number of bytes that were
// received on that port is requestSize it must be identical to commandSize.
// In addition, commandSize must not be larger than MAX_COMMAND_SIZE allowed
// by the implementation. The check against MAX_COMMAND_SIZE may be redundant
// as the input processing (the function that receives the command bytes and
// places them in the input buffer) would likely have the input truncated when
// it reaches MAX_COMMAND_SIZE, and requestSize would not equal commandSize.
if(commandSize != requestSize || commandSize > MAX_COMMAND_SIZE)
{
result = TPM_RC_COMMAND_SIZE;
goto Cleanup;
}
// Unmarshal the command code.
result = TPM_CC_Unmarshal(&command.code, &command.parameterBuffer,
&command.parameterSize);
if(result != TPM_RC_SUCCESS)
goto Cleanup;
// Check to see if the command is implemented.
command.index = CommandCodeToCommandIndex(command.code);
if(UNIMPLEMENTED_COMMAND_INDEX == command.index)
{
result = TPM_RC_COMMAND_CODE;
goto Cleanup;
}
#if FIELD_UPGRADE_IMPLEMENTED == YES
// If the TPM is in FUM, then the only allowed command is
// TPM_CC_FieldUpgradeData.
if(IsFieldUgradeMode() && (command.code != TPM_CC_FieldUpgradeData))
{
result = TPM_RC_UPGRADE;
goto Cleanup;
}
else
#endif
// Excepting FUM, the TPM only accepts TPM2_Startup() after
// _TPM_Init. After getting a TPM2_Startup(), TPM2_Startup()
// is no longer allowed.
if((!TPMIsStarted() && command.code != TPM_CC_Startup)
|| (TPMIsStarted() && command.code == TPM_CC_Startup))
{
result = TPM_RC_INITIALIZE;
goto Cleanup;
}
// Start regular command process.
NvIndexCacheInit();
// Parse Handle buffer.
result = ParseHandleBuffer(&command);
if(result != TPM_RC_SUCCESS)
goto Cleanup;
// All handles in the handle area are required to reference TPM-resident
// entities.
result = EntityGetLoadStatus(&command);
if(result != TPM_RC_SUCCESS)
goto Cleanup;
// Authorization session handling for the command.
ClearCpRpHashes(&command);
if(command.tag == TPM_ST_SESSIONS)
{
// Find out session buffer size.
result = UINT32_Unmarshal((UINT32 *)&command.authSize,
&command.parameterBuffer,
&command.parameterSize);
if(result != TPM_RC_SUCCESS)
goto Cleanup;
// Perform sanity check on the unmarshaled value. If it is smaller than
// the smallest possible session or larger than the remaining size of
// the command, then it is an error. NOTE: This check could pass but the
// session size could still be wrong. That will be determined after the
// sessions are unmarshaled.
if(command.authSize < 9
|| command.authSize > command.parameterSize)
{
result = TPM_RC_SIZE;
goto Cleanup;
}
command.parameterSize -= command.authSize;
// The actions of ParseSessionBuffer() are described in the introduction.
// As the sessions are parsed command.parameterBuffer is advanced so, on a
// successful return, command.parameterBuffer should be pointing at the
// first byte of the parameters.
result = ParseSessionBuffer(&command);
if(result != TPM_RC_SUCCESS)
goto Cleanup;
}
else
{
command.authSize = 0;
// The command has no authorization sessions.
// If the command requires authorizations, then CheckAuthNoSession() will
// return an error.
result = CheckAuthNoSession(&command);
if(result != TPM_RC_SUCCESS)
goto Cleanup;
}
// Set up the response buffer pointers. CommandDispatch will marshal the
// response parameters starting at the address in command.responseBuffer.
// *response = MemoryGetResponseBuffer(command.index);
// leave space for the command header
command.responseBuffer = *response + STD_RESPONSE_HEADER;
// leave space for the parameter size field if needed
if(command.tag == TPM_ST_SESSIONS)
command.responseBuffer += sizeof(UINT32);
if(IsHandleInResponse(command.index))
command.responseBuffer += sizeof(TPM_HANDLE);
// CommandDispatcher returns a response handle buffer and a response parameter
// buffer if it succeeds. It will also set the parameterSize field in the
// buffer if the tag is TPM_RC_SESSIONS.
result = CommandDispatcher(&command);
if(result != TPM_RC_SUCCESS)
goto Cleanup;
// Build the session area at the end of the parameter area.
BuildResponseSession(&command);
Cleanup:
if(g_clearOrderly == TRUE
&& NV_IS_ORDERLY)
{
#ifdef USE_DA_USED
gp.orderlyState = g_daUsed ? SU_DA_USED_VALUE : SU_NONE_VALUE;
#else
gp.orderlyState = SU_NONE_VALUE;
#endif
NV_SYNC_PERSISTENT(orderlyState);
}
// This implementation loads an "evict" object to a transient object slot in
// RAM whenever an "evict" object handle is used in a command so that the
// access to any object is the same. These temporary objects need to be
// cleared from RAM whether the command succeeds or fails.
ObjectCleanupEvict();
// The parameters and sessions have been marshaled. Now tack on the header and
// set the sizes
BuildResponseHeader(&command, *response, result);
// Try to commit all the writes to NV if any NV write happened during this
// command execution. This check should be made for both succeeded and failed
// commands, because a failed one may trigger a NV write in DA logic as well.
// This is the only place in the command execution path that may call the NV
// commit. If the NV commit fails, the TPM should be put in failure mode.
if((g_updateNV != UT_NONE) && !g_inFailureMode)
{
if(g_updateNV == UT_ORDERLY)
NvUpdateIndexOrderlyData();
if(!NvCommit())
FAIL(FATAL_ERROR_INTERNAL);
g_updateNV = UT_NONE;
}
pAssert((UINT32)command.parameterSize <= maxResponse);
// Clear unused bits in response buffer.
MemorySet(*response + *responseSize, 0, maxResponse - *responseSize);
// as a final act, and not before, update the response size.
*responseSize = (UINT32)command.parameterSize;
return;
}

73
src/tpm2/ExecCommand_fp.h Normal file
View File

@ -0,0 +1,73 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: ExecCommand_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef EXECCOMMAND_FP_H
#define EXECCOMMAND_FP_H
LIB_EXPORT void
ExecuteCommand(
uint32_t requestSize, // IN: command buffer size
unsigned char *request, // IN: command buffer
uint32_t *responseSize, // IN/OUT: response buffer size
unsigned char **response // IN/OUT: response buffer
);
#endif

78
src/tpm2/FlushContext_fp.h Normal file
View File

@ -0,0 +1,78 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: FlushContext_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef FLUSHCONTEXT_FP_H
#define FLUSHCONTEXT_FP_H
typedef struct {
TPMI_DH_CONTEXT flushHandle;
} FlushContext_In;
#define RC_FlushContext_flushHandle (TPM_RC_P + TPM_RC_1)
TPM_RC
TPM2_FlushContext(
FlushContext_In *in // IN: input parameter list
);
#endif

90
src/tpm2/GetCapability_fp.h Normal file
View File

@ -0,0 +1,90 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: GetCapability_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef GETCAPABILITY_FP_H
#define GETCAPABILITY_FP_H
typedef struct {
TPM_CAP capability;
UINT32 property;
UINT32 propertyCount;
} GetCapability_In;
#define RC_GetCapability_capability (TPM_RC_P + TPM_RC_1)
#define RC_GetCapability_property (TPM_RC_P + TPM_RC_2)
#define RC_GetCapability_propertyCount (TPM_RC_P + TPM_RC_3)
typedef struct {
TPMI_YES_NO moreData;
TPMS_CAPABILITY_DATA capabilityData;
} GetCapability_Out;
TPM_RC
TPM2_GetCapability(
GetCapability_In *in, // IN: input parameter list
GetCapability_Out *out // OUT: output parameter list
);
#endif

91
src/tpm2/GetCommandAuditDigest_fp.h Normal file
View File

@ -0,0 +1,91 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: GetCommandAuditDigest_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef GETCOMMANDAUDITDIGEST_FP_H
#define GETCOMMANDAUDITDIGEST_FP_H
typedef struct {
TPMI_RH_ENDORSEMENT privacyHandle;
TPMI_DH_OBJECT signHandle;
TPM2B_DATA qualifyingData;
TPMT_SIG_SCHEME inScheme;
} GetCommandAuditDigest_In;
#define RC_GetCommandAuditDigest_privacyHandle (TPM_RC_H + TPM_RC_1)
#define RC_GetCommandAuditDigest_signHandle (TPM_RC_H + TPM_RC_2)
#define RC_GetCommandAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1)
#define RC_GetCommandAuditDigest_inScheme (TPM_RC_P + TPM_RC_2)
typedef struct {
TPM2B_ATTEST auditInfo;
TPMT_SIGNATURE signature;
} GetCommandAuditDigest_Out;
TPM_RC
TPM2_GetCommandAuditDigest(
GetCommandAuditDigest_In *in, // IN: input parameter list
GetCommandAuditDigest_Out *out // OUT: output parameter list
);
#endif

84
src/tpm2/GetRandom_fp.h Normal file
View File

@ -0,0 +1,84 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: GetRandom_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef GETRANDOM_FP_H
#define GETRANDOM_FP_H
typedef struct {
UINT16 bytesRequested;
} GetRandom_In;
#define RC_GetRandom_bytesRequested (TPM_RC_P + TPM_RC_1)
typedef struct {
TPM2B_DIGEST randomBytes;
} GetRandom_Out;
TPM_RC
TPM2_GetRandom(
GetRandom_In *in, // IN: input parameter list
GetRandom_Out *out // OUT: output parameter list
);
#endif

93
src/tpm2/GetSessionAuditDigest_fp.h Normal file
View File

@ -0,0 +1,93 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: GetSessionAuditDigest_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef GETSESSIONAUDITDIGEST_FP_H
#define GETSESSIONAUDITDIGEST_FP_H
typedef struct {
TPMI_RH_ENDORSEMENT privacyAdminHandle;
TPMI_DH_OBJECT signHandle;
TPMI_SH_HMAC sessionHandle;
TPM2B_DATA qualifyingData;
TPMT_SIG_SCHEME inScheme;
} GetSessionAuditDigest_In;
#define RC_GetSessionAuditDigest_privacyAdminHandle (TPM_RC_H + TPM_RC_1)
#define RC_GetSessionAuditDigest_signHandle (TPM_RC_H + TPM_RC_2)
#define RC_GetSessionAuditDigest_sessionHandle (TPM_RC_H + TPM_RC_3)
#define RC_GetSessionAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1)
#define RC_GetSessionAuditDigest_inScheme (TPM_RC_P + TPM_RC_2)
typedef struct {
TPM2B_ATTEST auditInfo;
TPMT_SIGNATURE signature;
} GetSessionAuditDigest_Out;
TPM_RC
TPM2_GetSessionAuditDigest(
GetSessionAuditDigest_In *in, // IN: input parameter list
GetSessionAuditDigest_Out *out // OUT: output parameter list
);
#endif

79
src/tpm2/GetTestResult_fp.h Normal file
View File

@ -0,0 +1,79 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: GetTestResult_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2016 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef GETTESTRESULT_FP_H
#define GETTESTRESULT_FP_H
typedef struct{
TPM2B_MAX_BUFFER outData;
TPM_RC testResult;
} GetTestResult_Out;
TPM_RC
TPM2_GetTestResult(
GetTestResult_Out *out // OUT: output parameter list
);
#endif

91
src/tpm2/GetTime_fp.h Normal file
View File

@ -0,0 +1,91 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: GetTime_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef GETTIME_FP_H
#define GETTIME_FP_H
typedef struct {
TPMI_RH_ENDORSEMENT privacyAdminHandle;
TPMI_DH_OBJECT signHandle;
TPM2B_DATA qualifyingData;
TPMT_SIG_SCHEME inScheme;
} GetTime_In;
#define RC_GetTime_privacyAdminHandle (TPM_RC_H + TPM_RC_1)
#define RC_GetTime_signHandle (TPM_RC_H + TPM_RC_2)
#define RC_GetTime_qualifyingData (TPM_RC_P + TPM_RC_1)
#define RC_GetTime_inScheme (TPM_RC_P + TPM_RC_2)
typedef struct {
TPM2B_ATTEST timeInfo;
TPMT_SIGNATURE signature;
} GetTime_Out;
TPM_RC
TPM2_GetTime(
GetTime_In *in, // IN: input parameter list
GetTime_Out *out // OUT: output parameter list
);
#endif

200
src/tpm2/Global.c Normal file
View File

@ -0,0 +1,200 @@
/********************************************************************************/
/* */
/* TPM variables that are not stack allocated */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Global.c 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
/* 9.5 Global.c */
/* 9.5.1 Description */
/* This file will instance the TPM variables that are not stack allocated. The descriptions for
these variables is in Global.h. */
/* 9.5.2 Includes and Defines */
#define GLOBAL_C
#include "Tpm.h"
/* 9.5.3 Global Data Values */
/* These values are visible across multiple modules. */
BOOL g_phEnable;
const UINT16 g_rcIndex[15] = {TPM_RC_1, TPM_RC_2, TPM_RC_3, TPM_RC_4,
TPM_RC_5, TPM_RC_6, TPM_RC_7, TPM_RC_8,
TPM_RC_9, TPM_RC_A, TPM_RC_B, TPM_RC_C,
TPM_RC_D, TPM_RC_E, TPM_RC_F
};
TPM_HANDLE g_exclusiveAuditSession;
UINT64 g_time;
#ifdef CLOCK_STOPS
CLOCK_NONCE g_timeEpoch;
#endif
BOOL g_timeNewEpochNeeded;
BOOL g_pcrReConfig;
TPMI_DH_OBJECT g_DRTMHandle;
BOOL g_DrtmPreStartup;
BOOL g_StartupLocality3;
#ifdef USE_DA_USED
BOOL g_daUsed;
#endif
BOOL g_powerWasLost;
BOOL g_clearOrderly;
TPM_SU g_prevOrderlyState;
UPDATE_TYPE g_updateNV;
BOOL g_nvOk;
TPM_RC g_NvStatus;
TPM2B_AUTH g_platformUniqueDetails;
STATE_CLEAR_DATA gc;
STATE_RESET_DATA gr;
PERSISTENT_DATA gp;
ORDERLY_DATA go;
/* 9.5.4 Private Values */
/* 9.5.4.1 SessionProcess.c */
#ifndef __IGNORE_STATE__ // DO NOT DEFINE THIS VALUE
/* These values do not need to be retained between commands. */
TPM_HANDLE s_sessionHandles[MAX_SESSION_NUM];
TPMA_SESSION s_attributes[MAX_SESSION_NUM];
TPM_HANDLE s_associatedHandles[MAX_SESSION_NUM];
TPM2B_NONCE s_nonceCaller[MAX_SESSION_NUM];
TPM2B_AUTH s_inputAuthValues[MAX_SESSION_NUM];
SESSION *s_usedSessions[MAX_SESSION_NUM];
UINT32 s_encryptSessionIndex;
UINT32 s_decryptSessionIndex;
UINT32 s_auditSessionIndex;
UINT32 s_sessionNum;
#endif // __IGNORE_STATE__
BOOL s_DAPendingOnNV;
#ifdef TPM_CC_GetCommandAuditDigest
TPM2B_DIGEST s_cpHashForCommandAudit;
#endif
/* 9.5.4.2 DA.c */
#ifndef ACCUMULATE_SELF_HEAL_TIMER
UINT64 s_selfHealTimer;
UINT64 s_lockoutTimer;
#endif // !ACCUMULATE_SELF_HEAL_TIMER
/* 9.5.4.3 NV.c */
UINT64 s_maxCounter;
NV_REF s_evictNvEnd;
TPM_RC g_NvStatus;
BYTE s_indexOrderlyRam[RAM_INDEX_SPACE];
NV_INDEX s_cachedNvIndex;
NV_REF s_cachedNvRef;
BYTE *s_cachedNvRamRef;
/* 9.5.4.4 Object.c */
OBJECT s_objects[MAX_LOADED_OBJECTS];
/* 9.5.4.5 PCR.c */
PCR s_pcrs[IMPLEMENTATION_PCR];
/* 9.5.4.6 Session.c */
SESSION_SLOT s_sessions[MAX_LOADED_SESSIONS];
UINT32 s_oldestSavedSession;
int s_freeSessionSlots;
/* 9.5.4.7 MemoryLib.c */
/* The s_actionOutputBuffer should not be modifiable by the host system until the TPM has returned a
response code. The s_actionOutputBuffer should not be accessible until response parameter
encryption, if any, is complete. This memory is not used between commands */
#ifndef __IGNORE_STATE__ // DO NOT DEFINE THIS VALUE
UINT32 s_actionInputBuffer[1024]; // action input buffer
UINT32 s_actionOutputBuffer[1024]; // action output buffer
#endif
/* 9.5.4.8 SelfTest.c */
ALGORITHM_VECTOR g_implementedAlgorithms;
ALGORITHM_VECTOR g_toTest;
/* 9.5.4.9 g_cryptoSelfTestState */
/* This structure contains the cryptographic self-test state values. */
CRYPTO_SELF_TEST_STATE g_cryptoSelfTestState;
ALGORITHM_VECTOR AlgToTest;
/* 9.5.4.10 TpmFail.c */
#ifdef SIMULATION
BOOL g_forceFailureMode;
#endif
BOOL g_inFailureMode;
UINT32 s_failFunction;
UINT32 s_failLine;
UINT32 s_failCode;
#if 0
#ifdef TPM_ALG_ECC
/* 9.5.4.11 ECC Curves */
ECC_CURVE c_curves[ECC_CURVE_COUNT];
#endif
#endif // 0
/* This is the state used when the library uses a random number generator. A special function is
installed for the library to call. That function picks up the state from this location and uses
it for the generation of the random number. */
RAND_STATE *s_random;
/* 9.5.4.12 Manufacture.c */
/* The values is here rather than in the simulator or platform files in order to make it easier to
find the TPM state. This is significant when trying to do TPM virtualization when the TPM state
has to be moved along with virtual machine with which it is associated. */
BOOL g_manufactured = FALSE;
/* 9.5.4.13 Power.c */
/* This is here for the same reason that g_manufactured is here. Both of these values can be
provided by the actual platform-specific code or by hardware indications. */
BOOL g_initialized;
/* 9.5.4.14 Purpose String Constants */
/* These string constants are shared across functions to make sure that they are all using
consistent sting values. */
TPM2B_STRING(PRIMARY_OBJECT_CREATION, "Primary Object Creation");
TPM2B_STRING(CFB_KEY, "CFB");
TPM2B_STRING(CONTEXT_KEY, "CONTEXT");
TPM2B_STRING(INTEGRITY_KEY, "INTEGRITY");
TPM2B_STRING(SECRET_KEY, "SECRET");
TPM2B_STRING(SESSION_KEY, "ATH");
TPM2B_STRING(STORAGE_KEY, "STORAGE");
TPM2B_STRING(XOR_KEY, "XOR");
TPM2B_STRING(COMMIT_STRING, "ECDAA Commit");
TPM2B_STRING(DUPLICATE_STRING, "DUPLICATE");
TPM2B_STRING(IDENTITY_STRING, "IDENTITY");
TPM2B_STRING(OBFUSCATE_STRING, "OBFUSCATE");
#ifdef SELF_TEST
TPM2B_STRING(OAEP_TEST_STRING, "OAEP Test Value");
#endif // SELF_TEST

1093
src/tpm2/Global.h Normal file
View File

File diff suppressed because it is too large Load Diff

233
src/tpm2/GpMacros.h Normal file
View File

@ -0,0 +1,233 @@
/********************************************************************************/
/* */
/* This file is a collection of miscellaneous macros. */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: GpMacros.h 960 2017-03-10 19:08:17Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
#ifndef GPMACROS_H
#define GPMACROS_H
/* 5.11 GpMacros.h */
/* This file is a collection of miscellaneous macros. */
#ifndef NULL
#define NULL 0
#endif
#include "swap.h"
#include "VendorString.h"
/* 5.13.2 For Self-test */
/* These macros are used in CryptUtil() to invoke the incremental self test. */
#ifdef SELF_TEST
# define TEST(alg) if(TEST_BIT(alg, g_toTest)) CryptTestAlgorithm(alg, NULL)
/* Use of TPM_ALG_NULL is reserved for RSAEP/RSADP testing. If someone is wanting to test a hash
with that value, don't do it. */
# define TEST_HASH(alg) \
if(TEST_BIT(alg, g_toTest) \
&& (alg != ALG_NULL_VALUE)) \
CryptTestAlgorithm(alg, NULL)
#else
# define TEST(alg)
# define TEST_HASH(alg)
#endif // SELF_TEST
/* 5.13.3 For Failures */
#if 0
#if defined _POSIX_
# define FUNCTION_NAME 0
#else
# define FUNCTION_NAME __FUNCTION__
#endif
#endif
#if defined ( WIN32 )
#define __func__ __FUNCTION__
#endif
# define FUNCTION_NAME __func__
#ifdef NO_FAIL_TRACE
# define FAIL(errorCode) (TpmFail(errorCode))
#else
# define FAIL(errorCode) (TpmFail(FUNCTION_NAME, __LINE__, errorCode))
#endif
/* If implementation is using longjmp, then the call to TpmFail() does not return and the compiler
will complain about unreachable code that comes after. To allow for not having longjmp, TpmFail()
will return and the subsequent code will be executed. This macro accounts for the difference. */
#ifndef NO_LONGJMP
# define FAIL_RETURN(returnCode)
# define TPM_FAIL_RETURN NORETURN void
#else
# define FAIL_RETURN(returnCode) return (returnCode)
# define TPM_FAIL_RETURN void
#endif
/* This macro tests that a condition is TRUE and puts the TPM into failure mode if it is not. If
longjmp is being used, then the FAIL(FATAL_ERROR_) macro makes a call from which there is no
return. Otherwise, it returns and the function will exit with the appropriate return code. */
#define REQUIRE(condition, errorCode, returnCode) \
{ \
if(!!(condition)) \
{ \
FAIL(FATAL_ERROR_errorCode); \
FAIL_RETURN(returnCode); \
} \
}
#define PARAMETER_CHECK(condition, returnCode) \
REQUIRE((condition), PARAMETER, returnCode)
#if defined(EMPTY_ASSERT)
# define pAssert(a) ((void)0)
#else
# define pAssert(a) {if(!(a)) FAIL(FATAL_ERROR_PARAMETER);}
#endif
/* 5.13.4 Derived from Vendor-specific values */
/* Values derived from vendor specific settings in Implementation.h */
#define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8)
#define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8)
#define MAX_ORDERLY_COUNT ((1 << ORDERLY_BITS) - 1)
#define PRIVATE_VENDOR_SPECIFIC_BYTES \
((MAX_RSA_KEY_BYTES/2) * (3 + CRT_FORMAT_RSA * 2))
/* 5.13.5 Compile-time Checks */
/* In some cases, the relationship between two values may be dependent on things that change based
on various selections like the chosen cryptographic libraries. It is possible that these
selections will result in incompatible settings. These are often detectable by the compiler but
it isn't always possible to do the check in the preprocessor code. For example, when the check
requires use of sizeof then the preprocessor can't do the comparison. For these cases, we include
a special macro that, depending on the compiler will generate a warning to indicate if the check
always passes or always fails because it involves fixed constants. To run these checks, define
COMPILER_CHECKS in TpmBuildSwitches.h */
#ifdef COMPILER_CHECKS
# define cAssert pAssert
#else
# define cAssert(value)
#endif
/* This is used commonly in the Crypt code as a way to keep listings from getting too long. This is
not to save paper but to allow one to see more useful stuff on the screen at any given time. */
#define ERROR_RETURN(returnCode) \
{ \
retVal = returnCode; \
goto Exit; \
}
#ifndef MAX
# define MAX(a, b) ((a) > (b) ? (a) : (b))
#endif
#ifndef MIN
# define MIN(a, b) ((a) < (b) ? (a) : (b))
#endif
#ifndef IsOdd
# define IsOdd(a) (((a) & 1) != 0)
#endif
#ifndef BITS_TO_BYTES
# define BITS_TO_BYTES(bits) (((bits) + 7) >> 3)
#endif
/* These are defined for use when the size of the vector being checked is known at compile time. */
#define TEST_BIT(bit, vector) TestBit((bit), (BYTE *)&(vector), sizeof(vector))
#define SET_BIT(bit, vector) SetBit((bit), (BYTE *)&(vector), sizeof(vector))
#define CLEAR_BIT(bit, vector) ClearBit((bit), (BYTE *)&(vector), sizeof(vector))
/* The following definitions are used if they have not already been defined. The defaults for these
settings are compatible with ISO/IEC 9899:2011 (E) */
#ifndef LIB_EXPORT
# define LIB_EXPORT
# define LIB_IMPORT
#endif
#ifndef NORETURN
# define NORETURN _Noreturn
#endif
#ifndef NOT_REFERENCED
# define NOT_REFERENCED(x = x) ((void) (x))
#endif
/* Need an unambiguous definition for DEBUG. Don't change this */
#if !defined NDEBUG && !defined DEBUG
# define DEBUG YES
#endif
#define STD_RESPONSE_HEADER (sizeof(TPM_ST) + sizeof(UINT32) + sizeof(TPM_RC))
#ifndef CONTEXT_HASH_ALGORITHM
# if defined ALG_SHA512 && ALG_SHA512 == YES
# define CONTEXT_HASH_ALGORITHM SHA512
# elif defined ALG_SHA384 && ALG_SHA384 == YES
# define CONTEXT_HASH_ALGORITHM SHA384
# elif defined ALG_SHA256 && ALG_SHA256 == YES
# define CONTEXT_HASH_ALGORITHM SHA256
# elif defined ALG_SM3_256 && ALG_SM3_256 == YES
# define CONTEXT_HASH_ALGORITHM SM3_256
# elif defined ALG_SHA1 && ALG_SHA1 == YES
# define CONTEXT_HASH_ALGORITHM SHA1
# endif
#endif
#define JOIN(x,y) x##y
#define CONCAT(x,y) JOIN(x, y)
/* If CONTEXT_INTEGRITY_HASH_ALG is defined, then the vendor is using the old style table */
#ifndef CONTEXT_INTEGRITY_HASH_ALG
#define CONTEXT_INTEGRITY_HASH_ALG CONCAT(TPM_ALG_, CONTEXT_HASH_ALGORITHM)
#define CONTEXT_INTEGRITY_HASH_SIZE CONCAT(CONTEXT_HASH_ALGORITHM, _DIGEST_SIZE)
#endif
#define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE
/* If CONTEXT_ENCRYP_ALG is defined, then the vendor is using the old style table */
#ifndef CONTEXT_ENCRYPT_ALG
#define CONTEXT_ENCRYPT_ALG CONCAT(TPM_ALG_, CONTEXT_ENCRYPT_ALGORITHM)
#define CONTEXT_ENCRYPT_KEY_BITS \
CONCAT(CONCAT(MAX_, CONTEXT_ENCRYPT_ALGORITHM), _KEY_BITS)
#define CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7)/8)
#endif
#if ALG_ECC
# define LABEL_MAX_BUFFER MAX_ECC_KEY_BYTES
#else
# define LABEL_MAX_BUFFER MAX_DIGEST_SIZE
#endif
#endif // GP_MACROS_H

88
src/tpm2/HMAC_Start_fp.h Normal file
View File

@ -0,0 +1,88 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: HMAC_Start_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef HMAC_START_FP_H
#define HMAC_START_FP_H
typedef struct {
TPMI_DH_OBJECT handle;
TPM2B_AUTH auth;
TPMI_ALG_HASH hashAlg;
} HMAC_Start_In;
typedef struct {
TPMI_DH_OBJECT sequenceHandle;
} HMAC_Start_Out;
#define RC_HMAC_Start_handle (TPM_RC_H + TPM_RC_1)
#define RC_HMAC_Start_auth (TPM_RC_P + TPM_RC_1)
#define RC_HMAC_Start_hashAlg (TPM_RC_P + TPM_RC_2)
TPM_RC
TPM2_HMAC_Start(
HMAC_Start_In *in, // IN: input parameter list
HMAC_Start_Out *out // OUT: output parameter list
);
#endif

88
src/tpm2/HMAC_fp.h Normal file
View File

@ -0,0 +1,88 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: HMAC_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef HMAC_FP_H
#define HMAC_FP_H
typedef struct {
TPMI_DH_OBJECT handle;
TPM2B_MAX_BUFFER buffer;
TPMI_ALG_HASH hashAlg;
} HMAC_In;
#define RC_HMAC_handle (TPM_RC_H + TPM_RC_1)
#define RC_HMAC_buffer (TPM_RC_P + TPM_RC_1)
#define RC_HMAC_hashAlg (TPM_RC_P + TPM_RC_2)
typedef struct {
TPM2B_DIGEST outHMAC;
} HMAC_Out;
TPM_RC
TPM2_HMAC(
HMAC_In *in, // IN: input parameter list
HMAC_Out *out // OUT: output parameter list
);
#endif

208
src/tpm2/Handle.c Normal file
View File

@ -0,0 +1,208 @@
/********************************************************************************/
/* */
/* fUnctions that return the type of a handle. */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Handle.c 953 2017-03-06 20:31:40Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* */
/********************************************************************************/
/* 9.6 Handle.c */
/* 9.6.1 Description */
/* This file contains the functions that return the type of a handle. */
/* 9.6.2 Includes */
#include "Tpm.h"
/* 9.6.3 Functions */
/* 9.6.3.1 HandleGetType() */
/* This function returns the type of a handle which is the MSO of the handle. */
TPM_HT
HandleGetType(
TPM_HANDLE handle // IN: a handle to be checked
)
{
// return the upper bytes of input data
return (TPM_HT)((handle & HR_RANGE_MASK) >> HR_SHIFT);
}
/* 9.6.3.2 NextPermanentHandle() */
/* This function returns the permanent handle that is equal to the input value or is the next higher
value. If there is no handle with the input value and there is no next higher value, it returns
0: */
/* Return Values Meaning */
TPM_HANDLE
NextPermanentHandle(
TPM_HANDLE inHandle // IN: the handle to check
)
{
// If inHandle is below the start of the range of permanent handles
// set it to the start and scan from there
if(inHandle < TPM_RH_FIRST)
inHandle = TPM_RH_FIRST;
// scan from input value until we find an implemented permanent handle
// or go out of range
for(; inHandle <= TPM_RH_LAST; inHandle++)
{
switch(inHandle)
{
case TPM_RH_OWNER:
case TPM_RH_NULL:
case TPM_RS_PW:
case TPM_RH_LOCKOUT:
case TPM_RH_ENDORSEMENT:
case TPM_RH_PLATFORM:
case TPM_RH_PLATFORM_NV:
#ifdef VENDOR_PERMANENT
case VENDOR_PERMANENT:
#endif
return inHandle;
break;
default:
break;
}
}
// Out of range on the top
return 0;
}
/* 9.6.3.3 PermanentCapGetHandles() */
/* This function returns a list of the permanent handles of PCR, started from handle. If handle is
larger than the largest permanent handle, an empty list will be returned with more set to NO. */
/* Return Values Meaning */
/* YES if there are more handles available */
/* NO all the available handles has been returned */
TPMI_YES_NO
PermanentCapGetHandles(
TPM_HANDLE handle, // IN: start handle
UINT32 count, // IN: count of returned handles
TPML_HANDLE *handleList // OUT: list of handle
)
{
TPMI_YES_NO more = NO;
UINT32 i;
pAssert(HandleGetType(handle) == TPM_HT_PERMANENT);
// Initialize output handle list
handleList->count = 0;
// The maximum count of handles we may return is MAX_CAP_HANDLES
if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES;
// Iterate permanent handle range
for(i = NextPermanentHandle(handle);
i != 0; i = NextPermanentHandle(i + 1))
{
if(handleList->count < count)
{
// If we have not filled up the return list, add this permanent
// handle to it
handleList->handle[handleList->count] = i;
handleList->count++;
}
else
{
// If the return list is full but we still have permanent handle
// available, report this and stop iterating
more = YES;
break;
}
}
return more;
}
/* 9.6.3.4 PermanentHandleGetPolicy() */
/* This function returns a list of the permanent handles of PCR, started from handle. If handle is
larger than the largest permanent handle, an empty list will be returned with more set to NO. */
/* Return Values Meaning */
/* YES if there are more handles available */
/* NO all the available handles has been returned */
TPMI_YES_NO
PermanentHandleGetPolicy(
TPM_HANDLE handle, // IN: start handle
UINT32 count, // IN: max count of returned handles
TPML_TAGGED_POLICY *policyList // OUT: list of handle
)
{
TPMI_YES_NO more = NO;
pAssert(HandleGetType(handle) == TPM_HT_PERMANENT);
// Initialize output handle list
policyList->count = 0;
// The maximum count of policies we may return is MAX_TAGGED_POLICIES
if(count > MAX_TAGGED_POLICIES)
count = MAX_TAGGED_POLICIES;
// Iterate permanent handle range
for(handle = NextPermanentHandle(handle);
handle != 0;
handle = NextPermanentHandle(handle + 1))
{
TPM2B_DIGEST policyDigest;
TPM_ALG_ID policyAlg;
// Check to see if this permanent handle has a policy
policyAlg = EntityGetAuthPolicy(handle, &policyDigest);
if(policyAlg == TPM_ALG_ERROR)
continue;
if(policyList->count < count)
{
// If we have not filled up the return list, add this
// policy to the list;
policyList->policies[policyList->count].handle = handle;
policyList->policies[policyList->count].policyHash.hashAlg = policyAlg;
MemoryCopy(&policyList->policies[policyList->count].policyHash.digest,
policyDigest.t.buffer, policyDigest.t.size);
policyList->count++;
}
else
{
// If the return list is full but we still have permanent handle
// available, report this and stop iterating
more = YES;
break;
}
}
return more;
}

87
src/tpm2/Handle_fp.h Normal file
View File

@ -0,0 +1,87 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Handle_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef HANDLE_FP_H
#define HANDLE_FP_H
TPM_HT
HandleGetType(
TPM_HANDLE handle // IN: a handle to be checked
);
TPM_HANDLE
NextPermanentHandle(
TPM_HANDLE inHandle // IN: the handle to check
);
TPMI_YES_NO
PermanentCapGetHandles(
TPM_HANDLE handle, // IN: start handle
UINT32 count, // IN: count of returned handles
TPML_HANDLE *handleList // OUT: list of handle
);
TPMI_YES_NO
PermanentHandleGetPolicy(
TPM_HANDLE handle, // IN: start handle
UINT32 count, // IN: count of returned handles
TPML_TAGGED_POLICY *policyList // OUT: list of handle
);
#endif

329
src/tpm2/HashCommands.c Normal file
View File

@ -0,0 +1,329 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: HashCommands.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#include "Tpm.h"
#include "HMAC_Start_fp.h"
#ifdef TPM_CC_HMAC_Start // Conditional expansion of this file
TPM_RC
TPM2_HMAC_Start(
HMAC_Start_In *in, // IN: input parameter list
HMAC_Start_Out *out // OUT: output parameter list
)
{
OBJECT *keyObject;
TPMT_PUBLIC *publicArea;
TPM_ALG_ID hashAlg;
// Input Validation
// Get HMAC key object and public area pointers
keyObject = HandleToObject(in->handle);
publicArea = &keyObject->publicArea;
// Make sure that the key is an HMAC key
if(publicArea->type != TPM_ALG_KEYEDHASH)
return TPM_RCS_TYPE + RC_HMAC_Start_handle;
// and that it is unrestricted
if(publicArea->objectAttributes.restricted == SET)
return TPM_RCS_ATTRIBUTES + RC_HMAC_Start_handle;
// and that it is a signing key
if(publicArea->objectAttributes.sign != SET)
return TPM_RCS_KEY + RC_HMAC_Start_handle;
// See if the key has a default
if(publicArea->parameters.keyedHashDetail.scheme.scheme == TPM_ALG_NULL)
// it doesn't so use the input value
hashAlg = in->hashAlg;
else
{
// key has a default so use it
hashAlg
= publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg;
// and verify that the input was either the TPM_ALG_NULL or the default
if(in->hashAlg != TPM_ALG_NULL && in->hashAlg != hashAlg)
hashAlg = TPM_ALG_NULL;
}
// if we ended up without a hash algorithm then return an error
if(hashAlg == TPM_ALG_NULL)
return TPM_RCS_VALUE + RC_HMAC_Start_hashAlg;
// Internal Data Update
// Create a HMAC sequence object. A TPM_RC_OBJECT_MEMORY error may be
// returned at this point
return ObjectCreateHMACSequence(hashAlg,
keyObject,
&in->auth,
&out->sequenceHandle);
}
#endif // CC_HMAC_Start
#include "Tpm.h"
#include "HashSequenceStart_fp.h"
#ifdef TPM_CC_HashSequenceStart // Conditional expansion of this file
TPM_RC
TPM2_HashSequenceStart(
HashSequenceStart_In *in, // IN: input parameter list
HashSequenceStart_Out *out // OUT: output parameter list
)
{
// Internal Data Update
if(in->hashAlg == TPM_ALG_NULL)
// Start a event sequence. A TPM_RC_OBJECT_MEMORY error may be
// returned at this point
return ObjectCreateEventSequence(&in->auth, &out->sequenceHandle);
// Start a hash sequence. A TPM_RC_OBJECT_MEMORY error may be
// returned at this point
return ObjectCreateHashSequence(in->hashAlg, &in->auth, &out->sequenceHandle);
}
#endif // CC_HashSequenceStart
#include "Tpm.h"
#include "SequenceUpdate_fp.h"
#ifdef TPM_CC_SequenceUpdate // Conditional expansion of this file
TPM_RC
TPM2_SequenceUpdate(
SequenceUpdate_In *in // IN: input parameter list
)
{
OBJECT *object;
HASH_OBJECT *hashObject;
// Input Validation
// Get sequence object pointer
object = HandleToObject(in->sequenceHandle);
hashObject = (HASH_OBJECT *)object;
// Check that referenced object is a sequence object.
if(!ObjectIsSequence(object))
return TPM_RCS_MODE + RC_SequenceUpdate_sequenceHandle;
// Internal Data Update
if(object->attributes.eventSeq == SET)
{
// Update event sequence object
UINT32 i;
for(i = 0; i < HASH_COUNT; i++)
{
// Update sequence object
CryptDigestUpdate2B(&hashObject->state.hashState[i], &in->buffer.b);
}
}
else
{
// Update hash/HMAC sequence object
if(hashObject->attributes.hashSeq == SET)
{
// Is this the first block of the sequence
if(hashObject->attributes.firstBlock == CLEAR)
{
// If so, indicate that first block was received
hashObject->attributes.firstBlock = SET;
// Check the first block to see if the first block can contain
// the TPM_GENERATED_VALUE. If it does, it is not safe for
// a ticket.
if(TicketIsSafe(&in->buffer.b))
hashObject->attributes.ticketSafe = SET;
}
// Update sequence object hash/HMAC stack
CryptDigestUpdate2B(&hashObject->state.hashState[0], &in->buffer.b);
}
else if(object->attributes.hmacSeq == SET)
{
// Update sequence object hash/HMAC stack
CryptDigestUpdate2B(&hashObject->state.hmacState.hashState,
&in->buffer.b);
}
}
return TPM_RC_SUCCESS;
}
#endif // CC_SequenceUpdate
#include "Tpm.h"
#include "SequenceComplete_fp.h"
#ifdef TPM_CC_SequenceComplete // Conditional expansion of this file
TPM_RC
TPM2_SequenceComplete(
SequenceComplete_In *in, // IN: input parameter list
SequenceComplete_Out *out // OUT: output parameter list
)
{
OBJECT *object;
// Input validation
// Get hash object pointer
object = HandleToObject(in->sequenceHandle);
// input handle must be a hash or HMAC sequence object.
if(object->attributes.hashSeq == CLEAR
&& object->attributes.hmacSeq == CLEAR)
return TPM_RCS_MODE + RC_SequenceComplete_sequenceHandle;
// Command Output
if(object->attributes.hashSeq == SET) // sequence object for hash
{
// Update last piece of data
HASH_OBJECT *hashObject = (HASH_OBJECT *)object;
// Get the hash algorithm before the algorithm is lost in CryptHashEnd
TPM_ALG_ID hashAlg = hashObject->state.hashState[0].hashAlg;
CryptDigestUpdate2B(&hashObject->state.hashState[0], &in->buffer.b);
// Complete hash
out->result.t.size
= CryptHashGetDigestSize(
CryptHashGetContextAlg(&hashObject->state.hashState[0]));
CryptHashEnd2B(&hashObject->state.hashState[0], &out->result.b);
// Check if the first block of the sequence has been received
if(hashObject->attributes.firstBlock == CLEAR)
{
// If not, then this is the first block so see if it is 'safe'
// to sign.
if(TicketIsSafe(&in->buffer.b))
hashObject->attributes.ticketSafe = SET;
}
// Output ticket
out->validation.tag = TPM_ST_HASHCHECK;
out->validation.hierarchy = in->hierarchy;
if(in->hierarchy == TPM_RH_NULL)
{
// Ticket is not required
out->validation.digest.t.size = 0;
}
else if(object->attributes.ticketSafe == CLEAR)
{
// Ticket is not safe to generate
out->validation.hierarchy = TPM_RH_NULL;
out->validation.digest.t.size = 0;
}
else
{
// Compute ticket
TicketComputeHashCheck(out->validation.hierarchy, hashAlg,
&out->result, &out->validation);
}
}
else
{
HASH_OBJECT *hashObject = (HASH_OBJECT *)object;
// Update last piece of data
CryptDigestUpdate2B(&hashObject->state.hmacState.hashState, &in->buffer.b);
// Complete hash/HMAC
out->result.t.size =
CryptHashGetDigestSize(
CryptHashGetContextAlg(&hashObject->state.hmacState.hashState));
CryptHmacEnd2B(&(hashObject->state.hmacState), &out->result.b);
// No ticket is generated for HMAC sequence
out->validation.tag = TPM_ST_HASHCHECK;
out->validation.hierarchy = TPM_RH_NULL;
out->validation.digest.t.size = 0;
}
// Internal Data Update
// mark sequence object as evict so it will be flushed on the way out
object->attributes.evict = SET;
return TPM_RC_SUCCESS;
}
#endif // CC_SequenceComplete
#include "Tpm.h"
#include "EventSequenceComplete_fp.h"
#ifdef TPM_CC_EventSequenceComplete // Conditional expansion of this file
TPM_RC
TPM2_EventSequenceComplete(
EventSequenceComplete_In *in, // IN: input parameter list
EventSequenceComplete_Out *out // OUT: output parameter list
)
{
HASH_OBJECT *hashObject;
UINT32 i;
TPM_ALG_ID hashAlg;
// Input validation
// get the event sequence object pointer
hashObject = (HASH_OBJECT *)HandleToObject(in->sequenceHandle);
// input handle must reference an event sequence object
if(hashObject->attributes.eventSeq != SET)
return TPM_RCS_MODE + RC_EventSequenceComplete_sequenceHandle;
// see if a PCR extend is requested in call
if(in->pcrHandle != TPM_RH_NULL)
{
// see if extend of the PCR is allowed at the locality of the command,
if(!PCRIsExtendAllowed(in->pcrHandle))
return TPM_RC_LOCALITY;
// if an extend is going to take place, then check to see if there has
// been an orderly shutdown. If so, and the selected PCR is one of the
// state saved PCR, then the orderly state has to change. The orderly state
// does not change for PCR that are not preserved.
// NOTE: This doesn't just check for Shutdown(STATE) because the orderly
// state will have to change if this is a state-saved PCR regardless
// of the current state. This is because a subsequent Shutdown(STATE) will
// check to see if there was an orderly shutdown and not do anything if
// there was. So, this must indicate that a future Shutdown(STATE) has
// something to do.
if(PCRIsStateSaved(in->pcrHandle))
RETURN_IF_ORDERLY;
}
// Command Output
out->results.count = 0;
for(i = 0; i < HASH_COUNT; i++)
{
hashAlg = CryptHashGetAlgByIndex(i);
// Update last piece of data
CryptDigestUpdate2B(&hashObject->state.hashState[i], &in->buffer.b);
// Complete hash
out->results.digests[out->results.count].hashAlg = hashAlg;
CryptHashEnd(&hashObject->state.hashState[i],
CryptHashGetDigestSize(hashAlg),
(BYTE *)&out->results.digests[out->results.count].digest);
// Extend PCR
if(in->pcrHandle != TPM_RH_NULL)
PCRExtend(in->pcrHandle, hashAlg,
CryptHashGetDigestSize(hashAlg),
(BYTE *)&out->results.digests[out->results.count].digest);
out->results.count++;
}
// Internal Data Update
// mark sequence object as evict so it will be flushed on the way out
hashObject->attributes.evict = SET;
return TPM_RC_SUCCESS;
}
#endif // CC_EventSequenceComplete

88
src/tpm2/HashSequenceStart_fp.h Normal file
View File

@ -0,0 +1,88 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: HashSequenceStart_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef HASHSEQUENCESTART_FP_H
#define HASHSEQUENCESTART_FP_H
typedef struct {
TPM2B_AUTH auth;
TPMI_ALG_HASH hashAlg;
} HashSequenceStart_In;
#define RC_HashSequenceStart_auth (TPM_RC_P + TPM_RC_1)
#define RC_HashSequenceStart_hashAlg (TPM_RC_P + TPM_RC_2)
typedef struct {
TPMI_DH_OBJECT sequenceHandle;
} HashSequenceStart_Out;
TPM_RC
TPM2_HashSequenceStart(
HashSequenceStart_In *in, // IN: input parameter list
HashSequenceStart_Out *out // OUT: output parameter list
);
#endif

119
src/tpm2/HashTestData.h Normal file
View File

@ -0,0 +1,119 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: HashTestData.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
#ifndef HASHTESTDATA_H
#define HASHTESTDATA_H
/* 10.1.8 HashTestData.h */
/* Hash Test Vectors */
TPM2B_TYPE(HASH_TEST_KEY, 96); // Twice the largest digest size
TPM2B_HASH_TEST_KEY c_hashTestKey = {{96, {
0xa0,0xed,0x5c,0x9a,0xd2,0x4a,0x21,0x40,0x1a,0xd0,0x81,0x47,0x39,0x63,0xf9,0x50,
0xdc,0x59,0x47,0x11,0x40,0x13,0x99,0x92,0xc0,0x72,0xa4,0x0f,0xe2,0x33,0xe4,0x63,
0x9b,0xb6,0x76,0xc3,0x1e,0x6f,0x13,0xee,0xcc,0x99,0x71,0xa5,0xc0,0xcf,0x9a,0x40,
0xcf,0xdb,0x66,0x70,0x05,0x63,0x54,0x12,0x25,0xf4,0xe0,0x1b,0x23,0x35,0xe3,0x70,
0x7d,0x19,0x5f,0x00,0xe4,0xf1,0x61,0x73,0x05,0xd8,0x58,0x7f,0x60,0x61,0x84,0x36,
0xec,0xbe,0x96,0x1b,0x69,0x00,0xf0,0x9a,0x6e,0xe3,0x26,0x73,0x0d,0x17,0x5b,0x33
}}};
TPM2B_TYPE(HASH_TEST_DATA, 256); // Twice the largest block size
TPM2B_HASH_TEST_DATA c_hashTestData = {{256, {
0x88,0xac,0xc3,0xe5,0x5f,0x66,0x9d,0x18,0x80,0xc9,0x7a,0x9c,0xa4,0x08,0x90,0x98,
0x0f,0x3a,0x53,0x92,0x4c,0x67,0x4e,0xb7,0x37,0xec,0x67,0x87,0xb6,0xbe,0x10,0xca,
0x11,0x5b,0x4a,0x0b,0x45,0xc3,0x32,0x68,0x48,0x69,0xce,0x25,0x1b,0xc8,0xaf,0x44,
0x79,0x22,0x83,0xc8,0xfb,0xe2,0x63,0x94,0xa2,0x3c,0x59,0x3e,0x3e,0xc6,0x64,0x2c,
0x1f,0x8c,0x11,0x93,0x24,0xa3,0x17,0xc5,0x2f,0x37,0xcf,0x95,0x97,0x8e,0x63,0x39,
0x68,0xd5,0xca,0xba,0x18,0x37,0x69,0x6e,0x4f,0x19,0xfd,0x8a,0xc0,0x8d,0x87,0x3a,
0xbc,0x31,0x42,0x04,0x05,0xef,0xb5,0x02,0xef,0x1e,0x92,0x4b,0xb7,0x73,0x2c,0x8c,
0xeb,0x23,0x13,0x81,0x34,0xb9,0xb5,0xc1,0x17,0x37,0x39,0xf8,0x3e,0xe4,0x4c,0x06,
0xa8,0x81,0x52,0x2f,0xef,0xc9,0x9c,0x69,0x89,0xbc,0x85,0x9c,0x30,0x16,0x02,0xca,
0xe3,0x61,0xd4,0x0f,0xed,0x34,0x1b,0xca,0xc1,0x1b,0xd1,0xfa,0xc1,0xa2,0xe0,0xdf,
0x52,0x2f,0x0b,0x4b,0x9f,0x0e,0x45,0x54,0xb9,0x17,0xb6,0xaf,0xd6,0xd5,0xca,0x90,
0x29,0x57,0x7b,0x70,0x50,0x94,0x5c,0x8e,0xf6,0x4e,0x21,0x8b,0xc6,0x8b,0xa6,0xbc,
0xb9,0x64,0xd4,0x4d,0xf3,0x68,0xd8,0xac,0xde,0xd8,0xd8,0xb5,0x6d,0xcd,0x93,0xeb,
0x28,0xa4,0xe2,0x5c,0x44,0xef,0xf0,0xe1,0x6f,0x38,0x1a,0x3c,0xe6,0xef,0xa2,0x9d,
0xb9,0xa8,0x05,0x2a,0x95,0xec,0x5f,0xdb,0xb0,0x25,0x67,0x9c,0x86,0x7a,0x8e,0xea,
0x51,0xcc,0xc3,0xd3,0xff,0x6e,0xf0,0xed,0xa3,0xae,0xf9,0x5d,0x33,0x70,0xf2,0x11
}}};
#if ALG_SHA1 == YES
TPM2B_TYPE(SHA1, 20);
TPM2B_SHA1 c_SHA1_digest = {{20, {
0xee,0x2c,0xef,0x93,0x76,0xbd,0xf8,0x91,0xbc,0xe6,0xe5,0x57,0x53,0x77,0x01,0xb5,
0x70,0x95,0xe5,0x40
}}};
#endif
#if ALG_SHA384 == YES
TPM2B_TYPE(SHA384, 48);
TPM2B_SHA384 c_SHA384_digest = {{48, {
0x37,0x75,0x29,0xb5,0x20,0x15,0x6e,0xa3,0x7e,0xa3,0x0d,0xcd,0x80,0xa8,0xa3,0x3d,
0xeb,0xe8,0xad,0x4e,0x1c,0x77,0x94,0x5a,0xaf,0x6c,0xd0,0xc1,0xfa,0x43,0x3f,0xc7,
0xb8,0xf1,0x01,0xc0,0x60,0xbf,0xf2,0x87,0xe8,0x71,0x9e,0x51,0x97,0xa0,0x09,0x8d
}}};
#endif
#if ALG_SHA256 == YES
TPM2B_TYPE(SHA256, 32);
TPM2B_SHA256 c_SHA256_digest = {{32, {
0x64,0xe8,0xe0,0xc3,0xa9,0xa4,0x51,0x49,0x10,0x55,0x8d,0x31,0x71,0xe5,0x2f,0x69,
0x3a,0xdc,0xc7,0x11,0x32,0x44,0x61,0xbd,0x34,0x39,0x57,0xb0,0xa8,0x75,0x86,0x1b
}}};
#endif
#endif

89
src/tpm2/Hash_fp.h Normal file
View File

@ -0,0 +1,89 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Hash_fp.h 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2012-2015 */
/* */
/********************************************************************************/
/* rev 119 */
#ifndef HASH_FP_H
#define HASH_FP_H
typedef struct {
TPM2B_MAX_BUFFER data;
TPMI_ALG_HASH hashAlg;
TPMI_RH_HIERARCHY hierarchy;
} Hash_In;
#define RC_Hash_data (TPM_RC_P + TPM_RC_1)
#define RC_Hash_hashAlg (TPM_RC_P + TPM_RC_2)
#define RC_Hash_hierarchy (TPM_RC_P + TPM_RC_3)
typedef struct {
TPM2B_DIGEST outHash;
TPMT_TK_HASHCHECK validation;
} Hash_Out;
TPM_RC
TPM2_Hash(
Hash_In *in, // IN: input parameter list
Hash_Out *out // OUT: output parameter list
);
#endif

246
src/tpm2/Hierarchy.c Normal file
View File

@ -0,0 +1,246 @@
/********************************************************************************/
/* */
/* */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: Hierarchy.c 809 2016-11-16 18:31:54Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
/* 1. Copyright Licenses: */
/* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */
/* */
/* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */
/* */
/* 2. Source Code Distribution Conditions: */
/* */
/* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */
/* */
/* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* 3. Disclaimers: */
/* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */
/* membership agreements. */
/* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */
/* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016 */
/* */
/********************************************************************************/
/* 8.3 Hierarchy.c */
/* 8.3.1 Introduction */
/* This file contains the functions used for managing and accessing the hierarchy-related values. */
/* 8.3.2 Includes */
#include "Tpm.h"
/* 8.3.3 Functions */
/* 8.3.3.1 HierarchyPreInstall() */
/* This function performs the initialization functions for the hierarchy when the TPM is
simulated. This function should not be called if the TPM is not in a manufacturing mode at the
manufacturer, or in a simulated environment. */
void
HierarchyPreInstall_Init(
void
)
{
// Allow lockout clear command
gp.disableClear = FALSE;
// Initialize Primary Seeds
gp.EPSeed.t.size = PRIMARY_SEED_SIZE;
CryptRandomGenerate(PRIMARY_SEED_SIZE, gp.EPSeed.t.buffer);
gp.SPSeed.t.size = PRIMARY_SEED_SIZE;
CryptRandomGenerate(PRIMARY_SEED_SIZE, gp.SPSeed.t.buffer);
gp.PPSeed.t.size = PRIMARY_SEED_SIZE;
#ifdef USE_PLATFORM_EPS
_plat__GetEPS(PRIMARY_SEED_SIZE, gp.EPSeed.t.buffer);
#else
CryptRandomGenerate(PRIMARY_SEED_SIZE, gp.PPSeed.t.buffer);
#endif
// Initialize owner, endorsement and lockout auth
gp.ownerAuth.t.size = 0;
gp.endorsementAuth.t.size = 0;
gp.lockoutAuth.t.size = 0;
// Initialize owner, endorsement, and lockout policy
gp.ownerAlg = TPM_ALG_NULL;
gp.ownerPolicy.t.size = 0;
gp.endorsementAlg = TPM_ALG_NULL;
gp.endorsementPolicy.t.size = 0;
gp.lockoutAlg = TPM_ALG_NULL;
gp.lockoutPolicy.t.size = 0;
// Initialize ehProof, shProof and phProof
gp.phProof.t.size = PROOF_SIZE;
gp.shProof.t.size = PROOF_SIZE;
gp.ehProof.t.size = PROOF_SIZE;
CryptRandomGenerate(gp.phProof.t.size, gp.phProof.t.buffer);
CryptRandomGenerate(gp.shProof.t.size, gp.shProof.t.buffer);
CryptRandomGenerate(gp.ehProof.t.size, gp.ehProof.t.buffer);
// Write hierarchy data to NV
NV_SYNC_PERSISTENT(disableClear);
NV_SYNC_PERSISTENT(EPSeed);
NV_SYNC_PERSISTENT(SPSeed);
NV_SYNC_PERSISTENT(PPSeed);
NV_SYNC_PERSISTENT(ownerAuth);
NV_SYNC_PERSISTENT(endorsementAuth);
NV_SYNC_PERSISTENT(lockoutAuth);
NV_SYNC_PERSISTENT(ownerAlg);
NV_SYNC_PERSISTENT(ownerPolicy);
NV_SYNC_PERSISTENT(endorsementAlg);
NV_SYNC_PERSISTENT(endorsementPolicy);
NV_SYNC_PERSISTENT(lockoutAlg);
NV_SYNC_PERSISTENT(lockoutPolicy);
NV_SYNC_PERSISTENT(phProof);
NV_SYNC_PERSISTENT(shProof);
NV_SYNC_PERSISTENT(ehProof);
return;
}
/* 8.3.3.2 HierarchyStartup() */
/* This function is called at TPM2_Startup() to initialize the hierarchy related values. */
void
HierarchyStartup(
STARTUP_TYPE type // IN: start up type
)
{
// phEnable is SET on any startup
g_phEnable = TRUE;
// Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and
// TPM_RESTART
if(type != SU_RESUME)
{
gc.platformAuth.t.size = 0;
gc.platformPolicy.t.size = 0;
// enable the storage and endorsement hierarchies and the platformNV
gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE;
}
// nullProof and nullSeed are updated at every TPM_RESET
if((type != SU_RESTART) && (type != SU_RESUME))
{
gr.nullProof.t.size = PROOF_SIZE;
CryptRandomGenerate(gr.nullProof.t.size,
gr.nullProof.t.buffer);
gr.nullSeed.t.size = PRIMARY_SEED_SIZE;
CryptRandomGenerate(PRIMARY_SEED_SIZE, gr.nullSeed.t.buffer);
}
return;
}
/* 8.3.3.3 HierarchyGetProof() */
/* This function finds the proof value associated with a hierarchy.It returns a pointer to the proof
value. */
TPM2B_AUTH *
HierarchyGetProof(
TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant
)
{
TPM2B_AUTH *auth = NULL;
switch(hierarchy)
{
case TPM_RH_PLATFORM:
// phProof for TPM_RH_PLATFORM
auth = &gp.phProof;
break;
case TPM_RH_ENDORSEMENT:
// ehProof for TPM_RH_ENDORSEMENT
auth = &gp.ehProof;
break;
case TPM_RH_OWNER:
// shProof for TPM_RH_OWNER
auth = &gp.shProof;
break;
case TPM_RH_NULL:
// nullProof for TPM_RH_NULL
auth = &gr.nullProof;
break;
default:
FAIL(FATAL_ERROR_INTERNAL);
break;
}
return auth;
}
/* 8.3.3.4 HierarchyGetPrimarySeed() */
/* This function returns the primary seed of a hierarchy. */
TPM2B_SEED *
HierarchyGetPrimarySeed(
TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
)
{
TPM2B_SEED *seed = NULL;
switch(hierarchy)
{
case TPM_RH_PLATFORM:
seed = &gp.PPSeed;
break;
case TPM_RH_OWNER:
seed = &gp.SPSeed;
break;
case TPM_RH_ENDORSEMENT:
seed = &gp.EPSeed;
break;
case TPM_RH_NULL:
return &gr.nullSeed;
default:
FAIL(FATAL_ERROR_INTERNAL);
break;
}
return seed;
}
/* 8.3.3.5 HierarchyIsEnabled() */
/* This function checks to see if a hierarchy is enabled. */
/* NOTE: The TPM_RH_NULL hierarchy is always enabled. */
/* Return Values Meaning */
/* TRUE hierarchy is enabled */
/* FALSE hierarchy is disabled */
BOOL
HierarchyIsEnabled(
TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
)
{
BOOL enabled = FALSE;
switch(hierarchy)
{
case TPM_RH_PLATFORM:
enabled = g_phEnable;
break;
case TPM_RH_OWNER:
enabled = gc.shEnable;
break;
case TPM_RH_ENDORSEMENT:
enabled = gc.ehEnable;
break;
case TPM_RH_NULL:
enabled = TRUE;
break;
default:
FAIL(FATAL_ERROR_INTERNAL);
break;
}
return enabled;
}

Some files were not shown because too many files have changed in this diff Show More