From ed27f21e6029ed9ff6ab1ff025a7dfd0bafe1367 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Tue, 7 Jun 2022 12:07:01 -0400
Subject: [PATCH] tpm2: Filter-out runtime-disabled algorithms

Filter-out runtime-disabled algorithms from being reported in
TPM2_GetCapability and also don't run tests with runtime-disabled
algorithms during self-test.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/tpm2/AlgorithmCap.c   | 10 ++++++++--
 src/tpm2/AlgorithmTests.c |  6 ++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/tpm2/AlgorithmCap.c b/src/tpm2/AlgorithmCap.c
index 736c6530..f3820796 100644
--- a/src/tpm2/AlgorithmCap.c
+++ b/src/tpm2/AlgorithmCap.c
@@ -202,6 +202,9 @@ AlgorithmCapGetImplemented(
 	    // If algID is less than the starting algorithm ID, skip it
 	    if(s_algorithms[i].algID < algID)
 		continue;
+	    if(!RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,// libtpms added begin
+					     s_algorithms[i].algID))
+		continue;							// libtpms added end
 	    if(algList->count < count)
 		{
 		    // If we have not filled up the return list, add more algorithms
@@ -267,7 +270,10 @@ AlgorithmGetImplementedVector(
     // Go through the list of implemented algorithms and SET the corresponding bit in
     // in the implemented vector
     for(index = (sizeof(s_algorithms) / sizeof(s_algorithms[0])) - 1;
-	index >= 0; index--)
-	SET_BIT(s_algorithms[index].algID, *implemented);
+	index >= 0; index--) {							// libtpms changed
+	if (RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,	// libtpms added begin
+					 s_algorithms[index].algID))
+	    SET_BIT(s_algorithms[index].algID, *implemented);
+    }										// libtpms added end
     return;
 }
diff --git a/src/tpm2/AlgorithmTests.c b/src/tpm2/AlgorithmTests.c
index a62ba1ba..17bcd6ed 100644
--- a/src/tpm2/AlgorithmTests.c
+++ b/src/tpm2/AlgorithmTests.c
@@ -232,6 +232,12 @@ static void TestSymmetricAlgorithm(const SYMMETRIC_TEST_VECTOR* test,  //
     // libtpms added begin
     if (test->dataOut[mode - TPM_ALG_CTR] == NULL)
         return;
+    /* Skip test cases whose algorithms or keysizes are runtime-disabled */
+    if (!RuntimeAlgorithmKeySizeCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,
+					     test->alg, test->keyBits,
+					     TPM_ECC_NONE,
+					     g_RuntimeProfile.stateFormatLevel))
+	return;
     // libtpms added end
 
     //