Proxmox-Port/libtpms
1
0
Fork 0
mirror of https://github.com/stefanberger/libtpms synced 2026-01-11 16:51:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tpm2: Remove contributed SM4 support

Browse Source 
Due to the license change in the 'new' upstream repo (versus the 'old'
upstream repo), remove the SM4 support contributed under the previous
license. We can remove this since SM4 is not enabled by default.
SM4 support can be re-added under BSD license before the next release.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This commit is contained in:
Stefan Berger 2025-09-02 12:31:19 -04:00
parent 43aa9a27a2
commit fc842c1a9d
11 changed files with 31 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/tpm2/AlgorithmTests.c
View File

@ -884,7 +884,7 @@ TestAlgorithm(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest)
# if ALG_SM4
// if SM4 is implemented, its test is like other block ciphers but there
// aren't any test vectors for it yet
case TPM_ALG_SM4: /* libtpms changed */
// case TPM_ALG_SM4:
# endif // ALG_SM4
# if ALG_CAMELLIA
/* fallthrough */

9
src/tpm2/Marshal.c
View File

@ -1188,15 +1188,6 @@ TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size)
written += TPM_KEY_BITS_Marshal(source, buffer, size);
return written;
}
#if ALG_SM4 // libtpms added begin
UINT16
TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
written += TPM_KEY_BITS_Marshal(source, buffer, size);
return written;
}
#endif
UINT16
TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size)
{

4
src/tpm2/Marshal_fp.h
View File

@ -239,10 +239,6 @@ extern "C" {
TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size);
UINT16
TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size);
#if ALG_SM4 // libtpms added begin
UINT16
TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size);
#endif
UINT16
TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size); // libtpms added end
UINT16

2
src/tpm2/SymmetricTest.h
View File

@ -125,7 +125,7 @@ const SYMMETRIC_TEST_VECTOR c_symTestValues[NUM_SYMS + 1] = {
dataOut_SM4128_OFB,
dataOut_SM4128_CBC,
dataOut_SM4128_CFB,
dataOut_SM4128_ECB}},
dataOut_AES128_ECB}},
# endif
// libtpms added begin
#if ALG_TDES && TDES_128

24
src/tpm2/SymmetricTestData.h
View File

@ -370,7 +370,7 @@ const BYTE key_SM4128[] = {
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10};
const BYTE dataIn_SM4128[] = {
0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD
0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB};
const BYTE dataOut_SM4128_ECB[] = {
@ -379,7 +379,7 @@ const BYTE dataOut_SM4128_ECB[] = {
0x2F, 0x1D, 0x30, 0x5A, 0x7F, 0xB1, 0x7D, 0xF9,
0x85, 0xF8, 0x1C, 0x84, 0x82, 0x19, 0x23, 0x04,
0x00, 0x2A, 0x8A, 0x4E, 0xFA, 0x86, 0x3C, 0xCA,
0xD0, 0x24, 0xAC, 0x03, 0x00, 0xBB, 0x40, 0xD2};
0xD0, 0x24, 0xAC, 0x03, 0x00, 0xBB, 0x40, 0xD2}
const BYTE dataOut_SM4128_CBC[] = {
0x78, 0xEB, 0xB1, 0x1C, 0xC4, 0x0B, 0x0A, 0x48,
0x31, 0x2A, 0xAE, 0xB2, 0x04, 0x02, 0x44, 0xCB,
@ -397,15 +397,15 @@ const BYTE dataOut_SM4128_OFB[] = {
0xE6, 0x41, 0x3B, 0x4E, 0x3C, 0x75, 0x24, 0xB7,
0x1D, 0x01, 0xAC, 0xA2, 0x48, 0x7C, 0xA5, 0x82,
0xCB, 0xF5, 0x46, 0x3E, 0x66, 0x98, 0x53, 0x9B};
/* The data are obtained by running the commands as below:
echo "AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFFAAAAAAAABBBBBBBB" | xxd -p -r > plain.txt
openssl enc -sm4-ctr -in plain.txt -iv "F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF" -out out.txt -K "0123456789ABCDEFFEDCBA9876543210"
*/
const BYTE dataOut_SM4128_CTR[] = {
0xF4, 0x88, 0x4C, 0x6D, 0x39, 0x7E, 0x0B, 0x06,
0x3D, 0xAC, 0xD9, 0x46, 0x1A, 0xA4, 0xA5, 0x6A,
0x60, 0xDD, 0xA7, 0x5F, 0x86, 0xBC, 0xFE, 0xA4,
0xF1, 0x5D, 0xB4, 0x6A, 0xD1, 0x4E, 0x7C, 0x7F};
-const BYTE dataOut_SM4128_CTR [] = {
/* FIXME: The IETF doc uses a different IV than what we do....*/
0xAC, 0x32, 0x36, 0xCB, 0x97, 0x0C, 0xC2, 0x07,
0x91, 0x36, 0x4C, 0x39, 0x5A, 0x13, 0x42, 0xD1,
0xA3, 0xCB, 0xC1, 0x87, 0x8C, 0x6F, 0x30, 0xCD,
0x07, 0x4C, 0xCE, 0x38, 0x5C, 0xDD, 0x70, 0xC7,
0xF2, 0x34, 0xBC, 0x0E, 0x24, 0xC1, 0x19, 0x80,
0xFD, 0x12, 0x86, 0x31, 0x0C, 0xE3, 0x7B, 0x92,
0x6E, 0x02, 0xFC, 0xD0, 0xFA, 0xA0, 0xBA, 0xF3,
0x8B, 0x29, 0x33, 0x85, 0x1D, 0x82, 0x45, 0x14};
#endif
// libtpms added end

4
src/tpm2/Unmarshal_fp.h
View File

@ -308,10 +308,6 @@ extern "C" {
TPM2B_SET_CAPABILITY_DATA_Unmarshal(TPM2B_SET_CAPABILITY_DATA *target, BYTE **buffer, INT32 *size);
LIB_EXPORT TPM_RC
TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size);
#if ALG_SM4 /* libtpms added begin */
TPM_RC
TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size);
#endif /* libtpms added end */
LIB_EXPORT TPM_RC
TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size);
LIB_EXPORT TPM_RC /* libtpms added */

8
src/tpm2/crypto/CryptSym.h
View File

@ -135,8 +135,6 @@ typedef union tpmCryptKeySchedule_t {
#define DECRYPT(keySchedule, in, out) decrypt(SWIZZLE(keySchedule, in, out))
#define FINAL(keySchedule) final((void *)(keySchedule)) // libtpms added
// Note that the macros rely on 'encrypt' as local values in the
// functions that use these macros. Those parameters are set by the macro that
// set the key schedule to be used for the call.
@ -145,13 +143,11 @@ typedef union tpmCryptKeySchedule_t {
case TPM_ALG_##ALG: \
TpmCryptSetEncryptKey##ALG(key, keySizeInBits, &keySchedule.alg); \
encrypt = (TpmCryptSetSymKeyCall_t)TpmCryptEncrypt##ALG; \
final = (TpmCryptSymFinal_t)TpmCryptFinal##ALG; \
break; // libtpms changed
break;
#define DECRYPT_CASE(ALG, alg) \
case TPM_ALG_##ALG: \
TpmCryptSetDecryptKey##ALG(key, keySizeInBits, &keySchedule.alg); \
decrypt = (TpmCryptSetSymKeyCall_t)TpmCryptDecrypt##ALG; \
final = (TpmCryptSymFinal_t)TpmCryptFinal##ALG; \
break; // libtpms changed
break;
#endif // CRYPT_SYM_H

6
src/tpm2/crypto/openssl/CryptCmac.c
View File

@ -117,7 +117,6 @@ void CryptCmacData(SMAC_STATES* state, UINT32 size, const BYTE* buffer)
UINT16 keySizeInBits = cmacState->keySizeBits;
tpmCryptKeySchedule_t keySchedule;
TpmCryptSetSymKeyCall_t encrypt;
TpmCryptSymFinal_t final; /* libtpms added */
//
memset(&keySchedule, 0, sizeof(keySchedule)); /* libtpms added: coverity */
// Set up the encryption values based on the algorithm
@ -140,8 +139,6 @@ void CryptCmacData(SMAC_STATES* state, UINT32 size, const BYTE* buffer)
cmacState->iv.t.buffer[cmacState->bcount] ^= *buffer++;
}
}
if (final) // libtpms added begin
FINAL(&keySchedule); // libtpms added end
}
//*** CryptCmacEnd()
@ -158,7 +155,6 @@ CryptCmacEnd(SMAC_STATES* state, UINT32 outSize, BYTE* outBuffer)
UINT16 keySizeInBits = cState->keySizeBits;
tpmCryptKeySchedule_t keySchedule;
TpmCryptSetSymKeyCall_t encrypt;
TpmCryptSymFinal_t final; // libtpms added
TPM2B_IV subkey = {{0, {0}}};
BOOL xorVal;
UINT16 i;
@ -204,8 +200,6 @@ MUST_BE(MAX_SYM_BLOCK_SIZE == 16); // libtpms added begin: gcc -Wstringop-ove
i = (UINT16)MIN(cState->iv.t.size, outSize);
MemoryCopy(outBuffer, cState->iv.t.buffer, i);
if (final) // libtpms added begin
FINAL(&keySchedule); // libtpms added end
return i;
}
#endif

11
src/tpm2/crypto/openssl/CryptSym.c
View File

@ -176,7 +176,6 @@ LIB_EXPORT TPM_RC CryptSymmetricEncrypt(
TpmCryptSetSymKeyCall_t encrypt;
BYTE* iv;
BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0};
TpmCryptSymFinal_t final; // libtpms added
//
pAssert(dOut != NULL && key != NULL && dIn != NULL);
memset((void *)&keySchedule, 0, sizeof(keySchedule)); /* silence false positive; coverity */
@ -299,12 +298,8 @@ LIB_EXPORT TPM_RC CryptSymmetricEncrypt(
break;
#endif
default:
if (final) // libtpms added begin
FINAL(&keySchedule); // libtpms added end
return TPM_RC_FAILURE;
}
if (final) // libtpms added begin
FINAL(&keySchedule); // libtpms added end
return TPM_RC_SUCCESS;
}
@ -337,8 +332,6 @@ LIB_EXPORT TPM_RC CryptSymmetricDecrypt(
TpmCryptSetSymKeyCall_t encrypt;
TpmCryptSetSymKeyCall_t decrypt;
BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0};
TpmCryptSymFinal_t final; /* libtpms added */
memset((void *)&keySchedule, 0, sizeof(keySchedule)); /* silence false positive; coverity */
memset(tmp, 0, sizeof(tmp));
@ -485,12 +478,8 @@ LIB_EXPORT TPM_RC CryptSymmetricDecrypt(
break;
#endif
default:
if (final) /* libtpms added begin */
FINAL(&keySchedule); /* libtpms added end */
return TPM_RC_FAILURE;
}
if (final) /* libtpms added begin */
FINAL(&keySchedule); /* libtpms added end */
return TPM_RC_SUCCESS;
}

63
src/tpm2/crypto/openssl/Helpers.c
View File

@ -1061,69 +1061,6 @@ OpenSSLCryptRsaGenerateKey(
#endif // USE_OPENSSL_FUNCTIONS_RSA
#if ALG_SM4
static int SetSM4Key(const uint8_t *key, SM4_KEY *ks, int direction)
{
int rc = 0;
UINT8 iv[MAX_SM4_BLOCK_SIZE_BYTES] = { 0 };
const EVP_CIPHER *sm4Cipher = EVP_sm4_ecb();
*ks = EVP_CIPHER_CTX_new();
if (*ks == NULL) {
return 0;
}
if (direction == SM4_ENCRYPT) {
rc = EVP_EncryptInit_ex(*ks, sm4Cipher, NULL, key, iv);
} else {
rc = EVP_DecryptInit_ex(*ks, sm4Cipher, NULL, key, iv);
}
if (rc != 1) {
return 0;
}
return 1;
}
int SM4_set_encrypt_key(const uint8_t *key, SM4_KEY *ks)
{
return SetSM4Key(key, ks, SM4_ENCRYPT);
}
int SM4_set_decrypt_key(const uint8_t *key, SM4_KEY *ks)
{
return SetSM4Key(key, ks, SM4_DECRYPT);
}
static void SM4EncryptDecrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks, int direction)
{
int outLen = SM4_BLOCK_SIZES;
int rc = 0;
if (direction == SM4_ENCRYPT) {
rc = EVP_EncryptUpdate(*ks, out, &outLen, in, SM4_BLOCK_SIZES);
} else {
rc = EVP_DecryptUpdate(*ks, out, &outLen, in, SM4_BLOCK_SIZES);
}
pAssert(rc != 1 || outLen != SM4_BLOCK_SIZES);
}
void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
{
SM4EncryptDecrypt(in, out, ks, SM4_ENCRYPT);
}
void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
{
SM4EncryptDecrypt(in, out, ks, SM4_DECRYPT);
}
void SM4_final(const SM4_KEY *ks)
{
if (*ks != NULL) {
EVP_CIPHER_CTX_cleanup(*ks);
}
}
#endif
#if USE_OPENSSL_FUNCTIONS_SSKDF
UINT16 OSSLCryptKDFe(TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC

32
src/tpm2/crypto/openssl/TpmToOsslSym.h
View File

@ -80,20 +80,23 @@
#if ALG_SM4
# if defined(OPENSSL_NO_SM4) || OPENSSL_VERSION_NUMBER < 0x10101010L
# error "Current version of OpenSSL doesn't support SM4"
# //elif OPENSSL_VERSION_NUMBER >= 0x10200000L // libtpms deactivated
# // include <openssl/sm4.h> // libtpms deactivated
# elif OPENSSL_VERSION_NUMBER >= 0x10200000L
# include <openssl/sm4.h>
# else
# include <openssl/evp.h> // libtpms changed begin
typedef EVP_CIPHER_CTX* SM4_KEY;
# define SM4_ENCRYPT 1
# define SM4_DECRYPT 0
// OpenSSL 1.1.1 keeps smX.h headers in the include/crypto directory,
// and they do not get installed as part of the libssl package
int SM4_set_encrypt_key(const uint8_t *key, SM4_KEY *ks);
int SM4_set_decrypt_key(const uint8_t *key, SM4_KEY *ks); // libtpms changed end
# define SM4_KEY_SCHEDULE 32
typedef struct SM4_KEY_st {
uint32_t rk[SM4_KEY_SCHEDULE];
} SM4_KEY;
int SM4_set_key(const uint8_t *key, SM4_KEY *ks);
void SM4_encrypt(const uint8_t* in, uint8_t* out, const SM4_KEY* ks);
void SM4_decrypt(const uint8_t* in, uint8_t* out, const SM4_KEY* ks);
void SM4_final(const SM4_KEY *ks); // libtpms added
# endif // OpenSSL < 1.2
void SM4_final(const SM4_KEY *ks);
# endif // OpenSSL < 1.2
#endif // ALG_SM4
#if ALG_CAMELLIA
@ -121,7 +124,6 @@ void SM4_final(const SM4_KEY *ks); // libtpms added
// and decryption.
typedef void (*TpmCryptSetSymKeyCall_t)(const BYTE* in, BYTE* out, void* keySchedule);
typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */
#define SYM_ALIGNMENT 4 /* libtpms: keep old value */
//***************************************************************
@ -144,7 +146,6 @@ typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */
#define TpmCryptEncryptAES AES_encrypt
#define TpmCryptDecryptAES AES_decrypt
#define tpmKeyScheduleAES AES_KEY
#define TpmCryptFinalAES NULL // libtpms added
#define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \
TDES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule))
@ -154,7 +155,6 @@ typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */
#define TpmCryptEncryptTDES TDES_encrypt
#define TpmCryptDecryptTDES TDES_decrypt
#define tpmKeyScheduleTDES DES_key_schedule
#define TpmCryptFinalTDES NULL // libtpms added
#if ALG_TDES // libtpms added begin
#include "TpmToOsslDesSupport_fp.h"
@ -165,16 +165,15 @@ typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */
//***************************************************************
// Macros to set up the encryption/decryption key schedules
#define TpmCryptSetEncryptKeySM4(key, keySizeInBits, schedule) \
SM4_set_encrypt_key((key), (tpmKeyScheduleSM4 *)(schedule)) /* libtpms changed */
SM4_set_key((key), (tpmKeyScheduleSM4 *)(schedule))
#define TpmCryptSetDecryptKeySM4(key, keySizeInBits, schedule) \
SM4_set_decrypt_key((key), (tpmKeyScheduleSM4 *)(schedule)) /* libtpms changed */
SM4_set_key((key), (tpmKeyScheduleSM4 *)(schedule))
// Macros to alias encryption calls to specific algorithms. This should be used
// sparingly.
#define TpmCryptEncryptSM4 SM4_encrypt
#define TpmCryptDecryptSM4 SM4_decrypt
#define tpmKeyScheduleSM4 SM4_KEY
#define TpmCryptFinalSM4 SM4_final // libtpms added
//***************************************************************
//** Links to the OpenSSL CAMELLIA code
@ -190,7 +189,6 @@ typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */
#define TpmCryptEncryptCAMELLIA Camellia_encrypt
#define TpmCryptDecryptCAMELLIA Camellia_decrypt
#define tpmKeyScheduleCAMELLIA CAMELLIA_KEY
#define TpmCryptFinalCAMELLIA NULL // libtpms added
// Forward reference