diff --git a/src/tpm2/AlgorithmTests.c b/src/tpm2/AlgorithmTests.c index 9bc5f868..d97ffcfc 100644 --- a/src/tpm2/AlgorithmTests.c +++ b/src/tpm2/AlgorithmTests.c @@ -884,7 +884,7 @@ TestAlgorithm(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest) # if ALG_SM4 // if SM4 is implemented, its test is like other block ciphers but there // aren't any test vectors for it yet - case TPM_ALG_SM4: /* libtpms changed */ + // case TPM_ALG_SM4: # endif // ALG_SM4 # if ALG_CAMELLIA /* fallthrough */ diff --git a/src/tpm2/Marshal.c b/src/tpm2/Marshal.c index 33e56dad..6f0448ce 100644 --- a/src/tpm2/Marshal.c +++ b/src/tpm2/Marshal.c @@ -1188,15 +1188,6 @@ TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size) written += TPM_KEY_BITS_Marshal(source, buffer, size); return written; } -#if ALG_SM4 // libtpms added begin -UINT16 -TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size) -{ - UINT16 written = 0; - written += TPM_KEY_BITS_Marshal(source, buffer, size); - return written; -} -#endif UINT16 TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size) { diff --git a/src/tpm2/Marshal_fp.h b/src/tpm2/Marshal_fp.h index f29d05d3..31ba3d2f 100644 --- a/src/tpm2/Marshal_fp.h +++ b/src/tpm2/Marshal_fp.h @@ -239,10 +239,6 @@ extern "C" { TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size); UINT16 TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size); -#if ALG_SM4 // libtpms added begin - UINT16 - TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size); -#endif UINT16 TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size); // libtpms added end UINT16 diff --git a/src/tpm2/SymmetricTest.h b/src/tpm2/SymmetricTest.h index 86eae9fa..c79ef1f6 100644 --- a/src/tpm2/SymmetricTest.h +++ b/src/tpm2/SymmetricTest.h @@ -125,7 +125,7 @@ const SYMMETRIC_TEST_VECTOR c_symTestValues[NUM_SYMS + 1] = { dataOut_SM4128_OFB, dataOut_SM4128_CBC, dataOut_SM4128_CFB, - dataOut_SM4128_ECB}}, + dataOut_AES128_ECB}}, # endif // libtpms added begin #if ALG_TDES && TDES_128 diff --git a/src/tpm2/SymmetricTestData.h b/src/tpm2/SymmetricTestData.h index 8b3c633c..c2a167f4 100644 --- a/src/tpm2/SymmetricTestData.h +++ b/src/tpm2/SymmetricTestData.h @@ -370,7 +370,7 @@ const BYTE key_SM4128[] = { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}; const BYTE dataIn_SM4128[] = { 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB, - 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD, + 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF, 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB}; const BYTE dataOut_SM4128_ECB[] = { @@ -379,7 +379,7 @@ const BYTE dataOut_SM4128_ECB[] = { 0x2F, 0x1D, 0x30, 0x5A, 0x7F, 0xB1, 0x7D, 0xF9, 0x85, 0xF8, 0x1C, 0x84, 0x82, 0x19, 0x23, 0x04, 0x00, 0x2A, 0x8A, 0x4E, 0xFA, 0x86, 0x3C, 0xCA, - 0xD0, 0x24, 0xAC, 0x03, 0x00, 0xBB, 0x40, 0xD2}; + 0xD0, 0x24, 0xAC, 0x03, 0x00, 0xBB, 0x40, 0xD2} const BYTE dataOut_SM4128_CBC[] = { 0x78, 0xEB, 0xB1, 0x1C, 0xC4, 0x0B, 0x0A, 0x48, 0x31, 0x2A, 0xAE, 0xB2, 0x04, 0x02, 0x44, 0xCB, @@ -397,15 +397,15 @@ const BYTE dataOut_SM4128_OFB[] = { 0xE6, 0x41, 0x3B, 0x4E, 0x3C, 0x75, 0x24, 0xB7, 0x1D, 0x01, 0xAC, 0xA2, 0x48, 0x7C, 0xA5, 0x82, 0xCB, 0xF5, 0x46, 0x3E, 0x66, 0x98, 0x53, 0x9B}; -/* The data are obtained by running the commands as below: - echo "AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFFAAAAAAAABBBBBBBB" | xxd -p -r > plain.txt - openssl enc -sm4-ctr -in plain.txt -iv "F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF" -out out.txt -K "0123456789ABCDEFFEDCBA9876543210" -*/ -const BYTE dataOut_SM4128_CTR[] = { - 0xF4, 0x88, 0x4C, 0x6D, 0x39, 0x7E, 0x0B, 0x06, - 0x3D, 0xAC, 0xD9, 0x46, 0x1A, 0xA4, 0xA5, 0x6A, - 0x60, 0xDD, 0xA7, 0x5F, 0x86, 0xBC, 0xFE, 0xA4, - 0xF1, 0x5D, 0xB4, 0x6A, 0xD1, 0x4E, 0x7C, 0x7F}; +-const BYTE dataOut_SM4128_CTR [] = { + /* FIXME: The IETF doc uses a different IV than what we do....*/ + 0xAC, 0x32, 0x36, 0xCB, 0x97, 0x0C, 0xC2, 0x07, + 0x91, 0x36, 0x4C, 0x39, 0x5A, 0x13, 0x42, 0xD1, + 0xA3, 0xCB, 0xC1, 0x87, 0x8C, 0x6F, 0x30, 0xCD, + 0x07, 0x4C, 0xCE, 0x38, 0x5C, 0xDD, 0x70, 0xC7, + 0xF2, 0x34, 0xBC, 0x0E, 0x24, 0xC1, 0x19, 0x80, + 0xFD, 0x12, 0x86, 0x31, 0x0C, 0xE3, 0x7B, 0x92, + 0x6E, 0x02, 0xFC, 0xD0, 0xFA, 0xA0, 0xBA, 0xF3, + 0x8B, 0x29, 0x33, 0x85, 0x1D, 0x82, 0x45, 0x14}; #endif // libtpms added end - diff --git a/src/tpm2/Unmarshal_fp.h b/src/tpm2/Unmarshal_fp.h index 1fc44e60..4f48a3ad 100644 --- a/src/tpm2/Unmarshal_fp.h +++ b/src/tpm2/Unmarshal_fp.h @@ -308,10 +308,6 @@ extern "C" { TPM2B_SET_CAPABILITY_DATA_Unmarshal(TPM2B_SET_CAPABILITY_DATA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size); -#if ALG_SM4 /* libtpms added begin */ - TPM_RC - TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size); -#endif /* libtpms added end */ LIB_EXPORT TPM_RC TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC /* libtpms added */ diff --git a/src/tpm2/crypto/CryptSym.h b/src/tpm2/crypto/CryptSym.h index bbc5e8fe..dd45acab 100644 --- a/src/tpm2/crypto/CryptSym.h +++ b/src/tpm2/crypto/CryptSym.h @@ -135,8 +135,6 @@ typedef union tpmCryptKeySchedule_t { #define DECRYPT(keySchedule, in, out) decrypt(SWIZZLE(keySchedule, in, out)) -#define FINAL(keySchedule) final((void *)(keySchedule)) // libtpms added - // Note that the macros rely on 'encrypt' as local values in the // functions that use these macros. Those parameters are set by the macro that // set the key schedule to be used for the call. @@ -145,13 +143,11 @@ typedef union tpmCryptKeySchedule_t { case TPM_ALG_##ALG: \ TpmCryptSetEncryptKey##ALG(key, keySizeInBits, &keySchedule.alg); \ encrypt = (TpmCryptSetSymKeyCall_t)TpmCryptEncrypt##ALG; \ - final = (TpmCryptSymFinal_t)TpmCryptFinal##ALG; \ - break; // libtpms changed + break; #define DECRYPT_CASE(ALG, alg) \ case TPM_ALG_##ALG: \ TpmCryptSetDecryptKey##ALG(key, keySizeInBits, &keySchedule.alg); \ decrypt = (TpmCryptSetSymKeyCall_t)TpmCryptDecrypt##ALG; \ - final = (TpmCryptSymFinal_t)TpmCryptFinal##ALG; \ - break; // libtpms changed + break; #endif // CRYPT_SYM_H diff --git a/src/tpm2/crypto/openssl/CryptCmac.c b/src/tpm2/crypto/openssl/CryptCmac.c index 10bec057..f60dbf15 100644 --- a/src/tpm2/crypto/openssl/CryptCmac.c +++ b/src/tpm2/crypto/openssl/CryptCmac.c @@ -117,7 +117,6 @@ void CryptCmacData(SMAC_STATES* state, UINT32 size, const BYTE* buffer) UINT16 keySizeInBits = cmacState->keySizeBits; tpmCryptKeySchedule_t keySchedule; TpmCryptSetSymKeyCall_t encrypt; - TpmCryptSymFinal_t final; /* libtpms added */ // memset(&keySchedule, 0, sizeof(keySchedule)); /* libtpms added: coverity */ // Set up the encryption values based on the algorithm @@ -140,8 +139,6 @@ void CryptCmacData(SMAC_STATES* state, UINT32 size, const BYTE* buffer) cmacState->iv.t.buffer[cmacState->bcount] ^= *buffer++; } } - if (final) // libtpms added begin - FINAL(&keySchedule); // libtpms added end } //*** CryptCmacEnd() @@ -158,7 +155,6 @@ CryptCmacEnd(SMAC_STATES* state, UINT32 outSize, BYTE* outBuffer) UINT16 keySizeInBits = cState->keySizeBits; tpmCryptKeySchedule_t keySchedule; TpmCryptSetSymKeyCall_t encrypt; - TpmCryptSymFinal_t final; // libtpms added TPM2B_IV subkey = {{0, {0}}}; BOOL xorVal; UINT16 i; @@ -204,8 +200,6 @@ MUST_BE(MAX_SYM_BLOCK_SIZE == 16); // libtpms added begin: gcc -Wstringop-ove i = (UINT16)MIN(cState->iv.t.size, outSize); MemoryCopy(outBuffer, cState->iv.t.buffer, i); - if (final) // libtpms added begin - FINAL(&keySchedule); // libtpms added end return i; } #endif diff --git a/src/tpm2/crypto/openssl/CryptSym.c b/src/tpm2/crypto/openssl/CryptSym.c index 1abca386..6e8185d3 100644 --- a/src/tpm2/crypto/openssl/CryptSym.c +++ b/src/tpm2/crypto/openssl/CryptSym.c @@ -176,7 +176,6 @@ LIB_EXPORT TPM_RC CryptSymmetricEncrypt( TpmCryptSetSymKeyCall_t encrypt; BYTE* iv; BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; - TpmCryptSymFinal_t final; // libtpms added // pAssert(dOut != NULL && key != NULL && dIn != NULL); memset((void *)&keySchedule, 0, sizeof(keySchedule)); /* silence false positive; coverity */ @@ -299,12 +298,8 @@ LIB_EXPORT TPM_RC CryptSymmetricEncrypt( break; #endif default: - if (final) // libtpms added begin - FINAL(&keySchedule); // libtpms added end return TPM_RC_FAILURE; } - if (final) // libtpms added begin - FINAL(&keySchedule); // libtpms added end return TPM_RC_SUCCESS; } @@ -337,8 +332,6 @@ LIB_EXPORT TPM_RC CryptSymmetricDecrypt( TpmCryptSetSymKeyCall_t encrypt; TpmCryptSetSymKeyCall_t decrypt; BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; - TpmCryptSymFinal_t final; /* libtpms added */ - memset((void *)&keySchedule, 0, sizeof(keySchedule)); /* silence false positive; coverity */ memset(tmp, 0, sizeof(tmp)); @@ -485,12 +478,8 @@ LIB_EXPORT TPM_RC CryptSymmetricDecrypt( break; #endif default: - if (final) /* libtpms added begin */ - FINAL(&keySchedule); /* libtpms added end */ return TPM_RC_FAILURE; } - if (final) /* libtpms added begin */ - FINAL(&keySchedule); /* libtpms added end */ return TPM_RC_SUCCESS; } diff --git a/src/tpm2/crypto/openssl/Helpers.c b/src/tpm2/crypto/openssl/Helpers.c index 033318ec..ffbd5edc 100644 --- a/src/tpm2/crypto/openssl/Helpers.c +++ b/src/tpm2/crypto/openssl/Helpers.c @@ -1061,69 +1061,6 @@ OpenSSLCryptRsaGenerateKey( #endif // USE_OPENSSL_FUNCTIONS_RSA -#if ALG_SM4 -static int SetSM4Key(const uint8_t *key, SM4_KEY *ks, int direction) -{ - int rc = 0; - UINT8 iv[MAX_SM4_BLOCK_SIZE_BYTES] = { 0 }; - const EVP_CIPHER *sm4Cipher = EVP_sm4_ecb(); - - *ks = EVP_CIPHER_CTX_new(); - if (*ks == NULL) { - return 0; - } - if (direction == SM4_ENCRYPT) { - rc = EVP_EncryptInit_ex(*ks, sm4Cipher, NULL, key, iv); - } else { - rc = EVP_DecryptInit_ex(*ks, sm4Cipher, NULL, key, iv); - } - if (rc != 1) { - return 0; - } - return 1; -} - -int SM4_set_encrypt_key(const uint8_t *key, SM4_KEY *ks) -{ - return SetSM4Key(key, ks, SM4_ENCRYPT); -} - -int SM4_set_decrypt_key(const uint8_t *key, SM4_KEY *ks) -{ - return SetSM4Key(key, ks, SM4_DECRYPT); -} - -static void SM4EncryptDecrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks, int direction) -{ - int outLen = SM4_BLOCK_SIZES; - int rc = 0; - - if (direction == SM4_ENCRYPT) { - rc = EVP_EncryptUpdate(*ks, out, &outLen, in, SM4_BLOCK_SIZES); - } else { - rc = EVP_DecryptUpdate(*ks, out, &outLen, in, SM4_BLOCK_SIZES); - } - pAssert(rc != 1 || outLen != SM4_BLOCK_SIZES); -} - -void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks) -{ - SM4EncryptDecrypt(in, out, ks, SM4_ENCRYPT); -} - -void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks) -{ - SM4EncryptDecrypt(in, out, ks, SM4_DECRYPT); -} - -void SM4_final(const SM4_KEY *ks) -{ - if (*ks != NULL) { - EVP_CIPHER_CTX_cleanup(*ks); - } -} -#endif - #if USE_OPENSSL_FUNCTIONS_SSKDF UINT16 OSSLCryptKDFe(TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC diff --git a/src/tpm2/crypto/openssl/TpmToOsslSym.h b/src/tpm2/crypto/openssl/TpmToOsslSym.h index 7d4df54f..bcdb11c7 100644 --- a/src/tpm2/crypto/openssl/TpmToOsslSym.h +++ b/src/tpm2/crypto/openssl/TpmToOsslSym.h @@ -80,20 +80,23 @@ #if ALG_SM4 # if defined(OPENSSL_NO_SM4) || OPENSSL_VERSION_NUMBER < 0x10101010L # error "Current version of OpenSSL doesn't support SM4" -# //elif OPENSSL_VERSION_NUMBER >= 0x10200000L // libtpms deactivated -# // include // libtpms deactivated +# elif OPENSSL_VERSION_NUMBER >= 0x10200000L +# include # else -# include // libtpms changed begin - typedef EVP_CIPHER_CTX* SM4_KEY; -# define SM4_ENCRYPT 1 -# define SM4_DECRYPT 0 +// OpenSSL 1.1.1 keeps smX.h headers in the include/crypto directory, +// and they do not get installed as part of the libssl package -int SM4_set_encrypt_key(const uint8_t *key, SM4_KEY *ks); -int SM4_set_decrypt_key(const uint8_t *key, SM4_KEY *ks); // libtpms changed end +# define SM4_KEY_SCHEDULE 32 + +typedef struct SM4_KEY_st { + uint32_t rk[SM4_KEY_SCHEDULE]; +} SM4_KEY; + +int SM4_set_key(const uint8_t *key, SM4_KEY *ks); void SM4_encrypt(const uint8_t* in, uint8_t* out, const SM4_KEY* ks); void SM4_decrypt(const uint8_t* in, uint8_t* out, const SM4_KEY* ks); -void SM4_final(const SM4_KEY *ks); // libtpms added -# endif // OpenSSL < 1.2 +void SM4_final(const SM4_KEY *ks); +# endif // OpenSSL < 1.2 #endif // ALG_SM4 #if ALG_CAMELLIA @@ -121,7 +124,6 @@ void SM4_final(const SM4_KEY *ks); // libtpms added // and decryption. typedef void (*TpmCryptSetSymKeyCall_t)(const BYTE* in, BYTE* out, void* keySchedule); -typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */ #define SYM_ALIGNMENT 4 /* libtpms: keep old value */ //*************************************************************** @@ -144,7 +146,6 @@ typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */ #define TpmCryptEncryptAES AES_encrypt #define TpmCryptDecryptAES AES_decrypt #define tpmKeyScheduleAES AES_KEY -#define TpmCryptFinalAES NULL // libtpms added #define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ TDES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) @@ -154,7 +155,6 @@ typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */ #define TpmCryptEncryptTDES TDES_encrypt #define TpmCryptDecryptTDES TDES_decrypt #define tpmKeyScheduleTDES DES_key_schedule -#define TpmCryptFinalTDES NULL // libtpms added #if ALG_TDES // libtpms added begin #include "TpmToOsslDesSupport_fp.h" @@ -165,16 +165,15 @@ typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */ //*************************************************************** // Macros to set up the encryption/decryption key schedules #define TpmCryptSetEncryptKeySM4(key, keySizeInBits, schedule) \ - SM4_set_encrypt_key((key), (tpmKeyScheduleSM4 *)(schedule)) /* libtpms changed */ + SM4_set_key((key), (tpmKeyScheduleSM4 *)(schedule)) #define TpmCryptSetDecryptKeySM4(key, keySizeInBits, schedule) \ - SM4_set_decrypt_key((key), (tpmKeyScheduleSM4 *)(schedule)) /* libtpms changed */ + SM4_set_key((key), (tpmKeyScheduleSM4 *)(schedule)) // Macros to alias encryption calls to specific algorithms. This should be used // sparingly. #define TpmCryptEncryptSM4 SM4_encrypt #define TpmCryptDecryptSM4 SM4_decrypt #define tpmKeyScheduleSM4 SM4_KEY -#define TpmCryptFinalSM4 SM4_final // libtpms added //*************************************************************** //** Links to the OpenSSL CAMELLIA code @@ -190,7 +189,6 @@ typedef void(*TpmCryptSymFinal_t)(void *keySchedule); /* libtpms added */ #define TpmCryptEncryptCAMELLIA Camellia_encrypt #define TpmCryptDecryptCAMELLIA Camellia_decrypt #define tpmKeyScheduleCAMELLIA CAMELLIA_KEY -#define TpmCryptFinalCAMELLIA NULL // libtpms added // Forward reference