libtpms

mirror of https://github.com/stefanberger/libtpms synced 2025-09-01 15:15:09 +00:00

Author	SHA1	Message	Date
Stefan Berger	625171be0c	tpm2: rev155: Add new RsaAdjustPrimeCandidate code but do not use Add in the new RsaAdjustPrimeCandidate() function but do not use it so far since it creates slightly different primes than the previous code and we would get different derived keys if we were to use it with 'old' seeds. Adjust the code to return the same results for 64 bit and 32 bit machines. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	c97d016d27	tpm2: Add SEED_COMPAT_LEVEL to DRBG state Add a SEED_COMPAT_LEVEL to the DRBG state that is associated with the seed and indicates the seed compatibility level we need to maintain when deriving RSA keys from seeds. We only need to be able to handle RSA keys derived via the DRBG state. Other keys, such as symmetric keys, are not affected. Also RSA keys cannot be derived from a KDR, so the KDF does not need to carry the SEED_COMPAT_LEVEL. All functions that need to pass a value set SEED_COMPAT_LEVEL to SEED_COMPAT_LEVEL_ORIGINAL (0) for now. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	7804d19dac	tpm2: Add SEED_COMPAT_LEVEL to nullSeed to track compatibility level Add SEED_COMPAT_LEVEL to the nullSeed in the state_reset data to track its compatibility level. We need it for VM suspend and resume. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	eabcd048c4	tpm2: Add SEED_COMPAT_LEVEL to seeds in PERSISTENT_DATA Add a variable seedCompatLevel to the each seed in the PERSISTENT_DATA that allows us to track the age of the seed. Whenever a new seed is created the seedCompatLevel is also written and set to the latest version. This seedCompatLevel then influences the crypto algorithm that can be used for deriving keys so that previously derived keys are now still generated in the same way. When the seed is changed the old keys are all useless and newly derived keys can then use the new algorithm. This patch only sets the variables to the current compatibility level SEED_COMPAT_LEVEL_ORIGINAL and writes it out as part of the state file. This makes the state file not downgradeable. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	63f3354d58	tpm2: Remove libtpms-specific setting of g_inFailureMode Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	8cf244fa91	tpm2: rev155: Rework CONTEXT_ENCRYPT_ALG handling in GpMacros.h Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	cd76780d71	tpm2: rev155: Remove unused #defines from SelfTest.h Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	3399586357	tpm2: rev155: Add #defines to TpmTypes that are not used in rev155 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	6cff090057	tpm2: rev155: Pass parameters->p.t.size rather than 0 to BnTo2B Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	bf40ccab72	tpm2: rev155: Refactor CryptGetSymmetricBlockSize Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	9215a8277e	tpm2: rev155: Avoid FAIL in default case and return a value instead Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	e602b6898c	tpm2: rev155: Sync commented code in TpmFail.c Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	de19b5d4ab	tpm2: rev155: Add CompilerDependencies to Manufacture_fp.h	2020-04-14 16:03:45 -04:00
Stefan Berger	e8478a7424	tpm2: rev155: Enable new command TPM2_CertifyX509 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	f743d7faae	tpm2: rev155: Add support for x509 in TPM2_Sign Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	b1bac6d212	tpm2: rev155: Add DebugHelpers and header file Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	a5866291ca	tpm2: rev155: Implement new command TPM2_CertifyX509 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	77f452fd14	tpm2: rev155: Add code to create X509 RSA and EC key certificates Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	83221ed68e	tpm2: rev155: Add ASN.1 related code Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	e5a67ccde9	tpm2: rev155: Remove old hash related code and definitions Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	ddba4e3c6b	tpm2: rev155: Use MakeDerTag instead of CryptHashGetDer Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	8679241b2f	tpm2: rev155: Implement MakeDerTag Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	d098436a34	tpm2: rev155: Extend HASH_DEF with BYTE *OID Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	244cd1bae9	tpm2: rev155: Extend ECC_CURVE with BYTE *OID and adjust code Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	f402d39d66	tpm2: rev155: Add OIDS.h	2020-04-14 16:03:45 -04:00
Stefan Berger	fd1b23daae	tpm2: rev155: Remove CURVE_SPEC #define Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	b6269798bd	tpm2: rev155: Consider g_inFailureMode when returning from crypto functions Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	c72fded7fc	tpm2: rev155: Marshal functions for TPMS_NV_DIGEST_CERTIFY_INFO Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	3dcaa01d0a	tpm2: rev155: Major refactoring of header files - Introduce Platform.h and replace usage of PlatformData.h and Platform_fp.h - Drop Implementation.h since we now use TpmProfile.h (which we prepared previously); many #defines were moved to TpmTypes.h Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	296cbb1699	tpm2: rev155: Refactor hash templates; for now also keep old templates Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	19574a4c42	tpm2: rev155: Implement CryptRsaPssSaltSize Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	fa7af853d8	tpm2: rev155: Implement case TPM_ST_ATTEST_NV_DIGEST Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	c453ceec08	tpm2: rev155: Implement NvHashIndexData Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	e97ac75c95	tpm2: rev155: Reorder #include statements Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	5e4564a286	tpm2: rev155: Add TYPE_OF_TPM_XYZ to TpmTypes.h Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	44f3d032a5	tpm2: rev155: Introduce #define EXTERN and use it to move vars to Global.h Move all variables from Global.c into Global.h Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	f415f46939	tpm2: rev155: Remove unnecessary #if ALG_RSA and ALG_ECC Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	7e6a43a7f8	tpm2: rev155: Allow PROFILE to be defined and #included Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	f4316a7011	tpm2: rev155: Consider return value of DRBG_InstantiateSeeded Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	259d47279b	tpm2: rev155: Have DRBG related functions return values not void Have some DRBG related functions return BOOL or TPM_RC to be able to handle failure cases. Inside the functions do not use FAIL anymore but LOG_FAILURE and return FALSE. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	e62e6d0c12	tpm2: rev155: Replace FAIL_NOCMD with LOG_FAILURE Replace FAIL_NOCMD with LOG_FAILURE, which calls into LogFailure, which in turn calls TpmSetFailureMode, just like before. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	f1e92fee8b	tpm2: rev155: Implement TpmLogFailure and modify for libtpms Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	7b617b4c2b	tpm2: rev155: Refactor MarshalUint16/32 in TpmFail.c Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	94de67dad7	tpm2: rev155: Remove UnmarshalHeader from TpmFail.c Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	da96ac6f08	tpm2: rev155: Add LIB_EXPORT to BnCurveFree() Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	ba240b3cca	tpm2: rev155: Add TpmAlgorithmDefines.h (no users yet) Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	a3f7213f75	tpm2: rev155: Add Platform.h (no users yet) Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	d216a724c1	tpm2: rev155: Add TpmProfile.h and adjust for libtpms Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	8a0af9b12a	tpm2: rev155: Add new file MinMax.h (no users yet) Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00
Stefan Berger	772911e36d	tpm2: rev155: Have MillerRabin() and RsaCheckPrime() check g_inFailureMode Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2020-04-14 16:03:45 -04:00

... 14 15 16 17 18 ...

1333 Commits