Some TDES related marshalling and unmarshalling functions were
missing, so add them. Now TDES keys can be created.
Signed-off-by: stefan Berger <stefanb@linux.ibm.com>
This patch fixes a bug described in the following TCG Document
ERRATA; Errata Version 1.9, August 23, 2019; For TCG Trusted Platform
Module Library; Family "2.0", Level 00, Revision 1.38, Sept 29, 2016
section 2.34: NV PIN Indices
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
We define USE_SPEC_COMPLIANT_PROOFS which overrides PRIMARY_SEED_SIZE in
Implentation.h and cause PRIMARY_SEED_SIZE to be set to 64. Nevertheless,
adjust the value in Implementation.h.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Do not go by the toTest vector when it comes to testing symmetric
crypto modes since those bits may have been cleared elsewhere.
Check the implemented algorithm vector instead for whether the
mode is implemented.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a missing break statement to the EVP function selectors
based on algorithm. So far this missing break statement had
not negative effect since no other algoritms are in use in
case statements below the TDES.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use TPM_PrintFourLimit in those cases where less than 4 bytes of
valid data may exist. Hashes, nonces, encrypted data, and others
typically have more than 4 bytes but data read from NVRAM or
to be encrypted data may have less.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Avoid the accumulation of -lcrypto while testing for symbols in the -lcrypto
library by saving the LIBS variable before doing the series of tests.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Get rid of the usage of an sprintf and use snprintf instead. In this
case the buffer is 128, so big enough to not cause problems, though.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix a potential buffer overflow bug in the creation of filenames
that were using sprintf() rather than snprintf(). The buffer overflow
could occurr if the buffer is longer than 4096 bytes. The state path
may alone be 4096 bytes and could possibly trigger the overflow.
Swtpm for example is not affected from this since it uses the callbacks
that are invoked before the faulty function is called.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check the size of the available data before hashing them. A minimum
of 20 bytes needs to be passed into the function so that we can hash
the data 'before' it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reported-by: Yi Ren <yunye.ry@alibaba-inc.com>
Fix a Coverity complaint by using iv.t.buffer rather than the
1-byte synonym (due to union) iv.b.buffer.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some of the functions that OpenSSL uses are #define's for which
we need to check using a new AX_CHECK_DEFINE. We need to check for
them also because they were added at different points in time.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement key creation with OpenSSL if rand == NULL, meaning
that we create a non-KDF-derived key, so a purely random key.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use the CRT (Chinese Remainder Theorem) method for doing the RSA
operations. Unfortunately it is not sufficient to just pass the
precalculated dP, dQ, and qInv parameters to OpenSSL private key
crypto functions but it also needs D, which is a bit more involved
to calculate.
We are not caching D (private exponent) as part of the OBJECT since
the OBJECT lives in size-limited NVRAM and we would need to add
'D' to the privateExponent_t, which would make it bigger and which
would allow less keys to fit into memory, which in turn could be-
come an issue if we wanted to resume a TPM that filled up the NVRAM
with keys and now less keys would fit into the NVRAM.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement helper functions to create an RSA public and private
key. Create the latter with the CRT parameters.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check for RSA functions we need for calling the cryto lib for
doing RSA operations. Set the environment variable
USE_OPENSSL_FUNCTIONS_RSA to '1' if found, to '0' otherwise.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use OpenSSL function to create TDES keys if rand == NULL,
which indicates that a truely random key needs to be generated
rather than one derived from a KDF.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use OpenSSL functions to create EC keys only for the case that
rand == NULL in which case no KDF is being used and where we can
create a truly random key. This doesn't break the upgrade path.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Switch the ECDSA signature verification to OpenSSL. Do the signature
creation in the next step so we can verify the creation / verification
against the original TPM 2 code.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
OpenSSL's crypto library does not support all crypto functionality
we need in all versions. Elliptic curve support via EVP seems to
have been added much later than for example symmetric crypto support.
So, we move the USE_OPENSSL_FUNCTIONS out of Implementation.h
into configure.ac and let the build system detect what functionality
is available in the crypto library. In this patch we now also rename
USE_OPENSSL_FUNCTIONS to USE_OPENSSL_FUNCTIONS_SYMMETRIC to indicate
that we can use the symmetric crypto functions of the crypto lib.
Using the OpenSSL crypto support is enabled by default, so one has
to use --disable-use-openssl-functions, which we do for Travis now.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Maintain the build for the case of USE_OPENSSL_FUNCTIONS set to NO
where we build the original TPM 2 code.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Convert functions for symmetric encryption via AES and TDES to
use OpenSSL EVP functions where necessary. Leave the old code around
and use the #if USE_OPENSSL_FUNCTIONS to activate the new parts.
OpenSSL does not provide an implementation for TDES in CTR mode, so
we reuse the original TPM 2 code for this mode.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement helper for getting OpenSSL crypto functions from
crytpo algorithm IDs, encryption modes, and key sizes.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
