Proxmox-Port/libtpms
1
0
Fork 0
mirror of https://github.com/stefanberger/libtpms synced 2025-08-26 13:14:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,249 Commits 27 Branches 45 Tags 10 MiB
stefanberger/drbg_continous_test
Commit Graph

1249 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Berger
23ab02a1c2 tests: oss-fuzz.sh: Append -fno-sanitize=bounds to CFLAGS 
The new TPM 2 code casts bigNum's to Crypt_Int, which has an array 'd' of
type 'crypt_uword_t[2]' which then leads to the following types of errors
that we haven't found another solution for so far.

Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-2675de6341d4e056d04ab49179b8e5b8bd456589
	/src/libtpms/src/tpm2/crypto/openssl/CryptPrime.c:377:20: runtime error: index 23 out of bounds for type 'crypt_uword_t[2]' (aka 'unsigned long[2]')
 #0 0x5b4196 in RsaAdjustPrimeCandidate_New libtpms/src/tpm2/crypto/openssl/CryptPrime.c:377:20
 #1 0x5b4196 in RsaAdjustPrimeCandidate libtpms/src/tpm2/crypto/openssl/CryptPrime.c:405:9
 #2 0x5b4366 in TpmRsa_GeneratePrimeForRSA libtpms/src/tpm2/crypto/openssl/CryptPrime.c:454:6
 #3 0x590953 in CryptRsaGenerateKey libtpms/src/tpm2/crypto/openssl/CryptRsa.c:1433:9

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-15 14:53:19 -05:00
Stefan Berger
a5dfd26d45 tpm2: NVMarshal: To read an OBJECT from NVRAM use NvReadObject not NvRead 
NvReadObject knows how to read an OBJECT from NVRAM, so use it instead
of the low-level NvRead(). This prepares the code for possibly larger
OBJECTs in NVRAM in the future that may have been marshalled before
they were written into NVRAM (such as RSA 4096 keys or possibly keys
from QC if they will be stored in OBJECTs).

The call to NvReadObject() requires that the ref in NvReadObject points
to the handle of an NV_ENTRY_HEADER. An NV_ENTRY_HEADER looks like this:

  typedef struct {
      UINT32      size;
      TPM_HANDLE  handle;
  } NV_ENTRY_HEADER;

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-13 14:22:41 -05:00
Stefan Berger
fd7e5d76a2 tpm2: NVMarshal: Indent some break statements 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-13 14:22:41 -05:00
Stefan Berger
6fb287ce22 tpm2: Rename OLD_OBJECT to RSA2048_OBJECT and rename function 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-11 13:38:29 -05:00
Stefan Berger
9718874672 tpm2: Move OLD_OBJECT to OBJECT conversion into own function 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-11 13:38:29 -05:00
Stefan Berger
abcd127b29 tpm2: Leave a FIXME in OBJECT_Marshal 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-11 13:38:29 -05:00
Stefan Berger
6063c0fbb2 tpm2: Add MUST_BE to ensure unions' largest TPM2Bs are marshalled 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-11 13:38:29 -05:00
Stefan Berger
1375b8a53b tpm2: Use MUST_BE in BackwardsCompatibilityObject.c 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-10 16:28:09 -05:00
Stefan Berger
134b33df38 rev180: Enable COMPILER_CHECKS (static asserts) 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-09 15:23:07 -05:00
Stefan Berger
6af38cf79e tpm2: Re-add include of openssl/ecdsa.h for LibreSSL 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-09 10:43:49 -05:00
Stefan Berger
e955d926df tpm2: Check libcrypto for EC_POINT_get_affine_coordinates availability 
Check -lcrypto for availability of the more recent
EC_POINT_get_affine_coordinates function and use a #define to call it
instead of the older EC_POINT_get_affine_coordinates_GFp. Make the
same change to EC_POINT_set_affine_coordinates_GFp.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-09 08:36:35 -05:00
Stefan Berger
4f2a8de359 rev180: Use CRYPT_CURVE_FREE to free CTX and G 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-04 20:27:25 -05:00
Stefan Berger
31fda0cd51 rev180: Fix a memory leak in CryptEccIsPointOnCurve 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-04 15:04:05 -05:00
Stefan Berger
db997a843b rev180: Fix possible NULL-pointer derefernces (Coverity) 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
86faea6504 rev180: Sync header used by TPMCmdp.c 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
3f106044aa rev180: Append 0-sized padding to state_reset_data 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
db28927d48 rev180: Sync SM4 related compile-time checks with upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
6c96a8e0d1 rev180: Sync SM3-related compile-time checks upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
0ee8b4e34e rev180: Remove unused defines from TpmBuildSwitches.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
f1764ace4c rev180: Sync externaly visible impl. alt. options in TpmBuildSwitches.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
f09c116313 rev180: Sync implementation alternatives options in TpmBuildSwitches.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
4e8fa4dcda rev180: Sync compliance options in TpmBuildSwitches.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
c8ee281eaa rev180: Sync internal checks in TpmBuildSwitches.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
411eaa1ee8 rev180: Sync debug options in TpmBuildSwitches.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
36d2a9d657 rev180: Sync prototypes in Simulator_fp.h (not used by libtpms) 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
16310e1d1f rev180: Initialize platformReserved but do not write out in state 
Set the size of the array to 0 by setting PERSISTENT_DATA_PLATFORM_SPACE
to 0.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
404c39cf0b rev180: Reformat libtpms functions in CryptRsa.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
5b55e9d9a2 rev180: Sync other #defines in GpMacros.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
1e22e15bdd rev180: Sync #defines and #includes in GpMacros.h with upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
23704dcfbe rev180: Sync _TPM_Init with upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
2e74c49c41 rev180: Add _plat__ACT_GetPending/Tick prototypes 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
a750cfe419 rev180: Sync a pAssert in SessionCapGetSaved 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
3fbcdbcd06 rev180: Sync PCR related headers 
Since GLOBAL_C is now set in Platform.h it is necessary to adjust the usage
of this #define in NVMarshal.c.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
bfbd6fd078 rev180: Rename and sync random number generating functions 
Rename the functions and adjust callers everywhere:
- BnGetRandomBits to TpmMath_GetRandomInteger
- BnGenerateRandomInRange to TpmMath_GetRandomInRange

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
a9b810a401 rev180: Move some random number functions to TpmMath_Util.c 
This is a straight move of 2 random number generating functions
into TpmMath_Util.c

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
5728a16848 rev180: Sync TpmFailureMode with upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
d7b2ff804f rev180: Add ALLOW_FORCE_FAILURE_MODE with 'NO' and use it 
Set ALLOW_FORCE_FAILURE_MODE to 'NO' and used it in some places where
SIMULATION was used, which is also set to 'NO'.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
831a9410ad rev180: Sync unused TPM/__plat_TearDown functions 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
c161176bcd rev180: Sync bignum related headers 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
05fe5a20c2 rev180: Sync BnToOsslMath.h with upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
ab548892a7 rev180: Merge unused prototypes into CryptPrimeSieve_fp.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
a2bcafe53b rev180: Add BnOssl.h and use it instread of Tpm.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
3e0cf3eb45 rev180: Sync ECC and dependencies with upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
67820395b9 rev180: Move types of ECC signature functions into type-specific files 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
f89b536fdd rev180: Reformat (renamed) BnToOsslMath.h 
Remove an unnecessary include of openssl/ecdsa.h.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
ccd3fd8f9e rev180: Sync usage of DRBG_Uninstantiate (where missing) 
Add calls to DRBG_Uninstantiate where it was missing.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
b10299da26 rev180: Sync VENDOR_PERMANENT_AUTH_ENABLED and it usage with upstream 
VENDOR_PERMANENT was not defined by libtpms and therefore it was not
used. Now libtpms sets VENDOR_PERMANENT_AUTH_ENABLED to NO to replace
the VENDOR_PERMANENT from before.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
d0501e06d8 rev180: Replace bn_primt_t with ci_prime_t 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
56c73983e3 rev180: Sync CryptKDFe with upstream (bugfix) 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
60ee31d866 rev180: Add BnSupportLibInit() prototype to TpmToOsslSupport_fp.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00