When decryption fails then return TPM_RC_VALUE rather than TPM_RC_FAILURE.
The old error code could indicate to an application or driver that
something is wrong with the TPM (has possibly gone into failure mode) even
though only the decryption failed, possibly due to a wrong key.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some time around rev169 a new function to generate RSA prime numbers was
introduced. Add this function but keep it disabled.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To simplify the code and get rid of the libtpms-specific implementation
of RsaAdjustPrimeCandidate move its code into the case statements in
TpmRsa_GeneratePrimeForRSA.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Revision 1.69 received new code for RsaAdjustPrimeCandidate. Before
adding the new function (while keeping it unused since it does not
add much value) move the existing function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add TPmMath_GetRandomBits but disable it since it will remain unused
for now.
Modify the code to properly mask the bits in the first byte of the byte
stream produced as big endian number.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When ecc-min-size is given use it to disable all curves whose keysize is
too small and that can be disabled.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
If elliptic curve algorithms were enabled with a shortcut the output
may have shown the individual curves as disabled, even though this is
not the case. Remove the enabledEccCurvesPrint bitfield since it
leads to misleading output.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The list of disabled algorithms may have started with a comma if the first
disabled algorithm was an ec curve. Fix this by passing the 'first'
variable and using it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Bump up the StateFormatLevel to 6 and use it to introduce a new OBJECT
marshalling format version '4' that slighly changes how an OBJECT is
marshalled:
- only marshal the private exponent for an RSA key
- always marshal the new hierarchy field
The marshalling code can still write previous version '3' when an older
StateFormatLevel is used to support backwards compatibility.
Adjust the test cases marshalling an RSA key OBJECT to check against
expected sizes across a series of StateFormatLevels.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add new field hierarchy to OBJECT and assign values to it and access it.
Beyond the sync with upstream we need to also set the hierachy when
- an older OBJECT is converted to the current OBJECT
- an OBJECT is unmarshalled
Remove ObjectGetHierarchy since it is not needed anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Move code that determines an OBJECT's hierarchy by its attribute flags
into BackwardsCompatibilityObject.c since it will soon only serve the
purpose of backwards compatibility.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add handling of the case of wanting to skip a block of code when no data
are in the byte stream. This case has not occurred so far where a block
of unmarshalling code needed to be skipped but also no data were there in
the byte stream - it would have otherwise lead to errors while trying to
unmarshal data that were not there. So far there was simply no code there
that should have been skipped.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Allow completely arbitrary TPM_ECC_CURVE's to be passed to
RuntimeAlgorithmKeySizeCheckEnabled by checking that its value lies within
the bitfield and if it doesn't return a FALSE. Out-of-bounds values passed
to TEST_BIT would have caused a pAssert failure.
Call this function now early from CryptCapGetOneECCCurve that now can pass
any value as a TPM_ECC_CRUVE without causing a failure when filtering
out disabled or runtime unusable curves.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Allow completely arbitrary TPM_ALG_ID's to be passed to
RuntimeAlgorithmCheckEnabled by checking that its value lies withing the
bitfield and if it doesn't return a FALSE. Out-of-bounds values passed
to TEST_BIT would have caused a pAssert failure.
Call this function now early on from AlgorithmCapGetOneImplemented that
now can pass any value as a TPM_ALG_ID without causing a failure.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Test that a user is able to choose a specific StateFormatLevel that is not
required by any of the chosen commands but enables a bugfix in the TPM 2
code for example.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Replace failure code TPM_RC_FAILURE when an invalid interger is encounterd
while parsing the StateFormatLevel from the json and have it return
TPM_RC_VALUE. Also improve the handling of the different error codes
returned from this function by a caller.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Intercept newly added unsupported external and permanent NV indices when
trying to unmarshal and NV index. Add a test case that was using an
unsupported external NV index.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
TPM2_DefineSpace2 defines NV areas in the same format as the old
TPM2_DefineSpace function did, so there should not be any compatibility
issues with the NV areas' format. However, it may not currently make
much sense to enable this command since its improvement over the existing
TPM2_DefineSpace is only support for exernal memory, which we don't have.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add TPM2_PolicyParameters command but do not enable it.
This patch also introduces the Session attribute isParameterHashDefined
which is only written to in the new function TPM2_PolicyParameters. When
it is read in CheckPolicyAuthSession then it will always be 0 for as long
as TPM2_PolicyParameters is not activated, so it should not influence
older versions of the TPM 2 state (null profile).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The new isNameHashDefined session attribute allows to better
differentiate between cpHash and nameHash being set. Both of these are part
of a union. However, using this new flag would potentially introduce
compatibility issues for older versions that did not have this flag and
if an older session was to be used with this newer version of TPM 2. To
avoid this use the current stateFormatLevel (4) to decide whether to set
and get the isNameHashDefined session attribute that did not exists before
stateFormatLevel 4. Instrument the code accordingly so that expected
behavior of old TPM 2 state (null profile) does not change while new TPM 2
state with the new default-v1 profile may use the new behavor.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older versions of gcc don't accept variable declations after a case
statement without starting a code block with '{'.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Even though UINT16 when printed as hex number will only use up to 4 bytes
and 3 more bytes for the prefix '0x' and terminating NUL (0xffff), extend
the buffer to 16 bytes to address the following gcc issue:
tpm2/RuntimeCommands.c:450:44: error: ‘__builtin___snprintf_chk’ output
may be truncated before the last format character
[-Werror=format-truncation=]
snprintf(bufferhi, sizeof(bufferhi), "0x%x", commandCodeHi);
/usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note:
‘__builtin___snprintf_chk’ output between 4 and 11 bytes into a
destination of size 10
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Check for an out-of-range command code before using it to access
an index in an array in a debug statement.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
In case a hash algorithm id has a value >= 64 print out and error. This
should never occur since any hash algorithm id should have been set through
unmarshalling or by TPM 2-internal code.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Enable Camellia-192 and AES-192 and bump up the stateFormatLevel to '4'.
This now prevents using this state with previous stateFormatLevels (< 4)
because there Camellia-192 or AES-192 was not enabled and the user would
otherwise not be able to decrypt data with either one if it was usable.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Enable new commands ECC_Decrypt and ECC_Encrypt in the TPmProfile.h
and also in the 'default' profile. Since the additional commands extend
the ppList and auditCommands array, bump up the version of the stateLevel
to '2' and use the new marshalling functions by using the PERSISTENT_DATA
blob_version '5'.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Switch the implementation to uncompressed lists (from now on it must
remain uncompressed lists forever) and adapt functions who marshal
and unmarshal arrays that are affected by this switch:
- PERSISTENT_DATA.ppList
- PERSISTENT_DATA.auditCommands
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The maximum SEED_COMPAT_LEVEL that libtpms may use depends on the earliest
version of libtpms that a profile can run on. Therefore, implement
RuntimeProfileGetSeedCompatLevel() to determine the SEED_COMPAT_LEVEL that
a profile can use, which depends on the profile's stateCompatLevel (which
in turn depends on the version of libtpms)
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a new API call TPMLIB_SetProfile that enables a user to set a profile.
The user gets control over the name of the profile to apply and may supply
the algoritms to enable. The user does not get control over the individual
commands to enable.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
For profiles that work for libtpms v0.10 or later, so for
StatFormatLevel >=2, use ANY_MARSHAL_Object to write OBJECTS into
the NVRAM. This way OBJECTS are written in a more compact format.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
