Proxmox-Port/libtpms
1
0
Fork 0
mirror of https://github.com/stefanberger/libtpms synced 2025-08-25 01:41:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,178 Commits 27 Branches 45 Tags 10 MiB
stefanberger/use_openssl_kdfa
Commit Graph

1178 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Berger
1f4ba7dcb1 rev180: Make Msb a static function 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
f66e894b82 rev180: Make TpmSetFailureMode static 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
50b135e2b4 rev180: Move TPM2B_STRING definitions into Global.c 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
2ab5de852e rev180: Replace ERROR_RETURN with ERROR_EXIT 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
a8fe6dd40d rev180: Move SM2KeyExchange prototype into header file 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
1832a89202 rev180: Sync X509ProcessExtensions with upstream (bugfix) 
Set badRestricted if keyEncipherment flag is set rather than keyAgreement
bit.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
4addb2168d rev180: Sync ASN1EndMarshalContext with upstream 
Remove a part that has disappeared in upstream.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
951012e293 rev180: Sync TPM_Manufacture with upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
67578c8df1 rev180: Sync CryptSecretEncrypt/Decrypt with upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
b3c0a85995 rev180: Rename TpmAsn1/Asn1_fp.h to TpmASN1/ASN1_fp.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
6dcb416ddf rev180: Add VendorInfo.c and use its functions 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
26bb7d87d2 rev180: Move some #define's into new VendorInfo.h 
Some of the defines are used in JSON strings and to have them properly
formatted, remove the surrounding '()' from numbers.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
ab8e7065ba rev180: Sync PCRBelongsTCBGroup with upstream 
The custom code can be removed since the PCR table now handles the values
appropriately.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
36e4f0a9c6 rev180: Sync PCRStartup with upstream 
The function has been tested to show that the PCRs are initialized
with the same values as before.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
db5291789d rev180: Sync GetPcrPointer and dependencies with upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
83288a0230 rev180: Sync PCRManufacture and enable all SHA banks (as before) 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
2aecb49691 rev180: Make PCRGetProperty a public function 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
af4fc0e66d rev180: Sync PCRBelongsAuthGroup/PolicyGroup with upstream (bugfix?) 
Since none of the authValuesGroup'd and policyAuthGroup's are != 0,
the two functions will now always return false even though they
returned TRUE before for 20 <= PCR <= 22.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
a12cb47243 rev180: Add PCR related headers and sync up on PCR function changes 
Disable some PCR functions that are not needed in this step, use
other ones and adjust call sites.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
fa037c9741 rev180: Sync GpMacros.h with upstream 
Remove unused TEST_HASH.
Temporarily disable the #define in MinMax.h to enable compilation.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
8f62382f61 rev180: Sync _plat__NvDisable with upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
db4a439a93 rev180: Replace __plat_NvIsDifferent with _plat__NvGetChangedStatus 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
eef8cf3a2f rev180: Add TpmProfile_ErrorCodes.h and use it instead of TpmError.h 
Replace TpmError.h with TpmProfile_ErrorCodes.h.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
d37894d010 rev180: Replace _plat__IsNvAvailable with _plat__GetNvReadyState 
Replace _plat__IsNvAvailable with _plat__GetNvReadyState and use #define's
as return values. Adjust call sites.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
425f7bafce rev180: Sync parameters passed to _plat__NVEnable and adjust callers 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
5fc9f68f33 rev180: Sync NVMem.c with upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
b1da8a11ab rev180: Sync _plat__ClockRateAdjust and adjust caller 
Replace _plat__ClockAdjustRate with _plat__ClockRateAdjust and use its
new #defines at the call sites.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
74ac34c0a2 rev180: Add platform_public_interface.h and remove protos in other files 
Add platform_public_interface.h from upstream and disable some prototypes
and #defines for functions that are not needed or not needed yet. Remove
prototypes in other header files to avoid duplicates.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
5a82f07f73 rev180: Add platform_to_tpm_interface.h and use it 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
b3a00577e8 rev180: Add HierarchyNormalizeHandle and use it 
Add a simplified version of HierarchyNormalizeHandle that simply returns
the passed handle and sync the callers with upstream.
HierarchyNormalizeHandle will be extended at some later point.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
150e7115b7 rev180: Use DecomposeHandle in HierarchyGetPrimarySeedCompatLevel 
Since HierarchyGetPrimarySeedCompatLevel may in the future be called with
some other hierachies than the currently existing ones, return the value
SEED_COMPAT_LEVEL_LAST in this case instead of causing an internal
failure.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
9c17a56946 rev180: Add ValidateHierarchy and use it in HierarchyIsEnabled 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
eb38a9d822 rev180: Return TPM_RC from HierarchyGetProof/PrimarySeed & adjust callchain 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
71ed8325bb rev180: Rename Platform_fp.h to platform_public_interface.h and sync 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
0599339e61 rev180: Move g_rcIndex from Global.h to Global.c 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
29dbcfa10c rev180: Move #defines from TpmProfile.h into other header files 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
25a66c4463 rev180: Move NvGetIndexName to NV_spt.c 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
9dfa4b4e4f rev180: Move TPM_CC_FIRST/LAST to TpmTypes.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
6d38dc72da rev180: Rename swap.h to endian_swap.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
9d71aa4299 rev180: Rename PCRSimStart to PCRManufacture 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
0043f1ba9d rev180: Replace VERIFY with GOTO_ERROR_UNLESS 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
16c9d51a3e rev180: Add Marshal.h and sync its usage with upstream 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
2c63bf6c81 rev180: Define MUST_BE and replace cAssert with it 
Introduce MUST_BE #define and replace cAssert with it.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
fd2e55e3a5 rev180: Add compiler dependencies header for gcc and msvc 
Add compiler dependencies files for gcc and msvc and remove some of
the existing #define from CompilerDependencies.h

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
f01c9776f5 rev180: Sync whitespace, comment and trivial changes 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-03 20:23:19 -05:00
Stefan Berger
920aa5e02b tpm2: Use Carmichael function for RSA priv. exponent D (>= 2048 bits) 
Like OpenSSL use the Carmichael function for the RSA private exponent D
when an RSA key has >= 2048 bits and public exponent e uses more than
2 bytes. Otherwise use the Euler totient function.

The main difference is that by TPM 2 using the Carmichael function OpenSSL
now behaves the same way as when it is used by other programs that for
example load keys from PEM files where the private exponent D was
calculated with this function. The difference is seen when for example
blobs cannot be decrypted where newer versions of OpenSSL (with implicit
rejection enabled) returned results of 48 bytes every time rather than a
deterministic (for same input blob) but varying number of bytes (Euler
totient).

Switching to the Carmichael function does not have any negative impact
on interoperatibility with OpenSSL nor does it affect interoperability
between versions of TPM 2 code that did not use it. This means that
data encrypted or signed by OpenSSL or TPM 2 can be decrypted or verified
by TPM 2 or OpenSSL and that data encrypted or signed with either new
or old code in TPM 2 can be decrypted or verified with either old or
new code in TPM 2.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-02 18:16:51 -05:00
Stefan Berger
6566330177 tpm2: Compute RSA private key before saving 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-02 18:09:13 -05:00
Stefan Berger
27a3e7e2d2 tpm2: Get rid of written variable and replace with objectSize 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2024-01-02 18:09:13 -05:00
Stefan Berger
87fbcfd73d tpm2: Replace a few BOOLs with ints 
Since BOOL's are effectively int's the replacement does not change anything.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2023-12-28 13:42:28 -05:00
Stefan Berger
e11413f2e0 tpm2: NVMarshal: Add #error when a #define's are not supported 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2023-12-28 13:42:28 -05:00