Merge 80ef24a8c8 into b4d81572c1

tpm2: Define TPMI_RH_NV_DEFINED_INDEX_H_UNMARSHAL and use it
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2025-08-25 01:41:06 +00:00 · 2025-08-07 15:46:26 -04:00 · 2025-08-07 11:05:51 -04:00 · 2025-08-07 11:05:51 -04:00 · 2025-08-06 13:55:46 -04:00 · 2025-08-05 10:50:50 +04:00
15 changed files with 639 additions and 41 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -72,3 +72,21 @@ jobs:
          exit 0
        env:
          COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
+
+  meson-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y meson ninja-build pkg-config openssl libssl-dev
+
+      - name: meson build
+        run: |
+          meson setup build --prefix=/usr
+          meson compile -C build
+          meson test -C build
+          meson dist -C build
+          tar -tf build/meson-dist/*.tar.xz
--- a/25
+++ b/25
@ -74,6 +74,31 @@ For patch submissions, please use a Signed-off-by: <your email> to indicate
 agreement to the DCO1.1.txt.


+Building
+--------
+
+There are two build systems available for libtpms: autotools and meson.
+The GitHub CI runs builds using both build systems.
+
+### Autotools
+
+To build with autotools, run the following commands:
+
+    $ ./autogen.sh --with-openssl --prefix=/usr --with-tpm2
+    $ make
+    $ make check
+    $ sudo make install
+
+### Meson
+
+To build with meson, run the following commands:
+
+    $ meson setup build --prefix=/usr
+    $ meson compile -C build
+    $ meson test -C build
+    $ sudo meson install -C build
+
+
 Fuzzing
 -------
 Initial fuzzing is possible with clang & libfuzzer.
--- a/include/libtpms/meson.build
+++ b/include/libtpms/meson.build
@ -0,0 +1,15 @@
+tpm_library_h = configure_file(
+  input: 'tpm_library.h.in',
+  output: 'tpm_library.h',
+  configuration: conf_data,
+)
+
+install_headers(
+  'tpm_error.h',
+  'tpm_memory.h',
+  'tpm_nvfilename.h',
+  'tpm_tis.h',
+  'tpm_types.h',
+  tpm_library_h,
+  subdir: 'libtpms'
+)
--- a/include/meson.build
+++ b/include/meson.build
@ -0,0 +1 @@
+subdir('libtpms')
--- a/man/man3/meson.build
+++ b/man/man3/meson.build
@ -0,0 +1,37 @@
+pod_files = [
+  'TPM_IO_Hash_Start.pod',
+  'TPM_IO_TpmEstablished_Get.pod',
+  'TPM_Malloc.pod',
+  'TPMLIB_CancelCommand.pod',
+  'TPMLIB_ChooseTPMVersion.pod',
+  'TPMLIB_DecodeBlob.pod',
+  'TPMLIB_GetInfo.pod',
+  'TPMLIB_GetTPMProperty.pod',
+  'TPMLIB_GetVersion.pod',
+  'TPMLIB_MainInit.pod',
+  'TPMLIB_Process.pod',
+  'TPMLIB_RegisterCallbacks.pod',
+  'TPMLIB_SetBufferSize.pod',
+  'TPMLIB_SetDebugFD.pod',
+  'TPMLIB_SetProfile.pod',
+  'TPMLIB_SetState.pod',
+  'TPMLIB_ValidateState.pod',
+  'TPMLIB_VolatileAll_Store.pod',
+  'TPMLIB_WasManufactured.pod',
+]
+
+pod2man = find_program('pod2man', required: true)
+
+foreach pod : pod_files
+  base_name = pod.split('.')[0]
+  target_name = base_name + '.3'
+  
+  custom_target(target_name,
+    input: pod,
+    output: target_name,
+    command: [pod2man, '-r', 'libtpms', '-c', '""', '-n', base_name, '--section=3', '@INPUT@', '@OUTPUT@'],
+    capture: false,
+    install: true,
+    install_dir: get_option('mandir') / 'man3'
+  )
+endforeach
--- a/man/meson.build
+++ b/man/meson.build
@ -0,0 +1 @@
+subdir('man3')
--- a/meson.build
+++ b/meson.build
@ -0,0 +1,97 @@
+project(
+  'libtpms', ['c', 'cpp'],
+  version: '0.11.0',
+  license: 'BSD-3-Clause AND LicenseRef-TCGL',
+  default_options: ['c_std=c99', 'warning_level=1', 'werror=true'],
+  meson_version: '>=1.1',
+)
+
+c_compiler = meson.get_compiler('c')
+
+# Add an include directory that points to the build directory.
+add_project_arguments('-I' + meson.current_build_dir(), language: 'c')
+
+# Add common warning flags
+warning_flags = [
+  '-Wshadow',
+  '-Wreturn-type',
+  '-Wsign-compare',
+  '-Wno-self-assign',
+  '-Wmissing-prototypes'
+]
+supported_warning_flags = c_compiler.get_supported_arguments(warning_flags)
+add_project_arguments(supported_warning_flags, language: 'c')
+
+# Get build options
+with_tpm1 = get_option('tpm1')
+with_tpm2 = get_option('tpm2')
+crypto_backend = get_option('crypto_backend')
+
+if crypto_backend == 'openssl'
+  add_project_arguments(['-DUSE_OPENSSL_CRYPTO_LIBRARY=1'], language: 'c')
+else
+  add_project_arguments(['-DUSE_FREEBL_CRYPTO_LIBRARY=1'], language: 'c')
+endif
+
+# Add hardening flags for non-plain build types
+if get_option('buildtype') != 'plain'
+  hardening_c_flags = []
+  # Stack protector
+  if c_compiler.has_argument('-fstack-protector-strong')
+    hardening_c_flags += '-fstack-protector-strong'
+  elif c_compiler.has_argument('-fstack-protector')
+    hardening_c_flags += '-fstack-protector'
+  endif
+  # Fortify source only works with optimization
+  if get_option('optimization') != '0'
+    if c_compiler.has_argument('-D_FORTIFY_SOURCE=2')
+      hardening_c_flags += '-D_FORTIFY_SOURCE=2'
+    endif
+  endif
+  add_project_arguments(hardening_c_flags, language: 'c')
+
+  hardening_ld_flags = []
+  # Linker hardening
+  if c_compiler.has_link_argument('-Wl,-z,relro')
+    hardening_ld_flags += '-Wl,-z,relro'
+  endif
+  if c_compiler.has_link_argument('-Wl,-z,now')
+    hardening_ld_flags += '-Wl,-z,now'
+  endif
+  add_project_link_arguments(hardening_ld_flags, language: 'c')
+endif
+
+# Versioning
+libtpms_version = meson.project_version()
+libtpms_version_arr = libtpms_version.split('.')
+libtpms_ver_major = libtpms_version_arr[0].to_int()
+libtpms_ver_minor = libtpms_version_arr[1].to_int()
+libtpms_ver_micro = libtpms_version_arr[2].to_int()
+
+# Create a configuration header file
+conf_data = configuration_data()
+conf_data.set('PACKAGE_VERSION', '"' + meson.project_version() + '"')
+conf_data.set('LIBTPMS_VER_MAJOR', libtpms_ver_major)
+conf_data.set('LIBTPMS_VER_MINOR', libtpms_ver_minor)
+conf_data.set('LIBTPMS_VER_MICRO', libtpms_ver_micro)
+
+# config.h could be dropped if when autotools is removed
+configure_file(
+  output: 'config.h',
+  configuration: conf_data
+)
+
+# Add subdirectories to the build
+subdir('include')
+subdir('src')
+subdir('man')
+subdir('tests')
+
+summary_info = {}
+summary_info += {'Build directory':   meson.current_build_dir()}
+summary_info += {'Source path':       meson.current_source_dir()}
+summary_info += {'TPM1':              with_tpm1}
+summary_info += {'TPM2':              with_tpm2}
+summary_info += {'Crypto backend':    crypto_backend}
+
+summary(summary_info, bool_yn: true, section: 'Build configuration')
--- a/meson.options
+++ b/meson.options
@ -0,0 +1,6 @@
+
+option('tpm1', type: 'boolean', value: true, description: 'Build with TPM 1.2 support.')
+option('tpm2', type: 'boolean', value: true, description: 'Build with TPM 2.0 support.')
+option('crypto_backend', type: 'combo', choices: ['openssl', 'freebl'], value: 'openssl', description: 'Choose the cryptographic backend.')
+option('use_openssl_functions', type: 'boolean', value: true, description: 'Use OpenSSL functions for crypto instead of internal code.')
+option('fuzzing_engine', type: 'boolean', value: false, description: 'Build with fuzzing engine')
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -247,7 +247,7 @@ libtpms_tpm2_la_SOURCES = \
 	tpm2/PCR.c \
 	tpm2/PlatformACT.c \
 	tpm2/PlatformData.c \
-	tpm2/PlatformPCR.c \
+	tpm2/PlatformPcr.c \
 	tpm2/Policy_spt.c \
 	tpm2/Power.c \
 	tpm2/PowerPlat.c \
--- a/src/meson.build
+++ b/src/meson.build
@ -0,0 +1,327 @@
+current = libtpms_ver_major + libtpms_ver_minor
+age = libtpms_ver_minor
+soversion = '@0@'.format(current - age)
+
+# TPM2 requires OpenSSL in this build configuration
+if with_tpm2 and crypto_backend != 'openssl'
+  error('TPM2 support currently requires the openssl crypto backend.')
+endif
+
+# --- Crypto Dependencies and Flags ---
+crypto_deps = []
+tpm1_crypto_sources = []
+freebl_inc = []
+crypto_flags = []
+if crypto_backend == 'openssl'
+  crypto_deps += dependency('openssl', version: '>=1.1.0', required: true)
+  if with_tpm1
+    tpm1_crypto_sources += 'tpm12/tpm_crypto.c'
+  endif
+  if get_option('use_openssl_functions')
+    crypto_flags += [
+      '-DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=1',
+      '-DUSE_OPENSSL_FUNCTIONS_EC=1',
+      '-DUSE_OPENSSL_FUNCTIONS_ECDSA=1',
+      '-DUSE_OPENSSL_FUNCTIONS_RSA=1',
+      '-DUSE_OPENSSL_FUNCTIONS_SSKDF=1'
+    ]
+  else
+    crypto_flags += [
+      '-DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=0',
+      '-DUSE_OPENSSL_FUNCTIONS_EC=0',
+      '-DUSE_OPENSSL_FUNCTIONS_ECDSA=0',
+      '-DUSE_OPENSSL_FUNCTIONS_RSA=0',
+      '-DUSE_OPENSSL_FUNCTIONS_SSKDF=0'
+    ]
+  endif
+else # freebl
+  nss_dep = dependency('nss')
+  nspr_dep = dependency('nspr')
+  gmp_dep = dependency('gmp')
+  crypto_deps += [nss_dep, nspr_dep, gmp_dep]
+  crypto_deps += meson.get_compiler('c').find_library('freebl', required: true)
+  freebl_inc += include_directories(nss_dep.get_variable(pkgconfig: 'includedir'))
+  freebl_inc += include_directories(nspr_dep.get_variable(pkgconfig: 'includedir'))
+  if with_tpm1
+    tpm1_crypto_sources += 'tpm12/tpm_crypto_freebl.c'
+  endif
+endif
+
+# --- Library Definitions ---
+
+# Include directory for the library's own public headers
+lib_inc = include_directories('../include/libtpms')
+
+# Common source files
+common_sources = files(
+  'tpm_debug.c',
+  'tpm_library.c',
+  'tpm_memory.c',
+  'tpm_nvfile.c',
+  'disabled_interface.c'
+)
+
+link_with_libs = []
+extra_deps = []
+
+# Common c_args for all libraries
+common_c_args = [
+  '-DTPM_NV_DISK',
+  '-DTPM_LIBTPMS_CALLBACKS',
+  '-DOPENSSL_SUPPRESS_DEPRECATED',
+  '-include', 'tpm_library_conf.h'
+]
+
+if with_tpm1
+  common_c_args += ['-DWITH_TPM1']
+  tpm1_sources = files(
+    'tpm12/tpm_admin.c',
+    'tpm12/tpm_audit.c',
+    'tpm12/tpm_auth.c',
+    'tpm12/tpm_counter.c',
+    'tpm12/tpm_cryptoh.c',
+    'tpm12/tpm_daa.c',
+    'tpm12/tpm_delegate.c',
+    'tpm12/tpm_digest.c',
+    'tpm12/tpm_error.c',
+    'tpm12/tpm_global.c',
+    'tpm12/tpm_identity.c',
+    'tpm12/tpm_init.c',
+    'tpm12/tpm_key.c',
+    'tpm12/tpm_libtpms_io.c',
+    'tpm12/tpm_load.c',
+    'tpm12/tpm_maint.c',
+    'tpm12/tpm_migration.c',
+    'tpm12/tpm_nonce.c',
+    'tpm12/tpm_nvram.c',
+    'tpm12/tpm_openssl_helpers.c',
+    'tpm12/tpm_owner.c',
+    'tpm12/tpm_pcr.c',
+    'tpm12/tpm_permanent.c',
+    'tpm12/tpm_platform.c',
+    'tpm12/tpm_process.c',
+    'tpm12/tpm_secret.c',
+    'tpm12/tpm_session.c',
+    'tpm12/tpm_sizedbuffer.c',
+    'tpm12/tpm_startup.c',
+    'tpm12/tpm_storage.c',
+    'tpm12/tpm_store.c',
+    'tpm12/tpm_svnrevision.c',
+    'tpm12/tpm_ticks.c',
+    'tpm12/tpm_time.c',
+    'tpm12/tpm_transport.c',
+    'tpm12/tpm_ver.c',
+    'tpm_tpm12_interface.c',
+    'tpm_tpm12_tis.c',
+    tpm1_crypto_sources
+  )
+
+  tpm1_lib = static_library('tpms_tpm12', tpm1_sources,
+    c_args: common_c_args + crypto_flags + [
+      '-DTPM_V12',
+      '-DTPM_PCCLIENT',
+      '-DTPM_POSIX',
+      '-DTPM_AES',
+      '-DTPM_NOMAINTENANCE_COMMANDS',
+      '-DTPM_ENABLE_ACTIVATE',
+      '-DTPM_VOLATILE_LOAD',
+    ],
+    include_directories: [lib_inc] + freebl_inc,
+  )
+  link_with_libs += tpm1_lib
+endif
+
+if with_tpm2
+  common_c_args += ['-DWITH_TPM2']
+  rt_dep = meson.get_compiler('c').find_library('rt', required: false)
+  extra_deps += rt_dep
+
+  tpm2_sources = files(
+    'tpm2/ACTCommands.c',
+    'tpm2/ACT_spt.c',
+    'tpm2/AlgorithmCap.c',
+    'tpm2/AlgorithmTests.c',
+    'tpm2/AsymmetricCommands.c',
+    'tpm2/Attest_spt.c',
+    'tpm2/AttestationCommands.c',
+    'tpm2/AuditCommands.c',
+    'tpm2/Bits.c',
+    'tpm2/BnConvert.c',
+    'tpm2/BnEccConstants.c',
+    'tpm2/BnMath.c',
+    'tpm2/BnMemory.c',
+    'tpm2/Cancel.c',
+    'tpm2/CapabilityCommands.c',
+    'tpm2/Clock.c',
+    'tpm2/ClockCommands.c',
+    'tpm2/CommandAudit.c',
+    'tpm2/CommandCodeAttributes.c',
+    'tpm2/CommandDispatcher.c',
+    'tpm2/ContextCommands.c',
+    'tpm2/Context_spt.c',
+    'tpm2/CryptEccData.c',
+    'tpm2/CryptSelfTest.c',
+    'tpm2/CryptUtil.c',
+    'tpm2/DA.c',
+    'tpm2/DebugHelpers.c',
+    'tpm2/DictionaryCommands.c',
+    'tpm2/DuplicationCommands.c',
+    'tpm2/EACommands.c',
+    'tpm2/EncryptDecrypt_spt.c',
+    'tpm2/Entity.c',
+    'tpm2/Entropy.c',
+    'tpm2/EphemeralCommands.c',
+    'tpm2/ExecCommand.c',
+    'tpm2/ExtraData.c',
+    'tpm2/Global.c',
+    'tpm2/Handle.c',
+    'tpm2/HashCommands.c',
+    'tpm2/Hierarchy.c',
+    'tpm2/HierarchyCommands.c',
+    'tpm2/IntegrityCommands.c',
+    'tpm2/IoBuffers.c',
+    'tpm2/Locality.c',
+    'tpm2/LocalityPlat.c',
+    'tpm2/ManagementCommands.c',
+    'tpm2/Manufacture.c',
+    'tpm2/Marshal.c',
+    'tpm2/MathOnByteBuffers.c',
+    'tpm2/Memory.c',
+    'tpm2/NVCommands.c',
+    'tpm2/NVMem.c',
+    'tpm2/NV_spt.c',
+    'tpm2/NvDynamic.c',
+    'tpm2/NvReserved.c',
+    'tpm2/Object.c',
+    'tpm2/ObjectCommands.c',
+    'tpm2/Object_spt.c',
+    'tpm2/PCR.c',
+    'tpm2/PP.c',
+    'tpm2/PPPlat.c',
+    'tpm2/PlatformACT.c',
+    'tpm2/PlatformData.c',
+    'tpm2/PlatformPCR.c',
+    'tpm2/Policy_spt.c',
+    'tpm2/Power.c',
+    'tpm2/PowerPlat.c',
+    'tpm2/PrimeData.c',
+    'tpm2/PropertyCap.c',
+    'tpm2/RandomCommands.c',
+    'tpm2/Response.c',
+    'tpm2/ResponseCodeProcessing.c',
+    'tpm2/RunCommand.c',
+    'tpm2/Session.c',
+    'tpm2/SessionCommands.c',
+    'tpm2/SessionProcess.c',
+    'tpm2/SigningCommands.c',
+    'tpm2/StartupCommands.c',
+    'tpm2/SymmetricCommands.c',
+    'tpm2/TPMCmdp.c',
+    'tpm2/TestingCommands.c',
+    'tpm2/Ticket.c',
+    'tpm2/Time.c',
+    'tpm2/TpmASN1.c',
+    'tpm2/TpmBigNumThunks.c',
+    'tpm2/TpmEcc_Signature_ECDAA.c',
+    'tpm2/TpmEcc_Signature_ECDSA.c',
+    'tpm2/TpmEcc_Signature_SM2.c',
+    'tpm2/TpmEcc_Signature_Schnorr.c',
+    'tpm2/TpmEcc_Signature_Util.c',
+    'tpm2/TpmEcc_Util.c',
+    'tpm2/TpmFail.c',
+    'tpm2/TpmMath_Debug.c',
+    'tpm2/TpmMath_Util.c',
+    'tpm2/TpmSizeChecks.c',
+    'tpm2/Unique.c',
+    'tpm2/Unmarshal.c',
+    'tpm2/VendorInfo.c',
+    'tpm2/Vendor_TCG_Test.c',
+    'tpm2/X509_ECC.c',
+    'tpm2/X509_RSA.c',
+    'tpm2/X509_spt.c',
+    'tpm2/crypto/openssl/BnToOsslMath.c',
+    'tpm2/crypto/openssl/CryptCmac.c',
+    'tpm2/crypto/openssl/CryptDes.c',
+    'tpm2/crypto/openssl/CryptEccCrypt.c',
+    'tpm2/crypto/openssl/CryptEccKeyExchange.c',
+    'tpm2/crypto/openssl/CryptEccMain.c',
+    'tpm2/crypto/openssl/CryptEccSignature.c',
+    'tpm2/crypto/openssl/CryptHash.c',
+    'tpm2/crypto/openssl/CryptPrime.c',
+    'tpm2/crypto/openssl/CryptPrimeSieve.c',
+    'tpm2/crypto/openssl/CryptRand.c',
+    'tpm2/crypto/openssl/CryptRsa.c',
+    'tpm2/crypto/openssl/CryptSmac.c',
+    'tpm2/crypto/openssl/CryptSym.c',
+    'tpm2/crypto/openssl/ExpDCache.c',
+    'tpm2/crypto/openssl/Helpers.c',
+    'tpm2/crypto/openssl/TpmToOsslDesSupport.c',
+    'tpm2/crypto/openssl/TpmToOsslSupport.c',
+    'tpm_tpm2_interface.c',
+    'tpm_tpm2_tis.c',
+  )
+
+  # files specific to libtpms
+  tpm2_sources += files(
+    'tpm2/BackwardsCompatibilityBitArray.c',
+    'tpm2/BackwardsCompatibilityObject.c',
+    'tpm2/LibtpmsCallbacks.c',
+    'tpm2/NVMarshal.c',
+    'tpm2/RuntimeAlgorithm.c',
+    'tpm2/RuntimeAttributes.c',
+    'tpm2/RuntimeCommands.c',
+    'tpm2/RuntimeProfile.c',
+    'tpm2/StateMarshal.c',
+    'tpm2/Volatile.c',
+  )
+
+  tpm2_lib = static_library('tpms_tpm2', tpm2_sources,
+    c_args: common_c_args + crypto_flags + [
+      '-D_POSIX_C_SOURCE=200809L',
+      '-DTPM_POSIX',
+    ],
+    include_directories: [
+      lib_inc,
+      '.',
+      'tpm2',
+      'tpm2/crypto',
+      'tpm2/crypto/openssl'
+    ],
+  )
+  link_with_libs += tpm2_lib
+endif
+
+# Define the final shared library
+libtpms = both_libraries('tpms',
+  common_sources,
+  c_args: common_c_args,
+  link_with: link_with_libs,
+  dependencies: crypto_deps + extra_deps,
+  include_directories: [lib_inc],
+  install: true,
+  version: libtpms_version,
+  soversion: soversion,
+  darwin_versions: [soversion, libtpms_version],
+  vs_module_defs: 'libtpms.syms',
+  link_args: ['-Wl,--version-script,@0@'.format(meson.current_source_dir() / 'libtpms.syms')],
+)
+
+libtpms_dep = declare_dependency(
+  link_with: libtpms,
+  include_directories: [lib_inc],
+  dependencies: crypto_deps + extra_deps,
+)
+
+# Pkg-config generation
+pkg = import('pkgconfig')
+pkg.generate(
+  name: 'libtpms',
+  description: 'A library for TPM emulation.',
+  version: meson.project_version(),
+  variables: [
+    'with_tpm1=@0@'.format(with_tpm1 ? '1' : '0'),
+    'with_tpm2=@0@'.format(with_tpm2 ? '1' : '0'),
+    'cryptolib=@0@'.format(crypto_backend),
+  ],
+  libraries: libtpms
+)
--- a/src/tpm2/CommandDispatchData.h
+++ b/src/tpm2/CommandDispatchData.h
@ -111,7 +111,9 @@ const _UNMARSHAL_T_ unmarshalArray[] = {
            UNMARSHAL_DISPATCH(TPMI_RH_LOCKOUT),
 #define TPMI_RH_NV_AUTH_H_UNMARSHAL             (TPMI_RH_LOCKOUT_H_UNMARSHAL + 1)
            UNMARSHAL_DISPATCH(TPMI_RH_NV_AUTH),
-#define TPMI_RH_NV_INDEX_H_UNMARSHAL            (TPMI_RH_NV_AUTH_H_UNMARSHAL + 1)
+#define TPMI_RH_NV_DEFINED_INDEX_H_UNMARSHAL    (TPMI_RH_NV_AUTH_H_UNMARSHAL + 1)
+            UNMARSHAL_DISPATCH(TPMI_RH_NV_DEFINED_INDEX),
+#define TPMI_RH_NV_INDEX_H_UNMARSHAL      (TPMI_RH_NV_DEFINED_INDEX_H_UNMARSHAL + 1)
            UNMARSHAL_DISPATCH(TPMI_RH_NV_INDEX),
 #define TPMI_RH_PLATFORM_H_UNMARSHAL            (TPMI_RH_NV_INDEX_H_UNMARSHAL + 1)
            UNMARSHAL_DISPATCH(TPMI_RH_PLATFORM),
@ -2251,7 +2253,7 @@ CertifyX509_COMMAND_DESCRIPTOR_t _CertifyX509Data = {
                                 (UINT16)(offsetof(CertifyX509_Out, tbsDigest)),
                                 (UINT16)(offsetof(CertifyX509_Out, signature))},
    /* types         */         {TPMI_DH_OBJECT_H_UNMARSHAL,
-                                 TPMI_DH_OBJECT_H_UNMARSHAL,
+                                 TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG,
                                 TPM2B_DATA_P_UNMARSHAL,
                                 TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG,
                                 TPM2B_MAX_BUFFER_P_UNMARSHAL,
@ -4493,7 +4495,7 @@ NV_UndefineSpace_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceData = {
    /* offsetOfTypes */         offsetof(NV_UndefineSpace_COMMAND_DESCRIPTOR_t, types),
    /* offsets       */         {(UINT16)(offsetof(NV_UndefineSpace_In, nvIndex))},
    /* types         */         {TPMI_RH_PROVISION_H_UNMARSHAL,
-                                 TPMI_RH_NV_INDEX_H_UNMARSHAL,
+                                 TPMI_RH_NV_DEFINED_INDEX_H_UNMARSHAL,
                                 END_OF_LIST,
                                 END_OF_LIST}
 };
@ -4527,7 +4529,7 @@ NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceSpecialData = {
    /* outSize       */         0,
    /* offsetOfTypes */         offsetof(NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t, types),
    /* offsets       */         {(UINT16)(offsetof(NV_UndefineSpaceSpecial_In, platform))},
-    /* types         */         {TPMI_RH_NV_INDEX_H_UNMARSHAL,
+    /* types         */         {TPMI_RH_NV_DEFINED_INDEX_H_UNMARSHAL,
                                 TPMI_RH_PLATFORM_H_UNMARSHAL,
                                 END_OF_LIST,
                                 END_OF_LIST}
--- a/src/tpm2/PlatformPcr.c
+++ b/src/tpm2/PlatformPcr.c
@ -58,13 +58,14 @@
 /*										*/
 /********************************************************************************/

+
 // PCR platform interface functions
 #include "Platform.h"
 #include "TpmAlgorithmDefines.h"

 // use this as a convenient lookup for hash size for PCRs.
 UINT16 CryptHashGetDigestSize(TPM_ALG_ID hashAlg  // IN: hash algorithm to look up
-			      );
+);
 void   MemorySet(void* dest, int value, size_t size);

 // The initial value of PCR attributes.  The value of these fields should be
@ -76,12 +77,12 @@ static const PCR_Attributes s_initAttributes[] = {
    // PCR 0 - 15, static RTM
    // PCR[0]
    {
-	1,  // save state
-	0,  // in the "do not increment the PcrCounter" group? (0 = increment the PcrCounter)
-	0,  // supportsPolicyAuth group number? 0 = policyAuth not supported for this PCR.
-	0,  // supportsAuthValue group number? 0 = AuthValue not supported for this PCR.
-	0,    // 0 = reset localities (cannot reset)
-	0x1F  // 0x1F = extendlocalities [0,4]
+        1,  // save state
+        0,  // in the "do not increment the PcrCounter" group? (0 = increment the PcrCounter)
+        0,  // supportsPolicyAuth group number? 0 = policyAuth not supported for this PCR.
+        0,  // supportsAuthValue group number? 0 = AuthValue not supported for this PCR.
+        0,    // 0 = reset localities (cannot reset)
+        0x1F  // 0x1F = extendlocalities [0,4]
    },
    {1, 0, 0, 0, 0, 0x1F},  // PCR 1-3
    {1, 0, 0, 0, 0, 0x1F},
@ -100,17 +101,17 @@ static const PCR_Attributes s_initAttributes[] = {
    {1, 0, 0, 0, 0, 0x1F},

    // these PCRs are never saved
-    {0, 1, 0, 0, 0x0F, 0x1F},  // PCR 16, Debug, reset allowed, extend all
+    {0, 1, 0, 0, 0x0F, 0x1F},  // PCR 16, Debug, reset allowed, extend all		// libtpms changed
    {0, 0, 0, 0, 0x10, 0x1C},  // PCR 17, Locality 4, extend loc 2+
    {0, 0, 0, 0, 0x10, 0x1C},  // PCR 18, Locality 3, extend loc 2+
    {0, 0, 0, 0, 0x10, 0x0C},  // PCR 19, Locality 2, extend loc 2, 3
    // these three support doNotIncrement, PolicyAuth, and AuthValue.
    // this is consistent with the existing behavior of the TPM Reference code
    // but differs from the behavior of the PC client spec.
-    {0, 0, 0, 0, 0x1C, 0x0E},  // PCR 20, Locality 1, extend loc 1, 2, 3
+    {0, 0, 0, 0, 0x1C, 0x0E},  // PCR 20, Locality 1, extend loc 1, 2, 3		// libtpms changed begin
    {0, 1, 0, 0, 0x1C, 0x04},  // PCR 21, Dynamic OS, extend loc 2
    {0, 1, 0, 0, 0x1C, 0x04},  // PCR 22, Dynamic OS, extend loc 2
-    {0, 1, 0, 0, 0x0F, 0x1F},  // PCR 23, reset allowed, App specific, extend all
+    {0, 1, 0, 0, 0x0F, 0x1F},  // PCR 23, reset allowed, App specific, extend all	// libtpms changed end
 };

 #ifndef ARRAYSIZE
@ -158,9 +159,9 @@ UINT32 _platPcr__NumberOfPcrs()
 PCR_Attributes _platPcr__GetPcrInitializationAttributes(UINT32 pcrNumber)
 {
    if(pcrNumber >= _platPcr__NumberOfPcrs())
-	{
-	    pcrNumber = 0;
-	}
+    {
+        pcrNumber = 0;
+    }
    return s_initAttributes[pcrNumber];
 }

@ -168,13 +169,13 @@ PCR_Attributes _platPcr__GetPcrInitializationAttributes(UINT32 pcrNumber)
 BOOL _platPcr_IsPcrBankDefaultActive(TPM_ALG_ID pcrAlg)
 {
    // brute force search is fast enough for a small array.
-    for(size_t i = 0; i < ARRAYSIZE(DefaultActivePcrBanks); i++)
-	{
-	    if(DefaultActivePcrBanks[i] == pcrAlg)
-		{
-		    return TRUE;
-		}
-	}
+    for(size_t i = 0; i < ARRAYSIZE(DefaultActivePcrBanks); i++)	// libtpms changed
+    {
+        if(DefaultActivePcrBanks[i] == pcrAlg)
+        {
+            return TRUE;
+        }
+    }
    return FALSE;
 }

@ -186,13 +187,13 @@ BOOL _platPcr_IsPcrBankDefaultActive(TPM_ALG_ID pcrAlg)
 // If the buffer is not large enough for a pcr consistent with pcrAlg, then the
 // platform will return TPM_RC_FAILURE.
 TPM_RC _platPcr__GetInitialValueForPcr(
-				       UINT32     pcrNumber,        // IN: PCR to be initialized
-				       TPM_ALG_ID pcrAlg,           // IN: Algorithm of the PCR Bank being initialized
-				       BYTE       startupLocality,  // IN: locality where startup is being called from
-				       BYTE*      pcrData,          // OUT: buffer to put PCR initialization value into
-				       uint16_t   bufferSize,       // IN: maximum size of value buffer can hold
-				       uint16_t*  pcrLength  // OUT: size of initialization value returned in pcrBuffer
-				       )
+    UINT32     pcrNumber,        // IN: PCR to be initialized
+    TPM_ALG_ID pcrAlg,           // IN: Algorithm of the PCR Bank being initialized
+    BYTE       startupLocality,  // IN: locality where startup is being called from
+    BYTE*      pcrData,          // OUT: buffer to put PCR initialization value into
+    uint16_t   bufferSize,       // IN: maximum size of value buffer can hold
+    uint16_t*  pcrLength  // OUT: size of initialization value returned in pcrBuffer
+)
 {
    // If the reset locality contains locality 4, then this
    // indicates a DRTM PCR where the reset value is all ones,
@ -204,18 +205,18 @@ TPM_RC _platPcr__GetInitialValueForPcr(
    pAssert_RC(bufferSize >= pcrSize) pAssert_RC(pcrLength != NULL);

    PCR_Attributes pcrAttributes =
-	_platPcr__GetPcrInitializationAttributes(pcrNumber);
+        _platPcr__GetPcrInitializationAttributes(pcrNumber);
    BYTE defaultValue = 0;
    // PCRs that can be cleared from locality 4 are DRTM and initialize to all 0xFF
    if((pcrAttributes.resetLocality & 0x10) != 0)
-	{
-	    defaultValue = 0xFF;
-	}
+    {
+        defaultValue = 0xFF;
+    }
    MemorySet(pcrData, defaultValue, pcrSize);
    if(pcrNumber == HCRTM_PCR)
-	{
-	    pcrData[pcrSize - 1] = startupLocality;
-	}
+    {
+        pcrData[pcrSize - 1] = startupLocality;
+    }

    // platform could provide a value here if the platform has initialization rules
    // different from the original PC Client spec (the default used by the Core library).
--- a/src/tpm2/Unmarshal.c
+++ b/src/tpm2/Unmarshal.c
@ -1188,7 +1188,6 @@ TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size)
 }

 /* Table 67 - Definition of (TPM_HANDLE) TPMI_RH_NV_DEFINED_INDEX Type <IN> */
-#if 0							// libtpms added
 TPM_RC
 TPMI_RH_NV_DEFINED_INDEX_Unmarshal(TPMI_RH_NV_DEFINED_INDEX *target, BYTE **buffer, INT32 *size)
 {
@ -1215,6 +1214,7 @@ TPMI_RH_NV_DEFINED_INDEX_Unmarshal(TPMI_RH_NV_DEFINED_INDEX *target, BYTE **buff
    return rc;
 }

+#if 0
 /* Table 68 - Definition of (TPM_HANDLE) TPMI_RH_NV_LEGACY_INDEX Type <IN/OUT> */
 TPM_RC
 TPMI_RH_NV_LEGACY_INDEX_Unmarshal(TPMI_RH_NV_LEGACY_INDEX *target, BYTE **buffer, INT32 *size)
--- a/tests/meson.build
+++ b/tests/meson.build
@ -0,0 +1,68 @@
+test_env = {
+  'abs_top_srcdir': meson.project_source_root(),
+  'abs_top_builddir': meson.project_build_root(),
+  'abs_top_testdir': meson.project_source_root() / 'tests',
+}
+
+sh = find_program('sh')
+
+exe = executable('base64decode', files('base64decode.c'), dependencies: [libtpms_dep])
+test('base64decode.sh', sh, args: files('base64decode.sh'), depends: exe, workdir: meson.current_build_dir())
+
+src_inc = [
+      '../include/libtpms',
+      '../src',
+      '../src/tpm2',
+      '../src/tpm2/crypto',
+      '../src/tpm2/crypto/openssl',
+]
+
+if get_option('tpm2')
+  exe = executable('nvram_offsets', 'nvram_offsets.c',
+    dependencies: [libtpms_dep],
+    include_directories: src_inc,
+    c_args: ['-DTPM_POSIX', '-D_POSIX_C_SOURCE=200809L'],
+  )
+  test('nvram_offsets', exe, env: test_env)
+
+  exe = executable('tpm2_createprimary', files('tpm2_createprimary.c'), dependencies: [libtpms_dep])
+  test('tpm2_createprimary.sh', sh, args: files('tpm2_createprimary.sh'), depends: exe, workdir: meson.current_build_dir())
+
+  exe = executable('tpm2_cve-2023-1017', files('tpm2_cve-2023-1017.c'), dependencies: [libtpms_dep])
+  test('tpm2_cve-2023-1017.sh', sh, args: files('tpm2_cve-2023-1017.sh'), depends: exe, workdir: meson.current_build_dir())
+
+  exe = executable('tpm2_cve-2023-1018', files('tpm2_cve-2023-1018.c'), dependencies: [libtpms_dep])
+  test('tpm2_cve-2023-1018.sh', sh, args: files('tpm2_cve-2023-1018.sh'), depends: exe, workdir: meson.current_build_dir())
+
+  exe = executable('tpm2_selftest', files('tpm2_selftest.c'), dependencies: [libtpms_dep])
+  test('tpm2_selftest.sh', sh, args: files('tpm2_selftest.sh'), depends: exe, workdir: meson.current_build_dir())
+
+  exe = executable('tpm2_pcr_read', files('tpm2_pcr_read.c'), dependencies: [libtpms_dep])
+  test('tpm2_pcr_read.sh', sh, args: files('tpm2_pcr_read.sh'), depends: exe, workdir: meson.current_build_dir())
+
+  exe = executable('tpm2_setprofile', files('tpm2_setprofile.c'), dependencies: [libtpms_dep])
+  test('tpm2_setprofile.sh', sh, args: files('tpm2_setprofile.sh'), depends: exe, workdir: meson.current_build_dir())
+
+  fuzz_sources = ['fuzz.cc']
+  if not get_option('fuzzing_engine')
+    fuzz_sources += 'fuzz-main.c'
+  endif
+  exe = executable('fuzz', fuzz_sources, dependencies: [libtpms_dep], c_args: ['-DTPM_POSIX', '-D_POSIX_C_SOURCE=200809L'])
+  test('fuzz.sh', sh, args: files('fuzz.sh'), depends: exe, workdir: meson.current_build_dir())
+
+  exe = executable('object_size', files('object_size.c'),
+    link_with: libtpms.get_static_lib(),
+    include_directories: src_inc,
+    c_args: ['-static', '-DTPM_POSIX', '-D_POSIX_C_SOURCE=200809L'],
+  )
+  test('object_size', exe, env: test_env)
+endif
+
+if crypto_backend == 'freebl'
+  exe = executable('freebl_sha1flattensize', 'freebl_sha1flattensize.c',
+    dependencies: [libtpms_dep, nss_dep, nspr_dep],
+    link_args: ['-lfreebl']
+  )
+  # FIXME: test fails
+  # test('freebl_sha1flattensize', exe, env: test_env)
+endif
--- a/tests/object_size.c
+++ b/tests/object_size.c
@ -70,7 +70,7 @@ int main(void)
        },
        .seedCompatLevel = 1,
    };
-#pragma GCC diagnostics pop
+#pragma GCC diagnostic pop
    static const size_t exp_sizes[7] = {
        0, 3284, 3284, 3284, 3284, 3284, 3288,
    };
Author	SHA1	Message	Date
Marc-Andre Lureau	a25612c32e	Merge `80ef24a8c8` into `b4d81572c1`	2025-08-07 15:46:26 -04:00
Stefan Berger	b4d81572c1	tpm2: Define TPMI_RH_NV_DEFINED_INDEX_H_UNMARSHAL and use it Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2025-08-07 11:05:51 -04:00
Stefan Berger	c9ed596fe4	tpm2: Add missing ADD_FLAG to X509Certificate definition Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2025-08-07 11:05:51 -04:00
Stefan Berger	e7e8c38281	tpm2: Rename PlatformPCR.c to PlatformPcr.c and sync Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2025-08-06 13:55:46 -04:00
Marc-André Lureau	80ef24a8c8	meson: change format of source files For some reason, gemini choose a compact form instead. Also split the libtpms-sepecific files out as did the original Makefile.am. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:50 +04:00
Marc-André Lureau	b479163801	feat: Add meson build to GitHub CI This commit adds a meson build to the GitHub CI workflow. It also updates the README with build instructions for both autotools and meson. Signed-off-by: Gemini <gemini@google.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:50 +04:00
Marc-André Lureau	18d4037251	meson: cleanups & misc improvements Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:50 +04:00
Marc-André Lureau	814c817181	meson: fix linking object_size Build both libraries, drop need for "static_tests" option. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:50 +04:00
Marc-André Lureau	86b5684cfd	meson: add versioning and symbol exports Implement step 10 of the meson migration plan. This adds the library versioning information to the shared library target, including soversion, and handles symbol exports using a version script, mirroring the behavior of the Autotools build system. Signed-off-by: Gemini <gemini@google.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:49 +04:00
Marc-André Lureau	9ab7ac1b19	feat: implement tests with meson For various reasons Gemini wasn't capable of adding the tests. It kept following rabbit-holes in a loop. Do it by hand instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:13 +04:00
Marc-André Lureau	1aa9449838	meson: fix build with missing crypto flag Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:13 +04:00
Marc-André Lureau	869b7c981c	meson: fix build with tpm1/tpm2 flag Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:13 +04:00
Marc-André Lureau	6162498a0e	feat: Add man page generation to Meson build This commit implements the man page portion of step 8 of the Meson migration plan. It adds the necessary 'meson.build' files to the 'man' and 'man/man3' directories to find 'pod2man' and generate the man pages from the '.pod' source files. The generated man pages are also installed. Signed-off-by: Gemini <gemini@google.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:10 +04:00
Marc-André Lureau	4bfb164c8a	feat: Add option to enable/disable use of OpenSSL functions This commit implements step 7 of the Meson migration plan. It introduces a new boolean option, 'use_openssl_functions', to control whether to use OpenSSL's own crypto functions or the library's internal ones. This mirrors the behavior of the '--disable-use-openssl-functions' flag in the Autotools build system. The option is added to 'meson_options.txt' and the corresponding C defines are conditionally applied in 'src/meson.build' for both TPM 1.2 and TPM 2.0 builds when using the OpenSSL backend. Signed-off-by: Gemini <gemini@google.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:07 +04:00
Marc-André Lureau	74b91bec7e	feat: Add support for FreeBL crypto backend This commit implements Step 6 of the Meson migration plan. - Adds a 'crypto_backend' option to 'meson_options.txt' to allow selecting between 'openssl' and 'freebl'. - The build logic in 'src/meson.build' now conditionally selects the appropriate crypto source files and dependencies. - Adds a forward declaration to 'tpm_crypto_freebl.c' to fix a compilation error when building with '-Werror'. Signed-off-by: Gemini <gemini@google.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:06 +04:00
Marc-André Lureau	60bd0377d0	feat: Add compiler warning and hardening flags This commit implements Step 5 of the Meson migration plan. - Adds a comprehensive set of compiler warning flags, such as -Wall and -Werror, checking for compiler support first. - Adds security hardening flags (-fstack-protector-strong, -D_FORTIFY_SOURCE=2, -Wl,-z,relro, -Wl,-z,now), also checking for compiler and linker support. - Conditionally applies _FORTIFY_SOURCE only when optimizations are enabled to prevent build failures in debug mode. - Adds -DOPENSSL_SUPPRESS_DEPRECATED to handle deprecation warnings in OpenSSL and allow the build to succeed with -Werror. Signed-off-by: Gemini <gemini@google.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:04 +04:00
Marc-André Lureau	d851618afe	feat: Add full source lists for TPM1 and TPM2 This commit implements Step 4 of the Meson migration plan. - Populates the build with the full list of source files for both TPM 1.2 and TPM 2.0 implementations. - Refactors the build to use intermediate static libraries for TPM1 and TPM2, allowing for implementation-specific compiler flags. - Adds necessary preprocessor definitions to successfully compile the full library. - Adds header checks for arpa/inet.h and time.h. Signed-off-by: Gemini <gemini@google.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:02 +04:00
Marc-André Lureau	de29c4b8d2	feat: Add build options for TPM1 and TPM2 support This commit implements Step 3 of the Meson migration plan. - Added meson_options.txt to define build options. - Introduced 'tpm1' and 'tpm2' boolean options to control which parts of the library are built. - The build logic in src/meson.build now checks these options. Signed-off-by: Gemini <gemini@google.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:50:00 +04:00
Marc-André Lureau	9ef45de8b0	feat: Add OpenSSL dependency and header installation This commit implements Step 2 of the Meson migration plan. - The build system now finds and links against the OpenSSL library. - Public header files are now installed to the correct location. - The 'include' directory has been added to the Meson build process. Signed-off-by: Gemini <gemini@google.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:49:57 +04:00
Marc-André Lureau	37b412fd43	meson: fix license Gemini didn't get the license correctly. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:49:57 +04:00
Marc-André Lureau	da26c94015	feat: Add initial Meson build system This commit introduces the initial Meson build system for libtpms. This first step allows compiling a minimal shared library and serves as the foundation for the full migration from Autotools. The following files are added: - meson.build: The main build file. - src/meson.build: The build file for the src directory. - config.h.in: The template for the configuration header. - meson_migration_plan.md: The plan for the migration. This corresponds to Step 1 of the migration plan. Signed-off-by: Gemini <gemini@google.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-05 10:49:53 +04:00
Marc-André Lureau	8889e37639	tests: fix gcc pragma dignostic name Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>	2025-08-04 20:28:05 +04:00