Proxmox-Port/libtpms
1
0
Fork 0
mirror of https://github.com/stefanberger/libtpms synced 2025-08-27 06:50:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: Proxmox-Port:master
Branches Tags
Proxmox-Port:master
Proxmox-Port:master.next
Proxmox-Port:stable-0.9
Proxmox-Port:stable-0.9.next
Proxmox-Port:coverity_scan
Proxmox-Port:stefanberger/rev180.part3
Proxmox-Port:stable-0.7.0
Proxmox-Port:stable-0.10
Proxmox-Port:stable-0.8
Proxmox-Port:stable-0.8.next
Proxmox-Port:stable-0.10.next
Proxmox-Port:stable-0.7.0.next
Proxmox-Port:stefanberger/force_m68k_alignment
Proxmox-Port:stefanberger/svn-hierarchy-enablement
Proxmox-Port:stefanberger/fips-140-3
Proxmox-Port:stefanberger/drbg_continous_test
Proxmox-Port:stefanberger/policycapability_filter
Proxmox-Port:stefanberger/fips-140-2+.backup
Proxmox-Port:stefanberger/use_openssl_kdfa
Proxmox-Port:stefanberger/use_openssl_kdf
Proxmox-Port:stefanberger/ossl3_symmetric_functions
Proxmox-Port:stefanberger/ossl3_ec
Proxmox-Port:stefanberger/no_lockout_counter_increase
Proxmox-Port:stable-0.6.0.next
Proxmox-Port:stable-0.6.0
Proxmox-Port:pure_openssl_seeds
Proxmox-Port:fuzzer-data
Proxmox-Port:v0.7.12
Proxmox-Port:v0.8.10
Proxmox-Port:v0.9.7
Proxmox-Port:v0.10.1
Proxmox-Port:v0.10.0
Proxmox-Port:v0.10.0-rc1
Proxmox-Port:v0.9.6
Proxmox-Port:v0.8.9
Proxmox-Port:v0.7.11
Proxmox-Port:v0.8.8
Proxmox-Port:v0.9.5
Proxmox-Port:v0.9.4
Proxmox-Port:v0.9.3
Proxmox-Port:v0.9.2
Proxmox-Port:v0.9.1
Proxmox-Port:v0.9.0
Proxmox-Port:v0.8.7
Proxmox-Port:v0.7.10
Proxmox-Port:v0.8.6
Proxmox-Port:v0.6.6
Proxmox-Port:v0.7.9
Proxmox-Port:v0.8.5
Proxmox-Port:v0.6.5
Proxmox-Port:v0.7.8
Proxmox-Port:v0.8.4
Proxmox-Port:v0.8.3
Proxmox-Port:v0.7.7
Proxmox-Port:v0.8.2
Proxmox-Port:v0.7.6
Proxmox-Port:v0.6.4
Proxmox-Port:v0.8.1
Proxmox-Port:v0.8.0
Proxmox-Port:v0.7.5
Proxmox-Port:v0.7.4
Proxmox-Port:v0.6.3
Proxmox-Port:v0.7.3
Proxmox-Port:v0.7.2
Proxmox-Port:v0.6.2
Proxmox-Port:v0.7.1
Proxmox-Port:v0.6.1
Proxmox-Port:v0.7.0
Proxmox-Port:v0.6.0
Proxmox-Port:v0.6.0-dev1
Proxmox-Port:v0.5.2.1
Proxmox-Port:v0.5.2
..
compare: Proxmox-Port:v0.10.0
Branches Tags
Proxmox-Port:master
Proxmox-Port:master.next
Proxmox-Port:stable-0.9
Proxmox-Port:stable-0.9.next
Proxmox-Port:coverity_scan
Proxmox-Port:stefanberger/rev180.part3
Proxmox-Port:stable-0.7.0
Proxmox-Port:stable-0.10
Proxmox-Port:stable-0.8
Proxmox-Port:stable-0.8.next
Proxmox-Port:stable-0.10.next
Proxmox-Port:stable-0.7.0.next
Proxmox-Port:stefanberger/force_m68k_alignment
Proxmox-Port:stefanberger/svn-hierarchy-enablement
Proxmox-Port:stefanberger/fips-140-3
Proxmox-Port:stefanberger/drbg_continous_test
Proxmox-Port:stefanberger/policycapability_filter
Proxmox-Port:stefanberger/fips-140-2+.backup
Proxmox-Port:stefanberger/use_openssl_kdfa
Proxmox-Port:stefanberger/use_openssl_kdf
Proxmox-Port:stefanberger/ossl3_symmetric_functions
Proxmox-Port:stefanberger/ossl3_ec
Proxmox-Port:stefanberger/no_lockout_counter_increase
Proxmox-Port:stable-0.6.0.next
Proxmox-Port:stable-0.6.0
Proxmox-Port:pure_openssl_seeds
Proxmox-Port:fuzzer-data
Proxmox-Port:v0.7.12
Proxmox-Port:v0.8.10
Proxmox-Port:v0.9.7
Proxmox-Port:v0.10.1
Proxmox-Port:v0.10.0
Proxmox-Port:v0.10.0-rc1
Proxmox-Port:v0.9.6
Proxmox-Port:v0.8.9
Proxmox-Port:v0.7.11
Proxmox-Port:v0.8.8
Proxmox-Port:v0.9.5
Proxmox-Port:v0.9.4
Proxmox-Port:v0.9.3
Proxmox-Port:v0.9.2
Proxmox-Port:v0.9.1
Proxmox-Port:v0.9.0
Proxmox-Port:v0.8.7
Proxmox-Port:v0.7.10
Proxmox-Port:v0.8.6
Proxmox-Port:v0.6.6
Proxmox-Port:v0.7.9
Proxmox-Port:v0.8.5
Proxmox-Port:v0.6.5
Proxmox-Port:v0.7.8
Proxmox-Port:v0.8.4
Proxmox-Port:v0.8.3
Proxmox-Port:v0.7.7
Proxmox-Port:v0.8.2
Proxmox-Port:v0.7.6
Proxmox-Port:v0.6.4
Proxmox-Port:v0.8.1
Proxmox-Port:v0.8.0
Proxmox-Port:v0.7.5
Proxmox-Port:v0.7.4
Proxmox-Port:v0.6.3
Proxmox-Port:v0.7.3
Proxmox-Port:v0.7.2
Proxmox-Port:v0.6.2
Proxmox-Port:v0.7.1
Proxmox-Port:v0.6.1
Proxmox-Port:v0.7.0
Proxmox-Port:v0.6.0
Proxmox-Port:v0.6.0-dev1
Proxmox-Port:v0.5.2.1
Proxmox-Port:v0.5.2

No commits in common. "master" and "v0.10.0" have entirely different histories.
master ... v0.10.0

374 changed files with 27912 additions and 32310 deletions
Show Stats Expand all files Collapse all files

74
.github/workflows/ci.yml vendored
View File

@ -1,74 +0,0 @@
name: Check
on:
pull_request:
branches: [ "master", "stable-*" ]
jobs:
build-ubuntu-jammy:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Build
run: |
CFLAGS="-O3" ./autogen.sh --with-openssl --prefix=/usr --with-tpm2 --disable-use-openssl-functions
set +e
make -j$((2 * $(nproc))) distcheck
if [ $? -ne 0 ]; then
for f in tests/*.log; do echo ">>>>>>> $f <<<<<<<"; tail -n 50 $f; done
exit 1
fi
exit 0
build-ubuntu-noble:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Build
run: |
./autogen.sh --with-openssl --prefix=/usr --with-tpm2
set +e
make -j$((2 * $(nproc))) distcheck
if [ $? -ne 0 ]; then
for f in tests/*.log; do echo ">>>>>>> $f <<<<<<<"; tail -n 50 $f; done
exit 1
fi
exit 0
build-coveralls:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Build for coveralls.io
run: |
./autogen.sh --with-openssl --prefix=/usr --with-tpm2 --enable-test-coverage
make -j$((2 * $(nproc)))
make -j$((2 * $(nproc))) check
sudo make install
git clone https://github.com/stefanberger/swtpm.git
pushd swtpm
sudo apt -y update
sudo apt -y install devscripts equivs python3-twisted expect \
libtasn1-dev socat findutils gnutls-dev gnutls-bin tss2 \
libjson-glib-dev libseccomp-dev
./autogen.sh --with-gnutls --prefix=/usr
set +e
SWTPM_TEST_EXPENSIVE=1 SWTPM_TEST_IBMTSS2=1 make -j$((2 * $(nproc))) check
rc=$?
popd
if [ $rc -eq 0 ]; then
uidgid="$(id -nu):$(id -ng)"
sudo chown -R ${uidgid} ./
pip install setuptools==59.6.0 # Default Jammy version
pip install cpp-coveralls
cpp-coveralls -b src -e tests -e swtpm --gcov-options '\-lp'
else
for f in swtpm/tests/*.log; do echo ">>>>>>> $f <<<<<<<"; tail -n 50 $f; done
exit 1
fi
exit 0
env:
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}

22
.github/workflows/coverity.yml vendored
View File

@ -1,22 +0,0 @@
name: Coverity Scan
on:
push:
branches: ["coverity_scan"]
jobs:
coverity:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure libtpms
run: ./autogen.sh --with-openssl --prefix=/usr --with-tpm2
- uses: vapier/coverity-scan-action@v1
with:
command: make -j$(nproc)
project: libtpms
email: ${{ secrets.COVERITY_SCAN_EMAIL }}
token: ${{ secrets.COVERITY_SCAN_TOKEN }}

3
.travis.yml
View File

@ -41,7 +41,6 @@ matrix:
TARGET="install" NPROC="nproc" TARGET="install" NPROC="nproc"
dist: jammy dist: jammy
before_script: before_script:
- sudo pip install setuptools==59.6.0 # Default Jammy version
- sudo pip install cpp-coveralls - sudo pip install cpp-coveralls
script: script:
./autogen.sh ${CONFIG} && ./autogen.sh ${CONFIG} &&
@ -52,7 +51,7 @@ matrix:
sudo rm -rf /dev/tpm* && sudo rm -rf /dev/tpm* &&
sudo apt -y install devscripts equivs python3-twisted expect sudo apt -y install devscripts equivs python3-twisted expect
libtasn1-dev socat findutils gnutls-dev gnutls-bin tss2 libtasn1-dev socat findutils gnutls-dev gnutls-bin tss2
libjson-glib-dev && python3-setuptools libjson-glib-dev &&
./autogen.sh --with-gnutls --prefix=/usr && ./autogen.sh --with-gnutls --prefix=/usr &&
export SWTPM_TEST_EXPENSIVE=1 SWTPM_TEST_IBMTSS2=1 && export SWTPM_TEST_EXPENSIVE=1 SWTPM_TEST_IBMTSS2=1 &&
sudo make -j$(nproc) check && sudo make -j$(nproc) check &&

445
configure.ac
View File

@ -3,7 +3,7 @@
# #
# See the LICENSE file for the license associated with this file. # See the LICENSE file for the license associated with this file.
AC_INIT([libtpms],[0.11.0]) AC_INIT([libtpms],[0.10.0])
AC_PREREQ([2.69]) AC_PREREQ([2.69])
AC_CONFIG_SRCDIR(Makefile.am) AC_CONFIG_SRCDIR(Makefile.am)
AC_CONFIG_AUX_DIR([.]) AC_CONFIG_AUX_DIR([.])
@ -26,17 +26,43 @@ AC_SUBST([LIBTPMS_VER_MICRO])
AC_SUBST([LIBTPMS_VERSION]) AC_SUBST([LIBTPMS_VERSION])
AC_SUBST([LIBTPMS_VERSION_INFO]) AC_SUBST([LIBTPMS_VERSION_INFO])
DEBUG=""
AC_MSG_CHECKING([for debug-enabled build])
AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug],[create a debug build]),
[if test "$enableval" = "yes"; then
DEBUG="yes"
AC_MSG_RESULT([yes])
else
DEBUG="no"
AC_MSG_RESULT([no])
fi],
[DEBUG="no",
AC_MSG_RESULT([no])])
if test "$DEBUG" = "yes"; then
CFLAGS="$CFLAGS -O0 -g -DDEBUG"
fi
debug_defines=
if test "$DEBUG" = "yes"; then
debug_defines="-DTPM_DEBUG"
# Enable the following only if ABSOLUTELY necessary
# volatile state will be written and behavior changes
#"-DTPM_VOLATILE_STORE"
fi
AC_SUBST(DEBUG_DEFINES, $debug_defines)
# AX_CHECK_LINK_FLAG needs autoconf 2.64 or later # AX_CHECK_LINK_FLAG needs autoconf 2.64 or later
have_version_script="no" have_version_script="no"
m4_if( m4_if(
m4_version_compare( m4_version_compare(
m4_defn([AC_AUTOCONF_VERSION]), m4_defn([AC_AUTOCONF_VERSION]),
[2.64]), [2.64]),
-1, -1,
[], [],
[AX_CHECK_LINK_FLAG([-Wl,--version-script=$srcdir/src/test.syms], [AX_CHECK_LINK_FLAG([-Wl,--version-script=$srcdir/src/test.syms],
[have_version_script="yes"], [have_version_script="yes"],
[])] [])]
) )
AM_CONDITIONAL([HAVE_VERSION_SCRIPT], [test "x$have_version_script" = "xyes"]) AM_CONDITIONAL([HAVE_VERSION_SCRIPT], [test "x$have_version_script" = "xyes"])
@ -50,82 +76,88 @@ AS_IF([test "x$with_tpm1" != "xno"], [
]) ])
AC_ARG_WITH([tpm2], AC_ARG_WITH([tpm2],
AS_HELP_STRING([--with-tpm2],[build libtpms with TPM2 support]), AS_HELP_STRING([--with-tpm2],[build libtpms with TPM2 support]),
[], [],
[with_tpm2=yes] [with_tpm2=yes]
)
AS_IF([test "x$with_tpm2" = xyes],
[AC_MSG_RESULT([Building with TPM2 support])
AC_DEFINE_UNQUOTED([WITH_TPM2], 1, [whether to support TPM2])
AC_SUBST([WITH_TPM2], [1])
AM_CONDITIONAL(WITH_TPM2, true)
cryptolib=openssl],
[AM_CONDITIONAL(WITH_TPM2, false)
cryptolib=freebl]
) )
AS_IF([test "x$with_tpm2" = xyes], [
AC_MSG_RESULT([Building with TPM2 support])
AC_DEFINE_UNQUOTED([WITH_TPM2], 1, [whether to support TPM2])
AC_SUBST([WITH_TPM2], [1])
AM_CONDITIONAL(WITH_TPM2, true)
cryptolib=openssl
], [
AM_CONDITIONAL(WITH_TPM2, false)
cryptolib=freebl
])
AC_SUBST(cryptolib, $cryptolib) AC_SUBST(cryptolib, $cryptolib)
AC_ARG_WITH([openssl], AC_ARG_WITH([openssl],
AS_HELP_STRING([--with-openssl],[build libtpms with openssl library]), AS_HELP_STRING([--with-openssl],[build libtpms with openssl library]),
[AC_CHECK_LIB(crypto, [AC_CHECK_LIB(crypto,
[AES_set_encrypt_key], [AES_set_encrypt_key],
[], [],
AC_MSG_ERROR(Faulty openssl crypto library)) AC_MSG_ERROR(Faulty openssl crypto library))
AC_CHECK_HEADERS([openssl/aes.h],[], AC_CHECK_HEADERS([openssl/aes.h],[],
AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?)) AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?))
AC_MSG_RESULT([Building with openssl crypto library]) AC_MSG_RESULT([Building with openssl crypto library])
cryptolib=openssl cryptolib=openssl
] ]
) )
AS_CASE([$cryptolib],[freebl], case "$cryptolib" in
[AM_CONDITIONAL(LIBTPMS_USE_FREEBL, true) freebl)
AM_CONDITIONAL(LIBTPMS_USE_OPENSSL, false) AM_CONDITIONAL(LIBTPMS_USE_FREEBL, true)
AC_DEFINE([USE_FREEBL_CRYPTO_LIBRARY], AM_CONDITIONAL(LIBTPMS_USE_OPENSSL, false)
[1], AC_DEFINE([USE_FREEBL_CRYPTO_LIBRARY],
[use freebl crypto library]) [1],
[use freebl crypto library])
CFLAGS_save=$CFLAGS CFLAGS_save=$CFLAGS
AC_CHECK_HEADERS([gmp.h],[], AC_CHECK_HEADERS([gmp.h],[],
AC_MSG_ERROR(gmp-devel/libgmp-dev is bad)) AC_MSG_ERROR(gmp-devel/libgmp-dev is bad))
CFLAGS="$(nspr-config --cflags)" CFLAGS="$(nspr-config --cflags)"
AS_IF([test $? -ne 0], if test $? -ne 0; then
[AC_MSG_ERROR(Could not find nspr-config. Is nspr-devel/libnspr4-dev installed?)]) AC_MSG_ERROR(Could not find nspr-config. Is nspr-devel/libnspr4-dev installed?)
CPPFLAGS=$CFLAGS fi
AC_CHECK_HEADERS([plbase64.h],[], CPPFLAGS=$CFLAGS
AC_MSG_ERROR(You must install nspr-devel/libnspr4-dev)) AC_CHECK_HEADERS([plbase64.h],[],
AC_MSG_ERROR(You must install nspr-devel/libnspr4-dev))
CFLAGS="$(nss-config --cflags) $CFLAGS" CFLAGS="$(nss-config --cflags) $CFLAGS"
AS_IF([test $? -ne 0], if test $? -ne 0; then
[AC_MSG_ERROR(Could not find nss-config. Is nss-devel/libnss3-dev installed?)]) AC_MSG_ERROR(Could not find nss-config. Is nss-devel/libnss3-dev installed?)
CPPFLAGS="$CPPFLAGS $CFLAGS" fi
AC_CHECK_HEADERS([sslerr.h],[], CPPFLAGS="$CPPFLAGS $CFLAGS"
AC_MSG_ERROR(nss-devel/libnss3-dev is bad)) AC_CHECK_HEADERS([sslerr.h],[],
AC_MSG_ERROR(nss-devel/libnss3-dev is bad))
# Check for missing headers # Check for missing headers
AC_CHECK_HEADERS([blapi.h],[], AC_CHECK_HEADERS([blapi.h],[],
AC_MSG_ERROR(nss-softokn-freebl-devel/libnss3-dev is missing blapi.h)) AC_MSG_ERROR(nss-softokn-freebl-devel/libnss3-dev is missing blapi.h))
# Check for missing freebl library or missing library functions # Check for missing freebl library or missing library functions
LIBS_save="$LIBS" LIBS_save="$LIBS"
LIBS="$(nss-config --libs) $(nspr-config --libs)" LIBS="$(nss-config --libs) $(nspr-config --libs)"
AC_SEARCH_LIBS([AES_CreateContext], [freebl],[], AC_SEARCH_LIBS([AES_CreateContext], [freebl],[],
AC_MSG_ERROR("Could not find AES_CreateContext(). Is nss-softokn-freebl-devel/libnss3-dev installed?"), AC_MSG_ERROR("Could not find AES_CreateContext(). Is nss-softokn-freebl-devel/libnss3-dev installed?"),
[]) [])
LIBS="$LIBS_save" LIBS="$LIBS_save"
CFLAGS="$CFLAGS_save $CFLAGS" CFLAGS="$CFLAGS_save $CFLAGS"
enable_use_openssl_functions=no enable_use_openssl_functions=no
],[openssl], ;;
[AM_CONDITIONAL(LIBTPMS_USE_FREEBL, false) openssl)
AM_CONDITIONAL(LIBTPMS_USE_OPENSSL, true) AM_CONDITIONAL(LIBTPMS_USE_FREEBL, false)
AC_DEFINE([USE_OPENSSL_CRYPTO_LIBRARY], AM_CONDITIONAL(LIBTPMS_USE_OPENSSL, true)
[1], AC_DEFINE([USE_OPENSSL_CRYPTO_LIBRARY],
[use openssl crypto library]) [1],
LIBCRYPTO_EXTRA_CFLAGS="-DOPENSSL_SUPPRESS_DEPRECATED" [use openssl crypto library])
AC_SUBST([LIBCRYPTO_EXTRA_CFLAGS])] LIBCRYPTO_EXTRA_CFLAGS="-DOPENSSL_SUPPRESS_DEPRECATED"
) AC_SUBST([LIBCRYPTO_EXTRA_CFLAGS])
;;
esac
use_openssl_functions_for="" use_openssl_functions_for=""
use_openssl_functions_symmetric=0 use_openssl_functions_symmetric=0
@ -134,85 +166,89 @@ use_openssl_functions_ecdsa=0
use_openssl_functions_rsa=0 use_openssl_functions_rsa=0
use_openssl_functions_sskdf=0 use_openssl_functions_sskdf=0
AC_ARG_ENABLE(use-openssl-functions, AC_ARG_ENABLE(use-openssl-functions,
AS_HELP_STRING([--disable-use-openssl-functions], AS_HELP_STRING([--disable-use-openssl-functions],
[Use TPM 2 crypot code rather than OpenSSL crypto functions]), [Use TPM 2 crypot code rather than OpenSSL crypto functions]),
) )
AS_IF([test "x$enable_use_openssl_functions" != "xno"],[ AS_IF([test "x$enable_use_openssl_functions" != "xno"], [
AS_IF([test "x$cryptolib" != "xopenssl"], if test "x$cryptolib" != "xopenssl"; then
[AC_MSG_ERROR([OpenSSL crypto function usage requires openssl as crypto library])] AC_MSG_ERROR([OpenSSL crypto function usage requires openssl as crypto library])
) fi
LIBS_save=$LIBS LIBS_save=$LIBS
# Check for symmetric key crypto functions # Check for symmetric key crypto functions
not_found=0 not_found=0
AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_new],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_new],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_EncryptInit_ex],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_EncryptInit_ex],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_aes_128_cbc],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_aes_128_cbc],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_des_ede3_cbc],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_des_ede3_cbc],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_camellia_128_cbc],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_camellia_128_cbc],, not_found=1)
AC_CHECK_LIB([crypto], [DES_random_key],, [not_found=1]) AC_CHECK_LIB([crypto], [DES_random_key],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_iv],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_iv],, not_found=1)
AS_IF([test "x$not_found" = "x0"], if test "x$not_found" = "x0"; then
[use_openssl_functions_symmetric=1 use_openssl_functions_symmetric=1
use_openssl_functions_for="symmetric (AES, TDES) "]) use_openssl_functions_for="symmetric (AES, TDES) "
# Check for EC crypto support fi
not_found=0 # Check for EC crypto support
AC_CHECK_LIB([crypto], [EC_KEY_set_group],, [not_found=1]) not_found=0
AC_CHECK_LIB([crypto], [EC_KEY_generate_key],, [not_found=1]) AC_CHECK_LIB([crypto], [EC_KEY_set_group],, not_found=1)
AC_CHECK_LIB([crypto], [EC_KEY_get0_private_key],, [not_found=1]) AC_CHECK_LIB([crypto], [EC_KEY_generate_key],, not_found=1)
AS_IF([test "x$not_found" = "x0"], AC_CHECK_LIB([crypto], [EC_KEY_get0_private_key],, not_found=1)
[use_openssl_functions_ec=1 if test "x$not_found" = "x0"; then
use_openssl_functions_for="${use_openssl_functions_for}general elliptic curve (EC) "]) use_openssl_functions_ec=1
# Check for ECDSA crypto support use_openssl_functions_for="${use_openssl_functions_for}general elliptic curve (EC) "
not_found=0 fi
AC_CHECK_LIB([crypto], [ECDSA_SIG_new],, [not_found=1]) # Check for ECDSA crypto support
AC_CHECK_LIB([crypto], [ECDSA_SIG_set0],, [not_found=1]) not_found=0
AC_CHECK_LIB([crypto], [ECDSA_do_verify],, [not_found=1]) AC_CHECK_LIB([crypto], [ECDSA_SIG_new],, not_found=1)
AC_CHECK_LIB([crypto], [ECDSA_do_sign],, [not_found=1]) AC_CHECK_LIB([crypto], [ECDSA_SIG_set0],, not_found=1)
AC_CHECK_LIB([crypto], [EC_KEY_set_group],, [not_found=1]) AC_CHECK_LIB([crypto], [ECDSA_do_verify],, not_found=1)
AS_IF([test "x$not_found" = "x0"], AC_CHECK_LIB([crypto], [ECDSA_do_sign],, not_found=1)
[use_openssl_functions_ecdsa=1 AC_CHECK_LIB([crypto], [EC_KEY_set_group],, not_found=1)
use_openssl_functions_for="${use_openssl_functions_for}elliptic curve (ECDSA) "]) if test "x$not_found" = "x0"; then
# Check for RSA crypto functions use_openssl_functions_ecdsa=1
not_found=0 use_openssl_functions_for="${use_openssl_functions_for}elliptic curve (ECDSA) "
AC_CHECK_LIB([crypto], [RSA_set0_key],, [not_found=1]) fi
AC_CHECK_LIB([crypto], [RSA_set0_factors],, [not_found=1]) # Check for RSA crypto functions
AC_CHECK_LIB([crypto], [RSA_set0_crt_params],, [not_found=1]) not_found=0
AC_CHECK_LIB([crypto], [RSA_generate_key_ex],, [not_found=1]) AC_CHECK_LIB([crypto], [RSA_set0_key],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_new],, [not_found=1]) AC_CHECK_LIB([crypto], [RSA_set0_factors],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_assign],, [not_found=1]) AC_CHECK_LIB([crypto], [RSA_set0_crt_params],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_encrypt_init],, [not_found=1]) AC_CHECK_LIB([crypto], [RSA_generate_key_ex],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_encrypt],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_new],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_decrypt_init],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_PKEY_assign],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_decrypt],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_PKEY_encrypt_init],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_sign_init],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_PKEY_encrypt],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_sign],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_PKEY_decrypt_init],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_verify_init],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_PKEY_decrypt],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_verify],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_PKEY_sign_init],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_get_digestbyname],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_PKEY_sign],, not_found=1)
# OpenSSL 3.0 turned some #defines into functions AC_CHECK_LIB([crypto], [EVP_PKEY_verify_init],, not_found=1)
AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set0_rsa_oaep_label],, AC_CHECK_LIB([crypto], [EVP_PKEY_verify],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_set0_rsa_oaep_label],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_get_digestbyname],, not_found=1)
) # OpenSSL 3.0 turned some #defines into functions
AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set_rsa_padding],, AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set0_rsa_oaep_label],,
AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_set_rsa_padding],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_set0_rsa_oaep_label],, not_found=1)
) )
AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set_rsa_oaep_md],, AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set_rsa_padding],,
AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_set_rsa_oaep_md],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_set_rsa_padding],, not_found=1)
) )
AX_CHECK_DEFINE([<openssl/evp.h>], [EVP_PKEY_CTX_set_signature_md],, AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set_rsa_oaep_md],,
AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_set_signature_md],, [not_found=1]) AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_set_rsa_oaep_md],, not_found=1)
) )
AS_IF([test "x$not_found" = "x0"], AX_CHECK_DEFINE([<openssl/evp.h>], [EVP_PKEY_CTX_set_signature_md],,
[use_openssl_functions_rsa=1 AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_set_signature_md],, not_found=1)
use_openssl_functions_for="${use_openssl_functions_for}RSA "] )
) if test "x$not_found" = "x0"; then
not_found=0 use_openssl_functions_rsa=1
AX_CHECK_DEFINE([<openssl/core_names.h>], [OSSL_KDF_NAME_SSKDF],, [not_found=1]) use_openssl_functions_for="${use_openssl_functions_for}RSA "
AS_IF([test "x$not_found" = "x0"], fi
[use_openssl_functions_sskdf=1
use_openssl_functions_for="${use_openssl_functions_for}SSKDF (KDFe) "] not_found=0
) AX_CHECK_DEFINE([<openssl/core_names.h>], [OSSL_KDF_NAME_SSKDF],, not_found=1)
LIBS=$LIBS_save if test "x$not_found" = "x0"; then
use_openssl_functions_sskdf=1
use_openssl_functions_for="${use_openssl_functions_for}SSKDF (KDFe) "
fi
LIBS=$LIBS_save
]) ])
CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=$use_openssl_functions_symmetric" CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=$use_openssl_functions_symmetric"
CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_EC=$use_openssl_functions_ec" CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_EC=$use_openssl_functions_ec"
@ -223,11 +259,9 @@ CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_SSKDF=$use_openssl_functions_sskdf"
AC_CHECK_LIB([crypto], [EC_POINT_get_affine_coordinates], found=1, found=0) AC_CHECK_LIB([crypto], [EC_POINT_get_affine_coordinates], found=1, found=0)
CFLAGS="$CFLAGS -DUSE_EC_POINT_GET_AFFINE_COORDINATES_API=$found" CFLAGS="$CFLAGS -DUSE_EC_POINT_GET_AFFINE_COORDINATES_API=$found"
AC_ARG_ENABLE([sanitizers], AC_ARG_ENABLE([sanitizers], AS_HELP_STRING([--enable-sanitizers], [Enable address sanitizing]),
[AS_HELP_STRING([--enable-sanitizers], [Enable address sanitizing])],
[SANITIZERS="-fsanitize=address,undefined"], []) [SANITIZERS="-fsanitize=address,undefined"], [])
AC_ARG_ENABLE([fuzzer], AC_ARG_ENABLE([fuzzer], AS_HELP_STRING([--enable-fuzzer], [Enable fuzzer]),
[AS_HELP_STRING([--enable-fuzzer], [Enable fuzzer])],
[FUZZER="$SANITIZERS -fsanitize=fuzzer" [FUZZER="$SANITIZERS -fsanitize=fuzzer"
AM_CONDITIONAL(WITH_FUZZER, true)], AM_CONDITIONAL(WITH_FUZZER, true)],
[AM_CONDITIONAL(WITH_FUZZER, false)]) [AM_CONDITIONAL(WITH_FUZZER, false)])
@ -238,13 +272,14 @@ AM_CONDITIONAL([WITH_FUZZING_ENGINE], [test "x$LIB_FUZZING_ENGINE" != "x"])
AC_SUBST([LIB_FUZZING_ENGINE]) AC_SUBST([LIB_FUZZING_ENGINE])
AC_ARG_ENABLE([test-coverage], AC_ARG_ENABLE([test-coverage],
AS_HELP_STRING([--enable-test-coverage], [Enable test coverage flags]), AS_HELP_STRING([--enable-test-coverage], [Enable test coverage flags]),
[AS_IF([test "$enableval" = "yes"], [if test "$enableval" = "yes"; then
[COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage" COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage"
COVERAGE_LDFLAGS="-fprofile-arcs" COVERAGE_LDFLAGS="-fprofile-arcs"
enable_static_tests=no # some tests will not link], enable_static_tests=no # some tests will not link
[enable_test_coverage=no] fi], [
)] enable_test_coverage=no
]
) )
LT_INIT LT_INIT
@ -253,14 +288,17 @@ AC_PROG_CXX
AC_PROG_INSTALL AC_PROG_INSTALL
LT_INIT LT_INIT
#AM_GNU_GETTEXT_VERSION([0.15])
#AM_GNU_GETTEXT([external])
AC_C_CONST AC_C_CONST
AC_C_INLINE AC_C_INLINE
AC_TYPE_SIZE_T AC_TYPE_SIZE_T
AC_ARG_ENABLE([static-tests], AC_ARG_ENABLE([static-tests],
[AS_HELP_STRING([--disable-static-tests], [Disable statically linked tests])],, [AS_HELP_STRING([--disable-static-tests], [Disable statically linked tests])],,
[enable_static_tests=yes]) [enable_static_tests=yes])
dnl enable_state must be 'yes' for any static tests dnl enable_state must be 'yes' for any static tests
AS_IF([test "$enable_static_tests" = "yes" && test "$enable_static" = "yes"], AS_IF([test "$enable_static_tests" = "yes" && test "$enable_static" = "yes"],
[enable_static_tests=yes],[enable_static_tests=no]) [enable_static_tests=yes],[enable_static_tests=no])
@ -272,39 +310,44 @@ AC_SUBST([LIBRT_LIBS])
AC_ARG_ENABLE([hardening], AC_ARG_ENABLE([hardening],
AS_HELP_STRING([--disable-hardening], [Disable hardening flags])) AS_HELP_STRING([--disable-hardening], [Disable hardening flags]))
AS_IF([test "x$enable_hardening" != "xno"], if test "x$enable_hardening" != "xno"; then
dnl Some versions of gcc fail with -Wstack-protector, # Some versions of gcc fail with -Wstack-protector,
dnl some with -Wstack-protector-strong enabled # some with -Wstack-protector-strong enabled
[AS_IF([! $CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>/dev/null], if ! $CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>/dev/null; then
[AS_IF([ $CC -fstack-protector $srcdir/include/libtpms/tpm_error.h 2>/dev/null], if $CC -fstack-protector $srcdir/include/libtpms/tpm_error.h 2>/dev/null; then
[HARDENING_CFLAGS="-fstack-protector "])], HARDENING_CFLAGS="-fstack-protector "
[HARDENING_CFLAGS="-fstack-protector-strong "]) fi
dnl Only support -D_FORTIFY_SOURCE=2 and have higher levels passed in by user else
dnl since they may create more overhead HARDENING_CFLAGS="-fstack-protector-strong "
AS_IF([$CC $CFLAGS -Werror -D_FORTIFY_SOURCE=2 $srcdir/include/libtpms/tpm_library.h 2>/dev/null], fi
[HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2"])
dnl Check linker for 'relro' and 'now' dnl Only support -D_FORTIFY_SOURCE=2 and have higher levels passed in by user
save_CFLAGS="$CFLAGS" dnl since they may create more overhead
CFLAGS="-Wl,-z,relro -Werror" if $CC $CFLAGS -Werror -D_FORTIFY_SOURCE=2 $srcdir/include/libtpms/tpm_library.h 2>/dev/null; then
AC_MSG_CHECKING([whether linker supports -Wl,-z,relro]) HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2"
AC_LINK_IFELSE( fi
[AC_LANG_SOURCE([[int main() { return 0; }]])], dnl Check linker for 'relro' and 'now'
[HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,relro" save_CFLAGS="$CFLAGS"
AC_MSG_RESULT(yes)], CFLAGS="-Wl,-z,relro -Werror"
[AC_MSG_RESULT(no)] AC_MSG_CHECKING([whether linker supports -Wl,-z,relro])
) AC_LINK_IFELSE(
CFLAGS="-Wl,-z,now -Werror" [AC_LANG_SOURCE([[int main() { return 0; }]])],
AC_MSG_CHECKING([whether linker supports -Wl,-z,now]) [HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,relro"
AC_LINK_IFELSE( AC_MSG_RESULT(yes)],
[AC_LANG_SOURCE([[int main() { return 0; }]])], [AC_MSG_RESULT(no)]
[HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,now" )
AC_MSG_RESULT(yes)], CFLAGS="-Wl,-z,now -Werror"
[AC_MSG_RESULT(no)] AC_MSG_CHECKING([whether linker supports -Wl,-z,now])
) AC_LINK_IFELSE(
CFLAGS="$save_CFLAGS" [AC_LANG_SOURCE([[int main() { return 0; }]])],
AC_SUBST([HARDENING_CFLAGS]) [HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,now"
AC_SUBST([HARDENING_LDFLAGS]) AC_MSG_RESULT(yes)],
]) [AC_MSG_RESULT(no)]
)
CFLAGS="$save_CFLAGS"
AC_SUBST([HARDENING_CFLAGS])
AC_SUBST([HARDENING_LDFLAGS])
fi
AM_CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wshadow -Wreturn-type -Wsign-compare -Wno-self-assign -Wmissing-prototypes" AM_CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wshadow -Wreturn-type -Wsign-compare -Wno-self-assign -Wmissing-prototypes"
AM_CFLAGS="$AM_CFLAGS" AM_CFLAGS="$AM_CFLAGS"
@ -326,8 +369,12 @@ AC_CONFIG_FILES(Makefile \
PKG_INSTALLDIR() PKG_INSTALLDIR()
AC_OUTPUT AC_OUTPUT
AS_IF([test -z "$with_tpm2"], if test -z "$enable_debug" ; then
[with_tpm2=no]) enable_debug="no"
fi
if test -z "$with_tpm2"; then
with_tpm2=no
fi
echo echo
echo "AM_CFLAGS=$AM_CFLAGS" echo "AM_CFLAGS=$AM_CFLAGS"

2
debian/rules vendored
View File

@ -6,6 +6,6 @@
dh $@ dh $@
override_dh_auto_configure: override_dh_auto_configure:
dh_auto_configure -- --with-openssl --with-tpm2 --disable-hardening dh_auto_configure -- --with-openssl --with-tpm2
override_dh_usrlocal: override_dh_usrlocal:

2
dist/libtpms.spec vendored
View File

@ -1,7 +1,7 @@
# --- libtpm rpm-spec --- # --- libtpm rpm-spec ---
%define name libtpms %define name libtpms
%define version 0.11.0 %define version 0.10.0
%define release 0~dev1 %define release 0~dev1
# Valid crypto subsystems are 'freebl' and 'openssl' # Valid crypto subsystems are 'freebl' and 'openssl'

2
include/libtpms/tpm_library.h
View File

@ -49,7 +49,7 @@ extern "C" {
#endif #endif
#define TPM_LIBRARY_VER_MAJOR 0 #define TPM_LIBRARY_VER_MAJOR 0
#define TPM_LIBRARY_VER_MINOR 11 #define TPM_LIBRARY_VER_MINOR 10
#define TPM_LIBRARY_VER_MICRO 0 #define TPM_LIBRARY_VER_MICRO 0
#define TPM_LIBRARY_VERSION_GEN(MAJ, MIN, MICRO) \ #define TPM_LIBRARY_VERSION_GEN(MAJ, MIN, MICRO) \

4
man/man3/TPMLIB_SetProfile.pod
View File

@ -195,10 +195,6 @@ This I<StateFormatLevel> enabled the following profile attributes:
=back =back
=item 8: (since v0.11)
This I<StateFormatLevel> enabled 4096-bit RSA.
=back =back
A user may specify the I<StateFormatLevel> when using the I<custom> profile. A user may specify the I<StateFormatLevel> when using the I<custom> profile.

2
man/man3/TPMLIB_SetState.pod
View File

@ -40,7 +40,7 @@ the volatile or save state blobs can be set.
The B<TPMLIB_GetState()> function allows to get the current state of the TPM. The B<TPMLIB_GetState()> function allows to get the current state of the TPM.
For as long as the TPM has not been started, this function either returns the state For as long as the TPM has not been started, this function either returns the state
blob previously set with B<TPMLIB_SetState()> or the state is read from a file. blob previously set with B<TPMLIB_SetState()> or the state is read from a file.
Once the TPM has been started, the state of the running TPM is returned. Once the TPM has been start the state of the running TPM is returned.
The B<TPMLIB_STATE_SAVE_STATE> (save state) type of TPM state can be set with this The B<TPMLIB_STATE_SAVE_STATE> (save state) type of TPM state can be set with this
function. The same state blob will be returned until TPM_Startup(ST_STATE) has been function. The same state blob will be returned until TPM_Startup(ST_STATE) has been

98
scripts/meld-all
View File

@ -1,98 +0,0 @@
#!/usr/bin/env bash
SKIP_FILES="(Marshal.c|Marshal_fp.h)"
NO_MELD_FLAG=$((1<<0))
main()
{
local opts f fname upstream flags
flags=0
prgname="$0"
if ! opts=$(getopt -l "help,no-meld,diff-only" -n "$prgname" -- "$prgname" "$@"); then
echo "Error: Failed to parse options." >&2
return 1
fi
eval set -- "${opts}"
while :; do
case "$1" in
--no-meld|diff-only)
flags=$((flags | NO_MELD_FLAG))
shift
;;
--)
shift
break
;;
--help)
help "$prgname"
return 0
;;
*)
echo "Internal error: Unregonized option '$1'" >&2
shift
return
;;
esac
done
if [ ! -r "$1" ]; then
echo "Cannot find file '$1' in libtpms repo."
exit 1
fi
if [ ! -d "$1" ]; then
echo "'$1' is not a directory."
exit 1
fi
if [ ! -d "${TCG_TPM_HOME}" ]; then
echo "TCG_TPM_HOME must point to a directory."
exit 1
fi
for f in $(find "$1" -type f -name '*.[ch]'); do
fname=$(basename "$f")
if [[ "${fname}" =~ ^${SKIP_FILES}$ ]]; then
echo "skipping ${fname}"
continue
fi
upstream=$(find "${TCG_TPM_HOME}" | grep -E "/${fname}\$")
if [ -n "${upstream}" ]; then
# find first empty line presumably after license
line=$(grep -m 1 -E "^$" -n "${f}" | cut -d":" -f1)
if [ -z "$line" ]; then
if [ $((flags & NO_MELD_FLAG)) -eq 0 ]; then
meld "${upstrean}" "${f}"
else
echo "Something wrong with file $f"
fi
fi
line=$((line+1))
if [ $((flags & NO_MELD_FLAG)) -ne 0 ]; then
echo "============================================================================"
echo "${f}"
diff --ignore-trailing-space <(sed -n "${line},\$p" < "${f}") "${upstream}"
fi
if ! diff --ignore-trailing-space <(sed -n "${line},\$p" < "${f}") "${upstream}" >/dev/null; then
if [ $((flags & NO_MELD_FLAG)) -eq 0 ]; then
meld "${upstream}" "$f"
fi
else
echo "${f}: nothing to do"
fi
else
echo "Could not find file ${fname} in TCG TPM repo"
fi
done
}
main "$@"
exit $?

23
scripts/meld-find
View File

@ -1,23 +0,0 @@
#!/usr/bin/env bash
if [ ! -f "$1" ]; then
echo "Cannot find file '$1' in libtpms repo."
exit 1
fi
if [ -z "${TCG_TPM_HOME}" ]; then
echo "TCG_TPM_HOME must be set to the TCG TPM repo checkout."
exit 1
fi
if [ ! -d "${TCG_TPM_HOME}" ]; then
echo "TCG_TPM_HOME must point to a directory."
exit 1
fi
fname=$(basename "$1")
upstream=$(find "${TCG_TPM_HOME}" | grep -E "/${fname}\$")
meld "${upstream}" "$1"

15
src/Makefile.am
View File

@ -54,6 +54,8 @@ libtpms_tpm12_la_CFLAGS += -DTPM_POSIX
# build without maintenance commands # build without maintenance commands
libtpms_tpm12_la_CFLAGS += -DTPM_NOMAINTENANCE_COMMANDS libtpms_tpm12_la_CFLAGS += -DTPM_NOMAINTENANCE_COMMANDS
libtpms_tpm12_la_CFLAGS += @DEBUG_DEFINES@
CRYPTO_OBJFILES = CRYPTO_OBJFILES =
libtpms_tpm12_la_SOURCES = \ libtpms_tpm12_la_SOURCES = \
@ -237,9 +239,9 @@ libtpms_tpm2_la_SOURCES = \
tpm2/MathOnByteBuffers.c \ tpm2/MathOnByteBuffers.c \
tpm2/Memory.c \ tpm2/Memory.c \
tpm2/NVCommands.c \ tpm2/NVCommands.c \
tpm2/NvDynamic.c \ tpm2/NVDynamic.c \
tpm2/NVMem.c \ tpm2/NVMem.c \
tpm2/NvReserved.c \ tpm2/NVReserved.c \
tpm2/NV_spt.c \ tpm2/NV_spt.c \
tpm2/Object.c \ tpm2/Object.c \
tpm2/ObjectCommands.c \ tpm2/ObjectCommands.c \
@ -247,7 +249,7 @@ libtpms_tpm2_la_SOURCES = \
tpm2/PCR.c \ tpm2/PCR.c \
tpm2/PlatformACT.c \ tpm2/PlatformACT.c \
tpm2/PlatformData.c \ tpm2/PlatformData.c \
tpm2/PlatformPcr.c \ tpm2/PlatformPCR.c \
tpm2/Policy_spt.c \ tpm2/Policy_spt.c \
tpm2/Power.c \ tpm2/Power.c \
tpm2/PowerPlat.c \ tpm2/PowerPlat.c \
@ -268,7 +270,7 @@ libtpms_tpm2_la_SOURCES = \
tpm2/TestingCommands.c \ tpm2/TestingCommands.c \
tpm2/Ticket.c \ tpm2/Ticket.c \
tpm2/Time.c \ tpm2/Time.c \
tpm2/TpmASN1.c \ tpm2/TpmAsn1.c \
tpm2/TpmBigNumThunks.c \ tpm2/TpmBigNumThunks.c \
tpm2/TpmEcc_Signature_ECDAA.c \ tpm2/TpmEcc_Signature_ECDAA.c \
tpm2/TpmEcc_Signature_ECDSA.c \ tpm2/TpmEcc_Signature_ECDSA.c \
@ -365,7 +367,6 @@ noinst_HEADERS += \
tpm2/Create_fp.h \ tpm2/Create_fp.h \
tpm2/CreateLoaded_fp.h \ tpm2/CreateLoaded_fp.h \
tpm2/CreatePrimary_fp.h \ tpm2/CreatePrimary_fp.h \
tpm2/CryptoInterface.h \
tpm2/CryptSelfTest_fp.h \ tpm2/CryptSelfTest_fp.h \
tpm2/DA_fp.h \ tpm2/DA_fp.h \
tpm2/DebugHelpers_fp.h \ tpm2/DebugHelpers_fp.h \
@ -427,7 +428,7 @@ noinst_HEADERS += \
tpm2/NV_ChangeAuth_fp.h \ tpm2/NV_ChangeAuth_fp.h \
tpm2/NV_DefineSpace_fp.h \ tpm2/NV_DefineSpace_fp.h \
tpm2/NV_DefineSpace2_fp.h \ tpm2/NV_DefineSpace2_fp.h \
tpm2/NvDynamic_fp.h \ tpm2/NVDynamic_fp.h \
tpm2/NV_Extend_fp.h \ tpm2/NV_Extend_fp.h \
tpm2/NV_GlobalWriteLock_fp.h \ tpm2/NV_GlobalWriteLock_fp.h \
tpm2/NV.h \ tpm2/NV.h \
@ -436,7 +437,7 @@ noinst_HEADERS += \
tpm2/NV_ReadLock_fp.h \ tpm2/NV_ReadLock_fp.h \
tpm2/NV_ReadPublic_fp.h \ tpm2/NV_ReadPublic_fp.h \
tpm2/NV_ReadPublic2_fp.h \ tpm2/NV_ReadPublic2_fp.h \
tpm2/NvReserved_fp.h \ tpm2/NVReserved_fp.h \
tpm2/NV_SetBits_fp.h \ tpm2/NV_SetBits_fp.h \
tpm2/NV_spt_fp.h \ tpm2/NV_spt_fp.h \
tpm2/NV_UndefineSpace_fp.h \ tpm2/NV_UndefineSpace_fp.h \

224
src/tpm2/ACT.h
View File

@ -59,213 +59,199 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
// 5.24 ACT.h
#ifndef _ACT_H_ #ifndef _ACT_H_
#define _ACT_H_ #define _ACT_H_
#include "TpmProfile.h" #include "TpmProfile.h"
#if 0 // libtpms added
#if ACT_SUPPORT \
!= (RH_ACT_0 | RH_ACT_1 | RH_ACT_2 | RH_ACT_3 | RH_ACT_4 | RH_ACT_5 | RH_ACT_6 \
| RH_ACT_7 | RH_ACT_8 | RH_ACT_9 | RH_ACT_A | RH_ACT_B | RH_ACT_C | RH_ACT_D \
| RH_ACT_E | RH_ACT_F)
# error "If ACT_SUPPORT == NO, no ACTs can be enabled"
#endif // (ACT_SUPPORT != ...)
#endif // libtpms added
#if !(defined RH_ACT_0) || (RH_ACT_0 != YES) #if !(defined RH_ACT_0) || (RH_ACT_0 != YES)
# undef RH_ACT_0 # undef RH_ACT_0
# define RH_ACT_0 NO # define RH_ACT_0 NO
# define IF_ACT_0_IMPLEMENTED(op) # define IF_ACT_0_IMPLEMENTED(op)
#else #else
# define IF_ACT_0_IMPLEMENTED(op) op(0) # define IF_ACT_0_IMPLEMENTED(op) op(0)
#endif #endif
#if !(defined RH_ACT_1) || (RH_ACT_1 != YES) #if !(defined RH_ACT_1) || (RH_ACT_1 != YES)
# undef RH_ACT_1 # undef RH_ACT_1
# define RH_ACT_1 NO # define RH_ACT_1 NO
# define IF_ACT_1_IMPLEMENTED(op) # define IF_ACT_1_IMPLEMENTED(op)
#else #else
# define IF_ACT_1_IMPLEMENTED(op) op(1) # define IF_ACT_1_IMPLEMENTED(op) op(1)
#endif #endif
#if !(defined RH_ACT_2) || (RH_ACT_2 != YES) #if !(defined RH_ACT_2) || (RH_ACT_2 != YES)
# undef RH_ACT_2 # undef RH_ACT_2
# define RH_ACT_2 NO # define RH_ACT_2 NO
# define IF_ACT_2_IMPLEMENTED(op) # define IF_ACT_2_IMPLEMENTED(op)
#else #else
# define IF_ACT_2_IMPLEMENTED(op) op(2) # define IF_ACT_2_IMPLEMENTED(op) op(2)
#endif #endif
#if !(defined RH_ACT_3) || (RH_ACT_3 != YES) #if !(defined RH_ACT_3) || (RH_ACT_3 != YES)
# undef RH_ACT_3 # undef RH_ACT_3
# define RH_ACT_3 NO # define RH_ACT_3 NO
# define IF_ACT_3_IMPLEMENTED(op) # define IF_ACT_3_IMPLEMENTED(op)
#else #else
# define IF_ACT_3_IMPLEMENTED(op) op(3) # define IF_ACT_3_IMPLEMENTED(op) op(3)
#endif #endif
#if !(defined RH_ACT_4) || (RH_ACT_4 != YES) #if !(defined RH_ACT_4) || (RH_ACT_4 != YES)
# undef RH_ACT_4 # undef RH_ACT_4
# define RH_ACT_4 NO # define RH_ACT_4 NO
# define IF_ACT_4_IMPLEMENTED(op) # define IF_ACT_4_IMPLEMENTED(op)
#else #else
# define IF_ACT_4_IMPLEMENTED(op) op(4) # define IF_ACT_4_IMPLEMENTED(op) op(4)
#endif #endif
#if !(defined RH_ACT_5) || (RH_ACT_5 != YES) #if !(defined RH_ACT_5) || (RH_ACT_5 != YES)
# undef RH_ACT_5 # undef RH_ACT_5
# define RH_ACT_5 NO # define RH_ACT_5 NO
# define IF_ACT_5_IMPLEMENTED(op) # define IF_ACT_5_IMPLEMENTED(op)
#else #else
# define IF_ACT_5_IMPLEMENTED(op) op(5) # define IF_ACT_5_IMPLEMENTED(op) op(5)
#endif #endif
#if !(defined RH_ACT_6) || (RH_ACT_6 != YES) #if !(defined RH_ACT_6) || (RH_ACT_6 != YES)
# undef RH_ACT_6 # undef RH_ACT_6
# define RH_ACT_6 NO # define RH_ACT_6 NO
# define IF_ACT_6_IMPLEMENTED(op) # define IF_ACT_6_IMPLEMENTED(op)
#else #else
# define IF_ACT_6_IMPLEMENTED(op) op(6) # define IF_ACT_6_IMPLEMENTED(op) op(6)
#endif #endif
#if !(defined RH_ACT_7) || (RH_ACT_7 != YES) #if !(defined RH_ACT_7) || (RH_ACT_7 != YES)
# undef RH_ACT_7 # undef RH_ACT_7
# define RH_ACT_7 NO # define RH_ACT_7 NO
# define IF_ACT_7_IMPLEMENTED(op) # define IF_ACT_7_IMPLEMENTED(op)
#else #else
# define IF_ACT_7_IMPLEMENTED(op) op(7) # define IF_ACT_7_IMPLEMENTED(op) op(7)
#endif #endif
#if !(defined RH_ACT_8) || (RH_ACT_8 != YES) #if !(defined RH_ACT_8) || (RH_ACT_8 != YES)
# undef RH_ACT_8 # undef RH_ACT_8
# define RH_ACT_8 NO # define RH_ACT_8 NO
# define IF_ACT_8_IMPLEMENTED(op) # define IF_ACT_8_IMPLEMENTED(op)
#else #else
# define IF_ACT_8_IMPLEMENTED(op) op(8) # define IF_ACT_8_IMPLEMENTED(op) op(8)
#endif #endif
#if !(defined RH_ACT_9) || (RH_ACT_9 != YES) #if !(defined RH_ACT_9) || (RH_ACT_9 != YES)
# undef RH_ACT_9 # undef RH_ACT_9
# define RH_ACT_9 NO # define RH_ACT_9 NO
# define IF_ACT_9_IMPLEMENTED(op) # define IF_ACT_9_IMPLEMENTED(op)
#else #else
# define IF_ACT_9_IMPLEMENTED(op) op(9) # define IF_ACT_9_IMPLEMENTED(op) op(9)
#endif #endif
#if !(defined RH_ACT_A) || (RH_ACT_A != YES) #if !(defined RH_ACT_A) || (RH_ACT_A != YES)
# undef RH_ACT_A # undef RH_ACT_A
# define RH_ACT_A NO # define RH_ACT_A NO
# define IF_ACT_A_IMPLEMENTED(op) # define IF_ACT_A_IMPLEMENTED(op)
#else #else
# define IF_ACT_A_IMPLEMENTED(op) op(A) # define IF_ACT_A_IMPLEMENTED(op) op(A)
#endif #endif
#if !(defined RH_ACT_B) || (RH_ACT_B != YES) #if !(defined RH_ACT_B) || (RH_ACT_B != YES)
# undef RH_ACT_B # undef RH_ACT_B
# define RH_ACT_B NO # define RH_ACT_B NO
# define IF_ACT_B_IMPLEMENTED(op) # define IF_ACT_B_IMPLEMENTED(op)
#else #else
# define IF_ACT_B_IMPLEMENTED(op) op(B) # define IF_ACT_B_IMPLEMENTED(op) op(B)
#endif #endif
#if !(defined RH_ACT_C) || (RH_ACT_C != YES) #if !(defined RH_ACT_C) || (RH_ACT_C != YES)
# undef RH_ACT_C # undef RH_ACT_C
# define RH_ACT_C NO # define RH_ACT_C NO
# define IF_ACT_C_IMPLEMENTED(op) # define IF_ACT_C_IMPLEMENTED(op)
#else #else
# define IF_ACT_C_IMPLEMENTED(op) op(C) # define IF_ACT_C_IMPLEMENTED(op) op(C)
#endif #endif
#if !(defined RH_ACT_D) || (RH_ACT_D != YES) #if !(defined RH_ACT_D) || (RH_ACT_D != YES)
# undef RH_ACT_D # undef RH_ACT_D
# define RH_ACT_D NO # define RH_ACT_D NO
# define IF_ACT_D_IMPLEMENTED(op) # define IF_ACT_D_IMPLEMENTED(op)
#else #else
# define IF_ACT_D_IMPLEMENTED(op) op(D) # define IF_ACT_D_IMPLEMENTED(op) op(D)
#endif #endif
#if !(defined RH_ACT_E) || (RH_ACT_E != YES) #if !(defined RH_ACT_E) || (RH_ACT_E != YES)
# undef RH_ACT_E # undef RH_ACT_E
# define RH_ACT_E NO # define RH_ACT_E NO
# define IF_ACT_E_IMPLEMENTED(op) # define IF_ACT_E_IMPLEMENTED(op)
#else #else
# define IF_ACT_E_IMPLEMENTED(op) op(E) # define IF_ACT_E_IMPLEMENTED(op) op(E)
#endif #endif
#if !(defined RH_ACT_F) || (RH_ACT_F != YES) #if !(defined RH_ACT_F) || (RH_ACT_F != YES)
# undef RH_ACT_F # undef RH_ACT_F
# define RH_ACT_F NO # define RH_ACT_F NO
# define IF_ACT_F_IMPLEMENTED(op) # define IF_ACT_F_IMPLEMENTED(op)
#else #else
# define IF_ACT_F_IMPLEMENTED(op) op(F) # define IF_ACT_F_IMPLEMENTED(op) op(F)
#endif #endif
#ifndef TPM_RH_ACT_0 #ifndef TPM_RH_ACT_0
# error Need numeric definition for TPM_RH_ACT_0 #error Need numeric definition for TPM_RH_ACT_0
#endif #endif
#ifndef TPM_RH_ACT_1 #ifndef TPM_RH_ACT_1
# define TPM_RH_ACT_1 (TPM_RH_ACT_0 + 1) # define TPM_RH_ACT_1 (TPM_RH_ACT_0 + 1)
#endif #endif
#ifndef TPM_RH_ACT_2 #ifndef TPM_RH_ACT_2
# define TPM_RH_ACT_2 (TPM_RH_ACT_0 + 2) # define TPM_RH_ACT_2 (TPM_RH_ACT_0 + 2)
#endif #endif
#ifndef TPM_RH_ACT_3 #ifndef TPM_RH_ACT_3
# define TPM_RH_ACT_3 (TPM_RH_ACT_0 + 3) # define TPM_RH_ACT_3 (TPM_RH_ACT_0 + 3)
#endif #endif
#ifndef TPM_RH_ACT_4 #ifndef TPM_RH_ACT_4
# define TPM_RH_ACT_4 (TPM_RH_ACT_0 + 4) # define TPM_RH_ACT_4 (TPM_RH_ACT_0 + 4)
#endif #endif
#ifndef TPM_RH_ACT_5 #ifndef TPM_RH_ACT_5
# define TPM_RH_ACT_5 (TPM_RH_ACT_0 + 5) # define TPM_RH_ACT_5 (TPM_RH_ACT_0 + 5)
#endif #endif
#ifndef TPM_RH_ACT_6 #ifndef TPM_RH_ACT_6
# define TPM_RH_ACT_6 (TPM_RH_ACT_0 + 6) # define TPM_RH_ACT_6 (TPM_RH_ACT_0 + 6)
#endif #endif
#ifndef TPM_RH_ACT_7 #ifndef TPM_RH_ACT_7
# define TPM_RH_ACT_7 (TPM_RH_ACT_0 + 7) # define TPM_RH_ACT_7 (TPM_RH_ACT_0 + 7)
#endif #endif
#ifndef TPM_RH_ACT_8 #ifndef TPM_RH_ACT_8
# define TPM_RH_ACT_8 (TPM_RH_ACT_0 + 8) # define TPM_RH_ACT_8 (TPM_RH_ACT_0 + 8)
#endif #endif
#ifndef TPM_RH_ACT_9 #ifndef TPM_RH_ACT_9
# define TPM_RH_ACT_9 (TPM_RH_ACT_0 + 9) # define TPM_RH_ACT_9 (TPM_RH_ACT_0 + 9)
#endif #endif
#ifndef TPM_RH_ACT_A #ifndef TPM_RH_ACT_A
# define TPM_RH_ACT_A (TPM_RH_ACT_0 + 0xA) # define TPM_RH_ACT_A (TPM_RH_ACT_0 + 0xA)
#endif #endif
#ifndef TPM_RH_ACT_B #ifndef TPM_RH_ACT_B
# define TPM_RH_ACT_B (TPM_RH_ACT_0 + 0xB) # define TPM_RH_ACT_B (TPM_RH_ACT_0 + 0xB)
#endif #endif
#ifndef TPM_RH_ACT_C #ifndef TPM_RH_ACT_C
# define TPM_RH_ACT_C (TPM_RH_ACT_0 + 0xC) # define TPM_RH_ACT_C (TPM_RH_ACT_0 + 0xC)
#endif #endif
#ifndef TPM_RH_ACT_D #ifndef TPM_RH_ACT_D
# define TPM_RH_ACT_D (TPM_RH_ACT_0 + 0xD) # define TPM_RH_ACT_D (TPM_RH_ACT_0 + 0xD)
#endif #endif
#ifndef TPM_RH_ACT_E #ifndef TPM_RH_ACT_E
# define TPM_RH_ACT_E (TPM_RH_ACT_0 + 0xE) # define TPM_RH_ACT_E (TPM_RH_ACT_0 + 0xE)
#endif #endif
#ifndef TPM_RH_ACT_F #ifndef TPM_RH_ACT_F
# define TPM_RH_ACT_F (TPM_RH_ACT_0 + 0xF) # define TPM_RH_ACT_F (TPM_RH_ACT_0 + 0xF)
#endif #endif
#define FOR_EACH_ACT(op) \
#define FOR_EACH_ACT(op) \ IF_ACT_0_IMPLEMENTED(op) \
IF_ACT_0_IMPLEMENTED(op) \ IF_ACT_1_IMPLEMENTED(op) \
IF_ACT_1_IMPLEMENTED(op) \ IF_ACT_2_IMPLEMENTED(op) \
IF_ACT_2_IMPLEMENTED(op) \ IF_ACT_3_IMPLEMENTED(op) \
IF_ACT_3_IMPLEMENTED(op) \ IF_ACT_4_IMPLEMENTED(op) \
IF_ACT_4_IMPLEMENTED(op) \ IF_ACT_5_IMPLEMENTED(op) \
IF_ACT_5_IMPLEMENTED(op) \ IF_ACT_6_IMPLEMENTED(op) \
IF_ACT_6_IMPLEMENTED(op) \ IF_ACT_7_IMPLEMENTED(op) \
IF_ACT_7_IMPLEMENTED(op) \ IF_ACT_8_IMPLEMENTED(op) \
IF_ACT_8_IMPLEMENTED(op) \ IF_ACT_9_IMPLEMENTED(op) \
IF_ACT_9_IMPLEMENTED(op) \ IF_ACT_A_IMPLEMENTED(op) \
IF_ACT_A_IMPLEMENTED(op) \ IF_ACT_B_IMPLEMENTED(op) \
IF_ACT_B_IMPLEMENTED(op) \ IF_ACT_C_IMPLEMENTED(op) \
IF_ACT_C_IMPLEMENTED(op) \ IF_ACT_D_IMPLEMENTED(op) \
IF_ACT_D_IMPLEMENTED(op) \ IF_ACT_E_IMPLEMENTED(op) \
IF_ACT_E_IMPLEMENTED(op) \
IF_ACT_F_IMPLEMENTED(op) IF_ACT_F_IMPLEMENTED(op)
// This is the mask for ACT that are implemented // This is the mask for ACT that are implemented
//#define ACT_MASK(N) | (1 << 0x##N) //#define ACT_MASK(N) | (1 << 0x##N)
//#define ACT_IMPLEMENTED_MASK (0 FOR_EACH_ACT(ACT_MASK)) //#define ACT_IMPLEMENTED_MASK (0 FOR_EACH_ACT(ACT_MASK))
#define CASE_ACT_HANDLE(N) case TPM_RH_ACT_##N:
#define CASE_ACT_HANDLE(N) case TPM_RH_ACT_##N: #define CASE_ACT_NUMBER(N) case 0x##N:
#define CASE_ACT_NUMBER(N) case 0x##N:
typedef struct ACT_STATE typedef struct ACT_STATE
{ {
UINT32 remaining; UINT32 remaining;
TPM_ALG_ID hashAlg; TPM_ALG_ID hashAlg;
TPM2B_DIGEST authPolicy; TPM2B_DIGEST authPolicy;
} ACT_STATE, *P_ACT_STATE; } ACT_STATE, *P_ACT_STATE;
#endif // _ACT_H_
#endif // _ACT_H_

165
src/tpm2/ACT_SetTimeout_fp.h
View File

@ -1,86 +1,79 @@
/********************************************************************************/ /********************************************************************************/
/* */ /* */
/* TPM2_ACT_SetTimeout Header */ /* TPM2_ACT_SetTimeout Header */
/* Written by Ken Goldman */ /* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */ /* IBM Thomas J. Watson Research Center */
/* $Id$ */ /* $Id$ */
/* */ /* */
/* Licenses and Notices */ /* Licenses and Notices */
/* */ /* */
/* 1. Copyright Licenses: */ /* 1. Copyright Licenses: */
/* */ /* */
/* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */
/* this specification (the "Source Code") a worldwide, irrevocable, */ /* this specification (the "Source Code") a worldwide, irrevocable, */
/* nonexclusive, royalty free, copyright license to reproduce, create */ /* nonexclusive, royalty free, copyright license to reproduce, create */
/* derivative works, distribute, display and perform the Source Code and */ /* derivative works, distribute, display and perform the Source Code and */
/* derivative works thereof, and to grant others the rights granted herein. */ /* derivative works thereof, and to grant others the rights granted herein. */
/* */ /* */
/* - The TCG grants to the user of the other parts of the specification */ /* - The TCG grants to the user of the other parts of the specification */
/* (other than the Source Code) the rights to reproduce, distribute, */ /* (other than the Source Code) the rights to reproduce, distribute, */
/* display, and perform the specification solely for the purpose of */ /* display, and perform the specification solely for the purpose of */
/* developing products based on such documents. */ /* developing products based on such documents. */
/* */ /* */
/* 2. Source Code Distribution Conditions: */ /* 2. Source Code Distribution Conditions: */
/* */ /* */
/* - Redistributions of Source Code must retain the above copyright licenses, */ /* - Redistributions of Source Code must retain the above copyright licenses, */
/* this list of conditions and the following disclaimers. */ /* this list of conditions and the following disclaimers. */
/* */ /* */
/* - Redistributions in binary form must reproduce the above copyright */ /* - Redistributions in binary form must reproduce the above copyright */
/* licenses, this list of conditions and the following disclaimers in the */ /* licenses, this list of conditions and the following disclaimers in the */
/* documentation and/or other materials provided with the distribution. */ /* documentation and/or other materials provided with the distribution. */
/* */ /* */
/* 3. Disclaimers: */ /* 3. Disclaimers: */
/* */ /* */
/* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */
/* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */
/* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */
/* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */
/* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */
/* information on specification licensing rights available through TCG */ /* information on specification licensing rights available through TCG */
/* membership agreements. */ /* membership agreements. */
/* */ /* */
/* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */
/* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */
/* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */
/* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */
/* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */
/* */ /* */
/* - Without limitation, TCG and its members and licensors disclaim all */ /* - Without limitation, TCG and its members and licensors disclaim all */
/* liability, including liability for infringement of any proprietary */ /* liability, including liability for infringement of any proprietary */
/* rights, relating to use of information in this specification and to the */ /* rights, relating to use of information in this specification and to the */
/* implementation of this specification, and TCG disclaims all liability for */ /* implementation of this specification, and TCG disclaims all liability for */
/* cost of procurement of substitute goods or services, lost profits, loss */ /* cost of procurement of substitute goods or services, lost profits, loss */
/* of use, loss of data or any incidental, consequential, direct, indirect, */ /* of use, loss of data or any incidental, consequential, direct, indirect, */
/* or special damages, whether under contract, tort, warranty or otherwise, */ /* or special damages, whether under contract, tort, warranty or otherwise, */
/* arising in any way out of use or reliance upon this specification or any */ /* arising in any way out of use or reliance upon this specification or any */
/* information herein. */ /* information herein. */
/* */ /* */
/* (c) Copyright IBM Corp. and others, 2019 */ /* (c) Copyright IBM Corp. and others, 2019 */
/* */ /* */
/********************************************************************************/ /********************************************************************************/
#ifndef ACT_SETTIMEOUT_FP_H
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #define ACT_SETTIMEOUT_FP_H
#if CC_ACT_SetTimeout // Command must be enabled typedef struct {
TPMI_RH_ACT actHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ACT_SETTIMEOUT_FP_H_ UINT32 startTimeout;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ACT_SETTIMEOUT_FP_H_ } ACT_SetTimeout_In;
// Input structure definition #define RC_ACT_SetTimeout_actHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_ACT_SetTimeout_startTimeout (TPM_RC_H + TPM_RC_2)
{
TPMI_RH_ACT actHandle; TPM_RC
UINT32 startTimeout; TPM2_ACT_SetTimeout(
} ACT_SetTimeout_In; ACT_SetTimeout_In *in // IN: input parameter list
);
// Response code modifiers
# define RC_ACT_SetTimeout_actHandle (TPM_RC_H + TPM_RC_1)
# define RC_ACT_SetTimeout_startTimeout (TPM_RC_P + TPM_RC_1) #endif
// Function prototype
TPM_RC
TPM2_ACT_SetTimeout(ACT_SetTimeout_In* in);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ACT_SETTIMEOUT_FP_H_
#endif // CC_ACT_SetTimeout

228
src/tpm2/ACT_spt.c
View File

@ -82,15 +82,15 @@
// and turns signaling back on if necessary. // and turns signaling back on if necessary.
#ifndef __ACT_DISABLED // libtpms added #ifndef __ACT_DISABLED // libtpms added
static void _ActResume(UINT32 act, //IN: the act number static void _ActResume(UINT32 act, //IN: the act number
ACT_STATE* actData //IN: pointer to the saved ACT data ACT_STATE* actData //IN: pointer to the saved ACT data
) )
{ {
// If the act was non-zero, then restore the counter value. // If the act was non-zero, then restore the counter value.
if(actData->remaining > 0) if(actData->remaining > 0)
_plat__ACT_UpdateCounter(act, actData->remaining); _plat__ACT_UpdateCounter(act, actData->remaining);
// if the counter was zero and the ACT signaling, enable the signaling. // if the counter was zero and the ACT signaling, enable the signaling.
else if(go.signaledACT & (1 << act)) else if(go.signaledACT & (1 << act))
_plat__ACT_SetSignaled(act, TRUE); _plat__ACT_SetSignaled(act, TRUE);
} }
#endif // libtpms added #endif // libtpms added
@ -100,35 +100,35 @@ BOOL ActStartup(STARTUP_TYPE type)
{ {
// Reset all the ACT hardware // Reset all the ACT hardware
_plat__ACT_Initialize(); _plat__ACT_Initialize();
// If this not a cold start, copy all the current 'signaled' settings to // If this not a cold start, copy all the current 'signaled' settings to
// 'preservedSignaled'. // 'preservedSignaled'.
#ifndef __ACT_DISABLED // libtpms added #ifndef __ACT_DISABLED // libtpms added
if(g_powerWasLost) if(g_powerWasLost)
go.preservedSignaled = 0; go.preservedSignaled = 0;
else else
go.preservedSignaled |= go.signaledACT; go.preservedSignaled |= go.signaledACT;
#endif // libtpms added #endif // libtpms added
// For TPM_RESET or TPM_RESTART, the ACTs will all be disabled and the output // For TPM_RESET or TPM_RESTART, the ACTs will all be disabled and the output
// de-asserted. // de-asserted.
if(type != SU_RESUME) if(type != SU_RESUME)
{ {
#ifndef __ACT_DISABLED // libtpms added #ifndef __ACT_DISABLED // libtpms added
go.signaledACT = 0; go.signaledACT = 0;
#endif // libtpms added #endif // libtpms added
# define CLEAR_ACT_POLICY(N) \ # define CLEAR_ACT_POLICY(N) \
go.ACT_##N.hashAlg = TPM_ALG_NULL; \ go.ACT_##N.hashAlg = TPM_ALG_NULL; \
go.ACT_##N.authPolicy.b.size = 0; go.ACT_##N.authPolicy.b.size = 0;
FOR_EACH_ACT(CLEAR_ACT_POLICY) FOR_EACH_ACT(CLEAR_ACT_POLICY)
} }
else else
{ {
// Resume each of the implemented ACT // Resume each of the implemented ACT
# define RESUME_ACT(N) _ActResume(0x##N, &go.ACT_##N); # define RESUME_ACT(N) _ActResume(0x##N, &go.ACT_##N);
FOR_EACH_ACT(RESUME_ACT) FOR_EACH_ACT(RESUME_ACT)
} }
// set no ACT updated since last startup. This is to enable the halving of the // set no ACT updated since last startup. This is to enable the halving of the
// timeout value // timeout value
s_ActUpdated = 0; s_ActUpdated = 0;
@ -146,13 +146,13 @@ static void _ActSaveState(UINT32 act, P_ACT_STATE actData)
// If the ACT hasn't been updated since the last startup, then it should be // If the ACT hasn't been updated since the last startup, then it should be
// be halved. // be halved.
if((s_ActUpdated & (1 << act)) == 0) if((s_ActUpdated & (1 << act)) == 0)
{ {
// Don't halve if the count is set to max or if halving would make it zero // Don't halve if the count is set to max or if halving would make it zero
if((actData->remaining != UINT32_MAX) && (actData->remaining > 1)) if((actData->remaining != UINT32_MAX) && (actData->remaining > 1))
actData->remaining /= 2; actData->remaining /= 2;
} }
if(_plat__ACT_GetSignaled(act)) if(_plat__ACT_GetSignaled(act))
go.signaledACT |= (1 << act); go.signaledACT |= (1 << act);
} }
//*** ActGetSignaled() //*** ActGetSignaled()
@ -168,7 +168,7 @@ BOOL ActGetSignaled(TPM_RH actHandle)
//***ActShutdown() //***ActShutdown()
// This function saves the current state of the counters // This function saves the current state of the counters
BOOL ActShutdown(TPM_SU state //IN: the type of the shutdown. BOOL ActShutdown(TPM_SU state //IN: the type of the shutdown.
) )
{ {
// if this is not shutdown state, then the only type of startup is TPM_RESTART // if this is not shutdown state, then the only type of startup is TPM_RESTART
// so the timer values will be cleared. If this is shutdown state, get the current // so the timer values will be cleared. If this is shutdown state, get the current
@ -176,16 +176,16 @@ BOOL ActShutdown(TPM_SU state //IN: the type of the shutdown.
// since the last restart, divide the time by 2 so that there is no attack on the // since the last restart, divide the time by 2 so that there is no attack on the
// countdown by saving the countdown state early and then not using the TPM. // countdown by saving the countdown state early and then not using the TPM.
if(state == TPM_SU_STATE) if(state == TPM_SU_STATE)
{ {
// This will be populated as each of the ACT is queried // This will be populated as each of the ACT is queried
#ifndef __ACT_DISABLED // libtpms added #ifndef __ACT_DISABLED // libtpms added
go.signaledACT = 0; go.signaledACT = 0;
#endif // libtpms added #endif // libtpms added
// Get the current count and the signaled state // Get the current count and the signaled state
# define SAVE_ACT_STATE(N) _ActSaveState(0x##N, &go.ACT_##N); # define SAVE_ACT_STATE(N) _ActSaveState(0x##N, &go.ACT_##N);
FOR_EACH_ACT(SAVE_ACT_STATE); FOR_EACH_ACT(SAVE_ACT_STATE);
} }
return TRUE; return TRUE;
} }
@ -196,16 +196,16 @@ BOOL ActIsImplemented(UINT32 act)
{ {
// This switch accounts for the TPM implemented values. // This switch accounts for the TPM implemented values.
switch(act) switch(act)
{ {
#ifndef __ACT_DISABLED // libtpms added #ifndef __ACT_DISABLED // libtpms added
FOR_EACH_ACT(CASE_ACT_NUMBER) FOR_EACH_ACT(CASE_ACT_NUMBER)
// This ensures that the platform implements the values implemented by // This ensures that the platform implements the values implemented by
// the TPM // the TPM
return _plat__ACT_GetImplemented(act); return _plat__ACT_GetImplemented(act);
#endif // libtpms added #endif // libtpms added
default: default:
break; break;
} }
return FALSE; return FALSE;
} }
@ -215,8 +215,8 @@ BOOL ActIsImplemented(UINT32 act)
// it returns TPM_RC_RETRY so that the update can be tried again later. // it returns TPM_RC_RETRY so that the update can be tried again later.
TPM_RC TPM_RC
ActCounterUpdate(TPM_RH handle, //IN: the handle of the act ActCounterUpdate(TPM_RH handle, //IN: the handle of the act
UINT32 newValue //IN: the value to set in the ACT UINT32 newValue //IN: the value to set in the ACT
) )
{ {
UINT32 act; UINT32 act;
TPM_RC result; TPM_RC result;
@ -224,31 +224,31 @@ ActCounterUpdate(TPM_RH handle, //IN: the handle of the act
act = handle - TPM_RH_ACT_0; act = handle - TPM_RH_ACT_0;
// This should never fail, but... // This should never fail, but...
if(!_plat__ACT_GetImplemented(act)) if(!_plat__ACT_GetImplemented(act))
result = TPM_RC_VALUE; result = TPM_RC_VALUE;
else else
{ {
// Will need to clear orderly so fail if we are orderly and NV is // Will need to clear orderly so fail if we are orderly and NV is
// not available // not available
if(NV_IS_ORDERLY) if(NV_IS_ORDERLY)
RETURN_IF_NV_IS_NOT_AVAILABLE; RETURN_IF_NV_IS_NOT_AVAILABLE;
// if the attempt to update the counter fails, it means that there is an // if the attempt to update the counter fails, it means that there is an
// update pending so wait until it has occurred and then do an update. // update pending so wait until it has occurred and then do an update.
if(!_plat__ACT_UpdateCounter(act, newValue)) if(!_plat__ACT_UpdateCounter(act, newValue))
result = TPM_RC_RETRY; result = TPM_RC_RETRY;
else else
{ {
// Indicate that the ACT has been updated since last TPM2_Startup(). // Indicate that the ACT has been updated since last TPM2_Startup().
s_ActUpdated |= (UINT16)(1 << act); s_ActUpdated |= (UINT16)(1 << act);
// Clear the preservedSignaled attribute. // Clear the preservedSignaled attribute.
go.preservedSignaled &= ~((UINT16)(1 << act)); go.preservedSignaled &= ~((UINT16)(1 << act));
// Need to clear the orderly flag // Need to clear the orderly flag
g_clearOrderly = TRUE; g_clearOrderly = TRUE;
result = TPM_RC_SUCCESS; result = TPM_RC_SUCCESS;
} }
} }
return result; return result;
} }
#endif // libtpms added #endif // libtpms added
@ -260,49 +260,49 @@ ActCounterUpdate(TPM_RH handle, //IN: the handle of the act
// NO if no more ACT data to // NO if no more ACT data to
TPMI_YES_NO TPMI_YES_NO
ActGetCapabilityData(TPM_HANDLE actHandle, // IN: the handle for the starting ACT ActGetCapabilityData(TPM_HANDLE actHandle, // IN: the handle for the starting ACT
UINT32 maxCount, // IN: maximum allowed return values UINT32 maxCount, // IN: maximum allowed return values
TPML_ACT_DATA* actList // OUT: ACT data list TPML_ACT_DATA* actList // OUT: ACT data list
) )
{ {
// Initialize output property list // Initialize output property list
actList->count = 0; actList->count = 0;
// Make sure that the starting handle value is in range (again) // Make sure that the starting handle value is in range (again)
if((actHandle < TPM_RH_ACT_0) || (actHandle > TPM_RH_ACT_F)) if((actHandle < TPM_RH_ACT_0) || (actHandle > TPM_RH_ACT_F))
return FALSE; return FALSE;
// The maximum count of curves we may return is MAX_ECC_CURVES // The maximum count of curves we may return is MAX_ECC_CURVES
if(maxCount > MAX_ACT_DATA) if(maxCount > MAX_ACT_DATA)
maxCount = MAX_ACT_DATA; maxCount = MAX_ACT_DATA;
// Scan the ACT data from the starting ACT // Scan the ACT data from the starting ACT
for(; actHandle <= TPM_RH_ACT_F; actHandle++) for(; actHandle <= TPM_RH_ACT_F; actHandle++)
{ {
UINT32 act = actHandle - TPM_RH_ACT_0; UINT32 act = actHandle - TPM_RH_ACT_0;
if(actList->count < maxCount) if(actList->count < maxCount)
{ {
if(ActIsImplemented(act)) if(ActIsImplemented(act))
{ {
TPMS_ACT_DATA* actData = &actList->actData[actList->count]; TPMS_ACT_DATA* actData = &actList->actData[actList->count];
// //
memset(&actData->attributes, 0, sizeof(actData->attributes)); memset(&actData->attributes, 0, sizeof(actData->attributes));
actData->handle = actHandle; actData->handle = actHandle;
actData->timeout = _plat__ACT_GetRemaining(act); actData->timeout = _plat__ACT_GetRemaining(act);
if(_plat__ACT_GetSignaled(act)) if(_plat__ACT_GetSignaled(act))
SET_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled); SET_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled);
else else
CLEAR_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled); CLEAR_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled);
#ifndef __ACT_DISABLED // libtpms added #ifndef __ACT_DISABLED // libtpms added
if(go.preservedSignaled & (1 << act)) if(go.preservedSignaled & (1 << act))
SET_ATTRIBUTE(actData->attributes, TPMA_ACT, preserveSignaled); SET_ATTRIBUTE(actData->attributes, TPMA_ACT, preserveSignaled);
#endif // libtpms added #endif // libtpms added
actList->count++; actList->count++;
} }
} }
else else
{ {
if(_plat__ACT_GetImplemented(act)) if(_plat__ACT_GetImplemented(act))
return YES; return YES;
} }
} }
// If we get here, either all of the ACT values were put in the list, or the list // If we get here, either all of the ACT values were put in the list, or the list
// was filled and there are no more ACT values to return // was filled and there are no more ACT values to return
return NO; return NO;
@ -312,24 +312,24 @@ ActGetCapabilityData(TPM_HANDLE actHandle, // IN: the handle for the starti
//*** ActGetOneCapability() //*** ActGetOneCapability()
// This function returns an ACT's capability, if present. // This function returns an ACT's capability, if present.
BOOL ActGetOneCapability(TPM_HANDLE actHandle, // IN: the handle for the ACT BOOL ActGetOneCapability(TPM_HANDLE actHandle, // IN: the handle for the ACT
TPMS_ACT_DATA* actData // OUT: ACT data TPMS_ACT_DATA* actData // OUT: ACT data
) )
{ {
UINT32 act = actHandle - TPM_RH_ACT_0; UINT32 act = actHandle - TPM_RH_ACT_0;
if(ActIsImplemented(actHandle - TPM_RH_ACT_0)) if(ActIsImplemented(actHandle - TPM_RH_ACT_0))
{ {
memset(&actData->attributes, 0, sizeof(actData->attributes)); memset(&actData->attributes, 0, sizeof(actData->attributes));
actData->handle = actHandle; actData->handle = actHandle;
actData->timeout = _plat__ACT_GetRemaining(act); actData->timeout = _plat__ACT_GetRemaining(act);
if(_plat__ACT_GetSignaled(act)) if(_plat__ACT_GetSignaled(act))
SET_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled); SET_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled);
else else
CLEAR_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled); CLEAR_ATTRIBUTE(actData->attributes, TPMA_ACT, signaled);
if(go.preservedSignaled & (1 << act)) if(go.preservedSignaled & (1 << act))
SET_ATTRIBUTE(actData->attributes, TPMA_ACT, preserveSignaled); SET_ATTRIBUTE(actData->attributes, TPMA_ACT, preserveSignaled);
return TRUE; return TRUE;
} }
return FALSE; return FALSE;
} }
#endif // libtpms: added #endif // libtpms: added

16
src/tpm2/ACT_spt_fp.h
View File

@ -77,7 +77,7 @@ BOOL ActGetSignaled(TPM_RH actHandle);
//***ActShutdown() //***ActShutdown()
// This function saves the current state of the counters // This function saves the current state of the counters
BOOL ActShutdown(TPM_SU state //IN: the type of the shutdown. BOOL ActShutdown(TPM_SU state //IN: the type of the shutdown.
); );
//*** ActIsImplemented() //*** ActIsImplemented()
// This function determines if an ACT is implemented in both the TPM and the platform // This function determines if an ACT is implemented in both the TPM and the platform
@ -89,8 +89,8 @@ BOOL ActIsImplemented(UINT32 act);
// it returns TPM_RC_RETRY so that the update can be tried again later. // it returns TPM_RC_RETRY so that the update can be tried again later.
TPM_RC TPM_RC
ActCounterUpdate(TPM_RH handle, //IN: the handle of the act ActCounterUpdate(TPM_RH handle, //IN: the handle of the act
UINT32 newValue //IN: the value to set in the ACT UINT32 newValue //IN: the value to set in the ACT
); );
//*** ActGetCapabilityData() //*** ActGetCapabilityData()
// This function returns the list of ACT data // This function returns the list of ACT data
@ -99,14 +99,14 @@ ActCounterUpdate(TPM_RH handle, //IN: the handle of the act
// NO if no more ACT data to // NO if no more ACT data to
TPMI_YES_NO TPMI_YES_NO
ActGetCapabilityData(TPM_HANDLE actHandle, // IN: the handle for the starting ACT ActGetCapabilityData(TPM_HANDLE actHandle, // IN: the handle for the starting ACT
UINT32 maxCount, // IN: maximum allowed return values UINT32 maxCount, // IN: maximum allowed return values
TPML_ACT_DATA* actList // OUT: ACT data list TPML_ACT_DATA* actList // OUT: ACT data list
); );
//*** ActGetOneCapability() //*** ActGetOneCapability()
// This function returns an ACT's capability, if present. // This function returns an ACT's capability, if present.
BOOL ActGetOneCapability(TPM_HANDLE actHandle, // IN: the handle for the ACT BOOL ActGetOneCapability(TPM_HANDLE actHandle, // IN: the handle for the ACT
TPMS_ACT_DATA* actData // OUT: ACT data TPMS_ACT_DATA* actData // OUT: ACT data
); );
#endif // _ACT_SPT_FP_H_ #endif // _ACT_SPT_FP_H_

48
src/tpm2/ActivateCredential_fp.h
View File

@ -59,38 +59,30 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef ACTIVATECREDENTIAL_FP_H
#define ACTIVATECREDENTIAL_FP_H
#if CC_ActivateCredential // Command must be enabled typedef struct {
TPMI_DH_OBJECT activateHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ACTIVATECREDENTIAL_FP_H_ TPMI_DH_OBJECT keyHandle;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ACTIVATECREDENTIAL_FP_H_ TPM2B_ID_OBJECT credentialBlob;
TPM2B_ENCRYPTED_SECRET secret;
// Input structure definition
typedef struct
{
TPMI_DH_OBJECT activateHandle;
TPMI_DH_OBJECT keyHandle;
TPM2B_ID_OBJECT credentialBlob;
TPM2B_ENCRYPTED_SECRET secret;
} ActivateCredential_In; } ActivateCredential_In;
// Output structure definition #define RC_ActivateCredential_activateHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_ActivateCredential_keyHandle (TPM_RC_H + TPM_RC_2)
{ #define RC_ActivateCredential_credentialBlob (TPM_RC_P + TPM_RC_1)
TPM2B_DIGEST certInfo; #define RC_ActivateCredential_secret (TPM_RC_P + TPM_RC_2)
typedef struct {
TPM2B_DIGEST certInfo;
} ActivateCredential_Out; } ActivateCredential_Out;
// Response code modifiers
# define RC_ActivateCredential_activateHandle (TPM_RC_H + TPM_RC_1)
# define RC_ActivateCredential_keyHandle (TPM_RC_H + TPM_RC_2)
# define RC_ActivateCredential_credentialBlob (TPM_RC_P + TPM_RC_1)
# define RC_ActivateCredential_secret (TPM_RC_P + TPM_RC_2)
// Function prototype
TPM_RC TPM_RC
TPM2_ActivateCredential(ActivateCredential_In* in, ActivateCredential_Out* out); TPM2_ActivateCredential(
ActivateCredential_In *in, // IN: input parameter list
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ACTIVATECREDENTIAL_FP_H_ ActivateCredential_Out *out // OUT: output parameter list
#endif // CC_ActivateCredential );
#endif

248
src/tpm2/AlgorithmCap.c
View File

@ -58,188 +58,170 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
//** Description /* 9.1 AlgorithmCap.c */
// This file contains the algorithm property definitions for the algorithms and the /* 9.1.1 Description */
// code for the TPM2_GetCapability() to return the algorithm properties. /* This file contains the algorithm property definitions for the algorithms and the code for the
TPM2_GetCapability() to return the algorithm properties. */
//** Includes and Defines /* 9.1.2 Includes and Defines */
#include "Tpm.h" #include "Tpm.h"
typedef struct typedef struct
{ {
TPM_ALG_ID algID; TPM_ALG_ID algID;
TPMA_ALGORITHM attributes; TPMA_ALGORITHM attributes;
} ALGORITHM; } ALGORITHM;
static const ALGORITHM s_algorithms[] =
static const ALGORITHM s_algorithms[] = { {
// The entries in this table need to be in ascending order but the table doesn't // The entries in this table need to be in ascending order but the table doesn't
// need to be full (gaps are allowed). One day, a tool might exist to fill in the // need to be full (gaps are allowed). One day, a tool might exist to fill in the
// table from the TPM_ALG description // table from the TPM_ALG description
#if ALG_RSA #if ALG_RSA
{TPM_ALG_RSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, {TPM_ALG_RSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)},
#endif #endif
#if ALG_TDES
#if ALG_TDES // libtpms added begin
{TPM_ALG_TDES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, {TPM_ALG_TDES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)},
#endif // libtpms added end
#if ALG_SHA1
{TPM_ALG_SHA1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)},
#endif #endif
#if ALG_SHA1
{TPM_ALG_HMAC, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 1, 0, 0, 0)}, {TPM_ALG_SHA1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)},
#endif
{TPM_ALG_HMAC, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 1, 0, 0, 0)},
#if ALG_AES #if ALG_AES
{TPM_ALG_AES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, {TPM_ALG_AES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)},
#endif #endif
#if ALG_MGF1 #if ALG_MGF1
{TPM_ALG_MGF1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, {TPM_ALG_MGF1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)},
#endif #endif
{TPM_ALG_KEYEDHASH, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 1, 0, 1, 1, 0, 0)},
{TPM_ALG_KEYEDHASH, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 1, 0, 1, 1, 0, 0)},
#if ALG_XOR #if ALG_XOR
{TPM_ALG_XOR, TPMA_ALGORITHM_INITIALIZER(0, 1, 1, 0, 0, 0, 0, 0, 0)}, {TPM_ALG_XOR, TPMA_ALGORITHM_INITIALIZER(0, 1, 1, 0, 0, 0, 0, 0, 0)},
#endif #endif
#if ALG_SHA256 #if ALG_SHA256
{TPM_ALG_SHA256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, {TPM_ALG_SHA256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)},
#endif #endif
#if ALG_SHA384 #if ALG_SHA384
{TPM_ALG_SHA384, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, {TPM_ALG_SHA384, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)},
#endif #endif
#if ALG_SHA512 #if ALG_SHA512
{TPM_ALG_SHA512, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, {TPM_ALG_SHA512, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)},
#endif #endif
#if ALG_SM3_256 #if ALG_SM3_256
{TPM_ALG_SM3_256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, {TPM_ALG_SM3_256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)},
#endif #endif
#if ALG_SM4 #if ALG_SM4
{TPM_ALG_SM4, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, {TPM_ALG_SM4, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)},
#endif #endif
#if ALG_RSASSA #if ALG_RSASSA
{TPM_ALG_RSASSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, {TPM_ALG_RSASSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)},
#endif #endif
#if ALG_RSAES #if ALG_RSAES
{TPM_ALG_RSAES, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, {TPM_ALG_RSAES, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)},
#endif #endif
#if ALG_RSAPSS #if ALG_RSAPSS
{TPM_ALG_RSAPSS, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, {TPM_ALG_RSAPSS, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)},
#endif #endif
#if ALG_OAEP #if ALG_OAEP
{TPM_ALG_OAEP, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, {TPM_ALG_OAEP, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)},
#endif #endif
#if ALG_ECDSA #if ALG_ECDSA
{TPM_ALG_ECDSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, {TPM_ALG_ECDSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)},
#endif #endif
#if ALG_ECDH #if ALG_ECDH
{TPM_ALG_ECDH, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, {TPM_ALG_ECDH, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)},
#endif #endif
#if ALG_ECDAA #if ALG_ECDAA
{TPM_ALG_ECDAA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, {TPM_ALG_ECDAA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)},
#endif #endif
#if ALG_SM2 #if ALG_SM2
{TPM_ALG_SM2, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 1, 0)}, {TPM_ALG_SM2, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 1, 0)},
#endif #endif
#if ALG_ECSCHNORR #if ALG_ECSCHNORR
{TPM_ALG_ECSCHNORR, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, {TPM_ALG_ECSCHNORR, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)},
#endif #endif
#if ALG_ECMQV #if ALG_ECMQV
{TPM_ALG_ECMQV, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, {TPM_ALG_ECMQV, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)},
#endif #endif
#if ALG_KDF1_SP800_56A #if ALG_KDF1_SP800_56A
{TPM_ALG_KDF1_SP800_56A, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, {TPM_ALG_KDF1_SP800_56A, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)},
#endif #endif
#if ALG_KDF2 #if ALG_KDF2
{TPM_ALG_KDF2, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, {TPM_ALG_KDF2, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)},
#endif #endif
#if ALG_KDF1_SP800_108 #if ALG_KDF1_SP800_108
{TPM_ALG_KDF1_SP800_108, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, {TPM_ALG_KDF1_SP800_108, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)},
#endif #endif
#if ALG_ECC #if ALG_ECC
{TPM_ALG_ECC, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, {TPM_ALG_ECC, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)},
#endif #endif
{TPM_ALG_SYMCIPHER, TPMA_ALGORITHM_INITIALIZER(0, 0, 0, 1, 0, 0, 0, 0, 0)},
{TPM_ALG_SYMCIPHER, TPMA_ALGORITHM_INITIALIZER(0, 0, 0, 1, 0, 0, 0, 0, 0)},
#if ALG_CAMELLIA #if ALG_CAMELLIA
{TPM_ALG_CAMELLIA, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, {TPM_ALG_CAMELLIA, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)},
#endif #endif
#if ALG_CMAC #if ALG_CMAC
{TPM_ALG_CMAC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 1, 0, 0, 0)}, {TPM_ALG_CMAC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 1, 0, 0, 0)},
#endif #endif
#if ALG_CTR #if ALG_CTR
{TPM_ALG_CTR, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, {TPM_ALG_CTR, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)},
#endif #endif
#if ALG_OFB #if ALG_OFB
{TPM_ALG_OFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, {TPM_ALG_OFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)},
#endif #endif
#if ALG_CBC #if ALG_CBC
{TPM_ALG_CBC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, {TPM_ALG_CBC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)},
#endif #endif
#if ALG_CFB #if ALG_CFB
{TPM_ALG_CFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, {TPM_ALG_CFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)},
#endif #endif
#if ALG_ECB #if ALG_ECB
{TPM_ALG_ECB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, {TPM_ALG_ECB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)},
#endif #endif
}; };
/* 9.1.3 AlgorithmCapGetImplemented() */
//** AlgorithmCapGetImplemented() /* This function is used by TPM2_GetCapability() to return a list of the implemented algorithms. */
// This function is used by TPM2_GetCapability() to return a list of the /* Return Values Meaning */
// implemented algorithms. /* YES more algorithms to report */
// /* NO no more algorithms to report */
// Return Type: TPMI_YES_NO
// YES more algorithms to report
// NO no more algorithms to report
TPMI_YES_NO TPMI_YES_NO
AlgorithmCapGetImplemented(TPM_ALG_ID algID, // IN: the starting algorithm ID AlgorithmCapGetImplemented(
UINT32 count, // IN: count of returned algorithms TPM_ALG_ID algID, // IN: the starting algorithm ID
TPML_ALG_PROPERTY* algList // OUT: algorithm list UINT32 count, // IN: count of returned algorithms
) TPML_ALG_PROPERTY *algList // OUT: algorithm list
)
{ {
TPMI_YES_NO more = NO; TPMI_YES_NO more = NO;
UINT32 i; UINT32 i;
UINT32 algNum; UINT32 algNum;
// initialize output algorithm list // initialize output algorithm list
algList->count = 0; algList->count = 0;
// The maximum count of algorithms we may return is MAX_CAP_ALGS. // The maximum count of algorithms we may return is MAX_CAP_ALGS.
if(count > MAX_CAP_ALGS) if(count > MAX_CAP_ALGS)
count = MAX_CAP_ALGS; count = MAX_CAP_ALGS;
// Compute how many algorithms are defined in s_algorithms array. // Compute how many algorithms are defined in s_algorithms array.
algNum = sizeof(s_algorithms) / sizeof(s_algorithms[0]); algNum = sizeof(s_algorithms) / sizeof(s_algorithms[0]);
// Scan the implemented algorithm list to see if there is a match to 'algID'. // Scan the implemented algorithm list to see if there is a match to 'algID'.
for(i = 0; i < algNum; i++) for(i = 0; i < algNum; i++)
{ {
// If algID is less than the starting algorithm ID, skip it // If algID is less than the starting algorithm ID, skip it
if(s_algorithms[i].algID < algID) if(s_algorithms[i].algID < algID)
continue; continue;
if(!RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,// libtpms added begin if(!RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,// libtpms added begin
s_algorithms[i].algID)) s_algorithms[i].algID))
continue; // libtpms added end continue; // libtpms added end
if(algList->count < count) if(algList->count < count)
{ {
// If we have not filled up the return list, add more algorithms // If we have not filled up the return list, add more algorithms
// to it // to it
algList->algProperties[algList->count].alg = s_algorithms[i].algID; algList->algProperties[algList->count].alg = s_algorithms[i].algID;
algList->algProperties[algList->count].algProperties = algList->algProperties[algList->count].algProperties =
s_algorithms[i].attributes; s_algorithms[i].attributes;
algList->count++; algList->count++;
} }
else else
{ {
// If the return list is full but we still have algorithms // If the return list is full but we still have algorithms
// available, report this and stop scanning. // available, report this and stop scanning.
more = YES; more = YES;
break; break;
} }
} }
return more; return more;
} }
@ -247,9 +229,9 @@ AlgorithmCapGetImplemented(TPM_ALG_ID algID, // IN: the starting algorithm ID
// This function returns whether a single algorithm was implemented, along // This function returns whether a single algorithm was implemented, along
// with its properties (if implemented). // with its properties (if implemented).
BOOL AlgorithmCapGetOneImplemented( BOOL AlgorithmCapGetOneImplemented(
TPM_ALG_ID algID, // IN: the algorithm ID TPM_ALG_ID algID, // IN: the algorithm ID
TPMS_ALG_PROPERTY* algProperty // OUT: algorithm properties TPMS_ALG_PROPERTY* algProperty // OUT: algorithm properties
) )
{ {
UINT32 i; UINT32 i;
UINT32 algNum; UINT32 algNum;
@ -262,37 +244,39 @@ BOOL AlgorithmCapGetOneImplemented(
// Scan the implemented algorithm list to see if there is a match to 'algID'. // Scan the implemented algorithm list to see if there is a match to 'algID'.
for(i = 0; i < algNum; i++) for(i = 0; i < algNum; i++)
{ {
// If algID is less than the starting algorithm ID, skip it // If algID is less than the starting algorithm ID, skip it
if(s_algorithms[i].algID == algID) if(s_algorithms[i].algID == algID)
{ {
algProperty->alg = algID; algProperty->alg = algID;
algProperty->algProperties = s_algorithms[i].attributes; algProperty->algProperties = s_algorithms[i].attributes;
return TRUE; return TRUE;
} }
} }
return FALSE; return FALSE;
} }
//** AlgorithmGetImplementedVector()
// This function returns the bit vector of the implemented algorithms.
LIB_EXPORT
void AlgorithmGetImplementedVector(
ALGORITHM_VECTOR* implemented // OUT: the implemented bits are SET
)
{
int index;
/* 9.1.4 AlgorithmGetImplementedVector()
This function returns the bit vector of the implemented algorithms.
*/
LIB_EXPORT
void
AlgorithmGetImplementedVector(
ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET
)
{
int index;
// Nothing implemented until we say it is // Nothing implemented until we say it is
MemorySet(implemented, 0, sizeof(ALGORITHM_VECTOR)); MemorySet(implemented, 0, sizeof(ALGORITHM_VECTOR));
// Go through the list of implemented algorithms and SET the corresponding bit in // Go through the list of implemented algorithms and SET the corresponding bit in
// in the implemented vector // in the implemented vector
for(index = (sizeof(s_algorithms) / sizeof(s_algorithms[0])) - 1; index >= 0; for(index = (sizeof(s_algorithms) / sizeof(s_algorithms[0])) - 1;
index--) { // libtpms changed index >= 0; index--) { // libtpms changed
if (RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, // libtpms added begin if (RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, // libtpms added begin
s_algorithms[index].algID)) s_algorithms[index].algID))
SET_BIT(s_algorithms[index].algID, *implemented); SET_BIT(s_algorithms[index].algID, *implemented);
} // libtpms added end } // libtpms added end
return; return;
} }

44
src/tpm2/AlgorithmCap_fp.h
View File

@ -58,40 +58,28 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef ALGORITHMCAP_FP_H
* Created by TpmPrototypes; Version 3.0 July 18, 2017 #define ALGORITHMCAP_FP_H
* Date: Mar 28, 2019 Time: 08:25:19PM
*/
#ifndef _ALGORITHM_CAP_FP_H_
#define _ALGORITHM_CAP_FP_H_
//** AlgorithmCapGetImplemented()
// This function is used by TPM2_GetCapability() to return a list of the
// implemented algorithms.
//
// Return Type: TPMI_YES_NO
// YES more algorithms to report
// NO no more algorithms to report
TPMI_YES_NO TPMI_YES_NO
AlgorithmCapGetImplemented(TPM_ALG_ID algID, // IN: the starting algorithm ID AlgorithmCapGetImplemented(
UINT32 count, // IN: count of returned algorithms TPM_ALG_ID algID, // IN: the starting algorithm ID
TPML_ALG_PROPERTY* algList // OUT: algorithm list UINT32 count, // IN: count of returned algorithms
); TPML_ALG_PROPERTY *algList // OUT: algorithm list
);
//** AlgorithmCapGetOneImplemented() //** AlgorithmCapGetOneImplemented()
// This function returns whether a single algorithm was implemented, along // This function returns whether a single algorithm was implemented, along
// with its properties (if implemented). // with its properties (if implemented).
BOOL AlgorithmCapGetOneImplemented( BOOL AlgorithmCapGetOneImplemented(
TPM_ALG_ID algID, // IN: the algorithm ID TPM_ALG_ID algID, // IN: the algorithm ID
TPMS_ALG_PROPERTY* algProperty // OUT: algorithm properties TPMS_ALG_PROPERTY* algProperty // OUT: algorithm properties
); );
//** AlgorithmGetImplementedVector()
// This function returns the bit vector of the implemented algorithms.
LIB_EXPORT LIB_EXPORT
void AlgorithmGetImplementedVector( void
ALGORITHM_VECTOR* implemented // OUT: the implemented bits are SET AlgorithmGetImplementedVector(
); ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET
);
#endif // _ALGORITHM_CAP_FP_H_
#endif

873
src/tpm2/AlgorithmTests.c
View File

File diff suppressed because it is too large Load Diff

37
src/tpm2/AlgorithmTests_fp.h
View File

@ -58,38 +58,17 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef ALGORITHMTESTS_FP_H
* Created by TpmPrototypes; Version 3.0 July 18, 2017 #define ALGORITHMTESTS_FP_H
* Date: Mar 4, 2020 Time: 02:36:44PM
*/
#ifndef _ALGORITHM_TESTS_FP_H_
#define _ALGORITHM_TESTS_FP_H_
#if ENABLE_SELF_TESTS #if ENABLE_SELF_TESTS
//*** TestAlgorithm()
// Dispatches to the correct test function for the algorithm or gets a list of
// testable algorithms.
//
// If 'toTest' is not NULL, then the test decisions are based on the algorithm
// selections in 'toTest'. Otherwise, 'g_toTest' is used. When bits are clear in
// 'g_toTest' they will also be cleared 'toTest'.
//
// If there doesn't happen to be a test for the algorithm, its associated bit is
// quietly cleared.
//
// If 'alg' is zero (TPM_ALG_ERROR), then the toTest vector is cleared of any bits
// for which there is no test (i.e. no tests are actually run but the vector is
// cleared).
//
// Note: 'toTest' will only ever have bits set for implemented algorithms but 'alg'
// can be anything.
// Return Type: TPM_RC
// TPM_RC_CANCELED test was canceled
LIB_EXPORT LIB_EXPORT
TPM_RC TPM_RC
TestAlgorithm(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest); TestAlgorithm(
#endif // ENABLE_SELF_TESTS TPM_ALG_ID alg,
ALGORITHM_VECTOR *toTest
);
#endif // _ALGORITHM_TESTS_FP_H_ #endif // ENABLE_SELF_TESTS
#endif // ALGORITHMTESTS_FP_H

255
src/tpm2/Attest_spt.c
View File

@ -59,172 +59,151 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
//** Includes
#include "Tpm.h" #include "Tpm.h"
#include "Attest_spt_fp.h" #include "Attest_spt_fp.h"
#include "Marshal.h" /* 7.2.2 Functions */
/* 7.2.2.1 FillInAttestInfo() */
//** Functions /* Fill in common fields of TPMS_ATTEST structure. */
void
//***FillInAttestInfo() FillInAttestInfo(
// Fill in common fields of TPMS_ATTEST structure. TPMI_DH_OBJECT signHandle, // IN: handle of signing object
void FillInAttestInfo( TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing
TPMI_DH_OBJECT signHandle, // IN: handle of signing object TPM2B_DATA *data, // IN: qualifying data
TPMT_SIG_SCHEME* scheme, // IN/OUT: scheme to be used for signing TPMS_ATTEST *attest // OUT: attest structure
TPM2B_DATA* data, // IN: qualifying data )
TPMS_ATTEST* attest // OUT: attest structure
)
{ {
OBJECT* signObject = HandleToObject(signHandle); OBJECT *signObject = HandleToObject(signHandle);
// Magic number // Magic number
attest->magic = TPM_GENERATED_VALUE; attest->magic = TPM_GENERATED_VALUE;
if(signObject == NULL) if(signObject == NULL)
{ {
// The name for a null handle is TPM_RH_NULL // The name for a null handle is TPM_RH_NULL
// This is defined because UINT32_TO_BYTE_ARRAY does a cast. If the // This is defined because UINT32_TO_BYTE_ARRAY does a cast. If the
// size of the cast is smaller than a constant, the compiler warns // size of the cast is smaller than a constant, the compiler warns
// about the truncation of a constant value. // about the truncation of a constant value.
TPM_HANDLE nullHandle = TPM_RH_NULL; TPM_HANDLE nullHandle = TPM_RH_NULL;
attest->qualifiedSigner.t.size = sizeof(TPM_HANDLE); attest->qualifiedSigner.t.size = sizeof(TPM_HANDLE);
UINT32_TO_BYTE_ARRAY(nullHandle, attest->qualifiedSigner.t.name); UINT32_TO_BYTE_ARRAY(nullHandle, attest->qualifiedSigner.t.name);
} }
else else
{ {
// Certifying object qualified name // Certifying object qualified name
// if the scheme is anonymous, this is an empty buffer // if the scheme is anonymous, this is an empty buffer
if(CryptIsSchemeAnonymous(scheme->scheme)) if(CryptIsSchemeAnonymous(scheme->scheme))
attest->qualifiedSigner.t.size = 0; attest->qualifiedSigner.t.size = 0;
else else
attest->qualifiedSigner = signObject->qualifiedName; attest->qualifiedSigner = signObject->qualifiedName;
} }
// current clock in plain text // current clock in plain text
TimeFillInfo(&attest->clockInfo); TimeFillInfo(&attest->clockInfo);
// Firmware version in plain text // Firmware version in plain text
attest->firmwareVersion = ((UINT64)gp.firmwareV1 << (sizeof(UINT32) * 8)); attest->firmwareVersion = ((UINT64)gp.firmwareV1 << (sizeof(UINT32) * 8));
attest->firmwareVersion += gp.firmwareV2; attest->firmwareVersion += gp.firmwareV2;
// Check the hierarchy of sign object. For NULL sign handle, the hierarchy // Check the hierarchy of sign object. For NULL sign handle, the hierarchy
// will be TPM_RH_NULL // will be TPM_RH_NULL
if((signObject == NULL) if((signObject == NULL)
|| (!signObject->attributes.epsHierarchy || (!signObject->attributes.epsHierarchy
&& !signObject->attributes.ppsHierarchy)) && !signObject->attributes.ppsHierarchy))
{ {
// For signing key that is not in platform or endorsement hierarchy, // For signing key that is not in platform or endorsement hierarchy,
// obfuscate the reset, restart and firmware version information // obfuscate the reset, restart and firmware version information
UINT64 obfuscation[2]; UINT64 obfuscation[2];
CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &gp.shProof.b, OBFUSCATE_STRING,
&gp.shProof.b, &attest->qualifiedSigner.b, NULL, 128,
OBFUSCATE_STRING, (BYTE *)&obfuscation[0], NULL, FALSE);
&attest->qualifiedSigner.b, // Obfuscate data
NULL, attest->firmwareVersion += obfuscation[0];
128, attest->clockInfo.resetCount += (UINT32)(obfuscation[1] >> 32);
(BYTE*)&obfuscation[0], attest->clockInfo.restartCount += (UINT32)obfuscation[1];
NULL, }
FALSE);
// Obfuscate data
attest->firmwareVersion += obfuscation[0];
attest->clockInfo.resetCount += (UINT32)(obfuscation[1] >> 32);
attest->clockInfo.restartCount += (UINT32)obfuscation[1];
}
// External data // External data
if(CryptIsSchemeAnonymous(scheme->scheme)) if(CryptIsSchemeAnonymous(scheme->scheme))
attest->extraData.t.size = 0; attest->extraData.t.size = 0;
else else
{ {
// If we move the data to the attestation structure, then it is not // If we move the data to the attestation structure, then it is not
// used in the signing operation except as part of the signed data // used in the signing operation except as part of the signed data
attest->extraData = *data; attest->extraData = *data;
data->t.size = 0; data->t.size = 0;
} }
} }
/* 7.2.2.2 SignAttestInfo() */
//***SignAttestInfo() /* Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature is returned. */
// Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature /* Error Returns Meaning */
// is returned. /* TPM_RC_ATTRIBUTES signHandle references not a signing key */
// /* TPM_RC_SCHEME scheme is not compatible with signHandle type */
// Return Type: TPM_RC /* TPM_RC_VALUE digest generated for the given scheme is greater than the modulus of signHandle (for
// TPM_RC_ATTRIBUTES 'signHandle' references not a signing key an RSA key); invalid commit status or failed to generate r value (for an ECC key) */
// TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type
// TPM_RC_VALUE digest generated for the given 'scheme' is greater than
// the modulus of 'signHandle' (for an RSA key);
// invalid commit status or failed to generate "r" value
// (for an ECC key)
TPM_RC TPM_RC
SignAttestInfo(OBJECT* signKey, // IN: sign object SignAttestInfo(
TPMT_SIG_SCHEME* scheme, // IN: sign scheme OBJECT *signKey, // IN: sign object
TPMS_ATTEST* certifyInfo, // IN: the data to be signed TPMT_SIG_SCHEME *scheme, // IN: sign scheme
TPM2B_DATA* qualifyingData, // IN: extra data for the signing TPMS_ATTEST *certifyInfo, // IN: the data to be signed
// process TPM2B_DATA *qualifyingData, // IN: extra data for the signing
TPM2B_ATTEST* attest, // OUT: marshaled attest blob to be // process
// signed TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be
TPMT_SIGNATURE* signature // OUT: signature // signed
) TPMT_SIGNATURE *signature // OUT: signature
)
{ {
BYTE* buffer; BYTE *buffer;
HASH_STATE hashState; HASH_STATE hashState;
TPM2B_DIGEST digest; TPM2B_DIGEST digest;
TPM_RC result; TPM_RC result;
// Marshal TPMS_ATTEST structure for hash // Marshal TPMS_ATTEST structure for hash
buffer = attest->t.attestationData; buffer = attest->t.attestationData;
attest->t.size = TPMS_ATTEST_Marshal(certifyInfo, &buffer, NULL); attest->t.size = TPMS_ATTEST_Marshal(certifyInfo, &buffer, NULL);
if(signKey == NULL) if(signKey == NULL)
{ {
signature->sigAlg = TPM_ALG_NULL; signature->sigAlg = TPM_ALG_NULL;
result = TPM_RC_SUCCESS; result = TPM_RC_SUCCESS;
} }
else else
{ {
TPMI_ALG_HASH hashAlg; TPMI_ALG_HASH hashAlg;
// Compute hash // Compute hash
hashAlg = scheme->details.any.hashAlg; hashAlg = scheme->details.any.hashAlg;
// need to set the receive buffer to get something put in it // need to set the receive buffer to get something put in it
digest.t.size = sizeof(digest.t.buffer); digest.t.size = sizeof(digest.t.buffer);
digest.t.size = CryptHashBlock(hashAlg, digest.t.size = CryptHashBlock(hashAlg, attest->t.size,
attest->t.size, attest->t.attestationData,
attest->t.attestationData, digest.t.size, digest.t.buffer);
digest.t.size, // If there is qualifying data, need to rehash the data
digest.t.buffer); // hash(qualifyingData || hash(attestationData))
// If there is qualifying data, need to rehash the data if(qualifyingData->t.size != 0)
// hash(qualifyingData || hash(attestationData)) {
if(qualifyingData->t.size != 0) CryptHashStart(&hashState, hashAlg);
{ CryptDigestUpdate2B(&hashState, &qualifyingData->b);
CryptHashStart(&hashState, hashAlg); CryptDigestUpdate2B(&hashState, &digest.b);
CryptDigestUpdate2B(&hashState, &qualifyingData->b); CryptHashEnd2B(&hashState, &digest.b);
CryptDigestUpdate2B(&hashState, &digest.b); }
CryptHashEnd2B(&hashState, &digest.b); // Sign the hash. A TPM_RC_VALUE, TPM_RC_SCHEME, or
} // TPM_RC_ATTRIBUTES error may be returned at this point
// Sign the hash. A TPM_RC_VALUE, TPM_RC_SCHEME, or result = CryptSign(signKey, scheme, &digest, signature);
// TPM_RC_ATTRIBUTES error may be returned at this point // Since the clock is used in an attestation, the state in NV is no longer
result = CryptSign(signKey, scheme, &digest, signature); // "orderly" with respect to the data in RAM if the signature is valid
if(result == TPM_RC_SUCCESS)
// Since the clock is used in an attestation, the state in NV is no longer {
// "orderly" with respect to the data in RAM if the signature is valid // Command uses the clock so need to clear the orderly state if it is
if(result == TPM_RC_SUCCESS) // set.
{ result = NvClearOrderly();
// Command uses the clock so need to clear the orderly state if it is }
// set. }
result = NvClearOrderly();
}
}
return result; return result;
} }
/* 7.2.2.3 IsSigningObject() */
//*** IsSigningObject() /* Checks to see if the object is OK for signing. This is here rather than in Object_spt.c because
// Checks to see if the object is OK for signing. This is here rather than in all the attestation commands use this file but not Object_spt.c. */
// Object_spt.c because all the attestation commands use this file but not /* Return Values Meaning */
// Object_spt.c. /* TRUE object may sign */
// Return Type: BOOL /* FALSE object may not sign */
// TRUE(1) object may sign BOOL
// FALSE(0) object may not sign IsSigningObject(
BOOL IsSigningObject(OBJECT* object // IN: OBJECT *object // IN:
) )
{ {
return ((object == NULL) return ((object == NULL)
|| ((IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign) || ((IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign)
&& object->publicArea.type != TPM_ALG_SYMCIPHER))); && object->publicArea.type != TPM_ALG_SYMCIPHER)));
} }

73
src/tpm2/Attest_spt_fp.h
View File

@ -59,53 +59,34 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef ATTEST_SPT_FP_H
* Created by TpmPrototypes; Version 3.0 July 18, 2017 #define ATTEST_SPT_FP_H
* Date: Mar 28, 2019 Time: 08:25:18PM
*/
#ifndef _ATTEST_SPT_FP_H_ void
#define _ATTEST_SPT_FP_H_ FillInAttestInfo(
TPMI_DH_OBJECT signHandle, // IN: handle of signing object
//***FillInAttestInfo() TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing
// Fill in common fields of TPMS_ATTEST structure. TPM2B_DATA *data, // IN: qualifying data
void FillInAttestInfo( TPMS_ATTEST *attest // OUT: attest structure
TPMI_DH_OBJECT signHandle, // IN: handle of signing object );
TPMT_SIG_SCHEME* scheme, // IN/OUT: scheme to be used for signing
TPM2B_DATA* data, // IN: qualifying data
TPMS_ATTEST* attest // OUT: attest structure
);
//***SignAttestInfo()
// Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature
// is returned.
//
// Return Type: TPM_RC
// TPM_RC_ATTRIBUTES 'signHandle' references not a signing key
// TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type
// TPM_RC_VALUE digest generated for the given 'scheme' is greater than
// the modulus of 'signHandle' (for an RSA key);
// invalid commit status or failed to generate "r" value
// (for an ECC key)
TPM_RC TPM_RC
SignAttestInfo(OBJECT* signKey, // IN: sign object SignAttestInfo(
TPMT_SIG_SCHEME* scheme, // IN: sign scheme OBJECT *signKey, // IN: sign object
TPMS_ATTEST* certifyInfo, // IN: the data to be signed TPMT_SIG_SCHEME *scheme, // IN: sign scheme
TPM2B_DATA* qualifyingData, // IN: extra data for the signing TPMS_ATTEST *certifyInfo, // IN: the data to be signed
// process TPM2B_DATA *qualifyingData, // IN: extra data for the signing
TPM2B_ATTEST* attest, // OUT: marshaled attest blob to be // process
// signed TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be
TPMT_SIGNATURE* signature // OUT: signature // signed
); TPMT_SIGNATURE *signature // OUT: signature
);
BOOL
IsSigningObject(
OBJECT *object // IN:
);
//*** IsSigningObject()
// Checks to see if the object is OK for signing. This is here rather than in
// Object_spt.c because all the attestation commands use this file but not
// Object_spt.c.
// Return Type: BOOL
// TRUE(1) object may sign
// FALSE(0) object may not sign
BOOL IsSigningObject(OBJECT* object // IN:
);
#endif // _ATTEST_SPT_FP_H_
#endif

37
src/tpm2/BaseTypes.h
View File

@ -59,26 +59,27 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* 5.2 BaseTypes.h */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef BASETYPES_H
#define BASETYPES_H
#ifndef _TPM_INCLUDE_PUBLIC_BASETYPES_H_ #include <stdint.h>
#define _TPM_INCLUDE_PUBLIC_BASETYPES_H_
// NULL definition /* NULL definition */
#ifndef NULL
# define NULL (0)
#endif // NULL
typedef uint8_t UINT8; #ifndef NULL
typedef uint8_t BYTE; #define NULL (0)
typedef int8_t INT8; #endif
typedef int BOOL; typedef uint8_t UINT8;
typedef uint16_t UINT16; typedef uint8_t BYTE;
typedef int16_t INT16; typedef int8_t INT8;
typedef uint32_t UINT32; typedef int BOOL;
typedef int32_t INT32; typedef uint16_t UINT16;
typedef uint64_t UINT64; typedef int16_t INT16;
typedef int64_t INT64; typedef uint32_t UINT32;
typedef int32_t INT32;
typedef uint64_t UINT64;
typedef int64_t INT64;
#endif // _TPM_INCLUDE_PUBLIC_BASETYPES_H_ #endif

74
src/tpm2/Bits.c
View File

@ -59,53 +59,55 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
//** Introduction /* 9.2 Bits.c */
// This file contains bit manipulation routines. They operate on bit arrays. /* 9.2.1 Introduction */
// /* This file contains bit manipulation routines. They operate on bit arrays. */
// The 0th bit in the array is the right-most bit in the 0th octet in /* The 0th bit in the array is the right-most bit in the 0th octet in the array. */
// the array. /* NOTE: If pAssert() is defined, the functions will assert if the indicated bit number is outside
// of the range of bArray. How the assert is handled is implementation dependent. */
// NOTE: If pAssert() is defined, the functions will assert if the indicated bit /* 9.2.2 Includes */
// number is outside of the range of 'bArray'. How the assert is handled is
// implementation dependent.
//** Includes
#include "Tpm.h" #include "Tpm.h"
/* 9.2.3 Functions */
/* 9.2.3.1 TestBit() */
/* This function is used to check the setting of a bit in an array of bits. */
/* Return Values Meaning */
/* TRUE bit is set */
/* FALSE bit is not set */
//** Functions BOOL
TestBit(
//*** TestBit() unsigned int bitNum, // IN: number of the bit in 'bArray'
// This function is used to check the setting of a bit in an array of bits. BYTE *bArray, // IN: array containing the bits
// Return Type: BOOL unsigned int bytesInArray // IN: size in bytes of 'bArray'
// TRUE(1) bit is set )
// FALSE(0) bit is not set
BOOL TestBit(unsigned int bitNum, // IN: number of the bit in 'bArray'
BYTE* bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
)
{ {
pAssert(bytesInArray > (bitNum >> 3)); pAssert(bytesInArray > (bitNum >> 3));
return ((bArray[bitNum >> 3] & (1 << (bitNum & 7))) != 0); return((bArray[bitNum >> 3] & (1 << (bitNum & 7))) != 0);
} }
//*** SetBit() /* 9.2.3.2 SetBit() */
// This function will set the indicated bit in 'bArray'. /* This function will set the indicated bit in bArray. */
void SetBit(unsigned int bitNum, // IN: number of the bit in 'bArray'
BYTE* bArray, // IN: array containing the bits void
unsigned int bytesInArray // IN: size in bytes of 'bArray' SetBit(
) unsigned int bitNum, // IN: number of the bit in 'bArray'
BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
)
{ {
pAssert(bytesInArray > (bitNum >> 3)); pAssert(bytesInArray > (bitNum >> 3));
bArray[bitNum >> 3] |= (1 << (bitNum & 7)); bArray[bitNum >> 3] |= (1 << (bitNum & 7));
} }
//*** ClearBit() /* 9.2.3.3 ClearBit() */
// This function will clear the indicated bit in 'bArray'. /* This function will clear the indicated bit in bArray. */
void ClearBit(unsigned int bitNum, // IN: number of the bit in 'bArray'.
BYTE* bArray, // IN: array containing the bits void
unsigned int bytesInArray // IN: size in bytes of 'bArray' ClearBit(
) unsigned int bitNum, // IN: number of the bit in 'bArray'.
BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
)
{ {
pAssert(bytesInArray > (bitNum >> 3)); pAssert(bytesInArray > (bitNum >> 3));
bArray[bitNum >> 3] &= ~(1 << (bitNum & 7)); bArray[bitNum >> 3] &= ~(1 << (bitNum & 7));

60
src/tpm2/Bits_fp.h
View File

@ -59,36 +59,40 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef BITS_FP_H
* Created by TpmPrototypes; Version 3.0 July 18, 2017 #define BITS_FP_H
* Date: Mar 28, 2019 Time: 08:25:19PM
*/
#ifndef _BITS_FP_H_ /* 5.3.1 TestBit() */
#define _BITS_FP_H_ /* This function is used to check the setting of a bit in an array of bits. */
/* Return Value Meaning */
/* TRUE bit is set */
/* FALSE bit is not set */
//*** TestBit() BOOL
// This function is used to check the setting of a bit in an array of bits. TestBit(
// Return Type: BOOL unsigned int bitNum, // IN: number of the bit in 'bArray'
// TRUE(1) bit is set BYTE *bArray, // IN: array containing the bits
// FALSE(0) bit is not set unsigned int bytesInArray // IN: size in bytes of 'bArray'
BOOL TestBit(unsigned int bitNum, // IN: number of the bit in 'bArray' );
BYTE* bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
);
//*** SetBit() /* 5.3.2 SetBit() */
// This function will set the indicated bit in 'bArray'. /* This function will set the indicated bit in bArray. */
void SetBit(unsigned int bitNum, // IN: number of the bit in 'bArray'
BYTE* bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
);
//*** ClearBit() void
// This function will clear the indicated bit in 'bArray'. SetBit(
void ClearBit(unsigned int bitNum, // IN: number of the bit in 'bArray'. unsigned int bitNum, // IN: number of the bit in 'bArray'
BYTE* bArray, // IN: array containing the bits BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray' unsigned int bytesInArray // IN: size in bytes of 'bArray'
); );
#endif // _BITS_FP_H_ /* 5.3.3 ClearBit() */
/* This function will clear the indicated bit in bArray. */
void
ClearBit(
unsigned int bitNum, // IN: number of the bit in 'bArray'.
BYTE *bArray, // IN: array containing the bits
unsigned int bytesInArray // IN: size in bytes of 'bArray'
);
#endif

162
src/tpm2/BnConvert.c
View File

@ -84,32 +84,32 @@ LIB_EXPORT bigNum BnFromBytes(bigNum bn, const BYTE* bytes, NUMBYTES nBytes)
// If nothing in, nothing out // If nothing in, nothing out
if(bn == NULL) if(bn == NULL)
return NULL; return NULL;
// make sure things fit // make sure things fit
pAssert(BnGetAllocated(bn) >= size); pAssert(BnGetAllocated(bn) >= size);
if(size > 0) if(size > 0)
{ {
// Clear the topmost word in case it is not filled with data // Clear the topmost word in case it is not filled with data
bn->d[size - 1] = 0; bn->d[size - 1] = 0;
// Moving the input bytes from the end of the list (LSB) end // Moving the input bytes from the end of the list (LSB) end
pFrom = bytes + nBytes - 1; pFrom = bytes + nBytes - 1;
// To the LS0 of the LSW of the bigNum. // To the LS0 of the LSW of the bigNum.
pTo = (BYTE*)bn->d; pTo = (BYTE*)bn->d;
for(; nBytes != 0; nBytes--) for(; nBytes != 0; nBytes--)
*pTo++ = *pFrom--; *pTo++ = *pFrom--;
// For a little-endian machine, the conversion is a straight byte // For a little-endian machine, the conversion is a straight byte
// reversal. For a big-endian machine, we have to put the words in // reversal. For a big-endian machine, we have to put the words in
// big-endian byte order // big-endian byte order
#if BIG_ENDIAN_TPM #if BIG_ENDIAN_TPM
{ {
crypt_word_t t; crypt_word_t t;
for(t = (crypt_word_t)size - 1; t >= 0; t--) for(t = (crypt_word_t)size - 1; t >= 0; t--)
bn->d[t] = SWAP_CRYPT_WORD(bn->d[t]); bn->d[t] = SWAP_CRYPT_WORD(bn->d[t]);
} }
#endif #endif
} }
BnSetTop(bn, size); BnSetTop(bn, size);
return bn; return bn;
} }
@ -119,11 +119,11 @@ LIB_EXPORT bigNum BnFromBytes(bigNum bn, const BYTE* bytes, NUMBYTES nBytes)
// If the input value does not exist, or the output does not exist, or the input // If the input value does not exist, or the output does not exist, or the input
// will not fit into the output the function returns NULL // will not fit into the output the function returns NULL
LIB_EXPORT bigNum BnFrom2B(bigNum bn, // OUT: LIB_EXPORT bigNum BnFrom2B(bigNum bn, // OUT:
const TPM2B* a2B // IN: number to convert const TPM2B* a2B // IN: number to convert
) )
{ {
if(a2B != NULL) if(a2B != NULL)
return BnFromBytes(bn, a2B->buffer, a2B->size); return BnFromBytes(bn, a2B->buffer, a2B->size);
// Make sure that the number has an initialized value rather than whatever // Make sure that the number has an initialized value rather than whatever
// was there before // was there before
BnSetTop(bn, 0); // Function accepts NULL BnSetTop(bn, 0); // Function accepts NULL
@ -142,11 +142,11 @@ LIB_EXPORT bigNum BnFrom2B(bigNum bn, // OUT:
// unpack each word individually, the bigNum is converted to little-endian words, // unpack each word individually, the bigNum is converted to little-endian words,
// copied, and then converted back to big-endian. // copied, and then converted back to big-endian.
LIB_EXPORT BOOL BnToBytes(bigConst bn, LIB_EXPORT BOOL BnToBytes(bigConst bn,
BYTE* buffer, BYTE* buffer,
NUMBYTES* size // This the number of bytes that are NUMBYTES* size // This the number of bytes that are
// available in the buffer. The result // available in the buffer. The result
// should be this big. // should be this big.
) )
{ {
crypt_uword_t requiredSize; crypt_uword_t requiredSize;
BYTE* pFrom; BYTE* pFrom;
@ -158,41 +158,41 @@ LIB_EXPORT BOOL BnToBytes(bigConst bn,
requiredSize = (BnSizeInBits(bn) + 7) / 8; requiredSize = (BnSizeInBits(bn) + 7) / 8;
if(requiredSize == 0) if(requiredSize == 0)
{ {
// If the input value is 0, return a byte of zero // If the input value is 0, return a byte of zero
*size = 1; *size = 1;
*buffer = 0; *buffer = 0;
} }
else else
{ {
#if BIG_ENDIAN_TPM #if BIG_ENDIAN_TPM
// Copy the constant input value into a modifiable value // Copy the constant input value into a modifiable value
BN_VAR(bnL, LARGEST_NUMBER_BITS * 2); BN_VAR(bnL, LARGEST_NUMBER_BITS * 2);
BnCopy(bnL, bn); BnCopy(bnL, bn);
// byte swap the words in the local value to make them little-endian // byte swap the words in the local value to make them little-endian
for(count = 0; count < bnL->size; count++) for(count = 0; count < bnL->size; count++)
bnL->d[count] = SWAP_CRYPT_WORD(bnL->d[count]); bnL->d[count] = SWAP_CRYPT_WORD(bnL->d[count]);
bn = (bigConst)bnL; bn = (bigConst)bnL;
#endif #endif
if(*size == 0) if(*size == 0)
*size = (NUMBYTES)requiredSize; *size = (NUMBYTES)requiredSize;
pAssert(requiredSize <= *size); pAssert(requiredSize <= *size);
// Byte swap the number (not words but the whole value) // Byte swap the number (not words but the whole value)
count = *size; count = *size;
// Start from the least significant word and offset to the most significant // Start from the least significant word and offset to the most significant
// byte which is in some high word // byte which is in some high word
pFrom = (BYTE*)(&bn->d[0]) + requiredSize - 1; pFrom = (BYTE*)(&bn->d[0]) + requiredSize - 1;
pTo = buffer; pTo = buffer;
// If the number of output bytes is larger than the number bytes required // If the number of output bytes is larger than the number bytes required
// for the input number, pad with zeros // for the input number, pad with zeros
for(count = *size; count > requiredSize; count--) for(count = *size; count > requiredSize; count--)
*pTo++ = 0; *pTo++ = 0;
// Move the most significant byte at the end of the BigNum to the next most // Move the most significant byte at the end of the BigNum to the next most
// significant byte position of the 2B and repeat for all significant bytes. // significant byte position of the 2B and repeat for all significant bytes.
for(; requiredSize > 0; requiredSize--) for(; requiredSize > 0; requiredSize--)
*pTo++ = *pFrom--; *pTo++ = *pFrom--;
} }
return TRUE; return TRUE;
} }
@ -203,16 +203,16 @@ LIB_EXPORT BOOL BnToBytes(bigConst bn,
// is returned. If 'size' is zero, then the TPM2B is assumed to be large enough // is returned. If 'size' is zero, then the TPM2B is assumed to be large enough
// for the data and a2b->size will be adjusted accordingly. // for the data and a2b->size will be adjusted accordingly.
LIB_EXPORT BOOL BnTo2B(bigConst bn, // IN: LIB_EXPORT BOOL BnTo2B(bigConst bn, // IN:
TPM2B* a2B, // OUT: TPM2B* a2B, // OUT:
NUMBYTES size // IN: the desired size NUMBYTES size // IN: the desired size
) )
{ {
// Set the output size // Set the output size
if(bn && a2B) if(bn && a2B)
{ {
a2B->size = size; a2B->size = size;
return BnToBytes(bn, a2B->buffer, &a2B->size); return BnToBytes(bn, a2B->buffer, &a2B->size);
} }
return FALSE; return FALSE;
} }
@ -223,21 +223,21 @@ LIB_EXPORT BOOL BnTo2B(bigConst bn, // IN:
// A point is going to be two ECC values in the same buffer. The values are going // A point is going to be two ECC values in the same buffer. The values are going
// to be the size of the modulus. They are in modular form. // to be the size of the modulus. They are in modular form.
LIB_EXPORT bn_point_t* BnPointFromBytes( LIB_EXPORT bn_point_t* BnPointFromBytes(
bigPoint ecP, // OUT: the preallocated point structure bigPoint ecP, // OUT: the preallocated point structure
const BYTE* x, const BYTE* x,
NUMBYTES nBytesX, NUMBYTES nBytesX,
const BYTE* y, const BYTE* y,
NUMBYTES nBytesY) NUMBYTES nBytesY)
{ {
if(x == NULL || y == NULL) if(x == NULL || y == NULL)
return NULL; return NULL;
if(NULL != ecP) if(NULL != ecP)
{ {
BnFromBytes(ecP->x, x, nBytesX); BnFromBytes(ecP->x, x, nBytesX);
BnFromBytes(ecP->y, y, nBytesY); BnFromBytes(ecP->y, y, nBytesY);
BnSetWord(ecP->z, 1); BnSetWord(ecP->z, 1);
} }
return ecP; return ecP;
} }
@ -248,11 +248,11 @@ LIB_EXPORT bn_point_t* BnPointFromBytes(
// on input the NUMBYTES* parameters indicate the maximum buffer size. // on input the NUMBYTES* parameters indicate the maximum buffer size.
// on output, they represent the amount of significant data in that buffer. // on output, they represent the amount of significant data in that buffer.
LIB_EXPORT BOOL BnPointToBytes( LIB_EXPORT BOOL BnPointToBytes(
pointConst ecP, // OUT: the preallocated point structure pointConst ecP, // OUT: the preallocated point structure
BYTE* x, BYTE* x,
NUMBYTES* pBytesX, NUMBYTES* pBytesX,
BYTE* y, BYTE* y,
NUMBYTES* pBytesY) NUMBYTES* pBytesY)
{ {
pAssert(ecP && x && y && pBytesX && pBytesY); pAssert(ecP && x && y && pBytesX && pBytesY);
pAssert(BnEqualWord(ecP->z, 1)); pAssert(BnEqualWord(ecP->z, 1));

150
src/tpm2/BnEccConstants.c
View File

@ -93,13 +93,13 @@
# define TO_ECC_528(a, b, c, d, e, f, g, h, i) i, h, g, f, e, d, c, b, a # define TO_ECC_528(a, b, c, d, e, f, g, h, i) i, h, g, f, e, d, c, b, a
# define TO_ECC_640(a, b, c, d, e, f, g, h, i, j) j, i, h, g, f, e, d, c, b, a # define TO_ECC_640(a, b, c, d, e, f, g, h, i, j) j, i, h, g, f, e, d, c, b, a
# define BN_MIN_ALLOC(bytes) \ # define BN_MIN_ALLOC(bytes) \
(BYTES_TO_CRYPT_WORDS(bytes) == 0) ? 1 : BYTES_TO_CRYPT_WORDS(bytes) (BYTES_TO_CRYPT_WORDS(bytes) == 0) ? 1 : BYTES_TO_CRYPT_WORDS(bytes)
# define ECC_CONST(NAME, bytes, initializer) \ # define ECC_CONST(NAME, bytes, initializer) \
const struct \ const struct \
{ \ { \
crypt_uword_t allocate, size, d[BN_MIN_ALLOC(bytes)]; \ crypt_uword_t allocate, size, d[BN_MIN_ALLOC(bytes)]; \
} NAME = {BN_MIN_ALLOC(bytes), BYTES_TO_CRYPT_WORDS(bytes), {initializer}} } NAME = {BN_MIN_ALLOC(bytes), BYTES_TO_CRYPT_WORDS(bytes), {initializer}}
// This file contains the raw data for ECC curve constants. The data is wrapped // This file contains the raw data for ECC curve constants. The data is wrapped
// in macros so this file can be included in other files that format the data in // in macros so this file can be included in other files that format the data in
@ -110,98 +110,98 @@
# if ECC_NIST_P192 # if ECC_NIST_P192
const TPMBN_ECC_CURVE_CONSTANTS NIST_P192 = {TPM_ECC_NIST_P192, const TPMBN_ECC_CURVE_CONSTANTS NIST_P192 = {TPM_ECC_NIST_P192,
(bigNum)&NIST_P192_p, (bigNum)&NIST_P192_p,
(bigNum)&NIST_P192_n, (bigNum)&NIST_P192_n,
(bigNum)&NIST_P192_h, (bigNum)&NIST_P192_h,
(bigNum)&NIST_P192_a, (bigNum)&NIST_P192_a,
(bigNum)&NIST_P192_b, (bigNum)&NIST_P192_b,
{(bigNum)&NIST_P192_gX, {(bigNum)&NIST_P192_gX,
(bigNum)&NIST_P192_gY, (bigNum)&NIST_P192_gY,
(bigNum)&NIST_P192_gZ}}; (bigNum)&NIST_P192_gZ}};
# endif // ECC_NIST_P192 # endif // ECC_NIST_P192
# if ECC_NIST_P224 # if ECC_NIST_P224
const TPMBN_ECC_CURVE_CONSTANTS NIST_P224 = {TPM_ECC_NIST_P224, const TPMBN_ECC_CURVE_CONSTANTS NIST_P224 = {TPM_ECC_NIST_P224,
(bigNum)&NIST_P224_p, (bigNum)&NIST_P224_p,
(bigNum)&NIST_P224_n, (bigNum)&NIST_P224_n,
(bigNum)&NIST_P224_h, (bigNum)&NIST_P224_h,
(bigNum)&NIST_P224_a, (bigNum)&NIST_P224_a,
(bigNum)&NIST_P224_b, (bigNum)&NIST_P224_b,
{(bigNum)&NIST_P224_gX, {(bigNum)&NIST_P224_gX,
(bigNum)&NIST_P224_gY, (bigNum)&NIST_P224_gY,
(bigNum)&NIST_P224_gZ}}; (bigNum)&NIST_P224_gZ}};
# endif // ECC_NIST_P224 # endif // ECC_NIST_P224
# if ECC_NIST_P256 # if ECC_NIST_P256
const TPMBN_ECC_CURVE_CONSTANTS NIST_P256 = {TPM_ECC_NIST_P256, const TPMBN_ECC_CURVE_CONSTANTS NIST_P256 = {TPM_ECC_NIST_P256,
(bigNum)&NIST_P256_p, (bigNum)&NIST_P256_p,
(bigNum)&NIST_P256_n, (bigNum)&NIST_P256_n,
(bigNum)&NIST_P256_h, (bigNum)&NIST_P256_h,
(bigNum)&NIST_P256_a, (bigNum)&NIST_P256_a,
(bigNum)&NIST_P256_b, (bigNum)&NIST_P256_b,
{(bigNum)&NIST_P256_gX, {(bigNum)&NIST_P256_gX,
(bigNum)&NIST_P256_gY, (bigNum)&NIST_P256_gY,
(bigNum)&NIST_P256_gZ}}; (bigNum)&NIST_P256_gZ}};
# endif // ECC_NIST_P256 # endif // ECC_NIST_P256
# if ECC_NIST_P384 # if ECC_NIST_P384
const TPMBN_ECC_CURVE_CONSTANTS NIST_P384 = {TPM_ECC_NIST_P384, const TPMBN_ECC_CURVE_CONSTANTS NIST_P384 = {TPM_ECC_NIST_P384,
(bigNum)&NIST_P384_p, (bigNum)&NIST_P384_p,
(bigNum)&NIST_P384_n, (bigNum)&NIST_P384_n,
(bigNum)&NIST_P384_h, (bigNum)&NIST_P384_h,
(bigNum)&NIST_P384_a, (bigNum)&NIST_P384_a,
(bigNum)&NIST_P384_b, (bigNum)&NIST_P384_b,
{(bigNum)&NIST_P384_gX, {(bigNum)&NIST_P384_gX,
(bigNum)&NIST_P384_gY, (bigNum)&NIST_P384_gY,
(bigNum)&NIST_P384_gZ}}; (bigNum)&NIST_P384_gZ}};
# endif // ECC_NIST_P384 # endif // ECC_NIST_P384
# if ECC_NIST_P521 # if ECC_NIST_P521
const TPMBN_ECC_CURVE_CONSTANTS NIST_P521 = {TPM_ECC_NIST_P521, const TPMBN_ECC_CURVE_CONSTANTS NIST_P521 = {TPM_ECC_NIST_P521,
(bigNum)&NIST_P521_p, (bigNum)&NIST_P521_p,
(bigNum)&NIST_P521_n, (bigNum)&NIST_P521_n,
(bigNum)&NIST_P521_h, (bigNum)&NIST_P521_h,
(bigNum)&NIST_P521_a, (bigNum)&NIST_P521_a,
(bigNum)&NIST_P521_b, (bigNum)&NIST_P521_b,
{(bigNum)&NIST_P521_gX, {(bigNum)&NIST_P521_gX,
(bigNum)&NIST_P521_gY, (bigNum)&NIST_P521_gY,
(bigNum)&NIST_P521_gZ}}; (bigNum)&NIST_P521_gZ}};
# endif // ECC_NIST_P521 # endif // ECC_NIST_P521
# if ECC_BN_P256 # if ECC_BN_P256
const TPMBN_ECC_CURVE_CONSTANTS BN_P256 = {TPM_ECC_BN_P256, const TPMBN_ECC_CURVE_CONSTANTS BN_P256 = {TPM_ECC_BN_P256,
(bigNum)&BN_P256_p, (bigNum)&BN_P256_p,
(bigNum)&BN_P256_n, (bigNum)&BN_P256_n,
(bigNum)&BN_P256_h, (bigNum)&BN_P256_h,
(bigNum)&BN_P256_a, (bigNum)&BN_P256_a,
(bigNum)&BN_P256_b, (bigNum)&BN_P256_b,
{(bigNum)&BN_P256_gX, {(bigNum)&BN_P256_gX,
(bigNum)&BN_P256_gY, (bigNum)&BN_P256_gY,
(bigNum)&BN_P256_gZ}}; (bigNum)&BN_P256_gZ}};
# endif // ECC_BN_P256 # endif // ECC_BN_P256
# if ECC_BN_P638 # if ECC_BN_P638
const TPMBN_ECC_CURVE_CONSTANTS BN_P638 = {TPM_ECC_BN_P638, const TPMBN_ECC_CURVE_CONSTANTS BN_P638 = {TPM_ECC_BN_P638,
(bigNum)&BN_P638_p, (bigNum)&BN_P638_p,
(bigNum)&BN_P638_n, (bigNum)&BN_P638_n,
(bigNum)&BN_P638_h, (bigNum)&BN_P638_h,
(bigNum)&BN_P638_a, (bigNum)&BN_P638_a,
(bigNum)&BN_P638_b, (bigNum)&BN_P638_b,
{(bigNum)&BN_P638_gX, {(bigNum)&BN_P638_gX,
(bigNum)&BN_P638_gY, (bigNum)&BN_P638_gY,
(bigNum)&BN_P638_gZ}}; (bigNum)&BN_P638_gZ}};
# endif // ECC_BN_P638 # endif // ECC_BN_P638
# if ECC_SM2_P256 # if ECC_SM2_P256
const TPMBN_ECC_CURVE_CONSTANTS SM2_P256 = {TPM_ECC_SM2_P256, const TPMBN_ECC_CURVE_CONSTANTS SM2_P256 = {TPM_ECC_SM2_P256,
(bigNum)&SM2_P256_p, (bigNum)&SM2_P256_p,
(bigNum)&SM2_P256_n, (bigNum)&SM2_P256_n,
(bigNum)&SM2_P256_h, (bigNum)&SM2_P256_h,
(bigNum)&SM2_P256_a, (bigNum)&SM2_P256_a,
(bigNum)&SM2_P256_b, (bigNum)&SM2_P256_b,
{(bigNum)&SM2_P256_gX, {(bigNum)&SM2_P256_gX,
(bigNum)&SM2_P256_gY, (bigNum)&SM2_P256_gY,
(bigNum)&SM2_P256_gZ}}; (bigNum)&SM2_P256_gZ}};
# endif // ECC_SM2_P256 # endif // ECC_SM2_P256
# define comma # define comma
@ -240,10 +240,10 @@ MUST_BE((sizeof(bnEccCurveData) / sizeof(bnEccCurveData[0])) == (ECC_CURVE_COUNT
const TPMBN_ECC_CURVE_CONSTANTS* BnGetCurveData(TPM_ECC_CURVE curveId) const TPMBN_ECC_CURVE_CONSTANTS* BnGetCurveData(TPM_ECC_CURVE curveId)
{ {
for(int i = 0; i < ECC_CURVE_COUNT; i++) for(int i = 0; i < ECC_CURVE_COUNT; i++)
{ {
if(bnEccCurveData[i]->curveId == curveId) if(bnEccCurveData[i]->curveId == curveId)
return bnEccCurveData[i]; return bnEccCurveData[i];
} }
return NULL; return NULL;
} }

246
src/tpm2/BnMath.c
View File

@ -87,7 +87,7 @@
//** Includes //** Includes
#include "Tpm.h" // libtpms: for CryptRand.h #include "Tpm.h" // libtpms: for CryptRand.h
#include "TpmMath_Util_fp.h" // libtpms: added #include "TpmMath_Util_fp.h"
#include "TpmBigNum.h" #include "TpmBigNum.h"
extern BOOL g_inFailureMode; // can't use global.h because we can't use tpm.h extern BOOL g_inFailureMode; // can't use global.h because we can't use tpm.h
@ -107,45 +107,45 @@ const bignum_t BnConstZero = {1, 0, {0}};
// 0 no carry out // 0 no carry out
// 1 carry out // 1 carry out
static BOOL AddSame(crypt_uword_t* result, static BOOL AddSame(crypt_uword_t* result,
const crypt_uword_t* op1, const crypt_uword_t* op1,
const crypt_uword_t* op2, const crypt_uword_t* op2,
int count) int count)
{ {
int carry = 0; int carry = 0;
int i; int i;
for(i = 0; i < count; i++) for(i = 0; i < count; i++)
{ {
crypt_uword_t a = op1[i]; crypt_uword_t a = op1[i];
crypt_uword_t sum = a + op2[i]; crypt_uword_t sum = a + op2[i];
result[i] = sum + carry; result[i] = sum + carry;
// generate a carry if the sum is less than either of the inputs // generate a carry if the sum is less than either of the inputs
// propagate a carry if there was a carry and the sum + carry is zero // propagate a carry if there was a carry and the sum + carry is zero
// do this using bit operations rather than logical operations so that // do this using bit operations rather than logical operations so that
// the time is about the same. // the time is about the same.
// propagate term | generate term // propagate term | generate term
carry = ((result[i] == 0) & carry) | (sum < a); carry = ((result[i] == 0) & carry) | (sum < a);
} }
return carry; return carry;
} }
//*** CarryProp() //*** CarryProp()
// Propagate a carry // Propagate a carry
static int CarryProp( static int CarryProp(
crypt_uword_t* result, const crypt_uword_t* op, int count, int carry) crypt_uword_t* result, const crypt_uword_t* op, int count, int carry)
{ {
for(; count; count--) for(; count; count--)
carry = ((*result++ = *op++ + carry) == 0) & carry; carry = ((*result++ = *op++ + carry) == 0) & carry;
return carry; return carry;
} }
static void CarryResolve(bigNum result, int stop, int carry) static void CarryResolve(bigNum result, int stop, int carry)
{ {
if(carry) if(carry)
{ {
pAssert((unsigned)stop < result->allocated); pAssert((unsigned)stop < result->allocated);
result->d[stop++] = 1; result->d[stop++] = 1;
} }
BnSetTop(result, stop); BnSetTop(result, stop);
} }
@ -160,16 +160,16 @@ LIB_EXPORT BOOL BnAdd(bigNum result, bigConst op1, bigConst op2)
// //
if(n2->size > n1->size) if(n2->size > n1->size)
{ {
n1 = op2; n1 = op2;
n2 = op1; n2 = op1;
} }
pAssert(result->allocated >= n1->size); pAssert(result->allocated >= n1->size);
stop = MIN(n1->size, n2->allocated); stop = MIN(n1->size, n2->allocated);
carry = (int)AddSame(result->d, n1->d, n2->d, (int)stop); carry = (int)AddSame(result->d, n1->d, n2->d, (int)stop);
if(n1->size > stop) if(n1->size > stop)
carry = carry =
CarryProp(&result->d[stop], &n1->d[stop], (int)(n1->size - stop), carry); CarryProp(&result->d[stop], &n1->d[stop], (int)(n1->size - stop), carry);
CarryResolve(result, (int)n1->size, carry); CarryResolve(result, (int)n1->size, carry);
return TRUE; return TRUE;
} }
@ -189,20 +189,20 @@ LIB_EXPORT BOOL BnAddWord(bigNum result, bigConst op, crypt_uword_t word)
//*** SubSame() //*** SubSame()
// This function subtracts two values that have the same size. // This function subtracts two values that have the same size.
static int SubSame(crypt_uword_t* result, static int SubSame(crypt_uword_t* result,
const crypt_uword_t* op1, const crypt_uword_t* op1,
const crypt_uword_t* op2, const crypt_uword_t* op2,
int count) int count)
{ {
int borrow = 0; int borrow = 0;
int i; int i;
for(i = 0; i < count; i++) for(i = 0; i < count; i++)
{ {
crypt_uword_t a = op1[i]; crypt_uword_t a = op1[i];
crypt_uword_t diff = a - op2[i]; crypt_uword_t diff = a - op2[i];
result[i] = diff - borrow; result[i] = diff - borrow;
// generate | propagate // generate | propagate
borrow = (diff > a) | ((diff == 0) & borrow); borrow = (diff > a) | ((diff == 0) & borrow);
} }
return borrow; return borrow;
} }
@ -214,10 +214,10 @@ static int SubSame(crypt_uword_t* result,
// are on large positive numbers (primes) or on fields. // are on large positive numbers (primes) or on fields.
// Propagate a borrow. // Propagate a borrow.
static int BorrowProp( static int BorrowProp(
crypt_uword_t* result, const crypt_uword_t* op, int size, int borrow) crypt_uword_t* result, const crypt_uword_t* op, int size, int borrow)
{ {
for(; size > 0; size--) for(; size > 0; size--)
borrow = ((*result++ = *op++ - borrow) == MAX_CRYPT_UWORD) && borrow; borrow = ((*result++ = *op++ - borrow) == MAX_CRYPT_UWORD) && borrow;
return borrow; return borrow;
} }
@ -234,8 +234,8 @@ LIB_EXPORT BOOL BnSub(bigNum result, bigConst op1, bigConst op2)
pAssert(op1->size >= op2->size); pAssert(op1->size >= op2->size);
borrow = SubSame(result->d, op1->d, op2->d, stop); borrow = SubSame(result->d, op1->d, op2->d, stop);
if(op1->size > (crypt_uword_t)stop) if(op1->size > (crypt_uword_t)stop)
borrow = BorrowProp( borrow = BorrowProp(
&result->d[stop], &op1->d[stop], (int)(op1->size - stop), borrow); &result->d[stop], &op1->d[stop], (int)(op1->size - stop), borrow);
pAssert(!borrow); pAssert(!borrow);
BnSetTop(result, op1->size); BnSetTop(result, op1->size);
return TRUE; return TRUE;
@ -274,15 +274,15 @@ LIB_EXPORT int BnUnsignedCmp(bigConst op1, bigConst op2)
pAssert((op1 != NULL) && (op2 != NULL)); pAssert((op1 != NULL) && (op2 != NULL));
retVal = (int)(op1->size - op2->size); retVal = (int)(op1->size - op2->size);
if(retVal == 0) if(retVal == 0)
{ {
for(i = (int)(op1->size - 1); i >= 0; i--) for(i = (int)(op1->size - 1); i >= 0; i--)
{ {
diff = (op1->d[i] < op2->d[i]) ? -1 : (op1->d[i] != op2->d[i]); diff = (op1->d[i] < op2->d[i]) ? -1 : (op1->d[i] != op2->d[i]);
retVal = retVal == 0 ? diff : retVal; retVal = retVal == 0 ? diff : retVal;
} }
} }
else else
retVal = (retVal < 0) ? -1 : 1; retVal = (retVal < 0) ? -1 : 1;
return retVal; return retVal;
} }
@ -295,12 +295,12 @@ LIB_EXPORT int BnUnsignedCmp(bigConst op1, bigConst op2)
LIB_EXPORT int BnUnsignedCmpWord(bigConst op1, crypt_uword_t word) LIB_EXPORT int BnUnsignedCmpWord(bigConst op1, crypt_uword_t word)
{ {
if(op1->size > 1) if(op1->size > 1)
return 1; return 1;
else if(op1->size == 1) else if(op1->size == 1)
return (op1->d[0] < word) ? -1 : (op1->d[0] > word); return (op1->d[0] < word) ? -1 : (op1->d[0] > word);
else // op1 is zero else // op1 is zero
// equal if word is zero // equal if word is zero
return (word == 0) ? 0 : -1; return (word == 0) ? 0 : -1;
} }
//*** BnModWord() //*** BnModWord()
@ -327,39 +327,39 @@ LIB_EXPORT crypt_word_t BnModWord(bigConst numerator, crypt_word_t modulus)
static int Msb(crypt_uword_t word) static int Msb(crypt_uword_t word)
{ {
int retVal = -1; int retVal = -1;
// //
#if RADIX_BITS == 64 #if RADIX_BITS == 64
if(word & 0xffffffff00000000) if(word & 0xffffffff00000000)
{ {
retVal += 32; retVal += 32;
word >>= 32; word >>= 32;
} }
#endif #endif
if(word & 0xffff0000) if(word & 0xffff0000)
{ {
retVal += 16; retVal += 16;
word >>= 16; word >>= 16;
} }
if(word & 0x0000ff00) if(word & 0x0000ff00)
{ {
retVal += 8; retVal += 8;
word >>= 8; word >>= 8;
} }
if(word & 0x000000f0) if(word & 0x000000f0)
{ {
retVal += 4; retVal += 4;
word >>= 4; word >>= 4;
} }
if(word & 0x0000000c) if(word & 0x0000000c)
{ {
retVal += 2; retVal += 2;
word >>= 2; word >>= 2;
} }
if(word & 0x00000002) if(word & 0x00000002)
{ {
retVal += 1; retVal += 1;
word >>= 1; word >>= 1;
} }
return retVal + (int)word; return retVal + (int)word;
} }
@ -372,13 +372,13 @@ LIB_EXPORT int BnMsb(bigConst bn)
{ {
// If the value is NULL, or the size is zero then treat as zero and return -1 // If the value is NULL, or the size is zero then treat as zero and return -1
if(bn != NULL && bn->size > 0) if(bn != NULL && bn->size > 0)
{ {
int retVal = Msb(bn->d[bn->size - 1]); int retVal = Msb(bn->d[bn->size - 1]);
retVal += (int)(bn->size - 1) * RADIX_BITS; retVal += (int)(bn->size - 1) * RADIX_BITS;
return retVal; return retVal;
} }
else else
return -1; return -1;
} }
//*** BnSizeInBits() //*** BnSizeInBits()
@ -397,11 +397,11 @@ LIB_EXPORT unsigned BnSizeInBits(bigConst n)
LIB_EXPORT bigNum BnSetWord(bigNum n, crypt_uword_t w) LIB_EXPORT bigNum BnSetWord(bigNum n, crypt_uword_t w)
{ {
if(n != NULL) if(n != NULL)
{ {
pAssert(n->allocated > 1); pAssert(n->allocated > 1);
n->d[0] = w; n->d[0] = w;
BnSetTop(n, (w != 0) ? 1 : 0); BnSetTop(n, (w != 0) ? 1 : 0);
} }
return n; return n;
} }
@ -409,18 +409,18 @@ LIB_EXPORT bigNum BnSetWord(bigNum n, crypt_uword_t w)
// This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in // This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in
// the 0th digit_t. The function will return FALSE if the bitNum is invalid, else TRUE. // the 0th digit_t. The function will return FALSE if the bitNum is invalid, else TRUE.
LIB_EXPORT BOOL BnSetBit(bigNum bn, // IN/OUT: big number to modify LIB_EXPORT BOOL BnSetBit(bigNum bn, // IN/OUT: big number to modify
unsigned int bitNum // IN: Bit number to SET unsigned int bitNum // IN: Bit number to SET
) )
{ {
crypt_uword_t offset = bitNum / RADIX_BITS; crypt_uword_t offset = bitNum / RADIX_BITS;
if(bitNum > bn->allocated * RADIX_BITS) if(bitNum > bn->allocated * RADIX_BITS)
{ {
// out of range // out of range
return FALSE; return FALSE;
} }
// Grow the number if necessary to set the bit. // Grow the number if necessary to set the bit.
while(bn->size <= offset) while(bn->size <= offset)
bn->d[bn->size++] = 0; bn->d[bn->size++] = 0;
bn->d[offset] |= ((crypt_uword_t)1 << RADIX_MOD(bitNum)); bn->d[offset] |= ((crypt_uword_t)1 << RADIX_MOD(bitNum));
return TRUE; return TRUE;
} }
@ -432,15 +432,15 @@ LIB_EXPORT BOOL BnSetBit(bigNum bn, // IN/OUT: big number to modify
// TRUE(1) the bit is set // TRUE(1) the bit is set
// FALSE(0) the bit is not set or the number is out of range // FALSE(0) the bit is not set or the number is out of range
LIB_EXPORT BOOL BnTestBit(bigNum bn, // IN: number to check LIB_EXPORT BOOL BnTestBit(bigNum bn, // IN: number to check
unsigned int bitNum // IN: bit to test unsigned int bitNum // IN: bit to test
) )
{ {
crypt_uword_t offset = RADIX_DIV(bitNum); crypt_uword_t offset = RADIX_DIV(bitNum);
// //
if(bn->size > offset) if(bn->size > offset)
return ((bn->d[offset] & (((crypt_uword_t)1) << RADIX_MOD(bitNum))) != 0); return ((bn->d[offset] & (((crypt_uword_t)1) << RADIX_MOD(bitNum))) != 0);
else else
return FALSE; return FALSE;
} }
//***BnMaskBits() //***BnMaskBits()
@ -452,8 +452,8 @@ LIB_EXPORT BOOL BnTestBit(bigNum bn, // IN: number to check
// TRUE(1) result masked // TRUE(1) result masked
// FALSE(0) the input was not as large as the mask // FALSE(0) the input was not as large as the mask
LIB_EXPORT BOOL BnMaskBits(bigNum bn, // IN/OUT: number to mask LIB_EXPORT BOOL BnMaskBits(bigNum bn, // IN/OUT: number to mask
crypt_uword_t maskBit // IN: the bit number for the mask. crypt_uword_t maskBit // IN: the bit number for the mask.
) )
{ {
crypt_uword_t finalSize; crypt_uword_t finalSize;
BOOL retVal; BOOL retVal;
@ -461,11 +461,11 @@ LIB_EXPORT BOOL BnMaskBits(bigNum bn, // IN/OUT: number to mask
finalSize = BITS_TO_CRYPT_WORDS(maskBit); finalSize = BITS_TO_CRYPT_WORDS(maskBit);
retVal = (finalSize <= bn->allocated); retVal = (finalSize <= bn->allocated);
if(retVal && (finalSize > 0)) if(retVal && (finalSize > 0))
{ {
crypt_uword_t mask; crypt_uword_t mask;
mask = ~((crypt_uword_t)0) >> RADIX_MOD(maskBit); mask = ~((crypt_uword_t)0) >> RADIX_MOD(maskBit);
bn->d[finalSize - 1] &= mask; bn->d[finalSize - 1] &= mask;
} }
BnSetTop(bn, finalSize); BnSetTop(bn, finalSize);
return retVal; return retVal;
} }
@ -486,24 +486,24 @@ LIB_EXPORT BOOL BnShiftRight(bigNum result, bigConst toShift, uint32_t shiftAmou
// The end size is toShift->size - offset less one additional // The end size is toShift->size - offset less one additional
// word if the shiftAmount would make the upper word == 0 // word if the shiftAmount would make the upper word == 0
if(toShift->size > offset) if(toShift->size > offset)
{ {
finalSize = toShift->size - offset; finalSize = toShift->size - offset;
finalSize -= (toShift->d[toShift->size - 1] >> shiftAmount) == 0 ? 1 : 0; finalSize -= (toShift->d[toShift->size - 1] >> shiftAmount) == 0 ? 1 : 0;
} }
else else
finalSize = 0; finalSize = 0;
pAssert(finalSize <= result->allocated); pAssert(finalSize <= result->allocated);
if(finalSize != 0) if(finalSize != 0)
{ {
for(i = 0; i < finalSize; i++) for(i = 0; i < finalSize; i++)
{ {
result->d[i] = (toShift->d[i + offset] >> shiftAmount) result->d[i] = (toShift->d[i + offset] >> shiftAmount)
| (toShift->d[i + offset + 1] << shiftIn); | (toShift->d[i + offset + 1] << shiftIn);
} }
if(offset == 0) if(offset == 0)
result->d[i] = toShift->d[i] >> shiftAmount; result->d[i] = toShift->d[i] >> shiftAmount;
} }
BnSetTop(result, finalSize); BnSetTop(result, finalSize);
return TRUE; return TRUE;
} }
@ -537,9 +537,9 @@ BOOL BnIsPointOnCurve(pointConst Q, const TPMBN_ECC_CURVE_CONSTANTS* C)
BnMod(right, prime); BnMod(right, prime);
if(BnUnsignedCmp(left, right) == 0) if(BnUnsignedCmp(left, right) == 0)
return TRUE; return TRUE;
else else
return FALSE; return FALSE;
} }
// libtpms added begin // libtpms added begin

206
src/tpm2/BnMemory.c
View File

@ -59,133 +59,142 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
//** Introduction /* 10.2.5 BnMemory.c */
// This file contains the memory setup functions used by the bigNum functions /* 10.2.5.1 Introduction */
// in CryptoEngine /* This file contains the memory setup functions used by the bigNum functions in CryptoEngine() */
/* 10.2.5.2 Includes */
//** Includes #include "Tpm.h"
#include "TpmBigNum.h" /* 10.2.5.3 Functions */
/* 10.2.5.3.1 BnSetTop() */
//** Functions /* This function is used when the size of a bignum_t is changed. It makes sure that the unused words
are set to zero and that any significant words of zeros are eliminated from the used size
//*** BnSetTop() indicator. */
// This function is used when the size of a bignum_t is changed. It LIB_EXPORT bigNum
// makes sure that the unused words are set to zero and that any significant BnSetTop(
// words of zeros are eliminated from the used size indicator. bigNum bn, // IN/OUT: number to clean
LIB_EXPORT bigNum BnSetTop(bigNum bn, // IN/OUT: number to clean crypt_uword_t top // IN: the new top
crypt_uword_t top // IN: the new top )
)
{ {
if(bn != NULL) if(bn != NULL)
{ {
pAssert(top <= bn->allocated); pAssert(top <= bn->allocated);
// If forcing the size to be decreased, make sure that the words being // If forcing the size to be decreased, make sure that the words being
// discarded are being set to 0 // discarded are being set to 0
while(bn->size > top) while(bn->size > top)
bn->d[--bn->size] = 0; bn->d[--bn->size] = 0;
bn->size = top; bn->size = top;
// Now make sure that the words that are left are 'normalized' (no high-order // Now make sure that the words that are left are 'normalized' (no high-order
// words of zero. // words of zero.
while((bn->size > 0) && (bn->d[bn->size - 1] == 0)) while((bn->size > 0) && (bn->d[bn->size - 1] == 0))
bn->size -= 1; bn->size -= 1;
} }
return bn; return bn;
} }
#if 0 /* libtpms added */ #if 0 /* libtpms added */
/* 10.2.5.3.2 BnClearTop() */
//*** BnClearTop() /* This function will make sure that all unused words are zero. */
// This function will make sure that all unused words are zero. LIB_EXPORT bigNum
LIB_EXPORT bigNum BnClearTop(bigNum bn) BnClearTop(
bigNum bn
)
{ {
crypt_uword_t i; crypt_uword_t i;
// //
if(bn != NULL) if(bn != NULL)
{ {
for(i = bn->size; i < bn->allocated; i++) for(i = bn->size; i < bn->allocated; i++)
bn->d[i] = 0; bn->d[i] = 0;
while((bn->size > 0) && (bn->d[bn->size] == 0)) while((bn->size > 0) && (bn->d[bn->size] == 0))
bn->size -= 1; bn->size -= 1;
} }
return bn; return bn;
} }
#endif /* libtpms added */ #endif /* libtpms added */
/* 10.2.5.3.3 BnInitializeWord() */
//*** BnInitializeWord() /* This function is used to initialize an allocated bigNum with a word value. The bigNum does not
// This function is used to initialize an allocated bigNum with a word value. The have to be allocated with a single word. */
// bigNum does not have to be allocated with a single word. LIB_EXPORT bigNum
LIB_EXPORT bigNum BnInitializeWord(bigNum bn, // IN: BnInitializeWord(
crypt_uword_t allocated, // IN: bigNum bn, // IN:
crypt_uword_t word // IN: crypt_uword_t allocated, // IN:
) crypt_uword_t word // IN:
)
{ {
bn->allocated = allocated; bn->allocated = allocated;
bn->size = (word != 0); bn->size = (word != 0);
bn->d[0] = word; bn->d[0] = word;
while(allocated > 1) while(allocated > 1)
bn->d[--allocated] = 0; bn->d[--allocated] = 0;
return bn; return bn;
} }
/* 10.2.5.3.4 BnInit() */
//*** BnInit() /* This function initializes a stack allocated bignum_t. It initializes allocated and size and zeros
// This function initializes a stack allocated bignum_t. It initializes the words of d. */
// 'allocated' and 'size' and zeros the words of 'd'. LIB_EXPORT bigNum
LIB_EXPORT bigNum BnInit(bigNum bn, crypt_uword_t allocated) BnInit(
bigNum bn,
crypt_uword_t allocated
)
{ {
if(bn != NULL) if(bn != NULL)
{ {
bn->allocated = allocated; bn->allocated = allocated;
bn->size = 0; bn->size = 0;
while(allocated != 0) while(allocated != 0)
bn->d[--allocated] = 0; bn->d[--allocated] = 0;
} }
return bn; return bn;
} }
/* 10.2.5.3.5 BnCopy() */
//*** BnCopy() /* Function to copy a bignum_t. If the output is NULL, then nothing happens. If the input is NULL,
// Function to copy a bignum_t. If the output is NULL, then the output is set to zero. */
// nothing happens. If the input is NULL, the output is set LIB_EXPORT BOOL
// to zero. BnCopy(
LIB_EXPORT BOOL BnCopy(bigNum out, bigConst in) bigNum out,
bigConst in
)
{ {
if(in == out) if(in == out)
BnSetTop(out, BnGetSize(out)); BnSetTop(out, BnGetSize(out));
else if(out != NULL) else if(out != NULL)
{ {
if(in != NULL) if(in != NULL)
{ {
unsigned int i; unsigned int i;
pAssert(BnGetAllocated(out) >= BnGetSize(in)); pAssert(BnGetAllocated(out) >= BnGetSize(in));
for(i = 0; i < BnGetSize(in); i++) for(i = 0; i < BnGetSize(in); i++)
out->d[i] = in->d[i]; out->d[i] = in->d[i];
BnSetTop(out, BnGetSize(in)); BnSetTop(out, BnGetSize(in));
} }
else else
BnSetTop(out, 0); BnSetTop(out, 0);
} }
return TRUE; return TRUE;
} }
#if ALG_ECC #if ALG_ECC
#if 0 /* libtpms added */ #if 0 /* libtpms added */
/* 10.2.5.3.6 BnPointCopy() */
//*** BnPointCopy() /* Function to copy a bn point. */
// Function to copy a bn point. LIB_EXPORT BOOL
LIB_EXPORT BOOL BnPointCopy(bigPoint pOut, pointConst pIn) BnPointCopy(
bigPoint pOut,
pointConst pIn
)
{ {
return BnCopy(pOut->x, pIn->x) && BnCopy(pOut->y, pIn->y) return BnCopy(pOut->x, pIn->x)
&& BnCopy(pOut->z, pIn->z); && BnCopy(pOut->y, pIn->y)
&& BnCopy(pOut->z, pIn->z);
} }
#endif /* libtpms added */ #endif /* libtpms added */
/* 10.2.5.3.7 BnInitializePoint() */
//*** BnInitializePoint() /* This function is used to initialize a point structure with the addresses of the coordinates. */
// This function is used to initialize a point structure with the addresses LIB_EXPORT bn_point_t *
// of the coordinates. BnInitializePoint(
LIB_EXPORT bn_point_t* BnInitializePoint( bigPoint p, // OUT: structure to receive pointers
bigPoint p, // OUT: structure to receive pointers bigNum x, // IN: x coordinate
bigNum x, // IN: x coordinate bigNum y, // IN: y coordinate
bigNum y, // IN: y coordinate bigNum z // IN: x coordinate
bigNum z // IN: x coordinate )
)
{ {
p->x = x; p->x = x;
p->y = y; p->y = y;
@ -193,5 +202,4 @@ LIB_EXPORT bn_point_t* BnInitializePoint(
BnSetWord(z, 1); BnSetWord(z, 1);
return p; return p;
} }
#endif // TPM_ALG_ECC
#endif // ALG_ECC

33
src/tpm2/BnSupport_Interface.h
View File

@ -79,7 +79,6 @@
#define BN_SUPPORT_INTERFACE_H #define BN_SUPPORT_INTERFACE_H
// TODO_RENAME_INC_FOLDER:private refers to the TPM_CoreLib private headers // TODO_RENAME_INC_FOLDER:private refers to the TPM_CoreLib private headers
#include "GpMacros.h" #include "GpMacros.h"
#include "CryptoInterface.h"
#include "BnValues.h" #include "BnValues.h"
//** BnSupportLibInit() //** BnSupportLibInit()
@ -96,7 +95,7 @@ BOOL BnMathLibraryCompatibilityCheck(void);
//** BnModMult() //** BnModMult()
// Does 'op1' * 'op2' and divide by 'modulus' returning the remainder of the divide. // Does 'op1' * 'op2' and divide by 'modulus' returning the remainder of the divide.
LIB_EXPORT BOOL BnModMult( LIB_EXPORT BOOL BnModMult(
bigNum result, bigConst op1, bigConst op2, bigConst modulus); bigNum result, bigConst op1, bigConst op2, bigConst modulus);
//** BnMult() //** BnMult()
// Multiplies two numbers and returns the result // Multiplies two numbers and returns the result
@ -106,7 +105,7 @@ LIB_EXPORT BOOL BnMult(bigNum result, bigConst multiplicand, bigConst multiplier
// This function divides two bigNum values. The function returns FALSE if there is // This function divides two bigNum values. The function returns FALSE if there is
// an error in the operation. // an error in the operation.
LIB_EXPORT BOOL BnDiv( LIB_EXPORT BOOL BnDiv(
bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor); bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor);
//** BnMod() //** BnMod()
#define BnMod(a, b) BnDiv(NULL, (a), (a), (b)) #define BnMod(a, b) BnDiv(NULL, (a), (a), (b))
@ -120,11 +119,11 @@ LIB_EXPORT BOOL BnGcd(bigNum gcd, bigConst number1, bigConst number2);
// Do modular exponentiation using bigNum values. This function is only needed // Do modular exponentiation using bigNum values. This function is only needed
// when the TPM implements RSA. // when the TPM implements RSA.
LIB_EXPORT BOOL BnModExp( LIB_EXPORT BOOL BnModExp(
bigNum result, bigConst number, bigConst exponent, bigConst modulus); bigNum result, bigConst number, bigConst exponent, bigConst modulus);
#endif // ALG_RSA #endif // ALG_RSA
//** BnModInverse() //** BnModInverse()
// Modular multiplicative inverse. // Modular multiplicative inverse.
LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, bigConst modulus); LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, bigConst modulus);
#if ALG_ECC #if ALG_ECC
@ -146,36 +145,28 @@ LIB_EXPORT void BnCurveFree(bigCurveData* E);
// indicates that the result was the point at infinity. This function is only needed // indicates that the result was the point at infinity. This function is only needed
// if the TPM supports ECC. // if the TPM supports ECC.
LIB_EXPORT BOOL BnEccModMult( LIB_EXPORT BOOL BnEccModMult(
bigPoint R, pointConst S, bigConst d, const bigCurveData* E); bigPoint R, pointConst S, bigConst d, const bigCurveData* E);
//** BnEccModMult2() //** BnEccModMult2()
// This function does a point multiply of the form R = [d]S + [u]Q. A return of // This function does a point multiply of the form R = [d]S + [u]Q. A return of
// FALSE indicates that the result was the point at infinity. This function is only // FALSE indicates that the result was the point at infinity. This function is only
// needed if the TPM supports ECC. // needed if the TPM supports ECC.
LIB_EXPORT BOOL BnEccModMult2(bigPoint R, LIB_EXPORT BOOL BnEccModMult2(bigPoint R,
pointConst S, pointConst S,
bigConst d, bigConst d,
pointConst Q, pointConst Q,
bigConst u, bigConst u,
const bigCurveData* E); const bigCurveData* E);
//** BnEccAdd() //** BnEccAdd()
// This function does a point add R = S + Q. A return of FALSE // This function does a point add R = S + Q. A return of FALSE
// indicates that the result was the point at infinity. This function is only needed // indicates that the result was the point at infinity. This function is only needed
// if the TPM supports ECC. // if the TPM supports ECC.
LIB_EXPORT BOOL BnEccAdd( LIB_EXPORT BOOL BnEccAdd(
bigPoint R, pointConst S, pointConst Q, const bigCurveData* E); bigPoint R, pointConst S, pointConst Q, const bigCurveData* E);
#endif // ALG_ECC #endif // ALG_ECC
#if CRYPTO_LIB_REPORTING
//** BnGetImplementation()
// This function reports the underlying library being used for bignum operations.
void BnGetImplementation(_CRYPTO_IMPL_DESCRIPTION* result);
#endif // CRYPTO_LIB_REPORTING
// libtpms: added begin // libtpms: added begin
bigCurveData* bigCurveData*
BnCurveInitialize( BnCurveInitialize(

49
src/tpm2/Cancel.c
View File

@ -59,38 +59,41 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
//** Description /* C.2 Cancel.c */
// /* C.2.1. Description */
// This module simulates the cancel pins on the TPM. /* This module simulates the cancel pins on the TPM. */
// /* C.2.2. Includes, Typedefs, Structures, and Defines */
//** Includes, Typedefs, Structures, and Defines
#include "Platform.h" #include "Platform.h"
/* C.2.3. Functions */
//** Functions /* C.2.3.1. _plat__IsCanceled() */
/* Check if the cancel flag is set */
//***_plat__IsCanceled() /* Return Values Meaning */
// Check if the cancel flag is set /* TRUE(1) if cancel flag is set */
// Return Type: int /* FALSE(0) if cancel flag is not set */
// TRUE(1) if cancel flag is set LIB_EXPORT int
// FALSE(0) if cancel flag is not set _plat__IsCanceled(
LIB_EXPORT int _plat__IsCanceled(void) void
)
{ {
// return cancel flag // return cancel flag
return s_isCanceled; return s_isCanceled;
} }
/* C.2.3.2. _plat__SetCancel() */
//***_plat__SetCancel() /* Set cancel flag. */
LIB_EXPORT void
// Set cancel flag. _plat__SetCancel(
LIB_EXPORT void _plat__SetCancel(void) void
)
{ {
s_isCanceled = TRUE; s_isCanceled = TRUE;
return; return;
} }
/* C.2.3.3. _plat__ClearCancel() */
//***_plat__ClearCancel() /* Clear cancel flag */
// Clear cancel flag LIB_EXPORT void
LIB_EXPORT void _plat__ClearCancel(void) _plat__ClearCancel(
void
)
{ {
s_isCanceled = FALSE; s_isCanceled = FALSE;
return; return;

24
src/tpm2/Capabilities.h
View File

@ -59,18 +59,18 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
#ifndef _CAPABILITIES_H #ifndef _CAPABILITIES_H
#define _CAPABILITIES_H #define _CAPABILITIES_H
#define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP) - sizeof(UINT32)) #define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP)-sizeof(UINT32))
#define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY)) #define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY))
#define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE)) #define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE))
#define MAX_CAP_CC (MAX_CAP_DATA / sizeof(TPM_CC)) #define MAX_CAP_CC (MAX_CAP_DATA / sizeof(TPM_CC))
#define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY)) #define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY))
#define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT)) #define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT))
#define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE)) #define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE))
#define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY)) #define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY))
#define MAX_ACT_DATA (MAX_CAP_DATA / sizeof(TPMS_ACT_DATA)) #define MAX_ACT_DATA (MAX_CAP_DATA / sizeof(TPMS_ACT_DATA))
#define MAX_AC_CAPABILITIES (MAX_CAP_DATA / sizeof(TPMS_AC_OUTPUT)) #define MAX_AC_CAPABILITIES (MAX_CAP_DATA / sizeof(TPMS_AC_OUTPUT))
#endif #endif

58
src/tpm2/CertifyCreation_fp.h
View File

@ -59,43 +59,37 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CERTIFYCREATION_FP_H
#define CERTIFYCREATION_FP_H
#if CC_CertifyCreation // Command must be enabled typedef struct {
TPMI_DH_OBJECT signHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFYCREATION_FP_H_ TPMI_DH_OBJECT objectHandle;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFYCREATION_FP_H_ TPM2B_DATA qualifyingData;
TPM2B_DIGEST creationHash;
// Input structure definition TPMT_SIG_SCHEME inScheme;
typedef struct TPMT_TK_CREATION creationTicket;
{
TPMI_DH_OBJECT signHandle;
TPMI_DH_OBJECT objectHandle;
TPM2B_DATA qualifyingData;
TPM2B_DIGEST creationHash;
TPMT_SIG_SCHEME inScheme;
TPMT_TK_CREATION creationTicket;
} CertifyCreation_In; } CertifyCreation_In;
// Output structure definition #define RC_CertifyCreation_signHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_CertifyCreation_objectHandle (TPM_RC_H + TPM_RC_2)
{ #define RC_CertifyCreation_qualifyingData (TPM_RC_P + TPM_RC_1)
TPM2B_ATTEST certifyInfo; #define RC_CertifyCreation_creationHash (TPM_RC_P + TPM_RC_2)
TPMT_SIGNATURE signature; #define RC_CertifyCreation_inScheme (TPM_RC_P + TPM_RC_3)
#define RC_CertifyCreation_creationTicket (TPM_RC_P + TPM_RC_4)
typedef struct {
TPM2B_ATTEST certifyInfo;
TPMT_SIGNATURE signature;
} CertifyCreation_Out; } CertifyCreation_Out;
// Response code modifiers
# define RC_CertifyCreation_signHandle (TPM_RC_H + TPM_RC_1)
# define RC_CertifyCreation_objectHandle (TPM_RC_H + TPM_RC_2)
# define RC_CertifyCreation_qualifyingData (TPM_RC_P + TPM_RC_1)
# define RC_CertifyCreation_creationHash (TPM_RC_P + TPM_RC_2)
# define RC_CertifyCreation_inScheme (TPM_RC_P + TPM_RC_3)
# define RC_CertifyCreation_creationTicket (TPM_RC_P + TPM_RC_4)
// Function prototype
TPM_RC TPM_RC
TPM2_CertifyCreation(CertifyCreation_In* in, CertifyCreation_Out* out); TPM2_CertifyCreation(
CertifyCreation_In *in, // IN: input parameter list
CertifyCreation_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFYCREATION_FP_H_
#endif // CC_CertifyCreation #endif

55
src/tpm2/CertifyX509_fp.h
View File

@ -59,42 +59,35 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 155 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CERTIFYX509_FP_H
#define CERTIFYX509_FP_H
#if CC_CertifyX509 // Command must be enabled typedef struct {
TPMI_DH_OBJECT objectHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFYX509_FP_H_ TPMI_DH_OBJECT signHandle;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFYX509_FP_H_ TPM2B_DATA reserved;
TPMT_SIG_SCHEME inScheme;
// Input structure definition TPM2B_MAX_BUFFER partialCertificate;
typedef struct
{
TPMI_DH_OBJECT objectHandle;
TPMI_DH_OBJECT signHandle;
TPM2B_DATA reserved;
TPMT_SIG_SCHEME inScheme;
TPM2B_MAX_BUFFER partialCertificate;
} CertifyX509_In; } CertifyX509_In;
// Output structure definition #define RC_CertifyX509_signHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_CertifyX509_objectHandle (TPM_RC_H + TPM_RC_2)
{ #define RC_CertifyX509_reserved (TPM_RC_P + TPM_RC_1)
TPM2B_MAX_BUFFER addedToCertificate; #define RC_CertifyX509_inScheme (TPM_RC_P + TPM_RC_2)
TPM2B_DIGEST tbsDigest; #define RC_CertifyX509_partialCertificate (TPM_RC_P + TPM_RC_3)
TPMT_SIGNATURE signature;
typedef struct {
TPM2B_MAX_BUFFER addedToCertificate;
TPM2B_DIGEST tbsDigest;
TPMT_SIGNATURE signature;
} CertifyX509_Out; } CertifyX509_Out;
// Response code modifiers
# define RC_CertifyX509_objectHandle (TPM_RC_H + TPM_RC_1)
# define RC_CertifyX509_signHandle (TPM_RC_H + TPM_RC_2)
# define RC_CertifyX509_reserved (TPM_RC_P + TPM_RC_1)
# define RC_CertifyX509_inScheme (TPM_RC_P + TPM_RC_2)
# define RC_CertifyX509_partialCertificate (TPM_RC_P + TPM_RC_3)
// Function prototype
TPM_RC TPM_RC
TPM2_CertifyX509(CertifyX509_In* in, CertifyX509_Out* out); TPM2_CertifyX509(
CertifyX509_In *in, // IN: input parameter list
CertifyX509_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFYX509_FP_H_ #endif
#endif // CC_CertifyX509

50
src/tpm2/Certify_fp.h
View File

@ -59,39 +59,35 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CERTIFY_FP_H
#define CERTIFY_FP_H
#if CC_Certify // Command must be enabled typedef struct {
TPMI_DH_OBJECT objectHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFY_FP_H_ TPMI_DH_OBJECT signHandle;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFY_FP_H_ TPM2B_DATA qualifyingData;
TPMT_SIG_SCHEME inScheme;
// Input structure definition
typedef struct
{
TPMI_DH_OBJECT objectHandle;
TPMI_DH_OBJECT signHandle;
TPM2B_DATA qualifyingData;
TPMT_SIG_SCHEME inScheme;
} Certify_In; } Certify_In;
// Output structure definition #define RC_Certify_objectHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_Certify_signHandle (TPM_RC_H + TPM_RC_2)
{ #define RC_Certify_qualifyingData (TPM_RC_P + TPM_RC_1)
TPM2B_ATTEST certifyInfo; #define RC_Certify_inScheme (TPM_RC_P + TPM_RC_2)
TPMT_SIGNATURE signature;
typedef struct {
TPM2B_ATTEST certifyInfo;
TPMT_SIGNATURE signature;
} Certify_Out; } Certify_Out;
// Response code modifiers
# define RC_Certify_objectHandle (TPM_RC_H + TPM_RC_1)
# define RC_Certify_signHandle (TPM_RC_H + TPM_RC_2)
# define RC_Certify_qualifyingData (TPM_RC_P + TPM_RC_1)
# define RC_Certify_inScheme (TPM_RC_P + TPM_RC_2)
// Function prototype
TPM_RC TPM_RC
TPM2_Certify(Certify_In* in, Certify_Out* out); TPM2_Certify(
Certify_In *in, // IN: input parameter list
Certify_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CERTIFY_FP_H_
#endif // CC_Certify #endif

27
src/tpm2/ChangeEPS_fp.h
View File

@ -59,26 +59,21 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CHANGEEPS_FP_H
#define CHANGEEPS_FP_H
#if CC_ChangeEPS // Command must be enabled typedef struct {
TPMI_RH_PLATFORM authHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CHANGEEPS_FP_H_
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CHANGEEPS_FP_H_
// Input structure definition
typedef struct
{
TPMI_RH_PLATFORM authHandle;
} ChangeEPS_In; } ChangeEPS_In;
// Response code modifiers #define RC_ChangeEPS_authHandle (TPM_RC_H + TPM_RC_1)
# define RC_ChangeEPS_authHandle (TPM_RC_H + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_ChangeEPS(ChangeEPS_In* in); TPM2_ChangeEPS(
ChangeEPS_In *in // IN: input parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CHANGEEPS_FP_H_
#endif // CC_ChangeEPS #endif

27
src/tpm2/ChangePPS_fp.h
View File

@ -59,26 +59,21 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CHANGEPPS_FP_H
#define CHANGEPPS_FP_H
#if CC_ChangePPS // Command must be enabled typedef struct {
TPMI_RH_PLATFORM authHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CHANGEPPS_FP_H_
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CHANGEPPS_FP_H_
// Input structure definition
typedef struct
{
TPMI_RH_PLATFORM authHandle;
} ChangePPS_In; } ChangePPS_In;
// Response code modifiers #define RC_ChangePPS_authHandle (TPM_RC_P + TPM_RC_1)
# define RC_ChangePPS_authHandle (TPM_RC_H + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_ChangePPS(ChangePPS_In* in); TPM2_ChangePPS(
ChangePPS_In *in // IN: input parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CHANGEPPS_FP_H_
#endif // CC_ChangePPS #endif

31
src/tpm2/ClearControl_fp.h
View File

@ -59,28 +59,21 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CLEARCONTROL_FP_H
#define CLEARCONTROL_FP_H
#if CC_ClearControl // Command must be enabled typedef struct {
TPMI_RH_CLEAR auth;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLEARCONTROL_FP_H_ TPMI_YES_NO disable;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLEARCONTROL_FP_H_
// Input structure definition
typedef struct
{
TPMI_RH_CLEAR auth;
TPMI_YES_NO disable;
} ClearControl_In; } ClearControl_In;
// Response code modifiers #define RC_ClearControl_auth (TPM_RC_H + TPM_RC_1)
# define RC_ClearControl_auth (TPM_RC_H + TPM_RC_1) #define RC_ClearControl_disable (TPM_RC_P + TPM_RC_1)
# define RC_ClearControl_disable (TPM_RC_P + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_ClearControl(ClearControl_In* in); TPM2_ClearControl(
ClearControl_In *in // IN: input parameter list
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLEARCONTROL_FP_H_ );
#endif // CC_ClearControl #endif

26
src/tpm2/Clear_fp.h
View File

@ -59,26 +59,20 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CLEAR_FP_H
#define CLEAR_FP_H
#if CC_Clear // Command must be enabled typedef struct {
TPMI_RH_CLEAR authHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLEAR_FP_H_
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLEAR_FP_H_
// Input structure definition
typedef struct
{
TPMI_RH_CLEAR authHandle;
} Clear_In; } Clear_In;
// Response code modifiers #define RC_Clear_authHandle (TPM_RC_H + TPM_RC_1)
# define RC_Clear_authHandle (TPM_RC_H + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_Clear(Clear_In* in); TPM2_Clear(
Clear_In *in // IN: input parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLEAR_FP_H_ #endif
#endif // CC_Clear

110
src/tpm2/Clock.c
View File

@ -175,16 +175,16 @@ clock_t debugTime;
LIB_EXPORT uint64_t _plat__RealTime(void) LIB_EXPORT uint64_t _plat__RealTime(void)
{ {
clock64_t time; clock64_t time;
//#ifdef _MSC_VER kgold // libtpms changed begin //#ifdef _MSC_VER kgold
#ifdef TPM_WINDOWS #ifdef TPM_WINDOWS
#include <sys/timeb.h> // libtpms changed end #include <sys/timeb.h>
struct _timeb sysTime; struct _timeb sysTime;
// //
_ftime(&sysTime); /* kgold, mingw doesn't have _ftime_s */ _ftime(&sysTime); /* kgold, mingw doesn't have _ftime_s */
time = (clock64_t)(sysTime.time) * 1000 + sysTime.millitm; time = (clock64_t)(sysTime.time) * 1000 + sysTime.millitm;
// set the time back by one hour if daylight savings // set the time back by one hour if daylight savings
if(sysTime.dstflag) if(sysTime.dstflag)
time -= 1000 * 60 * 60; // mSec/sec * sec/min * min/hour = ms/hour time -= 1000 * 60 * 60; // mSec/sec * sec/min * min/hour = ms/hour
#else #else
// hopefully, this will work with most UNIX systems // hopefully, this will work with most UNIX systems
struct timespec systime; struct timespec systime;
@ -226,7 +226,7 @@ LIB_EXPORT uint64_t _plat__TimerRead(void)
# error "need a defintion for reading the hardware clock" # error "need a defintion for reading the hardware clock"
return HARDWARE_CLOCK return HARDWARE_CLOCK
#else #else
clock64_t timeDiff; clock64_t timeDiff;
clock64_t adjustedTimeDiff; clock64_t adjustedTimeDiff;
clock64_t timeNow; clock64_t timeNow;
clock64_t readjustedTimeDiff; clock64_t readjustedTimeDiff;
@ -236,17 +236,17 @@ LIB_EXPORT uint64_t _plat__TimerRead(void)
// if this hasn't been initialized, initialize it // if this hasn't been initialized, initialize it
if(s_lastSystemTime == 0) if(s_lastSystemTime == 0)
{ {
s_lastSystemTime = timeNow; s_lastSystemTime = timeNow;
debugTime = clock(); debugTime = clock();
s_lastReportedTime = 0; s_lastReportedTime = 0;
s_realTimePrevious = 0; s_realTimePrevious = 0;
} }
// The system time can bounce around and that's OK as long as we don't allow // The system time can bounce around and that's OK as long as we don't allow
// time to go backwards. When the time does appear to go backwards, set // time to go backwards. When the time does appear to go backwards, set
// lastSystemTime to be the new value and then update the reported time. // lastSystemTime to be the new value and then update the reported time.
if(timeNow < s_lastReportedTime) if(timeNow < s_lastReportedTime)
s_lastSystemTime = timeNow; s_lastSystemTime = timeNow;
s_lastReportedTime = s_lastReportedTime + timeNow - s_lastSystemTime; s_lastReportedTime = s_lastReportedTime + timeNow - s_lastSystemTime;
s_lastSystemTime = timeNow; s_lastSystemTime = timeNow;
timeNow = s_lastReportedTime; timeNow = s_lastReportedTime;
@ -257,7 +257,7 @@ LIB_EXPORT uint64_t _plat__TimerRead(void)
// uses that value and does the rate adjustment on the time value. // uses that value and does the rate adjustment on the time value.
// If there is no difference in time, then skip all the computations // If there is no difference in time, then skip all the computations
if(s_realTimePrevious >= timeNow) if(s_realTimePrevious >= timeNow)
return s_tpmTime; return s_tpmTime;
// Compute the amount of time since the last update of the system clock // Compute the amount of time since the last update of the system clock
timeDiff = timeNow - s_realTimePrevious; timeDiff = timeNow - s_realTimePrevious;
@ -324,33 +324,71 @@ LIB_EXPORT void _plat__ClockRateAdjust(_plat__ClockAdjustStep adjust)
// We expect the caller should only use a fixed set of constant values to // We expect the caller should only use a fixed set of constant values to
// adjust the rate // adjust the rate
switch(adjust) switch(adjust)
{ {
// slower increases the divisor // slower increases the divisor
case PLAT_TPM_CLOCK_ADJUST_COARSE_SLOWER: case PLAT_TPM_CLOCK_ADJUST_COARSE_SLOWER:
s_adjustRate += CLOCK_ADJUST_COARSE; s_adjustRate += CLOCK_ADJUST_COARSE;
break; break;
case PLAT_TPM_CLOCK_ADJUST_MEDIUM_SLOWER: case PLAT_TPM_CLOCK_ADJUST_MEDIUM_SLOWER:
s_adjustRate += CLOCK_ADJUST_MEDIUM; s_adjustRate += CLOCK_ADJUST_MEDIUM;
break; break;
case PLAT_TPM_CLOCK_ADJUST_FINE_SLOWER: case PLAT_TPM_CLOCK_ADJUST_FINE_SLOWER:
s_adjustRate += CLOCK_ADJUST_FINE; s_adjustRate += CLOCK_ADJUST_FINE;
break; break;
// faster decreases the divisor // faster decreases the divisor
case PLAT_TPM_CLOCK_ADJUST_FINE_FASTER: case PLAT_TPM_CLOCK_ADJUST_FINE_FASTER:
s_adjustRate -= CLOCK_ADJUST_FINE; s_adjustRate -= CLOCK_ADJUST_FINE;
break; break;
case PLAT_TPM_CLOCK_ADJUST_MEDIUM_FASTER: case PLAT_TPM_CLOCK_ADJUST_MEDIUM_FASTER:
s_adjustRate -= CLOCK_ADJUST_MEDIUM; s_adjustRate -= CLOCK_ADJUST_MEDIUM;
break; break;
case PLAT_TPM_CLOCK_ADJUST_COARSE_FASTER: case PLAT_TPM_CLOCK_ADJUST_COARSE_FASTER:
s_adjustRate -= CLOCK_ADJUST_COARSE; s_adjustRate -= CLOCK_ADJUST_COARSE;
break; break;
} }
if(s_adjustRate > (CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT)) if(s_adjustRate > (CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT))
s_adjustRate = CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT; s_adjustRate = CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT;
if(s_adjustRate < (CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT)) if(s_adjustRate < (CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT))
s_adjustRate = CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT; s_adjustRate = CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT;
return; return;
} }
#if 0
/* added for portability because Linux clock is 32 bits */
#include <stdint.h>
#include <stdio.h>
#include <time.h>
#include "TpmFail_fp.h"
LIB_EXPORT uint64_t
_plat__RealTime(
void
)
{
clock64_t time;
//#ifdef _MSC_VER kgold
#ifdef TPM_WINDOWS
#include <sys/timeb.h>
struct _timeb sysTime;
//
_ftime(&sysTime); /* kgold, mingw doesn't have _ftime_s */
time = (clock64_t)(sysTime.time) * 1000 + sysTime.millitm;
// set the time back by one hour if daylight savings
if(sysTime.dstflag)
time -= 1000 * 60 * 60; // mSec/sec * sec/min * min/hour = ms/hour
#else
// hopefully, this will work with most UNIX systems
struct timespec systime;
//
clock_gettime(CLOCK_MONOTONIC, &systime);
time = (clock64_t)systime.tv_sec * 1000 + (systime.tv_nsec / 1000000);
#endif
return time;
}
#endif

31
src/tpm2/ClockRateAdjust_fp.h
View File

@ -59,28 +59,23 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CLOCKRATEADJUST_FP_H
#define CLOCKRATEADJUST_FP_H
#if CC_ClockRateAdjust // Command must be enabled typedef struct {
TPMI_RH_PROVISION auth;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLOCKRATEADJUST_FP_H_ TPM_CLOCK_ADJUST rateAdjust;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLOCKRATEADJUST_FP_H_
// Input structure definition
typedef struct
{
TPMI_RH_PROVISION auth;
TPM_CLOCK_ADJUST rateAdjust;
} ClockRateAdjust_In; } ClockRateAdjust_In;
// Response code modifiers #define RC_ClockRateAdjust_auth (TPM_RC_H + TPM_RC_1)
# define RC_ClockRateAdjust_auth (TPM_RC_H + TPM_RC_1) #define RC_ClockRateAdjust_rateAdjust (TPM_RC_P + TPM_RC_1)
# define RC_ClockRateAdjust_rateAdjust (TPM_RC_P + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_ClockRateAdjust(ClockRateAdjust_In* in); TPM2_ClockRateAdjust(
ClockRateAdjust_In *in // IN: input parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLOCKRATEADJUST_FP_H_ #endif
#endif // CC_ClockRateAdjust

31
src/tpm2/ClockSet_fp.h
View File

@ -59,28 +59,23 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CLOCKSET_FP_H
#define CLOCKSET_FP_H
#if CC_ClockSet // Command must be enabled typedef struct {
TPMI_RH_PROVISION auth;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLOCKSET_FP_H_ UINT64 newTime;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLOCKSET_FP_H_
// Input structure definition
typedef struct
{
TPMI_RH_PROVISION auth;
UINT64 newTime;
} ClockSet_In; } ClockSet_In;
// Response code modifiers #define RC_ClockSet_auth (TPM_RC_H + TPM_RC_1)
# define RC_ClockSet_auth (TPM_RC_H + TPM_RC_1) #define RC_ClockSet_newTime (TPM_RC_P + TPM_RC_1)
# define RC_ClockSet_newTime (TPM_RC_P + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_ClockSet(ClockSet_In* in); TPM2_ClockSet(
ClockSet_In *in // IN: input parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CLOCKSET_FP_H_
#endif // CC_ClockSet #endif

1278
src/tpm2/CommandAttributeData.h
View File

File diff suppressed because it is too large Load Diff

56
src/tpm2/CommandAttributes.h
View File

@ -59,36 +59,30 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef COMMANDATTRIBUTES_H
* Created by TpmStructures; Version 4.4 Mar 26, 2019 #define COMMANDATTRIBUTES_H
* Date: Aug 30, 2019 Time: 02:11:52PM
*/
// The attributes defined in this file are produced by the parser that /* 5.7 CommandAttributes.h */
// creates the structure definitions from Part 3. The attributes are defined /* The attributes defined in this file are produced by the parser that creates the structure
// in that parser and should track the attributes being tested in definitions from Part 3. The attributes are defined in that parser and should track the
// CommandCodeAttributes.c. Generally, when an attribute is added to this list, attributes being tested in CommandCodeAttributes.c. Generally, when an attribute is added to this
// new code will be needed in CommandCodeAttributes.c to test it. list, new code will be needed in CommandCodeAttributes.c to test it. */
#ifndef COMMAND_ATTRIBUTES_H typedef UINT16 COMMAND_ATTRIBUTES;
#define COMMAND_ATTRIBUTES_H #define NOT_IMPLEMENTED (COMMAND_ATTRIBUTES)(0)
#define ENCRYPT_2 ((COMMAND_ATTRIBUTES)1 << 0)
typedef UINT16 COMMAND_ATTRIBUTES; #define ENCRYPT_4 ((COMMAND_ATTRIBUTES)1 << 1)
#define NOT_IMPLEMENTED (COMMAND_ATTRIBUTES)(0) #define DECRYPT_2 ((COMMAND_ATTRIBUTES)1 << 2)
#define ENCRYPT_2 ((COMMAND_ATTRIBUTES)1 << 0) #define DECRYPT_4 ((COMMAND_ATTRIBUTES)1 << 3)
#define ENCRYPT_4 ((COMMAND_ATTRIBUTES)1 << 1) #define HANDLE_1_USER ((COMMAND_ATTRIBUTES)1 << 4)
#define DECRYPT_2 ((COMMAND_ATTRIBUTES)1 << 2) #define HANDLE_1_ADMIN ((COMMAND_ATTRIBUTES)1 << 5)
#define DECRYPT_4 ((COMMAND_ATTRIBUTES)1 << 3) #define HANDLE_1_DUP ((COMMAND_ATTRIBUTES)1 << 6)
#define HANDLE_1_USER ((COMMAND_ATTRIBUTES)1 << 4) #define HANDLE_2_USER ((COMMAND_ATTRIBUTES)1 << 7)
#define HANDLE_1_ADMIN ((COMMAND_ATTRIBUTES)1 << 5) #define PP_COMMAND ((COMMAND_ATTRIBUTES)1 << 8)
#define HANDLE_1_DUP ((COMMAND_ATTRIBUTES)1 << 6) #define IS_IMPLEMENTED ((COMMAND_ATTRIBUTES)1 << 9)
#define HANDLE_2_USER ((COMMAND_ATTRIBUTES)1 << 7) #define NO_SESSIONS ((COMMAND_ATTRIBUTES)1 << 10)
#define PP_COMMAND ((COMMAND_ATTRIBUTES)1 << 8) #define NV_COMMAND ((COMMAND_ATTRIBUTES)1 << 11)
#define IS_IMPLEMENTED ((COMMAND_ATTRIBUTES)1 << 9) #define PP_REQUIRED ((COMMAND_ATTRIBUTES)1 << 12)
#define NO_SESSIONS ((COMMAND_ATTRIBUTES)1 << 10) #define R_HANDLE ((COMMAND_ATTRIBUTES)1 << 13)
#define NV_COMMAND ((COMMAND_ATTRIBUTES)1 << 11) #define ALLOW_TRIAL ((COMMAND_ATTRIBUTES)1 << 14)
#define PP_REQUIRED ((COMMAND_ATTRIBUTES)1 << 12) #endif // COMMAND_ATTRIBUTES_H
#define R_HANDLE ((COMMAND_ATTRIBUTES)1 << 13)
#define ALLOW_TRIAL ((COMMAND_ATTRIBUTES)1 << 14)
#endif // COMMAND_ATTRIBUTES_H

146
src/tpm2/CommandAudit.c
View File

@ -100,13 +100,13 @@ void CommandAuditPreInstall_Init(void)
//*** CommandAuditStartup() //*** CommandAuditStartup()
// This function clears the command audit digest on a TPM Reset. // This function clears the command audit digest on a TPM Reset.
BOOL CommandAuditStartup(STARTUP_TYPE type // IN: start up type BOOL CommandAuditStartup(STARTUP_TYPE type // IN: start up type
) )
{ {
if((type != SU_RESTART) && (type != SU_RESUME)) if((type != SU_RESTART) && (type != SU_RESUME))
{ {
// Reset the digest size to initialize the digest // Reset the digest size to initialize the digest
gr.commandAuditDigest.t.size = 0; gr.commandAuditDigest.t.size = 0;
} }
return TRUE; return TRUE;
} }
@ -124,24 +124,24 @@ BOOL CommandAuditStartup(STARTUP_TYPE type // IN: start up type
// TRUE(1) command code audit status was changed // TRUE(1) command code audit status was changed
// FALSE(0) command code audit status was not changed // FALSE(0) command code audit status was not changed
BOOL CommandAuditSet(TPM_CC commandCode // IN: command code BOOL CommandAuditSet(TPM_CC commandCode // IN: command code
) )
{ {
COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode);
// Only SET a bit if the corresponding command is implemented // Only SET a bit if the corresponding command is implemented
if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX)
{ {
// Can't audit shutdown // Can't audit shutdown
if(commandCode != TPM_CC_Shutdown) if(commandCode != TPM_CC_Shutdown)
{ {
if(!TEST_BIT(commandIndex, gp.auditCommands)) if(!TEST_BIT(commandIndex, gp.auditCommands))
{ {
// Set bit // Set bit
SET_BIT(commandIndex, gp.auditCommands); SET_BIT(commandIndex, gp.auditCommands);
return TRUE; return TRUE;
} }
} }
} }
// No change // No change
return FALSE; return FALSE;
} }
@ -158,25 +158,25 @@ BOOL CommandAuditSet(TPM_CC commandCode // IN: command code
// TRUE(1) command code audit status was changed // TRUE(1) command code audit status was changed
// FALSE(0) command code audit status was not changed // FALSE(0) command code audit status was not changed
BOOL CommandAuditClear(TPM_CC commandCode // IN: command code BOOL CommandAuditClear(TPM_CC commandCode // IN: command code
) )
{ {
COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode);
// Do nothing if the command is not implemented // Do nothing if the command is not implemented
if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX)
{ {
// The bit associated with TPM_CC_SetCommandCodeAuditStatus() cannot be // The bit associated with TPM_CC_SetCommandCodeAuditStatus() cannot be
// cleared // cleared
if(commandCode != TPM_CC_SetCommandCodeAuditStatus) if(commandCode != TPM_CC_SetCommandCodeAuditStatus)
{ {
if(TEST_BIT(commandIndex, gp.auditCommands)) if(TEST_BIT(commandIndex, gp.auditCommands))
{ {
// Clear bit // Clear bit
CLEAR_BIT(commandIndex, gp.auditCommands); CLEAR_BIT(commandIndex, gp.auditCommands);
return TRUE; return TRUE;
} }
} }
} }
// No change // No change
return FALSE; return FALSE;
} }
@ -187,7 +187,7 @@ BOOL CommandAuditClear(TPM_CC commandCode // IN: command code
// TRUE(1) command is audited // TRUE(1) command is audited
// FALSE(0) command is not audited // FALSE(0) command is not audited
BOOL CommandAuditIsRequired(COMMAND_INDEX commandIndex // IN: command index BOOL CommandAuditIsRequired(COMMAND_INDEX commandIndex // IN: command index
) )
{ {
// Check the bit map. If the bit is SET, command audit is required // Check the bit map. If the bit is SET, command audit is required
return (TEST_BIT(commandIndex, gp.auditCommands)); return (TEST_BIT(commandIndex, gp.auditCommands));
@ -202,9 +202,9 @@ BOOL CommandAuditIsRequired(COMMAND_INDEX commandIndex // IN: command index
// NO all the available command code has been returned // NO all the available command code has been returned
TPMI_YES_NO TPMI_YES_NO
CommandAuditCapGetCCList(TPM_CC commandCode, // IN: start command code CommandAuditCapGetCCList(TPM_CC commandCode, // IN: start command code
UINT32 count, // IN: count of returned TPM_CC UINT32 count, // IN: count of returned TPM_CC
TPML_CC* commandList // OUT: list of TPM_CC TPML_CC* commandList // OUT: list of TPM_CC
) )
{ {
TPMI_YES_NO more = NO; TPMI_YES_NO more = NO;
COMMAND_INDEX commandIndex; COMMAND_INDEX commandIndex;
@ -214,37 +214,37 @@ CommandAuditCapGetCCList(TPM_CC commandCode, // IN: start command code
// The maximum count of command we may return is MAX_CAP_CC // The maximum count of command we may return is MAX_CAP_CC
if(count > MAX_CAP_CC) if(count > MAX_CAP_CC)
count = MAX_CAP_CC; count = MAX_CAP_CC;
// Find the implemented command that has a command code that is the same or // Find the implemented command that has a command code that is the same or
// higher than the input // higher than the input
// Collect audit commands // Collect audit commands
for(commandIndex = GetClosestCommandIndex(commandCode); for(commandIndex = GetClosestCommandIndex(commandCode);
commandIndex != UNIMPLEMENTED_COMMAND_INDEX; commandIndex != UNIMPLEMENTED_COMMAND_INDEX;
commandIndex = GetNextCommandIndex(commandIndex)) commandIndex = GetNextCommandIndex(commandIndex))
{ {
if(CommandAuditIsRequired(commandIndex)) if(CommandAuditIsRequired(commandIndex))
{ {
if(commandList->count < count) if(commandList->count < count)
{ {
// If we have not filled up the return list, add this command // If we have not filled up the return list, add this command
// code to its // code to its
TPM_CC cc = TPM_CC cc =
GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex); GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex);
if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V))
cc += (1 << 29); cc += (1 << 29);
commandList->commandCodes[commandList->count] = cc; commandList->commandCodes[commandList->count] = cc;
commandList->count++; commandList->count++;
} }
else else
{ {
// If the return list is full but we still have command // If the return list is full but we still have command
// available, report this and stop iterating // available, report this and stop iterating
more = YES; more = YES;
break; break;
} }
} }
} }
return more; return more;
} }
@ -255,9 +255,9 @@ BOOL CommandAuditCapGetOneCC(TPM_CC commandCode) // IN: command code
{ {
COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode);
if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX)
{ {
return CommandAuditIsRequired(commandIndex); return CommandAuditIsRequired(commandIndex);
} }
return FALSE; return FALSE;
} }
@ -267,7 +267,7 @@ BOOL CommandAuditCapGetOneCC(TPM_CC commandCode) // IN: command code
// added to a hash. This operates as if all the audited command codes were // added to a hash. This operates as if all the audited command codes were
// concatenated and then hashed. // concatenated and then hashed.
void CommandAuditGetDigest(TPM2B_DIGEST* digest // OUT: command digest void CommandAuditGetDigest(TPM2B_DIGEST* digest // OUT: command digest
) )
{ {
TPM_CC commandCode; TPM_CC commandCode;
COMMAND_INDEX commandIndex; COMMAND_INDEX commandIndex;
@ -278,13 +278,13 @@ void CommandAuditGetDigest(TPM2B_DIGEST* digest // OUT: command digest
// Add command code // Add command code
for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++) for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++)
{ {
if(CommandAuditIsRequired(commandIndex)) if(CommandAuditIsRequired(commandIndex))
{ {
commandCode = GetCommandCode(commandIndex); commandCode = GetCommandCode(commandIndex);
CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode);
} }
} }
// Complete hash // Complete hash
CryptHashEnd2B(&hashState, &digest->b); CryptHashEnd2B(&hashState, &digest->b);

116
src/tpm2/CommandAudit_fp.h
View File

@ -58,91 +58,41 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef COMMANDAUDIT_FP_H
* Created by TpmPrototypes; Version 3.0 July 18, 2017 #define COMMANDAUDIT_FP_H
* Date: Apr 2, 2019 Time: 04:23:27PM
*/
#ifndef _COMMAND_AUDIT_FP_H_ void
#define _COMMAND_AUDIT_FP_H_ CommandAuditPreInstall_Init(
void
//*** CommandAuditPreInstall_Init() );
// This function initializes the command audit list. This function simulates BOOL
// the behavior of manufacturing. A function is used instead of a structure CommandAuditStartup(
// definition because this is easier than figuring out the initialization value STARTUP_TYPE type // IN: start up type
// for a bit array. );
// BOOL
// This function would not be implemented outside of a manufacturing or CommandAuditSet(
// simulation environment. TPM_CC commandCode // IN: command code
void CommandAuditPreInstall_Init(void); );
BOOL
//*** CommandAuditStartup() CommandAuditClear(
// This function clears the command audit digest on a TPM Reset. TPM_CC commandCode // IN: command code
BOOL CommandAuditStartup(STARTUP_TYPE type // IN: start up type );
); BOOL
CommandAuditIsRequired(
//*** CommandAuditSet() COMMAND_INDEX commandIndex // IN: command index
// This function will SET the audit flag for a command. This function );
// will not SET the audit flag for a command that is not implemented. This
// ensures that the audit status is not SET when TPM2_GetCapability() is
// used to read the list of audited commands.
//
// This function is only used by TPM2_SetCommandCodeAuditStatus().
//
// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the
// changes to be saved to NV after it is setting and clearing bits.
// Return Type: BOOL
// TRUE(1) command code audit status was changed
// FALSE(0) command code audit status was not changed
BOOL CommandAuditSet(TPM_CC commandCode // IN: command code
);
//*** CommandAuditClear()
// This function will CLEAR the audit flag for a command. It will not CLEAR the
// audit flag for TPM_CC_SetCommandCodeAuditStatus().
//
// This function is only used by TPM2_SetCommandCodeAuditStatus().
//
// The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the
// changes to be saved to NV after it is setting and clearing bits.
// Return Type: BOOL
// TRUE(1) command code audit status was changed
// FALSE(0) command code audit status was not changed
BOOL CommandAuditClear(TPM_CC commandCode // IN: command code
);
//*** CommandAuditIsRequired()
// This function indicates if the audit flag is SET for a command.
// Return Type: BOOL
// TRUE(1) command is audited
// FALSE(0) command is not audited
BOOL CommandAuditIsRequired(COMMAND_INDEX commandIndex // IN: command index
);
//*** CommandAuditCapGetCCList()
// This function returns a list of commands that have their audit bit SET.
//
// The list starts at the input commandCode.
// Return Type: TPMI_YES_NO
// YES if there are more command code available
// NO all the available command code has been returned
TPMI_YES_NO TPMI_YES_NO
CommandAuditCapGetCCList(TPM_CC commandCode, // IN: start command code CommandAuditCapGetCCList(
UINT32 count, // IN: count of returned TPM_CC TPM_CC commandCode, // IN: start command code
TPML_CC* commandList // OUT: list of TPM_CC UINT32 count, // IN: count of returned TPM_CC
); TPML_CC *commandList // OUT: list of TPM_CC
);
//*** CommandAuditCapGetOneCC()
// This function returns true if a command has its audit bit set.
BOOL CommandAuditCapGetOneCC(TPM_CC commandCode // IN: command code BOOL CommandAuditCapGetOneCC(TPM_CC commandCode // IN: command code
); );
void
CommandAuditGetDigest(
TPM2B_DIGEST *digest // OUT: command digest
);
//*** CommandAuditGetDigest
// This command is used to create a digest of the commands being audited. The
// commands are processed in ascending numeric order with a list of TPM_CC being
// added to a hash. This operates as if all the audited command codes were
// concatenated and then hashed.
void CommandAuditGetDigest(TPM2B_DIGEST* digest // OUT: command digest
);
#endif // _COMMAND_AUDIT_FP_H_ #endif

814
src/tpm2/CommandCodeAttributes.c
View File

@ -58,534 +58,532 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
//** Introduction /* 9.3 CommandCodeAttributes.c */
// This file contains the functions for testing various command properties. /* 9.3.1 Introduction */
/* This file contains the functions for testing various command properties. */
//** Includes and Defines /* 9.3.2 Includes and Defines */
#include "Tpm.h" #include "Tpm.h"
#include "CommandCodeAttributes_fp.h" #include "CommandCodeAttributes_fp.h"
/* Set the default value for CC_VEND if not already set */
// Set the default value for CC_VEND if not already set
#ifndef CC_VEND #ifndef CC_VEND
# define CC_VEND (TPM_CC)(0x20000000) #define CC_VEND (TPM_CC)(0x20000000)
#endif #endif
typedef UINT16 ATTRIBUTE_TYPE;
typedef UINT16 ATTRIBUTE_TYPE; /* The following file is produced from the command tables in part 3 of the specification. It defines
the attributes for each of the commands. */
// The following file is produced from the command tables in part 3 of the /* NOTE: This file is currently produced by an automated process. Files produced from Part 2 or Part
// specification. It defines the attributes for each of the commands. 3 tables through automated processes are not included in the specification so that there is no
// NOTE: This file is currently produced by an automated process. Files ambiguity about the table containing the information being the normative definition. */
// produced from Part 2 or Part 3 tables through automated processes are not
// included in the specification so that their is no ambiguity about the
// table containing the information being the normative definition.
#define _COMMAND_CODE_ATTRIBUTES_ #define _COMMAND_CODE_ATTRIBUTES_
#include "CommandAttributeData.h" #include "CommandAttributeData.h"
/* 9.3.3 Command Attribute Functions */
/* 9.3.3.1 NextImplementedIndex() */
/* This function is used when the lists are not compressed. In a compressed list, only the
implemented commands are present. So, a search might find a value but that value may not be
implemented. This function checks to see if the input commandIndex points to an implemented
command and, if not, it searches upwards until it finds one. When the list is compressed, this
function gets defined as a no-op. */
/* Return Value Meaning */
/* UNIMPLEMENTED_COMMAND_INDEX command is not implemented */
/* other index of the command */
//** Command Attribute Functions
//*** NextImplementedIndex()
// This function is used when the lists are not compressed. In a compressed list,
// only the implemented commands are present. So, a search might find a value
// but that value may not be implemented. This function checks to see if the input
// commandIndex points to an implemented command and, if not, it searches upwards
// until it finds one. When the list is compressed, this function gets defined
// as a no-op.
// Return Type: COMMAND_INDEX
// UNIMPLEMENTED_COMMAND_INDEX command is not implemented
// other index of the command
#if !COMPRESSED_LISTS #if !COMPRESSED_LISTS
static COMMAND_INDEX NextImplementedIndex(COMMAND_INDEX commandIndex) static COMMAND_INDEX
NextImplementedIndex(
COMMAND_INDEX commandIndex
)
{ {
for(; commandIndex < COMMAND_COUNT; commandIndex++) for(;commandIndex < COMMAND_COUNT; commandIndex++)
{ {
if((s_commandAttributes[commandIndex] & IS_IMPLEMENTED) && // libtpms changed if((s_commandAttributes[commandIndex] & IS_IMPLEMENTED) && // libtpms changed
RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added begin RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added begin
GET_ATTRIBUTE(s_ccAttr[commandIndex], GET_ATTRIBUTE(s_ccAttr[commandIndex],
TPMA_CC, commandIndex))) // libtpms added end TPMA_CC, commandIndex)))// libtpms added end
return commandIndex; return commandIndex;
} }
return UNIMPLEMENTED_COMMAND_INDEX; return UNIMPLEMENTED_COMMAND_INDEX;
} }
#else #else
# define NextImplementedIndex(x) (x) #define NextImplementedIndex(x) (x)
#endif #endif
/* 9.3.3.2 GetClosestCommandIndex() */
/* This function returns the command index for the command with a value that is equal to or greater
than the input value */
/* Return Value Meaning */
/* UNIMPLEMENTED_COMMAND_INDEX command is not implemented */
/* other index of the command */
//*** GetClosestCommandIndex()
// This function returns the command index for the command with a value that is
// equal to or greater than the input value
// Return Type: COMMAND_INDEX
// UNIMPLEMENTED_COMMAND_INDEX command is not implemented
// other index of a command
COMMAND_INDEX COMMAND_INDEX
GetClosestCommandIndex(TPM_CC commandCode // IN: the command code to start at GetClosestCommandIndex(
) TPM_CC commandCode // IN: the command code to start at
)
{ {
BOOL vendor = (commandCode & CC_VEND) != 0; BOOL vendor = (commandCode & CC_VEND) != 0;
COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode;
// The commandCode is a UINT32 and the search index is UINT16. We are going to // The commandCode is a UINT32 and the search index is UINT16. We are going to
// search for a match but need to make sure that the commandCode value is not // search for a match but need to make sure that the commandCode value is not
// out of range. To do this, need to clear the vendor bit of the commandCode // out of range. To do this, need to clear the vendor bit of the commandCode
// (if set) and compare the result to the 16-bit searchIndex value. If it is // (if set) and compare the result to the 16-bit searchIndex value. If it is
// out of range, indicate that the command is not implemented // out of range, indicate that the command is not implemented
if((commandCode & ~CC_VEND) != searchIndex) if((commandCode & ~CC_VEND) != searchIndex)
return UNIMPLEMENTED_COMMAND_INDEX; return UNIMPLEMENTED_COMMAND_INDEX;
// if there is at least one vendor command, the last entry in the array will // if there is at least one vendor command, the last entry in the array will
// have the v bit set. If the input commandCode is larger than the last // have the v bit set. If the input commandCode is larger than the last
// vendor-command, then it is out of range. // vendor-command, then it is out of range.
if(vendor) if(vendor)
{ {
#if VENDOR_COMMAND_ARRAY_SIZE > 0 #if VENDOR_COMMAND_ARRAY_SIZE > 0
COMMAND_INDEX commandIndex; COMMAND_INDEX commandIndex;
COMMAND_INDEX min; COMMAND_INDEX min;
COMMAND_INDEX max; COMMAND_INDEX max;
int diff; int diff;
# if LIBRARY_COMMAND_ARRAY_SIZE == COMMAND_COUNT #if LIBRARY_COMMAND_ARRAY_SIZE == COMMAND_COUNT
# error "Constants are not consistent." #error "Constants are not consistent."
# endif
// Check to see if the value is equal to or below the minimum
// entry.
// Note: Put this check first so that the typical case of only one vendor-
// specific command doesn't waste any more time.
if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE], TPMA_CC, commandIndex)
>= searchIndex)
{
// the vendor array is always assumed to be packed so there is
// no need to check to see if the command is implemented
return LIBRARY_COMMAND_ARRAY_SIZE;
}
// See if this is out of range on the top
if(GET_ATTRIBUTE(s_ccAttr[COMMAND_COUNT - 1], TPMA_CC, commandIndex)
< searchIndex)
{
return UNIMPLEMENTED_COMMAND_INDEX;
}
commandIndex = UNIMPLEMENTED_COMMAND_INDEX; // Needs initialization to keep
// compiler happy
min = LIBRARY_COMMAND_ARRAY_SIZE; // first vendor command
max = COMMAND_COUNT - 1; // last vendor command
diff = 1; // needs initialization to keep
// compiler happy
while(min <= max)
{
commandIndex = (min + max + 1) / 2;
diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)
- searchIndex;
if(diff == 0)
return commandIndex;
if(diff > 0)
max = commandIndex - 1;
else
min = commandIndex + 1;
}
// didn't find and exact match. commandIndex will be pointing at the last
// item tested. If 'diff' is positive, then the last item tested was
// larger index of the command code so it is the smallest value
// larger than the requested value.
if(diff > 0)
return commandIndex;
// if 'diff' is negative, then the value tested was smaller than
// the commandCode index and the next higher value is the correct one.
// Note: this will necessarily be in range because of the earlier check
// that the index was within range.
return commandIndex + 1;
#else
// If there are no vendor commands so anything with the vendor bit set is out
// of range
return UNIMPLEMENTED_COMMAND_INDEX;
#endif #endif
} // Check to see if the value is equal to or below the minimum
// entry.
// Note: Put this check first so that the typical case of only one vendor-
// specific command doesn't waste any more time.
if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE], TPMA_CC,
commandIndex) >= searchIndex)
{
// the vendor array is always assumed to be packed so there is
// no need to check to see if the command is implemented
return LIBRARY_COMMAND_ARRAY_SIZE;
}
// See if this is out of range on the top
if(GET_ATTRIBUTE(s_ccAttr[COMMAND_COUNT - 1], TPMA_CC, commandIndex)
< searchIndex)
{
return UNIMPLEMENTED_COMMAND_INDEX;
}
commandIndex = UNIMPLEMENTED_COMMAND_INDEX; // Needs initialization to keep
// compiler happy
min = LIBRARY_COMMAND_ARRAY_SIZE; // first vendor command
max = COMMAND_COUNT - 1; // last vendor command
diff = 1; // needs initialization to keep
// compiler happy
while(min <= max)
{
commandIndex = (min + max + 1) / 2;
diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)
- searchIndex;
if(diff == 0)
return commandIndex;
if(diff > 0)
max = commandIndex - 1;
else
min = commandIndex + 1;
}
// didn't find and exact match. commandIndex will be pointing at the last
// item tested. If 'diff' is positive, then the last item tested was
// larger index of the command code so it is the smallest value
// larger than the requested value.
if(diff > 0)
return commandIndex;
// if 'diff' is negative, then the value tested was smaller than
// the commandCode index and the next higher value is the correct one.
// Note: this will necessarily be in range because of the earlier check
// that the index was within range.
return commandIndex + 1;
#else
// If there are no vendor commands so anything with the vendor bit set is out
// of range
return UNIMPLEMENTED_COMMAND_INDEX;
#endif
}
// Get here if the V-Bit was not set in 'commandCode' // Get here if the V-Bit was not set in 'commandCode'
if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE - 1], TPMA_CC,
if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE - 1], TPMA_CC, commandIndex) commandIndex) < searchIndex)
< searchIndex) {
{ // requested index is out of the range to the top
// requested index is out of the range to the top
#if VENDOR_COMMAND_ARRAY_SIZE > 0 #if VENDOR_COMMAND_ARRAY_SIZE > 0
// If there are vendor commands, then the first vendor command // If there are vendor commands, then the first vendor command
// is the next value greater than the commandCode. // is the next value greater than the commandCode.
// NOTE: we got here if the starting index did not have the V bit but we // NOTE: we got here if the starting index did not have the V bit but we
// reached the end of the array of library commands (non-vendor). Since // reached the end of the array of library commands (non-vendor). Since
// there is at least one vendor command, and vendor commands are always // there is at least one vendor command, and vendor commands are always
// in a compressed list that starts after the library list, the next // in a compressed list that starts after the library list, the next
// index value contains a valid vendor command. // index value contains a valid vendor command.
return LIBRARY_COMMAND_ARRAY_SIZE; return LIBRARY_COMMAND_ARRAY_SIZE;
#else #else
// if there are no vendor commands, then this is out of range // if there are no vendor commands, then this is out of range
return UNIMPLEMENTED_COMMAND_INDEX; return UNIMPLEMENTED_COMMAND_INDEX;
#endif #endif
} }
// If the request is lower than any value in the array, then return // If the request is lower than any value in the array, then return
// the lowest value (needs to be an index for an implemented command // the lowest value (needs to be an index for an implemented command
if(GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex) >= searchIndex) if(GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex) >= searchIndex)
{ {
return NextImplementedIndex(0); return NextImplementedIndex(0);
} }
else else
{ {
#if COMPRESSED_LISTS #if COMPRESSED_LISTS
COMMAND_INDEX commandIndex = UNIMPLEMENTED_COMMAND_INDEX; COMMAND_INDEX commandIndex = UNIMPLEMENTED_COMMAND_INDEX;
COMMAND_INDEX min = 0; COMMAND_INDEX min = 0;
COMMAND_INDEX max = LIBRARY_COMMAND_ARRAY_SIZE - 1; COMMAND_INDEX max = LIBRARY_COMMAND_ARRAY_SIZE - 1;
int diff = 1; int diff = 1;
# if LIBRARY_COMMAND_ARRAY_SIZE == 0 #if LIBRARY_COMMAND_ARRAY_SIZE == 0
# error "Something is terribly wrong" #error "Something is terribly wrong"
# endif
// The s_ccAttr array contains an extra entry at the end (a zero value).
// Don't count this as an array entry. This means that max should start
// out pointing to the last valid entry in the array which is - 2
pAssert(
max
== (sizeof(s_ccAttr) / sizeof(TPMA_CC) - VENDOR_COMMAND_ARRAY_SIZE - 2));
while(min <= max)
{
commandIndex = (min + max + 1) / 2;
diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)
- searchIndex;
if(diff == 0)
return commandIndex;
if(diff > 0)
max = commandIndex - 1;
else
min = commandIndex + 1;
}
// didn't find and exact match. commandIndex will be pointing at the
// last item tested. If diff is positive, then the last item tested was
// larger index of the command code so it is the smallest value
// larger than the requested value.
if(diff > 0)
return commandIndex;
// if diff is negative, then the value tested was smaller than
// the commandCode index and the next higher value is the correct one.
// Note: this will necessarily be in range because of the earlier check
// that the index was within range.
return commandIndex + 1;
#else
// The list is not compressed so offset into the array by the command
// code value of the first entry in the list. Then go find the first
// implemented command.
return NextImplementedIndex(
searchIndex - (COMMAND_INDEX)GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex)); // libtpms changed
#endif #endif
} // The s_ccAttr array contains an extra entry at the end (a zero value).
// Don't count this as an array entry. This means that max should start
// out pointing to the last valid entry in the array which is - 2
pAssert(max == (sizeof(s_ccAttr) / sizeof(TPMA_CC)
- VENDOR_COMMAND_ARRAY_SIZE - 2));
while(min <= max)
{
commandIndex = (min + max + 1) / 2;
diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC,
commandIndex) - searchIndex;
if(diff == 0)
return commandIndex;
if(diff > 0)
max = commandIndex - 1;
else
min = commandIndex + 1;
}
// didn't find and exact match. commandIndex will be pointing at the
// last item tested. If diff is positive, then the last item tested was
// larger index of the command code so it is the smallest value
// larger than the requested value.
if(diff > 0)
return commandIndex;
// if diff is negative, then the value tested was smaller than
// the commandCode index and the next higher value is the correct one.
// Note: this will necessarily be in range because of the earlier check
// that the index was within range.
return commandIndex + 1;
#else
// The list is not compressed so offset into the array by the command
// code value of the first entry in the list. Then go find the first
// implemented command.
return NextImplementedIndex(searchIndex
- (COMMAND_INDEX)GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex)); // libtpms changed
#endif
}
} }
/* 9.3.3.3 CommandCodeToComandIndex() */
//*** CommandCodeToComandIndex() /* This function returns the index in the various attributes arrays of the command. */
// This function returns the index in the various attributes arrays of the /* Return Values Meaning */
// command. /* UNIMPLEMENTED_COMMAND_INDEX command is not implemented */
// Return Type: COMMAND_INDEX /* other index of the command */
// UNIMPLEMENTED_COMMAND_INDEX command is not implemented
// other index of the command
COMMAND_INDEX COMMAND_INDEX
CommandCodeToCommandIndex(TPM_CC commandCode // IN: the command code to look up CommandCodeToCommandIndex(
) TPM_CC commandCode // IN: the command code to look up
)
{ {
// Extract the low 16-bits of the command code to get the starting search index // Extract the low 16-bits of the command code to get the starting search index
COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode;
BOOL vendor = (commandCode & CC_VEND) != 0; BOOL vendor = (commandCode & CC_VEND) != 0;
COMMAND_INDEX commandIndex; COMMAND_INDEX commandIndex;
#if !COMPRESSED_LISTS #if !COMPRESSED_LISTS
if(!vendor) if(!vendor)
{ {
commandIndex = searchIndex - (COMMAND_INDEX)GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex); // libtpms changed commandIndex = searchIndex - (COMMAND_INDEX)GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex); // libtpms changed
// Check for out of range or unimplemented. // Check for out of range or unimplemented.
// Note, since a COMMAND_INDEX is unsigned, if searchIndex is smaller than // Note, since a COMMAND_INDEX is unsigned, if searchIndex is smaller than
// the lowest value of command, it will become a 'negative' number making // the lowest value of command, it will become a 'negative' number making
// it look like a large unsigned number, this will cause it to fail // it look like a large unsigned number, this will cause it to fail
// the unsigned check below. // the unsigned check below.
if(commandIndex >= LIBRARY_COMMAND_ARRAY_SIZE if(commandIndex >= LIBRARY_COMMAND_ARRAY_SIZE
|| (s_commandAttributes[commandIndex] & IS_IMPLEMENTED) == 0 || (s_commandAttributes[commandIndex] & IS_IMPLEMENTED) == 0
|| !RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added || !RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands,// libtpms added
commandCode)) // libtpms added commandCode)) // libtpms added
return UNIMPLEMENTED_COMMAND_INDEX; return UNIMPLEMENTED_COMMAND_INDEX;
return commandIndex; return commandIndex;
} }
#endif #endif
// Need this code for any vendor code lookup or for compressed lists // Need this code for any vendor code lookup or for compressed lists
commandIndex = GetClosestCommandIndex(commandCode); commandIndex = GetClosestCommandIndex(commandCode);
// Look at the returned value from get closest. If it isn't the one that was // Look at the returned value from get closest. If it isn't the one that was
// requested, then the command is not implemented. // requested, then the command is not implemented.
// libtpms: Or it may be runtime-disabled // libtpms: Or it may be runtime-disabled
if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX)
{ {
if((GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) if((GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)
!= searchIndex) != searchIndex)
|| (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) != vendor || (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) != vendor
|| !RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added || !RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands,// libtpms added
commandCode)) // libtpms added commandCode)) // libtpms added
commandIndex = UNIMPLEMENTED_COMMAND_INDEX; commandIndex = UNIMPLEMENTED_COMMAND_INDEX;
} }
return commandIndex; return commandIndex;
} }
/* 9.3.3.4 GetNextCommandIndex() */
//*** GetNextCommandIndex() /* This function returns the index of the next implemented command. */
// This function returns the index of the next implemented command. /* Return Values Meaning */
// Return Type: COMMAND_INDEX /* UNIMPLEMENTED_COMMAND_INDEX no more implemented commands */
// UNIMPLEMENTED_COMMAND_INDEX no more implemented commands /* other the index of the next implemented command */
// other the index of the next implemented command
COMMAND_INDEX COMMAND_INDEX
GetNextCommandIndex(COMMAND_INDEX commandIndex // IN: the starting index GetNextCommandIndex(
) COMMAND_INDEX commandIndex // IN: the starting index
)
{ {
while(++commandIndex < COMMAND_COUNT) while(++commandIndex < COMMAND_COUNT)
{ {
if(!RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added begin if(!RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added begin
GET_ATTRIBUTE(s_ccAttr[commandIndex], GET_ATTRIBUTE(s_ccAttr[commandIndex],
TPMA_CC, commandIndex))) TPMA_CC, commandIndex)))
continue; // libtpms added end continue; // libtpms added end
#if !COMPRESSED_LISTS #if !COMPRESSED_LISTS
if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED) if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED)
#endif #endif
return commandIndex; return commandIndex;
} }
return UNIMPLEMENTED_COMMAND_INDEX; return UNIMPLEMENTED_COMMAND_INDEX;
} }
/* 9.3.3.5 GetCommandCode() */
//*** GetCommandCode() /* This function returns the commandCode associated with the command index */
// This function returns the commandCode associated with the command index
TPM_CC TPM_CC
GetCommandCode(COMMAND_INDEX commandIndex // IN: the command index GetCommandCode(
) COMMAND_INDEX commandIndex // IN: the command index
)
{ {
TPM_CC commandCode = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex); TPM_CC commandCode = GET_ATTRIBUTE(s_ccAttr[commandIndex],
TPMA_CC, commandIndex);
if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V))
commandCode += CC_VEND; commandCode += CC_VEND;
return commandCode; return commandCode;
} }
/* 9.3.3.6 CommandAuthRole() */
//*** CommandAuthRole() /* This function returns the authorization role required of a handle. */
// /* Return Values Meaning */
// This function returns the authorization role required of a handle. /* AUTH_NONE no authorization is required */
// /* AUTH_USER user role authorization is required */
// Return Type: AUTH_ROLE /* AUTH_ADMIN admin role authorization is required */
// AUTH_NONE no authorization is required /* AUTH_DUP duplication role authorization is required */
// AUTH_USER user role authorization is required
// AUTH_ADMIN admin role authorization is required
// AUTH_DUP duplication role authorization is required
AUTH_ROLE AUTH_ROLE
CommandAuthRole(COMMAND_INDEX commandIndex, // IN: command index CommandAuthRole(
UINT32 handleIndex // IN: handle index (zero based) COMMAND_INDEX commandIndex, // IN: command index
) UINT32 handleIndex // IN: handle index (zero based)
)
{ {
if(0 == handleIndex) if(0 == handleIndex)
{ {
// Any authorization role set? // Any authorization role set?
COMMAND_ATTRIBUTES properties = s_commandAttributes[commandIndex]; COMMAND_ATTRIBUTES properties = s_commandAttributes[commandIndex];
if(properties & HANDLE_1_USER)
if(properties & HANDLE_1_USER) return AUTH_USER;
return AUTH_USER; if(properties & HANDLE_1_ADMIN)
if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN;
return AUTH_ADMIN; if(properties & HANDLE_1_DUP)
if(properties & HANDLE_1_DUP) return AUTH_DUP;
return AUTH_DUP; }
}
else if(1 == handleIndex) else if(1 == handleIndex)
{ {
if(s_commandAttributes[commandIndex] & HANDLE_2_USER) if(s_commandAttributes[commandIndex] & HANDLE_2_USER)
return AUTH_USER; return AUTH_USER;
} }
return AUTH_NONE; return AUTH_NONE;
} }
/* 9.3.3.7 EncryptSize() */
/* This function returns the size of the decrypt size field. This function returns 0 if encryption
is not allowed */
/* Return Values Meaning */
/* 0 encryption not allowed */
/* 2 size field is two bytes */
/* 4 size field is four bytes */
//*** EncryptSize() int
// This function returns the size of the decrypt size field. This function returns EncryptSize(
// 0 if encryption is not allowed COMMAND_INDEX commandIndex // IN: command index
// Return Type: int )
// 0 encryption not allowed
// 2 size field is two bytes
// 4 size field is four bytes
int EncryptSize(COMMAND_INDEX commandIndex // IN: command index
)
{ {
return ((s_commandAttributes[commandIndex] & ENCRYPT_2) ? 2 return ((s_commandAttributes[commandIndex] & ENCRYPT_2) ? 2 :
: (s_commandAttributes[commandIndex] & ENCRYPT_4) ? 4 (s_commandAttributes[commandIndex] & ENCRYPT_4) ? 4 : 0);
: 0);
} }
//*** DecryptSize() /* 9.3.3.8 DecryptSize() */
// This function returns the size of the decrypt size field. This function returns /* This function returns the size of the decrypt size field. This function returns 0 if decryption
// 0 if decryption is not allowed is not allowed */
// Return Type: int /* Return Values Meaning */
// 0 encryption not allowed /* 0 encryption not allowed */
// 2 size field is two bytes /* 2 size field is two bytes */
// 4 size field is four bytes /* 4 size field is four bytes */
int DecryptSize(COMMAND_INDEX commandIndex // IN: command index
) int
DecryptSize(
COMMAND_INDEX commandIndex // IN: command index
)
{ {
return ((s_commandAttributes[commandIndex] & DECRYPT_2) ? 2 return ((s_commandAttributes[commandIndex] & DECRYPT_2) ? 2 :
: (s_commandAttributes[commandIndex] & DECRYPT_4) ? 4 (s_commandAttributes[commandIndex] & DECRYPT_4) ? 4 : 0);
: 0);
} }
//*** IsSessionAllowed() /* 9.3.3.9 IsSessionAllowed() */
// /* This function indicates if the command is allowed to have sessions. */
// This function indicates if the command is allowed to have sessions. /* This function must not be called if the command is not known to be implemented. */
// /* Return Values Meaning */
// This function must not be called if the command is not known to be implemented. /* TRUE session is allowed with this command */
// /* FALSE session is not allowed with this command */
// Return Type: BOOL
// TRUE(1) session is allowed with this command BOOL
// FALSE(0) session is not allowed with this command IsSessionAllowed(
BOOL IsSessionAllowed(COMMAND_INDEX commandIndex // IN: the command to be checked COMMAND_INDEX commandIndex // IN: the command to be checked
) )
{ {
return ((s_commandAttributes[commandIndex] & NO_SESSIONS) == 0); return ((s_commandAttributes[commandIndex] & NO_SESSIONS) == 0);
} }
//*** IsHandleInResponse() /* 9.3.3.10 IsHandleInResponse() */
// This function determines if a command has a handle in the response /* This function determines if a command has a handle in the response */
BOOL IsHandleInResponse(COMMAND_INDEX commandIndex)
BOOL
IsHandleInResponse(
COMMAND_INDEX commandIndex
)
{ {
return ((s_commandAttributes[commandIndex] & R_HANDLE) != 0); return ((s_commandAttributes[commandIndex] & R_HANDLE) != 0);
} }
//*** IsWriteOperation() /* 9.3.3.11 IsWriteOperation() */
// Checks to see if an operation will write to an NV Index and is subject to being /* Checks to see if an operation will write to an NV Index and is subject to being blocked by
// blocked by read-lock read-lock */
BOOL IsWriteOperation(COMMAND_INDEX commandIndex // IN: Command to check BOOL
) IsWriteOperation(
COMMAND_INDEX commandIndex // IN: Command to check
)
{ {
#ifdef WRITE_LOCK #ifdef WRITE_LOCK
return ((s_commandAttributes[commandIndex] & WRITE_LOCK) != 0); return ((s_commandAttributes[commandIndex] & WRITE_LOCK) != 0);
#else #else
if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V))
{ {
switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex))
{ {
case TPM_CC_NV_Write: case TPM_CC_NV_Write:
# if CC_NV_Increment #if CC_NV_Increment
case TPM_CC_NV_Increment: case TPM_CC_NV_Increment:
# endif #endif
# if CC_NV_SetBits #if CC_NV_SetBits
case TPM_CC_NV_SetBits: case TPM_CC_NV_SetBits:
# endif #endif
# if CC_NV_Extend #if CC_NV_Extend
case TPM_CC_NV_Extend: case TPM_CC_NV_Extend:
# endif #endif
# if CC_AC_Send #if CC_AC_Send
case TPM_CC_AC_Send: case TPM_CC_AC_Send:
# endif #endif
// NV write lock counts as a write operation for authorization purposes. // NV write lock counts as a write operation for authorization purposes.
// We check to see if the NV is write locked before we do the // We check to see if the NV is write locked before we do the
// authorization. If it is locked, we fail the command early. // authorization. If it is locked, we fail the command early.
case TPM_CC_NV_WriteLock: case TPM_CC_NV_WriteLock:
return TRUE; return TRUE;
default: default:
break; break;
} }
} }
return FALSE; return FALSE;
#endif #endif
} }
/* 9.3.3.12 IsReadOperation() */
//*** IsReadOperation() /* Checks to see if an operation will write to an NV Index and is subject to being blocked by
// Checks to see if an operation will write to an NV Index and is write-lock. */
// subject to being blocked by write-lock. BOOL
BOOL IsReadOperation(COMMAND_INDEX commandIndex // IN: Command to check IsReadOperation(
) COMMAND_INDEX commandIndex // IN: Command to check
)
{ {
#ifdef READ_LOCK #ifdef READ_LOCK
return ((s_commandAttributes[commandIndex] & READ_LOCK) != 0); return ((s_commandAttributes[commandIndex] & READ_LOCK) != 0);
#else #else
if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V))
{ {
switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex))
{ {
case TPM_CC_NV_Read: case TPM_CC_NV_Read:
case TPM_CC_PolicyNV: case TPM_CC_PolicyNV:
case TPM_CC_NV_Certify: case TPM_CC_NV_Certify:
// NV read lock counts as a read operation for authorization purposes. // NV read lock counts as a read operation for authorization purposes.
// We check to see if the NV is read locked before we do the // We check to see if the NV is read locked before we do the
// authorization. If it is locked, we fail the command early. // authorization. If it is locked, we fail the command early.
case TPM_CC_NV_ReadLock: case TPM_CC_NV_ReadLock:
return TRUE; return TRUE;
default: default:
break; break;
} }
} }
return FALSE; return FALSE;
#endif #endif
} }
/* 9.3.3.13 CommandCapGetCCList() */
//*** CommandCapGetCCList() /* This function returns a list of implemented commands and command attributes starting from the
// This function returns a list of implemented commands and command attributes command in commandCode. */
// starting from the command in 'commandCode'. /* Return Values Meaning */
// Return Type: TPMI_YES_NO /* YES more command attributes are available */
// YES more command attributes are available /* NO no more command attributes are available */
// NO no more command attributes are available
TPMI_YES_NO TPMI_YES_NO
CommandCapGetCCList(TPM_CC commandCode, // IN: start command code CommandCapGetCCList(
UINT32 count, // IN: maximum count for number of entries in TPM_CC commandCode, // IN: start command code
// 'commandList' UINT32 count, // IN: maximum count for number of entries in
TPML_CCA* commandList // OUT: list of TPMA_CC // 'commandList'
) TPML_CCA *commandList // OUT: list of TPMA_CC
)
{ {
TPMI_YES_NO more = NO; TPMI_YES_NO more = NO;
COMMAND_INDEX commandIndex; COMMAND_INDEX commandIndex;
// initialize output handle list count // initialize output handle list count
commandList->count = 0; commandList->count = 0;
for(commandIndex = GetClosestCommandIndex(commandCode); for(commandIndex = GetClosestCommandIndex(commandCode);
commandIndex != UNIMPLEMENTED_COMMAND_INDEX; commandIndex != UNIMPLEMENTED_COMMAND_INDEX;
commandIndex = GetNextCommandIndex(commandIndex)) commandIndex = GetNextCommandIndex(commandIndex))
{ {
#if !COMPRESSED_LISTS #if !COMPRESSED_LISTS
// this check isn't needed for compressed lists. // this check isn't needed for compressed lists.
if(!(s_commandAttributes[commandIndex] & IS_IMPLEMENTED)) if(!(s_commandAttributes[commandIndex] & IS_IMPLEMENTED))
continue; continue;
#endif #endif
if (!RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added begin if (!RuntimeCommandsCheckEnabled(&g_RuntimeProfile.RuntimeCommands, // libtpms added begin
GET_ATTRIBUTE(s_ccAttr[commandIndex], GET_ATTRIBUTE(s_ccAttr[commandIndex],
TPMA_CC, commandIndex))) TPMA_CC, commandIndex)))
continue; // libtpms added end continue; // libtpms added end
if(commandList->count < count) if(commandList->count < count)
{ {
// If the list is not full, add the attributes for this command. // If the list is not full, add the attributes for this command.
commandList->commandAttributes[commandList->count] = commandList->commandAttributes[commandList->count]
s_ccAttr[commandIndex]; = s_ccAttr[commandIndex];
commandList->count++; commandList->count++;
} }
else else
{ {
// If the list is full but there are more commands to report, // If the list is full but there are more commands to report,
// indicate this and return. // indicate this and return.
more = YES; more = YES;
break; break;
} }
} }
return more; return more;
} }
//*** CommandCapGetOneCC() //*** CommandCapGetOneCC()
// This function checks whether a command is implemented, and returns its // This function checks whether a command is implemented, and returns its
// attributes if so. // attributes if so.
BOOL CommandCapGetOneCC(TPM_CC commandCode, // IN: command code BOOL CommandCapGetOneCC(TPM_CC commandCode, // IN: command code
TPMA_CC* commandAttributes // OUT: command attributes TPMA_CC* commandAttributes // OUT: command attributes
) )
{ {
COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode);
if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX)
{ {
*commandAttributes = s_ccAttr[commandIndex]; *commandAttributes = s_ccAttr[commandIndex];
return TRUE; return TRUE;
} }
return FALSE; return FALSE;
} }
#if 0 /* libtpms added */ #if 0 /* libtpms added */
/* 9.3.3.14 IsVendorCommand() */
/* Function indicates if a command index references a vendor command. */
/* Return Values Meaning */
/* TRUE command is a vendor command */
/* FALSE command is not a vendor command */
//*** IsVendorCommand() BOOL
// Function indicates if a command index references a vendor command. IsVendorCommand(
// Return Type: BOOL COMMAND_INDEX commandIndex // IN: command index to check
// TRUE(1) command is a vendor command )
// FALSE(0) command is not a vendor command
BOOL IsVendorCommand(COMMAND_INDEX commandIndex // IN: command index to check
)
{ {
return (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)); return (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V));
} }
#endif /* libtpms added */ #endif /* libtpms added */

183
src/tpm2/CommandCodeAttributes_fp.h
View File

@ -58,141 +58,70 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef COMMANDCODEATTRIBUTES_FP_H
* Created by TpmPrototypes; Version 3.0 July 18, 2017 #define COMMANDCODEATTRIBUTES_FP_H
* Date: Mar 28, 2019 Time: 08:25:19PM
*/
#ifndef _COMMAND_CODE_ATTRIBUTES_FP_H_
#define _COMMAND_CODE_ATTRIBUTES_FP_H_
//*** GetClosestCommandIndex()
// This function returns the command index for the command with a value that is
// equal to or greater than the input value
// Return Type: COMMAND_INDEX
// UNIMPLEMENTED_COMMAND_INDEX command is not implemented
// other index of a command
COMMAND_INDEX COMMAND_INDEX
GetClosestCommandIndex(TPM_CC commandCode // IN: the command code to start at GetClosestCommandIndex(
); TPM_CC commandCode // IN: the command code to start at
);
//*** CommandCodeToComandIndex()
// This function returns the index in the various attributes arrays of the
// command.
// Return Type: COMMAND_INDEX
// UNIMPLEMENTED_COMMAND_INDEX command is not implemented
// other index of the command
COMMAND_INDEX COMMAND_INDEX
CommandCodeToCommandIndex(TPM_CC commandCode // IN: the command code to look up CommandCodeToCommandIndex(
); TPM_CC commandCode // IN: the command code to look up
);
//*** GetNextCommandIndex()
// This function returns the index of the next implemented command.
// Return Type: COMMAND_INDEX
// UNIMPLEMENTED_COMMAND_INDEX no more implemented commands
// other the index of the next implemented command
COMMAND_INDEX COMMAND_INDEX
GetNextCommandIndex(COMMAND_INDEX commandIndex // IN: the starting index GetNextCommandIndex(
); COMMAND_INDEX commandIndex // IN: the starting index
);
//*** GetCommandCode()
// This function returns the commandCode associated with the command index
TPM_CC TPM_CC
GetCommandCode(COMMAND_INDEX commandIndex // IN: the command index GetCommandCode(
); COMMAND_INDEX commandIndex // IN: the command index
);
//*** CommandAuthRole()
//
// This function returns the authorization role required of a handle.
//
// Return Type: AUTH_ROLE
// AUTH_NONE no authorization is required
// AUTH_USER user role authorization is required
// AUTH_ADMIN admin role authorization is required
// AUTH_DUP duplication role authorization is required
AUTH_ROLE AUTH_ROLE
CommandAuthRole(COMMAND_INDEX commandIndex, // IN: command index CommandAuthRole(
UINT32 handleIndex // IN: handle index (zero based) COMMAND_INDEX commandIndex, // IN: command index
); UINT32 handleIndex // IN: handle index (zero based)
);
//*** EncryptSize() int
// This function returns the size of the decrypt size field. This function returns EncryptSize(
// 0 if encryption is not allowed COMMAND_INDEX commandIndex // IN: command index
// Return Type: int );
// 0 encryption not allowed int
// 2 size field is two bytes DecryptSize(
// 4 size field is four bytes COMMAND_INDEX commandIndex // IN: command index
int EncryptSize(COMMAND_INDEX commandIndex // IN: command index );
); BOOL
IsSessionAllowed(
//*** DecryptSize() COMMAND_INDEX commandIndex // IN: the command to be checked
// This function returns the size of the decrypt size field. This function returns );
// 0 if decryption is not allowed BOOL
// Return Type: int IsHandleInResponse(
// 0 encryption not allowed COMMAND_INDEX commandIndex
// 2 size field is two bytes );
// 4 size field is four bytes BOOL
int DecryptSize(COMMAND_INDEX commandIndex // IN: command index IsWriteOperation(
); COMMAND_INDEX commandIndex // IN: Command to check
);
//*** IsSessionAllowed() BOOL
// IsReadOperation(
// This function indicates if the command is allowed to have sessions. COMMAND_INDEX commandIndex // IN: Command to check
// );
// This function must not be called if the command is not known to be implemented.
//
// Return Type: BOOL
// TRUE(1) session is allowed with this command
// FALSE(0) session is not allowed with this command
BOOL IsSessionAllowed(COMMAND_INDEX commandIndex // IN: the command to be checked
);
//*** IsHandleInResponse()
// This function determines if a command has a handle in the response
BOOL IsHandleInResponse(COMMAND_INDEX commandIndex);
//*** IsWriteOperation()
// Checks to see if an operation will write to an NV Index and is subject to being
// blocked by read-lock
BOOL IsWriteOperation(COMMAND_INDEX commandIndex // IN: Command to check
);
//*** IsReadOperation()
// Checks to see if an operation will write to an NV Index and is
// subject to being blocked by write-lock.
BOOL IsReadOperation(COMMAND_INDEX commandIndex // IN: Command to check
);
//*** CommandCapGetCCList()
// This function returns a list of implemented commands and command attributes
// starting from the command in 'commandCode'.
// Return Type: TPMI_YES_NO
// YES more command attributes are available
// NO no more command attributes are available
TPMI_YES_NO TPMI_YES_NO
CommandCapGetCCList(TPM_CC commandCode, // IN: start command code CommandCapGetCCList(
UINT32 count, // IN: maximum count for number of entries in TPM_CC commandCode, // IN: start command code
// 'commandList' UINT32 count, // IN: maximum count for number of entries in
TPML_CCA* commandList // OUT: list of TPMA_CC // 'commandList'
); TPML_CCA *commandList // OUT: list of TPMA_CC
);
//*** CommandCapGetOneCC()
// This function checks whether a command is implemented, and returns its
// attributes if so.
BOOL CommandCapGetOneCC(TPM_CC commandCode, // IN: command code BOOL CommandCapGetOneCC(TPM_CC commandCode, // IN: command code
TPMA_CC* commandAttributes // OUT: Command attributes TPMA_CC* commandAttributes // OUT: Command attributes
); );
#if 0 /* libtpms added */ #if 0 /* libtpms added */
BOOL
//*** IsVendorCommand() IsVendorCommand(
// Function indicates if a command index references a vendor command. COMMAND_INDEX commandIndex // IN: command index to check
// Return Type: BOOL );
// TRUE(1) command is a vendor command
// FALSE(0) command is not a vendor command
BOOL IsVendorCommand(COMMAND_INDEX commandIndex // IN: command index to check
);
#endif /* libtpms added */ #endif /* libtpms added */
#endif // _COMMAND_CODE_ATTRIBUTES_FP_H_
#endif

7946
src/tpm2/CommandDispatchData.h
View File

File diff suppressed because it is too large Load Diff

585
src/tpm2/CommandDispatcher.c
View File

@ -59,425 +59,350 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* 6.3 CommandDispatcher.c */
//* Includes and Typedefs /* CommandDispatcher() performs the following operations: */
/* * unmarshals command parameters from the input buffer; */
/* NOTE Unlike other unmarshaling functions, parmBufferStart does not advance. parmBufferSize Is
reduced. */
/* * invokes the function that performs the command actions; */
/* * marshals the returned handles, if any; and */
/* * marshals the returned parameters, if any, into the output buffer putting in the
* parameterSize field if authorization sessions are present. */
/* NOTE 1 The output buffer is the return from the MemoryGetResponseBuffer() function. It includes
the header, handles, response parameters, and authorization area. respParmSize is the response
parameter size, and does not include the header, handles, or authorization area. */
/* NOTE 2 The reference implementation is permitted to do compare operations over a union as a byte
array. Therefore, the command parameter in structure must be initialized (e.g., zeroed) before
unmarshaling so that the compare operation is valid in cases where some bytes are unused. */
/* 6.3.1.1 Includes and Typedefs */
#include "Tpm.h" #include "Tpm.h"
#include "Marshal.h" // #include "Marshal.h" kgold
#if TABLE_DRIVEN_DISPATCH || TABLE_DRIVEN_MARSHAL
typedef TPM_RC(NoFlagFunction)(void* target, BYTE** buffer, INT32* size);
typedef TPM_RC(FlagFunction)(void* target, BYTE** buffer, INT32* size, BOOL flag);
typedef FlagFunction* UNMARSHAL_t;
typedef INT16(MarshalFunction)(void* source, BYTE** buffer, INT32* size);
typedef MarshalFunction* MARSHAL_t;
#if TABLE_DRIVEN_DISPATCH
typedef TPM_RC(NoFlagFunction)(void *target, BYTE **buffer, INT32 *size);
typedef TPM_RC(FlagFunction)(void *target, BYTE **buffer, INT32 *size, BOOL flag);
typedef FlagFunction *UNMARSHAL_t;
typedef INT16(MarshalFunction)(void *source, BYTE **buffer, INT32 *size);
typedef MarshalFunction *MARSHAL_t;
typedef TPM_RC(COMMAND_NO_ARGS)(void); typedef TPM_RC(COMMAND_NO_ARGS)(void);
typedef TPM_RC(COMMAND_IN_ARG)(void* in); typedef TPM_RC(COMMAND_IN_ARG)(void *in);
typedef TPM_RC(COMMAND_OUT_ARG)(void* out); typedef TPM_RC(COMMAND_OUT_ARG)(void *out);
typedef TPM_RC(COMMAND_INOUT_ARG)(void* in, void* out); typedef TPM_RC(COMMAND_INOUT_ARG)(void *in, void *out);
typedef union
typedef union COMMAND_t
{ {
COMMAND_NO_ARGS* noArgs; COMMAND_NO_ARGS *noArgs;
COMMAND_IN_ARG* inArg; COMMAND_IN_ARG *inArg;
COMMAND_OUT_ARG* outArg; COMMAND_OUT_ARG *outArg;
COMMAND_INOUT_ARG* inOutArg; COMMAND_INOUT_ARG *inOutArg;
} COMMAND_t; } COMMAND_t;
typedef struct
// This structure is used by ParseHandleBuffer() and CommandDispatcher(). The
// parameters in this structure are unique for each command. The parameters are:
// command holds the address of the command processing function that is called
// by Command Dispatcher
// inSize This is the size of the command-dependent input structure. The
// input structure holds the unmarshaled handles and command
// parameters. If the command takes no arguments (handles or
// parameters) then inSize will have a value of 0.
// outSize This is the size of the command-dependent output structure. The
// output structure holds the results of the command in an unmarshaled
// form. When command processing is completed, these values are
// marshaled into the output buffer. It is always the case that the
// unmarshaled version of an output structure is larger then the
// marshaled version. This is because the marshaled version contains
// the exact same number of significant bytes but with padding removed.
// typesOffsets This parameter points to the list of data types that are to be
// marshaled or unmarshaled. The list of types follows the 'offsets'
// array. The offsets array is variable sized so the typesOffset filed
// is necessary for the handle and command processing to be able to
// find the types that are being handled. The 'offsets' array may be
// empty. The 'types' structure is described below.
// offsets This is an array of offsets of each of the parameters in the
// command or response. When processing the command parameters (not
// handles) the list contains the offset of the next parameter. For
// example, if the first command parameter has a size of 4 and there is
// a second command parameter, then the offset would be 4, indicating
// that the second parameter starts at 4. If the second parameter has
// a size of 8, and there is a third parameter, then the second entry
// in offsets is 12 (4 for the first parameter and 8 for the second).
// An offset value of 0 in the list indicates the start of the response
// parameter list. When CommandDispatcher hits this value, it will stop
// unmarshaling the parameters and call 'command'. If a command has no
// response parameters and only one command parameter, then offsets can
// be an empty list.
typedef struct COMMAND_DESCRIPTOR_t
{ {
COMMAND_t command; // Address of the command COMMAND_t command; // Address of the command
UINT16 inSize; // Maximum size of the input structure UINT16 inSize; // Maximum size of the input structure
UINT16 outSize; // Maximum size of the output structure UINT16 outSize; // Maximum size of the output structure
UINT16 typesOffset; // address of the types field UINT16 typesOffset; // address of the types field
UINT16 offsets[1]; UINT16 offsets[1];
} COMMAND_DESCRIPTOR_t; } COMMAND_DESCRIPTOR_t;
#if COMPRESSED_LISTS
// The 'types' list is an encoded byte array. The byte value has two parts. The most # define PAD_LIST 0
// significant bit is used when a parameter takes a flag and indicates if the flag
// should be SET or not. The remaining 7 bits are an index into an array of
// addresses of marshaling and unmarshaling functions.
// The array of functions is divided into 6 sections with a value assigned
// to denote the start of that section (and the end of the previous section). The
// defined offset values for each section are:
// 0 unmarshaling for handles that do not take flags
// HANDLE_FIRST_FLAG_TYPE unmarshaling for handles that take flags
// PARAMETER_FIRST_TYPE unmarshaling for parameters that do not take flags
// PARAMETER_FIRST_FLAG_TYPE unmarshaling for parameters that take flags
// PARAMETER_LAST_TYPE + 1 marshaling for handles
// RESPONSE_PARAMETER_FIRST_TYPE marshaling for parameters
// RESPONSE_PARAMETER_LAST_TYPE is the last value in the list of marshaling and
// unmarshaling functions.
//
// The types list is constructed with a byte of 0xff at the end of the command
// parameters and with an 0xff at the end of the response parameters.
# if COMPRESSED_LISTS
# define PAD_LIST 0
# else
# define PAD_LIST 1
# endif
# define _COMMAND_TABLE_DISPATCH_
# include "CommandDispatchData.h"
# define TEST_COMMAND TPM_CC_Startup
# define NEW_CC
#else #else
# define PAD_LIST 1
# include "Commands.h" #endif
#define _COMMAND_TABLE_DISPATCH_
#include "CommandDispatchData.h"
#define TEST_COMMAND TPM_CC_Startup
#define NEW_CC
#else
#include "Commands.h"
#endif #endif
//* Marshal/Unmarshal Functions /* 6.3.1.2 Marshal/Unmarshal Functions */
/* 6.3.1.2.1 ParseHandleBuffer() */
/* This is the table-driven version of the handle buffer unmarshaling code */
//** ParseHandleBuffer()
// This is the table-driven version of the handle buffer unmarshaling code
TPM_RC TPM_RC
ParseHandleBuffer(COMMAND* command) ParseHandleBuffer(
COMMAND *command
)
{ {
TPM_RC result; TPM_RC result;
#if TABLE_DRIVEN_DISPATCH || TABLE_DRIVEN_MARSHAL #if TABLE_DRIVEN_DISPATCH
COMMAND_DESCRIPTOR_t* desc; COMMAND_DESCRIPTOR_t *desc;
BYTE* types; BYTE *types;
BYTE type; BYTE type;
BYTE dType; BYTE dType;
// Make sure that nothing strange has happened // Make sure that nothing strange has happened
pAssert( pAssert(command->index
command->index < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t*)); < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *));
// Get the address of the descriptor for this command // Get the address of the descriptor for this command
desc = s_CommandDataArray[command->index]; desc = s_CommandDataArray[command->index];
pAssert(desc != NULL); pAssert(desc != NULL);
// Get the associated list of unmarshaling data types. // Get the associated list of unmarshaling data types.
types = &((BYTE*)desc)[desc->typesOffset]; types = &((BYTE *)desc)[desc->typesOffset];
// if(s_ccAttr[commandIndex].commandIndex == TEST_COMMAND) // if(s_ccAttr[commandIndex].commandIndex == TEST_COMMAND)
// commandIndex = commandIndex; // commandIndex = commandIndex;
// No handles yet // No handles yet
command->handleNum = 0; command->handleNum = 0;
// Get the first type value // Get the first type value
for(type = *types++; for(type = *types++;
// check each byte to make sure that we have not hit the start // check each byte to make sure that we have not hit the start
// of the parameters // of the parameters
(dType = (type & 0x7F)) < PARAMETER_FIRST_TYPE; (dType = (type & 0x7F)) < PARAMETER_FIRST_TYPE;
// get the next type // get the next type
type = *types++) type = *types++)
{ {
# if TABLE_DRIVEN_MARSHAL #if TABLE_DRIVEN_MARSHAL
marshalIndex_t index; marshalIndex_t index;
index = unmarshalArray[dType] | ((type & 0x80) ? NULL_FLAG : 0); index = unmarshalArray[dType] | ((type & 0x80) ? NULL_FLAG : 0);
result = Unmarshal(index, result = Unmarshal(index, &(command->handles[command->handleNum]),
&(command->handles[command->handleNum]), &command->parameterBuffer, &command->parameterSize);
&command->parameterBuffer,
&command->parameterSize);
# else
// See if unmarshaling of this handle type requires a flag
if(dType < HANDLE_FIRST_FLAG_TYPE)
{
// Look up the function to do the unmarshaling
NoFlagFunction* f = (NoFlagFunction*)unmarshalArray[dType];
// call it
result = f(&(command->handles[command->handleNum]),
&command->parameterBuffer,
&command->parameterSize);
}
else
{
// Look up the function
FlagFunction* f = unmarshalArray[dType];
// Call it setting the flag to the appropriate value
result = f(&(command->handles[command->handleNum]),
&command->parameterBuffer,
&command->parameterSize,
(type & 0x80) != 0);
}
# endif
// Got a handle
// We do this first so that the match for the handle offset of the
// response code works correctly.
command->handleNum += 1;
if(result != TPM_RC_SUCCESS)
// if the unmarshaling failed, return the response code with the
// handle indication set
return result + TPM_RC_H + (command->handleNum * TPM_RC_1);
}
#else #else
BYTE** handleBufferStart = &command->parameterBuffer;
INT32* bufferRemainingSize = &command->parameterSize; // See if unmarshaling of this handle type requires a flag
TPM_HANDLE* handles = &command->handles[0]; if(dType < HANDLE_FIRST_FLAG_TYPE)
UINT32* handleCount = &command->handleNum; {
*handleCount = 0; // Look up the function to do the unmarshaling
NoFlagFunction *f = (NoFlagFunction *)unmarshalArray[dType];
// call it
result = f(&(command->handles[command->handleNum]),
&command->parameterBuffer,
&command->parameterSize);
}
else
{
// Look up the function
FlagFunction *f = unmarshalArray[dType];
// Call it setting the flag to the appropriate value
result = f(&(command->handles[command->handleNum]),
&command->parameterBuffer,
&command->parameterSize, (type & 0x80) != 0);
}
#endif
// Got a handle
// We do this first so that the match for the handle offset of the
// response code works correctly.
command->handleNum += 1;
if(result != TPM_RC_SUCCESS)
// if the unmarshaling failed, return the response code with the
// handle indication set
return result + TPM_RC_H + (command->handleNum * TPM_RC_1);
}
#else
BYTE **handleBufferStart = &command->parameterBuffer;
INT32 *bufferRemainingSize = &command->parameterSize;
TPM_HANDLE *handles = &command->handles[0];
UINT32 *handleCount = &command->handleNum;
*handleCount = 0;
switch(command->code) switch(command->code)
{ {
# include "HandleProcess.h" #include "HandleProcess.h"
# undef handles #undef handles
default: default:
FAIL(FATAL_ERROR_INTERNAL); FAIL(FATAL_ERROR_INTERNAL);
break; break;
} }
#endif #endif
return TPM_RC_SUCCESS; return TPM_RC_SUCCESS;
} }
//** CommandDispatcher() /* 6.3.1.2.2 CommandDispatcher() */
// Function to unmarshal the command parameters, call the selected action code, and /* Function to unmarshal the command parameters, call the selected action code, and marshal the
// marshal the response parameters. response parameters. */
TPM_RC
CommandDispatcher(COMMAND* command)
{
#if !TABLE_DRIVEN_DISPATCH || TABLE_DRIVEN_MARSHAL
TPM_RC result;
BYTE** paramBuffer = &command->parameterBuffer;
INT32* paramBufferSize = &command->parameterSize;
BYTE** responseBuffer = &command->responseBuffer;
INT32* respParmSize = &command->parameterSize;
INT32 rSize;
TPM_HANDLE* handles = &command->handles[0];
//
command->handleNum = 0; // The command-specific code knows how
// many handles there are. This is for
// cataloging the number of response
// handles
MemoryIoBufferAllocationReset(); // Initialize so that allocation will
// work properly
switch(GetCommandCode(command->index))
{
# include "CommandDispatcher.h"
default: TPM_RC
FAIL(FATAL_ERROR_INTERNAL); CommandDispatcher(
break; COMMAND *command
} )
Exit: {
#if !TABLE_DRIVEN_DISPATCH
TPM_RC result;
BYTE **paramBuffer = &command->parameterBuffer;
INT32 *paramBufferSize = &command->parameterSize;
BYTE **responseBuffer = &command->responseBuffer;
INT32 *respParmSize = &command->parameterSize;
INT32 rSize;
TPM_HANDLE *handles = &command->handles[0];
command->handleNum = 0; /* The command-specific code knows how many handles there are. This
is for cataloging the number of response handles */
MemoryIoBufferAllocationReset(); /* Initialize so that allocation will work properly */
switch(GetCommandCode(command->index))
{
#include "CommandDispatcher.h"
default:
FAIL(FATAL_ERROR_INTERNAL);
break;
}
Exit:
MemoryIoBufferZero(); MemoryIoBufferZero();
return result; return result;
#else #else
COMMAND_DESCRIPTOR_t* desc; COMMAND_DESCRIPTOR_t *desc;
BYTE* types; BYTE *types;
BYTE type; BYTE type;
UINT16* offsets; UINT16 *offsets;
UINT16 offset = 0; UINT16 offset = 0;
UINT32 maxInSize; UINT32 maxInSize;
BYTE* commandIn; BYTE *commandIn;
INT32 maxOutSize; INT32 maxOutSize;
BYTE* commandOut; BYTE *commandOut;
COMMAND_t cmd; COMMAND_t cmd;
TPM_HANDLE* handles; TPM_HANDLE *handles;
UINT32 hasInParameters = 0; UINT32 hasInParameters = 0;
BOOL hasOutParameters = FALSE; BOOL hasOutParameters = FALSE;
UINT32 pNum = 0; UINT32 pNum = 0;
BYTE dType; // dispatch type BYTE dType; // dispatch type
TPM_RC result; TPM_RC result;
// //
// Get the address of the descriptor for this command // Get the address of the descriptor for this command
pAssert( pAssert(command->index
command->index < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t*)); < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *));
desc = s_CommandDataArray[command->index]; desc = s_CommandDataArray[command->index];
// Get the list of parameter types for this command // Get the list of parameter types for this command
pAssert(desc != NULL); pAssert(desc != NULL);
types = &((BYTE*)desc)[desc->typesOffset]; types = &((BYTE *)desc)[desc->typesOffset];
// Get a pointer to the list of parameter offsets // Get a pointer to the list of parameter offsets
offsets = &desc->offsets[0]; offsets = &desc->offsets[0];
// pointer to handles // pointer to handles
handles = command->handles; handles = command->handles;
// Get the size required to hold all the unmarshaled parameters for this command // Get the size required to hold all the unmarshaled parameters for this command
maxInSize = desc->inSize; maxInSize = desc->inSize;
// and the size of the output parameter structure returned by this command // and the size of the output parameter structure returned by this command
maxOutSize = desc->outSize; maxOutSize = desc->outSize;
MemoryIoBufferAllocationReset(); MemoryIoBufferAllocationReset();
// Get a buffer for the input parameters // Get a buffer for the input parameters
commandIn = MemoryGetInBuffer(maxInSize); commandIn = MemoryGetInBuffer(maxInSize);
// And the output parameters // And the output parameters
commandOut = (BYTE*)MemoryGetOutBuffer((UINT32)maxOutSize); commandOut = (BYTE *)MemoryGetOutBuffer((UINT32)maxOutSize);
// Get the address of the action code dispatch // Get the address of the action code dispatch
cmd = desc->command; cmd = desc->command;
// Copy any handles into the input buffer // Copy any handles into the input buffer
for(type = *types++; (type & 0x7F) < PARAMETER_FIRST_TYPE; type = *types++) for(type = *types++; (type & 0x7F) < PARAMETER_FIRST_TYPE; type = *types++)
{ {
// 'offset' was initialized to zero so the first unmarshaling will always // 'offset' was initialized to zero so the first unmarshaling will always
// be to the start of the data structure // be to the start of the data structure
*(TPM_HANDLE*)&(commandIn[offset]) = *handles++; *(TPM_HANDLE *)&(commandIn[offset]) = *handles++;
// This check is used so that we don't have to add an additional offset // This check is used so that we don't have to add an additional offset
// value to the offsets list to correspond to the stop value in the // value to the offsets list to correspond to the stop value in the
// command parameter list. // command parameter list.
if(*types != 0xFF) if(*types != 0xFF)
offset = *offsets++; offset = *offsets++;
// maxInSize -= sizeof(TPM_HANDLE); // maxInSize -= sizeof(TPM_HANDLE);
hasInParameters++; hasInParameters++;
} }
// Exit loop with type containing the last value read from types // Exit loop with type containing the last value read from types
// maxInSize has the amount of space remaining in the command action input // maxInSize has the amount of space remaining in the command action input
// buffer. Make sure that we don't have more data to unmarshal than is going to // buffer. Make sure that we don't have more data to unmarshal than is going to
// fit. // fit.
// type contains the last value read from types so it is not necessary to // type contains the last value read from types so it is not necessary to
// reload it, which is good because *types now points to the next value // reload it, which is good because *types now points to the next value
for(; (dType = (type & 0x7F)) <= PARAMETER_LAST_TYPE; type = *types++) for(; (dType = (type & 0x7F)) <= PARAMETER_LAST_TYPE; type = *types++)
{ {
pNum++; pNum++;
# if TABLE_DRIVEN_MARSHAL #if TABLE_DRIVEN_MARSHAL
{ {
marshalIndex_t index = unmarshalArray[dType]; marshalIndex_t index = unmarshalArray[dType];
index |= (type & 0x80) ? NULL_FLAG : 0; index |= (type & 0x80) ? NULL_FLAG : 0;
result = Unmarshal(index, result = Unmarshal(index, &commandIn[offset], &command->parameterBuffer,
&commandIn[offset], &command->parameterSize);
&command->parameterBuffer, }
&command->parameterSize); #else
} if(dType < PARAMETER_FIRST_FLAG_TYPE)
# else {
if(dType < PARAMETER_FIRST_FLAG_TYPE) NoFlagFunction *f = (NoFlagFunction *)unmarshalArray[dType];
{ result = f(&commandIn[offset], &command->parameterBuffer,
NoFlagFunction* f = (NoFlagFunction*)unmarshalArray[dType]; &command->parameterSize);
result = f(&commandIn[offset], }
&command->parameterBuffer, else
&command->parameterSize); {
} FlagFunction *f = unmarshalArray[dType];
else result = f(&commandIn[offset], &command->parameterBuffer,
{ &command->parameterSize,
FlagFunction* f = unmarshalArray[dType]; (type & 0x80) != 0);
result = f(&commandIn[offset], }
&command->parameterBuffer, #endif
&command->parameterSize, if(result != TPM_RC_SUCCESS)
(type & 0x80) != 0); {
} result += TPM_RC_P + (TPM_RC_1 * pNum);
# endif goto Exit;
if(result != TPM_RC_SUCCESS) }
{ // This check is used so that we don't have to add an additional offset
result += TPM_RC_P + (TPM_RC_1 * pNum); // value to the offsets list to correspond to the stop value in the
goto Exit; // command parameter list.
} if(*types != 0xFF)
// This check is used so that we don't have to add an additional offset offset = *offsets++;
// value to the offsets list to correspond to the stop value in the hasInParameters++;
// command parameter list. }
if(*types != 0xFF)
offset = *offsets++;
hasInParameters++;
}
// Should have used all the bytes in the input // Should have used all the bytes in the input
if(command->parameterSize != 0) if(command->parameterSize != 0)
{ {
result = TPM_RC_SIZE; result = TPM_RC_SIZE;
goto Exit; goto Exit;
} }
// The command parameter unmarshaling stopped when it hit a value that was out // The command parameter unmarshaling stopped when it hit a value that was out
// of range for unmarshaling values and left *types pointing to the first // of range for unmarshaling values and left *types pointing to the first
// marshaling type. If that type happens to be the STOP value, then there // marshaling type. If that type happens to be the STOP value, then there
// are no response parameters. So, set the flag to indicate if there are // are no response parameters. So, set the flag to indicate if there are
// output parameters. // output parameters.
hasOutParameters = *types != 0xFF; hasOutParameters = *types != 0xFF;
// There are four cases for calling, with and without input parameters and with // There are four cases for calling, with and without input parameters and with
// and without output parameters. // and without output parameters.
if(hasInParameters > 0) if(hasInParameters > 0)
{ {
if(hasOutParameters) if(hasOutParameters)
result = cmd.inOutArg(commandIn, commandOut); result = cmd.inOutArg(commandIn, commandOut);
else else
result = cmd.inArg(commandIn); result = cmd.inArg(commandIn);
} }
else else
{ {
if(hasOutParameters) if(hasOutParameters)
result = cmd.outArg(commandOut); result = cmd.outArg(commandOut);
else else
result = cmd.noArgs(); result = cmd.noArgs();
} }
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
goto Exit; goto Exit;
// Offset in the marshaled output structure // Offset in the marshaled output structure
offset = 0; offset = 0;
// Process the return handles, if any // Process the return handles, if any
command->handleNum = 0; command->handleNum = 0;
// Could make this a loop to process output handles but there is only ever // Could make this a loop to process output handles but there is only ever
// one handle in the outputs (for now). // one handle in the outputs (for now).
type = *types++; type = *types++;
if((dType = (type & 0x7F)) < RESPONSE_PARAMETER_FIRST_TYPE) if((dType = (type & 0x7F)) < RESPONSE_PARAMETER_FIRST_TYPE)
{ {
// The out->handle value was referenced as TPM_HANDLE in the // The out->handle value was referenced as TPM_HANDLE in the
// action code so it has to be properly aligned. // action code so it has to be properly aligned.
command->handles[command->handleNum++] = command->handles[command->handleNum++] =
*((TPM_HANDLE*)&(commandOut[offset])); *((TPM_HANDLE *)&(commandOut[offset]));
maxOutSize -= sizeof(UINT32); maxOutSize -= sizeof(UINT32);
type = *types++; type = *types++;
offset = *offsets++; offset = *offsets++;
} }
// Use the size of the command action output buffer as the maximum for the // Use the size of the command action output buffer as the maximum for the
// number of bytes that can get marshaled. Since the marshaling code has // number of bytes that can get marshaled. Since the marshaling code has
// no pointers to data, all of the data being returned has to be in the // no pointers to data, all of the data being returned has to be in the
// command action output buffer. If we try to marshal more bytes than // command action output buffer. If we try to marshal more bytes than
// could fit into the output buffer, we need to fail. // could fit into the output buffer, we need to fail.
for(; (dType = (type & 0x7F)) <= RESPONSE_PARAMETER_LAST_TYPE && !g_inFailureMode; for(;(dType = (type & 0x7F)) <= RESPONSE_PARAMETER_LAST_TYPE
type = *types++) && !g_inFailureMode; type = *types++)
{ {
# if TABLE_DRIVEN_MARSHAL #if TABLE_DRIVEN_MARSHAL
marshalIndex_t index = marshalArray[dType]; marshalIndex_t index = marshalArray[dType];
command->parameterSize += Marshal( command->parameterSize += Marshal(index, &commandOut[offset],
index, &commandOut[offset], &command->responseBuffer, &maxOutSize); &command->responseBuffer,
# else &maxOutSize);
const MARSHAL_t f = marshalArray[dType]; #else
const MARSHAL_t f = marshalArray[dType];
command->parameterSize += command->parameterSize += f(&commandOut[offset], &command->responseBuffer,
f(&commandOut[offset], &command->responseBuffer, &maxOutSize); &maxOutSize);
# endif #endif
offset = *offsets++; offset = *offsets++;
} }
result = (maxOutSize < 0) ? TPM_RC_FAILURE : TPM_RC_SUCCESS; result = (maxOutSize < 0) ? TPM_RC_FAILURE : TPM_RC_SUCCESS;
Exit: Exit:
MemoryIoBufferZero(); MemoryIoBufferZero();
return result; return result;
#endif #endif

26
src/tpm2/CommandDispatcher_fp.h
View File

@ -59,23 +59,17 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef COMMANDDISPATCHER_FP_H
* Created by TpmPrototypes; Version 3.0 July 18, 2017 #define COMMANDDISPATCHER_FP_H
* Date: Mar 7, 2020 Time: 07:06:44PM
*/
#ifndef _COMMAND_DISPATCHER_FP_H_
#define _COMMAND_DISPATCHER_FP_H_
//** ParseHandleBuffer()
// This is the table-driven version of the handle buffer unmarshaling code
TPM_RC TPM_RC
ParseHandleBuffer(COMMAND* command); CommandDispatcher(
COMMAND *command
//** CommandDispatcher() );
// Function to unmarshal the command parameters, call the selected action code, and
// marshal the response parameters.
TPM_RC TPM_RC
CommandDispatcher(COMMAND* command); ParseHandleBuffer(
COMMAND *command
);
#endif // _COMMAND_DISPATCHER_FP_H_
#endif

55
src/tpm2/Commit_fp.h
View File

@ -59,41 +59,36 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef COMMIT_FP_H
#define COMMIT_FP_H
#if CC_Commit // Command must be enabled typedef struct {
TPMI_DH_OBJECT signHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_COMMIT_FP_H_ TPM2B_ECC_POINT P1;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_COMMIT_FP_H_ TPM2B_SENSITIVE_DATA s2;
TPM2B_ECC_PARAMETER y2;
// Input structure definition
typedef struct
{
TPMI_DH_OBJECT signHandle;
TPM2B_ECC_POINT P1;
TPM2B_SENSITIVE_DATA s2;
TPM2B_ECC_PARAMETER y2;
} Commit_In; } Commit_In;
// Output structure definition #define RC_Commit_signHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_Commit_P1 (TPM_RC_P + TPM_RC_1)
{ #define RC_Commit_s2 (TPM_RC_P + TPM_RC_2)
TPM2B_ECC_POINT K; #define RC_Commit_y2 (TPM_RC_P + TPM_RC_3)
TPM2B_ECC_POINT L;
TPM2B_ECC_POINT E; typedef struct {
UINT16 counter; TPM2B_ECC_POINT K;
TPM2B_ECC_POINT L;
TPM2B_ECC_POINT E;
UINT16 counter;
} Commit_Out; } Commit_Out;
// Response code modifiers
# define RC_Commit_signHandle (TPM_RC_H + TPM_RC_1)
# define RC_Commit_P1 (TPM_RC_P + TPM_RC_1)
# define RC_Commit_s2 (TPM_RC_P + TPM_RC_2)
# define RC_Commit_y2 (TPM_RC_P + TPM_RC_3)
// Function prototype
TPM_RC TPM_RC
TPM2_Commit(Commit_In* in, Commit_Out* out); TPM2_Commit(
Commit_In *in, // IN: input parameter list
Commit_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_COMMIT_FP_H_
#endif // CC_Commit
#endif

36
src/tpm2/ContextLoad_fp.h
View File

@ -59,32 +59,26 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CONTEXTLOAD_FP_H
#define CONTEXTLOAD_FP_H
#if CC_ContextLoad // Command must be enabled typedef struct {
TPMS_CONTEXT context;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CONTEXTLOAD_FP_H_
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CONTEXTLOAD_FP_H_
// Input structure definition
typedef struct
{
TPMS_CONTEXT context;
} ContextLoad_In; } ContextLoad_In;
// Output structure definition #define RC_ContextLoad_context (TPM_RC_P + TPM_RC_1)
typedef struct
{ typedef struct {
TPMI_DH_CONTEXT loadedHandle; TPMI_DH_CONTEXT loadedHandle;
} ContextLoad_Out; } ContextLoad_Out;
// Response code modifiers
# define RC_ContextLoad_context (TPM_RC_P + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_ContextLoad(ContextLoad_In* in, ContextLoad_Out* out); TPM2_ContextLoad(
ContextLoad_In *in, // IN: input parameter list
ContextLoad_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CONTEXTLOAD_FP_H_
#endif // CC_ContextLoad #endif

36
src/tpm2/ContextSave_fp.h
View File

@ -59,32 +59,26 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CONTEXTSAVE_FP_H
#define CONTEXTSAVE_FP_H
#if CC_ContextSave // Command must be enabled typedef struct {
TPMI_DH_CONTEXT saveHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CONTEXTSAVE_FP_H_
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CONTEXTSAVE_FP_H_
// Input structure definition
typedef struct
{
TPMI_DH_CONTEXT saveHandle;
} ContextSave_In; } ContextSave_In;
// Output structure definition #define RC_ContextSave_saveHandle (TPM_RC_P + TPM_RC_1)
typedef struct
{ typedef struct {
TPMS_CONTEXT context; TPMS_CONTEXT context;
} ContextSave_Out; } ContextSave_Out;
// Response code modifiers
# define RC_ContextSave_saveHandle (TPM_RC_H + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_ContextSave(ContextSave_In* in, ContextSave_Out* out); TPM2_ContextSave(
ContextSave_In *in, // IN: input parameter list
ContextSave_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CONTEXTSAVE_FP_H_
#endif // CC_ContextSave #endif

150
src/tpm2/Context_spt.c
View File

@ -70,18 +70,18 @@
// It is used by TPM2_ConextSave and TPM2_ContextLoad to create the symmetric // It is used by TPM2_ConextSave and TPM2_ContextLoad to create the symmetric
// encryption key and iv // encryption key and iv
/*(See part 1 specification) /*(See part 1 specification)
KDFa is used to generate the symmetric encryption key and IV. The parameters KDFa is used to generate the symmetric encryption key and IV. The parameters
of the call are: of the call are:
Symkey = KDFa(hashAlg, hProof, vendorString, sequence, handle, bits) Symkey = KDFa(hashAlg, hProof, vendorString, sequence, handle, bits)
where where
hashAlg a vendor-defined hash algorithm hashAlg a vendor-defined hash algorithm
hProof the hierarchy proof as selected by the hierarchy parameter hProof the hierarchy proof as selected by the hierarchy parameter
of the TPMS_CONTEXT of the TPMS_CONTEXT
vendorString a value used to differentiate the uses of the KDF vendorString a value used to differentiate the uses of the KDF
sequence the sequence parameter of the TPMS_CONTEXT sequence the sequence parameter of the TPMS_CONTEXT
handle the handle parameter of the TPMS_CONTEXT handle the handle parameter of the TPMS_CONTEXT
bits the number of bits needed for a symmetric key and IV for bits the number of bits needed for a symmetric key and IV for
the context encryption the context encryption
*/ */
// Return Type: TPM_RC // Return Type: TPM_RC
// TPM_RC_FW_LIMITED The requested hierarchy is FW-limited, but the TPM // TPM_RC_FW_LIMITED The requested hierarchy is FW-limited, but the TPM
@ -92,13 +92,13 @@
// failed to derive the Firmware SVN Secret for the // failed to derive the Firmware SVN Secret for the
// requested SVN. // requested SVN.
TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context blob TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context blob
TPM2B_SYM_KEY* symKey, // OUT: the symmetric key TPM2B_SYM_KEY* symKey, // OUT: the symmetric key
TPM2B_IV* iv // OUT: the IV. TPM2B_IV* iv // OUT: the IV.
) )
{ {
TPM_RC result = TPM_RC_SUCCESS; TPM_RC result = TPM_RC_SUCCESS;
UINT16 symKeyBits; // number of bits in the parent's UINT16 symKeyBits; // number of bits in the parent's
// symmetric key // symmetric key
TPM2B_PROOF proof; // the proof value to use TPM2B_PROOF proof; // the proof value to use
BYTE kdfResult[sizeof(TPMU_HA) * 2]; // Value produced by the KDF BYTE kdfResult[sizeof(TPMU_HA) * 2]; // Value produced by the KDF
@ -124,18 +124,18 @@ TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context b
// Get proof value // Get proof value
result = HierarchyGetProof(contextBlob->hierarchy, &proof); result = HierarchyGetProof(contextBlob->hierarchy, &proof);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
return result; return result;
// KDFa to generate symmetric key and IV value // KDFa to generate symmetric key and IV value
CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG,
&proof.b, &proof.b,
CONTEXT_KEY, CONTEXT_KEY,
&sequence2B.b, &sequence2B.b,
&handle2B.b, &handle2B.b,
(symKey->t.size + iv->t.size) * 8, (symKey->t.size + iv->t.size) * 8,
kdfResult, kdfResult,
NULL, NULL,
FALSE); FALSE);
MemorySet(proof.b.buffer, 0, proof.b.size); MemorySet(proof.b.buffer, 0, proof.b.size);
@ -155,23 +155,23 @@ TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context b
// It is used by TPM2_ContextSave to create an integrity hash // It is used by TPM2_ContextSave to create an integrity hash
// and by TPM2_ContextLoad to compare an integrity hash // and by TPM2_ContextLoad to compare an integrity hash
/*(See part 1 specification) /*(See part 1 specification)
The HMAC integrity computation for a saved context is: The HMAC integrity computation for a saved context is:
HMACvendorAlg(hProof, resetValue {|| clearCount} || sequence || handle || HMACvendorAlg(hProof, resetValue {|| clearCount} || sequence || handle ||
encContext) encContext)
where where
HMACvendorAlg HMAC using a vendor-defined hash algorithm HMACvendorAlg HMAC using a vendor-defined hash algorithm
hProof the hierarchy proof as selected by the hierarchy hProof the hierarchy proof as selected by the hierarchy
parameter of the TPMS_CONTEXT parameter of the TPMS_CONTEXT
resetValue either a counter value that increments on each TPM Reset resetValue either a counter value that increments on each TPM Reset
and is not reset over the lifetime of the TPM or a random and is not reset over the lifetime of the TPM or a random
value that changes on each TPM Reset and has the size of value that changes on each TPM Reset and has the size of
the digest produced by vendorAlg the digest produced by vendorAlg
clearCount a counter value that is incremented on each TPM Reset clearCount a counter value that is incremented on each TPM Reset
or TPM Restart. This value is only included if the handle or TPM Restart. This value is only included if the handle
value is 0x80000002. value is 0x80000002.
sequence the sequence parameter of the TPMS_CONTEXT sequence the sequence parameter of the TPMS_CONTEXT
handle the handle parameter of the TPMS_CONTEXT handle the handle parameter of the TPMS_CONTEXT
encContext the encrypted context blob encContext the encrypted context blob
*/ */
// Return Type: TPM_RC // Return Type: TPM_RC
// TPM_RC_FW_LIMITED The requested hierarchy is FW-limited, but the TPM // TPM_RC_FW_LIMITED The requested hierarchy is FW-limited, but the TPM
@ -182,8 +182,8 @@ TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context b
// failed to derive the Firmware SVN Secret for the // failed to derive the Firmware SVN Secret for the
// requested SVN. // requested SVN.
TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob
TPM2B_DIGEST* integrity // OUT: integrity TPM2B_DIGEST* integrity // OUT: integrity
) )
{ {
TPM_RC result = TPM_RC_SUCCESS; TPM_RC result = TPM_RC_SUCCESS;
HMAC_STATE hmacState; HMAC_STATE hmacState;
@ -193,11 +193,11 @@ TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob
// Get proof value // Get proof value
result = HierarchyGetProof(contextBlob->hierarchy, &proof); result = HierarchyGetProof(contextBlob->hierarchy, &proof);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
return result; return result;
// Start HMAC // Start HMAC
integrity->t.size = integrity->t.size =
CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof.b); CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof.b);
MemorySet(proof.b.buffer, 0, proof.b.size); MemorySet(proof.b.buffer, 0, proof.b.size);
@ -207,28 +207,28 @@ TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob
// Adding total reset counter so that the context cannot be // Adding total reset counter so that the context cannot be
// used after a TPM Reset // used after a TPM Reset
CryptDigestUpdateInt( CryptDigestUpdateInt(
&hmacState.hashState, sizeof(gp.totalResetCount), gp.totalResetCount); &hmacState.hashState, sizeof(gp.totalResetCount), gp.totalResetCount);
// If this is a ST_CLEAR object, add the clear count // If this is a ST_CLEAR object, add the clear count
// so that this contest cannot be loaded after a TPM Restart // so that this contest cannot be loaded after a TPM Restart
if(contextBlob->savedHandle == 0x80000002) if(contextBlob->savedHandle == 0x80000002)
CryptDigestUpdateInt( CryptDigestUpdateInt(
&hmacState.hashState, sizeof(gr.clearCount), gr.clearCount); &hmacState.hashState, sizeof(gr.clearCount), gr.clearCount);
// Adding sequence number to the HMAC to make sure that it doesn't // Adding sequence number to the HMAC to make sure that it doesn't
// get changed // get changed
CryptDigestUpdateInt( CryptDigestUpdateInt(
&hmacState.hashState, sizeof(contextBlob->sequence), contextBlob->sequence); &hmacState.hashState, sizeof(contextBlob->sequence), contextBlob->sequence);
// Protect the handle // Protect the handle
CryptDigestUpdateInt(&hmacState.hashState, CryptDigestUpdateInt(&hmacState.hashState,
sizeof(contextBlob->savedHandle), sizeof(contextBlob->savedHandle),
contextBlob->savedHandle); contextBlob->savedHandle);
// Adding sensitive contextData, skip the leading integrity area // Adding sensitive contextData, skip the leading integrity area
CryptDigestUpdate(&hmacState.hashState, CryptDigestUpdate(&hmacState.hashState,
contextBlob->contextBlob.t.size - integritySize, contextBlob->contextBlob.t.size - integritySize,
contextBlob->contextBlob.t.buffer + integritySize); contextBlob->contextBlob.t.buffer + integritySize);
// Complete HMAC // Complete HMAC
CryptHmacEnd2B(&hmacState, &integrity->b); CryptHmacEnd2B(&hmacState, &integrity->b);
@ -236,7 +236,7 @@ TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob
return TPM_RC_SUCCESS; return TPM_RC_SUCCESS;
} }
#if 0 // libtpms added #if 0
//*** SequenceDataExport(); //*** SequenceDataExport();
// This function is used scan through the sequence object and // This function is used scan through the sequence object and
// either modify the hash state data for export (contextSave) or to // either modify the hash state data for export (contextSave) or to
@ -247,21 +247,21 @@ TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob
// same size as the internal representation so nothing outsize of the hash context // same size as the internal representation so nothing outsize of the hash context
// area gets modified. // area gets modified.
void SequenceDataExport( void SequenceDataExport(
HASH_OBJECT* object, // IN: an internal hash object HASH_OBJECT* object, // IN: an internal hash object
HASH_OBJECT_BUFFER* exportObject // OUT: a sequence context in a buffer HASH_OBJECT_BUFFER* exportObject // OUT: a sequence context in a buffer
) )
{ {
// If the hash object is not an event, then only one hash context is needed // If the hash object is not an event, then only one hash context is needed
int count = (object->attributes.eventSeq) ? HASH_COUNT : 1; int count = (object->attributes.eventSeq) ? HASH_COUNT : 1;
for(count--; count >= 0; count--) for(count--; count >= 0; count--)
{ {
HASH_STATE* hash = &object->state.hashState[count]; HASH_STATE* hash = &object->state.hashState[count];
size_t offset = (BYTE*)hash - (BYTE*)object; size_t offset = (BYTE*)hash - (BYTE*)object;
BYTE* exportHash = &((BYTE*)exportObject)[offset]; BYTE* exportHash = &((BYTE*)exportObject)[offset];
CryptHashExportState(hash, (EXPORT_HASH_STATE*)exportHash); CryptHashExportState(hash, (EXPORT_HASH_STATE*)exportHash);
} }
} }
//*** SequenceDataImport(); //*** SequenceDataImport();
@ -274,20 +274,20 @@ void SequenceDataExport(
// same size as the internal representation so nothing outsize of the hash context // same size as the internal representation so nothing outsize of the hash context
// area gets modified. // area gets modified.
void SequenceDataImport( void SequenceDataImport(
HASH_OBJECT* object, // IN/OUT: an internal hash object HASH_OBJECT* object, // IN/OUT: an internal hash object
HASH_OBJECT_BUFFER* exportObject // IN/OUT: a sequence context in a buffer HASH_OBJECT_BUFFER* exportObject // IN/OUT: a sequence context in a buffer
) )
{ {
// If the hash object is not an event, then only one hash context is needed // If the hash object is not an event, then only one hash context is needed
int count = (object->attributes.eventSeq) ? HASH_COUNT : 1; int count = (object->attributes.eventSeq) ? HASH_COUNT : 1;
for(count--; count >= 0; count--) for(count--; count >= 0; count--)
{ {
HASH_STATE* hash = &object->state.hashState[count]; HASH_STATE* hash = &object->state.hashState[count];
size_t offset = (BYTE*)hash - (BYTE*)object; size_t offset = (BYTE*)hash - (BYTE*)object;
BYTE* importHash = &((BYTE*)exportObject)[offset]; BYTE* importHash = &((BYTE*)exportObject)[offset];
// //
CryptHashImportState(hash, (EXPORT_HASH_STATE*)importHash); CryptHashImportState(hash, (EXPORT_HASH_STATE*)importHash);
} }
} }
#endif // libtpms added #endif

22
src/tpm2/Context_spt_fp.h
View File

@ -79,9 +79,9 @@
// failed to derive the Firmware SVN Secret for the // failed to derive the Firmware SVN Secret for the
// requested SVN. // requested SVN.
TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context blob TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context blob
TPM2B_SYM_KEY* symKey, // OUT: the symmetric key TPM2B_SYM_KEY* symKey, // OUT: the symmetric key
TPM2B_IV* iv // OUT: the IV. TPM2B_IV* iv // OUT: the IV.
); );
//*** ComputeContextIntegrity() //*** ComputeContextIntegrity()
// Generate the integrity hash for a context // Generate the integrity hash for a context
@ -96,8 +96,8 @@ TPM_RC ComputeContextProtectionKey(TPMS_CONTEXT* contextBlob, // IN: context b
// failed to derive the Firmware SVN Secret for the // failed to derive the Firmware SVN Secret for the
// requested SVN. // requested SVN.
TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob
TPM2B_DIGEST* integrity // OUT: integrity TPM2B_DIGEST* integrity // OUT: integrity
); );
//*** SequenceDataExport() //*** SequenceDataExport()
// This function is used scan through the sequence object and // This function is used scan through the sequence object and
@ -109,9 +109,9 @@ TPM_RC ComputeContextIntegrity(TPMS_CONTEXT* contextBlob, // IN: context blob
// same size as the internal representation so nothing outsize of the hash context // same size as the internal representation so nothing outsize of the hash context
// area gets modified. // area gets modified.
void SequenceDataExport( void SequenceDataExport(
HASH_OBJECT* object, // IN: an internal hash object HASH_OBJECT* object, // IN: an internal hash object
HASH_OBJECT_BUFFER* exportObject // OUT: a sequence context in a buffer HASH_OBJECT_BUFFER* exportObject // OUT: a sequence context in a buffer
); );
//*** SequenceDataImport() //*** SequenceDataImport()
// This function is used scan through the sequence object and // This function is used scan through the sequence object and
@ -123,8 +123,8 @@ void SequenceDataExport(
// same size as the internal representation so nothing outsize of the hash context // same size as the internal representation so nothing outsize of the hash context
// area gets modified. // area gets modified.
void SequenceDataImport( void SequenceDataImport(
HASH_OBJECT* object, // IN/OUT: an internal hash object HASH_OBJECT* object, // IN/OUT: an internal hash object
HASH_OBJECT_BUFFER* exportObject // IN/OUT: a sequence context in a buffer HASH_OBJECT_BUFFER* exportObject // IN/OUT: a sequence context in a buffer
); );
#endif // _CONTEXT_SPT_FP_H_ #endif // _CONTEXT_SPT_FP_H_

49
src/tpm2/CreateLoaded_fp.h
View File

@ -59,39 +59,32 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
#ifndef CREATELOADED_FP_H
#define CREATELOADED_FP_H
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT /* rev 136 */
#if CC_CreateLoaded // Command must be enabled typedef struct {
TPMI_DH_PARENT parentHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATELOADED_FP_H_ TPM2B_SENSITIVE_CREATE inSensitive;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATELOADED_FP_H_ TPM2B_TEMPLATE inPublic;
// Input structure definition
typedef struct
{
TPMI_DH_PARENT parentHandle;
TPM2B_SENSITIVE_CREATE inSensitive;
TPM2B_TEMPLATE inPublic;
} CreateLoaded_In; } CreateLoaded_In;
// Output structure definition #define RC_CreateLoaded_parentHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_CreateLoaded_inSensitive (TPM_RC_P + TPM_RC_1)
{ #define RC_CreateLoaded_inPublic (TPM_RC_P + TPM_RC_2)
TPM_HANDLE objectHandle;
TPM2B_PRIVATE outPrivate; typedef struct {
TPM2B_PUBLIC outPublic; TPM_HANDLE objectHandle;
TPM2B_NAME name; TPM2B_PRIVATE outPrivate;
TPM2B_PUBLIC outPublic;
TPM2B_NAME name;
} CreateLoaded_Out; } CreateLoaded_Out;
// Response code modifiers
# define RC_CreateLoaded_parentHandle (TPM_RC_H + TPM_RC_1)
# define RC_CreateLoaded_inSensitive (TPM_RC_P + TPM_RC_1)
# define RC_CreateLoaded_inPublic (TPM_RC_P + TPM_RC_2)
// Function prototype
TPM_RC TPM_RC
TPM2_CreateLoaded(CreateLoaded_In* in, CreateLoaded_Out* out); TPM2_CreateLoaded(
CreateLoaded_In *in, // IN: input parameter list
CreateLoaded_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATELOADED_FP_H_ #endif
#endif // CC_CreateLoaded

61
src/tpm2/CreatePrimary_fp.h
View File

@ -59,45 +59,38 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CREATEPRIMARY_FP_H
#define CREATEPRIMARY_FP_H
#if CC_CreatePrimary // Command must be enabled typedef struct {
TPMI_RH_HIERARCHY primaryHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATEPRIMARY_FP_H_ TPM2B_SENSITIVE_CREATE inSensitive;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATEPRIMARY_FP_H_ TPM2B_PUBLIC inPublic;
TPM2B_DATA outsideInfo;
// Input structure definition TPML_PCR_SELECTION creationPCR;
typedef struct
{
TPMI_RH_HIERARCHY primaryHandle;
TPM2B_SENSITIVE_CREATE inSensitive;
TPM2B_PUBLIC inPublic;
TPM2B_DATA outsideInfo;
TPML_PCR_SELECTION creationPCR;
} CreatePrimary_In; } CreatePrimary_In;
// Output structure definition #define RC_CreatePrimary_primaryHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_CreatePrimary_inSensitive (TPM_RC_P + TPM_RC_1)
{ #define RC_CreatePrimary_inPublic (TPM_RC_P + TPM_RC_2)
TPM_HANDLE objectHandle; #define RC_CreatePrimary_outsideInfo (TPM_RC_P + TPM_RC_3)
TPM2B_PUBLIC outPublic; #define RC_CreatePrimary_creationPCR (TPM_RC_P + TPM_RC_4)
TPM2B_CREATION_DATA creationData;
TPM2B_DIGEST creationHash; typedef struct {
TPMT_TK_CREATION creationTicket; TPM_HANDLE objectHandle;
TPM2B_NAME name; TPM2B_PUBLIC outPublic;
TPM2B_CREATION_DATA creationData;
TPM2B_DIGEST creationHash;
TPMT_TK_CREATION creationTicket;
TPM2B_NAME name;
} CreatePrimary_Out; } CreatePrimary_Out;
// Response code modifiers
# define RC_CreatePrimary_primaryHandle (TPM_RC_H + TPM_RC_1)
# define RC_CreatePrimary_inSensitive (TPM_RC_P + TPM_RC_1)
# define RC_CreatePrimary_inPublic (TPM_RC_P + TPM_RC_2)
# define RC_CreatePrimary_outsideInfo (TPM_RC_P + TPM_RC_3)
# define RC_CreatePrimary_creationPCR (TPM_RC_P + TPM_RC_4)
// Function prototype
TPM_RC TPM_RC
TPM2_CreatePrimary(CreatePrimary_In* in, CreatePrimary_Out* out); TPM2_CreatePrimary(
CreatePrimary_In *in, // IN: input parameter list
CreatePrimary_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATEPRIMARY_FP_H_ #endif
#endif // CC_CreatePrimary

60
src/tpm2/Create_fp.h
View File

@ -59,44 +59,38 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 137 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef CREATE_FP_H
#define CREATE_FP_H
#if CC_Create // Command must be enabled typedef struct {
TPMI_DH_OBJECT parentHandle;
TPM2B_SENSITIVE_CREATE inSensitive;
TPM2B_PUBLIC inPublic;
TPM2B_DATA outsideInfo;
TPML_PCR_SELECTION creationPCR;
} Create_In;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATE_FP_H_ #define RC_Create_parentHandle (TPM_RC_H + TPM_RC_1)
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATE_FP_H_ #define RC_Create_inSensitive (TPM_RC_P + TPM_RC_1)
#define RC_Create_inPublic (TPM_RC_P + TPM_RC_2)
#define RC_Create_outsideInfo (TPM_RC_P + TPM_RC_3)
#define RC_Create_creationPCR (TPM_RC_P + TPM_RC_4)
// Input structure definition typedef struct {
typedef struct TPM2B_PRIVATE outPrivate;
{ TPM2B_PUBLIC outPublic;
TPMI_DH_OBJECT parentHandle; TPM2B_CREATION_DATA creationData;
TPM2B_SENSITIVE_CREATE inSensitive; TPM2B_DIGEST creationHash;
TPM2B_PUBLIC inPublic; TPMT_TK_CREATION creationTicket;
TPM2B_DATA outsideInfo;
TPML_PCR_SELECTION creationPCR;
} Create_In;
// Output structure definition
typedef struct
{
TPM2B_PRIVATE outPrivate;
TPM2B_PUBLIC outPublic;
TPM2B_CREATION_DATA creationData;
TPM2B_DIGEST creationHash;
TPMT_TK_CREATION creationTicket;
} Create_Out; } Create_Out;
// Response code modifiers
# define RC_Create_parentHandle (TPM_RC_H + TPM_RC_1)
# define RC_Create_inSensitive (TPM_RC_P + TPM_RC_1)
# define RC_Create_inPublic (TPM_RC_P + TPM_RC_2)
# define RC_Create_outsideInfo (TPM_RC_P + TPM_RC_3)
# define RC_Create_creationPCR (TPM_RC_P + TPM_RC_4)
// Function prototype
TPM_RC TPM_RC
TPM2_Create(Create_In* in, Create_Out* out); TPM2_Create(
Create_In *in, // IN: input parameter list
Create_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_CREATE_FP_H_
#endif // CC_Create #endif

64
src/tpm2/CryptEccData.c
View File

@ -79,73 +79,73 @@
const TPM_ECC_CURVE_METADATA eccCurves[] = { const TPM_ECC_CURVE_METADATA eccCurves[] = {
# if ECC_NIST_P192 # if ECC_NIST_P192
comma{TPM_ECC_NIST_P192, comma{TPM_ECC_NIST_P192,
192, 192,
{TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA256}}}, {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA256}}},
{TPM_ALG_NULL, {{TPM_ALG_NULL}}}, {TPM_ALG_NULL, {{TPM_ALG_NULL}}},
OID_ECC_NIST_P192 CURVE_NAME("NIST_P192")} OID_ECC_NIST_P192 CURVE_NAME("NIST_P192")}
# undef comma # undef comma
# define comma , # define comma ,
# endif // ECC_NIST_P192 # endif // ECC_NIST_P192
# if ECC_NIST_P224 # if ECC_NIST_P224
comma{TPM_ECC_NIST_P224, comma{TPM_ECC_NIST_P224,
224, 224,
{TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA256}}}, {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA256}}},
{TPM_ALG_NULL, {{TPM_ALG_NULL}}}, {TPM_ALG_NULL, {{TPM_ALG_NULL}}},
OID_ECC_NIST_P224 CURVE_NAME("NIST_P224")} OID_ECC_NIST_P224 CURVE_NAME("NIST_P224")}
# undef comma # undef comma
# define comma , # define comma ,
# endif // ECC_NIST_P224 # endif // ECC_NIST_P224
# if ECC_NIST_P256 # if ECC_NIST_P256
comma{TPM_ECC_NIST_P256, comma{TPM_ECC_NIST_P256,
256, 256,
{TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA256}}}, {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA256}}},
{TPM_ALG_NULL, {{TPM_ALG_NULL}}}, {TPM_ALG_NULL, {{TPM_ALG_NULL}}},
OID_ECC_NIST_P256 CURVE_NAME("NIST_P256")} OID_ECC_NIST_P256 CURVE_NAME("NIST_P256")}
# undef comma # undef comma
# define comma , # define comma ,
# endif // ECC_NIST_P256 # endif // ECC_NIST_P256
# if ECC_NIST_P384 # if ECC_NIST_P384
comma{TPM_ECC_NIST_P384, comma{TPM_ECC_NIST_P384,
384, 384,
{TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA384}}}, {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA384}}},
{TPM_ALG_NULL, {{TPM_ALG_NULL}}}, {TPM_ALG_NULL, {{TPM_ALG_NULL}}},
OID_ECC_NIST_P384 CURVE_NAME("NIST_P384")} OID_ECC_NIST_P384 CURVE_NAME("NIST_P384")}
# undef comma # undef comma
# define comma , # define comma ,
# endif // ECC_NIST_P384 # endif // ECC_NIST_P384
# if ECC_NIST_P521 # if ECC_NIST_P521
comma{TPM_ECC_NIST_P521, comma{TPM_ECC_NIST_P521,
521, 521,
{TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA512}}}, {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SHA512}}},
{TPM_ALG_NULL, {{TPM_ALG_NULL}}}, {TPM_ALG_NULL, {{TPM_ALG_NULL}}},
OID_ECC_NIST_P521 CURVE_NAME("NIST_P521")} OID_ECC_NIST_P521 CURVE_NAME("NIST_P521")}
# undef comma # undef comma
# define comma , # define comma ,
# endif // ECC_NIST_P521 # endif // ECC_NIST_P521
# if ECC_BN_P256 # if ECC_BN_P256
comma{TPM_ECC_BN_P256, comma{TPM_ECC_BN_P256,
256, 256,
{TPM_ALG_NULL, {{TPM_ALG_NULL}}}, {TPM_ALG_NULL, {{TPM_ALG_NULL}}},
{TPM_ALG_NULL, {{TPM_ALG_NULL}}}, {TPM_ALG_NULL, {{TPM_ALG_NULL}}},
OID_ECC_BN_P256 CURVE_NAME("BN_P256")} OID_ECC_BN_P256 CURVE_NAME("BN_P256")}
# undef comma # undef comma
# define comma , # define comma ,
# endif // ECC_BN_P256 # endif // ECC_BN_P256
# if ECC_BN_P638 # if ECC_BN_P638
comma{TPM_ECC_BN_P638, comma{TPM_ECC_BN_P638,
638, 638,
{TPM_ALG_NULL, {{TPM_ALG_NULL}}}, {TPM_ALG_NULL, {{TPM_ALG_NULL}}},
{TPM_ALG_NULL, {{TPM_ALG_NULL}}}, {TPM_ALG_NULL, {{TPM_ALG_NULL}}},
OID_ECC_BN_P638 CURVE_NAME("BN_P638")} OID_ECC_BN_P638 CURVE_NAME("BN_P638")}
# undef comma # undef comma
# define comma , # define comma ,
# endif // ECC_BN_P638 # endif // ECC_BN_P638
# if ECC_SM2_P256 # if ECC_SM2_P256
comma{TPM_ECC_SM2_P256, comma{TPM_ECC_SM2_P256,
256, 256,
{TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SM3_256}}}, {TPM_ALG_KDF1_SP800_56A, {{TPM_ALG_SM3_256}}},
{TPM_ALG_NULL, {{TPM_ALG_NULL}}}, {TPM_ALG_NULL, {{TPM_ALG_NULL}}},
OID_ECC_SM2_P256 CURVE_NAME("SM2_P256")} OID_ECC_SM2_P256 CURVE_NAME("SM2_P256")}
# undef comma # undef comma
# define comma , # define comma ,
# endif // ECC_SM2_P256 # endif // ECC_SM2_P256

94
src/tpm2/CryptSelfTest.c
View File

@ -79,22 +79,22 @@
//*** RunSelfTest() //*** RunSelfTest()
// Local function to run self-test // Local function to run self-test
static TPM_RC CryptRunSelfTests( static TPM_RC CryptRunSelfTests(
ALGORITHM_VECTOR* toTest // IN: the vector of the algorithms to test ALGORITHM_VECTOR* toTest // IN: the vector of the algorithms to test
) )
{ {
TPM_ALG_ID alg; TPM_ALG_ID alg;
// For each of the algorithms that are in the toTestVecor, need to run a // For each of the algorithms that are in the toTestVecor, need to run a
// test // test
for(alg = TPM_ALG_FIRST; alg <= TPM_ALG_LAST; alg++) for(alg = TPM_ALG_FIRST; alg <= TPM_ALG_LAST; alg++)
{ {
if(TEST_BIT(alg, *toTest)) if(TEST_BIT(alg, *toTest))
{ {
TPM_RC result = CryptTestAlgorithm(alg, toTest); TPM_RC result = CryptTestAlgorithm(alg, toTest);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
return result; return result;
} }
} }
return TPM_RC_SUCCESS; return TPM_RC_SUCCESS;
} }
@ -114,19 +114,19 @@ static TPM_RC CryptRunSelfTests(
LIB_EXPORT LIB_EXPORT
TPM_RC TPM_RC
CryptSelfTest(TPMI_YES_NO fullTest // IN: if full test is required CryptSelfTest(TPMI_YES_NO fullTest // IN: if full test is required
) )
{ {
#if ALLOW_FORCE_FAILURE_MODE #if ALLOW_FORCE_FAILURE_MODE
if(g_forceFailureMode) if(g_forceFailureMode)
FAIL(FATAL_ERROR_FORCED); FAIL(FATAL_ERROR_FORCED);
#endif #endif
// If the caller requested a full test, then reset the to test vector so that // If the caller requested a full test, then reset the to test vector so that
// all the tests will be run // all the tests will be run
if(fullTest == YES) if(fullTest == YES)
{ {
MemoryCopy(g_toTest, g_implementedAlgorithms, sizeof(g_toTest)); MemoryCopy(g_toTest, g_implementedAlgorithms, sizeof(g_toTest));
} }
return CryptRunSelfTests(&g_toTest); return CryptRunSelfTests(&g_toTest);
} }
@ -144,8 +144,8 @@ CryptSelfTest(TPMI_YES_NO fullTest // IN: if full test is required
// TPM_RC_VALUE an algorithm in the toTest list is not implemented // TPM_RC_VALUE an algorithm in the toTest list is not implemented
TPM_RC TPM_RC
CryptIncrementalSelfTest(TPML_ALG* toTest, // IN: list of algorithms to be tested CryptIncrementalSelfTest(TPML_ALG* toTest, // IN: list of algorithms to be tested
TPML_ALG* toDoList // OUT: list of algorithms needing test TPML_ALG* toDoList // OUT: list of algorithms needing test
) )
{ {
ALGORITHM_VECTOR toTestVector = {0}; ALGORITHM_VECTOR toTestVector = {0};
TPM_ALG_ID alg; TPM_ALG_ID alg;
@ -153,36 +153,36 @@ CryptIncrementalSelfTest(TPML_ALG* toTest, // IN: list of algorithms to be tes
pAssert(toTest != NULL && toDoList != NULL); pAssert(toTest != NULL && toDoList != NULL);
if(toTest->count > 0) if(toTest->count > 0)
{ {
// Transcribe the toTest list into the toTestVector // Transcribe the toTest list into the toTestVector
for(i = 0; i < toTest->count; i++) for(i = 0; i < toTest->count; i++)
{ {
alg = toTest->algorithms[i]; alg = toTest->algorithms[i];
// make sure that the algorithm value is not out of range // make sure that the algorithm value is not out of range
if((alg > TPM_ALG_LAST) || !TEST_BIT(alg, g_implementedAlgorithms)) if((alg > TPM_ALG_LAST) || !TEST_BIT(alg, g_implementedAlgorithms))
return TPM_RC_VALUE; return TPM_RC_VALUE;
// libtpms added begin // libtpms added begin
if(!RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm, if(!RuntimeAlgorithmCheckEnabled(&g_RuntimeProfile.RuntimeAlgorithm,
alg)) alg))
return TPM_RC_VALUE; return TPM_RC_VALUE;
// libtpms added end // libtpms added end
SET_BIT(alg, toTestVector); SET_BIT(alg, toTestVector);
} }
// Run the test // Run the test
if(CryptRunSelfTests(&toTestVector) == TPM_RC_CANCELED) if(CryptRunSelfTests(&toTestVector) == TPM_RC_CANCELED)
return TPM_RC_CANCELED; return TPM_RC_CANCELED;
} }
// Fill in the toDoList with the algorithms that are still untested // Fill in the toDoList with the algorithms that are still untested
toDoList->count = 0; toDoList->count = 0;
for(alg = TPM_ALG_FIRST; for(alg = TPM_ALG_FIRST;
toDoList->count < MAX_ALG_LIST_SIZE && alg <= TPM_ALG_LAST; toDoList->count < MAX_ALG_LIST_SIZE && alg <= TPM_ALG_LAST;
alg++) alg++)
{ {
if(TEST_BIT(alg, g_toTest)) if(TEST_BIT(alg, g_toTest))
toDoList->algorithms[toDoList->count++] = alg; toDoList->algorithms[toDoList->count++] = alg;
} }
return TPM_RC_SUCCESS; return TPM_RC_SUCCESS;
} }
@ -231,11 +231,11 @@ CryptTestAlgorithm(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest)
// will over report. This can be changed so that any call to check on which // will over report. This can be changed so that any call to check on which
// algorithms have tests, 'toTest' can be cleared. // algorithms have tests, 'toTest' can be cleared.
if(alg != TPM_ALG_ERROR) if(alg != TPM_ALG_ERROR)
{ {
CLEAR_BIT(alg, g_toTest); CLEAR_BIT(alg, g_toTest);
if(toTest != NULL) if(toTest != NULL)
CLEAR_BIT(alg, *toTest); CLEAR_BIT(alg, *toTest);
} }
result = TPM_RC_SUCCESS; result = TPM_RC_SUCCESS;
#endif #endif
return result; return result;

78
src/tpm2/CryptSelfTest_fp.h
View File

@ -59,69 +59,29 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef CRYPTSELFTEST_FP_H
* Created by TpmPrototypes; Version 3.0 July 18, 2017 #define CRYPTSELFTEST_FP_H
* Date: Mar 4, 2020 Time: 02:36:44PM
*/
#ifndef _CRYPT_SELF_TEST_FP_H_
#define _CRYPT_SELF_TEST_FP_H_
//*** CryptSelfTest()
// This function is called to start/complete a full self-test.
// If 'fullTest' is NO, then only the untested algorithms will be run. If
// 'fullTest' is YES, then 'g_untestedDecryptionAlgorithms' is reinitialized and then
// all tests are run.
// This implementation of the reference design does not support processing outside
// the framework of a TPM command. As a consequence, this command does not
// complete until all tests are done. Since this can take a long time, the TPM
// will check after each test to see if the command is canceled. If so, then the
// TPM will returned TPM_RC_CANCELLED. To continue with the self-tests, call
// TPM2_SelfTest(fullTest == No) and the TPM will complete the testing.
// Return Type: TPM_RC
// TPM_RC_CANCELED if the command is canceled
LIB_EXPORT LIB_EXPORT
TPM_RC TPM_RC
CryptSelfTest(TPMI_YES_NO fullTest // IN: if full test is required CryptSelfTest(
); TPMI_YES_NO fullTest // IN: if full test is required
);
//*** CryptIncrementalSelfTest()
// This function is used to perform an incremental self-test. This implementation
// will perform the toTest values before returning. That is, it assumes that the
// TPM cannot perform background tasks between commands.
//
// This command may be canceled. If it is, then there is no return result.
// However, this command can be run again and the incremental progress will not
// be lost.
// Return Type: TPM_RC
// TPM_RC_CANCELED processing of this command was canceled
// TPM_RC_TESTING if toTest list is not empty
// TPM_RC_VALUE an algorithm in the toTest list is not implemented
TPM_RC TPM_RC
CryptIncrementalSelfTest(TPML_ALG* toTest, // IN: list of algorithms to be tested CryptIncrementalSelfTest(
TPML_ALG* toDoList // OUT: list of algorithms needing test TPML_ALG *toTest, // IN: list of algorithms to be tested
); TPML_ALG *toDoList // OUT: list of algorithms needing test
);
//*** CryptInitializeToTest() void
// This function will initialize the data structures for testing all the CryptInitializeToTest(
// algorithms. This should not be called unless CryptAlgsSetImplemented() has void
// been called );
void CryptInitializeToTest(void);
//*** CryptTestAlgorithm()
// Only point of contact with the actual self tests. If a self-test fails, there
// is no return and the TPM goes into failure mode.
// The call to TestAlgorithm uses an algorithm selector and a bit vector. When the
// test is run, the corresponding bit in 'toTest' and in 'g_toTest' is CLEAR. If
// 'toTest' is NULL, then only the bit in 'g_toTest' is CLEAR.
// There is a special case for the call to TestAlgorithm(). When 'alg' is
// ALG_ERROR, TestAlgorithm() will CLEAR any bit in 'toTest' for which it has
// no test. This allows the knowledge about which algorithms have test to be
// accessed through the interface that provides the test.
// Return Type: TPM_RC
// TPM_RC_CANCELED test was canceled
LIB_EXPORT LIB_EXPORT
TPM_RC TPM_RC
CryptTestAlgorithm(TPM_ALG_ID alg, ALGORITHM_VECTOR* toTest); CryptTestAlgorithm(
TPM_ALG_ID alg,
ALGORITHM_VECTOR *toTest
);
#endif // _CRYPT_SELF_TEST_FP_H_
#endif

2126
src/tpm2/CryptUtil.c
View File

File diff suppressed because it is too large Load Diff

66
src/tpm2/CryptoInterface.h
View File

@ -1,66 +0,0 @@
/********************************************************************************/
/* */
/* CryptoInterface header file */
/* Written by Stefan Berger */
/* IBM Thomas J. Watson Research Center */
/* */
/* (c) Copyright IBM Corporation 2017,2018. */
/* */
/* All rights reserved. */
/* */
/* Redistribution and use in source and binary forms, with or without */
/* modification, are permitted provided that the following conditions are */
/* met: */
/* */
/* Redistributions of source code must retain the above copyright notice, */
/* this list of conditions and the following disclaimer. */
/* */
/* Redistributions in binary form must reproduce the above copyright */
/* notice, this list of conditions and the following disclaimer in the */
/* documentation and/or other materials provided with the distribution. */
/* */
/* Neither the names of the IBM Corporation nor the names of its */
/* contributors may be used to endorse or promote products derived from */
/* this software without specific prior written permission. */
/* */
/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */
/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */
/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */
/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */
/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */
/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */
/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */
/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */
/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */
/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */
/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
/********************************************************************************/
//** Introduction
//
// This file contains prototypes that are common to all TPM crypto interfaces.
//
#ifndef CRYPTO_INTERFACE_H
#define CRYPTO_INTERFACE_H
#include "TpmBuildSwitches.h"
#if SIMULATION && CRYPTO_LIB_REPORTING
typedef struct crypto_impl_description
{
// The name of the crypto library, ASCII encoded.
char name[32];
// The version of the crypto library, ASCII encoded.
char version[32];
} _CRYPTO_IMPL_DESCRIPTION;
// When building the simulator, the plugged-in crypto libraries can report its
// version information by implementing these interfaces.
void _crypto_GetSymImpl(_CRYPTO_IMPL_DESCRIPTION* result);
void _crypto_GetHashImpl(_CRYPTO_IMPL_DESCRIPTION* result);
void _crypto_GetMathImpl(_CRYPTO_IMPL_DESCRIPTION* result);
#endif // SIMULATION && CRYPTO_LIB_REPORTING
#endif // CRYPTO_INTERFACE_H

269
src/tpm2/DA.c
View File

@ -59,193 +59,182 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
//** Introduction /* 8.2 DA.c */
// This file contains the functions and data definitions relating to the /* 8.2.1 Introduction */
// dictionary attack logic. /* This file contains the functions and data definitions relating to the dictionary attack logic. */
/* 8.2.2 Includes and Data Definitions */
//** Includes and Data Definitions
#define DA_C #define DA_C
#include "Tpm.h" #include "Tpm.h"
/* 8.2.3 Functions */
//** Functions /* 8.2.3.1 DAPreInstall_Init() */
/* This function initializes the DA parameters to their manufacturer-default values. The default
//*** DAPreInstall_Init() values are determined by a platform-specific specification. */
// This function initializes the DA parameters to their manufacturer-default /* This function should not be called outside of a manufacturing or simulation environment. */
// values. The default values are determined by a platform-specific specification. /* The DA parameters will be restored to these initial values by TPM2_Clear(). */
// void
// This function should not be called outside of a manufacturing or simulation DAPreInstall_Init(
// environment. void
// )
// The DA parameters will be restored to these initial values by TPM2_Clear().
void DAPreInstall_Init(void)
{ {
gp.failedTries = 0; gp.failedTries = 0;
gp.maxTries = 3; gp.maxTries = 3;
gp.recoveryTime = 1000; // in seconds (~16.67 minutes) gp.recoveryTime = 1000; // in seconds (~16.67 minutes)
gp.lockoutRecovery = 1000; // in seconds gp.lockoutRecovery = 1000; // in seconds
gp.lockOutAuthEnabled = TRUE; // Use of lockoutAuth is enabled gp.lockOutAuthEnabled = TRUE; // Use of lockoutAuth is enabled
// Record persistent DA parameter changes to NV // Record persistent DA parameter changes to NV
NV_SYNC_PERSISTENT(failedTries); NV_SYNC_PERSISTENT(failedTries);
NV_SYNC_PERSISTENT(maxTries); NV_SYNC_PERSISTENT(maxTries);
NV_SYNC_PERSISTENT(recoveryTime); NV_SYNC_PERSISTENT(recoveryTime);
NV_SYNC_PERSISTENT(lockoutRecovery); NV_SYNC_PERSISTENT(lockoutRecovery);
NV_SYNC_PERSISTENT(lockOutAuthEnabled); NV_SYNC_PERSISTENT(lockOutAuthEnabled);
return; return;
} }
/* 8.2.3.2 DAStartup() */
//*** DAStartup() /* This function is called by TPM2_Startup() to initialize the DA parameters. In the case of
// This function is called by TPM2_Startup() to initialize the DA parameters. Startup(CLEAR), use of lockoutAuth will be enabled if the lockout recovery time is 0. Otherwise,
// In the case of Startup(CLEAR), use of lockoutAuth will be enabled if the lockoutAuth will not be enabled until the TPM has been continuously powered for the
// lockout recovery time is 0. Otherwise, lockoutAuth will not be enabled until lockoutRecovery time. */
// the TPM has been continuously powered for the lockoutRecovery time. /* This function requires that NV be available and not rate limiting. */
// BOOL
// This function requires that NV be available and not rate limiting. DAStartup(
BOOL DAStartup(STARTUP_TYPE type // IN: startup type STARTUP_TYPE type // IN: startup type
) )
{ {
NOT_REFERENCED(type); NOT_REFERENCED(type);
#if !ACCUMULATE_SELF_HEAL_TIMER #if !ACCUMULATE_SELF_HEAL_TIMER
_plat__TimerWasReset(); _plat__TimerWasReset();
s_selfHealTimer = 0; s_selfHealTimer = 0;
s_lockoutTimer = 0; s_lockoutTimer = 0;
#else #else
if(_plat__TimerWasReset()) if(_plat__TimerWasReset())
{ {
if(!NV_IS_ORDERLY) if(!NV_IS_ORDERLY)
{ {
// If shutdown was not orderly, then don't really know if go.time has // If shutdown was not orderly, then don't really know if go.time has
// any useful value so reset the timer to 0. This is what the tick // any useful value so reset the timer to 0. This is what the tick
// was reset to // was reset to
s_selfHealTimer = 0; s_selfHealTimer = 0;
s_lockoutTimer = 0; s_lockoutTimer = 0;
} }
else else
{ {
// If we know how much time was accumulated at the last orderly shutdown // If we know how much time was accumulated at the last orderly shutdown
// subtract that from the saved timer values so that they effectively // subtract that from the saved timer values so that they effectively
// have the accumulated values // have the accumulated values
s_selfHealTimer -= go.time; s_selfHealTimer -= go.time;
s_lockoutTimer -= go.time; s_lockoutTimer -= go.time;
} }
} }
#endif #endif
// For any Startup(), if lockoutRecovery is 0, enable use of lockoutAuth. // For any Startup(), if lockoutRecovery is 0, enable use of lockoutAuth.
if(gp.lockoutRecovery == 0) if(gp.lockoutRecovery == 0)
{ {
gp.lockOutAuthEnabled = TRUE; gp.lockOutAuthEnabled = TRUE;
// Record the changes to NV // Record the changes to NV
NV_SYNC_PERSISTENT(lockOutAuthEnabled); NV_SYNC_PERSISTENT(lockOutAuthEnabled);
} }
// If DA has not been disabled and the previous shutdown is not orderly // If DA has not been disabled and the previous shutdown is not orderly
// failedTries is not already at its maximum then increment 'failedTries' // failedTries is not already at its maximum then increment 'failedTries'
if(gp.recoveryTime != 0 && gp.failedTries < gp.maxTries if(gp.recoveryTime != 0
&& gp.failedTries < gp.maxTries
&& !IS_ORDERLY(g_prevOrderlyState)) && !IS_ORDERLY(g_prevOrderlyState))
{ {
#if USE_DA_USED #if USE_DA_USED
gp.failedTries += g_daUsed; gp.failedTries += g_daUsed;
g_daUsed = FALSE; g_daUsed = FALSE;
#else #else
gp.failedTries++; gp.failedTries++;
#endif #endif
// Record the change to NV // Record the change to NV
NV_SYNC_PERSISTENT(failedTries); NV_SYNC_PERSISTENT(failedTries);
} }
// Before Startup, the TPM will not do clock updates. At startup, need to // Before Startup, the TPM will not do clock updates. At startup, need to
// do a time update which will do the DA update. // do a time update which will do the DA update.
TimeUpdate(); TimeUpdate();
return TRUE; return TRUE;
} }
/* 8.2.3.3 DARegisterFailure() */
//*** DARegisterFailure() /* This function is called when an authorization failure occurs on an entity that is subject to
// This function is called when an authorization failure occurs on an entity dictionary-attack protection. When a DA failure is triggered, register the failure by resetting
// that is subject to dictionary-attack protection. When a DA failure is the relevant self-healing timer to the current time. */
// triggered, register the failure by resetting the relevant self-healing void
// timer to the current time. DARegisterFailure(
void DARegisterFailure(TPM_HANDLE handle // IN: handle for failure TPM_HANDLE handle // IN: handle for failure
) )
{ {
// Reset the timer associated with lockout if the handle is the lockoutAuth. // Reset the timer associated with lockout if the handle is the lockoutAuth.
if(handle == TPM_RH_LOCKOUT) if(handle == TPM_RH_LOCKOUT)
s_lockoutTimer = g_time; s_lockoutTimer = g_time;
else else
s_selfHealTimer = g_time; s_selfHealTimer = g_time;
return; return;
} }
/* 8.2.3.4 DASelfHeal() */
//*** DASelfHeal() /* This function is called to check if sufficient time has passed to allow decrement of failedTries
// This function is called to check if sufficient time has passed to allow or to re-enable use of lockoutAuth. */
// decrement of failedTries or to re-enable use of lockoutAuth. /* This function should be called when the time interval is updated. */
// void
// This function should be called when the time interval is updated. DASelfHeal(
void DASelfHeal(void) void
)
{ {
// Regular authorization self healing logic // Regular authorization self healing logic
// If no failed authorization tries, do nothing. Otherwise, try to // If no failed authorization tries, do nothing. Otherwise, try to
// decrease failedTries // decrease failedTries
if(gp.failedTries != 0) if(gp.failedTries != 0)
{ {
// if recovery time is 0, DA logic has been disabled. Clear failed tries // if recovery time is 0, DA logic has been disabled. Clear failed tries
// immediately // immediately
if(gp.recoveryTime == 0) if(gp.recoveryTime == 0)
{ {
gp.failedTries = 0; gp.failedTries = 0;
// Update NV record // Update NV record
NV_SYNC_PERSISTENT(failedTries); NV_SYNC_PERSISTENT(failedTries);
} }
else else
{ {
UINT64 decreaseCount; UINT64 decreaseCount;
#if 0 #if 0 // Errata eliminates this code
// Errata eliminates this code // In the unlikely event that failedTries should become larger than
// In the unlikely event that failedTries should become larger than // maxTries
// maxTries if(gp.failedTries > gp.maxTries)
if(gp.failedTries > gp.maxTries) gp.failedTries = gp.maxTries;
gp.failedTries = gp.maxTries;
#endif #endif
// How much can failedTries be decreased // How much can failedTries be decreased
// Cast s_selfHealTimer to an int in case it became negative at
// Cast s_selfHealTimer to an int in case it became negative at // startup
// startup decreaseCount = ((g_time - (INT64)s_selfHealTimer) / 1000)
decreaseCount = / gp.recoveryTime;
((g_time - (INT64)s_selfHealTimer) / 1000) / gp.recoveryTime; if(gp.failedTries <= (UINT32)decreaseCount)
// should not set failedTries below zero
if(gp.failedTries <= (UINT32)decreaseCount) gp.failedTries = 0;
// should not set failedTries below zero else
gp.failedTries = 0; gp.failedTries -= (UINT32)decreaseCount;
else // the cast prevents overflow of the product
gp.failedTries -= (UINT32)decreaseCount; s_selfHealTimer += (decreaseCount * (UINT64)gp.recoveryTime) * 1000;
if(decreaseCount != 0)
// the cast prevents overflow of the product // If there was a change to the failedTries, record the changes
s_selfHealTimer += (decreaseCount * (UINT64)gp.recoveryTime) * 1000; // to NV
if(decreaseCount != 0) NV_SYNC_PERSISTENT(failedTries);
// If there was a change to the failedTries, record the changes }
// to NV }
NV_SYNC_PERSISTENT(failedTries);
}
}
// LockoutAuth self healing logic // LockoutAuth self healing logic
// If lockoutAuth is enabled, do nothing. Otherwise, try to see if we // If lockoutAuth is enabled, do nothing. Otherwise, try to see if we
// may enable it // may enable it
if(!gp.lockOutAuthEnabled) if(!gp.lockOutAuthEnabled)
{ {
// if lockout authorization recovery time is 0, a reboot is required to // if lockout authorization recovery time is 0, a reboot is required to
// re-enable use of lockout authorization. Self-healing would not // re-enable use of lockout authorization. Self-healing would not
// apply in this case. // apply in this case.
if(gp.lockoutRecovery != 0) if(gp.lockoutRecovery != 0)
{ {
if(((g_time - (INT64)s_lockoutTimer) / 1000) >= gp.lockoutRecovery) if(((g_time - (INT64)s_lockoutTimer) / 1000) >= gp.lockoutRecovery)
{ {
gp.lockOutAuthEnabled = TRUE; gp.lockOutAuthEnabled = TRUE;
// Record the changes to NV // Record the changes to NV
NV_SYNC_PERSISTENT(lockOutAuthEnabled); NV_SYNC_PERSISTENT(lockOutAuthEnabled);
} }
} }
} }
return; return;
} }

64
src/tpm2/DA_fp.h
View File

@ -59,47 +59,29 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef DA_FP_H
* Created by TpmPrototypes; Version 3.0 July 18, 2017 #define DA_FP_H
* Date: Apr 2, 2019 Time: 04:23:27PM
*/
#ifndef _DA_FP_H_ void
#define _DA_FP_H_ DAPreInstall_Init(
void
);
void
DAInit(
void
);
BOOL
DAStartup(
STARTUP_TYPE type // IN: startup type
);
void
DARegisterFailure(
TPM_HANDLE handle // IN: handle for failure
);
void
DASelfHeal(
void
);
//*** DAPreInstall_Init()
// This function initializes the DA parameters to their manufacturer-default
// values. The default values are determined by a platform-specific specification.
//
// This function should not be called outside of a manufacturing or simulation
// environment.
//
// The DA parameters will be restored to these initial values by TPM2_Clear().
void DAPreInstall_Init(void);
//*** DAStartup() #endif
// This function is called by TPM2_Startup() to initialize the DA parameters.
// In the case of Startup(CLEAR), use of lockoutAuth will be enabled if the
// lockout recovery time is 0. Otherwise, lockoutAuth will not be enabled until
// the TPM has been continuously powered for the lockoutRecovery time.
//
// This function requires that NV be available and not rate limiting.
BOOL DAStartup(STARTUP_TYPE type // IN: startup type
);
//*** DARegisterFailure()
// This function is called when a authorization failure occurs on an entity
// that is subject to dictionary-attack protection. When a DA failure is
// triggered, register the failure by resetting the relevant self-healing
// timer to the current time.
void DARegisterFailure(TPM_HANDLE handle // IN: handle for failure
);
//*** DASelfHeal()
// This function is called to check if sufficient time has passed to allow
// decrement of failedTries or to re-enable use of lockoutAuth.
//
// This function should be called when the time interval is updated.
void DASelfHeal(void);
#endif // _DA_FP_H_

131
src/tpm2/DebugHelpers.c
View File

@ -59,89 +59,102 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
//** Description /* C.13 DebugHelpers.c */
// /* C.13.1. Description */
// This file contains the NV read and write access methods. This implementation /* This file contains the NV read and write access methods. This implementation uses RAM/file and
// uses RAM/file and does not manage the RAM/file as NV blocks. does not manage the RAM/file as NV blocks. The implementation may become more sophisticated over
// The implementation may become more sophisticated over time. time. */
// /* C.13.2. Includes and Local */
#include <stdio.h>
//** Includes and Local #include <time.h>
#include <stdio.h>
#include <time.h>
#include "Platform.h" #include "Platform.h"
#include "DebugHelpers_fp.h"
#if CERTIFYX509_DEBUG #if CERTIFYX509_DEBUG
const char *debugFileName = "DebugFile.txt";
const char* debugFileName = "DebugFile.txt"; /* C.13.2.1. fileOpen() */
//*** fileOpen() /* This exists to allow use of the safe version of fopen() with a MS runtime. */
// This exists to allow use of the 'safe' version of fopen() with a MS runtime.
static FILE* fileOpen(const char* fn, const char* mode) static FILE *
fileOpen(
const char *fn,
const char *mode
)
{ {
FILE* f; FILE *f;
# if defined _MSC_VER # if defined _MSC_VER
if(fopen_s(&f, fn, mode) != 0) if(fopen_s(&f, fn, mode) != 0)
f = NULL; f = NULL;
# else # else
f = fopen(fn, mode); f = fopen(fn, mode);
# endif # endif
return f; return f;
} }
/* C.13.2.2. DebugFileInit() */
//*** DebugFileInit() /* This function initializes the file containing the debug data with the time of the file
// This function initializes the file containing the debug data with the time of the creation. */
// file creation. /* This function opens the file used to hold the debug data. */
// Return Type: int /* Return Value Meaning */
// 0 success /* 0 success */
// != 0 error /* != 0 error */
int DebugFileInit(void) int
DebugFileInit(
void
)
{ {
FILE* f = NULL; FILE *f = NULL;
time_t t = time(NULL); time_t t = time(NULL);
// //
// Get current date and time. // Get current date and time.
# if defined _MSC_VER # if defined _MSC_VER
char timeString[100]; char timeString[100];
ctime_s(timeString, (size_t)sizeof(timeString), &t); ctime_s(timeString, (size_t)sizeof(timeString), &t);
# else # else
char* timeString; char *timeString;
timeString = ctime(&t); timeString = ctime(&t);
# endif # endif
// Try to open the debug file // Try to open the debug file
f = fileOpen(debugFileName, "w"); f = fileOpen(debugFileName, "w");
if(f) if(f)
{ {
// Initialize the contents with the time. /* Initialize the contents with the time. */
fprintf(f, "%s\n", timeString); fprintf(f, "%s\n", timeString);
fclose(f); fclose(f);
return 0; return 0;
} }
return -1; return -1;
} }
//*** DebugDumpBuffer() /* C.13.2.3. DebugDumpBuffer() */
void DebugDumpBuffer(int size, unsigned char* buf, const char* identifier)
void
DebugDumpBuffer(
int size,
unsigned char *buf,
const char *identifier
)
{ {
int i; int i;
// //
FILE* f = fileOpen(debugFileName, "a"); FILE *f = fileOpen(debugFileName, "a");
if(!f) if(!f)
return; return;
if(identifier) if(identifier)
fprintf(f, "%s\n", identifier); fprintf(f, "%s\n", identifier);
if(buf) if(buf)
{ {
for(i = 0; i < size; i++) for(i = 0; i < size; i++)
{ {
if(((i % 16) == 0) && (i)) if(((i % 16) == 0) && (i))
fprintf(f, "\n"); fprintf(f, "\n");
fprintf(f, " %02X", buf[i]); fprintf(f, " %02X", buf[i]);
} }
if((size % 16) != 0) if((size % 16) != 0)
fprintf(f, "\n"); fprintf(f, "\n");
} }
fclose(f); fclose(f);
} }
#endif // CERTIFYX509_DEBUG #endif // CERTIFYX509_DEBUG

27
src/tpm2/DictionaryAttackLockReset_fp.h
View File

@ -59,26 +59,21 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef DICTIONARYATTACKLOCKRESET_FP_H
#define DICTIONARYATTACKLOCKRESET_FP_H
#if CC_DictionaryAttackLockReset // Command must be enabled typedef struct {
TPMI_RH_LOCKOUT lockHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_DICTIONARYATTACKLOCKRESET_FP_H_
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_DICTIONARYATTACKLOCKRESET_FP_H_
// Input structure definition
typedef struct
{
TPMI_RH_LOCKOUT lockHandle;
} DictionaryAttackLockReset_In; } DictionaryAttackLockReset_In;
// Response code modifiers #define RC_DictionaryAttackLockReset_lockHandle (TPM_RC_H + TPM_RC_1)
# define RC_DictionaryAttackLockReset_lockHandle (TPM_RC_H + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_DictionaryAttackLockReset(DictionaryAttackLockReset_In* in); TPM2_DictionaryAttackLockReset(
DictionaryAttackLockReset_In *in // IN: input parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_DICTIONARYATTACKLOCKRESET_FP_H_
#endif // CC_DictionaryAttackLockReset #endif

38
src/tpm2/DictionaryAttackParameters_fp.h
View File

@ -59,32 +59,28 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef DICTIONARYATTACKPARAMETERS_FP_H
#define DICTIONARYATTACKPARAMETERS_FP_H
#if CC_DictionaryAttackParameters // Command must be enabled
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_DICTIONARYATTACKPARAMETERS_FP_H_ typedef struct {
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_DICTIONARYATTACKPARAMETERS_FP_H_ TPMI_RH_LOCKOUT lockHandle;
UINT32 newMaxTries;
// Input structure definition UINT32 newRecoveryTime;
typedef struct UINT32 lockoutRecovery;
{
TPMI_RH_LOCKOUT lockHandle;
UINT32 newMaxTries;
UINT32 newRecoveryTime;
UINT32 lockoutRecovery;
} DictionaryAttackParameters_In; } DictionaryAttackParameters_In;
// Response code modifiers #define RC_DictionaryAttackParameters_lockHandle (TPM_RC_H + TPM_RC_1)
# define RC_DictionaryAttackParameters_lockHandle (TPM_RC_H + TPM_RC_1) #define RC_DictionaryAttackParameters_newMaxTries (TPM_RC_P + TPM_RC_1)
# define RC_DictionaryAttackParameters_newMaxTries (TPM_RC_P + TPM_RC_1) #define RC_DictionaryAttackParameters_newRecoveryTime (TPM_RC_P + TPM_RC_2)
# define RC_DictionaryAttackParameters_newRecoveryTime (TPM_RC_P + TPM_RC_2) #define RC_DictionaryAttackParameters_lockoutRecovery (TPM_RC_P + TPM_RC_3)
# define RC_DictionaryAttackParameters_lockoutRecovery (TPM_RC_P + TPM_RC_3)
// Function prototype
TPM_RC TPM_RC
TPM2_DictionaryAttackParameters(DictionaryAttackParameters_In* in); TPM2_DictionaryAttackParameters(
DictionaryAttackParameters_In *in // IN: input parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_DICTIONARYATTACKPARAMETERS_FP_H_
#endif // CC_DictionaryAttackParameters #endif

49
src/tpm2/Duplicate_fp.h
View File

@ -59,40 +59,33 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef DUPLICATE_FP_H
#define DUPLICATE_FP_H
#if CC_Duplicate // Command must be enabled typedef struct {
TPMI_DH_OBJECT objectHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_DUPLICATE_FP_H_ TPMI_DH_OBJECT newParentHandle;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_DUPLICATE_FP_H_ TPM2B_DATA encryptionKeyIn;
TPMT_SYM_DEF_OBJECT symmetricAlg;
// Input structure definition
typedef struct
{
TPMI_DH_OBJECT objectHandle;
TPMI_DH_OBJECT newParentHandle;
TPM2B_DATA encryptionKeyIn;
TPMT_SYM_DEF_OBJECT symmetricAlg;
} Duplicate_In; } Duplicate_In;
// Output structure definition typedef struct {
typedef struct TPM2B_DATA encryptionKeyOut;
{ TPM2B_PRIVATE duplicate;
TPM2B_DATA encryptionKeyOut; TPM2B_ENCRYPTED_SECRET outSymSeed;
TPM2B_PRIVATE duplicate;
TPM2B_ENCRYPTED_SECRET outSymSeed;
} Duplicate_Out; } Duplicate_Out;
// Response code modifiers #define RC_Duplicate_objectHandle (TPM_RC_H + TPM_RC_1)
# define RC_Duplicate_objectHandle (TPM_RC_H + TPM_RC_1) #define RC_Duplicate_newParentHandle (TPM_RC_H + TPM_RC_2)
# define RC_Duplicate_newParentHandle (TPM_RC_H + TPM_RC_2) #define RC_Duplicate_encryptionKeyIn (TPM_RC_P + TPM_RC_1)
# define RC_Duplicate_encryptionKeyIn (TPM_RC_P + TPM_RC_1) #define RC_Duplicate_symmetricAlg (TPM_RC_P + TPM_RC_2)
# define RC_Duplicate_symmetricAlg (TPM_RC_P + TPM_RC_2)
// Function prototype
TPM_RC TPM_RC
TPM2_Duplicate(Duplicate_In* in, Duplicate_Out* out); TPM2_Duplicate(
Duplicate_In *in, // IN: input parameter list
Duplicate_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_DUPLICATE_FP_H_ #endif
#endif // CC_Duplicate

2
src/tpm2/EACommands.c
View File

@ -1643,7 +1643,7 @@ TPM2_PolicyAuthorizeNV(PolicyAuthorizeNV_In* in)
#include "CommandCodeAttributes_fp.h" #include "CommandCodeAttributes_fp.h"
#include "CryptEccMain_fp.h" #include "CryptEccMain_fp.h"
#include "Handle_fp.h" #include "Handle_fp.h"
#include "NvDynamic_fp.h" #include "NVDynamic_fp.h"
#include "Object_fp.h" #include "Object_fp.h"
#include "PCR_fp.h" #include "PCR_fp.h"
#include "PP_fp.h" #include "PP_fp.h"

36
src/tpm2/ECC_Parameters_fp.h
View File

@ -59,32 +59,26 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef ECC_PARAMETERS_FP_H
#define ECC_PARAMETERS_FP_H
#if CC_ECC_Parameters // Command must be enabled typedef struct {
TPMI_ECC_CURVE curveID;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECC_PARAMETERS_FP_H_
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECC_PARAMETERS_FP_H_
// Input structure definition
typedef struct
{
TPMI_ECC_CURVE curveID;
} ECC_Parameters_In; } ECC_Parameters_In;
// Output structure definition #define RC_ECC_Parameters_curveID (TPM_RC_P + TPM_RC_1)
typedef struct
{ typedef struct {
TPMS_ALGORITHM_DETAIL_ECC parameters; TPMS_ALGORITHM_DETAIL_ECC parameters;
} ECC_Parameters_Out; } ECC_Parameters_Out;
// Response code modifiers
# define RC_ECC_Parameters_curveID (TPM_RC_P + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_ECC_Parameters(ECC_Parameters_In* in, ECC_Parameters_Out* out); TPM2_ECC_Parameters(
ECC_Parameters_In *in, // IN: input parameter list
ECC_Parameters_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECC_PARAMETERS_FP_H_
#endif // CC_ECC_Parameters #endif

38
src/tpm2/ECDH_KeyGen_fp.h
View File

@ -59,33 +59,27 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef ECDH_KEYGEN_FP_H
#define ECDH_KEYGEN_FP_H
#if CC_ECDH_KeyGen // Command must be enabled typedef struct {
TPMI_DH_OBJECT keyHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECDH_KEYGEN_FP_H_
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECDH_KEYGEN_FP_H_
// Input structure definition
typedef struct
{
TPMI_DH_OBJECT keyHandle;
} ECDH_KeyGen_In; } ECDH_KeyGen_In;
// Output structure definition #define RC_ECDH_KeyGen_keyHandle (TPM_RC_H + TPM_RC_1)
typedef struct
{ typedef struct {
TPM2B_ECC_POINT zPoint; TPM2B_ECC_POINT zPoint;
TPM2B_ECC_POINT pubPoint; TPM2B_ECC_POINT pubPoint;
} ECDH_KeyGen_Out; } ECDH_KeyGen_Out;
// Response code modifiers
# define RC_ECDH_KeyGen_keyHandle (TPM_RC_H + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_ECDH_KeyGen(ECDH_KeyGen_In* in, ECDH_KeyGen_Out* out); TPM2_ECDH_KeyGen(
ECDH_KeyGen_In *in, // IN: input parameter list
ECDH_KeyGen_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECDH_KEYGEN_FP_H_
#endif // CC_ECDH_KeyGen #endif

40
src/tpm2/ECDH_ZGen_fp.h
View File

@ -59,34 +59,28 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef ECDH_ZGEN_FP_H
#define ECDH_ZGEN_FP_H
#if CC_ECDH_ZGen // Command must be enabled typedef struct {
TPMI_DH_OBJECT keyHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECDH_ZGEN_FP_H_ TPM2B_ECC_POINT inPoint;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECDH_ZGEN_FP_H_
// Input structure definition
typedef struct
{
TPMI_DH_OBJECT keyHandle;
TPM2B_ECC_POINT inPoint;
} ECDH_ZGen_In; } ECDH_ZGen_In;
// Output structure definition #define RC_ECDH_ZGen_keyHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_ECDH_ZGen_inPoint (TPM_RC_P + TPM_RC_1)
{
TPM2B_ECC_POINT outPoint; typedef struct {
TPM2B_ECC_POINT outPoint;
} ECDH_ZGen_Out; } ECDH_ZGen_Out;
// Response code modifiers
# define RC_ECDH_ZGen_keyHandle (TPM_RC_H + TPM_RC_1)
# define RC_ECDH_ZGen_inPoint (TPM_RC_P + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_ECDH_ZGen(ECDH_ZGen_In* in, ECDH_ZGen_Out* out); TPM2_ECDH_ZGen(
ECDH_ZGen_In *in, // IN: input parameter list
ECDH_ZGen_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ECDH_ZGEN_FP_H_
#endif // CC_ECDH_ZGen #endif

37
src/tpm2/EC_Ephemeral_fp.h
View File

@ -59,33 +59,26 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef EC_EPHEMERAL_FP_H
#define EC_EPHEMERAL_FP_H
#if CC_EC_Ephemeral // Command must be enabled typedef struct {
TPMI_ECC_CURVE curveID;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_EC_EPHEMERAL_FP_H_
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_EC_EPHEMERAL_FP_H_
// Input structure definition
typedef struct
{
TPMI_ECC_CURVE curveID;
} EC_Ephemeral_In; } EC_Ephemeral_In;
// Output structure definition #define RC_EC_Ephemeral_curveID (TPM_RC_P + TPM_RC_1)
typedef struct
{ typedef struct {
TPM2B_ECC_POINT Q; TPM2B_ECC_POINT Q;
UINT16 counter; UINT16 counter;
} EC_Ephemeral_Out; } EC_Ephemeral_Out;
// Response code modifiers
# define RC_EC_Ephemeral_curveID (TPM_RC_P + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_EC_Ephemeral(EC_Ephemeral_In* in, EC_Ephemeral_Out* out); TPM2_EC_Ephemeral(
EC_Ephemeral_In *in, // IN: input parameter list
EC_Ephemeral_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_EC_EPHEMERAL_FP_H_ #endif
#endif // CC_EC_Ephemeral

236
src/tpm2/EccTestData.h
View File

@ -59,153 +59,97 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
// This file contains the parameter data for ECC testing. #ifdef SELF_TEST_DATA
#ifdef SELF_TEST_DATA
TPM2B_TYPE(EC_TEST, 32); TPM2B_TYPE(EC_TEST, 32);
const TPM_ECC_CURVE c_testCurve = 00003; const TPM_ECC_CURVE c_testCurve = 00003;
// The static key
// The "static" key const TPM2B_EC_TEST c_ecTestKey_ds = {{32, {
0xdf,0x8d,0xa4,0xa3,0x88,0xf6,0x76,0x96,0x89,0xfc,0x2f,0x2d,0xa1,0xb4,0x39,0x7a,
const TPM2B_EC_TEST c_ecTestKey_ds = { 0x78,0xc4,0x7f,0x71,0x8c,0xa6,0x91,0x85,0xc0,0xbf,0xf3,0x54,0x20,0x91,0x2f,0x73}}};
{32, {0xdf, 0x8d, 0xa4, 0xa3, 0x88, 0xf6, 0x76, 0x96, 0x89, 0xfc, 0x2f, const TPM2B_EC_TEST c_ecTestKey_QsX = {{32, {
0x2d, 0xa1, 0xb4, 0x39, 0x7a, 0x78, 0xc4, 0x7f, 0x71, 0x8c, 0xa6, 0x17,0xad,0x2f,0xcb,0x18,0xd4,0xdb,0x3f,0x2c,0x53,0x13,0x82,0x42,0x97,0xff,0x8d,
0x91, 0x85, 0xc0, 0xbf, 0xf3, 0x54, 0x20, 0x91, 0x2f, 0x73}}}; 0x99,0x50,0x16,0x02,0x35,0xa7,0x06,0xae,0x1f,0xda,0xe2,0x9c,0x12,0x77,0xc0,0xf9}}};
const TPM2B_EC_TEST c_ecTestKey_QsY = {{32, {
const TPM2B_EC_TEST c_ecTestKey_QsX = { 0xa6,0xca,0xf2,0x18,0x45,0x96,0x6e,0x58,0xe6,0x72,0x34,0x12,0x89,0xcd,0xaa,0xad,
{32, {0x17, 0xad, 0x2f, 0xcb, 0x18, 0xd4, 0xdb, 0x3f, 0x2c, 0x53, 0x13, 0xcb,0x68,0xb2,0x51,0xdc,0x5e,0xd1,0x6d,0x38,0x20,0x35,0x57,0xb2,0xfd,0xc7,0x52}}};
0x82, 0x42, 0x97, 0xff, 0x8d, 0x99, 0x50, 0x16, 0x02, 0x35, 0xa7, // The ephemeral key
0x06, 0xae, 0x1f, 0xda, 0xe2, 0x9c, 0x12, 0x77, 0xc0, 0xf9}}}; const TPM2B_EC_TEST c_ecTestKey_de = {{32, {
0xb6,0xb5,0x33,0x5c,0xd1,0xee,0x52,0x07,0x99,0xea,0x2e,0x8f,0x8b,0x19,0x18,0x07,
const TPM2B_EC_TEST c_ecTestKey_QsY = { 0xc1,0xf8,0xdf,0xdd,0xb8,0x77,0x00,0xc7,0xd6,0x53,0x21,0xed,0x02,0x53,0xee,0xac}}};
{32, {0xa6, 0xca, 0xf2, 0x18, 0x45, 0x96, 0x6e, 0x58, 0xe6, 0x72, 0x34, const TPM2B_EC_TEST c_ecTestKey_QeX = {{32, {
0x12, 0x89, 0xcd, 0xaa, 0xad, 0xcb, 0x68, 0xb2, 0x51, 0xdc, 0x5e, 0xa5,0x1e,0x80,0xd1,0x76,0x3e,0x8b,0x96,0xce,0xcc,0x21,0x82,0xc9,0xa2,0xa2,0xed,
0xd1, 0x6d, 0x38, 0x20, 0x35, 0x57, 0xb2, 0xfd, 0xc7, 0x52}}}; 0x47,0x21,0x89,0x53,0x44,0xe9,0xc7,0x92,0xe7,0x31,0x48,0x38,0xe6,0xea,0x93,0x47}}};
const TPM2B_EC_TEST c_ecTestKey_QeY = {{32, {
// The "ephemeral" key 0x30,0xe6,0x4f,0x97,0x03,0xa1,0xcb,0x3b,0x32,0x2a,0x70,0x39,0x94,0xeb,0x4e,0xea,
0x55,0x88,0x81,0x3f,0xb5,0x00,0xb8,0x54,0x25,0xab,0xd4,0xda,0xfd,0x53,0x7a,0x18}}};
const TPM2B_EC_TEST c_ecTestKey_de = {
{32, {0xb6, 0xb5, 0x33, 0x5c, 0xd1, 0xee, 0x52, 0x07, 0x99, 0xea, 0x2e,
0x8f, 0x8b, 0x19, 0x18, 0x07, 0xc1, 0xf8, 0xdf, 0xdd, 0xb8, 0x77,
0x00, 0xc7, 0xd6, 0x53, 0x21, 0xed, 0x02, 0x53, 0xee, 0xac}}};
const TPM2B_EC_TEST c_ecTestKey_QeX = {
{32, {0xa5, 0x1e, 0x80, 0xd1, 0x76, 0x3e, 0x8b, 0x96, 0xce, 0xcc, 0x21,
0x82, 0xc9, 0xa2, 0xa2, 0xed, 0x47, 0x21, 0x89, 0x53, 0x44, 0xe9,
0xc7, 0x92, 0xe7, 0x31, 0x48, 0x38, 0xe6, 0xea, 0x93, 0x47}}};
const TPM2B_EC_TEST c_ecTestKey_QeY = {
{32, {0x30, 0xe6, 0x4f, 0x97, 0x03, 0xa1, 0xcb, 0x3b, 0x32, 0x2a, 0x70,
0x39, 0x94, 0xeb, 0x4e, 0xea, 0x55, 0x88, 0x81, 0x3f, 0xb5, 0x00,
0xb8, 0x54, 0x25, 0xab, 0xd4, 0xda, 0xfd, 0x53, 0x7a, 0x18}}};
// ECDH test results // ECDH test results
const TPM2B_EC_TEST c_ecTestEcdh_X = { const TPM2B_EC_TEST c_ecTestEcdh_X = {{32, {
{32, {0x64, 0x02, 0x68, 0x92, 0x78, 0xdb, 0x33, 0x52, 0xed, 0x3b, 0xfa, 0x64,0x02,0x68,0x92,0x78,0xdb,0x33,0x52,0xed,0x3b,0xfa,0x3b,0x74,0xa3,0x3d,0x2c,
0x3b, 0x74, 0xa3, 0x3d, 0x2c, 0x2f, 0x9c, 0x59, 0x03, 0x07, 0xf8, 0x2f,0x9c,0x59,0x03,0x07,0xf8,0x22,0x90,0xed,0xe3,0x45,0xf8,0x2a,0x0a,0xd8,0x1d}}};
0x22, 0x90, 0xed, 0xe3, 0x45, 0xf8, 0x2a, 0x0a, 0xd8, 0x1d}}}; const TPM2B_EC_TEST c_ecTestEcdh_Y = {{32, {
0x58,0x94,0x05,0x82,0xbe,0x5f,0x33,0x02,0x25,0x90,0x3a,0x33,0x90,0x89,0xe3,0xe5,
const TPM2B_EC_TEST c_ecTestEcdh_Y = { 0x10,0x4a,0xbc,0x78,0xa5,0xc5,0x07,0x64,0xaf,0x91,0xbc,0xe6,0xff,0x85,0x11,0x40}}};
{32, {0x58, 0x94, 0x05, 0x82, 0xbe, 0x5f, 0x33, 0x02, 0x25, 0x90, 0x3a,
0x33, 0x90, 0x89, 0xe3, 0xe5, 0x10, 0x4a, 0xbc, 0x78, 0xa5, 0xc5,
0x07, 0x64, 0xaf, 0x91, 0xbc, 0xe6, 0xff, 0x85, 0x11, 0x40}}};
TPM2B_TYPE(TEST_VALUE, 64); TPM2B_TYPE(TEST_VALUE, 64);
const TPM2B_TEST_VALUE c_ecTestValue = { const TPM2B_TEST_VALUE c_ecTestValue = {{64, {
{64, 0x78,0xd5,0xd4,0x56,0x43,0x61,0xdb,0x97,0xa4,0x32,0xc4,0x0b,0x06,0xa9,0xa8,0xa0,
{0x78, 0xd5, 0xd4, 0x56, 0x43, 0x61, 0xdb, 0x97, 0xa4, 0x32, 0xc4, 0x0b, 0x06, 0xf4,0x45,0x7f,0x13,0xd8,0x13,0x81,0x0b,0xe5,0x76,0xbe,0xaa,0xb6,0x3f,0x8d,0x4d,
0xa9, 0xa8, 0xa0, 0xf4, 0x45, 0x7f, 0x13, 0xd8, 0x13, 0x81, 0x0b, 0xe5, 0x76, 0x23,0x65,0xcc,0xa7,0xc9,0x19,0x10,0xce,0x69,0xcb,0x0c,0xc7,0x11,0x8d,0xc3,0xff,
0xbe, 0xaa, 0xb6, 0x3f, 0x8d, 0x4d, 0x23, 0x65, 0xcc, 0xa7, 0xc9, 0x19, 0x10, 0x62,0x69,0xa2,0xbe,0x46,0x90,0xe7,0x7d,0x81,0x77,0x94,0x65,0x1c,0x3e,0xc1,0x3e}}};
0xce, 0x69, 0xcb, 0x0c, 0xc7, 0x11, 0x8d, 0xc3, 0xff, 0x62, 0x69, 0xa2, 0xbe, #if ALG_SHA1_VALUE == DEFAULT_TEST_HASH
0x46, 0x90, 0xe7, 0x7d, 0x81, 0x77, 0x94, 0x65, 0x1c, 0x3e, 0xc1, 0x3e}}}; const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
0x57,0xf3,0x36,0xb7,0xec,0xc2,0xdd,0x76,0x0e,0xe2,0x81,0x21,0x49,0xc5,0x66,0x11,
0x4b,0x8a,0x4f,0x17,0x62,0x82,0xcc,0x06,0xf6,0x64,0x78,0xef,0x6b,0x7c,0xf2,0x6c}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {{32, {
0x1b,0xed,0x23,0x72,0x8f,0x17,0x5f,0x47,0x2e,0xa7,0x97,0x2c,0x51,0x57,0x20,0x70,
0x6f,0x89,0x74,0x8a,0xa8,0xf4,0x26,0xf4,0x96,0xa1,0xb8,0x3e,0xe5,0x35,0xc5,0x94}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x1b,0x08,0x9f,0xde,
0xef,0x62,0xe3,0xf1,0x14,0xcb,0x54,0x28,0x13,0x76,0xfc,0x6d,0x69,0x22,0xb5,0x3e}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{
0xd9,0xd3,0x20,0xfb,0x4d,0x16,0xf2,0xe6,0xe2,0x45,0x07,0x45,0x1c,0x92,0x92,0x92,
0xa9,0x6b,0x48,0xf8,0xd1,0x98,0x29,0x4d,0xd3,0x8f,0x56,0xf2,0xbb,0x2e,0x22,0x3b}}};
#endif // SHA1
#if ALG_SHA256_VALUE == DEFAULT_TEST_HASH
const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
0x04,0x7d,0x54,0xeb,0x04,0x6f,0x56,0xec,0xa2,0x6c,0x38,0x8c,0xeb,0x43,0x0b,0x71,
0xf8,0xf2,0xf4,0xa5,0xe0,0x1d,0x3c,0xa2,0x39,0x31,0xe4,0xe7,0x36,0x3b,0xb5,0x5f}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {{32, {
0x8f,0xd0,0x12,0xd9,0x24,0x75,0xf6,0xc4,0x3b,0xb5,0x46,0x75,0x3a,0x41,0x8d,0x80,
0x23,0x99,0x38,0xd7,0xe2,0x40,0xca,0x9a,0x19,0x2a,0xfc,0x54,0x75,0xd3,0x4a,0x6e}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, {
0xf7,0xb9,0x15,0x4c,0x34,0xf6,0x41,0x19,0xa3,0xd2,0xf1,0xbd,0xf4,0x13,0x6a,0x4f,
0x63,0xb8,0x4d,0xb5,0xc8,0xcd,0xde,0x85,0x95,0xa5,0x39,0x0a,0x14,0x49,0x3d,0x2f}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{
0xfe,0xbe,0x17,0xaa,0x31,0x22,0x9f,0xd0,0xd2,0xf5,0x25,0x04,0x92,0xb0,0xaa,0x4e,
0xcc,0x1c,0xb6,0x79,0xd6,0x42,0xb3,0x4e,0x3f,0xbb,0xfe,0x5f,0xd0,0xd0,0x8b,0xc3}}};
#endif // SHA256
#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH
const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
0xf5,0x74,0x6d,0xd6,0xc6,0x56,0x86,0xbb,0xba,0x1c,0xba,0x75,0x65,0xee,0x64,0x31,
0xce,0x04,0xe3,0x9f,0x24,0x3f,0xbd,0xfe,0x04,0xcd,0xab,0x7e,0xfe,0xad,0xcb,0x82}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {{32, {
0xc2,0x4f,0x32,0xa1,0x06,0xc0,0x85,0x4f,0xc6,0xd8,0x31,0x66,0x91,0x9f,0x79,0xcd,
0x5b,0xe5,0x7b,0x94,0xa1,0x91,0x38,0xac,0xd4,0x20,0xa2,0x10,0xf0,0xd5,0x9d,0xbf}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, {
0x1e,0xb8,0xe1,0xbf,0xa1,0x9e,0x39,0x1e,0x58,0xa2,0xe6,0x59,0xd0,0x1a,0x6a,0x03,
0x6a,0x1f,0x1c,0x4f,0x36,0x19,0xc1,0xec,0x30,0xa4,0x85,0x1b,0xe9,0x74,0x35,0x66}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{
0xb9,0xe6,0xe3,0x7e,0xcb,0xb9,0xea,0xf1,0xcc,0xf4,0x48,0x44,0x4a,0xda,0xc8,0xd7,
0x87,0xb4,0xba,0x40,0xfe,0x5b,0x68,0x11,0x14,0xcf,0xa0,0x0e,0x85,0x46,0x99,0x01}}};
#endif // SHA384
#if ALG_SHA512_VALUE == DEFAULT_TEST_HASH
const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
0xc9,0x71,0xa6,0xb4,0xaf,0x46,0x26,0x8c,0x27,0x00,0x06,0x3b,0x00,0x0f,0xa3,0x17,
0x72,0x48,0x40,0x49,0x4d,0x51,0x4f,0xa4,0xcb,0x7e,0x86,0xe9,0xe7,0xb4,0x79,0xb2}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {{32,{
0x87,0xbc,0xc0,0xed,0x74,0x60,0x9e,0xfa,0x4e,0xe8,0x16,0xf3,0xf9,0x6b,0x26,0x07,
0x3c,0x74,0x31,0x7e,0xf0,0x62,0x46,0xdc,0xd6,0x45,0x22,0x47,0x3e,0x0c,0xa0,0x02}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{
0xcc,0x07,0xad,0x65,0x91,0xdd,0xa0,0x10,0x23,0xae,0x53,0xec,0xdf,0xf1,0x50,0x90,
0x16,0x96,0xf4,0x45,0x09,0x73,0x9c,0x84,0xb5,0x5c,0x5f,0x08,0x51,0xcb,0x60,0x01}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{
0x55,0x20,0x21,0x54,0xe2,0x49,0x07,0x47,0x71,0xf4,0x99,0x15,0x54,0xf3,0xab,0x14,
0xdb,0x8e,0xda,0x79,0xb6,0x02,0x0e,0xe3,0x5e,0x6f,0x2c,0xb6,0x05,0xbd,0x14,0x10}}};
#endif // SHA512
#endif // SELF_TEST_DATA
# if ALG_SHA1_VALUE == DEFAULT_TEST_HASH
const TPM2B_EC_TEST c_TestEcDsa_r = {
{32, {0x57, 0xf3, 0x36, 0xb7, 0xec, 0xc2, 0xdd, 0x76, 0x0e, 0xe2, 0x81,
0x21, 0x49, 0xc5, 0x66, 0x11, 0x4b, 0x8a, 0x4f, 0x17, 0x62, 0x82,
0xcc, 0x06, 0xf6, 0x64, 0x78, 0xef, 0x6b, 0x7c, 0xf2, 0x6c}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {
{32, {0x1b, 0xed, 0x23, 0x72, 0x8f, 0x17, 0x5f, 0x47, 0x2e, 0xa7, 0x97,
0x2c, 0x51, 0x57, 0x20, 0x70, 0x6f, 0x89, 0x74, 0x8a, 0xa8, 0xf4,
0x26, 0xf4, 0x96, 0xa1, 0xb8, 0x3e, 0xe5, 0x35, 0xc5, 0x94}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {
{32, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x1b, 0x08, 0x9f, 0xde, 0xef, 0x62, 0xe3, 0xf1, 0x14, 0xcb,
0x54, 0x28, 0x13, 0x76, 0xfc, 0x6d, 0x69, 0x22, 0xb5, 0x3e}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {
{32, {0xd9, 0xd3, 0x20, 0xfb, 0x4d, 0x16, 0xf2, 0xe6, 0xe2, 0x45, 0x07,
0x45, 0x1c, 0x92, 0x92, 0x92, 0xa9, 0x6b, 0x48, 0xf8, 0xd1, 0x98,
0x29, 0x4d, 0xd3, 0x8f, 0x56, 0xf2, 0xbb, 0x2e, 0x22, 0x3b}}};
# endif // SHA1
# if ALG_SHA256_VALUE == DEFAULT_TEST_HASH
const TPM2B_EC_TEST c_TestEcDsa_r = {
{32, {0x04, 0x7d, 0x54, 0xeb, 0x04, 0x6f, 0x56, 0xec, 0xa2, 0x6c, 0x38,
0x8c, 0xeb, 0x43, 0x0b, 0x71, 0xf8, 0xf2, 0xf4, 0xa5, 0xe0, 0x1d,
0x3c, 0xa2, 0x39, 0x31, 0xe4, 0xe7, 0x36, 0x3b, 0xb5, 0x5f}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {
{32, {0x8f, 0xd0, 0x12, 0xd9, 0x24, 0x75, 0xf6, 0xc4, 0x3b, 0xb5, 0x46,
0x75, 0x3a, 0x41, 0x8d, 0x80, 0x23, 0x99, 0x38, 0xd7, 0xe2, 0x40,
0xca, 0x9a, 0x19, 0x2a, 0xfc, 0x54, 0x75, 0xd3, 0x4a, 0x6e}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {
{32, {0xf7, 0xb9, 0x15, 0x4c, 0x34, 0xf6, 0x41, 0x19, 0xa3, 0xd2, 0xf1,
0xbd, 0xf4, 0x13, 0x6a, 0x4f, 0x63, 0xb8, 0x4d, 0xb5, 0xc8, 0xcd,
0xde, 0x85, 0x95, 0xa5, 0x39, 0x0a, 0x14, 0x49, 0x3d, 0x2f}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {
{32, {0xfe, 0xbe, 0x17, 0xaa, 0x31, 0x22, 0x9f, 0xd0, 0xd2, 0xf5, 0x25,
0x04, 0x92, 0xb0, 0xaa, 0x4e, 0xcc, 0x1c, 0xb6, 0x79, 0xd6, 0x42,
0xb3, 0x4e, 0x3f, 0xbb, 0xfe, 0x5f, 0xd0, 0xd0, 0x8b, 0xc3}}};
# endif // SHA256
# if ALG_SHA384_VALUE == DEFAULT_TEST_HASH
const TPM2B_EC_TEST c_TestEcDsa_r = {
{32, {0xf5, 0x74, 0x6d, 0xd6, 0xc6, 0x56, 0x86, 0xbb, 0xba, 0x1c, 0xba,
0x75, 0x65, 0xee, 0x64, 0x31, 0xce, 0x04, 0xe3, 0x9f, 0x24, 0x3f,
0xbd, 0xfe, 0x04, 0xcd, 0xab, 0x7e, 0xfe, 0xad, 0xcb, 0x82}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {
{32, {0xc2, 0x4f, 0x32, 0xa1, 0x06, 0xc0, 0x85, 0x4f, 0xc6, 0xd8, 0x31,
0x66, 0x91, 0x9f, 0x79, 0xcd, 0x5b, 0xe5, 0x7b, 0x94, 0xa1, 0x91,
0x38, 0xac, 0xd4, 0x20, 0xa2, 0x10, 0xf0, 0xd5, 0x9d, 0xbf}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {
{32, {0x1e, 0xb8, 0xe1, 0xbf, 0xa1, 0x9e, 0x39, 0x1e, 0x58, 0xa2, 0xe6,
0x59, 0xd0, 0x1a, 0x6a, 0x03, 0x6a, 0x1f, 0x1c, 0x4f, 0x36, 0x19,
0xc1, 0xec, 0x30, 0xa4, 0x85, 0x1b, 0xe9, 0x74, 0x35, 0x66}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {
{32, {0xb9, 0xe6, 0xe3, 0x7e, 0xcb, 0xb9, 0xea, 0xf1, 0xcc, 0xf4, 0x48,
0x44, 0x4a, 0xda, 0xc8, 0xd7, 0x87, 0xb4, 0xba, 0x40, 0xfe, 0x5b,
0x68, 0x11, 0x14, 0xcf, 0xa0, 0x0e, 0x85, 0x46, 0x99, 0x01}}};
# endif // SHA384
# if ALG_SHA512_VALUE == DEFAULT_TEST_HASH
const TPM2B_EC_TEST c_TestEcDsa_r = {
{32, {0xc9, 0x71, 0xa6, 0xb4, 0xaf, 0x46, 0x26, 0x8c, 0x27, 0x00, 0x06,
0x3b, 0x00, 0x0f, 0xa3, 0x17, 0x72, 0x48, 0x40, 0x49, 0x4d, 0x51,
0x4f, 0xa4, 0xcb, 0x7e, 0x86, 0xe9, 0xe7, 0xb4, 0x79, 0xb2}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {
{32, {0x87, 0xbc, 0xc0, 0xed, 0x74, 0x60, 0x9e, 0xfa, 0x4e, 0xe8, 0x16,
0xf3, 0xf9, 0x6b, 0x26, 0x07, 0x3c, 0x74, 0x31, 0x7e, 0xf0, 0x62,
0x46, 0xdc, 0xd6, 0x45, 0x22, 0x47, 0x3e, 0x0c, 0xa0, 0x02}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {
{32, {0xcc, 0x07, 0xad, 0x65, 0x91, 0xdd, 0xa0, 0x10, 0x23, 0xae, 0x53,
0xec, 0xdf, 0xf1, 0x50, 0x90, 0x16, 0x96, 0xf4, 0x45, 0x09, 0x73,
0x9c, 0x84, 0xb5, 0x5c, 0x5f, 0x08, 0x51, 0xcb, 0x60, 0x01}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {
{32, {0x55, 0x20, 0x21, 0x54, 0xe2, 0x49, 0x07, 0x47, 0x71, 0xf4, 0x99,
0x15, 0x54, 0xf3, 0xab, 0x14, 0xdb, 0x8e, 0xda, 0x79, 0xb6, 0x02,
0x0e, 0xe3, 0x5e, 0x6f, 0x2c, 0xb6, 0x05, 0xbd, 0x14, 0x10}}};
# endif // SHA512
#endif // SELF_TEST_DATA

54
src/tpm2/EncryptDecrypt2_fp.h
View File

@ -59,41 +59,35 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 146 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef ENCRYPTDECRYPT2_FP_H
#define ENCRYPTDECRYPT2_FP_H
#if CC_EncryptDecrypt2 // Command must be enabled typedef struct {
TPMI_DH_OBJECT keyHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ENCRYPTDECRYPT2_FP_H_ TPM2B_MAX_BUFFER inData;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ENCRYPTDECRYPT2_FP_H_ TPMI_YES_NO decrypt;
TPMI_ALG_CIPHER_MODE mode;
// Input structure definition TPM2B_IV ivIn;
typedef struct
{
TPMI_DH_OBJECT keyHandle;
TPM2B_MAX_BUFFER inData;
TPMI_YES_NO decrypt;
TPMI_ALG_CIPHER_MODE mode;
TPM2B_IV ivIn;
} EncryptDecrypt2_In; } EncryptDecrypt2_In;
// Output structure definition #define RC_EncryptDecrypt2_keyHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_EncryptDecrypt2_inData (TPM_RC_P + TPM_RC_1)
{ #define RC_EncryptDecrypt2_decrypt (TPM_RC_P + TPM_RC_2)
TPM2B_MAX_BUFFER outData; #define RC_EncryptDecrypt2_mode (TPM_RC_P + TPM_RC_3)
TPM2B_IV ivOut; #define RC_EncryptDecrypt2_ivIn (TPM_RC_P + TPM_RC_4)
typedef struct {
TPM2B_MAX_BUFFER outData;
TPM2B_IV ivOut;
} EncryptDecrypt2_Out; } EncryptDecrypt2_Out;
// Response code modifiers
# define RC_EncryptDecrypt2_keyHandle (TPM_RC_H + TPM_RC_1)
# define RC_EncryptDecrypt2_inData (TPM_RC_P + TPM_RC_1)
# define RC_EncryptDecrypt2_decrypt (TPM_RC_P + TPM_RC_2)
# define RC_EncryptDecrypt2_mode (TPM_RC_P + TPM_RC_3)
# define RC_EncryptDecrypt2_ivIn (TPM_RC_P + TPM_RC_4)
// Function prototype
TPM_RC TPM_RC
TPM2_EncryptDecrypt2(EncryptDecrypt2_In* in, EncryptDecrypt2_Out* out); TPM2_EncryptDecrypt2(
EncryptDecrypt2_In *in, // IN: input parameter list
EncryptDecrypt2_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ENCRYPTDECRYPT2_FP_H_
#endif // CC_EncryptDecrypt2 #endif

54
src/tpm2/EncryptDecrypt_fp.h
View File

@ -59,41 +59,35 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef ENCRYPTDECRYPT_FP_H
#define ENCRYPTDECRYPT_FP_H
#if CC_EncryptDecrypt // Command must be enabled typedef struct {
TPMI_DH_OBJECT keyHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_ENCRYPTDECRYPT_FP_H_ TPMI_YES_NO decrypt;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_ENCRYPTDECRYPT_FP_H_ TPMI_ALG_CIPHER_MODE mode;
TPM2B_IV ivIn;
// Input structure definition TPM2B_MAX_BUFFER inData;
typedef struct
{
TPMI_DH_OBJECT keyHandle;
TPMI_YES_NO decrypt;
TPMI_ALG_CIPHER_MODE mode;
TPM2B_IV ivIn;
TPM2B_MAX_BUFFER inData;
} EncryptDecrypt_In; } EncryptDecrypt_In;
// Output structure definition #define RC_EncryptDecrypt_keyHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_EncryptDecrypt_decrypt (TPM_RC_P + TPM_RC_1)
{ #define RC_EncryptDecrypt_mode (TPM_RC_P + TPM_RC_2)
TPM2B_MAX_BUFFER outData; #define RC_EncryptDecrypt_ivIn (TPM_RC_P + TPM_RC_3)
TPM2B_IV ivOut; #define RC_EncryptDecrypt_inData (TPM_RC_P + TPM_RC_4)
typedef struct {
TPM2B_MAX_BUFFER outData;
TPM2B_IV ivOut;
} EncryptDecrypt_Out; } EncryptDecrypt_Out;
// Response code modifiers
# define RC_EncryptDecrypt_keyHandle (TPM_RC_H + TPM_RC_1)
# define RC_EncryptDecrypt_decrypt (TPM_RC_P + TPM_RC_1)
# define RC_EncryptDecrypt_mode (TPM_RC_P + TPM_RC_2)
# define RC_EncryptDecrypt_ivIn (TPM_RC_P + TPM_RC_3)
# define RC_EncryptDecrypt_inData (TPM_RC_P + TPM_RC_4)
// Function prototype
TPM_RC TPM_RC
TPM2_EncryptDecrypt(EncryptDecrypt_In* in, EncryptDecrypt_Out* out); TPM2_EncryptDecrypt(
EncryptDecrypt_In *in, // IN: input parameter list
EncryptDecrypt_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_ENCRYPTDECRYPT_FP_H_
#endif // CC_EncryptDecrypt #endif

146
src/tpm2/EncryptDecrypt_spt.c
View File

@ -59,132 +59,108 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* 7.7 Encrypt Decrypt Support (EncryptDecrypt_spt.c) */
#include "Tpm.h" #include "Tpm.h"
#include "EncryptDecrypt_fp.h" #include "EncryptDecrypt_fp.h"
#include "EncryptDecrypt_spt_fp.h" #include "EncryptDecrypt_spt_fp.h"
#if CC_EncryptDecrypt2 #if CC_EncryptDecrypt2
/* Error Returns Meaning */
/*(See part 3 specification) /* TPM_RC_KEY is not a symmetric decryption key with both public and private portions loaded */
// symmetric encryption or decryption /* TPM_RC_SIZE IvIn size is incompatible with the block cipher mode; or inData size is not an even
*/ multiple of the block size for CBC or ECB mode */
// Return Type: TPM_RC /* TPM_RC_VALUE keyHandle is restricted and the argument mode does not match the key's mode */
// TPM_RC_KEY is not a symmetric decryption key with both
// public and private portions loaded
// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode;
// or 'inData' size is not an even multiple of the block
// size for CBC or ECB mode
// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does
// not match the key's mode
TPM_RC TPM_RC
EncryptDecryptShared(TPMI_DH_OBJECT keyHandleIn, EncryptDecryptShared(
TPMI_YES_NO decryptIn, TPMI_DH_OBJECT keyHandleIn,
TPMI_ALG_SYM_MODE modeIn, TPMI_YES_NO decryptIn,
TPM2B_IV* ivIn, TPMI_ALG_SYM_MODE modeIn,
TPM2B_MAX_BUFFER* inData, TPM2B_IV *ivIn,
EncryptDecrypt_Out* out) TPM2B_MAX_BUFFER *inData,
EncryptDecrypt_Out *out
)
{ {
OBJECT* symKey; OBJECT *symKey;
UINT16 keySize; UINT16 keySize;
UINT16 blockSize; UINT16 blockSize;
BYTE* key; BYTE *key;
TPM_ALG_ID alg; TPM_ALG_ID alg;
TPM_ALG_ID mode; TPM_ALG_ID mode;
TPM_RC result; TPM_RC result;
BOOL OK; BOOL OK;
// Input Validation // Input Validation
symKey = HandleToObject(keyHandleIn); symKey = HandleToObject(keyHandleIn);
mode = symKey->publicArea.parameters.symDetail.sym.mode.sym; mode = symKey->publicArea.parameters.symDetail.sym.mode.sym;
// The input key should be a symmetric key // The input key should be a symmetric key
if(symKey->publicArea.type != TPM_ALG_SYMCIPHER) if(symKey->publicArea.type != TPM_ALG_SYMCIPHER)
return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle;
// The key must be unrestricted and allow the selected operation // The key must be unrestricted and allow the selected operation
OK = !IS_ATTRIBUTE(symKey->publicArea.objectAttributes, TPMA_OBJECT, restricted); OK = !IS_ATTRIBUTE(symKey->publicArea.objectAttributes,
TPMA_OBJECT, restricted);
if(YES == decryptIn) if(YES == decryptIn)
OK = OK OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes,
&& IS_ATTRIBUTE( TPMA_OBJECT, decrypt);
symKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt);
else else
OK = OK OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes,
&& IS_ATTRIBUTE(symKey->publicArea.objectAttributes, TPMA_OBJECT, sign); TPMA_OBJECT, sign);
if(!OK) if(!OK)
return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle; return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle;
// Make sure that key is an encrypt/decrypt key and not SMAC // Make sure that key is an encrypt/decrypt key and not SMAC
if(!CryptSymModeIsValid(mode, TRUE)) if(!CryptSymModeIsValid(mode, TRUE))
return TPM_RCS_MODE + RC_EncryptDecrypt_keyHandle; return TPM_RCS_MODE + RC_EncryptDecrypt_keyHandle;
// If the key mode is not TPM_ALG_NULL... // If the key mode is not TPM_ALG_NULL...
// or TPM_ALG_NULL // or TPM_ALG_NULL
if(mode != TPM_ALG_NULL) if(mode != TPM_ALG_NULL)
{ {
// then the input mode has to be TPM_ALG_NULL or the same as the key // then the input mode has to be TPM_ALG_NULL or the same as the key
if((modeIn != TPM_ALG_NULL) && (modeIn != mode)) if((modeIn != TPM_ALG_NULL) && (modeIn != mode))
return TPM_RCS_MODE + RC_EncryptDecrypt_mode; return TPM_RCS_MODE + RC_EncryptDecrypt_mode;
} }
else else
{ {
// if the key mode is null, then the input can't be null // if the key mode is null, then the input can't be null
if(modeIn == TPM_ALG_NULL) if(modeIn == TPM_ALG_NULL)
return TPM_RCS_MODE + RC_EncryptDecrypt_mode; return TPM_RCS_MODE + RC_EncryptDecrypt_mode;
mode = modeIn; mode = modeIn;
} }
// The input iv for ECB mode should be an Empty Buffer. All the other modes // The input iv for ECB mode should be an Empty Buffer. All the other modes
// should have an iv size same as encryption block size // should have an iv size same as encryption block size
keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym; keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym;
alg = symKey->publicArea.parameters.symDetail.sym.algorithm; alg = symKey->publicArea.parameters.symDetail.sym.algorithm;
blockSize = CryptGetSymmetricBlockSize(alg, keySize); blockSize = CryptGetSymmetricBlockSize(alg, keySize);
// reverify the algorithm. This is mainly to keep static analysis tools happy // reverify the algorithm. This is mainly to keep static analysis tools happy
if(blockSize == 0) if(blockSize == 0)
return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle;
if(((mode == TPM_ALG_ECB) && (ivIn->t.size != 0)) if(((mode == TPM_ALG_ECB) && (ivIn->t.size != 0))
|| ((mode != TPM_ALG_ECB) && (ivIn->t.size != blockSize))) || ((mode != TPM_ALG_ECB) && (ivIn->t.size != blockSize)))
return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn; return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn;
// The input data size of CBC mode or ECB mode must be an even multiple of // The input data size of CBC mode or ECB mode must be an even multiple of
// the symmetric algorithm's block size // the symmetric algorithm's block size
if(((mode == TPM_ALG_CBC) || (mode == TPM_ALG_ECB)) if(((mode == TPM_ALG_CBC) || (mode == TPM_ALG_ECB))
&& ((inData->t.size % blockSize) != 0)) && ((inData->t.size % blockSize) != 0))
return TPM_RCS_SIZE + RC_EncryptDecrypt_inData; return TPM_RCS_SIZE + RC_EncryptDecrypt_inData;
// Copy IV // Copy IV
// Note: This is copied here so that the calls to the encrypt/decrypt functions // Note: This is copied here so that the calls to the encrypt/decrypt functions
// will modify the output buffer, not the input buffer // will modify the output buffer, not the input buffer
out->ivOut = *ivIn; out->ivOut = *ivIn;
// Command Output // Command Output
key = symKey->sensitive.sensitive.sym.t.buffer; key = symKey->sensitive.sensitive.sym.t.buffer;
// For symmetric encryption, the cipher data size is the same as plain data // For symmetric encryption, the cipher data size is the same as plain data
// size. // size.
out->outData.t.size = inData->t.size; out->outData.t.size = inData->t.size;
if(decryptIn == YES) if(decryptIn == YES)
{ {
// Decrypt data to output // Decrypt data to output
result = CryptSymmetricDecrypt(out->outData.t.buffer, result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key,
alg, &(out->ivOut), mode, inData->t.size,
keySize, inData->t.buffer);
key, }
&(out->ivOut),
mode,
inData->t.size,
inData->t.buffer);
}
else else
{ {
// Encrypt data to output // Encrypt data to output
result = CryptSymmetricEncrypt(out->outData.t.buffer, result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key,
alg, &(out->ivOut), mode, inData->t.size,
keySize, inData->t.buffer);
key, }
&(out->ivOut),
mode,
inData->t.size,
inData->t.buffer);
}
return result; return result;
} }
#endif // CC_EncryptDecrypt
#endif // CC_EncryptDecrypt

36
src/tpm2/EncryptDecrypt_spt_fp.h
View File

@ -59,31 +59,17 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef ENCRYPTDECRYPT_SPT_FP_H
* Created by TpmPrototypes; Version 3.0 July 18, 2017 #define ENCRYPTDECRYPT_SPT_FP_H
* Date: Mar 28, 2019 Time: 08:25:18PM
*/
#ifndef _ENCRYPT_DECRYPT_SPT_FP_H_
#define _ENCRYPT_DECRYPT_SPT_FP_H_
#if CC_EncryptDecrypt2
// Return Type: TPM_RC
// TPM_RC_KEY is not a symmetric decryption key with both
// public and private portions loaded
// TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode;
// or 'inData' size is not an even multiple of the block
// size for CBC or ECB mode
// TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does
// not match the key's mode
TPM_RC TPM_RC
EncryptDecryptShared(TPMI_DH_OBJECT keyHandleIn, EncryptDecryptShared(
TPMI_YES_NO decryptIn, TPMI_DH_OBJECT keyHandleIn,
TPMI_ALG_SYM_MODE modeIn, TPMI_YES_NO decryptIn,
TPM2B_IV* ivIn, TPMI_ALG_SYM_MODE modeIn,
TPM2B_MAX_BUFFER* inData, TPM2B_IV *ivIn,
EncryptDecrypt_Out* out); TPM2B_MAX_BUFFER *inData,
#endif // CC_EncryptDecrypt EncryptDecrypt_Out *out
);
#endif // _ENCRYPT_DECRYPT_SPT_FP_H_ #endif

570
src/tpm2/Entity.c
View File

@ -78,133 +78,133 @@
// space to load it to RAM // space to load it to RAM
TPM_RC TPM_RC
EntityGetLoadStatus(COMMAND* command // IN/OUT: command parsing structure EntityGetLoadStatus(COMMAND* command // IN/OUT: command parsing structure
) )
{ {
UINT32 i; UINT32 i;
TPM_RC result = TPM_RC_SUCCESS; TPM_RC result = TPM_RC_SUCCESS;
// //
for(i = 0; i < command->handleNum; i++) for(i = 0; i < command->handleNum; i++)
{ {
TPM_HANDLE handle = command->handles[i]; TPM_HANDLE handle = command->handles[i];
switch(HandleGetType(handle)) switch(HandleGetType(handle))
{ {
// For handles associated with hierarchies, the entity is present // For handles associated with hierarchies, the entity is present
// only if the associated enable is SET. // only if the associated enable is SET.
case TPM_HT_PERMANENT: case TPM_HT_PERMANENT:
switch(handle) switch(handle)
{ {
// First handle non-hierarchy cases // First handle non-hierarchy cases
#if VENDOR_PERMANENT_AUTH_ENABLED == YES #if VENDOR_PERMANENT_AUTH_ENABLED == YES
case VENDOR_PERMANENT_AUTH_HANDLE: case VENDOR_PERMANENT_AUTH_HANDLE:
if(!gc.ehEnable) if(!gc.ehEnable)
result = TPM_RC_HIERARCHY; result = TPM_RC_HIERARCHY;
break; break;
#endif #endif
// PW session handle and lockout handle are always available // PW session handle and lockout handle are always available
case TPM_RS_PW: case TPM_RS_PW:
// Need to be careful for lockout. Lockout is always available // Need to be careful for lockout. Lockout is always available
// for policy checks but not always available when authValue // for policy checks but not always available when authValue
// is being checked. // is being checked.
case TPM_RH_LOCKOUT: case TPM_RH_LOCKOUT:
// Rather than have #ifdefs all over the code, // Rather than have #ifdefs all over the code,
// CASE_ACT_HANDLE is defined in ACT.h. It is 'case TPM_RH_ACT_x:' // CASE_ACT_HANDLE is defined in ACT.h. It is 'case TPM_RH_ACT_x:'
// FOR_EACH_ACT(CASE_ACT_HANDLE) creates a simple // FOR_EACH_ACT(CASE_ACT_HANDLE) creates a simple
// case TPM_RH_ACT_x: // for each of the implemented ACT. // case TPM_RH_ACT_x: // for each of the implemented ACT.
FOR_EACH_ACT(CASE_ACT_HANDLE) FOR_EACH_ACT(CASE_ACT_HANDLE)
break; break;
default: default:
// If the implementation has a manufacturer-specific value // If the implementation has a manufacturer-specific value
// then test for it here. Since this implementation does // then test for it here. Since this implementation does
// not have any, this implementation returns the same failure // not have any, this implementation returns the same failure
// that unmarshaling of a bad handle would produce. // that unmarshaling of a bad handle would produce.
if(((TPM_RH)handle >= TPM_RH_AUTH_00) if(((TPM_RH)handle >= TPM_RH_AUTH_00)
&& ((TPM_RH)handle <= TPM_RH_AUTH_FF)) && ((TPM_RH)handle <= TPM_RH_AUTH_FF))
// if the implementation has a manufacturer-specific value // if the implementation has a manufacturer-specific value
result = TPM_RC_VALUE; result = TPM_RC_VALUE;
else else
// The handle either refers to a hierarchy or is invalid. // The handle either refers to a hierarchy or is invalid.
result = ValidateHierarchy(handle); result = ValidateHierarchy(handle);
break; break;
} }
break; break;
case TPM_HT_TRANSIENT: case TPM_HT_TRANSIENT:
// For a transient object, check if the handle is associated // For a transient object, check if the handle is associated
// with a loaded object. // with a loaded object.
if(!IsObjectPresent(handle)) if(!IsObjectPresent(handle))
result = TPM_RC_REFERENCE_H0; result = TPM_RC_REFERENCE_H0;
break; break;
case TPM_HT_PERSISTENT: case TPM_HT_PERSISTENT:
// Persistent object // Persistent object
// Copy the persistent object to RAM and replace the handle with the // Copy the persistent object to RAM and replace the handle with the
// handle of the assigned slot. A TPM_RC_OBJECT_MEMORY, // handle of the assigned slot. A TPM_RC_OBJECT_MEMORY,
// TPM_RC_HIERARCHY or TPM_RC_REFERENCE_H0 error may be returned by // TPM_RC_HIERARCHY or TPM_RC_REFERENCE_H0 error may be returned by
// ObjectLoadEvict() // ObjectLoadEvict()
result = ObjectLoadEvict(&command->handles[i], command->index); result = ObjectLoadEvict(&command->handles[i], command->index);
break; break;
case TPM_HT_HMAC_SESSION: case TPM_HT_HMAC_SESSION:
// For an HMAC session, see if the session is loaded // For an HMAC session, see if the session is loaded
// and if the session in the session slot is actually // and if the session in the session slot is actually
// an HMAC session. // an HMAC session.
if(SessionIsLoaded(handle)) if(SessionIsLoaded(handle))
{ {
SESSION* session; SESSION* session;
session = SessionGet(handle); session = SessionGet(handle);
// Check if the session is a HMAC session // Check if the session is a HMAC session
if(session->attributes.isPolicy == SET) if(session->attributes.isPolicy == SET)
result = TPM_RC_HANDLE; result = TPM_RC_HANDLE;
} }
else else
result = TPM_RC_REFERENCE_H0; result = TPM_RC_REFERENCE_H0;
break; break;
case TPM_HT_POLICY_SESSION: case TPM_HT_POLICY_SESSION:
// For a policy session, see if the session is loaded // For a policy session, see if the session is loaded
// and if the session in the session slot is actually // and if the session in the session slot is actually
// a policy session. // a policy session.
if(SessionIsLoaded(handle)) if(SessionIsLoaded(handle))
{ {
SESSION* session; SESSION* session;
session = SessionGet(handle); session = SessionGet(handle);
// Check if the session is a policy session // Check if the session is a policy session
if(session->attributes.isPolicy == CLEAR) if(session->attributes.isPolicy == CLEAR)
result = TPM_RC_HANDLE; result = TPM_RC_HANDLE;
} }
else else
result = TPM_RC_REFERENCE_H0; result = TPM_RC_REFERENCE_H0;
break; break;
case TPM_HT_NV_INDEX: case TPM_HT_NV_INDEX:
// For an NV Index, use the TPM-specific routine // For an NV Index, use the TPM-specific routine
// to search the IN Index space. // to search the IN Index space.
result = NvIndexIsAccessible(handle); result = NvIndexIsAccessible(handle);
break; break;
case TPM_HT_PCR: case TPM_HT_PCR:
// Any PCR handle that is unmarshaled successfully referenced // Any PCR handle that is unmarshaled successfully referenced
// a PCR that is defined. // a PCR that is defined.
break; break;
#if CC_AC_Send #if CC_AC_Send
case TPM_HT_AC: case TPM_HT_AC:
// Use the TPM-specific routine to search for the AC // Use the TPM-specific routine to search for the AC
result = AcIsAccessible(handle); result = AcIsAccessible(handle);
break; break;
#endif #endif
case TPM_HT_EXTERNAL_NV: case TPM_HT_EXTERNAL_NV:
case TPM_HT_PERMANENT_NV: case TPM_HT_PERMANENT_NV:
// Not yet supported. // Not yet supported.
result = TPM_RC_VALUE; result = TPM_RC_VALUE;
break; break;
default: default:
// Any other handle type is a defect in the unmarshaling code. // Any other handle type is a defect in the unmarshaling code.
FAIL(FATAL_ERROR_INTERNAL); FAIL(FATAL_ERROR_INTERNAL);
break; break;
} }
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
{ {
if(result == TPM_RC_REFERENCE_H0) if(result == TPM_RC_REFERENCE_H0)
result = result + i; result = result + i;
else else
result = RcSafeAddToResult(result, TPM_RC_H + g_rcIndex[i]); result = RcSafeAddToResult(result, TPM_RC_H + g_rcIndex[i]);
break; break;
} }
} }
return result; return result;
} }
@ -221,96 +221,96 @@ EntityGetLoadStatus(COMMAND* command // IN/OUT: command parsing structure
UINT16 UINT16
EntityGetAuthValue(TPMI_DH_ENTITY handle, // IN: handle of entity EntityGetAuthValue(TPMI_DH_ENTITY handle, // IN: handle of entity
TPM2B_AUTH* auth // OUT: authValue of the entity TPM2B_AUTH* auth // OUT: authValue of the entity
) )
{ {
TPM2B_AUTH* pAuth = NULL; TPM2B_AUTH* pAuth = NULL;
auth->t.size = 0; auth->t.size = 0;
switch(HandleGetType(handle)) switch(HandleGetType(handle))
{ {
case TPM_HT_PERMANENT: case TPM_HT_PERMANENT:
{ {
switch(HierarchyNormalizeHandle(handle)) switch(HierarchyNormalizeHandle(handle))
{ {
case TPM_RH_OWNER: case TPM_RH_OWNER:
// ownerAuth for TPM_RH_OWNER // ownerAuth for TPM_RH_OWNER
pAuth = &gp.ownerAuth; pAuth = &gp.ownerAuth;
break; break;
case TPM_RH_ENDORSEMENT: case TPM_RH_ENDORSEMENT:
// endorsementAuth for TPM_RH_ENDORSEMENT // endorsementAuth for TPM_RH_ENDORSEMENT
pAuth = &gp.endorsementAuth; pAuth = &gp.endorsementAuth;
break; break;
// The ACT use platformAuth for auth // The ACT use platformAuth for auth
FOR_EACH_ACT(CASE_ACT_HANDLE) FOR_EACH_ACT(CASE_ACT_HANDLE)
case TPM_RH_PLATFORM: case TPM_RH_PLATFORM:
// platformAuth for TPM_RH_PLATFORM // platformAuth for TPM_RH_PLATFORM
pAuth = &gc.platformAuth; pAuth = &gc.platformAuth;
break; break;
case TPM_RH_LOCKOUT: case TPM_RH_LOCKOUT:
// lockoutAuth for TPM_RH_LOCKOUT // lockoutAuth for TPM_RH_LOCKOUT
pAuth = &gp.lockoutAuth; pAuth = &gp.lockoutAuth;
break; break;
case TPM_RH_NULL: case TPM_RH_NULL:
// nullAuth for TPM_RH_NULL. Return 0 directly here // nullAuth for TPM_RH_NULL. Return 0 directly here
return 0; return 0;
break; break;
#if VENDOR_PERMANENT_AUTH_ENABLED == YES #if VENDOR_PERMANENT_AUTH_ENABLED == YES
case VENDOR_PERMANENT_AUTH_HANDLE: case VENDOR_PERMANENT_AUTH_HANDLE:
// vendor authorization value // vendor authorization value
pAuth = &g_platformUniqueAuth; pAuth = &g_platformUniqueAuth;
#endif #endif
default: default:
// If any other permanent handle is present it is // If any other permanent handle is present it is
// a code defect. // a code defect.
FAIL(FATAL_ERROR_INTERNAL); FAIL(FATAL_ERROR_INTERNAL);
break; break;
} }
break; break;
} }
case TPM_HT_TRANSIENT: case TPM_HT_TRANSIENT:
// authValue for an object // authValue for an object
// A persistent object would have been copied into RAM // A persistent object would have been copied into RAM
// and would have an transient object handle here. // and would have an transient object handle here.
{ {
OBJECT* object; OBJECT* object;
object = HandleToObject(handle); object = HandleToObject(handle);
// special handling if this is a sequence object // special handling if this is a sequence object
if(ObjectIsSequence(object)) if(ObjectIsSequence(object))
{ {
pAuth = &((HASH_OBJECT*)object)->auth; pAuth = &((HASH_OBJECT*)object)->auth;
} }
else else
{ {
// Authorization is available only when the private portion of // Authorization is available only when the private portion of
// the object is loaded. The check should be made before // the object is loaded. The check should be made before
// this function is called // this function is called
pAssert(object->attributes.publicOnly == CLEAR); pAssert(object->attributes.publicOnly == CLEAR);
pAuth = &object->sensitive.authValue; pAuth = &object->sensitive.authValue;
} }
} }
break; break;
case TPM_HT_NV_INDEX: case TPM_HT_NV_INDEX:
// authValue for an NV index // authValue for an NV index
{ {
NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL);
pAssert(nvIndex != NULL); pAssert(nvIndex != NULL);
pAuth = &nvIndex->authValue; pAuth = &nvIndex->authValue;
} }
break; break;
case TPM_HT_PCR: case TPM_HT_PCR:
// authValue for PCR // authValue for PCR
pAuth = PCRGetAuthValue(handle); pAuth = PCRGetAuthValue(handle);
break; break;
default: default:
// If any other handle type is present here, then there is a defect // If any other handle type is present here, then there is a defect
// in the unmarshaling code. // in the unmarshaling code.
FAIL(FATAL_ERROR_INTERNAL); FAIL(FATAL_ERROR_INTERNAL);
break; break;
} }
// Copy the authValue // Copy the authValue
MemoryCopy2B((TPM2B*)auth, (TPM2B*)pAuth, sizeof(auth->t.buffer)); MemoryCopy2B((TPM2B*)auth, (TPM2B*)pAuth, sizeof(auth->t.buffer));
MemoryRemoveTrailingZeros(auth); MemoryRemoveTrailingZeros(auth);
@ -330,74 +330,74 @@ EntityGetAuthValue(TPMI_DH_ENTITY handle, // IN: handle of entity
TPMI_ALG_HASH TPMI_ALG_HASH
EntityGetAuthPolicy(TPMI_DH_ENTITY handle, // IN: handle of entity EntityGetAuthPolicy(TPMI_DH_ENTITY handle, // IN: handle of entity
TPM2B_DIGEST* authPolicy // OUT: authPolicy of the entity TPM2B_DIGEST* authPolicy // OUT: authPolicy of the entity
) )
{ {
TPMI_ALG_HASH hashAlg = TPM_ALG_NULL; TPMI_ALG_HASH hashAlg = TPM_ALG_NULL;
authPolicy->t.size = 0; authPolicy->t.size = 0;
switch(HandleGetType(handle)) switch(HandleGetType(handle))
{ {
case TPM_HT_PERMANENT: case TPM_HT_PERMANENT:
switch(HierarchyNormalizeHandle(handle)) switch(HierarchyNormalizeHandle(handle))
{ {
case TPM_RH_OWNER: case TPM_RH_OWNER:
// ownerPolicy for TPM_RH_OWNER // ownerPolicy for TPM_RH_OWNER
*authPolicy = gp.ownerPolicy; *authPolicy = gp.ownerPolicy;
hashAlg = gp.ownerAlg; hashAlg = gp.ownerAlg;
break; break;
case TPM_RH_ENDORSEMENT: case TPM_RH_ENDORSEMENT:
// endorsementPolicy for TPM_RH_ENDORSEMENT // endorsementPolicy for TPM_RH_ENDORSEMENT
*authPolicy = gp.endorsementPolicy; *authPolicy = gp.endorsementPolicy;
hashAlg = gp.endorsementAlg; hashAlg = gp.endorsementAlg;
break; break;
case TPM_RH_PLATFORM: case TPM_RH_PLATFORM:
// platformPolicy for TPM_RH_PLATFORM // platformPolicy for TPM_RH_PLATFORM
*authPolicy = gc.platformPolicy; *authPolicy = gc.platformPolicy;
hashAlg = gc.platformAlg; hashAlg = gc.platformAlg;
break; break;
case TPM_RH_LOCKOUT: case TPM_RH_LOCKOUT:
// lockoutPolicy for TPM_RH_LOCKOUT // lockoutPolicy for TPM_RH_LOCKOUT
*authPolicy = gp.lockoutPolicy; *authPolicy = gp.lockoutPolicy;
hashAlg = gp.lockoutAlg; hashAlg = gp.lockoutAlg;
break; break;
#define ACT_GET_POLICY(N) \ #define ACT_GET_POLICY(N) \
case TPM_RH_ACT_##N: \ case TPM_RH_ACT_##N: \
*authPolicy = go.ACT_##N.authPolicy; \ *authPolicy = go.ACT_##N.authPolicy; \
hashAlg = go.ACT_##N.hashAlg; \ hashAlg = go.ACT_##N.hashAlg; \
break; break;
// Get the policy for each implemented ACT // Get the policy for each implemented ACT
FOR_EACH_ACT(ACT_GET_POLICY) FOR_EACH_ACT(ACT_GET_POLICY)
default: default:
hashAlg = TPM_ALG_ERROR; hashAlg = TPM_ALG_ERROR;
break; break;
} }
break; break;
case TPM_HT_TRANSIENT: case TPM_HT_TRANSIENT:
// authPolicy for an object // authPolicy for an object
{ {
OBJECT* object = HandleToObject(handle); OBJECT* object = HandleToObject(handle);
*authPolicy = object->publicArea.authPolicy; *authPolicy = object->publicArea.authPolicy;
hashAlg = object->publicArea.nameAlg; hashAlg = object->publicArea.nameAlg;
} }
break; break;
case TPM_HT_NV_INDEX: case TPM_HT_NV_INDEX:
// authPolicy for a NV index // authPolicy for a NV index
{ {
NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL);
pAssert(nvIndex != 0); pAssert(nvIndex != 0);
*authPolicy = nvIndex->publicArea.authPolicy; *authPolicy = nvIndex->publicArea.authPolicy;
hashAlg = nvIndex->publicArea.nameAlg; hashAlg = nvIndex->publicArea.nameAlg;
} }
break; break;
case TPM_HT_PCR: case TPM_HT_PCR:
// authPolicy for a PCR // authPolicy for a PCR
hashAlg = PCRGetAuthPolicy(handle, authPolicy); hashAlg = PCRGetAuthPolicy(handle, authPolicy);
break; break;
default: default:
// If any other handle type is present it is a code defect. // If any other handle type is present it is a code defect.
FAIL(FATAL_ERROR_INTERNAL); FAIL(FATAL_ERROR_INTERNAL);
break; break;
} }
return hashAlg; return hashAlg;
} }
@ -405,31 +405,31 @@ EntityGetAuthPolicy(TPMI_DH_ENTITY handle, // IN: handle of entity
// This function returns the Name associated with a handle. // This function returns the Name associated with a handle.
TPM2B_NAME* EntityGetName(TPMI_DH_ENTITY handle, // IN: handle of entity TPM2B_NAME* EntityGetName(TPMI_DH_ENTITY handle, // IN: handle of entity
TPM2B_NAME* name // OUT: name of entity TPM2B_NAME* name // OUT: name of entity
) )
{ {
switch(HandleGetType(handle)) switch(HandleGetType(handle))
{ {
case TPM_HT_TRANSIENT: case TPM_HT_TRANSIENT:
{ {
// Name for an object // Name for an object
OBJECT* object = HandleToObject(handle); OBJECT* object = HandleToObject(handle);
// an object with no nameAlg has no name // an object with no nameAlg has no name
if(object->publicArea.nameAlg == TPM_ALG_NULL) if(object->publicArea.nameAlg == TPM_ALG_NULL)
name->b.size = 0; name->b.size = 0;
else else
*name = object->name; *name = object->name;
break; break;
} }
case TPM_HT_NV_INDEX: case TPM_HT_NV_INDEX:
// Name for a NV index // Name for a NV index
NvGetNameByIndexHandle(handle, name); NvGetNameByIndexHandle(handle, name);
break; break;
default: default:
// For all other types, the handle is the Name // For all other types, the handle is the Name
name->t.size = sizeof(TPM_HANDLE); name->t.size = sizeof(TPM_HANDLE);
UINT32_TO_BYTE_ARRAY(handle, name->t.name); UINT32_TO_BYTE_ARRAY(handle, name->t.name);
break; break;
} }
return name; return name;
} }
@ -441,77 +441,77 @@ TPM2B_NAME* EntityGetName(TPMI_DH_ENTITY handle, // IN: handle of entity
// c) An object handle belongs to its hierarchy. // c) An object handle belongs to its hierarchy.
TPMI_RH_HIERARCHY TPMI_RH_HIERARCHY
EntityGetHierarchy(TPMI_DH_ENTITY handle // IN :handle of entity EntityGetHierarchy(TPMI_DH_ENTITY handle // IN :handle of entity
) )
{ {
TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL; TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL;
switch(HandleGetType(handle)) switch(HandleGetType(handle))
{ {
case TPM_HT_PERMANENT: case TPM_HT_PERMANENT:
// hierarchy for a permanent handle // hierarchy for a permanent handle
if(HierarchyIsFirmwareLimited(handle) || HierarchyIsSvnLimited(handle)) if(HierarchyIsFirmwareLimited(handle) || HierarchyIsSvnLimited(handle))
{ {
hierarchy = handle; hierarchy = handle;
break; break;
} }
switch(handle) switch(handle)
{ {
case TPM_RH_PLATFORM: case TPM_RH_PLATFORM:
case TPM_RH_ENDORSEMENT: case TPM_RH_ENDORSEMENT:
case TPM_RH_NULL: case TPM_RH_NULL:
hierarchy = handle; hierarchy = handle;
break; break;
// all other permanent handles are associated with the owner // all other permanent handles are associated with the owner
// hierarchy. (should only be TPM_RH_OWNER and TPM_RH_LOCKOUT) // hierarchy. (should only be TPM_RH_OWNER and TPM_RH_LOCKOUT)
default: default:
hierarchy = TPM_RH_OWNER; hierarchy = TPM_RH_OWNER;
break; break;
} }
break; break;
case TPM_HT_NV_INDEX: case TPM_HT_NV_INDEX:
// hierarchy for NV index // hierarchy for NV index
{ {
NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL); NV_INDEX* nvIndex = NvGetIndexInfo(handle, NULL);
pAssert(nvIndex != NULL); pAssert(nvIndex != NULL);
// If only the platform can delete the index, then it is // If only the platform can delete the index, then it is
// considered to be in the platform hierarchy, otherwise it // considered to be in the platform hierarchy, otherwise it
// is in the owner hierarchy. // is in the owner hierarchy.
if(IS_ATTRIBUTE( if(IS_ATTRIBUTE(
nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE))
hierarchy = TPM_RH_PLATFORM; hierarchy = TPM_RH_PLATFORM;
else else
hierarchy = TPM_RH_OWNER; hierarchy = TPM_RH_OWNER;
} }
break; break;
case TPM_HT_TRANSIENT: case TPM_HT_TRANSIENT:
// hierarchy for an object // hierarchy for an object
{ {
OBJECT* object; OBJECT* object;
object = HandleToObject(handle); object = HandleToObject(handle);
if(object->attributes.ppsHierarchy) if(object->attributes.ppsHierarchy)
{ {
hierarchy = TPM_RH_PLATFORM; hierarchy = TPM_RH_PLATFORM;
} }
else if(object->attributes.epsHierarchy) else if(object->attributes.epsHierarchy)
{ {
hierarchy = TPM_RH_ENDORSEMENT; hierarchy = TPM_RH_ENDORSEMENT;
} }
else if(object->attributes.spsHierarchy) else if(object->attributes.spsHierarchy)
{ {
hierarchy = TPM_RH_OWNER; hierarchy = TPM_RH_OWNER;
} }
} }
break; break;
case TPM_HT_PCR: case TPM_HT_PCR:
hierarchy = TPM_RH_OWNER; hierarchy = TPM_RH_OWNER;
break; break;
default: default:
FAIL(FATAL_ERROR_INTERNAL); FAIL(FATAL_ERROR_INTERNAL);
break; break;
} }
// this is unreachable but it provides a return value for the default // this is unreachable but it provides a return value for the default
// case which makes the complier happy // case which makes the complier happy
return hierarchy; return hierarchy;

85
src/tpm2/Entity_fp.h
View File

@ -59,71 +59,32 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef ENTITY_FP_H
* Created by TpmPrototypes; Version 3.0 July 18, 2017 #define ENTITY_FP_H
* Date: Mar 7, 2020 Time: 07:19:36PM
*/
#ifndef _ENTITY_FP_H_
#define _ENTITY_FP_H_
//** Functions
//*** EntityGetLoadStatus()
// This function will check that all the handles access loaded entities.
// Return Type: TPM_RC
// TPM_RC_HANDLE handle type does not match
// TPM_RC_REFERENCE_Hx entity is not present
// TPM_RC_HIERARCHY entity belongs to a disabled hierarchy
// TPM_RC_OBJECT_MEMORY handle is an evict object but there is no
// space to load it to RAM
TPM_RC TPM_RC
EntityGetLoadStatus(COMMAND* command // IN/OUT: command parsing structure EntityGetLoadStatus(
); COMMAND *command // IN/OUT: command parsing structure
);
//*** EntityGetAuthValue()
// This function is used to access the 'authValue' associated with a handle.
// This function assumes that the handle references an entity that is accessible
// and the handle is not for a persistent objects. That is EntityGetLoadStatus()
// should have been called. Also, the accessibility of the authValue should have
// been verified by IsAuthValueAvailable().
//
// This function copies the authorization value of the entity to 'auth'.
// Return Type: UINT16
// count number of bytes in the authValue with 0's stripped
UINT16 UINT16
EntityGetAuthValue(TPMI_DH_ENTITY handle, // IN: handle of entity EntityGetAuthValue(
TPM2B_AUTH* auth // OUT: authValue of the entity TPMI_DH_ENTITY handle, // IN: handle of entity
); TPM2B_AUTH *auth // OUT: authValue of the entity
);
//*** EntityGetAuthPolicy()
// This function is used to access the 'authPolicy' associated with a handle.
// This function assumes that the handle references an entity that is accessible
// and the handle is not for a persistent objects. That is EntityGetLoadStatus()
// should have been called. Also, the accessibility of the authPolicy should have
// been verified by IsAuthPolicyAvailable().
//
// This function copies the authorization policy of the entity to 'authPolicy'.
//
// The return value is the hash algorithm for the policy.
TPMI_ALG_HASH TPMI_ALG_HASH
EntityGetAuthPolicy(TPMI_DH_ENTITY handle, // IN: handle of entity EntityGetAuthPolicy(
TPM2B_DIGEST* authPolicy // OUT: authPolicy of the entity TPMI_DH_ENTITY handle, // IN: handle of entity
); TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity
);
//*** EntityGetName() TPM2B_NAME *
// This function returns the Name associated with a handle. EntityGetName(
TPM2B_NAME* EntityGetName(TPMI_DH_ENTITY handle, // IN: handle of entity TPMI_DH_ENTITY handle, // IN: handle of entity
TPM2B_NAME* name // OUT: name of entity TPM2B_NAME *name // OUT: name of entity
); );
//*** EntityGetHierarchy()
// This function returns the hierarchy handle associated with an entity.
// a) A handle that is a hierarchy handle is associated with itself.
// b) An NV index belongs to TPM_RH_PLATFORM if TPMA_NV_PLATFORMCREATE,
// is SET, otherwise it belongs to TPM_RH_OWNER
// c) An object handle belongs to its hierarchy.
TPMI_RH_HIERARCHY TPMI_RH_HIERARCHY
EntityGetHierarchy(TPMI_DH_ENTITY handle // IN :handle of entity EntityGetHierarchy(
); TPMI_DH_ENTITY handle // IN :handle of entity
);
#endif // _ENTITY_FP_H_
#endif

158
src/tpm2/Entropy.c
View File

@ -59,8 +59,8 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
//** Includes and Local Values /* C.4 Entropy.c */
/* C.4.1. Includes and Local values*/
#define _CRT_RAND_S #define _CRT_RAND_S
#include <stdlib.h> #include <stdlib.h>
#include <memory.h> #include <memory.h>
@ -70,31 +70,31 @@
#include <time.h> #include <time.h>
#include "Platform.h" #include "Platform.h"
#if defined _MSC_VER || defined _MINGW // libtpms changed #if defined _MSC_VER || defined _MINGW
# include <process.h> #include <process.h>
#else #else
# include <unistd.h> #include <unistd.h>
#endif #endif
// This is the last 32-bits of hardware entropy produced. We have to check to /* This is the last 32-bits of hardware entropy produced. We have to check to see that two
// see that two consecutive 32-bit values are not the same because consecutive 32-bit values are not the same because (according to FIPS 140-2, annex C */
// according to FIPS 140-2, annex C: /* "If each call to a RNG produces blocks of n bits (where n > 15), the first n-bit block generated
// after power-up, initialization, or reset shall not be used, but shall be saved for comparison
// "If each call to an RNG produces blocks of n bits (where n > 15), the first with the next n-bit block to be generated. Each subsequent generation of an n-bit block shall be
// n-bit block generated after power-up, initialization, or reset shall not be compared with the previously generated block. The test shall fail if any two compared n-bit
// used, but shall be saved for comparison with the next n-bit block to be blocks are equal." */
// generated. Each subsequent generation of an n-bit block shall be compared with extern uint32_t lastEntropy;
// the previously generated block. The test shall fail if any two compared n-bit
// blocks are equal."
extern uint32_t lastEntropy;
//** Functions /* C.4.2. Functions */
/* C.4.2.1. rand32() */
/* Local function to get a 32-bit random number */
//*** rand32() static uint32_t
// Local function to get a 32-bit random number rand32(
static uint32_t rand32(void) void
)
{ {
uint32_t rndNum = rand(); uint32_t rndNum = rand();
#if RAND_MAX < UINT16_MAX #if RAND_MAX < UINT16_MAX
// If the maximum value of the random number is a 15-bit number, then shift it up // If the maximum value of the random number is a 15-bit number, then shift it up
// 15 bits, get 15 more bits, shift that up 2 and then XOR in another value to get // 15 bits, get 15 more bits, shift that up 2 and then XOR in another value to get
@ -111,20 +111,20 @@ static uint32_t rand32(void)
return rndNum; return rndNum;
} }
//*** _plat__GetEntropy() /* C.4.2.2 _plat__GetEntropy() */
// This function is used to get available hardware entropy. In a hardware /* This function is used to get available hardware entropy. In a hardware implementation of this
// implementation of this function, there would be no call to the system function, there would be no call to the system to get entropy. */
// to get entropy. /* Return Values Meaning */
// Return Type: int32_t /* < 0 hardware failure of the entropy generator, this is sticky */
// < 0 hardware failure of the entropy generator, this is sticky /* >= 0 the returned amount of entropy (bytes) */
// >= 0 the returned amount of entropy (bytes) LIB_EXPORT int32_t
// _plat__GetEntropy(
LIB_EXPORT int32_t _plat__GetEntropy(unsigned char* entropy, // output buffer unsigned char *entropy, // output buffer
uint32_t amount // amount requested uint32_t amount // amount requested
) )
{ {
uint32_t rndNum; uint32_t rndNum;
int32_t ret; int32_t ret;
// //
// libtpms added begin // libtpms added begin
if (amount > 0 && RAND_bytes(entropy, amount) == 1) if (amount > 0 && RAND_bytes(entropy, amount) == 1)
@ -133,53 +133,53 @@ LIB_EXPORT int32_t _plat__GetEntropy(unsigned char* entropy, // output buffer
// libtpms added end // libtpms added end
if(amount == 0) if(amount == 0)
{ {
// Seed the platform entropy source if the entropy source is software. There // Seed the platform entropy source if the entropy source is software. There is
// is no reason to put a guard macro (#if or #ifdef) around this code because // no reason to put a guard macro (#if or #ifdef) around this code because this
// this code would not be here if someone was changing it for a system with // code would not be here if someone was changing it for a system with actual
// actual hardware. // hardware.
// //
// NOTE 1: The following command does not provide proper cryptographic // NOTE 1: The following command does not provide proper cryptographic entropy.
// entropy. Its primary purpose to make sure that different instances of the // Its primary purpose to make sure that different instances of the simulator,
// simulator, possibly started by a script on the same machine, are seeded // possibly started by a script on the same machine, are seeded differently.
// differently. Vendors of the actual TPMs need to ensure availability of // Vendors of the actual TPMs need to ensure availability of proper entropy
// proper entropy using their platform-specific means. // using their platform specific means.
// //
// NOTE 2: In debug builds by default the reference implementation will seed // NOTE 2: In debug builds by default the reference implementation will seed
// its RNG deterministically (without using any platform provided randomness). // its RNG deterministically (without using any platform provided randomness).
// See the USE_DEBUG_RNG macro and DRBG_GetEntropy() function. // See the USE_DEBUG_RNG macro and DRBG_GetEntropy() function.
#if defined _MSC_VER || defined _MINGW // libtpms changed #if defined _MSC_VER || defined _MINGW
srand((unsigned)_plat__RealTime() ^ _getpid()); srand((unsigned)_plat__RealTime() ^ _getpid());
#else #else
srand((unsigned)_plat__RealTime() ^ getpid()); srand((unsigned)_plat__RealTime() ^ getpid());
#endif #endif
lastEntropy = rand32(); lastEntropy = rand32();
ret = 0; ret = 0;
} }
else else
{ {
rndNum = rand32(); rndNum = rand32();
if(rndNum == lastEntropy) if(rndNum == lastEntropy)
{ {
ret = -1; ret = -1;
} }
else else
{ {
lastEntropy = rndNum; lastEntropy = rndNum;
// Each process will have its random number generator initialized // Each process will have its random number generator initialized according
// according to the process id and the initialization time. This is not a // to the process id and the initialization time. This is not a lot of
// lot of entropy so, to add a bit more, XOR the current time value into // entropy so, to add a bit more, XOR the current time value into the
// the returned entropy value. // returned entropy value.
// NOTE: the reason for including the time here rather than have it in // NOTE: the reason for including the time here rather than have it in
// in the value assigned to lastEntropy is that rand() could be broken and // in the value assigned to lastEntropy is that rand() could be broken and
// using the time would in the lastEntropy value would hide this. // using the time would in the lastEntropy value would hide this.
rndNum ^= (uint32_t)_plat__RealTime(); rndNum ^= (uint32_t)_plat__RealTime();
// Only provide entropy 32 bits at a time to test the ability
// Only provide entropy 32 bits at a time to test the ability // of the caller to deal with partial results.
// of the caller to deal with partial results. ret = MIN(amount, sizeof(rndNum));
ret = MIN(amount, sizeof(rndNum)); memcpy(entropy, &rndNum, ret);
memcpy(entropy, &rndNum, ret); }
} }
}
return ret; return ret;
} }

45
src/tpm2/EventSequenceComplete_fp.h
View File

@ -59,37 +59,30 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef EVENTSEQUENCECOMPLETE_FP_H
#define EVENTSEQUENCECOMPLETE_FP_H
#if CC_EventSequenceComplete // Command must be enabled typedef struct {
TPMI_DH_PCR pcrHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_EVENTSEQUENCECOMPLETE_FP_H_ TPMI_DH_OBJECT sequenceHandle;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_EVENTSEQUENCECOMPLETE_FP_H_ TPM2B_MAX_BUFFER buffer;
// Input structure definition
typedef struct
{
TPMI_DH_PCR pcrHandle;
TPMI_DH_OBJECT sequenceHandle;
TPM2B_MAX_BUFFER buffer;
} EventSequenceComplete_In; } EventSequenceComplete_In;
// Output structure definition #define RC_EventSequenceComplete_pcrHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_EventSequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_2)
{ #define RC_EventSequenceComplete_buffer (TPM_RC_P + TPM_RC_1)
TPML_DIGEST_VALUES results;
typedef struct {
TPML_DIGEST_VALUES results;
} EventSequenceComplete_Out; } EventSequenceComplete_Out;
// Response code modifiers
# define RC_EventSequenceComplete_pcrHandle (TPM_RC_H + TPM_RC_1)
# define RC_EventSequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_2)
# define RC_EventSequenceComplete_buffer (TPM_RC_P + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_EventSequenceComplete(EventSequenceComplete_In* in, TPM2_EventSequenceComplete(
EventSequenceComplete_Out* out); EventSequenceComplete_In *in, // IN: input parameter list
EventSequenceComplete_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_EVENTSEQUENCECOMPLETE_FP_H_
#endif // CC_EventSequenceComplete #endif

34
src/tpm2/EvictControl_fp.h
View File

@ -59,30 +59,24 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef EVICTCONTROL_FP_H
#define EVICTCONTROL_FP_H
#if CC_EvictControl // Command must be enabled typedef struct {
TPMI_RH_PROVISION auth;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_EVICTCONTROL_FP_H_ TPMI_DH_OBJECT objectHandle;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_EVICTCONTROL_FP_H_ TPMI_DH_PERSISTENT persistentHandle;
// Input structure definition
typedef struct
{
TPMI_RH_PROVISION auth;
TPMI_DH_OBJECT objectHandle;
TPMI_DH_PERSISTENT persistentHandle;
} EvictControl_In; } EvictControl_In;
// Response code modifiers #define RC_EvictControl_auth (TPM_RC_H + TPM_RC_1)
# define RC_EvictControl_auth (TPM_RC_H + TPM_RC_1) #define RC_EvictControl_objectHandle (TPM_RC_H + TPM_RC_2)
# define RC_EvictControl_objectHandle (TPM_RC_H + TPM_RC_2) #define RC_EvictControl_persistentHandle (TPM_RC_P + TPM_RC_1)
# define RC_EvictControl_persistentHandle (TPM_RC_P + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_EvictControl(EvictControl_In* in); TPM2_EvictControl(
EvictControl_In *in // IN: input parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_EVICTCONTROL_FP_H_ #endif
#endif // CC_EvictControl

318
src/tpm2/ExecCommand.c
View File

@ -58,75 +58,59 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
//** Introduction /* 6.2 ExecCommand.c */
// /* This file contains the entry function ExecuteCommand() which provides the main control flow for
// This file contains the entry function ExecuteCommand() which provides the main TPM command execution. */
// control flow for TPM command execution.
//** Includes
#include "Tpm.h" #include "Tpm.h"
#include "Marshal.h" #include "ExecCommand_fp.h"
// TODO_RENAME_INC_FOLDER:platform_interface refers to the TPM_CoreLib platform interface
#include "ExecCommand_fp.h" // libtpms changed
// Uncomment this next #include if doing static command/response buffer sizing
// #include "CommandResponseSizes_fp.h"
#define TPM_HAVE_TPM2_DECLARATIONS #define TPM_HAVE_TPM2_DECLARATIONS
#include "tpm_library_intern.h" // libtpms added #include "tpm_library_intern.h" // libtpms added
//** ExecuteCommand() /* Uncomment this next #include if doing static command/response buffer sizing */
// // #include "CommandResponseSizes_fp.h"
// The function performs the following steps. // The function performs the following steps.
// // a) Parses the command header from input buffer.
// a) Parses the command header from input buffer. // b) Calls ParseHandleBuffer() to parse the handle area of the command.
// b) Calls ParseHandleBuffer() to parse the handle area of the command. // c) Validates that each of the handles references a loaded entity.
// c) Validates that each of the handles references a loaded entity. // d) Calls ParseSessionBuffer() () to:
// d) Calls ParseSessionBuffer () to: // 1) unmarshal and parse the session area;
// 1) unmarshal and parse the session area; // 2) check the authorizations; and
// 2) check the authorizations; and // 3) when necessary, decrypt a parameter.
// 3) when necessary, decrypt a parameter. // e) Calls CommandDispatcher() to:
// e) Calls CommandDispatcher() to: // 1) unmarshal the command parameters from the command buffer;
// 1) unmarshal the command parameters from the command buffer; // 2) call the routine that performs the command actions; and
// 2) call the routine that performs the command actions; and // 3) marshal the responses into the response buffer.
// 3) marshal the responses into the response buffer. // f) If any error occurs in any of the steps above create the error response and return.
// f) If any error occurs in any of the steps above create the error response // g) Calls BuildResponseSession() to:
// and return. // 1) when necessary, encrypt a parameter
// g) Calls BuildResponseSession() to: // 2) build the response authorization sessions
// 1) when necessary, encrypt a parameter // 3) update the audit sessions and nonces
// 2) build the response authorization sessions // h) Calls BuildResponseHeader() to complete the construction of the response.
// 3) update the audit sessions and nonces
// h) Calls BuildResponseHeader() to complete the construction of the response. // responseSize is set by the caller to the maximum number of bytes available in the output
// // buffer. ExecuteCommand() will adjust the value and return the number of bytes placed in
// 'responseSize' is set by the caller to the maximum number of bytes available in // the buffer.
// the output buffer. ExecuteCommand will adjust the value and return the number // response is also set by the caller to indicate the buffer into which ExecuteCommand() is
// of bytes placed in the buffer. // to place the response.
// // request and response may point to the same buffer
// 'response' is also set by the caller to indicate the buffer into which // NOTE: As of February, 2016, the failure processing has been moved to the platform-specific
// ExecuteCommand is to place the response. // code. When the TPM code encounters an unrecoverable failure, it will SET g_inFailureMode
// // and call _plat__Fail(). That function should not return but may call ExecuteCommand().
// 'request' and 'response' may point to the same buffer LIB_EXPORT void
// ExecuteCommand(
// Note: As of February, 2016, the failure processing has been moved to the uint32_t requestSize, // IN: command buffer size
// platform-specific code. When the TPM code encounters an unrecoverable failure, it unsigned char *request, // IN: command buffer
// will SET g_inFailureMode and call _plat__Fail(). That function should not return uint32_t *responseSize, // IN/OUT: response buffer size
// but may call ExecuteCommand(). unsigned char **response // IN/OUT: response buffer
// )
LIB_EXPORT void ExecuteCommand(
uint32_t requestSize, // IN: command buffer size
unsigned char* request, // IN: command buffer
uint32_t* responseSize, // IN/OUT: response buffer size
unsigned char** response // IN/OUT: response buffer
)
{ {
// Command local variables // Command local variables
UINT32 commandSize; UINT32 commandSize;
COMMAND command; COMMAND command;
// Response local variables // Response local variables
UINT32 maxResponse = *responseSize; UINT32 maxResponse = *responseSize;
TPM_RC result; // return code for the command TPM_RC result; // return code for the command
/* check for an unreasonably large command size, since it's cast to a signed integer later */ /* check for an unreasonably large command size, since it's cast to a signed integer later */
if (requestSize > INT32_MAX) { if (requestSize > INT32_MAX) {
@ -135,7 +119,7 @@ LIB_EXPORT void ExecuteCommand(
} }
// This next function call is used in development to size the command and response // This next function call is used in development to size the command and response
// buffers. The values printed are the sizes of the internal structures and // buffers. The values printed are the sizes of the internal structures and
// not the sizes of the canonical forms of the command response structures. Also, // not the sizes of the canonical forms of he command response structures. Also,
// the sizes do not include the tag, command.code, requestSize, or the authorization // the sizes do not include the tag, command.code, requestSize, or the authorization
// fields. // fields.
//CommandResponseSizes(); //CommandResponseSizes();
@ -143,14 +127,14 @@ LIB_EXPORT void ExecuteCommand(
// operation that may require a NV write. Note, that this needs to be done // operation that may require a NV write. Note, that this needs to be done
// even when in failure mode. Otherwise, g_updateNV would stay SET while in // even when in failure mode. Otherwise, g_updateNV would stay SET while in
// Failure mode and the NV would be written on each call. // Failure mode and the NV would be written on each call.
g_updateNV = UT_NONE; g_updateNV = UT_NONE;
g_clearOrderly = FALSE; g_clearOrderly = FALSE;
if(g_inFailureMode) if(g_inFailureMode)
{ {
// Do failure mode processing // Do failure mode processing
TpmFailureMode(requestSize, request, responseSize, response); TpmFailureMode(requestSize, request, responseSize, response);
return; return;
} }
// Query platform to get the NV state. The result state is saved internally // Query platform to get the NV state. The result state is saved internally
// and will be reported by NvIsAvailable(). The reference code requires that // and will be reported by NvIsAvailable(). The reference code requires that
// accessibility of NV does not change during the execution of a command. // accessibility of NV does not change during the execution of a command.
@ -158,36 +142,34 @@ LIB_EXPORT void ExecuteCommand(
// is not available later when it is necessary to write to NV, then the TPM // is not available later when it is necessary to write to NV, then the TPM
// will go into failure mode. // will go into failure mode.
NvCheckState(); NvCheckState();
// Due to the limitations of the simulation, TPM clock must be explicitly // Due to the limitations of the simulation, TPM clock must be explicitly
// synchronized with the system clock whenever a command is received. // synchronized with the system clock whenever a command is received.
// This function call is not necessary in a hardware TPM. However, taking // This function call is not necessary in a hardware TPM. However, taking
// a snapshot of the hardware timer at the beginning of the command allows // a snapshot of the hardware timer at the beginning of the command allows
// the time value to be consistent for the duration of the command execution. // the time value to be consistent for the duration of the command execution.
TimeUpdateToCurrent(); TimeUpdateToCurrent();
// Any command through this function will unceremoniously end the // Any command through this function will unceremoniously end the
// _TPM_Hash_Data/_TPM_Hash_End sequence. // _TPM_Hash_Data/_TPM_Hash_End sequence.
if(g_DRTMHandle != TPM_RH_UNASSIGNED) if(g_DRTMHandle != TPM_RH_UNASSIGNED)
ObjectTerminateEvent(); ObjectTerminateEvent();
// Get command buffer size and command buffer. // Get command buffer size and command buffer.
command.tag = 0; // libtpms added: Coverity command.tag = 0; // libtpms added: Coverity
command.parameterBuffer = request; command.parameterBuffer = request;
command.parameterSize = requestSize; command.parameterSize = requestSize;
// Parse command header: tag, commandSize and command.code. // Parse command header: tag, commandSize and command.code.
// First parse the tag. The unmarshaling routine will validate // First parse the tag. The unmarshaling routine will validate
// that it is either TPM_ST_SESSIONS or TPM_ST_NO_SESSIONS. // that it is either TPM_ST_SESSIONS or TPM_ST_NO_SESSIONS.
result = TPMI_ST_COMMAND_TAG_Unmarshal( result = TPMI_ST_COMMAND_TAG_Unmarshal(&command.tag,
&command.tag, &command.parameterBuffer, &command.parameterSize); &command.parameterBuffer,
&command.parameterSize);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
goto Cleanup; goto Cleanup;
// Unmarshal the commandSize indicator. // Unmarshal the commandSize indicator.
result = UINT32_Unmarshal( result = UINT32_Unmarshal(&commandSize,
&commandSize, &command.parameterBuffer, &command.parameterSize); &command.parameterBuffer,
&command.parameterSize);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
goto Cleanup; goto Cleanup;
// On a TPM that receives bytes on a port, the number of bytes that were // On a TPM that receives bytes on a port, the number of bytes that were
// received on that port is requestSize it must be identical to commandSize. // received on that port is requestSize it must be identical to commandSize.
// In addition, commandSize must not be larger than MAX_COMMAND_SIZE allowed // In addition, commandSize must not be larger than MAX_COMMAND_SIZE allowed
@ -196,158 +178,150 @@ LIB_EXPORT void ExecuteCommand(
// places them in the input buffer) would likely have the input truncated when // places them in the input buffer) would likely have the input truncated when
// it reaches MAX_COMMAND_SIZE, and requestSize would not equal commandSize. // it reaches MAX_COMMAND_SIZE, and requestSize would not equal commandSize.
if(commandSize != requestSize || commandSize > MAX_COMMAND_SIZE) if(commandSize != requestSize || commandSize > MAX_COMMAND_SIZE)
{ {
result = TPM_RC_COMMAND_SIZE; result = TPM_RC_COMMAND_SIZE;
goto Cleanup; goto Cleanup;
} }
// Unmarshal the command code. // Unmarshal the command code.
result = TPM_CC_Unmarshal( result = TPM_CC_Unmarshal(&command.code, &command.parameterBuffer,
&command.code, &command.parameterBuffer, &command.parameterSize); &command.parameterSize);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
goto Cleanup; goto Cleanup;
// Check to see if the command is implemented. // Check to see if the command is implemented.
command.index = CommandCodeToCommandIndex(command.code); command.index = CommandCodeToCommandIndex(command.code);
if(UNIMPLEMENTED_COMMAND_INDEX == command.index) if(UNIMPLEMENTED_COMMAND_INDEX == command.index)
{ {
result = TPM_RC_COMMAND_CODE; result = TPM_RC_COMMAND_CODE;
goto Cleanup; goto Cleanup;
} }
#if FIELD_UPGRADE_IMPLEMENTED == YES #if FIELD_UPGRADE_IMPLEMENTED == YES
// If the TPM is in FUM, then the only allowed command is // If the TPM is in FUM, then the only allowed command is
// TPM_CC_FieldUpgradeData. // TPM_CC_FieldUpgradeData.
if(IsFieldUgradeMode() && (command.code != TPM_CC_FieldUpgradeData)) if(IsFieldUgradeMode() && (command.code != TPM_CC_FieldUpgradeData))
{ {
result = TPM_RC_UPGRADE; result = TPM_RC_UPGRADE;
goto Cleanup; goto Cleanup;
} }
else else
#endif #endif
// Excepting FUM, the TPM only accepts TPM2_Startup() after // Excepting FUM, the TPM only accepts TPM2_Startup() after
// _TPM_Init. After getting a TPM2_Startup(), TPM2_Startup() // _TPM_Init. After getting a TPM2_Startup(), TPM2_Startup()
// is no longer allowed. // is no longer allowed.
if((!TPMIsStarted() && command.code != TPM_CC_Startup) if((!TPMIsStarted() && command.code != TPM_CC_Startup)
|| (TPMIsStarted() && command.code == TPM_CC_Startup)) || (TPMIsStarted() && command.code == TPM_CC_Startup))
{ {
result = TPM_RC_INITIALIZE; result = TPM_RC_INITIALIZE;
goto Cleanup; goto Cleanup;
} }
// Start regular command process. // Start regular command process.
NvIndexCacheInit(); NvIndexCacheInit();
// Parse Handle buffer. // Parse Handle buffer.
result = ParseHandleBuffer(&command); result = ParseHandleBuffer(&command);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
goto Cleanup; goto Cleanup;
// All handles in the handle area are required to reference TPM-resident // All handles in the handle area are required to reference TPM-resident
// entities. // entities.
result = EntityGetLoadStatus(&command); result = EntityGetLoadStatus(&command);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
goto Cleanup; goto Cleanup;
// Authorization session handling for the command. // Authorization session handling for the command.
ClearCpRpHashes(&command); ClearCpRpHashes(&command);
if(command.tag == TPM_ST_SESSIONS) if(command.tag == TPM_ST_SESSIONS)
{ {
// Find out session buffer size. // Find out session buffer size.
result = UINT32_Unmarshal((UINT32*)&command.authSize, result = UINT32_Unmarshal((UINT32 *)&command.authSize,
&command.parameterBuffer, &command.parameterBuffer,
&command.parameterSize); &command.parameterSize);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
goto Cleanup; goto Cleanup;
// Perform sanity check on the unmarshaled value. If it is smaller than // Perform sanity check on the unmarshaled value. If it is smaller than
// the smallest possible session or larger than the remaining size of // the smallest possible session or larger than the remaining size of
// the command, then it is an error. NOTE: This check could pass but the // the command, then it is an error. NOTE: This check could pass but the
// session size could still be wrong. That will be determined after the // session size could still be wrong. That will be determined after the
// sessions are unmarshaled. // sessions are unmarshaled.
if(command.authSize < 9 || command.authSize > command.parameterSize) if(command.authSize < 9
{ || command.authSize > command.parameterSize)
result = TPM_RC_SIZE; {
goto Cleanup; result = TPM_RC_SIZE;
} goto Cleanup;
command.parameterSize -= command.authSize; }
command.parameterSize -= command.authSize;
// The actions of ParseSessionBuffer() are described in the introduction. // The actions of ParseSessionBuffer() are described in the introduction.
// As the sessions are parsed command.parameterBuffer is advanced so, on a // As the sessions are parsed command.parameterBuffer is advanced so, on a
// successful return, command.parameterBuffer should be pointing at the // successful return, command.parameterBuffer should be pointing at the
// first byte of the parameters. // first byte of the parameters.
result = ParseSessionBuffer(&command); result = ParseSessionBuffer(&command);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
goto Cleanup; goto Cleanup;
} }
else else
{ {
command.authSize = 0; command.authSize = 0;
// The command has no authorization sessions. // The command has no authorization sessions.
// If the command requires authorizations, then CheckAuthNoSession() will // If the command requires authorizations, then CheckAuthNoSession() will
// return an error. // return an error.
result = CheckAuthNoSession(&command); result = CheckAuthNoSession(&command);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
goto Cleanup; goto Cleanup;
} }
// Set up the response buffer pointers. CommandDispatch will marshal the // Set up the response buffer pointers. CommandDispatch will marshal the
// response parameters starting at the address in command.responseBuffer. // response parameters starting at the address in command.responseBuffer.
//*response = MemoryGetResponseBuffer(command.index); // *response = MemoryGetResponseBuffer(command.index);
// leave space for the command header // leave space for the command header
command.responseBuffer = *response + STD_RESPONSE_HEADER; command.responseBuffer = *response + STD_RESPONSE_HEADER;
// leave space for the parameter size field if needed // leave space for the parameter size field if needed
if(command.tag == TPM_ST_SESSIONS) if(command.tag == TPM_ST_SESSIONS)
command.responseBuffer += sizeof(UINT32); command.responseBuffer += sizeof(UINT32);
if(IsHandleInResponse(command.index)) if(IsHandleInResponse(command.index))
command.responseBuffer += sizeof(TPM_HANDLE); command.responseBuffer += sizeof(TPM_HANDLE);
// CommandDispatcher returns a response handle buffer and a response parameter // CommandDispatcher returns a response handle buffer and a response parameter
// buffer if it succeeds. It will also set the parameterSize field in the // buffer if it succeeds. It will also set the parameterSize field in the
// buffer if the tag is TPM_RC_SESSIONS. // buffer if the tag is TPM_RC_SESSIONS.
result = CommandDispatcher(&command); result = CommandDispatcher(&command);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
goto Cleanup; goto Cleanup;
// Build the session area at the end of the parameter area. // Build the session area at the end of the parameter area.
result = BuildResponseSession(&command); result = BuildResponseSession(&command);
if(result != TPM_RC_SUCCESS) if(result != TPM_RC_SUCCESS)
{ {
goto Cleanup; goto Cleanup;
} }
Cleanup:
Cleanup: if(g_clearOrderly == TRUE
if(g_clearOrderly == TRUE && NV_IS_ORDERLY) && NV_IS_ORDERLY)
{ {
#if USE_DA_USED #if USE_DA_USED
gp.orderlyState = g_daUsed ? SU_DA_USED_VALUE : SU_NONE_VALUE; gp.orderlyState = g_daUsed ? SU_DA_USED_VALUE : SU_NONE_VALUE;
#else #else
gp.orderlyState = SU_NONE_VALUE; gp.orderlyState = SU_NONE_VALUE;
#endif #endif
NV_SYNC_PERSISTENT(orderlyState); NV_SYNC_PERSISTENT(orderlyState);
} }
// This implementation loads an "evict" object to a transient object slot in // This implementation loads an "evict" object to a transient object slot in
// RAM whenever an "evict" object handle is used in a command so that the // RAM whenever an "evict" object handle is used in a command so that the
// access to any object is the same. These temporary objects need to be // access to any object is the same. These temporary objects need to be
// cleared from RAM whether the command succeeds or fails. // cleared from RAM whether the command succeeds or fails.
ObjectCleanupEvict(); ObjectCleanupEvict();
// The parameters and sessions have been marshaled. Now tack on the header and // The parameters and sessions have been marshaled. Now tack on the header and
// set the sizes // set the sizes
BuildResponseHeader(&command, *response, result); BuildResponseHeader(&command, *response, result);
// Try to commit all the writes to NV if any NV write happened during this // Try to commit all the writes to NV if any NV write happened during this
// command execution. This check should be made for both succeeded and failed // command execution. This check should be made for both succeeded and failed
// commands, because a failed one may trigger a NV write in DA logic as well. // commands, because a failed one may trigger a NV write in DA logic as well.
// This is the only place in the command execution path that may call the NV // This is the only place in the command execution path that may call the NV
// commit. If the NV commit fails, the TPM should be put in failure mode. // commit. If the NV commit fails, the TPM should be put in failure mode.
if((g_updateNV != UT_NONE) && !g_inFailureMode) if((g_updateNV != UT_NONE) && !g_inFailureMode)
{ {
if(g_updateNV == UT_ORDERLY) if(g_updateNV == UT_ORDERLY)
NvUpdateIndexOrderlyData(); NvUpdateIndexOrderlyData();
if(!NvCommit()) if(!NvCommit())
FAIL(FATAL_ERROR_INTERNAL); FAIL(FATAL_ERROR_INTERNAL);
g_updateNV = UT_NONE; g_updateNV = UT_NONE;
} }
pAssert((UINT32)command.parameterSize <= maxResponse); pAssert((UINT32)command.parameterSize <= maxResponse);
// Clear unused bits in response buffer. // Clear unused bits in response buffer.
MemorySet(*response + *responseSize, 0, maxResponse - *responseSize); MemorySet(*response + *responseSize, 0, maxResponse - *responseSize);
// as a final act, and not before, update the response size. // as a final act, and not before, update the response size.
*responseSize = (UINT32)command.parameterSize; *responseSize = (UINT32)command.parameterSize;
return; return;
} }

61
src/tpm2/ExecCommand_fp.h
View File

@ -59,56 +59,15 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/*(Auto-generated) #ifndef EXECCOMMAND_FP_H
* Created by TpmPrototypes; Version 3.0 July 18, 2017 #define EXECCOMMAND_FP_H
* Date: Mar 28, 2019 Time: 08:25:19PM
*/
#ifndef _EXEC_COMMAND_FP_H_ LIB_EXPORT void
#define _EXEC_COMMAND_FP_H_ ExecuteCommand(
uint32_t requestSize, // IN: command buffer size
unsigned char *request, // IN: command buffer
uint32_t *responseSize, // IN/OUT: response buffer size
unsigned char **response // IN/OUT: response buffer
);
//** ExecuteCommand() #endif
//
// The function performs the following steps.
//
// a) Parses the command header from input buffer.
// b) Calls ParseHandleBuffer() to parse the handle area of the command.
// c) Validates that each of the handles references a loaded entity.
// d) Calls ParseSessionBuffer () to:
// 1) unmarshal and parse the session area;
// 2) check the authorizations; and
// 3) when necessary, decrypt a parameter.
// e) Calls CommandDispatcher() to:
// 1) unmarshal the command parameters from the command buffer;
// 2) call the routine that performs the command actions; and
// 3) marshal the responses into the response buffer.
// f) If any error occurs in any of the steps above create the error response
// and return.
// g) Calls BuildResponseSession() to:
// 1) when necessary, encrypt a parameter
// 2) build the response authorization sessions
// 3) update the audit sessions and nonces
// h) Calls BuildResponseHeader() to complete the construction of the response.
//
// 'responseSize' is set by the caller to the maximum number of bytes available in
// the output buffer. ExecuteCommand will adjust the value and return the number
// of bytes placed in the buffer.
//
// 'response' is also set by the caller to indicate the buffer into which
// ExecuteCommand is to place the response.
//
// 'request' and 'response' may point to the same buffer
//
// Note: As of February, 2016, the failure processing has been moved to the
// platform-specific code. When the TPM code encounters an unrecoverable failure, it
// will SET g_inFailureMode and call _plat__Fail(). That function should not return
// but may call ExecuteCommand().
//
LIB_EXPORT void ExecuteCommand(
uint32_t requestSize, // IN: command buffer size
unsigned char* request, // IN: command buffer
uint32_t* responseSize, // IN/OUT: response buffer size
unsigned char** response // IN/OUT: response buffer
);
#endif // _EXEC_COMMAND_FP_H_

8
src/tpm2/ExtraData.c
View File

@ -81,10 +81,10 @@
// manufacture and CLEAR. The buffer will contain the last value provided // manufacture and CLEAR. The buffer will contain the last value provided
// to the Core library. // to the Core library.
LIB_EXPORT void _plat__GetPlatformManufactureData(uint8_t* pPlatformPersistentData, LIB_EXPORT void _plat__GetPlatformManufactureData(uint8_t* pPlatformPersistentData,
uint32_t bufferSize) uint32_t bufferSize)
{ {
if(bufferSize != 0) if(bufferSize != 0)
{ {
memset((void*)pPlatformPersistentData, 0xFF, bufferSize); memset((void*)pPlatformPersistentData, 0xFF, bufferSize);
} }
} }

26
src/tpm2/FlushContext_fp.h
View File

@ -59,26 +59,20 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef FLUSHCONTEXT_FP_H
#define FLUSHCONTEXT_FP_H
#if CC_FlushContext // Command must be enabled typedef struct {
TPMI_DH_CONTEXT flushHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_FLUSHCONTEXT_FP_H_
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_FLUSHCONTEXT_FP_H_
// Input structure definition
typedef struct
{
TPMI_DH_CONTEXT flushHandle;
} FlushContext_In; } FlushContext_In;
// Response code modifiers #define RC_FlushContext_flushHandle (TPM_RC_P + TPM_RC_1)
# define RC_FlushContext_flushHandle (TPM_RC_P + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_FlushContext(FlushContext_In* in); TPM2_FlushContext(
FlushContext_In *in // IN: input parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_FLUSHCONTEXT_FP_H_ #endif
#endif // CC_FlushContext

45
src/tpm2/GetCapability_fp.h
View File

@ -59,37 +59,32 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef GETCAPABILITY_FP_H
#define GETCAPABILITY_FP_H
#if CC_GetCapability // Command must be enabled typedef struct {
TPM_CAP capability;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETCAPABILITY_FP_H_ UINT32 property;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETCAPABILITY_FP_H_ UINT32 propertyCount;
// Input structure definition
typedef struct
{
TPM_CAP capability;
UINT32 property;
UINT32 propertyCount;
} GetCapability_In; } GetCapability_In;
// Output structure definition #define RC_GetCapability_capability (TPM_RC_P + TPM_RC_1)
typedef struct #define RC_GetCapability_property (TPM_RC_P + TPM_RC_2)
{ #define RC_GetCapability_propertyCount (TPM_RC_P + TPM_RC_3)
TPMI_YES_NO moreData;
TPMS_CAPABILITY_DATA capabilityData; typedef struct {
TPMI_YES_NO moreData;
TPMS_CAPABILITY_DATA capabilityData;
} GetCapability_Out; } GetCapability_Out;
// Response code modifiers
# define RC_GetCapability_capability (TPM_RC_P + TPM_RC_1)
# define RC_GetCapability_property (TPM_RC_P + TPM_RC_2)
# define RC_GetCapability_propertyCount (TPM_RC_P + TPM_RC_3)
// Function prototype
TPM_RC TPM_RC
TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out); TPM2_GetCapability(
GetCapability_In *in, // IN: input parameter list
GetCapability_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETCAPABILITY_FP_H_
#endif // CC_GetCapability #endif

51
src/tpm2/GetCommandAuditDigest_fp.h
View File

@ -59,40 +59,33 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef GETCOMMANDAUDITDIGEST_FP_H
#define GETCOMMANDAUDITDIGEST_FP_H
#if CC_GetCommandAuditDigest // Command must be enabled typedef struct {
TPMI_RH_ENDORSEMENT privacyHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETCOMMANDAUDITDIGEST_FP_H_ TPMI_DH_OBJECT signHandle;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETCOMMANDAUDITDIGEST_FP_H_ TPM2B_DATA qualifyingData;
TPMT_SIG_SCHEME inScheme;
// Input structure definition
typedef struct
{
TPMI_RH_ENDORSEMENT privacyHandle;
TPMI_DH_OBJECT signHandle;
TPM2B_DATA qualifyingData;
TPMT_SIG_SCHEME inScheme;
} GetCommandAuditDigest_In; } GetCommandAuditDigest_In;
// Output structure definition #define RC_GetCommandAuditDigest_privacyHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_GetCommandAuditDigest_signHandle (TPM_RC_H + TPM_RC_2)
{ #define RC_GetCommandAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1)
TPM2B_ATTEST auditInfo; #define RC_GetCommandAuditDigest_inScheme (TPM_RC_P + TPM_RC_2)
TPMT_SIGNATURE signature;
typedef struct {
TPM2B_ATTEST auditInfo;
TPMT_SIGNATURE signature;
} GetCommandAuditDigest_Out; } GetCommandAuditDigest_Out;
// Response code modifiers
# define RC_GetCommandAuditDigest_privacyHandle (TPM_RC_H + TPM_RC_1)
# define RC_GetCommandAuditDigest_signHandle (TPM_RC_H + TPM_RC_2)
# define RC_GetCommandAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1)
# define RC_GetCommandAuditDigest_inScheme (TPM_RC_P + TPM_RC_2)
// Function prototype
TPM_RC TPM_RC
TPM2_GetCommandAuditDigest(GetCommandAuditDigest_In* in, TPM2_GetCommandAuditDigest(
GetCommandAuditDigest_Out* out); GetCommandAuditDigest_In *in, // IN: input parameter list
GetCommandAuditDigest_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETCOMMANDAUDITDIGEST_FP_H_
#endif // CC_GetCommandAuditDigest #endif

36
src/tpm2/GetRandom_fp.h
View File

@ -59,32 +59,26 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef GETRANDOM_FP_H
#define GETRANDOM_FP_H
#if CC_GetRandom // Command must be enabled typedef struct {
UINT16 bytesRequested;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETRANDOM_FP_H_
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETRANDOM_FP_H_
// Input structure definition
typedef struct
{
UINT16 bytesRequested;
} GetRandom_In; } GetRandom_In;
// Output structure definition #define RC_GetRandom_bytesRequested (TPM_RC_P + TPM_RC_1)
typedef struct
{ typedef struct {
TPM2B_DIGEST randomBytes; TPM2B_DIGEST randomBytes;
} GetRandom_Out; } GetRandom_Out;
// Response code modifiers
# define RC_GetRandom_bytesRequested (TPM_RC_P + TPM_RC_1)
// Function prototype
TPM_RC TPM_RC
TPM2_GetRandom(GetRandom_In* in, GetRandom_Out* out); TPM2_GetRandom(
GetRandom_In *in, // IN: input parameter list
GetRandom_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETRANDOM_FP_H_
#endif // CC_GetRandom #endif

55
src/tpm2/GetSessionAuditDigest_fp.h
View File

@ -59,42 +59,35 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef GETSESSIONAUDITDIGEST_FP_H
#define GETSESSIONAUDITDIGEST_FP_H
#if CC_GetSessionAuditDigest // Command must be enabled typedef struct {
TPMI_RH_ENDORSEMENT privacyAdminHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETSESSIONAUDITDIGEST_FP_H_ TPMI_DH_OBJECT signHandle;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETSESSIONAUDITDIGEST_FP_H_ TPMI_SH_HMAC sessionHandle;
TPM2B_DATA qualifyingData;
// Input structure definition TPMT_SIG_SCHEME inScheme;
typedef struct
{
TPMI_RH_ENDORSEMENT privacyAdminHandle;
TPMI_DH_OBJECT signHandle;
TPMI_SH_HMAC sessionHandle;
TPM2B_DATA qualifyingData;
TPMT_SIG_SCHEME inScheme;
} GetSessionAuditDigest_In; } GetSessionAuditDigest_In;
// Output structure definition #define RC_GetSessionAuditDigest_privacyAdminHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_GetSessionAuditDigest_signHandle (TPM_RC_H + TPM_RC_2)
{ #define RC_GetSessionAuditDigest_sessionHandle (TPM_RC_H + TPM_RC_3)
TPM2B_ATTEST auditInfo; #define RC_GetSessionAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1)
TPMT_SIGNATURE signature; #define RC_GetSessionAuditDigest_inScheme (TPM_RC_P + TPM_RC_2)
typedef struct {
TPM2B_ATTEST auditInfo;
TPMT_SIGNATURE signature;
} GetSessionAuditDigest_Out; } GetSessionAuditDigest_Out;
// Response code modifiers
# define RC_GetSessionAuditDigest_privacyAdminHandle (TPM_RC_H + TPM_RC_1)
# define RC_GetSessionAuditDigest_signHandle (TPM_RC_H + TPM_RC_2)
# define RC_GetSessionAuditDigest_sessionHandle (TPM_RC_H + TPM_RC_3)
# define RC_GetSessionAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1)
# define RC_GetSessionAuditDigest_inScheme (TPM_RC_P + TPM_RC_2)
// Function prototype
TPM_RC TPM_RC
TPM2_GetSessionAuditDigest(GetSessionAuditDigest_In* in, TPM2_GetSessionAuditDigest(
GetSessionAuditDigest_Out* out); GetSessionAuditDigest_In *in, // IN: input parameter list
GetSessionAuditDigest_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETSESSIONAUDITDIGEST_FP_H_
#endif // CC_GetSessionAuditDigest #endif

29
src/tpm2/GetTestResult_fp.h
View File

@ -59,24 +59,21 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef GETTESTRESULT_FP_H
#define GETTESTRESULT_FP_H
#if CC_GetTestResult // Command must be enabled typedef struct{
TPM2B_MAX_BUFFER outData;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETTESTRESULT_FP_H_ TPM_RC testResult;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETTESTRESULT_FP_H_
// Output structure definition
typedef struct
{
TPM2B_MAX_BUFFER outData;
TPM_RC testResult;
} GetTestResult_Out; } GetTestResult_Out;
// Function prototype
TPM_RC
TPM2_GetTestResult(GetTestResult_Out* out);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETTESTRESULT_FP_H_ TPM_RC
#endif // CC_GetTestResult TPM2_GetTestResult(
GetTestResult_Out *out // OUT: output parameter list
);
#endif

50
src/tpm2/GetTime_fp.h
View File

@ -59,39 +59,33 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef GETTIME_FP_H
#define GETTIME_FP_H
#if CC_GetTime // Command must be enabled typedef struct {
TPMI_RH_ENDORSEMENT privacyAdminHandle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETTIME_FP_H_ TPMI_DH_OBJECT signHandle;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETTIME_FP_H_ TPM2B_DATA qualifyingData;
TPMT_SIG_SCHEME inScheme;
// Input structure definition
typedef struct
{
TPMI_RH_ENDORSEMENT privacyAdminHandle;
TPMI_DH_OBJECT signHandle;
TPM2B_DATA qualifyingData;
TPMT_SIG_SCHEME inScheme;
} GetTime_In; } GetTime_In;
// Output structure definition #define RC_GetTime_privacyAdminHandle (TPM_RC_H + TPM_RC_1)
typedef struct #define RC_GetTime_signHandle (TPM_RC_H + TPM_RC_2)
{ #define RC_GetTime_qualifyingData (TPM_RC_P + TPM_RC_1)
TPM2B_ATTEST timeInfo; #define RC_GetTime_inScheme (TPM_RC_P + TPM_RC_2)
TPMT_SIGNATURE signature;
typedef struct {
TPM2B_ATTEST timeInfo;
TPMT_SIGNATURE signature;
} GetTime_Out; } GetTime_Out;
// Response code modifiers
# define RC_GetTime_privacyAdminHandle (TPM_RC_H + TPM_RC_1)
# define RC_GetTime_signHandle (TPM_RC_H + TPM_RC_2)
# define RC_GetTime_qualifyingData (TPM_RC_P + TPM_RC_1)
# define RC_GetTime_inScheme (TPM_RC_P + TPM_RC_2)
// Function prototype
TPM_RC TPM_RC
TPM2_GetTime(GetTime_In* in, GetTime_Out* out); TPM2_GetTime(
GetTime_In *in, // IN: input parameter list
GetTime_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_GETTIME_FP_H_
#endif // CC_GetTime #endif

50
src/tpm2/Global.c
View File

@ -92,17 +92,17 @@
// are all using consistent string values. // are all using consistent string values.
// each instance must define a different struct since the buffer sizes vary. // each instance must define a different struct since the buffer sizes vary.
#define TPM2B_STRING(name, value) \ #define TPM2B_STRING(name, value) \
typedef union name##_ \ typedef union name##_ \
{ \ { \
struct \ struct \
{ \ { \
UINT16 size; \ UINT16 size; \
BYTE buffer[sizeof(value)]; \ BYTE buffer[sizeof(value)]; \
} t; \ } t; \
TPM2B b; \ TPM2B b; \
} TPM2B_##name##_; \ } TPM2B_##name##_; \
const TPM2B_##name##_ name##_data = {{sizeof(value), {value}}}; \ const TPM2B_##name##_ name##_data = {{sizeof(value), {value}}}; \
const TPM2B* name = &name##_data.b const TPM2B* name = &name##_data.b
TPM2B_STRING(PRIMARY_OBJECT_CREATION, "Primary Object Creation"); TPM2B_STRING(PRIMARY_OBJECT_CREATION, "Primary Object Creation");
@ -127,19 +127,19 @@ TPM2B_STRING(OAEP_TEST_STRING, "OAEP Test Value");
//*** g_rcIndex[] //*** g_rcIndex[]
const UINT16 g_rcIndex[15] = {TPM_RC_1, const UINT16 g_rcIndex[15] = {TPM_RC_1,
TPM_RC_2, TPM_RC_2,
TPM_RC_3, TPM_RC_3,
TPM_RC_4, TPM_RC_4,
TPM_RC_5, TPM_RC_5,
TPM_RC_6, TPM_RC_6,
TPM_RC_7, TPM_RC_7,
TPM_RC_8, TPM_RC_8,
TPM_RC_9, TPM_RC_9,
TPM_RC_A, TPM_RC_A,
TPM_RC_B, TPM_RC_B,
TPM_RC_C, TPM_RC_C,
TPM_RC_D, TPM_RC_D,
TPM_RC_E, TPM_RC_E,
TPM_RC_F}; TPM_RC_F};
BOOL g_manufactured = FALSE; BOOL g_manufactured = FALSE;

362
src/tpm2/Global.h
View File

@ -58,7 +58,6 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
//** Description //** Description
// This file contains internal global type definitions and data declarations that // This file contains internal global type definitions and data declarations that
@ -158,36 +157,36 @@ typedef struct
{ {
#if LITTLE_ENDIAN_TPM == YES /* libtpms added */ #if LITTLE_ENDIAN_TPM == YES /* libtpms added */
unsigned publicOnly : 1; //0) SET if only the public portion of unsigned publicOnly : 1; //0) SET if only the public portion of
// an object is loaded // an object is loaded
unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS
// Hierarchy // Hierarchy
unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS
// Hierarchy // Hierarchy
unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS
// Hierarchy // Hierarchy
unsigned evict : 1; //4) SET if the object is a platform or unsigned evict : 1; //4) SET if the object is a platform or
// owner evict object. Platform- // owner evict object. Platform-
// evict object belongs to PPS // evict object belongs to PPS
// hierarchy, owner-evict object // hierarchy, owner-evict object
// belongs to SPS or EPS hierarchy. // belongs to SPS or EPS hierarchy.
// This bit is also used to mark a // This bit is also used to mark a
// completed sequence object so it // completed sequence object so it
// will be flush when the // will be flush when the
// SequenceComplete command succeeds. // SequenceComplete command succeeds.
unsigned primary : 1; //5) SET for a primary object unsigned primary : 1; //5) SET for a primary object
unsigned temporary : 1; //6) SET for a temporary object unsigned temporary : 1; //6) SET for a temporary object
unsigned stClear : 1; //7) SET for an stClear object unsigned stClear : 1; //7) SET for an stClear object
unsigned hmacSeq : 1; //8) SET for an HMAC or MAC sequence unsigned hmacSeq : 1; //8) SET for an HMAC or MAC sequence
// object // object
unsigned hashSeq : 1; //9) SET for a hash sequence object unsigned hashSeq : 1; //9) SET for a hash sequence object
unsigned eventSeq : 1; //10) SET for an event sequence object unsigned eventSeq : 1; //10) SET for an event sequence object
unsigned ticketSafe : 1; //11) SET if a ticket is safe to create unsigned ticketSafe : 1; //11) SET if a ticket is safe to create
// for hash sequence object // for hash sequence object
unsigned firstBlock : 1; //12) SET if the first block of hash unsigned firstBlock : 1; //12) SET if the first block of hash
// data has been received. It // data has been received. It
// works with ticketSafe bit // works with ticketSafe bit
unsigned isParent : 1; //13) SET if the key has the proper unsigned isParent : 1; //13) SET if the key has the proper
// attributes to be a parent key // attributes to be a parent key
unsigned privateExp : 1; //14) SET when the private exponent // libtpms: keep unsigned privateExp : 1; //14) SET when the private exponent // libtpms: keep
// // of an RSA key has been validated. // // of an RSA key has been validated.
#if 0 // lbtpms added #if 0 // lbtpms added
@ -254,21 +253,18 @@ typedef struct OBJECT
#endif // libtpms added end #endif // libtpms added end
TPM2B_NAME qualifiedName; // object qualified name TPM2B_NAME qualifiedName; // object qualified name
TPMI_DH_OBJECT evictHandle; // if the object is an evict object, TPMI_DH_OBJECT evictHandle; // if the object is an evict object,
// the original handle is kept here. // the original handle is kept here.
// The 'working' handle will be the // The 'working' handle will be the
// handle of an object slot. // handle of an object slot.
TPM2B_NAME name; // Name of the object name. Kept here TPM2B_NAME name; // Name of the object name. Kept here
// to avoid repeatedly computing it. // to avoid repeatedly computing it.
TPMI_RH_HIERARCHY hierarchy; // Hierarchy for the object. While the TPMI_RH_HIERARCHY hierarchy; // Hierarchy for the object. While the
// base hierarchy can be deduced from // base hierarchy can be deduced from
// 'attributes', if the hierarchy is // 'attributes', if the hierarchy is
// firmware-bound or SVN-bound then // firmware-bound or SVN-bound then
// this field carries additional metadata // this field carries additional metadata
// needed to derive the proof value for // needed to derive the proof value for
// the object. // the object.
#if __LONG_WIDTH__ == 32
UINT8 _pad1[4]; /* 32 bit targets need padding */
#endif
// libtpms added: SEED_COMPAT_LEVEL to use for deriving child keys // libtpms added: SEED_COMPAT_LEVEL to use for deriving child keys
SEED_COMPAT_LEVEL seedCompatLevel; SEED_COMPAT_LEVEL seedCompatLevel;
@ -293,13 +289,13 @@ typedef struct HASH_OBJECT
TPMI_ALG_PUBLIC type; // algorithm TPMI_ALG_PUBLIC type; // algorithm
TPMI_ALG_HASH nameAlg; // name algorithm TPMI_ALG_HASH nameAlg; // name algorithm
TPMA_OBJECT objectAttributes; // object attributes TPMA_OBJECT objectAttributes; // object attributes
// The data below is unique to a sequence object // The data below is unique to a sequence object
TPM2B_AUTH auth; // authorization for use of sequence TPM2B_AUTH auth; // authorization for use of sequence
union union
{ {
HASH_STATE hashState[HASH_COUNT]; HASH_STATE hashState[HASH_COUNT];
HMAC_STATE hmacState; HMAC_STATE hmacState;
} state; } state;
} HASH_OBJECT; } HASH_OBJECT;
@ -437,46 +433,46 @@ typedef struct SESSION
{ {
SESSION_ATTRIBUTES attributes; // session attributes SESSION_ATTRIBUTES attributes; // session attributes
UINT32 pcrCounter; // PCR counter value when PCR is UINT32 pcrCounter; // PCR counter value when PCR is
// included (policy session) // included (policy session)
// If no PCR is included, this // If no PCR is included, this
// value is 0. // value is 0.
UINT64 startTime; // The value in g_time when the session UINT64 startTime; // The value in g_time when the session
// was started (policy session) // was started (policy session)
UINT64 timeout; // The timeout relative to g_time UINT64 timeout; // The timeout relative to g_time
// There is no timeout if this value // There is no timeout if this value
// is 0. // is 0.
CLOCK_NONCE epoch; // The g_clockEpoch value when the CLOCK_NONCE epoch; // The g_clockEpoch value when the
// session was started. If g_clockEpoch // session was started. If g_clockEpoch
// does not match this value when the // does not match this value when the
// timeout is used, then // timeout is used, then
// then the command will fail. // then the command will fail.
TPM_CC commandCode; // command code (policy session) TPM_CC commandCode; // command code (policy session)
TPM_ALG_ID authHashAlg; // session hash algorithm TPM_ALG_ID authHashAlg; // session hash algorithm
TPMA_LOCALITY commandLocality; // command locality (policy session) TPMA_LOCALITY commandLocality; // command locality (policy session)
TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any) TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any)
TPM2B_AUTH sessionKey; // session secret value used for TPM2B_AUTH sessionKey; // session secret value used for
// this session // this session
TPM2B_NONCE nonceTPM; // last TPM-generated nonce for TPM2B_NONCE nonceTPM; // last TPM-generated nonce for
// generating HMAC and encryption keys // generating HMAC and encryption keys
union union
{ {
TPM2B_NAME boundEntity; // value used to track the entity to TPM2B_NAME boundEntity; // value used to track the entity to
// which the session is bound // which the session is bound
TPM2B_DIGEST cpHash; // the required cpHash value for the TPM2B_DIGEST cpHash; // the required cpHash value for the
// command being authorized // command being authorized
TPM2B_DIGEST nameHash; // the required nameHash TPM2B_DIGEST nameHash; // the required nameHash
TPM2B_DIGEST templateHash; // the required template for creation TPM2B_DIGEST templateHash; // the required template for creation
TPM2B_DIGEST pHash; // the required parameter hash value for the TPM2B_DIGEST pHash; // the required parameter hash value for the
// command being authorized // command being authorized
} u1; } u1;
union union
{ {
TPM2B_DIGEST auditDigest; // audit session digest TPM2B_DIGEST auditDigest; // audit session digest
TPM2B_DIGEST policyDigest; // policyHash TPM2B_DIGEST policyDigest; // policyHash
} u2; // audit log and policyHash may } u2; // audit log and policyHash may
// share space to save memory // share space to save memory
} SESSION; } SESSION;
# define EXPIRES_ON_RESET INT32_MIN # define EXPIRES_ON_RESET INT32_MIN
@ -500,7 +496,7 @@ typedef BYTE SESSION_BUF[sizeof(SESSION)];
typedef struct PCR_SAVE typedef struct PCR_SAVE
{ {
FOR_EACH_HASH(PCR_SAVE_SPACE) FOR_EACH_HASH(PCR_SAVE_SPACE)
// This counter increments whenever the PCR are updated. // This counter increments whenever the PCR are updated.
// NOTE: A platform-specific specification may designate // NOTE: A platform-specific specification may designate
// certain PCR changes as not causing this counter // certain PCR changes as not causing this counter
@ -532,11 +528,11 @@ typedef struct PCR_AUTH_VALUE
// This enumeration is the possible startup types. The type is determined // This enumeration is the possible startup types. The type is determined
// by the combination of TPM2_ShutDown and TPM2_Startup. // by the combination of TPM2_ShutDown and TPM2_Startup.
typedef enum typedef enum
{ {
SU_RESET, SU_RESET,
SU_RESTART, SU_RESTART,
SU_RESUME SU_RESUME
} STARTUP_TYPE; } STARTUP_TYPE;
//**NV //**NV
@ -798,15 +794,15 @@ typedef struct
// data provided by the platform library during manufacturing. // data provided by the platform library during manufacturing.
// Opaque to the TPM Core library, but may be used by the platform library. // Opaque to the TPM Core library, but may be used by the platform library.
BYTE platformReserved[PERSISTENT_DATA_PLATFORM_SPACE]; BYTE platformReserved[PERSISTENT_DATA_PLATFORM_SPACE];
//********************************************************************************* //*********************************************************************************
// Hierarchy // Hierarchy
//********************************************************************************* //*********************************************************************************
// The values in this section are related to the hierarchies. // The values in this section are related to the hierarchies.
BOOL disableClear; // TRUE if TPM2_Clear() using BOOL disableClear; // TRUE if TPM2_Clear() using
// lockoutAuth is disabled // lockoutAuth is disabled
// Hierarchy authPolicies // Hierarchy authPolicies
TPMI_ALG_HASH ownerAlg; TPMI_ALG_HASH ownerAlg;
TPMI_ALG_HASH endorsementAlg; TPMI_ALG_HASH endorsementAlg;
@ -814,12 +810,12 @@ typedef struct
TPM2B_DIGEST ownerPolicy; TPM2B_DIGEST ownerPolicy;
TPM2B_DIGEST endorsementPolicy; TPM2B_DIGEST endorsementPolicy;
TPM2B_DIGEST lockoutPolicy; TPM2B_DIGEST lockoutPolicy;
// Hierarchy authValues // Hierarchy authValues
TPM2B_AUTH ownerAuth; TPM2B_AUTH ownerAuth;
TPM2B_AUTH endorsementAuth; TPM2B_AUTH endorsementAuth;
TPM2B_AUTH lockoutAuth; TPM2B_AUTH lockoutAuth;
// Primary Seeds // Primary Seeds
TPM2B_SEED EPSeed; TPM2B_SEED EPSeed;
TPM2B_SEED SPSeed; TPM2B_SEED SPSeed;
@ -829,13 +825,13 @@ typedef struct
SEED_COMPAT_LEVEL SPSeedCompatLevel; SEED_COMPAT_LEVEL SPSeedCompatLevel;
SEED_COMPAT_LEVEL PPSeedCompatLevel; // libtpms added end SEED_COMPAT_LEVEL PPSeedCompatLevel; // libtpms added end
// Note there is a nullSeed in the state_reset memory. // Note there is a nullSeed in the state_reset memory.
// Hierarchy proofs // Hierarchy proofs
TPM2B_PROOF phProof; TPM2B_PROOF phProof;
TPM2B_PROOF shProof; TPM2B_PROOF shProof;
TPM2B_PROOF ehProof; TPM2B_PROOF ehProof;
// Note there is a nullProof in the state_reset memory. // Note there is a nullProof in the state_reset memory.
//********************************************************************************* //*********************************************************************************
// Reset Events // Reset Events
//********************************************************************************* //*********************************************************************************
@ -844,28 +840,28 @@ typedef struct
// manufacture process. It is used to invalidate all saved contexts after a TPM // manufacture process. It is used to invalidate all saved contexts after a TPM
// Reset. // Reset.
UINT64 totalResetCount; UINT64 totalResetCount;
// This counter increments on each TPM Reset. The counter is reset by // This counter increments on each TPM Reset. The counter is reset by
// TPM2_Clear(). // TPM2_Clear().
UINT32 resetCount; UINT32 resetCount;
//********************************************************************************* //*********************************************************************************
// PCR // PCR
//********************************************************************************* //*********************************************************************************
// This structure hold the policies for those PCR that have an update policy. // This structure hold the policies for those PCR that have an update policy.
// This implementation only supports a single group of PCR controlled by // This implementation only supports a single group of PCR controlled by
// policy. If more are required, then this structure would be changed to // policy. If more are required, then this structure would be changed to
// an array. // an array.
# if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 # if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0
PCR_POLICY pcrPolicies; PCR_POLICY pcrPolicies;
# endif # endif
// This structure indicates the allocation of PCR. The structure contains a // This structure indicates the allocation of PCR. The structure contains a
// list of PCR allocations for each implemented algorithm. If no PCR are // list of PCR allocations for each implemented algorithm. If no PCR are
// allocated for an algorithm, a list entry still exists but the bit map // allocated for an algorithm, a list entry still exists but the bit map
// will contain no SET bits. // will contain no SET bits.
TPML_PCR_SELECTION pcrAllocated; TPML_PCR_SELECTION pcrAllocated;
//********************************************************************************* //*********************************************************************************
// Physical Presence // Physical Presence
//********************************************************************************* //*********************************************************************************
@ -876,41 +872,41 @@ typedef struct
// //
// These bits may be changed with TPM2_PP_Commands(). // These bits may be changed with TPM2_PP_Commands().
BYTE ppList[(COMMAND_COUNT + 7) / 8]; BYTE ppList[(COMMAND_COUNT + 7) / 8];
//********************************************************************************* //*********************************************************************************
// Dictionary attack values // Dictionary attack values
//********************************************************************************* //*********************************************************************************
// These values are used for dictionary attack tracking and control. // These values are used for dictionary attack tracking and control.
UINT32 failedTries; // the current count of unexpired UINT32 failedTries; // the current count of unexpired
// authorization failures // authorization failures
UINT32 maxTries; // number of unexpired authorization UINT32 maxTries; // number of unexpired authorization
// failures before the TPM is in // failures before the TPM is in
// lockout // lockout
UINT32 recoveryTime; // time between authorization failures UINT32 recoveryTime; // time between authorization failures
// before failedTries is decremented // before failedTries is decremented
UINT32 lockoutRecovery; // time that must expire between UINT32 lockoutRecovery; // time that must expire between
// authorization failures associated // authorization failures associated
// with lockoutAuth // with lockoutAuth
BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is
// allowed // allowed
//***************************************************************************** //*****************************************************************************
// Orderly State // Orderly State
//***************************************************************************** //*****************************************************************************
// The orderly state for current cycle // The orderly state for current cycle
TPM_SU orderlyState; TPM_SU orderlyState;
//***************************************************************************** //*****************************************************************************
// Command audit values. // Command audit values.
//***************************************************************************** //*****************************************************************************
BYTE auditCommands[((COMMAND_COUNT + 1) + 7) / 8]; BYTE auditCommands[((COMMAND_COUNT + 1) + 7) / 8];
TPMI_ALG_HASH auditHashAlg; TPMI_ALG_HASH auditHashAlg;
UINT64 auditCounter; UINT64 auditCounter;
//***************************************************************************** //*****************************************************************************
// Algorithm selection // Algorithm selection
//***************************************************************************** //*****************************************************************************
@ -918,7 +914,7 @@ typedef struct
// The 'algorithmSet' value indicates the collection of algorithms that are // The 'algorithmSet' value indicates the collection of algorithms that are
// currently in used on the TPM. The interpretation of value is vendor dependent. // currently in used on the TPM. The interpretation of value is vendor dependent.
UINT32 algorithmSet; UINT32 algorithmSet;
//***************************************************************************** //*****************************************************************************
// Firmware version // Firmware version
//***************************************************************************** //*****************************************************************************
@ -928,26 +924,26 @@ typedef struct
// is consistent with vendor needs. The values are maintained in RAM for simplified // is consistent with vendor needs. The values are maintained in RAM for simplified
// access with a master version in NV. These values are modified in a // access with a master version in NV. These values are modified in a
// vendor-specific way. // vendor-specific way.
// g_firmwareV1 contains the more significant 32-bits of the vendor version number. // g_firmwareV1 contains the more significant 32-bits of the vendor version number.
// In the reference implementation, if this value is printed as a hex // In the reference implementation, if this value is printed as a hex
// value, it will have the format of YYYYMMDD // value, it will have the format of YYYYMMDD
UINT32 firmwareV1; UINT32 firmwareV1;
// g_firmwareV1 contains the less significant 32-bits of the vendor version number. // g_firmwareV1 contains the less significant 32-bits of the vendor version number.
// In the reference implementation, if this value is printed as a hex // In the reference implementation, if this value is printed as a hex
// value, it will have the format of 00 HH MM SS // value, it will have the format of 00 HH MM SS
UINT32 firmwareV2; UINT32 firmwareV2;
//***************************************************************************** //*****************************************************************************
// Timer Epoch // Timer Epoch
//***************************************************************************** //*****************************************************************************
// timeEpoch contains a nonce that has a vendor=specific size (should not be // timeEpoch contains a nonce that has a vendor=specific size (should not be
// less than 8 bytes. This nonce changes when the clock epoch changes. The clock // less than 8 bytes. This nonce changes when the clock epoch changes. The clock
// epoch changes when there is a discontinuity in the timing of the TPM. // epoch changes when there is a discontinuity in the timing of the TPM.
# if !CLOCK_STOPS # if !CLOCK_STOPS
CLOCK_NONCE timeEpoch; CLOCK_NONCE timeEpoch;
# endif # endif
} PERSISTENT_DATA; } PERSISTENT_DATA;
EXTERN PERSISTENT_DATA gp; EXTERN PERSISTENT_DATA gp;
@ -963,18 +959,18 @@ typedef struct orderly_data
//***************************************************************************** //*****************************************************************************
// TIME // TIME
//***************************************************************************** //*****************************************************************************
// Clock has two parts. One is the state save part and one is the NV part. The // Clock has two parts. One is the state save part and one is the NV part. The
// state save version is updated on each command. When the clock rolls over, the // state save version is updated on each command. When the clock rolls over, the
// NV version is updated. When the TPM starts up, if the TPM was shutdown in and // NV version is updated. When the TPM starts up, if the TPM was shutdown in and
// orderly way, then the sClock value is used to initialize the clock. If the // orderly way, then the sClock value is used to initialize the clock. If the
// TPM shutdown was not orderly, then the persistent value is used and the safe // TPM shutdown was not orderly, then the persistent value is used and the safe
// attribute is clear. // attribute is clear.
UINT64 clock; // The orderly version of clock UINT64 clock; // The orderly version of clock
TPMI_YES_NO clockSafe; // Indicates if the clock value is TPMI_YES_NO clockSafe; // Indicates if the clock value is
// safe. // safe.
// In many implementations, the quality of the entropy available is not that // In many implementations, the quality of the entropy available is not that
// high. To compensate, the current value of the drbgState can be saved and // high. To compensate, the current value of the drbgState can be saved and
// restored on each power cycle. This prevents the internal state from reverting // restored on each power cycle. This prevents the internal state from reverting
@ -982,31 +978,31 @@ typedef struct orderly_data
// of entropy. By keeping the old state and adding entropy, the entropy will // of entropy. By keeping the old state and adding entropy, the entropy will
// accumulate. // accumulate.
DRBG_STATE drbgState; DRBG_STATE drbgState;
// These values allow the accumulation of self-healing time across orderly shutdown // These values allow the accumulation of self-healing time across orderly shutdown
// of the TPM. // of the TPM.
# if ACCUMULATE_SELF_HEAL_TIMER # if ACCUMULATE_SELF_HEAL_TIMER
UINT64 selfHealTimer; // current value of s_selfHealTimer UINT64 selfHealTimer; // current value of s_selfHealTimer
UINT64 lockoutTimer; // current value of s_lockoutTimer UINT64 lockoutTimer; // current value of s_lockoutTimer
UINT64 time; // current value of g_time at shutdown UINT64 time; // current value of g_time at shutdown
# endif // ACCUMULATE_SELF_HEAL_TIMER # endif // ACCUMULATE_SELF_HEAL_TIMER
#ifndef __ACT_DISABLED // libtpms added #ifndef __ACT_DISABLED // libtpms added
#error ACT not supported in ORDERLY_DATA! #error ACT not supported in ORDERLY_DATA!
// These are the ACT Timeout values. They are saved with the other timers // These are the ACT Timeout values. They are saved with the other timers
# define DefineActData(N) ACT_STATE ACT_##N; # define DefineActData(N) ACT_STATE ACT_##N;
FOR_EACH_ACT(DefineActData) FOR_EACH_ACT(DefineActData)
// this is the 'signaled' attribute data for all the ACT. It is done this way so // this is the 'signaled' attribute data for all the ACT. It is done this way so
// that they can be manipulated by ACT number rather than having to access a // that they can be manipulated by ACT number rather than having to access a
// structure. // structure.
UINT16 signaledACT; UINT16 signaledACT;
UINT16 preservedSignaled; UINT16 preservedSignaled;
# if ORDERLY_DATA_PADDING != 0 # if ORDERLY_DATA_PADDING != 0
BYTE reserved[ORDERLY_DATA_PADDING]; BYTE reserved[ORDERLY_DATA_PADDING];
# endif # endif
#endif // libtpms added #endif // libtpms added
} ORDERLY_DATA; } ORDERLY_DATA;
@ -1043,27 +1039,27 @@ typedef struct state_clear_data
TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL
TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer
TPM2B_AUTH platformAuth; // default reset is an Empty Buffer TPM2B_AUTH platformAuth; // default reset is an Empty Buffer
//***************************************************************************** //*****************************************************************************
// PCR // PCR
//***************************************************************************** //*****************************************************************************
// The set of PCR to be saved on Shutdown(STATE) // The set of PCR to be saved on Shutdown(STATE)
PCR_SAVE pcrSave; // default reset is 0...0 PCR_SAVE pcrSave; // default reset is 0...0
// This structure hold the authorization values for those PCR that have an // This structure hold the authorization values for those PCR that have an
// update authorization. // update authorization.
// This implementation only supports a single group of PCR controlled by // This implementation only supports a single group of PCR controlled by
// authorization. If more are required, then this structure would be changed to // authorization. If more are required, then this structure would be changed to
// an array. // an array.
PCR_AUTHVALUE pcrAuthValues; PCR_AUTHVALUE pcrAuthValues;
#ifndef __ACT_DISABLED // libtpms added #ifndef __ACT_DISABLED // libtpms added
//***************************************************************************** //*****************************************************************************
// ACT // ACT
//***************************************************************************** //*****************************************************************************
# define DefineActPolicySpace(N) TPMT_HA act_##N; # define DefineActPolicySpace(N) TPMT_HA act_##N;
FOR_EACH_ACT(DefineActPolicySpace) FOR_EACH_ACT(DefineActPolicySpace)
# if STATE_CLEAR_DATA_PADDING != 0 # if STATE_CLEAR_DATA_PADDING != 0
BYTE reserved[STATE_CLEAR_DATA_PADDING]; BYTE reserved[STATE_CLEAR_DATA_PADDING];
# endif # endif
@ -1090,14 +1086,14 @@ typedef struct state_reset_data
// Hierarchy Control // Hierarchy Control
//***************************************************************************** //*****************************************************************************
TPM2B_PROOF nullProof; // The proof value associated with TPM2B_PROOF nullProof; // The proof value associated with
// the TPM_RH_NULL hierarchy. The // the TPM_RH_NULL hierarchy. The
// default reset value is from the RNG. // default reset value is from the RNG.
TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL
// hierarchy. The default reset value
// is from the RNG.
SEED_COMPAT_LEVEL nullSeedCompatLevel; // libtpms added SEED_COMPAT_LEVEL nullSeedCompatLevel; // libtpms added
// hierarchy. The default reset value
// is from the RNG.
//***************************************************************************** //*****************************************************************************
// Context // Context
//***************************************************************************** //*****************************************************************************
@ -1108,21 +1104,21 @@ typedef struct state_reset_data
// If 'clearCount' is at its maximum value when the TPM receives a Shutdown(STATE), // If 'clearCount' is at its maximum value when the TPM receives a Shutdown(STATE),
// the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR). // the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR).
UINT32 clearCount; // The default reset value is 0. UINT32 clearCount; // The default reset value is 0.
UINT64 objectContextID; // This is the context ID for a saved UINT64 objectContextID; // This is the context ID for a saved
// object context. The default reset // object context. The default reset
// value is 0. // value is 0.
CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS]; // This array contains CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS]; // This array contains
// contains the values used to track // contains the values used to track
// the version numbers of saved // the version numbers of saved
// contexts (see // contexts (see
// Session.c in for details). The // Session.c in for details). The
// default reset value is {0}. // default reset value is {0}.
CONTEXT_COUNTER contextCounter; // This is the value from which the CONTEXT_COUNTER contextCounter; // This is the value from which the
// 'contextID' is derived. The // 'contextID' is derived. The
// default reset value is {0}. // default reset value is {0}.
//***************************************************************************** //*****************************************************************************
// Command Audit // Command Audit
//***************************************************************************** //*****************************************************************************
@ -1131,18 +1127,18 @@ typedef struct state_reset_data
// TPM will extend the cpHash and rpHash for the command to this value. If this // TPM will extend the cpHash and rpHash for the command to this value. If this
// digest was the Zero Digest before the cpHash was extended, the audit counter // digest was the Zero Digest before the cpHash was extended, the audit counter
// is incremented. // is incremented.
TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest
// by TPM2_GetCommandAuditDigest() or a // by TPM2_GetCommandAuditDigest() or a
// TPM Reset. // TPM Reset.
//***************************************************************************** //*****************************************************************************
// Boot counter // Boot counter
//***************************************************************************** //*****************************************************************************
UINT32 restartCount; // This counter counts TPM Restarts. UINT32 restartCount; // This counter counts TPM Restarts.
// The default reset value is 0. // The default reset value is 0.
//********************************************************************************* //*********************************************************************************
// PCR // PCR
//********************************************************************************* //*********************************************************************************
@ -1154,25 +1150,25 @@ typedef struct state_reset_data
// NOTE: A platform-specific specification may designate that certain PCR changes // NOTE: A platform-specific specification may designate that certain PCR changes
// do not increment this counter to increment. // do not increment this counter to increment.
UINT32 pcrCounter; // The default reset value is 0. UINT32 pcrCounter; // The default reset value is 0.
# if ALG_ECC # if ALG_ECC
//***************************************************************************** //*****************************************************************************
// ECDAA // ECDAA
//***************************************************************************** //*****************************************************************************
UINT64 commitCounter; // This counter increments each time UINT64 commitCounter; // This counter increments each time
// TPM2_Commit() returns // TPM2_Commit() returns
// TPM_RC_SUCCESS. The default reset // TPM_RC_SUCCESS. The default reset
// value is 0. // value is 0.
TPM2B_NONCE commitNonce; // This random value is used to compute TPM2B_NONCE commitNonce; // This random value is used to compute
// the commit values. The default reset // the commit values. The default reset
// value is from the RNG. // value is from the RNG.
// This implementation relies on the number of bits in g_commitArray being a // This implementation relies on the number of bits in g_commitArray being a
// power of 2 (8, 16, 32, 64, etc.) and no greater than 64K. // power of 2 (8, 16, 32, 64, etc.) and no greater than 64K.
BYTE commitArray[16]; // The default reset value is {0}. BYTE commitArray[16]; // The default reset value is {0}.
# endif // ALG_ECC # endif // ALG_ECC
# if STATE_RESET_DATA_PADDING != 0 # if STATE_RESET_DATA_PADDING != 0
BYTE reserved[STATE_RESET_DATA_PADDING]; BYTE reserved[STATE_RESET_DATA_PADDING];
@ -1226,14 +1222,14 @@ EXTERN CONTEXT_SLOT s_ContextSlotMask;
//** Global Macro Definitions //** Global Macro Definitions
// The NV_READ_PERSISTENT and NV_WRITE_PERSISTENT macros are used to access members // The NV_READ_PERSISTENT and NV_WRITE_PERSISTENT macros are used to access members
// of the PERSISTENT_DATA structure in NV. // of the PERSISTENT_DATA structure in NV.
# define NV_READ_PERSISTENT(to, from) \ # define NV_READ_PERSISTENT(to, from) \
NvRead(&to, offsetof(PERSISTENT_DATA, from), sizeof(to)) NvRead(&to, offsetof(PERSISTENT_DATA, from), sizeof(to))
# define NV_WRITE_PERSISTENT(to, from) \ # define NV_WRITE_PERSISTENT(to, from) \
NvWrite(offsetof(PERSISTENT_DATA, to), sizeof(gp.to), &from) NvWrite(offsetof(PERSISTENT_DATA, to), sizeof(gp.to), &from)
# define CLEAR_PERSISTENT(item) \ # define CLEAR_PERSISTENT(item) \
NvClearPersistent(offsetof(PERSISTENT_DATA, item), sizeof(gp.item)) NvClearPersistent(offsetof(PERSISTENT_DATA, item), sizeof(gp.item))
# define NV_SYNC_PERSISTENT(item) NV_WRITE_PERSISTENT(item, gp.item) # define NV_SYNC_PERSISTENT(item) NV_WRITE_PERSISTENT(item, gp.item)
@ -1249,9 +1245,9 @@ typedef struct _COMMAND_FLAGS_
{ {
#if LITTLE_ENDIAN_TPM == YES /* libtpms added */ #if LITTLE_ENDIAN_TPM == YES /* libtpms added */
unsigned trialPolicy : 1; //1) If SET, one of the handles references a unsigned trialPolicy : 1; //1) If SET, one of the handles references a
// trial policy and authorization may be // trial policy and authorization may be
// skipped. This is only allowed for a policy // skipped. This is only allowed for a policy
// command. // command.
unsigned reserved : 31; //2-31) /* libtpms added begin */ unsigned reserved : 31; //2-31) /* libtpms added begin */
#endif #endif
#if BIG_ENDIAN_TPM == YES #if BIG_ENDIAN_TPM == YES
@ -1277,20 +1273,20 @@ typedef struct COMMAND
TPM_CC code; // the parsed command code TPM_CC code; // the parsed command code
COMMAND_INDEX index; // the computed command index COMMAND_INDEX index; // the computed command index
UINT32 handleNum; // the number of entity handles in the UINT32 handleNum; // the number of entity handles in the
// handle area of the command // handle area of the command
TPM_HANDLE handles[MAX_HANDLE_NUM]; // the parsed handle values TPM_HANDLE handles[MAX_HANDLE_NUM]; // the parsed handle values
UINT32 sessionNum; // the number of sessions found UINT32 sessionNum; // the number of sessions found
INT32 parameterSize; // starts out with the parsed command size INT32 parameterSize; // starts out with the parsed command size
// and is reduced and values are // and is reduced and values are
// unmarshaled. Just before calling the // unmarshaled. Just before calling the
// command actions, this should be zero. // command actions, this should be zero.
// After the command actions, this number // After the command actions, this number
// should grow as values are marshaled // should grow as values are marshaled
// in to the response buffer. // in to the response buffer.
INT32 authSize; // this is initialized with the parsed size INT32 authSize; // this is initialized with the parsed size
// of authorizationSize field and should // of authorizationSize field and should
// be zero when the authorizations are // be zero when the authorizations are
// parsed. // parsed.
BYTE* parameterBuffer; // input to ExecuteCommand BYTE* parameterBuffer; // input to ExecuteCommand
BYTE* responseBuffer; // input to ExecuteCommand BYTE* responseBuffer; // input to ExecuteCommand
FOR_EACH_HASH(CP_HASH) // space for the CP hashes FOR_EACH_HASH(CP_HASH) // space for the CP hashes
@ -1502,7 +1498,7 @@ EXTERN int s_freeSessionSlots;
// dispatch code will marshal the response values into the final output buffer. // dispatch code will marshal the response values into the final output buffer.
EXTERN UINT64 s_actionIoBuffer[768]; // action I/O buffer EXTERN UINT64 s_actionIoBuffer[768]; // action I/O buffer
EXTERN UINT32 s_actionIoAllocation; // number of UIN64 allocated for the EXTERN UINT32 s_actionIoAllocation; // number of UIN64 allocated for the
// action input structure // action input structure
# endif // IO_BUFFER_C # endif // IO_BUFFER_C
//***************************************************************************** //*****************************************************************************

290
src/tpm2/GpMacros.h
View File

@ -101,9 +101,9 @@
# endif # endif
#endif // FAIL_TRACE #endif // FAIL_TRACE
// SETFAILED calls TpmFail. It may or may not return based on the NO_LONGJMP flag. // SETFAILED calls TpmFail. It may or may not return based on the NO_LONGJMP flag.
// CODELOCATOR is a macro that expands to either one 64-bit value that encodes the // CODELOCATOR is a macro that expands to either one 64-bit value that encodes the
// location, or two parameters: Function Name and Line Number. // location, or two parameters: Function Name and Line Number.
#define SETFAILED(errorCode) (TpmFail(CODELOCATOR(), errorCode)) #define SETFAILED(errorCode) (TpmFail(CODELOCATOR(), errorCode))
// If implementation is using longjmp, then calls to TpmFail() will never // If implementation is using longjmp, then calls to TpmFail() will never
@ -156,12 +156,12 @@
# define FAIL_RC(failCode) SETFAILED(failCode) # define FAIL_RC(failCode) SETFAILED(failCode)
# define FAIL_VOID(failCode) SETFAILED(failCode) # define FAIL_VOID(failCode) SETFAILED(failCode)
# define FAIL_NULL(failCode) SETFAILED(failCode) # define FAIL_NULL(failCode) SETFAILED(failCode)
# define FAIL_EXIT(failCode, returnVar, returnCode) \ # define FAIL_EXIT(failCode, returnVar, returnCode) \
do \ do \
{ \ { \
SETFAILED(failCode); \ SETFAILED(failCode); \
goto Exit; \ goto Exit; \
} while(0) } while(0)
#else // NO_LONGJMP #else // NO_LONGJMP
// no longjmp service is available // no longjmp service is available
@ -175,20 +175,20 @@
# define FAIL_NORET(failCode) SETFAILED(failCode) # define FAIL_NORET(failCode) SETFAILED(failCode)
// fail and immediately return void // fail and immediately return void
# define FAIL_VOID(failCode) \ # define FAIL_VOID(failCode) \
do \ do \
{ \ { \
SETFAILED(failCode); \ SETFAILED(failCode); \
return; \ return; \
} while(0) } while(0)
// fail and immediately return a value // fail and immediately return a value
# define FAIL_IMMEDIATE(failCode, retval) \ # define FAIL_IMMEDIATE(failCode, retval) \
do \ do \
{ \ { \
SETFAILED(failCode); \ SETFAILED(failCode); \
return retval; \ return retval; \
} while(0) } while(0)
// fail and return FALSE // fail and return FALSE
# define FAIL_BOOL(failCode) FAIL_IMMEDIATE(failCode, FALSE) # define FAIL_BOOL(failCode) FAIL_IMMEDIATE(failCode, FALSE)
@ -200,13 +200,13 @@
# define FAIL_NULL(failCode) FAIL_IMMEDIATE(failCode, NULL) # define FAIL_NULL(failCode) FAIL_IMMEDIATE(failCode, NULL)
// fail and return using the goto exit pattern // fail and return using the goto exit pattern
# define FAIL_EXIT(failCode, returnVar, returnCode) \ # define FAIL_EXIT(failCode, returnVar, returnCode) \
do \ do \
{ \ { \
SETFAILED(failCode); \ SETFAILED(failCode); \
returnVar = returnCode; \ returnVar = returnCode; \
goto Exit; \ goto Exit; \
} while(0) } while(0)
#endif #endif
@ -214,66 +214,66 @@
// if it is not. If longjmp is being used, then the macro makes a call from // if it is not. If longjmp is being used, then the macro makes a call from
// which there is no return. Otherwise, the function will return the given // which there is no return. Otherwise, the function will return the given
// return code. // return code.
#define VERIFY(condition, failCode, returnCode) \ #define VERIFY(condition, failCode, returnCode) \
do \ do \
{ \ { \
if(!(condition)) \ if(!(condition)) \
{ \ { \
FAIL_IMMEDIATE(failCode, returnCode); \ FAIL_IMMEDIATE(failCode, returnCode); \
} \ } \
} while(0) } while(0)
// this function also verifies a condition and enters failure mode, but sets a // this function also verifies a condition and enters failure mode, but sets a
// return value and jumps to Exit on failure - allowing for cleanup. // return value and jumps to Exit on failure - allowing for cleanup.
#define VERIFY_OR_EXIT(condition, failCode, returnVar, returnCode) \ #define VERIFY_OR_EXIT(condition, failCode, returnVar, returnCode) \
do \ do \
{ \ { \
if(!(condition)) \ if(!(condition)) \
{ \ { \
FAIL_EXIT(failCode, returnVar, returnCode); \ FAIL_EXIT(failCode, returnVar, returnCode); \
} \ } \
} while(0) } while(0)
// verify the given TPM_RC is success and we are not in // verify the given TPM_RC is success and we are not in
// failure mode. Otherwise, return immediately with TPM_RC_FAILURE. // failure mode. Otherwise, return immediately with TPM_RC_FAILURE.
// note that failure mode is checked first so that an existing FATAL_* error code // note that failure mode is checked first so that an existing FATAL_* error code
// is not overwritten with the default from this macro. // is not overwritten with the default from this macro.
#define VERIFY_RC(rc) \ #define VERIFY_RC(rc) \
do \ do \
{ \ { \
if(g_inFailureMode) \ if(g_inFailureMode) \
{ \ { \
return TPM_RC_FAILURE; \ return TPM_RC_FAILURE; \
} \ } \
if(rc != TPM_RC_SUCCESS) \ if(rc != TPM_RC_SUCCESS) \
{ \ { \
FAIL_IMMEDIATE(FATAL_ERROR_ASSERT, TPM_RC_FAILURE); \ FAIL_IMMEDIATE(FATAL_ERROR_ASSERT, TPM_RC_FAILURE); \
} \ } \
} while(0) } while(0)
// verify the TPM is not in failure mode or return failure // verify the TPM is not in failure mode or return failure
#define VERIFY_NOT_FAILED() \ #define VERIFY_NOT_FAILED() \
do \ do \
{ \ { \
if(g_inFailureMode) \ if(g_inFailureMode) \
{ \ { \
return TPM_RC_FAILURE; \ return TPM_RC_FAILURE; \
} \ } \
} while(0) } while(0)
// Enter failure mode if the given TPM_RC is not success, return void. // Enter failure mode if the given TPM_RC is not success, return void.
#define VERIFY_RC_VOID(rc) \ #define VERIFY_RC_VOID(rc) \
do \ do \
{ \ { \
if(g_inFailureMode) \ if(g_inFailureMode) \
{ \ { \
return; \ return; \
} \ } \
if(rc != TPM_RC_SUCCESS) \ if(rc != TPM_RC_SUCCESS) \
{ \ { \
FAIL_VOID(FATAL_ERROR_ASSERT); \ FAIL_VOID(FATAL_ERROR_ASSERT); \
} \ } \
} while(0) } while(0)
// These VERIFY_CRYPTO macros all set failure mode to FATAL_ERROR_CRYPTO // These VERIFY_CRYPTO macros all set failure mode to FATAL_ERROR_CRYPTO
// and immediately return. The general way to parse the names is: // and immediately return. The general way to parse the names is:
@ -300,95 +300,95 @@
#define VERIFY_CRYPTO_OR_NULL(fn) VERIFY((fn), FATAL_ERROR_CRYPTO, NULL) #define VERIFY_CRYPTO_OR_NULL(fn) VERIFY((fn), FATAL_ERROR_CRYPTO, NULL)
// these VERIFY_CRYPTO macros all set a result value and goto Exit // these VERIFY_CRYPTO macros all set a result value and goto Exit
#define VERIFY_CRYPTO_OR_EXIT(fn, returnVar, returnCode) \ #define VERIFY_CRYPTO_OR_EXIT(fn, returnVar, returnCode) \
VERIFY_OR_EXIT(fn, FATAL_ERROR_CRYPTO, returnVar, returnCode); VERIFY_OR_EXIT(fn, FATAL_ERROR_CRYPTO, returnVar, returnCode);
// these VERIFY_CRYPTO_OR_EXIT functions assume the return value variable is // these VERIFY_CRYPTO_OR_EXIT functions assume the return value variable is
// named retVal // named retVal
#define VERIFY_CRYPTO_OR_EXIT_RC(fn) \ #define VERIFY_CRYPTO_OR_EXIT_RC(fn) \
VERIFY_CRYPTO_OR_EXIT_GENERIC(fn, retVal, TPM_RC_FAILURE) VERIFY_CRYPTO_OR_EXIT_GENERIC(fn, retVal, TPM_RC_FAILURE)
#define VERIFY_CRYPTO_OR_EXIT_FALSE(fn) \ #define VERIFY_CRYPTO_OR_EXIT_FALSE(fn) \
VERIFY_CRYPTO_OR_EXIT_GENERIC(fn, retVal, FALSE) VERIFY_CRYPTO_OR_EXIT_GENERIC(fn, retVal, FALSE)
#define VERIFY_CRYPTO_RC_OR_EXIT(fn) \ #define VERIFY_CRYPTO_RC_OR_EXIT(fn) \
do \ do \
{ \ { \
TPM_RC rc = fn; \ TPM_RC rc = fn; \
if(rc != TPM_RC_SUCCESS) \ if(rc != TPM_RC_SUCCESS) \
{ \ { \
FAIL_EXIT(FATAL_ERROR_CRYPTO, retVal, rc); \ FAIL_EXIT(FATAL_ERROR_CRYPTO, retVal, rc); \
} \ } \
} while(0) } while(0)
#if(defined EMPTY_ASSERT) && (EMPTY_ASSERT != NO) #if(defined EMPTY_ASSERT) && (EMPTY_ASSERT != NO)
# define pAssert(a) ((void)0) # define pAssert(a) ((void)0)
#else #else
# define pAssert(a) \ # define pAssert(a) \
do \ do \
{ \ { \
if(!(a)) \ if(!(a)) \
FAIL(FATAL_ERROR_PARAMETER); \ FAIL(FATAL_ERROR_PARAMETER); \
} while(0) } while(0)
# define pAssert_ZERO(a) \ # define pAssert_ZERO(a) \
do \ do \
{ \ { \
if(!(a)) \ if(!(a)) \
FAIL_IMMEDIATE(FATAL_ERROR_ASSERT, 0); \ FAIL_IMMEDIATE(FATAL_ERROR_ASSERT, 0); \
} while(0); } while(0);
# define pAssert_RC(a) \ # define pAssert_RC(a) \
do \ do \
{ \ { \
if(!(a)) \ if(!(a)) \
FAIL_RC(FATAL_ERROR_ASSERT); \ FAIL_RC(FATAL_ERROR_ASSERT); \
} while(0); } while(0);
# define pAssert_BOOL(a) \ # define pAssert_BOOL(a) \
do \ do \
{ \ { \
if(!(a)) \ if(!(a)) \
FAIL_BOOL(FATAL_ERROR_ASSERT); \ FAIL_BOOL(FATAL_ERROR_ASSERT); \
} while(0); } while(0);
# define pAssert_NULL(a) \ # define pAssert_NULL(a) \
do \ do \
{ \ { \
if(!(a)) \ if(!(a)) \
FAIL_NULL(FATAL_ERROR_ASSERT); \ FAIL_NULL(FATAL_ERROR_ASSERT); \
} while(0); } while(0);
// using FAIL_NORET isn't optimium but is available in limited cases that // using FAIL_NORET isn't optimium but is available in limited cases that
// result in wrong calculated values, and can be checked later // result in wrong calculated values, and can be checked later
// but should have no vulnerability implications. // but should have no vulnerability implications.
# define pAssert_NORET(a) \ # define pAssert_NORET(a) \
{ \ { \
if(!(a)) \ if(!(a)) \
FAIL_NORET(FATAL_ERROR_ASSERT); \ FAIL_NORET(FATAL_ERROR_ASSERT); \
} }
// this macro is used where a calling code has been verified to function correctly // this macro is used where a calling code has been verified to function correctly
// when the failing assert immediately returns without an error code. // when the failing assert immediately returns without an error code.
// this can be because either the caller checks the fatal error flag, or // this can be because either the caller checks the fatal error flag, or
// the state is safe and a higher-level check will catch it. // the state is safe and a higher-level check will catch it.
# define pAssert_VOID_OK(a) \ # define pAssert_VOID_OK(a) \
{ \ { \
if(!(a)) \ if(!(a)) \
FAIL_VOID(FATAL_ERROR_ASSERT); \ FAIL_VOID(FATAL_ERROR_ASSERT); \
} }
#endif #endif
// These macros are commonly used in the "Crypt" code as a way to keep listings from // These macros are commonly used in the "Crypt" code as a way to keep listings from
// getting too long. This is not to save paper but to allow one to see more // getting too long. This is not to save paper but to allow one to see more
// useful stuff on the screen at any given time. Neither macro sets failure mode. // useful stuff on the screen at any given time. Neither macro sets failure mode.
#define ERROR_EXIT(returnCode) \ #define ERROR_EXIT(returnCode) \
do \ do \
{ \ { \
retVal = returnCode; \ retVal = returnCode; \
goto Exit; \ goto Exit; \
} while(0) } while(0)
// braces are necessary for this usage: // braces are necessary for this usage:
// if (y) // if (y)
@ -397,17 +397,17 @@
// without braces the else would attach to the GOTO macro instead of the // without braces the else would attach to the GOTO macro instead of the
// outer if statement; given the amount of TPM code that doesn't use braces on // outer if statement; given the amount of TPM code that doesn't use braces on
// if statements, this is a live risk. // if statements, this is a live risk.
#define GOTO_ERROR_UNLESS(_X) \ #define GOTO_ERROR_UNLESS(_X) \
do \ do \
{ \ { \
if(!(_X)) \ if(!(_X)) \
goto Error; \ goto Error; \
} while(0) } while(0)
#include "MinMax.h" #include "MinMax.h"
#ifndef IsOdd #ifndef IsOdd
# define IsOdd(a) (((a) & 1) != 0) # define IsOdd(a) (((a)&1) != 0)
#endif #endif
#ifndef BITS_TO_BYTES #ifndef BITS_TO_BYTES
@ -455,10 +455,10 @@
# define SET_ATTRIBUTE(a, type, b) (a.b = SET) # define SET_ATTRIBUTE(a, type, b) (a.b = SET)
# define CLEAR_ATTRIBUTE(a, type, b) (a.b = CLEAR) # define CLEAR_ATTRIBUTE(a, type, b) (a.b = CLEAR)
# define GET_ATTRIBUTE(a, type, b) (a.b) # define GET_ATTRIBUTE(a, type, b) (a.b)
# define TPMA_ZERO_INITIALIZER() \ # define TPMA_ZERO_INITIALIZER() \
{ \ { \
0 \ 0 \
} }
#else #else
# define IS_ATTRIBUTE(a, type, b) ((a & type##_##b) != 0) # define IS_ATTRIBUTE(a, type, b) ((a & type##_##b) != 0)
# define SET_ATTRIBUTE(a, type, b) (a |= type##_##b) # define SET_ATTRIBUTE(a, type, b) (a |= type##_##b)

42
src/tpm2/HMAC_Start_fp.h
View File

@ -59,36 +59,30 @@
/* */ /* */
/********************************************************************************/ /********************************************************************************/
/* rev 119 */
// FILE GENERATED BY TpmExtractCode: DO NOT EDIT #ifndef HMAC_START_FP_H
#define HMAC_START_FP_H
#if CC_HMAC_Start // Command must be enabled typedef struct {
TPMI_DH_OBJECT handle;
# ifndef _TPM_INCLUDE_PRIVATE_PROTOTYPES_HMAC_START_FP_H_ TPM2B_AUTH auth;
# define _TPM_INCLUDE_PRIVATE_PROTOTYPES_HMAC_START_FP_H_ TPMI_ALG_HASH hashAlg;
// Input structure definition
typedef struct
{
TPMI_DH_OBJECT handle;
TPM2B_AUTH auth;
TPMI_ALG_HASH hashAlg;
} HMAC_Start_In; } HMAC_Start_In;
// Output structure definition typedef struct {
typedef struct TPMI_DH_OBJECT sequenceHandle;
{
TPMI_DH_OBJECT sequenceHandle;
} HMAC_Start_Out; } HMAC_Start_Out;
// Response code modifiers #define RC_HMAC_Start_handle (TPM_RC_H + TPM_RC_1)
# define RC_HMAC_Start_handle (TPM_RC_H + TPM_RC_1) #define RC_HMAC_Start_auth (TPM_RC_P + TPM_RC_1)
# define RC_HMAC_Start_auth (TPM_RC_P + TPM_RC_1) #define RC_HMAC_Start_hashAlg (TPM_RC_P + TPM_RC_2)
# define RC_HMAC_Start_hashAlg (TPM_RC_P + TPM_RC_2)
// Function prototype
TPM_RC TPM_RC
TPM2_HMAC_Start(HMAC_Start_In* in, HMAC_Start_Out* out); TPM2_HMAC_Start(
HMAC_Start_In *in, // IN: input parameter list
HMAC_Start_Out *out // OUT: output parameter list
);
# endif // _TPM_INCLUDE_PRIVATE_PROTOTYPES_HMAC_START_FP_H_
#endif // CC_HMAC_Start #endif

Some files were not shown because too many files have changed in this diff Show More