proxmox-mirrors/libtpms
1
0
Fork 0
mirror of https://git.proxmox.com/git/libtpms synced 2025-08-20 10:57:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
900 Commits 1 Branch 7 Tags 4.4 MiB
proxmox/stable-0.9
Commit Graph

900 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Berger
5148fe63d3 tpm2: Rename OIDS.h to OIDs.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
6847901cfa tpm2: Remove dead functions and their prototypes 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
52b7c83927 tpm2: rev155: Set spec version to 155 
With some x509 related issues fixed, advertise revision 155 now
so that IBM TSS 2 test suite passes the X509 tests.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
db1d01526a tpm2: Some x509 related fixes 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
baa5b3995d tpm2: Fix bit ordering related to TPMA_X509_KEY_USAGE 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
9cc5f38c96 tpm2: Add parameter to (unused) TPMA_OBJECT_INITIALIZER 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
521d5948f6 tpm2: Added (not used) #defines 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
1cbee17a16 tpm2: Fix some ASN.1 related code 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
b822e395c3 tpm2: Whitespace changes only 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
f5e6f48ff7 tpm2: Move some #defines into GpMacros and include headers 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
5ca051d272 tpm2: Update DebugHelpers but deactivate code since not needed 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
b546847a17 tpm2: sync svn 1490; whitespace and comment changes only 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
4903a423ea tpm2: Pass SEED_COMPAT_LEVEL to Object for use when deriving keys 
When a child key is derived from an Object, we need to know what
SEED_COMPAT_LEVEL the Object was created under (or what the its seed is)
so that we can later on derive child with the appropriate
SEED_COMPAT_LEVEL.

When an external object is loaded we set the SEED_COMPAT_LEVEL to
SEED_COMPAT_LEVEL_ORIGINAL so that any RSA key that could possibly be
derived from it will always create the same RSA key independent
of the SEED_COMPAT_LEVEL of the hierarchy it is loaded under. This
way any key derivation that could happen on an external key remains
the same before and after this code change.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
480d42bb9f tpm2: rev155: Fix a bug in the RSAES decoder checking bounds 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
c1f7bf5509 tpm2: Activate SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
5b8200d7f5 tpm2: Pass SEED_COMPAT_LEVEL to CryptAdjustPrimeCandidate function 
Pass the SEED_COMPAT_LEVEL, originating from the seed that's being used,
to the CryptAdjustPrimeCandidate function and use it to determine
whether the old code should be used or the new one.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
b0ca810347 tpm2: Introduce SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX but do not use yet 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
625171be0c tpm2: rev155: Add new RsaAdjustPrimeCandidate code but do not use 
Add in the new RsaAdjustPrimeCandidate() function but do not use it
so far since it creates slightly different primes than the previous
code and we would get different derived keys if we were to use it with
'old' seeds.

Adjust the code to return the same results for 64 bit and 32 bit machines.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
c97d016d27 tpm2: Add SEED_COMPAT_LEVEL to DRBG state 
Add a SEED_COMPAT_LEVEL to the DRBG state that is associated with the seed
and indicates the seed compatibility level we need to maintain when deriving
RSA keys from seeds. We only need to be able to handle RSA keys derived via
the DRBG state. Other keys, such as symmetric keys, are not affected. Also
RSA keys cannot be derived from a KDR, so the KDF does not need to carry
the SEED_COMPAT_LEVEL.

All functions that need to pass a value set SEED_COMPAT_LEVEL to
SEED_COMPAT_LEVEL_ORIGINAL (0) for now.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
7804d19dac tpm2: Add SEED_COMPAT_LEVEL to nullSeed to track compatibility level 
Add SEED_COMPAT_LEVEL to the nullSeed in the state_reset data to track
its compatibility level. We need it for VM suspend and resume.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
eabcd048c4 tpm2: Add SEED_COMPAT_LEVEL to seeds in PERSISTENT_DATA 
Add a variable seedCompatLevel to the each seed in the PERSISTENT_DATA
that allows us to track the age of the seed. Whenever a new seed
is created the seedCompatLevel is also written and set to the latest
version. This seedCompatLevel then influences the crypto algorithm that
can be used for deriving keys so that previously derived keys
are now still generated in the same way. When the seed is changed
the old keys are all useless and newly derived keys can then use
the new algorithm.

This patch only sets the variables to the current compatibility
level SEED_COMPAT_LEVEL_ORIGINAL and writes it out as part of the state
file. This makes the state file not downgradeable.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
63f3354d58 tpm2: Remove libtpms-specific setting of g_inFailureMode 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
8cf244fa91 tpm2: rev155: Rework CONTEXT_ENCRYPT_ALG handling in GpMacros.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
cd76780d71 tpm2: rev155: Remove unused #defines from SelfTest.h 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
3399586357 tpm2: rev155: Add #defines to TpmTypes that are not used in rev155 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
6cff090057 tpm2: rev155: Pass parameters->p.t.size rather than 0 to BnTo2B 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
bf40ccab72 tpm2: rev155: Refactor CryptGetSymmetricBlockSize 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
9215a8277e tpm2: rev155: Avoid FAIL in default case and return a value instead 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
e602b6898c tpm2: rev155: Sync commented code in TpmFail.c 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
de19b5d4ab tpm2: rev155: Add CompilerDependencies to Manufacture_fp.h 2020-04-14 16:03:45 -04:00
Stefan Berger
e8478a7424 tpm2: rev155: Enable new command TPM2_CertifyX509 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
f743d7faae tpm2: rev155: Add support for x509 in TPM2_Sign 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
b1bac6d212 tpm2: rev155: Add DebugHelpers and header file 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
a5866291ca tpm2: rev155: Implement new command TPM2_CertifyX509 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
77f452fd14 tpm2: rev155: Add code to create X509 RSA and EC key certificates 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
83221ed68e tpm2: rev155: Add ASN.1 related code 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
e5a67ccde9 tpm2: rev155: Remove old hash related code and definitions 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
ddba4e3c6b tpm2: rev155: Use MakeDerTag instead of CryptHashGetDer 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
8679241b2f tpm2: rev155: Implement MakeDerTag 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
d098436a34 tpm2: rev155: Extend HASH_DEF with BYTE *OID 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
244cd1bae9 tpm2: rev155: Extend ECC_CURVE with BYTE *OID and adjust code 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
f402d39d66 tpm2: rev155: Add OIDS.h 2020-04-14 16:03:45 -04:00
Stefan Berger
fd1b23daae tpm2: rev155: Remove CURVE_SPEC #define 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
b6269798bd tpm2: rev155: Consider g_inFailureMode when returning from crypto functions 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
c72fded7fc tpm2: rev155: Marshal functions for TPMS_NV_DIGEST_CERTIFY_INFO 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
3dcaa01d0a tpm2: rev155: Major refactoring of header files 
- Introduce Platform.h and replace usage of PlatformData.h and
  Platform_fp.h
- Drop Implementation.h since we now use TpmProfile.h (which we
  prepared previously); many #defines were moved to TpmTypes.h

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
296cbb1699 tpm2: rev155: Refactor hash templates; for now also keep old templates 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
19574a4c42 tpm2: rev155: Implement CryptRsaPssSaltSize 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
fa7af853d8 tpm2: rev155: Implement case TPM_ST_ATTEST_NV_DIGEST 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00
Stefan Berger
c453ceec08 tpm2: rev155: Implement NvHashIndexData 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2020-04-14 16:03:45 -04:00