packages/libtpms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libtpms: update to version 0.9.5

Browse Source 
Signed-off-by: yezengruan <yezengruan@huawei.com>
This commit is contained in:
yezengruan 2023-02-03 18:49:06 +08:00
parent 312b87f088
commit 8fb30302f4
17 changed files with 8 additions and 2754 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
libtpms-0.9.5.tar.gz Normal file
View File

Binary file not shown.

BIN
libtpms-1d392d4.tar.gz
View File

Binary file not shown.

32
libtpms.spec
View File

@ -1,12 +1,8 @@
# --- libtpm rpm-spec ---
%global gitdate 20200710
%global gitcommit 1d392d466a14234b2c0751ed6c22491836691166
%global gitshortcommit %(c=%{gitcommit}; echo ${c:0:7})
%define name libtpms
%define versionx 0.7.3
%define release 7
%define version 0.9.5
%define release 1
# Valid crypto subsystems are 'freebl' and 'openssl'
%if "%{?crypto_subsystem}" == ""
@ -18,29 +14,14 @@
Summary: Library providing Trusted Platform Module (TPM) functionality
Name: %{name}
Version: %{versionx}
Version: %{version}
Release: %{release}
License: BSD
Group: Development/Libraries
Url: http://github.com/stefanberger/libtpms
Source0: %{url}/archive/%{gitcommit}/%{name}-%{gitshortcommit}.tar.gz
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Provides: libtpms-%{crypto_subsystem} = %{version}-%{release}
Patch0: tpm2-CryptSym-fix-AES-output-IV.patch
Patch1: tpm2-Add-SEED_COMPAT_LEVEL-to-seeds-in.patch
Patch2: tpm2-Add-SEED_COMPAT_LEVEL-to-nullSeed-to-track-comp.patch
Patch3: tpm2-Add-SEED_COMPAT_LEVEL-to-DRBG-state.patch
Patch4: tpm2-rev155-Add-new-RsaAdjustPrimeCandidate-code.patch
Patch5: tpm2-Introduce-SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FI.patch
Patch6: tpm2-Pass-SEED_COMPAT_LEVEL-to-CryptAdjustPrimeCandi.patch
Patch7: tpm2-Activate-SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX.patch
Patch8: tpm2-Initialize-a-whole-OBJECT-before-using-it.patch
Patch9: tpm2-Fix-issue-with-misaligned-address-when-marshall.patch
Patch10: tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch
Patch11: tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch
Patch12: tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch
Patch13: tpm2-Restore-original-value-if-unmarsalled-value-was.patch
%if "%{crypto_subsystem}" == "openssl"
BuildRequires: openssl-devel
%else
@ -89,7 +70,7 @@ Libtpms header files and documentation.
%attr(644, root, root) %{_mandir}/man3/*
%prep
%setup -n %{name}-%{gitcommit}
%setup -n %{name}-%{version}
%autopatch -p1
%build
@ -132,6 +113,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libtpms.la
%postun -p /sbin/ldconfig
%changelog
* Fri Feb 03 2023 yezengruan <yezengruan@huawei.com> - 0.9.5-1
- update to version 0.9.5
* Wed May 18 2022 yezengruan <yezengruan@huawei.com> - 0.7.3-7
- tpm2: Reset TPM2B buffer sizes after test fails for valid buffer size
- tpm2: Add maxSize parameter to TPM2B_Marshal for sanity checks

52
tpm2-Activate-SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX.patch
View File

@ -1,52 +0,0 @@
From eb36e429ebe6d0dd7e1ca07013245ab766eec02d Mon Sep 17 00:00:00 2001
From: jiangfangjie 00559066 <jiangfangjie@huawei.com>
Date: Tue, 11 May 2021 14:17:54 +0800
Subject: [PATCH 7/7] tpm2: Activate SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX
---
src/tpm2/BackwardsCompatibility.h | 2 +-
src/tpm2/crypto/openssl/CryptPrime.c | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/tpm2/BackwardsCompatibility.h b/src/tpm2/BackwardsCompatibility.h
index ded6936..6d33b60 100644
--- a/src/tpm2/BackwardsCompatibility.h
+++ b/src/tpm2/BackwardsCompatibility.h
@@ -43,7 +43,7 @@ typedef UINT8 SEED_COMPAT_LEVEL;
enum {
SEED_COMPAT_LEVEL_ORIGINAL = 0, /* original TPM 2 code up to rev155 */
SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX = 1, /* RsaAdjustPrimeCandidate was fixed */
- SEED_COMPAT_LEVEL_LAST = SEED_COMPAT_LEVEL_ORIGINAL
+ SEED_COMPAT_LEVEL_LAST = SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX
};
#endif /* BACKWARDS_COMPATIBILITY_H */
diff --git a/src/tpm2/crypto/openssl/CryptPrime.c b/src/tpm2/crypto/openssl/CryptPrime.c
index 2e8601c..9ffacc2 100644
--- a/src/tpm2/crypto/openssl/CryptPrime.c
+++ b/src/tpm2/crypto/openssl/CryptPrime.c
@@ -369,8 +369,8 @@ RsaAdjustPrimeCandidate(
case SEED_COMPAT_LEVEL_ORIGINAL:
RsaAdjustPrimeCandidate_PreRev155(prime);
break;
- /* case SEED_COMPAT_LEVEL_LAST: */
- case SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX:
+ case SEED_COMPAT_LEVEL_LAST:
+ /* case SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX: */
RsaAdjustPrimeCandidate_New(prime);
break;
default:
@@ -409,8 +409,8 @@ BnGeneratePrimeForRSA(
if (g_inFailureMode)
return;
break;
- /* case SEED_COMPAT_LEVEL_LAST: */
- case SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX:
+ case SEED_COMPAT_LEVEL_LAST:
+ /* case SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX: */
if(!BnGetRandomBits(prime, bits, rand)) // new
return;
break;
--
2.21.0.windows.1

143
tpm2-Add-SEED_COMPAT_LEVEL-to-DRBG-state.patch
View File

@ -1,143 +0,0 @@
From 8b534099d59ec5e746802dd77680612539945324 Mon Sep 17 00:00:00 2001
From: jiangfangjie 00559066 <jiangfangjie@huawei.com>
Date: Tue, 11 May 2021 11:32:08 +0800
Subject: [PATCH 3/7] tpm2: Add SEED_COMPAT_LEVEL to DRBG state
Add a SEED_COMPAT_LEVEL to the DRBG state that is associated with the seed
and indicates the seed compatibility level we need to maintain when deriving
RSA keys from seeds. We only need to be able to handle RSA keys derived via
the DRBG state. Other keys, such as symmetric keys, are not affected. Also
RSA keys cannot be derived from a KDR, so the KDF does not need to carry
the SEED_COMPAT_LEVEL.
All functions that need to pass a value set SEED_COMPAT_LEVEL to
SEED_COMPAT_LEVEL_ORIGINAL (0) for now.
---
src/tpm2/HierarchyCommands.c | 3 ++-
src/tpm2/ObjectCommands.c | 3 ++-
src/tpm2/crypto/CryptRand.h | 1 +
src/tpm2/crypto/CryptRand_fp.h | 9 ++++++++-
src/tpm2/crypto/openssl/CryptRand.c | 26 +++++++++++++++++++++++++-
5 files changed, 38 insertions(+), 4 deletions(-)
diff --git a/src/tpm2/HierarchyCommands.c b/src/tpm2/HierarchyCommands.c
index 776d2e2..e757191 100644
--- a/src/tpm2/HierarchyCommands.c
+++ b/src/tpm2/HierarchyCommands.c
@@ -103,7 +103,8 @@ TPM2_CreatePrimary(
&HierarchyGetPrimarySeed(in->primaryHandle)->b,
PRIMARY_OBJECT_CREATION,
(TPM2B *)PublicMarshalAndComputeName(publicArea, &name),
- &in->inSensitive.sensitive.data.b);
+ &in->inSensitive.sensitive.data.b,
+ HierarchyGetPrimarySeedCompatLevel(in->primaryHandle)); // libtpms added
newObject->attributes.primary = SET;
if(in->primaryHandle == TPM_RH_ENDORSEMENT)
newObject->attributes.epsHierarchy = SET;
diff --git a/src/tpm2/ObjectCommands.c b/src/tpm2/ObjectCommands.c
index 590a702..26919eb 100644
--- a/src/tpm2/ObjectCommands.c
+++ b/src/tpm2/ObjectCommands.c
@@ -508,7 +508,8 @@ TPM2_CreateLoaded(
PRIMARY_OBJECT_CREATION,
(TPM2B *)PublicMarshalAndComputeName(publicArea,
&name),
- &in->inSensitive.sensitive.data.b);
+ &in->inSensitive.sensitive.data.b,
+ HierarchyGetPrimarySeedCompatLevel(in->parentHandle)); // libtpms added
}
else
// This is an ordinary object so use the normal random number generator
diff --git a/src/tpm2/crypto/CryptRand.h b/src/tpm2/crypto/CryptRand.h
index 3eaf986..c3947aa 100644
--- a/src/tpm2/crypto/CryptRand.h
+++ b/src/tpm2/crypto/CryptRand.h
@@ -138,6 +138,7 @@ typedef union
UINT64 reseedCounter;
UINT32 magic;
DRBG_SEED seed; // contains the key and IV for the counter mode DRBG
+ SEED_COMPAT_LEVEL seedCompatLevel; // libtpms added: the compatibility level for keeping backwards compatibility
UINT32 lastValue[4]; // used when the TPM does continuous self-test
// for FIPS compliance of DRBG
} DRBG_STATE, *pDRBG_STATE;
diff --git a/src/tpm2/crypto/CryptRand_fp.h b/src/tpm2/crypto/CryptRand_fp.h
index b10ee3d..9bf9209 100644
--- a/src/tpm2/crypto/CryptRand_fp.h
+++ b/src/tpm2/crypto/CryptRand_fp.h
@@ -127,7 +127,8 @@ DRBG_InstantiateSeeded(
const TPM2B *seed, // IN: the seed to use
const TPM2B *purpose, // IN: a label for the generation process.
const TPM2B *name, // IN: name of the object
- const TPM2B *additional // IN: additional data
+ const TPM2B *additional, // IN: additional data
+ SEED_COMPAT_LEVEL seedCompatLevel// IN: compatibility level (associated with seed); libtpms added
);
LIB_EXPORT BOOL
CryptRandStartup(
@@ -143,6 +144,12 @@ DRBG_Generate(
BYTE *random, // OUT: buffer to receive the random values
UINT16 randomSize // IN: the number of bytes to generate
);
+// libtpms added begin
+LIB_EXPORT SEED_COMPAT_LEVEL
+DRBG_GetSeedCompatLevel(
+ RAND_STATE *state // IN
+ );
+// libtpms added end
LIB_EXPORT BOOL
DRBG_Instantiate(
DRBG_STATE *drbgState, // OUT: the instantiated value
diff --git a/src/tpm2/crypto/openssl/CryptRand.c b/src/tpm2/crypto/openssl/CryptRand.c
index 118e1c9..e5bca22 100644
--- a/src/tpm2/crypto/openssl/CryptRand.c
+++ b/src/tpm2/crypto/openssl/CryptRand.c
@@ -589,7 +589,8 @@ DRBG_InstantiateSeeded(
const TPM2B *seed, // IN: the seed to use
const TPM2B *purpose, // IN: a label for the generation process.
const TPM2B *name, // IN: name of the object
- const TPM2B *additional // IN: additional data
+ const TPM2B *additional, // IN: additional data
+ SEED_COMPAT_LEVEL seedCompatLevel // IN: compatibility level; libtpms added
)
{
DF_STATE dfState;
@@ -600,6 +601,7 @@ DRBG_InstantiateSeeded(
// Initialize the DRBG state
memset(drbgState, 0, sizeof(DRBG_STATE));
drbgState->magic = DRBG_MAGIC;
+ drbgState->seedCompatLevel = seedCompatLevel; // libtpms added
// Size all of the values
totalInputSize = (seed != NULL) ? seed->size : 0;
totalInputSize += (purpose != NULL) ? purpose->size : 0;
@@ -655,6 +657,28 @@ CryptRandInit(
#endif
return DRBG_SelfTest();
}
+// libtpms added begin
+LIB_EXPORT SEED_COMPAT_LEVEL
+DRBG_GetSeedCompatLevel(
+ RAND_STATE *state
+ )
+{
+ if(state == NULL)
+ {
+ return SEED_COMPAT_LEVEL_LAST;
+ }
+ else if(state->drbg.magic == DRBG_MAGIC)
+ {
+ DRBG_STATE *drbgState = (DRBG_STATE *)state;
+
+ return drbgState->seedCompatLevel;
+ }
+ else
+ {
+ return SEED_COMPAT_LEVEL_LAST;
+ }
+}// libtpms added end
+
/* 10.2.18.5 DRBG_Generate() */
/* This function generates a random sequence according SP800-90A. If random is not NULL, then
randomSize bytes of random values are generated. If random is NULL or randomSize is zero, then
--
2.21.0.windows.1

110
tpm2-Add-SEED_COMPAT_LEVEL-to-nullSeed-to-track-comp.patch
View File

@ -1,110 +0,0 @@
From 6617eecb7ea815974a1cfc19f60a091f64c7ba30 Mon Sep 17 00:00:00 2001
From: jiangfangjie 00559066 <jiangfangjie@huawei.com>
Date: Tue, 11 May 2021 10:34:49 +0800
Subject: [PATCH 2/7] tpm2: Add SEED_COMPAT_LEVEL to nullSeed to track
compatibility level
Add SEED_COMPAT_LEVEL to the nullSeed in the state_reset data to track
its compatibility level. We need it for VM suspend and resume.
---
src/tpm2/Global.h | 1 +
src/tpm2/Hierarchy.c | 3 ++-
src/tpm2/NVMarshal.c | 21 ++++++++++++++++++---
3 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/src/tpm2/Global.h b/src/tpm2/Global.h
index 011aff8..3448de3 100644
--- a/src/tpm2/Global.h
+++ b/src/tpm2/Global.h
@@ -809,6 +809,7 @@ typedef struct state_reset_data
// the TPM_RH_NULL hierarchy. The
// default reset value is from the RNG.
TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL
+ SEED_COMPAT_LEVEL nullSeedCompatLevel; // libtpms added
// hierarchy. The default reset value
// is from the RNG.
//*****************************************************************************
diff --git a/src/tpm2/Hierarchy.c b/src/tpm2/Hierarchy.c
index 70a3588..e9e6d6d 100644
--- a/src/tpm2/Hierarchy.c
+++ b/src/tpm2/Hierarchy.c
@@ -154,6 +154,7 @@ HierarchyStartup(
CryptRandomGenerate(gr.nullProof.t.size, gr.nullProof.t.buffer);
gr.nullSeed.t.size = sizeof(gr.nullSeed.t.buffer);
CryptRandomGenerate(gr.nullSeed.t.size, gr.nullSeed.t.buffer);
+ gr.nullSeedCompatLevel = SEED_COMPAT_LEVEL_LAST; // libtpms added
}
return;
}
@@ -235,7 +236,7 @@ HierarchyGetPrimarySeedCompatLevel(
return gp.EPSeedCompatLevel;
break;
case TPM_RH_NULL:
- return SEED_COMPAT_LEVEL_LAST;
+ return gr.nullSeedCompatLevel;
default:
FAIL(FATAL_ERROR_INTERNAL);
break;
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index 653ef1a..5c1955b 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -1235,7 +1235,7 @@ skip_future_versions:
}
#define STATE_RESET_DATA_MAGIC 0x01102332
-#define STATE_RESET_DATA_VERSION 2
+#define STATE_RESET_DATA_VERSION 3
TPM_RC
STATE_RESET_DATA_Unmarshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
@@ -1326,11 +1326,21 @@ STATE_RESET_DATA_Unmarshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
#endif
skip_alg_ecc:
+ /* default values before conditional block */
+ data->nullSeedCompatLevel = SEED_COMPAT_LEVEL_ORIGINAL;
+
/* version 2 starts having indicator for next versions that we can skip;
this allows us to downgrade state */
if (rc == TPM_RC_SUCCESS && hdr.version >= 2) {
- BLOCK_SKIP_READ(skip_future_versions, FALSE, buffer, size,
+ BLOCK_SKIP_READ(skip_future_versions, hdr.version >= 3, buffer, size,
"STATE_RESET_DATA", "version 3 or later");
+ if (rc == TPM_RC_SUCCESS) {
+ rc = SEED_COMPAT_LEVEL_Unmarshal(&gr.nullSeedCompatLevel,
+ buffer, size, "nullSeed");
+ }
+
+ BLOCK_SKIP_READ(skip_future_versions, FALSE, buffer, size,
+ "STATE_RESET_DATA", "version 4 or later");
/* future versions nest-append here */
}
@@ -1349,7 +1359,7 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
written = NV_HEADER_Marshal(buffer, size,
STATE_RESET_DATA_VERSION,
- STATE_RESET_DATA_MAGIC, 1);
+ STATE_RESET_DATA_MAGIC, 3);
written += TPM2B_PROOF_Marshal(&data->nullProof, buffer, size);
written += TPM2B_Marshal(&data->nullSeed.b, buffer, size);
written += UINT32_Marshal(&data->clearCount, buffer, size);
@@ -1383,9 +1393,14 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
#endif
BLOCK_SKIP_WRITE_POP(size);
+ written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
+ written += SEED_COMPAT_LEVEL_Marshal(&data->nullSeedCompatLevel,
+ buffer, size);
+
written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
/* future versions append below this line */
+ BLOCK_SKIP_WRITE_POP(size);
BLOCK_SKIP_WRITE_POP(size);
BLOCK_SKIP_WRITE_CHECK;
--
2.21.0.windows.1

346
tpm2-Add-SEED_COMPAT_LEVEL-to-seeds-in.patch
View File

@ -1,346 +0,0 @@
From 2833825447cbc0b23c1aa13a15521aa1d0ec0175 Mon Sep 17 00:00:00 2001
From: jiangfangjie 00559066 <jiangfangjie@huawei.com>
Date: Tue, 11 May 2021 10:32:16 +0800
Subject: [PATCH 1/7] tpm2: Add SEED_COMPAT_LEVEL to seeds in PERSISTENT_DATA
Add a variable seedCompatLevel to the each seed in the PERSISTENT_DATA
that allows us to track the age of the seed. Whenever a new seed
is created the seedCompatLevel is also written and set to the latest
version. This seedCompatLevel then influences the crypto algorithm that
can be used for deriving keys so that previously derived keys
are now still generated in the same way. When the seed is changed
the old keys are all useless and newly derived keys can then use
the new algorithm.
This patch only sets the variables to the current compatibility
level SEED_COMPAT_LEVEL_ORIGINAL and writes it out as part of the state
file. This makes the state file not downgradeable.
---
src/Makefile.am | 1 +
src/tpm2/BackwardsCompatibility.h | 48 +++++++++++++++++++++++++
src/tpm2/Global.h | 5 +++
src/tpm2/Hierarchy.c | 31 ++++++++++++++++
src/tpm2/HierarchyCommands.c | 5 +++
src/tpm2/Hierarchy_fp.h | 6 ++++
src/tpm2/NVMarshal.c | 59 +++++++++++++++++++++++++++++--
7 files changed, 152 insertions(+), 3 deletions(-)
create mode 100644 src/tpm2/BackwardsCompatibility.h
diff --git a/src/Makefile.am b/src/Makefile.am
index 670afbf..e18ba4d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -482,6 +482,7 @@ noinst_HEADERS += \
tpm2/VerifySignature_fp.h \
tpm2/ZGen_2Phase_fp.h \
\
+ tpm2/BackwardsCompatibility.h \
tpm2/LibtpmsCallbacks.h \
tpm2/NVMarshal.h \
tpm2/StateMarshal.h \
diff --git a/src/tpm2/BackwardsCompatibility.h b/src/tpm2/BackwardsCompatibility.h
new file mode 100644
index 0000000..aa79763
--- /dev/null
+++ b/src/tpm2/BackwardsCompatibility.h
@@ -0,0 +1,48 @@
+/********************************************************************************/
+/* */
+/* Backwards compatibility related stuff */
+/* Written by Stefan Berger */
+/* IBM Thomas J. Watson Research Center */
+/* */
+/* (c) Copyright IBM Corporation 2017,2018. */
+/* */
+/* All rights reserved. */
+/* */
+/* Redistribution and use in source and binary forms, with or without */
+/* modification, are permitted provided that the following conditions are */
+/* met: */
+/* */
+/* Redistributions of source code must retain the above copyright notice, */
+/* this list of conditions and the following disclaimer. */
+/* */
+/* Redistributions in binary form must reproduce the above copyright */
+/* notice, this list of conditions and the following disclaimer in the */
+/* documentation and/or other materials provided with the distribution. */
+/* */
+/* Neither the names of the IBM Corporation nor the names of its */
+/* contributors may be used to endorse or promote products derived from */
+/* this software without specific prior written permission. */
+/* */
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+/********************************************************************************/
+
+#ifndef BACKWARDS_COMPATIBILITY_H
+#define BACKWARDS_COMPATIBILITY_H
+
+typedef UINT8 SEED_COMPAT_LEVEL;
+enum {
+ SEED_COMPAT_LEVEL_ORIGINAL = 0, /* original TPM 2 code up to rev155 */
+ SEED_COMPAT_LEVEL_LAST = SEED_COMPAT_LEVEL_ORIGINAL
+};
+
+#endif /* BACKWARDS_COMPATIBILITY_H */
diff --git a/src/tpm2/Global.h b/src/tpm2/Global.h
index 7a215cb..011aff8 100644
--- a/src/tpm2/Global.h
+++ b/src/tpm2/Global.h
@@ -76,6 +76,7 @@ _NORMAL_WARNING_LEVEL_
#undef CONTEXT_SLOT
# define CONTEXT_SLOT UINT8
#endif
+#include "BackwardsCompatibility.h" // libtpms added
#include "Capabilities.h"
#include "TpmTypes.h"
#include "CommandAttributes.h"
@@ -619,6 +620,10 @@ typedef struct
TPM2B_SEED EPSeed;
TPM2B_SEED SPSeed;
TPM2B_SEED PPSeed;
+ // SEED_COMPAT_LEVELs related to creation time of seeds
+ SEED_COMPAT_LEVEL EPSeedCompatLevel; // libtpms added begin
+ SEED_COMPAT_LEVEL SPSeedCompatLevel;
+ SEED_COMPAT_LEVEL PPSeedCompatLevel; // libtpms added end
// Note there is a nullSeed in the state_reset memory.
// Hierarchy proofs
TPM2B_PROOF phProof;
diff --git a/src/tpm2/Hierarchy.c b/src/tpm2/Hierarchy.c
index 798c037..70a3588 100644
--- a/src/tpm2/Hierarchy.c
+++ b/src/tpm2/Hierarchy.c
@@ -86,6 +86,9 @@ HierarchyPreInstall_Init(
#endif
CryptRandomGenerate(gp.SPSeed.t.size, gp.SPSeed.t.buffer);
CryptRandomGenerate(gp.PPSeed.t.size, gp.PPSeed.t.buffer);
+ gp.EPSeedCompatLevel = SEED_COMPAT_LEVEL_LAST; // libtpms added begin
+ gp.SPSeedCompatLevel = SEED_COMPAT_LEVEL_LAST;
+ gp.PPSeedCompatLevel = SEED_COMPAT_LEVEL_LAST; // libtpms added end
// Initialize owner, endorsement and lockout authorization
gp.ownerAuth.t.size = 0;
gp.endorsementAuth.t.size = 0;
@@ -109,6 +112,9 @@ HierarchyPreInstall_Init(
NV_SYNC_PERSISTENT(EPSeed);
NV_SYNC_PERSISTENT(SPSeed);
NV_SYNC_PERSISTENT(PPSeed);
+ NV_SYNC_PERSISTENT(EPSeedCompatLevel); // libtpms added begin
+ NV_SYNC_PERSISTENT(SPSeedCompatLevel);
+ NV_SYNC_PERSISTENT(PPSeedCompatLevel); // libtpms added end
NV_SYNC_PERSISTENT(ownerAuth);
NV_SYNC_PERSISTENT(endorsementAuth);
NV_SYNC_PERSISTENT(lockoutAuth);
@@ -211,6 +217,31 @@ HierarchyGetPrimarySeed(
}
return seed;
}
+// libtpms added begin
+SEED_COMPAT_LEVEL
+HierarchyGetPrimarySeedCompatLevel(
+ TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
+ )
+{
+ switch(hierarchy)
+ {
+ case TPM_RH_PLATFORM:
+ return gp.PPSeedCompatLevel;
+ break;
+ case TPM_RH_OWNER:
+ return gp.SPSeedCompatLevel;
+ break;
+ case TPM_RH_ENDORSEMENT:
+ return gp.EPSeedCompatLevel;
+ break;
+ case TPM_RH_NULL:
+ return SEED_COMPAT_LEVEL_LAST;
+ default:
+ FAIL(FATAL_ERROR_INTERNAL);
+ break;
+ }
+}
+// libtpms added end
/* 8.3.3.5 HierarchyIsEnabled() */
/* This function checks to see if a hierarchy is enabled. */
/* NOTE: The TPM_RH_NULL hierarchy is always enabled. */
diff --git a/src/tpm2/HierarchyCommands.c b/src/tpm2/HierarchyCommands.c
index 6627e99..776d2e2 100644
--- a/src/tpm2/HierarchyCommands.c
+++ b/src/tpm2/HierarchyCommands.c
@@ -291,6 +291,7 @@ TPM2_ChangePPS(
// Internal Data Update
// Reset platform hierarchy seed from RNG
CryptRandomGenerate(sizeof(gp.PPSeed.t.buffer), gp.PPSeed.t.buffer);
+ gp.PPSeedCompatLevel = SEED_COMPAT_LEVEL_LAST; // libtpms added
// Create a new phProof value from RNG to prevent the saved platform
// hierarchy contexts being loaded
CryptRandomGenerate(sizeof(gp.phProof.t.buffer), gp.phProof.t.buffer);
@@ -303,6 +304,7 @@ TPM2_ChangePPS(
NvFlushHierarchy(TPM_RH_PLATFORM);
// Save hierarchy changes to NV
NV_SYNC_PERSISTENT(PPSeed);
+ NV_SYNC_PERSISTENT(PPSeedCompatLevel); // libtpms added
NV_SYNC_PERSISTENT(phProof);
// Re-initialize PCR policies
#if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0
@@ -335,6 +337,7 @@ TPM2_ChangeEPS(
// Internal Data Update
// Reset endorsement hierarchy seed from RNG
CryptRandomGenerate(sizeof(gp.EPSeed.t.buffer), gp.EPSeed.t.buffer);
+ gp.EPSeedCompatLevel = SEED_COMPAT_LEVEL_LAST; // libtpms added
// Create new ehProof value from RNG
CryptRandomGenerate(sizeof(gp.ehProof.t.buffer), gp.ehProof.t.buffer);
// Enable endorsement hierarchy
@@ -352,6 +355,7 @@ TPM2_ChangeEPS(
NvFlushHierarchy(TPM_RH_ENDORSEMENT);
// Save hierarchy changes to NV
NV_SYNC_PERSISTENT(EPSeed);
+ NV_SYNC_PERSISTENT(EPSeedCompatLevel); // libtpms added
NV_SYNC_PERSISTENT(ehProof);
NV_SYNC_PERSISTENT(endorsementAuth);
NV_SYNC_PERSISTENT(endorsementAlg);
@@ -382,6 +386,7 @@ TPM2_Clear(
// Internal Data Update
// Reset storage hierarchy seed from RNG
CryptRandomGenerate(sizeof(gp.SPSeed.t.buffer), gp.SPSeed.t.buffer);
+ gp.SPSeedCompatLevel = SEED_COMPAT_LEVEL_LAST; // libtpms added
// Create new shProof and ehProof value from RNG
CryptRandomGenerate(sizeof(gp.shProof.t.buffer), gp.shProof.t.buffer);
CryptRandomGenerate(sizeof(gp.ehProof.t.buffer), gp.ehProof.t.buffer);
diff --git a/src/tpm2/Hierarchy_fp.h b/src/tpm2/Hierarchy_fp.h
index 51c79c0..d6e0a89 100644
--- a/src/tpm2/Hierarchy_fp.h
+++ b/src/tpm2/Hierarchy_fp.h
@@ -78,6 +78,12 @@ TPM2B_SEED *
HierarchyGetPrimarySeed(
TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
);
+// libtpms added begin
+SEED_COMPAT_LEVEL
+HierarchyGetPrimarySeedCompatLevel(
+ TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
+ );
+// libtpms added end
BOOL
HierarchyIsEnabled(
TPMI_RH_HIERARCHY hierarchy // IN: hierarchy
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index ec94ebf..653ef1a 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -242,6 +242,29 @@ BOOL_Unmarshal(BOOL *boolean, BYTE **buffer, INT32 *size)
return rc;
}
+static UINT16
+SEED_COMPAT_LEVEL_Marshal(SEED_COMPAT_LEVEL *source,
+ BYTE **buffer, INT32 *size)
+{
+ return UINT8_Marshal((UINT8 *)source, buffer, size);
+}
+
+static TPM_RC
+SEED_COMPAT_LEVEL_Unmarshal(SEED_COMPAT_LEVEL *source,
+ BYTE **buffer, INT32 *size,
+ const char *name)
+{
+ TPM_RC rc;
+
+ rc = UINT8_Unmarshal((UINT8 *)source, buffer, size);
+ if (rc == TPM_RC_SUCCESS && *source > SEED_COMPAT_LEVEL_LAST) {
+ TPMLIB_LogTPM2Error("%s compatLevel '%u' higher than supported '%u'\n",
+ name, *source, SEED_COMPAT_LEVEL_LAST);
+ rc = TPM_RC_BAD_VERSION;
+ }
+ return rc;
+}
+
static int
TPM2B_Cmp(const TPM2B *t1, const TPM2B *t2)
{
@@ -3690,7 +3713,7 @@ skip_future_versions:
}
#define PERSISTENT_DATA_MAGIC 0x12213443
-#define PERSISTENT_DATA_VERSION 3
+#define PERSISTENT_DATA_VERSION 4
static UINT16
PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size)
@@ -3703,7 +3726,7 @@ PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size)
written = NV_HEADER_Marshal(buffer, size,
PERSISTENT_DATA_VERSION,
- PERSISTENT_DATA_MAGIC, 1);
+ PERSISTENT_DATA_MAGIC, 4);
written += BOOL_Marshal(&data->disableClear, buffer, size);
written += TPM_ALG_ID_Marshal(&data->ownerAlg, buffer, size);
written += TPM_ALG_ID_Marshal(&data->endorsementAlg, buffer, size);
@@ -3775,9 +3798,18 @@ PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size)
/* there's a 'shadow' pcrAllocated as well */
written += TPML_PCR_SELECTION_Marshal(&gp.pcrAllocated, buffer, size);
+ written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
+ written += SEED_COMPAT_LEVEL_Marshal(&data->EPSeedCompatLevel,
+ buffer, size);
+ written += SEED_COMPAT_LEVEL_Marshal(&data->SPSeedCompatLevel,
+ buffer, size);
+ written += SEED_COMPAT_LEVEL_Marshal(&data->PPSeedCompatLevel,
+ buffer, size);
+
written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
/* future versions append below this line */
+ BLOCK_SKIP_WRITE_POP(size);
BLOCK_SKIP_WRITE_POP(size);
BLOCK_SKIP_WRITE_POP(size);
@@ -3963,6 +3995,11 @@ skip_num_policy_pcr_group:
#endif
}
+ /* default values before conditional block */
+ data->EPSeedCompatLevel = SEED_COMPAT_LEVEL_ORIGINAL;
+ data->SPSeedCompatLevel = SEED_COMPAT_LEVEL_ORIGINAL;
+ data->PPSeedCompatLevel = SEED_COMPAT_LEVEL_ORIGINAL;
+
/* version 2 starts having indicator for next versions that we can skip;
this allows us to downgrade state */
if (rc == TPM_RC_SUCCESS && hdr.version >= 2) {
@@ -3970,8 +4007,24 @@ skip_num_policy_pcr_group:
"Volatile State", "version 3 or later");
rc = TPML_PCR_SELECTION_Unmarshal(&shadow.pcrAllocated, buffer, size);
- BLOCK_SKIP_READ(skip_future_versions, FALSE, buffer, size,
+ BLOCK_SKIP_READ(skip_future_versions, hdr.version >= 4, buffer, size,
"PERSISTENT DATA", "version 4 or later");
+
+ if (rc == TPM_RC_SUCCESS) {
+ rc = SEED_COMPAT_LEVEL_Unmarshal(&data->EPSeedCompatLevel,
+ buffer, size, "EPSeed");
+ }
+ if (rc == TPM_RC_SUCCESS) {
+ rc = SEED_COMPAT_LEVEL_Unmarshal(&data->SPSeedCompatLevel,
+ buffer, size, "SPSeed");
+ }
+ if (rc == TPM_RC_SUCCESS) {
+ rc = SEED_COMPAT_LEVEL_Unmarshal(&data->PPSeedCompatLevel,
+ buffer, size, "PPSeed");
+ }
+
+ BLOCK_SKIP_READ(skip_future_versions, FALSE, buffer, size,
+ "PERSISTENT DATA", "version 5 or later");
/* future versions nest-append here */
}
--
2.21.0.windows.1

267
tpm2-Add-maxSize-parameter-to-TPM2B_Marshal-for-sani.patch
View File

@ -1,267 +0,0 @@
From 4ef9469ef6ba45a8628061d94bd21cee6e29b5e1 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Mon, 21 Jun 2021 15:10:14 -0400
Subject: [PATCH 2/3] tpm2: Add maxSize parameter to TPM2B_Marshal for sanity
checks
Add maxSize parameter to TPM2B_Marshal and assert on it checking
the size of the data intended to be marshaled versus the maximum
buffer size.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/Marshal.c | 38 ++++++++++++++++++++------------------
src/tpm2/Marshal_fp.h | 2 +-
src/tpm2/NVMarshal.c | 18 +++++++++---------
3 files changed, 30 insertions(+), 28 deletions(-)
diff --git a/src/tpm2/Marshal.c b/src/tpm2/Marshal.c
index f97243e..39e69e4 100644
--- a/src/tpm2/Marshal.c
+++ b/src/tpm2/Marshal.c
@@ -61,6 +61,7 @@
/* rev 136 */
+#include <assert.h> // libtpms added
#include <string.h>
#include "Tpm.h"
@@ -178,9 +179,10 @@ Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size)
}
UINT16
-TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size)
+TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
+ assert(source->size <= maxSize); // libtpms added
written += UINT16_Marshal(&(source->size), buffer, size);
written += Array_Marshal(source->buffer, source->size, buffer, size);
return written;
@@ -495,7 +497,7 @@ UINT16
TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
-written += TPM2B_Marshal(&source->b, buffer, size);
+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -505,7 +507,7 @@ UINT16
TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
-written += TPM2B_Marshal(&source->b, buffer, size);
+written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -535,7 +537,7 @@ UINT16
TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -545,7 +547,7 @@ UINT16
TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -554,7 +556,7 @@ UINT16
TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -564,7 +566,7 @@ UINT16
TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -574,7 +576,7 @@ UINT16
TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.name), buffer, size); // libtpms changed
return written;
}
@@ -1111,7 +1113,7 @@ UINT16
TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.attestationData), buffer, size); // libtpms changed
return written;
}
@@ -1232,7 +1234,7 @@ UINT16
TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1253,7 +1255,7 @@ UINT16
TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1613,7 +1615,7 @@ UINT16
TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1633,7 +1635,7 @@ UINT16
TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1643,7 +1645,7 @@ UINT16
TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -1879,7 +1881,7 @@ UINT16
TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.secret), buffer, size); // libtpms changed
return written;
}
@@ -2090,7 +2092,7 @@ UINT16
TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
@@ -2100,7 +2102,7 @@ UINT16
TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.credential), buffer, size); // libtpms changed
return written;
}
@@ -2157,7 +2159,7 @@ UINT16
TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size); // libtpms changed
return written;
}
diff --git a/src/tpm2/Marshal_fp.h b/src/tpm2/Marshal_fp.h
index 4471695..582cc9e 100644
--- a/src/tpm2/Marshal_fp.h
+++ b/src/tpm2/Marshal_fp.h
@@ -79,7 +79,7 @@ extern "C" {
UINT16
Array_Marshal(BYTE *sourceBuffer, UINT16 sourceSize, BYTE **buffer, INT32 *size);
UINT16
- TPM2B_Marshal(TPM2B *source, BYTE **buffer, INT32 *size);
+ TPM2B_Marshal(TPM2B *source, UINT32 maxSize, BYTE **buffer, INT32 *size); // libtpms changed
UINT16
TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size);
UINT16
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index 8f77fa2..40be17e 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -278,7 +278,7 @@ UINT16
TPM2B_PROOF_Marshal(TPM2B_PROOF *source, BYTE **buffer, INT32 *size)
{
UINT16 written = 0;
- written += TPM2B_Marshal(&source->b, buffer, size);
+ written += TPM2B_Marshal(&source->b, sizeof(source->t.buffer), buffer, size);
return written;
}
@@ -1361,7 +1361,7 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
STATE_RESET_DATA_VERSION,
STATE_RESET_DATA_MAGIC, 3);
written += TPM2B_PROOF_Marshal(&data->nullProof, buffer, size);
- written += TPM2B_Marshal(&data->nullSeed.b, buffer, size);
+ written += TPM2B_Marshal(&data->nullSeed.b, sizeof(data->nullSeed.t.buffer), buffer, size);
written += UINT32_Marshal(&data->clearCount, buffer, size);
written += UINT64_Marshal(&data->objectContextID, buffer, size);
@@ -2146,7 +2146,7 @@ TPM2B_HASH_BLOCK_Marshal(TPM2B_HASH_BLOCK *data, BYTE **buffer, INT32 *size)
{
UINT16 written;
- written = TPM2B_Marshal(&data->b, buffer, size);
+ written = TPM2B_Marshal(&data->b, sizeof(data->t.buffer), buffer, size);
return written;
}
@@ -2950,9 +2950,9 @@ VolatileState_Marshal(BYTE **buffer, INT32 *size)
/* tie the volatile state to the EP,SP, and PPSeed */
NvRead(&pd, NV_PERSISTENT_DATA, sizeof(pd));
- written += TPM2B_Marshal(&pd.EPSeed.b, buffer, size);
- written += TPM2B_Marshal(&pd.SPSeed.b, buffer, size);
- written += TPM2B_Marshal(&pd.PPSeed.b, buffer, size);
+ written += TPM2B_Marshal(&pd.EPSeed.b, sizeof(pd.EPSeed.t.buffer), buffer, size);
+ written += TPM2B_Marshal(&pd.SPSeed.b, sizeof(pd.SPSeed.t.buffer), buffer, size);
+ written += TPM2B_Marshal(&pd.PPSeed.b, sizeof(pd.PPSeed.t.buffer), buffer, size);
written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size); /* v4 */
@@ -3753,9 +3753,9 @@ PERSISTENT_DATA_Marshal(PERSISTENT_DATA *data, BYTE **buffer, INT32 *size)
written += TPM2B_AUTH_Marshal(&data->ownerAuth, buffer, size);
written += TPM2B_AUTH_Marshal(&data->endorsementAuth, buffer, size);
written += TPM2B_AUTH_Marshal(&data->lockoutAuth, buffer, size);
- written += TPM2B_Marshal(&data->EPSeed.b, buffer, size);
- written += TPM2B_Marshal(&data->SPSeed.b, buffer, size);
- written += TPM2B_Marshal(&data->PPSeed.b, buffer, size);
+ written += TPM2B_Marshal(&data->EPSeed.b, sizeof(data->EPSeed.t.buffer), buffer, size);
+ written += TPM2B_Marshal(&data->SPSeed.b, sizeof(data->SPSeed.t.buffer), buffer, size);
+ written += TPM2B_Marshal(&data->PPSeed.b, sizeof(data->PPSeed.t.buffer), buffer, size);
written += TPM2B_PROOF_Marshal(&data->phProof, buffer, size);
written += TPM2B_PROOF_Marshal(&data->shProof, buffer, size);
written += TPM2B_PROOF_Marshal(&data->ehProof, buffer, size);
--
2.27.0

85
tpm2-CryptSym-fix-AES-output-IV.patch
View File

@ -1,85 +0,0 @@
From 8a1716c3bb18bac169f68d24cdd095cf617eb908 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Tue, 6 Apr 2021 16:22:04 +0800
Subject: [PATCH] tpm2: CryptSym: fix AES output IV The TPM is supposed to
provide the output IV in the ivInOut parameter in CryptSymmetricEncrypt. In
the case of using the openssl routines, the output IV is missed, and the
resulting output from the TPM is in the input IV.
OpenSSL unfortunately does not export EVP_CIPHER_CTX_iv() until
tags/OpenSSL_1_1_0, so we have to fall back to the reference code for
previous OpenSSL versions.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
configure.ac | 1 +
src/tpm2/crypto/openssl/CryptSym.c | 19 +++++++++++++++++++
2 files changed, 20 insertions(+)
diff --git a/configure.ac b/configure.ac
index 1bb45d1..0c57ef3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -165,6 +165,7 @@ AS_IF([test "x$enable_use_openssl_functions" != "xno"], [
AC_CHECK_LIB([crypto], [EVP_aes_128_cbc],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_des_ede3_cbc],, not_found=1)
AC_CHECK_LIB([crypto], [DES_random_key],, not_found=1)
+ AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_iv],, not_found=1)
if test "x$not_found" = "x0"; then
use_openssl_functions_symmetric=1
use_openssl_functions_for="symmetric (AES, TDES) "
diff --git a/src/tpm2/crypto/openssl/CryptSym.c b/src/tpm2/crypto/openssl/CryptSym.c
index 7aa90da..856def6 100644
--- a/src/tpm2/crypto/openssl/CryptSym.c
+++ b/src/tpm2/crypto/openssl/CryptSym.c
@@ -531,6 +531,7 @@ CryptSymmetricEncrypt(
BYTE keyToUse[MAX_SYM_KEY_BYTES];
UINT16 keyToUseLen = (UINT16)sizeof(keyToUse);
TPM_RC retVal = TPM_RC_SUCCESS;
+ int ivLen;
pAssert(dOut != NULL && key != NULL && dIn != NULL);
if(dSize == 0)
@@ -595,6 +596,14 @@ CryptSymmetricEncrypt(
if (EVP_EncryptFinal_ex(ctx, pOut + outlen1, &outlen2) != 1)
ERROR_RETURN(TPM_RC_FAILURE);
+ if (ivInOut) {
+ ivLen = EVP_CIPHER_CTX_iv_length(ctx);
+ if (ivLen < 0 || (size_t)ivLen > sizeof(ivInOut->t.buffer))
+ ERROR_RETURN(TPM_RC_FAILURE);
+
+ ivInOut->t.size = ivLen;
+ memcpy(ivInOut->t.buffer, EVP_CIPHER_CTX_iv(ctx), ivInOut->t.size);
+ }
Exit:
if (retVal == TPM_RC_SUCCESS && pOut != dOut)
memcpy(dOut, pOut, outlen1 + outlen2);
@@ -636,6 +645,7 @@ CryptSymmetricDecrypt(
BYTE keyToUse[MAX_SYM_KEY_BYTES];
UINT16 keyToUseLen = (UINT16)sizeof(keyToUse);
TPM_RC retVal = TPM_RC_SUCCESS;
+ int ivLen;
// These are used but the compiler can't tell because they are initialized
// in case statements and it can't tell if they are always initialized
@@ -707,6 +717,15 @@ CryptSymmetricDecrypt(
pAssert((int)buffersize >= outlen1 + outlen2);
+ if (ivInOut) {
+ ivLen = EVP_CIPHER_CTX_iv_length(ctx);
+ if (ivLen < 0 || (size_t)ivLen > sizeof(ivInOut->t.buffer))
+ ERROR_RETURN(TPM_RC_FAILURE);
+
+ ivInOut->t.size = ivLen;
+ memcpy(ivInOut->t.buffer, EVP_CIPHER_CTX_iv(ctx), ivInOut->t.size);
+ }
+
Exit:
if (retVal == TPM_RC_SUCCESS) {
pAssert(dSize >= outlen1 + outlen2);
--
2.27.0

155
tpm2-Fix-issue-with-misaligned-address-when-marshall.patch
View File

@ -1,155 +0,0 @@
From 3aac390ce146b40117ad213c24504bb678f4daeb Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Mon, 23 Nov 2020 13:15:53 -0500
Subject: [PATCH] tpm2: Fix issue with misaligned address when marshalling
NVRAM (UBSAN)
UBSAN detects possibly misaligned address when reading out of the
TPM 2's NVRAM and when writing back into it. The NV_RAM_HEADER may
be unaligned like this:
tests/test_tpm2_save_load_state_3.log:tpm2/Marshal.c:117:29: \
runtime error: load of misaligned address 0x7ffcb53b3bca for type 'UINT32', which requires 4 byte alignment
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/NVMarshal.c | 59 +++++++++++++++++++++++++++-----------------
1 file changed, 36 insertions(+), 23 deletions(-)
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index ec94ebf..74ea17f 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -3991,7 +3991,7 @@ INDEX_ORDERLY_RAM_Marshal(void *array, size_t array_size,
BYTE **buffer, INT32 *size)
{
UINT16 written;
- NV_RAM_HEADER *nrh;
+ NV_RAM_HEADER nrh, *nrhp;
UINT16 offset = 0;
UINT16 datasize;
UINT32 sourceside_size = array_size;
@@ -4005,36 +4005,42 @@ INDEX_ORDERLY_RAM_Marshal(void *array, size_t array_size,
written += UINT32_Marshal(&sourceside_size, buffer, size);
while (TRUE) {
- nrh = array + offset;
+ nrhp = array + offset;
+ /* nrhp may point to misaligned address (ubsan), so use 'nrh'; first access only 'size' */
+ memcpy(&nrh, nrhp, sizeof(nrh.size));
+
/* write the NVRAM header;
nrh->size holds the complete size including data;
nrh->size = 0 indicates the end */
- written += UINT32_Marshal(&nrh->size, buffer, size);
- if (nrh->size == 0)
+ written += UINT32_Marshal(&nrh.size, buffer, size);
+ if (nrh.size == 0)
break;
- written += TPM_HANDLE_Marshal(&nrh->handle, buffer, size);
- written += TPMA_NV_Marshal(&nrh->attributes, buffer, size);
+ /* copy the entire structure now; ubsan does not allow 'nrh = *nrhp' */
+ memcpy(&nrh, nrhp, sizeof(nrh));
+
+ written += TPM_HANDLE_Marshal(&nrh.handle, buffer, size);
+ written += TPMA_NV_Marshal(&nrh.attributes, buffer, size);
- if (offset + nrh->size > array_size) {
+ if (offset + nrh.size > array_size) {
TPMLIB_LogTPM2Error("NV_ORDERLY_RAM: nrh->size corrupted: %d\n",
- nrh->size);
+ nrh.size);
break;
}
/* write data size before array */
- if (nrh->size < sizeof(NV_RAM_HEADER)) {
+ if (nrh.size < sizeof(NV_RAM_HEADER)) {
TPMLIB_LogTPM2Error(
"NV_ORDERLY_RAM: nrh->size < sizeof(NV_RAM_HEADER): %d < %zu\n",
- (int)nrh->size, sizeof(NV_RAM_HEADER));
+ (int)nrh.size, sizeof(NV_RAM_HEADER));
break;
}
- datasize = nrh->size - sizeof(NV_RAM_HEADER);
+ datasize = nrh.size - sizeof(NV_RAM_HEADER);
written += UINT16_Marshal(&datasize, buffer, size);
if (datasize > 0) {
/* append the data */
written += Array_Marshal(array + offset + sizeof(NV_RAM_HEADER),
datasize, buffer, size);
}
- offset += nrh->size;
+ offset += nrh.size;
}
written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
@@ -4053,7 +4059,7 @@ INDEX_ORDERLY_RAM_Unmarshal(void *array, size_t array_size,
{
TPM_RC rc = TPM_RC_SUCCESS;
NV_HEADER hdr;
- NV_RAM_HEADER *nrh;
+ NV_RAM_HEADER nrh, *nrhp;
UINT16 offset = 0;
UINT16 datasize = 0;
UINT32 sourceside_size;
@@ -4071,31 +4077,36 @@ INDEX_ORDERLY_RAM_Unmarshal(void *array, size_t array_size,
}
while (rc == TPM_RC_SUCCESS) {
- nrh = array + offset;
+ /* nrhp may point to misaligned address (ubsan)
+ * we read 'into' nrh and copy to nrhp at end
+ */
+ nrhp = array + offset;
+
/* write the NVRAM header;
nrh->size holds the complete size including data;
nrh->size = 0 indicates the end */
- if (offset + sizeof(nrh->size) > array_size) {
- offset += sizeof(nrh->size);
+ if (offset + sizeof(nrh.size) > array_size) {
+ offset += sizeof(nrh.size);
goto exit_size;
}
if (rc == TPM_RC_SUCCESS) {
- rc = UINT32_Unmarshal(&nrh->size, buffer, size);
- if (nrh->size == 0)
+ rc = UINT32_Unmarshal(&nrh.size, buffer, size);
+ if (nrh.size == 0) {
+ memcpy(nrhp, &nrh, sizeof(nrh.size));
break;
+ }
}
if (offset + sizeof(NV_RAM_HEADER) > array_size) {
offset += sizeof(NV_RAM_HEADER);
goto exit_size;
}
if (rc == TPM_RC_SUCCESS) {
- rc = TPM_HANDLE_Unmarshal(&nrh->handle, buffer, size);
+ rc = TPM_HANDLE_Unmarshal(&nrh.handle, buffer, size);
}
if (rc == TPM_RC_SUCCESS) {
- rc = TPMA_NV_Unmarshal(&nrh->attributes, buffer, size);
+ rc = TPMA_NV_Unmarshal(&nrh.attributes, buffer, size);
}
-
if (rc == TPM_RC_SUCCESS) {
rc = UINT16_Unmarshal(&datasize, buffer, size);
}
@@ -4110,8 +4121,10 @@ INDEX_ORDERLY_RAM_Unmarshal(void *array, size_t array_size,
}
if (rc == TPM_RC_SUCCESS) {
/* fix up size in case it is architecture-dependent */
- nrh->size = sizeof(*nrh) + datasize;
- offset += nrh->size;
+ nrh.size = sizeof(nrh) + datasize;
+ offset += nrh.size;
+ /* copy header into possibly misaligned address in NVRAM */
+ *nrhp = nrh;
}
}
--
2.21.0.windows.1

34
tpm2-Initialize-a-whole-OBJECT-before-using-it.patch
View File

@ -1,34 +0,0 @@
From ea62fd9679f8c6fc5e79471b33cfbd8227bfed72 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Thu, 22 Jul 2021 21:23:58 -0400
Subject: [PATCH] tpm2: Initialize a whole OBJECT before using it
Initialize a whole OBJECT before using it. This is necessary since
an OBJECT may also be used as a HASH_OBJECT via the ANY_OBJECT
union and that HASH_OBJECT can leave bad size inidicators in TPM2B
buffer in the OBJECT. To get rid of this problem we reset the whole
OBJECT to 0 before using it. This is as if the memory for the
OBJECT was just initialized.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/Object.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/tpm2/Object.c b/src/tpm2/Object.c
index ab50348..967105f 100644
--- a/src/tpm2/Object.c
+++ b/src/tpm2/Object.c
@@ -284,7 +284,8 @@ FindEmptyObjectSlot(
if(handle)
*handle = i + TRANSIENT_FIRST;
// Initialize the object attributes
- MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES));
+ // MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES));
+ MemorySet(object, 0, sizeof(*object)); // libtpms added: Initialize the whole object
return object;
}
}
--
2.21.0.windows.1

25
tpm2-Introduce-SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FI.patch
View File

@ -1,25 +0,0 @@
From 087e54dcc99a36151677581eda92c321907988d9 Mon Sep 17 00:00:00 2001
From: jiangfangjie 00559066 <jiangfangjie@huawei.com>
Date: Tue, 11 May 2021 14:12:37 +0800
Subject: [PATCH 5/7] tpm2: Introduce SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX
but do not use yet
---
src/tpm2/BackwardsCompatibility.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/tpm2/BackwardsCompatibility.h b/src/tpm2/BackwardsCompatibility.h
index aa79763..ded6936 100644
--- a/src/tpm2/BackwardsCompatibility.h
+++ b/src/tpm2/BackwardsCompatibility.h
@@ -42,6 +42,7 @@
typedef UINT8 SEED_COMPAT_LEVEL;
enum {
SEED_COMPAT_LEVEL_ORIGINAL = 0, /* original TPM 2 code up to rev155 */
+ SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX = 1, /* RsaAdjustPrimeCandidate was fixed */
SEED_COMPAT_LEVEL_LAST = SEED_COMPAT_LEVEL_ORIGINAL
};
--
2.21.0.windows.1

56
tpm2-NVMarshal-Handle-index-orderly-RAM-without-0-si.patch
View File

@ -1,56 +0,0 @@
From 1fb6cd9b8df05b5d6e381b31215193d6ada969df Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Fri, 23 Jul 2021 13:29:00 -0400
Subject: [PATCH] tpm2: NVMarshal: Handle index orderly RAM without 0-sized
terminating node
The NVRAM entries in s_indexOrderlyRam array do not need to contain a
0-sized terminating node. Instead, the entries may fill up this 512
byte array so that no NV_RAM_HEADER structure fits anymore. The fact
that no more NV_RAM_HEADER structure fits is also an indicator for the
last entry. We need to account for this in the code marshalling and
unmarshalling the entries so that we stop marshalling the entries
then and similarly stop unmarshalling.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/NVMarshal.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index 2b2d84a..430f481 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -4103,6 +4103,12 @@ INDEX_ORDERLY_RAM_Marshal(void *array, size_t array_size,
datasize, buffer, size);
}
offset += nrh.size;
+ if (offset + sizeof(NV_RAM_HEADER) > array_size) {
+ /* nothing will fit anymore and there won't be a 0-sized
+ * terminating node (@1).
+ */
+ break;
+ }
}
written += BLOCK_SKIP_WRITE_PUSH(TRUE, buffer, size);
@@ -4144,6 +4150,16 @@ INDEX_ORDERLY_RAM_Unmarshal(void *array, size_t array_size,
*/
nrhp = array + offset;
+ if (offset + sizeof(NV_RAM_HEADER) > sourceside_size) {
+ /* this case can occur with the previous entry filling up the
+ * space; in this case there will not be a 0-sized terminating
+ * node (see @1 above). We clear the rest of our space.
+ */
+ if (array_size > offset)
+ memset(nrhp, 0, array_size - offset);
+ break;
+ }
+
/* write the NVRAM header;
nrh->size holds the complete size including data;
nrh->size = 0 indicates the end */
--
2.21.0.windows.1

85
tpm2-Pass-SEED_COMPAT_LEVEL-to-CryptAdjustPrimeCandi.patch
View File

@ -1,85 +0,0 @@
From 5ffbddedaedc3215da219d35dc3f95b1c52ef393 Mon Sep 17 00:00:00 2001
From: jiangfangjie 00559066 <jiangfangjie@huawei.com>
Date: Tue, 11 May 2021 14:15:09 +0800
Subject: [PATCH 6/7] tpm2: Pass SEED_COMPAT_LEVEL to CryptAdjustPrimeCandidate
function
Pass the SEED_COMPAT_LEVEL, originating from the seed that's being used,
to the CryptAdjustPrimeCandidate function and use it to determine
whether the old code should be used or the new one.
---
src/tpm2/crypto/CryptPrime_fp.h | 3 ++-
src/tpm2/crypto/openssl/CryptPrime.c | 26 ++++++++++++++++++++------
2 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/src/tpm2/crypto/CryptPrime_fp.h b/src/tpm2/crypto/CryptPrime_fp.h
index 8cd23f5..e8ac8b8 100644
--- a/src/tpm2/crypto/CryptPrime_fp.h
+++ b/src/tpm2/crypto/CryptPrime_fp.h
@@ -89,7 +89,8 @@ RsaCheckPrime(
);
LIB_EXPORT void
RsaAdjustPrimeCandidate(
- bigNum prime
+ bigNum prime,
+ SEED_COMPAT_LEVEL seedCompatLevel // IN: compatibility level; libtpms added
);
void
BnGeneratePrimeForRSA(
diff --git a/src/tpm2/crypto/openssl/CryptPrime.c b/src/tpm2/crypto/openssl/CryptPrime.c
index 9a5ee7d..2e8601c 100644
--- a/src/tpm2/crypto/openssl/CryptPrime.c
+++ b/src/tpm2/crypto/openssl/CryptPrime.c
@@ -361,13 +361,21 @@ RsaAdjustPrimeCandidate_New(
}
LIB_EXPORT void
RsaAdjustPrimeCandidate(
- bigNum prime
+ bigNum prime,
+ SEED_COMPAT_LEVEL seedCompatLevel // IN: compatibility level; libtpms added
)
{
- if (1)
+ switch (seedCompatLevel) {
+ case SEED_COMPAT_LEVEL_ORIGINAL:
RsaAdjustPrimeCandidate_PreRev155(prime);
- else
+ break;
+ /* case SEED_COMPAT_LEVEL_LAST: */
+ case SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX:
RsaAdjustPrimeCandidate_New(prime);
+ break;
+ default:
+ FAIL(FATAL_ERROR_INTERNAL);
+ }
}
/* 10.2.14.1.8 BnGeneratePrimeForRSA() */
@@ -395,15 +403,21 @@ BnGeneratePrimeForRSA(
// DRBG_Generate(rand, (BYTE *)prime->d, (UINT16)BITS_TO_BYTES(bits));// old
// if(g_inFailureMode) // old
// libtpms changed begin
- if (1) {
+ switch (DRBG_GetSeedCompatLevel(rand)) {
+ case SEED_COMPAT_LEVEL_ORIGINAL:
DRBG_Generate(rand, (BYTE *)prime->d, (UINT16)BITS_TO_BYTES(bits));
if (g_inFailureMode)
return;
- } else {
+ break;
+ /* case SEED_COMPAT_LEVEL_LAST: */
+ case SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX:
if(!BnGetRandomBits(prime, bits, rand)) // new
return;
+ break;
+ default:
+ FAIL(FATAL_ERROR_INTERNAL);
}
- RsaAdjustPrimeCandidate(prime);
+ RsaAdjustPrimeCandidate(prime, DRBG_GetSeedCompatLevel(rand));
// libtpms changed end
found = RsaCheckPrime(prime, exponent, rand) == TPM_RC_SUCCESS;
}
--
2.21.0.windows.1

202
tpm2-Reset-TPM2B-buffer-sizes-after-test-fails-for-v.patch
View File

@ -1,202 +0,0 @@
From aa4f8ee9f23e2a87f704ef1b81de12594480de96 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Mon, 21 Jun 2021 14:04:34 -0400
Subject: [PATCH 1/3] tpm2: Reset TPM2B buffer sizes after test fails for valid
buffer size
Reset the buffer size indicator in a TPM2B type of buffer after it failed
the test for the maximum buffer size it allows. This prevents having bad
buffer sizes in memory that can come to haunt us when writing the volatile
state for example.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/NVMarshal.c | 1 +
src/tpm2/Unmarshal.c | 21 +++++++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
index 7c140ea..8f77fa2 100644
--- a/src/tpm2/NVMarshal.c
+++ b/src/tpm2/NVMarshal.c
@@ -1473,6 +1473,7 @@ bn_prime_t_Unmarshal(bn_prime_t *data, BYTE **buffer, INT32 *size)
"allocated %zu\n",
(size_t)data->size, (size_t)data->allocated);
rc = TPM_RC_SIZE;
+ data->size = 0;
}
}
diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c
index 9a1d723..bac7d76 100644
--- a/src/tpm2/Unmarshal.c
+++ b/src/tpm2/Unmarshal.c
@@ -137,6 +137,7 @@ TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size > targetSize) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1617,6 +1618,7 @@ TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *s
if ((target->sizeofSelect < PCR_SELECT_MIN) ||
(target->sizeofSelect > PCR_SELECT_MAX)) {
rc = TPM_RC_VALUE;
+ target->sizeofSelect = 0; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1787,6 +1789,7 @@ TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_CC) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1824,6 +1827,7 @@ TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_CC) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1846,6 +1850,7 @@ TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_ALG_LIST_SIZE) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1868,6 +1873,7 @@ TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_HANDLES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1895,11 +1901,13 @@ TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size)
/* TPM side is hard coded to 2 minimum */
if (target->count < 2) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
if (target->count > 8) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1922,6 +1930,7 @@ TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *s
if (rc == TPM_RC_SUCCESS) {
if (target->count > HASH_COUNT) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1944,6 +1953,7 @@ TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *s
if (rc == TPM_RC_SUCCESS) {
if (target->count > HASH_COUNT) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1967,6 +1977,7 @@ TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *siz
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_CAP_ALGS) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -1989,6 +2000,7 @@ TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buf
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_TPM_PROPERTIES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2011,6 +2023,7 @@ TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buff
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_PCR_PROPERTIES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2033,6 +2046,7 @@ TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_ECC_CURVES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2055,6 +2069,7 @@ TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *s
if (rc == TPM_RC_SUCCESS) {
if (target->count > MAX_TAGGED_POLICIES) {
rc = TPM_RC_SIZE;
+ target->count = 0; // libtpms added
}
}
for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) {
@@ -2704,6 +2719,7 @@ TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer,
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
@@ -3462,6 +3478,7 @@ TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
@@ -3985,6 +4002,7 @@ TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL al
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
@@ -4080,6 +4098,7 @@ TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
}
@@ -4155,6 +4174,7 @@ TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->dataSize > MAX_NV_INDEX_SIZE) {
rc = TPM_RC_SIZE;
+ target->dataSize = 0; // libtpms added
}
}
return rc;
@@ -4185,6 +4205,7 @@ TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->size != startSize - *size) {
rc = TPM_RC_SIZE;
+ target->size = 0; // libtpms added
}
}
return rc;
--
2.27.0

998
tpm2-Restore-original-value-if-unmarsalled-value-was.patch
View File

@ -1,998 +0,0 @@
From 1e19a2a17ba3256ca67f53b07515dfcc1af9bcc8 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Wed, 18 May 2022 15:33:05 +0800
Subject: [PATCH 3/3] tpm2: Restore original value if unmarsalled value was
illegal
Restore the original value of the memory location where data from
a stream was unmarshalled and the unmarshalled value was found to
be illegal. The goal is to not keep illegal values in memory.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/tpm2/Unmarshal.c | 122 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 122 insertions(+)
diff --git a/src/tpm2/Unmarshal.c b/src/tpm2/Unmarshal.c
index bac7d76..c839a68 100644
--- a/src/tpm2/Unmarshal.c
+++ b/src/tpm2/Unmarshal.c
@@ -165,6 +165,7 @@ TPM_RC
TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_GENERATED orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT32_Unmarshal(target, buffer, size);
@@ -172,6 +173,7 @@ TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (*target != TPM_GENERATED_VALUE) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -197,6 +199,7 @@ TPM_RC
TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_ECC_CURVE orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT16_Unmarshal(target, buffer, size);
@@ -215,6 +218,7 @@ TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_CURVE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -240,6 +244,7 @@ TPM_RC
TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_CLOCK_ADJUST orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = INT8_Unmarshal(target, buffer, size);
@@ -256,6 +261,7 @@ TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -267,6 +273,7 @@ TPM_RC
TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_EO orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT16_Unmarshal(target, buffer, size);
@@ -288,6 +295,7 @@ TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -299,6 +307,7 @@ TPM_RC
TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_ST orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT16_Unmarshal(target, buffer, size);
@@ -324,6 +333,7 @@ TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -335,6 +345,7 @@ TPM_RC
TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_SU orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT16_Unmarshal(target, buffer, size);
@@ -346,6 +357,7 @@ TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -357,6 +369,7 @@ TPM_RC
TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_SE orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT8_Unmarshal(target, buffer, size);
@@ -369,6 +382,7 @@ TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -380,6 +394,7 @@ TPM_RC
TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_CAP orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT32_Unmarshal(target, buffer, size);
@@ -400,6 +415,7 @@ TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -450,6 +466,7 @@ TPM_RC
TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMA_ALGORITHM orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */
@@ -457,6 +474,7 @@ TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (*target & TPMA_ALGORITHM_reserved) {
rc = TPM_RC_RESERVED_BITS;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -468,6 +486,7 @@ TPM_RC
TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMA_OBJECT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */
@@ -475,6 +494,7 @@ TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (*target & TPMA_OBJECT_reserved) {
rc = TPM_RC_RESERVED_BITS;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -486,6 +506,7 @@ TPM_RC
TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMA_SESSION orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT8_Unmarshal((UINT8 *)target, buffer, size); /* libtpms changed */
@@ -493,6 +514,7 @@ TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (*target & TPMA_SESSION_reserved) {
rc = TPM_RC_RESERVED_BITS;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -517,6 +539,7 @@ TPM_RC
TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMA_CC orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */
@@ -524,6 +547,7 @@ TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (*target & TPMA_CC_reserved) {
rc = TPM_RC_RESERVED_BITS;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -535,6 +559,7 @@ TPM_RC
TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_YES_NO orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT8_Unmarshal(target, buffer, size);
@@ -546,6 +571,7 @@ TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -557,6 +583,7 @@ TPM_RC
TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_OBJECT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -569,6 +596,7 @@ TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOO
isNotPersistent &&
isNotLegalNull) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -580,6 +608,7 @@ TPM_RC
TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_PARENT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -598,6 +627,7 @@ TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOO
isNotEndorsement &&
isNotLegalNull) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -609,6 +639,7 @@ TPM_RC
TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_PERSISTENT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -617,6 +648,7 @@ TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *s
BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST);
if (isNotPersistent) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -628,6 +660,7 @@ TPM_RC
TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_ENTITY orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -654,6 +687,7 @@ TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOO
isNotAuth &&
isNotLegalNull) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -665,6 +699,7 @@ TPM_RC
TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_PCR orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -675,6 +710,7 @@ TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allo
if (isNotPcr &&
isNotLegalNull) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -686,6 +722,7 @@ TPM_RC
TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL allowPwd)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_SH_AUTH_SESSION orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -698,6 +735,7 @@ TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT3
isNotPolicySession &&
isNotLegalPwd) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -709,6 +747,7 @@ TPM_RC
TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_SH_HMAC orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -717,6 +756,7 @@ TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size)
BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST);
if (isNotHmacSession) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -728,6 +768,7 @@ TPM_RC
TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_SH_POLICY orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -736,6 +777,7 @@ TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size)
BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST);
if (isNotPolicySession) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -747,6 +789,7 @@ TPM_RC
TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_CONTEXT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -759,6 +802,7 @@ TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size)
isNotPolicySession &&
isNotTransient) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -770,6 +814,7 @@ TPM_RC
TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_DH_SAVED orig_target = *target; // libtpms added
allowNull = allowNull;
if (rc == TPM_RC_SUCCESS) {
@@ -787,6 +832,7 @@ TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size, BOOL
isNotSequenceObject &&
isNotTransientStClear) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -798,6 +844,7 @@ TPM_RC
TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_HIERARCHY orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -814,6 +861,7 @@ TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *siz
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -825,6 +873,7 @@ TPM_RC
TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_ENABLES orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -842,6 +891,7 @@ TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, B
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -853,6 +903,7 @@ TPM_RC
TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_HIERARCHY_AUTH orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -866,6 +917,7 @@ TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer,
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -877,6 +929,7 @@ TPM_RC
TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_PLATFORM orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -887,6 +940,7 @@ TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -898,6 +952,7 @@ TPM_RC
TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_ENDORSEMENT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -912,6 +967,7 @@ TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -923,6 +979,7 @@ TPM_RC
TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_PROVISION orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -934,6 +991,7 @@ TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *siz
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -945,6 +1003,7 @@ TPM_RC
TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_CLEAR orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -956,6 +1015,7 @@ TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -967,6 +1027,7 @@ TPM_RC
TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_NV_AUTH orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -981,6 +1042,7 @@ TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size)
BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST);
if (isNotNv) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
}
@@ -994,6 +1056,7 @@ TPM_RC
TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_LOCKOUT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -1004,6 +1067,7 @@ TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1015,6 +1079,7 @@ TPM_RC
TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RH_NV_INDEX orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_HANDLE_Unmarshal(target, buffer, size);
@@ -1023,6 +1088,7 @@ TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size)
BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST);
if (isNotNv) {
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1034,6 +1100,7 @@ TPM_RC
TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_HASH orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1062,6 +1129,7 @@ TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL
}
default:
rc = TPM_RC_HASH;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1073,6 +1141,7 @@ TPM_RC
TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_SYM orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1101,6 +1170,7 @@ TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL al
}
default:
rc = TPM_RC_SYMMETRIC;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1112,6 +1182,7 @@ TPM_RC
TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_SYM_OBJECT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1137,6 +1208,7 @@ TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_SYMMETRIC;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1148,6 +1220,7 @@ TPM_RC
TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_SYM_MODE orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1179,6 +1252,7 @@ TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *siz
}
default:
rc = TPM_RC_MODE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1190,6 +1264,7 @@ TPM_RC
TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_KDF orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1215,6 +1290,7 @@ TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL al
}
default:
rc = TPM_RC_KDF;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1226,6 +1302,7 @@ TPM_RC
TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_SIG_SCHEME orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1260,6 +1337,7 @@ TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_SCHEME;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1271,6 +1349,7 @@ TPM_RC
TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ECC_KEY_EXCHANGE orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1293,6 +1372,7 @@ TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, IN
}
default:
rc = TPM_RC_SCHEME;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1305,6 +1385,7 @@ TPM_RC
TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ST_COMMAND_TAG orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ST_Unmarshal(target, buffer, size);
@@ -1316,6 +1397,7 @@ TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32
break;
default:
rc = TPM_RC_BAD_TAG;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1327,6 +1409,7 @@ TPM_RC
TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_MAC_SCHEME orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1358,6 +1441,7 @@ TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_SYMMETRIC;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1369,6 +1453,7 @@ TPM_RC
TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE*target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_CIPHER_MODE orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -1397,6 +1482,7 @@ TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE*target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_MODE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -1633,6 +1719,7 @@ TPM_RC
TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_ST orig_tag = target->tag; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ST_Unmarshal(&target->tag, buffer, size);
@@ -1640,6 +1727,7 @@ TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->tag != TPM_ST_CREATION) {
rc = TPM_RC_TAG;
+ target->tag = orig_tag; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1657,6 +1745,7 @@ TPM_RC
TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_ST orig_tag = target->tag; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ST_Unmarshal(&target->tag, buffer, size);
@@ -1664,6 +1753,7 @@ TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (target->tag != TPM_ST_VERIFIED) {
rc = TPM_RC_TAG;
+ target->tag = orig_tag; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1681,6 +1771,7 @@ TPM_RC
TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_ST orig_tag = target->tag; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ST_Unmarshal(&target->tag, buffer, size);
@@ -1689,6 +1780,7 @@ TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size)
if ((target->tag != TPM_ST_AUTH_SIGNED) &&
(target->tag != TPM_ST_AUTH_SECRET)) {
rc = TPM_RC_TAG;
+ target->tag = orig_tag; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -1706,6 +1798,7 @@ TPM_RC
TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPM_ST orig_tag = target->tag; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ST_Unmarshal(&target->tag, buffer, size);
@@ -1713,6 +1806,7 @@ TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *siz
if (rc == TPM_RC_SUCCESS) {
if (target->tag != TPM_ST_HASHCHECK) {
rc = TPM_RC_TAG;
+ target->tag = orig_tag; // libtpms added
}
}
if (rc == TPM_RC_SUCCESS) {
@@ -2303,6 +2397,7 @@ TPM_RC
TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ST_ATTEST orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ST_Unmarshal(target, buffer, size);
@@ -2319,6 +2414,7 @@ TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_SELECTOR;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -2413,6 +2509,7 @@ TPM_RC
TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_AES_KEY_BITS orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_KEY_BITS_Unmarshal(target, buffer, size);
@@ -2424,6 +2521,7 @@ TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *siz
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -2435,6 +2533,7 @@ TPM_RC
TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_CAMELLIA_KEY_BITS orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_KEY_BITS_Unmarshal(target, buffer, size);
@@ -2445,6 +2544,7 @@ TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer,
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -2456,6 +2556,7 @@ TPM_RC
TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_SM4_KEY_BITS orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_KEY_BITS_Unmarshal(target, buffer, size);
@@ -2466,6 +2567,7 @@ TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *siz
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -2477,6 +2579,7 @@ TPM_RC
TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_SM4_KEY_BITS orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_KEY_BITS_Unmarshal(target, buffer, size);
@@ -2488,6 +2591,7 @@ TPMI_TDES_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *si
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -2760,6 +2864,7 @@ TPM_RC
TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_KEYEDHASH_SCHEME orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -2779,6 +2884,7 @@ TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **bu
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3163,6 +3269,7 @@ TPM_RC
TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_ASYM_SCHEME orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -3206,6 +3313,7 @@ TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT3
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3284,6 +3392,7 @@ TPM_RC
TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_RSA_SCHEME orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -3309,6 +3418,7 @@ TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3336,6 +3446,7 @@ TPM_RC
TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_RSA_DECRYPT orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -3355,6 +3466,7 @@ TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT3
}
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3395,6 +3507,7 @@ TPM_RC
TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_RSA_KEY_BITS orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_KEY_BITS_Unmarshal(target, buffer, size);
@@ -3406,6 +3519,7 @@ TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *siz
break;
default:
rc = TPM_RC_VALUE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3490,6 +3604,7 @@ TPM_RC
TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_ECC_SCHEME orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -3521,6 +3636,7 @@ TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32
}
default:
rc = TPM_RC_SCHEME;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3532,6 +3648,7 @@ TPM_RC
TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ECC_CURVE orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ECC_CURVE_Unmarshal(target, buffer, size);
@@ -3568,6 +3685,7 @@ TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_CURVE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -3782,6 +3900,7 @@ TPM_RC
TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMI_ALG_PUBLIC orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = TPM_ALG_ID_Unmarshal(target, buffer, size);
@@ -3803,6 +3922,7 @@ TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size)
break;
default:
rc = TPM_RC_TYPE;
+ *target = orig_target; // libtpms added
}
}
return rc;
@@ -4137,6 +4257,7 @@ TPM_RC
TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size)
{
TPM_RC rc = TPM_RC_SUCCESS;
+ TPMA_NV orig_target = *target; // libtpms added
if (rc == TPM_RC_SUCCESS) {
rc = UINT32_Unmarshal((UINT32 *)target, buffer, size); /* libtpms changed */
@@ -4144,6 +4265,7 @@ TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size)
if (rc == TPM_RC_SUCCESS) {
if (*target & TPMA_NV_RESERVED) {
rc = TPM_RC_RESERVED_BITS;
+ *target = orig_target; // libtpms added
}
}
return rc;
--
2.27.0

172
tpm2-rev155-Add-new-RsaAdjustPrimeCandidate-code.patch
View File

@ -1,172 +0,0 @@
From b4ff6345a6b1533f907ed1922d884acae62d2501 Mon Sep 17 00:00:00 2001
From: jiangfangjie 00559066 <jiangfangjie@huawei.com>
Date: Tue, 11 May 2021 11:52:44 +0800
Subject: [PATCH 4/7] tpm2: rev155: Add new RsaAdjustPrimeCandidate code but
do not use
Add in the new RsaAdjustPrimeCandidate() function but do not use it
so far since it creates slightly different primes than the previous
code and we would get different derived keys if we were to use it with
'old' seeds.
Adjust the code to return the same results for 64 bit and 32 bit machines.
---
src/tpm2/crypto/openssl/CryptPrime.c | 110 ++++++++++++++++++++++-----
1 file changed, 89 insertions(+), 21 deletions(-)
diff --git a/src/tpm2/crypto/openssl/CryptPrime.c b/src/tpm2/crypto/openssl/CryptPrime.c
index 662c762..9a5ee7d 100644
--- a/src/tpm2/crypto/openssl/CryptPrime.c
+++ b/src/tpm2/crypto/openssl/CryptPrime.c
@@ -3,7 +3,7 @@
/* Code for prime validation. */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
-/* $Id: CryptPrime.c 1262 2018-07-11 21:03:43Z kgoldman $ */
+/* $Id: CryptPrime.c 1476 2019-06-10 19:32:03Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
@@ -55,7 +55,7 @@
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
-/* (c) Copyright IBM Corp. and others, 2016 - 2018 */
+/* (c) Copyright IBM Corp. and others, 2016 - 2019 */
/* */
/********************************************************************************/
@@ -292,19 +292,14 @@ RsaCheckPrime(
return PrimeSelectWithSieve(prime, exponent, rand);
#endif
}
-/* 10.2.16.1.7 AdjustPrimeCandiate() */
-/* This function adjusts the candidate prime so that it is odd and > root(2)/2. This allows the
- product of these two numbers to be .5, which, in fixed point notation means that the most
- significant bit is 1. For this routine, the root(2)/2 is approximated with 0xB505 which is, in
- fixed point is 0.7071075439453125 or an error of 0.0001%. Just setting the upper two bits would
- give a value > 0.75 which is an error of > 6%. Given the amount of time all the other
- computations take, reducing the error is not much of a cost, but it isn't totally required
- either. */
-/* The function also puts the number on a field boundary. */
-LIB_EXPORT void
-RsaAdjustPrimeCandidate(
- bigNum prime
- )
+/*
+ * RsaAdjustPrimeCandidate_PreRev155 is the pre-rev.155 algorithm used; we
+ * still have to use it for old seeds to maintain backwards compatibility.
+ */
+static void
+RsaAdjustPrimeCandidate_PreRev155(
+ bigNum prime
+ )
{
UINT16 highBytes;
crypt_uword_t *msw = &prime->d[prime->size - 1];
@@ -316,14 +311,74 @@ RsaAdjustPrimeCandidate(
*msw = ((crypt_uword_t)(highBytes) << (RADIX_BITS - 16)) + (*msw & MASK);
prime->d[0] |= 1;
}
-/* 10.2.16.1.8 BnGeneratePrimeForRSA() */
+
+/* 10.2.14.1.7 RsaAdjustPrimeCandidate() */
+
+/* For this math, we assume that the RSA numbers are fixed-point numbers with the decimal point to
+ the left of the most significant bit. This approach helps make it clear what is happening with
+ the MSb of the values. The two RSA primes have to be large enough so that their product will be a
+ number with the necessary number of significant bits. For example, we want to be able to multiply
+ two 1024-bit numbers to produce a number with 2028 significant bits. If we accept any 1024-bit
+ prime that has its MSb set, then it is possible to produce a product that does not have the MSb
+ SET. For example, if we use tiny keys of 16 bits and have two 8-bit primes of 0x80, then the
+ public key would be 0x4000 which is only 15-bits. So, what we need to do is made sure that each
+ of the primes is large enough so that the product of the primes is twice as large as each
+ prime. A little arithmetic will show that the only way to do this is to make sure that each of
+ the primes is no less than root(2)/2. That's what this functions does. This function adjusts the
+ candidate prime so that it is odd and >= root(2)/2. This allows the product of these two numbers
+ to be .5, which, in fixed point notation means that the most significant bit is 1. For this
+ routine, the root(2)/2 (0.7071067811865475) approximated with 0xB505 which is, in fixed point,
+ 0.7071075439453125 or an error of 0.000108%. Just setting the upper two bits would give a value >
+ 0.75 which is an error of > 6%. Given the amount of time all the other computations take,
+ reducing the error is not much of a cost, but it isn't totally required either. */
+/* This function can be replaced with a function that just sets the two most significant bits of
+ each prime candidate without introducing any computational issues. */
+
+static void
+RsaAdjustPrimeCandidate_New(
+ bigNum prime
+ )
+{
+ UINT32 msw;
+ UINT32 adjusted;
+
+ // If the radix is 32, the compiler should turn this into a simple assignment
+ msw = prime->d[prime->size - 1] >> ((RADIX_BITS == 64) ? 32 : 0);
+ // Multiplying 0xff...f by 0x4AFB gives 0xff..f - 0xB5050...0
+ adjusted = (msw >> 16) * 0x4AFB;
+ adjusted += ((msw & 0xFFFF) * 0x4AFB) >> 16;
+ adjusted += 0xB5050000UL;
+#if RADIX_BITS == 64
+ // Save the low-order 32 bits
+ prime->d[prime->size - 1] &= 0xFFFFFFFFUL;
+ // replace the upper 32-bits
+ prime->d[prime->size -1] |= ((crypt_uword_t)adjusted << 32);
+#else
+ prime->d[prime->size - 1] = (crypt_uword_t)adjusted;
+#endif
+ // make sure the number is odd
+ prime->d[0] |= 1;
+}
+LIB_EXPORT void
+RsaAdjustPrimeCandidate(
+ bigNum prime
+ )
+{
+ if (1)
+ RsaAdjustPrimeCandidate_PreRev155(prime);
+ else
+ RsaAdjustPrimeCandidate_New(prime);
+}
+/* 10.2.14.1.8 BnGeneratePrimeForRSA() */
+
/* Function to generate a prime of the desired size with the proper attributes for an RSA prime. */
void
BnGeneratePrimeForRSA(
- bigNum prime,
- UINT32 bits,
- UINT32 exponent,
- RAND_STATE *rand
+ bigNum prime, // IN/OUT: points to the BN that will get the
+ // random value
+ UINT32 bits, // IN: number of bits to get
+ UINT32 exponent, // IN: the exponent
+ RAND_STATE *rand // IN: the random state
)
{
BOOL found = FALSE;
@@ -335,8 +390,21 @@ BnGeneratePrimeForRSA(
prime->size = BITS_TO_CRYPT_WORDS(bits);
while(!found)
{
- DRBG_Generate(rand, (BYTE *)prime->d, (UINT16)BITS_TO_BYTES(bits));
+ // The change below is to make sure that all keys that are generated from the same
+ // seed value will be the same regardless of the endianess or word size of the CPU.
+ // DRBG_Generate(rand, (BYTE *)prime->d, (UINT16)BITS_TO_BYTES(bits));// old
+ // if(g_inFailureMode) // old
+ // libtpms changed begin
+ if (1) {
+ DRBG_Generate(rand, (BYTE *)prime->d, (UINT16)BITS_TO_BYTES(bits));
+ if (g_inFailureMode)
+ return;
+ } else {
+ if(!BnGetRandomBits(prime, bits, rand)) // new
+ return;
+ }
RsaAdjustPrimeCandidate(prime);
+ // libtpms changed end
found = RsaCheckPrime(prime, exponent, rand) == TPM_RC_SUCCESS;
}
}
--
2.21.0.windows.1