46 lines
1.5 KiB
Diff
46 lines
1.5 KiB
Diff
From 7a56b84b5990b07efd30b5bf79331c74d28df954 Mon Sep 17 00:00:00 2001
|
|
From: Imran Desai <imran.desai@intel.com>
|
|
Date: Mon, 22 Mar 2021 16:43:36 -0700
|
|
Subject: [PATCH 3/4] esys_iutil.c: Fix issue where nonceTPM was included twice
|
|
in hmac
|
|
|
|
Fixes #2037
|
|
|
|
TPM2.0 Architecture 19.6.5 Note 7
|
|
|
|
If the same session (not the first session) is used for decrypt and
|
|
encrypt, its nonceTPM is only used once. If different sessions are
|
|
used for decrypt and encrypt, both nonceTPMs are included.
|
|
|
|
Signed-off-by: Imran Desai <imran.desai@intel.com>
|
|
---
|
|
src/tss2-esys/esys_iutil.c | 12 ++++++++++++
|
|
1 file changed, 12 insertions(+)
|
|
|
|
diff --git a/src/tss2-esys/esys_iutil.c b/src/tss2-esys/esys_iutil.c
|
|
index 08a9b7df..1910c570 100644
|
|
--- a/src/tss2-esys/esys_iutil.c
|
|
+++ b/src/tss2-esys/esys_iutil.c
|
|
@@ -1265,6 +1265,18 @@ iesys_gen_auths(ESYS_CONTEXT * esys_context,
|
|
&encryptNonce);
|
|
return_if_error(r, "More than one crypt session");
|
|
|
|
+ /*
|
|
+ * TPM2.0 Architecture 19.6.5 Note 7
|
|
+ *
|
|
+ * If the same session (not the first session) is used for decrypt and
|
|
+ * encrypt, its nonceTPM is only used once. If different sessions are used
|
|
+ * for decrypt and encrypt, both nonceTPMs are included
|
|
+ */
|
|
+ if (decryptNonceIdx && (decryptNonceIdx == encryptNonceIdx)) {
|
|
+ decryptNonceIdx = 0;
|
|
+ }
|
|
+
|
|
+
|
|
/* Compute cp hash values for command buffer for all used algorithms */
|
|
|
|
r = iesys_compute_cp_hashtab(esys_context,
|
|
--
|
|
2.41.0
|
|
|