import tss2-1.6.0-7.el9
This commit is contained in:
parent
27dc80db8b
commit
90e0118635
37
SOURCES/0001-tss-Add-missing-parameter-union-members.patch
Normal file
37
SOURCES/0001-tss-Add-missing-parameter-union-members.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From 8e8c6777847825c5067b171c2e4ac8b33fe0d6bc Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?=
|
||||||
|
<shoracek@redhat.com>
|
||||||
|
Date: Sun, 1 May 2022 19:33:02 +0200
|
||||||
|
Subject: [PATCH 1/4] tss: Add missing parameter union members
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
|
||||||
|
---
|
||||||
|
utils/ibmtss/Parameters.h | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/utils/ibmtss/Parameters.h b/utils/ibmtss/Parameters.h
|
||||||
|
index 98a04ff..5b6c29a 100644
|
||||||
|
--- a/utils/ibmtss/Parameters.h
|
||||||
|
+++ b/utils/ibmtss/Parameters.h
|
||||||
|
@@ -182,6 +182,7 @@
|
||||||
|
typedef union {
|
||||||
|
ActivateCredential_In ActivateCredential;
|
||||||
|
CertifyCreation_In CertifyCreation;
|
||||||
|
+ CertifyX509_In CertifyX509;
|
||||||
|
Certify_In Certify;
|
||||||
|
ChangeEPS_In ChangeEPS;
|
||||||
|
ChangePPS_In ChangePPS;
|
||||||
|
@@ -313,6 +314,7 @@ typedef union
|
||||||
|
{
|
||||||
|
ActivateCredential_Out ActivateCredential;
|
||||||
|
CertifyCreation_Out CertifyCreation;
|
||||||
|
+ CertifyX509_Out CertifyX509;
|
||||||
|
Certify_Out Certify;
|
||||||
|
Commit_Out Commit;
|
||||||
|
ContextLoad_Out ContextLoad;
|
||||||
|
--
|
||||||
|
2.34.3
|
||||||
|
|
@ -1,14 +1,14 @@
|
|||||||
From 14ccbe9112e21fe62d5cbbbebeae71ec38b77e4a Mon Sep 17 00:00:00 2001
|
From 3e4c744cf09d43aba0ae9381c1527263e39a7c70 Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?=
|
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?=
|
||||||
<shoracek@redhat.com>
|
<shoracek@redhat.com>
|
||||||
Date: Thu, 17 Feb 2022 16:29:39 +0100
|
Date: Mon, 18 Apr 2022 23:51:02 +0200
|
||||||
Subject: [PATCH 2/4] Update SHA-1 to SHA-256 in tests without restricting the
|
Subject: [PATCH 2/4] regtest: Update to SHA-256 without restricting the scope
|
||||||
scope
|
|
||||||
MIME-Version: 1.0
|
MIME-Version: 1.0
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
|
Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
|
||||||
---
|
---
|
||||||
utils/policies/policycountertimer.bin | Bin 20 -> 32 bytes
|
utils/policies/policycountertimer.bin | Bin 20 -> 32 bytes
|
||||||
utils/policies/policycphash.bin | Bin 20 -> 32 bytes
|
utils/policies/policycphash.bin | Bin 20 -> 32 bytes
|
||||||
@ -596,5 +596,5 @@ index edfa014..8a99bbf 100755
|
|||||||
|
|
||||||
echo "Flush the ECC ${CURVE} signing key"
|
echo "Flush the ECC ${CURVE} signing key"
|
||||||
--
|
--
|
||||||
2.34.1
|
2.34.3
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
907
SOURCES/0003-tss-Restrict-usage-of-SHA-1.patch
Normal file
907
SOURCES/0003-tss-Restrict-usage-of-SHA-1.patch
Normal file
@ -0,0 +1,907 @@
|
|||||||
|
From 163843248ce6bb85fa5a3527f93610328877a1cf Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?=
|
||||||
|
<shoracek@redhat.com>
|
||||||
|
Date: Sat, 30 Apr 2022 22:15:43 +0200
|
||||||
|
Subject: [PATCH 3/4] tss: Restrict usage of SHA-1
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Due to SHA-1 not being considered secure, it should be not used for
|
||||||
|
cryptographical purposes. This commit disables the usage of SHA-1 in
|
||||||
|
cases where it is used in potentially exploitable situations, most
|
||||||
|
notably for creating signatures.
|
||||||
|
|
||||||
|
- Compared to the next branch commit af3154e2, changes related to
|
||||||
|
unimplemented ECC functionality are ommited.
|
||||||
|
|
||||||
|
Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
---
|
||||||
|
configure.ac | 24 +-
|
||||||
|
utils/Makefile.am | 16 +-
|
||||||
|
utils/cryptoutils.c | 4 +
|
||||||
|
utils/reg.sh | 20 +-
|
||||||
|
utils/regtests/testattest.sh | 3 +-
|
||||||
|
utils/regtests/testevent.sh | 2 +-
|
||||||
|
utils/tss20.c | 638 ++++++++++++++++++++++++++++-------
|
||||||
|
utils/tsscryptoh.c | 9 +-
|
||||||
|
8 files changed, 582 insertions(+), 134 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index ad870b1..c570cb0 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -123,6 +123,11 @@ AC_ARG_ENABLE(rmtpm,
|
||||||
|
AM_CONDITIONAL([CONFIG_RMTPM], [test "x$enable_rmtpm" = "xyes"])
|
||||||
|
AS_IF([test "$enable_rmtpm" != "yes"], [enable_rmtpm="no"])
|
||||||
|
|
||||||
|
+AC_ARG_ENABLE(nodeprecatedalgs,
|
||||||
|
+ AS_HELP_STRING([--enable-nodeprecatedalgs], [Restrict usage of SHA-1]))
|
||||||
|
+ AM_CONDITIONAL([CONFIG_TSS_NODEPRECATEDALGS], [test "x$enable_nodeprecatedalgs" = "xyes"])
|
||||||
|
+ AS_IF([test "$enable_nodeprecatedalgs" != "yes"], [enable_nodeprecatedalgs="no"])
|
||||||
|
+
|
||||||
|
AC_CONFIG_FILES([Makefile
|
||||||
|
utils/Makefile
|
||||||
|
utils12/Makefile
|
||||||
|
@@ -131,12 +136,13 @@ AC_OUTPUT
|
||||||
|
|
||||||
|
# Give some feedback
|
||||||
|
echo "Configuration:"
|
||||||
|
-echo " CFLAGS: $CFLAGS"
|
||||||
|
-echo " tpm12: $tpm12"
|
||||||
|
-echo " tpm20: $tpm20"
|
||||||
|
-echo " hwtpm: $enable_hwtpm"
|
||||||
|
-echo " rmtpm: $enable_rmtpm"
|
||||||
|
-echo " nofile: $enable_nofile"
|
||||||
|
-echo " noprint: $enable_noprint"
|
||||||
|
-echo " nocrypto: $enable_nocrypto"
|
||||||
|
-echo " noecc: $enable_noecc"
|
||||||
|
+echo " CFLAGS: $CFLAGS"
|
||||||
|
+echo " tpm12: $tpm12"
|
||||||
|
+echo " tpm20: $tpm20"
|
||||||
|
+echo " hwtpm: $enable_hwtpm"
|
||||||
|
+echo " rmtpm: $enable_rmtpm"
|
||||||
|
+echo " nofile: $enable_nofile"
|
||||||
|
+echo " noprint: $enable_noprint"
|
||||||
|
+echo " nocrypto: $enable_nocrypto"
|
||||||
|
+echo " noecc: $enable_noecc"
|
||||||
|
+echo " nodeprecatedalgs: $enable_nodeprecatedalgs"
|
||||||
|
diff --git a/utils/Makefile.am b/utils/Makefile.am
|
||||||
|
index d3af94e..53c53d9 100755
|
||||||
|
--- a/utils/Makefile.am
|
||||||
|
+++ b/utils/Makefile.am
|
||||||
|
@@ -60,6 +60,10 @@ if CONFIG_TSS_NOECC
|
||||||
|
libibmtss_la_CFLAGS += -DTPM_TSS_NOECC
|
||||||
|
endif
|
||||||
|
|
||||||
|
+if CONFIG_TSS_NODEPRECATEDALGS
|
||||||
|
+libibmtss_la_CFLAGS += -DTPM_TSS_NODEPRECATEDALGS
|
||||||
|
+endif
|
||||||
|
+
|
||||||
|
libibmtss_la_CCFLAGS = -Wall -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wformat=2 -Wold-style-definition -Wno-self-assign -ggdb
|
||||||
|
libibmtss_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@
|
||||||
|
|
||||||
|
@@ -78,6 +82,10 @@ if CONFIG_TSS_NOECC
|
||||||
|
libibmtssutils_la_CFLAGS += -DTPM_TSS_NOECC
|
||||||
|
endif
|
||||||
|
|
||||||
|
+if CONFIG_TSS_NODEPRECATEDALGS
|
||||||
|
+libibmtssutils_la_CFLAGS += -DTPM_TSS_NODEPRECATEDALGS
|
||||||
|
+endif
|
||||||
|
+
|
||||||
|
#current[:revision[:age]]
|
||||||
|
#result: [current-age].age.revision
|
||||||
|
libibmtssutils_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@
|
||||||
|
@@ -115,8 +123,14 @@ bin_PROGRAMS = activatecredential eventextend imaextend certify certifycreation
|
||||||
|
verifysignature zgen2phase signapp writeapp timepacket createek createekcert tpm2pem tpmpublic2eccpoint \
|
||||||
|
ntc2getconfig ntc2preconfig ntc2lockconfig publicname tpmcmd printattr
|
||||||
|
|
||||||
|
+UTILS_CFLAGS =
|
||||||
|
+
|
||||||
|
if CONFIG_TSS_NOECC
|
||||||
|
-UTILS_CFLAGS = -DTPM_TSS_NOECC
|
||||||
|
+UTILS_CFLAGS += -DTPM_TSS_NOECC
|
||||||
|
+endif
|
||||||
|
+
|
||||||
|
+if CONFIG_TSS_NODEPRECATEDALGS
|
||||||
|
+UTILS_CFLAGS += -DTPM_TSS_NODEPRECATEDALGS
|
||||||
|
endif
|
||||||
|
|
||||||
|
activatecredential_SOURCES = activatecredential.c
|
||||||
|
diff --git a/utils/cryptoutils.c b/utils/cryptoutils.c
|
||||||
|
index 7c4e931..9ac77a1 100644
|
||||||
|
--- a/utils/cryptoutils.c
|
||||||
|
+++ b/utils/cryptoutils.c
|
||||||
|
@@ -1834,9 +1834,11 @@ TPM_RC signRSAFromRSA(uint8_t *signature, size_t *signatureLength,
|
||||||
|
/* map the hash algorithm to the openssl NID */
|
||||||
|
if (rc == 0) {
|
||||||
|
switch (hashAlg) {
|
||||||
|
+#ifndef TPM_TSS_NODEPRECATEDALGS
|
||||||
|
case TPM_ALG_SHA1:
|
||||||
|
nid = NID_sha1;
|
||||||
|
break;
|
||||||
|
+#endif
|
||||||
|
case TPM_ALG_SHA256:
|
||||||
|
nid = NID_sha256;
|
||||||
|
break;
|
||||||
|
@@ -1896,10 +1898,12 @@ TPM_RC verifyRSASignatureFromRSA(unsigned char *message,
|
||||||
|
/* map from hash algorithm to openssl nid */
|
||||||
|
if (rc == 0) {
|
||||||
|
switch (halg) {
|
||||||
|
+#ifndef TPM_TSS_NODEPRECATEDALGS
|
||||||
|
case TPM_ALG_SHA1:
|
||||||
|
nid = NID_sha1;
|
||||||
|
md = EVP_sha1();
|
||||||
|
break;
|
||||||
|
+#endif
|
||||||
|
case TPM_ALG_SHA256:
|
||||||
|
nid = NID_sha256;
|
||||||
|
md = EVP_sha256();
|
||||||
|
diff --git a/utils/reg.sh b/utils/reg.sh
|
||||||
|
index 2d9d100..02d7d5f 100755
|
||||||
|
--- a/utils/reg.sh
|
||||||
|
+++ b/utils/reg.sh
|
||||||
|
@@ -69,12 +69,20 @@ PREFIX=./
|
||||||
|
|
||||||
|
#PREFIX="valgrind ./"
|
||||||
|
|
||||||
|
-# hash algorithms to be used for testing
|
||||||
|
-
|
||||||
|
-export ITERATE_ALGS="sha1 sha256 sha384 sha512"
|
||||||
|
-export ITERATE_ALGS_SIZES="20 32 48 64"
|
||||||
|
-export ITERATE_ALGS_COUNT=4
|
||||||
|
-export BAD_ITERATE_ALGS="sha256 sha384 sha512 sha1"
|
||||||
|
+# Hash algorithms to be used for testing. Uncomment or set shell env variable to restrict.
|
||||||
|
+# export TPM_TSS_NODEPRECATEDALGS=1
|
||||||
|
+if [ "${TPM_TSS_NODEPRECATEDALGS}" ]; then
|
||||||
|
+ export ITERATE_ALGS="sha256 sha384 sha512"
|
||||||
|
+ export ITERATE_ALGS_SIZES="32 48 64"
|
||||||
|
+ export ITERATE_ALGS_COUNT=3
|
||||||
|
+ export BAD_ITERATE_ALGS="sha384 sha512 sha256"
|
||||||
|
+else
|
||||||
|
+ export ITERATE_ALGS="sha1 sha256 sha384 sha512"
|
||||||
|
+ export ITERATE_ALGS_SIZES="20 32 48 64"
|
||||||
|
+ export ITERATE_ALGS_COUNT=4
|
||||||
|
+ export BAD_ITERATE_ALGS="sha256 sha384 sha512 sha1"
|
||||||
|
+fi
|
||||||
|
+export ITERATE_ALGS_WITH_SHA1="sha1 sha256 sha384 sha512"
|
||||||
|
|
||||||
|
printUsage ()
|
||||||
|
{
|
||||||
|
diff --git a/utils/regtests/testattest.sh b/utils/regtests/testattest.sh
|
||||||
|
index 2dacf88..4766554 100755
|
||||||
|
--- a/utils/regtests/testattest.sh
|
||||||
|
+++ b/utils/regtests/testattest.sh
|
||||||
|
@@ -381,9 +381,8 @@ echo ""
|
||||||
|
|
||||||
|
for HALG in ${ITERATE_ALGS}
|
||||||
|
do
|
||||||
|
-
|
||||||
|
echo "Start an audit session ${HALG}"
|
||||||
|
- ${PREFIX}startauthsession -se h -halg ${HALG} > run.out
|
||||||
|
+ ${PREFIX}startauthsession -se h -halg ${HALG} > run.out
|
||||||
|
checkSuccess $?
|
||||||
|
|
||||||
|
echo "PCR 16 reset"
|
||||||
|
diff --git a/utils/regtests/testevent.sh b/utils/regtests/testevent.sh
|
||||||
|
index 6336920..57a96d2 100755
|
||||||
|
--- a/utils/regtests/testevent.sh
|
||||||
|
+++ b/utils/regtests/testevent.sh
|
||||||
|
@@ -62,7 +62,7 @@ echo ""
|
||||||
|
|
||||||
|
for TYPE in "1" "2"
|
||||||
|
do
|
||||||
|
- for HALG in ${ITERATE_ALGS}
|
||||||
|
+ for HALG in ${ITERATE_ALGS_WITH_SHA1}
|
||||||
|
do
|
||||||
|
|
||||||
|
echo "Power cycle to reset IMA PCR"
|
||||||
|
diff --git a/utils/tss20.c b/utils/tss20.c
|
||||||
|
index c778069..6b1e79b 100644
|
||||||
|
--- a/utils/tss20.c
|
||||||
|
+++ b/utils/tss20.c
|
||||||
|
@@ -112,6 +112,7 @@ struct TSS_HMAC_CONTEXT {
|
||||||
|
|
||||||
|
/* functions for command pre- and post- processing */
|
||||||
|
|
||||||
|
+typedef TPM_RC (*TSS_CheckParametersFunction_t)(COMMAND_PARAMETERS *in);
|
||||||
|
typedef TPM_RC (*TSS_PreProcessFunction_t)(TSS_CONTEXT *tssContext,
|
||||||
|
COMMAND_PARAMETERS *in,
|
||||||
|
EXTRA_PARAMETERS *extra);
|
||||||
|
@@ -238,11 +239,378 @@ static TPM_RC TSS_PO_NV_ReadLock(TSS_CONTEXT *tssContext,
|
||||||
|
void *out,
|
||||||
|
void *extra);
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ Functions to check for usage of deprecated algorithms.
|
||||||
|
+*/
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CheckSha1_PublicArea(TPMT_PUBLIC *publicArea)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (publicArea->nameAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (((publicArea->type == TPM_ALG_RSA) || (publicArea->type == TPM_ALG_ECC)) &&
|
||||||
|
+ (publicArea->parameters.asymDetail.scheme.scheme != TPM_ALG_NULL) &&
|
||||||
|
+ (publicArea->parameters.asymDetail.scheme.details.anySig.hashAlg == TPM_ALG_SHA1)) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CheckSha1_SigScheme(TPMT_SIG_SCHEME *sigScheme)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (sigScheme->details.any.hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_StartAuthSession(StartAuthSession_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->authHash == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Create(Create_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_PublicArea(&in->inPublic.publicArea);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Load(Load_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_PublicArea(&in->inPublic.publicArea);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_LoadExternal(LoadExternal_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_PublicArea(&in->inPublic.publicArea);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_CreateLoaded(CreateLoaded_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+ uint32_t size = sizeof(in->inPublic.t.buffer);
|
||||||
|
+ uint8_t *buffer = in->inPublic.t.buffer;
|
||||||
|
+ TPMT_PUBLIC publicArea;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_TPMT_PUBLIC_Unmarshalu(&publicArea, &buffer, &size, TRUE);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_PublicArea(&publicArea);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Import(Import_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_PublicArea(&in->objectPublic.publicArea);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_RSA_Encrypt(RSA_Encrypt_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->inScheme.details.anySig.hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_RSA_Decrypt(RSA_Decrypt_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->inScheme.details.anySig.hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Hash(Hash_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_HMAC(HMAC_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_HMAC_Start(HMAC_Start_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_HashSequenceStart(HashSequenceStart_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Certify(Certify_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_CertifyX509(CertifyX509_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_CertifyCreation(CertifyCreation_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Quote(Quote_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_GetSessionAuditDigest(GetSessionAuditDigest_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_GetCommandAuditDigest(GetCommandAuditDigest_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_GetTime(GetTime_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_VerifySignature(VerifySignature_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->signature.signature.any.hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_Sign(Sign_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_SetCommandCodeAuditStatus(SetCommandCodeAuditStatus_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->auditAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_PolicySigned(PolicySigned_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->auth.signature.any.hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_CreatePrimary(CreatePrimary_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_PublicArea(&in->inPublic.publicArea);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_SetPrimaryPolicy(SetPrimaryPolicy_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_NV_DefineSpace(NV_DefineSpace_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (in->publicInfo.nvPublic.nameAlg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static TPM_RC TSS_CH_NV_Certify(NV_Certify_In *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
typedef struct TSS_TABLE {
|
||||||
|
- TPM_CC commandCode;
|
||||||
|
- TSS_PreProcessFunction_t preProcessFunction;
|
||||||
|
- TSS_ChangeAuthFunction_t changeAuthFunction;
|
||||||
|
- TSS_PostProcessFunction_t postProcessFunction;
|
||||||
|
+ TPM_CC commandCode;
|
||||||
|
+ TSS_CheckParametersFunction_t checkParametersFunction;
|
||||||
|
+ TSS_PreProcessFunction_t preProcessFunction;
|
||||||
|
+ TSS_ChangeAuthFunction_t changeAuthFunction;
|
||||||
|
+ TSS_PostProcessFunction_t postProcessFunction;
|
||||||
|
} TSS_TABLE;
|
||||||
|
|
||||||
|
/* This table indexes from the command to pre- and post- processing functions. A missing entry is
|
||||||
|
@@ -250,116 +618,116 @@ typedef struct TSS_TABLE {
|
||||||
|
|
||||||
|
static const TSS_TABLE tssTable [] = {
|
||||||
|
|
||||||
|
- {TPM_CC_Startup, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Shutdown, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_SelfTest, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_IncrementalSelfTest, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_GetTestResult, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_StartAuthSession, (TSS_PreProcessFunction_t)TSS_PR_StartAuthSession, NULL, (TSS_PostProcessFunction_t)TSS_PO_StartAuthSession},
|
||||||
|
- {TPM_CC_PolicyRestart, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Create, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Load, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_Load},
|
||||||
|
- {TPM_CC_LoadExternal, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_LoadExternal},
|
||||||
|
- {TPM_CC_ReadPublic, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ReadPublic},
|
||||||
|
- {TPM_CC_ActivateCredential, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_MakeCredential, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Unseal, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ObjectChangeAuth, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_CreateLoaded, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreateLoaded},
|
||||||
|
- {TPM_CC_Duplicate, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Rewrap, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Import, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_RSA_Encrypt, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_RSA_Decrypt, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ECDH_KeyGen, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ECDH_ZGen, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ECC_Parameters, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ZGen_2Phase, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_EncryptDecrypt, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_EncryptDecrypt2, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Hash, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_HMAC, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_GetRandom, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_StirRandom, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_HMAC_Start, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HMAC_Start},
|
||||||
|
- {TPM_CC_HashSequenceStart, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HashSequenceStart},
|
||||||
|
- {TPM_CC_SequenceUpdate, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_SequenceComplete, NULL,NULL, (TSS_PostProcessFunction_t)TSS_PO_SequenceComplete},
|
||||||
|
- {TPM_CC_EventSequenceComplete, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EventSequenceComplete},
|
||||||
|
- {TPM_CC_Certify, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_CertifyX509, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_CertifyCreation, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Quote, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_GetSessionAuditDigest, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_GetCommandAuditDigest, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_GetTime, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Commit, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_EC_Ephemeral, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_VerifySignature, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Sign, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_SetCommandCodeAuditStatus, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_Extend, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_Event, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_Read, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_Allocate, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_SetAuthPolicy, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_SetAuthValue, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PCR_Reset, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicySigned, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicySecret, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyTicket, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyOR, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyPCR, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyLocality, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyNV, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyAuthorizeNV, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyCounterTimer, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyCommandCode, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyPhysicalPresence, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyCpHash, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyNameHash, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyDuplicationSelect, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyAuthorize, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyAuthValue, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyAuthValue},
|
||||||
|
- {TPM_CC_PolicyPassword, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyPassword},
|
||||||
|
- {TPM_CC_PolicyGetDigest, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyNvWritten, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PolicyTemplate, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_CreatePrimary, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreatePrimary},
|
||||||
|
- {TPM_CC_HierarchyControl, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_SetPrimaryPolicy, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ChangePPS, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ChangeEPS, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_Clear, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ClearControl, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_HierarchyChangeAuth, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_HierarchyChangeAuth, NULL},
|
||||||
|
- {TPM_CC_DictionaryAttackLockReset, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_DictionaryAttackParameters, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_PP_Commands, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_SetAlgorithmSet, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ContextSave, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextSave},
|
||||||
|
- {TPM_CC_ContextLoad, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextLoad},
|
||||||
|
- {TPM_CC_FlushContext, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_FlushContext},
|
||||||
|
- {TPM_CC_EvictControl, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EvictControl},
|
||||||
|
- {TPM_CC_ReadClock, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ClockSet, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_ClockRateAdjust, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_GetCapability, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_TestParms, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_NV_DefineSpace, (TSS_PreProcessFunction_t)TSS_PR_NV_DefineSpace, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_DefineSpace},
|
||||||
|
- {TPM_CC_NV_UndefineSpace, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpace},
|
||||||
|
- {TPM_CC_NV_UndefineSpaceSpecial, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_UndefineSpaceSpecial, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpaceSpecial},
|
||||||
|
- {TPM_CC_NV_ReadPublic, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadPublic},
|
||||||
|
- {TPM_CC_NV_Write, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
- {TPM_CC_NV_Increment, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
- {TPM_CC_NV_Extend, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
- {TPM_CC_NV_SetBits, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
- {TPM_CC_NV_WriteLock, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_WriteLock},
|
||||||
|
- {TPM_CC_NV_GlobalWriteLock, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_NV_Read, NULL, NULL, NULL},
|
||||||
|
- {TPM_CC_NV_ReadLock, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadLock},
|
||||||
|
- {TPM_CC_NV_ChangeAuth, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_ChangeAuth, NULL},
|
||||||
|
- {TPM_CC_NV_Certify, NULL, NULL, NULL}
|
||||||
|
+ {TPM_CC_Startup, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Shutdown, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_SelfTest, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_IncrementalSelfTest, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_GetTestResult, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_StartAuthSession, (TSS_CheckParametersFunction_t)TSS_CH_StartAuthSession, (TSS_PreProcessFunction_t)TSS_PR_StartAuthSession, NULL, (TSS_PostProcessFunction_t)TSS_PO_StartAuthSession},
|
||||||
|
+ {TPM_CC_PolicyRestart, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Create, (TSS_CheckParametersFunction_t)TSS_CH_Create, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Load, (TSS_CheckParametersFunction_t)TSS_CH_Load, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_Load},
|
||||||
|
+ {TPM_CC_LoadExternal, (TSS_CheckParametersFunction_t)TSS_CH_LoadExternal, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_LoadExternal},
|
||||||
|
+ {TPM_CC_ReadPublic, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ReadPublic},
|
||||||
|
+ {TPM_CC_ActivateCredential, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_MakeCredential, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Unseal, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ObjectChangeAuth, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_CreateLoaded, (TSS_CheckParametersFunction_t)TSS_CH_CreateLoaded, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreateLoaded},
|
||||||
|
+ {TPM_CC_Duplicate, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Rewrap, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Import, (TSS_CheckParametersFunction_t)TSS_CH_Import, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_RSA_Encrypt, (TSS_CheckParametersFunction_t)TSS_CH_RSA_Encrypt, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_RSA_Decrypt, (TSS_CheckParametersFunction_t)TSS_CH_RSA_Decrypt, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ECDH_KeyGen, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ECDH_ZGen, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ECC_Parameters, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ZGen_2Phase, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_EncryptDecrypt, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_EncryptDecrypt2, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Hash, (TSS_CheckParametersFunction_t)TSS_CH_Hash, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_HMAC, (TSS_CheckParametersFunction_t)TSS_CH_HMAC, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_GetRandom, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_StirRandom, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_HMAC_Start, (TSS_CheckParametersFunction_t)TSS_CH_HMAC_Start, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HMAC_Start},
|
||||||
|
+ {TPM_CC_HashSequenceStart, (TSS_CheckParametersFunction_t)TSS_CH_HashSequenceStart, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HashSequenceStart},
|
||||||
|
+ {TPM_CC_SequenceUpdate, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_SequenceComplete, NULL, NULL,NULL, (TSS_PostProcessFunction_t)TSS_PO_SequenceComplete},
|
||||||
|
+ {TPM_CC_EventSequenceComplete, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EventSequenceComplete},
|
||||||
|
+ {TPM_CC_Certify, (TSS_CheckParametersFunction_t)TSS_CH_Certify, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_CertifyX509, (TSS_CheckParametersFunction_t)TSS_CH_CertifyX509, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_CertifyCreation, (TSS_CheckParametersFunction_t)TSS_CH_CertifyCreation, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Quote, (TSS_CheckParametersFunction_t)TSS_CH_Quote, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_GetSessionAuditDigest, (TSS_CheckParametersFunction_t)TSS_CH_GetSessionAuditDigest, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_GetCommandAuditDigest, (TSS_CheckParametersFunction_t)TSS_CH_GetCommandAuditDigest, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_GetTime, (TSS_CheckParametersFunction_t)TSS_CH_GetTime, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Commit, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_EC_Ephemeral, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_VerifySignature, (TSS_CheckParametersFunction_t)TSS_CH_VerifySignature, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Sign, (TSS_CheckParametersFunction_t)TSS_CH_Sign, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_SetCommandCodeAuditStatus, (TSS_CheckParametersFunction_t)TSS_CH_SetCommandCodeAuditStatus, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_Extend, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_Event, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_Read, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_Allocate, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_SetAuthPolicy, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_SetAuthValue, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PCR_Reset, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicySigned, (TSS_CheckParametersFunction_t)TSS_CH_PolicySigned, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicySecret, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyTicket, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyOR, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyPCR, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyLocality, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyNV, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyAuthorizeNV, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyCounterTimer, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyCommandCode, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyPhysicalPresence, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyCpHash, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyNameHash, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyDuplicationSelect, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyAuthorize, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyAuthValue, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyAuthValue},
|
||||||
|
+ {TPM_CC_PolicyPassword, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyPassword},
|
||||||
|
+ {TPM_CC_PolicyGetDigest, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyNvWritten, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PolicyTemplate, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_CreatePrimary, (TSS_CheckParametersFunction_t)TSS_CH_CreatePrimary, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreatePrimary},
|
||||||
|
+ {TPM_CC_HierarchyControl, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_SetPrimaryPolicy, (TSS_CheckParametersFunction_t)TSS_CH_SetPrimaryPolicy, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ChangePPS, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ChangeEPS, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_Clear, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ClearControl, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_HierarchyChangeAuth, NULL, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_HierarchyChangeAuth, NULL},
|
||||||
|
+ {TPM_CC_DictionaryAttackLockReset, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_DictionaryAttackParameters, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_PP_Commands, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_SetAlgorithmSet, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ContextSave, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextSave},
|
||||||
|
+ {TPM_CC_ContextLoad, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextLoad},
|
||||||
|
+ {TPM_CC_FlushContext, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_FlushContext},
|
||||||
|
+ {TPM_CC_EvictControl, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EvictControl},
|
||||||
|
+ {TPM_CC_ReadClock, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ClockSet, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_ClockRateAdjust, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_GetCapability, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_TestParms, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_NV_DefineSpace, (TSS_CheckParametersFunction_t)TSS_CH_NV_DefineSpace, (TSS_PreProcessFunction_t)TSS_PR_NV_DefineSpace, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_DefineSpace},
|
||||||
|
+ {TPM_CC_NV_UndefineSpace, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpace},
|
||||||
|
+ {TPM_CC_NV_UndefineSpaceSpecial, NULL, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_UndefineSpaceSpecial, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpaceSpecial},
|
||||||
|
+ {TPM_CC_NV_ReadPublic, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadPublic},
|
||||||
|
+ {TPM_CC_NV_Write, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
+ {TPM_CC_NV_Increment, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
+ {TPM_CC_NV_Extend, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
+ {TPM_CC_NV_SetBits, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
||||||
|
+ {TPM_CC_NV_WriteLock, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_WriteLock},
|
||||||
|
+ {TPM_CC_NV_GlobalWriteLock, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_NV_Read, NULL, NULL, NULL, NULL},
|
||||||
|
+ {TPM_CC_NV_ReadLock, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadLock},
|
||||||
|
+ {TPM_CC_NV_ChangeAuth, NULL, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_ChangeAuth, NULL},
|
||||||
|
+ {TPM_CC_NV_Certify, (TSS_CheckParametersFunction_t)TSS_CH_NV_Certify, NULL, NULL, NULL}
|
||||||
|
};
|
||||||
|
|
||||||
|
#ifndef TPM_TSS_NO_PRINT
|
||||||
|
@@ -646,6 +1014,10 @@ static TPM_RC TSS_Command_ChangeAuthProcessor(TSS_CONTEXT *tssContext,
|
||||||
|
COMMAND_PARAMETERS *in);
|
||||||
|
#endif /* TPM_TSS_NOCRYPTO */
|
||||||
|
|
||||||
|
+#ifdef TPM_TSS_NODEPRECATEDALGS
|
||||||
|
+static TPM_RC TSS_Command_CheckParameters(TPM_CC commandCode,
|
||||||
|
+ COMMAND_PARAMETERS *in);
|
||||||
|
+#endif
|
||||||
|
static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext,
|
||||||
|
TPM_CC commandCode,
|
||||||
|
COMMAND_PARAMETERS *in,
|
||||||
|
@@ -688,6 +1060,12 @@ TPM_RC TSS_Execute20(TSS_CONTEXT *tssContext,
|
||||||
|
{
|
||||||
|
TPM_RC rc = 0;
|
||||||
|
|
||||||
|
+#ifdef TPM_TSS_NODEPRECATEDALGS
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ rc = TSS_Command_CheckParameters(commandCode, in);
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/* create a TSS authorization context */
|
||||||
|
if (rc == 0) {
|
||||||
|
TSS_InitAuthContext(tssContext->tssAuthContext);
|
||||||
|
@@ -3751,6 +4129,38 @@ static TPM_RC TSS_CA_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext,
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef TPM_TSS_NODEPRECATEDALGS
|
||||||
|
+static TPM_RC TSS_Command_CheckParameters(TPM_CC commandCode,
|
||||||
|
+ COMMAND_PARAMETERS *in)
|
||||||
|
+{
|
||||||
|
+ TPM_RC rc = 0;
|
||||||
|
+ size_t index;
|
||||||
|
+ int found;
|
||||||
|
+ TSS_CheckParametersFunction_t checkParametersFunction = NULL;
|
||||||
|
+
|
||||||
|
+ /* search the table for a check parameters function */
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ found = FALSE;
|
||||||
|
+ for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) {
|
||||||
|
+ if (tssTable[index].commandCode == commandCode) {
|
||||||
|
+ found = TRUE;
|
||||||
|
+ break; /* don't increment index if found */
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ /* found false means there is no check parameters function. This permits the table to be smaller
|
||||||
|
+ if desired. */
|
||||||
|
+ if ((rc == 0) && found) {
|
||||||
|
+ checkParametersFunction = tssTable[index].checkParametersFunction;
|
||||||
|
+ /* call the check parameters function if there is one */
|
||||||
|
+ if (checkParametersFunction != NULL) {
|
||||||
|
+ rc = checkParametersFunction(in);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return rc;
|
||||||
|
+}
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
Command Pre-Processor
|
||||||
|
*/
|
||||||
|
diff --git a/utils/tsscryptoh.c b/utils/tsscryptoh.c
|
||||||
|
index 197549d..52f4616 100644
|
||||||
|
--- a/utils/tsscryptoh.c
|
||||||
|
+++ b/utils/tsscryptoh.c
|
||||||
|
@@ -454,7 +454,14 @@ TPM_RC TSS_RSA_padding_add_PKCS1_OAEP(unsigned char *em, uint32_t emLen,
|
||||||
|
unsigned char *maskedSeed;
|
||||||
|
|
||||||
|
uint16_t hlen = TSS_GetDigestSize(halg);
|
||||||
|
- em[0] = 0x00; /* firsr byte is 0x00 per the standard */
|
||||||
|
+ em[0] = 0x00; /* first byte is 0x00 per the standard */
|
||||||
|
+#ifdef TPM_TSS_NODEPRECATEDALGS
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ if (halg == TPM_ALG_SHA1) {
|
||||||
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
/* 1.a. If the length of L is greater than the input limitation for */
|
||||||
|
/* the hash function (2^61-1 octets for SHA-1) then output "parameter */
|
||||||
|
/* string too long" and stop. */
|
||||||
|
--
|
||||||
|
2.34.3
|
||||||
|
|
@ -1,136 +0,0 @@
|
|||||||
From 506ae7f508cdcaca1cad7433725e8f4c115f843b Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?=
|
|
||||||
<shoracek@redhat.com>
|
|
||||||
Date: Fri, 25 Feb 2022 15:28:28 +0100
|
|
||||||
Subject: [PATCH 4/4] Restrict SHA-1 in TSS
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
|
|
||||||
---
|
|
||||||
utils/cryptoutils.c | 4 ---
|
|
||||||
utils/tss20.c | 81 ++++++++++++++++++++++++++++++++++++++++++++-
|
|
||||||
2 files changed, 80 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/utils/cryptoutils.c b/utils/cryptoutils.c
|
|
||||||
index 7b5de79..98396a7 100644
|
|
||||||
--- a/utils/cryptoutils.c
|
|
||||||
+++ b/utils/cryptoutils.c
|
|
||||||
@@ -2136,10 +2136,6 @@ TPM_RC verifyRSASignatureFromRSA(unsigned char *message,
|
|
||||||
/* map from hash algorithm to openssl nid */
|
|
||||||
if (rc == 0) {
|
|
||||||
switch (halg) {
|
|
||||||
- case TPM_ALG_SHA1:
|
|
||||||
- nid = NID_sha1;
|
|
||||||
- md = EVP_sha1();
|
|
||||||
- break;
|
|
||||||
case TPM_ALG_SHA256:
|
|
||||||
nid = NID_sha256;
|
|
||||||
md = EVP_sha256();
|
|
||||||
diff --git a/utils/tss20.c b/utils/tss20.c
|
|
||||||
index c778069..bd05cf3 100644
|
|
||||||
--- a/utils/tss20.c
|
|
||||||
+++ b/utils/tss20.c
|
|
||||||
@@ -678,6 +678,76 @@ extern int tssVerbose;
|
|
||||||
extern int tssVverbose;
|
|
||||||
extern int tssFirstCall;
|
|
||||||
|
|
||||||
+int TSS_CheckSha1_PublicArea(TPMT_PUBLIC *publicArea)
|
|
||||||
+{
|
|
||||||
+ return publicArea->nameAlg == TPM_ALG_SHA1 ||
|
|
||||||
+ ((publicArea->type == TPM_ALG_RSA || publicArea->type == TPM_ALG_ECC) &&
|
|
||||||
+ publicArea->parameters.asymDetail.scheme.scheme != TPM_ALG_NULL &&
|
|
||||||
+ publicArea->parameters.asymDetail.scheme.details.anySig.hashAlg == TPM_ALG_SHA1);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int TSS_CheckSha1_SigScheme(TPMT_SIG_SCHEME *sigScheme)
|
|
||||||
+{
|
|
||||||
+ return sigScheme->details.any.hashAlg == TPM_ALG_SHA1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int TSS_CheckSha1(COMMAND_PARAMETERS *in,
|
|
||||||
+ TPM_CC commandCode)
|
|
||||||
+{
|
|
||||||
+ switch (commandCode)
|
|
||||||
+ {
|
|
||||||
+ case TPM_CC_Certify:
|
|
||||||
+ return TSS_CheckSha1_SigScheme(&in->Certify.inScheme);
|
|
||||||
+ case TPM_CC_CertifyCreation:
|
|
||||||
+ return TSS_CheckSha1_SigScheme(&in->CertifyCreation.inScheme);
|
|
||||||
+ case TPM_CC_Create:
|
|
||||||
+ return TSS_CheckSha1_PublicArea(&in->Create.inPublic.publicArea);
|
|
||||||
+ case TPM_CC_CreateLoaded:
|
|
||||||
+ return TSS_CheckSha1_PublicArea(&in->Create.inPublic.publicArea);
|
|
||||||
+ case TPM_CC_CreatePrimary:
|
|
||||||
+ return TSS_CheckSha1_PublicArea(&in->CreatePrimary.inPublic.publicArea);
|
|
||||||
+ case TPM_CC_GetCommandAuditDigest:
|
|
||||||
+ return TSS_CheckSha1_SigScheme(&in->GetCommandAuditDigest.inScheme);
|
|
||||||
+ case TPM_CC_GetSessionAuditDigest:
|
|
||||||
+ return TSS_CheckSha1_SigScheme(&in->GetSessionAuditDigest.inScheme);
|
|
||||||
+ case TPM_CC_GetTime:
|
|
||||||
+ return TSS_CheckSha1_SigScheme(&in->GetTime.inScheme);
|
|
||||||
+ case TPM_CC_Hash:
|
|
||||||
+ return in->Hash.hashAlg == TPM_ALG_SHA1;
|
|
||||||
+ case TPM_CC_HashSequenceStart:
|
|
||||||
+ return in->HashSequenceStart.hashAlg == TPM_ALG_SHA1;
|
|
||||||
+ case TPM_CC_HMAC:
|
|
||||||
+ return in->HMAC.hashAlg == TPM_ALG_SHA1;
|
|
||||||
+ case TPM_CC_HMAC_Start:
|
|
||||||
+ return in->HMAC_Start.hashAlg == TPM_ALG_SHA1;
|
|
||||||
+ case TPM_CC_Import:
|
|
||||||
+ return TSS_CheckSha1_PublicArea(&in->Import.objectPublic.publicArea);
|
|
||||||
+ case TPM_CC_LoadExternal:
|
|
||||||
+ return TSS_CheckSha1_PublicArea(&in->LoadExternal.inPublic.publicArea);
|
|
||||||
+ case TPM_CC_NV_Certify:
|
|
||||||
+ return TSS_CheckSha1_SigScheme(&in->NV_Certify.inScheme);
|
|
||||||
+ case TPM_CC_NV_DefineSpace:
|
|
||||||
+ return in->NV_DefineSpace.publicInfo.nvPublic.nameAlg == TPM_ALG_SHA1;
|
|
||||||
+ case TPM_CC_PolicySigned:
|
|
||||||
+ return in->PolicySigned.auth.signature.any.hashAlg == TPM_ALG_SHA1;
|
|
||||||
+ case TPM_CC_Quote:
|
|
||||||
+ return TSS_CheckSha1_SigScheme(&in->Quote.inScheme);
|
|
||||||
+ case TPM_CC_RSA_Decrypt:
|
|
||||||
+ return TSS_CheckSha1_SigScheme(&in->RSA_Decrypt.inScheme);
|
|
||||||
+ case TPM_CC_SetCommandCodeAuditStatus:
|
|
||||||
+ return in->SetCommandCodeAuditStatus.auditAlg == TPM_ALG_SHA1;
|
|
||||||
+ case TPM_CC_SetPrimaryPolicy:
|
|
||||||
+ return in->SetPrimaryPolicy.hashAlg == TPM_ALG_SHA1;
|
|
||||||
+ case TPM_CC_Sign:
|
|
||||||
+ return TSS_CheckSha1_SigScheme(&in->Sign.inScheme);
|
|
||||||
+ case TPM_CC_StartAuthSession:
|
|
||||||
+ return in->StartAuthSession.authHash == TPM_ALG_SHA1;
|
|
||||||
+ case TPM_CC_VerifySignature:
|
|
||||||
+ return in->VerifySignature.signature.signature.any.hashAlg == TPM_ALG_SHA1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
|
|
||||||
TPM_RC TSS_Execute20(TSS_CONTEXT *tssContext,
|
|
||||||
RESPONSE_PARAMETERS *out,
|
|
||||||
@@ -687,11 +757,20 @@ TPM_RC TSS_Execute20(TSS_CONTEXT *tssContext,
|
|
||||||
va_list ap)
|
|
||||||
{
|
|
||||||
TPM_RC rc = 0;
|
|
||||||
-
|
|
||||||
+
|
|
||||||
+#ifdef RESTRICTED_HASH_ALG
|
|
||||||
+ if (rc == 0) {
|
|
||||||
+ if (TSS_CheckSha1(in, commandCode)) {
|
|
||||||
+ rc = TPM_RC_HASH;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif /* RESTRICTED_HASH_ALG */
|
|
||||||
+
|
|
||||||
/* create a TSS authorization context */
|
|
||||||
if (rc == 0) {
|
|
||||||
TSS_InitAuthContext(tssContext->tssAuthContext);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
/* handle any command specific command pre-processing */
|
|
||||||
if (rc == 0) {
|
|
||||||
rc = TSS_Command_PreProcessor(tssContext,
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
@ -0,0 +1,593 @@
|
|||||||
|
From df5038caa1785d2661d283e6eeb1d6d5184d5272 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?=
|
||||||
|
<shoracek@redhat.com>
|
||||||
|
Date: Mon, 2 May 2022 23:51:15 +0200
|
||||||
|
Subject: [PATCH 4/4] man: Include information about possible hash restriction
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
|
||||||
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
|
||||||
|
---
|
||||||
|
utils/certify.c | 2 ++
|
||||||
|
utils/certifycreation.c | 2 ++
|
||||||
|
utils/create.c | 2 ++
|
||||||
|
utils/createloaded.c | 2 ++
|
||||||
|
utils/createprimary.c | 2 ++
|
||||||
|
utils/getcommandauditdigest.c | 2 ++
|
||||||
|
utils/getsessionauditdigest.c | 2 ++
|
||||||
|
utils/gettime.c | 2 ++
|
||||||
|
utils/hash.c | 2 ++
|
||||||
|
utils/hashsequencestart.c | 2 ++
|
||||||
|
utils/hmac.c | 2 ++
|
||||||
|
utils/hmacstart.c | 2 ++
|
||||||
|
utils/importpem.c | 2 ++
|
||||||
|
utils/loadexternal.c | 2 ++
|
||||||
|
utils/man/man1/tsscertify.1 | 2 ++
|
||||||
|
utils/man/man1/tsscertifycreation.1 | 2 ++
|
||||||
|
utils/man/man1/tsscreate.1 | 2 ++
|
||||||
|
utils/man/man1/tsscreateloaded.1 | 2 ++
|
||||||
|
utils/man/man1/tsscreateprimary.1 | 2 ++
|
||||||
|
utils/man/man1/tssgetcommandauditdigest.1 | 2 ++
|
||||||
|
utils/man/man1/tssgetsessionauditdigest.1 | 2 ++
|
||||||
|
utils/man/man1/tssgettime.1 | 2 ++
|
||||||
|
utils/man/man1/tsshash.1 | 2 ++
|
||||||
|
utils/man/man1/tsshashsequencestart.1 | 2 ++
|
||||||
|
utils/man/man1/tsshmac.1 | 2 ++
|
||||||
|
utils/man/man1/tsshmacstart.1 | 2 ++
|
||||||
|
utils/man/man1/tssimportpem.1 | 2 ++
|
||||||
|
utils/man/man1/tssloadexternal.1 | 2 ++
|
||||||
|
utils/man/man1/tssnvcertify.1 | 2 ++
|
||||||
|
utils/man/man1/tssnvdefinespace.1 | 2 ++
|
||||||
|
utils/man/man1/tsspolicysigned.1 | 2 ++
|
||||||
|
utils/man/man1/tssquote.1 | 2 ++
|
||||||
|
utils/man/man1/tssrsadecrypt.1 | 2 ++
|
||||||
|
utils/man/man1/tsssetcommandcodeauditstatus.1 | 2 ++
|
||||||
|
utils/man/man1/tsssetprimarypolicy.1 | 2 ++
|
||||||
|
utils/man/man1/tsssign.1 | 2 ++
|
||||||
|
utils/man/man1/tssstartauthsession.1 | 2 ++
|
||||||
|
utils/man/man1/tssverifysignature.1 | 2 ++
|
||||||
|
utils/nvcertify.c | 2 ++
|
||||||
|
utils/nvdefinespace.c | 2 ++
|
||||||
|
utils/policysigned.c | 2 ++
|
||||||
|
utils/quote.c | 2 ++
|
||||||
|
utils/rsadecrypt.c | 2 ++
|
||||||
|
utils/setcommandcodeauditstatus.c | 2 ++
|
||||||
|
utils/setprimarypolicy.c | 2 ++
|
||||||
|
utils/sign.c | 2 ++
|
||||||
|
utils/startauthsession.c | 2 ++
|
||||||
|
utils/verifysignature.c | 2 ++
|
||||||
|
48 files changed, 96 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/utils/certify.c b/utils/certify.c
|
||||||
|
index f1f54d0..f9a07c5 100644
|
||||||
|
--- a/utils/certify.c
|
||||||
|
+++ b/utils/certify.c
|
||||||
|
@@ -407,5 +407,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/certifycreation.c b/utils/certifycreation.c
|
||||||
|
index ab54c0a..b4fa095 100644
|
||||||
|
--- a/utils/certifycreation.c
|
||||||
|
+++ b/utils/certifycreation.c
|
||||||
|
@@ -449,5 +449,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/create.c b/utils/create.c
|
||||||
|
index a8b805c..880af28 100644
|
||||||
|
--- a/utils/create.c
|
||||||
|
+++ b/utils/create.c
|
||||||
|
@@ -710,5 +710,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/createloaded.c b/utils/createloaded.c
|
||||||
|
index d54f791..5bcf69e 100644
|
||||||
|
--- a/utils/createloaded.c
|
||||||
|
+++ b/utils/createloaded.c
|
||||||
|
@@ -628,5 +628,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/createprimary.c b/utils/createprimary.c
|
||||||
|
index 52ae083..81cc91d 100644
|
||||||
|
--- a/utils/createprimary.c
|
||||||
|
+++ b/utils/createprimary.c
|
||||||
|
@@ -799,5 +799,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/getcommandauditdigest.c b/utils/getcommandauditdigest.c
|
||||||
|
index a219785..6412d90 100644
|
||||||
|
--- a/utils/getcommandauditdigest.c
|
||||||
|
+++ b/utils/getcommandauditdigest.c
|
||||||
|
@@ -391,5 +391,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/getsessionauditdigest.c b/utils/getsessionauditdigest.c
|
||||||
|
index 61b12e6..4138bc7 100644
|
||||||
|
--- a/utils/getsessionauditdigest.c
|
||||||
|
+++ b/utils/getsessionauditdigest.c
|
||||||
|
@@ -387,5 +387,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/gettime.c b/utils/gettime.c
|
||||||
|
index b07baf1..547faa9 100644
|
||||||
|
--- a/utils/gettime.c
|
||||||
|
+++ b/utils/gettime.c
|
||||||
|
@@ -391,5 +391,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/hash.c b/utils/hash.c
|
||||||
|
index 71b8a7c..5a0df6a 100644
|
||||||
|
--- a/utils/hash.c
|
||||||
|
+++ b/utils/hash.c
|
||||||
|
@@ -306,5 +306,7 @@ static void printUsage(void)
|
||||||
|
printf("\t[-ns\tno space, no text, no newlines]\n");
|
||||||
|
printf("\t[-oh\thash file name (default do not save)]\n");
|
||||||
|
printf("\t[-tk\tticket file name (default do not save)]\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/hashsequencestart.c b/utils/hashsequencestart.c
|
||||||
|
index d54fadd..88d15fc 100644
|
||||||
|
--- a/utils/hashsequencestart.c
|
||||||
|
+++ b/utils/hashsequencestart.c
|
||||||
|
@@ -249,5 +249,7 @@ static void printUsage(void)
|
||||||
|
printf("\t-se[0-2] session handle / attributes (default NULL)\n");
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/hmac.c b/utils/hmac.c
|
||||||
|
index be63e1b..7ab2b34 100644
|
||||||
|
--- a/utils/hmac.c
|
||||||
|
+++ b/utils/hmac.c
|
||||||
|
@@ -352,5 +352,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/hmacstart.c b/utils/hmacstart.c
|
||||||
|
index 3fdd0f9..171af6c 100644
|
||||||
|
--- a/utils/hmacstart.c
|
||||||
|
+++ b/utils/hmacstart.c
|
||||||
|
@@ -274,5 +274,7 @@ static void printUsage(void)
|
||||||
|
printf("\n");
|
||||||
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/importpem.c b/utils/importpem.c
|
||||||
|
index 38ad125..75c8cb2 100644
|
||||||
|
--- a/utils/importpem.c
|
||||||
|
+++ b/utils/importpem.c
|
||||||
|
@@ -486,5 +486,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/loadexternal.c b/utils/loadexternal.c
|
||||||
|
index 877501c..ff4b46f 100644
|
||||||
|
--- a/utils/loadexternal.c
|
||||||
|
+++ b/utils/loadexternal.c
|
||||||
|
@@ -538,5 +538,7 @@ static void printUsage(void)
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
printf("\t80\taudit\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/man/man1/tsscertify.1 b/utils/man/man1/tsscertify.1
|
||||||
|
index 6895ee7..7b34e2f 100644
|
||||||
|
--- a/utils/man/man1/tsscertify.1
|
||||||
|
+++ b/utils/man/man1/tsscertify.1
|
||||||
|
@@ -44,3 +44,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsscertifycreation.1 b/utils/man/man1/tsscertifycreation.1
|
||||||
|
index 4382ed9..5f51d05 100644
|
||||||
|
--- a/utils/man/man1/tsscertifycreation.1
|
||||||
|
+++ b/utils/man/man1/tsscertifycreation.1
|
||||||
|
@@ -47,3 +47,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsscreate.1 b/utils/man/man1/tsscreate.1
|
||||||
|
index b4eda75..92f53a7 100644
|
||||||
|
--- a/utils/man/man1/tsscreate.1
|
||||||
|
+++ b/utils/man/man1/tsscreate.1
|
||||||
|
@@ -125,3 +125,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsscreateloaded.1 b/utils/man/man1/tsscreateloaded.1
|
||||||
|
index ccd3d73..7e6c422 100644
|
||||||
|
--- a/utils/man/man1/tsscreateloaded.1
|
||||||
|
+++ b/utils/man/man1/tsscreateloaded.1
|
||||||
|
@@ -126,3 +126,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsscreateprimary.1 b/utils/man/man1/tsscreateprimary.1
|
||||||
|
index 895a42e..c189f17 100644
|
||||||
|
--- a/utils/man/man1/tsscreateprimary.1
|
||||||
|
+++ b/utils/man/man1/tsscreateprimary.1
|
||||||
|
@@ -129,3 +129,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssgetcommandauditdigest.1 b/utils/man/man1/tssgetcommandauditdigest.1
|
||||||
|
index 34711e0..e67adac 100644
|
||||||
|
--- a/utils/man/man1/tssgetcommandauditdigest.1
|
||||||
|
+++ b/utils/man/man1/tssgetcommandauditdigest.1
|
||||||
|
@@ -41,3 +41,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssgetsessionauditdigest.1 b/utils/man/man1/tssgetsessionauditdigest.1
|
||||||
|
index d09c78b..272127e 100644
|
||||||
|
--- a/utils/man/man1/tssgetsessionauditdigest.1
|
||||||
|
+++ b/utils/man/man1/tssgetsessionauditdigest.1
|
||||||
|
@@ -44,3 +44,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssgettime.1 b/utils/man/man1/tssgettime.1
|
||||||
|
index bec0627..1cb46f6 100644
|
||||||
|
--- a/utils/man/man1/tssgettime.1
|
||||||
|
+++ b/utils/man/man1/tssgettime.1
|
||||||
|
@@ -41,3 +41,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsshash.1 b/utils/man/man1/tsshash.1
|
||||||
|
index 6eff929..0a9c54e 100644
|
||||||
|
--- a/utils/man/man1/tsshash.1
|
||||||
|
+++ b/utils/man/man1/tsshash.1
|
||||||
|
@@ -28,3 +28,5 @@ hash file name (default do not save)]
|
||||||
|
.TP
|
||||||
|
[\-tk
|
||||||
|
ticket file name (default do not save)]
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsshashsequencestart.1 b/utils/man/man1/tsshashsequencestart.1
|
||||||
|
index f6d7f52..663ae69 100644
|
||||||
|
--- a/utils/man/man1/tsshashsequencestart.1
|
||||||
|
+++ b/utils/man/man1/tsshashsequencestart.1
|
||||||
|
@@ -21,3 +21,5 @@ continue
|
||||||
|
.TP
|
||||||
|
20
|
||||||
|
command decrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsshmac.1 b/utils/man/man1/tsshmac.1
|
||||||
|
index e64a861..70d2632 100644
|
||||||
|
--- a/utils/man/man1/tsshmac.1
|
||||||
|
+++ b/utils/man/man1/tsshmac.1
|
||||||
|
@@ -35,3 +35,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsshmacstart.1 b/utils/man/man1/tsshmacstart.1
|
||||||
|
index 65d4ab6..64bcf2f 100644
|
||||||
|
--- a/utils/man/man1/tsshmacstart.1
|
||||||
|
+++ b/utils/man/man1/tsshmacstart.1
|
||||||
|
@@ -23,3 +23,5 @@ password for sequence (default empty)
|
||||||
|
.TP
|
||||||
|
01
|
||||||
|
continue
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssimportpem.1 b/utils/man/man1/tssimportpem.1
|
||||||
|
index 21c362e..bf79c92 100644
|
||||||
|
--- a/utils/man/man1/tssimportpem.1
|
||||||
|
+++ b/utils/man/man1/tssimportpem.1
|
||||||
|
@@ -67,3 +67,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssloadexternal.1 b/utils/man/man1/tssloadexternal.1
|
||||||
|
index e32a251..2a9ba66 100644
|
||||||
|
--- a/utils/man/man1/tssloadexternal.1
|
||||||
|
+++ b/utils/man/man1/tssloadexternal.1
|
||||||
|
@@ -71,3 +71,5 @@ response encrypt
|
||||||
|
.TP
|
||||||
|
80
|
||||||
|
audit
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssnvcertify.1 b/utils/man/man1/tssnvcertify.1
|
||||||
|
index c55f6dc..83d2380 100644
|
||||||
|
--- a/utils/man/man1/tssnvcertify.1
|
||||||
|
+++ b/utils/man/man1/tssnvcertify.1
|
||||||
|
@@ -50,3 +50,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssnvdefinespace.1 b/utils/man/man1/tssnvdefinespace.1
|
||||||
|
index 0f378e9..642508b 100644
|
||||||
|
--- a/utils/man/man1/tssnvdefinespace.1
|
||||||
|
+++ b/utils/man/man1/tssnvdefinespace.1
|
||||||
|
@@ -99,3 +99,5 @@ continue
|
||||||
|
.TP
|
||||||
|
20
|
||||||
|
command decrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsspolicysigned.1 b/utils/man/man1/tsspolicysigned.1
|
||||||
|
index f50b81a..2f745c0 100644
|
||||||
|
--- a/utils/man/man1/tsspolicysigned.1
|
||||||
|
+++ b/utils/man/man1/tsspolicysigned.1
|
||||||
|
@@ -44,3 +44,5 @@ ticket file name]
|
||||||
|
.TP
|
||||||
|
[\-to
|
||||||
|
timeout file name]
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssquote.1 b/utils/man/man1/tssquote.1
|
||||||
|
index 04a2e60..fef5c39 100644
|
||||||
|
--- a/utils/man/man1/tssquote.1
|
||||||
|
+++ b/utils/man/man1/tssquote.1
|
||||||
|
@@ -44,3 +44,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssrsadecrypt.1 b/utils/man/man1/tssrsadecrypt.1
|
||||||
|
index 6c35e42..ab77103 100644
|
||||||
|
--- a/utils/man/man1/tssrsadecrypt.1
|
||||||
|
+++ b/utils/man/man1/tssrsadecrypt.1
|
||||||
|
@@ -31,3 +31,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
40
|
||||||
|
response encrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsssetcommandcodeauditstatus.1 b/utils/man/man1/tsssetcommandcodeauditstatus.1
|
||||||
|
index c4d19dc..7d44fb2 100644
|
||||||
|
--- a/utils/man/man1/tsssetcommandcodeauditstatus.1
|
||||||
|
+++ b/utils/man/man1/tsssetcommandcodeauditstatus.1
|
||||||
|
@@ -29,3 +29,5 @@ continue
|
||||||
|
.TP
|
||||||
|
20
|
||||||
|
command decrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsssetprimarypolicy.1 b/utils/man/man1/tsssetprimarypolicy.1
|
||||||
|
index c67c1f9..a3db8d2 100644
|
||||||
|
--- a/utils/man/man1/tsssetprimarypolicy.1
|
||||||
|
+++ b/utils/man/man1/tsssetprimarypolicy.1
|
||||||
|
@@ -26,3 +26,5 @@ continue
|
||||||
|
.TP
|
||||||
|
20
|
||||||
|
command decrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tsssign.1 b/utils/man/man1/tsssign.1
|
||||||
|
index d5ad351..83d3cfa 100644
|
||||||
|
--- a/utils/man/man1/tsssign.1
|
||||||
|
+++ b/utils/man/man1/tsssign.1
|
||||||
|
@@ -46,3 +46,5 @@ continue
|
||||||
|
.TP
|
||||||
|
20
|
||||||
|
command decrypt
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssstartauthsession.1 b/utils/man/man1/tssstartauthsession.1
|
||||||
|
index 3e944bb..0bb5022 100644
|
||||||
|
--- a/utils/man/man1/tssstartauthsession.1
|
||||||
|
+++ b/utils/man/man1/tssstartauthsession.1
|
||||||
|
@@ -35,3 +35,5 @@ bind password for bind handle (default empty)]
|
||||||
|
.TP
|
||||||
|
[\-on
|
||||||
|
nonceTPM file for policy session (default do not save)]
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/man/man1/tssverifysignature.1 b/utils/man/man1/tssverifysignature.1
|
||||||
|
index e2d6460..67b7ff5 100644
|
||||||
|
--- a/utils/man/man1/tssverifysignature.1
|
||||||
|
+++ b/utils/man/man1/tssverifysignature.1
|
||||||
|
@@ -57,3 +57,5 @@ command decrypt
|
||||||
|
.TP
|
||||||
|
80
|
||||||
|
audit
|
||||||
|
+.PP
|
||||||
|
+Depending on the build configuration, some hash algorithms may not be available.
|
||||||
|
diff --git a/utils/nvcertify.c b/utils/nvcertify.c
|
||||||
|
index 81bde69..6882bfb 100644
|
||||||
|
--- a/utils/nvcertify.c
|
||||||
|
+++ b/utils/nvcertify.c
|
||||||
|
@@ -445,5 +445,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/nvdefinespace.c b/utils/nvdefinespace.c
|
||||||
|
index 18ce6ea..94e6cbd 100644
|
||||||
|
--- a/utils/nvdefinespace.c
|
||||||
|
+++ b/utils/nvdefinespace.c
|
||||||
|
@@ -590,5 +590,7 @@ static void printUsage(void)
|
||||||
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/policysigned.c b/utils/policysigned.c
|
||||||
|
index 469cec9..8283464 100644
|
||||||
|
--- a/utils/policysigned.c
|
||||||
|
+++ b/utils/policysigned.c
|
||||||
|
@@ -452,5 +452,7 @@ static void printUsage(void)
|
||||||
|
printf("\t[-pwdk\tsigning key password (default null)]\n");
|
||||||
|
printf("\t[-tk\tticket file name]\n");
|
||||||
|
printf("\t[-to\ttimeout file name]\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/quote.c b/utils/quote.c
|
||||||
|
index c29fad0..7523578 100644
|
||||||
|
--- a/utils/quote.c
|
||||||
|
+++ b/utils/quote.c
|
||||||
|
@@ -435,5 +435,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/rsadecrypt.c b/utils/rsadecrypt.c
|
||||||
|
index e2846af..fe5086a 100644
|
||||||
|
--- a/utils/rsadecrypt.c
|
||||||
|
+++ b/utils/rsadecrypt.c
|
||||||
|
@@ -507,5 +507,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t40\tresponse encrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/setcommandcodeauditstatus.c b/utils/setcommandcodeauditstatus.c
|
||||||
|
index 7a880ae..ddecad5 100644
|
||||||
|
--- a/utils/setcommandcodeauditstatus.c
|
||||||
|
+++ b/utils/setcommandcodeauditstatus.c
|
||||||
|
@@ -294,5 +294,7 @@ static void printUsage(void)
|
||||||
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/setprimarypolicy.c b/utils/setprimarypolicy.c
|
||||||
|
index 619937f..c03883f 100644
|
||||||
|
--- a/utils/setprimarypolicy.c
|
||||||
|
+++ b/utils/setprimarypolicy.c
|
||||||
|
@@ -296,5 +296,7 @@ static void printUsage(void)
|
||||||
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/sign.c b/utils/sign.c
|
||||||
|
index 0635366..f31196b 100644
|
||||||
|
--- a/utils/sign.c
|
||||||
|
+++ b/utils/sign.c
|
||||||
|
@@ -485,5 +485,7 @@ static void printUsage(void)
|
||||||
|
printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/startauthsession.c b/utils/startauthsession.c
|
||||||
|
index d47c731..e6ddd5a 100644
|
||||||
|
--- a/utils/startauthsession.c
|
||||||
|
+++ b/utils/startauthsession.c
|
||||||
|
@@ -297,5 +297,7 @@ static void printUsage(void)
|
||||||
|
printf("\t[-pwdb\tbind password for bind handle (default empty)]\n");
|
||||||
|
printf("\t[-sym\t(xor, aes) symmetric parameter encryption algorithm (default xor)]\n");
|
||||||
|
printf("\t[-on\tnonceTPM file for policy session (default do not save)]\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
diff --git a/utils/verifysignature.c b/utils/verifysignature.c
|
||||||
|
index 57978d5..41ba05b 100644
|
||||||
|
--- a/utils/verifysignature.c
|
||||||
|
+++ b/utils/verifysignature.c
|
||||||
|
@@ -484,5 +484,7 @@ static void printUsage(void)
|
||||||
|
printf("\t01\tcontinue\n");
|
||||||
|
printf("\t20\tcommand decrypt\n");
|
||||||
|
printf("\t80\taudit\n");
|
||||||
|
+ printf("\n");
|
||||||
|
+ printf("Depending on the build configuration, some hash algorithms may not be available.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.34.3
|
||||||
|
|
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
Name: tss2
|
Name: tss2
|
||||||
Version: 1.6.0
|
Version: 1.6.0
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
|
Summary: IBM's TCG Software Stack (TSS) for TPM 2.0 and related utilities
|
||||||
|
|
||||||
@ -23,9 +23,10 @@ Patch5: 0005-utils-Fix-errors-detected-by-gcc-asan.patch
|
|||||||
Patch6: 0006-tss-Port-HMAC-operations-to-openssl-3.0.patch
|
Patch6: 0006-tss-Port-HMAC-operations-to-openssl-3.0.patch
|
||||||
Patch7: 0007-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch
|
Patch7: 0007-utils-Port-to-openssl-3.0.0-replaces-RSA-with-EVP_PK.patch
|
||||||
Patch8: 0001-utils-Generate-X509-certificate-serial-number-using-.patch
|
Patch8: 0001-utils-Generate-X509-certificate-serial-number-using-.patch
|
||||||
Patch9: 0002-Update-SHA-1-to-SHA-256-in-tests-without-restricting.patch
|
Patch9: 0001-tss-Add-missing-parameter-union-members.patch
|
||||||
Patch10: 0003-Restrict-the-usage-of-SHA-1-in-code-examples.patch
|
Patch10: 0002-regtest-Update-to-SHA-256-without-restricting-the-sc.patch
|
||||||
Patch11: 0004-Restrict-SHA-1-in-TSS.patch
|
Patch11: 0003-tss-Restrict-usage-of-SHA-1.patch
|
||||||
|
Patch12: 0004-man-Include-information-about-possible-hash-restrict.patch
|
||||||
|
|
||||||
|
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -58,7 +59,7 @@ order to build TSS 2.0 applications.
|
|||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -vi
|
autoreconf -vi
|
||||||
%configure --disable-static --disable-tpm-1.2 --program-prefix=tss --enable-restricted-hash-alg
|
%configure --disable-static --disable-tpm-1.2 --program-prefix=tss --enable-nodeprecatedalgs
|
||||||
CCFLAGS="%{optflags}" \
|
CCFLAGS="%{optflags}" \
|
||||||
LNFLAGS="%{__global_ldflags}" \
|
LNFLAGS="%{__global_ldflags}" \
|
||||||
%{make_build}
|
%{make_build}
|
||||||
@ -83,9 +84,13 @@ find %{buildroot} -type f -name "*.la" -delete -print
|
|||||||
%doc ibmtss.doc
|
%doc ibmtss.doc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Feb 24 2022 Stepan Horacek <shoracek@redhat.com> - 1:1.6.0-6
|
* Fri Jul 8 2022 Stepan Horacek <shoracek@redhat.com> - 1:1.6.0-7
|
||||||
|
- Version bump
|
||||||
|
Resolves: rhbz#2060768
|
||||||
|
|
||||||
|
* Wed Jun 29 2022 Stepan Horacek <shoracek@redhat.com> - 1:1.6.0-6
|
||||||
- Restrict SHA-1 usage
|
- Restrict SHA-1 usage
|
||||||
Resolves: rhbz#1935450
|
Resolves: rhbz#2060768
|
||||||
|
|
||||||
* Fri Jan 28 2022 Stepan Horacek <shoracek@redhat.com> - 1:1.6.0-5
|
* Fri Jan 28 2022 Stepan Horacek <shoracek@redhat.com> - 1:1.6.0-5
|
||||||
- Fix failures introduced with OpenSSL 3
|
- Fix failures introduced with OpenSSL 3
|
||||||
|
Loading…
Reference in New Issue
Block a user