908 lines
31 KiB
Diff
908 lines
31 KiB
Diff
From 163843248ce6bb85fa5a3527f93610328877a1cf Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?=C5=A0t=C4=9Bp=C3=A1n=20Hor=C3=A1=C4=8Dek?=
|
|
<shoracek@redhat.com>
|
|
Date: Sat, 30 Apr 2022 22:15:43 +0200
|
|
Subject: [PATCH 3/4] tss: Restrict usage of SHA-1
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Due to SHA-1 not being considered secure, it should be not used for
|
|
cryptographical purposes. This commit disables the usage of SHA-1 in
|
|
cases where it is used in potentially exploitable situations, most
|
|
notably for creating signatures.
|
|
|
|
- Compared to the next branch commit af3154e2, changes related to
|
|
unimplemented ECC functionality are ommited.
|
|
|
|
Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
|
|
Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
|
|
---
|
|
configure.ac | 24 +-
|
|
utils/Makefile.am | 16 +-
|
|
utils/cryptoutils.c | 4 +
|
|
utils/reg.sh | 20 +-
|
|
utils/regtests/testattest.sh | 3 +-
|
|
utils/regtests/testevent.sh | 2 +-
|
|
utils/tss20.c | 638 ++++++++++++++++++++++++++++-------
|
|
utils/tsscryptoh.c | 9 +-
|
|
8 files changed, 582 insertions(+), 134 deletions(-)
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
index ad870b1..c570cb0 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -123,6 +123,11 @@ AC_ARG_ENABLE(rmtpm,
|
|
AM_CONDITIONAL([CONFIG_RMTPM], [test "x$enable_rmtpm" = "xyes"])
|
|
AS_IF([test "$enable_rmtpm" != "yes"], [enable_rmtpm="no"])
|
|
|
|
+AC_ARG_ENABLE(nodeprecatedalgs,
|
|
+ AS_HELP_STRING([--enable-nodeprecatedalgs], [Restrict usage of SHA-1]))
|
|
+ AM_CONDITIONAL([CONFIG_TSS_NODEPRECATEDALGS], [test "x$enable_nodeprecatedalgs" = "xyes"])
|
|
+ AS_IF([test "$enable_nodeprecatedalgs" != "yes"], [enable_nodeprecatedalgs="no"])
|
|
+
|
|
AC_CONFIG_FILES([Makefile
|
|
utils/Makefile
|
|
utils12/Makefile
|
|
@@ -131,12 +136,13 @@ AC_OUTPUT
|
|
|
|
# Give some feedback
|
|
echo "Configuration:"
|
|
-echo " CFLAGS: $CFLAGS"
|
|
-echo " tpm12: $tpm12"
|
|
-echo " tpm20: $tpm20"
|
|
-echo " hwtpm: $enable_hwtpm"
|
|
-echo " rmtpm: $enable_rmtpm"
|
|
-echo " nofile: $enable_nofile"
|
|
-echo " noprint: $enable_noprint"
|
|
-echo " nocrypto: $enable_nocrypto"
|
|
-echo " noecc: $enable_noecc"
|
|
+echo " CFLAGS: $CFLAGS"
|
|
+echo " tpm12: $tpm12"
|
|
+echo " tpm20: $tpm20"
|
|
+echo " hwtpm: $enable_hwtpm"
|
|
+echo " rmtpm: $enable_rmtpm"
|
|
+echo " nofile: $enable_nofile"
|
|
+echo " noprint: $enable_noprint"
|
|
+echo " nocrypto: $enable_nocrypto"
|
|
+echo " noecc: $enable_noecc"
|
|
+echo " nodeprecatedalgs: $enable_nodeprecatedalgs"
|
|
diff --git a/utils/Makefile.am b/utils/Makefile.am
|
|
index d3af94e..53c53d9 100755
|
|
--- a/utils/Makefile.am
|
|
+++ b/utils/Makefile.am
|
|
@@ -60,6 +60,10 @@ if CONFIG_TSS_NOECC
|
|
libibmtss_la_CFLAGS += -DTPM_TSS_NOECC
|
|
endif
|
|
|
|
+if CONFIG_TSS_NODEPRECATEDALGS
|
|
+libibmtss_la_CFLAGS += -DTPM_TSS_NODEPRECATEDALGS
|
|
+endif
|
|
+
|
|
libibmtss_la_CCFLAGS = -Wall -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wformat=2 -Wold-style-definition -Wno-self-assign -ggdb
|
|
libibmtss_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@
|
|
|
|
@@ -78,6 +82,10 @@ if CONFIG_TSS_NOECC
|
|
libibmtssutils_la_CFLAGS += -DTPM_TSS_NOECC
|
|
endif
|
|
|
|
+if CONFIG_TSS_NODEPRECATEDALGS
|
|
+libibmtssutils_la_CFLAGS += -DTPM_TSS_NODEPRECATEDALGS
|
|
+endif
|
|
+
|
|
#current[:revision[:age]]
|
|
#result: [current-age].age.revision
|
|
libibmtssutils_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@
|
|
@@ -115,8 +123,14 @@ bin_PROGRAMS = activatecredential eventextend imaextend certify certifycreation
|
|
verifysignature zgen2phase signapp writeapp timepacket createek createekcert tpm2pem tpmpublic2eccpoint \
|
|
ntc2getconfig ntc2preconfig ntc2lockconfig publicname tpmcmd printattr
|
|
|
|
+UTILS_CFLAGS =
|
|
+
|
|
if CONFIG_TSS_NOECC
|
|
-UTILS_CFLAGS = -DTPM_TSS_NOECC
|
|
+UTILS_CFLAGS += -DTPM_TSS_NOECC
|
|
+endif
|
|
+
|
|
+if CONFIG_TSS_NODEPRECATEDALGS
|
|
+UTILS_CFLAGS += -DTPM_TSS_NODEPRECATEDALGS
|
|
endif
|
|
|
|
activatecredential_SOURCES = activatecredential.c
|
|
diff --git a/utils/cryptoutils.c b/utils/cryptoutils.c
|
|
index 7c4e931..9ac77a1 100644
|
|
--- a/utils/cryptoutils.c
|
|
+++ b/utils/cryptoutils.c
|
|
@@ -1834,9 +1834,11 @@ TPM_RC signRSAFromRSA(uint8_t *signature, size_t *signatureLength,
|
|
/* map the hash algorithm to the openssl NID */
|
|
if (rc == 0) {
|
|
switch (hashAlg) {
|
|
+#ifndef TPM_TSS_NODEPRECATEDALGS
|
|
case TPM_ALG_SHA1:
|
|
nid = NID_sha1;
|
|
break;
|
|
+#endif
|
|
case TPM_ALG_SHA256:
|
|
nid = NID_sha256;
|
|
break;
|
|
@@ -1896,10 +1898,12 @@ TPM_RC verifyRSASignatureFromRSA(unsigned char *message,
|
|
/* map from hash algorithm to openssl nid */
|
|
if (rc == 0) {
|
|
switch (halg) {
|
|
+#ifndef TPM_TSS_NODEPRECATEDALGS
|
|
case TPM_ALG_SHA1:
|
|
nid = NID_sha1;
|
|
md = EVP_sha1();
|
|
break;
|
|
+#endif
|
|
case TPM_ALG_SHA256:
|
|
nid = NID_sha256;
|
|
md = EVP_sha256();
|
|
diff --git a/utils/reg.sh b/utils/reg.sh
|
|
index 2d9d100..02d7d5f 100755
|
|
--- a/utils/reg.sh
|
|
+++ b/utils/reg.sh
|
|
@@ -69,12 +69,20 @@ PREFIX=./
|
|
|
|
#PREFIX="valgrind ./"
|
|
|
|
-# hash algorithms to be used for testing
|
|
-
|
|
-export ITERATE_ALGS="sha1 sha256 sha384 sha512"
|
|
-export ITERATE_ALGS_SIZES="20 32 48 64"
|
|
-export ITERATE_ALGS_COUNT=4
|
|
-export BAD_ITERATE_ALGS="sha256 sha384 sha512 sha1"
|
|
+# Hash algorithms to be used for testing. Uncomment or set shell env variable to restrict.
|
|
+# export TPM_TSS_NODEPRECATEDALGS=1
|
|
+if [ "${TPM_TSS_NODEPRECATEDALGS}" ]; then
|
|
+ export ITERATE_ALGS="sha256 sha384 sha512"
|
|
+ export ITERATE_ALGS_SIZES="32 48 64"
|
|
+ export ITERATE_ALGS_COUNT=3
|
|
+ export BAD_ITERATE_ALGS="sha384 sha512 sha256"
|
|
+else
|
|
+ export ITERATE_ALGS="sha1 sha256 sha384 sha512"
|
|
+ export ITERATE_ALGS_SIZES="20 32 48 64"
|
|
+ export ITERATE_ALGS_COUNT=4
|
|
+ export BAD_ITERATE_ALGS="sha256 sha384 sha512 sha1"
|
|
+fi
|
|
+export ITERATE_ALGS_WITH_SHA1="sha1 sha256 sha384 sha512"
|
|
|
|
printUsage ()
|
|
{
|
|
diff --git a/utils/regtests/testattest.sh b/utils/regtests/testattest.sh
|
|
index 2dacf88..4766554 100755
|
|
--- a/utils/regtests/testattest.sh
|
|
+++ b/utils/regtests/testattest.sh
|
|
@@ -381,9 +381,8 @@ echo ""
|
|
|
|
for HALG in ${ITERATE_ALGS}
|
|
do
|
|
-
|
|
echo "Start an audit session ${HALG}"
|
|
- ${PREFIX}startauthsession -se h -halg ${HALG} > run.out
|
|
+ ${PREFIX}startauthsession -se h -halg ${HALG} > run.out
|
|
checkSuccess $?
|
|
|
|
echo "PCR 16 reset"
|
|
diff --git a/utils/regtests/testevent.sh b/utils/regtests/testevent.sh
|
|
index 6336920..57a96d2 100755
|
|
--- a/utils/regtests/testevent.sh
|
|
+++ b/utils/regtests/testevent.sh
|
|
@@ -62,7 +62,7 @@ echo ""
|
|
|
|
for TYPE in "1" "2"
|
|
do
|
|
- for HALG in ${ITERATE_ALGS}
|
|
+ for HALG in ${ITERATE_ALGS_WITH_SHA1}
|
|
do
|
|
|
|
echo "Power cycle to reset IMA PCR"
|
|
diff --git a/utils/tss20.c b/utils/tss20.c
|
|
index c778069..6b1e79b 100644
|
|
--- a/utils/tss20.c
|
|
+++ b/utils/tss20.c
|
|
@@ -112,6 +112,7 @@ struct TSS_HMAC_CONTEXT {
|
|
|
|
/* functions for command pre- and post- processing */
|
|
|
|
+typedef TPM_RC (*TSS_CheckParametersFunction_t)(COMMAND_PARAMETERS *in);
|
|
typedef TPM_RC (*TSS_PreProcessFunction_t)(TSS_CONTEXT *tssContext,
|
|
COMMAND_PARAMETERS *in,
|
|
EXTRA_PARAMETERS *extra);
|
|
@@ -238,11 +239,378 @@ static TPM_RC TSS_PO_NV_ReadLock(TSS_CONTEXT *tssContext,
|
|
void *out,
|
|
void *extra);
|
|
|
|
+/*
|
|
+ Functions to check for usage of deprecated algorithms.
|
|
+*/
|
|
+
|
|
+static TPM_RC TSS_CheckSha1_PublicArea(TPMT_PUBLIC *publicArea)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (publicArea->nameAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (((publicArea->type == TPM_ALG_RSA) || (publicArea->type == TPM_ALG_ECC)) &&
|
|
+ (publicArea->parameters.asymDetail.scheme.scheme != TPM_ALG_NULL) &&
|
|
+ (publicArea->parameters.asymDetail.scheme.details.anySig.hashAlg == TPM_ALG_SHA1)) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CheckSha1_SigScheme(TPMT_SIG_SCHEME *sigScheme)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (sigScheme->details.any.hashAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_StartAuthSession(StartAuthSession_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (in->authHash == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_Create(Create_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_PublicArea(&in->inPublic.publicArea);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_Load(Load_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_PublicArea(&in->inPublic.publicArea);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_LoadExternal(LoadExternal_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_PublicArea(&in->inPublic.publicArea);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_CreateLoaded(CreateLoaded_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+ uint32_t size = sizeof(in->inPublic.t.buffer);
|
|
+ uint8_t *buffer = in->inPublic.t.buffer;
|
|
+ TPMT_PUBLIC publicArea;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_TPMT_PUBLIC_Unmarshalu(&publicArea, &buffer, &size, TRUE);
|
|
+ }
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_PublicArea(&publicArea);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_Import(Import_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_PublicArea(&in->objectPublic.publicArea);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_RSA_Encrypt(RSA_Encrypt_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (in->inScheme.details.anySig.hashAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_RSA_Decrypt(RSA_Decrypt_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (in->inScheme.details.anySig.hashAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_Hash(Hash_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_HMAC(HMAC_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_HMAC_Start(HMAC_Start_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_HashSequenceStart(HashSequenceStart_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_Certify(Certify_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_CertifyX509(CertifyX509_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_CertifyCreation(CertifyCreation_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_Quote(Quote_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_GetSessionAuditDigest(GetSessionAuditDigest_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_GetCommandAuditDigest(GetCommandAuditDigest_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_GetTime(GetTime_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_VerifySignature(VerifySignature_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (in->signature.signature.any.hashAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_Sign(Sign_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_SetCommandCodeAuditStatus(SetCommandCodeAuditStatus_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (in->auditAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_PolicySigned(PolicySigned_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (in->auth.signature.any.hashAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_CreatePrimary(CreatePrimary_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_PublicArea(&in->inPublic.publicArea);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_SetPrimaryPolicy(SetPrimaryPolicy_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (in->hashAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_NV_DefineSpace(NV_DefineSpace_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ if (in->publicInfo.nvPublic.nameAlg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
+static TPM_RC TSS_CH_NV_Certify(NV_Certify_In *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_CheckSha1_SigScheme(&in->inScheme);
|
|
+ }
|
|
+
|
|
+ return rc;
|
|
+}
|
|
+
|
|
typedef struct TSS_TABLE {
|
|
- TPM_CC commandCode;
|
|
- TSS_PreProcessFunction_t preProcessFunction;
|
|
- TSS_ChangeAuthFunction_t changeAuthFunction;
|
|
- TSS_PostProcessFunction_t postProcessFunction;
|
|
+ TPM_CC commandCode;
|
|
+ TSS_CheckParametersFunction_t checkParametersFunction;
|
|
+ TSS_PreProcessFunction_t preProcessFunction;
|
|
+ TSS_ChangeAuthFunction_t changeAuthFunction;
|
|
+ TSS_PostProcessFunction_t postProcessFunction;
|
|
} TSS_TABLE;
|
|
|
|
/* This table indexes from the command to pre- and post- processing functions. A missing entry is
|
|
@@ -250,116 +618,116 @@ typedef struct TSS_TABLE {
|
|
|
|
static const TSS_TABLE tssTable [] = {
|
|
|
|
- {TPM_CC_Startup, NULL, NULL, NULL},
|
|
- {TPM_CC_Shutdown, NULL, NULL, NULL},
|
|
- {TPM_CC_SelfTest, NULL, NULL, NULL},
|
|
- {TPM_CC_IncrementalSelfTest, NULL, NULL, NULL},
|
|
- {TPM_CC_GetTestResult, NULL, NULL, NULL},
|
|
- {TPM_CC_StartAuthSession, (TSS_PreProcessFunction_t)TSS_PR_StartAuthSession, NULL, (TSS_PostProcessFunction_t)TSS_PO_StartAuthSession},
|
|
- {TPM_CC_PolicyRestart, NULL, NULL, NULL},
|
|
- {TPM_CC_Create, NULL, NULL, NULL},
|
|
- {TPM_CC_Load, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_Load},
|
|
- {TPM_CC_LoadExternal, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_LoadExternal},
|
|
- {TPM_CC_ReadPublic, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ReadPublic},
|
|
- {TPM_CC_ActivateCredential, NULL, NULL, NULL},
|
|
- {TPM_CC_MakeCredential, NULL, NULL, NULL},
|
|
- {TPM_CC_Unseal, NULL, NULL, NULL},
|
|
- {TPM_CC_ObjectChangeAuth, NULL, NULL, NULL},
|
|
- {TPM_CC_CreateLoaded, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreateLoaded},
|
|
- {TPM_CC_Duplicate, NULL, NULL, NULL},
|
|
- {TPM_CC_Rewrap, NULL, NULL, NULL},
|
|
- {TPM_CC_Import, NULL, NULL, NULL},
|
|
- {TPM_CC_RSA_Encrypt, NULL, NULL, NULL},
|
|
- {TPM_CC_RSA_Decrypt, NULL, NULL, NULL},
|
|
- {TPM_CC_ECDH_KeyGen, NULL, NULL, NULL},
|
|
- {TPM_CC_ECDH_ZGen, NULL, NULL, NULL},
|
|
- {TPM_CC_ECC_Parameters, NULL, NULL, NULL},
|
|
- {TPM_CC_ZGen_2Phase, NULL, NULL, NULL},
|
|
- {TPM_CC_EncryptDecrypt, NULL, NULL, NULL},
|
|
- {TPM_CC_EncryptDecrypt2, NULL, NULL, NULL},
|
|
- {TPM_CC_Hash, NULL, NULL, NULL},
|
|
- {TPM_CC_HMAC, NULL, NULL, NULL},
|
|
- {TPM_CC_GetRandom, NULL, NULL, NULL},
|
|
- {TPM_CC_StirRandom, NULL, NULL, NULL},
|
|
- {TPM_CC_HMAC_Start, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HMAC_Start},
|
|
- {TPM_CC_HashSequenceStart, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HashSequenceStart},
|
|
- {TPM_CC_SequenceUpdate, NULL, NULL, NULL},
|
|
- {TPM_CC_SequenceComplete, NULL,NULL, (TSS_PostProcessFunction_t)TSS_PO_SequenceComplete},
|
|
- {TPM_CC_EventSequenceComplete, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EventSequenceComplete},
|
|
- {TPM_CC_Certify, NULL, NULL, NULL},
|
|
- {TPM_CC_CertifyX509, NULL, NULL, NULL},
|
|
- {TPM_CC_CertifyCreation, NULL, NULL, NULL},
|
|
- {TPM_CC_Quote, NULL, NULL, NULL},
|
|
- {TPM_CC_GetSessionAuditDigest, NULL, NULL, NULL},
|
|
- {TPM_CC_GetCommandAuditDigest, NULL, NULL, NULL},
|
|
- {TPM_CC_GetTime, NULL, NULL, NULL},
|
|
- {TPM_CC_Commit, NULL, NULL, NULL},
|
|
- {TPM_CC_EC_Ephemeral, NULL, NULL, NULL},
|
|
- {TPM_CC_VerifySignature, NULL, NULL, NULL},
|
|
- {TPM_CC_Sign, NULL, NULL, NULL},
|
|
- {TPM_CC_SetCommandCodeAuditStatus, NULL, NULL, NULL},
|
|
- {TPM_CC_PCR_Extend, NULL, NULL, NULL},
|
|
- {TPM_CC_PCR_Event, NULL, NULL, NULL},
|
|
- {TPM_CC_PCR_Read, NULL, NULL, NULL},
|
|
- {TPM_CC_PCR_Allocate, NULL, NULL, NULL},
|
|
- {TPM_CC_PCR_SetAuthPolicy, NULL, NULL, NULL},
|
|
- {TPM_CC_PCR_SetAuthValue, NULL, NULL, NULL},
|
|
- {TPM_CC_PCR_Reset, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicySigned, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicySecret, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyTicket, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyOR, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyPCR, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyLocality, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyNV, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyAuthorizeNV, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyCounterTimer, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyCommandCode, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyPhysicalPresence, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyCpHash, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyNameHash, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyDuplicationSelect, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyAuthorize, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyAuthValue, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyAuthValue},
|
|
- {TPM_CC_PolicyPassword, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyPassword},
|
|
- {TPM_CC_PolicyGetDigest, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyNvWritten, NULL, NULL, NULL},
|
|
- {TPM_CC_PolicyTemplate, NULL, NULL, NULL},
|
|
- {TPM_CC_CreatePrimary, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreatePrimary},
|
|
- {TPM_CC_HierarchyControl, NULL, NULL, NULL},
|
|
- {TPM_CC_SetPrimaryPolicy, NULL, NULL, NULL},
|
|
- {TPM_CC_ChangePPS, NULL, NULL, NULL},
|
|
- {TPM_CC_ChangeEPS, NULL, NULL, NULL},
|
|
- {TPM_CC_Clear, NULL, NULL, NULL},
|
|
- {TPM_CC_ClearControl, NULL, NULL, NULL},
|
|
- {TPM_CC_HierarchyChangeAuth, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_HierarchyChangeAuth, NULL},
|
|
- {TPM_CC_DictionaryAttackLockReset, NULL, NULL, NULL},
|
|
- {TPM_CC_DictionaryAttackParameters, NULL, NULL, NULL},
|
|
- {TPM_CC_PP_Commands, NULL, NULL, NULL},
|
|
- {TPM_CC_SetAlgorithmSet, NULL, NULL, NULL},
|
|
- {TPM_CC_ContextSave, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextSave},
|
|
- {TPM_CC_ContextLoad, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextLoad},
|
|
- {TPM_CC_FlushContext, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_FlushContext},
|
|
- {TPM_CC_EvictControl, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EvictControl},
|
|
- {TPM_CC_ReadClock, NULL, NULL, NULL},
|
|
- {TPM_CC_ClockSet, NULL, NULL, NULL},
|
|
- {TPM_CC_ClockRateAdjust, NULL, NULL, NULL},
|
|
- {TPM_CC_GetCapability, NULL, NULL, NULL},
|
|
- {TPM_CC_TestParms, NULL, NULL, NULL},
|
|
- {TPM_CC_NV_DefineSpace, (TSS_PreProcessFunction_t)TSS_PR_NV_DefineSpace, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_DefineSpace},
|
|
- {TPM_CC_NV_UndefineSpace, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpace},
|
|
- {TPM_CC_NV_UndefineSpaceSpecial, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_UndefineSpaceSpecial, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpaceSpecial},
|
|
- {TPM_CC_NV_ReadPublic, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadPublic},
|
|
- {TPM_CC_NV_Write, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
|
- {TPM_CC_NV_Increment, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
|
- {TPM_CC_NV_Extend, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
|
- {TPM_CC_NV_SetBits, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
|
- {TPM_CC_NV_WriteLock, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_WriteLock},
|
|
- {TPM_CC_NV_GlobalWriteLock, NULL, NULL, NULL},
|
|
- {TPM_CC_NV_Read, NULL, NULL, NULL},
|
|
- {TPM_CC_NV_ReadLock, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadLock},
|
|
- {TPM_CC_NV_ChangeAuth, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_ChangeAuth, NULL},
|
|
- {TPM_CC_NV_Certify, NULL, NULL, NULL}
|
|
+ {TPM_CC_Startup, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_Shutdown, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_SelfTest, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_IncrementalSelfTest, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_GetTestResult, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_StartAuthSession, (TSS_CheckParametersFunction_t)TSS_CH_StartAuthSession, (TSS_PreProcessFunction_t)TSS_PR_StartAuthSession, NULL, (TSS_PostProcessFunction_t)TSS_PO_StartAuthSession},
|
|
+ {TPM_CC_PolicyRestart, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_Create, (TSS_CheckParametersFunction_t)TSS_CH_Create, NULL, NULL, NULL},
|
|
+ {TPM_CC_Load, (TSS_CheckParametersFunction_t)TSS_CH_Load, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_Load},
|
|
+ {TPM_CC_LoadExternal, (TSS_CheckParametersFunction_t)TSS_CH_LoadExternal, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_LoadExternal},
|
|
+ {TPM_CC_ReadPublic, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ReadPublic},
|
|
+ {TPM_CC_ActivateCredential, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_MakeCredential, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_Unseal, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_ObjectChangeAuth, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_CreateLoaded, (TSS_CheckParametersFunction_t)TSS_CH_CreateLoaded, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreateLoaded},
|
|
+ {TPM_CC_Duplicate, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_Rewrap, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_Import, (TSS_CheckParametersFunction_t)TSS_CH_Import, NULL, NULL, NULL},
|
|
+ {TPM_CC_RSA_Encrypt, (TSS_CheckParametersFunction_t)TSS_CH_RSA_Encrypt, NULL, NULL, NULL},
|
|
+ {TPM_CC_RSA_Decrypt, (TSS_CheckParametersFunction_t)TSS_CH_RSA_Decrypt, NULL, NULL, NULL},
|
|
+ {TPM_CC_ECDH_KeyGen, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_ECDH_ZGen, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_ECC_Parameters, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_ZGen_2Phase, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_EncryptDecrypt, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_EncryptDecrypt2, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_Hash, (TSS_CheckParametersFunction_t)TSS_CH_Hash, NULL, NULL, NULL},
|
|
+ {TPM_CC_HMAC, (TSS_CheckParametersFunction_t)TSS_CH_HMAC, NULL, NULL, NULL},
|
|
+ {TPM_CC_GetRandom, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_StirRandom, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_HMAC_Start, (TSS_CheckParametersFunction_t)TSS_CH_HMAC_Start, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HMAC_Start},
|
|
+ {TPM_CC_HashSequenceStart, (TSS_CheckParametersFunction_t)TSS_CH_HashSequenceStart, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HashSequenceStart},
|
|
+ {TPM_CC_SequenceUpdate, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_SequenceComplete, NULL, NULL,NULL, (TSS_PostProcessFunction_t)TSS_PO_SequenceComplete},
|
|
+ {TPM_CC_EventSequenceComplete, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EventSequenceComplete},
|
|
+ {TPM_CC_Certify, (TSS_CheckParametersFunction_t)TSS_CH_Certify, NULL, NULL, NULL},
|
|
+ {TPM_CC_CertifyX509, (TSS_CheckParametersFunction_t)TSS_CH_CertifyX509, NULL, NULL, NULL},
|
|
+ {TPM_CC_CertifyCreation, (TSS_CheckParametersFunction_t)TSS_CH_CertifyCreation, NULL, NULL, NULL},
|
|
+ {TPM_CC_Quote, (TSS_CheckParametersFunction_t)TSS_CH_Quote, NULL, NULL, NULL},
|
|
+ {TPM_CC_GetSessionAuditDigest, (TSS_CheckParametersFunction_t)TSS_CH_GetSessionAuditDigest, NULL, NULL, NULL},
|
|
+ {TPM_CC_GetCommandAuditDigest, (TSS_CheckParametersFunction_t)TSS_CH_GetCommandAuditDigest, NULL, NULL, NULL},
|
|
+ {TPM_CC_GetTime, (TSS_CheckParametersFunction_t)TSS_CH_GetTime, NULL, NULL, NULL},
|
|
+ {TPM_CC_Commit, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_EC_Ephemeral, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_VerifySignature, (TSS_CheckParametersFunction_t)TSS_CH_VerifySignature, NULL, NULL, NULL},
|
|
+ {TPM_CC_Sign, (TSS_CheckParametersFunction_t)TSS_CH_Sign, NULL, NULL, NULL},
|
|
+ {TPM_CC_SetCommandCodeAuditStatus, (TSS_CheckParametersFunction_t)TSS_CH_SetCommandCodeAuditStatus, NULL, NULL, NULL},
|
|
+ {TPM_CC_PCR_Extend, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PCR_Event, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PCR_Read, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PCR_Allocate, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PCR_SetAuthPolicy, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PCR_SetAuthValue, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PCR_Reset, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicySigned, (TSS_CheckParametersFunction_t)TSS_CH_PolicySigned, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicySecret, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyTicket, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyOR, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyPCR, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyLocality, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyNV, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyAuthorizeNV, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyCounterTimer, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyCommandCode, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyPhysicalPresence, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyCpHash, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyNameHash, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyDuplicationSelect, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyAuthorize, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyAuthValue, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyAuthValue},
|
|
+ {TPM_CC_PolicyPassword, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyPassword},
|
|
+ {TPM_CC_PolicyGetDigest, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyNvWritten, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PolicyTemplate, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_CreatePrimary, (TSS_CheckParametersFunction_t)TSS_CH_CreatePrimary, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreatePrimary},
|
|
+ {TPM_CC_HierarchyControl, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_SetPrimaryPolicy, (TSS_CheckParametersFunction_t)TSS_CH_SetPrimaryPolicy, NULL, NULL, NULL},
|
|
+ {TPM_CC_ChangePPS, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_ChangeEPS, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_Clear, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_ClearControl, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_HierarchyChangeAuth, NULL, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_HierarchyChangeAuth, NULL},
|
|
+ {TPM_CC_DictionaryAttackLockReset, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_DictionaryAttackParameters, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_PP_Commands, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_SetAlgorithmSet, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_ContextSave, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextSave},
|
|
+ {TPM_CC_ContextLoad, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextLoad},
|
|
+ {TPM_CC_FlushContext, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_FlushContext},
|
|
+ {TPM_CC_EvictControl, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EvictControl},
|
|
+ {TPM_CC_ReadClock, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_ClockSet, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_ClockRateAdjust, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_GetCapability, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_TestParms, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_NV_DefineSpace, (TSS_CheckParametersFunction_t)TSS_CH_NV_DefineSpace, (TSS_PreProcessFunction_t)TSS_PR_NV_DefineSpace, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_DefineSpace},
|
|
+ {TPM_CC_NV_UndefineSpace, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpace},
|
|
+ {TPM_CC_NV_UndefineSpaceSpecial, NULL, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_UndefineSpaceSpecial, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpaceSpecial},
|
|
+ {TPM_CC_NV_ReadPublic, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadPublic},
|
|
+ {TPM_CC_NV_Write, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
|
+ {TPM_CC_NV_Increment, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
|
+ {TPM_CC_NV_Extend, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
|
+ {TPM_CC_NV_SetBits, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write},
|
|
+ {TPM_CC_NV_WriteLock, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_WriteLock},
|
|
+ {TPM_CC_NV_GlobalWriteLock, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_NV_Read, NULL, NULL, NULL, NULL},
|
|
+ {TPM_CC_NV_ReadLock, NULL, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadLock},
|
|
+ {TPM_CC_NV_ChangeAuth, NULL, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_ChangeAuth, NULL},
|
|
+ {TPM_CC_NV_Certify, (TSS_CheckParametersFunction_t)TSS_CH_NV_Certify, NULL, NULL, NULL}
|
|
};
|
|
|
|
#ifndef TPM_TSS_NO_PRINT
|
|
@@ -646,6 +1014,10 @@ static TPM_RC TSS_Command_ChangeAuthProcessor(TSS_CONTEXT *tssContext,
|
|
COMMAND_PARAMETERS *in);
|
|
#endif /* TPM_TSS_NOCRYPTO */
|
|
|
|
+#ifdef TPM_TSS_NODEPRECATEDALGS
|
|
+static TPM_RC TSS_Command_CheckParameters(TPM_CC commandCode,
|
|
+ COMMAND_PARAMETERS *in);
|
|
+#endif
|
|
static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext,
|
|
TPM_CC commandCode,
|
|
COMMAND_PARAMETERS *in,
|
|
@@ -688,6 +1060,12 @@ TPM_RC TSS_Execute20(TSS_CONTEXT *tssContext,
|
|
{
|
|
TPM_RC rc = 0;
|
|
|
|
+#ifdef TPM_TSS_NODEPRECATEDALGS
|
|
+ if (rc == 0) {
|
|
+ rc = TSS_Command_CheckParameters(commandCode, in);
|
|
+ }
|
|
+#endif
|
|
+
|
|
/* create a TSS authorization context */
|
|
if (rc == 0) {
|
|
TSS_InitAuthContext(tssContext->tssAuthContext);
|
|
@@ -3751,6 +4129,38 @@ static TPM_RC TSS_CA_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext,
|
|
return rc;
|
|
}
|
|
|
|
+#ifdef TPM_TSS_NODEPRECATEDALGS
|
|
+static TPM_RC TSS_Command_CheckParameters(TPM_CC commandCode,
|
|
+ COMMAND_PARAMETERS *in)
|
|
+{
|
|
+ TPM_RC rc = 0;
|
|
+ size_t index;
|
|
+ int found;
|
|
+ TSS_CheckParametersFunction_t checkParametersFunction = NULL;
|
|
+
|
|
+ /* search the table for a check parameters function */
|
|
+ if (rc == 0) {
|
|
+ found = FALSE;
|
|
+ for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) {
|
|
+ if (tssTable[index].commandCode == commandCode) {
|
|
+ found = TRUE;
|
|
+ break; /* don't increment index if found */
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+ /* found false means there is no check parameters function. This permits the table to be smaller
|
|
+ if desired. */
|
|
+ if ((rc == 0) && found) {
|
|
+ checkParametersFunction = tssTable[index].checkParametersFunction;
|
|
+ /* call the check parameters function if there is one */
|
|
+ if (checkParametersFunction != NULL) {
|
|
+ rc = checkParametersFunction(in);
|
|
+ }
|
|
+ }
|
|
+ return rc;
|
|
+}
|
|
+#endif
|
|
+
|
|
/*
|
|
Command Pre-Processor
|
|
*/
|
|
diff --git a/utils/tsscryptoh.c b/utils/tsscryptoh.c
|
|
index 197549d..52f4616 100644
|
|
--- a/utils/tsscryptoh.c
|
|
+++ b/utils/tsscryptoh.c
|
|
@@ -454,7 +454,14 @@ TPM_RC TSS_RSA_padding_add_PKCS1_OAEP(unsigned char *em, uint32_t emLen,
|
|
unsigned char *maskedSeed;
|
|
|
|
uint16_t hlen = TSS_GetDigestSize(halg);
|
|
- em[0] = 0x00; /* firsr byte is 0x00 per the standard */
|
|
+ em[0] = 0x00; /* first byte is 0x00 per the standard */
|
|
+#ifdef TPM_TSS_NODEPRECATEDALGS
|
|
+ if (rc == 0) {
|
|
+ if (halg == TPM_ALG_SHA1) {
|
|
+ rc = TSS_RC_BAD_HASH_ALGORITHM;
|
|
+ }
|
|
+ }
|
|
+#endif
|
|
/* 1.a. If the length of L is greater than the input limitation for */
|
|
/* the hash function (2^61-1 octets for SHA-1) then output "parameter */
|
|
/* string too long" and stop. */
|
|
--
|
|
2.34.3
|
|
|